Currently we don't account PMD page tables to the process. It can lead to local DoS: unprivileged user can allocate >500 MiB on x86_64 per process without being noticed by oom-killer or memory cgroup. Proposed fix adds accounting for PMD table the same way we account for PTE tables. There're few corner case in the accounting (see patch 2/2) which have not well tested yet. If anybody know any other cases we should handle, please let me know. Kirill A. Shutemov (2): mm: rename mm->nr_ptes to mm->nr_pgtables mm: account pmd page tables to the process Documentation/sysctl/vm.txt | 2 +- arch/x86/mm/pgtable.c | 13 ++++++++----- fs/proc/task_mmu.c | 2 +- include/linux/mm_types.h | 2 +- kernel/fork.c | 2 +- mm/debug.c | 4 ++-- mm/huge_memory.c | 10 +++++----- mm/hugetlb.c | 8 ++++++-- mm/memory.c | 6 ++++-- mm/mmap.c | 9 +++++++-- mm/oom_kill.c | 8 ++++---- 11 files changed, 40 insertions(+), 26 deletions(-) -- 2.1.4 -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>