config-linux: add memory.checkBeforeUpdate#1158
Merged
kolyshkin merged 1 commit intoopencontainers:mainfrom Sep 9, 2022
Merged
config-linux: add memory.checkBeforeUpdate#1158kolyshkin merged 1 commit intoopencontainers:mainfrom
kolyshkin merged 1 commit intoopencontainers:mainfrom
Conversation
This setting can be used to mimic cgroup v1 behavior on cgroup v2, when setting the new memory limit during update operation. In cgroup v1, a limit which is lower than the current usage is rejected. In cgroup v2, such a low limit is causing an OOM kill. Ref: opencontainers/runc#3509 Signed-off-by: Kir Kolyshkin <[email protected]>
kolyshkin
requested review from
crosbymichael,
cyphar,
dqminh,
giuseppe,
hqhq,
mrunalp,
tianon and
vbatts
as code owners
giuseppe
reviewed
Aug 30, 2022
mrunalp
reviewed
Aug 31, 2022
| If enabled (`true`), runtime MAY check if a new memory limit is lower than the current usage, and MUST | ||
| reject the new limit. Practically, when cgroup v1 is used, the kernel rejects the limit lower than the | ||
| current usage, and when cgroup v2 is used, an OOM killer is invoked. This setting can be used on | ||
| cgroup v2 to mimic the cgroup v1 behavior. |
Contributor
There was a problem hiding this comment.
Should we call out that there is TOCTOU race possible here and it won't be able to exactly match cgroups v1 behavior?
Contributor
Author
There was a problem hiding this comment.
To me this is an implementation detail, and this is merely a spec. In fact it should not even explain why we need it, but I guess some context would not hurt.
AkihiroSuda
approved these changes
Sep 1, 2022
utam0k
added a commit
to utam0k/oci-spec-rs
that referenced
this pull request
Sep 10, 2022
opencontainers/runtime-spec#1158 Signed-off-by: utam0k <[email protected]>
utam0k
added a commit
to utam0k/oci-spec-rs
that referenced
this pull request
Sep 10, 2022
opencontainers/runtime-spec#1158 Signed-off-by: utam0k <[email protected]>
Merged
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This setting can be used to mimic cgroup v1 behavior on cgroup v2,
when setting the new memory limit during update operation.
In cgroup v1, a limit which is lower than the current usage is rejected.
In cgroup v2, such a low limit is causing an OOM kill.
Ref: opencontainers/runc#3509