From c5991341eb2f7e8cd5791424142c51306890e4dd Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Tue, 16 Sep 2025 13:08:36 +0200 Subject: [PATCH] remove support for deprecated kernel memory limit kernel-memory limits are not supported in cgroups v2, and were obsoleted in [kernel v5.4], producing a `ENOTSUP` in kernel v5.16. Support for this option was removed in runc and other runtimes, as various LTS kernels contained a broken implementation, resulting in unpredictable behavior. We deprecated this option in [moby@b8ca7de], producing a warning when used, and actively ignore the option since [moby@0798f5f]. Given that setting this option had no effect in most situations, we should just remove this option instead of continuing to handle it with the expectation that a runtime may still support it. Note that we still support RHEL 8 (kernel 4.18) and RHEL 9 (kernel 5.14). We no longer build packages for Ubuntu 20.04 (kernel 5.4) and Debian Bullseye 11 (kernel 5.10), which still have an LTS / ESM programme, but for those it would only impact situations where a runtime is used that still supports it, and an old API version was used. [kernel v5.4]: https://github.com/torvalds/linux/commit/0158115f702b0ba208ab0 [moby@b8ca7de]: https://github.com/moby/moby/commit/b8ca7de823acf572cad9becb74fd5cdac1748057 [moby@0798f5f]: https://github.com/moby/moby/commit/0798f5f5cf6908593472b21179360168cd9f4691 Signed-off-by: Sebastiaan van Stijn --- api/types/container/hostconfig.go | 3 --- api/types/system/info.go | 1 - client/container_create.go | 4 ---- daemon/container/container_unix.go | 3 --- daemon/container/container_windows.go | 1 - daemon/daemon_unix.go | 17 ----------------- daemon/daemon_windows.go | 3 --- daemon/info_unix.go | 1 - .../server/router/container/container_routes.go | 7 ------- daemon/server/router/system/system_routes.go | 3 --- daemon/update_linux.go | 3 --- pkg/sysinfo/cgroup2_linux.go | 1 - pkg/sysinfo/sysinfo.go | 6 ------ pkg/sysinfo/sysinfo_linux.go | 4 ---- .../moby/moby/api/types/container/hostconfig.go | 3 --- .../moby/moby/api/types/system/info.go | 1 - .../moby/moby/client/container_create.go | 4 ---- 17 files changed, 65 deletions(-) diff --git a/api/types/container/hostconfig.go b/api/types/container/hostconfig.go index 0fb65e1921..e04f5a3c96 100644 --- a/api/types/container/hostconfig.go +++ b/api/types/container/hostconfig.go @@ -390,9 +390,6 @@ type Resources struct { DeviceCgroupRules []string // List of rule to be added to the device cgroup DeviceRequests []DeviceRequest // List of device requests for device drivers - // KernelMemory specifies the kernel memory limit (in bytes) for the container. - // Deprecated: kernel 5.4 deprecated kmem.limit_in_bytes. - KernelMemory int64 `json:",omitempty"` KernelMemoryTCP int64 `json:",omitempty"` // Hard limit for kernel TCP buffer memory (in bytes) MemoryReservation int64 // Memory soft limit (in bytes) MemorySwap int64 // Total memory usage (memory + swap); set `-1` to enable unlimited swap diff --git a/api/types/system/info.go b/api/types/system/info.go index e9a4aa7c7f..d87f0e679d 100644 --- a/api/types/system/info.go +++ b/api/types/system/info.go @@ -21,7 +21,6 @@ type Info struct { Plugins PluginsInfo MemoryLimit bool SwapLimit bool - KernelMemory bool `json:",omitempty"` // Deprecated: kernel 5.4 deprecated kmem.limit_in_bytes KernelMemoryTCP bool `json:",omitempty"` // KernelMemoryTCP is not supported on cgroups v2. CPUCfsPeriod bool `json:"CpuCfsPeriod"` CPUCfsQuota bool `json:"CpuCfsQuota"` diff --git a/client/container_create.go b/client/container_create.go index e39c3ca937..61d76177cd 100644 --- a/client/container_create.go +++ b/client/container_create.go @@ -47,10 +47,6 @@ func (cli *Client) ContainerCreate(ctx context.Context, config *container.Config // When using API 1.24 and under, the client is responsible for removing the container hostConfig.AutoRemove = false } - if versions.GreaterThanOrEqualTo(cli.ClientVersion(), "1.42") || versions.LessThan(cli.ClientVersion(), "1.40") { - // KernelMemory was added in API 1.40, and deprecated in API 1.42 - hostConfig.KernelMemory = 0 - } if platform != nil && platform.OS == "linux" && versions.LessThan(cli.ClientVersion(), "1.42") { // When using API under 1.42, the Linux daemon doesn't respect the ConsoleSize hostConfig.ConsoleSize = [2]uint{0, 0} diff --git a/daemon/container/container_unix.go b/daemon/container/container_unix.go index 230cea7070..33ef70e9f6 100644 --- a/daemon/container/container_unix.go +++ b/daemon/container/container_unix.go @@ -302,9 +302,6 @@ func (container *Container) UpdateContainer(hostConfig *containertypes.HostConfi if resources.MemoryReservation != 0 { cResources.MemoryReservation = resources.MemoryReservation } - if resources.KernelMemory != 0 { - cResources.KernelMemory = resources.KernelMemory - } if resources.CPURealtimePeriod != 0 { cResources.CPURealtimePeriod = resources.CPURealtimePeriod } diff --git a/daemon/container/container_windows.go b/daemon/container/container_windows.go index 8de1bb6d42..6f81eb6526 100644 --- a/daemon/container/container_windows.go +++ b/daemon/container/container_windows.go @@ -155,7 +155,6 @@ func (container *Container) UpdateContainer(hostConfig *containertypes.HostConfi resources.CpusetMems != "" || len(resources.Devices) != 0 || len(resources.DeviceCgroupRules) != 0 || - resources.KernelMemory != 0 || resources.MemoryReservation != 0 || resources.MemorySwap != 0 || resources.MemorySwappiness != nil || diff --git a/daemon/daemon_unix.go b/daemon/daemon_unix.go index 2e8cc32040..96b7a11523 100644 --- a/daemon/daemon_unix.go +++ b/daemon/daemon_unix.go @@ -103,11 +103,6 @@ func getMemoryResources(config containertypes.Resources) *specs.LinuxMemory { if config.OomKillDisable != nil { memory.DisableOOMKiller = config.OomKillDisable } - - if config.KernelMemory != 0 { //nolint:staticcheck // ignore SA1019: memory.Kernel is deprecated: kernel-memory limits are not supported in cgroups v2, and were obsoleted in [kernel v5.4]. This field should no longer be used, as it may be ignored by runtimes. - memory.Kernel = &config.KernelMemory //nolint:staticcheck // ignore SA1019: memory.Kernel is deprecated: kernel-memory limits are not supported in cgroups v2, and were obsoleted in [kernel v5.4]. This field should no longer be used, as it may be ignored by runtimes. - } - if config.KernelMemoryTCP != 0 { memory.KernelTCP = &config.KernelMemoryTCP } @@ -451,18 +446,6 @@ func verifyPlatformContainerResources(resources *containertypes.Resources, sysIn if resources.Memory > 0 && resources.MemoryReservation > 0 && resources.Memory < resources.MemoryReservation { return warnings, errors.New("Minimum memory limit can not be less than memory reservation limit, see usage") } - if resources.KernelMemory > 0 { - // Kernel memory limit is not supported on cgroup v2. - // Even on cgroup v1, kernel memory limit (`kmem.limit_in_bytes`) has been deprecated since kernel 5.4. - // https://github.com/torvalds/linux/commit/0158115f702b0ba208ab0b5adf44cae99b3ebcc7 - if !sysInfo.KernelMemory { - warnings = append(warnings, "Your kernel does not support kernel memory limit capabilities or the cgroup is not mounted. Limitation discarded.") - resources.KernelMemory = 0 - } - if resources.KernelMemory > 0 && resources.KernelMemory < linuxMinMemory { - return warnings, errors.New("Minimum kernel memory limit allowed is 6MB") - } - } if resources.OomKillDisable != nil && !sysInfo.OomKillDisable { // only produce warnings if the setting wasn't to *disable* the OOM Kill; no point // warning the caller if they already wanted the feature to be off diff --git a/daemon/daemon_windows.go b/daemon/daemon_windows.go index fba9ae8342..48bd854207 100644 --- a/daemon/daemon_windows.go +++ b/daemon/daemon_windows.go @@ -144,9 +144,6 @@ func verifyPlatformContainerResources(resources *containertypes.Resources, isHyp if resources.CpusetMems != "" { return warnings, fmt.Errorf("invalid option: Windows does not support CpusetMems") } - if resources.KernelMemory != 0 { - return warnings, fmt.Errorf("invalid option: Windows does not support KernelMemory") - } if resources.MemoryReservation != 0 { return warnings, fmt.Errorf("invalid option: Windows does not support MemoryReservation") } diff --git a/daemon/info_unix.go b/daemon/info_unix.go index d51a8940ce..e1b383b96c 100644 --- a/daemon/info_unix.go +++ b/daemon/info_unix.go @@ -34,7 +34,6 @@ func (daemon *Daemon) fillPlatformInfo(ctx context.Context, v *system.Info, sysI if v.CgroupDriver != cgroupNoneDriver { v.MemoryLimit = sysInfo.MemoryLimit v.SwapLimit = sysInfo.SwapLimit - v.KernelMemory = sysInfo.KernelMemory v.KernelMemoryTCP = sysInfo.KernelMemoryTCP v.OomKillDisable = sysInfo.OomKillDisable v.CPUCfsPeriod = sysInfo.CPUCfs diff --git a/daemon/server/router/container/container_routes.go b/daemon/server/router/container/container_routes.go index ff576ee7b2..dbfae52d72 100644 --- a/daemon/server/router/container/container_routes.go +++ b/daemon/server/router/container/container_routes.go @@ -461,11 +461,6 @@ func (c *containerRouter) postContainerUpdate(ctx context.Context, w http.Respon updateConfig.PidsLimit = nil } - if versions.GreaterThanOrEqualTo(httputils.VersionFromContext(ctx), "1.42") { - // Ignore KernelMemory removed in API 1.42. - updateConfig.KernelMemory = 0 - } - if updateConfig.PidsLimit != nil && *updateConfig.PidsLimit <= 0 { // Both `0` and `-1` are accepted to set "unlimited" when updating. // Historically, any negative value was accepted, so treat them as @@ -592,8 +587,6 @@ func (c *containerRouter) postContainersCreate(ctx context.Context, w http.Respo } if versions.GreaterThanOrEqualTo(version, "1.42") { - // Ignore KernelMemory removed in API 1.42. - hostConfig.KernelMemory = 0 for _, m := range hostConfig.Mounts { if o := m.VolumeOptions; o != nil && m.Type != mount.TypeVolume { return errdefs.InvalidParameter(fmt.Errorf("VolumeOptions must not be specified on mount type %q", m.Type)) diff --git a/daemon/server/router/system/system_routes.go b/daemon/server/router/system/system_routes.go index 719e1651f1..57d94bdafd 100644 --- a/daemon/server/router/system/system_routes.go +++ b/daemon/server/router/system/system_routes.go @@ -118,9 +118,6 @@ func (s *systemRouter) getInfo(ctx context.Context, w http.ResponseWriter, r *ht info.RuncCommit.Expected = info.RuncCommit.ID //nolint:staticcheck // ignore SA1019: field is deprecated, but still used on API < v1.49. info.InitCommit.Expected = info.InitCommit.ID //nolint:staticcheck // ignore SA1019: field is deprecated, but still used on API < v1.49. } - if versions.GreaterThanOrEqualTo(version, "1.42") { - info.KernelMemory = false - } if versions.LessThan(version, "1.50") { info.DiscoveredDevices = nil diff --git a/daemon/update_linux.go b/daemon/update_linux.go index 53d9095b8a..0bbebbf8ac 100644 --- a/daemon/update_linux.go +++ b/daemon/update_linux.go @@ -59,9 +59,6 @@ func toContainerdResources(resources container.Resources) *libcontainerdtypes.Re if resources.MemoryReservation != 0 { memory.Reservation = &resources.MemoryReservation } - if resources.KernelMemory != 0 { //nolint:staticcheck // ignore SA1019: memory.Kernel is deprecated: kernel-memory limits are not supported in cgroups v2, and were obsoleted in [kernel v5.4]. This field should no longer be used, as it may be ignored by runtimes. - memory.Kernel = &resources.KernelMemory //nolint:staticcheck // ignore SA1019: memory.Kernel is deprecated: kernel-memory limits are not supported in cgroups v2, and were obsoleted in [kernel v5.4]. This field should no longer be used, as it may be ignored by runtimes. - } if resources.MemorySwap > 0 { memory.Swap = &resources.MemorySwap } diff --git a/pkg/sysinfo/cgroup2_linux.go b/pkg/sysinfo/cgroup2_linux.go index dd587682e4..b6ce501bdd 100644 --- a/pkg/sysinfo/cgroup2_linux.go +++ b/pkg/sysinfo/cgroup2_linux.go @@ -84,7 +84,6 @@ func applyMemoryCgroupInfoV2(info *SysInfo) { info.MemoryReservation = true info.OomKillDisable = false info.MemorySwappiness = false - info.KernelMemory = false info.KernelMemoryTCP = false } diff --git a/pkg/sysinfo/sysinfo.go b/pkg/sysinfo/sysinfo.go index 45ba97eb5d..85a0e89ba6 100644 --- a/pkg/sysinfo/sysinfo.go +++ b/pkg/sysinfo/sysinfo.go @@ -64,12 +64,6 @@ type cgroupMemInfo struct { // Whether memory swappiness is supported or not MemorySwappiness bool - // Whether kernel memory limit is supported or not. This option is used to - // detect support for kernel-memory limits on API < v1.42. Kernel memory - // limit (`kmem.limit_in_bytes`) is not supported on cgroups v2, and has been - // removed in kernel 5.4. - KernelMemory bool - // Whether kernel memory TCP limit is supported or not. Kernel memory TCP // limit (`memory.kmem.tcp.limit_in_bytes`) is not supported on cgroups v2. KernelMemoryTCP bool diff --git a/pkg/sysinfo/sysinfo_linux.go b/pkg/sysinfo/sysinfo_linux.go index 761c786d8f..0a39797b2d 100644 --- a/pkg/sysinfo/sysinfo_linux.go +++ b/pkg/sysinfo/sysinfo_linux.go @@ -153,10 +153,6 @@ func applyMemoryCgroupInfo(info *SysInfo) { info.Warnings = append(info.Warnings, "Your kernel does not support memory swappiness") } - // Option is deprecated, but still accepted on API < v1.42 with cgroups v1, - // so setting the field to allow feature detection. - info.KernelMemory = cgroupEnabled(mountPoint, "memory.kmem.limit_in_bytes") - // Option is deprecated in runc, but still accepted in our API, so setting // the field to allow feature detection, but don't warn if it's missing, to // make the daemon logs a bit less noisy. diff --git a/vendor/github.com/moby/moby/api/types/container/hostconfig.go b/vendor/github.com/moby/moby/api/types/container/hostconfig.go index 0fb65e1921..e04f5a3c96 100644 --- a/vendor/github.com/moby/moby/api/types/container/hostconfig.go +++ b/vendor/github.com/moby/moby/api/types/container/hostconfig.go @@ -390,9 +390,6 @@ type Resources struct { DeviceCgroupRules []string // List of rule to be added to the device cgroup DeviceRequests []DeviceRequest // List of device requests for device drivers - // KernelMemory specifies the kernel memory limit (in bytes) for the container. - // Deprecated: kernel 5.4 deprecated kmem.limit_in_bytes. - KernelMemory int64 `json:",omitempty"` KernelMemoryTCP int64 `json:",omitempty"` // Hard limit for kernel TCP buffer memory (in bytes) MemoryReservation int64 // Memory soft limit (in bytes) MemorySwap int64 // Total memory usage (memory + swap); set `-1` to enable unlimited swap diff --git a/vendor/github.com/moby/moby/api/types/system/info.go b/vendor/github.com/moby/moby/api/types/system/info.go index e9a4aa7c7f..d87f0e679d 100644 --- a/vendor/github.com/moby/moby/api/types/system/info.go +++ b/vendor/github.com/moby/moby/api/types/system/info.go @@ -21,7 +21,6 @@ type Info struct { Plugins PluginsInfo MemoryLimit bool SwapLimit bool - KernelMemory bool `json:",omitempty"` // Deprecated: kernel 5.4 deprecated kmem.limit_in_bytes KernelMemoryTCP bool `json:",omitempty"` // KernelMemoryTCP is not supported on cgroups v2. CPUCfsPeriod bool `json:"CpuCfsPeriod"` CPUCfsQuota bool `json:"CpuCfsQuota"` diff --git a/vendor/github.com/moby/moby/client/container_create.go b/vendor/github.com/moby/moby/client/container_create.go index e39c3ca937..61d76177cd 100644 --- a/vendor/github.com/moby/moby/client/container_create.go +++ b/vendor/github.com/moby/moby/client/container_create.go @@ -47,10 +47,6 @@ func (cli *Client) ContainerCreate(ctx context.Context, config *container.Config // When using API 1.24 and under, the client is responsible for removing the container hostConfig.AutoRemove = false } - if versions.GreaterThanOrEqualTo(cli.ClientVersion(), "1.42") || versions.LessThan(cli.ClientVersion(), "1.40") { - // KernelMemory was added in API 1.40, and deprecated in API 1.42 - hostConfig.KernelMemory = 0 - } if platform != nil && platform.OS == "linux" && versions.LessThan(cli.ClientVersion(), "1.42") { // When using API under 1.42, the Linux daemon doesn't respect the ConsoleSize hostConfig.ConsoleSize = [2]uint{0, 0}