Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
From:   =?iso-2022-jp?B?YmVuYmppYW5nKBskQj5VSTcbKEIp?= 
        <benbjiang@tencent.com>
To:     "Li, Aubrey" <aubrey.li@linux.intel.com>
CC:     Joel Fernandes <joel@joelfernandes.org>,
        "viremana@linux.microsoft.com" <viremana@linux.microsoft.com>,
        Nishanth Aravamudan <naravamudan@digitalocean.com>,
        Julien Desfossez <jdesfossez@digitalocean.com>,
        Peter Zijlstra <peterz@infradead.org>,
        "Tim Chen" <tim.c.chen@linux.intel.com>,
        Ingo Molnar <mingo@kernel.org>,
        "Thomas Glexiner" <tglx@linutronix.de>,
        Paul Turner <pjt@google.com>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        LKML <linux-kernel@vger.kernel.org>,
        "Subhra Mazumdar" <subhra.mazumdar@oracle.com>,
        Frederic Weisbecker <fweisbec@gmail.com>,
        Kees Cook <keescook@chromium.org>,
        Greg Kerr <kerrnel@google.com>, Phil Auld <pauld@redhat.com>,
        Aaron Lu <aaron.lwe@gmail.com>,
        Aubrey Li <aubrey.intel@gmail.com>,
        Valentin Schneider <valentin.schneider@arm.com>,
        Mel Gorman <mgorman@techsingularity.net>,
        Pawan Gupta <pawan.kumar.gupta@linux.intel.com>,
        Paolo Bonzini <pbonzini@redhat.com>,
        Joel Fernandes <joelaf@google.com>,
        Vineeth Pillai <vineethrp@gmail.com>,
        Chen Yu <yu.c.chen@intel.com>,
        Christian Brauner <christian.brauner@ubuntu.com>,
        "Ning, Hongyu" <hongyu.ning@linux.intel.com>
Subject: Re: [RFC PATCH 00/16] Core scheduling v6(Internet mail)
Thread-Topic: [RFC PATCH 00/16] Core scheduling v6(Internet mail)
Thread-Index: AQHWTyYIdUbfm2uvOEagav1FxQIttakluk8AgACOfACAAkvVAIAAJvUA
Date:   Wed, 5 Aug 2020 06:16:48 +0000
Message-ID: <2332D19B-7CDC-4BD9-9224-3C6B02153514@tencent.com>
References: <cover.1593530334.git.vpillai@digitalocean.com>
 <6d0f9fc0-2e34-f559-29bc-4143e6d3f751@linux.intel.com>
 <CAEXW_YS6oW_AAkmOuXNMCj_N5763aG9SXEcWz_onPhQQU2TZ0g@mail.gmail.com>
 <f986f5a9-5c97-10ed-1e44-84bbd929e605@linux.intel.com>
In-Reply-To: <f986f5a9-5c97-10ed-1e44-84bbd929e605@linux.intel.com>
Accept-Language: zh-CN, en-US
Content-Language: en-US
Content-Type: text/plain; charset="iso-2022-jp"
Content-ID: <2F374B3B886D574BBF792FC5F673D68E@tencent.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk

Hi,

> On Aug 5, 2020, at 11:57 AM, Li, Aubrey <aubrey.li@linux.intel.com> wrote=
:
>=20
> On 2020/8/4 0:53, Joel Fernandes wrote:
>> Hi Aubrey,
>>=20
>> On Mon, Aug 3, 2020 at 4:23 AM Li, Aubrey <aubrey.li@linux.intel.com> wr=
ote:
>>>=20
>>> On 2020/7/1 5:32, Vineeth Remanan Pillai wrote:
>>>> Sixth iteration of the Core-Scheduling feature.
>>>>=20
>>>> Core scheduling is a feature that allows only trusted tasks to run
>>>> concurrently on cpus sharing compute resources (eg: hyperthreads on a
>>>> core). The goal is to mitigate the core-level side-channel attacks
>>>> without requiring to disable SMT (which has a significant impact on
>>>> performance in some situations). Core scheduling (as of v6) mitigates
>>>> user-space to user-space attacks and user to kernel attack when one of
>>>> the siblings enters the kernel via interrupts. It is still possible to
>>>> have a task attack the sibling thread when it enters the kernel via
>>>> syscalls.
>>>>=20
>>>> By default, the feature doesn't change any of the current scheduler
>>>> behavior. The user decides which tasks can run simultaneously on the
>>>> same core (for now by having them in the same tagged cgroup). When a
>>>> tag is enabled in a cgroup and a task from that cgroup is running on a
>>>> hardware thread, the scheduler ensures that only idle or trusted tasks
>>>> run on the other sibling(s). Besides security concerns, this feature
>>>> can also be beneficial for RT and performance applications where we
>>>> want to control how tasks make use of SMT dynamically.
>>>>=20
>>>> This iteration is mostly a cleanup of v5 except for a major feature of
>>>> pausing sibling when a cpu enters kernel via nmi/irq/softirq. Also
>>>> introducing documentation and includes minor crash fixes.
>>>>=20
>>>> One major cleanup was removing the hotplug support and related code.
>>>> The hotplug related crashes were not documented and the fixes piled up
>>>> over time leading to complex code. We were not able to reproduce the
>>>> crashes in the limited testing done. But if they are reroducable, we
>>>> don't want to hide them. We should document them and design better
>>>> fixes if any.
>>>>=20
>>>> In terms of performance, the results in this release are similar to
>>>> v5. On a x86 system with N hardware threads:
>>>> - if only N/2 hardware threads are busy, the performance is similar
>>>>  between baseline, corescheduling and nosmt
>>>> - if N hardware threads are busy with N different corescheduling
>>>>  groups, the impact of corescheduling is similar to nosmt
>>>> - if N hardware threads are busy and multiple active threads share the
>>>>  same corescheduling cookie, they gain a performance improvement over
>>>>  nosmt.
>>>>  The specific performance impact depends on the workload, but for a
>>>>  really busy database 12-vcpu VM (1 coresched tag) running on a 36
>>>>  hardware threads NUMA node with 96 mostly idle neighbor VMs (each in
>>>>  their own coresched tag), the performance drops by 54% with
>>>>  corescheduling and drops by 90% with nosmt.
>>>>=20
>>>=20
>>> We found uperf(in cgroup) throughput drops by ~50% with corescheduling.
>>>=20
>>> The problem is, uperf triggered a lot of softirq and offloaded softirq
>>> service to *ksoftirqd* thread.
>>>=20
>>> - default, ksoftirqd thread can run with uperf on the same core, we saw
>>>  100% CPU utilization.
>>> - coresched enabled, ksoftirqd's core cookie is different from uperf, s=
o
>>>  they can't run concurrently on the same core, we saw ~15% forced idle.
>>>=20
>>> I guess this kind of performance drop can be replicated by other simila=
r
>>> (a lot of softirq activities) workloads.
>>>=20
>>> Currently core scheduler picks cookie-match tasks for all SMT siblings,=
 does
>>> it make sense we add a policy to allow cookie-compatible task running t=
ogether?
>>> For example, if a task is trusted(set by admin), it can work with kerne=
l thread.
>>> The difference from corescheduling disabled is that we still have user =
to user
>>> isolation.
>>=20
>> In ChromeOS we are considering all cookie-0 tasks as trusted.
>> Basically if you don't trust a task, then that is when you assign the
>> task a tag. We do this for the sandboxed processes.
>=20
> I have a proposal of this, by changing cpu.tag to cpu.coresched_policy,
> something like the following:
>=20
> +/*
> + * Core scheduling policy:
> + * - CORE_SCHED_DISABLED: core scheduling is disabled.
> + * - CORE_COOKIE_MATCH: tasks with same cookie can run
> + *                     on the same core concurrently.
> + * - CORE_COOKIE_TRUST: trusted task can run with kernel
> 			thread on the same core concurrently.=20
How about other OS tasks(like systemd) except kernel thread? :)

Thx.
Regards,
Jiang
> + * - CORE_COOKIE_LONELY: tasks with cookie can run only
> + *                     with idle thread on the same core.
> + */
> +enum coresched_policy {
> +       CORE_SCHED_DISABLED,
> +       CORE_SCHED_COOKIE_MATCH,
> +	CORE_SCHED_COOKIE_TRUST,
> +       CORE_SCHED_COOKIE_LONELY,
> +};
>=20
> We can set policy to CORE_COOKIE_TRUST of uperf cgroup and fix this kind
> of performance regression. Not sure if this sounds attractive?
>=20
>>=20
>> Is the uperf throughput worse with SMT+core-scheduling versus no-SMT ?
>=20
> This is a good question, from the data we measured by uperf,
> SMT+core-scheduling is 28.2% worse than no-SMT, :(
>=20
> Thanks,
> -Aubrey
>=20
>>=20
>> thanks,
>>=20
>> - Joel
>> PS: I am planning to write a patch behind a CONFIG option that tags
>> all processes (default untrusted) so everything gets a cookie which
>> some folks said was how they wanted (have a whitelist instead of
>> blacklist).