lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 26 Mar 2015 11:02:23 -0400
From:	Tejun Heo <tj@...nel.org>
To:	Aleksa Sarai <cyphar@...har.com>
Cc:	lizefan@...wei.com, mingo@...hat.com, peterz@...radead.org,
	richard@....at,
	Frédéric Weisbecker <fweisbec@...il.com>,
	linux-kernel@...r.kernel.org, cgroups@...r.kernel.org
Subject: Re: [PATCH v6 2/3] cgroups: allow a cgroup subsystem to reject a fork

Hello,

On Fri, Mar 27, 2015 at 01:38:54AM +1100, Aleksa Sarai wrote:
> The issue I can see with passing around an opaque pointer to fork() is that you
> have a random private (void **) argument that is completely useless if you
> don't use can_fork(). This is why I think we should call the reapply_fork()

Just pass NULL?  I really don't like having another callback.  pre and
post do make sense because the operation is essentially a transaction.
The problem with adding additional callbacks is that they aren't
essential and as such arbitrary to a certain degree.  reapply_fork or
whatnot may fit this case but may not others, so let's please stick
with what the logic dictates to be essential.

> callback if the association changes [we could call it something else if you
> like, since reapply_fork() is a pids-specific name -- what about switch_fork(),
> reassoc_fork(), re_fork() or something to show that it's a callback if the
> association changes?] (the subsystem can decide if they want to ignore it / if
> they don't want to touch it) and we deal with pinning / dropping the ref of the
> css_set for the current task inside the cgroup_* callbacks. That way, we don't
> start messing around with post-fork() callbacks that aren't related to the new
> conditional stuff.

You can't pin css_set from inside cgroup callbacks.  It's a construct
which in general shouldn't be accessible outside cgroup core.

> I mean, if you want to have a random, completely unused and essentially
> vestigial argument to ss->fork() [if you don't use the new can_fork() callbacks
> (and actually care about storing private data)] then I can just write that. It
> just looks like a weird callback API imho.

It's an opaque token from pre.  If a subsys doesn't have pre, it's
NULL.  I don't see anything weird about that, so let's please go that
way.

Thanks.

-- 
tejun
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ