On Fri 08-07-22 10:48:58, Alexei Starovoitov wrote: > On Fri, Jul 08, 2022 at 03:41:47PM +0200, Michal Hocko wrote: [...] > > Finally it is not really clear to what kind of entity is the life time > > of these caches bound to. Let's say the system goes OOM, is any process > > responsible for it and a clean up would be done if it gets killed? > > We've been asking these questions for years and have been trying to > come up with a solution. > bpf progs are not analogous to user space processes. > There are bpf progs that function completely without user space component. > bpf progs are pretty close to be full featured kernel modules with > the difference that bpf progs are safe, portable and users have > full visibility into them (source code, line info, type info, etc) > They are not binary blobs unlike kernel modules. > But from OOM perspective they're pretty much like .ko-s. > Which kernel module would you force unload when system is OOMing ? > Force unloading ko-s will likely crash the system. > Force unloading bpf progs maybe equally bad. The system won't crash, > but it may be a sorrow state. The bpf could have been doing security > enforcement or network firewall or providing key insights to critical > user space components like systemd or health check daemon. > We've been discussing ideas on how to rank and auto cleanup > the system state when progs have to be unloaded. Some sort of > destructor mechanism. Fingers crossed we will have it eventually. > bpf infra keeps track of everything, of course. > Technically we can detach, unpin and unload everything and all memory > will be returned back to the system. > Anyhow not a new problem. Orthogonal to this patch set. > bpf progs have been doing memory allocation from day one. 8 years ago. > This patch set is trying to make it 100% safe. > Currently it's 99% safe. OK, thanks for the clarification. There is still one thing that is not really clear to me. Without a proper ownership bound to any process why is it desired/helpful to account the memory to a memcg? We have discussed something similar in a different email thread and I still didn't manage to find time to put all the parts together. But if the initiator (or however you call the process which loads the program) exits then this might be the last process in the specific cgroup and so it can be offlined and mostly invisible to an admin. As you have explained there is nothing really actionable on this memory by the OOM killer either. So does it actually buy us much to account? -- Michal Hocko SUSE Labs