Received: by 2002:a05:6a10:1287:0:0:0:0 with SMTP id d7csp3575325pxv; Mon, 19 Jul 2021 03:47:27 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwZvKFBkbuYosc4CHz1DNIz0COvjFoFgL0Vxe38HAX3wL2aLREin4cXL2314BfrUuF138uH X-Received: by 2002:a92:dc06:: with SMTP id t6mr2372879iln.231.1626691647751; Mon, 19 Jul 2021 03:47:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1626691647; cv=none; d=google.com; s=arc-20160816; b=Bl23XimDzwRYod6EKE7MQDXUZJqB/oBONckFf1jnhTST9k9L0oRy6j9ZUwTENSsvYz 2v62ZBHXgn8ItFoDffX9u4zAI+UsVVLOqKo3W4UZvKrC4YaVdVM+VOekBHEt87zoYEYk nLy1MyaDewrTiRYwjpWxxXm+lwbG7fLamJE+IgydmdzwFWIIjTPcQ42vPo/EPY0rdov0 LbIK6c74PK3HzkSD6BEZTpr3ay64PWszzFqtfYDCrNqJBRpmlqehfiY1RQWHiHHLujvY LzcP4IjS9L/LDqXRtwoxhB94auH6u0x86h5GTChVeVB1KCSoKMcyzMpVLKR6Js0wfZZv xztw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:references:cc :to:subject:from:dkim-signature; bh=97E+pWsg1fRqSD4/pNq55qMVP3zQsBJJmg0TKYUHtmA=; b=ujftc1Nx1tm1VpMnfMwI2oE+FGr0/jTtMG5x6Ttozl0GEXXiIXesomPnA8hEB8P6KZ 3XqTjmoQ5hyIhyaCan2SCMX9kcRj0qCd4vYBoP3I+mcEJqfDRZlN5MOFCKecbsJh4Z3y lofUGTMlLGUJ869FUoqGnSe1mAlCyLvasDO41BaQ1R6M45DmGOgfesEamzG3ZvjKm5NX 6Ipijx+v7sSBrye+Ka8PGUbSmCStgHQcBw4aMtriz/AmgwdCccxnng7MXqNB/J7g1WPA tTI4Tz4+R4g5Rq9cfg2LqRVaU752Fyjjd94z9P7V5JHmjKqF12eQFo6zdLmqgQtlxNda ZE3g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@virtuozzo.com header.s=relay header.b=bnoy8snE; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=virtuozzo.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id x3si20807025ion.71.2021.07.19.03.47.15; Mon, 19 Jul 2021 03:47:27 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@virtuozzo.com header.s=relay header.b=bnoy8snE; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=virtuozzo.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236627AbhGSKF1 (ORCPT + 99 others); Mon, 19 Jul 2021 06:05:27 -0400 Received: from relay.sw.ru ([185.231.240.75]:44884 "EHLO relay.sw.ru" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236557AbhGSKFG (ORCPT ); Mon, 19 Jul 2021 06:05:06 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=virtuozzo.com; s=relay; h=Content-Type:MIME-Version:Date:Message-ID:Subject :From; bh=97E+pWsg1fRqSD4/pNq55qMVP3zQsBJJmg0TKYUHtmA=; b=bnoy8snEG7YOPop/cLE SrCz+IbDfRt+DLvfyz7GmopfWE/LrVQkLivZnhkP95Xtv8pqb/21NR9hTAvAO6/7dJcYolEFF8sie PAdNZRg0HRjv90KRRiZAPD+/Dea0VaGeaqXcqSM2mZ9lBFWNhyZiLwNOItaKjBTRLgQ+X6FLnXs=; Received: from [10.93.0.56] by relay.sw.ru with esmtp (Exim 4.94.2) (envelope-from ) id 1m5QmP-004RiA-LA; Mon, 19 Jul 2021 13:45:45 +0300 From: Vasily Averin Subject: [PATCH v5 13/16] memcg: enable accounting for signals To: Andrew Morton Cc: cgroups@vger.kernel.org, Michal Hocko , Shakeel Butt , Johannes Weiner , Vladimir Davydov , Roman Gushchin , Jens Axboe , "Eric W. Biederman" , Oleg Nesterov , linux-kernel@vger.kernel.org References: Message-ID: Date: Mon, 19 Jul 2021 13:45:44 +0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org When a user send a signal to any another processes it forces the kernel to allocate memory for 'struct sigqueue' objects. The number of signals is limited by RLIMIT_SIGPENDING resource limit, but even the default settings allow each user to consume up to several megabytes of memory. Moreover, an untrusted admin inside container can increase the limit or create new fake users and force them to sent signals. It makes sense to account for these allocations to restrict the host's memory consumption from inside the memcg-limited container. Signed-off-by: Vasily Averin --- kernel/signal.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/signal.c b/kernel/signal.c index a3229ad..8921c4a 100644 --- a/kernel/signal.c +++ b/kernel/signal.c @@ -4663,7 +4663,7 @@ void __init signals_init(void) { siginfo_buildtime_checks(); - sigqueue_cachep = KMEM_CACHE(sigqueue, SLAB_PANIC); + sigqueue_cachep = KMEM_CACHE(sigqueue, SLAB_PANIC | SLAB_ACCOUNT); } #ifdef CONFIG_KGDB_KDB -- 1.8.3.1