Via Andy Miller (2007), an amusing metaphor for Linux memory overcommit. Originally posted by Andries Brouwer to the linux-kernel mailing list, 2004-09-24, in the thread titled “oom_pardon, aka don’t kill my xlock”:

An aircraft company discovered that it was cheaper to fly its planes with less fuel on board. The planes would be lighter and use less fuel and money was saved. On rare occasions however the amount of fuel was insufficient, and the plane would crash. This problem was solved by the engineers of the company by the development of a special OOF (out-of-fuel) mechanism. In emergency cases a passenger was selected and thrown out of the plane. (When necessary, the procedure was repeated.) A large body of theory was developed and many publications were devoted to the problem of properly selecting the victim to be ejected. Should the victim be chosen at random? Or should one choose the heaviest person? Or the oldest? Should passengers pay in order not to be ejected, so that the victim would be the poorest on board? And if for example the heaviest person was chosen, should there be a special exception in case that was the pilot? Should first class passengers be exempted? Now that the OOF mechanism existed, it would be activated every now and then, and eject passengers even when there was no fuel shortage. The engineers are still studying precisely how this malfunction is caused.

Twenty years later, as far as I know, the OOM killer is still going strong. In fact, if you don’t like the airline’s policy on what counts as an “emergency” (for example, that it might exhaust your swap partition too before killing any bad actor at all), you can hire your own hit man, in the form of the userspace daemon earlyoom.

Explanation of the OOM-Killer: Understanding Out of Memory Killer (OOM Killer) in Linux

  • Jears@social.jears.at
    link
    fedilink
    arrow-up
    5
    ·
    edit-2
    3 个月前

    You will always need some sort of oom killer unless you have endless memory (or swap space, which comes with its own problems in the form of grinding your system to an almost halt). Imagine all memory is in use, then some system critical task (or even the kernel itself) needs memory as well. If the kernel can’t kill a less important process to free memory in such a situation you might just crash your system.

    • wewbull@feddit.uk
      link
      fedilink
      English
      arrow-up
      5
      ·
      3 个月前

      It’s meant to be that malloc fails and the application handles it.

      Trouble is applications are written expecting it to never fail.

    • Norah - She/They@lemmy.blahaj.zone
      link
      fedilink
      English
      arrow-up
      1
      ·
      3 个月前

      I mean, this is literally what someone in the original mailing list said:

      How about a sysctl that does “for the love of kbaek, don’t ever kill these processes when OOM. If nothing else can be killed, I’d rather you panic”?