lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <d9f0005c-6825-b2a0-eac3-fcbad6e32b2f@redhat.com>
Date:   Mon, 3 Apr 2023 13:18:42 -0400
From:   Waiman Long <longman@...hat.com>
To:     Michal Koutný <mkoutny@...e.com>
Cc:     Tejun Heo <tj@...nel.org>, Zefan Li <lizefan.x@...edance.com>,
        Johannes Weiner <hannes@...xchg.org>,
        Christian Brauner <brauner@...nel.org>,
        cgroups@...r.kernel.org, linux-kernel@...r.kernel.org,
        Juri Lelli <juri.lelli@...hat.com>,
        Dietmar Eggemann <dietmar.eggemann@....com>,
        gscrivan@...hat.com
Subject: Re: [PATCH 1/3] cgroup/cpuset: Make cpuset_fork() handle
 CLONE_INTO_CGROUP properly


On 4/3/23 12:55, Michal Koutný wrote:
> On Fri, Mar 31, 2023 at 10:50:43AM -0400, Waiman Long <longman@...hat.com> wrote:
>> By default, the clone(2) syscall spawn a child process into the same
>> cgroup as its parent. With the use of the CLONE_INTO_CGROUP flag
>> introduced by commit ef2c41cf38a7 ("clone3: allow spawning processes
>> into cgroups"), the child will be spawned into a different cgroup which
>> is somewhat similar to writing the child's tid into "cgroup.threads".
>>
>> The current cpuset_fork() method does not properly handle the
>> CLONE_INTO_CGROUP case where the cpuset of the child may be different
>> from that of its parent.  Update the cpuset_fork() method to treat the
>> CLONE_INTO_CGROUP case similar to cpuset_attach().
> Should .can_fork=cpuset_can_fork in analogy to cpuset_can_attach be also
> devised? (Sorry if I missed that in the previous discussion.)

I have thought about that too.

However, the can_attach method checks only a couple of things:

1) PF_NO_SETAFFINITY flag - which won't be set in the case of fork() as 
it is for kthread only.
2) DL bandwidth - Juri has a cpuset outstanding to modify the way this 
check is being done. I want to wait until it is settled before tackling 
this, if necessary.
3) security_task_setscheduler() - the CLONE_INTO_CGROUP code has already 
checked that, we don't need to duplicate the check.

So we don't need a can_fork() check for now.

Cheers,
Longman

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ