Re: [PATCH v4 09/14] cpuset: Don't use the cpu_possible_mask as a last resort for cgroup v1
From: Quentin Perret
Date: Tue Dec 01 2020 - 07:38:56 EST
On Tuesday 01 Dec 2020 at 11:58:42 (+0000), Qais Yousef wrote:
> On 11/30/20 17:36, Quentin Perret wrote:
> > On Monday 30 Nov 2020 at 17:05:31 (+0000), Qais Yousef wrote:
> > > I create 3 cpusets: 64bit, 32bit and mix. As the name indicates, 64bit contains
> > > all 64bit-only cpus, 32bit contains 32bit-capable ones and mix has a mixture of
> > > both.
> > >
> > > If I try to move my test binary to 64bit cpuset, it moves there and I see the
> > > WARN_ON_ONCE() triggered. The task has attached to the new cpuset but
> > > set_allowed_cpus_ptr() has failed and we end up with whatever affinity we had
> > > previously. Breaking cpusets effectively.
> >
> > Right, and so does exec'ing from a 64 bit task into 32 bit executable
> > from within a 64 bit-only cpuset :( . And there is nothing we can really
>
> True. The kernel can decide to kill the task or force detach it then, no?
> Sending SIGKILL makes more sense.
Yeah but again, we need this to work for existing apps. Just killing it
basically means we have no support, so that doesn't work for the use
case :/
> > do about it, we cannot fail the exec because we need this to work for
> > existing apps, and there is no way the Android framework can know
> > upfront.
>
> It knows upfront it has enabled asym aarch32. So it needs to make sure not to
> create 'invalid' cpusets?
Problem is, we _really_ don't want to keep a big CPU in the background
cpuset just for that. And even if we did, we'd have to deal with hotplug.
> >
> > So the only thing we can do really is WARN() and proceed to ignore the
> > cpuset, which is what this series does :/. It's not exactly pretty but I
> > don't think we can do much better than that TBH, and it's the same thing
> > for the example you brought up. Failing cpuset_can_attach() will not
> > help, we can only WARN and proceed ...
>
> I think for cases where we can prevent userspace from doing something wrong, we
> should. Like trying to attach to a cpuset that will result in an empty mask.
> FWIW, it does something similar with deadline tasks. See task_can_attach().
>
> Similarly for the case when userspace tries to modify the cpuset.cpus such that
> a task will end up with empty cpumask. We now have the new case that some tasks
> can only run on a subset of cpu_possible_mask. So the definition of empty
> cpumask has gained an extra meaning.
I see this differently, e.g. if you affine a task to a CPU and you
hotunplug it, then the kernel falls back to the remaining online CPUs
for that task. Not pretty, but it keeps things functional. I'm thinking
a similar kind of support would be good enough here.
But yes, this cpuset mess is the part of the series I hate most too.
It's just not clear we have better solutions :/
> >
> > Now, Android should be fine with that I think. We only need the kernel
> > to implement a safe fallback mechanism when userspace gives
> > contradictory commands, because we know there are edge cases userspace
> > _cannot_ deal with correctly, but this fallback doesn't need to be
> > highly optimized (at least for Android), but I'm happy to hear what
> > others think.
>
> Why not go with our original patch that fixes affinity then in the arch code if
> the task wakes up on the wrong cpu? It is much simpler approach IMO to achieve
> the same thing.
I personally had no issues with that patch, but as per Peter's original
reply, that's "not going to happen". Will's proposal seems to go one
step further and tries its best to honor the contract with userspace (by
keeping the subset of the affinity mask, ...) when that can be done, so
if that can be acceptable, then be it. But I'd still rather keep this
simple if at all possible. It's just my opinion though :)
Thanks,
Quentin