Skip to content

Introduce CPUAffinity process property instead of execCPUAffinity #1296

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Introduce CPUAffinity process property instead of execCPUAffinity #1296

wants to merge 1 commit into from

Conversation

@kad
Copy link
Contributor

@kad kad commented Sep 15, 2025
edited by kolyshkin
Loading

This change introduces more generic CPUAffinity property of Process to specify desired CPU affinities while performing operations on create, start and exec operations.

As it was originally discussed in PR #1253, the existing implementation covers only exec usecase, where setting affinity for OCI hooks and initial container process will benefit wider set of workloads.

giuseppe
giuseppe reviewed Sep 15, 2025
View reviewed changes
@giuseppe
Copy link
Member

giuseppe commented Sep 15, 2025

@kolyshkin PTAL

@cyphar
Copy link
Member

cyphar commented Sep 15, 2025
edited
Loading

Given issues like golang/sys#259, I think it might be nice to have a way to indicate "all CPUs" as a way to reset affinity (but without doing 0-1024, which is ~300x slower than the memset approach). In runc we implicitly do this now, but users might want to reset affinity for other stages explicitly.

@kad
Copy link
Contributor Author

kad commented Sep 15, 2025

Given issues like golang/sys#259, I think it might be nice to have a way to indicate "all CPUs" as a way to reset affinity (but without doing 0-1024, which is ~300x slower than the memset approach). In runc we implicitly do this now, but users might want to reset affinity for other stages explicitly.

theoretically, the higher-level runtime that generates OCI spec might be feeling it with right number based on detected system information. e.g. use result of sched_getaffinity(2) of parent process

@haircommander
Copy link

haircommander commented Sep 15, 2025

fyi @bitoku

kolyshkin
kolyshkin reviewed Sep 15, 2025
View reviewed changes
@cyphar
Copy link
Member

cyphar commented Sep 18, 2025
edited
Loading

@kad

theoretically, the higher-level runtime that generates OCI spec might be feeling it with right number based on detected system information. e.g. use result of sched_getaffinity(2) of parent process

My experience is that this rarely happens -- usually higher-level runtimes either hide new knobs like this (requiring you to specify patch config.json through experimental or unsupported hacks) or they transparently forward the values to the lower-level runtime without adding new functionality. Even if they do implement it, there is no guarantee that the behaviour or syntax will be standardised between runtimes, which leads to more problems than it solves.

Given that we have had seen practical issues with container runtimes being spawned with suboptimal CPU affinity values, I would suggest that having an "all" or "max" special value would be a good idea.

Also you do not need to detect anything with sched_getaffinity(2) for this -- you just need to memset(&cpuset, 0xFF, sizeof(cpuset)) to reset the affinity to the maximum possible value. In fact, you don't want to use sched_getaffinity(2) or Go's runtime.NumCpu because they give you the current affinity which is precisely the value you don't want.

marquiz
marquiz reviewed Sep 18, 2025
View reviewed changes
cyphar
cyphar requested changes Sep 18, 2025
View reviewed changes
Copy link
Member

@cyphar cyphar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also, when it comes to formatting -- in the OCI specs we do not hard-wrap lines at N columns. Each complete sentence should be one line (this makes diffs easier to read).

@kad
Copy link
Contributor Author

kad commented Sep 22, 2025

@kad

theoretically, the higher-level runtime that generates OCI spec might be feeling it with right number based on detected system information. e.g. use result of sched_getaffinity(2) of parent process

My experience is that this rarely happens -- usually higher-level runtimes either hide new knobs like this (requiring you to specify patch config.json through experimental or unsupported hacks) or they transparently forward the values to the lower-level runtime without adding new functionality. Even if they do implement it, there is no guarantee that the behaviour or syntax will be standardised between runtimes, which leads to more problems than it solves.

my point was that upper level runtime might be pinned to subset of CPUs (e.g. "infra reserved" partition of the system). OCI runtime when spawned from it, inherits affinity from parent process, thus sched_getaffinity early at OCI runtime start should have real good value of parent runtime.

Given that we have had seen practical issues with container runtimes being spawned with suboptimal CPU affinity values, I would suggest that having an "all" or "max" special value would be a good idea.

I don't mind adding special value all, I see it valuable, would update PR.
However, I'm thinking of additional special values, e.g. default which will be result sched_getaffinity to reset to inherited default affinity? Maybe online that would be same as content in /sys/devices/system/cpu/online, but suspect that in some scenarios sysfs might be not always available....

Also you do not need to detect anything with sched_getaffinity(2) for this -- you just need to memset(&cpuset, 0xFF, sizeof(cpuset)) to reset the affinity to the maximum possible value. In fact, you don't want to use sched_getaffinity(2) or Go's runtime.NumCpu because they give you the current affinity which is precisely the value you don't want.

having all bits set is also might be considered unwanted. As I mentioned, there are setups where runtimes containerd/cri-o are restricted to subset of CPUs, and in those setups it might be unwanted if lower layer OCI runtimes would be using CPU time from other cores.

@kolyshkin
Copy link
Contributor

kolyshkin commented Sep 24, 2025
edited
Loading

A naive question -- is there a use case when we want different CPU affinities for different OCI hooks?

@cyphar
Copy link
Member

cyphar commented Sep 25, 2025

@kolyshkin I think the point is to have the affinity change at different stages rather than it be hook-specific -- hooks will probably inherit them but hooks can also set their own affinity if they want to. The naming is similar to hooks because both correspond to runtime lifecycle stages.

@cyphar cyphar mentioned this pull request Nov 19, 2025
Open
This was referenced Nov 20, 2025
Open
Open
@kad kad force-pushed the cpuaffinity branch 3 times, most recently from 3041554 to 8e27850 Compare November 26, 2025 14:48
@kad
Copy link
Contributor Author

kad commented Nov 26, 2025

@kolyshkin @giuseppe @cyphar update pushed with following changes, as suggested:

  • formating of Markdown fixed
  • introduced special value all
  • names of fields renamed to match hooks naming schema
  • codespell fixes (sigh)

@kad kad requested a review from cyphar November 26, 2025 15:22
AkihiroSuda
AkihiroSuda reviewed Nov 26, 2025
View reviewed changes
AkihiroSuda
AkihiroSuda reviewed Nov 26, 2025
View reviewed changes
AkihiroSuda
AkihiroSuda reviewed Nov 26, 2025
View reviewed changes
@kad
Introduce cpuAffinity process property instead of execCPUAffinity
4f17036 
This change introduces more generic `cpuAffinity` property of `Process`
to specify desired CPU affinities while performing operations on create,
start and exec operations.

Signed-off-by: Alexander Kanevskiy <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@giuseppe giuseppe giuseppe left review comments

@kolyshkin kolyshkin kolyshkin left review comments

@AkihiroSuda AkihiroSuda AkihiroSuda left review comments

@crosbymichael crosbymichael Awaiting requested review from crosbymichael crosbymichael is a code owner

@dqminh dqminh Awaiting requested review from dqminh dqminh is a code owner

@hqhq hqhq Awaiting requested review from hqhq hqhq is a code owner

@mrunalp mrunalp Awaiting requested review from mrunalp mrunalp is a code owner

@thaJeztah thaJeztah Awaiting requested review from thaJeztah thaJeztah is a code owner

@tianon tianon Awaiting requested review from tianon tianon is a code owner

@utam0k utam0k Awaiting requested review from utam0k utam0k is a code owner

@cyphar cyphar Awaiting requested review from cyphar cyphar is a code owner

+2 more reviewers

@marquiz marquiz marquiz left review comments

@haircommander haircommander haircommander left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

7 participants

@kad @giuseppe @cyphar @haircommander @kolyshkin @marquiz @AkihiroSuda