On Thu, Dec 05, 2019 at 02:37:21PM -0800, Shakeel Butt wrote: > The cred_jar kmem_cache is already memcg accounted in the current > kernel but cred->security is not. Account cred->security to kmemcg. > > Recently we saw high root slab usage on our production and on further > inspection, we found a buggy application leaking processes. Though that > buggy application was contained within its memcg but we observe much > more system memory overhead, couple of GiBs, during that period. This > overhead can adversely impact the isolation on the system. One of source > of high overhead, we found was cred->secuity objects. > > Signed-off-by: Shakeel Butt <shakeelb@xxxxxxxxxx> Reviewed-by: Roman Gushchin <guro@xxxxxx> Thanks!
