Re: [RFC PATCH] sched, cgroup: cgroup1 can also take the non-RUNTIME_INF min

From: 刘嵩
Date: Tue Sep 10 2024 - 21:53:52 EST




> 2024年9月11日 03:32,Tejun Heo <tj@xxxxxxxxxx> 写道:
>
> On Tue, Sep 10, 2024 at 03:48:32PM +0800, Liu Song wrote:
>> For the handling logic of child_quota, there is no need to distinguish
>> between cgroup1 and cgroup2, so unify the handling logic here.
>>
>> Signed-off-by: Liu Song <liusong@xxxxxxxxxxxxxxxxx>
>
> It doens't make much sense to change the interface for cgroup1 at this
> point. Let's please leave it as-is.
>
> Thanks.
>
> --
> tejun

Hi

In scenarios involving secure shared containers (like Kata), where containers are deployed
on VMs and constrained by CPU runtime using quotas, the concept of vCPUs comes into
play.

If the CPU limit set by Kubernetes is less than the actual number of vCPUs, meaning the
CPU count derived from the quota is less than the vCPU count, then when a user runs lscpu
inside the container, the reported CPU count will be greater than the container's quota.

If the user uses this reported count to calculate quota and attempts to set it for their own
sub-container, it will result in an error under cgroup1, whereas the same operation will
succeed under cgroup2. To avoid imposing extra learning costs on users, unifying the
handling logic in this regard is still beneficial.

Thanks