Hi, On Fri, 2021-05-21 at 15:25 +0300, Andrei Borzenkov wrote: > systemd offers MemoryLow for an individual units. It actually sets > memory.low cgroup attribute, so this is OK. The problem is according to > kernel dcouemtation, memory.low is limited by value set in parent > cgroup and all parent cgroups have memory.low=0: > > /sys/fs/cgroup/user.slice/user-1001.slice/user@1001.service/gnome- > shell-wayland.service/memory.low:536870912 > /sys/fs/cgroup/user.slice/user-1001.slice/user@1001.service/memory.low: > 0 > /sys/fs/cgroup/user.slice/user-1001.slice/memory.low:0 > /sys/fs/cgroup/user.slice/memory.low:0 > > which implies setting on lead cgroup has no effect. > > Is it necessary to explicitly set it on every ancestor? There is no > clarification in systemd documentation and value is applied without any > warning.
Yes, you need to set it on all ancestors, and the documentation mentions this: """ For a protection to be effective, it is generally required to set a corresponding allocation on all ancestors, which is then distributed between children (with the exception of the root slice). Any MemoryMin= or MemoryLow= allocation that is not explicitly distributed to specific children is used to create a shared protection for all children. As this is a shared protection, the children will freely compete for the memory. """ Depending on the kernel versions there may be some other caveats: """ Units may have their children use a default "memory.min" or "memory.low" value by specifying DefaultMemoryMin= or DefaultMemoryLow=, which has the same semantics as MemoryMin= and MemoryLow=. This setting does not affect "memory.min" or "memory.low" in the unit itself. Using it to set a default child allocation is only useful on kernels older than 5.7, which do not support the "memory_recursiveprot" cgroup2 mount option. """ You need to configure it correctly in various locations. Personally, I would suggest taking a look at uresourced[1]. It will correctly set a configurable memory protection, enables some other cgroup features and tracks the currently active user. Fedora is shipping it by default and it appears to work well there. Benjamin [1] https://gitlab.freedesktop.org/benzea/uresourced and https://lwn.net/Articles/829567/
signature.asc
Description: This is a digitally signed message part
_______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
