~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/Documentation/admin-guide/cgroup-v1/pids.rst

Version: ~ [ linux-6.12-rc7 ] ~ [ linux-6.11.7 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.60 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.116 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.171 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.229 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.285 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.323 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.12 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

Diff markup

Differences between /Documentation/admin-guide/cgroup-v1/pids.rst (Version linux-6.12-rc7) and /Documentation/admin-guide/cgroup-v1/pids.rst (Version linux-5.7.19)


  1 =========================                           1 =========================
  2 Process Number Controller                           2 Process Number Controller
  3 =========================                           3 =========================
  4                                                     4 
  5 Abstract                                            5 Abstract
  6 --------                                            6 --------
  7                                                     7 
  8 The process number controller is used to allow      8 The process number controller is used to allow a cgroup hierarchy to stop any
  9 new tasks from being fork()'d or clone()'d aft      9 new tasks from being fork()'d or clone()'d after a certain limit is reached.
 10                                                    10 
 11 Since it is trivial to hit the task limit with     11 Since it is trivial to hit the task limit without hitting any kmemcg limits in
 12 place, PIDs are a fundamental resource. As suc     12 place, PIDs are a fundamental resource. As such, PID exhaustion must be
 13 preventable in the scope of a cgroup hierarchy     13 preventable in the scope of a cgroup hierarchy by allowing resource limiting of
 14 the number of tasks in a cgroup.                   14 the number of tasks in a cgroup.
 15                                                    15 
 16 Usage                                              16 Usage
 17 -----                                              17 -----
 18                                                    18 
 19 In order to use the `pids` controller, set the     19 In order to use the `pids` controller, set the maximum number of tasks in
 20 pids.max (this is not available in the root cg     20 pids.max (this is not available in the root cgroup for obvious reasons). The
 21 number of processes currently in the cgroup is     21 number of processes currently in the cgroup is given by pids.current.
 22                                                    22 
 23 Organisational operations are not blocked by c     23 Organisational operations are not blocked by cgroup policies, so it is possible
 24 to have pids.current > pids.max. This can be d     24 to have pids.current > pids.max. This can be done by either setting the limit to
 25 be smaller than pids.current, or attaching eno     25 be smaller than pids.current, or attaching enough processes to the cgroup such
 26 that pids.current > pids.max. However, it is n     26 that pids.current > pids.max. However, it is not possible to violate a cgroup
 27 policy through fork() or clone(). fork() and c     27 policy through fork() or clone(). fork() and clone() will return -EAGAIN if the
 28 creation of a new process would cause a cgroup     28 creation of a new process would cause a cgroup policy to be violated.
 29                                                    29 
 30 To set a cgroup to have no limit, set pids.max     30 To set a cgroup to have no limit, set pids.max to "max". This is the default for
 31 all new cgroups (N.B. that PID limits are hier     31 all new cgroups (N.B. that PID limits are hierarchical, so the most stringent
 32 limit in the hierarchy is followed).               32 limit in the hierarchy is followed).
 33                                                    33 
 34 pids.current tracks all child cgroup hierarchi     34 pids.current tracks all child cgroup hierarchies, so parent/pids.current is a
 35 superset of parent/child/pids.current.             35 superset of parent/child/pids.current.
 36                                                    36 
 37 The pids.events file contains event counters:      37 The pids.events file contains event counters:
 38                                                    38 
 39   - max: Number of times fork failed in the cg !!  39   - max: Number of times fork failed because limit was hit.
 40     self or ancestors.                         << 
 41                                                    40 
 42 Example                                            41 Example
 43 -------                                            42 -------
 44                                                    43 
 45 First, we mount the pids controller::              44 First, we mount the pids controller::
 46                                                    45 
 47         # mkdir -p /sys/fs/cgroup/pids             46         # mkdir -p /sys/fs/cgroup/pids
 48         # mount -t cgroup -o pids none /sys/fs     47         # mount -t cgroup -o pids none /sys/fs/cgroup/pids
 49                                                    48 
 50 Then we create a hierarchy, set limits and att     49 Then we create a hierarchy, set limits and attach processes to it::
 51                                                    50 
 52         # mkdir -p /sys/fs/cgroup/pids/parent/     51         # mkdir -p /sys/fs/cgroup/pids/parent/child
 53         # echo 2 > /sys/fs/cgroup/pids/parent/     52         # echo 2 > /sys/fs/cgroup/pids/parent/pids.max
 54         # echo $$ > /sys/fs/cgroup/pids/parent     53         # echo $$ > /sys/fs/cgroup/pids/parent/cgroup.procs
 55         # cat /sys/fs/cgroup/pids/parent/pids.     54         # cat /sys/fs/cgroup/pids/parent/pids.current
 56         2                                          55         2
 57         #                                          56         #
 58                                                    57 
 59 It should be noted that attempts to overcome t     58 It should be noted that attempts to overcome the set limit (2 in this case) will
 60 fail::                                             59 fail::
 61                                                    60 
 62         # cat /sys/fs/cgroup/pids/parent/pids.     61         # cat /sys/fs/cgroup/pids/parent/pids.current
 63         2                                          62         2
 64         # ( /bin/echo "Here's some processes f     63         # ( /bin/echo "Here's some processes for you." | cat )
 65         sh: fork: Resource temporary unavailab     64         sh: fork: Resource temporary unavailable
 66         #                                          65         #
 67                                                    66 
 68 Even if we migrate to a child cgroup (which do     67 Even if we migrate to a child cgroup (which doesn't have a set limit), we will
 69 not be able to overcome the most stringent lim     68 not be able to overcome the most stringent limit in the hierarchy (in this case,
 70 parent's)::                                        69 parent's)::
 71                                                    70 
 72         # echo $$ > /sys/fs/cgroup/pids/parent     71         # echo $$ > /sys/fs/cgroup/pids/parent/child/cgroup.procs
 73         # cat /sys/fs/cgroup/pids/parent/pids.     72         # cat /sys/fs/cgroup/pids/parent/pids.current
 74         2                                          73         2
 75         # cat /sys/fs/cgroup/pids/parent/child     74         # cat /sys/fs/cgroup/pids/parent/child/pids.current
 76         2                                          75         2
 77         # cat /sys/fs/cgroup/pids/parent/child     76         # cat /sys/fs/cgroup/pids/parent/child/pids.max
 78         max                                        77         max
 79         # ( /bin/echo "Here's some processes f     78         # ( /bin/echo "Here's some processes for you." | cat )
 80         sh: fork: Resource temporary unavailab     79         sh: fork: Resource temporary unavailable
 81         #                                          80         #
 82                                                    81 
 83 We can set a limit that is smaller than pids.c     82 We can set a limit that is smaller than pids.current, which will stop any new
 84 processes from being forked at all (note that      83 processes from being forked at all (note that the shell itself counts towards
 85 pids.current)::                                    84 pids.current)::
 86                                                    85 
 87         # echo 1 > /sys/fs/cgroup/pids/parent/     86         # echo 1 > /sys/fs/cgroup/pids/parent/pids.max
 88         # /bin/echo "We can't even spawn a sin     87         # /bin/echo "We can't even spawn a single process now."
 89         sh: fork: Resource temporary unavailab     88         sh: fork: Resource temporary unavailable
 90         # echo 0 > /sys/fs/cgroup/pids/parent/     89         # echo 0 > /sys/fs/cgroup/pids/parent/pids.max
 91         # /bin/echo "We can't even spawn a sin     90         # /bin/echo "We can't even spawn a single process now."
 92         sh: fork: Resource temporary unavailab     91         sh: fork: Resource temporary unavailable
 93         #                                          92         #
                                                      

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php