From: Frederic Weisbecker <fweisbec-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
To: Glauber Costa <glommer-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>
Cc: "Daniel P. Berrange"
<berrange-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
Containers
<containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org>,
Daniel Walsh <dwalsh-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
Hugh Dickins <hughd-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>,
LKML <linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
Johannes Weiner <hannes-druUgvl0LCNAfugRpC6u6w@public.gmane.org>,
Tejun Heo <tj-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>,
Cgroups <cgroups-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
Andrew Morton
<akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org>
Subject: Re: [RFD] Merge task counter into memcg
Date: Thu, 12 Apr 2012 18:59:27 +0200 [thread overview]
Message-ID: <20120412165922.GA12484@somewhere.redhat.com> (raw)
In-Reply-To: <4F87042A.2000902-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>
On Thu, Apr 12, 2012 at 01:34:50PM -0300, Glauber Costa wrote:
> On 04/12/2012 11:55 AM, Frederic Weisbecker wrote:
> >I don't know how the kernel stack is allocated for tasks. Do you mean
> >that we allocate a chunck of it for each new task and we could rely
> >on that?
> >
> More than this: amount of kernel stack is really, really something
> indirect if what you want to track is # of processes. Now, Hannes
> made a fair point in his other e-mail about what is a resource and
> what is not.
I start to consider this option, are there other people interested
in accounting/limiting kernel stack as well?
>
> >>> After all, we would only restrict the number of tasks for the
> >>> resources they require
> >It depends if the kernel stack can have other kind of "consumer".
> >
> It also depends on what you really want to achieve.
> If you want to prevent fork bombs, limiting kernel stack will do just fine.
I want:
a) to prevent the forkbomb from going far enough to DDOS the machine
b) to be able to kill that forkbomb once detected, in one go without race
against concurrent forks.
I think a) can work just fine with kernel stack limiting. I also need
to be notified about the fact we reached the limit. And b) should
be feasible with the help of the cgroup freezer.
>
> Is there anything for which you need to know exactly the number of
> processes?
No that's really about prevent/kill forkbomb as far as I'm concerned.
WARNING: multiple messages have this Message-ID (diff)
From: Frederic Weisbecker <fweisbec@gmail.com>
To: Glauber Costa <glommer@parallels.com>
Cc: Johannes Weiner <hannes@cmpxchg.org>,
Hugh Dickins <hughd@google.com>,
Andrew Morton <akpm@linux-foundation.org>,
KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>,
Tejun Heo <tj@kernel.org>, Daniel Walsh <dwalsh@redhat.com>,
"Daniel P. Berrange" <berrange@redhat.com>,
Li Zefan <lizf@cn.fujitsu.com>,
LKML <linux-kernel@vger.kernel.org>,
Cgroups <cgroups@vger.kernel.org>,
Containers <containers@lists.linux-foundation.org>
Subject: Re: [RFD] Merge task counter into memcg
Date: Thu, 12 Apr 2012 18:59:27 +0200 [thread overview]
Message-ID: <20120412165922.GA12484@somewhere.redhat.com> (raw)
In-Reply-To: <4F87042A.2000902@parallels.com>
On Thu, Apr 12, 2012 at 01:34:50PM -0300, Glauber Costa wrote:
> On 04/12/2012 11:55 AM, Frederic Weisbecker wrote:
> >I don't know how the kernel stack is allocated for tasks. Do you mean
> >that we allocate a chunck of it for each new task and we could rely
> >on that?
> >
> More than this: amount of kernel stack is really, really something
> indirect if what you want to track is # of processes. Now, Hannes
> made a fair point in his other e-mail about what is a resource and
> what is not.
I start to consider this option, are there other people interested
in accounting/limiting kernel stack as well?
>
> >>> After all, we would only restrict the number of tasks for the
> >>> resources they require
> >It depends if the kernel stack can have other kind of "consumer".
> >
> It also depends on what you really want to achieve.
> If you want to prevent fork bombs, limiting kernel stack will do just fine.
I want:
a) to prevent the forkbomb from going far enough to DDOS the machine
b) to be able to kill that forkbomb once detected, in one go without race
against concurrent forks.
I think a) can work just fine with kernel stack limiting. I also need
to be notified about the fact we reached the limit. And b) should
be feasible with the help of the cgroup freezer.
>
> Is there anything for which you need to know exactly the number of
> processes?
No that's really about prevent/kill forkbomb as far as I'm concerned.
next prev parent reply other threads:[~2012-04-12 16:59 UTC|newest]
Thread overview: 117+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-04-11 18:57 [RFD] Merge task counter into memcg Frederic Weisbecker
2012-04-11 18:57 ` Frederic Weisbecker
[not found] ` <20120411185715.GA4317-oHC15RC7JGTpAmv0O++HtFaTQe2KTcn/@public.gmane.org>
2012-04-11 19:21 ` Glauber Costa
2012-04-11 19:21 ` Glauber Costa
2012-04-12 11:19 ` Frederic Weisbecker
2012-04-12 11:19 ` Frederic Weisbecker
[not found] ` <4F85D9C6.5000202-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>
2012-04-12 11:19 ` Frederic Weisbecker
2012-04-12 0:56 ` KAMEZAWA Hiroyuki
2012-04-12 1:07 ` Johannes Weiner
2012-04-12 3:56 ` Alexander Nikiforov
[not found] ` <4F86527C.2080507-Sze3O3UU22JBDgjK7y7TUQ@public.gmane.org>
2012-04-17 1:09 ` Frederic Weisbecker
2012-04-17 1:09 ` Frederic Weisbecker
2012-04-17 1:09 ` Frederic Weisbecker
2012-04-17 6:45 ` Alexander Nikiforov
2012-04-17 6:45 ` Alexander Nikiforov
2012-04-17 15:23 ` Tejun Heo
2012-04-17 15:23 ` Tejun Heo
[not found] ` <20120417152350.GC32402-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
2012-04-19 3:34 ` Alexander Nikiforov
2012-04-19 3:34 ` Alexander Nikiforov
[not found] ` <4F8D1171.1090504-Sze3O3UU22JBDgjK7y7TUQ@public.gmane.org>
2012-04-17 15:23 ` Tejun Heo
[not found] ` <20120417010902.GA14646-oHC15RC7JGTpAmv0O++HtFaTQe2KTcn/@public.gmane.org>
2012-04-17 6:45 ` Alexander Nikiforov
2012-04-12 4:00 ` Alexander Nikiforov
2012-04-12 4:00 ` Alexander Nikiforov
2012-04-12 0:56 ` KAMEZAWA Hiroyuki
2012-04-12 0:56 ` KAMEZAWA Hiroyuki
[not found] ` <4F862851.3040208-+CUm20s59erQFUHtdCDX3A@public.gmane.org>
2012-04-12 11:32 ` Frederic Weisbecker
2012-04-12 11:32 ` Frederic Weisbecker
2012-04-12 11:43 ` Glauber Costa
2012-04-12 11:43 ` Glauber Costa
[not found] ` <4F86BFC6.2050400-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>
2012-04-12 12:32 ` Johannes Weiner
2012-04-12 12:32 ` Johannes Weiner
2012-04-12 12:32 ` Johannes Weiner
[not found] ` <20120412123256.GI1787-druUgvl0LCNAfugRpC6u6w@public.gmane.org>
2012-04-12 13:12 ` Glauber Costa
2012-04-12 13:12 ` Glauber Costa
2012-04-12 15:30 ` Johannes Weiner
2012-04-12 15:30 ` Johannes Weiner
[not found] ` <20120412153055.GL1787-druUgvl0LCNAfugRpC6u6w@public.gmane.org>
2012-04-12 16:38 ` Tejun Heo
2012-04-12 16:38 ` Tejun Heo
[not found] ` <20120412163825.GB13069-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
2012-04-12 17:04 ` Cgroup in a single hierarchy (Was: Re: [RFD] Merge task counter into memcg) Glauber Costa
2012-04-12 17:04 ` Glauber Costa
2012-04-17 15:13 ` Tejun Heo
2012-04-17 15:13 ` Tejun Heo
[not found] ` <20120417151352.GA32402-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
2012-04-17 15:27 ` Glauber Costa
2012-04-17 15:27 ` Glauber Costa
[not found] ` <4F870B18.5060703-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>
2012-04-17 15:13 ` Tejun Heo
2012-04-12 17:13 ` [RFD] Merge task counter into memcg Glauber Costa
2012-04-12 17:13 ` Glauber Costa
2012-04-12 17:23 ` Johannes Weiner
2012-04-12 17:23 ` Johannes Weiner
2012-04-12 17:23 ` Johannes Weiner
[not found] ` <20120412172309.GM1787-druUgvl0LCNAfugRpC6u6w@public.gmane.org>
2012-04-12 17:41 ` Tejun Heo
2012-04-12 17:41 ` Tejun Heo
2012-04-12 17:53 ` Glauber Costa
2012-04-12 17:53 ` Glauber Costa
2012-04-13 1:42 ` KAMEZAWA Hiroyuki
2012-04-13 1:42 ` KAMEZAWA Hiroyuki
2012-04-17 15:41 ` Tejun Heo
2012-04-17 15:41 ` Tejun Heo
2012-04-17 16:52 ` Glauber Costa
2012-04-17 16:52 ` Glauber Costa
[not found] ` <4F8D9FC4.3080800-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>
2012-04-18 6:51 ` KAMEZAWA Hiroyuki
2012-04-18 6:51 ` KAMEZAWA Hiroyuki
2012-04-18 6:51 ` KAMEZAWA Hiroyuki
2012-04-18 7:53 ` Frederic Weisbecker
2012-04-18 7:53 ` Frederic Weisbecker
2012-04-18 8:42 ` KAMEZAWA Hiroyuki
2012-04-18 8:42 ` KAMEZAWA Hiroyuki
[not found] ` <4F8E7E76.3020202-+CUm20s59erQFUHtdCDX3A@public.gmane.org>
2012-04-18 9:12 ` Frederic Weisbecker
2012-04-18 10:39 ` Johannes Weiner
2012-04-18 9:12 ` Frederic Weisbecker
2012-04-18 9:12 ` Frederic Weisbecker
2012-04-18 10:39 ` Johannes Weiner
2012-04-18 10:39 ` Johannes Weiner
2012-04-18 11:00 ` KAMEZAWA Hiroyuki
2012-04-18 11:00 ` KAMEZAWA Hiroyuki
[not found] ` <20120418103930.GA1771-druUgvl0LCNAfugRpC6u6w@public.gmane.org>
2012-04-18 11:00 ` KAMEZAWA Hiroyuki
[not found] ` <CAFTL4hw3C4s6VS07pJzdBawv0ugKJJa+Vnb-Q_9FrWEq4=ka9Q-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2012-04-18 8:42 ` KAMEZAWA Hiroyuki
[not found] ` <4F8E646B.1020807-+CUm20s59erQFUHtdCDX3A@public.gmane.org>
2012-04-18 7:53 ` Frederic Weisbecker
[not found] ` <20120417154117.GE32402-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
2012-04-17 16:52 ` Glauber Costa
[not found] ` <4F878480.60505-+CUm20s59erQFUHtdCDX3A@public.gmane.org>
2012-04-13 1:50 ` Glauber Costa
2012-04-13 1:50 ` Glauber Costa
2012-04-13 2:48 ` KAMEZAWA Hiroyuki
2012-04-13 2:48 ` KAMEZAWA Hiroyuki
[not found] ` <4F87865F.5060701-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>
2012-04-13 2:48 ` KAMEZAWA Hiroyuki
2012-04-17 15:41 ` Tejun Heo
[not found] ` <20120412174155.GC13069-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
2012-04-12 17:53 ` Glauber Costa
2012-04-13 1:42 ` KAMEZAWA Hiroyuki
2012-04-12 16:54 ` Glauber Costa
2012-04-12 16:54 ` Glauber Costa
2012-04-12 16:54 ` Glauber Costa
[not found] ` <4F86D4BD.1040305-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>
2012-04-12 15:30 ` Johannes Weiner
[not found] ` <20120412113217.GB11455-oHC15RC7JGTpAmv0O++HtFaTQe2KTcn/@public.gmane.org>
2012-04-12 11:43 ` Glauber Costa
2012-04-12 1:07 ` Johannes Weiner
2012-04-12 1:07 ` Johannes Weiner
[not found] ` <20120412010745.GE1787-druUgvl0LCNAfugRpC6u6w@public.gmane.org>
2012-04-12 2:15 ` Glauber Costa
2012-04-12 2:15 ` Glauber Costa
2012-04-12 3:26 ` Li Zefan
2012-04-12 3:26 ` Li Zefan
2012-04-12 14:55 ` Frederic Weisbecker
2012-04-12 14:55 ` Frederic Weisbecker
[not found] ` <20120412145507.GC11455-oHC15RC7JGTpAmv0O++HtFaTQe2KTcn/@public.gmane.org>
2012-04-12 16:34 ` Glauber Costa
2012-04-12 16:34 ` Glauber Costa
[not found] ` <4F87042A.2000902-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>
2012-04-12 16:59 ` Frederic Weisbecker [this message]
2012-04-12 16:59 ` Frederic Weisbecker
2012-04-17 15:17 ` Tejun Heo
2012-04-17 15:17 ` Tejun Heo
2012-04-18 6:54 ` Frederic Weisbecker
2012-04-18 6:54 ` Frederic Weisbecker
2012-04-18 8:10 ` Frederic Weisbecker
2012-04-18 8:10 ` Frederic Weisbecker
[not found] ` <CAFTL4hxXT+hXWEnKop84JQ8ieHX4e=otpHnXYxdxaPgsiZYCiw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2012-04-18 12:00 ` Glauber Costa
2012-04-18 12:00 ` Glauber Costa
2012-04-18 12:00 ` Glauber Costa
2012-04-18 8:10 ` Frederic Weisbecker
[not found] ` <20120417151753.GB32402-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
2012-04-18 6:54 ` Frederic Weisbecker
[not found] ` <20120412165922.GA12484-oHC15RC7JGTpAmv0O++HtFaTQe2KTcn/@public.gmane.org>
2012-04-17 15:17 ` Tejun Heo
2012-04-11 18:57 Frederic Weisbecker
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120412165922.GA12484@somewhere.redhat.com \
--to=fweisbec-re5jqeeqqe8avxtiumwx3w@public.gmane.org \
--cc=akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org \
--cc=berrange-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=cgroups-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
--cc=dwalsh-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=glommer-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org \
--cc=hannes-druUgvl0LCNAfugRpC6u6w@public.gmane.org \
--cc=hughd-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=tj-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.