Re: [v8 0/4] cgroup-aware OOM killer

From: David Rientjes
Date: Tue Sep 19 2017 - 16:55:01 EST


On Fri, 15 Sep 2017, Roman Gushchin wrote:

> > > > But then you just enforce a structural restriction on your configuration
> > > > because
> > > > root
> > > > / \
> > > > A D
> > > > /\
> > > > B C
> > > >
> > > > is a different thing than
> > > > root
> > > > / | \
> > > > B C D
> > > >
> > >
> > > I actually don't have a strong argument against an approach to select
> > > largest leaf or kill-all-set memcg. I think, in practice there will be
> > > no much difference.
> > >
> > > The only real concern I have is that then we have to do the same with
> > > oom_priorities (select largest priority tree-wide), and this will limit
> > > an ability to enforce the priority by parent cgroup.
> > >
> >
> > Yes, oom_priority cannot select the largest priority tree-wide for exactly
> > that reason. We need the ability to control from which subtree the kill
> > occurs in ancestor cgroups. If multiple jobs are allocated their own
> > cgroups and they can own memory.oom_priority for their own subcontainers,
> > this becomes quite powerful so they can define their own oom priorities.
> > Otherwise, they can easily override the oom priorities of other cgroups.
>
> I believe, it's a solvable problem: we can require CAP_SYS_RESOURCE to set
> the oom_priority below parent's value, or something like this.
>
> But it looks more complex, and I'm not sure there are real examples,
> when we have to compare memcgs, which are on different levels
> (or in different subtrees).
>

It's actually much more complex because in our environment we'd need an
"activity manager" with CAP_SYS_RESOURCE to control oom priorities of user
subcontainers when today it need only be concerned with top-level memory
cgroups. Users can create their own hierarchies with their own oom
priorities at will, it doesn't alter the selection heuristic for another
other user running on the same system and gives them full control over the
selection in their own subtree. We shouldn't need to have a system-wide
daemon with CAP_SYS_RESOURCE be required to manage subcontainers when
nothing else requires it. I believe it's also much easier to document:
oom_priority is considered for all sibling cgroups at each level of the
hierarchy and the cgroup with the lowest priority value gets iterated.