Re: [diamon-discuss] [RELEASE] LTTng-modules 2.9.11, 2.10.8, 2.11.0-rc2 (Linux kernel tracer)

[Mathieu Desnoyers <mathieu.desnoyers@efficios.com>]

----- On Nov 1, 2018, at 7:33 PM, Joel Fernandes via diamon-discuss diamon-discuss@lists.linuxfoundation.org wrote:

> On Thu, Nov 1, 2018 at 3:56 PM Mathieu Desnoyers
> <mathieu.desnoyers@efficios.com> wrote:
>>
>> Hi,
>>
>> This is a set of bugfix releases of the LTTng modules kernel tracer.
>> It covers the three currently active lttng-modules branches: the
>> 2.9 and 2.10 stable branches, as well as the 2.11 branch in release
>> candidate cycle.
>>
>> Those releases add support for kernel 4.19.
>>
>> One important improvement is to prevent allocation of buffers larger
>> than the available memory, which can cause the OOM killer to trigger.
>> Even if the OOM killer end up having to trigger, the current OOM kill
>> target is set to the current thread while allocating buffers.
> 
> This is interesting. Me and Steve were looking at exactly this issue
> with the ftrace ring buffer a few months ago. Turns out that even
> setting the OOM kill target may not be enough to prevent all OOMs. I
> don't remember the reason why not, I'll have to dig out those threads
> but that's what the -mm folks said at the time. I did remember vaguely
> that I tested it and the kill target doesn't always get killed.. its
> possible that something *other* parallel allocation can be victimized
> AFAIR, even though the culprit is the kill target.
> 

Hi Joel,

Sorry for the late reply. Thanks for your input!

Here is a description of the solution we implemented:

"   Get an estimate of the number of available pages and return ENOMEM if
    there are not enough pages to cover the needs of the caller. Also, mark
    the calling user thread as the first target for the OOM killer in case
    the estimate of available pages was wrong.
    
    This greatly reduces the attack surface of this issue as well as reducing
    its potential impact.
    
    This approach is inspired by the one taken by the Linux kernel
    trace ring buffer[1]."

This is implemented in commit 1f0ab1eb040 "Prevent allocation of buffers if exceeding available memory"
within lttng-modules.

Are you aware of another way to achieve this that would prevent the incorrect
OOM victimization scenario you describe above ?

Thanks,

Mathieu


-- 
Mathieu Desnoyers
EfficiOS Inc.
http://www.efficios.com