From patchwork Thu Apr 22 10:36:06 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vasily Averin X-Patchwork-Id: 426765 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.1 required=3.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, USER_AGENT_SANE_1 autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6C81AC433B4 for ; Thu, 22 Apr 2021 10:36:12 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 4016361428 for ; Thu, 22 Apr 2021 10:36:12 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235917AbhDVKgp (ORCPT ); Thu, 22 Apr 2021 06:36:45 -0400 Received: from relay.sw.ru ([185.231.240.75]:33262 "EHLO relay.sw.ru" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235513AbhDVKgn (ORCPT ); Thu, 22 Apr 2021 06:36:43 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=virtuozzo.com; s=relay; h=Content-Type:MIME-Version:Date:Message-ID:Subject :From; bh=uOkZzTEzLDYGvDz2EcEVr3MAZr7Fo0gfzmPbZqUA8K8=; b=IJW2qTrUgmj+QbyXTMS sn1XsfjzFp8BDDhkt1pTpTw5KMJeeSLci/BuLsZXus52iIzs3YmodO0VSewya7W8Lwn0MGc8Kh+qD rwdqGhv3wCgP4vsIkHDcYkuyejvIn5qT9OGwVGTBs8nk6wGXJvnizglEDtcDBongh8YbhorRn50= Received: from [10.93.0.56] by relay.sw.ru with esmtp (Exim 4.94) (envelope-from ) id 1lZWgo-001AKn-KF; Thu, 22 Apr 2021 13:36:06 +0300 From: Vasily Averin Subject: [PATCH v3 01/16] memcg: enable accounting for net_device and Tx/Rx queues To: cgroups@vger.kernel.org, Michal Hocko , Shakeel Butt , Johannes Weiner , Vladimir Davydov Cc: Roman Gushchin , "David S. Miller" , Jakub Kicinski , netdev@vger.kernel.org References: Message-ID: <63329bfe-a000-a450-fdd2-be829aee8762@virtuozzo.com> Date: Thu, 22 Apr 2021 13:36:06 +0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.7.1 MIME-Version: 1.0 In-Reply-To: Content-Language: en-US Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Container netadmin can create a lot of fake net devices, then create a new net namespace and repeat it again and again. Net device can request the creation of up to 4096 tx and rx queues, and force kernel to allocate up to several tens of megabytes memory per net device. It makes sense to account for them to restrict the host's memory consumption from inside the memcg-limited container. Signed-off-by: Vasily Averin --- net/core/dev.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/net/core/dev.c b/net/core/dev.c index 1f79b9a..87b1e80 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -9994,7 +9994,7 @@ static int netif_alloc_rx_queues(struct net_device *dev) BUG_ON(count < 1); - rx = kvzalloc(sz, GFP_KERNEL | __GFP_RETRY_MAYFAIL); + rx = kvzalloc(sz, GFP_KERNEL_ACCOUNT | __GFP_RETRY_MAYFAIL); if (!rx) return -ENOMEM; @@ -10061,7 +10061,7 @@ static int netif_alloc_netdev_queues(struct net_device *dev) if (count < 1 || count > 0xffff) return -EINVAL; - tx = kvzalloc(sz, GFP_KERNEL | __GFP_RETRY_MAYFAIL); + tx = kvzalloc(sz, GFP_KERNEL_ACCOUNT | __GFP_RETRY_MAYFAIL); if (!tx) return -ENOMEM; @@ -10693,7 +10693,7 @@ struct net_device *alloc_netdev_mqs(int sizeof_priv, const char *name, /* ensure 32-byte alignment of whole construct */ alloc_size += NETDEV_ALIGN - 1; - p = kvzalloc(alloc_size, GFP_KERNEL | __GFP_RETRY_MAYFAIL); + p = kvzalloc(alloc_size, GFP_KERNEL_ACCOUNT | __GFP_RETRY_MAYFAIL); if (!p) return NULL; From patchwork Thu Apr 22 10:36:21 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vasily Averin X-Patchwork-Id: 426764 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.1 required=3.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, USER_AGENT_SANE_1 autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id ADA11C433B4 for ; Thu, 22 Apr 2021 10:36:38 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 82788613DC for ; Thu, 22 Apr 2021 10:36:38 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235940AbhDVKhL (ORCPT ); Thu, 22 Apr 2021 06:37:11 -0400 Received: from relay.sw.ru ([185.231.240.75]:33324 "EHLO relay.sw.ru" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235957AbhDVKg5 (ORCPT ); Thu, 22 Apr 2021 06:36:57 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=virtuozzo.com; s=relay; h=Content-Type:MIME-Version:Date:Message-ID:Subject :From; bh=EhwGW+7oUO0ZGtOX5hqiXU1opkapMpApXMMWDDQ0M7c=; b=U0p9V0y92QqPlPmwyLP Ij2mib0oK0Fopw+6pCzjkGd01bK2muRNJQ0AJOKlk1jd/iDErBO8/vKzVWiuN5bOjRjZneqt7C+VC 7b0zrLguxOJupzEiO3brTalsK9OpA+NFCb51BNjiiW7eG/VUfuTUgdfAWbTWftis5EfLw8deFKA= Received: from [10.93.0.56] by relay.sw.ru with esmtp (Exim 4.94) (envelope-from ) id 1lZWh3-001ALC-Py; Thu, 22 Apr 2021 13:36:21 +0300 From: Vasily Averin Subject: [PATCH v3 03/16] memcg: enable accounting for inet_bin_bucket cache To: cgroups@vger.kernel.org, Michal Hocko , Shakeel Butt , Johannes Weiner , Vladimir Davydov Cc: Roman Gushchin , Eric Dumazet , "David S. Miller" , Jakub Kicinski , Hideaki YOSHIFUJI , David Ahern , netdev@vger.kernel.org References: Message-ID: <1e65700c-b770-61c3-524e-28a26352843c@virtuozzo.com> Date: Thu, 22 Apr 2021 13:36:21 +0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.7.1 MIME-Version: 1.0 In-Reply-To: Content-Language: en-US Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org net namespace can create up to 64K tcp and dccp ports and force kernel to allocate up to several megabytes of memory per netns for inet_bind_bucket objects. It makes sense to account for them to restrict the host's memory consumption from inside the memcg-limited container. Signed-off-by: Vasily Averin --- net/dccp/proto.c | 2 +- net/ipv4/tcp.c | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/net/dccp/proto.c b/net/dccp/proto.c index 6d705d9..f90d1e8 100644 --- a/net/dccp/proto.c +++ b/net/dccp/proto.c @@ -1126,7 +1126,7 @@ static int __init dccp_init(void) dccp_hashinfo.bind_bucket_cachep = kmem_cache_create("dccp_bind_bucket", sizeof(struct inet_bind_bucket), 0, - SLAB_HWCACHE_ALIGN, NULL); + SLAB_HWCACHE_ALIGN | SLAB_ACCOUNT, NULL); if (!dccp_hashinfo.bind_bucket_cachep) goto out_free_hashinfo2; diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c index de7cc84..5817a86b 100644 --- a/net/ipv4/tcp.c +++ b/net/ipv4/tcp.c @@ -4498,7 +4498,9 @@ void __init tcp_init(void) tcp_hashinfo.bind_bucket_cachep = kmem_cache_create("tcp_bind_bucket", sizeof(struct inet_bind_bucket), 0, - SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL); + SLAB_HWCACHE_ALIGN | SLAB_PANIC | + SLAB_ACCOUNT, + NULL); /* Size and allocate the main established and bind bucket * hash tables. From patchwork Thu Apr 22 10:36:30 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vasily Averin X-Patchwork-Id: 426187 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.1 required=3.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, USER_AGENT_SANE_1 autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7A4C8C433B4 for ; Thu, 22 Apr 2021 10:36:44 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 36675611CC for ; Thu, 22 Apr 2021 10:36:44 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235950AbhDVKhQ (ORCPT ); Thu, 22 Apr 2021 06:37:16 -0400 Received: from relay.sw.ru ([185.231.240.75]:33366 "EHLO relay.sw.ru" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235955AbhDVKhI (ORCPT ); Thu, 22 Apr 2021 06:37:08 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=virtuozzo.com; s=relay; h=Content-Type:MIME-Version:Date:Message-ID:Subject :From; bh=uHSxH+z24mqnhtuT7lZ5lO0b/1FeyBNtouCJgBY3h2Q=; b=cohcaQzojQvriQ2f8Hy wZqZDZdALIYZfwXouBfTKtx9juQ4X62nixX6BQ40z7LgeST5XRTBsSK6I0k6ECVSJoSAMtAZJruPT /LMNsW6JEuV56/bD6zZcRneWrsv2Hmjy6+oIynD4luXiXwpjIoVyKqBvfqA4kJfFlmXQSHZhFLI= Received: from [10.93.0.56] by relay.sw.ru with esmtp (Exim 4.94) (envelope-from ) id 1lZWhC-001ALQ-My; Thu, 22 Apr 2021 13:36:30 +0300 From: Vasily Averin Subject: [PATCH v3 04/16] memcg: enable accounting for VLAN group array To: cgroups@vger.kernel.org, Michal Hocko , Shakeel Butt , Johannes Weiner , Vladimir Davydov Cc: Roman Gushchin , "David S. Miller" , Jakub Kicinski , netdev@vger.kernel.org References: Message-ID: <4fcc28c6-8451-c7e3-b6fb-5af5dd0a3553@virtuozzo.com> Date: Thu, 22 Apr 2021 13:36:30 +0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.7.1 MIME-Version: 1.0 In-Reply-To: Content-Language: en-US Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org vlan array consume up to 8 pages of memory per net device. It makes sense to account for them to restrict the host's memory consumption from inside the memcg-limited container. Signed-off-by: Vasily Averin --- net/8021q/vlan.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/8021q/vlan.c b/net/8021q/vlan.c index 8b644113..d0a579d4 100644 --- a/net/8021q/vlan.c +++ b/net/8021q/vlan.c @@ -67,7 +67,7 @@ static int vlan_group_prealloc_vid(struct vlan_group *vg, return 0; size = sizeof(struct net_device *) * VLAN_GROUP_ARRAY_PART_LEN; - array = kzalloc(size, GFP_KERNEL); + array = kzalloc(size, GFP_KERNEL_ACCOUNT); if (array == NULL) return -ENOBUFS; From patchwork Thu Apr 22 10:36:40 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vasily Averin X-Patchwork-Id: 426763 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.1 required=3.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, USER_AGENT_SANE_1 autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id DD9BBC433B4 for ; Thu, 22 Apr 2021 10:36:47 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id A50A361458 for ; Thu, 22 Apr 2021 10:36:47 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235948AbhDVKhU (ORCPT ); Thu, 22 Apr 2021 06:37:20 -0400 Received: from relay.sw.ru ([185.231.240.75]:33424 "EHLO relay.sw.ru" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235998AbhDVKhQ (ORCPT ); Thu, 22 Apr 2021 06:37:16 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=virtuozzo.com; s=relay; h=Content-Type:MIME-Version:Date:Message-ID:Subject :From; bh=g4kPPij7yw/SNe+T6KcFKxDI8sjPhlS263iU2VL1Y74=; b=BZPkBqyT53/99DufxDE TYVeyViV37StggjdRlsUiG9OLi+M31kDNcoAjueC6/k4YUIWCGifONDyEs/WliCfKFoo+TwZYbenR sXTpSh4bAG0mUJHl5QXJmVP6tufbJOnDzm/g/jnRzYiYzqsnJbV4+1d0GqEX7O3XuvkaXPW7GN4= Received: from [10.93.0.56] by relay.sw.ru with esmtp (Exim 4.94) (envelope-from ) id 1lZWhM-001ALd-EK; Thu, 22 Apr 2021 13:36:40 +0300 From: Vasily Averin Subject: [PATCH v3 05/16] memcg: ipv6/sit: account and don't WARN on ip_tunnel_prl structs allocation To: cgroups@vger.kernel.org, Michal Hocko , Shakeel Butt , Johannes Weiner , Vladimir Davydov Cc: Roman Gushchin , "David S. Miller" , Jakub Kicinski , Hideaki YOSHIFUJI , David Ahern , netdev@vger.kernel.org References: Message-ID: <2053653d-a975-59bf-0f16-7d4fddf923fa@virtuozzo.com> Date: Thu, 22 Apr 2021 13:36:40 +0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.7.1 MIME-Version: 1.0 In-Reply-To: Content-Language: en-US Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Author: Andrey Ryabinin The size of the ip_tunnel_prl structs allocation is controllable from user-space, thus it's better to avoid spam in dmesg if allocation failed. Also add __GFP_ACCOUNT as this is a good candidate for per-memcg accounting. Allocation is temporary and limited by 4GB. Signed-off-by: Andrey Ryabinin Signed-off-by: Vasily Averin --- net/ipv6/sit.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c index 9fdccf0..2ba147c 100644 --- a/net/ipv6/sit.c +++ b/net/ipv6/sit.c @@ -320,7 +320,7 @@ static int ipip6_tunnel_get_prl(struct net_device *dev, struct ifreq *ifr) * we try harder to allocate. */ kp = (cmax <= 1 || capable(CAP_NET_ADMIN)) ? - kcalloc(cmax, sizeof(*kp), GFP_KERNEL | __GFP_NOWARN) : + kcalloc(cmax, sizeof(*kp), GFP_KERNEL_ACCOUNT | __GFP_NOWARN) : NULL; rcu_read_lock(); @@ -333,7 +333,8 @@ static int ipip6_tunnel_get_prl(struct net_device *dev, struct ifreq *ifr) * For root users, retry allocating enough memory for * the answer. */ - kp = kcalloc(ca, sizeof(*kp), GFP_ATOMIC); + kp = kcalloc(ca, sizeof(*kp), GFP_ATOMIC | __GFP_ACCOUNT | + __GFP_NOWARN); if (!kp) { ret = -ENOMEM; goto out; From patchwork Thu Apr 22 10:36:48 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vasily Averin X-Patchwork-Id: 426186 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.1 required=3.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, USER_AGENT_SANE_1 autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 18F0BC433ED for ; Thu, 22 Apr 2021 10:36:53 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id DB72F61450 for ; Thu, 22 Apr 2021 10:36:52 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235988AbhDVKh0 (ORCPT ); Thu, 22 Apr 2021 06:37:26 -0400 Received: from relay.sw.ru ([185.231.240.75]:33480 "EHLO relay.sw.ru" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236008AbhDVKhY (ORCPT ); Thu, 22 Apr 2021 06:37:24 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=virtuozzo.com; s=relay; h=Content-Type:MIME-Version:Date:Message-ID:Subject :From; bh=SkoUid64jfWnCkxDzH08xkMfbWx02U1lgMhR2hvrunE=; b=M0ytvzFU20jfoZ0ah// n2t+nSFQEXAqq/EilM0XSd2D69FoejlXb3IVllJE64fjgW8EjmbKbRI4ppZsBiL73Gk7KhakdAH5c aP9DdEyWeOKvMASwItUuaws0+RAmeZLARy80CHodyqALO0T0UZB/F0d3w2BqKgZP2SxY9fR6d+g= Received: from [10.93.0.56] by relay.sw.ru with esmtp (Exim 4.94) (envelope-from ) id 1lZWhU-001ALs-JX; Thu, 22 Apr 2021 13:36:48 +0300 From: Vasily Averin Subject: [PATCH v3 06/16] memcg: enable accounting for scm_fp_list objects To: cgroups@vger.kernel.org, Michal Hocko , Shakeel Butt , Johannes Weiner , Vladimir Davydov Cc: Roman Gushchin , "David S. Miller" , Jakub Kicinski , netdev@vger.kernel.org References: Message-ID: <9b82c165-5138-3c03-4a1d-1f16bd8416ef@virtuozzo.com> Date: Thu, 22 Apr 2021 13:36:48 +0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.7.1 MIME-Version: 1.0 In-Reply-To: Content-Language: en-US Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org unix sockets allows to send file descriptors via SCM_RIGHTS type messages. Each such send call forces kernel to allocate up to 2Kb memory for struct scm_fp_list. It makes sense to account for them to restrict the host's memory consumption from inside the memcg-limited container. Signed-off-by: Vasily Averin --- net/core/scm.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/core/scm.c b/net/core/scm.c index 8156d4f..e837e4f 100644 --- a/net/core/scm.c +++ b/net/core/scm.c @@ -79,7 +79,7 @@ static int scm_fp_copy(struct cmsghdr *cmsg, struct scm_fp_list **fplp) if (!fpl) { - fpl = kmalloc(sizeof(struct scm_fp_list), GFP_KERNEL); + fpl = kmalloc(sizeof(struct scm_fp_list), GFP_KERNEL_ACCOUNT); if (!fpl) return -ENOMEM; *fplp = fpl; @@ -348,7 +348,7 @@ struct scm_fp_list *scm_fp_dup(struct scm_fp_list *fpl) return NULL; new_fpl = kmemdup(fpl, offsetof(struct scm_fp_list, fp[fpl->count]), - GFP_KERNEL); + GFP_KERNEL_ACCOUNT); if (new_fpl) { for (i = 0; i < fpl->count; i++) get_file(fpl->fp[i]);