OpenVZ Forum: Devel » [PATCH 0/4] Devices accessibility control group (v2)

Home » Mailing lists » Devel » [PATCH 0/4] Devices accessibility control group (v2)

Show: Today's Messages :: Show Polls :: Message Navigator
E-mail to friend

Re: [PATCH 2/4] The character devices layer changes [message #26099 is a reply to message #26068]

Tue, 15 January 2008 14:54

serue
Messages: 750
Registered: February 2006

Senior Member

Quoting Pavel Emelyanov (xemul@openvz.org):
> Serge E. Hallyn wrote:
> > Quoting Pavel Emelyanov (xemul@openvz.org):
> >> These changes include the API for the control group
> >> to map/remap/unmap the devices with their permissions
> >> and one important thing.
> >>
> >> The fact is that the struct cdev is cached in the inode
> >> for faster access, so once we looked one up we go through
> >> the fast path and omit the kobj_lookup() call. This is no
> >> longer good when we restrict the access to cdevs.
> >>
> >> To address this issue, I store the last_perm and last(_map)
> >> fields on the struct cdev (and protect them with the cdev_lock)
> >> and force the re-lookup in the kobj mappings if needed.
> >>
> >> I know, this might be slow, but I have two points for it:
> >> 1. The re-lookup happens on open() only which is not
> >>    a fast-path. Besides, this is so for block layer and
> >>    nobody complains;
> >> 2. On a well-isolated setup, when each container has its
> >>    own filesystem this is no longer a problem - each
> >>    cgroup will cache the cdev on its inode and work good.
> > 
> > What about simply returning -EPERM when open()ing a cdev
> > with ->map!=task_cdev_map(current)?
> 
> In this case it will HAVE to setup isolated filesystem for
> each cgroup. I thought that this flexibility doesn't hurt.

The cost and effort of setting up a private /dev seems so minimal to me
it seems worth not dealing with the inode->map switching around.

But maybe that's just me.

> > Shouldn't be a problem for ttys, since the container init
> > already has the tty open, right?
> 
> Yup, but this is not the case for /dev/null or /dev/zero.
> 
> > Otherwise, the patchset looks good to me.  Want to look
> > through this one a little more (i think that'd be easier
> > with the -EPERM approach) and scrutinize patch 4, but
> > overall it makes sense.
> 
> OK, thanks.
> 
> > If I understand right, we're taking 14k per cgroup for
> > kobjmaps?  Do we consider that a problem?
> 
> 14k? I allocate the struct kobj_map which is only 256 pointers
> (i.e. - 2K) and the struct probe that is 32 bytes. I.e. 4k
> or a single page. I think this is OK.

Oops, I was thinking the probes were all pre-allocated.  Sorry.

> > thanks,
> > -serge
> > 
> 
> [snip]
_______________________________________________
Containers mailing list
Containers@lists.linux-foundation.org
https://lists.linux-foundation.org/mailman/listinfo/containers

Report message to a moderator

[Message index]

		[PATCH 0/4] Devices accessibility control group (v2) By: Pavel Emelianov on Tue, 08 January 2008 09:02
		[PATCH 1/4] Some changes in the kobject mapper By: Pavel Emelianov on Tue, 08 January 2008 09:06
		Re: [PATCH 1/4] Some changes in the kobject mapper By: Daniel Hokka Zakrisso on Tue, 08 January 2008 18:36
		Re: [PATCH 1/4] Some changes in the kobject mapper By: Dave Hansen on Tue, 08 January 2008 19:17
		[PATCH 2/4] The character devices layer changes By: Pavel Emelianov on Tue, 08 January 2008 09:12
		Re: [PATCH 2/4] The character devices layer changes By: serue on Mon, 14 January 2008 17:03
		Re: [PATCH 2/4] The character devices layer changes By: Pavel Emelianov on Tue, 15 January 2008 08:05
		Re: [PATCH 2/4] The character devices layer changes By: serue on Tue, 15 January 2008 14:54
		[PATCH 3/4] The block devices layer changes By: Pavel Emelianov on Tue, 08 January 2008 09:15
		[PATCH 4/4] The control group itself By: Pavel Emelianov on Tue, 08 January 2008 09:18
		Re: [PATCH 4/4] The control group itself By: serue on Mon, 14 January 2008 17:40
		Re: [PATCH 4/4] The control group itself By: Pavel Emelianov on Tue, 15 January 2008 07:53
		Re: [PATCH 4/4] The control group itself By: serue on Tue, 15 January 2008 14:44
		Re: [PATCH 4/4] The control group itself By: Paul Menage on Tue, 15 January 2008 16:13
		Re: [PATCH 4/4] The control group itself By: serue on Tue, 15 January 2008 17:49
		Re: [PATCH 4/4] The control group itself By: Paul Menage on Tue, 15 January 2008 17:54
		Re: [PATCH 4/4] The control group itself By: serue on Tue, 15 January 2008 18:17
		Re: [PATCH 4/4] The control group itself By: Paul Menage on Mon, 14 January 2008 21:54
		Re: [PATCH 4/4] The control group itself By: Pavel Emelianov on Tue, 15 January 2008 07:58
		Re: [PATCH 0/4] Devices accessibility control group (v2) By: Sukadev Bhattiprolu on Sat, 12 January 2008 21:20
		Re: [PATCH 0/4] Devices accessibility control group (v2) By: Pavel Emelianov on Mon, 14 January 2008 07:52
		Re: [PATCH 0/4] Devices accessibility control group (v2) By: Sukadev Bhattiprolu on Mon, 14 January 2008 17:42
		Re: [PATCH 0/4] Devices accessibility control group (v2) By: Pavel Emelianov on Tue, 15 January 2008 08:22
		Re: [PATCH 0/4] Devices accessibility control group (v2) By: Sukadev Bhattiprolu on Thu, 17 January 2008 06:26
		Re: [PATCH 0/4] Devices accessibility control group (v2) By: Pavel Emelianov on Mon, 21 January 2008 08:31
		Re: [PATCH 0/4] Devices accessibility control group (v2) By: Paul Menage on Mon, 14 January 2008 21:18
		Re: [PATCH 0/4] Devices accessibility control group (v2) By: Pavel Emelianov on Tue, 15 January 2008 08:06

Previous Topic:	[PATCH 0/3 net-2.6.25] call FIB rule->action in the correct namespace
Next Topic:	A consideration on memory controller.

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

] [

]

Current Time: Sat Aug 30 02:41:34 GMT 2025

Total time taken to generate the page: 0.07263 seconds