From: Yafang Shao <laoar.shao@gmail.com>
To: Roman Gushchin <roman.gushchin@linux.dev>
Cc: Michal Hocko <mhocko@suse.com>,
Alexei Starovoitov <alexei.starovoitov@gmail.com>,
Shakeel Butt <shakeelb@google.com>,
Matthew Wilcox <willy@infradead.org>,
Christoph Hellwig <hch@infradead.org>,
"David S. Miller" <davem@davemloft.net>,
Daniel Borkmann <daniel@iogearbox.net>,
Andrii Nakryiko <andrii@kernel.org>, Tejun Heo <tj@kernel.org>,
Martin KaFai Lau <kafai@fb.com>, bpf <bpf@vger.kernel.org>,
Kernel Team <kernel-team@fb.com>, linux-mm <linux-mm@kvack.org>,
Christoph Lameter <cl@linux.com>,
Pekka Enberg <penberg@kernel.org>,
David Rientjes <rientjes@google.com>,
Joonsoo Kim <iamjoonsoo.kim@lge.com>,
Andrew Morton <akpm@linux-foundation.org>,
Vlastimil Babka <vbabka@suse.cz>
Subject: Re: [PATCH bpf-next 0/5] bpf: BPF specific memory allocator.
Date: Wed, 13 Jul 2022 22:24:05 +0800 [thread overview]
Message-ID: <CALOAHbAyZBKRn3HpjeKsxpTP8aKnHxFiMD_kGJG22c0X8Cb9+w@mail.gmail.com> (raw)
In-Reply-To: <Ys4wRqCWrV1WeeWp@castle>
On Wed, Jul 13, 2022 at 10:39 AM Roman Gushchin
<roman.gushchin@linux.dev> wrote:
>
> On Tue, Jul 12, 2022 at 11:52:11AM +0200, Michal Hocko wrote:
> > On Tue 12-07-22 16:39:48, Yafang Shao wrote:
> > > On Tue, Jul 12, 2022 at 3:40 PM Michal Hocko <mhocko@suse.com> wrote:
> > [...]
> > > > > Roman already sent reparenting fix:
> > > > > https://patchwork.kernel.org/project/netdevbpf/patch/20220711162827.184743-1-roman.gushchin@linux.dev/
> > > >
> > > > Reparenting is nice but not a silver bullet. Consider a shallow
> > > > hierarchy where the charging happens in the first level under the root
> > > > memcg. Reparenting to the root is just pushing everything under the
> > > > system resources category.
> > > >
> > >
> > > Agreed. That's why I don't like reparenting.
> > > Reparenting just reparent the charged pages and then redirect the new
> > > charge, but can't reparents the 'limit' of the original memcg.
> > > So it is a risk if the original memcg is still being charged. We have
> > > to forbid the destruction of the original memcg.
>
> I agree, I also don't like reparenting for !kmem case. For kmem (and *maybe*
> bpf maps is an exception), I don't think there is a better choice.
>
> > yes, I was toying with an idea like that. I guess we really want a
> > measure to keep cgroups around if they are bound to a resource which is
> > sticky itself. I am not sure how many other resources like BPF (aka
> > module like) we already do charge for memcg but considering the
> > potential memory consumption just reparenting will not help in general
> > case I am afraid.
>
> Well, then we have to make these objects a first-class citizens in cgroup API,
> like processes. E.g. introduce cgroup.bpf.maps, cgroup.mounts.tmpfs etc.
> I easily can see some value here, but it's a big API change.
>
> With the current approach when a bpf map pins a memory cgroup of the creator
> process (which I think is completely transparent for most bpf users), I don't
> think preventing the deletion of a such cgroup is possible. It will break too
> many things.
>
> But honestly I don't see why userspace can't handle it. If there is a cgroup which
> contains shared bpf maps, why would it delete it? It's a weird use case, I don't
> think we have to optimize for it. Also, we do a ton of optimizations for live
> cgroups (e.g. css refcounting being percpu) which are not working for a deleted
> cgroup. So noone really should expect any properties from dying cgroups.
>
I think we have discussed why the user can't handle it easily.
Actually It's NOT a weird use case if you are a k8s user. (Of course
it may seem weird to the systemd user, but unfortunately systemd
doesn't rule the whole world. )
I have told you that it is not reasonable to refuse a containerized
process to pin bpf programs, but if you are not familiar with k8s, it
is not easy to explain clearly why it is a trouble for deployment.
But I can try to explain to you from a *systemd user's* perspective.
bpf-memcg (must be persistent)
/ \
bpf-foo-memcg bpf-bar-memcg (must be persistent, and limit here)
-------------------------------------------------------
/ \
bpf-foo pod bpf-bar pod (being created and
destroyed, but not limited)
I assume the above hierarchy is what you expect.
But you know, in the k8s environment, everything is pod-based, that
means if we use the above hierarchy in the k8s environment, the k8s's
limiting, monitoring, debugging must be changed consequently. That
means it may be a fullstack change in k8s, a great refactor.
So below hierarchy is a reasonable solution,
bpf-memcg
|
bpf-foo pod bpf-foo-memcg (limited)
/ \ /
(charge) (not-charged) (charged)
proc-foo bpf-foo
And then keep the bpf-memgs persistent.
--
Regards
Yafang
next prev parent reply other threads:[~2022-07-13 14:24 UTC|newest]
Thread overview: 64+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20220623003230.37497-1-alexei.starovoitov@gmail.com>
2022-06-27 7:03 ` [PATCH bpf-next 0/5] bpf: BPF specific memory allocator Christoph Hellwig
2022-06-28 0:17 ` Christoph Lameter
2022-06-28 5:01 ` Alexei Starovoitov
2022-06-28 13:57 ` Christoph Lameter
2022-06-28 17:03 ` Alexei Starovoitov
2022-06-29 2:35 ` Christoph Lameter
2022-06-29 2:49 ` Alexei Starovoitov
2022-07-04 16:13 ` Vlastimil Babka
2022-07-06 17:43 ` Alexei Starovoitov
2022-07-19 11:52 ` Vlastimil Babka
2022-07-04 20:34 ` Matthew Wilcox
2022-07-06 17:50 ` Alexei Starovoitov
2022-07-06 17:55 ` Matthew Wilcox
2022-07-06 18:05 ` Alexei Starovoitov
2022-07-06 18:21 ` Matthew Wilcox
2022-07-06 18:26 ` Alexei Starovoitov
2022-07-06 18:31 ` Matthew Wilcox
2022-07-06 18:36 ` Alexei Starovoitov
2022-07-06 18:40 ` Matthew Wilcox
2022-07-06 18:51 ` Alexei Starovoitov
2022-07-06 18:55 ` Matthew Wilcox
2022-07-08 13:41 ` Michal Hocko
2022-07-08 17:48 ` Alexei Starovoitov
2022-07-08 20:13 ` Yosry Ahmed
2022-07-08 21:55 ` Shakeel Butt
2022-07-10 5:26 ` Alexei Starovoitov
2022-07-10 7:32 ` Shakeel Butt
2022-07-11 12:15 ` Michal Hocko
2022-07-12 4:39 ` Alexei Starovoitov
2022-07-12 7:40 ` Michal Hocko
2022-07-12 8:39 ` Yafang Shao
2022-07-12 9:52 ` Michal Hocko
2022-07-12 15:25 ` Shakeel Butt
2022-07-12 16:32 ` Tejun Heo
2022-07-12 17:26 ` Shakeel Butt
2022-07-12 17:36 ` Tejun Heo
2022-07-12 18:11 ` Shakeel Butt
2022-07-12 18:43 ` Alexei Starovoitov
2022-07-13 13:56 ` Yafang Shao
2022-07-12 19:11 ` Mina Almasry
2022-07-12 16:24 ` Tejun Heo
2022-07-18 14:13 ` Michal Hocko
2022-07-13 2:39 ` Roman Gushchin
2022-07-13 14:24 ` Yafang Shao [this message]
2022-07-13 16:24 ` Tejun Heo
2022-07-14 6:15 ` Yafang Shao
2022-07-18 17:55 ` Yosry Ahmed
2022-07-19 11:30 ` cgroup specific sticky resources (was: Re: [PATCH bpf-next 0/5] bpf: BPF specific memory allocator.) Michal Hocko
2022-07-19 18:00 ` Yosry Ahmed
2022-07-19 18:01 ` Yosry Ahmed
2022-07-19 18:46 ` Mina Almasry
2022-07-19 19:16 ` Tejun Heo
2022-07-19 19:30 ` Yosry Ahmed
2022-07-19 19:38 ` Tejun Heo
2022-07-19 19:40 ` Yosry Ahmed
2022-07-19 19:47 ` Mina Almasry
2022-07-19 19:54 ` Tejun Heo
2022-07-19 20:16 ` Mina Almasry
2022-07-19 20:29 ` Tejun Heo
2022-07-20 12:26 ` Michal Hocko
2022-07-12 18:40 ` [PATCH bpf-next 0/5] bpf: BPF specific memory allocator Alexei Starovoitov
2022-07-18 12:27 ` Michal Hocko
2022-07-13 2:27 ` Roman Gushchin
2022-07-11 12:22 ` Michal Hocko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CALOAHbAyZBKRn3HpjeKsxpTP8aKnHxFiMD_kGJG22c0X8Cb9+w@mail.gmail.com \
--to=laoar.shao@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=alexei.starovoitov@gmail.com \
--cc=andrii@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=cl@linux.com \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=hch@infradead.org \
--cc=iamjoonsoo.kim@lge.com \
--cc=kafai@fb.com \
--cc=kernel-team@fb.com \
--cc=linux-mm@kvack.org \
--cc=mhocko@suse.com \
--cc=penberg@kernel.org \
--cc=rientjes@google.com \
--cc=roman.gushchin@linux.dev \
--cc=shakeelb@google.com \
--cc=tj@kernel.org \
--cc=vbabka@suse.cz \
--cc=willy@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).