2009-01-16 05:50:42 +08:00
|
|
|
Documentation for /proc/sys/vm/* kernel version 2.6.29
|
2005-04-17 06:20:36 +08:00
|
|
|
(c) 1998, 1999, Rik van Riel <riel@nl.linux.org>
|
2009-01-16 05:50:42 +08:00
|
|
|
(c) 2008 Peter W. Morreale <pmorreale@novell.com>
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
For general info and legal blurb, please look in README.
|
|
|
|
|
|
|
|
==============================================================
|
|
|
|
|
|
|
|
This file contains the documentation for the sysctl files in
|
2009-01-16 05:50:42 +08:00
|
|
|
/proc/sys/vm and is valid for Linux kernel version 2.6.29.
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
The files in this directory can be used to tune the operation
|
|
|
|
of the virtual memory (VM) subsystem of the Linux kernel and
|
|
|
|
the writeout of dirty data to disk.
|
|
|
|
|
|
|
|
Default values and initialization routines for most of these
|
|
|
|
files can be found in mm/swap.c.
|
|
|
|
|
|
|
|
Currently, these files are in /proc/sys/vm:
|
2009-01-16 05:50:42 +08:00
|
|
|
|
2013-04-30 06:08:11 +08:00
|
|
|
- admin_reserve_kbytes
|
2009-01-16 05:50:42 +08:00
|
|
|
- block_dump
|
2010-05-25 05:32:28 +08:00
|
|
|
- compact_memory
|
2009-01-16 05:50:42 +08:00
|
|
|
- dirty_background_bytes
|
2005-04-17 06:20:36 +08:00
|
|
|
- dirty_background_ratio
|
2009-01-16 05:50:42 +08:00
|
|
|
- dirty_bytes
|
2005-04-17 06:20:36 +08:00
|
|
|
- dirty_expire_centisecs
|
2009-01-16 05:50:42 +08:00
|
|
|
- dirty_ratio
|
2005-04-17 06:20:36 +08:00
|
|
|
- dirty_writeback_centisecs
|
2009-01-16 05:50:42 +08:00
|
|
|
- drop_caches
|
2010-05-25 05:32:31 +08:00
|
|
|
- extfrag_threshold
|
2009-01-16 05:50:42 +08:00
|
|
|
- hugepages_treat_as_movable
|
|
|
|
- hugetlb_shm_group
|
|
|
|
- laptop_mode
|
|
|
|
- legacy_va_layout
|
|
|
|
- lowmem_reserve_ratio
|
2005-04-17 06:20:36 +08:00
|
|
|
- max_map_count
|
2009-09-16 17:50:15 +08:00
|
|
|
- memory_failure_early_kill
|
|
|
|
- memory_failure_recovery
|
2005-04-17 06:20:36 +08:00
|
|
|
- min_free_kbytes
|
2006-09-26 14:31:52 +08:00
|
|
|
- min_slab_ratio
|
2009-01-16 05:50:42 +08:00
|
|
|
- min_unmapped_ratio
|
|
|
|
- mmap_min_addr
|
2007-12-18 08:20:25 +08:00
|
|
|
- nr_hugepages
|
|
|
|
- nr_overcommit_hugepages
|
2009-01-16 05:50:42 +08:00
|
|
|
- nr_trim_pages (only if CONFIG_MMU=n)
|
|
|
|
- numa_zonelist_order
|
|
|
|
- oom_dump_tasks
|
|
|
|
- oom_kill_allocating_task
|
|
|
|
- overcommit_memory
|
|
|
|
- overcommit_ratio
|
|
|
|
- page-cluster
|
|
|
|
- panic_on_oom
|
|
|
|
- percpu_pagelist_fraction
|
|
|
|
- stat_interval
|
|
|
|
- swappiness
|
mm: limit growth of 3% hardcoded other user reserve
Add user_reserve_kbytes knob.
Limit the growth of the memory reserved for other user processes to
min(3% current process size, user_reserve_pages). Only about 8MB is
necessary to enable recovery in the default mode, and only a few hundred
MB are required even when overcommit is disabled.
user_reserve_pages defaults to min(3% free pages, 128MB)
I arrived at 128MB by taking the max VSZ of sshd, login, bash, and top ...
then adding the RSS of each.
This only affects OVERCOMMIT_NEVER mode.
Background
1. user reserve
__vm_enough_memory reserves a hardcoded 3% of the current process size for
other applications when overcommit is disabled. This was done so that a
user could recover if they launched a memory hogging process. Without the
reserve, a user would easily run into a message such as:
bash: fork: Cannot allocate memory
2. admin reserve
Additionally, a hardcoded 3% of free memory is reserved for root in both
overcommit 'guess' and 'never' modes. This was intended to prevent a
scenario where root-cant-log-in and perform recovery operations.
Note that this reserve shrinks, and doesn't guarantee a useful reserve.
Motivation
The two hardcoded memory reserves should be updated to account for current
memory sizes.
Also, the admin reserve would be more useful if it didn't shrink too much.
When the current code was originally written, 1GB was considered
"enterprise". Now the 3% reserve can grow to multiple GB on large memory
systems, and it only needs to be a few hundred MB at most to enable a user
or admin to recover a system with an unwanted memory hogging process.
I've found that reducing these reserves is especially beneficial for a
specific type of application load:
* single application system
* one or few processes (e.g. one per core)
* allocating all available memory
* not initializing every page immediately
* long running
I've run scientific clusters with this sort of load. A long running job
sometimes failed many hours (weeks of CPU time) into a calculation. They
weren't initializing all of their memory immediately, and they weren't
using calloc, so I put systems into overcommit 'never' mode. These
clusters run diskless and have no swap.
However, with the current reserves, a user wishing to allocate as much
memory as possible to one process may be prevented from using, for
example, almost 2GB out of 32GB.
The effect is less, but still significant when a user starts a job with
one process per core. I have repeatedly seen a set of processes
requesting the same amount of memory fail because one of them could not
allocate the amount of memory a user would expect to be able to allocate.
For example, Message Passing Interfce (MPI) processes, one per core. And
it is similar for other parallel programming frameworks.
Changing this reserve code will make the overcommit never mode more useful
by allowing applications to allocate nearly all of the available memory.
Also, the new admin_reserve_kbytes will be safer than the current behavior
since the hardcoded 3% of available memory reserve can shrink to something
useless in the case where applications have grabbed all available memory.
Risks
* "bash: fork: Cannot allocate memory"
The downside of the first patch-- which creates a tunable user reserve
that is only used in overcommit 'never' mode--is that an admin can set
it so low that a user may not be able to kill their process, even if
they already have a shell prompt.
Of course, a user can get in the same predicament with the current 3%
reserve--they just have to launch processes until 3% becomes negligible.
* root-cant-log-in problem
The second patch, adding the tunable rootuser_reserve_pages, allows
the admin to shoot themselves in the foot by setting it too small. They
can easily get the system into a state where root-can't-log-in.
However, the new admin_reserve_kbytes will be safer than the current
behavior since the hardcoded 3% of available memory reserve can shrink
to something useless in the case where applications have grabbed all
available memory.
Alternatives
* Memory cgroups provide a more flexible way to limit application memory.
Not everyone wants to set up cgroups or deal with their overhead.
* We could create a fourth overcommit mode which provides smaller reserves.
The size of useful reserves may be drastically different depending
on the whether the system is embedded or enterprise.
* Force users to initialize all of their memory or use calloc.
Some users don't want/expect the system to overcommit when they malloc.
Overcommit 'never' mode is for this scenario, and it should work well.
The new user and admin reserve tunables are simple to use, with low
overhead compared to cgroups. The patches preserve current behavior where
3% of memory is less than 128MB, except that the admin reserve doesn't
shrink to an unusable size under pressure. The code allows admins to tune
for embedded and enterprise usage.
FAQ
* How is the root-cant-login problem addressed?
What happens if admin_reserve_pages is set to 0?
Root is free to shoot themselves in the foot by setting
admin_reserve_kbytes too low.
On x86_64, the minimum useful reserve is:
8MB for overcommit 'guess'
128MB for overcommit 'never'
admin_reserve_pages defaults to min(3% free memory, 8MB)
So, anyone switching to 'never' mode needs to adjust
admin_reserve_pages.
* How do you calculate a minimum useful reserve?
A user or the admin needs enough memory to login and perform
recovery operations, which includes, at a minimum:
sshd or login + bash (or some other shell) + top (or ps, kill, etc.)
For overcommit 'guess', we can sum resident set sizes (RSS)
because we only need enough memory to handle what the recovery
programs will typically use. On x86_64 this is about 8MB.
For overcommit 'never', we can take the max of their virtual sizes (VSZ)
and add the sum of their RSS. We use VSZ instead of RSS because mode
forces us to ensure we can fulfill all of the requested memory allocations--
even if the programs only use a fraction of what they ask for.
On x86_64 this is about 128MB.
When swap is enabled, reserves are useful even when they are as
small as 10MB, regardless of overcommit mode.
When both swap and overcommit are disabled, then the admin should
tune the reserves higher to be absolutley safe. Over 230MB each
was safest in my testing.
* What happens if user_reserve_pages is set to 0?
Note, this only affects overcomitt 'never' mode.
Then a user will be able to allocate all available memory minus
admin_reserve_kbytes.
However, they will easily see a message such as:
"bash: fork: Cannot allocate memory"
And they won't be able to recover/kill their application.
The admin should be able to recover the system if
admin_reserve_kbytes is set appropriately.
* What's the difference between overcommit 'guess' and 'never'?
"Guess" allows an allocation if there are enough free + reclaimable
pages. It has a hardcoded 3% of free pages reserved for root.
"Never" allows an allocation if there is enough swap + a configurable
percentage (default is 50) of physical RAM. It has a hardcoded 3% of
free pages reserved for root, like "Guess" mode. It also has a
hardcoded 3% of the current process size reserved for additional
applications.
* Why is overcommit 'guess' not suitable even when an app eventually
writes to every page? It takes free pages, file pages, available
swap pages, reclaimable slab pages into consideration. In other words,
these are all pages available, then why isn't overcommit suitable?
Because it only looks at the present state of the system. It
does not take into account the memory that other applications have
malloced, but haven't initialized yet. It overcommits the system.
Test Summary
There was little change in behavior in the default overcommit 'guess'
mode with swap enabled before and after the patch. This was expected.
Systems run most predictably (i.e. no oom kills) in overcommit 'never'
mode with swap enabled. This also allowed the most memory to be allocated
to a user application.
Overcommit 'guess' mode without swap is a bad idea. It is easy to
crash the system. None of the other tested combinations crashed.
This matches my experience on the Roadrunner supercomputer.
Without the tunable user reserve, a system in overcommit 'never' mode
and without swap does not allow the admin to recover, although the
admin can.
With the new tunable reserves, a system in overcommit 'never' mode
and without swap can be configured to:
1. maximize user-allocatable memory, running close to the edge of
recoverability
2. maximize recoverability, sacrificing allocatable memory to
ensure that a user cannot take down a system
Test Description
Fedora 18 VM - 4 x86_64 cores, 5725MB RAM, 4GB Swap
System is booted into multiuser console mode, with unnecessary services
turned off. Caches were dropped before each test.
Hogs are user memtester processes that attempt to allocate all free memory
as reported by /proc/meminfo
In overcommit 'never' mode, memory_ratio=100
Test Results
3.9.0-rc1-mm1
Overcommit | Swap | Hogs | MB Got/Wanted | OOMs | User Recovery | Admin Recovery
---------- ---- ---- ------------- ---- ------------- --------------
guess yes 1 5432/5432 no yes yes
guess yes 4 5444/5444 1 yes yes
guess no 1 5302/5449 no yes yes
guess no 4 - crash no no
never yes 1 5460/5460 1 yes yes
never yes 4 5460/5460 1 yes yes
never no 1 5218/5432 no no yes
never no 4 5203/5448 no no yes
3.9.0-rc1-mm1-tunablereserves
User and Admin Recovery show their respective reserves, if applicable.
Overcommit | Swap | Hogs | MB Got/Wanted | OOMs | User Recovery | Admin Recovery
---------- ---- ---- ------------- ---- ------------- --------------
guess yes 1 5419/5419 no - yes 8MB yes
guess yes 4 5436/5436 1 - yes 8MB yes
guess no 1 5440/5440 * - yes 8MB yes
guess no 4 - crash - no 8MB no
* process would successfully mlock, then the oom killer would pick it
never yes 1 5446/5446 no 10MB yes 20MB yes
never yes 4 5456/5456 no 10MB yes 20MB yes
never no 1 5387/5429 no 128MB no 8MB barely
never no 1 5323/5428 no 226MB barely 8MB barely
never no 1 5323/5428 no 226MB barely 8MB barely
never no 1 5359/5448 no 10MB no 10MB barely
never no 1 5323/5428 no 0MB no 10MB barely
never no 1 5332/5428 no 0MB no 50MB yes
never no 1 5293/5429 no 0MB no 90MB yes
never no 1 5001/5427 no 230MB yes 338MB yes
never no 4* 4998/5424 no 230MB yes 338MB yes
* more memtesters were launched, able to allocate approximately another 100MB
Future Work
- Test larger memory systems.
- Test an embedded image.
- Test other architectures.
- Time malloc microbenchmarks.
- Would it be useful to be able to set overcommit policy for
each memory cgroup?
- Some lines are slightly above 80 chars.
Perhaps define a macro to convert between pages and kb?
Other places in the kernel do this.
[akpm@linux-foundation.org: coding-style fixes]
[akpm@linux-foundation.org: make init_user_reserve() static]
Signed-off-by: Andrew Shewmaker <agshew@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-04-30 06:08:10 +08:00
|
|
|
- user_reserve_kbytes
|
2009-01-16 05:50:42 +08:00
|
|
|
- vfs_cache_pressure
|
|
|
|
- zone_reclaim_mode
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
==============================================================
|
|
|
|
|
2013-04-30 06:08:11 +08:00
|
|
|
admin_reserve_kbytes
|
|
|
|
|
|
|
|
The amount of free memory in the system that should be reserved for users
|
|
|
|
with the capability cap_sys_admin.
|
|
|
|
|
|
|
|
admin_reserve_kbytes defaults to min(3% of free pages, 8MB)
|
|
|
|
|
|
|
|
That should provide enough for the admin to log in and kill a process,
|
|
|
|
if necessary, under the default overcommit 'guess' mode.
|
|
|
|
|
|
|
|
Systems running under overcommit 'never' should increase this to account
|
|
|
|
for the full Virtual Memory Size of programs used to recover. Otherwise,
|
|
|
|
root may not be able to log in to recover the system.
|
|
|
|
|
|
|
|
How do you calculate a minimum useful reserve?
|
|
|
|
|
|
|
|
sshd or login + bash (or some other shell) + top (or ps, kill, etc.)
|
|
|
|
|
|
|
|
For overcommit 'guess', we can sum resident set sizes (RSS).
|
|
|
|
On x86_64 this is about 8MB.
|
|
|
|
|
|
|
|
For overcommit 'never', we can take the max of their virtual sizes (VSZ)
|
|
|
|
and add the sum of their RSS.
|
|
|
|
On x86_64 this is about 128MB.
|
|
|
|
|
|
|
|
Changing this takes effect whenever an application requests memory.
|
|
|
|
|
|
|
|
==============================================================
|
|
|
|
|
2009-01-16 05:50:42 +08:00
|
|
|
block_dump
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2009-01-16 05:50:42 +08:00
|
|
|
block_dump enables block I/O debugging when set to a nonzero value. More
|
|
|
|
information on block I/O debugging is in Documentation/laptops/laptop-mode.txt.
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
==============================================================
|
|
|
|
|
2010-05-25 05:32:28 +08:00
|
|
|
compact_memory
|
|
|
|
|
|
|
|
Available only when CONFIG_COMPACTION is set. When 1 is written to the file,
|
|
|
|
all zones are compacted such that free memory is available in contiguous
|
|
|
|
blocks where possible. This can be important for example in the allocation of
|
|
|
|
huge pages although processes will also directly compact memory as required.
|
|
|
|
|
|
|
|
==============================================================
|
|
|
|
|
2009-01-16 05:50:42 +08:00
|
|
|
dirty_background_bytes
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2012-07-25 23:12:01 +08:00
|
|
|
Contains the amount of dirty memory at which the background kernel
|
|
|
|
flusher threads will start writeback.
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2010-10-28 06:33:31 +08:00
|
|
|
Note: dirty_background_bytes is the counterpart of dirty_background_ratio. Only
|
|
|
|
one of them may be specified at a time. When one sysctl is written it is
|
|
|
|
immediately taken into account to evaluate the dirty memory limits and the
|
|
|
|
other appears as 0 when read.
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2009-01-16 05:50:42 +08:00
|
|
|
==============================================================
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2009-01-16 05:50:42 +08:00
|
|
|
dirty_background_ratio
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2013-11-13 07:08:30 +08:00
|
|
|
Contains, as a percentage of total available memory that contains free pages
|
|
|
|
and reclaimable pages, the number of pages at which the background kernel
|
|
|
|
flusher threads will start writing out dirty data.
|
|
|
|
|
|
|
|
The total avaiable memory is not equal to total system memory.
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2009-01-16 05:50:42 +08:00
|
|
|
==============================================================
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2009-01-16 05:50:42 +08:00
|
|
|
dirty_bytes
|
|
|
|
|
|
|
|
Contains the amount of dirty memory at which a process generating disk writes
|
|
|
|
will itself start writeback.
|
|
|
|
|
2010-10-28 06:33:31 +08:00
|
|
|
Note: dirty_bytes is the counterpart of dirty_ratio. Only one of them may be
|
|
|
|
specified at a time. When one sysctl is written it is immediately taken into
|
|
|
|
account to evaluate the dirty memory limits and the other appears as 0 when
|
|
|
|
read.
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2009-05-01 06:08:57 +08:00
|
|
|
Note: the minimum value allowed for dirty_bytes is two pages (in bytes); any
|
|
|
|
value lower than this limit will be ignored and the old configuration will be
|
|
|
|
retained.
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
==============================================================
|
|
|
|
|
2009-01-16 05:50:42 +08:00
|
|
|
dirty_expire_centisecs
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2009-01-16 05:50:42 +08:00
|
|
|
This tunable is used to define when dirty data is old enough to be eligible
|
2012-07-25 23:12:01 +08:00
|
|
|
for writeout by the kernel flusher threads. It is expressed in 100'ths
|
|
|
|
of a second. Data which has been dirty in-memory for longer than this
|
|
|
|
interval will be written out next time a flusher thread wakes up.
|
2009-01-16 05:50:42 +08:00
|
|
|
|
|
|
|
==============================================================
|
|
|
|
|
|
|
|
dirty_ratio
|
|
|
|
|
2013-11-13 07:08:30 +08:00
|
|
|
Contains, as a percentage of total available memory that contains free pages
|
|
|
|
and reclaimable pages, the number of pages at which a process which is
|
|
|
|
generating disk writes will itself start writing out dirty data.
|
|
|
|
|
|
|
|
The total avaiable memory is not equal to total system memory.
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
==============================================================
|
|
|
|
|
2009-01-16 05:50:42 +08:00
|
|
|
dirty_writeback_centisecs
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2012-07-25 23:12:01 +08:00
|
|
|
The kernel flusher threads will periodically wake up and write `old' data
|
2009-01-16 05:50:42 +08:00
|
|
|
out to disk. This tunable expresses the interval between those wakeups, in
|
|
|
|
100'ths of a second.
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2009-01-16 05:50:42 +08:00
|
|
|
Setting this to zero disables periodic writeback altogether.
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
==============================================================
|
|
|
|
|
2009-01-16 05:50:42 +08:00
|
|
|
drop_caches
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2009-01-16 05:50:42 +08:00
|
|
|
Writing to this will cause the kernel to drop clean caches, dentries and
|
|
|
|
inodes from memory, causing that memory to become free.
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2009-01-16 05:50:42 +08:00
|
|
|
To free pagecache:
|
|
|
|
echo 1 > /proc/sys/vm/drop_caches
|
|
|
|
To free dentries and inodes:
|
|
|
|
echo 2 > /proc/sys/vm/drop_caches
|
|
|
|
To free pagecache, dentries and inodes:
|
|
|
|
echo 3 > /proc/sys/vm/drop_caches
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2009-01-16 05:50:42 +08:00
|
|
|
As this is a non-destructive operation and dirty objects are not freeable, the
|
|
|
|
user should run `sync' first.
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
==============================================================
|
|
|
|
|
2010-05-25 05:32:31 +08:00
|
|
|
extfrag_threshold
|
|
|
|
|
|
|
|
This parameter affects whether the kernel will compact memory or direct
|
|
|
|
reclaim to satisfy a high-order allocation. /proc/extfrag_index shows what
|
|
|
|
the fragmentation index for each order is in each zone in the system. Values
|
|
|
|
tending towards 0 imply allocations would fail due to lack of memory,
|
|
|
|
values towards 1000 imply failures are due to fragmentation and -1 implies
|
|
|
|
that the allocation will succeed as long as watermarks are met.
|
|
|
|
|
|
|
|
The kernel will not compact memory in a zone if the
|
|
|
|
fragmentation index is <= extfrag_threshold. The default value is 500.
|
|
|
|
|
|
|
|
==============================================================
|
|
|
|
|
2009-01-16 05:50:42 +08:00
|
|
|
hugepages_treat_as_movable
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2013-09-12 05:22:13 +08:00
|
|
|
This parameter controls whether we can allocate hugepages from ZONE_MOVABLE
|
|
|
|
or not. If set to non-zero, hugepages can be allocated from ZONE_MOVABLE.
|
|
|
|
ZONE_MOVABLE is created when kernel boot parameter kernelcore= is specified,
|
|
|
|
so this parameter has no effect if used without kernelcore=.
|
|
|
|
|
|
|
|
Hugepage migration is now available in some situations which depend on the
|
|
|
|
architecture and/or the hugepage size. If a hugepage supports migration,
|
|
|
|
allocation from ZONE_MOVABLE is always enabled for the hugepage regardless
|
|
|
|
of the value of this parameter.
|
|
|
|
IOW, this parameter affects only non-migratable hugepages.
|
|
|
|
|
|
|
|
Assuming that hugepages are not migratable in your system, one usecase of
|
|
|
|
this parameter is that users can make hugepage pool more extensible by
|
|
|
|
enabling the allocation from ZONE_MOVABLE. This is because on ZONE_MOVABLE
|
|
|
|
page reclaim/migration/compaction work more and you can get contiguous
|
|
|
|
memory more likely. Note that using ZONE_MOVABLE for non-migratable
|
|
|
|
hugepages can do harm to other features like memory hotremove (because
|
|
|
|
memory hotremove expects that memory blocks on ZONE_MOVABLE are always
|
|
|
|
removable,) so it's a trade-off responsible for the users.
|
2007-10-17 14:31:28 +08:00
|
|
|
|
2006-01-08 17:00:40 +08:00
|
|
|
==============================================================
|
|
|
|
|
2009-01-16 05:50:42 +08:00
|
|
|
hugetlb_shm_group
|
2006-01-08 17:00:40 +08:00
|
|
|
|
2009-01-16 05:50:42 +08:00
|
|
|
hugetlb_shm_group contains group id that is allowed to create SysV
|
|
|
|
shared memory segment using hugetlb page.
|
2006-01-08 17:00:40 +08:00
|
|
|
|
2009-01-16 05:50:42 +08:00
|
|
|
==============================================================
|
2006-01-08 17:00:40 +08:00
|
|
|
|
2009-01-16 05:50:42 +08:00
|
|
|
laptop_mode
|
2006-01-19 09:42:32 +08:00
|
|
|
|
2009-01-16 05:50:42 +08:00
|
|
|
laptop_mode is a knob that controls "laptop mode". All the things that are
|
|
|
|
controlled by this knob are discussed in Documentation/laptops/laptop-mode.txt.
|
2006-01-19 09:42:32 +08:00
|
|
|
|
2009-01-16 05:50:42 +08:00
|
|
|
==============================================================
|
2006-01-19 09:42:32 +08:00
|
|
|
|
2009-01-16 05:50:42 +08:00
|
|
|
legacy_va_layout
|
2006-02-01 19:05:34 +08:00
|
|
|
|
2010-06-28 19:59:28 +08:00
|
|
|
If non-zero, this sysctl disables the new 32-bit mmap layout - the kernel
|
2009-01-16 05:50:42 +08:00
|
|
|
will use the legacy (2.4) layout for all processes.
|
2006-02-01 19:05:34 +08:00
|
|
|
|
2009-01-16 05:50:42 +08:00
|
|
|
==============================================================
|
2006-02-01 19:05:34 +08:00
|
|
|
|
2009-01-16 05:50:42 +08:00
|
|
|
lowmem_reserve_ratio
|
|
|
|
|
|
|
|
For some specialised workloads on highmem machines it is dangerous for
|
|
|
|
the kernel to allow process memory to be allocated from the "lowmem"
|
|
|
|
zone. This is because that memory could then be pinned via the mlock()
|
|
|
|
system call, or by unavailability of swapspace.
|
|
|
|
|
|
|
|
And on large highmem machines this lack of reclaimable lowmem memory
|
|
|
|
can be fatal.
|
|
|
|
|
|
|
|
So the Linux page allocator has a mechanism which prevents allocations
|
|
|
|
which _could_ use highmem from using too much lowmem. This means that
|
|
|
|
a certain amount of lowmem is defended from the possibility of being
|
|
|
|
captured into pinned user memory.
|
|
|
|
|
|
|
|
(The same argument applies to the old 16 megabyte ISA DMA region. This
|
|
|
|
mechanism will also defend that region from allocations which could use
|
|
|
|
highmem or lowmem).
|
|
|
|
|
|
|
|
The `lowmem_reserve_ratio' tunable determines how aggressive the kernel is
|
|
|
|
in defending these lower zones.
|
|
|
|
|
|
|
|
If you have a machine which uses highmem or ISA DMA and your
|
|
|
|
applications are using mlock(), or if you are running with no swap then
|
|
|
|
you probably should change the lowmem_reserve_ratio setting.
|
|
|
|
|
|
|
|
The lowmem_reserve_ratio is an array. You can see them by reading this file.
|
|
|
|
-
|
|
|
|
% cat /proc/sys/vm/lowmem_reserve_ratio
|
|
|
|
256 256 32
|
|
|
|
-
|
|
|
|
Note: # of this elements is one fewer than number of zones. Because the highest
|
|
|
|
zone's value is not necessary for following calculation.
|
|
|
|
|
|
|
|
But, these values are not used directly. The kernel calculates # of protection
|
|
|
|
pages for each zones from them. These are shown as array of protection pages
|
|
|
|
in /proc/zoneinfo like followings. (This is an example of x86-64 box).
|
|
|
|
Each zone has an array of protection pages like this.
|
|
|
|
|
|
|
|
-
|
|
|
|
Node 0, zone DMA
|
|
|
|
pages free 1355
|
|
|
|
min 3
|
|
|
|
low 3
|
|
|
|
high 4
|
|
|
|
:
|
|
|
|
:
|
|
|
|
numa_other 0
|
|
|
|
protection: (0, 2004, 2004, 2004)
|
|
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
|
|
|
pagesets
|
|
|
|
cpu: 0 pcp: 0
|
|
|
|
:
|
|
|
|
-
|
|
|
|
These protections are added to score to judge whether this zone should be used
|
|
|
|
for page allocation or should be reclaimed.
|
|
|
|
|
|
|
|
In this example, if normal pages (index=2) are required to this DMA zone and
|
2009-06-17 06:32:12 +08:00
|
|
|
watermark[WMARK_HIGH] is used for watermark, the kernel judges this zone should
|
|
|
|
not be used because pages_free(1355) is smaller than watermark + protection[2]
|
2009-01-16 05:50:42 +08:00
|
|
|
(4 + 2004 = 2008). If this protection value is 0, this zone would be used for
|
|
|
|
normal page requirement. If requirement is DMA zone(index=0), protection[0]
|
|
|
|
(=0) is used.
|
|
|
|
|
|
|
|
zone[i]'s protection[j] is calculated by following expression.
|
|
|
|
|
|
|
|
(i < j):
|
|
|
|
zone[i]->protection[j]
|
|
|
|
= (total sums of present_pages from zone[i+1] to zone[j] on the node)
|
|
|
|
/ lowmem_reserve_ratio[i];
|
|
|
|
(i = j):
|
|
|
|
(should not be protected. = 0;
|
|
|
|
(i > j):
|
|
|
|
(not necessary, but looks 0)
|
|
|
|
|
|
|
|
The default values of lowmem_reserve_ratio[i] are
|
|
|
|
256 (if zone[i] means DMA or DMA32 zone)
|
|
|
|
32 (others).
|
|
|
|
As above expression, they are reciprocal number of ratio.
|
|
|
|
256 means 1/256. # of protection pages becomes about "0.39%" of total present
|
|
|
|
pages of higher zones on the node.
|
|
|
|
|
|
|
|
If you would like to protect more pages, smaller values are effective.
|
|
|
|
The minimum value is 1 (1/1 -> 100%).
|
2006-02-01 19:05:34 +08:00
|
|
|
|
2009-01-16 05:50:42 +08:00
|
|
|
==============================================================
|
2006-02-01 19:05:34 +08:00
|
|
|
|
2009-01-16 05:50:42 +08:00
|
|
|
max_map_count:
|
2006-01-19 09:42:32 +08:00
|
|
|
|
2009-01-16 05:50:42 +08:00
|
|
|
This file contains the maximum number of memory map areas a process
|
|
|
|
may have. Memory map areas are used as a side-effect of calling
|
|
|
|
malloc, directly by mmap and mprotect, and also when loading shared
|
|
|
|
libraries.
|
2006-01-19 09:42:32 +08:00
|
|
|
|
2009-01-16 05:50:42 +08:00
|
|
|
While most applications need less than a thousand maps, certain
|
|
|
|
programs, particularly malloc debuggers, may consume lots of them,
|
|
|
|
e.g., up to one or two maps per allocation.
|
2006-06-23 17:03:13 +08:00
|
|
|
|
2009-01-16 05:50:42 +08:00
|
|
|
The default value is 65536.
|
2006-07-03 15:24:13 +08:00
|
|
|
|
2009-09-16 17:50:15 +08:00
|
|
|
=============================================================
|
|
|
|
|
|
|
|
memory_failure_early_kill:
|
|
|
|
|
|
|
|
Control how to kill processes when uncorrected memory error (typically
|
|
|
|
a 2bit error in a memory module) is detected in the background by hardware
|
|
|
|
that cannot be handled by the kernel. In some cases (like the page
|
|
|
|
still having a valid copy on disk) the kernel will handle the failure
|
|
|
|
transparently without affecting any applications. But if there is
|
|
|
|
no other uptodate copy of the data it will kill to prevent any data
|
|
|
|
corruptions from propagating.
|
|
|
|
|
|
|
|
1: Kill all processes that have the corrupted and not reloadable page mapped
|
|
|
|
as soon as the corruption is detected. Note this is not supported
|
|
|
|
for a few types of pages, like kernel internally allocated data or
|
|
|
|
the swap cache, but works for the majority of user pages.
|
|
|
|
|
|
|
|
0: Only unmap the corrupted page from all processes and only kill a process
|
|
|
|
who tries to access it.
|
|
|
|
|
|
|
|
The kill is done using a catchable SIGBUS with BUS_MCEERR_AO, so processes can
|
|
|
|
handle this if they want to.
|
|
|
|
|
|
|
|
This is only active on architectures/platforms with advanced machine
|
|
|
|
check handling and depends on the hardware capabilities.
|
|
|
|
|
|
|
|
Applications can override this setting individually with the PR_MCE_KILL prctl
|
|
|
|
|
|
|
|
==============================================================
|
|
|
|
|
|
|
|
memory_failure_recovery
|
|
|
|
|
|
|
|
Enable memory failure recovery (when supported by the platform)
|
|
|
|
|
|
|
|
1: Attempt recovery.
|
|
|
|
|
|
|
|
0: Always panic on a memory failure.
|
|
|
|
|
2009-01-16 05:50:42 +08:00
|
|
|
==============================================================
|
2006-07-03 15:24:13 +08:00
|
|
|
|
2009-01-16 05:50:42 +08:00
|
|
|
min_free_kbytes:
|
2006-07-03 15:24:13 +08:00
|
|
|
|
2009-01-16 05:50:42 +08:00
|
|
|
This is used to force the Linux VM to keep a minimum number
|
2009-06-17 06:32:12 +08:00
|
|
|
of kilobytes free. The VM uses this number to compute a
|
|
|
|
watermark[WMARK_MIN] value for each lowmem zone in the system.
|
|
|
|
Each lowmem zone gets a number of reserved free pages based
|
|
|
|
proportionally on its size.
|
2009-01-16 05:50:42 +08:00
|
|
|
|
|
|
|
Some minimal amount of memory is needed to satisfy PF_MEMALLOC
|
|
|
|
allocations; if you set this to lower than 1024KB, your system will
|
|
|
|
become subtly broken, and prone to deadlock under high loads.
|
|
|
|
|
|
|
|
Setting this too high will OOM your machine instantly.
|
2006-07-03 15:24:13 +08:00
|
|
|
|
|
|
|
=============================================================
|
|
|
|
|
2006-09-26 14:31:52 +08:00
|
|
|
min_slab_ratio:
|
|
|
|
|
|
|
|
This is available only on NUMA kernels.
|
|
|
|
|
|
|
|
A percentage of the total pages in each zone. On Zone reclaim
|
|
|
|
(fallback from the local zone occurs) slabs will be reclaimed if more
|
|
|
|
than this percentage of pages in a zone are reclaimable slab pages.
|
|
|
|
This insures that the slab growth stays under control even in NUMA
|
|
|
|
systems that rarely perform global reclaim.
|
|
|
|
|
|
|
|
The default is 5 percent.
|
|
|
|
|
|
|
|
Note that slab reclaim is triggered in a per zone / node fashion.
|
|
|
|
The process of reclaiming slab memory is currently not node specific
|
|
|
|
and may not be fast.
|
|
|
|
|
|
|
|
=============================================================
|
|
|
|
|
2009-01-16 05:50:42 +08:00
|
|
|
min_unmapped_ratio:
|
2006-06-23 17:03:13 +08:00
|
|
|
|
2009-01-16 05:50:42 +08:00
|
|
|
This is available only on NUMA kernels.
|
2006-06-23 17:03:13 +08:00
|
|
|
|
vmscan: properly account for the number of page cache pages zone_reclaim() can reclaim
A bug was brought to my attention against a distro kernel but it affects
mainline and I believe problems like this have been reported in various
guises on the mailing lists although I don't have specific examples at the
moment.
The reported problem was that malloc() stalled for a long time (minutes in
some cases) if a large tmpfs mount was occupying a large percentage of
memory overall. The pages did not get cleaned or reclaimed by
zone_reclaim() because the zone_reclaim_mode was unsuitable, but the lists
are uselessly scanned frequencly making the CPU spin at near 100%.
This patchset intends to address that bug and bring the behaviour of
zone_reclaim() more in line with expectations which were noticed during
investigation. It is based on top of mmotm and takes advantage of
Kosaki's work with respect to zone_reclaim().
Patch 1 fixes the heuristics that zone_reclaim() uses to determine if the
scan should go ahead. The broken heuristic is what was causing the
malloc() stall as it uselessly scanned the LRU constantly. Currently,
zone_reclaim is assuming zone_reclaim_mode is 1 and historically it
could not deal with tmpfs pages at all. This fixes up the heuristic so
that an unnecessary scan is more likely to be correctly avoided.
Patch 2 notes that zone_reclaim() returning a failure automatically means
the zone is marked full. This is not always true. It could have
failed because the GFP mask or zone_reclaim_mode were unsuitable.
Patch 3 introduces a counter zreclaim_failed that will increment each
time the zone_reclaim scan-avoidance heuristics fail. If that
counter is rapidly increasing, then zone_reclaim_mode should be
set to 0 as a temporarily resolution and a bug reported because
the scan-avoidance heuristic is still broken.
This patch:
On NUMA machines, the administrator can configure zone_reclaim_mode that
is a more targetted form of direct reclaim. On machines with large NUMA
distances for example, a zone_reclaim_mode defaults to 1 meaning that
clean unmapped pages will be reclaimed if the zone watermarks are not
being met.
There is a heuristic that determines if the scan is worthwhile but the
problem is that the heuristic is not being properly applied and is
basically assuming zone_reclaim_mode is 1 if it is enabled. The lack of
proper detection can manfiest as high CPU usage as the LRU list is scanned
uselessly.
Historically, once enabled it was depending on NR_FILE_PAGES which may
include swapcache pages that the reclaim_mode cannot deal with. Patch
vmscan-change-the-number-of-the-unmapped-files-in-zone-reclaim.patch by
Kosaki Motohiro noted that zone_page_state(zone, NR_FILE_PAGES) included
pages that were not file-backed such as swapcache and made a calculation
based on the inactive, active and mapped files. This is far superior when
zone_reclaim==1 but if RECLAIM_SWAP is set, then NR_FILE_PAGES is a
reasonable starting figure.
This patch alters how zone_reclaim() works out how many pages it might be
able to reclaim given the current reclaim_mode. If RECLAIM_SWAP is set in
the reclaim_mode it will either consider NR_FILE_PAGES as potential
candidates or else use NR_{IN}ACTIVE}_PAGES-NR_FILE_MAPPED to discount
swapcache and other non-file-backed pages. If RECLAIM_WRITE is not set,
then NR_FILE_DIRTY number of pages are not candidates. If RECLAIM_SWAP is
not set, then NR_FILE_MAPPED are not.
[kosaki.motohiro@jp.fujitsu.com: Estimate unmapped pages minus tmpfs pages]
[fengguang.wu@intel.com: Fix underflow problem in Kosaki's estimate]
Signed-off-by: Mel Gorman <mel@csn.ul.ie>
Reviewed-by: Rik van Riel <riel@redhat.com>
Acked-by: Christoph Lameter <cl@linux-foundation.org>
Cc: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Cc: Wu Fengguang <fengguang.wu@intel.com>
Cc: <stable@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-06-17 06:33:20 +08:00
|
|
|
This is a percentage of the total pages in each zone. Zone reclaim will
|
|
|
|
only occur if more than this percentage of pages are in a state that
|
|
|
|
zone_reclaim_mode allows to be reclaimed.
|
|
|
|
|
|
|
|
If zone_reclaim_mode has the value 4 OR'd, then the percentage is compared
|
|
|
|
against all file-backed unmapped pages including swapcache pages and tmpfs
|
|
|
|
files. Otherwise, only unmapped pages backed by normal files but not tmpfs
|
|
|
|
files and similar are considered.
|
2007-05-07 05:49:59 +08:00
|
|
|
|
2009-01-16 05:50:42 +08:00
|
|
|
The default is 1 percent.
|
2006-06-23 17:03:13 +08:00
|
|
|
|
2009-01-16 05:50:42 +08:00
|
|
|
==============================================================
|
2007-05-07 05:49:59 +08:00
|
|
|
|
2009-01-16 05:50:42 +08:00
|
|
|
mmap_min_addr
|
2007-06-29 03:55:21 +08:00
|
|
|
|
2009-01-16 05:50:42 +08:00
|
|
|
This file indicates the amount of address space which a user process will
|
tree-wide: fix assorted typos all over the place
That is "success", "unknown", "through", "performance", "[re|un]mapping"
, "access", "default", "reasonable", "[con]currently", "temperature"
, "channel", "[un]used", "application", "example","hierarchy", "therefore"
, "[over|under]flow", "contiguous", "threshold", "enough" and others.
Signed-off-by: André Goddard Rosa <andre.goddard@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
2009-11-14 23:09:05 +08:00
|
|
|
be restricted from mmapping. Since kernel null dereference bugs could
|
2009-01-16 05:50:42 +08:00
|
|
|
accidentally operate based on the information in the first couple of pages
|
|
|
|
of memory userspace processes should not be allowed to write to them. By
|
|
|
|
default this value is set to 0 and no protections will be enforced by the
|
|
|
|
security module. Setting this value to something like 64k will allow the
|
|
|
|
vast majority of applications to work correctly and provide defense in depth
|
|
|
|
against future potential kernel bugs.
|
2007-10-17 14:25:56 +08:00
|
|
|
|
2009-01-16 05:50:42 +08:00
|
|
|
==============================================================
|
oom: add sysctl to enable task memory dump
Adds a new sysctl, 'oom_dump_tasks', that enables the kernel to produce a
dump of all system tasks (excluding kernel threads) when performing an
OOM-killing. Information includes pid, uid, tgid, vm size, rss, cpu,
oom_adj score, and name.
This is helpful for determining why there was an OOM condition and which
rogue task caused it.
It is configurable so that large systems, such as those with several
thousand tasks, do not incur a performance penalty associated with dumping
data they may not desire.
If an OOM was triggered as a result of a memory controller, the tasklist
shall be filtered to exclude tasks that are not a member of the same
cgroup.
Cc: Andrea Arcangeli <andrea@suse.de>
Cc: Christoph Lameter <clameter@sgi.com>
Cc: Balbir Singh <balbir@linux.vnet.ibm.com>
Signed-off-by: David Rientjes <rientjes@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-02-07 16:14:07 +08:00
|
|
|
|
2009-01-16 05:50:42 +08:00
|
|
|
nr_hugepages
|
oom: add sysctl to enable task memory dump
Adds a new sysctl, 'oom_dump_tasks', that enables the kernel to produce a
dump of all system tasks (excluding kernel threads) when performing an
OOM-killing. Information includes pid, uid, tgid, vm size, rss, cpu,
oom_adj score, and name.
This is helpful for determining why there was an OOM condition and which
rogue task caused it.
It is configurable so that large systems, such as those with several
thousand tasks, do not incur a performance penalty associated with dumping
data they may not desire.
If an OOM was triggered as a result of a memory controller, the tasklist
shall be filtered to exclude tasks that are not a member of the same
cgroup.
Cc: Andrea Arcangeli <andrea@suse.de>
Cc: Christoph Lameter <clameter@sgi.com>
Cc: Balbir Singh <balbir@linux.vnet.ibm.com>
Signed-off-by: David Rientjes <rientjes@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-02-07 16:14:07 +08:00
|
|
|
|
2009-01-16 05:50:42 +08:00
|
|
|
Change the minimum size of the hugepage pool.
|
oom: add sysctl to enable task memory dump
Adds a new sysctl, 'oom_dump_tasks', that enables the kernel to produce a
dump of all system tasks (excluding kernel threads) when performing an
OOM-killing. Information includes pid, uid, tgid, vm size, rss, cpu,
oom_adj score, and name.
This is helpful for determining why there was an OOM condition and which
rogue task caused it.
It is configurable so that large systems, such as those with several
thousand tasks, do not incur a performance penalty associated with dumping
data they may not desire.
If an OOM was triggered as a result of a memory controller, the tasklist
shall be filtered to exclude tasks that are not a member of the same
cgroup.
Cc: Andrea Arcangeli <andrea@suse.de>
Cc: Christoph Lameter <clameter@sgi.com>
Cc: Balbir Singh <balbir@linux.vnet.ibm.com>
Signed-off-by: David Rientjes <rientjes@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-02-07 16:14:07 +08:00
|
|
|
|
2009-01-16 05:50:42 +08:00
|
|
|
See Documentation/vm/hugetlbpage.txt
|
oom: add sysctl to enable task memory dump
Adds a new sysctl, 'oom_dump_tasks', that enables the kernel to produce a
dump of all system tasks (excluding kernel threads) when performing an
OOM-killing. Information includes pid, uid, tgid, vm size, rss, cpu,
oom_adj score, and name.
This is helpful for determining why there was an OOM condition and which
rogue task caused it.
It is configurable so that large systems, such as those with several
thousand tasks, do not incur a performance penalty associated with dumping
data they may not desire.
If an OOM was triggered as a result of a memory controller, the tasklist
shall be filtered to exclude tasks that are not a member of the same
cgroup.
Cc: Andrea Arcangeli <andrea@suse.de>
Cc: Christoph Lameter <clameter@sgi.com>
Cc: Balbir Singh <balbir@linux.vnet.ibm.com>
Signed-off-by: David Rientjes <rientjes@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-02-07 16:14:07 +08:00
|
|
|
|
2009-01-16 05:50:42 +08:00
|
|
|
==============================================================
|
oom: add sysctl to enable task memory dump
Adds a new sysctl, 'oom_dump_tasks', that enables the kernel to produce a
dump of all system tasks (excluding kernel threads) when performing an
OOM-killing. Information includes pid, uid, tgid, vm size, rss, cpu,
oom_adj score, and name.
This is helpful for determining why there was an OOM condition and which
rogue task caused it.
It is configurable so that large systems, such as those with several
thousand tasks, do not incur a performance penalty associated with dumping
data they may not desire.
If an OOM was triggered as a result of a memory controller, the tasklist
shall be filtered to exclude tasks that are not a member of the same
cgroup.
Cc: Andrea Arcangeli <andrea@suse.de>
Cc: Christoph Lameter <clameter@sgi.com>
Cc: Balbir Singh <balbir@linux.vnet.ibm.com>
Signed-off-by: David Rientjes <rientjes@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-02-07 16:14:07 +08:00
|
|
|
|
2009-01-16 05:50:42 +08:00
|
|
|
nr_overcommit_hugepages
|
oom: add sysctl to enable task memory dump
Adds a new sysctl, 'oom_dump_tasks', that enables the kernel to produce a
dump of all system tasks (excluding kernel threads) when performing an
OOM-killing. Information includes pid, uid, tgid, vm size, rss, cpu,
oom_adj score, and name.
This is helpful for determining why there was an OOM condition and which
rogue task caused it.
It is configurable so that large systems, such as those with several
thousand tasks, do not incur a performance penalty associated with dumping
data they may not desire.
If an OOM was triggered as a result of a memory controller, the tasklist
shall be filtered to exclude tasks that are not a member of the same
cgroup.
Cc: Andrea Arcangeli <andrea@suse.de>
Cc: Christoph Lameter <clameter@sgi.com>
Cc: Balbir Singh <balbir@linux.vnet.ibm.com>
Signed-off-by: David Rientjes <rientjes@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-02-07 16:14:07 +08:00
|
|
|
|
2009-01-16 05:50:42 +08:00
|
|
|
Change the maximum size of the hugepage pool. The maximum is
|
|
|
|
nr_hugepages + nr_overcommit_hugepages.
|
2007-10-17 14:25:56 +08:00
|
|
|
|
2009-01-16 05:50:42 +08:00
|
|
|
See Documentation/vm/hugetlbpage.txt
|
2007-10-17 14:25:56 +08:00
|
|
|
|
2009-01-16 05:50:42 +08:00
|
|
|
==============================================================
|
2007-10-17 14:25:56 +08:00
|
|
|
|
2009-01-16 05:50:42 +08:00
|
|
|
nr_trim_pages
|
2007-06-29 03:55:21 +08:00
|
|
|
|
2009-01-16 05:50:42 +08:00
|
|
|
This is available only on NOMMU kernels.
|
|
|
|
|
|
|
|
This value adjusts the excess page trimming behaviour of power-of-2 aligned
|
|
|
|
NOMMU mmap allocations.
|
|
|
|
|
|
|
|
A value of 0 disables trimming of allocations entirely, while a value of 1
|
|
|
|
trims excess pages aggressively. Any value >= 1 acts as the watermark where
|
|
|
|
trimming of allocations is initiated.
|
|
|
|
|
|
|
|
The default value is 1.
|
|
|
|
|
|
|
|
See Documentation/nommu-mmap.txt for more information.
|
2007-06-29 03:55:21 +08:00
|
|
|
|
2007-07-16 14:38:01 +08:00
|
|
|
==============================================================
|
|
|
|
|
|
|
|
numa_zonelist_order
|
|
|
|
|
|
|
|
This sysctl is only for NUMA.
|
|
|
|
'where the memory is allocated from' is controlled by zonelists.
|
|
|
|
(This documentation ignores ZONE_HIGHMEM/ZONE_DMA32 for simple explanation.
|
|
|
|
you may be able to read ZONE_DMA as ZONE_DMA32...)
|
|
|
|
|
|
|
|
In non-NUMA case, a zonelist for GFP_KERNEL is ordered as following.
|
|
|
|
ZONE_NORMAL -> ZONE_DMA
|
|
|
|
This means that a memory allocation request for GFP_KERNEL will
|
|
|
|
get memory from ZONE_DMA only when ZONE_NORMAL is not available.
|
|
|
|
|
|
|
|
In NUMA case, you can think of following 2 types of order.
|
|
|
|
Assume 2 node NUMA and below is zonelist of Node(0)'s GFP_KERNEL
|
|
|
|
|
|
|
|
(A) Node(0) ZONE_NORMAL -> Node(0) ZONE_DMA -> Node(1) ZONE_NORMAL
|
|
|
|
(B) Node(0) ZONE_NORMAL -> Node(1) ZONE_NORMAL -> Node(0) ZONE_DMA.
|
|
|
|
|
|
|
|
Type(A) offers the best locality for processes on Node(0), but ZONE_DMA
|
|
|
|
will be used before ZONE_NORMAL exhaustion. This increases possibility of
|
|
|
|
out-of-memory(OOM) of ZONE_DMA because ZONE_DMA is tend to be small.
|
|
|
|
|
|
|
|
Type(B) cannot offer the best locality but is more robust against OOM of
|
|
|
|
the DMA zone.
|
|
|
|
|
|
|
|
Type(A) is called as "Node" order. Type (B) is "Zone" order.
|
|
|
|
|
|
|
|
"Node order" orders the zonelists by node, then by zone within each node.
|
2011-04-06 17:09:55 +08:00
|
|
|
Specify "[Nn]ode" for node order
|
2007-07-16 14:38:01 +08:00
|
|
|
|
|
|
|
"Zone Order" orders the zonelists by zone type, then by node within each
|
2011-04-06 17:09:55 +08:00
|
|
|
zone. Specify "[Zz]one" for zone order.
|
2007-07-16 14:38:01 +08:00
|
|
|
|
|
|
|
Specify "[Dd]efault" to request automatic configuration. Autoconfiguration
|
|
|
|
will select "node" order in following case.
|
|
|
|
(1) if the DMA zone does not exist or
|
|
|
|
(2) if the DMA zone comprises greater than 50% of the available memory or
|
2013-07-09 07:00:16 +08:00
|
|
|
(3) if any node's DMA zone comprises greater than 70% of its local memory and
|
2007-07-16 14:38:01 +08:00
|
|
|
the amount of local memory is big enough.
|
|
|
|
|
|
|
|
Otherwise, "zone" order will be selected. Default order is recommended unless
|
|
|
|
this is causing problems for your system/application.
|
2007-12-18 08:20:25 +08:00
|
|
|
|
|
|
|
==============================================================
|
|
|
|
|
2009-01-16 05:50:42 +08:00
|
|
|
oom_dump_tasks
|
2007-12-18 08:20:25 +08:00
|
|
|
|
2009-01-16 05:50:42 +08:00
|
|
|
Enables a system-wide task dump (excluding kernel threads) to be
|
|
|
|
produced when the kernel performs an OOM-killing and includes such
|
2012-08-01 07:42:56 +08:00
|
|
|
information as pid, uid, tgid, vm size, rss, nr_ptes, swapents,
|
|
|
|
oom_score_adj score, and name. This is helpful to determine why the
|
|
|
|
OOM killer was invoked, to identify the rogue task that caused it,
|
|
|
|
and to determine why the OOM killer chose the task it did to kill.
|
2007-12-18 08:20:25 +08:00
|
|
|
|
2009-01-16 05:50:42 +08:00
|
|
|
If this is set to zero, this information is suppressed. On very
|
|
|
|
large systems with thousands of tasks it may not be feasible to dump
|
|
|
|
the memory state information for each one. Such systems should not
|
|
|
|
be forced to incur a performance penalty in OOM conditions when the
|
|
|
|
information may not be desired.
|
|
|
|
|
|
|
|
If this is set to non-zero, this information is shown whenever the
|
|
|
|
OOM killer actually kills a memory-hogging task.
|
|
|
|
|
2010-08-10 08:18:53 +08:00
|
|
|
The default value is 1 (enabled).
|
2007-12-18 08:20:25 +08:00
|
|
|
|
|
|
|
==============================================================
|
|
|
|
|
2009-01-16 05:50:42 +08:00
|
|
|
oom_kill_allocating_task
|
2007-12-18 08:20:25 +08:00
|
|
|
|
2009-01-16 05:50:42 +08:00
|
|
|
This enables or disables killing the OOM-triggering task in
|
|
|
|
out-of-memory situations.
|
2007-12-18 08:20:25 +08:00
|
|
|
|
2009-01-16 05:50:42 +08:00
|
|
|
If this is set to zero, the OOM killer will scan through the entire
|
|
|
|
tasklist and select a task based on heuristics to kill. This normally
|
|
|
|
selects a rogue memory-hogging task that frees up a large amount of
|
|
|
|
memory when killed.
|
|
|
|
|
|
|
|
If this is set to non-zero, the OOM killer simply kills the task that
|
|
|
|
triggered the out-of-memory condition. This avoids the expensive
|
|
|
|
tasklist scan.
|
|
|
|
|
|
|
|
If panic_on_oom is selected, it takes precedence over whatever value
|
|
|
|
is used in oom_kill_allocating_task.
|
|
|
|
|
|
|
|
The default value is 0.
|
2009-01-08 20:04:47 +08:00
|
|
|
|
|
|
|
==============================================================
|
|
|
|
|
2009-01-16 05:50:42 +08:00
|
|
|
overcommit_memory:
|
2009-01-08 20:04:47 +08:00
|
|
|
|
2009-01-16 05:50:42 +08:00
|
|
|
This value contains a flag that enables memory overcommitment.
|
2009-01-08 20:04:47 +08:00
|
|
|
|
2009-01-16 05:50:42 +08:00
|
|
|
When this flag is 0, the kernel attempts to estimate the amount
|
|
|
|
of free memory left when userspace requests more memory.
|
2009-01-08 20:04:47 +08:00
|
|
|
|
2009-01-16 05:50:42 +08:00
|
|
|
When this flag is 1, the kernel pretends there is always enough
|
|
|
|
memory until it actually runs out.
|
2009-01-08 20:04:47 +08:00
|
|
|
|
2009-01-16 05:50:42 +08:00
|
|
|
When this flag is 2, the kernel uses a "never overcommit"
|
|
|
|
policy that attempts to prevent any overcommit of memory.
|
mm: limit growth of 3% hardcoded other user reserve
Add user_reserve_kbytes knob.
Limit the growth of the memory reserved for other user processes to
min(3% current process size, user_reserve_pages). Only about 8MB is
necessary to enable recovery in the default mode, and only a few hundred
MB are required even when overcommit is disabled.
user_reserve_pages defaults to min(3% free pages, 128MB)
I arrived at 128MB by taking the max VSZ of sshd, login, bash, and top ...
then adding the RSS of each.
This only affects OVERCOMMIT_NEVER mode.
Background
1. user reserve
__vm_enough_memory reserves a hardcoded 3% of the current process size for
other applications when overcommit is disabled. This was done so that a
user could recover if they launched a memory hogging process. Without the
reserve, a user would easily run into a message such as:
bash: fork: Cannot allocate memory
2. admin reserve
Additionally, a hardcoded 3% of free memory is reserved for root in both
overcommit 'guess' and 'never' modes. This was intended to prevent a
scenario where root-cant-log-in and perform recovery operations.
Note that this reserve shrinks, and doesn't guarantee a useful reserve.
Motivation
The two hardcoded memory reserves should be updated to account for current
memory sizes.
Also, the admin reserve would be more useful if it didn't shrink too much.
When the current code was originally written, 1GB was considered
"enterprise". Now the 3% reserve can grow to multiple GB on large memory
systems, and it only needs to be a few hundred MB at most to enable a user
or admin to recover a system with an unwanted memory hogging process.
I've found that reducing these reserves is especially beneficial for a
specific type of application load:
* single application system
* one or few processes (e.g. one per core)
* allocating all available memory
* not initializing every page immediately
* long running
I've run scientific clusters with this sort of load. A long running job
sometimes failed many hours (weeks of CPU time) into a calculation. They
weren't initializing all of their memory immediately, and they weren't
using calloc, so I put systems into overcommit 'never' mode. These
clusters run diskless and have no swap.
However, with the current reserves, a user wishing to allocate as much
memory as possible to one process may be prevented from using, for
example, almost 2GB out of 32GB.
The effect is less, but still significant when a user starts a job with
one process per core. I have repeatedly seen a set of processes
requesting the same amount of memory fail because one of them could not
allocate the amount of memory a user would expect to be able to allocate.
For example, Message Passing Interfce (MPI) processes, one per core. And
it is similar for other parallel programming frameworks.
Changing this reserve code will make the overcommit never mode more useful
by allowing applications to allocate nearly all of the available memory.
Also, the new admin_reserve_kbytes will be safer than the current behavior
since the hardcoded 3% of available memory reserve can shrink to something
useless in the case where applications have grabbed all available memory.
Risks
* "bash: fork: Cannot allocate memory"
The downside of the first patch-- which creates a tunable user reserve
that is only used in overcommit 'never' mode--is that an admin can set
it so low that a user may not be able to kill their process, even if
they already have a shell prompt.
Of course, a user can get in the same predicament with the current 3%
reserve--they just have to launch processes until 3% becomes negligible.
* root-cant-log-in problem
The second patch, adding the tunable rootuser_reserve_pages, allows
the admin to shoot themselves in the foot by setting it too small. They
can easily get the system into a state where root-can't-log-in.
However, the new admin_reserve_kbytes will be safer than the current
behavior since the hardcoded 3% of available memory reserve can shrink
to something useless in the case where applications have grabbed all
available memory.
Alternatives
* Memory cgroups provide a more flexible way to limit application memory.
Not everyone wants to set up cgroups or deal with their overhead.
* We could create a fourth overcommit mode which provides smaller reserves.
The size of useful reserves may be drastically different depending
on the whether the system is embedded or enterprise.
* Force users to initialize all of their memory or use calloc.
Some users don't want/expect the system to overcommit when they malloc.
Overcommit 'never' mode is for this scenario, and it should work well.
The new user and admin reserve tunables are simple to use, with low
overhead compared to cgroups. The patches preserve current behavior where
3% of memory is less than 128MB, except that the admin reserve doesn't
shrink to an unusable size under pressure. The code allows admins to tune
for embedded and enterprise usage.
FAQ
* How is the root-cant-login problem addressed?
What happens if admin_reserve_pages is set to 0?
Root is free to shoot themselves in the foot by setting
admin_reserve_kbytes too low.
On x86_64, the minimum useful reserve is:
8MB for overcommit 'guess'
128MB for overcommit 'never'
admin_reserve_pages defaults to min(3% free memory, 8MB)
So, anyone switching to 'never' mode needs to adjust
admin_reserve_pages.
* How do you calculate a minimum useful reserve?
A user or the admin needs enough memory to login and perform
recovery operations, which includes, at a minimum:
sshd or login + bash (or some other shell) + top (or ps, kill, etc.)
For overcommit 'guess', we can sum resident set sizes (RSS)
because we only need enough memory to handle what the recovery
programs will typically use. On x86_64 this is about 8MB.
For overcommit 'never', we can take the max of their virtual sizes (VSZ)
and add the sum of their RSS. We use VSZ instead of RSS because mode
forces us to ensure we can fulfill all of the requested memory allocations--
even if the programs only use a fraction of what they ask for.
On x86_64 this is about 128MB.
When swap is enabled, reserves are useful even when they are as
small as 10MB, regardless of overcommit mode.
When both swap and overcommit are disabled, then the admin should
tune the reserves higher to be absolutley safe. Over 230MB each
was safest in my testing.
* What happens if user_reserve_pages is set to 0?
Note, this only affects overcomitt 'never' mode.
Then a user will be able to allocate all available memory minus
admin_reserve_kbytes.
However, they will easily see a message such as:
"bash: fork: Cannot allocate memory"
And they won't be able to recover/kill their application.
The admin should be able to recover the system if
admin_reserve_kbytes is set appropriately.
* What's the difference between overcommit 'guess' and 'never'?
"Guess" allows an allocation if there are enough free + reclaimable
pages. It has a hardcoded 3% of free pages reserved for root.
"Never" allows an allocation if there is enough swap + a configurable
percentage (default is 50) of physical RAM. It has a hardcoded 3% of
free pages reserved for root, like "Guess" mode. It also has a
hardcoded 3% of the current process size reserved for additional
applications.
* Why is overcommit 'guess' not suitable even when an app eventually
writes to every page? It takes free pages, file pages, available
swap pages, reclaimable slab pages into consideration. In other words,
these are all pages available, then why isn't overcommit suitable?
Because it only looks at the present state of the system. It
does not take into account the memory that other applications have
malloced, but haven't initialized yet. It overcommits the system.
Test Summary
There was little change in behavior in the default overcommit 'guess'
mode with swap enabled before and after the patch. This was expected.
Systems run most predictably (i.e. no oom kills) in overcommit 'never'
mode with swap enabled. This also allowed the most memory to be allocated
to a user application.
Overcommit 'guess' mode without swap is a bad idea. It is easy to
crash the system. None of the other tested combinations crashed.
This matches my experience on the Roadrunner supercomputer.
Without the tunable user reserve, a system in overcommit 'never' mode
and without swap does not allow the admin to recover, although the
admin can.
With the new tunable reserves, a system in overcommit 'never' mode
and without swap can be configured to:
1. maximize user-allocatable memory, running close to the edge of
recoverability
2. maximize recoverability, sacrificing allocatable memory to
ensure that a user cannot take down a system
Test Description
Fedora 18 VM - 4 x86_64 cores, 5725MB RAM, 4GB Swap
System is booted into multiuser console mode, with unnecessary services
turned off. Caches were dropped before each test.
Hogs are user memtester processes that attempt to allocate all free memory
as reported by /proc/meminfo
In overcommit 'never' mode, memory_ratio=100
Test Results
3.9.0-rc1-mm1
Overcommit | Swap | Hogs | MB Got/Wanted | OOMs | User Recovery | Admin Recovery
---------- ---- ---- ------------- ---- ------------- --------------
guess yes 1 5432/5432 no yes yes
guess yes 4 5444/5444 1 yes yes
guess no 1 5302/5449 no yes yes
guess no 4 - crash no no
never yes 1 5460/5460 1 yes yes
never yes 4 5460/5460 1 yes yes
never no 1 5218/5432 no no yes
never no 4 5203/5448 no no yes
3.9.0-rc1-mm1-tunablereserves
User and Admin Recovery show their respective reserves, if applicable.
Overcommit | Swap | Hogs | MB Got/Wanted | OOMs | User Recovery | Admin Recovery
---------- ---- ---- ------------- ---- ------------- --------------
guess yes 1 5419/5419 no - yes 8MB yes
guess yes 4 5436/5436 1 - yes 8MB yes
guess no 1 5440/5440 * - yes 8MB yes
guess no 4 - crash - no 8MB no
* process would successfully mlock, then the oom killer would pick it
never yes 1 5446/5446 no 10MB yes 20MB yes
never yes 4 5456/5456 no 10MB yes 20MB yes
never no 1 5387/5429 no 128MB no 8MB barely
never no 1 5323/5428 no 226MB barely 8MB barely
never no 1 5323/5428 no 226MB barely 8MB barely
never no 1 5359/5448 no 10MB no 10MB barely
never no 1 5323/5428 no 0MB no 10MB barely
never no 1 5332/5428 no 0MB no 50MB yes
never no 1 5293/5429 no 0MB no 90MB yes
never no 1 5001/5427 no 230MB yes 338MB yes
never no 4* 4998/5424 no 230MB yes 338MB yes
* more memtesters were launched, able to allocate approximately another 100MB
Future Work
- Test larger memory systems.
- Test an embedded image.
- Test other architectures.
- Time malloc microbenchmarks.
- Would it be useful to be able to set overcommit policy for
each memory cgroup?
- Some lines are slightly above 80 chars.
Perhaps define a macro to convert between pages and kb?
Other places in the kernel do this.
[akpm@linux-foundation.org: coding-style fixes]
[akpm@linux-foundation.org: make init_user_reserve() static]
Signed-off-by: Andrew Shewmaker <agshew@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-04-30 06:08:10 +08:00
|
|
|
Note that user_reserve_kbytes affects this policy.
|
2009-01-08 20:04:47 +08:00
|
|
|
|
2009-01-16 05:50:42 +08:00
|
|
|
This feature can be very useful because there are a lot of
|
|
|
|
programs that malloc() huge amounts of memory "just-in-case"
|
|
|
|
and don't use much of it.
|
|
|
|
|
|
|
|
The default value is 0.
|
|
|
|
|
|
|
|
See Documentation/vm/overcommit-accounting and
|
|
|
|
security/commoncap.c::cap_vm_enough_memory() for more information.
|
|
|
|
|
|
|
|
==============================================================
|
|
|
|
|
|
|
|
overcommit_ratio:
|
|
|
|
|
|
|
|
When overcommit_memory is set to 2, the committed address
|
|
|
|
space is not permitted to exceed swap plus this percentage
|
|
|
|
of physical RAM. See above.
|
|
|
|
|
|
|
|
==============================================================
|
|
|
|
|
|
|
|
page-cluster
|
|
|
|
|
2012-08-01 07:41:46 +08:00
|
|
|
page-cluster controls the number of pages up to which consecutive pages
|
|
|
|
are read in from swap in a single attempt. This is the swap counterpart
|
|
|
|
to page cache readahead.
|
|
|
|
The mentioned consecutivity is not in terms of virtual/physical addresses,
|
|
|
|
but consecutive on swap space - that means they were swapped out together.
|
2009-01-16 05:50:42 +08:00
|
|
|
|
|
|
|
It is a logarithmic value - setting it to zero means "1 page", setting
|
|
|
|
it to 1 means "2 pages", setting it to 2 means "4 pages", etc.
|
2012-08-01 07:41:46 +08:00
|
|
|
Zero disables swap readahead completely.
|
2009-01-16 05:50:42 +08:00
|
|
|
|
|
|
|
The default value is three (eight pages at a time). There may be some
|
|
|
|
small benefits in tuning this to a different value if your workload is
|
|
|
|
swap-intensive.
|
|
|
|
|
2012-08-01 07:41:46 +08:00
|
|
|
Lower values mean lower latencies for initial faults, but at the same time
|
|
|
|
extra faults and I/O delays for following faults if they would have been part of
|
|
|
|
that consecutive pages readahead would have brought in.
|
|
|
|
|
2009-01-16 05:50:42 +08:00
|
|
|
=============================================================
|
|
|
|
|
|
|
|
panic_on_oom
|
|
|
|
|
|
|
|
This enables or disables panic on out-of-memory feature.
|
|
|
|
|
|
|
|
If this is set to 0, the kernel will kill some rogue process,
|
|
|
|
called oom_killer. Usually, oom_killer can kill rogue processes and
|
|
|
|
system will survive.
|
|
|
|
|
|
|
|
If this is set to 1, the kernel panics when out-of-memory happens.
|
|
|
|
However, if a process limits using nodes by mempolicy/cpusets,
|
|
|
|
and those nodes become memory exhaustion status, one process
|
|
|
|
may be killed by oom-killer. No panic occurs in this case.
|
|
|
|
Because other nodes' memory may be free. This means system total status
|
|
|
|
may be not fatal yet.
|
|
|
|
|
|
|
|
If this is set to 2, the kernel panics compulsorily even on the
|
memcg: handle panic_on_oom=always case
Presently, if panic_on_oom=2, the whole system panics even if the oom
happend in some special situation (as cpuset, mempolicy....). Then,
panic_on_oom=2 means painc_on_oom_always.
Now, memcg doesn't check panic_on_oom flag. This patch adds a check.
BTW, how it's useful ?
kdump+panic_on_oom=2 is the last tool to investigate what happens in
oom-ed system. When a task is killed, the sysytem recovers and there will
be few hint to know what happnes. In mission critical system, oom should
never happen. Then, panic_on_oom=2+kdump is useful to avoid next OOM by
knowing precise information via snapshot.
TODO:
- For memcg, it's for isolate system's memory usage, oom-notiifer and
freeze_at_oom (or rest_at_oom) should be implemented. Then, management
daemon can do similar jobs (as kdump) or taking snapshot per cgroup.
Signed-off-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
Cc: Balbir Singh <balbir@linux.vnet.ibm.com>
Cc: David Rientjes <rientjes@google.com>
Cc: Nick Piggin <npiggin@suse.de>
Reviewed-by: Daisuke Nishimura <nishimura@mxp.nes.nec.co.jp>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2010-03-11 07:22:32 +08:00
|
|
|
above-mentioned. Even oom happens under memory cgroup, the whole
|
|
|
|
system panics.
|
2009-01-16 05:50:42 +08:00
|
|
|
|
|
|
|
The default value is 0.
|
|
|
|
1 and 2 are for failover of clustering. Please select either
|
|
|
|
according to your policy of failover.
|
memcg: handle panic_on_oom=always case
Presently, if panic_on_oom=2, the whole system panics even if the oom
happend in some special situation (as cpuset, mempolicy....). Then,
panic_on_oom=2 means painc_on_oom_always.
Now, memcg doesn't check panic_on_oom flag. This patch adds a check.
BTW, how it's useful ?
kdump+panic_on_oom=2 is the last tool to investigate what happens in
oom-ed system. When a task is killed, the sysytem recovers and there will
be few hint to know what happnes. In mission critical system, oom should
never happen. Then, panic_on_oom=2+kdump is useful to avoid next OOM by
knowing precise information via snapshot.
TODO:
- For memcg, it's for isolate system's memory usage, oom-notiifer and
freeze_at_oom (or rest_at_oom) should be implemented. Then, management
daemon can do similar jobs (as kdump) or taking snapshot per cgroup.
Signed-off-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
Cc: Balbir Singh <balbir@linux.vnet.ibm.com>
Cc: David Rientjes <rientjes@google.com>
Cc: Nick Piggin <npiggin@suse.de>
Reviewed-by: Daisuke Nishimura <nishimura@mxp.nes.nec.co.jp>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2010-03-11 07:22:32 +08:00
|
|
|
panic_on_oom=2+kdump gives you very strong tool to investigate
|
|
|
|
why oom happens. You can get snapshot.
|
2009-01-16 05:50:42 +08:00
|
|
|
|
|
|
|
=============================================================
|
|
|
|
|
|
|
|
percpu_pagelist_fraction
|
|
|
|
|
|
|
|
This is the fraction of pages at most (high mark pcp->high) in each zone that
|
|
|
|
are allocated for each per cpu page list. The min value for this is 8. It
|
|
|
|
means that we don't allow more than 1/8th of pages in each zone to be
|
|
|
|
allocated in any single per_cpu_pagelist. This entry only changes the value
|
|
|
|
of hot per cpu pagelists. User can specify a number like 100 to allocate
|
|
|
|
1/100th of each zone to each per cpu page list.
|
|
|
|
|
|
|
|
The batch value of each per cpu pagelist is also updated as a result. It is
|
|
|
|
set to pcp->high/4. The upper limit of batch is (PAGE_SHIFT * 8)
|
|
|
|
|
|
|
|
The initial value is zero. Kernel does not use this value at boot time to set
|
|
|
|
the high water marks for each per cpu page list.
|
|
|
|
|
|
|
|
==============================================================
|
|
|
|
|
|
|
|
stat_interval
|
|
|
|
|
|
|
|
The time interval between which vm statistics are updated. The default
|
|
|
|
is 1 second.
|
|
|
|
|
|
|
|
==============================================================
|
|
|
|
|
|
|
|
swappiness
|
|
|
|
|
|
|
|
This control is used to define how aggressive the kernel will swap
|
|
|
|
memory pages. Higher values will increase agressiveness, lower values
|
2009-04-27 21:06:31 +08:00
|
|
|
decrease the amount of swap.
|
2009-01-16 05:50:42 +08:00
|
|
|
|
|
|
|
The default value is 60.
|
|
|
|
|
|
|
|
==============================================================
|
|
|
|
|
mm: limit growth of 3% hardcoded other user reserve
Add user_reserve_kbytes knob.
Limit the growth of the memory reserved for other user processes to
min(3% current process size, user_reserve_pages). Only about 8MB is
necessary to enable recovery in the default mode, and only a few hundred
MB are required even when overcommit is disabled.
user_reserve_pages defaults to min(3% free pages, 128MB)
I arrived at 128MB by taking the max VSZ of sshd, login, bash, and top ...
then adding the RSS of each.
This only affects OVERCOMMIT_NEVER mode.
Background
1. user reserve
__vm_enough_memory reserves a hardcoded 3% of the current process size for
other applications when overcommit is disabled. This was done so that a
user could recover if they launched a memory hogging process. Without the
reserve, a user would easily run into a message such as:
bash: fork: Cannot allocate memory
2. admin reserve
Additionally, a hardcoded 3% of free memory is reserved for root in both
overcommit 'guess' and 'never' modes. This was intended to prevent a
scenario where root-cant-log-in and perform recovery operations.
Note that this reserve shrinks, and doesn't guarantee a useful reserve.
Motivation
The two hardcoded memory reserves should be updated to account for current
memory sizes.
Also, the admin reserve would be more useful if it didn't shrink too much.
When the current code was originally written, 1GB was considered
"enterprise". Now the 3% reserve can grow to multiple GB on large memory
systems, and it only needs to be a few hundred MB at most to enable a user
or admin to recover a system with an unwanted memory hogging process.
I've found that reducing these reserves is especially beneficial for a
specific type of application load:
* single application system
* one or few processes (e.g. one per core)
* allocating all available memory
* not initializing every page immediately
* long running
I've run scientific clusters with this sort of load. A long running job
sometimes failed many hours (weeks of CPU time) into a calculation. They
weren't initializing all of their memory immediately, and they weren't
using calloc, so I put systems into overcommit 'never' mode. These
clusters run diskless and have no swap.
However, with the current reserves, a user wishing to allocate as much
memory as possible to one process may be prevented from using, for
example, almost 2GB out of 32GB.
The effect is less, but still significant when a user starts a job with
one process per core. I have repeatedly seen a set of processes
requesting the same amount of memory fail because one of them could not
allocate the amount of memory a user would expect to be able to allocate.
For example, Message Passing Interfce (MPI) processes, one per core. And
it is similar for other parallel programming frameworks.
Changing this reserve code will make the overcommit never mode more useful
by allowing applications to allocate nearly all of the available memory.
Also, the new admin_reserve_kbytes will be safer than the current behavior
since the hardcoded 3% of available memory reserve can shrink to something
useless in the case where applications have grabbed all available memory.
Risks
* "bash: fork: Cannot allocate memory"
The downside of the first patch-- which creates a tunable user reserve
that is only used in overcommit 'never' mode--is that an admin can set
it so low that a user may not be able to kill their process, even if
they already have a shell prompt.
Of course, a user can get in the same predicament with the current 3%
reserve--they just have to launch processes until 3% becomes negligible.
* root-cant-log-in problem
The second patch, adding the tunable rootuser_reserve_pages, allows
the admin to shoot themselves in the foot by setting it too small. They
can easily get the system into a state where root-can't-log-in.
However, the new admin_reserve_kbytes will be safer than the current
behavior since the hardcoded 3% of available memory reserve can shrink
to something useless in the case where applications have grabbed all
available memory.
Alternatives
* Memory cgroups provide a more flexible way to limit application memory.
Not everyone wants to set up cgroups or deal with their overhead.
* We could create a fourth overcommit mode which provides smaller reserves.
The size of useful reserves may be drastically different depending
on the whether the system is embedded or enterprise.
* Force users to initialize all of their memory or use calloc.
Some users don't want/expect the system to overcommit when they malloc.
Overcommit 'never' mode is for this scenario, and it should work well.
The new user and admin reserve tunables are simple to use, with low
overhead compared to cgroups. The patches preserve current behavior where
3% of memory is less than 128MB, except that the admin reserve doesn't
shrink to an unusable size under pressure. The code allows admins to tune
for embedded and enterprise usage.
FAQ
* How is the root-cant-login problem addressed?
What happens if admin_reserve_pages is set to 0?
Root is free to shoot themselves in the foot by setting
admin_reserve_kbytes too low.
On x86_64, the minimum useful reserve is:
8MB for overcommit 'guess'
128MB for overcommit 'never'
admin_reserve_pages defaults to min(3% free memory, 8MB)
So, anyone switching to 'never' mode needs to adjust
admin_reserve_pages.
* How do you calculate a minimum useful reserve?
A user or the admin needs enough memory to login and perform
recovery operations, which includes, at a minimum:
sshd or login + bash (or some other shell) + top (or ps, kill, etc.)
For overcommit 'guess', we can sum resident set sizes (RSS)
because we only need enough memory to handle what the recovery
programs will typically use. On x86_64 this is about 8MB.
For overcommit 'never', we can take the max of their virtual sizes (VSZ)
and add the sum of their RSS. We use VSZ instead of RSS because mode
forces us to ensure we can fulfill all of the requested memory allocations--
even if the programs only use a fraction of what they ask for.
On x86_64 this is about 128MB.
When swap is enabled, reserves are useful even when they are as
small as 10MB, regardless of overcommit mode.
When both swap and overcommit are disabled, then the admin should
tune the reserves higher to be absolutley safe. Over 230MB each
was safest in my testing.
* What happens if user_reserve_pages is set to 0?
Note, this only affects overcomitt 'never' mode.
Then a user will be able to allocate all available memory minus
admin_reserve_kbytes.
However, they will easily see a message such as:
"bash: fork: Cannot allocate memory"
And they won't be able to recover/kill their application.
The admin should be able to recover the system if
admin_reserve_kbytes is set appropriately.
* What's the difference between overcommit 'guess' and 'never'?
"Guess" allows an allocation if there are enough free + reclaimable
pages. It has a hardcoded 3% of free pages reserved for root.
"Never" allows an allocation if there is enough swap + a configurable
percentage (default is 50) of physical RAM. It has a hardcoded 3% of
free pages reserved for root, like "Guess" mode. It also has a
hardcoded 3% of the current process size reserved for additional
applications.
* Why is overcommit 'guess' not suitable even when an app eventually
writes to every page? It takes free pages, file pages, available
swap pages, reclaimable slab pages into consideration. In other words,
these are all pages available, then why isn't overcommit suitable?
Because it only looks at the present state of the system. It
does not take into account the memory that other applications have
malloced, but haven't initialized yet. It overcommits the system.
Test Summary
There was little change in behavior in the default overcommit 'guess'
mode with swap enabled before and after the patch. This was expected.
Systems run most predictably (i.e. no oom kills) in overcommit 'never'
mode with swap enabled. This also allowed the most memory to be allocated
to a user application.
Overcommit 'guess' mode without swap is a bad idea. It is easy to
crash the system. None of the other tested combinations crashed.
This matches my experience on the Roadrunner supercomputer.
Without the tunable user reserve, a system in overcommit 'never' mode
and without swap does not allow the admin to recover, although the
admin can.
With the new tunable reserves, a system in overcommit 'never' mode
and without swap can be configured to:
1. maximize user-allocatable memory, running close to the edge of
recoverability
2. maximize recoverability, sacrificing allocatable memory to
ensure that a user cannot take down a system
Test Description
Fedora 18 VM - 4 x86_64 cores, 5725MB RAM, 4GB Swap
System is booted into multiuser console mode, with unnecessary services
turned off. Caches were dropped before each test.
Hogs are user memtester processes that attempt to allocate all free memory
as reported by /proc/meminfo
In overcommit 'never' mode, memory_ratio=100
Test Results
3.9.0-rc1-mm1
Overcommit | Swap | Hogs | MB Got/Wanted | OOMs | User Recovery | Admin Recovery
---------- ---- ---- ------------- ---- ------------- --------------
guess yes 1 5432/5432 no yes yes
guess yes 4 5444/5444 1 yes yes
guess no 1 5302/5449 no yes yes
guess no 4 - crash no no
never yes 1 5460/5460 1 yes yes
never yes 4 5460/5460 1 yes yes
never no 1 5218/5432 no no yes
never no 4 5203/5448 no no yes
3.9.0-rc1-mm1-tunablereserves
User and Admin Recovery show their respective reserves, if applicable.
Overcommit | Swap | Hogs | MB Got/Wanted | OOMs | User Recovery | Admin Recovery
---------- ---- ---- ------------- ---- ------------- --------------
guess yes 1 5419/5419 no - yes 8MB yes
guess yes 4 5436/5436 1 - yes 8MB yes
guess no 1 5440/5440 * - yes 8MB yes
guess no 4 - crash - no 8MB no
* process would successfully mlock, then the oom killer would pick it
never yes 1 5446/5446 no 10MB yes 20MB yes
never yes 4 5456/5456 no 10MB yes 20MB yes
never no 1 5387/5429 no 128MB no 8MB barely
never no 1 5323/5428 no 226MB barely 8MB barely
never no 1 5323/5428 no 226MB barely 8MB barely
never no 1 5359/5448 no 10MB no 10MB barely
never no 1 5323/5428 no 0MB no 10MB barely
never no 1 5332/5428 no 0MB no 50MB yes
never no 1 5293/5429 no 0MB no 90MB yes
never no 1 5001/5427 no 230MB yes 338MB yes
never no 4* 4998/5424 no 230MB yes 338MB yes
* more memtesters were launched, able to allocate approximately another 100MB
Future Work
- Test larger memory systems.
- Test an embedded image.
- Test other architectures.
- Time malloc microbenchmarks.
- Would it be useful to be able to set overcommit policy for
each memory cgroup?
- Some lines are slightly above 80 chars.
Perhaps define a macro to convert between pages and kb?
Other places in the kernel do this.
[akpm@linux-foundation.org: coding-style fixes]
[akpm@linux-foundation.org: make init_user_reserve() static]
Signed-off-by: Andrew Shewmaker <agshew@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-04-30 06:08:10 +08:00
|
|
|
- user_reserve_kbytes
|
|
|
|
|
|
|
|
When overcommit_memory is set to 2, "never overommit" mode, reserve
|
|
|
|
min(3% of current process size, user_reserve_kbytes) of free memory.
|
|
|
|
This is intended to prevent a user from starting a single memory hogging
|
|
|
|
process, such that they cannot recover (kill the hog).
|
|
|
|
|
|
|
|
user_reserve_kbytes defaults to min(3% of the current process size, 128MB).
|
|
|
|
|
|
|
|
If this is reduced to zero, then the user will be allowed to allocate
|
|
|
|
all free memory with a single process, minus admin_reserve_kbytes.
|
|
|
|
Any subsequent attempts to execute a command will result in
|
|
|
|
"fork: Cannot allocate memory".
|
|
|
|
|
|
|
|
Changing this takes effect whenever an application requests memory.
|
|
|
|
|
|
|
|
==============================================================
|
|
|
|
|
2009-01-16 05:50:42 +08:00
|
|
|
vfs_cache_pressure
|
|
|
|
------------------
|
|
|
|
|
|
|
|
Controls the tendency of the kernel to reclaim the memory which is used for
|
|
|
|
caching of directory and inode objects.
|
|
|
|
|
|
|
|
At the default value of vfs_cache_pressure=100 the kernel will attempt to
|
|
|
|
reclaim dentries and inodes at a "fair" rate with respect to pagecache and
|
|
|
|
swapcache reclaim. Decreasing vfs_cache_pressure causes the kernel to prefer
|
2009-09-22 08:01:40 +08:00
|
|
|
to retain dentry and inode caches. When vfs_cache_pressure=0, the kernel will
|
|
|
|
never reclaim dentries and inodes due to memory pressure and this can easily
|
|
|
|
lead to out-of-memory conditions. Increasing vfs_cache_pressure beyond 100
|
2009-01-16 05:50:42 +08:00
|
|
|
causes the kernel to prefer to reclaim dentries and inodes.
|
|
|
|
|
|
|
|
==============================================================
|
|
|
|
|
|
|
|
zone_reclaim_mode:
|
|
|
|
|
|
|
|
Zone_reclaim_mode allows someone to set more or less aggressive approaches to
|
|
|
|
reclaim memory when a zone runs out of memory. If it is set to zero then no
|
|
|
|
zone reclaim occurs. Allocations will be satisfied from other zones / nodes
|
|
|
|
in the system.
|
|
|
|
|
|
|
|
This is value ORed together of
|
|
|
|
|
|
|
|
1 = Zone reclaim on
|
|
|
|
2 = Zone reclaim writes dirty pages out
|
|
|
|
4 = Zone reclaim swaps pages
|
|
|
|
|
|
|
|
zone_reclaim_mode is set during bootup to 1 if it is determined that pages
|
|
|
|
from remote zones will cause a measurable performance reduction. The
|
|
|
|
page allocator will then reclaim easily reusable pages (those page
|
|
|
|
cache pages that are currently not used) before allocating off node pages.
|
|
|
|
|
|
|
|
It may be beneficial to switch off zone reclaim if the system is
|
|
|
|
used for a file server and all of memory should be used for caching files
|
|
|
|
from disk. In that case the caching effect is more important than
|
|
|
|
data locality.
|
|
|
|
|
|
|
|
Allowing zone reclaim to write out pages stops processes that are
|
|
|
|
writing large amounts of data from dirtying pages on other nodes. Zone
|
|
|
|
reclaim will write out dirty pages if a zone fills up and so effectively
|
|
|
|
throttle the process. This may decrease the performance of a single process
|
|
|
|
since it cannot use all of system memory to buffer the outgoing writes
|
|
|
|
anymore but it preserve the memory on other nodes so that the performance
|
|
|
|
of other processes running on other nodes will not be affected.
|
|
|
|
|
|
|
|
Allowing regular swap effectively restricts allocations to the local
|
|
|
|
node unless explicitly overridden by memory policies or cpuset
|
|
|
|
configurations.
|
|
|
|
|
|
|
|
============ End of Document =================================
|