Re: [PATCH] mm,oom: Re-enable OOM killer using timers.

From: Johannes Weiner
Date: Wed Jan 13 2016 - 11:56:55 EST

Next message: Phil Edworthy: "RE: [PATCH v2 2/4] PCI: rcar: Support runtime PM link state L1 handling in pcie-rcar"
Previous message: Michal Hocko: "Re: [PATCH v2 5/7] mm: vmscan: do not scan anon pages if memcg swap limit is hit"
In reply to: Michal Hocko: "Re: [PATCH] mm,oom: Re-enable OOM killer using timers."
Next in thread: Michal Hocko: "Re: [PATCH] mm,oom: Re-enable OOM killer using timers."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Jan 13, 2016 at 05:26:10PM +0100, Michal Hocko wrote:
> On Wed 13-01-16 21:11:30, Tetsuo Handa wrote:
> [...]
> > Those who use panic_on_oom = 1 expect that the system triggers kernel panic
> > rather than stall forever. This is a translation of administrator's wish that
> > "Please press SysRq-c on behalf of me if the memory exhausted. In that way,
> > I don't need to stand by in front of the console twenty-four seven."
> >
> > Those who use panic_on_oom = 0 expect that the OOM killer solves OOM condition
> > rather than stall forever. This is a translation of administrator's wish that
> > "Please press SysRq-f on behalf of me if the memory exhausted. In that way,
> > I don't need to stand by in front of the console twenty-four seven."
>
> I think you are missing an important point. There is _no reliable_ way
> to resolve the OOM condition in general except to panic the system. Even
> killing all user space tasks might not be sufficient in general because
> they might be blocked by an unkillable context (e.g. kernel thread).
> So if you need a reliable behavior then either use panic_on_oom=1 or
> provide a measure to panic after fixed timeout if the OOM cannot get
> resolved. We have seen patches in that regards but there was no general
> interest in them to merge them.

While what you're saying about there not being a failsafe way is true,
I don't understand why we should panic the machine before we tried to
kill every single userspace task. That's what I never understood about
your timeout-panic patches: if the OOM victim doesn't exit in a fixed
amount of time, why is it better to panic the machine than to try the
second-best, third-best, fourth-best etc. OOM candidates?

Yes, you can say that at least the kernel will make a decision in a
fixed amount of time and it'll be more useful in practice. But the
reality of most scenarios is that moving on to other victims will
increase the chance of success dramatically while the chance of
continued hanging would converge toward 0.

And for the more extreme scenarios, where you have a million tasks all
blocked on the same resource, we can decay the timeout exponentially
to cap the decision time to a reasonable worst case; wait 8s for the
first victim, 4s for the next one etc. and the machine will still
recover or panic within 15s after the deadlock first occurs.

Next message: Phil Edworthy: "RE: [PATCH v2 2/4] PCI: rcar: Support runtime PM link state L1 handling in pcie-rcar"
Previous message: Michal Hocko: "Re: [PATCH v2 5/7] mm: vmscan: do not scan anon pages if memcg swap limit is hit"
In reply to: Michal Hocko: "Re: [PATCH] mm,oom: Re-enable OOM killer using timers."
Next in thread: Michal Hocko: "Re: [PATCH] mm,oom: Re-enable OOM killer using timers."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]