| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1315369399-3073-10-git-send-email-glommer@parallels.com> Date: Wed, 7 Sep 2011 01:23:19 -0300 From: Glauber Costa <glommer@...allels.com> To: linux-kernel@...r.kernel.org Cc: linux-mm@...ck.org, containers@...ts.osdl.org, netdev@...r.kernel.org, xemul@...allels.com, Glauber Costa <glommer@...allels.com>, "David S. Miller" <davem@...emloft.net>, Hiroyouki Kamezawa <kamezawa.hiroyu@...fujitsu.com>, "Eric W. Biederman" <ebiederm@...ssion.com>, Randy Dunlap <rdunlap@...otime.net> Subject: [PATCH v2 9/9] Add documentation about kmem_cgroup Signed-off-by: Glauber Costa <glommer@...allels.com> CC: David S. Miller <davem@...emloft.net> CC: Hiroyouki Kamezawa <kamezawa.hiroyu@...fujitsu.com> CC: Eric W. Biederman <ebiederm@...ssion.com> CC: Randy Dunlap <rdunlap@...otime.net> --- Documentation/cgroups/kmem_cgroups.txt | 27 +++++++++++++++++++++++++++ 1 files changed, 27 insertions(+), 0 deletions(-) create mode 100644 Documentation/cgroups/kmem_cgroups.txt diff --git a/Documentation/cgroups/kmem_cgroups.txt b/Documentation/cgroups/kmem_cgroups.txt new file mode 100644 index 0000000..930e069 --- /dev/null +++ b/Documentation/cgroups/kmem_cgroups.txt @@ -0,0 +1,27 @@ +Kernel Memory Cgroup +==================== + +This document briefly describes the kernel memory cgroup, or "kmem cgroup". +Unlike user memory, kernel memory cannot be swapped. This effectively means +that rogue processes can start operations that pin kernel objects permanently +into memory, exhausting resources of all other processes in the system. + +kmem_cgroup main goal is to control the amount of memory a group of processes +can pin at any given point in time. Other uses of this infrastructure are +expected to come up with time. Right now, the only resource effectively limited +are tcp send and receive buffers. + +TCP network buffers +=================== + +TCP network buffers, both on the send and receive sides, can be controlled +by the kmem cgroup. Once a socket is created, it is attached to the cgroup of +the controller process, where it stays until the end of its lifetime. + +Files +===== + kmem.tcp_maxmem: control the maximum amount in bytes that can be used by + tcp sockets inside the cgroup. + + kmem.tcp_current_memory: current amount in bytes used by all sockets in + this cgroup -- 1.7.6 -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists