oom_kill.c 11.7 KB
Newer Older
L
Linus Torvalds 已提交
1 2 3 4 5 6 7 8
/*
 *  linux/mm/oom_kill.c
 * 
 *  Copyright (C)  1998,2000  Rik van Riel
 *	Thanks go out to Claus Fischer for some serious inspiration and
 *	for goading me into coding this file...
 *
 *  The routines in this file are used to kill a process when
P
Paul Jackson 已提交
9 10
 *  we're seriously out of memory. This gets called from __alloc_pages()
 *  in mm/page_alloc.c when we really run out of memory.
L
Linus Torvalds 已提交
11 12 13 14 15 16 17
 *
 *  Since we won't call these routines often (on a well-configured
 *  machine) this file will double as a 'coding guide' and a signpost
 *  for newbie kernel hackers. It features several pointers to major
 *  kernel subsystems and hints as to where to find out what things do.
 */

18
#include <linux/oom.h>
L
Linus Torvalds 已提交
19 20 21 22 23
#include <linux/mm.h>
#include <linux/sched.h>
#include <linux/swap.h>
#include <linux/timex.h>
#include <linux/jiffies.h>
24
#include <linux/cpuset.h>
25 26
#include <linux/module.h>
#include <linux/notifier.h>
L
Linus Torvalds 已提交
27

28
int sysctl_panic_on_oom;
L
Linus Torvalds 已提交
29 30 31
/* #define DEBUG */

/**
32
 * badness - calculate a numeric value for how bad this task has been
L
Linus Torvalds 已提交
33
 * @p: task struct of which task we should calculate
P
Paul Jackson 已提交
34
 * @uptime: current uptime in seconds
L
Linus Torvalds 已提交
35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52
 *
 * The formula used is relatively simple and documented inline in the
 * function. The main rationale is that we want to select a good task
 * to kill when we run out of memory.
 *
 * Good in this context means that:
 * 1) we lose the minimum amount of work done
 * 2) we recover a large amount of memory
 * 3) we don't kill anything innocent of eating tons of memory
 * 4) we want to kill the minimum amount of processes (one)
 * 5) we try to kill the process the user expects us to kill, this
 *    algorithm has been meticulously tuned to meet the principle
 *    of least surprise ... (be careful when you change it)
 */

unsigned long badness(struct task_struct *p, unsigned long uptime)
{
	unsigned long points, cpu_time, run_time, s;
A
Andrew Morton 已提交
53 54
	struct mm_struct *mm;
	struct task_struct *child;
L
Linus Torvalds 已提交
55

A
Andrew Morton 已提交
56 57 58 59
	task_lock(p);
	mm = p->mm;
	if (!mm) {
		task_unlock(p);
L
Linus Torvalds 已提交
60
		return 0;
A
Andrew Morton 已提交
61
	}
L
Linus Torvalds 已提交
62

N
Nick Piggin 已提交
63 64 65 66 67 68
	/*
	 * swapoff can easily use up all memory, so kill those first.
	 */
	if (p->flags & PF_SWAPOFF)
		return ULONG_MAX;

L
Linus Torvalds 已提交
69 70 71
	/*
	 * The memory size of the process is the basis for the badness.
	 */
A
Andrew Morton 已提交
72 73 74 75 76 77
	points = mm->total_vm;

	/*
	 * After this unlock we can no longer dereference local variable `mm'
	 */
	task_unlock(p);
L
Linus Torvalds 已提交
78 79 80

	/*
	 * Processes which fork a lot of child processes are likely
81
	 * a good choice. We add half the vmsize of the children if they
L
Linus Torvalds 已提交
82
	 * have an own mm. This prevents forking servers to flood the
83 84 85
	 * machine with an endless amount of children. In case a single
	 * child is eating the vast majority of memory, adding only half
	 * to the parents will make the child our kill candidate of choice.
L
Linus Torvalds 已提交
86
	 */
A
Andrew Morton 已提交
87 88 89 90 91
	list_for_each_entry(child, &p->children, sibling) {
		task_lock(child);
		if (child->mm != mm && child->mm)
			points += child->mm->total_vm/2 + 1;
		task_unlock(child);
L
Linus Torvalds 已提交
92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137
	}

	/*
	 * CPU time is in tens of seconds and run time is in thousands
         * of seconds. There is no particular reason for this other than
         * that it turned out to work very well in practice.
	 */
	cpu_time = (cputime_to_jiffies(p->utime) + cputime_to_jiffies(p->stime))
		>> (SHIFT_HZ + 3);

	if (uptime >= p->start_time.tv_sec)
		run_time = (uptime - p->start_time.tv_sec) >> 10;
	else
		run_time = 0;

	s = int_sqrt(cpu_time);
	if (s)
		points /= s;
	s = int_sqrt(int_sqrt(run_time));
	if (s)
		points /= s;

	/*
	 * Niced processes are most likely less important, so double
	 * their badness points.
	 */
	if (task_nice(p) > 0)
		points *= 2;

	/*
	 * Superuser processes are usually more important, so we make it
	 * less likely that we kill those.
	 */
	if (cap_t(p->cap_effective) & CAP_TO_MASK(CAP_SYS_ADMIN) ||
				p->uid == 0 || p->euid == 0)
		points /= 4;

	/*
	 * We don't want to kill a process with direct hardware access.
	 * Not only could that mess up the hardware, but usually users
	 * tend to only have this flag set on applications they think
	 * of as important.
	 */
	if (cap_t(p->cap_effective) & CAP_TO_MASK(CAP_SYS_RAWIO))
		points /= 4;

N
Nick Piggin 已提交
138 139 140 141 142 143 144 145
	/*
	 * If p's nodes don't overlap ours, it may still help to kill p
	 * because p may have allocated or otherwise mapped memory on
	 * this node before. However it will be less likely.
	 */
	if (!cpuset_excl_nodes_overlap(p))
		points /= 8;

L
Linus Torvalds 已提交
146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162
	/*
	 * Adjust the score by oomkilladj.
	 */
	if (p->oomkilladj) {
		if (p->oomkilladj > 0)
			points <<= p->oomkilladj;
		else
			points >>= -(p->oomkilladj);
	}

#ifdef DEBUG
	printk(KERN_DEBUG "OOMkill: task %d (%s) got %d points\n",
	p->pid, p->comm, points);
#endif
	return points;
}

163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180
/*
 * Types of limitations to the nodes from which allocations may occur
 */
#define CONSTRAINT_NONE 1
#define CONSTRAINT_MEMORY_POLICY 2
#define CONSTRAINT_CPUSET 3

/*
 * Determine the type of allocation constraint.
 */
static inline int constrained_alloc(struct zonelist *zonelist, gfp_t gfp_mask)
{
#ifdef CONFIG_NUMA
	struct zone **z;
	nodemask_t nodes = node_online_map;

	for (z = zonelist->zones; *z; z++)
		if (cpuset_zone_allowed(*z, gfp_mask))
181
			node_clear(zone_to_nid(*z), nodes);
182 183 184 185 186 187 188 189 190 191
		else
			return CONSTRAINT_CPUSET;

	if (!nodes_empty(nodes))
		return CONSTRAINT_MEMORY_POLICY;
#endif

	return CONSTRAINT_NONE;
}

L
Linus Torvalds 已提交
192 193 194 195 196 197
/*
 * Simple selection loop. We chose the process with the highest
 * number of 'points'. We expect the caller will lock the tasklist.
 *
 * (not docbooked, we don't want this one cluttering up the manual)
 */
198
static struct task_struct *select_bad_process(unsigned long *ppoints)
L
Linus Torvalds 已提交
199 200 201 202
{
	struct task_struct *g, *p;
	struct task_struct *chosen = NULL;
	struct timespec uptime;
203
	*ppoints = 0;
L
Linus Torvalds 已提交
204 205

	do_posix_clock_monotonic_gettime(&uptime);
P
Paul Jackson 已提交
206 207 208
	do_each_thread(g, p) {
		unsigned long points;

209 210 211 212
		/*
		 * skip kernel threads and tasks which have already released
		 * their mm.
		 */
213 214
		if (!p->mm)
			continue;
215 216
		/* skip the init task */
		if (is_init(p))
P
Paul Jackson 已提交
217
			continue;
218

219 220 221 222 223 224 225 226 227 228 229 230
		/*
		 * This task already has access to memory reserves and is
		 * being killed. Don't allow any other task access to the
		 * memory reserve.
		 *
		 * Note: this may have a chance of deadlock if it gets
		 * blocked waiting for another task which itself is waiting
		 * for memory. Is there a better alternative?
		 */
		if (test_tsk_thread_flag(p, TIF_MEMDIE))
			return ERR_PTR(-1UL);

P
Paul Jackson 已提交
231
		/*
232
		 * This is in the process of releasing memory so wait for it
P
Paul Jackson 已提交
233
		 * to finish before killing some other task by mistake.
234 235 236 237 238
		 *
		 * However, if p is the current task, we allow the 'kill' to
		 * go ahead if it is exiting: this will simply set TIF_MEMDIE,
		 * which will allow it to gain access to memory reserves in
		 * the process of exiting and releasing its resources.
239
		 * Otherwise we could get an easy OOM deadlock.
P
Paul Jackson 已提交
240
		 */
241 242 243 244
		if (p->flags & PF_EXITING) {
			if (p != current)
				return ERR_PTR(-1UL);

245 246
			chosen = p;
			*ppoints = ULONG_MAX;
247
		}
248

249 250
		if (p->oomkilladj == OOM_DISABLE)
			continue;
P
Paul Jackson 已提交
251 252

		points = badness(p, uptime.tv_sec);
253
		if (points > *ppoints || !chosen) {
P
Paul Jackson 已提交
254
			chosen = p;
255
			*ppoints = points;
L
Linus Torvalds 已提交
256
		}
P
Paul Jackson 已提交
257
	} while_each_thread(g, p);
258

L
Linus Torvalds 已提交
259 260 261 262
	return chosen;
}

/**
263 264 265
 * Send SIGKILL to the selected  process irrespective of  CAP_SYS_RAW_IO
 * flag though it's unlikely that  we select a process with CAP_SYS_RAW_IO
 * set.
L
Linus Torvalds 已提交
266
 */
N
Nick Piggin 已提交
267
static void __oom_kill_task(struct task_struct *p, int verbose)
L
Linus Torvalds 已提交
268
{
269
	if (is_init(p)) {
L
Linus Torvalds 已提交
270 271 272 273 274
		WARN_ON(1);
		printk(KERN_WARNING "tried to kill init!\n");
		return;
	}

275
	if (!p->mm) {
L
Linus Torvalds 已提交
276 277 278 279
		WARN_ON(1);
		printk(KERN_WARNING "tried to kill an mm-less task!\n");
		return;
	}
280

N
Nick Piggin 已提交
281 282
	if (verbose)
		printk(KERN_ERR "Killed process %d (%s)\n", p->pid, p->comm);
L
Linus Torvalds 已提交
283 284 285 286 287 288 289 290 291 292 293 294

	/*
	 * We give our sacrificial lamb high priority and access to
	 * all the memory it needs. That way it should be able to
	 * exit() and clear out its resources quickly...
	 */
	p->time_slice = HZ;
	set_tsk_thread_flag(p, TIF_MEMDIE);

	force_sig(SIGKILL, p);
}

N
Nick Piggin 已提交
295
static int oom_kill_task(struct task_struct *p)
L
Linus Torvalds 已提交
296
{
297
	struct mm_struct *mm;
298
	struct task_struct *g, *q;
L
Linus Torvalds 已提交
299

300 301 302 303 304 305 306 307 308 309 310
	mm = p->mm;

	/* WARNING: mm may not be dereferenced since we did not obtain its
	 * value from get_task_mm(p).  This is OK since all we need to do is
	 * compare mm to q->mm below.
	 *
	 * Furthermore, even if mm contains a non-NULL value, p->mm may
	 * change to NULL at any time since we do not hold task_lock(p).
	 * However, this is of no concern to us.
	 */

311
	if (mm == NULL)
312
		return 1;
L
Linus Torvalds 已提交
313

314 315 316 317 318 319 320 321
	/*
	 * Don't kill the process if any threads are set to OOM_DISABLE
	 */
	do_each_thread(g, q) {
		if (q->mm == mm && p->oomkilladj == OOM_DISABLE)
			return 1;
	} while_each_thread(g, q);

N
Nick Piggin 已提交
322
	__oom_kill_task(p, 1);
323

L
Linus Torvalds 已提交
324 325
	/*
	 * kill all processes that share the ->mm (i.e. all threads),
N
Nick Piggin 已提交
326 327
	 * but are in a different thread group. Don't let them have access
	 * to memory reserves though, otherwise we might deplete all memory.
L
Linus Torvalds 已提交
328
	 */
329
	do_each_thread(g, q) {
L
Linus Torvalds 已提交
330
		if (q->mm == mm && q->tgid != p->tgid)
N
Nick Piggin 已提交
331
			force_sig(SIGKILL, p);
332
	} while_each_thread(g, q);
L
Linus Torvalds 已提交
333

334
	return 0;
L
Linus Torvalds 已提交
335 336
}

337 338
static int oom_kill_process(struct task_struct *p, unsigned long points,
		const char *message)
L
Linus Torvalds 已提交
339 340 341 342
{
	struct task_struct *c;
	struct list_head *tsk;

343 344 345 346 347
	/*
	 * If the task is already exiting, don't alarm the sysadmin or kill
	 * its children or threads, just set TIF_MEMDIE so it can die quickly
	 */
	if (p->flags & PF_EXITING) {
N
Nick Piggin 已提交
348
		__oom_kill_task(p, 0);
349 350 351
		return 0;
	}

N
Nick Piggin 已提交
352 353 354
	printk(KERN_ERR "%s: kill process %d (%s) score %li or a child\n",
					message, p->pid, p->comm, points);

L
Linus Torvalds 已提交
355 356 357 358 359
	/* Try to kill a child first */
	list_for_each(tsk, &p->children) {
		c = list_entry(tsk, struct task_struct, sibling);
		if (c->mm == p->mm)
			continue;
N
Nick Piggin 已提交
360
		if (!oom_kill_task(c))
361
			return 0;
L
Linus Torvalds 已提交
362
	}
N
Nick Piggin 已提交
363
	return oom_kill_task(p);
L
Linus Torvalds 已提交
364 365
}

366 367 368 369 370 371 372 373 374 375 376 377 378 379
static BLOCKING_NOTIFIER_HEAD(oom_notify_list);

int register_oom_notifier(struct notifier_block *nb)
{
	return blocking_notifier_chain_register(&oom_notify_list, nb);
}
EXPORT_SYMBOL_GPL(register_oom_notifier);

int unregister_oom_notifier(struct notifier_block *nb)
{
	return blocking_notifier_chain_unregister(&oom_notify_list, nb);
}
EXPORT_SYMBOL_GPL(unregister_oom_notifier);

L
Linus Torvalds 已提交
380
/**
381
 * out_of_memory - kill the "best" process when we run out of memory
L
Linus Torvalds 已提交
382 383 384 385 386 387
 *
 * If we run out of memory, we have the choice between either
 * killing a random task (bad), letting the system crash (worse)
 * OR try to be smart about which process to kill. Note that we
 * don't have to be perfect here, we just have to be good.
 */
388
void out_of_memory(struct zonelist *zonelist, gfp_t gfp_mask, int order)
L
Linus Torvalds 已提交
389
{
390
	struct task_struct *p;
391
	unsigned long points = 0;
392 393 394 395 396 397
	unsigned long freed = 0;

	blocking_notifier_call_chain(&oom_notify_list, 0, &freed);
	if (freed > 0)
		/* Got some memory back in the last second. */
		return;
L
Linus Torvalds 已提交
398

399
	if (printk_ratelimit()) {
N
Nick Piggin 已提交
400 401 402
		printk(KERN_WARNING "%s invoked oom-killer: "
			"gfp_mask=0x%x, order=%d, oomkilladj=%d\n",
			current->comm, gfp_mask, order, current->oomkilladj);
403
		dump_stack();
404 405
		show_mem();
	}
J
Janet Morgan 已提交
406

P
Paul Jackson 已提交
407
	cpuset_lock();
L
Linus Torvalds 已提交
408
	read_lock(&tasklist_lock);
409 410 411 412 413 414 415

	/*
	 * Check if there were limitations on the allocation (only relevant for
	 * NUMA) that may require different handling.
	 */
	switch (constrained_alloc(zonelist, gfp_mask)) {
	case CONSTRAINT_MEMORY_POLICY:
416
		oom_kill_process(current, points,
417 418 419 420
				"No available memory (MPOL_BIND)");
		break;

	case CONSTRAINT_CPUSET:
421
		oom_kill_process(current, points,
422 423 424 425
				"No available memory in cpuset");
		break;

	case CONSTRAINT_NONE:
426 427
		if (sysctl_panic_on_oom)
			panic("out of memory. panic_on_oom is selected\n");
L
Linus Torvalds 已提交
428
retry:
429 430 431 432 433
		/*
		 * Rambo mode: Shoot down a process and hope it solves whatever
		 * issues we may have.
		 */
		p = select_bad_process(&points);
L
Linus Torvalds 已提交
434

435 436
		if (PTR_ERR(p) == -1UL)
			goto out;
L
Linus Torvalds 已提交
437

438 439 440 441 442 443
		/* Found nothing?!?! Either we hang forever, or we panic. */
		if (!p) {
			read_unlock(&tasklist_lock);
			cpuset_unlock();
			panic("Out of memory and no killable processes...\n");
		}
L
Linus Torvalds 已提交
444

445
		if (oom_kill_process(p, points, "Out of memory"))
446 447 448 449
			goto retry;

		break;
	}
L
Linus Torvalds 已提交
450

451
out:
452
	read_unlock(&tasklist_lock);
P
Paul Jackson 已提交
453
	cpuset_unlock();
L
Linus Torvalds 已提交
454 455 456

	/*
	 * Give "p" a good chance of killing itself before we
457
	 * retry to allocate memory unless "p" is current
L
Linus Torvalds 已提交
458
	 */
459
	if (!test_thread_flag(TIF_MEMDIE))
460
		schedule_timeout_uninterruptible(1);
L
Linus Torvalds 已提交
461
}