RELENG_4 on flash disk and swap
Kostik Belousov
kostikbel at gmail.com
Sat Mar 11 02:11:37 UTC 2006
On Fri, Mar 10, 2006 at 01:57:50PM +0200, Dmitry Pryanishnikov wrote:
>
> This is still a concern for me. IMHO it would be useful to have the ability
> to disable process killing due to the lack of swap, because having this
> enabled on e.g. transit router can lead to very unpleasant scenario.
> Imagine someone DoS-attacks it's sshd, and kernel kills the process with
> the largest RSS - it could e.g. be a vital part of the routing software
> (zebra/ripd/bgpd), and killing this process will render our router
> unreachable and unusable!
Then, what should kernel do ? It kills the process because it _needs_
the page. Usually, this page is needed to fill the frame that was already
allocated by some process, so, SIGKILL is another way to report ENOMEM.
The only way to prevent this situation is to never satisfy
memory address range requests that (potentially) cannot be backed
by real memory (this includes swap) in the future.
Some time ago I did implemented such behaviour ("disable overcommit switch").
Patch was applicable at the times of 6-CURRENT. I could blow
the dust off if somebody becomes interested in testing.
Latest version is available at
http://kostikbel.narod.ru/overcommit/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20060310/e7195911/attachment.bin
More information about the freebsd-stable
mailing list