Tom Hromatka [Fri, 20 Jan 2023 23:21:08 +0000 (16:21 -0700)]
doc: Update the github release process
Remove the step to update the libcgroup-tests submodule. The
tests have been reincorporated back into the libcgroup repo
and this step is no longer needed.
Add instructions on running coverity.
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Tom Hromatka [Fri, 13 Jan 2023 20:41:32 +0000 (13:41 -0700)]
ftests/cgroup.py: add support to list shared mount point
Cgroup::get_cgroup_mounts(), could create a list of mount points and in
the case of shared mount points such as cpu,cpuacct in the cgroup v1. It
would only add a mount point for the last of the two controllers listed
as the mount point, for example:
cgroup /sys/fs/cgroup/cpu,cpuacct cgroup rw,nosuid,nodev,noexec,relatime,cpu,cpuacct 0 0
mount list will look over cpu controller. Add support to recognize and
add both controllers to the list of mount points.
Reported-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Khem Raj [Fri, 13 Jan 2023 19:44:07 +0000 (12:44 -0700)]
api: Use GNU strerror_r when available
GNU strerror_r is only available in glibc, musl impelents the XSI
version which is slightly different, therefore check if GNU version is
available before using it, otherwise use the XSI compliant version.
Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
TJH: Minor formatting change so that the line doesn't exceed 100 chars
Kamalesh Babulal [Wed, 11 Jan 2023 17:39:55 +0000 (10:39 -0700)]
tools/cgxset: fix help/usage formatting
The help/usage output is misaligned, which is a mix of tabs and spaces.
Fix it by using only spaces for the alignment, so that we have a visual
representation of output in the code too, instead of having unaligned
info()'s needing to calculate the tabs stops always.
Before:
-------
Usage: cgxset [-r <name=value>] <cgroup_path> ...
or: cgxset --copy-from <source_cgroup_path> <cgroup_path> ...
Set the parameters of given cgroup(s)
-1, --v1 Provided parameters are in v1 format
-2, --v2 Provided parameters are in v2 format
-i, --ignore-unmappable Do not return an error for settings that cannot be converted
-r, --variable <name> Define parameter to set
--copy-from <source_cgroup_path> Control group whose parameters will be copied
After:
------
Usage: cgxset [-r <name=value>] <cgroup_path> ...
or: cgxset --copy-from <source_cgroup_path> <cgroup_path> ...
Set the parameters of given cgroup(s)
-1, --v1 Provided parameters are in v1 format
-2, --v2 Provided parameters are in v2 format
-i, --ignore-unmappable Do not return an error for settings that cannot be converted
-r, --variable <name> Define parameter to set
--copy-from <source_cgroup_path> Control group whose parameters will be copied
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Tom Hromatka [Wed, 4 Jan 2023 21:08:18 +0000 (21:08 +0000)]
ftests: Add a test for cgroup_attach_task_pid()
Add a functional test for cgroup_attach_task_pid().
-----------------------------------------------------------------
Test Results:
Run Date: Jan 04 21:06:16
Passed: 1 test(s)
Skipped: 0 test(s)
Failed: 0 test(s)
-----------------------------------------------------------------
Timing Results:
Test Time (sec)
-------------------------------------------------
setup 0.00
053-sudo-cgroup_attach_task_pid.py 2.06
teardown 0.00
-------------------------------------------------
Total Run Time 2.06
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> Reviewed-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Tom Hromatka [Wed, 4 Jan 2023 21:07:43 +0000 (21:07 +0000)]
ftests: Add a test for cgroup_attach_task()
Add a functional test for cgroup_attach_task()
-----------------------------------------------------------------
Test Results:
Run Date: Jan 04 21:03:14
Passed: 1 test(s)
Skipped: 0 test(s)
Failed: 0 test(s)
-----------------------------------------------------------------
Timing Results:
Test Time (sec)
---------------------------------------------
setup 0.00
052-sudo-cgroup_attach_task.py 0.02
teardown 0.00
---------------------------------------------
Total Run Time 0.02
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> Reviewed-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Tom Hromatka [Tue, 20 Dec 2022 22:41:22 +0000 (22:41 +0000)]
ftests: Add a test for cgroup_get_cgroup()
Add a functional test to exercise cgroup_get_cgroup()
-----------------------------------------------------------------
Test Results:
Run Date: Dec 20 22:41:28
Passed: 1 test(s)
Skipped: 0 test(s)
Failed: 0 test(s)
-----------------------------------------------------------------
Timing Results:
Test Time (sec)
--------------------------------------------
setup 0.00
051-sudo-cgroup_get_cgroup.py 0.03
teardown 0.00
--------------------------------------------
Total Run Time 0.03
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> Reviewed-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Tom Hromatka [Tue, 20 Dec 2022 22:38:43 +0000 (22:38 +0000)]
python: Add python bindings for several functions
Add python bindings for several C functions:
cgroup_get_cgroup()
cgroup_delete_cgroup()
cgroup_get_controller_count()
cgroup_get_controller_by_index()
cgroup_get_controller_name()
Also add two python methods to wrap cgroup_get_cgroup() and cgroup_delete() to
make these interfaces more pythonic. The other three C functions are used
internally to implement these pythonic methods.
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> Reviewed-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Tom Hromatka [Tue, 20 Dec 2022 22:35:54 +0000 (22:35 +0000)]
api: Add functions for iterating through the cgroup struct
Add functions to iterate through the cgroup structure:
cgroup_get_controller_count() - returns the number of controllers
within the cgroup struct
cgroup_get_controller_by_index() - returns the cgroup_controller
pointer corresponding with the requested index
cgroup_get_controller_name() - given a cgroup_controller pointer,
get the controller's name
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> Reviewed-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Tom Hromatka [Wed, 21 Dec 2022 21:00:21 +0000 (14:00 -0700)]
cgsnapshot: Close tags in output file on errors
Close tags in the output file when cgsnapshot encounters an
error. For example, if cgsnapshot cannot translate a uid to a
username, the "perm {" tag still needs a closing "}".
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> Reviewed-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Kamalesh Babulal [Wed, 21 Dec 2022 15:46:26 +0000 (21:16 +0530)]
tools/cgsnapshot: limit the controller to search to user lists
is_ctlr_on_list(), returns on the first match of the list of controllers
the user has passed on the command line, this might serve as an
optimization but as a side effect we search through the whole list of
controllers, those the user has not asked for. Let's reset the list of
controllers to controllers available on wanted_consts array (list of
controllers required by the user) and controllers array (list of
available controllers).
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Kamalesh Babulal [Tue, 20 Dec 2022 16:09:19 +0000 (21:39 +0530)]
gunit/test-015: Populate subtree_control for leaf cgroup
We no more rely on the cgroup's parent subtree_control file to verify
if a controller is enabled for a cgroup. So, populate the leaf/child
cgroups with subtree_control file similar to the parent cgroup.
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Kamalesh Babulal [Tue, 20 Dec 2022 16:09:13 +0000 (21:39 +0530)]
gunit/test-012: Create subtree_control for leaf cgroup
The test case relies on the parent cgroup's subtree_control file, while
creating a cgroup to verify the controllers enabled in created cgroup v2
and the current code cleverly emulates it. With the change to enable
the controller at the leaf cgroup this emulation gets difficult, so
introduce a dummy cgroup v2 mount that will help in the construction of
the path when the cgroup v2 is created with the empty controller because
the brilliance lies in emulating it by manually creating the
subtree_control file to give the impression of enabling the controller
in the cgroup v2 cgroup.
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Kamalesh Babulal [Tue, 20 Dec 2022 16:09:08 +0000 (21:39 +0530)]
api: cgroup v2 – read subtree_control of the leaf node
With cgroup v2, while checking if a controller is enabled for cgroup,
the tree is walked and checked up to the parent cgroup of the leaf node,
this guarantees that the controller available for the leaf cgroups in
the cgroup.controllers file, but this is incomplete because of the
controller can be both either enabled or disabled in the
cgroups.subtree_control file of the leaf cgroup.
Fix this ambiguity by reading until the leaf node's
cgroup.subtree_control file, instead.
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Kamalesh Babulal [Tue, 20 Dec 2022 16:09:02 +0000 (21:39 +0530)]
api: cgroup v2 – enable controller at the leaf node
With cgroup v2, while creating a cgroup with a controller, the whole
hierarchy tree is walked, and the controller is enabled up to the parent
cgroup of the leaf node, this guarantees that the attached controller is
available in the leaf cgroups cgroup.controllers file, but this is
incomplete because the controller is not enabled in the leaf cgroup.
We do not have a separate API that is called to enable the controllers
but as a workaround, one can always call the
cgroup_set_values_recursive() to enable the controller in the leaf node.
To maintain the idea/compatibility with the cgroup v1, where creating a
cgroup on the controller mount point/hierarchy is equivalent to enabling
the controller in the cgroup v2, let's enable the controller in the leaf
node too.
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
The cgxget was forked from cgget and messages/warnings printed to the
user still carry cgget keyword, which might get confusing to the user.
Replace the warnings/errors/info displayed to the user, along with
non-history occurrences of 'cgget' -> 'cgxget' throughout the file.
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Kamalesh Babulal [Mon, 19 Dec 2022 16:18:44 +0000 (09:18 -0700)]
api.c: fix segfault in cgroup_attach_task_pid()
When the user passes NULL in place of struct cgroup argument, the pid
passed as the second parameter is expected to be attached to root
hierarchies of the controllers in the case of legacy/hybrid modes and
to the root hierarchy in the case of unified mode.
The current code will segfault, while attempting to dereference a NULL
pointer, fix it by using the controller names, from cg_mount_table(),
that is already populated with the information and also remove the
controller_is_enabled check is specific to the cgroup v2 hierarchy.
With the root cgroup v2 hierarchy, all the controllers are enabled by
default, hence the check returns true always.
Reproducer:
int main(int argc, char *argv[]) {
pid_t pid = atoi(argv[1]);
int ret;
ret = cgroup_init();
if (ret) {
printf("Failed to initialize: %s\n", cgroup_strerror(ret));
exit(1);
}
ret = cgroup_attach_task_pid(NULL, pid);
if (ret) {
printf("Failed to attach %d to root cgroup(s): %s\n", pid, cgroup_strerror(ret));
exit(1);
}
exit (0);
}
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Tom Hromatka [Wed, 26 Oct 2022 16:21:03 +0000 (10:21 -0600)]
ftests: Add a test to create a systemd scope
-----------------------------------------------------------------
Test Results:
Run Date: Sep 06 14:46:15
Passed: 1 test(s)
Skipped: 0 test(s)
Failed: 0 test(s)
-----------------------------------------------------------------
Timing Results:
Test Time (sec)
-----------------------------------------------------
setup 0.00
049-sudo-systemd_create_scope.py 0.08
teardown 0.00
-----------------------------------------------------
Total Run Time 0.03
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> Reviewed-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Tom Hromatka [Wed, 26 Oct 2022 16:19:03 +0000 (10:19 -0600)]
ftests: Add support for running 'sudo' suite of tests
Some tests require sudo support for python/C bindings. This is
awkward to implement using the Run() class and error prone.
Instead, invoke the entire test with sudo permissions via a separate
invocation of ftests.py. This ensures that existing tests (that
don't require sudo) remain the same and don't accidentally get
elevated privileges.
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> Reviewed-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Tom Hromatka [Wed, 26 Oct 2022 16:14:27 +0000 (10:14 -0600)]
systemd: Add function to create a systemd scope
Add a function, cgroup_create_scope(), to create a systemd
scope. This scope can be delegated, in other words the cgroup
management of this scope can be delegated away from systemd.
This is the official way to create a cgroup that systemd will
not interfere with.
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> Reviewed-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Kamalesh Babulal [Mon, 31 Oct 2022 17:18:02 +0000 (11:18 -0600)]
github/workflows/continuous-intergation: Adopt SPDX License tag
Adopt SPDX license tag for all the source files, those already have
LGPL 2.1 boilerplate in them and those missing license information.
All the files in the project fall under project license, hence
explicitly adding LGPL-2.1-only identifier to the files missing license
information. Adopting SPDX license helps the compliance tools to
determine the license and also helps in reducing the repetitive license
boilerplate across source files.
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Kamalesh Babulal [Mon, 31 Oct 2022 17:17:50 +0000 (11:17 -0600)]
github/actions/setup-libcgroup: Adopt SPDX License tag
Adopt SPDX license tag for all the source files, those already have
LGPL 2.1 boilerplate in them and those missing license information.
All the files in the project fall under project license, hence
explicitly adding LGPL-2.1-only identifier to the files missing license
information. Adopting SPDX license helps the compliance tools to
determine the license and also helps in reducing the repetitive license
boilerplate across source files.
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Kamalesh Babulal [Mon, 31 Oct 2022 17:17:35 +0000 (11:17 -0600)]
github/actions/code-coverage: Adopt SPDX License tag
Adopt SPDX license tag for all the source files, those already have
LGPL 2.1 boilerplate in them and those missing license information.
All the files in the project fall under project license, hence
explicitly adding LGPL-2.1-only identifier to the files missing license
information. Adopting SPDX license helps the compliance tools to
determine the license and also helps in reducing the repetitive license
boilerplate across source files.
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Kamalesh Babulal [Mon, 31 Oct 2022 17:08:54 +0000 (11:08 -0600)]
tests: remove github/{actions,workflows}
Remove the GitHub actions and workflows from the tests directory, they
are not run anymore after the movement of libcgroup-tests into libcgroup
repo. Also, the libcgroup repo covers all the steps executed by
libcgroup-test actions/workflows.
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Kamalesh Babulal [Mon, 31 Oct 2022 17:05:12 +0000 (11:05 -0600)]
workflows/ci: add Python lint
Add Python lint to the GitHub workflow. This was previously part of
the libcgroup-test project GitHub workflow, which hosted most of the
python source code. Now that libcgroup-test is part of libcgroup repo,
let's add the lint workflow here too.
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Kamalesh Babulal [Tue, 25 Oct 2022 21:26:02 +0000 (15:26 -0600)]
api.c: fix resource leak in cg_chmod_path()
Fix resource leak, reported by Coverity Tool:
CID 276160 (#1 of 1): Resource leak (RESOURCE_LEAK)10. leaked_handle:
Handle variable fd going out of scope leaks the handle.
In cg_chmod_path(), the file descriptor checks for fd > 0, Coverity
warns about the possibility of the file descriptor being 0, fix it by
changing the check from '0' -> '-1'.
Fixes: 91cf2e4b7ceb ("api.c: fix file open in cg_chmod_path()") Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Tom Hromatka [Tue, 18 Oct 2022 19:29:52 +0000 (19:29 +0000)]
ftests: Add test for cgroup_setup_mode()
Add a python bindings test for cgroup_setup_mode()
-----------------------------------------------------------------
Test Results:
Run Date: Oct 18 19:28:31
Passed: 1 test(s)
Skipped: 0 test(s)
Failed: 0 test(s)
-----------------------------------------------------------------
Timing Results:
Test Time (sec)
------------------------------------------------
setup 0.00
048-pybindings-get_cgroup_mode.py 0.00
teardown 0.00
------------------------------------------------
Total Run Time 0.00
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> Reviewed-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Tom Hromatka [Tue, 18 Oct 2022 19:27:06 +0000 (19:27 +0000)]
ftests: Add function to get the cgroup mode
Add a function to the Cgroup class to get the cgroup mode. This
function is analogous to the C function, cgroup_setup_mode() and
can be used to verify the behavior of cgroup_setup_mode().
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> Reviewed-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Kamalesh Babulal [Mon, 10 Oct 2022 15:52:14 +0000 (21:22 +0530)]
tools/cgget: add support to print cgroup setup
Add a new switch (-m), that will print the current cgroup mode the
system/VM is booted it. It uses the API, cgroup_setup_mode() that
returns one of the modes (Legacy/Unified/Hybrid) the system is
booted with.
$ cgget -m
Legacy Mode (Cgroup v1 only).
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Kamalesh Babulal [Mon, 10 Oct 2022 15:50:34 +0000 (21:20 +0530)]
api: Introduce a new API to find the cgroup setup mode
This patch introduces a new API to detect the current cgroup setup
mode (Legacy/Unified/Hybrid). The setup will depend on the Linux
Kernel's grub command line, the system/VM is booted with.
Uses cases:
Depending upon the cgroup setup, the users can enable or disable
features in their applications. Like some controllers are only available
on cgroup v2, so they might need to set/get settings for those available
controllers only.
Suggested-by: Tom Hromatka <tom.hromatka@oracle.com> Suggested-by: Michal Koutný <mkoutny@suse.com> Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Make the --enable-samples option's bash code POSIX-complaint. There
might be warnings issued while running configure on other shells like
/bin/sh, those default on Debian systems.
Control the building and testing (make check) of the tests using the
if/endif WITH_TESTS guard based on the configuration options passed.
If the --enable-tests (default on) is passed during ./configure step,
the SUBDIRS directories (ftests/gunit) are recused into build and
make check are run.
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
As per automake manual[1], DIST_SUBDIRS should be used to recurse into
the subdirectories those we want to ship as part of make dist and use
SUBDIRS for conditionally building the directories. Adopt this rule
across the source.
tools/lssubsys: use exit code 129 on invalid usage
The exit code 1 refers to general error and using -1 wraps to
255, both codes do not signify bad arguments. Let's use exit code 129
(EXIT_BADARGS) for hinting to the users about invalid usage.
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
tools/lscgroup: use exit code 129 on invalid usage
The exit code 1 refers to general error and using -1 wraps to
255, both codes do not signify bad arguments. Let's use exit code 129
(EXIT_BADARGS) for hinting to the users about invalid usage.
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
tools/cgconfig: use exit code 129 on invalid usage
The exit code 1 refers to general error and using -1 wraps to
255, both codes do not signify bad arguments. Let's use exit code 129
(EXIT_BADARGS) for hinting to the users about invalid usage.
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
The exit code 1 refers to general error and using -1 wraps to
255, both codes do not signify bad arguments. Let's use exit code 129
(EXIT_BADARGS) for hinting to the users about invalid usage.
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
The exit code 1 refers to general error and using -1 wraps to
255, both codes do not signify bad arguments. Let's use exit code 129
(EXIT_BADARGS) for hinting to the users about invalid usage.
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
tools/cgsnapshot: use exit code 129 on invalid usage
The exit code 1 refers to general error and using -1 wraps to
255, both codes do not signify bad arguments. Let's use exit code 129
(EXIT_BADARGS) for hinting to the users about invalid usage.
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
tools/cgcreate: use exit code 129 on invalid usage
The exit code 1 refers to general error and using -1 wraps to
255, both codes do not signify bad arguments. Let's use exit code 129
(EXIT_BADARGS) for hinting to the users about invalid usage.
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
tools/cgclassify: use exit code 129 on invalid usage
The exit code 1 refers to general error and using -1 wraps to
255, both codes do not signify bad arguments. Let's use exit code 129
(EXIT_BADARGS) for hinting to the users about invalid usage.
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
tools/cgdelete: use exit code 129 on invalid usage
The exit code 1 refers to general error and using -1 wraps to
255, both codes do not signify bad arguments. Let's use exit code 129
(EXIT_BADARGS) for hinting to the users about invalid usage.
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
The exit code 1 refers to general error and using -1 wraps to
255, both codes do not signify bad arguments. Let's use exit code 129
(EXIT_BADARGS) for hinting to the users about invalid usage.
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
The exit code 1 refers to general error and using -1 wraps to
255, both codes do not signify bad arguments. Let's use exit code 129
(EXIT_BADARGS) for hinting to the users about invalid usage.
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
The exit code 1 refers to general error and using -1 wraps to
255, both codes do not signify bad arguments. Let's use exit code 129
(EXIT_BADARGS) for hinting to the users about invalid usage.
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Introduce EXIT_BADARGS (129) error code to return, when the user passes
an invalid list of arguments. Currently, we return exit 1 which refers
to a general error, or exit -1 which wraps to 255, both codes do not
signify bad arguments. Let's use EXIT_BADARGS (exit code 129), from
tools hinting to the users about invalid usage.
Suggested-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Running ./bootstrap.sh step, throws bunch of warnings related to
samples/c:
samples/c/Makefile.am:23: warning: variable 'empty_cgroup_v2_SOURCES' is defined but no program or
samples/c/Makefile.am:23: library has 'empty_cgroup_v2' as canonical name (possible typo)
samples/c/Makefile.am:17: warning: variable 'get_all_controller_SOURCES' is defined but no program or
samples/c/Makefile.am:17: library has 'get_all_controller' as canonical name (possible typo)
samples/c/Makefile.am:14: warning: variable 'get_controller_SOURCES' is defined but no program or
samples/c/Makefile.am:14: library has 'get_controller' as canonical name (possible typo)
samples/c/Makefile.am:15: warning: variable 'get_mount_point_SOURCES' is defined but no program or
samples/c/Makefile.am:15: library has 'get_mount_point' as canonical name (possible typo)
samples/c/Makefile.am:20: warning: variable 'get_procs_SOURCES' is defined but no program or
samples/c/Makefile.am:20: library has 'get_procs' as canonical name (possible typo)
samples/c/Makefile.am:18: warning: variable 'get_variable_names_SOURCES' is defined but no program or
samples/c/Makefile.am:18: library has 'get_variable_names' as canonical name (possible typo)
samples/c/Makefile.am:22: warning: variable 'logger_SOURCES' is defined but no program or
samples/c/Makefile.am:22: library has 'logger' as canonical name (possible typo)
samples/c/Makefile.am:16: warning: variable 'proctest_SOURCES' is defined but no program or
samples/c/Makefile.am:16: library has 'proctest' as canonical name (possible typo)
samples/c/Makefile.am:12: warning: variable 'read_stats_SOURCES' is defined but no program or
samples/c/Makefile.am:12: library has 'read_stats' as canonical name (possible typo)
samples/c/Makefile.am:10: warning: variable 'setuid_SOURCES' is defined but no program or
samples/c/Makefile.am:10: library has 'setuid' as canonical name (possible typo)
samples/c/Makefile.am:19: warning: variable 'test_named_hierarchy_SOURCES' is defined but no program or
samples/c/Makefile.am:19: library has 'test_named_hierarchy' as canonical name (possible typo)
samples/c/Makefile.am:13: warning: variable 'walk_task_SOURCES' is defined but no program or
samples/c/Makefile.am:13: library has 'walk_task' as canonical name (possible typo)
samples/c/Makefile.am:11: warning: variable 'walk_test_SOURCES' is defined but no program or
samples/c/Makefile.am:11: library has 'walk_test' as canonical name (possible typo)
samples/c/Makefile.am:21: warning: variable 'wrapper_test_SOURCES' is defined but no program or
samples/c/Makefile.am:21: library has 'wrapper_test' as canonical name (possible typo)
src/Makefile.am: installing 'build-aux/depcomp'
fix this by introducing --enable-samples option at configure, which by
default is disabled. If the user wishes to run the sample code, they
can build them by passing the configure option.
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
cgget segfaulted on v2.0.2 branch, with:
cgget: cannot find controller 'incal' in group '016cgget'
Fatal error: glibc detected an invalid stdio handle
Aborted (core dumped)
It was caught by ftests/016-cgget-invalid_options.py on Ubuntu 22.04, a
simple reproducer on the v2.0.2 branch:
$ sudo ./src/tools/cgget -n -v -r invalid.setting 016cgget
assuming 016cgget cgroup exists.
It is due to the invalid controller name passed to the
cgroup_read_value_begin(), which returns failure and callee
get_cv_value() in the error clean up path, does a fclose(handle).
If (handle != NULL) succeeds because its uninitialized and has some
garbage value. Fix this by initializing the handle to NULL.
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Tom Hromatka [Thu, 15 Sep 2022 20:43:07 +0000 (20:43 +0000)]
github: Add more dependencies to the apt install command
Add a few more dependencies - cmake, bison, flex, byacc, g++, autoconf,
libtool, and automake - to the apt-get install list. Also add a '-y'
flag to automatically install them.
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Tom Hromatka [Thu, 15 Sep 2022 20:06:02 +0000 (20:06 +0000)]
tests: Merge libcgroup-tests repo back into libcgroup repo
Merge the libcgroup-tests repo back into the main libcgroup repo.
The submodules logic has been deleted and the tests are now directly
hosted within the libcgroup repo.
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Sam James [Wed, 14 Sep 2022 14:11:58 +0000 (08:11 -0600)]
configure.ac: fix bashism
configure scripts need to be runnable with a POSIX-compliant /bin/sh.
On many (but not all!) systems, /bin/sh is provided by Bash, so errors
like this aren't spotted. Notably Debian defaults to /bin/sh provided
by dash which doesn't tolerate such bashisms as '=='.
This retains compatibility with bash.
Fixes configure warnings/errors like:
```
checking whether to build static libraries... no
./configure: 14089: test: xno: unexpected operator
checking for x86_64-pc-linux-gnu-g++... x86_64-pc-linux-gnu-g++
```
Signed-off-by: Sam James <sam@gentoo.org> Reviewed-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
tools/cgsnapshot: fix wrong array size in is_ctrl_on_list()
GCC throws -Wstringop-overflow warning:
CC cgsnapshot-cgsnapshot.o
cgsnapshot.c: In function 'parse_controllers':
cgsnapshot.c:540:53: warning: 'is_ctlr_on_list' accessing 16777216 bytes in a region of size 409600 [-Wstringop-overflow=]
540 | if ((!(flags & FL_LIST) || (is_ctlr_on_list(controllers, cont_names))) &&
| ~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cgsnapshot.c:540:53: note: referencing argument 2 of type 'char (*)[4096]'
cgsnapshot.c:495:12: note: in a call to function 'is_ctlr_on_list'
495 | static int is_ctlr_on_list(char controllers[CG_CONTROLLER_MAX][FILENAME_MAX],
| ^~~~~~~~~~~~~~~
cgsnapshot.c:560:37: warning: 'is_ctlr_on_list' accessing 16777216 bytes in a region of size 409600 [-Wstringop-overflow=]
560 | if ((!(flags & FL_LIST) || (is_ctlr_on_list(controllers, cont_names))) &&
| ~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cgsnapshot.c:560:37: note: referencing argument 2 of type 'char(*)[4096]'
cgsnapshot.c:495:12: note: in a call to function 'is_ctlr_on_list'
495 | static int is_ctlr_on_list(char controllers[CG_CONTROLLER_MAX][FILENAME_MAX],
| ^~~~~~~~~~~~~~~
the warning is seen due to the mismatch in the array size of the second
argument passed to is_ctlr_on_list() from parse_controllers(). Fix,
this long standing warning by chaging the size of the second function
argument in is_ctrl_on_list().
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Kamalesh Babulal [Wed, 31 Aug 2022 21:03:56 +0000 (15:03 -0600)]
src/api.c: support /proc mounted with subset=pid
/proc filesystem can be mounted with subset=pid as one of its mount
options. This option hides all the top-level files and directories,
those are not related to processes. The cgroup v1 filesystem depends
on the /proc/cgroups to populate the cgroups controllers and will fail
during the cgroup_init() phase, when not available, whereas cgroup v2
considers this as a deprecated file and recommends reading the list of
controller from <unified mount point>/cgroup.controllers[1].
Support this valid /proc mount point only when the system is booted with
the unified mode and will fail to initialize in the case we find the
cgroup v1 mounted, i.e, the system booted with legacy or hybrid mode.
Kamalesh Babulal [Wed, 31 Aug 2022 21:03:34 +0000 (15:03 -0600)]
api.c: use /proc/self/mounts
Use /proc/self/mount instead of /proc/mounts, which is a symbolic link
to the former. The symbolic link creation can be traced back to Linux
Kernel commit 59c7572e82d6 ("proc: remove fs/proc/proc_misc.c"). Also,
the /proc/mounts are not available in the cases where the /proc is
mounted with subset=pid option.
As per kernel docs filesystems/procs.rst:
"subset=pid hides all top level files and directories in the procfs that
are not related to tasks."
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Kamalesh Babulal [Wed, 31 Aug 2022 20:26:15 +0000 (14:26 -0600)]
configure: remove AM_COND for --disable-tests
With the usage of DIST_SUBDIRS, the makefiles for the tests/* will be
generated, and building the tests/* should be controlled using SUBDIRS.
Remove the AM_COND condition for --disable-tests in the AC_CONFIG_FILES
list.
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Kamalesh Babulal [Wed, 31 Aug 2022 20:25:48 +0000 (14:25 -0600)]
make: use DIST_SUBDIRS
As per automake manual[1], DIST_SUBDIRS should be used to recurse into
the subdirectories those we want to ship as part of make dist and use
SUBDIRS for conditionally building the directories. Adopt this rule
across the source.
Kamalesh Babulal [Wed, 31 Aug 2022 14:25:16 +0000 (08:25 -0600)]
github/workflows: add support for testing different cgroup setups
Add support to run the Github workflow on three parallel runners, each
of them have a unique cgroup setup:
cgroup v1 only (legacy), cgroup v1/v2 (hybrid), cgroup v2 only (unified).
With this change, we should be able to run every patch against all
combination of cgroup setups.
Suggested-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
TJH: Remove the clean logic and instead use the Github Actions
$ACTIONS_RUNNER_HOOK_JOB_STARTED environment variable
Kamalesh Babulal [Mon, 29 Aug 2022 21:01:47 +0000 (15:01 -0600)]
api.c: fix file open in cg_chmod_path()
In cg_chmod_path(), the commit 8b9665c29cb8 ("api.c: fix TOCTOU in
cg_chmod_path()), converted the file operations from stat -> fstat and
chmod -> fchmod to fix a Coverity warning. The newly replaced file
operations operate on file descriptors and hence introduced a side
effect of opening the file at the wrong code block, that would only work
as expected when the caller calls cg_chmod_path() with owner_is_umask
set.
Fix it by moving the file operation out of the conditional block, so it
works in both of the cases of owner_is_umask being set or unset.
Fixes: 8b9665c29cb8 ("api.c: fix TOCTOU in cg_chmod_path()) Suggested-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Kamalesh Babulal [Wed, 24 Aug 2022 18:44:47 +0000 (12:44 -0600)]
api.c: fix TOCTOU in cg_chmod_path()
Fix TOCTOU warning, reported by Coverity Tool:
CID 258267 (#1 of 1): Time of check time of use (TOCTOU).
fs_check_call: Calling function stat to perform check on path.
in cg_chmod_path(), the file name is stat() and not immediately followed
by the file operation. One way to fix it, open the file and use the file
descriptor to manipulate the file.
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Kamalesh Babulal [Tue, 23 Aug 2022 17:22:04 +0000 (11:22 -0600)]
tools/tools-common.h: introduce CGROUP_LOG_CONT level for logging
There are cases, where we might want to print a very long/multiline log
message to the user. We could call the cgroup_log(), multiple times
to fit the log message, but the downside is that every time the
cgroup_log() called, the log level is prefixed to the message, hence
introducing loglevel char string in the mid of the log message.
Introduce a new logging level, CGROUP_LOG_CONT and cgroup_cont() macro,
that will continue printing the log message, when loglevel is set to
other than default log level. The above code can be rewritten as:
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
TJH: Fix typo in commit message
Kamalesh Babulal [Tue, 23 Aug 2022 17:21:47 +0000 (11:21 -0600)]
log: introduce CGROUP_LOG_CONT level for logging
There are cases, where we might want to print a very long/multiline log
message to the user. We could call the cgroup_log(), multiple times to
fit the log message, but the downside is that every time the
cgroup_log() called, the log level is prefixed to the message, hence
introducing loglevel char string in the mid of the log message.
For example, calling the cgroup_warn() twice to print a long warning:
cgroup_warn("cgroup v1 expects /proc/cgroup, check if ");
cgroup_warn("/proc mounted with subset=pid option\n");
Introduce a new logging level, CGROUP_LOG_CONT and cgroup_cont() macro,
that will continue printing the log message, when loglevel is set to other
than default log level. The above code can be rewritten as:
cgroup_warn("cgroup v1 expects/proc/cgroup, check if ");
cgroup_cont("/proc mounted with subset=pid option\n");
Kamalesh Babulal [Wed, 10 Aug 2022 17:08:26 +0000 (11:08 -0600)]
daemon/cgrulesengd: check the bytes read in cgre_receive_unix_domain_msg()
Fix ignoring the number of bytes read, warning reported by Coverity
tool:
CID 258286 (#1 of 1): Ignoring number of bytes read (CHECKED_RETURN).
check_return: read(int, void *, size_t) returns the number of bytes
read, but it is ignored.
In cgre_receive_unix_domain_msg(), the number of bytes read() is
ignored, while reading from the flag value of the pid. Coverity warns on
not checking the number of bytes read, fix it.
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Kamalesh Babulal [Wed, 10 Aug 2022 16:52:09 +0000 (10:52 -0600)]
api.c: add precision to fscanf(), in cgroup_get_current_controller_path()
Fix calling risky function warning, reported by Coverity tool:
CID 258301 (#1 of 1): Calling risky function
(DC.STREAM_BUFFER)dont_call: fscanf assumes an arbitrarily long string,
so callers must use correct precision specifiers or never use fscanf.
As per secure coding standard, using '%s' in the fscanf() is not
recommend, hence fix it by using the precision of macro
FILENAME_MAX borrowed from Linux Kernel for the maximum
allowed controller/subsys_name length.
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
TJH: Small fix in the commit comment.
api.c: add precision to fscanf(), in cgroup_populate_controllers()
Fix calling risky function warning, reported by Coverity tool:
CID 258305 (#1 of 1): Calling risky function
(DC.STREAM_BUFFER)dont_call: fscanf assumes an arbitrarily long string,
so callers must use correct precision specifiers or never use fscanf.
As per secure coding standard, using '%s' in the fscanf() is not
recommend, hence fix it by using the precision of macro
MAX_CGROUP_TYPE_NAMELEN borrowed from Linux Kernel for the maximum
allowed controller/subsys_name length.
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
api.c: add precision to fscanf(), in cgroup_get_all_controller_next()
Fix calling risky function warning, reported by Coverity tool:
CID 258300 (#1 of 1): Calling risky function
(DC.STREAM_BUFFER)dont_call: fscanf assumes an arbitrarily long string,
so callers must use correct precision specifiers or never use fscanf.
As per secure coding standard, using '%s' in the fscanf() is not
recommend, hence fix it by using the precision of macro
MAX_CGROUP_TYPE_NAMELEN borrowed from Linux Kernel for the maximum
allowed controller/subsys_name length.
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
tools/cgxget: de-allocate cg_convert_list[] in convert_cgroup()
The commit 66799b867c7 (tools/cgxget: fix the resource leak in
convert_cgroup()), is a partial fix. It de-allocated the array members
of the dynamically allocated cg_converted_list[], but fails to free()
the cg_converted_list. Fix the resource leak by de-allocating it.
Fixes: 66799b867c7 (tools/cgxget: fix the resource leak in convert_group) Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
daemon/cgrulesengd: check the bytes read in cgre_receive_unix_domain_msg()
Fix ignoring the number of bytes read, warning reported by Coverity
tool:
CID 258286 (#2 of 2): Ignoring number of bytes read (CHECKED_RETURN).
check_return: read(int, void *, size_t) returns the number of bytes
read, but it is ignored.
In cgre_receive_unix_domain_msg(), the number of bytes read() is
ignored, while reading from the flag value from the socket. Coverity
warns on not checking the number of bytes read, fix it.
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
api.c: check the bytes read in cgroup_register_unchanged_process()
Fix ignoring the number of bytes read, warning reported by Coverity
tool:
CID 258288 (#1 of 1): Ignoring number of bytes read (CHECKED_RETURN).
check_return: read(int, void *, size_t) returns the number of bytes
read, but it is ignored.
In cgroup_register_unchanged_process(), the number of byte read/written
using read()/write() are ignored but coverity it warns about the read()
only, let's fix it.
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
api.c: fix null deference in is_cgrp_ctrl_shared_mnt()
Fix explicit null dereferenced warning, reported by Coverity tool:
CID 258306 (#1 of 1): Explicit null dereferenced (FORWARD_NULL).
var_deref_model: Passing null pointer controller_name to
cgroup_find_parent, which dereferences it.
the code path which leads to the null dereference:
cgroup_delete_cgroup_ext()
- cgroup_find_parent()
- is_cgrp_ctrl_shared_mnt()
is_cgrp_ctrl_shared_mnt(), assumes that the controller_name is non-NULL
but there are changes that, this static function might be called with
NULL controller_name, let's fix it with a check.
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
tools/cgsnapshot: fix out-of-bounds write in parse_controllers()
Fix Out-of-bounds write warning, reported by Coverity tool:
CID 258289 (#2 of 2): Out-of-bounds write (OVERRUN)16. overrun-local:
Overrunning array controllers of 100 4096-byte elements at element index
100 (byte offset 413695) using index max (which evaluates to 100).
there are chances, that the index variable max dereferences controller
array might be over the array size of 100. Add upper bound checks
to index variable max, so that it doesn't overrun the controller array.
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
api.c: check for invalid error code in cgroup_strerror()
Fix array overflow warning, reported by the Coverity tool:
CID 258309 (#1 of 1): Out-of-bounds read (OVERRUN). overrun-local:
Overrunning array cgroup_strerror_codes of 32 8-byte elements at element
index 49999 (byte offset 399999) using index code % ECGROUPNOTCOMPILED
(which evaluates to 49999).
there are chances of users passing error codes, resulting in crossing
the upper bound of the cgroup_strerror_codes[], fix it by introducing
bound checks.
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
tools/cgxget: fix the resource leak in convert_cgroup()
Fix a resource leak warning reported by the Coverity tool:
CID 258272 (#1-2 of 2): Resource leak (RESOURCE_LEAK). leaked_storage:
Variable cg_converted_list going out of scope leaks the storage it
points to.
while free'ing() the cg_converted_list() via cgroup_free(), wrong array
index variable was passed, causing the resource leak. Fix it by passing
the right index variable.
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
projects / thirdparty / libcgroup.git / log
