Re: [PATCH 2/5] docs/cgroup: add entry for cgroup.kill
From: Roman Gushchin <hidden>
Date: 2021-05-01 02:48:19
Possibly related (same subject, not in this thread)
- 2021-05-01 · Re: [PATCH 2/5] docs/cgroup: add entry for cgroup.kill · Christian Brauner <hidden>
- 2021-04-30 · Re: [PATCH 2/5] docs/cgroup: add entry for cgroup.kill · Roman Gushchin <hidden>
- 2021-04-29 · [PATCH 2/5] docs/cgroup: add entry for cgroup.kill · Christian Brauner <hidden>
On Fri, Apr 30, 2021 at 08:50:36AM +0200, Christian Brauner wrote:
On Thu, Apr 29, 2021 at 08:22:03PM -0700, Roman Gushchin wrote:quoted
On Thu, Apr 29, 2021 at 02:01:10PM +0200, Christian Brauner wrote:quoted
From: Christian Brauner <christian.brauner-GeWIH/nMZzLQT0dZR+AlfA@public.gmane.org> Give a brief overview of the cgroup.kill functionality. Cc: Roman Gushchin <redacted> Cc: Tejun Heo <redacted> Cc: cgroups-u79uwXL29TY76Z2rM5mHXA@public.gmane.org Signed-off-by: Christian Brauner <christian.brauner-GeWIH/nMZzLQT0dZR+AlfA@public.gmane.org> --- Documentation/admin-guide/cgroup-v2.rst | 17 +++++++++++++++++ 1 file changed, 17 insertions(+)diff --git a/Documentation/admin-guide/cgroup-v2.rst b/Documentation/admin-guide/cgroup-v2.rst index 64c62b979f2f..c9f656a84590 100644 --- a/Documentation/admin-guide/cgroup-v2.rst +++ b/Documentation/admin-guide/cgroup-v2.rst@@ -949,6 +949,23 @@ All cgroup core files are prefixed with "cgroup." it's possible to delete a frozen (and empty) cgroup, as well as create new sub-cgroups. + cgroup.kill + A write-only single value file which exists in non-root cgroups. + The only allowed value is "1". + + Writing "1" to the file causes the cgroup and all descendant cgroups to + be killed. This means that all processes located in the affected cgroup + tree will be killed via SIGKILL. + + Killing a cgroup tree will deal with concurrent forks appropriately and + is protected against migrations. If callers require strict guarantees + they can issue the cgroup.kill request after a freezing the cgroup via + cgroup.freeze.Hm, is it necessarily? What additional guarantees adds using the freezer?Every new process that get's added is frozen. So even if the a process ends up escaping the cgroup.kill request somehow it will be frozen in the cgroup and can't itself fork again right away. So you could do:
Right, but how it can escape? I think one of the main reasons of introducing a dedicated cgroup.kill interface is to avoid a necessity to use freezer as a synchronization mechanism. I'd just drop the sentence about the freezer here. Thanks!