1 /*
2 * linux/mm/oom_kill.c
3 *
4 * Copyright (C) 1998,2000 Rik van Riel
5 * Thanks go out to Claus Fischer for some serious inspiration and
6 * for goading me into coding this file...
7 *
8 * The routines in this file are used to kill a process when
9 * we're seriously out of memory. This gets called from kswapd()
10 * in linux/mm/vmscan.c when we really run out of memory.
11 *
12 * Since we won't call these routines often (on a well-configured
13 * machine) this file will double as a 'coding guide' and a signpost
14 * for newbie kernel hackers. It features several pointers to major
15 * kernel subsystems and hints as to where to find out what things do.
16 */
17
18 #include <linux/mm.h>
19 #include <linux/sched.h>
20 #include <linux/swap.h>
21 #include <linux/swapctl.h>
22 #include <linux/timex.h>
23
24 /* #define DEBUG */
25
26 /**
27 * int_sqrt - oom_kill.c internal function, rough approximation to sqrt
28 * @x: integer of which to calculate the sqrt
29 *
30 * A very rough approximation to the sqrt() function.
31 */
int_sqrt(unsigned int x)32 static unsigned int int_sqrt(unsigned int x)
33 {
34 unsigned int out = x;
35 while (x & ~(unsigned int)1) x >>=2, out >>=1;
36 if (x) out -= out >> 2;
37 return (out ? out : 1);
38 }
39
40 /**
41 * oom_badness - calculate a numeric value for how bad this task has been
42 * @p: task struct of which task we should calculate
43 *
44 * The formula used is relatively simple and documented inline in the
45 * function. The main rationale is that we want to select a good task
46 * to kill when we run out of memory.
47 *
48 * Good in this context means that:
49 * 1) we lose the minimum amount of work done
50 * 2) we recover a large amount of memory
51 * 3) we don't kill anything innocent of eating tons of memory
52 * 4) we want to kill the minimum amount of processes (one)
53 * 5) we try to kill the process the user expects us to kill, this
54 * algorithm has been meticulously tuned to meet the priniciple
55 * of least surprise ... (be careful when you change it)
56 */
57
badness(struct task_struct * p)58 static int badness(struct task_struct *p)
59 {
60 int points, cpu_time, run_time;
61
62 if (!p->mm)
63 return 0;
64
65 if (p->flags & PF_MEMDIE)
66 return 0;
67
68 /*
69 * The memory size of the process is the basis for the badness.
70 */
71 points = p->mm->total_vm;
72
73 /*
74 * CPU time is in seconds and run time is in minutes. There is no
75 * particular reason for this other than that it turned out to work
76 * very well in practice. This is not safe against jiffie wraps
77 * but we don't care _that_ much...
78 */
79 cpu_time = (p->times.tms_utime + p->times.tms_stime) >> (SHIFT_HZ + 3);
80 run_time = (jiffies - p->start_time) >> (SHIFT_HZ + 10);
81
82 points /= int_sqrt(cpu_time);
83 points /= int_sqrt(int_sqrt(run_time));
84
85 /*
86 * Niced processes are most likely less important, so double
87 * their badness points.
88 */
89 if (p->nice > 0)
90 points *= 2;
91
92 /*
93 * Superuser processes are usually more important, so we make it
94 * less likely that we kill those.
95 */
96 if (cap_t(p->cap_effective) & CAP_TO_MASK(CAP_SYS_ADMIN) ||
97 p->uid == 0 || p->euid == 0)
98 points /= 4;
99
100 /*
101 * We don't want to kill a process with direct hardware access.
102 * Not only could that mess up the hardware, but usually users
103 * tend to only have this flag set on applications they think
104 * of as important.
105 */
106 if (cap_t(p->cap_effective) & CAP_TO_MASK(CAP_SYS_RAWIO))
107 points /= 4;
108 #ifdef DEBUG
109 printk(KERN_DEBUG "OOMkill: task %d (%s) got %d points\n",
110 p->pid, p->comm, points);
111 #endif
112 return points;
113 }
114
115 /*
116 * Simple selection loop. We chose the process with the highest
117 * number of 'points'. We expect the caller will lock the tasklist.
118 *
119 * (not docbooked, we don't want this one cluttering up the manual)
120 */
select_bad_process(void)121 static struct task_struct * select_bad_process(void)
122 {
123 int maxpoints = 0;
124 struct task_struct *p = NULL;
125 struct task_struct *chosen = NULL;
126
127 for_each_task(p) {
128 if (p->pid) {
129 int points = badness(p);
130 if (points > maxpoints) {
131 chosen = p;
132 maxpoints = points;
133 }
134 }
135 }
136 return chosen;
137 }
138
139 /**
140 * We must be careful though to never send SIGKILL a process with
141 * CAP_SYS_RAW_IO set, send SIGTERM instead (but it's unlikely that
142 * we select a process with CAP_SYS_RAW_IO set).
143 */
__oom_kill_task(struct task_struct * p)144 static void __oom_kill_task(struct task_struct *p)
145 {
146 printk(KERN_ERR "Out of Memory: Killed process %d (%s).\n", p->pid, p->comm);
147
148 /*
149 * We give our sacrificial lamb high priority and access to
150 * all the memory it needs. That way it should be able to
151 * exit() and clear out its resources quickly...
152 */
153 p->counter = 5 * HZ;
154 p->flags |= PF_MEMALLOC | PF_MEMDIE;
155
156 /* This process has hardware access, be more careful. */
157 if (cap_t(p->cap_effective) & CAP_TO_MASK(CAP_SYS_RAWIO)) {
158 force_sig(SIGTERM, p);
159 } else {
160 force_sig(SIGKILL, p);
161 }
162 }
163
oom_kill_task(struct task_struct * p)164 static struct mm_struct *oom_kill_task(struct task_struct *p)
165 {
166 struct mm_struct *mm;
167
168 task_lock(p);
169 mm = p->mm;
170 if (mm) {
171 spin_lock(&mmlist_lock);
172 if (atomic_read(&mm->mm_users))
173 atomic_inc(&mm->mm_users);
174 else
175 mm = NULL;
176 spin_unlock(&mmlist_lock);
177 }
178 task_unlock(p);
179 if (mm)
180 __oom_kill_task(p);
181 return mm;
182 }
183
184 /**
185 * oom_kill - kill the "best" process when we run out of memory
186 *
187 * If we run out of memory, we have the choice between either
188 * killing a random task (bad), letting the system crash (worse)
189 * OR try to be smart about which process to kill. Note that we
190 * don't have to be perfect here, we just have to be good.
191 */
oom_kill(void)192 static void oom_kill(void)
193 {
194 struct task_struct *p, *q;
195 struct mm_struct *mm;
196
197 retry:
198 read_lock(&tasklist_lock);
199 p = select_bad_process();
200
201 /* Found nothing?!?! Either we hang forever, or we panic. */
202 if (p == NULL)
203 panic("Out of memory and no killable processes...\n");
204 mm = oom_kill_task(p);
205 if (!mm) {
206 read_unlock(&tasklist_lock);
207 goto retry;
208 }
209 /* kill all processes that share the ->mm (i.e. all threads) */
210 for_each_task(q) {
211 if (q->mm == mm)
212 __oom_kill_task(q);
213 }
214 read_unlock(&tasklist_lock);
215 mmput(mm);
216 /*
217 * Make kswapd go out of the way, so "p" has a good chance of
218 * killing itself before someone else gets the chance to ask
219 * for more memory.
220 */
221 yield();
222 return;
223 }
224
225 /**
226 * out_of_memory - is the system out of memory?
227 */
out_of_memory(void)228 void out_of_memory(void)
229 {
230 /*
231 * oom_lock protects out_of_memory()'s static variables.
232 * It's a global lock; this is not performance-critical.
233 */
234 static spinlock_t oom_lock = SPIN_LOCK_UNLOCKED;
235 static unsigned long first, last, count, lastkill;
236 unsigned long now, since;
237
238 /*
239 * Enough swap space left? Not OOM.
240 */
241 if (nr_swap_pages > 0)
242 return;
243
244 spin_lock(&oom_lock);
245 now = jiffies;
246 since = now - last;
247 last = now;
248
249 /*
250 * If it's been a long time since last failure,
251 * we're not oom.
252 */
253 last = now;
254 if (since > 5*HZ)
255 goto reset;
256
257 /*
258 * If we haven't tried for at least one second,
259 * we're not really oom.
260 */
261 since = now - first;
262 if (since < HZ)
263 goto out_unlock;
264
265 /*
266 * If we have gotten only a few failures,
267 * we're not really oom.
268 */
269 if (++count < 10)
270 goto out_unlock;
271
272 /*
273 * If we just killed a process, wait a while
274 * to give that task a chance to exit. This
275 * avoids killing multiple processes needlessly.
276 */
277 since = now - lastkill;
278 if (since < HZ*5)
279 goto out_unlock;
280
281 /*
282 * Ok, really out of memory. Kill something.
283 */
284 lastkill = now;
285
286 /* oom_kill() can sleep */
287 spin_unlock(&oom_lock);
288 oom_kill();
289 spin_lock(&oom_lock);
290
291 reset:
292 if ((long)first - (long)now < 0)
293 first = now;
294 count = 0;
295
296 out_unlock:
297 spin_unlock(&oom_lock);
298 }
299