Re: the new VMt

From: yodaiken@fsmlabs.com
Date: Mon Sep 25 2000 - 15:04:19 EST

Next message: Jasper Spaans: "Re: mount -t bind gone?"
Previous message: Stephen Williams: "Re: the new VMt [4MB+ blocks]"
In reply to: Stephen C. Tweedie: "Re: the new VMt"
Next in thread: Alan Cox: "Re: the new VMt"
Reply: Alan Cox: "Re: the new VMt"
Reply: Stephen C. Tweedie: "Re: the new VMt"
Reply: Erik Andersen: "Re: the new VMt"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Sep 25, 2000 at 08:25:49PM +0100, Stephen C. Tweedie wrote:
> Hi,
>
> On Mon, Sep 25, 2000 at 12:34:56PM -0600, yodaiken@fsmlabs.com wrote:
>
> > > > Process 1,2 and 3 all start allocating 20 pages
> > > > now 57 pages are locked up in non-swapable kernel space and the system deadlocks OOM.
> > >
> > > Or go the beancounter route: process 1 asks "can I pin 20 pages", gets
> > > told "yes", and goes allocating them, blocking as necessary until it
> >
> > So you have a "pre-allocation allocator"? Leads to interesting and hard to detect
> > bugs with old code that does not pre-allocate or with code that incorrectly pre-allocates
> > or that blocks on something unrelated
>
> Right, but if the alternative is spurious ENOMEM when we can satisfy

An ENOMEM is not spurious if there is not enough memory. UNIX does not ask the
OS to do impossible tricks.

> all of the pending requests just as long as they are serialised, is
> this a problem?

I think you are solving the wrong problem. On a small memory machine, the kernel,
utilities, and applications should be configured to use little memory.
BusyBox is better than BeanCount.

> However, you just can't escape from the fact that on low memory
> machinnes, we *need* beancounter-style accounting of pinned pages or
> we'll be in Deep Trouble (TM). We already have nasty DoS situations

What we need is simple kernel code that does not hold resources
into a possible deadlock situation.

> which are embarassingly easy to reproduce. If we need such
> beancounter protection, AND such protection can prevent the situation
> you describe, then do we need to go looking for another way of
> achieving the same protection?

On general principles, I don't see any substitute for clean code in the kernel and
my prediction is that if you show me an example of
DoS vulnerability, I can show you fix that does not require bean counting.
Am I wrong?

-- --------------------------------------------------------- Victor Yodaiken Finite State Machine Labs: The RTLinux Company. www.fsmlabs.com www.rtlinux.com

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org Please read the FAQ at http://www.tux.org/lkml/

Next message: Jasper Spaans: "Re: mount -t bind gone?"
Previous message: Stephen Williams: "Re: the new VMt [4MB+ blocks]"
In reply to: Stephen C. Tweedie: "Re: the new VMt"
Next in thread: Alan Cox: "Re: the new VMt"
Reply: Alan Cox: "Re: the new VMt"
Reply: Stephen C. Tweedie: "Re: the new VMt"
Reply: Erik Andersen: "Re: the new VMt"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Sat Sep 30 2000 - 21:00:16 EST