Received: by 2002:a05:6a10:1287:0:0:0:0 with SMTP id d7csp3574152pxv; Mon, 19 Jul 2021 03:45:15 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzWAgrDf6UyPbnBs2sqzGQ4aY6BlC0LOb3hCMWTn2nnBrWxIdOUWys9uuan9nVwd+mElMsj X-Received: by 2002:a05:6e02:dc4:: with SMTP id l4mr17340438ilj.94.1626691515283; Mon, 19 Jul 2021 03:45:15 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1626691515; cv=none; d=google.com; s=arc-20160816; b=ZOLPatXpy5BkiPFAQ1Nk1RxHJ0u9qmDlh0mTdntNoHWX39kmzeQ/STsbpH9LuBxUaG 9erBijYJvw8RLz79k8XtMpO4rA5y5QyfnH5C4kq83TEqlFZUREH4DcPaAgT2bc04CoNf wLzjTqEbhO0JvRPqImKIptdMEbiKZ7ENnZnnXfnILFqpIQcP1tXdXpuLXPfFdnaCatra sE+zSkIYj9Es8bforul3qceG3ZrlkHSBO3Q2ho+z3LBkseJqsbxJ0TIB709DlbfErjsH SHiNnVVkwDMffpOIDoz7Zee8rmdRTnb95LLg7AQDQpExMq0n+WbhUGanatKCWM4wIDOs SCEw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:references:cc :to:subject:from:dkim-signature; bh=8P40NsonrJJoThIMYsgSj+KWYiu8Ty9alqCjBkD7j5A=; b=M7C/Dnfm2Jwmi7QTWZ9r27j96wsZJKtkzWMoXVMetSbQYSNv4zGvGVeQmChDdnR7K3 c9luXQvNJ/KZtQVZjZchDNY+L4EqobqjlZEvJovX9wfbaDNhnQQL7c++vYG92MTuHYt1 qGokiTei7vAsoqfkkr2PSztyKLJ8XuyHICix1jQgPOWdlm7I3JLzSqMQL3LXDiIi2BYB In5Sm6/REWTTIRj1g+WVLyzxzI8dzK6uRSRjFGfwf9udbGa81km2Sj/75SAkxF6m2I5P XGGh23Bd0d9WEtOw8/B00E5/vsHlS0fiQhoCNndpAozedzVyUqolpBrDdbac+MVAeJol DG8A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@virtuozzo.com header.s=relay header.b=f9Z1kwED; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=virtuozzo.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id x14si20803047jab.2.2021.07.19.03.45.02; Mon, 19 Jul 2021 03:45:15 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@virtuozzo.com header.s=relay header.b=f9Z1kwED; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=virtuozzo.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236402AbhGSKDq (ORCPT + 99 others); Mon, 19 Jul 2021 06:03:46 -0400 Received: from relay.sw.ru ([185.231.240.75]:44452 "EHLO relay.sw.ru" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235975AbhGSKDp (ORCPT ); Mon, 19 Jul 2021 06:03:45 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=virtuozzo.com; s=relay; h=Content-Type:MIME-Version:Date:Message-ID:Subject :From; bh=8P40NsonrJJoThIMYsgSj+KWYiu8Ty9alqCjBkD7j5A=; b=f9Z1kwEDWNzPRNss7dE WgQStUzvvT0CjE8M212YgRmDz+3KjPu6OxrWl+TO2NDSb2GLiZodgGlwkLcuj+5U1NXAgmBalYm62 UUzmwfFluTkElpcL5s0chxLSDibBq28ouLJC/Rtbo8BN+Uu3+IfpAaY+RfQ8wfxUf2nXr4t9FFA=; Received: from [10.93.0.56] by relay.sw.ru with esmtp (Exim 4.94.2) (envelope-from ) id 1m5Ql6-004Rc9-59; Mon, 19 Jul 2021 13:44:24 +0300 From: Vasily Averin Subject: [PATCH v5 01/16] memcg: enable accounting for net_device and Tx/Rx queues To: Andrew Morton Cc: cgroups@vger.kernel.org, Michal Hocko , Shakeel Butt , Johannes Weiner , Vladimir Davydov , Roman Gushchin , "David S. Miller" , Jakub Kicinski , netdev@vger.kernel.org, linux-kernel@vger.kernel.org References: Message-ID: Date: Mon, 19 Jul 2021 13:44:23 +0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Container netadmin can create a lot of fake net devices, then create a new net namespace and repeat it again and again. Net device can request the creation of up to 4096 tx and rx queues, and force kernel to allocate up to several tens of megabytes memory per net device. It makes sense to account for them to restrict the host's memory consumption from inside the memcg-limited container. Signed-off-by: Vasily Averin --- net/core/dev.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/net/core/dev.c b/net/core/dev.c index c253c2a..e9aa1e4 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -10100,7 +10100,7 @@ static int netif_alloc_rx_queues(struct net_device *dev) BUG_ON(count < 1); - rx = kvzalloc(sz, GFP_KERNEL | __GFP_RETRY_MAYFAIL); + rx = kvzalloc(sz, GFP_KERNEL_ACCOUNT | __GFP_RETRY_MAYFAIL); if (!rx) return -ENOMEM; @@ -10167,7 +10167,7 @@ static int netif_alloc_netdev_queues(struct net_device *dev) if (count < 1 || count > 0xffff) return -EINVAL; - tx = kvzalloc(sz, GFP_KERNEL | __GFP_RETRY_MAYFAIL); + tx = kvzalloc(sz, GFP_KERNEL_ACCOUNT | __GFP_RETRY_MAYFAIL); if (!tx) return -ENOMEM; @@ -10807,7 +10807,7 @@ struct net_device *alloc_netdev_mqs(int sizeof_priv, const char *name, /* ensure 32-byte alignment of whole construct */ alloc_size += NETDEV_ALIGN - 1; - p = kvzalloc(alloc_size, GFP_KERNEL | __GFP_RETRY_MAYFAIL); + p = kvzalloc(alloc_size, GFP_KERNEL_ACCOUNT | __GFP_RETRY_MAYFAIL); if (!p) return NULL; -- 1.8.3.1