| Home » Mailing lists » Devel » [PATCH 0/7] containers (V7): Generic Process Containers 
	| 
		
			| [PATCH 6/7] containers (V7): BeanCounters over generic process containers [message #10180 is a reply to message #10176] | Mon, 12 February 2007 08:15   |  
			| 
				
				
					|  Paul Menage Messages: 642
 Registered: September 2006
 | Senior Member |  |  |  
	| This patch implements the BeanCounter resource control abstraction over generic process containers. It contains the beancounter core
 code, plus the numfiles resource counter. It doesn't currently contain
 any of the memory tracking code or the code for switching beancounter
 context in interrupts.
 
 Currently all the beancounters resource counters are lumped into a
 single hierarchy; ideally it would be possible for each resource
 counter to be a separate container subsystem, allowing them to be
 connected to different hierarchies.
 
 ---
 fs/file_table.c          |   11 +
 include/bc/beancounter.h |  192 ++++++++++++++++++++++++
 include/bc/misc.h        |   27 +++
 include/linux/fs.h       |    3
 init/Kconfig             |    4
 init/main.c              |    3
 kernel/Makefile          |    1
 kernel/bc/Kconfig        |   17 ++
 kernel/bc/Makefile       |    7
 kernel/bc/beancounter.c  |  371 +++++++++++++++++++++++++++++++++++++++++++++++
 kernel/bc/misc.c         |   56 +++++++
 11 files changed, 691 insertions(+), 1 deletion(-)
 
 Index: container-2.6.20/init/Kconfig
 ============================================================ =======
 --- container-2.6.20.orig/init/Kconfig
 +++ container-2.6.20/init/Kconfig
 @@ -619,6 +619,10 @@ config STOP_MACHINE
 Need stop_machine() primitive.
 endmenu
 
 +menu "Beancounters"
 +source "kernel/bc/Kconfig"
 +endmenu
 +
 menu "Block layer"
 source "block/Kconfig"
 endmenu
 Index: container-2.6.20/kernel/Makefile
 ============================================================ =======
 --- container-2.6.20.orig/kernel/Makefile
 +++ container-2.6.20/kernel/Makefile
 @@ -12,6 +12,7 @@ obj-y     = sched.o fork.o exec_domain.o
 
 obj-$(CONFIG_STACKTRACE) += stacktrace.o
 obj-y += time/
 +obj-$(CONFIG_BEANCOUNTERS) += bc/
 obj-$(CONFIG_DEBUG_MUTEXES) += mutex-debug.o
 obj-$(CONFIG_LOCKDEP) += lockdep.o
 ifeq ($(CONFIG_PROC_FS),y)
 Index: container-2.6.20/kernel/bc/Kconfig
 ============================================================ =======
 --- /dev/null
 +++ container-2.6.20/kernel/bc/Kconfig
 @@ -0,0 +1,17 @@
 +config BEANCOUNTERS
 +	bool "Enable resource accounting/control"
 +	default n
 +	select CONTAINERS
 +	help
 +	  When Y this option provides accounting and allows configuring
 +	  limits for user's consumption of exhaustible system resources.
 +	  The most important resource controlled by this patch is unswappable
 +	  memory (either mlock'ed or used by internal kernel structures and
 +	  buffers). The main goal of this patch is to protect processes
 +	  from running short of important resources because of accidental
 +	  misbehavior of processes or malicious activity aiming to ``kill''
 +	  the system. It's worth mentioning that resource limits configured
 +	  by setrlimit(2) do not give an acceptable level of protection
 +	  because they cover only a small fraction of resources and work on a
 +	  per-process basis.  Per-process accounting doesn't prevent malicious
 +	  users from spawning a lot of resource-consuming processes.
 Index: container-2.6.20/kernel/bc/Makefile
 ============================================================ =======
 --- /dev/null
 +++ container-2.6.20/kernel/bc/Makefile
 @@ -0,0 +1,7 @@
 +#
 +# kernel/bc/Makefile
 +#
 +# Copyright (C) 2006 OpenVZ SWsoft Inc.
 +#
 +
 +obj-y = beancounter.o misc.o
 Index: container-2.6.20/include/bc/beancounter.h
 ============================================================ =======
 --- /dev/null
 +++ container-2.6.20/include/bc/beancounter.h
 @@ -0,0 +1,192 @@
 +/*
 + * include/bc/beancounter.h
 + *
 + * Copyright (C) 2006 OpenVZ SWsoft Inc
 + *
 + */
 +
 +#ifndef __BEANCOUNTER_H__
 +#define __BEANCOUNTER_H__
 +
 +#include <linux/container.h>
 +
 +enum {
 +	BC_KMEMSIZE,
 +	BC_PRIVVMPAGES,
 +	BC_PHYSPAGES,
 +	BC_NUMTASKS,
 +	BC_NUMFILES,
 +
 +	BC_RESOURCES
 +};
 +
 +struct bc_resource_parm {
 +	unsigned long	barrier;
 +	unsigned long	limit;
 +	unsigned long	held;
 +	unsigned long	minheld;
 +	unsigned long	maxheld;
 +	unsigned long	failcnt;
 +
 +};
 +
 +#ifdef __KERNEL__
 +
 +#include <linux/list.h>
 +#include <linux/spinlock.h>
 +#include <linux/init.h>
 +#include <linux/configfs.h>
 +#include <asm/atomic.h>
 +
 +#define BC_MAXVALUE	((unsigned long)LONG_MAX)
 +
 +enum bc_severity {
 +	BC_BARRIER,
 +	BC_LIMIT,
 +	BC_FORCE,
 +};
 +
 +struct beancounter;
 +
 +#ifdef CONFIG_BEANCOUNTERS
 +
 +enum bc_attr_index {
 +	BC_RES_HELD,
 +	BC_RES_MAXHELD,
 +	BC_RES_MINHELD,
 +	BC_RES_BARRIER,
 +	BC_RES_LIMIT,
 +	BC_RES_FAILCNT,
 +
 +	BC_ATTRS
 +};
 +
 +struct bc_resource {
 +	char	*bcr_name;
 +	int      res_id;
 +
 +	int	(*bcr_init)(struct beancounter *bc, int res);
 +	int	(*bcr_change)(struct beancounter *bc,
 +			unsigned long new_bar, unsigned long new_lim);
 +	void	(*bcr_barrier_hit)(struct beancounter *bc);
 +	int	(*bcr_limit_hit)(struct beancounter *bc, unsigned long val,
 +			unsigned long flags);
 +	void	(*bcr_fini)(struct beancounter *bc);
 +
 +	/* container file handlers */
 +	struct cftype cft_attrs[BC_ATTRS];
 +};
 +
 +extern struct bc_resource *bc_resources[];
 +extern struct container_subsys bc_subsys;
 +
 +struct beancounter {
 +	struct container_subsys_state css;
 +	spinlock_t		bc_lock;
 +
 +	struct bc_resource_parm bc_parms[BC_RESOURCES];
 +};
 +
 +/* Update the beancounter for a container */
 +static inline void set_container_bc(struct container *cont,
 +				    struct beancounter *bc)
 +{
 +	cont->subsys[bc_subsys.subsys_id] = &bc->css;
 +}
 +
 +/* Retrieve the beancounter for a container */
 +static inline struct beancounter *container_bc(struct container *cont)
 +{
 +	return container_of(container_subsys_state(cont, &bc_subsys),
 +			    struct beancounter, css);
 +}
 +
 +/* Retrieve the beancounter for a task */
 +static inline struct beancounter *task_bc(struct task_struct *task)
 +{
 +	return container_bc(task_container(task, &bc_subsys));
 +}
 +
 +static inline void bc_adjust_maxheld(struct bc_resource_parm *parm)
 +{
 +	if (parm->maxheld < parm->held)
 +		parm->maxheld = parm->held;
 +}
 +
 +static inline void bc_adjust_minheld(struct bc_resource_parm *parm)
 +{
 +	if (parm->minheld > parm->held)
 +		parm->minheld = parm->held;
 +}
 +
 +static inline void bc_init_resource(struct bc_resource_parm *parm,
 +		unsigned long bar, unsigned long lim)
 +{
 +	parm->barrier = bar;
 +	parm->limit = lim;
 +	parm->held = 0;
 +	parm->minheld = 0;
 +	parm->maxheld = 0;
 +	parm->failcnt = 0;
 +}
 +
 +int bc_change_param(struct beancounter *bc, int res,
 +		unsigned long bar, unsigned long lim);
 +
 +int __must_check bc_charge_locked(struct beancounter *bc, int res_id,
 +		unsigned long val, int strict, unsigned long flags);
 +static inline int __must_check bc_charge(struct beancounter *bc, int res_id,
 +		unsigned long val, int strict)
 +{
 +	int ret;
 +	unsigned long flags;
 +
 +	spin_lock_irqsave(&bc->bc_lock, flags);
 +	ret = bc_charge_locked(bc, res_id, val, strict, flags);
 +	spin_unlock_irqrestore(&bc->bc_lock, flags);
 +	return ret;
 +}
 +
 +void __must_check bc_uncharge_locked(struct beancounter *bc, int res_id,
 +		unsigned long val);
 +static inline void bc_uncharge(struct beancounter *bc, int res_id,
 +		unsigned long val)
 +{
 +	unsigned long flags;
 +
 +	spin_lock_irqsave(&bc->bc_lock, flags);
 +	bc_uncharge_locked(bc, res_id, val);
 +	spin_unlock_irqrestore(&bc->bc_lock, flags);
 +}
 +
 +void __init bc_register_resource(int res_id, struct bc_resource *br);
 +void __init bc_init_early(void);
 +#else /* CONFIG_BEANCOUNTERS */
 +static inline int __must_check bc_charge_locked(struct beancounter *bc, int res,
 +		unsigned long val, int strict, unsigned long flags)
 +{
 +	return 0;
 +}
 +
 +static inline int __must_check bc_charge(struct beancounter *bc, int res,
 +		unsigned long val, int strict)
 +{
 +	return 0;
 +}
 +
 +static inline void bc_uncharge_locked(struct beancounter *bc, int res,
 +		unsigned long val)
 +{
 +}
 +
 +static inline void bc_uncharge(struct beancounter *bc, int res,
 +		unsigned long val)
 +{
 +}
 +
 +static inline void bc_init_early(void)
 +{
 +}
 +#endif /* CONFIG_BEANCOUNTERS */
 +#endif /* __KERNEL__ */
 +#endif
 Index: container-2.6.20/init/main.c
 ============================================================ =======
 --- container-2.6.20.orig/init/main.c
 +++ container-2.6.20/init/main.c
 @@ -54,6 +54,8 @@
 #include <linux/pid_namespace.h>
 #include <linux/device.h>
 
 +#include <bc/beancounter.h>
 +
 #include <asm/io.h>
 #include <asm/bugs.h>
 #include <asm/setup.h>
 @@ -487,6 +489,7 @@ asmlinkage void __init start_kernel(void
 extern struct kernel_param __start___param[], __stop___param[];
 
 container_init_early();
 +	bc_init_early();
 smp_setup_processor_id();
 
 /*
 Index: container-2.6.20/kernel/bc/beancounter.c
 ============================================================ =======
 --- /dev/null
 +++ container-2.6.20/kernel/bc/beancounter.c
 @@ -0,0 +1,371 @@
 +/*
 + * kernel/bc/beancounter.c
 + *
 + * Copyright (C) 2006 OpenVZ SWsoft Inc
 + *
 + */
 +
 +#include <linux/sched.h>
 +#include <linux/list.h>
 +#include <linux/hash.h>
 +#include <linux/gfp.h>
 +#include <linux/slab.h>
 +#include <linux/module.h>
 +#include <linux/fs.h>
 +#include <linux/uaccess.h>
 +
 +#include <bc/beancounter.h>
 +
 +#define BC_HASH_BITS	(8)
 +#define BC_HASH_SIZE	(1 << BC_HASH_BITS)
 +
 +static int bc_dummy_init(struct beancounter *bc, int i)
 +{
 +	bc_init_resource(&bc->bc_parms[i], BC_MAXVALUE, BC_MAXVALUE);
 +	return 0;
 +}
 +
 +static struct bc_resource bc_dummy_res = {
 +	.bcr_name = "dummy",
 +	.bcr_init = bc_dummy_init,
 +};
 +
 +struct bc_resource *bc_resources[BC_RESOURCES] = {
 +	[0 ... BC_RESOURCES - 1] = &bc_dummy_res,
 +};
 +
 +struct beancounter init_bc;
 +static kmem_cache_t *bc_cache;
 +
 +static int bc_create(struct container_subsys *ss,
 +		     struct container *cont)
 +{
 +	int i;
 +	struct beancounter *new_bc;
 +
 +	if (!cont->parent) {
 +		/* Early initialization for top container */
 +		set_container_bc(cont, &init_bc);
 +		init_bc.css.container = cont;
 +		retur
...
 
 
 |  
	|  |  | 
	Goto Forum:
	|  |  | [PATCH 0/7] containers (V7): Generic Process Containers |  
	|  |  | [PATCH 2/7] containers (V7): Cpusets hooked into containers |  
	|  |  | Re: [PATCH 2/7] containers (V7): Cpusets hooked into containers |  
	|  |  | Re: [PATCH 2/7] containers (V7): Cpusets hooked into containers By: serue  on Thu, 15 February 2007 20:35 |  
	|  |  | Re: [PATCH 2/7] containers (V7): Cpusets hooked into containers |  
	|  |  | Re: [PATCH 2/7] containers (V7): Cpusets hooked into containers |  
	|  |  | Re: [ckrm-tech] [PATCH 2/7] containers (V7): Cpusets hooked into containers |  
	|  |  | Re: [ckrm-tech] [PATCH 2/7] containers (V7): Cpusets hooked into containers |  
	|  |  | Re: [PATCH 2/7] containers (V7): Cpusets hooked into containers |  
	|  |  | Re: [PATCH 2/7] containers (V7): Cpusets hooked into containers |  
	|  |  | [PATCH 4/7] containers (V7): Simple CPU accounting container subsystem |  
	|  |  | [PATCH 7/7] containers (V7): Container interface to nsproxy subsystem |  
	|  |  | Re: [ckrm-tech] [PATCH 7/7] containers (V7): Container interface to nsproxy subsystem |  
	|  |  | Re: [ckrm-tech] [PATCH 7/7] containers (V7): Container interface to nsproxy subsystem By: serue  on Mon, 26 March 2007 21:55 |  
	|  |  | Re: [ckrm-tech] [PATCH 7/7] containers (V7): Container interface to nsproxy subsystem |  
	|  |  | Re: [ckrm-tech] [PATCH 7/7] containers (V7): Container interface to nsproxy subsystem By: serue  on Mon, 26 March 2007 21:57 |  
	|  |  | Re: [ckrm-tech] [PATCH 7/7] containers (V7): Container interface to nsproxy subsystem |  
	|  |  | Re: [ckrm-tech] [PATCH 7/7] containers (V7): Container interface to nsproxy subsystem |  
	|  |  | Re: [ckrm-tech] [PATCH 7/7] containers (V7): Container interface to nsproxy subsystem By: serue  on Mon, 02 April 2007 14:09 |  
	|  |  | [PATCH 6/7] containers (V7): BeanCounters over generic process containers |  
	|  |  | Re: [PATCH 6/7] containers (V7): BeanCounters over generic process containers |  
	|  |  | Re: [PATCH 6/7] containers (V7): BeanCounters over generic process containers |  
	|  |  | Re: [PATCH 6/7] containers (V7): BeanCounters over generic process containers By: xemul  on Tue, 13 February 2007 08:52 |  
	|  |  | Re: [PATCH 6/7] containers (V7): BeanCounters over generic process containers |  
	|  |  | Re: [PATCH 6/7] containers (V7): BeanCounters over generic process containers By: xemul  on Tue, 13 February 2007 09:18 |  
	|  |  | Re: [PATCH 6/7] containers (V7): BeanCounters over generic process containers |  
	|  |  | Re: [PATCH 6/7] containers (V7): BeanCounters over generic process containers By: xemul  on Tue, 13 February 2007 09:49 |  
	|  |  | Re: [PATCH 6/7] containers (V7): BeanCounters over generic process containers |  
	|  |  | [PATCH 5/7] containers (V7): Resource Groups over generic containers |  
	|  |  | [PATCH 1/7] containers (V7): Generic container system abstracted from cpusets code |  
	|  |  | Re: [PATCH 1/7] containers (V7): Generic container system abstracted from cpusets code |  
	|  |  | Re: [PATCH 1/7] containers (V7): Generic container system abstracted from cpusets code |  
	|  |  | Re: [PATCH 1/7] containers (V7): Generic container system abstracted from cpusets code |  
	|  |  | Re: [ckrm-tech] [PATCH 1/7] containers (V7): Generic container system abstracted from cpusets code |  
	|  |  | Re: [PATCH 1/7] containers (V7): Generic container system abstracted from cpusets code |  
	|  |  | Re: [ckrm-tech] [PATCH 1/7] containers (V7): Generic container system abstracted from cpusets code |  
	|  |  | Re: [PATCH 1/7] containers (V7): Generic container system abstracted from cpusets code |  
	|  |  | Re: [ckrm-tech] [PATCH 1/7] containers (V7): Generic container system abstracted from cpusets code |  
	|  |  | Re: [ckrm-tech] [PATCH 1/7] containers (V7): Generic container system abstracted from cpusets code |  
	|  |  | Re: [ckrm-tech] [PATCH 1/7] containers (V7): Generic container system abstracted from cpusets code |  
	|  |  | Re: [ckrm-tech] [PATCH 1/7] containers (V7): Generic container system abstracted from cpusets code |  
	|  |  | Re: [ckrm-tech] [PATCH 1/7] containers (V7): Generic container system abstracted from cpusets code |  
	|  |  | Re: [ckrm-tech] [PATCH 1/7] containers (V7): Generic container system abstracted from cpusets code |  
	|  |  | Re: [ckrm-tech] [PATCH 1/7] containers (V7): Generic container system abstracted from cpusets code |  
	|  |  | Re: [ckrm-tech] [PATCH 1/7] containers (V7): Generic container system abstracted from cpusets code |  
	|  |  | Re: [ckrm-tech] [PATCH 1/7] containers (V7): Generic container system abstracted from cpusets code |  
	|  |  | Re: [ckrm-tech] [PATCH 1/7] containers (V7): Generic container system abstracted from cpusets code |  
	|  |  | Re: [ckrm-tech] [PATCH 1/7] containers (V7): Generic container system abstracted from cpusets code |  
	|  |  | Re: [ckrm-tech] [PATCH 1/7] containers (V7): Generic container system abstracted from cpusets code |  
	|  |  | Re: [ckrm-tech] [PATCH 1/7] containers (V7): Generic container system abstracted from cpusets code |  
	|  |  | Re: [ckrm-tech] [PATCH 1/7] containers (V7): Generic container system abstracted from cpusets code |  
	|  |  | Re: [ckrm-tech] [PATCH 1/7] containers (V7): Generic container system abstracted from cpusets code |  
	|  |  | Re: [ckrm-tech] [PATCH 1/7] containers (V7): Generic container system abstracted from cpusets code |  
	|  |  | Re: [ckrm-tech] [PATCH 1/7] containers (V7): Generic container system abstracted from cpusets code |  
	|  |  | Re: [PATCH 0/7] containers (V7): Generic Process Containers |  
	|  |  | Re: [PATCH 0/7] containers (V7): Generic Process Containers |  
	|  |  | Re: [PATCH 0/7] containers (V7): Generic Process Containers |  
	|  |  | [PATCH 3/7] containers (V7): Add generic multi-subsystem API to containers |  
	|  |  | Re: [PATCH 3/7] containers (V7): Add generic multi-subsystem API to containers |  
	|  |  | Re: [PATCH 3/7] containers (V7): Add generic multi-subsystem API to containers |  
	|  |  | Re: [PATCH 3/7] containers (V7): Add generic multi-subsystem API to containers |  
	|  |  | Re: [PATCH 0/7] containers (V7): Generic Process Containers |  
	|  |  | Re: [PATCH 0/7] containers (V7): Generic Process Containers |  
	|  |  | Re: [PATCH 0/7] containers (V7): Generic Process Containers By: ebiederm  on Tue, 20 February 2007 17:34 |  
	|  |  | Re: [PATCH 0/7] containers (V7): Generic Process Containers |  
	|  |  | Re: [PATCH 0/7] containers (V7): Generic Process Containers By: serue  on Mon, 12 February 2007 22:47 |  
	|  |  | Re: [PATCH 0/7] containers (V7): Generic Process Containers |  
	|  |  | Re: [PATCH 0/7] containers (V7): Generic Process Containers |  
	|  |  | Re: [PATCH 0/7] containers (V7): Generic Process Containers By: ebiederm  on Tue, 20 February 2007 19:29 |  
	|  |  | Re: [PATCH 0/7] containers (V7): Generic Process Containers |  
	|  |  | Re: [PATCH 0/7] containers (V7): Generic Process Containers By: serue  on Tue, 20 February 2007 23:32 |  
	|  |  | Re: [PATCH 0/7] containers (V7): Generic Process Containers |  
	|  |  | Re: [PATCH 0/7] containers (V7): Generic Process Containers |  
	|  |  | Re: [PATCH 0/7] containers (V7): Generic Process Containers |  
	|  |  | Re: [PATCH 0/7] containers (V7): Generic Process Containers |  
	|  |  | Re: [PATCH 0/7] containers (V7): Generic Process Containers |  
	|  |  | Re: [PATCH 0/7] containers (V7): Generic Process Containers |  
	|  |  | Re: [PATCH 0/7] containers (V7): Generic Process Containers By: serue  on Tue, 20 February 2007 23:37 |  
 
 Current Time: Sun Oct 26 22:46:12 GMT 2025 
 Total time taken to generate the page: 0.08968 seconds |