Re: Process Aggregates: module based support for jobs

From: Sam Watters (watters@sgi.com)
Date: Fri Jun 16 2000 - 15:21:19 EST

Next message: Peter Rival: "Re: Who owns qlogicisp?"
Previous message: David Hinds: "Re: More PCI races..."
In reply to: Andi Kleen: "Re: Process Aggregates: module based support for jobs"
Next in thread: Andi Kleen: "Re: Process Aggregates: module based support for jobs"
Reply: Andi Kleen: "Re: Process Aggregates: module based support for jobs"
Reply: Chris Wedgwood: "Re: Process Aggregates: module based support for jobs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Andi Kleen wrote:
>
> On Fri, Jun 16, 2000 at 01:43:51PM -0500, Sam Watters wrote:
> > In addition to the registration functions, the PAGG changes provide
> > hooks for updating process aggregate containers when processes fork and
> > exit. In addition, a new paggctl system call is proposed to allow the
> > following types of services:
> >
> > 1) creation of a new pagg container
> > 2) signal all processes that are attached to the pagg container
> > 3) wait for the completion of all processes in the pagg container
> > 4) future resource limit capabilities based upon pagg container
>
> That could be very useful. Linux is lacking
> useful per user/group resource (memory, ports, processes) limitation support
> at the moment[1]. This allows various local DoS attacks.
>
> I guess your group accounting module is rather heavyweight. Having your hooks
> support a minimal default resource manager too would be useful.
>
> For that it would be probably need more hooks than just in fork/exit; for
> example one in the page allocator. Does the existing code support resource
> limitation ?

I agree, providing resource limits will require additional hooks beyond fork and
exit. Our initial goal was to provide a job container in support of job
accounting. The next step is to develop resource limits.

We have held off on the resource limits because that tends to be a problem area
(as we have experienced when developing job based resource limits on IRIX). I
foresee the following problems that must be addressed as job based resource
limits are implemented.

1. How to handle the counting of shared memory pages. This has been an
extremely difficult problem on IRIX to get right - in fact, it is still not done
correctly.

2. How the counting of resources impacts the performance of the kernel.

3. How to handle resource limits in the context of "cluster" jobs.

I just learned about beancounters this past week, so I need to check it out to
see how it is doing resource counting for user-based limits. It would be great
if that work provided the hooks for doing the job-based resource limits.

-- ---------------------------------------- Sam Watters SGI watters@sgi.com (651) 683-5647 ----------------------------------------

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/

Next message: Peter Rival: "Re: Who owns qlogicisp?"
Previous message: David Hinds: "Re: More PCI races..."
In reply to: Andi Kleen: "Re: Process Aggregates: module based support for jobs"
Next in thread: Andi Kleen: "Re: Process Aggregates: module based support for jobs"
Reply: Andi Kleen: "Re: Process Aggregates: module based support for jobs"
Reply: Chris Wedgwood: "Re: Process Aggregates: module based support for jobs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Fri Jun 23 2000 - 21:00:12 EST