Re: [PATCH v1] kernel/trace:check the val against the available mem

From: Michal Hocko
Date: Wed Apr 04 2018 - 10:47:43 EST


On Wed 04-04-18 10:31:11, Steven Rostedt wrote:
> On Wed, 4 Apr 2018 16:23:29 +0200
> Michal Hocko <mhocko@xxxxxxxxxx> wrote:
>
> > On Wed 04-04-18 10:11:49, Steven Rostedt wrote:
> > > On Wed, 4 Apr 2018 08:23:40 +0200
> > > Michal Hocko <mhocko@xxxxxxxxxx> wrote:
> > >
> > > > If you are afraid of that then you can have a look at {set,clear}_current_oom_origin()
> > > > which will automatically select the current process as an oom victim and
> > > > kill it.
> > >
> > > Would it even receive the signal? Does alloc_pages_node() even respond
> > > to signals? Because the OOM happens while the allocation loop is
> > > running.
> >
> > Well, you would need to do something like:
> >
> > >
> > > I tried it out, I did the following:
> > >
> > > set_current_oom_origin();
> > > for (i = 0; i < nr_pages; i++) {
> > > struct page *page;
> > > /*
> > > * __GFP_RETRY_MAYFAIL flag makes sure that the allocation fails
> > > * gracefully without invoking oom-killer and the system is not
> > > * destabilized.
> > > */
> > > bpage = kzalloc_node(ALIGN(sizeof(*bpage), cache_line_size()),
> > > GFP_KERNEL | __GFP_RETRY_MAYFAIL,
> > > cpu_to_node(cpu));
> > > if (!bpage)
> > > goto free_pages;
> > >
> > > list_add(&bpage->list, pages);
> > >
> > > page = alloc_pages_node(cpu_to_node(cpu),
> > > GFP_KERNEL | __GFP_RETRY_MAYFAIL, 0);
> > > if (!page)
> > > goto free_pages;
> >
> > if (fatal_signal_pending())
> > fgoto free_pages;
>
> But wouldn't page be NULL in this case?

__GFP_RETRY_MAYFAIL itself fails rather than triggers the OOM killer.
You still might get killed from other allocation context which can
trigger the OOM killer though. In any case you would back off and fail,
no?

> > > bpage->page = page_address(page);
> > > rb_init_page(bpage->page);
> > > }
> > > clear_current_oom_origin();
> >
> > If you use __GFP_RETRY_MAYFAIL it would have to be somedy else to
> > trigger the OOM killer and this user context would get killed. If you
> > drop __GFP_RETRY_MAYFAIL it would be this context to trigger the OOM but
> > it would still be the selected victim.
>
> Then we guarantee to kill the process instead of just sending a
> -ENOMEM, which would change user space ABI, and is a NO NO.

I see. Although I would expect it would be echo writing to a file most
of the time. But I am not really familiar what traces usually do so I
will not speculate.

> Ideally, we want to avoid an OOM. I could add the above as well, when
> si_mem_avaiable() returns something that is greater than what is
> available, and at least this is the process that will get the OOM if it
> fails to allocate.
>
> Would that work for you?

I have responded wrt si_mem_avaiable in other email but yes, using the
oom_origin would reduce the immediate damage at least.
--
Michal Hocko
SUSE Labs