From: Michal Hocko <mhocko@kernel.org>
To: "Edgecombe, Rick P" <rick.p.edgecombe@intel.com>
Cc: "daniel@iogearbox.net" <daniel@iogearbox.net>,
"jeyu@kernel.org" <jeyu@kernel.org>,
"ard.biesheuvel@linaro.org" <ard.biesheuvel@linaro.org>,
"linux-fsdevel@vger.kernel.org" <linux-fsdevel@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"jannh@google.com" <jannh@google.com>,
"keescook@chromium.org" <keescook@chromium.org>,
"arjan@linux.intel.com" <arjan@linux.intel.com>,
"netdev@vger.kernel.org" <netdev@vger.kernel.org>,
"tglx@linutronix.de" <tglx@linutronix.de>,
"linux-mips@linux-mips.org" <linux-mips@linux-mips.org>,
"linux-s390@vger.kernel.org" <linux-s390@vger.kernel.org>,
"x86@kernel.org" <x86@kernel.org>,
"kristen@linux.intel.com" <kristen@linux.intel.com>,
"Dock, Deneen T" <deneen.t.dock@intel.com>,
"catalin.marinas@arm.com" <catalin.marinas@arm.com>,
"mingo@redhat.com" <mingo@redhat.com>,
"will.deacon@arm.com" <will.deacon@arm.com>,
"kernel-hardening@lists.openwall.com"
<kernel-hardening@lists.openwall.com>,
"bp@alien8.de" <bp@alien8.de>,
"Hansen, Dave" <dave.hansen@intel.com>,
"linux-arm-kernel@lists.infradead.org"
<linux-arm-kernel@lists.infradead.org>,
"davem@davemloft.net" <davem@davemloft.net>,
"linux-arch@vger.kernel.org" <linux-arch@vger.kernel.org>,
"arnd@arndb.de" <arnd@arndb.de>,
"sparclinux@vger.kernel.org" <sparclinux@vger.kernel.org>,
"alexei.starovoitov@gmail.com" <alexei.starovoitov@gmail.com>
Subject: Re: [PATCH RFC v3 0/3] Rlimit for module space
Date: Thu, 25 Oct 2018 16:18:35 +0200 [thread overview]
Message-ID: <20181025141835.GS18839@dhcp22.suse.cz> (raw)
In-Reply-To: <d1fec827d028168047eafbac56e8e47d37cf7fb5.camel@intel.com>
On Thu 25-10-18 01:01:44, Edgecombe, Rick P wrote:
[...]
> FWIW, cgroups seems like a better solution than rlimit to me too. Maybe you all
> already know, but it looks like the cgroups vmalloc charge is done in the main
> page allocator and counts against the whole kernel memory limit.
I am not sure I understand what you are saying but let me clarify that
vmalloc memory is accounted against memory cgroup associated with the
user context calling vmalloc. All you need to do is to add __GFP_ACCOUNT
to the gfp mask. The only challenge here is the charged memory life
cycle. When does it get deallocated? In the worst case the memory is not
tight to any user context and as such it doesn't get deallocated by
killing all processes which could lead to memcg limit exhaustion.
> A user may want
> to have a higher kernel limit than the module space size, so it seems it isn't
> enough by itself and some new limit would need to be added.
If there is another restriction on this memory then you are right.
--
Michal Hocko
SUSE Labs
prev parent reply other threads:[~2018-10-25 22:51 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-19 20:47 [PATCH RFC v3 0/3] Rlimit for module space Rick Edgecombe
2018-10-19 20:47 ` [PATCH v3 1/3] modules: Create arch versions of module alloc/free Rick Edgecombe
2018-10-19 20:47 ` [PATCH v3 2/3] modules: Create rlimit for module space Rick Edgecombe
2018-10-19 20:47 ` [PATCH v3 3/3] bpf: Add system wide BPF JIT limit Rick Edgecombe
2018-10-20 17:20 ` [PATCH RFC v3 0/3] Rlimit for module space Ard Biesheuvel
2018-10-22 23:06 ` Edgecombe, Rick P
2018-10-23 11:54 ` Ard Biesheuvel
2018-10-24 15:07 ` Jessica Yu
2018-10-24 16:04 ` Daniel Borkmann
2018-10-25 1:01 ` Edgecombe, Rick P
2018-10-25 14:18 ` Michal Hocko [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181025141835.GS18839@dhcp22.suse.cz \
--to=mhocko@kernel.org \
--cc=alexei.starovoitov@gmail.com \
--cc=ard.biesheuvel@linaro.org \
--cc=arjan@linux.intel.com \
--cc=arnd@arndb.de \
--cc=bp@alien8.de \
--cc=catalin.marinas@arm.com \
--cc=daniel@iogearbox.net \
--cc=dave.hansen@intel.com \
--cc=davem@davemloft.net \
--cc=deneen.t.dock@intel.com \
--cc=jannh@google.com \
--cc=jeyu@kernel.org \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=kristen@linux.intel.com \
--cc=linux-arch@vger.kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mips@linux-mips.org \
--cc=linux-s390@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=netdev@vger.kernel.org \
--cc=rick.p.edgecombe@intel.com \
--cc=sparclinux@vger.kernel.org \
--cc=tglx@linutronix.de \
--cc=will.deacon@arm.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).