[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20211009224138.GZ174703@worktop.programming.kicks-ass.net>
Date: Sun, 10 Oct 2021 00:41:38 +0200
From: Peter Zijlstra <peterz@...radead.org>
To: "Pratik R. Sampat" <psampat@...ux.ibm.com>
Cc: bristot@...hat.com, christian@...uner.io, ebiederm@...ssion.com,
lizefan.x@...edance.com, tj@...nel.org, hannes@...xchg.org,
mingo@...nel.org, juri.lelli@...hat.com,
linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org,
cgroups@...r.kernel.org, containers@...ts.linux.dev,
containers@...ts.linux-foundation.org, pratik.r.sampat@...il.com
Subject: Re: [RFC 0/5] kernel: Introduce CPU Namespace
On Sat, Oct 09, 2021 at 08:42:38PM +0530, Pratik R. Sampat wrote:
> Current shortcomings in the prototype:
> --------------------------------------
> 1. Containers also frequently use cfs period and quotas to restrict CPU
> runtime also known as millicores in modern container runtimes.
> The RFC interface currently does not account for this in
> the scheme of things.
> 2. While /proc/stat is now namespace aware and userspace programs like
> top will see the CPU utilization for their view of virtual CPUs;
> if the system or any other application outside the namespace
> bumps up the CPU utilization it will still show up in sys/user time.
> This should ideally be shown as stolen time instead.
> The current implementation plugs into the display of stats rather
> than accounting which causes incorrect reporting of stolen time.
> 3. The current implementation assumes that no hotplug operations occur
> within a container and hence the online and present cpus within a CPU
> namespace are always the same and query the same CPU namespace mask
> 4. As this is a proof of concept, currently we do not differentiate
> between cgroup cpus_allowed and effective_cpus and plugs them into
> the same virtual CPU map of the namespace
> 5. As described in a fair use implication earlier, knowledge of the
> CPU topology can potentially be taken an misused with a flood.
> While scrambling the CPUset in the namespace can help by
> obfuscation of information, the topology can still be roughly figured
> out with the use of IPI latencies to determine siblings or far away
> cores
6. completely destroys and ignores any machine topology information.
Powered by blists - more mailing lists