• Mikulas Patocka's avatar
    dm crypt: limit the number of allocated pages · 79fbd052
    Mikulas Patocka authored
    commit 5059353d upstream.
    
    dm-crypt consumes an excessive amount memory when the user attempts to
    zero a dm-crypt device with "blkdiscard -z". The command "blkdiscard -z"
    calls the BLKZEROOUT ioctl, it goes to the function __blkdev_issue_zeroout,
    __blkdev_issue_zeroout sends a large amount of write bios that contain
    the zero page as their payload.
    
    For each incoming page, dm-crypt allocates another page that holds the
    encrypted data, so when processing "blkdiscard -z", dm-crypt tries to
    allocate the amount of memory that is equal to the size of the device.
    This can trigger OOM killer or cause system crash.
    
    Fix this by limiting the amount of memory that dm-crypt allocates to 2%
    of total system memory. This limit is system-wide and is divided by the
    number of active dm-crypt devices and each device receives an equal
    share.
    
    Cc: stable@vger.kernel.org
    Signed-off-by: default avatarMikulas Patocka <mpatocka@redhat.com>
    Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
    Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    79fbd052
dm-crypt.c 79 KB