From: David Rientjes <rientjes@google.com>
To: "Figo.zhang" <zhangtianfei@leadcoretech.com>
Cc: figo zhang <figo1802@gmail.com>,
lkml <linux-kernel@vger.kernel.org>,
"linux-mm@kvack.org" <linux-mm@kvack.org>,
Andrew Morton <akpm@osdl.org>
Subject: Re: Re:[PATCH v2]oom-kill: CAP_SYS_RESOURCE should get bonus
Date: Wed, 3 Nov 2010 22:08:56 -0700 (PDT) [thread overview]
Message-ID: <alpine.DEB.2.00.1011032203470.10054@chino.kir.corp.google.com> (raw)
In-Reply-To: <1288845730.2102.11.camel@myhost>
On Thu, 4 Nov 2010, Figo.zhang wrote:
> CAP_SYS_RESOURCE == 1 means without resource limits just like a
> superuser,
> CAP_SYS_RESOURCE == 0 means hold resource limits, like normal user,
> right?
>
Yes.
> a new lower oom_score_adj will protect the process, right?
>
Yes.
> Tasks without CAP_SYS_RESOURCE, means that it is not a superuser, why
> user canot protect it by oom_score_adj?
>
Because, as I said, it would be trivial for a user program to deplete all
memory (either intentionally or unintentioally) and cause every other task
on the system to be oom killed as a result. That's an undesired result of
a blatently obvious DoS.
> like i want to protect my program such as gnome-terminal which is
> without CAP_SYS_RESOURCE (have resource limits),
>
> [figo@myhost ~]$ ps -ax | grep gnome-ter
> Warning: bad ps syntax, perhaps a bogus '-'? See
> http://procps.sf.net/faq.html
> 2280 ? Sl 0:01 gnome-terminal
> 8839 pts/0 S+ 0:00 grep gnome-ter
> [figo@myhost ~]$ cat /proc/2280/oom_adj
> 3
> [figo@myhost ~]$ echo -17 > /proc/2280/oom_adj
> bash: echo: write error: Permission denied
> [figo@myhost ~]$
>
> so, i canot protect my program.
>
If this is your system, you can either give yourself CAP_SYS_RESOURCE or
do it through the superuser. This isn't exactly new, it's been the case
for the past four years.
I'm still struggling to find out the problem that you're trying to address
with your various patches, perhaps because you haven't said what it is.
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Fight unfair telecom policy in Canada: sign http://dissolvethecrtc.ca/
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2010-11-04 5:09 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-11-02 1:43 [PATCH]oom-kill: direct hardware access processes " Figo.zhang
2010-11-02 3:10 ` David Rientjes
2010-11-02 14:24 ` Figo.zhang
2010-11-02 19:34 ` David Rientjes
2010-11-03 23:43 ` [PATCH v2]oom-kill: CAP_SYS_RESOURCE " Figo.zhang
2010-11-03 23:47 ` David Rientjes
[not found] ` <AANLkTimjfmLzr_9+Sf4gk0xGkFjffQ1VcCnwmCXA88R8@mail.gmail.com>
2010-11-04 1:38 ` Figo.zhang
2010-11-04 1:50 ` David Rientjes
2010-11-04 2:12 ` Figo.zhang
2010-11-04 2:54 ` David Rientjes
2010-11-04 4:42 ` Figo.zhang
2010-11-04 5:08 ` David Rientjes [this message]
2010-11-09 11:01 ` [PATCH " KOSAKI Motohiro
2010-11-09 12:24 ` Alan Cox
2010-11-09 21:06 ` David Rientjes
2010-11-09 21:25 ` David Rientjes
2010-11-10 14:38 ` Figo.zhang
2010-11-10 20:50 ` David Rientjes
2010-11-09 10:41 ` [PATCH]oom-kill: direct hardware access processes " KOSAKI Motohiro
2010-11-09 12:24 ` [PATCH v2]mm/oom-kill: " Figo.zhang
2010-11-09 21:16 ` David Rientjes
2010-11-10 14:48 ` Figo.zhang
2010-11-14 5:07 ` KOSAKI Motohiro
2010-11-14 21:29 ` David Rientjes
2010-11-15 1:24 ` KOSAKI Motohiro
2010-11-15 10:03 ` David Rientjes
2010-11-23 7:16 ` KOSAKI Motohiro
2010-11-28 1:36 ` David Rientjes
2010-11-30 13:00 ` KOSAKI Motohiro
2010-11-30 20:05 ` David Rientjes
2010-11-10 15:14 ` [PATCH v3]mm/oom-kill: " Figo.zhang
2010-11-10 15:24 ` Figo.zhang
2010-11-10 21:00 ` David Rientjes
2010-11-14 5:21 ` KOSAKI Motohiro
2010-11-14 21:33 ` David Rientjes
2010-11-15 3:26 ` [PATCH] Revert oom rewrite series Figo.zhang
2010-11-15 10:14 ` David Rientjes
2010-11-15 10:57 ` Alan Cox
2010-11-15 20:54 ` David Rientjes
2010-11-23 7:16 ` KOSAKI Motohiro
2011-01-04 7:51 ` [PATCH v3]mm/oom-kill: direct hardware access processes should get bonus Figo.zhang
2011-01-04 8:28 ` KAMEZAWA Hiroyuki
2011-01-04 8:56 ` Figo.zhang
2011-01-06 0:55 ` KAMEZAWA Hiroyuki
2011-01-05 3:32 ` David Rientjes
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=alpine.DEB.2.00.1011032203470.10054@chino.kir.corp.google.com \
--to=rientjes@google.com \
--cc=akpm@osdl.org \
--cc=figo1802@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=zhangtianfei@leadcoretech.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox