Inferensys

Glossary

Memory Cgroup (Control Group)

A memory cgroup (control group) is a Linux kernel feature that limits, accounts for, and isolates the memory resource usage of a collection of processes.
Data engineer managing feature store on laptop, feature definitions visible, casual data engineering session.
GPU MEMORY OPTIMIZATION

What is Memory Cgroup (Control Group)?

A memory cgroup, or control group, is a Linux kernel feature that limits, accounts for, and isolates the memory resource usage of a collection of processes, allowing system administrators to enforce memory quotas and priorities for containers or jobs.

A memory cgroup is a Linux kernel mechanism for resource isolation and accounting. It creates hierarchical groups of processes and applies configurable limits on their physical memory and swap usage. This is fundamental to container runtimes like Docker and Kubernetes, which use cgroups to enforce per-container memory budgets, preventing any single workload from monopolizing system RAM and causing instability. Administrators can also set soft limits and prioritize memory reclamation under pressure.

In the context of GPU memory optimization and inference serving, memory cgroups are crucial for multi-tenant environments. They allow precise allocation of host system memory that supports GPU workloads, such as pinned memory for DMA or space for Unified Virtual Memory (UVM) pages swapped from GPU memory. By preventing host-side Out-of-Memory (OOM) conditions, cgroups ensure predictable performance for model inference jobs and enable efficient memory overcommit strategies where total allocated GPU memory can exceed physical device capacity.

LINUX KERNEL MECHANISM

Key Features of Memory Cgroups

Memory cgroups provide the fundamental isolation and accounting primitives for container runtimes and job schedulers, enabling precise control over memory resource consumption in multi-tenant environments.

01

Memory Usage Limiting

The core function of a memory cgroup is to enforce a hard limit on the total memory consumption of its member processes. This includes:

  • RSS (Resident Set Size): Physical memory actively used.
  • Page Cache: Memory used for cached files.
  • Kernel data structures: Memory allocated for sockets, tmpfs, etc. When a cgroup exceeds its limit, the kernel invokes the OOM (Out-Of-Memory) killer to terminate processes within that cgroup, protecting the host system and other workloads from resource starvation.
02

Memory+Swap Accounting & Limiting

Memory cgroups track and can limit the combined usage of physical memory and swap space. This is controlled by the memory.memsw.limit_in_bytes parameter.

  • Key Distinction: A memory.limit_in_bytes controls only RAM. Adding a memory.memsw.limit_in_bytes prevents a cgroup from swapping excessively, which can cause severe I/O latency.
  • Use Case: Critical for preventing a single container from causing system-wide thrashing by consuming all available swap, which would degrade performance for all other processes.
03

Hierarchical Organization

Memory cgroups are organized in a tree hierarchy, where child groups inherit and can further restrict the limits of their parent. This enables sophisticated resource delegation.

  • Example: A root cgroup / has 64GB. A child /batch_jobs is limited to 48GB. A grandchild /batch_jobs/training is further limited to 32GB.
  • Charge Propagation: Memory usage is charged to the cgroup where the page was allocated and to all its ancestors. This ensures hierarchical limits are enforced and usage is properly accounted up the tree.
04

Soft Limits (memory.soft_limit_in_bytes)

A soft limit provides a hint to the kernel about desired memory usage, not a strict boundary. When system memory is under pressure, the kernel preferentially reclaims pages from cgroups that have exceeded their soft limit before targeting those below it.

  • Behavior: This is a best-effort mechanism. A cgroup can exceed its soft limit if free memory is available.
  • Purpose: Allows for overcommitment while establishing a priority for reclaim. Lower-priority batch jobs can be given a soft limit, allowing their cache to be reclaimed first when the system is busy, protecting latency-sensitive services.
05

Memory Pressure Notifications

Cgroups can generate pressure stall information (PSI) metrics, providing fine-grained visibility into resource contention.

  • Measures: some (at least one task stalled), full (all non-idle tasks stalled).
  • Metrics: memory.pressure file reports the percentage of time tasks in the cgroup were stalled waiting for memory in a given window (e.g., 10s, 60s, 300s).
  • Application: Enables proactive monitoring and autoscaling. An orchestration system can observe rising some pressure and decide to schedule a pod on a different node before latency spikes occur.
06

OOM Control & Prioritization

Administrators can fine-tune the behavior of the OOM killer within a cgroup using the memory.oom_control interface.

  • Disabling OOM Killer: Setting oom_kill_disable to 1 prevents processes in the cgroup from being killed. Instead, the kernel will block allocating processes, putting them into an uninterruptible sleep (D state) until memory is freed. Use with extreme caution as it can lead to a deadlock.
  • OOM Score Adjustment: The oom_score_adj parameter for individual processes influences their likelihood of being selected by the OOM killer within the constrained cgroup. A lower score makes a process less likely to be killed.
LINUX KERNEL FEATURE COMPARISON

Cgroup v1 vs. v2: Memory Controller Differences

Key architectural and functional differences between the memory controllers in Linux control group versions 1 and 2, relevant for container runtime configuration and resource isolation.

Feature / MechanismCgroup v1 Memory ControllerCgroup v2 Memory Controller

Controller Architecture

Multiple, independent hierarchies (split hierarchy)

Single, unified hierarchy with delegated controllers

Memory Usage Accounting

Multiple, sometimes inconsistent counters (e.g., cache, rss)

Single, consistent memory.current counter reflecting total charged memory

Memory Limit Interface

memory.limit_in_bytes

memory.max

Memory+Swap Limit

Separate memory.memsw.limit_in_bytes file

Combined limit via memory.swap.max (swap is subset of total)

OOM Killer Behavior

Per-cgroup OOM killer invocation; complex configuration

System-wide OOM killer invoked based on tree walk; pressure stall information (PSI) preferred

Memory Pressure Notifications

memory.pressure_level events (vague thresholds)

Fine-grained memory.pressure events with PSI metrics

Recursive Memory Accounting

Optional via memory.use_hierarchy flag

Always on and mandatory; limits apply recursively down the tree

Swapiness Control

Per-cgroup memory.swappiness

No per-cgroup swappiness; system-wide control only

Kernel Memory Accounting

Separate kmem limits (deprecated, caused instability)

No explicit kernel memory limits; protected via memory.high throttling

APPLICATIONS

Where Memory Cgroups Are Used

Memory cgroups are a foundational Linux kernel mechanism for enforcing memory isolation and quotas. Their primary application is in containerization, but they are also critical for system stability and multi-tenant resource management.

03

Multi-Tenant GPU Servers & ML Clusters

In ML training and inference clusters, memory cgroups are used alongside GPU isolation (e.g., MIG, MPS) to enforce host memory quotas for each job or user. This is critical for preventing a single job from causing system-wide swapping or OOM scenarios.

  • Protects Critical Daemons: Ensures the Kubernetes kubelet, container runtime, and GPU drivers have guaranteed host memory.
  • Complements GPU Memory Limits: While tools like nvidia-smi limit GPU VRAM, host memory for data loading, preprocessing, and model weights is managed via cgroups.
  • Enables Fair Sharing: In shared research environments, cgroups prevent one user's memory-intensive data pipeline from starving others.
05

Embedded & IoT Systems

On resource-constrained embedded Linux devices, memory cgroups are used to protect system services and guarantee resources for critical functions.

  • Partitions User Space: Isolates the main application from essential system daemons (e.g., network managers, logging).
  • Enforces Hard Limits: Prevents a buggy or malicious user application from consuming all RAM and crashing the entire device.
  • Memory Protection Without Virtualization: Provides container-like isolation where running a full container runtime (like Docker) is too heavyweight for the device's resources.
MEMORY CGROUP

Frequently Asked Questions

A memory cgroup (control group) is a Linux kernel feature for limiting, accounting for, and isolating the memory usage of a collection of processes. These FAQs address its core mechanisms, use cases, and relationship to GPU memory management.

A memory cgroup is a Linux kernel feature that limits, accounts for, and isolates the memory resource usage of a collection of processes. It works by creating a hierarchical group of processes and applying resource controls to that group as a whole. The kernel tracks all memory pages—including file cache, anonymous memory, and kernel data structures—used by processes within the cgroup. When a configured memory limit is reached, the kernel can reclaim memory from within the cgroup through mechanisms like swapping or, in extreme cases, invoke the Out-of-Memory (OOM) Killer to terminate processes within that cgroup to protect the wider system.

Prasad Kumkar

About the author

Prasad Kumkar

CEO & MD, Inference Systems

Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.

His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.