[PATCH 2/2] powerpc/kvm: Limit MAX_VCPUS for guests running on RT Linux
Scott Wood
scottwood at freescale.com
Tue Feb 24 09:48:30 AEDT 2015
On Fri, 2015-02-20 at 14:45 +0100, Alexander Graf wrote:
>
> On 18.02.15 10:32, Bogdan Purcareata wrote:
> > Due to the introduction of the raw_spinlock for the KVM openpic, guests with a
> > high number of VCPUs may induce great latencies on the underlying RT Linux
> > system (e.g. cyclictest reports latencies of ~15ms for guests with 24 VCPUs).
> > This can be further aggravated by sending a lot of external interrupts to the
> > guest.
> >
> > A malicious app can abuse this scenario, causing a DoS of the host Linux.
> > Until the KVM openpic code is refactored to use finer lock granularity, impose
> > a limitation on the number of VCPUs a guest can have when running on a
> > PREEMPT_RT_FULL system with KVM_MPIC emulation.
> >
> > Signed-off-by: Mihai Caraman <mihai.caraman at freescale.com>
> > Signed-off-by: Bogdan Purcareata <bogdan.purcareata at freescale.com>
> > Reviewed-by: Scott Wood <scottwood at freescale.com>
>
> I don't think this patch is reasonable to take upstream.
I agree (or at least, I don't think the raw lock conversion should be
separated from the vcpu limitation that makes it clear that it's a
temporary hack), because it ought to be fixed properly.
> If we have a
> latency issue, whoever spawned KVM VMs made a decision to spawn such big
> VMs.
I disagree. The point of PREEMPT_RT is to prevent the majority of
kernel code from excessively impacting latency. When you start using
raw locks you're stepping outside those bounds and need to ensure that
you don't hand things within those bounds (which includes userspace) the
ability to excessively impact latency.
-Scott
More information about the Linuxppc-dev
mailing list