Message ID | 20230109213809.418135-1-tjmercier@google.com |
---|---|
Headers | show |
Series | Track exported dma-buffers with memcg | expand |
Hi T.J., On Mon, Jan 9, 2023 at 1:38 PM T.J. Mercier <tjmercier@google.com> wrote: > > Based on discussions at LPC, this series adds a memory.stat counter for > exported dmabufs. This counter allows us to continue tracking > system-wide total exported buffer sizes which there is no longer any > way to get without DMABUF_SYSFS_STATS, and adds a new capability to > track per-cgroup exported buffer sizes. The total (root counter) is > helpful for accounting in-kernel dmabuf use (by comparing with the sum > of child nodes or with the sum of sizes of mapped buffers or FD > references in procfs) in addition to helping identify driver memory > leaks when in-kernel use continually increases over time. With > per-application cgroups, the per-cgroup counter allows us to quickly > see how much dma-buf memory an application has caused to be allocated. > This avoids the need to read through all of procfs which can be a > lengthy process, and causes the charge to "stick" to the allocating > process/cgroup as long as the buffer is alive, regardless of how the > buffer is shared (unless the charge is transferred). > > The first patch adds the counter to memcg. The next two patches allow > the charge for a buffer to be transferred across cgroups which is > necessary because of the way most dmabufs are allocated from a central > process on Android. The fourth patch adds a SELinux hook to binder in > order to control who is allowed to transfer buffer charges. > > [1] https://lore.kernel.org/all/20220617085702.4298-1-christian.koenig@amd.com/ > I am a bit confused by the term "charge" used in this patch series.
On Tue, Jan 10, 2023 at 12:58 AM Michal Hocko <mhocko@suse.com> wrote: > > On Mon 09-01-23 21:38:04, T.J. Mercier wrote: > > When a buffer is exported to userspace, use memcg to attribute the > > buffer to the allocating cgroup until all buffer references are > > released. > > > > Unlike the dmabuf sysfs stats implementation, this memcg accounting > > avoids contention over the kernfs_rwsem incurred when creating or > > removing nodes. > > I am not familiar with dmabuf infrastructure so please bear with me. > AFAIU this patch adds a dmabuf specific counter to find out the amount > of dmabuf memory used. But I do not see any actual charging implemented > for that memory. > > I have looked at two random users of dma_buf_export cma_heap_allocate > and it allocates pages to back the dmabuf (AFAIU) by cma_alloc > which doesn't account to memcg, system_heap_allocate uses > alloc_largest_available which relies on order_flags which doesn't seem > to ever use __GFP_ACCOUNT. > > This would mean that the counter doesn't represent any actual memory > reflected in the overall memory consumption of a memcg. I believe this > is rather unexpected and confusing behavior. While some counters > overlap and their sum would exceed the charged memory we do not have any > that doesn't correspond to any memory (at least not for non-root memcgs). > > -- > Michal Hocko > SUSE Labs Thank you, that behavior is not intentional. I'm not looking at the overall memcg charge yet otherwise I would have noticed this. I think I understand what's needed for the charging part, but Shakeel mentioned some additional work for "reclaim, OOM and charge context and failure cases" on the cover letter which I need to look into.
On Mon, Jan 9, 2023 at 6:07 PM Hillf Danton <hdanton@sina.com> wrote: > > On 9 Jan 2023 21:38:06 +0000 T.J. Mercier <tjmercier@google.com> > > > > @@ -2275,6 +2276,26 @@ static int binder_translate_fd(u32 fd, binder_size_t fd_offset, > > goto err_security; > > } > > > > + if (IS_ENABLED(CONFIG_MEMCG) && (flags & BINDER_FD_FLAG_XFER_CHARGE)) { > > + struct dma_buf *dmabuf; > > + > > + if (unlikely(!is_dma_buf_file(file))) { > > + binder_user_error( > > + "%d:%d got transaction with XFER_CHARGE for non-dmabuf fd, %d\n", > > + proc->pid, thread->pid, fd); > > + ret = -EINVAL; > > + goto err_dmabuf; > > + } > > It barely makes sense to expose is_dma_buf_file() only for this. > > + > > + dmabuf = file->private_data; > > + ret = dma_buf_transfer_charge(dmabuf, target_proc->tsk); > > + if (ret) { > > + pr_warn("%d:%d Unable to transfer DMA-BUF fd charge to %d\n", > > + proc->pid, thread->pid, target_proc->pid); > > + goto err_xfer; > > + } > > + } > > + > > This whole hunk should go to dma-buf instead by adding change to > dma_buf_transfer_charge() for instance. Fair enough, will change this for v2. I think we'd still want to distinguish between the two failure modes for logging purposes, so I'll use the return value of dma_buf_transfer_charge to do that.
On Mon, Jan 09, 2023 at 04:18:12PM -0800, Shakeel Butt wrote: > Hi T.J., > > On Mon, Jan 9, 2023 at 1:38 PM T.J. Mercier <tjmercier@google.com> wrote: > > > > Based on discussions at LPC, this series adds a memory.stat counter for > > exported dmabufs. This counter allows us to continue tracking > > system-wide total exported buffer sizes which there is no longer any > > way to get without DMABUF_SYSFS_STATS, and adds a new capability to > > track per-cgroup exported buffer sizes. The total (root counter) is > > helpful for accounting in-kernel dmabuf use (by comparing with the sum > > of child nodes or with the sum of sizes of mapped buffers or FD > > references in procfs) in addition to helping identify driver memory > > leaks when in-kernel use continually increases over time. With > > per-application cgroups, the per-cgroup counter allows us to quickly > > see how much dma-buf memory an application has caused to be allocated. > > This avoids the need to read through all of procfs which can be a > > lengthy process, and causes the charge to "stick" to the allocating > > process/cgroup as long as the buffer is alive, regardless of how the > > buffer is shared (unless the charge is transferred). > > > > The first patch adds the counter to memcg. The next two patches allow > > the charge for a buffer to be transferred across cgroups which is > > necessary because of the way most dmabufs are allocated from a central > > process on Android. The fourth patch adds a SELinux hook to binder in > > order to control who is allowed to transfer buffer charges. > > > > [1] https://lore.kernel.org/all/20220617085702.4298-1-christian.koenig@amd.com/ > > > > I am a bit confused by the term "charge" used in this patch series. > From the patches, it seems like only a memcg stat is added and nothing > is charged to the memcg. > > This leads me to the question: Why add this stat in memcg if the > underlying memory is not charged to the memcg and if we don't really > want to limit the usage? > > I see two ways forward: > > 1. Instead of memcg, use bpf-rstat [1] infra to implement the > per-cgroup stat for dmabuf. (You may need an additional hook for the > stat transfer). > > 2. Charge the actual memory to the memcg. Since the size of dmabuf is > immutable across its lifetime, you will not need to do accounting at > page level and instead use something similar to the network memory > accounting interface/mechanism (or even more simple). However you > would need to handle the reclaim, OOM and charge context and failure > cases. However if you are not looking to limit the usage of dmabuf > then this option is an overkill. I think eventually, at least for other "account gpu stuff in cgroups" use case we do want to actually charge the memory. The problem is a bit that with gpu allocations reclaim is essentially "we pass the error to userspace and they get to sort the mess out". There are some exceptions (some gpu drivers to have shrinkers) would we need to make sure these shrinkers are tied into the cgroup stuff before we could enable charging for them? Also note that at least from the gpu driver side this is all a huge endeavour, so if we can split up the steps as much as possible (and get something interim useable that doesn't break stuff ofc), that is practically need to make headway here. TJ has been trying out various approaches for quite some time now already :-/ -Daniel > Please let me know if I misunderstood something. > > [1] https://lore.kernel.org/all/20220824233117.1312810-1-haoluo@google.com/ > > thanks, > Shakeel
On Wed, Jan 11, 2023 at 11:56:45PM +0100, Daniel Vetter wrote: > [...] > I think eventually, at least for other "account gpu stuff in cgroups" use > case we do want to actually charge the memory. > > The problem is a bit that with gpu allocations reclaim is essentially "we > pass the error to userspace and they get to sort the mess out". There are > some exceptions (some gpu drivers to have shrinkers) would we need to make > sure these shrinkers are tied into the cgroup stuff before we could enable > charging for them? > No, there is no requirement to have shrinkers or making such memory reclaimable before charging it. Though existing shrinkers and the possible future shrinkers would need to be converted into memcg aware shrinkers. Though there will be a need to update user expectations that if they use memcgs with hard limits, they may start seeing memcg OOMs after the charging of dmabuf. > Also note that at least from the gpu driver side this is all a huge > endeavour, so if we can split up the steps as much as possible (and get > something interim useable that doesn't break stuff ofc), that is > practically need to make headway here. This sounds reasonable to me.
On Wed, Jan 11, 2023 at 04:49:36PM -0800, T.J. Mercier wrote: > [...] > > The problem is a bit that with gpu allocations reclaim is essentially "we > > pass the error to userspace and they get to sort the mess out". There are > > some exceptions (some gpu drivers to have shrinkers) would we need to make > > sure these shrinkers are tied into the cgroup stuff before we could enable > > charging for them? > > > I'm also not sure that we can depend on the dmabuf being backed at > export time 100% of the time? (They are for dmabuf heaps.) If not, > that'd make calling the existing memcg folio based functions a bit > difficult. > Where does the actual memory get allocated? I see the first patch is updating the stat in dma_buf_export() and dma_buf_release(). Does the memory get allocated and freed in those code paths?
On Thu 12-01-23 07:56:31, Shakeel Butt wrote: > On Wed, Jan 11, 2023 at 11:56:45PM +0100, Daniel Vetter wrote: > > > [...] > > I think eventually, at least for other "account gpu stuff in cgroups" use > > case we do want to actually charge the memory. > > > > The problem is a bit that with gpu allocations reclaim is essentially "we > > pass the error to userspace and they get to sort the mess out". There are > > some exceptions (some gpu drivers to have shrinkers) would we need to make > > sure these shrinkers are tied into the cgroup stuff before we could enable > > charging for them? > > > > No, there is no requirement to have shrinkers or making such memory > reclaimable before charging it. Though existing shrinkers and the > possible future shrinkers would need to be converted into memcg aware > shrinkers. > > Though there will be a need to update user expectations that if they > use memcgs with hard limits, they may start seeing memcg OOMs after the > charging of dmabuf. Agreed. This wouldn't be the first in kernel memory charged memory that is not directly reclaimable. With a dedicated counter an excessive dmabuf usage would be visible in the oom report because we do print memcg stats. It is definitely preferable to have a shrinker mechanism but if that is to be done in a follow up step then this is acceptable. But leaving out charging from early on sounds like a bad choice to me.