> From: Jason Gunthorpe <jgg@xxxxxxxxxx> > Sent: Wednesday, October 26, 2022 2:12 AM > > Following the pattern of io_uring, perf, skb, and bpf iommfd will use > user->locked_vm for accounting pinned pages. Ensure the value is included > in the struct and export free_uid() as iommufd is modular. > > user->locked_vm is the good accounting to use for ulimit because it is > per-user, and the security sandboxing of locked pages is not supposed to > be per-process. Other places (vfio, vdpa and infiniband) have used > mm->pinned_vm and/or mm->locked_vm for accounting pinned pages, but > this > is only per-process and inconsistent with the new FOLL_LONGTERM users in > the kernel. > > Concurrent work is underway to try to put this in a cgroup, so everything > can be consistent and the kernel can provide a FOLL_LONGTERM limit that > actually provides security. > > Signed-off-by: Jason Gunthorpe <jgg@xxxxxxxxxx> Reviewed-by: Kevin Tian <kevin.tian@xxxxxxxxx>
