[04/17] memcg: account security cred as well to kmemcg

Message ID	20200104205943.yjTudiqVx%akpm@linux-foundation.org (mailing list archive)
State	New, archived
Headers	show Return-Path: <SRS0=Dfi5=2Z=kvack.org=owner-linux-mm@kernel.org> DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org B2ADF22B48 Date: Sat, 04 Jan 2020 12:59:43 -0800 From: akpm@linux-foundation.org To: akpm@linux-foundation.org, chris@chrisdown.name, guro@fb.com, hannes@cmpxchg.org, linux-mm@kvack.org, mhocko@suse.com, mm-commits@vger.kernel.org, shakeelb@google.com, stable@vger.kernel.org, torvalds@linux-foundation.org Subject: [patch 04/17] memcg: account security cred as well to kmemcg Message-ID: <20200104205943.yjTudiqVx%akpm@linux-foundation.org> User-Agent: s-nail v14.8.16 Sender: owner-linux-mm@kvack.org Precedence: bulk
Series	[01/17] mm/memory_hotplug: shrink zones when offlining memory \| expand [01/17] mm/memory_hotplug: shrink zones when offlining memory [02/17] mm/zsmalloc.c: fix the migrated zspage statistics. [03/17] kcov: fix struct layout for kcov_remote_arg [04/17] memcg: account security cred as well to kmemcg [05/17] mm: move_pages: return valid node id in status if the page is already on the target node [06/17] fs/direct-io.c: include fs/internal.h for missing prototype [07/17] fs/nsfs.c: include headers for missing declarations [08/17] fs/namespace.c: make to_mnt_ns() static [09/17] hexagon: parenthesize registers in asm predicates [10/17] hexagon: work around compiler crash [11/17] fs/posix_acl.c: fix kernel-doc warnings [12/17] mm/oom: fix pgtables units mismatch in Killed process message [13/17] mm/gup: fix memory leak in __gup_benchmark_ioctl [14/17] mm/hugetlb: defer freeing of huge pages if in non-task context [15/17] ocfs2: call journal flush to mark journal as empty after journal recovery when mount [16/17] ocfs2: fix the crash due to call ocfs2_get_dlm_debug once less [17/17] hexagon: define ioremap_uc

Message ID

20200104205943.yjTudiqVx%akpm@linux-foundation.org (mailing list archive)

State

New, archived

Headers

DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org B2ADF22B48
Date: Sat, 04 Jan 2020 12:59:43 -0800
From: akpm@linux-foundation.org
To: akpm@linux-foundation.org, chris@chrisdown.name, guro@fb.com,
 hannes@cmpxchg.org, linux-mm@kvack.org, mhocko@suse.com,
 mm-commits@vger.kernel.org, shakeelb@google.com, stable@vger.kernel.org,
 torvalds@linux-foundation.org
Subject: [patch 04/17] memcg: account security cred as well to
 kmemcg
Message-ID: <20200104205943.yjTudiqVx%akpm@linux-foundation.org>
User-Agent: s-nail v14.8.16
Sender: owner-linux-mm@kvack.org
Precedence: bulk

Series

[01/17] mm/memory_hotplug: shrink zones when offlining memory | expand

Commit Message

Andrew Morton Jan. 4, 2020, 8:59 p.m. UTC

From: Shakeel Butt <shakeelb@google.com>
Subject: memcg: account security cred as well to kmemcg

The cred_jar kmem_cache is already memcg accounted in the current kernel
but cred->security is not.  Account cred->security to kmemcg.

Recently we saw high root slab usage on our production and on further
inspection, we found a buggy application leaking processes.  Though
that buggy application was contained within its memcg but we observe
much more system memory overhead, couple of GiBs, during that period. 
This overhead can adversely impact the isolation on the system.  One of
source of high overhead, we found was cred->secuity objects, which have
a lifetime of at least the life of the process which allocated them.

Link: http://lkml.kernel.org/r/20191205223721.40034-1-shakeelb@google.com
Signed-off-by: Shakeel Butt <shakeelb@google.com>
Acked-by: Chris Down <chris@chrisdown.name>
Reviewed-by: Roman Gushchin <guro@fb.com>
Acked-by: Michal Hocko <mhocko@suse.com>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 kernel/cred.c |    6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

--- a/kernel/cred.c~memcg-account-security-cred-as-well-to-kmemcg
+++ a/kernel/cred.c
@@ -223,7 +223,7 @@  struct cred *cred_alloc_blank(void)
 	new->magic = CRED_MAGIC;
 #endif
 
-	if (security_cred_alloc_blank(new, GFP_KERNEL) < 0)
+	if (security_cred_alloc_blank(new, GFP_KERNEL_ACCOUNT) < 0)
 		goto error;
 
 	return new;
@@ -282,7 +282,7 @@  struct cred *prepare_creds(void)
 	new->security = NULL;
 #endif
 
-	if (security_prepare_creds(new, old, GFP_KERNEL) < 0)
+	if (security_prepare_creds(new, old, GFP_KERNEL_ACCOUNT) < 0)
 		goto error;
 	validate_creds(new);
 	return new;
@@ -715,7 +715,7 @@  struct cred *prepare_kernel_cred(struct
 #ifdef CONFIG_SECURITY
 	new->security = NULL;
 #endif
-	if (security_prepare_creds(new, old, GFP_KERNEL) < 0)
+	if (security_prepare_creds(new, old, GFP_KERNEL_ACCOUNT) < 0)
 		goto error;
 
 	put_cred(old);

[04/17] memcg: account security cred as well to kmemcg

Commit Message

Patch