From: Michal Hocko <mhocko@suse.com>
To: Shakeel Butt <shakeelb@google.com>
Cc: Borislav Petkov <bp@alien8.de>, Vasily Averin <vvs@virtuozzo.com>,
Cgroups <cgroups@vger.kernel.org>, Linux MM <linux-mm@kvack.org>,
Johannes Weiner <hannes@cmpxchg.org>,
Vladimir Davydov <vdavydov.dev@gmail.com>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>,
x86@kernel.org
Subject: Re: [PATCH v2 8/8] memcg: accounting for ldt_struct objects
Date: Mon, 15 Mar 2021 16:58:32 +0100 [thread overview]
Message-ID: <YE+EKC2yiyzjsEkq@dhcp22.suse.cz> (raw)
In-Reply-To: <CALvZod7aT7t_Yp67CaECbCSzk8CuqBRMUBccthLCpz4osqDLKw@mail.gmail.com>
On Mon 15-03-21 08:48:26, Shakeel Butt wrote:
> On Mon, Mar 15, 2021 at 6:27 AM Borislav Petkov <bp@alien8.de> wrote:
> >
> > On Mon, Mar 15, 2021 at 03:24:01PM +0300, Vasily Averin wrote:
> > > Unprivileged user inside memcg-limited container can create
> > > non-accounted multi-page per-thread kernel objects for LDT
> >
> > I have hard time parsing this commit message.
> >
> > And I'm CCed only on patch 8 of what looks like a patchset.
> >
> > And that patchset is not on lkml so I can't find the rest to read about
> > it, perhaps linux-mm.
> >
> > /me goes and finds it on lore
> >
> > I can see some bits and pieces, this, for example:
> >
> > https://lore.kernel.org/linux-mm/05c448c7-d992-8d80-b423-b80bf5446d7c@virtuozzo.com/
> >
> > ( Btw, that version has your SOB and this patch doesn't even have a
> > Signed-off-by. Next time, run your whole set through checkpatch please
> > before sending. )
> >
> > Now, this URL above talks about OOM, ok, that gets me close to the "why"
> > this patch.
> >
> > From a quick look at the ldt.c code, we allow a single LDT struct per
> > mm. Manpage says so too:
> >
> > DESCRIPTION
> > modify_ldt() reads or writes the local descriptor table (LDT) for a process.
> > The LDT is an array of segment descriptors that can be referenced by user code.
> > Linux allows processes to configure a per-process (actually per-mm) LDT.
> >
> > We allow
> >
> > /* Maximum number of LDT entries supported. */
> > #define LDT_ENTRIES 8192
> >
> > so there's an upper limit per mm.
> >
> > Now, please explain what is this accounting for?
> >
>
> Let me try to provide the reasoning at least from my perspective.
> There are legitimate workloads with hundreds of processes and there
> can be hundreds of workloads running on large machines. The
> unaccounted memory can cause isolation issues between the workloads
> particularly on highly utilized machines.
It would be better to be explicit
8192 * 8 = 64kB * number_of_tasks
so realistically this is in range of lower megabytes. Is this worth the
memcg accounting overhead? Maybe yes but what kind of workloads really
care?
--
Michal Hocko
SUSE Labs
next prev parent reply other threads:[~2021-03-15 16:32 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-09 8:03 [PATCH 0/9] memcg accounting from OpenVZ Vasily Averin
2021-03-09 21:12 ` Shakeel Butt
2021-03-10 10:17 ` Vasily Averin
2021-03-10 10:41 ` Michal Hocko
2021-03-11 7:00 ` Vasily Averin
2021-03-11 8:35 ` Michal Hocko
[not found] ` <360b4c94-8713-f621-1049-6bc0865c1867@virtuozzo.com>
2021-03-15 13:27 ` [PATCH v2 8/8] memcg: accounting for ldt_struct objects Borislav Petkov
2021-03-15 15:48 ` Shakeel Butt
2021-03-15 15:58 ` Michal Hocko [this message]
2021-03-15 15:59 ` Borislav Petkov
[not found] ` <8196f732-718e-0465-a39c-62668cc12c2b@virtuozzo.com>
2021-03-15 15:14 ` [PATCH v2 2/8] memcg: accounting for ip6_dst_cache David Ahern
[not found] ` <cb893761-cf6e-fa92-3219-712e485259b4@virtuozzo.com>
2021-03-15 15:14 ` [PATCH v2 3/8] memcg: accounting for fib_rules David Ahern
[not found] ` <d569bf43-b30a-02af-f7ad-ccc794a50589@virtuozzo.com>
2021-03-15 15:15 ` [PATCH v2 4/8] memcg: accounting for ip_fib caches David Ahern
[not found] ` <4eb97c88-b87c-6f6e-3960-b1a61b46d380@virtuozzo.com>
2021-03-15 15:56 ` [PATCH v2 5/8] memcg: accounting for fasync_cache Shakeel Butt
[not found] ` <85b5f428-294b-af57-f496-5be5fddeeeea@virtuozzo.com>
2021-03-15 15:13 ` [PATCH v2 1/8] memcg: accounting for fib6_nodes cache David Ahern
2021-03-15 15:23 ` Shakeel Butt
2021-03-15 17:09 ` Jakub Kicinski
2021-03-15 19:24 ` Shakeel Butt
2021-03-15 19:32 ` Roman Gushchin
2021-03-15 19:35 ` Jakub Kicinski
2021-03-11 15:14 ` [PATCH 0/9] memcg accounting from OpenVZ Shakeel Butt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YE+EKC2yiyzjsEkq@dhcp22.suse.cz \
--to=mhocko@suse.com \
--cc=bp@alien8.de \
--cc=cgroups@vger.kernel.org \
--cc=hannes@cmpxchg.org \
--cc=linux-mm@kvack.org \
--cc=mingo@redhat.com \
--cc=shakeelb@google.com \
--cc=tglx@linutronix.de \
--cc=vdavydov.dev@gmail.com \
--cc=vvs@virtuozzo.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox