From: Frederic Weisbecker <fweisbec@gmail.com>
To: Andrew Morton <akpm00@gmail.com>,
Johannes Weiner <hannes@cmpxchg.org>,
Rik van Riel <riel@redhat.com>,
"Daniel J. Walsh" <dwalsh@redhat.com>,
"Daniel P. Berrange" <berrange@redhat.com>
Cc: LKML <linux-kernel@vger.kernel.org>,
Paul Menage <paul@paulmenage.org>, Li Zefan <lizf@cn.fujitsu.com>,
Aditya Kali <adityakali@google.com>,
Oleg Nesterov <oleg@redhat.com>,
Kay Sievers <kay.sievers@vrfy.org>,
Tim Hockin <thockin@hockin.org>, Tejun Heo <tj@kernel.org>,
"Kirill A. Shutemov" <kirill@shutemov.name>,
Containers <containers@lists.linux-foundation.org>,
Andrew Morton <akpm@linux-foundation.org>
Subject: Re: [PATCH 00/10] cgroups: Task counter subsystem v6
Date: Tue, 11 Oct 2011 15:40:28 +0200 [thread overview]
Message-ID: <20111011134022.GA16777@somewhere.redhat.com> (raw)
In-Reply-To: <20111004150111.e9337268.akpm00@gmail.com>
On Tue, Oct 04, 2011 at 03:01:11PM -0700, Andrew Morton wrote:
> On Mon, 3 Oct 2011 21:07:02 +0200
> Frederic Weisbecker <fweisbec@gmail.com> wrote:
>
> > Hi Andrew,
> >
> > This contains minor changes, mostly documentation and changelog
> > updates, off-case build fix, and a code optimization in
> > res_counter_common_ancestor().
>
> I'd normally duck a patch series like this when we're at -rc8 and ask
> for it to be resent late in -rc1. But I was feeling frisky so I
> grabbed this lot for a bit of testing and will sit on it until -rc1.
>
> I'm still not convinced that the kernel has a burning need for a "task
> counter subsystem". Someone convince me that we should merge this!
(Adding more people in Cc with whom I discussed this and who got
nice insights about the issues and the needs).
In practice we need it for Lxc to secure containers. Since you wrote
me that email last week I've tried to think more about another
solution to protect containers against forkbomb by reusing an exisiting
feature instead of pushing a new subsystem and ABI.
So I've been thinking about using user namespaces. The idea is
to create the container with a process forked with CLONE_NEWUSER
such that its NR_PROC rlimit only applies to it and its children.
This way we can have our per container limitation given we have
one namespace per container.
But discussing this with other people, this doesn't work anymore
as soon as we want to contain privilege processes or multi-user
applications. Privilege processes can spawn new users at will
and with multi-user we can't anymore have a global limit over
the container.
As far as I explored the issue, discussing this with lxc guys,
having that limit per cgroup is the only thing that seem to
work in any case.
But if somebody finds another way to solve that with existing
features or something more simple, I'll be happy to drop this
patchset.
>
> > It's hard to put some statistic numbers while testing this feature
> > given that the result is rather binary: we launch a forkbomb and
> > either we stop and kill it or the system become unresponsive.
> >
> > Meanwhile, one can find a testsuite at this address:
> > https://tglx.de/~fweisbec/task_counter_test.tar.gz
>
> I do think that we should merge tests like this into the main tree. So
> I can do "cd tests ; make ; ./run-tests". The first step is for some hero
> to propose the (simple!) framework and to drop a first test in there.
I can do that. Some general tools/test/ directory that can host this one
and more.
> > It performs several checks to ensure the interface and the behaviour
> > are reliable after common events like moving tasks around over cgroups
> > in a hierarchy, forking inside, etc.. It also launches a forkbomb,
> > tries to stop and kill it. So beware, don't run it on a system that
> > is doing serious things.
>
> Good stuff, that. Then, when people propose additions or fix bugs, I can
> whine at them for not updating the test suite.
>
> > Ensure you have CGROUP_TASK_COUNTER set
> > before, or it may compress the Ten Plagues in your MBR and
> > inflate the whole after your next reboot.
>
> That problem would need to be fixed. Either probe for the feature
> up-front, or don't build the test at all if CONFIG_CGROUP_TASK_COUNTER=n.
>
Agreed. The simplest is to try to mount this subsystem and just give
up the test if we can't.
Will fix.
Thanks.
next prev parent reply other threads:[~2011-10-11 13:40 UTC|newest]
Thread overview: 61+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-10-03 19:07 [PATCH 00/10] cgroups: Task counter subsystem v6 Frederic Weisbecker
2011-10-03 19:07 ` [PATCH 01/10] cgroups: Add res_counter_write_u64() API Frederic Weisbecker
2011-10-04 0:17 ` Kirill A. Shutemov
2011-10-11 13:44 ` Frederic Weisbecker
2011-10-03 19:07 ` [PATCH 02/10] cgroups: New resource counter inheritance API Frederic Weisbecker
2011-10-04 0:20 ` Kirill A. Shutemov
2011-10-03 19:07 ` [PATCH 03/10] cgroups: Add previous cgroup in can_attach_task/attach_task callbacks Frederic Weisbecker
2011-10-04 0:22 ` Kirill A. Shutemov
2011-10-03 19:07 ` [PATCH 04/10] cgroups: New cancel_attach_task subsystem callback Frederic Weisbecker
2011-10-04 0:27 ` Kirill A. Shutemov
2011-10-03 19:07 ` [PATCH 05/10] cgroups: Ability to stop res charge propagation on bounded ancestor Frederic Weisbecker
2011-10-04 0:41 ` Kirill A. Shutemov
2011-10-03 19:07 ` [PATCH 06/10] cgroups: Add res counter common ancestor searching Frederic Weisbecker
2011-10-03 19:07 ` [PATCH 07/10] res_counter: Allow charge failure pointer to be null Frederic Weisbecker
2011-10-04 1:30 ` Kirill A. Shutemov
2011-10-03 19:07 ` [PATCH 08/10] cgroups: Pull up res counter charge failure interpretation to caller Frederic Weisbecker
2011-10-04 1:32 ` Kirill A. Shutemov
2011-10-03 19:07 ` [PATCH 09/10] cgroups: Allow subsystems to cancel a fork Frederic Weisbecker
2011-10-04 1:38 ` Kirill A. Shutemov
2011-10-03 19:07 ` [PATCH 10/10] cgroups: Add a task counter subsystem Frederic Weisbecker
2011-10-06 9:23 ` Kirill A. Shutemov
2011-10-11 13:41 ` Frederic Weisbecker
2011-10-04 22:01 ` [PATCH 00/10] cgroups: Task counter subsystem v6 Andrew Morton
2011-10-11 13:40 ` Frederic Weisbecker [this message]
2011-10-25 20:06 ` Tim Hockin
[not found] ` <CAAAKZwu67VMiZgdpp=i5p7zyGbOHGHXwF_iprufGPzTLkkUF2A-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2011-10-28 23:30 ` Andrew Morton
2011-10-28 23:30 ` Andrew Morton
[not found] ` <20111028163021.1ce61f8a.akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org>
2011-10-29 9:38 ` Glauber Costa
2011-10-29 9:38 ` Glauber Costa
[not found] ` <CAA6-i6o0SPfZJDx4SRR1hY-He0L6zHuv0saH6EaE7Mrc2HF6PA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2011-11-03 16:49 ` Frederic Weisbecker
2011-11-03 16:49 ` Frederic Weisbecker
[not found] ` <20111103164917.GF8198-oHC15RC7JGTpAmv0O++HtFaTQe2KTcn/@public.gmane.org>
2011-11-03 16:58 ` Glauber Costa
2011-11-03 16:58 ` Glauber Costa
[not found] ` <4EB2C852.6020706-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>
2011-11-03 17:02 ` Paul Menage
2011-11-03 17:02 ` Paul Menage
[not found] ` <CALdu-PDY8zpXYM3V9KRk4f2NyGevfNnuaWVdoT-qzSHOK--K3A-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2011-11-03 17:06 ` Glauber Costa
2011-11-03 17:06 ` Glauber Costa
[not found] ` <4EB2CA03.7030601-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>
2011-11-03 17:28 ` Paul Menage
2011-11-03 17:28 ` Paul Menage
[not found] ` <CALdu-PA2CDoeUMoNd1y44p_QzphX8J4s6NDcSyVC-rP1HGYwkA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2011-11-03 17:35 ` Glauber Costa
2011-11-03 17:35 ` Glauber Costa
[not found] ` <4EB2D0F2.40309-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>
2011-11-03 17:56 ` Paul Menage
2011-11-03 17:56 ` Paul Menage
[not found] ` <CALdu-PDbJ69FayXSd-kjAMX8AKEroZytPapxsUn8GFsz-z1omQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2011-11-04 13:17 ` Glauber Costa
2011-11-04 13:17 ` Glauber Costa
2011-11-03 17:00 ` Frederic Weisbecker
2011-11-03 17:00 ` Frederic Weisbecker
[not found] ` <20111103170038.GG8198-oHC15RC7JGTpAmv0O++HtFaTQe2KTcn/@public.gmane.org>
2011-11-04 2:57 ` Li Zefan
2011-11-04 2:57 ` Li Zefan
[not found] ` <4EB3549D.5090404-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org>
2011-11-04 12:37 ` Frederic Weisbecker
2011-11-04 12:37 ` Frederic Weisbecker
2011-10-06 6:51 ` Li Zefan
2011-10-11 13:41 ` Frederic Weisbecker
[not found] ` <1317668832-10784-1-git-send-email-fweisbec-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2011-12-13 15:58 ` Tejun Heo
2011-12-13 15:58 ` Tejun Heo
[not found] ` <20111213155848.GI25802-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
2011-12-13 19:06 ` Frederic Weisbecker
2011-12-13 19:06 ` Frederic Weisbecker
[not found] ` <20111213190642.GB2421-oHC15RC7JGTpAmv0O++HtFaTQe2KTcn/@public.gmane.org>
2011-12-13 20:49 ` Tejun Heo
2011-12-13 20:49 ` Tejun Heo
[not found] ` <20111213204918.GK25802-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
2011-12-14 15:07 ` Frederic Weisbecker
2011-12-14 15:07 ` Frederic Weisbecker
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20111011134022.GA16777@somewhere.redhat.com \
--to=fweisbec@gmail.com \
--cc=adityakali@google.com \
--cc=akpm00@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=berrange@redhat.com \
--cc=containers@lists.linux-foundation.org \
--cc=dwalsh@redhat.com \
--cc=hannes@cmpxchg.org \
--cc=kay.sievers@vrfy.org \
--cc=kirill@shutemov.name \
--cc=linux-kernel@vger.kernel.org \
--cc=lizf@cn.fujitsu.com \
--cc=oleg@redhat.com \
--cc=paul@paulmenage.org \
--cc=riel@redhat.com \
--cc=thockin@hockin.org \
--cc=tj@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.