From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1759594Ab2D0QUM (ORCPT ); Fri, 27 Apr 2012 12:20:12 -0400 Received: from mx1.redhat.com ([209.132.183.28]:64655 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1758889Ab2D0QUK (ORCPT ); Fri, 27 Apr 2012 12:20:10 -0400 Date: Fri, 27 Apr 2012 12:19:59 -0400 From: Vivek Goyal To: Tejun Heo Cc: Jeff Moyer , axboe@kernel.dk, ctalbott@google.com, rni@google.com, linux-kernel@vger.kernel.org, cgroups@vger.kernel.org, containers@lists.linux-foundation.org, fengguang.wu@intel.com, hughd@google.com, akpm@linux-foundation.org Subject: Re: [PATCH 11/11] blkcg: implement per-blkg request allocation Message-ID: <20120427161959.GL10579@redhat.com> References: <1335477561-11131-1-git-send-email-tj@kernel.org> <1335477561-11131-12-git-send-email-tj@kernel.org> <20120427150217.GK27486@google.com> <20120427154033.GJ10579@redhat.com> <20120427154502.GM27486@google.com> <20120427154841.GA16237@redhat.com> <20120427155140.GN27486@google.com> <20120427155612.GK10579@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20120427155612.GK10579@redhat.com> User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Apr 27, 2012 at 11:56:12AM -0400, Vivek Goyal wrote: > On Fri, Apr 27, 2012 at 08:51:40AM -0700, Tejun Heo wrote: > > On Fri, Apr 27, 2012 at 11:48:41AM -0400, Vivek Goyal wrote: > > > Not an unpriviliged malicious application. In typical cgroup scenario, we > > > can allow unpriviliged users to create child cgroups so that it can > > > further subdivide its resources to its children group. (ex. put firefox > > > in one cgroup, open office in another group etc.). > > > > > > So it is not same as jack up nr_requests. > > > > I find allowing unpriv users creating cgroups dumb. cgroup consumes > > kernel memory. Sans using kmemcg, what prevents them from creating > > gazillion cgroups and consuming all memories? The idea of allowing > > cgroups to !priv users is just broken from the get go. > > Well creating a task consumes memory too but we allow unpriv users to > create tasks. :-) Well, kernel can kill tasks and reclaim that memory so this is not an appropriate example. A more suitable example probably is AIO where kernel pins down some memory and we limit that amount by upper limit on number of aio requests. Thanks Vivek