On Mon, 01 Jun 2015, Michal Hocko wrote: > panic_on_oom allows administrator to set OOM policy to panic the system > when it is out of memory to reduce failover time e.g. when resolving > the OOM condition would take much more time than rebooting the system. > > out_of_memory tries to be clever and prevent from premature panics > by checking the current task and prevent from panic when the task > has fatal signal pending and so it should die shortly and release some > memory. This is fair enough but Tetsuo Handa has noted that this might > lead to a silent deadlock when current cannot exit because of > dependencies invisible to the OOM killer. > > panic_on_oom is disabled by default and if somebody enables it then any > risk of potential deadlock is certainly unwelcome. The risk is really > low because there are usually more sources of allocation requests and > one of them would eventually trigger the panic but it is better to > reduce the risk as much as possible. > > Let's move check_panic_on_oom up before the current task is > checked so that the knob value is . Do the same for the memcg in > mem_cgroup_out_of_memory. > > Reported-by: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx> > Signed-off-by: Michal Hocko <mhocko@xxxxxxx> I was initially going to complain about this causing the machine to panic when a cgroup is oom, but the machine is not. However after reading check_panic_on_oom(), that behavior is controllable. Reviewed-by: Eric B Munson <emunson@xxxxxxxxxx>
Attachment:
signature.asc
Description: Digital signature