Re: [patch 016/104] epoll: introduce resource usage limits

On Tue, Jan 27, 2009 at 09:26:30PM -0800, Greg KH wrote:
On Tue, Jan 27, 2009 at 08:10:41PM -0800, Davide Libenzi wrote:
In my servers, I know if they are going to be loaded, and I bump NFILES
(and a few other things) to the correct place. Since many of those
limits do not actually pre-allocate any resource, I don't need to wait and
monitor the values, before taking proper action.

But what about people who want to know what the current usages are, so
that they _can_ monitor things and adjust them on the fly if things are
about to go boom?

I see no reason why we can't leave the value where it is today, and add
the ability to both turn the limits off entirely, and also report our
current usage. That keeps the DOS from happening on "default" systems,
and lets admins have an idea if they need to bump up the values on their
systems as well.

I don't understand your objection to allowing the usage to be monitored.

Agreed. If sysadmins get trapped by the upgrade, the fix for an
hypotethical DoS is a 100%-certain DoS by itself. The general sense
that "if it's not broken, don't fix it" applies here as well. The
server's sysadmin should not be bothered by a security upgrade (anyway,
after a few minutes of havoc in prod, he will revert to previous version
without trying to understand any further). But the campus sysadmin having
trouble with local users already spends a lot of time tweaking limits.
Now we offer them a new limit they can tune, they'll happily use it.
Anyway, even at 128 they'll probably lower it down a lot. So basically
we're with a medium value which does not fit any usage.

Willy

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Relevant Pages

  • Re: Desktop heap monitoring
    ... I have an application that will let you set watch limits on usage: ... The app was developed for me to monitor a memory leak I had in an ActiveX ...
    (microsoft.public.vb.winapi)
  • Re: [patch 016/104] epoll: introduce resource usage limits
    ... the ability to both turn the limits off entirely, ... That keeps the DOS from happening on "default" systems, ... I don't understand your objection to allowing the usage to be monitored. ... But the campus sysadmin having ...
    (Linux-Kernel)
  • Re: [patch 016/104] epoll: introduce resource usage limits
    ... monitor the values, before taking proper action. ... the ability to both turn the limits off entirely, ... That keeps the DOS from happening on "default" systems, ... I don't understand your objection to allowing the usage to be monitored. ...
    (Linux-Kernel)
  • Re: [patch 016/104] epoll: introduce resource usage limits
    ... limits do not actually pre-allocate any resource, I don't need to wait and ... monitor the values, before taking proper action. ... the ability to both turn the limits off entirely, ... I don't understand your objection to allowing the usage to be monitored. ...
    (Linux-Kernel)
  • Re: [patch 016/104] epoll: introduce resource usage limits
    ... limits do not actually pre-allocate any resource, I don't need to wait and ... monitor the values, before taking proper action. ... the ability to both turn the limits off entirely, ... resource waste. ...
    (Linux-Kernel)