Re: [PATCH bpf-next v6 06/34] bpf: prepare for memcg-based memory accounting for bpf maps
From: Alexei Starovoitov
Date: Tue Nov 17 2020 - 20:11:58 EST
On Tue, Nov 17, 2020 at 5:07 PM Roman Gushchin <guro@xxxxxx> wrote:
>
> On Tue, Nov 17, 2020 at 04:46:34PM -0800, Roman Gushchin wrote:
> > On Wed, Nov 18, 2020 at 01:06:17AM +0100, Daniel Borkmann wrote:
> > > On 11/17/20 4:40 AM, Roman Gushchin wrote:
> > > > In the absolute majority of cases if a process is making a kernel
> > > > allocation, it's memory cgroup is getting charged.
> > > >
> > > > Bpf maps can be updated from an interrupt context and in such
> > > > case there is no process which can be charged. It makes the memory
> > > > accounting of bpf maps non-trivial.
> > > >
> > > > Fortunately, after commit 4127c6504f25 ("mm: kmem: enable kernel
> > > > memcg accounting from interrupt contexts") and b87d8cefe43c
> > > > ("mm, memcg: rework remote charging API to support nesting")
> > > > it's finally possible.
> > > >
> > > > To do it, a pointer to the memory cgroup of the process which created
> > > > the map is saved, and this cgroup is getting charged for all
> > > > allocations made from an interrupt context.
> > > >
> > > > Allocations made from a process context will be accounted in a usual way.
> > > >
> > > > Signed-off-by: Roman Gushchin <guro@xxxxxx>
> > > > Acked-by: Song Liu <songliubraving@xxxxxx>
> > > [...]
> > > > +#ifdef CONFIG_MEMCG_KMEM
> > > > +static __always_inline int __bpf_map_update_elem(struct bpf_map *map, void *key,
> > > > + void *value, u64 flags)
> > > > +{
> > > > + struct mem_cgroup *old_memcg;
> > > > + bool in_interrupt;
> > > > + int ret;
> > > > +
> > > > + /*
> > > > + * If update from an interrupt context results in a memory allocation,
> > > > + * the memory cgroup to charge can't be determined from the context
> > > > + * of the current task. Instead, we charge the memory cgroup, which
> > > > + * contained a process created the map.
> > > > + */
> > > > + in_interrupt = in_interrupt();
> > > > + if (in_interrupt)
> > > > + old_memcg = set_active_memcg(map->memcg);
> > > > +
> > > > + ret = map->ops->map_update_elem(map, key, value, flags);
> > > > +
> > > > + if (in_interrupt)
> > > > + set_active_memcg(old_memcg);
> > > > +
> > > > + return ret;
> > >
> > > Hmm, this approach here won't work, see also commit 09772d92cd5a ("bpf: avoid
> > > retpoline for lookup/update/delete calls on maps") which removes the indirect
> > > call, so the __bpf_map_update_elem() and therefore the set_active_memcg() is
> > > not invoked for the vast majority of cases.
> >
> > I see. Well, the first option is to move these calls into map-specific update
> > functions, but the list is relatively long:
> > nsim_map_update_elem()
> > cgroup_storage_update_elem()
> > htab_map_update_elem()
> > htab_percpu_map_update_elem()
> > dev_map_update_elem()
> > dev_map_hash_update_elem()
> > trie_update_elem()
> > cpu_map_update_elem()
> > bpf_pid_task_storage_update_elem()
> > bpf_fd_inode_storage_update_elem()
> > bpf_fd_sk_storage_update_elem()
> > sock_map_update_elem()
> > xsk_map_update_elem()
> >
> > Alternatively, we can set the active memcg for the whole duration of bpf
> > execution. It's simpler, but will add some overhead. Maybe we can somehow
> > mark programs calling into update helpers and skip all others?
>
> Actually, this is problematic if a program updates several maps, because
> in theory they can belong to different cgroups.
> So it seems that the first option is the way to go. Do you agree?
May be instead of kmalloc_node() that is used by most of the map updates
introduce bpf_map_kmalloc_node() that takes a map pointer as an argument?
And do set_memcg inside?