Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1753187AbbFJExV (ORCPT <rfc822;w@1wt.eu>);
	Wed, 10 Jun 2015 00:53:21 -0400
Received: from mail-pa0-f48.google.com ([209.85.220.48]:34696 "EHLO
	mail-pa0-f48.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1750784AbbFJExN (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Wed, 10 Jun 2015 00:53:13 -0400
Date: Wed, 10 Jun 2015 13:53:04 +0900
From: Tejun Heo <tj@kernel.org>
To: Aleksa Sarai <cyphar@cyphar.com>
Cc: lizefan@huawei.com, mingo@redhat.com, peterz@infradead.org, richard@nod.at,
        fweisbec@gmail.com, linux-kernel@vger.kernel.org,
        cgroups@vger.kernel.org
Subject: Re: [PATCH v14 4/4] cgroup: implement the PIDs subsystem
Message-ID: <20150610045304.GJ11955@mtj.duckdns.org>
References: <1433849530-22845-1-git-send-email-cyphar@cyphar.com>
 <1433849530-22845-5-git-send-email-cyphar@cyphar.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1433849530-22845-5-git-send-email-cyphar@cyphar.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1426
Lines: 31

On Tue, Jun 09, 2015 at 09:32:10PM +1000, Aleksa Sarai wrote:
> Adds a new single-purpose PIDs subsystem to limit the number of
> tasks that can be forked inside a cgroup. Essentially this is an
> implementation of RLIMIT_NPROC that applies to a cgroup rather than a
> process tree.
> 
> However, it should be noted that organisational operations (adding and
> removing tasks from a PIDs hierarchy) will *not* be prevented. Rather,
> the number of tasks in the hierarchy cannot exceed the limit through
> forking. This is due to the fact that, in the unified hierarchy, attach
> cannot fail (and it is not possible for a task to overcome its PIDs
> cgroup policy limit by attaching to a child cgroup -- even if migrating
> mid-fork it must be able to fork in the parent first).
> 
> PIDs are fundamentally a global resource, and it is possible to reach
> PID exhaustion inside a cgroup without hitting any reasonable kmemcg
> policy. Once you've hit PID exhaustion, you're only in a marginally
> better state than OOM. This subsystem allows PID exhaustion inside a
> cgroup to be prevented.

Patches 3-4 look good to me.  Will apply once v4.3 dev window opens.

Thanks.

-- 
tejun
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/