We see that container user can deplete memory cgroup ids on the system (64k) and prevent further memory cgroup creation. In crash collected by our customer in such a situation we see that mem_cgroup_idr is full of cgroups from one container with same exact path (cgroup of docker service), cgroups are not released because they have kmem charges, this kmem charge is for a tmpfs dentry allocated from this cgroup. (And on vz7 kernel it seems that such a dentry is only released after umounting tmpfs or removing the corresponding file from tmpfs.)
So there is a valid way to hold kmem cgroup for a long time. Similar thing was mentioned in mainstream with page cache holding kmem cgroup for a long time. And they proposed a way to deal with it - just release cgroup id early so that one can allocate new cgroups immediately. Reproduce: https://git.vzint.dev/users/ptikhomirov/repos/helpers/browse/memcg-related/test-mycg-tmpfs.sh After this fix the number of memory cgroups in /proc/cgroups can now show > 64k as we allow to leave memory cgroups hanging while releasing their ids. Note: Maybe it's a bad idea to allow container to eat kernel memory with such a hanging cgroups, but yet I don't have better ideas. https://jira.vzint.dev/browse/PSBM-147473 https://jira.vzint.dev/browse/PSBM-147036 Signed-off-by: Pavel Tikhomirov <ptikhomi...@virtuozzo.com> Arnd Bergmann (1): mm: memcontrol: avoid unused function warning Hugh Dickins (1): mm/memcg: fix refcount error while moving and swapping Johannes Weiner (2): mm: memcontrol: uncharge pages on swapout mm: memcontrol: fix cgroup creation failure after many small jobs Kirill Tkhai (1): memcg: remove memcg_cgroup::id from IDR on mem_cgroup_css_alloc() failure Qian Cai (1): mm/memcontrol.c: fix a -Wunused-function warning Vladimir Davydov (3): mm: memcontrol: fix swap counter leak on swapout from offline cgroup mm: memcontrol: fix memcg id ref counter on swap charge move mm: memcontrol: add sanity checks for memcg->id.ref on get/put mm/memcontrol.c | 134 ++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 106 insertions(+), 28 deletions(-) -- 2.40.1 _______________________________________________ Devel mailing list Devel@openvz.org https://lists.openvz.org/mailman/listinfo/devel
