On Wed, Aug 13, 2025 at 1:20 AM Miklos Szeredi <miklos@xxxxxxxxxx> wrote:
>
> On Wed, 13 Aug 2025 at 01:02, Joanne Koong <joannelkoong@xxxxxxxxx> wrote:
>
> > My understanding of strictlimit is that it's a way of preventing
> > non-trusted filesystems from dirtying too many pages too quickly and
> > thus taking up too much bandwidth. It imposes stricter / more
> > conservative limits on how many pages a filesystem can dirty before it
> > gets forcibly throttled (the bulk of the logic happens in
> > balance_dirty_pages()). This is needed for fuse because fuse servers
> > may be unprivileged and malicious or buggy. The feature was introduced
> > in commit 5a53748568f7 ("mm/page-writeback.c: add strictlimit
>
> Hmm, the commit message says that temp pages were causing the issues
> that strictlimit is solving. So maybe now that temp pages are gone,
> strictlimit can also be removed?
That sounds good to me but I think it's a bit unclear / ambiguous what
the limit for unprivileged servers should be (eg whether it should be
more conservative than that of privileged servers).
I think there's an argument to be made that strictlimiting wouldn't
deter a motivated malicious user, they could start up hundreds of
servers and pollute RAM that way.
Maybe one option is to disable strictlimiting by default but provide a
sysctl that admins can set to enforce default strictlimiting on all
unprivileged fuse servers?
Thanks,
Joanne
>
> Thanks,
> Miklos
