lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Mon, 17 Feb 2020 09:41:00 +0100
From:   Michal Hocko <>
To:     Johannes Weiner <>
Cc:     Tejun Heo <>,
        Andrew Morton <>,
        Roman Gushchin <>,,,,
Subject: Re: [PATCH v2 3/3] mm: memcontrol: recursive memory.low protection

On Fri 14-02-20 11:53:11, Johannes Weiner wrote:
> The proper solution to implement the kind of resource hierarchy you
> want to express in cgroup2 is to reflect it in the cgroup tree. Yes,
> the_workload might have been started by user 100 in session c2, but in
> terms of resources, it's prioritized over system.slice and user.slice,
> and so that's the level where it needs to sit:
>                                root
>                        /        |                 \
>                system.slice  user.slice       the_workload
>                /    |           |
>            cron  journal     user-100.slice
>                                 |
>                              session-c2.scope
>                                 |
>                              misc
> Then you can configure not just memory.low, but also a proper io
> weight and a cpu weight. And the tree correctly reflects where the
> workload is in the pecking order of who gets access to resources.

I have already mentioned that this would be the only solution when the
protection would work, right. But I am also saying that this a trivial
example where you simply _can_ move your workload to the 1st level. What
about those that need to reflect organization into the hierarchy. Please
have a look at
Are you saying they are just not supported? Are they supposed to use
cgroup v1 for the organization and v2 for the resource control?
Michal Hocko

Powered by blists - more mailing lists