Received: by 2002:a05:6a10:eb17:0:0:0:0 with SMTP id hx23csp1420382pxb; Fri, 10 Sep 2021 05:40:55 -0700 (PDT) X-Google-Smtp-Source: ABdhPJz/zw2SnqsOXH2q4C9N82HamMqAKrJq9hqGss1XUi93iWpjjlXgewQ2iAJTtCELrwPGqm1L X-Received: by 2002:a6b:6918:: with SMTP id e24mr6834266ioc.71.1631277655199; Fri, 10 Sep 2021 05:40:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1631277655; cv=none; d=google.com; s=arc-20160816; b=LDvzNHJEVg0MQ7k3DoDMEU8kxT7SNuf5GOhRnd2+hCBvqxZmZ8kv6XM5DCv+YOSYsL yraWnyzk8/9LlJp8iqLMkB/BjAQtJTI7s3ZpxY9vnzinl/n83rcL8cDEnI9pESVQJSX9 ZeA5Zbgth2zXlspu+V9dXaOOd0DRfWrRfk78WIM4dRS2ieKKWsyU/YpfDoUiU1p9x3du nVujChW2WHc8JWR1lh0QW8HfNRJtRPG1OiKvQPwTaPLrKznVzEKEUoTPkzN8PUOyY0Fs SYXlwGftTXSmk8isaqB8x9c0ljKqja1dq1eUMjzRmHDPmvD/YQOvtVdpVzTYUyLmzhZQ jvHQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :mime-version:user-agent:date:message-id:cc:to:subject:from :dkim-signature; bh=uX26lHcEDEEEDF7IL0qVhsYLGM0hoO2eLUbDvhlRdtw=; b=G57qGucS/lW4x//5PXDsxHqd2QBqgODo3axxBaxJP0S7zS1w1l3xc6O6/kNH0ZtPw+ IvOP4OfychtnOxpbXpxvMfUZwiDAdGwi3sIGY58ikvNBVATP88fkfqlxD07cvk5QO2mr H8nDW02+WAeYucRkE9I2hSBj7uPGoOaWH8LGRQKImcB6UNTcrGd4BiDRelEbbDNJT1J3 4yXFjXWAJlTmyTtuy1KTjJ7nxOWH9zhX5vG8pjJCZo/qOqoY+M45ZcUBXpiRfZsxG5Gk 2LqbeSregpgyM4AvJ5mdEjYrk4jzrCQeBz7FjobPVJkuyQQoqO3y6GJSRKIXShU896X8 jA0A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@virtuozzo.com header.s=relay header.b=h43ebg4S; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=virtuozzo.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id k35si4541884jac.46.2021.09.10.05.40.43; Fri, 10 Sep 2021 05:40:55 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@virtuozzo.com header.s=relay header.b=h43ebg4S; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=virtuozzo.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235096AbhIJMlL (ORCPT + 99 others); Fri, 10 Sep 2021 08:41:11 -0400 Received: from relay.sw.ru ([185.231.240.75]:53540 "EHLO relay.sw.ru" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233919AbhIJMko (ORCPT ); Fri, 10 Sep 2021 08:40:44 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=virtuozzo.com; s=relay; h=Content-Type:MIME-Version:Date:Message-ID:Subject :From; bh=uX26lHcEDEEEDF7IL0qVhsYLGM0hoO2eLUbDvhlRdtw=; b=h43ebg4SmVjbGOYRO+L BoV3O7RDbVzBij44DK/UBOq2B5Qe1i3YEmSZOZEX5mdSkqGDsIpSnGXB47D8BZ3LeITSlIUNjYOwg yURpuDjMmDFXE8CGx0Lau0ZXHjf9L8LPvclhzutmdAC5lkTKuE6PfjCHUepjuhUQdw9t+y+iT0Q=; Received: from [10.93.0.56] by relay.sw.ru with esmtp (Exim 4.94.2) (envelope-from ) id 1mOfoW-001Unm-Lj; Fri, 10 Sep 2021 15:39:28 +0300 From: Vasily Averin Subject: [PATCH memcg] memcg: prohibit unconditional exceeding the limit of dying tasks To: Michal Hocko , Johannes Weiner , Vladimir Davydov , Andrew Morton , Tetsuo Handa Cc: cgroups@vger.kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org Message-ID: <5b06a490-55bc-a6a0-6c85-690254f86fad@virtuozzo.com> Date: Fri, 10 Sep 2021 15:39:28 +0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.13.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The kernel currently allows dying tasks to exceed the memcg limits. The allocation is expected to be the last one and the occupied memory will be freed soon. This is not always true because it can be part of the huge vmalloc allocation. Allowed once, they will repeat over and over again. Moreover lifetime of the allocated object can differ from In addition the lifetime of the dying task. Multiple such allocations running concurrently can not only overuse the memcg limit, but can lead to a global out of memory and, in the worst case, cause the host to panic. Signed-off-by: Vasily Averin --- mm/memcontrol.c | 23 +++++------------------ 1 file changed, 5 insertions(+), 18 deletions(-) diff --git a/mm/memcontrol.c b/mm/memcontrol.c index 389b5766e74f..67195fcfbddf 100644 --- a/mm/memcontrol.c +++ b/mm/memcontrol.c @@ -1834,6 +1834,9 @@ static enum oom_status mem_cgroup_oom(struct mem_cgroup *memcg, gfp_t mask, int return OOM_ASYNC; } + if (should_force_charge()) + return OOM_SKIPPED; + mem_cgroup_mark_under_oom(memcg); locked = mem_cgroup_oom_trylock(memcg); @@ -2622,15 +2625,6 @@ static int try_charge_memcg(struct mem_cgroup *memcg, gfp_t gfp_mask, if (gfp_mask & __GFP_ATOMIC) goto force; - /* - * Unlike in global OOM situations, memcg is not in a physical - * memory shortage. Allow dying and OOM-killed tasks to - * bypass the last charges so that they can exit quickly and - * free their memory. - */ - if (unlikely(should_force_charge())) - goto force; - /* * Prevent unbounded recursion when reclaim operations need to * allocate memory. This might exceed the limits temporarily, @@ -2688,9 +2682,6 @@ static int try_charge_memcg(struct mem_cgroup *memcg, gfp_t gfp_mask, if (gfp_mask & __GFP_RETRY_MAYFAIL) goto nomem; - if (fatal_signal_pending(current)) - goto force; - /* * keep retrying as long as the memcg oom killer is able to make * a forward progress or bypass the charge if the oom killer @@ -2698,15 +2689,11 @@ static int try_charge_memcg(struct mem_cgroup *memcg, gfp_t gfp_mask, */ oom_status = mem_cgroup_oom(mem_over_limit, gfp_mask, get_order(nr_pages * PAGE_SIZE)); - switch (oom_status) { - case OOM_SUCCESS: + if (oom_status == OOM_SUCCESS) { nr_retries = MAX_RECLAIM_RETRIES; goto retry; - case OOM_FAILED: + } else if (oom_status == OOM_FAILED) goto force; - default: - goto nomem; - } nomem: if (!(gfp_mask & __GFP_NOFAIL)) return -ENOMEM; -- 2.31.1