Adjust cgroup cpu for Tizen

Latest public Tizen does not support cfs_period_us or cfs_quota_us because CONFIG_FAIR_GROUP_SCHED, CONFIG_CFS_BANDWIDTH are not enabled.
Thus, instead of strict cpu limitation using cfs_quota, use cpu_shares.
The cpu_shares of each NSJAIL process will be assigned according to ratio (cfs_quota/cfs_period)

This is temporary patch and is not well validated.
Tizen will consider to enable the kernel option for cfs_quota_us.

diff --git a/cgroup.cc b/cgroup.cc
index a72e35fe0b3a0b23ea87a72f9ccb5dd2bf0bde3d..9648893be73683e16030bf0a8374849887a8c222 100644 (file)
--- a/cgroup.cc
+++ b/cgroup.cc
@@ -57,6 +57,21 @@ static bool writeToCgroup(
        return true;
 }
 
+static bool readFromCgroup(
+    const std::string& cgroup_path, std::string& value, const std::string& what) {
+       char buf[255];
+       ssize_t size;
+       size = util::readFromFile(cgroup_path.c_str(), buf, 255);
+       if (!size) {
+               LOG_W("Cannot read %s", what.c_str());
+               return false;
+       }
+       buf[size-1] = '\0';
+       value = buf;
+       LOG_D("Getting '%s' from '%s'", value.c_str(), cgroup_path.c_str());
+       return true;
+}
+
 static bool addPidToTaskList(const std::string& cgroup_path, pid_t pid) {
        std::string pid_str = std::to_string(pid);
        std::string tasks_path = cgroup_path + "/tasks";
@@ -133,14 +148,27 @@ static bool initNsFromParentCpu(nsjconf_t* nsjconf, pid_t pid) {
        std::string cpu_cgroup_path = nsjconf->cgroup_cpu_mount + '/' + nsjconf->cgroup_cpu_parent +
                                      "/NSJAIL." + std::to_string(pid);
        RETURN_ON_FAILURE(createCgroup(cpu_cgroup_path, pid));
-
+#ifndef TIZEN
        std::string cpu_ms_per_sec_str = std::to_string(nsjconf->cgroup_cpu_ms_per_sec * 1000U);
        RETURN_ON_FAILURE(
            writeToCgroup(cpu_cgroup_path + "/cpu.cfs_quota_us", cpu_ms_per_sec_str, "cpu quota"));
 
        RETURN_ON_FAILURE(
            writeToCgroup(cpu_cgroup_path + "/cpu.cfs_period_us", "1000000", "cpu period"));
+#else
+       double ratio = (double)nsjconf->cgroup_cpu_ms_per_sec / (double)1000;
+       std::string cpu_shares_str;
+       RETURN_ON_FAILURE(
+               readFromCgroup(nsjconf->cgroup_cpu_mount + "/" + nsjconf->cgroup_cpu_parent + "/cpu.shares", cpu_shares_str, "cpu shares"));
+
+       double cpu_shares = std::stod(cpu_shares_str);
+       int adjusted_cpu_shares = cpu_shares * ratio;
 
+       LOG_D("cpu_shares = %lf, ratio = %lf, final cpu_shares = %d",cpu_shares, ratio, adjusted_cpu_shares);
+
+       RETURN_ON_FAILURE(
+           writeToCgroup(cpu_cgroup_path + "/cpu.shares", std::to_string(adjusted_cpu_shares), "cpu quota with cpu shares"));
+#endif
        return addPidToTaskList(cpu_cgroup_path, pid);
 }
 

diff --git a/packaging/nsjail.spec b/packaging/nsjail.spec
index 250bc194d7610f3bbc10187dbb900910df6428b0..157df4be61adef355bbe3857997f79075a7941f7 100644 (file)
--- a/packaging/nsjail.spec
+++ b/packaging/nsjail.spec
@@ -30,9 +30,8 @@ seccomp-bpf syscall filters (with help of the kafel bpf language)
 %setup -q
 
 %build
-%define _lto_cflags %{nil}
-export CFLAGS="%{optflags}"
-export CXXFLAGS="$CFLAGS"
+export CFLAGS="$CFLAGS -DTIZEN"
+export CXXFLAGS="$CXXFLAGS -DTIZEN"
 make %{?_smp_mflags}
 
 %install