cgroups kernel memory controller
Session information has not yet been published for this event.
One Line Summary
Kernel memory accounting (kmemcg): status, why important, why and how to use
Containers need resource management and limiting. One of such resources that was overlooked until before recently is kernel memory.
On almost all operations involving interactions with the kernel, it implicitly allocates some memory, that needs to be accounted and controlled. This is something that was present in OpenVZ kernel for more than 10 years (kmemsize user beancounter), but was only recently merged upstream by Virtuozzo engineers, in the form of kmem cgroup controller.
The topic discusses the current status of kmem controller (what is done and what is still missing), why it’s important to use it (including what sorts of attacks can be prevented) and how to use it properly and effectively from the userspace container management tools such as Docker, LXC, CoreOS etc.
kernel, memory, resource management, cgroups
Pavel Emelyanov is a core Virtuozzo and OpenVZ kernel developer working in the project for the last six years. He’s currently the kernel team leader at Parallels and manages the development of all the kernel features for OpenVZ and Parallels Virtuozzo Containers. Pavel is also a prolific mainstream kernel contributor. He holds a PhD degree in Applied Mathematics from the Moscow Institute of Physics and Technology.
OpenVZ / CRIU / Odin / Parallels
Developing free software on Linux since 1998. Working on Linux Containers since 2002. Leading the OpenVZ project since 2005.