Re: [PATCH] new cgroup controller "fork"

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Glauber Costa <glommer@parallels.com>
To: Alan Cox <alan@lxorguk.ukuu.org.uk>,
	<linux-kernel@vger.kernel.org>,
	<containers@lists.linux-foundation.org>,
	Frederic Weisbecker <fweisbec@gmail.com>
Subject: Re: [PATCH] new cgroup controller "fork"
Date: Thu, 3 Nov 2011 16:56:38 -0200	[thread overview]
Message-ID: <4EB2E3E6.6070401@parallels.com> (raw)
In-Reply-To: <20111103185108.GA5153@Debian-60-squeeze-64-minimal>

On 11/03/2011 04:51 PM, Max Kellermann wrote:
> On 2011/11/03 19:21, Alan Cox<alan@lxorguk.ukuu.org.uk>  wrote:
>>> After little discussion, nobody seemed to be interested in it, and
>>> nobody merged it.  I reposted it today, not knowing somebody else had
>>> come up with a similar idea meanwhile.
>>
>> I don't really see a meaningful use case for this. Why should millions of
>> users have this stuff in their kernel. What's the general purpose use
>> case we should all be excited about ?
>
> Putting a reasonable limit on jobs that are expected to run only for a
> limited amount of time, with a limited amount of total resources.  For
> example: CGI, cron jobs, backup, munin plugins, virus scanners and
> other email filters, procmail, ... - when the job is done, the group
> can be deleted, and new instances will run in a new group.
>
> With just RLIMIT_NPROC or task_counter, you can limit the total number
> of processes, but it will not stop a fork bomb - it will only slow it
> down.  The fork bomb will still bounce between 1 and the limit, and
> consume lots of resources for forking and exiting.
>
> (Glauber: the above should answer your last email, too)

Yet, the damage a fork bomb can pose into the system this way is 
severely limited. Combined with the cpu controller to guarantee that 
this group of process will never take the whole cpu for themselves,
you have almost everything you need, if not everything.

> Similar existing feature: RLIMIT_CPU.  Millions of users have it in
> their kernels, but nobody uses it nowadays.  And it's not even
> optional.
>
> Btw. I have no problem with maintaining this patch (and a whole bunch
> of others) in my proprietary git repository at work forever.  They're
> very useful for my employer.  I'm just trying to be a good citizen by
> sharing them.

Well, one alternative is to try to rebase your work on top of -mm, 
taking Frederic's work into account. What we really don't need, is 
another cgroup for that. So if you manage to convince people that this 
is really a win - haven't convinced me so far - the way to go is 
enhancing the existing fork cgroup.

> Max

next prev parent reply	other threads:[~2011-11-03 18:57 UTC|newest]

Thread overview: 31+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-11-03 16:22 [PATCH] new cgroup controller "fork" Max Kellermann
2011-11-03 16:43 ` Frederic Weisbecker
2011-11-03 17:16   ` Max Kellermann
2011-11-03 17:26     ` Glauber Costa
2011-11-03 17:48       ` Max Kellermann
2011-11-03 17:50         ` Glauber Costa
2011-11-03 18:30           ` Max Kellermann
2011-11-03 18:34             ` Glauber Costa
2011-11-03 16:43 ` Glauber Costa
2011-11-03 16:59   ` Max Kellermann
2011-11-03 17:05     ` Frederic Weisbecker
2011-11-03 18:21     ` Alan Cox
2011-11-03 18:51       ` Max Kellermann
2011-11-03 18:56         ` Glauber Costa [this message]
2011-11-03 20:08           ` Matt Helsley
2011-11-03 19:03         ` Alan Cox
2011-11-03 19:20           ` Max Kellermann
2011-11-03 19:25             ` Glauber Costa
2011-11-03 20:13               ` Brian K. White
2011-11-03 21:54                 ` Glauber Costa
2011-11-04  3:03                   ` Li Zefan
2011-11-04  4:37                     ` KAMEZAWA Hiroyuki
2011-11-04 13:11                     ` Glauber Costa
2011-11-04 13:38                       ` Max Kellermann
2011-11-04 13:59                     ` Lennart Poettering
2011-11-03 17:31 ` richard -rw- weinberger
  -- strict thread matches above, loose matches on Subject: below --
2011-02-17 13:31 Max Kellermann
2011-02-17 13:50 ` KAMEZAWA Hiroyuki
2011-02-17 14:09   ` Max Kellermann
2011-02-18  0:59 ` Paul Menage
2011-02-18  9:26   ` Max Kellermann

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4EB2E3E6.6070401@parallels.com \
    --to=glommer@parallels.com \
    --cc=alan@lxorguk.ukuu.org.uk \
    --cc=containers@lists.linux-foundation.org \
    --cc=fweisbec@gmail.com \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox