From: Robert Love <rml@tech9.net>
To: Andreas Dilger <adilger@turbolabs.com>
Cc: linux-kernel@vger.kernel.org
Subject: Re: [PATCH] proc-based cpu affinity user interface
Date: 27 Nov 2001 01:40:48 -0500 [thread overview]
Message-ID: <1006843248.971.21.camel@phantasy> (raw)
In-Reply-To: <20011126232515.V730@lynx.no>
In-Reply-To: <1006831902.842.0.camel@phantasy> <20011126232515.V730@lynx.no>
On Tue, 2001-11-27 at 01:25, Andreas Dilger wrote:
> On Nov 26, 2001 22:31 -0500, Robert Love wrote:
> > Reading and writing /proc/<pid>/affinity will get and set the affinity.
> >
> > Security is implemented: the writer must possess CAP_SYS_NICE or be the
> > same uid as the task in question. Anyone can read the data.
>
> Hmm, now that I think about it, anyone should be able to restrict the
> CPUs that their processes should run on, but like "nice", you should
> have CAP_SYS_NICE in order to increase the number of CPUs your process
> can run on. This makes it possible to "throttle" a user so that they
> can only max out a single CPU.
>
> Why would you do that? Maybe because "ulimit" and friends only allow
> you to set an absolute limit on the number of CPU seconds you can use
> per process, but not a "percentage" of a processor or some equivalent
> "cycles per second" unit.
>
> Not that I see this as being hugely necessary, but it may as well be
> consistent with current behaviour (c.f. nice, ulimit, etc, can all go
> down, but not necessarily up).
I thought about this too, and I realized that cpus_allowed is by default
0xffffffff (i.e., all procs in the system). That means this is only an
issue when the administrator explicitly changed affinity.
And that would occur in the situation you describe ... personally, I
think users should be able to set their masks but I completely see your
argument.
I suppose we could count the bits in cpus_allowed and make sure they are
less than or equal to the new_mask bits. This seems overkill, though.
We could just not allow users to change their own affinity without
CAP_SYS_NICE, and allow root to do anything (via CAP_SYS_ADMIN).
Anyone else have an opinion?
Robert Love
next prev parent reply other threads:[~2001-11-27 6:40 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2001-11-27 3:31 [PATCH] proc-based cpu affinity user interface Robert Love
2001-11-27 3:52 ` Davide Libenzi
2001-11-27 4:14 ` Robert Love
2001-11-27 4:39 ` Davide Libenzi
2001-11-27 4:48 ` Davide Libenzi
2001-11-27 14:17 ` Ingo Molnar
2001-11-27 16:49 ` Davide Libenzi
2001-11-27 18:46 ` Ingo Molnar
2001-11-27 4:37 ` Anton Blanchard
2001-11-27 5:08 ` Robert Love
2001-11-27 5:42 ` Tim Hockin
2001-11-27 6:25 ` Andreas Dilger
2001-11-27 6:40 ` Robert Love [this message]
2001-11-27 11:52 ` Ingo Molnar
2001-11-27 10:10 ` Alan Cox
2001-11-27 14:21 ` Ingo Molnar
2001-11-27 20:44 ` Robert Love
-- strict thread matches above, loose matches on Subject: below --
2001-11-27 20:23 Matthew Dobson
2001-12-10 8:33 ` Albert D. Cahalan
2001-12-10 8:40 ` Robert Love
2001-12-10 9:37 ` Albert D. Cahalan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1006843248.971.21.camel@phantasy \
--to=rml@tech9.net \
--cc=adilger@turbolabs.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox