From: "Serge E. Hallyn" <serge@hallyn.com>
To: Vasily Averin <vvs@virtuozzo.com>
Cc: cgroups@vger.kernel.org, Michal Hocko <mhocko@kernel.org>,
Shakeel Butt <shakeelb@google.com>,
Johannes Weiner <hannes@cmpxchg.org>,
Vladimir Davydov <vdavydov.dev@gmail.com>,
Roman Gushchin <guro@fb.com>,
Alexander Viro <viro@zeniv.linux.org.uk>,
Tejun Heo <tj@kernel.org>,
Andrew Morton <akpm@linux-foundation.org>,
Zefan Li <lizefan.x@bytedance.com>,
Thomas Gleixner <tglx@linutronix.de>,
Christian Brauner <christian.brauner@ubuntu.com>,
Kirill Tkhai <ktkhai@virtuozzo.com>,
Serge Hallyn <serge@hallyn.com>, Andrei Vagin <avagin@gmail.com>,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH v4 07/16] memcg: enable accounting for new namesapces and struct nsproxy
Date: Fri, 7 May 2021 08:45:28 -0500 [thread overview]
Message-ID: <20210507134528.GA22665@mail.hallyn.com> (raw)
In-Reply-To: <fcec18da-0e46-a29e-0a67-26bd024146b1@virtuozzo.com>
On Wed, Apr 28, 2021 at 09:52:43AM +0300, Vasily Averin wrote:
> Container admin can create new namespaces and force kernel to allocate
> up to several pages of memory for the namespaces and its associated
> structures.
> Net and uts namespaces have enabled accounting for such allocations.
> It makes sense to account for rest ones to restrict the host's memory
> consumption from inside the memcg-limited container.
>
> Signed-off-by: Vasily Averin <vvs@virtuozzo.com>
makes sense.
Acked-by: Serge Hallyn <serge@hallyn.com>
> ---
> fs/namespace.c | 2 +-
> ipc/namespace.c | 2 +-
> kernel/cgroup/namespace.c | 2 +-
> kernel/nsproxy.c | 2 +-
> kernel/pid_namespace.c | 2 +-
> kernel/time/namespace.c | 4 ++--
> kernel/user_namespace.c | 2 +-
> 7 files changed, 8 insertions(+), 8 deletions(-)
>
> diff --git a/fs/namespace.c b/fs/namespace.c
> index 56bb5a5..5ecfa349 100644
> --- a/fs/namespace.c
> +++ b/fs/namespace.c
> @@ -3286,7 +3286,7 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns, bool a
> if (!ucounts)
> return ERR_PTR(-ENOSPC);
>
> - new_ns = kzalloc(sizeof(struct mnt_namespace), GFP_KERNEL);
> + new_ns = kzalloc(sizeof(struct mnt_namespace), GFP_KERNEL_ACCOUNT);
> if (!new_ns) {
> dec_mnt_namespaces(ucounts);
> return ERR_PTR(-ENOMEM);
> diff --git a/ipc/namespace.c b/ipc/namespace.c
> index 7bd0766..ae83f0f 100644
> --- a/ipc/namespace.c
> +++ b/ipc/namespace.c
> @@ -42,7 +42,7 @@ static struct ipc_namespace *create_ipc_ns(struct user_namespace *user_ns,
> goto fail;
>
> err = -ENOMEM;
> - ns = kzalloc(sizeof(struct ipc_namespace), GFP_KERNEL);
> + ns = kzalloc(sizeof(struct ipc_namespace), GFP_KERNEL_ACCOUNT);
> if (ns == NULL)
> goto fail_dec;
>
> diff --git a/kernel/cgroup/namespace.c b/kernel/cgroup/namespace.c
> index f5e8828..0d5c298 100644
> --- a/kernel/cgroup/namespace.c
> +++ b/kernel/cgroup/namespace.c
> @@ -24,7 +24,7 @@ static struct cgroup_namespace *alloc_cgroup_ns(void)
> struct cgroup_namespace *new_ns;
> int ret;
>
> - new_ns = kzalloc(sizeof(struct cgroup_namespace), GFP_KERNEL);
> + new_ns = kzalloc(sizeof(struct cgroup_namespace), GFP_KERNEL_ACCOUNT);
> if (!new_ns)
> return ERR_PTR(-ENOMEM);
> ret = ns_alloc_inum(&new_ns->ns);
> diff --git a/kernel/nsproxy.c b/kernel/nsproxy.c
> index abc01fc..eec72ca 100644
> --- a/kernel/nsproxy.c
> +++ b/kernel/nsproxy.c
> @@ -568,6 +568,6 @@ static void commit_nsset(struct nsset *nsset)
>
> int __init nsproxy_cache_init(void)
> {
> - nsproxy_cachep = KMEM_CACHE(nsproxy, SLAB_PANIC);
> + nsproxy_cachep = KMEM_CACHE(nsproxy, SLAB_PANIC|SLAB_ACCOUNT);
> return 0;
> }
> diff --git a/kernel/pid_namespace.c b/kernel/pid_namespace.c
> index ca43239..6cd6715 100644
> --- a/kernel/pid_namespace.c
> +++ b/kernel/pid_namespace.c
> @@ -449,7 +449,7 @@ static struct user_namespace *pidns_owner(struct ns_common *ns)
>
> static __init int pid_namespaces_init(void)
> {
> - pid_ns_cachep = KMEM_CACHE(pid_namespace, SLAB_PANIC);
> + pid_ns_cachep = KMEM_CACHE(pid_namespace, SLAB_PANIC | SLAB_ACCOUNT);
>
> #ifdef CONFIG_CHECKPOINT_RESTORE
> register_sysctl_paths(kern_path, pid_ns_ctl_table);
> diff --git a/kernel/time/namespace.c b/kernel/time/namespace.c
> index 12eab0d..aec8328 100644
> --- a/kernel/time/namespace.c
> +++ b/kernel/time/namespace.c
> @@ -88,13 +88,13 @@ static struct time_namespace *clone_time_ns(struct user_namespace *user_ns,
> goto fail;
>
> err = -ENOMEM;
> - ns = kmalloc(sizeof(*ns), GFP_KERNEL);
> + ns = kmalloc(sizeof(*ns), GFP_KERNEL_ACCOUNT);
> if (!ns)
> goto fail_dec;
>
> refcount_set(&ns->ns.count, 1);
>
> - ns->vvar_page = alloc_page(GFP_KERNEL | __GFP_ZERO);
> + ns->vvar_page = alloc_page(GFP_KERNEL_ACCOUNT | __GFP_ZERO);
> if (!ns->vvar_page)
> goto fail_free;
>
> diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
> index 9a4b980..9c6a42b 100644
> --- a/kernel/user_namespace.c
> +++ b/kernel/user_namespace.c
> @@ -1378,7 +1378,7 @@ static struct user_namespace *userns_owner(struct ns_common *ns)
>
> static __init int user_namespaces_init(void)
> {
> - user_ns_cachep = KMEM_CACHE(user_namespace, SLAB_PANIC);
> + user_ns_cachep = KMEM_CACHE(user_namespace, SLAB_PANIC | SLAB_ACCOUNT);
> return 0;
> }
> subsys_initcall(user_namespaces_init);
> --
> 1.8.3.1
next prev parent reply other threads:[~2021-05-07 13:45 UTC|newest]
Thread overview: 101+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <8664122a-99d3-7199-869a-781b21b7e712@virtuozzo.com>
2021-04-28 6:51 ` [PATCH v4 00/16] memcg accounting from OpenVZ Vasily Averin
2021-07-15 17:11 ` Shakeel Butt
2021-07-16 4:11 ` Vasily Averin
2021-07-16 12:55 ` Shakeel Butt
2021-07-19 10:44 ` [PATCH v5 " Vasily Averin
2021-07-26 18:59 ` [PATCH v6 00/16] memcg accounting from Vasily Averin
2021-07-26 21:59 ` David Miller
2021-07-27 4:44 ` [PATCH v6 00/16] memcg accounting from OpenVZ Vasily Averin
2021-07-27 5:33 ` [PATCH v7 00/10] " Vasily Averin
[not found] ` <cover.1627362057.git.vvs@virtuozzo.com>
2021-07-27 5:33 ` [PATCH v7 01/10] memcg: enable accounting for mnt_cache entries Vasily Averin
2021-07-27 6:44 ` Shakeel Butt
2021-07-27 7:21 ` Christian Brauner
2021-07-27 5:33 ` [PATCH v7 02/10] memcg: enable accounting for pollfd and select bits arrays Vasily Averin
2021-07-27 21:39 ` Shakeel Butt
2021-07-27 5:33 ` [PATCH v7 03/10] memcg: enable accounting for file lock caches Vasily Averin
2021-07-27 21:41 ` Shakeel Butt
2021-07-27 5:33 ` [PATCH v7 04/10] memcg: enable accounting for fasync_cache Vasily Averin
2021-07-27 21:50 ` Shakeel Butt
2021-07-27 5:33 ` [PATCH v7 05/10] memcg: enable accounting for new namesapces and struct nsproxy Vasily Averin
2021-07-27 21:51 ` Shakeel Butt
2021-07-27 5:33 ` [PATCH v7 06/10] memcg: enable accounting of ipc resources Vasily Averin
2021-07-27 22:33 ` Shakeel Butt
2021-07-27 5:34 ` [PATCH v7 07/10] memcg: enable accounting for signals Vasily Averin
2021-07-27 5:34 ` [PATCH v7 08/10] memcg: enable accounting for posix_timers_cache slab Vasily Averin
2021-07-27 22:33 ` Shakeel Butt
2021-07-27 5:34 ` [PATCH v7 09/10] memcg: enable accounting for tty-related objects Vasily Averin
2021-07-27 6:09 ` Greg Kroah-Hartman
2021-07-27 6:54 ` Jiri Slaby
2021-07-27 8:02 ` Vasily Averin
2021-07-27 9:26 ` [PATCH TTY] memcg: drop GFP_KERNEL_ACCOUNT use in tty_save_termios() Vasily Averin
2021-07-27 9:32 ` Greg Kroah-Hartman
2022-02-28 9:13 ` [PATCH v2] memcg: enable accounting for tty-related objects Vasily Averin
2021-07-27 9:30 ` [PATCH v7 09/10] " Greg Kroah-Hartman
2021-07-27 5:34 ` [PATCH v7 10/10] memcg: enable accounting for ldt_struct objects Vasily Averin
2021-07-27 22:36 ` Shakeel Butt
[not found] ` <cover.1627321321.git.vvs@virtuozzo.com>
2021-07-26 18:59 ` [PATCH v6 01/16] memcg: enable accounting for net_device and Tx/Rx queues Vasily Averin
2021-07-26 19:00 ` [PATCH v6 02/16] memcg: enable accounting for IP address and routing-related objects Vasily Averin
2021-07-26 19:00 ` [PATCH v6 03/16] memcg: enable accounting for inet_bin_bucket cache Vasily Averin
2021-07-26 19:00 ` [PATCH v6 04/16] memcg: enable accounting for VLAN group array Vasily Averin
2021-07-26 19:00 ` [PATCH v6 05/16] memcg: ipv6/sit: account and don't WARN on ip_tunnel_prl structs allocation Vasily Averin
2021-07-26 19:00 ` [PATCH v6 06/16] memcg: enable accounting for scm_fp_list objects Vasily Averin
2021-07-26 19:00 ` [PATCH v6 07/16] memcg: enable accounting for mnt_cache entries Vasily Averin
2021-07-26 19:00 ` [PATCH v6 08/16] memcg: enable accounting for pollfd and select bits arrays Vasily Averin
2021-07-26 19:01 ` [PATCH v6 09/16] memcg: enable accounting for file lock caches Vasily Averin
2021-07-26 19:01 ` [PATCH v6 10/16] memcg: enable accounting for fasync_cache Vasily Averin
2021-07-26 19:01 ` [PATCH v6 11/16] memcg: enable accounting for new namesapces and struct nsproxy Vasily Averin
2021-07-26 19:58 ` Kirill Tkhai
2021-07-26 19:01 ` [PATCH v6 12/16] memcg: enable accounting of ipc resources Vasily Averin
2021-07-26 19:01 ` [PATCH v6 13/16] memcg: enable accounting for signals Vasily Averin
2021-07-26 19:01 ` [PATCH v6 14/16] memcg: enable accounting for posix_timers_cache slab Vasily Averin
2021-07-26 19:01 ` [PATCH v6 15/16] memcg: enable accounting for tty-related objects Vasily Averin
2021-07-26 19:01 ` [PATCH v6 16/16] memcg: enable accounting for ldt_struct objects Vasily Averin
[not found] ` <cover.1626688654.git.vvs@virtuozzo.com>
2021-07-19 10:44 ` [PATCH v5 01/16] memcg: enable accounting for net_device and Tx/Rx queues Vasily Averin
2021-07-19 10:44 ` [PATCH v5 02/16] memcg: enable accounting for IP address and routing-related objects Vasily Averin
2021-07-19 14:00 ` Dmitry Safonov
2021-07-19 14:22 ` Shakeel Butt
2021-07-19 14:24 ` Dmitry Safonov
2021-07-20 19:26 ` Shakeel Butt
2021-07-26 10:23 ` Vasily Averin
2021-07-26 13:48 ` Shakeel Butt
2021-07-26 16:53 ` [PATCH] memcg: replace in_interrupt() by !in_task() in active_memcg() Vasily Averin
2021-07-26 16:57 ` Shakeel Butt
2021-07-19 10:44 ` [PATCH v5 03/16] memcg: enable accounting for inet_bin_bucket cache Vasily Averin
2021-07-19 10:44 ` [PATCH v5 04/16] memcg: enable accounting for VLAN group array Vasily Averin
2021-07-19 10:44 ` [PATCH v5 05/16] memcg: ipv6/sit: account and don't WARN on ip_tunnel_prl structs allocation Vasily Averin
2021-07-19 10:44 ` [PATCH v5 06/16] memcg: enable accounting for scm_fp_list objects Vasily Averin
2021-07-19 10:45 ` [PATCH v5 07/16] memcg: enable accounting for mnt_cache entries Vasily Averin
2021-07-19 10:45 ` [PATCH v5 08/16] memcg: enable accounting for pollfd and select bits arrays Vasily Averin
2021-07-19 10:45 ` [PATCH v5 09/16] memcg: enable accounting for file lock caches Vasily Averin
2021-07-19 10:45 ` [PATCH v5 10/16] memcg: enable accounting for fasync_cache Vasily Averin
2021-07-19 10:45 ` [PATCH v5 11/16] memcg: enable accounting for new namesapces and struct nsproxy Vasily Averin
2021-07-19 10:45 ` [PATCH v5 12/16] memcg: enable accounting of ipc resources Vasily Averin
2021-07-19 10:45 ` [PATCH v5 13/16] memcg: enable accounting for signals Vasily Averin
2021-07-19 17:32 ` Eric W. Biederman
2021-07-20 8:35 ` Vasily Averin
2021-07-20 14:37 ` Shakeel Butt
2021-07-20 16:42 ` Eric W. Biederman
2021-07-20 19:15 ` Shakeel Butt
2021-07-19 10:45 ` [PATCH v5 14/16] memcg: enable accounting for posix_timers_cache slab Vasily Averin
2021-07-19 10:45 ` [PATCH v5 15/16] memcg: enable accounting for tty-related objects Vasily Averin
2021-07-19 10:46 ` [PATCH v5 16/16] memcg: enable accounting for ldt_struct objects Vasily Averin
2021-04-28 6:51 ` [PATCH v4 01/16] memcg: enable accounting for net_device and Tx/Rx queues Vasily Averin
2021-04-28 6:51 ` [PATCH v4 02/16] memcg: enable accounting for IP address and routing-related objects Vasily Averin
2021-04-28 6:51 ` [PATCH v4 03/16] memcg: enable accounting for inet_bin_bucket cache Vasily Averin
2021-04-28 6:52 ` [PATCH v4 04/16] memcg: enable accounting for VLAN group array Vasily Averin
2021-04-28 6:52 ` [PATCH v4 05/16] memcg: ipv6/sit: account and don't WARN on ip_tunnel_prl structs allocation Vasily Averin
2021-04-28 6:52 ` [PATCH v4 06/16] memcg: enable accounting for scm_fp_list objects Vasily Averin
2021-04-28 6:52 ` [PATCH v4 07/16] memcg: enable accounting for new namesapces and struct nsproxy Vasily Averin
2021-05-07 13:45 ` Serge E. Hallyn [this message]
2021-05-07 15:03 ` Christian Brauner
2021-04-28 6:52 ` [PATCH v4 08/16] memcg: enable accounting of ipc resources Vasily Averin
2021-04-28 6:53 ` [PATCH v4 09/16] memcg: enable accounting for mnt_cache entries Vasily Averin
2021-04-28 6:53 ` [PATCH v4 10/16] memcg: enable accounting for pollfd and select bits arrays Vasily Averin
2021-04-28 6:53 ` [PATCH v4 11/16] memcg: enable accounting for signals Vasily Averin
2021-04-28 6:53 ` [PATCH v4 12/16] memcg: enable accounting for posix_timers_cache slab Vasily Averin
2021-05-07 15:48 ` Thomas Gleixner
2021-04-28 6:53 ` [PATCH v4 13/16] memcg: enable accounting for file lock caches Vasily Averin
2021-04-28 6:54 ` [PATCH v4 14/16] memcg: enable accounting for fasync_cache Vasily Averin
2021-04-28 6:54 ` [PATCH v4 15/16] memcg: enable accounting for tty-related objects Vasily Averin
2021-04-28 7:38 ` Greg Kroah-Hartman
2021-04-28 6:54 ` [PATCH v4 16/16] memcg: enable accounting for ldt_struct objects Vasily Averin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210507134528.GA22665@mail.hallyn.com \
--to=serge@hallyn.com \
--cc=akpm@linux-foundation.org \
--cc=avagin@gmail.com \
--cc=cgroups@vger.kernel.org \
--cc=christian.brauner@ubuntu.com \
--cc=guro@fb.com \
--cc=hannes@cmpxchg.org \
--cc=ktkhai@virtuozzo.com \
--cc=linux-kernel@vger.kernel.org \
--cc=lizefan.x@bytedance.com \
--cc=mhocko@kernel.org \
--cc=shakeelb@google.com \
--cc=tglx@linutronix.de \
--cc=tj@kernel.org \
--cc=vdavydov.dev@gmail.com \
--cc=viro@zeniv.linux.org.uk \
--cc=vvs@virtuozzo.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).