Commit graph

19 commits

Author SHA1 Message Date
Suren Baghdasaryan
f3bdac78a0 libprocessgroup: Add fd caching support for SetProcessProfiles
Process profiles operating on paths that do not depend on pid or uid of
the process can cache the fd of the file they are operating on. Add
support for fd caching similar to how SetTaskProfiles caches the fd
of the file it needs to write to.

Bug: 215557553
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Change-Id: Ie73ebcbbf1919d90409f40c1f6b08743f4edf97c
2022-01-25 00:05:34 +00:00
Suren Baghdasaryan
c2ee2e5774 libprocessgroup: Move fd caching code into FdCacheHelper
Refactor file descriptor caching code and move it into FdCacheHelper
because later on when we introduce fd caching for SetProcessProfiles
the children of CachedFdProfileAction become different enough that
sharing the same parent becomes a hindrance.

Bug: 215557553
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Change-Id: If3812a0090c81a29e25f0888b0511cfaf48edea3
2022-01-25 00:05:24 +00:00
Rick Yiu
d4c53518fe libprocessgroup: Use WriteStringToFd for WriteFileAction
Using WriteStringToFile will hold kernfs_mutex which is a big lock,
so use WriteStringToFd instead. Besides, also support fd cache for it.

Bug: 206970384
Test: build pass
Change-Id: Id79f9e1095f52079393c58edb9a4d526f4cc6b5e
2021-12-10 11:46:26 +08:00
Suren Baghdasaryan
ec88556460 libprocessgroup: Prevent error spam when tests disable all cpus in a cpuset
UserLifecycleTests test disables all Little cores in the course of the
test, which causes attempts to add a process into /dev/cpuset/restricted
cpuset cgroup to fail with ENOSPC error code, indicating that a process
is joining a cpuset cgroup with no online cpus. Current libprocessgroup
implementation will log an error on each such occurrence, which spams
the logs and makes it hard to analyze test results. Because this
situation does not happen in production environment (we do not offline
cpus), we can prevent flooding the logs by identifying this case,
logging an appropriate error one time and ignore all later similar errors.

Bug: 158766131
Test: adb shell "echo 0 > /sys/devices/system/cpu/cpu[0-3]/online"
Test: start some apps, observe libprocessgroup errors in the logcat
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Change-Id: Ia91d8839d86787569c255481bde077be51c43d93
2021-10-25 16:18:08 -07:00
Rick Yiu
d76053a4c5 libprocessgroup: Add control of printing log in WriteFileAction
If there are known fail pattern, we could disable printing logs to
reduce log spam. Use "LogFailures": true or "LogFailures": false.
Default will be true if not specified.

Bug: 178070122
Test: function works
Change-Id: Ia4081a10daf738294937f459f006fbcc3171481b
2021-01-28 03:26:18 +00:00
Rick Yiu
bc1ad9671a libprocessgroup: Support write to file feature
There may be some use cases that it needs to write string to a
file. This patch support write "Value" to "FilePath", where
both parameters could use special string "<uid>" and "<pid>" to
represent actual uid and pid.

Bug: 170507963
Test: function works
Change-Id: I543846f523518a9bcb3dd1b3437163a1b3157d95
2020-11-03 20:56:48 +08:00
Suren Baghdasaryan
81b9f0b763 libprocessgroup: Allow vendor profile attributes to override system ones
In the current implementation vendor profile attributes do not override
system ones and instead generate a warning. Fix that by overriding existing
attribute if a new definition is found.

Bug: 160318642
Test: add vendor attributes and confirm no warnings
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Change-Id: I71a2ee4d4b3c585e7c9a01b791e973390d409cbc
2020-07-01 20:44:24 +00:00
Suren Baghdasaryan
911109c414 libprocessgroup: Prevent SetProcessProfiles from using cached fd
Because we cache file descriptors associated with cgroup "tasks" file it
should not be used with SetProcessProfiles API which operates on entire
processes rather than tasks. Change SetProcessProfiles API to prevent
cache fd usage, modify ExecuteForProcess to not attempt to use cached
fd. Also fix unconditional calls to EnableResourceCaching from
ExecuteForTask which should be called only when SetTaskProfiles is used
with use_fd_cache set to true.

Bug: 149524788
Change-Id: I880efaf8217a4dd7ccfbb4fb167b2295cefc057a
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
2020-02-14 01:42:11 +00:00
Suren Baghdasaryan
8438595f21 libprocessgroup: Prevent aggregate profiles from referencing stale ones
Currently when vendor overrides a profile the profile object is being
replaced with a new one. However the old profile might have been
referenced by an aggregate profile and with such profile replacement
the aggregate profile is left referencing a stale object. Fix this by
replacing the content of the old profile with the content from the new
one instead of replacing the object itself.

Bug: 148311066
Test: override profiles referenced in aggregate profile and verify
Test: correct replacement
Change-Id: Iabddbf3580455e5263fedad6665cf52fb323e50a
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
2020-01-27 21:07:27 +00:00
Rick Yiu
0b211fa8b3 libprocessgroup: add support to set aggregate profiles
To support setting multiple profiles with one call. The json format
is as below example.

  "AggregateProfiles": [
    ...
    {
      "Name": "SCHED_SP_BACKGROUND",
      "Profiles": [ "HighEnergySaving", "LowIoPriority", "TimerSlackHigh" ]
    },
    ...
  }

Bug: 139521784
Test: SetProfile works as expected
Change-Id: Ibe14ed57d5169cafcbcbbdb054df3ed171a2f6a2
2019-09-30 08:35:28 +00:00
Riddle Hsu
a6abd821d5 Allow to drop existing fd cache of cgroup path
A process can give up the permission to set cgroup. If we still
keep the fd that was cached before losing the permission, when
the process sets scheduling group, it will write to the cached
fd without checking if is accessible and lead to sepolicy denied.

Bug: 123043091
Test: Build and boot.
Test: A new process from zygote set cgroup and drop fd cache, and
      then specializes to app domain. There is no sepolicy denied
      when the process creates new thread.
      (android::thread_data_t::trampoline)

Change-Id: I285ee91424ea965ea9c670fc0f6662948e3e2ce5
2019-06-18 15:53:53 +08:00
mtk16036
53f79e6861 race condition in libprocessgroup
while enable fdsan (file descriptor sanitizer),
fdsan report use-after-close error after boot complete (sedom).

Because, in SetCgroupAction::EnableResourceCaching() currently has a data race against all the
use fd_ functions like SetCgroupAction::ExecuteForProcess(uid_t uid, pid_t pid) etc.

ThreadA                                     | ThreadB
-------------------------------------------------------------------------------------------------
in SetCgroupAction::EnableResourceCaching() | in SetCgroupAction::ExecuteForProcess(...)
-------------------------------------------------------------------------------------------------
                                            | in SetCgroupAction::AddTidToCgroup(int tid, int fd)
-------------------------------------------------------------------------------------------------
fd_ = std::move(fd); /*modified fd_ value*/ |
-------------------------------------------------------------------------------------------------
                                            | write(fd)  /* crash here, fd is closed by ThreadA*/
-------------------------------------------------------------------------------------------------

So, add mutex lock to protect fd_ data race.

Bug: 134120826
Test: auto test, run the adb reboot test 100 times and no fdsan error report on libprocessgroup
Change-Id: Iccf2f705e030f79324f1164509e715dc5be825de
2019-06-11 10:52:25 -07:00
Suren Baghdasaryan
8a315d2a3e Re-enable file descriptor caching and add option to skip caching
This reverts commit bee9f5718b
"libprocessgroup: Disable file descriptor caching temporarily" and adds
option to use SetTaskProfiles and SetProcessProfiles without file caching.
This option is used from JNI to avoid access denials because cached files
are not whitelisted for JNI usage.

Bug: 123868658
Bug: 123043091
Test: boot using svelte target
Change-Id: I76b9d6af8a1dd4464cb3cf3e6dc327980efdf361
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
2019-04-20 00:11:21 +00:00
Yifan Hong
53e0deb7b2 libprocessgroup: use libcgrouprc to read cgroup.rc
Use the LL-NDK library to read cgroup.rc.

As a side-effect, the CgroupController class is changed
to a wrapper of ACgroupController* from the library. The
class itself essentially becomes the pointer, and can be
trivially copied. Modify all client code for this change.

Test: builds and boots
Bug: 123664216

Change-Id: I635d9885db62e82f37421f6d20f59c84a6f4cbb2
Merged-In: I635d9885db62e82f37421f6d20f59c84a6f4cbb2
2019-04-02 22:31:57 -07:00
Suren Baghdasaryan
05da67c390 Add vendor cgroups and task_profiles support
Vendors should be able to specify additional cgroups and task profiles
without changing system files. Add support for /vendor/etc/cgroups.json
and /vendor/etc/task_profiles.json files which will augment cgroups and
task profiles specified in /etc/cgroups.json and /etc/task_profiles.json
system files.

Bug: 124960615
Change-Id: I548c2e866b65c19856a3617d75b75dcd06f7d5b7
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
2019-03-01 00:29:37 +00:00
Suren Baghdasaryan
bee9f5718b libprocessgroup: Disable file descriptor caching temporarily
File descriptor caching breaks boot on Android Go and Svelte targets.
Disable it temporarily to fix the builds and investigate the root cause
further.

Bug: 123868658
Test: Android Go device boots after this change

Change-Id: Idd0209029cde8454ea99b9de030f7a317c2988d7
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
2019-02-06 02:15:37 +00:00
Greg Kaiser
5c5ed9c856 libprocessgroup: Fix return values
We want our default implementations to fail, but '-1' is implicitly
cast to 'true', since it's non-zero.  We explicitly use 'false' to
fix this.

Test: TreeHugger
Change-Id: I369897b519601ce1a887cf6acd5f2cb9a6113a9a
2019-02-04 06:33:26 -08:00
Suren Baghdasaryan
eca87cb9ca Fix non-Android build targets
Non-Android build targets are missing sys/prctl.h header and functionality
should be disabled for them like it was done previously inside
sched_policy.cpp. Also make the set_sched_policy/get_sched_policy
functionality backward compatible by creating stubs for non-Android
targets.

Bug: 111307099
Test: built sdk_gphone_x86-sdk_addon_mac target using forrest

Change-Id: I1c195267e287a84a21c588bd61d7c452bff6cfbe
Merged-In: I1c195267e287a84a21c588bd61d7c452bff6cfbe
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
2019-02-03 16:49:28 +00:00
Suren Baghdasaryan
82b72a5667 libprocessgroup: Add support for task profiles
Abstract usage of cgroups into task profiles that allows for changes
in cgroup hierarchy and version without affecting framework codebase.
Rework current processgroup and sched_policy API function implementations
to use task profiles instead of hardcoded paths and attributes.
Mount cgroups using information from cgroups.json rather than from init.rc

Exempt-From-Owner-Approval: already approved in internal master

Bug: 111307099
Test: builds, boots

Change-Id: If5532d6dc570add825cebd5b5148e00c7d688e32
Merged-In: If5532d6dc570add825cebd5b5148e00c7d688e32
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
2019-02-03 16:48:35 +00:00