netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: "Michael S. Tsirkin" <mst@redhat.com>
To: Sridhar Samudrala <sri@us.ibm.com>
Cc: Oleg Nesterov <oleg@redhat.com>,
	Peter Zijlstra <peterz@infradead.org>, Tejun Heo <tj@kernel.org>,
	Ingo Molnar <mingo@elte.hu>, netdev <netdev@vger.kernel.org>,
	lkml <linux-kernel@vger.kernel.org>,
	"kvm@vger.kernel.org" <kvm@vger.kernel.org>,
	Andrew Morton <akpm@linux-foundation.org>,
	Dmitri Vorobiev <dmitri.vorobiev@movial.com>,
	Jiri Kosina <jkosina@suse.cz>,
	Thomas Gleixner <tglx@linutronix.de>,
	Andi Kleen <ak@linux.intel.com>
Subject: Re: [PATCH repost] sched: export sched_set/getaffinity to modules
Date: Tue, 13 Jul 2010 14:09:39 +0300	[thread overview]
Message-ID: <20100713110939.GA3446@redhat.com> (raw)
In-Reply-To: <4C3C0EBC.40305@us.ibm.com>

On Mon, Jul 12, 2010 at 11:59:08PM -0700, Sridhar Samudrala wrote:
> On 7/4/2010 2:00 AM, Michael S. Tsirkin wrote:
> >On Fri, Jul 02, 2010 at 11:06:37PM +0200, Oleg Nesterov wrote:
> >>On 07/02, Peter Zijlstra wrote:
> >>>On Fri, 2010-07-02 at 11:01 -0700, Sridhar Samudrala wrote:
> >>>>  Does  it (Tejun's kthread_clone() patch) also  inherit the
> >>>>cgroup of the caller?
> >>>Of course, its a simple do_fork() which inherits everything just as you
> >>>would expect from a similar sys_clone()/sys_fork() call.
> >>Yes. And I'm afraid it can inherit more than we want. IIUC, this is called
> >>from ioctl(), right?
> >>
> >>Then the new thread becomes the natural child of the caller, and it shares
> >>->mm with the parent. And files, dup_fd() without CLONE_FS.
> >>
> >>Signals. Say, if you send SIGKILL to this new thread, it can't sleep in
> >>TASK_INTERRUPTIBLE or KILLABLE after that. And this SIGKILL can be sent
> >>just because the parent gets SIGQUIT or abother coredumpable signal.
> >>Or the new thread can recieve SIGSTOP via ^Z.
> >>
> >>Perhaps this is OK, I do not know. Just to remind that kernel_thread()
> >>is merely clone(CLONE_VM).
> >>
> >>Oleg.
> >
> >Right. Doing this might break things like flush.  The signal and exit
> >behaviour needs to be examined carefully. I am also unsure whether
> >using such threads might be more expensive than inheriting kthreadd.
> >
> Should we just leave it to the userspace to set the cgroup/cpumask
> after qemu starts the guest and
> the vhost threads?
> 
> Thanks
> Sridhar

Yes but we can't trust userspace to do this. It's important
to do it on thread creation: if we don't, malicious userspace
can create large amount of work exceeding the cgroup limits.

And the same applies so the affinity: if the qemu process
is limited to a set of CPUs, it's important to make
the kernel thread that does work our behalf limited to the same
set of CPUs.

This is not unique to vhost, it's just that virt scenarious are affected
by this more: people seem to run untrusted applications and expect the
damage to be contained.

-- 
MST

  reply	other threads:[~2010-07-13 11:09 UTC|newest]

Thread overview: 115+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-05-19  0:04 [PATCH 2/3] workqueue: Add an API to create a singlethread workqueue attached to the current task's cgroup Sridhar Samudrala
2010-05-27  9:14 ` Michael S. Tsirkin
2010-05-27 12:44   ` Oleg Nesterov
2010-05-27 13:12     ` Michael S. Tsirkin
2010-05-27 13:48       ` Oleg Nesterov
2010-05-27 16:15       ` Tejun Heo
2010-05-27 16:39         ` Michael S. Tsirkin
2010-05-27 16:56           ` Tejun Heo
2010-05-27 17:32             ` Michael S. Tsirkin
2010-05-27 21:20               ` Tejun Heo
2010-05-28 15:08                 ` Michael S. Tsirkin
2010-05-28 15:54                   ` Tejun Heo
2010-05-30 11:29                     ` Michael S. Tsirkin
2010-05-30 20:24                       ` [PATCH 1/3] vhost: replace vhost_workqueue with per-vhost kthread Tejun Heo
2010-05-31 14:39                         ` Oleg Nesterov
2010-05-31 15:07                           ` Tejun Heo
2010-05-31 15:31                             ` Oleg Nesterov
2010-05-31 15:38                               ` Tejun Heo
2010-05-31 15:22                         ` Michael S. Tsirkin
2010-05-31 15:45                           ` Tejun Heo
2010-05-31 16:00                             ` Michael S. Tsirkin
2010-06-01  9:34                               ` Tejun Heo
2010-06-02 18:40                                 ` [PATCH UPDATED " Tejun Heo
2010-06-02 21:34                                   ` Sridhar Samudrala
2010-07-22 15:58                                   ` Michael S. Tsirkin
2010-07-22 21:21                                     ` Tejun Heo
2010-07-24 19:14                                       ` Michael S. Tsirkin
2010-07-25  7:41                                         ` Tejun Heo
2010-07-25 10:04                                           ` Michael S. Tsirkin
2010-07-26 15:25                                           ` Michael S. Tsirkin
2010-07-26 15:34                                             ` Tejun Heo
2010-07-26 15:46                                               ` Tejun Heo
2010-07-26 15:51                                                 ` Michael S. Tsirkin
2010-07-26 15:50                                               ` Michael S. Tsirkin
2010-07-26 16:05                                                 ` Tejun Heo
2010-07-26 16:14                                                   ` Tejun Heo
2010-07-26 16:31                                                     ` Michael S. Tsirkin
2010-07-26 18:51                                                       ` Tejun Heo
2010-07-26 19:57                                                         ` Michael S. Tsirkin
2010-07-27  8:18                                                           ` Tejun Heo
2010-07-26 16:51                                                     ` Michael S. Tsirkin
2010-07-26 19:14                                                       ` Tejun Heo
2010-07-26 19:31                                                         ` Tejun Heo
2010-07-26 19:59                                                           ` Michael S. Tsirkin
2010-07-27 19:19                                                           ` Michael S. Tsirkin
2010-07-28  7:48                                                             ` Tejun Heo
2010-07-28 10:48                                                               ` Michael S. Tsirkin
2010-07-28 12:00                                                                 ` Tejun Heo
2010-07-26 16:57                                                     ` Michael S. Tsirkin
2010-07-26 16:23                                                   ` Michael S. Tsirkin
2010-07-26 19:04                                                     ` Tejun Heo
2010-07-26 20:19                                                       ` Michael S. Tsirkin
2010-07-27  8:21                                                         ` Tejun Heo
2010-06-01  9:34                               ` [PATCH 2/3] cgroups: Add an API to attach a task to current task's cgroup Tejun Heo
2010-06-01  9:35                               ` [PATCH 3/3] vhost: apply cpumask and cgroup to vhost workers Tejun Heo
2010-06-01 10:17                                 ` Michael S. Tsirkin
2010-06-01 10:56                                   ` Tejun Heo
2010-06-01 17:19                                 ` Sridhar Samudrala
2010-06-01 23:59                                   ` Tejun Heo
2010-06-01 14:13                           ` [PATCH 1/3] vhost: replace vhost_workqueue with per-vhost kthread Paul E. McKenney
2010-05-30 20:24                       ` [PATCH 2/3] cgroups: Add an API to attach a task to current task's cgroup Tejun Heo
2010-05-31  1:07                         ` Li Zefan
2010-05-31  7:00                           ` Tejun Heo
2010-05-30 20:25                       ` [PATCH 3/3] vhost: apply cpumask and cgroup to vhost pollers Tejun Heo
2010-05-31  1:11                         ` Li Zefan
2010-05-31  6:58                           ` [PATCH UPDATED " Tejun Heo
2010-05-31  7:48                             ` Li Zefan
2010-05-31 10:20                               ` [PATCH UPDATED2 " Tejun Heo
2010-06-24  8:11                         ` [PATCH " Michael S. Tsirkin
2010-06-24 22:45                           ` Sridhar Samudrala
2010-06-25 10:10                             ` [PATCH] sched: export sched_set/getaffinity (was Re: [PATCH 3/3] vhost: apply cpumask and cgroup to vhost pollers) Michael S. Tsirkin
2010-07-01 11:07                               ` [PATCH repost] sched: export sched_set/getaffinity to modules Michael S. Tsirkin
2010-07-01 11:19                                 ` Peter Zijlstra
2010-07-01 11:43                                   ` Peter Zijlstra
2010-07-01 11:55                                     ` Michael S. Tsirkin
2010-07-01 12:23                                       ` Michael S. Tsirkin
2010-07-01 12:34                                         ` Peter Zijlstra
2010-07-01 12:46                                           ` Peter Zijlstra
2010-07-01 13:08                                             ` Michael S. Tsirkin
2010-07-01 13:30                                               ` Peter Zijlstra
2010-07-01 13:39                                                 ` Michael S. Tsirkin
2010-07-01 13:57                                                   ` Peter Zijlstra
2010-07-01 14:27                                                   ` Tejun Heo
2010-07-01 14:46                                                     ` Oleg Nesterov
2010-07-01 14:53                                                       ` Tejun Heo
2010-07-01 14:55                                                         ` Peter Zijlstra
2010-07-02 18:01                                                           ` Sridhar Samudrala
2010-07-02 18:11                                                             ` Peter Zijlstra
2010-07-02 21:06                                                               ` Oleg Nesterov
2010-07-04  9:00                                                                 ` Michael S. Tsirkin
2010-07-13  6:59                                                                   ` Sridhar Samudrala
2010-07-13 11:09                                                                     ` Michael S. Tsirkin [this message]
2010-07-14 23:26                                                                       ` Sridhar Samudrala
2010-07-15  0:05                                                                         ` Oleg Nesterov
2010-07-15  5:29                                                                           ` Sridhar Samudrala
2010-07-26 17:12                                                                 ` Michael S. Tsirkin
2010-07-26 17:51                                                                   ` Sridhar Samudrala
2010-07-26 18:08                                                                     ` Oleg Nesterov
2010-07-26 19:55                                                                       ` Michael S. Tsirkin
2010-07-26 20:27                                                                       ` Michael S. Tsirkin
2010-07-27  4:55                                                                       ` Michael S. Tsirkin
2010-08-04 10:45                                                                         ` Peter Zijlstra
2010-07-27 15:41                                                                       ` Michael S. Tsirkin
2010-07-30 14:19                                                                         ` Oleg Nesterov
2010-07-30 14:31                                                                           ` Tejun Heo
2010-08-01  8:50                                                                           ` Michael S. Tsirkin
2010-08-02 15:02                                                                             ` Oleg Nesterov
2010-07-01 14:33                                                 ` Oleg Nesterov
2010-07-01 12:32                                       ` Peter Zijlstra
2010-07-01 12:50                                         ` Michael S. Tsirkin
2010-07-01 13:07                                           ` Peter Zijlstra
2010-07-01 13:22                                             ` Michael S. Tsirkin
2010-05-27 16:24     ` [PATCH 2/3] workqueue: Add an API to create a singlethread workqueue attached to the current task's cgroup Sridhar Samudrala
2010-05-27 16:41       ` Michael S. Tsirkin
2010-05-27 17:30       ` Oleg Nesterov

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20100713110939.GA3446@redhat.com \
    --to=mst@redhat.com \
    --cc=ak@linux.intel.com \
    --cc=akpm@linux-foundation.org \
    --cc=dmitri.vorobiev@movial.com \
    --cc=jkosina@suse.cz \
    --cc=kvm@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mingo@elte.hu \
    --cc=netdev@vger.kernel.org \
    --cc=oleg@redhat.com \
    --cc=peterz@infradead.org \
    --cc=sri@us.ibm.com \
    --cc=tglx@linutronix.de \
    --cc=tj@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).