projects / deliverable / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
oom: PF_EXITING check should take mm into account
[deliverable/linux.git] / mm / oom_kill.c
1 /*
2 * linux/mm/oom_kill.c
3 *
4 * Copyright (C) 1998,2000 Rik van Riel
5 * Thanks go out to Claus Fischer for some serious inspiration and
6 * for goading me into coding this file...
7 *
8 * The routines in this file are used to kill a process when
9 * we're seriously out of memory. This gets called from __alloc_pages()
10 * in mm/page_alloc.c when we really run out of memory.
11 *
12 * Since we won't call these routines often (on a well-configured
13 * machine) this file will double as a 'coding guide' and a signpost
14 * for newbie kernel hackers. It features several pointers to major
15 * kernel subsystems and hints as to where to find out what things do.
16 */
17
18 #include <linux/oom.h>
19 #include <linux/mm.h>
20 #include <linux/err.h>
21 #include <linux/gfp.h>
22 #include <linux/sched.h>
23 #include <linux/swap.h>
24 #include <linux/timex.h>
25 #include <linux/jiffies.h>
26 #include <linux/cpuset.h>
27 #include <linux/module.h>
28 #include <linux/notifier.h>
29 #include <linux/memcontrol.h>
30 #include <linux/security.h>
31
32 int sysctl_panic_on_oom;
33 int sysctl_oom_kill_allocating_task;
34 int sysctl_oom_dump_tasks;
35 static DEFINE_SPINLOCK(zone_scan_lock);
36 /* #define DEBUG */
37
38 /*
39 * Is all threads of the target process nodes overlap ours?
40 */
41 static int has_intersects_mems_allowed(struct task_struct *tsk)
42 {
43 struct task_struct *t;
44
45 t = tsk;
46 do {
47 if (cpuset_mems_allowed_intersects(current, t))
48 return 1;
49 t = next_thread(t);
50 } while (t != tsk);
51
52 return 0;
53 }
54
55 /**
56 * badness - calculate a numeric value for how bad this task has been
57 * @p: task struct of which task we should calculate
58 * @uptime: current uptime in seconds
59 *
60 * The formula used is relatively simple and documented inline in the
61 * function. The main rationale is that we want to select a good task
62 * to kill when we run out of memory.
63 *
64 * Good in this context means that:
65 * 1) we lose the minimum amount of work done
66 * 2) we recover a large amount of memory
67 * 3) we don't kill anything innocent of eating tons of memory
68 * 4) we want to kill the minimum amount of processes (one)
69 * 5) we try to kill the process the user expects us to kill, this
70 * algorithm has been meticulously tuned to meet the principle
71 * of least surprise ... (be careful when you change it)
72 */
73
74 unsigned long badness(struct task_struct *p, unsigned long uptime)
75 {
76 unsigned long points, cpu_time, run_time;
77 struct mm_struct *mm;
78 struct task_struct *child;
79 int oom_adj = p->signal->oom_adj;
80 struct task_cputime task_time;
81 unsigned long utime;
82 unsigned long stime;
83
84 if (oom_adj == OOM_DISABLE)
85 return 0;
86
87 task_lock(p);
88 mm = p->mm;
89 if (!mm) {
90 task_unlock(p);
91 return 0;
92 }
93
94 /*
95 * The memory size of the process is the basis for the badness.
96 */
97 points = mm->total_vm;
98
99 /*
100 * After this unlock we can no longer dereference local variable `mm'
101 */
102 task_unlock(p);
103
104 /*
105 * swapoff can easily use up all memory, so kill those first.
106 */
107 if (p->flags & PF_OOM_ORIGIN)
108 return ULONG_MAX;
109
110 /*
111 * Processes which fork a lot of child processes are likely
112 * a good choice. We add half the vmsize of the children if they
113 * have an own mm. This prevents forking servers to flood the
114 * machine with an endless amount of children. In case a single
115 * child is eating the vast majority of memory, adding only half
116 * to the parents will make the child our kill candidate of choice.
117 */
118 list_for_each_entry(child, &p->children, sibling) {
119 task_lock(child);
120 if (child->mm != mm && child->mm)
121 points += child->mm->total_vm/2 + 1;
122 task_unlock(child);
123 }
124
125 /*
126 * CPU time is in tens of seconds and run time is in thousands
127 * of seconds. There is no particular reason for this other than
128 * that it turned out to work very well in practice.
129 */
130 thread_group_cputime(p, &task_time);
131 utime = cputime_to_jiffies(task_time.utime);
132 stime = cputime_to_jiffies(task_time.stime);
133 cpu_time = (utime + stime) >> (SHIFT_HZ + 3);
134
135
136 if (uptime >= p->start_time.tv_sec)
137 run_time = (uptime - p->start_time.tv_sec) >> 10;
138 else
139 run_time = 0;
140
141 if (cpu_time)
142 points /= int_sqrt(cpu_time);
143 if (run_time)
144 points /= int_sqrt(int_sqrt(run_time));
145
146 /*
147 * Niced processes are most likely less important, so double
148 * their badness points.
149 */
150 if (task_nice(p) > 0)
151 points *= 2;
152
153 /*
154 * Superuser processes are usually more important, so we make it
155 * less likely that we kill those.
156 */
157 if (has_capability_noaudit(p, CAP_SYS_ADMIN) ||
158 has_capability_noaudit(p, CAP_SYS_RESOURCE))
159 points /= 4;
160
161 /*
162 * We don't want to kill a process with direct hardware access.
163 * Not only could that mess up the hardware, but usually users
164 * tend to only have this flag set on applications they think
165 * of as important.
166 */
167 if (has_capability_noaudit(p, CAP_SYS_RAWIO))
168 points /= 4;
169
170 /*
171 * If p's nodes don't overlap ours, it may still help to kill p
172 * because p may have allocated or otherwise mapped memory on
173 * this node before. However it will be less likely.
174 */
175 if (!has_intersects_mems_allowed(p))
176 points /= 8;
177
178 /*
179 * Adjust the score by oom_adj.
180 */
181 if (oom_adj) {
182 if (oom_adj > 0) {
183 if (!points)
184 points = 1;
185 points <<= oom_adj;
186 } else
187 points >>= -(oom_adj);
188 }
189
190 #ifdef DEBUG
191 printk(KERN_DEBUG "OOMkill: task %d (%s) got %lu points\n",
192 p->pid, p->comm, points);
193 #endif
194 return points;
195 }
196
197 /*
198 * Determine the type of allocation constraint.
199 */
200 #ifdef CONFIG_NUMA
201 static enum oom_constraint constrained_alloc(struct zonelist *zonelist,
202 gfp_t gfp_mask, nodemask_t *nodemask)
203 {
204 struct zone *zone;
205 struct zoneref *z;
206 enum zone_type high_zoneidx = gfp_zone(gfp_mask);
207
208 /*
209 * Reach here only when __GFP_NOFAIL is used. So, we should avoid
210 * to kill current.We have to random task kill in this case.
211 * Hopefully, CONSTRAINT_THISNODE...but no way to handle it, now.
212 */
213 if (gfp_mask & __GFP_THISNODE)
214 return CONSTRAINT_NONE;
215
216 /*
217 * The nodemask here is a nodemask passed to alloc_pages(). Now,
218 * cpuset doesn't use this nodemask for its hardwall/softwall/hierarchy
219 * feature. mempolicy is an only user of nodemask here.
220 * check mempolicy's nodemask contains all N_HIGH_MEMORY
221 */
222 if (nodemask && !nodes_subset(node_states[N_HIGH_MEMORY], *nodemask))
223 return CONSTRAINT_MEMORY_POLICY;
224
225 /* Check this allocation failure is caused by cpuset's wall function */
226 for_each_zone_zonelist_nodemask(zone, z, zonelist,
227 high_zoneidx, nodemask)
228 if (!cpuset_zone_allowed_softwall(zone, gfp_mask))
229 return CONSTRAINT_CPUSET;
230
231 return CONSTRAINT_NONE;
232 }
233 #else
234 static enum oom_constraint constrained_alloc(struct zonelist *zonelist,
235 gfp_t gfp_mask, nodemask_t *nodemask)
236 {
237 return CONSTRAINT_NONE;
238 }
239 #endif
240
241 /*
242 * Simple selection loop. We chose the process with the highest
243 * number of 'points'. We expect the caller will lock the tasklist.
244 *
245 * (not docbooked, we don't want this one cluttering up the manual)
246 */
247 static struct task_struct *select_bad_process(unsigned long *ppoints,
248 struct mem_cgroup *mem)
249 {
250 struct task_struct *p;
251 struct task_struct *chosen = NULL;
252 struct timespec uptime;
253 *ppoints = 0;
254
255 do_posix_clock_monotonic_gettime(&uptime);
256 for_each_process(p) {
257 unsigned long points;
258
259 /* skip tasks that have already released their mm */
260 if (!p->mm)
261 continue;
262 /* skip the init task and kthreads */
263 if (is_global_init(p) || (p->flags & PF_KTHREAD))
264 continue;
265 if (mem && !task_in_mem_cgroup(p, mem))
266 continue;
267
268 /*
269 * This task already has access to memory reserves and is
270 * being killed. Don't allow any other task access to the
271 * memory reserve.
272 *
273 * Note: this may have a chance of deadlock if it gets
274 * blocked waiting for another task which itself is waiting
275 * for memory. Is there a better alternative?
276 */
277 if (test_tsk_thread_flag(p, TIF_MEMDIE))
278 return ERR_PTR(-1UL);
279
280 /*
281 * This is in the process of releasing memory so wait for it
282 * to finish before killing some other task by mistake.
283 *
284 * However, if p is the current task, we allow the 'kill' to
285 * go ahead if it is exiting: this will simply set TIF_MEMDIE,
286 * which will allow it to gain access to memory reserves in
287 * the process of exiting and releasing its resources.
288 * Otherwise we could get an easy OOM deadlock.
289 */
290 if ((p->flags & PF_EXITING) && p->mm) {
291 if (p != current)
292 return ERR_PTR(-1UL);
293
294 chosen = p;
295 *ppoints = ULONG_MAX;
296 }
297
298 if (p->signal->oom_adj == OOM_DISABLE)
299 continue;
300
301 points = badness(p, uptime.tv_sec);
302 if (points > *ppoints || !chosen) {
303 chosen = p;
304 *ppoints = points;
305 }
306 }
307
308 return chosen;
309 }
310
311 /**
312 * dump_tasks - dump current memory state of all system tasks
313 * @mem: target memory controller
314 *
315 * Dumps the current memory state of all system tasks, excluding kernel threads.
316 * State information includes task's pid, uid, tgid, vm size, rss, cpu, oom_adj
317 * score, and name.
318 *
319 * If the actual is non-NULL, only tasks that are a member of the mem_cgroup are
320 * shown.
321 *
322 * Call with tasklist_lock read-locked.
323 */
324 static void dump_tasks(const struct mem_cgroup *mem)
325 {
326 struct task_struct *g, *p;
327
328 printk(KERN_INFO "[ pid ] uid tgid total_vm rss cpu oom_adj "
329 "name\n");
330 do_each_thread(g, p) {
331 struct mm_struct *mm;
332
333 if (mem && !task_in_mem_cgroup(p, mem))
334 continue;
335 if (!thread_group_leader(p))
336 continue;
337
338 task_lock(p);
339 mm = p->mm;
340 if (!mm) {
341 /*
342 * total_vm and rss sizes do not exist for tasks with no
343 * mm so there's no need to report them; they can't be
344 * oom killed anyway.
345 */
346 task_unlock(p);
347 continue;
348 }
349 printk(KERN_INFO "[%5d] %5d %5d %8lu %8lu %3d %3d %s\n",
350 p->pid, __task_cred(p)->uid, p->tgid, mm->total_vm,
351 get_mm_rss(mm), (int)task_cpu(p), p->signal->oom_adj,
352 p->comm);
353 task_unlock(p);
354 } while_each_thread(g, p);
355 }
356
357 static void dump_header(struct task_struct *p, gfp_t gfp_mask, int order,
358 struct mem_cgroup *mem)
359 {
360 pr_warning("%s invoked oom-killer: gfp_mask=0x%x, order=%d, "
361 "oom_adj=%d\n",
362 current->comm, gfp_mask, order, current->signal->oom_adj);
363 task_lock(current);
364 cpuset_print_task_mems_allowed(current);
365 task_unlock(current);
366 dump_stack();
367 mem_cgroup_print_oom_info(mem, p);
368 show_mem();
369 if (sysctl_oom_dump_tasks)
370 dump_tasks(mem);
371 }
372
373 #define K(x) ((x) << (PAGE_SHIFT-10))
374
375 /*
376 * Send SIGKILL to the selected process irrespective of CAP_SYS_RAW_IO
377 * flag though it's unlikely that we select a process with CAP_SYS_RAW_IO
378 * set.
379 */
380 static void __oom_kill_task(struct task_struct *p, int verbose)
381 {
382 if (is_global_init(p)) {
383 WARN_ON(1);
384 printk(KERN_WARNING "tried to kill init!\n");
385 return;
386 }
387
388 task_lock(p);
389 if (!p->mm) {
390 WARN_ON(1);
391 printk(KERN_WARNING "tried to kill an mm-less task %d (%s)!\n",
392 task_pid_nr(p), p->comm);
393 task_unlock(p);
394 return;
395 }
396
397 if (verbose)
398 printk(KERN_ERR "Killed process %d (%s) "
399 "vsz:%lukB, anon-rss:%lukB, file-rss:%lukB\n",
400 task_pid_nr(p), p->comm,
401 K(p->mm->total_vm),
402 K(get_mm_counter(p->mm, MM_ANONPAGES)),
403 K(get_mm_counter(p->mm, MM_FILEPAGES)));
404 task_unlock(p);
405
406 /*
407 * We give our sacrificial lamb high priority and access to
408 * all the memory it needs. That way it should be able to
409 * exit() and clear out its resources quickly...
410 */
411 p->rt.time_slice = HZ;
412 set_tsk_thread_flag(p, TIF_MEMDIE);
413
414 force_sig(SIGKILL, p);
415 }
416
417 static int oom_kill_task(struct task_struct *p)
418 {
419 /* WARNING: mm may not be dereferenced since we did not obtain its
420 * value from get_task_mm(p). This is OK since all we need to do is
421 * compare mm to q->mm below.
422 *
423 * Furthermore, even if mm contains a non-NULL value, p->mm may
424 * change to NULL at any time since we do not hold task_lock(p).
425 * However, this is of no concern to us.
426 */
427 if (!p->mm || p->signal->oom_adj == OOM_DISABLE)
428 return 1;
429
430 __oom_kill_task(p, 1);
431
432 return 0;
433 }
434
435 static int oom_kill_process(struct task_struct *p, gfp_t gfp_mask, int order,
436 unsigned long points, struct mem_cgroup *mem,
437 const char *message)
438 {
439 struct task_struct *c;
440
441 if (printk_ratelimit())
442 dump_header(p, gfp_mask, order, mem);
443
444 /*
445 * If the task is already exiting, don't alarm the sysadmin or kill
446 * its children or threads, just set TIF_MEMDIE so it can die quickly
447 */
448 if (p->flags & PF_EXITING) {
449 __oom_kill_task(p, 0);
450 return 0;
451 }
452
453 printk(KERN_ERR "%s: kill process %d (%s) score %li or a child\n",
454 message, task_pid_nr(p), p->comm, points);
455
456 /* Try to kill a child first */
457 list_for_each_entry(c, &p->children, sibling) {
458 if (c->mm == p->mm)
459 continue;
460 if (mem && !task_in_mem_cgroup(c, mem))
461 continue;
462 if (!oom_kill_task(c))
463 return 0;
464 }
465 return oom_kill_task(p);
466 }
467
468 #ifdef CONFIG_CGROUP_MEM_RES_CTLR
469 void mem_cgroup_out_of_memory(struct mem_cgroup *mem, gfp_t gfp_mask)
470 {
471 unsigned long points = 0;
472 struct task_struct *p;
473
474 if (sysctl_panic_on_oom == 2)
475 panic("out of memory(memcg). panic_on_oom is selected.\n");
476 read_lock(&tasklist_lock);
477 retry:
478 p = select_bad_process(&points, mem);
479 if (!p || PTR_ERR(p) == -1UL)
480 goto out;
481
482 if (oom_kill_process(p, gfp_mask, 0, points, mem,
483 "Memory cgroup out of memory"))
484 goto retry;
485 out:
486 read_unlock(&tasklist_lock);
487 }
488 #endif
489
490 static BLOCKING_NOTIFIER_HEAD(oom_notify_list);
491
492 int register_oom_notifier(struct notifier_block *nb)
493 {
494 return blocking_notifier_chain_register(&oom_notify_list, nb);
495 }
496 EXPORT_SYMBOL_GPL(register_oom_notifier);
497
498 int unregister_oom_notifier(struct notifier_block *nb)
499 {
500 return blocking_notifier_chain_unregister(&oom_notify_list, nb);
501 }
502 EXPORT_SYMBOL_GPL(unregister_oom_notifier);
503
504 /*
505 * Try to acquire the OOM killer lock for the zones in zonelist. Returns zero
506 * if a parallel OOM killing is already taking place that includes a zone in
507 * the zonelist. Otherwise, locks all zones in the zonelist and returns 1.
508 */
509 int try_set_zone_oom(struct zonelist *zonelist, gfp_t gfp_mask)
510 {
511 struct zoneref *z;
512 struct zone *zone;
513 int ret = 1;
514
515 spin_lock(&zone_scan_lock);
516 for_each_zone_zonelist(zone, z, zonelist, gfp_zone(gfp_mask)) {
517 if (zone_is_oom_locked(zone)) {
518 ret = 0;
519 goto out;
520 }
521 }
522
523 for_each_zone_zonelist(zone, z, zonelist, gfp_zone(gfp_mask)) {
524 /*
525 * Lock each zone in the zonelist under zone_scan_lock so a
526 * parallel invocation of try_set_zone_oom() doesn't succeed
527 * when it shouldn't.
528 */
529 zone_set_flag(zone, ZONE_OOM_LOCKED);
530 }
531
532 out:
533 spin_unlock(&zone_scan_lock);
534 return ret;
535 }
536
537 /*
538 * Clears the ZONE_OOM_LOCKED flag for all zones in the zonelist so that failed
539 * allocation attempts with zonelists containing them may now recall the OOM
540 * killer, if necessary.
541 */
542 void clear_zonelist_oom(struct zonelist *zonelist, gfp_t gfp_mask)
543 {
544 struct zoneref *z;
545 struct zone *zone;
546
547 spin_lock(&zone_scan_lock);
548 for_each_zone_zonelist(zone, z, zonelist, gfp_zone(gfp_mask)) {
549 zone_clear_flag(zone, ZONE_OOM_LOCKED);
550 }
551 spin_unlock(&zone_scan_lock);
552 }
553
554 /*
555 * Must be called with tasklist_lock held for read.
556 */
557 static void __out_of_memory(gfp_t gfp_mask, int order)
558 {
559 struct task_struct *p;
560 unsigned long points;
561
562 if (sysctl_oom_kill_allocating_task)
563 if (!oom_kill_process(current, gfp_mask, order, 0, NULL,
564 "Out of memory (oom_kill_allocating_task)"))
565 return;
566 retry:
567 /*
568 * Rambo mode: Shoot down a process and hope it solves whatever
569 * issues we may have.
570 */
571 p = select_bad_process(&points, NULL);
572
573 if (PTR_ERR(p) == -1UL)
574 return;
575
576 /* Found nothing?!?! Either we hang forever, or we panic. */
577 if (!p) {
578 read_unlock(&tasklist_lock);
579 dump_header(NULL, gfp_mask, order, NULL);
580 panic("Out of memory and no killable processes...\n");
581 }
582
583 if (oom_kill_process(p, gfp_mask, order, points, NULL,
584 "Out of memory"))
585 goto retry;
586 }
587
588 /*
589 * pagefault handler calls into here because it is out of memory but
590 * doesn't know exactly how or why.
591 */
592 void pagefault_out_of_memory(void)
593 {
594 unsigned long freed = 0;
595
596 blocking_notifier_call_chain(&oom_notify_list, 0, &freed);
597 if (freed > 0)
598 /* Got some memory back in the last second. */
599 return;
600
601 if (sysctl_panic_on_oom)
602 panic("out of memory from page fault. panic_on_oom is selected.\n");
603
604 read_lock(&tasklist_lock);
605 __out_of_memory(0, 0); /* unknown gfp_mask and order */
606 read_unlock(&tasklist_lock);
607
608 /*
609 * Give "p" a good chance of killing itself before we
610 * retry to allocate memory.
611 */
612 if (!test_thread_flag(TIF_MEMDIE))
613 schedule_timeout_uninterruptible(1);
614 }
615
616 /**
617 * out_of_memory - kill the "best" process when we run out of memory
618 * @zonelist: zonelist pointer
619 * @gfp_mask: memory allocation flags
620 * @order: amount of memory being requested as a power of 2
621 *
622 * If we run out of memory, we have the choice between either
623 * killing a random task (bad), letting the system crash (worse)
624 * OR try to be smart about which process to kill. Note that we
625 * don't have to be perfect here, we just have to be good.
626 */
627 void out_of_memory(struct zonelist *zonelist, gfp_t gfp_mask,
628 int order, nodemask_t *nodemask)
629 {
630 unsigned long freed = 0;
631 enum oom_constraint constraint;
632
633 blocking_notifier_call_chain(&oom_notify_list, 0, &freed);
634 if (freed > 0)
635 /* Got some memory back in the last second. */
636 return;
637
638 if (sysctl_panic_on_oom == 2) {
639 dump_header(NULL, gfp_mask, order, NULL);
640 panic("out of memory. Compulsory panic_on_oom is selected.\n");
641 }
642
643 /*
644 * Check if there were limitations on the allocation (only relevant for
645 * NUMA) that may require different handling.
646 */
647 constraint = constrained_alloc(zonelist, gfp_mask, nodemask);
648 read_lock(&tasklist_lock);
649
650 switch (constraint) {
651 case CONSTRAINT_MEMORY_POLICY:
652 oom_kill_process(current, gfp_mask, order, 0, NULL,
653 "No available memory (MPOL_BIND)");
654 break;
655
656 case CONSTRAINT_NONE:
657 if (sysctl_panic_on_oom) {
658 dump_header(NULL, gfp_mask, order, NULL);
659 panic("out of memory. panic_on_oom is selected\n");
660 }
661 /* Fall-through */
662 case CONSTRAINT_CPUSET:
663 __out_of_memory(gfp_mask, order);
664 break;
665 }
666
667 read_unlock(&tasklist_lock);
668
669 /*
670 * Give "p" a good chance of killing itself before we
671 * retry to allocate memory unless "p" is current
672 */
673 if (!test_thread_flag(TIF_MEMDIE))
674 schedule_timeout_uninterruptible(1);
675 }
Linux kernel - Deliverables
This page took 0.055673 seconds and 6 git commands to generate.