| Message ID | 20230517032032.76334-1-chengkaitao@didiglobal.com (mailing list archive) |
|---|---|
| Headers | show |
| Series | memcontrol: support cgroup level OOM protection | expand |
+David Rientjes On Tue, May 16, 2023 at 8:20 PM chengkaitao <chengkaitao@didiglobal.com> wrote: > > Establish a new OOM score algorithm, supports the cgroup level OOM > protection mechanism. When an global/memcg oom event occurs, we treat > all processes in the cgroup as a whole, and OOM killers need to select > the process to kill based on the protection quota of the cgroup. > > Here is a more detailed comparison and introduction of the old > oom_score_adj mechanism and the new oom_protect mechanism, > > 1. The regulating granularity of oom_protect is smaller than that of > oom_score_adj. On a 512G physical machine, the minimum granularity > adjusted by oom_score_adj is 512M, and the minimum granularity > adjusted by oom_protect is one page (4K) > 2. It may be simple to create a lightweight parent process and uniformly > set the oom_score_adj of some important processes, but it is not a > simple matter to make multi-level settings for tens of thousands of > processes on the physical machine through the lightweight parent > processes. We may need a huge table to record the value of oom_score_adj > maintained by all lightweight parent processes, and the user process > limited by the parent process has no ability to change its own > oom_score_adj, because it does not know the details of the huge > table. on the other hand, we have to set the common parent process' > oom_score_adj, before it forks all children processes. We must strictly > follow this setting sequence, and once oom_score_adj is set, it cannot > be changed. To sum up, it is very difficult to apply oom_score_adj in > other situations. The new patch adopts the cgroup mechanism. It does not > need any parent process to manage oom_score_adj. the settings between > each memcg are independent of each other, making it easier to plan the > OOM order of all processes. Due to the unique nature of memory > resources, current Service cloud vendors are not oversold in memory > planning. I would like to use the new patch to try to achieve the > possibility of oversold memory resources. > 3. I conducted a test and deployed an excessive number of containers on > a physical machine, By setting the oom_score_adj value of all processes > in the container to a positive number through dockerinit, even processes > that occupy very little memory in the container are easily killed, > resulting in a large number of invalid kill behaviors. If dockerinit is > also killed unfortunately, it will trigger container self-healing, and > the container will rebuild, resulting in more severe memory > oscillations. The new patch abandons the behavior of adding an equal > amount of oom_score_adj to each process in the container and adopts a > shared oom_protect quota for all processes in the container. If a > process in the container is killed, the remaining other processes will > receive more oom_protect quota, making it more difficult for the > remaining processes to be killed. In my test case, the new patch reduced > the number of invalid kill behaviors by 70%. > 4. oom_score_adj is a global configuration that cannot achieve a kill > order that only affects a certain memcg-oom-killer. However, the > oom_protect mechanism inherits downwards (If the oom_protect quota of > the parent cgroup is less than the sum of sub-cgroups oom_protect quota, > the oom_protect quota of each sub-cgroup will be proportionally reduced. > If the oom_protect quota of the parent cgroup is greater than the sum of > sub-cgroups oom_protect quota, the oom_protect quota of each sub-cgroup > will be proportionally increased). The purpose of doing so is that users > can set oom_protect quota according to their own needs, and the system > management process can set appropriate oom_protect quota on the parent > memcg as the final cover. If the oom_protect of the parent cgroup is 0, > the kill order of memcg-oom or global-ooms will not be affected by user > specific settings. > 5. Per-process accounting does not count shared memory, similar to > active page cache, which also increases the probability of OOM-kill. > However, the memcg accounting may be more reasonable, as its memory > statistics are more comprehensive. In the new patch, all the shared > memory will also consume the oom_protect quota of the memcg, and the > process's oom_protect quota of the memcg will decrease, the probability > of they being killed will increase. > 6. In the final discussion of patch v2, we discussed that although the > adjustment range of oom_score_adj is [-1000,1000], but essentially it > only allows two usecases(OOM_SCORE_ADJ_MIN, OOM_SCORE_ADJ_MAX) reliably. > Everything in between is clumsy at best. In order to solve this problem > in the new patch, I introduced a new indicator oom_kill_inherit, which > counts the number of times the local and child cgroups have been > selected by the OOM killer of the ancestor cgroup. oom_kill_inherit > maintains a negative correlation with memory.oom.protect, so we have a > ruler to measure the optimal value of memory.oom.protect. By observing > the proportion of oom_kill_inherit in the parent cgroup, I can > effectively adjust the value of oom_protect to achieve the best. > > Changelog: > v4: > * Fix warning: overflow in expression. (patch 1) > * Supplementary commit information. (patch 0) > v3: > * Add "auto" option for memory.oom.protect. (patch 1) > * Fix division errors. (patch 1) > * Add observation indicator oom_kill_inherit. (patch 2) > https://lore.kernel.org/linux-mm/20230506114948.6862-1-chengkaitao@didiglobal.com/ > v2: > * Modify the formula of the process request memcg protection quota. > https://lore.kernel.org/linux-mm/20221208034644.3077-1-chengkaitao@didiglobal.com/ > v1: > https://lore.kernel.org/linux-mm/20221130070158.44221-1-chengkaitao@didiglobal.com/ > > chengkaitao (2): > mm: memcontrol: protect the memory in cgroup from being oom killed > memcg: add oom_kill_inherit event indicator > > Documentation/admin-guide/cgroup-v2.rst | 29 ++++- > fs/proc/base.c | 17 ++- > include/linux/memcontrol.h | 46 +++++++- > include/linux/oom.h | 3 +- > include/linux/page_counter.h | 6 + > mm/memcontrol.c | 199 ++++++++++++++++++++++++++++++++ > mm/oom_kill.c | 25 ++-- > mm/page_counter.c | 30 +++++ > 8 files changed, 334 insertions(+), 21 deletions(-) > > -- > 2.14.1 > > Perhaps this is only slightly relevant, but at Google we do have a different per-memcg approach to protect from OOM kills, or more specifically tell the kernel how we would like the OOM killer to behave. We define an interface called memory.oom_score_badness, and we also allow it to be specified per-process through a procfs interface, similar to oom_score_adj. These scores essentially tell the OOM killer the order in which we prefer memcgs to be OOM'd, and the order in which we want processes in the memcg to be OOM'd. By default, all processes and memcgs start with the same score. Ties are broken based on the rss of the process or the usage of the memcg (prefer to kill the process/memcg that will free more memory) -- similar to the current OOM killer. This has been brought up before in other discussions without much interest [1], but just thought it may be relevant here. [1]https://lore.kernel.org/lkml/CAHS8izN3ej1mqUpnNQ8c-1Bx5EeO7q5NOkh0qrY_4PLqc8rkHA@mail.gmail.com/#t
At 2023-05-17 14:59:06, "Yosry Ahmed" <yosryahmed@google.com> wrote: >+David Rientjes > >On Tue, May 16, 2023 at 8:20 PM chengkaitao <chengkaitao@didiglobal.com> wrote: >> >> Establish a new OOM score algorithm, supports the cgroup level OOM >> protection mechanism. When an global/memcg oom event occurs, we treat >> all processes in the cgroup as a whole, and OOM killers need to select >> the process to kill based on the protection quota of the cgroup. >> > >Perhaps this is only slightly relevant, but at Google we do have a >different per-memcg approach to protect from OOM kills, or more >specifically tell the kernel how we would like the OOM killer to >behave. > >We define an interface called memory.oom_score_badness, and we also >allow it to be specified per-process through a procfs interface, >similar to oom_score_adj. > >These scores essentially tell the OOM killer the order in which we >prefer memcgs to be OOM'd, and the order in which we want processes in >the memcg to be OOM'd. By default, all processes and memcgs start with >the same score. Ties are broken based on the rss of the process or the >usage of the memcg (prefer to kill the process/memcg that will free >more memory) -- similar to the current OOM killer. Thank you for providing a new application scenario. You have described a new per-memcg approach, but a simple introduction cannot explain the details of your approach clearly. If you could compare and analyze my patches for possible defects, or if your new approach has advantages that my patches do not have, I would greatly appreciate it. >This has been brought up before in other discussions without much >interest [1], but just thought it may be relevant here. > >[1]https://lore.kernel.org/lkml/CAHS8izN3ej1mqUpnNQ8c-1Bx5EeO7q5NOkh0qrY_4PLqc8rkHA@mail.gmail.com/#t
On Wed, May 17, 2023 at 1:01 AM 程垲涛 Chengkaitao Cheng <chengkaitao@didiglobal.com> wrote: > > At 2023-05-17 14:59:06, "Yosry Ahmed" <yosryahmed@google.com> wrote: > >+David Rientjes > > > >On Tue, May 16, 2023 at 8:20 PM chengkaitao <chengkaitao@didiglobal.com> wrote: > >> > >> Establish a new OOM score algorithm, supports the cgroup level OOM > >> protection mechanism. When an global/memcg oom event occurs, we treat > >> all processes in the cgroup as a whole, and OOM killers need to select > >> the process to kill based on the protection quota of the cgroup. > >> > > > >Perhaps this is only slightly relevant, but at Google we do have a > >different per-memcg approach to protect from OOM kills, or more > >specifically tell the kernel how we would like the OOM killer to > >behave. > > > >We define an interface called memory.oom_score_badness, and we also > >allow it to be specified per-process through a procfs interface, > >similar to oom_score_adj. > > > >These scores essentially tell the OOM killer the order in which we > >prefer memcgs to be OOM'd, and the order in which we want processes in > >the memcg to be OOM'd. By default, all processes and memcgs start with > >the same score. Ties are broken based on the rss of the process or the > >usage of the memcg (prefer to kill the process/memcg that will free > >more memory) -- similar to the current OOM killer. > > Thank you for providing a new application scenario. You have described a > new per-memcg approach, but a simple introduction cannot explain the > details of your approach clearly. If you could compare and analyze my > patches for possible defects, or if your new approach has advantages > that my patches do not have, I would greatly appreciate it. Sorry if I was not clear, I am not implying in any way that the approach I am describing is better than your patches. I am guilty of not conducting the proper analysis you are requesting. I just saw the thread and thought it might be interesting to you or others to know the approach that we have been using for years in our production. I guess the target is the same, be able to tell the OOM killer which memcgs/processes are more important to protect. The fundamental difference is that instead of tuning this based on the memory usage of the memcg (your approach), we essentially give the OOM killer the ordering in which we want memcgs/processes to be OOM killed. This maps to jobs priorities essentially. If this approach works for you (or any other audience), that's great, I can share more details and perhaps we can reach something that we can both use :) > > >This has been brought up before in other discussions without much > >interest [1], but just thought it may be relevant here. > > > >[1]https://lore.kernel.org/lkml/CAHS8izN3ej1mqUpnNQ8c-1Bx5EeO7q5NOkh0qrY_4PLqc8rkHA@mail.gmail.com/#t > > -- > Thanks for your comment! > chengkaitao >
At 2023-05-17 16:09:50, "Yosry Ahmed" <yosryahmed@google.com> wrote: >On Wed, May 17, 2023 at 1:01 AM 程垲涛 Chengkaitao Cheng ><chengkaitao@didiglobal.com> wrote: >> >> At 2023-05-17 14:59:06, "Yosry Ahmed" <yosryahmed@google.com> wrote: >> >+David Rientjes >> > >> >On Tue, May 16, 2023 at 8:20 PM chengkaitao <chengkaitao@didiglobal.com> wrote: >> >> >> >> Establish a new OOM score algorithm, supports the cgroup level OOM >> >> protection mechanism. When an global/memcg oom event occurs, we treat >> >> all processes in the cgroup as a whole, and OOM killers need to select >> >> the process to kill based on the protection quota of the cgroup. >> >> >> > >> >Perhaps this is only slightly relevant, but at Google we do have a >> >different per-memcg approach to protect from OOM kills, or more >> >specifically tell the kernel how we would like the OOM killer to >> >behave. >> > >> >We define an interface called memory.oom_score_badness, and we also >> >allow it to be specified per-process through a procfs interface, >> >similar to oom_score_adj. >> > >> >These scores essentially tell the OOM killer the order in which we >> >prefer memcgs to be OOM'd, and the order in which we want processes in >> >the memcg to be OOM'd. By default, all processes and memcgs start with >> >the same score. Ties are broken based on the rss of the process or the >> >usage of the memcg (prefer to kill the process/memcg that will free >> >more memory) -- similar to the current OOM killer. >> >> Thank you for providing a new application scenario. You have described a >> new per-memcg approach, but a simple introduction cannot explain the >> details of your approach clearly. If you could compare and analyze my >> patches for possible defects, or if your new approach has advantages >> that my patches do not have, I would greatly appreciate it. > >Sorry if I was not clear, I am not implying in any way that the >approach I am describing is better than your patches. I am guilty of >not conducting the proper analysis you are requesting. There is no perfect approach in the world, and I also seek your advice with a learning attitude. You don't need to say sorry, I should say thank you. >I just saw the thread and thought it might be interesting to you or >others to know the approach that we have been using for years in our >production. I guess the target is the same, be able to tell the OOM >killer which memcgs/processes are more important to protect. The >fundamental difference is that instead of tuning this based on the >memory usage of the memcg (your approach), we essentially give the OOM >killer the ordering in which we want memcgs/processes to be OOM >killed. This maps to jobs priorities essentially. Killing processes in order of memory usage cannot effectively protect important processes. Killing processes in a user-defined priority order will result in a large number of OOM events and still not being able to release enough memory. I have been searching for a balance between the two methods, so that their shortcomings are not too obvious. The biggest advantage of memcg is its tree topology, and I also hope to make good use of it. >If this approach works for you (or any other audience), that's great, >I can share more details and perhaps we can reach something that we >can both use :) If you have a good idea, please share more details or show some code. I would greatly appreciate it >> >> >This has been brought up before in other discussions without much >> >interest [1], but just thought it may be relevant here. >> > >> >[1]https://lore.kernel.org/lkml/CAHS8izN3ej1mqUpnNQ8c-1Bx5EeO7q5NOkh0qrY_4PLqc8rkHA@mail.gmail.com/#t -- Thanks for your comment! chengkaitao
On Wed, May 17, 2023 at 3:01 AM 程垲涛 Chengkaitao Cheng <chengkaitao@didiglobal.com> wrote: > > At 2023-05-17 16:09:50, "Yosry Ahmed" <yosryahmed@google.com> wrote: > >On Wed, May 17, 2023 at 1:01 AM 程垲涛 Chengkaitao Cheng > ><chengkaitao@didiglobal.com> wrote: > >> > >> At 2023-05-17 14:59:06, "Yosry Ahmed" <yosryahmed@google.com> wrote: > >> >+David Rientjes > >> > > >> >On Tue, May 16, 2023 at 8:20 PM chengkaitao <chengkaitao@didiglobal.com> wrote: > >> >> > >> >> Establish a new OOM score algorithm, supports the cgroup level OOM > >> >> protection mechanism. When an global/memcg oom event occurs, we treat > >> >> all processes in the cgroup as a whole, and OOM killers need to select > >> >> the process to kill based on the protection quota of the cgroup. > >> >> > >> > > >> >Perhaps this is only slightly relevant, but at Google we do have a > >> >different per-memcg approach to protect from OOM kills, or more > >> >specifically tell the kernel how we would like the OOM killer to > >> >behave. > >> > > >> >We define an interface called memory.oom_score_badness, and we also > >> >allow it to be specified per-process through a procfs interface, > >> >similar to oom_score_adj. > >> > > >> >These scores essentially tell the OOM killer the order in which we > >> >prefer memcgs to be OOM'd, and the order in which we want processes in > >> >the memcg to be OOM'd. By default, all processes and memcgs start with > >> >the same score. Ties are broken based on the rss of the process or the > >> >usage of the memcg (prefer to kill the process/memcg that will free > >> >more memory) -- similar to the current OOM killer. > >> > >> Thank you for providing a new application scenario. You have described a > >> new per-memcg approach, but a simple introduction cannot explain the > >> details of your approach clearly. If you could compare and analyze my > >> patches for possible defects, or if your new approach has advantages > >> that my patches do not have, I would greatly appreciate it. > > > >Sorry if I was not clear, I am not implying in any way that the > >approach I am describing is better than your patches. I am guilty of > >not conducting the proper analysis you are requesting. > > There is no perfect approach in the world, and I also seek your advice with > a learning attitude. You don't need to say sorry, I should say thank you. > > >I just saw the thread and thought it might be interesting to you or > >others to know the approach that we have been using for years in our > >production. I guess the target is the same, be able to tell the OOM > >killer which memcgs/processes are more important to protect. The > >fundamental difference is that instead of tuning this based on the > >memory usage of the memcg (your approach), we essentially give the OOM > >killer the ordering in which we want memcgs/processes to be OOM > >killed. This maps to jobs priorities essentially. > > Killing processes in order of memory usage cannot effectively protect > important processes. Killing processes in a user-defined priority order > will result in a large number of OOM events and still not being able to > release enough memory. I have been searching for a balance between > the two methods, so that their shortcomings are not too obvious. > The biggest advantage of memcg is its tree topology, and I also hope > to make good use of it. For us, killing processes in a user-defined priority order works well. It seems like to tune memory.oom.protect you use oom_kill_inherit to observe how many times this memcg has been killed due to a limit in an ancestor. Wouldn't it be more straightforward to specify the priority of protections among memcgs? For example, if you observe multiple memcgs being OOM killed due to hitting an ancestor limit, you will need to decide which of them to increase memory.oom.protect for more, based on their importance. Otherwise, if you increase all of them, then there is no point if all the memory is protected, right? In this case, wouldn't it be easier to just tell the OOM killer the relative priority among the memcgs? > > >If this approach works for you (or any other audience), that's great, > >I can share more details and perhaps we can reach something that we > >can both use :) > > If you have a good idea, please share more details or show some code. > I would greatly appreciate it The code we have needs to be rebased onto a different version and cleaned up before it can be shared, but essentially it is as described. (a) All processes and memcgs start with a default score. (b) Userspace can specify scores for memcgs and processes. A higher score means higher priority (aka less score gets killed first). (c) The OOM killer essentially looks for the memcg with the lowest scores to kill, then among this memcg, it looks for the process with the lowest score. Ties are broken based on usage, so essentially if all processes/memcgs have the default score, we fallback to the current OOM behavior. > > >> > >> >This has been brought up before in other discussions without much > >> >interest [1], but just thought it may be relevant here. > >> > > >> >[1]https://lore.kernel.org/lkml/CAHS8izN3ej1mqUpnNQ8c-1Bx5EeO7q5NOkh0qrY_4PLqc8rkHA@mail.gmail.com/#t > > -- > Thanks for your comment! > chengkaitao >
At 2023-05-18 04:42:12, "Yosry Ahmed" <yosryahmed@google.com> wrote: >On Wed, May 17, 2023 at 3:01 AM 程垲涛 Chengkaitao Cheng ><chengkaitao@didiglobal.com> wrote: >> >> At 2023-05-17 16:09:50, "Yosry Ahmed" <yosryahmed@google.com> wrote: >> >On Wed, May 17, 2023 at 1:01 AM 程垲涛 Chengkaitao Cheng >> ><chengkaitao@didiglobal.com> wrote: >> >> >> >> At 2023-05-17 14:59:06, "Yosry Ahmed" <yosryahmed@google.com> wrote: >> >> >+David Rientjes >> >> > >> >> >On Tue, May 16, 2023 at 8:20 PM chengkaitao <chengkaitao@didiglobal.com> wrote: >> >> >> >> >> Thank you for providing a new application scenario. You have described a >> >> new per-memcg approach, but a simple introduction cannot explain the >> >> details of your approach clearly. If you could compare and analyze my >> >> patches for possible defects, or if your new approach has advantages >> >> that my patches do not have, I would greatly appreciate it. >> > >> >Sorry if I was not clear, I am not implying in any way that the >> >approach I am describing is better than your patches. I am guilty of >> >not conducting the proper analysis you are requesting. >> >> There is no perfect approach in the world, and I also seek your advice with >> a learning attitude. You don't need to say sorry, I should say thank you. >> >> >I just saw the thread and thought it might be interesting to you or >> >others to know the approach that we have been using for years in our >> >production. I guess the target is the same, be able to tell the OOM >> >killer which memcgs/processes are more important to protect. The >> >fundamental difference is that instead of tuning this based on the >> >memory usage of the memcg (your approach), we essentially give the OOM >> >killer the ordering in which we want memcgs/processes to be OOM >> >killed. This maps to jobs priorities essentially. >> >> Killing processes in order of memory usage cannot effectively protect >> important processes. Killing processes in a user-defined priority order >> will result in a large number of OOM events and still not being able to >> release enough memory. I have been searching for a balance between >> the two methods, so that their shortcomings are not too obvious. >> The biggest advantage of memcg is its tree topology, and I also hope >> to make good use of it. > >For us, killing processes in a user-defined priority order works well. > >It seems like to tune memory.oom.protect you use oom_kill_inherit to >observe how many times this memcg has been killed due to a limit in an >ancestor. Wouldn't it be more straightforward to specify the priority >of protections among memcgs? > >For example, if you observe multiple memcgs being OOM killed due to >hitting an ancestor limit, you will need to decide which of them to >increase memory.oom.protect for more, based on their importance. >Otherwise, if you increase all of them, then there is no point if all >the memory is protected, right? If all memory in memcg is protected, its meaning is similar to that of the highest priority memcg in your approach, which is ultimately killed or never killed. >In this case, wouldn't it be easier to just tell the OOM killer the >relative priority among the memcgs? > >> >> >If this approach works for you (or any other audience), that's great, >> >I can share more details and perhaps we can reach something that we >> >can both use :) >> >> If you have a good idea, please share more details or show some code. >> I would greatly appreciate it > >The code we have needs to be rebased onto a different version and >cleaned up before it can be shared, but essentially it is as >described. > >(a) All processes and memcgs start with a default score. >(b) Userspace can specify scores for memcgs and processes. A higher >score means higher priority (aka less score gets killed first). >(c) The OOM killer essentially looks for the memcg with the lowest >scores to kill, then among this memcg, it looks for the process with >the lowest score. Ties are broken based on usage, so essentially if >all processes/memcgs have the default score, we fallback to the >current OOM behavior. If memory oversold is severe, all processes of the lowest priority memcg may be killed before selecting other memcg processes. If there are 1000 processes with almost zero memory usage in the lowest priority memcg, 1000 invalid kill events may occur. To avoid this situation, even for the lowest priority memcg, I will leave him a very small oom.protect quota. If faced with two memcgs with the same total memory usage and priority, memcg A has more processes but less memory usage per single process, and memcg B has fewer processes but more memory usage per single process, then when OOM occurs, the processes in memcg B may continue to be killed until all processes in memcg B are killed, which is unfair to memcg B because memcg A also occupies a large amount of memory. Dose your approach have these issues? Killing processes in a user-defined priority is indeed easier and can work well in most cases, but I have been trying to solve the cases that it cannot cover. -- Thanks for your comment! chengkaitao
On Wed, May 17, 2023 at 10:12 PM 程垲涛 Chengkaitao Cheng <chengkaitao@didiglobal.com> wrote: > > At 2023-05-18 04:42:12, "Yosry Ahmed" <yosryahmed@google.com> wrote: > >On Wed, May 17, 2023 at 3:01 AM 程垲涛 Chengkaitao Cheng > ><chengkaitao@didiglobal.com> wrote: > >> > >> At 2023-05-17 16:09:50, "Yosry Ahmed" <yosryahmed@google.com> wrote: > >> >On Wed, May 17, 2023 at 1:01 AM 程垲涛 Chengkaitao Cheng > >> ><chengkaitao@didiglobal.com> wrote: > >> >> > >> >> At 2023-05-17 14:59:06, "Yosry Ahmed" <yosryahmed@google.com> wrote: > >> >> >+David Rientjes > >> >> > > >> >> >On Tue, May 16, 2023 at 8:20 PM chengkaitao <chengkaitao@didiglobal.com> wrote: > >> >> >> > >> >> Thank you for providing a new application scenario. You have described a > >> >> new per-memcg approach, but a simple introduction cannot explain the > >> >> details of your approach clearly. If you could compare and analyze my > >> >> patches for possible defects, or if your new approach has advantages > >> >> that my patches do not have, I would greatly appreciate it. > >> > > >> >Sorry if I was not clear, I am not implying in any way that the > >> >approach I am describing is better than your patches. I am guilty of > >> >not conducting the proper analysis you are requesting. > >> > >> There is no perfect approach in the world, and I also seek your advice with > >> a learning attitude. You don't need to say sorry, I should say thank you. > >> > >> >I just saw the thread and thought it might be interesting to you or > >> >others to know the approach that we have been using for years in our > >> >production. I guess the target is the same, be able to tell the OOM > >> >killer which memcgs/processes are more important to protect. The > >> >fundamental difference is that instead of tuning this based on the > >> >memory usage of the memcg (your approach), we essentially give the OOM > >> >killer the ordering in which we want memcgs/processes to be OOM > >> >killed. This maps to jobs priorities essentially. > >> > >> Killing processes in order of memory usage cannot effectively protect > >> important processes. Killing processes in a user-defined priority order > >> will result in a large number of OOM events and still not being able to > >> release enough memory. I have been searching for a balance between > >> the two methods, so that their shortcomings are not too obvious. > >> The biggest advantage of memcg is its tree topology, and I also hope > >> to make good use of it. > > > >For us, killing processes in a user-defined priority order works well. > > > >It seems like to tune memory.oom.protect you use oom_kill_inherit to > >observe how many times this memcg has been killed due to a limit in an > >ancestor. Wouldn't it be more straightforward to specify the priority > >of protections among memcgs? > > > >For example, if you observe multiple memcgs being OOM killed due to > >hitting an ancestor limit, you will need to decide which of them to > >increase memory.oom.protect for more, based on their importance. > >Otherwise, if you increase all of them, then there is no point if all > >the memory is protected, right? > > If all memory in memcg is protected, its meaning is similar to that of the > highest priority memcg in your approach, which is ultimately killed or > never killed. Makes sense. I believe it gets a bit trickier when you want to describe relative ordering between memcgs using memory.oom.protect. > > >In this case, wouldn't it be easier to just tell the OOM killer the > >relative priority among the memcgs? > > > >> > >> >If this approach works for you (or any other audience), that's great, > >> >I can share more details and perhaps we can reach something that we > >> >can both use :) > >> > >> If you have a good idea, please share more details or show some code. > >> I would greatly appreciate it > > > >The code we have needs to be rebased onto a different version and > >cleaned up before it can be shared, but essentially it is as > >described. > > > >(a) All processes and memcgs start with a default score. > >(b) Userspace can specify scores for memcgs and processes. A higher > >score means higher priority (aka less score gets killed first). > >(c) The OOM killer essentially looks for the memcg with the lowest > >scores to kill, then among this memcg, it looks for the process with > >the lowest score. Ties are broken based on usage, so essentially if > >all processes/memcgs have the default score, we fallback to the > >current OOM behavior. > > If memory oversold is severe, all processes of the lowest priority > memcg may be killed before selecting other memcg processes. > If there are 1000 processes with almost zero memory usage in > the lowest priority memcg, 1000 invalid kill events may occur. > To avoid this situation, even for the lowest priority memcg, > I will leave him a very small oom.protect quota. I checked internally, and this is indeed something that we see from time to time. We try to avoid that with userspace OOM killing, but it's not 100% effective. > > If faced with two memcgs with the same total memory usage and > priority, memcg A has more processes but less memory usage per > single process, and memcg B has fewer processes but more > memory usage per single process, then when OOM occurs, the > processes in memcg B may continue to be killed until all processes > in memcg B are killed, which is unfair to memcg B because memcg A > also occupies a large amount of memory. I believe in this case we will kill one process in memcg B, then the usage of memcg A will become higher, so we will pick a process from memcg A next. > > Dose your approach have these issues? Killing processes in a > user-defined priority is indeed easier and can work well in most cases, > but I have been trying to solve the cases that it cannot cover. The first issue is relatable with our approach. Let me dig more info from our internal teams and get back to you with more details. > > -- > Thanks for your comment! > chengkaitao > >
At 2023-05-20 06:04:26, "Yosry Ahmed" <yosryahmed@google.com> wrote: >On Wed, May 17, 2023 at 10:12 PM 程垲涛 Chengkaitao Cheng ><chengkaitao@didiglobal.com> wrote: >> >> At 2023-05-18 04:42:12, "Yosry Ahmed" <yosryahmed@google.com> wrote: >> >On Wed, May 17, 2023 at 3:01 AM 程垲涛 Chengkaitao Cheng >> ><chengkaitao@didiglobal.com> wrote: >> >> >> >> At 2023-05-17 16:09:50, "Yosry Ahmed" <yosryahmed@google.com> wrote: >> >> >On Wed, May 17, 2023 at 1:01 AM 程垲涛 Chengkaitao Cheng >> >> ><chengkaitao@didiglobal.com> wrote: >> >> >> >> >> >> >> Killing processes in order of memory usage cannot effectively protect >> >> important processes. Killing processes in a user-defined priority order >> >> will result in a large number of OOM events and still not being able to >> >> release enough memory. I have been searching for a balance between >> >> the two methods, so that their shortcomings are not too obvious. >> >> The biggest advantage of memcg is its tree topology, and I also hope >> >> to make good use of it. >> > >> >For us, killing processes in a user-defined priority order works well. >> > >> >It seems like to tune memory.oom.protect you use oom_kill_inherit to >> >observe how many times this memcg has been killed due to a limit in an >> >ancestor. Wouldn't it be more straightforward to specify the priority >> >of protections among memcgs? >> > >> >For example, if you observe multiple memcgs being OOM killed due to >> >hitting an ancestor limit, you will need to decide which of them to >> >increase memory.oom.protect for more, based on their importance. >> >Otherwise, if you increase all of them, then there is no point if all >> >the memory is protected, right? >> >> If all memory in memcg is protected, its meaning is similar to that of the >> highest priority memcg in your approach, which is ultimately killed or >> never killed. > >Makes sense. I believe it gets a bit trickier when you want to >describe relative ordering between memcgs using memory.oom.protect. Actually, my original intention was not to use memory.oom.protect to achieve relative ordering between memcgs, it was just a feature that happened to be achievable. My initial idea was to protect a certain proportion of memory in memcg from being killed, and through the method, physical memory can be reasonably planned. Both the physical machine manager and container manager can add some unimportant loads beyond the oom.protect limit, greatly improving the oversold rate of memory. In the worst case scenario, the physical machine can always provide all the memory limited by memory.oom.protect for memcg. On the other hand, I also want to achieve relative ordering of internal processes in memcg, not just a unified ordering of all memcgs on physical machines. >> >In this case, wouldn't it be easier to just tell the OOM killer the >> >relative priority among the memcgs? >> > >> >> >> >> >If this approach works for you (or any other audience), that's great, >> >> >I can share more details and perhaps we can reach something that we >> >> >can both use :) >> >> >> >> If you have a good idea, please share more details or show some code. >> >> I would greatly appreciate it >> > >> >The code we have needs to be rebased onto a different version and >> >cleaned up before it can be shared, but essentially it is as >> >described. >> > >> >(a) All processes and memcgs start with a default score. >> >(b) Userspace can specify scores for memcgs and processes. A higher >> >score means higher priority (aka less score gets killed first). >> >(c) The OOM killer essentially looks for the memcg with the lowest >> >scores to kill, then among this memcg, it looks for the process with >> >the lowest score. Ties are broken based on usage, so essentially if >> >all processes/memcgs have the default score, we fallback to the >> >current OOM behavior. >> >> If memory oversold is severe, all processes of the lowest priority >> memcg may be killed before selecting other memcg processes. >> If there are 1000 processes with almost zero memory usage in >> the lowest priority memcg, 1000 invalid kill events may occur. >> To avoid this situation, even for the lowest priority memcg, >> I will leave him a very small oom.protect quota. > >I checked internally, and this is indeed something that we see from >time to time. We try to avoid that with userspace OOM killing, but >it's not 100% effective. > >> >> If faced with two memcgs with the same total memory usage and >> priority, memcg A has more processes but less memory usage per >> single process, and memcg B has fewer processes but more >> memory usage per single process, then when OOM occurs, the >> processes in memcg B may continue to be killed until all processes >> in memcg B are killed, which is unfair to memcg B because memcg A >> also occupies a large amount of memory. > >I believe in this case we will kill one process in memcg B, then the >usage of memcg A will become higher, so we will pick a process from >memcg A next. If there is only one process in memcg A and its memory usage is higher than any other process in memcg B, but the total memory usage of memcg A is lower than that of memcg B. In this case, if the OOM-killer still chooses the process in memcg A. it may be unfair to memcg A. >> Dose your approach have these issues? Killing processes in a >> user-defined priority is indeed easier and can work well in most cases, >> but I have been trying to solve the cases that it cannot cover. > >The first issue is relatable with our approach. Let me dig more info >from our internal teams and get back to you with more details. -- Thanks for your comment! chengkaitao
On Sat, May 20, 2023 at 2:52 AM 程垲涛 Chengkaitao Cheng <chengkaitao@didiglobal.com> wrote: > > At 2023-05-20 06:04:26, "Yosry Ahmed" <yosryahmed@google.com> wrote: > >On Wed, May 17, 2023 at 10:12 PM 程垲涛 Chengkaitao Cheng > ><chengkaitao@didiglobal.com> wrote: > >> > >> At 2023-05-18 04:42:12, "Yosry Ahmed" <yosryahmed@google.com> wrote: > >> >On Wed, May 17, 2023 at 3:01 AM 程垲涛 Chengkaitao Cheng > >> ><chengkaitao@didiglobal.com> wrote: > >> >> > >> >> At 2023-05-17 16:09:50, "Yosry Ahmed" <yosryahmed@google.com> wrote: > >> >> >On Wed, May 17, 2023 at 1:01 AM 程垲涛 Chengkaitao Cheng > >> >> ><chengkaitao@didiglobal.com> wrote: > >> >> >> > >> >> > >> >> Killing processes in order of memory usage cannot effectively protect > >> >> important processes. Killing processes in a user-defined priority order > >> >> will result in a large number of OOM events and still not being able to > >> >> release enough memory. I have been searching for a balance between > >> >> the two methods, so that their shortcomings are not too obvious. > >> >> The biggest advantage of memcg is its tree topology, and I also hope > >> >> to make good use of it. > >> > > >> >For us, killing processes in a user-defined priority order works well. > >> > > >> >It seems like to tune memory.oom.protect you use oom_kill_inherit to > >> >observe how many times this memcg has been killed due to a limit in an > >> >ancestor. Wouldn't it be more straightforward to specify the priority > >> >of protections among memcgs? > >> > > >> >For example, if you observe multiple memcgs being OOM killed due to > >> >hitting an ancestor limit, you will need to decide which of them to > >> >increase memory.oom.protect for more, based on their importance. > >> >Otherwise, if you increase all of them, then there is no point if all > >> >the memory is protected, right? > >> > >> If all memory in memcg is protected, its meaning is similar to that of the > >> highest priority memcg in your approach, which is ultimately killed or > >> never killed. > > > >Makes sense. I believe it gets a bit trickier when you want to > >describe relative ordering between memcgs using memory.oom.protect. > > Actually, my original intention was not to use memory.oom.protect to > achieve relative ordering between memcgs, it was just a feature that > happened to be achievable. My initial idea was to protect a certain > proportion of memory in memcg from being killed, and through the > method, physical memory can be reasonably planned. Both the physical > machine manager and container manager can add some unimportant > loads beyond the oom.protect limit, greatly improving the oversold > rate of memory. In the worst case scenario, the physical machine can > always provide all the memory limited by memory.oom.protect for memcg. > > On the other hand, I also want to achieve relative ordering of internal > processes in memcg, not just a unified ordering of all memcgs on > physical machines. For us, having a strict priority ordering-based selection is essential. We have different tiers of jobs of different importance, and a job of higher priority should not be killed before a lower priority task if possible, no matter how much memory either of them is using. Protecting memcgs solely based on their usage can be useful in some scenarios, but not in a system where you have different tiers of jobs running with strict priority ordering. > > >> >In this case, wouldn't it be easier to just tell the OOM killer the > >> >relative priority among the memcgs? > >> > > >> >> > >> >> >If this approach works for you (or any other audience), that's great, > >> >> >I can share more details and perhaps we can reach something that we > >> >> >can both use :) > >> >> > >> >> If you have a good idea, please share more details or show some code. > >> >> I would greatly appreciate it > >> > > >> >The code we have needs to be rebased onto a different version and > >> >cleaned up before it can be shared, but essentially it is as > >> >described. > >> > > >> >(a) All processes and memcgs start with a default score. > >> >(b) Userspace can specify scores for memcgs and processes. A higher > >> >score means higher priority (aka less score gets killed first). > >> >(c) The OOM killer essentially looks for the memcg with the lowest > >> >scores to kill, then among this memcg, it looks for the process with > >> >the lowest score. Ties are broken based on usage, so essentially if > >> >all processes/memcgs have the default score, we fallback to the > >> >current OOM behavior. > >> > >> If memory oversold is severe, all processes of the lowest priority > >> memcg may be killed before selecting other memcg processes. > >> If there are 1000 processes with almost zero memory usage in > >> the lowest priority memcg, 1000 invalid kill events may occur. > >> To avoid this situation, even for the lowest priority memcg, > >> I will leave him a very small oom.protect quota. > > > >I checked internally, and this is indeed something that we see from > >time to time. We try to avoid that with userspace OOM killing, but > >it's not 100% effective. > > > >> > >> If faced with two memcgs with the same total memory usage and > >> priority, memcg A has more processes but less memory usage per > >> single process, and memcg B has fewer processes but more > >> memory usage per single process, then when OOM occurs, the > >> processes in memcg B may continue to be killed until all processes > >> in memcg B are killed, which is unfair to memcg B because memcg A > >> also occupies a large amount of memory. > > > >I believe in this case we will kill one process in memcg B, then the > >usage of memcg A will become higher, so we will pick a process from > >memcg A next. > > If there is only one process in memcg A and its memory usage is higher > than any other process in memcg B, but the total memory usage of > memcg A is lower than that of memcg B. In this case, if the OOM-killer > still chooses the process in memcg A. it may be unfair to memcg A. > > >> Dose your approach have these issues? Killing processes in a > >> user-defined priority is indeed easier and can work well in most cases, > >> but I have been trying to solve the cases that it cannot cover. > > > >The first issue is relatable with our approach. Let me dig more info > >from our internal teams and get back to you with more details. > > -- > Thanks for your comment! > chengkaitao > >
At 2023-05-24 06:02:55, "Yosry Ahmed" <yosryahmed@google.com> wrote: >On Sat, May 20, 2023 at 2:52 AM 程垲涛 Chengkaitao Cheng ><chengkaitao@didiglobal.com> wrote: >> >> At 2023-05-20 06:04:26, "Yosry Ahmed" <yosryahmed@google.com> wrote: >> >On Wed, May 17, 2023 at 10:12 PM 程垲涛 Chengkaitao Cheng >> ><chengkaitao@didiglobal.com> wrote: >> >> >> >> At 2023-05-18 04:42:12, "Yosry Ahmed" <yosryahmed@google.com> wrote: >> >> >On Wed, May 17, 2023 at 3:01 AM 程垲涛 Chengkaitao Cheng >> >> ><chengkaitao@didiglobal.com> wrote: >> >> >> >> >> >> At 2023-05-17 16:09:50, "Yosry Ahmed" <yosryahmed@google.com> wrote: >> >> >> >On Wed, May 17, 2023 at 1:01 AM 程垲涛 Chengkaitao Cheng >> >> >> ><chengkaitao@didiglobal.com> wrote: >> >> >> >> >> >> >> >> >> >> Killing processes in order of memory usage cannot effectively protect >> >> >> important processes. Killing processes in a user-defined priority order >> >> >> will result in a large number of OOM events and still not being able to >> >> >> release enough memory. I have been searching for a balance between >> >> >> the two methods, so that their shortcomings are not too obvious. >> >> >> The biggest advantage of memcg is its tree topology, and I also hope >> >> >> to make good use of it. >> >> > >> >> >For us, killing processes in a user-defined priority order works well. >> >> > >> >> >It seems like to tune memory.oom.protect you use oom_kill_inherit to >> >> >observe how many times this memcg has been killed due to a limit in an >> >> >ancestor. Wouldn't it be more straightforward to specify the priority >> >> >of protections among memcgs? >> >> > >> >> >For example, if you observe multiple memcgs being OOM killed due to >> >> >hitting an ancestor limit, you will need to decide which of them to >> >> >increase memory.oom.protect for more, based on their importance. >> >> >Otherwise, if you increase all of them, then there is no point if all >> >> >the memory is protected, right? >> >> >> >> If all memory in memcg is protected, its meaning is similar to that of the >> >> highest priority memcg in your approach, which is ultimately killed or >> >> never killed. >> > >> >Makes sense. I believe it gets a bit trickier when you want to >> >describe relative ordering between memcgs using memory.oom.protect. >> >> Actually, my original intention was not to use memory.oom.protect to >> achieve relative ordering between memcgs, it was just a feature that >> happened to be achievable. My initial idea was to protect a certain >> proportion of memory in memcg from being killed, and through the >> method, physical memory can be reasonably planned. Both the physical >> machine manager and container manager can add some unimportant >> loads beyond the oom.protect limit, greatly improving the oversold >> rate of memory. In the worst case scenario, the physical machine can >> always provide all the memory limited by memory.oom.protect for memcg. >> >> On the other hand, I also want to achieve relative ordering of internal >> processes in memcg, not just a unified ordering of all memcgs on >> physical machines. > >For us, having a strict priority ordering-based selection is >essential. We have different tiers of jobs of different importance, >and a job of higher priority should not be killed before a lower >priority task if possible, no matter how much memory either of them is >using. Protecting memcgs solely based on their usage can be useful in >some scenarios, but not in a system where you have different tiers of >jobs running with strict priority ordering. If you want to run with strict priority ordering, it can also be achieved, but it may be quite troublesome. The directory structure shown below can achieve the goal. root / \ cgroup A cgroup B (protect=max) (protect=0) / \ cgroup C cgroup D (protect=max) (protect=0) / \ cgroup E cgroup F (protect=max) (protect=0) Oom kill order: F > E > C > A As mentioned earlier, "running with strict priority ordering" may be some extreme issues, that requires the manager to make a choice. >> >> >> >In this case, wouldn't it be easier to just tell the OOM killer the >> >> >relative priority among the memcgs? >> >> > >> >> >> >> >> >> >If this approach works for you (or any other audience), that's great, >> >> >> >I can share more details and perhaps we can reach something that we >> >> >> >can both use :) >> >> >> >> >> >> If you have a good idea, please share more details or show some code. >> >> >> I would greatly appreciate it >> >> > >> >> >The code we have needs to be rebased onto a different version and >> >> >cleaned up before it can be shared, but essentially it is as >> >> >described. >> >> > >> >> >(a) All processes and memcgs start with a default score. >> >> >(b) Userspace can specify scores for memcgs and processes. A higher >> >> >score means higher priority (aka less score gets killed first). >> >> >(c) The OOM killer essentially looks for the memcg with the lowest >> >> >scores to kill, then among this memcg, it looks for the process with >> >> >the lowest score. Ties are broken based on usage, so essentially if >> >> >all processes/memcgs have the default score, we fallback to the >> >> >current OOM behavior. >> >> >> >> If memory oversold is severe, all processes of the lowest priority >> >> memcg may be killed before selecting other memcg processes. >> >> If there are 1000 processes with almost zero memory usage in >> >> the lowest priority memcg, 1000 invalid kill events may occur. >> >> To avoid this situation, even for the lowest priority memcg, >> >> I will leave him a very small oom.protect quota. >> > >> >I checked internally, and this is indeed something that we see from >> >time to time. We try to avoid that with userspace OOM killing, but >> >it's not 100% effective. >> > >> >> >> >> If faced with two memcgs with the same total memory usage and >> >> priority, memcg A has more processes but less memory usage per >> >> single process, and memcg B has fewer processes but more >> >> memory usage per single process, then when OOM occurs, the >> >> processes in memcg B may continue to be killed until all processes >> >> in memcg B are killed, which is unfair to memcg B because memcg A >> >> also occupies a large amount of memory. >> > >> >I believe in this case we will kill one process in memcg B, then the >> >usage of memcg A will become higher, so we will pick a process from >> >memcg A next. >> >> If there is only one process in memcg A and its memory usage is higher >> than any other process in memcg B, but the total memory usage of >> memcg A is lower than that of memcg B. In this case, if the OOM-killer >> still chooses the process in memcg A. it may be unfair to memcg A. >> >> >> Dose your approach have these issues? Killing processes in a >> >> user-defined priority is indeed easier and can work well in most cases, >> >> but I have been trying to solve the cases that it cannot cover. >> > >> >The first issue is relatable with our approach. Let me dig more info >> >from our internal teams and get back to you with more details. -- Thanks for your comment! chengkaitao
On Thu, May 25, 2023 at 1:19 AM 程垲涛 Chengkaitao Cheng <chengkaitao@didiglobal.com> wrote: > > At 2023-05-24 06:02:55, "Yosry Ahmed" <yosryahmed@google.com> wrote: > >On Sat, May 20, 2023 at 2:52 AM 程垲涛 Chengkaitao Cheng > ><chengkaitao@didiglobal.com> wrote: > >> > >> At 2023-05-20 06:04:26, "Yosry Ahmed" <yosryahmed@google.com> wrote: > >> >On Wed, May 17, 2023 at 10:12 PM 程垲涛 Chengkaitao Cheng > >> ><chengkaitao@didiglobal.com> wrote: > >> >> > >> >> At 2023-05-18 04:42:12, "Yosry Ahmed" <yosryahmed@google.com> wrote: > >> >> >On Wed, May 17, 2023 at 3:01 AM 程垲涛 Chengkaitao Cheng > >> >> ><chengkaitao@didiglobal.com> wrote: > >> >> >> > >> >> >> At 2023-05-17 16:09:50, "Yosry Ahmed" <yosryahmed@google.com> wrote: > >> >> >> >On Wed, May 17, 2023 at 1:01 AM 程垲涛 Chengkaitao Cheng > >> >> >> ><chengkaitao@didiglobal.com> wrote: > >> >> >> >> > >> >> >> > >> >> >> Killing processes in order of memory usage cannot effectively protect > >> >> >> important processes. Killing processes in a user-defined priority order > >> >> >> will result in a large number of OOM events and still not being able to > >> >> >> release enough memory. I have been searching for a balance between > >> >> >> the two methods, so that their shortcomings are not too obvious. > >> >> >> The biggest advantage of memcg is its tree topology, and I also hope > >> >> >> to make good use of it. > >> >> > > >> >> >For us, killing processes in a user-defined priority order works well. > >> >> > > >> >> >It seems like to tune memory.oom.protect you use oom_kill_inherit to > >> >> >observe how many times this memcg has been killed due to a limit in an > >> >> >ancestor. Wouldn't it be more straightforward to specify the priority > >> >> >of protections among memcgs? > >> >> > > >> >> >For example, if you observe multiple memcgs being OOM killed due to > >> >> >hitting an ancestor limit, you will need to decide which of them to > >> >> >increase memory.oom.protect for more, based on their importance. > >> >> >Otherwise, if you increase all of them, then there is no point if all > >> >> >the memory is protected, right? > >> >> > >> >> If all memory in memcg is protected, its meaning is similar to that of the > >> >> highest priority memcg in your approach, which is ultimately killed or > >> >> never killed. > >> > > >> >Makes sense. I believe it gets a bit trickier when you want to > >> >describe relative ordering between memcgs using memory.oom.protect. > >> > >> Actually, my original intention was not to use memory.oom.protect to > >> achieve relative ordering between memcgs, it was just a feature that > >> happened to be achievable. My initial idea was to protect a certain > >> proportion of memory in memcg from being killed, and through the > >> method, physical memory can be reasonably planned. Both the physical > >> machine manager and container manager can add some unimportant > >> loads beyond the oom.protect limit, greatly improving the oversold > >> rate of memory. In the worst case scenario, the physical machine can > >> always provide all the memory limited by memory.oom.protect for memcg. > >> > >> On the other hand, I also want to achieve relative ordering of internal > >> processes in memcg, not just a unified ordering of all memcgs on > >> physical machines. > > > >For us, having a strict priority ordering-based selection is > >essential. We have different tiers of jobs of different importance, > >and a job of higher priority should not be killed before a lower > >priority task if possible, no matter how much memory either of them is > >using. Protecting memcgs solely based on their usage can be useful in > >some scenarios, but not in a system where you have different tiers of > >jobs running with strict priority ordering. > > If you want to run with strict priority ordering, it can also be achieved, > but it may be quite troublesome. The directory structure shown below > can achieve the goal. > > root > / \ > cgroup A cgroup B > (protect=max) (protect=0) > / \ > cgroup C cgroup D > (protect=max) (protect=0) > / \ > cgroup E cgroup F > (protect=max) (protect=0) > > Oom kill order: F > E > C > A This requires restructuring the cgroup hierarchy which comes with a lot of other factors, I don't think that's practically an option. > > As mentioned earlier, "running with strict priority ordering" may be > some extreme issues, that requires the manager to make a choice. We have been using strict priority ordering in our fleet for many years now and we depend on it. Some jobs are simply more important than others, regardless of their usage. > > >> > >> >> >In this case, wouldn't it be easier to just tell the OOM killer the > >> >> >relative priority among the memcgs? > >> >> > > >> >> >> > >> >> >> >If this approach works for you (or any other audience), that's great, > >> >> >> >I can share more details and perhaps we can reach something that we > >> >> >> >can both use :) > >> >> >> > >> >> >> If you have a good idea, please share more details or show some code. > >> >> >> I would greatly appreciate it > >> >> > > >> >> >The code we have needs to be rebased onto a different version and > >> >> >cleaned up before it can be shared, but essentially it is as > >> >> >described. > >> >> > > >> >> >(a) All processes and memcgs start with a default score. > >> >> >(b) Userspace can specify scores for memcgs and processes. A higher > >> >> >score means higher priority (aka less score gets killed first). > >> >> >(c) The OOM killer essentially looks for the memcg with the lowest > >> >> >scores to kill, then among this memcg, it looks for the process with > >> >> >the lowest score. Ties are broken based on usage, so essentially if > >> >> >all processes/memcgs have the default score, we fallback to the > >> >> >current OOM behavior. > >> >> > >> >> If memory oversold is severe, all processes of the lowest priority > >> >> memcg may be killed before selecting other memcg processes. > >> >> If there are 1000 processes with almost zero memory usage in > >> >> the lowest priority memcg, 1000 invalid kill events may occur. > >> >> To avoid this situation, even for the lowest priority memcg, > >> >> I will leave him a very small oom.protect quota. > >> > > >> >I checked internally, and this is indeed something that we see from > >> >time to time. We try to avoid that with userspace OOM killing, but > >> >it's not 100% effective. > >> > > >> >> > >> >> If faced with two memcgs with the same total memory usage and > >> >> priority, memcg A has more processes but less memory usage per > >> >> single process, and memcg B has fewer processes but more > >> >> memory usage per single process, then when OOM occurs, the > >> >> processes in memcg B may continue to be killed until all processes > >> >> in memcg B are killed, which is unfair to memcg B because memcg A > >> >> also occupies a large amount of memory. > >> > > >> >I believe in this case we will kill one process in memcg B, then the > >> >usage of memcg A will become higher, so we will pick a process from > >> >memcg A next. > >> > >> If there is only one process in memcg A and its memory usage is higher > >> than any other process in memcg B, but the total memory usage of > >> memcg A is lower than that of memcg B. In this case, if the OOM-killer > >> still chooses the process in memcg A. it may be unfair to memcg A. > >> > >> >> Dose your approach have these issues? Killing processes in a > >> >> user-defined priority is indeed easier and can work well in most cases, > >> >> but I have been trying to solve the cases that it cannot cover. > >> > > >> >The first issue is relatable with our approach. Let me dig more info > >> >from our internal teams and get back to you with more details. > > -- > Thanks for your comment! > chengkaitao > >