Re: [PATCH -mm] vmscan: make mapped executable pages the first classcitizen

[Christoph Lameter]

On Thu, 7 May 2009, Elladan wrote:

> > Nobody (except you) is proposing that we completely disable
> > the eviction of executable pages.  I believe that your idea
> > could easily lead to a denial of service attack, with a user
> > creating a very large executable file and mmaping it.

The amount of mlockable pages is limited via ulimit. We can already make
the pages unreclaimable through mlock().

> I don't know of any distro that applies default ulimits, so desktops are
> already susceptible to the far more trivial "call malloc a lot" or "fork bomb"
> attacks.  Plus, ulimits don't help, since they only apply per process - you'd
> need a default mem cgroup before this mattered, I think.

The point remains that the proposed patch does not solve the general
problem that we encounter with exec pages of critical components of the
user interface being evicted from memory.

Do we have test data that shows a benefit? The description is minimal. Rik
claimed on IRC that tests have been done. If so then the patch description
should include the tests. Which loads benefit from this patch?

A significant change to the reclaim algorithm also needs to
have a clear description of the effects on reclaim behavior which is also
lacking.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/