From patchwork Thu Sep 2 21:55:27 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Morton X-Patchwork-Id: 12473035 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A3FCDC433EF for ; Thu, 2 Sep 2021 21:55:30 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 4FFE8610E5 for ; Thu, 2 Sep 2021 21:55:30 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 4FFE8610E5 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=linux-foundation.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org Received: by kanga.kvack.org (Postfix) id EE0A36B00F3; Thu, 2 Sep 2021 17:55:29 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id E90CF6B00F4; Thu, 2 Sep 2021 17:55:29 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id D7FC76B00F5; Thu, 2 Sep 2021 17:55:29 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0156.hostedemail.com [216.40.44.156]) by kanga.kvack.org (Postfix) with ESMTP id C8DDC6B00F3 for ; Thu, 2 Sep 2021 17:55:29 -0400 (EDT) Received: from smtpin19.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay02.hostedemail.com (Postfix) with ESMTP id 8E3981855E for ; Thu, 2 Sep 2021 21:55:29 +0000 (UTC) X-FDA: 78543990378.19.78A7EB8 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by imf29.hostedemail.com (Postfix) with ESMTP id 3CAE590001BC for ; Thu, 2 Sep 2021 21:55:29 +0000 (UTC) Received: by mail.kernel.org (Postfix) with ESMTPSA id 8B5D6610CF; Thu, 2 Sep 2021 21:55:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linux-foundation.org; s=korg; t=1630619728; bh=JtgFrOMchZQpFx6VBe+IgiGiuSSZ04IU1jtYP7U2Jds=; h=Date:From:To:Subject:In-Reply-To:From; b=RuBK0yAaGdJK+osej6dUPH7CUnH1YTBC7JsH4M5RvQ4qI8cM7YrpqRRi7Vvr5uzN/ 7kv6UJz0C8McllC/MJpgo3bNsz7NuKOq/6BfWXWh/2B6MxMO9vxQJD3dYcHTtovgCV gqwm9HZC+WHrV9YZj/FC2YQR09lFLrxy/7x5t5DM= Date: Thu, 02 Sep 2021 14:55:27 -0700 From: Andrew Morton To: 0x7f454c46@gmail.com, adobriyan@gmail.com, akpm@linux-foundation.org, avagin@gmail.com, axboe@kernel.dk, bfields@fieldses.org, bp@alien8.de, bp@suse.de, christian.brauner@ubuntu.com, ebiederm@xmission.com, gregkh@linuxfoundation.org, guro@fb.com, hannes@cmpxchg.org, hpa@zytor.com, jirislaby@kernel.org, jlayton@kernel.org, ktkhai@virtuozzo.com, linux-mm@kvack.org, lizefan.x@bytedance.com, mhocko@kernel.org, mingo@redhat.com, mm-commits@vger.kernel.org, nglaive@gmail.com, oleg@redhat.com, serge@hallyn.com, shakeelb@google.com, tglx@linutronix.de, tj@kernel.org, torvalds@linux-foundation.org, vdavydov.dev@gmail.com, viro@zeniv.linux.org.uk, vvs@virtuozzo.com Subject: [patch 103/212] memcg: enable accounting for new namesapces and struct nsproxy Message-ID: <20210902215527.DBCAAzGHe%akpm@linux-foundation.org> In-Reply-To: <20210902144820.78957dff93d7bea620d55a89@linux-foundation.org> User-Agent: s-nail v14.8.16 Authentication-Results: imf29.hostedemail.com; dkim=pass header.d=linux-foundation.org header.s=korg header.b=RuBK0yAa; spf=pass (imf29.hostedemail.com: domain of akpm@linux-foundation.org designates 198.145.29.99 as permitted sender) smtp.mailfrom=akpm@linux-foundation.org; dmarc=none X-Stat-Signature: kyd691zktjowkqtw1i6uphaymizns4dn X-Rspamd-Queue-Id: 3CAE590001BC X-Rspamd-Server: rspam04 X-HE-Tag: 1630619729-221431 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: From: Vasily Averin Subject: memcg: enable accounting for new namesapces and struct nsproxy Container admin can create new namespaces and force kernel to allocate up to several pages of memory for the namespaces and its associated structures. Net and uts namespaces have enabled accounting for such allocations. It makes sense to account for rest ones to restrict the host's memory consumption from inside the memcg-limited container. Link: https://lkml.kernel.org/r/5525bcbf-533e-da27-79b7-158686c64e13@virtuozzo.com Signed-off-by: Vasily Averin Acked-by: Serge Hallyn Acked-by: Christian Brauner Acked-by: Kirill Tkhai Reviewed-by: Shakeel Butt Cc: Alexander Viro Cc: Alexey Dobriyan Cc: Andrei Vagin Cc: Borislav Petkov Cc: Borislav Petkov Cc: Dmitry Safonov <0x7f454c46@gmail.com> Cc: "Eric W. Biederman" Cc: Greg Kroah-Hartman Cc: "H. Peter Anvin" Cc: Ingo Molnar Cc: "J. Bruce Fields" Cc: Jeff Layton Cc: Jens Axboe Cc: Jiri Slaby Cc: Johannes Weiner Cc: Michal Hocko Cc: Oleg Nesterov Cc: Roman Gushchin Cc: Tejun Heo Cc: Thomas Gleixner Cc: Vladimir Davydov Cc: Yutian Yang Cc: Zefan Li Signed-off-by: Andrew Morton --- fs/namespace.c | 2 +- ipc/namespace.c | 2 +- kernel/cgroup/namespace.c | 2 +- kernel/nsproxy.c | 2 +- kernel/pid_namespace.c | 2 +- kernel/time/namespace.c | 4 ++-- kernel/user_namespace.c | 2 +- 7 files changed, 8 insertions(+), 8 deletions(-) --- a/fs/namespace.c~memcg-enable-accounting-for-new-namesapces-and-struct-nsproxy +++ a/fs/namespace.c @@ -3307,7 +3307,7 @@ static struct mnt_namespace *alloc_mnt_n if (!ucounts) return ERR_PTR(-ENOSPC); - new_ns = kzalloc(sizeof(struct mnt_namespace), GFP_KERNEL); + new_ns = kzalloc(sizeof(struct mnt_namespace), GFP_KERNEL_ACCOUNT); if (!new_ns) { dec_mnt_namespaces(ucounts); return ERR_PTR(-ENOMEM); --- a/ipc/namespace.c~memcg-enable-accounting-for-new-namesapces-and-struct-nsproxy +++ a/ipc/namespace.c @@ -42,7 +42,7 @@ static struct ipc_namespace *create_ipc_ goto fail; err = -ENOMEM; - ns = kzalloc(sizeof(struct ipc_namespace), GFP_KERNEL); + ns = kzalloc(sizeof(struct ipc_namespace), GFP_KERNEL_ACCOUNT); if (ns == NULL) goto fail_dec; --- a/kernel/cgroup/namespace.c~memcg-enable-accounting-for-new-namesapces-and-struct-nsproxy +++ a/kernel/cgroup/namespace.c @@ -24,7 +24,7 @@ static struct cgroup_namespace *alloc_cg struct cgroup_namespace *new_ns; int ret; - new_ns = kzalloc(sizeof(struct cgroup_namespace), GFP_KERNEL); + new_ns = kzalloc(sizeof(struct cgroup_namespace), GFP_KERNEL_ACCOUNT); if (!new_ns) return ERR_PTR(-ENOMEM); ret = ns_alloc_inum(&new_ns->ns); --- a/kernel/nsproxy.c~memcg-enable-accounting-for-new-namesapces-and-struct-nsproxy +++ a/kernel/nsproxy.c @@ -568,6 +568,6 @@ out: int __init nsproxy_cache_init(void) { - nsproxy_cachep = KMEM_CACHE(nsproxy, SLAB_PANIC); + nsproxy_cachep = KMEM_CACHE(nsproxy, SLAB_PANIC|SLAB_ACCOUNT); return 0; } --- a/kernel/pid_namespace.c~memcg-enable-accounting-for-new-namesapces-and-struct-nsproxy +++ a/kernel/pid_namespace.c @@ -450,7 +450,7 @@ const struct proc_ns_operations pidns_fo static __init int pid_namespaces_init(void) { - pid_ns_cachep = KMEM_CACHE(pid_namespace, SLAB_PANIC); + pid_ns_cachep = KMEM_CACHE(pid_namespace, SLAB_PANIC | SLAB_ACCOUNT); #ifdef CONFIG_CHECKPOINT_RESTORE register_sysctl_paths(kern_path, pid_ns_ctl_table); --- a/kernel/time/namespace.c~memcg-enable-accounting-for-new-namesapces-and-struct-nsproxy +++ a/kernel/time/namespace.c @@ -88,13 +88,13 @@ static struct time_namespace *clone_time goto fail; err = -ENOMEM; - ns = kmalloc(sizeof(*ns), GFP_KERNEL); + ns = kmalloc(sizeof(*ns), GFP_KERNEL_ACCOUNT); if (!ns) goto fail_dec; refcount_set(&ns->ns.count, 1); - ns->vvar_page = alloc_page(GFP_KERNEL | __GFP_ZERO); + ns->vvar_page = alloc_page(GFP_KERNEL_ACCOUNT | __GFP_ZERO); if (!ns->vvar_page) goto fail_free; --- a/kernel/user_namespace.c~memcg-enable-accounting-for-new-namesapces-and-struct-nsproxy +++ a/kernel/user_namespace.c @@ -1385,7 +1385,7 @@ const struct proc_ns_operations userns_o static __init int user_namespaces_init(void) { - user_ns_cachep = KMEM_CACHE(user_namespace, SLAB_PANIC); + user_ns_cachep = KMEM_CACHE(user_namespace, SLAB_PANIC | SLAB_ACCOUNT); return 0; } subsys_initcall(user_namespaces_init);