A memory cgroup is a Linux kernel mechanism for resource isolation and accounting. It creates hierarchical groups of processes and applies configurable limits on their physical memory and swap usage. This is fundamental to container runtimes like Docker and Kubernetes, which use cgroups to enforce per-container memory budgets, preventing any single workload from monopolizing system RAM and causing instability. Administrators can also set soft limits and prioritize memory reclamation under pressure.
Glossary
Memory Cgroup (Control Group)

What is Memory Cgroup (Control Group)?
A memory cgroup, or control group, is a Linux kernel feature that limits, accounts for, and isolates the memory resource usage of a collection of processes, allowing system administrators to enforce memory quotas and priorities for containers or jobs.
In the context of GPU memory optimization and inference serving, memory cgroups are crucial for multi-tenant environments. They allow precise allocation of host system memory that supports GPU workloads, such as pinned memory for DMA or space for Unified Virtual Memory (UVM) pages swapped from GPU memory. By preventing host-side Out-of-Memory (OOM) conditions, cgroups ensure predictable performance for model inference jobs and enable efficient memory overcommit strategies where total allocated GPU memory can exceed physical device capacity.
Key Features of Memory Cgroups
Memory cgroups provide the fundamental isolation and accounting primitives for container runtimes and job schedulers, enabling precise control over memory resource consumption in multi-tenant environments.
Memory Usage Limiting
The core function of a memory cgroup is to enforce a hard limit on the total memory consumption of its member processes. This includes:
- RSS (Resident Set Size): Physical memory actively used.
- Page Cache: Memory used for cached files.
- Kernel data structures: Memory allocated for sockets, tmpfs, etc. When a cgroup exceeds its limit, the kernel invokes the OOM (Out-Of-Memory) killer to terminate processes within that cgroup, protecting the host system and other workloads from resource starvation.
Memory+Swap Accounting & Limiting
Memory cgroups track and can limit the combined usage of physical memory and swap space. This is controlled by the memory.memsw.limit_in_bytes parameter.
- Key Distinction: A
memory.limit_in_bytescontrols only RAM. Adding amemory.memsw.limit_in_bytesprevents a cgroup from swapping excessively, which can cause severe I/O latency. - Use Case: Critical for preventing a single container from causing system-wide thrashing by consuming all available swap, which would degrade performance for all other processes.
Hierarchical Organization
Memory cgroups are organized in a tree hierarchy, where child groups inherit and can further restrict the limits of their parent. This enables sophisticated resource delegation.
- Example: A root cgroup
/has 64GB. A child/batch_jobsis limited to 48GB. A grandchild/batch_jobs/trainingis further limited to 32GB. - Charge Propagation: Memory usage is charged to the cgroup where the page was allocated and to all its ancestors. This ensures hierarchical limits are enforced and usage is properly accounted up the tree.
Soft Limits (memory.soft_limit_in_bytes)
A soft limit provides a hint to the kernel about desired memory usage, not a strict boundary. When system memory is under pressure, the kernel preferentially reclaims pages from cgroups that have exceeded their soft limit before targeting those below it.
- Behavior: This is a best-effort mechanism. A cgroup can exceed its soft limit if free memory is available.
- Purpose: Allows for overcommitment while establishing a priority for reclaim. Lower-priority batch jobs can be given a soft limit, allowing their cache to be reclaimed first when the system is busy, protecting latency-sensitive services.
Memory Pressure Notifications
Cgroups can generate pressure stall information (PSI) metrics, providing fine-grained visibility into resource contention.
- Measures:
some(at least one task stalled),full(all non-idle tasks stalled). - Metrics:
memory.pressurefile reports the percentage of time tasks in the cgroup were stalled waiting for memory in a given window (e.g., 10s, 60s, 300s). - Application: Enables proactive monitoring and autoscaling. An orchestration system can observe rising
somepressure and decide to schedule a pod on a different node before latency spikes occur.
OOM Control & Prioritization
Administrators can fine-tune the behavior of the OOM killer within a cgroup using the memory.oom_control interface.
- Disabling OOM Killer: Setting
oom_kill_disableto1prevents processes in the cgroup from being killed. Instead, the kernel will block allocating processes, putting them into an uninterruptible sleep (Dstate) until memory is freed. Use with extreme caution as it can lead to a deadlock. - OOM Score Adjustment: The
oom_score_adjparameter for individual processes influences their likelihood of being selected by the OOM killer within the constrained cgroup. A lower score makes a process less likely to be killed.
Cgroup v1 vs. v2: Memory Controller Differences
Key architectural and functional differences between the memory controllers in Linux control group versions 1 and 2, relevant for container runtime configuration and resource isolation.
| Feature / Mechanism | Cgroup v1 Memory Controller | Cgroup v2 Memory Controller |
|---|---|---|
Controller Architecture | Multiple, independent hierarchies (split hierarchy) | Single, unified hierarchy with delegated controllers |
Memory Usage Accounting | Multiple, sometimes inconsistent counters (e.g., cache, rss) | Single, consistent |
Memory Limit Interface |
|
|
Memory+Swap Limit | Separate | Combined limit via |
OOM Killer Behavior | Per-cgroup OOM killer invocation; complex configuration | System-wide OOM killer invoked based on tree walk; pressure stall information (PSI) preferred |
Memory Pressure Notifications |
| Fine-grained |
Recursive Memory Accounting | Optional via | Always on and mandatory; limits apply recursively down the tree |
Swapiness Control | Per-cgroup | No per-cgroup swappiness; system-wide control only |
Kernel Memory Accounting | Separate | No explicit kernel memory limits; protected via |
Where Memory Cgroups Are Used
Memory cgroups are a foundational Linux kernel mechanism for enforcing memory isolation and quotas. Their primary application is in containerization, but they are also critical for system stability and multi-tenant resource management.
Multi-Tenant GPU Servers & ML Clusters
In ML training and inference clusters, memory cgroups are used alongside GPU isolation (e.g., MIG, MPS) to enforce host memory quotas for each job or user. This is critical for preventing a single job from causing system-wide swapping or OOM scenarios.
- Protects Critical Daemons: Ensures the Kubernetes kubelet, container runtime, and GPU drivers have guaranteed host memory.
- Complements GPU Memory Limits: While tools like
nvidia-smilimit GPU VRAM, host memory for data loading, preprocessing, and model weights is managed via cgroups. - Enables Fair Sharing: In shared research environments, cgroups prevent one user's memory-intensive data pipeline from starving others.
Embedded & IoT Systems
On resource-constrained embedded Linux devices, memory cgroups are used to protect system services and guarantee resources for critical functions.
- Partitions User Space: Isolates the main application from essential system daemons (e.g., network managers, logging).
- Enforces Hard Limits: Prevents a buggy or malicious user application from consuming all RAM and crashing the entire device.
- Memory Protection Without Virtualization: Provides container-like isolation where running a full container runtime (like Docker) is too heavyweight for the device's resources.
Frequently Asked Questions
A memory cgroup (control group) is a Linux kernel feature for limiting, accounting for, and isolating the memory usage of a collection of processes. These FAQs address its core mechanisms, use cases, and relationship to GPU memory management.
A memory cgroup is a Linux kernel feature that limits, accounts for, and isolates the memory resource usage of a collection of processes. It works by creating a hierarchical group of processes and applying resource controls to that group as a whole. The kernel tracks all memory pages—including file cache, anonymous memory, and kernel data structures—used by processes within the cgroup. When a configured memory limit is reached, the kernel can reclaim memory from within the cgroup through mechanisms like swapping or, in extreme cases, invoke the Out-of-Memory (OOM) Killer to terminate processes within that cgroup to protect the wider system.
Enabling Efficiency, Speed & Accuracy
Intelligent Analysis, Decision & Execution
We build AI systems for teams that need search across company data, workflow automation across tools, or AI features inside products and internal software.
Talk to Us
Search across company data
Give teams answers from docs, tickets, runbooks, and product data with sources and permissions.
Useful when people spend too long searching or get different answers from different systems.

Automate internal workflows
Use AI to route work, draft outputs, trigger actions, and keep approvals and logs in place.
Useful when repetitive work moves across multiple tools and teams.

Add AI to products and internal tools
Build assistants, guided actions, or decision support into the software your team or customers already use.
Useful when AI needs to be part of the product, not a separate tool.
Related Terms
Memory cgroups are a foundational Linux kernel mechanism for resource isolation. These related concepts detail the hardware, software, and system-level techniques used to manage and optimize memory in high-performance computing and AI inference environments.
Unified Virtual Memory (UVM)
A memory management architecture that creates a single, contiguous virtual address space shared between a CPU and GPU. This allows both processors to access the same memory pointers using a common page table, simplifying data sharing and enabling techniques like demand paging and zero-copy transfers. It abstracts the physical location of data, allowing pages to migrate between host and device memory transparently.
Memory Overcommit (Oversubscription)
A technique where the total memory allocated to active GPU workloads exceeds the physical GPU memory (VRAM) capacity. The system relies on host system memory (RAM) or even storage (NVMe SSDs) as a backing store. This is managed by the driver and OS through:
- Page Migration: Moving pages between GPU memory and host memory.
- Demand Paging: Loading data into GPU memory only when accessed (triggering a GPU page fault). This allows for larger working sets but can introduce latency if paging is frequent.
Page-Locked Memory (Pinned Memory)
Host (CPU) memory that is prevented from being paged out to disk by the operating system. Key characteristics:
- Enables High-Bandwidth DMA: Allows the GPU to perform Direct Memory Access (DMA) transfers directly to/from this memory, bypassing CPU involvement for copy operations.
- Required for Async Transfers: Essential for overlapping computation and data transfer using CUDA streams.
- System Impact: Overuse can reduce available memory for the OS and other processes, as it is non-pageable. It is a limited resource.
Memory Pool (Memory Arena)
A pre-allocated, large block of memory (on host or device) from which smaller allocations are sub-allocated by the application. This strategy is critical for performance:
- Reduces Allocation Overhead: Avoids frequent, expensive calls to system allocators like
cudaMalloc/cudaFree. - Mitigates Fragmentation: By managing allocations within a contiguous block, it prevents memory fragmentation where free memory is scattered in small, unusable chunks.
- Enables Stream-Ordered Allocation: Allocations can be tied to a CUDA stream's lifecycle for automatic, asynchronous reuse.

About the author
Prasad Kumkar
CEO & MD, Inference Systems
Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.
His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.
Partnered with leading AI, data, and software stack.
How We Work
Custom AI workflows for your Business
One-fit-all AI don't work for modern businesses. At Inferensys, we aim to understand your business & custom requirements; which we use to define most efficient agentic workflows, the data, and the tools for your business.
01
Review the use case
We understand the task, the users, and where AI can actually help.
Read more02
Pick the right approach
We define what needs search, automation, or product integration.
Read more03
Build the first useful version
We implement the part that proves the value first.
Read more04
Improve from there
We add the checks and visibility needed to keep it useful.
Read moreThe first call is a practical review of your use case and the right next step.
Talk to Us