Allow flock cache accounting to be disabled at build time.
Signed-off-by: Josh Poimboeuf <jpoimboe@xxxxxxxxxx>
---
fs/Kconfig | 15 +++++++++++++++
fs/locks.c | 2 +-
2 files changed, 16 insertions(+), 1 deletion(-)
diff --git a/fs/Kconfig b/fs/Kconfig
index a3159831ba98..591f54a03059 100644
--- a/fs/Kconfig
+++ b/fs/Kconfig
@@ -129,6 +129,21 @@ config FILE_LOCKING
for filesystems like NFS and for the flock() system
call. Disabling this option saves about 11k.
+config FLOCK_ACCOUNTING
+ bool "Enable kernel memory accounting for file locks" if EXPERT
+ depends on FILE_LOCKING
+ default y
+ help
+ This option enables kernel memory accounting for file locks. This
+ prevents task groups from exceeding their memcg allocation limits.
+ However, it may cause slowdowns in the flock() system call.
+
+ Disabling this option is not recommended as it may allow a rogue task
+ to DoS the system by forcing the kernel to allocate memory beyond the
+ task group's memcg limits.
+
+ If unsure, say Y.
+
source "fs/crypto/Kconfig"
source "fs/verity/Kconfig"
diff --git a/fs/locks.c b/fs/locks.c
index 235ac56c557d..e2799a18c4e8 100644
--- a/fs/locks.c
+++ b/fs/locks.c
@@ -2905,7 +2905,7 @@ static int __init proc_locks_init(void)
fs_initcall(proc_locks_init);
#endif
-static bool flock_accounting __ro_after_init = true;
+static bool flock_accounting __ro_after_init = IS_ENABLED(CONFIG_FLOCK_ACCOUNTING);
static int __init flock_accounting_cmdline(char *str)
{
--
2.43.0
