Received: by 2002:a05:6a10:1287:0:0:0:0 with SMTP id d7csp3575781pxv; Mon, 19 Jul 2021 03:48:16 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxVNVlAJhU3X/fADGpCISC2R1J2NjzV4JNalQOAKF8xI8XNx/Q0pMurea7XxSe/v8shk/Ld X-Received: by 2002:a6b:cf15:: with SMTP id o21mr18756976ioa.9.1626691696381; Mon, 19 Jul 2021 03:48:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1626691696; cv=none; d=google.com; s=arc-20160816; b=fwCfTKNJI0vMuVSm+xKSFXM8mtIPQOCKuij8b11vb6220YPYHZrwsTHbnpwKOd8rV4 zyZ1vycLkxVZKT7O4UBJDKyjwJfGCwpOSWGQjCM3J9i/usXxF03NYZXLk1YR3v1haUk/ EtmIG0R12RwDfNWEdC6iyo5SUEZ0UofdH1bT/AGtLAj9+1OYyjNMhwBTfSmiBmkpKuew jUUe8ddUZE9r+DJpvsqMNjbht835qBI4xlA60cn7mutjdosOFyhEQ7AM+/XhzGHVypXg WcHTvlEwZrxkmROteICGX3B75tqumFDSL9PvaNIwyrRQoFIxm6RYT+fpemwEO4j6oYlb 1MHA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:references:cc :to:subject:from:dkim-signature; bh=QOm/SWMV/Asmk/Sj3wEkt1IsJkdhz+j421ZJ6yW2Ajw=; b=Sig09cgpL94eBKsR6z8GzwCr4j5J+VImAjHEoUHkCpDXqnnWRiFusgNvET2GuYT7q3 +6AkJv3HOeRzlmMjrj+cRjZbtqgcsm7Ue3h4oXJPNVpyQd7kdcH7/9etmqXIZkbO9zGg r38OfC6FPzOiH7rIjSivcgZGtoc0pL+3Pt5KaYuDDM2ns4GfsfUHKSHkFYgRO3svM/jS 350gRx8eATzhfMkavoINi4RS6zR3WX9xng6xl1kwvHfybKYfr+f1t95gVnJqPu3sBI9n UlwEeGnn6DuRjWjp82CNkwtGcJkoz5Yj7SftV/Jcuo+bLzxXK5AxDm/k9+kIJOk+87Yu VjJg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@virtuozzo.com header.s=relay header.b=kh1Qd1RE; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=virtuozzo.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id g4si16673192jat.17.2021.07.19.03.48.04; Mon, 19 Jul 2021 03:48:16 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@virtuozzo.com header.s=relay header.b=kh1Qd1RE; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=virtuozzo.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236477AbhGSKFm (ORCPT + 99 others); Mon, 19 Jul 2021 06:05:42 -0400 Received: from relay.sw.ru ([185.231.240.75]:44976 "EHLO relay.sw.ru" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236629AbhGSKFa (ORCPT ); Mon, 19 Jul 2021 06:05:30 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=virtuozzo.com; s=relay; h=Content-Type:MIME-Version:Date:Message-ID:Subject :From; bh=QOm/SWMV/Asmk/Sj3wEkt1IsJkdhz+j421ZJ6yW2Ajw=; b=kh1Qd1RE1pR9jrM/w8w qxPxAOTVJv3sd9PzBZE+KYHSBYIWCGnf9JnAOEGp2M7bH74AlmKK0Pff70hUPNcblLwOiU8lkG0qk ykM0GR8bWCONZKN7qnpx1eF6xvx9w4CAQZgTqnTBIzZJcBbk0FrdyYnh+HMpJLOu7LmI40QeTa8=; Received: from [10.93.0.56] by relay.sw.ru with esmtp (Exim 4.94.2) (envelope-from ) id 1m5Qmn-004RjK-H5; Mon, 19 Jul 2021 13:46:09 +0300 From: Vasily Averin Subject: [PATCH v5 16/16] memcg: enable accounting for ldt_struct objects To: Andrew Morton Cc: cgroups@vger.kernel.org, Michal Hocko , Shakeel Butt , Johannes Weiner , Vladimir Davydov , Roman Gushchin , Thomas Gleixner , Ingo Molnar , Borislav Petkov , "H. Peter Anvin" , linux-kernel@vger.kernel.org References: Message-ID: Date: Mon, 19 Jul 2021 13:46:08 +0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Each task can request own LDT and force the kernel to allocate up to 64Kb memory per-mm. There are legitimate workloads with hundreds of processes and there can be hundreds of workloads running on large machines. The unaccounted memory can cause isolation issues between the workloads particularly on highly utilized machines. It makes sense to account for this objects to restrict the host's memory consumption from inside the memcg-limited container. Signed-off-by: Vasily Averin Acked-by: Borislav Petkov --- arch/x86/kernel/ldt.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/x86/kernel/ldt.c b/arch/x86/kernel/ldt.c index aa15132..525876e 100644 --- a/arch/x86/kernel/ldt.c +++ b/arch/x86/kernel/ldt.c @@ -154,7 +154,7 @@ static struct ldt_struct *alloc_ldt_struct(unsigned int num_entries) if (num_entries > LDT_ENTRIES) return NULL; - new_ldt = kmalloc(sizeof(struct ldt_struct), GFP_KERNEL); + new_ldt = kmalloc(sizeof(struct ldt_struct), GFP_KERNEL_ACCOUNT); if (!new_ldt) return NULL; @@ -168,9 +168,9 @@ static struct ldt_struct *alloc_ldt_struct(unsigned int num_entries) * than PAGE_SIZE. */ if (alloc_size > PAGE_SIZE) - new_ldt->entries = vzalloc(alloc_size); + new_ldt->entries = __vmalloc(alloc_size, GFP_KERNEL_ACCOUNT | __GFP_ZERO); else - new_ldt->entries = (void *)get_zeroed_page(GFP_KERNEL); + new_ldt->entries = (void *)get_zeroed_page(GFP_KERNEL_ACCOUNT); if (!new_ldt->entries) { kfree(new_ldt); -- 1.8.3.1