lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <alpine.DEB.2.02.1406101530100.32203@chino.kir.corp.google.com>
Date:	Tue, 10 Jun 2014 15:37:14 -0700 (PDT)
From:	David Rientjes <rientjes@...gle.com>
To:	Marian Marinov <mm@...com>
cc:	Michal Hocko <mhocko@...e.cz>,
	Johannes Weiner <hannes@...xchg.org>,
	KOSAKI Motohiro <kosaki.motohiro@...fujitsu.com>,
	KAMEZAWA Hiroyuki <kamezawa.hiroyu@...fujitsu.com>,
	Tejun Heo <tj@...nel.org>, linux-kernel@...r.kernel.org,
	linux-mm@...ck.org
Subject: Re: [RFC] oom, memcg: handle sysctl oom_kill_allocating_task while
 memcg oom happening

On Tue, 10 Jun 2014, Marian Marinov wrote:

> >> During these OOM states the load of the machine gradualy increases from 25 up to 120 in the interval of
> >> 10minutes.
> >> 
> >> Once we manually bring down the memory usage of a container(killing some tasks) the load drops down to 25 within
> >> 5 to 7 minutes.
> > 
> > So the OOM killer is not able to find a victim to kill?
> 
> It was constantly killing tasks. 245 oom invocations in less then 6min for that particular cgroup. With top 61 oom
> invocations in one minute.
> 
> It was killing... In that particular case, the problem was a web server that was under attack. New php processes was
> spawned very often and instead of killing each newly created process(which is allocating memory) the kernel tries to
> find more suitable task. Which in this case was not desired.
> 

This is a forkbomb problem, then, that causes processes to constantly be 
reforked and the memcg go out of memory immediately after another process 
has been killed for the same reason.

Enabling oom_kill_allocating_task (or its identical behavior targeted for 
a specific memcg or memcg hierarchy) would result in random kills of your 
processes, whichever process is the unlucky one to be allocating at the 
time would get killed as long as it wasn't oom disabled.  The only benefit 
in this case would be that the oom killer wouldn't need to iterate 
processes, but there's nothing to suggest that your problem -- the fact 
that you're under a forkbomb -- would be fixed.

If, once the oom killer has killed something, another process is 
immediately forked, charges the memory that was just freed by the oom 
killer, and hits the limit again, then that's outside the scope of the oom 
killer.

> >> I read the whole thread from 2012 but I do not see the expected behavior that is described by the people that
> >> commented the issue.
> > 
> > Why do you think that killing the allocating task would be helpful in your case?
> 
> As mentioned above, the usual case with the hosting companies is that, the allocating task should not be allowed to
> run. So killing it is the proper solution there.
> 

That's not what the oom killer does: it finds the process that is using 
the most amount of memory and is eligible for kill and it is killed.  That 
prevents memory leakers from killing everything else attached to the memcg 
or on the system and results in one process being killed instead of many 
processes.  Userspace can tune the selection of processes with 
/proc/pid/oom_score_adj.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ