Facebook releases its own OOM implementation

The Unpopular OOM killer

The kernel's OOM killer definitely is only a helper. However, it fulfills an important role if your primary goal is to prevent the system from crashing: In case of an emergency, it kills programs that would otherwise – with a high probability – cause the system to crash due to RAM over-allocation. Put simply, the task of the OOM killer is to give the admin some time to deal with the actual problem in detail, without the entire environment blowing up in the admin's face.

As a helper construct, the kernel's internal OOM killer often does more evil than good – if you believe Facebook. I'll explain why the social media giant has been critical of the kernel OOM solution, but first I need to explain a little more about how the current OOM killer works in Linux.

Holistics Instead of Heuristics

The way the OOM killer identifies its potential victims on the running system has changed dramatically in recent years. The first OOM implementation in Linux, which was in use for many years, was essentially based on heuristics: Using many parameters, the kernel tried to find out which programs are unimportant for providing the elementary functions and can be sent to the happy hunting grounds without causing too much fuss.

The function that is responsible for this in the kernel memory management is appropriately known as badness() – it calculates which process on the running system has the highest level of badness, and thus generates a list in descending order.

However, the heuristics used were not particularly comprehensible, and so it was Google – in the person of David Rientjes – who established a completely new implementation of the OOM killer in Linux in 2010. The function that is responsible for identifying the problematic processes is still known as badness, but beyond that, not much has remained the same.

The badness function now follows a rather simple approach: It is interested almost exclusively in the memory consumption of individual processes, throwing all of the system's processes onto the scales, and then posing the question as to how it can free up as much memory as possible by switching off as few processes as possible.

For each process, the kernel calculates the OOM score, which, by the way, can also be read using cat from the /proc filesystem (/proc/PID/oom_score). If an OOM situation arises, the OOM killer starts to terminate the processes with the highest OOM scores one after another.

How exactly the OOM score is calculated is much easier to answer since the patches by David Rientjes were introduced: For each process, the kernel evaluates how much memory it actually uses. Memory is defined as the sum of the working memory and the swap memory, although swap memory is becoming increasingly rare on today's systems. The rule of thumb is: The more memory a process uses at the time of the OOM rating, the higher it is listed on the kill list.

Exceptions Confirm the Rule

David Rientjes has implemented a few exceptions to avoid annoying effects. Basically, the kernel always subtracts 30 points from the OOM score for root processes because the system administrator's processes are potentially more important than those in user space. In addition, the admin can also influence the score: For this purpose, there is an oom_score_adj file in the /proc filesystem that you can use to adjust the value for each process. Values from -1000 to +1000 are possible.

If the admin gives a process -1000, the OOM killer will not kill this process. However, setting the value to +1000 is like painting a large X on the process's belly; it increases the probability that this process will be the first to die an OOM death.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Polyakov's OOM Killer Tamer

    Evgeniy Polyakov has released a patch to the kernel's out-of-memory (OOM) killer function, which was designed to prevent a system freeze in an OOM condition by sacrificing one or more processes. The patch "tames" the function by defining the specific process to kill.

  • Kernel News

    Improving the Android low memory killer; randomizing the Kernel stack; and best practices.

  • Kernel News

    Zack Brown reports on container-aware cgroups, a different type of RAM chip on a single system, new SARA security framework, and improving GPIO interrupt handling.

  • Kernel News

    Chronicler Zack Brown reports on the NOVA filesystem, making system calls userspace only, and extending module support to plain executables. 

  • Security Lessons

    When a test kernel starts wrecking network cards, the community gets busy.

comments powered by Disqus

Direct Download

Read full article as PDF:

Price $2.95

News