lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 20 Jul 2018 13:29:10 +0200
From:   Peter Zijlstra <peterz@...radead.org>
To:     Tejun Heo <tj@...nel.org>
Cc:     Waiman Long <longman@...hat.com>, Li Zefan <lizefan@...wei.com>,
        Johannes Weiner <hannes@...xchg.org>,
        Ingo Molnar <mingo@...hat.com>, cgroups@...r.kernel.org,
        linux-kernel@...r.kernel.org, linux-doc@...r.kernel.org,
        kernel-team@...com, pjt@...gle.com, luto@...capital.net,
        Mike Galbraith <efault@....de>, torvalds@...ux-foundation.org,
        Roman Gushchin <guro@...com>,
        Juri Lelli <juri.lelli@...hat.com>,
        Patrick Bellasi <patrick.bellasi@....com>
Subject: Re: [PATCH v11 7/9] cpuset: Expose cpus.effective and mems.effective
 on cgroup v2 root

On Thu, Jul 19, 2018 at 08:30:45AM -0700, Tejun Heo wrote:
> On Thu, Jul 19, 2018 at 10:04:54AM -0400, Waiman Long wrote:
> > > Why would a container not be allowed to create partitions for its
> > > various RT workloads?
> > 
> > As far as I understand, Tejun has some concern about the way that
> > partitioning works is inconsistent with how other resources are being
> > managed by cgroup v2 controllers. I adds an incremental patch to
> > temporarily disable the creation of partition below the first level
> > children to buy us time so that we can reach a compromise later on what
> > to do. We can always add features, but taking away features after they
> > are made available will be hard.
> > 
> > I am fine either way. It is up to you and Tejun to figure out what
> > should be made available to the users.
> 
> So, the main thing is that putting a cpu into a partition locks away
> the cpu from its ancestors.  That's a system level operation which
> isn't delegatable. 

If I understood things right, the partition file is actually owned by
the parent. So only the parent can flip that flag. In case of a
container, the filesystem namespace capturing the cgroup would cause
that file to be effectively r/o.

So effectively the partition flag if part of the parent control. The
parent takes the CPUs away to give them to the child cgroup. The child
itself cannot take or give here.

This is perhaps a little unorthodox, but it delegates just fine. Because
if a container finds .partition == 1, it knows it too can create (sub)
partitions.

> If we want to allow partitioning in subtrees, the
> parent still be able to take away partitioned cpus too even if that
> means ignoring descendants' configurations, which btw is exactly what
> cpuset does for non-partition configs.

I don't see why it would not be able to take away CPUs. But in case of
partitions this really is henous behaviour of the parent.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ