From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id D0F4AC369D5 for ; Mon, 28 Apr 2025 17:24:37 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 3AE816B00B3; Mon, 28 Apr 2025 13:24:36 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 35BD96B00B4; Mon, 28 Apr 2025 13:24:36 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 24B6C6B00B5; Mon, 28 Apr 2025 13:24:36 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 078566B00B3 for ; Mon, 28 Apr 2025 13:24:36 -0400 (EDT) Received: from smtpin12.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id B38511A0F28 for ; Mon, 28 Apr 2025 17:24:36 +0000 (UTC) X-FDA: 83384126952.12.4F70455 Received: from out-176.mta1.migadu.com (out-176.mta1.migadu.com [95.215.58.176]) by imf26.hostedemail.com (Postfix) with ESMTP id 9D4C1140006 for ; Mon, 28 Apr 2025 17:24:34 +0000 (UTC) Authentication-Results: imf26.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b=TpvR1GjV; dmarc=pass (policy=none) header.from=linux.dev; spf=pass (imf26.hostedemail.com: domain of roman.gushchin@linux.dev designates 95.215.58.176 as permitted sender) smtp.mailfrom=roman.gushchin@linux.dev ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1745861075; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=3N6Gu9hVtB/Cv1roQIKXZF1bYSRyAou66/1fwioQv54=; b=o9IbZnamx2lPFm/GAvloFqqSxlFOTFVUYEb21QbOPnynjFJoJhQnOqHFhQe1rThF5FzmdW 0YRRwUd/sW6UroCQ3pyU0yW9cI2+w0D9stR554MHSYiC9Vxe813Exjx7HVf4n1q+ShI8BL OJ2RE7f5sSxD1X+zNPkpMzeh3uH0P1Y= ARC-Authentication-Results: i=1; imf26.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b=TpvR1GjV; dmarc=pass (policy=none) header.from=linux.dev; spf=pass (imf26.hostedemail.com: domain of roman.gushchin@linux.dev designates 95.215.58.176 as permitted sender) smtp.mailfrom=roman.gushchin@linux.dev ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1745861075; a=rsa-sha256; cv=none; b=r+Qbc7sfF5tw55MEYRdouMcbu2eeAOLRYloxvttw3DWfoVLqYOPvSTmnPziY6ajiLNuf60 UHWM3K5trhk/tt1W4zHvWuR3aL9modTzTm27k16i6Ko5Q87skye2TvS2k5/CW92KsdRi4V tb0+erv8S94m5Xyp9o000obrjjX2VVM= Date: Mon, 28 Apr 2025 17:24:21 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1745861072; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=3N6Gu9hVtB/Cv1roQIKXZF1bYSRyAou66/1fwioQv54=; b=TpvR1GjVHTYzAAjnpsn9UT708g+KuvwgX8A+fvoaPVW7p1Kjym9fxKNnbAUXsurKIoirwH yH5nFUe8Wn1wwYedGua5HhjZ/nyNTsi+53pPt+zwzVsJuLTFJ/Bquk5fnhCJPkw4I0DX0g MufBgO4yz4HDaKopHiQpLY2uInLz48A= X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. From: Roman Gushchin To: Matt Bobrowski Cc: linux-kernel@vger.kernel.org, Andrew Morton , Alexei Starovoitov , Johannes Weiner , Michal Hocko , Shakeel Butt , Suren Baghdasaryan , David Rientjes , Josh Don , Chuyi Zhou , cgroups@vger.kernel.org, linux-mm@kvack.org, bpf@vger.kernel.org Subject: Re: [PATCH rfc 00/12] mm: BPF OOM Message-ID: References: <20250428033617.3797686-1-roman.gushchin@linux.dev> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Migadu-Flow: FLOW_OUT X-Stat-Signature: f77fjimu1wg1auk7uxoeyix3hjepkh3p X-Rspamd-Queue-Id: 9D4C1140006 X-Rspam-User: X-Rspamd-Server: rspam05 X-HE-Tag: 1745861074-260751 X-HE-Meta: U2FsdGVkX1+Jqzgk/G0K5fQrVu5UcjUkppECwSapKA2yjuvl1SvvEwBlzDPo1B9ApeAqwin05kVbfV4qC9hUy89JixvSldoHTO7j1CRcKZGq6v7jvT+q8WYMoS2zxp45fB/DUd0A+XGypPWN6EpPZjtejUUXIX/lo03s5iiy2Tp5AY2W+HvcDX1Ai16WYel2nBwIf3p7jBTl7IHqJvdSpLB7HO+hyigxH/7MTcc56I1RrTu2YBJUBU5hDPmCzRXaAS4zecmQai9b1/7j7mc/MeDJYxPTortLRgwWbjS9lWy8F4aT1EaO8dIjrimupppQpbojAbwYBL0OG10ott9pzCRCG3Nm0geU8mWP33/oyVWI9aa4uS/rRkxHTFt460cZeSCQxRysQtqlFLI1vGK0NG98VG/V1wIQUZXkv9uOLa6OMNwteUBswadAGbusfLJLuuPq5oMGDp6/koT4vpjR7ii36WRcDyrBibZUoXnrRmIinT+7tyRO/iyixfyqUSrudDYbHozrur8l74PH5FCCeFh+dImadN/J0xuml2f6gZbCKm1Fo+rZnwWQrblALxs8FHYgDPDgoZccx55uZDy5MgS2Nituje+q4JMcqT7nky7SIU6yrJuB1mMYvJf1qX+j4AIChmEKjLuYEzq3wKY2TfJftXKBiXKZxwYheONqZ7jtMhPOal52KSviNT99mhiv1e2YFmJEmGYXmSZ7vocdEevGF5MYT/ve8K+/Y5mUtdtwaZuexnVNntbcDkCsUvmXabQ593FCHD51MIyW02Is4/5zj6GDksRsOw33g70XmwJz/0SZLZL8OXJZpFEPgajMevKveC/a6eJtdkv9TRsoJiPIpgBldLhwLoiEuVGmMbOkK9LfhReVpWKRDjyHHZrYtq+tu1O5+6+DT4whNE8YsTmwnbNEKmzkvba/dD7nP2f5bRWti0D43UVh8wMT8tJVcf8byNt3pe/y/Oj+rer zvC4FHZ+ b9sNiytWmPX9gxhEM/OyvPGQsKRVUARIysFDiZ/PGreUxl8/m4MD8P+FGsemG2Tf4f9x/f5AXCU1uPt1pt+VysNV/2nD/G3JCMV9F+k5SzuncNstvFjut8YDMtp3tMwwssvgGpux2U2nYp/f41BJ1WvGab9vPtgBADX19g4ku8fBDrCf/ibLZHBw8ANu3b7RqSvLJjNS2YOUB/99OgAOtiTNA0JX93Imrl8ke9AU1saLKU0l0JX5AbR5XmyRr0uqY7lXZYyTRqMu2vPbw+naG+QS1R8y4/sW/irxo0ucv19cGa3MtJ4Dijh595n51pq4vPCSBG0IMWUl/qTRZNFihEmXquxBB3sSSNC+9Mz/pLtBF+jDR42oKWUm/+amu9nbjSkKnNG63C/sz+NTbCRyhqOw2W9ozm/YGO/sBFKjKgOSUFMNuYvKlO8ilTKkGkLfebEJk6NC/IWpg2qxtENutq0wgojwawgTt8OBHfwHO2jXqDEUkFAf1BhmViG/+SYwGUlau X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Mon, Apr 28, 2025 at 10:43:07AM +0000, Matt Bobrowski wrote: > On Mon, Apr 28, 2025 at 03:36:05AM +0000, Roman Gushchin wrote: > > This patchset adds an ability to customize the out of memory > > handling using bpf. > > > > It focuses on two parts: > > 1) OOM handling policy, > > 2) PSI-based OOM invocation. > > > > The idea to use bpf for customizing the OOM handling is not new, but > > unlike the previous proposal [1], which augmented the existing task > > ranking-based policy, this one tries to be as generic as possible and > > leverage the full power of the modern bpf. > > > > It provides a generic hook which is called before the existing OOM > > killer code and allows implementing any policy, e.g. picking a victim > > task or memory cgroup or potentially even releasing memory in other > > ways, e.g. deleting tmpfs files (the last one might require some > > additional but relatively simple changes). > > > > The past attempt to implement memory-cgroup aware policy [2] showed > > that there are multiple opinions on what the best policy is. As it's > > highly workload-dependent and specific to a concrete way of organizing > > workloads, the structure of the cgroup tree etc, a customizable > > bpf-based implementation is preferable over a in-kernel implementation > > with a dozen on sysctls. > > > > The second part is related to the fundamental question on when to > > declare the OOM event. It's a trade-off between the risk of > > unnecessary OOM kills and associated work losses and the risk of > > infinite trashing and effective soft lockups. In the last few years > > several PSI-based userspace solutions were developed (e.g. OOMd [3] or > > systemd-OOMd [4]). The common idea was to use userspace daemons to > > implement custom OOM logic as well as rely on PSI monitoring to avoid > > stalls. In this scenario the userspace daemon was supposed to handle > > the majority of OOMs, while the in-kernel OOM killer worked as the > > last resort measure to guarantee that the system would never deadlock > > on the memory. But this approach creates additional infrastructure > > churn: userspace OOM daemon is a separate entity which needs to be > > deployed, updated, monitored. A completely different pipeline needs to > > be built to monitor both types of OOM events and collect associated > > logs. A userspace daemon is more restricted in terms on what data is > > available to it. Implementing a daemon which can work reliably under a > > heavy memory pressure in the system is also tricky. > > > > [1]: https://lwn.net/ml/linux-kernel/20230810081319.65668-1-zhouchuyi@bytedance.com/ > > [2]: https://lore.kernel.org/lkml/20171130152824.1591-1-guro@fb.com/ > > [3]: https://github.com/facebookincubator/oomd > > [4]: https://www.freedesktop.org/software/systemd/man/latest/systemd-oomd.service.html > > > > ---- > > > > This is an RFC version, which is not intended to be merged in the current form. > > Open questions/TODOs: > > 1) Program type/attachment type for the bpf_handle_out_of_memory() hook. > > It has to be able to return a value, to be sleepable (to use cgroup iterators) > > and to have trusted arguments to pass oom_control down to bpf_oom_kill_process(). > > Current patchset has a workaround (patch "bpf: treat fmodret tracing program's > > arguments as trusted"), which is not safe. One option is to fake acquire/release > > semantics for the oom_control pointer. Other option is to introduce a completely > > new attachment or program type, similar to lsm hooks. > > Thinking out loud now, but rather than introducing and having a single > BPF-specific function/interface, and BPF program for that matter, > which can effectively be used to short-circuit steps from within > out_of_memory(), why not introduce a > tcp_congestion_ops/sched_ext_ops-like interface which essentially > provides a multifaceted interface for controlling OOM killing > (->select_bad_process, ->oom_kill_process, etc), optionally also from > the context of a BPF program (BPF_PROG_TYPE_STRUCT_OPS)? It's certainly an option and I thought about it. I don't think we need a bunch of hooks though. This patchset adds 2 and they belong to completely different subsystems (mm and sched/psi), so Idk how well they can be gathered into a single struct ops. But maybe it's fine. The only potentially new hook I can envision now is one to customize the oom reporting. Thanks for the suggestion!