cgroup: disable kernel memory accounting for all memory cgroups by default

hulk inclusion category: bugfix bugzilla: 18665 CVE: NA ------------------- The kernel memory accounting for all memory cgroups is not stable now, it could lead kmem.usage refcount leak. It's used as a debug feature for now, so disable it by default. We can use the following command line to enable or disable it, cgroup.memory=kmem or cgroup.memory=kmem. Signed-off-by: N Yang Yingliang <yangyingliang@huawei.com> Reviewed-by: N Jing Xiangfeng <jingxiangfeng@huawei.com> Signed-off-by: N Yang Yingliang <yangyingliang@huawei.com>

cgroup: disable kernel memory accounting for all memory cgroups by default
hulk inclusion category: bugfix bugzilla: 18665 CVE: NA ------------------- The kernel memory accounting for all memory cgroups is not stable now, it could lead kmem.usage refcount leak. It's used as a debug feature for now, so disable it by default. We can use the following command line to enable or disable it, cgroup.memory=kmem or cgroup.memory=kmem. Signed-off-by: N Yang Yingliang <yangyingliang@huawei.com> Reviewed-by: N Jing Xiangfeng <jingxiangfeng@huawei.com> Signed-off-by: N Yang Yingliang <yangyingliang@huawei.com>
fe02ebb4 · Yang Yingliang · Xie XiuQi · e7864abb · fe02ebb4 · fe02ebb4
Showing with 8 addition and 5 deletion

Documentation/admin-guide/kernel-parameters.txt Documentation/admin-guide/kernel-parameters.txt +1 -0

Documentation/cgroup-v1/memory.txt Documentation/cgroup-v1/memory.txt +3 -3

mm/memcontrol.c mm/memcontrol.c +4 -2

未找到文件。
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -501,6 +501,7 @@
 			Format: <string>
 			nosocket -- Disable socket memory accounting.
 			nokmem -- Disable kernel memory accounting.
+			kmem -- Enable kernel memory accounting.
 	checkreqprot	[SELINUX] Set initial checkreqprot flag value.
 			Format: { "0" | "1" }

--- a/Documentation/cgroup-v1/memory.txt
+++ b/Documentation/cgroup-v1/memory.txt
@@ -280,9 +280,9 @@ the amount of kernel memory used by the system. Kernel memory is fundamentally
 different than user memory, since it can't be swapped out, which makes it
 possible to DoS the system by consuming too much of this precious resource.
-Kernel memory accounting is enabled for all memory cgroups by default. But
+Kernel memory accounting is disabled for all memory cgroups by default. But
-it can be disabled system-wide by passing cgroup.memory=nokmem to the kernel
+it can be enabled system-wide by passing cgroup.memory=kmem to the kernel
-at boot time. In this case, kernel memory will not be accounted at all.
+at boot time. In this case, kernel memory will all be accounted.
 Kernel memory limits are not imposed for the root cgroup. Usage for the root
 cgroup may or may not be accounted. The memory used is accumulated into

--- a/mm/memcontrol.c
+++ b/mm/memcontrol.c
@@ -84,8 +84,8 @@ struct mem_cgroup *root_mem_cgroup __read_mostly;
 /* Socket memory accounting disabled? */
 static bool cgroup_memory_nosocket;
-/* Kernel memory accounting disabled? */
+/* Kernel memory accounting disabled */
-static bool cgroup_memory_nokmem;
+static bool cgroup_memory_nokmem = true;
 /* Whether the swap controller is active */
 #ifdef CONFIG_MEMCG_SWAP
@@ -6364,6 +6364,8 @@ static int __init cgroup_memory(char *s)
 			cgroup_memory_nosocket = true;
 		if (!strcmp(token, "nokmem"))
 			cgroup_memory_nokmem = true;
+		else if (!strcmp(token, "kmem"))
+			cgroup_memory_nokmem = false;
 	}
 	return 0;
 }