From: Frederic Weisbecker <fweisbec-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
To: Daniel J Walsh <dwalsh-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
Cc: Tim Hockin <thockin-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>,
Michal Hocko <mhocko-AlSwsSmVLrQ@public.gmane.org>,
Serge Hallyn
<serge.hallyn-GeWIH/nMZzLQT0dZR+AlfA@public.gmane.org>,
Richard Davies <richard-li8END47hbdWk0Htik3J/w@public.gmane.org>,
Vladimir Davydov
<vdavydov-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>,
Marian Marinov <mm-NV7Lj0SOnH0@public.gmane.org>,
Max Kellermann <mk-xMchvyqCc6DQT0dZR+AlfA@public.gmane.org>,
Tim Hockin <thockin-Rl2oBbRerpQdnm+yROfE0A@public.gmane.org>,
containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org,
cgroups-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
Glauber Costa <glommer-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>,
"linux-mm-Bw31MaZKKs3YtjvyW6yDsg@public.gmane.org"
<linux-mm-Bw31MaZKKs3YtjvyW6yDsg@public.gmane.org>,
William Dauchy <wdauchy-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>,
Johannes Weiner <hannes-druUgvl0LCNAfugRpC6u6w@public.gmane.org>,
Tejun Heo <tj-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>,
David Rientjes <rientjes-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
Subject: Re: Protection against container fork bombs [WAS: Re: memcg with kmem limit doesn't recover after disk i/o causes limit to be hit]
Date: Wed, 30 Apr 2014 15:28:49 +0200 [thread overview]
Message-ID: <20140430132846.GA17745@localhost.localdomain> (raw)
In-Reply-To: <5360F6B4.9010308-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
On Wed, Apr 30, 2014 at 09:12:20AM -0400, Daniel J Walsh wrote:
>
> On 04/29/2014 05:44 PM, Frederic Weisbecker wrote:
> > On Tue, Apr 29, 2014 at 09:59:30AM -0700, Tim Hockin wrote:
> >> Here's the reason it doesn't work for us: It doesn't work. It was
> >> something like 2 YEARS since we first wanted this, and it STILL does
> >> not work.
> > When I was working on the task counter cgroup subsystem 2 years
> > ago, the patches were actually pushed back by google people, in favour
> > of task stack kmem cgroup subsystem.
> >
> > The reason was that expressing the forkbomb issue in terms of
> > number of tasks as a resource is awkward and that the real resource
> > in the game comes from kernel memory exhaustion due to task stack being
> > allocated over and over, swap ping-pong and stuffs...
> >
> > And that was a pretty good argument. I still agree with that. Especially
> > since that could solve others people issues at the same time. kmem
> > cgroup has a quite large domain of application.
> >
> >> You're postponing a pretty simple request indefinitely in
> >> favor of a much more complex feature, which still doesn't really give
> >> me what I want. What I want is an API that works like rlimit but
> >> per-cgroup, rather than per-UID.
> > The request is simple but I don't think that adding the task counter
> > cgroup subsystem is simpler than extending the kmem code to apply limits
> > to only task stack. Especially in terms of maintainance.
> >
> > Also you guys have very good mm kernel developers who are already
> > familiar with this.
> I would look at this from a Usability point of view. It is a lot easier
> to understand number of processes then the mount of KMEM those processes
> will need. Setting something like
> ProcessLimit=1000 in a systemd unit file is easy to explain.
Yeah that's a fair point.
> Now if systemd has the ability to translate this into something that makes
> sense in terms of kmem cgroup, then my argument goes away.
Yeah if we keep the kmem direction, this can be a place where we do the mapping.
Now I just hope the amount of stack memory allocated doesn't differ too much per arch.
WARNING: multiple messages have this Message-ID (diff)
From: Frederic Weisbecker <fweisbec@gmail.com>
To: Daniel J Walsh <dwalsh@redhat.com>
Cc: Tim Hockin <thockin@google.com>, Michal Hocko <mhocko@suse.cz>,
Serge Hallyn <serge.hallyn@ubuntu.com>,
Richard Davies <richard@arachsys.com>,
Vladimir Davydov <vdavydov@parallels.com>,
Marian Marinov <mm@yuhu.biz>, Max Kellermann <mk@cm4all.com>,
Tim Hockin <thockin@hockin.org>,
containers@lists.linux-foundation.org, cgroups@vger.kernel.org,
Glauber Costa <glommer@parallels.com>,
"linux-mm@kvack.org" <linux-mm@kvack.org>,
William Dauchy <wdauchy@gmail.com>,
Johannes Weiner <hannes@cmpxchg.org>, Tejun Heo <tj@kernel.org>,
David Rientjes <rientjes@google.com>
Subject: Re: Protection against container fork bombs [WAS: Re: memcg with kmem limit doesn't recover after disk i/o causes limit to be hit]
Date: Wed, 30 Apr 2014 15:28:49 +0200 [thread overview]
Message-ID: <20140430132846.GA17745@localhost.localdomain> (raw)
In-Reply-To: <5360F6B4.9010308@redhat.com>
On Wed, Apr 30, 2014 at 09:12:20AM -0400, Daniel J Walsh wrote:
>
> On 04/29/2014 05:44 PM, Frederic Weisbecker wrote:
> > On Tue, Apr 29, 2014 at 09:59:30AM -0700, Tim Hockin wrote:
> >> Here's the reason it doesn't work for us: It doesn't work. It was
> >> something like 2 YEARS since we first wanted this, and it STILL does
> >> not work.
> > When I was working on the task counter cgroup subsystem 2 years
> > ago, the patches were actually pushed back by google people, in favour
> > of task stack kmem cgroup subsystem.
> >
> > The reason was that expressing the forkbomb issue in terms of
> > number of tasks as a resource is awkward and that the real resource
> > in the game comes from kernel memory exhaustion due to task stack being
> > allocated over and over, swap ping-pong and stuffs...
> >
> > And that was a pretty good argument. I still agree with that. Especially
> > since that could solve others people issues at the same time. kmem
> > cgroup has a quite large domain of application.
> >
> >> You're postponing a pretty simple request indefinitely in
> >> favor of a much more complex feature, which still doesn't really give
> >> me what I want. What I want is an API that works like rlimit but
> >> per-cgroup, rather than per-UID.
> > The request is simple but I don't think that adding the task counter
> > cgroup subsystem is simpler than extending the kmem code to apply limits
> > to only task stack. Especially in terms of maintainance.
> >
> > Also you guys have very good mm kernel developers who are already
> > familiar with this.
> I would look at this from a Usability point of view. It is a lot easier
> to understand number of processes then the mount of KMEM those processes
> will need. Setting something like
> ProcessLimit=1000 in a systemd unit file is easy to explain.
Yeah that's a fair point.
> Now if systemd has the ability to translate this into something that makes
> sense in terms of kmem cgroup, then my argument goes away.
Yeah if we keep the kmem direction, this can be a place where we do the mapping.
Now I just hope the amount of stack memory allocated doesn't differ too much per arch.
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2014-04-30 13:28 UTC|newest]
Thread overview: 84+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-04-16 15:46 memcg with kmem limit doesn't recover after disk i/o causes limit to be hit Richard Davies
2014-04-18 15:59 ` Michal Hocko
[not found] ` <20140418155939.GE4523-2MMpYkNvuYDjFM9bn6wA6Q@public.gmane.org>
2014-04-18 17:57 ` Vladimir Davydov
2014-04-18 17:57 ` Vladimir Davydov
[not found] ` <5351679F.5040908-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>
2014-04-18 18:20 ` Michal Hocko
2014-04-18 18:20 ` Michal Hocko
2014-04-18 18:37 ` Vladimir Davydov
2014-04-20 14:28 ` Protection against container fork bombs [WAS: Re: memcg with kmem limit doesn't recover after disk i/o causes limit to be hit] Richard Davies
2014-04-20 14:28 ` Richard Davies
[not found] ` <20140420142830.GC22077-2oeHp4OYwSjPZs67QiJbJtBPR1lH4CV8@public.gmane.org>
2014-04-20 18:35 ` Tim Hockin
2014-04-22 18:39 ` Dwight Engen
2014-04-20 18:35 ` Tim Hockin
2014-04-22 18:39 ` Dwight Engen
2014-04-22 20:05 ` Richard Davies
2014-04-22 20:13 ` Tim Hockin
[not found] ` <20140422200531.GA19334-2oeHp4OYwSjPZs67QiJbJtBPR1lH4CV8@public.gmane.org>
2014-04-22 20:13 ` Tim Hockin
2014-04-23 6:07 ` Marian Marinov
2014-04-23 6:07 ` Marian Marinov
2014-04-23 12:49 ` Dwight Engen
[not found] ` <20140423084942.560ae837-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org>
2014-04-28 18:00 ` Serge Hallyn
2014-04-28 18:00 ` Serge Hallyn
2014-04-29 7:25 ` Michal Hocko
2014-04-29 7:25 ` Michal Hocko
[not found] ` <20140429072515.GB15058-2MMpYkNvuYDjFM9bn6wA6Q@public.gmane.org>
2014-04-29 13:03 ` Serge Hallyn
2014-04-29 13:03 ` Serge Hallyn
2014-04-29 13:57 ` Marian Marinov
2014-04-29 13:57 ` Marian Marinov
2014-04-29 13:57 ` Marian Marinov
2014-04-29 14:04 ` Tim Hockin
2014-04-29 14:04 ` Tim Hockin
2014-04-29 15:43 ` Michal Hocko
2014-04-29 15:43 ` Michal Hocko
2014-04-29 16:06 ` Tim Hockin
2014-04-29 16:51 ` Frederic Weisbecker
[not found] ` <20140429165114.GE6129-bi+AKbBUZKY6gyzm1THtWbp2dZbC/Bob@public.gmane.org>
2014-04-29 16:59 ` Tim Hockin
2014-04-29 16:59 ` Tim Hockin
2014-04-29 16:59 ` Tim Hockin
[not found] ` <CAO_Rewa20dneL8e3T4UPnu2Dkv28KTgFJR9_YSmRBKp-_yqewg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-04-29 17:06 ` Michal Hocko
2014-04-29 17:06 ` Michal Hocko
[not found] ` <20140429170639.GA25609-2MMpYkNvuYDjFM9bn6wA6Q@public.gmane.org>
2014-04-29 17:30 ` Dwight Engen
2014-04-29 17:30 ` Dwight Engen
[not found] ` <20140429133039.162d9dd7-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org>
2014-04-29 18:09 ` Richard Davies
2014-04-29 18:09 ` Richard Davies
[not found] ` <20140429180927.GB29606-2oeHp4OYwSjPZs67QiJbJtBPR1lH4CV8@public.gmane.org>
2014-04-29 18:27 ` Michal Hocko
2014-04-29 18:27 ` Michal Hocko
[not found] ` <20140429182742.GB25609-2MMpYkNvuYDjFM9bn6wA6Q@public.gmane.org>
2014-04-29 18:39 ` Richard Davies
2014-04-29 18:39 ` Richard Davies
[not found] ` <20140429183928.GF29606-2oeHp4OYwSjPZs67QiJbJtBPR1lH4CV8@public.gmane.org>
2014-04-29 19:03 ` Michal Hocko
2014-04-29 19:03 ` Michal Hocko
2014-04-29 21:36 ` Marian Marinov
2014-04-29 21:36 ` Marian Marinov
[not found] ` <53601B68.60906-NV7Lj0SOnH0@public.gmane.org>
2014-04-30 13:31 ` Michal Hocko
2014-04-30 13:31 ` Michal Hocko
2014-04-30 13:31 ` Michal Hocko
2014-04-29 18:27 ` Michal Hocko
2014-04-29 17:06 ` Michal Hocko
2014-04-29 21:44 ` Frederic Weisbecker
2014-04-29 21:44 ` Frederic Weisbecker
2014-04-30 13:12 ` Daniel J Walsh
[not found] ` <5360F6B4.9010308-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2014-04-30 13:28 ` Frederic Weisbecker [this message]
2014-04-30 13:28 ` Frederic Weisbecker
2014-04-30 13:28 ` Frederic Weisbecker
[not found] ` <20140429214454.GF6129-bi+AKbBUZKY6gyzm1THtWbp2dZbC/Bob@public.gmane.org>
2014-04-30 13:12 ` Daniel J Walsh
2014-04-29 21:44 ` Frederic Weisbecker
[not found] ` <CAO_RewYZDGLBAKit4CudTbqVk+zfDRX8kP0W6Zz90xJh7abM9Q-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-04-29 16:51 ` Frederic Weisbecker
[not found] ` <20140429154345.GH15058-2MMpYkNvuYDjFM9bn6wA6Q@public.gmane.org>
2014-04-29 16:06 ` Tim Hockin
2014-04-29 15:43 ` Michal Hocko
2014-04-29 13:03 ` Serge Hallyn
2014-05-06 11:40 ` Marian Marinov
2014-06-10 14:50 ` Marian Marinov
2014-06-10 14:50 ` Marian Marinov
2014-06-10 14:50 ` Marian Marinov
2014-05-06 11:40 ` Marian Marinov
2014-05-07 17:15 ` Dwight Engen
[not found] ` <20140507131514.43716518-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org>
2014-05-07 22:39 ` Marian Marinov
2014-05-07 22:39 ` Marian Marinov
[not found] ` <536AB626.9070005-108MBtLGafw@public.gmane.org>
2014-05-08 15:25 ` Richard Davies
2014-05-08 15:25 ` Richard Davies
[not found] ` <5368CA47.7030007-NV7Lj0SOnH0@public.gmane.org>
2014-05-07 17:15 ` Dwight Engen
[not found] ` <535758A0.5000500-NV7Lj0SOnH0@public.gmane.org>
2014-04-23 12:49 ` Dwight Engen
2014-04-23 6:07 ` Marian Marinov
2014-06-10 12:18 ` Alin Dobre
2014-06-10 12:18 ` Alin Dobre
[not found] ` <20140422143943.20609800-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org>
2014-04-22 20:05 ` Richard Davies
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140430132846.GA17745@localhost.localdomain \
--to=fweisbec-re5jqeeqqe8avxtiumwx3w@public.gmane.org \
--cc=cgroups-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
--cc=dwalsh-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=glommer-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org \
--cc=hannes-druUgvl0LCNAfugRpC6u6w@public.gmane.org \
--cc=linux-mm-Bw31MaZKKs3YtjvyW6yDsg@public.gmane.org \
--cc=mhocko-AlSwsSmVLrQ@public.gmane.org \
--cc=mk-xMchvyqCc6DQT0dZR+AlfA@public.gmane.org \
--cc=mm-NV7Lj0SOnH0@public.gmane.org \
--cc=richard-li8END47hbdWk0Htik3J/w@public.gmane.org \
--cc=rientjes-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org \
--cc=serge.hallyn-GeWIH/nMZzLQT0dZR+AlfA@public.gmane.org \
--cc=thockin-Rl2oBbRerpQdnm+yROfE0A@public.gmane.org \
--cc=thockin-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org \
--cc=tj-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org \
--cc=vdavydov-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org \
--cc=wdauchy-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.