From: Frederic Weisbecker <fweisbec@gmail.com>
To: Glauber Costa <glommer@parallels.com>
Cc: Johannes Weiner <hannes@cmpxchg.org>,
Hugh Dickins <hughd@google.com>,
Andrew Morton <akpm@linux-foundation.org>,
KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>,
Tejun Heo <tj@kernel.org>, Daniel Walsh <dwalsh@redhat.com>,
"Daniel P. Berrange" <berrange@redhat.com>,
Li Zefan <lizf@cn.fujitsu.com>,
LKML <linux-kernel@vger.kernel.org>,
Cgroups <cgroups@vger.kernel.org>,
Containers <containers@lists.linux-foundation.org>
Subject: Re: [RFD] Merge task counter into memcg
Date: Thu, 12 Apr 2012 18:59:27 +0200 [thread overview]
Message-ID: <20120412165922.GA12484@somewhere.redhat.com> (raw)
In-Reply-To: <4F87042A.2000902@parallels.com>
On Thu, Apr 12, 2012 at 01:34:50PM -0300, Glauber Costa wrote:
> On 04/12/2012 11:55 AM, Frederic Weisbecker wrote:
> >I don't know how the kernel stack is allocated for tasks. Do you mean
> >that we allocate a chunck of it for each new task and we could rely
> >on that?
> >
> More than this: amount of kernel stack is really, really something
> indirect if what you want to track is # of processes. Now, Hannes
> made a fair point in his other e-mail about what is a resource and
> what is not.
I start to consider this option, are there other people interested
in accounting/limiting kernel stack as well?
>
> >>> After all, we would only restrict the number of tasks for the
> >>> resources they require
> >It depends if the kernel stack can have other kind of "consumer".
> >
> It also depends on what you really want to achieve.
> If you want to prevent fork bombs, limiting kernel stack will do just fine.
I want:
a) to prevent the forkbomb from going far enough to DDOS the machine
b) to be able to kill that forkbomb once detected, in one go without race
against concurrent forks.
I think a) can work just fine with kernel stack limiting. I also need
to be notified about the fact we reached the limit. And b) should
be feasible with the help of the cgroup freezer.
>
> Is there anything for which you need to know exactly the number of
> processes?
No that's really about prevent/kill forkbomb as far as I'm concerned.
next prev parent reply other threads:[~2012-04-12 16:59 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-04-11 18:57 [RFD] Merge task counter into memcg Frederic Weisbecker
2012-04-11 19:21 ` Glauber Costa
2012-04-12 11:19 ` Frederic Weisbecker
2012-04-12 0:56 ` KAMEZAWA Hiroyuki
2012-04-12 11:32 ` Frederic Weisbecker
2012-04-12 11:43 ` Glauber Costa
2012-04-12 12:32 ` Johannes Weiner
2012-04-12 13:12 ` Glauber Costa
2012-04-12 15:30 ` Johannes Weiner
2012-04-12 16:38 ` Tejun Heo
2012-04-12 17:04 ` Cgroup in a single hierarchy (Was: Re: [RFD] Merge task counter into memcg) Glauber Costa
2012-04-17 15:13 ` Tejun Heo
2012-04-17 15:27 ` Glauber Costa
2012-04-12 17:13 ` [RFD] Merge task counter into memcg Glauber Costa
2012-04-12 17:23 ` Johannes Weiner
2012-04-12 17:41 ` Tejun Heo
2012-04-12 17:53 ` Glauber Costa
2012-04-13 1:42 ` KAMEZAWA Hiroyuki
2012-04-13 1:50 ` Glauber Costa
2012-04-13 2:48 ` KAMEZAWA Hiroyuki
2012-04-17 15:41 ` Tejun Heo
2012-04-17 16:52 ` Glauber Costa
2012-04-18 6:51 ` KAMEZAWA Hiroyuki
2012-04-18 7:53 ` Frederic Weisbecker
2012-04-18 8:42 ` KAMEZAWA Hiroyuki
2012-04-18 9:12 ` Frederic Weisbecker
2012-04-18 10:39 ` Johannes Weiner
2012-04-18 11:00 ` KAMEZAWA Hiroyuki
2012-04-12 16:54 ` Glauber Costa
2012-04-12 1:07 ` Johannes Weiner
2012-04-12 2:15 ` Glauber Costa
2012-04-12 3:26 ` Li Zefan
2012-04-12 14:55 ` Frederic Weisbecker
2012-04-12 16:34 ` Glauber Costa
2012-04-12 16:59 ` Frederic Weisbecker [this message]
2012-04-17 15:17 ` Tejun Heo
2012-04-18 6:54 ` Frederic Weisbecker
2012-04-18 8:10 ` Frederic Weisbecker
2012-04-18 12:00 ` Glauber Costa
2012-04-12 4:00 ` Alexander Nikiforov
[not found] ` <4F86527C.2080507@samsung.com>
2012-04-17 1:09 ` Frederic Weisbecker
2012-04-17 6:45 ` Alexander Nikiforov
2012-04-17 15:23 ` Tejun Heo
2012-04-19 3:34 ` Alexander Nikiforov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120412165922.GA12484@somewhere.redhat.com \
--to=fweisbec@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=berrange@redhat.com \
--cc=cgroups@vger.kernel.org \
--cc=containers@lists.linux-foundation.org \
--cc=dwalsh@redhat.com \
--cc=glommer@parallels.com \
--cc=hannes@cmpxchg.org \
--cc=hughd@google.com \
--cc=kamezawa.hiroyu@jp.fujitsu.com \
--cc=linux-kernel@vger.kernel.org \
--cc=lizf@cn.fujitsu.com \
--cc=tj@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox