On Mon, 15 Mar 2021 15:23:00 +0300 Vasily Averin wrote: > An untrusted netadmin inside a memcg-limited container can create a > huge number of routing entries. Currently, allocated kernel objects > are not accounted to proper memcg, so this can lead to global memory > shortage on the host and cause lot of OOM kiils. > > One such object is the 'struct fib6_node' mostly allocated in > net/ipv6/route.c::__ip6_ins_rt() inside the lock_bh()/unlock_bh() section: > > write_lock_bh(&table->tb6_lock); > err = fib6_add(&table->tb6_root, rt, info, mxc); > write_unlock_bh(&table->tb6_lock); > > It this case is not enough to simply add SLAB_ACCOUNT to corresponding > kmem cache. The proper memory cgroup still cannot be found due to the > incorrect 'in_interrupt()' check used in memcg_kmem_bypass(). > To be sure that caller is not executed in process contxt > '!in_task()' check should be used instead Sorry for a random question, I didn't get the cover letter. What's the overhead of adding SLAB_ACCOUNT? Please make sure you CC netdev on series which may impact networking.
