From: "Jörn Engel" <joern@logfs.org>
To: Johannes Weiner <hannes@cmpxchg.org>
Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH, RFC] mm: Implement RLIMIT_RSS
Date: Tue, 11 Jun 2013 17:53:20 -0400 [thread overview]
Message-ID: <20130611215319.GA29368@logfs.org> (raw)
In-Reply-To: <20130611211601.GA29426@cmpxchg.org>
On Tue, 11 June 2013 17:16:01 -0400, Johannes Weiner wrote:
> On Tue, Jun 11, 2013 at 02:29:21PM -0400, JA?rn Engel wrote:
> > I've seen a couple of instances where people try to impose a vsize
> > limit simply because there is no rss limit in Linux. The vsize limit
> > is a horrible approximation and even this patch seems to be an
> > improvement.
> >
> > Would there be strong opposition to actually supporting RLIMIT_RSS?
>
> This is trivial to exploit by creating the mappings first and
> populating them later, so while it may cover some use cases, it does
> not have the protection against malicious programs aspect that all the
> other rlimits have.
Hm. The use case I have is that an application wants to limit itself.
It is effectively a special assert to catch memory leaks and the like.
So malicious programs are not my immediate concern.
Of course the moment Linux supports RLIMIT_RSS people will use it to
limit malicious programs, no matter how many scary warning we put in.
> The right place to enforce the limit is at the point of memory
> allocation, which raises the question what to do when the limit is
> exceeded in a page fault. Reclaim from the process's memory? Kill
> it?
>
> I guess the answer to these questions is "memory cgroups", so that's
> why there is no real motivation to implement RLIMIT_RSS separately...
Lack of opposition would be enough for me. But I guess we need a bit
more for a mergeable patch than I did and I only did the existing
patch because it seemed easy, not because it is important. Will keep
the patch in my junk code folder for now.
JA?rn
--
A surrounded army must be given a way out.
-- Sun Tzu
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
WARNING: multiple messages have this Message-ID (diff)
From: "Jörn Engel" <joern@logfs.org>
To: Johannes Weiner <hannes@cmpxchg.org>
Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH, RFC] mm: Implement RLIMIT_RSS
Date: Tue, 11 Jun 2013 17:53:20 -0400 [thread overview]
Message-ID: <20130611215319.GA29368@logfs.org> (raw)
In-Reply-To: <20130611211601.GA29426@cmpxchg.org>
On Tue, 11 June 2013 17:16:01 -0400, Johannes Weiner wrote:
> On Tue, Jun 11, 2013 at 02:29:21PM -0400, Jörn Engel wrote:
> > I've seen a couple of instances where people try to impose a vsize
> > limit simply because there is no rss limit in Linux. The vsize limit
> > is a horrible approximation and even this patch seems to be an
> > improvement.
> >
> > Would there be strong opposition to actually supporting RLIMIT_RSS?
>
> This is trivial to exploit by creating the mappings first and
> populating them later, so while it may cover some use cases, it does
> not have the protection against malicious programs aspect that all the
> other rlimits have.
Hm. The use case I have is that an application wants to limit itself.
It is effectively a special assert to catch memory leaks and the like.
So malicious programs are not my immediate concern.
Of course the moment Linux supports RLIMIT_RSS people will use it to
limit malicious programs, no matter how many scary warning we put in.
> The right place to enforce the limit is at the point of memory
> allocation, which raises the question what to do when the limit is
> exceeded in a page fault. Reclaim from the process's memory? Kill
> it?
>
> I guess the answer to these questions is "memory cgroups", so that's
> why there is no real motivation to implement RLIMIT_RSS separately...
Lack of opposition would be enough for me. But I guess we need a bit
more for a mergeable patch than I did and I only did the existing
patch because it seemed easy, not because it is important. Will keep
the patch in my junk code folder for now.
Jörn
--
A surrounded army must be given a way out.
-- Sun Tzu
next prev parent reply other threads:[~2013-06-11 23:22 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-06-11 18:29 [PATCH, RFC] mm: Implement RLIMIT_RSS Jörn Engel
2013-06-11 18:29 ` Jörn Engel
2013-06-11 21:16 ` Johannes Weiner
2013-06-11 21:16 ` Johannes Weiner
2013-06-11 21:53 ` Jörn Engel [this message]
2013-06-11 21:53 ` Jörn Engel
2013-06-13 8:57 ` Minchan Kim
2013-06-13 8:57 ` Minchan Kim
2013-06-13 14:43 ` Jörn Engel
2013-06-13 14:43 ` Jörn Engel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130611215319.GA29368@logfs.org \
--to=joern@logfs.org \
--cc=hannes@cmpxchg.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.