[jira] [Commented] (YARN-6852) [YARN-6223] Native code changes to support isolate GPU devices by using CGroups

Wed, 02 Aug 2017 16:53:51 -0700 

    [ 
https://issues.apache.org/jira/browse/YARN-6852?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16111936#comment-16111936
 ] 

Miklos Szegedi commented on YARN-6852:
--------------------------------------

Thank you for the patch [~wangda]
We have now get_executable.c and cgroups-operations.c. It is up to you but I 
prefer cgroups_operations.c.
get_cgroups_path_to_write: This function could really use some comments
{{if (!cgroups_root || strlen(cgroups_root) == 0)}} How about {{if 
(!cgroups_root || cgroups_root[0] == 0)}} it is more common.
{code}
sprintf(output_path, "%s/%s/%s/%s/%s.%s",
  cgroups_root, controller_name, yarn_hierarchy_name,
  group_id, controller_name, param_name);
{code}
Please use snprintf to avoid buffer overflow and potential security/reliability 
issues. Usually the caller is supposed to send the max size as well. Also you 
need to handle snprintf.
config_initialized is not necessary/redundant. cgroup_cfg_section != NULL 
provides the same meaning.
cgroup_cfg_section should be static as well.
To be accurate controller_name is actually hierarchy_name. There is subsystem 
(cpu) and hierarchy (cpu,cpuacct).
Why do you have cgroup_cfg_section? You could eliminate it and get it all the 
time or just cache cgroups_root.
update_cgroups_parameters needs function header comments as well.
update_cgroups_parameters: Pass in full_path size to get_cgroups_path_to_write 
otherwise it may overflow the buffer on the stack(!) overwrite the return 
address to the buffer itself and execute arbitrary code as root upon return. 😃
full_path should be allocated on the heap. It is quite big and may increase the 
likelihood of stack overflows along with vulnerabilities like above.
continued...

> [YARN-6223] Native code changes to support isolate GPU devices by using 
> CGroups
> -------------------------------------------------------------------------------
>
>                 Key: YARN-6852
>                 URL: https://issues.apache.org/jira/browse/YARN-6852
>             Project: Hadoop YARN
>          Issue Type: Sub-task
>            Reporter: Wangda Tan
>            Assignee: Wangda Tan
>         Attachments: YARN-6852.001.patch, YARN-6852.002.patch
>
>
> This JIRA plan to add support of:
> 1) Isolation in CGroups. (native side).



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org

Reply via email to