On Fri, Apr 22, 2022 at 2:19 AM Khazhy Kumykov <khazhy@xxxxxxxxxx> wrote: > > On Wed, Apr 20, 2022 at 10:34 PM Amir Goldstein <amir73il@xxxxxxxxx> wrote: > > > > On Tue, Apr 19, 2022 at 6:29 PM Gabriel Krisman Bertazi > > <krisman@xxxxxxxxxxxxx> wrote: > > > > > > Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> writes: > > > > > > Hi Andrew, > > > > > > > On Mon, 18 Apr 2022 17:37:10 -0400 Gabriel Krisman Bertazi <krisman@xxxxxxxxxxxxx> wrote: > > > > > > > >> When provisioning containerized applications, multiple very small tmpfs > > > > > > > > "files"? > > > > > > Actually, filesystems. In cloud environments, we have several small > > > tmpfs associated with containerized tasks. > > > > > > >> are used, for which one cannot always predict the proper file system > > > >> size ahead of time. We want to be able to reliably monitor filesystems > > > >> for ENOSPC errors, without depending on the application being executed > > > >> reporting the ENOSPC after a failure. > > > > > > > > Well that sucks. We need a kernel-side workaround for applications > > > > that fail to check and report storage errors? > > > > > > > > We could do this for every syscall in the kernel. What's special about > > > > tmpfs in this regard? > > > > > > > > Please provide additional justification and usage examples for such an > > > > extraordinary thing. > > > > > > For a cloud provider deploying containerized applications, they might > > > not control the application, so patching userspace wouldn't be a > > > solution. More importantly - and why this is shmem specific - > > > they want to differentiate between a user getting ENOSPC due to > > > insufficiently provisioned fs size, vs. due to running out of memory in > > > a container, both of which return ENOSPC to the process. > > > > > > > Isn't there already a per memcg OOM handler that could be used by > > orchestrator to detect the latter? > > > > > A system administrator can then use this feature to monitor a fleet of > > > containerized applications in a uniform way, detect provisioning issues > > > caused by different reasons and address the deployment. > > > > > > I originally submitted this as a new fanotify event, but given the > > > specificity of shmem, Amir suggested the interface I'm implementing > > > here. We've raised this discussion originally here: > > > > > > https://lore.kernel.org/linux-mm/CACGdZYLLCqzS4VLUHvzYG=rX3SEJaG7Vbs8_Wb_iUVSvXsqkxA@xxxxxxxxxxxxxx/ > > > > > > > To put things in context, the points I was trying to make in this > > discussion are: > > > > 1. Why isn't monitoring with statfs() a sufficient solution? and more > > specifically, the shared disk space provisioning problem does not sound > > very tmpfs specific to me. > > It is a well known issue for thin provisioned storage in environments > > with shared resources as the ones that you describe > > I think this solves a different problem: to my understanding statfs > polling is useful for determining if a long lived, slowly growing FS > is approaching its limits - the tmpfs here are generally short lived, > and may be intentionally running close to limits (e.g. if they "know" > exactly how much they need, and don't expect to write any more than > that). In this case, the limits are there to guard against runaway > (and assist with scheduling), so "monitor and increase limits > periodically" isn't appropriate. > > It's meant just to make it easier to distinguish between "tmpfs write > failed due to OOM" and "tmpfs write failed because you exceeded tmpfs' > max size" (what makes tmpfs "special" is that tmpfs, for good reason, > returns ENOSPC for both of these situations to the user). For a small Maybe it's for a good reason, but it clearly is not the desired behavior in your use case. Perhaps what is needed here is a way for user to opt-in to a different OOM behavior from shmem using a mount option? Would that be enough to cover your use case? > task a user could easily go from 0% to full, or OOM, rather quickly, > so statfs polling would likely miss the event. The orchestrator can, > when the task fails, easily (and reliably) look at this statistic to > determine if a user exceeded the tmpfs limit. > > (I do see the parallel here to thin provisioned storage - "exceeded > your individual budget" vs. "underlying overcommitted system ran out > of bytes") Right, and in this case, the application gets a different error in case of "underlying space overcommitted", usually EIO, that's why I think that opting-in for this same behavior could make sense for tmpfs. We can even consider shutdown behavior for shmem in that case, but that is up to whoever may be interested in that kind of behavior. Thanks, Amir.
