BIN = nsjail
LIBS = kafel/libkafel.a
-SRCS_C = caps.c log.c cgroup.c mount.c pid.c user.c util.c uts.c cpu.c
-SRCS_CXX = cmdline.cc config.cc contain.cc net.cc nsjail.cc sandbox.cc subproc.cc
+SRCS_C = caps.c log.c cgroup.c mount.c pid.c user.c util.c uts.c
+SRCS_CXX = cmdline.cc config.cc contain.cc cpu.cc net.cc nsjail.cc sandbox.cc subproc.cc
SRCS_PROTO = config.proto
SRCS_PB_CXX = $(SRCS_PROTO:.proto=.pb.cc)
SRCS_PB_H = $(SRCS_PROTO:.proto=.pb.h)
user.o: user.h nsjail.h common.h log.h subproc.h util.h
util.o: util.h nsjail.h common.h log.h
uts.o: uts.h nsjail.h log.h
-cpu.o: cpu.h nsjail.h log.h util.h
cmdline.o: cmdline.h nsjail.h caps.h common.h log.h mount.h user.h util.h
cmdline.o: config.h sandbox.h
config.o: common.h caps.h nsjail.h config.h log.h mount.h user.h util.h
config.o: cmdline.h
-contain.o: contain.h nsjail.h caps.h cgroup.h cpu.h log.h mount.h pid.h
-contain.o: user.h uts.h net.h
+contain.o: contain.h nsjail.h caps.h cgroup.h log.h mount.h pid.h user.h
+contain.o: uts.h cpu.h net.h
+cpu.o: cpu.h nsjail.h log.h util.h
net.o: net.h nsjail.h log.h subproc.h
nsjail.o: nsjail.h cmdline.h common.h log.h net.h subproc.h util.h
sandbox.o: sandbox.h nsjail.h kafel/include/kafel.h log.h
extern "C" {
#include "caps.h"
#include "cgroup.h"
-#include "cpu.h"
#include "log.h"
#include "mount.h"
#include "pid.h"
#include "uts.h"
}
+#include "cpu.h"
#include "net.h"
namespace contain {
static bool containInitMountNs(struct nsjconf_t* nsjconf) { return mountInitNs(nsjconf); }
-static bool containCPU(struct nsjconf_t* nsjconf) { return cpuInit(nsjconf); }
+static bool containCPU(struct nsjconf_t* nsjconf) { return cpu::initCpu(nsjconf); }
static bool containSetLimits(struct nsjconf_t* nsjconf) {
struct rlimit64 rl;
+++ /dev/null
-/*
-
- nsjail - CPU affinity
- -----------------------------------------
-
- Copyright 2017 Google Inc. All Rights Reserved.
-
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
-
-*/
-
-#include "cpu.h"
-
-#include <inttypes.h>
-#include <sched.h>
-#include <stdint.h>
-#include <string.h>
-#include <unistd.h>
-
-#include "log.h"
-#include "util.h"
-
-static void cpuSetRandomCpu(cpu_set_t* mask, size_t mask_size, size_t cpu_num) {
- if ((size_t)CPU_COUNT_S(mask_size, mask) >= cpu_num) {
- LOG_F(
- "Number of CPUs in the mask '%d' is bigger than number of available CPUs '%zu'",
- CPU_COUNT(mask), cpu_num);
- }
-
- for (;;) {
- uint64_t n = utilRnd64() % cpu_num;
- if (!CPU_ISSET_S(n, mask_size, mask)) {
- LOG_D("Setting allowed CPU#:%" PRIu64 " of [0-%zu]", n, cpu_num - 1);
- CPU_SET_S(n, mask_size, mask);
- break;
- }
- }
-}
-
-bool cpuInit(struct nsjconf_t* nsjconf) {
- if (nsjconf->num_cpus < 0) {
- PLOG_W("sysconf(_SC_NPROCESSORS_ONLN) returned %ld", nsjconf->num_cpus);
- return false;
- }
- if (nsjconf->max_cpus > (size_t)nsjconf->num_cpus) {
- LOG_W("Requested number of CPUs:%zu is bigger than CPUs online:%ld",
- nsjconf->max_cpus, nsjconf->num_cpus);
- return true;
- }
- if (nsjconf->max_cpus == (size_t)nsjconf->num_cpus) {
- LOG_D("All CPUs requested (%zu of %ld)", nsjconf->max_cpus, nsjconf->num_cpus);
- return true;
- }
- if (nsjconf->max_cpus == 0) {
- LOG_D("No max_cpus limit set");
- return true;
- }
-
- cpu_set_t* mask = CPU_ALLOC(nsjconf->num_cpus);
- if (mask == NULL) {
- PLOG_W("Failure allocating cpu_set_t for %ld CPUs", nsjconf->num_cpus);
- return false;
- }
-
- size_t mask_size = CPU_ALLOC_SIZE(nsjconf->num_cpus);
- CPU_ZERO_S(mask_size, mask);
-
- for (size_t i = 0; i < nsjconf->max_cpus; i++) {
- cpuSetRandomCpu(mask, mask_size, nsjconf->num_cpus);
- }
-
- if (sched_setaffinity(0, mask_size, mask) == -1) {
- PLOG_W("sched_setaffinity(max_cpus=%zu) failed", nsjconf->max_cpus);
- CPU_FREE(mask);
- return false;
- }
- CPU_FREE(mask);
-
- return true;
-}
--- /dev/null
+/*
+
+ nsjail - CPU affinity
+ -----------------------------------------
+
+ Copyright 2017 Google Inc. All Rights Reserved.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+*/
+
+#include "cpu.h"
+
+#include <inttypes.h>
+#include <sched.h>
+#include <stdint.h>
+#include <string.h>
+#include <unistd.h>
+
+extern "C" {
+#include "log.h"
+#include "util.h"
+}
+
+namespace cpu {
+
+static void setRandomCpu(cpu_set_t* mask, size_t mask_size, size_t cpu_num) {
+ if ((size_t)CPU_COUNT_S(mask_size, mask) >= cpu_num) {
+ LOG_F(
+ "Number of CPUs in the mask '%d' is bigger than number of available CPUs '%zu'",
+ CPU_COUNT(mask), cpu_num);
+ }
+
+ for (;;) {
+ uint64_t n = utilRnd64() % cpu_num;
+ if (!CPU_ISSET_S(n, mask_size, mask)) {
+ LOG_D("Setting allowed CPU#:%" PRIu64 " of [0-%zu]", n, cpu_num - 1);
+ CPU_SET_S(n, mask_size, mask);
+ break;
+ }
+ }
+}
+
+bool initCpu(struct nsjconf_t* nsjconf) {
+ if (nsjconf->num_cpus < 0) {
+ PLOG_W("sysconf(_SC_NPROCESSORS_ONLN) returned %ld", nsjconf->num_cpus);
+ return false;
+ }
+ if (nsjconf->max_cpus > (size_t)nsjconf->num_cpus) {
+ LOG_W("Requested number of CPUs:%zu is bigger than CPUs online:%ld",
+ nsjconf->max_cpus, nsjconf->num_cpus);
+ return true;
+ }
+ if (nsjconf->max_cpus == (size_t)nsjconf->num_cpus) {
+ LOG_D("All CPUs requested (%zu of %ld)", nsjconf->max_cpus, nsjconf->num_cpus);
+ return true;
+ }
+ if (nsjconf->max_cpus == 0) {
+ LOG_D("No max_cpus limit set");
+ return true;
+ }
+
+ cpu_set_t* mask = CPU_ALLOC(nsjconf->num_cpus);
+ if (mask == NULL) {
+ PLOG_W("Failure allocating cpu_set_t for %ld CPUs", nsjconf->num_cpus);
+ return false;
+ }
+
+ size_t mask_size = CPU_ALLOC_SIZE(nsjconf->num_cpus);
+ CPU_ZERO_S(mask_size, mask);
+
+ for (size_t i = 0; i < nsjconf->max_cpus; i++) {
+ setRandomCpu(mask, mask_size, nsjconf->num_cpus);
+ }
+
+ if (sched_setaffinity(0, mask_size, mask) == -1) {
+ PLOG_W("sched_setaffinity(max_cpus=%zu) failed", nsjconf->max_cpus);
+ CPU_FREE(mask);
+ return false;
+ }
+ CPU_FREE(mask);
+
+ return true;
+}
+
+} // namespace cpu
#include "nsjail.h"
-bool cpuInit(struct nsjconf_t* nsjconf);
+namespace cpu {
+
+bool initCpu(struct nsjconf_t* nsjconf);
+
+} // namespace cpu
#endif /* NS_CPU_H */
projects / platform / upstream / nsjail.git / commitdiff