lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 16 Mar 2016 18:15:09 +0300
From:	Vladimir Davydov <vdavydov@...tuozzo.com>
To:	Johannes Weiner <hannes@...xchg.org>
CC:	Michal Hocko <mhocko@...nel.org>,
	Andrew Morton <akpm@...ux-foundation.org>,
	<linux-mm@...ck.org>, <cgroups@...r.kernel.org>,
	<linux-kernel@...r.kernel.org>, <kernel-team@...com>
Subject: Re: [PATCH] mm: memcontrol: reclaim and OOM kill when shrinking
 memory.max below usage

On Tue, Mar 15, 2016 at 10:18:48PM -0700, Johannes Weiner wrote:
> On Fri, Mar 11, 2016 at 12:19:31PM +0300, Vladimir Davydov wrote:
...
> > Come to think of it, shouldn't we restore the old limit and return EBUSY
> > if we failed to reclaim enough memory?
> 
> I suspect it's very rare that it would fail. But even in that case
> it's probably better to at least not allow new charges past what the
> user requested, even if we can't push the level back far enough.

It's of course good to set the limit before trying to reclaim memory,
but isn't it strange that even if the cgroup's memory can't be reclaimed
to meet the new limit (tmpfs files or tasks protected from oom), the
write will still succeed? It's a rare use case, but still.

I've one more concern regarding this patch. It's about calling OOM while
reclaiming cgroup memory. AFAIU OOM killer can be quite disruptive for a
workload, so is it really good to call it when normal reclaim fails?

W/o OOM killer you can optimistically try to adjust memory.max and if it
fails you can manually kill some processes in the container or restart
it or cancel the limit update. With your patch adjusting memory.max
never fails, but OOM might kill vital processes rendering the whole
container useless. Wouldn't it be better to let the user decide if
processes should be killed or not rather than calling OOM forcefully?

Thanks,
Vladimir

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ