Re: [PATCH] mm,oom: Re-enable OOM killer using timers.

From: Tetsuo Handa
Date: Thu Jan 14 2016 - 06:26:38 EST

Next message: Benjamin Herrenschmidt: "Re: [PATCH v1 3/3] ARM64 LPC: update binding doc"
Previous message: Ingo Molnar: "Re: [PATCH v2] reboot: Backup orderly_poweroff"
In reply to: Michal Hocko: "Re: [PATCH] mm,oom: Re-enable OOM killer using timers."
Next in thread: David Rientjes: "Re: [PATCH] mm,oom: Re-enable OOM killer using timers."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Michal Hocko wrote:
> I think you are missing an important point. There is _no reliable_ way
> to resolve the OOM condition in general except to panic the system. Even
> killing all user space tasks might not be sufficient in general because
> they might be blocked by an unkillable context (e.g. kernel thread).

I know. What I'm proposing is try to recover by killing more OOM-killable
tasks because I think impact of crashing the kernel is larger than impact
of killing all OOM-killable tasks. We should at least try OOM-kill all
OOM-killable processes before crashing the kernel. Some servers take many
minutes to reboot whereas restarting OOM-killed services takes only a few
seconds. Also, SysRq-i is inconvenient because it kills OOM-unkillable ssh
daemon process.

An example is:

(1) Kill a victim and start timeout counter.

(2) Kill all oom_score_adj > 0 tasks when OOM condition was not
solved after 5 seconds since (1).

(3) Kill all oom_score_adj = 0 tasks when OOM condition was not
solved after 5 seconds since (2).

(4) Kill all oom_score_adj >= -500 tasks when OOM condition was not
solved after 5 seconds since (3).

(5) Kill all oom_score_adj >= -999 tasks when OOM condition was not
solved after 5 seconds since (4).

(6) Trigger kernel panic because only OOM-unkillable tasks are left
when OOM condition was not solved after 5 seconds since (5).

> All we can do is a best effort approach which tries to be optimized to
> reduce the impact of an unexpected SIGKILL sent to a "random" task. And
> this is a reasonable objective IMHO.

A best effort approach which tries to be optimized to reduce
the possibility of kernel panic should exist.

Michal Hocko wrote:
> Timeout-to-panic patches were just trying to be as simple as possible
> to guarantee the predictability requirement. No other timeout based
> solutions, which were proposed so far, did guarantee the same AFAIR.

What did "[PATCH] mm: Introduce timeout based OOM killing" miss
( http://lkml.kernel.org/r/201505232339.DAB00557.VFFLHMSOJFOOtQ@xxxxxxxxxxxxxxxxxxx )?
It provided

(1) warn OOM victim not dying using memdie_task_warn_secs timeout
(2) select next OOM victim using memdie_task_skip_secs timeout
(3) trigger kernel panic using memdie_task_panic_secs timeout
(4) warn trashing condition using memalloc_task_warn_secs timeout
(5) trigger OOM killer using memalloc_task_retry_secs timeout

Next message: Benjamin Herrenschmidt: "Re: [PATCH v1 3/3] ARM64 LPC: update binding doc"
Previous message: Ingo Molnar: "Re: [PATCH v2] reboot: Backup orderly_poweroff"
In reply to: Michal Hocko: "Re: [PATCH] mm,oom: Re-enable OOM killer using timers."
Next in thread: David Rientjes: "Re: [PATCH] mm,oom: Re-enable OOM killer using timers."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]