From: Shakeel Butt <shakeelb@google.com>
To: Jakub Kicinski <kuba@kernel.org>
Cc: Andrew Morton <akpm@linux-foundation.org>,
Linux MM <linux-mm@kvack.org>, Kernel Team <kernel-team@fb.com>,
Tejun Heo <tj@kernel.org>, Johannes Weiner <hannes@cmpxchg.org>,
Chris Down <chris@chrisdown.name>,
Cgroups <cgroups@vger.kernel.org>,
Michal Hocko <mhocko@kernel.org>
Subject: Re: [PATCH mm v3 3/3] mm: automatically penalize tasks with high swap use
Date: Sun, 17 May 2020 06:44:52 -0700 [thread overview]
Message-ID: <CALvZod5Dcee8CaNfkhQQbvC1OuOTO7qE9bJw9NAa8nd2Cru6hA@mail.gmail.com> (raw)
In-Reply-To: <20200515202027.3217470-4-kuba@kernel.org>
On Fri, May 15, 2020 at 1:20 PM Jakub Kicinski <kuba@kernel.org> wrote:
>
> Add a memory.swap.high knob, which can be used to protect the system
> from SWAP exhaustion. The mechanism used for penalizing is similar
> to memory.high penalty (sleep on return to user space), but with
> a less steep slope.
>
> That is not to say that the knob itself is equivalent to memory.high.
> The objective is more to protect the system from potentially buggy
> tasks consuming a lot of swap and impacting other tasks, or even
> bringing the whole system to stand still with complete SWAP
> exhaustion. Hopefully without the need to find per-task hard
> limits.
>
> Slowing misbehaving tasks down gradually allows user space oom
> killers or other protection mechanisms to react. oomd and earlyoom
> already do killing based on swap exhaustion, and memory.swap.high
> protection will help implement such userspace oom policies more
> reliably.
>
> Use one counter for number of pages allocated under pressure
> to save struct task space and avoid two separate hierarchy
> walks on the hot path.
>
The above para seems out of place. It took some time to realize you
are talking about current->memcg_nr_pages_over_high. IMO instead of
this para, a comment in code would be much better.
> Take the new high limit into account when determining if swap
> is "full". Borrowing the explanation from Johannes:
>
> The idea behind "swap full" is that as long as the workload has plenty
> of swap space available and it's not changing its memory contents, it
> makes sense to generously hold on to copies of data in the swap
> device, even after the swapin. A later reclaim cycle can drop the page
> without any IO. Trading disk space for IO.
>
> But the only two ways to reclaim a swap slot is when they're faulted
> in and the references go away, or by scanning the virtual address space
> like swapoff does - which is very expensive (one could argue it's too
> expensive even for swapoff, it's often more practical to just reboot).
>
> So at some point in the fill level, we have to start freeing up swap
> slots on fault/swapin.
swap.high allows the user to force the kernel to start freeing swap
slots before half-full heuristic, right?
> Otherwise we could eventually run out of swap
> slots while they're filled with copies of data that is also in RAM.
>
> We don't want to OOM a workload because its available swap space is
> filled with redundant cache.
>
> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
> --
> v3:
> - count events for all groups over limit
> - add doc for high events
> - remove the magic scaling factor
> - improve commit message
> v2:
> - add docs,
> - improve commit message.
> ---
> Documentation/admin-guide/cgroup-v2.rst | 20 ++++++
> include/linux/memcontrol.h | 4 ++
> mm/memcontrol.c | 83 +++++++++++++++++++++++--
> 3 files changed, 101 insertions(+), 6 deletions(-)
>
> diff --git a/Documentation/admin-guide/cgroup-v2.rst b/Documentation/admin-guide/cgroup-v2.rst
> index fed4e1d2a343..1536deb2f28e 100644
> --- a/Documentation/admin-guide/cgroup-v2.rst
> +++ b/Documentation/admin-guide/cgroup-v2.rst
> @@ -1373,6 +1373,22 @@ PAGE_SIZE multiple when read back.
> The total amount of swap currently being used by the cgroup
> and its descendants.
>
> + memory.swap.high
> + A read-write single value file which exists on non-root
> + cgroups. The default is "max".
> +
> + Swap usage throttle limit. If a cgroup's swap usage exceeds
> + this limit, all its further allocations will be throttled to
> + allow userspace to implement custom out-of-memory procedures.
> +
> + This limit marks a point of no return for the cgroup. It is NOT
> + designed to manage the amount of swapping a workload does
> + during regular operation. Compare to memory.swap.max, which
> + prohibits swapping past a set amount, but lets the cgroup
> + continue unimpeded as long as other memory can be reclaimed.
> +
> + Healthy workloads are not expected to reach this limit.
> +
> memory.swap.max
> A read-write single value file which exists on non-root
> cgroups. The default is "max".
> @@ -1386,6 +1402,10 @@ PAGE_SIZE multiple when read back.
> otherwise, a value change in this file generates a file
> modified event.
>
> + high
> + The number of times the cgroup's swap usage was over
> + the high threshold.
> +
> max
> The number of times the cgroup's swap usage was about
> to go over the max boundary and swap allocation
> diff --git a/include/linux/memcontrol.h b/include/linux/memcontrol.h
> index e0bcef180672..abf1d7aad48a 100644
> --- a/include/linux/memcontrol.h
> +++ b/include/linux/memcontrol.h
> @@ -42,6 +42,7 @@ enum memcg_memory_event {
> MEMCG_MAX,
> MEMCG_OOM,
> MEMCG_OOM_KILL,
> + MEMCG_SWAP_HIGH,
> MEMCG_SWAP_MAX,
> MEMCG_SWAP_FAIL,
> MEMCG_NR_MEMORY_EVENTS,
> @@ -209,6 +210,9 @@ struct mem_cgroup {
> /* Upper bound of normal memory consumption range */
> unsigned long high;
>
> + /* Upper bound of swap consumption range */
> + unsigned long swap_high;
> +
I think it would be better to move the 'high' to the struct
page_counter i.e. memcg->memory.high and memcg->swap.high.
> /* Range enforcement for interrupt charges */
> struct work_struct high_work;
>
> diff --git a/mm/memcontrol.c b/mm/memcontrol.c
> index b2022f98bf46..4fe6cebb5b4b 100644
> --- a/mm/memcontrol.c
> +++ b/mm/memcontrol.c
> @@ -2332,6 +2332,22 @@ static u64 mem_find_max_overage(struct mem_cgroup *memcg)
> return max_overage;
> }
>
> +static u64 swap_find_max_overage(struct mem_cgroup *memcg)
> +{
> + u64 overage, max_overage = 0;
> +
> + do {
> + overage = calculate_overage(page_counter_read(&memcg->swap),
> + READ_ONCE(memcg->swap_high));
> + if (overage)
> + memcg_memory_event(memcg, MEMCG_SWAP_HIGH);
> + max_overage = max(overage, max_overage);
> + } while ((memcg = parent_mem_cgroup(memcg)) &&
> + !mem_cgroup_is_root(memcg));
> +
> + return max_overage;
> +}
> +
> /*
> * Get the number of jiffies that we should penalise a mischievous cgroup which
> * is exceeding its memory.high by checking both it and its ancestors.
> @@ -2393,6 +2409,13 @@ void mem_cgroup_handle_over_high(void)
> penalty_jiffies = calculate_high_delay(memcg, nr_pages,
> mem_find_max_overage(memcg));
>
> + /*
> + * Make the swap curve more gradual, swap can be considered "cheaper",
> + * and is allocated in larger chunks. We want the delays to be gradual.
> + */
> + penalty_jiffies += calculate_high_delay(memcg, nr_pages,
> + swap_find_max_overage(memcg));
> +
> /*
> * Clamp the max delay per usermode return so as to still keep the
> * application moving forwards and also permit diagnostics, albeit
> @@ -2583,12 +2606,23 @@ static int try_charge(struct mem_cgroup *memcg, gfp_t gfp_mask,
> * reclaim, the cost of mismatch is negligible.
> */
> do {
> - if (page_counter_read(&memcg->memory) > READ_ONCE(memcg->high)) {
> - /* Don't bother a random interrupted task */
> - if (in_interrupt()) {
> + bool mem_high, swap_high;
> +
> + mem_high = page_counter_read(&memcg->memory) >
> + READ_ONCE(memcg->high);
> + swap_high = page_counter_read(&memcg->swap) >
> + READ_ONCE(memcg->swap_high);
> +
> + /* Don't bother a random interrupted task */
> + if (in_interrupt()) {
> + if (mem_high) {
> schedule_work(&memcg->high_work);
> break;
> }
> + continue;
break?
> + }
> +
> + if (mem_high || swap_high) {
> current->memcg_nr_pages_over_high += batch;
> set_notify_resume(current);
> break;
> @@ -5005,6 +5039,7 @@ mem_cgroup_css_alloc(struct cgroup_subsys_state *parent_css)
>
> WRITE_ONCE(memcg->high, PAGE_COUNTER_MAX);
> memcg->soft_limit = PAGE_COUNTER_MAX;
> + WRITE_ONCE(memcg->swap_high, PAGE_COUNTER_MAX);
> if (parent) {
> memcg->swappiness = mem_cgroup_swappiness(parent);
> memcg->oom_kill_disable = parent->oom_kill_disable;
> @@ -5158,6 +5193,7 @@ static void mem_cgroup_css_reset(struct cgroup_subsys_state *css)
> page_counter_set_low(&memcg->memory, 0);
> WRITE_ONCE(memcg->high, PAGE_COUNTER_MAX);
> memcg->soft_limit = PAGE_COUNTER_MAX;
> + WRITE_ONCE(memcg->swap_high, PAGE_COUNTER_MAX);
> memcg_wb_domain_size_changed(memcg);
> }
>
> @@ -6978,10 +7014,13 @@ bool mem_cgroup_swap_full(struct page *page)
> if (!memcg)
> return false;
>
> - for (; memcg != root_mem_cgroup; memcg = parent_mem_cgroup(memcg))
> - if (page_counter_read(&memcg->swap) * 2 >=
> - READ_ONCE(memcg->swap.max))
> + for (; memcg != root_mem_cgroup; memcg = parent_mem_cgroup(memcg)) {
> + unsigned long usage = page_counter_read(&memcg->swap);
> +
> + if (usage * 2 >= READ_ONCE(memcg->swap_high) ||
> + usage * 2 >= READ_ONCE(memcg->swap.max))
> return true;
> + }
>
> return false;
> }
> @@ -7004,6 +7043,30 @@ static u64 swap_current_read(struct cgroup_subsys_state *css,
> return (u64)page_counter_read(&memcg->swap) * PAGE_SIZE;
> }
>
> +static int swap_high_show(struct seq_file *m, void *v)
> +{
> + unsigned long high = READ_ONCE(mem_cgroup_from_seq(m)->swap_high);
> +
> + return seq_puts_memcg_tunable(m, high);
> +}
> +
> +static ssize_t swap_high_write(struct kernfs_open_file *of,
> + char *buf, size_t nbytes, loff_t off)
> +{
> + struct mem_cgroup *memcg = mem_cgroup_from_css(of_css(of));
> + unsigned long high;
> + int err;
> +
> + buf = strstrip(buf);
> + err = page_counter_memparse(buf, "max", &high);
> + if (err)
> + return err;
> +
> + WRITE_ONCE(memcg->swap_high, high);
> +
> + return nbytes;
> +}
> +
> static int swap_max_show(struct seq_file *m, void *v)
> {
> return seq_puts_memcg_tunable(m,
> @@ -7031,6 +7094,8 @@ static int swap_events_show(struct seq_file *m, void *v)
> {
> struct mem_cgroup *memcg = mem_cgroup_from_seq(m);
>
> + seq_printf(m, "high %lu\n",
> + atomic_long_read(&memcg->memory_events[MEMCG_SWAP_HIGH]));
> seq_printf(m, "max %lu\n",
> atomic_long_read(&memcg->memory_events[MEMCG_SWAP_MAX]));
> seq_printf(m, "fail %lu\n",
> @@ -7045,6 +7110,12 @@ static struct cftype swap_files[] = {
> .flags = CFTYPE_NOT_ON_ROOT,
> .read_u64 = swap_current_read,
> },
> + {
> + .name = "swap.high",
> + .flags = CFTYPE_NOT_ON_ROOT,
> + .seq_show = swap_high_show,
> + .write = swap_high_write,
> + },
> {
> .name = "swap.max",
> .flags = CFTYPE_NOT_ON_ROOT,
> --
> 2.25.4
>
next prev parent reply other threads:[~2020-05-17 13:45 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-15 20:20 [PATCH mm v3 0/3] memcg: Slow down swap allocation as the available space gets depleted Jakub Kicinski
2020-05-15 20:20 ` [PATCH mm v3 1/3] mm: prepare for swap over-high accounting and penalty calculation Jakub Kicinski
2020-05-15 20:20 ` [PATCH mm v3 2/3] mm: move penalty delay clamping out of calculate_high_delay() Jakub Kicinski
2020-05-15 20:20 ` [PATCH mm v3 3/3] mm: automatically penalize tasks with high swap use Jakub Kicinski
2020-05-17 13:44 ` Shakeel Butt [this message]
2020-05-18 19:42 ` Jakub Kicinski
2020-05-18 19:58 ` Shakeel Butt
2020-05-19 0:42 ` Jakub Kicinski
2020-05-19 1:10 ` Shakeel Butt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CALvZod5Dcee8CaNfkhQQbvC1OuOTO7qE9bJw9NAa8nd2Cru6hA@mail.gmail.com \
--to=shakeelb@google.com \
--cc=akpm@linux-foundation.org \
--cc=cgroups@vger.kernel.org \
--cc=chris@chrisdown.name \
--cc=hannes@cmpxchg.org \
--cc=kernel-team@fb.com \
--cc=kuba@kernel.org \
--cc=linux-mm@kvack.org \
--cc=mhocko@kernel.org \
--cc=tj@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).