lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <15cc2bc2-4db9-4209-9c06-207bf613ea5a@kernel.org>
Date: Tue, 6 Feb 2024 11:38:59 +0100
From: Matthieu Baerts <matttbe@...nel.org>
To: Paolo Abeni <pabeni@...hat.com>,
 Willem de Bruijn <willemdebruijn.kernel@...il.com>,
 Jakub Kicinski <kuba@...nel.org>
Cc: netdev@...r.kernel.org, davem@...emloft.net, edumazet@...gle.com,
 linux-kselftest@...r.kernel.org, Willem de Bruijn <willemb@...gle.com>
Subject: Re: [PATCH net-next] selftests/net: ignore timing errors in so_txtime
 if KSFT_MACHINE_SLOW

Hi Paolo, Willem, Jakub,

On 06/02/2024 10:18, Paolo Abeni wrote:
> On Fri, 2024-02-02 at 19:31 -0500, Willem de Bruijn wrote:
>> Jakub Kicinski wrote:
>>> On Thu,  1 Feb 2024 11:21:19 -0500 Willem de Bruijn wrote:
>>>> This test is time sensitive. It may fail on virtual machines and for
>>>> debug builds.
>>>>
>>>> Continue to run in these environments to get code coverage. But
>>>> optionally suppress failure for timing errors (only). This is
>>>> controlled with environment variable KSFT_MACHINE_SLOW.
>>>>
>>>> The test continues to return 0 (KSFT_PASS), rather than KSFT_XFAIL
>>>> as previously discussed. Because making so_txtime.c return that and
>>>> then making so_txtime.sh capture runs that pass that vs KSFT_FAIL
>>>> and pass it on added a bunch of (fragile bash) boilerplate, while the
>>>> result is interpreted the same as KSFT_PASS anyway.
>>>
>>> FWIW another idea that came up when talking to Matthieu -
>>> isolate the VMs which run time-sensitive tests to dedicated
>>> CPUs. Right now we kick off around 70 4 CPU VMs and let them 
>>> battle for 72 cores. The machines don't look overloaded but
>>> there can be some latency spikes (CPU use diagram attached).
>>>
>>> So the idea would be to have a handful of special VMs running 
>>> on dedicated CPUs without any CPU time competition. That could help 
>>> with latency spikes. But we'd probably need to annotate the tests
>>> which need some special treatment.
>>>
>>> Probably too much work both to annotate tests and set up env,
>>> but I thought I'd bring it up here in case you had an opinion.
>>
>> I'm not sure whether the issue with timing in VMs is CPU affinity.
>> Variance may just come from expensive hypercalls, even with a
>> dedicated CPU. Though tests can tell.
> 
> FTR, I think the CPU affinity setup is a bit too complex, and hard to
> reproduce for 3rd parties willing to investigate eventual future CI
> failures, I think the current env-variable-based approach would help
> with reproducibility.

I agree with you. Initially, with 70 VMs with 4 CPU cores, I thought it
would have taken more CPU resources, especially when KVM is not used.

Looking at the screenshot provided by Jakub, the host doesn't seem
overloaded, and the VM isolation is probably enough. Maybe only the
first test(s) can be impacted?

At the end, now that the runner without KVM is no longer there, the
situation should be improved :)

>> There's still the debug builds, as well.

For one MPTCP selftest checking the time to transfer some data, we
increase the tolerance by looking at kallsyms:

  grep -q ' kmemleak_init$\| lockdep_init$\| kasan_init$\|
prove_locking$' /proc/kallsyms

We can also look at KSFT_MACHINE_SLOW if it is the new standard.

Cheers,
Matt
-- 
Sponsored by the NGI0 Core fund.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ