From: Peter Zijlstra <peterz@infradead.org>
To: "Pratik R. Sampat" <psampat@linux.ibm.com>
Cc: bristot@redhat.com, christian@brauner.io, ebiederm@xmission.com,
lizefan.x@bytedance.com, tj@kernel.org, hannes@cmpxchg.org,
mingo@kernel.org, juri.lelli@redhat.com,
linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
cgroups@vger.kernel.org, containers@lists.linux.dev,
containers@lists.linux-foundation.org, pratik.r.sampat@gmail.com
Subject: Re: [RFC 0/5] kernel: Introduce CPU Namespace
Date: Sun, 10 Oct 2021 00:41:38 +0200 [thread overview]
Message-ID: <20211009224138.GZ174703@worktop.programming.kicks-ass.net> (raw)
In-Reply-To: <20211009151243.8825-1-psampat@linux.ibm.com>
On Sat, Oct 09, 2021 at 08:42:38PM +0530, Pratik R. Sampat wrote:
> Current shortcomings in the prototype:
> --------------------------------------
> 1. Containers also frequently use cfs period and quotas to restrict CPU
> runtime also known as millicores in modern container runtimes.
> The RFC interface currently does not account for this in
> the scheme of things.
> 2. While /proc/stat is now namespace aware and userspace programs like
> top will see the CPU utilization for their view of virtual CPUs;
> if the system or any other application outside the namespace
> bumps up the CPU utilization it will still show up in sys/user time.
> This should ideally be shown as stolen time instead.
> The current implementation plugs into the display of stats rather
> than accounting which causes incorrect reporting of stolen time.
> 3. The current implementation assumes that no hotplug operations occur
> within a container and hence the online and present cpus within a CPU
> namespace are always the same and query the same CPU namespace mask
> 4. As this is a proof of concept, currently we do not differentiate
> between cgroup cpus_allowed and effective_cpus and plugs them into
> the same virtual CPU map of the namespace
> 5. As described in a fair use implication earlier, knowledge of the
> CPU topology can potentially be taken an misused with a flood.
> While scrambling the CPUset in the namespace can help by
> obfuscation of information, the topology can still be roughly figured
> out with the use of IPI latencies to determine siblings or far away
> cores
6. completely destroys and ignores any machine topology information.
prev parent reply other threads:[~2021-10-09 22:41 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-09 15:12 [RFC 0/5] kernel: Introduce CPU Namespace Pratik R. Sampat
2021-10-09 15:12 ` Pratik R. Sampat
2021-10-09 15:12 ` [RFC 1/5] ns: " Pratik R. Sampat
[not found] ` <20211009151243.8825-2-psampat-tEXmvtCZX7AybS5Ee8rs3A@public.gmane.org>
2021-10-09 22:37 ` Peter Zijlstra
2021-10-09 22:37 ` Peter Zijlstra
[not found] ` <20211009151243.8825-1-psampat-tEXmvtCZX7AybS5Ee8rs3A@public.gmane.org>
2021-10-09 15:12 ` [RFC 2/5] ns: Add scrambling functionality to CPU namespace Pratik R. Sampat
2021-10-09 15:12 ` Pratik R. Sampat
2021-10-09 15:12 ` [RFC 4/5] cpu/cpuns: Make sysfs CPU namespace aware Pratik R. Sampat
2021-10-09 15:12 ` Pratik R. Sampat
2021-10-09 15:12 ` [RFC 5/5] proc/cpuns: Make procfs load stats " Pratik R. Sampat
2021-10-09 15:12 ` Pratik R. Sampat
2021-10-11 10:11 ` [RFC 0/5] kernel: Introduce CPU Namespace Christian Brauner
2021-10-11 10:11 ` Christian Brauner
2021-10-11 14:17 ` Michal Koutný
2021-10-11 14:17 ` Michal Koutný
2021-10-11 17:42 ` Tejun Heo
2021-10-12 8:42 ` Pratik Sampat
2021-10-14 22:14 ` Tejun Heo
2021-10-18 15:29 ` Pratik Sampat
2021-10-18 16:29 ` Tejun Heo
[not found] ` <YW2g73Lwmrhjg/sv-NiLfg/pYEd1N0TnZuCh8vA@public.gmane.org>
2021-10-20 10:44 ` Pratik Sampat
2021-10-20 10:44 ` Pratik Sampat
[not found] ` <77854748-081f-46c7-df51-357ca78b83b3-tEXmvtCZX7AybS5Ee8rs3A@public.gmane.org>
2021-10-20 16:35 ` Tejun Heo
2021-10-20 16:35 ` Tejun Heo
[not found] ` <YXBFVCc61nCG5rto-NiLfg/pYEd1N0TnZuCh8vA@public.gmane.org>
2021-10-21 7:44 ` Pratik Sampat
2021-10-21 7:44 ` Pratik Sampat
[not found] ` <bd1811cc-0e04-9e44-0b46-02689ff9a238-tEXmvtCZX7AybS5Ee8rs3A@public.gmane.org>
2021-10-21 17:06 ` Tejun Heo
2021-10-21 17:06 ` Tejun Heo
2021-10-21 17:15 ` Eric W. Biederman
2021-10-21 17:15 ` Eric W. Biederman
2021-10-09 15:12 ` [RFC 3/5] cpuset/cpuns: Make cgroup CPUset CPU namespace aware Pratik R. Sampat
2021-10-09 22:41 ` Peter Zijlstra [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211009224138.GZ174703@worktop.programming.kicks-ass.net \
--to=peterz@infradead.org \
--cc=bristot@redhat.com \
--cc=cgroups@vger.kernel.org \
--cc=christian@brauner.io \
--cc=containers@lists.linux-foundation.org \
--cc=containers@lists.linux.dev \
--cc=ebiederm@xmission.com \
--cc=hannes@cmpxchg.org \
--cc=juri.lelli@redhat.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lizefan.x@bytedance.com \
--cc=mingo@kernel.org \
--cc=pratik.r.sampat@gmail.com \
--cc=psampat@linux.ibm.com \
--cc=tj@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.