From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E5104C54E94 for ; Tue, 24 Jan 2023 18:27:33 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231246AbjAXS1c (ORCPT ); Tue, 24 Jan 2023 13:27:32 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37124 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230048AbjAXS1a (ORCPT ); Tue, 24 Jan 2023 13:27:30 -0500 Received: from mail-ej1-x636.google.com (mail-ej1-x636.google.com [IPv6:2a00:1450:4864:20::636]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6B6BD3D0BA for ; Tue, 24 Jan 2023 10:27:29 -0800 (PST) Received: by mail-ej1-x636.google.com with SMTP id az20so41478660ejc.1 for ; Tue, 24 Jan 2023 10:27:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=RIwygwRM9tzobh7QaVo0cnmbFvKeH50XulwOSqSD844=; b=cBbJb/Nx3OmOGYqdI8Yo1XttKVQwMvETRTZnmA/yBdPsHIR2qt4/Iv5TghMNeWcf7g 3NwPmcWCiVrWVMIFPwvpqPx777Yo9B1ExCJfTWMFeKrUQllNjdvxr0DdCrlBzyrV0gov T7fZd0SmjzqKN8Jz/z4d6G+zYENz5OUYmVrXV2gxXpGfvL2OHf5b+orFKoR9hII5TC11 uHTu8Shf5tqIRjjT4iaN2O23SRGB5uf9WaYPy4t4ihT2foBPhFAGS9TDdMbZxzUEywuo RGHCjr7/DDLcUoFp0xwsRRdmX81H2m/F8AKB5c/eM0Z+e0GoeLC9zauUJ/knC5ZVdtwt hM+w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=RIwygwRM9tzobh7QaVo0cnmbFvKeH50XulwOSqSD844=; b=O8EkQFi/O5IXXlet6Y6cCE937V5xOku64ZqgIvohpOfT0jvb9hzYYgMnossQu9Rqgq YOogZ0ONso7MOtQqlpRt1+seYzR3vStHmnqUdb6adXQnXYtYnv+P/FLcKETp5Lrq59lZ ZSmgmw55ankZS3BUIUixfH6Er2jFVk+9DmFANbIZQe4k1zzTvN8Mu1X1QjcTmOoX3n7Z rvYGq5FYkWwhvVGaQ0EYwNLMYnJWJFYrH4p+Yu/XMzbyuZAyvwqhCKf5MoiY6y1IIUJ0 WGjU0xDTG061Li++Vo9pLaVWI5wKMDbIruZcuJ1J6tPz/rKihcGRUVnt0rEd94Y7V1Tb 73zQ== X-Gm-Message-State: AFqh2kpQxHUKAJeoFeZAX4AfHeeYpEGnojsAM4jk03gpaKycGeBCP4iD 0ZTkv/5J2SGN4p6XgGyLK5ztD7QKFxvkmMZFVAkJEA== X-Google-Smtp-Source: AMrXdXsu4OXpseg7nR0i1smFRE12hMtFwaOjRfzoI8Hv61dk6zz58TcLoy62SrgqOS77rNtGXfXSXi9UZI+OwNj5rx4= X-Received: by 2002:a17:906:3487:b0:861:7caf:c252 with SMTP id g7-20020a170906348700b008617cafc252mr3272304ejb.212.1674584847639; Tue, 24 Jan 2023 10:27:27 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Yosry Ahmed Date: Tue, 24 Jan 2023 10:26:49 -0800 Message-ID: Subject: Re: [RFC PATCH 00/19] mm: Introduce a cgroup to limit the amount of locked and pinned memory To: Alistair Popple Cc: linux-mm@kvack.org, cgroups@vger.kernel.org, linux-kernel@vger.kernel.org, jgg@nvidia.com, jhubbard@nvidia.com, tjmercier@google.com, hannes@cmpxchg.org, surenb@google.com, mkoutny@suse.com, daniel@ffwll.ch Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Jan 23, 2023 at 9:43 PM Alistair Popple wrote: > > Having large amounts of unmovable or unreclaimable memory in a system > can lead to system instability due to increasing the likelihood of > encountering out-of-memory conditions. Therefore it is desirable to > limit the amount of memory users can lock or pin. > > From userspace such limits can be enforced by setting > RLIMIT_MEMLOCK. However there is no standard method that drivers and > other in-kernel users can use to check and enforce this limit. > > This has lead to a large number of inconsistencies in how limits are > enforced. For example some drivers will use mm->locked_mm while others > will use mm->pinned_mm or user->locked_mm. It is therefore possible to > have up to three times RLIMIT_MEMLOCKED pinned. > > Having pinned memory limited per-task also makes it easy for users to > exceed the limit. For example drivers that pin memory with > pin_user_pages() it tends to remain pinned after fork. To deal with > this and other issues this series introduces a cgroup for tracking and > limiting the number of pages pinned or locked by tasks in the group. > > However the existing behaviour with regards to the rlimit needs to be > maintained. Therefore the lesser of the two limits is > enforced. Furthermore having CAP_IPC_LOCK usually bypasses the rlimit, > but this bypass is not allowed for the cgroup. > > The first part of this series converts existing drivers which > open-code the use of locked_mm/pinned_mm over to a common interface > which manages the refcounts of the associated task/mm/user > structs. This ensures accounting of pages is consistent and makes it > easier to add charging of the cgroup. > > The second part of the series adds the cgroup and converts core mm > code such as mlock over to charging the cgroup before finally > introducing some selftests. I didn't go through the entire series, so apologies if this was mentioned somewhere, but do you mind elaborating on why this is added as a separate cgroup controller rather than an extension of the memory cgroup controller? > > > As I don't have access to systems with all the various devices I > haven't been able to test all driver changes. Any help there would be > appreciated. > > Alistair Popple (19): > mm: Introduce vm_account > drivers/vhost: Convert to use vm_account > drivers/vdpa: Convert vdpa to use the new vm_structure > infiniband/umem: Convert to use vm_account > RMDA/siw: Convert to use vm_account > RDMA/usnic: convert to use vm_account > vfio/type1: Charge pinned pages to pinned_vm instead of locked_vm > vfio/spapr_tce: Convert accounting to pinned_vm > io_uring: convert to use vm_account > net: skb: Switch to using vm_account > xdp: convert to use vm_account > kvm/book3s_64_vio: Convert account_locked_vm() to vm_account_pinned() > fpga: dfl: afu: convert to use vm_account > mm: Introduce a cgroup for pinned memory > mm/util: Extend vm_account to charge pages against the pin cgroup > mm/util: Refactor account_locked_vm > mm: Convert mmap and mlock to use account_locked_vm > mm/mmap: Charge locked memory to pins cgroup > selftests/vm: Add pins-cgroup selftest for mlock/mmap > > MAINTAINERS | 8 +- > arch/powerpc/kvm/book3s_64_vio.c | 10 +- > arch/powerpc/mm/book3s64/iommu_api.c | 29 +-- > drivers/fpga/dfl-afu-dma-region.c | 11 +- > drivers/fpga/dfl-afu.h | 1 +- > drivers/infiniband/core/umem.c | 16 +- > drivers/infiniband/core/umem_odp.c | 6 +- > drivers/infiniband/hw/usnic/usnic_uiom.c | 13 +- > drivers/infiniband/hw/usnic/usnic_uiom.h | 1 +- > drivers/infiniband/sw/siw/siw.h | 2 +- > drivers/infiniband/sw/siw/siw_mem.c | 20 +-- > drivers/infiniband/sw/siw/siw_verbs.c | 15 +- > drivers/vdpa/vdpa_user/vduse_dev.c | 20 +-- > drivers/vfio/vfio_iommu_spapr_tce.c | 15 +- > drivers/vfio/vfio_iommu_type1.c | 59 +---- > drivers/vhost/vdpa.c | 9 +- > drivers/vhost/vhost.c | 2 +- > drivers/vhost/vhost.h | 1 +- > include/linux/cgroup.h | 20 ++- > include/linux/cgroup_subsys.h | 4 +- > include/linux/io_uring_types.h | 3 +- > include/linux/kvm_host.h | 1 +- > include/linux/mm.h | 5 +- > include/linux/mm_types.h | 88 ++++++++- > include/linux/skbuff.h | 6 +- > include/net/sock.h | 2 +- > include/net/xdp_sock.h | 2 +- > include/rdma/ib_umem.h | 1 +- > io_uring/io_uring.c | 20 +-- > io_uring/notif.c | 4 +- > io_uring/notif.h | 10 +- > io_uring/rsrc.c | 38 +--- > io_uring/rsrc.h | 9 +- > mm/Kconfig | 11 +- > mm/Makefile | 1 +- > mm/internal.h | 2 +- > mm/mlock.c | 76 +------ > mm/mmap.c | 76 +++---- > mm/mremap.c | 54 +++-- > mm/pins_cgroup.c | 273 ++++++++++++++++++++++++- > mm/secretmem.c | 6 +- > mm/util.c | 196 +++++++++++++++-- > net/core/skbuff.c | 47 +--- > net/rds/message.c | 9 +- > net/xdp/xdp_umem.c | 38 +-- > tools/testing/selftests/vm/Makefile | 1 +- > tools/testing/selftests/vm/pins-cgroup.c | 271 ++++++++++++++++++++++++- > virt/kvm/kvm_main.c | 3 +- > 48 files changed, 1114 insertions(+), 401 deletions(-) > create mode 100644 mm/pins_cgroup.c > create mode 100644 tools/testing/selftests/vm/pins-cgroup.c > > base-commit: 2241ab53cbb5cdb08a6b2d4688feb13971058f65 > -- > git-series 0.9.1 > From mboxrd@z Thu Jan 1 00:00:00 1970 From: Yosry Ahmed Subject: Re: [RFC PATCH 00/19] mm: Introduce a cgroup to limit the amount of locked and pinned memory Date: Tue, 24 Jan 2023 10:26:49 -0800 Message-ID: References: Mime-Version: 1.0 Return-path: DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=RIwygwRM9tzobh7QaVo0cnmbFvKeH50XulwOSqSD844=; b=cBbJb/Nx3OmOGYqdI8Yo1XttKVQwMvETRTZnmA/yBdPsHIR2qt4/Iv5TghMNeWcf7g 3NwPmcWCiVrWVMIFPwvpqPx777Yo9B1ExCJfTWMFeKrUQllNjdvxr0DdCrlBzyrV0gov T7fZd0SmjzqKN8Jz/z4d6G+zYENz5OUYmVrXV2gxXpGfvL2OHf5b+orFKoR9hII5TC11 uHTu8Shf5tqIRjjT4iaN2O23SRGB5uf9WaYPy4t4ihT2foBPhFAGS9TDdMbZxzUEywuo RGHCjr7/DDLcUoFp0xwsRRdmX81H2m/F8AKB5c/eM0Z+e0GoeLC9zauUJ/knC5ZVdtwt hM+w== In-Reply-To: List-ID: Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: Alistair Popple Cc: linux-mm-Bw31MaZKKs3YtjvyW6yDsg@public.gmane.org, cgroups-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, jgg-DDmLM1+adcrQT0dZR+AlfA@public.gmane.org, jhubbard-DDmLM1+adcrQT0dZR+AlfA@public.gmane.org, tjmercier-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org, hannes-druUgvl0LCNAfugRpC6u6w@public.gmane.org, surenb-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org, mkoutny-IBi9RG/b67k@public.gmane.org, daniel-/w4YWyX8dFk@public.gmane.org On Mon, Jan 23, 2023 at 9:43 PM Alistair Popple wrote: > > Having large amounts of unmovable or unreclaimable memory in a system > can lead to system instability due to increasing the likelihood of > encountering out-of-memory conditions. Therefore it is desirable to > limit the amount of memory users can lock or pin. > > From userspace such limits can be enforced by setting > RLIMIT_MEMLOCK. However there is no standard method that drivers and > other in-kernel users can use to check and enforce this limit. > > This has lead to a large number of inconsistencies in how limits are > enforced. For example some drivers will use mm->locked_mm while others > will use mm->pinned_mm or user->locked_mm. It is therefore possible to > have up to three times RLIMIT_MEMLOCKED pinned. > > Having pinned memory limited per-task also makes it easy for users to > exceed the limit. For example drivers that pin memory with > pin_user_pages() it tends to remain pinned after fork. To deal with > this and other issues this series introduces a cgroup for tracking and > limiting the number of pages pinned or locked by tasks in the group. > > However the existing behaviour with regards to the rlimit needs to be > maintained. Therefore the lesser of the two limits is > enforced. Furthermore having CAP_IPC_LOCK usually bypasses the rlimit, > but this bypass is not allowed for the cgroup. > > The first part of this series converts existing drivers which > open-code the use of locked_mm/pinned_mm over to a common interface > which manages the refcounts of the associated task/mm/user > structs. This ensures accounting of pages is consistent and makes it > easier to add charging of the cgroup. > > The second part of the series adds the cgroup and converts core mm > code such as mlock over to charging the cgroup before finally > introducing some selftests. I didn't go through the entire series, so apologies if this was mentioned somewhere, but do you mind elaborating on why this is added as a separate cgroup controller rather than an extension of the memory cgroup controller? > > > As I don't have access to systems with all the various devices I > haven't been able to test all driver changes. Any help there would be > appreciated. > > Alistair Popple (19): > mm: Introduce vm_account > drivers/vhost: Convert to use vm_account > drivers/vdpa: Convert vdpa to use the new vm_structure > infiniband/umem: Convert to use vm_account > RMDA/siw: Convert to use vm_account > RDMA/usnic: convert to use vm_account > vfio/type1: Charge pinned pages to pinned_vm instead of locked_vm > vfio/spapr_tce: Convert accounting to pinned_vm > io_uring: convert to use vm_account > net: skb: Switch to using vm_account > xdp: convert to use vm_account > kvm/book3s_64_vio: Convert account_locked_vm() to vm_account_pinned() > fpga: dfl: afu: convert to use vm_account > mm: Introduce a cgroup for pinned memory > mm/util: Extend vm_account to charge pages against the pin cgroup > mm/util: Refactor account_locked_vm > mm: Convert mmap and mlock to use account_locked_vm > mm/mmap: Charge locked memory to pins cgroup > selftests/vm: Add pins-cgroup selftest for mlock/mmap > > MAINTAINERS | 8 +- > arch/powerpc/kvm/book3s_64_vio.c | 10 +- > arch/powerpc/mm/book3s64/iommu_api.c | 29 +-- > drivers/fpga/dfl-afu-dma-region.c | 11 +- > drivers/fpga/dfl-afu.h | 1 +- > drivers/infiniband/core/umem.c | 16 +- > drivers/infiniband/core/umem_odp.c | 6 +- > drivers/infiniband/hw/usnic/usnic_uiom.c | 13 +- > drivers/infiniband/hw/usnic/usnic_uiom.h | 1 +- > drivers/infiniband/sw/siw/siw.h | 2 +- > drivers/infiniband/sw/siw/siw_mem.c | 20 +-- > drivers/infiniband/sw/siw/siw_verbs.c | 15 +- > drivers/vdpa/vdpa_user/vduse_dev.c | 20 +-- > drivers/vfio/vfio_iommu_spapr_tce.c | 15 +- > drivers/vfio/vfio_iommu_type1.c | 59 +---- > drivers/vhost/vdpa.c | 9 +- > drivers/vhost/vhost.c | 2 +- > drivers/vhost/vhost.h | 1 +- > include/linux/cgroup.h | 20 ++- > include/linux/cgroup_subsys.h | 4 +- > include/linux/io_uring_types.h | 3 +- > include/linux/kvm_host.h | 1 +- > include/linux/mm.h | 5 +- > include/linux/mm_types.h | 88 ++++++++- > include/linux/skbuff.h | 6 +- > include/net/sock.h | 2 +- > include/net/xdp_sock.h | 2 +- > include/rdma/ib_umem.h | 1 +- > io_uring/io_uring.c | 20 +-- > io_uring/notif.c | 4 +- > io_uring/notif.h | 10 +- > io_uring/rsrc.c | 38 +--- > io_uring/rsrc.h | 9 +- > mm/Kconfig | 11 +- > mm/Makefile | 1 +- > mm/internal.h | 2 +- > mm/mlock.c | 76 +------ > mm/mmap.c | 76 +++---- > mm/mremap.c | 54 +++-- > mm/pins_cgroup.c | 273 ++++++++++++++++++++++++- > mm/secretmem.c | 6 +- > mm/util.c | 196 +++++++++++++++-- > net/core/skbuff.c | 47 +--- > net/rds/message.c | 9 +- > net/xdp/xdp_umem.c | 38 +-- > tools/testing/selftests/vm/Makefile | 1 +- > tools/testing/selftests/vm/pins-cgroup.c | 271 ++++++++++++++++++++++++- > virt/kvm/kvm_main.c | 3 +- > 48 files changed, 1114 insertions(+), 401 deletions(-) > create mode 100644 mm/pins_cgroup.c > create mode 100644 tools/testing/selftests/vm/pins-cgroup.c > > base-commit: 2241ab53cbb5cdb08a6b2d4688feb13971058f65 > -- > git-series 0.9.1 >