Date: Sat, 18 Dec 2010 10:47:22 +0100 (CET) From: Oliver Fromme <olli@lurza.secnetix.de> To: freebsd-stable@FreeBSD.ORG, mamalos@eng.auth.gr Subject: Re: vm.swap_reserved toooooo large? Message-ID: <201012180947.oBI9lMoU092383@lurza.secnetix.de> In-Reply-To: <4D0A6BC1.9040201@eng.auth.gr>
next in thread | previous in thread | raw e-mail | index | archive | help
George Mamalakis wrote: > Oliver, thanx for your comments. I know it is difficult to choose which > process to kill and how to be "fair" during such a killing procedure. > Nevertheless, I would assume that all non-root processes would have > higher priority to get killed, and that root's processes would get > killed last. The owner of the process is not taken into consideration, because the "run-away" process causing the memory shortage may as well be a root-owned process. In such a situation, if root processes were exempt from killing, the system would deadlock and require a hard reboot. Killing the root-owned process is the lesser of two evils. As I already explained, there is a process flag that root- owned processes can set for themselves, preventing the kernel from killing them in low-memory situations. See the description of the MADV_PROTECT flag in the madvise(2) manual page. For example, cron(8) and sshd(8) make use of this, so they will not be killed. This is a better way than simply excluding all root processes. > I understand your comments completely, but I was just so > surprised when I realized how easy it was for me to kill root processes > on my system. Only because you didn't configure resource limits. ;-) When you're the only user on a machine, such as a desktop box, this is usually not a big deal. But in all other cases it's strongly recommended to set resource limits, in particular for shell users and for server processes. Without any resource limits, a normal user can starve the system and take it down. This is an old and well-known problem for all UNIX systems (and most non-UNIX systems, too, I guess). You certainly didn't discover any new problem. If you're concerned, configure resource limits. Period. Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M. Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung: secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün- chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd "File names are infinite in length, where infinity is set to 255 characters." -- Peter Collinson, "The Unix File System"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201012180947.oBI9lMoU092383>