On Mon 02-10-17 19:15:19, Shakeel Butt wrote: > The user space application can directly trigger the allocations > from eventpoll_epi and eventpoll_pwq slabs. A buggy or malicious > application can consume a significant amount of system memory by > triggering such allocations. Indeed we have seen in production > where a buggy application was leaking the epoll references and > causing a burst of eventpoll_epi and eventpoll_pwq slab > allocations. This patch opt-in the charging of eventpoll_epi > and eventpoll_pwq slabs. I am not objecting to the patch I would just like to understand the runaway case. ep_insert seems to limit the maximum number of watches to max_user_watches which should be ~4% of lowmem if I am following the code properly. pwq_cache should be bound by the number of watches as well, or am I misunderstanding the code? > Signed-off-by: Shakeel Butt <shakeelb@xxxxxxxxxx> > --- > fs/eventpoll.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/fs/eventpoll.c b/fs/eventpoll.c > index 2fabd19cdeea..a45360444895 100644 > --- a/fs/eventpoll.c > +++ b/fs/eventpoll.c > @@ -2329,11 +2329,11 @@ static int __init eventpoll_init(void) > > /* Allocates slab cache used to allocate "struct epitem" items */ > epi_cache = kmem_cache_create("eventpoll_epi", sizeof(struct epitem), > - 0, SLAB_HWCACHE_ALIGN | SLAB_PANIC, NULL); > + 0, SLAB_HWCACHE_ALIGN|SLAB_PANIC|SLAB_ACCOUNT, NULL); > > /* Allocates slab cache used to allocate "struct eppoll_entry" */ > pwq_cache = kmem_cache_create("eventpoll_pwq", > - sizeof(struct eppoll_entry), 0, SLAB_PANIC, NULL); > + sizeof(struct eppoll_entry), 0, SLAB_PANIC|SLAB_ACCOUNT, NULL); > > return 0; > } > -- > 2.14.2.822.g60be5d43e6-goog -- Michal Hocko SUSE Labs