mm/oom_kill.c

   1 /*
   2  *  linux/mm/oom_kill.c
   3  *
   4  *  Copyright (C)  1998,2000  Rik van Riel
   5  *      Thanks go out to Claus Fischer for some serious inspiration and
   6  *      for goading me into coding this file...
   7  *
   8  *  The routines in this file are used to kill a process when
   9  *  we're seriously out of memory. This gets called from __alloc_pages()
  10  *  in mm/page_alloc.c when we really run out of memory.
  11  *
  12  *  Since we won't call these routines often (on a well-configured
  13  *  machine) this file will double as a 'coding guide' and a signpost
  14  *  for newbie kernel hackers. It features several pointers to major
  15  *  kernel subsystems and hints as to where to find out what things do.
  16  */
  17
  18 #include <linux/mm.h>
  19 #include <linux/sched.h>
  20 #include <linux/swap.h>
  21 #include <linux/timex.h>
  22 #include <linux/jiffies.h>
  23 #include <linux/cpuset.h>
  24
  25 /* #define DEBUG */
  26
  27 /**
  28  * oom_badness - calculate a numeric value for how bad this task has been
  29  * @p: task struct of which task we should calculate
  30  * @uptime: current uptime in seconds
  31  *
  32  * The formula used is relatively simple and documented inline in the
  33  * function. The main rationale is that we want to select a good task
  34  * to kill when we run out of memory.
  35  *
  36  * Good in this context means that:
  37  * 1) we lose the minimum amount of work done
  38  * 2) we recover a large amount of memory
  39  * 3) we don't kill anything innocent of eating tons of memory
  40  * 4) we want to kill the minimum amount of processes (one)
  41  * 5) we try to kill the process the user expects us to kill, this
  42  *    algorithm has been meticulously tuned to meet the principle
  43  *    of least surprise ... (be careful when you change it)
  44  */
  45
  46 unsigned long badness(struct task_struct *p, unsigned long uptime)
  47 {
  48         unsigned long points, cpu_time, run_time, s;
  49         struct list_head *tsk;
  50
  51         if (!p->mm)
  52                 return 0;
  53
  54         /*
  55          * The memory size of the process is the basis for the badness.
  56          */
  57         points = p->mm->total_vm;
  58
  59         /*
  60          * Processes which fork a lot of child processes are likely
  61          * a good choice. We add half the vmsize of the children if they
  62          * have an own mm. This prevents forking servers to flood the
  63          * machine with an endless amount of children. In case a single
  64          * child is eating the vast majority of memory, adding only half
  65          * to the parents will make the child our kill candidate of choice.
  66          */
  67         list_for_each(tsk, &p->children) {
  68                 struct task_struct *chld;
  69                 chld = list_entry(tsk, struct task_struct, sibling);
  70                 if (chld->mm != p->mm && chld->mm)
  71                         points += chld->mm->total_vm/2 + 1;
  72         }
  73
  74         /*
  75          * CPU time is in tens of seconds and run time is in thousands
  76          * of seconds. There is no particular reason for this other than
  77          * that it turned out to work very well in practice.
  78          */
  79         cpu_time = (cputime_to_jiffies(p->utime) + cputime_to_jiffies(p->stime))
  80                 >> (SHIFT_HZ + 3);
  81
  82         if (uptime >= p->start_time.tv_sec)
  83                 run_time = (uptime - p->start_time.tv_sec) >> 10;
  84         else
  85                 run_time = 0;
  86
  87         s = int_sqrt(cpu_time);
  88         if (s)
  89                 points /= s;
  90         s = int_sqrt(int_sqrt(run_time));
  91         if (s)
  92                 points /= s;
  93
  94         /*
  95          * Niced processes are most likely less important, so double
  96          * their badness points.
  97          */
  98         if (task_nice(p) > 0)
  99                 points *= 2;
 100
 101         /*
 102          * Superuser processes are usually more important, so we make it
 103          * less likely that we kill those.
 104          */
 105         if (cap_t(p->cap_effective) & CAP_TO_MASK(CAP_SYS_ADMIN) ||
 106                                 p->uid == 0 || p->euid == 0)
 107                 points /= 4;
 108
 109         /*
 110          * We don't want to kill a process with direct hardware access.
 111          * Not only could that mess up the hardware, but usually users
 112          * tend to only have this flag set on applications they think
 113          * of as important.
 114          */
 115         if (cap_t(p->cap_effective) & CAP_TO_MASK(CAP_SYS_RAWIO))
 116                 points /= 4;
 117
 118         /*
 119          * Adjust the score by oomkilladj.
 120          */
 121         if (p->oomkilladj) {
 122                 if (p->oomkilladj > 0)
 123                         points <<= p->oomkilladj;
 124                 else
 125                         points >>= -(p->oomkilladj);
 126         }
 127
 128 #ifdef DEBUG
 129         printk(KERN_DEBUG "OOMkill: task %d (%s) got %d points\n",
 130         p->pid, p->comm, points);
 131 #endif
 132         return points;
 133 }
 134
 135 /*
 136  * Types of limitations to the nodes from which allocations may occur
 137  */
 138 #define CONSTRAINT_NONE 1
 139 #define CONSTRAINT_MEMORY_POLICY 2
 140 #define CONSTRAINT_CPUSET 3
 141
 142 /*
 143  * Determine the type of allocation constraint.
 144  */
 145 static inline int constrained_alloc(struct zonelist *zonelist, gfp_t gfp_mask)
 146 {
 147 #ifdef CONFIG_NUMA
 148         struct zone **z;
 149         nodemask_t nodes = node_online_map;
 150
 151         for (z = zonelist->zones; *z; z++)
 152                 if (cpuset_zone_allowed(*z, gfp_mask))
 153                         node_clear((*z)->zone_pgdat->node_id,
 154                                         nodes);
 155                 else
 156                         return CONSTRAINT_CPUSET;
 157
 158         if (!nodes_empty(nodes))
 159                 return CONSTRAINT_MEMORY_POLICY;
 160 #endif
 161
 162         return CONSTRAINT_NONE;
 163 }
 164
 165 /*
 166  * Simple selection loop. We chose the process with the highest
 167  * number of 'points'. We expect the caller will lock the tasklist.
 168  *
 169  * (not docbooked, we don't want this one cluttering up the manual)
 170  */
 171 static struct task_struct *select_bad_process(unsigned long *ppoints)
 172 {
 173         struct task_struct *g, *p;
 174         struct task_struct *chosen = NULL;
 175         struct timespec uptime;
 176         *ppoints = 0;
 177
 178         do_posix_clock_monotonic_gettime(&uptime);
 179         do_each_thread(g, p) {
 180                 unsigned long points;
 181                 int releasing;
 182
 183                 /* skip the init task with pid == 1 */
 184                 if (p->pid == 1)
 185                         continue;
 186                 if (p->oomkilladj == OOM_DISABLE)
 187                         continue;
 188                 /* If p's nodes don't overlap ours, it won't help to kill p. */
 189                 if (!cpuset_excl_nodes_overlap(p))
 190                         continue;
 191
 192                 /*
 193                  * This is in the process of releasing memory so for wait it
 194                  * to finish before killing some other task by mistake.
 195                  */
 196                 releasing = test_tsk_thread_flag(p, TIF_MEMDIE) ||
 197                                                 p->flags & PF_EXITING;
 198                 if (releasing && !(p->flags & PF_DEAD))
 199                         return ERR_PTR(-1UL);
 200                 if (p->flags & PF_SWAPOFF)
 201                         return p;
 202
 203                 points = badness(p, uptime.tv_sec);
 204                 if (points > *ppoints || !chosen) {
 205                         chosen = p;
 206                         *ppoints = points;
 207                 }
 208         } while_each_thread(g, p);
 209         return chosen;
 210 }
 211
 212 /**
 213  * We must be careful though to never send SIGKILL a process with
 214  * CAP_SYS_RAW_IO set, send SIGTERM instead (but it's unlikely that
 215  * we select a process with CAP_SYS_RAW_IO set).
 216  */
 217 static void __oom_kill_task(task_t *p, const char *message)
 218 {
 219         if (p->pid == 1) {
 220                 WARN_ON(1);
 221                 printk(KERN_WARNING "tried to kill init!\n");
 222                 return;
 223         }
 224
 225         task_lock(p);
 226         if (!p->mm || p->mm == &init_mm) {
 227                 WARN_ON(1);
 228                 printk(KERN_WARNING "tried to kill an mm-less task!\n");
 229                 task_unlock(p);
 230                 return;
 231         }
 232         task_unlock(p);
 233         printk(KERN_ERR "%s: Killed process %d (%s).\n",
 234                                 message, p->pid, p->comm);
 235
 236         /*
 237          * We give our sacrificial lamb high priority and access to
 238          * all the memory it needs. That way it should be able to
 239          * exit() and clear out its resources quickly...
 240          */
 241         p->time_slice = HZ;
 242         set_tsk_thread_flag(p, TIF_MEMDIE);
 243
 244         force_sig(SIGKILL, p);
 245 }
 246
 247 static struct mm_struct *oom_kill_task(task_t *p, const char *message)
 248 {
 249         struct mm_struct *mm = get_task_mm(p);
 250         task_t * g, * q;
 251
 252         if (!mm)
 253                 return NULL;
 254         if (mm == &init_mm) {
 255                 mmput(mm);
 256                 return NULL;
 257         }
 258
 259         __oom_kill_task(p, message);
 260         /*
 261          * kill all processes that share the ->mm (i.e. all threads),
 262          * but are in a different thread group
 263          */
 264         do_each_thread(g, q)
 265                 if (q->mm == mm && q->tgid != p->tgid)
 266                         __oom_kill_task(q, message);
 267         while_each_thread(g, q);
 268
 269         return mm;
 270 }
 271
 272 static struct mm_struct *oom_kill_process(struct task_struct *p,
 273                                 unsigned long points, const char *message)
 274 {
 275         struct mm_struct *mm;
 276         struct task_struct *c;
 277         struct list_head *tsk;
 278
 279         printk(KERN_ERR "Out of Memory: Kill process %d (%s) score %li and "
 280                 "children.\n", p->pid, p->comm, points);
 281         /* Try to kill a child first */
 282         list_for_each(tsk, &p->children) {
 283                 c = list_entry(tsk, struct task_struct, sibling);
 284                 if (c->mm == p->mm)
 285                         continue;
 286                 mm = oom_kill_task(c, message);
 287                 if (mm)
 288                         return mm;
 289         }
 290         return oom_kill_task(p, message);
 291 }
 292
 293 /**
 294  * oom_kill - kill the "best" process when we run out of memory
 295  *
 296  * If we run out of memory, we have the choice between either
 297  * killing a random task (bad), letting the system crash (worse)
 298  * OR try to be smart about which process to kill. Note that we
 299  * don't have to be perfect here, we just have to be good.
 300  */
 301 void out_of_memory(struct zonelist *zonelist, gfp_t gfp_mask, int order)
 302 {
 303         struct mm_struct *mm = NULL;
 304         task_t *p;
 305         unsigned long points = 0;
 306
 307         if (printk_ratelimit()) {
 308                 printk("oom-killer: gfp_mask=0x%x, order=%d\n",
 309                         gfp_mask, order);
 310                 dump_stack();
 311                 show_mem();
 312         }
 313
 314         cpuset_lock();
 315         read_lock(&tasklist_lock);
 316
 317         /*
 318          * Check if there were limitations on the allocation (only relevant for
 319          * NUMA) that may require different handling.
 320          */
 321         switch (constrained_alloc(zonelist, gfp_mask)) {
 322         case CONSTRAINT_MEMORY_POLICY:
 323                 mm = oom_kill_process(current, points,
 324                                 "No available memory (MPOL_BIND)");
 325                 break;
 326
 327         case CONSTRAINT_CPUSET:
 328                 mm = oom_kill_process(current, points,
 329                                 "No available memory in cpuset");
 330                 break;
 331
 332         case CONSTRAINT_NONE:
 333 retry:
 334                 /*
 335                  * Rambo mode: Shoot down a process and hope it solves whatever
 336                  * issues we may have.
 337                  */
 338                 p = select_bad_process(&points);
 339
 340                 if (PTR_ERR(p) == -1UL)
 341                         goto out;
 342
 343                 /* Found nothing?!?! Either we hang forever, or we panic. */
 344                 if (!p) {
 345                         read_unlock(&tasklist_lock);
 346                         cpuset_unlock();
 347                         panic("Out of memory and no killable processes...\n");
 348                 }
 349
 350                 mm = oom_kill_process(p, points, "Out of memory");
 351                 if (!mm)
 352                         goto retry;
 353
 354                 break;
 355         }
 356
 357 out:
 358         read_unlock(&tasklist_lock);
 359         cpuset_unlock();
 360         if (mm)
 361                 mmput(mm);
 362
 363         /*
 364          * Give "p" a good chance of killing itself before we
 365          * retry to allocate memory unless "p" is current
 366          */
 367         if (!test_thread_flag(TIF_MEMDIE))
 368                 schedule_timeout_uninterruptible(1);
 369 }