Received: by 10.192.165.148 with SMTP id m20csp3109639imm; Mon, 23 Apr 2018 00:14:35 -0700 (PDT) X-Google-Smtp-Source: AIpwx49Z10aqCfQRYMyolAUPq9F0qOMgeMkZBnxu/A6BJNe9+XLBdEkY6kayZTRrDrxxM3tj11nm X-Received: by 10.99.151.65 with SMTP id d1mr16506007pgo.447.1524467675827; Mon, 23 Apr 2018 00:14:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1524467675; cv=none; d=google.com; s=arc-20160816; b=VCsEoPoXa1lYKydZsQkg/0tm9BS/BP6cRYc4w4PQ6UgIuBFgEWgQNTgmCv+uVTw5h7 FryrQCMAz340rH7cKprkL6kAEMbEBX7LSJQkyZ07T3wrpQvawgAkcpjy1PDkqLH2Uhns 9Yhh//MH7TVTiF8sOiO4M2xCfyI55o/1B+sYmKHWbHFcmoohRiMvm22ELSibQcCD9wSs gf7lVbqrJkMmOxzm08ZeKObkbhDOe5XMBZ8E//3QMXct9y501xdkLkx32nJdPrS1ObqC nZqL+Ar6tPVq2Z8oSKmpuonIr5vsZOzzTL+jMIkzYNIrQLv7ryiwvCKm0h/iiVCm1Lmw 6G2Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:arc-authentication-results; bh=ORF/r4oagykIQNSZXcK2Wg88/sIToCUhDUEje22bHU8=; b=FzknbVvuGnWEt/Mc/xbCTn7E1KLSWaDElq6ADZ55MgH4LWO2ZIXcs4W9rAczZft5LD pGKwjTeNs/eqk6gBqaTnP8tDNaaBh1SOkTmPrsAfqrioz65wSaobfA+a9aw/l/bx7Tkz C1vT1B29FhGcCWIiIhb/ODYJXOavu63objOsyhRkAZYjiuiyHM3bTe6Bm52b+Gtla1cO f+XBGPbzt3mpzbenHVec5KAhQRL0+uE2ahGXRLpiNoptYbSKt6SGtgt48CLg1duuH5Dy c4PUN90vyszFwf5fogVPqdRxFmt584s4cuV3crSqueCihjaucQsyKesai5D5bMT7IQXu n9GA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id k3-v6si11698527plt.233.2018.04.23.00.14.20; Mon, 23 Apr 2018 00:14:35 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751275AbeDWHNP (ORCPT + 99 others); Mon, 23 Apr 2018 03:13:15 -0400 Received: from atrey.karlin.mff.cuni.cz ([195.113.26.193]:58357 "EHLO atrey.karlin.mff.cuni.cz" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750756AbeDWHNN (ORCPT ); Mon, 23 Apr 2018 03:13:13 -0400 Received: by atrey.karlin.mff.cuni.cz (Postfix, from userid 512) id 6A87F80457; Mon, 23 Apr 2018 09:13:12 +0200 (CEST) Date: Mon, 23 Apr 2018 09:13:11 +0200 From: Pavel Machek To: Michal Hocko Cc: vcaputo@pengaru.com, Ferry Toth , linux-kernel@vger.kernel.org Subject: Re: DOS by unprivileged user Message-ID: <20180423071311.GA5768@amd> References: <9023506.UBh6vynRGa@delfion> <20180422101654.GA26243@amd> <20180422174300.srzhf3veqxfigqhg@shells.gnugeneration.com> <20180423002738.GF16083@dhcp22.suse.cz> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="IJpNTDwzlM2Ie8A6" Content-Disposition: inline In-Reply-To: <20180423002738.GF16083@dhcp22.suse.cz> User-Agent: Mutt/1.5.23 (2014-03-12) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --IJpNTDwzlM2Ie8A6 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun 2018-04-22 18:27:38, Michal Hocko wrote: > On Sun 22-04-18 10:43:00, vcaputo@pengaru.com wrote: > > On Sun, Apr 22, 2018 at 12:16:54PM +0200, Pavel Machek wrote: > > > On Thu 2018-04-19 21:13:35, Ferry Toth wrote: > > > > It appears any ordinary user can easily create a DOS on linux. > > > >=20 > > > > One sure way to reproduce this is to open gitk on the linux kernel = repo=20 > > > > (SIC) on a machine with 8GB RAM 16 GB swap on a HDD with btrfs and = quad core=20 > > > > + hyperthreading. But I will be easy enough to get the same effect = with more=20 > > > > RAM, other fs etc. > > >=20 > > > You may want to disable swap. > > >=20 > >=20 > > I run without swap on my laptops, and still observe long periods of > > thrashing on the road towards OOM. What seems to occur is the active > > file-backed mappings of executables/libraries become a sort of swap > > area, repeatedly being discarded and faulted back in as the context > > switches occur. > >=20 > > If there's any good way to prevent this, I'd like to know. >=20 > I am afraid there is none yet. Johannes had some ground work for > page cache trashing detection https://marc.info/?i=3D20170727153010.23347= -1-hannes%40cmpxchg.org > but there was no version of the patchseries for quite some time and > there was no integration into the oom detection which would be > non-trivial as well. >=20 > I realize this sucks. But the reality is that this is far from trivial > to resolve without introducing pre-mature OOM killer invocations. Another problem is that what "unusable machine" in X/web browser situation may be normal load for build server... I guess one way would be "hey, this is my X server; if it is waiting for disk for more than 10 seconds, you probably want to OOM kill someone. Ouch and same goes for my window manager".=20 Pavel --=20 (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blo= g.html --IJpNTDwzlM2Ie8A6 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEARECAAYFAlrdh4cACgkQMOfwapXb+vImNQCZAc36f8T4LvyaqdjtbZo2ki7n lvcAnRAdvXaxteuiussAwyF8cGJFI6Yd =OdUa -----END PGP SIGNATURE----- --IJpNTDwzlM2Ie8A6--