On Sat, Oct 09, 2021 at 08:42:38PM +0530, Pratik R. Sampat wrote: > Current shortcomings in the prototype: > -------------------------------------- > 1. Containers also frequently use cfs period and quotas to restrict CPU > runtime also known as millicores in modern container runtimes. > The RFC interface currently does not account for this in > the scheme of things. > 2. While /proc/stat is now namespace aware and userspace programs like > top will see the CPU utilization for their view of virtual CPUs; > if the system or any other application outside the namespace > bumps up the CPU utilization it will still show up in sys/user time. > This should ideally be shown as stolen time instead. > The current implementation plugs into the display of stats rather > than accounting which causes incorrect reporting of stolen time. > 3. The current implementation assumes that no hotplug operations occur > within a container and hence the online and present cpus within a CPU > namespace are always the same and query the same CPU namespace mask > 4. As this is a proof of concept, currently we do not differentiate > between cgroup cpus_allowed and effective_cpus and plugs them into > the same virtual CPU map of the namespace > 5. As described in a fair use implication earlier, knowledge of the > CPU topology can potentially be taken an misused with a flood. > While scrambling the CPUset in the namespace can help by > obfuscation of information, the topology can still be roughly figured > out with the use of IPI latencies to determine siblings or far away > cores 6. completely destroys and ignores any machine topology information.
