On 2021/10/25 17:04, Michal Hocko wrote: > I do not think there is any guarantee. This code has meant to be a > safeguard but it turns out to be adding more harm than a safety. There > are several scenarios mentioned in this thread where this would be > counter productive or outright wrong thing to do. Setting PR_IO_FLUSHER via prctl(PR_SET_IO_FLUSHER) + hitting legacy kmem charge limit might be an unexpected combination? > > On the other hand it is hard to imagine any legitimate situation where > this would be a right thing to do. Maybe you have something more > specific in mind? What would be the legit code to rely on OOM handling > out of the line (where the details about the allocation scope is lost)? I don't have specific scenario, but I feel that it might be a chance to retry killable vmalloc(). Commit b8c8a338f75e ("Revert "vmalloc: back off when the current task is killed"") was 4.5 years ago, and fuzz testing found many bugs triggered by memory allocation fault injection. Thus, I think that the direction is going towards "we can fail memory allocation upon SIGKILL (rather than worrying about depleting memory reserves and/or escalating to global OOM killer invocations)". Most memory allocation requests which allocate memory for userspace process are willing to give up upon SIGKILL. Like you are trying to add NOFS, NOIO, NOFAIL support to vmalloc(), you could consider KILLABLE support as well. Of course, direct reclaim makes it difficult to immediately give up upon SIGKILL, but killable allocation sounds still nice even if best-effort basis.