| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 16 Feb 2010 01:02:28 -0800 (PST) From: David Rientjes <rientjes@...gle.com> To: KAMEZAWA Hiroyuki <kamezawa.hiroyu@...fujitsu.com> cc: Andrew Morton <akpm@...ux-foundation.org>, Rik van Riel <riel@...hat.com>, Nick Piggin <npiggin@...e.de>, Andrea Arcangeli <aarcange@...hat.com>, Balbir Singh <balbir@...ux.vnet.ibm.com>, Lubos Lunak <l.lunak@...e.cz>, KOSAKI Motohiro <kosaki.motohiro@...fujitsu.com>, linux-kernel@...r.kernel.org, linux-mm@...ck.org Subject: Re: [patch -mm 4/9 v2] oom: remove compulsory panic_on_oom mode On Tue, 16 Feb 2010, KAMEZAWA Hiroyuki wrote: > > You don't understand that the behavior has changed ever since > > mempolicy-constrained oom conditions are now affected by a compulsory > > panic_on_oom mode, please see the patch description. It's absolutely > > insane for a single sysctl mode to panic the machine anytime a cpuset or > > mempolicy runs out of memory and is more prone to user error from setting > > it without fully understanding the ramifications than any use it will ever > > do. The kernel already provides a mechanism for doing this, OOM_DISABLE. > > if you want your cpuset or mempolicy to risk panicking the machine, set > > all tasks that share its mems or nodes, respectively, to OOM_DISABLE. > > This is no different from the memory controller being immune to such > > panic_on_oom conditions, stop believing that it is the only mechanism used > > in the kernel to do memory isolation. > > > You don't explain why "we _have to_ remove API which is used" > First, I'm not stating that we _have_ to remove anything, this is a patch proposal that is open for review. Second, I believe we _should_ remove panic_on_oom == 2 because it's no longer being used as it was documented: as we've increased the exposure of the oom killer (memory controller, pagefault ooms, now mempolicy tasklist scanning), we constantly have to re-evaluate the semantics of this option while a well-understood tunable with a long history, OOM_DISABLE, already does the equivalent. The downside of getting this wrong is that the machine panics when it shouldn't have because of an unintended consequence of the mode being enabled (a mempolicy ooms, for example, that was created by the user). When reconsidering its semantics, I'd personally opt on the safe side and make sure the machine doesn't panic unnecessarily and instead require users to use OOM_DISABLE for tasks they do not want to be oom killed. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists