Re: [PATCH] memcg: account security cred as well to kmemcg

From: Andrew Morton
Date: Fri Dec 06 2019 - 19:13:32 EST

Next message: Saravana Kannan: "[PATCH v6 0/3] Introduce Bandwidth OPPs for interconnects"
Previous message: Kevin Hilman: "Re: [PATCH v2] bluetooth: hci_bcm: enable IRQ capability from node"
In reply to: Shakeel Butt: "Re: [PATCH] memcg: account security cred as well to kmemcg"
Next in thread: Shakeel Butt: "Re: [PATCH] memcg: account security cred as well to kmemcg"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 5 Dec 2019 14:37:21 -0800 Shakeel Butt <shakeelb@xxxxxxxxxx> wrote:

> The cred_jar kmem_cache is already memcg accounted in the current
> kernel but cred->security is not. Account cred->security to kmemcg.
>
> Recently we saw high root slab usage on our production and on further
> inspection, we found a buggy application leaking processes. Though that
> buggy application was contained within its memcg but we observe much
> more system memory overhead, couple of GiBs, during that period. This
> overhead can adversely impact the isolation on the system. One of source
> of high overhead, we found was cred->secuity objects.

A bit of an oversight and the fix is simple. Is it worth a cc:stable?

Next message: Saravana Kannan: "[PATCH v6 0/3] Introduce Bandwidth OPPs for interconnects"
Previous message: Kevin Hilman: "Re: [PATCH v2] bluetooth: hci_bcm: enable IRQ capability from node"
In reply to: Shakeel Butt: "Re: [PATCH] memcg: account security cred as well to kmemcg"
Next in thread: Shakeel Butt: "Re: [PATCH] memcg: account security cred as well to kmemcg"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]