Re: [PATCH] cgroup: Add pids controller event when fork fails because of pid limit

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Johannes Weiner <hannes@cmpxchg.org>
To: Kenny Yu <kennyyu@fb.com>
Cc: tj@kernel.org, lizefan@huawei.com, cyphar@cyphar.com,
	cgroups@vger.kernel.org, linux-kernel@vger.kernel.org,
	kernel-team@fb.com
Subject: Re: [PATCH] cgroup: Add pids controller event when fork fails because of pid limit
Date: Tue, 21 Jun 2016 00:44:29 -0400	[thread overview]
Message-ID: <20160621044429.GA19501@cmpxchg.org> (raw)
In-Reply-To: <1466478562-1997086-1-git-send-email-kennyyu@fb.com>

On Mon, Jun 20, 2016 at 08:09:22PM -0700, Kenny Yu wrote:
> Summary:
> This patch adds more visibility into the pids controller when the controller
> rejects a fork request. Whenever fork fails because the limit on the number of
> pids in the cgroup is reached, the controller will log this and also notify the
> newly added cgroups events file. The `max` key in the events file represents
> the number of times fork failed because of the pids controller.
> 
> This change also adds an atomic boolean to prevent logging too much (e.g. a fork
> bomb). The message is logged once per cgroup until the next time the pids limit
> changes.
> 
> Signed-off-by: Kenny Yu <kennyyu@fb.com>

This makes sense to me. Hitting the cgroup PID limit right now is
somewhat ominous. A little more visibility would help.

Acked-by: Johannes Weiner <hannes@cmpxchg.org>

One comment below, but mostly a matter of preference:

> @@ -205,6 +219,17 @@ static void pids_cancel_attach(struct cgroup_taskset *tset)
>  	}
>  }
>  
> +static void pids_fork_failed_event(struct pids_cgroup *pids)
> +{
> +	atomic64_inc(&pids->events_limit);
> +	cgroup_file_notify(&pids->events_file);
> +	if (!atomic_xchg(&pids->events_limit_logged, 1)) {
> +		pr_info("cgroup: fork rejected by pids controller in ");
> +		pr_cont_cgroup_path(task_cgroup(current, pids_cgrp_id));
> +		pr_cont("\n");
> +	}
> +}
> +
>  /*
>   * task_css_check(true) in pids_can_fork() and pids_cancel_fork() relies
>   * on threadgroup_change_begin() held by the copy_process().
> @@ -213,10 +238,14 @@ static int pids_can_fork(struct task_struct *task)
>  {
>  	struct cgroup_subsys_state *css;
>  	struct pids_cgroup *pids;
> +	int err;
>  
>  	css = task_css_check(current, pids_cgrp_id, true);
>  	pids = css_pids(css);
> -	return pids_try_charge(pids, 1);
> +	err = pids_try_charge(pids, 1);
> +	if (err)
> +		pids_fork_failed_event(pids);

That function call/name seems somewhat clunky. Maybe it would be
better to inline its body directly into pids_try_charge() before
return -EAGAIN?

next prev parent reply	other threads:[~2016-06-21  4:44 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-06-21  3:09 [PATCH] cgroup: Add pids controller event when fork fails because of pid limit Kenny Yu
2016-06-21  3:09 ` Kenny Yu
2016-06-21  4:44 ` Johannes Weiner [this message]
2016-06-21 16:01   ` [PATCH v2] " Kenny Yu
2016-06-21 16:01     ` Kenny Yu
     [not found]     ` <1466524894-3303517-1-git-send-email-kennyyu-b10kYP2dOMg@public.gmane.org>
2016-06-21 16:07       ` Aleksa Sarai
2016-06-21 16:07         ` Aleksa Sarai
2016-06-21 16:34         ` Tejun Heo
     [not found]           ` <20160621163402.GI3262-qYNAdHglDFBN0TnZuCh8vA@public.gmane.org>
2016-06-21 16:56             ` [PATCH v3] " Kenny Yu
2016-06-21 16:56               ` Kenny Yu
     [not found]               ` <1466528198-3416939-1-git-send-email-kennyyu-b10kYP2dOMg@public.gmane.org>
2016-06-21 17:12                 ` Tejun Heo
2016-06-21 17:12                   ` Tejun Heo
2016-06-21 17:23                   ` Kenny Yu
     [not found]                     ` <9874B6F0-99B8-4739-B099-B7EEE99478F3-b10kYP2dOMg@public.gmane.org>
2016-06-21 17:28                       ` Tejun Heo
2016-06-21 17:28                         ` Tejun Heo
     [not found]                         ` <20160621172832.GM3262-qYNAdHglDFBN0TnZuCh8vA@public.gmane.org>
2016-06-21 17:44                           ` [PATCH v4] " Kenny Yu
2016-06-21 17:44                             ` Kenny Yu
2016-06-21 18:06                             ` Tejun Heo

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20160621044429.GA19501@cmpxchg.org \
    --to=hannes@cmpxchg.org \
    --cc=cgroups@vger.kernel.org \
    --cc=cyphar@cyphar.com \
    --cc=kennyyu@fb.com \
    --cc=kernel-team@fb.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=lizefan@huawei.com \
    --cc=tj@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.