Subject: Re: Swap overcommit (was Re: Replacement for grep(1) (part 2))
To: Garance A Drosihn <>
From: Daniel C. Sobral <>
List: tech-userlevel
Date: 07/15/1999 12:07:18
Garance A Drosihn wrote:
> >> One of my main freebsd machines is mainly here to run one
> >> process, which is a pretty good-sized process (>40meg).  If
> >> I did get into a memory-shortage problem, I do *not* want
> >> that process killed, I'd want some other processes killed.
> >
> > Just size your swap so that it becomes unlikely that you run out of
> > memory before a process exceeds 40Mb.
> >
> > And I mean it.
> For the moment I'll pretend that you honestly think that is an
> answer, and I'll note that the very same machine may have well
> over 100 processes each of which takes 1-2 meg of memory.  If
> the machine hits a really-out-of-memory error, I would be much
> much happier to see all 100+ of those processes killed, at once,
> than the one 40-meg process.
> Now tell me how I fix my swap under those circumstances.  If
> the answer is "buy infinite memory (ram or disk)", then we don't
> need any overcommit policy in the first place.  Note that the
> problem might be that these 100 processes start taking up 5 or
> 10 meg than the 2 meg I'm used to.

As a matter of fact, I honestly think that's an answer. If 100
processes start taking 5 or 10 meg, there is something mightly
wrong. It *won't* happen. A hostile attack may happen, which can be
dealt with limits. Running out of memory is something that happens
when you get runaway processes, when you are under attack, or when
you have a badly configured system. The first two cases are dealt
with limits.

_IF_ you have trusted accounts, they better be *trusted* accounts.
These may have runaway processes. So, you have to set up the swap to
take this into account. This is a matter of *one* process suddenly
spiking memory usage. 100 processes suddenly spiking memory usage
just *doesn't* happen. If it can happen in normal usage, then, yes,
you have to configure swap for that. It's normal usage, after all.

Infinite memory? Of course not. Just be realistic.

> I once participated in a discussion on this very list where people
> would discuss SIGDANGER with some degree of intelligence, instead
> of offhand smart-aleck remarks.  That discussion (as I remember)
> ended with the conclusion that "SIGDANGER can be useful, but there's
> a fair amount of work to do first".  My comment was actually meant as
> a follow-up to that earlier discussion, just to see if anything had
> happened to get us closer to this.

I made no offhand smart-aleck remarks. Everything I said to you I
meant seriously. I was explaining why, imo, no one was answering to
repeated mentions of SIGDANGER.

Daniel C. Sobral			(8-DCS)

	"Would you like to go out with me?"
	"I'd love to."
	"Oh, well, n... err... would you?... ahh... huh... what do I do