From patchwork Wed Apr 28 06:51:37 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vasily Averin X-Patchwork-Id: 429157 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.1 required=3.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, USER_AGENT_SANE_1 autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id C4967C433B4 for ; Wed, 28 Apr 2021 06:51:41 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id A039861151 for ; Wed, 28 Apr 2021 06:51:41 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235087AbhD1GwY (ORCPT ); Wed, 28 Apr 2021 02:52:24 -0400 Received: from relay.sw.ru ([185.231.240.75]:47972 "EHLO relay.sw.ru" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229643AbhD1GwX (ORCPT ); Wed, 28 Apr 2021 02:52:23 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=virtuozzo.com; s=relay; h=Content-Type:MIME-Version:Date:Message-ID:Subject :From; bh=uOkZzTEzLDYGvDz2EcEVr3MAZr7Fo0gfzmPbZqUA8K8=; b=uBHyQL/qzSLGNjtcp4T 9v/VlJZgqAC/tEFcRWoI7drtzee5TyxhPIfWNcyOkZxKw+WAMTByVvWYzQpkMY8GXsHazOKWNhDNX N+9sqff67+7Gp63oLu2FXgScpz7x8CPQDiB6CzA+m3DOWdNUQUGMbnfsO4xmmJ/4Bo5XB1P6gR8= Received: from [10.93.0.56] by relay.sw.ru with esmtp (Exim 4.94) (envelope-from ) id 1lbe2r-001Vi7-OL; Wed, 28 Apr 2021 09:51:37 +0300 From: Vasily Averin Subject: [PATCH v4 01/16] memcg: enable accounting for net_device and Tx/Rx queues To: cgroups@vger.kernel.org, Michal Hocko , Shakeel Butt , Johannes Weiner , Vladimir Davydov Cc: Roman Gushchin , "David S. Miller" , Jakub Kicinski , netdev@vger.kernel.org, linux-kernel@vger.kernel.org References: <8664122a-99d3-7199-869a-781b21b7e712@virtuozzo.com> Message-ID: Date: Wed, 28 Apr 2021 09:51:37 +0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.7.1 MIME-Version: 1.0 In-Reply-To: <8664122a-99d3-7199-869a-781b21b7e712@virtuozzo.com> Content-Language: en-US Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Container netadmin can create a lot of fake net devices, then create a new net namespace and repeat it again and again. Net device can request the creation of up to 4096 tx and rx queues, and force kernel to allocate up to several tens of megabytes memory per net device. It makes sense to account for them to restrict the host's memory consumption from inside the memcg-limited container. Signed-off-by: Vasily Averin --- net/core/dev.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/net/core/dev.c b/net/core/dev.c index 1f79b9a..87b1e80 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -9994,7 +9994,7 @@ static int netif_alloc_rx_queues(struct net_device *dev) BUG_ON(count < 1); - rx = kvzalloc(sz, GFP_KERNEL | __GFP_RETRY_MAYFAIL); + rx = kvzalloc(sz, GFP_KERNEL_ACCOUNT | __GFP_RETRY_MAYFAIL); if (!rx) return -ENOMEM; @@ -10061,7 +10061,7 @@ static int netif_alloc_netdev_queues(struct net_device *dev) if (count < 1 || count > 0xffff) return -EINVAL; - tx = kvzalloc(sz, GFP_KERNEL | __GFP_RETRY_MAYFAIL); + tx = kvzalloc(sz, GFP_KERNEL_ACCOUNT | __GFP_RETRY_MAYFAIL); if (!tx) return -ENOMEM; @@ -10693,7 +10693,7 @@ struct net_device *alloc_netdev_mqs(int sizeof_priv, const char *name, /* ensure 32-byte alignment of whole construct */ alloc_size += NETDEV_ALIGN - 1; - p = kvzalloc(alloc_size, GFP_KERNEL | __GFP_RETRY_MAYFAIL); + p = kvzalloc(alloc_size, GFP_KERNEL_ACCOUNT | __GFP_RETRY_MAYFAIL); if (!p) return NULL; From patchwork Wed Apr 28 06:52:06 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vasily Averin X-Patchwork-Id: 429156 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.1 required=3.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, USER_AGENT_SANE_1 autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 43484C433ED for ; Wed, 28 Apr 2021 06:52:11 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 1C91061400 for ; Wed, 28 Apr 2021 06:52:11 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236502AbhD1Gwy (ORCPT ); Wed, 28 Apr 2021 02:52:54 -0400 Received: from relay.sw.ru ([185.231.240.75]:48130 "EHLO relay.sw.ru" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236455AbhD1Gwx (ORCPT ); Wed, 28 Apr 2021 02:52:53 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=virtuozzo.com; s=relay; h=Content-Type:MIME-Version:Date:Message-ID:Subject :From; bh=uHSxH+z24mqnhtuT7lZ5lO0b/1FeyBNtouCJgBY3h2Q=; b=UhuFDXFpdKw/Azjt+8Z 6n5iO5GJCcMWCv99YJKfXeEoSS5QBI8DND5GKRYWEAyTj2+Si9LtKU5eNeVk08GiblbV5A2grEYYG W7gISKrRGq14qhcU61oRFl46LS4cfScaUxJvg4IHGgIKtGaOg0J4wk6Tnc8oJtN+yPpmchpdHFE= Received: from [10.93.0.56] by relay.sw.ru with esmtp (Exim 4.94) (envelope-from ) id 1lbe3L-001Vio-4y; Wed, 28 Apr 2021 09:52:07 +0300 From: Vasily Averin Subject: [PATCH v4 04/16] memcg: enable accounting for VLAN group array To: cgroups@vger.kernel.org, Michal Hocko , Shakeel Butt , Johannes Weiner , Vladimir Davydov Cc: Roman Gushchin , "David S. Miller" , Jakub Kicinski , netdev@vger.kernel.org, linux-kernel@vger.kernel.org References: <8664122a-99d3-7199-869a-781b21b7e712@virtuozzo.com> Message-ID: Date: Wed, 28 Apr 2021 09:52:06 +0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.7.1 MIME-Version: 1.0 In-Reply-To: <8664122a-99d3-7199-869a-781b21b7e712@virtuozzo.com> Content-Language: en-US Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org vlan array consume up to 8 pages of memory per net device. It makes sense to account for them to restrict the host's memory consumption from inside the memcg-limited container. Signed-off-by: Vasily Averin --- net/8021q/vlan.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/8021q/vlan.c b/net/8021q/vlan.c index 8b644113..d0a579d4 100644 --- a/net/8021q/vlan.c +++ b/net/8021q/vlan.c @@ -67,7 +67,7 @@ static int vlan_group_prealloc_vid(struct vlan_group *vg, return 0; size = sizeof(struct net_device *) * VLAN_GROUP_ARRAY_PART_LEN; - array = kzalloc(size, GFP_KERNEL); + array = kzalloc(size, GFP_KERNEL_ACCOUNT); if (array == NULL) return -ENOBUFS; From patchwork Wed Apr 28 06:52:23 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vasily Averin X-Patchwork-Id: 429155 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.1 required=3.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, USER_AGENT_SANE_1 autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 70743C433B4 for ; Wed, 28 Apr 2021 06:52:29 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 3FD8F610F7 for ; Wed, 28 Apr 2021 06:52:29 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236461AbhD1GxM (ORCPT ); Wed, 28 Apr 2021 02:53:12 -0400 Received: from relay.sw.ru ([185.231.240.75]:48210 "EHLO relay.sw.ru" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236596AbhD1GxK (ORCPT ); Wed, 28 Apr 2021 02:53:10 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=virtuozzo.com; s=relay; h=Content-Type:MIME-Version:Date:Message-ID:Subject :From; bh=SkoUid64jfWnCkxDzH08xkMfbWx02U1lgMhR2hvrunE=; b=GCzcIZi0eDzeq0ZbegH iERufDLHLjssGvo/t8qr90tulNdqAY5tC9zzRrxP3GXb7/tx1XDm1wWUttJGFLWc+R6l+W5VH4/h9 9zQsmctC8mirothvNwKqpdOEtHLmNVElDEAi6oo7aKlttk0vWFApIhLLH499gPwpavCXSMVjwHM= Received: from [10.93.0.56] by relay.sw.ru with esmtp (Exim 4.94) (envelope-from ) id 1lbe3c-001VjE-9e; Wed, 28 Apr 2021 09:52:24 +0300 From: Vasily Averin Subject: [PATCH v4 06/16] memcg: enable accounting for scm_fp_list objects To: cgroups@vger.kernel.org, Michal Hocko , Shakeel Butt , Johannes Weiner , Vladimir Davydov Cc: Roman Gushchin , "David S. Miller" , Jakub Kicinski , netdev@vger.kernel.org, linux-kernel@vger.kernel.org References: <8664122a-99d3-7199-869a-781b21b7e712@virtuozzo.com> Message-ID: Date: Wed, 28 Apr 2021 09:52:23 +0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.7.1 MIME-Version: 1.0 In-Reply-To: <8664122a-99d3-7199-869a-781b21b7e712@virtuozzo.com> Content-Language: en-US Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org unix sockets allows to send file descriptors via SCM_RIGHTS type messages. Each such send call forces kernel to allocate up to 2Kb memory for struct scm_fp_list. It makes sense to account for them to restrict the host's memory consumption from inside the memcg-limited container. Signed-off-by: Vasily Averin --- net/core/scm.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/core/scm.c b/net/core/scm.c index 8156d4f..e837e4f 100644 --- a/net/core/scm.c +++ b/net/core/scm.c @@ -79,7 +79,7 @@ static int scm_fp_copy(struct cmsghdr *cmsg, struct scm_fp_list **fplp) if (!fpl) { - fpl = kmalloc(sizeof(struct scm_fp_list), GFP_KERNEL); + fpl = kmalloc(sizeof(struct scm_fp_list), GFP_KERNEL_ACCOUNT); if (!fpl) return -ENOMEM; *fplp = fpl; @@ -348,7 +348,7 @@ struct scm_fp_list *scm_fp_dup(struct scm_fp_list *fpl) return NULL; new_fpl = kmemdup(fpl, offsetof(struct scm_fp_list, fp[fpl->count]), - GFP_KERNEL); + GFP_KERNEL_ACCOUNT); if (new_fpl) { for (i = 0; i < fpl->count; i++) get_file(fpl->fp[i]);