Received: by 2002:a05:6602:18e:0:0:0:0 with SMTP id m14csp4460140ioo; Tue, 31 May 2022 05:07:56 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzG0fp3RZL8zvqw8NV3jrUon0ynLAniBuHJHrKzz2D1XJ5S9dmFwEt1x4bfrWl6KmX2+jqd X-Received: by 2002:a17:907:97c4:b0:6fe:f896:daf7 with SMTP id js4-20020a17090797c400b006fef896daf7mr34692371ejc.283.1653998876548; Tue, 31 May 2022 05:07:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1653998876; cv=none; d=google.com; s=arc-20160816; b=BdxeDEmAxQ7Yp1+Si42IX/hJ8BW3wYDJ6m1CMMMe7dhCM1z+3aldNmVREN/meIwNkz vck/PWdACRkOL2E8LXrR3lbQLptHHYEjDgBO8WS/eARsC28nESaoFdow0JPojlFhiP/j GlIjqLEejHaWqmzxrDxKfGq14P27vmtdjH8v1WmfVMea9DkAvG3U3QIqw0cPxUwOyvRT 10FvS1dsXbjja9tMA38TRpPzFHVtfzQgt4UNN5rjCf5+VhJ7yV+fzeIIblfAXHthKbi/ qdQFLGZmMguNHNisAmJ974jhXL4mIxKoBtapG5ggIZPTlFhUWla7JoBNQHriaGNRFgS+ +FwQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id:dkim-signature; bh=NzV8dfvq8cM1l3XimLO2tX+6Q+tj9m2ZJPGNF/NhjTo=; b=pQBp4lmEf+8dvMXi7hOx4WTivf7OrMGzGWbxflSAUKmUwsc0iKqKik5WbVeyUP3FoK m97Ak7M8ffloVr84sPim+PSq0UszopQKocTO0GdGTdTh61f2ib4Kw6/sxRXALjNGj30z nECKY72N2rwVA+x5GUhraFnvUSEMwIT5uPiXJz/sPyQdy/1OpACHIR3DWXsVN5peWa8S ElmZNGyBKnqdISYSRjIvHbKdcqJweFucOCRqhaU9wY2z5GYrzzYDmXe6QarD0akUMRV+ iZLqijrL8hE5QxdikDofGuk3c8CiSgD3Lpi04zkfL453kEzadQiETM9YAdcykp2xREst Z8kw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@openvz-org.20210112.gappssmtp.com header.s=20210112 header.b=yhuJl6kg; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvz.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id j11-20020a05640211cb00b00427c66840c4si16811852edw.325.2022.05.31.05.07.29; Tue, 31 May 2022 05:07:56 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@openvz-org.20210112.gappssmtp.com header.s=20210112 header.b=yhuJl6kg; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvz.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236427AbiE3NJh (ORCPT + 99 others); Mon, 30 May 2022 09:09:37 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35424 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236381AbiE3NJG (ORCPT ); Mon, 30 May 2022 09:09:06 -0400 Received: from mail-lj1-x22e.google.com (mail-lj1-x22e.google.com [IPv6:2a00:1450:4864:20::22e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5A2048198E for ; Mon, 30 May 2022 06:09:04 -0700 (PDT) Received: by mail-lj1-x22e.google.com with SMTP id w23so763730ljd.11 for ; Mon, 30 May 2022 06:09:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=openvz-org.20210112.gappssmtp.com; s=20210112; h=message-id:date:mime-version:user-agent:subject:content-language:to :cc:references:from:in-reply-to:content-transfer-encoding; bh=NzV8dfvq8cM1l3XimLO2tX+6Q+tj9m2ZJPGNF/NhjTo=; b=yhuJl6kgzdEsB6MDpBTkzDuIqI/wRbimnVLT6eSntaZc6lWCsxW2wrBPEL3gUZsDBQ kt7rSdHWA9c1as0IPZMH6dqVC7eR/eoshPwpiRNaxS2rd/8T+IHsxklwl0SQhX3+IE7h /Yej+6rAGirETCjtvpHewEhik6BmYoJwI9pVIfnRAou/ThMFyfB07ZeamdtfGJOf8YkU tF3X6JSQcT+QO+h0POANTn+JyY5OPapGHnK2rqcabhbVPiXAXFXw0f8PDR8kbz9ZxMUB JLEuSo3jNxb4w3QKYhAGoTPfJoJx4Vw2h0zr8dEJxMcYahoP1kEJq72EfUtjGpnsPuDd H7Tw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:date:mime-version:user-agent:subject :content-language:to:cc:references:from:in-reply-to :content-transfer-encoding; bh=NzV8dfvq8cM1l3XimLO2tX+6Q+tj9m2ZJPGNF/NhjTo=; b=xeBzdn0dKtCNBzw13kC9HQ98H5cnLQGppItrH/U+ero3y+Td7maxtJfZlrcT4i7UjX WBIYSrX/CrIjfaV4xA78UxYP1O6ntUe1uBDEd1LdIj0TVeTd4/goYhLzwL8laYEnTVhu V1/vNcEV+/Pi17WGtLyaxjcLtiWVMmml5jr/5RyDMMWhk1VZAXPvVyyhrk1WO4/lExfQ ByQW5yD4jIepb7XkmJ2IbgvtsPNkU76gPy+vUA/Z9v7+NSusMyy6Oi50nwfRcj3e5U+P She/zruNxGpcnRgSzYPGEP31Q1EfbgLHtofV1lxzYnGEIxUYx452/IliPVgA2jmWL54s a+WA== X-Gm-Message-State: AOAM532KxYkt1/wtEvqruNiAnZTooOak1kx0fqFKBJxru6GQZgPK56X+ pPEzCtW+zMd5KOqWjGqOVhXooiN02HWOfQ== X-Received: by 2002:a2e:7d18:0:b0:254:1e86:a3c with SMTP id y24-20020a2e7d18000000b002541e860a3cmr13281239ljc.77.1653916142662; Mon, 30 May 2022 06:09:02 -0700 (PDT) Received: from [192.168.1.65] ([46.188.121.129]) by smtp.gmail.com with ESMTPSA id s20-20020a056512203400b00477b0779016sm1162502lfs.264.2022.05.30.06.09.01 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 30 May 2022 06:09:02 -0700 (PDT) Message-ID: Date: Mon, 30 May 2022 16:09:00 +0300 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.8.1 Subject: Re: [PATCH mm v3 0/9] memcg: accounting for objects allocated by mkdir cgroup Content-Language: en-US To: Michal Hocko Cc: Andrew Morton , kernel@openvz.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, Shakeel Butt , Roman Gushchin , =?UTF-8?Q?Michal_Koutn=c3=bd?= , Vlastimil Babka , Muchun Song , cgroups@vger.kernel.org References: <06505918-3b8a-0ad5-5951-89ecb510138e@openvz.org> <3e1d6eab-57c7-ba3d-67e1-c45aa0dfa2ab@openvz.org> From: Vasily Averin In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-2.4 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,NICE_REPLY_A,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 5/30/22 14:55, Michal Hocko wrote: > On Mon 30-05-22 14:25:45, Vasily Averin wrote: >> Below is tracing results of mkdir /sys/fs/cgroup/vvs.test on >> 4cpu VM with Fedora and self-complied upstream kernel. The calculations >> are not precise, it depends on kernel config options, number of cpus, >> enabled controllers, ignores possible page allocations etc. >> However this is enough to clarify the general situation. >> All allocations are splited into: >> - common part, always called for each cgroup type >> - per-cgroup allocations >> >> In each group we consider 2 corner cases: >> - usual allocations, important for 1-2 CPU nodes/Vms >> - percpu allocations, important for 'big irons' >> >> common part: ~11Kb + 318 bytes percpu >> memcg: ~17Kb + 4692 bytes percpu >> cpu: ~2.5Kb + 1036 bytes percpu >> cpuset: ~3Kb + 12 bytes percpu >> blkcg: ~3Kb + 12 bytes percpu >> pid: ~1.5Kb + 12 bytes percpu >> perf: ~320b + 60 bytes percpu >> ------------------------------------------- >> total: ~38Kb + 6142 bytes percpu >> currently accounted: 4668 bytes percpu >> >> - it's important to account usual allocations called >> in common part, because almost all of cgroup-specific allocations >> are small. One exception here is memory cgroup, it allocates a few >> huge objects that should be accounted. >> - Percpu allocation called in common part, in memcg and cpu cgroups >> should be accounted, rest ones are small an can be ignored. >> - KERNFS objects are allocated both in common part and in most of >> cgroups >> >> Details can be found here: >> https://lore.kernel.org/all/d28233ee-bccb-7bc3-c2ec-461fd7f95e6a@openvz.org/ >> >> I checked other cgroups types was found that they all can be ignored. >> Additionally I found allocation of struct rt_rq called in cpu cgroup >> if CONFIG_RT_GROUP_SCHED was enabled, it allocates huge (~1700 bytes) >> percpu structure and should be accounted too. > > One thing that the changelog is missing is an explanation why do we need > to account those objects. Users are usually not empowered to create > cgroups arbitrarily. Or at least they shouldn't because we can expect > more problems to happen. > > Could you clarify this please? The problem is actual for OS-level containers: LXC or OpenVz. They are widely used for hosting and allow to run containers by untrusted end-users. Root inside such containers is able to create groups inside own container and consume host memory without its proper accounting. Thank you, Vasily Averin