In <1303435546.3090.3.ca...@zircon.lan.walnut.gen.nz>, Richard Hector wrote: >On Wed, 2011-04-20 at 12:04 +0200, Axel Freyn wrote: >> But the principal problem is: each of those limits/protections reduces >> the usability (e.g. if you have 2GB Ram, and you limit eclipse to 2GB, >> it will be killed by the Kernel as soon as it tries to use 2GB and 1 >> byte from the SWAP > >Really? > >I'd have thought eclipse's request for more memory (malloc) would just >fail at that point - which it may or may not handle appropriately, and >may handle by exiting. I see no reason for the kernel to kill it.
You'd think, right? Since malloc() has nice, documented ways it fails gracefully we should use them. We do, sometimes. However, in Linux with the default settings, that's not entirely true. When over-commit is on, there a minimal checks to see if a the memory requested can actually be satisfied. Instead, the map is made lazily, when the virtual memory pages are accessed. Unfortunately, it's possible for the kernel be unable to satisfy a mapping when it is needed. So, instead of failing on "mem = malloc(count)", where the userland process can handle things cleanly, the we fail on "*mem = things" were everything has to be handled in kernel space. Enter the OOM killer. These minimal checks may include what is set by ulimit; I'm not sure. If they don't, it's possible that a process could request (via malloc) more memory than it's ulimit allows, have the kernel not report at error at that time, and then get killed when it attempts to use all the memory it was promised! I turn off over-commit on all of my systems. I'd rather have malloc fail and let the userland handle things (possibly by crashing!) than have the semi- predictable OOM killer set loose. (I've heard decent arguments in favor of over-commit, but I think it fundamentally undermines the safety of the system, so I am still against it being the default.) -- Boyd Stephen Smith Jr. ,= ,-_-. =. b...@iguanasuicide.net ((_/)o o(\_)) ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-' http://iguanasuicide.net/ \_/
signature.asc
Description: This is a digitally signed message part.
