<div dir="ltr"><div>I find this a bit confusing, is there an actual difference between setting thp_setting to 'enable' vs 'ignore' ?</div></div><br><div class="gmail_quote gmail_quote_container"><div dir="ltr" class="gmail_attr">On Fri, Feb 14, 2025 at 11:27 AM Nils Goroll <<a href="mailto:nils.goroll@uplex.de">nils.goroll@uplex.de</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><br>
commit bf84027da5f54e5b85bae47b38752722ad21cb48<br>
Author: Thibaut Artis <<a href="mailto:thibaut.artis@varnish-software.com" target="_blank">thibaut.artis@varnish-software.com</a>><br>
Date: Wed Sep 11 18:02:14 2024 +0200<br>
<br>
jail_linux: Add THP control<br>
<br>
Disabling Transparent Hugepage has often been the solution to solve<br>
hard-to-diagnose instability issues and despite improvements in this area<br>
compared to the RHEL6 era, our recommandation is still to avoid THP to this day.<br>
<br>
In addition to refreshing the documentation on this topic, we add thp control to<br>
the linux jail<br>
<br>
Committer edit:<br>
<br>
- Updated to master<br>
- Added "try-disable" option as default<br>
- Made "enable" and "disable" options fail<br>
- Ensured default gets called for -jlinux<br>
- Edited documentation<br>
- polished<br>
<br>
diff --git a/bin/varnishd/mgt/mgt_jail_linux.c b/bin/varnishd/mgt/mgt_jail_linux.c<br>
index b8f136020..2dd7f89a2 100644<br>
--- a/bin/varnishd/mgt/mgt_jail_linux.c<br>
+++ b/bin/varnishd/mgt/mgt_jail_linux.c<br>
@@ -44,12 +44,84 @@<br>
#include <sys/vfs.h><br>
<br>
#include "mgt/mgt.h"<br>
+#include "common/heritage.h"<br>
+<br>
+static int<br>
+vjl_set_thp(const char *arg, struct vsb *vsb)<br>
+{<br>
+ int r, val, must;<br>
+<br>
+ if (!strcmp(arg, "ignore"))<br>
+ return (0);<br>
+ must = 1;<br>
+ if (!strcmp(arg, "enable"))<br>
+ val = 0;<br>
+ else if (!strcmp(arg, "disable"))<br>
+ val = 1;<br>
+ else if (!strcmp(arg, "try-disable")) {<br>
+ arg = "disable";<br>
+ val = 1;<br>
+ must = 0;<br>
+ }<br>
+ else {<br>
+ VSB_printf(vsb, "linux jail: unknown value '%s' for argument"<br>
+ " transparent_hugepage.", arg);<br>
+ return (1);<br>
+ }<br>
+ r = prctl(PR_SET_THP_DISABLE, val, 0, 0, 0);<br>
+ if (r) {<br>
+ VSB_printf(vsb, "linux jail: Could not %s "<br>
+ "Transparent Hugepage: %s (%d)",<br>
+ arg, VAS_errtxt(errno), errno);<br>
+ }<br>
+ return (r && must);<br>
+}<br>
<br>
static int<br>
vjl_init(char **args)<br>
{<br>
+ struct vsb *vsb;<br>
+ char **unix_args;<br>
+ const char *val;<br>
+ int seen = 0, ret = 0;<br>
+ size_t i;<br>
+<br>
+ vsb = VSB_new_auto();<br>
+ AN(vsb);<br>
+<br>
+ if (args == NULL) {<br>
+ /* Autoconfig */<br>
+ AZ(vjl_set_thp("try-disable", vsb));<br>
+ MGT_ComplainVSB(C_INFO, vsb);<br>
+ VSB_destroy(&vsb);<br>
+ return (jail_tech_unix.init(NULL));<br>
+ }<br>
+<br>
+ for (i = 0; args[i] != NULL; i++);<br>
+ unix_args = calloc(i + 1, sizeof *unix_args);<br>
+ AN(unix_args);<br>
+<br>
+ for (i = 0; *args != NULL && ret == 0; args++) {<br>
+ val = keyval(*args, "transparent_hugepage=");<br>
+ if (val == NULL) {<br>
+ unix_args[i++] = *args;<br>
+ continue;<br>
+ }<br>
+<br>
+ ret |= vjl_set_thp(val, vsb);<br>
+ seen++;<br>
+ }<br>
+<br>
+ if (seen == 0)<br>
+ AZ(vjl_set_thp("try-disable", vsb));<br>
+<br>
+ MGT_ComplainVSB(ret ? C_ERR : C_INFO, vsb);<br>
+ VSB_destroy(&vsb);<br>
<br>
- return jail_tech_unix.init(args);<br>
+ if (ret == 0)<br>
+ ret = jail_tech_unix.init(unix_args);<br>
+ free(unix_args);<br>
+ return (ret);<br>
}<br>
<br>
static void<br>
diff --git a/doc/sphinx/installation/platformnotes.rst b/doc/sphinx/installation/platformnotes.rst<br>
index 371105ffb..3c645befc 100644<br>
--- a/doc/sphinx/installation/platformnotes.rst<br>
+++ b/doc/sphinx/installation/platformnotes.rst<br>
@@ -32,6 +32,10 @@ column, no additional action is necessary.<br>
Otherwise, consider creating a ``tmpfs`` mountpoint at *workdir*, or configure<br>
*workdir* on an existing ``tmpfs``.<br>
<br>
+The ``tmpfs`` for *workdir* should be mounted with Transparent Hugepage<br>
+disabled. Consider mounting the working directory with the ``huge=never`` mount<br>
+option if that is not the default.<br>
+<br>
Note: Very valid reasons exist for *not* following this recommendation, if you<br>
know what you are doing.<br>
<br>
@@ -55,21 +59,24 @@ See :ref:`ref-vsm` for details.<br>
<br>
.. _platform-thp:<br>
<br>
-Transparent hugepages on Redhat Enterprise Linux 6<br>
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<br>
+Transparent Hugepage on Linux<br>
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<br>
+<br>
+On certain Linux distributions Transparent Hugepage (THP) kernel support is<br>
+enabled by default. This is known to cause instabilities of Varnish.<br>
<br>
-On RHEL6 Transparent Hugepage kernel support is enabled by default.<br>
-This is known to cause sporadic crashes of Varnish.<br>
+By default, Varnish tries to disable the THP feature, but does not fail if it<br>
+can't. The ``linux`` :ref:`ref-varnishd-opt_j` offers to optionally enable,<br>
+disable or ignore THP.<br>
<br>
-It is recommended to disable transparent hugepages on affected<br>
-systems. This can be done with<br>
-``echo never > /sys/kernel/mm/redhat_transparent_hugepage/enabled``<br>
-(runtime) or by adding "transparent_hugepage=never" to the kernel boot<br>
-line in the "/etc/grub.conf" file (persistent).<br>
+Alternatively, THP can be disabled system-wide. If Varnish is the only<br>
+significant service running on this system, this can be done during runtime<br>
+with::<br>
<br>
-On Debian/Ubuntu systems running 3.2 kernels the default value is "madvise" and<br>
-does not need to be changed.<br>
+ echo never > /sys/kernel/mm/transparent_hugepage/enabled<br>
<br>
+The setting can be also be persisted in the bootloader configuration by adding<br>
+``transparent_hugepage=never`` to the kernel command line.<br>
<br>
OpenVZ<br>
~~~~~~<br>
diff --git a/doc/sphinx/reference/varnishd.rst b/doc/sphinx/reference/varnishd.rst<br>
index a3c445d14..d93721cae 100644<br>
--- a/doc/sphinx/reference/varnishd.rst<br>
+++ b/doc/sphinx/reference/varnishd.rst<br>
@@ -454,13 +454,26 @@ specific options. Available jails are:<br>
<br>
-j solaris,worker=basic<br>
<br>
--j <linux[,user=`user`][,ccgroup=`group`][,workuser=`user`]><br>
+-j <linux[,transparent_hugepage=`thp_setting`][,`unix jail option`...]><br>
<br>
Default on Linux platforms, it extends the UNIX jail with<br>
Linux-specific mechanisms:<br>
<br>
- It warns when *workdir* is not on a ``tmpfs``.<br>
- It tries to keep the process dumpable after dropping privileges.<br>
+ - It adds control over the transparent hugepage (THP) setting.<br>
+<br>
+ `thp_setting` can take these values:<br>
+<br>
+ - ``ignore``: Do nothing<br>
+ - ``enable``: Enable THP (see Note below)<br>
+ - ``disable``: Disable THP<br>
+ - ``try-disable`` (default): Try to disable, ignore failure (but emit a<br>
+ warning)<br>
+<br>
+ Note: Technically, ``enable`` is "disable the disable", so it does not<br>
+ necessarily enable THP. The setting names have been chosen to avoid a<br>
+ confusing double negation.<br>
<br>
-j <unix[,user=`user`][,ccgroup=`group`][,workuser=`user`]><br>
<br>
_______________________________________________<br>
varnish-commit mailing list<br>
<a href="mailto:varnish-commit@varnish-cache.org" target="_blank">varnish-commit@varnish-cache.org</a><br>
<a href="https://www.varnish-cache.org/lists/mailman/listinfo/varnish-commit" rel="noreferrer" target="_blank">https://www.varnish-cache.org/lists/mailman/listinfo/varnish-commit</a><br>
</blockquote></div>