Jann Horn <jannh@xxxxxxxxxx> wrote: > > > This means that a namespace admin (iow, an unprivileged user) can > > > allocate 1MB of unswappable kmalloc memory per userspace task, right? > > > Using userfaultfd or FUSE, you can then stall the task as long as you > > > want while it has that allocation. Is that problematic, or is that > > > normal? > > > > That's not exactly the case. A userspace task can make a temporary > > allocation, but unless the filesystem grabs it, it's released again on exit > > from the system call. > > That's what I said. Sorry, I wasn't clear what you meant. I assumed you were thinking it was then automatically attached to the context, say: fd = fsopen("fuse", 0); fsconfig(fd, fsconfig_set_binary, "foo", buffer, size); > Each userspace task can make a 1MB allocation by calling this syscall, and > this temporary allocation stays allocated until the end of the syscall. But > the runtime of the syscall is unbounded - even just the memdup_user_nul() > can stall forever if the copy_from_user() call inside it faults on e.g. a > userfault region or a memory-mapped file from a FUSE filesystem. Okay, I see what you're getting at. Note that this affects other syscalls too, keyctl, module loading and read() with readahead for example. Not sure what the answer should be. David -- To unsubscribe from this list: send the line "unsubscribe linux-api" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html