• Roman Gushchin's avatar
    mm: treat indirectly reclaimable memory as free in overcommit logic · d79f7aa4
    Roman Gushchin authored
    Indirectly reclaimable memory can consume a significant part of total
    memory and it's actually reclaimable (it will be released under actual
    memory pressure).
    
    So, the overcommit logic should treat it as free.
    
    Otherwise, it's possible to cause random system-wide memory allocation
    failures by consuming a significant amount of memory by indirectly
    reclaimable memory, e.g.  dentry external names.
    
    If overcommit policy GUESS is used, it might be used for denial of
    service attack under some conditions.
    
    The following program illustrates the approach.  It causes the kernel to
    allocate an unreclaimable kmalloc-256 chunk for each stat() call, so
    that at some point the overcommit logic may start blocking large
    allocation system-wide.
    
      int main()
      {
      	char buf[256];
      	unsigned long i;
      	struct stat statbuf;
    
      	buf[0] = '/';
      	for (i = 1; i < sizeof(buf); i++)
      		buf[i] = '_';
    
      	for (i = 0; 1; i++) {
      		sprintf(&buf[248], "%8lu", i);
      		stat(buf, &statbuf);
      	}
    
      	return 0;
      }
    
    This patch in combination with related indirectly reclaimable memory
    patches closes this issue.
    
    Link: http://lkml.kernel.org/r/20180313130041.8078-1-guro@fb.comSigned-off-by: default avatarRoman Gushchin <guro@fb.com>
    Reviewed-by: default avatarAndrew Morton <akpm@linux-foundation.org>
    Cc: Alexander Viro <viro@zeniv.linux.org.uk>
    Cc: Michal Hocko <mhocko@suse.com>
    Cc: Johannes Weiner <hannes@cmpxchg.org>
    Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    d79f7aa4
util.c 19.2 KB