528 lines
20 KiB
Plaintext
528 lines
20 KiB
Plaintext
Memory Resource Controller
|
|
|
|
NOTE: The Memory Resource Controller has been generically been referred
|
|
to as the memory controller in this document. Do not confuse memory controller
|
|
used here with the memory controller that is used in hardware.
|
|
|
|
Salient features
|
|
|
|
a. Enable control of Anonymous, Page Cache (mapped and unmapped) and
|
|
Swap Cache memory pages.
|
|
b. The infrastructure allows easy addition of other types of memory to control
|
|
c. Provides *zero overhead* for non memory controller users
|
|
d. Provides a double LRU: global memory pressure causes reclaim from the
|
|
global LRU; a cgroup on hitting a limit, reclaims from the per
|
|
cgroup LRU
|
|
|
|
Benefits and Purpose of the memory controller
|
|
|
|
The memory controller isolates the memory behaviour of a group of tasks
|
|
from the rest of the system. The article on LWN [12] mentions some probable
|
|
uses of the memory controller. The memory controller can be used to
|
|
|
|
a. Isolate an application or a group of applications
|
|
Memory hungry applications can be isolated and limited to a smaller
|
|
amount of memory.
|
|
b. Create a cgroup with limited amount of memory, this can be used
|
|
as a good alternative to booting with mem=XXXX.
|
|
c. Virtualization solutions can control the amount of memory they want
|
|
to assign to a virtual machine instance.
|
|
d. A CD/DVD burner could control the amount of memory used by the
|
|
rest of the system to ensure that burning does not fail due to lack
|
|
of available memory.
|
|
e. There are several other use cases, find one or use the controller just
|
|
for fun (to learn and hack on the VM subsystem).
|
|
|
|
1. History
|
|
|
|
The memory controller has a long history. A request for comments for the memory
|
|
controller was posted by Balbir Singh [1]. At the time the RFC was posted
|
|
there were several implementations for memory control. The goal of the
|
|
RFC was to build consensus and agreement for the minimal features required
|
|
for memory control. The first RSS controller was posted by Balbir Singh[2]
|
|
in Feb 2007. Pavel Emelianov [3][4][5] has since posted three versions of the
|
|
RSS controller. At OLS, at the resource management BoF, everyone suggested
|
|
that we handle both page cache and RSS together. Another request was raised
|
|
to allow user space handling of OOM. The current memory controller is
|
|
at version 6; it combines both mapped (RSS) and unmapped Page
|
|
Cache Control [11].
|
|
|
|
2. Memory Control
|
|
|
|
Memory is a unique resource in the sense that it is present in a limited
|
|
amount. If a task requires a lot of CPU processing, the task can spread
|
|
its processing over a period of hours, days, months or years, but with
|
|
memory, the same physical memory needs to be reused to accomplish the task.
|
|
|
|
The memory controller implementation has been divided into phases. These
|
|
are:
|
|
|
|
1. Memory controller
|
|
2. mlock(2) controller
|
|
3. Kernel user memory accounting and slab control
|
|
4. user mappings length controller
|
|
|
|
The memory controller is the first controller developed.
|
|
|
|
2.1. Design
|
|
|
|
The core of the design is a counter called the res_counter. The res_counter
|
|
tracks the current memory usage and limit of the group of processes associated
|
|
with the controller. Each cgroup has a memory controller specific data
|
|
structure (mem_cgroup) associated with it.
|
|
|
|
2.2. Accounting
|
|
|
|
+--------------------+
|
|
| mem_cgroup |
|
|
| (res_counter) |
|
|
+--------------------+
|
|
/ ^ \
|
|
/ | \
|
|
+---------------+ | +---------------+
|
|
| mm_struct | |.... | mm_struct |
|
|
| | | | |
|
|
+---------------+ | +---------------+
|
|
|
|
|
+ --------------+
|
|
|
|
|
+---------------+ +------+--------+
|
|
| page +----------> page_cgroup|
|
|
| | | |
|
|
+---------------+ +---------------+
|
|
|
|
(Figure 1: Hierarchy of Accounting)
|
|
|
|
|
|
Figure 1 shows the important aspects of the controller
|
|
|
|
1. Accounting happens per cgroup
|
|
2. Each mm_struct knows about which cgroup it belongs to
|
|
3. Each page has a pointer to the page_cgroup, which in turn knows the
|
|
cgroup it belongs to
|
|
|
|
The accounting is done as follows: mem_cgroup_charge() is invoked to setup
|
|
the necessary data structures and check if the cgroup that is being charged
|
|
is over its limit. If it is then reclaim is invoked on the cgroup.
|
|
More details can be found in the reclaim section of this document.
|
|
If everything goes well, a page meta-data-structure called page_cgroup is
|
|
allocated and associated with the page. This routine also adds the page to
|
|
the per cgroup LRU.
|
|
|
|
2.2.1 Accounting details
|
|
|
|
All mapped anon pages (RSS) and cache pages (Page Cache) are accounted.
|
|
(some pages which never be reclaimable and will not be on global LRU
|
|
are not accounted. we just accounts pages under usual vm management.)
|
|
|
|
RSS pages are accounted at page_fault unless they've already been accounted
|
|
for earlier. A file page will be accounted for as Page Cache when it's
|
|
inserted into inode (radix-tree). While it's mapped into the page tables of
|
|
processes, duplicate accounting is carefully avoided.
|
|
|
|
A RSS page is unaccounted when it's fully unmapped. A PageCache page is
|
|
unaccounted when it's removed from radix-tree.
|
|
|
|
At page migration, accounting information is kept.
|
|
|
|
Note: we just account pages-on-lru because our purpose is to control amount
|
|
of used pages. not-on-lru pages are tend to be out-of-control from vm view.
|
|
|
|
2.3 Shared Page Accounting
|
|
|
|
Shared pages are accounted on the basis of the first touch approach. The
|
|
cgroup that first touches a page is accounted for the page. The principle
|
|
behind this approach is that a cgroup that aggressively uses a shared
|
|
page will eventually get charged for it (once it is uncharged from
|
|
the cgroup that brought it in -- this will happen on memory pressure).
|
|
|
|
Exception: If CONFIG_CGROUP_CGROUP_MEM_RES_CTLR_SWAP is not used..
|
|
When you do swapoff and make swapped-out pages of shmem(tmpfs) to
|
|
be backed into memory in force, charges for pages are accounted against the
|
|
caller of swapoff rather than the users of shmem.
|
|
|
|
|
|
2.4 Swap Extension (CONFIG_CGROUP_MEM_RES_CTLR_SWAP)
|
|
Swap Extension allows you to record charge for swap. A swapped-in page is
|
|
charged back to original page allocator if possible.
|
|
|
|
When swap is accounted, following files are added.
|
|
- memory.memsw.usage_in_bytes.
|
|
- memory.memsw.limit_in_bytes.
|
|
|
|
usage of mem+swap is limited by memsw.limit_in_bytes.
|
|
|
|
* why 'mem+swap' rather than swap.
|
|
The global LRU(kswapd) can swap out arbitrary pages. Swap-out means
|
|
to move account from memory to swap...there is no change in usage of
|
|
mem+swap. In other words, when we want to limit the usage of swap without
|
|
affecting global LRU, mem+swap limit is better than just limiting swap from
|
|
OS point of view.
|
|
|
|
* What happens when a cgroup hits memory.memsw.limit_in_bytes
|
|
When a cgroup his memory.memsw.limit_in_bytes, it's useless to do swap-out
|
|
in this cgroup. Then, swap-out will not be done by cgroup routine and file
|
|
caches are dropped. But as mentioned above, global LRU can do swapout memory
|
|
from it for sanity of the system's memory management state. You can't forbid
|
|
it by cgroup.
|
|
|
|
2.5 Reclaim
|
|
|
|
Each cgroup maintains a per cgroup LRU that consists of an active
|
|
and inactive list. When a cgroup goes over its limit, we first try
|
|
to reclaim memory from the cgroup so as to make space for the new
|
|
pages that the cgroup has touched. If the reclaim is unsuccessful,
|
|
an OOM routine is invoked to select and kill the bulkiest task in the
|
|
cgroup.
|
|
|
|
The reclaim algorithm has not been modified for cgroups, except that
|
|
pages that are selected for reclaiming come from the per cgroup LRU
|
|
list.
|
|
|
|
NOTE: Reclaim does not work for the root cgroup, since we cannot set any
|
|
limits on the root cgroup.
|
|
|
|
Note2: When panic_on_oom is set to "2", the whole system will panic.
|
|
|
|
2. Locking
|
|
|
|
The memory controller uses the following hierarchy
|
|
|
|
1. zone->lru_lock is used for selecting pages to be isolated
|
|
2. mem->per_zone->lru_lock protects the per cgroup LRU (per zone)
|
|
3. lock_page_cgroup() is used to protect page->page_cgroup
|
|
|
|
3. User Interface
|
|
|
|
0. Configuration
|
|
|
|
a. Enable CONFIG_CGROUPS
|
|
b. Enable CONFIG_RESOURCE_COUNTERS
|
|
c. Enable CONFIG_CGROUP_MEM_RES_CTLR
|
|
|
|
1. Prepare the cgroups
|
|
# mkdir -p /cgroups
|
|
# mount -t cgroup none /cgroups -o memory
|
|
|
|
2. Make the new group and move bash into it
|
|
# mkdir /cgroups/0
|
|
# echo $$ > /cgroups/0/tasks
|
|
|
|
Since now we're in the 0 cgroup,
|
|
We can alter the memory limit:
|
|
# echo 4M > /cgroups/0/memory.limit_in_bytes
|
|
|
|
NOTE: We can use a suffix (k, K, m, M, g or G) to indicate values in kilo,
|
|
mega or gigabytes.
|
|
NOTE: We can write "-1" to reset the *.limit_in_bytes(unlimited).
|
|
NOTE: We cannot set limits on the root cgroup any more.
|
|
|
|
# cat /cgroups/0/memory.limit_in_bytes
|
|
4194304
|
|
|
|
NOTE: The interface has now changed to display the usage in bytes
|
|
instead of pages
|
|
|
|
We can check the usage:
|
|
# cat /cgroups/0/memory.usage_in_bytes
|
|
1216512
|
|
|
|
A successful write to this file does not guarantee a successful set of
|
|
this limit to the value written into the file. This can be due to a
|
|
number of factors, such as rounding up to page boundaries or the total
|
|
availability of memory on the system. The user is required to re-read
|
|
this file after a write to guarantee the value committed by the kernel.
|
|
|
|
# echo 1 > memory.limit_in_bytes
|
|
# cat memory.limit_in_bytes
|
|
4096
|
|
|
|
The memory.failcnt field gives the number of times that the cgroup limit was
|
|
exceeded.
|
|
|
|
The memory.stat file gives accounting information. Now, the number of
|
|
caches, RSS and Active pages/Inactive pages are shown.
|
|
|
|
4. Testing
|
|
|
|
Balbir posted lmbench, AIM9, LTP and vmmstress results [10] and [11].
|
|
Apart from that v6 has been tested with several applications and regular
|
|
daily use. The controller has also been tested on the PPC64, x86_64 and
|
|
UML platforms.
|
|
|
|
4.1 Troubleshooting
|
|
|
|
Sometimes a user might find that the application under a cgroup is
|
|
terminated. There are several causes for this:
|
|
|
|
1. The cgroup limit is too low (just too low to do anything useful)
|
|
2. The user is using anonymous memory and swap is turned off or too low
|
|
|
|
A sync followed by echo 1 > /proc/sys/vm/drop_caches will help get rid of
|
|
some of the pages cached in the cgroup (page cache pages).
|
|
|
|
4.2 Task migration
|
|
|
|
When a task migrates from one cgroup to another, its charge is not
|
|
carried forward by default. The pages allocated from the original cgroup still
|
|
remain charged to it, the charge is dropped when the page is freed or
|
|
reclaimed.
|
|
|
|
Note: You can move charges of a task along with task migration. See 8.
|
|
|
|
4.3 Removing a cgroup
|
|
|
|
A cgroup can be removed by rmdir, but as discussed in sections 4.1 and 4.2, a
|
|
cgroup might have some charge associated with it, even though all
|
|
tasks have migrated away from it.
|
|
Such charges are freed(at default) or moved to its parent. When moved,
|
|
both of RSS and CACHES are moved to parent.
|
|
If both of them are busy, rmdir() returns -EBUSY. See 5.1 Also.
|
|
|
|
Charges recorded in swap information is not updated at removal of cgroup.
|
|
Recorded information is discarded and a cgroup which uses swap (swapcache)
|
|
will be charged as a new owner of it.
|
|
|
|
|
|
5. Misc. interfaces.
|
|
|
|
5.1 force_empty
|
|
memory.force_empty interface is provided to make cgroup's memory usage empty.
|
|
You can use this interface only when the cgroup has no tasks.
|
|
When writing anything to this
|
|
|
|
# echo 0 > memory.force_empty
|
|
|
|
Almost all pages tracked by this memcg will be unmapped and freed. Some of
|
|
pages cannot be freed because it's locked or in-use. Such pages are moved
|
|
to parent and this cgroup will be empty. But this may return -EBUSY in
|
|
some too busy case.
|
|
|
|
Typical use case of this interface is that calling this before rmdir().
|
|
Because rmdir() moves all pages to parent, some out-of-use page caches can be
|
|
moved to the parent. If you want to avoid that, force_empty will be useful.
|
|
|
|
5.2 stat file
|
|
|
|
memory.stat file includes following statistics
|
|
|
|
cache - # of bytes of page cache memory.
|
|
rss - # of bytes of anonymous and swap cache memory.
|
|
pgpgin - # of pages paged in (equivalent to # of charging events).
|
|
pgpgout - # of pages paged out (equivalent to # of uncharging events).
|
|
active_anon - # of bytes of anonymous and swap cache memory on active
|
|
lru list.
|
|
inactive_anon - # of bytes of anonymous memory and swap cache memory on
|
|
inactive lru list.
|
|
active_file - # of bytes of file-backed memory on active lru list.
|
|
inactive_file - # of bytes of file-backed memory on inactive lru list.
|
|
unevictable - # of bytes of memory that cannot be reclaimed (mlocked etc).
|
|
|
|
The following additional stats are dependent on CONFIG_DEBUG_VM.
|
|
|
|
inactive_ratio - VM internal parameter. (see mm/page_alloc.c)
|
|
recent_rotated_anon - VM internal parameter. (see mm/vmscan.c)
|
|
recent_rotated_file - VM internal parameter. (see mm/vmscan.c)
|
|
recent_scanned_anon - VM internal parameter. (see mm/vmscan.c)
|
|
recent_scanned_file - VM internal parameter. (see mm/vmscan.c)
|
|
|
|
Memo:
|
|
recent_rotated means recent frequency of lru rotation.
|
|
recent_scanned means recent # of scans to lru.
|
|
showing for better debug please see the code for meanings.
|
|
|
|
Note:
|
|
Only anonymous and swap cache memory is listed as part of 'rss' stat.
|
|
This should not be confused with the true 'resident set size' or the
|
|
amount of physical memory used by the cgroup. Per-cgroup rss
|
|
accounting is not done yet.
|
|
|
|
5.3 swappiness
|
|
Similar to /proc/sys/vm/swappiness, but affecting a hierarchy of groups only.
|
|
|
|
Following cgroups' swappiness can't be changed.
|
|
- root cgroup (uses /proc/sys/vm/swappiness).
|
|
- a cgroup which uses hierarchy and it has child cgroup.
|
|
- a cgroup which uses hierarchy and not the root of hierarchy.
|
|
|
|
|
|
6. Hierarchy support
|
|
|
|
The memory controller supports a deep hierarchy and hierarchical accounting.
|
|
The hierarchy is created by creating the appropriate cgroups in the
|
|
cgroup filesystem. Consider for example, the following cgroup filesystem
|
|
hierarchy
|
|
|
|
root
|
|
/ | \
|
|
/ | \
|
|
a b c
|
|
| \
|
|
| \
|
|
d e
|
|
|
|
In the diagram above, with hierarchical accounting enabled, all memory
|
|
usage of e, is accounted to its ancestors up until the root (i.e, c and root),
|
|
that has memory.use_hierarchy enabled. If one of the ancestors goes over its
|
|
limit, the reclaim algorithm reclaims from the tasks in the ancestor and the
|
|
children of the ancestor.
|
|
|
|
6.1 Enabling hierarchical accounting and reclaim
|
|
|
|
The memory controller by default disables the hierarchy feature. Support
|
|
can be enabled by writing 1 to memory.use_hierarchy file of the root cgroup
|
|
|
|
# echo 1 > memory.use_hierarchy
|
|
|
|
The feature can be disabled by
|
|
|
|
# echo 0 > memory.use_hierarchy
|
|
|
|
NOTE1: Enabling/disabling will fail if the cgroup already has other
|
|
cgroups created below it.
|
|
|
|
NOTE2: When panic_on_oom is set to "2", the whole system will panic in
|
|
case of an oom event in any cgroup.
|
|
|
|
7. Soft limits
|
|
|
|
Soft limits allow for greater sharing of memory. The idea behind soft limits
|
|
is to allow control groups to use as much of the memory as needed, provided
|
|
|
|
a. There is no memory contention
|
|
b. They do not exceed their hard limit
|
|
|
|
When the system detects memory contention or low memory control groups
|
|
are pushed back to their soft limits. If the soft limit of each control
|
|
group is very high, they are pushed back as much as possible to make
|
|
sure that one control group does not starve the others of memory.
|
|
|
|
Please note that soft limits is a best effort feature, it comes with
|
|
no guarantees, but it does its best to make sure that when memory is
|
|
heavily contended for, memory is allocated based on the soft limit
|
|
hints/setup. Currently soft limit based reclaim is setup such that
|
|
it gets invoked from balance_pgdat (kswapd).
|
|
|
|
7.1 Interface
|
|
|
|
Soft limits can be setup by using the following commands (in this example we
|
|
assume a soft limit of 256 megabytes)
|
|
|
|
# echo 256M > memory.soft_limit_in_bytes
|
|
|
|
If we want to change this to 1G, we can at any time use
|
|
|
|
# echo 1G > memory.soft_limit_in_bytes
|
|
|
|
NOTE1: Soft limits take effect over a long period of time, since they involve
|
|
reclaiming memory for balancing between memory cgroups
|
|
NOTE2: It is recommended to set the soft limit always below the hard limit,
|
|
otherwise the hard limit will take precedence.
|
|
|
|
8. Move charges at task migration
|
|
|
|
Users can move charges associated with a task along with task migration, that
|
|
is, uncharge task's pages from the old cgroup and charge them to the new cgroup.
|
|
This feature is not supported in !CONFIG_MMU environments because of lack of
|
|
page tables.
|
|
|
|
8.1 Interface
|
|
|
|
This feature is disabled by default. It can be enabled(and disabled again) by
|
|
writing to memory.move_charge_at_immigrate of the destination cgroup.
|
|
|
|
If you want to enable it:
|
|
|
|
# echo (some positive value) > memory.move_charge_at_immigrate
|
|
|
|
Note: Each bits of move_charge_at_immigrate has its own meaning about what type
|
|
of charges should be moved. See 8.2 for details.
|
|
Note: Charges are moved only when you move mm->owner, IOW, a leader of a thread
|
|
group.
|
|
Note: If we cannot find enough space for the task in the destination cgroup, we
|
|
try to make space by reclaiming memory. Task migration may fail if we
|
|
cannot make enough space.
|
|
Note: It can take several seconds if you move charges in giga bytes order.
|
|
|
|
And if you want disable it again:
|
|
|
|
# echo 0 > memory.move_charge_at_immigrate
|
|
|
|
8.2 Type of charges which can be move
|
|
|
|
Each bits of move_charge_at_immigrate has its own meaning about what type of
|
|
charges should be moved.
|
|
|
|
bit | what type of charges would be moved ?
|
|
-----+------------------------------------------------------------------------
|
|
0 | A charge of an anonymous page(or swap of it) used by the target task.
|
|
| Those pages and swaps must be used only by the target task. You must
|
|
| enable Swap Extension(see 2.4) to enable move of swap charges.
|
|
|
|
Note: Those pages and swaps must be charged to the old cgroup.
|
|
Note: More type of pages(e.g. file cache, shmem,) will be supported by other
|
|
bits in future.
|
|
|
|
8.3 TODO
|
|
|
|
- Add support for other types of pages(e.g. file cache, shmem, etc.).
|
|
- Implement madvise(2) to let users decide the vma to be moved or not to be
|
|
moved.
|
|
- All of moving charge operations are done under cgroup_mutex. It's not good
|
|
behavior to hold the mutex too long, so we may need some trick.
|
|
|
|
9. Memory thresholds
|
|
|
|
Memory controler implements memory thresholds using cgroups notification
|
|
API (see cgroups.txt). It allows to register multiple memory and memsw
|
|
thresholds and gets notifications when it crosses.
|
|
|
|
To register a threshold application need:
|
|
- create an eventfd using eventfd(2);
|
|
- open memory.usage_in_bytes or memory.memsw.usage_in_bytes;
|
|
- write string like "<event_fd> <memory.usage_in_bytes> <threshold>" to
|
|
cgroup.event_control.
|
|
|
|
Application will be notified through eventfd when memory usage crosses
|
|
threshold in any direction.
|
|
|
|
It's applicable for root and non-root cgroup.
|
|
|
|
10. TODO
|
|
|
|
1. Add support for accounting huge pages (as a separate controller)
|
|
2. Make per-cgroup scanner reclaim not-shared pages first
|
|
3. Teach controller to account for shared-pages
|
|
4. Start reclamation in the background when the limit is
|
|
not yet hit but the usage is getting closer
|
|
|
|
Summary
|
|
|
|
Overall, the memory controller has been a stable controller and has been
|
|
commented and discussed quite extensively in the community.
|
|
|
|
References
|
|
|
|
1. Singh, Balbir. RFC: Memory Controller, http://lwn.net/Articles/206697/
|
|
2. Singh, Balbir. Memory Controller (RSS Control),
|
|
http://lwn.net/Articles/222762/
|
|
3. Emelianov, Pavel. Resource controllers based on process cgroups
|
|
http://lkml.org/lkml/2007/3/6/198
|
|
4. Emelianov, Pavel. RSS controller based on process cgroups (v2)
|
|
http://lkml.org/lkml/2007/4/9/78
|
|
5. Emelianov, Pavel. RSS controller based on process cgroups (v3)
|
|
http://lkml.org/lkml/2007/5/30/244
|
|
6. Menage, Paul. Control Groups v10, http://lwn.net/Articles/236032/
|
|
7. Vaidyanathan, Srinivasan, Control Groups: Pagecache accounting and control
|
|
subsystem (v3), http://lwn.net/Articles/235534/
|
|
8. Singh, Balbir. RSS controller v2 test results (lmbench),
|
|
http://lkml.org/lkml/2007/5/17/232
|
|
9. Singh, Balbir. RSS controller v2 AIM9 results
|
|
http://lkml.org/lkml/2007/5/18/1
|
|
10. Singh, Balbir. Memory controller v6 test results,
|
|
http://lkml.org/lkml/2007/8/19/36
|
|
11. Singh, Balbir. Memory controller introduction (v6),
|
|
http://lkml.org/lkml/2007/8/17/69
|
|
12. Corbet, Jonathan, Controlling memory use in cgroups,
|
|
http://lwn.net/Articles/243795/
|