On Fri, Apr 30, 2021 at 07:48:19PM -0700, Roman Gushchin wrote: > On Fri, Apr 30, 2021 at 08:50:36AM +0200, Christian Brauner wrote: > > On Thu, Apr 29, 2021 at 08:22:03PM -0700, Roman Gushchin wrote: > > > On Thu, Apr 29, 2021 at 02:01:10PM +0200, Christian Brauner wrote: > > > > From: Christian Brauner <christian.brauner@xxxxxxxxxx> > > > > > > > > Give a brief overview of the cgroup.kill functionality. > > > > > > > > Cc: Roman Gushchin <guro@xxxxxx> > > > > Cc: Tejun Heo <tj@xxxxxxxxxx> > > > > Cc: cgroups@xxxxxxxxxxxxxxx > > > > Signed-off-by: Christian Brauner <christian.brauner@xxxxxxxxxx> > > > > --- > > > > Documentation/admin-guide/cgroup-v2.rst | 17 +++++++++++++++++ > > > > 1 file changed, 17 insertions(+) > > > > > > > > diff --git a/Documentation/admin-guide/cgroup-v2.rst b/Documentation/admin-guide/cgroup-v2.rst > > > > index 64c62b979f2f..c9f656a84590 100644 > > > > --- a/Documentation/admin-guide/cgroup-v2.rst > > > > +++ b/Documentation/admin-guide/cgroup-v2.rst > > > > @@ -949,6 +949,23 @@ All cgroup core files are prefixed with "cgroup." > > > > it's possible to delete a frozen (and empty) cgroup, as well as > > > > create new sub-cgroups. > > > > > > > > + cgroup.kill > > > > + A write-only single value file which exists in non-root cgroups. > > > > + The only allowed value is "1". > > > > + > > > > + Writing "1" to the file causes the cgroup and all descendant cgroups to > > > > + be killed. This means that all processes located in the affected cgroup > > > > + tree will be killed via SIGKILL. > > > > + > > > > + Killing a cgroup tree will deal with concurrent forks appropriately and > > > > + is protected against migrations. If callers require strict guarantees > > > > + they can issue the cgroup.kill request after a freezing the cgroup via > > > > + cgroup.freeze. > > > > > > Hm, is it necessarily? What additional guarantees adds using the freezer? > > > > Every new process that get's added is frozen. So even if the a process > > ends up escaping the cgroup.kill request somehow it will be frozen in > > the cgroup and can't itself fork again right away. So you could do: > > Right, but how it can escape? I think one of the main reasons of introducing > a dedicated cgroup.kill interface is to avoid a necessity to use freezer > as a synchronization mechanism. > > I'd just drop the sentence about the freezer here. Thanks, will do. Christian
