Hi Tejun, On Fri, Apr 17, 2020 at 3:59 PM Tejun Heo <tj@xxxxxxxxxx> wrote: > > Hello, Shakeel. > > On Fri, Apr 17, 2020 at 02:51:09PM -0700, Shakeel Butt wrote: > > > > In this example does 'B' have memory.high and memory.max set and by A > > > > > > B doesn't have anything set. > > > > > > > having no other restrictions, I am assuming you meant unlimited high > > > > and max for A? Can 'A' use memory.min? > > > > > > Sure, it can but 1. the purpose of the example is illustrating the > > > imcompleteness of the existing mechanism > > > > I understand but is this a real world configuration people use and do > > we want to support the scenario where without setting high/max, the > > kernel still guarantees the isolation. > > Yes, that's the configuration we're deploying fleet-wide and at least the > direction I'm gonna be pushing towards for reasons of generality and ease of > use. > > Here's an example to illustrate the point - consider distros or upstream > desktop environments wanting to provide basic resource configuration to > protect user sessions and critical system services needed for user > interaction by default. That is something which is clearly and immediately > useful but also is extremely challenging to achieve with limits. > > There are no universally good enough upper limits. Any one number is gonna > be both too high to guarantee protection and too low for use cases which > legitimately need that much memory. That's because the upper limits aren't > work-conserving and have a high chance of doing harm when misconfigured > making figuring out the correct configuration almost impossible with > per-use-case manual tuning. > > The whole idea behind memory.low and related efforts is resolving that > problem by making memory control more work-conserving and forgiving, so that > users can say something like "I want the user session to have at least 25% > memory protected if needed and possible" and get most of the benefits of > carefully crafted configuration. We're already deploying such configuration > and it works well enough for a wide variety of workloads. > I got the high level vision but I am very skeptical that in terms of memory and performance isolation this can provide anything better than best effort QoS which might be good enough for desktop users. However, for a server environment where multiple latency sensitive interactive jobs are co-hosted with multiple batch jobs and the machine's memory may be over-committed, this is a recipe for disaster. The only scenario where I think it might work is if there is only one job running on the machine. I do agree that finding the right upper limit is a challenge. For us, we have two types of users, first, who knows exactly how much resources they want and second ask us to set the limits appropriately. We have a ML/history based central system to dynamically set and adjust limits for jobs of such users. Coming back to this path series, to me, it seems like the patch series is contrary to the vision you are presenting. Though the users are not setting memory.[high|max] but they are setting swap.max and this series is asking to set one more tunable i.e. swap.high. The approach more consistent with the presented vision is to throttle or slow down the allocators when the system swap is near full and there is no need to set swap.max or swap.high. thanks, Shakeel
