Re: kernfs memcg accounting

[Michal Koutný]

On Wed, May 04, 2022 at 12:00:18PM +0300, Vasily Averin <vvs@xxxxxxxxxx> wrote:
> My patches protect the host mostly from misuse, when someone creates
> a huge number of nedevices inside a container.

Understood.

> Frankly speaking I do not see a big difference between memcg of current process,
> memcg of newly created child and memcg of its parent.

I agree that's not substantial difference. It's relevant for outer
entities "injecting" something into a subtree.
As I wrote previously, charging to the creator in the generic case is
sensible.

> As far as I understand, Roman chose the parent memcg because it was a special
> case of creating a new memory group. He temporally changed active memcg
> in mem_cgroup_css_alloc() and properly accounted all required memcg-specific
> allocations.

> However, he ignored accounting for a rather large struct mem_cgroup
> therefore I think we can do not worry about 128 bytes of kernfs node.

Are you referring to the current code (>= v5.18-rc2)? All big structs
related to mem_cgroup should be accounted. What is ignored?

> Primary I mean here struct mem_cgroup allocation in mem_cgroup_alloc().

Just note that memory controller may not be always enabled so
cgroup_mkdir != mem_cgroup_alloc().

> However, I think we need to take into account any other distributions called
> inside cgroup_mkdir: struct cgroup and kernefs node in common part and 
> any other cgroup-cpecific allocations in other .css_alloc functions.
> They all can be called from inside container, allocates non-accountable
> memory and by this way theoretically can be misused.

Also note that (if you're purely on unified hierachy) you can protect
against that with cgroup.max.descendants and cgroup.max.depth.

Thanks,
Michal