RE: KPATCH] Reserve VM for root (was: Re: Looking for better VM)

[Rik van Riel <riel@conectiva.com.br>]

On Thu, 16 Nov 2000, Szabolcs Szakacsits wrote:

	[snip exploit that really shouldn't take Linux down]

> This or something similar didn't kill the box [I've tried all local
> DoS from Packetstorm that I could find]. Please send a working
> example. Of course probably it's possible to trigger root owned
> processes to eat memory eagerly by user apps but that's a problem in
> the process design running as root and not a kernel issue.

Not necessarily, but your patch will probably make a difference
for quite a number of people...

> If you think fork() kills the box then ulimit the maximum number
> of user processes (ulimit -u). This is a different issue and a
> bad design in the scheduler (see e.g. Tru64 for a better one).

My fair scheduler catches this one just fine. It hasn't
been integrated in the kernel yet, but both VA Linux and
Conectiva use it in their kernel RPM.

> BTW, I have a new version of the patch with that Linux behaves
> much better from root's point of view when the memory is more
> significantly overcommited. I'll post it if I have time [and
> there is interest].

There is interest, believe me ;)

While this is not one of the sexy new kernel
features, this will help quite a few system
administrators and is destined to a long and
healthy life inside kernel RPMs, maybe even
in the main kernel tree (when 2.5 splits?).

regards,

Rik
--
"What you're running that piece of shit Gnome?!?!"
       -- Miguel de Icaza, UKUUG 2000

http://www.conectiva.com/		http://www.surriel.com/

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org.  For more info on Linux MM,
see: http://www.linux.eu.org/Linux-MM/