From owner-freebsd-jail@freebsd.org Fri Nov 20 05:13:23 2020 Return-Path: Delivered-To: freebsd-jail@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 31D2047DACF for ; Fri, 20 Nov 2020 05:13:23 +0000 (UTC) (envelope-from kevans@freebsd.org) Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Ccl7R0yvzz4ZhX for ; Fri, 20 Nov 2020 05:13:23 +0000 (UTC) (envelope-from kevans@freebsd.org) Received: from mail-qt1-f173.google.com (mail-qt1-f173.google.com [209.85.160.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) (Authenticated sender: kevans) by smtp.freebsd.org (Postfix) with ESMTPSA id 0EEC9AF2B for ; Fri, 20 Nov 2020 05:13:23 +0000 (UTC) (envelope-from kevans@freebsd.org) Received: by mail-qt1-f173.google.com with SMTP id i12so6364681qtj.0 for ; Thu, 19 Nov 2020 21:13:23 -0800 (PST) X-Gm-Message-State: AOAM533jhwnMCHyxx1qexoyONEfvJtRXDxrYXcDz789LKZJrpY0qICUl yvx128ZWZgKIyWGznYc7kvPE64+62gQZI9QdJ7A= X-Received: by 2002:ac8:3805:: with SMTP id q5mt15239788qtb.53.1605849202722; Thu, 19 Nov 2020 21:13:22 -0800 (PST) MIME-Version: 1.0 References: <08c97ed86c3d64fea1cedbc111841b7a@freebsd.org> In-Reply-To: From: Kyle Evans Date: Thu, 19 Nov 2020 23:13:11 -0600 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: cpuset/jail creation Cc: James Gritton , freebsd-jail Content-Type: text/plain; charset="UTF-8" X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Nov 2020 05:13:23 -0000 On Thu, Nov 19, 2020 at 10:56 PM Kyle Evans wrote: > > [... snip ...] > > On the other hand, let's go the other way with it: say I have a > process based on cpuset 1 and just a different affinity, so the one > thread has an anonymous cpuset based on the mother of all prison0 > processes. With the above patch applied, it suddenly gets its own > numbered cpuset [**]. > > [... snip ...] > > [**] I think this particular issue can be easily addressed by walking > through all of the threads in the process one more time, just before > we allocate a new base cpuset for it if we're going to. If every > thread has an anonymous set, then we can simply avoid creating a new > base for it and just keep the existing behavior, which will do the > right thing -- create a new anonymous set hanging off of the jail's > root. The jail's root set can be modified by real root, so from that > perspective nothing has changed. It turns out this isn't quite right, and we're a tad inconsistent: prison0 processes don't inherently get its root cpuset, while other jails' processes do. The above should have been "every thread has either an anonymous set or the root set", but we can't do that, so instead: "anonymous set, the root set, or the default set (i.e. thread0's)"