Hello, On Mon, Feb 06, 2023 at 07:40:55PM -0400, Jason Gunthorpe wrote: > (a) kind of destroys the point of this as a sandboxing tool > > It is not so harmful to use memory that someone else has been charged > with allocating. > > But it is harmful to pin memory if someone else is charged for the > pin. It means it is unpredictable how much memory a sandbox can > actually lock down. > > Plus we have the double accounting problem, if 1000 processes in > different cgroups open the tmpfs and all pin the memory then cgroup A > will be charged 1000x for the memory and hit its limit, possibly > creating a DOS from less priv to more priv Let's hear what memcg people think about it. I'm not a fan of disassociating the ownership and locker of the same page but it is true that actively increasing locked consumption on a remote cgroup is awkward too. Thanks. -- tejun
