Re: [PATCH] memcg: account security cred as well to kmemcg

From: Shakeel Butt
Date: Sat Dec 07 2019 - 00:07:58 EST

Next message: Anand Moon: "Re: [RFCv1 0/8] RK3399 clean shutdown issue"
Previous message: Rodrigo Carvalho: "[PATCH v6 2/2] dt-bindings: iio: accel: add binding documentation for ADIS16240"
In reply to: Andrew Morton: "Re: [PATCH] memcg: account security cred as well to kmemcg"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Dec 6, 2019 at 4:13 PM Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> wrote:
>
> On Thu, 5 Dec 2019 14:37:21 -0800 Shakeel Butt <shakeelb@xxxxxxxxxx> wrote:
>
> > The cred_jar kmem_cache is already memcg accounted in the current
> > kernel but cred->security is not. Account cred->security to kmemcg.
> >
> > Recently we saw high root slab usage on our production and on further
> > inspection, we found a buggy application leaking processes. Though that
> > buggy application was contained within its memcg but we observe much
> > more system memory overhead, couple of GiBs, during that period. This
> > overhead can adversely impact the isolation on the system. One of source
> > of high overhead, we found was cred->secuity objects.
>
> A bit of an oversight and the fix is simple. Is it worth a cc:stable?

Yes, I think it is simple and safe enough for stable.

Next message: Anand Moon: "Re: [RFCv1 0/8] RK3399 clean shutdown issue"
Previous message: Rodrigo Carvalho: "[PATCH v6 2/2] dt-bindings: iio: accel: add binding documentation for ADIS16240"
In reply to: Andrew Morton: "Re: [PATCH] memcg: account security cred as well to kmemcg"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]