Jens Axboe <axboe@xxxxxxxxx> writes:
> On 1/17/19 1:09 PM, Jens Axboe wrote:
>> On 1/17/19 1:03 PM, Jeff Moyer wrote:
>>> Jens Axboe <axboe@xxxxxxxxx> writes:
>>>
>>>> On 1/17/19 5:48 AM, Roman Penyaev wrote:
>>>>> On 2019-01-16 18:49, Jens Axboe wrote:
>>>>>
>>>>> [...]
>>>>>
>>>>>> +static int io_allocate_scq_urings(struct io_ring_ctx *ctx,
>>>>>> + struct io_uring_params *p)
>>>>>> +{
>>>>>> + struct io_sq_ring *sq_ring;
>>>>>> + struct io_cq_ring *cq_ring;
>>>>>> + size_t size;
>>>>>> + int ret;
>>>>>> +
>>>>>> + sq_ring = io_mem_alloc(struct_size(sq_ring, array, p->sq_entries));
>>>>>
>>>>> It seems that sq_entries, cq_entries are not limited at all. Can nasty
>>>>> app consume a lot of kernel pages calling io_setup_uring() from a loop
>>>>> passing random entries number? (or even better: decreasing entries
>>>>> number,
>>>>> in order to consume all pages orders with min number of loops).
>>>>
>>>> Yes, that's an oversight, we should have a limit in place. I'll add that.
>>>
>>> Can we charge the ring memory to the RLIMIT_MEMLOCK as well? I'd prefer
>>> not to repeat the mistake of fs.aio-max-nr.
>>
>> Sure, we can do that. With the ring limited in size (it's now 4k entries
>> at most), the amount of memory gobbled up by that is much smaller than
>> the fixed buffers. A max sized ring is about 256k of memory.
Per io_uring. Nothing prevents a user from calling io_uring_setup in a
loop and continuing to gobble up memory.
> One concern here is that, at least looking at my boxes, the default
> setting for RLIMIT_MEMLOCK is really low. I'd hate for everyone to run
> into issues using io_uring just because it seems to require root,
> because the memlock limit is so low.
>
> That's much less of a concern with the fixed buffers, since it's a more
> esoteric part of it. But everyone should be able to setup a few io_uring
> queues and use them without having to worry about failing due to an
> absurdly low RLIMIT_MEMLOCK.
>
> Comments?
Yeah, the default is 64k here. We should probably up that. I'd say we
either tackle the ridiculously low rlimits, or I guess we just go the
aio route and add a sysctl. :-\ I'll see what's involved in the
former.
-Jeff
