Re: Memory overcommit

From: KAMEZAWA Hiroyuki
Date: Tue Oct 27 2009 - 23:20:02 EST

Next message: William Allen Simpson: "Re: [PATCH 2/3] net: TCP thin linear timeouts"
Previous message: Andi Kleen: "Re: is avoiding compat ioctls possible?"
In reply to: KOSAKI Motohiro: "Re: Memory overcommit"
Next in thread: David Rientjes: "Re: Memory overcommit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 28 Oct 2009 11:47:55 +0900 (JST)
KOSAKI Motohiro <kosaki.motohiro@xxxxxxxxxxxxxx> wrote:

> > 2. I started out running my mlock test program as root (later
> > switched to use "ulimit -l unlimited" first). But badness() reckons
> > CAP_SYS_ADMIN or CAP_SYS_RESOURCE is a reason to quarter your points;
> > and CAP_SYS_RAWIO another reason to quarter your points: so running
> > as root makes you sixteen times less likely to be killed. Quartering
> > is anyway debatable, but sixteenthing seems utterly excessive to me.
> >
> > I moved the CAP_SYS_RAWIO test in with the others, so it does no
> > more than quartering; but is quartering appropriate anyway? I did
> > wonder if I was right to be "subverting" the fine-grained CAPs in
> > this way, but have since seen unrelated mail from one who knows
> > better, implying they're something of a fantasy, that su and sudo
> > are indeed what's used in the real world. Maybe this patch was okay.
>
> I agree quartering is debatable.
> At least, killing quartering is worth for any user, and it can be push into -stable.
>
>
>
>
> From 27331555366c908a93c2cdd780b77e421869c5af Mon Sep 17 00:00:00 2001
> From: KOSAKI Motohiro <kosaki.motohiro@xxxxxxxxxxxxxx>
> Date: Wed, 28 Oct 2009 11:28:39 +0900
> Subject: [PATCH] oom: Mitigate suer-user's bonus of oom-score
>
> Currently, badness calculation code of oom contemplate following bonus.
> - Super-user have quartering oom-score
> - CAP_SYS_RAWIO process (e.g. database) also have quartering oom-score
>
> The problem is, Super-users have CAP_SYS_RAWIO too. Then, they have
> sixteenthing bonus. it's obviously too excessive and meaningless.
>
> This patch fixes it.
>
> Signed-off-by: KOSAKI Motohiro <kosaki.motohiro@xxxxxxxxxxxxxx>

I'll pick this up to my series.

Thanks,
-Kame

> ---
> mm/oom_kill.c | 13 +++++--------
> 1 files changed, 5 insertions(+), 8 deletions(-)
>
> diff --git a/mm/oom_kill.c b/mm/oom_kill.c
> index ea2147d..40d323d 100644
> --- a/mm/oom_kill.c
> +++ b/mm/oom_kill.c
> @@ -152,18 +152,15 @@ unsigned long badness(struct task_struct *p, unsigned long uptime)
> /*
> * Superuser processes are usually more important, so we make it
> * less likely that we kill those.
> - */
> - if (has_capability_noaudit(p, CAP_SYS_ADMIN) ||
> - has_capability_noaudit(p, CAP_SYS_RESOURCE))
> - points /= 4;
> -
> - /*
> - * We don't want to kill a process with direct hardware access.
> + *
> + * Plus, We don't want to kill a process with direct hardware access.
> * Not only could that mess up the hardware, but usually users
> * tend to only have this flag set on applications they think
> * of as important.
> */
> - if (has_capability_noaudit(p, CAP_SYS_RAWIO))
> + if (has_capability_noaudit(p, CAP_SYS_ADMIN) ||
> + has_capability_noaudit(p, CAP_SYS_RESOURCE) ||
> + has_capability_noaudit(p, CAP_SYS_RAWIO))
> points /= 4;
>
> /*
> --
> 1.6.2.5
>
>
>
>
>

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: William Allen Simpson: "Re: [PATCH 2/3] net: TCP thin linear timeouts"
Previous message: Andi Kleen: "Re: is avoiding compat ioctls possible?"
In reply to: KOSAKI Motohiro: "Re: Memory overcommit"
Next in thread: David Rientjes: "Re: Memory overcommit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]