lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 24 Apr 2015 23:59:31 +1000
From:	Aleksa Sarai <cyphar@...har.com>
To:	Tejun Heo <tj@...nel.org>
Cc:	lizefan@...wei.com, mingo@...hat.com, peterz@...radead.org,
	richard@....at,
	Frédéric Weisbecker <fweisbec@...il.com>,
	linux-kernel@...r.kernel.org, cgroups@...r.kernel.org
Subject: Re: [PATCH v10 3/4] cgroups: allow a cgroup subsystem to reject a fork

Hey,

>> +#define CGROUP_PREFORK_COUNT 0
>> +
>>  static inline int cgroup_init_early(void) { return 0; }
>>  static inline int cgroup_init(void) { return 0; }
>>  static inline void cgroup_fork(struct task_struct *p) {}
>> -static inline void cgroup_post_fork(struct task_struct *p) {}
>> +static inline int cgroup_can_fork(struct task_struct *p,
>> +                               void *s[CGROUP_PREFORK_COUNT])
>> +{
>> +     return 0;
>> +}
>
> Style consistency?

It's because it wraps. I can move it to be something like:

static inline int cgroup_can_fork(struct task_struct *p,
                               void *s[CGROUP_PREFORK_COUNT])
                               { return 0; }

If you like.

>> @@ -2078,6 +2084,18 @@ static void cgroup_task_migrate(struct cgroup *old_cgrp,
>>       list_move_tail(&tsk->cg_list, &new_cset->mg_tasks);
>>
>>       /*
>> +      * We detach from the old_cset subsystems here. We must do this
>> +      * before we drop the refcount for old_cset, in order to make sure
>> +      * that nobody frees it underneath us.
>> +      */
>> +     for_each_e_css(css, i, old_cgrp) {
>> +             struct cgroup_subsys_state *old_css = old_cset->subsys[i];
>> +
>> +             if (old_css->ss->detach)
>> +                     old_css->ss->detach(old_css, tsk);
>> +     }
>
> I don't get this.  What can ->detach do that ->can_attach cannot?

->detach signifies that a task is being migrated away from a cgroup.
On second thought, we could just use task_css() on each task in the
tset to figure out what the cgroup the task is being migrated away
from is and just uncharge that inside ->can_attach.

On the same point, are all the tasks in a tset passed to ->can_attach
guaranteed to have the same css? Or do I have to uncharge each one
individually?

--
Aleksa Sarai (cyphar)
www.cyphar.com
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ