[RFC][PATCH 6/7] Account for the number of tasks within container

Pavel Emelianov xemul at sw.ru
Tue Mar 6 07:04:58 PST 2007


Small and simple - each fork()/clone() is accounted
and rejected when limit is hit.
-------------- next part --------------
diff -upr linux-2.6.20.orig/include/linux/numproc_container.h linux-2.6.20-=
0/include/linux/numproc_container.h
--- linux-2.6.20.orig/include/linux/numproc_container.h	2007-03-06 13:39:17=
.000000000 +0300
+++ linux-2.6.20-0/include/linux/numproc_container.h	2007-03-06 13:33:28.00=
0000000 +0300
@@ -0,0 +1,32 @@
+#ifndef __NUMPROC_CONTAINER_H__
+#define __NUMPROC_CONTAINER_H__
+/*
+ * Numproc container
+ *
+ * Copyright 2007 OpenVZ SWsoft Inc
+ *
+ * Author: Pavel Emelianov <xemul at openvz.org>
+ *
+ */
+
+#ifdef CONFIG_PROCESS_CONTAINER
+int container_proc_charge(struct task_struct *tsk);
+void container_proc_uncharge(struct task_struct *tsk);
+
+void container_numproc_init_early(void);
+#else
+static inline int container_proc_charge(struct task_struct *tsk)
+{
+	return 0;
+}
+
+static inline void container_proc_uncharge(struct task_struct *tsk)
+{
+}
+
+static inline void container_numproc_init_early(void)
+{
+}
+#endif
+
+#endif
diff -upr linux-2.6.20.orig/include/linux/sched.h linux-2.6.20-0/include/li=
nux/sched.h
--- linux-2.6.20.orig/include/linux/sched.h	2007-03-06 13:33:28.000000000 +=
0300
+++ linux-2.6.20-0/include/linux/sched.h	2007-03-06 13:33:28.000000000 +0300
@@ -1052,6 +1055,9 @@ struct task_struct {
 #ifdef CONFIG_FAULT_INJECTION
 	int make_it_fail;
 #endif
+#ifdef CONFIG_PROCESS_CONTAINER
+	struct numproc_container *numproc_cnt;
+#endif
 };
 =

 static inline pid_t process_group(struct task_struct *tsk)
diff -upr linux-2.6.20.orig/init/Kconfig linux-2.6.20-0/init/Kconfig
--- linux-2.6.20.orig/init/Kconfig	2007-03-06 13:33:28.000000000 +0300
+++ linux-2.6.20-0/init/Kconfig	2007-03-06 13:33:28.000000000 +0300
@@ -265,6 +265,12 @@ config CPUSETS
 	  Provides a simple Resource Controller for monitoring and
 	  controlling the total Resident Set Size of the tasks in a container
 =

+config PROCESS_CONTAINER
+	bool "Numproc accounting container"
+	select RESOURCE_COUNTERS
+	help
+	  Provides the-number-of-tasks accounting container
+
 config SYSFS_DEPRECATED
 	bool "Create deprecated sysfs files"
 	default y
diff -upr linux-2.6.20.orig/kernel/Makefile linux-2.6.20-0/kernel/Makefile
--- linux-2.6.20.orig/kernel/Makefile	2007-03-06 13:33:28.000000000 +0300
+++ linux-2.6.20-0/kernel/Makefile	2007-03-06 13:33:28.000000000 +0300
@@ -51,6 +51,7 @@ obj-$(CONFIG_RELAY) +=3D relay.o
 obj-$(CONFIG_TASK_DELAY_ACCT) +=3D delayacct.o
 obj-$(CONFIG_TASKSTATS) +=3D taskstats.o tsacct.o
 obj-$(CONFIG_RESOURCE_COUNTERS) +=3D res_counter.o
+obj-$(CONFIG_PROCESS_CONTAINER) +=3D numproc_container.o
 =

 ifneq ($(CONFIG_SCHED_NO_NO_OMIT_FRAME_POINTER),y)
 # According to Alan Modra <alan at linuxcare.com.au>, the -fno-omit-frame-poi=
nter is
diff -upr linux-2.6.20.orig/kernel/exit.c linux-2.6.20-0/kernel/exit.c
--- linux-2.6.20.orig/kernel/exit.c	2007-03-06 13:33:28.000000000 +0300
+++ linux-2.6.20-0/kernel/exit.c	2007-03-06 13:33:28.000000000 +0300
@@ -48,6 +48,8 @@
 #include <asm/pgtable.h>
 #include <asm/mmu_context.h>
 =

+#include <linux/numproc_container.h>
+
 extern void sem_exit (void);
 =

 static void exit_mm(struct task_struct * tsk);
@@ -174,6 +176,7 @@ repeat:
 	write_unlock_irq(&tasklist_lock);
 	proc_flush_task(p);
 	release_thread(p);
+	container_proc_uncharge(p);
 	call_rcu(&p->rcu, delayed_put_task_struct);
 =

 	p =3D leader;
diff -upr linux-2.6.20.orig/kernel/fork.c linux-2.6.20-0/kernel/fork.c
--- linux-2.6.20.orig/kernel/fork.c	2007-03-06 13:33:28.000000000 +0300
+++ linux-2.6.20-0/kernel/fork.c	2007-03-06 13:33:28.000000000 +0300
@@ -57,6 +57,7 @@
 #include <asm/tlbflush.h>
 =

 #include <linux/rss_container.h>
+#include <linux/numproc_container.h>
 =

 /*
  * Protected counters by write_lock_irq(&tasklist_lock)
@@ -986,6 +999,9 @@ static struct task_struct *copy_process(
 	if (!p)
 		goto fork_out;
 =

+	if (container_proc_charge(p))
+		goto charge_out;
+
 	rt_mutex_init_task(p);
 =

 #ifdef CONFIG_TRACE_IRQFLAGS
@@ -1302,6 +1318,8 @@ bad_fork_cleanup_count:
 	atomic_dec(&p->user->processes);
 	free_uid(p->user);
 bad_fork_free:
+	container_proc_uncharge(p);
+charge_out:
 	free_task(p);
 fork_out:
 	return ERR_PTR(retval);
diff -upr linux-2.6.20.orig/kernel/numproc_container.c linux-2.6.20-0/kerne=
l/numproc_container.c
--- linux-2.6.20.orig/kernel/numproc_container.c	2007-03-06 13:39:17.000000=
000 +0300
+++ linux-2.6.20-0/kernel/numproc_container.c	2007-03-06 13:33:28.000000000=
 +0300
@@ -0,0 +1,151 @@
+/*
+ * Numproc accounting container
+ *
+ * Copyright 2007 OpenVZ SWsoft Inc
+ *
+ * Author: Pavel Emelianov <xemul at openvz.org>
+ *
+ */
+
+#include <linux/list.h>
+#include <linux/sched.h>
+#include <linux/mm.h>
+#include <linux/res_counter.h>
+#include <linux/numproc_container.h>
+
+static struct container_subsys numproc_subsys;
+
+struct numproc_container {
+	struct res_counter res;
+	struct container_subsys_state css;
+};
+
+static inline struct numproc_container *numproc_from_cont(struct container=
 *cnt)
+{
+	return container_of(container_subsys_state(cnt, &numproc_subsys),
+			struct numproc_container, css);
+}
+
+int container_proc_charge(struct task_struct *new)
+{
+	struct numproc_container *np;
+
+	rcu_read_lock();
+	np =3D numproc_from_cont(task_container(current, &numproc_subsys));
+	css_get_current(&np->css);
+	rcu_read_unlock();
+
+	if (res_counter_charge(&np->res, 1)) {
+		css_put(&np->css);
+		return -ENOMEM;
+	}
+
+	new->numproc_cnt =3D np;
+	return 0;
+}
+
+void container_proc_uncharge(struct task_struct *tsk)
+{
+	struct numproc_container *np;
+
+	np =3D tsk->numproc_cnt;
+	res_counter_uncharge(&np->res, 1);
+	css_put(&np->css);
+}
+
+static int numproc_create(struct container_subsys *ss, struct container *c=
ont)
+{
+	struct numproc_container *np;
+
+	np =3D kzalloc(sizeof(struct numproc_container), GFP_KERNEL);
+	if (np =3D=3D NULL)
+		return -ENOMEM;
+
+	res_counter_init(&np->res);
+	cont->subsys[numproc_subsys.subsys_id] =3D &np->css;
+	return 0;
+}
+
+static void numproc_destroy(struct container_subsys *ss,
+		struct container *cont)
+{
+	kfree(numproc_from_cont(cont));
+}
+
+
+static ssize_t numproc_read(struct container *cont, struct cftype *cft,
+		struct file *file, char __user *userbuf,
+		size_t nbytes, loff_t *ppos)
+{
+	return res_counter_read(&numproc_from_cont(cont)->res, cft->private,
+			userbuf, nbytes, ppos);
+}
+
+static ssize_t numproc_write(struct container *cont, struct cftype *cft,
+		struct file *file, const char __user *userbuf,
+		size_t nbytes, loff_t *ppos)
+{
+	return res_counter_write(&numproc_from_cont(cont)->res, cft->private,
+			userbuf, nbytes, ppos);
+}
+
+
+static struct cftype numproc_usage =3D {
+	.name =3D "numproc_usage",
+	.private =3D RES_USAGE,
+	.read =3D numproc_read,
+};
+
+static struct cftype numproc_limit =3D {
+	.name =3D "numproc_limit",
+	.private =3D RES_LIMIT,
+	.read =3D numproc_read,
+	.write =3D numproc_write,
+};
+
+static struct cftype numproc_failcnt =3D {
+	.name =3D "numproc_failcnt",
+	.private =3D RES_FAILCNT,
+	.read =3D numproc_read,
+};
+
+static int numproc_populate(struct container_subsys *ss,
+		struct container *cont)
+{
+	int rc;
+
+	if ((rc =3D container_add_file(cont, &numproc_usage)) < 0)
+		return rc;
+	if ((rc =3D container_add_file(cont, &numproc_failcnt)) < 0)
+		return rc;
+	if ((rc =3D container_add_file(cont, &numproc_limit)) < 0)
+		return rc;
+
+	return 0;
+}
+
+static struct numproc_container init_numproc_container;
+
+static __init int numproc_create_early(struct container_subsys *ss,
+		struct container *cont)
+{
+	struct numproc_container *np;
+
+	np =3D &init_numproc_container;
+	res_counter_init(&np->res);
+	cont->subsys[numproc_subsys.subsys_id] =3D &np->css;
+	ss->create =3D numproc_create;
+	return 0;
+}
+
+static struct container_subsys numproc_subsys =3D {
+	.name =3D "numproc",
+	.create =3D numproc_create_early,
+	.destroy =3D numproc_destroy,
+	.populate =3D numproc_populate,
+};
+
+void __init container_numproc_init_early(void)
+{
+	container_register_subsys(&numproc_subsys);
+}
diff -upr linux-2.6.20.orig/kernel/container.c linux-2.6.20-0/kernel/contai=
ner.c
--- linux-2.6.20.orig/kernel/container.c	2007-03-06 13:33:28.000000000 +0300
+++ linux-2.6.20-0/kernel/container.c	2007-03-06 13:35:48.000000000 +0300
@@ -60,6 +60,7 @@
 #include <linux/mutex.h>
 =

 #include <linux/rss_container.h>
+#include <linux/numproc_container.h>
 =

 #define CONTAINER_SUPER_MAGIC		0x27e0eb
 =

@@ -1721,6 +1725,7 @@ int __init container_init_early(void)
 	init_task.containers =3D &init_container_group;
 =

 	container_rss_init_early();
+	container_numproc_init_early();
 =

 	return 0;
 }


More information about the Containers mailing list