Update handling of deprecated kernel (tcp) memory options

- Omit `KernelMemory` and `KernelMemoryTCP` fields in `/info` response if they're
  not supported, or when using API v1.42 or up.
- Re-enable detection of `KernelMemory` (as it's still needed for older API versions)
- Remove warning about kernel memory TCP in daemon logs (a warning is still returned
  by the `/info` endpoint, but we can consider removing that).
- Prevent incorrect "Minimum kernel memory limit allowed" error if the value was
  reset because it's not supported by the host.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

api/server/router/system/system_routes.go

@@ -51,7 +51,8 @@ func (s *systemRouter) getInfo(ctx context.Context, w http.ResponseWriter, r *ht
 		info.Warnings = append(info.Warnings, info.Swarm.Warnings...)
 	}
 
-	if versions.LessThan(httputils.VersionFromContext(ctx), "1.25") {
+	version := httputils.VersionFromContext(ctx)
+	if versions.LessThan(version, "1.25") {
 		// TODO: handle this conversion in engine-api
 		type oldInfo struct {
 			*types.Info
@@ -72,7 +73,7 @@ func (s *systemRouter) getInfo(ctx context.Context, w http.ResponseWriter, r *ht
 		old.SecurityOptions = nameOnlySecurityOptions
 		return httputils.WriteJSON(w, http.StatusOK, old)
 	}
-	if versions.LessThan(httputils.VersionFromContext(ctx), "1.39") {
+	if versions.LessThan(version, "1.39") {
 		if info.KernelVersion == "" {
 			info.KernelVersion = "<unknown>"
 		}
@@ -80,6 +81,9 @@ func (s *systemRouter) getInfo(ctx context.Context, w http.ResponseWriter, r *ht
 			info.OperatingSystem = "<unknown>"
 		}
 	}
+	if versions.GreaterThanOrEqualTo(version, "1.42") {
+		info.KernelMemory = false
+	}
 	return httputils.WriteJSON(w, http.StatusOK, info)
 }
 

api/swagger.yaml

@@ -4648,7 +4648,8 @@ definitions:
         example: true
       KernelMemoryTCP:
         description: |
-          Indicates if the host has kernel memory TCP limit support enabled.
+          Indicates if the host has kernel memory TCP limit support enabled. This
+          field is omitted if not supported.
 
           Kernel memory TCP limits are not supported when using cgroups v2, which
           does not support the corresponding `memory.kmem.tcp.limit_in_bytes` cgroup.

api/types/types.go

@@ -239,8 +239,8 @@ type Info struct {
 	Plugins            PluginsInfo
 	MemoryLimit        bool
 	SwapLimit          bool
-	KernelMemory       bool // Deprecated: kernel 5.4 deprecated kmem.limit_in_bytes
-	KernelMemoryTCP    bool
+	KernelMemory       bool `json:",omitempty"` // Deprecated: kernel 5.4 deprecated kmem.limit_in_bytes
+	KernelMemoryTCP    bool `json:",omitempty"` // KernelMemoryTCP is not supported on cgroups v2.
 	CPUCfsPeriod       bool `json:"CpuCfsPeriod"`
 	CPUCfsQuota        bool `json:"CpuCfsQuota"`
 	CPUShares          bool

daemon/daemon_unix.go

@@ -449,7 +449,7 @@ func verifyPlatformContainerResources(resources *containertypes.Resources, sysIn
 			warnings = append(warnings, "Your kernel does not support kernel memory limit capabilities or the cgroup is not mounted. Limitation discarded.")
 			resources.KernelMemory = 0
 		}
-		if resources.KernelMemory < linuxMinMemory {
+		if resources.KernelMemory > 0 && resources.KernelMemory < linuxMinMemory {
 			return warnings, fmt.Errorf("Minimum kernel memory limit allowed is 6MB")
 		}
 		if !kernel.CheckKernelVersion(4, 0, 0) {

docs/api/version-history.md

@@ -43,8 +43,11 @@ keywords: "API, Docker, rcli, REST, documentation"
 * The `POST /containers/{id}/wait` endpoint now returns a `400` status code if an
   invalid `condition` is provided (on API 1.30 and up).
 * Removed the `KernelMemory` field from the `POST /containers/create` and
-  `POST /containers/{id}/update` endpoints, any value it is set to will be ignored.
-  This field has been deprecated in `v1.41`.
+  `POST /containers/{id}/update` endpoints, any value it is set to will be ignored
+  on API version `v1.42` and up. Older API versions still accept this field, but
+  may take no effect, depending on the kernel version and OCI runtime in use.
+* `GET /info` now omits the `KernelMemory` and `KernelMemoryTCP` if they are not
+  supported by the host or host's configuration (if cgroups v2 are in use).
 
 ## v1.41 API changes
 

pkg/sysinfo/sysinfo.go

@@ -71,10 +71,14 @@ type cgroupMemInfo struct {
 	// Whether memory swappiness is supported or not
 	MemorySwappiness bool
 
-	// Whether kernel memory limit is supported or not
+	// Whether kernel memory limit is supported or not. This option is used to
+	// detect support for kernel-memory limits on API < v1.42. Kernel memory
+	// limit (`kmem.limit_in_bytes`) is not supported on cgroups v2, and has been
+	// removed in kernel 5.4.
 	KernelMemory bool
 
-	// Whether kernel memory TCP limit is supported or not
+	// Whether kernel memory TCP limit is supported or not. Kernel memory TCP
+	// limit (`memory.kmem.tcp.limit_in_bytes`) is not supported on cgroups v2.
 	KernelMemoryTCP bool
 }
 

pkg/sysinfo/sysinfo_linux.go

@@ -149,10 +149,15 @@ func applyMemoryCgroupInfo(info *SysInfo) {
 	if !info.MemorySwappiness {
 		info.Warnings = append(info.Warnings, "Your kernel does not support memory swappiness")
 	}
+
+	// Option is deprecated, but still accepted on API < v1.42 with cgroups v1,
+	// so setting the field to allow feature detection.
+	info.KernelMemory = cgroupEnabled(mountPoint, "memory.kmem.limit_in_bytes")
+
+	// Option is deprecated in runc, but still accepted in our API, so setting
+	// the field to allow feature detection, but don't warn if it's missing, to
+	// make the daemon logs a bit less noisy.
 	info.KernelMemoryTCP = cgroupEnabled(mountPoint, "memory.kmem.tcp.limit_in_bytes")
-	if !info.KernelMemoryTCP {
-		info.Warnings = append(info.Warnings, "Your kernel does not support kernel memory TCP limit")
-	}
 }
 
 // applyCPUCgroupInfo adds the cpu cgroup controller information to the info.