Re: [PATCH v5 13/16] memcg: enable accounting for signals

From: Shakeel Butt
Date: Tue Jul 20 2021 - 15:16:24 EST

Next message: Heiner Kallweit: "Re: [PATCH net v3] r8169: Avoid duplicate sysfs entry creation error"
Previous message: Babu Moger: "Re: [PATCH] x86/resctrl: Fix default monitoring groups reporting"
In reply to: Eric W. Biederman: "Re: [PATCH v5 13/16] memcg: enable accounting for signals"
Next in thread: Vasily Averin: "[PATCH v5 15/16] memcg: enable accounting for tty-related objects"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Jul 19, 2021 at 3:46 AM Vasily Averin <vvs@xxxxxxxxxxxxx> wrote:
>
> When a user send a signal to any another processes it forces the kernel
> to allocate memory for 'struct sigqueue' objects. The number of signals
> is limited by RLIMIT_SIGPENDING resource limit, but even the default
> settings allow each user to consume up to several megabytes of memory.
> Moreover, an untrusted admin inside container can increase the limit or
> create new fake users and force them to sent signals.
>
> It makes sense to account for these allocations to restrict the host's
> memory consumption from inside the memcg-limited container.
>
> Signed-off-by: Vasily Averin <vvs@xxxxxxxxxxxxx>

It seems like there is an agreement on this patch with the updated
commit message. In next version you can add:

Reviewed-by: Shakeel Butt <shakeelb@xxxxxxxxxx>

Next message: Heiner Kallweit: "Re: [PATCH net v3] r8169: Avoid duplicate sysfs entry creation error"
Previous message: Babu Moger: "Re: [PATCH] x86/resctrl: Fix default monitoring groups reporting"
In reply to: Eric W. Biederman: "Re: [PATCH v5 13/16] memcg: enable accounting for signals"
Next in thread: Vasily Averin: "[PATCH v5 15/16] memcg: enable accounting for tty-related objects"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]