From: Roman Gushchin <firstname.lastname@example.org> To: Andrew Morton <email@example.com> Cc: "Michal Koutný" <firstname.lastname@example.org>, "Dennis Zhou" <email@example.com>, "Tejun Heo" <firstname.lastname@example.org>, "Christoph Lameter" <email@example.com>, "Johannes Weiner" <firstname.lastname@example.org>, "Michal Hocko" <email@example.com>, "Shakeel Butt" <firstname.lastname@example.org>, email@example.com, firstname.lastname@example.org, email@example.com Subject: Re: [PATCH v3 4/5] mm: memcg: charge memcg percpu memory to the parent cgroup Date: Thu, 6 Aug 2020 21:37:17 -0700 Message-ID: <20200807043717.GA1231562@carbon.DHCP.thefacebook.com> (raw) In-Reply-To: <firstname.lastname@example.org> On Thu, Aug 06, 2020 at 09:16:03PM -0700, Andrew Morton wrote: > On Wed, 29 Jul 2020 19:10:39 +0200 Michal Koutný <email@example.com> wrote: > > > Hello. > > > > On Tue, Jun 23, 2020 at 11:45:14AM -0700, Roman Gushchin <firstname.lastname@example.org> wrote: > > > Because the size of memory cgroup internal structures can dramatically > > > exceed the size of object or page which is pinning it in the memory, it's > > > not a good idea to simple ignore it. It actually breaks the isolation > > > between cgroups. > > No doubt about accounting the memory if it's significant amount. > > > > > Let's account the consumed percpu memory to the parent cgroup. > > Why did you choose charging to the parent of the created cgroup? > > > > Should the charge go the cgroup _that is creating_ the new memcg? > > > > One reason is that there are the throttling mechanisms for memory limits > > and those are better exercised when the actor and its memory artefact > > are the same cgroup, aren't they? Hi! In general, yes. But in this case I think it wouldn't be a good idea: most often cgroups are created by a centralized daemon (systemd), which is usually located in the root cgroup. Even if it's located not in the root cgroup, limiting it's memory will likely affect the whole system, even if only one specific limit was reached. If there is a containerized workload, which creates sub-cgroups, charging it's parent cgroup is perfectly effective. And the opposite, if we'll charge the cgroup of a process, who created a cgroup, we'll not cover the most common case: systemd creating cgroups for all services in the system. > > > > The second reason is based on the example Dlegation Containment > > (Documentation/admin-guide/cgroup-v2.rst) > > > > > For an example, let's assume cgroups C0 and C1 have been delegated to > > > user U0 who created C00, C01 under C0 and C10 under C1 as follows and > > > all processes under C0 and C1 belong to U0:: > > > > > > ~~~~~~~~~~~~~ - C0 - C00 > > > ~ cgroup ~ \ C01 > > > ~ hierarchy ~ > > > ~~~~~~~~~~~~~ - C1 - C10 > > > > Thanks to permissions a task running in C0 creating a cgroup in C1 would > > deplete C1's supply victimizing tasks inside C1. Right, but it's quite unusual for tasks from one cgroup to create sub-cgroups in completely different cgroup. In this particular case there are tons of other ways how a task from C00 can hurt C1. > > These week-old issues appear to be significant. Roman? Or someone > else? Oh, I'm sorry, somehow I've missed this letter. Thank you for pointing at it! Thanks!
next prev parent reply index Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top 2020-06-23 18:45 [PATCH v3 0/5] mm: memcg accounting of percpu memory Roman Gushchin 2020-06-23 18:45 ` [PATCH v3 1/5] percpu: return number of released bytes from pcpu_free_area() Roman Gushchin 2020-06-24 0:58 ` Shakeel Butt 2020-06-23 18:45 ` [PATCH v3 2/5] mm: memcg/percpu: account percpu memory to memory cgroups Roman Gushchin 2020-06-24 1:25 ` Shakeel Butt 2020-06-23 18:45 ` [PATCH v3 3/5] mm: memcg/percpu: per-memcg percpu memory statistics Roman Gushchin 2020-06-24 1:35 ` Shakeel Butt 2020-08-11 15:05 ` Johannes Weiner 2020-06-23 18:45 ` [PATCH v3 4/5] mm: memcg: charge memcg percpu memory to the parent cgroup Roman Gushchin 2020-06-24 1:40 ` Shakeel Butt 2020-06-24 1:49 ` Roman Gushchin 2020-07-29 17:10 ` Michal Koutný 2020-08-07 4:16 ` Andrew Morton 2020-08-07 4:37 ` Roman Gushchin [this message] 2020-08-10 19:33 ` Roman Gushchin 2020-08-11 14:47 ` Michal Koutný 2020-08-11 16:55 ` Roman Gushchin 2020-08-11 18:32 ` Michal Koutný 2020-08-11 19:32 ` Roman Gushchin 2020-08-12 16:28 ` Michal Koutný 2020-08-11 15:27 ` Johannes Weiner 2020-08-11 17:06 ` Roman Gushchin 2020-08-13 9:16 ` Naresh Kamboju 2020-08-13 23:27 ` Stephen Rothwell
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20200807043717.GA1231562@carbon.DHCP.thefacebook.com \ --email@example.com \ --firstname.lastname@example.org \ --email@example.com \ --firstname.lastname@example.org \ --email@example.com \ --firstname.lastname@example.org \ --email@example.com \ --firstname.lastname@example.org \ --email@example.com \ --firstname.lastname@example.org \ --email@example.com \ --firstname.lastname@example.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
Linux-mm Archive on lore.kernel.org Archives are clonable: git clone --mirror https://lore.kernel.org/linux-mm/0 linux-mm/git/0.git # If you have public-inbox 1.1+ installed, you may # initialize and index your mirror using the following commands: public-inbox-init -V2 linux-mm linux-mm/ https://lore.kernel.org/linux-mm \ email@example.com public-inbox-index linux-mm Example config snippet for mirrors Newsgroup available over NNTP: nntp://nntp.lore.kernel.org/org.kvack.linux-mm AGPL code for this site: git clone https://public-inbox.org/public-inbox.git