[PATCH v2] cgroup/cpuset: Clarify the delegation rules of partition

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

* [PATCH v2] cgroup/cpuset: Clarify the delegation rules of partition
@ 2026-04-28 18:09 Waiman Long
  2026-04-30 19:46 ` Michal Koutný
  0 siblings, 1 reply; 3+ messages in thread
From: Waiman Long @ 2026-04-28 18:09 UTC (permalink / raw)
  To: Chen Ridong, Tejun Heo, Johannes Weiner, Michal Koutný,
	Jonathan Corbet, Shuah Khan
  Cc: cgroups, linux-doc, linux-kernel, Xie Maoyi, Waiman Long

Creation of remote partition is currently not allowed without privilege.
On the other hand, creation of local partition is allowed without
privilege as long as its parent is also a partition root.

The current setup allows a delegator to delegate an exclusive set of
CPUs to the delegatee by making the root of a delegated sub-hierarchy
a partition root. The delegatee is then allowed to create a local
sub-partition underneath it if necessary. Creation of a remote
partition is not currently allowed across delegation boundary without
privilege. Clarify the partition delegation rules by stating the current
behavior in cgroup-v2.rst file.

Signed-off-by: Waiman Long <longman@redhat.com>
---
 Documentation/admin-guide/cgroup-v2.rst | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/Documentation/admin-guide/cgroup-v2.rst b/Documentation/admin-guide/cgroup-v2.rst
index 6efd0095ed99..5b4ebde6fffe 100644
--- a/Documentation/admin-guide/cgroup-v2.rst
+++ b/Documentation/admin-guide/cgroup-v2.rst
@@ -2599,8 +2599,7 @@ Cpuset Interface Files
 
   cpuset.cpus.partition
 	A read-write single value file which exists on non-root
-	cpuset-enabled cgroups.  This flag is owned by the parent cgroup
-	and is not delegatable.
+	cpuset-enabled cgroups.
 
 	It accepts only the following input values when written to.
 
@@ -2708,6 +2707,15 @@ Cpuset Interface Files
 	their parent is switched back to a partition root with a proper
 	value in "cpuset.cpus" or "cpuset.cpus.exclusive".
 
+	This file is owned by the parent cgroup and is not delegatable.
+	The delegator can delegate an exclusive set of CPUs to the
+	delegatee by making the root of a delegated sub-hierarchy a
+	partition root. The delegatee is then allowed to create a local
+	sub-partition underneath it if needed. The delegator should
+	not set "cpuset.cpus.exclusive" at the root without making it
+	a partition root as the creation of remote partition is not
+	allowed without privilege.
+
 	Poll and inotify events are triggered whenever the state of
 	"cpuset.cpus.partition" changes.  That includes changes caused
 	by write to "cpuset.cpus.partition", cpu hotplug or other
-- 
2.53.0


^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH v2] cgroup/cpuset: Clarify the delegation rules of partition
  2026-04-28 18:09 [PATCH v2] cgroup/cpuset: Clarify the delegation rules of partition Waiman Long
@ 2026-04-30 19:46 ` Michal Koutný
  2026-04-30 19:54   ` Waiman Long
  0 siblings, 1 reply; 3+ messages in thread
From: Michal Koutný @ 2026-04-30 19:46 UTC (permalink / raw)
  To: Waiman Long
  Cc: Chen Ridong, Tejun Heo, Johannes Weiner, Jonathan Corbet,
	Shuah Khan, cgroups, linux-doc, linux-kernel, Xie Maoyi

[-- Attachment #1: Type: text/plain, Size: 1355 bytes --]

On Tue, Apr 28, 2026 at 02:09:35PM -0400, Waiman Long <longman@redhat.com> wrote:
> Creation of remote partition is currently not allowed without privilege.
> On the other hand, creation of local partition is allowed without
> privilege as long as its parent is also a partition root.
> 
> The current setup allows a delegator to delegate an exclusive set of
> CPUs to the delegatee by making the root of a delegated sub-hierarchy
> a partition root. The delegatee is then allowed to create a local
> sub-partition underneath it if necessary. Creation of a remote
> partition is not currently allowed across delegation boundary without
> privilege. Clarify the partition delegation rules by stating the current
> behavior in cgroup-v2.rst file.
> 
> Signed-off-by: Waiman Long <longman@redhat.com>
> ---
>  Documentation/admin-guide/cgroup-v2.rst | 12 ++++++++++--
>  1 file changed, 10 insertions(+), 2 deletions(-)

After Tejun pointed out that other generic paragraph:
| This means that the controller interface files - anything which
| doesn't start with "cgroup." are owned by the parent rather than the
| cgroup itself.

I think the extra words may only increase confusion (and constrain
generic changes). So it was a good exercise but nothing needs to be
necessarily changed regarding this behaivor or its docs.

Michal

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 265 bytes --]

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH v2] cgroup/cpuset: Clarify the delegation rules of partition
  2026-04-30 19:46 ` Michal Koutný
@ 2026-04-30 19:54   ` Waiman Long
  0 siblings, 0 replies; 3+ messages in thread
From: Waiman Long @ 2026-04-30 19:54 UTC (permalink / raw)
  To: Michal Koutný
  Cc: Chen Ridong, Tejun Heo, Johannes Weiner, Jonathan Corbet,
	Shuah Khan, cgroups, linux-doc, linux-kernel, Xie Maoyi

On 4/30/26 3:46 PM, Michal Koutný wrote:
> On Tue, Apr 28, 2026 at 02:09:35PM -0400, Waiman Long <longman@redhat.com> wrote:
>> Creation of remote partition is currently not allowed without privilege.
>> On the other hand, creation of local partition is allowed without
>> privilege as long as its parent is also a partition root.
>>
>> The current setup allows a delegator to delegate an exclusive set of
>> CPUs to the delegatee by making the root of a delegated sub-hierarchy
>> a partition root. The delegatee is then allowed to create a local
>> sub-partition underneath it if necessary. Creation of a remote
>> partition is not currently allowed across delegation boundary without
>> privilege. Clarify the partition delegation rules by stating the current
>> behavior in cgroup-v2.rst file.
>>
>> Signed-off-by: Waiman Long <longman@redhat.com>
>> ---
>>   Documentation/admin-guide/cgroup-v2.rst | 12 ++++++++++--
>>   1 file changed, 10 insertions(+), 2 deletions(-)
> After Tejun pointed out that other generic paragraph:
> | This means that the controller interface files - anything which
> | doesn't start with "cgroup." are owned by the parent rather than the
> | cgroup itself.
>
> I think the extra words may only increase confusion (and constrain
> generic changes). So it was a good exercise but nothing needs to be
> necessarily changed regarding this behaivor or its docs.

That is fine. This doc change is optional and I agree that we may want 
more flexibility in case we change the behavior in the future.

Cheers,
Longman


^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2026-04-30 19:55 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-04-28 18:09 [PATCH v2] cgroup/cpuset: Clarify the delegation rules of partition Waiman Long
2026-04-30 19:46 ` Michal Koutný
2026-04-30 19:54   ` Waiman Long

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox