Re: Out of memory management in embedded systems
On Mon 1 Oct 2007 12:27, [EMAIL PROTECTED] pondered: > overcommit by default is optimistic that if the program requesting the > memory actually tries to use it there will be enough (both the fork-exec > situation and the copy-on-write memory of real forks mean that the > system ends up useing much less memory then is theoretically allocated). > > switching it to be pessimistic (overcommit 2 IIRC) means that the OOM > handler will never kick in, but it means that programs will be told that > there isn't any memory when there really is enough for the program to > work. I have set it to 2, and still get the OOM if I malloc too much... I never get a null back from malloc, no matter what I try. -Robin - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Out of memory management in embedded systems
On Mon, 1 Oct 2007, Bernd Eckenfels wrote: In article <[EMAIL PROTECTED]> you wrote: Make kernel configuration option? (e.g. disable "over commit" mis-feature :-) # egrep . /proc/sys/vm/overcommit_* /proc/sys/vm/overcommit_memory:0 /proc/sys/vm/overcommit_ratio:50 keep in mind that disabling overcommit will mean that you need to put more ram in your embeded system to have it run there can be very significant saving in ram from the fact that a large program can do fork-exec of a small program without having to have enough ram in the system for two copies of the large program. you get even more savings in most systems from the fact that Linux does copy-on-write when programs fork instead of allocating (and copying) all the memory the program accesses. this allows programs that run multiple copies to use the same memory for most of the requirements. overcommit by default is optimistic that if the program requesting the memory actually tries to use it there will be enough (both the fork-exec situation and the copy-on-write memory of real forks mean that the system ends up useing much less memory then is theoretically allocated). switching it to be pessimistic (overcommit 2 IIRC) means that the OOM handler will never kick in, but it means that programs will be told that there isn't any memory when there really is enough for the program to work. if you think the pessimistic mode makes your embeded device deterministic enough to avoid OOM go for it, but keep in mind that adding the same amount of additional memory would also make the system safe with overcommit (if everything works properly). it's only when you would rather have the system fail an allocation immedialy rather then running any risk of running into trouble later that you want to disable overcommit. DavidLang - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Out of memory management in embedded systems
In article <[EMAIL PROTECTED]> you wrote: > Make kernel configuration option? (e.g. disable "over commit" > mis-feature :-) # egrep . /proc/sys/vm/overcommit_* /proc/sys/vm/overcommit_memory:0 /proc/sys/vm/overcommit_ratio:50 Gruss Bernd - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Out of memory management in embedded systems
How about just simple solution? Make it possible that "malloc" works as it was originally intended: return NULL, if memory not available, non-NULL only if allocation truly succeeded and is guaranteed.. Make kernel configuration option? (e.g. disable "over commit" mis-feature :-) -- Markku Savela - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Out of memory management in embedded systems
How about just simple solution? Make it possible that malloc works as it was originally intended: return NULL, if memory not available, non-NULL only if allocation truly succeeded and is guaranteed.. Make kernel configuration option? (e.g. disable over commit mis-feature :-) -- Markku Savela - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Out of memory management in embedded systems
In article [EMAIL PROTECTED] you wrote: Make kernel configuration option? (e.g. disable over commit mis-feature :-) # egrep . /proc/sys/vm/overcommit_* /proc/sys/vm/overcommit_memory:0 /proc/sys/vm/overcommit_ratio:50 Gruss Bernd - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Out of memory management in embedded systems
On Mon, 1 Oct 2007, Bernd Eckenfels wrote: In article [EMAIL PROTECTED] you wrote: Make kernel configuration option? (e.g. disable over commit mis-feature :-) # egrep . /proc/sys/vm/overcommit_* /proc/sys/vm/overcommit_memory:0 /proc/sys/vm/overcommit_ratio:50 keep in mind that disabling overcommit will mean that you need to put more ram in your embeded system to have it run there can be very significant saving in ram from the fact that a large program can do fork-exec of a small program without having to have enough ram in the system for two copies of the large program. you get even more savings in most systems from the fact that Linux does copy-on-write when programs fork instead of allocating (and copying) all the memory the program accesses. this allows programs that run multiple copies to use the same memory for most of the requirements. overcommit by default is optimistic that if the program requesting the memory actually tries to use it there will be enough (both the fork-exec situation and the copy-on-write memory of real forks mean that the system ends up useing much less memory then is theoretically allocated). switching it to be pessimistic (overcommit 2 IIRC) means that the OOM handler will never kick in, but it means that programs will be told that there isn't any memory when there really is enough for the program to work. if you think the pessimistic mode makes your embeded device deterministic enough to avoid OOM go for it, but keep in mind that adding the same amount of additional memory would also make the system safe with overcommit (if everything works properly). it's only when you would rather have the system fail an allocation immedialy rather then running any risk of running into trouble later that you want to disable overcommit. DavidLang - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Out of memory management in embedded systems
On Mon 1 Oct 2007 12:27, [EMAIL PROTECTED] pondered: overcommit by default is optimistic that if the program requesting the memory actually tries to use it there will be enough (both the fork-exec situation and the copy-on-write memory of real forks mean that the system ends up useing much less memory then is theoretically allocated). switching it to be pessimistic (overcommit 2 IIRC) means that the OOM handler will never kick in, but it means that programs will be told that there isn't any memory when there really is enough for the program to work. I have set it to 2, and still get the OOM if I malloc too much... I never get a null back from malloc, no matter what I try. -Robin - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Out of memory management in embedded systems
On 9/29/07, Daniel Spång <[EMAIL PROTECTED]> wrote: > > An embedded system is NOT an ordinary system that happens to > > boot from flash. An embedded system requires intelligent design. > > We might be talking about slightly different systems. I agree that > systems that are really embedded, in the classic meaning often with > real time constraints, should be designed as you suggests. But there > are a lot of other systems that almost actually are ordinary systems > but with limited memory and often without demand paging. [snip] > For those systems I think we need a method to dynamically decrease the > working set of a process when memory is scarce, and not just accept > that we "are screwed" and let the OOM killer solve the problem. In certain cases, I guess it could be a problem in the embedded environment. Especially while running general purpose applications with carefully designed real-time tasks. An OOM in such a case is unacceptable. The whole problem looks like an extension of page frame reclamation in user space. If the user application's cache was owned by the kernel (something like vmsplice with SPLICE_F_GIFT?), and the application managed it accordingly, then they could probably be brought under the purview of kernel's memory reclamation. This would mean that applications wouldn't need to be triggered on low memory, and leave memory freeing to the kernel (simpler and uniform). Perhaps it is even possible to do this in the kernel currently somehow...? -- Abhishek Sagar - > To unsubscribe from this list: send the line "unsubscribe linux-kernel" in > the body of a message to [EMAIL PROTECTED] > More majordomo info at http://vger.kernel.org/majordomo-info.html > Please read the FAQ at http://www.tux.org/lkml/ - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Out of memory management in embedded systems
linux-os (Dick Johnson) <[EMAIL PROTECTED]> wrote: > On Fri, 28 Sep 2007, [iso-8859-1] Daniel Spång wrote: >> On 9/28/07, linux-os (Dick Johnson) <[EMAIL PROTECTED]> wrote: >>> On Fri, 28 Sep 2007, [iso-8859-1] Daniel Spång wrote: On 9/28/07, linux-os (Dick Johnson) <[EMAIL PROTECTED]> wrote: > But an embedded system contains all the software that will > ever be executed on that system! If it is properly designed, > it can never run out of memory because everything it will > ever do is known at design time. Not if its input is not known beforehand. Take a browser in a mobile phone as an example, it does not know at design time how big the web pages are. On the other hand we want to use as much memory as possible, for cache etc., a method that involves the kernel would simplify this and avoids setting manual limits. >>> Any networked appliance can (will) throw data away if there are >>> no resources available. >>> >>> The length of a web-page is not relevent, nor is the length >>> of any external data. Your example will buffer whatever it >>> can and not read anything more from the external source until >>> it has resources available unless it is broken. And reload the web page whenever the suser scrolls up. >> And how do you determine when no resources are availabe? We are using >> overcommit here so malloc() will always return non null. > A networked appliance using embedded software is not your daddy's > Chevrolet. Any task that is permanent needs to allocate all its > resources when it starts. That's how it knows how much there are, > and incidentally, it doesn't do it blindly. The system designer > must know how much memory is available in the system and how much > is allocated to the kernel. So if I design a mobile phone and want the user to be able to listen to music and to browse the web and use the camera, I must - allocate the web cache on start - allocate the mp3 cache on start - allocate the video/photo buffer on start - leave enough RAM for other applications - waste much of the memory most of the time - reduce the capabilities of the camera in order to reduce used memory (e.g. reduce the video resolution to match the slow flash speed instead of allowing short high-res clips or reduce the number of pictures for automatic sequences) - costly reload parts of web pages that could have been stored in the currently unused RAM - increase the realtime constraints of the mp3 player in order to conserve memory, making the music stutter while performing other operations. instead of just telling the system "Hey' I'm the web browswer, I need 2 MB of RAM to work correctly, 4 MB to show a nice performance and if you ask me nicely, I'll release memory", because nobody could possibly want this feature? IMO, even desktop systems would perform better having this feature. Imagine no more GIMP images pushing out X's mouse driver ... > The fact that you can give a fictitious value to malloc() is not > relevant. If you don't provide resources for malloc(), like > (ultimately) a swap file, then you can't assume that it can do > any design work for you. > > An embedded system is NOT an ordinary system that happens to > boot from flash. An embedded system requires intelligent design. Yeah, you should know all apllications your users will put on their phones! Maybe you can do this for industry embedded single-task systems, but multi-purpose systems will benefit from > It is important to understand how a virtual memory system > operates. The basics are that the kernel only "knows" that > a new page needs to be allocated when it encounters a trap > called a "page fault." If you don't have any memory resources > to free up (read no swap file to write a seldom-used task's > working set), then you are screwed --pure and simple. So, > if you don't provide any resources to actually use virtual > memory, then you need to make certain that virtual memory > and physical memory are, for all practical purposes, the same. The system should notify the applications before reaching that point, e.g. when the cache is reduced below a theresold. > With embedded servers, it's usually very easy to limit the > number of connections allowed, therefore the amount of > dynamic resources that must be provided. And it's easy to limit the size and number of images on web pages that need to be cached. > With clients > it should be equally easy, but generic software won't > work because, ... it will ignore the signal. > for instance, Mozilla doesn't keep track > of the number of "windows" you have up and the number > of connections you have. about:config network.http.max-connections > HOWEVER, remember that malloc() > is a library call. You can substitute your own using > LD_PRELOAD, they keeps track of everything if you must > use generic software. Knowing one's memory usage - possibly not counting stack, code and data, is only half of the trick. You need to
Re: Out of memory management in embedded systems
linux-os (Dick Johnson) [EMAIL PROTECTED] wrote: On Fri, 28 Sep 2007, [iso-8859-1] Daniel Spång wrote: On 9/28/07, linux-os (Dick Johnson) [EMAIL PROTECTED] wrote: On Fri, 28 Sep 2007, [iso-8859-1] Daniel Spång wrote: On 9/28/07, linux-os (Dick Johnson) [EMAIL PROTECTED] wrote: But an embedded system contains all the software that will ever be executed on that system! If it is properly designed, it can never run out of memory because everything it will ever do is known at design time. Not if its input is not known beforehand. Take a browser in a mobile phone as an example, it does not know at design time how big the web pages are. On the other hand we want to use as much memory as possible, for cache etc., a method that involves the kernel would simplify this and avoids setting manual limits. Any networked appliance can (will) throw data away if there are no resources available. The length of a web-page is not relevent, nor is the length of any external data. Your example will buffer whatever it can and not read anything more from the external source until it has resources available unless it is broken. And reload the web page whenever the suser scrolls up. And how do you determine when no resources are availabe? We are using overcommit here so malloc() will always return non null. A networked appliance using embedded software is not your daddy's Chevrolet. Any task that is permanent needs to allocate all its resources when it starts. That's how it knows how much there are, and incidentally, it doesn't do it blindly. The system designer must know how much memory is available in the system and how much is allocated to the kernel. So if I design a mobile phone and want the user to be able to listen to music and to browse the web and use the camera, I must - allocate the web cache on start - allocate the mp3 cache on start - allocate the video/photo buffer on start - leave enough RAM for other applications - waste much of the memory most of the time - reduce the capabilities of the camera in order to reduce used memory (e.g. reduce the video resolution to match the slow flash speed instead of allowing short high-res clips or reduce the number of pictures for automatic sequences) - costly reload parts of web pages that could have been stored in the currently unused RAM - increase the realtime constraints of the mp3 player in order to conserve memory, making the music stutter while performing other operations. instead of just telling the system Hey' I'm the web browswer, I need 2 MB of RAM to work correctly, 4 MB to show a nice performance and if you ask me nicely, I'll release memory, because nobody could possibly want this feature? IMO, even desktop systems would perform better having this feature. Imagine no more GIMP images pushing out X's mouse driver ... The fact that you can give a fictitious value to malloc() is not relevant. If you don't provide resources for malloc(), like (ultimately) a swap file, then you can't assume that it can do any design work for you. An embedded system is NOT an ordinary system that happens to boot from flash. An embedded system requires intelligent design. Yeah, you should know all apllications your users will put on their phones! Maybe you can do this for industry embedded single-task systems, but multi-purpose systems will benefit from It is important to understand how a virtual memory system operates. The basics are that the kernel only knows that a new page needs to be allocated when it encounters a trap called a page fault. If you don't have any memory resources to free up (read no swap file to write a seldom-used task's working set), then you are screwed --pure and simple. So, if you don't provide any resources to actually use virtual memory, then you need to make certain that virtual memory and physical memory are, for all practical purposes, the same. The system should notify the applications before reaching that point, e.g. when the cache is reduced below a theresold. With embedded servers, it's usually very easy to limit the number of connections allowed, therefore the amount of dynamic resources that must be provided. And it's easy to limit the size and number of images on web pages that need to be cached. With clients it should be equally easy, but generic software won't work because, ... it will ignore the signal. for instance, Mozilla doesn't keep track of the number of windows you have up and the number of connections you have. about:config network.http.max-connections HOWEVER, remember that malloc() is a library call. You can substitute your own using LD_PRELOAD, they keeps track of everything if you must use generic software. Knowing one's memory usage - possibly not counting stack, code and data, is only half of the trick. You need to know the current memory pressure, too. Imagine mozilla asks if it may use the whole lotta 4 GB RAM for it's memory cache, and
Re: Out of memory management in embedded systems
On 9/29/07, Daniel Spång [EMAIL PROTECTED] wrote: An embedded system is NOT an ordinary system that happens to boot from flash. An embedded system requires intelligent design. We might be talking about slightly different systems. I agree that systems that are really embedded, in the classic meaning often with real time constraints, should be designed as you suggests. But there are a lot of other systems that almost actually are ordinary systems but with limited memory and often without demand paging. [snip] For those systems I think we need a method to dynamically decrease the working set of a process when memory is scarce, and not just accept that we are screwed and let the OOM killer solve the problem. In certain cases, I guess it could be a problem in the embedded environment. Especially while running general purpose applications with carefully designed real-time tasks. An OOM in such a case is unacceptable. The whole problem looks like an extension of page frame reclamation in user space. If the user application's cache was owned by the kernel (something like vmsplice with SPLICE_F_GIFT?), and the application managed it accordingly, then they could probably be brought under the purview of kernel's memory reclamation. This would mean that applications wouldn't need to be triggered on low memory, and leave memory freeing to the kernel (simpler and uniform). Perhaps it is even possible to do this in the kernel currently somehow...? -- Abhishek Sagar - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/ - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Out of memory management in embedded systems
On Friday 28 September 2007 05:55, Daniel Spång wrote: > Applications with dynamic input and dynamic memory usage have some > issues with the current overcommitting kernel. A high memory usage > situation eventually results in that a process is killed by the OOM > killer. This is especially evident in swapless embedded systems with > limited memory and no swap available. In order to earn the right to fix this problem by inventing new Linux, first you need to post a traceback and a cat of /proc/meminfo to prove the OOM is a true one, as opposed to a second order effect of a writeout lockup. Regards, Daniel - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Out of memory management in embedded systems
On Fri, 2007-09-28 at 11:15 -0400, Rik van Riel wrote: > On Fri, 28 Sep 2007 16:36:34 +0200 > Eric Dumazet <[EMAIL PROTECTED]> wrote: > > > On Fri, 28 Sep 2007 10:17:11 -0400 > > Rik van Riel <[EMAIL PROTECTED]> wrote: > > > > > On Fri, 28 Sep 2007 10:04:23 -0400 > > > "linux-os \(Dick Johnson\)" <[EMAIL PROTECTED]> wrote: > > > > On Fri, 28 Sep 2007, [iso-8859-1] Daniel Spång wrote: > > > > > > > > > On 9/28/07, linux-os (Dick Johnson) <[EMAIL PROTECTED]> wrote: > > > > >> > > > > >> On Fri, 28 Sep 2007, [iso-8859-1] Daniel Spång wrote: > > > > > > > >>> Some kind of notification to the application that the available > > > > >>> memory > > > > >>> is scarce and let the application free up some memory (e.g., by > > > > >>> flushing caches), could be used to improve the situation > > > > > > > Any networked appliance can (will) throw data away if there are > > > > no resources available. > > > > > > That is exactly what Daniel proposed in his first email. > > > > > > I think his idea makes sense. > > > > IBM AIX uses SIGDANGER, that kernel can raise in OOM conditions to warn > > processes that are willing to handle this signal (default action for the > > SIGDANGER signal is to ignore the signal) > > I suspect that SIGDANGER is not the right approach, because glibc > memory arenas cannot be manipulated from inside a signal handler. > > Also, "nearly OOM" is not the only such signal we would want to > send to userspace programs. It would also be useful to inform > userspace programs when we are about to start swapping something > out, so userspace can discard cached data instead of having to > wait for disk IO in the future. > > A unix signal cannot encapsulate two different messages, while > something like a "/dev/lowmem" device can simply be added into > the program's main poll() loop and give many different messages. SIGDANGER could stick useful information in siginfo_t's si_code field and be delivered via a signalfd. -- Nicholas Miell <[EMAIL PROTECTED]> - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Out of memory management in embedded systems
On 9/28/07, linux-os (Dick Johnson) <[EMAIL PROTECTED]> wrote: > > On Fri, 28 Sep 2007, [iso-8859-1] Daniel Spång wrote: > > > On 9/28/07, linux-os (Dick Johnson) <[EMAIL PROTECTED]> wrote: > >> > >> On Fri, 28 Sep 2007, [iso-8859-1] Daniel Spång wrote: > >> > >>> On 9/28/07, linux-os (Dick Johnson) <[EMAIL PROTECTED]> wrote: > > But an embedded system contains all the software that will > ever be executed on that system! If it is properly designed, > it can never run out of memory because everything it will > ever do is known at design time. > >>> > >>> Not if its input is not known beforehand. Take a browser in a mobile > >>> phone as an example, it does not know at design time how big the web > >>> pages are. On the other hand we want to use as much memory as > >>> possible, for cache etc., a method that involves the kernel would > >>> simplify this and avoids setting manual limits. > >>> > >>> Daniel > >>> > >> > >> Any networked appliance can (will) throw data away if there are > >> no resources available. > >> > >> The length of a web-page is not relevent, nor is the length > >> of any external data. Your example will buffer whatever it > >> can and not read anything more from the external source until > >> it has resources available unless it is broken. > > > > And how do you determine when no resources are availabe? We are using > > overcommit here so malloc() will always return non null. > > > > A networked appliance using embedded software is not your daddy's > Chevrolet. Any task that is permanent needs to allocate all its > resources when it starts. That's how it knows how much there are, > and incidentally, it doesn't do it blindly. The system designer > must know how much memory is available in the system and how much > is allocated to the kernel. > > The fact that you can give a fictitious value to malloc() is not > relevant. If you don't provide resources for malloc(), like > (ultimately) a swap file, then you can't assume that it can do > any design work for you. > > An embedded system is NOT an ordinary system that happens to > boot from flash. An embedded system requires intelligent design. We might be talking about slightly different systems. I agree that systems that are really embedded, in the classic meaning often with real time constraints, should be designed as you suggests. But there are a lot of other systems that almost actually are ordinary systems but with limited memory and often without demand paging. This could be a set top box, a video game console or a mobile phone that run dynamic applications. Actually this is not only about applications allocating an unknown amount of dynamic memory. A similar situation could also appear when we run an unknown number of applications at once, each allocating just a static amount of memory and then later starts to touching it. For those systems I think we need a method to dynamically decrease the working set of a process when memory is scarce, and not just accept that we "are screwed" and let the OOM killer solve the problem. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Out of memory management in embedded systems
On Fri, 28 Sep 2007, [iso-8859-1] Daniel Spång wrote: > On 9/28/07, linux-os (Dick Johnson) <[EMAIL PROTECTED]> wrote: >> >> On Fri, 28 Sep 2007, [iso-8859-1] Daniel Spång wrote: >> >>> On 9/28/07, linux-os (Dick Johnson) <[EMAIL PROTECTED]> wrote: But an embedded system contains all the software that will ever be executed on that system! If it is properly designed, it can never run out of memory because everything it will ever do is known at design time. >>> >>> Not if its input is not known beforehand. Take a browser in a mobile >>> phone as an example, it does not know at design time how big the web >>> pages are. On the other hand we want to use as much memory as >>> possible, for cache etc., a method that involves the kernel would >>> simplify this and avoids setting manual limits. >>> >>> Daniel >>> >> >> Any networked appliance can (will) throw data away if there are >> no resources available. >> >> The length of a web-page is not relevent, nor is the length >> of any external data. Your example will buffer whatever it >> can and not read anything more from the external source until >> it has resources available unless it is broken. > > And how do you determine when no resources are availabe? We are using > overcommit here so malloc() will always return non null. > A networked appliance using embedded software is not your daddy's Chevrolet. Any task that is permanent needs to allocate all its resources when it starts. That's how it knows how much there are, and incidentally, it doesn't do it blindly. The system designer must know how much memory is available in the system and how much is allocated to the kernel. The fact that you can give a fictitious value to malloc() is not relevant. If you don't provide resources for malloc(), like (ultimately) a swap file, then you can't assume that it can do any design work for you. An embedded system is NOT an ordinary system that happens to boot from flash. An embedded system requires intelligent design. It is important to understand how a virtual memory system operates. The basics are that the kernel only "knows" that a new page needs to be allocated when it encounters a trap called a "page fault." If you don't have any memory resources to free up (read no swap file to write a seldom-used task's working set), then you are screwed --pure and simple. So, if you don't provide any resources to actually use virtual memory, then you need to make certain that virtual memory and physical memory are, for all practical purposes, the same. With embedded servers, it's usually very easy to limit the number of connections allowed, therefore the amount of dynamic resources that must be provided. With clients it should be equally easy, but generic software won't work because, for instance, Mozilla doesn't keep track of the number of "windows" you have up and the number of connections you have. HOWEVER, remember that malloc() is a library call. You can substitute your own using LD_PRELOAD, they keeps track of everything if you must use generic software. Cheers, Dick Johnson Penguin : Linux version 2.6.22.1 on an i686 machine (5588.29 BogoMips). My book : http://www.AbominableFirebug.com/ _ The information transmitted in this message is confidential and may be privileged. Any review, retransmission, dissemination, or other use of this information by persons or entities other than the intended recipient is prohibited. If you are not the intended recipient, please notify Analogic Corporation immediately - by replying to this message or by sending an email to [EMAIL PROTECTED] - and destroy all copies of this information, including any attachments, without reading or disclosing them. Thank you. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Out of memory management in embedded systems
On Fri, 28 Sep 2007 16:36:34 +0200 Eric Dumazet <[EMAIL PROTECTED]> wrote: > On Fri, 28 Sep 2007 10:17:11 -0400 > Rik van Riel <[EMAIL PROTECTED]> wrote: > > > On Fri, 28 Sep 2007 10:04:23 -0400 > > "linux-os \(Dick Johnson\)" <[EMAIL PROTECTED]> wrote: > > > On Fri, 28 Sep 2007, [iso-8859-1] Daniel Spång wrote: > > > > > > > On 9/28/07, linux-os (Dick Johnson) <[EMAIL PROTECTED]> wrote: > > > >> > > > >> On Fri, 28 Sep 2007, [iso-8859-1] Daniel Spång wrote: > > > > > >>> Some kind of notification to the application that the available memory > > > >>> is scarce and let the application free up some memory (e.g., by > > > >>> flushing caches), could be used to improve the situation > > > > > Any networked appliance can (will) throw data away if there are > > > no resources available. > > > > That is exactly what Daniel proposed in his first email. > > > > I think his idea makes sense. > > IBM AIX uses SIGDANGER, that kernel can raise in OOM conditions to warn > processes that are willing to handle this signal (default action for the > SIGDANGER signal is to ignore the signal) I suspect that SIGDANGER is not the right approach, because glibc memory arenas cannot be manipulated from inside a signal handler. Also, "nearly OOM" is not the only such signal we would want to send to userspace programs. It would also be useful to inform userspace programs when we are about to start swapping something out, so userspace can discard cached data instead of having to wait for disk IO in the future. A unix signal cannot encapsulate two different messages, while something like a "/dev/lowmem" device can simply be added into the program's main poll() loop and give many different messages. -- "Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it." - Brian W. Kernighan - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Out of memory management in embedded systems
On Fri, 28 Sep 2007 10:17:11 -0400 Rik van Riel <[EMAIL PROTECTED]> wrote: > On Fri, 28 Sep 2007 10:04:23 -0400 > "linux-os \(Dick Johnson\)" <[EMAIL PROTECTED]> wrote: > > On Fri, 28 Sep 2007, [iso-8859-1] Daniel Spång wrote: > > > > > On 9/28/07, linux-os (Dick Johnson) <[EMAIL PROTECTED]> wrote: > > >> > > >> On Fri, 28 Sep 2007, [iso-8859-1] Daniel Spång wrote: > > > >>> Some kind of notification to the application that the available memory > > >>> is scarce and let the application free up some memory (e.g., by > > >>> flushing caches), could be used to improve the situation > > > Any networked appliance can (will) throw data away if there are > > no resources available. > > That is exactly what Daniel proposed in his first email. > > I think his idea makes sense. IBM AIX uses SIGDANGER, that kernel can raise in OOM conditions to warn processes that are willing to handle this signal (default action for the SIGDANGER signal is to ignore the signal) - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Out of memory management in embedded systems
On Fri, 28 Sep 2007 10:04:23 -0400 "linux-os \(Dick Johnson\)" <[EMAIL PROTECTED]> wrote: > On Fri, 28 Sep 2007, [iso-8859-1] Daniel Spång wrote: > > > On 9/28/07, linux-os (Dick Johnson) <[EMAIL PROTECTED]> wrote: > >> > >> On Fri, 28 Sep 2007, [iso-8859-1] Daniel Spång wrote: > >>> Some kind of notification to the application that the available memory > >>> is scarce and let the application free up some memory (e.g., by > >>> flushing caches), could be used to improve the situation > Any networked appliance can (will) throw data away if there are > no resources available. That is exactly what Daniel proposed in his first email. I think his idea makes sense. -- "Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it." - Brian W. Kernighan - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Out of memory management in embedded systems
On 9/28/07, linux-os (Dick Johnson) <[EMAIL PROTECTED]> wrote: > > On Fri, 28 Sep 2007, [iso-8859-1] Daniel Spång wrote: > > > On 9/28/07, linux-os (Dick Johnson) <[EMAIL PROTECTED]> wrote: > >> > >> But an embedded system contains all the software that will > >> ever be executed on that system! If it is properly designed, > >> it can never run out of memory because everything it will > >> ever do is known at design time. > > > > Not if its input is not known beforehand. Take a browser in a mobile > > phone as an example, it does not know at design time how big the web > > pages are. On the other hand we want to use as much memory as > > possible, for cache etc., a method that involves the kernel would > > simplify this and avoids setting manual limits. > > > > Daniel > > > > Any networked appliance can (will) throw data away if there are > no resources available. > > The length of a web-page is not relevent, nor is the length > of any external data. Your example will buffer whatever it > can and not read anything more from the external source until > it has resources available unless it is broken. And how do you determine when no resources are availabe? We are using overcommit here so malloc() will always return non null. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Out of memory management in embedded systems
On Fri, 28 Sep 2007, [iso-8859-1] Daniel Spång wrote: > On 9/28/07, linux-os (Dick Johnson) <[EMAIL PROTECTED]> wrote: >> >> On Fri, 28 Sep 2007, [iso-8859-1] Daniel Spång wrote: >> >>> Applications with dynamic input and dynamic memory usage have some >>> issues with the current overcommitting kernel. A high memory usage >>> situation eventually results in that a process is killed by the OOM >>> killer. This is especially evident in swapless embedded systems with >>> limited memory and no swap available. >>> >>> Some kind of notification to the application that the available memory >>> is scarce and let the application free up some memory (e.g., by >>> flushing caches), could be used to improve the situation and avoid the >>> OOM killer. I am currently not aware of any general solution to this >>> problem, but I have found some approaches that might (or might not) >>> work: >>> >>> o Turn off overcommit. Results in a waste of memory. >>> >>> o Nokia uses a lowmem security module to signal on predetermined >>> thresholds. Currently available in the -omap tree. But this requires >>> manual tuning of the thresholds. >>> http://www.linuxjournal.com/article/8502 >>> >>> o Using madvise() with MADV_FREE to get the kernel to free mmaped >>> memory, typically application caches, when the kernel needs the >>> memory. >>> >>> o A OOM handler that the application registers with the kernel, and >>> that the kernel executes before the OOM-killer steps in. >>> >>> Does it exist any other solutions to this problem? >>> >>> Daniel >>> - >> >> But an embedded system contains all the software that will >> ever be executed on that system! If it is properly designed, >> it can never run out of memory because everything it will >> ever do is known at design time. > > Not if its input is not known beforehand. Take a browser in a mobile > phone as an example, it does not know at design time how big the web > pages are. On the other hand we want to use as much memory as > possible, for cache etc., a method that involves the kernel would > simplify this and avoids setting manual limits. > > Daniel > Any networked appliance can (will) throw data away if there are no resources available. The length of a web-page is not relevent, nor is the length of any external data. Your example will buffer whatever it can and not read anything more from the external source until it has resources available unless it is broken. Cheers, Dick Johnson Penguin : Linux version 2.6.22.1 on an i686 machine (5588.29 BogoMips). My book : http://www.AbominableFirebug.com/ _ The information transmitted in this message is confidential and may be privileged. Any review, retransmission, dissemination, or other use of this information by persons or entities other than the intended recipient is prohibited. If you are not the intended recipient, please notify Analogic Corporation immediately - by replying to this message or by sending an email to [EMAIL PROTECTED] - and destroy all copies of this information, including any attachments, without reading or disclosing them. Thank you. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Out of memory management in embedded systems
On 9/28/07, linux-os (Dick Johnson) <[EMAIL PROTECTED]> wrote: > > On Fri, 28 Sep 2007, [iso-8859-1] Daniel Spång wrote: > > > Applications with dynamic input and dynamic memory usage have some > > issues with the current overcommitting kernel. A high memory usage > > situation eventually results in that a process is killed by the OOM > > killer. This is especially evident in swapless embedded systems with > > limited memory and no swap available. > > > > Some kind of notification to the application that the available memory > > is scarce and let the application free up some memory (e.g., by > > flushing caches), could be used to improve the situation and avoid the > > OOM killer. I am currently not aware of any general solution to this > > problem, but I have found some approaches that might (or might not) > > work: > > > > o Turn off overcommit. Results in a waste of memory. > > > > o Nokia uses a lowmem security module to signal on predetermined > > thresholds. Currently available in the -omap tree. But this requires > > manual tuning of the thresholds. > > http://www.linuxjournal.com/article/8502 > > > > o Using madvise() with MADV_FREE to get the kernel to free mmaped > > memory, typically application caches, when the kernel needs the > > memory. > > > > o A OOM handler that the application registers with the kernel, and > > that the kernel executes before the OOM-killer steps in. > > > > Does it exist any other solutions to this problem? > > > > Daniel > > - > > But an embedded system contains all the software that will > ever be executed on that system! If it is properly designed, > it can never run out of memory because everything it will > ever do is known at design time. Not if its input is not known beforehand. Take a browser in a mobile phone as an example, it does not know at design time how big the web pages are. On the other hand we want to use as much memory as possible, for cache etc., a method that involves the kernel would simplify this and avoids setting manual limits. Daniel - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Out of memory management in embedded systems
On Fri, 28 Sep 2007, [iso-8859-1] Daniel Spång wrote: > Applications with dynamic input and dynamic memory usage have some > issues with the current overcommitting kernel. A high memory usage > situation eventually results in that a process is killed by the OOM > killer. This is especially evident in swapless embedded systems with > limited memory and no swap available. > > Some kind of notification to the application that the available memory > is scarce and let the application free up some memory (e.g., by > flushing caches), could be used to improve the situation and avoid the > OOM killer. I am currently not aware of any general solution to this > problem, but I have found some approaches that might (or might not) > work: > > o Turn off overcommit. Results in a waste of memory. > > o Nokia uses a lowmem security module to signal on predetermined > thresholds. Currently available in the -omap tree. But this requires > manual tuning of the thresholds. > http://www.linuxjournal.com/article/8502 > > o Using madvise() with MADV_FREE to get the kernel to free mmaped > memory, typically application caches, when the kernel needs the > memory. > > o A OOM handler that the application registers with the kernel, and > that the kernel executes before the OOM-killer steps in. > > Does it exist any other solutions to this problem? > > Daniel > - But an embedded system contains all the software that will ever be executed on that system! If it is properly designed, it can never run out of memory because everything it will ever do is known at design time. This should never be an issue with an embedded system. If you have such a system issue, then you have application(s) that have memory leaks because of improper design or coding. For instance, there is a common open-source web-server that is used in some embedded systems. It has memory leaks. The solution, if the server can't be fixed, is to execute a supervisor process which periodically shuts it down and restarts it --ugly, but effective if the developers refuse to accept patches. You shouldn't expect a kernel to be modified to "fix" broken application code. Cheers, Dick Johnson Penguin : Linux version 2.6.22.1 on an i686 machine (5588.29 BogoMips). My book : http://www.AbominableFirebug.com/ _ The information transmitted in this message is confidential and may be privileged. Any review, retransmission, dissemination, or other use of this information by persons or entities other than the intended recipient is prohibited. If you are not the intended recipient, please notify Analogic Corporation immediately - by replying to this message or by sending an email to [EMAIL PROTECTED] - and destroy all copies of this information, including any attachments, without reading or disclosing them. Thank you. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Out of memory management in embedded systems
Applications with dynamic input and dynamic memory usage have some issues with the current overcommitting kernel. A high memory usage situation eventually results in that a process is killed by the OOM killer. This is especially evident in swapless embedded systems with limited memory and no swap available. Some kind of notification to the application that the available memory is scarce and let the application free up some memory (e.g., by flushing caches), could be used to improve the situation and avoid the OOM killer. I am currently not aware of any general solution to this problem, but I have found some approaches that might (or might not) work: o Turn off overcommit. Results in a waste of memory. o Nokia uses a lowmem security module to signal on predetermined thresholds. Currently available in the -omap tree. But this requires manual tuning of the thresholds. http://www.linuxjournal.com/article/8502 o Using madvise() with MADV_FREE to get the kernel to free mmaped memory, typically application caches, when the kernel needs the memory. o A OOM handler that the application registers with the kernel, and that the kernel executes before the OOM-killer steps in. Does it exist any other solutions to this problem? Daniel - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Out of memory management in embedded systems
On 9/28/07, linux-os (Dick Johnson) [EMAIL PROTECTED] wrote: On Fri, 28 Sep 2007, [iso-8859-1] Daniel Spång wrote: On 9/28/07, linux-os (Dick Johnson) [EMAIL PROTECTED] wrote: But an embedded system contains all the software that will ever be executed on that system! If it is properly designed, it can never run out of memory because everything it will ever do is known at design time. Not if its input is not known beforehand. Take a browser in a mobile phone as an example, it does not know at design time how big the web pages are. On the other hand we want to use as much memory as possible, for cache etc., a method that involves the kernel would simplify this and avoids setting manual limits. Daniel Any networked appliance can (will) throw data away if there are no resources available. The length of a web-page is not relevent, nor is the length of any external data. Your example will buffer whatever it can and not read anything more from the external source until it has resources available unless it is broken. And how do you determine when no resources are availabe? We are using overcommit here so malloc() will always return non null. - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Out of memory management in embedded systems
On Fri, 28 Sep 2007, [iso-8859-1] Daniel Spång wrote: Applications with dynamic input and dynamic memory usage have some issues with the current overcommitting kernel. A high memory usage situation eventually results in that a process is killed by the OOM killer. This is especially evident in swapless embedded systems with limited memory and no swap available. Some kind of notification to the application that the available memory is scarce and let the application free up some memory (e.g., by flushing caches), could be used to improve the situation and avoid the OOM killer. I am currently not aware of any general solution to this problem, but I have found some approaches that might (or might not) work: o Turn off overcommit. Results in a waste of memory. o Nokia uses a lowmem security module to signal on predetermined thresholds. Currently available in the -omap tree. But this requires manual tuning of the thresholds. http://www.linuxjournal.com/article/8502 o Using madvise() with MADV_FREE to get the kernel to free mmaped memory, typically application caches, when the kernel needs the memory. o A OOM handler that the application registers with the kernel, and that the kernel executes before the OOM-killer steps in. Does it exist any other solutions to this problem? Daniel - But an embedded system contains all the software that will ever be executed on that system! If it is properly designed, it can never run out of memory because everything it will ever do is known at design time. This should never be an issue with an embedded system. If you have such a system issue, then you have application(s) that have memory leaks because of improper design or coding. For instance, there is a common open-source web-server that is used in some embedded systems. It has memory leaks. The solution, if the server can't be fixed, is to execute a supervisor process which periodically shuts it down and restarts it --ugly, but effective if the developers refuse to accept patches. You shouldn't expect a kernel to be modified to fix broken application code. Cheers, Dick Johnson Penguin : Linux version 2.6.22.1 on an i686 machine (5588.29 BogoMips). My book : http://www.AbominableFirebug.com/ _ The information transmitted in this message is confidential and may be privileged. Any review, retransmission, dissemination, or other use of this information by persons or entities other than the intended recipient is prohibited. If you are not the intended recipient, please notify Analogic Corporation immediately - by replying to this message or by sending an email to [EMAIL PROTECTED] - and destroy all copies of this information, including any attachments, without reading or disclosing them. Thank you. - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Out of memory management in embedded systems
Applications with dynamic input and dynamic memory usage have some issues with the current overcommitting kernel. A high memory usage situation eventually results in that a process is killed by the OOM killer. This is especially evident in swapless embedded systems with limited memory and no swap available. Some kind of notification to the application that the available memory is scarce and let the application free up some memory (e.g., by flushing caches), could be used to improve the situation and avoid the OOM killer. I am currently not aware of any general solution to this problem, but I have found some approaches that might (or might not) work: o Turn off overcommit. Results in a waste of memory. o Nokia uses a lowmem security module to signal on predetermined thresholds. Currently available in the -omap tree. But this requires manual tuning of the thresholds. http://www.linuxjournal.com/article/8502 o Using madvise() with MADV_FREE to get the kernel to free mmaped memory, typically application caches, when the kernel needs the memory. o A OOM handler that the application registers with the kernel, and that the kernel executes before the OOM-killer steps in. Does it exist any other solutions to this problem? Daniel - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Out of memory management in embedded systems
On Fri, 28 Sep 2007, [iso-8859-1] Daniel Spång wrote: On 9/28/07, linux-os (Dick Johnson) [EMAIL PROTECTED] wrote: On Fri, 28 Sep 2007, [iso-8859-1] Daniel Spång wrote: On 9/28/07, linux-os (Dick Johnson) [EMAIL PROTECTED] wrote: But an embedded system contains all the software that will ever be executed on that system! If it is properly designed, it can never run out of memory because everything it will ever do is known at design time. Not if its input is not known beforehand. Take a browser in a mobile phone as an example, it does not know at design time how big the web pages are. On the other hand we want to use as much memory as possible, for cache etc., a method that involves the kernel would simplify this and avoids setting manual limits. Daniel Any networked appliance can (will) throw data away if there are no resources available. The length of a web-page is not relevent, nor is the length of any external data. Your example will buffer whatever it can and not read anything more from the external source until it has resources available unless it is broken. And how do you determine when no resources are availabe? We are using overcommit here so malloc() will always return non null. A networked appliance using embedded software is not your daddy's Chevrolet. Any task that is permanent needs to allocate all its resources when it starts. That's how it knows how much there are, and incidentally, it doesn't do it blindly. The system designer must know how much memory is available in the system and how much is allocated to the kernel. The fact that you can give a fictitious value to malloc() is not relevant. If you don't provide resources for malloc(), like (ultimately) a swap file, then you can't assume that it can do any design work for you. An embedded system is NOT an ordinary system that happens to boot from flash. An embedded system requires intelligent design. It is important to understand how a virtual memory system operates. The basics are that the kernel only knows that a new page needs to be allocated when it encounters a trap called a page fault. If you don't have any memory resources to free up (read no swap file to write a seldom-used task's working set), then you are screwed --pure and simple. So, if you don't provide any resources to actually use virtual memory, then you need to make certain that virtual memory and physical memory are, for all practical purposes, the same. With embedded servers, it's usually very easy to limit the number of connections allowed, therefore the amount of dynamic resources that must be provided. With clients it should be equally easy, but generic software won't work because, for instance, Mozilla doesn't keep track of the number of windows you have up and the number of connections you have. HOWEVER, remember that malloc() is a library call. You can substitute your own using LD_PRELOAD, they keeps track of everything if you must use generic software. Cheers, Dick Johnson Penguin : Linux version 2.6.22.1 on an i686 machine (5588.29 BogoMips). My book : http://www.AbominableFirebug.com/ _ The information transmitted in this message is confidential and may be privileged. Any review, retransmission, dissemination, or other use of this information by persons or entities other than the intended recipient is prohibited. If you are not the intended recipient, please notify Analogic Corporation immediately - by replying to this message or by sending an email to [EMAIL PROTECTED] - and destroy all copies of this information, including any attachments, without reading or disclosing them. Thank you. - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Out of memory management in embedded systems
On Fri, 28 Sep 2007 16:36:34 +0200 Eric Dumazet [EMAIL PROTECTED] wrote: On Fri, 28 Sep 2007 10:17:11 -0400 Rik van Riel [EMAIL PROTECTED] wrote: On Fri, 28 Sep 2007 10:04:23 -0400 linux-os \(Dick Johnson\) [EMAIL PROTECTED] wrote: On Fri, 28 Sep 2007, [iso-8859-1] Daniel Spång wrote: On 9/28/07, linux-os (Dick Johnson) [EMAIL PROTECTED] wrote: On Fri, 28 Sep 2007, [iso-8859-1] Daniel Spång wrote: Some kind of notification to the application that the available memory is scarce and let the application free up some memory (e.g., by flushing caches), could be used to improve the situation Any networked appliance can (will) throw data away if there are no resources available. That is exactly what Daniel proposed in his first email. I think his idea makes sense. IBM AIX uses SIGDANGER, that kernel can raise in OOM conditions to warn processes that are willing to handle this signal (default action for the SIGDANGER signal is to ignore the signal) I suspect that SIGDANGER is not the right approach, because glibc memory arenas cannot be manipulated from inside a signal handler. Also, nearly OOM is not the only such signal we would want to send to userspace programs. It would also be useful to inform userspace programs when we are about to start swapping something out, so userspace can discard cached data instead of having to wait for disk IO in the future. A unix signal cannot encapsulate two different messages, while something like a /dev/lowmem device can simply be added into the program's main poll() loop and give many different messages. -- Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it. - Brian W. Kernighan - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Out of memory management in embedded systems
On Fri, 28 Sep 2007, [iso-8859-1] Daniel Spång wrote: On 9/28/07, linux-os (Dick Johnson) [EMAIL PROTECTED] wrote: On Fri, 28 Sep 2007, [iso-8859-1] Daniel Spång wrote: Applications with dynamic input and dynamic memory usage have some issues with the current overcommitting kernel. A high memory usage situation eventually results in that a process is killed by the OOM killer. This is especially evident in swapless embedded systems with limited memory and no swap available. Some kind of notification to the application that the available memory is scarce and let the application free up some memory (e.g., by flushing caches), could be used to improve the situation and avoid the OOM killer. I am currently not aware of any general solution to this problem, but I have found some approaches that might (or might not) work: o Turn off overcommit. Results in a waste of memory. o Nokia uses a lowmem security module to signal on predetermined thresholds. Currently available in the -omap tree. But this requires manual tuning of the thresholds. http://www.linuxjournal.com/article/8502 o Using madvise() with MADV_FREE to get the kernel to free mmaped memory, typically application caches, when the kernel needs the memory. o A OOM handler that the application registers with the kernel, and that the kernel executes before the OOM-killer steps in. Does it exist any other solutions to this problem? Daniel - But an embedded system contains all the software that will ever be executed on that system! If it is properly designed, it can never run out of memory because everything it will ever do is known at design time. Not if its input is not known beforehand. Take a browser in a mobile phone as an example, it does not know at design time how big the web pages are. On the other hand we want to use as much memory as possible, for cache etc., a method that involves the kernel would simplify this and avoids setting manual limits. Daniel Any networked appliance can (will) throw data away if there are no resources available. The length of a web-page is not relevent, nor is the length of any external data. Your example will buffer whatever it can and not read anything more from the external source until it has resources available unless it is broken. Cheers, Dick Johnson Penguin : Linux version 2.6.22.1 on an i686 machine (5588.29 BogoMips). My book : http://www.AbominableFirebug.com/ _ The information transmitted in this message is confidential and may be privileged. Any review, retransmission, dissemination, or other use of this information by persons or entities other than the intended recipient is prohibited. If you are not the intended recipient, please notify Analogic Corporation immediately - by replying to this message or by sending an email to [EMAIL PROTECTED] - and destroy all copies of this information, including any attachments, without reading or disclosing them. Thank you. - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Out of memory management in embedded systems
On 9/28/07, linux-os (Dick Johnson) [EMAIL PROTECTED] wrote: On Fri, 28 Sep 2007, [iso-8859-1] Daniel Spång wrote: Applications with dynamic input and dynamic memory usage have some issues with the current overcommitting kernel. A high memory usage situation eventually results in that a process is killed by the OOM killer. This is especially evident in swapless embedded systems with limited memory and no swap available. Some kind of notification to the application that the available memory is scarce and let the application free up some memory (e.g., by flushing caches), could be used to improve the situation and avoid the OOM killer. I am currently not aware of any general solution to this problem, but I have found some approaches that might (or might not) work: o Turn off overcommit. Results in a waste of memory. o Nokia uses a lowmem security module to signal on predetermined thresholds. Currently available in the -omap tree. But this requires manual tuning of the thresholds. http://www.linuxjournal.com/article/8502 o Using madvise() with MADV_FREE to get the kernel to free mmaped memory, typically application caches, when the kernel needs the memory. o A OOM handler that the application registers with the kernel, and that the kernel executes before the OOM-killer steps in. Does it exist any other solutions to this problem? Daniel - But an embedded system contains all the software that will ever be executed on that system! If it is properly designed, it can never run out of memory because everything it will ever do is known at design time. Not if its input is not known beforehand. Take a browser in a mobile phone as an example, it does not know at design time how big the web pages are. On the other hand we want to use as much memory as possible, for cache etc., a method that involves the kernel would simplify this and avoids setting manual limits. Daniel - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Out of memory management in embedded systems
On Fri, 28 Sep 2007 10:04:23 -0400 linux-os \(Dick Johnson\) [EMAIL PROTECTED] wrote: On Fri, 28 Sep 2007, [iso-8859-1] Daniel Spång wrote: On 9/28/07, linux-os (Dick Johnson) [EMAIL PROTECTED] wrote: On Fri, 28 Sep 2007, [iso-8859-1] Daniel Spång wrote: Some kind of notification to the application that the available memory is scarce and let the application free up some memory (e.g., by flushing caches), could be used to improve the situation Any networked appliance can (will) throw data away if there are no resources available. That is exactly what Daniel proposed in his first email. I think his idea makes sense. -- Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it. - Brian W. Kernighan - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Out of memory management in embedded systems
On Fri, 28 Sep 2007 10:17:11 -0400 Rik van Riel [EMAIL PROTECTED] wrote: On Fri, 28 Sep 2007 10:04:23 -0400 linux-os \(Dick Johnson\) [EMAIL PROTECTED] wrote: On Fri, 28 Sep 2007, [iso-8859-1] Daniel Spång wrote: On 9/28/07, linux-os (Dick Johnson) [EMAIL PROTECTED] wrote: On Fri, 28 Sep 2007, [iso-8859-1] Daniel Spång wrote: Some kind of notification to the application that the available memory is scarce and let the application free up some memory (e.g., by flushing caches), could be used to improve the situation Any networked appliance can (will) throw data away if there are no resources available. That is exactly what Daniel proposed in his first email. I think his idea makes sense. IBM AIX uses SIGDANGER, that kernel can raise in OOM conditions to warn processes that are willing to handle this signal (default action for the SIGDANGER signal is to ignore the signal) - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Out of memory management in embedded systems
On 9/28/07, linux-os (Dick Johnson) [EMAIL PROTECTED] wrote: On Fri, 28 Sep 2007, [iso-8859-1] Daniel Spång wrote: On 9/28/07, linux-os (Dick Johnson) [EMAIL PROTECTED] wrote: On Fri, 28 Sep 2007, [iso-8859-1] Daniel Spång wrote: On 9/28/07, linux-os (Dick Johnson) [EMAIL PROTECTED] wrote: But an embedded system contains all the software that will ever be executed on that system! If it is properly designed, it can never run out of memory because everything it will ever do is known at design time. Not if its input is not known beforehand. Take a browser in a mobile phone as an example, it does not know at design time how big the web pages are. On the other hand we want to use as much memory as possible, for cache etc., a method that involves the kernel would simplify this and avoids setting manual limits. Daniel Any networked appliance can (will) throw data away if there are no resources available. The length of a web-page is not relevent, nor is the length of any external data. Your example will buffer whatever it can and not read anything more from the external source until it has resources available unless it is broken. And how do you determine when no resources are availabe? We are using overcommit here so malloc() will always return non null. A networked appliance using embedded software is not your daddy's Chevrolet. Any task that is permanent needs to allocate all its resources when it starts. That's how it knows how much there are, and incidentally, it doesn't do it blindly. The system designer must know how much memory is available in the system and how much is allocated to the kernel. The fact that you can give a fictitious value to malloc() is not relevant. If you don't provide resources for malloc(), like (ultimately) a swap file, then you can't assume that it can do any design work for you. An embedded system is NOT an ordinary system that happens to boot from flash. An embedded system requires intelligent design. We might be talking about slightly different systems. I agree that systems that are really embedded, in the classic meaning often with real time constraints, should be designed as you suggests. But there are a lot of other systems that almost actually are ordinary systems but with limited memory and often without demand paging. This could be a set top box, a video game console or a mobile phone that run dynamic applications. Actually this is not only about applications allocating an unknown amount of dynamic memory. A similar situation could also appear when we run an unknown number of applications at once, each allocating just a static amount of memory and then later starts to touching it. For those systems I think we need a method to dynamically decrease the working set of a process when memory is scarce, and not just accept that we are screwed and let the OOM killer solve the problem. - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Out of memory management in embedded systems
On Fri, 2007-09-28 at 11:15 -0400, Rik van Riel wrote: On Fri, 28 Sep 2007 16:36:34 +0200 Eric Dumazet [EMAIL PROTECTED] wrote: On Fri, 28 Sep 2007 10:17:11 -0400 Rik van Riel [EMAIL PROTECTED] wrote: On Fri, 28 Sep 2007 10:04:23 -0400 linux-os \(Dick Johnson\) [EMAIL PROTECTED] wrote: On Fri, 28 Sep 2007, [iso-8859-1] Daniel Spång wrote: On 9/28/07, linux-os (Dick Johnson) [EMAIL PROTECTED] wrote: On Fri, 28 Sep 2007, [iso-8859-1] Daniel Spång wrote: Some kind of notification to the application that the available memory is scarce and let the application free up some memory (e.g., by flushing caches), could be used to improve the situation Any networked appliance can (will) throw data away if there are no resources available. That is exactly what Daniel proposed in his first email. I think his idea makes sense. IBM AIX uses SIGDANGER, that kernel can raise in OOM conditions to warn processes that are willing to handle this signal (default action for the SIGDANGER signal is to ignore the signal) I suspect that SIGDANGER is not the right approach, because glibc memory arenas cannot be manipulated from inside a signal handler. Also, nearly OOM is not the only such signal we would want to send to userspace programs. It would also be useful to inform userspace programs when we are about to start swapping something out, so userspace can discard cached data instead of having to wait for disk IO in the future. A unix signal cannot encapsulate two different messages, while something like a /dev/lowmem device can simply be added into the program's main poll() loop and give many different messages. SIGDANGER could stick useful information in siginfo_t's si_code field and be delivered via a signalfd. -- Nicholas Miell [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Out of memory management in embedded systems
On Friday 28 September 2007 05:55, Daniel Spång wrote: Applications with dynamic input and dynamic memory usage have some issues with the current overcommitting kernel. A high memory usage situation eventually results in that a process is killed by the OOM killer. This is especially evident in swapless embedded systems with limited memory and no swap available. In order to earn the right to fix this problem by inventing new Linux, first you need to post a traceback and a cat of /proc/meminfo to prove the OOM is a true one, as opposed to a second order effect of a writeout lockup. Regards, Daniel - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/