| Message ID | 20230109213809.418135-1-tjmercier@google.com (mailing list archive) |
|---|---|
| Headers | show |
| Series | Track exported dma-buffers with memcg | expand |
Hi T.J., On Mon, Jan 9, 2023 at 1:38 PM T.J. Mercier <tjmercier@google.com> wrote: > > Based on discussions at LPC, this series adds a memory.stat counter for > exported dmabufs. This counter allows us to continue tracking > system-wide total exported buffer sizes which there is no longer any > way to get without DMABUF_SYSFS_STATS, and adds a new capability to > track per-cgroup exported buffer sizes. The total (root counter) is > helpful for accounting in-kernel dmabuf use (by comparing with the sum > of child nodes or with the sum of sizes of mapped buffers or FD > references in procfs) in addition to helping identify driver memory > leaks when in-kernel use continually increases over time. With > per-application cgroups, the per-cgroup counter allows us to quickly > see how much dma-buf memory an application has caused to be allocated. > This avoids the need to read through all of procfs which can be a > lengthy process, and causes the charge to "stick" to the allocating > process/cgroup as long as the buffer is alive, regardless of how the > buffer is shared (unless the charge is transferred). > > The first patch adds the counter to memcg. The next two patches allow > the charge for a buffer to be transferred across cgroups which is > necessary because of the way most dmabufs are allocated from a central > process on Android. The fourth patch adds a SELinux hook to binder in > order to control who is allowed to transfer buffer charges. > > [1] https://lore.kernel.org/all/20220617085702.4298-1-christian.koenig@amd.com/ > I am a bit confused by the term "charge" used in this patch series. From the patches, it seems like only a memcg stat is added and nothing is charged to the memcg. This leads me to the question: Why add this stat in memcg if the underlying memory is not charged to the memcg and if we don't really want to limit the usage? I see two ways forward: 1. Instead of memcg, use bpf-rstat [1] infra to implement the per-cgroup stat for dmabuf. (You may need an additional hook for the stat transfer). 2. Charge the actual memory to the memcg. Since the size of dmabuf is immutable across its lifetime, you will not need to do accounting at page level and instead use something similar to the network memory accounting interface/mechanism (or even more simple). However you would need to handle the reclaim, OOM and charge context and failure cases. However if you are not looking to limit the usage of dmabuf then this option is an overkill. Please let me know if I misunderstood something. [1] https://lore.kernel.org/all/20220824233117.1312810-1-haoluo@google.com/ thanks, Shakeel
On Mon, Jan 09, 2023 at 04:18:12PM -0800, Shakeel Butt wrote: > Hi T.J., > > On Mon, Jan 9, 2023 at 1:38 PM T.J. Mercier <tjmercier@google.com> wrote: > > > > Based on discussions at LPC, this series adds a memory.stat counter for > > exported dmabufs. This counter allows us to continue tracking > > system-wide total exported buffer sizes which there is no longer any > > way to get without DMABUF_SYSFS_STATS, and adds a new capability to > > track per-cgroup exported buffer sizes. The total (root counter) is > > helpful for accounting in-kernel dmabuf use (by comparing with the sum > > of child nodes or with the sum of sizes of mapped buffers or FD > > references in procfs) in addition to helping identify driver memory > > leaks when in-kernel use continually increases over time. With > > per-application cgroups, the per-cgroup counter allows us to quickly > > see how much dma-buf memory an application has caused to be allocated. > > This avoids the need to read through all of procfs which can be a > > lengthy process, and causes the charge to "stick" to the allocating > > process/cgroup as long as the buffer is alive, regardless of how the > > buffer is shared (unless the charge is transferred). > > > > The first patch adds the counter to memcg. The next two patches allow > > the charge for a buffer to be transferred across cgroups which is > > necessary because of the way most dmabufs are allocated from a central > > process on Android. The fourth patch adds a SELinux hook to binder in > > order to control who is allowed to transfer buffer charges. > > > > [1] https://lore.kernel.org/all/20220617085702.4298-1-christian.koenig@amd.com/ > > > > I am a bit confused by the term "charge" used in this patch series. > From the patches, it seems like only a memcg stat is added and nothing > is charged to the memcg. > > This leads me to the question: Why add this stat in memcg if the > underlying memory is not charged to the memcg and if we don't really > want to limit the usage? > > I see two ways forward: > > 1. Instead of memcg, use bpf-rstat [1] infra to implement the > per-cgroup stat for dmabuf. (You may need an additional hook for the > stat transfer). > > 2. Charge the actual memory to the memcg. Since the size of dmabuf is > immutable across its lifetime, you will not need to do accounting at > page level and instead use something similar to the network memory > accounting interface/mechanism (or even more simple). However you > would need to handle the reclaim, OOM and charge context and failure > cases. However if you are not looking to limit the usage of dmabuf > then this option is an overkill. I think eventually, at least for other "account gpu stuff in cgroups" use case we do want to actually charge the memory. The problem is a bit that with gpu allocations reclaim is essentially "we pass the error to userspace and they get to sort the mess out". There are some exceptions (some gpu drivers to have shrinkers) would we need to make sure these shrinkers are tied into the cgroup stuff before we could enable charging for them? Also note that at least from the gpu driver side this is all a huge endeavour, so if we can split up the steps as much as possible (and get something interim useable that doesn't break stuff ofc), that is practically need to make headway here. TJ has been trying out various approaches for quite some time now already :-/ -Daniel > Please let me know if I misunderstood something. > > [1] https://lore.kernel.org/all/20220824233117.1312810-1-haoluo@google.com/ > > thanks, > Shakeel
On Wed, Jan 11, 2023 at 2:56 PM Daniel Vetter <daniel@ffwll.ch> wrote: > > On Mon, Jan 09, 2023 at 04:18:12PM -0800, Shakeel Butt wrote: > > Hi T.J., > > > > On Mon, Jan 9, 2023 at 1:38 PM T.J. Mercier <tjmercier@google.com> wrote: > > > > > > Based on discussions at LPC, this series adds a memory.stat counter for > > > exported dmabufs. This counter allows us to continue tracking > > > system-wide total exported buffer sizes which there is no longer any > > > way to get without DMABUF_SYSFS_STATS, and adds a new capability to > > > track per-cgroup exported buffer sizes. The total (root counter) is > > > helpful for accounting in-kernel dmabuf use (by comparing with the sum > > > of child nodes or with the sum of sizes of mapped buffers or FD > > > references in procfs) in addition to helping identify driver memory > > > leaks when in-kernel use continually increases over time. With > > > per-application cgroups, the per-cgroup counter allows us to quickly > > > see how much dma-buf memory an application has caused to be allocated. > > > This avoids the need to read through all of procfs which can be a > > > lengthy process, and causes the charge to "stick" to the allocating > > > process/cgroup as long as the buffer is alive, regardless of how the > > > buffer is shared (unless the charge is transferred). > > > > > > The first patch adds the counter to memcg. The next two patches allow > > > the charge for a buffer to be transferred across cgroups which is > > > necessary because of the way most dmabufs are allocated from a central > > > process on Android. The fourth patch adds a SELinux hook to binder in > > > order to control who is allowed to transfer buffer charges. > > > > > > [1] https://lore.kernel.org/all/20220617085702.4298-1-christian.koenig@amd.com/ > > > > > > > I am a bit confused by the term "charge" used in this patch series. > > From the patches, it seems like only a memcg stat is added and nothing > > is charged to the memcg. > > > > This leads me to the question: Why add this stat in memcg if the > > underlying memory is not charged to the memcg and if we don't really > > want to limit the usage? > > > > I see two ways forward: > > > > 1. Instead of memcg, use bpf-rstat [1] infra to implement the > > per-cgroup stat for dmabuf. (You may need an additional hook for the > > stat transfer). > > > > 2. Charge the actual memory to the memcg. Since the size of dmabuf is > > immutable across its lifetime, you will not need to do accounting at > > page level and instead use something similar to the network memory > > accounting interface/mechanism (or even more simple). However you > > would need to handle the reclaim, OOM and charge context and failure > > cases. However if you are not looking to limit the usage of dmabuf > > then this option is an overkill. > > I think eventually, at least for other "account gpu stuff in cgroups" use > case we do want to actually charge the memory. > Yes, I've been looking at this today. > The problem is a bit that with gpu allocations reclaim is essentially "we > pass the error to userspace and they get to sort the mess out". There are > some exceptions (some gpu drivers to have shrinkers) would we need to make > sure these shrinkers are tied into the cgroup stuff before we could enable > charging for them? > I'm also not sure that we can depend on the dmabuf being backed at export time 100% of the time? (They are for dmabuf heaps.) If not, that'd make calling the existing memcg folio based functions a bit difficult. > Also note that at least from the gpu driver side this is all a huge > endeavour, so if we can split up the steps as much as possible (and get > something interim useable that doesn't break stuff ofc), that is > practically need to make headway here. TJ has been trying out various > approaches for quite some time now already :-/ > -Daniel > > > Please let me know if I misunderstood something. > > > > [1] https://lore.kernel.org/all/20220824233117.1312810-1-haoluo@google.com/ > > > > thanks, > > Shakeel > > -- > Daniel Vetter > Software Engineer, Intel Corporation > http://blog.ffwll.ch
On Wed, Jan 11, 2023 at 11:56:45PM +0100, Daniel Vetter wrote: > [...] > I think eventually, at least for other "account gpu stuff in cgroups" use > case we do want to actually charge the memory. > > The problem is a bit that with gpu allocations reclaim is essentially "we > pass the error to userspace and they get to sort the mess out". There are > some exceptions (some gpu drivers to have shrinkers) would we need to make > sure these shrinkers are tied into the cgroup stuff before we could enable > charging for them? > No, there is no requirement to have shrinkers or making such memory reclaimable before charging it. Though existing shrinkers and the possible future shrinkers would need to be converted into memcg aware shrinkers. Though there will be a need to update user expectations that if they use memcgs with hard limits, they may start seeing memcg OOMs after the charging of dmabuf. > Also note that at least from the gpu driver side this is all a huge > endeavour, so if we can split up the steps as much as possible (and get > something interim useable that doesn't break stuff ofc), that is > practically need to make headway here. This sounds reasonable to me.
On Wed, Jan 11, 2023 at 04:49:36PM -0800, T.J. Mercier wrote: > [...] > > The problem is a bit that with gpu allocations reclaim is essentially "we > > pass the error to userspace and they get to sort the mess out". There are > > some exceptions (some gpu drivers to have shrinkers) would we need to make > > sure these shrinkers are tied into the cgroup stuff before we could enable > > charging for them? > > > I'm also not sure that we can depend on the dmabuf being backed at > export time 100% of the time? (They are for dmabuf heaps.) If not, > that'd make calling the existing memcg folio based functions a bit > difficult. > Where does the actual memory get allocated? I see the first patch is updating the stat in dma_buf_export() and dma_buf_release(). Does the memory get allocated and freed in those code paths?
Am 12.01.23 um 09:13 schrieb Shakeel Butt: > On Wed, Jan 11, 2023 at 04:49:36PM -0800, T.J. Mercier wrote: > [...] >>> The problem is a bit that with gpu allocations reclaim is essentially "we >>> pass the error to userspace and they get to sort the mess out". There are >>> some exceptions (some gpu drivers to have shrinkers) would we need to make >>> sure these shrinkers are tied into the cgroup stuff before we could enable >>> charging for them? >>> >> I'm also not sure that we can depend on the dmabuf being backed at >> export time 100% of the time? (They are for dmabuf heaps.) If not, >> that'd make calling the existing memcg folio based functions a bit >> difficult. >> > Where does the actual memory get allocated? I see the first patch is > updating the stat in dma_buf_export() and dma_buf_release(). Does the > memory get allocated and freed in those code paths? Nope, dma_buf_export() just makes the memory available to others. The driver which calls dma_buf_export() is the one allocating the memory. Regards, Christian.
On Thu 12-01-23 07:56:31, Shakeel Butt wrote: > On Wed, Jan 11, 2023 at 11:56:45PM +0100, Daniel Vetter wrote: > > > [...] > > I think eventually, at least for other "account gpu stuff in cgroups" use > > case we do want to actually charge the memory. > > > > The problem is a bit that with gpu allocations reclaim is essentially "we > > pass the error to userspace and they get to sort the mess out". There are > > some exceptions (some gpu drivers to have shrinkers) would we need to make > > sure these shrinkers are tied into the cgroup stuff before we could enable > > charging for them? > > > > No, there is no requirement to have shrinkers or making such memory > reclaimable before charging it. Though existing shrinkers and the > possible future shrinkers would need to be converted into memcg aware > shrinkers. > > Though there will be a need to update user expectations that if they > use memcgs with hard limits, they may start seeing memcg OOMs after the > charging of dmabuf. Agreed. This wouldn't be the first in kernel memory charged memory that is not directly reclaimable. With a dedicated counter an excessive dmabuf usage would be visible in the oom report because we do print memcg stats. It is definitely preferable to have a shrinker mechanism but if that is to be done in a follow up step then this is acceptable. But leaving out charging from early on sounds like a bad choice to me.