On Thu, Apr 22, 2021 at 01:38:01PM +0300, Vasily Averin wrote:
You have forgotten to Cc LKML on your submission.
> Each task can request own LDT and force the kernel to allocate up to
> 64Kb memory per-mm.
>
> There are legitimate workloads with hundreds of processes and there
> can be hundreds of workloads running on large machines.
> The unaccounted memory can cause isolation issues between the workloads
> particularly on highly utilized machines.
>
> It makes sense to account for this objects to restrict the host's memory
> consumption from inside the memcg-limited container.
>
> Signed-off-by: Vasily Averin <vvs@xxxxxxxxxxxxx>
> ---
> arch/x86/kernel/ldt.c | 7 ++++---
> 1 file changed, 4 insertions(+), 3 deletions(-)
>
> diff --git a/arch/x86/kernel/ldt.c b/arch/x86/kernel/ldt.c
> index aa15132..a1889a0 100644
> --- a/arch/x86/kernel/ldt.c
> +++ b/arch/x86/kernel/ldt.c
> @@ -154,7 +154,7 @@ static struct ldt_struct *alloc_ldt_struct(unsigned int num_entries)
> if (num_entries > LDT_ENTRIES)
> return NULL;
>
> - new_ldt = kmalloc(sizeof(struct ldt_struct), GFP_KERNEL);
> + new_ldt = kmalloc(sizeof(struct ldt_struct), GFP_KERNEL_ACCOUNT);
> if (!new_ldt)
> return NULL;
>
> @@ -168,9 +168,10 @@ static struct ldt_struct *alloc_ldt_struct(unsigned int num_entries)
> * than PAGE_SIZE.
> */
> if (alloc_size > PAGE_SIZE)
> - new_ldt->entries = vzalloc(alloc_size);
> + new_ldt->entries = __vmalloc(alloc_size,
> + GFP_KERNEL_ACCOUNT | __GFP_ZERO);
You don't have to break that line - just let it stick out.
> else
> - new_ldt->entries = (void *)get_zeroed_page(GFP_KERNEL);
> + new_ldt->entries = (void *)get_zeroed_page(GFP_KERNEL_ACCOUNT);
>
> if (!new_ldt->entries) {
> kfree(new_ldt);
> --
In any case:
Acked-by: Borislav Petkov <bp@xxxxxxx>
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
