xref: /linux/mm/oom_kill.c (revision d8327c784b51b57dac2c26cfad87dce0d68dfd98) 
1 /*
2  *  linux/mm/oom_kill.c
3  *
4  *  Copyright (C)  1998,2000  Rik van Riel
5  *	Thanks go out to Claus Fischer for some serious inspiration and
6  *	for goading me into coding this file...
7  *
8  *  The routines in this file are used to kill a process when
9  *  we're seriously out of memory. This gets called from __alloc_pages()
10  *  in mm/page_alloc.c when we really run out of memory.
11  *
12  *  Since we won't call these routines often (on a well-configured
13  *  machine) this file will double as a 'coding guide' and a signpost
14  *  for newbie kernel hackers. It features several pointers to major
15  *  kernel subsystems and hints as to where to find out what things do.
16  */
17 
18 #include <linux/mm.h>
19 #include <linux/sched.h>
20 #include <linux/swap.h>
21 #include <linux/timex.h>
22 #include <linux/jiffies.h>
23 #include <linux/cpuset.h>
24 
25 /* #define DEBUG */
26 
27 /**
28  * oom_badness - calculate a numeric value for how bad this task has been
29  * @p: task struct of which task we should calculate
30  * @uptime: current uptime in seconds
31  *
32  * The formula used is relatively simple and documented inline in the
33  * function. The main rationale is that we want to select a good task
34  * to kill when we run out of memory.
35  *
36  * Good in this context means that:
37  * 1) we lose the minimum amount of work done
38  * 2) we recover a large amount of memory
39  * 3) we don't kill anything innocent of eating tons of memory
40  * 4) we want to kill the minimum amount of processes (one)
41  * 5) we try to kill the process the user expects us to kill, this
42  *    algorithm has been meticulously tuned to meet the principle
43  *    of least surprise ... (be careful when you change it)
44  */
45 
46 unsigned long badness(struct task_struct *p, unsigned long uptime)
47 {
48 	unsigned long points, cpu_time, run_time, s;
49 	struct list_head *tsk;
50 
51 	if (!p->mm)
52 		return 0;
53 
54 	/*
55 	 * The memory size of the process is the basis for the badness.
56 	 */
57 	points = p->mm->total_vm;
58 
59 	/*
60 	 * Processes which fork a lot of child processes are likely
61 	 * a good choice. We add half the vmsize of the children if they
62 	 * have an own mm. This prevents forking servers to flood the
63 	 * machine with an endless amount of children. In case a single
64 	 * child is eating the vast majority of memory, adding only half
65 	 * to the parents will make the child our kill candidate of choice.
66 	 */
67 	list_for_each(tsk, &p->children) {
68 		struct task_struct *chld;
69 		chld = list_entry(tsk, struct task_struct, sibling);
70 		if (chld->mm != p->mm && chld->mm)
71 			points += chld->mm->total_vm/2 + 1;
72 	}
73 
74 	/*
75 	 * CPU time is in tens of seconds and run time is in thousands
76          * of seconds. There is no particular reason for this other than
77          * that it turned out to work very well in practice.
78 	 */
79 	cpu_time = (cputime_to_jiffies(p->utime) + cputime_to_jiffies(p->stime))
80 		>> (SHIFT_HZ + 3);
81 
82 	if (uptime >= p->start_time.tv_sec)
83 		run_time = (uptime - p->start_time.tv_sec) >> 10;
84 	else
85 		run_time = 0;
86 
87 	s = int_sqrt(cpu_time);
88 	if (s)
89 		points /= s;
90 	s = int_sqrt(int_sqrt(run_time));
91 	if (s)
92 		points /= s;
93 
94 	/*
95 	 * Niced processes are most likely less important, so double
96 	 * their badness points.
97 	 */
98 	if (task_nice(p) > 0)
99 		points *= 2;
100 
101 	/*
102 	 * Superuser processes are usually more important, so we make it
103 	 * less likely that we kill those.
104 	 */
105 	if (cap_t(p->cap_effective) & CAP_TO_MASK(CAP_SYS_ADMIN) ||
106 				p->uid == 0 || p->euid == 0)
107 		points /= 4;
108 
109 	/*
110 	 * We don't want to kill a process with direct hardware access.
111 	 * Not only could that mess up the hardware, but usually users
112 	 * tend to only have this flag set on applications they think
113 	 * of as important.
114 	 */
115 	if (cap_t(p->cap_effective) & CAP_TO_MASK(CAP_SYS_RAWIO))
116 		points /= 4;
117 
118 	/*
119 	 * Adjust the score by oomkilladj.
120 	 */
121 	if (p->oomkilladj) {
122 		if (p->oomkilladj > 0)
123 			points <<= p->oomkilladj;
124 		else
125 			points >>= -(p->oomkilladj);
126 	}
127 
128 #ifdef DEBUG
129 	printk(KERN_DEBUG "OOMkill: task %d (%s) got %d points\n",
130 	p->pid, p->comm, points);
131 #endif
132 	return points;
133 }
134 
135 /*
136  * Types of limitations to the nodes from which allocations may occur
137  */
138 #define CONSTRAINT_NONE 1
139 #define CONSTRAINT_MEMORY_POLICY 2
140 #define CONSTRAINT_CPUSET 3
141 
142 /*
143  * Determine the type of allocation constraint.
144  */
145 static inline int constrained_alloc(struct zonelist *zonelist, gfp_t gfp_mask)
146 {
147 #ifdef CONFIG_NUMA
148 	struct zone **z;
149 	nodemask_t nodes = node_online_map;
150 
151 	for (z = zonelist->zones; *z; z++)
152 		if (cpuset_zone_allowed(*z, gfp_mask))
153 			node_clear((*z)->zone_pgdat->node_id,
154 					nodes);
155 		else
156 			return CONSTRAINT_CPUSET;
157 
158 	if (!nodes_empty(nodes))
159 		return CONSTRAINT_MEMORY_POLICY;
160 #endif
161 
162 	return CONSTRAINT_NONE;
163 }
164 
165 /*
166  * Simple selection loop. We chose the process with the highest
167  * number of 'points'. We expect the caller will lock the tasklist.
168  *
169  * (not docbooked, we don't want this one cluttering up the manual)
170  */
171 static struct task_struct *select_bad_process(unsigned long *ppoints)
172 {
173 	struct task_struct *g, *p;
174 	struct task_struct *chosen = NULL;
175 	struct timespec uptime;
176 	*ppoints = 0;
177 
178 	do_posix_clock_monotonic_gettime(&uptime);
179 	do_each_thread(g, p) {
180 		unsigned long points;
181 		int releasing;
182 
183 		/* skip the init task with pid == 1 */
184 		if (p->pid == 1)
185 			continue;
186 		if (p->oomkilladj == OOM_DISABLE)
187 			continue;
188 		/* If p's nodes don't overlap ours, it won't help to kill p. */
189 		if (!cpuset_excl_nodes_overlap(p))
190 			continue;
191 
192 		/*
193 		 * This is in the process of releasing memory so for wait it
194 		 * to finish before killing some other task by mistake.
195 		 */
196 		releasing = test_tsk_thread_flag(p, TIF_MEMDIE) ||
197 						p->flags & PF_EXITING;
198 		if (releasing && !(p->flags & PF_DEAD))
199 			return ERR_PTR(-1UL);
200 		if (p->flags & PF_SWAPOFF)
201 			return p;
202 
203 		points = badness(p, uptime.tv_sec);
204 		if (points > *ppoints || !chosen) {
205 			chosen = p;
206 			*ppoints = points;
207 		}
208 	} while_each_thread(g, p);
209 	return chosen;
210 }
211 
212 /**
213  * We must be careful though to never send SIGKILL a process with
214  * CAP_SYS_RAW_IO set, send SIGTERM instead (but it's unlikely that
215  * we select a process with CAP_SYS_RAW_IO set).
216  */
217 static void __oom_kill_task(task_t *p, const char *message)
218 {
219 	if (p->pid == 1) {
220 		WARN_ON(1);
221 		printk(KERN_WARNING "tried to kill init!\n");
222 		return;
223 	}
224 
225 	task_lock(p);
226 	if (!p->mm || p->mm == &init_mm) {
227 		WARN_ON(1);
228 		printk(KERN_WARNING "tried to kill an mm-less task!\n");
229 		task_unlock(p);
230 		return;
231 	}
232 	task_unlock(p);
233 	printk(KERN_ERR "%s: Killed process %d (%s).\n",
234 				message, p->pid, p->comm);
235 
236 	/*
237 	 * We give our sacrificial lamb high priority and access to
238 	 * all the memory it needs. That way it should be able to
239 	 * exit() and clear out its resources quickly...
240 	 */
241 	p->time_slice = HZ;
242 	set_tsk_thread_flag(p, TIF_MEMDIE);
243 
244 	force_sig(SIGKILL, p);
245 }
246 
247 static struct mm_struct *oom_kill_task(task_t *p, const char *message)
248 {
249 	struct mm_struct *mm = get_task_mm(p);
250 	task_t * g, * q;
251 
252 	if (!mm)
253 		return NULL;
254 	if (mm == &init_mm) {
255 		mmput(mm);
256 		return NULL;
257 	}
258 
259 	__oom_kill_task(p, message);
260 	/*
261 	 * kill all processes that share the ->mm (i.e. all threads),
262 	 * but are in a different thread group
263 	 */
264 	do_each_thread(g, q)
265 		if (q->mm == mm && q->tgid != p->tgid)
266 			__oom_kill_task(q, message);
267 	while_each_thread(g, q);
268 
269 	return mm;
270 }
271 
272 static struct mm_struct *oom_kill_process(struct task_struct *p,
273 				unsigned long points, const char *message)
274 {
275  	struct mm_struct *mm;
276 	struct task_struct *c;
277 	struct list_head *tsk;
278 
279 	printk(KERN_ERR "Out of Memory: Kill process %d (%s) score %li and "
280 		"children.\n", p->pid, p->comm, points);
281 	/* Try to kill a child first */
282 	list_for_each(tsk, &p->children) {
283 		c = list_entry(tsk, struct task_struct, sibling);
284 		if (c->mm == p->mm)
285 			continue;
286 		mm = oom_kill_task(c, message);
287 		if (mm)
288 			return mm;
289 	}
290 	return oom_kill_task(p, message);
291 }
292 
293 /**
294  * oom_kill - kill the "best" process when we run out of memory
295  *
296  * If we run out of memory, we have the choice between either
297  * killing a random task (bad), letting the system crash (worse)
298  * OR try to be smart about which process to kill. Note that we
299  * don't have to be perfect here, we just have to be good.
300  */
301 void out_of_memory(struct zonelist *zonelist, gfp_t gfp_mask, int order)
302 {
303 	struct mm_struct *mm = NULL;
304 	task_t *p;
305 	unsigned long points = 0;
306 
307 	if (printk_ratelimit()) {
308 		printk("oom-killer: gfp_mask=0x%x, order=%d\n",
309 			gfp_mask, order);
310 		dump_stack();
311 		show_mem();
312 	}
313 
314 	cpuset_lock();
315 	read_lock(&tasklist_lock);
316 
317 	/*
318 	 * Check if there were limitations on the allocation (only relevant for
319 	 * NUMA) that may require different handling.
320 	 */
321 	switch (constrained_alloc(zonelist, gfp_mask)) {
322 	case CONSTRAINT_MEMORY_POLICY:
323 		mm = oom_kill_process(current, points,
324 				"No available memory (MPOL_BIND)");
325 		break;
326 
327 	case CONSTRAINT_CPUSET:
328 		mm = oom_kill_process(current, points,
329 				"No available memory in cpuset");
330 		break;
331 
332 	case CONSTRAINT_NONE:
333 retry:
334 		/*
335 		 * Rambo mode: Shoot down a process and hope it solves whatever
336 		 * issues we may have.
337 		 */
338 		p = select_bad_process(&points);
339 
340 		if (PTR_ERR(p) == -1UL)
341 			goto out;
342 
343 		/* Found nothing?!?! Either we hang forever, or we panic. */
344 		if (!p) {
345 			read_unlock(&tasklist_lock);
346 			cpuset_unlock();
347 			panic("Out of memory and no killable processes...\n");
348 		}
349 
350 		mm = oom_kill_process(p, points, "Out of memory");
351 		if (!mm)
352 			goto retry;
353 
354 		break;
355 	}
356 
357 out:
358 	read_unlock(&tasklist_lock);
359 	cpuset_unlock();
360 	if (mm)
361 		mmput(mm);
362 
363 	/*
364 	 * Give "p" a good chance of killing itself before we
365 	 * retry to allocate memory unless "p" is current
366 	 */
367 	if (!test_thread_flag(TIF_MEMDIE))
368 		schedule_timeout_uninterruptible(1);
369 }
370