Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1753911AbbKJPoX (ORCPT <rfc822;w@1wt.eu>);
	Tue, 10 Nov 2015 10:44:23 -0500
Received: from mail-yk0-f180.google.com ([209.85.160.180]:36098 "EHLO
	mail-yk0-f180.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1752809AbbKJPoV (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Tue, 10 Nov 2015 10:44:21 -0500
Date: Tue, 10 Nov 2015 10:44:18 -0500
From: Tejun Heo <tj@kernel.org>
To: cgroups@vger.kernel.org, cyphar@cyphar.com, lizefan@huawei.com,
        hannes@cmpxchg.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] cgroup_pids: add fork limit
Message-ID: <20151110154418.GA5275@mtj.duckdns.org>
References: <144716440621.20175.1000688899886388119.stgit@rabbit.intern.cm-ag>
 <20151110151223.GA17938@mtj.duckdns.org>
 <20151110153746.GA20758@rabbit.intern.cm-ag>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20151110153746.GA20758@rabbit.intern.cm-ag>
User-Agent: Mutt/1.5.24 (2015-08-30)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 2196
Lines: 68

Hello, Max.

On Tue, Nov 10, 2015 at 04:37:46PM +0100, Max Kellermann wrote:
> > But what's the resource here?
> 
> CPU consumption and memory bandwidth.  A fork/clone is an operation

Both are abstracted as CPU usage and controlled by the cpu controller.

> that puts considerable load on a machine, most of which happens in
> kernel space (copying page tables etc.).
> 
> > All first-order resources which can be consumed by forking
> > repeatedly already have proper controllers.
> 
> They do?

Yes.

> I can limit CPU time with RLIMIT_CPU, but that's per-process and thus
> completely useless.  There's no cgroup controller with such a feature.

There's the cpu controller

> There's "cpu" which changes priority, "cpuset" selects CPUs, "cpuacct"

The cpu controller can limit both in terms of relative weight and
absolute CPU cycle bandwidth.

> only does accounting and "freezer" (somewhat related).  But nothing
> that limits CPU usage according to configured rules.
> 
> I can limit absolute memory usage with memcg, which is a good thing,
> but is orthogonal to this feature.  Note that there are already
> various RLIMITs about memory usage, and despite that, memcg was
> merged due to RLIMIT shortcomings.
> 
> "pids" was merged even though there already was RLIMIT_NPROC.  Again,
> RLIMITs have their shortcomings.

Because pids turned out to be a first-order resource which is not
contrained by memory due to the limited pid space.

> But which controllers can I use to achieve the same effect as my fork
> limit feature?  Did I miss one?

Apparently.

> > What's the point of adding an extra second-order controller?
> 
> I explained that, and you just cited my explanation.
> 
> > Where do we go from there?  Limit on the number of syscalls?
> 
> No idea.  Are these questions really relevant for my patch?

Well, it's relevant to the fact that it's failing to distinguish what
are actual resources and what aren't.

Thanks.

-- 
tejun
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/