lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <78d17b23-d712-7d9c-3655-34c646bc4897@suse.de>
Date:	Sun, 26 Jun 2016 21:34:41 +1000
From:	Aleksa Sarai <asarai@...e.de>
To:	Tejun Heo <tj@...nel.org>
Cc:	Jonathan Corbet <corbet@....net>, Li Zefan <lizefan@...wei.com>,
	Johannes Weiner <hannes@...xchg.org>,
	Kenny Yu <kennyyu@...com>, linux-doc@...r.kernel.org,
	linux-kernel@...r.kernel.org, cgroups@...r.kernel.org
Subject: Re: [PATCH 1/2] cgroup: pids: show number of failed forks since limit
 reset

> On Fri, Jun 24, 2016 at 01:00:48PM +1000, Aleksa Sarai wrote:
>> This allows users to dynamically adjust their limits based on how many
>> failed forks happened since they last reset their limits, otherwise they
>> would have to track (in a racy way) how many limit failures there were
>> since the last limit change manually. In addition, we log the first
>> failure since the limit was reset (which was the original semantics of
>> the patchset).
>
> Isn't that trivially achievable by reading the counter and then
> calculating the diff?  I don't think it matters all that much whether
> the log message is printed once per cgroup or per config-change.  It's
> just a hint for the admin to avoid setting her off on a wild goose
> chase.

If a user has a setup where they wait for notifications on changes to 
pids.event, and then auto-adjust the cgroup limits based on the number 
of failures you have a race condition between reading the pids.event 
file and then setting the new limit. Then, upon getting notified again 
there may have been many failed forks with the old limit set, so you 
might decide to bump up the limit again.

It's not a huge deal, I just though it could be useful to alleviate 
problems like the above.

-- 
Aleksa Sarai
Software Engineer (Containers)
SUSE Linux GmbH
https://www.cyphar.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ