On 12/7/2022 10:28 AM, Jason Gunthorpe wrote: > On Tue, Dec 06, 2022 at 01:55:47PM -0800, Steve Sistare wrote: >> The first task to pin any pages becomes the dma owner, and becomes the only >> task allowed to pin. This prevents an application from exceeding the >> initial task's RLIMIT_MEMLOCK by fork'ing and pinning in children. > > We do not need to play games with the RLIMIT here - RLIMIT is > inherently insecure and if fork is available then the process can blow > past the sandbox limit. There is nothing we can do to prevent this in > the kernel, so don't even try. > > iommufd offers the user based limit tracking which prevents this > properly. > > And we are working on cgroup based limit tracking that is the best > option to solve this problem. > > I would rather see us focus on the cgroup stuff than this. Yes, this is N/A for an iommufd framework that can enforce aggregate limits across a group of processes. - Steve
