The commit is pushed to "branch-rh8-4.18.0-193.6.3.vz8.4.x-ovz" and will appear
at https://src.openvz.org/scm/ovz/vzkernel.git
after rh8-4.18.0-193.6.3.vz8.4.7
------>
commit 76593b380978bf0d3302b1b7121de43b77cdc72d
Author: Vasily Averin <[email protected]>
Date: Wed Sep 23 15:55:48 2020 +0300
ipset: enable memory accounting for ipset memory allocations
currently root inside non-trusted network namespace can consume
all node's memory for ipset hashtable.
https://jira.sw.ru/browse/PSBM-108091
Signed-off-by: Vasily Averin <[email protected]>
(cherry picked from commit b85b3e0c99926241ad2fe32d51694b6c7405f493)
Signed-off-by: Konstantin Khorenko <[email protected]>
---
net/netfilter/ipset/ip_set_core.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/netfilter/ipset/ip_set_core.c
b/net/netfilter/ipset/ip_set_core.c
index 03322993da92..d40ee8ee1a58 100644
--- a/net/netfilter/ipset/ip_set_core.c
+++ b/net/netfilter/ipset/ip_set_core.c
@@ -255,14 +255,14 @@ ip_set_alloc(size_t size)
void *members = NULL;
if (size < KMALLOC_MAX_SIZE)
- members = kzalloc(size, GFP_KERNEL | __GFP_NOWARN);
+ members = kzalloc(size, GFP_KERNEL_ACCOUNT | __GFP_NOWARN);
if (members) {
pr_debug("%p: allocated with kmalloc\n", members);
return members;
}
- members = vzalloc(size);
+ members = vzalloc_account(size);
if (!members)
return NULL;
pr_debug("%p: allocated with vmalloc\n", members);
_______________________________________________
Devel mailing list
[email protected]
https://lists.openvz.org/mailman/listinfo/devel
