On Mon, Mar 15, 2021 at 10:09 AM Jakub Kicinski <kuba@xxxxxxxxxx> wrote: > > On Mon, 15 Mar 2021 15:23:00 +0300 Vasily Averin wrote: > > An untrusted netadmin inside a memcg-limited container can create a > > huge number of routing entries. Currently, allocated kernel objects > > are not accounted to proper memcg, so this can lead to global memory > > shortage on the host and cause lot of OOM kiils. > > > > One such object is the 'struct fib6_node' mostly allocated in > > net/ipv6/route.c::__ip6_ins_rt() inside the lock_bh()/unlock_bh() section: > > > > write_lock_bh(&table->tb6_lock); > > err = fib6_add(&table->tb6_root, rt, info, mxc); > > write_unlock_bh(&table->tb6_lock); > > > > It this case is not enough to simply add SLAB_ACCOUNT to corresponding > > kmem cache. The proper memory cgroup still cannot be found due to the > > incorrect 'in_interrupt()' check used in memcg_kmem_bypass(). > > To be sure that caller is not executed in process contxt > > '!in_task()' check should be used instead > > Sorry for a random question, I didn't get the cover letter. > > What's the overhead of adding SLAB_ACCOUNT? > The potential overhead is for MEMCG users where we need to charge/account each allocation from SLAB_ACCOUNT kmem caches. However charging is done in batches, so the cost is amortized. If there is a concern about a specific workload then it would be good to see the impact of this patch for that workload. > Please make sure you CC netdev on series which may impact networking.
