diff options
| author | Jason Gunthorpe <[email protected]> | 2022-11-29 16:29:30 -0400 |
|---|---|---|
| committer | Jason Gunthorpe <[email protected]> | 2022-11-30 20:16:49 -0400 |
| commit | ce5a23c835aa0f0a931b5bcde1e7811f951b0146 (patch) | |
| tree | e9f93ebc1cf810eba24affeb1b912a1d3002c7f9 /tools/perf/scripts/python/net_dropmonitor.py | |
| parent | 2ff4bed7fee72ba1abfcff5f11ae8f8e570353f2 (diff) | |
kernel/user: Allow user_struct::locked_vm to be usable for iommufd
Following the pattern of io_uring, perf, skb, and bpf, iommfd will use
user->locked_vm for accounting pinned pages. Ensure the value is included
in the struct and export free_uid() as iommufd is modular.
user->locked_vm is the good accounting to use for ulimit because it is
per-user, and the security sandboxing of locked pages is not supposed to
be per-process. Other places (vfio, vdpa and infiniband) have used
mm->pinned_vm and/or mm->locked_vm for accounting pinned pages, but this
is only per-process and inconsistent with the new FOLL_LONGTERM users in
the kernel.
Concurrent work is underway to try to put this in a cgroup, so everything
can be consistent and the kernel can provide a FOLL_LONGTERM limit that
actually provides security.
Link: https://lore.kernel.org/r/[email protected]
Reviewed-by: Kevin Tian <[email protected]>
Reviewed-by: Eric Auger <[email protected]>
Tested-by: Nicolin Chen <[email protected]>
Tested-by: Yi Liu <[email protected]>
Tested-by: Lixiao Yang <[email protected]>
Tested-by: Matthew Rosato <[email protected]>
Signed-off-by: Jason Gunthorpe <[email protected]>
Diffstat (limited to 'tools/perf/scripts/python/net_dropmonitor.py')
0 files changed, 0 insertions, 0 deletions