| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20251116142721.959920-1-sunshaojie@kylinos.cn>
Date: Sun, 16 Nov 2025 22:27:20 +0800
From: Sun Shaojie <sunshaojie@...inos.cn>
To: llong@...hat.com
Cc: chenridong@...weicloud.com,
mkoutny@...e.com,
cgroups@...r.kernel.org,
hannes@...xchg.org,
linux-kernel@...r.kernel.org,
linux-kselftest@...r.kernel.org,
shuah@...nel.org,
tj@...nel.org,
Sun Shaojie <sunshaojie@...inos.cn>
Subject: [PATCH v3 0/1] cpuset: relax the overlap check for cgroup-v2
In cgroup v2, a mutual overlap check is required when at least one of
two
cpusets is exclusive. However, this check should be relaxed and limited
to
cases where both cpusets are exclusive.
This patch ensures that for sibling cpusets A1 (exclusive) and B1
(non-exclusive), change B1 cannot affect A1's exclusivity.
for example. Assume a machine has 4 CPUs (0-3).
root cgroup
/ \
A1 B1
Case 1:
Table 1.1: Before applying the patch
Step | A1's prstate | B1'sprstate |
#1> echo "0-1" > A1/cpuset.cpus | member | member |
#2> echo "root" > A1/cpuset.cpus.partition | root | member |
#3> echo "0" > B1/cpuset.cpus | root invalid | member |
After step #3, A1 changes from "root" to "root invalid" because its CPUs
(0-1) overlap with those requested by B1 (0-3). However, B1 can actually
use CPUs 2-3(from B1's parent), so it would be more reasonable for A1 to
remain as "root."
Table 1.2: After applying the patch
Step | A1's prstate | B1'sprstate |
#1> echo "0-1" > A1/cpuset.cpus | member | member |
#2> echo "root" > A1/cpuset.cpus.partition | root | member |
#3> echo "0" > B1/cpuset.cpus | root | member |
Case 2: (This situation remains unchanged from before)
Table 2.1: Before applying the patch
Step | A1's prstate | B1'sprstate |
#1> echo "0-1" > A1/cpuset.cpus | member | member |
#3> echo "1-2" > B1/cpuset.cpus | member | member |
#2> echo "root" > A1/cpuset.cpus.partition | root invalid | member |
Table 2.2: After applying the patch
Step | A1's prstate | B1'sprstate |
#1> echo "0-1" > A1/cpuset.cpus | member | member |
#3> echo "1-2" > B1/cpuset.cpus | member | member |
#2> echo "root" > A1/cpuset.cpus.partition | root invalid | member |
All other cases remain unaffected. For example, cgroup-v1, both A1 and
B1 are exclusive or non-exlusive.
---
v2 -> v3:
- Ensure compliance with constraints such as cpuset.cpus.exclusive.
- Link:
https://lore.kernel.org/cgroups/20251113131434.606961-1-sunshaojie@kylinos.cn/
v1 -> v2:
- Keeps the current cgroup v1 behavior unchanged
- Link:
https://lore.kernel.org/cgroups/c8e234f4-2c27-4753-8f39-8ae83197efd3@redhat.com
kernel/cgroup/cpuset-internal.h | 3 ++
kernel/cgroup/cpuset-v1.c | 20 +++++++++
kernel/cgroup/cpuset.c | 44 ++++++++++++++-----
.../selftests/cgroup/test_cpuset_prs.sh | 10 ++---
4 files changed, 60 insertions(+), 17 deletions(-)
--
2.25.1
Powered by blists - more mailing lists