Re: [PATCH -tip 26/32] sched: Add a second-level tag for nested CGroup usecase

From: Josh Don
Date: Wed Dec 02 2020 - 01:18:54 EST


Hey Peter,

On Wed, Nov 25, 2020 at 5:43 AM Peter Zijlstra <peterz@xxxxxxxxxxxxx> wrote:
>
> Why can't the above work by setting 'tag' (that's a terrible name, why
> does that still live) in CDE? Have the most specific tag live. Same with
> that thread stuff.

The motivation is to allow an unprivileged user the ability to
configure the trust hierarchy in a way that otherwise wouldn't be
possible for a given cgroup hierarchy. For example given a cookie'd
hierarchy such as:

A
/ | | \
B C D E

the user might only want subsets of {B, C, D, E} to share. For
instance, the user might only want {B,C} and {D, E} to share. One way
to solve this would be to allow the user to write the group cookie
directly. However, this interface would need to be restricted to
privileged users, since otherwise the cookie could be configured to
share with any arbitrary cgroup. The purpose of the 'color' field is
to expose a portion of the cookie that can be modified by a
non-privileged user in order to achieve this sharing goal.

If this doesn't seem like a useful case, I'm happy to drop this patch
from the series to unblock it.

> All this API stuff here is a complete and utter trainwreck. Please just
> delete the patches and start over. Hint: if you use stop_machine(),
> you're doing it wrong.

Yes, agree on stop_machine(); we'll pull that out of the underlying
interface patch.

Thanks,
Josh