lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <3d276b09-97fe-9908-e9ba-3a250a77362e@redhat.com>
Date:   Thu, 24 Aug 2017 11:27:58 -0400
From:   Waiman Long <longman@...hat.com>
To:     Tejun Heo <tj@...nel.org>
Cc:     Li Zefan <lizefan@...wei.com>,
        Johannes Weiner <hannes@...xchg.org>, cgroups@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] cpuset: Allow cpuset controller in default hierarchy

On 08/24/2017 11:02 AM, Tejun Heo wrote:
> Hello,
>
> On Thu, Aug 24, 2017 at 10:56:21AM -0400, Waiman Long wrote:
>> The main reason for sending out this patch is to figure out what exactly
>> is in your mind before enabling cpuset in v2.
>>
>> From my point of view, the exclusive setting makes cpuset behave more
>> like a resource domain that a resource allocated to one cgroup won't be
>> available for another cgroup. So we can argue it both ways whether it
>> violates the basic hierarchy rules or not.
> It's not even siblings interfering with other siblings.  The resource
> knobs belong to the parent, right?  So, the only thing it's doing is
> restricting the parent itself from creating certain configurations,
> which can be argued to be a feature but it's a really weird policy
> enforcement implemented in kernel.

Yes, it is an unusual feature. It is basically an enforcement in kernel
of what the user space can perfectly do by itself without the
involvement by the kernel. Perhaps, we should leave it out from v2 for
now. We can always add it back when the developers ask for it, but
deleting feature once it is in is a no-no.

>> I will be in the Plumbers Conference next month and we can talk more
>> about this. My goal is to make cgroup v2 ready for prime time hopefully
>> by the end of the year.
> Sure, the only thing I think we need for cpuset is cutting down the
> interface to the minimal set which provides all the features to
> userspace.

Besides *cpus and *mems, the rests are just flags that can be turned on
or off. Maybe we could use a single cpuset.flags file to replace all
those files and use + and - prefix to turn on and off flags like
subtree_control. That should reduce the interface bloat which can be a
concern if a large number of controllers are enabled in a cgroup.

Cheers,
Longman

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ