Received: by 10.213.65.68 with SMTP id h4csp3549688imn; Tue, 3 Apr 2018 06:58:36 -0700 (PDT) X-Google-Smtp-Source: AIpwx488yo2caQchcfUPOVfOrr9NDgcG39nG7n5R+d2FMAdlduMoRsXpl4YofQwINBhc8/0DaaYY X-Received: by 2002:a17:902:244:: with SMTP id 62-v6mr5364849plc.125.1522763916408; Tue, 03 Apr 2018 06:58:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522763916; cv=none; d=google.com; s=arc-20160816; b=om/MRpXEy6lfX3UsU7UV7J7pnCBxuZd5OWdTgS5VGYyTRQaLcmnpyNQ+fmfhUXK+63 ha6Xg8Lqm/YmEANSZip+6t9xcHwBhxVFmS47ygXD7AwjFq2VsGZF8mfHm+BaKzLhsUiT D7poYkgr7+l5Sb9ismu0NaNf/yrTChBMSu3zstO78DyHneFDJiZ1473+HRzxG0lsubTo 9ihn1SJZA+MRoguUOBD2I0GBirnMzbR2FIHy+vCwcQHmHoAyDXpPqXuu5GpWA78m6mF2 8FoNWoKMQHAjPsT6eY277/m4ggQZC2cVGMy1karRN77lXCBpV2kXgd6OmtZZBnj/V0ie l3pw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:arc-authentication-results; bh=bwM+ErFQp+eTce6xT0/VQwvmliJM3Z0gG4/Jpwct4co=; b=CkztQe8pEDO8wzbo9JCxXZWV6Q7Ap91FOegRXKrMeRei1pGhWXC9+T1zLlfgtkPHvF OFHW0+f/+Vvw4ZHUQCGus4rqnBsBWEXoO6iBP4EONL18rE6wJxq8J3IKXEiTR7QhokIY Rxne9uYQRw2zTLcnJZzO3cfQdzjVYu7Anr1E5Wv+tj4op08ZT/bCBHhbIZ8Blz9vy+uM OQi6do1i4lhwvurB1uZXIdLQRRorhZIzPH+8cFxuaFudBI9VfNzJeaqteZmGVi6jctdK 2W6eYpHS7HkTHowkKtGN/+Sfrkv+IcAnwiJiGGWtjHLD2N6OwRCtFkDyTmi78x0HgSE9 0f8Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id i1si2019132pgp.542.2018.04.03.06.58.22; Tue, 03 Apr 2018 06:58:36 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751346AbeDCN4L (ORCPT + 99 others); Tue, 3 Apr 2018 09:56:11 -0400 Received: from mx2.suse.de ([195.135.220.15]:53997 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750827AbeDCN4J (ORCPT ); Tue, 3 Apr 2018 09:56:09 -0400 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay1.suse.de (charybdis-ext.suse.de [195.135.220.254]) by mx2.suse.de (Postfix) with ESMTP id 3DDE9AD95; Tue, 3 Apr 2018 13:56:08 +0000 (UTC) Date: Tue, 3 Apr 2018 15:56:07 +0200 From: Michal Hocko To: Steven Rostedt Cc: Zhaoyang Huang , Ingo Molnar , linux-kernel@vger.kernel.org, kernel-patch-test@lists.linaro.org, Andrew Morton , Joel Fernandes , linux-mm@kvack.org, Vlastimil Babka Subject: Re: [PATCH v1] kernel/trace:check the val against the available mem Message-ID: <20180403135607.GC5501@dhcp22.suse.cz> References: <1522320104-6573-1-git-send-email-zhaoyang.huang@spreadtrum.com> <20180330102038.2378925b@gandalf.local.home> <20180403110612.GM5501@dhcp22.suse.cz> <20180403075158.0c0a2795@gandalf.local.home> <20180403121614.GV5501@dhcp22.suse.cz> <20180403082348.28cd3c1c@gandalf.local.home> <20180403123514.GX5501@dhcp22.suse.cz> <20180403093245.43e7e77c@gandalf.local.home> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20180403093245.43e7e77c@gandalf.local.home> User-Agent: Mutt/1.9.4 (2018-02-28) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue 03-04-18 09:32:45, Steven Rostedt wrote: > On Tue, 3 Apr 2018 14:35:14 +0200 > Michal Hocko wrote: [...] > > Being clever is OK if it doesn't add a tricky code. And relying on > > si_mem_available is definitely tricky and obscure. > > Can we get the mm subsystem to provide a better method to know if an > allocation will possibly succeed or not before trying it? It doesn't > have to be free of races. Just "if I allocate this many pages right > now, will it work?" If that changes from the time it asks to the time > it allocates, that's fine. I'm not trying to prevent OOM to never > trigger. I just don't want to to trigger consistently. How do you do that without an actuall allocation request? And more fundamentally, what if your _particular_ request is just fine but it will get us so close to the OOM edge that the next legit allocation request simply goes OOM? There is simply no sane interface I can think of that would satisfy a safe/sensible "will it cause OOM" semantic. > > > Perhaps I should try to allocate a large group of pages with > > > RETRY_MAYFAIL, and if that fails go back to NORETRY, with the thinking > > > that the large allocation may reclaim some memory that would allow the > > > NORETRY to succeed with smaller allocations (one page at a time)? > > > > That again relies on a subtle dependencies of the current > > implementation. So I would rather ask whether this is something that > > really deserves special treatment. If admin asks for a buffer of a > > certain size then try to do so. If we get OOM then bad luck you cannot > > get large memory buffers for free... > > That is not acceptable to me nor to the people asking for this. > > The problem is known. The ring buffer allocates memory page by page, > and this can allow it to easily take all memory in the system before it > fails to allocate and free everything it had done. Then do not allow buffers that are too large. How often do you need buffers that are larger than few megs or small % of the available memory? Consuming excessive amount of memory just to trace workload which will need some memory on its own sounds just dubious to me. > If you don't like the use of si_mem_available() I'll do the larger > pages method. Yes it depends on the current implementation of memory > allocation. It will depend on RETRY_MAYFAIL trying to allocate a large > number of pages, and fail if it can't (leaving memory for other > allocations to succeed). > > The allocation of the ring buffer isn't critical. It can fail to > expand, and we can tell the user -ENOMEM. I original had NORETRY > because I rather have it fail than cause an OOM. But there's folks > (like Joel) that want it to succeed when there's available memory in > page caches. Then implement a retry logic on top of NORETRY. You can control how hard to retry to satisfy the request yourself. You still risk that your allocation will get us close to OOM for _somebody_ else though. > I'm fine if the admin shoots herself in the foot if the ring buffer > gets big enough to start causing OOMs, but I don't want it to cause > OOMs if there's not even enough memory to fulfill the ring buffer size > itself. I simply do not see the difference between the two. Both have the same deadly effect in the end. The direct OOM has an arguable advantage that the effect is immediate rather than subtle with potential performance side effects until the machine OOMs after crawling for quite some time. -- Michal Hocko SUSE Labs