On Fri, Mar 10, 2006 at 01:57:50PM +0200, Dmitry Pryanishnikov wrote: > > This is still a concern for me. IMHO it would be useful to have the ability > to disable process killing due to the lack of swap, because having this > enabled on e.g. transit router can lead to very unpleasant scenario. > Imagine someone DoS-attacks it's sshd, and kernel kills the process with > the largest RSS - it could e.g. be a vital part of the routing software > (zebra/ripd/bgpd), and killing this process will render our router > unreachable and unusable!
Then, what should kernel do ? It kills the process because it _needs_ the page. Usually, this page is needed to fill the frame that was already allocated by some process, so, SIGKILL is another way to report ENOMEM. The only way to prevent this situation is to never satisfy memory address range requests that (potentially) cannot be backed by real memory (this includes swap) in the future. Some time ago I did implemented such behaviour ("disable overcommit switch"). Patch was applicable at the times of 6-CURRENT. I could blow the dust off if somebody becomes interested in testing. Latest version is available at http://kostikbel.narod.ru/overcommit/
pgp8GbI4yjbAZ.pgp
Description: PGP signature