Re: [PATCH] memcg: account security cred as well to kmemcg

From: Roman Gushchin
Date: Thu Dec 05 2019 - 18:23:45 EST

Next message: Anup Patel: "Re: [PATCH] RISC-V: Add debug defconfigs"
Previous message: Andrew Jeffery: "Re: [PATCH 1/3] dt-bindings: ipmi: aspeed: Introduce a v2 binding for KCS"
In reply to: Chris Down: "Re: [PATCH] memcg: account security cred as well to kmemcg"
Next in thread: Michal Hocko: "Re: [PATCH] memcg: account security cred as well to kmemcg"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Dec 05, 2019 at 02:37:21PM -0800, Shakeel Butt wrote:
> The cred_jar kmem_cache is already memcg accounted in the current
> kernel but cred->security is not. Account cred->security to kmemcg.
>
> Recently we saw high root slab usage on our production and on further
> inspection, we found a buggy application leaking processes. Though that
> buggy application was contained within its memcg but we observe much
> more system memory overhead, couple of GiBs, during that period. This
> overhead can adversely impact the isolation on the system. One of source
> of high overhead, we found was cred->secuity objects.
>
> Signed-off-by: Shakeel Butt <shakeelb@xxxxxxxxxx>

Reviewed-by: Roman Gushchin <guro@xxxxxx>

Thanks!

Next message: Anup Patel: "Re: [PATCH] RISC-V: Add debug defconfigs"
Previous message: Andrew Jeffery: "Re: [PATCH 1/3] dt-bindings: ipmi: aspeed: Introduce a v2 binding for KCS"
In reply to: Chris Down: "Re: [PATCH] memcg: account security cred as well to kmemcg"
Next in thread: Michal Hocko: "Re: [PATCH] memcg: account security cred as well to kmemcg"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]