From 98176f001863fd138025c48625eda5c5adb26972 Mon Sep 17 00:00:00 2001 From: Valentin Rothberg Date: Wed, 29 Sep 2021 10:58:27 +0200 Subject: [PATCH 1/4] libpod: do not call (*container).Spec() Access the container's spec field directly inside of libpod instead of calling Spec() which in turn creates expensive JSON deep copies. Accessing the field directly drops memory consumption of a simple podman run --rm busybox true from ~700kB to ~600kB. [NO TESTS NEEDED] Signed-off-by: Valentin Rothberg --- libpod/container.go | 2 +- libpod/container_internal.go | 4 ++-- libpod/kube.go | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/libpod/container.go b/libpod/container.go index 5c56ff036e..ffc577950b 100644 --- a/libpod/container.go +++ b/libpod/container.go @@ -1095,7 +1095,7 @@ func (c *Container) AutoRemove() bool { if spec.Annotations == nil { return false } - return c.Spec().Annotations[define.InspectAnnotationAutoremove] == define.InspectResponseTrue + return spec.Annotations[define.InspectAnnotationAutoremove] == define.InspectResponseTrue } // Timezone returns the timezone configured inside the container. diff --git a/libpod/container_internal.go b/libpod/container_internal.go index e81f2ec5fa..3f9738411e 100644 --- a/libpod/container_internal.go +++ b/libpod/container_internal.go @@ -2004,7 +2004,7 @@ func (c *Container) setupOCIHooks(ctx context.Context, config *spec.Spec) (map[s } return nil, err } - ociHooks, err := manager.Hooks(config, c.Spec().Annotations, len(c.config.UserVolumes) > 0) + ociHooks, err := manager.Hooks(config, c.config.Spec.Annotations, len(c.config.UserVolumes) > 0) if err != nil { return nil, err } @@ -2021,7 +2021,7 @@ func (c *Container) setupOCIHooks(ctx context.Context, config *spec.Spec) (map[s return nil, err } - allHooks, err = manager.Hooks(config, c.Spec().Annotations, len(c.config.UserVolumes) > 0) + allHooks, err = manager.Hooks(config, c.config.Spec.Annotations, len(c.config.UserVolumes) > 0) if err != nil { return nil, err } diff --git a/libpod/kube.go b/libpod/kube.go index d17ca1114c..f5ca74d53e 100644 --- a/libpod/kube.go +++ b/libpod/kube.go @@ -424,7 +424,7 @@ func containerToV1Container(ctx context.Context, c *Container) (v1.Container, [] // NOTE: a privileged container mounts all of /dev/*. if !c.Privileged() && len(c.config.Spec.Linux.Devices) > 0 { // TODO Enable when we can support devices and their names - kubeContainer.VolumeDevices = generateKubeVolumeDeviceFromLinuxDevice(c.Spec().Linux.Devices) + kubeContainer.VolumeDevices = generateKubeVolumeDeviceFromLinuxDevice(c.config.Spec.Linux.Devices) return kubeContainer, kubeVolumes, nil, errors.Wrapf(define.ErrNotImplemented, "linux devices") } From 30bf31010e4a6ca4247eef293a4202f6775d6ec9 Mon Sep 17 00:00:00 2001 From: Valentin Rothberg Date: Wed, 29 Sep 2021 11:16:33 +0200 Subject: [PATCH 2/4] libpod: add execSessionNoCopy To avoid creating an expensive deep copy, create an internal function to access the exec session. [NO TESTS NEEDED] Signed-off-by: Valentin Rothberg --- libpod/container.go | 17 ++++++++++++++--- libpod/container_exec.go | 2 +- 2 files changed, 15 insertions(+), 4 deletions(-) diff --git a/libpod/container.go b/libpod/container.go index ffc577950b..4d15c04c51 100644 --- a/libpod/container.go +++ b/libpod/container.go @@ -774,9 +774,9 @@ func (c *Container) ExecSessions() ([]string, error) { return ids, nil } -// ExecSession retrieves detailed information on a single active exec session in -// a container -func (c *Container) ExecSession(id string) (*ExecSession, error) { +// execSessionNoCopy returns the associated exec session to id. +// Note that the session is not a deep copy. +func (c *Container) execSessionNoCopy(id string) (*ExecSession, error) { if !c.batched { c.lock.Lock() defer c.lock.Unlock() @@ -791,6 +791,17 @@ func (c *Container) ExecSession(id string) (*ExecSession, error) { return nil, errors.Wrapf(define.ErrNoSuchExecSession, "no exec session with ID %s found in container %s", id, c.ID()) } + return session, nil +} + +// ExecSession retrieves detailed information on a single active exec session in +// a container +func (c *Container) ExecSession(id string) (*ExecSession, error) { + session, err := c.execSessionNoCopy(id) + if err != nil { + return nil, err + } + returnSession := new(ExecSession) if err := JSONDeepCopy(session, returnSession); err != nil { return nil, errors.Wrapf(err, "error copying contents of container %s exec session %s", c.ID(), session.ID()) diff --git a/libpod/container_exec.go b/libpod/container_exec.go index 1cb45a118e..f99fb7d3f0 100644 --- a/libpod/container_exec.go +++ b/libpod/container_exec.go @@ -747,7 +747,7 @@ func (c *Container) Exec(config *ExecConfig, streams *define.AttachStreams, resi return -1, err } - session, err := c.ExecSession(sessionID) + session, err := c.execSessionNoCopy(sessionID) if err != nil { if errors.Cause(err) == define.ErrNoSuchExecSession { // TODO: If a proper Context is ever plumbed in here, we From 5ea369adef6115702eb2d2e483d7c552d15a7c04 Mon Sep 17 00:00:00 2001 From: Valentin Rothberg Date: Wed, 29 Sep 2021 13:25:05 +0200 Subject: [PATCH 3/4] libpod: add GetConfigNoCopy() Add a new function to libpod to directly access the runtime configuration without creating an expensive deep copy. Further migrate a number of callers to this new function. This drops the number of calls to JSONDeepCopy from 4 to 1 in a simple `podman run --rm -d busybox top`. Future work: Please note that there are more callers of GetConfig() that can me migrated to GetConfigNoCopy(). [NO TESTS NEEDED] Signed-off-by: Valentin Rothberg --- libpod/runtime.go | 19 ++++++++++++++++--- pkg/domain/infra/abi/secrets.go | 2 +- pkg/specgen/generate/container.go | 2 +- pkg/specgen/generate/container_create.go | 2 +- 4 files changed, 19 insertions(+), 6 deletions(-) diff --git a/libpod/runtime.go b/libpod/runtime.go index 161d5a533f..27885bf5c1 100644 --- a/libpod/runtime.go +++ b/libpod/runtime.go @@ -706,19 +706,32 @@ func (r *Runtime) TmpDir() (string, error) { return r.config.Engine.TmpDir, nil } -// GetConfig returns a copy of the configuration used by the runtime -func (r *Runtime) GetConfig() (*config.Config, error) { +// GetConfig returns the configuration used by the runtime. +// Note that the returned value is not a copy and must hence +// only be used in a reading fashion. +func (r *Runtime) GetConfigNoCopy() (*config.Config, error) { r.lock.RLock() defer r.lock.RUnlock() if !r.valid { return nil, define.ErrRuntimeStopped } + return r.config, nil +} + +// GetConfig returns a copy of the configuration used by the runtime. +// Please use GetConfigNoCopy() in case you only want to read from +// but not write to the returned config. +func (r *Runtime) GetConfig() (*config.Config, error) { + rtConfig, err := r.GetConfigNoCopy() + if err != nil { + return nil, err + } config := new(config.Config) // Copy so the caller won't be able to modify the actual config - if err := JSONDeepCopy(r.config, config); err != nil { + if err := JSONDeepCopy(rtConfig, config); err != nil { return nil, errors.Wrapf(err, "error copying config") } diff --git a/pkg/domain/infra/abi/secrets.go b/pkg/domain/infra/abi/secrets.go index 2bf8eaae31..34c230e759 100644 --- a/pkg/domain/infra/abi/secrets.go +++ b/pkg/domain/infra/abi/secrets.go @@ -21,7 +21,7 @@ func (ic *ContainerEngine) SecretCreate(ctx context.Context, name string, reader // set defaults from config for the case they are not set by an upper layer // (-> i.e. tests that talk directly to the api) - cfg, err := ic.Libpod.GetConfig() + cfg, err := ic.Libpod.GetConfigNoCopy() if err != nil { return nil, err } diff --git a/pkg/specgen/generate/container.go b/pkg/specgen/generate/container.go index ae26807a92..71b8825108 100644 --- a/pkg/specgen/generate/container.go +++ b/pkg/specgen/generate/container.go @@ -54,7 +54,7 @@ func CompleteSpec(ctx context.Context, r *libpod.Runtime, s *specgen.SpecGenerat } } - rtc, err := r.GetConfig() + rtc, err := r.GetConfigNoCopy() if err != nil { return nil, err } diff --git a/pkg/specgen/generate/container_create.go b/pkg/specgen/generate/container_create.go index b6263332e9..6100e7a5b3 100644 --- a/pkg/specgen/generate/container_create.go +++ b/pkg/specgen/generate/container_create.go @@ -23,7 +23,7 @@ import ( // Returns the created, container and any warnings resulting from creating the // container, or an error. func MakeContainer(ctx context.Context, rt *libpod.Runtime, s *specgen.SpecGenerator) (*spec.Spec, *specgen.SpecGenerator, []libpod.CtrCreateOption, error) { - rtc, err := rt.GetConfig() + rtc, err := rt.GetConfigNoCopy() if err != nil { return nil, nil, nil, err } From ccff77025c4ef6907c91c42cf84e1c92b65716ba Mon Sep 17 00:00:00 2001 From: Valentin Rothberg Date: Wed, 29 Sep 2021 13:42:23 +0200 Subject: [PATCH 4/4] libpod: container create: init variable: do not deep copy spec Do not create an expensive deep copy for the provided spec.Spec when creating a container. No API should be expected to create deep copies of arguments unless explicitly documented. This removes the last call to JSONDeepCopy in a simple `podman run --rm -d busybox true`. [NO TESTS NEEDED] Signed-off-by: Valentin Rothberg --- libpod/runtime_ctr.go | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/libpod/runtime_ctr.go b/libpod/runtime_ctr.go index 93bfdd54b4..7cda9aa8ba 100644 --- a/libpod/runtime_ctr.go +++ b/libpod/runtime_ctr.go @@ -193,10 +193,7 @@ func (r *Runtime) initContainerVariables(rSpec *spec.Spec, config *ContainerConf ctr.config.LogPath = "" } - ctr.config.Spec = new(spec.Spec) - if err := JSONDeepCopy(rSpec, ctr.config.Spec); err != nil { - return nil, errors.Wrapf(err, "error copying runtime spec while creating container") - } + ctr.config.Spec = rSpec ctr.config.CreatedTime = time.Now() ctr.state.BindMounts = make(map[string]string)