Re: [BUG] kmemcg limit defeats __GFP_NOFAIL allocation

From: Thomas Lindroth <thomas.lindroth@gmail.com>
To: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>,
	Michal Hocko <mhocko@kernel.org>
Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>, linux-mm@kvack.org
Subject: Re: [BUG] kmemcg limit defeats __GFP_NOFAIL allocation
Date: Fri, 6 Sep 2019 01:11:53 +0200	[thread overview]
Message-ID: <16fdbf78-3cf4-81cf-2a73-d38cb66afc17@gmail.com> (raw)
In-Reply-To: <405ce28b-c0b4-780c-c883-42d741ec60e0@i-love.sakura.ne.jp>

On 9/4/19 6:39 PM, Tetsuo Handa wrote:
> On 2019/09/04 23:29, Michal Hocko wrote:
>> Ohh, right. We are trying to uncharge something that hasn't been charged
>> because page_counter_try_charge has failed. So the fix needs to be more
>> involved. Sorry, I should have realized that.
> 
> OK. Survived the test. Thomas, please try.
> 
>> ---
>> diff --git a/mm/memcontrol.c b/mm/memcontrol.c
>> index 9ec5e12486a7..e18108b2b786 100644
>> --- a/mm/memcontrol.c
>> +++ b/mm/memcontrol.c
>> @@ -2821,6 +2821,16 @@ int __memcg_kmem_charge_memcg(struct page *page, gfp_t gfp, int order,
>>   
>>   	if (!cgroup_subsys_on_dfl(memory_cgrp_subsys) &&
>>   	    !page_counter_try_charge(&memcg->kmem, nr_pages, &counter)) {
>> +
>> +		/*
>> +		 * Enforce __GFP_NOFAIL allocation because callers are not
>> +		 * prepared to see failures and likely do not have any failure
>> +		 * handling code.
>> +		 */
>> +		if (gfp & __GFP_NOFAIL) {
>> +			page_counter_charge(&memcg->kmem, nr_pages);
>> +			return 0;
>> +		}
>>   		cancel_charge(memcg, nr_pages);
>>   		return -ENOMEM;
>>   	}
>>

I tried the patch with 5.2.11 and wasn't able to trigger any null pointer
deref crashes with it. Testing is tricky because the OOM killer will still
run and eventually kill bash and whatever runs in the cgroup.

I backported the patch to 4.19.69 and ran the chromium build like before
but this time I couldn't trigger any system crashes.