lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAAAKZwu67VMiZgdpp=i5p7zyGbOHGHXwF_iprufGPzTLkkUF2A@mail.gmail.com>
Date:	Tue, 25 Oct 2011 13:06:35 -0700
From:	Tim Hockin <thockin@...kin.org>
To:	Andrew Morton <akpm00@...il.com>
Cc:	Frederic Weisbecker <fweisbec@...il.com>,
	LKML <linux-kernel@...r.kernel.org>,
	Paul Menage <paul@...lmenage.org>,
	Li Zefan <lizf@...fujitsu.com>,
	Johannes Weiner <hannes@...xchg.org>,
	Aditya Kali <adityakali@...gle.com>,
	Oleg Nesterov <oleg@...hat.com>,
	Kay Sievers <kay.sievers@...y.org>, Tejun Heo <tj@...nel.org>,
	"Kirill A. Shutemov" <kirill@...temov.name>,
	Containers <containers@...ts.linux-foundation.org>,
	Andrew Morton <akpm@...ux-foundation.org>
Subject: Re: [PATCH 00/10] cgroups: Task counter subsystem v6

On Tue, Oct 4, 2011 at 3:01 PM, Andrew Morton <akpm00@...il.com> wrote:
> On Mon,  3 Oct 2011 21:07:02 +0200
> Frederic Weisbecker <fweisbec@...il.com> wrote:
>
>> Hi Andrew,
>>
>> This contains minor changes, mostly documentation and changelog
>> updates, off-case build fix, and a code optimization in
>> res_counter_common_ancestor().
>
> I'd normally duck a patch series like this when we're at -rc8 and ask
> for it to be resent late in -rc1.  But I was feeling frisky so I
> grabbed this lot for a bit of testing and will sit on it until -rc1.
>
> I'm still not convinced that the kernel has a burning need for a "task
> counter subsystem".  Someone convince me that we should merge this!

We have real (accidental) DoS situations which happen because we don't
have this.  It usually takes the form of some library no re-joining
threads.  We end up deploying a few apps linked against this library,
and suddenly we're in trouble on a machine.  Except, this being
Google, we're in trouble on a lot of machines.

There may be other ways to cobble this sort of safety together, but
they are less appealing for various reasons.  cgroups are how we
control groups of related pids.

I'd really love to be able to use this.


>> It's hard to put some statistic numbers while testing this feature
>> given that the result is rather binary: we launch a forkbomb and
>> either we stop and kill it or the system become unresponsive.
>>
>> Meanwhile, one can find a testsuite at this address:
>> https://tglx.de/~fweisbec/task_counter_test.tar.gz
>
> I do think that we should merge tests like this into the main tree.  So
> I can do "cd tests ; make ; ./run-tests".  The first step is for some hero
> to propose the (simple!) framework and to drop a first test in there.
>
>> It performs several checks to ensure the interface and the behaviour
>> are reliable after common events like moving tasks around over cgroups
>> in a hierarchy, forking inside, etc.. It also launches a forkbomb,
>> tries to stop and kill it. So beware, don't run it on a system that
>> is doing serious things.
>
> Good stuff, that.  Then, when people propose additions or fix bugs, I can
> whine at them for not updating the test suite.
>
>> Ensure you have CGROUP_TASK_COUNTER set
>> before, or it may compress the Ten Plagues in your MBR and
>> inflate the whole after your next reboot.
>
> That problem would need to be fixed.  Either probe for the feature
> up-front, or don't build the test at all if CONFIG_CGROUP_TASK_COUNTER=n.
>
>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ