[PATCH v2] cgroup: memcg: net: do not associate sock with unrelated cgroup

From: Shakeel Butt
Date: Fri Feb 14 2020 - 17:24:36 EST

Next message: Li Yang: "[PATCH] iommu/arm-smmu: fix module name for parameters"
Previous message: Vasily Khoruzhick: "Re: [PATCH v2 2/2] drm/bridge: anx7688: Add anx7688 bridge driver support"
Next in thread: Roman Gushchin: "Re: [PATCH v2] cgroup: memcg: net: do not associate sock with unrelated cgroup"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

We are testing network memory accounting in our setup and noticed
inconsistent network memory usage and often unrelated cgroups network
usage correlates with testing workload. On further inspection, it
seems like mem_cgroup_sk_alloc() and cgroup_sk_alloc() are broken in
irq context specially for cgroup v1.

mem_cgroup_sk_alloc() and cgroup_sk_alloc() can be called in irq context
and kind of assumes that this can only happen from sk_clone_lock()
and the source sock object has already associated cgroup. However in
cgroup v1, where network memory accounting is opt-in, the source sock
can be unassociated with any cgroup and the new cloned sock can get
associated with unrelated interrupted cgroup.

Cgroup v2 can also suffer if the source sock object was created by
process in the root cgroup or if sk_alloc() is called in irq context.
The fix is to just do nothing in interrupt.

Fixes: 2d7580738345 ("mm: memcontrol: consolidate cgroup socket tracking")
Fixes: d979a39d7242 ("cgroup: duplicate cgroup reference when cloning sockets")
Signed-off-by: Shakeel Butt <shakeelb@xxxxxxxxxx>
---

Changes since v1:
- Fix cgroup_sk_alloc() too.

kernel/cgroup/cgroup.c | 4 ++++
mm/memcontrol.c | 4 ++++
2 files changed, 8 insertions(+)

diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c
index 9a8a5ded3c48..46e5f5518fba 100644
--- a/kernel/cgroup/cgroup.c
+++ b/kernel/cgroup/cgroup.c
@@ -6449,6 +6449,10 @@ void cgroup_sk_alloc(struct sock_cgroup_data *skcd)
return;
}

+ /* Do not associate the sock with unrelated interrupted task's memcg. */
+ if (in_interrupt())
+ return;
+
rcu_read_lock();

while (true) {
diff --git a/mm/memcontrol.c b/mm/memcontrol.c
index 63bb6a2aab81..f500da82bfe8 100644
--- a/mm/memcontrol.c
+++ b/mm/memcontrol.c
@@ -6697,6 +6697,10 @@ void mem_cgroup_sk_alloc(struct sock *sk)
return;
}

+ /* Do not associate the sock with unrelated interrupted task's memcg. */
+ if (in_interrupt())
+ return;
+
rcu_read_lock();
memcg = mem_cgroup_from_task(current);
if (memcg == root_mem_cgroup)
--
2.25.0.265.gbab2e86ba0-goog

Next message: Li Yang: "[PATCH] iommu/arm-smmu: fix module name for parameters"
Previous message: Vasily Khoruzhick: "Re: [PATCH v2 2/2] drm/bridge: anx7688: Add anx7688 bridge driver support"
Next in thread: Roman Gushchin: "Re: [PATCH v2] cgroup: memcg: net: do not associate sock with unrelated cgroup"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]