There is a hack for stopping containers with RPC connections, but is has several flaws.
They are described in the second commit and in the task https://virtuozzo.atlassian.net/browse/VSTOR-126316 Suggested approach - atomic (with respect to the set of network namespaces) iteration over nets and RPC kill in each. One questionable point - RCU protection of rpc_kill_net_fn. If there are many namespaces in general, the loop may take a while and cause soft lockup. So: 1. Maybe race between rpc_kill request and sunrpc unload is impossible? In this case all this locking is not needed. 2. Maybe there is an easier way of providing a callback from module? Tested by a CT with nested network namespace. Current vzctl per-PID approach: [ 590.261534] kill-tasks: by task (vzctl:14066) in net:[4026533581] [ 591.308176] CT: acded8b8-6a7a-494e-a4f1-a58767276b6f: stopped With new machine.slice/CTID/ve.rpc_kill interface: [ 663.055995] kill-tasks: by task (bash:4084) in net:[4026533581] [ 663.056371] kill-tasks: by task (bash:4084) in net:[4026533987] Vladimir Riabchun (2): ve/sunrpc: Refactor {rpc, write}_kill_tasks ve/sunrpc: Implement a per-ve sunrpc killer include/linux/sunrpc/clnt.h | 2 ++ include/linux/ve.h | 4 ++++ kernel/ve/ve.c | 44 +++++++++++++++++++++++++++++++++++++ net/sunrpc/clnt.c | 31 ++++++++++++++------------ net/sunrpc/sunrpc_syms.c | 3 +++ 5 files changed, 70 insertions(+), 14 deletions(-) -- 2.47.1 _______________________________________________ Devel mailing list [email protected] https://lists.openvz.org/mailman/listinfo/devel
