[Devel] [PATCH RHEL8 COMMIT] memcg: Enable accounting for new namespaces and struct nsproxy
Konstantin Khorenko
khorenko at virtuozzo.com
Tue Apr 20 19:35:00 MSK 2021
The commit is pushed to "branch-rh8-4.18.0-240.1.1.vz8.5.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh8-4.18.0-240.1.1.vz8.5.18
------>
commit 0cbc79c3da77165494277938bbfd00825af01b1a
Author: Vasily Averin <vvs at virtuozzo.com>
Date: Tue Apr 20 19:35:00 2021 +0300
memcg: Enable accounting for new namespaces and struct nsproxy
Container admin can create new namespaces and force kernel to allocate
up to several pages of memory for the namespaces and its associated
structures.
Net and uts namespaces have enabled accounting for such allocations.
It makes sense to account for rest ones to restrict the host's memory
consumption from inside the memcg-limited container.
https://jira.sw.ru/browse/PSBM-120694
Signed-off-by: Vasily Averin <vvs at virtuozzo.com>
---
fs/namespace.c | 2 +-
ipc/namespace.c | 2 +-
kernel/cgroup/namespace.c | 2 +-
kernel/nsproxy.c | 2 +-
kernel/pid_namespace.c | 2 +-
kernel/user_namespace.c | 2 +-
6 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/fs/namespace.c b/fs/namespace.c
index ee0333b84a9d..8b07ab1bff61 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -3285,7 +3285,7 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns, bool a
if (!ucounts)
return ERR_PTR(-ENOSPC);
- new_ns = kzalloc(sizeof(struct mnt_namespace), GFP_KERNEL);
+ new_ns = kzalloc(sizeof(struct mnt_namespace), GFP_KERNEL_ACCOUNT);
if (!new_ns) {
dec_mnt_namespaces(ucounts);
return ERR_PTR(-ENOMEM);
diff --git a/ipc/namespace.c b/ipc/namespace.c
index 21607791d62c..f3038017df2d 100644
--- a/ipc/namespace.c
+++ b/ipc/namespace.c
@@ -42,7 +42,7 @@ static struct ipc_namespace *create_ipc_ns(struct user_namespace *user_ns,
goto fail;
err = -ENOMEM;
- ns = kmalloc(sizeof(struct ipc_namespace), GFP_KERNEL);
+ ns = kmalloc(sizeof(struct ipc_namespace), GFP_KERNEL_ACCOUNT);
if (ns == NULL)
goto fail_dec;
diff --git a/kernel/cgroup/namespace.c b/kernel/cgroup/namespace.c
index b05f1dd58a62..4b8432cc8040 100644
--- a/kernel/cgroup/namespace.c
+++ b/kernel/cgroup/namespace.c
@@ -24,7 +24,7 @@ static struct cgroup_namespace *alloc_cgroup_ns(void)
struct cgroup_namespace *new_ns;
int ret;
- new_ns = kzalloc(sizeof(struct cgroup_namespace), GFP_KERNEL);
+ new_ns = kzalloc(sizeof(struct cgroup_namespace), GFP_KERNEL_ACCOUNT);
if (!new_ns)
return ERR_PTR(-ENOMEM);
ret = ns_alloc_inum(&new_ns->ns);
diff --git a/kernel/nsproxy.c b/kernel/nsproxy.c
index f6c5d330059a..75587c136ec3 100644
--- a/kernel/nsproxy.c
+++ b/kernel/nsproxy.c
@@ -272,6 +272,6 @@ SYSCALL_DEFINE2(setns, int, fd, int, nstype)
int __init nsproxy_cache_init(void)
{
- nsproxy_cachep = KMEM_CACHE(nsproxy, SLAB_PANIC);
+ nsproxy_cachep = KMEM_CACHE(nsproxy, SLAB_PANIC | SLAB_ACCOUNT);
return 0;
}
diff --git a/kernel/pid_namespace.c b/kernel/pid_namespace.c
index 6d6f80e1ee17..2529acfd5891 100644
--- a/kernel/pid_namespace.c
+++ b/kernel/pid_namespace.c
@@ -462,7 +462,7 @@ const struct proc_ns_operations pidns_for_children_operations = {
static __init int pid_namespaces_init(void)
{
- pid_ns_cachep = KMEM_CACHE(pid_namespace, SLAB_PANIC);
+ pid_ns_cachep = KMEM_CACHE(pid_namespace, SLAB_PANIC | SLAB_ACCOUNT);
#ifdef CONFIG_CHECKPOINT_RESTORE
register_sysctl_paths(kern_path, pid_ns_ctl_table);
diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
index 459b88044c62..19d7c214e8f9 100644
--- a/kernel/user_namespace.c
+++ b/kernel/user_namespace.c
@@ -1342,7 +1342,7 @@ const struct proc_ns_operations userns_operations = {
static __init int user_namespaces_init(void)
{
- user_ns_cachep = KMEM_CACHE(user_namespace, SLAB_PANIC);
+ user_ns_cachep = KMEM_CACHE(user_namespace, SLAB_PANIC | SLAB_ACCOUNT);
return 0;
}
subsys_initcall(user_namespaces_init);
More information about the Devel
mailing list