| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 9 Jul 2014 20:36:31 +0400 From: Vladimir Davydov <vdavydov@...allels.com> To: Tim Hockin <thockin@...kin.org> CC: "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, <linux-mm@...ck.org>, Cgroups <cgroups@...r.kernel.org>, Andrew Morton <akpm@...ux-foundation.org>, Tejun Heo <tj@...nel.org>, Li Zefan <lizefan@...wei.com>, Johannes Weiner <hannes@...xchg.org>, Michal Hocko <mhocko@...e.cz>, Mel Gorman <mgorman@...e.de>, Rik van Riel <riel@...hat.com>, "Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>, Hugh Dickins <hughd@...gle.com>, David Rientjes <rientjes@...gle.com>, Pavel Emelyanov <xemul@...allels.com>, Balbir Singh <bsingharora@...il.com> Subject: Re: [PATCH RFC 0/5] Virtual Memory Resource Controller for cgroups Hi Tim, On Wed, Jul 09, 2014 at 08:08:07AM -0700, Tim Hockin wrote: > How is this different from RLIMIT_AS? You specifically mentioned it > earlier but you don't explain how this is different. The main difference is that RLIMIT_AS is per process while this controller is per cgroup. RLIMIT_AS doesn't allow us to limit VSIZE for a group of unrelated or cooperating through shmem processes. Also RLIMIT_AS accounts for total VM usage (including file mappings), while this only charges private writable and shared mappings, whose faulted-in pages always occupy mem+swap and therefore cannot be just synced and dropped like file pages. In other words, this controller works exactly as the global overcommit control. > From my perspective, this is pointless. There's plenty of perfectly > correct software that mmaps files without concern for VSIZE, because > they never fault most of those pages in. But there's also software that correctly handles ENOMEM returned by mmap. For example, mongodb keeps growing its buffers until mmap fails. Therefore, if there's no overcommit control, it will be OOM-killed sooner or later, which may be pretty annoying. And we did have customers complaining about that. > From my observations it is not generally possible to predict an > average VSIZE limit that would satisfy your concerns *and* not kill > lots of valid apps. Yes, it's difficult. Actually, we can only guess. Nevertheless, we predict and set the VSIZE limit system-wide by default. > It sounds like what you want is to limit or even disable swap usage. I want to avoid OOM kill if it's possible to return ENOMEM. OOM can be painful. It can kill lots of innocent processes. Of course, the user can protect some processes by setting oom_score_adj, but this is difficult and requires time and expertise, so an average user won't do that. > Given your example, your hypothetical user would probably be better of > getting an OOM kill early so she can fix her job spec to request more > memory. In my example the user won't get OOM kill *early*... Thanks. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists