From: Pavel Machek <pavel@ucw.cz>
To: Michal Hocko <mhocko@kernel.org>
Cc: vcaputo@pengaru.com, Ferry Toth <ftoth@telfort.nl>,
linux-kernel@vger.kernel.org
Subject: Re: DOS by unprivileged user
Date: Mon, 23 Apr 2018 09:13:11 +0200 [thread overview]
Message-ID: <20180423071311.GA5768@amd> (raw)
In-Reply-To: <20180423002738.GF16083@dhcp22.suse.cz>
[-- Attachment #1: Type: text/plain, Size: 1980 bytes --]
On Sun 2018-04-22 18:27:38, Michal Hocko wrote:
> On Sun 22-04-18 10:43:00, vcaputo@pengaru.com wrote:
> > On Sun, Apr 22, 2018 at 12:16:54PM +0200, Pavel Machek wrote:
> > > On Thu 2018-04-19 21:13:35, Ferry Toth wrote:
> > > > It appears any ordinary user can easily create a DOS on linux.
> > > >
> > > > One sure way to reproduce this is to open gitk on the linux kernel repo
> > > > (SIC) on a machine with 8GB RAM 16 GB swap on a HDD with btrfs and quad core
> > > > + hyperthreading. But I will be easy enough to get the same effect with more
> > > > RAM, other fs etc.
> > >
> > > You may want to disable swap.
> > >
> >
> > I run without swap on my laptops, and still observe long periods of
> > thrashing on the road towards OOM. What seems to occur is the active
> > file-backed mappings of executables/libraries become a sort of swap
> > area, repeatedly being discarded and faulted back in as the context
> > switches occur.
> >
> > If there's any good way to prevent this, I'd like to know.
>
> I am afraid there is none yet. Johannes had some ground work for
> page cache trashing detection https://marc.info/?i=20170727153010.23347-1-hannes%40cmpxchg.org
> but there was no version of the patchseries for quite some time and
> there was no integration into the oom detection which would be
> non-trivial as well.
>
> I realize this sucks. But the reality is that this is far from trivial
> to resolve without introducing pre-mature OOM killer invocations.
Another problem is that what "unusable machine" in X/web browser
situation may be normal load for build server...
I guess one way would be "hey, this is my X server; if it is waiting
for disk for more than 10 seconds, you probably want to OOM kill
someone. Ouch and same goes for my window manager".
Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]
next prev parent reply other threads:[~2018-04-23 7:13 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-04-19 19:13 DOS by unprivileged user Ferry Toth
2018-04-20 4:46 ` Mike Galbraith
2018-04-20 8:39 ` Ferry Toth
2018-04-20 12:37 ` Mike Galbraith
2018-04-22 10:16 ` Pavel Machek
2018-04-22 17:43 ` vcaputo
2018-04-23 0:27 ` Michal Hocko
2018-04-23 7:13 ` Pavel Machek [this message]
[not found] ` <4285098.DEWjdbWF2X@delfion>
[not found] ` <1524325275.8078.2.camel@gmx.de>
[not found] ` <6057755.ozdVOybsI6@delfion>
2018-04-23 8:04 ` Mike Galbraith
2018-04-25 14:54 ` Alan Cox
2018-04-25 16:21 ` Mike Galbraith
2018-04-25 16:50 ` Mike Galbraith
2018-04-30 10:00 ` Ferry Toth
2018-04-30 10:35 ` Miguel Ojeda
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180423071311.GA5768@amd \
--to=pavel@ucw.cz \
--cc=ftoth@telfort.nl \
--cc=linux-kernel@vger.kernel.org \
--cc=mhocko@kernel.org \
--cc=vcaputo@pengaru.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.