Received: by 2002:a05:6a10:1287:0:0:0:0 with SMTP id d7csp4826465pxv; Tue, 20 Jul 2021 12:20:29 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzlX3VrQ4AlrZy/+547SYlw4c6D9+4OnStqsX4o91uFgrK9+ESL8MnNsL9j50VygBu3cPmQ X-Received: by 2002:aa7:c4c7:: with SMTP id p7mr42419414edr.290.1626808829549; Tue, 20 Jul 2021 12:20:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1626808829; cv=none; d=google.com; s=arc-20160816; b=KYeFw/J/S0pXRqlYj4ErlJgLJFz7KPlvpOd86vhOdZAp/j5z/z+O5kPSgbUSZWgEZw Mxyfy974J0Disjw5fkWKkzJapfw3NomR0QanSxpEnoHfB2OYY2zIV7O5y37V6UO0Rueb jxzGdcShS4Mo2ZDqCwD7EFL+PV4OkglyPlShAWA6R41Vn6bsg2fq7918iQGRAqLAsL22 j+tIELIcxXha2ntJ6mcBFpWGUMh2AS0j471hJZacPoNrZZy9ZfDh/TcHnXePqVAXDFN7 VV3CLKH30bYr/ikk4uzZaGnl4eDVVdD6f4YJ45levBaA/jcsemwahaNp50Tpp3ZrHY/F yKAg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=07bx4NkLdn3YQo/4PUJkMzmndAbRZde3u9NpVjJE6Xo=; b=w1mHq1ZSUh2hUr8Qs139O53Lq9OUYFI4Yl9HBlsS2zijkjPjMy1hF1EQzW3npb4CdT WkHmw+cbA15P2q0X3/wv3OSqLf3TcfwF2PpynbBewJdcj0Wdbu0bzuphB4A8Y+EoKWkN Ku4wpQxAyQKHTsFNGiEPbY1JNT2O8gP1VwNJk5nmZn4uHAZSWwzCyCbYSfTNLqISwo+q U/ZxYU1HxnbqfDEjjjUAcslXjlpVevCpEGQEWwHzGiLaX+P/ZGG7qbOOnSCspe3mQPa/ Gn3y39C7h1YdG4bLivAxxC67xg8bw3+jlBxmo/RhFt7dDMcPOL3U5bVIoaSqb0ruBJLt coAQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=jH4ofDKi; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id o19si22158257ejm.312.2021.07.20.12.20.05; Tue, 20 Jul 2021 12:20:29 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=jH4ofDKi; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233590AbhGTSfj (ORCPT + 99 others); Tue, 20 Jul 2021 14:35:39 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51364 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233417AbhGTSfU (ORCPT ); Tue, 20 Jul 2021 14:35:20 -0400 Received: from mail-lj1-x233.google.com (mail-lj1-x233.google.com [IPv6:2a00:1450:4864:20::233]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 13A37C061762 for ; Tue, 20 Jul 2021 12:15:50 -0700 (PDT) Received: by mail-lj1-x233.google.com with SMTP id c23so3538812ljr.8 for ; Tue, 20 Jul 2021 12:15:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=07bx4NkLdn3YQo/4PUJkMzmndAbRZde3u9NpVjJE6Xo=; b=jH4ofDKiNAS6wninS1QG7BNfZTXGP6Tjxgvi8PtuyJ6A+fotRAxZpfxIuSyfOhDioS YlVz47P5bm5noadpORW7KP+FGm+QeNQJgSNXvF0keEyMaWzBtmnREHD5qMKGleIBjg2f gxySo7z5fJG5Y19umoVFApZQYQ0XlZNnfRMjz74qsbN0pvxhzG/iDg0+/IljYPmeY2ZY jjC8QCa0cP2aigYvOhYGzms8xO0zLIJfbJkRM2U84pKDUB3UZRbXq5uP0qoUsDpC6WAk n0hQ1Z54IU4MX/hy7VDhOw5UE6Wy7zhHbvxC6KcS/l2UPpwR42Hl1ZTnw8ZMi2wpwYUl AKqQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=07bx4NkLdn3YQo/4PUJkMzmndAbRZde3u9NpVjJE6Xo=; b=ORVJOeqV+ir0MQb49SEgRksh/0t5H7XhQu6kC/1Ih6QuDRpndw74C24FGFvxwUI/SC ggol4nZYFue9YTFsiwVj6hHPBjzNQqPmOXibNbP6x0m2+pKeVoPJni8i8URHrkMji1Of LB4ugm1g+zJNQRTWives1ckPfdLMBEup8qlMZTOQxiwibsFGY7z/Q9FnsqHcsuZ5WXKj Mzxa4QdTJF11JMJZqAgdghZaKx3860qEz6UQbgUFYxm2UGzq7pWYUK6N7hLLD4pRaj+z JB0CDIkwEE0VzNqmb6BweNoHK8C2gGmlwKBCJ8K5dXhnx43Z1oAOWP/em7IgEvIu2Avt TsNw== X-Gm-Message-State: AOAM531CmeGLZHwvAh3/7qFpP+n3JVfTVfdsYAMHREGoWO9h4Mfe/u2C Q9iqFDbS57V7HCW/cMo1jeJIJzlwXMNsCThzMJtByQ== X-Received: by 2002:a05:651c:1213:: with SMTP id i19mr22595466lja.81.1626808548122; Tue, 20 Jul 2021 12:15:48 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Shakeel Butt Date: Tue, 20 Jul 2021 12:15:37 -0700 Message-ID: Subject: Re: [PATCH v5 13/16] memcg: enable accounting for signals To: Vasily Averin Cc: Andrew Morton , Cgroups , Michal Hocko , Johannes Weiner , Vladimir Davydov , Roman Gushchin , Jens Axboe , "Eric W. Biederman" , Oleg Nesterov , LKML Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Jul 19, 2021 at 3:46 AM Vasily Averin wrote: > > When a user send a signal to any another processes it forces the kernel > to allocate memory for 'struct sigqueue' objects. The number of signals > is limited by RLIMIT_SIGPENDING resource limit, but even the default > settings allow each user to consume up to several megabytes of memory. > Moreover, an untrusted admin inside container can increase the limit or > create new fake users and force them to sent signals. > > It makes sense to account for these allocations to restrict the host's > memory consumption from inside the memcg-limited container. > > Signed-off-by: Vasily Averin It seems like there is an agreement on this patch with the updated commit message. In next version you can add: Reviewed-by: Shakeel Butt