Received: by 2002:a05:6a10:a841:0:0:0:0 with SMTP id d1csp2088199pxy; Sat, 24 Apr 2021 04:56:39 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxfEvRWdWhT9tc1uk3HXrAys5TuI+2dqiln3lo04lIyJj4QJn9cB4YX9ZuMWVAangmUyms2 X-Received: by 2002:a63:dc56:: with SMTP id f22mr8198869pgj.287.1619265399510; Sat, 24 Apr 2021 04:56:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1619265399; cv=none; d=google.com; s=arc-20160816; b=rEXIvyDqmhMK9TEHzB0Pqs5uSAPa1aeBYkbhlkBKBvxFEG5NafcEvWQQ+YS9Qs5cfx HK7xnx/FfaB+Yv3aCEqURYx3lNoyFu/lF9R76PymBSwVkkmURljO8cWs+Kip29NGLVDV 0OQoOBteipVhV6XAmixbqk9GbP1mHNDEZXwWU6T9tMnKsnRF0/TZhfgTTScLQTeuFc9i /pcsNgU53//wF49nhvAZxKn18FDg2r/clZ2rIlnCyxpgtCnO1s9EbozOv+9bAttjdEMI dObnuUbpGp4cYdP6JvwCWLcEpne52sXfiMoNFAeV6r1kZ4v2U50Rlc1u14BmT8zsHrd+ NlEQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:references:cc :to:subject:from:dkim-signature; bh=Ef6Icn37gpYOQIKG7/7Yf8A/Wb3Zt7XRkbRLccrvlZk=; b=RpjWZFJlo9v/09Jg0JwFpkfL9/0rgaY+wXp0caObMa8ZWXi/P/LOk36Ea34rNXQjl6 rESwi36jE8UGWgrh3IbtLyeQPKU2AcYGEKCBXI8febmDvUNxKEvSqYMISdwLGxe8r3v3 59ulXy7ZBcgLBLxZ1vEmzwEcaNHFzNH1yel6XE154k4YmG1Ia6UTp+THDWkuHeQkVJo2 B33HAI/120MZei+S4+NL8XNgj25+b9hcsdnezUwnAK8dzO83T9Gm8up05VaazP2rjgeb OXqJFtmqdS6e3b04zyZKQhAVN9/4hZaVIphhLObV1wIvBe34SxLhe7KQzYh0mvQvHKt2 X3kg== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@virtuozzo.com header.s=relay header.b=IX8ZZaUQ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=virtuozzo.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id q1si9284800pfj.162.2021.04.24.04.56.27; Sat, 24 Apr 2021 04:56:39 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=fail header.i=@virtuozzo.com header.s=relay header.b=IX8ZZaUQ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=virtuozzo.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237285AbhDXLzU (ORCPT + 99 others); Sat, 24 Apr 2021 07:55:20 -0400 Received: from relay.sw.ru ([185.231.240.75]:46696 "EHLO relay.sw.ru" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237263AbhDXLzQ (ORCPT ); Sat, 24 Apr 2021 07:55:16 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=virtuozzo.com; s=relay; h=Content-Type:MIME-Version:Date:Message-ID:Subject :From; bh=Ef6Icn37gpYOQIKG7/7Yf8A/Wb3Zt7XRkbRLccrvlZk=; b=IX8ZZaUQQJLWyf7r75v oHsMoiIk6HgNgJrYsfIpUKhC+Fn4jQxnkbwJw/pYVlsml1jhMvQagmugzWRhPobxURM0fLYzOFxB+ tNt7HAw+GUCs4TXaoq3yX19xbi5viaLG48dd4QpVMAOaW9ZzdM+wWknja1vp8MEB/SkJ92uKFxc= Received: from [10.93.0.56] by relay.sw.ru with esmtp (Exim 4.94) (envelope-from ) id 1laGrr-001INq-CA; Sat, 24 Apr 2021 14:54:35 +0300 From: Vasily Averin Subject: [PATCH v2 1/1] memcg: enable accounting for pids in nested pid namespaces To: Michal Hocko , cgroups@vger.kernel.org Cc: linux-kernel@vger.kernel.org, Roman Gushchin , Christian Brauner , =?UTF-8?Q?Michal_Koutn=c3=bd?= , Serge Hallyn References: <7b777e22-5b0d-7444-343d-92cbfae5f8b4@virtuozzo.com> Message-ID: <8b6de616-fd1a-02c6-cbdb-976ecdcfa604@virtuozzo.com> Date: Sat, 24 Apr 2021 14:54:35 +0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.7.1 MIME-Version: 1.0 In-Reply-To: <7b777e22-5b0d-7444-343d-92cbfae5f8b4@virtuozzo.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Commit 5d097056c9a0 ("kmemcg: account certain kmem allocations to memcg") enabled memcg accounting for pids allocated from init_pid_ns.pid_cachep, but forgot to adjust the setting for nested pid namespaces. As a result, pid memory is not accounted exactly where it is really needed, inside memcg-limited containers with their own pid namespaces. Pid was one the first kernel objects enabled for memcg accounting. init_pid_ns.pid_cachep marked by SLAB_ACCOUNT and we can expect that any new pids in the system are memcg-accounted. Though recently I've noticed that it is wrong. nested pid namespaces creates own slab caches for pid objects, nested pids have increased size because contain id both for all parent and for own pid namespaces. The problem is that these slab caches are _NOT_ marked by SLAB_ACCOUNT, as a result any pids allocated in nested pid namespaces are not memcg-accounted. Pid struct in nested pid namespace consumes up to 500 bytes memory, 100000 such objects gives us up to ~50Mb unaccounted memory, this allow container to exceed assigned memcg limits. Fixes: 5d097056c9a0 ("kmemcg: account certain kmem allocations to memcg") Cc: stable@vger.kernel.org Signed-off-by: Vasily Averin Reviewed-by: Michal Koutný Acked-by: Christian Brauner Acked-by: Roman Gushchin --- kernel/pid_namespace.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/kernel/pid_namespace.c b/kernel/pid_namespace.c index 6cd6715..a46a372 100644 --- a/kernel/pid_namespace.c +++ b/kernel/pid_namespace.c @@ -51,7 +51,8 @@ static struct kmem_cache *create_pid_cachep(unsigned int level) mutex_lock(&pid_caches_mutex); /* Name collision forces to do allocation under mutex. */ if (!*pkc) - *pkc = kmem_cache_create(name, len, 0, SLAB_HWCACHE_ALIGN, 0); + *pkc = kmem_cache_create(name, len, 0, + SLAB_HWCACHE_ALIGN | SLAB_ACCOUNT, 0); mutex_unlock(&pid_caches_mutex); /* current can fail, but someone else can succeed. */ return READ_ONCE(*pkc); -- 1.8.3.1