lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 13 May 2010 22:16:51 +0200
From:	Dhaval Giani <dhaval.giani@...il.com>
To:	Paul Menage <menage@...gle.com>
Cc:	balbir@...ux.vnet.ibm.com, peterz@...radead.org,
	lennart@...ttering.net, jsafrane@...hat.com, tglx@...utronix.de,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH/RFC] Have sane default values for cpusets

On Thu, May 13, 2010 at 10:12 PM, Paul Menage <menage@...gle.com> wrote:
> On Wed, May 12, 2010 at 12:59 PM, Dhaval Giani <dhaval.giani@...il.com> wrote:
>> On Wed, May 12, 2010 at 9:36 PM, Paul Menage <menage@...gle.com> wrote:
>>> On Wed, May 12, 2010 at 12:29 PM, Dhaval Giani <dhaval.giani@...il.com> wrote:
>>>>> I think the idea is reasonable - the only way that I could see it
>>>>> breaking someone would be code that currently does something like:
>>>>>
>>>>> mkdir A
>>>>> mkdir B
>>>>> echo 1 > A/mem_exclusive
>>>>> echo 1 > B/mem_exclusive
>>>>> echo $mems_for_a > A/mems
>>>>> echo $mems_for_b > B/mems
>>>>>
>>>>> The attempts to set the mem_exclusive flags would fail, since A and B
>>>>> would both have all of the parent's mems.
>>>>>
>>>>
>>>> But would this not fail otherwise?
>>>>
>>>
>>> Assuming that mems_for_a and mems_for_b were disjoint, it would be
>>> fine currently.
>>>
>>
>> Ah my bad. I misread mems_for_a as taking the value from the parent.
>> You are right, that was a case I missed.
>>
>> Hmm, so how do we fix this? Any solutions? Not fixing the kernel
>> pushes the problem to the userspace, making it hard for tons of more
>> applications to use cgroups without jumping through a lot of hoops.
>>
>
> Well, it's not clear to me whether the case I outlined is actually one
> that would bite people - it's likely a rare case.
>
> Balbir's point that some apps might get upset by finding non-empty
> mems/cpus in a newly-created cgroup is more reasonable.
>
> How about a per-cgroup cpuset.inherit_defaults file that defaults to
> false and is inherited from the parent. If the parent's file is set to
> true, then the mems/cpus are also inherited?
>
> Then the sysadmin who's giving out user-controllable cpuset-based
> cgroups can just set it to true and the users don't need to worry
> about setting up the defaults.
>

Default for root being "true" should work. Anything else, and you
still require the programmer to know about cpuset and setting that
flag to true.

Dhaval
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ