Received: by 2002:a05:6a10:1287:0:0:0:0 with SMTP id d7csp3817970pxv; Mon, 26 Jul 2021 12:59:45 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzpf7NOkDKJNW3yJIjIjvTOzg3q6in3AT7aU7DfLRy0XQ4e/VVjgkRrj3x2I3R/Ub7Jl5q7 X-Received: by 2002:a17:906:c2d7:: with SMTP id ch23mr602658ejb.298.1627329585168; Mon, 26 Jul 2021 12:59:45 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1627329585; cv=none; d=google.com; s=arc-20160816; b=yHx/QgdaI59g5tGOfE6E1B0WWYDDBl1W2ahaZp4PS5sPnF/Xp1XgPssIyQJmHvB9SU 6KunYzl73Zoh74lnR/y7imLEiTFK4sW2518p1eak/gdb7IcguPKHSeUsNcxssNliM7Ir PxZrev437tdDePYO8uX1oS0gcpG3eD4zoamjRyt9q6AtonypYp8E87bC0jJtcvJwnJ63 igqhuLTqVFwfS5sJvQtlUP6XsqDCJq6CBC8J7lp1VKeX4qsDV5YeFF6IvTFKHHxc3nQM TnJdvfRUdtsqQ4eZWHqeZerv0ynwhBp/tyZQIaf8W98RkEBTihKgdjXuWiwWsbxt5R1G 9OPg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:from:references :cc:to:subject:dkim-signature; bh=tv98G035lh2G/ipIGk9DWaPwErr9DdmX0FfG30VCqLY=; b=p5XK9RyKtcde4kDFOIPNiLHGzvRJLU097uZxG+lAPCPpEu08YjvAJaYc38ywE1pWT9 YptPzFRLMiy9PzcmNf0U84dNOtPD9DHa3V0ZdO4DrFMQTOR8u5Qw8P/mRF6uRvL2zUKu qY7YcJYBYElBQ5Rg7sQ2aT7Ns8bAwV2XAnyBUEPX+a3am1JyhceHoyFJwzEKzCJZfTFx R9IaXo2KeT45vm33I0IKaGQFNOxQjyXtf4MfzvLJdFa7o4JYOev6zGw8YrIMmWeUKLmD KDOLv6bsR6I25ffz/ymFmffrsg50WoS2/670NfUAmErLqdwpedMVeaXG46in6gHbnySk F+Ug== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@virtuozzo.com header.s=relay header.b=G3iiKhr3; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=virtuozzo.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id w11si942562ejc.221.2021.07.26.12.59.22; Mon, 26 Jul 2021 12:59:45 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@virtuozzo.com header.s=relay header.b=G3iiKhr3; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=virtuozzo.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231895AbhGZTRk (ORCPT + 99 others); Mon, 26 Jul 2021 15:17:40 -0400 Received: from relay.sw.ru ([185.231.240.75]:33134 "EHLO relay.sw.ru" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229646AbhGZTRj (ORCPT ); Mon, 26 Jul 2021 15:17:39 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=virtuozzo.com; s=relay; h=Content-Type:MIME-Version:Date:Message-ID:From: Subject; bh=tv98G035lh2G/ipIGk9DWaPwErr9DdmX0FfG30VCqLY=; b=G3iiKhr3Yr3vEkX2a UQ8cCtq5ZpJ8MEZqD7NvK3bB1N8hUeqGfthNBucZosDiFwX96HGYcqoYWlpp5zDKSKGZSZHQMgOXT nlLzLHrP+RM/NFWuluO4rEQIL8gB1DeBiq87FXjLB8hDaH3zh5vONrMfR+rD99xsbAttPVxadph1g =; Received: from [192.168.15.199] by relay.sw.ru with esmtp (Exim 4.94.2) (envelope-from ) id 1m86jk-005Jkf-He; Mon, 26 Jul 2021 22:58:04 +0300 Subject: Re: [PATCH v6 11/16] memcg: enable accounting for new namesapces and struct nsproxy To: Vasily Averin , Andrew Morton Cc: cgroups@vger.kernel.org, Michal Hocko , Shakeel Butt , Johannes Weiner , Vladimir Davydov , Roman Gushchin , Tejun Heo , Zefan Li , Thomas Gleixner , Christian Brauner , Serge Hallyn , Andrei Vagin , linux-kernel@vger.kernel.org References: <9bf9d9bd-03b1-2adb-17b4-5d59a86a9394@virtuozzo.com> <86c99f5a-d717-9d4e-91db-e68ccc93cade@virtuozzo.com> From: Kirill Tkhai Message-ID: <6c72e9c3-7ce3-0bd9-fb18-60d0a3f86254@virtuozzo.com> Date: Mon, 26 Jul 2021 22:58:02 +0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.12.0 MIME-Version: 1.0 In-Reply-To: <86c99f5a-d717-9d4e-91db-e68ccc93cade@virtuozzo.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 26.07.2021 22:01, Vasily Averin wrote: > Container admin can create new namespaces and force kernel to allocate > up to several pages of memory for the namespaces and its associated > structures. > Net and uts namespaces have enabled accounting for such allocations. > It makes sense to account for rest ones to restrict the host's memory > consumption from inside the memcg-limited container. > > Signed-off-by: Vasily Averin > Acked-by: Serge Hallyn > Acked-by: Christian Brauner Acked-by: Kirill Tkhai > --- > fs/namespace.c | 2 +- > ipc/namespace.c | 2 +- > kernel/cgroup/namespace.c | 2 +- > kernel/nsproxy.c | 2 +- > kernel/pid_namespace.c | 2 +- > kernel/time/namespace.c | 4 ++-- > kernel/user_namespace.c | 2 +- > 7 files changed, 8 insertions(+), 8 deletions(-) > > diff --git a/fs/namespace.c b/fs/namespace.c > index c6a74e5..e443ee6 100644 > --- a/fs/namespace.c > +++ b/fs/namespace.c > @@ -3289,7 +3289,7 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns, bool a > if (!ucounts) > return ERR_PTR(-ENOSPC); > > - new_ns = kzalloc(sizeof(struct mnt_namespace), GFP_KERNEL); > + new_ns = kzalloc(sizeof(struct mnt_namespace), GFP_KERNEL_ACCOUNT); > if (!new_ns) { > dec_mnt_namespaces(ucounts); > return ERR_PTR(-ENOMEM); > diff --git a/ipc/namespace.c b/ipc/namespace.c > index 7bd0766..ae83f0f 100644 > --- a/ipc/namespace.c > +++ b/ipc/namespace.c > @@ -42,7 +42,7 @@ static struct ipc_namespace *create_ipc_ns(struct user_namespace *user_ns, > goto fail; > > err = -ENOMEM; > - ns = kzalloc(sizeof(struct ipc_namespace), GFP_KERNEL); > + ns = kzalloc(sizeof(struct ipc_namespace), GFP_KERNEL_ACCOUNT); > if (ns == NULL) > goto fail_dec; > > diff --git a/kernel/cgroup/namespace.c b/kernel/cgroup/namespace.c > index f5e8828..0d5c298 100644 > --- a/kernel/cgroup/namespace.c > +++ b/kernel/cgroup/namespace.c > @@ -24,7 +24,7 @@ static struct cgroup_namespace *alloc_cgroup_ns(void) > struct cgroup_namespace *new_ns; > int ret; > > - new_ns = kzalloc(sizeof(struct cgroup_namespace), GFP_KERNEL); > + new_ns = kzalloc(sizeof(struct cgroup_namespace), GFP_KERNEL_ACCOUNT); > if (!new_ns) > return ERR_PTR(-ENOMEM); > ret = ns_alloc_inum(&new_ns->ns); > diff --git a/kernel/nsproxy.c b/kernel/nsproxy.c > index abc01fc..eec72ca 100644 > --- a/kernel/nsproxy.c > +++ b/kernel/nsproxy.c > @@ -568,6 +568,6 @@ static void commit_nsset(struct nsset *nsset) > > int __init nsproxy_cache_init(void) > { > - nsproxy_cachep = KMEM_CACHE(nsproxy, SLAB_PANIC); > + nsproxy_cachep = KMEM_CACHE(nsproxy, SLAB_PANIC|SLAB_ACCOUNT); > return 0; > } > diff --git a/kernel/pid_namespace.c b/kernel/pid_namespace.c > index ca43239..6cd6715 100644 > --- a/kernel/pid_namespace.c > +++ b/kernel/pid_namespace.c > @@ -449,7 +449,7 @@ static struct user_namespace *pidns_owner(struct ns_common *ns) > > static __init int pid_namespaces_init(void) > { > - pid_ns_cachep = KMEM_CACHE(pid_namespace, SLAB_PANIC); > + pid_ns_cachep = KMEM_CACHE(pid_namespace, SLAB_PANIC | SLAB_ACCOUNT); > > #ifdef CONFIG_CHECKPOINT_RESTORE > register_sysctl_paths(kern_path, pid_ns_ctl_table); > diff --git a/kernel/time/namespace.c b/kernel/time/namespace.c > index 12eab0d..aec8328 100644 > --- a/kernel/time/namespace.c > +++ b/kernel/time/namespace.c > @@ -88,13 +88,13 @@ static struct time_namespace *clone_time_ns(struct user_namespace *user_ns, > goto fail; > > err = -ENOMEM; > - ns = kmalloc(sizeof(*ns), GFP_KERNEL); > + ns = kmalloc(sizeof(*ns), GFP_KERNEL_ACCOUNT); > if (!ns) > goto fail_dec; > > refcount_set(&ns->ns.count, 1); > > - ns->vvar_page = alloc_page(GFP_KERNEL | __GFP_ZERO); > + ns->vvar_page = alloc_page(GFP_KERNEL_ACCOUNT | __GFP_ZERO); > if (!ns->vvar_page) > goto fail_free; > > diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c > index ef82d40..6b2e3ca 100644 > --- a/kernel/user_namespace.c > +++ b/kernel/user_namespace.c > @@ -1385,7 +1385,7 @@ static struct user_namespace *userns_owner(struct ns_common *ns) > > static __init int user_namespaces_init(void) > { > - user_ns_cachep = KMEM_CACHE(user_namespace, SLAB_PANIC); > + user_ns_cachep = KMEM_CACHE(user_namespace, SLAB_PANIC | SLAB_ACCOUNT); > return 0; > } > subsys_initcall(user_namespaces_init); >