New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Question: does Docker / LXC de-duplicate memory? If not, is it feasible? #7950
Comments
I did just find this: http://en.wikipedia.org/wiki/Kernel_SamePage_Merging_(KSM) |
From #docker @ irc.freenode.net:
|
More from #docker @ irc.freenode.net:
|
Each container has it's own IPC namespace so certain things are not shared between the container. See: http://lwn.net/Articles/187274/ and http://man7.org/linux/man-pages/man7/svipc.7.html as it applies to containers in their own IPC namespaces. |
We can probably move this conversation to the mailing list as we try to keep the github issues for issues. |
So actually deduplication also works for containers, right? When only 1 container is running, only 4 pages are in the
|
SELF-RESOLVED, deduplication works for aufs and overlayfs, but not work for devicemapper or btrfs. Sorry for bothering. |
@AkihiroSuda do you think we should mention it (or mention it more explicitly) in our storage driver section? https://docs.docker.com/engine/userguide/storagedriver/imagesandcontainers/ |
It seems already mentioned 😄 https://docs.docker.com/engine/userguide/storagedriver/btrfs-driver/
https://docs.docker.com/engine/userguide/storagedriver/device-mapper-driver/
Perhaps it will be much more understandable if there is a table about this in https://docs.docker.com/engine/userguide/storagedriver/selectadriver/ |
Yes, I was thinking something like that; could you open an issue for that? (perhaps with a proposal as to what data you'd like to see in that table)? |
Just note, the original question for this Issue was whether memory (e.g. RAM and swap) was deduplicated or not. For example, if I run the same container twice, do I end up with 2 copies of glibc in memory? It is good to share experiments for persistent storage and different filesystems, however, cheers. |
@thaJeztah |
@jokeyrhyme
The answer for this original question is "It depends on the filesystem" for identical files on the same image, "No" for other things.
So, the answer is "Yes" if you are using BtrFS or devicemapper, "No" if you are using AUFS or OverlayFS (or perhaps ZFS) |
@AkihiroSuda I fail to see why you keep talking about filesystems; this issue is about memory (KSM). @ others: you may consider KSM not having suported is maybe not that bad: http://arstechnica.com/security/2016/08/new-attack-steals-private-crypto-keys-by-corrupting-data-in-computer-memory/ (updated rowhammer attack on KSM VMs) |
@grinapo
https://docs.docker.com/engine/userguide/storagedriver/btrfs-driver/
|
@grinapo: I think you are right in pointing out that the original question was about shared memory pages not only for the RW layer of the UNION file system, but also for the real RAM. I just have come across the following links:
I am not sure, whether LCD/LXC and/or Docker/LXC make use of this feature, though... |
If you have a docker host running on top of a hypervisor, then it should be possible for either the docker host or the hypervisor to do memory deduplication and compression. |
Hi |
ksm needs explicit syscall, madvise(..., MADV_MERGEABLE) to work; so ksm can not work here I suppose. But it could be interesting if someone figures out a mechanism to enable this. |
That is what I was hoping for, a way to force it to assume |
Note that KSM is only for private pages anyway, not page cache pages. |
not true anymore, as there is prctl() now and also support for KSM in systemd https://lwn.net/Articles/953141/ "That is where the prctl() flag, which was added for 6.4, came from. At the same time, systemd was modified to add the MemoryKSM parameter to enable KSM for a systemd service. The advantage of this approach is that the application code does not need to change at all to take advantage of KSM." does that perhaps mean we can now enable KSM by simply adding MemoryKSM param to container/docker systemd service configuration file ? |
Had an interesting question posed by a coworker today: if multiple containers make use of the same shared libraries, do they occupy multiple copies in memory?
I know that de-duplication can be done at the file-system level if you use Btrfs, etc. Does the Linux kernel have such a feature for memory? If so, to what degree is this feature in operation when similar containers are in use?
The text was updated successfully, but these errors were encountered: