On Tue, 25 Oct 2011 13:06:35 -0700 Tim Hockin <thockin@xxxxxxxxxx> wrote: > On Tue, Oct 4, 2011 at 3:01 PM, Andrew Morton <akpm00@xxxxxxxxx> wrote: > > On Mon, __3 Oct 2011 21:07:02 +0200 > > Frederic Weisbecker <fweisbec@xxxxxxxxx> wrote: > > > >> Hi Andrew, > >> > >> This contains minor changes, mostly documentation and changelog > >> updates, off-case build fix, and a code optimization in > >> res_counter_common_ancestor(). > > > > I'd normally duck a patch series like this when we're at -rc8 and ask > > for it to be resent late in -rc1. __But I was feeling frisky so I > > grabbed this lot for a bit of testing and will sit on it until -rc1. > > > > I'm still not convinced that the kernel has a burning need for a "task > > counter subsystem". __Someone convince me that we should merge this! > > We have real (accidental) DoS situations which happen because we don't > have this. It usually takes the form of some library no re-joining > threads. We end up deploying a few apps linked against this library, > and suddenly we're in trouble on a machine. Except, this being > Google, we're in trouble on a lot of machines. This is a bit foggy. I think you mean that machines are experiencing accidental forkbombs? > There may be other ways to cobble this sort of safety together, but > they are less appealing for various reasons. cgroups are how we > control groups of related pids. > > I'd really love to be able to use this. Has it been confirmed that this implementation actually solves the problem? ie: tested a bit? btw, Frederic told me that this version of the patchset had some serious problem so it's on hold pending an upgrade, regardless of other matters. _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/containers
