On Wed, 17 May 2017, Michal Hocko wrote: > > If you have screwy things like static mbinds in there then you are > > hopelessly lost anyways. You may have moved the process to another set > > of nodes but the static bindings may refer to a node no longer > > available. Thus the OOM is legitimate. > > The point is that you do _not_ want such a process to trigger the OOM > because it can cause other processes being killed. Nope. The OOM in a cpuset gets the process doing the alloc killed. Or what that changed? At this point you have messed up royally and nothing is going to rescue you anyways. OOM or not does not matter anymore. The app will fail. > > At least a user space app could inspect > > the situation and come up with custom ways of dealing with the mess. > > I do not really see how would this help to prevent a malicious user from > playing tricks. How did a malicious user come into this? Of course you can mess up in significant ways if you can overflow nodes and cause an app that has restrictions to fail but nothing is going to change that. -- To unsubscribe from this list: send the line "unsubscribe cgroups" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html