From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2605DCCA468 for ; Wed, 1 Jun 2022 14:22:19 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id A360E8D001A; Wed, 1 Jun 2022 10:22:18 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 9BDA48D000E; Wed, 1 Jun 2022 10:22:18 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 8840F8D001A; Wed, 1 Jun 2022 10:22:18 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 786F98D000E for ; Wed, 1 Jun 2022 10:22:18 -0400 (EDT) Received: from smtpin19.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay13.hostedemail.com (Postfix) with ESMTP id 4FB746094F for ; Wed, 1 Jun 2022 14:22:18 +0000 (UTC) X-FDA: 79529881956.19.FBC475F Received: from out0.migadu.com (out0.migadu.com [94.23.1.103]) by imf25.hostedemail.com (Postfix) with ESMTP id 1129FA0065 for ; Wed, 1 Jun 2022 14:21:42 +0000 (UTC) Date: Wed, 1 Jun 2022 07:22:05 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1654093333; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=7dTK8lZD+GRn5W6XhroTWtrQIr3FWONSOpLntw7o9P8=; b=NUkC82D4ypjqicXuOoWVCuRX+YRDU1QRJrivMJisaz2muYJDPR914lptcXqx2oVqxcfwc3 c1xEX6QGnV9xKfvdvIs10qjbmQ7rRL8g6itonmvlcVeG1PWh7/qnyL4C3/JkNBDTa8y+rb YUBb0WPjtf+QZOOqvtdwNWwTCxdsFdA= X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. From: Roman Gushchin To: Michal Hocko Cc: Michal =?iso-8859-1?Q?Koutn=FD?= , Vasily Averin , Andrew Morton , kernel@openvz.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, Shakeel Butt , Vlastimil Babka , Muchun Song , cgroups@vger.kernel.org Subject: Re: [PATCH mm v3 0/9] memcg: accounting for objects allocated by mkdir cgroup Message-ID: References: <3e1d6eab-57c7-ba3d-67e1-c45aa0dfa2ab@openvz.org> <3a1d8554-755f-7976-1e00-a0e7fb62c86e@openvz.org> <118bcb39-1281-0d1d-b163-3f6bcc99c3e2@openvz.org> <20220601091543.GA21320@blackbody.suse.cz> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Migadu-Flow: FLOW_OUT X-Migadu-Auth-User: linux.dev Authentication-Results: imf25.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b=NUkC82D4; dmarc=pass (policy=none) header.from=linux.dev; spf=pass (imf25.hostedemail.com: domain of roman.gushchin@linux.dev designates 94.23.1.103 as permitted sender) smtp.mailfrom=roman.gushchin@linux.dev X-Rspamd-Server: rspam03 X-Rspamd-Queue-Id: 1129FA0065 X-Rspam-User: X-Stat-Signature: yxiwc4ht45fmz4auxbzxtr6tbdzy9556 X-HE-Tag: 1654093302-326784 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Wed, Jun 01, 2022 at 03:05:34PM +0200, Michal Hocko wrote: > On Wed 01-06-22 11:32:26, Michal Hocko wrote: > > On Wed 01-06-22 11:15:43, Michal Koutny wrote: > > > On Wed, Jun 01, 2022 at 06:43:27AM +0300, Vasily Averin wrote: > > > > CT-901 /# cat /sys/fs/cgroup/memory/cgroup.subgroups_limit > > > > 512 > > > > CT-901 /# echo 3333 > /sys/fs/cgroup/memory/cgroup.subgroups_limit > > > > -bash: echo: write error: Operation not permitted > > > > CT-901 /# echo 333 > /sys/fs/cgroup/memory/cgroup.subgroups_limit > > > > -bash: echo: write error: Operation not permitted > > > > > > > > I doubt this way can be accepted in upstream, however for OpenVz > > > > something like this it is mandatory because it much better > > > > than nothing. > > > > > > Is this customization of yours something like cgroup.max.descendants on > > > the unified (v2) hierarchy? (Just curious.) > > > > > > (It can be made inaccessible from within the subtree either with cgroup > > > ns or good old FS permissions.) > > > > So we already do have a limit to prevent somebody from running away with > > the number of cgroups. Nice! Yes, we do! > > I was not aware of that and I guess this > > looks like the right thing to do. So do we need more control and > > accounting that this? > > I have checked the actual implementation and noticed that cgroups are > uncharged when offlined (rmdir-ed) which means that an adversary could > still trick the limit and runaway while still consuming resources. > > Roman, I guess the reason for this implementation was to avoid limit to > trigger on setups with memcgs which can take quite some time to die? > Would it make sense to make the implementation more strict to really act > as gate against potential cgroups count runways? The reasoning was that in many cases a user can't do much about dying cgroups, so it's not clear how they should/would handle getting -EAGAIN on creating a new cgroup (retrying will not help, obviously). Live cgroups can be easily deleted, dying cgroups - not always. I'm not sure about switching the semantics. I'd wait till Muchun's lru page reparenting will be landed (could be within 1-2 releases, I guess) and then we can check whether the whole problem is mostly gone. Honestly, I think we might need to fix few another things, but it might be not that hard (in comparison to what we already did).