[Devel] [PATCH RHEL8 COMMIT] memcg: accounting for ldt_struct objects

Konstantin Khorenko khorenko at virtuozzo.com
Tue Apr 13 13:20:33 MSK 2021 

The commit is pushed to "branch-rh8-4.18.0-240.1.1.vz8.5.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh8-4.18.0-240.1.1.vz8.5.12
------>
commit 644fd3cb1ed55c01254a0cc50a5c7deb91225ffb
Author: Vasily Averin <vvs at virtuozzo.com>
Date:   Tue Apr 13 13:20:33 2021 +0300

    memcg: accounting for ldt_struct objects
    
    Unprivileged user inside memcg-limited container can create
    non-accounted multi-page kernel objects for LDT.
    
    Upper limit per mm:
    /* Maximum number of LDT entries supported. */
    define LDT_ENTRIES     8192
    /* The size of each LDT entry. */
    define LDT_ENTRY_SIZE  8
    
    8192 * 8 = 64kB * number_of_tasks
    so realistically this is in range of lower megabytes.
    
    There are legitimate workloads with hundreds of processes and there can
    be hundreds of workloads running on large machines.
    The unaccounted memory can cause isolation issues between the workloads
    particularly on highly utilized machines.
    
    https://jira.sw.ru/browse/PSBM-120694
    Signed-off-by: Vasily Averin <vvs at virtuozzo.com>
---
 arch/x86/kernel/ldt.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/arch/x86/kernel/ldt.c b/arch/x86/kernel/ldt.c
index e921b3d494d5..9edf5d442c1d 100644
--- a/arch/x86/kernel/ldt.c
+++ b/arch/x86/kernel/ldt.c
@@ -70,7 +70,7 @@ static struct ldt_struct *alloc_ldt_struct(unsigned int num_entries)
 	if (num_entries > LDT_ENTRIES)
 		return NULL;
 
-	new_ldt = kmalloc(sizeof(struct ldt_struct), GFP_KERNEL);
+	new_ldt = kmalloc(sizeof(struct ldt_struct), GFP_KERNEL_ACCOUNT);
 	if (!new_ldt)
 		return NULL;
 
@@ -84,9 +84,9 @@ static struct ldt_struct *alloc_ldt_struct(unsigned int num_entries)
 	 * than PAGE_SIZE.
 	 */
 	if (alloc_size > PAGE_SIZE)
-		new_ldt->entries = vzalloc(alloc_size);
+		new_ldt->entries = vzalloc_account(alloc_size);
 	else
-		new_ldt->entries = (void *)get_zeroed_page(GFP_KERNEL);
+		new_ldt->entries = (void *)get_zeroed_page(GFP_KERNEL_ACCOUNT);
 
 	if (!new_ldt->entries) {
 		kfree(new_ldt);

More information about the Devel mailing list