Received: by 2002:a05:6359:6284:b0:131:369:b2a3 with SMTP id se4csp5289291rwb; Wed, 9 Aug 2023 01:28:59 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHYk/qR4tc4b3d9Sm4puzD7hO+SkrvVyGqLqSCM5/RKBlLG2WRUZurKF12SJzROK3GSBy05 X-Received: by 2002:a05:6808:3029:b0:3a4:4b42:612b with SMTP id ay41-20020a056808302900b003a44b42612bmr2548432oib.42.1691569739442; Wed, 09 Aug 2023 01:28:59 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1691569739; cv=none; d=google.com; s=arc-20160816; b=ph5hOwTJairA1/T51sHqz9kPfP6pmBrJ+ELBG39SW21OfAhTA/qBb8+aSoRYOq8Nwx FFkPU3Z+Qbz8ywjCViR1oXqRG9dQ6JliioTMhqYFj6r5AC2cJcHX0d/zVMkc1n6e8BNd JuHRn67gKzufri0h7ccvZnGkMWs/o92G5itZtmoNaGXBUVvkpFv9Yf5pFaq91cwyH5aZ 69jqc9t9jDFcaQK3u63pQDFyxG9ACyAKTHeJMHyqWuB+gmjnEoXf4SAQoXco1ytjHBAO sMVFZVj9Z1Q1pRrC3XqyJM/Jv1L6/rok9ApARgamlagfhqWHOg901b+SDQqBw0ZjqObe oaDw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=F7cBgJJOMTBnikneTaopTMOdBUlC11wMNMezteqJN0Y=; fh=mdEa0AJl5jD6kBeYkaAVzOSMxReJrzkAi1+Tv7vCZG0=; b=xUoTlohhXywkIejFniddFS0R0ygcwOYOSGZ8uaR0HZPzYdXUxjd1/Fzwz7mHYxnrEw LtXfRzvHxZmBdSkn2ZykK18LvAe6hUkJcuOL8TB5ku2F9ahe06JeveIIxtQVr2ThCgtv OnYtlPlK+pDHkiGC2XHYOgunTmp4YVLZzKwoQnmADsUEpgu9nLKbUio4gDVx/WCSSoGF 3DsUXUSJTmtduj6E1nOOXQJ3lpP8WkVCj2MLiDDe1ltw9T4PywWijdaN1dBSz4wJB0Z2 KeR9RQa8a7bDcVkXJPCh8tCVjcrAFiLrmU9oP3K6E7d3MBis8xPayU4CWSR1rZWkDsSJ CBcQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@suse.com header.s=susede1 header.b=BzWCyxUp; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=suse.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id a34-20020a634d22000000b00548e140a1a6si8949413pgb.66.2023.08.09.01.28.46; Wed, 09 Aug 2023 01:28:59 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.com header.s=susede1 header.b=BzWCyxUp; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=suse.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231183AbjHIHyD (ORCPT + 99 others); Wed, 9 Aug 2023 03:54:03 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56926 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229588AbjHIHyC (ORCPT ); Wed, 9 Aug 2023 03:54:02 -0400 Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.220.28]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8A4261BE1; Wed, 9 Aug 2023 00:54:01 -0700 (PDT) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id 4666A215EF; Wed, 9 Aug 2023 07:54:00 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1; t=1691567640; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=F7cBgJJOMTBnikneTaopTMOdBUlC11wMNMezteqJN0Y=; b=BzWCyxUpSe2hAJccDD1PTABoCWJltEBF8n6vqwnFq++OUTA971RTdWT1/d5EGRZwcK4CDz 9+qScP50vAkXDcqH2wYzIu7h9eVYzxx4Q2ykJR+cUQZqAE74D+czZPB0XI7rZDPgtCTBEs LwrmDb7g6I0VgefJ2996UnwwQTQCBDs= Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 26DCD133B5; Wed, 9 Aug 2023 07:54:00 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id HIdoBhhG02QJYQAAMHmgww (envelope-from ); Wed, 09 Aug 2023 07:54:00 +0000 Date: Wed, 9 Aug 2023 09:53:59 +0200 From: Michal Hocko To: Roman Gushchin Cc: Chuyi Zhou , hannes@cmpxchg.org, ast@kernel.org, daniel@iogearbox.net, andrii@kernel.org, muchun.song@linux.dev, bpf@vger.kernel.org, linux-kernel@vger.kernel.org, wuyun.abel@bytedance.com, robin.lu@bytedance.com Subject: Re: [RFC PATCH 1/2] mm, oom: Introduce bpf_select_task Message-ID: References: <20230804093804.47039-1-zhouchuyi@bytedance.com> <20230804093804.47039-2-zhouchuyi@bytedance.com> <866462cf-6045-6239-6e27-45a733aa7daa@bytedance.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue 08-08-23 14:41:17, Roman Gushchin wrote: > On Tue, Aug 08, 2023 at 10:18:39AM +0200, Michal Hocko wrote: > > On Mon 07-08-23 10:28:17, Roman Gushchin wrote: > > > On Mon, Aug 07, 2023 at 09:04:34AM +0200, Michal Hocko wrote: > > > > On Mon 07-08-23 10:21:09, Chuyi Zhou wrote: > > > > > > > > > > > > > > > 在 2023/8/4 21:34, Michal Hocko 写道: > > > > > > On Fri 04-08-23 21:15:57, Chuyi Zhou wrote: > > > > > > [...] > > > > > > > > + switch (bpf_oom_evaluate_task(task, oc, &points)) { > > > > > > > > + case -EOPNOTSUPP: break; /* No BPF policy */ > > > > > > > > + case -EBUSY: goto abort; /* abort search process */ > > > > > > > > + case 0: goto next; /* ignore process */ > > > > > > > > + default: goto select; /* note the task */ > > > > > > > > + } > > > > > > To be honest, I can't say I like it. IMO it's not really using the full bpf > > > potential and is too attached to the current oom implementation. > > > > TBH I am not sure we are able to come up with an interface that would > > ise the full BPF potential at this stage and I strongly believe that we > > should start by something that is good enough. > > > > > First, I'm a bit concerned about implicit restrictions we apply to bpf programs > > > which will be executed potentially thousands times under a very heavy memory > > > pressure. We will need to make sure that they don't allocate (much) memory, don't > > > take any locks which might deadlock with other memory allocations etc. > > > It will potentially require hard restrictions on what these programs can and can't > > > do and this is something that the bpf community will have to maintain long-term. > > > > Right, BPF callbacks operating under OOM situations will be really > > constrained but this is more or less by definition. Isn't it? > > What do you mean? Callbacks cannot depend on any direct or indirect memory allocations. Dependencies on any sleeping locks (again directly or indirectly) is not allowed just to name the most important ones. > In general, the bpf community is trying to make it as generic as possible and > adding new and new features. Bpf programs are not as constrained as they were > when it's all started. Are the above ones somehow carved into BPF in general? > > > Second, if we're introducing bpf here (which I'm not yet convinced), > > > IMO we should use it in a more generic and expressive way. > > > Instead of adding hooks into the existing oom killer implementation, we can call > > > a bpf program before invoking the in-kernel oom killer and let it do whatever > > > it takes to free some memory. E.g. we can provide it with an API to kill individual > > > tasks as well as all tasks in a cgroup. > > > This approach is more generic and will allow to solve certain problems which > > > can't be solved by the current oom killer, e.g. deleting files from a tmpfs > > > instead of killing tasks. > > > > The aim of this proposal is to lift any heavy lifting steming from > > iterating tasks or cgroups which those BPF might need to make a > > decision. There are other ways of course and provide this iteration > > functionality as library functions but my BPF experience is very limited > > to say how easy is that. > > > > > So I think the alternative approach is to provide some sort of an interface to > > > pre-select oom victims in advance. E.g. on memcg level it can look like: > > > > > > echo PID >> memory.oom.victim_proc > > > > this is just a terrible interface TBH. Pids are very volatile objects. > > At the time oom killer reads this pid it might be a completely different > > process. > > Well, we already have cgroup.procs interface, which works ok. > Obviously if the task is dead (or is actually killed in a result of oom), > it's pid is removed from the list. Right, but writing the pid into the file has an immediate effect and recycle pid issues would be rare unless the pid space is mostly depleted. You are proposing an interface where the pid would be consumed in potentially very distant future. Such an approach would only work if the pid is auto-removed and then you need a notification mechanism to replace it by something else. > > > If the list is empty, the default oom killer is invoked. > > > If there are tasks, the first one is killed on OOM. > > > A similar interface can exist to choose between sibling cgroups: > > > > > > echo CGROUP_NAME >> memory.oom.victim_cgroup > > > > Slightly less volatile but not much better either. > > > > > This is just a rough idea. > > > > I am pretty sure that both policies could be implemetd by the proposed > > BPF interface though if you want something like that. > > As I said, I'm pretty concerned about how reliable (and effective) it will be. > I'm not convinced that executing a generic bpf program from the oom context > is safe (and we're talking about executing it potentially thousands of times). > If we're going this way, we need an explicit acknowledge from the bpf > community and a long-term agreement on how we'll keep thing safe. I do agree with that. > It would be also nice to come up with some practical examples of bpf programs. > What are meaningful scenarios which can be covered with the proposed approach > and are not covered now with oom_score_adj. Agreed here as well. This RFC serves purpose of brainstorming on all of this. There is a fundamental question whether we need BPF for this task in the first place. Are there any huge advantages to export the callback and allow a kernel module to hook into it? -- Michal Hocko SUSE Labs