On 2/28/22 15:24, Florian Westphal wrote:
Vasily Averin <vvs@xxxxxxxxxxxxx> wrote:
nftables replaces iptables but still lacks memcg accounting.
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 5fa16990da95..5e1987ec9715 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -149,7 +149,7 @@ static struct nft_trans *nft_trans_alloc_gfp(const struct nft_ctx *ctx,
{
struct nft_trans *trans;
- trans = kzalloc(sizeof(struct nft_trans) + size, gfp);
+ trans = kzalloc(sizeof(struct nft_trans) + size, gfp | __GFP_ACCOUNT);
trans_alloc is temporary in nature, they are always free'd by the
time syscall returns (else, bug).
dropped this hunk in v2
@@ -1084,6 +1084,7 @@ static int nf_tables_newtable(struct sk_buff *skb, const struct nfnl_info *info,
struct nft_table *table;
struct nft_ctx ctx;
u32 flags = 0;
+ gfp_t gfp = GFP_KERNEL_ACCOUNT;
int err;
lockdep_assert_held(&nft_net->commit_mutex);
@@ -1113,16 +1114,16 @@ static int nf_tables_newtable(struct sk_buff *skb, const struct nfnl_info *info,
}
err = -ENOMEM;
- table = kzalloc(sizeof(*table), GFP_KERNEL);
+ table = kzalloc(sizeof(*table), gfp);
Why gfp temporary variable? Readability? The subsititution looks correct.
Out of habit.
Some lines with GFP_KERNEL -> GFP_KERNEL_ACCOUNT changes exceeded 80 symbols,but it isn't required now. I've replaced it in v2.
Thank you,
Vasily Averin