- If file is unlinked, the mmapped region is still there.
- If file is truncated, a SIGBUS will be seen, and holding
the fd doesn't help.
Test: boots (sanity)
Bug: 123664216
Change-Id: I6683804bc795fab6798891a4471e5fe58fbffe13
Use the LL-NDK library to read cgroup.rc.
As a side-effect, the CgroupController class is changed
to a wrapper of ACgroupController* from the library. The
class itself essentially becomes the pointer, and can be
trivially copied. Modify all client code for this change.
Test: builds and boots
Bug: 123664216
Change-Id: I635d9885db62e82f37421f6d20f59c84a6f4cbb2
Merged-In: I635d9885db62e82f37421f6d20f59c84a6f4cbb2
Use CgroupController definition from libcgrouprc_format, not
libprocessgroup, because the wire format will be removed
from libprocessgroup later.
Bug: 123664216
Test: builds
Change-Id: If5e2301a1b65c3f6a51a1661cfeeed4e299f634e
Merged-In: If5e2301a1b65c3f6a51a1661cfeeed4e299f634e
Only init uses SetupCgroups. This functionality is
moved from libprocessgroup to its own library, and only
init links to it.
Also, merge CgroupSetupCgroups() with CgroupMap::SetupCgroups()
because the former is just an alias of the latter, and
CgroupMap does not belong to libcgrouprc_setup.
Test: boots
Bug: 123664216
Change-Id: I941dc0c415e2b22ae663d43e30dc7a464687325e
Merged-In: I941dc0c415e2b22ae663d43e30dc7a464687325e
This module is an LL-NDK library that can be loaded by
modules that link to libprocessgroup (which is in VNDK).
This module defines APIs that reads cgroups.rc file
programatically. Internally, it uses libcgrouprc_format to
do so.
Test: builds
Bug: 123664216
Change-Id: I9c13c0528461758154e23cbab3a94ade7fb351ee
Merged-In: I9c13c0528461758154e23cbab3a94ade7fb351ee
This module defines the wire format of the mmap()ed cgroup.rc
file.
Test: builds
Bug: 123664216
Change-Id: Iaf6199f759a6264590b13ca7ba6d7f576c3ed56a
Merged-In: Iaf6199f759a6264590b13ca7ba6d7f576c3ed56a
SetupCgroups is called by init process during early-init stage and is not
supposed to be called again by anyone else. Ensure that the caller is the
init process, make sure cgroup.rc file is written only one time, keep the
file descriptor to cgroup.rc file open by the init process to ensure all
its further mappings stay valid even if the file is deleted.
Bug: 124774415
Test: build, run, verify no errors or warning in the logcat
Change-Id: Ib8822cf0112db7744e28d442182d54dcf06f46f2
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Exit time destructors already caused trouble (see
dba6d44376), and without this warning,
it's too easy to reintroduce issues.
Bug: 129023204
Test: builds
Change-Id: If5fb4d0c11c74ba4971bb218059c6d37edeaf4df
SetupCgroups is called by init process during early-init stage and is not
supposed to be called again by anyone else. Ensure that the caller is the
init process, make sure cgroup.rc file is written only one time, keep the
file descriptor to cgroup.rc file open by the init process to ensure all
its further mappings stay valid even if the file is deleted.
Bug: 124774415
Test: build, run, verify no errors or warning in the logcat
Change-Id: I70ccec551fc07c380333566f618b969667dcf783
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
This avoids a race between destruction on process exit and concurrent
access from another thread.
Bug: 129023204
Change-Id: Iecafa67a78e2cce53687156e7f91547b4a23ec13
... so that they can be reused later.
Also, removed test to strull and inline static constexpr variable.
Bug: 123664216
Test: libprocessgroup_proto_test
Change-Id: Ia6b93c6689d7531e6f597d1387434aed1b3efb0a
Convert Json::Value to const refs to prevent creation of a null member
if specified element does not exist. Fix variable naming in the parser
while we are at it.
Change-Id: I7dabfd1c73983b465984dd6c411c9fe48743a348
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Vendors should be able to specify additional cgroups and task profiles
without changing system files. Add support for /vendor/etc/cgroups.json
and /vendor/etc/task_profiles.json files which will augment cgroups and
task profiles specified in /etc/cgroups.json and /etc/task_profiles.json
system files.
Bug: 124960615
Change-Id: I548c2e866b65c19856a3617d75b75dcd06f7d5b7
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
To differentiate IO priority for different groups.
Bug: 111422845
Bug: 117857342
Test: tasks are assigned to the group as expected
Change-Id: Ibb108d1b8e0f720f7ac4cab248b3c33d35e5483d
EBUSY is expected when removing process group path if process is still
active. ESRCH is expected when kill if process died already. ENOENT is
also expected when opening cgroup path if process died already.
This CL also skip removing parent path if child failed when remove
process group.
Bug: 125340804
Test: Build and boot
Change-Id: Ief3b9cb913035a4050f6cf79c8b1e2f098e18244
The expected memcg path for apps is
/dev/memcg/apps/uid_<uid>/pid_<pid>. Right now we are missing the
"apps" component. Fix it.
Bug: 124776663
Test: Boot on a Go device and does not see error from lmkd anymore.
Change-Id: I0e4c1d8520463fabb171ff4e61479034b6446548
- Add proto3 files as schema for JSON task profiles / cgroups
files.
- Add tests to ensure the JSON files (on the device) conforms
the schema. (libprocessgroup_proto_test)
Test: libprocessgroup_proto_test
Bug: 123664216
Change-Id: I1cab73bd0d3852ff8827fee0be22373da8a6fc5b
They are installed to /system/etc, not /. Hence, move
out of rootdir/ and move into the code that parse these
files (i.e. libprocessgroup).
Also, Android.mk->bp.
Test: builds
Change-Id: I1763c26f81ae51ee159552e39d252fd643c35b94
In recovery mode a separate set of cgroups should be mounted. Add a
cgroups.recovery.json file to describe cgroups mounted during recovery.
Change cgroups descriptor parset to allow cgroups and cgroups2 sections
to be omitted.
Bug: 124270406
Test: "adb reboot sideload; adb devices" shows 'sideload' as expected
Change-Id: Ic32bd2b4612ec8390064f87d4655d1bd1183d741
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
lmkd uses set_sched_priority to expedite killing of its victims and this
sometimes results in timerslack_ns writes for an process which is already
dead. These messages are detrimental during troubleshooting and do not
indicate a real problem, therefore need to be suppressed.
Bug: 124324891
Test: lmkd_unit_test
Change-Id: I5bc071b47d386c279dd9a56eee51dba7797f4520
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
When cgroup directory is created its user and ownership gets set, however
because previous code was storing getpwnam() return value the second
invocation would effectively override the previous ones result. Fix this
by copying necessary results. Also change getpwnam() to getgrnam() when
group name is converted into gid. getpwnam() works because of the way
Android uses these ids, however more generally this is incorrect and
getgrnam() should be used instead.
Bug: 111307099
Test: verified user/group membership of the cgroup directories
Change-Id: I78668bc1a36a74f53d8e9825e2d06e3e09501e7a
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
JSON supports only decimal values and therefore file mode which should
use octal values has to be represented as strings. Fix the implicit
octal-to-decimal conversion and convert from string to octal in the code.
Bug: 111307099
Test: confirmed by verifying correct file permissions
Change-Id: I3ef9de0aea259f93bf74efeffca72d37d4740e15
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
File descriptor caching breaks boot on Android Go and Svelte targets.
Disable it temporarily to fix the builds and investigate the root cause
further.
Bug: 123868658
Test: Android Go device boots after this change
Change-Id: Idd0209029cde8454ea99b9de030f7a317c2988d7
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
We want our default implementations to fail, but '-1' is implicitly
cast to 'true', since it's non-zero. We explicitly use 'false' to
fix this.
Test: TreeHugger
Change-Id: I369897b519601ce1a887cf6acd5f2cb9a6113a9a
Non-android targets should not mount cgroups described in cgroup map
file. When used on non-Android targets SetupCgroup will fail. When
SetupCgroup is called via SetupCgroups a warning will be generated for
each cgroup that fails to mount.
Bug: 111307099
Change-Id: I213a5f9b02f312ba1dd7dc91c89b67334fb939b9
Merged-In: I213a5f9b02f312ba1dd7dc91c89b67334fb939b9
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Non-Android build targets are missing sys/prctl.h header and functionality
should be disabled for them like it was done previously inside
sched_policy.cpp. Also make the set_sched_policy/get_sched_policy
functionality backward compatible by creating stubs for non-Android
targets.
Bug: 111307099
Test: built sdk_gphone_x86-sdk_addon_mac target using forrest
Change-Id: I1c195267e287a84a21c588bd61d7c452bff6cfbe
Merged-In: I1c195267e287a84a21c588bd61d7c452bff6cfbe
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Abstract usage of cgroups into task profiles that allows for changes
in cgroup hierarchy and version without affecting framework codebase.
Rework current processgroup and sched_policy API function implementations
to use task profiles instead of hardcoded paths and attributes.
Mount cgroups using information from cgroups.json rather than from init.rc
Exempt-From-Owner-Approval: already approved in internal master
Bug: 111307099
Test: builds, boots
Change-Id: If5532d6dc570add825cebd5b5148e00c7d688e32
Merged-In: If5532d6dc570add825cebd5b5148e00c7d688e32
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
This reverts commit 1bef8c550c.
Reason for revert: AOSP is fixed with new vendor image
Change-Id: Ib341ac80e2f88c13a7815a490ea2d9422ebdf55f
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
This reverts commit b5394db682.
Reason for revert: AOSP is fixed with new vendor image
Change-Id: Ie1a2e0200600214a65f4fe2250c903c8e8ce0a29
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
This reverts commit c4a02d25a9.
Reason for revert: AOSP is fixed with new vendor image
Change-Id: Ifc1c4d51aa1b168ef62cf58275b908d98b9a04bf
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Include libprocessgroup into vndk in preparation for sched_policy
functions to be moved into it.
Bug: 111307099
Test: builds, boots
Merged-In: I09a528cac8821df3201c2428b151fd2eaece3ccb
Change-Id: I09a528cac8821df3201c2428b151fd2eaece3ccb
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
The memcg.limit_percent option can be used to limit the cgroup's
max RSS to the given value as a percentage of the device's physical
memory. The memcg.limit_property option specifies the name of a
property that can be used to control the cgroup's max RSS. These
new options correspond to the arguments to the limitProcessMemory
function in frameworks/av/media/libmedia/MediaUtils.cpp; this will
allow us to add these options to the rc files for the programs that
call this function and then remove the callers in a later change.
There is also a change in semantics: the memcg.* options now have
an effect on all devices which support memory cgroups, not just
those with ro.config.low_ram or ro.config.per_app_memcg set to true.
This change also brings the semantics in line with the documentation,
so it looks like the previous semantics were unintentional.
Change-Id: I9495826de6e477b952e23866743b5fa600adcacb
Bug: 118642754
In DoKillProcessGroupOnce function, if process has a child process, pids set
will be clear probability and initialPid will not be killed, when the pid
is equal to initialPid.
Test: manual - start duomi app and remove it use recent apps key
Change-Id: Ifb9f4acacd725d2c367e547d2b5512807bb44fec
Allow configuring memory.swappiness, memory.soft_limit_in_bytes
and memory.limit_in_bytes by init; by doing so there is better
control of memory consumption per native app.
Test: tested on gobo branch.
bug: 63765067
Change-Id: I8906f3ff5ef77f75a0f4cdfbf9d424a579ed52bb
Use mem cgroups if the kernel is built with CONFIG_MEMCG=y,
additionally add system group.
test: verified on both kernel with/without memcg enabled
Change-Id: Ia2ae89efa3905e9da68fa77adac1225c667864d1
Use mem cgroups if the kernel is built with CONFIG_MEMCG=y,
additionally add system group.
test: verified on both kernel with/without memcg enabled
Change-Id: Ib9d1c8e3c797e75f160e0e92edf3f11c9d8e9f17
libprocessgroup kills the cgroup associated with a given pid and uid,
but not the POSIX process group associated with it. This means that
to kill both, two of the same signals must be sent, which may cause
some issues.
This change kills all POSIX process groups whose group leaders are
found within a cgroup. It only then kills processes in the cgroup
that are not part of the POSIX process groups that have been killed.
Bug: 37853905
Bug: 62418791
Test: Boot, kill zygote, reboot
Change-Id: Id1d96935745899b4c454c36c351ec16a0b1d3827
- killProcessGroup retries if it fails while
killProcessGroupOnce only tries once.
- useful for sending signal like SIGTERM once.
bug: 36696408
Test: will add usage to init
Change-Id: Ia1e3d4ec848e785a3238f262b02914695cded4c7
This lets us see what's going on in init.
Bug: http://b/29751426
Merged-In: I73432dc7608ca0dc8e421a2f3a750b37c6743f62
Change-Id: I73432dc7608ca0dc8e421a2f3a750b37c6743f62
Put every service into a process group, kill the process group
and all child processes created within the group when killing the
service. Removed libutil dependency in libprocessgroup.
Bug: 25355957
Change-Id: Ieed60ec41579f638ab9b1e66a7e6330ed578ab05
Signed-off-by: Collin Mulliner <collinrm@squareup.com>
Commit b82bab66 introduced the use of memory cgroups for keeping track
of forked PIDs; it basically creates a separate memory cgroup for every
process forked from zygote.
Each such memory cgroup which also have its own LRU with (in)active file
and anonymous pages. The current theory is this could potentially introduce
two problems:
1) kswapd runs longer because it has to iterate over the LRUs of all mem
cgroups, instead of over the LRUs of a single root mem cgroup;
2) the way kswapd reclaims things will be different also - I think it will
tend to bias reclaim to smaller mem cgroups, and process private pages
will end up on ZRAM swap much sooner.
Until we figure this out, fall back to the CPU accounting cgroup for keeping
track of forked PIDs. This leaves us with a single root mem cgroup again. We
can also keep userspace lmkd enabled because it only requires the root mem
cgroup.
Bug: 27381069
Change-Id: Ife397a6ac232761f2adfe6f5056582be0d1b4ff1
libprocessgroup checks whether it can use memory
cgroups for keeping track of forked processes by
seeing whether /dev/memcg/apps is writable. However,
on systems with memory cgroups disabled, SELinux
(correctly) no longer classifies this directory as a cgroup,
and starts denying zygote access. To fix this,
first check whether /dev/memcg/apps/tasks exists to
see if the cgroup is mounted; only then check whether
we can write to the directory.
Bug: 27046965
Change-Id: I6e44cd62d8c396e20ceb162c50606b3e86f2cb3e
It turns out we were using the CPU accounting
cgroups for keeping track of processes that were
forked by an app without the framework's knowledge,
so we could kill all of them reliably (see b/15313911
for context).
Since we want to use memory cgroups for other purposes,
we might as well use memory cgroups for tracking forked
PIDs if they're enabled. This also gets us automatic cleanup
of empty mem cgroups.
Also, removed old mem cgroup mount point that is no
longer used, as well as cgroup release agent code that
we're not using.
Change-Id: I69d5cc31c162ffa49ef6945755f41381e306cc8b
to make the function faster on average. Since killing a process
takes about 40-60ms on a recent device, the previous logic tends
to sleep too long. This CL does not significantly change the total
timeout (old code: 204ms, new code: 200ms).
Bug: 21813611
Change-Id: Ica44b2437ccccaebadcf585d7a09d993ce71a499
Make a format string match the type of the parameter it represents
Change-Id: I0af88636448084b56450996ea9dafdba3c1fd2a3
Signed-off-by: Bernhard Rosenkränzer <Bernhard.Rosenkranzer@linaro.org
Currently, mkdirAndChown takes parameters for mode, uid and gid, but
ignores them and hardcodes 0750, AID_SYSTEM, AID_SYSTEM instead.
This doesn't matter much because so far its only invocation passes
exactly those values as parameters -- but clang complains about unused
parameters.
Might as well make the function do what it claims to do.
Change-Id: I5a8056be3278a0c5d0a576dbc061288aa0956a35
Signed-off-by: Bernhard Rosenkränzer <Bernhard.Rosenkranzer@linaro.org>
It looks like there were a couple problems in the code:
- It would not 0-terminate the string it read, to make sure we didn't
see garbage at the end.
- It didn't reduce buf_len as it processes data in the buffer, so if
we need to read more we will increase the buffer length to be longer
than the actual available data.
Also put in some logs about every thing we kill, so we can see what
is going on when debugging. And add a special check for us trying
to kill pid 0 for any reason, since doing so seem to be terminal to
the caller.
Change-Id: I2fe29bfef08938b8a2eb182475c0705c14d8d84f
removeAllProcessGroups and removeUidProcessGroups were calling
opendir, but never called closedir. This would leave a leaked
file descriptor for every /acct/uid_* directory that existed
at boot.
Change-Id: Ia08eccd42d6ad7a6c1c78402519ac2e53b4fc83a
libprocessgroup will allow Zygote to place processes
in a cgroup, and then kill the process and all forked processes
later. lmkd will also kill all forked processes.
Bug: 15313911
Change-Id: I20404d0dbe448f1c475d2f4c61cccca462f9e544