Hi Maxime,
Thanks for the suggestion — that makes sense. Accounting the property blob allocation via GFP_ACCOUNT addresses the problem at the right layer by charging memory usage to the caller’s memcg, instead of introducing additional per-file limits or policy in DRM. This ensures that excessive allocations are contained within the offending cgroup and handled by memcg OOM, avoiding system-wide impact. I agree this is a cleaner approach and will respin the patch accordingly. BR, Xiao ---Original--- From: "Maxime Ripard"<[email protected]> Date: Mon, Jan 5, 2026 18:36 PM To: "Xiao Kan"<[email protected]>; Cc: "maarten.lankhorst"<[email protected]>;"tzimmermann"<[email protected]>;"airlied"<[email protected]>;"simona"<[email protected]>;"dri-devel"<[email protected]>;"linux-kernel"<[email protected]>;"w"<[email protected]>;"security"<[email protected]>;"kanxiao666"<[email protected]>;"xiao.kan"<[email protected]>; Subject: Re: [PATCH] drm: limit property blob creation per file Hi, On Sat, Jan 03, 2026 at 10:25:29AM -0500, Xiao Kan wrote: > DRM_IOCTL_MODE_CREATEPROPBLOB allows userspace to create property blobs > whose lifetime is scoped to a drm_file. > > Currently, a single drm_file may create an unbounded number of blobs. > Repeated ioctl calls can trigger unbounded kernel memory allocation and > lead to OOM, resulting in a denial-of-service. > > Introduce a per-drm_file limit on the number of user-created property > blobs. The limit is enforced at the point where a blob becomes associated > with a drm_file, matching the existing ownership and lifetime model. > This bounds per-file allocations while the total number of DRM file > descriptors remains constrained by existing kernel limits. > > Signed-off-by: Xiao Kan <[email protected]> > Signed-off-by: Xiao Kan <[email protected]> Wouldn't it make more sense to account the allocation in memcg by passing GFP_ACCOUNT to the kvzalloc call in drm_property_create_blob? Maxime
