Michal Hocko <mhocko@xxxxxxxxxx> wrote: > On Fri 28-12-18 17:55:24, Shakeel Butt wrote: > > The [ip,ip6,arp]_tables use x_tables_info internally and the underlying > > memory is already accounted to kmemcg. Do the same for ebtables. The > > syzbot, by using setsockopt(EBT_SO_SET_ENTRIES), was able to OOM the > > whole system from a restricted memcg, a potential DoS. > > What is the lifetime of these objects? Are they bound to any process? No, they are not. They are free'd only when userspace requests it or the netns is destroyed.
