Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp4310448ybi;
        Mon, 29 Jul 2019 23:41:45 -0700 (PDT)
X-Google-Smtp-Source: APXvYqxj3WrNPzqUkOXqeUhmmvYr4R95HWmjdVryHLZRB6/1iaXkRInQtcp11S1dcXSPUbfpbqXu
X-Received: by 2002:a17:902:4222:: with SMTP id g31mr39237479pld.41.1564468905092;
        Mon, 29 Jul 2019 23:41:45 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1564468905; cv=none;
        d=google.com; s=arc-20160816;
        b=huIPXXb/kEFAx1SATWU7iP5bjDoqsUBiHlbETEyUjRjK4LxSIzyMiRml7QSdhjRd6Y
         +kOqBVeDn6l74w5nNDBwtKN07uKgj4kIOUyMn8bxEJU50tLcPXjx0pfNY76swbbAE+gg
         D98cEbxPOPwyDEn7T6LrpAyrjD+ch+54qzKH7uBl/BD7UXsQEk19ze1uBxVgRupWOHLB
         lIKPcM4cLHF+VbeMGwr7ZDxINX3iFl1RQbb5UuwuLRa1iPmiS3giIZRlFQ0kXPq4vv9S
         7YCYiOG9eKcVWojVxNTu4Eo+BHjrVAIZt3PPptbqluMV1zr21Y70PXnjIJw57cUW2hvC
         bU4A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=rsmTHOP0TZ2VgqmUrzlJZZEsnURX6OKJLy10IZcBiCk=;
        b=N5ypHeKt+7JNJ5m43elWppBmXoXeajaAmsIrF82t8aYhQIquBqyq4aNvt5o4tnIfdt
         KZXpobxJED3IMUY0IlIOD8hAnkPMqX0NNRq1oHJg4BQDK+vTt7Yg3yizsLcU8hiFsOuO
         GZRE+MN2higrLziOPEVan8eLA1tRvVBtGaYYVJGCC//+8viNtc0+eZIveDoDuLAITNYA
         CAlnwRHU4o9bJEpR07faQKuVTwQ1QRFa2RO4Vwgudph1SePG2plcO76tKkYLcZEbCRMr
         /r4sSl9w/DYumCmGPIVT6+ibup/JFuG4vye5K1C6OZkDm0TfpMp/hSJPNZEEqO3TMxHm
         Co1A==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=1FOxChOk;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id l1si27970711pgt.137.2019.07.29.23.41.30;
        Mon, 29 Jul 2019 23:41:45 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=1FOxChOk;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S2390888AbfG2Txt (ORCPT <rfc822;rao.subba.venkata@gmail.com>
        + 99 others); Mon, 29 Jul 2019 15:53:49 -0400
Received: from mail.kernel.org ([198.145.29.99]:45432 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S2403978AbfG2TxP (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 29 Jul 2019 15:53:15 -0400
Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id 1617221655;
        Mon, 29 Jul 2019 19:53:14 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1564429994;
        bh=xB2H3tfFN4AhLC7vXs7vXxb6XWm8rStXOPLz45k1tQQ=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=1FOxChOken1tTEXu4CLDueTIJMxgl9EDIOK70CvRTwUvFbqd1Wp4Dw9iveITW43Em
         RmyJ6/mmn7UC/ALRHXq4KwOITqQwlRu/077s99+RAIJ6qwa/EcMwnoMbDyeW6cfLN6
         fp7P9uJl2VVUpKUTT0LkoYUFTelyFZyH7r/qe2QY=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Shakeel Butt <shakeelb@google.com>,
        Roman Gushchin <guro@fb.com>, Jan Kara <jack@suse.cz>,
        Johannes Weiner <hannes@cmpxchg.org>,
        Vladimir Davydov <vdavydov.dev@gmail.com>,
        Michal Hocko <mhocko@suse.com>,
        Amir Goldstein <amir73il@gmail.com>,
        Andrew Morton <akpm@linux-foundation.org>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        Sasha Levin <sashal@kernel.org>
Subject: [PATCH 5.2 155/215] memcg, fsnotify: no oom-kill for remote memcg charging
Date:   Mon, 29 Jul 2019 21:22:31 +0200
Message-Id: <20190729190806.652021662@linuxfoundation.org>
X-Mailer: git-send-email 2.22.0
In-Reply-To: <20190729190739.971253303@linuxfoundation.org>
References: <20190729190739.971253303@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

[ Upstream commit ec165450968b26298bd1c373de37b0ab6d826b33 ]

Commit d46eb14b735b ("fs: fsnotify: account fsnotify metadata to
kmemcg") added remote memcg charging for fanotify and inotify event
objects.  The aim was to charge the memory to the listener who is
interested in the events but without triggering the OOM killer.
Otherwise there would be security concerns for the listener.

At the time, oom-kill trigger was not in the charging path.  A parallel
work added the oom-kill back to charging path i.e.  commit 29ef680ae7c2
("memcg, oom: move out_of_memory back to the charge path").  So to not
trigger oom-killer in the remote memcg, explicitly add
__GFP_RETRY_MAYFAIL to the fanotigy and inotify event allocations.

Link: http://lkml.kernel.org/r/20190514212259.156585-2-shakeelb@google.com
Signed-off-by: Shakeel Butt <shakeelb@google.com>
Reviewed-by: Roman Gushchin <guro@fb.com>
Acked-by: Jan Kara <jack@suse.cz>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: Vladimir Davydov <vdavydov.dev@gmail.com>
Cc: Michal Hocko <mhocko@suse.com>
Cc: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 fs/notify/fanotify/fanotify.c        | 5 ++++-
 fs/notify/inotify/inotify_fsnotify.c | 8 ++++++--
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/fs/notify/fanotify/fanotify.c b/fs/notify/fanotify/fanotify.c
index b428c295d13f..5778d1347b35 100644
--- a/fs/notify/fanotify/fanotify.c
+++ b/fs/notify/fanotify/fanotify.c
@@ -288,10 +288,13 @@ struct fanotify_event *fanotify_alloc_event(struct fsnotify_group *group,
 	/*
 	 * For queues with unlimited length lost events are not expected and
 	 * can possibly have security implications. Avoid losing events when
-	 * memory is short.
+	 * memory is short. For the limited size queues, avoid OOM killer in the
+	 * target monitoring memcg as it may have security repercussion.
 	 */
 	if (group->max_events == UINT_MAX)
 		gfp |= __GFP_NOFAIL;
+	else
+		gfp |= __GFP_RETRY_MAYFAIL;
 
 	/* Whoever is interested in the event, pays for the allocation. */
 	memalloc_use_memcg(group->memcg);
diff --git a/fs/notify/inotify/inotify_fsnotify.c b/fs/notify/inotify/inotify_fsnotify.c
index 2fda08b2b885..d510223d302c 100644
--- a/fs/notify/inotify/inotify_fsnotify.c
+++ b/fs/notify/inotify/inotify_fsnotify.c
@@ -90,9 +90,13 @@ int inotify_handle_event(struct fsnotify_group *group,
 	i_mark = container_of(inode_mark, struct inotify_inode_mark,
 			      fsn_mark);
 
-	/* Whoever is interested in the event, pays for the allocation. */
+	/*
+	 * Whoever is interested in the event, pays for the allocation. Do not
+	 * trigger OOM killer in the target monitoring memcg as it may have
+	 * security repercussion.
+	 */
 	memalloc_use_memcg(group->memcg);
-	event = kmalloc(alloc_len, GFP_KERNEL_ACCOUNT);
+	event = kmalloc(alloc_len, GFP_KERNEL_ACCOUNT | __GFP_RETRY_MAYFAIL);
 	memalloc_unuse_memcg();
 
 	if (unlikely(!event)) {
-- 
2.20.1