Re: [patch] mm, oom: stop reclaiming if GFP_ATOMIC will start failing soon

[David Rientjes]

On Sat, 25 Apr 2020, Andrew Morton wrote:

> > If GFP_ATOMIC allocations will start failing soon because the amount of
> > free memory is substantially under per-zone min watermarks, it is better
> > to oom kill a process rather than continue to reclaim.
> > 
> > This intends to significantly reduce the number of page allocation
> > failures that are encountered when the demands of user and atomic
> > allocations overwhelm the ability of reclaim to keep up.  We can see this
> > with a high ingress of networking traffic where memory allocated in irq
> > context can overwhelm the ability to reclaim fast enough such that user
> > memory consistently loops.  In that case, we have reclaimable memory, and
> 
> "user memory allocation", I assume?  Or maybe "blockable memory
> allocatoins".
> 

"user memory allocations consistently loop", yeah.  Thanks.

> > reclaiming is successful, but we've fully depleted memory reserves that
> > are allowed for non-blockable allocations.
> > 
> > Commit 400e22499dd9 ("mm: don't warn about allocations which stall for
> > too long") removed evidence of user allocations stalling because of this,
> > but the situation can apply anytime we get "page allocation failures"
> > where reclaim is happening but per-zone min watermarks are starved:
> > 
> > Node 0 Normal free:87356kB min:221984kB low:416984kB high:611984kB active_anon:123009936kB inactive_anon:67647652kB active_file:429612kB inactive_file:209980kB unevictable:112348kB writepending:260kB present:198180864kB managed:195027624kB mlocked:81756kB kernel_stack:24040kB pagetables:11460kB bounce:0kB free_pcp:940kB local_pcp:96kB free_cma:0kB
> > lowmem_reserve[]: 0 0 0 0
> > Node 1 Normal free:105616kB min:225568kB low:423716kB high:621864kB active_anon:122124196kB inactive_anon:74112696kB active_file:39172kB inactive_file:103696kB unevictable:204480kB writepending:180kB present:201326592kB managed:198174372kB mlocked:204480kB kernel_stack:11328kB pagetables:3680kB bounce:0kB free_pcp:1140kB local_pcp:0kB free_cma:0kB
> > lowmem_reserve[]: 0 0 0 0
> > 
> > Without this patch, there is no guarantee that user memory allocations
> > will ever be successful when non-blockable allocations overwhelm the
> > ability to get above per-zone min watermarks.
> > 
> > This doesn't solve page allocation failures entirely since it's a
> > preemptive measure based on watermarks that requires concurrent blockable
> > allocations to trigger the oom kill.  To complete solve page allocation
> > failures, it would be possible to do the same watermark check for non-
> > blockable allocations and then queue a worker to asynchronously oom kill
> > if it finds watermarks to be sufficiently low as well.
> > 
> 
> Well, what's really going on here?
> 
> Is networking potentially consuming an unbounded amount of memory?  If
> so, then killing a process will just cause networking to consume more
> memory then hit against the same thing.  So presumably the answer is
> "no, the watermarks are inappropriately set for this workload".
> 
> So would it not be sensible to dynamically adjust the watermarks in
> response to this condition?  Maintain a larger pool of memory for these
> allocations?  Or possibly push back on networking and tell it to reduce
> its queue sizes?  So that stuff doesn't keep on getting oom-killed?
> 

No - that would actually make the problem worse.

Today, per-zone min watermarks dictate when user allocations will loop or 
oom kill.  should_reclaim_retry() currently loops if reclaim has succeeded 
in the past few tries and we should be able to allocate if we are able to 
reclaim the amount of memory that we think we can.

The issue is that this supposes that looping to reclaim more will result 
in more free memory.  That doesn't always happen if there are concurrent 
memory allocators.

GFP_ATOMIC allocators can access below these per-zone watermarks.  So the 
issue is that per-zone free pages stays between ALLOC_HIGH watermarks 
(the watermark that GFP_ATOMIC allocators can allocate to) and min 
watermarks.  We never reclaim enough memory to get back to min watermarks 
because reclaim cannot keep up with the amount of GFP_ATOMIC allocations.

In production scnearios, this results in userspace processes going out to 
lunch because they are constantly looping in the page allocator reclaiming 
only for the benefit of GFP_ATOMIC allocations.

In fact, when we hit ALLOC_HIGH watermarks and we start getting "page 
allocation failures" in the kernel log, there is also no guarantee that 
kswapd's reclaim will outpace GFP_ATOMIC allocations.  Thus, an oom kill 
is really the best policy at this point to provide an actual guarantee of 
net positive memory freeing.

This isn't a matter of any specific networking stack; the scope of 
allocations that can trigger this is the set of all GFP_ATOMIC (or 
GFP_MEMALLOC) allocations in the kernel.

Tetsuo: the specific allocation that triggers a page allocation failure is 
not interesting; we have tens of thousands of examples.  Each example is 
simply the unlucky last GFP_ATOMIC allocation that fails; the interesting 
point is the amount of free memory.  In other words, when free memory is 
below ALLOC_HIGH watermarks, we assume that we have depleted memory 
reserves *faster* than when user allocations started to fail.  In the 
interest of userspace being responsive, we should oom kill here.