From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-17.4 required=3.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH, MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT, USER_IN_DEF_DKIM_WL autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A0F0CC2D0C0 for ; Thu, 5 Dec 2019 22:39:30 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 469C220675 for ; Thu, 5 Dec 2019 22:39:30 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="slwC1m8p" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 469C220675 Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id A9E4C6B128A; Thu, 5 Dec 2019 17:39:29 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id A4F606B128B; Thu, 5 Dec 2019 17:39:29 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 9655E6B128C; Thu, 5 Dec 2019 17:39:29 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0254.hostedemail.com [216.40.44.254]) by kanga.kvack.org (Postfix) with ESMTP id 8080D6B128A for ; Thu, 5 Dec 2019 17:39:29 -0500 (EST) Received: from smtpin20.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay04.hostedemail.com (Postfix) with SMTP id 30251513 for ; Thu, 5 Dec 2019 22:39:29 +0000 (UTC) X-FDA: 76232555658.20.moon03_52c867f275425 X-HE-Tag: moon03_52c867f275425 X-Filterd-Recvd-Size: 4191 Received: from mail-pl1-f201.google.com (mail-pl1-f201.google.com [209.85.214.201]) by imf37.hostedemail.com (Postfix) with ESMTP for ; Thu, 5 Dec 2019 22:39:28 +0000 (UTC) Received: by mail-pl1-f201.google.com with SMTP id z9so2400645plo.8 for ; Thu, 05 Dec 2019 14:39:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:message-id:mime-version:subject:from:to:cc; bh=kGHV6wWHuR85r8JUVhZxWZLnGRhOsKtFOqh8044dUiY=; b=slwC1m8pMy3CmZ2Rmyejy/2oozQ0iVHpXII02F/rtTyqOBzv3xgogwpPqHDQtMdtmR NpRHBcfjGdSKwuQ9FR5ybbmGuPZ010y+jjBQWWgvpMwt5JRr6YX3C3L0Pz1N3fJfB6rT 3u8tDZAcToNIzsyinGyh22g18lwiMnbk/QS+6xwzvl5vlBHfNX3qYsSC0R/5v7Ez9ZKv x1dtRLFrYHDk7vCGBYEb0yK6nIJGyZ9L8FbEwzcEtDuEqHE2Sz492L1sTgODQFy+V5cc ejenTr1sN//W7JtpSZ6aF4FZ6/ErbCKlbY0UV9cfW5WChHmAH9bCSKrkOGulQ8MLVae9 G6cA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:message-id:mime-version:subject:from:to:cc; bh=kGHV6wWHuR85r8JUVhZxWZLnGRhOsKtFOqh8044dUiY=; b=XEsqbaBeky+Ut11whIcvkxecIsgQa70cBhHYMcEoA175lwBvA7Eh7oavuZV8NU0tmQ X/Ugh4a89SA1DSS/HnNibgtzTKBk5m4UYAshlUZj1qtXDba2vppsTWI01rSfYfy1/d8I 0i58NrpSMdOCC9Rxi+O9jExwSMCWX466IQiF3pffNf2eMVASx2UPpdLoGqlnhtADA0rx t0p3ZCGPW75KX1G2XY+nozfifLhvtCok11ByWmxAz7VBYTT3yB3fyl7Q2CqEwSHOknt+ yRCiswdVGFT2xGAcwMvSSAMApsL6sak/08ryf30WPm+Nq/33juUMu3Oer5BJCeNB06j3 XzIg== X-Gm-Message-State: APjAAAXBb0YELnNnGFRSYTlNIu2Jd25s5wuwbHR5nCbAH43T2xaTr71D 1kM2M2KzANY/kqRgRE8soS/N5/smJHgJAg== X-Google-Smtp-Source: APXvYqwe4CwGsiUN2fTj1I/3OuD/q3NkVnY6avpKVZED0zX+q/YWlF8hdegcNwN7w8/e+OsExNr2SJOakyob1g== X-Received: by 2002:a63:8eca:: with SMTP id k193mr11745136pge.293.1575585567543; Thu, 05 Dec 2019 14:39:27 -0800 (PST) Date: Thu, 5 Dec 2019 14:37:21 -0800 Message-Id: <20191205223721.40034-1-shakeelb@google.com> Mime-Version: 1.0 X-Mailer: git-send-email 2.24.0.393.g34dc348eaf-goog Subject: [PATCH] memcg: account security cred as well to kmemcg From: Shakeel Butt To: Andrew Morton Cc: Roman Gushchin , linux-mm@kvack.org, Johannes Weiner , Michal Hocko , linux-kernel@vger.kernel.org, Shakeel Butt Content-Type: text/plain; charset="UTF-8" X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: The cred_jar kmem_cache is already memcg accounted in the current kernel but cred->security is not. Account cred->security to kmemcg. Recently we saw high root slab usage on our production and on further inspection, we found a buggy application leaking processes. Though that buggy application was contained within its memcg but we observe much more system memory overhead, couple of GiBs, during that period. This overhead can adversely impact the isolation on the system. One of source of high overhead, we found was cred->secuity objects. Signed-off-by: Shakeel Butt --- kernel/cred.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/kernel/cred.c b/kernel/cred.c index c0a4c12d38b2..9ed51b70ed80 100644 --- a/kernel/cred.c +++ b/kernel/cred.c @@ -223,7 +223,7 @@ struct cred *cred_alloc_blank(void) new->magic = CRED_MAGIC; #endif - if (security_cred_alloc_blank(new, GFP_KERNEL) < 0) + if (security_cred_alloc_blank(new, GFP_KERNEL_ACCOUNT) < 0) goto error; return new; @@ -282,7 +282,7 @@ struct cred *prepare_creds(void) new->security = NULL; #endif - if (security_prepare_creds(new, old, GFP_KERNEL) < 0) + if (security_prepare_creds(new, old, GFP_KERNEL_ACCOUNT) < 0) goto error; validate_creds(new); return new; @@ -715,7 +715,7 @@ struct cred *prepare_kernel_cred(struct task_struct *daemon) #ifdef CONFIG_SECURITY new->security = NULL; #endif - if (security_prepare_creds(new, old, GFP_KERNEL) < 0) + if (security_prepare_creds(new, old, GFP_KERNEL_ACCOUNT) < 0) goto error; put_cred(old); -- 2.24.0.393.g34dc348eaf-goog