mirror of
https://github.com/adulau/aha.git
synced 2024-12-29 12:16:20 +00:00
a6df63615b
Soft limits is a new feature for the memory resource controller, something similar has existed in the group scheduler in the form of shares. The CPU controllers interpretation of shares is very different though. Soft limits are the most useful feature to have for environments where the administrator wants to overcommit the system, such that only on memory contention do the limits become active. The current soft limits implementation provides a soft_limit_in_bytes interface for the memory controller and not for memory+swap controller. The implementation maintains an RB-Tree of groups that exceed their soft limit and starts reclaiming from the group that exceeds this limit by the maximum amount. This patch: Add documentation for soft limits Signed-off-by: Balbir Singh <balbir@linux.vnet.ibm.com> Cc: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com> Cc: Li Zefan <lizf@cn.fujitsu.com> Cc: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
453 lines
17 KiB
Text
453 lines
17 KiB
Text
Memory Resource Controller
|
|
|
|
NOTE: The Memory Resource Controller has been generically been referred
|
|
to as the memory controller in this document. Do not confuse memory controller
|
|
used here with the memory controller that is used in hardware.
|
|
|
|
Salient features
|
|
|
|
a. Enable control of Anonymous, Page Cache (mapped and unmapped) and
|
|
Swap Cache memory pages.
|
|
b. The infrastructure allows easy addition of other types of memory to control
|
|
c. Provides *zero overhead* for non memory controller users
|
|
d. Provides a double LRU: global memory pressure causes reclaim from the
|
|
global LRU; a cgroup on hitting a limit, reclaims from the per
|
|
cgroup LRU
|
|
|
|
Benefits and Purpose of the memory controller
|
|
|
|
The memory controller isolates the memory behaviour of a group of tasks
|
|
from the rest of the system. The article on LWN [12] mentions some probable
|
|
uses of the memory controller. The memory controller can be used to
|
|
|
|
a. Isolate an application or a group of applications
|
|
Memory hungry applications can be isolated and limited to a smaller
|
|
amount of memory.
|
|
b. Create a cgroup with limited amount of memory, this can be used
|
|
as a good alternative to booting with mem=XXXX.
|
|
c. Virtualization solutions can control the amount of memory they want
|
|
to assign to a virtual machine instance.
|
|
d. A CD/DVD burner could control the amount of memory used by the
|
|
rest of the system to ensure that burning does not fail due to lack
|
|
of available memory.
|
|
e. There are several other use cases, find one or use the controller just
|
|
for fun (to learn and hack on the VM subsystem).
|
|
|
|
1. History
|
|
|
|
The memory controller has a long history. A request for comments for the memory
|
|
controller was posted by Balbir Singh [1]. At the time the RFC was posted
|
|
there were several implementations for memory control. The goal of the
|
|
RFC was to build consensus and agreement for the minimal features required
|
|
for memory control. The first RSS controller was posted by Balbir Singh[2]
|
|
in Feb 2007. Pavel Emelianov [3][4][5] has since posted three versions of the
|
|
RSS controller. At OLS, at the resource management BoF, everyone suggested
|
|
that we handle both page cache and RSS together. Another request was raised
|
|
to allow user space handling of OOM. The current memory controller is
|
|
at version 6; it combines both mapped (RSS) and unmapped Page
|
|
Cache Control [11].
|
|
|
|
2. Memory Control
|
|
|
|
Memory is a unique resource in the sense that it is present in a limited
|
|
amount. If a task requires a lot of CPU processing, the task can spread
|
|
its processing over a period of hours, days, months or years, but with
|
|
memory, the same physical memory needs to be reused to accomplish the task.
|
|
|
|
The memory controller implementation has been divided into phases. These
|
|
are:
|
|
|
|
1. Memory controller
|
|
2. mlock(2) controller
|
|
3. Kernel user memory accounting and slab control
|
|
4. user mappings length controller
|
|
|
|
The memory controller is the first controller developed.
|
|
|
|
2.1. Design
|
|
|
|
The core of the design is a counter called the res_counter. The res_counter
|
|
tracks the current memory usage and limit of the group of processes associated
|
|
with the controller. Each cgroup has a memory controller specific data
|
|
structure (mem_cgroup) associated with it.
|
|
|
|
2.2. Accounting
|
|
|
|
+--------------------+
|
|
| mem_cgroup |
|
|
| (res_counter) |
|
|
+--------------------+
|
|
/ ^ \
|
|
/ | \
|
|
+---------------+ | +---------------+
|
|
| mm_struct | |.... | mm_struct |
|
|
| | | | |
|
|
+---------------+ | +---------------+
|
|
|
|
|
+ --------------+
|
|
|
|
|
+---------------+ +------+--------+
|
|
| page +----------> page_cgroup|
|
|
| | | |
|
|
+---------------+ +---------------+
|
|
|
|
(Figure 1: Hierarchy of Accounting)
|
|
|
|
|
|
Figure 1 shows the important aspects of the controller
|
|
|
|
1. Accounting happens per cgroup
|
|
2. Each mm_struct knows about which cgroup it belongs to
|
|
3. Each page has a pointer to the page_cgroup, which in turn knows the
|
|
cgroup it belongs to
|
|
|
|
The accounting is done as follows: mem_cgroup_charge() is invoked to setup
|
|
the necessary data structures and check if the cgroup that is being charged
|
|
is over its limit. If it is then reclaim is invoked on the cgroup.
|
|
More details can be found in the reclaim section of this document.
|
|
If everything goes well, a page meta-data-structure called page_cgroup is
|
|
allocated and associated with the page. This routine also adds the page to
|
|
the per cgroup LRU.
|
|
|
|
2.2.1 Accounting details
|
|
|
|
All mapped anon pages (RSS) and cache pages (Page Cache) are accounted.
|
|
(some pages which never be reclaimable and will not be on global LRU
|
|
are not accounted. we just accounts pages under usual vm management.)
|
|
|
|
RSS pages are accounted at page_fault unless they've already been accounted
|
|
for earlier. A file page will be accounted for as Page Cache when it's
|
|
inserted into inode (radix-tree). While it's mapped into the page tables of
|
|
processes, duplicate accounting is carefully avoided.
|
|
|
|
A RSS page is unaccounted when it's fully unmapped. A PageCache page is
|
|
unaccounted when it's removed from radix-tree.
|
|
|
|
At page migration, accounting information is kept.
|
|
|
|
Note: we just account pages-on-lru because our purpose is to control amount
|
|
of used pages. not-on-lru pages are tend to be out-of-control from vm view.
|
|
|
|
2.3 Shared Page Accounting
|
|
|
|
Shared pages are accounted on the basis of the first touch approach. The
|
|
cgroup that first touches a page is accounted for the page. The principle
|
|
behind this approach is that a cgroup that aggressively uses a shared
|
|
page will eventually get charged for it (once it is uncharged from
|
|
the cgroup that brought it in -- this will happen on memory pressure).
|
|
|
|
Exception: If CONFIG_CGROUP_CGROUP_MEM_RES_CTLR_SWAP is not used..
|
|
When you do swapoff and make swapped-out pages of shmem(tmpfs) to
|
|
be backed into memory in force, charges for pages are accounted against the
|
|
caller of swapoff rather than the users of shmem.
|
|
|
|
|
|
2.4 Swap Extension (CONFIG_CGROUP_MEM_RES_CTLR_SWAP)
|
|
Swap Extension allows you to record charge for swap. A swapped-in page is
|
|
charged back to original page allocator if possible.
|
|
|
|
When swap is accounted, following files are added.
|
|
- memory.memsw.usage_in_bytes.
|
|
- memory.memsw.limit_in_bytes.
|
|
|
|
usage of mem+swap is limited by memsw.limit_in_bytes.
|
|
|
|
* why 'mem+swap' rather than swap.
|
|
The global LRU(kswapd) can swap out arbitrary pages. Swap-out means
|
|
to move account from memory to swap...there is no change in usage of
|
|
mem+swap. In other words, when we want to limit the usage of swap without
|
|
affecting global LRU, mem+swap limit is better than just limiting swap from
|
|
OS point of view.
|
|
|
|
* What happens when a cgroup hits memory.memsw.limit_in_bytes
|
|
When a cgroup his memory.memsw.limit_in_bytes, it's useless to do swap-out
|
|
in this cgroup. Then, swap-out will not be done by cgroup routine and file
|
|
caches are dropped. But as mentioned above, global LRU can do swapout memory
|
|
from it for sanity of the system's memory management state. You can't forbid
|
|
it by cgroup.
|
|
|
|
2.5 Reclaim
|
|
|
|
Each cgroup maintains a per cgroup LRU that consists of an active
|
|
and inactive list. When a cgroup goes over its limit, we first try
|
|
to reclaim memory from the cgroup so as to make space for the new
|
|
pages that the cgroup has touched. If the reclaim is unsuccessful,
|
|
an OOM routine is invoked to select and kill the bulkiest task in the
|
|
cgroup.
|
|
|
|
The reclaim algorithm has not been modified for cgroups, except that
|
|
pages that are selected for reclaiming come from the per cgroup LRU
|
|
list.
|
|
|
|
NOTE: Reclaim does not work for the root cgroup, since we cannot set any
|
|
limits on the root cgroup.
|
|
|
|
2. Locking
|
|
|
|
The memory controller uses the following hierarchy
|
|
|
|
1. zone->lru_lock is used for selecting pages to be isolated
|
|
2. mem->per_zone->lru_lock protects the per cgroup LRU (per zone)
|
|
3. lock_page_cgroup() is used to protect page->page_cgroup
|
|
|
|
3. User Interface
|
|
|
|
0. Configuration
|
|
|
|
a. Enable CONFIG_CGROUPS
|
|
b. Enable CONFIG_RESOURCE_COUNTERS
|
|
c. Enable CONFIG_CGROUP_MEM_RES_CTLR
|
|
|
|
1. Prepare the cgroups
|
|
# mkdir -p /cgroups
|
|
# mount -t cgroup none /cgroups -o memory
|
|
|
|
2. Make the new group and move bash into it
|
|
# mkdir /cgroups/0
|
|
# echo $$ > /cgroups/0/tasks
|
|
|
|
Since now we're in the 0 cgroup,
|
|
We can alter the memory limit:
|
|
# echo 4M > /cgroups/0/memory.limit_in_bytes
|
|
|
|
NOTE: We can use a suffix (k, K, m, M, g or G) to indicate values in kilo,
|
|
mega or gigabytes.
|
|
NOTE: We can write "-1" to reset the *.limit_in_bytes(unlimited).
|
|
NOTE: We cannot set limits on the root cgroup any more.
|
|
|
|
# cat /cgroups/0/memory.limit_in_bytes
|
|
4194304
|
|
|
|
NOTE: The interface has now changed to display the usage in bytes
|
|
instead of pages
|
|
|
|
We can check the usage:
|
|
# cat /cgroups/0/memory.usage_in_bytes
|
|
1216512
|
|
|
|
A successful write to this file does not guarantee a successful set of
|
|
this limit to the value written into the file. This can be due to a
|
|
number of factors, such as rounding up to page boundaries or the total
|
|
availability of memory on the system. The user is required to re-read
|
|
this file after a write to guarantee the value committed by the kernel.
|
|
|
|
# echo 1 > memory.limit_in_bytes
|
|
# cat memory.limit_in_bytes
|
|
4096
|
|
|
|
The memory.failcnt field gives the number of times that the cgroup limit was
|
|
exceeded.
|
|
|
|
The memory.stat file gives accounting information. Now, the number of
|
|
caches, RSS and Active pages/Inactive pages are shown.
|
|
|
|
4. Testing
|
|
|
|
Balbir posted lmbench, AIM9, LTP and vmmstress results [10] and [11].
|
|
Apart from that v6 has been tested with several applications and regular
|
|
daily use. The controller has also been tested on the PPC64, x86_64 and
|
|
UML platforms.
|
|
|
|
4.1 Troubleshooting
|
|
|
|
Sometimes a user might find that the application under a cgroup is
|
|
terminated. There are several causes for this:
|
|
|
|
1. The cgroup limit is too low (just too low to do anything useful)
|
|
2. The user is using anonymous memory and swap is turned off or too low
|
|
|
|
A sync followed by echo 1 > /proc/sys/vm/drop_caches will help get rid of
|
|
some of the pages cached in the cgroup (page cache pages).
|
|
|
|
4.2 Task migration
|
|
|
|
When a task migrates from one cgroup to another, it's charge is not
|
|
carried forward. The pages allocated from the original cgroup still
|
|
remain charged to it, the charge is dropped when the page is freed or
|
|
reclaimed.
|
|
|
|
4.3 Removing a cgroup
|
|
|
|
A cgroup can be removed by rmdir, but as discussed in sections 4.1 and 4.2, a
|
|
cgroup might have some charge associated with it, even though all
|
|
tasks have migrated away from it.
|
|
Such charges are freed(at default) or moved to its parent. When moved,
|
|
both of RSS and CACHES are moved to parent.
|
|
If both of them are busy, rmdir() returns -EBUSY. See 5.1 Also.
|
|
|
|
Charges recorded in swap information is not updated at removal of cgroup.
|
|
Recorded information is discarded and a cgroup which uses swap (swapcache)
|
|
will be charged as a new owner of it.
|
|
|
|
|
|
5. Misc. interfaces.
|
|
|
|
5.1 force_empty
|
|
memory.force_empty interface is provided to make cgroup's memory usage empty.
|
|
You can use this interface only when the cgroup has no tasks.
|
|
When writing anything to this
|
|
|
|
# echo 0 > memory.force_empty
|
|
|
|
Almost all pages tracked by this memcg will be unmapped and freed. Some of
|
|
pages cannot be freed because it's locked or in-use. Such pages are moved
|
|
to parent and this cgroup will be empty. But this may return -EBUSY in
|
|
some too busy case.
|
|
|
|
Typical use case of this interface is that calling this before rmdir().
|
|
Because rmdir() moves all pages to parent, some out-of-use page caches can be
|
|
moved to the parent. If you want to avoid that, force_empty will be useful.
|
|
|
|
5.2 stat file
|
|
|
|
memory.stat file includes following statistics
|
|
|
|
cache - # of bytes of page cache memory.
|
|
rss - # of bytes of anonymous and swap cache memory.
|
|
pgpgin - # of pages paged in (equivalent to # of charging events).
|
|
pgpgout - # of pages paged out (equivalent to # of uncharging events).
|
|
active_anon - # of bytes of anonymous and swap cache memory on active
|
|
lru list.
|
|
inactive_anon - # of bytes of anonymous memory and swap cache memory on
|
|
inactive lru list.
|
|
active_file - # of bytes of file-backed memory on active lru list.
|
|
inactive_file - # of bytes of file-backed memory on inactive lru list.
|
|
unevictable - # of bytes of memory that cannot be reclaimed (mlocked etc).
|
|
|
|
The following additional stats are dependent on CONFIG_DEBUG_VM.
|
|
|
|
inactive_ratio - VM internal parameter. (see mm/page_alloc.c)
|
|
recent_rotated_anon - VM internal parameter. (see mm/vmscan.c)
|
|
recent_rotated_file - VM internal parameter. (see mm/vmscan.c)
|
|
recent_scanned_anon - VM internal parameter. (see mm/vmscan.c)
|
|
recent_scanned_file - VM internal parameter. (see mm/vmscan.c)
|
|
|
|
Memo:
|
|
recent_rotated means recent frequency of lru rotation.
|
|
recent_scanned means recent # of scans to lru.
|
|
showing for better debug please see the code for meanings.
|
|
|
|
Note:
|
|
Only anonymous and swap cache memory is listed as part of 'rss' stat.
|
|
This should not be confused with the true 'resident set size' or the
|
|
amount of physical memory used by the cgroup. Per-cgroup rss
|
|
accounting is not done yet.
|
|
|
|
5.3 swappiness
|
|
Similar to /proc/sys/vm/swappiness, but affecting a hierarchy of groups only.
|
|
|
|
Following cgroups' swapiness can't be changed.
|
|
- root cgroup (uses /proc/sys/vm/swappiness).
|
|
- a cgroup which uses hierarchy and it has child cgroup.
|
|
- a cgroup which uses hierarchy and not the root of hierarchy.
|
|
|
|
|
|
6. Hierarchy support
|
|
|
|
The memory controller supports a deep hierarchy and hierarchical accounting.
|
|
The hierarchy is created by creating the appropriate cgroups in the
|
|
cgroup filesystem. Consider for example, the following cgroup filesystem
|
|
hierarchy
|
|
|
|
root
|
|
/ | \
|
|
/ | \
|
|
a b c
|
|
| \
|
|
| \
|
|
d e
|
|
|
|
In the diagram above, with hierarchical accounting enabled, all memory
|
|
usage of e, is accounted to its ancestors up until the root (i.e, c and root),
|
|
that has memory.use_hierarchy enabled. If one of the ancestors goes over its
|
|
limit, the reclaim algorithm reclaims from the tasks in the ancestor and the
|
|
children of the ancestor.
|
|
|
|
6.1 Enabling hierarchical accounting and reclaim
|
|
|
|
The memory controller by default disables the hierarchy feature. Support
|
|
can be enabled by writing 1 to memory.use_hierarchy file of the root cgroup
|
|
|
|
# echo 1 > memory.use_hierarchy
|
|
|
|
The feature can be disabled by
|
|
|
|
# echo 0 > memory.use_hierarchy
|
|
|
|
NOTE1: Enabling/disabling will fail if the cgroup already has other
|
|
cgroups created below it.
|
|
|
|
NOTE2: This feature can be enabled/disabled per subtree.
|
|
|
|
7. Soft limits
|
|
|
|
Soft limits allow for greater sharing of memory. The idea behind soft limits
|
|
is to allow control groups to use as much of the memory as needed, provided
|
|
|
|
a. There is no memory contention
|
|
b. They do not exceed their hard limit
|
|
|
|
When the system detects memory contention or low memory control groups
|
|
are pushed back to their soft limits. If the soft limit of each control
|
|
group is very high, they are pushed back as much as possible to make
|
|
sure that one control group does not starve the others of memory.
|
|
|
|
Please note that soft limits is a best effort feature, it comes with
|
|
no guarantees, but it does its best to make sure that when memory is
|
|
heavily contended for, memory is allocated based on the soft limit
|
|
hints/setup. Currently soft limit based reclaim is setup such that
|
|
it gets invoked from balance_pgdat (kswapd).
|
|
|
|
7.1 Interface
|
|
|
|
Soft limits can be setup by using the following commands (in this example we
|
|
assume a soft limit of 256 megabytes)
|
|
|
|
# echo 256M > memory.soft_limit_in_bytes
|
|
|
|
If we want to change this to 1G, we can at any time use
|
|
|
|
# echo 1G > memory.soft_limit_in_bytes
|
|
|
|
NOTE1: Soft limits take effect over a long period of time, since they involve
|
|
reclaiming memory for balancing between memory cgroups
|
|
NOTE2: It is recommended to set the soft limit always below the hard limit,
|
|
otherwise the hard limit will take precedence.
|
|
|
|
8. TODO
|
|
|
|
1. Add support for accounting huge pages (as a separate controller)
|
|
2. Make per-cgroup scanner reclaim not-shared pages first
|
|
3. Teach controller to account for shared-pages
|
|
4. Start reclamation in the background when the limit is
|
|
not yet hit but the usage is getting closer
|
|
|
|
Summary
|
|
|
|
Overall, the memory controller has been a stable controller and has been
|
|
commented and discussed quite extensively in the community.
|
|
|
|
References
|
|
|
|
1. Singh, Balbir. RFC: Memory Controller, http://lwn.net/Articles/206697/
|
|
2. Singh, Balbir. Memory Controller (RSS Control),
|
|
http://lwn.net/Articles/222762/
|
|
3. Emelianov, Pavel. Resource controllers based on process cgroups
|
|
http://lkml.org/lkml/2007/3/6/198
|
|
4. Emelianov, Pavel. RSS controller based on process cgroups (v2)
|
|
http://lkml.org/lkml/2007/4/9/78
|
|
5. Emelianov, Pavel. RSS controller based on process cgroups (v3)
|
|
http://lkml.org/lkml/2007/5/30/244
|
|
6. Menage, Paul. Control Groups v10, http://lwn.net/Articles/236032/
|
|
7. Vaidyanathan, Srinivasan, Control Groups: Pagecache accounting and control
|
|
subsystem (v3), http://lwn.net/Articles/235534/
|
|
8. Singh, Balbir. RSS controller v2 test results (lmbench),
|
|
http://lkml.org/lkml/2007/5/17/232
|
|
9. Singh, Balbir. RSS controller v2 AIM9 results
|
|
http://lkml.org/lkml/2007/5/18/1
|
|
10. Singh, Balbir. Memory controller v6 test results,
|
|
http://lkml.org/lkml/2007/8/19/36
|
|
11. Singh, Balbir. Memory controller introduction (v6),
|
|
http://lkml.org/lkml/2007/8/17/69
|
|
12. Corbet, Jonathan, Controlling memory use in cgroups,
|
|
http://lwn.net/Articles/243795/
|