On Fri, Dec 6, 2019 at 4:13 PM Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> wrote: > > On Thu, 5 Dec 2019 14:37:21 -0800 Shakeel Butt <shakeelb@xxxxxxxxxx> wrote: > > > The cred_jar kmem_cache is already memcg accounted in the current > > kernel but cred->security is not. Account cred->security to kmemcg. > > > > Recently we saw high root slab usage on our production and on further > > inspection, we found a buggy application leaking processes. Though that > > buggy application was contained within its memcg but we observe much > > more system memory overhead, couple of GiBs, during that period. This > > overhead can adversely impact the isolation on the system. One of source > > of high overhead, we found was cred->secuity objects. > > A bit of an oversight and the fix is simple. Is it worth a cc:stable? Yes, I think it is simple and safe enough for stable.
