Rik,
Here's a summary of my idea. I'd really be interested in any additional
comments you may have - even if it's just that you think it's too much
work for too little result. (Personally however, I think it's just these
type of up-against-the-wall extreems where linux really shines and gives
you a solution while other OSs trip up.)
-Matt
Problem: When linux runs out of swap, kswapd uses all CPU, essentially
hanging the system.
Solution: Detect when swap is about to be exhausted and recover the
machine by reducing CPU and disk usage to noncritical levels and then
running a recover procedure in userspace.
Solution Detail:
1) Add a flag to the kernel to indicate that we are in recovery mode.
2) Modify the swap subsystem to set the flag when we reach a configurable
threshhold. (ex. 90% utilization) Reset the flag when we drop back below
this threshhold. 2.1) When the flag is set, signal init to run the
nomemory action for the current runlevel.
3) Modify the vm subsystem to check this flag. If it is set, any non-root
process that attempts to use more swap by faulting on a nonexistent but
legal page (COW) is put to sleep.
4) Modify the scheduler to not wakeup these specially sleeping processes
until the flag is reset.
5) Modify init to allow for a nomemory action.
6) Add a way to set the utilization threshold at which the flag is set.
Precident:
1) ext2fs reserves space for root, so why not reserve swap for root.
2) init has actions for critical states like powerfail and ctrlaltdel
(critical because root wants us to die), so why not a nomemory action.
Benefits:
1) The kernel can avoid the consequences of optomistic memory allocation
by defering the hard decisions to userspace.
2) The kernel will never swap to death. At worst it will hang in a state
where root can login and do stuff without loosing any inprocess work. At
best the nomemory action of init will cleanup whatever has gone wrong and
the machine can continue unattended.
3) All policy is left to userspace. Processes aren't killed unless
userspace decides to kill them. Everything is fully configurable.
4) Processes that are not allocating memory are not penalized by the
kernel. (although an indescriminate nomemory action script may do so -
but that's another problem)
5) Nice defaults can be put in inittab for people who don't want to think
about it.
Notes:
1) Runaway root processes can still hang the system - but so what?
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.altern.org/andrebalsa/doc/lkml-faq.html