| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20120627123544.GE20638@somewhere.redhat.com> Date: Wed, 27 Jun 2012 14:35:47 +0200 From: Frederic Weisbecker <fweisbec@...il.com> To: Glauber Costa <glommer@...allels.com> Cc: Andrew Morton <akpm@...ux-foundation.org>, cgroups@...r.kernel.org, linux-mm@...ck.org, linux-kernel@...r.kernel.org, David Rientjes <rientjes@...gle.com>, Pekka Enberg <penberg@...nel.org>, Michal Hocko <mhocko@...e.cz>, Johannes Weiner <hannes@...xchg.org>, Christoph Lameter <cl@...ux.com>, devel@...nvz.org, kamezawa.hiroyu@...fujitsu.com, Tejun Heo <tj@...nel.org>, Rik van Riel <riel@...hat.com>, Daniel Lezcano <daniel.lezcano@...aro.org>, Kay Sievers <kay.sievers@...y.org>, Lennart Poettering <lennart@...ttering.net>, "Kirill A. Shutemov" <kirill@...temov.name>, Kir Kolyshkin <kir@...allels.com> Subject: Re: Fork bomb limitation in memcg WAS: Re: [PATCH 00/11] kmem controller for memcg: stripped down version On Wed, Jun 27, 2012 at 04:28:14PM +0400, Glauber Costa wrote: > On 06/27/2012 04:29 PM, Frederic Weisbecker wrote: > > On Wed, Jun 27, 2012 at 01:29:04PM +0400, Glauber Costa wrote: > >> On 06/27/2012 01:55 AM, Andrew Morton wrote: > >>>> I can't speak for everybody here, but AFAIK, tracking the stack through > >>>> the memory it used, therefore using my proposed kmem controller, was an > >>>> idea that good quite a bit of traction with the memcg/memory people. > >>>> So here you have something that people already asked a lot for, in a > >>>> shape and interface that seem to be acceptable. > >>> > >>> mm, maybe. Kernel developers tend to look at code from the point of > >>> view "does it work as designed", "is it clean", "is it efficient", "do > >>> I understand it", etc. We often forget to step back and really > >>> consider whether or not it should be merged at all. > >>> > >>> I mean, unless the code is an explicit simplification, we should have > >>> a very strong bias towards "don't merge". > >> > >> Well, simplifications are welcome - this series itself was > >> simplified beyond what I thought initially possible through the > >> valuable comments > >> of other people. > >> > >> But of course, this adds more complexity to the kernel as a whole. > >> And this is true to every single new feature we may add, now or in > >> the > >> future. > >> > >> What I can tell you about this particular one, is that the justification > >> for it doesn't come out of nowhere, but from a rather real use case that > >> we support and maintain in OpenVZ and our line of products for years. > > > > Right and we really need a solution to protect against forkbombs in LXC. > Small correction: In containers. LXC is not the only one out there =p Sure. I was just speaking for the specific project I'm working on :) But I'm definetly interested in solutions that work for everyone in containers in general. And if Openvz is also interested in forkbombs protection that's even better. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists