2 This file is part of systemd.
4 Copyright 2013 Lennart Poettering
6 systemd is free software; you can redistribute it and/or modify it
7 under the terms of the GNU Lesser General Public License as published by
8 the Free Software Foundation; either version 2.1 of the License, or
9 (at your option) any later version.
11 systemd is distributed in the hope that it will be useful, but
12 WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 Lesser General Public License for more details.
16 You should have received a copy of the GNU Lesser General Public License
17 along with systemd; If not, see <http://www.gnu.org/licenses/>.
23 #include "alloc-util.h"
24 #include "cgroup-util.h"
29 #include "parse-util.h"
30 #include "path-util.h"
31 #include "process-util.h"
32 //#include "special.h"
33 #include "string-table.h"
34 #include "string-util.h"
35 #include "stdio-util.h"
37 #define CGROUP_CPU_QUOTA_PERIOD_USEC ((usec_t) 100 * USEC_PER_MSEC)
39 #if 0 /// UNNEEDED by elogind
40 static void cgroup_compat_warn(void) {
41 static bool cgroup_compat_warned = false;
43 if (cgroup_compat_warned)
46 log_warning("cgroup compatibility translation between legacy and unified hierarchy settings activated. See cgroup-compat debug messages for details.");
47 cgroup_compat_warned = true;
50 #define log_cgroup_compat(unit, fmt, ...) do { \
51 cgroup_compat_warn(); \
52 log_unit_debug(unit, "cgroup-compat: " fmt, ##__VA_ARGS__); \
55 void cgroup_context_init(CGroupContext *c) {
58 /* Initialize everything to the kernel defaults, assuming the
59 * structure is preinitialized to 0 */
61 c->cpu_weight = CGROUP_WEIGHT_INVALID;
62 c->startup_cpu_weight = CGROUP_WEIGHT_INVALID;
63 c->cpu_quota_per_sec_usec = USEC_INFINITY;
65 c->cpu_shares = CGROUP_CPU_SHARES_INVALID;
66 c->startup_cpu_shares = CGROUP_CPU_SHARES_INVALID;
68 c->memory_high = CGROUP_LIMIT_MAX;
69 c->memory_max = CGROUP_LIMIT_MAX;
70 c->memory_swap_max = CGROUP_LIMIT_MAX;
72 c->memory_limit = CGROUP_LIMIT_MAX;
74 c->io_weight = CGROUP_WEIGHT_INVALID;
75 c->startup_io_weight = CGROUP_WEIGHT_INVALID;
77 c->blockio_weight = CGROUP_BLKIO_WEIGHT_INVALID;
78 c->startup_blockio_weight = CGROUP_BLKIO_WEIGHT_INVALID;
80 c->tasks_max = (uint64_t) -1;
83 void cgroup_context_free_device_allow(CGroupContext *c, CGroupDeviceAllow *a) {
87 LIST_REMOVE(device_allow, c->device_allow, a);
92 void cgroup_context_free_io_device_weight(CGroupContext *c, CGroupIODeviceWeight *w) {
96 LIST_REMOVE(device_weights, c->io_device_weights, w);
101 void cgroup_context_free_io_device_limit(CGroupContext *c, CGroupIODeviceLimit *l) {
105 LIST_REMOVE(device_limits, c->io_device_limits, l);
110 void cgroup_context_free_blockio_device_weight(CGroupContext *c, CGroupBlockIODeviceWeight *w) {
114 LIST_REMOVE(device_weights, c->blockio_device_weights, w);
119 void cgroup_context_free_blockio_device_bandwidth(CGroupContext *c, CGroupBlockIODeviceBandwidth *b) {
123 LIST_REMOVE(device_bandwidths, c->blockio_device_bandwidths, b);
128 void cgroup_context_done(CGroupContext *c) {
131 while (c->io_device_weights)
132 cgroup_context_free_io_device_weight(c, c->io_device_weights);
134 while (c->io_device_limits)
135 cgroup_context_free_io_device_limit(c, c->io_device_limits);
137 while (c->blockio_device_weights)
138 cgroup_context_free_blockio_device_weight(c, c->blockio_device_weights);
140 while (c->blockio_device_bandwidths)
141 cgroup_context_free_blockio_device_bandwidth(c, c->blockio_device_bandwidths);
143 while (c->device_allow)
144 cgroup_context_free_device_allow(c, c->device_allow);
147 void cgroup_context_dump(CGroupContext *c, FILE* f, const char *prefix) {
148 CGroupIODeviceLimit *il;
149 CGroupIODeviceWeight *iw;
150 CGroupBlockIODeviceBandwidth *b;
151 CGroupBlockIODeviceWeight *w;
152 CGroupDeviceAllow *a;
153 char u[FORMAT_TIMESPAN_MAX];
158 prefix = strempty(prefix);
161 "%sCPUAccounting=%s\n"
162 "%sIOAccounting=%s\n"
163 "%sBlockIOAccounting=%s\n"
164 "%sMemoryAccounting=%s\n"
165 "%sTasksAccounting=%s\n"
166 "%sCPUWeight=%" PRIu64 "\n"
167 "%sStartupCPUWeight=%" PRIu64 "\n"
168 "%sCPUShares=%" PRIu64 "\n"
169 "%sStartupCPUShares=%" PRIu64 "\n"
170 "%sCPUQuotaPerSecSec=%s\n"
171 "%sIOWeight=%" PRIu64 "\n"
172 "%sStartupIOWeight=%" PRIu64 "\n"
173 "%sBlockIOWeight=%" PRIu64 "\n"
174 "%sStartupBlockIOWeight=%" PRIu64 "\n"
175 "%sMemoryLow=%" PRIu64 "\n"
176 "%sMemoryHigh=%" PRIu64 "\n"
177 "%sMemoryMax=%" PRIu64 "\n"
178 "%sMemorySwapMax=%" PRIu64 "\n"
179 "%sMemoryLimit=%" PRIu64 "\n"
180 "%sTasksMax=%" PRIu64 "\n"
181 "%sDevicePolicy=%s\n"
183 prefix, yes_no(c->cpu_accounting),
184 prefix, yes_no(c->io_accounting),
185 prefix, yes_no(c->blockio_accounting),
186 prefix, yes_no(c->memory_accounting),
187 prefix, yes_no(c->tasks_accounting),
188 prefix, c->cpu_weight,
189 prefix, c->startup_cpu_weight,
190 prefix, c->cpu_shares,
191 prefix, c->startup_cpu_shares,
192 prefix, format_timespan(u, sizeof(u), c->cpu_quota_per_sec_usec, 1),
193 prefix, c->io_weight,
194 prefix, c->startup_io_weight,
195 prefix, c->blockio_weight,
196 prefix, c->startup_blockio_weight,
197 prefix, c->memory_low,
198 prefix, c->memory_high,
199 prefix, c->memory_max,
200 prefix, c->memory_swap_max,
201 prefix, c->memory_limit,
202 prefix, c->tasks_max,
203 prefix, cgroup_device_policy_to_string(c->device_policy),
204 prefix, yes_no(c->delegate));
206 LIST_FOREACH(device_allow, a, c->device_allow)
208 "%sDeviceAllow=%s %s%s%s\n",
211 a->r ? "r" : "", a->w ? "w" : "", a->m ? "m" : "");
213 LIST_FOREACH(device_weights, iw, c->io_device_weights)
215 "%sIODeviceWeight=%s %" PRIu64,
220 LIST_FOREACH(device_limits, il, c->io_device_limits) {
221 char buf[FORMAT_BYTES_MAX];
222 CGroupIOLimitType type;
224 for (type = 0; type < _CGROUP_IO_LIMIT_TYPE_MAX; type++)
225 if (il->limits[type] != cgroup_io_limit_defaults[type])
229 cgroup_io_limit_type_to_string(type),
231 format_bytes(buf, sizeof(buf), il->limits[type]));
234 LIST_FOREACH(device_weights, w, c->blockio_device_weights)
236 "%sBlockIODeviceWeight=%s %" PRIu64,
241 LIST_FOREACH(device_bandwidths, b, c->blockio_device_bandwidths) {
242 char buf[FORMAT_BYTES_MAX];
244 if (b->rbps != CGROUP_LIMIT_MAX)
246 "%sBlockIOReadBandwidth=%s %s\n",
249 format_bytes(buf, sizeof(buf), b->rbps));
250 if (b->wbps != CGROUP_LIMIT_MAX)
252 "%sBlockIOWriteBandwidth=%s %s\n",
255 format_bytes(buf, sizeof(buf), b->wbps));
259 static int lookup_block_device(const char *p, dev_t *dev) {
268 return log_warning_errno(errno, "Couldn't stat device %s: %m", p);
270 if (S_ISBLK(st.st_mode))
272 else if (major(st.st_dev) != 0) {
273 /* If this is not a device node then find the block
274 * device this file is stored on */
277 /* If this is a partition, try to get the originating
279 block_get_whole_disk(*dev, dev);
281 log_warning("%s is not a block device and file system block device cannot be determined or is not local.", p);
288 static int whitelist_device(const char *path, const char *node, const char *acc) {
289 char buf[2+DECIMAL_STR_MAX(dev_t)*2+2+4];
296 if (stat(node, &st) < 0) {
297 /* path starting with "-" must be silently ignored */
298 if (errno == ENOENT && startswith(node, "-"))
301 return log_warning_errno(errno, "Couldn't stat device %s: %m", node);
304 if (!S_ISCHR(st.st_mode) && !S_ISBLK(st.st_mode)) {
305 log_warning("%s is not a device.", node);
311 S_ISCHR(st.st_mode) ? 'c' : 'b',
312 major(st.st_rdev), minor(st.st_rdev),
315 r = cg_set_attribute("devices", path, "devices.allow", buf);
317 log_full_errno(IN_SET(r, -ENOENT, -EROFS, -EINVAL, -EACCES) ? LOG_DEBUG : LOG_WARNING, r,
318 "Failed to set devices.allow on %s: %m", path);
323 static int whitelist_major(const char *path, const char *name, char type, const char *acc) {
324 _cleanup_fclose_ FILE *f = NULL;
331 assert(type == 'b' || type == 'c');
333 f = fopen("/proc/devices", "re");
335 return log_warning_errno(errno, "Cannot open /proc/devices to resolve %s (%c): %m", name, type);
337 FOREACH_LINE(line, f, goto fail) {
338 char buf[2+DECIMAL_STR_MAX(unsigned)+3+4], *p, *w;
343 if (type == 'c' && streq(line, "Character devices:")) {
348 if (type == 'b' && streq(line, "Block devices:")) {
363 w = strpbrk(p, WHITESPACE);
368 r = safe_atou(p, &maj);
375 w += strspn(w, WHITESPACE);
377 if (fnmatch(name, w, 0) != 0)
386 r = cg_set_attribute("devices", path, "devices.allow", buf);
388 log_full_errno(IN_SET(r, -ENOENT, -EROFS, -EINVAL, -EACCES) ? LOG_DEBUG : LOG_WARNING, r,
389 "Failed to set devices.allow on %s: %m", path);
395 log_warning_errno(errno, "Failed to read /proc/devices: %m");
399 static bool cgroup_context_has_cpu_weight(CGroupContext *c) {
400 return c->cpu_weight != CGROUP_WEIGHT_INVALID ||
401 c->startup_cpu_weight != CGROUP_WEIGHT_INVALID;
404 static bool cgroup_context_has_cpu_shares(CGroupContext *c) {
405 return c->cpu_shares != CGROUP_CPU_SHARES_INVALID ||
406 c->startup_cpu_shares != CGROUP_CPU_SHARES_INVALID;
409 static uint64_t cgroup_context_cpu_weight(CGroupContext *c, ManagerState state) {
410 if (IN_SET(state, MANAGER_STARTING, MANAGER_INITIALIZING) &&
411 c->startup_cpu_weight != CGROUP_WEIGHT_INVALID)
412 return c->startup_cpu_weight;
413 else if (c->cpu_weight != CGROUP_WEIGHT_INVALID)
414 return c->cpu_weight;
416 return CGROUP_WEIGHT_DEFAULT;
419 static uint64_t cgroup_context_cpu_shares(CGroupContext *c, ManagerState state) {
420 if (IN_SET(state, MANAGER_STARTING, MANAGER_INITIALIZING) &&
421 c->startup_cpu_shares != CGROUP_CPU_SHARES_INVALID)
422 return c->startup_cpu_shares;
423 else if (c->cpu_shares != CGROUP_CPU_SHARES_INVALID)
424 return c->cpu_shares;
426 return CGROUP_CPU_SHARES_DEFAULT;
429 static void cgroup_apply_unified_cpu_config(Unit *u, uint64_t weight, uint64_t quota) {
430 char buf[MAX(DECIMAL_STR_MAX(uint64_t) + 1, (DECIMAL_STR_MAX(usec_t) + 1) * 2)];
433 xsprintf(buf, "%" PRIu64 "\n", weight);
434 r = cg_set_attribute("cpu", u->cgroup_path, "cpu.weight", buf);
436 log_unit_full(u, IN_SET(r, -ENOENT, -EROFS, -EACCES) ? LOG_DEBUG : LOG_WARNING, r,
437 "Failed to set cpu.weight: %m");
439 if (quota != USEC_INFINITY)
440 xsprintf(buf, USEC_FMT " " USEC_FMT "\n",
441 quota * CGROUP_CPU_QUOTA_PERIOD_USEC / USEC_PER_SEC, CGROUP_CPU_QUOTA_PERIOD_USEC);
443 xsprintf(buf, "max " USEC_FMT "\n", CGROUP_CPU_QUOTA_PERIOD_USEC);
445 r = cg_set_attribute("cpu", u->cgroup_path, "cpu.max", buf);
448 log_unit_full(u, IN_SET(r, -ENOENT, -EROFS, -EACCES) ? LOG_DEBUG : LOG_WARNING, r,
449 "Failed to set cpu.max: %m");
452 static void cgroup_apply_legacy_cpu_config(Unit *u, uint64_t shares, uint64_t quota) {
453 char buf[MAX(DECIMAL_STR_MAX(uint64_t), DECIMAL_STR_MAX(usec_t)) + 1];
456 xsprintf(buf, "%" PRIu64 "\n", shares);
457 r = cg_set_attribute("cpu", u->cgroup_path, "cpu.shares", buf);
459 log_unit_full(u, IN_SET(r, -ENOENT, -EROFS, -EACCES) ? LOG_DEBUG : LOG_WARNING, r,
460 "Failed to set cpu.shares: %m");
462 xsprintf(buf, USEC_FMT "\n", CGROUP_CPU_QUOTA_PERIOD_USEC);
463 r = cg_set_attribute("cpu", u->cgroup_path, "cpu.cfs_period_us", buf);
465 log_unit_full(u, IN_SET(r, -ENOENT, -EROFS, -EACCES) ? LOG_DEBUG : LOG_WARNING, r,
466 "Failed to set cpu.cfs_period_us: %m");
468 if (quota != USEC_INFINITY) {
469 xsprintf(buf, USEC_FMT "\n", quota * CGROUP_CPU_QUOTA_PERIOD_USEC / USEC_PER_SEC);
470 r = cg_set_attribute("cpu", u->cgroup_path, "cpu.cfs_quota_us", buf);
472 r = cg_set_attribute("cpu", u->cgroup_path, "cpu.cfs_quota_us", "-1");
474 log_unit_full(u, IN_SET(r, -ENOENT, -EROFS, -EACCES) ? LOG_DEBUG : LOG_WARNING, r,
475 "Failed to set cpu.cfs_quota_us: %m");
478 static uint64_t cgroup_cpu_shares_to_weight(uint64_t shares) {
479 return CLAMP(shares * CGROUP_WEIGHT_DEFAULT / CGROUP_CPU_SHARES_DEFAULT,
480 CGROUP_WEIGHT_MIN, CGROUP_WEIGHT_MAX);
483 static uint64_t cgroup_cpu_weight_to_shares(uint64_t weight) {
484 return CLAMP(weight * CGROUP_CPU_SHARES_DEFAULT / CGROUP_WEIGHT_DEFAULT,
485 CGROUP_CPU_SHARES_MIN, CGROUP_CPU_SHARES_MAX);
488 static bool cgroup_context_has_io_config(CGroupContext *c) {
489 return c->io_accounting ||
490 c->io_weight != CGROUP_WEIGHT_INVALID ||
491 c->startup_io_weight != CGROUP_WEIGHT_INVALID ||
492 c->io_device_weights ||
496 static bool cgroup_context_has_blockio_config(CGroupContext *c) {
497 return c->blockio_accounting ||
498 c->blockio_weight != CGROUP_BLKIO_WEIGHT_INVALID ||
499 c->startup_blockio_weight != CGROUP_BLKIO_WEIGHT_INVALID ||
500 c->blockio_device_weights ||
501 c->blockio_device_bandwidths;
504 static uint64_t cgroup_context_io_weight(CGroupContext *c, ManagerState state) {
505 if (IN_SET(state, MANAGER_STARTING, MANAGER_INITIALIZING) &&
506 c->startup_io_weight != CGROUP_WEIGHT_INVALID)
507 return c->startup_io_weight;
508 else if (c->io_weight != CGROUP_WEIGHT_INVALID)
511 return CGROUP_WEIGHT_DEFAULT;
514 static uint64_t cgroup_context_blkio_weight(CGroupContext *c, ManagerState state) {
515 if (IN_SET(state, MANAGER_STARTING, MANAGER_INITIALIZING) &&
516 c->startup_blockio_weight != CGROUP_BLKIO_WEIGHT_INVALID)
517 return c->startup_blockio_weight;
518 else if (c->blockio_weight != CGROUP_BLKIO_WEIGHT_INVALID)
519 return c->blockio_weight;
521 return CGROUP_BLKIO_WEIGHT_DEFAULT;
524 static uint64_t cgroup_weight_blkio_to_io(uint64_t blkio_weight) {
525 return CLAMP(blkio_weight * CGROUP_WEIGHT_DEFAULT / CGROUP_BLKIO_WEIGHT_DEFAULT,
526 CGROUP_WEIGHT_MIN, CGROUP_WEIGHT_MAX);
529 static uint64_t cgroup_weight_io_to_blkio(uint64_t io_weight) {
530 return CLAMP(io_weight * CGROUP_BLKIO_WEIGHT_DEFAULT / CGROUP_WEIGHT_DEFAULT,
531 CGROUP_BLKIO_WEIGHT_MIN, CGROUP_BLKIO_WEIGHT_MAX);
534 static void cgroup_apply_io_device_weight(Unit *u, const char *dev_path, uint64_t io_weight) {
535 char buf[DECIMAL_STR_MAX(dev_t)*2+2+DECIMAL_STR_MAX(uint64_t)+1];
539 r = lookup_block_device(dev_path, &dev);
543 xsprintf(buf, "%u:%u %" PRIu64 "\n", major(dev), minor(dev), io_weight);
544 r = cg_set_attribute("io", u->cgroup_path, "io.weight", buf);
546 log_unit_full(u, IN_SET(r, -ENOENT, -EROFS, -EACCES) ? LOG_DEBUG : LOG_WARNING, r,
547 "Failed to set io.weight: %m");
550 static void cgroup_apply_blkio_device_weight(Unit *u, const char *dev_path, uint64_t blkio_weight) {
551 char buf[DECIMAL_STR_MAX(dev_t)*2+2+DECIMAL_STR_MAX(uint64_t)+1];
555 r = lookup_block_device(dev_path, &dev);
559 xsprintf(buf, "%u:%u %" PRIu64 "\n", major(dev), minor(dev), blkio_weight);
560 r = cg_set_attribute("blkio", u->cgroup_path, "blkio.weight_device", buf);
562 log_unit_full(u, IN_SET(r, -ENOENT, -EROFS, -EACCES) ? LOG_DEBUG : LOG_WARNING, r,
563 "Failed to set blkio.weight_device: %m");
566 static unsigned cgroup_apply_io_device_limit(Unit *u, const char *dev_path, uint64_t *limits) {
567 char limit_bufs[_CGROUP_IO_LIMIT_TYPE_MAX][DECIMAL_STR_MAX(uint64_t)];
568 char buf[DECIMAL_STR_MAX(dev_t)*2+2+(6+DECIMAL_STR_MAX(uint64_t)+1)*4];
569 CGroupIOLimitType type;
574 r = lookup_block_device(dev_path, &dev);
578 for (type = 0; type < _CGROUP_IO_LIMIT_TYPE_MAX; type++) {
579 if (limits[type] != cgroup_io_limit_defaults[type]) {
580 xsprintf(limit_bufs[type], "%" PRIu64, limits[type]);
583 xsprintf(limit_bufs[type], "%s", limits[type] == CGROUP_LIMIT_MAX ? "max" : "0");
587 xsprintf(buf, "%u:%u rbps=%s wbps=%s riops=%s wiops=%s\n", major(dev), minor(dev),
588 limit_bufs[CGROUP_IO_RBPS_MAX], limit_bufs[CGROUP_IO_WBPS_MAX],
589 limit_bufs[CGROUP_IO_RIOPS_MAX], limit_bufs[CGROUP_IO_WIOPS_MAX]);
590 r = cg_set_attribute("io", u->cgroup_path, "io.max", buf);
592 log_unit_full(u, IN_SET(r, -ENOENT, -EROFS, -EACCES) ? LOG_DEBUG : LOG_WARNING, r,
593 "Failed to set io.max: %m");
597 static unsigned cgroup_apply_blkio_device_limit(Unit *u, const char *dev_path, uint64_t rbps, uint64_t wbps) {
598 char buf[DECIMAL_STR_MAX(dev_t)*2+2+DECIMAL_STR_MAX(uint64_t)+1];
603 r = lookup_block_device(dev_path, &dev);
607 if (rbps != CGROUP_LIMIT_MAX)
609 sprintf(buf, "%u:%u %" PRIu64 "\n", major(dev), minor(dev), rbps);
610 r = cg_set_attribute("blkio", u->cgroup_path, "blkio.throttle.read_bps_device", buf);
612 log_unit_full(u, IN_SET(r, -ENOENT, -EROFS, -EACCES) ? LOG_DEBUG : LOG_WARNING, r,
613 "Failed to set blkio.throttle.read_bps_device: %m");
615 if (wbps != CGROUP_LIMIT_MAX)
617 sprintf(buf, "%u:%u %" PRIu64 "\n", major(dev), minor(dev), wbps);
618 r = cg_set_attribute("blkio", u->cgroup_path, "blkio.throttle.write_bps_device", buf);
620 log_unit_full(u, IN_SET(r, -ENOENT, -EROFS, -EACCES) ? LOG_DEBUG : LOG_WARNING, r,
621 "Failed to set blkio.throttle.write_bps_device: %m");
626 static bool cgroup_context_has_unified_memory_config(CGroupContext *c) {
627 return c->memory_low > 0 || c->memory_high != CGROUP_LIMIT_MAX || c->memory_max != CGROUP_LIMIT_MAX || c->memory_swap_max != CGROUP_LIMIT_MAX;
630 static void cgroup_apply_unified_memory_limit(Unit *u, const char *file, uint64_t v) {
631 char buf[DECIMAL_STR_MAX(uint64_t) + 1] = "max";
634 if (v != CGROUP_LIMIT_MAX)
635 xsprintf(buf, "%" PRIu64 "\n", v);
637 r = cg_set_attribute("memory", u->cgroup_path, file, buf);
639 log_unit_full(u, IN_SET(r, -ENOENT, -EROFS, -EACCES) ? LOG_DEBUG : LOG_WARNING, r,
640 "Failed to set %s: %m", file);
643 static void cgroup_context_apply(Unit *u, CGroupMask mask, ManagerState state) {
651 c = unit_get_cgroup_context(u);
652 path = u->cgroup_path;
660 /* Some cgroup attributes are not supported on the root cgroup,
661 * hence silently ignore */
662 is_root = isempty(path) || path_equal(path, "/");
664 /* Make sure we don't try to display messages with an empty path. */
667 /* We generally ignore errors caused by read-only mounted
668 * cgroup trees (assuming we are running in a container then),
669 * and missing cgroups, i.e. EROFS and ENOENT. */
671 if ((mask & CGROUP_MASK_CPU) && !is_root) {
672 bool has_weight = cgroup_context_has_cpu_weight(c);
673 bool has_shares = cgroup_context_has_cpu_shares(c);
675 if (cg_all_unified() > 0) {
679 weight = cgroup_context_cpu_weight(c, state);
680 else if (has_shares) {
681 uint64_t shares = cgroup_context_cpu_shares(c, state);
683 weight = cgroup_cpu_shares_to_weight(shares);
685 log_cgroup_compat(u, "Applying [Startup]CpuShares %" PRIu64 " as [Startup]CpuWeight %" PRIu64 " on %s",
686 shares, weight, path);
688 weight = CGROUP_WEIGHT_DEFAULT;
690 cgroup_apply_unified_cpu_config(u, weight, c->cpu_quota_per_sec_usec);
695 uint64_t weight = cgroup_context_cpu_weight(c, state);
697 shares = cgroup_cpu_weight_to_shares(weight);
699 log_cgroup_compat(u, "Applying [Startup]CpuWeight %" PRIu64 " as [Startup]CpuShares %" PRIu64 " on %s",
700 weight, shares, path);
701 } else if (has_shares)
702 shares = cgroup_context_cpu_shares(c, state);
704 shares = CGROUP_CPU_SHARES_DEFAULT;
706 cgroup_apply_legacy_cpu_config(u, shares, c->cpu_quota_per_sec_usec);
710 if (mask & CGROUP_MASK_IO) {
711 bool has_io = cgroup_context_has_io_config(c);
712 bool has_blockio = cgroup_context_has_blockio_config(c);
715 char buf[8+DECIMAL_STR_MAX(uint64_t)+1];
719 weight = cgroup_context_io_weight(c, state);
720 else if (has_blockio) {
721 uint64_t blkio_weight = cgroup_context_blkio_weight(c, state);
723 weight = cgroup_weight_blkio_to_io(blkio_weight);
725 log_cgroup_compat(u, "Applying [Startup]BlockIOWeight %" PRIu64 " as [Startup]IOWeight %" PRIu64,
726 blkio_weight, weight);
728 weight = CGROUP_WEIGHT_DEFAULT;
730 xsprintf(buf, "default %" PRIu64 "\n", weight);
731 r = cg_set_attribute("io", path, "io.weight", buf);
733 log_unit_full(u, IN_SET(r, -ENOENT, -EROFS, -EACCES) ? LOG_DEBUG : LOG_WARNING, r,
734 "Failed to set io.weight: %m");
737 CGroupIODeviceWeight *w;
739 /* FIXME: no way to reset this list */
740 LIST_FOREACH(device_weights, w, c->io_device_weights)
741 cgroup_apply_io_device_weight(u, w->path, w->weight);
742 } else if (has_blockio) {
743 CGroupBlockIODeviceWeight *w;
745 /* FIXME: no way to reset this list */
746 LIST_FOREACH(device_weights, w, c->blockio_device_weights) {
747 weight = cgroup_weight_blkio_to_io(w->weight);
749 log_cgroup_compat(u, "Applying BlockIODeviceWeight %" PRIu64 " as IODeviceWeight %" PRIu64 " for %s",
750 w->weight, weight, w->path);
752 cgroup_apply_io_device_weight(u, w->path, weight);
757 /* Apply limits and free ones without config. */
759 CGroupIODeviceLimit *l, *next;
761 LIST_FOREACH_SAFE(device_limits, l, next, c->io_device_limits) {
762 if (!cgroup_apply_io_device_limit(u, l->path, l->limits))
763 cgroup_context_free_io_device_limit(c, l);
765 } else if (has_blockio) {
766 CGroupBlockIODeviceBandwidth *b, *next;
768 LIST_FOREACH_SAFE(device_bandwidths, b, next, c->blockio_device_bandwidths) {
769 uint64_t limits[_CGROUP_IO_LIMIT_TYPE_MAX];
770 CGroupIOLimitType type;
772 for (type = 0; type < _CGROUP_IO_LIMIT_TYPE_MAX; type++)
773 limits[type] = cgroup_io_limit_defaults[type];
775 limits[CGROUP_IO_RBPS_MAX] = b->rbps;
776 limits[CGROUP_IO_WBPS_MAX] = b->wbps;
778 log_cgroup_compat(u, "Applying BlockIO{Read|Write}Bandwidth %" PRIu64 " %" PRIu64 " as IO{Read|Write}BandwidthMax for %s",
779 b->rbps, b->wbps, b->path);
781 if (!cgroup_apply_io_device_limit(u, b->path, limits))
782 cgroup_context_free_blockio_device_bandwidth(c, b);
787 if (mask & CGROUP_MASK_BLKIO) {
788 bool has_io = cgroup_context_has_io_config(c);
789 bool has_blockio = cgroup_context_has_blockio_config(c);
792 char buf[DECIMAL_STR_MAX(uint64_t)+1];
796 uint64_t io_weight = cgroup_context_io_weight(c, state);
798 weight = cgroup_weight_io_to_blkio(cgroup_context_io_weight(c, state));
800 log_cgroup_compat(u, "Applying [Startup]IOWeight %" PRIu64 " as [Startup]BlockIOWeight %" PRIu64,
802 } else if (has_blockio)
803 weight = cgroup_context_blkio_weight(c, state);
805 weight = CGROUP_BLKIO_WEIGHT_DEFAULT;
807 xsprintf(buf, "%" PRIu64 "\n", weight);
808 r = cg_set_attribute("blkio", path, "blkio.weight", buf);
810 log_unit_full(u, IN_SET(r, -ENOENT, -EROFS, -EACCES) ? LOG_DEBUG : LOG_WARNING, r,
811 "Failed to set blkio.weight: %m");
814 CGroupIODeviceWeight *w;
816 /* FIXME: no way to reset this list */
817 LIST_FOREACH(device_weights, w, c->io_device_weights) {
818 weight = cgroup_weight_io_to_blkio(w->weight);
820 log_cgroup_compat(u, "Applying IODeviceWeight %" PRIu64 " as BlockIODeviceWeight %" PRIu64 " for %s",
821 w->weight, weight, w->path);
823 cgroup_apply_blkio_device_weight(u, w->path, weight);
825 } else if (has_blockio) {
826 CGroupBlockIODeviceWeight *w;
828 /* FIXME: no way to reset this list */
829 LIST_FOREACH(device_weights, w, c->blockio_device_weights)
830 cgroup_apply_blkio_device_weight(u, w->path, w->weight);
834 /* Apply limits and free ones without config. */
836 CGroupIODeviceLimit *l, *next;
838 LIST_FOREACH_SAFE(device_limits, l, next, c->io_device_limits) {
839 log_cgroup_compat(u, "Applying IO{Read|Write}Bandwidth %" PRIu64 " %" PRIu64 " as BlockIO{Read|Write}BandwidthMax for %s",
840 l->limits[CGROUP_IO_RBPS_MAX], l->limits[CGROUP_IO_WBPS_MAX], l->path);
842 if (!cgroup_apply_blkio_device_limit(u, l->path, l->limits[CGROUP_IO_RBPS_MAX], l->limits[CGROUP_IO_WBPS_MAX]))
843 cgroup_context_free_io_device_limit(c, l);
845 } else if (has_blockio) {
846 CGroupBlockIODeviceBandwidth *b, *next;
848 LIST_FOREACH_SAFE(device_bandwidths, b, next, c->blockio_device_bandwidths)
849 if (!cgroup_apply_blkio_device_limit(u, b->path, b->rbps, b->wbps))
850 cgroup_context_free_blockio_device_bandwidth(c, b);
854 if ((mask & CGROUP_MASK_MEMORY) && !is_root) {
855 if (cg_all_unified() > 0) {
857 uint64_t swap_max = CGROUP_LIMIT_MAX;
859 if (cgroup_context_has_unified_memory_config(c)) {
861 swap_max = c->memory_swap_max;
863 max = c->memory_limit;
865 if (max != CGROUP_LIMIT_MAX)
866 log_cgroup_compat(u, "Applying MemoryLimit %" PRIu64 " as MemoryMax", max);
869 cgroup_apply_unified_memory_limit(u, "memory.low", c->memory_low);
870 cgroup_apply_unified_memory_limit(u, "memory.high", c->memory_high);
871 cgroup_apply_unified_memory_limit(u, "memory.max", max);
872 cgroup_apply_unified_memory_limit(u, "memory.swap.max", swap_max);
874 char buf[DECIMAL_STR_MAX(uint64_t) + 1];
877 if (cgroup_context_has_unified_memory_config(c)) {
879 log_cgroup_compat(u, "Applying MemoryMax %" PRIi64 " as MemoryLimit", val);
881 val = c->memory_limit;
883 if (val == CGROUP_LIMIT_MAX)
884 strncpy(buf, "-1\n", sizeof(buf));
886 xsprintf(buf, "%" PRIu64 "\n", val);
888 r = cg_set_attribute("memory", path, "memory.limit_in_bytes", buf);
890 log_unit_full(u, IN_SET(r, -ENOENT, -EROFS, -EACCES) ? LOG_DEBUG : LOG_WARNING, r,
891 "Failed to set memory.limit_in_bytes: %m");
895 if ((mask & CGROUP_MASK_DEVICES) && !is_root) {
896 CGroupDeviceAllow *a;
898 /* Changing the devices list of a populated cgroup
899 * might result in EINVAL, hence ignore EINVAL
902 if (c->device_allow || c->device_policy != CGROUP_AUTO)
903 r = cg_set_attribute("devices", path, "devices.deny", "a");
905 r = cg_set_attribute("devices", path, "devices.allow", "a");
907 log_unit_full(u, IN_SET(r, -ENOENT, -EROFS, -EINVAL, -EACCES) ? LOG_DEBUG : LOG_WARNING, r,
908 "Failed to reset devices.list: %m");
910 if (c->device_policy == CGROUP_CLOSED ||
911 (c->device_policy == CGROUP_AUTO && c->device_allow)) {
912 static const char auto_devices[] =
913 "/dev/null\0" "rwm\0"
914 "/dev/zero\0" "rwm\0"
915 "/dev/full\0" "rwm\0"
916 "/dev/random\0" "rwm\0"
917 "/dev/urandom\0" "rwm\0"
919 "/dev/pts/ptmx\0" "rw\0" /* /dev/pts/ptmx may not be duplicated, but accessed */
920 /* Allow /run/elogind/inaccessible/{chr,blk} devices for mapping InaccessiblePaths */
921 /* Allow /run/systemd/inaccessible/{chr,blk} devices for mapping InaccessiblePaths */
922 "-/run/systemd/inaccessible/chr\0" "rwm\0"
923 "-/run/systemd/inaccessible/blk\0" "rwm\0";
927 NULSTR_FOREACH_PAIR(x, y, auto_devices)
928 whitelist_device(path, x, y);
930 whitelist_major(path, "pts", 'c', "rw");
931 whitelist_major(path, "kdbus", 'c', "rw");
932 whitelist_major(path, "kdbus/*", 'c', "rw");
935 LIST_FOREACH(device_allow, a, c->device_allow) {
951 if (startswith(a->path, "/dev/"))
952 whitelist_device(path, a->path, acc);
953 else if ((val = startswith(a->path, "block-")))
954 whitelist_major(path, val, 'b', acc);
955 else if ((val = startswith(a->path, "char-")))
956 whitelist_major(path, val, 'c', acc);
958 log_unit_debug(u, "Ignoring device %s while writing cgroup attribute.", a->path);
962 if ((mask & CGROUP_MASK_PIDS) && !is_root) {
964 if (c->tasks_max != CGROUP_LIMIT_MAX) {
965 char buf[DECIMAL_STR_MAX(uint64_t) + 2];
967 sprintf(buf, "%" PRIu64 "\n", c->tasks_max);
968 r = cg_set_attribute("pids", path, "pids.max", buf);
970 r = cg_set_attribute("pids", path, "pids.max", "max");
973 log_unit_full(u, IN_SET(r, -ENOENT, -EROFS, -EACCES) ? LOG_DEBUG : LOG_WARNING, r,
974 "Failed to set pids.max: %m");
978 CGroupMask cgroup_context_get_mask(CGroupContext *c) {
981 /* Figure out which controllers we need */
983 if (c->cpu_accounting ||
984 cgroup_context_has_cpu_weight(c) ||
985 cgroup_context_has_cpu_shares(c) ||
986 c->cpu_quota_per_sec_usec != USEC_INFINITY)
987 mask |= CGROUP_MASK_CPUACCT | CGROUP_MASK_CPU;
989 if (cgroup_context_has_io_config(c) || cgroup_context_has_blockio_config(c))
990 mask |= CGROUP_MASK_IO | CGROUP_MASK_BLKIO;
992 if (c->memory_accounting ||
993 c->memory_limit != CGROUP_LIMIT_MAX ||
994 cgroup_context_has_unified_memory_config(c))
995 mask |= CGROUP_MASK_MEMORY;
997 if (c->device_allow ||
998 c->device_policy != CGROUP_AUTO)
999 mask |= CGROUP_MASK_DEVICES;
1001 if (c->tasks_accounting ||
1002 c->tasks_max != (uint64_t) -1)
1003 mask |= CGROUP_MASK_PIDS;
1008 CGroupMask unit_get_own_mask(Unit *u) {
1011 /* Returns the mask of controllers the unit needs for itself */
1013 c = unit_get_cgroup_context(u);
1017 /* If delegation is turned on, then turn on all cgroups,
1018 * unless we are on the legacy hierarchy and the process we
1019 * fork into it is known to drop privileges, and hence
1020 * shouldn't get access to the controllers.
1022 * Note that on the unified hierarchy it is safe to delegate
1023 * controllers to unprivileged services. */
1028 e = unit_get_exec_context(u);
1030 exec_context_maintains_privileges(e) ||
1031 cg_all_unified() > 0)
1032 return _CGROUP_MASK_ALL;
1035 return cgroup_context_get_mask(c);
1038 CGroupMask unit_get_members_mask(Unit *u) {
1041 /* Returns the mask of controllers all of the unit's children
1042 * require, merged */
1044 if (u->cgroup_members_mask_valid)
1045 return u->cgroup_members_mask;
1047 u->cgroup_members_mask = 0;
1049 if (u->type == UNIT_SLICE) {
1053 SET_FOREACH(member, u->dependencies[UNIT_BEFORE], i) {
1058 if (UNIT_DEREF(member->slice) != u)
1061 u->cgroup_members_mask |=
1062 unit_get_own_mask(member) |
1063 unit_get_members_mask(member);
1067 u->cgroup_members_mask_valid = true;
1068 return u->cgroup_members_mask;
1071 CGroupMask unit_get_siblings_mask(Unit *u) {
1074 /* Returns the mask of controllers all of the unit's siblings
1075 * require, i.e. the members mask of the unit's parent slice
1076 * if there is one. */
1078 if (UNIT_ISSET(u->slice))
1079 return unit_get_members_mask(UNIT_DEREF(u->slice));
1081 return unit_get_own_mask(u) | unit_get_members_mask(u);
1084 CGroupMask unit_get_subtree_mask(Unit *u) {
1086 /* Returns the mask of this subtree, meaning of the group
1087 * itself and its children. */
1089 return unit_get_own_mask(u) | unit_get_members_mask(u);
1092 CGroupMask unit_get_target_mask(Unit *u) {
1095 /* This returns the cgroup mask of all controllers to enable
1096 * for a specific cgroup, i.e. everything it needs itself,
1097 * plus all that its children need, plus all that its siblings
1098 * need. This is primarily useful on the legacy cgroup
1099 * hierarchy, where we need to duplicate each cgroup in each
1100 * hierarchy that shall be enabled for it. */
1102 mask = unit_get_own_mask(u) | unit_get_members_mask(u) | unit_get_siblings_mask(u);
1103 mask &= u->manager->cgroup_supported;
1108 CGroupMask unit_get_enable_mask(Unit *u) {
1111 /* This returns the cgroup mask of all controllers to enable
1112 * for the children of a specific cgroup. This is primarily
1113 * useful for the unified cgroup hierarchy, where each cgroup
1114 * controls which controllers are enabled for its children. */
1116 mask = unit_get_members_mask(u);
1117 mask &= u->manager->cgroup_supported;
1122 /* Recurse from a unit up through its containing slices, propagating
1123 * mask bits upward. A unit is also member of itself. */
1124 void unit_update_cgroup_members_masks(Unit *u) {
1130 /* Calculate subtree mask */
1131 m = unit_get_subtree_mask(u);
1133 /* See if anything changed from the previous invocation. If
1134 * not, we're done. */
1135 if (u->cgroup_subtree_mask_valid && m == u->cgroup_subtree_mask)
1139 u->cgroup_subtree_mask_valid &&
1140 ((m & ~u->cgroup_subtree_mask) != 0) &&
1141 ((~m & u->cgroup_subtree_mask) == 0);
1143 u->cgroup_subtree_mask = m;
1144 u->cgroup_subtree_mask_valid = true;
1146 if (UNIT_ISSET(u->slice)) {
1147 Unit *s = UNIT_DEREF(u->slice);
1150 /* There's more set now than before. We
1151 * propagate the new mask to the parent's mask
1152 * (not caring if it actually was valid or
1155 s->cgroup_members_mask |= m;
1158 /* There's less set now than before (or we
1159 * don't know), we need to recalculate
1160 * everything, so let's invalidate the
1161 * parent's members mask */
1163 s->cgroup_members_mask_valid = false;
1165 /* And now make sure that this change also hits our
1167 unit_update_cgroup_members_masks(s);
1171 static const char *migrate_callback(CGroupMask mask, void *userdata) {
1178 if (u->cgroup_path &&
1179 u->cgroup_realized &&
1180 (u->cgroup_realized_mask & mask) == mask)
1181 return u->cgroup_path;
1183 u = UNIT_DEREF(u->slice);
1189 char *unit_default_cgroup_path(Unit *u) {
1190 _cleanup_free_ char *escaped = NULL, *slice = NULL;
1195 if (unit_has_name(u, SPECIAL_ROOT_SLICE))
1196 return strdup(u->manager->cgroup_root);
1198 if (UNIT_ISSET(u->slice) && !unit_has_name(UNIT_DEREF(u->slice), SPECIAL_ROOT_SLICE)) {
1199 r = cg_slice_to_path(UNIT_DEREF(u->slice)->id, &slice);
1204 escaped = cg_escape(u->id);
1209 return strjoin(u->manager->cgroup_root, "/", slice, "/",
1212 return strjoin(u->manager->cgroup_root, "/", escaped);
1215 int unit_set_cgroup_path(Unit *u, const char *path) {
1216 _cleanup_free_ char *p = NULL;
1228 if (streq_ptr(u->cgroup_path, p))
1232 r = hashmap_put(u->manager->cgroup_unit, p, u);
1237 unit_release_cgroup(u);
1245 int unit_watch_cgroup(Unit *u) {
1246 _cleanup_free_ char *events = NULL;
1251 if (!u->cgroup_path)
1254 if (u->cgroup_inotify_wd >= 0)
1257 /* Only applies to the unified hierarchy */
1258 r = cg_unified(SYSTEMD_CGROUP_CONTROLLER);
1260 return log_unit_error_errno(u, r, "Failed detect whether the unified hierarchy is used: %m");
1264 /* Don't watch the root slice, it's pointless. */
1265 if (unit_has_name(u, SPECIAL_ROOT_SLICE))
1268 r = hashmap_ensure_allocated(&u->manager->cgroup_inotify_wd_unit, &trivial_hash_ops);
1272 r = cg_get_path(SYSTEMD_CGROUP_CONTROLLER, u->cgroup_path, "cgroup.events", &events);
1276 u->cgroup_inotify_wd = inotify_add_watch(u->manager->cgroup_inotify_fd, events, IN_MODIFY);
1277 if (u->cgroup_inotify_wd < 0) {
1279 if (errno == ENOENT) /* If the directory is already
1280 * gone we don't need to track
1281 * it, so this is not an error */
1284 return log_unit_error_errno(u, errno, "Failed to add inotify watch descriptor for control group %s: %m", u->cgroup_path);
1287 r = hashmap_put(u->manager->cgroup_inotify_wd_unit, INT_TO_PTR(u->cgroup_inotify_wd), u);
1289 return log_unit_error_errno(u, r, "Failed to add inotify watch descriptor to hash map: %m");
1294 static int unit_create_cgroup(
1296 CGroupMask target_mask,
1297 CGroupMask enable_mask) {
1304 c = unit_get_cgroup_context(u);
1308 if (!u->cgroup_path) {
1309 _cleanup_free_ char *path = NULL;
1311 path = unit_default_cgroup_path(u);
1315 r = unit_set_cgroup_path(u, path);
1317 return log_unit_error_errno(u, r, "Control group %s exists already.", path);
1319 return log_unit_error_errno(u, r, "Failed to set unit's control group path to %s: %m", path);
1322 /* First, create our own group */
1323 r = cg_create_everywhere(u->manager->cgroup_supported, target_mask, u->cgroup_path);
1325 return log_unit_error_errno(u, r, "Failed to create cgroup %s: %m", u->cgroup_path);
1327 /* Start watching it */
1328 (void) unit_watch_cgroup(u);
1330 /* Enable all controllers we need */
1331 r = cg_enable_everywhere(u->manager->cgroup_supported, enable_mask, u->cgroup_path);
1333 log_unit_warning_errno(u, r, "Failed to enable controllers on cgroup %s, ignoring: %m", u->cgroup_path);
1335 /* Keep track that this is now realized */
1336 u->cgroup_realized = true;
1337 u->cgroup_realized_mask = target_mask;
1338 u->cgroup_enabled_mask = enable_mask;
1340 if (u->type != UNIT_SLICE && !c->delegate) {
1342 /* Then, possibly move things over, but not if
1343 * subgroups may contain processes, which is the case
1344 * for slice and delegation units. */
1345 r = cg_migrate_everywhere(u->manager->cgroup_supported, u->cgroup_path, u->cgroup_path, migrate_callback, u);
1347 log_unit_warning_errno(u, r, "Failed to migrate cgroup from to %s, ignoring: %m", u->cgroup_path);
1353 int unit_attach_pids_to_cgroup(Unit *u) {
1357 r = unit_realize_cgroup(u);
1361 r = cg_attach_many_everywhere(u->manager->cgroup_supported, u->cgroup_path, u->pids, migrate_callback, u);
1368 static void cgroup_xattr_apply(Unit *u) {
1369 char ids[SD_ID128_STRING_MAX];
1374 if (!MANAGER_IS_SYSTEM(u->manager))
1377 if (sd_id128_is_null(u->invocation_id))
1380 r = cg_set_xattr(SYSTEMD_CGROUP_CONTROLLER, u->cgroup_path,
1381 "trusted.invocation_id",
1382 sd_id128_to_string(u->invocation_id, ids), 32,
1385 log_unit_warning_errno(u, r, "Failed to set invocation ID on control group %s, ignoring: %m", u->cgroup_path);
1388 static bool unit_has_mask_realized(Unit *u, CGroupMask target_mask, CGroupMask enable_mask) {
1391 return u->cgroup_realized && u->cgroup_realized_mask == target_mask && u->cgroup_enabled_mask == enable_mask;
1394 /* Check if necessary controllers and attributes for a unit are in place.
1396 * If so, do nothing.
1397 * If not, create paths, move processes over, and set attributes.
1399 * Returns 0 on success and < 0 on failure. */
1400 static int unit_realize_cgroup_now(Unit *u, ManagerState state) {
1401 CGroupMask target_mask, enable_mask;
1406 if (u->in_cgroup_queue) {
1407 LIST_REMOVE(cgroup_queue, u->manager->cgroup_queue, u);
1408 u->in_cgroup_queue = false;
1411 target_mask = unit_get_target_mask(u);
1412 enable_mask = unit_get_enable_mask(u);
1414 if (unit_has_mask_realized(u, target_mask, enable_mask))
1417 /* First, realize parents */
1418 if (UNIT_ISSET(u->slice)) {
1419 r = unit_realize_cgroup_now(UNIT_DEREF(u->slice), state);
1424 /* And then do the real work */
1425 r = unit_create_cgroup(u, target_mask, enable_mask);
1429 /* Finally, apply the necessary attributes. */
1430 cgroup_context_apply(u, target_mask, state);
1431 cgroup_xattr_apply(u);
1436 static void unit_add_to_cgroup_queue(Unit *u) {
1438 if (u->in_cgroup_queue)
1441 LIST_PREPEND(cgroup_queue, u->manager->cgroup_queue, u);
1442 u->in_cgroup_queue = true;
1445 unsigned manager_dispatch_cgroup_queue(Manager *m) {
1451 state = manager_state(m);
1453 while ((i = m->cgroup_queue)) {
1454 assert(i->in_cgroup_queue);
1456 r = unit_realize_cgroup_now(i, state);
1458 log_warning_errno(r, "Failed to realize cgroups for queued unit %s, ignoring: %m", i->id);
1466 static void unit_queue_siblings(Unit *u) {
1469 /* This adds the siblings of the specified unit and the
1470 * siblings of all parent units to the cgroup queue. (But
1471 * neither the specified unit itself nor the parents.) */
1473 while ((slice = UNIT_DEREF(u->slice))) {
1477 SET_FOREACH(m, slice->dependencies[UNIT_BEFORE], i) {
1481 /* Skip units that have a dependency on the slice
1482 * but aren't actually in it. */
1483 if (UNIT_DEREF(m->slice) != slice)
1486 /* No point in doing cgroup application for units
1487 * without active processes. */
1488 if (UNIT_IS_INACTIVE_OR_FAILED(unit_active_state(m)))
1491 /* If the unit doesn't need any new controllers
1492 * and has current ones realized, it doesn't need
1494 if (unit_has_mask_realized(m, unit_get_target_mask(m), unit_get_enable_mask(m)))
1497 unit_add_to_cgroup_queue(m);
1504 int unit_realize_cgroup(Unit *u) {
1507 if (!UNIT_HAS_CGROUP_CONTEXT(u))
1510 /* So, here's the deal: when realizing the cgroups for this
1511 * unit, we need to first create all parents, but there's more
1512 * actually: for the weight-based controllers we also need to
1513 * make sure that all our siblings (i.e. units that are in the
1514 * same slice as we are) have cgroups, too. Otherwise, things
1515 * would become very uneven as each of their processes would
1516 * get as much resources as all our group together. This call
1517 * will synchronously create the parent cgroups, but will
1518 * defer work on the siblings to the next event loop
1521 /* Add all sibling slices to the cgroup queue. */
1522 unit_queue_siblings(u);
1524 /* And realize this one now (and apply the values) */
1525 return unit_realize_cgroup_now(u, manager_state(u->manager));
1528 void unit_release_cgroup(Unit *u) {
1531 /* Forgets all cgroup details for this cgroup */
1533 if (u->cgroup_path) {
1534 (void) hashmap_remove(u->manager->cgroup_unit, u->cgroup_path);
1535 u->cgroup_path = mfree(u->cgroup_path);
1538 if (u->cgroup_inotify_wd >= 0) {
1539 if (inotify_rm_watch(u->manager->cgroup_inotify_fd, u->cgroup_inotify_wd) < 0)
1540 log_unit_debug_errno(u, errno, "Failed to remove cgroup inotify watch %i for %s, ignoring", u->cgroup_inotify_wd, u->id);
1542 (void) hashmap_remove(u->manager->cgroup_inotify_wd_unit, INT_TO_PTR(u->cgroup_inotify_wd));
1543 u->cgroup_inotify_wd = -1;
1547 void unit_prune_cgroup(Unit *u) {
1553 /* Removes the cgroup, if empty and possible, and stops watching it. */
1555 if (!u->cgroup_path)
1558 (void) unit_get_cpu_usage(u, NULL); /* Cache the last CPU usage value before we destroy the cgroup */
1560 is_root_slice = unit_has_name(u, SPECIAL_ROOT_SLICE);
1562 r = cg_trim_everywhere(u->manager->cgroup_supported, u->cgroup_path, !is_root_slice);
1564 log_unit_debug_errno(u, r, "Failed to destroy cgroup %s, ignoring: %m", u->cgroup_path);
1571 unit_release_cgroup(u);
1573 u->cgroup_realized = false;
1574 u->cgroup_realized_mask = 0;
1575 u->cgroup_enabled_mask = 0;
1578 int unit_search_main_pid(Unit *u, pid_t *ret) {
1579 _cleanup_fclose_ FILE *f = NULL;
1580 pid_t pid = 0, npid, mypid;
1586 if (!u->cgroup_path)
1589 r = cg_enumerate_processes(SYSTEMD_CGROUP_CONTROLLER, u->cgroup_path, &f);
1594 while (cg_read_pid(f, &npid) > 0) {
1600 /* Ignore processes that aren't our kids */
1601 if (get_process_ppid(npid, &ppid) >= 0 && ppid != mypid)
1605 /* Dang, there's more than one daemonized PID
1606 in this group, so we don't know what process
1607 is the main process. */
1618 static int unit_watch_pids_in_path(Unit *u, const char *path) {
1619 _cleanup_closedir_ DIR *d = NULL;
1620 _cleanup_fclose_ FILE *f = NULL;
1626 r = cg_enumerate_processes(SYSTEMD_CGROUP_CONTROLLER, path, &f);
1632 while ((r = cg_read_pid(f, &pid)) > 0) {
1633 r = unit_watch_pid(u, pid);
1634 if (r < 0 && ret >= 0)
1638 if (r < 0 && ret >= 0)
1642 r = cg_enumerate_subgroups(SYSTEMD_CGROUP_CONTROLLER, path, &d);
1649 while ((r = cg_read_subgroup(d, &fn)) > 0) {
1650 _cleanup_free_ char *p = NULL;
1652 p = strjoin(path, "/", fn);
1658 r = unit_watch_pids_in_path(u, p);
1659 if (r < 0 && ret >= 0)
1663 if (r < 0 && ret >= 0)
1670 int unit_watch_all_pids(Unit *u) {
1673 /* Adds all PIDs from our cgroup to the set of PIDs we
1674 * watch. This is a fallback logic for cases where we do not
1675 * get reliable cgroup empty notifications: we try to use
1676 * SIGCHLD as replacement. */
1678 if (!u->cgroup_path)
1681 if (cg_unified(SYSTEMD_CGROUP_CONTROLLER) > 0) /* On unified we can use proper notifications */
1684 return unit_watch_pids_in_path(u, u->cgroup_path);
1687 int unit_notify_cgroup_empty(Unit *u) {
1692 if (!u->cgroup_path)
1695 r = cg_is_empty_recursive(SYSTEMD_CGROUP_CONTROLLER, u->cgroup_path);
1699 unit_add_to_gc_queue(u);
1701 if (UNIT_VTABLE(u)->notify_cgroup_empty)
1702 UNIT_VTABLE(u)->notify_cgroup_empty(u);
1707 static int on_cgroup_inotify_event(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
1708 Manager *m = userdata;
1715 union inotify_event_buffer buffer;
1716 struct inotify_event *e;
1719 l = read(fd, &buffer, sizeof(buffer));
1721 if (errno == EINTR || errno == EAGAIN)
1724 return log_error_errno(errno, "Failed to read control group inotify events: %m");
1727 FOREACH_INOTIFY_EVENT(e, buffer, l) {
1731 /* Queue overflow has no watch descriptor */
1734 if (e->mask & IN_IGNORED)
1735 /* The watch was just removed */
1738 u = hashmap_get(m->cgroup_inotify_wd_unit, INT_TO_PTR(e->wd));
1739 if (!u) /* Not that inotify might deliver
1740 * events for a watch even after it
1741 * was removed, because it was queued
1742 * before the removal. Let's ignore
1743 * this here safely. */
1746 (void) unit_notify_cgroup_empty(u);
1752 int manager_setup_cgroup(Manager *m) {
1753 _cleanup_free_ char *path = NULL;
1755 int r, all_unified, systemd_unified;
1760 /* 1. Determine hierarchy */
1761 m->cgroup_root = mfree(m->cgroup_root);
1762 r = cg_pid_get_path(SYSTEMD_CGROUP_CONTROLLER, 0, &m->cgroup_root);
1764 return log_error_errno(r, "Cannot determine cgroup we are running in: %m");
1766 #if 0 /// elogind does not support systemd scopes and slices
1767 /* Chop off the init scope, if we are already located in it */
1768 e = endswith(m->cgroup_root, "/" SPECIAL_INIT_SCOPE);
1770 /* LEGACY: Also chop off the system slice if we are in
1771 * it. This is to support live upgrades from older systemd
1772 * versions where PID 1 was moved there. Also see
1773 * cg_get_root_path(). */
1774 if (!e && MANAGER_IS_SYSTEM(m)) {
1775 e = endswith(m->cgroup_root, "/" SPECIAL_SYSTEM_SLICE);
1777 e = endswith(m->cgroup_root, "/system"); /* even more legacy */
1783 /* And make sure to store away the root value without trailing
1784 * slash, even for the root dir, so that we can easily prepend
1786 while ((e = endswith(m->cgroup_root, "/")))
1788 log_debug_elogind("Cgroup Controller \"%s\" -> root \"%s\"",
1789 SYSTEMD_CGROUP_CONTROLLER, m->cgroup_root);
1792 r = cg_get_path(SYSTEMD_CGROUP_CONTROLLER, m->cgroup_root, NULL, &path);
1794 return log_error_errno(r, "Cannot find cgroup mount point: %m");
1796 all_unified = cg_all_unified();
1797 systemd_unified = cg_unified(SYSTEMD_CGROUP_CONTROLLER);
1799 if (all_unified < 0 || systemd_unified < 0)
1800 return log_error_errno(all_unified < 0 ? all_unified : systemd_unified,
1801 "Couldn't determine if we are running in the unified hierarchy: %m");
1803 if (all_unified > 0)
1804 log_debug("Unified cgroup hierarchy is located at %s.", path);
1805 else if (systemd_unified > 0)
1806 log_debug("Unified cgroup hierarchy is located at %s. Controllers are on legacy hierarchies.", path);
1808 log_debug("Using cgroup controller " SYSTEMD_CGROUP_CONTROLLER ". File system hierarchy is at %s.", path);
1811 const char *scope_path;
1813 /* 3. Install agent */
1814 if (systemd_unified) {
1816 /* In the unified hierarchy we can get
1817 * cgroup empty notifications via inotify. */
1819 #if 0 /// elogind does not support the unified hierarchy, yet.
1820 m->cgroup_inotify_event_source = sd_event_source_unref(m->cgroup_inotify_event_source);
1821 safe_close(m->cgroup_inotify_fd);
1823 m->cgroup_inotify_fd = inotify_init1(IN_NONBLOCK|IN_CLOEXEC);
1824 if (m->cgroup_inotify_fd < 0)
1825 return log_error_errno(errno, "Failed to create control group inotify object: %m");
1827 r = sd_event_add_io(m->event, &m->cgroup_inotify_event_source, m->cgroup_inotify_fd, EPOLLIN, on_cgroup_inotify_event, m);
1829 return log_error_errno(r, "Failed to watch control group inotify object: %m");
1831 /* Process cgroup empty notifications early, but after service notifications and SIGCHLD. Also
1832 * see handling of cgroup agent notifications, for the classic cgroup hierarchy support. */
1833 r = sd_event_source_set_priority(m->cgroup_inotify_event_source, SD_EVENT_PRIORITY_NORMAL-5);
1835 return log_error_errno(r, "Failed to set priority of inotify event source: %m");
1837 (void) sd_event_source_set_description(m->cgroup_inotify_event_source, "cgroup-inotify");
1840 return log_error_errno(EOPNOTSUPP, "Unified cgroup hierarchy not supported: %m");
1842 } else if (MANAGER_IS_SYSTEM(m)) {
1844 /* On the legacy hierarchy we only get
1845 * notifications via cgroup agents. (Which
1846 * isn't really reliable, since it does not
1847 * generate events when control groups with
1848 * children run empty. */
1850 r = cg_install_release_agent(SYSTEMD_CGROUP_CONTROLLER, SYSTEMD_CGROUP_AGENT_PATH);
1852 log_warning_errno(r, "Failed to install release agent, ignoring: %m");
1854 log_debug("Installed release agent.");
1856 log_debug("Release agent already installed.");
1859 #if 0 /// elogind is not meant to run in systemd init scope
1860 /* 4. Make sure we are in the special "init.scope" unit in the root slice. */
1861 scope_path = strjoina(m->cgroup_root, "/" SPECIAL_INIT_SCOPE);
1862 r = cg_create_and_attach(SYSTEMD_CGROUP_CONTROLLER, scope_path, 0);
1864 if (streq(SYSTEMD_CGROUP_CONTROLLER, "name=elogind"))
1865 // we are our own cgroup controller
1866 scope_path = strjoina("");
1867 else if (streq(m->cgroup_root, "/elogind"))
1868 // root already is our cgroup
1869 scope_path = strjoina(m->cgroup_root);
1871 // we have to create our own group
1872 scope_path = strjoina(m->cgroup_root, "/elogind");
1873 r = cg_create_and_attach(SYSTEMD_CGROUP_CONTROLLER, scope_path, 0);
1876 return log_error_errno(r, "Failed to create %s control group: %m", scope_path);
1877 log_debug_elogind("Created control group \"%s\"", scope_path);
1879 /* also, move all other userspace processes remaining
1880 * in the root cgroup into that scope. */
1881 r = cg_migrate(SYSTEMD_CGROUP_CONTROLLER, m->cgroup_root, SYSTEMD_CGROUP_CONTROLLER, scope_path, 0);
1883 log_warning_errno(r, "Couldn't move remaining userspace processes, ignoring: %m");
1885 /* 5. And pin it, so that it cannot be unmounted */
1886 safe_close(m->pin_cgroupfs_fd);
1887 m->pin_cgroupfs_fd = open(path, O_RDONLY|O_CLOEXEC|O_DIRECTORY|O_NOCTTY|O_NONBLOCK);
1888 if (m->pin_cgroupfs_fd < 0)
1889 return log_error_errno(errno, "Failed to open pin file: %m");
1891 /* 6. Always enable hierarchical support if it exists... */
1893 (void) cg_set_attribute("memory", "/", "memory.use_hierarchy", "1");
1896 /* 7. Figure out which controllers are supported */
1897 r = cg_mask_supported(&m->cgroup_supported);
1899 return log_error_errno(r, "Failed to determine supported controllers: %m");
1901 for (c = 0; c < _CGROUP_CONTROLLER_MAX; c++)
1902 log_debug("Controller '%s' supported: %s", cgroup_controller_to_string(c), yes_no(m->cgroup_supported & CGROUP_CONTROLLER_TO_MASK(c)));
1907 void manager_shutdown_cgroup(Manager *m, bool delete) {
1910 /* We can't really delete the group, since we are in it. But
1912 if (delete && m->cgroup_root)
1913 (void) cg_trim(SYSTEMD_CGROUP_CONTROLLER, m->cgroup_root, false);
1915 #if 0 /// elogind does not support the unified hierarchy, yet.
1916 m->cgroup_inotify_wd_unit = hashmap_free(m->cgroup_inotify_wd_unit);
1918 m->cgroup_inotify_event_source = sd_event_source_unref(m->cgroup_inotify_event_source);
1919 m->cgroup_inotify_fd = safe_close(m->cgroup_inotify_fd);
1922 m->pin_cgroupfs_fd = safe_close(m->pin_cgroupfs_fd);
1924 m->cgroup_root = mfree(m->cgroup_root);
1927 #if 0 /// UNNEEDED by elogind
1928 Unit* manager_get_unit_by_cgroup(Manager *m, const char *cgroup) {
1935 u = hashmap_get(m->cgroup_unit, cgroup);
1939 p = strdupa(cgroup);
1943 e = strrchr(p, '/');
1945 return hashmap_get(m->cgroup_unit, SPECIAL_ROOT_SLICE);
1949 u = hashmap_get(m->cgroup_unit, p);
1955 Unit *manager_get_unit_by_pid_cgroup(Manager *m, pid_t pid) {
1956 _cleanup_free_ char *cgroup = NULL;
1964 r = cg_pid_get_path(SYSTEMD_CGROUP_CONTROLLER, pid, &cgroup);
1968 return manager_get_unit_by_cgroup(m, cgroup);
1971 Unit *manager_get_unit_by_pid(Manager *m, pid_t pid) {
1980 return hashmap_get(m->units, SPECIAL_INIT_SCOPE);
1982 u = hashmap_get(m->watch_pids1, PID_TO_PTR(pid));
1986 u = hashmap_get(m->watch_pids2, PID_TO_PTR(pid));
1990 return manager_get_unit_by_pid_cgroup(m, pid);
1994 #if 0 /// elogind must substitute this with its own variant
1995 int manager_notify_cgroup_empty(Manager *m, const char *cgroup) {
2001 log_debug("Got cgroup empty notification for: %s", cgroup);
2003 u = manager_get_unit_by_cgroup(m, cgroup);
2007 return unit_notify_cgroup_empty(u);
2010 int manager_notify_cgroup_empty(Manager *m, const char *cgroup) {
2016 log_debug("Got cgroup empty notification for: %s", cgroup);
2018 s = hashmap_get(m->sessions, cgroup);
2021 session_finalize(s);
2024 log_warning("Session not found: %s", cgroup);
2029 #if 0 /// UNNEEDED by elogind
2030 int unit_get_memory_current(Unit *u, uint64_t *ret) {
2031 _cleanup_free_ char *v = NULL;
2037 if (!u->cgroup_path)
2040 if ((u->cgroup_realized_mask & CGROUP_MASK_MEMORY) == 0)
2043 if (cg_all_unified() <= 0)
2044 r = cg_get_attribute("memory", u->cgroup_path, "memory.usage_in_bytes", &v);
2046 r = cg_get_attribute("memory", u->cgroup_path, "memory.current", &v);
2052 return safe_atou64(v, ret);
2055 int unit_get_tasks_current(Unit *u, uint64_t *ret) {
2056 _cleanup_free_ char *v = NULL;
2062 if (!u->cgroup_path)
2065 if ((u->cgroup_realized_mask & CGROUP_MASK_PIDS) == 0)
2068 r = cg_get_attribute("pids", u->cgroup_path, "pids.current", &v);
2074 return safe_atou64(v, ret);
2077 static int unit_get_cpu_usage_raw(Unit *u, nsec_t *ret) {
2078 _cleanup_free_ char *v = NULL;
2085 if (!u->cgroup_path)
2088 if (cg_all_unified() > 0) {
2089 const char *keys[] = { "usage_usec", NULL };
2090 _cleanup_free_ char *val = NULL;
2093 if ((u->cgroup_realized_mask & CGROUP_MASK_CPU) == 0)
2096 r = cg_get_keyed_attribute("cpu", u->cgroup_path, "cpu.stat", keys, &val);
2100 r = safe_atou64(val, &us);
2104 ns = us * NSEC_PER_USEC;
2106 if ((u->cgroup_realized_mask & CGROUP_MASK_CPUACCT) == 0)
2109 r = cg_get_attribute("cpuacct", u->cgroup_path, "cpuacct.usage", &v);
2115 r = safe_atou64(v, &ns);
2124 int unit_get_cpu_usage(Unit *u, nsec_t *ret) {
2130 /* Retrieve the current CPU usage counter. This will subtract the CPU counter taken when the unit was
2131 * started. If the cgroup has been removed already, returns the last cached value. To cache the value, simply
2132 * call this function with a NULL return value. */
2134 r = unit_get_cpu_usage_raw(u, &ns);
2135 if (r == -ENODATA && u->cpu_usage_last != NSEC_INFINITY) {
2136 /* If we can't get the CPU usage anymore (because the cgroup was already removed, for example), use our
2140 *ret = u->cpu_usage_last;
2146 if (ns > u->cpu_usage_base)
2147 ns -= u->cpu_usage_base;
2151 u->cpu_usage_last = ns;
2158 int unit_reset_cpu_usage(Unit *u) {
2164 u->cpu_usage_last = NSEC_INFINITY;
2166 r = unit_get_cpu_usage_raw(u, &ns);
2168 u->cpu_usage_base = 0;
2172 u->cpu_usage_base = ns;
2176 bool unit_cgroup_delegate(Unit *u) {
2181 c = unit_get_cgroup_context(u);
2188 void unit_invalidate_cgroup(Unit *u, CGroupMask m) {
2191 if (!UNIT_HAS_CGROUP_CONTEXT(u))
2197 /* always invalidate compat pairs together */
2198 if (m & (CGROUP_MASK_IO | CGROUP_MASK_BLKIO))
2199 m |= CGROUP_MASK_IO | CGROUP_MASK_BLKIO;
2201 if ((u->cgroup_realized_mask & m) == 0)
2204 u->cgroup_realized_mask &= ~m;
2205 unit_add_to_cgroup_queue(u);
2208 void manager_invalidate_startup_units(Manager *m) {
2214 SET_FOREACH(u, m->startup_units, i)
2215 unit_invalidate_cgroup(u, CGROUP_MASK_CPU|CGROUP_MASK_IO|CGROUP_MASK_BLKIO);
2218 static const char* const cgroup_device_policy_table[_CGROUP_DEVICE_POLICY_MAX] = {
2219 [CGROUP_AUTO] = "auto",
2220 [CGROUP_CLOSED] = "closed",
2221 [CGROUP_STRICT] = "strict",
2224 DEFINE_STRING_TABLE_LOOKUP(cgroup_device_policy, CGroupDevicePolicy);
~ianmdlvl / elogind.git / blob