From owner-freebsd-stable@FreeBSD.ORG  Sat Mar 11 02:11:37 2006
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
X-Original-To: freebsd-stable@freebsd.org
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id D2BAC16B063
	for <freebsd-stable@freebsd.org>; Sat, 11 Mar 2006 02:11:30 +0000 (GMT)
	(envelope-from kostikbel@gmail.com)
Received: from fw.zoral.com.ua (ll-227.216.82.212.sovam.net.ua
	[212.82.216.227])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 6316243FA6
	for <freebsd-stable@freebsd.org>; Fri, 10 Mar 2006 12:40:05 +0000 (GMT)
	(envelope-from kostikbel@gmail.com)
Received: from deviant.kiev.zoral.com.ua (root@deviant.kiev.zoral.com.ua
	[10.1.1.148])
	by fw.zoral.com.ua (8.13.3/8.13.3) with ESMTP id k2ACdhed066521
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Fri, 10 Mar 2006 14:39:43 +0200 (EET)
	(envelope-from kostikbel@gmail.com)
Received: from deviant.kiev.zoral.com.ua (kostik@localhost [127.0.0.1])
	by deviant.kiev.zoral.com.ua (8.13.4/8.13.4) with ESMTP id
	k2ACdhau062795; Fri, 10 Mar 2006 14:39:43 +0200 (EET)
	(envelope-from kostikbel@gmail.com)
Received: (from kostik@localhost)
	by deviant.kiev.zoral.com.ua (8.13.4/8.13.4/Submit) id k2ACdg3D062794; 
	Fri, 10 Mar 2006 14:39:42 +0200 (EET)
	(envelope-from kostikbel@gmail.com)
X-Authentication-Warning: deviant.kiev.zoral.com.ua: kostik set sender to
	kostikbel@gmail.com using -f
Date: Fri, 10 Mar 2006 14:39:42 +0200
From: Kostik Belousov <kostikbel@gmail.com>
To: Dmitry Pryanishnikov <dmitry@atlantis.dp.ua>
Message-ID: <20060310123942.GI37572@deviant.kiev.zoral.com.ua>
References: <20060302181625.I3905@atlantis.atlantis.dp.ua>
	<76FAD2DB-CD18-42D4-95C8-F016CFB17B00@segpub.com.au>
	<20060303110936.R86586@atlantis.atlantis.dp.ua>
	<20060303185157.GB692@turion.vk2pj.dyndns.org>
	<20060304001224.G356@atlantis.atlantis.dp.ua>
	<20060304065138.GD692@turion.vk2pj.dyndns.org>
	<20060310121758.S80837@atlantis.atlantis.dp.ua>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="9JSHP372f+2dzJ8X"
Content-Disposition: inline
In-Reply-To: <20060310121758.S80837@atlantis.atlantis.dp.ua>
User-Agent: Mutt/1.4.2.1i
X-Virus-Scanned: ClamAV version 0.87.1,
	clamav-milter version 0.87 on fw.zoral.com.ua
X-Virus-Status: Clean
X-Spam-Status: No, score=-1.4 required=5.0 tests=ALL_TRUSTED autolearn=failed 
	version=3.1.0
X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on fw.zoral.com.ua
Cc: Michael Proto <mike@jellydonut.org>, freebsd-stable@freebsd.org,
	Peter Jeremy <peterjeremy@optushome.com.au>
Subject: Re: RELENG_4 on flash disk and swap
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Mar 2006 02:11:37 -0000


--9JSHP372f+2dzJ8X
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Mar 10, 2006 at 01:57:50PM +0200, Dmitry Pryanishnikov wrote:
>=20
>  This is still a concern for me. IMHO it would be useful to have the abil=
ity
> to disable process killing due to the lack of swap, because having this
> enabled on e.g. transit router can lead to very unpleasant scenario.=20
> Imagine someone DoS-attacks it's sshd, and kernel kills the process with=
=20
> the largest RSS - it could e.g. be a vital part of the routing software=
=20
> (zebra/ripd/bgpd), and killing this process will render our router=20
> unreachable and unusable!

Then, what should kernel do ? It kills the process because it _needs_
the page. Usually, this page is needed to fill the frame that was already
allocated by some process, so, SIGKILL is another way to report ENOMEM.

The only way to prevent this situation is to never satisfy
memory address range requests that (potentially) cannot be backed
by real memory (this includes swap) in the future.

Some time ago I did implemented such behaviour ("disable overcommit switch"=
).
Patch was applicable at the times of 6-CURRENT. I could blow
the dust off if somebody becomes interested in testing.

Latest version is available at
http://kostikbel.narod.ru/overcommit/


--9JSHP372f+2dzJ8X
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (FreeBSD)

iD8DBQFEEXONC3+MBN1Mb4gRAic3AKDZOwLCv3Z2cQ3v8zTk2nsalE4kWwCfWlxd
gtFfObB16DlIjH5FkP3rkuM=
=L7sA
-----END PGP SIGNATURE-----

--9JSHP372f+2dzJ8X--