Red Hat Bugzilla – Bug 613291
guest did not honor cgroup memory.limit_in_bytes
Last modified: 2013-01-09 17:51:02 EST
Description of problem:
Not sure if a bug or not using RHEL6.0-20100707.4 tree and -44.el6 kernel that the guest controlled memory usage may go beyond the capped memory.
# mount -t cgroup -o memory none /cgroups/memory/
# cd /cgroups/memory/
# mkdir A
# cd A
# echo 256M >memory.limit_in_bytes
# ps aux | grep qemu-kvm
qemu 7444 9.0 10.4 1335288 385168 ? Sl 16:06 3:37 /usr/libexec/qemu-kvm -S -M rhel6.0.0 -enable-kvm -m 1024 -smp 1,sockets=1,cores=1,threads=1 -name rhel6 -uuid 32f27c50-0805-2f64-4fbe-fb0bb1b6971f -nodefconfig -nodefaults -chardev socket,id=monitor,path=/var/lib/libvirt/qemu/rhel6.monitor,server,nowait -mon chardev=monitor,mode=control -rtc base=utc -boot c -drive file=/var/lib/libvirt/images/rhel6.img,if=none,id=drive-virtio-disk0,boot=on,format=raw,cache=none -device virtio-blk-pci,bus=pci.0,addr=0x6,drive=drive-virtio-disk0,id=virtio-disk0 -netdev tap,fd=20,id=hostnet0,vhost=on,vhostfd=21 -device virtio-net-pci,netdev=hostnet0,id=net0,mac=52:54:00:e4:21:bf,bus=pci.0,addr=0x4 -chardev pty,id=serial0 -device isa-serial,chardev=serial0 -usb -vnc 127.0.0.1:0 -k en-us -vga cirrus -device AC97,id=sound0,bus=pci.0,addr=0x5 -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x3
# echo 7444 >tasks
Then ran a program inside the guest to malloc 2G and write to those memory. It still could pass, and the top from the host showed that it took more memory than it was controlled.
7444 qemu 20 0 1914m 716m 3036 S 76.7 20.0 6:51.80 qemu-kvm
I was also tried to set limit_in_bytes to 1500M, and allocate/touch 2G inside the guest, the result was the same. Should I expect the allocation should fail in this case?
You need to "echo $$ > tasks" just before running the program.
Larry, where to run that command? I setup the cgroup in the host, and then start the malloc program in the guest. As you can see that there was no cgroup configured in the guest.
I have also tried to move all KVM PIDs into the cgroup without luck.
OK, Larry and I just tried this out, and it seems to work like it should. There are a couple of things to note here:
1) It looks like you started the guest via libvirt. Did you? If so, libvirt automatically puts all guests into a cgroup under /cgroup/memory/libvirt/qemu/<guestname>. So one way you can run this test is to go into the pre-defined libvirt cgroup and limit the memory that way. We tested this, and it did the right thing.
2) If you do want to do something like in the original comment (i.e. make your own cgroup), you have to make sure that all of the threads from the qemu-kvm process get put into the new cgroup. We also tried this out, and this also worked for us.
Chris L and Larry