Re: [PATCH v11 7/9] cpuset: Expose cpus.effective and mems.effective on cgroup v2 root
From: Peter Zijlstra
Date: Fri Jul 20 2018 - 12:25:15 EST
On Fri, Jul 20, 2018 at 08:56:13AM -0700, Tejun Heo wrote:
> Hello, Peter.
>
> On Fri, Jul 20, 2018 at 05:44:54PM +0200, Peter Zijlstra wrote:
> > > The currently proposed implementation is somewhere in the middle. It
> > > kinda gets there by restricting a partition to be a child of another
> > > partition, which may be okay but it does make the whole delegation
> > > mechanism less useful.
> >
> > So the implementation does not set ownership of the 'partition' file to
> > that of the parent directory? Because _that_ is what I understood from
> > Waiman (many versions ago). And that _does_ allow delegation to work
> > nicely.
>
> So, that part isn't the problem. The problem is that if we allow
> partitioning nested further away from ancestor, the descendant would
> be able to take away reources from the removed ancestor.
If the partition file is owned by the parent, the descendant cannot take
away anything. It can only read the file, not actually write to it.
To be explicit, if we have:
/. (uid = root)
/A/. (uid = user1)
/A/cpuset.partition (uid = root)
so ./*/cpuset.partition is always owned by .
> Waiman avoids this problem by only allowing partitions to nest but
> then it's kinda weird cuz it's just a separate tree.
The only real constraint is that the parent must have exclusive
'ownership' of the CPUs. Being a partition mandates that to be so. There
is no other way to distinguish exclusive / shared CPUs.
But I don't see how any of this is related to delegation per se. It is a
prerequisite for creating nested partitions, which in turn is a
prerequisite for delegation of partitions.
> > > > > 2. take away any given cpu from ist subtree.
> > Still, the question was, how is this (dispicable or not) behaviour not
> > allowed by the current implementation?
>
> I'm not quite sure what you're trying to ask. Can you elaborate?
We can always offline the CPU, so how exactly can the ancestor not take
back it's CPU?
The parent can simply shrink it's cpuset.cpus, no? Then the child gets
to recompute its setup and it might find its sub-partition just became
smaller or empty -- just like hotplug.