[v2,1/1] mm, oom_adj: don't loop through tasks in __set_oom_adj when not necessary

Commit Message

Suren Baghdasaryan Aug. 24, 2020, 3:30 p.m. UTC

Currently __set_oom_adj loops through all processes in the system to
keep oom_score_adj and oom_score_adj_min in sync between processes
sharing their mm. This is done for any task with more that one mm_users,
which includes processes with multiple threads (sharing mm and signals).
However for such processes the loop is unnecessary because their signal
structure is shared as well.
Android updates oom_score_adj whenever a tasks changes its role
(background/foreground/...) or binds to/unbinds from a service, making
it more/less important. Such operation can happen frequently.
We noticed that updates to oom_score_adj became more expensive and after
further investigation found out that the patch mentioned in "Fixes"
introduced a regression. Using Pixel 4 with a typical Android workload,
write time to oom_score_adj increased from ~3.57us to ~362us. Moreover
this regression linearly depends on the number of multi-threaded
processes running on the system.
Mark the mm with a new MMF_PROC_SHARED flag bit when task is created with
(CLONE_VM && !CLONE_THREAD && !CLONE_VFORK). Change __set_oom_adj to use
MMF_PROC_SHARED instead of mm_users to decide whether oom_score_adj
update should be synchronized between multiple processes. To prevent
races between clone() and __set_oom_adj(), when oom_score_adj of the
process being cloned might be modified from userspace, we use
oom_adj_mutex. Its scope is changed to global and it is renamed into
oom_adj_lock for naming consistency with oom_lock. The combination of
(CLONE_VM && !CLONE_THREAD) is rarely used except for the case of vfork().
To prevent performance regressions of vfork(), we skip taking oom_adj_lock
and setting MMF_PROC_SHARED when CLONE_VFORK is specified. Clearing the
MMF_PROC_SHARED flag (when the last process sharing the mm exits) is left
out of this patch to keep it simple and because it is believed that this
threading model is rare. Should there ever be a need for optimizing that
case as well, it can be done by hooking into the exit path, likely
following the mm_update_next_owner pattern.
With the combination of (CLONE_VM && !CLONE_THREAD && !CLONE_VFORK) being
quite rare, the regression is gone after the change is applied.

Fixes: 44a70adec910 ("mm, oom_adj: make sure processes sharing mm have same view of oom_score_adj")
Reported-by: Tim Murray <timmurray@google.com>
Debugged-by: Minchan Kim <minchan@kernel.org>
Suggested-by: Michal Hocko <mhocko@kernel.org>
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
---

v2:
- Implemented proposal from Michal Hocko in:
https://lore.kernel.org/linux-fsdevel/20200820124109.GI5033@dhcp22.suse.cz/
- Updated description to reflect the change

v1:
- https://lore.kernel.org/linux-mm/20200820002053.1424000-1-surenb@google.com/

 fs/proc/base.c                 |  7 +++----
 include/linux/oom.h            |  1 +
 include/linux/sched/coredump.h |  1 +
 kernel/fork.c                  | 21 +++++++++++++++++++++
 mm/oom_kill.c                  |  2 ++
 5 files changed, 28 insertions(+), 4 deletions(-)

Comments

Christian Brauner Aug. 25, 2020, 11:15 a.m. UTC | #1

On Mon, Aug 24, 2020 at 08:30:36AM -0700, Suren Baghdasaryan wrote:
> Currently __set_oom_adj loops through all processes in the system to
> keep oom_score_adj and oom_score_adj_min in sync between processes
> sharing their mm. This is done for any task with more that one mm_users,
> which includes processes with multiple threads (sharing mm and signals).
> However for such processes the loop is unnecessary because their signal
> structure is shared as well.
> Android updates oom_score_adj whenever a tasks changes its role
> (background/foreground/...) or binds to/unbinds from a service, making
> it more/less important. Such operation can happen frequently.
> We noticed that updates to oom_score_adj became more expensive and after
> further investigation found out that the patch mentioned in "Fixes"
> introduced a regression. Using Pixel 4 with a typical Android workload,
> write time to oom_score_adj increased from ~3.57us to ~362us. Moreover
> this regression linearly depends on the number of multi-threaded
> processes running on the system.
> Mark the mm with a new MMF_PROC_SHARED flag bit when task is created with
> (CLONE_VM && !CLONE_THREAD && !CLONE_VFORK). Change __set_oom_adj to use
> MMF_PROC_SHARED instead of mm_users to decide whether oom_score_adj
> update should be synchronized between multiple processes. To prevent
> races between clone() and __set_oom_adj(), when oom_score_adj of the
> process being cloned might be modified from userspace, we use
> oom_adj_mutex. Its scope is changed to global and it is renamed into
> oom_adj_lock for naming consistency with oom_lock. The combination of
> (CLONE_VM && !CLONE_THREAD) is rarely used except for the case of vfork().
> To prevent performance regressions of vfork(), we skip taking oom_adj_lock
> and setting MMF_PROC_SHARED when CLONE_VFORK is specified. Clearing the
> MMF_PROC_SHARED flag (when the last process sharing the mm exits) is left
> out of this patch to keep it simple and because it is believed that this
> threading model is rare. Should there ever be a need for optimizing that
> case as well, it can be done by hooking into the exit path, likely
> following the mm_update_next_owner pattern.
> With the combination of (CLONE_VM && !CLONE_THREAD && !CLONE_VFORK) being
> quite rare, the regression is gone after the change is applied.
> 
> Fixes: 44a70adec910 ("mm, oom_adj: make sure processes sharing mm have same view of oom_score_adj")
> Reported-by: Tim Murray <timmurray@google.com>
> Debugged-by: Minchan Kim <minchan@kernel.org>
> Suggested-by: Michal Hocko <mhocko@kernel.org>
> Signed-off-by: Suren Baghdasaryan <surenb@google.com>
> ---
> 
> v2:
> - Implemented proposal from Michal Hocko in:
> https://lore.kernel.org/linux-fsdevel/20200820124109.GI5033@dhcp22.suse.cz/
> - Updated description to reflect the change
> 
> v1:
> - https://lore.kernel.org/linux-mm/20200820002053.1424000-1-surenb@google.com/
> 
>  fs/proc/base.c                 |  7 +++----
>  include/linux/oom.h            |  1 +
>  include/linux/sched/coredump.h |  1 +
>  kernel/fork.c                  | 21 +++++++++++++++++++++
>  mm/oom_kill.c                  |  2 ++
>  5 files changed, 28 insertions(+), 4 deletions(-)
> 
> diff --git a/fs/proc/base.c b/fs/proc/base.c
> index 617db4e0faa0..cff1a58a236c 100644
> --- a/fs/proc/base.c
> +++ b/fs/proc/base.c
> @@ -1055,7 +1055,6 @@ static ssize_t oom_adj_read(struct file *file, char __user *buf, size_t count,
>  
>  static int __set_oom_adj(struct file *file, int oom_adj, bool legacy)
>  {
> -	static DEFINE_MUTEX(oom_adj_mutex);
>  	struct mm_struct *mm = NULL;
>  	struct task_struct *task;
>  	int err = 0;
> @@ -1064,7 +1063,7 @@ static int __set_oom_adj(struct file *file, int oom_adj, bool legacy)
>  	if (!task)
>  		return -ESRCH;
>  
> -	mutex_lock(&oom_adj_mutex);
> +	mutex_lock(&oom_adj_lock);
>  	if (legacy) {
>  		if (oom_adj < task->signal->oom_score_adj &&
>  				!capable(CAP_SYS_RESOURCE)) {
> @@ -1095,7 +1094,7 @@ static int __set_oom_adj(struct file *file, int oom_adj, bool legacy)
>  		struct task_struct *p = find_lock_task_mm(task);
>  
>  		if (p) {
> -			if (atomic_read(&p->mm->mm_users) > 1) {
> +			if (test_bit(MMF_PROC_SHARED, &p->mm->flags)) {
>  				mm = p->mm;
>  				mmgrab(mm);
>  			}
> @@ -1132,7 +1131,7 @@ static int __set_oom_adj(struct file *file, int oom_adj, bool legacy)
>  		mmdrop(mm);
>  	}
>  err_unlock:
> -	mutex_unlock(&oom_adj_mutex);
> +	mutex_unlock(&oom_adj_lock);
>  	put_task_struct(task);
>  	return err;
>  }
> diff --git a/include/linux/oom.h b/include/linux/oom.h
> index f022f581ac29..861f22bd4706 100644
> --- a/include/linux/oom.h
> +++ b/include/linux/oom.h
> @@ -55,6 +55,7 @@ struct oom_control {
>  };
>  
>  extern struct mutex oom_lock;
> +extern struct mutex oom_adj_lock;
>  
>  static inline void set_current_oom_origin(void)
>  {
> diff --git a/include/linux/sched/coredump.h b/include/linux/sched/coredump.h
> index ecdc6542070f..070629b722df 100644
> --- a/include/linux/sched/coredump.h
> +++ b/include/linux/sched/coredump.h
> @@ -72,6 +72,7 @@ static inline int get_dumpable(struct mm_struct *mm)
>  #define MMF_DISABLE_THP		24	/* disable THP for all VMAs */
>  #define MMF_OOM_VICTIM		25	/* mm is the oom victim */
>  #define MMF_OOM_REAP_QUEUED	26	/* mm was queued for oom_reaper */
> +#define MMF_PROC_SHARED	27	/* mm is shared while sighand is not */
>  #define MMF_DISABLE_THP_MASK	(1 << MMF_DISABLE_THP)
>  
>  #define MMF_INIT_MASK		(MMF_DUMPABLE_MASK | MMF_DUMP_FILTER_MASK |\
> diff --git a/kernel/fork.c b/kernel/fork.c
> index 4d32190861bd..6fce8ffa9b8b 100644
> --- a/kernel/fork.c
> +++ b/kernel/fork.c
> @@ -1809,6 +1809,25 @@ static __always_inline void delayed_free_task(struct task_struct *tsk)
>  		free_task(tsk);
>  }
>  
> +static void copy_oom_score_adj(u64 clone_flags, struct task_struct *tsk)
> +{
> +	/* Skip if kernel thread */
> +	if (!tsk->mm)
> +		return;

Hm, wouldn't 

	if (tsk->flags & PF_KTHREAD)
		return;

be clearer and more future proof?

Christian

Suren Baghdasaryan Aug. 25, 2020, 2:24 p.m. UTC | #2

On Tue, Aug 25, 2020 at 4:15 AM Christian Brauner
<christian.brauner@ubuntu.com> wrote:
>
> On Mon, Aug 24, 2020 at 08:30:36AM -0700, Suren Baghdasaryan wrote:
> > Currently __set_oom_adj loops through all processes in the system to
> > keep oom_score_adj and oom_score_adj_min in sync between processes
> > sharing their mm. This is done for any task with more that one mm_users,
> > which includes processes with multiple threads (sharing mm and signals).
> > However for such processes the loop is unnecessary because their signal
> > structure is shared as well.
> > Android updates oom_score_adj whenever a tasks changes its role
> > (background/foreground/...) or binds to/unbinds from a service, making
> > it more/less important. Such operation can happen frequently.
> > We noticed that updates to oom_score_adj became more expensive and after
> > further investigation found out that the patch mentioned in "Fixes"
> > introduced a regression. Using Pixel 4 with a typical Android workload,
> > write time to oom_score_adj increased from ~3.57us to ~362us. Moreover
> > this regression linearly depends on the number of multi-threaded
> > processes running on the system.
> > Mark the mm with a new MMF_PROC_SHARED flag bit when task is created with
> > (CLONE_VM && !CLONE_THREAD && !CLONE_VFORK). Change __set_oom_adj to use
> > MMF_PROC_SHARED instead of mm_users to decide whether oom_score_adj
> > update should be synchronized between multiple processes. To prevent
> > races between clone() and __set_oom_adj(), when oom_score_adj of the
> > process being cloned might be modified from userspace, we use
> > oom_adj_mutex. Its scope is changed to global and it is renamed into
> > oom_adj_lock for naming consistency with oom_lock. The combination of
> > (CLONE_VM && !CLONE_THREAD) is rarely used except for the case of vfork().
> > To prevent performance regressions of vfork(), we skip taking oom_adj_lock
> > and setting MMF_PROC_SHARED when CLONE_VFORK is specified. Clearing the
> > MMF_PROC_SHARED flag (when the last process sharing the mm exits) is left
> > out of this patch to keep it simple and because it is believed that this
> > threading model is rare. Should there ever be a need for optimizing that
> > case as well, it can be done by hooking into the exit path, likely
> > following the mm_update_next_owner pattern.
> > With the combination of (CLONE_VM && !CLONE_THREAD && !CLONE_VFORK) being
> > quite rare, the regression is gone after the change is applied.
> >
> > Fixes: 44a70adec910 ("mm, oom_adj: make sure processes sharing mm have same view of oom_score_adj")
> > Reported-by: Tim Murray <timmurray@google.com>
> > Debugged-by: Minchan Kim <minchan@kernel.org>
> > Suggested-by: Michal Hocko <mhocko@kernel.org>
> > Signed-off-by: Suren Baghdasaryan <surenb@google.com>
> > ---
> >
> > v2:
> > - Implemented proposal from Michal Hocko in:
> > https://lore.kernel.org/linux-fsdevel/20200820124109.GI5033@dhcp22.suse.cz/
> > - Updated description to reflect the change
> >
> > v1:
> > - https://lore.kernel.org/linux-mm/20200820002053.1424000-1-surenb@google.com/
> >
> >  fs/proc/base.c                 |  7 +++----
> >  include/linux/oom.h            |  1 +
> >  include/linux/sched/coredump.h |  1 +
> >  kernel/fork.c                  | 21 +++++++++++++++++++++
> >  mm/oom_kill.c                  |  2 ++
> >  5 files changed, 28 insertions(+), 4 deletions(-)
> >
> > diff --git a/fs/proc/base.c b/fs/proc/base.c
> > index 617db4e0faa0..cff1a58a236c 100644
> > --- a/fs/proc/base.c
> > +++ b/fs/proc/base.c
> > @@ -1055,7 +1055,6 @@ static ssize_t oom_adj_read(struct file *file, char __user *buf, size_t count,
> >
> >  static int __set_oom_adj(struct file *file, int oom_adj, bool legacy)
> >  {
> > -     static DEFINE_MUTEX(oom_adj_mutex);
> >       struct mm_struct *mm = NULL;
> >       struct task_struct *task;
> >       int err = 0;
> > @@ -1064,7 +1063,7 @@ static int __set_oom_adj(struct file *file, int oom_adj, bool legacy)
> >       if (!task)
> >               return -ESRCH;
> >
> > -     mutex_lock(&oom_adj_mutex);
> > +     mutex_lock(&oom_adj_lock);
> >       if (legacy) {
> >               if (oom_adj < task->signal->oom_score_adj &&
> >                               !capable(CAP_SYS_RESOURCE)) {
> > @@ -1095,7 +1094,7 @@ static int __set_oom_adj(struct file *file, int oom_adj, bool legacy)
> >               struct task_struct *p = find_lock_task_mm(task);
> >
> >               if (p) {
> > -                     if (atomic_read(&p->mm->mm_users) > 1) {
> > +                     if (test_bit(MMF_PROC_SHARED, &p->mm->flags)) {
> >                               mm = p->mm;
> >                               mmgrab(mm);
> >                       }
> > @@ -1132,7 +1131,7 @@ static int __set_oom_adj(struct file *file, int oom_adj, bool legacy)
> >               mmdrop(mm);
> >       }
> >  err_unlock:
> > -     mutex_unlock(&oom_adj_mutex);
> > +     mutex_unlock(&oom_adj_lock);
> >       put_task_struct(task);
> >       return err;
> >  }
> > diff --git a/include/linux/oom.h b/include/linux/oom.h
> > index f022f581ac29..861f22bd4706 100644
> > --- a/include/linux/oom.h
> > +++ b/include/linux/oom.h
> > @@ -55,6 +55,7 @@ struct oom_control {
> >  };
> >
> >  extern struct mutex oom_lock;
> > +extern struct mutex oom_adj_lock;
> >
> >  static inline void set_current_oom_origin(void)
> >  {
> > diff --git a/include/linux/sched/coredump.h b/include/linux/sched/coredump.h
> > index ecdc6542070f..070629b722df 100644
> > --- a/include/linux/sched/coredump.h
> > +++ b/include/linux/sched/coredump.h
> > @@ -72,6 +72,7 @@ static inline int get_dumpable(struct mm_struct *mm)
> >  #define MMF_DISABLE_THP              24      /* disable THP for all VMAs */
> >  #define MMF_OOM_VICTIM               25      /* mm is the oom victim */
> >  #define MMF_OOM_REAP_QUEUED  26      /* mm was queued for oom_reaper */
> > +#define MMF_PROC_SHARED      27      /* mm is shared while sighand is not */
> >  #define MMF_DISABLE_THP_MASK (1 << MMF_DISABLE_THP)
> >
> >  #define MMF_INIT_MASK                (MMF_DUMPABLE_MASK | MMF_DUMP_FILTER_MASK |\
> > diff --git a/kernel/fork.c b/kernel/fork.c
> > index 4d32190861bd..6fce8ffa9b8b 100644
> > --- a/kernel/fork.c
> > +++ b/kernel/fork.c
> > @@ -1809,6 +1809,25 @@ static __always_inline void delayed_free_task(struct task_struct *tsk)
> >               free_task(tsk);
> >  }
> >
> > +static void copy_oom_score_adj(u64 clone_flags, struct task_struct *tsk)
> > +{
> > +     /* Skip if kernel thread */
> > +     if (!tsk->mm)
> > +             return;
>
> Hm, wouldn't
>
>         if (tsk->flags & PF_KTHREAD)
>                 return;
>
> be clearer and more future proof?

The check follows a similar pattern from copy_mm to detect when we are
cloning a kernel thread. Also IMHO this is a more obvious way to
protect from dereferencing a NULL tsk->mm, which is the important
point here. I can change or remove the comment if that makes things
more clear. Please LMK if that would help.

>
> Christian

Oleg Nesterov Aug. 25, 2020, 2:35 p.m. UTC | #3

On 08/24, Suren Baghdasaryan wrote:
>
> v2:
> - Implemented proposal from Michal Hocko in:
> https://lore.kernel.org/linux-fsdevel/20200820124109.GI5033@dhcp22.suse.cz/
> - Updated description to reflect the change

Looks good to me,

Oleg.

Christian Brauner Aug. 25, 2020, 2:40 p.m. UTC | #4

On Tue, Aug 25, 2020 at 07:24:34AM -0700, Suren Baghdasaryan wrote:
> On Tue, Aug 25, 2020 at 4:15 AM Christian Brauner
> <christian.brauner@ubuntu.com> wrote:
> >
> > On Mon, Aug 24, 2020 at 08:30:36AM -0700, Suren Baghdasaryan wrote:
> > > Currently __set_oom_adj loops through all processes in the system to
> > > keep oom_score_adj and oom_score_adj_min in sync between processes
> > > sharing their mm. This is done for any task with more that one mm_users,
> > > which includes processes with multiple threads (sharing mm and signals).
> > > However for such processes the loop is unnecessary because their signal
> > > structure is shared as well.
> > > Android updates oom_score_adj whenever a tasks changes its role
> > > (background/foreground/...) or binds to/unbinds from a service, making
> > > it more/less important. Such operation can happen frequently.
> > > We noticed that updates to oom_score_adj became more expensive and after
> > > further investigation found out that the patch mentioned in "Fixes"
> > > introduced a regression. Using Pixel 4 with a typical Android workload,
> > > write time to oom_score_adj increased from ~3.57us to ~362us. Moreover
> > > this regression linearly depends on the number of multi-threaded
> > > processes running on the system.
> > > Mark the mm with a new MMF_PROC_SHARED flag bit when task is created with
> > > (CLONE_VM && !CLONE_THREAD && !CLONE_VFORK). Change __set_oom_adj to use
> > > MMF_PROC_SHARED instead of mm_users to decide whether oom_score_adj
> > > update should be synchronized between multiple processes. To prevent
> > > races between clone() and __set_oom_adj(), when oom_score_adj of the
> > > process being cloned might be modified from userspace, we use
> > > oom_adj_mutex. Its scope is changed to global and it is renamed into
> > > oom_adj_lock for naming consistency with oom_lock. The combination of
> > > (CLONE_VM && !CLONE_THREAD) is rarely used except for the case of vfork().
> > > To prevent performance regressions of vfork(), we skip taking oom_adj_lock
> > > and setting MMF_PROC_SHARED when CLONE_VFORK is specified. Clearing the
> > > MMF_PROC_SHARED flag (when the last process sharing the mm exits) is left
> > > out of this patch to keep it simple and because it is believed that this
> > > threading model is rare. Should there ever be a need for optimizing that
> > > case as well, it can be done by hooking into the exit path, likely
> > > following the mm_update_next_owner pattern.
> > > With the combination of (CLONE_VM && !CLONE_THREAD && !CLONE_VFORK) being
> > > quite rare, the regression is gone after the change is applied.
> > >
> > > Fixes: 44a70adec910 ("mm, oom_adj: make sure processes sharing mm have same view of oom_score_adj")
> > > Reported-by: Tim Murray <timmurray@google.com>
> > > Debugged-by: Minchan Kim <minchan@kernel.org>
> > > Suggested-by: Michal Hocko <mhocko@kernel.org>
> > > Signed-off-by: Suren Baghdasaryan <surenb@google.com>
> > > ---
> > >
> > > v2:
> > > - Implemented proposal from Michal Hocko in:
> > > https://lore.kernel.org/linux-fsdevel/20200820124109.GI5033@dhcp22.suse.cz/
> > > - Updated description to reflect the change
> > >
> > > v1:
> > > - https://lore.kernel.org/linux-mm/20200820002053.1424000-1-surenb@google.com/
> > >
> > >  fs/proc/base.c                 |  7 +++----
> > >  include/linux/oom.h            |  1 +
> > >  include/linux/sched/coredump.h |  1 +
> > >  kernel/fork.c                  | 21 +++++++++++++++++++++
> > >  mm/oom_kill.c                  |  2 ++
> > >  5 files changed, 28 insertions(+), 4 deletions(-)
> > >
> > > diff --git a/fs/proc/base.c b/fs/proc/base.c
> > > index 617db4e0faa0..cff1a58a236c 100644
> > > --- a/fs/proc/base.c
> > > +++ b/fs/proc/base.c
> > > @@ -1055,7 +1055,6 @@ static ssize_t oom_adj_read(struct file *file, char __user *buf, size_t count,
> > >
> > >  static int __set_oom_adj(struct file *file, int oom_adj, bool legacy)
> > >  {
> > > -     static DEFINE_MUTEX(oom_adj_mutex);
> > >       struct mm_struct *mm = NULL;
> > >       struct task_struct *task;
> > >       int err = 0;
> > > @@ -1064,7 +1063,7 @@ static int __set_oom_adj(struct file *file, int oom_adj, bool legacy)
> > >       if (!task)
> > >               return -ESRCH;
> > >
> > > -     mutex_lock(&oom_adj_mutex);
> > > +     mutex_lock(&oom_adj_lock);
> > >       if (legacy) {
> > >               if (oom_adj < task->signal->oom_score_adj &&
> > >                               !capable(CAP_SYS_RESOURCE)) {
> > > @@ -1095,7 +1094,7 @@ static int __set_oom_adj(struct file *file, int oom_adj, bool legacy)
> > >               struct task_struct *p = find_lock_task_mm(task);
> > >
> > >               if (p) {
> > > -                     if (atomic_read(&p->mm->mm_users) > 1) {
> > > +                     if (test_bit(MMF_PROC_SHARED, &p->mm->flags)) {
> > >                               mm = p->mm;
> > >                               mmgrab(mm);
> > >                       }
> > > @@ -1132,7 +1131,7 @@ static int __set_oom_adj(struct file *file, int oom_adj, bool legacy)
> > >               mmdrop(mm);
> > >       }
> > >  err_unlock:
> > > -     mutex_unlock(&oom_adj_mutex);
> > > +     mutex_unlock(&oom_adj_lock);
> > >       put_task_struct(task);
> > >       return err;
> > >  }
> > > diff --git a/include/linux/oom.h b/include/linux/oom.h
> > > index f022f581ac29..861f22bd4706 100644
> > > --- a/include/linux/oom.h
> > > +++ b/include/linux/oom.h
> > > @@ -55,6 +55,7 @@ struct oom_control {
> > >  };
> > >
> > >  extern struct mutex oom_lock;
> > > +extern struct mutex oom_adj_lock;
> > >
> > >  static inline void set_current_oom_origin(void)
> > >  {
> > > diff --git a/include/linux/sched/coredump.h b/include/linux/sched/coredump.h
> > > index ecdc6542070f..070629b722df 100644
> > > --- a/include/linux/sched/coredump.h
> > > +++ b/include/linux/sched/coredump.h
> > > @@ -72,6 +72,7 @@ static inline int get_dumpable(struct mm_struct *mm)
> > >  #define MMF_DISABLE_THP              24      /* disable THP for all VMAs */
> > >  #define MMF_OOM_VICTIM               25      /* mm is the oom victim */
> > >  #define MMF_OOM_REAP_QUEUED  26      /* mm was queued for oom_reaper */
> > > +#define MMF_PROC_SHARED      27      /* mm is shared while sighand is not */
> > >  #define MMF_DISABLE_THP_MASK (1 << MMF_DISABLE_THP)
> > >
> > >  #define MMF_INIT_MASK                (MMF_DUMPABLE_MASK | MMF_DUMP_FILTER_MASK |\
> > > diff --git a/kernel/fork.c b/kernel/fork.c
> > > index 4d32190861bd..6fce8ffa9b8b 100644
> > > --- a/kernel/fork.c
> > > +++ b/kernel/fork.c
> > > @@ -1809,6 +1809,25 @@ static __always_inline void delayed_free_task(struct task_struct *tsk)
> > >               free_task(tsk);
> > >  }
> > >
> > > +static void copy_oom_score_adj(u64 clone_flags, struct task_struct *tsk)
> > > +{
> > > +     /* Skip if kernel thread */
> > > +     if (!tsk->mm)
> > > +             return;
> >
> > Hm, wouldn't
> >
> >         if (tsk->flags & PF_KTHREAD)
> >                 return;
> >
> > be clearer and more future proof?
> 
> The check follows a similar pattern from copy_mm to detect when we are

Ah cool. Was mostly interest not me asking for a change. :)
This looks like a simple enough fix now. Fwiw:
Acked-by: Christian Brauner <christian.brauner@ubuntu.com>

Thanks!
Christian

Michal Hocko Aug. 25, 2020, 3:05 p.m. UTC | #5

On Mon 24-08-20 08:30:36, Suren Baghdasaryan wrote:
> Currently __set_oom_adj loops through all processes in the system to
> keep oom_score_adj and oom_score_adj_min in sync between processes
> sharing their mm. This is done for any task with more that one mm_users,
> which includes processes with multiple threads (sharing mm and signals).
> However for such processes the loop is unnecessary because their signal
> structure is shared as well.
> Android updates oom_score_adj whenever a tasks changes its role
> (background/foreground/...) or binds to/unbinds from a service, making
> it more/less important. Such operation can happen frequently.
> We noticed that updates to oom_score_adj became more expensive and after
> further investigation found out that the patch mentioned in "Fixes"
> introduced a regression. Using Pixel 4 with a typical Android workload,
> write time to oom_score_adj increased from ~3.57us to ~362us. Moreover
> this regression linearly depends on the number of multi-threaded
> processes running on the system.
> Mark the mm with a new MMF_PROC_SHARED flag bit when task is created with
> (CLONE_VM && !CLONE_THREAD && !CLONE_VFORK). Change __set_oom_adj to use
> MMF_PROC_SHARED instead of mm_users to decide whether oom_score_adj
> update should be synchronized between multiple processes. To prevent
> races between clone() and __set_oom_adj(), when oom_score_adj of the
> process being cloned might be modified from userspace, we use
> oom_adj_mutex. Its scope is changed to global and it is renamed into
> oom_adj_lock for naming consistency with oom_lock. The combination of
> (CLONE_VM && !CLONE_THREAD) is rarely used except for the case of vfork().
> To prevent performance regressions of vfork(), we skip taking oom_adj_lock
> and setting MMF_PROC_SHARED when CLONE_VFORK is specified. Clearing the
> MMF_PROC_SHARED flag (when the last process sharing the mm exits) is left
> out of this patch to keep it simple and because it is believed that this
> threading model is rare. Should there ever be a need for optimizing that
> case as well, it can be done by hooking into the exit path, likely
> following the mm_update_next_owner pattern.
> With the combination of (CLONE_VM && !CLONE_THREAD && !CLONE_VFORK) being
> quite rare, the regression is gone after the change is applied.
> 
> Fixes: 44a70adec910 ("mm, oom_adj: make sure processes sharing mm have same view of oom_score_adj")
> Reported-by: Tim Murray <timmurray@google.com>
> Debugged-by: Minchan Kim <minchan@kernel.org>
> Suggested-by: Michal Hocko <mhocko@kernel.org>
> Signed-off-by: Suren Baghdasaryan <surenb@google.com>

Acked-by: Michal Hocko <mhocko@suse.com>

I hope we can build on top of this and move oom_core* stuff to the
mm_struct to remove all this cruft but I still think that this is
conceptually easier to backport to older kernels than a completely new
approach.

Btw. now that the flag is in place we can optimize __oom_kill_process as
well. Not that this particular path is performance sensitive. But it
could show up in group oom killing in memcgs. It should be as simple as
(I can prepare an official patch unless somebody beat me to it)

diff --git a/mm/oom_kill.c b/mm/oom_kill.c
index c22f07c986cb..04cf958d0c29 100644
--- a/mm/oom_kill.c
+++ b/mm/oom_kill.c
@@ -906,29 +906,31 @@ static void __oom_kill_process(struct task_struct *victim, const char *message)
 	 * That thread will now get access to memory reserves since it has a
 	 * pending fatal signal.
 	 */
-	rcu_read_lock();
-	for_each_process(p) {
-		if (!process_shares_mm(p, mm))
-			continue;
-		if (same_thread_group(p, victim))
-			continue;
-		if (is_global_init(p)) {
-			can_oom_reap = false;
-			set_bit(MMF_OOM_SKIP, &mm->flags);
-			pr_info("oom killer %d (%s) has mm pinned by %d (%s)\n",
-					task_pid_nr(victim), victim->comm,
-					task_pid_nr(p), p->comm);
-			continue;
+	if (test_bit(MMF_PROC_SHARED, &p->mm->flags)) {
+		rcu_read_lock();
+		for_each_process(p) {
+			if (!process_shares_mm(p, mm))
+				continue;
+			if (same_thread_group(p, victim))
+				continue;
+			if (is_global_init(p)) {
+				can_oom_reap = false;
+				set_bit(MMF_OOM_SKIP, &mm->flags);
+				pr_info("oom killer %d (%s) has mm pinned by %d (%s)\n",
+						task_pid_nr(victim), victim->comm,
+						task_pid_nr(p), p->comm);
+				continue;
+			}
+			/*
+			 * No kthead_use_mm() user needs to read from the userspace so
+			 * we are ok to reap it.
+			 */
+			if (unlikely(p->flags & PF_KTHREAD))
+				continue;
+			do_send_sig_info(SIGKILL, SEND_SIG_PRIV, p, PIDTYPE_TGID);
 		}
-		/*
-		 * No kthead_use_mm() user needs to read from the userspace so
-		 * we are ok to reap it.
-		 */
-		if (unlikely(p->flags & PF_KTHREAD))
-			continue;
-		do_send_sig_info(SIGKILL, SEND_SIG_PRIV, p, PIDTYPE_TGID);
+		rcu_read_unlock();
 	}
-	rcu_read_unlock();
 
 	if (can_oom_reap)
 		wake_oom_reaper(victim);

Oleg Nesterov Aug. 25, 2020, 3:44 p.m. UTC | #6

On 08/25, Michal Hocko wrote:
>
> Btw. now that the flag is in place we can optimize __oom_kill_process as
> well.

and zap_threads().

Oleg.

Eric W. Biederman Aug. 25, 2020, 4:34 p.m. UTC | #7

Suren Baghdasaryan <surenb@google.com> writes:

> Currently __set_oom_adj loops through all processes in the system to
> keep oom_score_adj and oom_score_adj_min in sync between processes
> sharing their mm. This is done for any task with more that one mm_users,
> which includes processes with multiple threads (sharing mm and signals).
> However for such processes the loop is unnecessary because their signal
> structure is shared as well.
> Android updates oom_score_adj whenever a tasks changes its role
> (background/foreground/...) or binds to/unbinds from a service, making
> it more/less important. Such operation can happen frequently.
> We noticed that updates to oom_score_adj became more expensive and after
> further investigation found out that the patch mentioned in "Fixes"
> introduced a regression. Using Pixel 4 with a typical Android workload,
> write time to oom_score_adj increased from ~3.57us to ~362us. Moreover
> this regression linearly depends on the number of multi-threaded
> processes running on the system.
> Mark the mm with a new MMF_PROC_SHARED flag bit when task is created with
> (CLONE_VM && !CLONE_THREAD && !CLONE_VFORK). Change __set_oom_adj to use
> MMF_PROC_SHARED instead of mm_users to decide whether oom_score_adj
> update should be synchronized between multiple processes. To prevent
> races between clone() and __set_oom_adj(), when oom_score_adj of the
> process being cloned might be modified from userspace, we use
> oom_adj_mutex. Its scope is changed to global and it is renamed into
> oom_adj_lock for naming consistency with oom_lock. The combination of
> (CLONE_VM && !CLONE_THREAD) is rarely used except for the case of vfork().
> To prevent performance regressions of vfork(), we skip taking oom_adj_lock
> and setting MMF_PROC_SHARED when CLONE_VFORK is specified. Clearing the
> MMF_PROC_SHARED flag (when the last process sharing the mm exits) is left
> out of this patch to keep it simple and because it is believed that this
> threading model is rare. Should there ever be a need for optimizing that
> case as well, it can be done by hooking into the exit path, likely
> following the mm_update_next_owner pattern.
> With the combination of (CLONE_VM && !CLONE_THREAD && !CLONE_VFORK) being
> quite rare, the regression is gone after the change is applied.

This patch still makes my head hurt.

The obvious wrong things I have mentioned below.


> Fixes: 44a70adec910 ("mm, oom_adj: make sure processes sharing mm have same view of oom_score_adj")
> Reported-by: Tim Murray <timmurray@google.com>
> Debugged-by: Minchan Kim <minchan@kernel.org>
> Suggested-by: Michal Hocko <mhocko@kernel.org>
> Signed-off-by: Suren Baghdasaryan <surenb@google.com>
> ---
>
> v2:
> - Implemented proposal from Michal Hocko in:
> https://lore.kernel.org/linux-fsdevel/20200820124109.GI5033@dhcp22.suse.cz/
> - Updated description to reflect the change
>
> v1:
> - https://lore.kernel.org/linux-mm/20200820002053.1424000-1-surenb@google.com/
>
>  fs/proc/base.c                 |  7 +++----
>  include/linux/oom.h            |  1 +
>  include/linux/sched/coredump.h |  1 +
>  kernel/fork.c                  | 21 +++++++++++++++++++++
>  mm/oom_kill.c                  |  2 ++
>  5 files changed, 28 insertions(+), 4 deletions(-)
>
> diff --git a/fs/proc/base.c b/fs/proc/base.c
> index 617db4e0faa0..cff1a58a236c 100644
> --- a/fs/proc/base.c
> +++ b/fs/proc/base.c
> @@ -1055,7 +1055,6 @@ static ssize_t oom_adj_read(struct file *file, char __user *buf, size_t count,
>  
>  static int __set_oom_adj(struct file *file, int oom_adj, bool legacy)
>  {
> -	static DEFINE_MUTEX(oom_adj_mutex);
>  	struct mm_struct *mm = NULL;
>  	struct task_struct *task;
>  	int err = 0;
> @@ -1064,7 +1063,7 @@ static int __set_oom_adj(struct file *file, int oom_adj, bool legacy)
>  	if (!task)
>  		return -ESRCH;
>  
> -	mutex_lock(&oom_adj_mutex);
> +	mutex_lock(&oom_adj_lock);
>  	if (legacy) {
>  		if (oom_adj < task->signal->oom_score_adj &&
>  				!capable(CAP_SYS_RESOURCE)) {
> @@ -1095,7 +1094,7 @@ static int __set_oom_adj(struct file *file, int oom_adj, bool legacy)
>  		struct task_struct *p = find_lock_task_mm(task);
>  
>  		if (p) {
> -			if (atomic_read(&p->mm->mm_users) > 1) {
> +			if (test_bit(MMF_PROC_SHARED, &p->mm->flags)) {
>  				mm = p->mm;
>  				mmgrab(mm);
>  			}
> @@ -1132,7 +1131,7 @@ static int __set_oom_adj(struct file *file, int oom_adj, bool legacy)
>  		mmdrop(mm);
>  	}
>  err_unlock:
> -	mutex_unlock(&oom_adj_mutex);
> +	mutex_unlock(&oom_adj_lock);
>  	put_task_struct(task);
>  	return err;
>  }
> diff --git a/include/linux/oom.h b/include/linux/oom.h
> index f022f581ac29..861f22bd4706 100644
> --- a/include/linux/oom.h
> +++ b/include/linux/oom.h
> @@ -55,6 +55,7 @@ struct oom_control {
>  };
>  
>  extern struct mutex oom_lock;
> +extern struct mutex oom_adj_lock;
                       ^^^^^^^^^^^^^^

I understand moving this lock by why renaming it?

>  static inline void set_current_oom_origin(void)
>  {
> diff --git a/include/linux/sched/coredump.h b/include/linux/sched/coredump.h
> index ecdc6542070f..070629b722df 100644
> --- a/include/linux/sched/coredump.h
> +++ b/include/linux/sched/coredump.h
> @@ -72,6 +72,7 @@ static inline int get_dumpable(struct mm_struct *mm)
>  #define MMF_DISABLE_THP		24	/* disable THP for all VMAs */
>  #define MMF_OOM_VICTIM		25	/* mm is the oom victim */
>  #define MMF_OOM_REAP_QUEUED	26	/* mm was queued for oom_reaper */
> +#define MMF_PROC_SHARED	27	/* mm is shared while sighand is not */
           ^^^^^^^^^^^^^^^              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Arguably this is misnamed MMF_MULTIPROCESS is probably better.
The comment is definitely wrong.

>  #define MMF_DISABLE_THP_MASK	(1 << MMF_DISABLE_THP)
>  
>  #define MMF_INIT_MASK		(MMF_DUMPABLE_MASK | MMF_DUMP_FILTER_MASK |\
> diff --git a/kernel/fork.c b/kernel/fork.c
> index 4d32190861bd..6fce8ffa9b8b 100644
> --- a/kernel/fork.c
> +++ b/kernel/fork.c
> @@ -1809,6 +1809,25 @@ static __always_inline void delayed_free_task(struct task_struct *tsk)
>  		free_task(tsk);
>  }
>  
> +static void copy_oom_score_adj(u64 clone_flags, struct task_struct *tsk)
> +{
> +	/* Skip if kernel thread */
> +	if (!tsk->mm)
> +		return;
> +
> +	/* Skip if spawning a thread or using vfork */
> +	if ((clone_flags & (CLONE_VM | CLONE_THREAD | CLONE_VFORK)) != CLONE_VM)
> +		return;
> +
> +	/* We need to synchronize with __set_oom_adj */
> +	mutex_lock(&oom_adj_lock);
> +	set_bit(MMF_PROC_SHARED, &tsk->mm->flags);
> +	/* Update the values in case they were changed after copy_signal */
> +	tsk->signal->oom_score_adj = current->signal->oom_score_adj;
> +	tsk->signal->oom_score_adj_min = current->signal->oom_score_adj_min;
> +	mutex_unlock(&oom_adj_lock);

The copying and the setting of a bit on a mm should be logically
separate things.

This really makes my head hurt because the functionality is not
separated out.  I don't have a clue how we could maintain this
copy_oom_score_adj function.


> +}
> +
>  /*
>   * This creates a new process as a copy of the old one,
>   * but does not actually start it yet.
> @@ -2281,6 +2300,8 @@ static __latent_entropy struct task_struct *copy_process(
>  	trace_task_newtask(p, clone_flags);
>  	uprobe_copy_process(p, clone_flags);
>  
> +	copy_oom_score_adj(clone_flags, p);
> +
>  	return p;
>  
>  bad_fork_cancel_cgroup:
> diff --git a/mm/oom_kill.c b/mm/oom_kill.c
> index e90f25d6385d..c22f07c986cb 100644
> --- a/mm/oom_kill.c
> +++ b/mm/oom_kill.c
> @@ -64,6 +64,8 @@ int sysctl_oom_dump_tasks = 1;
>   * and mark_oom_victim
>   */
>  DEFINE_MUTEX(oom_lock);
> +/* Serializes oom_score_adj and oom_score_adj_min updates */
> +DEFINE_MUTEX(oom_adj_lock);
>  
>  static inline bool is_memcg_oom(struct oom_control *oc)
>  {

Eric

Suren Baghdasaryan Aug. 25, 2020, 5:36 p.m. UTC | #8

On Tue, Aug 25, 2020 at 9:38 AM Eric W. Biederman <ebiederm@xmission.com> wrote:
>
> Suren Baghdasaryan <surenb@google.com> writes:
>
> > Currently __set_oom_adj loops through all processes in the system to
> > keep oom_score_adj and oom_score_adj_min in sync between processes
> > sharing their mm. This is done for any task with more that one mm_users,
> > which includes processes with multiple threads (sharing mm and signals).
> > However for such processes the loop is unnecessary because their signal
> > structure is shared as well.
> > Android updates oom_score_adj whenever a tasks changes its role
> > (background/foreground/...) or binds to/unbinds from a service, making
> > it more/less important. Such operation can happen frequently.
> > We noticed that updates to oom_score_adj became more expensive and after
> > further investigation found out that the patch mentioned in "Fixes"
> > introduced a regression. Using Pixel 4 with a typical Android workload,
> > write time to oom_score_adj increased from ~3.57us to ~362us. Moreover
> > this regression linearly depends on the number of multi-threaded
> > processes running on the system.
> > Mark the mm with a new MMF_PROC_SHARED flag bit when task is created with
> > (CLONE_VM && !CLONE_THREAD && !CLONE_VFORK). Change __set_oom_adj to use
> > MMF_PROC_SHARED instead of mm_users to decide whether oom_score_adj
> > update should be synchronized between multiple processes. To prevent
> > races between clone() and __set_oom_adj(), when oom_score_adj of the
> > process being cloned might be modified from userspace, we use
> > oom_adj_mutex. Its scope is changed to global and it is renamed into
> > oom_adj_lock for naming consistency with oom_lock. The combination of
> > (CLONE_VM && !CLONE_THREAD) is rarely used except for the case of vfork().
> > To prevent performance regressions of vfork(), we skip taking oom_adj_lock
> > and setting MMF_PROC_SHARED when CLONE_VFORK is specified. Clearing the
> > MMF_PROC_SHARED flag (when the last process sharing the mm exits) is left
> > out of this patch to keep it simple and because it is believed that this
> > threading model is rare. Should there ever be a need for optimizing that
> > case as well, it can be done by hooking into the exit path, likely
> > following the mm_update_next_owner pattern.
> > With the combination of (CLONE_VM && !CLONE_THREAD && !CLONE_VFORK) being
> > quite rare, the regression is gone after the change is applied.
>
> This patch still makes my head hurt.

Sorry about that. It was not my intention and I wish there was a
simpler way to do this.

>
> The obvious wrong things I have mentioned below.
>
>
> > Fixes: 44a70adec910 ("mm, oom_adj: make sure processes sharing mm have same view of oom_score_adj")
> > Reported-by: Tim Murray <timmurray@google.com>
> > Debugged-by: Minchan Kim <minchan@kernel.org>
> > Suggested-by: Michal Hocko <mhocko@kernel.org>
> > Signed-off-by: Suren Baghdasaryan <surenb@google.com>
> > ---
> >
> > v2:
> > - Implemented proposal from Michal Hocko in:
> > https://lore.kernel.org/linux-fsdevel/20200820124109.GI5033@dhcp22.suse.cz/
> > - Updated description to reflect the change
> >
> > v1:
> > - https://lore.kernel.org/linux-mm/20200820002053.1424000-1-surenb@google.com/
> >
> >  fs/proc/base.c                 |  7 +++----
> >  include/linux/oom.h            |  1 +
> >  include/linux/sched/coredump.h |  1 +
> >  kernel/fork.c                  | 21 +++++++++++++++++++++
> >  mm/oom_kill.c                  |  2 ++
> >  5 files changed, 28 insertions(+), 4 deletions(-)
> >
> > diff --git a/fs/proc/base.c b/fs/proc/base.c
> > index 617db4e0faa0..cff1a58a236c 100644
> > --- a/fs/proc/base.c
> > +++ b/fs/proc/base.c
> > @@ -1055,7 +1055,6 @@ static ssize_t oom_adj_read(struct file *file, char __user *buf, size_t count,
> >
> >  static int __set_oom_adj(struct file *file, int oom_adj, bool legacy)
> >  {
> > -     static DEFINE_MUTEX(oom_adj_mutex);
> >       struct mm_struct *mm = NULL;
> >       struct task_struct *task;
> >       int err = 0;
> > @@ -1064,7 +1063,7 @@ static int __set_oom_adj(struct file *file, int oom_adj, bool legacy)
> >       if (!task)
> >               return -ESRCH;
> >
> > -     mutex_lock(&oom_adj_mutex);
> > +     mutex_lock(&oom_adj_lock);
> >       if (legacy) {
> >               if (oom_adj < task->signal->oom_score_adj &&
> >                               !capable(CAP_SYS_RESOURCE)) {
> > @@ -1095,7 +1094,7 @@ static int __set_oom_adj(struct file *file, int oom_adj, bool legacy)
> >               struct task_struct *p = find_lock_task_mm(task);
> >
> >               if (p) {
> > -                     if (atomic_read(&p->mm->mm_users) > 1) {
> > +                     if (test_bit(MMF_PROC_SHARED, &p->mm->flags)) {
> >                               mm = p->mm;
> >                               mmgrab(mm);
> >                       }
> > @@ -1132,7 +1131,7 @@ static int __set_oom_adj(struct file *file, int oom_adj, bool legacy)
> >               mmdrop(mm);
> >       }
> >  err_unlock:
> > -     mutex_unlock(&oom_adj_mutex);
> > +     mutex_unlock(&oom_adj_lock);
> >       put_task_struct(task);
> >       return err;
> >  }
> > diff --git a/include/linux/oom.h b/include/linux/oom.h
> > index f022f581ac29..861f22bd4706 100644
> > --- a/include/linux/oom.h
> > +++ b/include/linux/oom.h
> > @@ -55,6 +55,7 @@ struct oom_control {
> >  };
> >
> >  extern struct mutex oom_lock;
> > +extern struct mutex oom_adj_lock;
>                        ^^^^^^^^^^^^^^
>
> I understand moving this lock by why renaming it?

To be consistent with the mutex name right above it. I'm ok keeping it
as before if this is too much additional churn. I guess Michal deals
with this code more than anyone else, so I'll wait for him to comment
on this one.

>
> >  static inline void set_current_oom_origin(void)
> >  {
> > diff --git a/include/linux/sched/coredump.h b/include/linux/sched/coredump.h
> > index ecdc6542070f..070629b722df 100644
> > --- a/include/linux/sched/coredump.h
> > +++ b/include/linux/sched/coredump.h
> > @@ -72,6 +72,7 @@ static inline int get_dumpable(struct mm_struct *mm)
> >  #define MMF_DISABLE_THP              24      /* disable THP for all VMAs */
> >  #define MMF_OOM_VICTIM               25      /* mm is the oom victim */
> >  #define MMF_OOM_REAP_QUEUED  26      /* mm was queued for oom_reaper */
> > +#define MMF_PROC_SHARED      27      /* mm is shared while sighand is not */
>            ^^^^^^^^^^^^^^^              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> Arguably this is misnamed MMF_MULTIPROCESS is probably better.

SGTM. Thanks for the suggestion.

> The comment is definitely wrong.

Agree. Will change to "mm is shared while signal_struct is not"

>
> >  #define MMF_DISABLE_THP_MASK (1 << MMF_DISABLE_THP)
> >
> >  #define MMF_INIT_MASK                (MMF_DUMPABLE_MASK | MMF_DUMP_FILTER_MASK |\
> > diff --git a/kernel/fork.c b/kernel/fork.c
> > index 4d32190861bd..6fce8ffa9b8b 100644
> > --- a/kernel/fork.c
> > +++ b/kernel/fork.c
> > @@ -1809,6 +1809,25 @@ static __always_inline void delayed_free_task(struct task_struct *tsk)
> >               free_task(tsk);
> >  }
> >
> > +static void copy_oom_score_adj(u64 clone_flags, struct task_struct *tsk)
> > +{
> > +     /* Skip if kernel thread */
> > +     if (!tsk->mm)
> > +             return;
> > +
> > +     /* Skip if spawning a thread or using vfork */
> > +     if ((clone_flags & (CLONE_VM | CLONE_THREAD | CLONE_VFORK)) != CLONE_VM)
> > +             return;
> > +
> > +     /* We need to synchronize with __set_oom_adj */
> > +     mutex_lock(&oom_adj_lock);
> > +     set_bit(MMF_PROC_SHARED, &tsk->mm->flags);
> > +     /* Update the values in case they were changed after copy_signal */
> > +     tsk->signal->oom_score_adj = current->signal->oom_score_adj;
> > +     tsk->signal->oom_score_adj_min = current->signal->oom_score_adj_min;
> > +     mutex_unlock(&oom_adj_lock);
>
> The copying and the setting of a bit on a mm should be logically
> separate things.
>
> This really makes my head hurt because the functionality is not
> separated out.  I don't have a clue how we could maintain this
> copy_oom_score_adj function.
>

Copying oom_score_adj here is necessary to prevent a possible race
from creating inconsistent oom_score_adj for the cloned process. The
race this protects from is when __set_oom_adj happens after
copy_signal but before copy_oom_score_adj. In that case __set_oom_adj
will not see MMF_PROC_SHARED and therefore will not update
oom_score_adj of the cloned process. Copying oom_score_adj again
inside copy_oom_score_adj will fix such inconsistency. This is the
simplest way I see to keep things in sync until mm->oom_score_adj is
implemented (which I agree should happen but it's also a much bigger
change).

>
> > +}
> > +
> >  /*
> >   * This creates a new process as a copy of the old one,
> >   * but does not actually start it yet.
> > @@ -2281,6 +2300,8 @@ static __latent_entropy struct task_struct *copy_process(
> >       trace_task_newtask(p, clone_flags);
> >       uprobe_copy_process(p, clone_flags);
> >
> > +     copy_oom_score_adj(clone_flags, p);
> > +
> >       return p;
> >
> >  bad_fork_cancel_cgroup:
> > diff --git a/mm/oom_kill.c b/mm/oom_kill.c
> > index e90f25d6385d..c22f07c986cb 100644
> > --- a/mm/oom_kill.c
> > +++ b/mm/oom_kill.c
> > @@ -64,6 +64,8 @@ int sysctl_oom_dump_tasks = 1;
> >   * and mark_oom_victim
> >   */
> >  DEFINE_MUTEX(oom_lock);
> > +/* Serializes oom_score_adj and oom_score_adj_min updates */
> > +DEFINE_MUTEX(oom_adj_lock);
> >
> >  static inline bool is_memcg_oom(struct oom_control *oc)
> >  {
>
> Eric

Thanks everyone for the reviews and feedback! I'll wait for a couple
days to see if any other comments come in and will send a version with
fixes addressing Eric's concerns.

Michal Hocko Aug. 25, 2020, 7:12 p.m. UTC | #9

On Tue 25-08-20 10:36:45, Suren Baghdasaryan wrote:
> On Tue, Aug 25, 2020 at 9:38 AM Eric W. Biederman <ebiederm@xmission.com> wrote:
[...]
> > > diff --git a/include/linux/oom.h b/include/linux/oom.h
> > > index f022f581ac29..861f22bd4706 100644
> > > --- a/include/linux/oom.h
> > > +++ b/include/linux/oom.h
> > > @@ -55,6 +55,7 @@ struct oom_control {
> > >  };
> > >
> > >  extern struct mutex oom_lock;
> > > +extern struct mutex oom_adj_lock;
> >                        ^^^^^^^^^^^^^^
> >
> > I understand moving this lock by why renaming it?
> 
> To be consistent with the mutex name right above it. I'm ok keeping it
> as before if this is too much additional churn. I guess Michal deals
> with this code more than anyone else, so I'll wait for him to comment
> on this one.

I cannot say I would care deeply about naming. Consistency looks nice
but if there is a preference to keep the lock then I will not object.

Patch

diff --git a/fs/proc/base.c b/fs/proc/base.c
index 617db4e0faa0..cff1a58a236c 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -1055,7 +1055,6 @@  static ssize_t oom_adj_read(struct file *file, char __user *buf, size_t count,
 
 static int __set_oom_adj(struct file *file, int oom_adj, bool legacy)
 {
-	static DEFINE_MUTEX(oom_adj_mutex);
 	struct mm_struct *mm = NULL;
 	struct task_struct *task;
 	int err = 0;
@@ -1064,7 +1063,7 @@  static int __set_oom_adj(struct file *file, int oom_adj, bool legacy)
 	if (!task)
 		return -ESRCH;
 
-	mutex_lock(&oom_adj_mutex);
+	mutex_lock(&oom_adj_lock);
 	if (legacy) {
 		if (oom_adj < task->signal->oom_score_adj &&
 				!capable(CAP_SYS_RESOURCE)) {
@@ -1095,7 +1094,7 @@  static int __set_oom_adj(struct file *file, int oom_adj, bool legacy)
 		struct task_struct *p = find_lock_task_mm(task);
 
 		if (p) {
-			if (atomic_read(&p->mm->mm_users) > 1) {
+			if (test_bit(MMF_PROC_SHARED, &p->mm->flags)) {
 				mm = p->mm;
 				mmgrab(mm);
 			}
@@ -1132,7 +1131,7 @@  static int __set_oom_adj(struct file *file, int oom_adj, bool legacy)
 		mmdrop(mm);
 	}
 err_unlock:
-	mutex_unlock(&oom_adj_mutex);
+	mutex_unlock(&oom_adj_lock);
 	put_task_struct(task);
 	return err;
 }
diff --git a/include/linux/oom.h b/include/linux/oom.h
index f022f581ac29..861f22bd4706 100644
--- a/include/linux/oom.h
+++ b/include/linux/oom.h
@@ -55,6 +55,7 @@  struct oom_control {
 };
 
 extern struct mutex oom_lock;
+extern struct mutex oom_adj_lock;
 
 static inline void set_current_oom_origin(void)
 {
diff --git a/include/linux/sched/coredump.h b/include/linux/sched/coredump.h
index ecdc6542070f..070629b722df 100644
--- a/include/linux/sched/coredump.h
+++ b/include/linux/sched/coredump.h
@@ -72,6 +72,7 @@  static inline int get_dumpable(struct mm_struct *mm)
 #define MMF_DISABLE_THP		24	/* disable THP for all VMAs */
 #define MMF_OOM_VICTIM		25	/* mm is the oom victim */
 #define MMF_OOM_REAP_QUEUED	26	/* mm was queued for oom_reaper */
+#define MMF_PROC_SHARED	27	/* mm is shared while sighand is not */
 #define MMF_DISABLE_THP_MASK	(1 << MMF_DISABLE_THP)
 
 #define MMF_INIT_MASK		(MMF_DUMPABLE_MASK | MMF_DUMP_FILTER_MASK |\
diff --git a/kernel/fork.c b/kernel/fork.c
index 4d32190861bd..6fce8ffa9b8b 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -1809,6 +1809,25 @@  static __always_inline void delayed_free_task(struct task_struct *tsk)
 		free_task(tsk);
 }
 
+static void copy_oom_score_adj(u64 clone_flags, struct task_struct *tsk)
+{
+	/* Skip if kernel thread */
+	if (!tsk->mm)
+		return;
+
+	/* Skip if spawning a thread or using vfork */
+	if ((clone_flags & (CLONE_VM | CLONE_THREAD | CLONE_VFORK)) != CLONE_VM)
+		return;
+
+	/* We need to synchronize with __set_oom_adj */
+	mutex_lock(&oom_adj_lock);
+	set_bit(MMF_PROC_SHARED, &tsk->mm->flags);
+	/* Update the values in case they were changed after copy_signal */
+	tsk->signal->oom_score_adj = current->signal->oom_score_adj;
+	tsk->signal->oom_score_adj_min = current->signal->oom_score_adj_min;
+	mutex_unlock(&oom_adj_lock);
+}
+
 /*
  * This creates a new process as a copy of the old one,
  * but does not actually start it yet.
@@ -2281,6 +2300,8 @@  static __latent_entropy struct task_struct *copy_process(
 	trace_task_newtask(p, clone_flags);
 	uprobe_copy_process(p, clone_flags);
 
+	copy_oom_score_adj(clone_flags, p);
+
 	return p;
 
 bad_fork_cancel_cgroup:
diff --git a/mm/oom_kill.c b/mm/oom_kill.c
index e90f25d6385d..c22f07c986cb 100644
--- a/mm/oom_kill.c
+++ b/mm/oom_kill.c
@@ -64,6 +64,8 @@  int sysctl_oom_dump_tasks = 1;
  * and mark_oom_victim
  */
 DEFINE_MUTEX(oom_lock);
+/* Serializes oom_score_adj and oom_score_adj_min updates */
+DEFINE_MUTEX(oom_adj_lock);
 
 static inline bool is_memcg_oom(struct oom_control *oc)
 {