| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 5 Dec 2017 00:44:00 +0300
From: Kirill Tkhai <ktkhai@...tuozzo.com>
To: Tejun Heo <tj@...nel.org>
Cc: axboe@...nel.dk, bcrl@...ck.org, viro@...iv.linux.org.uk,
linux-block@...r.kernel.org, linux-kernel@...r.kernel.org,
linux-aio@...ck.org, oleg@...hat.com
Subject: Re: [PATCH 0/5] blkcg: Limit maximum number of aio requests available
for cgroup
Hello, Tejun,
On 04.12.2017 23:07, Tejun Heo wrote:
> On Mon, Dec 04, 2017 at 07:12:51PM +0300, Kirill Tkhai wrote:
>> this patch set introduces accounting aio_nr and aio_max_nr per blkio cgroup.
>> It may be used to limit number of aio requests, which are available for
>> a cgroup, and could be useful for containers.
>
> Can you please explain how this is a fundamental resource which can't
> be controlled otherwise?
Currently, aio_nr and aio_max_nr are global. In case of containers this
means that a single container may occupy all aio requests, which are
available in the system, and to deprive others possibility to use aio
at all. This may happen because of evil intentions of the container's
user or because of the program error, when the user makes this occasionally.
My patch set allows to guarantee that every container or cgroup has
its own number of allowed aios, and nobody can steal it, and therefore
can't slow down another containers, and to force programs to use direct io.
AIO gives certain advantages to its user, so this patchset just doesn't
allow to rob the advantages without any possibility to protect against that.
This could be used by LXC or for starting some critical micro-services,
for example.
Kirill
Powered by blists - more mailing lists