From: Nick Piggin <nickpiggin@yahoo.com.au>
To: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Dave Hansen <hansendc@us.ibm.com>,
Alan Cox <alan@lxorguk.ukuu.org.uk>,
containers@lists.osdl.org, linux-kernel@vger.kernel.org,
menage@google.com, Andrew Morton <akpm@linux-foundation.org>,
xemul@sw.ru
Subject: Re: controlling mmap()'d vs read/write() pages
Date: Fri, 23 Mar 2007 21:47:45 +1100 [thread overview]
Message-ID: <4603B051.8000108@yahoo.com.au> (raw)
In-Reply-To: <m1tzwc5kw6.fsf@ebiederm.dsl.xmission.com>
Eric W. Biederman wrote:
> Nick Piggin <nickpiggin@yahoo.com.au> writes:
>
>
>>Eric W. Biederman wrote:
>>
>>>Dave Hansen <hansendc@us.ibm.com> writes:
>>>
>>>
>>>
>>>>So, I think we have a difference of opinion. I think it's _all_ about
>>>>memory pressure, and you think it is _not_ about accounting for memory
>>>>pressure. :) Perhaps we mean different things, but we appear to
>>>>disagree greatly on the surface.
>>>
>>>
>>>I think it is about preventing a badly behaved container from having a
>>>significant effect on the rest of the system, and in particular other
>>>containers on the system.
>>
>>That's Dave's point, I believe. Limiting mapped memory may be
>>mostly OK for well behaved applications, but it doesn't do anything
>>to stop bad ones from effectively DoSing the system or ruining any
>>guarantees you might proclaim (not that hard guarantees are always
>>possible without using virtualisation anyway).
>>
>>This is why I'm surprised at efforts that go to such great lengths
>>to get accounting "just right" (but only for mmaped memory). You
>>may as well not even bother, IMO.
>>
>>Give me an RSS limit big enough to run a couple of system calls and
>>a loop...
>
>
> Would any of them work on a system on which every filesystem was on
> ramfs, and there was no swap? If not then they are not memory attacks
> but I/O attacks.
>
> I completely concede that you can DOS the system with I/O if that is
> not limited as well.
>
> My point is that is not a memory problem but a disk I/O problem which is
> much easier to and cheaper to solve. Disk I/O is fundamentally a slow
> path which makes it hard to modify it in a way that negatively affects
> system performance.
>
> I don't think with a memory RSS limit you can DOS the system in a way
> that is purely about memory. You have to pick a different kind of DOS
> attack.
It can be done trivially without performing any IO or swap, yes.
--
SUSE Labs, Novell Inc.
Send instant messages to your online friends http://au.messenger.yahoo.com
next prev parent reply other threads:[~2007-03-23 10:47 UTC|newest]
Thread overview: 129+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-03-06 14:42 [RFC][PATCH 0/7] Resource controllers based on process containers Pavel Emelianov
2007-03-06 14:49 ` [RFC][PATCH 1/7] Resource counters Pavel Emelianov
2007-03-07 4:03 ` Balbir Singh
2007-03-07 7:19 ` Pavel Emelianov
2007-03-09 16:37 ` Herbert Poetzl
2007-03-11 9:01 ` Pavel Emelianov
2007-03-11 19:00 ` Eric W. Biederman
2007-03-12 1:16 ` Herbert Poetzl
2007-03-13 9:09 ` Eric W. Biederman
2007-03-13 9:27 ` Pavel Emelianov
2007-03-13 9:49 ` [Devel] " Kirill Korotaev
2007-03-13 15:21 ` Herbert Poetzl
2007-03-13 15:41 ` Pavel Emelianov
2007-03-13 16:07 ` Srivatsa Vaddagiri
2007-03-14 7:12 ` Pavel Emelianov
2007-03-15 16:51 ` Eric W. Biederman
2007-03-13 16:32 ` Herbert Poetzl
2007-03-06 14:55 ` [RFC][PATCH 2/7] RSS controller core Pavel Emelianov
2007-03-06 22:00 ` Andrew Morton
2007-03-09 16:48 ` Herbert Poetzl
2007-03-11 9:08 ` Pavel Emelianov
2007-03-11 14:32 ` Herbert Poetzl
2007-03-11 15:04 ` Pavel Emelianov
2007-03-12 0:41 ` Herbert Poetzl
2007-03-12 8:31 ` Pavel Emelianov
2007-03-12 9:55 ` Balbir Singh
2007-03-12 23:43 ` Herbert Poetzl
2007-03-13 1:57 ` Balbir Singh
2007-03-13 2:24 ` Srivatsa Vaddagiri
2007-03-13 16:06 ` Herbert Poetzl
2007-03-11 12:26 ` Kirill Korotaev
2007-03-11 12:51 ` Andrew Morton
2007-03-11 15:51 ` Balbir Singh
2007-03-11 19:34 ` Eric W. Biederman
2007-03-12 9:23 ` [Devel] " Kirill Korotaev
2007-03-13 9:26 ` Eric W. Biederman
2007-03-13 15:43 ` Kirill Korotaev
2007-03-12 1:00 ` Herbert Poetzl
2007-03-12 9:02 ` Pavel Emelianov
2007-03-12 21:11 ` Herbert Poetzl
2007-03-13 7:17 ` Pavel Emelianov
2007-03-13 15:05 ` Herbert Poetzl
2007-03-13 15:32 ` Pavel Emelianov
2007-03-13 15:10 ` Kirill Korotaev
2007-03-13 15:11 ` Herbert Poetzl
2007-03-13 15:54 ` Kirill Korotaev
2007-03-12 18:42 ` Dave Hansen
2007-03-12 22:41 ` Herbert Poetzl
2007-03-12 23:02 ` Dave Hansen
2007-03-18 16:58 ` Eric W. Biederman
2007-03-13 6:04 ` Andrew Morton
2007-03-13 10:19 ` [Devel] " Kirill Korotaev
2007-03-13 11:48 ` Andrew Morton
2007-03-13 14:59 ` Herbert Poetzl
2007-03-13 17:05 ` Dave Hansen
2007-03-14 15:38 ` Mel Gorman
2007-03-14 20:42 ` Dave Hansen
2007-03-20 18:57 ` Mel Gorman
2007-03-18 22:44 ` [Devel] " Paul Menage
2007-03-19 17:41 ` Eric W. Biederman
2007-03-13 17:26 ` Dave Hansen
2007-03-13 19:09 ` Alan Cox
2007-03-13 20:28 ` Dave Hansen
2007-03-16 0:55 ` Eric W. Biederman
2007-03-16 16:31 ` Dave Hansen
2007-03-16 18:54 ` Eric W. Biederman
2007-03-16 19:46 ` Dave Hansen
2007-03-18 17:42 ` Eric W. Biederman
2007-03-19 15:48 ` Herbert Poetzl
2007-03-20 16:15 ` controlling mmap()'d vs read/write() pages Dave Hansen
2007-03-20 21:19 ` Eric W. Biederman
2007-03-23 0:51 ` Herbert Poetzl
2007-03-23 5:57 ` Nick Piggin
2007-03-23 10:12 ` Eric W. Biederman
2007-03-23 10:47 ` Nick Piggin [this message]
2007-03-23 12:21 ` Eric W. Biederman
2007-03-28 7:33 ` Nick Piggin
2007-03-23 16:41 ` Dave Hansen
2007-03-23 18:16 ` Herbert Poetzl
2007-03-28 9:18 ` Balbir Singh
2007-03-14 16:47 ` [RFC][PATCH 2/7] RSS controller core Mel Gorman
2007-03-07 5:37 ` Balbir Singh
2007-03-07 7:27 ` Pavel Emelianov
2007-03-06 14:58 ` [RFC][PATCH 3/7] Data structures changes for RSS accounting Pavel Emelianov
2007-03-11 19:13 ` Eric W. Biederman
2007-03-12 16:16 ` Kirill Korotaev
2007-03-12 16:48 ` Dave Hansen
2007-03-12 17:19 ` Pavel Emelianov
2007-03-12 17:27 ` Dave Hansen
2007-03-13 7:10 ` Pavel Emelianov
2007-03-12 17:21 ` Balbir Singh
2007-03-06 15:00 ` [RFC][PATCH 4/7] RSS accounting hooks over the code Pavel Emelianov
2007-03-11 19:14 ` Eric W. Biederman
2007-03-12 16:23 ` Kirill Korotaev
2007-03-12 16:50 ` Dave Hansen
2007-03-12 17:07 ` Kirill Korotaev
2007-03-12 17:33 ` Dave Hansen
2007-03-13 9:43 ` Eric W. Biederman
2007-03-12 23:54 ` Herbert Poetzl
2007-03-13 9:58 ` Eric W. Biederman
2007-03-13 10:25 ` Nick Piggin
2007-03-13 16:01 ` Eric W. Biederman
2007-03-14 3:51 ` Nick Piggin
2007-03-14 6:42 ` Balbir Singh
2007-03-14 6:57 ` Nick Piggin
2007-03-14 7:48 ` Balbir Singh
2007-03-14 13:25 ` Vaidyanathan Srinivasan
2007-03-14 13:49 ` Nick Piggin
2007-03-14 14:43 ` Vaidyanathan Srinivasan
2007-03-14 16:16 ` Kirill Korotaev
2007-03-15 5:01 ` Nick Piggin
2007-03-15 5:44 ` Balbir Singh
2007-03-28 20:15 ` Ethan Solomita
2007-03-14 15:37 ` Cedric Le Goater
2007-03-14 15:45 ` Pavel Emelianov
2007-03-06 15:03 ` [RFC][PATCH 5/7] Per-container OOM killer and page reclamation Pavel Emelianov
2007-03-09 21:21 ` Balbir Singh
2007-03-11 8:41 ` Pavel Emelianov
2007-03-06 15:04 ` [RFC][PATCH 6/7] Account for the number of tasks within container Pavel Emelianov
2007-03-07 2:00 ` Paul Menage
2007-03-07 7:13 ` Pavel Emelianov
2007-03-08 13:49 ` Paul Menage
2007-03-11 8:36 ` Pavel Emelianov
2007-03-06 15:07 ` [RFC][PATCH 7/7] Account for the number of files opened " Pavel Emelianov
2007-03-07 2:02 ` [RFC][PATCH 0/7] Resource controllers based on process containers Paul Menage
2007-03-07 7:30 ` Pavel Emelianov
2007-03-07 6:52 ` Balbir Singh
2007-03-07 7:32 ` Pavel Emelianov
2007-03-07 9:43 ` Kirill Korotaev
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4603B051.8000108@yahoo.com.au \
--to=nickpiggin@yahoo.com.au \
--cc=akpm@linux-foundation.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=containers@lists.osdl.org \
--cc=ebiederm@xmission.com \
--cc=hansendc@us.ibm.com \
--cc=linux-kernel@vger.kernel.org \
--cc=menage@google.com \
--cc=xemul@sw.ru \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.