Received: by 2002:a19:771d:0:0:0:0:0 with SMTP id s29csp1268026lfc; Wed, 1 Jun 2022 13:38:38 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxSeYI2ycpuTzwXtncNsGD76JDuWLcQ6sGiMeaAWHklOexir11tFdn92e9mbQ3HZNpeTlsC X-Received: by 2002:a63:2b8b:0:b0:3fc:c510:7941 with SMTP id r133-20020a632b8b000000b003fcc5107941mr1035273pgr.47.1654115918532; Wed, 01 Jun 2022 13:38:38 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1654115918; cv=none; d=google.com; s=arc-20160816; b=RF02lSBMPV7c5ebkyzixicDjaigtMKVqcJCY+f+SJwajtDyo/FHwTc0vW7a4UrbwjC 866Ol1jekBVRhDZc1AejbxCQ9xA4XFGBMRn7Oc63RMQ8BF06Q4CLQseItYRkdoN83ki3 TUaMWPs4NlUh40mW8hV3BWOYrsLayMlQ1OcaNxpeNe2fTMfB70yivUJivpdQyRSq7E2f EqW+lJ+jGwbcErQjT/jX4rp02iu1dgrAyw2zzT1oYB/9hEKy7EQgcNBqbomEj9P97gdH +tHDYomyaRYMjV2AUQHMAvtGfZqiMCJ7xG78DWkrQf8WZ3yvh+q15GxMke+8r0wobVu8 IE0A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=R1q2pfo2QzLbUTyCNmaIYF0n/fj7XyAs77ZlAUjQ6ak=; b=i73qctoI0a3IxjZDrRQR5Dvlvl2kWGaxJ95zmbwekQaQRALGnzfghsRzCn0hYpJ8/v ITgFwxjYjfaXKeNc64pAYOho8pF8Zcoobr0swfOS+gNpisXPggOSrYXC13eGBdsqymj9 Vb+lHrr5QqcyAhEDp/BJGSkvQ2ulHkKl/r95B6uiBChC7QWKz4VGkNN9N6Wz6wEdZaHV v2yYd/r1FRrZUQINQy8/F4jFSP3fwD6FwHCmQ+TyqplUKnIzkkBjyYGnb+XunhQ4kcHO L7LO+0Osx2qcIQiIqdFVYjZpdLl1sIq71pJeWRaAHyJ13kvgVDvHNpY6TlvZiWLjSwBj 1UAw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@suse.com header.s=susede1 header.b=lwzC5Fk0; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=suse.com Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id c11-20020a170903234b00b001618e01b50fsi3692395plh.380.2022.06.01.13.38.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 01 Jun 2022 13:38:38 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.com header.s=susede1 header.b=lwzC5Fk0; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=suse.com Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 0FADB298592; Wed, 1 Jun 2022 12:50:52 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238204AbiE3PWZ (ORCPT + 99 others); Mon, 30 May 2022 11:22:25 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55884 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S241993AbiE3PVk (ORCPT ); Mon, 30 May 2022 11:21:40 -0400 Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.220.28]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D4FC61C0C86; Mon, 30 May 2022 07:23:22 -0700 (PDT) Received: from relay2.suse.de (relay2.suse.de [149.44.160.134]) by smtp-out1.suse.de (Postfix) with ESMTP id 83E9721B02; Mon, 30 May 2022 14:22:40 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1; t=1653920560; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=R1q2pfo2QzLbUTyCNmaIYF0n/fj7XyAs77ZlAUjQ6ak=; b=lwzC5Fk0mpiDTx3KNaKbU0hkbTWL5JORAz04k/a1jlcG0T/BzcVAhTgQNNKKXmGTqPTrz4 LX+DskAB/Ytzxmb9xe7q/xAVI2oE4tZVPSqopcWzPvH5ro6oNis8YpZ9wLQ5oLCuGAqyQw PRdffCQMfEglqhDe1R6XROoKtU4kWYU= Received: from suse.cz (unknown [10.100.201.86]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by relay2.suse.de (Postfix) with ESMTPS id B16172C141; Mon, 30 May 2022 14:22:39 +0000 (UTC) Date: Mon, 30 May 2022 16:22:39 +0200 From: Michal Hocko To: Vasily Averin Cc: Andrew Morton , kernel@openvz.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, Shakeel Butt , Roman Gushchin , Michal =?iso-8859-1?Q?Koutn=FD?= , Vlastimil Babka , Muchun Song , cgroups@vger.kernel.org Subject: Re: [PATCH mm v3 0/9] memcg: accounting for objects allocated by mkdir cgroup Message-ID: References: <06505918-3b8a-0ad5-5951-89ecb510138e@openvz.org> <3e1d6eab-57c7-ba3d-67e1-c45aa0dfa2ab@openvz.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon 30-05-22 16:09:00, Vasily Averin wrote: > On 5/30/22 14:55, Michal Hocko wrote: > > On Mon 30-05-22 14:25:45, Vasily Averin wrote: > >> Below is tracing results of mkdir /sys/fs/cgroup/vvs.test on > >> 4cpu VM with Fedora and self-complied upstream kernel. The calculations > >> are not precise, it depends on kernel config options, number of cpus, > >> enabled controllers, ignores possible page allocations etc. > >> However this is enough to clarify the general situation. > >> All allocations are splited into: > >> - common part, always called for each cgroup type > >> - per-cgroup allocations > >> > >> In each group we consider 2 corner cases: > >> - usual allocations, important for 1-2 CPU nodes/Vms > >> - percpu allocations, important for 'big irons' > >> > >> common part: ~11Kb + 318 bytes percpu > >> memcg: ~17Kb + 4692 bytes percpu > >> cpu: ~2.5Kb + 1036 bytes percpu > >> cpuset: ~3Kb + 12 bytes percpu > >> blkcg: ~3Kb + 12 bytes percpu > >> pid: ~1.5Kb + 12 bytes percpu > >> perf: ~320b + 60 bytes percpu > >> ------------------------------------------- > >> total: ~38Kb + 6142 bytes percpu > >> currently accounted: 4668 bytes percpu > >> > >> - it's important to account usual allocations called > >> in common part, because almost all of cgroup-specific allocations > >> are small. One exception here is memory cgroup, it allocates a few > >> huge objects that should be accounted. > >> - Percpu allocation called in common part, in memcg and cpu cgroups > >> should be accounted, rest ones are small an can be ignored. > >> - KERNFS objects are allocated both in common part and in most of > >> cgroups > >> > >> Details can be found here: > >> https://lore.kernel.org/all/d28233ee-bccb-7bc3-c2ec-461fd7f95e6a@openvz.org/ > >> > >> I checked other cgroups types was found that they all can be ignored. > >> Additionally I found allocation of struct rt_rq called in cpu cgroup > >> if CONFIG_RT_GROUP_SCHED was enabled, it allocates huge (~1700 bytes) > >> percpu structure and should be accounted too. > > > > One thing that the changelog is missing is an explanation why do we need > > to account those objects. Users are usually not empowered to create > > cgroups arbitrarily. Or at least they shouldn't because we can expect > > more problems to happen. > > > > Could you clarify this please? > > The problem is actual for OS-level containers: LXC or OpenVz. > They are widely used for hosting and allow to run containers > by untrusted end-users. Root inside such containers is able > to create groups inside own container and consume host memory > without its proper accounting. Is the unaccounted memory really the biggest problem here? IIRC having really huge cgroup trees can hurt quite some controllers. E.g. how does the cpu controller deal with too many or too deep hierarchies? -- Michal Hocko SUSE Labs