1 /*
2 * Copyright (C) 2013 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #define LOG_TAG "lowmemorykiller"
18
19 #include <errno.h>
20 #include <inttypes.h>
21 #include <pwd.h>
22 #include <sched.h>
23 #include <stdbool.h>
24 #include <stdlib.h>
25 #include <string.h>
26 #include <sys/cdefs.h>
27 #include <sys/epoll.h>
28 #include <sys/eventfd.h>
29 #include <sys/mman.h>
30 #include <sys/pidfd.h>
31 #include <sys/socket.h>
32 #include <sys/syscall.h>
33 #include <sys/sysinfo.h>
34 #include <time.h>
35 #include <unistd.h>
36
37 #include <algorithm>
38 #include <array>
39 #include <memory>
40 #include <shared_mutex>
41 #include <vector>
42
43 #include <bpf/KernelUtils.h>
44 #include <bpf/WaitForProgsLoaded.h>
45 #include <cutils/properties.h>
46 #include <cutils/sockets.h>
47 #include <liblmkd_utils.h>
48 #include <liburing.h>
49 #include <lmkd.h>
50 #include <lmkd_hooks.h>
51 #include <log/log.h>
52 #include <log/log_event_list.h>
53 #include <log/log_time.h>
54 #include <memevents/memevents.h>
55 #include <private/android_filesystem_config.h>
56 #include <processgroup/processgroup.h>
57 #include <psi/psi.h>
58
59 #include "reaper.h"
60 #include "statslog.h"
61 #include "watchdog.h"
62
63 #define BPF_FD_JUST_USE_INT
64 #include "BpfSyscallWrappers.h"
65
66 /*
67 * Define LMKD_TRACE_KILLS to record lmkd kills in kernel traces
68 * to profile and correlate with OOM kills
69 */
70 #ifdef LMKD_TRACE_KILLS
71
72 #define ATRACE_TAG ATRACE_TAG_ALWAYS
73 #include <cutils/trace.h>
74
trace_kill_start(const char * desc)75 static inline void trace_kill_start(const char *desc) {
76 ATRACE_BEGIN(desc);
77 }
78
trace_kill_end()79 static inline void trace_kill_end() {
80 ATRACE_END();
81 }
82
83 #else /* LMKD_TRACE_KILLS */
84
trace_kill_start(const char *)85 static inline void trace_kill_start(const char *) {}
trace_kill_end()86 static inline void trace_kill_end() {}
87
88 #endif /* LMKD_TRACE_KILLS */
89
90 #ifndef __unused
91 #define __unused __attribute__((__unused__))
92 #endif
93
94 #define ZONEINFO_PATH "/proc/zoneinfo"
95 #define MEMINFO_PATH "/proc/meminfo"
96 #define VMSTAT_PATH "/proc/vmstat"
97 #define PROC_STATUS_TGID_FIELD "Tgid:"
98 #define PROC_STATUS_RSS_FIELD "VmRSS:"
99 #define PROC_STATUS_SWAP_FIELD "VmSwap:"
100
101 #define PERCEPTIBLE_APP_ADJ 200
102 #define PREVIOUS_APP_ADJ 700
103
104 /* Android Logger event logtags (see event.logtags) */
105 #define KILLINFO_LOG_TAG 10195355
106
107 /* gid containing AID_SYSTEM required */
108 #define INKERNEL_MINFREE_PATH "/sys/module/lowmemorykiller/parameters/minfree"
109 #define INKERNEL_ADJ_PATH "/sys/module/lowmemorykiller/parameters/adj"
110
111 #define EIGHT_MEGA (1 << 23)
112
113 #define TARGET_UPDATE_MIN_INTERVAL_MS 1000
114 #define THRASHING_RESET_INTERVAL_MS 1000
115
116 #define NS_PER_MS (NS_PER_SEC / MS_PER_SEC)
117 #define US_PER_MS (US_PER_SEC / MS_PER_SEC)
118
119 /* Defined as ProcessList.SYSTEM_ADJ in ProcessList.java */
120 #define SYSTEM_ADJ (-900)
121
122 #define STRINGIFY(x) STRINGIFY_INTERNAL(x)
123 #define STRINGIFY_INTERNAL(x) #x
124
125 #define PROCFS_PATH_MAX 64
126
127 /*
128 * Read lmk property with persist.device_config.lmkd_native.<name> overriding ro.lmk.<name>
129 * persist.device_config.lmkd_native.* properties are being set by experiments. If a new property
130 * can be controlled by an experiment then use GET_LMK_PROPERTY instead of property_get_xxx and
131 * add "on property" triggers in lmkd.rc to react to the experiment flag changes.
132 */
133 #define GET_LMK_PROPERTY(type, name, def) \
134 property_get_##type("persist.device_config.lmkd_native." name, \
135 property_get_##type("ro.lmk." name, def))
136
137 /*
138 * PSI monitor tracking window size.
139 * PSI monitor generates events at most once per window,
140 * therefore we poll memory state for the duration of
141 * PSI_WINDOW_SIZE_MS after the event happens.
142 */
143 #define PSI_WINDOW_SIZE_MS 1000
144 /* Polling period after PSI signal when pressure is high */
145 #define PSI_POLL_PERIOD_SHORT_MS 10
146 /* Polling period after PSI signal when pressure is low */
147 #define PSI_POLL_PERIOD_LONG_MS 100
148
149 #define FAIL_REPORT_RLIMIT_MS 1000
150
151 /*
152 * System property defaults
153 */
154 /* ro.lmk.swap_free_low_percentage property defaults */
155 #define DEF_LOW_SWAP 10
156 /* ro.lmk.thrashing_limit property defaults */
157 #define DEF_THRASHING_LOWRAM 30
158 #define DEF_THRASHING 100
159 /* ro.lmk.thrashing_limit_decay property defaults */
160 #define DEF_THRASHING_DECAY_LOWRAM 50
161 #define DEF_THRASHING_DECAY 10
162 /* ro.lmk.psi_partial_stall_ms property defaults */
163 #define DEF_PARTIAL_STALL_LOWRAM 200
164 #define DEF_PARTIAL_STALL 70
165 /* ro.lmk.psi_complete_stall_ms property defaults */
166 #define DEF_COMPLETE_STALL 700
167 /* ro.lmk.direct_reclaim_threshold_ms property defaults */
168 #define DEF_DIRECT_RECL_THRESH_MS 0
169 /* ro.lmk.swap_compression_ratio property defaults */
170 #define DEF_SWAP_COMP_RATIO 1
171 /* ro.lmk.lowmem_min_oom_score defaults */
172 #define DEF_LOWMEM_MIN_SCORE (PREVIOUS_APP_ADJ + 1)
173
174 #define LMKD_REINIT_PROP "lmkd.reinit"
175
176 #define WATCHDOG_TIMEOUT_SEC 2
177
178 /* default to old in-kernel interface if no memory pressure events */
179 static bool use_inkernel_interface = true;
180 static bool has_inkernel_module;
181
182 /* memory pressure levels */
183 enum vmpressure_level {
184 VMPRESS_LEVEL_LOW = 0,
185 VMPRESS_LEVEL_MEDIUM,
186 VMPRESS_LEVEL_CRITICAL,
187 VMPRESS_LEVEL_COUNT
188 };
189
190 static const char *level_name[] = {
191 "low",
192 "medium",
193 "critical"
194 };
195
196 struct {
197 int64_t min_nr_free_pages; /* recorded but not used yet */
198 int64_t max_nr_free_pages;
199 } low_pressure_mem = { -1, -1 };
200
201 struct psi_threshold {
202 enum psi_stall_type stall_type;
203 int threshold_ms;
204 };
205
206 /* Listener for direct reclaim and kswapd state changes */
207 static std::unique_ptr<android::bpf::memevents::MemEventListener> memevent_listener(nullptr);
208 static struct timespec direct_reclaim_start_tm;
209 static struct timespec kswapd_start_tm;
210
211 /* io_uring for LMK_PROCS_PRIO */
212 static struct io_uring lmk_io_uring_ring;
213 /* IO_URING_OP_READ/WRITE opcodes were introduced only on 5.6 kernel */
214 static const bool isIoUringSupported = android::bpf::isAtLeastKernelVersion(5, 6, 0);
215
216 static int level_oomadj[VMPRESS_LEVEL_COUNT];
217 static int mpevfd[VMPRESS_LEVEL_COUNT] = { -1, -1, -1 };
218 static bool pidfd_supported;
219 static int last_kill_pid_or_fd = -1;
220 static struct timespec last_kill_tm;
221 static bool monitors_initialized;
222 static bool boot_completed_handled = false;
223
224 /* lmkd configurable parameters */
225 static bool debug_process_killing;
226 static bool enable_pressure_upgrade;
227 static int64_t upgrade_pressure;
228 static int64_t downgrade_pressure;
229 static bool low_ram_device;
230 static bool kill_heaviest_task;
231 static unsigned long kill_timeout_ms;
232 static int pressure_after_kill_min_score;
233 static bool use_minfree_levels;
234 static bool per_app_memcg;
235 static int swap_free_low_percentage;
236 static int psi_partial_stall_ms;
237 static int psi_complete_stall_ms;
238 static int thrashing_limit_pct;
239 static int thrashing_limit_decay_pct;
240 static int thrashing_critical_pct;
241 static int swap_util_max;
242 static int64_t filecache_min_kb;
243 static int64_t stall_limit_critical;
244 static bool use_psi_monitors = false;
245 static int kpoll_fd;
246 static bool delay_monitors_until_boot;
247 static int direct_reclaim_threshold_ms;
248 static int swap_compression_ratio;
249 static int lowmem_min_oom_score;
250 static struct psi_threshold psi_thresholds[VMPRESS_LEVEL_COUNT] = {
251 { PSI_SOME, 70 }, /* 70ms out of 1sec for partial stall */
252 { PSI_SOME, 100 }, /* 100ms out of 1sec for partial stall */
253 { PSI_FULL, 70 }, /* 70ms out of 1sec for complete stall */
254 };
255
256 static android_log_context ctx;
257 static Reaper reaper;
258 static int reaper_comm_fd[2];
259
260 enum polling_update {
261 POLLING_DO_NOT_CHANGE,
262 POLLING_START,
263 POLLING_PAUSE,
264 POLLING_RESUME,
265 };
266
267 /*
268 * Data used for periodic polling for the memory state of the device.
269 * Note that when system is not polling poll_handler is set to NULL,
270 * when polling starts poll_handler gets set and is reset back to
271 * NULL when polling stops.
272 */
273 struct polling_params {
274 struct event_handler_info* poll_handler;
275 struct event_handler_info* paused_handler;
276 struct timespec poll_start_tm;
277 struct timespec last_poll_tm;
278 int polling_interval_ms;
279 enum polling_update update;
280 };
281
282 /* data required to handle events */
283 struct event_handler_info {
284 int data;
285 void (*handler)(int data, uint32_t events, struct polling_params *poll_params);
286 };
287
288 /* data required to handle socket events */
289 struct sock_event_handler_info {
290 int sock;
291 pid_t pid;
292 uint32_t async_event_mask;
293 struct event_handler_info handler_info;
294 };
295
296 /* max supported number of data connections (AMS, init, tests) */
297 #define MAX_DATA_CONN 3
298
299 /* socket event handler data */
300 static struct sock_event_handler_info ctrl_sock;
301 static struct sock_event_handler_info data_sock[MAX_DATA_CONN];
302
303 /* vmpressure event handler data */
304 static struct event_handler_info vmpressure_hinfo[VMPRESS_LEVEL_COUNT];
305
306 /*
307 * 1 ctrl listen socket, 3 ctrl data socket, 3 memory pressure levels,
308 * 1 lmk events + 1 fd to wait for process death + 1 fd to receive kill failure notifications
309 * + 1 fd to receive memevent_listener notifications
310 */
311 #define MAX_EPOLL_EVENTS (1 + MAX_DATA_CONN + VMPRESS_LEVEL_COUNT + 1 + 1 + 1 + 1)
312 static int epollfd;
313 static int maxevents;
314
315 /* OOM score values used by both kernel and framework */
316 #define OOM_SCORE_ADJ_MIN (-1000)
317 #define OOM_SCORE_ADJ_MAX 1000
318
319 static std::array<int, MAX_TARGETS> lowmem_adj;
320 static std::array<int, MAX_TARGETS> lowmem_minfree;
321 static int lowmem_targets_size;
322
323 /* Fields to parse in /proc/zoneinfo */
324 /* zoneinfo per-zone fields */
325 enum zoneinfo_zone_field {
326 ZI_ZONE_NR_FREE_PAGES = 0,
327 ZI_ZONE_MIN,
328 ZI_ZONE_LOW,
329 ZI_ZONE_HIGH,
330 ZI_ZONE_PRESENT,
331 ZI_ZONE_NR_FREE_CMA,
332 ZI_ZONE_FIELD_COUNT
333 };
334
335 static const char* const zoneinfo_zone_field_names[ZI_ZONE_FIELD_COUNT] = {
336 "nr_free_pages",
337 "min",
338 "low",
339 "high",
340 "present",
341 "nr_free_cma",
342 };
343
344 /* zoneinfo per-zone special fields */
345 enum zoneinfo_zone_spec_field {
346 ZI_ZONE_SPEC_PROTECTION = 0,
347 ZI_ZONE_SPEC_PAGESETS,
348 ZI_ZONE_SPEC_FIELD_COUNT,
349 };
350
351 static const char* const zoneinfo_zone_spec_field_names[ZI_ZONE_SPEC_FIELD_COUNT] = {
352 "protection:",
353 "pagesets",
354 };
355
356 /* see __MAX_NR_ZONES definition in kernel mmzone.h */
357 #define MAX_NR_ZONES 6
358
359 union zoneinfo_zone_fields {
360 struct {
361 int64_t nr_free_pages;
362 int64_t min;
363 int64_t low;
364 int64_t high;
365 int64_t present;
366 int64_t nr_free_cma;
367 } field;
368 int64_t arr[ZI_ZONE_FIELD_COUNT];
369 };
370
371 struct zoneinfo_zone {
372 union zoneinfo_zone_fields fields;
373 int64_t protection[MAX_NR_ZONES];
374 int64_t max_protection;
375 };
376
377 /* zoneinfo per-node fields */
378 enum zoneinfo_node_field {
379 ZI_NODE_NR_INACTIVE_FILE = 0,
380 ZI_NODE_NR_ACTIVE_FILE,
381 ZI_NODE_FIELD_COUNT
382 };
383
384 static const char* const zoneinfo_node_field_names[ZI_NODE_FIELD_COUNT] = {
385 "nr_inactive_file",
386 "nr_active_file",
387 };
388
389 union zoneinfo_node_fields {
390 struct {
391 int64_t nr_inactive_file;
392 int64_t nr_active_file;
393 } field;
394 int64_t arr[ZI_NODE_FIELD_COUNT];
395 };
396
397 struct zoneinfo_node {
398 int id;
399 int zone_count;
400 struct zoneinfo_zone zones[MAX_NR_ZONES];
401 union zoneinfo_node_fields fields;
402 };
403
404 /* for now two memory nodes is more than enough */
405 #define MAX_NR_NODES 2
406
407 struct zoneinfo {
408 int node_count;
409 struct zoneinfo_node nodes[MAX_NR_NODES];
410 int64_t totalreserve_pages;
411 int64_t total_inactive_file;
412 int64_t total_active_file;
413 };
414
415 /* Fields to parse in /proc/meminfo */
416 enum meminfo_field {
417 MI_NR_FREE_PAGES = 0,
418 MI_CACHED,
419 MI_SWAP_CACHED,
420 MI_BUFFERS,
421 MI_SHMEM,
422 MI_UNEVICTABLE,
423 MI_TOTAL_SWAP,
424 MI_FREE_SWAP,
425 MI_ACTIVE_ANON,
426 MI_INACTIVE_ANON,
427 MI_ACTIVE_FILE,
428 MI_INACTIVE_FILE,
429 MI_SRECLAIMABLE,
430 MI_SUNRECLAIM,
431 MI_KERNEL_STACK,
432 MI_PAGE_TABLES,
433 MI_ION_HELP,
434 MI_ION_HELP_POOL,
435 MI_CMA_FREE,
436 MI_FIELD_COUNT
437 };
438
439 static const char* const meminfo_field_names[MI_FIELD_COUNT] = {
440 "MemFree:",
441 "Cached:",
442 "SwapCached:",
443 "Buffers:",
444 "Shmem:",
445 "Unevictable:",
446 "SwapTotal:",
447 "SwapFree:",
448 "Active(anon):",
449 "Inactive(anon):",
450 "Active(file):",
451 "Inactive(file):",
452 "SReclaimable:",
453 "SUnreclaim:",
454 "KernelStack:",
455 "PageTables:",
456 "ION_heap:",
457 "ION_heap_pool:",
458 "CmaFree:",
459 };
460
461 union meminfo {
462 struct {
463 int64_t nr_free_pages;
464 int64_t cached;
465 int64_t swap_cached;
466 int64_t buffers;
467 int64_t shmem;
468 int64_t unevictable;
469 int64_t total_swap;
470 int64_t free_swap;
471 int64_t active_anon;
472 int64_t inactive_anon;
473 int64_t active_file;
474 int64_t inactive_file;
475 int64_t sreclaimable;
476 int64_t sunreclaimable;
477 int64_t kernel_stack;
478 int64_t page_tables;
479 int64_t ion_heap;
480 int64_t ion_heap_pool;
481 int64_t cma_free;
482 /* fields below are calculated rather than read from the file */
483 int64_t nr_file_pages;
484 int64_t total_gpu_kb;
485 int64_t easy_available;
486 } field;
487 int64_t arr[MI_FIELD_COUNT];
488 };
489
490 /* Fields to parse in /proc/vmstat */
491 enum vmstat_field {
492 VS_FREE_PAGES,
493 VS_INACTIVE_FILE,
494 VS_ACTIVE_FILE,
495 VS_WORKINGSET_REFAULT,
496 VS_WORKINGSET_REFAULT_FILE,
497 VS_PGSCAN_KSWAPD,
498 VS_PGSCAN_DIRECT,
499 VS_PGSCAN_DIRECT_THROTTLE,
500 VS_PGREFILL,
501 VS_FIELD_COUNT
502 };
503
504 static const char* const vmstat_field_names[VS_FIELD_COUNT] = {
505 "nr_free_pages",
506 "nr_inactive_file",
507 "nr_active_file",
508 "workingset_refault",
509 "workingset_refault_file",
510 "pgscan_kswapd",
511 "pgscan_direct",
512 "pgscan_direct_throttle",
513 "pgrefill",
514 };
515
516 union vmstat {
517 struct {
518 int64_t nr_free_pages;
519 int64_t nr_inactive_file;
520 int64_t nr_active_file;
521 int64_t workingset_refault;
522 int64_t workingset_refault_file;
523 int64_t pgscan_kswapd;
524 int64_t pgscan_direct;
525 int64_t pgscan_direct_throttle;
526 int64_t pgrefill;
527 } field;
528 int64_t arr[VS_FIELD_COUNT];
529 };
530
531 enum field_match_result {
532 NO_MATCH,
533 PARSE_FAIL,
534 PARSE_SUCCESS
535 };
536
537 struct adjslot_list {
538 struct adjslot_list *next;
539 struct adjslot_list *prev;
540 };
541
542 struct proc {
543 struct adjslot_list asl;
544 int pid;
545 int pidfd;
546 uid_t uid;
547 int oomadj;
548 pid_t reg_pid; /* PID of the process that registered this record */
549 bool valid;
550 struct proc *pidhash_next;
551 };
552
553 struct reread_data {
554 const char* const filename;
555 int fd;
556 };
557
558 #define PIDHASH_SZ 1024
559 static struct proc *pidhash[PIDHASH_SZ];
560 #define pid_hashfn(x) ((((x) >> 8) ^ (x)) & (PIDHASH_SZ - 1))
561
562 #define ADJTOSLOT(adj) ((adj) + -OOM_SCORE_ADJ_MIN)
563 #define ADJTOSLOT_COUNT (ADJTOSLOT(OOM_SCORE_ADJ_MAX) + 1)
564
565 // protects procadjslot_list from concurrent access
566 static std::shared_mutex adjslot_list_lock;
567 // procadjslot_list should be modified only from the main thread while exclusively holding
568 // adjslot_list_lock. Readers from non-main threads should hold adjslot_list_lock shared lock.
569 static struct adjslot_list procadjslot_list[ADJTOSLOT_COUNT];
570
571 #define MAX_DISTINCT_OOM_ADJ 32
572 #define KILLCNT_INVALID_IDX 0xFF
573 /*
574 * Because killcnt array is sparse a two-level indirection is used
575 * to keep the size small. killcnt_idx stores index of the element in
576 * killcnt array. Index KILLCNT_INVALID_IDX indicates an unused slot.
577 */
578 static uint8_t killcnt_idx[ADJTOSLOT_COUNT];
579 static uint16_t killcnt[MAX_DISTINCT_OOM_ADJ];
580 static int killcnt_free_idx = 0;
581 static uint32_t killcnt_total = 0;
582
583 static int pagesize;
584 static long page_k; /* page size in kB */
585
586 static bool update_props();
587 static bool init_monitors();
588 static void destroy_monitors();
589 static bool init_memevent_listener_monitoring();
590
clamp(int low,int high,int value)591 static int clamp(int low, int high, int value) {
592 return std::max(std::min(value, high), low);
593 }
594
parse_int64(const char * str,int64_t * ret)595 static bool parse_int64(const char* str, int64_t* ret) {
596 char* endptr;
597 long long val = strtoll(str, &endptr, 10);
598 if (str == endptr || val > INT64_MAX) {
599 return false;
600 }
601 *ret = (int64_t)val;
602 return true;
603 }
604
find_field(const char * name,const char * const field_names[],int field_count)605 static int find_field(const char* name, const char* const field_names[], int field_count) {
606 for (int i = 0; i < field_count; i++) {
607 if (!strcmp(name, field_names[i])) {
608 return i;
609 }
610 }
611 return -1;
612 }
613
match_field(const char * cp,const char * ap,const char * const field_names[],int field_count,int64_t * field,int * field_idx)614 static enum field_match_result match_field(const char* cp, const char* ap,
615 const char* const field_names[],
616 int field_count, int64_t* field,
617 int *field_idx) {
618 int i = find_field(cp, field_names, field_count);
619 if (i < 0) {
620 return NO_MATCH;
621 }
622 *field_idx = i;
623 return parse_int64(ap, field) ? PARSE_SUCCESS : PARSE_FAIL;
624 }
625
626 /*
627 * Read file content from the beginning up to max_len bytes or EOF
628 * whichever happens first.
629 */
read_all(int fd,char * buf,size_t max_len)630 static ssize_t read_all(int fd, char *buf, size_t max_len)
631 {
632 ssize_t ret = 0;
633 off_t offset = 0;
634
635 while (max_len > 0) {
636 ssize_t r = TEMP_FAILURE_RETRY(pread(fd, buf, max_len, offset));
637 if (r == 0) {
638 break;
639 }
640 if (r == -1) {
641 return -1;
642 }
643 ret += r;
644 buf += r;
645 offset += r;
646 max_len -= r;
647 }
648
649 return ret;
650 }
651
652 /*
653 * Read a new or already opened file from the beginning.
654 * If the file has not been opened yet data->fd should be set to -1.
655 * To be used with files which are read often and possibly during high
656 * memory pressure to minimize file opening which by itself requires kernel
657 * memory allocation and might result in a stall on memory stressed system.
658 */
reread_file(struct reread_data * data)659 static char *reread_file(struct reread_data *data) {
660 /* start with page-size buffer and increase if needed */
661 static ssize_t buf_size = pagesize;
662 static char *new_buf, *buf = NULL;
663 ssize_t size;
664
665 if (data->fd == -1) {
666 /* First-time buffer initialization */
667 if (!buf && (buf = static_cast<char*>(malloc(buf_size))) == nullptr) {
668 return NULL;
669 }
670
671 data->fd = TEMP_FAILURE_RETRY(open(data->filename, O_RDONLY | O_CLOEXEC));
672 if (data->fd < 0) {
673 ALOGE("%s open: %s", data->filename, strerror(errno));
674 return NULL;
675 }
676 }
677
678 while (true) {
679 size = read_all(data->fd, buf, buf_size - 1);
680 if (size < 0) {
681 ALOGE("%s read: %s", data->filename, strerror(errno));
682 close(data->fd);
683 data->fd = -1;
684 return NULL;
685 }
686 if (size < buf_size - 1) {
687 break;
688 }
689 /*
690 * Since we are reading /proc files we can't use fstat to find out
691 * the real size of the file. Double the buffer size and keep retrying.
692 */
693 if ((new_buf = static_cast<char*>(realloc(buf, buf_size * 2))) == nullptr) {
694 errno = ENOMEM;
695 return NULL;
696 }
697 buf = new_buf;
698 buf_size *= 2;
699 }
700 buf[size] = 0;
701
702 return buf;
703 }
704
claim_record(struct proc * procp,pid_t pid)705 static bool claim_record(struct proc* procp, pid_t pid) {
706 if (procp->reg_pid == pid) {
707 /* Record already belongs to the registrant */
708 return true;
709 }
710 if (procp->reg_pid == 0) {
711 /* Old registrant is gone, claim the record */
712 procp->reg_pid = pid;
713 return true;
714 }
715 /* The record is owned by another registrant */
716 return false;
717 }
718
remove_claims(pid_t pid)719 static void remove_claims(pid_t pid) {
720 int i;
721
722 for (i = 0; i < PIDHASH_SZ; i++) {
723 struct proc* procp = pidhash[i];
724 while (procp) {
725 if (procp->reg_pid == pid) {
726 procp->reg_pid = 0;
727 }
728 procp = procp->pidhash_next;
729 }
730 }
731 }
732
ctrl_data_close(int dsock_idx)733 static void ctrl_data_close(int dsock_idx) {
734 struct epoll_event epev;
735
736 ALOGI("closing lmkd data connection");
737 if (epoll_ctl(epollfd, EPOLL_CTL_DEL, data_sock[dsock_idx].sock, &epev) == -1) {
738 // Log a warning and keep going
739 ALOGW("epoll_ctl for data connection socket failed; errno=%d", errno);
740 }
741 maxevents--;
742
743 close(data_sock[dsock_idx].sock);
744 data_sock[dsock_idx].sock = -1;
745
746 /* Mark all records of the old registrant as unclaimed */
747 remove_claims(data_sock[dsock_idx].pid);
748 }
749
ctrl_data_read(int dsock_idx,char * buf,size_t bufsz,struct ucred * sender_cred)750 static ssize_t ctrl_data_read(int dsock_idx, char* buf, size_t bufsz, struct ucred* sender_cred) {
751 struct iovec iov = {buf, bufsz};
752 char control[CMSG_SPACE(sizeof(struct ucred))];
753 struct msghdr hdr = {
754 NULL, 0, &iov, 1, control, sizeof(control), 0,
755 };
756 ssize_t ret;
757 ret = TEMP_FAILURE_RETRY(recvmsg(data_sock[dsock_idx].sock, &hdr, 0));
758 if (ret == -1) {
759 ALOGE("control data socket read failed; %s", strerror(errno));
760 return -1;
761 }
762 if (ret == 0) {
763 ALOGE("Got EOF on control data socket");
764 return -1;
765 }
766
767 struct ucred* cred = NULL;
768 struct cmsghdr* cmsg = CMSG_FIRSTHDR(&hdr);
769 while (cmsg != NULL) {
770 if (cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_CREDENTIALS) {
771 cred = (struct ucred*)CMSG_DATA(cmsg);
772 break;
773 }
774 cmsg = CMSG_NXTHDR(&hdr, cmsg);
775 }
776
777 if (cred == NULL) {
778 ALOGE("Failed to retrieve sender credentials");
779 /* Close the connection */
780 ctrl_data_close(dsock_idx);
781 return -1;
782 }
783
784 memcpy(sender_cred, cred, sizeof(struct ucred));
785
786 /* Store PID of the peer */
787 data_sock[dsock_idx].pid = cred->pid;
788
789 return ret;
790 }
791
ctrl_data_write(int dsock_idx,char * buf,size_t bufsz)792 static int ctrl_data_write(int dsock_idx, char* buf, size_t bufsz) {
793 int ret = 0;
794
795 ret = TEMP_FAILURE_RETRY(write(data_sock[dsock_idx].sock, buf, bufsz));
796
797 if (ret == -1) {
798 ALOGE("control data socket write failed; errno=%d", errno);
799 } else if (ret == 0) {
800 ALOGE("Got EOF on control data socket");
801 ret = -1;
802 }
803
804 return ret;
805 }
806
807 /*
808 * Write the pid/uid pair over the data socket, note: all active clients
809 * will receive this unsolicited notification.
810 */
ctrl_data_write_lmk_kill_occurred(pid_t pid,uid_t uid)811 static void ctrl_data_write_lmk_kill_occurred(pid_t pid, uid_t uid) {
812 LMKD_CTRL_PACKET packet;
813 size_t len = lmkd_pack_set_prockills(packet, pid, uid);
814
815 for (int i = 0; i < MAX_DATA_CONN; i++) {
816 if (data_sock[i].sock >= 0 && data_sock[i].async_event_mask & 1 << LMK_ASYNC_EVENT_KILL) {
817 ctrl_data_write(i, (char*)packet, len);
818 }
819 }
820 }
821
822 /*
823 * Write the kill_stat/memory_stat over the data socket to be propagated via AMS to statsd
824 */
stats_write_lmk_kill_occurred(struct kill_stat * kill_st,struct memory_stat * mem_st)825 static void stats_write_lmk_kill_occurred(struct kill_stat *kill_st,
826 struct memory_stat *mem_st) {
827 LMK_KILL_OCCURRED_PACKET packet;
828 const size_t len = lmkd_pack_set_kill_occurred(packet, kill_st, mem_st);
829 if (len == 0) {
830 return;
831 }
832
833 for (int i = 0; i < MAX_DATA_CONN; i++) {
834 if (data_sock[i].sock >= 0 && data_sock[i].async_event_mask & 1 << LMK_ASYNC_EVENT_STAT) {
835 ctrl_data_write(i, packet, len);
836 }
837 }
838
839 }
840
stats_write_lmk_kill_occurred_pid(int pid,struct kill_stat * kill_st,struct memory_stat * mem_st)841 static void stats_write_lmk_kill_occurred_pid(int pid, struct kill_stat *kill_st,
842 struct memory_stat *mem_st) {
843 kill_st->taskname = stats_get_task_name(pid);
844 if (kill_st->taskname != NULL) {
845 stats_write_lmk_kill_occurred(kill_st, mem_st);
846 }
847 }
848
poll_kernel(int poll_fd)849 static void poll_kernel(int poll_fd) {
850 if (poll_fd == -1) {
851 // not waiting
852 return;
853 }
854
855 while (1) {
856 char rd_buf[256];
857 int bytes_read = TEMP_FAILURE_RETRY(pread(poll_fd, (void*)rd_buf, sizeof(rd_buf) - 1, 0));
858 if (bytes_read <= 0) break;
859 rd_buf[bytes_read] = '\0';
860
861 int64_t pid;
862 int64_t uid;
863 int64_t group_leader_pid;
864 int64_t rss_in_pages;
865 struct memory_stat mem_st = {};
866 int16_t oom_score_adj;
867 int16_t min_score_adj;
868 int64_t starttime;
869 char* taskname = 0;
870
871 int fields_read =
872 sscanf(rd_buf,
873 "%" SCNd64 " %" SCNd64 " %" SCNd64 " %" SCNd64 " %" SCNd64 " %" SCNd64
874 " %" SCNd16 " %" SCNd16 " %" SCNd64 "\n%m[^\n]",
875 &pid, &uid, &group_leader_pid, &mem_st.pgfault, &mem_st.pgmajfault,
876 &rss_in_pages, &oom_score_adj, &min_score_adj, &starttime, &taskname);
877
878 /* only the death of the group leader process is logged */
879 if (fields_read == 10 && group_leader_pid == pid) {
880 ctrl_data_write_lmk_kill_occurred((pid_t)pid, (uid_t)uid);
881 mem_st.process_start_time_ns = starttime * (NS_PER_SEC / sysconf(_SC_CLK_TCK));
882 mem_st.rss_in_bytes = rss_in_pages * pagesize;
883
884 struct kill_stat kill_st = {
885 .uid = static_cast<int32_t>(uid),
886 .kill_reason = NONE,
887 .oom_score = oom_score_adj,
888 .min_oom_score = min_score_adj,
889 .free_mem_kb = 0,
890 .free_swap_kb = 0,
891 };
892 stats_write_lmk_kill_occurred_pid(pid, &kill_st, &mem_st);
893 }
894
895 free(taskname);
896 }
897 }
898
init_poll_kernel()899 static bool init_poll_kernel() {
900 kpoll_fd = TEMP_FAILURE_RETRY(open("/proc/lowmemorykiller", O_RDONLY | O_NONBLOCK | O_CLOEXEC));
901
902 if (kpoll_fd < 0) {
903 ALOGE("kernel lmk event file could not be opened; errno=%d", errno);
904 return false;
905 }
906
907 return true;
908 }
909
pid_lookup(int pid)910 static struct proc *pid_lookup(int pid) {
911 struct proc *procp;
912
913 for (procp = pidhash[pid_hashfn(pid)]; procp && procp->pid != pid;
914 procp = procp->pidhash_next)
915 ;
916
917 return procp;
918 }
919
adjslot_insert(struct adjslot_list * head,struct adjslot_list * new_element)920 static void adjslot_insert(struct adjslot_list *head, struct adjslot_list *new_element)
921 {
922 struct adjslot_list *next = head->next;
923 new_element->prev = head;
924 new_element->next = next;
925 next->prev = new_element;
926 head->next = new_element;
927 }
928
adjslot_remove(struct adjslot_list * old)929 static void adjslot_remove(struct adjslot_list *old)
930 {
931 struct adjslot_list *prev = old->prev;
932 struct adjslot_list *next = old->next;
933 next->prev = prev;
934 prev->next = next;
935 }
936
adjslot_tail(struct adjslot_list * head)937 static struct adjslot_list *adjslot_tail(struct adjslot_list *head) {
938 struct adjslot_list *asl = head->prev;
939
940 return asl == head ? NULL : asl;
941 }
942
943 // Should be modified only from the main thread.
proc_slot(struct proc * procp)944 static void proc_slot(struct proc *procp) {
945 int adjslot = ADJTOSLOT(procp->oomadj);
946 std::scoped_lock lock(adjslot_list_lock);
947
948 adjslot_insert(&procadjslot_list[adjslot], &procp->asl);
949 }
950
951 // Should be modified only from the main thread.
proc_unslot(struct proc * procp)952 static void proc_unslot(struct proc *procp) {
953 std::scoped_lock lock(adjslot_list_lock);
954
955 adjslot_remove(&procp->asl);
956 }
957
proc_insert(struct proc * procp)958 static void proc_insert(struct proc *procp) {
959 int hval = pid_hashfn(procp->pid);
960
961 procp->pidhash_next = pidhash[hval];
962 pidhash[hval] = procp;
963 proc_slot(procp);
964 }
965
966 // Can be called only from the main thread.
pid_remove(int pid)967 static int pid_remove(int pid) {
968 int hval = pid_hashfn(pid);
969 struct proc *procp;
970 struct proc *prevp;
971
972 for (procp = pidhash[hval], prevp = NULL; procp && procp->pid != pid;
973 procp = procp->pidhash_next)
974 prevp = procp;
975
976 if (!procp)
977 return -1;
978
979 if (!prevp)
980 pidhash[hval] = procp->pidhash_next;
981 else
982 prevp->pidhash_next = procp->pidhash_next;
983
984 proc_unslot(procp);
985 /*
986 * Close pidfd here if we are not waiting for corresponding process to die,
987 * in which case stop_wait_for_proc_kill() will close the pidfd later
988 */
989 if (procp->pidfd >= 0 && procp->pidfd != last_kill_pid_or_fd) {
990 close(procp->pidfd);
991 }
992 free(procp);
993 return 0;
994 }
995
pid_invalidate(int pid)996 static void pid_invalidate(int pid) {
997 std::shared_lock lock(adjslot_list_lock);
998 struct proc *procp = pid_lookup(pid);
999
1000 if (procp) {
1001 procp->valid = false;
1002 }
1003 }
1004
1005 /*
1006 * Write a string to a file.
1007 * Returns false if the file does not exist.
1008 */
writefilestring(const char * path,const char * s,bool err_if_missing)1009 static bool writefilestring(const char *path, const char *s,
1010 bool err_if_missing) {
1011 int fd = open(path, O_WRONLY | O_CLOEXEC);
1012 ssize_t len = strlen(s);
1013 ssize_t ret;
1014
1015 if (fd < 0) {
1016 if (err_if_missing) {
1017 ALOGE("Error opening %s; errno=%d", path, errno);
1018 }
1019 return false;
1020 }
1021
1022 ret = TEMP_FAILURE_RETRY(write(fd, s, len));
1023 if (ret < 0) {
1024 ALOGE("Error writing %s; errno=%d", path, errno);
1025 } else if (ret < len) {
1026 ALOGE("Short write on %s; length=%zd", path, ret);
1027 }
1028
1029 close(fd);
1030 return true;
1031 }
1032
get_time_diff_ms(struct timespec * from,struct timespec * to)1033 static inline long get_time_diff_ms(struct timespec *from,
1034 struct timespec *to) {
1035 return (to->tv_sec - from->tv_sec) * (long)MS_PER_SEC +
1036 (to->tv_nsec - from->tv_nsec) / (long)NS_PER_MS;
1037 }
1038
1039 /* Reads /proc/pid/status into buf. */
read_proc_status(int pid,char * buf,size_t buf_sz)1040 static bool read_proc_status(int pid, char *buf, size_t buf_sz) {
1041 char path[PROCFS_PATH_MAX];
1042 int fd;
1043 ssize_t size;
1044
1045 snprintf(path, PROCFS_PATH_MAX, "/proc/%d/status", pid);
1046 fd = open(path, O_RDONLY | O_CLOEXEC);
1047 if (fd < 0) {
1048 return false;
1049 }
1050
1051 size = read_all(fd, buf, buf_sz - 1);
1052 close(fd);
1053 if (size < 0) {
1054 return false;
1055 }
1056 buf[size] = 0;
1057 return true;
1058 }
1059
1060 /* Looks for tag in buf and parses the first integer */
parse_status_tag(char * buf,const char * tag,int64_t * out)1061 static bool parse_status_tag(char *buf, const char *tag, int64_t *out) {
1062 char *pos = buf;
1063 while (true) {
1064 pos = strstr(pos, tag);
1065 /* Stop if tag not found or found at the line beginning */
1066 if (pos == NULL || pos == buf || pos[-1] == '\n') {
1067 break;
1068 }
1069 pos++;
1070 }
1071
1072 if (pos == NULL) {
1073 return false;
1074 }
1075
1076 pos += strlen(tag);
1077 while (*pos == ' ') ++pos;
1078 return parse_int64(pos, out);
1079 }
1080
proc_get_size(int pid)1081 static int proc_get_size(int pid) {
1082 char path[PROCFS_PATH_MAX];
1083 char line[LINE_MAX];
1084 int fd;
1085 int rss = 0;
1086 int total;
1087 ssize_t ret;
1088
1089 /* gid containing AID_READPROC required */
1090 snprintf(path, PROCFS_PATH_MAX, "/proc/%d/statm", pid);
1091 fd = open(path, O_RDONLY | O_CLOEXEC);
1092 if (fd == -1)
1093 return -1;
1094
1095 ret = read_all(fd, line, sizeof(line) - 1);
1096 if (ret < 0) {
1097 close(fd);
1098 return -1;
1099 }
1100 line[ret] = '\0';
1101
1102 sscanf(line, "%d %d ", &total, &rss);
1103 close(fd);
1104 return rss;
1105 }
1106
proc_get_name(int pid,char * buf,size_t buf_size)1107 static char *proc_get_name(int pid, char *buf, size_t buf_size) {
1108 char path[PROCFS_PATH_MAX];
1109 int fd;
1110 char *cp;
1111 ssize_t ret;
1112
1113 /* gid containing AID_READPROC required */
1114 snprintf(path, PROCFS_PATH_MAX, "/proc/%d/cmdline", pid);
1115 fd = open(path, O_RDONLY | O_CLOEXEC);
1116 if (fd == -1) {
1117 return NULL;
1118 }
1119 ret = read_all(fd, buf, buf_size - 1);
1120 close(fd);
1121 if (ret < 0) {
1122 return NULL;
1123 }
1124 buf[ret] = '\0';
1125
1126 cp = strchr(buf, ' ');
1127 if (cp) {
1128 *cp = '\0';
1129 }
1130
1131 return buf;
1132 }
1133
register_oom_adj_proc(const struct lmk_procprio & proc,struct ucred * cred)1134 static void register_oom_adj_proc(const struct lmk_procprio& proc, struct ucred* cred) {
1135 char val[20];
1136 int soft_limit_mult;
1137 bool is_system_server;
1138 struct passwd *pwdrec;
1139 struct proc* procp;
1140 int oom_adj_score = proc.oomadj;
1141
1142 /* lmkd should not change soft limits for services */
1143 if (proc.ptype == PROC_TYPE_APP && per_app_memcg) {
1144 if (proc.oomadj >= 900) {
1145 soft_limit_mult = 0;
1146 } else if (proc.oomadj >= 800) {
1147 soft_limit_mult = 0;
1148 } else if (proc.oomadj >= 700) {
1149 soft_limit_mult = 0;
1150 } else if (proc.oomadj >= 600) {
1151 // Launcher should be perceptible, don't kill it.
1152 oom_adj_score = 200;
1153 soft_limit_mult = 1;
1154 } else if (proc.oomadj >= 500) {
1155 soft_limit_mult = 0;
1156 } else if (proc.oomadj >= 400) {
1157 soft_limit_mult = 0;
1158 } else if (proc.oomadj >= 300) {
1159 soft_limit_mult = 1;
1160 } else if (proc.oomadj >= 200) {
1161 soft_limit_mult = 8;
1162 } else if (proc.oomadj >= 100) {
1163 soft_limit_mult = 10;
1164 } else if (proc.oomadj >= 0) {
1165 soft_limit_mult = 20;
1166 } else {
1167 // Persistent processes will have a large
1168 // soft limit 512MB.
1169 soft_limit_mult = 64;
1170 }
1171
1172 std::string soft_limit_path;
1173 if (!CgroupGetAttributePathForTask("MemSoftLimit", proc.pid, &soft_limit_path)) {
1174 ALOGE("Querying MemSoftLimit path failed");
1175 return;
1176 }
1177
1178 snprintf(val, sizeof(val), "%d", soft_limit_mult * EIGHT_MEGA);
1179
1180 /*
1181 * system_server process has no memcg under /dev/memcg/apps but should be
1182 * registered with lmkd. This is the best way so far to identify it.
1183 */
1184 is_system_server = (oom_adj_score == SYSTEM_ADJ && (pwdrec = getpwnam("system")) != NULL &&
1185 proc.uid == pwdrec->pw_uid);
1186 writefilestring(soft_limit_path.c_str(), val, !is_system_server);
1187 }
1188
1189 procp = pid_lookup(proc.pid);
1190 if (!procp) {
1191 int pidfd = -1;
1192
1193 if (pidfd_supported) {
1194 pidfd = TEMP_FAILURE_RETRY(pidfd_open(proc.pid, 0));
1195 if (pidfd < 0) {
1196 ALOGE("pidfd_open for pid %d failed; errno=%d", proc.pid, errno);
1197 return;
1198 }
1199 }
1200
1201 procp = static_cast<struct proc*>(calloc(1, sizeof(struct proc)));
1202 if (!procp) {
1203 // Oh, the irony. May need to rebuild our state.
1204 return;
1205 }
1206
1207 procp->pid = proc.pid;
1208 procp->pidfd = pidfd;
1209 procp->uid = proc.uid;
1210 procp->reg_pid = cred->pid;
1211 procp->oomadj = oom_adj_score;
1212 procp->valid = true;
1213 proc_insert(procp);
1214 } else {
1215 if (!claim_record(procp, cred->pid)) {
1216 char buf[LINE_MAX];
1217 char *taskname = proc_get_name(cred->pid, buf, sizeof(buf));
1218 /* Only registrant of the record can remove it */
1219 ALOGE("%s (%d, %d) attempts to modify a process registered by another client",
1220 taskname ? taskname : "A process ", cred->uid, cred->pid);
1221 return;
1222 }
1223 proc_unslot(procp);
1224 procp->oomadj = oom_adj_score;
1225 proc_slot(procp);
1226 }
1227 }
1228
apply_proc_prio(const struct lmk_procprio & params,struct ucred * cred)1229 static void apply_proc_prio(const struct lmk_procprio& params, struct ucred* cred) {
1230 char path[PROCFS_PATH_MAX];
1231 char val[20];
1232 int64_t tgid;
1233 char buf[pagesize];
1234
1235 if (params.oomadj < OOM_SCORE_ADJ_MIN || params.oomadj > OOM_SCORE_ADJ_MAX) {
1236 ALOGE("Invalid PROCPRIO oomadj argument %d", params.oomadj);
1237 return;
1238 }
1239
1240 if (params.ptype < PROC_TYPE_FIRST || params.ptype >= PROC_TYPE_COUNT) {
1241 ALOGE("Invalid PROCPRIO process type argument %d", params.ptype);
1242 return;
1243 }
1244
1245 /* Check if registered process is a thread group leader */
1246 if (read_proc_status(params.pid, buf, sizeof(buf))) {
1247 if (parse_status_tag(buf, PROC_STATUS_TGID_FIELD, &tgid) && tgid != params.pid) {
1248 ALOGE("Attempt to register a task that is not a thread group leader "
1249 "(tid %d, tgid %" PRId64 ")",
1250 params.pid, tgid);
1251 return;
1252 }
1253 }
1254
1255 /* gid containing AID_READPROC required */
1256 /* CAP_SYS_RESOURCE required */
1257 /* CAP_DAC_OVERRIDE required */
1258 snprintf(path, sizeof(path), "/proc/%d/oom_score_adj", params.pid);
1259 snprintf(val, sizeof(val), "%d", params.oomadj);
1260 if (!writefilestring(path, val, false)) {
1261 ALOGW("Failed to open %s; errno=%d: process %d might have been killed", path, errno,
1262 params.pid);
1263 /* If this file does not exist the process is dead. */
1264 return;
1265 }
1266
1267 if (use_inkernel_interface) {
1268 stats_store_taskname(params.pid, proc_get_name(params.pid, path, sizeof(path)));
1269 return;
1270 }
1271
1272 register_oom_adj_proc(params, cred);
1273 }
1274
cmd_procprio(LMKD_CTRL_PACKET packet,int field_count,struct ucred * cred)1275 static void cmd_procprio(LMKD_CTRL_PACKET packet, int field_count, struct ucred* cred) {
1276 struct lmk_procprio proc_prio;
1277
1278 lmkd_pack_get_procprio(packet, field_count, &proc_prio);
1279 apply_proc_prio(proc_prio, cred);
1280 }
1281
cmd_procremove(LMKD_CTRL_PACKET packet,struct ucred * cred)1282 static void cmd_procremove(LMKD_CTRL_PACKET packet, struct ucred *cred) {
1283 struct lmk_procremove params;
1284 struct proc *procp;
1285
1286 lmkd_pack_get_procremove(packet, ¶ms);
1287
1288 if (use_inkernel_interface) {
1289 /*
1290 * Perform an extra check before the pid is removed, after which it
1291 * will be impossible for poll_kernel to get the taskname. poll_kernel()
1292 * is potentially a long-running blocking function; however this method
1293 * handles AMS requests but does not block AMS.
1294 */
1295 poll_kernel(kpoll_fd);
1296
1297 stats_remove_taskname(params.pid);
1298 return;
1299 }
1300
1301 procp = pid_lookup(params.pid);
1302 if (!procp) {
1303 return;
1304 }
1305
1306 if (!claim_record(procp, cred->pid)) {
1307 char buf[LINE_MAX];
1308 char *taskname = proc_get_name(cred->pid, buf, sizeof(buf));
1309 /* Only registrant of the record can remove it */
1310 ALOGE("%s (%d, %d) attempts to unregister a process registered by another client",
1311 taskname ? taskname : "A process ", cred->uid, cred->pid);
1312 return;
1313 }
1314
1315 /*
1316 * WARNING: After pid_remove() procp is freed and can't be used!
1317 * Therefore placed at the end of the function.
1318 */
1319 pid_remove(params.pid);
1320 }
1321
cmd_procpurge(struct ucred * cred)1322 static void cmd_procpurge(struct ucred *cred) {
1323 int i;
1324 struct proc *procp;
1325 struct proc *next;
1326
1327 if (use_inkernel_interface) {
1328 stats_purge_tasknames();
1329 return;
1330 }
1331
1332 for (i = 0; i < PIDHASH_SZ; i++) {
1333 procp = pidhash[i];
1334 while (procp) {
1335 next = procp->pidhash_next;
1336 /* Purge only records created by the requestor */
1337 if (claim_record(procp, cred->pid)) {
1338 pid_remove(procp->pid);
1339 }
1340 procp = next;
1341 }
1342 }
1343 }
1344
cmd_subscribe(int dsock_idx,LMKD_CTRL_PACKET packet)1345 static void cmd_subscribe(int dsock_idx, LMKD_CTRL_PACKET packet) {
1346 struct lmk_subscribe params;
1347
1348 lmkd_pack_get_subscribe(packet, ¶ms);
1349 data_sock[dsock_idx].async_event_mask |= 1 << params.evt_type;
1350 }
1351
inc_killcnt(int oomadj)1352 static void inc_killcnt(int oomadj) {
1353 int slot = ADJTOSLOT(oomadj);
1354 uint8_t idx = killcnt_idx[slot];
1355
1356 if (idx == KILLCNT_INVALID_IDX) {
1357 /* index is not assigned for this oomadj */
1358 if (killcnt_free_idx < MAX_DISTINCT_OOM_ADJ) {
1359 killcnt_idx[slot] = killcnt_free_idx;
1360 killcnt[killcnt_free_idx] = 1;
1361 killcnt_free_idx++;
1362 } else {
1363 ALOGW("Number of distinct oomadj levels exceeds %d",
1364 MAX_DISTINCT_OOM_ADJ);
1365 }
1366 } else {
1367 /*
1368 * wraparound is highly unlikely and is detectable using total
1369 * counter because it has to be equal to the sum of all counters
1370 */
1371 killcnt[idx]++;
1372 }
1373 /* increment total kill counter */
1374 killcnt_total++;
1375 }
1376
get_killcnt(int min_oomadj,int max_oomadj)1377 static int get_killcnt(int min_oomadj, int max_oomadj) {
1378 int slot;
1379 int count = 0;
1380
1381 if (min_oomadj > max_oomadj)
1382 return 0;
1383
1384 /* special case to get total kill count */
1385 if (min_oomadj > OOM_SCORE_ADJ_MAX)
1386 return killcnt_total;
1387
1388 while (min_oomadj <= max_oomadj &&
1389 (slot = ADJTOSLOT(min_oomadj)) < ADJTOSLOT_COUNT) {
1390 uint8_t idx = killcnt_idx[slot];
1391 if (idx != KILLCNT_INVALID_IDX) {
1392 count += killcnt[idx];
1393 }
1394 min_oomadj++;
1395 }
1396
1397 return count;
1398 }
1399
cmd_getkillcnt(LMKD_CTRL_PACKET packet)1400 static int cmd_getkillcnt(LMKD_CTRL_PACKET packet) {
1401 struct lmk_getkillcnt params;
1402
1403 if (use_inkernel_interface) {
1404 /* kernel driver does not expose this information */
1405 return 0;
1406 }
1407
1408 lmkd_pack_get_getkillcnt(packet, ¶ms);
1409
1410 return get_killcnt(params.min_oomadj, params.max_oomadj);
1411 }
1412
cmd_target(int ntargets,LMKD_CTRL_PACKET packet)1413 static void cmd_target(int ntargets, LMKD_CTRL_PACKET packet) {
1414 int i;
1415 struct lmk_target target;
1416 char minfree_str[PROPERTY_VALUE_MAX];
1417 char *pstr = minfree_str;
1418 char *pend = minfree_str + sizeof(minfree_str);
1419 static struct timespec last_req_tm;
1420 struct timespec curr_tm;
1421
1422 if (ntargets < 1 || ntargets > (int)lowmem_adj.size()) {
1423 return;
1424 }
1425
1426 /*
1427 * Ratelimit minfree updates to once per TARGET_UPDATE_MIN_INTERVAL_MS
1428 * to prevent DoS attacks
1429 */
1430 if (clock_gettime(CLOCK_MONOTONIC_COARSE, &curr_tm) != 0) {
1431 ALOGE("Failed to get current time");
1432 return;
1433 }
1434
1435 if (get_time_diff_ms(&last_req_tm, &curr_tm) <
1436 TARGET_UPDATE_MIN_INTERVAL_MS) {
1437 ALOGE("Ignoring frequent updated to lmkd limits");
1438 return;
1439 }
1440
1441 last_req_tm = curr_tm;
1442
1443 for (i = 0; i < ntargets; i++) {
1444 lmkd_pack_get_target(packet, i, &target);
1445 lowmem_minfree[i] = target.minfree;
1446 lowmem_adj[i] = target.oom_adj_score;
1447
1448 pstr += snprintf(pstr, pend - pstr, "%d:%d,", target.minfree,
1449 target.oom_adj_score);
1450 if (pstr >= pend) {
1451 /* if no more space in the buffer then terminate the loop */
1452 pstr = pend;
1453 break;
1454 }
1455 }
1456
1457 lowmem_targets_size = ntargets;
1458
1459 /* Override the last extra comma */
1460 pstr[-1] = '\0';
1461 property_set("sys.lmk.minfree_levels", minfree_str);
1462
1463 if (has_inkernel_module) {
1464 char minfreestr[128];
1465 char killpriostr[128];
1466
1467 minfreestr[0] = '\0';
1468 killpriostr[0] = '\0';
1469
1470 for (i = 0; i < lowmem_targets_size; i++) {
1471 char val[40];
1472
1473 if (i) {
1474 strlcat(minfreestr, ",", sizeof(minfreestr));
1475 strlcat(killpriostr, ",", sizeof(killpriostr));
1476 }
1477
1478 snprintf(val, sizeof(val), "%d", use_inkernel_interface ? lowmem_minfree[i] : 0);
1479 strlcat(minfreestr, val, sizeof(minfreestr));
1480 snprintf(val, sizeof(val), "%d", use_inkernel_interface ? lowmem_adj[i] : 0);
1481 strlcat(killpriostr, val, sizeof(killpriostr));
1482 }
1483
1484 writefilestring(INKERNEL_MINFREE_PATH, minfreestr, true);
1485 writefilestring(INKERNEL_ADJ_PATH, killpriostr, true);
1486 }
1487 }
1488
handle_io_uring_procs_prio(const struct lmk_procs_prio & params,const int procs_count,struct ucred * cred)1489 static void handle_io_uring_procs_prio(const struct lmk_procs_prio& params, const int procs_count,
1490 struct ucred* cred) {
1491 struct io_uring_sqe* sqe;
1492 struct io_uring_cqe* cqe;
1493 int fds[PROCS_PRIO_MAX_RECORD_COUNT];
1494 char buffers[PROCS_PRIO_MAX_RECORD_COUNT]
1495 [256]; /* Reading proc/stat and write to proc/oom_score_adj */
1496 char path[PROCFS_PATH_MAX];
1497 char val[20];
1498 int64_t tgid;
1499 int ret;
1500 int num_requests = 0;
1501
1502 ret = io_uring_queue_init(PROCS_PRIO_MAX_RECORD_COUNT, &lmk_io_uring_ring, 0);
1503 if (ret) {
1504 ALOGE("LMK_PROCS_PRIO failed to setup io_uring ring: %s", strerror(-ret));
1505 return;
1506 }
1507
1508 std::fill_n(fds, PROCS_PRIO_MAX_RECORD_COUNT, -1);
1509 for (int i = 0; i < procs_count; i++) {
1510 if (params.procs[i].oomadj < OOM_SCORE_ADJ_MIN ||
1511 params.procs[i].oomadj > OOM_SCORE_ADJ_MAX)
1512 ALOGW("Skipping invalid PROCS_PRIO oomadj=%d for pid=%d", params.procs[i].oomadj,
1513 params.procs[i].pid);
1514 else if (params.procs[i].ptype < PROC_TYPE_FIRST ||
1515 params.procs[i].ptype >= PROC_TYPE_COUNT)
1516 ALOGW("Skipping invalid PROCS_PRIO pid=%d for invalid process type arg %d",
1517 params.procs[i].pid, params.procs[i].ptype);
1518 else {
1519 snprintf(path, PROCFS_PATH_MAX, "/proc/%d/status", params.procs[i].pid);
1520 fds[i] = open(path, O_RDONLY | O_CLOEXEC);
1521 if (fds[i] < 0) continue;
1522
1523 sqe = io_uring_get_sqe(&lmk_io_uring_ring);
1524 if (!sqe) {
1525 ALOGE("LMK_PROCS_PRIO skipping pid (%d), failed to get SQE for read proc status",
1526 params.procs[i].pid);
1527 close(fds[i]);
1528 fds[i] = -1;
1529 continue;
1530 }
1531
1532 io_uring_prep_read(sqe, fds[i], &buffers[i], sizeof(buffers[i]), 0);
1533 sqe->user_data = i;
1534 num_requests++;
1535 }
1536 }
1537
1538 if (num_requests == 0) {
1539 ALOGW("LMK_PROCS_PRIO has no read proc status requests to process");
1540 goto err;
1541 }
1542
1543 ret = io_uring_submit(&lmk_io_uring_ring);
1544 if (ret <= 0 || ret != num_requests) {
1545 ALOGE("Error submitting read processes' status to SQE: %s", strerror(ret));
1546 goto err;
1547 }
1548
1549 for (int i = 0; i < num_requests; i++) {
1550 ret = TEMP_FAILURE_RETRY(io_uring_wait_cqe(&lmk_io_uring_ring, &cqe));
1551 if (ret < 0 || !cqe) {
1552 ALOGE("Failed to get CQE, in LMK_PROCS_PRIO, for read batching: %s", strerror(-ret));
1553 goto err;
1554 }
1555 if (cqe->res < 0) {
1556 ALOGE("Error in LMK_PROCS_PRIO for async proc status read operation: %s",
1557 strerror(-cqe->res));
1558 continue;
1559 }
1560 if (cqe->user_data < 0 || static_cast<int>(cqe->user_data) > procs_count) {
1561 ALOGE("Invalid LMK_PROCS_PRIO CQE read data: %llu", cqe->user_data);
1562 continue;
1563 }
1564
1565 const int procs_idx = cqe->user_data;
1566 close(fds[procs_idx]);
1567 fds[procs_idx] = -1;
1568 io_uring_cqe_seen(&lmk_io_uring_ring, cqe);
1569
1570 if (parse_status_tag(buffers[procs_idx], PROC_STATUS_TGID_FIELD, &tgid) &&
1571 tgid != params.procs[procs_idx].pid) {
1572 ALOGE("Attempt to register a task that is not a thread group leader "
1573 "(tid %d, tgid %" PRId64 ")",
1574 params.procs[procs_idx].pid, tgid);
1575 continue;
1576 }
1577
1578 /* Open write file to prepare for write batch */
1579 snprintf(path, sizeof(path), "/proc/%d/oom_score_adj", params.procs[procs_idx].pid);
1580 fds[procs_idx] = open(path, O_WRONLY | O_CLOEXEC);
1581 if (fds[procs_idx] < 0) {
1582 ALOGW("Failed to open %s; errno=%d: process %d might have been killed, skipping for "
1583 "LMK_PROCS_PRIO",
1584 path, errno, params.procs[procs_idx].pid);
1585 continue;
1586 }
1587 }
1588
1589 /* Prepare to write the new OOM score */
1590 num_requests = 0;
1591 for (int i = 0; i < procs_count; i++) {
1592 if (fds[i] < 0) continue;
1593
1594 /* gid containing AID_READPROC required */
1595 /* CAP_SYS_RESOURCE required */
1596 /* CAP_DAC_OVERRIDE required */
1597 snprintf(buffers[i], sizeof(buffers[i]), "%d", params.procs[i].oomadj);
1598 sqe = io_uring_get_sqe(&lmk_io_uring_ring);
1599 if (!sqe) {
1600 ALOGE("LMK_PROCS_PRIO skipping pid (%d), failed to get SQE for write",
1601 params.procs[i].pid);
1602 close(fds[i]);
1603 fds[i] = -1;
1604 continue;
1605 }
1606 io_uring_prep_write(sqe, fds[i], &buffers[i], sizeof(buffers[i]), 0);
1607 sqe->user_data = i;
1608 num_requests++;
1609 }
1610
1611 if (num_requests == 0) {
1612 ALOGW("LMK_PROCS_PRIO has no write proc oomadj requests to process");
1613 goto err;
1614 }
1615
1616 ret = io_uring_submit(&lmk_io_uring_ring);
1617 if (ret <= 0 || ret != num_requests) {
1618 ALOGE("Error submitting write data to sqe: %s", strerror(ret));
1619 goto err;
1620 }
1621
1622 /* Handle async write completions for proc/<pid>/oom_score_adj */
1623 for (int i = 0; i < num_requests; i++) {
1624 ret = TEMP_FAILURE_RETRY(io_uring_wait_cqe(&lmk_io_uring_ring, &cqe));
1625 if (ret < 0 || !cqe) {
1626 ALOGE("Failed to get CQE, in LMK_PROCS_PRIO, for write batching: %s", strerror(-ret));
1627 goto err;
1628 }
1629 if (cqe->res < 0) {
1630 ALOGE("Error in LMK_PROCS_PRIO for async proc status read operation: %s",
1631 strerror(-cqe->res));
1632 continue;
1633 }
1634 if (cqe->user_data < 0 || static_cast<int>(cqe->user_data) > procs_count) {
1635 ALOGE("Invalid LMK_PROCS_PRIO CQE read data: %llu", cqe->user_data);
1636 continue;
1637 }
1638
1639 const int procs_idx = cqe->user_data;
1640 close(fds[procs_idx]);
1641 fds[procs_idx] = -1;
1642 io_uring_cqe_seen(&lmk_io_uring_ring, cqe);
1643
1644 if (use_inkernel_interface) {
1645 stats_store_taskname(params.procs[procs_idx].pid,
1646 proc_get_name(params.procs[procs_idx].pid, path, sizeof(path)));
1647 continue;
1648 }
1649
1650 register_oom_adj_proc(params.procs[procs_idx], cred);
1651 }
1652
1653 io_uring_queue_exit(&lmk_io_uring_ring);
1654 return;
1655
1656 err:
1657 for (int fd : fds)
1658 if (fd >= 0) close(fd);
1659 io_uring_queue_exit(&lmk_io_uring_ring);
1660 return;
1661 }
1662
cmd_procs_prio(LMKD_CTRL_PACKET packet,const int field_count,struct ucred * cred)1663 static void cmd_procs_prio(LMKD_CTRL_PACKET packet, const int field_count, struct ucred* cred) {
1664 struct lmk_procs_prio params;
1665
1666 const int procs_count = lmkd_pack_get_procs_prio(packet, ¶ms, field_count);
1667 if (procs_count < 0) {
1668 ALOGE("LMK_PROCS_PRIO received invalid packet format");
1669 return;
1670 }
1671
1672 if (isIoUringSupported) {
1673 handle_io_uring_procs_prio(params, procs_count, cred);
1674 } else {
1675 for (int i = 0; i < procs_count; i++) apply_proc_prio(params.procs[i], cred);
1676 }
1677 }
1678
ctrl_command_handler(int dsock_idx)1679 static void ctrl_command_handler(int dsock_idx) {
1680 LMKD_CTRL_PACKET packet;
1681 struct ucred cred;
1682 int len;
1683 enum lmk_cmd cmd;
1684 int nargs;
1685 int targets;
1686 int kill_cnt;
1687 int result;
1688
1689 len = ctrl_data_read(dsock_idx, (char *)packet, CTRL_PACKET_MAX_SIZE, &cred);
1690 if (len <= 0)
1691 return;
1692
1693 if (len < (int)sizeof(int)) {
1694 ALOGE("Wrong control socket read length len=%d", len);
1695 return;
1696 }
1697
1698 cmd = lmkd_pack_get_cmd(packet);
1699 nargs = len / sizeof(int) - 1;
1700 if (nargs < 0)
1701 goto wronglen;
1702
1703 switch(cmd) {
1704 case LMK_TARGET:
1705 targets = nargs / 2;
1706 if (nargs & 0x1 || targets > (int)lowmem_adj.size()) {
1707 goto wronglen;
1708 }
1709 cmd_target(targets, packet);
1710 break;
1711 case LMK_PROCPRIO:
1712 /* process type field is optional for backward compatibility */
1713 if (nargs < 3 || nargs > 4)
1714 goto wronglen;
1715 cmd_procprio(packet, nargs, &cred);
1716 break;
1717 case LMK_PROCREMOVE:
1718 if (nargs != 1)
1719 goto wronglen;
1720 cmd_procremove(packet, &cred);
1721 break;
1722 case LMK_PROCPURGE:
1723 if (nargs != 0)
1724 goto wronglen;
1725 cmd_procpurge(&cred);
1726 break;
1727 case LMK_GETKILLCNT:
1728 if (nargs != 2)
1729 goto wronglen;
1730 kill_cnt = cmd_getkillcnt(packet);
1731 len = lmkd_pack_set_getkillcnt_repl(packet, kill_cnt);
1732 if (ctrl_data_write(dsock_idx, (char *)packet, len) != len)
1733 return;
1734 break;
1735 case LMK_SUBSCRIBE:
1736 if (nargs != 1)
1737 goto wronglen;
1738 cmd_subscribe(dsock_idx, packet);
1739 break;
1740 case LMK_PROCKILL:
1741 /* This command code is NOT expected at all */
1742 ALOGE("Received unexpected command code %d", cmd);
1743 break;
1744 case LMK_UPDATE_PROPS:
1745 if (nargs != 0)
1746 goto wronglen;
1747 result = -1;
1748 if (update_props()) {
1749 if (!use_inkernel_interface && monitors_initialized) {
1750 /* Reinitialize monitors to apply new settings */
1751 destroy_monitors();
1752 if (init_monitors()) {
1753 result = 0;
1754 }
1755 } else {
1756 result = 0;
1757 }
1758
1759 if (direct_reclaim_threshold_ms > 0 && !memevent_listener) {
1760 ALOGW("Kernel support for direct_reclaim_threshold_ms is not found");
1761 direct_reclaim_threshold_ms = 0;
1762 }
1763 }
1764
1765 len = lmkd_pack_set_update_props_repl(packet, result);
1766 if (ctrl_data_write(dsock_idx, (char *)packet, len) != len) {
1767 ALOGE("Failed to report operation results");
1768 }
1769 if (!result) {
1770 ALOGI("Properties reinitilized");
1771 } else {
1772 /* New settings can't be supported, crash to be restarted */
1773 ALOGE("New configuration is not supported. Exiting...");
1774 exit(1);
1775 }
1776 break;
1777 case LMK_START_MONITORING:
1778 if (nargs != 0)
1779 goto wronglen;
1780 // Registration is needed only if it was skipped earlier.
1781 if (monitors_initialized)
1782 return;
1783 if (!property_get_bool("sys.boot_completed", false)) {
1784 ALOGE("LMK_START_MONITORING cannot be handled before boot completed");
1785 return;
1786 }
1787
1788 if (!init_monitors()) {
1789 /* Failure to start psi monitoring, crash to be restarted */
1790 ALOGE("Failure to initialize monitoring. Exiting...");
1791 exit(1);
1792 }
1793 ALOGI("Initialized monitors after boot completed.");
1794 break;
1795 case LMK_BOOT_COMPLETED:
1796 if (nargs != 0) goto wronglen;
1797
1798 if (boot_completed_handled) {
1799 /* Notify we have already handled post boot-up operations */
1800 result = 1;
1801 } else if (!property_get_bool("sys.boot_completed", false)) {
1802 ALOGE("LMK_BOOT_COMPLETED cannot be handled before boot completed");
1803 result = -1;
1804 } else {
1805 /*
1806 * Initialize the memevent listener after boot is completed to prevent
1807 * waiting, during boot-up, for BPF programs to be loaded.
1808 */
1809 if (init_memevent_listener_monitoring()) {
1810 ALOGI("Using memevents for direct reclaim and kswapd detection");
1811 } else {
1812 ALOGI("Using vmstats for direct reclaim and kswapd detection");
1813 if (direct_reclaim_threshold_ms > 0) {
1814 ALOGW("Kernel support for direct_reclaim_threshold_ms is not found");
1815 direct_reclaim_threshold_ms = 0;
1816 }
1817 }
1818 result = 0;
1819 boot_completed_handled = true;
1820 }
1821
1822 len = lmkd_pack_set_boot_completed_notif_repl(packet, result);
1823 if (ctrl_data_write(dsock_idx, (char*)packet, len) != len) {
1824 ALOGE("Failed to report boot-completed operation results");
1825 }
1826 break;
1827 case LMK_PROCS_PRIO:
1828 cmd_procs_prio(packet, nargs, &cred);
1829 break;
1830 default:
1831 ALOGE("Received unknown command code %d", cmd);
1832 return;
1833 }
1834
1835 return;
1836
1837 wronglen:
1838 ALOGE("Wrong control socket read length cmd=%d len=%d", cmd, len);
1839 }
1840
ctrl_data_handler(int data,uint32_t events,struct polling_params * poll_params __unused)1841 static void ctrl_data_handler(int data, uint32_t events,
1842 struct polling_params *poll_params __unused) {
1843 if (events & EPOLLIN) {
1844 ctrl_command_handler(data);
1845 }
1846 }
1847
get_free_dsock()1848 static int get_free_dsock() {
1849 for (int i = 0; i < MAX_DATA_CONN; i++) {
1850 if (data_sock[i].sock < 0) {
1851 return i;
1852 }
1853 }
1854 return -1;
1855 }
1856
ctrl_connect_handler(int data __unused,uint32_t events __unused,struct polling_params * poll_params __unused)1857 static void ctrl_connect_handler(int data __unused, uint32_t events __unused,
1858 struct polling_params *poll_params __unused) {
1859 struct epoll_event epev;
1860 int free_dscock_idx = get_free_dsock();
1861
1862 if (free_dscock_idx < 0) {
1863 /*
1864 * Number of data connections exceeded max supported. This should not
1865 * happen but if it does we drop all existing connections and accept
1866 * the new one. This prevents inactive connections from monopolizing
1867 * data socket and if we drop ActivityManager connection it will
1868 * immediately reconnect.
1869 */
1870 for (int i = 0; i < MAX_DATA_CONN; i++) {
1871 ctrl_data_close(i);
1872 }
1873 free_dscock_idx = 0;
1874 }
1875
1876 data_sock[free_dscock_idx].sock = accept(ctrl_sock.sock, NULL, NULL);
1877 if (data_sock[free_dscock_idx].sock < 0) {
1878 ALOGE("lmkd control socket accept failed; errno=%d", errno);
1879 return;
1880 }
1881
1882 ALOGI("lmkd data connection established");
1883 /* use data to store data connection idx */
1884 data_sock[free_dscock_idx].handler_info.data = free_dscock_idx;
1885 data_sock[free_dscock_idx].handler_info.handler = ctrl_data_handler;
1886 data_sock[free_dscock_idx].async_event_mask = 0;
1887 epev.events = EPOLLIN;
1888 epev.data.ptr = (void *)&(data_sock[free_dscock_idx].handler_info);
1889 if (epoll_ctl(epollfd, EPOLL_CTL_ADD, data_sock[free_dscock_idx].sock, &epev) == -1) {
1890 ALOGE("epoll_ctl for data connection socket failed; errno=%d", errno);
1891 ctrl_data_close(free_dscock_idx);
1892 return;
1893 }
1894 maxevents++;
1895 }
1896
1897 /*
1898 * /proc/zoneinfo parsing routines
1899 * Expected file format is:
1900 *
1901 * Node <node_id>, zone <zone_name>
1902 * (
1903 * per-node stats
1904 * (<per-node field name> <value>)+
1905 * )?
1906 * (pages free <value>
1907 * (<per-zone field name> <value>)+
1908 * pagesets
1909 * (<unused fields>)*
1910 * )+
1911 * ...
1912 */
zoneinfo_parse_protection(char * buf,struct zoneinfo_zone * zone)1913 static void zoneinfo_parse_protection(char *buf, struct zoneinfo_zone *zone) {
1914 int zone_idx;
1915 int64_t max = 0;
1916 char *save_ptr;
1917
1918 for (buf = strtok_r(buf, "(), ", &save_ptr), zone_idx = 0;
1919 buf && zone_idx < MAX_NR_ZONES;
1920 buf = strtok_r(NULL, "), ", &save_ptr), zone_idx++) {
1921 long long zoneval = strtoll(buf, &buf, 0);
1922 if (zoneval > max) {
1923 max = (zoneval > INT64_MAX) ? INT64_MAX : zoneval;
1924 }
1925 zone->protection[zone_idx] = zoneval;
1926 }
1927 zone->max_protection = max;
1928 }
1929
zoneinfo_parse_zone(char ** buf,struct zoneinfo_zone * zone)1930 static int zoneinfo_parse_zone(char **buf, struct zoneinfo_zone *zone) {
1931 for (char *line = strtok_r(NULL, "\n", buf); line;
1932 line = strtok_r(NULL, "\n", buf)) {
1933 char *cp;
1934 char *ap;
1935 char *save_ptr;
1936 int64_t val;
1937 int field_idx;
1938 enum field_match_result match_res;
1939
1940 cp = strtok_r(line, " ", &save_ptr);
1941 if (!cp) {
1942 return false;
1943 }
1944
1945 field_idx = find_field(cp, zoneinfo_zone_spec_field_names, ZI_ZONE_SPEC_FIELD_COUNT);
1946 if (field_idx >= 0) {
1947 /* special field */
1948 if (field_idx == ZI_ZONE_SPEC_PAGESETS) {
1949 /* no mode fields we are interested in */
1950 return true;
1951 }
1952
1953 /* protection field */
1954 ap = strtok_r(NULL, ")", &save_ptr);
1955 if (ap) {
1956 zoneinfo_parse_protection(ap, zone);
1957 }
1958 continue;
1959 }
1960
1961 ap = strtok_r(NULL, " ", &save_ptr);
1962 if (!ap) {
1963 continue;
1964 }
1965
1966 match_res = match_field(cp, ap, zoneinfo_zone_field_names, ZI_ZONE_FIELD_COUNT,
1967 &val, &field_idx);
1968 if (match_res == PARSE_FAIL) {
1969 return false;
1970 }
1971 if (match_res == PARSE_SUCCESS) {
1972 zone->fields.arr[field_idx] = val;
1973 }
1974 if (field_idx == ZI_ZONE_PRESENT && val == 0) {
1975 /* zone is not populated, stop parsing it */
1976 return true;
1977 }
1978 }
1979 return false;
1980 }
1981
zoneinfo_parse_node(char ** buf,struct zoneinfo_node * node)1982 static int zoneinfo_parse_node(char **buf, struct zoneinfo_node *node) {
1983 int fields_to_match = ZI_NODE_FIELD_COUNT;
1984
1985 for (char *line = strtok_r(NULL, "\n", buf); line;
1986 line = strtok_r(NULL, "\n", buf)) {
1987 char *cp;
1988 char *ap;
1989 char *save_ptr;
1990 int64_t val;
1991 int field_idx;
1992 enum field_match_result match_res;
1993
1994 cp = strtok_r(line, " ", &save_ptr);
1995 if (!cp) {
1996 return false;
1997 }
1998
1999 ap = strtok_r(NULL, " ", &save_ptr);
2000 if (!ap) {
2001 return false;
2002 }
2003
2004 match_res = match_field(cp, ap, zoneinfo_node_field_names, ZI_NODE_FIELD_COUNT,
2005 &val, &field_idx);
2006 if (match_res == PARSE_FAIL) {
2007 return false;
2008 }
2009 if (match_res == PARSE_SUCCESS) {
2010 node->fields.arr[field_idx] = val;
2011 fields_to_match--;
2012 if (!fields_to_match) {
2013 return true;
2014 }
2015 }
2016 }
2017 return false;
2018 }
2019
zoneinfo_parse(struct zoneinfo * zi)2020 static int zoneinfo_parse(struct zoneinfo *zi) {
2021 static struct reread_data file_data = {
2022 .filename = ZONEINFO_PATH,
2023 .fd = -1,
2024 };
2025 char *buf;
2026 char *save_ptr;
2027 char *line;
2028 char zone_name[LINE_MAX + 1];
2029 struct zoneinfo_node *node = NULL;
2030 int node_idx = 0;
2031 int zone_idx = 0;
2032
2033 memset(zi, 0, sizeof(struct zoneinfo));
2034
2035 if ((buf = reread_file(&file_data)) == NULL) {
2036 return -1;
2037 }
2038
2039 for (line = strtok_r(buf, "\n", &save_ptr); line;
2040 line = strtok_r(NULL, "\n", &save_ptr)) {
2041 int node_id;
2042 if (sscanf(line, "Node %d, zone %" STRINGIFY(LINE_MAX) "s", &node_id, zone_name) == 2) {
2043 if (!node || node->id != node_id) {
2044 /* new node is found */
2045 if (node) {
2046 node->zone_count = zone_idx + 1;
2047 node_idx++;
2048 if (node_idx == MAX_NR_NODES) {
2049 /* max node count exceeded */
2050 ALOGE("%s parse error", file_data.filename);
2051 return -1;
2052 }
2053 }
2054 node = &zi->nodes[node_idx];
2055 node->id = node_id;
2056 zone_idx = 0;
2057 if (!zoneinfo_parse_node(&save_ptr, node)) {
2058 ALOGE("%s parse error", file_data.filename);
2059 return -1;
2060 }
2061 } else {
2062 /* new zone is found */
2063 zone_idx++;
2064 }
2065 if (!zoneinfo_parse_zone(&save_ptr, &node->zones[zone_idx])) {
2066 ALOGE("%s parse error", file_data.filename);
2067 return -1;
2068 }
2069 }
2070 }
2071 if (!node) {
2072 ALOGE("%s parse error", file_data.filename);
2073 return -1;
2074 }
2075 node->zone_count = zone_idx + 1;
2076 zi->node_count = node_idx + 1;
2077
2078 /* calculate totals fields */
2079 for (node_idx = 0; node_idx < zi->node_count; node_idx++) {
2080 node = &zi->nodes[node_idx];
2081 for (zone_idx = 0; zone_idx < node->zone_count; zone_idx++) {
2082 struct zoneinfo_zone *zone = &zi->nodes[node_idx].zones[zone_idx];
2083 zi->totalreserve_pages += zone->max_protection + zone->fields.field.high;
2084 }
2085 zi->total_inactive_file += node->fields.field.nr_inactive_file;
2086 zi->total_active_file += node->fields.field.nr_active_file;
2087 }
2088 return 0;
2089 }
2090
2091 /* /proc/meminfo parsing routines */
meminfo_parse_line(char * line,union meminfo * mi)2092 static bool meminfo_parse_line(char *line, union meminfo *mi) {
2093 char *cp = line;
2094 char *ap;
2095 char *save_ptr;
2096 int64_t val;
2097 int field_idx;
2098 enum field_match_result match_res;
2099
2100 cp = strtok_r(line, " ", &save_ptr);
2101 if (!cp) {
2102 return false;
2103 }
2104
2105 ap = strtok_r(NULL, " ", &save_ptr);
2106 if (!ap) {
2107 return false;
2108 }
2109
2110 match_res = match_field(cp, ap, meminfo_field_names, MI_FIELD_COUNT,
2111 &val, &field_idx);
2112 if (match_res == PARSE_SUCCESS) {
2113 mi->arr[field_idx] = val / page_k;
2114 }
2115 return (match_res != PARSE_FAIL);
2116 }
2117
read_gpu_total_kb()2118 static int64_t read_gpu_total_kb() {
2119 static int fd = android::bpf::bpfFdGet(
2120 "/sys/fs/bpf/map_gpuMem_gpu_mem_total_map", BPF_F_RDONLY);
2121 static constexpr uint64_t kBpfKeyGpuTotalUsage = 0;
2122 uint64_t value;
2123
2124 if (fd < 0) {
2125 return 0;
2126 }
2127
2128 return android::bpf::findMapEntry(fd, &kBpfKeyGpuTotalUsage, &value)
2129 ? 0
2130 : (int32_t)(value / 1024);
2131 }
2132
meminfo_parse(union meminfo * mi)2133 static int meminfo_parse(union meminfo *mi) {
2134 static struct reread_data file_data = {
2135 .filename = MEMINFO_PATH,
2136 .fd = -1,
2137 };
2138 char *buf;
2139 char *save_ptr;
2140 char *line;
2141
2142 memset(mi, 0, sizeof(union meminfo));
2143
2144 if ((buf = reread_file(&file_data)) == NULL) {
2145 return -1;
2146 }
2147
2148 for (line = strtok_r(buf, "\n", &save_ptr); line;
2149 line = strtok_r(NULL, "\n", &save_ptr)) {
2150 if (!meminfo_parse_line(line, mi)) {
2151 ALOGE("%s parse error", file_data.filename);
2152 return -1;
2153 }
2154 }
2155 mi->field.nr_file_pages = mi->field.cached + mi->field.swap_cached +
2156 mi->field.buffers;
2157 mi->field.total_gpu_kb = read_gpu_total_kb();
2158 mi->field.easy_available = mi->field.nr_free_pages + mi->field.inactive_file;
2159
2160 return 0;
2161 }
2162
2163 // In the case of ZRAM, mi->field.free_swap can't be used directly because swap space is taken
2164 // from the free memory or reclaimed. Use the lowest of free_swap and easily available memory to
2165 // measure free swap because they represent how much swap space the system will consider to use
2166 // and how much it can actually use.
2167 // Swap compression ratio in the calculation can be adjusted using swap_compression_ratio tunable.
2168 // By setting swap_compression_ratio to 0, available memory can be ignored.
get_free_swap(union meminfo * mi)2169 static inline int64_t get_free_swap(union meminfo *mi) {
2170 if (swap_compression_ratio)
2171 return std::min(mi->field.free_swap, mi->field.easy_available * swap_compression_ratio);
2172 return mi->field.free_swap;
2173 }
2174
2175 /* /proc/vmstat parsing routines */
vmstat_parse_line(char * line,union vmstat * vs)2176 static bool vmstat_parse_line(char *line, union vmstat *vs) {
2177 char *cp;
2178 char *ap;
2179 char *save_ptr;
2180 int64_t val;
2181 int field_idx;
2182 enum field_match_result match_res;
2183
2184 cp = strtok_r(line, " ", &save_ptr);
2185 if (!cp) {
2186 return false;
2187 }
2188
2189 ap = strtok_r(NULL, " ", &save_ptr);
2190 if (!ap) {
2191 return false;
2192 }
2193
2194 match_res = match_field(cp, ap, vmstat_field_names, VS_FIELD_COUNT,
2195 &val, &field_idx);
2196 if (match_res == PARSE_SUCCESS) {
2197 vs->arr[field_idx] = val;
2198 }
2199 return (match_res != PARSE_FAIL);
2200 }
2201
vmstat_parse(union vmstat * vs)2202 static int vmstat_parse(union vmstat *vs) {
2203 static struct reread_data file_data = {
2204 .filename = VMSTAT_PATH,
2205 .fd = -1,
2206 };
2207 char *buf;
2208 char *save_ptr;
2209 char *line;
2210
2211 memset(vs, 0, sizeof(union vmstat));
2212
2213 if ((buf = reread_file(&file_data)) == NULL) {
2214 return -1;
2215 }
2216
2217 for (line = strtok_r(buf, "\n", &save_ptr); line;
2218 line = strtok_r(NULL, "\n", &save_ptr)) {
2219 if (!vmstat_parse_line(line, vs)) {
2220 ALOGE("%s parse error", file_data.filename);
2221 return -1;
2222 }
2223 }
2224
2225 return 0;
2226 }
2227
psi_parse(struct reread_data * file_data,struct psi_stats stats[],bool full)2228 static int psi_parse(struct reread_data *file_data, struct psi_stats stats[], bool full) {
2229 char *buf;
2230 char *save_ptr;
2231 char *line;
2232
2233 if ((buf = reread_file(file_data)) == NULL) {
2234 return -1;
2235 }
2236
2237 line = strtok_r(buf, "\n", &save_ptr);
2238 if (parse_psi_line(line, PSI_SOME, stats)) {
2239 return -1;
2240 }
2241 if (full) {
2242 line = strtok_r(NULL, "\n", &save_ptr);
2243 if (parse_psi_line(line, PSI_FULL, stats)) {
2244 return -1;
2245 }
2246 }
2247
2248 return 0;
2249 }
2250
psi_parse_mem(struct psi_data * psi_data)2251 static int psi_parse_mem(struct psi_data *psi_data) {
2252 static struct reread_data file_data = {
2253 .filename = psi_resource_file[PSI_MEMORY],
2254 .fd = -1,
2255 };
2256 return psi_parse(&file_data, psi_data->mem_stats, true);
2257 }
2258
psi_parse_io(struct psi_data * psi_data)2259 static int psi_parse_io(struct psi_data *psi_data) {
2260 static struct reread_data file_data = {
2261 .filename = psi_resource_file[PSI_IO],
2262 .fd = -1,
2263 };
2264 return psi_parse(&file_data, psi_data->io_stats, true);
2265 }
2266
psi_parse_cpu(struct psi_data * psi_data)2267 static int psi_parse_cpu(struct psi_data *psi_data) {
2268 static struct reread_data file_data = {
2269 .filename = psi_resource_file[PSI_CPU],
2270 .fd = -1,
2271 };
2272 return psi_parse(&file_data, psi_data->cpu_stats, false);
2273 }
2274
2275 enum wakeup_reason {
2276 Event,
2277 Polling
2278 };
2279
2280 struct wakeup_info {
2281 struct timespec wakeup_tm;
2282 struct timespec prev_wakeup_tm;
2283 struct timespec last_event_tm;
2284 int wakeups_since_event;
2285 int skipped_wakeups;
2286 };
2287
2288 /*
2289 * After the initial memory pressure event is received lmkd schedules periodic wakeups to check
2290 * the memory conditions and kill if needed (polling). This is done because pressure events are
2291 * rate-limited and memory conditions can change in between events. Therefore after the initial
2292 * event there might be multiple wakeups. This function records the wakeup information such as the
2293 * timestamps of the last event and the last wakeup, the number of wakeups since the last event
2294 * and how many of those wakeups were skipped (some wakeups are skipped if previously killed
2295 * process is still freeing its memory).
2296 */
record_wakeup_time(struct timespec * tm,enum wakeup_reason reason,struct wakeup_info * wi)2297 static void record_wakeup_time(struct timespec *tm, enum wakeup_reason reason,
2298 struct wakeup_info *wi) {
2299 wi->prev_wakeup_tm = wi->wakeup_tm;
2300 wi->wakeup_tm = *tm;
2301 if (reason == Event) {
2302 wi->last_event_tm = *tm;
2303 wi->wakeups_since_event = 0;
2304 wi->skipped_wakeups = 0;
2305 } else {
2306 wi->wakeups_since_event++;
2307 }
2308 }
2309
2310 struct kill_info {
2311 enum kill_reasons kill_reason;
2312 const char *kill_desc;
2313 int thrashing;
2314 int max_thrashing;
2315 };
2316
killinfo_log(struct proc * procp,int min_oom_score,int rss_kb,int swap_kb,struct kill_info * ki,union meminfo * mi,struct wakeup_info * wi,struct timespec * tm,struct psi_data * pd)2317 static void killinfo_log(struct proc* procp, int min_oom_score, int rss_kb,
2318 int swap_kb, struct kill_info *ki, union meminfo *mi,
2319 struct wakeup_info *wi, struct timespec *tm, struct psi_data *pd) {
2320 /* log process information */
2321 android_log_write_int32(ctx, procp->pid);
2322 android_log_write_int32(ctx, procp->uid);
2323 android_log_write_int32(ctx, procp->oomadj);
2324 android_log_write_int32(ctx, min_oom_score);
2325 android_log_write_int32(ctx, std::min(rss_kb, (int)INT32_MAX));
2326 android_log_write_int32(ctx, ki ? ki->kill_reason : NONE);
2327
2328 /* log meminfo fields */
2329 for (int field_idx = 0; field_idx < MI_FIELD_COUNT; field_idx++) {
2330 android_log_write_int32(ctx,
2331 mi ? std::min(mi->arr[field_idx] * page_k, (int64_t)INT32_MAX) : 0);
2332 }
2333
2334 /* log lmkd wakeup information */
2335 if (wi) {
2336 android_log_write_int32(ctx, (int32_t)get_time_diff_ms(&wi->last_event_tm, tm));
2337 android_log_write_int32(ctx, (int32_t)get_time_diff_ms(&wi->prev_wakeup_tm, tm));
2338 android_log_write_int32(ctx, wi->wakeups_since_event);
2339 android_log_write_int32(ctx, wi->skipped_wakeups);
2340 } else {
2341 android_log_write_int32(ctx, 0);
2342 android_log_write_int32(ctx, 0);
2343 android_log_write_int32(ctx, 0);
2344 android_log_write_int32(ctx, 0);
2345 }
2346
2347 android_log_write_int32(ctx, std::min(swap_kb, (int)INT32_MAX));
2348 android_log_write_int32(ctx, mi ? (int32_t)mi->field.total_gpu_kb : 0);
2349 if (ki) {
2350 android_log_write_int32(ctx, ki->thrashing);
2351 android_log_write_int32(ctx, ki->max_thrashing);
2352 } else {
2353 android_log_write_int32(ctx, 0);
2354 android_log_write_int32(ctx, 0);
2355 }
2356
2357 if (pd) {
2358 android_log_write_float32(ctx, pd->mem_stats[PSI_SOME].avg10);
2359 android_log_write_float32(ctx, pd->mem_stats[PSI_FULL].avg10);
2360 android_log_write_float32(ctx, pd->io_stats[PSI_SOME].avg10);
2361 android_log_write_float32(ctx, pd->io_stats[PSI_FULL].avg10);
2362 android_log_write_float32(ctx, pd->cpu_stats[PSI_SOME].avg10);
2363 } else {
2364 for (int i = 0; i < 5; i++) {
2365 android_log_write_float32(ctx, 0);
2366 }
2367 }
2368
2369 android_log_write_list(ctx, LOG_ID_EVENTS);
2370 android_log_reset(ctx);
2371 }
2372
2373 // Note: returned entry is only an anchor and does not hold a valid process info.
2374 // When called from a non-main thread, adjslot_list_lock read lock should be taken.
proc_adj_head(int oomadj)2375 static struct proc *proc_adj_head(int oomadj) {
2376 return (struct proc *)&procadjslot_list[ADJTOSLOT(oomadj)];
2377 }
2378
2379 // When called from a non-main thread, adjslot_list_lock read lock should be taken.
proc_adj_tail(int oomadj)2380 static struct proc *proc_adj_tail(int oomadj) {
2381 return (struct proc *)adjslot_tail(&procadjslot_list[ADJTOSLOT(oomadj)]);
2382 }
2383
2384 // When called from a non-main thread, adjslot_list_lock read lock should be taken.
proc_adj_prev(int oomadj,int pid)2385 static struct proc *proc_adj_prev(int oomadj, int pid) {
2386 struct adjslot_list *head = &procadjslot_list[ADJTOSLOT(oomadj)];
2387 struct adjslot_list *curr = adjslot_tail(&procadjslot_list[ADJTOSLOT(oomadj)]);
2388
2389 while (curr != head) {
2390 if (((struct proc *)curr)->pid == pid) {
2391 return (struct proc *)curr->prev;
2392 }
2393 curr = curr->prev;
2394 }
2395
2396 return NULL;
2397 }
2398
2399 // Can be called only from the main thread.
proc_get_heaviest(int oomadj)2400 static struct proc *proc_get_heaviest(int oomadj) {
2401 struct adjslot_list *head = &procadjslot_list[ADJTOSLOT(oomadj)];
2402 struct adjslot_list *curr = head->next;
2403 struct proc *maxprocp = NULL;
2404 int maxsize = 0;
2405 while (curr != head) {
2406 int pid = ((struct proc *)curr)->pid;
2407 int tasksize = proc_get_size(pid);
2408 if (tasksize < 0) {
2409 struct adjslot_list *next = curr->next;
2410 pid_remove(pid);
2411 curr = next;
2412 } else {
2413 if (tasksize > maxsize) {
2414 maxsize = tasksize;
2415 maxprocp = (struct proc *)curr;
2416 }
2417 curr = curr->next;
2418 }
2419 }
2420 return maxprocp;
2421 }
2422
find_victim(int oom_score,int prev_pid,struct proc & target_proc)2423 static bool find_victim(int oom_score, int prev_pid, struct proc &target_proc) {
2424 struct proc *procp;
2425 std::shared_lock lock(adjslot_list_lock);
2426
2427 if (!prev_pid) {
2428 procp = proc_adj_tail(oom_score);
2429 } else {
2430 procp = proc_adj_prev(oom_score, prev_pid);
2431 if (!procp) {
2432 // pid was removed, restart at the tail
2433 procp = proc_adj_tail(oom_score);
2434 }
2435 }
2436
2437 // the list is empty at this oom_score or we looped through it
2438 if (!procp || procp == proc_adj_head(oom_score)) {
2439 return false;
2440 }
2441
2442 // make a copy because original might be destroyed after adjslot_list_lock is released
2443 target_proc = *procp;
2444
2445 return true;
2446 }
2447
watchdog_callback()2448 static void watchdog_callback() {
2449 int prev_pid = 0;
2450
2451 ALOGW("lmkd watchdog timed out!");
2452 for (int oom_score = OOM_SCORE_ADJ_MAX; oom_score >= 0;) {
2453 struct proc target;
2454
2455 if (!find_victim(oom_score, prev_pid, target)) {
2456 oom_score--;
2457 prev_pid = 0;
2458 continue;
2459 }
2460
2461 if (target.valid && reaper.kill({ target.pidfd, target.pid, target.uid }, true) == 0) {
2462 ALOGW("lmkd watchdog killed process %d, oom_score_adj %d", target.pid, oom_score);
2463 killinfo_log(&target, 0, 0, 0, NULL, NULL, NULL, NULL, NULL);
2464 // Can't call pid_remove() from non-main thread, therefore just invalidate the record
2465 pid_invalidate(target.pid);
2466 break;
2467 }
2468 prev_pid = target.pid;
2469 }
2470 }
2471
2472 static Watchdog watchdog(WATCHDOG_TIMEOUT_SEC, watchdog_callback);
2473
is_kill_pending(void)2474 static bool is_kill_pending(void) {
2475 char buf[24];
2476
2477 if (last_kill_pid_or_fd < 0) {
2478 return false;
2479 }
2480
2481 if (pidfd_supported) {
2482 return true;
2483 }
2484
2485 /* when pidfd is not supported base the decision on /proc/<pid> existence */
2486 snprintf(buf, sizeof(buf), "/proc/%d/", last_kill_pid_or_fd);
2487 if (access(buf, F_OK) == 0) {
2488 return true;
2489 }
2490
2491 return false;
2492 }
2493
is_waiting_for_kill(void)2494 static bool is_waiting_for_kill(void) {
2495 return pidfd_supported && last_kill_pid_or_fd >= 0;
2496 }
2497
stop_wait_for_proc_kill(bool finished)2498 static void stop_wait_for_proc_kill(bool finished) {
2499 struct epoll_event epev;
2500
2501 if (last_kill_pid_or_fd < 0) {
2502 return;
2503 }
2504
2505 if (debug_process_killing) {
2506 struct timespec curr_tm;
2507
2508 if (clock_gettime(CLOCK_MONOTONIC_COARSE, &curr_tm) != 0) {
2509 /*
2510 * curr_tm is used here merely to report kill duration, so this failure is not fatal.
2511 * Log an error and continue.
2512 */
2513 ALOGE("Failed to get current time");
2514 }
2515
2516 if (finished) {
2517 ALOGI("Process got killed in %ldms",
2518 get_time_diff_ms(&last_kill_tm, &curr_tm));
2519 } else {
2520 ALOGI("Stop waiting for process kill after %ldms",
2521 get_time_diff_ms(&last_kill_tm, &curr_tm));
2522 }
2523 }
2524
2525 if (pidfd_supported) {
2526 /* unregister fd */
2527 if (epoll_ctl(epollfd, EPOLL_CTL_DEL, last_kill_pid_or_fd, &epev)) {
2528 // Log an error and keep going
2529 ALOGE("epoll_ctl for last killed process failed; errno=%d", errno);
2530 }
2531 maxevents--;
2532 close(last_kill_pid_or_fd);
2533 }
2534
2535 last_kill_pid_or_fd = -1;
2536 }
2537
kill_done_handler(int data __unused,uint32_t events __unused,struct polling_params * poll_params)2538 static void kill_done_handler(int data __unused, uint32_t events __unused,
2539 struct polling_params *poll_params) {
2540 stop_wait_for_proc_kill(true);
2541 poll_params->update = POLLING_RESUME;
2542 }
2543
kill_fail_handler(int data __unused,uint32_t events __unused,struct polling_params * poll_params)2544 static void kill_fail_handler(int data __unused, uint32_t events __unused,
2545 struct polling_params *poll_params) {
2546 int pid;
2547
2548 // Extract pid from the communication pipe. Clearing the pipe this way allows further
2549 // epoll_wait calls to sleep until the next event.
2550 if (TEMP_FAILURE_RETRY(read(reaper_comm_fd[0], &pid, sizeof(pid))) != sizeof(pid)) {
2551 ALOGE("thread communication read failed: %s", strerror(errno));
2552 }
2553 stop_wait_for_proc_kill(false);
2554 poll_params->update = POLLING_RESUME;
2555 }
2556
start_wait_for_proc_kill(int pid_or_fd)2557 static void start_wait_for_proc_kill(int pid_or_fd) {
2558 static struct event_handler_info kill_done_hinfo = { 0, kill_done_handler };
2559 struct epoll_event epev;
2560
2561 if (last_kill_pid_or_fd >= 0) {
2562 /* Should not happen but if it does we should stop previous wait */
2563 ALOGE("Attempt to wait for a kill while another wait is in progress");
2564 stop_wait_for_proc_kill(false);
2565 }
2566
2567 last_kill_pid_or_fd = pid_or_fd;
2568
2569 if (!pidfd_supported) {
2570 /* If pidfd is not supported just store PID and exit */
2571 return;
2572 }
2573
2574 epev.events = EPOLLIN;
2575 epev.data.ptr = (void *)&kill_done_hinfo;
2576 if (epoll_ctl(epollfd, EPOLL_CTL_ADD, last_kill_pid_or_fd, &epev) != 0) {
2577 ALOGE("epoll_ctl for last kill failed; errno=%d", errno);
2578 close(last_kill_pid_or_fd);
2579 last_kill_pid_or_fd = -1;
2580 return;
2581 }
2582 maxevents++;
2583 }
2584
2585 /* Kill one process specified by procp. Returns the size (in pages) of the process killed */
kill_one_process(struct proc * procp,int min_oom_score,struct kill_info * ki,union meminfo * mi,struct wakeup_info * wi,struct timespec * tm,struct psi_data * pd)2586 static int kill_one_process(struct proc* procp, int min_oom_score, struct kill_info *ki,
2587 union meminfo *mi, struct wakeup_info *wi, struct timespec *tm,
2588 struct psi_data *pd) {
2589 int pid = procp->pid;
2590 int pidfd = procp->pidfd;
2591 uid_t uid = procp->uid;
2592 char *taskname;
2593 int kill_result;
2594 int result = -1;
2595 struct memory_stat *mem_st;
2596 struct kill_stat kill_st;
2597 int64_t tgid;
2598 int64_t rss_kb;
2599 int64_t swap_kb;
2600 char buf[pagesize];
2601 char desc[LINE_MAX];
2602
2603 if (!procp->valid || !read_proc_status(pid, buf, sizeof(buf))) {
2604 goto out;
2605 }
2606 if (!parse_status_tag(buf, PROC_STATUS_TGID_FIELD, &tgid)) {
2607 ALOGE("Unable to parse tgid from /proc/%d/status", pid);
2608 goto out;
2609 }
2610 if (tgid != pid) {
2611 ALOGE("Possible pid reuse detected (pid %d, tgid %" PRId64 ")!", pid, tgid);
2612 goto out;
2613 }
2614 // Zombie processes will not have RSS / Swap fields.
2615 if (!parse_status_tag(buf, PROC_STATUS_RSS_FIELD, &rss_kb)) {
2616 goto out;
2617 }
2618 if (!parse_status_tag(buf, PROC_STATUS_SWAP_FIELD, &swap_kb)) {
2619 goto out;
2620 }
2621
2622 taskname = proc_get_name(pid, buf, sizeof(buf));
2623 // taskname will point inside buf, do not reuse buf onwards.
2624 if (!taskname) {
2625 goto out;
2626 }
2627
2628 mem_st = stats_read_memory_stat(per_app_memcg, pid, uid, rss_kb * 1024, swap_kb * 1024);
2629
2630 snprintf(desc, sizeof(desc), "lmk,%d,%d,%d,%d,%d", pid, ki ? (int)ki->kill_reason : -1,
2631 procp->oomadj, min_oom_score, ki ? ki->max_thrashing : -1);
2632
2633 result = lmkd_free_memory_before_kill_hook(procp, rss_kb / page_k, procp->oomadj,
2634 ki ? (int)ki->kill_reason : -1);
2635 if (result > 0) {
2636 /*
2637 * Memory was freed elsewhere; no need to kill. Note: intentionally do not
2638 * pid_remove(pid) since it was not killed.
2639 */
2640 ALOGI("Skipping kill; %ld kB freed elsewhere.", result * page_k);
2641 return result;
2642 }
2643
2644 trace_kill_start(desc);
2645
2646 start_wait_for_proc_kill(pidfd < 0 ? pid : pidfd);
2647 kill_result = reaper.kill({ pidfd, pid, uid }, false);
2648
2649 trace_kill_end();
2650
2651 if (kill_result) {
2652 stop_wait_for_proc_kill(false);
2653 ALOGE("kill(%d): errno=%d", pid, errno);
2654 /* Delete process record even when we fail to kill so that we don't get stuck on it */
2655 goto out;
2656 }
2657
2658 last_kill_tm = *tm;
2659
2660 inc_killcnt(procp->oomadj);
2661
2662 if (ki) {
2663 kill_st.kill_reason = ki->kill_reason;
2664 kill_st.thrashing = ki->thrashing;
2665 kill_st.max_thrashing = ki->max_thrashing;
2666 ALOGI("Kill '%s' (%d), uid %d, oom_score_adj %d to free %" PRId64 "kB rss, %" PRId64
2667 "kB swap; reason: %s", taskname, pid, uid, procp->oomadj, rss_kb, swap_kb,
2668 ki->kill_desc);
2669 } else {
2670 kill_st.kill_reason = NONE;
2671 kill_st.thrashing = 0;
2672 kill_st.max_thrashing = 0;
2673 ALOGI("Kill '%s' (%d), uid %d, oom_score_adj %d to free %" PRId64 "kB rss, %" PRId64
2674 "kb swap", taskname, pid, uid, procp->oomadj, rss_kb, swap_kb);
2675 }
2676 killinfo_log(procp, min_oom_score, rss_kb, swap_kb, ki, mi, wi, tm, pd);
2677
2678 kill_st.uid = static_cast<int32_t>(uid);
2679 kill_st.taskname = taskname;
2680 kill_st.oom_score = procp->oomadj;
2681 kill_st.min_oom_score = min_oom_score;
2682 kill_st.free_mem_kb = mi->field.nr_free_pages * page_k;
2683 kill_st.free_swap_kb = get_free_swap(mi) * page_k;
2684 stats_write_lmk_kill_occurred(&kill_st, mem_st);
2685
2686 ctrl_data_write_lmk_kill_occurred((pid_t)pid, uid);
2687
2688 result = rss_kb / page_k;
2689
2690 out:
2691 /*
2692 * WARNING: After pid_remove() procp is freed and can't be used!
2693 * Therefore placed at the end of the function.
2694 */
2695 pid_remove(pid);
2696 return result;
2697 }
2698
2699 /*
2700 * Find one process to kill at or above the given oom_score_adj level.
2701 * Returns size of the killed process.
2702 */
find_and_kill_process(int min_score_adj,struct kill_info * ki,union meminfo * mi,struct wakeup_info * wi,struct timespec * tm,struct psi_data * pd)2703 static int find_and_kill_process(int min_score_adj, struct kill_info *ki, union meminfo *mi,
2704 struct wakeup_info *wi, struct timespec *tm,
2705 struct psi_data *pd) {
2706 int i;
2707 int killed_size = 0;
2708 bool choose_heaviest_task = kill_heaviest_task;
2709
2710 for (i = OOM_SCORE_ADJ_MAX; i >= min_score_adj; i--) {
2711 struct proc *procp;
2712
2713 if (!choose_heaviest_task && i <= PERCEPTIBLE_APP_ADJ) {
2714 /*
2715 * If we have to choose a perceptible process, choose the heaviest one to
2716 * hopefully minimize the number of victims.
2717 */
2718 choose_heaviest_task = true;
2719 }
2720
2721 while (true) {
2722 procp = choose_heaviest_task ?
2723 proc_get_heaviest(i) : proc_adj_tail(i);
2724
2725 if (!procp)
2726 break;
2727
2728 killed_size = kill_one_process(procp, min_score_adj, ki, mi, wi, tm, pd);
2729 if (killed_size >= 0) {
2730 break;
2731 }
2732 }
2733 if (killed_size) {
2734 break;
2735 }
2736 }
2737
2738 return killed_size;
2739 }
2740
get_memory_usage(struct reread_data * file_data)2741 static int64_t get_memory_usage(struct reread_data *file_data) {
2742 int64_t mem_usage;
2743 char *buf;
2744
2745 if ((buf = reread_file(file_data)) == NULL) {
2746 return -1;
2747 }
2748
2749 if (!parse_int64(buf, &mem_usage)) {
2750 ALOGE("%s parse error", file_data->filename);
2751 return -1;
2752 }
2753 if (mem_usage == 0) {
2754 ALOGE("No memory!");
2755 return -1;
2756 }
2757 return mem_usage;
2758 }
2759
record_low_pressure_levels(union meminfo * mi)2760 void record_low_pressure_levels(union meminfo *mi) {
2761 if (low_pressure_mem.min_nr_free_pages == -1 ||
2762 low_pressure_mem.min_nr_free_pages > mi->field.nr_free_pages) {
2763 if (debug_process_killing) {
2764 ALOGI("Low pressure min memory update from %" PRId64 " to %" PRId64,
2765 low_pressure_mem.min_nr_free_pages, mi->field.nr_free_pages);
2766 }
2767 low_pressure_mem.min_nr_free_pages = mi->field.nr_free_pages;
2768 }
2769 /*
2770 * Free memory at low vmpressure events occasionally gets spikes,
2771 * possibly a stale low vmpressure event with memory already
2772 * freed up (no memory pressure should have been reported).
2773 * Ignore large jumps in max_nr_free_pages that would mess up our stats.
2774 */
2775 if (low_pressure_mem.max_nr_free_pages == -1 ||
2776 (low_pressure_mem.max_nr_free_pages < mi->field.nr_free_pages &&
2777 mi->field.nr_free_pages - low_pressure_mem.max_nr_free_pages <
2778 low_pressure_mem.max_nr_free_pages * 0.1)) {
2779 if (debug_process_killing) {
2780 ALOGI("Low pressure max memory update from %" PRId64 " to %" PRId64,
2781 low_pressure_mem.max_nr_free_pages, mi->field.nr_free_pages);
2782 }
2783 low_pressure_mem.max_nr_free_pages = mi->field.nr_free_pages;
2784 }
2785 }
2786
upgrade_level(enum vmpressure_level level)2787 enum vmpressure_level upgrade_level(enum vmpressure_level level) {
2788 return (enum vmpressure_level)((level < VMPRESS_LEVEL_CRITICAL) ?
2789 level + 1 : level);
2790 }
2791
downgrade_level(enum vmpressure_level level)2792 enum vmpressure_level downgrade_level(enum vmpressure_level level) {
2793 return (enum vmpressure_level)((level > VMPRESS_LEVEL_LOW) ?
2794 level - 1 : level);
2795 }
2796
2797 enum zone_watermark {
2798 WMARK_MIN = 0,
2799 WMARK_LOW,
2800 WMARK_HIGH,
2801 WMARK_NONE
2802 };
2803
2804 struct zone_watermarks {
2805 long high_wmark;
2806 long low_wmark;
2807 long min_wmark;
2808 };
2809
2810 /*
2811 * Returns lowest breached watermark or WMARK_NONE.
2812 */
get_lowest_watermark(union meminfo * mi,struct zone_watermarks * watermarks)2813 static enum zone_watermark get_lowest_watermark(union meminfo *mi,
2814 struct zone_watermarks *watermarks)
2815 {
2816 int64_t nr_free_pages = mi->field.nr_free_pages - mi->field.cma_free;
2817
2818 if (nr_free_pages < watermarks->min_wmark) {
2819 return WMARK_MIN;
2820 }
2821 if (nr_free_pages < watermarks->low_wmark) {
2822 return WMARK_LOW;
2823 }
2824 if (nr_free_pages < watermarks->high_wmark) {
2825 return WMARK_HIGH;
2826 }
2827 return WMARK_NONE;
2828 }
2829
calc_zone_watermarks(struct zoneinfo * zi,struct zone_watermarks * watermarks)2830 void calc_zone_watermarks(struct zoneinfo *zi, struct zone_watermarks *watermarks) {
2831 memset(watermarks, 0, sizeof(struct zone_watermarks));
2832
2833 for (int node_idx = 0; node_idx < zi->node_count; node_idx++) {
2834 struct zoneinfo_node *node = &zi->nodes[node_idx];
2835 for (int zone_idx = 0; zone_idx < node->zone_count; zone_idx++) {
2836 struct zoneinfo_zone *zone = &node->zones[zone_idx];
2837
2838 if (!zone->fields.field.present) {
2839 continue;
2840 }
2841
2842 watermarks->high_wmark += zone->max_protection + zone->fields.field.high;
2843 watermarks->low_wmark += zone->max_protection + zone->fields.field.low;
2844 watermarks->min_wmark += zone->max_protection + zone->fields.field.min;
2845 }
2846 }
2847 }
2848
calc_swap_utilization(union meminfo * mi)2849 static int calc_swap_utilization(union meminfo *mi) {
2850 int64_t swap_used = mi->field.total_swap - get_free_swap(mi);
2851 int64_t total_swappable = mi->field.active_anon + mi->field.inactive_anon +
2852 mi->field.shmem + swap_used;
2853 return total_swappable > 0 ? (swap_used * 100) / total_swappable : 0;
2854 }
2855
mp_event_psi(int data,uint32_t events,struct polling_params * poll_params)2856 static void mp_event_psi(int data, uint32_t events, struct polling_params *poll_params) {
2857 enum reclaim_state {
2858 NO_RECLAIM = 0,
2859 KSWAPD_RECLAIM,
2860 DIRECT_RECLAIM,
2861 };
2862 static int64_t init_ws_refault;
2863 static int64_t prev_workingset_refault;
2864 static int64_t base_file_lru;
2865 static int64_t init_pgscan_kswapd;
2866 static int64_t init_pgscan_direct;
2867 static int64_t init_pgrefill;
2868 static bool killing;
2869 static int thrashing_limit = thrashing_limit_pct;
2870 static struct zone_watermarks watermarks;
2871 static struct timespec wmark_update_tm;
2872 static struct wakeup_info wi;
2873 static struct timespec thrashing_reset_tm;
2874 static int64_t prev_thrash_growth = 0;
2875 static bool check_filecache = false;
2876 static int max_thrashing = 0;
2877
2878 union meminfo mi;
2879 union vmstat vs;
2880 struct psi_data psi_data;
2881 struct timespec curr_tm;
2882 int64_t thrashing = 0;
2883 bool swap_is_low = false;
2884 enum vmpressure_level level = (enum vmpressure_level)data;
2885 enum kill_reasons kill_reason = NONE;
2886 bool cycle_after_kill = false;
2887 enum reclaim_state reclaim = NO_RECLAIM;
2888 enum zone_watermark wmark = WMARK_NONE;
2889 char kill_desc[LINE_MAX];
2890 bool cut_thrashing_limit = false;
2891 int min_score_adj = 0;
2892 int swap_util = 0;
2893 int64_t swap_low_threshold;
2894 long since_thrashing_reset_ms;
2895 int64_t workingset_refault_file;
2896 bool critical_stall = false;
2897 bool in_direct_reclaim;
2898 long direct_reclaim_duration_ms;
2899 bool in_kswapd_reclaim;
2900
2901 if (clock_gettime(CLOCK_MONOTONIC_COARSE, &curr_tm) != 0) {
2902 ALOGE("Failed to get current time");
2903 return;
2904 }
2905
2906 record_wakeup_time(&curr_tm, events ? Event : Polling, &wi);
2907
2908 bool kill_pending = is_kill_pending();
2909 if (kill_pending && (kill_timeout_ms == 0 ||
2910 get_time_diff_ms(&last_kill_tm, &curr_tm) < static_cast<long>(kill_timeout_ms))) {
2911 /* Skip while still killing a process */
2912 wi.skipped_wakeups++;
2913 goto no_kill;
2914 }
2915 /*
2916 * Process is dead or kill timeout is over, stop waiting. This has no effect if pidfds are
2917 * supported and death notification already caused waiting to stop.
2918 */
2919 stop_wait_for_proc_kill(!kill_pending);
2920
2921 if (vmstat_parse(&vs) < 0) {
2922 ALOGE("Failed to parse vmstat!");
2923 return;
2924 }
2925 /* Starting 5.9 kernel workingset_refault vmstat field was renamed workingset_refault_file */
2926 workingset_refault_file = vs.field.workingset_refault ? : vs.field.workingset_refault_file;
2927
2928 if (meminfo_parse(&mi) < 0) {
2929 ALOGE("Failed to parse meminfo!");
2930 return;
2931 }
2932
2933 /* Reset states after process got killed */
2934 if (killing) {
2935 killing = false;
2936 cycle_after_kill = true;
2937 /* Reset file-backed pagecache size and refault amounts after a kill */
2938 base_file_lru = vs.field.nr_inactive_file + vs.field.nr_active_file;
2939 init_ws_refault = workingset_refault_file;
2940 thrashing_reset_tm = curr_tm;
2941 prev_thrash_growth = 0;
2942 }
2943
2944 /* Check free swap levels */
2945 if (swap_free_low_percentage) {
2946 swap_low_threshold = mi.field.total_swap * swap_free_low_percentage / 100;
2947 swap_is_low = get_free_swap(&mi) < swap_low_threshold;
2948 } else {
2949 swap_low_threshold = 0;
2950 }
2951
2952 if (memevent_listener) {
2953 in_direct_reclaim =
2954 direct_reclaim_start_tm.tv_sec != 0 || direct_reclaim_start_tm.tv_nsec != 0;
2955 in_kswapd_reclaim = kswapd_start_tm.tv_sec != 0 || kswapd_start_tm.tv_nsec != 0;
2956 } else {
2957 in_direct_reclaim = vs.field.pgscan_direct != init_pgscan_direct;
2958 in_kswapd_reclaim = (vs.field.pgscan_kswapd != init_pgscan_kswapd) ||
2959 (vs.field.pgrefill != init_pgrefill);
2960 }
2961
2962 /* Identify reclaim state */
2963 if (in_direct_reclaim) {
2964 init_pgscan_direct = vs.field.pgscan_direct;
2965 init_pgscan_kswapd = vs.field.pgscan_kswapd;
2966 init_pgrefill = vs.field.pgrefill;
2967 direct_reclaim_duration_ms = get_time_diff_ms(&direct_reclaim_start_tm, &curr_tm);
2968 reclaim = DIRECT_RECLAIM;
2969 } else if (in_kswapd_reclaim) {
2970 init_pgscan_kswapd = vs.field.pgscan_kswapd;
2971 init_pgrefill = vs.field.pgrefill;
2972 reclaim = KSWAPD_RECLAIM;
2973 } else if (workingset_refault_file == prev_workingset_refault) {
2974 /*
2975 * Device is not thrashing and not reclaiming, bail out early until we see these stats
2976 * changing
2977 */
2978 goto no_kill;
2979 }
2980
2981 prev_workingset_refault = workingset_refault_file;
2982
2983 /*
2984 * It's possible we fail to find an eligible process to kill (ex. no process is
2985 * above oom_adj_min). When this happens, we should retry to find a new process
2986 * for a kill whenever a new eligible process is available. This is especially
2987 * important for a slow growing refault case. While retrying, we should keep
2988 * monitoring new thrashing counter as someone could release the memory to mitigate
2989 * the thrashing. Thus, when thrashing reset window comes, we decay the prev thrashing
2990 * counter by window counts. If the counter is still greater than thrashing limit,
2991 * we preserve the current prev_thrash counter so we will retry kill again. Otherwise,
2992 * we reset the prev_thrash counter so we will stop retrying.
2993 */
2994 since_thrashing_reset_ms = get_time_diff_ms(&thrashing_reset_tm, &curr_tm);
2995 if (since_thrashing_reset_ms > THRASHING_RESET_INTERVAL_MS) {
2996 long windows_passed;
2997 /* Calculate prev_thrash_growth if we crossed THRASHING_RESET_INTERVAL_MS */
2998 prev_thrash_growth = (workingset_refault_file - init_ws_refault) * 100
2999 / (base_file_lru + 1);
3000 windows_passed = (since_thrashing_reset_ms / THRASHING_RESET_INTERVAL_MS);
3001 /*
3002 * Decay prev_thrashing unless over-the-limit thrashing was registered in the window we
3003 * just crossed, which means there were no eligible processes to kill. We preserve the
3004 * counter in that case to ensure a kill if a new eligible process appears.
3005 */
3006 if (windows_passed > 1 || prev_thrash_growth < thrashing_limit) {
3007 prev_thrash_growth >>= windows_passed;
3008 }
3009
3010 /* Record file-backed pagecache size when crossing THRASHING_RESET_INTERVAL_MS */
3011 base_file_lru = vs.field.nr_inactive_file + vs.field.nr_active_file;
3012 init_ws_refault = workingset_refault_file;
3013 thrashing_reset_tm = curr_tm;
3014 thrashing_limit = thrashing_limit_pct;
3015 } else {
3016 /* Calculate what % of the file-backed pagecache refaulted so far */
3017 thrashing = (workingset_refault_file - init_ws_refault) * 100 / (base_file_lru + 1);
3018 }
3019 /* Add previous cycle's decayed thrashing amount */
3020 thrashing += prev_thrash_growth;
3021 if (max_thrashing < thrashing) {
3022 max_thrashing = thrashing;
3023 }
3024
3025 update_watermarks:
3026 /*
3027 * Refresh watermarks once per min in case user updated one of the margins.
3028 * TODO: b/140521024 replace this periodic update with an API for AMS to notify LMKD
3029 * that zone watermarks were changed by the system software.
3030 */
3031 if (watermarks.high_wmark == 0 || get_time_diff_ms(&wmark_update_tm, &curr_tm) > 60000) {
3032 struct zoneinfo zi;
3033
3034 if (zoneinfo_parse(&zi) < 0) {
3035 ALOGE("Failed to parse zoneinfo!");
3036 return;
3037 }
3038
3039 calc_zone_watermarks(&zi, &watermarks);
3040 wmark_update_tm = curr_tm;
3041 }
3042
3043 /* Find out which watermark is breached if any */
3044 wmark = get_lowest_watermark(&mi, &watermarks);
3045
3046 if (!psi_parse_mem(&psi_data)) {
3047 critical_stall = psi_data.mem_stats[PSI_FULL].avg10 > (float)stall_limit_critical;
3048 }
3049 /*
3050 * TODO: move this logic into a separate function
3051 * Decide if killing a process is necessary and record the reason
3052 */
3053 if (cycle_after_kill && wmark < WMARK_LOW) {
3054 /*
3055 * Prevent kills not freeing enough memory which might lead to OOM kill.
3056 * This might happen when a process is consuming memory faster than reclaim can
3057 * free even after a kill. Mostly happens when running memory stress tests.
3058 */
3059 min_score_adj = pressure_after_kill_min_score;
3060 kill_reason = PRESSURE_AFTER_KILL;
3061 strncpy(kill_desc, "min watermark is breached even after kill", sizeof(kill_desc));
3062 } else if (level == VMPRESS_LEVEL_CRITICAL && events != 0) {
3063 /*
3064 * Device is too busy reclaiming memory which might lead to ANR.
3065 * Critical level is triggered when PSI complete stall (all tasks are blocked because
3066 * of the memory congestion) breaches the configured threshold.
3067 */
3068 kill_reason = NOT_RESPONDING;
3069 strncpy(kill_desc, "device is not responding", sizeof(kill_desc));
3070 } else if (swap_is_low && thrashing > thrashing_limit_pct) {
3071 /* Page cache is thrashing while swap is low */
3072 kill_reason = LOW_SWAP_AND_THRASHING;
3073 snprintf(kill_desc, sizeof(kill_desc), "device is low on swap (%" PRId64
3074 "kB < %" PRId64 "kB) and thrashing (%" PRId64 "%%)",
3075 get_free_swap(&mi) * page_k, swap_low_threshold * page_k, thrashing);
3076 /* Do not kill perceptible apps unless below min watermark or heavily thrashing */
3077 if (wmark > WMARK_MIN && thrashing < thrashing_critical_pct) {
3078 min_score_adj = PERCEPTIBLE_APP_ADJ + 1;
3079 }
3080 check_filecache = true;
3081 } else if (swap_is_low && wmark < WMARK_HIGH) {
3082 /* Both free memory and swap are low */
3083 kill_reason = LOW_MEM_AND_SWAP;
3084 snprintf(kill_desc, sizeof(kill_desc), "%s watermark is breached and swap is low (%"
3085 PRId64 "kB < %" PRId64 "kB)", wmark < WMARK_LOW ? "min" : "low",
3086 get_free_swap(&mi) * page_k, swap_low_threshold * page_k);
3087 /* Do not kill perceptible apps unless below min watermark or heavily thrashing */
3088 if (wmark > WMARK_MIN && thrashing < thrashing_critical_pct) {
3089 min_score_adj = PERCEPTIBLE_APP_ADJ + 1;
3090 }
3091 } else if (wmark < WMARK_HIGH && swap_util_max < 100 &&
3092 (swap_util = calc_swap_utilization(&mi)) > swap_util_max) {
3093 /*
3094 * Too much anon memory is swapped out but swap is not low.
3095 * Non-swappable allocations created memory pressure.
3096 */
3097 kill_reason = LOW_MEM_AND_SWAP_UTIL;
3098 snprintf(kill_desc, sizeof(kill_desc), "%s watermark is breached and swap utilization"
3099 " is high (%d%% > %d%%)", wmark < WMARK_LOW ? "min" : "low",
3100 swap_util, swap_util_max);
3101 } else if (wmark < WMARK_HIGH && thrashing > thrashing_limit) {
3102 /* Page cache is thrashing while memory is low */
3103 kill_reason = LOW_MEM_AND_THRASHING;
3104 snprintf(kill_desc, sizeof(kill_desc), "%s watermark is breached and thrashing (%"
3105 PRId64 "%%)", wmark < WMARK_LOW ? "min" : "low", thrashing);
3106 cut_thrashing_limit = true;
3107 /* Do not kill perceptible apps unless thrashing at critical levels */
3108 if (thrashing < thrashing_critical_pct) {
3109 min_score_adj = PERCEPTIBLE_APP_ADJ + 1;
3110 }
3111 check_filecache = true;
3112 } else if (reclaim == DIRECT_RECLAIM && thrashing > thrashing_limit) {
3113 /* Page cache is thrashing while in direct reclaim (mostly happens on lowram devices) */
3114 kill_reason = DIRECT_RECL_AND_THRASHING;
3115 snprintf(kill_desc, sizeof(kill_desc), "device is in direct reclaim and thrashing (%"
3116 PRId64 "%%)", thrashing);
3117 cut_thrashing_limit = true;
3118 /* Do not kill perceptible apps unless thrashing at critical levels */
3119 if (thrashing < thrashing_critical_pct) {
3120 min_score_adj = PERCEPTIBLE_APP_ADJ + 1;
3121 }
3122 check_filecache = true;
3123 } else if (reclaim == DIRECT_RECLAIM && direct_reclaim_threshold_ms > 0 &&
3124 direct_reclaim_duration_ms > direct_reclaim_threshold_ms) {
3125 kill_reason = DIRECT_RECL_STUCK;
3126 snprintf(kill_desc, sizeof(kill_desc), "device is stuck in direct reclaim (%ldms > %dms)",
3127 direct_reclaim_duration_ms, direct_reclaim_threshold_ms);
3128 } else if (check_filecache) {
3129 int64_t file_lru_kb = (vs.field.nr_inactive_file + vs.field.nr_active_file) * page_k;
3130
3131 if (file_lru_kb < filecache_min_kb) {
3132 /* File cache is too low after thrashing, keep killing background processes */
3133 kill_reason = LOW_FILECACHE_AFTER_THRASHING;
3134 snprintf(kill_desc, sizeof(kill_desc),
3135 "filecache is low (%" PRId64 "kB < %" PRId64 "kB) after thrashing",
3136 file_lru_kb, filecache_min_kb);
3137 min_score_adj = PERCEPTIBLE_APP_ADJ + 1;
3138 } else {
3139 /* File cache is big enough, stop checking */
3140 check_filecache = false;
3141 }
3142 }
3143
3144 /* Check if a cached app should be killed */
3145 if (kill_reason == NONE && wmark < WMARK_HIGH) {
3146 kill_reason = LOW_MEM;
3147 snprintf(kill_desc, sizeof(kill_desc), "%s watermark is breached",
3148 wmark < WMARK_LOW ? "min" : "low");
3149 min_score_adj = lowmem_min_oom_score;
3150 }
3151
3152 /* Kill a process if necessary */
3153 if (kill_reason != NONE) {
3154 struct kill_info ki = {
3155 .kill_reason = kill_reason,
3156 .kill_desc = kill_desc,
3157 .thrashing = (int)thrashing,
3158 .max_thrashing = max_thrashing,
3159 };
3160 static bool first_kill = true;
3161
3162 /* Make sure watermarks are correct before the first kill */
3163 if (first_kill) {
3164 first_kill = false;
3165 watermarks.high_wmark = 0; // force recomputation
3166 goto update_watermarks;
3167 }
3168
3169 /* Allow killing perceptible apps if the system is stalled */
3170 if (critical_stall) {
3171 min_score_adj = 0;
3172 }
3173 psi_parse_io(&psi_data);
3174 psi_parse_cpu(&psi_data);
3175 int pages_freed = find_and_kill_process(min_score_adj, &ki, &mi, &wi, &curr_tm, &psi_data);
3176 if (pages_freed > 0) {
3177 killing = true;
3178 max_thrashing = 0;
3179 if (cut_thrashing_limit) {
3180 /*
3181 * Cut thrasing limit by thrashing_limit_decay_pct percentage of the current
3182 * thrashing limit until the system stops thrashing.
3183 */
3184 thrashing_limit = (thrashing_limit * (100 - thrashing_limit_decay_pct)) / 100;
3185 }
3186 }
3187 }
3188
3189 no_kill:
3190 /* Do not poll if kernel supports pidfd waiting */
3191 if (is_waiting_for_kill()) {
3192 /* Pause polling if we are waiting for process death notification */
3193 poll_params->update = POLLING_PAUSE;
3194 return;
3195 }
3196
3197 /*
3198 * Start polling after initial PSI event;
3199 * extend polling while device is in direct reclaim or process is being killed;
3200 * do not extend when kswapd reclaims because that might go on for a long time
3201 * without causing memory pressure
3202 */
3203 if (events || killing || reclaim == DIRECT_RECLAIM) {
3204 poll_params->update = POLLING_START;
3205 }
3206
3207 /* Decide the polling interval */
3208 if (swap_is_low || killing) {
3209 /* Fast polling during and after a kill or when swap is low */
3210 poll_params->polling_interval_ms = PSI_POLL_PERIOD_SHORT_MS;
3211 } else {
3212 /* By default use long intervals */
3213 poll_params->polling_interval_ms = PSI_POLL_PERIOD_LONG_MS;
3214 }
3215 }
3216
GetCgroupAttributePath(const char * attr)3217 static std::string GetCgroupAttributePath(const char* attr) {
3218 std::string path;
3219 if (!CgroupGetAttributePath(attr, &path)) {
3220 ALOGE("Unknown cgroup attribute %s", attr);
3221 }
3222 return path;
3223 }
3224
3225 // The implementation of this function relies on memcg statistics that are only available in the
3226 // v1 cgroup hierarchy.
mp_event_common(int data,uint32_t events,struct polling_params * poll_params)3227 static void mp_event_common(int data, uint32_t events, struct polling_params *poll_params) {
3228 unsigned long long evcount;
3229 int64_t mem_usage, memsw_usage;
3230 int64_t mem_pressure;
3231 union meminfo mi;
3232 struct zoneinfo zi;
3233 struct timespec curr_tm;
3234 static unsigned long kill_skip_count = 0;
3235 enum vmpressure_level level = (enum vmpressure_level)data;
3236 long other_free = 0, other_file = 0;
3237 int min_score_adj;
3238 int minfree = 0;
3239 static const std::string mem_usage_path = GetCgroupAttributePath("MemUsage");
3240 static struct reread_data mem_usage_file_data = {
3241 .filename = mem_usage_path.c_str(),
3242 .fd = -1,
3243 };
3244 static const std::string memsw_usage_path = GetCgroupAttributePath("MemAndSwapUsage");
3245 static struct reread_data memsw_usage_file_data = {
3246 .filename = memsw_usage_path.c_str(),
3247 .fd = -1,
3248 };
3249 static struct wakeup_info wi;
3250
3251 if (debug_process_killing) {
3252 ALOGI("%s memory pressure event is triggered", level_name[level]);
3253 }
3254
3255 if (!use_psi_monitors) {
3256 /*
3257 * Check all event counters from low to critical
3258 * and upgrade to the highest priority one. By reading
3259 * eventfd we also reset the event counters.
3260 */
3261 for (int lvl = VMPRESS_LEVEL_LOW; lvl < VMPRESS_LEVEL_COUNT; lvl++) {
3262 if (mpevfd[lvl] != -1 &&
3263 TEMP_FAILURE_RETRY(read(mpevfd[lvl],
3264 &evcount, sizeof(evcount))) > 0 &&
3265 evcount > 0 && lvl > level) {
3266 level = static_cast<vmpressure_level>(lvl);
3267 }
3268 }
3269 }
3270
3271 /* Start polling after initial PSI event */
3272 if (use_psi_monitors && events) {
3273 /* Override polling params only if current event is more critical */
3274 if (!poll_params->poll_handler || data > poll_params->poll_handler->data) {
3275 poll_params->polling_interval_ms = PSI_POLL_PERIOD_SHORT_MS;
3276 poll_params->update = POLLING_START;
3277 }
3278 }
3279
3280 if (clock_gettime(CLOCK_MONOTONIC_COARSE, &curr_tm) != 0) {
3281 ALOGE("Failed to get current time");
3282 return;
3283 }
3284
3285 record_wakeup_time(&curr_tm, events ? Event : Polling, &wi);
3286
3287 if (kill_timeout_ms &&
3288 get_time_diff_ms(&last_kill_tm, &curr_tm) < static_cast<long>(kill_timeout_ms)) {
3289 /*
3290 * If we're within the no-kill timeout, see if there's pending reclaim work
3291 * from the last killed process. If so, skip killing for now.
3292 */
3293 if (is_kill_pending()) {
3294 kill_skip_count++;
3295 wi.skipped_wakeups++;
3296 return;
3297 }
3298 /*
3299 * Process is dead, stop waiting. This has no effect if pidfds are supported and
3300 * death notification already caused waiting to stop.
3301 */
3302 stop_wait_for_proc_kill(true);
3303 } else {
3304 /*
3305 * Killing took longer than no-kill timeout. Stop waiting for the last process
3306 * to die because we are ready to kill again.
3307 */
3308 stop_wait_for_proc_kill(false);
3309 }
3310
3311 if (kill_skip_count > 0) {
3312 ALOGI("%lu memory pressure events were skipped after a kill!",
3313 kill_skip_count);
3314 kill_skip_count = 0;
3315 }
3316
3317 if (meminfo_parse(&mi) < 0 || zoneinfo_parse(&zi) < 0) {
3318 ALOGE("Failed to get free memory!");
3319 return;
3320 }
3321
3322 if (use_minfree_levels) {
3323 int i;
3324
3325 other_free = mi.field.nr_free_pages - zi.totalreserve_pages;
3326 if (mi.field.nr_file_pages > (mi.field.shmem + mi.field.unevictable + mi.field.swap_cached)) {
3327 other_file = (mi.field.nr_file_pages - mi.field.shmem -
3328 mi.field.unevictable - mi.field.swap_cached);
3329 } else {
3330 other_file = 0;
3331 }
3332
3333 min_score_adj = OOM_SCORE_ADJ_MAX + 1;
3334 for (i = 0; i < lowmem_targets_size; i++) {
3335 minfree = lowmem_minfree[i];
3336 if (other_free < minfree && other_file < minfree) {
3337 min_score_adj = lowmem_adj[i];
3338 break;
3339 }
3340 }
3341
3342 if (min_score_adj == OOM_SCORE_ADJ_MAX + 1) {
3343 if (debug_process_killing && lowmem_targets_size) {
3344 ALOGI("Ignore %s memory pressure event "
3345 "(free memory=%ldkB, cache=%ldkB, limit=%ldkB)",
3346 level_name[level], other_free * page_k, other_file * page_k,
3347 (long)lowmem_minfree[lowmem_targets_size - 1] * page_k);
3348 }
3349 return;
3350 }
3351
3352 goto do_kill;
3353 }
3354
3355 if (level == VMPRESS_LEVEL_LOW) {
3356 record_low_pressure_levels(&mi);
3357 }
3358
3359 if (level_oomadj[level] > OOM_SCORE_ADJ_MAX) {
3360 /* Do not monitor this pressure level */
3361 return;
3362 }
3363
3364 if ((mem_usage = get_memory_usage(&mem_usage_file_data)) < 0) {
3365 goto do_kill;
3366 }
3367 if ((memsw_usage = get_memory_usage(&memsw_usage_file_data)) < 0) {
3368 goto do_kill;
3369 }
3370
3371 // Calculate percent for swappinness.
3372 mem_pressure = (mem_usage * 100) / memsw_usage;
3373
3374 if (enable_pressure_upgrade && level != VMPRESS_LEVEL_CRITICAL) {
3375 // We are swapping too much.
3376 if (mem_pressure < upgrade_pressure) {
3377 level = upgrade_level(level);
3378 if (debug_process_killing) {
3379 ALOGI("Event upgraded to %s", level_name[level]);
3380 }
3381 }
3382 }
3383
3384 // If we still have enough swap space available, check if we want to
3385 // ignore/downgrade pressure events.
3386 if (get_free_swap(&mi) >=
3387 mi.field.total_swap * swap_free_low_percentage / 100) {
3388 // If the pressure is larger than downgrade_pressure lmk will not
3389 // kill any process, since enough memory is available.
3390 if (mem_pressure > downgrade_pressure) {
3391 if (debug_process_killing) {
3392 ALOGI("Ignore %s memory pressure", level_name[level]);
3393 }
3394 return;
3395 } else if (level == VMPRESS_LEVEL_CRITICAL && mem_pressure > upgrade_pressure) {
3396 if (debug_process_killing) {
3397 ALOGI("Downgrade critical memory pressure");
3398 }
3399 // Downgrade event, since enough memory available.
3400 level = downgrade_level(level);
3401 }
3402 }
3403
3404 do_kill:
3405 if (low_ram_device) {
3406 /* For Go devices kill only one task */
3407 if (find_and_kill_process(use_minfree_levels ? min_score_adj : level_oomadj[level],
3408 NULL, &mi, &wi, &curr_tm, NULL) == 0) {
3409 if (debug_process_killing) {
3410 ALOGI("Nothing to kill");
3411 }
3412 }
3413 } else {
3414 int pages_freed;
3415 static struct timespec last_report_tm;
3416 static unsigned long report_skip_count = 0;
3417
3418 if (!use_minfree_levels) {
3419 /* Free up enough memory to downgrate the memory pressure to low level */
3420 if (mi.field.nr_free_pages >= low_pressure_mem.max_nr_free_pages) {
3421 if (debug_process_killing) {
3422 ALOGI("Ignoring pressure since more memory is "
3423 "available (%" PRId64 ") than watermark (%" PRId64 ")",
3424 mi.field.nr_free_pages, low_pressure_mem.max_nr_free_pages);
3425 }
3426 return;
3427 }
3428 min_score_adj = level_oomadj[level];
3429 }
3430
3431 pages_freed = find_and_kill_process(min_score_adj, NULL, &mi, &wi, &curr_tm, NULL);
3432
3433 if (pages_freed == 0) {
3434 /* Rate limit kill reports when nothing was reclaimed */
3435 if (get_time_diff_ms(&last_report_tm, &curr_tm) < FAIL_REPORT_RLIMIT_MS) {
3436 report_skip_count++;
3437 return;
3438 }
3439 }
3440
3441 /* Log whenever we kill or when report rate limit allows */
3442 if (use_minfree_levels) {
3443 ALOGI("Reclaimed %ldkB, cache(%ldkB) and free(%" PRId64 "kB)-reserved(%" PRId64 "kB) "
3444 "below min(%ldkB) for oom_score_adj %d",
3445 pages_freed * page_k,
3446 other_file * page_k, mi.field.nr_free_pages * page_k,
3447 zi.totalreserve_pages * page_k,
3448 minfree * page_k, min_score_adj);
3449 } else {
3450 ALOGI("Reclaimed %ldkB at oom_score_adj %d", pages_freed * page_k, min_score_adj);
3451 }
3452
3453 if (report_skip_count > 0) {
3454 ALOGI("Suppressed %lu failed kill reports", report_skip_count);
3455 report_skip_count = 0;
3456 }
3457
3458 last_report_tm = curr_tm;
3459 }
3460 if (is_waiting_for_kill()) {
3461 /* pause polling if we are waiting for process death notification */
3462 poll_params->update = POLLING_PAUSE;
3463 }
3464 }
3465
init_mp_psi(enum vmpressure_level level,bool use_new_strategy)3466 static bool init_mp_psi(enum vmpressure_level level, bool use_new_strategy) {
3467 int fd;
3468
3469 /* Do not register a handler if threshold_ms is not set */
3470 if (!psi_thresholds[level].threshold_ms) {
3471 return true;
3472 }
3473
3474 fd = init_psi_monitor(psi_thresholds[level].stall_type,
3475 psi_thresholds[level].threshold_ms * US_PER_MS,
3476 PSI_WINDOW_SIZE_MS * US_PER_MS);
3477
3478 if (fd < 0) {
3479 return false;
3480 }
3481
3482 vmpressure_hinfo[level].handler = use_new_strategy ? mp_event_psi : mp_event_common;
3483 vmpressure_hinfo[level].data = level;
3484 if (register_psi_monitor(epollfd, fd, &vmpressure_hinfo[level]) < 0) {
3485 destroy_psi_monitor(fd);
3486 return false;
3487 }
3488 maxevents++;
3489 mpevfd[level] = fd;
3490
3491 return true;
3492 }
3493
destroy_mp_psi(enum vmpressure_level level)3494 static void destroy_mp_psi(enum vmpressure_level level) {
3495 int fd = mpevfd[level];
3496
3497 if (fd < 0) {
3498 return;
3499 }
3500
3501 if (unregister_psi_monitor(epollfd, fd) < 0) {
3502 ALOGE("Failed to unregister psi monitor for %s memory pressure; errno=%d",
3503 level_name[level], errno);
3504 }
3505 maxevents--;
3506 destroy_psi_monitor(fd);
3507 mpevfd[level] = -1;
3508 }
3509
3510 enum class MemcgVersion {
3511 kNotFound,
3512 kV1,
3513 kV2,
3514 };
3515
__memcg_version()3516 static MemcgVersion __memcg_version() {
3517 std::string cgroupv2_path, memcg_path;
3518
3519 if (!CgroupGetControllerPath("memory", &memcg_path)) {
3520 return MemcgVersion::kNotFound;
3521 }
3522 return CgroupGetControllerPath(CGROUPV2_HIERARCHY_NAME, &cgroupv2_path) &&
3523 cgroupv2_path == memcg_path
3524 ? MemcgVersion::kV2
3525 : MemcgVersion::kV1;
3526 }
3527
memcg_version()3528 static MemcgVersion memcg_version() {
3529 static MemcgVersion version = __memcg_version();
3530
3531 return version;
3532 }
3533
memevent_listener_notification(int data __unused,uint32_t events __unused,struct polling_params * poll_params __unused)3534 static void memevent_listener_notification(int data __unused, uint32_t events __unused,
3535 struct polling_params* poll_params __unused) {
3536 struct timespec curr_tm;
3537 std::vector<mem_event_t> mem_events;
3538
3539 if (clock_gettime(CLOCK_MONOTONIC_COARSE, &curr_tm) != 0) {
3540 direct_reclaim_start_tm.tv_sec = 0;
3541 direct_reclaim_start_tm.tv_nsec = 0;
3542 ALOGE("Failed to get current time for memevent listener notification.");
3543 return;
3544 }
3545
3546 if (!memevent_listener->getMemEvents(mem_events)) {
3547 direct_reclaim_start_tm.tv_sec = 0;
3548 direct_reclaim_start_tm.tv_nsec = 0;
3549 ALOGE("Failed fetching memory listener events.");
3550 return;
3551 }
3552
3553 for (const mem_event_t& mem_event : mem_events) {
3554 switch (mem_event.type) {
3555 /* Direct Reclaim */
3556 case MEM_EVENT_DIRECT_RECLAIM_BEGIN:
3557 direct_reclaim_start_tm = curr_tm;
3558 break;
3559 case MEM_EVENT_DIRECT_RECLAIM_END:
3560 direct_reclaim_start_tm.tv_sec = 0;
3561 direct_reclaim_start_tm.tv_nsec = 0;
3562 break;
3563
3564 /* kswapd */
3565 case MEM_EVENT_KSWAPD_WAKE:
3566 kswapd_start_tm = curr_tm;
3567 break;
3568 case MEM_EVENT_KSWAPD_SLEEP:
3569 kswapd_start_tm.tv_sec = 0;
3570 kswapd_start_tm.tv_nsec = 0;
3571 break;
3572 }
3573 }
3574 }
3575
init_memevent_listener_monitoring()3576 static bool init_memevent_listener_monitoring() {
3577 static struct event_handler_info direct_reclaim_poll_hinfo = {0,
3578 memevent_listener_notification};
3579
3580 if (memevent_listener) return true;
3581
3582 // Make sure bpf programs are loaded, else we'll wait until they are loaded
3583 android::bpf::waitForProgsLoaded();
3584 memevent_listener = std::make_unique<android::bpf::memevents::MemEventListener>(
3585 android::bpf::memevents::MemEventClient::LMKD);
3586
3587 if (!memevent_listener->ok()) {
3588 ALOGE("Failed to initialize memevents listener");
3589 memevent_listener.reset();
3590 return false;
3591 }
3592
3593 if (!memevent_listener->registerEvent(MEM_EVENT_DIRECT_RECLAIM_BEGIN) ||
3594 !memevent_listener->registerEvent(MEM_EVENT_DIRECT_RECLAIM_END)) {
3595 ALOGE("Failed to register direct reclaim memevents");
3596 memevent_listener.reset();
3597 return false;
3598 }
3599 if (!memevent_listener->registerEvent(MEM_EVENT_KSWAPD_WAKE) ||
3600 !memevent_listener->registerEvent(MEM_EVENT_KSWAPD_SLEEP)) {
3601 ALOGE("Failed to register kswapd memevents");
3602 memevent_listener.reset();
3603 return false;
3604 }
3605
3606 int memevent_listener_fd = memevent_listener->getRingBufferFd();
3607 if (memevent_listener_fd < 0) {
3608 memevent_listener.reset();
3609 ALOGE("Invalid memevent_listener fd: %d", memevent_listener_fd);
3610 return false;
3611 }
3612
3613 struct epoll_event epev;
3614 epev.events = EPOLLIN;
3615 epev.data.ptr = (void*)&direct_reclaim_poll_hinfo;
3616 if (epoll_ctl(epollfd, EPOLL_CTL_ADD, memevent_listener_fd, &epev) < 0) {
3617 ALOGE("Failed registering memevent_listener fd: %d; errno=%d", memevent_listener_fd, errno);
3618 memevent_listener.reset();
3619 return false;
3620 }
3621
3622 direct_reclaim_start_tm.tv_sec = 0;
3623 direct_reclaim_start_tm.tv_nsec = 0;
3624
3625 maxevents++;
3626 return true;
3627 }
3628
init_psi_monitors()3629 static bool init_psi_monitors() {
3630 /*
3631 * When PSI is used on low-ram devices or on high-end devices without memfree levels
3632 * use new kill strategy based on zone watermarks, free swap and thrashing stats.
3633 * Also use the new strategy if memcg has not been mounted in the v1 cgroups hiearchy since
3634 * the old strategy relies on memcg attributes that are available only in the v1 cgroups
3635 * hiearchy.
3636 */
3637 bool use_new_strategy =
3638 GET_LMK_PROPERTY(bool, "use_new_strategy", low_ram_device || !use_minfree_levels);
3639 if (!use_new_strategy && memcg_version() != MemcgVersion::kV1) {
3640 ALOGE("Old kill strategy can only be used with v1 cgroup hierarchy");
3641 return false;
3642 }
3643 /* In default PSI mode override stall amounts using system properties */
3644 if (use_new_strategy) {
3645 /* Do not use low pressure level */
3646 psi_thresholds[VMPRESS_LEVEL_LOW].threshold_ms = 0;
3647 psi_thresholds[VMPRESS_LEVEL_MEDIUM].threshold_ms = psi_partial_stall_ms;
3648 psi_thresholds[VMPRESS_LEVEL_CRITICAL].threshold_ms = psi_complete_stall_ms;
3649 }
3650
3651 if (!init_mp_psi(VMPRESS_LEVEL_LOW, use_new_strategy)) {
3652 return false;
3653 }
3654 if (!init_mp_psi(VMPRESS_LEVEL_MEDIUM, use_new_strategy)) {
3655 destroy_mp_psi(VMPRESS_LEVEL_LOW);
3656 return false;
3657 }
3658 if (!init_mp_psi(VMPRESS_LEVEL_CRITICAL, use_new_strategy)) {
3659 destroy_mp_psi(VMPRESS_LEVEL_MEDIUM);
3660 destroy_mp_psi(VMPRESS_LEVEL_LOW);
3661 return false;
3662 }
3663 return true;
3664 }
3665
init_mp_common(enum vmpressure_level level)3666 static bool init_mp_common(enum vmpressure_level level) {
3667 // The implementation of this function relies on memcg statistics that are only available in the
3668 // v1 cgroup hierarchy.
3669 if (memcg_version() != MemcgVersion::kV1) {
3670 ALOGE("%s: global monitoring is only available for the v1 cgroup hierarchy", __func__);
3671 return false;
3672 }
3673
3674 int mpfd;
3675 int evfd;
3676 int evctlfd;
3677 char buf[256];
3678 struct epoll_event epev;
3679 int ret;
3680 int level_idx = (int)level;
3681 const char *levelstr = level_name[level_idx];
3682
3683 /* gid containing AID_SYSTEM required */
3684 mpfd = open(GetCgroupAttributePath("MemPressureLevel").c_str(), O_RDONLY | O_CLOEXEC);
3685 if (mpfd < 0) {
3686 ALOGI("No kernel memory.pressure_level support (errno=%d)", errno);
3687 goto err_open_mpfd;
3688 }
3689
3690 evctlfd = open(GetCgroupAttributePath("MemCgroupEventControl").c_str(), O_WRONLY | O_CLOEXEC);
3691 if (evctlfd < 0) {
3692 ALOGI("No kernel memory cgroup event control (errno=%d)", errno);
3693 goto err_open_evctlfd;
3694 }
3695
3696 evfd = eventfd(0, EFD_NONBLOCK | EFD_CLOEXEC);
3697 if (evfd < 0) {
3698 ALOGE("eventfd failed for level %s; errno=%d", levelstr, errno);
3699 goto err_eventfd;
3700 }
3701
3702 ret = snprintf(buf, sizeof(buf), "%d %d %s", evfd, mpfd, levelstr);
3703 if (ret >= (ssize_t)sizeof(buf)) {
3704 ALOGE("cgroup.event_control line overflow for level %s", levelstr);
3705 goto err;
3706 }
3707
3708 ret = TEMP_FAILURE_RETRY(write(evctlfd, buf, strlen(buf) + 1));
3709 if (ret == -1) {
3710 ALOGE("cgroup.event_control write failed for level %s; errno=%d",
3711 levelstr, errno);
3712 goto err;
3713 }
3714
3715 epev.events = EPOLLIN;
3716 /* use data to store event level */
3717 vmpressure_hinfo[level_idx].data = level_idx;
3718 vmpressure_hinfo[level_idx].handler = mp_event_common;
3719 epev.data.ptr = (void *)&vmpressure_hinfo[level_idx];
3720 ret = epoll_ctl(epollfd, EPOLL_CTL_ADD, evfd, &epev);
3721 if (ret == -1) {
3722 ALOGE("epoll_ctl for level %s failed; errno=%d", levelstr, errno);
3723 goto err;
3724 }
3725 maxevents++;
3726 mpevfd[level] = evfd;
3727 close(evctlfd);
3728 return true;
3729
3730 err:
3731 close(evfd);
3732 err_eventfd:
3733 close(evctlfd);
3734 err_open_evctlfd:
3735 close(mpfd);
3736 err_open_mpfd:
3737 return false;
3738 }
3739
destroy_mp_common(enum vmpressure_level level)3740 static void destroy_mp_common(enum vmpressure_level level) {
3741 struct epoll_event epev;
3742 int fd = mpevfd[level];
3743
3744 if (fd < 0) {
3745 return;
3746 }
3747
3748 if (epoll_ctl(epollfd, EPOLL_CTL_DEL, fd, &epev)) {
3749 // Log an error and keep going
3750 ALOGE("epoll_ctl for level %s failed; errno=%d", level_name[level], errno);
3751 }
3752 maxevents--;
3753 close(fd);
3754 mpevfd[level] = -1;
3755 }
3756
kernel_event_handler(int data __unused,uint32_t events __unused,struct polling_params * poll_params __unused)3757 static void kernel_event_handler(int data __unused, uint32_t events __unused,
3758 struct polling_params *poll_params __unused) {
3759 poll_kernel(kpoll_fd);
3760 }
3761
init_monitors()3762 static bool init_monitors() {
3763 /* Try to use psi monitor first if kernel has it */
3764 use_psi_monitors = GET_LMK_PROPERTY(bool, "use_psi", true) &&
3765 init_psi_monitors();
3766 /* Fall back to vmpressure */
3767 if (!use_psi_monitors &&
3768 (!init_mp_common(VMPRESS_LEVEL_LOW) ||
3769 !init_mp_common(VMPRESS_LEVEL_MEDIUM) ||
3770 !init_mp_common(VMPRESS_LEVEL_CRITICAL))) {
3771 ALOGE("Kernel does not support memory pressure events or in-kernel low memory killer");
3772 return false;
3773 }
3774 if (use_psi_monitors) {
3775 ALOGI("Using psi monitors for memory pressure detection");
3776 } else {
3777 ALOGI("Using vmpressure for memory pressure detection");
3778 }
3779
3780 monitors_initialized = true;
3781 return true;
3782 }
3783
destroy_monitors()3784 static void destroy_monitors() {
3785 if (use_psi_monitors) {
3786 destroy_mp_psi(VMPRESS_LEVEL_CRITICAL);
3787 destroy_mp_psi(VMPRESS_LEVEL_MEDIUM);
3788 destroy_mp_psi(VMPRESS_LEVEL_LOW);
3789 } else {
3790 destroy_mp_common(VMPRESS_LEVEL_CRITICAL);
3791 destroy_mp_common(VMPRESS_LEVEL_MEDIUM);
3792 destroy_mp_common(VMPRESS_LEVEL_LOW);
3793 }
3794 }
3795
drop_reaper_comm()3796 static void drop_reaper_comm() {
3797 close(reaper_comm_fd[0]);
3798 close(reaper_comm_fd[1]);
3799 }
3800
setup_reaper_comm()3801 static bool setup_reaper_comm() {
3802 if (pipe(reaper_comm_fd)) {
3803 ALOGE("pipe failed: %s", strerror(errno));
3804 return false;
3805 }
3806
3807 // Ensure main thread never blocks on read
3808 int flags = fcntl(reaper_comm_fd[0], F_GETFL);
3809 if (fcntl(reaper_comm_fd[0], F_SETFL, flags | O_NONBLOCK)) {
3810 ALOGE("fcntl failed: %s", strerror(errno));
3811 drop_reaper_comm();
3812 return false;
3813 }
3814
3815 return true;
3816 }
3817
init_reaper()3818 static bool init_reaper() {
3819 if (!reaper.is_reaping_supported()) {
3820 ALOGI("Process reaping is not supported");
3821 return false;
3822 }
3823
3824 if (!setup_reaper_comm()) {
3825 ALOGE("Failed to create thread communication channel");
3826 return false;
3827 }
3828
3829 // Setup epoll handler
3830 struct epoll_event epev;
3831 static struct event_handler_info kill_failed_hinfo = { 0, kill_fail_handler };
3832 epev.events = EPOLLIN;
3833 epev.data.ptr = (void *)&kill_failed_hinfo;
3834 if (epoll_ctl(epollfd, EPOLL_CTL_ADD, reaper_comm_fd[0], &epev)) {
3835 ALOGE("epoll_ctl failed: %s", strerror(errno));
3836 drop_reaper_comm();
3837 return false;
3838 }
3839
3840 if (!reaper.init(reaper_comm_fd[1])) {
3841 ALOGE("Failed to initialize reaper object");
3842 if (epoll_ctl(epollfd, EPOLL_CTL_DEL, reaper_comm_fd[0], &epev)) {
3843 ALOGE("epoll_ctl failed: %s", strerror(errno));
3844 }
3845 drop_reaper_comm();
3846 return false;
3847 }
3848 maxevents++;
3849
3850 return true;
3851 }
3852
init(void)3853 static int init(void) {
3854 static struct event_handler_info kernel_poll_hinfo = { 0, kernel_event_handler };
3855 struct reread_data file_data = {
3856 .filename = ZONEINFO_PATH,
3857 .fd = -1,
3858 };
3859 struct epoll_event epev;
3860 int pidfd;
3861 int i;
3862 int ret;
3863
3864 // Initialize page size
3865 pagesize = getpagesize();
3866 page_k = pagesize / 1024;
3867
3868 epollfd = epoll_create(MAX_EPOLL_EVENTS);
3869 if (epollfd == -1) {
3870 ALOGE("epoll_create failed (errno=%d)", errno);
3871 return -1;
3872 }
3873
3874 // mark data connections as not connected
3875 for (int i = 0; i < MAX_DATA_CONN; i++) {
3876 data_sock[i].sock = -1;
3877 }
3878
3879 ctrl_sock.sock = android_get_control_socket("lmkd");
3880 if (ctrl_sock.sock < 0) {
3881 ALOGE("get lmkd control socket failed");
3882 return -1;
3883 }
3884
3885 ret = listen(ctrl_sock.sock, MAX_DATA_CONN);
3886 if (ret < 0) {
3887 ALOGE("lmkd control socket listen failed (errno=%d)", errno);
3888 return -1;
3889 }
3890
3891 epev.events = EPOLLIN;
3892 ctrl_sock.handler_info.handler = ctrl_connect_handler;
3893 epev.data.ptr = (void *)&(ctrl_sock.handler_info);
3894 if (epoll_ctl(epollfd, EPOLL_CTL_ADD, ctrl_sock.sock, &epev) == -1) {
3895 ALOGE("epoll_ctl for lmkd control socket failed (errno=%d)", errno);
3896 return -1;
3897 }
3898 maxevents++;
3899
3900 has_inkernel_module = !access(INKERNEL_MINFREE_PATH, W_OK);
3901 use_inkernel_interface = has_inkernel_module;
3902
3903 if (use_inkernel_interface) {
3904 ALOGI("Using in-kernel low memory killer interface");
3905 if (init_poll_kernel()) {
3906 epev.events = EPOLLIN;
3907 epev.data.ptr = (void*)&kernel_poll_hinfo;
3908 if (epoll_ctl(epollfd, EPOLL_CTL_ADD, kpoll_fd, &epev) != 0) {
3909 ALOGE("epoll_ctl for lmk events failed (errno=%d)", errno);
3910 close(kpoll_fd);
3911 kpoll_fd = -1;
3912 } else {
3913 maxevents++;
3914 /* let the others know it does support reporting kills */
3915 property_set("sys.lmk.reportkills", "1");
3916 }
3917 }
3918 } else {
3919 // Do not register monitors until boot completed for devices configured
3920 // for delaying monitors. This is done to save CPU cycles for low
3921 // resource devices during boot up.
3922 if (!delay_monitors_until_boot || property_get_bool("sys.boot_completed", false)) {
3923 if (!init_monitors()) {
3924 return -1;
3925 }
3926 }
3927 /* let the others know it does support reporting kills */
3928 property_set("sys.lmk.reportkills", "1");
3929 }
3930
3931 for (i = 0; i <= ADJTOSLOT(OOM_SCORE_ADJ_MAX); i++) {
3932 procadjslot_list[i].next = &procadjslot_list[i];
3933 procadjslot_list[i].prev = &procadjslot_list[i];
3934 }
3935
3936 memset(killcnt_idx, KILLCNT_INVALID_IDX, sizeof(killcnt_idx));
3937
3938 /*
3939 * Read zoneinfo as the biggest file we read to create and size the initial
3940 * read buffer and avoid memory re-allocations during memory pressure
3941 */
3942 if (reread_file(&file_data) == NULL) {
3943 ALOGE("Failed to read %s: %s", file_data.filename, strerror(errno));
3944 }
3945
3946 /* check if kernel supports pidfd_open syscall */
3947 pidfd = TEMP_FAILURE_RETRY(pidfd_open(getpid(), 0));
3948 if (pidfd < 0) {
3949 pidfd_supported = (errno != ENOSYS);
3950 } else {
3951 pidfd_supported = true;
3952 close(pidfd);
3953 }
3954 ALOGI("Process polling is %s", pidfd_supported ? "supported" : "not supported" );
3955
3956 if (!lmkd_init_hook()) {
3957 ALOGE("Failed to initialize LMKD hooks.");
3958 return -1;
3959 }
3960
3961 return 0;
3962 }
3963
polling_paused(struct polling_params * poll_params)3964 static bool polling_paused(struct polling_params *poll_params) {
3965 return poll_params->paused_handler != NULL;
3966 }
3967
resume_polling(struct polling_params * poll_params,struct timespec curr_tm)3968 static void resume_polling(struct polling_params *poll_params, struct timespec curr_tm) {
3969 poll_params->poll_start_tm = curr_tm;
3970 poll_params->poll_handler = poll_params->paused_handler;
3971 poll_params->polling_interval_ms = PSI_POLL_PERIOD_SHORT_MS;
3972 poll_params->paused_handler = NULL;
3973 }
3974
call_handler(struct event_handler_info * handler_info,struct polling_params * poll_params,uint32_t events)3975 static void call_handler(struct event_handler_info* handler_info,
3976 struct polling_params *poll_params, uint32_t events) {
3977 struct timespec curr_tm;
3978
3979 watchdog.start();
3980 poll_params->update = POLLING_DO_NOT_CHANGE;
3981 handler_info->handler(handler_info->data, events, poll_params);
3982 clock_gettime(CLOCK_MONOTONIC_COARSE, &curr_tm);
3983 if (poll_params->poll_handler == handler_info) {
3984 poll_params->last_poll_tm = curr_tm;
3985 }
3986
3987 switch (poll_params->update) {
3988 case POLLING_START:
3989 /*
3990 * Poll for the duration of PSI_WINDOW_SIZE_MS after the
3991 * initial PSI event because psi events are rate-limited
3992 * at one per sec.
3993 */
3994 poll_params->poll_start_tm = curr_tm;
3995 poll_params->poll_handler = handler_info;
3996 break;
3997 case POLLING_PAUSE:
3998 poll_params->paused_handler = handler_info;
3999 poll_params->poll_handler = NULL;
4000 break;
4001 case POLLING_RESUME:
4002 resume_polling(poll_params, curr_tm);
4003 break;
4004 case POLLING_DO_NOT_CHANGE:
4005 if (poll_params->poll_handler &&
4006 get_time_diff_ms(&poll_params->poll_start_tm, &curr_tm) > PSI_WINDOW_SIZE_MS) {
4007 /* Polled for the duration of PSI window, time to stop */
4008 poll_params->poll_handler = NULL;
4009 }
4010 break;
4011 }
4012 watchdog.stop();
4013 }
4014
mainloop(void)4015 static void mainloop(void) {
4016 struct event_handler_info* handler_info;
4017 struct polling_params poll_params;
4018 struct timespec curr_tm;
4019 struct epoll_event *evt;
4020 long delay = -1;
4021
4022 poll_params.poll_handler = NULL;
4023 poll_params.paused_handler = NULL;
4024
4025 while (1) {
4026 struct epoll_event events[MAX_EPOLL_EVENTS];
4027 int nevents;
4028 int i;
4029
4030 if (poll_params.poll_handler) {
4031 bool poll_now;
4032
4033 clock_gettime(CLOCK_MONOTONIC_COARSE, &curr_tm);
4034 if (poll_params.update == POLLING_RESUME) {
4035 /* Just transitioned into POLLING_RESUME, poll immediately. */
4036 poll_now = true;
4037 nevents = 0;
4038 } else {
4039 /* Calculate next timeout */
4040 delay = get_time_diff_ms(&poll_params.last_poll_tm, &curr_tm);
4041 delay = (delay < poll_params.polling_interval_ms) ?
4042 poll_params.polling_interval_ms - delay : poll_params.polling_interval_ms;
4043
4044 /* Wait for events until the next polling timeout */
4045 nevents = epoll_wait(epollfd, events, maxevents, delay);
4046
4047 /* Update current time after wait */
4048 clock_gettime(CLOCK_MONOTONIC_COARSE, &curr_tm);
4049 poll_now = (get_time_diff_ms(&poll_params.last_poll_tm, &curr_tm) >=
4050 poll_params.polling_interval_ms);
4051 }
4052 if (poll_now) {
4053 call_handler(poll_params.poll_handler, &poll_params, 0);
4054 }
4055 } else {
4056 if (kill_timeout_ms && is_waiting_for_kill()) {
4057 clock_gettime(CLOCK_MONOTONIC_COARSE, &curr_tm);
4058 delay = kill_timeout_ms - get_time_diff_ms(&last_kill_tm, &curr_tm);
4059 /* Wait for pidfds notification or kill timeout to expire */
4060 nevents = (delay > 0) ? epoll_wait(epollfd, events, maxevents, delay) : 0;
4061 if (nevents == 0) {
4062 /* Kill notification timed out */
4063 stop_wait_for_proc_kill(false);
4064 if (polling_paused(&poll_params)) {
4065 clock_gettime(CLOCK_MONOTONIC_COARSE, &curr_tm);
4066 poll_params.update = POLLING_RESUME;
4067 resume_polling(&poll_params, curr_tm);
4068 }
4069 }
4070 } else {
4071 /* Wait for events with no timeout */
4072 nevents = epoll_wait(epollfd, events, maxevents, -1);
4073 }
4074 }
4075
4076 if (nevents == -1) {
4077 if (errno == EINTR)
4078 continue;
4079 ALOGE("epoll_wait failed (errno=%d)", errno);
4080 continue;
4081 }
4082
4083 /*
4084 * First pass to see if any data socket connections were dropped.
4085 * Dropped connection should be handled before any other events
4086 * to deallocate data connection and correctly handle cases when
4087 * connection gets dropped and reestablished in the same epoll cycle.
4088 * In such cases it's essential to handle connection closures first.
4089 */
4090 for (i = 0, evt = &events[0]; i < nevents; ++i, evt++) {
4091 if ((evt->events & EPOLLHUP) && evt->data.ptr) {
4092 ALOGI("lmkd data connection dropped");
4093 handler_info = (struct event_handler_info*)evt->data.ptr;
4094 watchdog.start();
4095 ctrl_data_close(handler_info->data);
4096 watchdog.stop();
4097 }
4098 }
4099
4100 /* Second pass to handle all other events */
4101 for (i = 0, evt = &events[0]; i < nevents; ++i, evt++) {
4102 if (evt->events & EPOLLERR) {
4103 ALOGD("EPOLLERR on event #%d", i);
4104 }
4105 if (evt->events & EPOLLHUP) {
4106 /* This case was handled in the first pass */
4107 continue;
4108 }
4109 if (evt->data.ptr) {
4110 handler_info = (struct event_handler_info*)evt->data.ptr;
4111 call_handler(handler_info, &poll_params, evt->events);
4112 }
4113 }
4114 }
4115 }
4116
issue_reinit()4117 int issue_reinit() {
4118 int sock;
4119
4120 sock = lmkd_connect();
4121 if (sock < 0) {
4122 ALOGE("failed to connect to lmkd: %s", strerror(errno));
4123 return -1;
4124 }
4125
4126 enum update_props_result res = lmkd_update_props(sock);
4127 switch (res) {
4128 case UPDATE_PROPS_SUCCESS:
4129 ALOGI("lmkd updated properties successfully");
4130 break;
4131 case UPDATE_PROPS_SEND_ERR:
4132 ALOGE("failed to send lmkd request: %s", strerror(errno));
4133 break;
4134 case UPDATE_PROPS_RECV_ERR:
4135 ALOGE("failed to receive lmkd reply: %s", strerror(errno));
4136 break;
4137 case UPDATE_PROPS_FORMAT_ERR:
4138 ALOGE("lmkd reply is invalid");
4139 break;
4140 case UPDATE_PROPS_FAIL:
4141 ALOGE("lmkd failed to update its properties");
4142 break;
4143 }
4144
4145 close(sock);
4146 return res == UPDATE_PROPS_SUCCESS ? 0 : -1;
4147 }
4148
on_boot_completed()4149 static int on_boot_completed() {
4150 int sock;
4151
4152 sock = lmkd_connect();
4153 if (sock < 0) {
4154 ALOGE("failed to connect to lmkd: %s", strerror(errno));
4155 return -1;
4156 }
4157
4158 enum boot_completed_notification_result res = lmkd_notify_boot_completed(sock);
4159
4160 switch (res) {
4161 case BOOT_COMPLETED_NOTIF_SUCCESS:
4162 break;
4163 case BOOT_COMPLETED_NOTIF_ALREADY_HANDLED:
4164 ALOGW("lmkd already handled boot-completed operations");
4165 break;
4166 case BOOT_COMPLETED_NOTIF_SEND_ERR:
4167 ALOGE("failed to send lmkd request: %m");
4168 break;
4169 case BOOT_COMPLETED_NOTIF_RECV_ERR:
4170 ALOGE("failed to receive request: %m");
4171 break;
4172 case BOOT_COMPLETED_NOTIF_FORMAT_ERR:
4173 ALOGE("lmkd reply is invalid");
4174 break;
4175 case BOOT_COMPLETED_NOTIF_FAILS:
4176 ALOGE("lmkd failed to receive boot-completed notification");
4177 break;
4178 }
4179
4180 close(sock);
4181 return res == BOOT_COMPLETED_NOTIF_SUCCESS ? 0 : -1;
4182 }
4183
update_props()4184 static bool update_props() {
4185 /* By default disable low level vmpressure events */
4186 level_oomadj[VMPRESS_LEVEL_LOW] =
4187 GET_LMK_PROPERTY(int32, "low", OOM_SCORE_ADJ_MAX + 1);
4188 level_oomadj[VMPRESS_LEVEL_MEDIUM] =
4189 GET_LMK_PROPERTY(int32, "medium", 800);
4190 level_oomadj[VMPRESS_LEVEL_CRITICAL] =
4191 GET_LMK_PROPERTY(int32, "critical", 0);
4192 debug_process_killing = GET_LMK_PROPERTY(bool, "debug", false);
4193
4194 /* By default disable upgrade/downgrade logic */
4195 enable_pressure_upgrade =
4196 GET_LMK_PROPERTY(bool, "critical_upgrade", false);
4197 upgrade_pressure =
4198 (int64_t)GET_LMK_PROPERTY(int32, "upgrade_pressure", 100);
4199 downgrade_pressure =
4200 (int64_t)GET_LMK_PROPERTY(int32, "downgrade_pressure", 100);
4201 kill_heaviest_task =
4202 GET_LMK_PROPERTY(bool, "kill_heaviest_task", false);
4203 low_ram_device = property_get_bool("ro.config.low_ram", false);
4204 kill_timeout_ms =
4205 (unsigned long)GET_LMK_PROPERTY(int32, "kill_timeout_ms", 100);
4206 pressure_after_kill_min_score =
4207 (unsigned long)GET_LMK_PROPERTY(int32, "pressure_after_kill_min_score", 0);
4208 use_minfree_levels =
4209 GET_LMK_PROPERTY(bool, "use_minfree_levels", false);
4210 per_app_memcg =
4211 property_get_bool("ro.config.per_app_memcg", low_ram_device);
4212 swap_free_low_percentage = clamp(0, 100, GET_LMK_PROPERTY(int32, "swap_free_low_percentage",
4213 DEF_LOW_SWAP));
4214 psi_partial_stall_ms = GET_LMK_PROPERTY(int32, "psi_partial_stall_ms",
4215 low_ram_device ? DEF_PARTIAL_STALL_LOWRAM : DEF_PARTIAL_STALL);
4216 psi_complete_stall_ms = GET_LMK_PROPERTY(int32, "psi_complete_stall_ms",
4217 DEF_COMPLETE_STALL);
4218 thrashing_limit_pct =
4219 std::max(0, GET_LMK_PROPERTY(int32, "thrashing_limit",
4220 low_ram_device ? DEF_THRASHING_LOWRAM : DEF_THRASHING));
4221 thrashing_limit_decay_pct = clamp(0, 100, GET_LMK_PROPERTY(int32, "thrashing_limit_decay",
4222 low_ram_device ? DEF_THRASHING_DECAY_LOWRAM : DEF_THRASHING_DECAY));
4223 thrashing_critical_pct = std::max(
4224 0, GET_LMK_PROPERTY(int32, "thrashing_limit_critical", thrashing_limit_pct * 3));
4225 swap_util_max = clamp(0, 100, GET_LMK_PROPERTY(int32, "swap_util_max", 100));
4226 filecache_min_kb = GET_LMK_PROPERTY(int64, "filecache_min_kb", 0);
4227 stall_limit_critical = GET_LMK_PROPERTY(int64, "stall_limit_critical", 100);
4228 delay_monitors_until_boot = GET_LMK_PROPERTY(bool, "delay_monitors_until_boot", false);
4229 direct_reclaim_threshold_ms =
4230 GET_LMK_PROPERTY(int64, "direct_reclaim_threshold_ms", DEF_DIRECT_RECL_THRESH_MS);
4231 swap_compression_ratio =
4232 GET_LMK_PROPERTY(int64, "swap_compression_ratio", DEF_SWAP_COMP_RATIO);
4233 lowmem_min_oom_score =
4234 std::max(PERCEPTIBLE_APP_ADJ + 1,
4235 GET_LMK_PROPERTY(int32, "lowmem_min_oom_score", DEF_LOWMEM_MIN_SCORE));
4236
4237 reaper.enable_debug(debug_process_killing);
4238
4239 /* Call the update props hook */
4240 if (!lmkd_update_props_hook()) {
4241 ALOGE("Failed to update LMKD hook props.");
4242 return false;
4243 }
4244
4245 return true;
4246 }
4247
main(int argc,char ** argv)4248 int main(int argc, char **argv) {
4249 if ((argc > 1) && argv[1]) {
4250 if (!strcmp(argv[1], "--reinit")) {
4251 if (property_set(LMKD_REINIT_PROP, "")) {
4252 ALOGE("Failed to reset " LMKD_REINIT_PROP " property");
4253 }
4254 return issue_reinit();
4255 } else if (!strcmp(argv[1], "--boot_completed")) {
4256 return on_boot_completed();
4257 }
4258 }
4259
4260 if (!update_props()) {
4261 ALOGE("Failed to initialize props, exiting.");
4262 return -1;
4263 }
4264
4265 ctx = create_android_logger(KILLINFO_LOG_TAG);
4266
4267 if (!init()) {
4268 if (!use_inkernel_interface) {
4269 /*
4270 * MCL_ONFAULT pins pages as they fault instead of loading
4271 * everything immediately all at once. (Which would be bad,
4272 * because as of this writing, we have a lot of mapped pages we
4273 * never use.) Old kernels will see MCL_ONFAULT and fail with
4274 * EINVAL; we ignore this failure.
4275 *
4276 * N.B. read the man page for mlockall. MCL_CURRENT | MCL_ONFAULT
4277 * pins ⊆ MCL_CURRENT, converging to just MCL_CURRENT as we fault
4278 * in pages.
4279 */
4280 /* CAP_IPC_LOCK required */
4281 if (mlockall(MCL_CURRENT | MCL_FUTURE | MCL_ONFAULT) && (errno != EINVAL)) {
4282 ALOGW("mlockall failed %s", strerror(errno));
4283 }
4284
4285 /* CAP_NICE required */
4286 struct sched_param param = {
4287 .sched_priority = 1,
4288 };
4289 if (sched_setscheduler(0, SCHED_FIFO, ¶m)) {
4290 ALOGW("set SCHED_FIFO failed %s", strerror(errno));
4291 }
4292 }
4293
4294 if (init_reaper()) {
4295 ALOGI("Process reaper initialized with %d threads in the pool",
4296 reaper.thread_cnt());
4297 }
4298
4299 if (!watchdog.init()) {
4300 ALOGE("Failed to initialize the watchdog");
4301 }
4302
4303 mainloop();
4304 }
4305
4306 android_log_destroy(&ctx);
4307
4308 ALOGI("exiting");
4309 return 0;
4310 }
4311