Measure GPU CC mode by meetrajvala · Pull Request #569 · google/go-tpm-tools

meetrajvala · 2025-05-02T10:54:05Z

This PR contains the following changes:

Adds the function for measuring the GPU CC mode and uses it in container_runner.
Moves the GPU driver installation steps later in the startLauncher function.
Added check for scenario when GPU is attached but required metadata flag is not passed for driver installation.
Adds new image test for the scenario where cGPU is attached but driver installation related metadata flag is not passed in the VM creation command.

Testing:

Image integration tests for confidential GPU ran successfully.
Unit tests for newly added function

meetrajvala · 2025-05-02T10:54:25Z

/gcbrun

yawangwang · 2025-05-06T01:15:46Z

launcher/launcher/main.go

-	ctx := namespaces.WithNamespace(context.Background(), namespaces.Default)
-	if launchSpec.InstallGpuDriver {
-		if launchSpec.Experiments.EnableConfidentialGPUSupport {
-			installer := gpu.NewDriverInstaller(containerdClient, launchSpec, logger)
-			err = installer.InstallGPUDrivers(ctx)
-			if err != nil {
-				return fmt.Errorf("failed to install gpu drivers: %v", err)
-			}
-		} else {
-			logger.Info("Confidential GPU support experiment flag is not enabled for this project. Ensure that it is enabled when tee-install-gpu-driver is set to true")
-			return fmt.Errorf("confidential gpu support experiment flag is not enabled")
-		}
-	}
-


Any reason why moving this block around?

For trusted space, there was a comment to move this block : #497 (comment). Followed the same here as it is at the beginning of startLauncher

launcher/container_runner_test.go

launcher/container_runner.go

yawangwang · 2025-05-06T01:36:38Z

launcher/launcher/main.go

+		if deviceInfo != deviceinfo.NO_GPU {
+			logger.Error("GPU is attached, tee-install-gpu-driver is not set")
+			return fmt.Errorf("tee-install-gpu-driver is expected to set to true when GPU is attached")
+		}


Did you check with Rene on this requirement? This would be a breaking change to CS on H100 because a regular workload can't even get run within with a GPU device attached.

Agreed. but without this check, if a GPU is present but the driver installation flag is missing, workloads relying on the GPU would likely fail. The nature of that failure would depend on how the workload manages its GPU dependency – it might fall back to CPU usage or fail or terminate entirely. This check ensures predictable behavior when a GPU is attached but installation flag is not set.

I assumed that attaching a GPU implies its intended use, thus requiring the driver installation flag to guarantee necessary drivers are present. I can confirm this with Rene.

workloads relying on the GPU would likely fail

When would this happen? Why would we pass through the GPU device if they don't set the flag?

When would this happen?

When GPU is attached to the VM but customer didn't set the tee-install-gpu-driver flag. In this case, workload is expecting an interaction with GPU device but because we didn't install drivers (as flag was not set), GPU device would not available to the workload container and workload execution might fail.

Why would we pass through the GPU device if they don't set the flag?

We do not make the GPU device available to the container if this flag is not set. This check was just added to fail deterministically (when GPU is attached but mistakenly or knowingly installation flag is not set).

When GPU is attached to the VM but customer didn't set the tee-install-gpu-driver flag. In this case, workload is expecting an interaction with GPU device but because we didn't install drivers (as flag was not set), GPU device would not available to the workload container and workload execution might fail.

I understand, but we could print a warning log instead of stopping launch. Please double check with Rene.

I checked this with Rene. He suggested to fail upfront instead of getting into a condition where workload might not work.

launcher/image/test/test_gpu_driver_installation_cloudbuild.yaml

launcher/launcher/main.go

launcher/internal/gpu/driverinstaller.go

launcher/container_runner.go

launcher/container_runner_test.go

alexmwu · 2025-05-06T23:43:14Z

launcher/launcher/main.go

+		if deviceInfo != deviceinfo.NO_GPU {
+			logger.Error("GPU is attached, tee-install-gpu-driver is not set")
+			return fmt.Errorf("tee-install-gpu-driver is expected to set to true when GPU is attached")
+		}


When GPU is attached to the VM but customer didn't set the tee-install-gpu-driver flag. In this case, workload is expecting an interaction with GPU device but because we didn't install drivers (as flag was not set), GPU device would not available to the workload container and workload execution might fail.

I understand, but we could print a warning log instead of stopping launch. Please double check with Rene.

meetrajvala force-pushed the mhvcgpu3 branch from 5bee4b0 to 7424a87 Compare May 2, 2025 11:14

meetrajvala requested review from alexmwu, jkl73 and yawangwang May 2, 2025 11:18

measure gpu cc mode

2100b87

meetrajvala force-pushed the mhvcgpu3 branch from 7424a87 to 2100b87 Compare May 5, 2025 18:58

yawangwang requested changes May 6, 2025

View reviewed changes

address review comments

921a98c

meetrajvala requested a review from yawangwang May 6, 2025 08:38

meetrajvala force-pushed the mhvcgpu3 branch from 92e8dcf to dbc38c5 Compare May 6, 2025 10:29

add negative image test for non confidential gpu

aac2479

meetrajvala force-pushed the mhvcgpu3 branch from dbc38c5 to aac2479 Compare May 6, 2025 18:22

alexmwu approved these changes May 6, 2025

View reviewed changes

address review comments

c238d72

meetrajvala force-pushed the mhvcgpu3 branch from 9315636 to c238d72 Compare May 7, 2025 06:47

jkl73 approved these changes May 9, 2025

View reviewed changes

yawangwang approved these changes May 12, 2025

View reviewed changes

meetrajvala merged commit 493e491 into cs_cgpu_h100 May 13, 2025
11 checks passed

Conversation

meetrajvala commented May 2, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

meetrajvala commented May 2, 2025

Uh oh!

yawangwang May 6, 2025

Choose a reason for hiding this comment

Uh oh!

meetrajvala May 6, 2025

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

yawangwang May 6, 2025

Choose a reason for hiding this comment

Uh oh!

meetrajvala May 6, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

alexmwu May 6, 2025

Choose a reason for hiding this comment

Uh oh!

meetrajvala May 6, 2025

Choose a reason for hiding this comment

Uh oh!

alexmwu May 6, 2025

Choose a reason for hiding this comment

Uh oh!

meetrajvala May 12, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

alexmwu May 6, 2025

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

meetrajvala commented May 2, 2025 •

edited

Loading

meetrajvala May 6, 2025 •

edited

Loading

meetrajvala May 12, 2025 •

edited

Loading