LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
* [PATCH v3 0/5] clone3 & cgroups: allow spawning processes into cgroups
@ 2020-01-17  0:21 Christian Brauner
  2020-01-17  0:21 ` [PATCH v3 1/5] cgroup: unify attach permission checking Christian Brauner
                   ` (5 more replies)
  0 siblings, 6 replies; 7+ messages in thread
From: Christian Brauner @ 2020-01-17  0:21 UTC (permalink / raw)
  To: linux-api, linux-kernel, Tejun Heo; +Cc: Oleg Nesterov, Christian Brauner

Hey Tejun,

This is v3 of the promised series to enable spawning processes into a
target cgroup different from the parent's cgroup.

/* v1 */
Link: https://lore.kernel.org/r/20191218173516.7875-1-christian.brauner@ubuntu.com

/* v2 */
Link: https://lore.kernel.org/r/20191223061504.28716-1-christian.brauner@ubuntu.com
Rework locking and remove unneeded helper functions. Please see
individual patch changelogs for details.
With this I've been able to run the cgroup selftests and stress tests in
loops for a long time without any regressions or deadlocks; lockdep and
kasan did not complain either.

/* v3 */
Split preliminary work into separate patches.
See changelog of individual commits.

With this cgroup migration will be a lot easier, and accounting will be
more exact. It also allows for nice features such as creating a frozen
process by spawning it into a frozen cgroup.
The code simplifies container creation and exec logic quite a bit as
well.

I've tried to contain all core changes for this features in
kernel/cgroup/* to avoid exposing cgroup internals. This has mostly
worked.
When a new process is supposed to be spawned in a cgroup different from
the parent's then we briefly acquire the cgroup mutex right before
fork()'s point of no return and drop it once the child process has been
attached to the tasklist and to its css_set. This is done to ensure that
the cgroup isn't removed behind our back. The cgroup mutex is _only_
held in this case; the usual case, where the child is created in the
same cgroup as the parent does not acquire it since the cgroup can't be
removed.

The series already comes with proper testing. Once we've decided that
this approach is good I'll expand the test-suite even more.

The branch can be found in the following locations:
[1]: kernel.org: https://git.kernel.org/pub/scm/linux/kernel/git/brauner/linux.git/log/?h=clone_into_cgroup
[2]: github.com: https://github.com/brauner/linux/tree/clone_into_cgroup
[3]: gitlab.com: https://gitlab.com/brauner/linux/commits/clone_into_cgroup

Thanks!
Christian

Christian Brauner (5):
  cgroup: unify attach permission checking
  cgroup: add cgroup_get_from_file() helper
  cgroup: refactor fork helpers
  clone3: allow spawning processes into cgroups
  selftests/cgroup: add tests for cloning into cgroups

 include/linux/cgroup-defs.h                   |   6 +-
 include/linux/cgroup.h                        |  26 +-
 include/linux/sched/task.h                    |   4 +
 include/uapi/linux/sched.h                    |   5 +
 kernel/cgroup/cgroup.c                        | 277 ++++++++++++++----
 kernel/cgroup/pids.c                          |  16 +-
 kernel/fork.c                                 |  19 +-
 tools/testing/selftests/cgroup/Makefile       |   6 +-
 tools/testing/selftests/cgroup/cgroup_util.c  | 126 ++++++++
 tools/testing/selftests/cgroup/cgroup_util.h  |   4 +
 tools/testing/selftests/cgroup/test_core.c    |  64 ++++
 .../selftests/clone3/clone3_selftests.h       |  19 +-
 12 files changed, 495 insertions(+), 77 deletions(-)


base-commit: b3a987b0264d3ddbb24293ebff10eddfc472f653
-- 
2.25.0


^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2020-01-17 16:54 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-01-17  0:21 [PATCH v3 0/5] clone3 & cgroups: allow spawning processes into cgroups Christian Brauner
2020-01-17  0:21 ` [PATCH v3 1/5] cgroup: unify attach permission checking Christian Brauner
2020-01-17  0:21 ` [PATCH v3 2/5] cgroup: add cgroup_get_from_file() helper Christian Brauner
2020-01-17  0:21 ` [PATCH v3 3/5] cgroup: refactor fork helpers Christian Brauner
2020-01-17  0:21 ` [PATCH v3 4/5] clone3: allow spawning processes into cgroups Christian Brauner
2020-01-17  0:21 ` [PATCH v3 5/5] selftests/cgroup: add tests for cloning " Christian Brauner
2020-01-17 16:54 ` [PATCH v3 0/5] clone3 & cgroups: allow spawning processes " Tejun Heo

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).