Per-file OOM badness
Per-file OOM badness
Posted Jun 2, 2022 18:40 UTC (Thu) by NYKevin (subscriber, #129325)Parent article: Per-file OOM badness
> As a simple example, he said in the patch-series cover letter, a malicious process can call memfd_create(), then just write indefinitely to the resulting memfd; the memory consumed by the memfd will not be seen as belonging to the offending process so, when the memfd ends up consuming all of the available memory, the OOM killer will pass over that process. This sequence "can bring down any standard desktop system within seconds". Another problem area, he said, is graphics applications that allocate significant amounts of memory within the kernel for graphical resources.
That does not sound like a fixable problem in the general case. Can't the malicious process just create files in /dev/shm (either directly, or via shm_open(3)) instead? I find it hard to believe that the kernel can keep track of who created those files, and OOM killing the process won't even clean them up anyway.