Re: [PATCH bpf-next v3 08/17] mm: introduce bpf_oom_kill_process() bpf kfunc

[Hao Ge]

On 2026/2/2 12:49, Matt Bobrowski wrote:
> On Mon, Jan 26, 2026 at 06:44:11PM -0800, Roman Gushchin wrote:
> > Introduce bpf_oom_kill_process() bpf kfunc, which is supposed
> > to be used by BPF OOM programs. It allows to kill a process
> > in exactly the same way the OOM killer does: using the OOM reaper,
> > bumping corresponding memcg and global statistics, respecting
> > memory.oom.group etc.
> >
> > On success, it sets the oom_control's bpf_memory_freed field to true,
> > enabling the bpf program to bypass the kernel OOM killer.
> >
> > Signed-off-by: Roman Gushchin <roman.gushchin@xxxxxxxxx>
> > ---
> >   mm/oom_kill.c | 80 +++++++++++++++++++++++++++++++++++++++++++++++++++
> >   1 file changed, 80 insertions(+)
> >
> > diff --git a/mm/oom_kill.c b/mm/oom_kill.c
> > index 44bbcf033804..09897597907f 100644
> > --- a/mm/oom_kill.c
> > +++ b/mm/oom_kill.c
> > @@ -46,6 +46,7 @@
> >   #include <linux/cred.h>
> >   #include <linux/nmi.h>
> >   #include <linux/bpf_oom.h>
> > +#include <linux/btf.h>
> >   
> >   #include <asm/tlb.h>
> >   #include "internal.h"
> > @@ -1290,3 +1291,82 @@ SYSCALL_DEFINE2(process_mrelease, int, pidfd, unsigned int, flags)
> >   	return -ENOSYS;
> >   #endif /* CONFIG_MMU */
> >   }
> > +
> > +#ifdef CONFIG_BPF_SYSCALL
> > +
> > +__bpf_kfunc_start_defs();
> > +/**
> > + * bpf_oom_kill_process - Kill a process as OOM killer
> > + * @oc: pointer to oom_control structure, describes OOM context
> > + * @task: task to be killed
> > + * @message__str: message to print in dmesg
> > + *
> > + * Kill a process in a way similar to the kernel OOM killer.
> > + * This means dump the necessary information to dmesg, adjust memcg
> > + * statistics, leverage the oom reaper, respect memory.oom.group etc.
> > + *
> > + * bpf_oom_kill_process() marks the forward progress by setting
> > + * oc->bpf_memory_freed. If the progress was made, the bpf program
> > + * is free to decide if the kernel oom killer should be invoked.
> > + * Otherwise it's enforced, so that a bad bpf program can't
> > + * deadlock the machine on memory.
> > + */
> > +__bpf_kfunc int bpf_oom_kill_process(struct oom_control *oc,
> > +				     struct task_struct *task,
> > +				     const char *message__str)
> > +{
> > +	if (oom_unkillable_task(task))
> > +		return -EPERM;
> > +
> > +	if (task->signal->oom_score_adj == OOM_SCORE_ADJ_MIN)
> > +		return -EINVAL;
Hi Matt and Roman
> task->signal->oom_score_adj == OOM_SCORE_ADJ_MIN is also
> representative of an unkillable task, so why not fold this up into the
> above conditional? Also, why not bother checking states like
> mm_flags_test(MMF_OOM_SKIP, task->mm) and in_vfork() here too?
>
> In all fairness I'm a little surprised about constraints like
> task->signal->oom_score_adj == OOM_SCORE_ADJ_MIN being enforced
> here. You could argue that the whole purpose of BPF OOM is such that
> you can implement your own victim selection algorithms entirely in BPF
> using your own set of heuristics and what not without needing to
> strictly respect properties like oom_score_adj.

Just my 2 cents — historically many users rely on setting oom_score_adj 
to OOM_SCORE_ADJ_MIN to protect their critical processes.

If we don't check this here and a custom BPF program happens to forget 
it, users would be quite surprised to find their most important

processes killed despite having explicitly marked them as protected.

So this really comes down to a priority question: when a custom BPF OOM 
policy decides to kill a process that the admin has explicitly

marked as protected via OOM_SCORE_ADJ_MIN, which one should take 
precedence?


> In any case, I think we should at least clearly document such
> constraints.

Fully agree. We need thorough documentation on what 
bpf_oom_kill_process() enforces on the kernel side,

so that custom BPF programs know exactly what's already handled and what 
additional checks they may

need to perform depending on their use case.


Thanks

Best regards.
Hao

> > +	/* paired with put_task_struct() in oom_kill_process() */
> > +	get_task_struct(task);
> > +
> > +	oc->chosen = task;
> > +
> > +	oom_kill_process(oc, message__str);
> > +
> > +	oc->chosen = NULL;
> > +	oc->bpf_memory_freed = true;
> > +
> > +	return 0;
> > +}
> > +
> > +__bpf_kfunc_end_defs();
> > +
> > +BTF_KFUNCS_START(bpf_oom_kfuncs)
> > +BTF_ID_FLAGS(func, bpf_oom_kill_process, KF_SLEEPABLE)
> > +BTF_KFUNCS_END(bpf_oom_kfuncs)
> > +
> > +BTF_ID_LIST_SINGLE(bpf_oom_ops_ids, struct, bpf_oom_ops)
> > +
> > +static int bpf_oom_kfunc_filter(const struct bpf_prog *prog, u32 kfunc_id)
> > +{
> > +	if (prog->type != BPF_PROG_TYPE_STRUCT_OPS ||
> > +	    prog->aux->attach_btf_id != bpf_oom_ops_ids[0])
> > +		return -EACCES;
> > +	return 0;
> > +}
> > +
> > +static const struct btf_kfunc_id_set bpf_oom_kfunc_set = {
> > +	.owner          = THIS_MODULE,
> > +	.set            = &bpf_oom_kfuncs,
> > +	.filter         = bpf_oom_kfunc_filter,
> > +};
> > +
> > +static int __init bpf_oom_init(void)
> > +{
> > +	int err;
> > +
> > +	err = register_btf_kfunc_id_set(BPF_PROG_TYPE_STRUCT_OPS,
> > +					&bpf_oom_kfunc_set);
> > +	if (err)
> > +		pr_warn("error while registering bpf oom kfuncs: %d", err);
> > +
> > +	return err;
> > +}
> > +late_initcall(bpf_oom_init);
> > +
> > +#endif
> > --
> > 2.52.0