From 0e92cd78456302c63c96dc75a15feea26009b410 Mon Sep 17 00:00:00 2001 From: Kunhoon Baik Date: Thu, 15 Jul 2021 14:16:27 +0900 Subject: [PATCH] Adjust cgroup cpu for Tizen Latest public Tizen does not support cfs_period_us or cfs_quota_us because CONFIG_FAIR_GROUP_SCHED, CONFIG_CFS_BANDWIDTH are not enabled. Thus, instead of strict cpu limitation using cfs_quota, use cpu_shares. The cpu_shares of each NSJAIL process will be assigned according to ratio (cfs_quota/cfs_period) This is temporary patch and is not well validated. Tizen will consider to enable the kernel option for cfs_quota_us. --- cgroup.cc | 30 +++++++++++++++++++++++++++++- packaging/nsjail.spec | 5 ++--- 2 files changed, 31 insertions(+), 4 deletions(-) diff --git a/cgroup.cc b/cgroup.cc index a72e35f..9648893 100644 --- a/cgroup.cc +++ b/cgroup.cc @@ -57,6 +57,21 @@ static bool writeToCgroup( return true; } +static bool readFromCgroup( + const std::string& cgroup_path, std::string& value, const std::string& what) { + char buf[255]; + ssize_t size; + size = util::readFromFile(cgroup_path.c_str(), buf, 255); + if (!size) { + LOG_W("Cannot read %s", what.c_str()); + return false; + } + buf[size-1] = '\0'; + value = buf; + LOG_D("Getting '%s' from '%s'", value.c_str(), cgroup_path.c_str()); + return true; +} + static bool addPidToTaskList(const std::string& cgroup_path, pid_t pid) { std::string pid_str = std::to_string(pid); std::string tasks_path = cgroup_path + "/tasks"; @@ -133,14 +148,27 @@ static bool initNsFromParentCpu(nsjconf_t* nsjconf, pid_t pid) { std::string cpu_cgroup_path = nsjconf->cgroup_cpu_mount + '/' + nsjconf->cgroup_cpu_parent + "/NSJAIL." + std::to_string(pid); RETURN_ON_FAILURE(createCgroup(cpu_cgroup_path, pid)); - +#ifndef TIZEN std::string cpu_ms_per_sec_str = std::to_string(nsjconf->cgroup_cpu_ms_per_sec * 1000U); RETURN_ON_FAILURE( writeToCgroup(cpu_cgroup_path + "/cpu.cfs_quota_us", cpu_ms_per_sec_str, "cpu quota")); RETURN_ON_FAILURE( writeToCgroup(cpu_cgroup_path + "/cpu.cfs_period_us", "1000000", "cpu period")); +#else + double ratio = (double)nsjconf->cgroup_cpu_ms_per_sec / (double)1000; + std::string cpu_shares_str; + RETURN_ON_FAILURE( + readFromCgroup(nsjconf->cgroup_cpu_mount + "/" + nsjconf->cgroup_cpu_parent + "/cpu.shares", cpu_shares_str, "cpu shares")); + + double cpu_shares = std::stod(cpu_shares_str); + int adjusted_cpu_shares = cpu_shares * ratio; + LOG_D("cpu_shares = %lf, ratio = %lf, final cpu_shares = %d",cpu_shares, ratio, adjusted_cpu_shares); + + RETURN_ON_FAILURE( + writeToCgroup(cpu_cgroup_path + "/cpu.shares", std::to_string(adjusted_cpu_shares), "cpu quota with cpu shares")); +#endif return addPidToTaskList(cpu_cgroup_path, pid); } diff --git a/packaging/nsjail.spec b/packaging/nsjail.spec index 250bc19..157df4b 100644 --- a/packaging/nsjail.spec +++ b/packaging/nsjail.spec @@ -30,9 +30,8 @@ seccomp-bpf syscall filters (with help of the kafel bpf language) %setup -q %build -%define _lto_cflags %{nil} -export CFLAGS="%{optflags}" -export CXXFLAGS="$CFLAGS" +export CFLAGS="$CFLAGS -DTIZEN" +export CXXFLAGS="$CXXFLAGS -DTIZEN" make %{?_smp_mflags} %install -- 2.34.1