From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1756107AbbESNnj (ORCPT <rfc822;w@1wt.eu>);
	Tue, 19 May 2015 09:43:39 -0400
Received: from mail-ig0-f175.google.com ([209.85.213.175]:38463 "EHLO
	mail-ig0-f175.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1755853AbbESNnW (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Tue, 19 May 2015 09:43:22 -0400
MIME-Version: 1.0
X-Originating-IP: [122.106.150.15]
In-Reply-To: <alpine.DEB.2.11.1505191508530.4225@nanos>
References: <1431960667-26593-1-git-send-email-cyphar@cyphar.com>
	<1431960667-26593-9-git-send-email-cyphar@cyphar.com>
	<20150519080055.GA3644@twins.programming.kicks-ass.net>
	<CAOviyaij2bays4aYQ_5HcopcBOfj4M_gKE7oQ_FsV38skK6vWA@mail.gmail.com>
	<alpine.DEB.2.11.1505191508530.4225@nanos>
Date: Tue, 19 May 2015 23:43:21 +1000
Message-ID: <CAOviyaiwGQZbA8w_TV0wXF7JaQK1LHGn8BC40R7ARR+mHHQf=Q@mail.gmail.com>
Subject: Re: [PATCH v12 8/8] cgroup: implement the PIDs subsystem
From: Aleksa Sarai <cyphar@cyphar.com>
To: Thomas Gleixner <tglx@linutronix.de>
Cc: Peter Zijlstra <peterz@infradead.org>, Tejun Heo <tj@kernel.org>,
        lizefan@huawei.com, mingo@redhat.com, richard@nod.at,
        =?UTF-8?B?RnLDqWTDqXJpYyBXZWlzYmVja2Vy?= <fweisbec@gmail.com>,
        linux-kernel@vger.kernel.org, cgroups@vger.kernel.org
Content-Type: text/plain; charset=UTF-8
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

>> >> However, it should be noted that organisational operations (adding and
>> >> removing tasks from a PIDs hierarchy) will *not* be prevented.
>> >
>> > This is how you spell: broken controller.
>>
>> This has been discussed before. Organisational operations (i.e.
>> attaching to a cgroup) are not to be blocked by a cgroup controller in
>> the unified hierarchy. You simply can't escape out of a parent
>> cgroup's limit through attaching to a child cgroup (because you will
>> attach either before the fork checks against the cgroup [in which case
>> the child's limit is followed -- which means you also follow the
>> parent's limit] or after it checks [which means you'll hit the
>> parent's limit and won't be able to fork]).
>
> That's complete and utter nonsense. What has the parent limit to do
> with the overflow of the child limit?
>
> parent:  limit 100   usecnt 80
> child:   limit 10    usecnt 10
>
> So moving anything into child is violating the constraints and has to
> be refused. Anything else is just dirty hackery.

Whoops. Yes, you're completely right. All right, I'll fix up the
patchset in a few days.

--
Aleksa Sarai (cyphar)
www.cyphar.com