lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <18793f4a-fd39-2e71-0b77-856afb01547b@redhat.com>
Date:   Sun, 28 May 2023 17:18:50 -0400
From:   Waiman Long <longman@...hat.com>
To:     Tejun Heo <tj@...nel.org>
Cc:     Michal Koutný <mkoutny@...e.com>,
        Zefan Li <lizefan.x@...edance.com>,
        Johannes Weiner <hannes@...xchg.org>,
        Jonathan Corbet <corbet@....net>,
        Shuah Khan <shuah@...nel.org>, linux-kernel@...r.kernel.org,
        cgroups@...r.kernel.org, linux-doc@...r.kernel.org,
        linux-kselftest@...r.kernel.org,
        Juri Lelli <juri.lelli@...hat.com>,
        Valentin Schneider <vschneid@...hat.com>,
        Frederic Weisbecker <frederic@...nel.org>,
        Mrunal Patel <mpatel@...hat.com>,
        Ryan Phillips <rphillips@...hat.com>,
        Brent Rowsell <browsell@...hat.com>,
        Peter Hunt <pehunt@...hat.com>, Phil Auld <pauld@...hat.com>
Subject: Re: [RFC PATCH 0/5] cgroup/cpuset: A new "isolcpus" paritition

On 5/22/23 15:49, Tejun Heo wrote:
> Hello, Waiman.

Sorry for the late reply as I had been off for almost 2 weeks due to PTO.


>
> On Sun, May 07, 2023 at 09:03:44PM -0400, Waiman Long wrote:
> ...
>>    cpuset.cpus.reserve
>>      A read-write multiple values file which exists only on root
>>      cgroup.
>>
>>      It lists all the CPUs that are reserved for adjacent and remote
>>      partitions created in the system.  See the next section for
>>      more information on what an adjacent or remote partitions is.
>>
>>      Creation of adjacent partition does not require touching this
>>      control file as CPU reservation will be done automatically.
>>      In order to create a remote partition, the CPUs needed by the
>>      remote partition has to be written to this file first.
>>
>>      A "+" prefix can be used to indicate a list of additional
>>      CPUs that are to be added without disturbing the CPUs that are
>>      originally there.  For example, if its current value is "3-4",
>>      echoing ""+5" to it will change it to "3-5".
>>
>>      Once a remote partition is destroyed, its CPUs have to be
>>      removed from this file or no other process can use them.  A "-"
>>      prefix can be used to remove a list of CPUs from it.  However,
>>      removing CPUs that are currently used in existing partitions
>>      may cause those partitions to become invalid.  A single "-"
>>      character without any number can be used to indicate removal
>>      of all the free CPUs not allocated to any partitions to avoid
>>      accidental partition invalidation.
> Why is the syntax different from .cpus? Wouldn't it be better to keep them
> the same?

Unlike cpuset.cpus, cpuset.cpus.reserve is supposed to contains CPUs 
that are used in multiple partitions. Also automatic reservation of 
adjacent partitions can happen in parallel. That is why I think it will 
be safer if we allow incremental increase or decrease of reserve CPUs to 
be used for remote partitions. I will include this reasoning into the 
doc file.


>>    cpuset.cpus.partition
>>      A read-write single value file which exists on non-root
>>      cpuset-enabled cgroups.  This flag is owned by the parent cgroup
>>      and is not delegatable.
>>
>>      It accepts only the following input values when written to.
>>
>>        ==========    =====================================
>>        "member"    Non-root member of a partition
>>        "root"    Partition root
>>        "isolated"    Partition root without load balancing
>>        ==========    =====================================
>>
>>      A cpuset partition is a collection of cgroups with a partition
>>      root at the top of the hierarchy and its descendants except
>>      those that are separate partition roots themselves and their
>>      descendants.  A partition has exclusive access to the set of
>>      CPUs allocated to it.  Other cgroups outside of that partition
>>      cannot use any CPUs in that set.
>>
>>      There are two types of partitions - adjacent and remote.  The
>>      parent of an adjacent partition must be a valid partition root.
>>      Partition roots of adjacent partitions are all clustered around
>>      the root cgroup.  Creation of adjacent partition is done by
>>      writing the desired partition type into "cpuset.cpus.partition".
>>
>>      A remote partition does not require a partition root parent.
>>      So a remote partition can be formed far from the root cgroup.
>>      However, its creation is a 2-step process.  The CPUs needed
>>      by a remote partition ("cpuset.cpus" of the partition root)
>>      has to be written into "cpuset.cpus.reserve" of the root
>>      cgroup first.  After that, "isolated" can be written into
>>      "cpuset.cpus.partition" of the partition root to form a remote
>>      isolated partition which is the only supported remote partition
>>      type for now.
>>
>>      All remote partitions are terminal as adjacent partition cannot
>>      be created underneath it.
> Can you elaborate this extra restriction a bit further?

Are you referring to the fact that only remote isolated partitions are 
supported? I do not preclude the support of load balancing remote 
partitions. I keep it to isolated partitions for now for ease of 
implementation and I am not currently aware of a use case where such a 
remote partition type is needed.

If you are talking about remote partition being terminal. It is mainly 
because it can be more tricky to support hierarchical adjacent 
partitions underneath it especially if it is not isolated. We can 
certainly support it if a use case arises. I just don't want to 
implement code that nobody is really going to use.

BTW, with the current way the remote partition is created, it is not 
possible to have another remote partition underneath it.

>
> In general, I think it'd be really helpful if the document explains the
> reasoning behind the design decisions. ie. Why is reserving for? What
> purpose does it serve that the regular isolated ones cannot? That'd help
> clarifying the design decisions.

I understand your concern. If you think it is better to support both 
types of remote partitions or hierarchical adjacent partitions 
underneath it for symmetry purpose, I can certain do that. It just needs 
to take a bit more time.

Cheers,
Longman

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ