Received: by 2002:a05:6a10:1287:0:0:0:0 with SMTP id d7csp3575325pxv;
        Mon, 19 Jul 2021 03:47:27 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJwZvKFBkbuYosc4CHz1DNIz0COvjFoFgL0Vxe38HAX3wL2aLREin4cXL2314BfrUuF138uH
X-Received: by 2002:a92:dc06:: with SMTP id t6mr2372879iln.231.1626691647751;
        Mon, 19 Jul 2021 03:47:27 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1626691647; cv=none;
        d=google.com; s=arc-20160816;
        b=Bl23XimDzwRYod6EKE7MQDXUZJqB/oBONckFf1jnhTST9k9L0oRy6j9ZUwTENSsvYz
         2v62ZBHXgn8ItFoDffX9u4zAI+UsVVLOqKo3W4UZvKrC4YaVdVM+VOekBHEt87zoYEYk
         nLy1MyaDewrTiRYwjpWxxXm+lwbG7fLamJE+IgydmdzwFWIIjTPcQ42vPo/EPY0rdov0
         LbIK6c74PK3HzkSD6BEZTpr3ay64PWszzFqtfYDCrNqJBRpmlqehfiY1RQWHiHHLujvY
         LzcP4IjS9L/LDqXRtwoxhB94auH6u0x86h5GTChVeVB1KCSoKMcyzMpVLKR6Js0wfZZv
         xztw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:content-language
         :in-reply-to:mime-version:user-agent:date:message-id:references:cc
         :to:subject:from:dkim-signature;
        bh=97E+pWsg1fRqSD4/pNq55qMVP3zQsBJJmg0TKYUHtmA=;
        b=ujftc1Nx1tm1VpMnfMwI2oE+FGr0/jTtMG5x6Ttozl0GEXXiIXesomPnA8hEB8P6KZ
         3XqTjmoQ5hyIhyaCan2SCMX9kcRj0qCd4vYBoP3I+mcEJqfDRZlN5MOFCKecbsJh4Z3y
         lofUGTMlLGUJ869FUoqGnSe1mAlCyLvasDO41BaQ1R6M45DmGOgfesEamzG3ZvjKm5NX
         6Ipijx+v7sSBrye+Ka8PGUbSmCStgHQcBw4aMtriz/AmgwdCccxnng7MXqNB/J7g1WPA
         tTI4Tz4+R4g5Rq9cfg2LqRVaU752Fyjjd94z9P7V5JHmjKqF12eQFo6zdLmqgQtlxNda
         ZE3g==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@virtuozzo.com header.s=relay header.b=bnoy8snE;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=virtuozzo.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id x3si20807025ion.71.2021.07.19.03.47.15;
        Mon, 19 Jul 2021 03:47:27 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@virtuozzo.com header.s=relay header.b=bnoy8snE;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=virtuozzo.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S236627AbhGSKF1 (ORCPT <rfc822;manjupatil.rnr@gmail.com>
        + 99 others); Mon, 19 Jul 2021 06:05:27 -0400
Received: from relay.sw.ru ([185.231.240.75]:44884 "EHLO relay.sw.ru"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S236557AbhGSKFG (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 19 Jul 2021 06:05:06 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
        d=virtuozzo.com; s=relay; h=Content-Type:MIME-Version:Date:Message-ID:Subject
        :From; bh=97E+pWsg1fRqSD4/pNq55qMVP3zQsBJJmg0TKYUHtmA=; b=bnoy8snEG7YOPop/cLE
        SrCz+IbDfRt+DLvfyz7GmopfWE/LrVQkLivZnhkP95Xtv8pqb/21NR9hTAvAO6/7dJcYolEFF8sie
        PAdNZRg0HRjv90KRRiZAPD+/Dea0VaGeaqXcqSM2mZ9lBFWNhyZiLwNOItaKjBTRLgQ+X6FLnXs=;
Received: from [10.93.0.56]
        by relay.sw.ru with esmtp (Exim 4.94.2)
        (envelope-from <vvs@virtuozzo.com>)
        id 1m5QmP-004RiA-LA; Mon, 19 Jul 2021 13:45:45 +0300
From:   Vasily Averin <vvs@virtuozzo.com>
Subject: [PATCH v5 13/16] memcg: enable accounting for signals
To:     Andrew Morton <akpm@linux-foundation.org>
Cc:     cgroups@vger.kernel.org, Michal Hocko <mhocko@kernel.org>,
        Shakeel Butt <shakeelb@google.com>,
        Johannes Weiner <hannes@cmpxchg.org>,
        Vladimir Davydov <vdavydov.dev@gmail.com>,
        Roman Gushchin <guro@fb.com>, Jens Axboe <axboe@kernel.dk>,
        "Eric W. Biederman" <ebiederm@xmission.com>,
        Oleg Nesterov <oleg@redhat.com>, linux-kernel@vger.kernel.org
References: <CALvZod66KF-8xKB1dyY2twizDE=svE8iXT_nqvsrfWg1a92f4A@mail.gmail.com>
 <cover.1626688654.git.vvs@virtuozzo.com>
Message-ID: <b19f065e-f3c9-2b20-2798-b60f0fc6b05f@virtuozzo.com>
Date:   Mon, 19 Jul 2021 13:45:44 +0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
 Thunderbird/78.11.0
MIME-Version: 1.0
In-Reply-To: <cover.1626688654.git.vvs@virtuozzo.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

When a user send a signal to any another processes it forces the kernel
to allocate memory for 'struct sigqueue' objects. The number of signals
is limited by RLIMIT_SIGPENDING resource limit, but even the default
settings allow each user to consume up to several megabytes of memory.
Moreover, an untrusted admin inside container can increase the limit or
create new fake users and force them to sent signals.

It makes sense to account for these allocations to restrict the host's
memory consumption from inside the memcg-limited container.

Signed-off-by: Vasily Averin <vvs@virtuozzo.com>
---
 kernel/signal.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kernel/signal.c b/kernel/signal.c
index a3229ad..8921c4a 100644
--- a/kernel/signal.c
+++ b/kernel/signal.c
@@ -4663,7 +4663,7 @@ void __init signals_init(void)
 {
 	siginfo_buildtime_checks();
 
-	sigqueue_cachep = KMEM_CACHE(sigqueue, SLAB_PANIC);
+	sigqueue_cachep = KMEM_CACHE(sigqueue, SLAB_PANIC | SLAB_ACCOUNT);
 }
 
 #ifdef CONFIG_KGDB_KDB
-- 
1.8.3.1