On Tue, Apr 21, 2020 at 06:11:38PM +0200, Michal Hocko wrote: > On Tue 21-04-20 10:27:46, Johannes Weiner wrote: > > On Tue, Apr 21, 2020 at 01:06:12PM +0200, Michal Hocko wrote: > [...] > > > I am also not sure about the isolation aspect. Because an external > > > memory pressure might have pushed out memory to the swap and then the > > > workload is throttled based on an external event. Compare that to the > > > memory.high throttling which is not directly affected by the external > > > pressure. > > > > Neither memory.high nor swap.high isolate from external pressure. > > I didn't say they do. What I am saying is that an external pressure > might punish swap.high memcg because the external memory pressure would > eat up the quota and trigger the throttling. External pressure could also push a cgroup into a swap device that happens to be very slow and cause the cgroup to be throttled that way. But that effect is actually not undesirable. External pressure means that something more important runs and needs the memory of something less important (otherwise, memory.low would deflect this intrusion). So we're punishing/deprioritizing the right cgroup here. The one that isn't protected from memory pressure. > It is fair to say that this externally triggered interference is already > possible with swap.max as well though. It would likely be just more > verbose because of the oom killer intervention rather than a slowdown. Right. > > They > > are put on cgroups so they don't cause pressure on other cgroups. Swap > > is required when either your footprint grows or your available space > > shrinks. That's why it behaves like that. > > > > That being said, I think we're getting lost in the implementation > > details before we have established what the purpose of this all > > is. Let's talk about this first. > > Thanks for describing it in the length. I have a better picture of the > intention (this should have been in the changelog ideally). I can see > how the swap consumption throttling might be useful but I still dislike the > proposed implementation. Mostly because of throttling of all allocations > regardless whether they can contribute to the swap consumption or not. I mean, even if they're not swappable, they can still contribute to swap consumption that wouldn't otherwise have been there. Each new page that comes in displaces another page at the end of the big LRU pipeline and pushes it into the mouth of reclaim - which may swap. So *every* allocation has a certain probability of increasing swap usage. The fact that we have reached swap.high is a good hint that reclaim has indeed been swapping quite aggressively to accomodate incoming allocations, and probably will continue to do so. We could check whether there are NO anon pages left in a workload, but that's such an extreme and short-lived case that it probably wouldn't make a difference in practice. We could try to come up with a model that calculates a probabilty of each new allocation to cause swap. Whether that new allocation itself is swapbacked would of course be a factor, but there are other factors as well: the millions of existing LRU pages, the reclaim decisions we will make, swappiness and so forth. Of course, I agree with you, if all you have coming in is cache allocations, you'd *eventually* run out of pages to swap. However, 10G of new active cache allocations can still cause 10G of already allocated anon pages to get swapped out. For example if a malloc() leak happened *before* the regular cache workingset is established. We cannot retro-actively throttle those anon pages, we can only keep new allocations from pushing old ones into swap.
