Re: [v8 0/4] cgroup-aware OOM killer

From: Michal Hocko
Date: Mon Sep 18 2017 - 02:21:03 EST


On Fri 15-09-17 14:08:07, Roman Gushchin wrote:
> On Fri, Sep 15, 2017 at 12:55:55PM -0700, David Rientjes wrote:
> > On Fri, 15 Sep 2017, Roman Gushchin wrote:
> >
> > > > But then you just enforce a structural restriction on your configuration
> > > > because
> > > > root
> > > > / \
> > > > A D
> > > > /\
> > > > B C
> > > >
> > > > is a different thing than
> > > > root
> > > > / | \
> > > > B C D
> > > >
> > >
> > > I actually don't have a strong argument against an approach to select
> > > largest leaf or kill-all-set memcg. I think, in practice there will be
> > > no much difference.
> > >
> > > The only real concern I have is that then we have to do the same with
> > > oom_priorities (select largest priority tree-wide), and this will limit
> > > an ability to enforce the priority by parent cgroup.
> > >
> >
> > Yes, oom_priority cannot select the largest priority tree-wide for exactly
> > that reason. We need the ability to control from which subtree the kill
> > occurs in ancestor cgroups. If multiple jobs are allocated their own
> > cgroups and they can own memory.oom_priority for their own subcontainers,
> > this becomes quite powerful so they can define their own oom priorities.
> > Otherwise, they can easily override the oom priorities of other cgroups.
>
> I believe, it's a solvable problem: we can require CAP_SYS_RESOURCE to set
> the oom_priority below parent's value, or something like this.

As said in other email. We can make priorities hierarchical (in the same
sense as hard limit or others) so that children cannot override their
parent.

> But it looks more complex, and I'm not sure there are real examples,
> when we have to compare memcgs, which are on different levels
> (or in different subtrees).

Well, I have given you one that doesn't sounds completely insane to me
in other email. You may need an intermediate level for other than memcg
controller. The whole concept of significance of the hierarchy level
seems really odd to me. Or am I wrong here?
--
Michal Hocko
SUSE Labs