On Tue, Apr 03, 2018 at 02:19:50PM +0200, Michal Hocko wrote:
> On Tue 03-04-18 05:14:14, Matthew Wilcox wrote:
> > On Fri, Mar 30, 2018 at 07:34:59PM +0900, Tetsuo Handa wrote:
> > > Maybe we can make "give up by default upon SIGKILL" and let callers
> > > explicitly say "do not give up upon SIGKILL".
> >
> > I really strongly disapprove of this patch. This GFP flag will be abused
> > like every other GFP flag.
> >
> > > +++ b/mm/page_alloc.c
> > > @@ -4183,6 +4183,13 @@ bool gfp_pfmemalloc_allowed(gfp_t gfp_mask)
> > > if (current->flags & PF_MEMALLOC)
> > > goto nopage;
> > >
> > > + /* Can give up if caller is willing to give up upon fatal signals */
> > > + if (fatal_signal_pending(current) &&
> > > + !(gfp_mask & (__GFP_UNKILLABLE | __GFP_NOFAIL))) {
> > > + gfp_mask |= __GFP_NOWARN;
> > > + goto nopage;
> > > + }
> > > +
> > > /* Try direct reclaim and then allocating */
> >
> > This part is superficially tempting, although without the UNKILLABLE. ie:
> >
> > + if (fatal_signal_pending(current) && !(gfp_mask & __GFP_NOFAIL)) {
> > + gfp_mask |= __GFP_NOWARN;
> > + goto nopage;
> > + }
> >
> > It makes some sense to me to prevent tasks with a fatal signal pending
> > from being able to trigger reclaim. But I'm worried about what memory
> > allocation failures it might trigger on paths that aren't accustomed to
> > seeing failures.
>
> Please be aware that we _do_ allocate in the exit path. I have a strong
> suspicion that even while fatal signal is pending. Do we really want
> fail those really easily.
I agree. The allocations I'm thinking about are NFS wanting to send
I/Os in order to fsync each file that gets closed. We probably don't
want those to fail. And we definitely don't want to chase around the
kernel adding __GFP_KILLABLE to each place that we discover needs to
allocate on the exit path.
