On 3/15/21 6:23 AM, Vasily Averin wrote: > An untrusted netadmin inside a memcg-limited container can create a > huge number of routing entries. Currently, allocated kernel objects > are not accounted to proper memcg, so this can lead to global memory > shortage on the host and cause lot of OOM kiils. > > This patch enables accounting for ip_fib_alias and ip_fib_trie caches > --- > net/ipv4/fib_trie.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > Acked-by: David Ahern <dsahern@xxxxxxxxxx>
