From: "Stephen C. Tweedie" <sct@redhat.com>
To: yodaiken@fsmlabs.com
Cc: "Stephen C. Tweedie" <sct@redhat.com>,
Jamie Lokier <lk@tantalophile.demon.co.uk>,
Alan Cox <alan@lxorguk.ukuu.org.uk>,
mingo@elte.hu, Andrea Arcangeli <andrea@suse.de>,
Marcelo Tosatti <marcelo@conectiva.com.br>,
Linus Torvalds <torvalds@transmeta.com>,
Rik van Riel <riel@conectiva.com.br>,
Roger Larsson <roger.larsson@norran.net>,
MM mailing list <linux-mm@kvack.org>,
linux-kernel@vger.kernel.org
Subject: Re: the new VMt
Date: Mon, 25 Sep 2000 21:32:01 +0100 [thread overview]
Message-ID: <20000925213201.C2615@redhat.com> (raw)
In-Reply-To: <20000925140419.A18243@hq.fsmlabs.com>; from yodaiken@fsmlabs.com on Mon, Sep 25, 2000 at 02:04:19PM -0600
Hi,
On Mon, Sep 25, 2000 at 02:04:19PM -0600, yodaiken@fsmlabs.com wrote:
> > Right, but if the alternative is spurious ENOMEM when we can satisfy
>
> An ENOMEM is not spurious if there is not enough memory. UNIX does not ask the
> OS to do impossible tricks.
Yes, but the ENOMEM _is_ spurious if you actually meant EAGAIN, and if
the OS was perfectly capable of doing the retry itself.
> > all of the pending requests just as long as they are serialised, is
> > this a problem?
>
> I think you are solving the wrong problem. On a small memory machine, the kernel,
> utilities, and applications should be configured to use little memory.
> BusyBox is better than BeanCount.
Any box is a small memory machine if you get the wrong workload on it,
and the DoS attacks which are possible without beancounting let any
user bring even a large system to its knees right now. If solving
that problem also means that small memory machines do the right thing
on their own rather than requiring specific manual configuration, then
it sounds like a good aim.
> > However, you just can't escape from the fact that on low memory
> > machinnes, we *need* beancounter-style accounting of pinned pages or
> > we'll be in Deep Trouble (TM). We already have nasty DoS situations
>
> What we need is simple kernel code that does not hold resources
> into a possible deadlock situation.
<nod>
> On general principles, I don't see any substitute for clean code in the kernel and
> my prediction is that if you show me an example of
> DoS vulnerability, I can show you fix that does not require bean counting.
> Am I wrong?
If you have a user forking multiple processes and exhausting some
resource, then at some point you have to do something about it. Let's
say it's page tables, just for argument's sake, because those are
currently non-swappable, but even if you make those swappable there
are plenty of other resources it might be (eg. data shoved down unix
domain sockets if you want another example).
So you have run out of physical memory --- what do you do about it?
The important observation here is that in a multi-user environment,
simply denying further allocations isn't good enough --- unless you
revoke those existing allocations you have DoS. And you can't fairly
revoke existing allocations without knowing WHICH user has exhausted
the memory (which requires beancounter-style resource tracking), AND
having mechanisms in place to revoke all of the possible resources
which might be involved (eg unix domain socket datagrams). kill -9
might solve that latter problem but it doesn't help in identifying who
to kill.
--Stephen
>
>
>
>
>
> --
> ---------------------------------------------------------
> Victor Yodaiken
> Finite State Machine Labs: The RTLinux Company.
> www.fsmlabs.com www.rtlinux.com
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux.eu.org/Linux-MM/
next prev parent reply other threads:[~2000-09-25 20:32 UTC|newest]
Thread overview: 243+ messages / expand[flat|nested] mbox.gz Atom feed top
2000-09-24 10:11 __GFP_IO && shrink_[d|i]cache_memory()? Ingo Molnar
2000-09-24 18:11 ` Linus Torvalds
2000-09-24 18:40 ` Ingo Molnar
2000-09-24 18:39 ` Linus Torvalds
2000-09-24 18:46 ` Linus Torvalds
2000-09-24 18:59 ` Ingo Molnar
2000-09-24 19:34 ` [patch] vmfixes-2.4.0-test9-B2 Ingo Molnar
2000-09-24 20:20 ` Rui Sousa
2000-09-24 20:24 ` Andrea Arcangeli
2000-09-24 20:26 ` Ingo Molnar
2000-09-24 21:12 ` Andrea Arcangeli
2000-09-24 21:12 ` Ingo Molnar
2000-09-24 21:43 ` Stephen C. Tweedie
2000-09-24 22:13 ` Andrea Arcangeli
2000-09-24 22:36 ` [patch] vmfixes-2.4.0-test9-B2 - fixing deadlocks bert hubert
2000-09-24 23:41 ` Andrea Arcangeli
2000-09-25 16:24 ` Stephen C. Tweedie
2000-09-25 17:03 ` Andrea Arcangeli
2000-09-25 18:06 ` Stephen C. Tweedie
2000-09-25 19:32 ` Andrea Arcangeli
2000-09-25 19:26 ` Rik van Riel
2000-09-25 22:28 ` Andrea Arcangeli
2000-09-25 22:26 ` Rik van Riel
2000-09-25 22:51 ` Andrea Arcangeli
2000-09-25 22:30 ` Linus Torvalds
2000-09-25 23:03 ` Andrea Arcangeli
2000-09-25 23:18 ` Linus Torvalds
2000-09-26 0:32 ` Andrea Arcangeli
2000-09-25 22:30 ` Juan J. Quintela
2000-09-25 23:00 ` Andrea Arcangeli
2000-09-25 19:54 ` Stephen C. Tweedie
2000-09-25 22:44 ` Andrea Arcangeli
2000-09-25 22:42 ` Rik van Riel
2000-09-26 6:54 ` Christoph Rohland
2000-09-26 14:05 ` Andrea Arcangeli
2000-09-26 16:20 ` Christoph Rohland
2000-09-26 17:10 ` Andrea Arcangeli
2000-09-27 8:11 ` Christoph Rohland
2000-09-27 8:28 ` Ingo Molnar
2000-09-27 9:24 ` Christoph Rohland
2000-09-27 13:56 ` Andrea Arcangeli
2000-09-27 16:56 ` Christoph Rohland
2000-09-27 17:42 ` Andrea Arcangeli
2000-09-27 18:25 ` Erik Andersen
2000-09-27 18:55 ` Andrea Arcangeli
2000-09-28 10:08 ` Rik van Riel
2000-09-28 11:16 ` Rik van Riel
2000-09-28 14:52 ` Andrea Arcangeli
2000-09-29 14:39 ` Rik van Riel
2000-09-29 14:55 ` Andrea Arcangeli
2000-09-29 15:40 ` Rik van Riel
2000-09-28 11:31 ` Ingo Molnar
2000-09-28 14:54 ` Andrea Arcangeli
2000-09-28 15:13 ` Ingo Molnar
2000-09-28 15:23 ` Andrea Arcangeli
2000-09-28 16:16 ` Juan J. Quintela
2000-09-28 14:31 ` Andrea Arcangeli
2000-09-25 17:21 ` bert hubert
2000-09-25 17:49 ` Andrea Arcangeli
2000-09-25 15:09 ` Miles Lane
2000-09-25 15:51 ` Stephen C. Tweedie
2000-09-25 16:05 ` Ingo Molnar
2000-09-25 16:06 ` Alexander Viro
2000-09-25 16:20 ` Ingo Molnar
2000-09-25 16:29 ` Andrea Arcangeli
2000-09-25 4:56 ` [patch] vmfixes-2.4.0-test9-B2 Linus Torvalds
2000-09-25 5:19 ` Alexander Viro
2000-09-25 6:06 ` Linus Torvalds
2000-09-25 6:17 ` Alexander Viro
2000-09-25 21:21 ` Alexander Viro
2000-09-26 13:42 ` [CFT][PATCH] ext2 directories in pagecache Alexander Viro
2000-09-26 21:29 ` Alexander Viro
2000-09-26 22:16 ` Marko Kreen
2000-09-26 22:31 ` Alexander Viro
2000-09-26 22:47 ` Marko Kreen
2000-09-27 7:32 ` Ingo Molnar
2000-09-27 9:22 ` Alexander Viro
2000-09-26 23:19 ` Andreas Dilger
2000-09-26 23:33 ` Alexander Viro
2000-09-26 23:44 ` Alexander Viro
2000-09-25 0:09 ` [patch] vmfixes-2.4.0-test9-B2 Linus Torvalds
2000-09-25 0:49 ` Alexander Viro
2000-09-25 0:53 ` Marcelo Tosatti
2000-09-25 1:45 ` Andrea Arcangeli
2000-09-25 2:39 ` Marcelo Tosatti
2000-09-25 15:36 ` Andrea Arcangeli
2000-09-25 10:42 ` the new VM Ingo Molnar
2000-09-25 13:02 ` Andrea Arcangeli
2000-09-25 13:02 ` Ingo Molnar
2000-09-25 13:08 ` Andrea Arcangeli
2000-09-25 13:12 ` Ingo Molnar
2000-09-25 13:30 ` Andrea Arcangeli
2000-09-25 13:39 ` Ingo Molnar
2000-09-25 14:04 ` Andrea Arcangeli
2000-09-25 14:04 ` Ingo Molnar
2000-09-25 14:23 ` Andrea Arcangeli
2000-09-25 14:27 ` Ingo Molnar
2000-09-25 14:39 ` Andrea Arcangeli
2000-09-25 14:43 ` Ingo Molnar
2000-09-25 15:01 ` Andrea Arcangeli
2000-09-25 15:10 ` Ingo Molnar
2000-09-25 15:24 ` Andrea Arcangeli
2000-09-25 15:26 ` Ingo Molnar
2000-09-25 15:22 ` yodaiken
2000-09-26 19:10 ` Pavel Machek
2000-09-26 20:16 ` Andrea Arcangeli
2000-09-27 7:42 ` Ingo Molnar
2000-09-27 12:11 ` yodaiken
2000-09-27 14:08 ` Andrea Arcangeli
2000-09-25 16:09 ` Rik van Riel
2000-09-25 14:26 ` Marcelo Tosatti
2000-09-25 14:50 ` Andrea Arcangeli
2000-09-25 14:47 ` Alan Cox
2000-09-25 15:16 ` Ingo Molnar
2000-09-25 15:16 ` the new VMt Alan Cox
2000-09-25 15:33 ` the new VM Ingo Molnar
2000-09-25 15:41 ` the new VMt Andrea Arcangeli
2000-09-25 16:02 ` Ingo Molnar
2000-09-25 16:04 ` Andi Kleen
2000-09-25 16:19 ` Ingo Molnar
2000-09-25 16:18 ` Andi Kleen
2000-09-25 16:41 ` Andrea Arcangeli
2000-09-25 16:35 ` Linus Torvalds
2000-09-25 16:41 ` Rik van Riel
2000-09-25 16:49 ` Linus Torvalds
2000-09-25 17:03 ` Ingo Molnar
2000-09-25 17:17 ` Andrea Arcangeli
2000-09-25 17:10 ` Rik van Riel
2000-09-25 17:27 ` Andrea Arcangeli
2000-09-25 17:15 ` Andrea Arcangeli
2000-09-27 7:14 ` Rusty Russell
2000-09-25 20:23 ` Russell King
2000-09-25 16:28 ` Rik van Riel
2000-09-25 16:11 ` Andrea Arcangeli
2000-09-25 16:22 ` Ingo Molnar
2000-09-25 16:17 ` Alexander Viro
2000-09-25 16:36 ` Jeff Garzik
2000-09-25 16:57 ` Alan Cox
2000-09-25 17:01 ` Alexander Viro
2000-09-25 17:06 ` Alan Cox
2000-09-25 17:31 ` Oliver Xymoron
2000-09-25 17:51 ` Jeff Garzik
2000-09-25 19:03 ` the new VMt [4MB+ blocks] Matti Aarnio
2000-09-25 20:02 ` Stephen Williams
2000-09-25 16:33 ` the new VMt Andrea Arcangeli
2000-09-26 8:38 ` Jes Sorensen
2000-09-26 8:52 ` Ingo Molnar
2000-09-26 9:02 ` Jes Sorensen
2000-09-25 16:53 ` Alan Cox
2000-09-25 15:42 ` Stephen C. Tweedie
2000-09-25 16:05 ` Andrea Arcangeli
2000-09-25 16:22 ` Rik van Riel
2000-09-25 16:42 ` Andrea Arcangeli
2000-09-25 17:39 ` Stephen C. Tweedie
2000-09-25 16:51 ` Alan Cox
2000-09-25 17:43 ` Stephen C. Tweedie
2000-09-25 18:13 ` Alan Cox
2000-09-25 18:21 ` Stephen C. Tweedie
2000-09-25 19:09 ` Alan Cox
2000-09-25 19:21 ` Stephen C. Tweedie
2000-09-25 16:52 ` yodaiken
2000-09-25 17:18 ` Jamie Lokier
2000-09-25 17:51 ` yodaiken
2000-09-25 18:04 ` Jamie Lokier
2000-09-25 18:13 ` yodaiken
2000-09-25 18:24 ` Stephen C. Tweedie
2000-09-25 18:34 ` yodaiken
2000-09-25 18:48 ` Jamie Lokier
2000-09-25 19:25 ` Stephen C. Tweedie
2000-09-25 20:04 ` yodaiken
2000-09-25 20:23 ` Alan Cox
2000-09-25 20:35 ` yodaiken
2000-09-25 20:46 ` Alan Cox
2000-09-25 21:07 ` yodaiken
2000-09-26 9:54 ` Stephen C. Tweedie
2000-09-26 13:17 ` yodaiken
2000-09-25 20:47 ` Benjamin C.R. LaHaise
2000-09-25 21:12 ` yodaiken
2000-09-26 10:07 ` Stephen C. Tweedie
2000-09-26 13:30 ` yodaiken
2000-09-25 20:32 ` Stephen C. Tweedie [this message]
2000-09-26 12:10 ` Mark Hemment
2000-09-27 10:13 ` Andrey Savochkin
2000-09-27 12:55 ` Hugh Dickins
2000-09-28 3:25 ` Andrey Savochkin
2000-09-25 23:14 ` Erik Andersen
2000-09-26 15:17 ` yodaiken
2000-09-26 16:04 ` Stephen C. Tweedie
2000-09-26 17:02 ` Erik Andersen
2000-09-26 17:08 ` Stephen C. Tweedie
2000-09-26 17:45 ` Erik Andersen
2000-09-27 10:20 ` Andrey Savochkin
2000-09-26 21:13 ` Eric Lowe
2000-09-25 18:20 ` Andrea Arcangeli
2000-09-25 16:16 ` Rik van Riel
2000-09-25 16:55 ` Alan Cox
2000-09-25 15:48 ` the new VM Andrea Arcangeli
2000-09-25 15:40 ` Stephen C. Tweedie
2000-09-25 16:01 ` Andrea Arcangeli
2000-09-25 14:37 ` Rik van Riel
2000-09-25 20:34 ` Christoph Rohland
2000-10-06 16:14 ` Rik van Riel
2000-10-09 7:37 ` Christoph Rohland
2000-09-25 13:04 ` Ingo Molnar
2000-09-25 13:19 ` Andrea Arcangeli
2000-09-25 13:18 ` Ingo Molnar
2000-09-25 13:21 ` Ingo Molnar
2000-09-25 13:31 ` Andrea Arcangeli
2000-09-25 13:47 ` Ingo Molnar
2000-09-25 14:04 ` Andrea Arcangeli
2000-09-25 1:31 ` [patch] vmfixes-2.4.0-test9-B2 Andrea Arcangeli
2000-09-25 1:27 ` Alexander Viro
2000-09-25 2:02 ` Andrea Arcangeli
2000-09-25 2:01 ` Alexander Viro
2000-09-25 13:47 ` Stephen C. Tweedie
2000-09-25 10:13 ` Ingo Molnar
2000-09-25 12:58 ` Andrea Arcangeli
2000-09-25 13:10 ` Ingo Molnar
2000-09-25 13:49 ` Jens Axboe
2000-09-25 14:11 ` Ingo Molnar
2000-09-25 14:05 ` Jens Axboe
2000-09-25 16:46 ` Linus Torvalds
2000-09-25 17:05 ` Ingo Molnar
2000-09-25 17:23 ` Andrea Arcangeli
2000-09-25 14:20 ` Andrea Arcangeli
2000-09-25 14:11 ` Jens Axboe
2000-09-25 14:33 ` Andrea Arcangeli
2000-09-25 13:56 ` Andrea Arcangeli
2000-09-25 13:57 ` Ingo Molnar
2000-09-25 14:13 ` Andrea Arcangeli
2000-09-25 14:08 ` Jens Axboe
2000-09-25 14:29 ` Andrea Arcangeli
2000-09-25 14:18 ` Jens Axboe
2000-09-25 14:47 ` Andrea Arcangeli
2000-09-25 21:28 ` Jens Axboe
2000-09-25 22:14 ` Andrea Arcangeli
2000-09-25 14:13 ` Ingo Molnar
2000-09-25 14:29 ` Ingo Molnar
2000-09-25 14:46 ` Andrea Arcangeli
2000-09-25 14:53 ` Ingo Molnar
2000-09-25 15:02 ` Andrea Arcangeli
2000-09-24 21:38 ` __GFP_IO && shrink_[d|i]cache_memory()? Stephen C. Tweedie
2000-09-24 23:20 ` Alan Cox
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20000925213201.C2615@redhat.com \
--to=sct@redhat.com \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=andrea@suse.de \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=lk@tantalophile.demon.co.uk \
--cc=marcelo@conectiva.com.br \
--cc=mingo@elte.hu \
--cc=riel@conectiva.com.br \
--cc=roger.larsson@norran.net \
--cc=torvalds@transmeta.com \
--cc=yodaiken@fsmlabs.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox