Re: [PATCH v4 1/2] mm: introduce process_mrelease system call

[David Hildenbrand]

[...]

> Previously I proposed a number of alternatives to accomplish this:
> - https://lore.kernel.org/patchwork/patch/1060407 extending

I have no idea how stable these links are. Referencing via message id is 
the common practice. For this link, we'd use

https://lkml.kernel.org/r/20190411014353.113252-3-surenb@xxxxxxxxxx/

instead.

> pidfd_send_signal to allow memory reaping using oom_reaper thread;
> - https://lore.kernel.org/patchwork/patch/1338196 extending
> pidfd_send_signal to reap memory of the target process synchronously from
> the context of the caller;
> - https://lore.kernel.org/patchwork/patch/1344419/ to add MADV_DONTNEED
> support for process_madvise implementing synchronous memory reaping.
>
> The end of the last discussion culminated with suggestion to introduce a
> dedicated system call (https://lore.kernel.org/patchwork/patch/1344418/#1553875)
> The reasoning was that the new variant of process_madvise
>    a) does not work on an address range
>    b) is destructive
>    c) doesn't share much code at all with the rest of process_madvise
>  From the userspace point of view it was awkward and inconvenient to provide
> memory range for this operation that operates on the entire address space.
> Using special flags or address values to specify the entire address space
> was too hacky.

I'd condense this description and only reference previous discussions to 
put a main focus on what this patch actually does. Like

"
After previous discussions [1, 2, 3] the decision was made to introduce 
a dedicated system call to cover this use case.

...

[1] https://lkml.kernel.org/r/20190411014353.113252-3-surenb@xxxxxxxxxx/
"

> The API is as follows,
>
>            int process_mrelease(int pidfd, unsigned int flags);
>
>          DESCRIPTION
>            The process_mrelease() system call is used to free the memory of
>            a process which was sent a SIGKILL signal.
>
>            The pidfd selects the process referred to by the PID file
>            descriptor.
>            (See pidofd_open(2) for further information)
>
>            The flags argument is reserved for future use; currently, this
>            argument must be specified as 0.
>
>          RETURN VALUE
>            On success, process_mrelease() returns 0. On error, -1 is
>            returned and errno is set to indicate the error.
>
>          ERRORS
>            EBADF  pidfd is not a valid PID file descriptor.
>
>            EAGAIN Failed to release part of the address space.
>
>            EINTR  The call was interrupted by a signal; see signal(7).
>
>            EINVAL flags is not 0.
>
>            EINVAL The task does not have a pending SIGKILL or its memory is
>                   shared with another process with no pending SIGKILL.

Hm, I do wonder if it would make sense to have a mode (e.g., via a flag) 
to reap all but shared memory from a dying process. Future work.

>            ENOSYS This system call is not supported by kernels built with no
>                   MMU support (CONFIG_MMU=n).

Maybe "This system call is not supported, for example, without MMU 
support built into Linux."

>            ESRCH  The target process does not exist (i.e., it has terminated
>                   and been waited on).
>
> Signed-off-by: Suren Baghdasaryan <surenb@xxxxxxxxxx>
> ---
> changes in v4:
> - Replaced mmap_read_lock() with mmap_read_lock_killable(), per Michal Hocko
> - Added EINTR error in the manual pages documentation
>
>   mm/oom_kill.c | 58 +++++++++++++++++++++++++++++++++++++++++++++++++++
>   1 file changed, 58 insertions(+)
>
> diff --git a/mm/oom_kill.c b/mm/oom_kill.c
> index c729a4c4a1ac..86727794b0a8 100644
> --- a/mm/oom_kill.c
> +++ b/mm/oom_kill.c
> @@ -28,6 +28,7 @@
>   #include <linux/sched/task.h>
>   #include <linux/sched/debug.h>
>   #include <linux/swap.h>
> +#include <linux/syscalls.h>
>   #include <linux/timex.h>
>   #include <linux/jiffies.h>
>   #include <linux/cpuset.h>
> @@ -1141,3 +1142,60 @@ void pagefault_out_of_memory(void)
>   	out_of_memory(&oc);
>   	mutex_unlock(&oom_lock);
>   }
> +
> +SYSCALL_DEFINE2(process_mrelease, int, pidfd, unsigned int, flags)
> +{
> +#ifdef CONFIG_MMU
> +	struct mm_struct *mm = NULL;
> +	struct task_struct *task;
> +	unsigned int f_flags;
> +	struct pid *pid;
> +	long ret = 0;
> +
> +	if (flags != 0)

if (flags)

> +		return -EINVAL;
> +
> +	pid = pidfd_get_pid(pidfd, &f_flags);
> +	if (IS_ERR(pid))
> +		return PTR_ERR(pid);
> +
> +	task = get_pid_task(pid, PIDTYPE_PID);
> +	if (!task) {
> +		ret = -ESRCH;
> +		goto put_pid;
> +	}
> +
> +	/*
> +	 * If the task is dying and in the process of releasing its memory
> +	 * then get its mm.
> +	 */
> +	task_lock(task);
> +	if (task_will_free_mem(task) && (task->flags & PF_KTHREAD) == 0) {
> +		mm = task->mm;
> +		mmget(mm);
> +	}
> +	task_unlock(task);
> +	if (!mm) {
> +		ret = -EINVAL;
> +		goto put_task;
> +	}
> +
> +	if (mmap_read_lock_killable(mm)) {
> +		ret = -EINTR;
> +		goto put_mm;
> +	}
> +	if (!__oom_reap_task_mm(mm))
> +		ret = -EAGAIN;

I'm not an expert on __oom_reap_task_mm(), but the whole approach makes 
sense to. So feel free to add my

Acked-by: David Hildenbrand <david@xxxxxxxxxx>

--
Thanks,

David / dhildenb