[Devel] [PATCH RHEL COMMIT] ms/memcg: enable accounting for net_device and Tx/Rx queues

Konstantin Khorenko khorenko at virtuozzo.com
Tue Sep 28 14:05:10 MSK 2021


The commit is pushed to "branch-rh9-5.14.vz9.1.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after ark-5.14
------>
commit d08a8a974b02470cc38a9a13e21eca5f37c55a95
Author: Vasily Averin <vvs at virtuozzo.com>
Date:   Tue Sep 28 14:05:10 2021 +0300

    ms/memcg: enable accounting for net_device and Tx/Rx queues
    
    Container netadmin can create a lot of fake net devices,
    then create a new net namespace and repeat it again and again.
    Net device can request the creation of up to 4096 tx and rx queues,
    and force kernel to allocate up to several tens of megabytes memory
    per net device.
    
    It makes sense to account for them to restrict the host's memory
    consumption from inside the memcg-limited container.
    
    Signed-off-by: Vasily Averin <vvs at virtuozzo.com>
    
    Signed-off-by: David S. Miller <davem at davemloft.net>
    (cherry picked from commit c948f51c1654218af2161840014c9dcbf7c89464)
    https://jira.sw.ru/browse/PSBM-133990
    Signed-off-by: Vasily Averin <vvs at virtuozzo.com>
---
 net/core/dev.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/net/core/dev.c b/net/core/dev.c
index 0781cf7e234e..3500c9544d27 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -10135,7 +10135,7 @@ static int netif_alloc_rx_queues(struct net_device *dev)
 
 	BUG_ON(count < 1);
 
-	rx = kvzalloc(sz, GFP_KERNEL | __GFP_RETRY_MAYFAIL);
+	rx = kvzalloc(sz, GFP_KERNEL_ACCOUNT | __GFP_RETRY_MAYFAIL);
 	if (!rx)
 		return -ENOMEM;
 
@@ -10202,7 +10202,7 @@ static int netif_alloc_netdev_queues(struct net_device *dev)
 	if (count < 1 || count > 0xffff)
 		return -EINVAL;
 
-	tx = kvzalloc(sz, GFP_KERNEL | __GFP_RETRY_MAYFAIL);
+	tx = kvzalloc(sz, GFP_KERNEL_ACCOUNT | __GFP_RETRY_MAYFAIL);
 	if (!tx)
 		return -ENOMEM;
 
@@ -10846,7 +10846,7 @@ struct net_device *alloc_netdev_mqs(int sizeof_priv, const char *name,
 	/* ensure 32-byte alignment of whole construct */
 	alloc_size += NETDEV_ALIGN - 1;
 
-	p = kvzalloc(alloc_size, GFP_KERNEL | __GFP_RETRY_MAYFAIL);
+	p = kvzalloc(alloc_size, GFP_KERNEL_ACCOUNT | __GFP_RETRY_MAYFAIL);
 	if (!p)
 		return NULL;
 


More information about the Devel mailing list