lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 13 May 2010 13:12:42 -0700
From:	Paul Menage <menage@...gle.com>
To:	Dhaval Giani <dhaval.giani@...il.com>
Cc:	balbir@...ux.vnet.ibm.com, peterz@...radead.org,
	lennart@...ttering.net, jsafrane@...hat.com, tglx@...utronix.de,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH/RFC] Have sane default values for cpusets

On Wed, May 12, 2010 at 12:59 PM, Dhaval Giani <dhaval.giani@...il.com> wrote:
> On Wed, May 12, 2010 at 9:36 PM, Paul Menage <menage@...gle.com> wrote:
>> On Wed, May 12, 2010 at 12:29 PM, Dhaval Giani <dhaval.giani@...il.com> wrote:
>>>> I think the idea is reasonable - the only way that I could see it
>>>> breaking someone would be code that currently does something like:
>>>>
>>>> mkdir A
>>>> mkdir B
>>>> echo 1 > A/mem_exclusive
>>>> echo 1 > B/mem_exclusive
>>>> echo $mems_for_a > A/mems
>>>> echo $mems_for_b > B/mems
>>>>
>>>> The attempts to set the mem_exclusive flags would fail, since A and B
>>>> would both have all of the parent's mems.
>>>>
>>>
>>> But would this not fail otherwise?
>>>
>>
>> Assuming that mems_for_a and mems_for_b were disjoint, it would be
>> fine currently.
>>
>
> Ah my bad. I misread mems_for_a as taking the value from the parent.
> You are right, that was a case I missed.
>
> Hmm, so how do we fix this? Any solutions? Not fixing the kernel
> pushes the problem to the userspace, making it hard for tons of more
> applications to use cgroups without jumping through a lot of hoops.
>

Well, it's not clear to me whether the case I outlined is actually one
that would bite people - it's likely a rare case.

Balbir's point that some apps might get upset by finding non-empty
mems/cpus in a newly-created cgroup is more reasonable.

How about a per-cgroup cpuset.inherit_defaults file that defaults to
false and is inherited from the parent. If the parent's file is set to
true, then the mems/cpus are also inherited?

Then the sysadmin who's giving out user-controllable cpuset-based
cgroups can just set it to true and the users don't need to worry
about setting up the defaults.

Paul
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ