lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20130306235431.GB1421@localhost.localdomain>
Date:	Wed, 6 Mar 2013 18:54:31 -0500
From:	Andrew Shewmaker <agshew@...il.com>
To:	akpm@...ux-foundation.org
Cc:	linux-mm@...ck.org, linux-kernel@...r.kernel.org,
	alan@...rguk.ukuu.org.uk, simon.jeons@...il.com,
	ric.masonn@...il.com
Subject: [PATCH v5 2/2] mm: replace hardcoded 3% with admin_reserve_pages knob

Add an admin_reserve_pages knob to allow admins to change the
hardcoded memory reserve to something other than 3%, which
may be multiple gigabytes on large memory systems.

This affects OVERCOMMIT_GUESS and OVERCOMMIT_NEVER.

admin_reserve_pages is initialized to min(3% free pages, 8MB)

Signed-off-by: Andrew Shewmaker <agshew@...il.com>

---

v5:
 * Custom sysctl handler was unnecessary
   now using proc_doulongvec_minmax()

v4:
 * Rebased onto v3.8-mmotm-2013-03-01-15-50
 * No longer assumes 4kb pages
 * Code duplicated for nommu

v3:
 * New patch summary because it wasn't unique
   New is "mm: replace hardcoded 3% with admin_reserve_pages knob"
   Old was "mm: tuning hardcoded reserve memory"
 * Limits growth to min(3% process size, k)
   as Alan Cox suggested. I chose k=2000 pages to allow
   recovery with sshd or login, bash, and top or kill

v2:
 * Based onto v3.8-mmotm-2013-02-19-17-20
 * Simple tunable added that initialized to 1000 pages

v1:
 * I asked for comments concerning this idea when submitting v1
   of the patch to remove the user reserve
---
 Documentation/sysctl/vm.txt | 15 +++++++++++++++
 kernel/sysctl.c             |  8 ++++++++
 mm/mmap.c                   | 30 ++++++++++++++++++++++++++----
 mm/nommu.c                  | 30 ++++++++++++++++++++++++++----
 4 files changed, 75 insertions(+), 8 deletions(-)

diff --git a/Documentation/sysctl/vm.txt b/Documentation/sysctl/vm.txt
index 40c2a49..60b9aba 100644
--- a/Documentation/sysctl/vm.txt
+++ b/Documentation/sysctl/vm.txt
@@ -18,6 +18,7 @@ files can be found in mm/swap.c.
 
 Currently, these files are in /proc/sys/vm:
 
+- admin_reserve_pages
 - block_dump
 - compact_memory
 - dirty_background_bytes
@@ -59,6 +60,20 @@ Currently, these files are in /proc/sys/vm:
 
 ==============================================================
 
+admin_reserve_pages
+
+The number of free pages in the system that should be reserved for users
+with the capability cap_sys_admin. The default value is the smaller of 3%
+of free pages or 8MB (2048 pages). That should provide enough for the 
+admin to log in and kill a process if necessary.
+
+Systems running with overcommit disabled should consider increasing this
+to account for the full Virtual Memory Size of programs used to recover.
+
+Changing this takes effect whenever an application requests memory.
+
+==============================================================
+
 block_dump
 
 block_dump enables block I/O debugging when set to a nonzero value. More
diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index dbb7b93..9c5aae6 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -98,6 +98,7 @@
 extern int sysctl_overcommit_memory;
 extern int sysctl_overcommit_ratio;
 extern unsigned long sysctl_user_reserve_pages;
+extern unsigned long sysctl_admin_reserve_pages;
 extern int max_threads;
 extern int suid_dumpable;
 #ifdef CONFIG_COREDUMP
@@ -1438,6 +1439,13 @@ static struct ctl_table vm_table[] = {
 		.mode		= 0644,
 		.proc_handler	= proc_doulongvec_minmax,
 	},
+	{
+		.procname	= "admin_reserve_pages",
+		.data		= &sysctl_admin_reserve_pages,
+		.maxlen		= sizeof(sysctl_admin_reserve_pages),
+		.mode		= 0644,
+		.proc_handler	= proc_doulongvec_minmax,
+	},
 	{ }
 };
 
diff --git a/mm/mmap.c b/mm/mmap.c
index aeaf83f..78743ab 100644
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -86,6 +86,7 @@ int sysctl_overcommit_memory __read_mostly = OVERCOMMIT_GUESS;  /* heuristic ove
 int sysctl_overcommit_ratio __read_mostly = 50;	/* default is 50% */
 int sysctl_max_map_count __read_mostly = DEFAULT_MAX_MAP_COUNT;
 unsigned long sysctl_user_reserve_pages __read_mostly = 1UL << (27 - PAGE_SHIFT); /* 128MB */
+unsigned long sysctl_admin_reserve_pages __read_mostly = 1UL << (23 - PAGE_SHIFT); /* 8MB */
 /*
  * Make sure vm_committed_as in one cacheline and not cacheline shared with
  * other variables. It can be updated by several CPUs frequently.
@@ -165,10 +166,10 @@ int __vm_enough_memory(struct mm_struct *mm, long pages, int cap_sys_admin)
 			free -= totalreserve_pages;
 
 		/*
-		 * Leave the last 3% for root
+		 * Reserve some for root
 		 */
 		if (!cap_sys_admin)
-			free -= free / 32;
+			free -= sysctl_admin_reserve_pages;
 
 		if (free > pages)
 			return 0;
@@ -179,10 +180,10 @@ int __vm_enough_memory(struct mm_struct *mm, long pages, int cap_sys_admin)
 	allowed = (totalram_pages - hugetlb_total_pages())
 	       	* sysctl_overcommit_ratio / 100;
 	/*
-	 * Leave the last 3% for root
+	 * Reserve some for root
 	 */
 	if (!cap_sys_admin)
-		allowed -= allowed / 32;
+		allowed -= sysctl_admin_reserve_pages;
 	allowed += total_swap_pages;
 
 	/*
@@ -3090,3 +3091,24 @@ int __meminit init_user_reserve(void)
 	return 0;
 }
 module_init(init_user_reserve)
+
+/*
+ * Initialise sysctl_admin_reserve_pages.
+ *
+ * The purpose of sysctl_admin_reserve_pages is to allow the sys admin
+ * to log in and kill a memory hogging process.
+ *
+ * Systems with more than 256MB will reserve 8MB, enough to recover
+ * with sshd, bash, and top. Smaller systems will only reserve 3% of
+ * free pages by default.
+ */
+int __meminit init_admin_reserve(void)
+{
+	unsigned long free;
+
+	free = global_page_state(NR_FREE_PAGES);
+
+	sysctl_admin_reserve_pages = min(free / 32, 1UL << (23 - PAGE_SHIFT));
+	return 0;
+}
+module_init(init_admin_reserve)
diff --git a/mm/nommu.c b/mm/nommu.c
index 0137ab2..70282a1 100644
--- a/mm/nommu.c
+++ b/mm/nommu.c
@@ -65,6 +65,7 @@ int sysctl_overcommit_ratio = 50; /* default is 50% */
 int sysctl_max_map_count = DEFAULT_MAX_MAP_COUNT;
 int sysctl_nr_trim_pages = CONFIG_NOMMU_INITIAL_TRIM_EXCESS;
 unsigned long sysctl_user_reserve_pages __read_mostly = 1UL << (27 - PAGE_SHIFT); /* 128MB */
+unsigned long sysctl_admin_reserve_pages __read_mostly = 1UL << (23 - PAGE_SHIFT); /* 8MB */
 int heap_stack_gap = 0;
 
 atomic_long_t mmap_pages_allocated;
@@ -1927,10 +1928,10 @@ int __vm_enough_memory(struct mm_struct *mm, long pages, int cap_sys_admin)
 			free -= totalreserve_pages;
 
 		/*
-		 * Leave the last 3% for root
+		 * Reserve some for root
 		 */
 		if (!cap_sys_admin)
-			free -= free / 32;
+			free -= sysctl_admin_reserve_pages;
 
 		if (free > pages)
 			return 0;
@@ -1940,10 +1941,10 @@ int __vm_enough_memory(struct mm_struct *mm, long pages, int cap_sys_admin)
 
 	allowed = totalram_pages * sysctl_overcommit_ratio / 100;
 	/*
-	 * Leave the last 3% for root
+	 * Reserve some 3% for root
 	 */
 	if (!cap_sys_admin)
-		allowed -= allowed / 32;
+		allowed -= sysctl_admin_reserve_pages;
 	allowed += total_swap_pages;
 
 	/* Don't let a single process grow too big:
@@ -2133,3 +2134,24 @@ int __meminit init_user_reserve(void)
 	return 0;
 }
 module_init(init_user_reserve)
+
+/*
+ * Initialise sysctl_admin_reserve_pages.
+ *
+ * The purpose of sysctl_admin_reserve_pages is to allow the sys admin
+ * to log in and kill a memory hogging process.
+ *
+ * Systems with more than 256MB will reserve 8MB, enough to recover
+ * with sshd, bash, and top. Smaller systems will only reserve 3% of
+ * free pages by default.
+ */
+int __meminit init_admin_reserve(void)
+{
+	unsigned long free;
+
+	free = global_page_state(NR_FREE_PAGES);
+
+	sysctl_admin_reserve_pages = min(free / 32, 1UL << (23 - PAGE_SHIFT));
+	return 0;
+}
+module_init(init_admin_reserve)
-- 
1.8.0.1

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ