1 /* 2 * linux/mm/oom_kill.c 3 * 4 * Copyright (C) 1998,2000 Rik van Riel 5 * Thanks go out to Claus Fischer for some serious inspiration and 6 * for goading me into coding this file... 7 * 8 * The routines in this file are used to kill a process when 9 * we're seriously out of memory. This gets called from __alloc_pages() 10 * in mm/page_alloc.c when we really run out of memory. 11 * 12 * Since we won't call these routines often (on a well-configured 13 * machine) this file will double as a 'coding guide' and a signpost 14 * for newbie kernel hackers. It features several pointers to major 15 * kernel subsystems and hints as to where to find out what things do. 16 */ 17 18 #include <linux/mm.h> 19 #include <linux/sched.h> 20 #include <linux/swap.h> 21 #include <linux/timex.h> 22 #include <linux/jiffies.h> 23 #include <linux/cpuset.h> 24 25 /* #define DEBUG */ 26 27 /** 28 * oom_badness - calculate a numeric value for how bad this task has been 29 * @p: task struct of which task we should calculate 30 * @uptime: current uptime in seconds 31 * 32 * The formula used is relatively simple and documented inline in the 33 * function. The main rationale is that we want to select a good task 34 * to kill when we run out of memory. 35 * 36 * Good in this context means that: 37 * 1) we lose the minimum amount of work done 38 * 2) we recover a large amount of memory 39 * 3) we don't kill anything innocent of eating tons of memory 40 * 4) we want to kill the minimum amount of processes (one) 41 * 5) we try to kill the process the user expects us to kill, this 42 * algorithm has been meticulously tuned to meet the principle 43 * of least surprise ... (be careful when you change it) 44 */ 45 46 unsigned long badness(struct task_struct *p, unsigned long uptime) 47 { 48 unsigned long points, cpu_time, run_time, s; 49 struct mm_struct *mm; 50 struct task_struct *child; 51 52 task_lock(p); 53 mm = p->mm; 54 if (!mm) { 55 task_unlock(p); 56 return 0; 57 } 58 59 /* 60 * The memory size of the process is the basis for the badness. 61 */ 62 points = mm->total_vm; 63 64 /* 65 * After this unlock we can no longer dereference local variable `mm' 66 */ 67 task_unlock(p); 68 69 /* 70 * Processes which fork a lot of child processes are likely 71 * a good choice. We add half the vmsize of the children if they 72 * have an own mm. This prevents forking servers to flood the 73 * machine with an endless amount of children. In case a single 74 * child is eating the vast majority of memory, adding only half 75 * to the parents will make the child our kill candidate of choice. 76 */ 77 list_for_each_entry(child, &p->children, sibling) { 78 task_lock(child); 79 if (child->mm != mm && child->mm) 80 points += child->mm->total_vm/2 + 1; 81 task_unlock(child); 82 } 83 84 /* 85 * CPU time is in tens of seconds and run time is in thousands 86 * of seconds. There is no particular reason for this other than 87 * that it turned out to work very well in practice. 88 */ 89 cpu_time = (cputime_to_jiffies(p->utime) + cputime_to_jiffies(p->stime)) 90 >> (SHIFT_HZ + 3); 91 92 if (uptime >= p->start_time.tv_sec) 93 run_time = (uptime - p->start_time.tv_sec) >> 10; 94 else 95 run_time = 0; 96 97 s = int_sqrt(cpu_time); 98 if (s) 99 points /= s; 100 s = int_sqrt(int_sqrt(run_time)); 101 if (s) 102 points /= s; 103 104 /* 105 * Niced processes are most likely less important, so double 106 * their badness points. 107 */ 108 if (task_nice(p) > 0) 109 points *= 2; 110 111 /* 112 * Superuser processes are usually more important, so we make it 113 * less likely that we kill those. 114 */ 115 if (cap_t(p->cap_effective) & CAP_TO_MASK(CAP_SYS_ADMIN) || 116 p->uid == 0 || p->euid == 0) 117 points /= 4; 118 119 /* 120 * We don't want to kill a process with direct hardware access. 121 * Not only could that mess up the hardware, but usually users 122 * tend to only have this flag set on applications they think 123 * of as important. 124 */ 125 if (cap_t(p->cap_effective) & CAP_TO_MASK(CAP_SYS_RAWIO)) 126 points /= 4; 127 128 /* 129 * Adjust the score by oomkilladj. 130 */ 131 if (p->oomkilladj) { 132 if (p->oomkilladj > 0) 133 points <<= p->oomkilladj; 134 else 135 points >>= -(p->oomkilladj); 136 } 137 138 #ifdef DEBUG 139 printk(KERN_DEBUG "OOMkill: task %d (%s) got %d points\n", 140 p->pid, p->comm, points); 141 #endif 142 return points; 143 } 144 145 /* 146 * Types of limitations to the nodes from which allocations may occur 147 */ 148 #define CONSTRAINT_NONE 1 149 #define CONSTRAINT_MEMORY_POLICY 2 150 #define CONSTRAINT_CPUSET 3 151 152 /* 153 * Determine the type of allocation constraint. 154 */ 155 static inline int constrained_alloc(struct zonelist *zonelist, gfp_t gfp_mask) 156 { 157 #ifdef CONFIG_NUMA 158 struct zone **z; 159 nodemask_t nodes = node_online_map; 160 161 for (z = zonelist->zones; *z; z++) 162 if (cpuset_zone_allowed(*z, gfp_mask)) 163 node_clear((*z)->zone_pgdat->node_id, 164 nodes); 165 else 166 return CONSTRAINT_CPUSET; 167 168 if (!nodes_empty(nodes)) 169 return CONSTRAINT_MEMORY_POLICY; 170 #endif 171 172 return CONSTRAINT_NONE; 173 } 174 175 /* 176 * Simple selection loop. We chose the process with the highest 177 * number of 'points'. We expect the caller will lock the tasklist. 178 * 179 * (not docbooked, we don't want this one cluttering up the manual) 180 */ 181 static struct task_struct *select_bad_process(unsigned long *ppoints) 182 { 183 struct task_struct *g, *p; 184 struct task_struct *chosen = NULL; 185 struct timespec uptime; 186 *ppoints = 0; 187 188 do_posix_clock_monotonic_gettime(&uptime); 189 do_each_thread(g, p) { 190 unsigned long points; 191 int releasing; 192 193 /* skip the init task with pid == 1 */ 194 if (p->pid == 1) 195 continue; 196 if (p->oomkilladj == OOM_DISABLE) 197 continue; 198 /* If p's nodes don't overlap ours, it won't help to kill p. */ 199 if (!cpuset_excl_nodes_overlap(p)) 200 continue; 201 202 /* 203 * This is in the process of releasing memory so for wait it 204 * to finish before killing some other task by mistake. 205 */ 206 releasing = test_tsk_thread_flag(p, TIF_MEMDIE) || 207 p->flags & PF_EXITING; 208 if (releasing && !(p->flags & PF_DEAD)) 209 return ERR_PTR(-1UL); 210 if (p->flags & PF_SWAPOFF) 211 return p; 212 213 points = badness(p, uptime.tv_sec); 214 if (points > *ppoints || !chosen) { 215 chosen = p; 216 *ppoints = points; 217 } 218 } while_each_thread(g, p); 219 return chosen; 220 } 221 222 /** 223 * We must be careful though to never send SIGKILL a process with 224 * CAP_SYS_RAW_IO set, send SIGTERM instead (but it's unlikely that 225 * we select a process with CAP_SYS_RAW_IO set). 226 */ 227 static void __oom_kill_task(task_t *p, const char *message) 228 { 229 if (p->pid == 1) { 230 WARN_ON(1); 231 printk(KERN_WARNING "tried to kill init!\n"); 232 return; 233 } 234 235 task_lock(p); 236 if (!p->mm || p->mm == &init_mm) { 237 WARN_ON(1); 238 printk(KERN_WARNING "tried to kill an mm-less task!\n"); 239 task_unlock(p); 240 return; 241 } 242 task_unlock(p); 243 printk(KERN_ERR "%s: Killed process %d (%s).\n", 244 message, p->pid, p->comm); 245 246 /* 247 * We give our sacrificial lamb high priority and access to 248 * all the memory it needs. That way it should be able to 249 * exit() and clear out its resources quickly... 250 */ 251 p->time_slice = HZ; 252 set_tsk_thread_flag(p, TIF_MEMDIE); 253 254 force_sig(SIGKILL, p); 255 } 256 257 static int oom_kill_task(task_t *p, const char *message) 258 { 259 struct mm_struct *mm; 260 task_t * g, * q; 261 262 mm = p->mm; 263 264 /* WARNING: mm may not be dereferenced since we did not obtain its 265 * value from get_task_mm(p). This is OK since all we need to do is 266 * compare mm to q->mm below. 267 * 268 * Furthermore, even if mm contains a non-NULL value, p->mm may 269 * change to NULL at any time since we do not hold task_lock(p). 270 * However, this is of no concern to us. 271 */ 272 273 if (mm == NULL || mm == &init_mm) 274 return 1; 275 276 __oom_kill_task(p, message); 277 /* 278 * kill all processes that share the ->mm (i.e. all threads), 279 * but are in a different thread group 280 */ 281 do_each_thread(g, q) 282 if (q->mm == mm && q->tgid != p->tgid) 283 __oom_kill_task(q, message); 284 while_each_thread(g, q); 285 286 return 0; 287 } 288 289 static int oom_kill_process(struct task_struct *p, unsigned long points, 290 const char *message) 291 { 292 struct task_struct *c; 293 struct list_head *tsk; 294 295 printk(KERN_ERR "Out of Memory: Kill process %d (%s) score %li and " 296 "children.\n", p->pid, p->comm, points); 297 /* Try to kill a child first */ 298 list_for_each(tsk, &p->children) { 299 c = list_entry(tsk, struct task_struct, sibling); 300 if (c->mm == p->mm) 301 continue; 302 if (!oom_kill_task(c, message)) 303 return 0; 304 } 305 return oom_kill_task(p, message); 306 } 307 308 /** 309 * oom_kill - kill the "best" process when we run out of memory 310 * 311 * If we run out of memory, we have the choice between either 312 * killing a random task (bad), letting the system crash (worse) 313 * OR try to be smart about which process to kill. Note that we 314 * don't have to be perfect here, we just have to be good. 315 */ 316 void out_of_memory(struct zonelist *zonelist, gfp_t gfp_mask, int order) 317 { 318 task_t *p; 319 unsigned long points = 0; 320 321 if (printk_ratelimit()) { 322 printk("oom-killer: gfp_mask=0x%x, order=%d\n", 323 gfp_mask, order); 324 dump_stack(); 325 show_mem(); 326 } 327 328 cpuset_lock(); 329 read_lock(&tasklist_lock); 330 331 /* 332 * Check if there were limitations on the allocation (only relevant for 333 * NUMA) that may require different handling. 334 */ 335 switch (constrained_alloc(zonelist, gfp_mask)) { 336 case CONSTRAINT_MEMORY_POLICY: 337 oom_kill_process(current, points, 338 "No available memory (MPOL_BIND)"); 339 break; 340 341 case CONSTRAINT_CPUSET: 342 oom_kill_process(current, points, 343 "No available memory in cpuset"); 344 break; 345 346 case CONSTRAINT_NONE: 347 retry: 348 /* 349 * Rambo mode: Shoot down a process and hope it solves whatever 350 * issues we may have. 351 */ 352 p = select_bad_process(&points); 353 354 if (PTR_ERR(p) == -1UL) 355 goto out; 356 357 /* Found nothing?!?! Either we hang forever, or we panic. */ 358 if (!p) { 359 read_unlock(&tasklist_lock); 360 cpuset_unlock(); 361 panic("Out of memory and no killable processes...\n"); 362 } 363 364 if (oom_kill_process(p, points, "Out of memory")) 365 goto retry; 366 367 break; 368 } 369 370 out: 371 read_unlock(&tasklist_lock); 372 cpuset_unlock(); 373 374 /* 375 * Give "p" a good chance of killing itself before we 376 * retry to allocate memory unless "p" is current 377 */ 378 if (!test_thread_flag(TIF_MEMDIE)) 379 schedule_timeout_uninterruptible(1); 380 } 381