| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 09 Mar 2020 18:14:20 -0700 (PDT) From: David Miller <davem@...emloft.net> To: zeil@...dex-team.ru Cc: netdev@...r.kernel.org, khlebnikov@...dex-team.ru Subject: Re: [PATCH net] cgroup, netclassid: periodically release file_lock on classid updating From: Dmitry Yakunin <zeil@...dex-team.ru> Date: Thu, 5 Mar 2020 17:45:57 +0300 > In our production environment we have faced with problem that updating > classid in cgroup with heavy tasks cause long freeze of the file tables > in this tasks. By heavy tasks we understand tasks with many threads and > opened sockets (e.g. balancers). This freeze leads to an increase number > of client timeouts. > > This patch implements following logic to fix this issue: > аfter iterating 1000 file descriptors file table lock will be released > thus providing a time gap for socket creation/deletion. > > Now update is non atomic and socket may be skipped using calls: > > dup2(oldfd, newfd); > close(oldfd); > > But this case is not typical. Moreover before this patch skip is possible > too by hiding socket fd in unix socket buffer. > > New sockets will be allocated with updated classid because cgroup state > is updated before start of the file descriptors iteration. > > So in common cases this patch has no side effects. > > Signed-off-by: Dmitry Yakunin <zeil@...dex-team.ru> > Reviewed-by: Konstantin Khlebnikov <khlebnikov@...dex-team.ru> Applied and queued up for -stable, thank you.
Powered by blists - more mailing lists