Currently we don't account PMD page tables to the process. It can lead to local DoS: unprivileged user can allocate >500 MiB on x86_64 per process without being noticed by oom-killer or memory cgroup.
Proposed fix adds accounting for PMD table the same way we account for PTE tables. There're few corner case in the accounting (see patch 2/2) which have not well tested yet. If anybody know any other cases we should handle, please let me know. Kirill A. Shutemov (2): mm: rename mm->nr_ptes to mm->nr_pgtables mm: account pmd page tables to the process Documentation/sysctl/vm.txt | 2 +- arch/x86/mm/pgtable.c | 13 ++++++++----- fs/proc/task_mmu.c | 2 +- include/linux/mm_types.h | 2 +- kernel/fork.c | 2 +- mm/debug.c | 4 ++-- mm/huge_memory.c | 10 +++++----- mm/hugetlb.c | 8 ++++++-- mm/memory.c | 6 ++++-- mm/mmap.c | 9 +++++++-- mm/oom_kill.c | 8 ++++---- 11 files changed, 40 insertions(+), 26 deletions(-) -- 2.1.4 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
