Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753256AbbKPRCe (ORCPT ); Mon, 16 Nov 2015 12:02:34 -0500 Received: from mail-ig0-f176.google.com ([209.85.213.176]:33251 "EHLO mail-ig0-f176.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752929AbbKPRCa (ORCPT ); Mon, 16 Nov 2015 12:02:30 -0500 Subject: Re: [PATCH] cgroup_pids: add fork limit To: Aleksa Sarai References: <144716440621.20175.1000688899886388119.stgit@rabbit.intern.cm-ag> <5642142F.2090302@gmail.com> <56424B83.2080504@gmail.com> Cc: Parav Pandit , Max Kellermann , Tejun Heo , cgroups@vger.kernel.org, lizefan@huawei.com, Johannes Weiner , max@duempel.org, linux-kernel@vger.kernel.org From: Austin S Hemmelgarn Message-ID: <564A0C0E.6090004@gmail.com> Date: Mon, 16 Nov 2015 12:02:06 -0500 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-512; boundary="------------ms080609030309080307010203" X-Antivirus: avast! (VPS 151116-0, 2015-11-16), Outbound message X-Antivirus-Status: Clean Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 6506 Lines: 113 This is a cryptographically signed message in MIME format. --------------ms080609030309080307010203 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable On 2015-11-15 08:36, Aleksa Sarai wrote: >>> If so, could you share little more insight on how that time measure >>> outside of the cpu's cgroup cycles? Just so that its helpful to wider= >>> audience. >> >> Well, there are a number of things that I can think of that the kernel= does >> on behalf of processes that can consume processor time that isn't triv= ial to >> account: >> * Updating timers on behalf of userspace processes (itimers or simi= lar). >> * Sending certain kernel generated signals to processes (that is, s= tuff >> generated by the kernel like SIGFPE, SIGSEGV, and so forth). >> * Queuing events from dnotify/inotify/fanotify. >> * TLB misses, page faults, and swapping. >> * Setting up new processes prior to them actually running. >> * Scheduling. >> All of these are things that fork-bombs can and (other than TLB misses= ) do >> exploit to bring a system down, and the cpu cgroup is by no means a ma= gic >> bullet to handle this. > > I feel like these are backed by different resources, and we should > work on limiting those *at the source* in the context of a controller > rather than just patching up the symptoms (too many forks causing > issues), because these are symptoms of a larger issue IMO. OK, what specific resources back each of the things that I mentioned?=20 Other than setting up a new process (which in retrospect I realize=20 should probably just be accounted as processor time for the parent), I=20 can't really see much that most of these are backed by, other than=20 processor time (and until someone demonstrates otherwise, I stand by my=20 statement that they are non-trivial to account properly as processor time= ). --------------ms080609030309080307010203 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgMFADCABgkqhkiG9w0BBwEAAKCC Brgwgga0MIIEnKADAgECAgMRLfgwDQYJKoZIhvcNAQENBQAweTEQMA4GA1UEChMHUm9vdCBD QTEeMBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0IFNp Z25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2VydC5vcmcwHhcN MTUwOTIxMTEzNTEzWhcNMTYwMzE5MTEzNTEzWjBjMRgwFgYDVQQDEw9DQWNlcnQgV29UIFVz ZXIxIzAhBgkqhkiG9w0BCQEWFGFoZmVycm9pbjdAZ21haWwuY29tMSIwIAYJKoZIhvcNAQkB FhNhaGVtbWVsZ0BvaGlvZ3QuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA nQ/81tq0QBQi5w316VsVNfjg6kVVIMx760TuwA1MUaNQgQ3NyUl+UyFtjhpkNwwChjgAqfGd LIMTHAdObcwGfzO5uI2o1a8MHVQna8FRsU3QGouysIOGQlX8jFYXMKPEdnlt0GoQcd+BtESr pivbGWUEkPs1CwM6WOrs+09bAJP3qzKIr0VxervFrzrC5Dg9Rf18r9WXHElBuWHg4GYHNJ2V Ab8iKc10h44FnqxZK8RDN8ts/xX93i9bIBmHnFfyNRfiOUtNVeynJbf6kVtdHP+CRBkXCNRZ qyQT7gbTGD24P92PS2UTmDfplSBcWcTn65o3xWfesbf02jF6PL3BCrVnDRI4RgYxG3zFBJuG qvMoEODLhHKSXPAyQhwZINigZNdw5G1NqjXqUw+lIqdQvoPijK9J3eijiakh9u2bjWOMaleI SMRR6XsdM2O5qun1dqOrCgRkM0XSNtBQ2JjY7CycIx+qifJWsRaYWZz0aQU4ZrtAI7gVhO9h pyNaAGjvm7PdjEBiXq57e4QcgpwzvNlv8pG1c/hnt0msfDWNJtl3b6elhQ2Pz4w/QnWifZ8E BrFEmjeeJa2dqjE3giPVWrsH+lOvQQONsYJOuVb8b0zao4vrWeGmW2q2e3pdv0Axzm/60cJQ haZUv8+JdX9ZzqxOm5w5eUQSclt84u+D+hsCAwEAAaOCAVkwggFVMAwGA1UdEwEB/wQCMAAw VgYJYIZIAYb4QgENBEkWR1RvIGdldCB5b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSBo ZWFkIG92ZXIgdG8gaHR0cDovL3d3dy5DQWNlcnQub3JnMA4GA1UdDwEB/wQEAwIDqDBABgNV HSUEOTA3BggrBgEFBQcDBAYIKwYBBQUHAwIGCisGAQQBgjcKAwQGCisGAQQBgjcKAwMGCWCG SAGG+EIEATAyBggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9vY3NwLmNhY2Vy dC5vcmcwMQYDVR0fBCowKDAmoCSgIoYgaHR0cDovL2NybC5jYWNlcnQub3JnL3Jldm9rZS5j cmwwNAYDVR0RBC0wK4EUYWhmZXJyb2luN0BnbWFpbC5jb22BE2FoZW1tZWxnQG9oaW9ndC5j b20wDQYJKoZIhvcNAQENBQADggIBADMnxtSLiIunh/TQcjnRdf63yf2D8jMtYUm4yDoCF++J jCXbPQBGrpCEHztlNSGIkF3PH7ohKZvlqF4XePWxpY9dkr/pNyCF1PRkwxUURqvuHXbu8Lwn 8D3U2HeOEU3KmrfEo65DcbanJCMTTW7+mU9lZICPP7ZA9/zB+L0Gm1UNFZ6AU50N/86vjQfY WgkCd6dZD4rQ5y8L+d/lRbJW7ZGEQw1bSFVTRpkxxDTOwXH4/GpQfnfqTAtQuJ1CsKT12e+H NSD/RUWGTr289dA3P4nunBlz7qfvKamxPymHeBEUcuICKkL9/OZrnuYnGROFwcdvfjGE5iLB kjp/ttrY4aaVW5EsLASNgiRmA6mbgEAMlw3RwVx0sVelbiIAJg9Twzk4Ct6U9uBKiJ8S0sS2 8RCSyTmCRhJs0vvva5W9QUFGmp5kyFQEoSfBRJlbZfGX2ehI2Hi3U2/PMUm2ONuQG1E+a0AP u7I0NJc/Xil7rqR0gdbfkbWp0a+8dAvaM6J00aIcNo+HkcQkUgtfrw+C2Oyl3q8IjivGXZqT 5UdGUb2KujLjqjG91Dun3/RJ/qgQlotH7WkVBs7YJVTCxfkdN36rToPcnMYOI30FWa0Q06gn F6gUv9/mo6riv3A5bem/BdbgaJoPnWQD9D8wSyci9G4LKC+HQAMdLmGoeZfpJzKHMYIE0TCC BM0CAQEwgYAweTEQMA4GA1UEChMHUm9vdCBDQTEeMBwGA1UECxMVaHR0cDovL3d3dy5jYWNl cnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0IFNpZ25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcN AQkBFhJzdXBwb3J0QGNhY2VydC5vcmcCAxEt+DANBglghkgBZQMEAgMFAKCCAiEwGAYJKoZI hvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTUxMTE2MTcwMjA2WjBPBgkq hkiG9w0BCQQxQgRAI/z3WZ3bdDwuohm3er5IK7q1D/AQJTuDTCGvHAKenBgrPwEoW9FzDJzY ny1v4Qj0EcWJJPfT09PoXj8LKkUV0DBsBgkqhkiG9w0BCQ8xXzBdMAsGCWCGSAFlAwQBKjAL BglghkgBZQMEAQIwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFA MAcGBSsOAwIHMA0GCCqGSIb3DQMCAgEoMIGRBgkrBgEEAYI3EAQxgYMwgYAweTEQMA4GA1UE ChMHUm9vdCBDQTEeMBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlD QSBDZXJ0IFNpZ25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2Vy dC5vcmcCAxEt+DCBkwYLKoZIhvcNAQkQAgsxgYOggYAweTEQMA4GA1UEChMHUm9vdCBDQTEe MBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0IFNpZ25p bmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2VydC5vcmcCAxEt+DAN BgkqhkiG9w0BAQEFAASCAgCOhlwtnB6RIIZjvrfY7bM78PvljWJ1fgDhWrZyJMVGblQLp1Nk zdC8LFL+Ug/6GsX/MwQU1ZvvIzE6vp3893vmQShi5cY55VxIKBXNWP4L7Z0CNclB7Qf+NwEB SfRZLObm+OBadBW8/2lAEmfmQs6GL+n0eT4N2neiuwyRckeuuZSB/dpsTMjYKz1KbvIJLloC uHl25mLga23tl7B2upd/vBBAa9MVPY/SEpVEaIUtkiLThrRC0tnMGUXL7WbtJiwanvwF5+kc xcnjqYVlvahu6FgUd1gYjWpJaVFiTXFatUENU0Xfnw3oEfiQZahjXUwRxU/nGJWxYZj3cbmO PiMG1184mMM+3b/DOank5/TI+Nbwrp+oRxRlsmu8vAxhGz5DIrN8qdJ4VkCkc/xohAG1fHFz mP9cmRigWHP2BiBZ1CG3miLSb1Dw8av6iRY4mlX1QC9/YmQLeLuCsBpZlbjNel3fYy/rS4uz LmBZBgEr8FzuDSiGrn+tbWs1UUu5UITHH/Tb2H4NAoldMZf3k+OUzXUpMjY6slp3M3zCpxUU kLn1oVZyEavo6PpMXWlC0ODmpOjv+83/ofCQvpA1jrQeQiXzEnVceypKvF0CH3bfEQwbsPUq lWYaCUVmaPHRiyUhlfjIxzHwR4n9WLJvZBVXvrFfIXr5x7tjFG07srlfOAAAAAAAAA== --------------ms080609030309080307010203-- -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/