On Wed, Apr 30, 2014 at 02:52:38PM -0700, Andrew Morton wrote: > On Mon, 28 Apr 2014 14:26:41 +0200 Michal Hocko <mhocko@xxxxxxx> wrote: > > > Hi, > > previous discussions have shown that soft limits cannot be reformed > > (http://lwn.net/Articles/555249/). This series introduces an alternative > > approach for protecting memory allocated to processes executing within > > a memory cgroup controller. It is based on a new tunable that was > > discussed with Johannes and Tejun held during the kernel summit 2013 and > > at LSF 2014. > > > > This patchset introduces such low limit that is functionally similar > > to a minimum guarantee. Memcgs which are under their lowlimit are not > > considered eligible for the reclaim (both global and hardlimit) unless > > all groups under the reclaimed hierarchy are below the low limit when > > all of them are considered eligible. > > Permitting containers to avoid global reclaim sounds rather worrisome. > > Fairness: won't it permit processes to completely protect their memory > while everything else in the system is getting utterly pounded? We > need to consider global-vs-memcg fairness as well as memcg-vs-memgc. Yes. > Security: can this feature be used to DoS the machine? Set up enough > hierarchies which are below their low limit and we risk memory > exhaustion and swap-thrashing and oom-killings for other processes. And yes. However, setting the low limit is a priviliged operation, so I don't see how you could do worse with it than with mlock, disabling swap etc. -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>