linux: clarify pids cgroup settings #1279
Open
+4
−2
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
While the original wording did not provide any justification for this, some runtimes have incorrectly treated a pids.limit value of 0 as being equivalent to "max" or otherwise handle it suboptimally. So, add some clarifying wording that the correct representation of max is -1 (like every other cgroup configuration) and that users should not treat 0 as a special value of any kind. Note that a pids.limit value of 0 is actually different to 1 now that CLONE_INTO_CGROUP exists (at the time pids was added to the kernel and the spec, this feature didn't exist and so it may have seemed redundant to have two equivalent values). Signed-off-by: Aleksa Sarai <[email protected]>
cyphar
requested review from
AkihiroSuda,
crosbymichael,
dqminh,
giuseppe,
hqhq,
kolyshkin,
mrunalp,
thaJeztah,
tianon and
utam0k
as code owners
AkihiroSuda
reviewed
Feb 27, 2025
| * **`limit`** *(int64, REQUIRED)* - specifies the maximum number of tasks in the cgroup | ||
| * **`limit`** *(int64, REQUIRED)* - specifies the maximum number of tasks in the cgroup, with `-1` indicating no limit (`max`). | ||
|
|
||
| > Note: Even though it superficially seems redundant, `0` is a valid limit value for the `pids` cgroup controller and SHOULD NOT be treated as a special value. |
There was a problem hiding this comment.
Suggested change
| > Note: Even though it superficially seems redundant, `0` is a valid limit value for the `pids` cgroup controller and SHOULD NOT be treated as a special value. | |
| > Note: Even though it superficially seems redundant, `0` is a valid limit value for the `pids` cgroup controller from kernel's perspective, and SHOULD NOT be treated as "no limit". An implementation may reject `0`. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
While the original wording did not provide any justification for this,
some runtimes have incorrectly treated a pids.limit value of 0 as being
equivalent to "max" or otherwise handle it suboptimally.
So, add some clarifying wording that the correct representation of max
is -1 (like every other cgroup configuration) and that users should not
treat 0 as a special value of any kind.
Note that a pids.limit value of 0 is actually different to 1 now that
CLONE_INTO_CGROUP exists (at the time pids was added to the kernel and
the spec, this feature didn't exist and so it may have seemed redundant
to have two equivalent values).
Signed-off-by: Aleksa Sarai [email protected]