| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <0bdfb7f2-61ee-7b2a-fdb2-3c41f6d6ade0@redhat.com>
Date: Wed, 1 Dec 2021 09:26:43 -0500
From: Waiman Long <longman@...hat.com>
To: Tejun Heo <tj@...nel.org>
Cc: Michal Koutný <mkoutny@...e.com>,
Zefan Li <lizefan.x@...edance.com>,
Johannes Weiner <hannes@...xchg.org>,
Jonathan Corbet <corbet@....net>,
Shuah Khan <shuah@...nel.org>, cgroups@...r.kernel.org,
linux-kernel@...r.kernel.org, linux-doc@...r.kernel.org,
linux-kselftest@...r.kernel.org,
Andrew Morton <akpm@...ux-foundation.org>,
Roman Gushchin <guro@...com>, Phil Auld <pauld@...hat.com>,
Peter Zijlstra <peterz@...radead.org>,
Juri Lelli <juri.lelli@...hat.com>,
Frederic Weisbecker <frederic@...nel.org>,
Marcelo Tosatti <mtosatti@...hat.com>
Subject: Re: [PATCH v8 5/6] cgroup/cpuset: Update description of
cpuset.cpus.partition in cgroup-v2.rst
On 11/30/21 22:56, Waiman Long wrote:
> On 11/30/21 12:11, Tejun Heo wrote:
>
>
>>> Once becoming a partition root, the following two rules restrict
>>> what changes can be made to "cpuset.cpus".
>>>
>>> 1) The value must be exclusive.
>>> 2) If child cpusets exist, the value must be a superset of what
>>> are defined in the child cpusets.
>>>
>>> The second rule applies even for "member". Other changes to
>>> "cpuset.cpus" that do not violate the above rules are always
>>> allowed.
>> While it isn't necessarily tied to this series, it's a big no-no to
>> restrict
>> what a parent can do depending on what its descendants are doing. A
>> cgroup
>> higher up in the hierarchy should be able to change configuration
>> however it
>> sees fit as deligation breaks down otherwise.
>>
>> Maybe you can argue that cpuset is special and shouldn't be subject
>> to such
>> convention but I can't see strong enough justifications especially given
>> that most of these restrictions can be broken by hotplug operations
>> anyway
>> and thus need code to handle those situations.
>
> These are all pre-existing restrictions before the introduction of
> partition. These are checks done in validate_change(). I am just
> saying out loud the existing behavior. If you think that needs to be
> changed, I am fine with that. However, it will be a separate patch as
> it is not a behavior that is introduced by this series.
Of the 2 restrictions listed above, the exclusivity rule is due to the
use of CS_CPU_EXCLUSIVE flag. I think it is reasonable as it affects
only siblings, not the parent.
The second restriction was found during my testing. It is caused by the
following code in validate_change():
/* Each of our child cpusets must be a subset of us */
ret = -EBUSY;
cpuset_for_each_child(c, css, cur)
if (!is_cpuset_subset(c, trial))
goto out;
It seems that this code was there since v2.6.12 (the beginning of the
git era). Later in function, we have
/* On legacy hierarchy, we must be a subset of our parent
cpuset. */
ret = -EACCES;
if (!is_in_v2_mode() && !is_cpuset_subset(trial, par))
goto out;
This is actually a duplicate in the case of legacy hierarchy.
I can add a patch to take out the first code block above which I think
is where most of your objections are. Then I can remove the 2nd
restriction in my documentation. I would like to emphasize that this is
a pre-existing behavior which I just happen to document.
Cheers,
Longman
Powered by blists - more mailing lists