lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Fri, 14 Aug 2020 07:54:39 +0000
From:   benbjiang(蒋彪) <benbjiang@...cent.com>
To:     "Li, Aubrey" <aubrey.li@...ux.intel.com>
CC:     Joel Fernandes <joel@...lfernandes.org>,
        "viremana@...ux.microsoft.com" <viremana@...ux.microsoft.com>,
        Nishanth Aravamudan <naravamudan@...italocean.com>,
        Julien Desfossez <jdesfossez@...italocean.com>,
        Peter Zijlstra <peterz@...radead.org>,
        "Tim Chen" <tim.c.chen@...ux.intel.com>,
        Ingo Molnar <mingo@...nel.org>,
        "Thomas Glexiner" <tglx@...utronix.de>,
        Paul Turner <pjt@...gle.com>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        LKML <linux-kernel@...r.kernel.org>,
        "Subhra Mazumdar" <subhra.mazumdar@...cle.com>,
        Frederic Weisbecker <fweisbec@...il.com>,
        Kees Cook <keescook@...omium.org>,
        Greg Kerr <kerrnel@...gle.com>, Phil Auld <pauld@...hat.com>,
        Aaron Lu <aaron.lwe@...il.com>,
        Aubrey Li <aubrey.intel@...il.com>,
        Valentin Schneider <valentin.schneider@....com>,
        Mel Gorman <mgorman@...hsingularity.net>,
        Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>,
        Paolo Bonzini <pbonzini@...hat.com>,
        Vineeth Pillai <vineethrp@...il.com>,
        Chen Yu <yu.c.chen@...el.com>,
        Christian Brauner <christian.brauner@...ntu.com>,
        "Ning, Hongyu" <hongyu.ning@...ux.intel.com>
Subject: Re: [RFC PATCH 00/16] Core scheduling v6(Internet mail)

Hi,

> On Aug 14, 2020, at 1:18 PM, Li, Aubrey <aubrey.li@...ux.intel.com> wrote:
> 
> On 2020/8/14 12:04, benbjiang(蒋彪) wrote:
>> 
>> 
>>> On Aug 14, 2020, at 9:36 AM, Li, Aubrey <aubrey.li@...ux.intel.com> wrote:
>>> 
>>> On 2020/8/14 8:26, benbjiang(蒋彪) wrote:
>>>> 
>>>> 
>>>>> On Aug 13, 2020, at 12:28 PM, Li, Aubrey <aubrey.li@...ux.intel.com> wrote:
>>>>> 
>>>>> On 2020/8/13 7:08, Joel Fernandes wrote:
>>>>>> On Wed, Aug 12, 2020 at 10:01:24AM +0800, Li, Aubrey wrote:
>>>>>>> Hi Joel,
>>>>>>> 
>>>>>>> On 2020/8/10 0:44, Joel Fernandes wrote:
>>>>>>>> Hi Aubrey,
>>>>>>>> 
>>>>>>>> Apologies for replying late as I was still looking into the details.
>>>>>>>> 
>>>>>>>> On Wed, Aug 05, 2020 at 11:57:20AM +0800, Li, Aubrey wrote:
>>>>>>>> [...]
>>>>>>>>> +/*
>>>>>>>>> + * Core scheduling policy:
>>>>>>>>> + * - CORE_SCHED_DISABLED: core scheduling is disabled.
>>>>>>>>> + * - CORE_COOKIE_MATCH: tasks with same cookie can run
>>>>>>>>> + *                     on the same core concurrently.
>>>>>>>>> + * - CORE_COOKIE_TRUST: trusted task can run with kernel
>>>>>>>>> 			thread on the same core concurrently. 
>>>>>>>>> + * - CORE_COOKIE_LONELY: tasks with cookie can run only
>>>>>>>>> + *                     with idle thread on the same core.
>>>>>>>>> + */
>>>>>>>>> +enum coresched_policy {
>>>>>>>>> +       CORE_SCHED_DISABLED,
>>>>>>>>> +       CORE_SCHED_COOKIE_MATCH,
>>>>>>>>> +	CORE_SCHED_COOKIE_TRUST,
>>>>>>>>> +       CORE_SCHED_COOKIE_LONELY,
>>>>>>>>> +};
>>>>>>>>> 
>>>>>>>>> We can set policy to CORE_COOKIE_TRUST of uperf cgroup and fix this kind
>>>>>>>>> of performance regression. Not sure if this sounds attractive?
>>>>>>>> 
>>>>>>>> Instead of this, I think it can be something simpler IMHO:
>>>>>>>> 
>>>>>>>> 1. Consider all cookie-0 task as trusted. (Even right now, if you apply the
>>>>>>>> core-scheduling patchset, such tasks will share a core and sniff on each
>>>>>>>> other. So let us not pretend that such tasks are not trusted).
>>>>>>>> 
>>>>>>>> 2. All kernel threads and idle task would have a cookie 0 (so that will cover
>>>>>>>> ksoftirqd reported in your original issue).
>>>>>>>> 
>>>>>>>> 3. Add a config option (CONFIG_SCHED_CORE_DEFAULT_TASKS_UNTRUSTED). Default
>>>>>>>> enable it. Setting this option would tag all tasks that are forked from a
>>>>>>>> cookie-0 task with their own cookie. Later on, such tasks can be added to
>>>>>>>> a group. This cover's PeterZ's ask about having 'default untrusted').
>>>>>>>> (Users like ChromeOS that don't want to userspace system processes to be
>>>>>>>> tagged can disable this option so such tasks will be cookie-0).
>>>>>>>> 
>>>>>>>> 4. Allow prctl/cgroup interfaces to create groups of tasks and override the
>>>>>>>> above behaviors.
>>>>>>> 
>>>>>>> How does uperf in a cgroup work with ksoftirqd? Are you suggesting I set uperf's
>>>>>>> cookie to be cookie-0 via prctl?
>>>>>> 
>>>>>> Yes, but let me try to understand better. There are 2 problems here I think:
>>>>>> 
>>>>>> 1. ksoftirqd getting idled when HT is turned on, because uperf is sharing a
>>>>>> core with it: This should not be any worse than SMT OFF, because even SMT OFF
>>>>>> would also reduce ksoftirqd's CPU time just core sched is doing. Sure
>>>>>> core-scheduling adds some overhead with IPIs but such a huge drop of perf is
>>>>>> strange. Peter any thoughts on that?
>>>>>> 
>>>>>> 2. Interface: To solve the performance problem, you are saying you want uperf
>>>>>> to share a core with ksoftirqd so that it is not forced into idle.  Why not
>>>>>> just keep uperf out of the cgroup?
>>>>> 
>>>>> I guess this is unacceptable for who runs their apps in container and vm.
>>>> IMHO,  just as Joel proposed, 
>>>> 1. Consider all cookie-0 task as trusted.
>>>> 2. All kernel threads and idle task would have a cookie 0 
>>>> In that way, all tasks with cookies(including uperf in a cgroup) could run
>>>> concurrently with kernel threads.
>>>> That could be a good solution for the issue. :)
>>> 
>>> From uperf point of review, it can trust cookie-0(I assume we still need
>>> some modifications to change cookie-match to cookie-compatible to allow
>>> ZERO and NONZERO run together).
>>> 
>>> But from kernel thread point of review, it can NOT trust uperf, unless
>>> we set uperf's cookie to 0.
>> That’s right. :)
>> Could we set the cookie of cgroup where uperf lies to 0?
>> 
> IMHO the disadvantage is that if there are two or more cgroups set cookie-0,
> then the user applications in these cgroups could run concurrently on a core,
> though all of them are set as trusted, we made a hole of user->user isolation.
For that case, how about,
- use a special cookie(cookie-trust) instead of cookie-0 for kernel thread
- implement cookie_partial_match() to match part of the cookie
- Cookie-normal(normal tasks use) could trust cookie-trust,
- tasks tend to be trusted by cookie-trust could use cookies including
  cookie-trust partially, while cookie-normal does not include cookie-trust. 
- cookie-trust tasks use cookie_partial_match() to match cookie
- normal tasks use the standard cookie match(full match) interface to match cookie.

Just a sudden thought. :)

Thx.
Regards,
Jiang

Powered by blists - more mailing lists