[RHEL7,COMMIT] ipset: enable memory accounting for ipset memory allocations

Submitted by Vasily Averin on Sept. 23, 2020, 12:55 p.m.

Details

Message ID 202009231255.08NCtm5K014712@vz7build.vvs.sw.ru
State New
Series "ipset: enable memory accounting for ipset memory allocations"
Headers show

Commit Message

Vasily Averin Sept. 23, 2020, 12:55 p.m.
The commit is pushed to "branch-rh7-3.10.0-1127.18.2.vz7.163.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-1127.18.2.vz7.163.28
------>
commit b85b3e0c99926241ad2fe32d51694b6c7405f493
Author: Vasily Averin <vvs@virtuozzo.com>
Date:   Wed Sep 23 15:55:48 2020 +0300

    ipset: enable memory accounting for ipset memory allocations
    
    currently root inside non-trusted network namespace can consume
    all node's memory for ipset hashtable.
    
    https://jira.sw.ru/browse/PSBM-108091
    Signed-off-by: Vasily Averin <vvs@virtuozzo.com>
---
 net/netfilter/ipset/ip_set_core.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Patch hide | download patch | download mbox

diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c
index 6b93a89..0fb19b9 100644
--- a/net/netfilter/ipset/ip_set_core.c
+++ b/net/netfilter/ipset/ip_set_core.c
@@ -251,14 +251,14 @@  ip_set_alloc(size_t size)
 	void *members = NULL;
 
 	if (size < KMALLOC_MAX_SIZE)
-		members = kzalloc(size, GFP_KERNEL | __GFP_NOWARN);
+		members = kzalloc(size, GFP_KERNEL_ACCOUNT | __GFP_NOWARN);
 
 	if (members) {
 		pr_debug("%p: allocated with kmalloc\n", members);
 		return members;
 	}
 
-	members = vzalloc(size);
+	members = vzalloc_account(size);
 	if (!members)
 		return NULL;
 	pr_debug("%p: allocated with vmalloc\n", members);