| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 10 Nov 2015 21:49:11 +0530 From: Parav Pandit <pandit.parav@...il.com> To: Austin S Hemmelgarn <ahferroin7@...il.com> Cc: Aleksa Sarai <cyphar@...har.com>, Max Kellermann <mk@...all.com>, Tejun Heo <tj@...nel.org>, cgroups@...r.kernel.org, lizefan@...wei.com, Johannes Weiner <hannes@...xchg.org>, max@...mpel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH] cgroup_pids: add fork limit On Tue, Nov 10, 2015 at 9:28 PM, Austin S Hemmelgarn <ahferroin7@...il.com> wrote: > On 2015-11-10 10:25, Aleksa Sarai wrote: >> >> Processes don't "use up resources" after they've died and been freed >> (which is dealt with inside PIDs). Yes, lots of small processes that >> die quickly could (in principle) make hard work for the scheduler, but >> I don't see how "time spent scheduling in general" is a resource... >> Fork bombs aren't bad because they cause a lot of fork()s, they're bad >> because the *create a bunch of processes that use up memory*, which >> happens because they call fork() a bunch of times and **don't >> exit()**. > > While I'm indifferent about the patch, I would like to point out that > fork-bombs are also bad because they eat _a lot_ of processor time, and I've > seen ones designed to bring a system to it's knees just by saturating the > processor with calls to fork() (which is as slow as or slower than stat() on > many commodity systems, setting up the various structures for a new process > is an expensive operation) and clogging up the scheduler. Isn't cpu cgroup helpful there to limit it? Are you saying time spent by scheduler is more that actually affects the scheduling of processes of other threads? If so, could you share little more insight on how that time measure outside of the cpu's cgroup cycles? Just so that its helpful to wider audience. > This isn't as > evident of course when you run a fork-bomb on a laptop or similar system, > because you run out of memory and PID's before the latency from scheduling > and so many processes calling fork really starts to become noticeable, but > when you start to look at really big systems (on the order of hundreds of GB > of RAM), it does become much more noticeable. > -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists