]>
Commit | Line | Data |
---|---|---|
1 | /* | |
2 | * linux/mm/oom_kill.c | |
3 | * | |
4 | * Copyright (C) 1998,2000 Rik van Riel | |
5 | * Thanks go out to Claus Fischer for some serious inspiration and | |
6 | * for goading me into coding this file... | |
7 | * Copyright (C) 2010 Google, Inc. | |
8 | * Rewritten by David Rientjes | |
9 | * | |
10 | * The routines in this file are used to kill a process when | |
11 | * we're seriously out of memory. This gets called from __alloc_pages() | |
12 | * in mm/page_alloc.c when we really run out of memory. | |
13 | * | |
14 | * Since we won't call these routines often (on a well-configured | |
15 | * machine) this file will double as a 'coding guide' and a signpost | |
16 | * for newbie kernel hackers. It features several pointers to major | |
17 | * kernel subsystems and hints as to where to find out what things do. | |
18 | */ | |
19 | ||
20 | #include <linux/oom.h> | |
21 | #include <linux/mm.h> | |
22 | #include <linux/err.h> | |
23 | #include <linux/gfp.h> | |
24 | #include <linux/sched.h> | |
25 | #include <linux/swap.h> | |
26 | #include <linux/timex.h> | |
27 | #include <linux/jiffies.h> | |
28 | #include <linux/cpuset.h> | |
29 | #include <linux/export.h> | |
30 | #include <linux/notifier.h> | |
31 | #include <linux/memcontrol.h> | |
32 | #include <linux/mempolicy.h> | |
33 | #include <linux/security.h> | |
34 | #include <linux/ptrace.h> | |
35 | #include <linux/freezer.h> | |
36 | #include <linux/ftrace.h> | |
37 | #include <linux/ratelimit.h> | |
38 | #include <linux/kthread.h> | |
39 | #include <linux/init.h> | |
40 | ||
41 | #include <asm/tlb.h> | |
42 | #include "internal.h" | |
43 | ||
44 | #define CREATE_TRACE_POINTS | |
45 | #include <trace/events/oom.h> | |
46 | ||
47 | int sysctl_panic_on_oom; | |
48 | int sysctl_oom_kill_allocating_task; | |
49 | int sysctl_oom_dump_tasks = 1; | |
50 | ||
51 | DEFINE_MUTEX(oom_lock); | |
52 | ||
53 | #ifdef CONFIG_NUMA | |
54 | /** | |
55 | * has_intersects_mems_allowed() - check task eligiblity for kill | |
56 | * @start: task struct of which task to consider | |
57 | * @mask: nodemask passed to page allocator for mempolicy ooms | |
58 | * | |
59 | * Task eligibility is determined by whether or not a candidate task, @tsk, | |
60 | * shares the same mempolicy nodes as current if it is bound by such a policy | |
61 | * and whether or not it has the same set of allowed cpuset nodes. | |
62 | */ | |
63 | static bool has_intersects_mems_allowed(struct task_struct *start, | |
64 | const nodemask_t *mask) | |
65 | { | |
66 | struct task_struct *tsk; | |
67 | bool ret = false; | |
68 | ||
69 | rcu_read_lock(); | |
70 | for_each_thread(start, tsk) { | |
71 | if (mask) { | |
72 | /* | |
73 | * If this is a mempolicy constrained oom, tsk's | |
74 | * cpuset is irrelevant. Only return true if its | |
75 | * mempolicy intersects current, otherwise it may be | |
76 | * needlessly killed. | |
77 | */ | |
78 | ret = mempolicy_nodemask_intersects(tsk, mask); | |
79 | } else { | |
80 | /* | |
81 | * This is not a mempolicy constrained oom, so only | |
82 | * check the mems of tsk's cpuset. | |
83 | */ | |
84 | ret = cpuset_mems_allowed_intersects(current, tsk); | |
85 | } | |
86 | if (ret) | |
87 | break; | |
88 | } | |
89 | rcu_read_unlock(); | |
90 | ||
91 | return ret; | |
92 | } | |
93 | #else | |
94 | static bool has_intersects_mems_allowed(struct task_struct *tsk, | |
95 | const nodemask_t *mask) | |
96 | { | |
97 | return true; | |
98 | } | |
99 | #endif /* CONFIG_NUMA */ | |
100 | ||
101 | /* | |
102 | * The process p may have detached its own ->mm while exiting or through | |
103 | * use_mm(), but one or more of its subthreads may still have a valid | |
104 | * pointer. Return p, or any of its subthreads with a valid ->mm, with | |
105 | * task_lock() held. | |
106 | */ | |
107 | struct task_struct *find_lock_task_mm(struct task_struct *p) | |
108 | { | |
109 | struct task_struct *t; | |
110 | ||
111 | rcu_read_lock(); | |
112 | ||
113 | for_each_thread(p, t) { | |
114 | task_lock(t); | |
115 | if (likely(t->mm)) | |
116 | goto found; | |
117 | task_unlock(t); | |
118 | } | |
119 | t = NULL; | |
120 | found: | |
121 | rcu_read_unlock(); | |
122 | ||
123 | return t; | |
124 | } | |
125 | ||
126 | /* | |
127 | * order == -1 means the oom kill is required by sysrq, otherwise only | |
128 | * for display purposes. | |
129 | */ | |
130 | static inline bool is_sysrq_oom(struct oom_control *oc) | |
131 | { | |
132 | return oc->order == -1; | |
133 | } | |
134 | ||
135 | /* return true if the task is not adequate as candidate victim task. */ | |
136 | static bool oom_unkillable_task(struct task_struct *p, | |
137 | struct mem_cgroup *memcg, const nodemask_t *nodemask) | |
138 | { | |
139 | if (is_global_init(p)) | |
140 | return true; | |
141 | if (p->flags & PF_KTHREAD) | |
142 | return true; | |
143 | ||
144 | /* When mem_cgroup_out_of_memory() and p is not member of the group */ | |
145 | if (memcg && !task_in_mem_cgroup(p, memcg)) | |
146 | return true; | |
147 | ||
148 | /* p may not have freeable memory in nodemask */ | |
149 | if (!has_intersects_mems_allowed(p, nodemask)) | |
150 | return true; | |
151 | ||
152 | return false; | |
153 | } | |
154 | ||
155 | /** | |
156 | * oom_badness - heuristic function to determine which candidate task to kill | |
157 | * @p: task struct of which task we should calculate | |
158 | * @totalpages: total present RAM allowed for page allocation | |
159 | * | |
160 | * The heuristic for determining which task to kill is made to be as simple and | |
161 | * predictable as possible. The goal is to return the highest value for the | |
162 | * task consuming the most memory to avoid subsequent oom failures. | |
163 | */ | |
164 | unsigned long oom_badness(struct task_struct *p, struct mem_cgroup *memcg, | |
165 | const nodemask_t *nodemask, unsigned long totalpages) | |
166 | { | |
167 | long points; | |
168 | long adj; | |
169 | ||
170 | if (oom_unkillable_task(p, memcg, nodemask)) | |
171 | return 0; | |
172 | ||
173 | p = find_lock_task_mm(p); | |
174 | if (!p) | |
175 | return 0; | |
176 | ||
177 | adj = (long)p->signal->oom_score_adj; | |
178 | if (adj == OOM_SCORE_ADJ_MIN) { | |
179 | task_unlock(p); | |
180 | return 0; | |
181 | } | |
182 | ||
183 | /* | |
184 | * The baseline for the badness score is the proportion of RAM that each | |
185 | * task's rss, pagetable and swap space use. | |
186 | */ | |
187 | points = get_mm_rss(p->mm) + get_mm_counter(p->mm, MM_SWAPENTS) + | |
188 | atomic_long_read(&p->mm->nr_ptes) + mm_nr_pmds(p->mm); | |
189 | task_unlock(p); | |
190 | ||
191 | /* | |
192 | * Root processes get 3% bonus, just like the __vm_enough_memory() | |
193 | * implementation used by LSMs. | |
194 | */ | |
195 | if (has_capability_noaudit(p, CAP_SYS_ADMIN)) | |
196 | points -= (points * 3) / 100; | |
197 | ||
198 | /* Normalize to oom_score_adj units */ | |
199 | adj *= totalpages / 1000; | |
200 | points += adj; | |
201 | ||
202 | /* | |
203 | * Never return 0 for an eligible task regardless of the root bonus and | |
204 | * oom_score_adj (oom_score_adj can't be OOM_SCORE_ADJ_MIN here). | |
205 | */ | |
206 | return points > 0 ? points : 1; | |
207 | } | |
208 | ||
209 | /* | |
210 | * Determine the type of allocation constraint. | |
211 | */ | |
212 | #ifdef CONFIG_NUMA | |
213 | static enum oom_constraint constrained_alloc(struct oom_control *oc, | |
214 | unsigned long *totalpages) | |
215 | { | |
216 | struct zone *zone; | |
217 | struct zoneref *z; | |
218 | enum zone_type high_zoneidx = gfp_zone(oc->gfp_mask); | |
219 | bool cpuset_limited = false; | |
220 | int nid; | |
221 | ||
222 | /* Default to all available memory */ | |
223 | *totalpages = totalram_pages + total_swap_pages; | |
224 | ||
225 | if (!oc->zonelist) | |
226 | return CONSTRAINT_NONE; | |
227 | /* | |
228 | * Reach here only when __GFP_NOFAIL is used. So, we should avoid | |
229 | * to kill current.We have to random task kill in this case. | |
230 | * Hopefully, CONSTRAINT_THISNODE...but no way to handle it, now. | |
231 | */ | |
232 | if (oc->gfp_mask & __GFP_THISNODE) | |
233 | return CONSTRAINT_NONE; | |
234 | ||
235 | /* | |
236 | * This is not a __GFP_THISNODE allocation, so a truncated nodemask in | |
237 | * the page allocator means a mempolicy is in effect. Cpuset policy | |
238 | * is enforced in get_page_from_freelist(). | |
239 | */ | |
240 | if (oc->nodemask && | |
241 | !nodes_subset(node_states[N_MEMORY], *oc->nodemask)) { | |
242 | *totalpages = total_swap_pages; | |
243 | for_each_node_mask(nid, *oc->nodemask) | |
244 | *totalpages += node_spanned_pages(nid); | |
245 | return CONSTRAINT_MEMORY_POLICY; | |
246 | } | |
247 | ||
248 | /* Check this allocation failure is caused by cpuset's wall function */ | |
249 | for_each_zone_zonelist_nodemask(zone, z, oc->zonelist, | |
250 | high_zoneidx, oc->nodemask) | |
251 | if (!cpuset_zone_allowed(zone, oc->gfp_mask)) | |
252 | cpuset_limited = true; | |
253 | ||
254 | if (cpuset_limited) { | |
255 | *totalpages = total_swap_pages; | |
256 | for_each_node_mask(nid, cpuset_current_mems_allowed) | |
257 | *totalpages += node_spanned_pages(nid); | |
258 | return CONSTRAINT_CPUSET; | |
259 | } | |
260 | return CONSTRAINT_NONE; | |
261 | } | |
262 | #else | |
263 | static enum oom_constraint constrained_alloc(struct oom_control *oc, | |
264 | unsigned long *totalpages) | |
265 | { | |
266 | *totalpages = totalram_pages + total_swap_pages; | |
267 | return CONSTRAINT_NONE; | |
268 | } | |
269 | #endif | |
270 | ||
271 | enum oom_scan_t oom_scan_process_thread(struct oom_control *oc, | |
272 | struct task_struct *task, unsigned long totalpages) | |
273 | { | |
274 | if (oom_unkillable_task(task, NULL, oc->nodemask)) | |
275 | return OOM_SCAN_CONTINUE; | |
276 | ||
277 | /* | |
278 | * This task already has access to memory reserves and is being killed. | |
279 | * Don't allow any other task to have access to the reserves. | |
280 | */ | |
281 | if (test_tsk_thread_flag(task, TIF_MEMDIE)) { | |
282 | if (!is_sysrq_oom(oc)) | |
283 | return OOM_SCAN_ABORT; | |
284 | } | |
285 | if (!task->mm) | |
286 | return OOM_SCAN_CONTINUE; | |
287 | ||
288 | /* | |
289 | * If task is allocating a lot of memory and has been marked to be | |
290 | * killed first if it triggers an oom, then select it. | |
291 | */ | |
292 | if (oom_task_origin(task)) | |
293 | return OOM_SCAN_SELECT; | |
294 | ||
295 | return OOM_SCAN_OK; | |
296 | } | |
297 | ||
298 | /* | |
299 | * Simple selection loop. We chose the process with the highest | |
300 | * number of 'points'. Returns -1 on scan abort. | |
301 | */ | |
302 | static struct task_struct *select_bad_process(struct oom_control *oc, | |
303 | unsigned int *ppoints, unsigned long totalpages) | |
304 | { | |
305 | struct task_struct *g, *p; | |
306 | struct task_struct *chosen = NULL; | |
307 | unsigned long chosen_points = 0; | |
308 | ||
309 | rcu_read_lock(); | |
310 | for_each_process_thread(g, p) { | |
311 | unsigned int points; | |
312 | ||
313 | switch (oom_scan_process_thread(oc, p, totalpages)) { | |
314 | case OOM_SCAN_SELECT: | |
315 | chosen = p; | |
316 | chosen_points = ULONG_MAX; | |
317 | /* fall through */ | |
318 | case OOM_SCAN_CONTINUE: | |
319 | continue; | |
320 | case OOM_SCAN_ABORT: | |
321 | rcu_read_unlock(); | |
322 | return (struct task_struct *)(-1UL); | |
323 | case OOM_SCAN_OK: | |
324 | break; | |
325 | }; | |
326 | points = oom_badness(p, NULL, oc->nodemask, totalpages); | |
327 | if (!points || points < chosen_points) | |
328 | continue; | |
329 | /* Prefer thread group leaders for display purposes */ | |
330 | if (points == chosen_points && thread_group_leader(chosen)) | |
331 | continue; | |
332 | ||
333 | chosen = p; | |
334 | chosen_points = points; | |
335 | } | |
336 | if (chosen) | |
337 | get_task_struct(chosen); | |
338 | rcu_read_unlock(); | |
339 | ||
340 | *ppoints = chosen_points * 1000 / totalpages; | |
341 | return chosen; | |
342 | } | |
343 | ||
344 | /** | |
345 | * dump_tasks - dump current memory state of all system tasks | |
346 | * @memcg: current's memory controller, if constrained | |
347 | * @nodemask: nodemask passed to page allocator for mempolicy ooms | |
348 | * | |
349 | * Dumps the current memory state of all eligible tasks. Tasks not in the same | |
350 | * memcg, not in the same cpuset, or bound to a disjoint set of mempolicy nodes | |
351 | * are not shown. | |
352 | * State information includes task's pid, uid, tgid, vm size, rss, nr_ptes, | |
353 | * swapents, oom_score_adj value, and name. | |
354 | */ | |
355 | static void dump_tasks(struct mem_cgroup *memcg, const nodemask_t *nodemask) | |
356 | { | |
357 | struct task_struct *p; | |
358 | struct task_struct *task; | |
359 | ||
360 | pr_info("[ pid ] uid tgid total_vm rss nr_ptes nr_pmds swapents oom_score_adj name\n"); | |
361 | rcu_read_lock(); | |
362 | for_each_process(p) { | |
363 | if (oom_unkillable_task(p, memcg, nodemask)) | |
364 | continue; | |
365 | ||
366 | task = find_lock_task_mm(p); | |
367 | if (!task) { | |
368 | /* | |
369 | * This is a kthread or all of p's threads have already | |
370 | * detached their mm's. There's no need to report | |
371 | * them; they can't be oom killed anyway. | |
372 | */ | |
373 | continue; | |
374 | } | |
375 | ||
376 | pr_info("[%5d] %5d %5d %8lu %8lu %7ld %7ld %8lu %5hd %s\n", | |
377 | task->pid, from_kuid(&init_user_ns, task_uid(task)), | |
378 | task->tgid, task->mm->total_vm, get_mm_rss(task->mm), | |
379 | atomic_long_read(&task->mm->nr_ptes), | |
380 | mm_nr_pmds(task->mm), | |
381 | get_mm_counter(task->mm, MM_SWAPENTS), | |
382 | task->signal->oom_score_adj, task->comm); | |
383 | task_unlock(task); | |
384 | } | |
385 | rcu_read_unlock(); | |
386 | } | |
387 | ||
388 | static void dump_header(struct oom_control *oc, struct task_struct *p, | |
389 | struct mem_cgroup *memcg) | |
390 | { | |
391 | pr_warn("%s invoked oom-killer: gfp_mask=%#x(%pGg), order=%d, oom_score_adj=%hd\n", | |
392 | current->comm, oc->gfp_mask, &oc->gfp_mask, oc->order, | |
393 | current->signal->oom_score_adj); | |
394 | ||
395 | cpuset_print_current_mems_allowed(); | |
396 | dump_stack(); | |
397 | if (memcg) | |
398 | mem_cgroup_print_oom_info(memcg, p); | |
399 | else | |
400 | show_mem(SHOW_MEM_FILTER_NODES); | |
401 | if (sysctl_oom_dump_tasks) | |
402 | dump_tasks(memcg, oc->nodemask); | |
403 | } | |
404 | ||
405 | /* | |
406 | * Number of OOM victims in flight | |
407 | */ | |
408 | static atomic_t oom_victims = ATOMIC_INIT(0); | |
409 | static DECLARE_WAIT_QUEUE_HEAD(oom_victims_wait); | |
410 | ||
411 | bool oom_killer_disabled __read_mostly; | |
412 | ||
413 | #ifdef CONFIG_MMU | |
414 | /* | |
415 | * OOM Reaper kernel thread which tries to reap the memory used by the OOM | |
416 | * victim (if that is possible) to help the OOM killer to move on. | |
417 | */ | |
418 | static struct task_struct *oom_reaper_th; | |
419 | static struct task_struct *task_to_reap; | |
420 | static DECLARE_WAIT_QUEUE_HEAD(oom_reaper_wait); | |
421 | ||
422 | static bool __oom_reap_task(struct task_struct *tsk) | |
423 | { | |
424 | struct mmu_gather tlb; | |
425 | struct vm_area_struct *vma; | |
426 | struct mm_struct *mm; | |
427 | struct task_struct *p; | |
428 | struct zap_details details = {.check_swap_entries = true, | |
429 | .ignore_dirty = true}; | |
430 | bool ret = true; | |
431 | ||
432 | /* | |
433 | * Make sure we find the associated mm_struct even when the particular | |
434 | * thread has already terminated and cleared its mm. | |
435 | * We might have race with exit path so consider our work done if there | |
436 | * is no mm. | |
437 | */ | |
438 | p = find_lock_task_mm(tsk); | |
439 | if (!p) | |
440 | return true; | |
441 | ||
442 | mm = p->mm; | |
443 | if (!atomic_inc_not_zero(&mm->mm_users)) { | |
444 | task_unlock(p); | |
445 | return true; | |
446 | } | |
447 | ||
448 | task_unlock(p); | |
449 | ||
450 | if (!down_read_trylock(&mm->mmap_sem)) { | |
451 | ret = false; | |
452 | goto out; | |
453 | } | |
454 | ||
455 | tlb_gather_mmu(&tlb, mm, 0, -1); | |
456 | for (vma = mm->mmap ; vma; vma = vma->vm_next) { | |
457 | if (is_vm_hugetlb_page(vma)) | |
458 | continue; | |
459 | ||
460 | /* | |
461 | * mlocked VMAs require explicit munlocking before unmap. | |
462 | * Let's keep it simple here and skip such VMAs. | |
463 | */ | |
464 | if (vma->vm_flags & VM_LOCKED) | |
465 | continue; | |
466 | ||
467 | /* | |
468 | * Only anonymous pages have a good chance to be dropped | |
469 | * without additional steps which we cannot afford as we | |
470 | * are OOM already. | |
471 | * | |
472 | * We do not even care about fs backed pages because all | |
473 | * which are reclaimable have already been reclaimed and | |
474 | * we do not want to block exit_mmap by keeping mm ref | |
475 | * count elevated without a good reason. | |
476 | */ | |
477 | if (vma_is_anonymous(vma) || !(vma->vm_flags & VM_SHARED)) | |
478 | unmap_page_range(&tlb, vma, vma->vm_start, vma->vm_end, | |
479 | &details); | |
480 | } | |
481 | tlb_finish_mmu(&tlb, 0, -1); | |
482 | up_read(&mm->mmap_sem); | |
483 | ||
484 | /* | |
485 | * Clear TIF_MEMDIE because the task shouldn't be sitting on a | |
486 | * reasonably reclaimable memory anymore. OOM killer can continue | |
487 | * by selecting other victim if unmapping hasn't led to any | |
488 | * improvements. This also means that selecting this task doesn't | |
489 | * make any sense. | |
490 | */ | |
491 | tsk->signal->oom_score_adj = OOM_SCORE_ADJ_MIN; | |
492 | exit_oom_victim(tsk); | |
493 | out: | |
494 | mmput(mm); | |
495 | return ret; | |
496 | } | |
497 | ||
498 | static void oom_reap_task(struct task_struct *tsk) | |
499 | { | |
500 | int attempts = 0; | |
501 | ||
502 | /* Retry the down_read_trylock(mmap_sem) a few times */ | |
503 | while (attempts++ < 10 && !__oom_reap_task(tsk)) | |
504 | schedule_timeout_idle(HZ/10); | |
505 | ||
506 | /* Drop a reference taken by wake_oom_reaper */ | |
507 | put_task_struct(tsk); | |
508 | } | |
509 | ||
510 | static int oom_reaper(void *unused) | |
511 | { | |
512 | while (true) { | |
513 | struct task_struct *tsk; | |
514 | ||
515 | wait_event_freezable(oom_reaper_wait, | |
516 | (tsk = READ_ONCE(task_to_reap))); | |
517 | oom_reap_task(tsk); | |
518 | WRITE_ONCE(task_to_reap, NULL); | |
519 | } | |
520 | ||
521 | return 0; | |
522 | } | |
523 | ||
524 | static void wake_oom_reaper(struct task_struct *tsk) | |
525 | { | |
526 | struct task_struct *old_tsk; | |
527 | ||
528 | if (!oom_reaper_th) | |
529 | return; | |
530 | ||
531 | get_task_struct(tsk); | |
532 | ||
533 | /* | |
534 | * Make sure that only a single mm is ever queued for the reaper | |
535 | * because multiple are not necessary and the operation might be | |
536 | * disruptive so better reduce it to the bare minimum. | |
537 | */ | |
538 | old_tsk = cmpxchg(&task_to_reap, NULL, tsk); | |
539 | if (!old_tsk) | |
540 | wake_up(&oom_reaper_wait); | |
541 | else | |
542 | put_task_struct(tsk); | |
543 | } | |
544 | ||
545 | static int __init oom_init(void) | |
546 | { | |
547 | oom_reaper_th = kthread_run(oom_reaper, NULL, "oom_reaper"); | |
548 | if (IS_ERR(oom_reaper_th)) { | |
549 | pr_err("Unable to start OOM reaper %ld. Continuing regardless\n", | |
550 | PTR_ERR(oom_reaper_th)); | |
551 | oom_reaper_th = NULL; | |
552 | } | |
553 | return 0; | |
554 | } | |
555 | subsys_initcall(oom_init) | |
556 | #else | |
557 | static void wake_oom_reaper(struct task_struct *tsk) | |
558 | { | |
559 | } | |
560 | #endif | |
561 | ||
562 | /** | |
563 | * mark_oom_victim - mark the given task as OOM victim | |
564 | * @tsk: task to mark | |
565 | * | |
566 | * Has to be called with oom_lock held and never after | |
567 | * oom has been disabled already. | |
568 | */ | |
569 | void mark_oom_victim(struct task_struct *tsk) | |
570 | { | |
571 | WARN_ON(oom_killer_disabled); | |
572 | /* OOM killer might race with memcg OOM */ | |
573 | if (test_and_set_tsk_thread_flag(tsk, TIF_MEMDIE)) | |
574 | return; | |
575 | /* | |
576 | * Make sure that the task is woken up from uninterruptible sleep | |
577 | * if it is frozen because OOM killer wouldn't be able to free | |
578 | * any memory and livelock. freezing_slow_path will tell the freezer | |
579 | * that TIF_MEMDIE tasks should be ignored. | |
580 | */ | |
581 | __thaw_task(tsk); | |
582 | atomic_inc(&oom_victims); | |
583 | } | |
584 | ||
585 | /** | |
586 | * exit_oom_victim - note the exit of an OOM victim | |
587 | */ | |
588 | void exit_oom_victim(struct task_struct *tsk) | |
589 | { | |
590 | if (!test_and_clear_tsk_thread_flag(tsk, TIF_MEMDIE)) | |
591 | return; | |
592 | ||
593 | if (!atomic_dec_return(&oom_victims)) | |
594 | wake_up_all(&oom_victims_wait); | |
595 | } | |
596 | ||
597 | /** | |
598 | * oom_killer_disable - disable OOM killer | |
599 | * | |
600 | * Forces all page allocations to fail rather than trigger OOM killer. | |
601 | * Will block and wait until all OOM victims are killed. | |
602 | * | |
603 | * The function cannot be called when there are runnable user tasks because | |
604 | * the userspace would see unexpected allocation failures as a result. Any | |
605 | * new usage of this function should be consulted with MM people. | |
606 | * | |
607 | * Returns true if successful and false if the OOM killer cannot be | |
608 | * disabled. | |
609 | */ | |
610 | bool oom_killer_disable(void) | |
611 | { | |
612 | /* | |
613 | * Make sure to not race with an ongoing OOM killer. Check that the | |
614 | * current is not killed (possibly due to sharing the victim's memory). | |
615 | */ | |
616 | if (mutex_lock_killable(&oom_lock)) | |
617 | return false; | |
618 | oom_killer_disabled = true; | |
619 | mutex_unlock(&oom_lock); | |
620 | ||
621 | wait_event(oom_victims_wait, !atomic_read(&oom_victims)); | |
622 | ||
623 | return true; | |
624 | } | |
625 | ||
626 | /** | |
627 | * oom_killer_enable - enable OOM killer | |
628 | */ | |
629 | void oom_killer_enable(void) | |
630 | { | |
631 | oom_killer_disabled = false; | |
632 | } | |
633 | ||
634 | /* | |
635 | * task->mm can be NULL if the task is the exited group leader. So to | |
636 | * determine whether the task is using a particular mm, we examine all the | |
637 | * task's threads: if one of those is using this mm then this task was also | |
638 | * using it. | |
639 | */ | |
640 | static bool process_shares_mm(struct task_struct *p, struct mm_struct *mm) | |
641 | { | |
642 | struct task_struct *t; | |
643 | ||
644 | for_each_thread(p, t) { | |
645 | struct mm_struct *t_mm = READ_ONCE(t->mm); | |
646 | if (t_mm) | |
647 | return t_mm == mm; | |
648 | } | |
649 | return false; | |
650 | } | |
651 | ||
652 | #define K(x) ((x) << (PAGE_SHIFT-10)) | |
653 | /* | |
654 | * Must be called while holding a reference to p, which will be released upon | |
655 | * returning. | |
656 | */ | |
657 | void oom_kill_process(struct oom_control *oc, struct task_struct *p, | |
658 | unsigned int points, unsigned long totalpages, | |
659 | struct mem_cgroup *memcg, const char *message) | |
660 | { | |
661 | struct task_struct *victim = p; | |
662 | struct task_struct *child; | |
663 | struct task_struct *t; | |
664 | struct mm_struct *mm; | |
665 | unsigned int victim_points = 0; | |
666 | static DEFINE_RATELIMIT_STATE(oom_rs, DEFAULT_RATELIMIT_INTERVAL, | |
667 | DEFAULT_RATELIMIT_BURST); | |
668 | bool can_oom_reap = true; | |
669 | ||
670 | /* | |
671 | * If the task is already exiting, don't alarm the sysadmin or kill | |
672 | * its children or threads, just set TIF_MEMDIE so it can die quickly | |
673 | */ | |
674 | task_lock(p); | |
675 | if (p->mm && task_will_free_mem(p)) { | |
676 | mark_oom_victim(p); | |
677 | task_unlock(p); | |
678 | put_task_struct(p); | |
679 | return; | |
680 | } | |
681 | task_unlock(p); | |
682 | ||
683 | if (__ratelimit(&oom_rs)) | |
684 | dump_header(oc, p, memcg); | |
685 | ||
686 | pr_err("%s: Kill process %d (%s) score %u or sacrifice child\n", | |
687 | message, task_pid_nr(p), p->comm, points); | |
688 | ||
689 | /* | |
690 | * If any of p's children has a different mm and is eligible for kill, | |
691 | * the one with the highest oom_badness() score is sacrificed for its | |
692 | * parent. This attempts to lose the minimal amount of work done while | |
693 | * still freeing memory. | |
694 | */ | |
695 | read_lock(&tasklist_lock); | |
696 | for_each_thread(p, t) { | |
697 | list_for_each_entry(child, &t->children, sibling) { | |
698 | unsigned int child_points; | |
699 | ||
700 | if (process_shares_mm(child, p->mm)) | |
701 | continue; | |
702 | /* | |
703 | * oom_badness() returns 0 if the thread is unkillable | |
704 | */ | |
705 | child_points = oom_badness(child, memcg, oc->nodemask, | |
706 | totalpages); | |
707 | if (child_points > victim_points) { | |
708 | put_task_struct(victim); | |
709 | victim = child; | |
710 | victim_points = child_points; | |
711 | get_task_struct(victim); | |
712 | } | |
713 | } | |
714 | } | |
715 | read_unlock(&tasklist_lock); | |
716 | ||
717 | p = find_lock_task_mm(victim); | |
718 | if (!p) { | |
719 | put_task_struct(victim); | |
720 | return; | |
721 | } else if (victim != p) { | |
722 | get_task_struct(p); | |
723 | put_task_struct(victim); | |
724 | victim = p; | |
725 | } | |
726 | ||
727 | /* Get a reference to safely compare mm after task_unlock(victim) */ | |
728 | mm = victim->mm; | |
729 | atomic_inc(&mm->mm_count); | |
730 | /* | |
731 | * We should send SIGKILL before setting TIF_MEMDIE in order to prevent | |
732 | * the OOM victim from depleting the memory reserves from the user | |
733 | * space under its control. | |
734 | */ | |
735 | do_send_sig_info(SIGKILL, SEND_SIG_FORCED, victim, true); | |
736 | mark_oom_victim(victim); | |
737 | pr_err("Killed process %d (%s) total-vm:%lukB, anon-rss:%lukB, file-rss:%lukB, shmem-rss:%lukB\n", | |
738 | task_pid_nr(victim), victim->comm, K(victim->mm->total_vm), | |
739 | K(get_mm_counter(victim->mm, MM_ANONPAGES)), | |
740 | K(get_mm_counter(victim->mm, MM_FILEPAGES)), | |
741 | K(get_mm_counter(victim->mm, MM_SHMEMPAGES))); | |
742 | task_unlock(victim); | |
743 | ||
744 | /* | |
745 | * Kill all user processes sharing victim->mm in other thread groups, if | |
746 | * any. They don't get access to memory reserves, though, to avoid | |
747 | * depletion of all memory. This prevents mm->mmap_sem livelock when an | |
748 | * oom killed thread cannot exit because it requires the semaphore and | |
749 | * its contended by another thread trying to allocate memory itself. | |
750 | * That thread will now get access to memory reserves since it has a | |
751 | * pending fatal signal. | |
752 | */ | |
753 | rcu_read_lock(); | |
754 | for_each_process(p) { | |
755 | if (!process_shares_mm(p, mm)) | |
756 | continue; | |
757 | if (same_thread_group(p, victim)) | |
758 | continue; | |
759 | if (unlikely(p->flags & PF_KTHREAD) || is_global_init(p) || | |
760 | p->signal->oom_score_adj == OOM_SCORE_ADJ_MIN) { | |
761 | /* | |
762 | * We cannot use oom_reaper for the mm shared by this | |
763 | * process because it wouldn't get killed and so the | |
764 | * memory might be still used. | |
765 | */ | |
766 | can_oom_reap = false; | |
767 | continue; | |
768 | } | |
769 | do_send_sig_info(SIGKILL, SEND_SIG_FORCED, p, true); | |
770 | } | |
771 | rcu_read_unlock(); | |
772 | ||
773 | if (can_oom_reap) | |
774 | wake_oom_reaper(victim); | |
775 | ||
776 | mmdrop(mm); | |
777 | put_task_struct(victim); | |
778 | } | |
779 | #undef K | |
780 | ||
781 | /* | |
782 | * Determines whether the kernel must panic because of the panic_on_oom sysctl. | |
783 | */ | |
784 | void check_panic_on_oom(struct oom_control *oc, enum oom_constraint constraint, | |
785 | struct mem_cgroup *memcg) | |
786 | { | |
787 | if (likely(!sysctl_panic_on_oom)) | |
788 | return; | |
789 | if (sysctl_panic_on_oom != 2) { | |
790 | /* | |
791 | * panic_on_oom == 1 only affects CONSTRAINT_NONE, the kernel | |
792 | * does not panic for cpuset, mempolicy, or memcg allocation | |
793 | * failures. | |
794 | */ | |
795 | if (constraint != CONSTRAINT_NONE) | |
796 | return; | |
797 | } | |
798 | /* Do not panic for oom kills triggered by sysrq */ | |
799 | if (is_sysrq_oom(oc)) | |
800 | return; | |
801 | dump_header(oc, NULL, memcg); | |
802 | panic("Out of memory: %s panic_on_oom is enabled\n", | |
803 | sysctl_panic_on_oom == 2 ? "compulsory" : "system-wide"); | |
804 | } | |
805 | ||
806 | static BLOCKING_NOTIFIER_HEAD(oom_notify_list); | |
807 | ||
808 | int register_oom_notifier(struct notifier_block *nb) | |
809 | { | |
810 | return blocking_notifier_chain_register(&oom_notify_list, nb); | |
811 | } | |
812 | EXPORT_SYMBOL_GPL(register_oom_notifier); | |
813 | ||
814 | int unregister_oom_notifier(struct notifier_block *nb) | |
815 | { | |
816 | return blocking_notifier_chain_unregister(&oom_notify_list, nb); | |
817 | } | |
818 | EXPORT_SYMBOL_GPL(unregister_oom_notifier); | |
819 | ||
820 | /** | |
821 | * out_of_memory - kill the "best" process when we run out of memory | |
822 | * @oc: pointer to struct oom_control | |
823 | * | |
824 | * If we run out of memory, we have the choice between either | |
825 | * killing a random task (bad), letting the system crash (worse) | |
826 | * OR try to be smart about which process to kill. Note that we | |
827 | * don't have to be perfect here, we just have to be good. | |
828 | */ | |
829 | bool out_of_memory(struct oom_control *oc) | |
830 | { | |
831 | struct task_struct *p; | |
832 | unsigned long totalpages; | |
833 | unsigned long freed = 0; | |
834 | unsigned int uninitialized_var(points); | |
835 | enum oom_constraint constraint = CONSTRAINT_NONE; | |
836 | ||
837 | if (oom_killer_disabled) | |
838 | return false; | |
839 | ||
840 | blocking_notifier_call_chain(&oom_notify_list, 0, &freed); | |
841 | if (freed > 0) | |
842 | /* Got some memory back in the last second. */ | |
843 | return true; | |
844 | ||
845 | /* | |
846 | * If current has a pending SIGKILL or is exiting, then automatically | |
847 | * select it. The goal is to allow it to allocate so that it may | |
848 | * quickly exit and free its memory. | |
849 | * | |
850 | * But don't select if current has already released its mm and cleared | |
851 | * TIF_MEMDIE flag at exit_mm(), otherwise an OOM livelock may occur. | |
852 | */ | |
853 | if (current->mm && | |
854 | (fatal_signal_pending(current) || task_will_free_mem(current))) { | |
855 | mark_oom_victim(current); | |
856 | return true; | |
857 | } | |
858 | ||
859 | /* | |
860 | * Check if there were limitations on the allocation (only relevant for | |
861 | * NUMA) that may require different handling. | |
862 | */ | |
863 | constraint = constrained_alloc(oc, &totalpages); | |
864 | if (constraint != CONSTRAINT_MEMORY_POLICY) | |
865 | oc->nodemask = NULL; | |
866 | check_panic_on_oom(oc, constraint, NULL); | |
867 | ||
868 | if (sysctl_oom_kill_allocating_task && current->mm && | |
869 | !oom_unkillable_task(current, NULL, oc->nodemask) && | |
870 | current->signal->oom_score_adj != OOM_SCORE_ADJ_MIN) { | |
871 | get_task_struct(current); | |
872 | oom_kill_process(oc, current, 0, totalpages, NULL, | |
873 | "Out of memory (oom_kill_allocating_task)"); | |
874 | return true; | |
875 | } | |
876 | ||
877 | p = select_bad_process(oc, &points, totalpages); | |
878 | /* Found nothing?!?! Either we hang forever, or we panic. */ | |
879 | if (!p && !is_sysrq_oom(oc)) { | |
880 | dump_header(oc, NULL, NULL); | |
881 | panic("Out of memory and no killable processes...\n"); | |
882 | } | |
883 | if (p && p != (void *)-1UL) { | |
884 | oom_kill_process(oc, p, points, totalpages, NULL, | |
885 | "Out of memory"); | |
886 | /* | |
887 | * Give the killed process a good chance to exit before trying | |
888 | * to allocate memory again. | |
889 | */ | |
890 | schedule_timeout_killable(1); | |
891 | } | |
892 | return true; | |
893 | } | |
894 | ||
895 | /* | |
896 | * The pagefault handler calls here because it is out of memory, so kill a | |
897 | * memory-hogging task. If any populated zone has ZONE_OOM_LOCKED set, a | |
898 | * parallel oom killing is already in progress so do nothing. | |
899 | */ | |
900 | void pagefault_out_of_memory(void) | |
901 | { | |
902 | struct oom_control oc = { | |
903 | .zonelist = NULL, | |
904 | .nodemask = NULL, | |
905 | .gfp_mask = 0, | |
906 | .order = 0, | |
907 | }; | |
908 | ||
909 | if (mem_cgroup_oom_synchronize(true)) | |
910 | return; | |
911 | ||
912 | if (!mutex_trylock(&oom_lock)) | |
913 | return; | |
914 | ||
915 | if (!out_of_memory(&oc)) { | |
916 | /* | |
917 | * There shouldn't be any user tasks runnable while the | |
918 | * OOM killer is disabled, so the current task has to | |
919 | * be a racing OOM victim for which oom_killer_disable() | |
920 | * is waiting for. | |
921 | */ | |
922 | WARN_ON(test_thread_flag(TIF_MEMDIE)); | |
923 | } | |
924 | ||
925 | mutex_unlock(&oom_lock); | |
926 | } |