| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 01 Apr 2014 19:11:51 -0700 From: Greg Thelen <gthelen@...gle.com> To: Kamezawa Hiroyuki <kamezawa.hiroyu@...fujitsu.com> Cc: Davidlohr Bueso <davidlohr@...com>, KOSAKI Motohiro <kosaki.motohiro@...il.com>, Andrew Morton <akpm@...ux-foundation.org>, Manfred Spraul <manfred@...orfullife.com>, aswin@...com, LKML <linux-kernel@...r.kernel.org>, "linux-mm\@kvack.org" <linux-mm@...ck.org> Subject: Re: [PATCH] ipc,shm: increase default size for shmmax On Tue, Apr 01 2014, Kamezawa Hiroyuki <kamezawa.hiroyu@...fujitsu.com> wrote: >> On Tue, Apr 01 2014, Davidlohr Bueso <davidlohr@...com> wrote: >> >>> On Tue, 2014-04-01 at 19:56 -0400, KOSAKI Motohiro wrote: >>>>>>> Ah-hah, that's interesting info. >>>>>>> >>>>>>> Let's make the default 64GB? >>>>>> >>>>>> 64GB is infinity at that time, but it no longer near infinity today. I like >>>>>> very large or total memory proportional number. >>>>> >>>>> So I still like 0 for unlimited. Nice, clean and much easier to look at >>>>> than ULONG_MAX. And since we cannot disable shm through SHMMIN, I really >>>>> don't see any disadvantages, as opposed to some other arbitrary value. >>>>> Furthermore it wouldn't break userspace: any existing sysctl would >>>>> continue to work, and if not set, the user never has to worry about this >>>>> tunable again. >>>>> >>>>> Please let me know if you all agree with this... >>>> >>>> Surething. Why not. :) >>> >>> *sigh* actually, the plot thickens a bit with SHMALL (total size of shm >>> segments system wide, in pages). Currently by default: >>> >>> #define SHMALL (SHMMAX/getpagesize()*(SHMMNI/16)) >>> >>> This deals with physical memory, at least admins are recommended to set >>> it to some large percentage of ram / pagesize. So I think that if we >>> loose control over the default value, users can potentially DoS the >>> system, or at least cause excessive swapping if not manually set, but >>> then again the same goes for anon mem... so do we care? >> > (2014/04/02 10:08), Greg Thelen wrote: >> >> At least when there's an egregious anon leak the oom killer has the >> power to free the memory by killing until the memory is unreferenced. >> This isn't true for shm or tmpfs. So shm is more effective than anon at >> crushing a machine. > > Hm..sysctl.kernel.shm_rmid_forced won't work with oom-killer ? > > http://www.openwall.com/lists/kernel-hardening/2011/07/26/7 > > I like to handle this kind of issue under memcg but hmm..tmpfs's limit is half > of memory at default. Ah, yes. I forgot about shm_rmid_forced. Thanks. It would give the oom killer ability to cleanup shm (as it does with anon) when shm_rmid_forced=1. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists