| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 16 Oct 2012 23:02:46 +0400 From: Glauber Costa <glommer@...allels.com> To: Christoph Lameter <cl@...ux.com> CC: <linux-mm@...ck.org>, <cgroups@...r.kernel.org>, Mel Gorman <mgorman@...e.de>, Tejun Heo <tj@...nel.org>, Andrew Morton <akpm@...ux-foundation.org>, Michal Hocko <mhocko@...e.cz>, Johannes Weiner <hannes@...xchg.org>, <kamezawa.hiroyu@...fujitsu.com>, David Rientjes <rientjes@...gle.com>, Pekka Enberg <penberg@...nel.org>, <devel@...nvz.org>, <linux-kernel@...r.kernel.org>, Frederic Weisbecker <fweisbec@...hat.com>, Pekka Enberg <penberg@...helsinki.fi>, Suleiman Souhlal <suleiman@...gle.com> Subject: Re: [PATCH v5 14/14] Add documentation about the kmem controller On 10/16/2012 10:25 PM, Christoph Lameter wrote: > On Tue, 16 Oct 2012, Glauber Costa wrote: > >> >> + memory.kmem.limit_in_bytes # set/show hard limit for kernel memory >> + memory.kmem.usage_in_bytes # show current kernel memory allocation >> + memory.kmem.failcnt # show the number of kernel memory usage hits limits >> + memory.kmem.max_usage_in_bytes # show max kernel memory usage recorded > > Does it actually make sense to limit kernel memory? Yes. > The user generally has > no idea how much kernel memory a process is using and kernel changes can > change the memory footprint. Given the fuzzy accounting in the kernel a > large cache refill (if someone configures the slab batch count to be > really big f.e.) can account a lot of memory to the wrong cgroup. The > allocation could fail. > It heavily depends on the type of the user. The user may not know how much kernel memory precisely will be used, but he/she usually knows quite well that it shouldn't be all cgroups together shouldn't use more than available in the system. IOW: It is usually safe to overcommit user memory, but not kernel memory. This is absolutely crucial in any high-density container host, and we've been doing this in OpenVZ for ages (in an uglier form than this) > Limiting the total memory use of a process (U+K) would make more sense I > guess. Only U is probably sufficient? In what way would a limitation on > kernel memory in use be good? > The kmem counter is also fed into the u counter. If the limit value of "u" is equal or greater than "k", this is actually what you are doing. For a lot of application yes, only U is sufficient. This is the default, btw, since "k" is only even accounted if you set the limit. All those use cases are detailed a bit below in this file. A limitation of kernel memory use would be good, for example, to prevent abuse from non-trusted containers in a high density, shared, container environment. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists