lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <YxeBGeOaQxvlPLzo@slm.duckdns.org>
Date:   Tue, 6 Sep 2022 07:19:21 -1000
From:   Tejun Heo <tj@...nel.org>
To:     Zhongkun He <hezhongkun.hzk@...edance.com>
Cc:     lizefan.x@...edance.com, hannes@...xchg.org,
        cgroups@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [Phishing Risk] [External] Re: [PATCH] cgroup/cpuset: Add a new
 isolated mems.policy type.

Hello,

On Mon, Sep 05, 2022 at 06:30:38PM +0800, Zhongkun He wrote:
> We usually use numactl to set the memory policy, but it cannot be changed
> dynamically. In addition, the mempolicy of cpuset can provide a more
> convenient interface for management and control panel.

But you can write a better tool easily in userspace to do whatever you wanna
do, right? If you're worried about racing against forks, you can freeze the
cgroup, iterate all pids applying whatever new policy and then unfreeze. We
can probably improve the freezer interface so that multiple users don't
conflict with each other but that shouldn't be too difficult to do and is
gonna be useful generically.

I don't see much point in adding something which can be almost trivially
implemented in userspace as a built-in kernel feature.

> Sorry,I don't quite understand the meaning of "don't enforce anything
> resource related". Does it mean mempolicy, such as "prefer:2" must specify
> node? Or "cpuset.mems.policy" need to specify a default value?
> (cpuset.mems.policy does not require a default value.)

In that there's no real resource being distributed hierarchically like cpu
cycles or memory capacities. All it's doing is changing attributes for a
group of processes, which can be done from userspace all the same.

Thanks.

-- 
tejun

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ