From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7D65CC433F5 for ; Mon, 14 Feb 2022 20:39:38 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id D69FA6B0075; Mon, 14 Feb 2022 15:39:37 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id D18FB6B007B; Mon, 14 Feb 2022 15:39:37 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id BBA476B007D; Mon, 14 Feb 2022 15:39:37 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0247.hostedemail.com [216.40.44.247]) by kanga.kvack.org (Postfix) with ESMTP id AA24E6B0075 for ; Mon, 14 Feb 2022 15:39:37 -0500 (EST) Received: from smtpin29.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay04.hostedemail.com (Postfix) with ESMTP id 5713A9F5CD for ; Mon, 14 Feb 2022 20:39:37 +0000 (UTC) X-FDA: 79142551194.29.D7AFE5F Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by imf29.hostedemail.com (Postfix) with ESMTP id 9399A12000F for ; Mon, 14 Feb 2022 20:39:36 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1644871176; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=HAECzVoo6xb20snd0BZ4vnL4W4MCzeWKIUtHRwlsp2E=; b=VjEbaqBGJvMe2bYdI9Dx55EeQiidMGaHnaHeu/p6Cg1d9BgBPZKUFYlWAT6CGZY0q+Lzro 4z/uVEayc1B1UzPOmBrY29K1iQjbpL7wxNWcehy7apL6dLtcFZb7g3dZwUJSGsQziTo85V LjPXbHj2swzdRmHsWkoklecuLHCzSYI= Received: from mail-io1-f70.google.com (mail-io1-f70.google.com [209.85.166.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-65-UrwNngvAPa2U9xhg-K_Ewg-1; Mon, 14 Feb 2022 15:39:34 -0500 X-MC-Unique: UrwNngvAPa2U9xhg-K_Ewg-1 Received: by mail-io1-f70.google.com with SMTP id ay26-20020a5d9d9a000000b006396dd81e4bso9849467iob.10 for ; Mon, 14 Feb 2022 12:39:34 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:date:mime-version:user-agent:subject :content-language:to:cc:references:from:in-reply-to :content-transfer-encoding; bh=HAECzVoo6xb20snd0BZ4vnL4W4MCzeWKIUtHRwlsp2E=; b=JzUKjtJPToJ8Clu74+yTSg9QyXY2KI3odM/sNGAwlh+PSQ8q7NKZeXploUjlUjYB/w twYX3qg/OxWMZDHAiWuYrZ1laMa8YU+Ur3dRdmNz/sNlX6UmTs4gXmpZjNQSDDTLf8zq vq63d9fOTkuz+zTGdEB8fQWZFGJ7goQ/N2QaUh4SSJqFG1Gz2TynATH2rlLmUzYVmwfO GkX4r6WqbMOvv2dcQm8XiMuyjHEt3cyVZjhQnrt3t3f3OGyrRX3KRzl7ubJhMcsKjoYL zu62blgAbLD/GEaNYLJhYJZGZKANPsGj1MVxLmPZ1CDnNiNy6nD4C+f53tqP5tu2WGCO fgjw== X-Gm-Message-State: AOAM5326yo9oDpdR2Io/bZpyap3i2632+7DR5vwv/dSIYa6V+G2b+HYD BP2cZUjhWtJKBvF1QvOday4pIxd4YglXFO0oL7faG58JfBxZTHL3KxZMFL4fWFe5ssU57IRF0Fr jZqS7EY0EyW8= X-Received: by 2002:a05:6e02:15c8:: with SMTP id q8mr395714ilu.19.1644871174085; Mon, 14 Feb 2022 12:39:34 -0800 (PST) X-Google-Smtp-Source: ABdhPJy5cu3m+TozT2FZ+o5dsIkovOwm0QFJliaGHGqwZZ83nc7T40s7dpZ9fgU1na7EoDMJfryjvg== X-Received: by 2002:a05:6e02:15c8:: with SMTP id q8mr395702ilu.19.1644871173792; Mon, 14 Feb 2022 12:39:33 -0800 (PST) Received: from ?IPV6:2601:280:4400:a2e0::4f60? ([2601:280:4400:a2e0::4f60]) by smtp.gmail.com with ESMTPSA id u12sm16796049ilg.51.2022.02.14.12.39.32 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 14 Feb 2022 12:39:33 -0800 (PST) Message-ID: <118fc685-c68d-614f-006a-7d5487302122@redhat.com> Date: Mon, 14 Feb 2022 15:39:31 -0500 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.5.0 Subject: Re: [PATCH v3] mm/oom: do not oom reap task with an unresolved robust futex To: Michal Hocko Cc: Waiman Long , linux-mm@kvack.org, linux-kernel@vger.kernel.org, akpm@linux-foundation.org, jsavitz@redhat.com, peterz@infradead.org, tglx@linutronix.de, mingo@redhat.com, dvhart@infradead.org, dave@stgolabs.net, andrealmeid@collabora.com References: <20220114180135.83308-1-npache@redhat.com> <43a6c470-9fc2-6195-9a25-5321d17540e5@redhat.com> From: Nico Pache In-Reply-To: X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Type: text/plain; charset=UTF-8 X-Rspam-User: X-Rspamd-Server: rspam04 X-Rspamd-Queue-Id: 9399A12000F X-Stat-Signature: ggii1sjg3ajdp8ft6bqs4ur7yyooxp1t Authentication-Results: imf29.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=VjEbaqBG; dmarc=pass (policy=none) header.from=redhat.com; spf=none (imf29.hostedemail.com: domain of npache@redhat.com has no SPF policy when checking 170.10.129.124) smtp.mailfrom=npache@redhat.com X-HE-Tag: 1644871176-90604 Content-Transfer-Encoding: quoted-printable X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On 1/18/22 03:51, Michal Hocko wrote: > On Mon 17-01-22 17:56:28, Nico Pache wrote: >> On 1/17/22 11:05, Waiman Long wrote: >>> On 1/17/22 03:52, Michal Hocko wrote: > [...] >>>>> diff --git a/mm/oom_kill.c b/mm/oom_kill.c >>>>> index 1ddabefcfb5a..3cdaac9c7de5 100644 >>>>> --- a/mm/oom_kill.c >>>>> +++ b/mm/oom_kill.c >>>>> @@ -667,6 +667,21 @@ static void wake_oom_reaper(struct task_struct= *tsk) >>>>> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 if (test_and_set_bit(MMF_OOM_REAP_QU= EUED, &tsk->signal->oom_mm->flags)) >>>>> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 return; >>>>> =C2=A0 +#ifdef CONFIG_FUTEX >>>>> +=C2=A0=C2=A0=C2=A0 /* >>>>> +=C2=A0=C2=A0=C2=A0=C2=A0 * If the ooming task's SIGKILL has not fi= nished handling the >>>>> +=C2=A0=C2=A0=C2=A0=C2=A0 * robust futex it is not correct to reap = the mm concurrently. >>>>> +=C2=A0=C2=A0=C2=A0=C2=A0 * Do not wake the oom reaper when the tas= k still contains a >>>>> +=C2=A0=C2=A0=C2=A0=C2=A0 * robust list. >>>>> +=C2=A0=C2=A0=C2=A0=C2=A0 */ >>>>> +=C2=A0=C2=A0=C2=A0 if (tsk->robust_list) >>>>> +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 return; >>>>> +#ifdef CONFIG_COMPAT >>>>> +=C2=A0=C2=A0=C2=A0 if (tsk->compat_robust_list) >>>>> +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 return; >>>>> +#endif >>>>> +#endif >>>> If this turns out to be really needed, which I do not really see at = the >>>> moment, then this is not the right way to handle this situation. The= oom >>>> victim could get stuck and the oom killer wouldn't be able to move >>>> forward. If anything the victim would need to get MMF_OOM_SKIP set. >> >> I will try this, but I don't immediately see any difference between th= is return >> case and setting the bit, passing the oom_reaper_list, then skipping i= t based on >> the flag. Do you mind explaining how this could lead to the oom killer= getting >> stuck? >=20 > The primary purpose of the oom_reaper is to guarantee a forward > progress. If a task gets stuck in the kernel - e.g. on locks then it > won't bail out and won't handle signals (i.e. SIGKILL from the > userspace). The oom killer prevents new oom victims selection in a > presence of an existing oom victim (see oom_evaluate_task). That means > that we not only send a SIGKILL to the victim, we also wake up the oom > reaper which then asynchronously tears down the private memory of the > task (thus release at least some of its memory) and once it is done it > will set MMF_OOM_SKIP flag which will tell the oom killer > (oom_evaluate_task) that this victim is no longer interesting and a new > victim can be selected. >=20 > Makes sense? Thank does, Thank you for clearing that up! >=20 > Part of the async tear down is also MMF_UNSTABLE handling (see > __oom_reap_task_mm) which tells #PF handling code > (check_stable_address_space) that the underlying memory could have been > tempered with and thus it should return SIGBUS. The underlying > assumption is that the process (and all tasks which share its mm) has > been killed and it will never return to the userspace so the de-facto > memory corruption doesn't matter. >=20 > One thing that is still unclear to me is why this leads to any locked u= p > tasks. Looking at exit_robust_list I can see that it is accessing the > userspace memory but this should return EFAULT in this situation. My > assumption (which might be really wrong) is that futex shared among > processes which are not sharing mm nor signal handling will be sitting > in a shared memory.=20 >=20 > Now to the actual fix. I do not think we want to hide the task from the > oom reaper as you are suggesting. Futexes are very likely to be used fo= r > many processes and that would make the whole async scheme useless. We > need something like the below. >=20 > futex_exit_release is not directly usable as it implicitly depends > on memory allocation (#PF) and that is not acceptable. So instead we > need something futex_exit_try_release or similar which would fail the > operation in case get_user (pagefault_disable) needs to really handle > the #PF or if the futex_exit_mutex is locked. In other words this would > have to be a completely non-blocking operation. The oom reaper would > then bail out. Yeah Joel came up with a similar idea once we realized his v2 had the iss= ue with sleeping. We've recently been discussing the following if statement in __oom_reap_t= ask_mm: if (vma_is_anonymous(vma) || !(vma->vm_flags & VM_SHARED)) Given the comment above it, and some of the upstream discussion the origi= nal RFC, we are struggling to see why this should be a `||` and not an `&&`. = If we only want to reap anon memory and reaping shared memory can be dangerous = is this statement incorrect? We have a patch queued up to make this change, but wanted to get your opi= nion on why this was originally designed this way in case we are missing somethin= g. -- Nico > diff --git a/mm/oom_kill.c b/mm/oom_kill.c > index ef5860fc7d22..57660d3d1b79 100644 > --- a/mm/oom_kill.c > +++ b/mm/oom_kill.c > @@ -613,6 +613,9 @@ static void oom_reap_task(struct task_struct *tsk) > int attempts =3D 0; > struct mm_struct *mm =3D tsk->signal->oom_mm; > =20 > + if (futex_exit_try_release(tsk)) > + goto fail; > + > /* Retry the mmap_read_trylock(mm) a few times */ > while (attempts++ < MAX_OOM_REAP_RETRIES && !oom_reap_task_mm(tsk, mm= )) > schedule_timeout_idle(HZ/10); > @@ -621,6 +624,7 @@ static void oom_reap_task(struct task_struct *tsk) > test_bit(MMF_OOM_SKIP, &mm->flags)) > goto done; > =20 > +fail: > pr_info("oom_reaper: unable to reap pid:%d (%s)\n", > task_pid_nr(tsk), tsk->comm); > sched_show_task(tsk); > @@ -1184,6 +1188,11 @@ SYSCALL_DEFINE2(process_mrelease, int, pidfd, un= signed int, flags) > if (!reap) > goto drop_mm; > =20 > + if (futex_exit_try_release(tsk)) { > + ret =3D -EAGAIN; > + goto drop_mm; > + } > +=09 > if (mmap_read_lock_killable(mm)) { > ret =3D -EINTR; > goto drop_mm;