From: Mike Yuan Date: Tue, 6 Jan 2026 21:39:04 +0000 (+0100) Subject: core: rearrange MemoryTHP= X-Git-Tag: v260-rc1~367^2~2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=64a2712db5eac96b594d8440c4779c4ca2aeedce;p=thirdparty%2Fsystemd.git core: rearrange MemoryTHP= * Place related logic closer to MemoryKSM=, do not interleave it with various BPF delegation knobs * MemoryTHP= is a execute directive, not namespace --- diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c index f84cb856524..9974f8a217d 100644 --- a/src/core/dbus-execute.c +++ b/src/core/dbus-execute.c @@ -1837,11 +1837,11 @@ static BUS_DEFINE_SET_TRANSIENT_PARSE(keyring_mode, ExecKeyringMode, exec_keyrin static BUS_DEFINE_SET_TRANSIENT_PARSE(protect_proc, ProtectProc, protect_proc_from_string); static BUS_DEFINE_SET_TRANSIENT_PARSE(proc_subset, ProcSubset, proc_subset_from_string); static BUS_DEFINE_SET_TRANSIENT_PARSE(private_bpf, PrivateBPF, private_bpf_from_string); -static BUS_DEFINE_SET_TRANSIENT_PARSE(memory_thp, MemoryTHP, memory_thp_from_string); static BUS_DEFINE_SET_TRANSIENT_PARSE_PTR(bpf_delegate_commands, uint64_t, bpf_delegate_commands_from_string); static BUS_DEFINE_SET_TRANSIENT_PARSE_PTR(bpf_delegate_maps, uint64_t, bpf_delegate_maps_from_string); static BUS_DEFINE_SET_TRANSIENT_PARSE_PTR(bpf_delegate_programs, uint64_t, bpf_delegate_programs_from_string); static BUS_DEFINE_SET_TRANSIENT_PARSE_PTR(bpf_delegate_attachments, uint64_t, bpf_delegate_attachments_from_string); +static BUS_DEFINE_SET_TRANSIENT_PARSE(memory_thp, MemoryTHP, memory_thp_from_string); BUS_DEFINE_SET_TRANSIENT_PARSE(exec_preserve_mode, ExecPreserveMode, exec_preserve_mode_from_string); static BUS_DEFINE_SET_TRANSIENT_PARSE_PTR(personality, unsigned long, parse_personality); static BUS_DEFINE_SET_TRANSIENT_TO_STRING_ALLOC(secure_bits, "i", int32_t, int, "%" PRIi32, secure_bits_to_string_alloc_with_check); diff --git a/src/core/execute.c b/src/core/execute.c index f2bd4f20a74..3602e5229d3 100644 --- a/src/core/execute.c +++ b/src/core/execute.c @@ -1117,8 +1117,8 @@ void exec_context_dump(const ExecContext *c, FILE* f, const char *prefix) { "%sProtectHostname: %s%s%s\n" "%sProtectProc: %s\n" "%sProcSubset: %s\n" - "%sPrivateBPF: %s\n" - "%sMemoryTHP: %s\n", + "%sMemoryTHP: %s\n" + "%sPrivateBPF: %s\n", prefix, c->umask, prefix, empty_to_root(c->working_directory), prefix, empty_to_root(c->root_directory), @@ -1146,8 +1146,8 @@ void exec_context_dump(const ExecContext *c, FILE* f, const char *prefix) { prefix, protect_hostname_to_string(c->protect_hostname), c->private_hostname ? ":" : "", strempty(c->private_hostname), prefix, protect_proc_to_string(c->protect_proc), prefix, proc_subset_to_string(c->proc_subset), - prefix, private_bpf_to_string(c->private_bpf), - prefix, memory_thp_to_string(c->memory_thp)); + prefix, memory_thp_to_string(c->memory_thp), + prefix, private_bpf_to_string(c->private_bpf)); if (c->private_bpf == PRIVATE_BPF_YES) { _cleanup_free_ char @@ -3128,3 +3128,12 @@ static const char* const exec_keyring_mode_table[_EXEC_KEYRING_MODE_MAX] = { }; DEFINE_STRING_TABLE_LOOKUP(exec_keyring_mode, ExecKeyringMode); + +static const char* const memory_thp_table[_MEMORY_THP_MAX] = { + [MEMORY_THP_INHERIT] = "inherit", + [MEMORY_THP_DISABLE] = "disable", + [MEMORY_THP_MADVISE] = "madvise", + [MEMORY_THP_SYSTEM] = "system", +}; + +DEFINE_STRING_TABLE_LOOKUP(memory_thp, MemoryTHP); diff --git a/src/core/execute.h b/src/core/execute.h index 784d393c55a..6624c3a71ce 100644 --- a/src/core/execute.h +++ b/src/core/execute.h @@ -73,6 +73,24 @@ typedef enum ExecKeyringMode { _EXEC_KEYRING_MODE_INVALID = -EINVAL, } ExecKeyringMode; +typedef enum MemoryTHP { + /* + * Inherit default from process that starts systemd, i.e. do not make + * any PR_SET_THP_DISABLE call. + */ + MEMORY_THP_INHERIT, + MEMORY_THP_DISABLE, /* Disable THPs completely for the process */ + MEMORY_THP_MADVISE, /* Disable THPs for the process except when madvised */ + /* + * Use system default THP setting. this can be used when the process that + * starts systemd has already disabled THPs via PR_SET_THP_DISABLE, and we + * want to restore the system default THP setting at process invocation time. + */ + MEMORY_THP_SYSTEM, + _MEMORY_THP_MAX, + _MEMORY_THP_INVALID = -EINVAL, +} MemoryTHP; + /* Contains start and exit information about an executed command. */ typedef struct ExecStatus { dual_timestamp start_timestamp; @@ -600,9 +618,8 @@ bool exec_directory_is_private(const ExecContext *context, ExecDirectoryType typ DECLARE_STRING_TABLE_LOOKUP_FROM_STRING(exec_clean_mask, ExecCleanMask); -DECLARE_STRING_TABLE_LOOKUP(exec_output, ExecOutput); - DECLARE_STRING_TABLE_LOOKUP(exec_input, ExecInput); +DECLARE_STRING_TABLE_LOOKUP(exec_output, ExecOutput); DECLARE_STRING_TABLE_LOOKUP(exec_utmp_mode, ExecUtmpMode); @@ -611,11 +628,12 @@ DECLARE_STRING_TABLE_LOOKUP(exec_preserve_mode, ExecPreserveMode); DECLARE_STRING_TABLE_LOOKUP(exec_keyring_mode, ExecKeyringMode); DECLARE_STRING_TABLE_LOOKUP(exec_directory_type_symlink, ExecDirectoryType); - DECLARE_STRING_TABLE_LOOKUP(exec_directory_type_mode, ExecDirectoryType); DECLARE_STRING_TABLE_LOOKUP(exec_resource_type, ExecDirectoryType); +DECLARE_STRING_TABLE_LOOKUP(memory_thp, MemoryTHP); + bool exec_needs_mount_namespace(const ExecContext *context, const ExecParameters *params, const ExecRuntime *runtime); bool exec_needs_network_namespace(const ExecContext *context); bool exec_needs_ipc_namespace(const ExecContext *context); diff --git a/src/core/namespace.c b/src/core/namespace.c index f4686cc4edf..87d93a4fe76 100644 --- a/src/core/namespace.c +++ b/src/core/namespace.c @@ -4039,15 +4039,6 @@ DEFINE_STRING_TABLE_LOOKUP(bpf_delegate_map_type, uint64_t); DEFINE_STRING_TABLE_LOOKUP(bpf_delegate_prog_type, uint64_t); DEFINE_STRING_TABLE_LOOKUP(bpf_delegate_attach_type, uint64_t); -static const char* const memory_thp_table[_MEMORY_THP_MAX] = { - [MEMORY_THP_INHERIT] = "inherit", - [MEMORY_THP_DISABLE] = "disable", - [MEMORY_THP_MADVISE] = "madvise", - [MEMORY_THP_SYSTEM] = "system", -}; - -DEFINE_STRING_TABLE_LOOKUP(memory_thp, MemoryTHP); - char* bpf_delegate_to_string(uint64_t u, const char * (*parser)(uint64_t) _const_ ) { assert(parser); diff --git a/src/core/namespace.h b/src/core/namespace.h index a44aced8221..ba4f9b80a2d 100644 --- a/src/core/namespace.h +++ b/src/core/namespace.h @@ -90,24 +90,6 @@ typedef enum PrivatePIDs { _PRIVATE_PIDS_INVALID = -EINVAL, } PrivatePIDs; -typedef enum MemoryTHP { - /* - * Inherit default from process that starts systemd, i.e. do not make - * any PR_SET_THP_DISABLE call. - */ - MEMORY_THP_INHERIT, - MEMORY_THP_DISABLE, /* Disable THPs completely for the process */ - MEMORY_THP_MADVISE, /* Disable THPs for the process except when madvised */ - /* - * Use system default THP setting. this can be used when the process that - * starts systemd has already disabled THPs via PR_SET_THP_DISABLE, and we - * want to restore the system default THP setting at process invocation time. - */ - MEMORY_THP_SYSTEM, - _MEMORY_THP_MAX, - _MEMORY_THP_INVALID = -EINVAL, -} MemoryTHP; - typedef struct BindMount { char *source; char *destination; @@ -250,8 +232,6 @@ DECLARE_STRING_TABLE_LOOKUP(proc_subset, ProcSubset); DECLARE_STRING_TABLE_LOOKUP(private_bpf, PrivateBPF); -DECLARE_STRING_TABLE_LOOKUP(memory_thp, MemoryTHP); - DECLARE_STRING_TABLE_LOOKUP(bpf_delegate_cmd, uint64_t); DECLARE_STRING_TABLE_LOOKUP(bpf_delegate_map_type, uint64_t); diff --git a/src/core/varlink-execute.c b/src/core/varlink-execute.c index 7482bfd4f9d..6f300fa7d3d 100644 --- a/src/core/varlink-execute.c +++ b/src/core/varlink-execute.c @@ -865,6 +865,9 @@ int unit_exec_context_build_json(sd_json_variant **ret, const char *name, void * SD_JSON_BUILD_PAIR_CALLBACK("IOSchedulingClass", ioprio_class_build_json, c), SD_JSON_BUILD_PAIR_INTEGER("IOSchedulingPriority", ioprio_prio_data(exec_context_get_effective_ioprio(c))), + JSON_BUILD_PAIR_TRISTATE_NON_NULL("MemoryKSM", c->memory_ksm), + SD_JSON_BUILD_PAIR_STRING("MemoryTHP", memory_thp_to_string(c->memory_thp)), + /* Sandboxing */ SD_JSON_BUILD_PAIR_STRING("ProtectSystem", protect_system_to_string(c->protect_system)), SD_JSON_BUILD_PAIR_STRING("ProtectHome", protect_home_to_string(c->protect_home)), @@ -888,7 +891,6 @@ int unit_exec_context_build_json(sd_json_variant **ret, const char *name, void * JSON_BUILD_PAIR_STRING_NON_EMPTY("NetworkNamespacePath", c->network_namespace_path), JSON_BUILD_PAIR_YES_NO("PrivateIPC", c->private_ipc), JSON_BUILD_PAIR_STRING_NON_EMPTY("IPCNamespacePath", c->ipc_namespace_path), - JSON_BUILD_PAIR_TRISTATE_NON_NULL("MemoryKSM", c->memory_ksm), SD_JSON_BUILD_PAIR_STRING("PrivatePIDs", private_pids_to_string(c->private_pids)), SD_JSON_BUILD_PAIR_STRING("PrivateUsers", private_users_to_string(c->private_users)), JSON_BUILD_PAIR_STRING_NON_EMPTY("UserNamespacePath", c->user_namespace_path), @@ -914,7 +916,6 @@ int unit_exec_context_build_json(sd_json_variant **ret, const char *name, void * SD_JSON_BUILD_PAIR_BOOLEAN("RemoveIPC", c->remove_ipc), JSON_BUILD_PAIR_TRISTATE_NON_NULL("PrivateMounts", c->private_mounts), JSON_BUILD_PAIR_STRING_NON_EMPTY("MountFlags", mount_propagation_flag_to_string(c->mount_propagation_flag)), - SD_JSON_BUILD_PAIR_STRING("MemoryTHP", memory_thp_to_string(c->memory_thp)), /* System Call Filtering */ JSON_BUILD_PAIR_CALLBACK_NON_NULL("SystemCallFilter", syscall_filter_build_json, c), diff --git a/src/shared/bus-unit-util.c b/src/shared/bus-unit-util.c index 048e02e5274..894a2639cdb 100644 --- a/src/shared/bus-unit-util.c +++ b/src/shared/bus-unit-util.c @@ -2455,6 +2455,7 @@ static const BusProperty execute_properties[] = { { "CPUSchedulingResetOnFork", bus_append_parse_boolean }, { "LockPersonality", bus_append_parse_boolean }, { "MemoryKSM", bus_append_parse_boolean }, + { "MemoryTHP", bus_append_string }, { "RestrictSUIDSGID", bus_append_parse_boolean }, { "RootEphemeral", bus_append_parse_boolean }, { "SetLoginEnvironment", bus_append_parse_boolean }, @@ -2494,7 +2495,6 @@ static const BusProperty execute_properties[] = { { "LogRateLimitBurst", bus_append_safe_atou }, { "TTYRows", bus_append_safe_atou }, { "TTYColumns", bus_append_safe_atou }, - { "MemoryTHP", bus_append_string }, { "MountFlags", bus_append_mount_propagation_flag_from_string }, { "Environment", bus_append_strv_cunescape }, { "UnsetEnvironment", bus_append_strv_cunescape }, diff --git a/src/shared/varlink-io.systemd.Unit.c b/src/shared/varlink-io.systemd.Unit.c index 9670951c47e..3fa64859ef9 100644 --- a/src/shared/varlink-io.systemd.Unit.c +++ b/src/shared/varlink-io.systemd.Unit.c @@ -530,6 +530,11 @@ static SD_VARLINK_DEFINE_STRUCT_TYPE( SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man"PROJECT_VERSION_STR"systemd.exec.html#IOSchedulingPriority="), SD_VARLINK_DEFINE_FIELD(IOSchedulingPriority, SD_VARLINK_INT, 0), + SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man"PROJECT_VERSION_STR"systemd.exec.html#MemoryKSM="), + SD_VARLINK_DEFINE_FIELD(MemoryKSM, SD_VARLINK_BOOL, SD_VARLINK_NULLABLE), + SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man"PROJECT_VERSION_STR"systemd.exec.html#MemoryTHP="), + SD_VARLINK_DEFINE_FIELD(MemoryTHP, SD_VARLINK_STRING, SD_VARLINK_NULLABLE), + /* Sandboxing * https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html#Sandboxing */ SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man"PROJECT_VERSION_STR"systemd.exec.html#ProtectSystem="), @@ -574,8 +579,6 @@ static SD_VARLINK_DEFINE_STRUCT_TYPE( SD_VARLINK_DEFINE_FIELD(PrivateIPC, SD_VARLINK_STRING, 0), SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man"PROJECT_VERSION_STR"systemd.exec.html#IPCNamespacePath="), SD_VARLINK_DEFINE_FIELD(IPCNamespacePath, SD_VARLINK_STRING, SD_VARLINK_NULLABLE), - SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man"PROJECT_VERSION_STR"systemd.exec.html#MemoryKSM="), - SD_VARLINK_DEFINE_FIELD(MemoryKSM, SD_VARLINK_BOOL, SD_VARLINK_NULLABLE), SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man"PROJECT_VERSION_STR"systemd.exec.html#PrivatePIDs="), SD_VARLINK_DEFINE_FIELD(PrivatePIDs, SD_VARLINK_STRING, 0), SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man"PROJECT_VERSION_STR"systemd.exec.html#PrivateUsers="), @@ -626,8 +629,6 @@ static SD_VARLINK_DEFINE_STRUCT_TYPE( SD_VARLINK_DEFINE_FIELD(PrivateMounts, SD_VARLINK_BOOL, SD_VARLINK_NULLABLE), SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man"PROJECT_VERSION_STR"systemd.exec.html#MountFlags="), SD_VARLINK_DEFINE_FIELD(MountFlags, SD_VARLINK_STRING, SD_VARLINK_NULLABLE), - SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man"PROJECT_VERSION_STR"systemd.exec.html#MemoryTHP="), - SD_VARLINK_DEFINE_FIELD(MemoryTHP, SD_VARLINK_STRING, SD_VARLINK_NULLABLE), /* System Call Filtering * https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html#System%20Call%20Filtering */