On Mon, Nov 25, 2019 at 03:21:50PM +0100, Michal Hocko wrote: > On Mon 25-11-19 22:11:15, Yafang Shao wrote: > > When there're no processes, we don't need to protect the pages. You > > can consider it as 'fault tolerance' . > > I have already tried to explain why this is a bold statement that > doesn't really hold universally and that the kernel doesn't really have > enough information to make an educated guess. I agree, this is not obviously true. And the kernel shouldn't try to guess whether the explicit userspace configuration is still desirable to userspace or not. Should we also delete the cgroup when it becomes empty for example? It's better to implement these kinds of policy decisions from userspace. There is a cgroup.events file that can be polled, and its "populated" field shows conveniently whether there are tasks in a subtree or not. You can use that to clear protection settings.
