Re: [RFC 0/5] kernel: Introduce CPU Namespace

[Peter Zijlstra]

On Sat, Oct 09, 2021 at 08:42:38PM +0530, Pratik R. Sampat wrote:

> Current shortcomings in the prototype:
> --------------------------------------
> 1. Containers also frequently use cfs period and quotas to restrict CPU
>    runtime also known as millicores in modern container runtimes.
>    The RFC interface currently does not account for this in
>    the scheme of things.
> 2. While /proc/stat is now namespace aware and userspace programs like
>    top will see the CPU utilization for their view of virtual CPUs;
>    if the system or any other application outside the namespace
>    bumps up the CPU utilization it will still show up in sys/user time.
>    This should ideally be shown as stolen time instead.
>    The current implementation plugs into the display of stats rather
>    than accounting which causes incorrect reporting of stolen time.
> 3. The current implementation assumes that no hotplug operations occur
>    within a container and hence the online and present cpus within a CPU
>    namespace are always the same and query the same CPU namespace mask
> 4. As this is a proof of concept, currently we do not differentiate
>    between cgroup cpus_allowed and effective_cpus and plugs them into
>    the same virtual CPU map of the namespace
> 5. As described in a fair use implication earlier, knowledge of the
>    CPU topology can potentially be taken an misused with a flood.
>    While scrambling the CPUset in the namespace can help by
>    obfuscation of information, the topology can still be roughly figured
>    out with the use of IPI latencies to determine siblings or far away
>    cores

6. completely destroys and ignores any machine topology information.