[PATCHSET cgroup/for-3.8] cgroup_freezer: allow migration regardless of freezer state and update locking
tj at kernel.org
Thu Oct 18 22:35:17 UTC 2012
On Thu, Oct 18, 2012 at 03:21:55PM -0700, Matt Helsley wrote:
> > Hmmm? Nothing prevents kthreads from being moved around. We only
> > recently added the restriction to prevent migration of the kthreadd
> > (the one which creates other kthreads). You can reproduce it with
> > khungtask or any other !freezable kthreads.
> Ok. I don't immmediately see why that'd be a good idea but it's
Beats me too. There were talks about restricting all kthreads from
being moved out of the root cgroup. Dunno. Maybe.
> "Whoever" did the freeze needs a way to "lock" access to the freezer state,
> change the freezer state itself, do something (e.g. CRIU) which relies on
> the state not changing, and then release the lock. Plus the lock has to be
> released by the kernel if "Whoever" dies without the chance to release it.
> So I was thinking who holds the lock and its lifetime could be represented
> in userspace by file descriptor(s).
Long term, I don't think it's feasible to continue to use cgroup
kernel interface as the multiplexing layer among different users.
cgroup core simply doesn't have enough context or infrastructure to
support such usages. It's somewhere between being a pure interface to
the provided kernel feature and fully multiplexed interface which
userland applications can depend on for arbitration. It tries to have
the appearance of the latter but fails.
I think the only sane way would be having a userland arbitrator which
owns the kernel interface to itself and makes policy decisions from
userland clients and configures cgroup accordingly.
> > As for CRIU, it isn't using cgroup freezer at the moment because
> > frozen tasks can't be ptraced currently. Something I'm hoping to
> > change but not sure when it can be done.
> OK, but that doesn't mean the frozen nature of the task list itself
> won't be useful in the future.
I think that should be solved via userland policies rather than
depending on this accidental cgroup_freezer feature.
More information about the Containers