Re: [PATCH 2/5] docs/cgroup: add entry for cgroup.kill

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Apr 30, 2021 at 08:50:36AM +0200, Christian Brauner wrote:
> On Thu, Apr 29, 2021 at 08:22:03PM -0700, Roman Gushchin wrote:
> > On Thu, Apr 29, 2021 at 02:01:10PM +0200, Christian Brauner wrote:
> > > From: Christian Brauner <christian.brauner@xxxxxxxxxx>
> > > 
> > > Give a brief overview of the cgroup.kill functionality.
> > > 
> > > Cc: Roman Gushchin <guro@xxxxxx>
> > > Cc: Tejun Heo <tj@xxxxxxxxxx>
> > > Cc: cgroups@xxxxxxxxxxxxxxx
> > > Signed-off-by: Christian Brauner <christian.brauner@xxxxxxxxxx>
> > > ---
> > >  Documentation/admin-guide/cgroup-v2.rst | 17 +++++++++++++++++
> > >  1 file changed, 17 insertions(+)
> > > 
> > > diff --git a/Documentation/admin-guide/cgroup-v2.rst b/Documentation/admin-guide/cgroup-v2.rst
> > > index 64c62b979f2f..c9f656a84590 100644
> > > --- a/Documentation/admin-guide/cgroup-v2.rst
> > > +++ b/Documentation/admin-guide/cgroup-v2.rst
> > > @@ -949,6 +949,23 @@ All cgroup core files are prefixed with "cgroup."
> > >  	it's possible to delete a frozen (and empty) cgroup, as well as
> > >  	create new sub-cgroups.
> > >  
> > > +  cgroup.kill
> > > +	A write-only single value file which exists in non-root cgroups.
> > > +	The only allowed value is "1".
> > > +
> > > +	Writing "1" to the file causes the cgroup and all descendant cgroups to
> > > +	be killed. This means that all processes located in the affected cgroup
> > > +	tree will be killed via SIGKILL.
> > > +
> > > +	Killing a cgroup tree will deal with concurrent forks appropriately and
> > > +	is protected against migrations. If callers require strict guarantees
> > > +	they can issue the cgroup.kill request after a freezing the cgroup via
> > > +	cgroup.freeze.
> > 
> > Hm, is it necessarily? What additional guarantees adds using the freezer?
> 
> Every new process that get's added is frozen. So even if the a process
> ends up escaping the cgroup.kill request somehow it will be frozen in
> the cgroup and can't itself fork again right away. So you could do:

Right, but how it can escape? I think one of the main reasons of introducing
a dedicated cgroup.kill interface is to avoid a necessity to use freezer
as a synchronization mechanism.

I'd just drop the sentence about the freezer here.

Thanks!



[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [eCos]     [Asterisk Internet PBX]     [Linux API]     [Monitors]

  Powered by Linux