Re: [PATCH v3 net-next 12/12] net-memcg: Decouple controlled memcg from global protocol memory accounting.
From: Kuniyuki Iwashima <kuniyu@google.com>
Date: 2025-08-13 18:43:31
Also in:
cgroups, linux-mm, mptcp
On Wed, Aug 13, 2025 at 6:00 AM Johannes Weiner [off-list ref] wrote:
On Tue, Aug 12, 2025 at 05:58:30PM +0000, Kuniyuki Iwashima wrote:quoted
If all workloads were guaranteed to be controlled under memcg, the issue could be worked around by setting tcp_mem[0~2] to UINT_MAX. In reality, this assumption does not always hold, and processes that belong to the root cgroup or opt out of memcg can consume memory up to the global limit, becoming a noisy neighbour.As per the last thread, this is not a supported usecase. Opting out of memcg coverage for individual cgroups is a self-inflicted problem and misconfiguration. There is *no* memory isolation *at all* on such containers.
I think the commit message needs to be improved, but could you read throughout the patch again ? I think you have the same misunderstanding that Shakeel had and corrected here. https://lore.kernel.org/netdev/jmbszz4m7xkw7fzolpusjesbreaczmr4i64kynbs3zcoehrkpj@lwso5soc4dh3/ (local) ---8<--- Initially, I thought the series introduced multiple modes, including an option to exclude network memory from memcg accounting. However, if I understand correctly, that is not the case—the opt-out applies only to the global TCP/UDP accounting. That’s a relief, and I apologize for the misunderstanding. ---8<--- This patch does NOT change how memcg is applied to sockets but changes how _another_ memory accounting in the networking layer is applied to sockets. Currently, memcg AND the other mem accounting are applied to socket buffers. With/without this patch, memcg is _always_ applied to socket buffers. Also, there is _no_ behavioural change for _uncontrolled containers_ that have been subject to the two memory accounting. This behaviour hasn't been changed since you added memcg support for the networking stack in e805605c72102, and we want to _preserve_ this behaviour. This change stop double-charging by opting out of _the networking layer one_ because it interferes with memcg and complicates configuration of memory.max and the global networking limit.
Maybe their socket buffers is the only thing that happens to matter to *you*, but this is in no way a generic, universal, upstreamable solution. Knob or auto-detection is not the issue. Nacked-by: Johannes Weiner [off-list ref]
Please let me know if this nack still applies with the explanation above.