Because we cache file descriptors associated with cgroup "tasks" file it
should not be used with SetProcessProfiles API which operates on entire
processes rather than tasks. Change SetProcessProfiles API to prevent
cache fd usage, modify ExecuteForProcess to not attempt to use cached
fd. Also fix unconditional calls to EnableResourceCaching from
ExecuteForTask which should be called only when SetTaskProfiles is used
with use_fd_cache set to true.
Bug: 149524788
Change-Id: I880efaf8217a4dd7ccfbb4fb167b2295cefc057a
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
~2007 a change was added that would allow oneshot services to
daemonize by not killing their process group. This was a hack at the
time, and should certainly not be needed now. I've resisted removing
the behavior however, as it hadn't caused any issues.
Recently, it was detected that the cgroups that these processes belong
to, would exist forever and therefore leak memory. Instead of simply
removing the cgroups when empty, this provides a good opportunity to
do the right thing and fix this behavior once and for all.
The new (correct) behavior only happens for devices with vendor images
built for Android R or later. Init will log a warning to dmesg when
it detects this difference in behavior has occurred.
Bug: 144545923
Test: boot CF/Coral and see no difference in behavior.
Test: boot CF with a service that daemonizes and see the warning.
Change-Id: I333a2e25a541ec0114ac50ab8ae7f1ea3f055447
To support setting multiple profiles with one call. The json format
is as below example.
"AggregateProfiles": [
...
{
"Name": "SCHED_SP_BACKGROUND",
"Profiles": [ "HighEnergySaving", "LowIoPriority", "TimerSlackHigh" ]
},
...
}
Bug: 139521784
Test: SetProfile works as expected
Change-Id: Ibe14ed57d5169cafcbcbbdb054df3ed171a2f6a2
A process can give up the permission to set cgroup. If we still
keep the fd that was cached before losing the permission, when
the process sets scheduling group, it will write to the cached
fd without checking if is accessible and lead to sepolicy denied.
Bug: 123043091
Test: Build and boot.
Test: A new process from zygote set cgroup and drop fd cache, and
then specializes to app domain. There is no sepolicy denied
when the process creates new thread.
(android::thread_data_t::trampoline)
Change-Id: I285ee91424ea965ea9c670fc0f6662948e3e2ce5
Controllers listed in cgroups.json file might fail to mount if kernel is
not configured to support them. We need a way to indicate whether a
controller was successfully mounted and is usable to avoid logging errors
and warnings when a controller that failed to mount is being used. Add
flags bitmask to cgrouprc controller descriptor and use a bit to indicate
that controller is successfully mounted. Modify cpusets_enabled() and
schedboost_enabled() functions to use this bit and report the actual
availability of the controller.
Bug: 124080437
Test: libcutils_test with cpuset and schedtune controllers disabled
Change-Id: I770cc39fe50465146e3205aacf77dc3c56923c5d
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
This reverts commit bee9f5718b
"libprocessgroup: Disable file descriptor caching temporarily" and adds
option to use SetTaskProfiles and SetProcessProfiles without file caching.
This option is used from JNI to avoid access denials because cached files
are not whitelisted for JNI usage.
Bug: 123868658
Bug: 123043091
Test: boot using svelte target
Change-Id: I76b9d6af8a1dd4464cb3cf3e6dc327980efdf361
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Use the LL-NDK library to read cgroup.rc.
As a side-effect, the CgroupController class is changed
to a wrapper of ACgroupController* from the library. The
class itself essentially becomes the pointer, and can be
trivially copied. Modify all client code for this change.
Test: builds and boots
Bug: 123664216
Change-Id: I635d9885db62e82f37421f6d20f59c84a6f4cbb2
Merged-In: I635d9885db62e82f37421f6d20f59c84a6f4cbb2
Only init uses SetupCgroups. This functionality is
moved from libprocessgroup to its own library, and only
init links to it.
Also, merge CgroupSetupCgroups() with CgroupMap::SetupCgroups()
because the former is just an alias of the latter, and
CgroupMap does not belong to libcgrouprc_setup.
Test: boots
Bug: 123664216
Change-Id: I941dc0c415e2b22ae663d43e30dc7a464687325e
Merged-In: I941dc0c415e2b22ae663d43e30dc7a464687325e
EBUSY is expected when removing process group path if process is still
active. ESRCH is expected when kill if process died already. ENOENT is
also expected when opening cgroup path if process died already.
This CL also skip removing parent path if child failed when remove
process group.
Bug: 125340804
Test: Build and boot
Change-Id: Ief3b9cb913035a4050f6cf79c8b1e2f098e18244
The expected memcg path for apps is
/dev/memcg/apps/uid_<uid>/pid_<pid>. Right now we are missing the
"apps" component. Fix it.
Bug: 124776663
Test: Boot on a Go device and does not see error from lmkd anymore.
Change-Id: I0e4c1d8520463fabb171ff4e61479034b6446548
Abstract usage of cgroups into task profiles that allows for changes
in cgroup hierarchy and version without affecting framework codebase.
Rework current processgroup and sched_policy API function implementations
to use task profiles instead of hardcoded paths and attributes.
Mount cgroups using information from cgroups.json rather than from init.rc
Exempt-From-Owner-Approval: already approved in internal master
Bug: 111307099
Test: builds, boots
Change-Id: If5532d6dc570add825cebd5b5148e00c7d688e32
Merged-In: If5532d6dc570add825cebd5b5148e00c7d688e32
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
This reverts commit c4a02d25a9.
Reason for revert: AOSP is fixed with new vendor image
Change-Id: Ifc1c4d51aa1b168ef62cf58275b908d98b9a04bf
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Include libprocessgroup into vndk in preparation for sched_policy
functions to be moved into it.
Bug: 111307099
Test: builds, boots
Merged-In: I09a528cac8821df3201c2428b151fd2eaece3ccb
Change-Id: I09a528cac8821df3201c2428b151fd2eaece3ccb
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
The memcg.limit_percent option can be used to limit the cgroup's
max RSS to the given value as a percentage of the device's physical
memory. The memcg.limit_property option specifies the name of a
property that can be used to control the cgroup's max RSS. These
new options correspond to the arguments to the limitProcessMemory
function in frameworks/av/media/libmedia/MediaUtils.cpp; this will
allow us to add these options to the rc files for the programs that
call this function and then remove the callers in a later change.
There is also a change in semantics: the memcg.* options now have
an effect on all devices which support memory cgroups, not just
those with ro.config.low_ram or ro.config.per_app_memcg set to true.
This change also brings the semantics in line with the documentation,
so it looks like the previous semantics were unintentional.
Change-Id: I9495826de6e477b952e23866743b5fa600adcacb
Bug: 118642754
In DoKillProcessGroupOnce function, if process has a child process, pids set
will be clear probability and initialPid will not be killed, when the pid
is equal to initialPid.
Test: manual - start duomi app and remove it use recent apps key
Change-Id: Ifb9f4acacd725d2c367e547d2b5512807bb44fec
Allow configuring memory.swappiness, memory.soft_limit_in_bytes
and memory.limit_in_bytes by init; by doing so there is better
control of memory consumption per native app.
Test: tested on gobo branch.
bug: 63765067
Change-Id: I8906f3ff5ef77f75a0f4cdfbf9d424a579ed52bb
Use mem cgroups if the kernel is built with CONFIG_MEMCG=y,
additionally add system group.
test: verified on both kernel with/without memcg enabled
Change-Id: Ia2ae89efa3905e9da68fa77adac1225c667864d1
Use mem cgroups if the kernel is built with CONFIG_MEMCG=y,
additionally add system group.
test: verified on both kernel with/without memcg enabled
Change-Id: Ib9d1c8e3c797e75f160e0e92edf3f11c9d8e9f17
libprocessgroup kills the cgroup associated with a given pid and uid,
but not the POSIX process group associated with it. This means that
to kill both, two of the same signals must be sent, which may cause
some issues.
This change kills all POSIX process groups whose group leaders are
found within a cgroup. It only then kills processes in the cgroup
that are not part of the POSIX process groups that have been killed.
Bug: 37853905
Bug: 62418791
Test: Boot, kill zygote, reboot
Change-Id: Id1d96935745899b4c454c36c351ec16a0b1d3827
- killProcessGroup retries if it fails while
killProcessGroupOnce only tries once.
- useful for sending signal like SIGTERM once.
bug: 36696408
Test: will add usage to init
Change-Id: Ia1e3d4ec848e785a3238f262b02914695cded4c7
This lets us see what's going on in init.
Bug: http://b/29751426
Merged-In: I73432dc7608ca0dc8e421a2f3a750b37c6743f62
Change-Id: I73432dc7608ca0dc8e421a2f3a750b37c6743f62
Put every service into a process group, kill the process group
and all child processes created within the group when killing the
service. Removed libutil dependency in libprocessgroup.
Bug: 25355957
Change-Id: Ieed60ec41579f638ab9b1e66a7e6330ed578ab05
Signed-off-by: Collin Mulliner <collinrm@squareup.com>
Commit b82bab66 introduced the use of memory cgroups for keeping track
of forked PIDs; it basically creates a separate memory cgroup for every
process forked from zygote.
Each such memory cgroup which also have its own LRU with (in)active file
and anonymous pages. The current theory is this could potentially introduce
two problems:
1) kswapd runs longer because it has to iterate over the LRUs of all mem
cgroups, instead of over the LRUs of a single root mem cgroup;
2) the way kswapd reclaims things will be different also - I think it will
tend to bias reclaim to smaller mem cgroups, and process private pages
will end up on ZRAM swap much sooner.
Until we figure this out, fall back to the CPU accounting cgroup for keeping
track of forked PIDs. This leaves us with a single root mem cgroup again. We
can also keep userspace lmkd enabled because it only requires the root mem
cgroup.
Bug: 27381069
Change-Id: Ife397a6ac232761f2adfe6f5056582be0d1b4ff1
libprocessgroup checks whether it can use memory
cgroups for keeping track of forked processes by
seeing whether /dev/memcg/apps is writable. However,
on systems with memory cgroups disabled, SELinux
(correctly) no longer classifies this directory as a cgroup,
and starts denying zygote access. To fix this,
first check whether /dev/memcg/apps/tasks exists to
see if the cgroup is mounted; only then check whether
we can write to the directory.
Bug: 27046965
Change-Id: I6e44cd62d8c396e20ceb162c50606b3e86f2cb3e
It turns out we were using the CPU accounting
cgroups for keeping track of processes that were
forked by an app without the framework's knowledge,
so we could kill all of them reliably (see b/15313911
for context).
Since we want to use memory cgroups for other purposes,
we might as well use memory cgroups for tracking forked
PIDs if they're enabled. This also gets us automatic cleanup
of empty mem cgroups.
Also, removed old mem cgroup mount point that is no
longer used, as well as cgroup release agent code that
we're not using.
Change-Id: I69d5cc31c162ffa49ef6945755f41381e306cc8b
to make the function faster on average. Since killing a process
takes about 40-60ms on a recent device, the previous logic tends
to sleep too long. This CL does not significantly change the total
timeout (old code: 204ms, new code: 200ms).
Bug: 21813611
Change-Id: Ica44b2437ccccaebadcf585d7a09d993ce71a499
Make a format string match the type of the parameter it represents
Change-Id: I0af88636448084b56450996ea9dafdba3c1fd2a3
Signed-off-by: Bernhard Rosenkränzer <Bernhard.Rosenkranzer@linaro.org
Currently, mkdirAndChown takes parameters for mode, uid and gid, but
ignores them and hardcodes 0750, AID_SYSTEM, AID_SYSTEM instead.
This doesn't matter much because so far its only invocation passes
exactly those values as parameters -- but clang complains about unused
parameters.
Might as well make the function do what it claims to do.
Change-Id: I5a8056be3278a0c5d0a576dbc061288aa0956a35
Signed-off-by: Bernhard Rosenkränzer <Bernhard.Rosenkranzer@linaro.org>
It looks like there were a couple problems in the code:
- It would not 0-terminate the string it read, to make sure we didn't
see garbage at the end.
- It didn't reduce buf_len as it processes data in the buffer, so if
we need to read more we will increase the buffer length to be longer
than the actual available data.
Also put in some logs about every thing we kill, so we can see what
is going on when debugging. And add a special check for us trying
to kill pid 0 for any reason, since doing so seem to be terminal to
the caller.
Change-Id: I2fe29bfef08938b8a2eb182475c0705c14d8d84f
removeAllProcessGroups and removeUidProcessGroups were calling
opendir, but never called closedir. This would leave a leaked
file descriptor for every /acct/uid_* directory that existed
at boot.
Change-Id: Ia08eccd42d6ad7a6c1c78402519ac2e53b4fc83a
libprocessgroup will allow Zygote to place processes
in a cgroup, and then kill the process and all forked processes
later. lmkd will also kill all forked processes.
Bug: 15313911
Change-Id: I20404d0dbe448f1c475d2f4c61cccca462f9e544
