Re: [RFC PATCH] cpuset: Allow setscheduler regardless of manipulated task
From: Michal Koutný
Date: Fri Jun 24 2022 - 08:43:25 EST
On Thu, Jun 23, 2022 at 02:44:33PM -0400, Waiman Long <longman@xxxxxxxxxx> wrote:
> That could be an issue.
The way how I understand here is that the privileged process isn't part
of contrained workload (if it were then, it can modify cpuset itself)
like debugging or tracing a code within a container entered by the
admin. The bypass could not be used to setscheduler (via migration) of
an arbitrary process.
> What do you mean by nothing effectively changes?
It's a freshly created child (after cpuset_css_online()), so it inherits
parent's attributes, so the migration from the parent to this child
doesn't affect CPU affinity etc.
> Since the check is done on a taskset level, if only one of the tasks in the
> taskset fails, the whole taskset fails. Maybe we should consider an option
> for task based migration. So all the tasks that can be migrated will be
> migrated and the rests will be left behind in the original cpuset.
Hm, I haven't thought about that. That might be in theory possible for
threaded controllers (like cpuset) but I imagine it'd a bit messy, in
particular for these implicit migrations upon controller enablement.
Thanks,
Michal
Attachment:
signature.asc
Description: Digital signature