[Devel] [PATCH RHEL7 COMMIT] mm/memcontrol: prohibit writing to memory.numa_migrate from container

Thu, 14 Dec 2023 09:33:54 -0800 

The commit is pushed to "branch-rh7-3.10.0-1160.99.1.vz7.211.x-ovz" and will 
appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-1160.99.1.vz7.211.3
------>
commit ad844bffbd27f1321b88c8bcff3c83aaf6e8395c
Author: Pavel Tikhomirov <ptikhomi...@virtuozzo.com>
Date:   Wed Dec 6 11:27:40 2023 +0800

    mm/memcontrol: prohibit writing to memory.numa_migrate from container
    
    We might want to put containers on designated numa nodes for optimal
    perfomance, it will be all ruinied if container could force its memory
    pages to move to any node it wants.
    
    This memory.numa_migrate file was originaly made for vcmmd which works
    from ve0, so we should be fine with this additional restriction.
    
    Fixes: dfc0b63bfd50c ("mm: memcontrol: add memory.numa_migrate file")
    https://virtuozzo.atlassian.net/browse/PSBM-152372
    Signed-off-by: Pavel Tikhomirov <ptikhomi...@virtuozzo.com>
    
    Feature: mm: interface to migrate memory between NUMA nodes upon userspace 
request
---
 mm/memcontrol.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/mm/memcontrol.c b/mm/memcontrol.c
index a2fe48d93d02..5d65b523a0ec 100644
--- a/mm/memcontrol.c
+++ b/mm/memcontrol.c
@@ -5812,8 +5812,8 @@ static int memcg_numa_migrate_pages(struct mem_cgroup 
*memcg,
  *
  * The call may be interrupted by a signal, in which case -EINTR is returned.
  */
-static int memcg_numa_migrate_write(struct cgroup *cont,
-               struct cftype *cft, const char *buf)
+static int __memcg_numa_migrate_write(struct cgroup *cont, struct cftype *cft,
+                                     const char *buf)
 {
        struct mem_cgroup *memcg = mem_cgroup_from_cont(cont);
        NODEMASK_ALLOC(nodemask_t, target_nodes, GFP_KERNEL);
@@ -5851,6 +5851,14 @@ static int memcg_numa_migrate_write(struct cgroup *cont,
        return ret;
 }
 
+static int memcg_numa_migrate_write(struct cgroup *cont, struct cftype *cft,
+                                   const char *buf)
+       if (!ve_is_super(get_exec_env()))
+               return -EPERM;
+
+       return __memcg_numa_migrate_write(cont, cft, buf);
+}
+
 #endif /* CONFIG_NUMA */
 
 static inline void mem_cgroup_lru_names_not_uptodate(void)
_______________________________________________
Devel mailing list
Devel@openvz.org
https://lists.openvz.org/mailman/listinfo/devel

Reply via email to