From: Daniel Lezcano <daniel.lezcano-GANU6spQydw@public.gmane.org>
To: Frederic Weisbecker <fweisbec-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
Cc: "Aditya Kali"
<adityakali-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>,
"Daniel P. Berrange"
<berrange-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
"Max Kellermann" <mk-xMchvyqCc6DQT0dZR+AlfA@public.gmane.org>,
"Tim Hockin" <thockin-Rl2oBbRerpQdnm+yROfE0A@public.gmane.org>,
"Glauber Costa" <glommer-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>,
"Paul Menage" <paul-inf54ven1CmVyaH7bEyXVA@public.gmane.org>,
"Daniel J Walsh" <dwalsh-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
LKML <linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
"Oleg Nesterov" <oleg-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
"Ulli Horlacher"
<framstag-otB+qtk3XKcL63KmMnjC+CEWGD4kr0XT@public.gmane.org>,
"Johannes Weiner"
<hannes-druUgvl0LCNAfugRpC6u6w@public.gmane.org>,
"Tejun Heo" <tj-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>,
Cgroups <cgroups-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
"Andrew Morton"
<akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org>,
Containers
<containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org>,
"Mandeep Singh Baines"
<msb-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org>,
"Papp Tamás" <tompos-Rh2PkUZwdwxYmEVqv0PRRg@public.gmane.org>
Subject: Re: [PATCH 00/10] cgroups: Task counter subsystem v8
Date: Thu, 01 Mar 2012 23:53:24 +0100 [thread overview]
Message-ID: <4F4FFDE4.8050908@free.fr> (raw)
In-Reply-To: <20120202145000.GC9071-oHC15RC7JGTpAmv0O++HtFaTQe2KTcn/@public.gmane.org>
On 02/02/2012 03:50 PM, Frederic Weisbecker wrote:
> On Wed, Feb 01, 2012 at 11:51:07AM -0800, Andrew Morton wrote:
>> On Wed, 1 Feb 2012 19:50:01 +0100
>> Frederic Weisbecker<fweisbec-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>>
>>> On Wed, Feb 01, 2012 at 08:31:26AM -0800, Tejun Heo wrote:
>>>> On Wed, Feb 01, 2012 at 04:37:40AM +0100, Frederic Weisbecker wrote:
>>>>> Changes In this version:
>>>>>
>>>>> - Split 32/64 bits version of res_counter_write_u64() [1/10]
>>>>> Courtesy of Kirill A. Shutemov
>>>>>
>>>>> - Added Kirill's ack [8/10]
>>>>>
>>>>> - Added selftests [9/10], [10/10]
>>>>>
>>>>> Please consider for merging. At least two users want this feature:
>>>> Has there been further discussion about this approach? IIRC, we
>>>> weren't sure whether this should be merged.
>>> The doubts I have noticed were:
>>>
>>> Q: Can't we rather focus on a global solution to fight forkbombs?
>>>
>>> If we can find a reliable solution that works in any case and that
>>> prevent from any forkbomb to impact the rest of the system then it
>>> may be an acceptable solution. But I'm not aware of such feature.
>>>
>>> Besides, another point in having this task counter is that we
>>> have a per container limit. Assuming all containers are running under
>>> the same user, we can protect against a container starving all others
>>> with a massive amount of processes close to the NR_PROC rlimit.
>>>
>>> Q: Can/should we implement a limitation on the number of "fork" as well?
>>> (as in https://lkml.org/lkml/2011/11/3/233 )
>>>
>>> I'm still not sure about why such a thing is needed. Is it really something we
>>> want? Why can't the task counter be used instead?
>>>
>>> I need more details from the author of this patch. But I doubt we can merge
>>> both subsystems, they have pretty different semantics.
>> What I struggle with is "is this feature useful enough to warrant
>> merging it"?
> The reason why I've been working on it is because we need this feature
> (at least) for LXC.
This feature is a recurrent request from the users of LXC. Recently, a
container administrator complained an user was able to crash the entire
host from a container.
http://sourceforge.net/mailarchive/message.php?msg_id=28915923
This feature is really useful to make the containers secure.
-- Daniel
>
> Two people from our teams have jumped onto the discussion to express
> that they want this feature and why:
>
> https://lkml.org/lkml/2011/12/13/309
> https://lkml.org/lkml/2011/12/13/364
> _______________________________________________
> Containers mailing list
> Containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org
> https://lists.linuxfoundation.org/mailman/listinfo/containers
>
WARNING: multiple messages have this Message-ID (diff)
From: Daniel Lezcano <daniel.lezcano@free.fr>
To: Frederic Weisbecker <fweisbec@gmail.com>
Cc: "Andrew Morton" <akpm@linux-foundation.org>,
"Aditya Kali" <adityakali@google.com>,
"Daniel P. Berrange" <berrange@redhat.com>,
"Max Kellermann" <mk@cm4all.com>,
"Tim Hockin" <thockin@hockin.org>,
"Glauber Costa" <glommer@gmail.com>,
"Paul Menage" <paul@paulmenage.org>,
"Daniel J Walsh" <dwalsh@redhat.com>,
LKML <linux-kernel@vger.kernel.org>,
"Oleg Nesterov" <oleg@redhat.com>,
"Mandeep Singh Baines" <msb@chromium.org>,
Cgroups <cgroups@vger.kernel.org>,
"Johannes Weiner" <hannes@cmpxchg.org>,
"Tejun Heo" <tj@kernel.org>,
Containers <containers@lists.linux-foundation.org>,
"Papp Tamás" <tompos@martos.bme.hu>,
"Ulli Horlacher" <framstag@rus.uni-stuttgart.de>
Subject: Re: [PATCH 00/10] cgroups: Task counter subsystem v8
Date: Thu, 01 Mar 2012 23:53:24 +0100 [thread overview]
Message-ID: <4F4FFDE4.8050908@free.fr> (raw)
In-Reply-To: <20120202145000.GC9071@somewhere.redhat.com>
On 02/02/2012 03:50 PM, Frederic Weisbecker wrote:
> On Wed, Feb 01, 2012 at 11:51:07AM -0800, Andrew Morton wrote:
>> On Wed, 1 Feb 2012 19:50:01 +0100
>> Frederic Weisbecker<fweisbec@gmail.com> wrote:
>>
>>> On Wed, Feb 01, 2012 at 08:31:26AM -0800, Tejun Heo wrote:
>>>> On Wed, Feb 01, 2012 at 04:37:40AM +0100, Frederic Weisbecker wrote:
>>>>> Changes In this version:
>>>>>
>>>>> - Split 32/64 bits version of res_counter_write_u64() [1/10]
>>>>> Courtesy of Kirill A. Shutemov
>>>>>
>>>>> - Added Kirill's ack [8/10]
>>>>>
>>>>> - Added selftests [9/10], [10/10]
>>>>>
>>>>> Please consider for merging. At least two users want this feature:
>>>> Has there been further discussion about this approach? IIRC, we
>>>> weren't sure whether this should be merged.
>>> The doubts I have noticed were:
>>>
>>> Q: Can't we rather focus on a global solution to fight forkbombs?
>>>
>>> If we can find a reliable solution that works in any case and that
>>> prevent from any forkbomb to impact the rest of the system then it
>>> may be an acceptable solution. But I'm not aware of such feature.
>>>
>>> Besides, another point in having this task counter is that we
>>> have a per container limit. Assuming all containers are running under
>>> the same user, we can protect against a container starving all others
>>> with a massive amount of processes close to the NR_PROC rlimit.
>>>
>>> Q: Can/should we implement a limitation on the number of "fork" as well?
>>> (as in https://lkml.org/lkml/2011/11/3/233 )
>>>
>>> I'm still not sure about why such a thing is needed. Is it really something we
>>> want? Why can't the task counter be used instead?
>>>
>>> I need more details from the author of this patch. But I doubt we can merge
>>> both subsystems, they have pretty different semantics.
>> What I struggle with is "is this feature useful enough to warrant
>> merging it"?
> The reason why I've been working on it is because we need this feature
> (at least) for LXC.
This feature is a recurrent request from the users of LXC. Recently, a
container administrator complained an user was able to crash the entire
host from a container.
http://sourceforge.net/mailarchive/message.php?msg_id=28915923
This feature is really useful to make the containers secure.
-- Daniel
>
> Two people from our teams have jumped onto the discussion to express
> that they want this feature and why:
>
> https://lkml.org/lkml/2011/12/13/309
> https://lkml.org/lkml/2011/12/13/364
> _______________________________________________
> Containers mailing list
> Containers@lists.linux-foundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/containers
>
next prev parent reply other threads:[~2012-03-01 22:53 UTC|newest]
Thread overview: 80+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-02-01 3:37 [PATCH 00/10] cgroups: Task counter subsystem v8 Frederic Weisbecker
2012-02-01 3:37 ` Frederic Weisbecker
[not found] ` <1328067470-5980-1-git-send-email-fweisbec-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2012-02-01 3:37 ` [PATCH 01/10] cgroups: add res_counter_write_u64() API Frederic Weisbecker
2012-02-01 3:37 ` Frederic Weisbecker
[not found] ` <1328067470-5980-2-git-send-email-fweisbec-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2012-02-02 12:33 ` Kirill A. Shutemov
2012-02-02 12:33 ` Kirill A. Shutemov
2012-02-02 12:33 ` Kirill A. Shutemov
[not found] ` <20120202123322.GA12748-oKw7cIdHH8eLwutG50LtGA@public.gmane.org>
2012-02-02 13:56 ` Frederic Weisbecker
2012-02-02 13:56 ` Frederic Weisbecker
2012-02-01 3:37 ` [PATCH 02/10] cgroups: new resource counter inheritance API Frederic Weisbecker
2012-02-01 3:37 ` Frederic Weisbecker
2012-02-01 3:37 ` [PATCH 03/10] cgroups: ability to stop res charge propagation on bounded ancestor Frederic Weisbecker
2012-02-01 3:37 ` Frederic Weisbecker
2012-02-01 3:37 ` [PATCH 04/10] cgroups: add res counter common ancestor searching Frederic Weisbecker
2012-02-01 3:37 ` Frederic Weisbecker
2012-02-01 3:37 ` [PATCH 05/10] res_counter: allow charge failure pointer to be null Frederic Weisbecker
2012-02-01 3:37 ` Frederic Weisbecker
2012-02-01 3:37 ` [PATCH 06/10] cgroups: pull up res counter charge failure interpretation to caller Frederic Weisbecker
2012-02-01 3:37 ` Frederic Weisbecker
2012-02-01 3:37 ` [PATCH 07/10] cgroups: allow subsystems to cancel a fork Frederic Weisbecker
2012-02-01 3:37 ` Frederic Weisbecker
2012-02-01 3:37 ` [PATCH 08/10] cgroups: Add a task counter subsystem Frederic Weisbecker
2012-02-01 3:37 ` Frederic Weisbecker
2012-02-01 3:37 ` [PATCH 09/10] selftests: Enter each directories before executing selftests Frederic Weisbecker
2012-02-01 3:37 ` Frederic Weisbecker
2012-02-01 3:37 ` [PATCH 10/10] selftests: Add a new task counter selftest Frederic Weisbecker
2012-02-01 3:37 ` Frederic Weisbecker
2012-02-01 16:31 ` [PATCH 00/10] cgroups: Task counter subsystem v8 Tejun Heo
2012-02-01 16:31 ` Tejun Heo
[not found] ` <20120201163126.GA19837-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
2012-02-01 18:50 ` Frederic Weisbecker
2012-02-01 18:50 ` Frederic Weisbecker
[not found] ` <20120201184959.GH6731-oHC15RC7JGTpAmv0O++HtFaTQe2KTcn/@public.gmane.org>
2012-02-01 19:51 ` Andrew Morton
2012-02-01 19:51 ` Andrew Morton
[not found] ` <20120201115107.93e11471.akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org>
2012-02-02 14:50 ` Frederic Weisbecker
2012-02-02 14:50 ` Frederic Weisbecker
[not found] ` <20120202145000.GC9071-oHC15RC7JGTpAmv0O++HtFaTQe2KTcn/@public.gmane.org>
2012-02-16 15:31 ` Frederic Weisbecker
2012-02-16 15:31 ` Frederic Weisbecker
2012-03-01 22:53 ` Daniel Lezcano [this message]
2012-03-01 22:53 ` Daniel Lezcano
[not found] ` <4F4FFDE4.8050908-GANU6spQydw@public.gmane.org>
2012-03-05 3:21 ` Frederic Weisbecker
2012-03-05 3:21 ` Frederic Weisbecker
[not found] ` <20120305032130.GD18143-oHC15RC7JGTpAmv0O++HtFaTQe2KTcn/@public.gmane.org>
2012-03-05 16:26 ` Tejun Heo
2012-03-05 16:26 ` Tejun Heo
[not found] ` <20120305162652.GO22536-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
2012-03-05 16:27 ` Tejun Heo
2012-03-05 16:27 ` Tejun Heo
2012-03-05 16:27 ` Tejun Heo
[not found] ` <20120305162739.GP22536-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
2012-03-05 16:48 ` Frederic Weisbecker
2012-03-05 16:48 ` Frederic Weisbecker
2012-03-05 16:48 ` Frederic Weisbecker
2012-03-05 3:21 ` Frederic Weisbecker
2012-02-02 14:50 ` Frederic Weisbecker
2012-03-05 16:44 ` Rik van Riel
2012-03-05 16:44 ` Rik van Riel
2013-04-01 18:43 ` Tim Hockin
2013-04-01 18:43 ` Tim Hockin
2013-04-01 18:43 ` Tim Hockin
[not found] ` <CAAAKZwv9=NFmt6xj1KF2va1i6=UCvka0YkmdOY9JNUMHDOWpGw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2013-04-01 18:46 ` Tejun Heo
2013-04-01 18:46 ` Tejun Heo
[not found] ` <20130401184617.GB31435-Gd/HAXX7CRxy/B6EtB590w@public.gmane.org>
2013-04-01 20:09 ` Tim Hockin
2013-04-01 20:09 ` Tim Hockin
[not found] ` <CAAAKZwvemKDLeuKr6wWMUSVczkRVDZKSzYrXXEMcZ8qvcFR0zQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2013-04-01 20:29 ` Tejun Heo
2013-04-01 20:29 ` Tejun Heo
[not found] ` <20130401202943.GC31435-Gd/HAXX7CRxy/B6EtB590w@public.gmane.org>
2013-04-01 21:02 ` Tim Hockin
2013-04-01 21:02 ` Tim Hockin
2013-04-01 21:02 ` Tim Hockin
[not found] ` <CAAAKZwuZwN68vtk1qO08GXB_OnQNVtqqp+v_NQfP27W0P_aWZw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2013-04-01 22:03 ` Tejun Heo
2013-04-01 22:03 ` Tejun Heo
2013-04-01 22:03 ` Tejun Heo
[not found] ` <20130401220309.GA2487-Gd/HAXX7CRxy/B6EtB590w@public.gmane.org>
2013-04-01 22:20 ` Tim Hockin
2013-04-01 22:20 ` Tim Hockin
[not found] ` <CAAAKZwuev7Y58ZQNtG+XdFRt0=NedD7zbYTAZbJ95ahBKLVhKA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2013-04-01 22:35 ` Tejun Heo
2013-04-01 22:35 ` Tejun Heo
[not found] ` <20130401223500.GB2487-Gd/HAXX7CRxy/B6EtB590w@public.gmane.org>
2013-04-01 22:57 ` Tim Hockin
2013-04-01 22:57 ` Tim Hockin
[not found] ` <CAAAKZwvdMUAZ+N5d-cdCJbKUq=t9M6BbCxzOTWnVQQBrg55vhw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2013-04-01 23:18 ` Tejun Heo
2013-04-01 23:18 ` Tejun Heo
[not found] ` <20130401231824.GC2487-Gd/HAXX7CRxy/B6EtB590w@public.gmane.org>
2013-04-02 0:07 ` Tim Hockin
2013-04-02 0:07 ` Tim Hockin
2013-04-01 20:09 ` Tim Hockin
2013-04-01 18:46 ` Tejun Heo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4F4FFDE4.8050908@free.fr \
--to=daniel.lezcano-ganu6spqydw@public.gmane.org \
--cc=adityakali-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org \
--cc=akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org \
--cc=berrange-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=cgroups-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
--cc=dwalsh-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=framstag-otB+qtk3XKcL63KmMnjC+CEWGD4kr0XT@public.gmane.org \
--cc=fweisbec-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
--cc=glommer-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
--cc=hannes-druUgvl0LCNAfugRpC6u6w@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=mk-xMchvyqCc6DQT0dZR+AlfA@public.gmane.org \
--cc=msb-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org \
--cc=oleg-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=paul-inf54ven1CmVyaH7bEyXVA@public.gmane.org \
--cc=thockin-Rl2oBbRerpQdnm+yROfE0A@public.gmane.org \
--cc=tj-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org \
--cc=tompos-Rh2PkUZwdwxYmEVqv0PRRg@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.