lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20150424154830.GD24029@htj.duckdns.org>
Date:	Fri, 24 Apr 2015 11:48:30 -0400
From:	Tejun Heo <tj@...nel.org>
To:	Aleksa Sarai <cyphar@...har.com>
Cc:	lizefan@...wei.com, mingo@...hat.com, peterz@...radead.org,
	richard@....at,
	Frédéric Weisbecker <fweisbec@...il.com>,
	linux-kernel@...r.kernel.org, cgroups@...r.kernel.org
Subject: Re: [PATCH v10 3/4] cgroups: allow a cgroup subsystem to reject a
 fork

On Fri, Apr 24, 2015 at 11:59:31PM +1000, Aleksa Sarai wrote:
> Hey,
> 
> >> +#define CGROUP_PREFORK_COUNT 0
> >> +
> >>  static inline int cgroup_init_early(void) { return 0; }
> >>  static inline int cgroup_init(void) { return 0; }
> >>  static inline void cgroup_fork(struct task_struct *p) {}
> >> -static inline void cgroup_post_fork(struct task_struct *p) {}
> >> +static inline int cgroup_can_fork(struct task_struct *p,
> >> +                               void *s[CGROUP_PREFORK_COUNT])
> >> +{
> >> +     return 0;
> >> +}
> >
> > Style consistency?
> 
> It's because it wraps. I can move it to be something like:
> 
> static inline int cgroup_can_fork(struct task_struct *p,
>                                void *s[CGROUP_PREFORK_COUNT])
>                                { return 0; }

static inline int cgroup_can_fork(struct task_struct *p,
				  void *s[CGROUP_PREFORK_COUNT])
{ return 0; }

> >> @@ -2078,6 +2084,18 @@ static void cgroup_task_migrate(struct cgroup *old_cgrp,
> >>       list_move_tail(&tsk->cg_list, &new_cset->mg_tasks);
> >>
> >>       /*
> >> +      * We detach from the old_cset subsystems here. We must do this
> >> +      * before we drop the refcount for old_cset, in order to make sure
> >> +      * that nobody frees it underneath us.
> >> +      */
> >> +     for_each_e_css(css, i, old_cgrp) {
> >> +             struct cgroup_subsys_state *old_css = old_cset->subsys[i];
> >> +
> >> +             if (old_css->ss->detach)
> >> +                     old_css->ss->detach(old_css, tsk);
> >> +     }
> >
> > I don't get this.  What can ->detach do that ->can_attach cannot?
> 
> ->detach signifies that a task is being migrated away from a cgroup.
> On second thought, we could just use task_css() on each task in the
> tset to figure out what the cgroup the task is being migrated away
> from is and just uncharge that inside ->can_attach.

Yeah, that's how it's supposed to be used.  You have access to both
pre and post csses before migration and only to the new ones once by
the time ->attach() is running.

> On the same point, are all the tasks in a tset passed to ->can_attach
> guaranteed to have the same css? Or do I have to uncharge each one
> individually?

They're the same.

Thanks.

-- 
tejun
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ