On Oct 12, 2007, at 01:37:23, Al Boldi wrote:
Kyle Moffett wrote:
This isn't really necessary any more with the new CFS scheduler.
If you want to prevent excess memory usage then you limit memory
usage, not process count, so just set the system max process count
to something absurdly high and leave the user counts down at the
maximum a user might run. Then as long as the sum of the user
processes is less than the max number of processes (which you just
set absurdly high or unlimited), you may still log in. With the
per-user scheduling enabled CFS allows you to run an
optimistically-real-time game as one user and several thousand
busy-loops as another user and get almost picture perfect 50% CPU
distribution between the users. To me that seems a much better DoS-
prevention system than limits which don't scale based on how many
people are requesting resources.
You have a point, and resource-controllers can probably control DoS
a lot better, but the they also incur more overhead. Think of this
"lockout prevention" patch as a near zero overhead safety valve.
But why do you need to add "lockout prevention" if it already
exists? With CFS' extremely efficient per-user-scheduling (hopefully
soon to be the default) there are only two forms of lockout by non-
root processes: (1) Running out of PIDs in the box's PID-space
(think tens or hundreds of thousands of processes), or (2) Swap-
storming the box to death. To put it bluntly trying to reserve free
PID slots is attacking the wrong end of the problem and your so
called "lockout prevention" could very easily ensure that 10 PIDs are
available even if the user has swapstormed the box with the PIDs he
does have.
Cheers,
Kyle Moffett
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
