| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 5 Jun 2019 07:03:24 -0700
From: Tejun Heo <tj@...nel.org>
To: Patrick Bellasi <patrick.bellasi@....com>
Cc: linux-kernel@...r.kernel.org, linux-pm@...r.kernel.org,
linux-api@...r.kernel.org, Ingo Molnar <mingo@...hat.com>,
Peter Zijlstra <peterz@...radead.org>,
"Rafael J . Wysocki" <rafael.j.wysocki@...el.com>,
Vincent Guittot <vincent.guittot@...aro.org>,
Viresh Kumar <viresh.kumar@...aro.org>,
Paul Turner <pjt@...gle.com>,
Quentin Perret <quentin.perret@....com>,
Dietmar Eggemann <dietmar.eggemann@....com>,
Morten Rasmussen <morten.rasmussen@....com>,
Juri Lelli <juri.lelli@...hat.com>,
Todd Kjos <tkjos@...gle.com>,
Joel Fernandes <joelaf@...gle.com>,
Steve Muckle <smuckle@...gle.com>,
Suren Baghdasaryan <surenb@...gle.com>
Subject: Re: [PATCH v9 12/16] sched/core: uclamp: Extend CPU's cgroup
controller
Hello,
On Mon, Jun 03, 2019 at 01:27:25PM +0100, Patrick Bellasi wrote:
> All the above, to me it means that:
> - cgroups are always capped by system clamps
> - cgroups can further restrict system clamps
>
> Does that match with your view?
Yeah, as long as what's defined at system level clamps everything in
the system whether they're in cgroups or not, it's all good.
> > * Limits (high / max) default to max. Protections (low / min) 0. A
> > new cgroup by default doesn't constrain itself further and doesn't
> > have any protection.
>
> Example 2
> ---------
>
> Let say we have:
>
> /tg1:
> util_min=200 (as a protection)
> util_max=800 (as a limit)
>
> the moment we create a subgroup /tg1/tg11, in v9 it is initialized
> with the same limits _and protections_ of its father:
>
> /tg1/tg11:
> util_min=200 (protection inherited from /tg1)
> util_max=800 (limit inherited from /tg1)
>
> Do you mean that we should have instead:
>
> /tg1/tg11:
> util_min=0 (no protection by default at creation time)
> util_max=800 (limit inherited from /tg1)
>
>
> i.e. we need to reset the protection of a newly created subgroup?
The default value for limits should be max, protections 0. Don't
inherit config values from the parent. That gets confusing super fast
because when the parent config is set and each child is created plays
into the overall configuration. Hierarchical confinements should
always be enforced and a new cgroup should always start afresh in
terms of its own configuration.
> > * A limit defines the upper ceiling for the subtree. If an ancestor
> > has a limit of X, none of its descendants can have more than X.
>
> That's correct, however we distinguish between "requested" and
> "effective" values.
Sure, all property propagating controllers should.
> > Note that there's no way for an ancestor to enforce protection its
> > descendants. It can only allow them to claim some. This is
> > intentional as the other end of the spectrum is either descendants
> > losing the ability to further distribute protections as they see fit.
>
> Ok, that means I need to update in v10 the initialization of subgroups
> min clamps to be none by default as discussed in the above Example 2,
> right?
Yeah and max to max.
Thanks.
--
tejun
Powered by blists - more mailing lists