[Devel] [PATCH 3/3] cgroup : remove the ns_cgroup
The ns_cgroup is an annoying cgroup at the namespace / cgroup frontier. For example, a single process can not handle a big amount of namespaces without interacting with this cgroup and falling in an exponential creation time due to the nested cgroup directory depth (eg. /cgroup/pid/.../pid/...). That was spotted when creating a single process using multiple network namespaces, the objective was 4096 network namespaces, but at 820 netns, the creation time was dramatically slow and the creation time for a namespace increased from 10msec to 10sec. After five hours, the expected numbers of netns was not reached. Without the ns_cgroup interaction, 4K netns are created after 2 minutes. In order to solve that, we have to mount the cgroup with all the subsystems except the ns_cgroup, it's a little weird and hard to manage from an administration pov because we have to know what are the cgroup available on the system and we can't do a simple 'mount -t cgroup cgroup /cgroup'. With the previous patch which adds a 'clone_children' parameter to a cgroup, we should be able to remove the ns_cgroup and manage manually the creation + adding a task to the cgroup consistenly with the rest of the subsystems. This patch removes the ns_cgroup as suggested in the following thread: https://lists.linux-foundation.org/pipermail/containers/2009-June/018616.html The 'cgroup_clone' function is removed because it is no longer used. Changelog: * Sep 1 (dle): refreshed CONFIG_CGROUP_NS references * Jul 29 (seh): remove references to ns_cgroup_clone(), fix up some documentation, and remove CONFIG_CGROUP_NS references. Signed-off-by: Daniel Lezcano daniel.lezc...@free.fr Signed-off-by: Serge E. Hallyn serge.hal...@canonical.com Cc: Eric W. Biederman ebied...@xmission.com Cc: Jamal Hadi Salim h...@cyberus.ca Reviewed-by: Li Zefan l...@cn.fujitsu.com Acked-by: Paul Menage men...@google.com Acked-by: Matt Helsley matth...@us.ibm.com --- Documentation/cgroups/cgroups.txt |2 +- arch/mips/configs/bcm47xx_defconfig|1 - arch/powerpc/configs/ppc6xx_defconfig |1 - arch/powerpc/configs/pseries_defconfig |1 - arch/s390/defconfig|1 - arch/sh/configs/sdk7786_defconfig |1 - arch/sh/configs/se7206_defconfig |1 - arch/sh/configs/shx3_defconfig |1 - arch/sh/configs/urquell_defconfig |1 - arch/x86/configs/i386_defconfig|1 - arch/x86/configs/x86_64_defconfig |1 - include/linux/cgroup.h |3 - include/linux/cgroup_subsys.h |6 -- include/linux/nsproxy.h|9 --- init/Kconfig |9 --- kernel/Makefile|1 - kernel/cgroup.c| 116 kernel/cpuset.c|7 +- kernel/fork.c |6 -- kernel/ns_cgroup.c | 110 -- kernel/nsproxy.c |4 - 21 files changed, 4 insertions(+), 279 deletions(-) delete mode 100644 kernel/ns_cgroup.c diff --git a/Documentation/cgroups/cgroups.txt b/Documentation/cgroups/cgroups.txt index 190018b..6a5ba63 100644 --- a/Documentation/cgroups/cgroups.txt +++ b/Documentation/cgroups/cgroups.txt @@ -618,7 +618,7 @@ always handled well. void post_clone(struct cgroup_subsys *ss, struct cgroup *cgrp) (cgroup_mutex held by caller) -Called at the end of cgroup_clone() to do any parameter +Called during cgroup_create() to do any parameter initialization which might be required before a task could attach. For example in cpusets, no task may attach before 'cpus' and 'mems' are set up. diff --git a/arch/mips/configs/bcm47xx_defconfig b/arch/mips/configs/bcm47xx_defconfig index 927d58b..c4338e0 100644 --- a/arch/mips/configs/bcm47xx_defconfig +++ b/arch/mips/configs/bcm47xx_defconfig @@ -16,7 +16,6 @@ CONFIG_TASK_IO_ACCOUNTING=y CONFIG_AUDIT=y CONFIG_TINY_RCU=y CONFIG_CGROUPS=y -CONFIG_CGROUP_NS=y CONFIG_CGROUP_CPUACCT=y CONFIG_RELAY=y CONFIG_BLK_DEV_INITRD=y diff --git a/arch/powerpc/configs/ppc6xx_defconfig b/arch/powerpc/configs/ppc6xx_defconfig index 9d64a68..9b253f6 100644 --- a/arch/powerpc/configs/ppc6xx_defconfig +++ b/arch/powerpc/configs/ppc6xx_defconfig @@ -10,7 +10,6 @@ CONFIG_TASK_XACCT=y CONFIG_TASK_IO_ACCOUNTING=y CONFIG_AUDIT=y CONFIG_CGROUPS=y -CONFIG_CGROUP_NS=y CONFIG_CGROUP_DEVICE=y CONFIG_CGROUP_CPUACCT=y CONFIG_RESOURCE_COUNTERS=y diff --git a/arch/powerpc/configs/pseries_defconfig b/arch/powerpc/configs/pseries_defconfig index f87f0e1..972587f 100644 --- a/arch/powerpc/configs/pseries_defconfig +++ b/arch/powerpc/configs/pseries_defconfig @@ -15,7 +15,6 @@ CONFIG_AUDITSYSCALL=y CONFIG_IKCONFIG=y CONFIG_IKCONFIG_PROC=y CONFIG_CGROUPS=y -CONFIG_CGROUP_NS=y CONFIG_CGROUP_FREEZER=y CONFIG_CGROUP_DEVICE=y CONFIG_CPUSETS=y diff --git a/arch/s390/defconfig
[Devel] [PATCH 3/3] cgroup : remove the ns_cgroup
The ns_cgroup is an annoying cgroup at the namespace / cgroup frontier. For example, a single process can not handle a big amount of namespaces without interacting with this cgroup and falling in an exponential creation time due to the nested cgroup directory depth (eg. /cgroup/pid/.../pid/...). That was spotted when creating a single process using multiple network namespaces, the objective was 4096 network namespaces, but at 820 netns, the creation time was dramatically slow and the creation time for a namespace increased from 10msec to 10sec. After five hours, the expected numbers of netns was not reached. Without the ns_cgroup interaction, 4K netns are created after 2 minutes. In order to solve that, we have to mount the cgroup with all the subsystems except the ns_cgroup, it's a little weird and hard to manage from an administration pov because we have to know what are the cgroup available on the system and we can't do a simple 'mount -t cgroup cgroup /cgroup'. With the previous patch which adds a 'clone_children' parameter to a cgroup, we should be able to remove the ns_cgroup and manage manually the creation + adding a task to the cgroup consistenly with the rest of the subsystems. This patch removes the ns_cgroup as suggested in the following thread: https://lists.linux-foundation.org/pipermail/containers/2009-June/018616.html The 'cgroup_clone' function is removed because it is no longer used. Changelog: Jul 29 (seh): remove references to ns_cgroup_clone(), fix up some documentation, and remove CONFIG_CGROUP_NS references. Signed-off-by: Daniel Lezcano dlezc...@free.fr Signed-off-by: Serge E. Hallyn serge.hal...@canonical.com Cc: Eric W. Biederman ebied...@xmission.com Cc: Paul Menage men...@google.com Cc: Jamal Hadi Salim h...@cyberus.ca --- Documentation/cgroups/cgroups.txt|2 +- arch/ia64/configs/generic_defconfig |1 - arch/mips/configs/bcm47xx_defconfig |1 - arch/mips/configs/ip27_defconfig |1 - arch/mips/configs/sb1250-swarm_defconfig |1 - arch/powerpc/configs/cell_defconfig |1 - arch/powerpc/configs/ppc64_defconfig |1 - arch/powerpc/configs/ppc64e_defconfig|1 - arch/powerpc/configs/ppc6xx_defconfig|1 - arch/powerpc/configs/pseries_defconfig |1 - arch/s390/defconfig |1 - arch/sh/configs/sdk7786_defconfig|1 - arch/sh/configs/se7206_defconfig |1 - arch/sh/configs/sh7724_generic_defconfig |1 - arch/sh/configs/sh7770_generic_defconfig |1 - arch/sh/configs/shx3_defconfig |1 - arch/sh/configs/urquell_defconfig|1 - arch/x86/configs/i386_defconfig |1 - arch/x86/configs/x86_64_defconfig|1 - include/linux/cgroup.h |3 - include/linux/cgroup_subsys.h|6 -- include/linux/nsproxy.h |9 --- init/Kconfig |9 --- kernel/Makefile |1 - kernel/cgroup.c | 116 -- kernel/cpuset.c |7 +- kernel/fork.c|6 -- kernel/ns_cgroup.c | 110 kernel/nsproxy.c |4 - 29 files changed, 4 insertions(+), 287 deletions(-) delete mode 100644 kernel/ns_cgroup.c diff --git a/Documentation/cgroups/cgroups.txt b/Documentation/cgroups/cgroups.txt index 190018b..6a5ba63 100644 --- a/Documentation/cgroups/cgroups.txt +++ b/Documentation/cgroups/cgroups.txt @@ -618,7 +618,7 @@ always handled well. void post_clone(struct cgroup_subsys *ss, struct cgroup *cgrp) (cgroup_mutex held by caller) -Called at the end of cgroup_clone() to do any parameter +Called during cgroup_create() to do any parameter initialization which might be required before a task could attach. For example in cpusets, no task may attach before 'cpus' and 'mems' are set up. diff --git a/arch/ia64/configs/generic_defconfig b/arch/ia64/configs/generic_defconfig index 6a4cc50..d257546 100644 --- a/arch/ia64/configs/generic_defconfig +++ b/arch/ia64/configs/generic_defconfig @@ -25,7 +25,6 @@ CONFIG_IKCONFIG_PROC=y CONFIG_LOG_BUF_SHIFT=20 CONFIG_CGROUPS=y # CONFIG_CGROUP_DEBUG is not set -# CONFIG_CGROUP_NS is not set # CONFIG_CGROUP_FREEZER is not set # CONFIG_CGROUP_DEVICE is not set CONFIG_CPUSETS=y diff --git a/arch/mips/configs/bcm47xx_defconfig b/arch/mips/configs/bcm47xx_defconfig index bbd826b..cb75ade 100644 --- a/arch/mips/configs/bcm47xx_defconfig +++ b/arch/mips/configs/bcm47xx_defconfig @@ -199,7 +199,6 @@ CONFIG_TINY_RCU=y CONFIG_LOG_BUF_SHIFT=17 CONFIG_CGROUPS=y # CONFIG_CGROUP_DEBUG is not set -CONFIG_CGROUP_NS=y # CONFIG_CGROUP_FREEZER is not set # CONFIG_CGROUP_DEVICE is not set # CONFIG_CPUSETS is not set diff --git a/arch/mips/configs/ip27_defconfig b/arch/mips/configs/ip27_defconfig index
