lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAJD7tkb7zSFT5VnZ-00CA0mBE8dFmVqwPwvMpCYG9c-J3ovjyA@mail.gmail.com>
Date:   Fri, 19 May 2023 15:04:26 -0700
From:   Yosry Ahmed <yosryahmed@...gle.com>
To:     程垲涛 Chengkaitao Cheng 
        <chengkaitao@...iglobal.com>
Cc:     "tj@...nel.org" <tj@...nel.org>,
        "lizefan.x@...edance.com" <lizefan.x@...edance.com>,
        "hannes@...xchg.org" <hannes@...xchg.org>,
        "corbet@....net" <corbet@....net>,
        "mhocko@...nel.org" <mhocko@...nel.org>,
        "roman.gushchin@...ux.dev" <roman.gushchin@...ux.dev>,
        "shakeelb@...gle.com" <shakeelb@...gle.com>,
        "akpm@...ux-foundation.org" <akpm@...ux-foundation.org>,
        "brauner@...nel.org" <brauner@...nel.org>,
        "muchun.song@...ux.dev" <muchun.song@...ux.dev>,
        "viro@...iv.linux.org.uk" <viro@...iv.linux.org.uk>,
        "zhengqi.arch@...edance.com" <zhengqi.arch@...edance.com>,
        "ebiederm@...ssion.com" <ebiederm@...ssion.com>,
        "Liam.Howlett@...cle.com" <Liam.Howlett@...cle.com>,
        "chengzhihao1@...wei.com" <chengzhihao1@...wei.com>,
        "pilgrimtao@...il.com" <pilgrimtao@...il.com>,
        "haolee.swjtu@...il.com" <haolee.swjtu@...il.com>,
        "yuzhao@...gle.com" <yuzhao@...gle.com>,
        "willy@...radead.org" <willy@...radead.org>,
        "vasily.averin@...ux.dev" <vasily.averin@...ux.dev>,
        "vbabka@...e.cz" <vbabka@...e.cz>,
        "surenb@...gle.com" <surenb@...gle.com>,
        "sfr@...b.auug.org.au" <sfr@...b.auug.org.au>,
        "mcgrof@...nel.org" <mcgrof@...nel.org>,
        "feng.tang@...el.com" <feng.tang@...el.com>,
        "cgroups@...r.kernel.org" <cgroups@...r.kernel.org>,
        "linux-doc@...r.kernel.org" <linux-doc@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "linux-fsdevel@...r.kernel.org" <linux-fsdevel@...r.kernel.org>,
        "linux-mm@...ck.org" <linux-mm@...ck.org>,
        David Rientjes <rientjes@...gle.com>
Subject: Re: [PATCH v4 0/2] memcontrol: support cgroup level OOM protection

On Wed, May 17, 2023 at 10:12 PM 程垲涛 Chengkaitao Cheng
<chengkaitao@...iglobal.com> wrote:
>
> At 2023-05-18 04:42:12, "Yosry Ahmed" <yosryahmed@...gle.com> wrote:
> >On Wed, May 17, 2023 at 3:01 AM 程垲涛 Chengkaitao Cheng
> ><chengkaitao@...iglobal.com> wrote:
> >>
> >> At 2023-05-17 16:09:50, "Yosry Ahmed" <yosryahmed@...gle.com> wrote:
> >> >On Wed, May 17, 2023 at 1:01 AM 程垲涛 Chengkaitao Cheng
> >> ><chengkaitao@...iglobal.com> wrote:
> >> >>
> >> >> At 2023-05-17 14:59:06, "Yosry Ahmed" <yosryahmed@...gle.com> wrote:
> >> >> >+David Rientjes
> >> >> >
> >> >> >On Tue, May 16, 2023 at 8:20 PM chengkaitao <chengkaitao@...iglobal.com> wrote:
> >> >> >>
> >> >> Thank you for providing a new application scenario. You have described a
> >> >> new per-memcg approach, but a simple introduction cannot explain the
> >> >> details of your approach clearly. If you could compare and analyze my
> >> >> patches for possible defects, or if your new approach has advantages
> >> >> that my patches do not have, I would greatly appreciate it.
> >> >
> >> >Sorry if I was not clear, I am not implying in any way that the
> >> >approach I am describing is better than your patches. I am guilty of
> >> >not conducting the proper analysis you are requesting.
> >>
> >> There is no perfect approach in the world, and I also seek your advice with
> >> a learning attitude. You don't need to say sorry, I should say thank you.
> >>
> >> >I just saw the thread and thought it might be interesting to you or
> >> >others to know the approach that we have been using for years in our
> >> >production. I guess the target is the same, be able to tell the OOM
> >> >killer which memcgs/processes are more important to protect. The
> >> >fundamental difference is that instead of tuning this based on the
> >> >memory usage of the memcg (your approach), we essentially give the OOM
> >> >killer the ordering in which we want memcgs/processes to be OOM
> >> >killed. This maps to jobs priorities essentially.
> >>
> >> Killing processes in order of memory usage cannot effectively protect
> >> important processes. Killing processes in a user-defined priority order
> >> will result in a large number of OOM events and still not being able to
> >> release enough memory. I have been searching for a balance between
> >> the two methods, so that their shortcomings are not too obvious.
> >> The biggest advantage of memcg is its tree topology, and I also hope
> >> to make good use of it.
> >
> >For us, killing processes in a user-defined priority order works well.
> >
> >It seems like to tune memory.oom.protect you use oom_kill_inherit to
> >observe how many times this memcg has been killed due to a limit in an
> >ancestor. Wouldn't it be more straightforward to specify the priority
> >of protections among memcgs?
> >
> >For example, if you observe multiple memcgs being OOM killed due to
> >hitting an ancestor limit, you will need to decide which of them to
> >increase memory.oom.protect for more, based on their importance.
> >Otherwise, if you increase all of them, then there is no point if all
> >the memory is protected, right?
>
> If all memory in memcg is protected, its meaning is similar to that of the
> highest priority memcg in your approach, which is ultimately killed or
> never killed.

Makes sense. I believe it gets a bit trickier when you want to
describe relative ordering between memcgs using memory.oom.protect.

>
> >In this case, wouldn't it be easier to just tell the OOM killer the
> >relative priority among the memcgs?
> >
> >>
> >> >If this approach works for you (or any other audience), that's great,
> >> >I can share more details and perhaps we can reach something that we
> >> >can both use :)
> >>
> >> If you have a good idea, please share more details or show some code.
> >> I would greatly appreciate it
> >
> >The code we have needs to be rebased onto a different version and
> >cleaned up before it can be shared, but essentially it is as
> >described.
> >
> >(a) All processes and memcgs start with a default score.
> >(b) Userspace can specify scores for memcgs and processes. A higher
> >score means higher priority (aka less score gets killed first).
> >(c) The OOM killer essentially looks for the memcg with the lowest
> >scores to kill, then among this memcg, it looks for the process with
> >the lowest score. Ties are broken based on usage, so essentially if
> >all processes/memcgs have the default score, we fallback to the
> >current OOM behavior.
>
> If memory oversold is severe, all processes of the lowest priority
> memcg may be killed before selecting other memcg processes.
> If there are 1000 processes with almost zero memory usage in
> the lowest priority memcg, 1000 invalid kill events may occur.
> To avoid this situation, even for the lowest priority memcg,
> I will leave him a very small oom.protect quota.

I checked internally, and this is indeed something that we see from
time to time. We try to avoid that with userspace OOM killing, but
it's not 100% effective.

>
> If faced with two memcgs with the same total memory usage and
> priority, memcg A has more processes but less memory usage per
> single process, and memcg B has fewer processes but more
> memory usage per single process, then when OOM occurs, the
> processes in memcg B may continue to be killed until all processes
> in memcg B are killed, which is unfair to memcg B because memcg A
> also occupies a large amount of memory.

I believe in this case we will kill one process in memcg B, then the
usage of memcg A will become higher, so we will pick a process from
memcg A next.

>
> Dose your approach have these issues? Killing processes in a
> user-defined priority is indeed easier and can work well in most cases,
> but I have been trying to solve the cases that it cannot cover.

The first issue is relatable with our approach. Let me dig more info
from our internal teams and get back to you with more details.

>
> --
> Thanks for your comment!
> chengkaitao
>
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ