Skip to content

Commit

Permalink
jail: Try disabling Transparent Hugepage on Linux
Browse files Browse the repository at this point in the history
Disabling Transparent Hugepage has often been the solution to solve
hard-to-diagnose instability issues and despite improvements in this
area compared to the RHEL6 era, our recommandation is still to avoid
THP to this day.

In addition to refreshing the documentation on this topic, the Linux
jail will tentatively disable THP or warn when it cannot.
  • Loading branch information
cartoush committed Sep 20, 2024
1 parent 0b938f2 commit c6d0f08
Show file tree
Hide file tree
Showing 3 changed files with 98 additions and 19 deletions.
75 changes: 68 additions & 7 deletions bin/varnishd/mgt/mgt_jail_linux.c
Original file line number Diff line number Diff line change
Expand Up @@ -48,11 +48,65 @@
#include "mgt/mgt.h"
#include "common/heritage.h"

static int
vjl_set_thp(const char *arg)
{
int val;

if (!strcmp(arg, "ignore"))
return (0);
if (!strcmp(arg, "enable"))
val = 0;
else if (!strcmp(arg, "disable"))
val = 1;
else {
ARGV_ERR(
"linux jail: unknown value '%s' for argument transparent_hugepage.\n",
arg);
}
if (prctl(PR_SET_THP_DISABLE, val, 0, 0, 0) != 0) {
MGT_Complain(C_ERR,
"Could not %s Transparent Hugepage: %s (%d)",
arg, VAS_errtxt(errno), errno);
} else {
MGT_Complain(C_INFO, "linux jail: Transparent Hugepage now %s",
prctl(PR_GET_THP_DISABLE, 0, 0, 0, 0) ?
"disabled" : "enabled");
}
return (0);
}

static int
vjl_init(char **args)
{
char **unix_args;
int ret = 0;
size_t i;

if (args == NULL) {
/* Autoconfig */
if (vjl_set_thp("disable") != 0)
return (1);
return (jail_tech_unix.init(NULL));
}

return jail_tech_unix.init(args);
for (i = 0; args[i] != NULL; i++);
unix_args = calloc(i + 1, sizeof *unix_args);
AN(unix_args);

for (i = 0; *args != NULL && ret == 0; args++) {
if (!strncmp(*args, "transparent_hugepage=", 21)) {
ret = vjl_set_thp((*args) + 21);
} else {
unix_args[i] = *args;
i++;
}
}

if (ret == 0)
ret = jail_tech_unix.init(unix_args);
free(unix_args);
return (ret);
}

static void
Expand Down Expand Up @@ -94,17 +148,24 @@ vjl_make_workdir(const char *dname, const char *what, struct vsb *vsb)

vjl_master(JAIL_MASTER_FILE);
if (statfs(dname, &info) != 0) {
if (vsb)
VSB_printf(vsb, "Could not stat working directory '%s': %s (%d)\n", dname, VAS_errtxt(errno), errno);
else
MGT_Complain(C_ERR, "Could not stat working directory '%s': %s (%d)", dname, VAS_errtxt(errno), errno);
if (vsb) {
VSB_printf(vsb,
"Could not stat working directory '%s': %s (%d)\n",
dname, VAS_errtxt(errno), errno);
} else {
MGT_Complain(C_ERR,
"Could not stat working directory '%s': %s (%d)",
dname, VAS_errtxt(errno), errno);
}
return (1);
}
if (info.f_type != TMPFS_MAGIC) {
if (vsb != NULL)
VSB_printf(vsb, "Working directory not mounted on tmpfs partition\n");
VSB_printf(vsb,
"Working directory not mounted on tmpfs partition\n");
else
MGT_Complain(C_INFO, "Working directory not mounted on tmpfs partition");
MGT_Complain(C_INFO,
"Working directory not mounted on tmpfs partition");
}
vjl_master(JAIL_MASTER_LOW);
return (0);
Expand Down
30 changes: 19 additions & 11 deletions doc/sphinx/installation/platformnotes.rst
Original file line number Diff line number Diff line change
Expand Up @@ -11,21 +11,29 @@ On some platforms it is necessary to adjust the operating system before running
Varnish on it. The systems and steps known to us are described in this section.


Transparent hugepages on Redhat Enterprise Linux 6
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Transparent Hugepage on Linux
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

On RHEL6 Transparent Hugepage kernel support is enabled by default.
This is known to cause sporadic crashes of Varnish.
On certain Linux distributions Transparent Hugepage kernel support is enabled
by default. This is known to cause instability of Varnish.

It is recommended to disable transparent hugepages on affected
systems. This can be done with
``echo never > /sys/kernel/mm/redhat_transparent_hugepage/enabled``
(runtime) or by adding "transparent_hugepage=never" to the kernel boot
line in the "/etc/grub.conf" file (persistent).
It is recommended to disable Transparent Hugepage on affected systems.
If Varnish is the only significant service running on this system, this can be
done during runtime with::

On Debian/Ubuntu systems running 3.2 kernels the default value is "madvise" and
does not need to be changed.
echo never > /sys/kernel/mm/transparent_hugepage/enabled

Alternatively, this can be persisted in your bootloader configuration by adding
``transparent_hugepage=never`` to the kernel command line.

On other systems the default value is ``madvise`` and does not need to be
changed. Either way, the Linux :ref:`ref-varnishd-opt_j` will try to disable
Transparent Hugepage in the ``varnishd`` process.

The general recommendation is to mount the working directory in a ``tmpfs``
partition, usually ``/var/lib/varnish``. By default tmpfs should be mounted with
Transparent Hugepage disabled. Consider mounting the working directory with the
``huge=never`` mount option if that is not the case with your OS vendor.

OpenVZ
~~~~~~
Expand Down
12 changes: 11 additions & 1 deletion doc/sphinx/reference/varnishd.rst
Original file line number Diff line number Diff line change
Expand Up @@ -454,13 +454,23 @@ specific options. Available jails are:

-j solaris,worker=basic

-j <linux[,user=`user`][,ccgroup=`group`][,workuser=`user`]>
-j <linux[,transparent_hugepage=`action`][,<unix jail option>...]>

Default on Linux platforms, it extends the UNIX jail with
Linux-specific mechanisms:

- It warns when *workdir* is not on a ``tmpfs``.
- It tries to keep the process dumpable after dropping privileges.
- It tries to disable Transparent Hugepage in ``varnishd``

The optional `transparent_hugepage` argument specifies whether Transparent
Hugepage should be enabled or not, it accepts the following values:

- ``enable`` to enable Transparent Hugepage
- ``disable`` to disable Transparent Hugepage
- ``ignore`` to leave Transparent Hugepage as-is

Failure to set or disable THP is not considered a fatal error.

-j <unix[,user=`user`][,ccgroup=`group`][,workuser=`user`]>

Expand Down

0 comments on commit c6d0f08

Please sign in to comment.