lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-Id: <20251116140832.954477-1-sunshaojie@kylinos.cn>
Date: Sun, 16 Nov 2025 22:08:32 +0800
From: Sun Shaojie <sunshaojie@...inos.cn>
To: chenridong@...weicloud.com
Cc: cgroups@...r.kernel.org,
	hannes@...xchg.org,
	linux-kernel@...r.kernel.org,
	longman@...hat.com,
	mkoutny@...e.com,
	tj@...nel.org
Subject: Re: [PATCH v2] cpuset: relax the overlap check for cgroup-v2

On 2025/11/15 15:41, Chen Ridong wrote:
>> Our product need ensure the following behavior: in cgroup-v2, user 
>> modifications to one cpuset should not affect the partition state of its 
>> sibling cpusets. This is justified and meaningful, as it aligns with the 
>> isolation characteristics of cgroups.
>> 
>
>This is ideal in theory, but I don’t think it’s practical in reality.
>
>> This can be divided into two scenarios:
>> Scenario 1: Only one of A1 and B1 is "root".
>> Scenario 2: Both A1 and B1 are "root".
>> 
>> We plan to implement Scenario 1 first. This is the goal of patch v2.
>> However, patch v2 is flawed because it does not strictly adhere to the 
>> following existing rule.
>> 
>> However, it is worth noting that the current cgroup v2 implementation does 
>> not strictly adhere to the following rule either (which is also an 
>> objective for patch v3 to address).
>> 
>> Rule 1: "cpuset.cpus" cannot be a subset of a sibling's "cpuset.cpus.exclusive".
>> 
>> Using your example to illustrate.
>>  Step (refer to the steps in the table below)
>>  #1> mkdir -p A1                           
>>  #2> echo "0-1" > A1/cpuset.cpus.exclusive 
>>  #3> echo "root" > A1/cpuset.cpus.partition
>>  #4> mkdir -p B1               
>>  #5> echo "0" > B1/cpuset.cpus 
>> 
>> Table 1: Current result
>>  Step | return | A1's excl_cpus | B1's cpus | A1's prstate | B1's prstate |
>>  #1   | 0      |                |           | member       |              |
>>  #2   | 0      | 0-1            |           | member       |              |
>>  #3   | 0      | 0-1            |           | root         |              |
>>  #4   | 0      | 0-1            |           | root         | member       |
>>  #5   | 0      | 0-1            | 0         | root invalid | member       |
>> 
>
>I think this what we expect.
>
>> Table 2: Expected result
>>  Step | return | A1's excl_cpus | B1's cpus | A1's prstate | B1's prstate |
>>  #1   | 0      |                |           | member       |              |
>>  #2   | 0      | 0-1            |           | member       |              |
>>  #3   | 0      | 0-1            |           | root         |              |
>>  #4   | 0      | 0-1            |           | root         | member       |
>>  #5   | error  | 0-1            |           | root         | member       |
>> 
>
>Step 5 should not return an error. As Longman pointed out, in cgroup-v2, setting cpuset.cpus should
>never fail.

Hi, Ridong,

Thank you for your correction. Will update.

Thanks,
Sunshaojie.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ