From: Vasily Averin <vasily.averin@linux.dev>
To: Pablo Neira Ayuso <pablo@netfilter.org>, Florian Westphal <fw@strlen.de>
Cc: kernel@openvz.org, Jozsef Kadlecsik <kadlec@netfilter.org>,
netfilter-devel@vger.kernel.org, linux-kernel@vger.kernel.org,
Roman Gushchin <roman.gushchin@linux.dev>
Subject: [PATCH v2] nft: memcg accounting for dynamically allocated objects
Date: Sat, 2 Apr 2022 12:50:37 +0300 [thread overview]
Message-ID: <121a6930-9ebd-e488-e109-273a403a93cb@linux.dev> (raw)
In-Reply-To: <935e4270-9e0e-4cd0-ffb4-9c1eb3d9c56e@linux.dev>
nft_*.c files whose NFT_EXPR_STATEFUL flag is set on need to
use __GFP_ACCOUNT flag for objects that are dynamically
allocated from the packet path.
Such objects are allocated inside nft_expr_ops->init() callbacks
executed in task context while processing netlink messages.
In addition, this patch adds accounting to nft_set_elem_expr_clone()
used for the same purposes.
Signed-off-by: Vasily Averin <vvs@openvz.org>
Acked-by: Roman Gushchin <roman.gushchin@linux.dev>
---
v2: removed accounting in nft_expr_ops->clone() callbacks
---
net/netfilter/nf_tables_api.c | 2 +-
net/netfilter/nft_connlimit.c | 2 +-
net/netfilter/nft_counter.c | 2 +-
net/netfilter/nft_last.c | 2 +-
net/netfilter/nft_limit.c | 2 +-
net/netfilter/nft_quota.c | 2 +-
6 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 04be94236a34..e01241151ef7 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -5447,7 +5447,7 @@ int nft_set_elem_expr_clone(const struct nft_ctx *ctx, struct nft_set *set,
int err, i, k;
for (i = 0; i < set->num_exprs; i++) {
- expr = kzalloc(set->exprs[i]->ops->size, GFP_KERNEL);
+ expr = kzalloc(set->exprs[i]->ops->size, GFP_KERNEL_ACCOUNT);
if (!expr)
goto err_expr;
diff --git a/net/netfilter/nft_connlimit.c b/net/netfilter/nft_connlimit.c
index 3362417ebfdb..f5df535bcbd0 100644
--- a/net/netfilter/nft_connlimit.c
+++ b/net/netfilter/nft_connlimit.c
@@ -77,7 +77,7 @@ static int nft_connlimit_do_init(const struct nft_ctx *ctx,
invert = true;
}
- priv->list = kmalloc(sizeof(*priv->list), GFP_KERNEL);
+ priv->list = kmalloc(sizeof(*priv->list), GFP_KERNEL_ACCOUNT);
if (!priv->list)
return -ENOMEM;
diff --git a/net/netfilter/nft_counter.c b/net/netfilter/nft_counter.c
index f179e8c3b0ca..7691e42f6bbe 100644
--- a/net/netfilter/nft_counter.c
+++ b/net/netfilter/nft_counter.c
@@ -62,7 +62,7 @@ static int nft_counter_do_init(const struct nlattr * const tb[],
struct nft_counter __percpu *cpu_stats;
struct nft_counter *this_cpu;
- cpu_stats = alloc_percpu(struct nft_counter);
+ cpu_stats = alloc_percpu_gfp(struct nft_counter, GFP_KERNEL_ACCOUNT);
if (cpu_stats == NULL)
return -ENOMEM;
diff --git a/net/netfilter/nft_last.c b/net/netfilter/nft_last.c
index 4f745a409d34..97d0d09d48d3 100644
--- a/net/netfilter/nft_last.c
+++ b/net/netfilter/nft_last.c
@@ -30,7 +30,7 @@ static int nft_last_init(const struct nft_ctx *ctx, const struct nft_expr *expr,
u64 last_jiffies;
int err;
- last = kzalloc(sizeof(*last), GFP_KERNEL);
+ last = kzalloc(sizeof(*last), GFP_KERNEL_ACCOUNT);
if (!last)
return -ENOMEM;
diff --git a/net/netfilter/nft_limit.c b/net/netfilter/nft_limit.c
index a726b623963d..c1f7e8bb33e6 100644
--- a/net/netfilter/nft_limit.c
+++ b/net/netfilter/nft_limit.c
@@ -90,7 +90,7 @@ static int nft_limit_init(struct nft_limit_priv *priv,
priv->rate);
}
- priv->limit = kmalloc(sizeof(*priv->limit), GFP_KERNEL);
+ priv->limit = kmalloc(sizeof(*priv->limit), GFP_KERNEL_ACCOUNT);
if (!priv->limit)
return -ENOMEM;
diff --git a/net/netfilter/nft_quota.c b/net/netfilter/nft_quota.c
index f394a0b562f6..0d2f55900f7b 100644
--- a/net/netfilter/nft_quota.c
+++ b/net/netfilter/nft_quota.c
@@ -90,7 +90,7 @@ static int nft_quota_do_init(const struct nlattr * const tb[],
return -EOPNOTSUPP;
}
- priv->consumed = kmalloc(sizeof(*priv->consumed), GFP_KERNEL);
+ priv->consumed = kmalloc(sizeof(*priv->consumed), GFP_KERNEL_ACCOUNT);
if (!priv->consumed)
return -ENOMEM;
--
2.31.1
next prev parent reply other threads:[~2022-04-02 9:50 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-02-28 6:39 [PATCH RFC] memcg: Enable accounting for nft objects Vasily Averin
2022-02-28 12:24 ` Florian Westphal
2022-03-21 5:02 ` [PATCH v2] memcg: enable " Vasily Averin
2022-03-22 10:25 ` Florian Westphal
2022-03-24 14:19 ` Pablo Neira Ayuso
2022-03-24 17:23 ` Vasily Averin
2022-03-21 5:12 ` [PATCH RFC] memcg: Enable " Vasily Averin
2022-03-24 18:05 ` [PATCH v2 RESEND] memcg: enable " Vasily Averin
2022-03-28 8:15 ` Pablo Neira Ayuso
2022-03-28 9:23 ` Vasily Averin
2022-03-31 8:40 ` [PATCH nft] nft: memcg accounting for dynamically allocated objects Vasily Averin
2022-03-31 18:45 ` Roman Gushchin
2022-04-01 12:03 ` Florian Westphal
2022-04-01 18:56 ` Vasily Averin
2022-04-01 19:31 ` Florian Westphal
2022-04-01 21:14 ` Roman Gushchin
2022-04-01 23:01 ` Florian Westphal
2022-04-02 8:55 ` Vasily Averin
2022-04-02 9:50 ` Vasily Averin [this message]
2022-04-05 9:58 ` [PATCH v2] " Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=121a6930-9ebd-e488-e109-273a403a93cb@linux.dev \
--to=vasily.averin@linux.dev \
--cc=fw@strlen.de \
--cc=kadlec@netfilter.org \
--cc=kernel@openvz.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
--cc=roman.gushchin@linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.