[Devel] [PATCH RH7 0/9] memcg: release id when offlinging cgroup

Pavel Tikhomirov ptikhomirov at virtuozzo.com
Wed Jul 5 09:39:43 MSK 2023 

We see that container user can deplete memory cgroup ids on the system
(64k) and prevent further memory cgroup creation. In crash collected by
our customer in such a situation we see that mem_cgroup_idr is full of
cgroups from one container with same exact path (cgroup of docker
service), cgroups are not released because they have kmem charges, this
kmem charge is for a tmpfs dentry allocated from this cgroup. (And on
vz7 kernel it seems that such a dentry is only released after umounting
tmpfs or removing the corresponding file from tmpfs.)

So there is a valid way to hold kmem cgroup for a long time. Similar
thing was mentioned in mainstream with page cache holding kmem cgroup
for a long time. And they proposed a way to deal with it - just release
cgroup id early so that one can allocate new cgroups immediately.

Reproduce:
https://git.vzint.dev/users/ptikhomirov/repos/helpers/browse/memcg-related/test-mycg-tmpfs.sh

After this fix the number of memory cgroups in /proc/cgroups can now
show > 64k as we allow to leave memory cgroups hanging while releasing
their ids.

Note: Maybe it's a bad idea to allow container to eat kernel
memory with such a hanging cgroups, but yet I don't have better ideas.

https://jira.vzint.dev/browse/PSBM-147473
https://jira.vzint.dev/browse/PSBM-147036
Signed-off-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>

Arnd Bergmann (1):
  mm: memcontrol: avoid unused function warning

Hugh Dickins (1):
  mm/memcg: fix refcount error while moving and swapping

Johannes Weiner (2):
  mm: memcontrol: uncharge pages on swapout
  mm: memcontrol: fix cgroup creation failure after many small jobs

Kirill Tkhai (1):
  memcg: remove memcg_cgroup::id from IDR on mem_cgroup_css_alloc()
    failure

Qian Cai (1):
  mm/memcontrol.c: fix a -Wunused-function warning

Vladimir Davydov (3):
  mm: memcontrol: fix swap counter leak on swapout from offline cgroup
  mm: memcontrol: fix memcg id ref counter on swap charge move
  mm: memcontrol: add sanity checks for memcg->id.ref on get/put

 mm/memcontrol.c | 134 ++++++++++++++++++++++++++++++++++++++----------
 1 file changed, 106 insertions(+), 28 deletions(-)

-- 
2.40.1

More information about the Devel mailing list