From: Lubos Lunak <l.lunak@suse.cz>
To: David Rientjes <rientjes@google.com>
Cc: Balbir Singh <balbir@linux.vnet.ibm.com>,
Rik van Riel <riel@redhat.com>,
linux-mm@kvack.org, linux-kernel@vger.kernel.org,
Andrew Morton <akpm@linux-foundation.org>,
KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>,
Nick Piggin <npiggin@suse.de>, Jiri Kosina <jkosina@suse.cz>
Subject: Re: Improving OOM killer
Date: Thu, 11 Feb 2010 11:16:07 +0100 [thread overview]
Message-ID: <201002111116.07211.l.lunak@suse.cz> (raw)
In-Reply-To: <alpine.DEB.2.00.1002101405530.29007@chino.kir.corp.google.com>
On Wednesday 10 of February 2010, David Rientjes wrote:
> On Wed, 10 Feb 2010, Lubos Lunak wrote:
> > Which is why I suggested summing up the memory of the parent and its
> > children.
>
> That's almost identical to the current heuristic where we sum half the
> size of the children's VM size, unfortunately it's not a good indicator of
> forkbombs since in your particular example it would be detrimental to
> kdeinit.
I believe that with the algorithm no longer using VmSize and being careful
not to count shared memory more than once this would not be an issue and
kdeinit would be reasonably safe. KDE does not use _that_ much memory to
score higher than something that caused OOM :).
> My heursitic considers runtime of the children as an indicator
> of a forkbombing parent since such tasks don't typically get to run
> anyway. The rss or swap usage of a child with a seperate address space
> simply isn't relevant to the badness score of the parent, it unfairly
> penalizes medium/large server jobs.
Our definitions of 'forkbomb' then perhaps differ a bit. I
consider 'make -j100' a kind of a forkbomb too, it will very likely overload
the machine too as soon as the gcc instances use up all the memory. For that
reason also using CPU time <1second will not work here, while using real time
<1minute would.
That long timeout would have the weakness that when running at the same time
reasonable 'make -j4' and Firefox that'd immediatelly go crazy, then maybe
the make job could be targeted instead if its total cost would go higher.
However, here I again believe that the fixed metrics for computing memory
usage would work well enough to let that happen only when the total cost of
the make job would be actually higher than that of the offender and in that
case it is kind of an offender too.
Your protection seems to cover only "for(;;) if(fork() == 0) break;" , while
I believe mine could handle also "make -j100" or the bash forkbomb ":()
{ :|:& };:" (i.e. "for(;;) fork();").
> > > We can't address recursive forkbombing in the oom killer with any
> > > efficiency, but luckily those cases aren't very common.
> >
> > Right, I've never run a recursive make that brought my machine to its
> > knees. Oh, wait.
>
> That's completely outside the scope of the oom killer, though: it is _not_
> the oom killer's responsibility for enforcing a kernel-wide forkbomb
> policy
Why? It repeatedly causes OOM here (and in fact it is the only common OOM or
forkbomb I ever encounter). If OOM killer is the right place to protect
against a forkbomb that spawns a large number of 1st level children, then I
don't see how this is different.
> > And why exactly is iterating over 1st level children efficient enough
> > and doing that recursively is not? I don't find it significantly more
> > expensive and badness() is hardly a bottleneck anyway.
>
> If we look at children's memory usage recursively, then we'll always end
> up selecting init_task.
Not if the algorithm does not propagate the top of the problematic subtree
higher, see my reply to Alan Cox.
> > Why exactly do you think only 1st generation children matter? Look again
> > at the process tree posted by me and you'll see it solves nothing there.
> > I still fail to see why counting also all other generations should be
> > considered anything more than a negligible penalty for something that's
> > not a bottleneck at all.
>
> You're specifying a problem that is outside the scope of the oom killer,
> sorry.
But it could be inside of the scope, since it causes OOM, and I don't think
it's an unrealistic or rare use case. I don't consider it less likely than
spawning a large number of direct children. If you want to cover only
certified reasons for causing OOM, it can be as well said that userspace is
not allowed to cause OOM at all.
--
Lubos Lunak
openSUSE Boosters team, KDE developer
l.lunak@suse.cz , l.lunak@kde.org
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2010-02-11 10:16 UTC|newest]
Thread overview: 53+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-02-01 22:02 Lubos Lunak
2010-02-01 23:53 ` David Rientjes
2010-02-02 21:10 ` Lubos Lunak
2010-02-03 1:41 ` David Rientjes
2010-02-03 1:52 ` KAMEZAWA Hiroyuki
2010-02-03 2:12 ` David Rientjes
2010-02-03 2:12 ` KAMEZAWA Hiroyuki
2010-02-03 2:36 ` [patch] sysctl: clean up vm related variable declarations David Rientjes
2010-02-03 8:07 ` KOSAKI Motohiro
2010-02-03 8:17 ` Balbir Singh
2010-02-03 22:54 ` Improving OOM killer Lubos Lunak
2010-02-04 0:00 ` David Rientjes
2010-02-03 7:50 ` KOSAKI Motohiro
2010-02-03 9:40 ` David Rientjes
2010-02-03 8:57 ` Balbir Singh
2010-02-03 12:10 ` Lubos Lunak
2010-02-03 12:25 ` Balbir Singh
2010-02-03 15:00 ` Minchan Kim
2010-02-03 16:06 ` Minchan Kim
2010-02-03 21:22 ` Lubos Lunak
2010-02-03 14:49 ` Rik van Riel
2010-02-03 17:01 ` Balbir Singh
2010-02-03 18:58 ` David Rientjes
2010-02-03 19:29 ` Frans Pop
2010-02-03 19:52 ` David Rientjes
2010-02-03 20:12 ` Frans Pop
2010-02-03 20:26 ` David Rientjes
2010-02-03 22:55 ` Lubos Lunak
2010-02-04 0:05 ` David Rientjes
2010-02-04 0:18 ` Rik van Riel
2010-02-04 21:48 ` David Rientjes
2010-02-04 22:06 ` Rik van Riel
2010-02-04 22:14 ` David Rientjes
2010-02-10 20:54 ` Lubos Lunak
2010-02-10 21:10 ` Rik van Riel
2010-02-10 21:29 ` Lubos Lunak
2010-02-10 22:18 ` Alan Cox
2010-02-10 22:31 ` David Rientjes
2010-02-11 9:50 ` Lubos Lunak
2010-02-04 22:31 ` Frans Pop
2010-02-04 22:53 ` David Rientjes
2010-02-04 7:58 ` Lubos Lunak
2010-02-04 21:34 ` David Rientjes
2010-02-10 20:54 ` Lubos Lunak
2010-02-10 21:09 ` Rik van Riel
2010-02-10 21:34 ` Lubos Lunak
2010-02-10 22:25 ` David Rientjes
2010-02-11 10:16 ` Lubos Lunak [this message]
2010-02-11 21:17 ` David Rientjes
2010-02-04 9:50 ` Jiri Kosina
2010-02-04 21:39 ` David Rientjes
2010-02-05 7:35 ` Oliver Neukum
2010-02-10 3:10 ` David Rientjes
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=201002111116.07211.l.lunak@suse.cz \
--to=l.lunak@suse.cz \
--cc=akpm@linux-foundation.org \
--cc=balbir@linux.vnet.ibm.com \
--cc=jkosina@suse.cz \
--cc=kosaki.motohiro@jp.fujitsu.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=npiggin@suse.de \
--cc=riel@redhat.com \
--cc=rientjes@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox