Memory Resource Controller(Memcg)  Implementation Memo.
Last Updated: 2009/1/20
Base Kernel Version: based on 2.6.29-rc2.

Because VM is getting complex (one of reasons is memcg...), memcg's behavior
is complex. This is a document for memcg's internal behavior.
Please note that implementation details can be changed.

(*) Topics on API should be in Documentation/cgroups/memory.txt)

0. How to record usage ?
   2 objects are used.

   page_cgroup ....an object per page.
	Allocated at boot or memory hotplug. Freed at memory hot removal.

   swap_cgroup ... an entry per swp_entry.
	Allocated at swapon(). Freed at swapoff().

   The page_cgroup has USED bit and double count against a page_cgroup never
   occurs. swap_cgroup is used only when a charged page is swapped-out.

1. Charge

   a page/swp_entry may be charged (usage += PAGE_SIZE) at

	mem_cgroup_newpage_charge()
	  Called at new page fault and Copy-On-Write.

	mem_cgroup_try_charge_swapin()
	  Called at do_swap_page() (page fault on swap entry) and swapoff.
	  Followed by charge-commit-cancel protocol. (With swap accounting)
	  At commit, a charge recorded in swap_cgroup is removed.

	mem_cgroup_cache_charge()
	  Called at add_to_page_cache()

	mem_cgroup_cache_charge_swapin()
	  Called at shmem's swapin.

	mem_cgroup_prepare_migration()
	  Called before migration. "extra" charge is done and followed by
	  charge-commit-cancel protocol.
	  At commit, charge against oldpage or newpage will be committed.

2. Uncharge
  a page/swp_entry may be uncharged (usage -= PAGE_SIZE) by

	mem_cgroup_uncharge_page()
	  Called when an anonymous page is fully unmapped. I.e., mapcount goes
	  to 0. If the page is SwapCache, uncharge is delayed until
	  mem_cgroup_uncharge_swapcache().

	mem_cgroup_uncharge_cache_page()
	  Called when a page-cache is deleted from radix-tree. If the page is
	  SwapCache, uncharge is delayed until mem_cgroup_uncharge_swapcache().

	mem_cgroup_uncharge_swapcache()
	  Called when SwapCache is removed from radix-tree. The charge itself
	  is moved to swap_cgroup. (If mem+swap controller is disabled, no
	  charge to swap occurs.)

	mem_cgroup_uncharge_swap()
	  Called when swp_entry's refcnt goes down to 0. A charge against swap
	  disappears.

	mem_cgroup_end_migration(old, new)
	At success of migration old is uncharged (if necessary), a charge
	to new page is committed. At failure, charge to old page is committed.

3. charge-commit-cancel
	In some case, we can't know this "charge" is valid or not at charging
	(because of races).
	To handle such case, there are charge-commit-cancel functions.
		mem_cgroup_try_charge_XXX
		mem_cgroup_commit_charge_XXX
		mem_cgroup_cancel_charge_XXX
	these are used in swap-in and migration.

	At try_charge(), there are no flags to say "this page is charged".
	at this point, usage += PAGE_SIZE.

	At commit(), the function checks the page should be charged or not
	and set flags or avoid charging.(usage -= PAGE_SIZE)

	At cancel(), simply usage -= PAGE_SIZE.

Under below explanation, we assume CONFIG_MEM_RES_CTRL_SWAP=y.

4. Anonymous
	Anonymous page is newly allocated at
		  - page fault into MAP_ANONYMOUS mapping.
		  - Copy-On-Write.
 	It is charged right after it's allocated before doing any page table
	related operations. Of course, it's uncharged when another page is used
	for the fault address.

	At freeing anonymous page (by exit() or munmap()), zap_pte() is called
	and pages for ptes are freed one by one.(see mm/memory.c). Uncharges
	are done at page_remove_rmap() when page_mapcount() goes down to 0.

	Another page freeing is by page-reclaim (vmscan.c) and anonymous
	pages are swapped out. In this case, the page is marked as
	PageSwapCache(). uncharge() routine doesn't uncharge the page marked
	as SwapCache(). It's delayed until __delete_from_swap_cache().

	4.1 Swap-in.
	At swap-in, the page is taken from swap-cache. There are 2 cases.

	(a) If the SwapCache is newly allocated and read, it has no charges.
	(b) If the SwapCache has been mapped by processes, it has been
	    charged already.

	This swap-in is one of the most complicated work. In do_swap_page(),
	following events occur when pte is unchanged.

	(1) the page (SwapCache) is looked up.
	(2) lock_page()
	(3) try_charge_swapin()
	(4) reuse_swap_page() (may call delete_swap_cache())
	(5) commit_charge_swapin()
	(6) swap_free().

	Considering following situation for example.

	(A) The page has not been charged before (2) and reuse_swap_page()
	    doesn't call delete_from_swap_cache().
	(B) The page has not been charged before (2) and reuse_swap_page()
	    calls delete_from_swap_cache().
	(C) The page has been charged before (2) and reuse_swap_page() doesn't
	    call delete_from_swap_cache().
	(D) The page has been charged before (2) and reuse_swap_page() calls
	    delete_from_swap_cache().

	    memory.usage/memsw.usage changes to this page/swp_entry will be
	 Case          (A)      (B)       (C)     (D)
         Event
       Before (2)     0/ 1     0/ 1      1/ 1    1/ 1
          ===========================================
          (3)        +1/+1    +1/+1     +1/+1   +1/+1
          (4)          -       0/ 0       -     -1/ 0
          (5)         0/-1     0/ 0     -1/-1    0/ 0
          (6)          -       0/-1       -      0/-1
          ===========================================
       Result         1/ 1     1/ 1      1/ 1    1/ 1

       In any cases, charges to this page should be 1/ 1.

	4.2 Swap-out.
	At swap-out, typical state transition is below.

	(a) add to swap cache. (marked as SwapCache)
	    swp_entry's refcnt += 1.
	(b) fully unmapped.
	    swp_entry's refcnt += # of ptes.
	(c) write back to swap.
	(d) delete from swap cache. (remove from SwapCache)
	    swp_entry's refcnt -= 1.


	At (b), the page is marked as SwapCache and not uncharged.
	At (d), the page is removed from SwapCache and a charge in page_cgroup
	is moved to swap_cgroup.

	Finally, at task exit,
	(e) zap_pte() is called and swp_entry's refcnt -=1 -> 0.
	Here, a charge in swap_cgroup disappears.

5. Page Cache
   	Page Cache is charged at
	- add_to_page_cache_locked().

	uncharged at
	- __remove_from_page_cache().

	The logic is very clear. (About migration, see below)
	Note: __remove_from_page_cache() is called by remove_from_page_cache()
	and __remove_mapping().

6. Shmem(tmpfs) Page Cache
	Memcg's charge/uncharge have special handlers of shmem. The best way
	to understand shmem's page state transition is to read mm/shmem.c.
	But brief explanation of the behavior of memcg around shmem will be
	helpful to understand the logic.

	Shmem's page (just leaf page, not direct/indirect block) can be on
		- radix-tree of shmem's inode.
		- SwapCache.
		- Both on radix-tree and SwapCache. This happens at swap-in
		  and swap-out,

	It's charged when...
	- A new page is added to shmem's radix-tree.
	- A swp page is read. (move a charge from swap_cgroup to page_cgroup)
	It's uncharged when
	- A page is removed from radix-tree and not SwapCache.
	- When SwapCache is removed, a charge is moved to swap_cgroup.
	- When swp_entry's refcnt goes down to 0, a charge in swap_cgroup
	  disappears.

7. Page Migration
   	One of the most complicated functions is page-migration-handler.
	Memcg has 2 routines. Assume that we are migrating a page's contents
	from OLDPAGE to NEWPAGE.

	Usual migration logic is..
	(a) remove the page from LRU.
	(b) allocate NEWPAGE (migration target)
	(c) lock by lock_page().
	(d) unmap all mappings.
	(e-1) If necessary, replace entry in radix-tree.
	(e-2) move contents of a page.
	(f) map all mappings again.
	(g) pushback the page to LRU.
	(-) OLDPAGE will be freed.

	Before (g), memcg should complete all necessary charge/uncharge to
	NEWPAGE/OLDPAGE.

	The point is....
	- If OLDPAGE is anonymous, all charges will be dropped at (d) because
          try_to_unmap() drops all mapcount and the page will not be
	  SwapCache.

	- If OLDPAGE is SwapCache, charges will be kept at (g) because
	  __delete_from_swap_cache() isn't called at (e-1)

	- If OLDPAGE is page-cache, charges will be kept at (g) because
	  remove_from_swap_cache() isn't called at (e-1)

	memcg provides following hooks.

	- mem_cgroup_prepare_migration(OLDPAGE)
	  Called after (b) to account a charge (usage += PAGE_SIZE) against
	  memcg which OLDPAGE belongs to.

        - mem_cgroup_end_migration(OLDPAGE, NEWPAGE)
	  Called after (f) before (g).
	  If OLDPAGE is used, commit OLDPAGE again. If OLDPAGE is already
	  charged, a charge by prepare_migration() is automatically canceled.
	  If NEWPAGE is used, commit NEWPAGE and uncharge OLDPAGE.

	  But zap_pte() (by exit or munmap) can be called while migration,
	  we have to check if OLDPAGE/NEWPAGE is a valid page after commit().

8. LRU
        Each memcg has its own private LRU. Now, it's handling is under global
	VM's control (means that it's handled under global zone->lru_lock).
	Almost all routines around memcg's LRU is called by global LRU's
	list management functions under zone->lru_lock().

	A special function is mem_cgroup_isolate_pages(). This scans
	memcg's private LRU and call __isolate_lru_page() to extract a page
	from LRU.
	(By __isolate_lru_page(), the page is removed from both of global and
	 private LRU.)


9. Typical Tests.

 Tests for racy cases.

 9.1 Small limit to memcg.
	When you do test to do racy case, it's good test to set memcg's limit
	to be very small rather than GB. Many races found in the test under
	xKB or xxMB limits.
	(Memory behavior under GB and Memory behavior under MB shows very
	 different situation.)

 9.2 Shmem
	Historically, memcg's shmem handling was poor and we saw some amount
	of troubles here. This is because shmem is page-cache but can be
	SwapCache. Test with shmem/tmpfs is always good test.

 9.3 Migration
	For NUMA, migration is an another special case. To do easy test, cpuset
	is useful. Following is a sample script to do migration.

	mount -t cgroup -o cpuset none /opt/cpuset

	mkdir /opt/cpuset/01
	echo 1 > /opt/cpuset/01/cpuset.cpus
	echo 0 > /opt/cpuset/01/cpuset.mems
	echo 1 > /opt/cpuset/01/cpuset.memory_migrate
	mkdir /opt/cpuset/02
	echo 1 > /opt/cpuset/02/cpuset.cpus
	echo 1 > /opt/cpuset/02/cpuset.mems
	echo 1 > /opt/cpuset/02/cpuset.memory_migrate

	In above set, when you moves a task from 01 to 02, page migration to
	node 0 to node 1 will occur. Following is a script to migrate all
	under cpuset.
	--
	move_task()
	{
	for pid in $1
        do
                /bin/echo $pid >$2/tasks 2>/dev/null
		echo -n $pid
		echo -n " "
        done
	echo END
	}

	G1_TASK=`cat ${G1}/tasks`
	G2_TASK=`cat ${G2}/tasks`
	move_task "${G1_TASK}" ${G2} &
	--
 9.4 Memory hotplug.
	memory hotplug test is one of good test.
	to offline memory, do following.
	# echo offline > /sys/devices/system/memory/memoryXXX/state
	(XXX is the place of memory)
	This is an easy way to test page migration, too.

 9.5 mkdir/rmdir
	When using hierarchy, mkdir/rmdir test should be done.
	Use tests like the following.

	echo 1 >/opt/cgroup/01/memory/use_hierarchy
	mkdir /opt/cgroup/01/child_a
	mkdir /opt/cgroup/01/child_b

	set limit to 01.
	add limit to 01/child_b
	run jobs under child_a and child_b

	create/delete following groups at random while jobs are running.
	/opt/cgroup/01/child_a/child_aa
	/opt/cgroup/01/child_b/child_bb
	/opt/cgroup/01/child_c

	running new jobs in new group is also good.

 9.6 Mount with other subsystems.
	Mounting with other subsystems is a good test because there is a
	race and lock dependency with other cgroup subsystems.

	example)
	# mount -t cgroup none /cgroup -t cpuset,memory,cpu,devices

	and do task move, mkdir, rmdir etc...under this.

 9.7 swapoff.
	Besides management of swap is one of complicated parts of memcg,
	call path of swap-in at swapoff is not same as usual swap-in path..
	It's worth to be tested explicitly.

	For example, test like following is good.
	(Shell-A)
	# mount -t cgroup none /cgroup -t memory
	# mkdir /cgroup/test
	# echo 40M > /cgroup/test/memory.limit_in_bytes
	# echo 0 > /cgroup/test/tasks
	Run malloc(100M) program under this. You'll see 60M of swaps.
	(Shell-B)
	# move all tasks in /cgroup/test to /cgroup
	# /sbin/swapoff -a
	# rmdir /cgroup/test
	# kill malloc task.

	Of course, tmpfs v.s. swapoff test should be tested, too.

 9.8 OOM-Killer
	Out-of-memory caused by memcg's limit will kill tasks under
	the memcg. When hierarchy is used, a task under hierarchy
	will be killed by the kernel.
	In this case, panic_on_oom shouldn't be invoked and tasks
	in other groups shouldn't be killed.

	It's not difficult to cause OOM under memcg as following.
	Case A) when you can swapoff
	#swapoff -a
	#echo 50M > /memory.limit_in_bytes
	run 51M of malloc

	Case B) when you use mem+swap limitation.
	#echo 50M > memory.limit_in_bytes
	#echo 50M > memory.memsw.limit_in_bytes
	run 51M of malloc