| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 28 Nov 2013 11:20:49 +0100 From: Michal Hocko <mhocko@...e.cz> To: David Rientjes <rientjes@...gle.com> Cc: Johannes Weiner <hannes@...xchg.org>, Andrew Morton <akpm@...ux-foundation.org>, linux-mm@...ck.org, cgroups@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [patch] mm: memcg: do not declare OOM from __GFP_NOFAIL allocations On Wed 27-11-13 15:34:24, David Rientjes wrote: > On Wed, 27 Nov 2013, Johannes Weiner wrote: > > > > We don't give __GFP_NOFAIL allocations access to memory reserves in the > > > page allocator and we do call the oom killer for them so that a process is > > > killed so that memory is freed. Why do we have a different policy for > > > memcg? > > > > Oh boy, that's the epic story we dealt with all throughout the last > > merge window... ;-) > > > > __GFP_NOFAIL allocations might come in with various filesystem locks > > held that could prevent an OOM victim from exiting, so a loop around > > the OOM killer in an allocation context is prone to loop endlessly. > > > > Ok, so let's forget about GFP_KERNEL | __GFP_NOFAIL since anything doing > __GFP_FS should not be holding such locks, we have some of those in the > drivers code and that makes sense that they are doing GFP_KERNEL. > > Focusing on the GFP_NOFS | __GFP_NOFAIL allocations in the filesystem > code, the kernel oom killer independent of memcg never gets called because > !__GFP_FS and they'll simply loop around the page allocator forever. > > In the past, Andrew has expressed the desire to get rid of __GFP_NOFAIL > entirely since it's flawed when combined with GFP_NOFS (and GFP_KERNEL | > __GFP_NOFAIL could simply be reimplemented in the caller) because of the > reason you point out in addition to making it very difficult in the page > allocator to free memory independent of memcg. > > So I'm wondering if we should just disable the oom killer in memcg for > __GFP_NOFAIL as you've done here, but not bypass to the root memcg and > just allow them to spin? I think we should be focused on the fixing the > callers rather than breaking memcg isolation. What if the callers simply cannot deal with the allocation failure? 84235de394d97 (fs: buffer: move allocation failure loop into the allocator) describes one such case when __getblk_slow tries desperately to grow buffers relying on the reclaim to free something. As there might be no reclaim going on we are screwed. That being said, while I do agree with you that we should strive for isolation as much as possible there are certain cases when this is impossible to achieve without seeing much worse consequences. For now, we hope that __GFP_NOFAIL is used very scarcely. -- Michal Hocko SUSE Labs -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists