On Fri, May 13, 2022 at 06:51:41PM +0300, Vasily Averin wrote: > cgroup mkdir can be misused inside memcg limited container. It can allocate > a lot of host memory without memcg accounting, cause global memory shortage > and force OOM to kill random host process. > > Below [1] is result of mkdir /sys/fs/cgroup/test tracing on VM with 4 cpus > > number bytes $1*$2 sum note call_site > of alloc > allocs > ------------------------------------------------------------ > 1 14448 14448 14448 = percpu_alloc_percpu: > 1 8192 8192 22640 (mem_cgroup_css_alloc+0x54) > 49 128 6272 28912 (__kernfs_new_node+0x4e) > 49 96 4704 33616 (simple_xattr_alloc+0x2c) > 49 88 4312 37928 (__kernfs_iattrs+0x56) > 1 4096 4096 42024 (cgroup_mkdir+0xc7) > 1 3840 3840 45864 = percpu_alloc_percpu: > 4 512 2048 47912 (alloc_fair_sched_group+0x166) > 4 512 2048 49960 (alloc_fair_sched_group+0x139) > 1 2048 2048 52008 (mem_cgroup_css_alloc+0x109) > [smaller objects skipped] > --- > Total 61728 > > '=' -- accounted allocations > > This patch enabled accounting for one of the main memory hogs in this > experiment: allocation which are called inside mem_cgroup_css_alloc() > > Signed-off-by: Vasily Averin <vvs@xxxxxxxxxx> > Link: [1] https://lore.kernel.org/all/1aa4cd22-fcb6-0e8d-a1c6-23661d618864@xxxxxxxxxx/ > Acked-by: Shakeel Butt <shakeelb@xxxxxxxxxx>
