iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/kernel
History
Shakeel Butt 84029fd04c memcg: account security cred as well to kmemcg 
The cred_jar kmem_cache is already memcg accounted in the current kernel
but cred->security is not.  Account cred->security to kmemcg.

Recently we saw high root slab usage on our production and on further
inspection, we found a buggy application leaking processes.  Though that
buggy application was contained within its memcg but we observe much
more system memory overhead, couple of GiBs, during that period.  This
overhead can adversely impact the isolation on the system.

One source of high overhead we found was cred->security objects, which
have a lifetime of at least the life of the process which allocated
them.

Link: http://lkml.kernel.org/r/20191205223721.40034-1-shakeelb@google.com
Signed-off-by: Shakeel Butt <shakeelb@google.com>
Acked-by: Chris Down <chris@chrisdown.name>
Reviewed-by: Roman Gushchin <guro@fb.com>
Acked-by: Michal Hocko <mhocko@suse.com>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2020-01-04 13:55:09 -08:00
..
bpf
bpf: Fix precision tracking for unbounded scalars
2019-12-22 17:21:10 -08:00
cgroup
Merge branch 'for-5.5' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup
2019-11-25 19:23:46 -08:00
configs
debug
kdb: Tweak escape handling for vi users
2019-10-28 12:08:29 +00:00
dma
lib/genalloc.c: rename addr_in_gen_pool to gen_pool_has_addr
2019-12-04 19:44:13 -08:00
events
perf/core: Add SRCU annotation for pmus list walk
2019-12-17 13:32:46 +01:00
gcov
um: Enable CONFIG_CONSTRUCTORS
2019-09-15 21:37:13 +02:00
irq
irqchip updates for Linux 5.5
2019-11-20 14:16:34 +01:00
livepatch
New tracing features:
2019-11-27 11:42:01 -08:00
locking
Revert "locking/mutex: Complain upon mutex API misuse in IRQ contexts"
2019-12-11 00:27:43 +01:00
power
Additional power management updates for 5.5-rc1
2019-12-04 10:48:09 -08:00
printk
Merge branch 'irq-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2019-12-03 09:29:50 -08:00
rcu
Merge branches 'doc.2019.10.29a', 'fixes.2019.10.30a', 'nohz.2019.10.28a', 'replace.2019.10.30a', 'torture.2019.10.05a' and 'lkmm.2019.10.05a' into HEAD
2019-10-30 08:47:13 -07:00
sched
Merge branch 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2019-12-21 10:52:10 -08:00
time
ptp: fix the race between the release of ptp_clock and cdev
2019-12-30 20:19:27 -08:00
trace
tracing: Fix endianness bug in histogram trigger
2019-12-21 16:08:59 -05:00
.gitignore
Provide in-kernel headers to make extending kernel easier
2019-04-29 16:48:03 +02:00
acct.c
acct_on(): don't mess with freeze protection
2019-04-04 21:04:13 -04:00
async.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441
2019-06-05 17:37:17 +02:00
audit_fsnotify.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 157
2019-05-30 11:26:37 -07:00
audit_tree.c
fsnotify: switch send_to_group() and ->handle_event to const struct qstr *
2019-04-26 13:51:03 -04:00
audit_watch.c
audit_get_nd(): don't unlock parent too early
2019-11-10 11:56:55 -05:00
audit.c
audit: remove redundant condition check in kauditd_thread()
2019-10-25 11:48:14 -04:00
audit.h
audit/stable-5.3 PR 20190702
2019-07-08 18:55:42 -07:00
auditfilter.c
audit/stable-5.3 PR 20190702
2019-07-08 18:55:42 -07:00
auditsc.c
Revert "bpf: Emit audit messages upon successful prog load and unload"
2019-11-23 09:56:02 -08:00
backtracetest.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441
2019-06-05 17:37:17 +02:00
bounds.c
capability.c
compat.c
y2038: itimer: compat handling to itimer.c
2019-11-15 14:38:30 +01:00
configs.c
kernel/configs: Replace GPL boilerplate code with SPDX identifier
2019-07-30 18:34:15 +02:00
context_tracking.c
context_tracking: Rename context_tracking_is_enabled() => context_tracking_enabled()
2019-10-29 10:01:12 +01:00
cpu_pm.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 282
2019-06-05 17:36:37 +02:00
cpu.c
Merge branch 'locking-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2019-11-26 16:02:40 -08:00
crash_core.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 230
2019-06-19 17:09:06 +02:00
crash_dump.c
treewide: Add SPDX license identifier for missed files
2019-05-21 10:50:45 +02:00
cred.c
memcg: account security cred as well to kmemcg
2020-01-04 13:55:09 -08:00
delayacct.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 25
2019-05-21 11:52:39 +02:00
dma.c
elfcore.c
kernel/elfcore.c: include proper prototypes
2019-09-25 17:51:39 -07:00
exec_domain.c
exit.c
for-linus-2020-01-03
2020-01-03 11:17:14 -08:00
extable.c
bpf: Add support for BTF pointers to x86 JIT
2019-10-17 16:44:36 +02:00
fail_function.c
fail_function: no need to check return value of debugfs_create functions
2019-06-03 15:49:06 +02:00
fork.c
Merge branch 'timers-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2019-12-03 12:20:25 -08:00
freezer.c
Revert "libata, freezer: avoid block device removal while system is frozen"
2019-10-06 09:11:37 -06:00
futex.c
futex: Prevent exit livelock
2019-11-20 09:40:38 +01:00
gen_kheaders.sh
kheaders: explain why include/config/autoconf.h is excluded from md5sum
2019-11-11 20:10:01 +09:00
groups.c
hung_task.c
treewide: Add SPDX license identifier for missed files
2019-05-21 10:50:45 +02:00
iomem.c
mm/nvdimm: add is_ioremap_addr and use that to check ioremap address
2019-07-12 11:05:40 -07:00
irq_work.c
irq_work: Fix IRQ_WORK_BUSY bit clearing
2019-11-15 10:48:37 +01:00
jump_label.c
jump_label: Don't warn on __exit jump entries
2019-08-29 15:10:10 +01:00
kallsyms.c
kallsyms: Don't let kallsyms_lookup_size_offset() fail on retrieving the first symbol
2019-08-27 16:19:56 +01:00
kcmp.c
Kconfig.freezer
treewide: Add SPDX license identifier - Makefile/Kconfig
2019-05-21 10:50:46 +02:00
Kconfig.hz
treewide: Add SPDX license identifier - Makefile/Kconfig
2019-05-21 10:50:46 +02:00
Kconfig.locks
treewide: Add SPDX license identifier - Makefile/Kconfig
2019-05-21 10:50:46 +02:00
Kconfig.preempt
sched/Kconfig: Fix spelling mistake in user-visible help text
2019-11-12 11:35:32 +01:00
kcov.c
kcov: remote coverage support
2019-12-04 19:44:14 -08:00
kexec_core.c
kexec: bail out upon SIGKILL when allocating memory.
2019-09-25 17:51:40 -07:00
kexec_elf.c
kexec_elf: support 32 bit ELF files
2019-09-06 23:58:44 +02:00
kexec_file.c
kexec: Fix pointer-to-int-cast warnings
2019-11-01 21:42:58 +01:00
kexec_internal.h
kexec.c
kexec_load: Disable at runtime if the kernel is locked down
2019-08-19 21:54:15 -07:00
kheaders.c
kheaders: Move from proc to sysfs
2019-05-24 20:16:01 +02:00
kmod.c
kprobes.c
Tracing updates:
2019-09-20 11:19:48 -07:00
ksysfs.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 170
2019-05-30 11:26:39 -07:00
kthread.c
kthread: make __kthread_queue_delayed_work static
2019-10-16 09:20:58 -07:00
latencytop.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441
2019-06-05 17:37:17 +02:00
Makefile
Kbuild updates for v5.5
2019-12-02 17:35:04 -08:00
module_signature.c
MODSIGN: Export module signature definitions
2019-08-05 18:39:56 -04:00
module_signing.c
MODSIGN: Export module signature definitions
2019-08-05 18:39:56 -04:00
module-internal.h
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 36
2019-05-24 17:27:11 +02:00
module.c
This contains 3 changes:
2019-12-11 12:22:38 -08:00
notifier.c
kernel/notifier.c: remove blocking_notifier_chain_cond_register()
2019-12-04 19:44:12 -08:00
nsproxy.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441
2019-06-05 17:37:17 +02:00
padata.c
padata: remove cpu_index from the parallel_queue
2019-09-13 21:15:41 +10:00
panic.c
locking/refcount: Remove unused 'refcount_error_report()' function
2019-11-25 09:15:42 +01:00
params.c
lockdown: Lock down module params that specify hardware parameters (eg. ioport)
2019-08-19 21:54:16 -07:00
pid_namespace.c
fork: extend clone3() to support setting a PID
2019-11-15 23:49:22 +01:00
pid.c
fork: extend clone3() to support setting a PID
2019-11-15 23:49:22 +01:00
profile.c
kernel/profile.c: use cpumask_available to check for NULL cpumask
2019-12-04 19:44:12 -08:00
ptrace.c
ptrace: add PTRACE_GET_SYSCALL_INFO request
2019-07-16 19:23:24 -07:00
range.c
reboot.c
treewide: Add SPDX license identifier for missed files
2019-05-21 10:50:45 +02:00
relay.c
Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2019-03-12 13:27:20 -07:00
resource.c
mm/memory_hotplug.c: use PFN_UP / PFN_DOWN in walk_system_ram_range()
2019-09-24 15:54:09 -07:00
rseq.c
signal: Remove task parameter from force_sig
2019-05-27 09:36:28 -05:00
seccomp.c
seccomp: Check that seccomp_notif is zeroed out by the user
2020-01-02 13:03:45 -08:00
signal.c
cgroup: freezer: call cgroup_enter_frozen() with preemption disabled in ptrace_stop()
2019-10-11 08:39:57 -07:00
smp.c
smp: Warn on function calls from softirq context
2019-07-20 11:27:16 +02:00
smpboot.c
treewide: Add SPDX license identifier for missed files
2019-05-21 10:50:45 +02:00
smpboot.h
softirq.c
Merge branch 'irq-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2019-07-08 11:01:13 -07:00
stackleak.c
stacktrace.c
stacktrace: Get rid of unneeded '!!' pattern
2019-11-11 10:30:59 +01:00
stop_machine.c
Merge branch 'for-mingo' of git://git.kernel.org/pub/scm/linux/kernel/git/paulmck/linux-rcu into core/rcu
2019-10-31 09:33:19 +01:00
sys_ni.c
y2038: allow disabling time32 system calls
2019-11-15 14:38:30 +01:00
sys.c
kernel/sys.c: avoid copying possible padding bytes in copy_to_user
2019-12-04 19:44:12 -08:00
sysctl_binary.c
sysctl: Remove the sysctl system call
2019-11-26 13:03:56 -06:00
sysctl-test.c
kernel/sysctl-test: Add null pointer test for sysctl.c:proc_dointvec()
2019-09-30 17:35:01 -06:00
sysctl.c
kernel: sysctl: make drop_caches write-only
2019-12-01 12:59:07 -08:00
task_work.c
taskstats.c
taskstats: fix data-race
2019-12-04 15:18:39 +01:00
test_kprobes.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 25
2019-05-21 11:52:39 +02:00
torture.c
torture: Remove exporting of internal functions
2019-08-01 14:30:22 -07:00
tracepoint.c
The main changes in this release include:
2019-07-18 11:51:00 -07:00
tsacct.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 157
2019-05-30 11:26:37 -07:00
ucount.c
proc/sysctl: add shared variables for range check
2019-07-18 17:08:07 -07:00
uid16.c
uid16.h
umh.c
treewide: Add SPDX license identifier for missed files
2019-05-21 10:50:45 +02:00
up.c
smp: Remove smp_call_function() and on_each_cpu() return values
2019-06-23 14:26:26 +02:00
user_namespace.c
Keyrings namespacing
2019-07-08 19:36:47 -07:00
user-return-notifier.c
treewide: Add SPDX license identifier for missed files
2019-05-21 10:50:45 +02:00
user.c
Keyrings namespacing
2019-07-08 19:36:47 -07:00
utsname_sysctl.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441
2019-06-05 17:37:17 +02:00
utsname.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441
2019-06-05 17:37:17 +02:00
watchdog_hld.c
kernel/watchdog_hld.c: hard lockup message should end with a newline
2019-04-19 09:46:05 -07:00
watchdog.c
watchdog: Mark watchdog_hrtimer to expire in hard interrupt context
2019-08-01 20:51:20 +02:00
workqueue_internal.h
sched/core, workqueues: Distangle worker accounting from rq lock
2019-04-16 16:55:15 +02:00
workqueue.c
workqueue: Use pr_warn instead of pr_warning
2019-12-06 09:59:30 +01:00