Re: [PATCH 10/16] sched: add resource limits for -deadline tasks.

From: Juri Lelli
Date: Tue Apr 24 2012 - 11:22:26 EST

Next message: Masanari Iida: "[PATCH] [trivial] scsi: Fix typo in scsi"
Previous message: Konrad Rzeszutek Wilk: "Re: Linux 3.4-rc4"
In reply to: Peter Zijlstra: "Re: [PATCH 10/16] sched: add resource limits for -deadline tasks."
Next in thread: Peter Zijlstra: "Re: [PATCH 10/16] sched: add resource limits for -deadline tasks."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 04/24/2012 05:07 PM, Peter Zijlstra wrote:

On Fri, 2012-04-06 at 09:14 +0200, Juri Lelli wrote:
From: Dario Faggioli<raistlin@xxxxxxxx>

Add resource limits for non-root tasks in using the SCHED_DEADLINE
policy, very similarly to what already exists for RT policies.

In fact, this patch:
- adds the resource limit RLIMIT_DLDLINE, which is the minimum value
a user task can use as its own deadline;
- adds the resource limit RLIMIT_DLRTIME, which is the maximum value
a user task can use as it own runtime.

Notice that to exploit these, a modified version of the ulimit
utility and a modified resource.h header file are needed. They
both will be available on the website of the project.

Signed-off-by: Dario Faggioli<raistlin@xxxxxxxx>
Signed-off-by: Juri Lelli<juri.lelli@xxxxxxxxx>

I'm not sure this is the right way to go.. those existing things aren't
entirely as useful/sane as one might hope either.

The DLDLINE minimum is ok I guess, the DLRTIME one doesn't really do
anything, by spawning multiple tasks one can still saturate the cpu and
thus we have no effective control for unpriv users.

Ideally DLRTIME would be a utilization cap per user and tracked in
user_struct such that we can enforce a max utilization per user.

This also needs a global (and possibly per-cgroup) user limit too to cap
the total utilization of all users (excluding root) so that multiple
users cannot combine their efforts in order to bring down the machine.

In light of these latter controls the per-user control might be
considered optional, furthermore I don't particularly like the rlimit
infrastructure but I guess its the best we have for per-user like things
if indeed we want to go there.

Ok, but considering what you said regarding setscheduler security problems:

On 04/24/2012 11:00 AM, Peter Zijlstra wrote:

On Tue, 2012-04-24 at 09:21 +0200, Juri Lelli wrote:
> Well, depends on how much effort will this turn to require. I personally
> would prefer to be able to come out with a new release ASAP. Just to
> continue the discussion with the most of the comments addressed and a
> more updated code (I also have a mainline version of the patchset
> quite ready).

Right, one thing we can initially do is require root for using
SCHED_DEADLINE and then when later work closes all the holes and we've
added user bandwidth controls we can allow everybody in.

Are you suggesting to drop/postpone this to some later time?

Thanks,

- Juri
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Masanari Iida: "[PATCH] [trivial] scsi: Fix typo in scsi"
Previous message: Konrad Rzeszutek Wilk: "Re: Linux 3.4-rc4"
In reply to: Peter Zijlstra: "Re: [PATCH 10/16] sched: add resource limits for -deadline tasks."
Next in thread: Peter Zijlstra: "Re: [PATCH 10/16] sched: add resource limits for -deadline tasks."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]