Question on the current behaviour of malloc () on Linux

Question on the current behaviour of malloc () on Linux

[Jie Zhang]

Hi,

I first asked this question on uClinux mailing list. My first question
is <http://mailman.uclinux.org/pipermail/uclinux-dev/2005-December/036042.html>.
Although I found this issue on uClinux, it's also can be demostrated
on Linux. This is a small program:

$> cat test2.c
#include <stdio.h>
#include <stdlib.h>

int
main ()
{
  char *p;
  int i, j;
  for (i = 0;; i++)
    {
      p = (char *) malloc (8 * 1024 * 1024);
      if (p)
        for (j = 0; j < 8 * 1024 * 1024; j++)
          p[j] = 0x55;
      else
        {
          printf ("%d fail\n", i);
          break;
        }
    }
  return 0;
}

When I run it on my Linux notebook, it will be killed. I expect to see
it prints out   "fail".

Thanks,
Jie


---------- Forwarded message ----------
From: Jie Zhang <jzhang918@gmail.com>
Date: Dec 22, 2005 1:10 AM
Subject: Re: [uClinux-dev] Question on the current behaviour of malloc
() onuClinux
To: uClinux development list <uclinux-dev@uclinux.org>


On 12/21/05, Friedrich, Lars <lars.friedrich@wago.com> wrote:
> > I traced this issue to __alloc_pages (). If there is not
> > enough free pages for allocation, it will call
> > try_to_free_pages () to reclaim page frames. If
> > try_to_free_pages () cannot help, which usually occurs when
> > run a fail-to-malloc application the second time, __alloc_pages
> > () will call out_of_memory (), which in turn will kill something.
> >
> > Can we make __alloc_pages () not call out_of_memory () if the
> > allocations request comes from malloc () and just return NULL?
>
> This is intended Linux behaviour. It is assumed that it is more
> important for you to run your new application than it is to
> keep an old application running. After all, if you wouldn't
> want that your new application runs, you wouldn't have started
> it in the first place.
>
> Imagine f.e. you can't call kill because there is not enough
> memory left and you can't free memory because kill can't be called.
>
> Despite this, it seems to be in accordance of SuSv3. Linux is able
> to allocate memory for the application. There is afaik no requirement
> how this has to be achieved. Anyway, requests to change this behaviour
> need to be posted on the Linux kernel mailing list.
>
Here is very small program

$> cat test.c
#include <stdio.h>
#include <stdlib.h>

int
main ()
{
  char *p;
  p = (char *) malloc (32 * 1024 * 1024);
  if (p)
    printf ("sucess\n");
  else
    printf ("fail\n");
  return 0;
}

When I run it on uClinux for Blackfin (BF533-STAMP board, which has
64MB SDRAM), The first invocation of it usually prints out "fail" as
expected. But the following invocations will be killed by kernel
because out of memory. The problem is  why the second and further runs
should be killed. (The first run is not because try_to_free_pages ()
did some progress.) In these failed malloc () cases, the 32MB memory
has not been allocated. So there is no such out-of-memory case which
will make kernel cannot kill. There is no difference on the memory
consumption between this program and a program which has only an empty
main () function. Why should it be killed?

It's true that Linux can allocate memory for application, but SuSv3
also says If the space cannot be allocated, a null pointer shall be
returned. But uClinux kills this application while there is plenty of
memory just because it cannot reclaim enough pages. It's very weird.
It would be better to nicely tell application that malloc () fails.

Thanks,
Jie

Re: Question on the current behaviour of malloc () on Linux

[Arjan van de Ven]

On Thu, 2005-12-22 at 01:36 +0800, Jie Zhang wrote:
> Hi,
> 
> I first asked this question on uClinux mailing list. My first question
> is <http://mailman.uclinux.org/pipermail/uclinux-dev/2005-December/036042.html>.
> Although I found this issue on uClinux, it's also can be demostrated
> on Linux. This is a small program:


see "overcommit". Disable it if you want the behavior you want...

Re: Question on the current behaviour of malloc () on Linux

[Jesper Juhl]

On 12/21/05, Jie Zhang <jzhang918@gmail.com> wrote:
> Hi,
>
> I first asked this question on uClinux mailing list. My first question
> is <http://mailman.uclinux.org/pipermail/uclinux-dev/2005-December/036042.html>.
> Although I found this issue on uClinux, it's also can be demostrated
> on Linux. This is a small program:
>
[snip memory hog]
>
> When I run it on my Linux notebook, it will be killed. I expect to see
> it prints out   "fail".
>

You are seeing the effects of Linux overcommitting memory.

When an application asks for memory the allocation will be granted
even if the system does not have enough free to actually satisfy the
request. This is done on the assumption that either the app won't
actually touch all mem that it allocates (it's only really allocated
once it's written to) or when the app gets to the point of writing to
the mem then enough will be free at that point. Really obviously
faulty allocations are still refused.

In most cases this works well.

What's happening in your case is a series of small allocations that
the kernel will grant since they are not "obviously flawed", then you
proceed to actually write to the mem and you eventually run into a
situation where the kernel runs out of memory to fulfill the promise
it has made and has no other way to recover than killing off one or
more processes to free some RAM. That's when the OOM killer kicks in
and tries to identify the memory hog and it correctly identifies your
application as a good candidate to kill, it kills the app and the
system survives at the expense of your app.

If for some reason you run apps where memory overcommit is not
acceptable, then you can disable overcommit by doing

 echo 2 > /proc/sys/vm/overcommit_memory

There are two basic knobs you can tweak in relation to memory
overcommit. The first one is /proc/sys/vm/overcommit_memory which
controlls the general overcommit strategy.
The default value is 0 and means "Heuristic overcommit" - That is,
generally overcommit, but try to be smart about it.
A value of 1 means "Always overcommit" - In this mode even completely
rediculous allocation requests made by applications will always appear
to succeed.
The final value of 2 means "Always overcommit" - In this mode the
kernel will never overcommit memory, so if an application asks for
more than is currently available the allocation will fail.

The second knob you can turn is /proc/sys/vm/overcommit_ratio that
controls how much (a percentage) the kernel will overcommit when in
overcommit mode 0. Tweaking this is often better than completely
disabling overcommit.

For more information read Documentation/vm/overcommit-accounting ,
Documentation/sysctl/vm.txt & Documentation/filesystems/proc.txt


--
Jesper Juhl <jesper.juhl@gmail.com>
Don't top-post  http://www.catb.org/~esr/jargon/html/T/top-post.html
Plain text mails only, please      http://www.expita.com/nomime.html

Re: Question on the current behaviour of malloc () on Linux

[linux-os (Dick Johnson)]

On Wed, 21 Dec 2005, Jie Zhang wrote:

> Hi,
>
> I first asked this question on uClinux mailing list. My first question
> is <http://mailman.uclinux.org/pipermail/uclinux-dev/2005-December/036042.html>.
> Although I found this issue on uClinux, it's also can be demostrated
> on Linux. This is a small program:
>

Another FAQ....

> $> cat test2.c
> #include <stdio.h>
> #include <stdlib.h>
>
> int
> main ()
> {
>  char *p;
>  int i, j;
>  for (i = 0;; i++)
>    {
>      p = (char *) malloc (8 * 1024 * 1024);
>      if (p)
>        for (j = 0; j < 8 * 1024 * 1024; j++)
>          p[j] = 0x55;
>      else
>        {
>          printf ("%d fail\n", i);
>          break;
>        }
>    }
>  return 0;
> }
>
> When I run it on my Linux notebook, it will be killed. I expect to see
> it prints out   "fail".

Your expectations are not based upon any logic, only wishes.

>
> Thanks,
> Jie
>


To make your wishes come true execute:
     echo "1" >/proc/sys/vm/overcommit_memory
... as a super-user.

That will make malloc() fail when there isn't any more virtual
memory.

An even shorter program...

main ()
{
     for(;;)
         *(long *)malloc(0x0010000) = 1;
}

This will seg-fault because malloc will eventually return NULL and,
yawn, nothing except your program gets killed.

Cheers,
Dick Johnson
Penguin : Linux version 2.6.13.4 on an i686 machine (5589.55 BogoMips).
Warning : 98.36% of all statistics are fiction.
.

****************************************************************
The information transmitted in this message is confidential and may be privileged.  Any review, retransmission, dissemination, or other use of this information by persons or entities other than the intended recipient is prohibited.  If you are not the intended recipient, please notify Analogic Corporation immediately - by replying to this message or by sending an email to DeliveryErrors@analogic.com - and destroy all copies of this information, including any attachments, without reading or disclosing them.

Thank you.

Re: Question on the current behaviour of malloc () on Linux

[Jesper Juhl]

On 12/21/05, Jesper Juhl <jesper.juhl@gmail.com> wrote:

> The final value of 2 means "Always overcommit" - In this mode the

This is a mistake ofcourse, I meant to say :

        The final value of 2 means "Don't overcommit"



--
Jesper Juhl <jesper.juhl@gmail.com>
Don't top-post  http://www.catb.org/~esr/jargon/html/T/top-post.html
Plain text mails only, please      http://www.expita.com/nomime.html

Re: Question on the current behaviour of malloc () on Linux

[Jesper Juhl]

On 12/21/05, linux-os (Dick Johnson) <linux-os@analogic.com> wrote:
[snip]
>
> To make your wishes come true execute:
>      echo "1" >/proc/sys/vm/overcommit_memory

s/"1"/"2"/

> ... as a super-user.
>
> That will make malloc() fail when there isn't any more virtual
> memory.
>
[snip]

--
Jesper Juhl <jesper.juhl@gmail.com>
Don't top-post  http://www.catb.org/~esr/jargon/html/T/top-post.html
Plain text mails only, please      http://www.expita.com/nomime.html

Re: Question on the current behaviour of malloc () on Linux

[Jie Zhang]

On 12/22/05, Jesper Juhl <jesper.juhl@gmail.com> wrote:
> On 12/21/05, Jie Zhang <jzhang918@gmail.com> wrote:
> > Hi,
> >
> > I first asked this question on uClinux mailing list. My first question
> > is <http://mailman.uclinux.org/pipermail/uclinux-dev/2005-December/036042.html>.
> > Although I found this issue on uClinux, it's also can be demostrated
> > on Linux. This is a small program:
> >
> [snip memory hog]
> >
> > When I run it on my Linux notebook, it will be killed. I expect to see
> > it prints out   "fail".
> >
>
> You are seeing the effects of Linux overcommitting memory.
>
[snip]
>
> For more information read Documentation/vm/overcommit-accounting ,
> Documentation/sysctl/vm.txt & Documentation/filesystems/proc.txt
>
Thanks a lot! Your explaination is very detailed and easier to
understand than the doc for me.

Best Regards,
Jie

Re: Question on the current behaviour of malloc () on Linux

[Jie Zhang]

On 12/22/05, linux-os (Dick Johnson) <linux-os@analogic.com> wrote:
>
> On Wed, 21 Dec 2005, Jie Zhang wrote:
>
> > Hi,
> >
> > I first asked this question on uClinux mailing list. My first question
> > is <http://mailman.uclinux.org/pipermail/uclinux-dev/2005-December/036042.html>.
> > Although I found this issue on uClinux, it's also can be demostrated
> > on Linux. This is a small program:
> >
>
> Another FAQ....
>
> > $> cat test2.c
> > #include <stdio.h>
> > #include <stdlib.h>
> >
> > int
> > main ()
> > {
> >  char *p;
> >  int i, j;
> >  for (i = 0;; i++)
> >    {
> >      p = (char *) malloc (8 * 1024 * 1024);
> >      if (p)
> >        for (j = 0; j < 8 * 1024 * 1024; j++)
> >          p[j] = 0x55;
> >      else
> >        {
> >          printf ("%d fail\n", i);
> >          break;
> >        }
> >    }
> >  return 0;
> > }
> >
> > When I run it on my Linux notebook, it will be killed. I expect to see
> > it prints out   "fail".
>
> Your expectations are not based upon any logic, only wishes.
>
According to SuSv3, I think my expectation is completely based upon
logic. Actually, overcommitting is based upon wishes I think. It
wishes application not use all the memory it allocated.
>
>
> To make your wishes come true execute:
>      echo "1" >/proc/sys/vm/overcommit_memory
> ... as a super-user.
>
> That will make malloc() fail when there isn't any more virtual
> memory.

That's what I'm looking for. Thanks.

Jie