On Thu, 5 Dec 2019 14:37:21 -0800 Shakeel Butt <shakeelb@xxxxxxxxxx> wrote: > The cred_jar kmem_cache is already memcg accounted in the current > kernel but cred->security is not. Account cred->security to kmemcg. > > Recently we saw high root slab usage on our production and on further > inspection, we found a buggy application leaking processes. Though that > buggy application was contained within its memcg but we observe much > more system memory overhead, couple of GiBs, during that period. This > overhead can adversely impact the isolation on the system. One of source > of high overhead, we found was cred->secuity objects. A bit of an oversight and the fix is simple. Is it worth a cc:stable?
