Johannes Weiner writes:
Changes since v1: - improved Changelogs based on the discussion with Roman. Thanks! - fix div0 when recursive & fixed protection is combined - fix an unused compiler warning The current memory.low (and memory.min) semantics require protection to be assigned to a cgroup in an untinterrupted chain from the top-level cgroup all the way to the leaf. In practice, we want to protect entire cgroup subtrees from each other (system management software vs. workload), but we would like the VM to balance memory optimally *within* each subtree, without having to make explicit weight allocations among individual components. The current semantics make that impossible. This patch series extends memory.low/min such that the knobs apply recursively to the entire subtree. Users can still assign explicit protection to subgroups, but if they don't, the protection set by the parent cgroup will be distributed dynamically such that children compete freely - as if no memory control were enabled inside the subtree - but enjoy protection from neighboring trees.
Thanks, from experience working with these semantics in userspace, I agree that this design makes it easier to configure the protections in a way that is meaningful.
For the series: Acked-by: Chris Down <chris@xxxxxxxxxxxxxx>
Patch #1 fixes an existing bug that can give a cgroup tree more protection than it should receive as per ancestor configuration. Patch #2 simplifies and documents the existing code to make it easier to reason about the changes in the next patch. Patch #3 finally implements recursive memory protection semantics.
Just as an off-topic aside, although I'm sure you already have it in mind, we should definitely make sure to clearly point this out to those in the container management tooling space who are in the process of moving to support/default to v2. For example, I wonder about CoreOS' systemwide strategy around memory management and whether it can benefit from this.
