Received: by 2002:a05:6358:c692:b0:131:369:b2a3 with SMTP id fe18csp5497977rwb; Tue, 1 Aug 2023 03:44:24 -0700 (PDT) X-Google-Smtp-Source: APBJJlECx51dhGH0KOBKDDGwG/iTck9n9yt4FTVLZjo2twCoQjpbNMkyuBz7dqHxwYuOCkSQd+eJ X-Received: by 2002:a17:902:e5c2:b0:1b8:8b72:fa28 with SMTP id u2-20020a170902e5c200b001b88b72fa28mr13925341plf.58.1690886664524; Tue, 01 Aug 2023 03:44:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1690886664; cv=none; d=google.com; s=arc-20160816; b=wYgWUYzsel1ZHWEdfKioN5Jbzld5GDvwAAJyIekaVntg//2WPIFCFYkjDtTRw21fkl Iqw0KunQPUCEdf10xBCX8GVlIjUAZRLkVaxbAreqtQMM0KliCBy1j+/6dlDWFGkW92gG JInb1PFrH4pddW0EdL/mf/U7Rv8ktKLsdRM2jkZbqmgtELSe6xgQ3ZLGK2B8gSHCjWts V8/5q838Cgxm6mkLgdLPvMcQ7pFePyaWx6HkNl2TX0sBOsAvgDSmPEYVJ55Z0NBOyfU4 b9Q7VMLJsRps22nTHNQqwPFJQkkSfyBijSlRAKFzmKeptQYxiaNrY7MhsiQFcxR/5HHo bTog== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=wO63J1EyZpemnTVHqFZ8CyKvSylFpCyQaYjDytJ5JcI=; fh=T+nJw3Pl+3E9RMcn+dGAhEfjWecIzv0jdctJXTfk/2o=; b=0iHhZjJxVwqNXhhOtmQDQch00lyeJQHoT+u2k3YLbvZlzmnuZcHtPVFDaat5xPtoyS M5RTAKNjOpOiqMOhhHfFQX9Y+1QslGZRsF1zlskRGBdhdtWMsaxVanTU20M71gfNQUbG pvYaf06zAwVSJUurRweEtToci0hg4gkvQrB+H3NKDG+3e/rEMCb63EY40Shr1h3Hjprv ehGIgrfnUJBRJDDQViI0slT9TG9atDW5c7iTtRfVjwQO3d2AH8SfB49iOseci3wxTop1 LlhhmmthcUF06WS0EF+LZHmaJQ0PDf5rgExFittRUEUAlB74sU+HLMlCKooin2SXvbfL 06aQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@suse.com header.s=susede1 header.b=Xm1y6TPV; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=suse.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id w8-20020a170902e88800b001a677821130si5740179plg.13.2023.08.01.03.44.11; Tue, 01 Aug 2023 03:44:24 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.com header.s=susede1 header.b=Xm1y6TPV; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=suse.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232884AbjHAJyv (ORCPT + 99 others); Tue, 1 Aug 2023 05:54:51 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54334 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231978AbjHAJyu (ORCPT ); Tue, 1 Aug 2023 05:54:50 -0400 Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.220.29]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1C5C4BE; Tue, 1 Aug 2023 02:54:49 -0700 (PDT) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id C24E81F38D; Tue, 1 Aug 2023 09:54:47 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1; t=1690883687; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=wO63J1EyZpemnTVHqFZ8CyKvSylFpCyQaYjDytJ5JcI=; b=Xm1y6TPV+ft2mgHUEs0a4S+VBf8IeVMT2AHrnpwxVYWrl3VVPM27WCA62GEGULwRhG07+U n0QYWPeJiNSw5BddFNX4NloFWNI0P/eu+VT8/XaOjKnQpON2VvvYJD09cUF5gpKij+y1c4 5kP2fChggBnUHXhaJts/jfCsA5DAVGc= Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id B0B8813919; Tue, 1 Aug 2023 09:54:47 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id Z5loKmfWyGRWUgAAMHmgww (envelope-from ); Tue, 01 Aug 2023 09:54:47 +0000 Date: Tue, 1 Aug 2023 11:54:47 +0200 From: Michal Hocko To: Johannes Weiner Cc: Yosry Ahmed , Andrew Morton , Roman Gushchin , Shakeel Butt , Muchun Song , "Matthew Wilcox (Oracle)" , Tejun Heo , Zefan Li , Yu Zhao , Luis Chamberlain , Kees Cook , Iurii Zaikin , "T.J. Mercier" , Greg Thelen , linux-kernel@vger.kernel.org, linux-mm@kvack.org, cgroups@vger.kernel.org Subject: Re: [RFC PATCH 0/8] memory recharging for offline memcgs Message-ID: References: <20230720070825.992023-1-yosryahmed@google.com> <20230720153515.GA1003248@cmpxchg.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20230720153515.GA1003248@cmpxchg.org> X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_BLOCKED, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org [Sorry for being late to this discussion] On Thu 20-07-23 11:35:15, Johannes Weiner wrote: [...] > I'm super skeptical of this proposal. Agreed. > Recharging *might* be the most desirable semantics from a user pov, > but only if it applies consistently to the whole memory footprint. > There is no mention of slab allocations such as inodes, dentries, > network buffers etc. which can be a significant part of a cgroup's > footprint. These are currently reparented. I don't think doing one > thing with half of the memory, and a totally different thing with the > other half upon cgroup deletion is going to be acceptable semantics. > > It appears this also brings back the reliability issue that caused us > to deprecate charge moving. The recharge path has trylocks, LRU > isolation attempts, GFP_ATOMIC allocations. These introduce a variable > error rate into the relocation process, which causes pages that should > belong to the same domain to be scattered around all over the place. > It also means that zombie pinning still exists, but it's now even more > influenced by timing and race conditions, and so less predictable. > > There are two issues being conflated here: > > a) the problem of zombie cgroups, and > > b) who controls resources that outlive the control domain. > > For a), reparenting is still the most reasonable proposal. It's > reliable for one, but it also fixes the problem fully within the > established, user-facing semantics: resources that belong to a cgroup > also hierarchically belong to all ancestral groups; if those resources > outlive the last-level control domain, they continue to belong to the > parents. This is how it works today, and this is how it continues to > work with reparenting. The only difference is that those resources no > longer pin a dead cgroup anymore, but instead are physically linked to > the next online ancestor. Since dead cgroups have no effective control > parameters anymore, this is semantically equivalent - it's just a more > memory efficient implementation of the same exact thing. > > b) is a discussion totally separate from this. We can argue what we > want this behavior to be, but I'd argue strongly that whatever we do > here should apply to all resources managed by the controller equally. > > It could also be argued that if you don't want to lose control over a > set of resources, then maybe don't delete their control domain while > they are still alive and in use. For example, when restarting a > workload, and the new instance is expected to have largely the same > workingset, consider reusing the cgroup instead of making a new one. > > For the zombie problem, I think we should merge Muchun's patches > ASAP. They've been proposed several times, they have Roman's reviews > and acks, and they do not change user-facing semantics. There is no > good reason not to merge them. Yes, fully agreed on both points. The problem with zombies is real but reparenting should address it for a large part. Ownership is a different problem. We have discussed that at LSFMM this year and in the past as well I believe. What we probably need is a concept of taking an ownership of the memory (something like madvise(MADV_OWN, range) or fadvise for fd based resources). This would allow the caller to take ownership of the said resource (like memcg charge of it). I understand that would require some changes to existing workloads. Whatever the interface will be, it has to be explicit otherwise we are hitting problems with unaccounted resources that are sitting without any actual ownership and an undeterministic and time dependeing hopping over owners. In other words, nobody should be able to drop responsibility of any object while it is still consuming resources. -- Michal Hocko SUSE Labs