Re: How can OOM killer detect process consuming much kernel memory?

About unix_autobind() · Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> · 2010-08-21
Re: About unix_autobind() · Changli Gao <hidden> · 2010-08-21
[PATCH] UNIX: Do not loop forever at unix_autobind(). · Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> · 2010-08-30
Re: [PATCH] UNIX: Do not loop forever at unix_autobind(). · Eric Dumazet <hidden> · 2010-09-01
[PATCH] UNIX: Do not loop forever at unix_autobind(). · Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> · 2010-09-04
Re: [PATCH] UNIX: Do not loop forever at unix_autobind(). · Eric Dumazet <hidden> · 2010-09-04
Re: [PATCH] UNIX: Do not loop forever at unix_autobind(). · Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> · 2010-09-04
Re: [PATCH] UNIX: Do not loop forever at unix_autobind(). · Eric Dumazet <hidden> · 2010-09-04
Re: [PATCH] UNIX: Do not loop forever at unix_autobind(). · Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> · 2010-09-04
Re: [PATCH] UNIX: Do not loop forever at unix_autobind(). · Eric Dumazet <hidden> · 2010-09-04
Re: [PATCH] UNIX: Do not loop forever at unix_autobind(). · Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> · 2010-09-04
Re: [PATCH] UNIX: Do not loop forever at unix_autobind(). · David Miller <davem@davemloft.net> · 2010-09-07
Re: [PATCH] UNIX: Do not loop forever at unix_autobind(). · Michał Mirosław <hidden> · 2010-09-04
How can OOM killer detect process consuming much kernel memory? · Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> · 2010-09-01
Re: How can OOM killer detect process consuming much kernel memory? · David Rientjes <rientjes@google.com> · 2010-09-01
Re: How can OOM killer detect process consuming much kernel memory? · KOSAKI Motohiro <hidden> · 2010-09-03

From: KOSAKI Motohiro <hidden>
Date: 2010-09-03 06:32:12
Also in: lkml

Is it possible to make OOM killer to kill processes consuming kernel memory
rather than userspace memory?

I'm happy if OOM killer can select victim process based on both kernel memory
usage and userspace memory usage. For example, opening a file requires kernel
memory allocation (e.g. /sys/kernel/security/tomoyo/self_domain allocates 8KB
of kernel memory). Therefore, I refuse allowing everybody to open that file
even if the content is public (because an attacker would open
/sys/kernel/security/tomoyo/self_domain as many as possible using
fork() and open() in order to exhaust kernel memory).

Unfortunatelly, It's impossible. We have zero information which kernel
memory should be bound caller task. Almost all kernel memory are task
unrelated, so we can't bind them with caller task blindly.

Thanks.

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help