From: Vipin Sharma <vipinsh@google.com>
To: Tejun Heo <tj@kernel.org>
Cc: thomas.lendacky@amd.com, brijesh.singh@amd.com,
jon.grimm@amd.com, eric.vantassell@amd.com, pbonzini@redhat.com,
seanjc@google.com, lizefan@huawei.com, hannes@cmpxchg.org,
frankja@linux.ibm.com, borntraeger@de.ibm.com, corbet@lwn.net,
joro@8bytes.org, vkuznets@redhat.com, wanpengli@tencent.com,
jmattson@google.com, tglx@linutronix.de, mingo@redhat.com,
bp@alien8.de, hpa@zytor.com, gingell@google.com,
rientjes@google.com, dionnaglaze@google.com, kvm@vger.kernel.org,
x86@kernel.org, cgroups@vger.kernel.org,
linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [Patch v4 1/2] cgroup: svm: Add Encryption ID controller
Date: Fri, 15 Jan 2021 14:18:40 -0800 [thread overview]
Message-ID: <YAIUwGUPDmYfUm/a@google.com> (raw)
In-Reply-To: <YAICLR8PBXxAcOMz@mtj.duckdns.org>
On Fri, Jan 15, 2021 at 03:59:25PM -0500, Tejun Heo wrote:
> Hello,
>
> On Thu, Jan 07, 2021 at 05:28:45PM -0800, Vipin Sharma wrote:
> > 1. encrpytion_ids.sev.max
> > Sets the maximum usage of SEV IDs in the cgroup.
> > 2. encryption_ids.sev.current
> > Current usage of SEV IDs in the cgroup and its children.
> > 3. encryption_ids.sev.stat
> > Shown only at the root cgroup. Displays total SEV IDs available
> > on the platform and current usage count.
>
> Sorry, should have raised these earlier:
>
> * Can we shorten the name to encids?
Sure.
>
> * Why is .sev a separate namespace? Isn't the controller supposed to cover
> encryption ids across different implementations? It's not like multiple
> types of IDs can be in use on the same machine, right?
>
On AMD platform we have two types SEV and SEV-ES which can exists
simultaneously and they have their own quota.
> > Other ID types can be easily added in the controller in the same way.
>
> I'm not sure this is necessarily a good thing.
This is to just say that when Intel and PowerPC changes are ready it
won't be difficult for them to add their controller.
>
> > +/**
> > + * enc_id_cg_uncharge_hierarchy() - Uncharge the enryption ID cgroup hierarchy.
> > + * @start_cg: Starting cgroup.
> > + * @stop_cg: cgroup at which uncharge stops.
> > + * @type: type of encryption ID to uncharge.
> > + * @amount: Charge amount.
> > + *
> > + * Uncharge the cgroup tree from the given start cgroup to the stop cgroup.
> > + *
> > + * Context: Any context. Expects enc_id_cg_lock to be held by the caller.
> > + */
> > +static void enc_id_cg_uncharge_hierarchy(struct encryption_id_cgroup *start_cg,
> > + struct encryption_id_cgroup *stop_cg,
> > + enum encryption_id_type type,
> > + unsigned int amount)
> > +{
> > + struct encryption_id_cgroup *i;
> > +
> > + lockdep_assert_held(&enc_id_cg_lock);
> > +
> > + for (i = start_cg; i != stop_cg; i = parent_enc(i)) {
> > + WARN_ON_ONCE(i->res[type].usage < amount);
> > + i->res[type].usage -= amount;
> > + }
> > + css_put(&start_cg->css);
>
> I'm curious whether this is necessary given that a css can't be destroyed
> while tasks are attached. Are there cases where this wouldn't hold true? If
> so, it'd be great to have some comments on how that can happen.
We are not moving charges when a task moves out. This can lead us to the
cases where all of the tasks in the cgroup have moved out but it
still has charges. In that scenarios cgroup can be deleted. Taking a
reference will make sure cgroup is atleast present internally.
Also, struct encryption_ic_cgroup has a reference to the cgroup which is
used during uncharge call to correctly identify from which cgroup charge
should be deducted.
>
> > +/**
> > + * enc_id_cg_max_write() - Update the maximum limit of the cgroup.
> > + * @of: Handler for the file.
> > + * @buf: Data from the user. It should be either "max", 0, or a positive
> > + * integer.
> > + * @nbytes: Number of bytes of the data.
> > + * @off: Offset in the file.
> > + *
> > + * Uses cft->private value to determine for which enryption ID type results be
> > + * shown.
> > + *
> > + * Context: Any context. Takes and releases enc_id_cg_lock.
> > + * Return:
> > + * * >= 0 - Number of bytes processed in the input.
> > + * * -EINVAL - If buf is not valid.
> > + * * -ERANGE - If number is bigger than unsigned int capacity.
> > + * * -EBUSY - If usage can become more than max limit.
>
> The aboves are stale, right?
-EBUSY is not valid anymore. We can now set max to be less than the usage. I
will remove it in the next patch.
>
> > +static int enc_id_cg_stat_show(struct seq_file *sf, void *v)
> > +{
> > + unsigned long flags;
> > + enum encryption_id_type type = seq_cft(sf)->private;
> > +
> > + spin_lock_irqsave(&enc_id_cg_lock, flags);
> > +
> > + seq_printf(sf, "total %u\n", enc_id_capacity[type]);
> > + seq_printf(sf, "used %u\n", root_cg.res[type].usage);
>
> Dup with .current and no need to show total on every cgroup, right?
This is for the stat file which will only be seen in the root cgroup
directory. It is to know overall picture for the resource, what is the
total capacity and what is the current usage. ".current" file is not
shown on the root cgroup.
This information is good for resource allocation in the cloud
infrastructure.
>
> Thanks.
>
> --
> tejun
next prev parent reply other threads:[~2021-01-15 22:19 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-08 1:28 [Patch v4 0/2] cgroup: KVM: New Encryption IDs cgroup controller Vipin Sharma
2021-01-08 1:28 ` [Patch v4 1/2] cgroup: svm: Add Encryption ID controller Vipin Sharma
2021-01-13 15:19 ` Brijesh Singh
2021-01-15 20:59 ` Tejun Heo
2021-01-15 22:18 ` Vipin Sharma [this message]
2021-01-16 3:43 ` Tejun Heo
2021-01-16 4:32 ` Vipin Sharma
2021-01-19 15:51 ` Tejun Heo
2021-01-20 7:13 ` Vipin Sharma
2021-01-20 16:40 ` Tejun Heo
2021-01-20 23:18 ` Vipin Sharma
2021-01-20 23:32 ` Tejun Heo
2021-01-22 0:09 ` Vipin Sharma
2021-01-21 14:55 ` Tom Lendacky
2021-01-21 15:55 ` Tejun Heo
2021-01-21 23:12 ` Tom Lendacky
2021-01-22 1:25 ` Sean Christopherson
2021-01-26 20:49 ` David Rientjes
2021-01-26 22:01 ` Tejun Heo
2021-01-26 22:02 ` Tejun Heo
2021-01-27 1:11 ` Vipin Sharma
2021-01-27 14:10 ` Tejun Heo
2021-01-08 1:28 ` [Patch v4 2/2] cgroup: svm: Encryption IDs cgroup documentation Vipin Sharma
2021-01-15 21:00 ` Tejun Heo
2021-01-15 21:41 ` Vipin Sharma
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YAIUwGUPDmYfUm/a@google.com \
--to=vipinsh@google.com \
--cc=borntraeger@de.ibm.com \
--cc=bp@alien8.de \
--cc=brijesh.singh@amd.com \
--cc=cgroups@vger.kernel.org \
--cc=corbet@lwn.net \
--cc=dionnaglaze@google.com \
--cc=eric.vantassell@amd.com \
--cc=frankja@linux.ibm.com \
--cc=gingell@google.com \
--cc=hannes@cmpxchg.org \
--cc=hpa@zytor.com \
--cc=jmattson@google.com \
--cc=jon.grimm@amd.com \
--cc=joro@8bytes.org \
--cc=kvm@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lizefan@huawei.com \
--cc=mingo@redhat.com \
--cc=pbonzini@redhat.com \
--cc=rientjes@google.com \
--cc=seanjc@google.com \
--cc=tglx@linutronix.de \
--cc=thomas.lendacky@amd.com \
--cc=tj@kernel.org \
--cc=vkuznets@redhat.com \
--cc=wanpengli@tencent.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).