Browse code
Check minimum kernel memory limit to be 4M
Fixes: #18405
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
Qiang Huang authored on 2015/12/09 15:26:41Showing 4 changed files
- daemon/daemon_unix.go
- docs/reference/api/docker_remote_api.md
- docs/reference/run.md
- integration-cli/docker_cli_run_unix_test.go
| ... | ... |
@@ -40,6 +40,8 @@ const ( |
| 40 | 40 |
linuxMinCPUShares = 2 |
| 41 | 41 |
linuxMaxCPUShares = 262144 |
| 42 | 42 |
platformSupported = true |
| 43 |
+ // It's not kernel limit, we want this 4M limit to supply a reasonable functional container |
|
| 44 |
+ linuxMinMemory = 4194304 |
|
| 43 | 45 |
) |
| 44 | 46 |
|
| 45 | 47 |
func getBlkioWeightDevices(config *runconfig.HostConfig) ([]*blkiodev.WeightDevice, error) {
|
| ... | ... |
@@ -194,7 +196,7 @@ func verifyPlatformContainerSettings(daemon *Daemon, hostConfig *runconfig.HostC |
| 194 | 194 |
} |
| 195 | 195 |
|
| 196 | 196 |
// memory subsystem checks and adjustments |
| 197 |
- if hostConfig.Memory != 0 && hostConfig.Memory < 4194304 {
|
|
| 197 |
+ if hostConfig.Memory != 0 && hostConfig.Memory < linuxMinMemory {
|
|
| 198 | 198 |
return warnings, fmt.Errorf("Minimum memory limit allowed is 4MB")
|
| 199 | 199 |
} |
| 200 | 200 |
if hostConfig.Memory > 0 && !sysInfo.MemoryLimit {
|
| ... | ... |
@@ -238,6 +240,9 @@ func verifyPlatformContainerSettings(daemon *Daemon, hostConfig *runconfig.HostC |
| 238 | 238 |
logrus.Warnf("Your kernel does not support kernel memory limit capabilities. Limitation discarded.")
|
| 239 | 239 |
hostConfig.KernelMemory = 0 |
| 240 | 240 |
} |
| 241 |
+ if hostConfig.KernelMemory > 0 && hostConfig.KernelMemory < linuxMinMemory {
|
|
| 242 |
+ return warnings, fmt.Errorf("Minimum kernel memory limit allowed is 4MB")
|
|
| 243 |
+ } |
|
| 241 | 244 |
if hostConfig.KernelMemory > 0 && !checkKernelVersion(4, 0, 0) {
|
| 242 | 245 |
warnings = append(warnings, "You specified a kernel memory limit on a kernel older than 4.0. Kernel memory limits are experimental on older kernels, it won't work as expected and can cause your system to be unstable.") |
| 243 | 246 |
logrus.Warnf("You specified a kernel memory limit on a kernel older than 4.0. Kernel memory limits are experimental on older kernels, it won't work as expected and can cause your system to be unstable.")
|
| ... | ... |
@@ -102,6 +102,7 @@ This section lists each version from latest to oldest. Each listing includes a |
| 102 | 102 |
* `GET /version` now returns the `BuildTime` field in RFC3339Nano format to make it |
| 103 | 103 |
consistent with other date/time values returned by the API. |
| 104 | 104 |
* `AuthConfig` now supports a `registrytoken` for token based authentication |
| 105 |
+* `POST /containers/create` now has a 4M minimum value limit for `HostConfig.KernelMemory` |
|
| 105 | 106 |
|
| 106 | 107 |
### v1.21 API changes |
| 107 | 108 |
|
| ... | ... |
@@ -619,10 +619,10 @@ container: |
| 619 | 619 |
|
| 620 | 620 |
| Option | Description | |
| 621 | 621 |
| -------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------- | |
| 622 |
-| `-m`, `--memory=""` | Memory limit (format: `<number>[<unit>]`). Number is a positive integer. Unit can be one of `b`, `k`, `m`, or `g`. | |
|
| 622 |
+| `-m`, `--memory=""` | Memory limit (format: `<number>[<unit>]`). Number is a positive integer. Unit can be one of `b`, `k`, `m`, or `g`. Minimum is 4M. | |
|
| 623 | 623 |
| `--memory-swap=""` | Total memory limit (memory + swap, format: `<number>[<unit>]`). Number is a positive integer. Unit can be one of `b`, `k`, `m`, or `g`. | |
| 624 | 624 |
| `--memory-reservation=""` | Memory soft limit (format: `<number>[<unit>]`). Number is a positive integer. Unit can be one of `b`, `k`, `m`, or `g`. | |
| 625 |
-| `--kernel-memory=""` | Kernel memory limit (format: `<number>[<unit>]`). Number is a positive integer. Unit can be one of `b`, `k`, `m`, or `g`. | |
|
| 625 |
+| `--kernel-memory=""` | Kernel memory limit (format: `<number>[<unit>]`). Number is a positive integer. Unit can be one of `b`, `k`, `m`, or `g`. Minimum is 4M. | |
|
| 626 | 626 |
| `-c`, `--cpu-shares=0` | CPU shares (relative weight) | |
| 627 | 627 |
| `--cpu-period=0` | Limit the CPU CFS (Completely Fair Scheduler) period | |
| 628 | 628 |
| `--cpuset-cpus=""` | CPUs in which to allow execution (0-3, 0,1) | |
| ... | ... |
@@ -169,10 +169,19 @@ func (s *DockerSuite) TestRunWithKernelMemory(c *check.C) {
|
| 169 | 169 |
out, err := inspectField("test1", "HostConfig.KernelMemory")
|
| 170 | 170 |
c.Assert(err, check.IsNil) |
| 171 | 171 |
c.Assert(out, check.Equals, "52428800") |
| 172 |
+} |
|
| 173 |
+ |
|
| 174 |
+func (s *DockerSuite) TestRunWithInvalidKernelMemory(c *check.C) {
|
|
| 175 |
+ testRequires(c, kernelMemorySupport) |
|
| 176 |
+ |
|
| 177 |
+ out, _, err := dockerCmdWithError("run", "--kernel-memory", "2M", "busybox", "true")
|
|
| 178 |
+ c.Assert(err, check.NotNil) |
|
| 179 |
+ expected := "Minimum kernel memory limit allowed is 4MB" |
|
| 180 |
+ c.Assert(out, checker.Contains, expected) |
|
| 172 | 181 |
|
| 173 | 182 |
out, _, err = dockerCmdWithError("run", "--kernel-memory", "-16m", "--name", "test2", "busybox", "echo", "test")
|
| 174 |
- expected := "invalid size" |
|
| 175 | 183 |
c.Assert(err, check.NotNil) |
| 184 |
+ expected = "invalid size" |
|
| 176 | 185 |
c.Assert(out, checker.Contains, expected) |
| 177 | 186 |
} |
| 178 | 187 |
|