X-Git-Url: http://git.ipfire.org/?a=blobdiff_plain;f=src%2Fbasic%2Fcgroup-util.c;h=f3f6a21576926e7b082722b9032f94210cc30324;hb=349cc4a507c4d84fcadf61f42159ea6412717896;hp=3222428649427e122d403797556c34c4eda72e64;hpb=239a3d09547a32c21e9b9b22499991781c15438e;p=thirdparty%2Fsystemd.git diff --git a/src/basic/cgroup-util.c b/src/basic/cgroup-util.c index 32224286494..f3f6a215769 100644 --- a/src/basic/cgroup-util.c +++ b/src/basic/cgroup-util.c @@ -55,6 +55,7 @@ #include "stdio-util.h" #include "string-table.h" #include "string-util.h" +#include "strv.h" #include "unit-name.h" #include "user-util.h" @@ -102,9 +103,12 @@ int cg_read_pid(FILE *f, pid_t *_pid) { return 1; } -int cg_read_event(const char *controller, const char *path, const char *event, - char **val) -{ +int cg_read_event( + const char *controller, + const char *path, + const char *event, + char **val) { + _cleanup_free_ char *events = NULL, *content = NULL; char *p, *line; int r; @@ -208,7 +212,13 @@ int cg_rmdir(const char *controller, const char *path) { if (r < 0 && errno != ENOENT) return -errno; - if (streq(controller, SYSTEMD_CGROUP_CONTROLLER) && cg_hybrid_unified()) { + r = cg_hybrid_unified(); + if (r < 0) + return r; + if (r == 0) + return 0; + + if (streq(controller, SYSTEMD_CGROUP_CONTROLLER)) { r = cg_rmdir(SYSTEMD_CGROUP_CONTROLLER_LEGACY, path); if (r < 0) log_warning_errno(r, "Failed to remove compat systemd cgroup %s: %m", path); @@ -248,7 +258,7 @@ int cg_kill( return -ENOMEM; } - my_pid = getpid(); + my_pid = getpid_cached(); do { _cleanup_fclose_ FILE *f = NULL; @@ -392,7 +402,7 @@ int cg_migrate( if (!s) return -ENOMEM; - my_pid = getpid(); + my_pid = getpid_cached(); do { _cleanup_fclose_ FILE *f = NULL; @@ -549,7 +559,7 @@ static const char *controller_to_dirname(const char *controller) { * hierarchies, if it is specified. */ if (streq(controller, SYSTEMD_CGROUP_CONTROLLER)) { - if (cg_hybrid_unified()) + if (cg_hybrid_unified() > 0) controller = SYSTEMD_CGROUP_CONTROLLER_HYBRID; else controller = SYSTEMD_CGROUP_CONTROLLER_LEGACY; @@ -636,7 +646,10 @@ int cg_get_path(const char *controller, const char *path, const char *suffix, ch if (!cg_controller_is_valid(controller)) return -EINVAL; - if (cg_all_unified()) + r = cg_all_unified(); + if (r < 0) + return r; + if (r > 0) r = join_path_unified(path, suffix, fs); else r = join_path_legacy(controller, path, suffix, fs); @@ -648,6 +661,7 @@ int cg_get_path(const char *controller, const char *path, const char *suffix, ch } static int controller_is_accessible(const char *controller) { + int r; assert(controller); @@ -659,7 +673,10 @@ static int controller_is_accessible(const char *controller) { if (!cg_controller_is_valid(controller)) return -EINVAL; - if (cg_all_unified()) { + r = cg_all_unified(); + if (r < 0) + return r; + if (r > 0) { /* We don't support named hierarchies if we are using * the unified hierarchy. */ @@ -736,7 +753,10 @@ int cg_trim(const char *controller, const char *path, bool delete_root) { return -errno; } - if (streq(controller, SYSTEMD_CGROUP_CONTROLLER) && cg_hybrid_unified()) { + q = cg_hybrid_unified(); + if (q < 0) + return q; + if (q > 0 && streq(controller, SYSTEMD_CGROUP_CONTROLLER)) { q = cg_trim(SYSTEMD_CGROUP_CONTROLLER_LEGACY, path, delete_root); if (q < 0) log_warning_errno(q, "Failed to trim compat systemd cgroup %s: %m", path); @@ -765,7 +785,11 @@ int cg_create(const char *controller, const char *path) { return -errno; } - if (streq(controller, SYSTEMD_CGROUP_CONTROLLER) && cg_hybrid_unified()) { + r = cg_hybrid_unified(); + if (r < 0) + return r; + + if (r > 0 && streq(controller, SYSTEMD_CGROUP_CONTROLLER)) { r = cg_create(SYSTEMD_CGROUP_CONTROLLER_LEGACY, path); if (r < 0) log_warning_errno(r, "Failed to create compat systemd cgroup %s: %m", path); @@ -804,7 +828,7 @@ int cg_attach(const char *controller, const char *path, pid_t pid) { return r; if (pid == 0) - pid = getpid(); + pid = getpid_cached(); xsprintf(c, PID_FMT "\n", pid); @@ -812,10 +836,14 @@ int cg_attach(const char *controller, const char *path, pid_t pid) { if (r < 0) return r; - if (streq(controller, SYSTEMD_CGROUP_CONTROLLER) && cg_hybrid_unified()) { + r = cg_hybrid_unified(); + if (r < 0) + return r; + + if (r > 0 && streq(controller, SYSTEMD_CGROUP_CONTROLLER)) { r = cg_attach(SYSTEMD_CGROUP_CONTROLLER_LEGACY, path, pid); if (r < 0) - log_warning_errno(r, "Failed to attach %d to compat systemd cgroup %s: %m", pid, path); + log_warning_errno(r, "Failed to attach "PID_FMT" to compat systemd cgroup %s: %m", pid, path); } return 0; @@ -871,10 +899,13 @@ int cg_set_group_access( if (r < 0) return r; - if (streq(controller, SYSTEMD_CGROUP_CONTROLLER) && cg_hybrid_unified()) { + r = cg_hybrid_unified(); + if (r < 0) + return r; + if (r > 0 && streq(controller, SYSTEMD_CGROUP_CONTROLLER)) { r = cg_set_group_access(SYSTEMD_CGROUP_CONTROLLER_LEGACY, path, mode, uid, gid); if (r < 0) - log_warning_errno(r, "Failed to set group access on compat systemd cgroup %s: %m", path); + log_debug_errno(r, "Failed to set group access on compatibility systemd cgroup %s, ignoring: %m", path); } return 0; @@ -887,7 +918,7 @@ int cg_set_task_access( uid_t uid, gid_t gid) { - _cleanup_free_ char *fs = NULL, *procs = NULL; + _cleanup_free_ char *fs = NULL; int r; assert(path); @@ -898,6 +929,7 @@ int cg_set_task_access( if (mode != MODE_INVALID) mode &= 0666; + /* For both the legacy and unified hierarchies, "cgroup.procs" is the main entry point for PIDs */ r = cg_get_path(controller, path, "cgroup.procs", &fs); if (r < 0) return r; @@ -906,17 +938,52 @@ int cg_set_task_access( if (r < 0) return r; - if (!cg_unified(controller)) { - /* Compatibility, Always keep values for "tasks" in sync with - * "cgroup.procs" */ - if (cg_get_path(controller, path, "tasks", &procs) >= 0) - (void) chmod_and_chown(procs, mode, uid, gid); + r = cg_unified_controller(controller); + if (r < 0) + return r; + if (r == 0) { + const char *fn; + + /* Compatibility: on cgroupsv1 always keep values for the legacy files "tasks" and + * "cgroup.clone_children" in sync with "cgroup.procs". Since this is legacy stuff, we don't care if + * this fails. */ + + FOREACH_STRING(fn, + "tasks", + "cgroup.clone_children") { + + fs = mfree(fs); + + r = cg_get_path(controller, path, fn, &fs); + if (r < 0) + log_debug_errno(r, "Failed to get path for %s of %s, ignoring: %m", fn, path); + + r = chmod_and_chown(fs, mode, uid, gid); + if (r < 0) + log_debug_errno(r, "Failed to to change ownership/access mode for %s of %s, ignoring: %m", fn, path); + } + } else { + /* On the unified controller, we want to permit subtree controllers too. */ + + fs = mfree(fs); + r = cg_get_path(controller, path, "cgroup.subtree_control", &fs); + if (r < 0) + return r; + + r = chmod_and_chown(fs, mode, uid, gid); + if (r < 0) + return r; } - if (streq(controller, SYSTEMD_CGROUP_CONTROLLER) && cg_hybrid_unified()) { + r = cg_hybrid_unified(); + if (r < 0) + return r; + if (r > 0 && streq(controller, SYSTEMD_CGROUP_CONTROLLER)) { + /* Always propagate access mode from unified to legacy controller */ + r = cg_set_task_access(SYSTEMD_CGROUP_CONTROLLER_LEGACY, path, mode, uid, gid); if (r < 0) - log_warning_errno(r, "Failed to set task access on compat systemd cgroup %s: %m", path); + log_debug_errno(r, "Failed to set task access on compatibility systemd cgroup %s, ignoring: %m", path); } return 0; @@ -964,7 +1031,7 @@ int cg_pid_get_path(const char *controller, pid_t pid, char **path) { char line[LINE_MAX]; const char *fs, *controller_str; size_t cs = 0; - bool unified; + int unified; assert(path); assert(pid >= 0); @@ -975,8 +1042,10 @@ int cg_pid_get_path(const char *controller, pid_t pid, char **path) { } else controller = SYSTEMD_CGROUP_CONTROLLER; - unified = cg_unified(controller); - if (!unified) { + unified = cg_unified_controller(controller); + if (unified < 0) + return unified; + if (unified == 0) { if (streq(controller, SYSTEMD_CGROUP_CONTROLLER)) controller_str = SYSTEMD_CGROUP_CONTROLLER_LEGACY; else @@ -1048,7 +1117,10 @@ int cg_install_release_agent(const char *controller, const char *agent) { assert(agent); - if (cg_unified(controller)) /* doesn't apply to unified hierarchy */ + r = cg_unified_controller(controller); + if (r < 0) + return r; + if (r > 0) /* doesn't apply to unified hierarchy */ return -EOPNOTSUPP; r = cg_get_path(controller, NULL, "release_agent", &fs); @@ -1096,7 +1168,10 @@ int cg_uninstall_release_agent(const char *controller) { _cleanup_free_ char *fs = NULL; int r; - if (cg_unified(controller)) /* Doesn't apply to unified hierarchy */ + r = cg_unified_controller(controller); + if (r < 0) + return r; + if (r > 0) /* Doesn't apply to unified hierarchy */ return -EOPNOTSUPP; r = cg_get_path(controller, NULL, "notify_on_release", &fs); @@ -1149,7 +1224,10 @@ int cg_is_empty_recursive(const char *controller, const char *path) { if (controller && (isempty(path) || path_equal(path, "/"))) return false; - if (cg_unified(controller)) { + r = cg_unified_controller(controller); + if (r < 0) + return r; + if (r > 0) { _cleanup_free_ char *t = NULL; /* On the unified hierarchy we can check empty state @@ -2034,7 +2112,10 @@ int cg_create_everywhere(CGroupMask supported, CGroupMask mask, const char *path return r; /* If we are in the unified hierarchy, we are done now */ - if (cg_all_unified()) + r = cg_all_unified(); + if (r < 0) + return r; + if (r > 0) return 0; /* Otherwise, do the same in the other hierarchies */ @@ -2061,7 +2142,10 @@ int cg_attach_everywhere(CGroupMask supported, const char *path, pid_t pid, cg_m if (r < 0) return r; - if (cg_all_unified()) + r = cg_all_unified(); + if (r < 0) + return r; + if (r > 0) return 0; for (c = 0; c < _CGROUP_CONTROLLER_MAX; c++) { @@ -2102,7 +2186,7 @@ int cg_attach_many_everywhere(CGroupMask supported, const char *path, Set* pids, int cg_migrate_everywhere(CGroupMask supported, const char *from, const char *to, cg_migrate_callback_t to_callback, void *userdata) { CGroupController c; - int r = 0; + int r = 0, q; if (!path_equal(from, to)) { r = cg_migrate_recursive(SYSTEMD_CGROUP_CONTROLLER, from, SYSTEMD_CGROUP_CONTROLLER, to, CGROUP_REMOVE); @@ -2110,7 +2194,10 @@ int cg_migrate_everywhere(CGroupMask supported, const char *from, const char *to return r; } - if (cg_all_unified()) + q = cg_all_unified(); + if (q < 0) + return q; + if (q > 0) return r; for (c = 0; c < _CGROUP_CONTROLLER_MAX; c++) { @@ -2134,13 +2221,16 @@ int cg_migrate_everywhere(CGroupMask supported, const char *from, const char *to int cg_trim_everywhere(CGroupMask supported, const char *path, bool delete_root) { CGroupController c; - int r; + int r, q; r = cg_trim(SYSTEMD_CGROUP_CONTROLLER, path, delete_root); if (r < 0) return r; - if (cg_all_unified()) + q = cg_all_unified(); + if (q < 0) + return q; + if (q > 0) return r; for (c = 0; c < _CGROUP_CONTROLLER_MAX; c++) { @@ -2155,6 +2245,60 @@ int cg_trim_everywhere(CGroupMask supported, const char *path, bool delete_root) return 0; } +int cg_mask_to_string(CGroupMask mask, char **ret) { + const char *controllers[_CGROUP_CONTROLLER_MAX + 1]; + CGroupController c; + int i = 0; + char *s; + + assert(ret); + + if (mask == 0) { + *ret = NULL; + return 0; + } + + for (c = 0; c < _CGROUP_CONTROLLER_MAX; c++) { + + if (!(mask & CGROUP_CONTROLLER_TO_MASK(c))) + continue; + + controllers[i++] = cgroup_controller_to_string(c); + controllers[i] = NULL; + } + + s = strv_join((char **)controllers, NULL); + if (!s) + return -ENOMEM; + + *ret = s; + return 0; +} + +int cg_mask_from_string(const char *value, CGroupMask *mask) { + assert(mask); + assert(value); + + for (;;) { + _cleanup_free_ char *n = NULL; + CGroupController v; + int r; + + r = extract_first_word(&value, &n, NULL, 0); + if (r < 0) + return r; + if (r == 0) + break; + + v = cgroup_controller_from_string(n); + if (v < 0) + continue; + + *mask |= CGROUP_CONTROLLER_TO_MASK(v); + } + return 0; +} + int cg_mask_supported(CGroupMask *ret) { CGroupMask mask = 0; int r; @@ -2163,9 +2307,11 @@ int cg_mask_supported(CGroupMask *ret) { * includes controllers we can make sense of and that are * actually accessible. */ - if (cg_all_unified()) { + r = cg_all_unified(); + if (r < 0) + return r; + if (r > 0) { _cleanup_free_ char *root = NULL, *controllers = NULL, *path = NULL; - const char *c; /* In the unified hierarchy we can read the supported * and accessible controllers from a the top-level @@ -2183,23 +2329,9 @@ int cg_mask_supported(CGroupMask *ret) { if (r < 0) return r; - c = controllers; - for (;;) { - _cleanup_free_ char *n = NULL; - CGroupController v; - - r = extract_first_word(&c, &n, NULL, 0); - if (r < 0) - return r; - if (r == 0) - break; - - v = cgroup_controller_from_string(n); - if (v < 0) - continue; - - mask |= CGROUP_CONTROLLER_TO_MASK(v); - } + r = cg_mask_from_string(controllers, &mask); + if (r < 0) + return r; /* Currently, we support the cpu, memory, io and pids * controller in the unified hierarchy, mask @@ -2227,7 +2359,6 @@ int cg_mask_supported(CGroupMask *ret) { int cg_kernel_controllers(Set *controllers) { _cleanup_fclose_ FILE *f = NULL; - char buf[LINE_MAX]; int r; assert(controllers); @@ -2245,7 +2376,7 @@ int cg_kernel_controllers(Set *controllers) { } /* Ignore the header line */ - (void) fgets(buf, sizeof(buf), f); + (void) read_line(f, (size_t) -1, NULL); for (;;) { char *controller; @@ -2283,21 +2414,18 @@ int cg_kernel_controllers(Set *controllers) { static thread_local CGroupUnified unified_cache = CGROUP_UNIFIED_UNKNOWN; -/* The hybrid mode was initially implemented in v232 and simply mounted - * cgroup v2 on /sys/fs/cgroup/systemd. This unfortunately broke other - * tools (such as docker) which expected the v1 "name=systemd" hierarchy - * on /sys/fs/cgroup/systemd. From v233 and on, the hybrid mode mountnbs - * v2 on /sys/fs/cgroup/unified and maintains "name=systemd" hierarchy - * on /sys/fs/cgroup/systemd for compatibility with other tools. +/* The hybrid mode was initially implemented in v232 and simply mounted cgroup v2 on /sys/fs/cgroup/systemd. This + * unfortunately broke other tools (such as docker) which expected the v1 "name=systemd" hierarchy on + * /sys/fs/cgroup/systemd. From v233 and on, the hybrid mode mountnbs v2 on /sys/fs/cgroup/unified and maintains + * "name=systemd" hierarchy on /sys/fs/cgroup/systemd for compatibility with other tools. * - * To keep live upgrade working, we detect and support v232 layout. When - * v232 layout is detected, to keep cgroup v2 process management but - * disable the compat dual layout, we return %true on - * cg_unified(SYSTEMD_CGROUP_CONTROLLER) and %false on cg_hybrid_unified(). + * To keep live upgrade working, we detect and support v232 layout. When v232 layout is detected, to keep cgroup v2 + * process management but disable the compat dual layout, we return %true on + * cg_unified_controller(SYSTEMD_CGROUP_CONTROLLER) and %false on cg_hybrid_unified(). */ static thread_local bool unified_systemd_v232; -static int cg_update_unified(void) { +static int cg_unified_update(void) { struct statfs fs; @@ -2336,24 +2464,38 @@ static int cg_update_unified(void) { return 0; } -bool cg_unified(const char *controller) { +int cg_unified_controller(const char *controller) { + int r; + + r = cg_unified_update(); + if (r < 0) + return r; - assert(cg_update_unified() >= 0); + if (unified_cache == CGROUP_UNIFIED_NONE) + return false; - if (streq_ptr(controller, SYSTEMD_CGROUP_CONTROLLER)) - return unified_cache >= CGROUP_UNIFIED_SYSTEMD; - else - return unified_cache >= CGROUP_UNIFIED_ALL; + if (unified_cache >= CGROUP_UNIFIED_ALL) + return true; + + return streq_ptr(controller, SYSTEMD_CGROUP_CONTROLLER); } -bool cg_all_unified(void) { +int cg_all_unified(void) { + int r; - return cg_unified(NULL); + r = cg_unified_update(); + if (r < 0) + return r; + + return unified_cache >= CGROUP_UNIFIED_ALL; } -bool cg_hybrid_unified(void) { +int cg_hybrid_unified(void) { + int r; - assert(cg_update_unified() >= 0); + r = cg_unified_update(); + if (r < 0) + return r; return unified_cache == CGROUP_UNIFIED_SYSTEMD && !unified_systemd_v232; } @@ -2361,7 +2503,7 @@ bool cg_hybrid_unified(void) { int cg_unified_flush(void) { unified_cache = CGROUP_UNIFIED_UNKNOWN; - return cg_update_unified(); + return cg_unified_update(); } int cg_enable_everywhere(CGroupMask supported, CGroupMask mask, const char *p) { @@ -2374,7 +2516,10 @@ int cg_enable_everywhere(CGroupMask supported, CGroupMask mask, const char *p) { if (supported == 0) return 0; - if (!cg_all_unified()) /* on the legacy hiearchy there's no joining of controllers defined */ + r = cg_all_unified(); + if (r < 0) + return r; + if (r == 0) /* on the legacy hiearchy there's no joining of controllers defined */ return 0; r = cg_get_path(SYSTEMD_CGROUP_CONTROLLER, p, "cgroup.subtree_control", &fs); @@ -2417,7 +2562,7 @@ bool cg_is_unified_wanted(void) { /* If the hierarchy is already mounted, then follow whatever * was chosen for it. */ if (cg_unified_flush() >= 0) - return (wanted = cg_all_unified()); + return (wanted = unified_cache >= CGROUP_UNIFIED_ALL); /* Otherwise, let's see what the kernel command line has to say. * Since checking is expensive, cache a non-error result. */ @@ -2447,7 +2592,10 @@ bool cg_is_hybrid_wanted(void) { static thread_local int wanted = -1; int r; bool b; - const bool is_default = DEFAULT_HIERARCHY == CGROUP_UNIFIED_SYSTEMD; + const bool is_default = DEFAULT_HIERARCHY >= CGROUP_UNIFIED_SYSTEMD; + /* We default to true if the default is "hybrid", obviously, + * but also when the default is "unified", because if we get + * called, it means that unified hierarchy was not mounted. */ /* If we have a cached value, return that. */ if (wanted >= 0)