From mboxrd@z Thu Jan 1 00:00:00 1970 From: Vasily Averin Subject: [PATCH v2 3/8] memcg: accounting for fib_rules Date: Mon, 15 Mar 2021 15:23:19 +0300 Message-ID: References: Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Return-path: DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=virtuozzo.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=iIVQCrfepn7+LB5Z6PL1HL1FmD16vJnT5AAbfB1IpTk=; b=Erd0aYFk2Lmb/uOJYRODKBQJEi2s8kVv7+TZvuCgLWMXEm9lU9wqtSM67qU9XQkqfiS+e7hzoyCf+Eh1m4n7cFJOdM+e1kOko6HndiDaZZMkCH/B7pNVaEQk4EVi/s5IK3pAV5BBWREtrz0QEvEO7H/Vr7ecygNerKGQ86Cn118= In-Reply-To: Content-Language: en-US List-ID: Content-Type: text/plain; charset="us-ascii" To: cgroups-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, Michal Hocko Cc: linux-mm-Bw31MaZKKs3YtjvyW6yDsg@public.gmane.org, Johannes Weiner , Vladimir Davydov , Shakeel Butt , "David S. Miller" , David Ahern , Jakub Kicinski , Hideaki YOSHIFUJI An untrusted netadmin inside a memcg-limited container can create a huge number of routing entries. Currently, allocated kernel objects are not accounted to proper memcg, so this can lead to global memory shortage on the host and cause lot of OOM kiils. This patch enables accounting for 'struct fib_rules' --- net/core/fib_rules.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/core/fib_rules.c b/net/core/fib_rules.c index cd80ffe..65d8b1d 100644 --- a/net/core/fib_rules.c +++ b/net/core/fib_rules.c @@ -57,7 +57,7 @@ int fib_default_rule_add(struct fib_rules_ops *ops, { struct fib_rule *r; - r = kzalloc(ops->rule_size, GFP_KERNEL); + r = kzalloc(ops->rule_size, GFP_KERNEL_ACCOUNT); if (r == NULL) return -ENOMEM; @@ -541,7 +541,7 @@ static int fib_nl2rule(struct sk_buff *skb, struct nlmsghdr *nlh, goto errout; } - nlrule = kzalloc(ops->rule_size, GFP_KERNEL); + nlrule = kzalloc(ops->rule_size, GFP_KERNEL_ACCOUNT); if (!nlrule) { err = -ENOMEM; goto errout; -- 1.8.3.1