| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 28 Mar 2011 17:37:02 -0700 From: Ying Han <yinghan@...gle.com> To: KAMEZAWA Hiroyuki <kamezawa.hiroyu@...fujitsu.com> Cc: Michal Hocko <mhocko@...e.cz>, linux-mm@...ck.org, linux-kernel@...r.kernel.org, Hugh Dickins <hughd@...gle.com>, Suleiman Souhlal <suleiman@...gle.com> Subject: Re: [RFC 0/3] Implementation of cgroup isolation On Mon, Mar 28, 2011 at 5:12 PM, KAMEZAWA Hiroyuki <kamezawa.hiroyu@...fujitsu.com> wrote: > On Mon, 28 Mar 2011 11:01:18 -0700 > Ying Han <yinghan@...gle.com> wrote: > >> On Mon, Mar 28, 2011 at 2:39 AM, Michal Hocko <mhocko@...e.cz> wrote: >> > Hi all, >> > >> > Memory cgroups can be currently used to throttle memory usage of a group of >> > processes. It, however, cannot be used for an isolation of processes from >> > the rest of the system because all the pages that belong to the group are >> > also placed on the global LRU lists and so they are eligible for the global >> > memory reclaim. >> > >> > This patchset aims at providing an opt-in memory cgroup isolation. This >> > means that a cgroup can be configured to be isolated from the rest of the >> > system by means of cgroup virtual filesystem (/dev/memctl/group/memory.isolated). >> >> Thank you Hugh pointing me to the thread. We are working on similar >> problem in memcg currently >> >> Here is the problem we see: >> 1. In memcg, a page is both on per-memcg-per-zone lru and global-lru. >> 2. Global memory reclaim will throw page away regardless of cgroup. >> 3. The zone->lru_lock is shared between per-memcg-per-zone lru and global-lru. >> >> And we know: >> 1. We shouldn't do global reclaim since it breaks memory isolation. >> 2. There is no need for a page to be on both LRU list, especially >> after having per-memcg background reclaim. >> >> So our approach is to take off page from global lru after it is >> charged to a memcg. Only pages allocated at root cgroup remains in >> global LRU, and each memcg reclaims pages on its isolated LRU. >> > > Why you don't use cpuset and virtual nodes ? It's what you want. We've been running cpuset + fakenuma nodes configuration in google to provide memory isolation. The configuration of having the virtual box is complex which user needs to know great details of the which node to assign to which cgroup. That is one of the motivations for us moving towards to memory controller which simply do memory accounting no matter where pages are allocated. By saying that, memcg simplified the memory accounting per-cgroup but the memory isolation is broken. This is one of examples where pages are shared between global LRU and per-memcg LRU. It is easy to get cgroup-A's page evicted by adding memory pressure to cgroup-B. The approach we are thinking to make the page->lru exclusive solve the problem. and also we should be able to break the zone->lru_lock sharing. --Ying > > Thanks, > -Kame > > -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists