From: Vasily Averin <vvs@virtuozzo.com>
To: Andrew Morton <akpm@linux-foundation.org>
Cc: cgroups@vger.kernel.org, Michal Hocko <mhocko@kernel.org>,
Shakeel Butt <shakeelb@google.com>,
Johannes Weiner <hannes@cmpxchg.org>,
Vladimir Davydov <vdavydov.dev@gmail.com>,
Roman Gushchin <guro@fb.com>,
"David S. Miller" <davem@davemloft.net>,
Jakub Kicinski <kuba@kernel.org>,
netdev@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: [PATCH v5 01/16] memcg: enable accounting for net_device and Tx/Rx queues
Date: Mon, 19 Jul 2021 13:44:23 +0300 [thread overview]
Message-ID: <a5f14f0c-f2db-5c62-b3dc-8bb152fddd40@virtuozzo.com> (raw)
In-Reply-To: <cover.1626688654.git.vvs@virtuozzo.com>
Container netadmin can create a lot of fake net devices,
then create a new net namespace and repeat it again and again.
Net device can request the creation of up to 4096 tx and rx queues,
and force kernel to allocate up to several tens of megabytes memory
per net device.
It makes sense to account for them to restrict the host's memory
consumption from inside the memcg-limited container.
Signed-off-by: Vasily Averin <vvs@virtuozzo.com>
---
net/core/dev.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/net/core/dev.c b/net/core/dev.c
index c253c2a..e9aa1e4 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -10100,7 +10100,7 @@ static int netif_alloc_rx_queues(struct net_device *dev)
BUG_ON(count < 1);
- rx = kvzalloc(sz, GFP_KERNEL | __GFP_RETRY_MAYFAIL);
+ rx = kvzalloc(sz, GFP_KERNEL_ACCOUNT | __GFP_RETRY_MAYFAIL);
if (!rx)
return -ENOMEM;
@@ -10167,7 +10167,7 @@ static int netif_alloc_netdev_queues(struct net_device *dev)
if (count < 1 || count > 0xffff)
return -EINVAL;
- tx = kvzalloc(sz, GFP_KERNEL | __GFP_RETRY_MAYFAIL);
+ tx = kvzalloc(sz, GFP_KERNEL_ACCOUNT | __GFP_RETRY_MAYFAIL);
if (!tx)
return -ENOMEM;
@@ -10807,7 +10807,7 @@ struct net_device *alloc_netdev_mqs(int sizeof_priv, const char *name,
/* ensure 32-byte alignment of whole construct */
alloc_size += NETDEV_ALIGN - 1;
- p = kvzalloc(alloc_size, GFP_KERNEL | __GFP_RETRY_MAYFAIL);
+ p = kvzalloc(alloc_size, GFP_KERNEL_ACCOUNT | __GFP_RETRY_MAYFAIL);
if (!p)
return NULL;
--
1.8.3.1
next prev parent reply other threads:[~2021-07-19 10:44 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <8664122a-99d3-7199-869a-781b21b7e712@virtuozzo.com>
2021-04-28 6:51 ` [PATCH v4 00/16] memcg accounting from OpenVZ Vasily Averin
2021-07-15 17:11 ` Shakeel Butt
2021-07-16 4:11 ` Vasily Averin
2021-07-16 12:55 ` Shakeel Butt
2021-07-19 10:44 ` [PATCH v5 " Vasily Averin
2021-07-26 18:59 ` [PATCH v6 00/16] memcg accounting from Vasily Averin
2021-07-26 21:59 ` David Miller
2021-07-27 4:44 ` [PATCH v6 00/16] memcg accounting from OpenVZ Vasily Averin
[not found] ` <cover.1627321321.git.vvs@virtuozzo.com>
2021-07-26 18:59 ` [PATCH v6 01/16] memcg: enable accounting for net_device and Tx/Rx queues Vasily Averin
2021-07-26 19:00 ` [PATCH v6 02/16] memcg: enable accounting for IP address and routing-related objects Vasily Averin
2021-07-26 19:00 ` [PATCH v6 03/16] memcg: enable accounting for inet_bin_bucket cache Vasily Averin
2021-07-26 19:00 ` [PATCH v6 04/16] memcg: enable accounting for VLAN group array Vasily Averin
2021-07-26 19:00 ` [PATCH v6 05/16] memcg: ipv6/sit: account and don't WARN on ip_tunnel_prl structs allocation Vasily Averin
2021-07-26 19:00 ` [PATCH v6 06/16] memcg: enable accounting for scm_fp_list objects Vasily Averin
[not found] ` <cover.1626688654.git.vvs@virtuozzo.com>
2021-07-19 10:44 ` Vasily Averin [this message]
2021-07-19 10:44 ` [PATCH v5 02/16] memcg: enable accounting for IP address and routing-related objects Vasily Averin
2021-07-19 14:00 ` Dmitry Safonov
2021-07-19 14:22 ` Shakeel Butt
2021-07-19 14:24 ` Dmitry Safonov
2021-07-20 19:26 ` Shakeel Butt
2021-07-26 10:23 ` Vasily Averin
2021-07-26 13:48 ` Shakeel Butt
2021-07-19 10:44 ` [PATCH v5 03/16] memcg: enable accounting for inet_bin_bucket cache Vasily Averin
2021-07-19 10:44 ` [PATCH v5 04/16] memcg: enable accounting for VLAN group array Vasily Averin
2021-07-19 10:44 ` [PATCH v5 05/16] memcg: ipv6/sit: account and don't WARN on ip_tunnel_prl structs allocation Vasily Averin
2021-07-19 10:44 ` [PATCH v5 06/16] memcg: enable accounting for scm_fp_list objects Vasily Averin
2021-04-28 6:51 ` [PATCH v4 01/16] memcg: enable accounting for net_device and Tx/Rx queues Vasily Averin
2021-04-28 6:51 ` [PATCH v4 02/16] memcg: enable accounting for IP address and routing-related objects Vasily Averin
2021-04-28 6:51 ` [PATCH v4 03/16] memcg: enable accounting for inet_bin_bucket cache Vasily Averin
2021-04-28 6:52 ` [PATCH v4 04/16] memcg: enable accounting for VLAN group array Vasily Averin
2021-04-28 6:52 ` [PATCH v4 05/16] memcg: ipv6/sit: account and don't WARN on ip_tunnel_prl structs allocation Vasily Averin
2021-04-28 6:52 ` [PATCH v4 06/16] memcg: enable accounting for scm_fp_list objects Vasily Averin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a5f14f0c-f2db-5c62-b3dc-8bb152fddd40@virtuozzo.com \
--to=vvs@virtuozzo.com \
--cc=akpm@linux-foundation.org \
--cc=cgroups@vger.kernel.org \
--cc=davem@davemloft.net \
--cc=guro@fb.com \
--cc=hannes@cmpxchg.org \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mhocko@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=shakeelb@google.com \
--cc=vdavydov.dev@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).