Re: [PATCH 1/6] cgroup: add cgroup.isolation_root flag entry to the cgroup filesystem

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Witold Krecicki <wpk@culm.net>
To: Paul Menage <paul@paulmenage.org>
Cc: Li Zefan <lizf@cn.fujitsu.com>,
	containers@lists.linux-foundation.org,
	linux-kernel@vger.kernel.org
Subject: Re: [PATCH 1/6] cgroup: add cgroup.isolation_root flag entry to the cgroup filesystem
Date: Thu, 20 Oct 2011 15:20:44 +0200	[thread overview]
Message-ID: <201110201520.45234.wpk@culm.net> (raw)
In-Reply-To: <CALdu-PDeW4PfGPePv6gUNihq1J0kKKWEm=6jm5OphcQY9+Jnvg@mail.gmail.com>

Dnia czwartek, 20 października 2011 o 12:12:37 Paul Menage napisał(a):
> On Fri, Sep 30, 2011 at 4:36 AM, Witold Krecicki <wpk@culm.net> wrote:
> > + */
> > +static struct cgroup *cgroup_get_isolation_root(struct cgroup *cgrp)
> > +{
> > +       for (;;) {
> > +               if (!cgrp)
> > +                       return NULL;
> > +               if (isolation_root(cgrp))
> > +                       return cgrp;
> > +               cgrp = cgrp->parent;
> > +       }
> > +       return NULL;
> > +}
> 
> What are the locking requirements for cgroup_get_isolation_root?

IMHO none - this function is performed only if there is a task in a cgroup, so 
cgroup cannot be removed (and a task cannot leave cgroup) - also, you cannot 
change isolation_root flag if the isolation_root is busy. 


In here we really need locking, after fixes:
static int cgroup_isolation_root_write(struct cgroup *cgrp,
                                     struct cftype *cft, 
                                     u64 val)
{
        if (cgrp->parent == NULL)
                return -EPERM; 
        cgroup_lock();
        if (atomic_read(&cgrp->count) || !list_empty(&cgrp->children)) {
                cgroup_unlock();
                return -EBUSY;
        }
        if (val)
                set_bit(CGRP_ISOLATION_ROOT, &cgrp->flags);
        else
                clear_bit(CGRP_ISOLATION_ROOT, &cgrp->flags);
        cgroup_unlock();
        return 0;
}
> Arguably we need  to take a lock in these two functions, both to guard
> against racing with a creation of a child cgroup or moving in a task
> while trying to set its isolation root flag, and to synchronize
> readers and writers of the flag. But to be honest I think we can say
> that this is one of those cases where we can say that the sysadmin is
> dumb enough to have races between his container setup code and his
> container population code the result is undefined, as long as we don't
> actually crash or leak :-)
I guess that fixes that problem?
-- 
WK

next prev parent reply	other threads:[~2011-10-20 13:20 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-09-30 11:36 [PATCH 0/6] cgroup: add isolation_root flag, poor man's namespaces for cgroups Witold Krecicki
2011-09-30 11:36 ` [PATCH 1/6] cgroup: add cgroup.isolation_root flag entry to the cgroup filesystem Witold Krecicki
2011-10-20 10:12   ` Paul Menage
2011-10-20 13:20     ` Witold Krecicki [this message]
2011-09-30 11:36 ` [PATCH 2/6] cgroup: make 'cgroup_is_descendant' function take cgroup as a 'descendant of' argument Witold Krecicki
2011-09-30 11:36 ` [PATCH 3/6] cgroup: add 'root' parameter to cgroup_path function Witold Krecicki
2011-09-30 13:48   ` Witold Krecicki
2011-09-30 11:36 ` [PATCH 4/6] cgroup: disallow task from leaving cgroup isolated root Witold Krecicki
2011-09-30 11:36 ` [PATCH 5/6] cgroup: make cgroup filesystem mounts performed by task inside isolation root see its isolation root as top cgroup Witold Krecicki
2011-09-30 11:36 ` [PATCH 6/6] cgroup: documentation of isolation_root cgroup flag Witold Krecicki
     [not found] ` <CA+RrjuVOhmkMLinMkiN3pr5Yea6pBA+XNQVQ=h2bMo66VpCixg@mail.gmail.com>
2011-10-13  7:05   ` [PATCH 0/6] cgroup: add isolation_root flag, poor man's namespaces for cgroups Witold Krecicki
2011-10-20 10:11 ` Paul Menage
2011-10-20 10:25   ` Witold Krecicki
2011-10-20 10:38     ` Paul Menage

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=201110201520.45234.wpk@culm.net \
    --to=wpk@culm.net \
    --cc=containers@lists.linux-foundation.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=lizf@cn.fujitsu.com \
    --cc=paul@paulmenage.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.