Re: [PATCH 03/13] mm: shmem: provide oom badness for shmem files

From: Christian König
Date: Fri Jun 10 2022 - 08:17:44 EST

Next message: David Laight: "RE: [PATCH v2 1/6] ia64, processor: fix -Wincompatible-pointer-types in ia64_get_irr()"
Previous message: Ulf Hansson: "Re: [PATCH v1 15/16] ACPI / MMC: PM: Unify fixing up device power"
In reply to: Michal Hocko: "Re: [PATCH 03/13] mm: shmem: provide oom badness for shmem files"
Next in thread: Michal Hocko: "Re: [PATCH 03/13] mm: shmem: provide oom badness for shmem files"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Am 10.06.22 um 13:44 schrieb Michal Hocko:

On Fri 10-06-22 12:58:53, Christian König wrote:
[SNIP]

I do realize this is a long term problem and there is a demand for some
solution at least. I am not sure how to deal with shared resources
myself. The best approximation I can come up with is to limit the scope
of the damage into a memcg context. One idea I was playing with (but
never convinced myself it is really a worth) is to allow a new mode of
the oom victim selection for the global oom event.

And just for the clarity. I have mentioned global oom event here but the
concept could be extended to per-memcg oom killer as well.

Then what exactly do you mean with "limiting the scope of the damage"? Cause that doesn't make sense without memcg.

It would be an opt in
and the victim would be selected from the biggest leaf memcg (or kill
the whole memcg if it has group_oom configured.

That would address at least some of the accounting issue because charges
are better tracked than per process memory consumption. It is a crude
and ugly hack and it doesn't solve the underlying problem as shared
resources are not guaranteed to be freed when processes die but maybe it
would be just slightly better than the existing scheme which is clearly
lacking behind existing userspace.

Well, what is so bad at the approach of giving each process holding a
reference to some shared memory it's equal amount of badness even when the
processes belong to different memory control groups?

I am not claiming this is wrong per se. It is just an approximation and
it can surely be wrong in some cases (e.g. in those workloads where the
share memory is mostly owned by one process while the shared content is
consumed by many).

Yeah, completely agree. Basically we can only do an educated guess.

Key point is that we should do the most educated guess we can and not just try to randomly kill something until we hit the right target. That's essentially what's happening today.

The primary question is whether it actually helps much or what kind of
scenarios it can help with and whether we can actually do better for
those.

Well, it does help massively with a standard Linux desktop and GPU workloads (e.g. games).

See what currently happens is that when games allocate for example textures the memory for that is not accounted against that game. Instead it's usually the display server (X or Wayland) which most of the shared resources accounts to because it needs to compose a desktop from it and usually also mmaps it for fallback CPU operations.

So what happens when a games over allocates texture resources is that your whole desktop restarts because the compositor is killed. This obviously also kills the game, but it would be much nice if we would be more selective here.

For hardware rendering DMA-buf and GPU drivers are used, but for the software fallback shmem files is what is used under the hood as far as I know. And the underlying problem is the same for both.

Also do not forget that shared file memory is not the only thing
to care about. What about the kernel memory used on behalf of processes?

Yeah, I'm aware of that as well. But at least inside the GPU drivers we try to keep that in a reasonable ratio.

Just consider the above mentioned memcg driven model. It doesn't really
require to chase specific files and do some arbitrary math to share the
responsibility. It has a clear accounting and responsibility model.

Ok, how does that work then?

It shares the same underlying problem that the oom killing is not
resource aware and therefore there is no guarantee that memory really
gets freed. But it allows sane configurations where shared resources do
not cross memcg boundaries at least. With that in mind and oom_cgroup
semantic you can get at least some semi-sane guarantees. Is it
pefect? No, by any means. But I would expect it to be more predictable.

Maybe we can come up with a saner model, but just going with per file
stats sounds like a hard to predict and debug approach to me. OOM
killing is a very disruptive operation and having random tasks killed
just because they have mapped few pages from a shared resource sounds
like a terrible thing to debug and explain to users.

Well to be honest I think it's much saner than what we do today.

As I said you currently can get any Linux system down within seconds and that's basically a perfect deny of service attack.

If you really think that this would be a hard problem for upstreaming we
could as well keep the behavior for memcg as it is for now. We would just
need to adjust the paramters to oom_badness() a bit.

Say we ignore the memcg side of things for now. How does it help long
term? Special casing the global oom is not all that hard but any future
change would very likely be disruptive with some semantic implications
AFAICS.

What else can we do? I mean the desktop instability we are facing is really massive.

Regards,
Christian.

Next message: David Laight: "RE: [PATCH v2 1/6] ia64, processor: fix -Wincompatible-pointer-types in ia64_get_irr()"
Previous message: Ulf Hansson: "Re: [PATCH v1 15/16] ACPI / MMC: PM: Unify fixing up device power"
In reply to: Michal Hocko: "Re: [PATCH 03/13] mm: shmem: provide oom badness for shmem files"
Next in thread: Michal Hocko: "Re: [PATCH 03/13] mm: shmem: provide oom badness for shmem files"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]