* [RFC PATCH 1/3] misc_cgroup: add support for nofile limit
@ 2021-07-22 9:38 ` brookxu
0 siblings, 0 replies; 7+ messages in thread
From: brookxu @ 2021-07-22 9:38 UTC (permalink / raw)
To: viro-RmSDqhL/yNMiFSDQTTA3OLVCufUGDwFn, tj-DgEjT+Ai2ygdnm+yROfE0A,
lizefan.x-EC8Uxl6Npydl57MIdRCFDg, hannes-druUgvl0LCNAfugRpC6u6w
Cc: linux-kernel-u79uwXL29TY76Z2rM5mHXA,
linux-fsdevel-u79uwXL29TY76Z2rM5mHXA,
cgroups-u79uwXL29TY76Z2rM5mHXA
From: Chunguang Xu <brookxu-1Nz4purKYjRBDgjK7y7TUQ@public.gmane.org>
Since the global open files are limited, in order to avoid the
abnormal behavior of some containers from generating too many
files, causing other containers to be unavailable, we need to
limit the open files of some containers.
Signed-off-by: Chunguang Xu <brookxu-1Nz4purKYjRBDgjK7y7TUQ@public.gmane.org>
---
fs/file_table.c | 25 +++++++++++++++++++++++--
include/linux/fs.h | 4 +++-
include/linux/misc_cgroup.h | 1 +
kernel/cgroup/misc.c | 1 +
4 files changed, 28 insertions(+), 3 deletions(-)
diff --git a/fs/file_table.c b/fs/file_table.c
index 45437f8e1003..a7848a4cac19 100644
--- a/fs/file_table.c
+++ b/fs/file_table.c
@@ -29,6 +29,7 @@
#include <linux/swap.h>
#include <linux/atomic.h>
+#include <linux/misc_cgroup.h>
#include "internal.h"
@@ -53,8 +54,14 @@ static void file_free_rcu(struct rcu_head *head)
static inline void file_free(struct file *f)
{
security_file_free(f);
- if (!(f->f_mode & FMODE_NOACCOUNT))
+ if (!(f->f_mode & FMODE_NOACCOUNT)) {
+ struct misc_cg *misc_cg = css_misc(f->f_css);
+
+ misc_cg_uncharge(MISC_CG_RES_NOFILE, misc_cg, 1);
+ put_misc_cg(misc_cg);
+
percpu_counter_dec(&nr_files);
+ }
call_rcu(&f->f_u.fu_rcuhead, file_free_rcu);
}
@@ -148,8 +155,20 @@ struct file *alloc_empty_file(int flags, const struct cred *cred)
}
f = __alloc_file(flags, cred);
- if (!IS_ERR(f))
+ if (!IS_ERR(f)) {
+ struct misc_cg *misc_cg = get_current_misc_cg();
+ int ret;
+
+ ret = misc_cg_try_charge(MISC_CG_RES_NOFILE, misc_cg, 1);
+ if (ret < 0) {
+ put_misc_cg(misc_cg);
+ file_free(f);
+ goto out;
+ }
+
percpu_counter_inc(&nr_files);
+ f->f_css = &misc_cg->css;
+ }
return f;
@@ -159,6 +178,7 @@ struct file *alloc_empty_file(int flags, const struct cred *cred)
pr_info("VFS: file-max limit %lu reached\n", get_max_files());
old_max = get_nr_files();
}
+ out:
return ERR_PTR(-ENFILE);
}
@@ -397,4 +417,5 @@ void __init files_maxfiles_init(void)
n = ((nr_pages - memreserve) * (PAGE_SIZE / 1024)) / 10;
files_stat.max_files = max_t(unsigned long, n, NR_FILE);
+ misc_cg_set_capacity(MISC_CG_RES_NOFILE, files_stat.max_files);
}
diff --git a/include/linux/fs.h b/include/linux/fs.h
index fad6663cd1b0..9ef3dd579ed6 100644
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -947,7 +947,9 @@ struct file {
#endif
/* needed for tty driver, and maybe others */
void *private_data;
-
+#ifdef CONFIG_CGROUP_MISC
+ struct cgroup_subsys_state *f_css;
+#endif
#ifdef CONFIG_EPOLL
/* Used by fs/eventpoll.c to link all the hooks to this file */
struct hlist_head *f_ep;
diff --git a/include/linux/misc_cgroup.h b/include/linux/misc_cgroup.h
index da2367e2ac1e..8450a5e66de0 100644
--- a/include/linux/misc_cgroup.h
+++ b/include/linux/misc_cgroup.h
@@ -18,6 +18,7 @@ enum misc_res_type {
/* AMD SEV-ES ASIDs resource */
MISC_CG_RES_SEV_ES,
#endif
+ MISC_CG_RES_NOFILE,
MISC_CG_RES_TYPES
};
diff --git a/kernel/cgroup/misc.c b/kernel/cgroup/misc.c
index ec02d963cad1..5d51b8eeece6 100644
--- a/kernel/cgroup/misc.c
+++ b/kernel/cgroup/misc.c
@@ -24,6 +24,7 @@ static const char *const misc_res_name[] = {
/* AMD SEV-ES ASIDs resource */
"sev_es",
#endif
+ "nofile"
};
/* Root misc cgroup */
--
2.30.0
^ permalink raw reply related [flat|nested] 7+ messages in thread* [RFC PATCH 2/3] misc_cgroup: add failcnt counter
@ 2021-07-22 9:38 ` brookxu
0 siblings, 0 replies; 7+ messages in thread
From: brookxu @ 2021-07-22 9:38 UTC (permalink / raw)
To: viro, tj, lizefan.x, hannes; +Cc: linux-kernel, linux-fsdevel, cgroups
From: Chunguang Xu <brookxu@tencent.com>
Instead of printing logs, we should probably track failures through
a failcnt counter, similar to mem_cgroup.
Signed-off-by: Chunguang Xu <brookxu@tencent.com>
---
include/linux/misc_cgroup.h | 1 +
kernel/cgroup/misc.c | 30 ++++++++++++++++++++++++++++++
2 files changed, 31 insertions(+)
diff --git a/include/linux/misc_cgroup.h b/include/linux/misc_cgroup.h
index 8450a5e66de0..dd1a786f39b8 100644
--- a/include/linux/misc_cgroup.h
+++ b/include/linux/misc_cgroup.h
@@ -37,6 +37,7 @@ struct misc_cg;
struct misc_res {
unsigned long max;
atomic_long_t usage;
+ atomic_long_t failcnt;
bool failed;
};
diff --git a/kernel/cgroup/misc.c b/kernel/cgroup/misc.c
index 5d51b8eeece6..7c568b619f82 100644
--- a/kernel/cgroup/misc.c
+++ b/kernel/cgroup/misc.c
@@ -165,6 +165,7 @@ int misc_cg_try_charge(enum misc_res_type type, struct misc_cg *cg,
pr_cont("\n");
res->failed = true;
}
+ atomic_long_inc(&res->failcnt);
ret = -EBUSY;
goto err_charge;
}
@@ -312,6 +313,29 @@ static int misc_cg_current_show(struct seq_file *sf, void *v)
return 0;
}
+/**
+ * misc_cg_failcnt_show() - Show the fail count of the misc cgroup.
+ * @sf: Interface file
+ * @v: Arguments passed
+ *
+ * Context: Any context.
+ * Return: 0 to denote successful print.
+ */
+static int misc_cg_failcnt_show(struct seq_file *sf, void *v)
+{
+ int i;
+ unsigned long failcnt;
+ struct misc_cg *cg = css_misc(seq_css(sf));
+
+ for (i = 0; i < MISC_CG_RES_TYPES; i++) {
+ failcnt = atomic_long_read(&cg->res[i].failcnt);
+ if (READ_ONCE(misc_res_capacity[i]) || failcnt)
+ seq_printf(sf, "%s %lu\n", misc_res_name[i], failcnt);
+ }
+
+ return 0;
+}
+
/**
* misc_cg_capacity_show() - Show the total capacity of misc res on the host.
* @sf: Interface file
@@ -349,6 +373,11 @@ static struct cftype misc_cg_files[] = {
.seq_show = misc_cg_current_show,
.flags = CFTYPE_NOT_ON_ROOT,
},
+ {
+ .name = "failcnt",
+ .seq_show = misc_cg_failcnt_show,
+ .flags = CFTYPE_NOT_ON_ROOT,
+ },
{
.name = "capacity",
.seq_show = misc_cg_capacity_show,
@@ -383,6 +412,7 @@ misc_cg_alloc(struct cgroup_subsys_state *parent_css)
for (i = 0; i < MISC_CG_RES_TYPES; i++) {
WRITE_ONCE(cg->res[i].max, MAX_NUM);
atomic_long_set(&cg->res[i].usage, 0);
+ atomic_long_set(&cg->res[i].failcnt, 0);
}
return &cg->css;
--
2.30.0
^ permalink raw reply related [flat|nested] 7+ messages in thread* [RFC PATCH 2/3] misc_cgroup: add failcnt counter
@ 2021-07-22 9:38 ` brookxu
0 siblings, 0 replies; 7+ messages in thread
From: brookxu @ 2021-07-22 9:38 UTC (permalink / raw)
To: viro-RmSDqhL/yNMiFSDQTTA3OLVCufUGDwFn, tj-DgEjT+Ai2ygdnm+yROfE0A,
lizefan.x-EC8Uxl6Npydl57MIdRCFDg, hannes-druUgvl0LCNAfugRpC6u6w
Cc: linux-kernel-u79uwXL29TY76Z2rM5mHXA,
linux-fsdevel-u79uwXL29TY76Z2rM5mHXA,
cgroups-u79uwXL29TY76Z2rM5mHXA
From: Chunguang Xu <brookxu-1Nz4purKYjRBDgjK7y7TUQ@public.gmane.org>
Instead of printing logs, we should probably track failures through
a failcnt counter, similar to mem_cgroup.
Signed-off-by: Chunguang Xu <brookxu-1Nz4purKYjRBDgjK7y7TUQ@public.gmane.org>
---
include/linux/misc_cgroup.h | 1 +
kernel/cgroup/misc.c | 30 ++++++++++++++++++++++++++++++
2 files changed, 31 insertions(+)
diff --git a/include/linux/misc_cgroup.h b/include/linux/misc_cgroup.h
index 8450a5e66de0..dd1a786f39b8 100644
--- a/include/linux/misc_cgroup.h
+++ b/include/linux/misc_cgroup.h
@@ -37,6 +37,7 @@ struct misc_cg;
struct misc_res {
unsigned long max;
atomic_long_t usage;
+ atomic_long_t failcnt;
bool failed;
};
diff --git a/kernel/cgroup/misc.c b/kernel/cgroup/misc.c
index 5d51b8eeece6..7c568b619f82 100644
--- a/kernel/cgroup/misc.c
+++ b/kernel/cgroup/misc.c
@@ -165,6 +165,7 @@ int misc_cg_try_charge(enum misc_res_type type, struct misc_cg *cg,
pr_cont("\n");
res->failed = true;
}
+ atomic_long_inc(&res->failcnt);
ret = -EBUSY;
goto err_charge;
}
@@ -312,6 +313,29 @@ static int misc_cg_current_show(struct seq_file *sf, void *v)
return 0;
}
+/**
+ * misc_cg_failcnt_show() - Show the fail count of the misc cgroup.
+ * @sf: Interface file
+ * @v: Arguments passed
+ *
+ * Context: Any context.
+ * Return: 0 to denote successful print.
+ */
+static int misc_cg_failcnt_show(struct seq_file *sf, void *v)
+{
+ int i;
+ unsigned long failcnt;
+ struct misc_cg *cg = css_misc(seq_css(sf));
+
+ for (i = 0; i < MISC_CG_RES_TYPES; i++) {
+ failcnt = atomic_long_read(&cg->res[i].failcnt);
+ if (READ_ONCE(misc_res_capacity[i]) || failcnt)
+ seq_printf(sf, "%s %lu\n", misc_res_name[i], failcnt);
+ }
+
+ return 0;
+}
+
/**
* misc_cg_capacity_show() - Show the total capacity of misc res on the host.
* @sf: Interface file
@@ -349,6 +373,11 @@ static struct cftype misc_cg_files[] = {
.seq_show = misc_cg_current_show,
.flags = CFTYPE_NOT_ON_ROOT,
},
+ {
+ .name = "failcnt",
+ .seq_show = misc_cg_failcnt_show,
+ .flags = CFTYPE_NOT_ON_ROOT,
+ },
{
.name = "capacity",
.seq_show = misc_cg_capacity_show,
@@ -383,6 +412,7 @@ misc_cg_alloc(struct cgroup_subsys_state *parent_css)
for (i = 0; i < MISC_CG_RES_TYPES; i++) {
WRITE_ONCE(cg->res[i].max, MAX_NUM);
atomic_long_set(&cg->res[i].usage, 0);
+ atomic_long_set(&cg->res[i].failcnt, 0);
}
return &cg->css;
--
2.30.0
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [RFC PATCH 3/3] misc_cgroup: delete failed logs to avoid log flooding
@ 2021-07-22 9:38 ` brookxu
0 siblings, 0 replies; 7+ messages in thread
From: brookxu @ 2021-07-22 9:38 UTC (permalink / raw)
To: viro, tj, lizefan.x, hannes; +Cc: linux-kernel, linux-fsdevel, cgroups
From: Chunguang Xu <brookxu@tencent.com>
Since the upper-level logic will constantly retry when it fails, in
high-stress scenarios, a large number of failure logs may affect
performance. Therefore, we can replace it with the failcnt counter.
Signed-off-by: Chunguang Xu <brookxu@tencent.com>
---
kernel/cgroup/misc.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/kernel/cgroup/misc.c b/kernel/cgroup/misc.c
index 7c568b619f82..b7de0fafa48a 100644
--- a/kernel/cgroup/misc.c
+++ b/kernel/cgroup/misc.c
@@ -159,8 +159,6 @@ int misc_cg_try_charge(enum misc_res_type type, struct misc_cg *cg,
if (new_usage > READ_ONCE(res->max) ||
new_usage > READ_ONCE(misc_res_capacity[type])) {
if (!res->failed) {
- pr_info("cgroup: charge rejected by the misc controller for %s resource in ",
- misc_res_name[type]);
pr_cont_cgroup_path(i->css.cgroup);
pr_cont("\n");
res->failed = true;
--
2.30.0
^ permalink raw reply related [flat|nested] 7+ messages in thread* [RFC PATCH 3/3] misc_cgroup: delete failed logs to avoid log flooding
@ 2021-07-22 9:38 ` brookxu
0 siblings, 0 replies; 7+ messages in thread
From: brookxu @ 2021-07-22 9:38 UTC (permalink / raw)
To: viro-RmSDqhL/yNMiFSDQTTA3OLVCufUGDwFn, tj-DgEjT+Ai2ygdnm+yROfE0A,
lizefan.x-EC8Uxl6Npydl57MIdRCFDg, hannes-druUgvl0LCNAfugRpC6u6w
Cc: linux-kernel-u79uwXL29TY76Z2rM5mHXA,
linux-fsdevel-u79uwXL29TY76Z2rM5mHXA,
cgroups-u79uwXL29TY76Z2rM5mHXA
From: Chunguang Xu <brookxu-1Nz4purKYjRBDgjK7y7TUQ@public.gmane.org>
Since the upper-level logic will constantly retry when it fails, in
high-stress scenarios, a large number of failure logs may affect
performance. Therefore, we can replace it with the failcnt counter.
Signed-off-by: Chunguang Xu <brookxu-1Nz4purKYjRBDgjK7y7TUQ@public.gmane.org>
---
kernel/cgroup/misc.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/kernel/cgroup/misc.c b/kernel/cgroup/misc.c
index 7c568b619f82..b7de0fafa48a 100644
--- a/kernel/cgroup/misc.c
+++ b/kernel/cgroup/misc.c
@@ -159,8 +159,6 @@ int misc_cg_try_charge(enum misc_res_type type, struct misc_cg *cg,
if (new_usage > READ_ONCE(res->max) ||
new_usage > READ_ONCE(misc_res_capacity[type])) {
if (!res->failed) {
- pr_info("cgroup: charge rejected by the misc controller for %s resource in ",
- misc_res_name[type]);
pr_cont_cgroup_path(i->css.cgroup);
pr_cont("\n");
res->failed = true;
--
2.30.0
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [RFC PATCH 1/3] misc_cgroup: add support for nofile limit
2021-07-22 9:38 ` brookxu
` (2 preceding siblings ...)
(?)
@ 2021-07-22 13:43 ` kernel test robot
-1 siblings, 0 replies; 7+ messages in thread
From: kernel test robot @ 2021-07-22 13:43 UTC (permalink / raw)
To: kbuild-all
[-- Attachment #1: Type: text/plain, Size: 6475 bytes --]
Hi brookxu,
[FYI, it's a private test report for your RFC patch.]
[auto build test ERROR on cgroup/for-next]
[also build test ERROR on linux/master linus/master v5.14-rc2 next-20210722]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]
url: https://github.com/0day-ci/linux/commits/brookxu/misc_cgroup-add-support-for-nofile-limit/20210722-174033
base: https://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup.git for-next
config: x86_64-randconfig-a003-20210722 (attached as .config)
compiler: gcc-10 (Ubuntu 10.3.0-1ubuntu1~20.04) 10.3.0
reproduce (this is a W=1 build):
# https://github.com/0day-ci/linux/commit/5f2344b35ac15d834c4b76284f89f68c68634638
git remote add linux-review https://github.com/0day-ci/linux
git fetch --no-tags linux-review brookxu/misc_cgroup-add-support-for-nofile-limit/20210722-174033
git checkout 5f2344b35ac15d834c4b76284f89f68c68634638
# save the attached .config to linux build tree
make W=1 ARCH=x86_64
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
All errors (new ones prefixed by >>):
fs/file_table.c: In function 'file_free':
>> fs/file_table.c:58:29: error: implicit declaration of function 'css_misc' [-Werror=implicit-function-declaration]
58 | struct misc_cg *misc_cg = css_misc(f->f_css);
| ^~~~~~~~
>> fs/file_table.c:58:39: error: 'struct file' has no member named 'f_css'
58 | struct misc_cg *misc_cg = css_misc(f->f_css);
| ^~
fs/file_table.c: In function 'alloc_empty_file':
fs/file_table.c:170:4: error: 'struct file' has no member named 'f_css'
170 | f->f_css = &misc_cg->css;
| ^~
>> fs/file_table.c:170:22: error: invalid use of undefined type 'struct misc_cg'
170 | f->f_css = &misc_cg->css;
| ^~
cc1: some warnings being treated as errors
vim +/css_misc +58 fs/file_table.c
53
54 static inline void file_free(struct file *f)
55 {
56 security_file_free(f);
57 if (!(f->f_mode & FMODE_NOACCOUNT)) {
> 58 struct misc_cg *misc_cg = css_misc(f->f_css);
59
60 misc_cg_uncharge(MISC_CG_RES_NOFILE, misc_cg, 1);
61 put_misc_cg(misc_cg);
62
63 percpu_counter_dec(&nr_files);
64 }
65 call_rcu(&f->f_u.fu_rcuhead, file_free_rcu);
66 }
67
68 /*
69 * Return the total number of open files in the system
70 */
71 static long get_nr_files(void)
72 {
73 return percpu_counter_read_positive(&nr_files);
74 }
75
76 /*
77 * Return the maximum number of open files in the system
78 */
79 unsigned long get_max_files(void)
80 {
81 return files_stat.max_files;
82 }
83 EXPORT_SYMBOL_GPL(get_max_files);
84
85 /*
86 * Handle nr_files sysctl
87 */
88 #if defined(CONFIG_SYSCTL) && defined(CONFIG_PROC_FS)
89 int proc_nr_files(struct ctl_table *table, int write,
90 void *buffer, size_t *lenp, loff_t *ppos)
91 {
92 files_stat.nr_files = get_nr_files();
93 return proc_doulongvec_minmax(table, write, buffer, lenp, ppos);
94 }
95 #else
96 int proc_nr_files(struct ctl_table *table, int write,
97 void *buffer, size_t *lenp, loff_t *ppos)
98 {
99 return -ENOSYS;
100 }
101 #endif
102
103 static struct file *__alloc_file(int flags, const struct cred *cred)
104 {
105 struct file *f;
106 int error;
107
108 f = kmem_cache_zalloc(filp_cachep, GFP_KERNEL);
109 if (unlikely(!f))
110 return ERR_PTR(-ENOMEM);
111
112 f->f_cred = get_cred(cred);
113 error = security_file_alloc(f);
114 if (unlikely(error)) {
115 file_free_rcu(&f->f_u.fu_rcuhead);
116 return ERR_PTR(error);
117 }
118
119 atomic_long_set(&f->f_count, 1);
120 rwlock_init(&f->f_owner.lock);
121 spin_lock_init(&f->f_lock);
122 mutex_init(&f->f_pos_lock);
123 f->f_flags = flags;
124 f->f_mode = OPEN_FMODE(flags);
125 /* f->f_version: 0 */
126
127 return f;
128 }
129
130 /* Find an unused file structure and return a pointer to it.
131 * Returns an error pointer if some error happend e.g. we over file
132 * structures limit, run out of memory or operation is not permitted.
133 *
134 * Be very careful using this. You are responsible for
135 * getting write access to any mount that you might assign
136 * to this filp, if it is opened for write. If this is not
137 * done, you will imbalance int the mount's writer count
138 * and a warning at __fput() time.
139 */
140 struct file *alloc_empty_file(int flags, const struct cred *cred)
141 {
142 static long old_max;
143 struct file *f;
144
145 /*
146 * Privileged users can go above max_files
147 */
148 if (get_nr_files() >= files_stat.max_files && !capable(CAP_SYS_ADMIN)) {
149 /*
150 * percpu_counters are inaccurate. Do an expensive check before
151 * we go and fail.
152 */
153 if (percpu_counter_sum_positive(&nr_files) >= files_stat.max_files)
154 goto over;
155 }
156
157 f = __alloc_file(flags, cred);
158 if (!IS_ERR(f)) {
159 struct misc_cg *misc_cg = get_current_misc_cg();
160 int ret;
161
162 ret = misc_cg_try_charge(MISC_CG_RES_NOFILE, misc_cg, 1);
163 if (ret < 0) {
164 put_misc_cg(misc_cg);
165 file_free(f);
166 goto out;
167 }
168
169 percpu_counter_inc(&nr_files);
> 170 f->f_css = &misc_cg->css;
171 }
172
173 return f;
174
175 over:
176 /* Ran out of filps - report that */
177 if (get_nr_files() > old_max) {
178 pr_info("VFS: file-max limit %lu reached\n", get_max_files());
179 old_max = get_nr_files();
180 }
181 out:
182 return ERR_PTR(-ENFILE);
183 }
184
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org
[-- Attachment #2: config.gz --]
[-- Type: application/gzip, Size: 35293 bytes --]
^ permalink raw reply [flat|nested] 7+ messages in thread