From: Hugh Dickins <hugh@veritas.com>
To: Badari Pulavarty <pbadari@us.ibm.com>
Cc: Chris Wright <chrisw@osdl.org>, linux-mm <linux-mm@kvack.org>
Subject: Re: [RFC] OVERCOMMIT_ALWAYS extension
Date: Mon, 17 Oct 2005 19:25:33 +0100 (BST) [thread overview]
Message-ID: <Pine.LNX.4.61.0510171919150.6548@goblin.wat.veritas.com> (raw)
In-Reply-To: <Pine.LNX.4.61.0510171904040.6406@goblin.wat.veritas.com>
On Mon, 17 Oct 2005, Hugh Dickins wrote:
> On Mon, 17 Oct 2005, Badari Pulavarty wrote:
> >
> > I have been looking at possible ways to extend OVERCOMMIT_ALWAYS
> > to avoid its abuse.
> >
> > Few of the applications (database) would like to overcommit
> > memory (by creating shared memory segments more than RAM+swap),
> > but use only portion of it at any given time and get rid
> > of portions of them through madvise(DONTNEED), when needed.
> > They want this, especially to handle hotplug memory situations
> > (where apps may not have clear idea on how much memory they have
> > in the system at the time of shared memory create). Currently,
> > they are using OVERCOMMIT_ALWAYS system wide to do this - but
> > they are affecting every other application on the system.
> >
> > I am wondering, if there is a better way to do this. Simple solution
> > would be to add IPC_OVERCOMMIT flag or add CAP_SYS_ADMIN to
> > do the overcommit. This way only specific applications, requesting
> > this would be able to overcommit. I am worried about, the over
> > all affects it has on the system. But again, this can't be worse
> > than system wide OVERCOMMIT_ALWAYS. Isn't it ?
>
> mmap has MAP_NORESERVE, without CAP_SYS_ADMIN or other restriction,
> which exempts that mmap from security_vm_enough_memory checking -
> unless current setting is OVERCOMMIT_NEVER, in which case
> MAP_NORESERVE is ignored.
Having written that, it does seem rather odd that we have a flag
anyone can set to evade that security_ checking. It was okay when
it was just vm_enough_memory, but now it's security_vm_enough_memory,
I wonder if this is a significant oversight, and some CAP required.
Might break things though. CC'ed Chris.
Ah, there's a security_file_mmap earlier, which could reject the
MAP_NORESERVE flag if it feels so inclined. Perhaps you'll need
to allow a similar opportunity for rejection in your approach.
Hugh
> So if you're content to move to the OVERCOMMIT_GUESS world, I
> don't think you could be blamed for adding an IPC_NORESERVE which
> behaves in the same way, without CAP_SYS_ADMIN restriction.
>
> But if you want to move to OVERCOMMIT_NEVER, yet have a flag which
> says overcommit now, you'll get into a tussle with NEVER-adherents.
>
> Hugh
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2005-10-17 18:25 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-10-17 17:30 Badari Pulavarty
2005-10-17 18:13 ` Hugh Dickins
2005-10-17 18:25 ` Hugh Dickins [this message]
2005-10-17 23:14 ` Badari Pulavarty
2005-10-18 16:05 ` [RFC][PATCH] " Badari Pulavarty
2005-10-19 17:56 ` Hugh Dickins
2005-10-19 18:32 ` Jeff Dike
2005-10-19 21:21 ` Badari Pulavarty
2005-10-19 22:38 ` Jeff Dike
2005-10-19 18:50 ` Badari Pulavarty
2005-10-19 19:12 ` Darren Hart
2005-10-19 20:10 ` Hugh Dickins
2005-10-19 20:47 ` Jeff Dike
2005-10-20 15:11 ` Badari Pulavarty
2005-10-20 17:27 ` Jeff Dike
2005-10-20 22:37 ` Badari Pulavarty
2005-10-24 20:04 ` Hugh Dickins
2005-10-24 20:22 ` Darren Hart
2005-10-24 20:24 ` Badari Pulavarty
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Pine.LNX.4.61.0510171919150.6548@goblin.wat.veritas.com \
--to=hugh@veritas.com \
--cc=chrisw@osdl.org \
--cc=linux-mm@kvack.org \
--cc=pbadari@us.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox