lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <166fe7950810300629v714c8860ke38255275b57a523@mail.gmail.com>
Date:	Thu, 30 Oct 2008 06:29:14 -0700
From:	"Ranjit Manomohan" <ranjitm@...gle.com>
To:	"Thomas Graf" <tgraf@...g.ch>
Cc:	"David Miller" <davem@...emloft.net>, netdev@...r.kernel.org
Subject: Re: pkt_sched: Control group classifier

On Thu, Oct 30, 2008 at 6:10 AM, Thomas Graf <tgraf@...g.ch> wrote:
> * Ranjit Manomohan <ranjitm@...gle.com> 2008-10-30 04:57
>> The complexity of migrating open sockets across cgroups can easily be
>> fixed if it is deemed to be a problem but is unlikely to be a big
>> issue for most workloads like browsers or web servers.
>
> Can you explain how to assign the PIDs to cgroups before the process
> is created?

By assigning the parent to the cgroup before the new process is forked.

> Are there any special tools to achieve that? Or do you
> intentionally limit the functionality to sockets which are created
> after the process is assigned to the cgroup? I would be interested to
> see a typical usage example of your approach in order to understand
> it better.

An excerpt from the patch I had sent out:

An example of the use of this resource controller would be to limit
the traffic from all tasks from a file_server cgroup to 100Mbps. We could
achieve this by doing:

# make a cgroup of file transfer processes and assign it a arbitrary unique
# classid of 0x1234 - this will be used later to direct packets.
mkdir -p /dev/cgroup
mount -t cgroup tc -otc /dev/cgroup
mkdir /dev/cgroup/file_transfer
echo 0x1234 > /dev/cgroup/file_transfer/tc.classid


# Now create a HTB class that rate limits traffic to 100mbits and attach
# a filter to direct all traffic from cgroup file_transfer to this new class.
tc qdisc add dev eth0 root handle 1: htb
tc class add dev eth0 parent 1: classid 1:10 htb rate 100mbit ceil 100mbit
tc filter add dev eth0 parent 1: handle 800 protocol ip prio 1 cgroup
value 0x1234 classid 1:10

# write the current shell pid to the cgroup
echo $$ > /dev/cgroup/file_transfer/tasks
#start the new task (e.g. ftp)
ftp foo.bar.com

>
> Fixing the migration of open sockets is definitely not a problem but
> how do you plan on assigning the class identifier to sockets which
> already exist when a process is assigned to a cgroup? Do you intend
> to walk through all open file descriptors?

That is one possible solution (maybe a bit too heavyweight) or the
other technique suggested was for the socket to hold a reference to
the cgroup and then the id could be changed on the fly without having
to walk all the sockets.

Again in practice both these may be overkill since it should be
relatively easy for a resource management daemon on the system to
start new processes in a cgroup instead of attempting live migration.

-Thanks,
Ranjit

>
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ