From owner-freebsd-stable@FreeBSD.ORG Sat Dec 18 09:47:41 2010 Return-Path: Delivered-To: freebsd-stable@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 65546106564A for ; Sat, 18 Dec 2010 09:47:41 +0000 (UTC) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (lurza.secnetix.de [IPv6:2a01:170:102f::2]) by mx1.freebsd.org (Postfix) with ESMTP id C1E968FC12 for ; Sat, 18 Dec 2010 09:47:40 +0000 (UTC) Received: from lurza.secnetix.de (localhost [127.0.0.1]) by lurza.secnetix.de (8.14.3/8.14.3) with ESMTP id oBI9lMtt092384; Sat, 18 Dec 2010 10:47:37 +0100 (CET) (envelope-from oliver.fromme@secnetix.de) Received: (from olli@localhost) by lurza.secnetix.de (8.14.3/8.14.3/Submit) id oBI9lMoU092383; Sat, 18 Dec 2010 10:47:22 +0100 (CET) (envelope-from olli) Date: Sat, 18 Dec 2010 10:47:22 +0100 (CET) Message-Id: <201012180947.oBI9lMoU092383@lurza.secnetix.de> From: Oliver Fromme To: freebsd-stable@FreeBSD.ORG, mamalos@eng.auth.gr In-Reply-To: <4D0A6BC1.9040201@eng.auth.gr> X-Newsgroups: list.freebsd-stable User-Agent: tin/1.8.3-20070201 ("Scotasay") (UNIX) (FreeBSD/6.4-PRERELEASE-20080904 (i386)) MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.3.5 (lurza.secnetix.de [127.0.0.1]); Sat, 18 Dec 2010 10:47:37 +0100 (CET) Cc: Subject: Re: vm.swap_reserved toooooo large? X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-stable@FreeBSD.ORG, mamalos@eng.auth.gr List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Dec 2010 09:47:41 -0000 George Mamalakis wrote: > Oliver, thanx for your comments. I know it is difficult to choose which > process to kill and how to be "fair" during such a killing procedure. > Nevertheless, I would assume that all non-root processes would have > higher priority to get killed, and that root's processes would get > killed last. The owner of the process is not taken into consideration, because the "run-away" process causing the memory shortage may as well be a root-owned process. In such a situation, if root processes were exempt from killing, the system would deadlock and require a hard reboot. Killing the root-owned process is the lesser of two evils. As I already explained, there is a process flag that root- owned processes can set for themselves, preventing the kernel from killing them in low-memory situations. See the description of the MADV_PROTECT flag in the madvise(2) manual page. For example, cron(8) and sshd(8) make use of this, so they will not be killed. This is a better way than simply excluding all root processes. > I understand your comments completely, but I was just so > surprised when I realized how easy it was for me to kill root processes > on my system. Only because you didn't configure resource limits. ;-) When you're the only user on a machine, such as a desktop box, this is usually not a big deal. But in all other cases it's strongly recommended to set resource limits, in particular for shell users and for server processes. Without any resource limits, a normal user can starve the system and take it down. This is an old and well-known problem for all UNIX systems (and most non-UNIX systems, too, I guess). You certainly didn't discover any new problem. If you're concerned, configure resource limits. Period. Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M. Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung: secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün- chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd "File names are infinite in length, where infinity is set to 255 characters." -- Peter Collinson, "The Unix File System"