On Wed, Apr 30, 2014 at 02:52:38PM -0700, Andrew Morton wrote: > On Mon, 28 Apr 2014 14:26:41 +0200 Michal Hocko <mho...@suse.cz> wrote: > > > Hi, > > previous discussions have shown that soft limits cannot be reformed > > (http://lwn.net/Articles/555249/). This series introduces an alternative > > approach for protecting memory allocated to processes executing within > > a memory cgroup controller. It is based on a new tunable that was > > discussed with Johannes and Tejun held during the kernel summit 2013 and > > at LSF 2014. > > > > This patchset introduces such low limit that is functionally similar > > to a minimum guarantee. Memcgs which are under their lowlimit are not > > considered eligible for the reclaim (both global and hardlimit) unless > > all groups under the reclaimed hierarchy are below the low limit when > > all of them are considered eligible. > > Permitting containers to avoid global reclaim sounds rather worrisome. > > Fairness: won't it permit processes to completely protect their memory > while everything else in the system is getting utterly pounded? We > need to consider global-vs-memcg fairness as well as memcg-vs-memgc.
Yes. > Security: can this feature be used to DoS the machine? Set up enough > hierarchies which are below their low limit and we risk memory > exhaustion and swap-thrashing and oom-killings for other processes. And yes. However, setting the low limit is a priviliged operation, so I don't see how you could do worse with it than with mlock, disabling swap etc. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/