On 3/15/21 6:23 AM, Vasily Averin wrote: > An untrusted netadmin inside a memcg-limited container can create a > huge number of routing entries. Currently, allocated kernel objects > are not accounted to proper memcg, so this can lead to global memory > shortage on the host and cause lot of OOM kiils. > > One such object is the 'struct fib6_node' mostly allocated in > net/ipv6/route.c::__ip6_ins_rt() inside the lock_bh()/unlock_bh() section: > > write_lock_bh(&table->tb6_lock); > err = fib6_add(&table->tb6_root, rt, info, mxc); > write_unlock_bh(&table->tb6_lock); > > It this case is not enough to simply add SLAB_ACCOUNT to corresponding > kmem cache. The proper memory cgroup still cannot be found due to the > incorrect 'in_interrupt()' check used in memcg_kmem_bypass(). > To be sure that caller is not executed in process contxt > '!in_task()' check should be used instead > --- > mm/memcontrol.c | 2 +- > net/ipv6/ip6_fib.c | 2 +- > 2 files changed, 2 insertions(+), 2 deletions(-) > Acked-by: David Ahern <dsahern@xxxxxxxxxx>
