X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=src%2Fbasic%2Fcgroup-util.c;h=315c449656aa073ce6aadad84e0506b82e246a6f;hp=272fb19735df8d068cec1dc3d5f057d8c9cac4b4;hb=d93247127eb2e073a6d3b5bcc67bcc4048d674fe;hpb=d541b31cc867960110c5fb974ecc1b2f78299196;ds=sidebyside diff --git a/src/basic/cgroup-util.c b/src/basic/cgroup-util.c index 272fb1973..315c44965 100644 --- a/src/basic/cgroup-util.c +++ b/src/basic/cgroup-util.c @@ -55,6 +55,7 @@ #include "stdio-util.h" #include "string-table.h" #include "string-util.h" +#include "strv.h" #include "unit-name.h" #include "user-util.h" @@ -210,6 +211,18 @@ int cg_rmdir(const char *controller, const char *path) { if (r < 0 && errno != ENOENT) return -errno; + r = cg_hybrid_unified(); + if (r < 0) + return r; + if (r == 0) + return 0; + + if (streq(controller, SYSTEMD_CGROUP_CONTROLLER)) { + r = cg_rmdir(SYSTEMD_CGROUP_CONTROLLER_LEGACY, path); + if (r < 0) + log_warning_errno(r, "Failed to remove compat systemd cgroup %s: %m", path); + } + return 0; } @@ -548,8 +561,12 @@ static const char *controller_to_dirname(const char *controller) { * just cuts off the name= prefixed used for named * hierarchies, if it is specified. */ - if (streq(controller, SYSTEMD_CGROUP_CONTROLLER)) - controller = SYSTEMD_CGROUP_CONTROLLER_LEGACY; + if (streq(controller, SYSTEMD_CGROUP_CONTROLLER)) { + if (cg_hybrid_unified() > 0) + controller = SYSTEMD_CGROUP_CONTROLLER_HYBRID; + else + controller = SYSTEMD_CGROUP_CONTROLLER_LEGACY; + } e = startswith(controller, "name="); if (e) @@ -632,7 +649,10 @@ int cg_get_path(const char *controller, const char *path, const char *suffix, ch if (!cg_controller_is_valid(controller)) return -EINVAL; - if (cg_all_unified()) + r = cg_all_unified(); + if (r < 0) + return r; + if (r > 0) r = join_path_unified(path, suffix, fs); else r = join_path_legacy(controller, path, suffix, fs); @@ -644,6 +664,7 @@ int cg_get_path(const char *controller, const char *path, const char *suffix, ch } static int controller_is_accessible(const char *controller) { + int r; assert(controller); @@ -655,7 +676,10 @@ static int controller_is_accessible(const char *controller) { if (!cg_controller_is_valid(controller)) return -EINVAL; - if (cg_all_unified()) { + r = cg_all_unified(); + if (r < 0) + return r; + if (r > 0) { /* We don't support named hierarchies if we are using * the unified hierarchy. */ @@ -709,7 +733,7 @@ static int trim_cb(const char *path, const struct stat *sb, int typeflag, struct int cg_trim(const char *controller, const char *path, bool delete_root) { _cleanup_free_ char *fs = NULL; - int r = 0; + int r = 0, q; assert(path); @@ -732,6 +756,15 @@ int cg_trim(const char *controller, const char *path, bool delete_root) { return -errno; } + q = cg_hybrid_unified(); + if (q < 0) + return q; + if (q > 0 && streq(controller, SYSTEMD_CGROUP_CONTROLLER)) { + q = cg_trim(SYSTEMD_CGROUP_CONTROLLER_LEGACY, path, delete_root); + if (q < 0) + log_warning_errno(q, "Failed to trim compat systemd cgroup %s: %m", path); + } + return r; } @@ -755,6 +788,16 @@ int cg_create(const char *controller, const char *path) { return -errno; } + r = cg_hybrid_unified(); + if (r < 0) + return r; + + if (r > 0 && streq(controller, SYSTEMD_CGROUP_CONTROLLER)) { + r = cg_create(SYSTEMD_CGROUP_CONTROLLER_LEGACY, path); + if (r < 0) + log_warning_errno(r, "Failed to create compat systemd cgroup %s: %m", path); + } + return 1; } @@ -792,7 +835,21 @@ int cg_attach(const char *controller, const char *path, pid_t pid) { xsprintf(c, PID_FMT "\n", pid); - return write_string_file(fs, c, 0); + r = write_string_file(fs, c, 0); + if (r < 0) + return r; + + r = cg_hybrid_unified(); + if (r < 0) + return r; + + if (r > 0 && streq(controller, SYSTEMD_CGROUP_CONTROLLER)) { + r = cg_attach(SYSTEMD_CGROUP_CONTROLLER_LEGACY, path, pid); + if (r < 0) + log_warning_errno(r, "Failed to attach "PID_FMT" to compat systemd cgroup %s: %m", pid, path); + } + + return 0; } int cg_attach_fallback(const char *controller, const char *path, pid_t pid) { @@ -842,7 +899,20 @@ int cg_set_group_access( if (r < 0) return r; - return chmod_and_chown(fs, mode, uid, gid); + r = chmod_and_chown(fs, mode, uid, gid); + if (r < 0) + return r; + + r = cg_hybrid_unified(); + if (r < 0) + return r; + if (r > 0 && streq(controller, SYSTEMD_CGROUP_CONTROLLER)) { + r = cg_set_group_access(SYSTEMD_CGROUP_CONTROLLER_LEGACY, path, mode, uid, gid); + if (r < 0) + log_warning_errno(r, "Failed to set group access on compat systemd cgroup %s: %m", path); + } + + return 0; } int cg_set_task_access( @@ -871,13 +941,24 @@ int cg_set_task_access( if (r < 0) return r; - if (cg_unified(controller)) - return 0; + r = cg_unified_controller(controller); + if (r < 0) + return r; + if (r == 0) { + /* Compatibility, Always keep values for "tasks" in sync with + * "cgroup.procs" */ + if (cg_get_path(controller, path, "tasks", &procs) >= 0) + (void) chmod_and_chown(procs, mode, uid, gid); + } - /* Compatibility, Always keep values for "tasks" in sync with - * "cgroup.procs" */ - if (cg_get_path(controller, path, "tasks", &procs) >= 0) - (void) chmod_and_chown(procs, mode, uid, gid); + r = cg_hybrid_unified(); + if (r < 0) + return r; + if (r > 0 && streq(controller, SYSTEMD_CGROUP_CONTROLLER)) { + r = cg_set_task_access(SYSTEMD_CGROUP_CONTROLLER_LEGACY, path, mode, uid, gid); + if (r < 0) + log_warning_errno(r, "Failed to set task access on compat systemd cgroup %s: %m", path); + } return 0; } @@ -923,9 +1004,9 @@ int cg_get_xattr(const char *controller, const char *path, const char *name, voi int cg_pid_get_path(const char *controller, pid_t pid, char **path) { _cleanup_fclose_ FILE *f = NULL; char line[LINE_MAX]; - const char *fs, *controller_str; + const char *fs, *controller_str = NULL; size_t cs = 0; - bool unified; + int unified; assert(path); assert(pid >= 0); @@ -936,8 +1017,10 @@ int cg_pid_get_path(const char *controller, pid_t pid, char **path) { } else controller = SYSTEMD_CGROUP_CONTROLLER; - unified = cg_unified(controller); - if (!unified) { + unified = cg_unified_controller(controller); + if (unified < 0) + return unified; + if (unified == 0) { if (streq(controller, SYSTEMD_CGROUP_CONTROLLER)) controller_str = SYSTEMD_CGROUP_CONTROLLER_LEGACY; else @@ -1012,7 +1095,10 @@ int cg_install_release_agent(const char *controller, const char *agent) { assert(agent); - if (cg_unified(controller)) /* doesn't apply to unified hierarchy */ + r = cg_unified_controller(controller); + if (r < 0) + return r; + if (r > 0) /* doesn't apply to unified hierarchy */ return -EOPNOTSUPP; r = cg_get_path(controller, NULL, "release_agent", &fs); @@ -1060,7 +1146,10 @@ int cg_uninstall_release_agent(const char *controller) { _cleanup_free_ char *fs = NULL; int r; - if (cg_unified(controller)) /* Doesn't apply to unified hierarchy */ + r = cg_unified_controller(controller); + if (r < 0) + return r; + if (r > 0) /* Doesn't apply to unified hierarchy */ return -EOPNOTSUPP; r = cg_get_path(controller, NULL, "notify_on_release", &fs); @@ -1113,7 +1202,10 @@ int cg_is_empty_recursive(const char *controller, const char *path) { if (controller && (isempty(path) || path_equal(path, "/"))) return false; - if (cg_unified(controller)) { + r = cg_unified_controller(controller); + if (r < 0) + return r; + if (r > 0) { _cleanup_free_ char *t = NULL; /* On the unified hierarchy we can check empty state @@ -2040,7 +2132,10 @@ int cg_create_everywhere(CGroupMask supported, CGroupMask mask, const char *path return r; /* If we are in the unified hierarchy, we are done now */ - if (cg_all_unified()) + r = cg_all_unified(); + if (r < 0) + return r; + if (r > 0) return 0; /* Otherwise, do the same in the other hierarchies */ @@ -2067,7 +2162,10 @@ int cg_attach_everywhere(CGroupMask supported, const char *path, pid_t pid, cg_m if (r < 0) return r; - if (cg_all_unified()) + r = cg_all_unified(); + if (r < 0) + return r; + if (r > 0) return 0; for (c = 0; c < _CGROUP_CONTROLLER_MAX; c++) { @@ -2108,7 +2206,7 @@ int cg_attach_many_everywhere(CGroupMask supported, const char *path, Set* pids, int cg_migrate_everywhere(CGroupMask supported, const char *from, const char *to, cg_migrate_callback_t to_callback, void *userdata) { CGroupController c; - int r = 0; + int r = 0, q; if (!path_equal(from, to)) { r = cg_migrate_recursive(SYSTEMD_CGROUP_CONTROLLER, from, SYSTEMD_CGROUP_CONTROLLER, to, CGROUP_REMOVE); @@ -2116,7 +2214,10 @@ int cg_migrate_everywhere(CGroupMask supported, const char *from, const char *to return r; } - if (cg_all_unified()) + q = cg_all_unified(); + if (q < 0) + return q; + if (q > 0) return r; for (c = 0; c < _CGROUP_CONTROLLER_MAX; c++) { @@ -2140,13 +2241,16 @@ int cg_migrate_everywhere(CGroupMask supported, const char *from, const char *to int cg_trim_everywhere(CGroupMask supported, const char *path, bool delete_root) { CGroupController c; - int r; + int r, q; r = cg_trim(SYSTEMD_CGROUP_CONTROLLER, path, delete_root); if (r < 0) return r; - if (cg_all_unified()) + q = cg_all_unified(); + if (q < 0) + return q; + if (q > 0) return r; for (c = 0; c < _CGROUP_CONTROLLER_MAX; c++) { @@ -2162,6 +2266,60 @@ int cg_trim_everywhere(CGroupMask supported, const char *path, bool delete_root) } #endif // 0 +int cg_mask_to_string(CGroupMask mask, char **ret) { + const char *controllers[_CGROUP_CONTROLLER_MAX + 1]; + CGroupController c; + int i = 0; + char *s; + + assert(ret); + + if (mask == 0) { + *ret = NULL; + return 0; + } + + for (c = 0; c < _CGROUP_CONTROLLER_MAX; c++) { + + if (!(mask & CGROUP_CONTROLLER_TO_MASK(c))) + continue; + + controllers[i++] = cgroup_controller_to_string(c); + controllers[i] = NULL; + } + + s = strv_join((char **)controllers, NULL); + if (!s) + return -ENOMEM; + + *ret = s; + return 0; +} + +int cg_mask_from_string(const char *value, CGroupMask *mask) { + assert(mask); + assert(value); + + for (;;) { + _cleanup_free_ char *n = NULL; + CGroupController v; + int r; + + r = extract_first_word(&value, &n, NULL, 0); + if (r < 0) + return r; + if (r == 0) + break; + + v = cgroup_controller_from_string(n); + if (v < 0) + continue; + + *mask |= CGROUP_CONTROLLER_TO_MASK(v); + } + return 0; +} + int cg_mask_supported(CGroupMask *ret) { CGroupMask mask = 0; int r; @@ -2170,9 +2328,11 @@ int cg_mask_supported(CGroupMask *ret) { * includes controllers we can make sense of and that are * actually accessible. */ - if (cg_all_unified()) { + r = cg_all_unified(); + if (r < 0) + return r; + if (r > 0) { _cleanup_free_ char *root = NULL, *controllers = NULL, *path = NULL; - const char *c; /* In the unified hierarchy we can read the supported * and accessible controllers from a the top-level @@ -2190,23 +2350,9 @@ int cg_mask_supported(CGroupMask *ret) { if (r < 0) return r; - c = controllers; - for (;;) { - _cleanup_free_ char *n = NULL; - CGroupController v; - - r = extract_first_word(&c, &n, NULL, 0); - if (r < 0) - return r; - if (r == 0) - break; - - v = cgroup_controller_from_string(n); - if (v < 0) - continue; - - mask |= CGROUP_CONTROLLER_TO_MASK(v); - } + r = cg_mask_from_string(controllers, &mask); + if (r < 0) + return r; /* Currently, we support the cpu, memory, io and pids * controller in the unified hierarchy, mask @@ -2292,7 +2438,18 @@ int cg_kernel_controllers(Set *controllers) { static thread_local CGroupUnified unified_cache = CGROUP_UNIFIED_UNKNOWN; -static int cg_update_unified(void) { +/* The hybrid mode was initially implemented in v232 and simply mounted cgroup v2 on /sys/fs/cgroup/systemd. This + * unfortunately broke other tools (such as docker) which expected the v1 "name=systemd" hierarchy on + * /sys/fs/cgroup/systemd. From v233 and on, the hybrid mode mountnbs v2 on /sys/fs/cgroup/unified and maintains + * "name=systemd" hierarchy on /sys/fs/cgroup/systemd for compatibility with other tools. + * + * To keep live upgrade working, we detect and support v232 layout. When v232 layout is detected, to keep cgroup v2 + * process management but disable the compat dual layout, we return %true on + * cg_unified_controller(SYSTEMD_CGROUP_CONTROLLER) and %false on cg_hybrid_unified(). + */ +static thread_local bool unified_systemd_v232; + +static int cg_unified_update(void) { struct statfs fs; @@ -2311,11 +2468,21 @@ static int cg_update_unified(void) { if (F_TYPE_EQUAL(fs.f_type, CGROUP2_SUPER_MAGIC)) unified_cache = CGROUP_UNIFIED_ALL; else if (F_TYPE_EQUAL(fs.f_type, TMPFS_MAGIC)) { - if (statfs("/sys/fs/cgroup/systemd/", &fs) < 0) - return -errno; - - unified_cache = F_TYPE_EQUAL(fs.f_type, CGROUP2_SUPER_MAGIC) ? - CGROUP_UNIFIED_SYSTEMD : CGROUP_UNIFIED_NONE; + if (statfs("/sys/fs/cgroup/unified/", &fs) == 0 && + F_TYPE_EQUAL(fs.f_type, CGROUP2_SUPER_MAGIC)) { + unified_cache = CGROUP_UNIFIED_SYSTEMD; + unified_systemd_v232 = false; + } else if (statfs("/sys/fs/cgroup/systemd/", &fs) == 0 && + F_TYPE_EQUAL(fs.f_type, CGROUP2_SUPER_MAGIC)) { + unified_cache = CGROUP_UNIFIED_SYSTEMD; + unified_systemd_v232 = true; + } else { + if (statfs("/sys/fs/cgroup/systemd/", &fs) < 0) + return -errno; + if (!F_TYPE_EQUAL(fs.f_type, CGROUP_SUPER_MAGIC)) + return -ENOMEDIUM; + unified_cache = CGROUP_UNIFIED_NONE; + } } else return -ENOMEDIUM; #else @@ -2330,28 +2497,49 @@ static int cg_update_unified(void) { return 0; } -bool cg_unified(const char *controller) { +int cg_unified_controller(const char *controller) { + int r; + + r = cg_unified_update(); + if (r < 0) + return r; - assert(cg_update_unified() >= 0); + if (unified_cache == CGROUP_UNIFIED_NONE) + return false; - if (streq_ptr(controller, SYSTEMD_CGROUP_CONTROLLER)) - return unified_cache >= CGROUP_UNIFIED_SYSTEMD; - else - return unified_cache >= CGROUP_UNIFIED_ALL; + if (unified_cache >= CGROUP_UNIFIED_ALL) + return true; + + return streq_ptr(controller, SYSTEMD_CGROUP_CONTROLLER); +} + +int cg_all_unified(void) { + int r; + + r = cg_unified_update(); + if (r < 0) + return r; + + return unified_cache >= CGROUP_UNIFIED_ALL; } -bool cg_all_unified(void) { +int cg_hybrid_unified(void) { + int r; - return cg_unified(NULL); + r = cg_unified_update(); + if (r < 0) + return r; + + return unified_cache == CGROUP_UNIFIED_SYSTEMD && !unified_systemd_v232; } -#if 0 /// UNNEEDED by elogind int cg_unified_flush(void) { unified_cache = CGROUP_UNIFIED_UNKNOWN; - return cg_update_unified(); + return cg_unified_update(); } +#if 0 /// UNNEEDED by elogind int cg_enable_everywhere(CGroupMask supported, CGroupMask mask, const char *p) { _cleanup_free_ char *fs = NULL; CGroupController c; @@ -2362,7 +2550,10 @@ int cg_enable_everywhere(CGroupMask supported, CGroupMask mask, const char *p) { if (supported == 0) return 0; - if (!cg_all_unified()) /* on the legacy hiearchy there's no joining of controllers defined */ + r = cg_all_unified(); + if (r < 0) + return r; + if (r == 0) /* on the legacy hiearchy there's no joining of controllers defined */ return 0; r = cg_get_path(SYSTEMD_CGROUP_CONTROLLER, p, "cgroup.subtree_control", &fs); @@ -2396,65 +2587,77 @@ bool cg_is_unified_wanted(void) { static thread_local int wanted = -1; int r; bool b; + const bool is_default = DEFAULT_HIERARCHY == CGROUP_UNIFIED_ALL; + + /* If we have a cached value, return that. */ + if (wanted >= 0) + return wanted; /* If the hierarchy is already mounted, then follow whatever * was chosen for it. */ if (cg_unified_flush() >= 0) - return cg_all_unified(); - - /* Otherwise, let's see what the kernel command line has to - * say. Since checking that is expensive, let's cache the - * result. */ - if (wanted >= 0) - return wanted; + return (wanted = unified_cache >= CGROUP_UNIFIED_ALL); + /* Otherwise, let's see what the kernel command line has to say. + * Since checking is expensive, cache a non-error result. */ r = proc_cmdline_get_bool("systemd.unified_cgroup_hierarchy", &b); - if (r < 0) - return false; - return (wanted = r > 0 ? b : false); + return (wanted = r > 0 ? b : is_default); } bool cg_is_legacy_wanted(void) { - return !cg_is_unified_wanted(); + static thread_local int wanted = -1; + + /* If we have a cached value, return that. */ + if (wanted >= 0) + return wanted; + + /* Check if we have cgroups2 already mounted. */ + if (cg_unified_flush() >= 0 && + unified_cache == CGROUP_UNIFIED_ALL) + return (wanted = false); + + /* Otherwise, assume that at least partial legacy is wanted, + * since cgroups2 should already be mounted at this point. */ + return (wanted = true); } -bool cg_is_unified_systemd_controller_wanted(void) { +bool cg_is_hybrid_wanted(void) { static thread_local int wanted = -1; int r; bool b; + const bool is_default = DEFAULT_HIERARCHY >= CGROUP_UNIFIED_SYSTEMD; + /* We default to true if the default is "hybrid", obviously, + * but also when the default is "unified", because if we get + * called, it means that unified hierarchy was not mounted. */ - /* If the unified hierarchy is requested in full, no need to - * bother with this. */ - if (cg_is_unified_wanted()) - return 0; + /* If we have a cached value, return that. */ + if (wanted >= 0) + return wanted; /* If the hierarchy is already mounted, then follow whatever * was chosen for it. */ - if (cg_unified_flush() >= 0) - return cg_unified(SYSTEMD_CGROUP_CONTROLLER); - - /* Otherwise, let's see what the kernel command line has to - * say. Since checking that is expensive, let's cache the - * result. */ - if (wanted >= 0) - return wanted; + if (cg_unified_flush() >= 0 && + unified_cache == CGROUP_UNIFIED_ALL) + return (wanted = false); + /* Otherwise, let's see what the kernel command line has to say. + * Since checking is expensive, cache a non-error result. */ r = proc_cmdline_get_bool("systemd.legacy_systemd_cgroup_controller", &b); - if (r < 0) - return false; + /* The meaning of the kernel option is reversed wrt. to the return value + * of this function, hence the negation. */ + return (wanted = r > 0 ? !b : is_default); +} #else +bool cg_is_unified_wanted(void) { + return false; +} bool cg_is_legacy_wanted(void) { return true; - /* The meaning of the kernel option is reversed wrt. to the return value - * of this function, hence the negation. */ - return (wanted = r > 0 ? !b : false); - return (wanted = r > 0 ? b : false); } - -bool cg_is_legacy_systemd_controller_wanted(void) { - return cg_is_legacy_wanted() && !cg_is_unified_systemd_controller_wanted(); +bool cg_is_hybrid_wanted(void) { + return false; } #endif // 0