Received: by 2002:a19:771d:0:0:0:0:0 with SMTP id s29csp1283494lfc; Wed, 1 Jun 2022 14:10:44 -0700 (PDT) X-Google-Smtp-Source: ABdhPJz0QzqUfQwi+K5QCIkh0GZJiBtuUc+5jg0S8acrf1bdtjlay6MkNd9lpl+AJD2D4MBDNsHM X-Received: by 2002:a63:6cf:0:b0:3fc:961b:deac with SMTP id 198-20020a6306cf000000b003fc961bdeacmr1122103pgg.180.1654117844579; Wed, 01 Jun 2022 14:10:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1654117844; cv=none; d=google.com; s=arc-20160816; b=kYDOcY7x3pgzyz7w7SBCvrMgwueOVrfAhB3WU/tfYUhedhleYfH5Z9eFyfEUt6leqz IQ0GKCCODWjuPlhH1V6veiomRX7QewYqgdsgzwa/WOXUqYkNCn5YC4S6a7SMUUlyIM5E 2LeVc+qMeE/sRwB5UMNLsqCwC/IbkskCAqiPzWRFR57+uJRdZviPm/EUJJtqZkfHh92I wliRUFKMypeCQB4l5+7E2mObyzvp075h2hR3e1ZMqWAMLriINRgbpEbI3O26YzRXqehC 8QHDtChAokl4wegamNFVAFEdRFE8bPlgXEThxweoviQeVT4Y3Y4aOl+07DDpH7xSZBCi 61TA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=umyJ259eqDO/AWl48+5+ukfsnKPvszoN7+zzaQVPwm8=; b=fuzL0nYsPelU+L63xcudNGdgtbkoK34W6iVcuOrQjzvPiKUarEtAFfizPvr2DtFNDZ 8x2ALmBA1VqbXfAhVxXY3oHYdQTujZdhE3AnF+T0G8aVspSeJbKEWzC6uaNkwgukSIjN F5CPlD0lHWNgVzoQsDTpA5tzLtOxMqU73na6GYOs9o+GFqMY20IGNDbQUggIU4/uByjQ CxwZ4Ayc3GxfrowR/zsmMKFJLuPBczOYG2ompwD3grKK1sqxEryQt40ojjl1lwSrW+wX wWoOJXaQlTSqKzpHS2Sb+sEmE6Q8wIJtEVUObdvYPWvaRedyzbt0V6x63+rYdbov6Ihe 78pA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@suse.com header.s=susede1 header.b=WoreISCA; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=suse.com Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id l9-20020a656809000000b003f60495f184si3312503pgt.236.2022.06.01.14.10.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 01 Jun 2022 14:10:44 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.com header.s=susede1 header.b=WoreISCA; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=suse.com Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 517F421E0CA; Wed, 1 Jun 2022 13:02:27 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1350126AbiFAJ1D (ORCPT + 99 others); Wed, 1 Jun 2022 05:27:03 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59654 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345424AbiFAJ1A (ORCPT ); Wed, 1 Jun 2022 05:27:00 -0400 Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.220.28]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 808E911452; Wed, 1 Jun 2022 02:26:58 -0700 (PDT) Received: from relay2.suse.de (relay2.suse.de [149.44.160.134]) by smtp-out1.suse.de (Postfix) with ESMTP id 6F21121A8A; Wed, 1 Jun 2022 09:26:57 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1; t=1654075617; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=umyJ259eqDO/AWl48+5+ukfsnKPvszoN7+zzaQVPwm8=; b=WoreISCAqGglNQ8BJCy9DimpyyoJ5TmjQXs5xFqaChdfvvjWTEM/Z/C/9xylNwI8JCAecl dlXZ3yxKbq25Ub4V0OGKQ6Jw0yolmXWFO7VolBdU29hcv+0VkSMqBfc1HQQ4fU0y3OB2+j eO7TltYUvtkJnEhhoEHEbHPVjSWSSkU= Received: from suse.cz (unknown [10.100.201.86]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by relay2.suse.de (Postfix) with ESMTPS id 07A812C141; Wed, 1 Jun 2022 09:26:55 +0000 (UTC) Date: Wed, 1 Jun 2022 11:26:55 +0200 From: Michal Hocko To: Vasily Averin Cc: Andrew Morton , kernel@openvz.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, Shakeel Butt , Roman Gushchin , Michal =?iso-8859-1?Q?Koutn=FD?= , Vlastimil Babka , Muchun Song , cgroups@vger.kernel.org Subject: Re: [PATCH mm v3 0/9] memcg: accounting for objects allocated by mkdir cgroup Message-ID: References: <06505918-3b8a-0ad5-5951-89ecb510138e@openvz.org> <3e1d6eab-57c7-ba3d-67e1-c45aa0dfa2ab@openvz.org> <3a1d8554-755f-7976-1e00-a0e7fb62c86e@openvz.org> <118bcb39-1281-0d1d-b163-3f6bcc99c3e2@openvz.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <118bcb39-1281-0d1d-b163-3f6bcc99c3e2@openvz.org> X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed 01-06-22 06:43:27, Vasily Averin wrote: [...] > However, it isn't critical for OpenVz. Our kernel does not allow > to change of cgroup.subgroups_limit from inside containers. What is the semantic of this limit? > CT-901 /# cat /sys/fs/cgroup/memory/cgroup.subgroups_limit > 512 > CT-901 /# echo 3333 > /sys/fs/cgroup/memory/cgroup.subgroups_limit > -bash: echo: write error: Operation not permitted > CT-901 /# echo 333 > /sys/fs/cgroup/memory/cgroup.subgroups_limit > -bash: echo: write error: Operation not permitted > > I doubt this way can be accepted in upstream, however for OpenVz > something like this it is mandatory because it much better > than nothing. > > The number can be adjusted by host admin. The current default limit > looks too small for me, however it is not difficult to increase it > to a reasonable 10,000. > > My experiments show that ~10000 cgroups consumes 0.5 Gb memory on 4cpu VM. > On "big irons" it can easily grow up to several Gb. This is quite a lot > to ignore its accounting. Too many cgroups can certainly have a high memory footprint. I guess this is quite clear. The question is whether trying to limit them by the memory footprint is really the right way to go. I would be especially worried about those smaller machines because of a smaller footprint which would allow to deplete the id space faster. Maybe we need some sort of limit on the number of cgroups in a subtree so that any potential runaway can be prevented regardless of the cgroups memory footprint. One potentially big problem with that is that cgroups can live quite long after being offlined (e.g. memcg) so such a limit could easily trigger I can imagine. -- Michal Hocko SUSE Labs