Received: by 2002:ac0:a679:0:0:0:0:0 with SMTP id p54csp711133imp; Thu, 21 Feb 2019 09:36:15 -0800 (PST) X-Google-Smtp-Source: AHgI3IaQrI3u51kwGuPAWEiijDn5162x0dLErkv9S8ik81ckN/9LUudgLbFL4c9KfpSc0A0MtyNc X-Received: by 2002:a62:1992:: with SMTP id 140mr41548617pfz.33.1550770575872; Thu, 21 Feb 2019 09:36:15 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1550770575; cv=none; d=google.com; s=arc-20160816; b=vUO69PvqUHlINRwqGQ2TZYr0DkOtZln3im/JZgMBPGzuOUdf48/GpdXx2nmnGP3a5+ YJfDJUapTq5VRrZDjP2/2QoaHOEHeVvHQHNyYWIXkVJS/H6SJitLwvILc+O8d82QuUbQ 34k85Ye6FXYsWDjO8lGEoTC3a4pzaFD7yjVGC0PmIg2Yv8p/58QVDcivjhEkRLUAKt1B 987+AR1BWJWP8XdJ98sBRQWLPem7AAU8QBnat8yEJWVhYYjvPQpRddPzQvLT5O/YGS7h rnaslDZ0PxR2LBn5YlOcXqTh3HECCbVEiLs4khMsQlOcAbTj6YdqgN4B1Lemfn1imnNV xodg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=dZd5V90RuKK+ZbKvrS8KZJwldBEBUcHT50D54ZP9GEs=; b=Suj6r8vOkBPtrTOhpLAgc9JW22dx1LqXzDq269QKobztHIdwcOOUy9VMPPMnSM1dli 9Ai6h6geHdGACOroWtUf1amy80Du0KX9fZdNJgEhAF9fr8TtK80pqL9mUiP2a1bEyS3N flpo9m9fHTqgvc7/Rfek8NueMXwEOloMblAfWBawQWm/DEI9GAEPje8u+s4lvjWeMjkg hHTsvsNjmad8d+BF/lCQxb4wnIjKfFd73gYw3WOXerL62LtF/Jw4ZRRR4fobc0IPy6OV iUde1sfnllQN4cbRwQTgZ/V5kARSzP3JzrHbHSMVxwWMk+xg55Z377xXQH2pP67ft80z 4SMw== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=hK9JSeTV; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y186si3918331pgd.315.2019.02.21.09.36.00; Thu, 21 Feb 2019 09:36:15 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=hK9JSeTV; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728511AbfBURe0 (ORCPT + 99 others); Thu, 21 Feb 2019 12:34:26 -0500 Received: from mail-yb1-f196.google.com ([209.85.219.196]:42504 "EHLO mail-yb1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725823AbfBURe0 (ORCPT ); Thu, 21 Feb 2019 12:34:26 -0500 Received: by mail-yb1-f196.google.com with SMTP id j189so11188412ybj.9; Thu, 21 Feb 2019 09:34:25 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=dZd5V90RuKK+ZbKvrS8KZJwldBEBUcHT50D54ZP9GEs=; b=hK9JSeTVv0HCK65Qnku4+5Kl4Tc7KVtEQV68EPlOVwGF/ZY1amMKgBdiIrDc/PLk4X Wkka0YqLmFOToI1gEeSo2PDxU1yOz7ka8tlrFeB9n9LPfFHH+u7jQLJN17qWnraLO2v1 SCVYD1h/iC5xcvt7Zy/MKztao0MuT68+1CYYafmm3WJPl+wYIR+wIej1nGDVK8/NokUB 7FCryMTYRVLITDtzKwN6drLI2TbNfWvevtUYzGjr0AkWGwJHYZfdkicZhpiBXOd5Wrc8 m3Vz4ofkNF0iyrVOBEGQmoxAVNKE6x91UdPSIItQM1Llp9cCsTqAFeKuPw0rsz+uvosD xDtA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:from:to:cc:subject:message-id :references:mime-version:content-disposition:in-reply-to:user-agent; bh=dZd5V90RuKK+ZbKvrS8KZJwldBEBUcHT50D54ZP9GEs=; b=iHhLGBF5NrxsJ2+d28j2tUqWigqTyT4pczPrmMx1k+eg/ERJWsKVa+4TvmCxFn+WPD r6wMfYl5YM85pKWSq9zygDbde//Ug7FEcSHf3OyhjkPbJH7zPuM1KHQrIJQCh1Te3Kde m26pd7BSuW9lmuA1o7lbW9DG2AjqjCz6ijmFmmMEmfdZz5WRwjHhhEBxReDWRF/V0g7B wdG0LyHCb0BczBJeFiI6U1q8b7oXpz3zkHch+9cbup/FGWPAoTpo1yW37nkCi3G9YpGV IqYl2T0hZIUkMbOgFGeiJ3L1ralAYqM46B5PTKb69QJ5xp6wcmD7g+qE9KU9u0UDuFQH PwGg== X-Gm-Message-State: AHQUAuacAvWUoR9rjW3/rsi5XBb+2xN303oSut2iJaJECVvTZ1I5IBst cB01dWX26NPcz2ylUluSfdg= X-Received: by 2002:a25:6b50:: with SMTP id o16mr20283521ybm.391.1550770465337; Thu, 21 Feb 2019 09:34:25 -0800 (PST) Received: from localhost ([2620:10d:c091:200::1:7a2b]) by smtp.gmail.com with ESMTPSA id b188sm14406580ywa.58.2019.02.21.09.34.24 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 21 Feb 2019 09:34:24 -0800 (PST) Date: Thu, 21 Feb 2019 09:34:22 -0800 From: Tejun Heo To: Oleg Nesterov Cc: Roman Gushchin , Roman Gushchin , Kernel Team , "cgroups@vger.kernel.org" , "linux-kernel@vger.kernel.org" Subject: Re: [PATCH v8 0/7] freezer for cgroup v2 Message-ID: <20190221173422.GY50184@devbig004.ftw2.facebook.com> References: <20190219220252.4906-1-guro@fb.com> <20190220143748.GA9477@redhat.com> <20190220220020.GA16335@castle.DHCP.thefacebook.com> <20190221162923.GA26064@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20190221162923.GA26064@redhat.com> User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hello, Oleg. On Thu, Feb 21, 2019 at 05:29:24PM +0100, Oleg Nesterov wrote: > But to me this is a reasonable trade-off because this way we do not add > additional complexity to the kernel. So, I really wanna avoid allowing userspace to cause D state sleeps. It's not impossible to work around but becomes really nasty. For example, imagine a memory pressure based userspace oom handler issuer kills based on per-cgroup pressure metric (as oomd would do). It might not necessarily have the insight that a victim cgroup is frozen or whether it can move out its members to a different cgroup (in a lot of cases that will cause a lot of confusion in management software). The frozen state in cgroup1 is a new task state which is different from all others and in a nasty way and it has been causing various confusions and mistakes from its users. We really should make it closer to the existing stop behaviors even if that means more complexity in the implementation. > Actually, "killable" is not that difficult afaics. "ptraceable" looks more > problematic to me. Again, user-space can do > > 1. PTRACE_SEIZE > 2. move the tracee to the root cgroup > 3. do anything with the tracee > 4. move it back which is fine. The goal isn't trying to block userspace from doing things that it explicitly wants to do. That's fine. We just want things like killing and ptracing to behave similarly to other stopped states (ie. avoid introducing completely new behaviors). > But there is another case. If admin wants to freeze a cgroup then it is not > clear why a user which can send SIGKILL to a frozen process should wake it up. > > ------------------------------------------------------------------------------ > Again, it is not that I hate the idea of killable/ptraceable freezer. Just I > personally think it's not worth the trouble. Perhaps I am wrong, but so far > I do not see a good implementation... > > And, apart from reading/writing the registers, what can ptrace do with a frozen > tracee? This doesn't look like a "must have" feature to me. > > At least, may I ask you again to make (if possible) a separate patch which adds > the ability to kill/ptrace? ptrace support is a lot less important than kill for sure but if at all possible I think it'd be better to have it because that makes the frozen state closer to other stopped states and thus less surprising. To summarize, the ideal result is the frozen state to be "stuck in jobctl stop loop" but except for looping in it no different from regular jobctl stop. Plus, register state examination is already useful for frozen cgroups for debbugging purposes in itself. Thanks. -- tejun