Re: [PATCH 2/5] docs/cgroup: add entry for cgroup.kill

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Apr 29, 2021 at 08:22:03PM -0700, Roman Gushchin wrote:
> On Thu, Apr 29, 2021 at 02:01:10PM +0200, Christian Brauner wrote:
> > From: Christian Brauner <christian.brauner@xxxxxxxxxx>
> > 
> > Give a brief overview of the cgroup.kill functionality.
> > 
> > Cc: Roman Gushchin <guro@xxxxxx>
> > Cc: Tejun Heo <tj@xxxxxxxxxx>
> > Cc: cgroups@xxxxxxxxxxxxxxx
> > Signed-off-by: Christian Brauner <christian.brauner@xxxxxxxxxx>
> > ---
> >  Documentation/admin-guide/cgroup-v2.rst | 17 +++++++++++++++++
> >  1 file changed, 17 insertions(+)
> > 
> > diff --git a/Documentation/admin-guide/cgroup-v2.rst b/Documentation/admin-guide/cgroup-v2.rst
> > index 64c62b979f2f..c9f656a84590 100644
> > --- a/Documentation/admin-guide/cgroup-v2.rst
> > +++ b/Documentation/admin-guide/cgroup-v2.rst
> > @@ -949,6 +949,23 @@ All cgroup core files are prefixed with "cgroup."
> >  	it's possible to delete a frozen (and empty) cgroup, as well as
> >  	create new sub-cgroups.
> >  
> > +  cgroup.kill
> > +	A write-only single value file which exists in non-root cgroups.
> > +	The only allowed value is "1".
> > +
> > +	Writing "1" to the file causes the cgroup and all descendant cgroups to
> > +	be killed. This means that all processes located in the affected cgroup
> > +	tree will be killed via SIGKILL.
> > +
> > +	Killing a cgroup tree will deal with concurrent forks appropriately and
> > +	is protected against migrations. If callers require strict guarantees
> > +	they can issue the cgroup.kill request after a freezing the cgroup via
> > +	cgroup.freeze.
> 
> Hm, is it necessarily? What additional guarantees adds using the freezer?

Every new process that get's added is frozen. So even if the a process
ends up escaping the cgroup.kill request somehow it will be frozen in
the cgroup and can't itself fork again right away. So you could do:

echo 1 > cgroup.freeze
wait for frozen notification

echo 1 > cgroup.kill
wait for unpopulated notification



[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [eCos]     [Asterisk Internet PBX]     [Linux API]     [Monitors]

  Powered by Linux