From: Christian Brauner <christian.brauner@ubuntu.com> To: linux-api@vger.kernel.org, linux-kernel@vger.kernel.org, Tejun Heo <tj@kernel.org> Cc: Oleg Nesterov <oleg@redhat.com>, Christian Brauner <christian.brauner@ubuntu.com> Subject: [PATCH v3 0/5] clone3 & cgroups: allow spawning processes into cgroups Date: Fri, 17 Jan 2020 01:21:38 +0100 [thread overview] Message-ID: <20200117002143.15559-1-christian.brauner@ubuntu.com> (raw) Hey Tejun, This is v3 of the promised series to enable spawning processes into a target cgroup different from the parent's cgroup. /* v1 */ Link: https://lore.kernel.org/r/20191218173516.7875-1-christian.brauner@ubuntu.com /* v2 */ Link: https://lore.kernel.org/r/20191223061504.28716-1-christian.brauner@ubuntu.com Rework locking and remove unneeded helper functions. Please see individual patch changelogs for details. With this I've been able to run the cgroup selftests and stress tests in loops for a long time without any regressions or deadlocks; lockdep and kasan did not complain either. /* v3 */ Split preliminary work into separate patches. See changelog of individual commits. With this cgroup migration will be a lot easier, and accounting will be more exact. It also allows for nice features such as creating a frozen process by spawning it into a frozen cgroup. The code simplifies container creation and exec logic quite a bit as well. I've tried to contain all core changes for this features in kernel/cgroup/* to avoid exposing cgroup internals. This has mostly worked. When a new process is supposed to be spawned in a cgroup different from the parent's then we briefly acquire the cgroup mutex right before fork()'s point of no return and drop it once the child process has been attached to the tasklist and to its css_set. This is done to ensure that the cgroup isn't removed behind our back. The cgroup mutex is _only_ held in this case; the usual case, where the child is created in the same cgroup as the parent does not acquire it since the cgroup can't be removed. The series already comes with proper testing. Once we've decided that this approach is good I'll expand the test-suite even more. The branch can be found in the following locations: [1]: kernel.org: https://git.kernel.org/pub/scm/linux/kernel/git/brauner/linux.git/log/?h=clone_into_cgroup [2]: github.com: https://github.com/brauner/linux/tree/clone_into_cgroup [3]: gitlab.com: https://gitlab.com/brauner/linux/commits/clone_into_cgroup Thanks! Christian Christian Brauner (5): cgroup: unify attach permission checking cgroup: add cgroup_get_from_file() helper cgroup: refactor fork helpers clone3: allow spawning processes into cgroups selftests/cgroup: add tests for cloning into cgroups include/linux/cgroup-defs.h | 6 +- include/linux/cgroup.h | 26 +- include/linux/sched/task.h | 4 + include/uapi/linux/sched.h | 5 + kernel/cgroup/cgroup.c | 277 ++++++++++++++---- kernel/cgroup/pids.c | 16 +- kernel/fork.c | 19 +- tools/testing/selftests/cgroup/Makefile | 6 +- tools/testing/selftests/cgroup/cgroup_util.c | 126 ++++++++ tools/testing/selftests/cgroup/cgroup_util.h | 4 + tools/testing/selftests/cgroup/test_core.c | 64 ++++ .../selftests/clone3/clone3_selftests.h | 19 +- 12 files changed, 495 insertions(+), 77 deletions(-) base-commit: b3a987b0264d3ddbb24293ebff10eddfc472f653 -- 2.25.0
WARNING: multiple messages have this Message-ID (diff)
From: Christian Brauner <christian.brauner-GeWIH/nMZzLQT0dZR+AlfA@public.gmane.org> To: linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, Tejun Heo <tj-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org> Cc: Oleg Nesterov <oleg-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>, Christian Brauner <christian.brauner-GeWIH/nMZzLQT0dZR+AlfA@public.gmane.org> Subject: [PATCH v3 0/5] clone3 & cgroups: allow spawning processes into cgroups Date: Fri, 17 Jan 2020 01:21:38 +0100 [thread overview] Message-ID: <20200117002143.15559-1-christian.brauner@ubuntu.com> (raw) Hey Tejun, This is v3 of the promised series to enable spawning processes into a target cgroup different from the parent's cgroup. /* v1 */ Link: https://lore.kernel.org/r/20191218173516.7875-1-christian.brauner-GeWIH/nMZzLQT0dZR+AlfA@public.gmane.org /* v2 */ Link: https://lore.kernel.org/r/20191223061504.28716-1-christian.brauner-GeWIH/nMZzLQT0dZR+AlfA@public.gmane.org Rework locking and remove unneeded helper functions. Please see individual patch changelogs for details. With this I've been able to run the cgroup selftests and stress tests in loops for a long time without any regressions or deadlocks; lockdep and kasan did not complain either. /* v3 */ Split preliminary work into separate patches. See changelog of individual commits. With this cgroup migration will be a lot easier, and accounting will be more exact. It also allows for nice features such as creating a frozen process by spawning it into a frozen cgroup. The code simplifies container creation and exec logic quite a bit as well. I've tried to contain all core changes for this features in kernel/cgroup/* to avoid exposing cgroup internals. This has mostly worked. When a new process is supposed to be spawned in a cgroup different from the parent's then we briefly acquire the cgroup mutex right before fork()'s point of no return and drop it once the child process has been attached to the tasklist and to its css_set. This is done to ensure that the cgroup isn't removed behind our back. The cgroup mutex is _only_ held in this case; the usual case, where the child is created in the same cgroup as the parent does not acquire it since the cgroup can't be removed. The series already comes with proper testing. Once we've decided that this approach is good I'll expand the test-suite even more. The branch can be found in the following locations: [1]: kernel.org: https://git.kernel.org/pub/scm/linux/kernel/git/brauner/linux.git/log/?h=clone_into_cgroup [2]: github.com: https://github.com/brauner/linux/tree/clone_into_cgroup [3]: gitlab.com: https://gitlab.com/brauner/linux/commits/clone_into_cgroup Thanks! Christian Christian Brauner (5): cgroup: unify attach permission checking cgroup: add cgroup_get_from_file() helper cgroup: refactor fork helpers clone3: allow spawning processes into cgroups selftests/cgroup: add tests for cloning into cgroups include/linux/cgroup-defs.h | 6 +- include/linux/cgroup.h | 26 +- include/linux/sched/task.h | 4 + include/uapi/linux/sched.h | 5 + kernel/cgroup/cgroup.c | 277 ++++++++++++++---- kernel/cgroup/pids.c | 16 +- kernel/fork.c | 19 +- tools/testing/selftests/cgroup/Makefile | 6 +- tools/testing/selftests/cgroup/cgroup_util.c | 126 ++++++++ tools/testing/selftests/cgroup/cgroup_util.h | 4 + tools/testing/selftests/cgroup/test_core.c | 64 ++++ .../selftests/clone3/clone3_selftests.h | 19 +- 12 files changed, 495 insertions(+), 77 deletions(-) base-commit: b3a987b0264d3ddbb24293ebff10eddfc472f653 -- 2.25.0
next reply other threads:[~2020-01-17 0:21 UTC|newest] Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top 2020-01-17 0:21 Christian Brauner [this message] 2020-01-17 0:21 ` [PATCH v3 0/5] clone3 & cgroups: allow spawning processes into cgroups Christian Brauner 2020-01-17 0:21 ` [PATCH v3 1/5] cgroup: unify attach permission checking Christian Brauner 2020-01-17 0:21 ` [PATCH v3 2/5] cgroup: add cgroup_get_from_file() helper Christian Brauner 2020-01-17 0:21 ` Christian Brauner 2020-01-17 0:21 ` [PATCH v3 3/5] cgroup: refactor fork helpers Christian Brauner 2020-01-17 0:21 ` [PATCH v3 4/5] clone3: allow spawning processes into cgroups Christian Brauner 2020-01-17 0:21 ` Christian Brauner 2020-01-17 0:21 ` [PATCH v3 5/5] selftests/cgroup: add tests for cloning " Christian Brauner 2020-01-17 0:21 ` Christian Brauner 2020-01-17 16:54 ` [PATCH v3 0/5] clone3 & cgroups: allow spawning processes " Tejun Heo 2020-01-17 16:54 ` Tejun Heo
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20200117002143.15559-1-christian.brauner@ubuntu.com \ --to=christian.brauner@ubuntu.com \ --cc=linux-api@vger.kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=oleg@redhat.com \ --cc=tj@kernel.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.