On Mon, Jul 26, 2021 at 10:34 PM Vasily Averin <vvs@xxxxxxxxxxxxx> wrote: > > Each task can request own LDT and force the kernel to allocate up to > 64Kb memory per-mm. > > There are legitimate workloads with hundreds of processes and there > can be hundreds of workloads running on large machines. > The unaccounted memory can cause isolation issues between the workloads > particularly on highly utilized machines. > > It makes sense to account for this objects to restrict the host's memory > consumption from inside the memcg-limited container. > > Signed-off-by: Vasily Averin <vvs@xxxxxxxxxxxxx> > Acked-by: Borislav Petkov <bp@xxxxxxx> Reviewed-by: Shakeel Butt <shakeelb@xxxxxxxxxx>
