Re: [patch] cpusets, cgroups: disallow attaching kthreadd

[Tejun Heo]

Hello,

(cc'ing Thomas and Steven and quoting whole body)

On Mon, Oct 10, 2011 at 10:03:34AM +0200, Mike Galbraith wrote:
> On Mon, 2011-10-10 at 07:34 +0200, Mike Galbraith wrote:
> > Maybe the below (which seems to have been stillborn) should be done to
> > cgroups as well.  Postmortem: kthreadd is attached to a cgroup with no
> > rt_runtime allocated, gives birth to severely handicapped kstop threads,
> > humongous crash dump follows.
> > 
> > Fiddling with kthreadd is user error, but since it makes no sense to
> > move the thing, why not just say no, and save the user's toes some
> > needless wear and tear.
> > 
> > > If cpusets doesn't want to let PF_THREAD_BOUND threads out, how about
> > > cpusets not letting userland scripts attach kthreadd instead?
> > > 
> > > cpusets: disallow moving kthreadd into a cpuset.
> 
> So how about this, both dirt simple and effective.
> 
> cpusets, cgroups: disallow attaching kthreadd
> 
> Allowing kthreadd to be moved to a non-root group makes no sense, it being
> a global resource, and needlessly leads unsuspecting users toward trouble.
> 
> 1. An RT workqueue worker thread spawned in a task group with no rt_runtime
> allocated is not schedulable.  Simple user error, but harmful to the box.
> 
> 2. A worker thread which acquires PF_THREAD_BOUND can never leave a cpuset,
> rendering the cpuset immortal.
> 
> Save the user some unexpected trouble, just say no.
> 
> Signed-off-by: Mike Galbraith <efault@xxxxxx>

Yes, I think we need something like this.  wq workers were using
PF_THREAD_BOUND to prevent diddling from userland which made some
unhappy.  Maybe we need a flag to properly indicate "don't diddle with
this thread from userland"?  But, then, mainline kernel wouldn't need
the current PF_THREAD_BOUND at all.  Peter, Steven, what do you think?

Thanks.

> ---
>  kernel/cpuset.c |    6 ++++--
>  kernel/sched.c  |    9 +++++++++
>  2 files changed, 13 insertions(+), 2 deletions(-)
> 
> Index: linux-3.0-tip/kernel/cpuset.c
> ===================================================================
> --- linux-3.0-tip.orig/kernel/cpuset.c
> +++ linux-3.0-tip/kernel/cpuset.c
> @@ -59,6 +59,7 @@
>  #include <linux/mutex.h>
>  #include <linux/workqueue.h>
>  #include <linux/cgroup.h>
> +#include <linux/kthread.h>
>  
>  /*
>   * Workqueue for cpuset related tasks.
> @@ -1382,9 +1383,10 @@ static int cpuset_can_attach(struct cgro
>  	 * set of allowed nodes is unnecessary.  Thus, cpusets are not
>  	 * applicable for such threads.  This prevents checking for success of
>  	 * set_cpus_allowed_ptr() on all attached tasks before cpus_allowed may
> -	 * be changed.
> +	 * be changed.  We also disallow attaching kthreadd, to prevent it's
> +	 * child from becoming trapped should it then acquire PF_THREAD_BOUND.
>  	 */
> -	if (tsk->flags & PF_THREAD_BOUND)
> +	if (tsk->flags & PF_THREAD_BOUND || tsk == kthreadd_task)
>  		return -EINVAL;
>  
>  	return 0;
> Index: linux-3.0-tip/kernel/sched.c
> ===================================================================
> --- linux-3.0-tip.orig/kernel/sched.c
> +++ linux-3.0-tip/kernel/sched.c
> @@ -9132,6 +9132,15 @@ cpu_cgroup_destroy(struct cgroup_subsys
>  static int
>  cpu_cgroup_can_attach_task(struct cgroup *cgrp, struct task_struct *tsk)
>  {
> +	/*
> +	 * kthreadd can fork workers for an RT workqueue in a cgroup
> +	 * which may or may not have rt_runtime allocated.  Just say no,
> +	 * as attaching a global resource to a non-root group  doesn't
> +	 * make any sense anyway.
> +	 */
> +	if (tsk == kthreadd_task)
> +		return -EINVAL;
> +
>  #ifdef CONFIG_RT_GROUP_SCHED
>  	if (!sched_rt_can_attach(cgroup_tg(cgrp), tsk))
>  		return -EINVAL;
> 
> 

-- 
tejun
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/