Re: Resource Limits Architecture

Jesse Pollard (pollard@tomcat.admin.navo.hpc.mil)
Fri, 17 Sep 1999 15:20:55 -0500 (CDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Steve Dodd: "Re: Attacks bringing my system down!"
Previous message: Jamie Lokier: "Re: sigwaitinfo(), close(), siginfo_t, and user data"
Maybe in reply to: Jordan Mendelson: "Resource Limits Architecture"

From: Jordan Mendelson <jordy@wserv.com>
>Jesse Pollard wrote:
>
>> > Ouch. Now every time I want to, say, perform a page fault, the kernel
>> > has to check the process's resident set size against 7 separate limits?
>> > And update those 7 limits too, causing 7 separate cache misses if
>> > another CPU is hosting another thread of the same process and wants to
>> > do the same thing?
>> >
>> You only compare aginst the minimum of the collection, computed when a
>> job/session is started. All processes created afterwards deduct from the
>> job/session accounting structure which would have only one value per
>> resource.
>
>Exactly, you do have extra memory overhead but as I see it, each of these
>resource settings should be tunable at compile time so if you don't need
>per-user limits, you can just compile them out.
>
>Now all we need is to define every single resource we want

Here is an initial list (as from a UNICOS perspective):

gids - list of groups (access control)
acids - list of projects (accounting)
permbits - UNICOS permission bits (extended priveleges)
sitebits - UNICOS local permission bits (extended priveleges)
archlim - disk quota limit (actually a non-file-migration limit)
cpuquota - total cpu time available
jproclim[bi] - maximum number of processes
jcpulim[bi] - cpulimit
jmemlim[bi] - memory limit (virtual limit)
jfilelim[bi] - maximum file size limit
jtapelim[bi][0] - able to reserve tape drive of this type
jtapelim[bi][1..7] - more tape drive types
nice[bi] - nice value
pcpulim[bi] - per process cpu limit
pmemlim[bi] - per process memory limit
pfilelim[bi] - per process file limit (more limited quota)
jpelimit[bi] - per job number of MPP elements limit
jmpptime[bi] - per job MPP reservation time limit
pcorelim[bi] - per process core dump limit
pfdlimit[bi] - per process file id limit
jshmsegs[bi] - per job shared memory segment limit
jshmsize[bi] - per job shared memory size limit
jsocbflim[bi] - per job total socket buffer space
deflvl - MLS default level
maxlvl - MLS maximum level
minlvl - MLS minimum level
intcls - MLS integrity class
maxcls - MLS integrity class maximum
defcomps - MLS default compartment specifications
mincomps - MLS minimum compartment specifications
comparts - MLS authorized compartments
permits - special UNICOS privileges
intcat - MLS integrity categories
valcat - MLS authorized categories

The [bi] marks those resources that may be different between
batch mode and interactive.

The accounting list is the same as this, except that they are taken
from a project list rather than a user list.

The MLS and privilege references are just for information that is
also carried as part of the accounting/security package in UNICOS.
They are not immediatedly useful to Linux (other than the RSBAC and
IPsec projects.

-------------------------------------------------------------------------
Jesse I Pollard, II
Email: pollard@navo.hpc.mil

Any opinions expressed are solely my own.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Steve Dodd: "Re: Attacks bringing my system down!"
Previous message: Jamie Lokier: "Re: sigwaitinfo(), close(), siginfo_t, and user data"
Maybe in reply to: Jordan Mendelson: "Resource Limits Architecture"