| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4F8793FC.5030209@jp.fujitsu.com> Date: Fri, 13 Apr 2012 11:48:28 +0900 From: KAMEZAWA Hiroyuki <kamezawa.hiroyu@...fujitsu.com> To: Glauber Costa <glommer@...allels.com> CC: Tejun Heo <tj@...nel.org>, Johannes Weiner <hannes@...xchg.org>, Frederic Weisbecker <fweisbec@...il.com>, Hugh Dickins <hughd@...gle.com>, Andrew Morton <akpm@...ux-foundation.org>, Daniel Walsh <dwalsh@...hat.com>, "Daniel P. Berrange" <berrange@...hat.com>, Li Zefan <lizf@...fujitsu.com>, LKML <linux-kernel@...r.kernel.org>, Cgroups <cgroups@...r.kernel.org>, Containers <containers@...ts.linux-foundation.org> Subject: Re: [RFD] Merge task counter into memcg (2012/04/13 10:50), Glauber Costa wrote: > On 04/12/2012 10:42 PM, KAMEZAWA Hiroyuki wrote: >> To be honest, I doubt that task counter is unnecessary...memcg can catch >> oom situation well. I often test 'make -j' under memcg. >> >> To the questions >> * It sounds like a 'ulimit' cgroup. How about overwriting >> ulimit values via cgroup ? (sounds joke?) Then, overhead will be small but >> I'm not sure it can be hierarchical and doesn't break userland. >> >> If people wants to limit the number of tasks, I think interface should provide it >> in the unit of objects. Then, I'm ok to have other subsystem for counting something. >> fork-bomb's memory overhead can be prevent by memcg. What memcg cannot handle >> is ulimit. If forkbomb exhausts all ulimit/tasks, the user cannot login. >> So, having task-limit cgroup subsys for a sandbox will make sense in some situation. >> >> In short, I don't think it's better to have task-counting and fd-counting in memcg. >> It's kmem, but it's more than that, I think. >> Please provide subsys like ulimit. >> > Kame, > > You're talking about the memcg that is in the kernel today. > I think the discussion is orbiting around how it is going to be once we > start tracking kernel memory like the slab (for task_struct), or kernel > stack pages. > > In those scenarios, a fork bomb will be stopped anyway, because it will > need kernel memory it can't grab. > fork-bomb can be caught by some method. I just consider about 'task' cgroup. You can know the number of tasks by reading tasks file even if we don't have task cgroup. Because of this, using task cgroup for accounting the number of tasks doesn't make sense to me. But, here, Tejun? mentioned accounting the number of 'fd'. Hearing that, I think of ulimit. We do resource accounting based on cgroup. But there are another limiting feature as ulimit, sysctl, etc...This makes total view of resource accounting in Linux complicated. So, I wonder whether cgroup can be a unified control feature and have subsys for ulimit or ipc, by overriding other control stuffs. But resources which doesn't belong to 'thread' ...as memory may add something messy to cgroup, it's accounting resources based on threads. Thanks, -Kame -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists