Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp933479pxu; Thu, 3 Dec 2020 16:54:55 -0800 (PST) X-Google-Smtp-Source: ABdhPJyiNTlthWq9dkmNgazosoAWFns+7+NcnjhPLBnTpiJNguDBfgDducJiXW68758s9Arwocxl X-Received: by 2002:a17:906:3081:: with SMTP id 1mr5140287ejv.162.1607043295629; Thu, 03 Dec 2020 16:54:55 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1607043295; cv=none; d=google.com; s=arc-20160816; b=C4BH0NyCnKiI54ex5xeDS8/zaIKcdSu1+4YRwkPEX+174al4xHsbI9r4B5+pmfRpUM vxCsnBpdiGWgE5Awk4rSpkBjUJ3zB1Oz4SzNVmI2Gl3GZlvYuenjjWhLOk6wsDkH2ioz HJRR5BzsjLQd7Lnwzz3gExHDgET9Eokax/uO7MT8935vNSEq0ia3jYqxDi/mIHhZ37xo rtGhyBNlgU0WqQnO0B7Nf3zOBWZD4lH39Dq9wB9H0N2AQ07jTb1vg3LdeBFwWSGFGvtc qpc8p7VmtNBmtu3i/d7FoJqE9EH/ircbWZI96RBwFYXxQSLuiIvWr8JiDmarlbBqQCUy pZ3g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=iCJpgZmnm7u2UzSgzFamkTMFrZoFYbYSyOFOjjq/gmM=; b=ozvmkoBLO9ujgI6rPz8UqYr/vRokAkWFQH8p6dAk/51QCY3RephECeSFoiAByvWwzK M3Y5yDG06gTmxJH2tpGN3kXK0iUbpOdy0F//S940KZdMd6GuDLNgBIALCREebFEFnb4/ ZB52IncF5efFBodc+ZNV4bw/7pnXXSwBNuNyDSpQfpS5/SG4XOtov0pg44YZp95jtdP0 2WEbiZgtzx3b2gpOGFTkUNLeVCuyJZ79ZlMN1wi+8FyGvuPvLuRlPNGER/V3zoBvJD9c tbn3Ozq23yhYj0DJ6oSgQKod/0YFH7+GwcNN1XtVScN6UBJdLd9wLmdFCMUCdPr8bCql 5XyQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=PEcpit1+; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id z41si1966425ede.411.2020.12.03.16.54.32; Thu, 03 Dec 2020 16:54:55 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=PEcpit1+; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726645AbgLDAwf (ORCPT + 99 others); Thu, 3 Dec 2020 19:52:35 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52216 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726158AbgLDAwf (ORCPT ); Thu, 3 Dec 2020 19:52:35 -0500 Received: from mail-qt1-x82c.google.com (mail-qt1-x82c.google.com [IPv6:2607:f8b0:4864:20::82c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C08FBC061A4F for ; Thu, 3 Dec 2020 16:51:54 -0800 (PST) Received: by mail-qt1-x82c.google.com with SMTP id d5so2887361qtn.0 for ; Thu, 03 Dec 2020 16:51:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=iCJpgZmnm7u2UzSgzFamkTMFrZoFYbYSyOFOjjq/gmM=; b=PEcpit1+ITdCBshasduZ4KTJ7+dygWh1eRTOJlYGKKQshaZtnqFC9aRwFujSdsiKKd 4EtVxrTTpIc8FuEJlo4IH86vIQdqOHW2R9/tNiV3ZlrsdNoxQ8HY2o0FrvhWW3Gx1rms PWPefErPc3kBh8kV+iqCfh6Veo2Mg8/KGdJaIYhpvtgy+QP+IClGlIhHDfo4OE2+HF1v DZmHW1RdBmGzjjtsajdm+tbZpFtGs0fNQRaMARAwgPOLmfLeNJo8n/0yFAMKc6BxQTlt 3Pw1+rYtmhH0MsHLbKlP3zmud+MNfnnMTduNKzdaC/tyVZ6L6WzoXE1BOSTaRNmrjS84 V1/A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=iCJpgZmnm7u2UzSgzFamkTMFrZoFYbYSyOFOjjq/gmM=; b=WafGraQrp/n7061z08qBv0rU/cMugWtrzpc3aT98Nsv08GAYRRFAXnNnjTIc01Zk5m RJQemebk82uEmSVas815NZ7ivoH/Dk+6Ew/Z/40XR9c1ywkXUfriy5+i29qRBY/sux5R C0SnlcqBJAbWQPGdY3Tl//8uTbnG0INPMPAm8mEZfQ4urvS20IrjGYKW4z3WfCxwin2t sOHu9el9/ELekxPzl5f2XeDtlBY6u4THoge1GJSxFnpM7hLC/gXltgZSNb0+HJr/2YPT +uyrknKh104RqhUKHQxnMfQsuELk6V0/p1FMr0UcG65Qmlmxl/bSZ6U12N8lU3oSAAzJ /GnA== X-Gm-Message-State: AOAM531GvOdBmk3xa8Zmm59x0I3b7SWLOXJboSdX0k5fSGRJ5B+KPPt9 WPvdD/e5FsPvWk90wzFQxrBxnapmaCkEYw3Hg/AUyQ== X-Received: by 2002:ac8:67da:: with SMTP id r26mr6231554qtp.101.1607043113656; Thu, 03 Dec 2020 16:51:53 -0800 (PST) MIME-Version: 1.0 References: <20201117232003.3580179-1-joel@joelfernandes.org> <20201117232003.3580179-27-joel@joelfernandes.org> <20201125134237.GZ2414@hirez.programming.kicks-ass.net> <20201202080211.GD3021@hirez.programming.kicks-ass.net> In-Reply-To: <20201202080211.GD3021@hirez.programming.kicks-ass.net> From: Josh Don Date: Thu, 3 Dec 2020 16:51:42 -0800 Message-ID: Subject: Re: [PATCH -tip 26/32] sched: Add a second-level tag for nested CGroup usecase To: Peter Zijlstra Cc: "Joel Fernandes (Google)" , Nishanth Aravamudan , Julien Desfossez , Tim Chen , Vineeth Pillai , Aaron Lu , Aubrey Li , Thomas Gleixner , linux-kernel , mingo@kernel.org, torvalds@linux-foundation.org, fweisbec@gmail.com, Kees Cook , Greg Kerr , Phil Auld , Valentin Schneider , Mel Gorman , Pawan Gupta , Paolo Bonzini , vineeth@bitbyteword.org, Chen Yu , Christian Brauner , Agata Gruza , Antonio Gomez Iglesias , graf@amazon.com, konrad.wilk@oracle.com, dfaggioli@suse.com, Paul Turner , Steven Rostedt , Patrick Bellasi , benbjiang@tencent.com, Alexandre Chartre , James.Bottomley@hansenpartnership.com, OWeisse@umich.edu, Dhaval Giani , Junaid Shahid , Jesse Barnes , chris.hyser@oracle.com, Ben Segall , Hao Luo , Tom Lendacky , Aubrey Li , "Paul E. McKenney" , Tim Chen , Oleg Rombakh , Tejun Heo Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Dec 2, 2020 at 12:02 AM Peter Zijlstra wrote: > > On Tue, Dec 01, 2020 at 10:18:00PM -0800, Josh Don wrote: > > Hey Peter, > > > > On Wed, Nov 25, 2020 at 5:43 AM Peter Zijlstra wrote: > > > > > > Why can't the above work by setting 'tag' (that's a terrible name, why > > > does that still live) in CDE? Have the most specific tag live. Same with > > > that thread stuff. > > > > The motivation is to allow an unprivileged user the ability to > > configure the trust hierarchy in a way that otherwise wouldn't be > > possible for a given cgroup hierarchy. For example given a cookie'd > > hierarchy such as: > > > > A > > / | | \ > > B C D E > > > > the user might only want subsets of {B, C, D, E} to share. For > > instance, the user might only want {B,C} and {D, E} to share. One way > > to solve this would be to allow the user to write the group cookie > > directly. However, this interface would need to be restricted to > > privileged users, since otherwise the cookie could be configured to > > share with any arbitrary cgroup. The purpose of the 'color' field is > > to expose a portion of the cookie that can be modified by a > > non-privileged user in order to achieve this sharing goal. > > > > If this doesn't seem like a useful case, I'm happy to drop this patch > > from the series to unblock it. > > Well, the traditional cgroup way of doing that would be to: > > A > / \ > T1 T2 > / \ > B C > > And tag T1 if you want B,C to share. > > So me the color thing reads like an end-run around the cgroup hierarchy. Restructuring the cgroup resource hierarchy to incorporate the trust domains is not necessarily trivial (as is the case for us). I agree though that that would be the ideal correct solution from the cgroup hierarchy perspective.