Let me defer to Solaris for a moment. I just ran many, many copies of
AA's leak.c (posted on l-k a hundred or so messages so) on a Solaris
2.6 box, as a normal non-root user. It supports memory overcommit.
Solaris behaves sanely, IMHO:
* When malloc needs memory and none is available, it returns NULL
and sets errno to 'Resource temporarily unavailable'.
* When not-yet-committed memory wants to be initialized, but cannot due
to OOM, the process coredumps.
* _No_ daemons were lost after 30 minutes or so of leak'ing.
This is sane, logical, expected behavior following the
Principle of Least Surprise.
It of course raises questions about system-critical processes dying; no
tests were done to this affect under Solaris. But ya gotta handle it.
Production OS's have to. Yes, even the network layer needs to handle
OOM situations with some sanity.
However, it would seem logical that some sort of heuristic would
be necessary, like someone on l-k described in an earlier message.
(Bias against killing pid #1, against root processes, against old
processes, towards memory-hungry processes, etc.)
Thanks for listnn'
Jeff
(slightly modified leak.c)
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
int main()
{
char *p[20];
int i, j;
unsigned int pid = (unsigned int) getpid();
for (j=0; j<20; j++)
{
fprintf(stderr,"malloc[%u] %d\n", pid, j);
p[j] = (char *) malloc(1000000);
if (p[j] == NULL) {
perror("malloc error");
abort();
}
}
for (;;)
for (j=0; j<20; j++)
{
fprintf(stderr,"init[%u] %d\n", pid, j);
for (i=0; i<1000000; i++)
p[j][i] = 0;
}
return 0;
}
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/