[SRU Bionic] memcg: enable accounting of ipc resources

Thadeu Lima de Souza Cascardo cascardo at canonical.com
Tue Sep 28 18:56:48 UTC 2021 

From: Vasily Averin <vvs at virtuozzo.com>

When user creates IPC objects it forces kernel to allocate memory for
these long-living objects.

It makes sense to account them to restrict the host's memory consumption
from inside the memcg-limited container.

This patch enables accounting for IPC shared memory segments, messages
semaphores and semaphore's undo lists.

Link: https://lkml.kernel.org/r/d6507b06-4df6-78f8-6c54-3ae86e3b5339@virtuozzo.com
Signed-off-by: Vasily Averin <vvs at virtuozzo.com>
Reviewed-by: Shakeel Butt <shakeelb at google.com>
Cc: Alexander Viro <viro at zeniv.linux.org.uk>
Cc: Alexey Dobriyan <adobriyan at gmail.com>
Cc: Andrei Vagin <avagin at gmail.com>
Cc: Borislav Petkov <bp at alien8.de>
Cc: Borislav Petkov <bp at suse.de>
Cc: Christian Brauner <christian.brauner at ubuntu.com>
Cc: Dmitry Safonov <0x7f454c46 at gmail.com>
Cc: "Eric W. Biederman" <ebiederm at xmission.com>
Cc: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
Cc: "H. Peter Anvin" <hpa at zytor.com>
Cc: Ingo Molnar <mingo at redhat.com>
Cc: "J. Bruce Fields" <bfields at fieldses.org>
Cc: Jeff Layton <jlayton at kernel.org>
Cc: Jens Axboe <axboe at kernel.dk>
Cc: Jiri Slaby <jirislaby at kernel.org>
Cc: Johannes Weiner <hannes at cmpxchg.org>
Cc: Kirill Tkhai <ktkhai at virtuozzo.com>
Cc: Michal Hocko <mhocko at kernel.org>
Cc: Oleg Nesterov <oleg at redhat.com>
Cc: Roman Gushchin <guro at fb.com>
Cc: Serge Hallyn <serge at hallyn.com>
Cc: Tejun Heo <tj at kernel.org>
Cc: Thomas Gleixner <tglx at linutronix.de>
Cc: Vladimir Davydov <vdavydov.dev at gmail.com>
Cc: Yutian Yang <nglaive at gmail.com>
Cc: Zefan Li <lizefan.x at bytedance.com>
Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
(backported from commit 18319498fdd4cdf8c1c2c48cd432863b1f915d6f)
[cascardo: some kvmalloc were replaced by kmalloc and context changes]
CVE-2021-3759
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo at canonical.com>
---
 ipc/msg.c | 2 +-
 ipc/sem.c | 8 ++++----
 ipc/shm.c | 2 +-
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/ipc/msg.c b/ipc/msg.c
index 1bbc029d2b17..4ee9dba6a2be 100644
--- a/ipc/msg.c
+++ b/ipc/msg.c
@@ -119,7 +119,7 @@ static int newque(struct ipc_namespace *ns, struct ipc_params *params)
 	key_t key = params->key;
 	int msgflg = params->flg;
 
-	msq = kvmalloc(sizeof(*msq), GFP_KERNEL);
+	msq = kvmalloc(sizeof(*msq), GFP_KERNEL_ACCOUNT);
 	if (unlikely(!msq))
 		return -ENOMEM;
 
diff --git a/ipc/sem.c b/ipc/sem.c
index a5b64d67606e..cd5acd302cdf 100644
--- a/ipc/sem.c
+++ b/ipc/sem.c
@@ -460,7 +460,7 @@ static struct sem_array *sem_alloc(size_t nsems)
 		return NULL;
 
 	size = sizeof(*sma) + nsems * sizeof(sma->sems[0]);
-	sma = kvmalloc(size, GFP_KERNEL);
+	sma = kvmalloc(size, GFP_KERNEL_ACCOUNT);
 	if (unlikely(!sma))
 		return NULL;
 
@@ -1740,7 +1740,7 @@ static inline int get_undo_list(struct sem_undo_list **undo_listp)
 
 	undo_list = current->sysvsem.undo_list;
 	if (!undo_list) {
-		undo_list = kzalloc(sizeof(*undo_list), GFP_KERNEL);
+		undo_list = kzalloc(sizeof(*undo_list), GFP_KERNEL_ACCOUNT);
 		if (undo_list == NULL)
 			return -ENOMEM;
 		spin_lock_init(&undo_list->lock);
@@ -1824,7 +1824,7 @@ static struct sem_undo *find_alloc_undo(struct ipc_namespace *ns, int semid)
 	rcu_read_unlock();
 
 	/* step 2: allocate new undo structure */
-	new = kzalloc(sizeof(struct sem_undo) + sizeof(short)*nsems, GFP_KERNEL);
+	new = kzalloc(sizeof(struct sem_undo) + sizeof(short)*nsems, GFP_KERNEL_ACCOUNT);
 	if (!new) {
 		ipc_rcu_putref(&sma->sem_perm, sem_rcu_free);
 		return ERR_PTR(-ENOMEM);
@@ -1888,7 +1888,7 @@ static long do_semtimedop(int semid, struct sembuf __user *tsops,
 	if (nsops > ns->sc_semopm)
 		return -E2BIG;
 	if (nsops > SEMOPM_FAST) {
-		sops = kvmalloc(sizeof(*sops)*nsops, GFP_KERNEL);
+		sops = kvmalloc(sizeof(*sops)*nsops, GFP_KERNEL_ACCOUNT);
 		if (sops == NULL)
 			return -ENOMEM;
 	}
diff --git a/ipc/shm.c b/ipc/shm.c
index da652c64c074..673c785788f1 100644
--- a/ipc/shm.c
+++ b/ipc/shm.c
@@ -565,7 +565,7 @@ static int newseg(struct ipc_namespace *ns, struct ipc_params *params)
 			ns->shm_tot + numpages > ns->shm_ctlall)
 		return -ENOSPC;
 
-	shp = kvmalloc(sizeof(*shp), GFP_KERNEL);
+	shp = kvmalloc(sizeof(*shp), GFP_KERNEL_ACCOUNT);
 	if (unlikely(!shp))
 		return -ENOMEM;
 
-- 
2.30.2

More information about the kernel-team mailing list