[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <201601142026.BHI87005.FSOFJVFQMtHOOL@I-love.SAKURA.ne.jp>
Date: Thu, 14 Jan 2016 20:26:29 +0900
From: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>
To: mhocko@...nel.org, hannes@...xchg.org
Cc: rientjes@...gle.com, akpm@...ux-foundation.org, mgorman@...e.de,
torvalds@...ux-foundation.org, oleg@...hat.com, hughd@...gle.com,
andrea@...nel.org, riel@...hat.com, linux-mm@...ck.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] mm,oom: Re-enable OOM killer using timers.
Michal Hocko wrote:
> I think you are missing an important point. There is _no reliable_ way
> to resolve the OOM condition in general except to panic the system. Even
> killing all user space tasks might not be sufficient in general because
> they might be blocked by an unkillable context (e.g. kernel thread).
I know. What I'm proposing is try to recover by killing more OOM-killable
tasks because I think impact of crashing the kernel is larger than impact
of killing all OOM-killable tasks. We should at least try OOM-kill all
OOM-killable processes before crashing the kernel. Some servers take many
minutes to reboot whereas restarting OOM-killed services takes only a few
seconds. Also, SysRq-i is inconvenient because it kills OOM-unkillable ssh
daemon process.
An example is:
(1) Kill a victim and start timeout counter.
(2) Kill all oom_score_adj > 0 tasks when OOM condition was not
solved after 5 seconds since (1).
(3) Kill all oom_score_adj = 0 tasks when OOM condition was not
solved after 5 seconds since (2).
(4) Kill all oom_score_adj >= -500 tasks when OOM condition was not
solved after 5 seconds since (3).
(5) Kill all oom_score_adj >= -999 tasks when OOM condition was not
solved after 5 seconds since (4).
(6) Trigger kernel panic because only OOM-unkillable tasks are left
when OOM condition was not solved after 5 seconds since (5).
> All we can do is a best effort approach which tries to be optimized to
> reduce the impact of an unexpected SIGKILL sent to a "random" task. And
> this is a reasonable objective IMHO.
A best effort approach which tries to be optimized to reduce
the possibility of kernel panic should exist.
Michal Hocko wrote:
> Timeout-to-panic patches were just trying to be as simple as possible
> to guarantee the predictability requirement. No other timeout based
> solutions, which were proposed so far, did guarantee the same AFAIR.
What did "[PATCH] mm: Introduce timeout based OOM killing" miss
( http://lkml.kernel.org/r/201505232339.DAB00557.VFFLHMSOJFOOtQ@I-love.SAKURA.ne.jp )?
It provided
(1) warn OOM victim not dying using memdie_task_warn_secs timeout
(2) select next OOM victim using memdie_task_skip_secs timeout
(3) trigger kernel panic using memdie_task_panic_secs timeout
(4) warn trashing condition using memalloc_task_warn_secs timeout
(5) trigger OOM killer using memalloc_task_retry_secs timeout
Powered by blists - more mailing lists