| Memory Resource Controller |
| |
| NOTE: The Memory Resource Controller has been generically been referred |
| to as the memory controller in this document. Do not confuse memory controller |
| used here with the memory controller that is used in hardware. |
| |
| Salient features |
| |
| a. Enable control of Anonymous, Page Cache (mapped and unmapped) and |
| Swap Cache memory pages. |
| b. The infrastructure allows easy addition of other types of memory to control |
| c. Provides *zero overhead* for non memory controller users |
| d. Provides a double LRU: global memory pressure causes reclaim from the |
| global LRU; a cgroup on hitting a limit, reclaims from the per |
| cgroup LRU |
| |
| Benefits and Purpose of the memory controller |
| |
| The memory controller isolates the memory behaviour of a group of tasks |
| from the rest of the system. The article on LWN [12] mentions some probable |
| uses of the memory controller. The memory controller can be used to |
| |
| a. Isolate an application or a group of applications |
| Memory hungry applications can be isolated and limited to a smaller |
| amount of memory. |
| b. Create a cgroup with limited amount of memory, this can be used |
| as a good alternative to booting with mem=XXXX. |
| c. Virtualization solutions can control the amount of memory they want |
| to assign to a virtual machine instance. |
| d. A CD/DVD burner could control the amount of memory used by the |
| rest of the system to ensure that burning does not fail due to lack |
| of available memory. |
| e. There are several other use cases, find one or use the controller just |
| for fun (to learn and hack on the VM subsystem). |
| |
| 1. History |
| |
| The memory controller has a long history. A request for comments for the memory |
| controller was posted by Balbir Singh [1]. At the time the RFC was posted |
| there were several implementations for memory control. The goal of the |
| RFC was to build consensus and agreement for the minimal features required |
| for memory control. The first RSS controller was posted by Balbir Singh[2] |
| in Feb 2007. Pavel Emelianov [3][4][5] has since posted three versions of the |
| RSS controller. At OLS, at the resource management BoF, everyone suggested |
| that we handle both page cache and RSS together. Another request was raised |
| to allow user space handling of OOM. The current memory controller is |
| at version 6; it combines both mapped (RSS) and unmapped Page |
| Cache Control [11]. |
| |
| 2. Memory Control |
| |
| Memory is a unique resource in the sense that it is present in a limited |
| amount. If a task requires a lot of CPU processing, the task can spread |
| its processing over a period of hours, days, months or years, but with |
| memory, the same physical memory needs to be reused to accomplish the task. |
| |
| The memory controller implementation has been divided into phases. These |
| are: |
| |
| 1. Memory controller |
| 2. mlock(2) controller |
| 3. Kernel user memory accounting and slab control |
| 4. user mappings length controller |
| |
| The memory controller is the first controller developed. |
| |
| 2.1. Design |
| |
| The core of the design is a counter called the res_counter. The res_counter |
| tracks the current memory usage and limit of the group of processes associated |
| with the controller. Each cgroup has a memory controller specific data |
| structure (mem_cgroup) associated with it. |
| |
| 2.2. Accounting |
| |
| +--------------------+ |
| | mem_cgroup | |
| | (res_counter) | |
| +--------------------+ |
| / ^ \ |
| / | \ |
| +---------------+ | +---------------+ |
| | mm_struct | |.... | mm_struct | |
| | | | | | |
| +---------------+ | +---------------+ |
| | |
| + --------------+ |
| | |
| +---------------+ +------+--------+ |
| | page +----------> page_cgroup| |
| | | | | |
| +---------------+ +---------------+ |
| |
| (Figure 1: Hierarchy of Accounting) |
| |
| |
| Figure 1 shows the important aspects of the controller |
| |
| 1. Accounting happens per cgroup |
| 2. Each mm_struct knows about which cgroup it belongs to |
| 3. Each page has a pointer to the page_cgroup, which in turn knows the |
| cgroup it belongs to |
| |
| The accounting is done as follows: mem_cgroup_charge() is invoked to setup |
| the necessary data structures and check if the cgroup that is being charged |
| is over its limit. If it is then reclaim is invoked on the cgroup. |
| More details can be found in the reclaim section of this document. |
| If everything goes well, a page meta-data-structure called page_cgroup is |
| allocated and associated with the page. This routine also adds the page to |
| the per cgroup LRU. |
| |
| 2.2.1 Accounting details |
| |
| All mapped anon pages (RSS) and cache pages (Page Cache) are accounted. |
| (some pages which never be reclaimable and will not be on global LRU |
| are not accounted. we just accounts pages under usual vm management.) |
| |
| RSS pages are accounted at page_fault unless they've already been accounted |
| for earlier. A file page will be accounted for as Page Cache when it's |
| inserted into inode (radix-tree). While it's mapped into the page tables of |
| processes, duplicate accounting is carefully avoided. |
| |
| A RSS page is unaccounted when it's fully unmapped. A PageCache page is |
| unaccounted when it's removed from radix-tree. |
| |
| At page migration, accounting information is kept. |
| |
| Note: we just account pages-on-lru because our purpose is to control amount |
| of used pages. not-on-lru pages are tend to be out-of-control from vm view. |
| |
| 2.3 Shared Page Accounting |
| |
| Shared pages are accounted on the basis of the first touch approach. The |
| cgroup that first touches a page is accounted for the page. The principle |
| behind this approach is that a cgroup that aggressively uses a shared |
| page will eventually get charged for it (once it is uncharged from |
| the cgroup that brought it in -- this will happen on memory pressure). |
| |
| Exception: If CONFIG_CGROUP_CGROUP_MEM_RES_CTLR_SWAP is not used.. |
| When you do swapoff and make swapped-out pages of shmem(tmpfs) to |
| be backed into memory in force, charges for pages are accounted against the |
| caller of swapoff rather than the users of shmem. |
| |
| |
| 2.4 Swap Extension (CONFIG_CGROUP_MEM_RES_CTLR_SWAP) |
| Swap Extension allows you to record charge for swap. A swapped-in page is |
| charged back to original page allocator if possible. |
| |
| When swap is accounted, following files are added. |
| - memory.memsw.usage_in_bytes. |
| - memory.memsw.limit_in_bytes. |
| |
| usage of mem+swap is limited by memsw.limit_in_bytes. |
| |
| * why 'mem+swap' rather than swap. |
| The global LRU(kswapd) can swap out arbitrary pages. Swap-out means |
| to move account from memory to swap...there is no change in usage of |
| mem+swap. In other words, when we want to limit the usage of swap without |
| affecting global LRU, mem+swap limit is better than just limiting swap from |
| OS point of view. |
| |
| * What happens when a cgroup hits memory.memsw.limit_in_bytes |
| When a cgroup his memory.memsw.limit_in_bytes, it's useless to do swap-out |
| in this cgroup. Then, swap-out will not be done by cgroup routine and file |
| caches are dropped. But as mentioned above, global LRU can do swapout memory |
| from it for sanity of the system's memory management state. You can't forbid |
| it by cgroup. |
| |
| 2.5 Reclaim |
| |
| Each cgroup maintains a per cgroup LRU that consists of an active |
| and inactive list. When a cgroup goes over its limit, we first try |
| to reclaim memory from the cgroup so as to make space for the new |
| pages that the cgroup has touched. If the reclaim is unsuccessful, |
| an OOM routine is invoked to select and kill the bulkiest task in the |
| cgroup. |
| |
| The reclaim algorithm has not been modified for cgroups, except that |
| pages that are selected for reclaiming come from the per cgroup LRU |
| list. |
| |
| NOTE: Reclaim does not work for the root cgroup, since we cannot set any |
| limits on the root cgroup. |
| |
| Note2: When panic_on_oom is set to "2", the whole system will panic. |
| |
| 2. Locking |
| |
| The memory controller uses the following hierarchy |
| |
| 1. zone->lru_lock is used for selecting pages to be isolated |
| 2. mem->per_zone->lru_lock protects the per cgroup LRU (per zone) |
| 3. lock_page_cgroup() is used to protect page->page_cgroup |
| |
| 3. User Interface |
| |
| 0. Configuration |
| |
| a. Enable CONFIG_CGROUPS |
| b. Enable CONFIG_RESOURCE_COUNTERS |
| c. Enable CONFIG_CGROUP_MEM_RES_CTLR |
| |
| 1. Prepare the cgroups |
| # mkdir -p /cgroups |
| # mount -t cgroup none /cgroups -o memory |
| |
| 2. Make the new group and move bash into it |
| # mkdir /cgroups/0 |
| # echo $$ > /cgroups/0/tasks |
| |
| Since now we're in the 0 cgroup, |
| We can alter the memory limit: |
| # echo 4M > /cgroups/0/memory.limit_in_bytes |
| |
| NOTE: We can use a suffix (k, K, m, M, g or G) to indicate values in kilo, |
| mega or gigabytes. |
| NOTE: We can write "-1" to reset the *.limit_in_bytes(unlimited). |
| NOTE: We cannot set limits on the root cgroup any more. |
| |
| # cat /cgroups/0/memory.limit_in_bytes |
| 4194304 |
| |
| NOTE: The interface has now changed to display the usage in bytes |
| instead of pages |
| |
| We can check the usage: |
| # cat /cgroups/0/memory.usage_in_bytes |
| 1216512 |
| |
| A successful write to this file does not guarantee a successful set of |
| this limit to the value written into the file. This can be due to a |
| number of factors, such as rounding up to page boundaries or the total |
| availability of memory on the system. The user is required to re-read |
| this file after a write to guarantee the value committed by the kernel. |
| |
| # echo 1 > memory.limit_in_bytes |
| # cat memory.limit_in_bytes |
| 4096 |
| |
| The memory.failcnt field gives the number of times that the cgroup limit was |
| exceeded. |
| |
| The memory.stat file gives accounting information. Now, the number of |
| caches, RSS and Active pages/Inactive pages are shown. |
| |
| 4. Testing |
| |
| Balbir posted lmbench, AIM9, LTP and vmmstress results [10] and [11]. |
| Apart from that v6 has been tested with several applications and regular |
| daily use. The controller has also been tested on the PPC64, x86_64 and |
| UML platforms. |
| |
| 4.1 Troubleshooting |
| |
| Sometimes a user might find that the application under a cgroup is |
| terminated. There are several causes for this: |
| |
| 1. The cgroup limit is too low (just too low to do anything useful) |
| 2. The user is using anonymous memory and swap is turned off or too low |
| |
| A sync followed by echo 1 > /proc/sys/vm/drop_caches will help get rid of |
| some of the pages cached in the cgroup (page cache pages). |
| |
| 4.2 Task migration |
| |
| When a task migrates from one cgroup to another, it's charge is not |
| carried forward by default. The pages allocated from the original cgroup still |
| remain charged to it, the charge is dropped when the page is freed or |
| reclaimed. |
| |
| Note: You can move charges of a task along with task migration. See 8. |
| |
| 4.3 Removing a cgroup |
| |
| A cgroup can be removed by rmdir, but as discussed in sections 4.1 and 4.2, a |
| cgroup might have some charge associated with it, even though all |
| tasks have migrated away from it. |
| Such charges are freed(at default) or moved to its parent. When moved, |
| both of RSS and CACHES are moved to parent. |
| If both of them are busy, rmdir() returns -EBUSY. See 5.1 Also. |
| |
| Charges recorded in swap information is not updated at removal of cgroup. |
| Recorded information is discarded and a cgroup which uses swap (swapcache) |
| will be charged as a new owner of it. |
| |
| |
| 5. Misc. interfaces. |
| |
| 5.1 force_empty |
| memory.force_empty interface is provided to make cgroup's memory usage empty. |
| You can use this interface only when the cgroup has no tasks. |
| When writing anything to this |
| |
| # echo 0 > memory.force_empty |
| |
| Almost all pages tracked by this memcg will be unmapped and freed. Some of |
| pages cannot be freed because it's locked or in-use. Such pages are moved |
| to parent and this cgroup will be empty. But this may return -EBUSY in |
| some too busy case. |
| |
| Typical use case of this interface is that calling this before rmdir(). |
| Because rmdir() moves all pages to parent, some out-of-use page caches can be |
| moved to the parent. If you want to avoid that, force_empty will be useful. |
| |
| 5.2 stat file |
| |
| memory.stat file includes following statistics |
| |
| cache - # of bytes of page cache memory. |
| rss - # of bytes of anonymous and swap cache memory. |
| pgpgin - # of pages paged in (equivalent to # of charging events). |
| pgpgout - # of pages paged out (equivalent to # of uncharging events). |
| active_anon - # of bytes of anonymous and swap cache memory on active |
| lru list. |
| inactive_anon - # of bytes of anonymous memory and swap cache memory on |
| inactive lru list. |
| active_file - # of bytes of file-backed memory on active lru list. |
| inactive_file - # of bytes of file-backed memory on inactive lru list. |
| unevictable - # of bytes of memory that cannot be reclaimed (mlocked etc). |
| |
| The following additional stats are dependent on CONFIG_DEBUG_VM. |
| |
| inactive_ratio - VM internal parameter. (see mm/page_alloc.c) |
| recent_rotated_anon - VM internal parameter. (see mm/vmscan.c) |
| recent_rotated_file - VM internal parameter. (see mm/vmscan.c) |
| recent_scanned_anon - VM internal parameter. (see mm/vmscan.c) |
| recent_scanned_file - VM internal parameter. (see mm/vmscan.c) |
| |
| Memo: |
| recent_rotated means recent frequency of lru rotation. |
| recent_scanned means recent # of scans to lru. |
| showing for better debug please see the code for meanings. |
| |
| Note: |
| Only anonymous and swap cache memory is listed as part of 'rss' stat. |
| This should not be confused with the true 'resident set size' or the |
| amount of physical memory used by the cgroup. Per-cgroup rss |
| accounting is not done yet. |
| |
| 5.3 swappiness |
| Similar to /proc/sys/vm/swappiness, but affecting a hierarchy of groups only. |
| |
| Following cgroups' swapiness can't be changed. |
| - root cgroup (uses /proc/sys/vm/swappiness). |
| - a cgroup which uses hierarchy and it has child cgroup. |
| - a cgroup which uses hierarchy and not the root of hierarchy. |
| |
| |
| 6. Hierarchy support |
| |
| The memory controller supports a deep hierarchy and hierarchical accounting. |
| The hierarchy is created by creating the appropriate cgroups in the |
| cgroup filesystem. Consider for example, the following cgroup filesystem |
| hierarchy |
| |
| root |
| / | \ |
| / | \ |
| a b c |
| | \ |
| | \ |
| d e |
| |
| In the diagram above, with hierarchical accounting enabled, all memory |
| usage of e, is accounted to its ancestors up until the root (i.e, c and root), |
| that has memory.use_hierarchy enabled. If one of the ancestors goes over its |
| limit, the reclaim algorithm reclaims from the tasks in the ancestor and the |
| children of the ancestor. |
| |
| 6.1 Enabling hierarchical accounting and reclaim |
| |
| The memory controller by default disables the hierarchy feature. Support |
| can be enabled by writing 1 to memory.use_hierarchy file of the root cgroup |
| |
| # echo 1 > memory.use_hierarchy |
| |
| The feature can be disabled by |
| |
| # echo 0 > memory.use_hierarchy |
| |
| NOTE1: Enabling/disabling will fail if the cgroup already has other |
| cgroups created below it. |
| |
| NOTE2: When panic_on_oom is set to "2", the whole system will panic in |
| case of an oom event in any cgroup. |
| |
| 7. Soft limits |
| |
| Soft limits allow for greater sharing of memory. The idea behind soft limits |
| is to allow control groups to use as much of the memory as needed, provided |
| |
| a. There is no memory contention |
| b. They do not exceed their hard limit |
| |
| When the system detects memory contention or low memory control groups |
| are pushed back to their soft limits. If the soft limit of each control |
| group is very high, they are pushed back as much as possible to make |
| sure that one control group does not starve the others of memory. |
| |
| Please note that soft limits is a best effort feature, it comes with |
| no guarantees, but it does its best to make sure that when memory is |
| heavily contended for, memory is allocated based on the soft limit |
| hints/setup. Currently soft limit based reclaim is setup such that |
| it gets invoked from balance_pgdat (kswapd). |
| |
| 7.1 Interface |
| |
| Soft limits can be setup by using the following commands (in this example we |
| assume a soft limit of 256 megabytes) |
| |
| # echo 256M > memory.soft_limit_in_bytes |
| |
| If we want to change this to 1G, we can at any time use |
| |
| # echo 1G > memory.soft_limit_in_bytes |
| |
| NOTE1: Soft limits take effect over a long period of time, since they involve |
| reclaiming memory for balancing between memory cgroups |
| NOTE2: It is recommended to set the soft limit always below the hard limit, |
| otherwise the hard limit will take precedence. |
| |
| 8. Move charges at task migration |
| |
| Users can move charges associated with a task along with task migration, that |
| is, uncharge task's pages from the old cgroup and charge them to the new cgroup. |
| This feature is not supported in !CONFIG_MMU environments because of lack of |
| page tables. |
| |
| 8.1 Interface |
| |
| This feature is disabled by default. It can be enabled(and disabled again) by |
| writing to memory.move_charge_at_immigrate of the destination cgroup. |
| |
| If you want to enable it: |
| |
| # echo (some positive value) > memory.move_charge_at_immigrate |
| |
| Note: Each bits of move_charge_at_immigrate has its own meaning about what type |
| of charges should be moved. See 8.2 for details. |
| Note: Charges are moved only when you move mm->owner, IOW, a leader of a thread |
| group. |
| Note: If we cannot find enough space for the task in the destination cgroup, we |
| try to make space by reclaiming memory. Task migration may fail if we |
| cannot make enough space. |
| Note: It can take several seconds if you move charges in giga bytes order. |
| |
| And if you want disable it again: |
| |
| # echo 0 > memory.move_charge_at_immigrate |
| |
| 8.2 Type of charges which can be move |
| |
| Each bits of move_charge_at_immigrate has its own meaning about what type of |
| charges should be moved. |
| |
| bit | what type of charges would be moved ? |
| -----+------------------------------------------------------------------------ |
| 0 | A charge of an anonymous page(or swap of it) used by the target task. |
| | Those pages and swaps must be used only by the target task. You must |
| | enable Swap Extension(see 2.4) to enable move of swap charges. |
| |
| Note: Those pages and swaps must be charged to the old cgroup. |
| Note: More type of pages(e.g. file cache, shmem,) will be supported by other |
| bits in future. |
| |
| 8.3 TODO |
| |
| - Add support for other types of pages(e.g. file cache, shmem, etc.). |
| - Implement madvise(2) to let users decide the vma to be moved or not to be |
| moved. |
| - All of moving charge operations are done under cgroup_mutex. It's not good |
| behavior to hold the mutex too long, so we may need some trick. |
| |
| 9. Memory thresholds |
| |
| Memory controler implements memory thresholds using cgroups notification |
| API (see cgroups.txt). It allows to register multiple memory and memsw |
| thresholds and gets notifications when it crosses. |
| |
| To register a threshold application need: |
| - create an eventfd using eventfd(2); |
| - open memory.usage_in_bytes or memory.memsw.usage_in_bytes; |
| - write string like "<event_fd> <memory.usage_in_bytes> <threshold>" to |
| cgroup.event_control. |
| |
| Application will be notified through eventfd when memory usage crosses |
| threshold in any direction. |
| |
| It's applicable for root and non-root cgroup. |
| |
| 10. TODO |
| |
| 1. Add support for accounting huge pages (as a separate controller) |
| 2. Make per-cgroup scanner reclaim not-shared pages first |
| 3. Teach controller to account for shared-pages |
| 4. Start reclamation in the background when the limit is |
| not yet hit but the usage is getting closer |
| |
| Summary |
| |
| Overall, the memory controller has been a stable controller and has been |
| commented and discussed quite extensively in the community. |
| |
| References |
| |
| 1. Singh, Balbir. RFC: Memory Controller, http://lwn.net/Articles/206697/ |
| 2. Singh, Balbir. Memory Controller (RSS Control), |
| http://lwn.net/Articles/222762/ |
| 3. Emelianov, Pavel. Resource controllers based on process cgroups |
| http://lkml.org/lkml/2007/3/6/198 |
| 4. Emelianov, Pavel. RSS controller based on process cgroups (v2) |
| http://lkml.org/lkml/2007/4/9/78 |
| 5. Emelianov, Pavel. RSS controller based on process cgroups (v3) |
| http://lkml.org/lkml/2007/5/30/244 |
| 6. Menage, Paul. Control Groups v10, http://lwn.net/Articles/236032/ |
| 7. Vaidyanathan, Srinivasan, Control Groups: Pagecache accounting and control |
| subsystem (v3), http://lwn.net/Articles/235534/ |
| 8. Singh, Balbir. RSS controller v2 test results (lmbench), |
| http://lkml.org/lkml/2007/5/17/232 |
| 9. Singh, Balbir. RSS controller v2 AIM9 results |
| http://lkml.org/lkml/2007/5/18/1 |
| 10. Singh, Balbir. Memory controller v6 test results, |
| http://lkml.org/lkml/2007/8/19/36 |
| 11. Singh, Balbir. Memory controller introduction (v6), |
| http://lkml.org/lkml/2007/8/17/69 |
| 12. Corbet, Jonathan, Controlling memory use in cgroups, |
| http://lwn.net/Articles/243795/ |