src/core/cgroup.h

   1 /* SPDX-License-Identifier: LGPL-2.1+ */
   2 #pragma once
   3
   4 #include <stdbool.h>
   5
   6 #include "cgroup-util.h"
   7 #include "ip-address-access.h"
   8 #include "list.h"
   9 #include "time-util.h"
  10
  11 typedef struct CGroupContext CGroupContext;
  12 typedef struct CGroupDeviceAllow CGroupDeviceAllow;
  13 typedef struct CGroupIODeviceWeight CGroupIODeviceWeight;
  14 typedef struct CGroupIODeviceLimit CGroupIODeviceLimit;
  15 typedef struct CGroupIODeviceLatency CGroupIODeviceLatency;
  16 typedef struct CGroupBlockIODeviceWeight CGroupBlockIODeviceWeight;
  17 typedef struct CGroupBlockIODeviceBandwidth CGroupBlockIODeviceBandwidth;
  18
  19 typedef enum CGroupDevicePolicy {
  20
  21         /* When devices listed, will allow those, plus built-in ones,
  22         if none are listed will allow everything. */
  23         CGROUP_AUTO,
  24
  25         /* Everything forbidden, except built-in ones and listed ones. */
  26         CGROUP_CLOSED,
  27
  28         /* Everythings forbidden, except for the listed devices */
  29         CGROUP_STRICT,
  30
  31         _CGROUP_DEVICE_POLICY_MAX,
  32         _CGROUP_DEVICE_POLICY_INVALID = -1
  33 } CGroupDevicePolicy;
  34
  35 struct CGroupDeviceAllow {
  36         LIST_FIELDS(CGroupDeviceAllow, device_allow);
  37         char *path;
  38         bool r:1;
  39         bool w:1;
  40         bool m:1;
  41 };
  42
  43 struct CGroupIODeviceWeight {
  44         LIST_FIELDS(CGroupIODeviceWeight, device_weights);
  45         char *path;
  46         uint64_t weight;
  47 };
  48
  49 struct CGroupIODeviceLimit {
  50         LIST_FIELDS(CGroupIODeviceLimit, device_limits);
  51         char *path;
  52         uint64_t limits[_CGROUP_IO_LIMIT_TYPE_MAX];
  53 };
  54
  55 struct CGroupIODeviceLatency {
  56         LIST_FIELDS(CGroupIODeviceLatency, device_latencies);
  57         char *path;
  58         usec_t target_usec;
  59 };
  60
  61 struct CGroupBlockIODeviceWeight {
  62         LIST_FIELDS(CGroupBlockIODeviceWeight, device_weights);
  63         char *path;
  64         uint64_t weight;
  65 };
  66
  67 struct CGroupBlockIODeviceBandwidth {
  68         LIST_FIELDS(CGroupBlockIODeviceBandwidth, device_bandwidths);
  69         char *path;
  70         uint64_t rbps;
  71         uint64_t wbps;
  72 };
  73
  74 struct CGroupContext {
  75         bool cpu_accounting;
  76         bool io_accounting;
  77         bool blockio_accounting;
  78         bool memory_accounting;
  79         bool tasks_accounting;
  80         bool ip_accounting;
  81
  82         /* For unified hierarchy */
  83         uint64_t cpu_weight;
  84         uint64_t startup_cpu_weight;
  85         usec_t cpu_quota_per_sec_usec;
  86
  87         uint64_t io_weight;
  88         uint64_t startup_io_weight;
  89         LIST_HEAD(CGroupIODeviceWeight, io_device_weights);
  90         LIST_HEAD(CGroupIODeviceLimit, io_device_limits);
  91         LIST_HEAD(CGroupIODeviceLatency, io_device_latencies);
  92
  93         uint64_t memory_min;
  94         uint64_t memory_low;
  95         uint64_t memory_high;
  96         uint64_t memory_max;
  97         uint64_t memory_swap_max;
  98
  99         LIST_HEAD(IPAddressAccessItem, ip_address_allow);
 100         LIST_HEAD(IPAddressAccessItem, ip_address_deny);
 101
 102         /* For legacy hierarchies */
 103         uint64_t cpu_shares;
 104         uint64_t startup_cpu_shares;
 105
 106         uint64_t blockio_weight;
 107         uint64_t startup_blockio_weight;
 108         LIST_HEAD(CGroupBlockIODeviceWeight, blockio_device_weights);
 109         LIST_HEAD(CGroupBlockIODeviceBandwidth, blockio_device_bandwidths);
 110
 111         uint64_t memory_limit;
 112
 113         CGroupDevicePolicy device_policy;
 114         LIST_HEAD(CGroupDeviceAllow, device_allow);
 115
 116         /* Common */
 117         uint64_t tasks_max;
 118
 119         bool delegate;
 120         CGroupMask delegate_controllers;
 121 };
 122
 123 /* Used when querying IP accounting data */
 124 typedef enum CGroupIPAccountingMetric {
 125         CGROUP_IP_INGRESS_BYTES,
 126         CGROUP_IP_INGRESS_PACKETS,
 127         CGROUP_IP_EGRESS_BYTES,
 128         CGROUP_IP_EGRESS_PACKETS,
 129         _CGROUP_IP_ACCOUNTING_METRIC_MAX,
 130         _CGROUP_IP_ACCOUNTING_METRIC_INVALID = -1,
 131 } CGroupIPAccountingMetric;
 132
 133 typedef struct Unit Unit;
 134 typedef struct Manager Manager;
 135
 136 void cgroup_context_init(CGroupContext *c);
 137 void cgroup_context_done(CGroupContext *c);
 138 void cgroup_context_dump(CGroupContext *c, FILE* f, const char *prefix);
 139
 140 CGroupMask cgroup_context_get_mask(CGroupContext *c);
 141
 142 void cgroup_context_free_device_allow(CGroupContext *c, CGroupDeviceAllow *a);
 143 void cgroup_context_free_io_device_weight(CGroupContext *c, CGroupIODeviceWeight *w);
 144 void cgroup_context_free_io_device_limit(CGroupContext *c, CGroupIODeviceLimit *l);
 145 void cgroup_context_free_io_device_latency(CGroupContext *c, CGroupIODeviceLatency *l);
 146 void cgroup_context_free_blockio_device_weight(CGroupContext *c, CGroupBlockIODeviceWeight *w);
 147 void cgroup_context_free_blockio_device_bandwidth(CGroupContext *c, CGroupBlockIODeviceBandwidth *b);
 148
 149 int cgroup_add_device_allow(CGroupContext *c, const char *dev, const char *mode);
 150
 151 CGroupMask unit_get_own_mask(Unit *u);
 152 CGroupMask unit_get_delegate_mask(Unit *u);
 153 CGroupMask unit_get_members_mask(Unit *u);
 154 CGroupMask unit_get_siblings_mask(Unit *u);
 155 CGroupMask unit_get_subtree_mask(Unit *u);
 156
 157 CGroupMask unit_get_target_mask(Unit *u);
 158 CGroupMask unit_get_enable_mask(Unit *u);
 159
 160 bool unit_get_needs_bpf_firewall(Unit *u);
 161 CGroupMask unit_get_bpf_mask(Unit *u);
 162
 163 void unit_update_cgroup_members_masks(Unit *u);
 164
 165 const char *unit_get_realized_cgroup_path(Unit *u, CGroupMask mask);
 166 char *unit_default_cgroup_path(Unit *u);
 167 int unit_set_cgroup_path(Unit *u, const char *path);
 168 int unit_pick_cgroup_path(Unit *u);
 169
 170 int unit_realize_cgroup(Unit *u);
 171 void unit_release_cgroup(Unit *u);
 172 void unit_prune_cgroup(Unit *u);
 173 int unit_watch_cgroup(Unit *u);
 174
 175 void unit_add_to_cgroup_empty_queue(Unit *u);
 176
 177 int unit_attach_pids_to_cgroup(Unit *u, Set *pids, const char *suffix_path);
 178
 179 int manager_setup_cgroup(Manager *m);
 180 void manager_shutdown_cgroup(Manager *m, bool delete);
 181
 182 unsigned manager_dispatch_cgroup_realize_queue(Manager *m);
 183
 184 Unit *manager_get_unit_by_cgroup(Manager *m, const char *cgroup);
 185 Unit *manager_get_unit_by_pid_cgroup(Manager *m, pid_t pid);
 186 Unit* manager_get_unit_by_pid(Manager *m, pid_t pid);
 187
 188 int unit_search_main_pid(Unit *u, pid_t *ret);
 189 int unit_watch_all_pids(Unit *u);
 190
 191 int unit_synthesize_cgroup_empty_event(Unit *u);
 192
 193 int unit_get_memory_current(Unit *u, uint64_t *ret);
 194 int unit_get_tasks_current(Unit *u, uint64_t *ret);
 195 int unit_get_cpu_usage(Unit *u, nsec_t *ret);
 196 int unit_get_ip_accounting(Unit *u, CGroupIPAccountingMetric metric, uint64_t *ret);
 197
 198 int unit_reset_cpu_accounting(Unit *u);
 199 int unit_reset_ip_accounting(Unit *u);
 200
 201 #define UNIT_CGROUP_BOOL(u, name)                       \
 202         ({                                              \
 203         CGroupContext *cc = unit_get_cgroup_context(u); \
 204         cc ? cc->name : false;                          \
 205         })
 206
 207 bool manager_owns_root_cgroup(Manager *m);
 208 bool unit_has_root_cgroup(Unit *u);
 209
 210 int manager_notify_cgroup_empty(Manager *m, const char *group);
 211
 212 void unit_invalidate_cgroup(Unit *u, CGroupMask m);
 213 void unit_invalidate_cgroup_bpf(Unit *u);
 214
 215 void manager_invalidate_startup_units(Manager *m);
 216
 217 const char* cgroup_device_policy_to_string(CGroupDevicePolicy i) _const_;
 218 CGroupDevicePolicy cgroup_device_policy_from_string(const char *s) _pure_;
 219
 220 bool unit_cgroup_delegate(Unit *u);