lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20181220161649.GA31865@redhat.com>
Date:   Thu, 20 Dec 2018 17:16:50 +0100
From:   Oleg Nesterov <oleg@...hat.com>
To:     Roman Gushchin <guro@...com>
Cc:     Roman Gushchin <guroan@...il.com>, Tejun Heo <tj@...nel.org>,
        Dan Carpenter <dan.carpenter@...cle.com>,
        Mike Rapoport <rppt@...ux.vnet.ibm.com>,
        "cgroups@...r.kernel.org" <cgroups@...r.kernel.org>,
        "linux-doc@...r.kernel.org" <linux-doc@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        Kernel Team <Kernel-team@...com>
Subject: Re: [PATCH v5 4/7] cgroup: cgroup v2 freezer

On 12/18, Roman Gushchin wrote:
>
> > > > > --- a/kernel/freezer.c
> > > > > +++ b/kernel/freezer.c
> > > > > @@ -134,7 +134,7 @@ bool freeze_task(struct task_struct *p)
> > > > >                 return false;
> > > > >
> > > > >         spin_lock_irqsave(&freezer_lock, flags);
> > > > > -       if (!freezing(p) || frozen(p)) {
> > > > > +       if (!freezing(p) || frozen(p) || cgroup_task_frozen()) {
> > > > >                 spin_unlock_irqrestore(&freezer_lock, flags);
> > > > >                 return false;
> > > > >         }
> > > > >
> > > > > --
> > > > >
> > > > > If the task is already frozen by the cgroup freezer, we don't have to do
> > > > > anything additionally.
> > > >
> > > > I don't think so. A cgroup_task_frozen() task can be killed after
> > > > try_to_freeze_tasks() succeeds, and the exiting task can close files,
> > > > do IO, etc. Or it can be thawed by cgroup_freeze_task(false).
> > > >
> > > > In short, if try_to_freeze_tasks() succeeds, the caller has all rights
> > > > to assume that nobody can escape from __refrigerator().
> > >
> > > But this is what we do with stopped and ptraced tasks, isn't it?
> >
> > No,
> >
> > > We do use freezable_schedule() and the system freezer just ignores such tasks.
> >
> > 	static inline void freezable_schedule(void)
> > 	{
> > 		freezer_do_not_count();
> > 		schedule();
> > 		freezer_count();
> > 	}
> >
> > and note that freezer_count() calls try_to_freeze().
> >
> > IOW, the task sleeping in freezable_schedule() doesn't really differ from the
> > task sleeping in __refrigerator(). It is not that "the system freezer just
> > ignores such tasks", it ignores them because it can safely count them as frozen.
>
> Right, so the task is sleeping peacefully, and we know, that it won't get
> anywhere, because we'll catch it in freezer_count(). We allow it to sleep
> there, we don't force it to __refrigerator(), and we treat it as frozen.
>
> How's that different to cgroup v2 freezer? If the task is frozen by cgroup v2
> freezer, let it sleep there, and catch if it tries to escape. Exactly as it
> works for SIGSTOP.
>
> Am I missing something?

Roman, perhaps we misunderstood each other...

I still think that the cgroup_task_frozen() check in freeze_task() you proposed
a) is not right, and b) it is not what we do with the STOPPED/TRACED tasks which
call freezable_schedule(). This is what I tried to say.

If you meant that freezer v2 can too use freezable_schedule() - I agree.

> So, you think that v2 freezer should follow the same approach, and allow tasks
> sleeping on SIGSTOP, for instance, to be treated as frozen?
> Hm, maybe. I have to think more here.

I think this would be nice. Otherwise, say, CGRP_FREEZE can be never reported
if I read this code correctly. And this looks "symmetrical" with the fact that
a ->frozen task reacts to SIGSTOP and it is still treated as frozen after that.

Oleg.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ