From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753849AbbGNVbx (ORCPT ); Tue, 14 Jul 2015 17:31:53 -0400 Received: from mail-qk0-f196.google.com ([209.85.220.196]:35556 "EHLO mail-qk0-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752781AbbGNVbv (ORCPT ); Tue, 14 Jul 2015 17:31:51 -0400 Date: Tue, 14 Jul 2015 17:31:48 -0400 From: Tejun Heo To: Aleksa Sarai Cc: lizefan@huawei.com, mingo@redhat.com, peterz@infradead.org, richard@nod.at, fweisbec@gmail.com, linux-kernel@vger.kernel.org, cgroups@vger.kernel.org Subject: Re: [PATCH v14 4/4] cgroup: implement the PIDs subsystem Message-ID: <20150714213148.GD2273@mtj.duckdns.org> References: <1433849530-22845-1-git-send-email-cyphar@cyphar.com> <1433849530-22845-5-git-send-email-cyphar@cyphar.com> <20150610045304.GJ11955@mtj.duckdns.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20150610045304.GJ11955@mtj.duckdns.org> User-Agent: Mutt/1.5.23 (2014-03-12) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Jun 10, 2015 at 01:53:04PM +0900, Tejun Heo wrote: > On Tue, Jun 09, 2015 at 09:32:10PM +1000, Aleksa Sarai wrote: > > Adds a new single-purpose PIDs subsystem to limit the number of > > tasks that can be forked inside a cgroup. Essentially this is an > > implementation of RLIMIT_NPROC that applies to a cgroup rather than a > > process tree. > > > > However, it should be noted that organisational operations (adding and > > removing tasks from a PIDs hierarchy) will *not* be prevented. Rather, > > the number of tasks in the hierarchy cannot exceed the limit through > > forking. This is due to the fact that, in the unified hierarchy, attach > > cannot fail (and it is not possible for a task to overcome its PIDs > > cgroup policy limit by attaching to a child cgroup -- even if migrating > > mid-fork it must be able to fork in the parent first). > > > > PIDs are fundamentally a global resource, and it is possible to reach > > PID exhaustion inside a cgroup without hitting any reasonable kmemcg > > policy. Once you've hit PID exhaustion, you're only in a marginally > > better state than OOM. This subsystem allows PID exhaustion inside a > > cgroup to be prevented. > > Patches 3-4 look good to me. Will apply once v4.3 dev window opens. Applied 3-4 to cgroup/for-4.3. Thanks. -- tejun