From: Xunlei Pang <xlpang@linux.alibaba.com>
To: Chris Down <chris@chrisdown.name>
Cc: Roman Gushchin <guro@fb.com>, Michal Hocko <mhocko@kernel.org>,
Johannes Weiner <hannes@cmpxchg.org>,
linux-kernel@vger.kernel.org, linux-mm@kvack.org
Subject: Re: [PATCH] memcg: Ignore unprotected parent in mem_cgroup_protected()
Date: Sun, 16 Jun 2019 19:57:01 +0800 [thread overview]
Message-ID: <89067792-2c39-bcf2-6a35-80cab101c5ac@linux.alibaba.com> (raw)
In-Reply-To: <20190616103745.GA2117@chrisdown.name>
Hi Chris,
On 2019/6/16 PM 6:37, Chris Down wrote:
> Hi Xunlei,
>
> Xunlei Pang writes:
>> docker and various types(different memory capacity) of containers
>> are managed by k8s, it's a burden for k8s to maintain those dynamic
>> figures, simply set "max" to key containers is always welcome.
>
> Right, setting "max" is generally a fine way of going about it.
>
>> Set "max" to docker also protects docker cgroup memory(as docker
>> itself has tasks) unnecessarily.
>
> That's not correct -- leaf memcgs have to _explicitly_ request memory
> protection. From the documentation:
>
> memory.low
>
> [...]
>
> Best-effort memory protection. If the memory usages of a
> cgroup and all its ancestors are below their low boundaries,
> the cgroup's memory won't be reclaimed unless memory can be
> reclaimed from unprotected cgroups.
>
> Note the part that the cgroup itself also must be within its low
> boundary, which is not implied simply by having ancestors that would
> permit propagation of protections.
>
> In this case, Docker just shouldn't request it for those Docker-related
> tasks, and they won't get any. That seems a lot simpler and more
> intuitive than special casing "0" in ancestors.
>
>> This patch doesn't take effect on any intermediate layer with
>> positive memory.min set, it requires all the ancestors having
>> 0 memory.min to work.
>>
>> Nothing special change, but more flexible to business deployment...
>
> Not so, this change is extremely "special". It violates the basic
> expectation that 0 means no possibility of propagation of protection,
> and I still don't see a compelling argument why Docker can't just set
> "max" in the intermediate cgroup and not accept any protection in leaf
> memcgs that it doesn't want protection for.
I got the reason, I'm using cgroup v1(with memory.min backport)
which permits tasks existent in "docker" cgroup.procs.
For cgroup v2, it's not a problem.
Thanks,
Xunlei
prev parent reply other threads:[~2019-06-16 11:57 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-06-15 11:17 Xunlei Pang
2019-06-15 16:08 ` Chris Down
2019-06-16 6:30 ` Xunlei Pang
2019-06-16 10:37 ` Chris Down
2019-06-16 11:57 ` Xunlei Pang [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=89067792-2c39-bcf2-6a35-80cab101c5ac@linux.alibaba.com \
--to=xlpang@linux.alibaba.com \
--cc=chris@chrisdown.name \
--cc=guro@fb.com \
--cc=hannes@cmpxchg.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mhocko@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox