thr3ads.net - Xen devel - [Xen-devel] [RFC] [PATCH] Accurate accounting for credit scheduler [Aug 2009]

If this information is useful, please help other people find it:
Share via:

George Dunlap

2009-Aug-25 14:23 UTC

[Xen-devel] [RFC] [PATCH] Accurate accounting for credit scheduler

The attached patch implements a first-cut of accurate TSC-based
accounting for the Credit scheduler.  Rather than debit a full 10ms of
credit on a scheduler tick (probabilistic), it debits credits
accurately based on time stamps.

The main problem this is meant to address is an attack on the
scheduler that allows a rogue guest to avoid ever being debited
credits.  The basic idea is that the rogue process checks time (using
rdtsc) periodically, and yields after 9.5ms.  Using this technique, a
guest can "steal" 95% of the cpu.  This is particularly an issue in
cloud environments.

Whenever we get a final version of this patch, it should be backported
to earlier versions as well.

Signed-off-by: George Dunlap <george.dunlap@eu.citrix.com>

 -George


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

Jan Beulich

2009-Aug-25 14:48 UTC

head link

Re: [Xen-devel] [RFC] [PATCH] Accurate accounting for credit scheduler

>>> George Dunlap <George.Dunlap@eu.citrix.com> 25.08.09 16:23
>>>
>--- a/xen/common/sched_credit.c	Mon Aug 24 08:27:30 2009 +0100
>+++ b/xen/common/sched_credit.c	Mon Aug 24 21:39:35 2009 +0100
>@@ -44,11 +44,12 @@
> #define CSCHED_MSECS_PER_TICK       10
> #define CSCHED_MSECS_PER_TSLICE     \
>     (CSCHED_MSECS_PER_TICK * CSCHED_TICKS_PER_TSLICE)
>-#define CSCHED_CREDITS_PER_TICK     100
>+#define CSCHED_CREDITS_PER_MSEC    100000
> #define CSCHED_CREDITS_PER_TSLICE   \
>-    (CSCHED_CREDITS_PER_TICK * CSCHED_TICKS_PER_TSLICE)
>+    (CSCHED_MSECS_PER_TSLICE * CSCHED_CREDITS_PER_MSEC)
> #define CSCHED_CREDITS_PER_ACCT     \
>-    (CSCHED_CREDITS_PER_TICK * CSCHED_TICKS_PER_ACCT)
>+    (CSCHED_CREDITS_PER_MSEC * CSCHED_MSECS_PER_TSLICE)
This effectively makes an assumption that CSCHED_TICKS_PER_ACCT
=CSCHED_TICKS_PER_TSLICE, which I don''t think the rest of the code
really intends (or if it does, distinguishing those two as well as
CSCHED_CREDITS_PER_TSLICE and CSCHED_CREDITS_PER_ACCT would
become pointless).
>+#define CSCHED_STIME_TO_CREDIT(_t) 
((_t)*CSCHED_CREDITS_PER_MSEC/MILLISECS(1))
> 
> 
> /*
Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

Xen devel - Aug 2009 - [RFC] [PATCH] Accurate accounting for credit scheduler

[Xen-devel] [RFC] [PATCH] Accurate accounting for credit scheduler

Re: [Xen-devel] [RFC] [PATCH] Accurate accounting for credit scheduler