lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <dili5kn3xjjzamwmyxjgdkf5vvh6sqftm7qk4f2vbxuizfzlb2@xrtxlvlqaos5>
Date: Tue, 23 Jul 2024 12:49:41 +0300
From: "Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>
To: Vlastimil Babka <vbabka@...e.cz>
Cc: Michal Hocko <mhocko@...e.com>, 
	Andrew Morton <akpm@...ux-foundation.org>, "Borislav Petkov (AMD)" <bp@...en8.de>, 
	Mel Gorman <mgorman@...e.de>, Tom Lendacky <thomas.lendacky@....com>, 
	Mike Rapoport <rppt@...nel.org>, linux-mm@...ck.org, linux-kernel@...r.kernel.org, 
	Jianxiong Gao <jxgao@...gle.com>, stable@...r.kernel.org
Subject: Re: [PATCH] mm: Fix endless reclaim on machines with unaccepted
 memory.

On Tue, Jul 23, 2024 at 09:30:27AM +0200, Vlastimil Babka wrote:
> On 7/22/24 4:07 PM, Kirill A. Shutemov wrote:
> > On Wed, Jul 17, 2024 at 02:06:46PM +0200, Michal Hocko wrote:
> >> Please try to investigate this further. The patch as is looks rather
> >> questionable to me TBH. Spilling unaccepted memory into the reclaim
> >> seems like something we should avoid if possible as this is something
> > 
> > Okay, I believe I have a better understanding of the situation:
> > 
> > - __alloc_pages_bulk() takes pages from the free list without accepting
> >   more memory. This can cause number of free pages to fall below the
> >   watermark.
> > 
> >   This issue can be resolved by accepting more memory in
> >   __alloc_pages_bulk() if the watermark check fails.
> > 
> >   The problem is not only related to unallocated memory. I think the
> >   deferred page initialization mechanism could result in premature OOM if
> >   __alloc_pages_bulk() allocates pages faster than deferred page
> >   initialization can add them to the free lists. However, this scenario is
> >   unlikely.
> > 
> > - There is nothing that compels the kernel to accept more memory after the
> >   watermarks have been calculated in __setup_per_zone_wmarks(). This can
> >   put us under the watermark.
> > 
> >   This issue can be resolved by accepting memory up to the watermark after
> >   the watermarks have been initialized.
> > 
> > - Once kswapd is started, it will begin spinning if we are below the
> >   watermark and there is no memory that can be reclaimed. Once the above
> >   problems are fixed, the issue will be resolved.
> > 
> > - The kernel needs to accept memory up to the PROMO watermark. This will
> >   prevent unaccepted memory from interfering with NUMA balancing.
> 
> So do we still assume all memory is eventually accepted and it's just a
> initialization phase thing? And the only reason we don't do everything in a
> kthread like the deferred struct page init, is to spread out some potential
> contention on the host side?
> 
> If yes, do we need NUMA balancing even to be already active during that phase?

No, there is nothing that requires guests to accept all of the memory. If
the working set of a workload within the guest only requires a portion of
the memory, the rest will remain unallocated and available to the host for
other tasks.

I think accepting memory up to the PROMO watermark would not hurt
anybody.

> > The patch below addresses the issues I listed earlier. It is not yet ready
> > for application. Please see the issues listed below.
> > 
> > Andrew, please drop the current patch.
> > 
> > There are a few more things I am worried about:
> > 
> > - The current get_page_from_freelist() and patched __alloc_pages_bulk()
> >   only try to accept memory if the requested (alloc_flags & ALLOC_WMARK_MASK)
> >   watermark check fails. For example, if a requested allocation with
> >   ALLOC_WMARK_MIN is called, we will not try to accept more memory, which
> >   could potentially put us under the high/promo watermark and cause the
> >   following kswapd start to get us into an endless loop.
> > 
> >   Do we want to make memory acceptance in these paths independent of
> >   alloc_flags?
> 
> Hm ALLOC_WMARK_MIN will proceed, but with a watermark below the low
> watermark will still wake up kswapd, right? Isn't that another scenario
> where kswapd can start spinning?

Yes, that is the concern.

> > - __isolate_free_page() removes a page from the free list without
> >   accepting new memory. The function is called with the zone lock taken.
> >   It is bad idea to accept memory while holding the zone lock, but
> >   the alternative of pushing the accept to the caller is not much better.
> > 
> >   I have not observed any issues caused by __isolate_free_page() in
> >   practice, but there is no reason why it couldn't potentially cause
> >   problems.
> >  
> > - The function take_pages_off_buddy() also removes pages from the free
> >   list without accepting new memory. Unlike the function
> >   __isolate_free_page(), it is called without the zone lock being held, so
> >   we can accept memory there. I believe we should do so.
> > 
> > I understand why adding unaccepted memory handling into the reclaim path
> > is questionable. However, it may be the best way to handle cases like
> > __isolate_free_page() and possibly others in the future that directly take
> > memory from free lists.
> 
> Yes seems it might be not that bad solution, otherwise it could be hopeless
> whack-a-mole to prevent all corner cases where reclaim can be triggered
> without accepting memory first.
> 
> Although just removing the lazy accept mode would be much more appealing
> solution than this :)

:P

Not really an option for big VMs. It might add many minutes to boot time.

> > Any thoughts?
> 
> Wonder if deferred struct page init has many of the same problems, i.e. with
> __isolate_free_page() and take_pages_off_buddy(), and if not, why?

Even if deferred struct page init would trigger reclaim, kswapd will not
spin forever. The background thread will add more free memory, so forward
progress is guaranteed. And deferred struct page init is done before init
starts.

-- 
  Kiryl Shutsemau / Kirill A. Shutemov

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ