Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932307AbbFDXMb (ORCPT ); Thu, 4 Jun 2015 19:12:31 -0400 Received: from mail-ie0-f180.google.com ([209.85.223.180]:34571 "EHLO mail-ie0-f180.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753778AbbFDXMa (ORCPT ); Thu, 4 Jun 2015 19:12:30 -0400 Date: Thu, 4 Jun 2015 16:12:27 -0700 (PDT) From: David Rientjes X-X-Sender: rientjes@chino.kir.corp.google.com To: Michal Hocko cc: Andrew Morton , Tetsuo Handa , linux-mm@kvack.org, LKML Subject: Re: [PATCH] oom: always panic on OOM when panic_on_oom is configured In-Reply-To: <1433159948-9912-1-git-send-email-mhocko@suse.cz> Message-ID: References: <1433159948-9912-1-git-send-email-mhocko@suse.cz> User-Agent: Alpine 2.10 (DEB 1266 2009-07-14) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2263 Lines: 43 On Mon, 1 Jun 2015, Michal Hocko wrote: > panic_on_oom allows administrator to set OOM policy to panic the system > when it is out of memory to reduce failover time e.g. when resolving > the OOM condition would take much more time than rebooting the system. > > out_of_memory tries to be clever and prevent from premature panics > by checking the current task and prevent from panic when the task > has fatal signal pending and so it should die shortly and release some > memory. This is fair enough but Tetsuo Handa has noted that this might > lead to a silent deadlock when current cannot exit because of > dependencies invisible to the OOM killer. > > panic_on_oom is disabled by default and if somebody enables it then any > risk of potential deadlock is certainly unwelcome. The risk is really > low because there are usually more sources of allocation requests and > one of them would eventually trigger the panic but it is better to > reduce the risk as much as possible. > > Let's move check_panic_on_oom up before the current task is > checked so that the knob value is . Do the same for the memcg in > mem_cgroup_out_of_memory. > > Reported-by: Tetsuo Handa > Signed-off-by: Michal Hocko Nack, this is not the appropriate response to exit path livelocks. By doing this, you are going to start unnecessarily panicking machines that have panic_on_oom set when it would not have triggered before. If there is no reclaimable memory and a process that has already been signaled to die to is in the process of exiting has to allocate memory, it is perfectly acceptable to give them access to memory reserves so they can allocate and exit. Under normal circumstances, that allows the process to naturally exit. With your patch, it will cause the machine to panic. It's this simple: panic_on_oom is not a solution to workaround oom killer livelocks and shouldn't be suggested as the canonical way that such possibilities should be addressed. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/