* [PATCH v5 2/8] socket: initial cgroup code.
From: Glauber Costa @ 2011-10-04 12:17 UTC (permalink / raw)
To: linux-kernel
Cc: paul, lizf, kamezawa.hiroyu, ebiederm, davem, gthelen, netdev,
linux-mm, kirill, avagin, devel, Glauber Costa
In-Reply-To: <1317730680-24352-1-git-send-email-glommer@parallels.com>
We aim to control the amount of kernel memory pinned at any
time by tcp sockets. To lay the foundations for this work,
this patch adds a pointer to the kmem_cgroup to the socket
structure.
Signed-off-by: Glauber Costa <glommer@parallels.com>
Acked-by: Kirill A. Shutemov<kirill@shutemov.name>
Reviewed-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujtsu.com>
CC: David S. Miller <davem@davemloft.net>
CC: Eric W. Biederman <ebiederm@xmission.com>
---
include/linux/memcontrol.h | 15 +++++++++++++++
include/net/sock.h | 2 ++
mm/memcontrol.c | 36 ++++++++++++++++++++++++++++++++++++
net/core/sock.c | 3 +++
4 files changed, 56 insertions(+), 0 deletions(-)
diff --git a/include/linux/memcontrol.h b/include/linux/memcontrol.h
index 343bd76..88aea1b 100644
--- a/include/linux/memcontrol.h
+++ b/include/linux/memcontrol.h
@@ -376,5 +376,20 @@ mem_cgroup_print_bad_page(struct page *page)
}
#endif
+#ifdef CONFIG_INET
+struct sock;
+#ifdef CONFIG_CGROUP_MEM_RES_CTLR_KMEM
+void sock_update_memcg(struct sock *sk);
+void sock_release_memcg(struct sock *sk);
+
+#else
+static inline void sock_update_memcg(struct sock *sk)
+{
+}
+static inline void sock_release_memcg(struct sock *sk)
+{
+}
+#endif /* CONFIG_CGROUP_MEM_RES_CTLR_KMEM */
+#endif /* CONFIG_INET */
#endif /* _LINUX_MEMCONTROL_H */
diff --git a/include/net/sock.h b/include/net/sock.h
index 8e4062f..afe1467 100644
--- a/include/net/sock.h
+++ b/include/net/sock.h
@@ -228,6 +228,7 @@ struct sock_common {
* @sk_security: used by security modules
* @sk_mark: generic packet mark
* @sk_classid: this socket's cgroup classid
+ * @sk_cgrp: this socket's kernel memory (kmem) cgroup
* @sk_write_pending: a write to stream socket waits to start
* @sk_state_change: callback to indicate change in the state of the sock
* @sk_data_ready: callback to indicate there is data to be processed
@@ -339,6 +340,7 @@ struct sock {
#endif
__u32 sk_mark;
u32 sk_classid;
+ struct mem_cgroup *sk_cgrp;
void (*sk_state_change)(struct sock *sk);
void (*sk_data_ready)(struct sock *sk, int bytes);
void (*sk_write_space)(struct sock *sk);
diff --git a/mm/memcontrol.c b/mm/memcontrol.c
index 0871e3f..b1dcba9 100644
--- a/mm/memcontrol.c
+++ b/mm/memcontrol.c
@@ -296,6 +296,42 @@ struct mem_cgroup {
spinlock_t pcp_counter_lock;
};
+/* Writing them here to avoid exposing memcg's inner layout */
+#ifdef CONFIG_CGROUP_MEM_RES_CTLR_KMEM
+#ifdef CONFIG_INET
+#include <net/sock.h>
+
+void sock_update_memcg(struct sock *sk)
+{
+ /* right now a socket spends its whole life in the same cgroup */
+ if (sk->sk_cgrp) {
+ WARN_ON(1);
+ return;
+ }
+
+ rcu_read_lock();
+ sk->sk_cgrp = mem_cgroup_from_task(current);
+
+ /*
+ * We don't need to protect against anything task-related, because
+ * we are basically stuck with the sock pointer that won't change,
+ * even if the task that originated the socket changes cgroups.
+ *
+ * What we do have to guarantee, is that the chain leading us to
+ * the top level won't change under our noses. Incrementing the
+ * reference count via cgroup_exclude_rmdir guarantees that.
+ */
+ cgroup_exclude_rmdir(mem_cgroup_css(sk->sk_cgrp));
+ rcu_read_unlock();
+}
+
+void sock_release_memcg(struct sock *sk)
+{
+ cgroup_release_and_wakeup_rmdir(mem_cgroup_css(sk->sk_cgrp));
+}
+#endif /* CONFIG_INET */
+#endif /* CONFIG_CGROUP_MEM_RES_CTLR_KMEM */
+
/* Stuffs for move charges at task migration. */
/*
* Types of charges to be moved. "move_charge_at_immitgrate" is treated as a
diff --git a/net/core/sock.c b/net/core/sock.c
index bc745d0..5426ba0 100644
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -125,6 +125,7 @@
#include <net/xfrm.h>
#include <linux/ipsec.h>
#include <net/cls_cgroup.h>
+#include <linux/memcontrol.h>
#include <linux/filter.h>
@@ -1141,6 +1142,7 @@ struct sock *sk_alloc(struct net *net, int family, gfp_t priority,
atomic_set(&sk->sk_wmem_alloc, 1);
sock_update_classid(sk);
+ sock_update_memcg(sk);
}
return sk;
@@ -1172,6 +1174,7 @@ static void __sk_free(struct sock *sk)
put_cred(sk->sk_peer_cred);
put_pid(sk->sk_peer_pid);
put_net(sock_net(sk));
+ sock_release_memcg(sk);
sk_prot_free(sk->sk_prot_creator, sk);
}
--
1.7.6
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Fight unfair telecom internet charges in Canada: sign http://stopthemeter.ca/
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply related
* [PATCH v5 1/8] Basic kernel memory functionality for the Memory Controller
From: Glauber Costa @ 2011-10-04 12:17 UTC (permalink / raw)
To: linux-kernel
Cc: paul, lizf, kamezawa.hiroyu, ebiederm, davem, gthelen, netdev,
linux-mm, kirill, avagin, devel, Glauber Costa
In-Reply-To: <1317730680-24352-1-git-send-email-glommer@parallels.com>
This patch lays down the foundation for the kernel memory component
of the Memory Controller.
As of today, I am only laying down the following files:
* memory.independent_kmem_limit
* memory.kmem.limit_in_bytes (currently ignored)
* memory.kmem.usage_in_bytes (always zero)
Signed-off-by: Glauber Costa <glommer@parallels.com>
Reviewed-by: Kirill A. Shutemov <kirill@shutemov.name>
CC: Paul Menage <paul@paulmenage.org>
CC: Greg Thelen <gthelen@google.com>
---
Documentation/cgroups/memory.txt | 36 ++++++++++++++-
init/Kconfig | 14 ++++++
mm/memcontrol.c | 93 +++++++++++++++++++++++++++++++++++--
3 files changed, 136 insertions(+), 7 deletions(-)
diff --git a/Documentation/cgroups/memory.txt b/Documentation/cgroups/memory.txt
index 06eb6d9..bf00cd2 100644
--- a/Documentation/cgroups/memory.txt
+++ b/Documentation/cgroups/memory.txt
@@ -44,8 +44,9 @@ Features:
- oom-killer disable knob and oom-notifier
- Root cgroup has no limit controls.
- Kernel memory and Hugepages are not under control yet. We just manage
- pages on LRU. To add more controls, we have to take care of performance.
+ Hugepages is not under control yet. We just manage pages on LRU. To add more
+ controls, we have to take care of performance. Kernel memory support is work
+ in progress, and the current version provides basically functionality.
Brief summary of control files.
@@ -56,8 +57,11 @@ Brief summary of control files.
(See 5.5 for details)
memory.memsw.usage_in_bytes # show current res_counter usage for memory+Swap
(See 5.5 for details)
+ memory.kmem.usage_in_bytes # show current res_counter usage for kmem only.
+ (See 2.7 for details)
memory.limit_in_bytes # set/show limit of memory usage
memory.memsw.limit_in_bytes # set/show limit of memory+Swap usage
+ memory.kmem.limit_in_bytes # if allowed, set/show limit of kernel memory
memory.failcnt # show the number of memory usage hits limits
memory.memsw.failcnt # show the number of memory+Swap hits limits
memory.max_usage_in_bytes # show max memory usage recorded
@@ -72,6 +76,9 @@ Brief summary of control files.
memory.oom_control # set/show oom controls.
memory.numa_stat # show the number of memory usage per numa node
+ memory.independent_kmem_limit # select whether or not kernel memory limits are
+ independent of user limits
+
1. History
The memory controller has a long history. A request for comments for the memory
@@ -255,6 +262,31 @@ When oom event notifier is registered, event will be delivered.
per-zone-per-cgroup LRU (cgroup's private LRU) is just guarded by
zone->lru_lock, it has no lock of its own.
+2.7 Kernel Memory Extension (CONFIG_CGROUP_MEM_RES_CTLR_KMEM)
+
+ With the Kernel memory extension, the Memory Controller is able to limit
+the amount of kernel memory used by the system. Kernel memory is fundamentally
+different than user memory, since it can't be swapped out, which makes it
+possible to DoS the system by consuming too much of this precious resource.
+Kernel memory limits are not imposed for the root cgroup.
+
+Memory limits as specified by the standard Memory Controller may or may not
+take kernel memory into consideration. This is achieved through the file
+memory.independent_kmem_limit. A Value different than 0 will allow for kernel
+memory to be controlled separately.
+
+When kernel memory limits are not independent, the limit values set in
+memory.kmem files are ignored.
+
+Currently no soft limit is implemented for kernel memory. It is future work
+to trigger slab reclaim when those limits are reached.
+
+CAUTION: As of this writing, the kmem extention may prevent tasks from moving
+among cgroups. If a task has kmem accounting in a cgroup, the task cannot be
+moved until the kmem resource is released. Also, until the resource is fully
+released, the cgroup cannot be destroyed. So, please consider your use cases
+and set kmem extention config option carefully.
+
3. User Interface
0. Configuration
diff --git a/init/Kconfig b/init/Kconfig
index d627783..b62b9e0 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -689,6 +689,20 @@ config CGROUP_MEM_RES_CTLR_SWAP_ENABLED
For those who want to have the feature enabled by default should
select this option (if, for some reason, they need to disable it
then swapaccount=0 does the trick).
+config CGROUP_MEM_RES_CTLR_KMEM
+ bool "Memory Resource Controller Kernel Memory accounting (EXPERIMENTAL)"
+ depends on CGROUP_MEM_RES_CTLR && EXPERIMENTAL
+ default n
+ help
+ The Kernel Memory extension for Memory Resource Controller can limit
+ the amount of memory used by kernel objects in the system. Those are
+ fundamentally different from the entities handled by the standard
+ Memory Controller, which are page-based, and can be swapped. Users of
+ the kmem extension can use it to guarantee that no group of processes
+ will ever exhaust kernel resources alone.
+
+ WARNING: The current experimental implementation does not allow a
+ task to move among different cgroups with a kmem resource being held.
config CGROUP_PERF
bool "Enable perf_event per-cpu per-container group (cgroup) monitoring"
diff --git a/mm/memcontrol.c b/mm/memcontrol.c
index 3508777..0871e3f 100644
--- a/mm/memcontrol.c
+++ b/mm/memcontrol.c
@@ -226,6 +226,10 @@ struct mem_cgroup {
*/
struct res_counter memsw;
/*
+ * the counter to account for kmem usage.
+ */
+ struct res_counter kmem;
+ /*
* Per cgroup active and inactive list, similar to the
* per zone LRU lists.
*/
@@ -276,6 +280,11 @@ struct mem_cgroup {
*/
unsigned long move_charge_at_immigrate;
/*
+ * Should kernel memory limits be stabilished independently
+ * from user memory ?
+ */
+ int kmem_independent_accounting;
+ /*
* percpu counter.
*/
struct mem_cgroup_stat_cpu *stat;
@@ -343,9 +352,14 @@ enum charge_type {
};
/* for encoding cft->private value on file */
-#define _MEM (0)
-#define _MEMSWAP (1)
-#define _OOM_TYPE (2)
+
+enum mem_type {
+ _MEM = 0,
+ _MEMSWAP,
+ _OOM_TYPE,
+ _KMEM,
+};
+
#define MEMFILE_PRIVATE(x, val) (((x) << 16) | (val))
#define MEMFILE_TYPE(val) (((val) >> 16) & 0xffff)
#define MEMFILE_ATTR(val) ((val) & 0xffff)
@@ -3837,10 +3851,15 @@ static inline u64 mem_cgroup_usage(struct mem_cgroup *mem, bool swap)
u64 val;
if (!mem_cgroup_is_root(mem)) {
+ val = 0;
+ if (!mem->kmem_independent_accounting)
+ val = res_counter_read_u64(&mem->kmem, RES_USAGE);
if (!swap)
- return res_counter_read_u64(&mem->res, RES_USAGE);
+ val += res_counter_read_u64(&mem->res, RES_USAGE);
else
- return res_counter_read_u64(&mem->memsw, RES_USAGE);
+ val += res_counter_read_u64(&mem->memsw, RES_USAGE);
+
+ return val;
}
val = mem_cgroup_recursive_stat(mem, MEM_CGROUP_STAT_CACHE);
@@ -3873,6 +3892,10 @@ static u64 mem_cgroup_read(struct cgroup *cont, struct cftype *cft)
else
val = res_counter_read_u64(&mem->memsw, name);
break;
+ case _KMEM:
+ val = res_counter_read_u64(&mem->kmem, name);
+ break;
+
default:
BUG();
break;
@@ -4603,6 +4626,22 @@ static int mem_control_numa_stat_open(struct inode *unused, struct file *file)
}
#endif /* CONFIG_NUMA */
+#ifdef CONFIG_CGROUP_MEM_RES_CTLR_KMEM
+static u64 kmem_limit_independent_read(struct cgroup *cont, struct cftype *cft)
+{
+ return mem_cgroup_from_cont(cont)->kmem_independent_accounting;
+}
+
+static int kmem_limit_independent_write(struct cgroup *cont, struct cftype *cft,
+ u64 val)
+{
+ cgroup_lock();
+ mem_cgroup_from_cont(cont)->kmem_independent_accounting = !!val;
+ cgroup_unlock();
+ return 0;
+}
+#endif
+
static struct cftype mem_cgroup_files[] = {
{
.name = "usage_in_bytes",
@@ -4718,6 +4757,44 @@ static int register_memsw_files(struct cgroup *cont, struct cgroup_subsys *ss)
}
#endif
+
+#ifdef CONFIG_CGROUP_MEM_RES_CTLR_KMEM
+static struct cftype kmem_cgroup_files[] = {
+ {
+ .name = "independent_kmem_limit",
+ .read_u64 = kmem_limit_independent_read,
+ .write_u64 = kmem_limit_independent_write,
+ },
+ {
+ .name = "kmem.usage_in_bytes",
+ .private = MEMFILE_PRIVATE(_KMEM, RES_USAGE),
+ .read_u64 = mem_cgroup_read,
+ },
+ {
+ .name = "kmem.limit_in_bytes",
+ .private = MEMFILE_PRIVATE(_KMEM, RES_LIMIT),
+ .read_u64 = mem_cgroup_read,
+ },
+};
+
+static int register_kmem_files(struct cgroup *cont, struct cgroup_subsys *ss)
+{
+ struct mem_cgroup *memcg = mem_cgroup_from_cont(cont);
+ int ret = 0;
+
+ if (!mem_cgroup_is_root(memcg))
+ ret = cgroup_add_files(cont, ss, kmem_cgroup_files,
+ ARRAY_SIZE(kmem_cgroup_files));
+ return ret;
+};
+
+#else
+static int register_kmem_files(struct cgroup *cont, struct cgroup_subsys *ss)
+{
+ return 0;
+}
+#endif
+
static int alloc_mem_cgroup_per_zone_info(struct mem_cgroup *mem, int node)
{
struct mem_cgroup_per_node *pn;
@@ -4916,6 +4993,7 @@ mem_cgroup_create(struct cgroup_subsys *ss, struct cgroup *cont)
if (parent && parent->use_hierarchy) {
res_counter_init(&mem->res, &parent->res);
res_counter_init(&mem->memsw, &parent->memsw);
+ res_counter_init(&mem->kmem, &parent->kmem);
/*
* We increment refcnt of the parent to ensure that we can
* safely access it on res_counter_charge/uncharge.
@@ -4926,6 +5004,7 @@ mem_cgroup_create(struct cgroup_subsys *ss, struct cgroup *cont)
} else {
res_counter_init(&mem->res, NULL);
res_counter_init(&mem->memsw, NULL);
+ res_counter_init(&mem->kmem, NULL);
}
mem->last_scanned_child = 0;
mem->last_scanned_node = MAX_NUMNODES;
@@ -4969,6 +5048,10 @@ static int mem_cgroup_populate(struct cgroup_subsys *ss,
if (!ret)
ret = register_memsw_files(cont, ss);
+
+ if (!ret)
+ ret = register_kmem_files(cont, ss);
+
return ret;
}
--
1.7.6
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Fight unfair telecom internet charges in Canada: sign http://stopthemeter.ca/
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply related
* [PATCH v5 0/8] per-cgroup tcp buffer pressure settings
From: Glauber Costa @ 2011-10-04 12:17 UTC (permalink / raw)
To: linux-kernel
Cc: paul, lizf, kamezawa.hiroyu, ebiederm, davem, gthelen, netdev,
linux-mm, kirill, avagin, devel
[[ v3: merge Kirill's suggestions, + a destroy-related bugfix ]]
[[ v4: Fix a bug with non-mounted cgroups + disallow task movement ]]
[[ v5: Compile bug with modular ipv6 + tcp files in bytes ]]
Kame, Kirill,
I am submitting this again merging most of your comments. I've decided to
leave some of them out:
* I am not using res_counters for allocated_memory. Besides being more
expensive than what we need, to make it work in a nice way, we'd have
to change the !cgroup code, including other protocols than tcp. Also,
* I am not using failcnt and max_usage_in_bytes for it. I believe the value
of those lies more in the allocation than in the pressure control. Besides,
fail conditions lie mostly outside of the memory cgroup's control. (Actually,
a soft_limit makes a lot of sense, and I do plan to introduce it in a follow
up series)
If you agree with the above, and there are any other pressing issues, let me
know and I will address them ASAP. Otherwise, let's discuss it. I'm always open.
All:
This patch introduces per-cgroup tcp buffers limitation. This allows
sysadmins to specify a maximum amount of kernel memory that
tcp connections can use at any point in time. TCP is the main interest
in this work, but extending it to other protocols would be easy.
For this to work, I am hooking it into memcg, after the introdution of
an extension for tracking and controlling objects in kernel memory.
Since they are usually not found in page granularity, and are fundamentally
different from userspace memory (not swappable, can't overcommit), they
need their special place inside the Memory Controller.
Right now, the kmem extension is quite basic, and just lays down the
basic infrastucture for the ongoing work.
Although it does not account kernel memory allocated - I preferred to
keep this series simple and leave accounting to the slab allocations when
they arrive.
What it does is to piggyback in the memory control mechanism already present in
/proc/sys/net/ipv4/tcp_mem. There is a soft limit, and a hard limit,
that will suppress allocation when reached. For each non-root cgroup, however,
the file kmem.tcp_maxmem will be used to cap those values.
The usage I have in mind here is containers. Each container will
define its own values for soft and hard limits, but none of them will
be possibly bigger than the value the box' sysadmin specified from
the outside.
To test for any performance impacts of this patch, I used netperf's
TCP_RR benchmark on localhost, so we can have both recv and snd in action.
For this iteration, I am using the 1% confidence interval as suggested by Rick.
Command line used was ./src/netperf -t TCP_RR -H localhost -i 30,3 -I 99,1 and the
results: (I haven't re-run this since nothing major changed from last version, nothing
in core)
Without the patch
=================
Local /Remote
Socket Size Request Resp. Elapsed Trans.
Send Recv Size Size Time Rate
bytes Bytes bytes bytes secs. per sec
16384 87380 1 1 10.00 35356.22
16384 87380
With the patch
==============
Local /Remote
Socket Size Request Resp. Elapsed Trans.
Send Recv Size Size Time Rate
bytes Bytes bytes bytes secs. per sec
16384 87380 1 1 10.00 35399.12
16384 87380
The difference is less than 0.5 %
A simple test with a 1000 level nesting yields more or less the same
difference:
1000 level nesting
==================
Local /Remote
Socket Size Request Resp. Elapsed Trans.
Send Recv Size Size Time Rate
bytes Bytes bytes bytes secs. per sec
16384 87380 1 1 10.00 35304.35
16384 87380
Glauber Costa (8):
Basic kernel memory functionality for the Memory Controller
socket: initial cgroup code.
foundations of per-cgroup memory pressure controlling.
per-cgroup tcp buffers control
per-netns ipv4 sysctl_tcp_mem
tcp buffer limitation: per-cgroup limit
Display current tcp memory allocation in kmem cgroup
Disable task moving when using kernel memory accounting
Documentation/cgroups/memory.txt | 38 ++++-
crypto/af_alg.c | 7 +-
include/linux/memcontrol.h | 56 ++++++
include/net/netns/ipv4.h | 1 +
include/net/sock.h | 127 +++++++++++++-
include/net/tcp.h | 29 +++-
include/net/udp.h | 3 +-
include/trace/events/sock.h | 10 +-
init/Kconfig | 14 ++
mm/memcontrol.c | 371 ++++++++++++++++++++++++++++++++++++--
net/core/sock.c | 104 ++++++++---
net/decnet/af_decnet.c | 21 ++-
net/ipv4/proc.c | 7 +-
net/ipv4/sysctl_net_ipv4.c | 71 +++++++-
net/ipv4/tcp.c | 58 ++++---
net/ipv4/tcp_input.c | 12 +-
net/ipv4/tcp_ipv4.c | 24 ++-
net/ipv4/tcp_output.c | 2 +-
net/ipv4/tcp_timer.c | 2 +-
net/ipv4/udp.c | 20 ++-
net/ipv6/tcp_ipv6.c | 20 ++-
net/ipv6/udp.c | 4 +-
net/sctp/socket.c | 35 +++-
23 files changed, 905 insertions(+), 131 deletions(-)
--
1.7.6
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Fight unfair telecom internet charges in Canada: sign http://stopthemeter.ca/
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply
* Go through this:
From: AHMMAD YOUNIS @ 2011-10-04 11:16 UTC (permalink / raw)
Go through this:
http://en.wikipedia.org/wiki/Abdul_Fatah_Younis
Pls help me
safegaurd this $42M USD currently loged in a security company in Europe by my
late father Abdul Fatah Younis, who was arrested and killed by rebel force
(NFSL). I will give you more detail upon ur acceptance.
Ahmmad Younis
Libya
^ permalink raw reply
* Re: [PATCH v4 7/8] Display current tcp memory allocation in kmem cgroup
From: Glauber Costa @ 2011-10-04 9:10 UTC (permalink / raw)
To: Kirill A. Shutemov
Cc: linux-kernel, paul, lizf, kamezawa.hiroyu, ebiederm, davem,
gthelen, netdev, linux-mm, avagin
In-Reply-To: <20111003123620.GA30018@shutemov.name>
On 10/03/2011 04:36 PM, Kirill A. Shutemov wrote:
> On Mon, Oct 03, 2011 at 04:26:41PM +0400, Glauber Costa wrote:
>> On 10/03/2011 04:25 PM, Kirill A. Shutemov wrote:
>>> On Mon, Oct 03, 2011 at 04:19:18PM +0400, Glauber Costa wrote:
>>>> On 10/03/2011 04:14 PM, Kirill A. Shutemov wrote:
>>>>> On Mon, Oct 03, 2011 at 02:18:42PM +0400, Glauber Costa wrote:
>>>>>> This patch introduces kmem.tcp_current_memory file, living in the
>>>>>> kmem_cgroup filesystem. It is a simple read-only file that displays the
>>>>>> amount of kernel memory currently consumed by the cgroup.
>>>>>>
>>>>>> Signed-off-by: Glauber Costa<glommer@parallels.com>
>>>>>> CC: David S. Miller<davem@davemloft.net>
>>>>>> CC: Hiroyouki Kamezawa<kamezawa.hiroyu@jp.fujitsu.com>
>>>>>> CC: Eric W. Biederman<ebiederm@xmission.com>
>>>>>> ---
>>>>>> Documentation/cgroups/memory.txt | 1 +
>>>>>> mm/memcontrol.c | 11 +++++++++++
>>>>>> 2 files changed, 12 insertions(+), 0 deletions(-)
>>>>>>
>>>>>> diff --git a/Documentation/cgroups/memory.txt b/Documentation/cgroups/memory.txt
>>>>>> index 1ffde3e..f5a539d 100644
>>>>>> --- a/Documentation/cgroups/memory.txt
>>>>>> +++ b/Documentation/cgroups/memory.txt
>>>>>> @@ -79,6 +79,7 @@ Brief summary of control files.
>>>>>> memory.independent_kmem_limit # select whether or not kernel memory limits are
>>>>>> independent of user limits
>>>>>> memory.kmem.tcp.max_memory # set/show hard limit for tcp buf memory
>>>>>> + memory.kmem.tcp.current_memory # show current tcp buf memory allocation
>>>>>
>>>>> Both are in pages, right?
>>>>> Shouldn't it be scaled to bytes and named uniform with other memcg file?
>>>>> memory.kmem.tcp.limit_in_bytes/usage_in_bytes.
>>>>>
>>>> You are absolutely correct.
>>>> Since the internal tcp comparison works, I just ended up never noticing
>>>> this.
>>>
>>> Should we have failcnt and max_usage_in_bytes for tcp as well?
>>>
>>
>> Well, we get a fail count from the tracer anyway, so I don't really see
>> a need for that. I see value in having it for the slab allocation
>> itself, but since this only controls the memory pressure framework, I
>> think we can live without it.
>>
>> That said, this is not a strong opinion. I can add it if you'd prefer.
>
> It's good for userspace to have the same set of files for all domains:
> - memory;
> - memory.memsw;
> - memory.kmem;
> - memory.kmem.tcp;
> - etc.
> Userspace can reuse code for handling them in this case.
>
Ok. Back on this.
Not all domains have all files anyway.
max_usage seems to be a property of the main memcg, not of its domains.
failcnt is present on memsw, and on that only. The problem here, is that
this can fail ( and usually will ) in codepaths outside the memory
controller. (see net/core/sock.c:__sk_mem_schedule)
Also, max_usage makes sense for kernel memory as a whole, but I don't
think it makes sense here as we're only controlling a specific pressure
condition.
So in a nutshell: I'd like to leave this alone, and add
kmem.max_usage_in_bytes and kmem.failcnt to the to soon-to-land-here
slab accounting patches. (Where the actual allocation happens)
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Fight unfair telecom internet charges in Canada: sign http://stopthemeter.ca/
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply
* Re: linux-next: build failure after merge of the akpm tree
From: Stephen Rothwell @ 2011-10-04 7:44 UTC (permalink / raw)
To: Andrew Morton
Cc: Andrew Morton, linux-next, linux-kernel, Stephen Boyd,
Ingo Molnar, H. Peter Anvin, David Miller, netdev
In-Reply-To: <20110929230226.5fed4095.akpm00@gmail.com>
[-- Attachment #1: Type: text/plain, Size: 694 bytes --]
Hi Andrew,
On Thu, 29 Sep 2011 23:02:26 -0700 Andrew Morton <akpm00@gmail.com> wrote:
>
> > Caused by commit 15e19cbbbf2a ("x86: implement strict user copy checks
> > for x86_64") when built with gcc 4.6.0. This does not fail when built
> > with 4.5.2.
>
> That patch is a PITA. I've been waiting for some saviour to come along
> and fix all the warnings it emits before proceeding with it. As I am
> apparently saviourless I shall hide that patch from the mm->linux-next
> drop, so only I get to suffer its effects.
OK, I have dropped that commit from linux-next.
--
Cheers,
Stephen Rothwell sfr@canb.auug.org.au
http://www.canb.auug.org.au/~sfr/
[-- Attachment #2: Type: application/pgp-signature, Size: 836 bytes --]
^ permalink raw reply
* Re: [PATCH 2/2] IPVS netns shutdown/startup dead-lock (Take III)
From: Julian Anastasov @ 2011-10-04 7:40 UTC (permalink / raw)
To: Hans Schillstrom; +Cc: horms, wensong, lvs-devel, netdev, netfilter-devel, hans
In-Reply-To: <1317711216-8416-1-git-send-email-hans.schillstrom@ericsson.com>
Hello,
On Tue, 4 Oct 2011, Hans Schillstrom wrote:
> From: Hans Schillstrom <hans@schillstrom.com>
>
> ip_vs_mutext is used by both netns shutdown code and startup
> and both implicit uses sk_lock-AF_INET mutex.
>
> cleanup CPU-1 startup CPU-2
> ip_vs_dst_event() ip_vs_genl_set_cmd()
> sk_lock-AF_INET __ip_vs_mutex
> sk_lock-AF_INET
> __ip_vs_mutex
> * DEAD LOCK *
>
> A new mutex placed in ip_vs netns struct called sync_mutex is added.
>
> Comments from Julian and Simon added.
> This patch has been running for more than 3 month now and it seems to work.
>
> Ver. 3
> IP_VS_SO_GET_DAEMON in do_ip_vs_get_ctl protected by sync_mutex
> instead of __ip_vs_mutex as sugested by Julian.
>
> Signed-off-by: Hans Schillstrom <hans@schillstrom.com>
Looks good to me, with one extra empty line in
start_sync_thread
Acked-by: Julian Anastasov <ja@ssi.bg>
> ---
> include/net/ip_vs.h | 1 +
> net/netfilter/ipvs/ip_vs_ctl.c | 131 ++++++++++++++++++++++++---------------
> net/netfilter/ipvs/ip_vs_sync.c | 6 ++
> 3 files changed, 87 insertions(+), 51 deletions(-)
>
> diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h
> index 1aaf915..8fa4430 100644
> --- a/include/net/ip_vs.h
> +++ b/include/net/ip_vs.h
> @@ -900,6 +900,7 @@ struct netns_ipvs {
> volatile int sync_state;
> volatile int master_syncid;
> volatile int backup_syncid;
> + struct mutex sync_mutex;
> /* multicast interface name */
> char master_mcast_ifn[IP_VS_IFNAME_MAXLEN];
> char backup_mcast_ifn[IP_VS_IFNAME_MAXLEN];
> diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
> index a1af72f..c77b5a0 100644
> --- a/net/netfilter/ipvs/ip_vs_ctl.c
> +++ b/net/netfilter/ipvs/ip_vs_ctl.c
> @@ -2284,6 +2284,7 @@ do_ip_vs_set_ctl(struct sock *sk, int cmd, void __user *user, unsigned int len)
> struct ip_vs_service *svc;
> struct ip_vs_dest_user *udest_compat;
> struct ip_vs_dest_user_kern udest;
> + struct netns_ipvs *ipvs = net_ipvs(net);
>
> if (!capable(CAP_NET_ADMIN))
> return -EPERM;
> @@ -2304,6 +2305,24 @@ do_ip_vs_set_ctl(struct sock *sk, int cmd, void __user *user, unsigned int len)
> /* increase the module use count */
> ip_vs_use_count_inc();
>
> + /* Handle daemons since they have another lock */
> + if (cmd == IP_VS_SO_SET_STARTDAEMON ||
> + cmd == IP_VS_SO_SET_STOPDAEMON) {
> + struct ip_vs_daemon_user *dm = (struct ip_vs_daemon_user *)arg;
> +
> + if (mutex_lock_interruptible(&ipvs->sync_mutex)) {
> + ret = -ERESTARTSYS;
> + goto out_dec;
> + }
> + if (cmd == IP_VS_SO_SET_STARTDAEMON)
> + ret = start_sync_thread(net, dm->state, dm->mcast_ifn,
> + dm->syncid);
> + else
> + ret = stop_sync_thread(net, dm->state);
> + mutex_unlock(&ipvs->sync_mutex);
> + goto out_dec;
> + }
> +
> if (mutex_lock_interruptible(&__ip_vs_mutex)) {
> ret = -ERESTARTSYS;
> goto out_dec;
> @@ -2317,15 +2336,6 @@ do_ip_vs_set_ctl(struct sock *sk, int cmd, void __user *user, unsigned int len)
> /* Set timeout values for (tcp tcpfin udp) */
> ret = ip_vs_set_timeout(net, (struct ip_vs_timeout_user *)arg);
> goto out_unlock;
> - } else if (cmd == IP_VS_SO_SET_STARTDAEMON) {
> - struct ip_vs_daemon_user *dm = (struct ip_vs_daemon_user *)arg;
> - ret = start_sync_thread(net, dm->state, dm->mcast_ifn,
> - dm->syncid);
> - goto out_unlock;
> - } else if (cmd == IP_VS_SO_SET_STOPDAEMON) {
> - struct ip_vs_daemon_user *dm = (struct ip_vs_daemon_user *)arg;
> - ret = stop_sync_thread(net, dm->state);
> - goto out_unlock;
> }
>
> usvc_compat = (struct ip_vs_service_user *)arg;
> @@ -2585,6 +2595,33 @@ do_ip_vs_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
>
> if (copy_from_user(arg, user, copylen) != 0)
> return -EFAULT;
> + /*
> + * Handle daemons first since it has its own locking
> + */
> + if (cmd == IP_VS_SO_GET_DAEMON) {
> + struct ip_vs_daemon_user d[2];
> +
> + memset(&d, 0, sizeof(d));
> + if (mutex_lock_interruptible(&ipvs->sync_mutex))
> + return -ERESTARTSYS;
> +
> + if (ipvs->sync_state & IP_VS_STATE_MASTER) {
> + d[0].state = IP_VS_STATE_MASTER;
> + strlcpy(d[0].mcast_ifn, ipvs->master_mcast_ifn,
> + sizeof(d[0].mcast_ifn));
> + d[0].syncid = ipvs->master_syncid;
> + }
> + if (ipvs->sync_state & IP_VS_STATE_BACKUP) {
> + d[1].state = IP_VS_STATE_BACKUP;
> + strlcpy(d[1].mcast_ifn, ipvs->backup_mcast_ifn,
> + sizeof(d[1].mcast_ifn));
> + d[1].syncid = ipvs->backup_syncid;
> + }
> + if (copy_to_user(user, &d, sizeof(d)) != 0)
> + ret = -EFAULT;
> + mutex_unlock(&ipvs->sync_mutex);
> + return ret;
> + }
>
> if (mutex_lock_interruptible(&__ip_vs_mutex))
> return -ERESTARTSYS;
> @@ -2682,28 +2719,6 @@ do_ip_vs_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
> }
> break;
>
> - case IP_VS_SO_GET_DAEMON:
> - {
> - struct ip_vs_daemon_user d[2];
> -
> - memset(&d, 0, sizeof(d));
> - if (ipvs->sync_state & IP_VS_STATE_MASTER) {
> - d[0].state = IP_VS_STATE_MASTER;
> - strlcpy(d[0].mcast_ifn, ipvs->master_mcast_ifn,
> - sizeof(d[0].mcast_ifn));
> - d[0].syncid = ipvs->master_syncid;
> - }
> - if (ipvs->sync_state & IP_VS_STATE_BACKUP) {
> - d[1].state = IP_VS_STATE_BACKUP;
> - strlcpy(d[1].mcast_ifn, ipvs->backup_mcast_ifn,
> - sizeof(d[1].mcast_ifn));
> - d[1].syncid = ipvs->backup_syncid;
> - }
> - if (copy_to_user(user, &d, sizeof(d)) != 0)
> - ret = -EFAULT;
> - }
> - break;
> -
> default:
> ret = -EINVAL;
> }
> @@ -3206,7 +3221,7 @@ static int ip_vs_genl_dump_daemons(struct sk_buff *skb,
> struct net *net = skb_sknet(skb);
> struct netns_ipvs *ipvs = net_ipvs(net);
>
> - mutex_lock(&__ip_vs_mutex);
> + mutex_lock(&ipvs->sync_mutex);
> if ((ipvs->sync_state & IP_VS_STATE_MASTER) && !cb->args[0]) {
> if (ip_vs_genl_dump_daemon(skb, IP_VS_STATE_MASTER,
> ipvs->master_mcast_ifn,
> @@ -3226,7 +3241,7 @@ static int ip_vs_genl_dump_daemons(struct sk_buff *skb,
> }
>
> nla_put_failure:
> - mutex_unlock(&__ip_vs_mutex);
> + mutex_unlock(&ipvs->sync_mutex);
>
> return skb->len;
> }
> @@ -3272,13 +3287,9 @@ static int ip_vs_genl_set_config(struct net *net, struct nlattr **attrs)
> return ip_vs_set_timeout(net, &t);
> }
>
> -static int ip_vs_genl_set_cmd(struct sk_buff *skb, struct genl_info *info)
> +static int ip_vs_genl_set_daemon(struct sk_buff *skb, struct genl_info *info)
> {
> - struct ip_vs_service *svc = NULL;
> - struct ip_vs_service_user_kern usvc;
> - struct ip_vs_dest_user_kern udest;
> int ret = 0, cmd;
> - int need_full_svc = 0, need_full_dest = 0;
> struct net *net;
> struct netns_ipvs *ipvs;
>
> @@ -3286,19 +3297,10 @@ static int ip_vs_genl_set_cmd(struct sk_buff *skb, struct genl_info *info)
> ipvs = net_ipvs(net);
> cmd = info->genlhdr->cmd;
>
> - mutex_lock(&__ip_vs_mutex);
> -
> - if (cmd == IPVS_CMD_FLUSH) {
> - ret = ip_vs_flush(net);
> - goto out;
> - } else if (cmd == IPVS_CMD_SET_CONFIG) {
> - ret = ip_vs_genl_set_config(net, info->attrs);
> - goto out;
> - } else if (cmd == IPVS_CMD_NEW_DAEMON ||
> - cmd == IPVS_CMD_DEL_DAEMON) {
> -
> + if (cmd == IPVS_CMD_NEW_DAEMON || cmd == IPVS_CMD_DEL_DAEMON) {
> struct nlattr *daemon_attrs[IPVS_DAEMON_ATTR_MAX + 1];
>
> + mutex_lock(&ipvs->sync_mutex);
> if (!info->attrs[IPVS_CMD_ATTR_DAEMON] ||
> nla_parse_nested(daemon_attrs, IPVS_DAEMON_ATTR_MAX,
> info->attrs[IPVS_CMD_ATTR_DAEMON],
> @@ -3311,6 +3313,33 @@ static int ip_vs_genl_set_cmd(struct sk_buff *skb, struct genl_info *info)
> ret = ip_vs_genl_new_daemon(net, daemon_attrs);
> else
> ret = ip_vs_genl_del_daemon(net, daemon_attrs);
> +out:
> + mutex_unlock(&ipvs->sync_mutex);
> + }
> + return ret;
> +}
> +
> +static int ip_vs_genl_set_cmd(struct sk_buff *skb, struct genl_info *info)
> +{
> + struct ip_vs_service *svc = NULL;
> + struct ip_vs_service_user_kern usvc;
> + struct ip_vs_dest_user_kern udest;
> + int ret = 0, cmd;
> + int need_full_svc = 0, need_full_dest = 0;
> + struct net *net;
> + struct netns_ipvs *ipvs;
> +
> + net = skb_sknet(skb);
> + ipvs = net_ipvs(net);
> + cmd = info->genlhdr->cmd;
> +
> + mutex_lock(&__ip_vs_mutex);
> +
> + if (cmd == IPVS_CMD_FLUSH) {
> + ret = ip_vs_flush(net);
> + goto out;
> + } else if (cmd == IPVS_CMD_SET_CONFIG) {
> + ret = ip_vs_genl_set_config(net, info->attrs);
> goto out;
> } else if (cmd == IPVS_CMD_ZERO &&
> !info->attrs[IPVS_CMD_ATTR_SERVICE]) {
> @@ -3537,13 +3566,13 @@ static struct genl_ops ip_vs_genl_ops[] __read_mostly = {
> .cmd = IPVS_CMD_NEW_DAEMON,
> .flags = GENL_ADMIN_PERM,
> .policy = ip_vs_cmd_policy,
> - .doit = ip_vs_genl_set_cmd,
> + .doit = ip_vs_genl_set_daemon,
> },
> {
> .cmd = IPVS_CMD_DEL_DAEMON,
> .flags = GENL_ADMIN_PERM,
> .policy = ip_vs_cmd_policy,
> - .doit = ip_vs_genl_set_cmd,
> + .doit = ip_vs_genl_set_daemon,
> },
> {
> .cmd = IPVS_CMD_GET_DAEMON,
> diff --git a/net/netfilter/ipvs/ip_vs_sync.c b/net/netfilter/ipvs/ip_vs_sync.c
> index 7ee7215..3cdd479 100644
> --- a/net/netfilter/ipvs/ip_vs_sync.c
> +++ b/net/netfilter/ipvs/ip_vs_sync.c
> @@ -61,6 +61,7 @@
>
> #define SYNC_PROTO_VER 1 /* Protocol version in header */
>
> +static struct lock_class_key __ipvs_sync_key;
> /*
> * IPVS sync connection entry
> * Version 0, i.e. original version.
> @@ -1545,6 +1546,7 @@ int start_sync_thread(struct net *net, int state, char *mcast_ifn, __u8 syncid)
> IP_VS_DBG(7, "Each ip_vs_sync_conn entry needs %Zd bytes\n",
> sizeof(struct ip_vs_sync_conn_v0));
>
> +
> if (state == IP_VS_STATE_MASTER) {
> if (ipvs->master_thread)
> return -EEXIST;
> @@ -1667,6 +1669,7 @@ int __net_init ip_vs_sync_net_init(struct net *net)
> {
> struct netns_ipvs *ipvs = net_ipvs(net);
>
> + __mutex_init(&ipvs->sync_mutex, "ipvs->sync_mutex", &__ipvs_sync_key);
> INIT_LIST_HEAD(&ipvs->sync_queue);
> spin_lock_init(&ipvs->sync_lock);
> spin_lock_init(&ipvs->sync_buff_lock);
> @@ -1680,7 +1683,9 @@ int __net_init ip_vs_sync_net_init(struct net *net)
> void ip_vs_sync_net_cleanup(struct net *net)
> {
> int retc;
> + struct netns_ipvs *ipvs = net_ipvs(net);
>
> + mutex_lock(&ipvs->sync_mutex);
> retc = stop_sync_thread(net, IP_VS_STATE_MASTER);
> if (retc && retc != -ESRCH)
> pr_err("Failed to stop Master Daemon\n");
> @@ -1688,4 +1693,5 @@ void ip_vs_sync_net_cleanup(struct net *net)
> retc = stop_sync_thread(net, IP_VS_STATE_BACKUP);
> if (retc && retc != -ESRCH)
> pr_err("Failed to stop Backup Daemon\n");
> + mutex_unlock(&ipvs->sync_mutex);
> }
> --
> 1.7.4.4
Regards
--
Julian Anastasov <ja@ssi.bg>
^ permalink raw reply
* Re: [PATCH v4 3/8] foundations of per-cgroup memory pressure controlling.
From: Glauber Costa @ 2011-10-04 7:13 UTC (permalink / raw)
To: KAMEZAWA Hiroyuki
Cc: linux-kernel, paul, lizf, ebiederm, davem, gthelen, netdev,
linux-mm, kirill, avagin
In-Reply-To: <20111004095715.479da44d.kamezawa.hiroyu@jp.fujitsu.com>
On 10/04/2011 04:57 AM, KAMEZAWA Hiroyuki wrote:
> On Mon, 3 Oct 2011 14:18:38 +0400
> Glauber Costa<glommer@parallels.com> wrote:
>
>> This patch converts struct sock fields memory_pressure,
>> memory_allocated, sockets_allocated, and sysctl_mem (now prot_mem)
>> to function pointers, receiving a struct mem_cgroup parameter.
>>
>> enter_memory_pressure is kept the same, since all its callers
>> have socket a context, and the kmem_cgroup can be derived from
>> the socket itself.
>>
>> To keep things working, the patch convert all users of those fields
>> to use acessor functions.
>>
>> In my benchmarks I didn't see a significant performance difference
>> with this patch applied compared to a baseline (around 1 % diff, thus
>> inside error margin).
>>
>> Signed-off-by: Glauber Costa<glommer@parallels.com>
>> CC: David S. Miller<davem@davemloft.net>
>> CC: Hiroyouki Kamezawa<kamezawa.hiroyu@jp.fujitsu.com>
>> CC: Eric W. Biederman<ebiederm@xmission.com>
>
> A nitpick.
>
>
>> #ifdef CONFIG_INET
>> struct sock;
>> +struct proto;
>> #ifdef CONFIG_CGROUP_MEM_RES_CTLR_KMEM
>> void sock_update_memcg(struct sock *sk);
>> void sock_release_memcg(struct sock *sk);
>> -
>> +void memcg_sock_mem_alloc(struct mem_cgroup *mem, struct proto *prot,
>> + int amt, int *parent_failure);
>> +void memcg_sock_mem_free(struct mem_cgroup *mem, struct proto *prot, int amt);
>> +void memcg_sockets_allocated_dec(struct mem_cgroup *mem, struct proto *prot);
>> +void memcg_sockets_allocated_inc(struct mem_cgroup *mem, struct proto *prot);
>> #else
>> +/* memcontrol includes sockets.h, that includes memcontrol.h ... */
>> +static inline void memcg_sock_mem_alloc(struct mem_cgroup *mem,
>> + struct proto *prot, int amt,
>> + int *parent_failure)
>> +{
>> +}
>
> In these days, at naming memory cgroup pointers, we use "memcg" instead of
> "mem". So, could you use "memcg" for represeinting memory cgroup ?
>
>
>> +
>> +void memcg_sock_mem_alloc(struct mem_cgroup *mem, struct proto *prot,
>> + int amt, int *parent_failure)
>> +{
>> + mem = parent_mem_cgroup(mem);
>> + for (; mem != NULL; mem = parent_mem_cgroup(mem)) {
>> + long alloc;
>> + long *prot_mem = prot->prot_mem(mem);
>> + /*
>> + * Large nestings are not the common case, and stopping in the
>> + * middle would be complicated enough, that we bill it all the
>> + * way through the root, and if needed, unbill everything later
>> + */
>> + alloc = atomic_long_add_return(amt,
>> + prot->memory_allocated(mem));
>> + *parent_failure |= (alloc> prot_mem[2]);
>> + }
>> +}
>> +EXPORT_SYMBOL(memcg_sock_mem_alloc);
>
> Hmm. why not using res_counter ? for reusing 'unbill' code ?
>
> Thanks,
> -Kame
>
Well, besides the cost, we'd have atomic_t for !cgroups, and res_counter
for cgroups. I think there is value in keeping them the same.
^ permalink raw reply
* [PATCH 2/2] IPVS netns shutdown/startup dead-lock (Take III)
From: Hans Schillstrom @ 2011-10-04 6:53 UTC (permalink / raw)
To: horms, ja, wensong, lvs-devel, netdev, netfilter-devel; +Cc: hans
From: Hans Schillstrom <hans@schillstrom.com>
ip_vs_mutext is used by both netns shutdown code and startup
and both implicit uses sk_lock-AF_INET mutex.
cleanup CPU-1 startup CPU-2
ip_vs_dst_event() ip_vs_genl_set_cmd()
sk_lock-AF_INET __ip_vs_mutex
sk_lock-AF_INET
__ip_vs_mutex
* DEAD LOCK *
A new mutex placed in ip_vs netns struct called sync_mutex is added.
Comments from Julian and Simon added.
This patch has been running for more than 3 month now and it seems to work.
Ver. 3
IP_VS_SO_GET_DAEMON in do_ip_vs_get_ctl protected by sync_mutex
instead of __ip_vs_mutex as sugested by Julian.
Signed-off-by: Hans Schillstrom <hans@schillstrom.com>
---
include/net/ip_vs.h | 1 +
net/netfilter/ipvs/ip_vs_ctl.c | 131 ++++++++++++++++++++++++---------------
net/netfilter/ipvs/ip_vs_sync.c | 6 ++
3 files changed, 87 insertions(+), 51 deletions(-)
diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h
index 1aaf915..8fa4430 100644
--- a/include/net/ip_vs.h
+++ b/include/net/ip_vs.h
@@ -900,6 +900,7 @@ struct netns_ipvs {
volatile int sync_state;
volatile int master_syncid;
volatile int backup_syncid;
+ struct mutex sync_mutex;
/* multicast interface name */
char master_mcast_ifn[IP_VS_IFNAME_MAXLEN];
char backup_mcast_ifn[IP_VS_IFNAME_MAXLEN];
diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
index a1af72f..c77b5a0 100644
--- a/net/netfilter/ipvs/ip_vs_ctl.c
+++ b/net/netfilter/ipvs/ip_vs_ctl.c
@@ -2284,6 +2284,7 @@ do_ip_vs_set_ctl(struct sock *sk, int cmd, void __user *user, unsigned int len)
struct ip_vs_service *svc;
struct ip_vs_dest_user *udest_compat;
struct ip_vs_dest_user_kern udest;
+ struct netns_ipvs *ipvs = net_ipvs(net);
if (!capable(CAP_NET_ADMIN))
return -EPERM;
@@ -2304,6 +2305,24 @@ do_ip_vs_set_ctl(struct sock *sk, int cmd, void __user *user, unsigned int len)
/* increase the module use count */
ip_vs_use_count_inc();
+ /* Handle daemons since they have another lock */
+ if (cmd == IP_VS_SO_SET_STARTDAEMON ||
+ cmd == IP_VS_SO_SET_STOPDAEMON) {
+ struct ip_vs_daemon_user *dm = (struct ip_vs_daemon_user *)arg;
+
+ if (mutex_lock_interruptible(&ipvs->sync_mutex)) {
+ ret = -ERESTARTSYS;
+ goto out_dec;
+ }
+ if (cmd == IP_VS_SO_SET_STARTDAEMON)
+ ret = start_sync_thread(net, dm->state, dm->mcast_ifn,
+ dm->syncid);
+ else
+ ret = stop_sync_thread(net, dm->state);
+ mutex_unlock(&ipvs->sync_mutex);
+ goto out_dec;
+ }
+
if (mutex_lock_interruptible(&__ip_vs_mutex)) {
ret = -ERESTARTSYS;
goto out_dec;
@@ -2317,15 +2336,6 @@ do_ip_vs_set_ctl(struct sock *sk, int cmd, void __user *user, unsigned int len)
/* Set timeout values for (tcp tcpfin udp) */
ret = ip_vs_set_timeout(net, (struct ip_vs_timeout_user *)arg);
goto out_unlock;
- } else if (cmd == IP_VS_SO_SET_STARTDAEMON) {
- struct ip_vs_daemon_user *dm = (struct ip_vs_daemon_user *)arg;
- ret = start_sync_thread(net, dm->state, dm->mcast_ifn,
- dm->syncid);
- goto out_unlock;
- } else if (cmd == IP_VS_SO_SET_STOPDAEMON) {
- struct ip_vs_daemon_user *dm = (struct ip_vs_daemon_user *)arg;
- ret = stop_sync_thread(net, dm->state);
- goto out_unlock;
}
usvc_compat = (struct ip_vs_service_user *)arg;
@@ -2585,6 +2595,33 @@ do_ip_vs_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
if (copy_from_user(arg, user, copylen) != 0)
return -EFAULT;
+ /*
+ * Handle daemons first since it has its own locking
+ */
+ if (cmd == IP_VS_SO_GET_DAEMON) {
+ struct ip_vs_daemon_user d[2];
+
+ memset(&d, 0, sizeof(d));
+ if (mutex_lock_interruptible(&ipvs->sync_mutex))
+ return -ERESTARTSYS;
+
+ if (ipvs->sync_state & IP_VS_STATE_MASTER) {
+ d[0].state = IP_VS_STATE_MASTER;
+ strlcpy(d[0].mcast_ifn, ipvs->master_mcast_ifn,
+ sizeof(d[0].mcast_ifn));
+ d[0].syncid = ipvs->master_syncid;
+ }
+ if (ipvs->sync_state & IP_VS_STATE_BACKUP) {
+ d[1].state = IP_VS_STATE_BACKUP;
+ strlcpy(d[1].mcast_ifn, ipvs->backup_mcast_ifn,
+ sizeof(d[1].mcast_ifn));
+ d[1].syncid = ipvs->backup_syncid;
+ }
+ if (copy_to_user(user, &d, sizeof(d)) != 0)
+ ret = -EFAULT;
+ mutex_unlock(&ipvs->sync_mutex);
+ return ret;
+ }
if (mutex_lock_interruptible(&__ip_vs_mutex))
return -ERESTARTSYS;
@@ -2682,28 +2719,6 @@ do_ip_vs_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
}
break;
- case IP_VS_SO_GET_DAEMON:
- {
- struct ip_vs_daemon_user d[2];
-
- memset(&d, 0, sizeof(d));
- if (ipvs->sync_state & IP_VS_STATE_MASTER) {
- d[0].state = IP_VS_STATE_MASTER;
- strlcpy(d[0].mcast_ifn, ipvs->master_mcast_ifn,
- sizeof(d[0].mcast_ifn));
- d[0].syncid = ipvs->master_syncid;
- }
- if (ipvs->sync_state & IP_VS_STATE_BACKUP) {
- d[1].state = IP_VS_STATE_BACKUP;
- strlcpy(d[1].mcast_ifn, ipvs->backup_mcast_ifn,
- sizeof(d[1].mcast_ifn));
- d[1].syncid = ipvs->backup_syncid;
- }
- if (copy_to_user(user, &d, sizeof(d)) != 0)
- ret = -EFAULT;
- }
- break;
-
default:
ret = -EINVAL;
}
@@ -3206,7 +3221,7 @@ static int ip_vs_genl_dump_daemons(struct sk_buff *skb,
struct net *net = skb_sknet(skb);
struct netns_ipvs *ipvs = net_ipvs(net);
- mutex_lock(&__ip_vs_mutex);
+ mutex_lock(&ipvs->sync_mutex);
if ((ipvs->sync_state & IP_VS_STATE_MASTER) && !cb->args[0]) {
if (ip_vs_genl_dump_daemon(skb, IP_VS_STATE_MASTER,
ipvs->master_mcast_ifn,
@@ -3226,7 +3241,7 @@ static int ip_vs_genl_dump_daemons(struct sk_buff *skb,
}
nla_put_failure:
- mutex_unlock(&__ip_vs_mutex);
+ mutex_unlock(&ipvs->sync_mutex);
return skb->len;
}
@@ -3272,13 +3287,9 @@ static int ip_vs_genl_set_config(struct net *net, struct nlattr **attrs)
return ip_vs_set_timeout(net, &t);
}
-static int ip_vs_genl_set_cmd(struct sk_buff *skb, struct genl_info *info)
+static int ip_vs_genl_set_daemon(struct sk_buff *skb, struct genl_info *info)
{
- struct ip_vs_service *svc = NULL;
- struct ip_vs_service_user_kern usvc;
- struct ip_vs_dest_user_kern udest;
int ret = 0, cmd;
- int need_full_svc = 0, need_full_dest = 0;
struct net *net;
struct netns_ipvs *ipvs;
@@ -3286,19 +3297,10 @@ static int ip_vs_genl_set_cmd(struct sk_buff *skb, struct genl_info *info)
ipvs = net_ipvs(net);
cmd = info->genlhdr->cmd;
- mutex_lock(&__ip_vs_mutex);
-
- if (cmd == IPVS_CMD_FLUSH) {
- ret = ip_vs_flush(net);
- goto out;
- } else if (cmd == IPVS_CMD_SET_CONFIG) {
- ret = ip_vs_genl_set_config(net, info->attrs);
- goto out;
- } else if (cmd == IPVS_CMD_NEW_DAEMON ||
- cmd == IPVS_CMD_DEL_DAEMON) {
-
+ if (cmd == IPVS_CMD_NEW_DAEMON || cmd == IPVS_CMD_DEL_DAEMON) {
struct nlattr *daemon_attrs[IPVS_DAEMON_ATTR_MAX + 1];
+ mutex_lock(&ipvs->sync_mutex);
if (!info->attrs[IPVS_CMD_ATTR_DAEMON] ||
nla_parse_nested(daemon_attrs, IPVS_DAEMON_ATTR_MAX,
info->attrs[IPVS_CMD_ATTR_DAEMON],
@@ -3311,6 +3313,33 @@ static int ip_vs_genl_set_cmd(struct sk_buff *skb, struct genl_info *info)
ret = ip_vs_genl_new_daemon(net, daemon_attrs);
else
ret = ip_vs_genl_del_daemon(net, daemon_attrs);
+out:
+ mutex_unlock(&ipvs->sync_mutex);
+ }
+ return ret;
+}
+
+static int ip_vs_genl_set_cmd(struct sk_buff *skb, struct genl_info *info)
+{
+ struct ip_vs_service *svc = NULL;
+ struct ip_vs_service_user_kern usvc;
+ struct ip_vs_dest_user_kern udest;
+ int ret = 0, cmd;
+ int need_full_svc = 0, need_full_dest = 0;
+ struct net *net;
+ struct netns_ipvs *ipvs;
+
+ net = skb_sknet(skb);
+ ipvs = net_ipvs(net);
+ cmd = info->genlhdr->cmd;
+
+ mutex_lock(&__ip_vs_mutex);
+
+ if (cmd == IPVS_CMD_FLUSH) {
+ ret = ip_vs_flush(net);
+ goto out;
+ } else if (cmd == IPVS_CMD_SET_CONFIG) {
+ ret = ip_vs_genl_set_config(net, info->attrs);
goto out;
} else if (cmd == IPVS_CMD_ZERO &&
!info->attrs[IPVS_CMD_ATTR_SERVICE]) {
@@ -3537,13 +3566,13 @@ static struct genl_ops ip_vs_genl_ops[] __read_mostly = {
.cmd = IPVS_CMD_NEW_DAEMON,
.flags = GENL_ADMIN_PERM,
.policy = ip_vs_cmd_policy,
- .doit = ip_vs_genl_set_cmd,
+ .doit = ip_vs_genl_set_daemon,
},
{
.cmd = IPVS_CMD_DEL_DAEMON,
.flags = GENL_ADMIN_PERM,
.policy = ip_vs_cmd_policy,
- .doit = ip_vs_genl_set_cmd,
+ .doit = ip_vs_genl_set_daemon,
},
{
.cmd = IPVS_CMD_GET_DAEMON,
diff --git a/net/netfilter/ipvs/ip_vs_sync.c b/net/netfilter/ipvs/ip_vs_sync.c
index 7ee7215..3cdd479 100644
--- a/net/netfilter/ipvs/ip_vs_sync.c
+++ b/net/netfilter/ipvs/ip_vs_sync.c
@@ -61,6 +61,7 @@
#define SYNC_PROTO_VER 1 /* Protocol version in header */
+static struct lock_class_key __ipvs_sync_key;
/*
* IPVS sync connection entry
* Version 0, i.e. original version.
@@ -1545,6 +1546,7 @@ int start_sync_thread(struct net *net, int state, char *mcast_ifn, __u8 syncid)
IP_VS_DBG(7, "Each ip_vs_sync_conn entry needs %Zd bytes\n",
sizeof(struct ip_vs_sync_conn_v0));
+
if (state == IP_VS_STATE_MASTER) {
if (ipvs->master_thread)
return -EEXIST;
@@ -1667,6 +1669,7 @@ int __net_init ip_vs_sync_net_init(struct net *net)
{
struct netns_ipvs *ipvs = net_ipvs(net);
+ __mutex_init(&ipvs->sync_mutex, "ipvs->sync_mutex", &__ipvs_sync_key);
INIT_LIST_HEAD(&ipvs->sync_queue);
spin_lock_init(&ipvs->sync_lock);
spin_lock_init(&ipvs->sync_buff_lock);
@@ -1680,7 +1683,9 @@ int __net_init ip_vs_sync_net_init(struct net *net)
void ip_vs_sync_net_cleanup(struct net *net)
{
int retc;
+ struct netns_ipvs *ipvs = net_ipvs(net);
+ mutex_lock(&ipvs->sync_mutex);
retc = stop_sync_thread(net, IP_VS_STATE_MASTER);
if (retc && retc != -ESRCH)
pr_err("Failed to stop Master Daemon\n");
@@ -1688,4 +1693,5 @@ void ip_vs_sync_net_cleanup(struct net *net)
retc = stop_sync_thread(net, IP_VS_STATE_BACKUP);
if (retc && retc != -ESRCH)
pr_err("Failed to stop Backup Daemon\n");
+ mutex_unlock(&ipvs->sync_mutex);
}
--
1.7.4.4
^ permalink raw reply related
* Re: [PATCH v4 3/8] foundations of per-cgroup memory pressure controlling.
From: Glauber Costa @ 2011-10-04 6:32 UTC (permalink / raw)
To: KAMEZAWA Hiroyuki
Cc: linux-kernel, paul, lizf, ebiederm, davem, gthelen, netdev,
linux-mm, kirill, avagin
In-Reply-To: <20111004095715.479da44d.kamezawa.hiroyu@jp.fujitsu.com>
On 10/04/2011 04:57 AM, KAMEZAWA Hiroyuki wrote:
> On Mon, 3 Oct 2011 14:18:38 +0400
> Glauber Costa<glommer@parallels.com> wrote:
>
>> This patch converts struct sock fields memory_pressure,
>> memory_allocated, sockets_allocated, and sysctl_mem (now prot_mem)
>> to function pointers, receiving a struct mem_cgroup parameter.
>>
>> enter_memory_pressure is kept the same, since all its callers
>> have socket a context, and the kmem_cgroup can be derived from
>> the socket itself.
>>
>> To keep things working, the patch convert all users of those fields
>> to use acessor functions.
>>
>> In my benchmarks I didn't see a significant performance difference
>> with this patch applied compared to a baseline (around 1 % diff, thus
>> inside error margin).
>>
>> Signed-off-by: Glauber Costa<glommer@parallels.com>
>> CC: David S. Miller<davem@davemloft.net>
>> CC: Hiroyouki Kamezawa<kamezawa.hiroyu@jp.fujitsu.com>
>> CC: Eric W. Biederman<ebiederm@xmission.com>
>
> A nitpick.
>
>
>> #ifdef CONFIG_INET
>> struct sock;
>> +struct proto;
>> #ifdef CONFIG_CGROUP_MEM_RES_CTLR_KMEM
>> void sock_update_memcg(struct sock *sk);
>> void sock_release_memcg(struct sock *sk);
>> -
>> +void memcg_sock_mem_alloc(struct mem_cgroup *mem, struct proto *prot,
>> + int amt, int *parent_failure);
>> +void memcg_sock_mem_free(struct mem_cgroup *mem, struct proto *prot, int amt);
>> +void memcg_sockets_allocated_dec(struct mem_cgroup *mem, struct proto *prot);
>> +void memcg_sockets_allocated_inc(struct mem_cgroup *mem, struct proto *prot);
>> #else
>> +/* memcontrol includes sockets.h, that includes memcontrol.h ... */
>> +static inline void memcg_sock_mem_alloc(struct mem_cgroup *mem,
>> + struct proto *prot, int amt,
>> + int *parent_failure)
>> +{
>> +}
>
> In these days, at naming memory cgroup pointers, we use "memcg" instead of
> "mem". So, could you use "memcg" for represeinting memory cgroup ?
>
>
>> +
>> +void memcg_sock_mem_alloc(struct mem_cgroup *mem, struct proto *prot,
>> + int amt, int *parent_failure)
>> +{
>> + mem = parent_mem_cgroup(mem);
>> + for (; mem != NULL; mem = parent_mem_cgroup(mem)) {
>> + long alloc;
>> + long *prot_mem = prot->prot_mem(mem);
>> + /*
>> + * Large nestings are not the common case, and stopping in the
>> + * middle would be complicated enough, that we bill it all the
>> + * way through the root, and if needed, unbill everything later
>> + */
>> + alloc = atomic_long_add_return(amt,
>> + prot->memory_allocated(mem));
>> + *parent_failure |= (alloc> prot_mem[2]);
>> + }
>> +}
>> +EXPORT_SYMBOL(memcg_sock_mem_alloc);
>
> Hmm. why not using res_counter ? for reusing 'unbill' code ?
>
Well,
res_counters are slightly more expensive than needed here, since we need
to clear interrupts and hold a spinlock. No particular reason besides it.
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Fight unfair telecom internet charges in Canada: sign http://stopthemeter.ca/
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply
* Re: [PATCH v4 6/8] tcp buffer limitation: per-cgroup limit
From: Glauber Costa @ 2011-10-04 6:22 UTC (permalink / raw)
To: KAMEZAWA Hiroyuki
Cc: linux-kernel, paul, lizf, ebiederm, davem, gthelen, netdev,
linux-mm, kirill, avagin
In-Reply-To: <20111004102114.08b06ae8.kamezawa.hiroyu@jp.fujitsu.com>
On 10/04/2011 05:21 AM, KAMEZAWA Hiroyuki wrote:
> On Mon, 3 Oct 2011 14:18:41 +0400
> Glauber Costa<glommer@parallels.com> wrote:
>
>> This patch uses the "tcp_max_mem" field of the kmem_cgroup to
>> effectively control the amount of kernel memory pinned by a cgroup.
>>
>> We have to make sure that none of the memory pressure thresholds
>> specified in the namespace are bigger than the current cgroup.
>>
>> Signed-off-by: Glauber Costa<glommer@parallels.com>
>> CC: David S. Miller<davem@davemloft.net>
>> CC: Hiroyouki Kamezawa<kamezawa.hiroyu@jp.fujitsu.com>
>> CC: Eric W. Biederman<ebiederm@xmission.com>
>> ---
>> Documentation/cgroups/memory.txt | 1 +
>> include/linux/memcontrol.h | 10 +++++
>> include/net/tcp.h | 1 +
>> mm/memcontrol.c | 76 +++++++++++++++++++++++++++++++++++---
>> net/ipv4/sysctl_net_ipv4.c | 20 ++++++++++
>> 5 files changed, 102 insertions(+), 6 deletions(-)
>>
>> diff --git a/Documentation/cgroups/memory.txt b/Documentation/cgroups/memory.txt
>> index 6f1954a..1ffde3e 100644
>> --- a/Documentation/cgroups/memory.txt
>> +++ b/Documentation/cgroups/memory.txt
>> @@ -78,6 +78,7 @@ Brief summary of control files.
>>
>> memory.independent_kmem_limit # select whether or not kernel memory limits are
>> independent of user limits
>> + memory.kmem.tcp.max_memory # set/show hard limit for tcp buf memory
>>
>
> What is the releationship between tcp.max_memory and kmem_limit ?
Quite loose.
> tcp.max_memory< kmem_limit ?
> usage of tcp memory is included in kmem usage ?
tcp.max_memory is < kmem_limit, for it to be meaningful. But I don't
think we need to force that. I may want to start with a high value for
tcp_max_memory and low on kmem_limit, and raise it later.
So here is how it goes:
Memory is allocated from the slab, and then it's usage is independently
controlled by the network-specific memory pressure conditions until it
is reclaimed.
Memory allocation can succeed, but then fail to be assigned to the
socket due to memory pressure.
Since we more or less agree that on accounting the slab according to
Greg's idea, I am not concerning myself with the actual accounting here,
since it will come for free when we account the slab.
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Fight unfair telecom internet charges in Canada: sign http://stopthemeter.ca/
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply
* linux-next: manual merge of the staging tree with the net and wireless trees
From: Stephen Rothwell @ 2011-10-04 6:14 UTC (permalink / raw)
To: Greg KH
Cc: linux-next, linux-kernel, Eliad Peller, John W. Linville,
David Miller, netdev
[-- Attachment #1: Type: text/plain, Size: 608 bytes --]
Hi Greg,
Today's linux-next merge of the staging tree got a conflict in
drivers/staging/brcm80211/brcmsmac/mac80211_if.c between commit
37a41b4affa3 ("mac80211: add ieee80211_vif param to tsf functions") from
the net tree, commit 8a3a3c85e44d ("mac80211: pass vif param to conf_tx()
callback") from the wireless tree and several commits from the staging
tree.
I fixed it up (just removed the forward declarions that were changed by
the former commits) and can carry the fix as necessary.
--
Cheers,
Stephen Rothwell sfr@canb.auug.org.au
http://www.canb.auug.org.au/~sfr/
[-- Attachment #2: Type: application/pgp-signature, Size: 836 bytes --]
^ permalink raw reply
* Re: [PATCH] mlx4_en: fix transmit of packages when blue frame is enabled
From: Benjamin Herrenschmidt @ 2011-10-04 6:02 UTC (permalink / raw)
To: Thadeu Lima de Souza Cascardo
Cc: Yevgeny Petrilin, netdev@vger.kernel.org, Eli Cohen,
eli@dev.mellanox.co.il, linuxppc-dev
In-Reply-To: <20111003205358.GB3596@oc1711230544.ibm.com>
On Mon, 2011-10-03 at 17:53 -0300, Thadeu Lima de Souza Cascardo wrote:
.../...
> > Can you also send me the output of ethtool -i?
> > It seems that there is a problem with write combining on Power processors, we will check this issue.
> >
> > Yevgeny
>
> Hello, Yevgeny.
>
> You will find the output of ethtool -i below.
>
> I am copying Ben and powerpc list, in case this is an issue with Power
> processors. They can provide us some more insight into this.
May I get some background please ? :-)
I'm not aware of a specific issue with write combining but I'd need to
know more about what you are doing and the code to do it to comment on
whether it should work or not.
Cheers,
Ben.
^ permalink raw reply
* [PATCH net-next] ipv6: remove a rcu_read_lock in ndisc_constructor
From: rongqing.li @ 2011-10-04 5:43 UTC (permalink / raw)
To: netdev
From: Roy.Li <rongqing.li@windriver.com>
in6_dev_get(dev) takes a reference on struct inet6_dev, we dont need
rcu locking in ndisc_constructor()
Signed-off-by: Roy.Li <rongqing.li@windriver.com>
---
net/ipv6/ndisc.c | 3 ---
1 files changed, 0 insertions(+), 3 deletions(-)
diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c
index 9da6e02..dd633ff 100644
--- a/net/ipv6/ndisc.c
+++ b/net/ipv6/ndisc.c
@@ -370,17 +370,14 @@ static int ndisc_constructor(struct neighbour *neigh)
struct neigh_parms *parms;
int is_multicast = ipv6_addr_is_multicast(addr);
- rcu_read_lock();
in6_dev = in6_dev_get(dev);
if (in6_dev == NULL) {
- rcu_read_unlock();
return -EINVAL;
}
parms = in6_dev->nd_parms;
__neigh_parms_put(neigh->parms);
neigh->parms = neigh_parms_clone(parms);
- rcu_read_unlock();
neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
if (!dev->header_ops) {
--
1.7.1
^ permalink raw reply related
* Re: [PATCH v4 4/8] per-cgroup tcp buffers control
From: Glauber Costa @ 2011-10-04 5:43 UTC (permalink / raw)
To: KAMEZAWA Hiroyuki
Cc: linux-kernel, paul, lizf, ebiederm, davem, gthelen, netdev,
linux-mm, kirill, avagin
In-Reply-To: <20111004101633.6b44201d.kamezawa.hiroyu@jp.fujitsu.com>
On 10/04/2011 05:16 AM, KAMEZAWA Hiroyuki wrote:
> It seems memcg->tcp.tcp_memory_pressure has no locks and not atomic.
>
> no problematic race ?
>
> Thanks,
> -Kame
Well,
prior to this patch, it was a global variable. And nobody complained so
far...
My impression is that the only thing that really needs to be atomic is
the memory accounting, which is already. If we miss a memory pressure
condition entry, we'll get to it next time.
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Fight unfair telecom internet charges in Canada: sign http://stopthemeter.ca/
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply
* Re: [PATCH] SELinux: Fix RCU deref check warning in sel_netport_insert()
From: Eric Dumazet @ 2011-10-04 4:22 UTC (permalink / raw)
To: Paul Moore; +Cc: David Howells, selinux, netdev
In-Reply-To: <2230709.7n5noARWFd@sifl>
Le lundi 03 octobre 2011 à 17:30 -0400, Paul Moore a écrit :
> On Monday, October 03, 2011 02:58:24 PM David Howells wrote:
> > Fix the following bug in sel_netport_insert() where rcu_dereference() should
> > be rcu_dereference_protected() as sel_netport_lock is held.
> >
> > ===================================================
> > [ INFO: suspicious rcu_dereference_check() usage. ]
> > ---------------------------------------------------
> > security/selinux/netport.c:127 invoked rcu_dereference_check() without
> > protection!
> >
> > other info that might help us debug this:
> >
> >
> > rcu_scheduler_active = 1, debug_locks = 0
> > 1 lock held by ossec-rootcheck/3323:
> > #0: (sel_netport_lock){+.....}, at: [<ffffffff8117d775>]
> > sel_netport_sid+0xbb/0x226
> >
> > stack backtrace:
> > Pid: 3323, comm: ossec-rootcheck Not tainted 3.1.0-rc8-fsdevel+ #1095
> > Call Trace:
> > [<ffffffff8105cfb7>] lockdep_rcu_dereference+0xa7/0xb0
> > [<ffffffff8117d871>] sel_netport_sid+0x1b7/0x226
> > [<ffffffff8117d6ba>] ? sel_netport_avc_callback+0xbc/0xbc
> > [<ffffffff8117556c>] selinux_socket_bind+0x115/0x230
> > [<ffffffff810a5388>] ? might_fault+0x4e/0x9e
> > [<ffffffff810a53d1>] ? might_fault+0x97/0x9e
> > [<ffffffff81171cf4>] security_socket_bind+0x11/0x13
> > [<ffffffff812ba967>] sys_bind+0x56/0x95
> > [<ffffffff81380dac>] ? sysret_check+0x27/0x62
> > [<ffffffff8105b767>] ? trace_hardirqs_on_caller+0x11e/0x155
> > [<ffffffff81076fcd>] ? audit_syscall_entry+0x17b/0x1ae
> > [<ffffffff811b5eae>] ? trace_hardirqs_on_thunk+0x3a/0x3f
> > [<ffffffff81380d7b>] system_call_fastpath+0x16/0x1b
> >
> > Signed-off-by: David Howells <dhowells@redhat.com>
> > ---
> >
> > security/selinux/netport.c | 4 +++-
> > 1 files changed, 3 insertions(+), 1 deletions(-)
>
> We should probably do the same for the security/selinux/netif.c as it uses the
> same logic; David is this something you want to tackle?
>
> Acked-by: Paul Moore <paul@paul-moore.com>
>
> > diff --git a/security/selinux/netport.c b/security/selinux/netport.c
> > index 0b62bd1..39e2138 100644
> > --- a/security/selinux/netport.c
> > +++ b/security/selinux/netport.c
> > @@ -123,7 +123,9 @@ static void sel_netport_insert(struct sel_netport *port)
> > if (sel_netport_hash[idx].size == SEL_NETPORT_HASH_BKT_LIMIT) {
> > struct sel_netport *tail;
> > tail = list_entry(
> > - rcu_dereference(sel_netport_hash[idx].list.prev),
> > + rcu_dereference_protected(
> > + sel_netport_hash[idx].list.prev,
> > + spin_is_locked(&sel_netport_lock)),
Usual way is to use :
rcu_dereference_protected(
sel_netport_hash[idx].list.prev,
lockdep_is_held(&sel_netport_lock)),
^ permalink raw reply
* [PATCH 1/2] bridge: leave carrier on for empty bridge
From: Stephen Hemminger @ 2011-10-04 4:14 UTC (permalink / raw)
To: David S. Miller; +Cc: netdev
In-Reply-To: <20111004041444.793960297@vyatta.com>
[-- Attachment #1: br-carrier-default.patch --]
[-- Type: text/plain, Size: 1058 bytes --]
This resolves a regression seen by some users of bridging.
Some users use the bridge like a dummy device.
They expect to be able to put an IPv6 address on the device
with no ports attached. Although there are better ways of doing
this, there is no reason to not allow it.
Note: the bridge still will reflect the state of ports in the
bridge if there are any added.
Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>
---
This fix needs to go to stable as well since it has
been reported as a regression.
--- a/net/bridge/br_device.c 2011-09-01 08:52:27.596631192 -0700
+++ b/net/bridge/br_device.c 2011-09-01 09:01:03.256611801 -0700
@@ -91,7 +91,6 @@ static int br_dev_open(struct net_device
{
struct net_bridge *br = netdev_priv(dev);
- netif_carrier_off(dev);
netdev_update_features(dev);
netif_start_queue(dev);
br_stp_enable_bridge(br);
@@ -108,8 +107,6 @@ static int br_dev_stop(struct net_device
{
struct net_bridge *br = netdev_priv(dev);
- netif_carrier_off(dev);
-
br_stp_disable_bridge(br);
br_multicast_stop(br);
^ permalink raw reply
* [PATCH 2/2] bridge: allow forwarding some link local frames
From: Stephen Hemminger @ 2011-10-04 4:14 UTC (permalink / raw)
To: David S. Miller; +Cc: netdev
In-Reply-To: <20111004041444.793960297@vyatta.com>
[-- Attachment #1: bridge-multicast-filter.patch --]
[-- Type: text/plain, Size: 5475 bytes --]
This is based on an earlier patch by Nick Carter with comments
by David Lamparter but with some refinements. Thanks for their patience
this is a confusing area with overlap of standards, user requirements,
and compatibility with earlier releases.
It adds a new sysfs attribute
/sys/class/net/brX/bridge/group_fwd_mask
that controls forwarding of frames with address of: 01-80-C2-00-00-0X
The default setting has no forwarding to retain compatibility.
One change from earlier releases is that forwarding of group
addresses is not dependent on STP being enabled or disabled. This
choice was made based on interpretation of tie 802.1 standards.
I expect complaints will arise because of this, but better to follow
the standard than continue acting incorrectly by default.
The filtering mask is writeable, but only values that don't forward
known control frames are allowed. It intentionally blocks attempts
to filter control protocols. For example: writing a 8 allows
forwarding 802.1X PAE addresses which is the most common request.
Reported-by: David Lamparter <equinox@diac24.net>
Original-patch-by: Nick Carter <ncarter100@gmail.com>
Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>
---
net/bridge/br_device.c | 2 ++
net/bridge/br_input.c | 12 ++++++------
net/bridge/br_private.h | 11 +++++++++++
net/bridge/br_sysfs_br.c | 34 ++++++++++++++++++++++++++++++++++
4 files changed, 53 insertions(+), 6 deletions(-)
--- a/net/bridge/br_device.c 2011-10-03 11:08:42.648254251 -0700
+++ b/net/bridge/br_device.c 2011-10-03 11:08:43.932271613 -0700
@@ -358,6 +358,8 @@ void br_dev_setup(struct net_device *dev
memcpy(br->group_addr, br_group_address, ETH_ALEN);
br->stp_enabled = BR_NO_STP;
+ br->group_fwd_mask = BR_GROUPFWD_DEFAULT;
+
br->designated_root = br->bridge_id;
br->bridge_max_age = br->max_age = 20 * HZ;
br->bridge_hello_time = br->hello_time = 2 * HZ;
--- a/net/bridge/br_input.c 2011-10-03 11:08:32.944122866 -0700
+++ b/net/bridge/br_input.c 2011-10-03 11:18:31.063811030 -0700
@@ -162,14 +162,37 @@ rx_handler_result_t br_handle_frame(stru
p = br_port_get_rcu(skb->dev);
if (unlikely(is_link_local(dest))) {
- /* Pause frames shouldn't be passed up by driver anyway */
- if (skb->protocol == htons(ETH_P_PAUSE))
+ /*
+ * See IEEE 802.1D Table 7-10 Reserved addresses
+ *
+ * Assignment Value
+ * Bridge Group Address 01-80-C2-00-00-00
+ * (MAC Control) 802.3 01-80-C2-00-00-01
+ * (Link Aggregation) 802.3 01-80-C2-00-00-02
+ * 802.1X PAE address 01-80-C2-00-00-03
+ *
+ * 802.1AB LLDP 01-80-C2-00-00-0E
+ *
+ * Others reserved for future standardization
+ */
+ switch (dest[5]) {
+ case 0x00: /* Bridge Group Address */
+ /* If STP is turned off,
+ then must forward to keep loop detection */
+ if (p->br->stp_enabled == BR_NO_STP)
+ goto forward;
+ break;
+
+ case 0x01: /* IEEE MAC (Pause) */
goto drop;
- /* If STP is turned off, then forward */
- if (p->br->stp_enabled == BR_NO_STP && dest[5] == 0)
- goto forward;
+ default:
+ /* Allow selective forwarding for most other protocols */
+ if (p->br->group_fwd_mask & (1u << dest[5]))
+ goto forward;
+ }
+ /* Deliver packet to local host only */
if (NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_IN, skb, skb->dev,
NULL, br_handle_local_finish)) {
return RX_HANDLER_CONSUMED; /* consumed by filter */
--- a/net/bridge/br_private.h 2011-10-03 11:08:32.888122106 -0700
+++ b/net/bridge/br_private.h 2011-10-03 11:18:22.967713859 -0700
@@ -29,6 +29,11 @@
#define BR_VERSION "2.3"
+/* Control of forwarding link local multicast */
+#define BR_GROUPFWD_DEFAULT 0
+/* Don't allow forwarding control protocols like STP and LLDP */
+#define BR_GROUPFWD_RESTRICTED 0x4007u
+
/* Path to usermode spanning tree program */
#define BR_STP_PROG "/sbin/bridge-stp"
@@ -193,6 +198,8 @@ struct net_bridge
unsigned long flags;
#define BR_SET_MAC_ADDR 0x00000001
+ u16 group_fwd_mask;
+
/* STP */
bridge_id designated_root;
bridge_id bridge_id;
--- a/net/bridge/br_sysfs_br.c 2011-10-03 11:08:32.920122541 -0700
+++ b/net/bridge/br_sysfs_br.c 2011-10-03 11:08:43.932271613 -0700
@@ -149,6 +149,39 @@ static ssize_t store_stp_state(struct de
static DEVICE_ATTR(stp_state, S_IRUGO | S_IWUSR, show_stp_state,
store_stp_state);
+static ssize_t show_group_fwd_mask(struct device *d,
+ struct device_attribute *attr, char *buf)
+{
+ struct net_bridge *br = to_bridge(d);
+ return sprintf(buf, "%#x\n", br->group_fwd_mask);
+}
+
+
+static ssize_t store_group_fwd_mask(struct device *d,
+ struct device_attribute *attr, const char *buf,
+ size_t len)
+{
+ struct net_bridge *br = to_bridge(d);
+ char *endp;
+ unsigned long val;
+
+ if (!capable(CAP_NET_ADMIN))
+ return -EPERM;
+
+ val = simple_strtoul(buf, &endp, 0);
+ if (endp == buf)
+ return -EINVAL;
+
+ if (val & BR_GROUPFWD_RESTRICTED)
+ return -EINVAL;
+
+ br->group_fwd_mask = val;
+
+ return len;
+}
+static DEVICE_ATTR(group_fwd_mask, S_IRUGO | S_IWUSR, show_group_fwd_mask,
+ store_group_fwd_mask);
+
static ssize_t show_priority(struct device *d, struct device_attribute *attr,
char *buf)
{
@@ -652,6 +685,7 @@ static struct attribute *bridge_attrs[]
&dev_attr_max_age.attr,
&dev_attr_ageing_time.attr,
&dev_attr_stp_state.attr,
+ &dev_attr_group_fwd_mask.attr,
&dev_attr_priority.attr,
&dev_attr_bridge_id.attr,
&dev_attr_root_id.attr,
^ permalink raw reply
* Re: [PATCH v4 6/8] tcp buffer limitation: per-cgroup limit
From: KAMEZAWA Hiroyuki @ 2011-10-04 1:21 UTC (permalink / raw)
To: Glauber Costa
Cc: linux-kernel, paul, lizf, ebiederm, davem, gthelen, netdev,
linux-mm, kirill, avagin
In-Reply-To: <1317637123-18306-7-git-send-email-glommer@parallels.com>
On Mon, 3 Oct 2011 14:18:41 +0400
Glauber Costa <glommer@parallels.com> wrote:
> This patch uses the "tcp_max_mem" field of the kmem_cgroup to
> effectively control the amount of kernel memory pinned by a cgroup.
>
> We have to make sure that none of the memory pressure thresholds
> specified in the namespace are bigger than the current cgroup.
>
> Signed-off-by: Glauber Costa <glommer@parallels.com>
> CC: David S. Miller <davem@davemloft.net>
> CC: Hiroyouki Kamezawa <kamezawa.hiroyu@jp.fujitsu.com>
> CC: Eric W. Biederman <ebiederm@xmission.com>
> ---
> Documentation/cgroups/memory.txt | 1 +
> include/linux/memcontrol.h | 10 +++++
> include/net/tcp.h | 1 +
> mm/memcontrol.c | 76 +++++++++++++++++++++++++++++++++++---
> net/ipv4/sysctl_net_ipv4.c | 20 ++++++++++
> 5 files changed, 102 insertions(+), 6 deletions(-)
>
> diff --git a/Documentation/cgroups/memory.txt b/Documentation/cgroups/memory.txt
> index 6f1954a..1ffde3e 100644
> --- a/Documentation/cgroups/memory.txt
> +++ b/Documentation/cgroups/memory.txt
> @@ -78,6 +78,7 @@ Brief summary of control files.
>
> memory.independent_kmem_limit # select whether or not kernel memory limits are
> independent of user limits
> + memory.kmem.tcp.max_memory # set/show hard limit for tcp buf memory
>
What is the releationship between tcp.max_memory and kmem_limit ?
tcp.max_memory < kmem_limit ?
usage of tcp memory is included in kmem usage ?
Thanks,
-Kame
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Fight unfair telecom internet charges in Canada: sign http://stopthemeter.ca/
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply
* Re: [PATCH v4 5/8] per-netns ipv4 sysctl_tcp_mem
From: KAMEZAWA Hiroyuki @ 2011-10-04 1:18 UTC (permalink / raw)
To: Glauber Costa
Cc: linux-kernel, paul, lizf, ebiederm, davem, gthelen, netdev,
linux-mm, kirill, avagin
In-Reply-To: <1317637123-18306-6-git-send-email-glommer@parallels.com>
On Mon, 3 Oct 2011 14:18:40 +0400
Glauber Costa <glommer@parallels.com> wrote:
> This patch allows each namespace to independently set up
> its levels for tcp memory pressure thresholds. This patch
> alone does not buy much: we need to make this values
> per group of process somehow. This is achieved in the
> patches that follows in this patchset.
>
> Signed-off-by: Glauber Costa <glommer@parallels.com>
> CC: David S. Miller <davem@davemloft.net>
> CC: Hiroyouki Kamezawa <kamezawa.hiroyu@jp.fujitsu.com>
> CC: Eric W. Biederman <ebiederm@xmission.com>
Reviewed-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
^ permalink raw reply
* Re: [PATCH v4 4/8] per-cgroup tcp buffers control
From: KAMEZAWA Hiroyuki @ 2011-10-04 1:16 UTC (permalink / raw)
To: Glauber Costa
Cc: linux-kernel, paul, lizf, ebiederm, davem, gthelen, netdev,
linux-mm, kirill, avagin
In-Reply-To: <1317637123-18306-5-git-send-email-glommer@parallels.com>
On Mon, 3 Oct 2011 14:18:39 +0400
Glauber Costa <glommer@parallels.com> wrote:
> With all the infrastructure in place, this patch implements
> per-cgroup control for tcp memory pressure handling.
>
> Signed-off-by: Glauber Costa <glommer@parallels.com>
> CC: David S. Miller <davem@davemloft.net>
> CC: Hiroyouki Kamezawa <kamezawa.hiroyu@jp.fujitsu.com>
> CC: Eric W. Biederman <ebiederm@xmission.com>
Reviewed-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujtisu.com>
One question.
> +void tcp_enter_memory_pressure(struct sock *sk)
> +{
> + struct mem_cgroup *memcg = sk->sk_cgrp;
> + if (!memcg->tcp.tcp_memory_pressure) {
> + NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPMEMORYPRESSURES);
> + memcg->tcp.tcp_memory_pressure = 1;
> + }
> +}
It seems memcg->tcp.tcp_memory_pressure has no locks and not atomic.
no problematic race ?
Thanks,
-Kame
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Fight unfair telecom internet charges in Canada: sign http://stopthemeter.ca/
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply
* Re: [PATCH v4 3/8] foundations of per-cgroup memory pressure controlling.
From: KAMEZAWA Hiroyuki @ 2011-10-04 0:57 UTC (permalink / raw)
To: Glauber Costa
Cc: linux-kernel, paul, lizf, ebiederm, davem, gthelen, netdev,
linux-mm, kirill, avagin
In-Reply-To: <1317637123-18306-4-git-send-email-glommer@parallels.com>
On Mon, 3 Oct 2011 14:18:38 +0400
Glauber Costa <glommer@parallels.com> wrote:
> This patch converts struct sock fields memory_pressure,
> memory_allocated, sockets_allocated, and sysctl_mem (now prot_mem)
> to function pointers, receiving a struct mem_cgroup parameter.
>
> enter_memory_pressure is kept the same, since all its callers
> have socket a context, and the kmem_cgroup can be derived from
> the socket itself.
>
> To keep things working, the patch convert all users of those fields
> to use acessor functions.
>
> In my benchmarks I didn't see a significant performance difference
> with this patch applied compared to a baseline (around 1 % diff, thus
> inside error margin).
>
> Signed-off-by: Glauber Costa <glommer@parallels.com>
> CC: David S. Miller <davem@davemloft.net>
> CC: Hiroyouki Kamezawa <kamezawa.hiroyu@jp.fujitsu.com>
> CC: Eric W. Biederman <ebiederm@xmission.com>
A nitpick.
> #ifdef CONFIG_INET
> struct sock;
> +struct proto;
> #ifdef CONFIG_CGROUP_MEM_RES_CTLR_KMEM
> void sock_update_memcg(struct sock *sk);
> void sock_release_memcg(struct sock *sk);
> -
> +void memcg_sock_mem_alloc(struct mem_cgroup *mem, struct proto *prot,
> + int amt, int *parent_failure);
> +void memcg_sock_mem_free(struct mem_cgroup *mem, struct proto *prot, int amt);
> +void memcg_sockets_allocated_dec(struct mem_cgroup *mem, struct proto *prot);
> +void memcg_sockets_allocated_inc(struct mem_cgroup *mem, struct proto *prot);
> #else
> +/* memcontrol includes sockets.h, that includes memcontrol.h ... */
> +static inline void memcg_sock_mem_alloc(struct mem_cgroup *mem,
> + struct proto *prot, int amt,
> + int *parent_failure)
> +{
> +}
In these days, at naming memory cgroup pointers, we use "memcg" instead of
"mem". So, could you use "memcg" for represeinting memory cgroup ?
> +
> +void memcg_sock_mem_alloc(struct mem_cgroup *mem, struct proto *prot,
> + int amt, int *parent_failure)
> +{
> + mem = parent_mem_cgroup(mem);
> + for (; mem != NULL; mem = parent_mem_cgroup(mem)) {
> + long alloc;
> + long *prot_mem = prot->prot_mem(mem);
> + /*
> + * Large nestings are not the common case, and stopping in the
> + * middle would be complicated enough, that we bill it all the
> + * way through the root, and if needed, unbill everything later
> + */
> + alloc = atomic_long_add_return(amt,
> + prot->memory_allocated(mem));
> + *parent_failure |= (alloc > prot_mem[2]);
> + }
> +}
> +EXPORT_SYMBOL(memcg_sock_mem_alloc);
Hmm. why not using res_counter ? for reusing 'unbill' code ?
Thanks,
-Kame
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Fight unfair telecom internet charges in Canada: sign http://stopthemeter.ca/
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply
* Re: [PATCH v4 2/8] socket: initial cgroup code.
From: KAMEZAWA Hiroyuki @ 2011-10-04 0:41 UTC (permalink / raw)
To: Glauber Costa
Cc: linux-kernel, paul, lizf, ebiederm, davem, gthelen, netdev,
linux-mm, kirill, avagin
In-Reply-To: <1317637123-18306-3-git-send-email-glommer@parallels.com>
On Mon, 3 Oct 2011 14:18:37 +0400
Glauber Costa <glommer@parallels.com> wrote:
> We aim to control the amount of kernel memory pinned at any
> time by tcp sockets. To lay the foundations for this work,
> this patch adds a pointer to the kmem_cgroup to the socket
> structure.
>
> Signed-off-by: Glauber Costa <glommer@parallels.com>
> CC: David S. Miller <davem@davemloft.net>
> CC: Hiroyouki Kamezawa <kamezawa.hiroyu@jp.fujitsu.com>
> CC: Eric W. Biederman <ebiederm@xmission.com>
Reviewed-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujtsu.com>
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Fight unfair telecom internet charges in Canada: sign http://stopthemeter.ca/
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply
* Re: [PATCH v4 1/8] Basic kernel memory functionality for the Memory Controller
From: KAMEZAWA Hiroyuki @ 2011-10-04 0:38 UTC (permalink / raw)
To: Glauber Costa
Cc: linux-kernel, paul, lizf, ebiederm, davem, gthelen, netdev,
linux-mm, kirill, avagin
In-Reply-To: <1317637123-18306-2-git-send-email-glommer@parallels.com>
On Mon, 3 Oct 2011 14:18:36 +0400
Glauber Costa <glommer@parallels.com> wrote:
> This patch lays down the foundation for the kernel memory component
> of the Memory Controller.
>
> As of today, I am only laying down the following files:
>
> * memory.independent_kmem_limit
> * memory.kmem.limit_in_bytes (currently ignored)
> * memory.kmem.usage_in_bytes (always zero)
>
> Signed-off-by: Glauber Costa <glommer@parallels.com>
> CC: Paul Menage <paul@paulmenage.org>
> CC: Greg Thelen <gthelen@google.com>
> ---
> Documentation/cgroups/memory.txt | 30 +++++++++++-
> init/Kconfig | 11 ++++
> mm/memcontrol.c | 94 +++++++++++++++++++++++++++++++++++---
> 3 files changed, 126 insertions(+), 9 deletions(-)
>
> diff --git a/Documentation/cgroups/memory.txt b/Documentation/cgroups/memory.txt
> index 6f3c598..6f1954a 100644
> --- a/Documentation/cgroups/memory.txt
> +++ b/Documentation/cgroups/memory.txt
> @@ -44,8 +44,9 @@ Features:
> - oom-killer disable knob and oom-notifier
> - Root cgroup has no limit controls.
>
> - Kernel memory and Hugepages are not under control yet. We just manage
> - pages on LRU. To add more controls, we have to take care of performance.
> + Hugepages is not under control yet. We just manage pages on LRU. To add more
> + controls, we have to take care of performance. Kernel memory support is work
> + in progress, and the current version provides basically functionality.
>
> Brief summary of control files.
>
> @@ -56,8 +57,11 @@ Brief summary of control files.
> (See 5.5 for details)
> memory.memsw.usage_in_bytes # show current res_counter usage for memory+Swap
> (See 5.5 for details)
> + memory.kmem.usage_in_bytes # show current res_counter usage for kmem only.
> + (See 2.7 for details)
> memory.limit_in_bytes # set/show limit of memory usage
> memory.memsw.limit_in_bytes # set/show limit of memory+Swap usage
> + memory.kmem.limit_in_bytes # if allowed, set/show limit of kernel memory
> memory.failcnt # show the number of memory usage hits limits
> memory.memsw.failcnt # show the number of memory+Swap hits limits
> memory.max_usage_in_bytes # show max memory usage recorded
> @@ -72,6 +76,9 @@ Brief summary of control files.
> memory.oom_control # set/show oom controls.
> memory.numa_stat # show the number of memory usage per numa node
>
> + memory.independent_kmem_limit # select whether or not kernel memory limits are
> + independent of user limits
> +
> 1. History
>
> The memory controller has a long history. A request for comments for the memory
> @@ -255,6 +262,25 @@ When oom event notifier is registered, event will be delivered.
> per-zone-per-cgroup LRU (cgroup's private LRU) is just guarded by
> zone->lru_lock, it has no lock of its own.
>
> +2.7 Kernel Memory Extension (CONFIG_CGROUP_MEM_RES_CTLR_KMEM)
> +
> + With the Kernel memory extension, the Memory Controller is able to limit
> +the amount of kernel memory used by the system. Kernel memory is fundamentally
> +different than user memory, since it can't be swapped out, which makes it
> +possible to DoS the system by consuming too much of this precious resource.
> +Kernel memory limits are not imposed for the root cgroup.
> +
> +Memory limits as specified by the standard Memory Controller may or may not
> +take kernel memory into consideration. This is achieved through the file
> +memory.independent_kmem_limit. A Value different than 0 will allow for kernel
> +memory to be controlled separately.
> +
> +When kernel memory limits are not independent, the limit values set in
> +memory.kmem files are ignored.
> +
> +Currently no soft limit is implemented for kernel memory. It is future work
> +to trigger slab reclaim when those limits are reached.
> +
Please add some CAUTION like
==
"CAUTION: the kmem extetion prevents tasks from moving among cgroups.
If a task has kmem accounting in a cgroup, the task cannot be moved
until the kmem resource is released. And more, until the resource is
fully released, the cgroup cannot be destroyed. So, please consider
your use cases and set kmem extention config carefully".
==
And add some memo to KCONFIG. This should be warned.
> +config CGROUP_MEM_RES_CTLR_KMEM
> + bool "Memory Resource Controller Kernel Memory accounting (EXPERIMENTAL)"
> + depends on CGROUP_MEM_RES_CTLR && EXPERIMENTAL
> + default y
default must be n until you fixes the bug.
Thanks,
-Kame
^ permalink raw reply
* Re: [PATCH] SELinux: Fix RCU deref check warning in sel_netport_insert()
From: Paul Moore @ 2011-10-04 0:06 UTC (permalink / raw)
To: David Howells; +Cc: selinux, netdev
In-Reply-To: <25906.1317683262@redhat.com>
On Tuesday, October 4, 2011 12:07:42 AM David Howells wrote:
> Paul Moore <paul@paul-moore.com> wrote:
> > We should probably do the same for the security/selinux/netif.c as it
> > uses the same logic; David is this something you want to tackle?
>
> I can have a look, but it won't be before Wednesday.
Not a problem, if you don't get to it just let me know and I'll put together a
patch.
Thanks.
--
paul moore
www.paul-moore.com
^ permalink raw reply
page: next (older) | prev (newer) | latest
- recent:[subjects (threaded)|topics (new)|topics (active)]
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox