On Thu, Apr 29, 2021 at 08:22:03PM -0700, Roman Gushchin wrote: > On Thu, Apr 29, 2021 at 02:01:10PM +0200, Christian Brauner wrote: > > From: Christian Brauner <christian.brauner@xxxxxxxxxx> > > > > Give a brief overview of the cgroup.kill functionality. > > > > Cc: Roman Gushchin <guro@xxxxxx> > > Cc: Tejun Heo <tj@xxxxxxxxxx> > > Cc: cgroups@xxxxxxxxxxxxxxx > > Signed-off-by: Christian Brauner <christian.brauner@xxxxxxxxxx> > > --- > > Documentation/admin-guide/cgroup-v2.rst | 17 +++++++++++++++++ > > 1 file changed, 17 insertions(+) > > > > diff --git a/Documentation/admin-guide/cgroup-v2.rst b/Documentation/admin-guide/cgroup-v2.rst > > index 64c62b979f2f..c9f656a84590 100644 > > --- a/Documentation/admin-guide/cgroup-v2.rst > > +++ b/Documentation/admin-guide/cgroup-v2.rst > > @@ -949,6 +949,23 @@ All cgroup core files are prefixed with "cgroup." > > it's possible to delete a frozen (and empty) cgroup, as well as > > create new sub-cgroups. > > > > + cgroup.kill > > + A write-only single value file which exists in non-root cgroups. > > + The only allowed value is "1". > > + > > + Writing "1" to the file causes the cgroup and all descendant cgroups to > > + be killed. This means that all processes located in the affected cgroup > > + tree will be killed via SIGKILL. > > + > > + Killing a cgroup tree will deal with concurrent forks appropriately and > > + is protected against migrations. If callers require strict guarantees > > + they can issue the cgroup.kill request after a freezing the cgroup via > > + cgroup.freeze. > > Hm, is it necessarily? What additional guarantees adds using the freezer? Every new process that get's added is frozen. So even if the a process ends up escaping the cgroup.kill request somehow it will be frozen in the cgroup and can't itself fork again right away. So you could do: echo 1 > cgroup.freeze wait for frozen notification echo 1 > cgroup.kill wait for unpopulated notification
