On Mon, Dec 15, 2025 at 7:51 PM Maxime Ripard <[email protected]> wrote: > > Hi TJ,
Hi Maxime, > On Fri, Dec 12, 2025 at 08:25:19AM +0900, T.J. Mercier wrote: > > On Fri, Dec 12, 2025 at 4:31 AM Eric Chanudet <[email protected]> wrote: > > > > > > The system dma-buf heap lets userspace allocate buffers from the page > > > allocator. However, these allocations are not accounted for in memcg, > > > allowing processes to escape limits that may be configured. > > > > > > Pass the __GFP_ACCOUNT for our allocations to account them into memcg. > > > > We had a discussion just last night in the MM track at LPC about how > > shared memory accounted in memcg is pretty broken. Without a way to > > identify (and possibly transfer) ownership of a shared buffer, this > > makes the accounting of shared memory, and zombie memcg problems > > worse. :\ > > Are there notes or a report from that discussion anywhere? The LPC vids haven't been clipped yet, and actually I can't even find the recorded full live stream from Hall A2 on the first day. So I don't think there's anything to look at, but I bet there's probably nothing there you don't already know. > The way I see it, the dma-buf heaps *trivial* case is non-existent at > the moment and that's definitely broken. Any application can bypass its > cgroups limits trivially, and that's a pretty big hole in the system. Agree, but if we only charge the first allocator then limits can still easily be bypassed assuming an app can cause an allocation outside of its cgroup tree. I'm not sure using static memcg limits where a significant portion of the memory can be shared is really feasible. Even with just pagecache being charged to memcgs, we're having trouble defining a static memcg limit that is really useful since it has to be high enough to accomodate occasional spikes due to shared memory that might or might not be charged (since it can only be charged to one memcg - it may be spread around or it may all get charged to one memcg). So excessive anonymous use has to get really bad before it gets punished. What I've been hearing lately is that folks are polling memory.stat or PSI or other metrics and using that to take actions (memory.reclaim / killing / adjust memory.high) at runtime rather than relying on memory.high/max behavior with a static limit. > The shared ownership is indeed broken, but it's not more or less broken > than, say, memfd + udmabuf, and I'm sure plenty of others. One thing that's worse about system heap buffers is that unlike memfd the memory isn't reclaimable. So without killing all users there's currently no way to deal with the zombie issue. Harry's proposing reparenting, but I don't think our current interfaces support that because we'd have to mess with the page structs behind system heap dmabufs to change the memcg during reparenting. Ah... but udmabuf pins the memfd pages, so you're right that memfd + udmabuf isn't worse. > So we really improve the common case, but only make the "advanced" > slightly more broken than it already is. > > Would you disagree? I think memcg limits in this case just wouldn't be usable because of what I mentioned above. In our common case the allocator is in a different cgroup tree than the real users of the buffer. > Maxime
