Received: by 2002:a05:6a10:eb17:0:0:0:0 with SMTP id hx23csp1420382pxb;
        Fri, 10 Sep 2021 05:40:55 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJz/zw2SnqsOXH2q4C9N82HamMqAKrJq9hqGss1XUi93iWpjjlXgewQ2iAJTtCELrwPGqm1L
X-Received: by 2002:a6b:6918:: with SMTP id e24mr6834266ioc.71.1631277655199;
        Fri, 10 Sep 2021 05:40:55 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1631277655; cv=none;
        d=google.com; s=arc-20160816;
        b=LDvzNHJEVg0MQ7k3DoDMEU8kxT7SNuf5GOhRnd2+hCBvqxZmZ8kv6XM5DCv+YOSYsL
         yraWnyzk8/9LlJp8iqLMkB/BjAQtJTI7s3ZpxY9vnzinl/n83rcL8cDEnI9pESVQJSX9
         ZeA5Zbgth2zXlspu+V9dXaOOd0DRfWrRfk78WIM4dRS2ieKKWsyU/YpfDoUiU1p9x3du
         nVujChW2WHc8JWR1lh0QW8HfNRJtRPG1OiKvQPwTaPLrKznVzEKEUoTPkzN8PUOyY0Fs
         SYXlwGftTXSmk8isaqB8x9c0ljKqja1dq1eUMjzRmHDPmvD/YQOvtVdpVzTYUyLmzhZQ
         jvHQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:content-language
         :mime-version:user-agent:date:message-id:cc:to:subject:from
         :dkim-signature;
        bh=uX26lHcEDEEEDF7IL0qVhsYLGM0hoO2eLUbDvhlRdtw=;
        b=G57qGucS/lW4x//5PXDsxHqd2QBqgODo3axxBaxJP0S7zS1w1l3xc6O6/kNH0ZtPw+
         IvOP4OfychtnOxpbXpxvMfUZwiDAdGwi3sIGY58ikvNBVATP88fkfqlxD07cvk5QO2mr
         H8nDW02+WAeYucRkE9I2hSBj7uPGoOaWH8LGRQKImcB6UNTcrGd4BiDRelEbbDNJT1J3
         4yXFjXWAJlTmyTtuy1KTjJ7nxOWH9zhX5vG8pjJCZo/qOqoY+M45ZcUBXpiRfZsxG5Gk
         2LqbeSregpgyM4AvJ5mdEjYrk4jzrCQeBz7FjobPVJkuyQQoqO3y6GJSRKIXShU896X8
         jA0A==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@virtuozzo.com header.s=relay header.b=h43ebg4S;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=virtuozzo.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id k35si4541884jac.46.2021.09.10.05.40.43;
        Fri, 10 Sep 2021 05:40:55 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@virtuozzo.com header.s=relay header.b=h43ebg4S;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=virtuozzo.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S235096AbhIJMlL (ORCPT <rfc822;li.zhiang.cn@gmail.com>
        + 99 others); Fri, 10 Sep 2021 08:41:11 -0400
Received: from relay.sw.ru ([185.231.240.75]:53540 "EHLO relay.sw.ru"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S233919AbhIJMko (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 10 Sep 2021 08:40:44 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
        d=virtuozzo.com; s=relay; h=Content-Type:MIME-Version:Date:Message-ID:Subject
        :From; bh=uX26lHcEDEEEDF7IL0qVhsYLGM0hoO2eLUbDvhlRdtw=; b=h43ebg4SmVjbGOYRO+L
        BoV3O7RDbVzBij44DK/UBOq2B5Qe1i3YEmSZOZEX5mdSkqGDsIpSnGXB47D8BZ3LeITSlIUNjYOwg
        yURpuDjMmDFXE8CGx0Lau0ZXHjf9L8LPvclhzutmdAC5lkTKuE6PfjCHUepjuhUQdw9t+y+iT0Q=;
Received: from [10.93.0.56]
        by relay.sw.ru with esmtp (Exim 4.94.2)
        (envelope-from <vvs@virtuozzo.com>)
        id 1mOfoW-001Unm-Lj; Fri, 10 Sep 2021 15:39:28 +0300
From:   Vasily Averin <vvs@virtuozzo.com>
Subject: [PATCH memcg] memcg: prohibit unconditional exceeding the limit of
 dying tasks
To:     Michal Hocko <mhocko@kernel.org>,
        Johannes Weiner <hannes@cmpxchg.org>,
        Vladimir Davydov <vdavydov.dev@gmail.com>,
        Andrew Morton <akpm@linux-foundation.org>,
        Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Cc:     cgroups@vger.kernel.org, linux-mm@kvack.org,
        linux-kernel@vger.kernel.org
Message-ID: <5b06a490-55bc-a6a0-6c85-690254f86fad@virtuozzo.com>
Date:   Fri, 10 Sep 2021 15:39:28 +0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
 Thunderbird/78.13.0
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

The kernel currently allows dying tasks to exceed the memcg limits.
The allocation is expected to be the last one and the occupied memory
will be freed soon.
This is not always true because it can be part of the huge vmalloc
allocation. Allowed once, they will repeat over and over again.
Moreover lifetime of the allocated object can differ from
In addition the lifetime of the dying task.
Multiple such allocations running concurrently can not only overuse
the memcg limit, but can lead to a global out of memory and,
in the worst case, cause the host to panic.

Signed-off-by: Vasily Averin <vvs@virtuozzo.com>
---
 mm/memcontrol.c | 23 +++++------------------
 1 file changed, 5 insertions(+), 18 deletions(-)

diff --git a/mm/memcontrol.c b/mm/memcontrol.c
index 389b5766e74f..67195fcfbddf 100644
--- a/mm/memcontrol.c
+++ b/mm/memcontrol.c
@@ -1834,6 +1834,9 @@ static enum oom_status mem_cgroup_oom(struct mem_cgroup *memcg, gfp_t mask, int
 		return OOM_ASYNC;
 	}
 
+	if (should_force_charge())
+		return OOM_SKIPPED;
+
 	mem_cgroup_mark_under_oom(memcg);
 
 	locked = mem_cgroup_oom_trylock(memcg);
@@ -2622,15 +2625,6 @@ static int try_charge_memcg(struct mem_cgroup *memcg, gfp_t gfp_mask,
 	if (gfp_mask & __GFP_ATOMIC)
 		goto force;
 
-	/*
-	 * Unlike in global OOM situations, memcg is not in a physical
-	 * memory shortage.  Allow dying and OOM-killed tasks to
-	 * bypass the last charges so that they can exit quickly and
-	 * free their memory.
-	 */
-	if (unlikely(should_force_charge()))
-		goto force;
-
 	/*
 	 * Prevent unbounded recursion when reclaim operations need to
 	 * allocate memory. This might exceed the limits temporarily,
@@ -2688,9 +2682,6 @@ static int try_charge_memcg(struct mem_cgroup *memcg, gfp_t gfp_mask,
 	if (gfp_mask & __GFP_RETRY_MAYFAIL)
 		goto nomem;
 
-	if (fatal_signal_pending(current))
-		goto force;
-
 	/*
 	 * keep retrying as long as the memcg oom killer is able to make
 	 * a forward progress or bypass the charge if the oom killer
@@ -2698,15 +2689,11 @@ static int try_charge_memcg(struct mem_cgroup *memcg, gfp_t gfp_mask,
 	 */
 	oom_status = mem_cgroup_oom(mem_over_limit, gfp_mask,
 		       get_order(nr_pages * PAGE_SIZE));
-	switch (oom_status) {
-	case OOM_SUCCESS:
+	if (oom_status == OOM_SUCCESS) {
 		nr_retries = MAX_RECLAIM_RETRIES;
 		goto retry;
-	case OOM_FAILED:
+	} else if (oom_status == OOM_FAILED)
 		goto force;
-	default:
-		goto nomem;
-	}
 nomem:
 	if (!(gfp_mask & __GFP_NOFAIL))
 		return -ENOMEM;
-- 
2.31.1