The commit is pushed to "branch-rh9-5.14.vz9.1.x-ovz" and will appear at
https://src.openvz.org/scm/ovz/vzkernel.git
after ark-5.14
------>
commit 22b2afd0163f02de88a6ea99f38ca849d82217b0
Author: Vasily Averin <v...@virtuozzo.com>
Date: Tue Sep 28 14:16:22 2021 +0300
ms/memcg: enable accounting for new namesapces and struct nsproxy
Container admin can create new namespaces and force kernel to allocate up
to several pages of memory for the namespaces and its associated
structures.
Net and uts namespaces have enabled accounting for such allocations. It
makes sense to account for rest ones to restrict the host's memory
consumption from inside the memcg-limited container.
Link:
https://lkml.kernel.org/r/5525bcbf-533e-da27-79b7-158686c64...@virtuozzo.com
Signed-off-by: Vasily Averin <v...@virtuozzo.com>
Acked-by: Serge Hallyn <se...@hallyn.com>
Acked-by: Christian Brauner <christian.brau...@ubuntu.com>
Acked-by: Kirill Tkhai <ktk...@virtuozzo.com>
Reviewed-by: Shakeel Butt <shake...@google.com>
Cc: Alexander Viro <v...@zeniv.linux.org.uk>
Cc: Alexey Dobriyan <adobri...@gmail.com>
Cc: Andrei Vagin <ava...@gmail.com>
Cc: Borislav Petkov <b...@alien8.de>
Cc: Borislav Petkov <b...@suse.de>
Cc: Dmitry Safonov <0x7f454...@gmail.com>
Cc: "Eric W. Biederman" <ebied...@xmission.com>
Cc: Greg Kroah-Hartman <gre...@linuxfoundation.org>
Cc: "H. Peter Anvin" <h...@zytor.com>
Cc: Ingo Molnar <mi...@redhat.com>
Cc: "J. Bruce Fields" <bfie...@fieldses.org>
Cc: Jeff Layton <jlay...@kernel.org>
Cc: Jens Axboe <ax...@kernel.dk>
Cc: Jiri Slaby <jirisl...@kernel.org>
Cc: Johannes Weiner <han...@cmpxchg.org>
Cc: Michal Hocko <mho...@kernel.org>
Cc: Oleg Nesterov <o...@redhat.com>
Cc: Roman Gushchin <g...@fb.com>
Cc: Tejun Heo <t...@kernel.org>
Cc: Thomas Gleixner <t...@linutronix.de>
Cc: Vladimir Davydov <vdavydov....@gmail.com>
Cc: Yutian Yang <ngla...@gmail.com>
Cc: Zefan Li <lizefa...@bytedance.com>
Signed-off-by: Andrew Morton <a...@linux-foundation.org>
Signed-off-by: Linus Torvalds <torva...@linux-foundation.org>
(cherry picked from commit 30acd0bdfb86548172168a0cc71d455944de0683)
https://jira.sw.ru/browse/PSBM-133990
Signed-off-by: Vasily Averin <v...@virtuozzo.com>
---
fs/namespace.c | 2 +-
ipc/namespace.c | 2 +-
kernel/cgroup/namespace.c | 2 +-
kernel/nsproxy.c | 2 +-
kernel/pid_namespace.c | 2 +-
kernel/time/namespace.c | 4 ++--
kernel/user_namespace.c | 2 +-
7 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/fs/namespace.c b/fs/namespace.c
index 53efc3285027..954238cab6ec 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -3309,7 +3309,7 @@ static struct mnt_namespace *alloc_mnt_ns(struct
user_namespace *user_ns, bool a
if (!ucounts)
return ERR_PTR(-ENOSPC);
- new_ns = kzalloc(sizeof(struct mnt_namespace), GFP_KERNEL);
+ new_ns = kzalloc(sizeof(struct mnt_namespace), GFP_KERNEL_ACCOUNT);
if (!new_ns) {
dec_mnt_namespaces(ucounts);
return ERR_PTR(-ENOMEM);
diff --git a/ipc/namespace.c b/ipc/namespace.c
index 7bd0766ddc3b..ae83f0f2651b 100644
--- a/ipc/namespace.c
+++ b/ipc/namespace.c
@@ -42,7 +42,7 @@ static struct ipc_namespace *create_ipc_ns(struct
user_namespace *user_ns,
goto fail;
err = -ENOMEM;
- ns = kzalloc(sizeof(struct ipc_namespace), GFP_KERNEL);
+ ns = kzalloc(sizeof(struct ipc_namespace), GFP_KERNEL_ACCOUNT);
if (ns == NULL)
goto fail_dec;
diff --git a/kernel/cgroup/namespace.c b/kernel/cgroup/namespace.c
index f5e8828c109c..0d5c29879a50 100644
--- a/kernel/cgroup/namespace.c
+++ b/kernel/cgroup/namespace.c
@@ -24,7 +24,7 @@ static struct cgroup_namespace *alloc_cgroup_ns(void)
struct cgroup_namespace *new_ns;
int ret;
- new_ns = kzalloc(sizeof(struct cgroup_namespace), GFP_KERNEL);
+ new_ns = kzalloc(sizeof(struct cgroup_namespace), GFP_KERNEL_ACCOUNT);
if (!new_ns)
return ERR_PTR(-ENOMEM);
ret = ns_alloc_inum(&new_ns->ns);
diff --git a/kernel/nsproxy.c b/kernel/nsproxy.c
index abc01fcad8c7..eec72ca962e2 100644
--- a/kernel/nsproxy.c
+++ b/kernel/nsproxy.c
@@ -568,6 +568,6 @@ SYSCALL_DEFINE2(setns, int, fd, int, flags)
int __init nsproxy_cache_init(void)
{
- nsproxy_cachep = KMEM_CACHE(nsproxy, SLAB_PANIC);
+ nsproxy_cachep = KMEM_CACHE(nsproxy, SLAB_PANIC|SLAB_ACCOUNT);
return 0;
}
diff --git a/kernel/pid_namespace.c b/kernel/pid_namespace.c
index 159b577d5123..c4a02327e955 100644
--- a/kernel/pid_namespace.c
+++ b/kernel/pid_namespace.c
@@ -456,7 +456,7 @@ const struct proc_ns_operations
pidns_for_children_operations = {
static __init int pid_namespaces_init(void)
{
- pid_ns_cachep = KMEM_CACHE(pid_namespace, SLAB_PANIC);
+ pid_ns_cachep = KMEM_CACHE(pid_namespace, SLAB_PANIC | SLAB_ACCOUNT);
#ifdef CONFIG_CHECKPOINT_RESTORE
register_sysctl_paths(kern_path, pid_ns_ctl_table);
diff --git a/kernel/time/namespace.c b/kernel/time/namespace.c
index 12eab0d2ae28..aec832801c26 100644
--- a/kernel/time/namespace.c
+++ b/kernel/time/namespace.c
@@ -88,13 +88,13 @@ static struct time_namespace *clone_time_ns(struct
user_namespace *user_ns,
goto fail;
err = -ENOMEM;
- ns = kmalloc(sizeof(*ns), GFP_KERNEL);
+ ns = kmalloc(sizeof(*ns), GFP_KERNEL_ACCOUNT);
if (!ns)
goto fail_dec;
refcount_set(&ns->ns.count, 1);
- ns->vvar_page = alloc_page(GFP_KERNEL | __GFP_ZERO);
+ ns->vvar_page = alloc_page(GFP_KERNEL_ACCOUNT | __GFP_ZERO);
if (!ns->vvar_page)
goto fail_free;
diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
index ef82d401dde8..6b2e3ca7ee99 100644
--- a/kernel/user_namespace.c
+++ b/kernel/user_namespace.c
@@ -1385,7 +1385,7 @@ const struct proc_ns_operations userns_operations = {
static __init int user_namespaces_init(void)
{
- user_ns_cachep = KMEM_CACHE(user_namespace, SLAB_PANIC);
+ user_ns_cachep = KMEM_CACHE(user_namespace, SLAB_PANIC | SLAB_ACCOUNT);
return 0;
}
subsys_initcall(user_namespaces_init);
_______________________________________________
Devel mailing list
Devel@openvz.org
https://lists.openvz.org/mailman/listinfo/devel
