Re: [patch] mm, oom: stop reclaiming if GFP_ATOMIC will start failing soon

From: Michal Hocko
Date: Mon Apr 27 2020 - 11:01:41 EST


On Fri 24-04-20 13:48:06, David Rientjes wrote:
> If GFP_ATOMIC allocations will start failing soon because the amount of
> free memory is substantially under per-zone min watermarks, it is better
> to oom kill a process rather than continue to reclaim.
>
> This intends to significantly reduce the number of page allocation
> failures that are encountered when the demands of user and atomic
> allocations overwhelm the ability of reclaim to keep up. We can see this
> with a high ingress of networking traffic where memory allocated in irq
> context can overwhelm the ability to reclaim fast enough such that user
> memory consistently loops. In that case, we have reclaimable memory, and
> reclaiming is successful, but we've fully depleted memory reserves that
> are allowed for non-blockable allocations.
>
> Commit 400e22499dd9 ("mm: don't warn about allocations which stall for
> too long") removed evidence of user allocations stalling because of this,
> but the situation can apply anytime we get "page allocation failures"
> where reclaim is happening but per-zone min watermarks are starved:
>
> Node 0 Normal free:87356kB min:221984kB low:416984kB high:611984kB active_anon:123009936kB inactive_anon:67647652kB active_file:429612kB inactive_file:209980kB unevictable:112348kB writepending:260kB present:198180864kB managed:195027624kB mlocked:81756kB kernel_stack:24040kB pagetables:11460kB bounce:0kB free_pcp:940kB local_pcp:96kB free_cma:0kB
> lowmem_reserve[]: 0 0 0 0
> Node 1 Normal free:105616kB min:225568kB low:423716kB high:621864kB active_anon:122124196kB inactive_anon:74112696kB active_file:39172kB inactive_file:103696kB unevictable:204480kB writepending:180kB present:201326592kB managed:198174372kB mlocked:204480kB kernel_stack:11328kB pagetables:3680kB bounce:0kB free_pcp:1140kB local_pcp:0kB free_cma:0kB
> lowmem_reserve[]: 0 0 0 0
>
> Without this patch, there is no guarantee that user memory allocations
> will ever be successful when non-blockable allocations overwhelm the
> ability to get above per-zone min watermarks.

We have never had any guarantee and we will not have any after this
patch either. The fundamental problem is that direct reclaim doesn't
provide any guarantee that the reclaimed memory is going to be used for
the reclaimer. You can see the same if the memory demand is higher
than the reclaim. GFP_ATOMIC is only different in that aspect that they
are not throttled by reclaiming and consume what is availble right away
which makes the problem worse.

> This doesn't solve page allocation failures entirely since it's a
> preemptive measure based on watermarks that requires concurrent blockable
> allocations to trigger the oom kill. To complete solve page allocation
> failures, it would be possible to do the same watermark check for non-
> blockable allocations and then queue a worker to asynchronously oom kill
> if it finds watermarks to be sufficiently low as well.

I do not think this is the right approach. This patch is also quite
dangerous as pointed out by Tetsuo. You are effectively allowing a
remote DoS via OOM killer. If the reclaim is making progress then the
issue seem to be more on the configuration side I believe. Have you
tried to tune watermarks resp. watermark_scale_factor? Another potential
problem might be that the kswapd is not making sufficient progress
because it is blocked on something.

> Signed-off-by: David Rientjes <rientjes@xxxxxxxxxx>
> ---
> mm/page_alloc.c | 12 +++++++++++-
> 1 file changed, 11 insertions(+), 1 deletion(-)
>
> diff --git a/mm/page_alloc.c b/mm/page_alloc.c
> --- a/mm/page_alloc.c
> +++ b/mm/page_alloc.c
> @@ -4372,11 +4372,21 @@ should_reclaim_retry(gfp_t gfp_mask, unsigned order,
> ac->nodemask) {
> unsigned long available;
> unsigned long reclaimable;
> + unsigned long free;
> unsigned long min_wmark = min_wmark_pages(zone);
> bool wmark;
>
> + free = zone_page_state_snapshot(zone, NR_FREE_PAGES);
> + /*
> + * If this zone is approaching the point where even order-0
> + * GFP_ATOMIC allocations will fail, stop considering reclaim.
> + */
> + if (!__zone_watermark_ok(zone, 0, min_wmark, ac_classzone_idx(ac),
> + alloc_flags | ALLOC_HIGH, free))
> + continue;
> +
> available = reclaimable = zone_reclaimable_pages(zone);
> - available += zone_page_state_snapshot(zone, NR_FREE_PAGES);
> + available += free;
>
> /*
> * Would the allocation succeed if we reclaimed all

--
Michal Hocko
SUSE Labs