kata-containers icon indicating copy to clipboard operation
kata-containers copied to clipboard

Published 20 hours ago verified publisher icon kata-containers

runtime-rs: add support for core scheduling

Open xyjixyjixyji opened this issue 2 years ago • 2 comments

Linux 5.14 supports core scheduling to have better security control for SMT siblings. This PR supports that for Rust runtime when containerd enables SCHED_SCORE in its configuration.

Fixes: #4429 Signed-off-by: Ji-Xinyou [email protected]

xyjixyjixyji avatar Aug 02 '22 10:08 xyjixyjixyji

Thanks @Jodh-Intel, there is still a design issue that i am not sure about and need your insight.

In shim_run.rs, I log a warning if containerd sets SCHED_CORE but the systemcall failed. But in kata runtime 2.x (go version), it looks to me that if the systemcall failed, the shim does not start at all. Instead, it just returns instead.

Which approach do you think is more appropriate, I am not really sure about this.

xyjixyjixyji avatar Aug 02 '22 16:08 xyjixyjixyji

@Ji-Xinyou - in which case, I think we should retain the existing behaviour. I assume you're referring to:

https://github.com/kata-containers/kata-containers/pull/4310

/cc @egernst.

jodh-intel avatar Aug 08 '22 13:08 jodh-intel

Since runtime-rs has been merged, please change your target branch to main.

liubin avatar Aug 11 '22 00:08 liubin

@liubin Done, target branch changed to main.

xyjixyjixyji avatar Aug 11 '22 01:08 xyjixyjixyji

Can one of the admins verify this patch?

katacontainersbot avatar Aug 26 '22 20:08 katacontainersbot

/test

liubin avatar Aug 29 '22 03:08 liubin