Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8146115

physical memory does not see Docker resource limits

    Details

    • Type: Enhancement
    • Status: Open
    • Priority: P3
    • Resolution: Unresolved
    • Affects Version/s: 9
    • Fix Version/s: 10
    • Component/s: hotspot
    • Labels:
      None
    • Environment:

      Docker container

    • Subcomponent:
    • CPU:
      x86
    • OS:
      linux

      Description

      Internal team reported that physical memory and CPU do not reflect Docker resource limits.
      This should be fixed in 9 and back ported to 8.

        Issue Links

          Activity

          Hide
          dholmes David Holmes added a comment -
          I just came across this:

             /proc/[pid]/ns/cgroup (since Linux 4.6)
                        This file is a handle for the cgroup namespace of the process.

          which might be a simpler way to find the cgroup entries of the current process. But not if the rest of the path is arbitrarily constructed by the cgroup "administrator".
          Show
          dholmes David Holmes added a comment - I just came across this:    /proc/[pid]/ns/cgroup (since Linux 4.6)               This file is a handle for the cgroup namespace of the process. which might be a simpler way to find the cgroup entries of the current process. But not if the rest of the path is arbitrarily constructed by the cgroup "administrator".
          Hide
          dholmes David Holmes added a comment -
          Not sure if this actually gives us anything useful:

          $ ls -l /proc/7600/ns
          total 0
          lrwxrwxrwx 1 gtee uucp 0 May 4 04:28 cgroup -> cgroup:[4026531835]
          lrwxrwxrwx 1 gtee uucp 0 May 4 04:28 ipc -> ipc:[4026531839]
          lrwxrwxrwx 1 gtee uucp 0 May 4 04:28 mnt -> mnt:[4026531840]
          lrwxrwxrwx 1 gtee uucp 0 May 4 04:28 net -> net:[4026531957]
          lrwxrwxrwx 1 gtee uucp 0 May 4 04:28 pid -> pid:[4026531836]
          lrwxrwxrwx 1 gtee uucp 0 May 4 04:28 user -> user:[4026531837]
          lrwxrwxrwx 1 gtee uucp 0 May 4 04:28 uts -> uts:[4026531838]
          gtee@spb23500:~$ ls -l /proc/7600/ns/cgroup
          lrwxrwxrwx 1 gtee uucp 0 May 4 04:28 /proc/7600/ns/cgroup -> cgroup:[4026531835]
          $ ls -l /proc/7600/ns/cgroup/
          ls: cannot access '/proc/7600/ns/cgroup/': Not a directory
          $ cat /proc/7600/ns/cgroup
          cat: /proc/7600/ns/cgroup: Invalid argument
          Show
          dholmes David Holmes added a comment - Not sure if this actually gives us anything useful: $ ls -l /proc/7600/ns total 0 lrwxrwxrwx 1 gtee uucp 0 May 4 04:28 cgroup -> cgroup:[4026531835] lrwxrwxrwx 1 gtee uucp 0 May 4 04:28 ipc -> ipc:[4026531839] lrwxrwxrwx 1 gtee uucp 0 May 4 04:28 mnt -> mnt:[4026531840] lrwxrwxrwx 1 gtee uucp 0 May 4 04:28 net -> net:[4026531957] lrwxrwxrwx 1 gtee uucp 0 May 4 04:28 pid -> pid:[4026531836] lrwxrwxrwx 1 gtee uucp 0 May 4 04:28 user -> user:[4026531837] lrwxrwxrwx 1 gtee uucp 0 May 4 04:28 uts -> uts:[4026531838] gtee@spb23500 :~$ ls -l /proc/7600/ns/cgroup lrwxrwxrwx 1 gtee uucp 0 May 4 04:28 /proc/7600/ns/cgroup -> cgroup:[4026531835] $ ls -l /proc/7600/ns/cgroup/ ls: cannot access '/proc/7600/ns/cgroup/': Not a directory $ cat /proc/7600/ns/cgroup cat: /proc/7600/ns/cgroup: Invalid argument
          Hide
          bobv Bob Vandette added a comment -
          Here's one way I've found to accomplish this:

          1. Find out where the cgroup file system is mounted.

          % mount | grep cgroup | grep memory

          cgroup on /sys/fs/cgroup/memory type cgroup (rw,nosuid,nodev,noexec,relatime,memory)

          2. Examine the memory.limit_in_bytes contents stored in the cgroup memory file system

          more /sys/fs/cgroup/memory/memory.limit_in_bytes
          5242880

          Show
          bobv Bob Vandette added a comment - Here's one way I've found to accomplish this: 1. Find out where the cgroup file system is mounted. % mount | grep cgroup | grep memory cgroup on /sys/fs/cgroup/memory type cgroup (rw,nosuid,nodev,noexec,relatime,memory) 2. Examine the memory.limit_in_bytes contents stored in the cgroup memory file system more /sys/fs/cgroup/memory/memory.limit_in_bytes 5242880
          Hide
          dholmes David Holmes added a comment -
          The problem is that there may not be a single cgroup filesystem to examine - the UseCGroupMemoryLimitForHeap flag already examines the "default" /sys/fs/cgroup location.

          What we want/need/desire is a simple way to find the cgroup information for the current process.
          Show
          dholmes David Holmes added a comment - The problem is that there may not be a single cgroup filesystem to examine - the UseCGroupMemoryLimitForHeap flag already examines the "default" /sys/fs/cgroup location. What we want/need/desire is a simple way to find the cgroup information for the current process.
          Hide
          bobv Bob Vandette added a comment - - edited
          Attached is a program that demonstrates a more robust way of extracting cgroup configuration data for memory and cpuset subsystems. It also shows how to determine if cgroup v1 versus v2 is operating.
          Show
          bobv Bob Vandette added a comment - - edited Attached is a program that demonstrates a more robust way of extracting cgroup configuration data for memory and cpuset subsystems. It also shows how to determine if cgroup v1 versus v2 is operating.

            People

            • Assignee:
              bobv Bob Vandette
              Reporter:
              acorn Karen Kinnear
            • Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

              Dates

              • Created:
                Updated: