linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Andrea Arcangeli <andrea@suse.de>
To: Andrew Morton <akpm@osdl.org>
Cc: mauriciolin@gmail.com, tglx@linutronix.de,
	marcelo.tosatti@cyclades.com, edjard@gmail.com,
	linux-kernel@vger.kernel.org
Subject: Re: User space out of memory approach
Date: Thu, 27 Jan 2005 23:58:54 +0100	[thread overview]
Message-ID: <20050127225854.GZ8518@opteron.random> (raw)
In-Reply-To: <20050127142943.3fea07df.akpm@osdl.org>

On Thu, Jan 27, 2005 at 02:29:43PM -0800, Andrew Morton wrote:
> I've already queued a patch for this:
> 
> --- 25/mm/oom_kill.c~mm-fix-several-oom-killer-bugs-fix	Thu Jan 27 13:56:58 2005
> +++ 25-akpm/mm/oom_kill.c	Thu Jan 27 13:57:19 2005
> @@ -198,12 +198,7 @@ static void __oom_kill_task(task_t *p)
>  	p->time_slice = HZ;
>  	p->memdie = 1;
>  
> -	/* This process has hardware access, be more careful. */
> -	if (cap_t(p->cap_effective) & CAP_TO_MASK(CAP_SYS_RAWIO)) {
> -		force_sig(SIGTERM, p);
> -	} else {
> -		force_sig(SIGKILL, p);
> -	}
> +	force_sig(SIGKILL, p);
>  }
>  
>  static struct mm_struct *oom_kill_task(task_t *p)

Thanks.

> However.  This means that we'll now kill off tasks which had hardware
> access.  What are the implications of this?

The implication of the above is basically that the X server won't be
able to restore the text mode, but that avoids the deadlock ;).

And they had not necessairly hardware access. They "might" have hardware
access. Note that an app may have hardware access even if it has no
rawio capabilities. One can run iopl and then change uid just fine. So
the above check is quite weak since it leaves the kernel susceptible to
bugs and memleaks in any app started by root. Kernel shouldn't trust
root apps, all apps are buggy, root apps too (I even once fixed a signal
race in /sbin/init that showed up with the schedule child first sched
optimization ;).

iopl and ioperm are the only two things we care about.  We can a
synchronous reliable eflags/ioperm value only from the "regs" in the
task context. Problem is that since we can pick a task to kill that
isn't necessairly the current task, we should start to approximate, and
assume the process is sleeping. The regs must be saved during
reschedule, so it should cache the old contents. So perhaps we can get a
pratically reliable eflags dump from the tss_struct. But this will not
be common code and it'll require a specialized arch API. Like
has_hw_access(). Only then we can make a stronger assumption and be
truly careful about sending SIGKILL.

The right way to do this is probably to wait a few seconds before
sending the sigkill. I'm not currently sure if it worth adding the
has_hw_access(). But certainly I would prefer to do nothing special with
only the sys_rawio capability. I thought I could wait the other patches
to be merged to avoid confusion before making more changes (since it'd
be a pretty self contained feature), but I can do that now if you
prefer.

  reply	other threads:[~2005-01-27 23:00 UTC|newest]

Thread overview: 70+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-01-10 21:43 User space out of memory approach Mauricio Lin
2005-01-10 19:20 ` Marcelo Tosatti
2005-01-10 19:39   ` Marcelo Tosatti
2005-01-10 23:01     ` Mauricio Lin
2005-01-10 22:40   ` Edjard Souza Mota
2005-01-10 20:05     ` Marcelo Tosatti
2005-01-10 23:17       ` Edjard Souza Mota
2005-01-10 23:18         ` Edjard Souza Mota
2005-01-10 23:24       ` Mauricio Lin
2005-01-10 23:30         ` Mauricio Lin
2005-01-11  7:47         ` Marcelo Tosatti
2005-01-11  0:35       ` Thomas Gleixner
2005-01-11  2:03         ` Edjard Souza Mota
2005-01-11  8:44           ` Thomas Gleixner
2005-01-11  8:58             ` Andrea Arcangeli
2005-01-11  7:48               ` Marcelo Tosatti
2005-01-11  9:08               ` Andrew Morton
2005-01-11  9:19                 ` Andrea Arcangeli
2005-01-11  9:27                   ` Andrew Morton
2005-01-11  9:20             ` Edjard Souza Mota
2005-01-11  9:30               ` Thomas Gleixner
2005-01-11  9:56                 ` Andrea Arcangeli
2005-01-11 10:05                   ` Edjard Souza Mota
2005-01-11 10:39                     ` Thomas Gleixner
2005-01-11 10:44                     ` Andrea Arcangeli
2005-01-11 14:56                       ` Edjard Souza Mota
2005-01-11 15:27                       ` Ilias Biris
2005-01-11 10:00                 ` Edjard Souza Mota
2005-01-11 10:36                   ` Thomas Gleixner
2005-01-11 16:32             ` Alan Cox
2005-01-11 19:16               ` Ilias Biris
2005-01-11 20:46                 ` Ilias Biris
2005-01-11 20:57                   ` Thomas Gleixner
2005-01-12  9:31                     ` Edjard Souza Mota
2005-01-12 11:19                       ` Thomas Gleixner
2005-01-12 12:12                         ` Edjard Souza Mota
2005-01-13 15:36                   ` Alan Cox
2005-01-16 10:06                     ` Edjard Souza Mota
2005-01-16 21:10                       ` Alan Cox
2005-01-17 10:16                         ` Thomas Gleixner
2005-01-11 21:35                 ` Denis Vlasenko
2005-01-11 20:40               ` Thomas Gleixner
2005-01-11  7:42         ` Marcelo Tosatti
2005-01-11 10:51           ` Thomas Gleixner
2005-01-11 11:03             ` Andrea Arcangeli
2005-01-11  8:38         ` Andrea Arcangeli
2005-01-21 21:27           ` Mauricio Lin
2005-01-21 21:45             ` Mauricio Lin
2005-01-22  3:32               ` Andrea Arcangeli
2005-01-25 21:13                 ` Mauricio Lin
2005-01-25 21:39                   ` Thomas Gleixner
2005-01-26  0:11                     ` Mauricio Lin
2005-01-26  0:49                       ` Andrea Arcangeli
2005-01-26 14:03                         ` Mauricio Lin
2005-01-27 18:54                         ` Mauricio Lin
2005-01-27 22:11                           ` Andrea Arcangeli
2005-01-27 22:29                             ` Andrew Morton
2005-01-27 22:58                               ` Andrea Arcangeli [this message]
2005-01-27 23:35                                 ` Andrew Morton
2005-01-28  0:15                                   ` Andrea Arcangeli
2005-01-28 13:58                             ` Mauricio Lin
2005-01-28 15:21                               ` Mauricio Lin
2005-01-28 15:29                                 ` Andrea Arcangeli
2005-01-26  7:26                       ` Thomas Gleixner
2005-01-22  3:04             ` Andrea Arcangeli
     [not found] <fa.lcmt90h.1j1scpn@ifi.uio.no>
     [not found] ` <fa.ht4gei4.1g5odia@ifi.uio.no>
2005-01-16 16:28   ` Bodo Eggert
2005-01-18 13:15     ` Edjard Souza Mota
2005-01-19  6:18       ` Bodo Eggert
2005-01-20  3:20         ` Edjard Souza Mota
2005-01-20  5:00           ` Bodo Eggert

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20050127225854.GZ8518@opteron.random \
    --to=andrea@suse.de \
    --cc=akpm@osdl.org \
    --cc=edjard@gmail.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=marcelo.tosatti@cyclades.com \
    --cc=mauriciolin@gmail.com \
    --cc=tglx@linutronix.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).