vm.swap_reserved toooooo large?

Oliver Fromme olli at lurza.secnetix.de
Sat Dec 18 09:47:41 UTC 2010 

George Mamalakis wrote:
 > Oliver, thanx for your comments. I know it is difficult to choose which 
 > process to kill and how to be "fair" during such a killing procedure. 
 > Nevertheless, I would assume that all non-root processes would have 
 > higher priority to get killed, and that root's processes would get 
 > killed last.

The owner of the process is not taken into consideration,
because the "run-away" process causing the memory shortage
may as well be a root-owned process.  In such a situation,
if root processes were exempt from killing, the system
would deadlock and require a hard reboot.  Killing the
root-owned process is the lesser of two evils.

As I already explained, there is a process flag that root-
owned processes can set for themselves, preventing the
kernel from killing them in low-memory situations.  See
the description of the MADV_PROTECT flag in the madvise(2)
manual page.  For example, cron(8) and sshd(8) make use of
this, so they will not be killed.  This is a better way
than simply excluding all root processes.

 > I understand your comments completely, but I was just so 
 > surprised when I realized how easy it was for me to kill root processes 
 > on my system.

Only because you didn't configure resource limits.  ;-)

When you're the only user on a machine, such as a desktop
box, this is usually not a big deal.  But in all other
cases it's strongly recommended to set resource limits,
in particular for shell users and for server processes.

Without any resource limits, a normal user can starve the
system and take it down.  This is an old and well-known
problem for all UNIX systems (and most non-UNIX systems,
too, I guess).  You certainly didn't discover any new
problem.

If you're concerned, configure resource limits.  Period.

Best regards
   Oliver

-- 
Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M.
Handelsregister: Registergericht Muenchen, HRA 74606,  Geschäftsfuehrung:
secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün-
chen, HRB 125758,  Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart

FreeBSD-Dienstleistungen, -Produkte und mehr:  http://www.secnetix.de/bsd

"File names are infinite in length, where infinity is set to 255 characters."
        -- Peter Collinson, "The Unix File System"

More information about the freebsd-stable mailing list