git.ipfire.org Git - thirdparty/systemd.git/commit

author	Benjamin Berg <bberg@redhat.com>
	Thu, 23 Jul 2020 10:56:32 +0000 (12:56 +0200)
committer	Benjamin Berg <bberg@redhat.com>
	Wed, 19 Aug 2020 09:17:01 +0000 (11:17 +0200)
commit	56f47800d847deef0d3ffbeca5fd774e7819322b
tree	96a326b8dfc4e7a4b9ebd72cd7070468360c000a	tree \| snapshot
parent	b0073a017b01b52496933358199708a3903ff8ba	commit \| diff

mount-setup: Enable memory_recursiveprot for cgroup2

When available, enable memory_recursiveprot. Realistically it always
makes sense to delegate MemoryLow= and MemoryMin= to all children of a
slice/unit.

The kernel option is not enabled by default as it might cause
regressions in some setups. However, it is the better default in
general, and it results in a more flexible and obvious behaviour.

The alternative to using this option would be for user's to also set
DefaultMemoryLow= on slices when assigning MemoryLow=. However, this
makes the effect of MemoryLow= on some children less obvious, as it
could result in a lower protection rather than increasing it.

From the kernel documentation:

  memory_recursiveprot

        Recursively apply memory.min and memory.low protection to
        entire subtrees, without requiring explicit downward
        propagation into leaf cgroups.  This allows protecting entire
        subtrees from one another, while retaining free competition
        within those subtrees.  This should have been the default
        behavior but is a mount-option to avoid regressing setups
        relying on the original semantics (e.g. specifying bogusly
        high 'bypass' protection values at higher tree levels).

This was added in kernel commit 8a931f801340c (mm: memcontrol:
recursive memory.low protection), which became available in 5.7 and was
subsequently fixed in kernel 5.7.7 (mm: memcontrol: handle div0 crash
race condition in memory.low).