Received: by 2002:a05:6a10:1287:0:0:0:0 with SMTP id d7csp3787123pxv; Mon, 26 Jul 2021 12:03:33 -0700 (PDT) X-Google-Smtp-Source: ABdhPJz9LnqzmeqbGZiBFvAINoNbGl/9TLPS7REXJGIXGWSj1u/E0v2RjiFYntrC1Q/ukLNRdl19 X-Received: by 2002:a92:c0c2:: with SMTP id t2mr11690782ilf.260.1627326213372; Mon, 26 Jul 2021 12:03:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1627326213; cv=none; d=google.com; s=arc-20160816; b=uWqXRarAfCs+dNd4ZW+VYfAt3czaNRBflMBQtAKs4Gh7yAgOUPj0+dF4dC1sa3vKec H4bo5KfPiT+o3HltgTtqcvFRn2xRZrVFz5IPLQwv9J1d0UBrI3UM6ns9IcSLRzVsedpW 64P+q99wSvZPCBeQoCFhoB6U0h/EP2z29uEh7T5HWIq83xqJizUdZAJczt0+7/gYkX99 oK+dPNoAM6NzJCFJ4NjJus9SGAOWkYNYR1ksLHCUHQeubo7z53uB+yoNQCImg67gGd+W PObta0+cXzo5huvFpdjSUA/OEUqMK0ivR18J/VSiOugvT3BB8yhR5RW5nSqQ5Aal4Jgp avTg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:references:cc :to:subject:from:dkim-signature; bh=fzoFoDaPrywkHjs/msWPtHPRzT9tQ7zWHa/Zk4Ahhwk=; b=Ht0XSTMgvLNZ1f44bUUXBXcdNEOjtvx3Wnh5KJcFfszORWkhJjmPMue9PkBd7lA0/D EgjDHlVa/1KPVp5WAzfNaCyVjMec7ShgWEeCPmonlExZFibjbuJ0WrF51Q1vUbqszjOx r7rd4TiGPHth/Fa+shOIHy/Q6eHTgmzDnv4jrshbC7C3mq7apWG5rdxm2InEs5heUegW YBUfd73uzP7muxqyugBBCkmATpUUesUDL84cMRQeJe9fOGo1q/DAtcd/xG/ELEPmx0zF udKIk6dBb4lnuWtiGSj56UxrXnNiAcm1euKewavlON3GaWWIXYv5qoU5fqv0ds66XgIo aeBQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@virtuozzo.com header.s=relay header.b=E0d60kxW; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=virtuozzo.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id y143si677370iof.80.2021.07.26.12.03.22; Mon, 26 Jul 2021 12:03:33 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@virtuozzo.com header.s=relay header.b=E0d60kxW; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=virtuozzo.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233163AbhGZSV2 (ORCPT + 99 others); Mon, 26 Jul 2021 14:21:28 -0400 Received: from relay.sw.ru ([185.231.240.75]:55482 "EHLO relay.sw.ru" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231965AbhGZSVU (ORCPT ); Mon, 26 Jul 2021 14:21:20 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=virtuozzo.com; s=relay; h=Content-Type:MIME-Version:Date:Message-ID:Subject :From; bh=fzoFoDaPrywkHjs/msWPtHPRzT9tQ7zWHa/Zk4Ahhwk=; b=E0d60kxWZKRomOGRI9M rsXEypCV6Lr4pFI9fwHEqT0+83v80Jz8pq/6+qEPa/zhQw/7uWVfvjWUZREuT2aVCO7hiNWGg2ywN 35XrW9Yk1+Do+X/qd1KOcBj5mODHVwvqUwqlG/FkXcPWtY9ZmF9FZsljgKQNEQXQ5/cF4Tm0zjk=; Received: from [10.93.0.56] by relay.sw.ru with esmtp (Exim 4.94.2) (envelope-from ) id 1m85rH-005JXP-Nn; Mon, 26 Jul 2021 22:01:47 +0300 From: Vasily Averin Subject: [PATCH v6 15/16] memcg: enable accounting for tty-related objects To: Andrew Morton Cc: cgroups@vger.kernel.org, Michal Hocko , Shakeel Butt , Johannes Weiner , Vladimir Davydov , Roman Gushchin , Greg Kroah-Hartman , Jiri Slaby , linux-kernel@vger.kernel.org References: <9bf9d9bd-03b1-2adb-17b4-5d59a86a9394@virtuozzo.com> Message-ID: <15860ed1-2c2a-b667-da07-6e54029167eb@virtuozzo.com> Date: Mon, 26 Jul 2021 22:01:47 +0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org At each login the user forces the kernel to create a new terminal and allocate up to ~1Kb memory for the tty-related structures. By default it's allowed to create up to 4096 ptys with 1024 reserve for initial mount namespace only and the settings are controlled by host admin. Though this default is not enough for hosters with thousands of containers per node. Host admin can be forced to increase it up to NR_UNIX98_PTY_MAX = 1<<20. By default container is restricted by pty mount_opt.max = 1024, but admin inside container can change it via remount. As a result, one container can consume almost all allowed ptys and allocate up to 1Gb of unaccounted memory. It is not enough per-se to trigger OOM on host, however anyway, it allows to significantly exceed the assigned memcg limit and leads to troubles on the over-committed node. It makes sense to account for them to restrict the host's memory consumption from inside the memcg-limited container. Signed-off-by: Vasily Averin Acked-by: Greg Kroah-Hartman --- drivers/tty/tty_io.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c index 26debec..e787f6f 100644 --- a/drivers/tty/tty_io.c +++ b/drivers/tty/tty_io.c @@ -1493,7 +1493,7 @@ void tty_save_termios(struct tty_struct *tty) /* Stash the termios data */ tp = tty->driver->termios[idx]; if (tp == NULL) { - tp = kmalloc(sizeof(*tp), GFP_KERNEL); + tp = kmalloc(sizeof(*tp), GFP_KERNEL_ACCOUNT); if (tp == NULL) return; tty->driver->termios[idx] = tp; @@ -3119,7 +3119,7 @@ struct tty_struct *alloc_tty_struct(struct tty_driver *driver, int idx) { struct tty_struct *tty; - tty = kzalloc(sizeof(*tty), GFP_KERNEL); + tty = kzalloc(sizeof(*tty), GFP_KERNEL_ACCOUNT); if (!tty) return NULL; -- 1.8.3.1