| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 7 Apr 2015 23:47:02 +1000 From: Aleksa Sarai <cyphar@...har.com> To: Tejun Heo <tj@...nel.org> Cc: lizefan@...wei.com, mingo@...hat.com, peterz@...radead.org, richard@....at, Frédéric Weisbecker <fweisbec@...il.com>, linux-kernel@...r.kernel.org, cgroups@...r.kernel.org Subject: Re: [PATCH v8 3/4] cgroups: allow a cgroup subsystem to reject a fork Hi Tejun, >> I tried doing this and the kernel would refuse to boot. I believe it has >> something to do with the ordering of early_init subsystems, but I'm not > > Hmmm... yeah, failure in early_init can be tricky to debug. Okay, I took another look and it isn't that there are hard ordering dependencies, it's because of how I wrote the tagging macro for cgroup_subsys.h that caused a NULL deref during the early_init. Whoops. >> entirely sure (this optimisation can be dealt with later [it's non-critical], >> so IMO this should be done in a separate patchset [if at all]). Also, your >> later comments would fix the subsys bitmask problem (we can just pass the >> default %NULL), we don't even need to test the index. > > [...] I don't > think it's a good idea to send the patches as-are because we can't > debug and fix them properly, right? [...] In what way are they hard to debug? > [...] If there are hard ordering > dependencies, the range of subsystems which require fork/exit doesn't > have to be at the beginning. I just spent a few hours trying to write it and it's just too dodgy to live. Either you have a solution that won't work with nested tags, and is generally just kind of bad or you have a solution that requires you to keep two separate enumerations in sync. And of course you need to offset the index you're looking stuff up in ss_state so that also looks bad. But that's all besides the point because, *even if* it I had a clean solution, it still wouldn't solve the fact that we are > [...] adding quite a few loops in relatively hot paths. You kind of _need_ to loop over all the subsystems in either case, the only difference between having an array of CGROUP_SUBSYS_COUNT pointers or CGROUP_PREFORK_COUNT is the few bytes of memory you've "saved" (at the expense of making the callback code essentially unreadable). -- Aleksa Sarai (cyphar) www.cyphar.com -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists