From: Marian Marinov <mm@1h.com>
To: Manfred Spraul <manfred@colorfullife.com>,
Davidlohr Bueso <davidlohr@hp.com>
Cc: akpm@linux-foundation.org, n-horiguchi@ah.jp.nec.com,
Greg KH <gregkh@linuxfoundation.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
Linux Containers <containers@lists.linux-foundation.org>
Subject: Re: [PATCH] IPC initialize shmmax and shmall from the current value not the default
Date: Thu, 22 May 2014 16:01:20 +0300 [thread overview]
Message-ID: <537DF520.2050904@1h.com> (raw)
In-Reply-To: <5367EDB6.3010408@1h.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 05/05/2014 10:59 PM, Marian Marinov wrote:
> On 05/04/2014 02:17 PM, Manfred Spraul wrote:
>> Hi Marian,
>>
>> Note: The limits will soon be increased to (nearly) ULONG_MAX. I.e.: If you propose the patch because you are
>> running into issues with a too small SEMMAX after an unshare(CLONE_NEWIPC), then this will be fixed soon.
>>
>>
>> On 05/04/2014 01:53 AM, Davidlohr Bueso wrote:
>>> On Sun, 2014-05-04 at 01:48 +0300, Marian Marinov wrote:
>>>> When we are creating new IPC namespace that should be cloned from the current namespace it is a good idea to
>>>> copy the values of the current shmmax and shmall to the new namespace.
>> The idea sounds reasonable: If an admin has reduced the limits, then the reduction should also apply after a
>> unshare(CLONE_NEWIPC).
>>
>> But: Your patch doesn't use the current shmmax, it uses the shmmax from init_ipc_ns. Would it be possible to use
>> the current values?
>
> In my tests it worked exactly as expected. Here is an example:
>
> [root@sp2 ~]# sysctl -a|grep shmmax kernel.shmmax = 68719476736 [root@sp2 ~]# lxc-attach -n cent_plain
> [root@localhost ~]# sysctl -a|grep shmmax kernel.shmmax = 68719476736 [root@localhost ~]# halt [root@sp2 ~]# sysctl
> -a|grep shmmax kernel.shmmax = 68719476736 [root@sp2 ~]# sysctl kernel.shmmax=34359738368 kernel.shmmax =
> 34359738368 [root@sp2 ~]# lxc-start -n cent_plain -d [root@sp2 ~]# lxc-attach -n cent_plain [root@localhost ~]#
> sysctl -a|grep shmmax kernel.shmmax = 34359738368 [root@localhost ~]#
>
> So it seams to work as expected :)
>
> It works because wen you setup a new shmmax limit it is actually the limit in the init_ipc_ns. So when we are
> creating a new ipc_ns its ok to copy the values from init_ipc_ns.
>
> -Marian
>
Ping?
So will there be any more comments on that?
Marian
>>
>>> Why is this a good idea?
>>>
>>> This would break userspace that relies on the current behavior. Furthermore we've recently changed the default
>>> value of both these limits to be as large as you can get, thus deprecating them. I don't like the idea of this
>>> being replaced by namespaces.
>> Davidlohr: We are not deprecating them, we make the default huge. The limits should stay as usable as they were.
>>
>> With regards to breaking user space, I must think about it a bit more. Right now, each new namespace starts with
>> SEMMAX=32MB, i.e. an often unusable default.
>>
>> -- Manfred
>>
>
>
- --
Marian Marinov
Founder & CEO of 1H Ltd.
Jabber/GTalk: hackman@jabber.org
ICQ: 7556201
Mobile: +359 886 660 270
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iEYEARECAAYFAlN99SAACgkQ4mt9JeIbjJQHrQCfdexU5xdW4A/pO66SvbcYQVqF
uREAoJ1e6hytp6435YUrpKjEG2qVulI1
=QqGi
-----END PGP SIGNATURE-----
next prev parent reply other threads:[~2014-05-22 13:01 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-05-03 22:48 [PATCH] IPC initialize shmmax and shmall from the current value not the default Marian Marinov
2014-05-03 22:48 ` Marian Marinov
[not found] ` <5365723D.7030303-108MBtLGafw@public.gmane.org>
2014-05-03 23:53 ` Davidlohr Bueso
2014-05-03 23:53 ` Davidlohr Bueso
[not found] ` <1399161216.2573.9.camel-5JQ4ckphU/8SZAcGdq5asR6epYMZPwEe5NbjCUgZEJk@public.gmane.org>
2014-05-04 0:28 ` Marian Marinov
2014-05-04 0:28 ` Marian Marinov
[not found] ` <536589B5.8060900-108MBtLGafw@public.gmane.org>
2014-05-04 1:20 ` Davidlohr Bueso
2014-05-04 1:20 ` Davidlohr Bueso
[not found] ` <1399166450.2573.15.camel-5JQ4ckphU/8SZAcGdq5asR6epYMZPwEe5NbjCUgZEJk@public.gmane.org>
2014-05-04 9:29 ` Marian Marinov
2014-05-04 9:29 ` Marian Marinov
2014-05-04 11:17 ` Manfred Spraul
2014-05-04 11:17 ` Manfred Spraul
[not found] ` <536621D4.60002-nhLOkwUX5cPe2c5cEj3t2g@public.gmane.org>
2014-05-04 17:19 ` Davidlohr Bueso
2014-05-04 17:19 ` Davidlohr Bueso
2014-05-05 19:59 ` Marian Marinov
2014-05-22 13:01 ` Marian Marinov [this message]
[not found] ` <537DF520.2050904-108MBtLGafw@public.gmane.org>
2014-05-25 20:01 ` Manfred Spraul
2014-05-25 20:01 ` Manfred Spraul
[not found] ` <53824C0D.1070204-nhLOkwUX5cPe2c5cEj3t2g@public.gmane.org>
2014-05-26 0:07 ` Marian Marinov
2014-05-26 0:07 ` Marian Marinov
2014-05-27 14:41 ` Serge Hallyn
2014-05-27 14:41 ` Serge Hallyn
[not found] ` <5367EDB6.3010408-108MBtLGafw@public.gmane.org>
2014-05-22 13:01 ` Marian Marinov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=537DF520.2050904@1h.com \
--to=mm@1h.com \
--cc=akpm@linux-foundation.org \
--cc=containers@lists.linux-foundation.org \
--cc=davidlohr@hp.com \
--cc=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=manfred@colorfullife.com \
--cc=n-horiguchi@ah.jp.nec.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.