kernel: disable CONFIG_MEMCG_KMEM

NicolasT · NicolasT · commit fb13977a0615 · 2019-10-09T19:12:58.000+02:00
This causes kernel memory leaks when using versions of `runc` that unconditionally enable per-cgroup kernel memory resource accounting, leading to systems becoming unusable when many containers were created. The links below mention actual leaks of cgroups as well. However, in testing this appears to be fixed in more recent RedHat/CentOS kernel versions. We disable the feature in the kernel configuration, which however changes its ABI. See: https://docs.google.com/document/d/1892PZs2ZdV4_JsSoFwC6WfoOHqKVirFci9r_6NAJzUU/edit?usp=sharing See: moby/moby#29638 (comment) See: kubernetes/kubernetes#61937 See: opencontainers/runc#1725 See: https://bugzilla.redhat.com/show_bug.cgi?id=1507149 See: https://bugs.schedmd.com/show_bug.cgi?id=5082#c28
diff --git a/Makefile b/Makefile
@@ -32,5 +32,6 @@ default: .rpms
 		-v $(PWD)/SRPMS:/home/build/kernel/SRPMS:Z \
 		--tmpfs /var/tmp \
 		--tmpfs /tmp \
-		"$(CONTAINER)"
+		"$(CONTAINER)" \
+		--without kabichk
 	touch $@
diff --git a/SOURCES/0001-mm-fix-compilation-with-CONFIG_MEMCG_KMEM-disabled.patch b/SOURCES/0001-mm-fix-compilation-with-CONFIG_MEMCG_KMEM-disabled.patch
@@ -0,0 +1,41 @@
+From e58aeb67c287c2eed59c0b4bdcd8fdf54ee256b0 Mon Sep 17 00:00:00 2001
+From: Nicolas Trangez <ikke@nicolast.be>
+Date: Wed, 9 Oct 2019 13:44:21 +0000
+Subject: [PATCH] mm: fix compilation with `CONFIG_MEMCG_KMEM` disabled
+
+The `memcg_limit_mutex` mutex is used in code *not* protected by
+`CONFIG_MEMCG_KMEM`, so if we disable the feature, its declaration
+must go outside the `#ifdef`ed section.
+
+See: https://docs.google.com/document/d/1892PZs2ZdV4_JsSoFwC6WfoOHqKVirFci9r_6NAJzUU/edit?usp=sharing
+
+Signed-off-by: Nicolas Trangez <nicolas.trangez@scality.com>
+---
+ mm/memcontrol.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/mm/memcontrol.c b/mm/memcontrol.c
+index 16fe560..d8efcd2 100644
+--- a/mm/memcontrol.c
++++ b/mm/memcontrol.c
+@@ -2995,6 +2995,8 @@ static void __mem_cgroup_commit_charge(struct mem_cgroup *memcg,
+ 	memcg_check_events(memcg, page);
+ }
+ 
++static DEFINE_MUTEX(memcg_limit_mutex);
++
+ #ifdef CONFIG_MEMCG_KMEM
+ /*
+  * The memcg_slab_mutex is held whenever a per memcg kmem cache is created or
+@@ -3375,8 +3377,6 @@ static inline void memcg_resume_kmem_account(void)
+ 	current->memcg_kmem_skip_account--;
+ }
+ 
+-static DEFINE_MUTEX(memcg_limit_mutex);
+-
+ int __kmem_cache_destroy_memcg_children(struct kmem_cache *s)
+ {
+ 	struct kmem_cache *c;
+-- 
+1.8.3.1
+
diff --git a/SOURCES/kernel-3.10.0-x86_64-debug.config b/SOURCES/kernel-3.10.0-x86_64-debug.config
@@ -168,7 +168,7 @@ CONFIG_PAGE_COUNTER=y
 CONFIG_MEMCG=y
 CONFIG_MEMCG_SWAP=y
 CONFIG_MEMCG_SWAP_ENABLED=y
-CONFIG_MEMCG_KMEM=y
+CONFIG_MEMCG_KMEM=n
 CONFIG_CGROUP_HUGETLB=y
 CONFIG_CGROUP_PERF=y
 CONFIG_CGROUP_SCHED=y
diff --git a/SOURCES/kernel-3.10.0-x86_64.config b/SOURCES/kernel-3.10.0-x86_64.config
@@ -168,7 +168,7 @@ CONFIG_PAGE_COUNTER=y
 CONFIG_MEMCG=y
 CONFIG_MEMCG_SWAP=y
 CONFIG_MEMCG_SWAP_ENABLED=y
-CONFIG_MEMCG_KMEM=y
+CONFIG_MEMCG_KMEM=n
 CONFIG_CGROUP_HUGETLB=y
 CONFIG_CGROUP_PERF=y
 CONFIG_CGROUP_SCHED=y
diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec
@@ -5,7 +5,7 @@ Summary: The Linux kernel
 
 %define dist .el7
 
-%define buildid .1.scality
+%define buildid .2.scality
 
 # For a kernel released for public testing, released_kernel should be 1.
 # For internal testing builds during development, it should be 0.
@@ -447,6 +447,7 @@ Source2001: cpupower.config
 Source9999: lastcommit.stat
 %endif
 
+Patch40000: 0001-mm-fix-compilation-with-CONFIG_MEMCG_KMEM-disabled.patch
 # empty final patch to facilitate testing of kernel patches
 Patch999999: linux-kernel-test.patch
 
@@ -788,6 +789,7 @@ cd linux-%{KVRA}
 # Drop some necessary files from the source dir into the buildroot
 cp $RPM_SOURCE_DIR/kernel-%{version}-*.config .
 
+ApplyOptionalPatch 0001-mm-fix-compilation-with-CONFIG_MEMCG_KMEM-disabled.patch
 ApplyOptionalPatch linux-kernel-test.patch
 
 # Any further pre-build tree manipulations happen here.
@@ -1769,6 +1771,9 @@ fi
 %kernel_variant_files %{with_kdump} kdump
 
 %changelog
+* Wed Oct 09 2019 Nicolas Trangez <nicolas.trangez@scality.com> [3.10.0-1062.1.2.el7.2.scality]
+- [mm] disable CONFIG_MEMCG_KMEM
+
 * Wed Oct 09 2019 Nicolas Trangez <nicolas.trangez@scality.com> [3.10.0-1062.1.2.el7.1.scality]
 - build: don't require 'SOURCES' to be writable
 
