Re: [PATCH 1/2] rcfs core patch

view
thread

!MAILaRCHIVE_VOTE_RePLACE

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

To: Herbert Poetzl <herbert@...>

Cc: Srivatsa Vaddagiri <vatsa@...>, <menage@...>, <pj@...>, Eric W. Biederman <ebiederm@...>, <winget@...>, <containers@...>, <akpm@...>, <ckrm-tech@...>, <linux-kernel@...>, <xemul@...>

Subject: Re: [PATCH 1/2] rcfs core patch

Date: Tuesday, March 13, 2007 - 4:28 am

>>>well, Linux-VServer is "working", "secure", "flexible"
quoted text>>>_and_ non-intrusive ... it is quite natural that less
>>>won't work for me ... and regarding patches, there
>>>will be a 2.2 release soon, with all the patches ...
> 
> 
>>ok. please check your dcache and slab accounting then
>>(analyzed according to patch-2.6.20.1-vs2.3.0.11.diff):
> 
> 
> development branch, good choice for new features
> and code which is currently tested ...
you know better than I that stable branch doesn't differ much,
especially in securiy (because it lacks these controls at all).

BTW, killing arbitrary task in case of RSS limit hit
doesn't look acceptable resource management approach, does it?

quoted text>>Both are full of races and problems. Some of them:
>>1. Slabs allocated from interrupt context are charged to 
>>   current context.
>>   So charged values contain arbitrary mess, since during
>>   interrupts context can be arbitrary.
> 
> 
>>2. Due to (1) I guess you do not make any limiting of slabs.
>>   So there are number of ways how to consume a lot of kernel
>>   memory from inside container and
>>   OOM killer will kill arbitrary tasks in case of 
>>   memory-shortage after that.
>>   Don't think it is secure... real DoS.
> 
> 
>>3. Dcache accounting simply doesn't work, since
>>   charges/uncharges are done on current context (sic!!!),
>>   which is arbitrary. i.e. lookup can be done in VE context,
>>   while dcache shrink can be done from another context.
>>   So the whole problem with dcache DoS is not solved at 
>>   all, it is just hard to trigger.
> 
> 
>>4. Dcache accounting is racy, since your checks look like:
>>   if (atomic_read(de->d_count))
>>      charge();
>>   which obviously races with other dput()'s/lookups.
> 
> 
>>5. Dcache accounting can be hit if someone does `find /`
>>   inside container.
>>   After that it is impossible to open something new,
>>   since all the dentries for directories in dcache will 
>>   have d_count > 0 (due it's children).
>>   It is a BUG.
> 
> 
>>6. Counters can be non-zero on container stop due to all
>>   of the above.
> 
> 
> looks like for the the first time you are actually
> looking at the code, or at least providing feedback
> and/or suggestions for improvements (well, not many
> of them, but hey, nobody is perfect :)
It's a pity, but it took me only 5 minutes of looking into the code,
so "not perfect" is a wrong word here, sorry.

quoted text>>There are more and more points which arise when such a 
>>non-intrusive accounting is concerned. 
> 
> 
> never claimed that Linux-VServer code is perfect,
> (the Linux accounting isn't perfect either in many
> ways) and Linux-VServer is constantly improving
> (see my other email) ... but IIRC, we are _not_
> discussing Linux-VServer code at all, we are talking
> about a superior solution, which combines the best
> of both worlds ...
Forget about Vserver and OpenVZ. It is not a war.
We are looking for something working, new and robust.
I'm just trying you to show that non-intrusive and pretty small
accounting/limiting code like in Vserver
simply doesn't work. The problem of resource controls is much more complicated.
So non-intrusiveness is a very weird argument from you (and the only).

quoted text>>I'm really suprised, that you don't see them
>>or try to behave as you don't see them :/
> 
> 
> all I'm saying is that there is no point in achieving
> perfect accounting and limits (and everything else)
> when all you get is Xen performance and resource usage
then please elaborate on what you mean by
perfect and non-perfect accounting and limits?
I would be happy to sent a patch with a "non-perfect"
accounting if it really works correct and good and suits all the people needs.

BTW, Xen overhead comes mostly from different things (not resource management) -
inability to share data effectively, emulation overhead etc.

quoted text>>And, please, believe me, I would not suggest so much 
>>complicated patches If everything was so easy and I 
>>had no reasons simply to accept vserver code.
> 
> 
> no, you are suggesting those patches, because that
> is what your company came up with after being confronted
> with the task (of creating OS-Level virtualization) and
> the arising problems ... so it definitely _is_ a
> solution to those problems, but not necessarily the
> best and definitely not the only one :)
You judge so because you want to.
Have you had some time to compare UBC patches from OVZ
and those sent to LKML (container + RSS)?
You would notice too litle in common.
Patches in LKML has non-OVZ interfaces, no shared pages accounting,
RSS accounting which is not used in OVZ at all.
So do you see any similarities except for stupid and simple
controls like numtask/numfile?

Thanks,
Kirill

-
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

[PATCH 0/2] resource control file system - aka containers on..., Srivatsa Vaddagiri, (Thu Mar 1, 9:35 am)

Re: [PATCH 0/2] resource control file system - aka container..., Paul Menage, (Tue Mar 6, 10:32 pm)

Re: [PATCH 0/2] resource control file system - aka container..., Srivatsa Vaddagiri, (Wed Mar 7, 1:30 pm)

Re: [PATCH 0/2] resource control file system - aka container..., Sam Vilain, (Wed Mar 7, 8:50 pm)

Re: [PATCH 0/2] resource control file system - aka container..., Srivatsa Vaddagiri, (Thu Mar 8, 7:30 am)

Re: [PATCH 0/2] resource control file system - aka container..., Herbert Poetzl, (Thu Mar 8, 9:16 pm)

Re: [PATCH 0/2] resource control file system - aka container..., Srivatsa Vaddagiri, (Fri Mar 9, 2:41 pm)

Re: [PATCH 0/2] resource control file system - aka container..., Herbert Poetzl, (Fri Mar 9, 10:03 pm)

Re: [PATCH 0/2] resource control file system - aka container..., Serge E. Hallyn, (Wed Mar 7, 1:43 pm)

Re: [PATCH 0/2] resource control file system - aka container..., Srivatsa Vaddagiri, (Wed Mar 7, 2:00 pm)

Re: [PATCH 0/2] resource control file system - aka container..., Serge E. Hallyn, (Wed Mar 7, 4:58 pm)

Re: [PATCH 0/2] resource control file system - aka container..., Paul Menage, (Wed Mar 7, 5:20 pm)

Re: [PATCH 0/2] resource control file system - aka container..., Srivatsa Vaddagiri, (Fri Mar 9, 12:34 pm)

Re: [PATCH 0/2] resource control file system - aka container..., Paul Menage, (Fri Mar 9, 6:09 pm)

Re: [ckrm-tech] [PATCH 0/2] resource control file system - a..., Srivatsa Vaddagiri, (Mon Mar 12, 11:07 am)

Re: [ckrm-tech] [PATCH 0/2] resource control file system - a..., Serge E. Hallyn, (Mon Mar 12, 11:56 am)

Re: [ckrm-tech] [PATCH 0/2] resource control file system - a..., Srivatsa Vaddagiri, (Mon Mar 12, 12:20 pm)

Re: [ckrm-tech] [PATCH 0/2] resource control file system - a..., Herbert Poetzl, (Mon Mar 12, 7:31 pm)

Re: [ckrm-tech] [PATCH 0/2] resource control file system - a..., Srivatsa Vaddagiri, (Mon Mar 12, 10:22 pm)

Re: [ckrm-tech] [PATCH 0/2] resource control file system - a..., Sam Vilain, (Mon Mar 12, 5:15 pm)

Re: [ckrm-tech] [PATCH 0/2] resource control file system - a..., Serge E. Hallyn, (Mon Mar 12, 1:25 pm)

Re: [PATCH 0/2] resource control file system - aka container..., Srivatsa Vaddagiri, (Fri Mar 9, 10:02 pm)

Re: [ckrm-tech] [PATCH 0/2] resource control file system - a..., Srivatsa Vaddagiri, (Fri Mar 9, 11:19 pm)

Re: [ckrm-tech] [PATCH 0/2] resource control file system - a..., Srivatsa Vaddagiri, (Fri Mar 9, 12:41 pm)

Re: [PATCH 0/2] resource control file system - aka container..., Eric W. Biederman, (Wed Mar 7, 6:32 pm)

Re: [PATCH 0/2] resource control file system - aka container..., Paul Menage, (Wed Mar 7, 7:18 pm)

Re: [PATCH 0/2] resource control file system - aka container..., Sam Vilain, (Wed Mar 7, 8:35 pm)

Re: [PATCH 0/2] resource control file system - aka container..., Paul Menage, (Wed Mar 7, 8:42 pm)

Re: [PATCH 0/2] resource control file system - aka container..., Sam Vilain, (Wed Mar 7, 8:53 pm)

Re: [PATCH 0/2] resource control file system - aka container..., Paul Jackson, (Fri Mar 9, 12:27 am)

Re: [PATCH 0/2] resource control file system - aka container..., Sam Vilain, (Sat Mar 10, 4:52 am)

Re: [PATCH 0/2] resource control file system - aka container..., Paul Jackson, (Sat Mar 10, 5:11 am)

Re: [ckrm-tech] [PATCH 0/2] resource control file system - a..., Paul Menage, (Wed Mar 7, 8:58 pm)

Re: [ckrm-tech] [PATCH 0/2] resource control file system - a..., Sam Vilain, (Wed Mar 7, 10:47 pm)

Re: [ckrm-tech] [PATCH 0/2] resource control file system - a..., Paul Menage, (Wed Mar 7, 10:57 pm)

Re: [ckrm-tech] [PATCH 0/2] resource control file system - a..., Sam Vilain, (Wed Mar 7, 11:32 pm)

Re: [ckrm-tech] [PATCH 0/2] resource control file system - a..., Paul Menage, (Thu Mar 8, 5:10 am)

Re: [ckrm-tech] [PATCH 0/2] resource control file system - a..., Serge E. Hallyn, (Fri Mar 9, 12:50 pm)

Re: [ckrm-tech] [PATCH 0/2] resource control file system - a..., Srivatsa Vaddagiri, (Thu Mar 22, 10:08 am)

Re: [ckrm-tech] [PATCH 0/2] resource control file system - a..., Serge E. Hallyn, (Thu Mar 22, 10:39 am)

Re: [ckrm-tech] [PATCH 0/2] resource control file system - a..., Srivatsa Vaddagiri, (Thu Mar 22, 10:56 am)

Re: [ckrm-tech] [PATCH 0/2] resource control file system - a..., Eric W. Biederman, (Thu Mar 8, 2:32 am)

Re: [ckrm-tech] [PATCH 0/2] resource control file system - a..., Matt Helsley, (Thu Mar 8, 2:10 am)

Re: [ckrm-tech] [PATCH 0/2] resource control file system - a..., Paul Jackson, (Fri Mar 9, 12:37 am)

Re: [ckrm-tech] [PATCH 0/2] resource control file system - a..., Eric W. Biederman, (Thu Mar 8, 2:44 am)

Re: [ckrm-tech] [PATCH 0/2] resource control file system - a..., Herbert Poetzl, (Thu Mar 8, 9:06 pm)

Re: [ckrm-tech] [PATCH 0/2] resource control file system - a..., Sam Vilain, (Sat Mar 10, 5:06 am)

Re: [ckrm-tech] [PATCH 0/2] resource control file system - a..., Paul Jackson, (Sun Mar 11, 5:15 pm)

Re: [ckrm-tech] [PATCH 0/2] resource control file system - a..., Paul Menage, (Mon Mar 12, 6:00 am)

Re: [ckrm-tech] [PATCH 0/2] resource control file system - a..., Herbert Poetzl, (Mon Mar 12, 7:21 pm)

Re: [ckrm-tech] [PATCH 0/2] resource control file system - a..., Paul Menage, (Mon Mar 12, 10:25 pm)

Re: [ckrm-tech] [PATCH 0/2] resource control file system - a..., Herbert Poetzl, (Tue Mar 13, 11:57 am)

Re: [ckrm-tech] [PATCH 0/2] resource control file system - a..., Sam Vilain, (Mon Mar 12, 5:35 am)

Re: [ckrm-tech] [PATCH 0/2] resource control file system - a..., Eric W. Biederman, (Wed Mar 7, 9:32 pm)

Re: [ckrm-tech] [PATCH 0/2] resource control file system - a..., Paul Jackson, (Fri Mar 9, 12:30 am)

Re: [ckrm-tech] [PATCH 0/2] resource control file system - a..., Herbert Poetzl, (Thu Mar 8, 8:53 pm)

Re: [ckrm-tech] [PATCH 0/2] resource control file system - a..., Srivatsa Vaddagiri, (Fri Mar 9, 2:19 pm)

Re: [ckrm-tech] [PATCH 0/2] resource control file system - a..., Herbert Poetzl, (Fri Mar 9, 5:52 pm)

Re: [ckrm-tech] [PATCH 0/2] resource control file system - a..., Paul Jackson, (Fri Mar 9, 6:06 pm)

Re: [ckrm-tech] [PATCH 0/2] resource control file system - a..., Srivatsa Vaddagiri, (Mon Mar 12, 10:01 am)

Re: [ckrm-tech] [PATCH 0/2] resource control file system - a..., Paul Jackson, (Mon Mar 12, 4:26 pm)

Re: [ckrm-tech] [PATCH 0/2] resource control file system - a..., Srivatsa Vaddagiri, (Mon Mar 12, 11:15 am)

Re: [ckrm-tech] [PATCH 0/2] resource control file system - a..., Paul Jackson, (Fri Mar 9, 3:36 pm)

Re: [ckrm-tech] [PATCH 0/2] resource control file system - a..., Paul Menage, (Wed Mar 7, 9:35 pm)

Re: [ckrm-tech] [PATCH 0/2] resource control file system - a..., Herbert Poetzl, (Thu Mar 8, 8:56 pm)

Re: [ckrm-tech] [PATCH 0/2] resource control file system - a..., Eric W. Biederman, (Wed Mar 7, 10:25 pm)

Re: [PATCH 0/2] resource control file system - aka container..., Serge E. Hallyn, (Wed Mar 7, 5:59 pm)

Re: [ckrm-tech] [PATCH 0/2] resource control file system - a..., Srivatsa Vaddagiri, (Mon Mar 12, 10:11 am)

Re: [PATCH 0/2] resource control file system - aka container..., Dave Hansen, (Wed Mar 7, 6:13 pm)

Re: [PATCH 0/2] resource control file system - aka container..., Eric W. Biederman, (Wed Mar 7, 7:13 pm)

Re: [PATCH 0/2] resource control file system - aka container..., Paul Menage, (Wed Mar 7, 1:46 pm)

Re: [PATCH 0/2] resource control file system - aka container..., Eric W. Biederman, (Wed Mar 7, 7:16 pm)

Re: [PATCH 0/2] resource control file system - aka container..., Srivatsa Vaddagiri, (Thu Mar 8, 7:39 am)

Re: [PATCH 0/2] resource control file system - aka container..., Paul Menage, (Wed Mar 7, 1:29 pm)

Re: [ckrm-tech] [PATCH 0/2] resource control file system - a..., Srivatsa Vaddagiri, (Wed Mar 7, 1:52 pm)

Re: [PATCH 0/2] resource control file system - aka container..., Srivatsa Vaddagiri, (Wed Mar 7, 1:32 pm)

Re: [PATCH 0/2] resource control file system - aka container..., Paul Jackson, (Thu Mar 1, 3:39 pm)

Re: [PATCH 0/2] resource control file system - aka container..., Srivatsa Vaddagiri, (Sat Mar 3, 5:36 am)

Re: [PATCH 0/2] resource control file system - aka container..., Herbert Poetzl, (Sat Mar 3, 1:32 pm)

Re: [ckrm-tech] [PATCH 0/2] resource control file system - a..., Srivatsa Vaddagiri, (Mon Mar 5, 1:34 pm)

Re: [ckrm-tech] [PATCH 0/2] resource control file system - a..., Herbert Poetzl, (Mon Mar 5, 2:39 pm)

Re: [ckrm-tech] [PATCH 0/2] resource control file system - a..., Srivatsa Vaddagiri, (Tue Mar 6, 6:39 am)

Re: [ckrm-tech] [PATCH 0/2] resource control file system - a..., Herbert Poetzl, (Tue Mar 6, 9:28 am)

Re: [ckrm-tech] [PATCH 0/2] resource control file system - a..., Srivatsa Vaddagiri, (Tue Mar 6, 12:21 pm)

Re: [PATCH 0/2] resource control file system - aka container..., Paul Jackson, (Sat Mar 3, 6:21 am)

Re: [PATCH 0/2] resource control file system - aka container..., Srivatsa Vaddagiri, (Mon Mar 5, 1:02 pm)

Re: [PATCH 0/2] resource control file system - aka container..., Kirill Korotaev, (Fri Mar 2, 11:45 am)

Re: [PATCH 0/2] resource control file system - aka container..., Herbert Poetzl, (Sat Mar 3, 1:45 pm)

Re: [PATCH 0/2] resource control file system - aka container..., Paul Jackson, (Sat Mar 3, 5:22 pm)

Re: [PATCH 0/2] resource control file system - aka container..., Srivatsa Vaddagiri, (Mon Mar 5, 1:47 pm)

Re: [PATCH 0/2] resource control file system - aka container..., Andrew Morton, (Fri Mar 2, 12:52 pm)

Re: [PATCH 0/2] resource control file system - aka container..., Kirill Korotaev, (Fri Mar 2, 1:25 pm)

[PATCH 2/2] cpu_accounting controller, Srivatsa Vaddagiri, (Thu Mar 1, 9:50 am)

[PATCH 1/2] rcfs core patch, Srivatsa Vaddagiri, (Thu Mar 1, 9:45 am)

Re: [PATCH 1/2] rcfs core patch, Eric W. Biederman, (Wed Mar 7, 11:12 pm)

Re: [PATCH 1/2] rcfs core patch, Srivatsa Vaddagiri, (Thu Mar 8, 6:13 am)

Re: [PATCH 1/2] rcfs core patch, Serge E. Hallyn, (Fri Mar 9, 12:16 pm)

Re: [PATCH 1/2] rcfs core patch, Herbert Poetzl, (Thu Mar 8, 8:48 pm)

Re: [PATCH 1/2] rcfs core patch, Srivatsa Vaddagiri, (Fri Mar 9, 2:14 pm)

Re: [PATCH 1/2] rcfs core patch, Herbert Poetzl, (Fri Mar 9, 8:56 pm)

Re: [PATCH 1/2] rcfs core patch, Paul Jackson, (Fri Mar 9, 3:25 pm)

Re: [PATCH 1/2] rcfs core patch, Herbert Poetzl, (Fri Mar 9, 9:00 pm)

Re: [PATCH 1/2] rcfs core patch, Paul Jackson, (Fri Mar 9, 9:31 pm)

Re: [PATCH 1/2] rcfs core patch, Kirill Korotaev, (Fri Mar 9, 5:23 am)

Re: [PATCH 1/2] rcfs core patch, Herbert Poetzl, (Fri Mar 9, 9:21 am)

Re: [PATCH 1/2] rcfs core patch, Kirill Korotaev, (Sun Mar 11, 1:09 pm)

Re: [PATCH 1/2] rcfs core patch, Herbert Poetzl, (Mon Mar 12, 7:00 pm)

Re: [PATCH 1/2] rcfs core patch, Kirill Korotaev, (Tue Mar 13, 4:28 am)

Re: [PATCH 1/2] rcfs core patch, Herbert Poetzl, (Tue Mar 13, 9:55 am)

Re: [ckrm-tech] [PATCH 1/2] rcfs core patch, Srivatsa Vaddagiri, (Tue Mar 13, 10:11 am)

Re: [ckrm-tech] [PATCH 1/2] rcfs core patch, Herbert Poetzl, (Tue Mar 13, 11:52 am)

Re: [PATCH 1/2] rcfs core patch, Paul Jackson, (Fri Mar 9, 5:38 am)

Re: [PATCH 1/2] rcfs core patch, Paul Jackson, (Thu Mar 8, 10:35 pm)

Re: [PATCH 1/2] rcfs core patch, Paul Menage, (Thu Mar 8, 5:10 am)

Re: [PATCH 1/2] rcfs core patch, Herbert Poetzl, (Thu Mar 8, 8:38 pm)

Re: [PATCH 1/2] rcfs core patch, Srivatsa Vaddagiri, (Fri Mar 9, 1:57 pm)

Re: [PATCH 1/2] rcfs core patch, Herbert Poetzl, (Fri Mar 9, 9:19 pm)

Re: [PATCH 1/2] rcfs core patch, Serge E. Hallyn, (Sun Mar 11, 12:36 pm)

Re: [PATCH 1/2] rcfs core patch, Herbert Poetzl, (Mon Mar 12, 7:16 pm)

Re: [PATCH 1/2] rcfs core patch, Kirill Korotaev, (Fri Mar 9, 5:07 am)

Re: [PATCH 1/2] rcfs core patch, Herbert Poetzl, (Fri Mar 9, 9:29 am)

Re: [ckrm-tech] [PATCH 1/2] rcfs core patch, Balbir Singh, (Fri Mar 2, 1:06 am)

Re: [ckrm-tech] [PATCH 1/2] rcfs core patch, Srivatsa Vaddagiri, (Sat Mar 3, 5:38 am)

Re: [PATCH 1/2] rcfs core patch, Serge E. Hallyn, (Thu Mar 1, 12:31 pm)

Re: [PATCH 1/2] rcfs core patch, Srivatsa Vaddagiri, (Thu Mar 1, 12:46 pm)

Navigation

Popular discussions


linux-kernel:
Alan Cox	Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
Greg Kroah-Hartman	[PATCH 004/196] Chinese: add translation of SubmittingPatches
Bart Van Assche	Re: Integration of SCST in the mainstream Linux kernel
Andrew Morton	Re: [RFC/PATCH] Documentation of kernel messages
git:

linux-netdev:
Winkler, Tomas	RE: iwlwifi: fix build bug in "iwlwifi: fix LED stall"
Gerrit Renker	[PATCH 27/37] dccp: Integration of dynamic feature activation - part 2 (server side)
Jarek Poplawski	[PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().
Mark Lord	Re: [BUG] New Kernel Bugs
openbsd-misc:

Colocation donated by:

Online users

Syndicate