* cgroup pid controller side effects
@ 2015-10-15 14:13 Robert Gierzinger
2015-10-16 17:39 ` Johannes Weiner
0 siblings, 1 reply; 3+ messages in thread
From: Robert Gierzinger @ 2015-10-15 14:13 UTC (permalink / raw)
To: cgroups-u79uwXL29TY76Z2rM5mHXA
Hi,
I have finally had time to test 4.3-rc5 especially (my greatly anticipated) process limitiation with cgroup-pids.
With bash forkbombs, it really works nice, however, I had some side effects with the forkbomb from
https://github.com/linux-vserver/util-vserver/blob/master/tests/forkbomb.c
The good thing: my test systems did not die as in previous versions during the simulated attack. But executing the file with e.g.
./forkbomb 100000 100 fork
I get "unable to fork process: Resource temporarily unavailable" on the host (e.g. while trying to have a look via "watch -n 2 cat /sys/fs/cgroup/pids/lxc/dev04/pids.current") and inside other cgroup processes. This happens with various (low) limits in the respective pids.max; also it doesn't matter whether to launch the forkbomb in a privileged or unprivileged/user-namespace cgroup.
Maybe someone could have a look, please, as this would be a real nice feature for a hosting service.
And thanks for your great work!
Best regards,
Robert
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: cgroup pid controller side effects
2015-10-15 14:13 cgroup pid controller side effects Robert Gierzinger
@ 2015-10-16 17:39 ` Johannes Weiner
[not found] ` <20151016173943.GA2162-druUgvl0LCNAfugRpC6u6w@public.gmane.org>
0 siblings, 1 reply; 3+ messages in thread
From: Johannes Weiner @ 2015-10-16 17:39 UTC (permalink / raw)
To: Robert Gierzinger; +Cc: cgroups-u79uwXL29TY76Z2rM5mHXA
Hi Robert,
On Thu, Oct 15, 2015 at 04:13:02PM +0200, Robert Gierzinger wrote:
> I have finally had time to test 4.3-rc5 especially (my greatly anticipated) process limitiation with cgroup-pids.
> With bash forkbombs, it really works nice, however, I had some side effects with the forkbomb from
> https://github.com/linux-vserver/util-vserver/blob/master/tests/forkbomb.c
>
> The good thing: my test systems did not die as in previous versions during the simulated attack. But executing the file with e.g.
> ./forkbomb 100000 100 fork
> I get "unable to fork process: Resource temporarily unavailable" on the host
It looks like this forkbomb is not waiting for its children and is
creating a whole lot of zombies.
The pids controller is currently broken in that zombies can escape
accounting completely, and the proposed fix is too invasive to go in
before 4.4. Until then, we need forkbombs to nicely cooperate with us!
Could you retry your test against the following branch?
https://git.kernel.org/cgit/linux/kernel/git/tj/cgroup.git/log/?h=for-4.4
Thanks!
Johannes
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2015-10-19 10:00 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-10-15 14:13 cgroup pid controller side effects Robert Gierzinger
2015-10-16 17:39 ` Johannes Weiner
[not found] ` <20151016173943.GA2162-druUgvl0LCNAfugRpC6u6w@public.gmane.org>
2015-10-19 10:00 ` Robert Gierzinger
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox