Re: [PATCH v9 1/8] hugetlb_cgroup: Add hugetlb_cgroup reservation counter
From: Mina Almasry
Date: Mon Jan 13 2020 - 16:04:04 EST
On Mon, Jan 13, 2020 at 10:44 AM Mike Kravetz <mike.kravetz@xxxxxxxxxx> wrote:
>
> On 12/17/19 3:16 PM, Mina Almasry wrote:
> > These counters will track hugetlb reservations rather than hugetlb
> > memory faulted in. This patch only adds the counter, following patches
> > add the charging and uncharging of the counter.
> >
> > This is patch 1 of an 8 patch series.
> >
> > Problem:
> > Currently tasks attempting to allocate more hugetlb memory than is available get
> > a failure at mmap/shmget time. This is thanks to Hugetlbfs Reservations [1].
> > However, if a task attempts to allocate hugetlb memory only more than its
> > hugetlb_cgroup limit allows, the kernel will allow the mmap/shmget call,
> > but will SIGBUS the task when it attempts to fault the memory in.
> >
> > We have developers interested in using hugetlb_cgroups, and they have expressed
> > dissatisfaction regarding this behavior. We'd like to improve this
> > behavior such that tasks violating the hugetlb_cgroup limits get an error on
> > mmap/shmget time, rather than getting SIGBUS'd when they try to fault
> > the excess memory in.
> >
> > The underlying problem is that today's hugetlb_cgroup accounting happens
> > at hugetlb memory *fault* time, rather than at *reservation* time.
> > Thus, enforcing the hugetlb_cgroup limit only happens at fault time, and
> > the offending task gets SIGBUS'd.
> >
> > Proposed Solution:
> > A new page counter named hugetlb.xMB.reservation_[limit|usage]_in_bytes. This
> > counter has slightly different semantics than
> > hugetlb.xMB.[limit|usage]_in_bytes:
> >
> > - While usage_in_bytes tracks all *faulted* hugetlb memory,
> > reservation_usage_in_bytes tracks all *reserved* hugetlb memory and
> > hugetlb memory faulted in without a prior reservation.
>
> To me, this implies that 'faults without reservations' could cause
> reservation usage to exceed reservation limit? Or, does the faulting
> process get a SIGBUS because of the reservation limit even though it
> is not using reservations?
>
> We shall see in subsequent patches.
>
The design we went with based on previous discussions is as follows:
hugetlb pages faulted without a prior reservation get accounted at
fault time, rather than reservation time, and if the fault causes the
counter to cross the limit, the charge fails, hence the fault fails,
hence the process gets sigbus'd.
This means that one counter I'm adding here can cover both use cases:
if the userspace uses MAP_NORESERVE, then their memory is accounted at
fault time and they may get sigbus'd. If the userspace does *not* use
MAP_NORESERVE, then their memory is charged at reservation (mmap) time
and should be completely immune to runtime sigbus, unless they do
something really weird like reserve a bunch of memory, punch a hole in
the reserved memory, lower their limit, then fault in memory from the
hole.
> >
> > - If a task attempts to reserve more memory than limit_in_bytes allows,
> > the kernel will allow it to do so. But if a task attempts to reserve
> > more memory than reservation_limit_in_bytes, the kernel will fail this
> > reservation.
> >
> > This proposal is implemented in this patch series, with tests to verify
> > functionality and show the usage. We also added cgroup-v2 support to
> > hugetlb_cgroup so that the new use cases can be extended to v2.
>
> As previously discussed, cgroup-v2 support for hugetlb_cgroup will exist
> before this patch series.
>
Yes, this will be fixed in the next iteration.
> >
> > Alternatives considered:
> > 1. A new cgroup, instead of only a new page_counter attached to
> > the existing hugetlb_cgroup. Adding a new cgroup seemed like a lot of code
> > duplication with hugetlb_cgroup. Keeping hugetlb related page counters under
> > hugetlb_cgroup seemed cleaner as well.
> >
> > 2. Instead of adding a new counter, we considered adding a sysctl that modifies
> > the behavior of hugetlb.xMB.[limit|usage]_in_bytes, to do accounting at
> > reservation time rather than fault time. Adding a new page_counter seems
> > better as userspace could, if it wants, choose to enforce different cgroups
> > differently: one via limit_in_bytes, and another via
> > reservation_limit_in_bytes. This could be very useful if you're
> > transitioning how hugetlb memory is partitioned on your system one
> > cgroup at a time, for example. Also, someone may find usage for both
> > limit_in_bytes and reservation_limit_in_bytes concurrently, and this
> > approach gives them the option to do so.
> >
> > Testing:
> > - Added tests passing.
> > - Used libhugetlbfs for regression testing.
> >
> > [1]: https://www.kernel.org/doc/html/latest/vm/hugetlbfs_reserv.html
> >
> > Signed-off-by: Mina Almasry <almasrymina@xxxxxxxxxx>
> > Acked-by: Hillf Danton <hdanton@xxxxxxxx>
>
> I think the ACK by Hillf happened some time back. You may want to check
> to see if it still applies.
>
Yes, will remove the ack in the next iteration. I'll re-add it if Hilf
reviews again.
> >
> > ---
> > include/linux/hugetlb.h | 4 +-
> > mm/hugetlb_cgroup.c | 116 +++++++++++++++++++++++++++++++++++-----
> > 2 files changed, 106 insertions(+), 14 deletions(-)
>
> Only one minor nit in the code.
>
> You made this cleanup,
> @@ -472,7 +519,7 @@ static void __init __hugetlb_cgroup_file_dfl_init(int idx)
> struct hstate *h = &hstates[idx];
>
> /* format the size */
> - mem_fmt(buf, 32, huge_page_size(h));
> + mem_fmt(buf, sizeof(buf), huge_page_size(h));
>
> /* Add the limit file */
> cft = &h->cgroup_files_dfl[0];
>
> But did not make the same cleanup in __hugetlb_cgroup_file_legacy_init()
Will be fixed in the next iteration.
> --
> Mike Kravetz