lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 11 Mar 2016 09:18:25 +0100
From:	Michal Hocko <mhocko@...nel.org>
To:	Johannes Weiner <hannes@...xchg.org>
Cc:	Andrew Morton <akpm@...ux-foundation.org>,
	Vladimir Davydov <vdavydov@...tuozzo.com>, linux-mm@...ck.org,
	cgroups@...r.kernel.org, linux-kernel@...r.kernel.org,
	kernel-team@...com
Subject: Re: [PATCH] mm: memcontrol: reclaim and OOM kill when shrinking
 memory.max below usage

On Thu 10-03-16 15:50:14, Johannes Weiner wrote:
> Setting the original memory.limit_in_bytes hardlimit is subject to a
> race condition when the desired value is below the current usage. The
> code tries a few times to first reclaim and then see if the usage has
> dropped to where we would like it to be, but there is no locking, and
> the workload is free to continue making new charges up to the old
> limit. Thus, attempting to shrink a workload relies on pure luck and
> hope that the workload happens to cooperate.

OK this would be indeed a problem when you want to stop a runaway load.

> To fix this in the cgroup2 memory.max knob, do it the other way round:
> set the limit first, then try enforcement. And if reclaim is not able
> to succeed, trigger OOM kills in the group. Keep going until the new
> limit is met, we run out of OOM victims and there's only unreclaimable
> memory left, or the task writing to memory.max is killed. This allows
> users to shrink groups reliably, and the behavior is consistent with
> what happens when new charges are attempted in excess of memory.max.

Here as well. I think this should go into 4.5 final or later to stable
so that we do not have different behavior of the knob.
 
> Signed-off-by: Johannes Weiner <hannes@...xchg.org>

Acked-by: Michal Hocko <mhocko@...e.com>

One nit below

[...]
> @@ -5037,9 +5040,36 @@ static ssize_t memory_max_write(struct kernfs_open_file *of,
>  	if (err)
>  		return err;
>  
> -	err = mem_cgroup_resize_limit(memcg, max);
> -	if (err)
> -		return err;
> +	xchg(&memcg->memory.limit, max);
> +
> +	for (;;) {
> +		unsigned long nr_pages = page_counter_read(&memcg->memory);
> +
> +		if (nr_pages <= max)
> +			break;
> +
> +		if (signal_pending(current)) {

Didn't you want fatal_signal_pending here? At least the changelog
suggests that.

> +			err = -EINTR;
> +			break;
> +		}
-- 
Michal Hocko
SUSE Labs

Powered by blists - more mailing lists