Re: [PATCH 1/2] Traffic control cgroups subsystem

From: Ranjit Manomohan
Date: Wed Sep 10 2008 - 18:57:35 EST

Next message: David Miller: "Re: Recent copy of libpcap from CVS"
Previous message: Dave Hansen: "Re: [Approach #2] [RFC][PATCH] Remove cgroup member from structpage"
In reply to: Thomas Graf: "Re: [PATCH 1/2] Traffic control cgroups subsystem"
Next in thread: David Miller: "Re: [PATCH 1/2] Traffic control cgroups subsystem"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Sep 10, 2008 at 3:01 PM, Thomas Graf <tgraf@xxxxxxx> wrote:
> * Ranjit Manomohan <ranjitm@xxxxxxxxxx> 2008-09-10 10:42
>> +void cgroup_tc_set_sock_classid(struct sock *sk)
>> +{
>> + if (sk)
>> + sk->sk_cgroup_classid = cgroup_tc_classid(current);
>> +}
>> +
>> @@ -1170,6 +1171,8 @@ static int __sock_create(struct net *net, int family, int type, int protocol,
>> if (err < 0)
>> goto out_module_put;
>>
>> + cgroup_tc_set_sock_classid(sock->sk);
>> +
>> /*
>> * Now to bump the refcnt of the [loadable] module that owns this
>> * socket at sock_release time we decrement its refcnt.
>> @@ -1444,6 +1447,8 @@ asmlinkage long sys_accept(int fd, struct sockaddr __user *upeer_sockaddr,
>> if (err < 0)
>> goto out_fd;
>>
>> + cgroup_tc_set_sock_classid(newsock->sk);
>> +
>> if (upeer_sockaddr) {
>> if (newsock->ops->getname(newsock, (struct sockaddr *)address,
>> &len, 2) < 0) {
>
> The big disadvantage of this method is that it does not allow to change
> the classid for sockets which already exist. It inherits the classid
> at socket creation time and then sticks to it. So if you want to follow
> this approach I'd suggest to at least store a reference to the cgroup
> state and reference count it properly.
>

I had considered adding support for moving tasks between cgroups by
going through all the open fds of the task and updating the sockets
(in the cgroup attach method). It is a very heavy weight operation and
not considered a common use case (and even undesirable at times) so I
dropped the idea. I can add it back in if it is considered essential.

> As for the locking that you mentioned in the other thread. IMHO it is
> not possible to lookup a socket without taking at least one lock, but
> I might be wrong there. Actually I think it will take even more locks
> as different locks are used to f.e. protect listening and established
> tcp sockets.

That is correct for ingress, for egress the sk is already available in
the skb so should be fine.

-Thanks,
Ranjit

>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: David Miller: "Re: Recent copy of libpcap from CVS"
Previous message: Dave Hansen: "Re: [Approach #2] [RFC][PATCH] Remove cgroup member from structpage"
In reply to: Thomas Graf: "Re: [PATCH 1/2] Traffic control cgroups subsystem"
Next in thread: David Miller: "Re: [PATCH 1/2] Traffic control cgroups subsystem"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]