Message ID | 9bf9d9bd-03b1-2adb-17b4-5d59a86a9394@virtuozzo.com |
---|---|
Headers | show |
Series | memcg accounting from OpenVZ | expand |
An netadmin inside container can use 'ip a a' and 'ip r a' to assign a large number of ipv4/ipv6 addresses and routing entries and force kernel to allocate megabytes of unaccounted memory for long-lived per-netdevice related kernel objects: 'struct in_ifaddr', 'struct inet6_ifaddr', 'struct fib6_node', 'struct rt6_info', 'struct fib_rules' and ip_fib caches. These objects can be manually removed, though usually they lives in memory till destroy of its net namespace. It makes sense to account for them to restrict the host's memory consumption from inside the memcg-limited container. One of such objects is the 'struct fib6_node' mostly allocated in net/ipv6/route.c::__ip6_ins_rt() inside the lock_bh()/unlock_bh() section: write_lock_bh(&table->tb6_lock); err = fib6_add(&table->tb6_root, rt, info, mxc); write_unlock_bh(&table->tb6_lock); In this case it is not enough to simply add SLAB_ACCOUNT to corresponding kmem cache. The proper memory cgroup still cannot be found due to the incorrect 'in_interrupt()' check used in memcg_kmem_bypass(). Obsoleted in_interrupt() does not describe real execution context properly.
This series does not apply cleanly to net-next, please respin. Thank you.
On 7/27/21 12:59 AM, David Miller wrote: > > This series does not apply cleanly to net-next, please respin. Dear David, I found that you have already approved net-related patches of this series and included them into net-next. So I'll respin v7 without these patches. Thank you, Vasily Averin