Received: by 2002:a05:6a10:1287:0:0:0:0 with SMTP id d7csp4248227pxv; Tue, 27 Jul 2021 02:33:52 -0700 (PDT) X-Google-Smtp-Source: ABdhPJybPa+YvvhTwnGRXxb8LMvsEDDsAA/g6CWrnTkkbBWgJDEfTVymhFFaZ+WzlnNoqehHg5Vu X-Received: by 2002:a05:6402:42c7:: with SMTP id i7mr2432508edc.161.1627378432224; Tue, 27 Jul 2021 02:33:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1627378432; cv=none; d=google.com; s=arc-20160816; b=Emts88Bra72/BRbQlSlRv8C1nGpYDyewn2Qp2MX6WppvfI9AIMZ+fYjNZHaTuAdauO q9/x09BOjyB0er5B1gxsMR4gysVr/9mPK1GVx1conzLTZC9TUHJIghAJ2BOBAzvHZxtr bIY+d/ST2I6Ymn0l2CobdAJvGHwwwuIU1TxD+mHKeDjk3QV07R027MWojqk33GFXU0TM Z7+9l8uqLsinxx7ZEwmZj2dOrp8j7BE7S1ZhtLUSQbaA0RNx4x7kmOcPnMnnF5oMgjQE Q3f0zs1HHmzETbNr1i3Q6hrbm6fLAn+TmMVz5cdkJTE5p8eRhn1pI6S+UPevl8eqJ1nx HSmg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=xHRQ1lJDnA9POH8c9liKjruZk3Upcs9oOunbR1hkWGQ=; b=RggjKtU0cVNetaIueC/8w+E/ee8e5h+KBuSZhXonIY0x7r186HJxvxUzy2fNpmutpi jlVVWgkYzPZooyWm9o60xlxdnK4TnLybz8c+Z3pmhvSkREADJdG/pxh0T5nqiMl/3fch SinWcIt94iiHhTeTG4t7Rm8E4VevbhhVWE2XdLl/uqEo1a7lwxpYxhnxoEYR7yF8tcyg n/7fEt9lyCOykKw8mcrvOS6zjngfi/FKP9VoESvzzj4Pqha41RwfB+enilXqqB9V4VyD /ZOr7pRFXhkTYxoJZwd6k/6S+a9KyCmyGMuxNMJaL9Wb7wiwe0fQMcbWpbcdaNYBV5XL yumQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=v8yO2l0e; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id w25si2402440eds.240.2021.07.27.02.33.29; Tue, 27 Jul 2021 02:33:52 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=v8yO2l0e; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236098AbhG0JbA (ORCPT + 99 others); Tue, 27 Jul 2021 05:31:00 -0400 Received: from mail.kernel.org ([198.145.29.99]:60972 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235946AbhG0JbA (ORCPT ); Tue, 27 Jul 2021 05:31:00 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 02CAB600D4; Tue, 27 Jul 2021 09:30:59 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1627378260; bh=gs7eJAOqHz0y0MgMzJHu3ENkS4NCcGHEBd0dG2aBni0=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=v8yO2l0eRWB/MYAfEFD4kEBZ0ammK/F7vGp/bD8qlkWhbdzyXMf5OTl/WV6aCmwRr NjqHbDxoErEydeC8LzISazDpfl2UqCz38OFhI8qHtoyHWruTnfX7LCq06bvpwH0OCe 3FVEiM1doxBuTndQ+PNs0joLCTlKBAsCLyBhHks8= Date: Tue, 27 Jul 2021 11:30:58 +0200 From: Greg Kroah-Hartman To: Vasily Averin Cc: Jiri Slaby , cgroups@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH v7 09/10] memcg: enable accounting for tty-related objects Message-ID: References: <6f21a0e0-bd36-b6be-1ffa-0dc86c06c470@virtuozzo.com> <1eef95fe-6172-796e-edd1-095545da6e74@kernel.org> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jul 27, 2021 at 11:02:31AM +0300, Vasily Averin wrote: > On 7/27/21 9:54 AM, Jiri Slaby wrote: > > On 27. 07. 21, 7:34, Vasily Averin wrote: > >> At each login the user forces the kernel to create a new terminal and > >> allocate up to ~1Kb memory for the tty-related structures. > >> > >> By default it's allowed to create up to 4096 ptys with 1024 reserve for > >> initial mount namespace only and the settings are controlled by host admin. > >> > >> Though this default is not enough for hosters with thousands > >> of containers per node. Host admin can be forced to increase it > >> up to NR_UNIX98_PTY_MAX = 1<<20. > >> > >> By default container is restricted by pty mount_opt.max = 1024, > >> but admin inside container can change it via remount. As a result, > >> one container can consume almost all allowed ptys > >> and allocate up to 1Gb of unaccounted memory. > >> > >> It is not enough per-se to trigger OOM on host, however anyway, it allows > >> to significantly exceed the assigned memcg limit and leads to troubles > >> on the over-committed node. > >> > >> It makes sense to account for them to restrict the host's memory > >> consumption from inside the memcg-limited container. > >> > >> Signed-off-by: Vasily Averin > >> Acked-by: Greg Kroah-Hartman > >> --- > >> ? drivers/tty/tty_io.c | 4 ++-- > >> ? 1 file changed, 2 insertions(+), 2 deletions(-) > >> > >> diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c > >> index 26debec..e787f6f 100644 > >> --- a/drivers/tty/tty_io.c > >> +++ b/drivers/tty/tty_io.c > >> @@ -1493,7 +1493,7 @@ void tty_save_termios(struct tty_struct *tty) > >> ????? /* Stash the termios data */ > >> ????? tp = tty->driver->termios[idx]; > >> ????? if (tp == NULL) { > >> -??????? tp = kmalloc(sizeof(*tp), GFP_KERNEL); > >> +??????? tp = kmalloc(sizeof(*tp), GFP_KERNEL_ACCOUNT); > > > > termios are not saved for PTYs (TTY_DRIVER_RESET_TERMIOS). Am I missing something? > > No, you are right, I've missed this. > Typical terminals inside containers use TTY_DRIVER_RESET_TERMIOS flag and therefore do not save termios. > So its accounting have near-to-zero impact in real life. > I'll prepare fixup to drop GFP_KERNEL_ACCOUNT here. I'll go drop this patch from my tree. thanks, greg k-h