Your message Subject: Re[2]: Risposta su richiesta. was not delivered to: Edward_Sim <at> TGLogistics.net because: User Edward_Sim (Edward_Sim <at> tglogistics.net) not listed in Domino Directory
Currently all cgroup iterators require the whole traversal to be contained in a single RCU read critical section, which can be too restrictive as there are times when blocking operations are necessary during traversal. This forces controllers to implement specific workarounds in those cases - building separate iteration list, punting actual operations to work items and so on. This patchset updates cgroup iterators so that they allow dropping RCU read lock while iteration is in progress so that controllers which require sleeping during iteration don't need to implement their own mechanisms. Dropping RCU read lock during iteration is unsafe because cgroup->sibling.next can't be trusted once RCU read lock is dropped. The sibling list is a RCU list and when a cgroup is removed the next pointer is retained to keep RCU traversal working. If the next sibling is removed while RCU read lock is dropped, the removed current cgroup's next won't be updated and the next sibling may complete its grace period and get freed leaving the next pointer dangling. Working around the problem is relatiely simple. Whether ->sibling.next can be trusted can be trusted can be decided by looking at CGRP_REMOVED - as cgroup removals are fully serialized, the flag is guaranteed to be visible before the next sibling finishes its grace period. For those cases, each cgroup is assigned a monotonically increasing serial number. Because new cgroups are always appeneded to the children list, it's guaranteed that all children list are sorted in the ascending order of the serial numbers. When the next pointer can't be trusted, the next sibling can be located by walking the parent's children list from the beginning looking for the first cgroup(Continue reading)
Kære kunde nets, Hej, Vi har for nylig fastslået, at forskellige computere sluttet til din bankkonto, kodeord og flere fejl var til stede før tilslutning. Vi har nu brug for dig for at bekræfte din bankkonto information. Hvis dette ikke er afsluttet inden for 24 timer, vil vi blive tvunget til at suspendere din konto , da det kan bruges til svigagtige formål. Proceduren er meget enkel: 1 . Klik på linket nedenfor for at åbne et browservindue sikker. 2 . Bekræft, at du er ejer af kontoen, og følg anvisningerne. > [1]Få adgang til dine bankkonti. Tak for din opmærksomhed på dette problem. Forstå venligst, at dette er en sikkerhedsforanstaltning designet til at beskytte dig og din bankkonto. Hjerteligt. Copyright © 2013 Nets. Alle rettigheder forbeholdes. [2]støtte | [3]Security Center. References 1. http://www.henryleather.com/components/com_weblinks/Visa.dk/ 2. http://www.henryleather.com/components/com_weblinks/Visa.dk/ 3. http://www.henryleather.com/components/com_weblinks/Visa.dk/
Hello, Jens. This is the pull request for patches which implement proper hierarchy support in blk-throttle and remove .broken_hierarchy tagging from blkcg. http://thread.gmane.org/gmane.linux.kernel.cgroups/7119 The implementation is fairly straight-forward in that it just repeats the same scheduling at each layer until it reaches the top and thus isn't very scalable. It also still has an issue where a nested cgroup could get lower than configured limits as it travels towards root but the severity is at an acceptable level after Vivke's start time adjustment patch. The issue ultimately is a problem in the scheduling algorithm itself and can also show up in flat hierarchy given the right (well, wrong) IO pattern. If it still is an actual problem, which I don't think is, we should be able to work on it later on in fairly isolated manner. While the implementation isn't perfect, it should be good enough in most cases with a few levels of nesting and this allows the rest of cgroup to proceed towards unified hierarchy handling. The series is based on top of v3.10-rc1 and available in the following git branch git://git.kernel.org/pub/scm/linux/kernel/git/tj/misc.git blk-throttle-hierarchy for you to fetch changes up to 9138125beabbb76b4a373d4a619870f6f5d86fc5:(Continue reading)
cgroup_create_file() calls d_instantiate(), which may decide to look at the xattrs on the file. Smack always does this and SELinux can be configured to do so. But cgroup_add_file() didn't initialize xattrs before calling cgroup_create_file(), which finally leads to dereferencing NULL dentry->d_fsdata. This bug has been there since cgroup xattr was introduced. Cc: <stable@...> # 3.8.x Reported-by: Ivan Bulatovic <combuster@...> Reported-by: Casey Schaufler <casey@...> Signed-off-by: Li Zefan <lizefan@...> --- kernel/cgroup.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/kernel/cgroup.c b/kernel/cgroup.c index 2a99262..38b1365 100644 --- a/kernel/cgroup.c +++ b/kernel/cgroup.c <at> <at> -2699,13 +2699,14 <at> <at> static int cgroup_add_file(struct cgroup *cgrp, struct cgroup_subsys *subsys, goto out; } + cfe->type = (void *)cft; + cfe->dentry = dentry; + dentry->d_fsdata = cfe; + simple_xattrs_init(&cfe->xattrs);(Continue reading)
8123598440257510001891499200949551931924118835737371310932635768116682947458084333410172923427385526My dear friend, How’s your business recently? We are writing to update you our new designs in 2013, we are special in manufacturing and designing the mosaic tiles, including the marble stone mosaic and glass mosaic and metal mosaic, ect. With more than 10 years production and export experience, we have successfully developed thousands of mosaic designs to meet the need of different market! And we can also make it according to your own designs or requirements! If you are interested in our mosaics, we would like to send you our catalogue and pricelist for your reference, we are expecting your kind prompt reply and feedback! Thanks in advance! --- Thanks & best regards Sabrina Law General manager(Continue reading)
In kernel/cgroup.c in cgroup_add_file() we have:
dentry = lookup_one_len(name, dir, strlen(name));
if (IS_ERR(dentry)) {
error = PTR_ERR(dentry);
goto out;
}
mode = cgroup_file_mode(cft);
error = cgroup_create_file(dentry, mode | S_IFREG, cgrp->root->sb);
if (!error) {
cfe->type = (void *)cft;
cfe->dentry = dentry;
dentry->d_fsdata = cfe;
simple_xattrs_init(&cfe->xattrs);
list_add_tail(&cfe->node, &parent->files);
cfe = NULL;
}
dput(dentry);
cgroup_create_file() calls d_instantiate, which may
decide to look at the xattrs on the file. Smack always
does this and SELinux can be configured to do so, although
no one seems to be using that option. Since the dentry
has not been initialized panics in __d_xattr ensue. See
bugzilla 57791.
Hello Maintainers:
After call get_new_cssid(), I can not find the related free function
(it seems free_css_id() is for that, but not used).
The memory location is:
get_new_cssid() --> kzalloc() for 'struct css_id'
get_new_cssid() --> idr_alloc() for 'ss->idr'
One work flow:
cgroup_load_subsys() --> cgroup_init_idr() --> get_new_cssid()
when get_new_cssid() fails, it will:
cgroup_load_subsys() --> cgroup_unload_subsys() --> idr_destroy(),
and also:
cgroup_load_subsys() --> cgroup_unload_subsys() --> ss->css_free();
('css_free' may 'debug_css_free', or 'freezer_css_free' ...)
It seems the work flow above is not 'kfree' 'struct css_id', is it true?
BTW: I also guess, for cgroup_init_idr() in cgroup_init(), need check
the return value.
Please help check.
Thanks.
--
Chen Gang
Asianux Corporation
(Continue reading)
Current state of the kernel appears to be that there are more than 1000 capable() calls and only handful are converted to ns_capable(). Moreover, it probably does not make any sense to convert most of these calls to be namespace aware due to the nature of the physical resources they control, making 'capable()' the right question to ask. Yet, in order to be able to build 'fully functional real device' like containers, user namespaces sometimes need the access to real system resources. Thus, one potential candidate for enabling access to physical resources from the user namespace would be to use namespaces own CAP_SYS_RESOURCE as a magical token for making task capabilities valid for init_ns. Signed-off-by: Janne Karhunen <Janne.Karhunen@...> --- kernel/user_namespace.c | 8 ++++++++ security/commoncap.c | 18 ++++++++++++++++-- 2 files changed, 24 insertions(+), 2 deletions(-) diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c index d8c30db..f7281fd 100644 --- a/kernel/user_namespace.c +++ b/kernel/user_namespace.c <at> <at> -43,6 +43,14 <at> <at> static void set_cred_user_ns(struct cred *cred, struct user_namespace *user_ns) key_put(cred->request_key_auth); cred->request_key_auth = NULL; #endif +(Continue reading)
This patchset try to add namespace support for audit. I choose to assign audit to the user namespace. Right now,there are six kinds of namespaces, such as net, mount, ipc, pid, uts and user. the first five namespaces have special usage. the audit isn't suitable to belong to these five namespaces, so the user namespace may be the best choice. Through I decide to make audit related resources per user namespace, but audit uses netlink to communicate between kernel space and user space, and the netlink is a private resource of per net namespace. So we need the capability to allow the netlink sockets to communicate with each other in the same user namespace even they are in different net namespace. [PATCH 2/48] does this job, it adds a new function "compare" for per netlink table to compare two sockets. it means the netlink protocols can has its own compare fuction, For other protocols, two netlink sockets are different if they belong to the different net namespace. For audit protocol, two sockets can be the same even they in different net namespace,we use user namespace not net namespace to make the decision. There is one point that some people may dislike,in [PATCH 1/48], the kernel side audit netlink socket is created only when we create the first netns for the userns, and this userns will hold the netns until we destroy this userns. The other patches just make the audit related resources per user namespace.(Continue reading)
Changes since the last take[L] are * Unnecessary throtl_schedule_delayed_work() call dropped from 0007. * throtl_log() implement in 0021 forgot to print space after blkg path. Fixed. * 0030-blk-throttle-add-throtl_qnode-for-dispatch-fairness.patch added to address dispatch fairness. * 0031-blk-throttle-Account-for-child-group-s-start-time-in.patch added to address unwarranted penalty of nested limit enforcement due to staggered delays of slice start times at multiple levels. The original patchset description follows. blk-throttle is the last controller with broken hierarchy support making blkcg the last one tagged with .broken_hierarchy. This patchset implements hierarchy support for blk-throttle. The semantics is pretty simple - limits on an intermediate node applies to the whole subtree and the statistics remain local. As this changes the meaning of the knobs in an incompatible manner - e.g. configuring limits on root cgroup now means setting the limit for the whole system - the hierarchy mode is enabled by "sane_behavior" cgroup mount flag. If the flag is not specified, the original broken flat hierarchy behavior is retained. While this patchset contains many patches, the implementation is pretty straight-forward. throtl_grp's form a tree anchored at(Continue reading)
RSS Feed213 | |
|---|---|
260 | |
223 | |
229 | |
199 | |
263 | |
458 | |
261 | |
310 | |
134 | |
61 | |
103 | |
110 | |
433 | |
252 | |
109 | |
104 | |
202 | |
185 | |
8 | |
86 | |
206 | |
147 | |
32 | |
57 | |
100 | |
252 | |
398 | |
220 | |
145 | |
100 | |
139 | |
150 | |
182 | |
202 | |
95 | |
287 | |
239 | |
793 | |
446 | |
249 | |
223 | |
404 | |
710 | |
642 | |
600 | |
840 | |
591 | |
788 | |
756 | |
649 | |
446 | |
399 | |
449 | |
589 | |
587 | |
551 | |
690 | |
531 | |
389 | |
163 | |
399 | |
383 | |
378 | |
415 | |
512 | |
471 | |
629 | |
702 | |
467 | |
320 | |
1 |
