High performance applications usually need to give many hints to the OS kernel regarding their needs. For example, CPU affin- ity is commonly used to pin processes to cores and avoid the cost of CPU migration, isolate performance critical tasks, bring related tasks together, and so on. However, when running inside a Virtual Machine, the (guest) OS kernel can only assign virtual resources, e.g., pinning a guest process to a virtual CPU thread (vCPU); the vCPU thread, how- ever, is still freely scheduled by the host hypervisor, which is unaware of the guest application requests. This semantic gap is usually overcome by statically allocating virtual resources to their hardware counterparts, which is costly and inflexible, or via paravirtualization, i.e., by modifying the guest kernel to pass the hints to the host, which is cumbersome and difficult to extend. We propose to use host-injected eBPF programs as a way for the host to obtain this kind of information from the guest in an extensible way, without modifying the guest (Linux) kernel, and with- out statically allocating resources. We apply this idea to the example of CPU affinity and run some experiments to show its effect on several microbenchmarks. Finally, we discuss the implications for confidential computing.
eBPF-based Extensible Paravirtualization
Giuseppe LettieriSecondo
Conceptualization
;
2022-01-01
Abstract
High performance applications usually need to give many hints to the OS kernel regarding their needs. For example, CPU affin- ity is commonly used to pin processes to cores and avoid the cost of CPU migration, isolate performance critical tasks, bring related tasks together, and so on. However, when running inside a Virtual Machine, the (guest) OS kernel can only assign virtual resources, e.g., pinning a guest process to a virtual CPU thread (vCPU); the vCPU thread, how- ever, is still freely scheduled by the host hypervisor, which is unaware of the guest application requests. This semantic gap is usually overcome by statically allocating virtual resources to their hardware counterparts, which is costly and inflexible, or via paravirtualization, i.e., by modifying the guest kernel to pass the hints to the host, which is cumbersome and difficult to extend. We propose to use host-injected eBPF programs as a way for the host to obtain this kind of information from the guest in an extensible way, without modifying the guest (Linux) kernel, and with- out statically allocating resources. We apply this idea to the example of CPU affinity and run some experiments to show its effect on several microbenchmarks. Finally, we discuss the implications for confidential computing.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
