3 * Copyright © 2014-2016 Canonical, Inc
4 * Author: Serge Hallyn <serge.hallyn@ubuntu.com>
6 * See COPYING file for details.
9 #define FUSE_USE_VERSION 26
11 #define __STDC_FORMAT_MACROS
29 #include <linux/magic.h>
30 #include <linux/sched.h>
31 #include <sys/epoll.h>
33 #include <sys/mount.h>
34 #include <sys/param.h>
35 #include <sys/socket.h>
36 #include <sys/syscall.h>
37 #include <sys/sysinfo.h>
41 #include "cgroups/cgroup.h"
42 #include "cgroups/cgroup_utils.h"
43 #include "memory_utils.h"
46 /* Define pivot_root() if missing from the C library */
47 #ifndef HAVE_PIVOT_ROOT
48 static int pivot_root(const char * new_root
, const char * put_old
)
50 #ifdef __NR_pivot_root
51 return syscall(__NR_pivot_root
, new_root
, put_old
);
58 extern int pivot_root(const char * new_root
, const char * put_old
);
61 struct cpuacct_usage
{
68 /* The function of hash table.*/
69 #define LOAD_SIZE 100 /*the size of hash_table */
70 #define FLUSH_TIME 5 /*the flush rate */
71 #define DEPTH_DIR 3 /*the depth of per cgroup */
72 /* The function of calculate loadavg .*/
73 #define FSHIFT 11 /* nr of bits of precision */
74 #define FIXED_1 (1<<FSHIFT) /* 1.0 as fixed-point */
75 #define EXP_1 1884 /* 1/exp(5sec/1min) as fixed-point */
76 #define EXP_5 2014 /* 1/exp(5sec/5min) */
77 #define EXP_15 2037 /* 1/exp(5sec/15min) */
78 #define LOAD_INT(x) ((x) >> FSHIFT)
79 #define LOAD_FRAC(x) LOAD_INT(((x) & (FIXED_1-1)) * 100)
81 * This parameter is used for proc_loadavg_read().
82 * 1 means use loadavg, 0 means not use.
84 static int loadavg
= 0;
85 static volatile sig_atomic_t loadavg_stop
= 0;
86 static int calc_hash(const char *name
)
88 unsigned int hash
= 0;
90 /* ELFHash algorithm. */
92 hash
= (hash
<< 4) + *name
++;
93 x
= hash
& 0xf0000000;
98 return (hash
& 0x7fffffff);
103 unsigned long avenrun
[3]; /* Load averages */
104 unsigned int run_pid
;
105 unsigned int total_pid
;
106 unsigned int last_pid
;
107 int cfd
; /* The file descriptor of the mounted cgroup */
108 struct load_node
*next
;
109 struct load_node
**pre
;
114 * The lock is about insert load_node and refresh load_node.To the first
115 * load_node of each hash bucket, insert and refresh in this hash bucket is
116 * mutually exclusive.
118 pthread_mutex_t lock
;
120 * The rdlock is about read loadavg and delete load_node.To each hash
121 * bucket, read and delete is mutually exclusive. But at the same time, we
122 * allow paratactic read operation. This rdlock is at list level.
124 pthread_rwlock_t rdlock
;
126 * The rilock is about read loadavg and insert load_node.To the first
127 * load_node of each hash bucket, read and insert is mutually exclusive.
128 * But at the same time, we allow paratactic read operation.
130 pthread_rwlock_t rilock
;
131 struct load_node
*next
;
134 static struct load_head load_hash
[LOAD_SIZE
]; /* hash table */
136 * init_load initialize the hash table.
137 * Return 0 on success, return -1 on failure.
139 static int init_load(void)
144 for (i
= 0; i
< LOAD_SIZE
; i
++) {
145 load_hash
[i
].next
= NULL
;
146 ret
= pthread_mutex_init(&load_hash
[i
].lock
, NULL
);
148 lxcfs_error("%s\n", "Failed to initialize lock");
151 ret
= pthread_rwlock_init(&load_hash
[i
].rdlock
, NULL
);
153 lxcfs_error("%s\n", "Failed to initialize rdlock");
156 ret
= pthread_rwlock_init(&load_hash
[i
].rilock
, NULL
);
158 lxcfs_error("%s\n", "Failed to initialize rilock");
164 pthread_rwlock_destroy(&load_hash
[i
].rdlock
);
166 pthread_mutex_destroy(&load_hash
[i
].lock
);
170 pthread_mutex_destroy(&load_hash
[i
].lock
);
171 pthread_rwlock_destroy(&load_hash
[i
].rdlock
);
172 pthread_rwlock_destroy(&load_hash
[i
].rilock
);
177 static void insert_node(struct load_node
**n
, int locate
)
181 pthread_mutex_lock(&load_hash
[locate
].lock
);
182 pthread_rwlock_wrlock(&load_hash
[locate
].rilock
);
183 f
= load_hash
[locate
].next
;
184 load_hash
[locate
].next
= *n
;
186 (*n
)->pre
= &(load_hash
[locate
].next
);
188 f
->pre
= &((*n
)->next
);
190 pthread_mutex_unlock(&load_hash
[locate
].lock
);
191 pthread_rwlock_unlock(&load_hash
[locate
].rilock
);
194 * locate_node() finds special node. Not return NULL means success.
195 * It should be noted that rdlock isn't unlocked at the end of code
196 * because this function is used to read special node. Delete is not
197 * allowed before read has ended.
198 * unlock rdlock only in proc_loadavg_read().
200 static struct load_node
*locate_node(char *cg
, int locate
)
202 struct load_node
*f
= NULL
;
205 pthread_rwlock_rdlock(&load_hash
[locate
].rilock
);
206 pthread_rwlock_rdlock(&load_hash
[locate
].rdlock
);
207 if (load_hash
[locate
].next
== NULL
) {
208 pthread_rwlock_unlock(&load_hash
[locate
].rilock
);
211 f
= load_hash
[locate
].next
;
212 pthread_rwlock_unlock(&load_hash
[locate
].rilock
);
213 while (f
&& ((i
= strcmp(f
->cg
, cg
)) != 0))
218 /* Delete the load_node n and return the next node of it. */
219 static struct load_node
*del_node(struct load_node
*n
, int locate
)
223 pthread_rwlock_wrlock(&load_hash
[locate
].rdlock
);
224 if (n
->next
== NULL
) {
228 n
->next
->pre
= n
->pre
;
233 pthread_rwlock_unlock(&load_hash
[locate
].rdlock
);
237 static void load_free(void)
239 struct load_node
*f
, *p
;
241 for (int i
= 0; i
< LOAD_SIZE
; i
++) {
242 pthread_mutex_lock(&load_hash
[i
].lock
);
243 pthread_rwlock_wrlock(&load_hash
[i
].rilock
);
244 pthread_rwlock_wrlock(&load_hash
[i
].rdlock
);
245 if (load_hash
[i
].next
== NULL
) {
246 pthread_mutex_unlock(&load_hash
[i
].lock
);
247 pthread_mutex_destroy(&load_hash
[i
].lock
);
248 pthread_rwlock_unlock(&load_hash
[i
].rilock
);
249 pthread_rwlock_destroy(&load_hash
[i
].rilock
);
250 pthread_rwlock_unlock(&load_hash
[i
].rdlock
);
251 pthread_rwlock_destroy(&load_hash
[i
].rdlock
);
255 for (f
= load_hash
[i
].next
; f
;) {
262 pthread_mutex_unlock(&load_hash
[i
].lock
);
263 pthread_mutex_destroy(&load_hash
[i
].lock
);
264 pthread_rwlock_unlock(&load_hash
[i
].rilock
);
265 pthread_rwlock_destroy(&load_hash
[i
].rilock
);
266 pthread_rwlock_unlock(&load_hash
[i
].rdlock
);
267 pthread_rwlock_destroy(&load_hash
[i
].rdlock
);
271 /* Data for CPU view */
272 struct cg_proc_stat
{
274 struct cpuacct_usage
*usage
; // Real usage as read from the host's /proc/stat
275 struct cpuacct_usage
*view
; // Usage stats reported to the container
277 pthread_mutex_t lock
; // For node manipulation
278 struct cg_proc_stat
*next
;
281 struct cg_proc_stat_head
{
282 struct cg_proc_stat
*next
;
286 * For access to the list. Reading can be parallel, pruning is exclusive.
288 pthread_rwlock_t lock
;
291 #define CPUVIEW_HASH_SIZE 100
292 static struct cg_proc_stat_head
*proc_stat_history
[CPUVIEW_HASH_SIZE
];
294 static bool cpuview_init_head(struct cg_proc_stat_head
**head
)
296 *head
= malloc(sizeof(struct cg_proc_stat_head
));
298 lxcfs_error("%s\n", strerror(errno
));
302 (*head
)->lastcheck
= time(NULL
);
303 (*head
)->next
= NULL
;
305 if (pthread_rwlock_init(&(*head
)->lock
, NULL
) != 0) {
306 lxcfs_error("%s\n", "Failed to initialize list lock");
314 static bool init_cpuview()
318 for (i
= 0; i
< CPUVIEW_HASH_SIZE
; i
++)
319 proc_stat_history
[i
] = NULL
;
321 for (i
= 0; i
< CPUVIEW_HASH_SIZE
; i
++) {
322 if (!cpuview_init_head(&proc_stat_history
[i
]))
329 for (i
= 0; i
< CPUVIEW_HASH_SIZE
; i
++) {
330 if (proc_stat_history
[i
])
331 free_disarm(proc_stat_history
[i
]);
337 static void free_proc_stat_node(struct cg_proc_stat
*node
)
339 pthread_mutex_destroy(&node
->lock
);
340 free_disarm(node
->cg
);
341 free_disarm(node
->usage
);
342 free_disarm(node
->view
);
346 static void cpuview_free_head(struct cg_proc_stat_head
*head
)
348 struct cg_proc_stat
*node
, *tmp
;
356 free_proc_stat_node(tmp
);
363 pthread_rwlock_destroy(&head
->lock
);
367 static void free_cpuview()
371 for (i
= 0; i
< CPUVIEW_HASH_SIZE
; i
++) {
372 if (proc_stat_history
[i
])
373 cpuview_free_head(proc_stat_history
[i
]);
378 * A table caching which pid is init for a pid namespace.
379 * When looking up which pid is init for $qpid, we first
380 * 1. Stat /proc/$qpid/ns/pid.
381 * 2. Check whether the ino_t is in our store.
382 * a. if not, fork a child in qpid's ns to send us
383 * ucred.pid = 1, and read the initpid. Cache
384 * initpid and creation time for /proc/initpid
385 * in a new store entry.
386 * b. if so, verify that /proc/initpid still matches
387 * what we have saved. If not, clear the store
388 * entry and go back to a. If so, return the
391 struct pidns_init_store
{
392 ino_t ino
; // inode number for /proc/$pid/ns/pid
393 pid_t initpid
; // the pid of nit in that ns
394 long int ctime
; // the time at which /proc/$initpid was created
395 struct pidns_init_store
*next
;
399 /* lol - look at how they are allocated in the kernel */
400 #define PIDNS_HASH_SIZE 4096
401 #define HASH(x) ((x) % PIDNS_HASH_SIZE)
403 static struct pidns_init_store
*pidns_hash_table
[PIDNS_HASH_SIZE
];
404 static pthread_mutex_t pidns_store_mutex
= PTHREAD_MUTEX_INITIALIZER
;
405 static void lock_mutex(pthread_mutex_t
*l
)
409 if ((ret
= pthread_mutex_lock(l
)) != 0) {
410 lxcfs_error("returned:%d %s\n", ret
, strerror(ret
));
415 struct cgroup_ops
*cgroup_ops
;
417 static void unlock_mutex(pthread_mutex_t
*l
)
421 if ((ret
= pthread_mutex_unlock(l
)) != 0) {
422 lxcfs_error("returned:%d %s\n", ret
, strerror(ret
));
427 static void store_lock(void)
429 lock_mutex(&pidns_store_mutex
);
432 static void store_unlock(void)
434 unlock_mutex(&pidns_store_mutex
);
437 /* Must be called under store_lock */
438 static bool initpid_still_valid(struct pidns_init_store
*e
, struct stat
*nsfdsb
)
443 snprintf(fnam
, 100, "/proc/%d", e
->initpid
);
444 if (stat(fnam
, &initsb
) < 0)
447 lxcfs_debug("Comparing ctime %ld == %ld for pid %d.\n", e
->ctime
,
448 initsb
.st_ctime
, e
->initpid
);
450 if (e
->ctime
!= initsb
.st_ctime
)
455 /* Must be called under store_lock */
456 static void remove_initpid(struct pidns_init_store
*e
)
458 struct pidns_init_store
*tmp
;
461 lxcfs_debug("Remove_initpid: removing entry for %d.\n", e
->initpid
);
464 if (pidns_hash_table
[h
] == e
) {
465 pidns_hash_table
[h
] = e
->next
;
470 tmp
= pidns_hash_table
[h
];
472 if (tmp
->next
== e
) {
482 /* Must be called under store_lock */
483 static void prune_initpid_store(void)
485 static long int last_prune
= 0;
486 struct pidns_init_store
*e
, *prev
, *delme
;
487 long int now
, threshold
;
491 last_prune
= time(NULL
);
495 if (now
< last_prune
+ PURGE_SECS
)
498 lxcfs_debug("%s\n", "Pruning.");
501 threshold
= now
- 2 * PURGE_SECS
;
503 for (i
= 0; i
< PIDNS_HASH_SIZE
; i
++) {
504 for (prev
= NULL
, e
= pidns_hash_table
[i
]; e
; ) {
505 if (e
->lastcheck
< threshold
) {
507 lxcfs_debug("Removing cached entry for %d.\n", e
->initpid
);
511 prev
->next
= e
->next
;
513 pidns_hash_table
[i
] = e
->next
;
524 /* Must be called under store_lock */
525 static void save_initpid(struct stat
*sb
, pid_t pid
)
527 struct pidns_init_store
*e
;
532 lxcfs_debug("Save_initpid: adding entry for %d.\n", pid
);
534 snprintf(fpath
, 100, "/proc/%d", pid
);
535 if (stat(fpath
, &procsb
) < 0)
538 e
= malloc(sizeof(*e
));
542 e
->ctime
= procsb
.st_ctime
;
544 e
->next
= pidns_hash_table
[h
];
545 e
->lastcheck
= time(NULL
);
546 pidns_hash_table
[h
] = e
;
550 * Given the stat(2) info for a nsfd pid inode, lookup the init_pid_store
551 * entry for the inode number and creation time. Verify that the init pid
552 * is still valid. If not, remove it. Return the entry if valid, NULL
554 * Must be called under store_lock
556 static struct pidns_init_store
*lookup_verify_initpid(struct stat
*sb
)
558 int h
= HASH(sb
->st_ino
);
559 struct pidns_init_store
*e
= pidns_hash_table
[h
];
562 if (e
->ino
== sb
->st_ino
) {
563 if (initpid_still_valid(e
, sb
)) {
564 e
->lastcheck
= time(NULL
);
576 static int is_dir(const char *path
, int fd
)
579 int ret
= fstatat(fd
, path
, &statbuf
, fd
);
580 if (ret
== 0 && S_ISDIR(statbuf
.st_mode
))
585 static int preserve_ns(const int pid
, const char *ns
)
588 /* 5 /proc + 21 /int_as_str + 3 /ns + 20 /NS_NAME + 1 \0 */
589 #define __NS_PATH_LEN 50
590 char path
[__NS_PATH_LEN
];
592 /* This way we can use this function to also check whether namespaces
593 * are supported by the kernel by passing in the NULL or the empty
596 ret
= snprintf(path
, __NS_PATH_LEN
, "/proc/%d/ns%s%s", pid
,
597 !ns
|| strcmp(ns
, "") == 0 ? "" : "/",
598 !ns
|| strcmp(ns
, "") == 0 ? "" : ns
);
599 if (ret
< 0 || (size_t)ret
>= __NS_PATH_LEN
) {
604 return open(path
, O_RDONLY
| O_CLOEXEC
);
608 * in_same_namespace - Check whether two processes are in the same namespace.
609 * @pid1 - PID of the first process.
610 * @pid2 - PID of the second process.
611 * @ns - Name of the namespace to check. Must correspond to one of the names
612 * for the namespaces as shown in /proc/<pid/ns/
614 * If the two processes are not in the same namespace returns an fd to the
615 * namespace of the second process identified by @pid2. If the two processes are
616 * in the same namespace returns -EINVAL, -1 if an error occurred.
618 static int in_same_namespace(pid_t pid1
, pid_t pid2
, const char *ns
)
620 __do_close_prot_errno
int ns_fd1
= -1, ns_fd2
= -1;
622 struct stat ns_st1
, ns_st2
;
624 ns_fd1
= preserve_ns(pid1
, ns
);
626 /* The kernel does not support this namespace. This is not an
635 ns_fd2
= preserve_ns(pid2
, ns
);
639 ret
= fstat(ns_fd1
, &ns_st1
);
643 ret
= fstat(ns_fd2
, &ns_st2
);
647 /* processes are in the same namespace */
648 if ((ns_st1
.st_dev
== ns_st2
.st_dev
) && (ns_st1
.st_ino
== ns_st2
.st_ino
))
651 /* processes are in different namespaces */
652 return move_fd(ns_fd2
);
655 static bool is_shared_pidns(pid_t pid
)
660 if (in_same_namespace(pid
, getpid(), "pid") == -EINVAL
)
666 static bool write_string(const char *fnam
, const char *string
, int fd
)
675 len
= strlen(string
);
676 ret
= fwrite(string
, 1, len
, f
);
678 lxcfs_error("%s - Error writing \"%s\" to \"%s\"\n",
679 strerror(errno
), string
, fnam
);
685 lxcfs_error("%s - Failed to close \"%s\"\n", strerror(errno
), fnam
);
698 static void print_subsystems(void)
702 fprintf(stderr
, "mount namespace: %d\n", cgroup_ops
->mntns_fd
);
703 fprintf(stderr
, "hierarchies:\n");
704 for (struct hierarchy
**h
= cgroup_ops
->hierarchies
; h
&& *h
; h
++, i
++) {
705 __do_free
char *controllers
= lxc_string_join(",", (const char **)(*h
)->controllers
, false);
706 fprintf(stderr
, " %2d: fd: %3d: %s\n", i
, (*h
)->fd
, controllers
?: "");
710 /* do we need to do any massaging here? I'm not sure... */
711 /* Return the mounted controller and store the corresponding open file descriptor
712 * referring to the controller mountpoint in the private lxcfs namespace in
715 static int find_mounted_controller(const char *controller
)
719 h
= cgroup_ops
->get_hierarchy(cgroup_ops
, controller
);
720 return h
? h
->fd
: -EBADF
;
723 bool cgfs_set_value(const char *controller
, const char *cgroup
, const char *file
,
730 cfd
= find_mounted_controller(controller
);
734 /* Make sure we pass a relative path to *at() family of functions.
735 * . + /cgroup + / + file + \0
737 len
= strlen(cgroup
) + strlen(file
) + 3;
739 ret
= snprintf(fnam
, len
, "%s%s/%s", dot_or_empty(cgroup
), cgroup
, file
);
740 if (ret
< 0 || (size_t)ret
>= len
)
743 fd
= openat(cfd
, fnam
, O_WRONLY
);
747 return write_string(fnam
, value
, fd
);
750 // Chown all the files in the cgroup directory. We do this when we create
751 // a cgroup on behalf of a user.
752 static void chown_all_cgroup_files(const char *dirname
, uid_t uid
, gid_t gid
, int fd
)
754 struct dirent
*direntp
;
755 char path
[MAXPATHLEN
];
760 len
= strlen(dirname
);
761 if (len
>= MAXPATHLEN
) {
762 lxcfs_error("Pathname too long: %s\n", dirname
);
766 fd1
= openat(fd
, dirname
, O_DIRECTORY
);
772 lxcfs_error("Failed to open %s\n", dirname
);
776 while ((direntp
= readdir(d
))) {
777 if (!strcmp(direntp
->d_name
, ".") || !strcmp(direntp
->d_name
, ".."))
779 ret
= snprintf(path
, MAXPATHLEN
, "%s/%s", dirname
, direntp
->d_name
);
780 if (ret
< 0 || ret
>= MAXPATHLEN
) {
781 lxcfs_error("Pathname too long under %s\n", dirname
);
784 if (fchownat(fd
, path
, uid
, gid
, 0) < 0)
785 lxcfs_error("Failed to chown file %s to %u:%u", path
, uid
, gid
);
790 int cgfs_create(const char *controller
, const char *cg
, uid_t uid
, gid_t gid
)
796 cfd
= find_mounted_controller(controller
);
800 /* Make sure we pass a relative path to *at() family of functions.
803 len
= strlen(cg
) + 2;
804 dirnam
= alloca(len
);
805 snprintf(dirnam
, len
, "%s%s", dot_or_empty(cg
), cg
);
807 if (mkdirat(cfd
, dirnam
, 0755) < 0)
810 if (uid
== 0 && gid
== 0)
813 if (fchownat(cfd
, dirnam
, uid
, gid
, 0) < 0)
816 chown_all_cgroup_files(dirnam
, uid
, gid
, cfd
);
821 static bool recursive_rmdir(const char *dirname
, int fd
, const int cfd
)
823 struct dirent
*direntp
;
826 char pathname
[MAXPATHLEN
];
829 dupfd
= dup(fd
); // fdopendir() does bad things once it uses an fd.
833 dir
= fdopendir(dupfd
);
835 lxcfs_debug("Failed to open %s: %s.\n", dirname
, strerror(errno
));
840 while ((direntp
= readdir(dir
))) {
844 if (!strcmp(direntp
->d_name
, ".") ||
845 !strcmp(direntp
->d_name
, ".."))
848 rc
= snprintf(pathname
, MAXPATHLEN
, "%s/%s", dirname
, direntp
->d_name
);
849 if (rc
< 0 || rc
>= MAXPATHLEN
) {
850 lxcfs_error("%s\n", "Pathname too long.");
854 rc
= fstatat(cfd
, pathname
, &mystat
, AT_SYMLINK_NOFOLLOW
);
856 lxcfs_debug("Failed to stat %s: %s.\n", pathname
, strerror(errno
));
859 if (S_ISDIR(mystat
.st_mode
))
860 if (!recursive_rmdir(pathname
, fd
, cfd
))
861 lxcfs_debug("Error removing %s.\n", pathname
);
865 if (closedir(dir
) < 0) {
866 lxcfs_error("Failed to close directory %s: %s\n", dirname
, strerror(errno
));
870 if (unlinkat(cfd
, dirname
, AT_REMOVEDIR
) < 0) {
871 lxcfs_debug("Failed to delete %s: %s.\n", dirname
, strerror(errno
));
880 bool cgfs_remove(const char *controller
, const char *cg
)
887 cfd
= find_mounted_controller(controller
);
891 /* Make sure we pass a relative path to *at() family of functions.
894 len
= strlen(cg
) + 2;
895 dirnam
= alloca(len
);
896 snprintf(dirnam
, len
, "%s%s", dot_or_empty(cg
), cg
);
898 fd
= openat(cfd
, dirnam
, O_DIRECTORY
);
902 bret
= recursive_rmdir(dirnam
, fd
, cfd
);
907 bool cgfs_chmod_file(const char *controller
, const char *file
, mode_t mode
)
913 cfd
= find_mounted_controller(controller
);
917 /* Make sure we pass a relative path to *at() family of functions.
920 len
= strlen(file
) + 2;
921 pathname
= alloca(len
);
922 snprintf(pathname
, len
, "%s%s", dot_or_empty(file
), file
);
923 if (fchmodat(cfd
, pathname
, mode
, 0) < 0)
928 static int chown_tasks_files(const char *dirname
, uid_t uid
, gid_t gid
, int fd
)
933 len
= strlen(dirname
) + strlen("/cgroup.procs") + 1;
935 snprintf(fname
, len
, "%s/tasks", dirname
);
936 if (fchownat(fd
, fname
, uid
, gid
, 0) != 0)
938 snprintf(fname
, len
, "%s/cgroup.procs", dirname
);
939 if (fchownat(fd
, fname
, uid
, gid
, 0) != 0)
944 int cgfs_chown_file(const char *controller
, const char *file
, uid_t uid
, gid_t gid
)
950 cfd
= find_mounted_controller(controller
);
954 /* Make sure we pass a relative path to *at() family of functions.
957 len
= strlen(file
) + 2;
958 pathname
= alloca(len
);
959 snprintf(pathname
, len
, "%s%s", dot_or_empty(file
), file
);
960 if (fchownat(cfd
, pathname
, uid
, gid
, 0) < 0)
963 if (is_dir(pathname
, cfd
))
964 // like cgmanager did, we want to chown the tasks file as well
965 return chown_tasks_files(pathname
, uid
, gid
, cfd
);
970 FILE *open_pids_file(const char *controller
, const char *cgroup
)
976 cfd
= find_mounted_controller(controller
);
980 /* Make sure we pass a relative path to *at() family of functions.
981 * . + /cgroup + / "cgroup.procs" + \0
983 len
= strlen(cgroup
) + strlen("cgroup.procs") + 3;
984 pathname
= alloca(len
);
985 snprintf(pathname
, len
, "%s%s/cgroup.procs", dot_or_empty(cgroup
), cgroup
);
987 fd
= openat(cfd
, pathname
, O_WRONLY
);
991 return fdopen(fd
, "w");
994 static bool cgfs_iterate_cgroup(const char *controller
, const char *cgroup
, bool directories
,
995 void ***list
, size_t typesize
,
996 void* (*iterator
)(const char*, const char*, const char*))
1001 char pathname
[MAXPATHLEN
];
1002 size_t sz
= 0, asz
= 0;
1003 struct dirent
*dirent
;
1006 cfd
= find_mounted_controller(controller
);
1011 /* Make sure we pass a relative path to *at() family of functions. */
1012 len
= strlen(cgroup
) + 1 /* . */ + 1 /* \0 */;
1014 ret
= snprintf(cg
, len
, "%s%s", dot_or_empty(cgroup
), cgroup
);
1015 if (ret
< 0 || (size_t)ret
>= len
) {
1016 lxcfs_error("Pathname too long under %s\n", cgroup
);
1020 fd
= openat(cfd
, cg
, O_DIRECTORY
);
1024 dir
= fdopendir(fd
);
1028 while ((dirent
= readdir(dir
))) {
1031 if (!strcmp(dirent
->d_name
, ".") ||
1032 !strcmp(dirent
->d_name
, ".."))
1035 ret
= snprintf(pathname
, MAXPATHLEN
, "%s/%s", cg
, dirent
->d_name
);
1036 if (ret
< 0 || ret
>= MAXPATHLEN
) {
1037 lxcfs_error("Pathname too long under %s\n", cg
);
1041 ret
= fstatat(cfd
, pathname
, &mystat
, AT_SYMLINK_NOFOLLOW
);
1043 lxcfs_error("Failed to stat %s: %s\n", pathname
, strerror(errno
));
1046 if ((!directories
&& !S_ISREG(mystat
.st_mode
)) ||
1047 (directories
&& !S_ISDIR(mystat
.st_mode
)))
1054 tmp
= realloc(*list
, asz
* typesize
);
1058 (*list
)[sz
] = (*iterator
)(controller
, cg
, dirent
->d_name
);
1059 (*list
)[sz
+1] = NULL
;
1062 if (closedir(dir
) < 0) {
1063 lxcfs_error("Failed closedir for %s: %s\n", cgroup
, strerror(errno
));
1069 static void *make_children_list_entry(const char *controller
, const char *cgroup
, const char *dir_entry
)
1073 dup
= strdup(dir_entry
);
1078 bool cgfs_list_children(const char *controller
, const char *cgroup
, char ***list
)
1080 return cgfs_iterate_cgroup(controller
, cgroup
, true, (void***)list
, sizeof(*list
), &make_children_list_entry
);
1083 void free_key(struct cgfs_files
*k
)
1087 free_disarm(k
->name
);
1091 void free_keys(struct cgfs_files
**keys
)
1097 for (i
= 0; keys
[i
]; i
++) {
1103 bool cgfs_param_exist(const char *controller
, const char *cgroup
, const char *file
)
1109 cfd
= find_mounted_controller(controller
);
1113 /* Make sure we pass a relative path to *at() family of functions.
1114 * . + /cgroup + / + file + \0
1116 len
= strlen(cgroup
) + strlen(file
) + 3;
1118 ret
= snprintf(fnam
, len
, "%s%s/%s", dot_or_empty(cgroup
), cgroup
, file
);
1119 if (ret
< 0 || (size_t)ret
>= len
)
1122 return (faccessat(cfd
, fnam
, F_OK
, 0) == 0);
1125 struct cgfs_files
*cgfs_get_key(const char *controller
, const char *cgroup
, const char *file
)
1131 struct cgfs_files
*newkey
;
1133 cfd
= find_mounted_controller(controller
);
1137 if (file
&& *file
== '/')
1140 if (file
&& strchr(file
, '/'))
1143 /* Make sure we pass a relative path to *at() family of functions.
1144 * . + /cgroup + / + file + \0
1146 len
= strlen(cgroup
) + 3;
1148 len
+= strlen(file
) + 1;
1150 snprintf(fnam
, len
, "%s%s%s%s", dot_or_empty(cgroup
), cgroup
,
1151 file
? "/" : "", file
? file
: "");
1153 ret
= fstatat(cfd
, fnam
, &sb
, 0);
1158 newkey
= malloc(sizeof(struct cgfs_files
));
1161 newkey
->name
= must_copy_string(file
);
1162 else if (strrchr(cgroup
, '/'))
1163 newkey
->name
= must_copy_string(strrchr(cgroup
, '/'));
1165 newkey
->name
= must_copy_string(cgroup
);
1166 newkey
->uid
= sb
.st_uid
;
1167 newkey
->gid
= sb
.st_gid
;
1168 newkey
->mode
= sb
.st_mode
;
1173 static void *make_key_list_entry(const char *controller
, const char *cgroup
, const char *dir_entry
)
1175 struct cgfs_files
*entry
= cgfs_get_key(controller
, cgroup
, dir_entry
);
1177 lxcfs_error("Error getting files under %s:%s\n", controller
,
1183 bool cgfs_list_keys(const char *controller
, const char *cgroup
, struct cgfs_files
***keys
)
1185 return cgfs_iterate_cgroup(controller
, cgroup
, false, (void***)keys
, sizeof(*keys
), &make_key_list_entry
);
1188 bool is_child_cgroup(const char *controller
, const char *cgroup
, const char *f
)
1196 cfd
= find_mounted_controller(controller
);
1200 /* Make sure we pass a relative path to *at() family of functions.
1201 * . + /cgroup + / + f + \0
1203 len
= strlen(cgroup
) + strlen(f
) + 3;
1205 ret
= snprintf(fnam
, len
, "%s%s/%s", dot_or_empty(cgroup
), cgroup
, f
);
1206 if (ret
< 0 || (size_t)ret
>= len
)
1209 ret
= fstatat(cfd
, fnam
, &sb
, 0);
1210 if (ret
< 0 || !S_ISDIR(sb
.st_mode
))
1216 #define SEND_CREDS_OK 0
1217 #define SEND_CREDS_NOTSK 1
1218 #define SEND_CREDS_FAIL 2
1219 static bool recv_creds(int sock
, struct ucred
*cred
, char *v
);
1220 static int wait_for_pid(pid_t pid
);
1221 static int send_creds(int sock
, struct ucred
*cred
, char v
, bool pingfirst
);
1222 static int send_creds_clone_wrapper(void *arg
);
1225 * clone a task which switches to @task's namespace and writes '1'.
1226 * over a unix sock so we can read the task's reaper's pid in our
1229 * Note: glibc's fork() does not respect pidns, which can lead to failed
1230 * assertions inside glibc (and thus failed forks) if the child's pid in
1231 * the pidns and the parent pid outside are identical. Using clone prevents
1234 static void write_task_init_pid_exit(int sock
, pid_t target
)
1239 size_t stack_size
= sysconf(_SC_PAGESIZE
);
1240 void *stack
= alloca(stack_size
);
1242 ret
= snprintf(fnam
, sizeof(fnam
), "/proc/%d/ns/pid", (int)target
);
1243 if (ret
< 0 || ret
>= sizeof(fnam
))
1246 fd
= open(fnam
, O_RDONLY
);
1248 perror("write_task_init_pid_exit open of ns/pid");
1252 perror("write_task_init_pid_exit setns 1");
1256 pid
= clone(send_creds_clone_wrapper
, stack
+ stack_size
, SIGCHLD
, &sock
);
1260 if (!wait_for_pid(pid
))
1266 static int send_creds_clone_wrapper(void *arg
) {
1269 int sock
= *(int *)arg
;
1271 /* we are the child */
1276 if (send_creds(sock
, &cred
, v
, true) != SEND_CREDS_OK
)
1281 static pid_t
get_init_pid_for_task(pid_t task
)
1289 if (socketpair(AF_UNIX
, SOCK_DGRAM
, 0, sock
) < 0) {
1290 perror("socketpair");
1299 write_task_init_pid_exit(sock
[0], task
);
1303 if (!recv_creds(sock
[1], &cred
, &v
))
1315 pid_t
lookup_initpid_in_store(pid_t qpid
)
1319 struct pidns_init_store
*e
;
1322 snprintf(fnam
, 100, "/proc/%d/ns/pid", qpid
);
1324 if (stat(fnam
, &sb
) < 0)
1326 e
= lookup_verify_initpid(&sb
);
1328 answer
= e
->initpid
;
1331 answer
= get_init_pid_for_task(qpid
);
1333 save_initpid(&sb
, answer
);
1336 /* we prune at end in case we are returning
1337 * the value we were about to return */
1338 prune_initpid_store();
1343 static int wait_for_pid(pid_t pid
)
1351 ret
= waitpid(pid
, &status
, 0);
1359 if (!WIFEXITED(status
) || WEXITSTATUS(status
) != 0)
1365 * append the given formatted string to *src.
1366 * src: a pointer to a char* in which to append the formatted string.
1367 * sz: the number of characters printed so far, minus trailing \0.
1368 * asz: the allocated size so far
1369 * format: string format. See printf for details.
1370 * ...: varargs. See printf for details.
1372 static void must_strcat(char **src
, size_t *sz
, size_t *asz
, const char *format
, ...)
1374 char tmp
[BUF_RESERVE_SIZE
];
1377 va_start (args
, format
);
1378 int tmplen
= vsnprintf(tmp
, BUF_RESERVE_SIZE
, format
, args
);
1381 if (!*src
|| tmplen
+ *sz
+ 1 >= *asz
) {
1384 tmp
= realloc(*src
, *asz
+ BUF_RESERVE_SIZE
);
1387 *asz
+= BUF_RESERVE_SIZE
;
1389 memcpy((*src
) +*sz
, tmp
, tmplen
+1); /* include the \0 */
1394 * append pid to *src.
1395 * src: a pointer to a char* in which ot append the pid.
1396 * sz: the number of characters printed so far, minus trailing \0.
1397 * asz: the allocated size so far
1398 * pid: the pid to append
1400 static void must_strcat_pid(char **src
, size_t *sz
, size_t *asz
, pid_t pid
)
1402 must_strcat(src
, sz
, asz
, "%d\n", (int)pid
);
1406 * Given a open file * to /proc/pid/{u,g}id_map, and an id
1407 * valid in the caller's namespace, return the id mapped into
1409 * Returns the mapped id, or -1 on error.
1412 convert_id_to_ns(FILE *idfile
, unsigned int in_id
)
1414 unsigned int nsuid
, // base id for a range in the idfile's namespace
1415 hostuid
, // base id for a range in the caller's namespace
1416 count
; // number of ids in this range
1420 fseek(idfile
, 0L, SEEK_SET
);
1421 while (fgets(line
, 400, idfile
)) {
1422 ret
= sscanf(line
, "%u %u %u\n", &nsuid
, &hostuid
, &count
);
1425 if (hostuid
+ count
< hostuid
|| nsuid
+ count
< nsuid
) {
1427 * uids wrapped around - unexpected as this is a procfile,
1430 lxcfs_error("pid wrapparound at entry %u %u %u in %s\n",
1431 nsuid
, hostuid
, count
, line
);
1434 if (hostuid
<= in_id
&& hostuid
+count
> in_id
) {
1436 * now since hostuid <= in_id < hostuid+count, and
1437 * hostuid+count and nsuid+count do not wrap around,
1438 * we know that nsuid+(in_id-hostuid) which must be
1439 * less that nsuid+(count) must not wrap around
1441 return (in_id
- hostuid
) + nsuid
;
1450 * for is_privileged_over,
1451 * specify whether we require the calling uid to be root in his
1454 #define NS_ROOT_REQD true
1455 #define NS_ROOT_OPT false
1459 static bool is_privileged_over(pid_t pid
, uid_t uid
, uid_t victim
, bool req_ns_root
)
1461 char fpath
[PROCLEN
];
1463 bool answer
= false;
1466 if (victim
== -1 || uid
== -1)
1470 * If the request is one not requiring root in the namespace,
1471 * then having the same uid suffices. (i.e. uid 1000 has write
1472 * access to files owned by uid 1000
1474 if (!req_ns_root
&& uid
== victim
)
1477 ret
= snprintf(fpath
, PROCLEN
, "/proc/%d/uid_map", pid
);
1478 if (ret
< 0 || ret
>= PROCLEN
)
1480 FILE *f
= fopen(fpath
, "r");
1484 /* if caller's not root in his namespace, reject */
1485 nsuid
= convert_id_to_ns(f
, uid
);
1490 * If victim is not mapped into caller's ns, reject.
1491 * XXX I'm not sure this check is needed given that fuse
1492 * will be sending requests where the vfs has converted
1494 nsuid
= convert_id_to_ns(f
, victim
);
1505 static bool perms_include(int fmode
, mode_t req_mode
)
1509 switch (req_mode
& O_ACCMODE
) {
1517 r
= S_IROTH
| S_IWOTH
;
1522 return ((fmode
& r
) == r
);
1528 * querycg is /a/b/c/d/e
1531 static char *get_next_cgroup_dir(const char *taskcg
, const char *querycg
)
1535 if (strlen(taskcg
) <= strlen(querycg
)) {
1536 lxcfs_error("%s\n", "I was fed bad input.");
1540 if ((strcmp(querycg
, "/") == 0) || (strcmp(querycg
, "./") == 0))
1541 start
= strdup(taskcg
+ 1);
1543 start
= strdup(taskcg
+ strlen(querycg
) + 1);
1546 end
= strchr(start
, '/');
1552 char *get_pid_cgroup(pid_t pid
, const char *contrl
)
1556 cfd
= find_mounted_controller(contrl
);
1560 if (pure_unified_layout(cgroup_ops
))
1561 return cg_unified_get_current_cgroup(pid
);
1563 return cg_legacy_get_current_cgroup(pid
, contrl
);
1567 * check whether a fuse context may access a cgroup dir or file
1569 * If file is not null, it is a cgroup file to check under cg.
1570 * If file is null, then we are checking perms on cg itself.
1572 * For files we can check the mode of the list_keys result.
1573 * For cgroups, we must make assumptions based on the files under the
1574 * cgroup, because cgmanager doesn't tell us ownership/perms of cgroups
1577 static bool fc_may_access(struct fuse_context
*fc
, const char *contrl
, const char *cg
, const char *file
, mode_t mode
)
1579 struct cgfs_files
*k
= NULL
;
1582 k
= cgfs_get_key(contrl
, cg
, file
);
1586 if (is_privileged_over(fc
->pid
, fc
->uid
, k
->uid
, NS_ROOT_OPT
)) {
1587 if (perms_include(k
->mode
>> 6, mode
)) {
1592 if (fc
->gid
== k
->gid
) {
1593 if (perms_include(k
->mode
>> 3, mode
)) {
1598 ret
= perms_include(k
->mode
, mode
);
1605 #define INITSCOPE "/init.scope"
1606 void prune_init_slice(char *cg
)
1609 size_t cg_len
= strlen(cg
), initscope_len
= strlen(INITSCOPE
);
1611 if (cg_len
< initscope_len
)
1614 point
= cg
+ cg_len
- initscope_len
;
1615 if (strcmp(point
, INITSCOPE
) == 0) {
1624 * If pid is in /a/b/c/d, he may only act on things under cg=/a/b/c/d.
1625 * If pid is in /a, he may act on /a/b, but not on /b.
1626 * if the answer is false and nextcg is not NULL, then *nextcg will point
1627 * to a string containing the next cgroup directory under cg, which must be
1628 * freed by the caller.
1630 static bool caller_is_in_ancestor(pid_t pid
, const char *contrl
, const char *cg
, char **nextcg
)
1632 bool answer
= false;
1633 char *c2
= get_pid_cgroup(pid
, contrl
);
1638 prune_init_slice(c2
);
1641 * callers pass in '/' or './' (openat()) for root cgroup, otherwise
1642 * they pass in a cgroup without leading '/'
1644 * The original line here was:
1645 * linecmp = *cg == '/' ? c2 : c2+1;
1646 * TODO: I'm not sure why you'd want to increment when *cg != '/'?
1647 * Serge, do you know?
1649 if (*cg
== '/' || !strncmp(cg
, "./", 2))
1653 if (strncmp(linecmp
, cg
, strlen(linecmp
)) != 0) {
1655 *nextcg
= get_next_cgroup_dir(linecmp
, cg
);
1667 * If pid is in /a/b/c, he may see that /a exists, but not /b or /a/c.
1669 static bool caller_may_see_dir(pid_t pid
, const char *contrl
, const char *cg
)
1671 bool answer
= false;
1673 size_t target_len
, task_len
;
1675 if (strcmp(cg
, "/") == 0 || strcmp(cg
, "./") == 0)
1678 c2
= get_pid_cgroup(pid
, contrl
);
1681 prune_init_slice(c2
);
1684 target_len
= strlen(cg
);
1685 task_len
= strlen(task_cg
);
1686 if (task_len
== 0) {
1687 /* Task is in the root cg, it can see everything. This case is
1688 * not handled by the strmcps below, since they test for the
1689 * last /, but that is the first / that we've chopped off
1695 if (strcmp(cg
, task_cg
) == 0) {
1699 if (target_len
< task_len
) {
1700 /* looking up a parent dir */
1701 if (strncmp(task_cg
, cg
, target_len
) == 0 && task_cg
[target_len
] == '/')
1705 if (target_len
> task_len
) {
1706 /* looking up a child dir */
1707 if (strncmp(task_cg
, cg
, task_len
) == 0 && cg
[task_len
] == '/')
1718 * given /cgroup/freezer/a/b, return "freezer".
1719 * the returned char* should NOT be freed.
1721 static char *pick_controller_from_path(struct fuse_context
*fc
, const char *path
)
1724 char *contr
, *slash
;
1726 if (strlen(path
) < 9) {
1730 if (*(path
+ 7) != '/') {
1735 contr
= strdupa(p1
);
1740 slash
= strstr(contr
, "/");
1744 for (struct hierarchy
**h
= cgroup_ops
->hierarchies
; h
&& *h
; h
++) {
1745 if ((*h
)->__controllers
&& strcmp((*h
)->__controllers
, contr
) == 0)
1746 return (*h
)->__controllers
;
1753 * Find the start of cgroup in /cgroup/controller/the/cgroup/path
1754 * Note that the returned value may include files (keynames) etc
1756 static const char *find_cgroup_in_path(const char *path
)
1760 if (strlen(path
) < 9) {
1764 p1
= strstr(path
+ 8, "/");
1774 * split the last path element from the path in @cg.
1775 * @dir is newly allocated and should be freed, @last not
1777 static void get_cgdir_and_path(const char *cg
, char **dir
, char **last
)
1784 *last
= strrchr(cg
, '/');
1789 p
= strrchr(*dir
, '/');
1794 * FUSE ops for /cgroup
1797 int cg_getattr(const char *path
, struct stat
*sb
)
1799 struct timespec now
;
1800 struct fuse_context
*fc
= fuse_get_context();
1801 char * cgdir
= NULL
;
1802 char *last
= NULL
, *path1
, *path2
;
1803 struct cgfs_files
*k
= NULL
;
1805 const char *controller
= NULL
;
1809 if (!fc
|| !cgroup_ops
|| pure_unified_layout(cgroup_ops
))
1812 memset(sb
, 0, sizeof(struct stat
));
1814 if (clock_gettime(CLOCK_REALTIME
, &now
) < 0)
1817 sb
->st_uid
= sb
->st_gid
= 0;
1818 sb
->st_atim
= sb
->st_mtim
= sb
->st_ctim
= now
;
1821 if (strcmp(path
, "/cgroup") == 0) {
1822 sb
->st_mode
= S_IFDIR
| 00755;
1827 controller
= pick_controller_from_path(fc
, path
);
1830 cgroup
= find_cgroup_in_path(path
);
1832 /* this is just /cgroup/controller, return it as a dir */
1833 sb
->st_mode
= S_IFDIR
| 00755;
1838 get_cgdir_and_path(cgroup
, &cgdir
, &last
);
1848 pid_t initpid
= lookup_initpid_in_store(fc
->pid
);
1849 if (initpid
<= 1 || is_shared_pidns(initpid
))
1851 /* check that cgcopy is either a child cgroup of cgdir, or listed in its keys.
1852 * Then check that caller's cgroup is under path if last is a child
1853 * cgroup, or cgdir if last is a file */
1855 if (is_child_cgroup(controller
, path1
, path2
)) {
1856 if (!caller_may_see_dir(initpid
, controller
, cgroup
)) {
1860 if (!caller_is_in_ancestor(initpid
, controller
, cgroup
, NULL
)) {
1861 /* this is just /cgroup/controller, return it as a dir */
1862 sb
->st_mode
= S_IFDIR
| 00555;
1867 if (!fc_may_access(fc
, controller
, cgroup
, NULL
, O_RDONLY
)) {
1872 // get uid, gid, from '/tasks' file and make up a mode
1873 // That is a hack, until cgmanager gains a GetCgroupPerms fn.
1874 sb
->st_mode
= S_IFDIR
| 00755;
1875 k
= cgfs_get_key(controller
, cgroup
, NULL
);
1877 sb
->st_uid
= sb
->st_gid
= 0;
1879 sb
->st_uid
= k
->uid
;
1880 sb
->st_gid
= k
->gid
;
1888 if ((k
= cgfs_get_key(controller
, path1
, path2
)) != NULL
) {
1889 sb
->st_mode
= S_IFREG
| k
->mode
;
1891 sb
->st_uid
= k
->uid
;
1892 sb
->st_gid
= k
->gid
;
1895 if (!caller_is_in_ancestor(initpid
, controller
, path1
, NULL
)) {
1907 int cg_opendir(const char *path
, struct fuse_file_info
*fi
)
1909 struct fuse_context
*fc
= fuse_get_context();
1911 struct file_info
*dir_info
;
1912 char *controller
= NULL
;
1914 if (!fc
|| !cgroup_ops
|| pure_unified_layout(cgroup_ops
))
1917 if (strcmp(path
, "/cgroup") == 0) {
1921 // return list of keys for the controller, and list of child cgroups
1922 controller
= pick_controller_from_path(fc
, path
);
1926 cgroup
= find_cgroup_in_path(path
);
1928 /* this is just /cgroup/controller, return its contents */
1933 pid_t initpid
= lookup_initpid_in_store(fc
->pid
);
1934 if (initpid
<= 1 || is_shared_pidns(initpid
))
1937 if (!caller_may_see_dir(initpid
, controller
, cgroup
))
1939 if (!fc_may_access(fc
, controller
, cgroup
, NULL
, O_RDONLY
))
1943 /* we'll free this at cg_releasedir */
1944 dir_info
= malloc(sizeof(*dir_info
));
1947 dir_info
->controller
= must_copy_string(controller
);
1948 dir_info
->cgroup
= must_copy_string(cgroup
);
1949 dir_info
->type
= LXC_TYPE_CGDIR
;
1950 dir_info
->buf
= NULL
;
1951 dir_info
->file
= NULL
;
1952 dir_info
->buflen
= 0;
1954 fi
->fh
= (unsigned long)dir_info
;
1958 int cg_readdir(const char *path
, void *buf
, fuse_fill_dir_t filler
, off_t offset
,
1959 struct fuse_file_info
*fi
)
1961 struct file_info
*d
= (struct file_info
*)fi
->fh
;
1962 struct cgfs_files
**list
= NULL
;
1964 char *nextcg
= NULL
;
1965 struct fuse_context
*fc
= fuse_get_context();
1966 char **clist
= NULL
;
1968 if (!fc
|| !cgroup_ops
|| pure_unified_layout(cgroup_ops
))
1971 if (filler(buf
, ".", NULL
, 0) != 0 || filler(buf
, "..", NULL
, 0) != 0)
1974 if (d
->type
!= LXC_TYPE_CGDIR
) {
1975 lxcfs_error("%s\n", "Internal error: file cache info used in readdir.");
1978 if (!d
->cgroup
&& !d
->controller
) {
1980 * ls /var/lib/lxcfs/cgroup - just show list of controllers.
1981 * This only works with the legacy hierarchy.
1983 for (struct hierarchy
**h
= cgroup_ops
->hierarchies
; h
&& *h
; h
++) {
1984 if (is_unified_hierarchy(*h
))
1987 if ((*h
)->__controllers
&& filler(buf
, (*h
)->__controllers
, NULL
, 0))
1994 if (!cgfs_list_keys(d
->controller
, d
->cgroup
, &list
)) {
1995 // not a valid cgroup
2000 pid_t initpid
= lookup_initpid_in_store(fc
->pid
);
2001 if (initpid
<= 1 || is_shared_pidns(initpid
))
2003 if (!caller_is_in_ancestor(initpid
, d
->controller
, d
->cgroup
, &nextcg
)) {
2005 ret
= filler(buf
, nextcg
, NULL
, 0);
2016 for (i
= 0; list
&& list
[i
]; i
++) {
2017 if (filler(buf
, list
[i
]->name
, NULL
, 0) != 0) {
2023 // now get the list of child cgroups
2025 if (!cgfs_list_children(d
->controller
, d
->cgroup
, &clist
)) {
2030 for (i
= 0; clist
[i
]; i
++) {
2031 if (filler(buf
, clist
[i
], NULL
, 0) != 0) {
2042 for (i
= 0; clist
[i
]; i
++)
2049 void do_release_file_info(struct fuse_file_info
*fi
)
2051 struct file_info
*f
= (struct file_info
*)fi
->fh
;
2058 free_disarm(f
->controller
);
2059 free_disarm(f
->cgroup
);
2060 free_disarm(f
->file
);
2061 free_disarm(f
->buf
);
2065 int cg_releasedir(const char *path
, struct fuse_file_info
*fi
)
2067 do_release_file_info(fi
);
2071 int cg_open(const char *path
, struct fuse_file_info
*fi
)
2074 char *last
= NULL
, *path1
, *path2
, * cgdir
= NULL
, *controller
;
2075 struct cgfs_files
*k
= NULL
;
2076 struct file_info
*file_info
;
2077 struct fuse_context
*fc
= fuse_get_context();
2080 if (!fc
|| !cgroup_ops
|| pure_unified_layout(cgroup_ops
))
2083 controller
= pick_controller_from_path(fc
, path
);
2086 cgroup
= find_cgroup_in_path(path
);
2090 get_cgdir_and_path(cgroup
, &cgdir
, &last
);
2099 k
= cgfs_get_key(controller
, path1
, path2
);
2106 pid_t initpid
= lookup_initpid_in_store(fc
->pid
);
2107 if (initpid
<= 1 || is_shared_pidns(initpid
))
2109 if (!caller_may_see_dir(initpid
, controller
, path1
)) {
2113 if (!fc_may_access(fc
, controller
, path1
, path2
, fi
->flags
)) {
2118 /* we'll free this at cg_release */
2119 file_info
= malloc(sizeof(*file_info
));
2124 file_info
->controller
= must_copy_string(controller
);
2125 file_info
->cgroup
= must_copy_string(path1
);
2126 file_info
->file
= must_copy_string(path2
);
2127 file_info
->type
= LXC_TYPE_CGFILE
;
2128 file_info
->buf
= NULL
;
2129 file_info
->buflen
= 0;
2131 fi
->fh
= (unsigned long)file_info
;
2139 int cg_access(const char *path
, int mode
)
2143 char *path1
, *path2
, *controller
;
2144 char *last
= NULL
, *cgdir
= NULL
;
2145 struct cgfs_files
*k
= NULL
;
2146 struct fuse_context
*fc
= fuse_get_context();
2148 if (!fc
|| !cgroup_ops
|| pure_unified_layout(cgroup_ops
))
2151 if (strcmp(path
, "/cgroup") == 0)
2154 controller
= pick_controller_from_path(fc
, path
);
2157 cgroup
= find_cgroup_in_path(path
);
2159 // access("/sys/fs/cgroup/systemd", mode) - rx allowed, w not
2160 if ((mode
& W_OK
) == 0)
2165 get_cgdir_and_path(cgroup
, &cgdir
, &last
);
2174 k
= cgfs_get_key(controller
, path1
, path2
);
2176 if ((mode
& W_OK
) == 0)
2184 pid_t initpid
= lookup_initpid_in_store(fc
->pid
);
2185 if (initpid
<= 1 || is_shared_pidns(initpid
))
2187 if (!caller_may_see_dir(initpid
, controller
, path1
)) {
2191 if (!fc_may_access(fc
, controller
, path1
, path2
, mode
)) {
2203 int cg_release(const char *path
, struct fuse_file_info
*fi
)
2205 do_release_file_info(fi
);
2209 #define POLLIN_SET ( EPOLLIN | EPOLLHUP | EPOLLRDHUP )
2211 static bool wait_for_sock(int sock
, int timeout
)
2213 struct epoll_event ev
;
2214 int epfd
, ret
, now
, starttime
, deltatime
, saved_errno
;
2216 if ((starttime
= time(NULL
)) < 0)
2219 if ((epfd
= epoll_create(1)) < 0) {
2220 lxcfs_error("%s\n", "Failed to create epoll socket: %m.");
2224 ev
.events
= POLLIN_SET
;
2226 if (epoll_ctl(epfd
, EPOLL_CTL_ADD
, sock
, &ev
) < 0) {
2227 lxcfs_error("%s\n", "Failed adding socket to epoll: %m.");
2233 if ((now
= time(NULL
)) < 0) {
2238 deltatime
= (starttime
+ timeout
) - now
;
2239 if (deltatime
< 0) { // timeout
2244 ret
= epoll_wait(epfd
, &ev
, 1, 1000*deltatime
+ 1);
2245 if (ret
< 0 && errno
== EINTR
)
2247 saved_errno
= errno
;
2251 errno
= saved_errno
;
2257 static int msgrecv(int sockfd
, void *buf
, size_t len
)
2259 if (!wait_for_sock(sockfd
, 2))
2261 return recv(sockfd
, buf
, len
, MSG_DONTWAIT
);
2264 static int send_creds(int sock
, struct ucred
*cred
, char v
, bool pingfirst
)
2266 struct msghdr msg
= { 0 };
2268 struct cmsghdr
*cmsg
;
2269 char cmsgbuf
[CMSG_SPACE(sizeof(*cred
))];
2274 if (msgrecv(sock
, buf
, 1) != 1) {
2275 lxcfs_error("%s\n", "Error getting reply from server over socketpair.");
2276 return SEND_CREDS_FAIL
;
2280 msg
.msg_control
= cmsgbuf
;
2281 msg
.msg_controllen
= sizeof(cmsgbuf
);
2283 cmsg
= CMSG_FIRSTHDR(&msg
);
2284 cmsg
->cmsg_len
= CMSG_LEN(sizeof(struct ucred
));
2285 cmsg
->cmsg_level
= SOL_SOCKET
;
2286 cmsg
->cmsg_type
= SCM_CREDENTIALS
;
2287 memcpy(CMSG_DATA(cmsg
), cred
, sizeof(*cred
));
2289 msg
.msg_name
= NULL
;
2290 msg
.msg_namelen
= 0;
2294 iov
.iov_len
= sizeof(buf
);
2298 if (sendmsg(sock
, &msg
, 0) < 0) {
2299 lxcfs_error("Failed at sendmsg: %s.\n",strerror(errno
));
2301 return SEND_CREDS_NOTSK
;
2302 return SEND_CREDS_FAIL
;
2305 return SEND_CREDS_OK
;
2308 static bool recv_creds(int sock
, struct ucred
*cred
, char *v
)
2310 struct msghdr msg
= { 0 };
2312 struct cmsghdr
*cmsg
;
2313 char cmsgbuf
[CMSG_SPACE(sizeof(*cred
))];
2324 if (setsockopt(sock
, SOL_SOCKET
, SO_PASSCRED
, &optval
, sizeof(optval
)) == -1) {
2325 lxcfs_error("Failed to set passcred: %s\n", strerror(errno
));
2329 if (write(sock
, buf
, 1) != 1) {
2330 lxcfs_error("Failed to start write on scm fd: %s\n", strerror(errno
));
2334 msg
.msg_name
= NULL
;
2335 msg
.msg_namelen
= 0;
2336 msg
.msg_control
= cmsgbuf
;
2337 msg
.msg_controllen
= sizeof(cmsgbuf
);
2340 iov
.iov_len
= sizeof(buf
);
2344 if (!wait_for_sock(sock
, 2)) {
2345 lxcfs_error("Timed out waiting for scm_cred: %s\n", strerror(errno
));
2348 ret
= recvmsg(sock
, &msg
, MSG_DONTWAIT
);
2350 lxcfs_error("Failed to receive scm_cred: %s\n", strerror(errno
));
2354 cmsg
= CMSG_FIRSTHDR(&msg
);
2356 if (cmsg
&& cmsg
->cmsg_len
== CMSG_LEN(sizeof(struct ucred
)) &&
2357 cmsg
->cmsg_level
== SOL_SOCKET
&&
2358 cmsg
->cmsg_type
== SCM_CREDENTIALS
) {
2359 memcpy(cred
, CMSG_DATA(cmsg
), sizeof(*cred
));
2366 struct pid_ns_clone_args
{
2370 int (*wrapped
) (int, pid_t
); // pid_from_ns or pid_to_ns
2374 * pid_ns_clone_wrapper - wraps pid_to_ns or pid_from_ns for usage
2375 * with clone(). This simply writes '1' as ACK back to the parent
2376 * before calling the actual wrapped function.
2378 static int pid_ns_clone_wrapper(void *arg
) {
2379 struct pid_ns_clone_args
* args
= (struct pid_ns_clone_args
*) arg
;
2382 close(args
->cpipe
[0]);
2383 if (write(args
->cpipe
[1], &b
, sizeof(char)) < 0)
2384 lxcfs_error("(child): error on write: %s.\n", strerror(errno
));
2385 close(args
->cpipe
[1]);
2386 return args
->wrapped(args
->sock
, args
->tpid
);
2390 * pid_to_ns - reads pids from a ucred over a socket, then writes the
2391 * int value back over the socket. This shifts the pid from the
2392 * sender's pidns into tpid's pidns.
2394 static int pid_to_ns(int sock
, pid_t tpid
)
2399 while (recv_creds(sock
, &cred
, &v
)) {
2402 if (write(sock
, &cred
.pid
, sizeof(pid_t
)) != sizeof(pid_t
))
2410 * pid_to_ns_wrapper: when you setns into a pidns, you yourself remain
2411 * in your old pidns. Only children which you clone will be in the target
2412 * pidns. So the pid_to_ns_wrapper does the setns, then clones a child to
2413 * actually convert pids.
2415 * Note: glibc's fork() does not respect pidns, which can lead to failed
2416 * assertions inside glibc (and thus failed forks) if the child's pid in
2417 * the pidns and the parent pid outside are identical. Using clone prevents
2420 static void pid_to_ns_wrapper(int sock
, pid_t tpid
)
2422 int newnsfd
= -1, ret
, cpipe
[2];
2427 ret
= snprintf(fnam
, sizeof(fnam
), "/proc/%d/ns/pid", tpid
);
2428 if (ret
< 0 || ret
>= sizeof(fnam
))
2430 newnsfd
= open(fnam
, O_RDONLY
);
2433 if (setns(newnsfd
, 0) < 0)
2437 if (pipe(cpipe
) < 0)
2440 struct pid_ns_clone_args args
= {
2444 .wrapped
= &pid_to_ns
2446 size_t stack_size
= sysconf(_SC_PAGESIZE
);
2447 void *stack
= alloca(stack_size
);
2449 cpid
= clone(pid_ns_clone_wrapper
, stack
+ stack_size
, SIGCHLD
, &args
);
2453 // give the child 1 second to be done forking and
2455 if (!wait_for_sock(cpipe
[0], 1))
2457 ret
= read(cpipe
[0], &v
, 1);
2458 if (ret
!= sizeof(char) || v
!= '1')
2461 if (!wait_for_pid(cpid
))
2467 * To read cgroup files with a particular pid, we will setns into the child
2468 * pidns, open a pipe, fork a child - which will be the first to really be in
2469 * the child ns - which does the cgfs_get_value and writes the data to the pipe.
2471 bool do_read_pids(pid_t tpid
, const char *contrl
, const char *cg
, const char *file
, char **d
)
2473 int sock
[2] = {-1, -1};
2474 char *tmpdata
= NULL
;
2476 pid_t qpid
, cpid
= -1;
2477 bool answer
= false;
2480 size_t sz
= 0, asz
= 0;
2482 if (!cgroup_ops
->get(cgroup_ops
, contrl
, cg
, file
, &tmpdata
))
2486 * Now we read the pids from returned data one by one, pass
2487 * them into a child in the target namespace, read back the
2488 * translated pids, and put them into our to-return data
2491 if (socketpair(AF_UNIX
, SOCK_DGRAM
, 0, sock
) < 0) {
2492 perror("socketpair");
2501 if (!cpid
) // child - exits when done
2502 pid_to_ns_wrapper(sock
[1], tpid
);
2504 char *ptr
= tmpdata
;
2507 while (sscanf(ptr
, "%d\n", &qpid
) == 1) {
2509 ret
= send_creds(sock
[0], &cred
, v
, true);
2511 if (ret
== SEND_CREDS_NOTSK
)
2513 if (ret
== SEND_CREDS_FAIL
)
2516 // read converted results
2517 if (!wait_for_sock(sock
[0], 2)) {
2518 lxcfs_error("Timed out waiting for pid from child: %s.\n", strerror(errno
));
2521 if (read(sock
[0], &qpid
, sizeof(qpid
)) != sizeof(qpid
)) {
2522 lxcfs_error("Error reading pid from child: %s.\n", strerror(errno
));
2525 must_strcat_pid(d
, &sz
, &asz
, qpid
);
2527 ptr
= strchr(ptr
, '\n');
2533 cred
.pid
= getpid();
2535 if (send_creds(sock
[0], &cred
, v
, true) != SEND_CREDS_OK
) {
2536 // failed to ask child to exit
2537 lxcfs_error("Failed to ask child to exit: %s.\n", strerror(errno
));
2547 if (sock
[0] != -1) {
2554 int cg_read(const char *path
, char *buf
, size_t size
, off_t offset
,
2555 struct fuse_file_info
*fi
)
2557 struct fuse_context
*fc
= fuse_get_context();
2558 struct file_info
*f
= (struct file_info
*)fi
->fh
;
2559 struct cgfs_files
*k
= NULL
;
2564 if (!fc
|| !cgroup_ops
|| pure_unified_layout(cgroup_ops
))
2567 if (f
->type
!= LXC_TYPE_CGFILE
) {
2568 lxcfs_error("%s\n", "Internal error: directory cache info used in cg_read.");
2578 if ((k
= cgfs_get_key(f
->controller
, f
->cgroup
, f
->file
)) == NULL
) {
2584 if (!fc_may_access(fc
, f
->controller
, f
->cgroup
, f
->file
, O_RDONLY
)) {
2589 if (strcmp(f
->file
, "tasks") == 0 ||
2590 strcmp(f
->file
, "/tasks") == 0 ||
2591 strcmp(f
->file
, "/cgroup.procs") == 0 ||
2592 strcmp(f
->file
, "cgroup.procs") == 0)
2593 // special case - we have to translate the pids
2594 r
= do_read_pids(fc
->pid
, f
->controller
, f
->cgroup
, f
->file
, &data
);
2596 r
= cgroup_ops
->get(cgroup_ops
, f
->controller
, f
->cgroup
, f
->file
, &data
);
2610 memcpy(buf
, data
, s
);
2611 if (s
> 0 && s
< size
&& data
[s
-1] != '\n')
2621 static int pid_from_ns(int sock
, pid_t tpid
)
2631 if (!wait_for_sock(sock
, 2)) {
2632 lxcfs_error("%s\n", "Timeout reading from parent.");
2635 if ((ret
= read(sock
, &vpid
, sizeof(pid_t
))) != sizeof(pid_t
)) {
2636 lxcfs_error("Bad read from parent: %s.\n", strerror(errno
));
2639 if (vpid
== -1) // done
2643 if (send_creds(sock
, &cred
, v
, true) != SEND_CREDS_OK
) {
2645 cred
.pid
= getpid();
2646 if (send_creds(sock
, &cred
, v
, false) != SEND_CREDS_OK
)
2653 static void pid_from_ns_wrapper(int sock
, pid_t tpid
)
2655 int newnsfd
= -1, ret
, cpipe
[2];
2660 ret
= snprintf(fnam
, sizeof(fnam
), "/proc/%d/ns/pid", tpid
);
2661 if (ret
< 0 || ret
>= sizeof(fnam
))
2663 newnsfd
= open(fnam
, O_RDONLY
);
2666 if (setns(newnsfd
, 0) < 0)
2670 if (pipe(cpipe
) < 0)
2673 struct pid_ns_clone_args args
= {
2677 .wrapped
= &pid_from_ns
2679 size_t stack_size
= sysconf(_SC_PAGESIZE
);
2680 void *stack
= alloca(stack_size
);
2682 cpid
= clone(pid_ns_clone_wrapper
, stack
+ stack_size
, SIGCHLD
, &args
);
2686 // give the child 1 second to be done forking and
2688 if (!wait_for_sock(cpipe
[0], 1))
2690 ret
= read(cpipe
[0], &v
, 1);
2691 if (ret
!= sizeof(char) || v
!= '1')
2694 if (!wait_for_pid(cpid
))
2700 * Given host @uid, return the uid to which it maps in
2701 * @pid's user namespace, or -1 if none.
2703 bool hostuid_to_ns(uid_t uid
, pid_t pid
, uid_t
*answer
)
2708 sprintf(line
, "/proc/%d/uid_map", pid
);
2709 if ((f
= fopen(line
, "r")) == NULL
) {
2713 *answer
= convert_id_to_ns(f
, uid
);
2722 * get_pid_creds: get the real uid and gid of @pid from
2724 * (XXX should we use euid here?)
2726 void get_pid_creds(pid_t pid
, uid_t
*uid
, gid_t
*gid
)
2735 sprintf(line
, "/proc/%d/status", pid
);
2736 if ((f
= fopen(line
, "r")) == NULL
) {
2737 lxcfs_error("Error opening %s: %s\n", line
, strerror(errno
));
2740 while (fgets(line
, 400, f
)) {
2741 if (strncmp(line
, "Uid:", 4) == 0) {
2742 if (sscanf(line
+4, "%u", &u
) != 1) {
2743 lxcfs_error("bad uid line for pid %u\n", pid
);
2748 } else if (strncmp(line
, "Gid:", 4) == 0) {
2749 if (sscanf(line
+4, "%u", &g
) != 1) {
2750 lxcfs_error("bad gid line for pid %u\n", pid
);
2761 * May the requestor @r move victim @v to a new cgroup?
2762 * This is allowed if
2763 * . they are the same task
2764 * . they are ownedy by the same uid
2765 * . @r is root on the host, or
2766 * . @v's uid is mapped into @r's where @r is root.
2768 bool may_move_pid(pid_t r
, uid_t r_uid
, pid_t v
)
2770 uid_t v_uid
, tmpuid
;
2777 get_pid_creds(v
, &v_uid
, &v_gid
);
2780 if (hostuid_to_ns(r_uid
, r
, &tmpuid
) && tmpuid
== 0
2781 && hostuid_to_ns(v_uid
, r
, &tmpuid
))
2786 static bool do_write_pids(pid_t tpid
, uid_t tuid
, const char *contrl
, const char *cg
,
2787 const char *file
, const char *buf
)
2789 int sock
[2] = {-1, -1};
2790 pid_t qpid
, cpid
= -1;
2791 FILE *pids_file
= NULL
;
2792 bool answer
= false, fail
= false;
2794 pids_file
= open_pids_file(contrl
, cg
);
2799 * write the pids to a socket, have helper in writer's pidns
2800 * call movepid for us
2802 if (socketpair(AF_UNIX
, SOCK_DGRAM
, 0, sock
) < 0) {
2803 perror("socketpair");
2811 if (!cpid
) { // child
2813 pid_from_ns_wrapper(sock
[1], tpid
);
2816 const char *ptr
= buf
;
2817 while (sscanf(ptr
, "%d", &qpid
) == 1) {
2821 if (write(sock
[0], &qpid
, sizeof(qpid
)) != sizeof(qpid
)) {
2822 lxcfs_error("Error writing pid to child: %s.\n", strerror(errno
));
2826 if (recv_creds(sock
[0], &cred
, &v
)) {
2828 if (!may_move_pid(tpid
, tuid
, cred
.pid
)) {
2832 if (fprintf(pids_file
, "%d", (int) cred
.pid
) < 0)
2837 ptr
= strchr(ptr
, '\n');
2843 /* All good, write the value */
2845 if (write(sock
[0], &qpid
,sizeof(qpid
)) != sizeof(qpid
))
2846 lxcfs_error("%s\n", "Warning: failed to ask child to exit.");
2854 if (sock
[0] != -1) {
2859 if (fclose(pids_file
) != 0)
2865 int cg_write(const char *path
, const char *buf
, size_t size
, off_t offset
,
2866 struct fuse_file_info
*fi
)
2868 struct fuse_context
*fc
= fuse_get_context();
2869 char *localbuf
= NULL
;
2870 struct cgfs_files
*k
= NULL
;
2871 struct file_info
*f
= (struct file_info
*)fi
->fh
;
2874 if (!fc
|| !cgroup_ops
|| pure_unified_layout(cgroup_ops
))
2877 if (f
->type
!= LXC_TYPE_CGFILE
) {
2878 lxcfs_error("%s\n", "Internal error: directory cache info used in cg_write.");
2885 localbuf
= alloca(size
+1);
2886 localbuf
[size
] = '\0';
2887 memcpy(localbuf
, buf
, size
);
2889 if ((k
= cgfs_get_key(f
->controller
, f
->cgroup
, f
->file
)) == NULL
) {
2894 if (!fc_may_access(fc
, f
->controller
, f
->cgroup
, f
->file
, O_WRONLY
)) {
2899 if (strcmp(f
->file
, "tasks") == 0 ||
2900 strcmp(f
->file
, "/tasks") == 0 ||
2901 strcmp(f
->file
, "/cgroup.procs") == 0 ||
2902 strcmp(f
->file
, "cgroup.procs") == 0)
2903 // special case - we have to translate the pids
2904 r
= do_write_pids(fc
->pid
, fc
->uid
, f
->controller
, f
->cgroup
, f
->file
, localbuf
);
2906 r
= cgfs_set_value(f
->controller
, f
->cgroup
, f
->file
, localbuf
);
2916 int cg_chown(const char *path
, uid_t uid
, gid_t gid
)
2918 struct fuse_context
*fc
= fuse_get_context();
2919 char *cgdir
= NULL
, *last
= NULL
, *path1
, *path2
, *controller
;
2920 struct cgfs_files
*k
= NULL
;
2924 if (!fc
|| !cgroup_ops
|| pure_unified_layout(cgroup_ops
))
2927 if (strcmp(path
, "/cgroup") == 0)
2930 controller
= pick_controller_from_path(fc
, path
);
2932 return errno
== ENOENT
? -EPERM
: -errno
;
2934 cgroup
= find_cgroup_in_path(path
);
2936 /* this is just /cgroup/controller */
2939 get_cgdir_and_path(cgroup
, &cgdir
, &last
);
2949 if (is_child_cgroup(controller
, path1
, path2
)) {
2950 // get uid, gid, from '/tasks' file and make up a mode
2951 // That is a hack, until cgmanager gains a GetCgroupPerms fn.
2952 k
= cgfs_get_key(controller
, cgroup
, "tasks");
2955 k
= cgfs_get_key(controller
, path1
, path2
);
2963 * This being a fuse request, the uid and gid must be valid
2964 * in the caller's namespace. So we can just check to make
2965 * sure that the caller is root in his uid, and privileged
2966 * over the file's current owner.
2968 if (!is_privileged_over(fc
->pid
, fc
->uid
, k
->uid
, NS_ROOT_REQD
)) {
2973 ret
= cgfs_chown_file(controller
, cgroup
, uid
, gid
);
2982 int cg_chmod(const char *path
, mode_t mode
)
2984 struct fuse_context
*fc
= fuse_get_context();
2985 char * cgdir
= NULL
, *last
= NULL
, *path1
, *path2
, *controller
;
2986 struct cgfs_files
*k
= NULL
;
2990 if (!fc
|| !cgroup_ops
|| pure_unified_layout(cgroup_ops
))
2993 if (strcmp(path
, "/cgroup") == 0)
2996 controller
= pick_controller_from_path(fc
, path
);
2998 return errno
== ENOENT
? -EPERM
: -errno
;
3000 cgroup
= find_cgroup_in_path(path
);
3002 /* this is just /cgroup/controller */
3005 get_cgdir_and_path(cgroup
, &cgdir
, &last
);
3015 if (is_child_cgroup(controller
, path1
, path2
)) {
3016 // get uid, gid, from '/tasks' file and make up a mode
3017 // That is a hack, until cgmanager gains a GetCgroupPerms fn.
3018 k
= cgfs_get_key(controller
, cgroup
, "tasks");
3021 k
= cgfs_get_key(controller
, path1
, path2
);
3029 * This being a fuse request, the uid and gid must be valid
3030 * in the caller's namespace. So we can just check to make
3031 * sure that the caller is root in his uid, and privileged
3032 * over the file's current owner.
3034 if (!is_privileged_over(fc
->pid
, fc
->uid
, k
->uid
, NS_ROOT_OPT
)) {
3039 if (!cgfs_chmod_file(controller
, cgroup
, mode
)) {
3051 int cg_mkdir(const char *path
, mode_t mode
)
3053 struct fuse_context
*fc
= fuse_get_context();
3054 char *last
= NULL
, *path1
, *cgdir
= NULL
, *controller
, *next
= NULL
;
3058 if (!fc
|| !cgroup_ops
|| pure_unified_layout(cgroup_ops
))
3061 controller
= pick_controller_from_path(fc
, path
);
3063 return errno
== ENOENT
? -EPERM
: -errno
;
3065 cgroup
= find_cgroup_in_path(path
);
3069 get_cgdir_and_path(cgroup
, &cgdir
, &last
);
3075 pid_t initpid
= lookup_initpid_in_store(fc
->pid
);
3076 if (initpid
<= 1 || is_shared_pidns(initpid
))
3078 if (!caller_is_in_ancestor(initpid
, controller
, path1
, &next
)) {
3081 else if (last
&& strcmp(next
, last
) == 0)
3088 if (!fc_may_access(fc
, controller
, path1
, NULL
, O_RDWR
)) {
3092 if (!caller_is_in_ancestor(initpid
, controller
, path1
, NULL
)) {
3097 ret
= cgfs_create(controller
, cgroup
, fc
->uid
, fc
->gid
);
3105 int cg_rmdir(const char *path
)
3107 struct fuse_context
*fc
= fuse_get_context();
3108 char *last
= NULL
, *cgdir
= NULL
, *controller
, *next
= NULL
;
3112 if (!fc
|| !cgroup_ops
|| pure_unified_layout(cgroup_ops
))
3115 controller
= pick_controller_from_path(fc
, path
);
3116 if (!controller
) /* Someone's trying to delete "/cgroup". */
3119 cgroup
= find_cgroup_in_path(path
);
3120 if (!cgroup
) /* Someone's trying to delete a controller e.g. "/blkio". */
3123 get_cgdir_and_path(cgroup
, &cgdir
, &last
);
3125 /* Someone's trying to delete a cgroup on the same level as the
3126 * "/lxc" cgroup e.g. rmdir "/cgroup/blkio/lxc" or
3127 * rmdir "/cgroup/blkio/init.slice".
3133 pid_t initpid
= lookup_initpid_in_store(fc
->pid
);
3134 if (initpid
<= 1 || is_shared_pidns(initpid
))
3136 if (!caller_is_in_ancestor(initpid
, controller
, cgroup
, &next
)) {
3137 if (!last
|| (next
&& (strcmp(next
, last
) == 0)))
3144 if (!fc_may_access(fc
, controller
, cgdir
, NULL
, O_WRONLY
)) {
3148 if (!caller_is_in_ancestor(initpid
, controller
, cgroup
, NULL
)) {
3153 if (!cgfs_remove(controller
, cgroup
)) {
3166 static bool startswith(const char *line
, const char *pref
)
3168 if (strncmp(line
, pref
, strlen(pref
)) == 0)
3173 /* Note that "memory.stat" in cgroup2 is hierarchical by default. */
3174 static void parse_memstat(int version
,
3176 unsigned long *cached
,
3177 unsigned long *active_anon
,
3178 unsigned long *inactive_anon
,
3179 unsigned long *active_file
,
3180 unsigned long *inactive_file
,
3181 unsigned long *unevictable
,
3182 unsigned long *shmem
)
3187 if (startswith(memstat
, is_unified_controller(version
)
3190 sscanf(memstat
+ 11, "%lu", cached
);
3192 } else if (startswith(memstat
, is_unified_controller(version
)
3194 : "total_active_anon")) {
3195 sscanf(memstat
+ 17, "%lu", active_anon
);
3196 *active_anon
/= 1024;
3197 } else if (startswith(memstat
, is_unified_controller(version
)
3199 : "total_inactive_anon")) {
3200 sscanf(memstat
+ 19, "%lu", inactive_anon
);
3201 *inactive_anon
/= 1024;
3202 } else if (startswith(memstat
, is_unified_controller(version
)
3204 : "total_active_file")) {
3205 sscanf(memstat
+ 17, "%lu", active_file
);
3206 *active_file
/= 1024;
3207 } else if (startswith(memstat
, is_unified_controller(version
)
3209 : "total_inactive_file")) {
3210 sscanf(memstat
+ 19, "%lu", inactive_file
);
3211 *inactive_file
/= 1024;
3212 } else if (startswith(memstat
, is_unified_controller(version
)
3214 : "total_unevictable")) {
3215 sscanf(memstat
+ 17, "%lu", unevictable
);
3216 *unevictable
/= 1024;
3217 } else if (startswith(memstat
, is_unified_controller(version
)
3220 sscanf(memstat
+ 11, "%lu", shmem
);
3223 eol
= strchr(memstat
, '\n');
3230 static void get_blkio_io_value(char *str
, unsigned major
, unsigned minor
, char *iotype
, unsigned long *v
)
3236 snprintf(key
, 32, "%u:%u %s", major
, minor
, iotype
);
3238 size_t len
= strlen(key
);
3242 if (startswith(str
, key
)) {
3243 sscanf(str
+ len
, "%lu", v
);
3246 eol
= strchr(str
, '\n');
3253 int read_file_fuse(const char *path
, char *buf
, size_t size
, struct file_info
*d
)
3255 __do_free
char *line
= NULL
;
3256 __do_fclose
FILE *f
= NULL
;
3257 size_t linelen
= 0, total_len
= 0;
3258 char *cache
= d
->buf
;
3259 size_t cache_size
= d
->buflen
;
3261 f
= fopen(path
, "r");
3265 while (getline(&line
, &linelen
, f
) != -1) {
3266 ssize_t l
= snprintf(cache
, cache_size
, "%s", line
);
3268 perror("Error writing to cache");
3271 if (l
>= cache_size
) {
3272 lxcfs_error("%s\n", "Internal error: truncated write to cache.");
3280 d
->size
= total_len
;
3281 if (total_len
> size
)
3284 /* read from off 0 */
3285 memcpy(buf
, d
->buf
, total_len
);
3287 if (d
->size
> total_len
)
3288 d
->cached
= d
->size
- total_len
;
3293 * FUSE ops for /proc
3296 static unsigned long get_memlimit(const char *cgroup
, bool swap
)
3299 __do_free
char *memlimit_str
= NULL
;
3300 unsigned long memlimit
= -1;
3303 ret
= cgroup_ops
->get_memory_swap_max(cgroup_ops
, cgroup
, &memlimit_str
);
3305 ret
= cgroup_ops
->get_memory_max(cgroup_ops
, cgroup
, &memlimit_str
);
3307 memlimit
= strtoul(memlimit_str
, NULL
, 10);
3312 static unsigned long get_min_memlimit(const char *cgroup
, bool swap
)
3314 __do_free
char *copy
= NULL
;
3315 unsigned long memlimit
= 0;
3316 unsigned long retlimit
;
3318 copy
= strdup(cgroup
);
3319 retlimit
= get_memlimit(copy
, swap
);
3321 while (strcmp(copy
, "/") != 0) {
3325 memlimit
= get_memlimit(it
, swap
);
3326 if (memlimit
!= -1 && memlimit
< retlimit
)
3327 retlimit
= memlimit
;
3333 static int proc_meminfo_read(char *buf
, size_t size
, off_t offset
,
3334 struct fuse_file_info
*fi
)
3336 __do_free
char *cgroup
= NULL
, *line
= NULL
,
3337 *memusage_str
= NULL
, *memstat_str
= NULL
,
3338 *memswlimit_str
= NULL
, *memswusage_str
= NULL
;
3339 __do_fclose
FILE *f
= NULL
;
3340 struct fuse_context
*fc
= fuse_get_context();
3341 struct lxcfs_opts
*opts
= (struct lxcfs_opts
*) fuse_get_context()->private_data
;
3342 struct file_info
*d
= (struct file_info
*)fi
->fh
;
3343 unsigned long memlimit
= 0, memusage
= 0, memswlimit
= 0,
3344 memswusage
= 0, cached
= 0, hosttotal
= 0, active_anon
= 0,
3345 inactive_anon
= 0, active_file
= 0, inactive_file
= 0,
3346 unevictable
= 0, shmem
= 0, hostswtotal
= 0;
3347 size_t linelen
= 0, total_len
= 0;
3348 char *cache
= d
->buf
;
3349 size_t cache_size
= d
->buflen
;
3355 if (offset
> d
->size
)
3361 left
= d
->size
- offset
;
3362 total_len
= left
> size
? size
: left
;
3363 memcpy(buf
, cache
+ offset
, total_len
);
3368 pid_t initpid
= lookup_initpid_in_store(fc
->pid
);
3369 if (initpid
<= 1 || is_shared_pidns(initpid
))
3372 cgroup
= get_pid_cgroup(initpid
, "memory");
3374 return read_file_fuse("/proc/meminfo", buf
, size
, d
);
3376 prune_init_slice(cgroup
);
3378 memlimit
= get_min_memlimit(cgroup
, false);
3380 ret
= cgroup_ops
->get_memory_current(cgroup_ops
, cgroup
, &memusage_str
);
3384 ret
= cgroup_ops
->get_memory_stats(cgroup_ops
, cgroup
, &memstat_str
);
3387 parse_memstat(ret
, memstat_str
, &cached
, &active_anon
, &inactive_anon
,
3388 &active_file
, &inactive_file
, &unevictable
, &shmem
);
3391 * Following values are allowed to fail, because swapaccount might be
3392 * turned off for current kernel.
3394 ret
= cgroup_ops
->get_memory_swap_max(cgroup_ops
, cgroup
, &memswlimit_str
);
3396 ret
= cgroup_ops
->get_memory_swap_current(cgroup_ops
, cgroup
, &memswusage_str
);
3398 memswlimit
= get_min_memlimit(cgroup
, true);
3399 memswusage
= strtoul(memswusage_str
, NULL
, 10);
3400 memswlimit
= memswlimit
/ 1024;
3401 memswusage
= memswusage
/ 1024;
3404 memusage
= strtoul(memusage_str
, NULL
, 10);
3408 f
= fopen("/proc/meminfo", "r");
3412 while (getline(&line
, &linelen
, f
) != -1) {
3414 char *printme
, lbuf
[100];
3416 memset(lbuf
, 0, 100);
3417 if (startswith(line
, "MemTotal:")) {
3418 sscanf(line
+sizeof("MemTotal:")-1, "%lu", &hosttotal
);
3419 if (hosttotal
< memlimit
)
3420 memlimit
= hosttotal
;
3421 snprintf(lbuf
, 100, "MemTotal: %8lu kB\n", memlimit
);
3423 } else if (startswith(line
, "MemFree:")) {
3424 snprintf(lbuf
, 100, "MemFree: %8lu kB\n", memlimit
- memusage
);
3426 } else if (startswith(line
, "MemAvailable:")) {
3427 snprintf(lbuf
, 100, "MemAvailable: %8lu kB\n", memlimit
- memusage
+ cached
);
3429 } else if (startswith(line
, "SwapTotal:") && memswlimit
> 0 &&
3430 opts
&& opts
->swap_off
== false) {
3431 sscanf(line
+sizeof("SwapTotal:")-1, "%lu", &hostswtotal
);
3432 if (hostswtotal
< memswlimit
)
3433 memswlimit
= hostswtotal
;
3434 snprintf(lbuf
, 100, "SwapTotal: %8lu kB\n", memswlimit
);
3436 } else if (startswith(line
, "SwapTotal:") && opts
&& opts
->swap_off
== true) {
3437 snprintf(lbuf
, 100, "SwapTotal: %8lu kB\n", 0UL);
3439 } else if (startswith(line
, "SwapFree:") && memswlimit
> 0 &&
3440 memswusage
> 0 && opts
&& opts
->swap_off
== false) {
3441 unsigned long swaptotal
= memswlimit
,
3442 swapusage
= memusage
> memswusage
3444 : memswusage
- memusage
,
3445 swapfree
= swapusage
< swaptotal
3446 ? swaptotal
- swapusage
3448 snprintf(lbuf
, 100, "SwapFree: %8lu kB\n", swapfree
);
3450 } else if (startswith(line
, "SwapFree:") && opts
&& opts
->swap_off
== true) {
3451 snprintf(lbuf
, 100, "SwapFree: %8lu kB\n", 0UL);
3453 } else if (startswith(line
, "Slab:")) {
3454 snprintf(lbuf
, 100, "Slab: %8lu kB\n", 0UL);
3456 } else if (startswith(line
, "Buffers:")) {
3457 snprintf(lbuf
, 100, "Buffers: %8lu kB\n", 0UL);
3459 } else if (startswith(line
, "Cached:")) {
3460 snprintf(lbuf
, 100, "Cached: %8lu kB\n", cached
);
3462 } else if (startswith(line
, "SwapCached:")) {
3463 snprintf(lbuf
, 100, "SwapCached: %8lu kB\n", 0UL);
3465 } else if (startswith(line
, "Active:")) {
3466 snprintf(lbuf
, 100, "Active: %8lu kB\n",
3467 active_anon
+ active_file
);
3469 } else if (startswith(line
, "Inactive:")) {
3470 snprintf(lbuf
, 100, "Inactive: %8lu kB\n",
3471 inactive_anon
+ inactive_file
);
3473 } else if (startswith(line
, "Active(anon)")) {
3474 snprintf(lbuf
, 100, "Active(anon): %8lu kB\n", active_anon
);
3476 } else if (startswith(line
, "Inactive(anon)")) {
3477 snprintf(lbuf
, 100, "Inactive(anon): %8lu kB\n", inactive_anon
);
3479 } else if (startswith(line
, "Active(file)")) {
3480 snprintf(lbuf
, 100, "Active(file): %8lu kB\n", active_file
);
3482 } else if (startswith(line
, "Inactive(file)")) {
3483 snprintf(lbuf
, 100, "Inactive(file): %8lu kB\n", inactive_file
);
3485 } else if (startswith(line
, "Unevictable")) {
3486 snprintf(lbuf
, 100, "Unevictable: %8lu kB\n", unevictable
);
3488 } else if (startswith(line
, "SReclaimable")) {
3489 snprintf(lbuf
, 100, "SReclaimable: %8lu kB\n", 0UL);
3491 } else if (startswith(line
, "SUnreclaim")) {
3492 snprintf(lbuf
, 100, "SUnreclaim: %8lu kB\n", 0UL);
3494 } else if (startswith(line
, "Shmem:")) {
3495 snprintf(lbuf
, 100, "Shmem: %8lu kB\n", shmem
);
3497 } else if (startswith(line
, "ShmemHugePages")) {
3498 snprintf(lbuf
, 100, "ShmemHugePages: %8lu kB\n", 0UL);
3500 } else if (startswith(line
, "ShmemPmdMapped")) {
3501 snprintf(lbuf
, 100, "ShmemPmdMapped: %8lu kB\n", 0UL);
3506 l
= snprintf(cache
, cache_size
, "%s", printme
);
3508 perror("Error writing to cache");
3512 if (l
>= cache_size
) {
3513 lxcfs_error("%s\n", "Internal error: truncated write to cache.");
3523 d
->size
= total_len
;
3524 if (total_len
> size
) total_len
= size
;
3525 memcpy(buf
, d
->buf
, total_len
);
3531 * Read the cpuset.cpus for cg
3532 * Return the answer in a newly allocated string which must be freed
3534 char *get_cpuset(const char *cg
)
3539 ret
= cgroup_ops
->get_cpuset_cpus(cgroup_ops
, cg
, &value
);
3546 bool cpu_in_cpuset(int cpu
, const char *cpuset
);
3548 static bool cpuline_in_cpuset(const char *line
, const char *cpuset
)
3552 if (sscanf(line
, "processor : %d", &cpu
) != 1)
3554 return cpu_in_cpuset(cpu
, cpuset
);
3558 * Read cgroup CPU quota parameters from `cpu.cfs_quota_us` or `cpu.cfs_period_us`,
3559 * depending on `param`. Parameter value is returned throuh `value`.
3561 static bool read_cpu_cfs_param(const char *cg
, const char *param
, int64_t *value
)
3563 __do_free
char *str
= NULL
;
3564 char file
[11 + 6 + 1]; /* cpu.cfs__us + quota/period + \0 */
3566 snprintf(file
, sizeof(file
), "cpu.cfs_%s_us", param
);
3568 if (!cgroup_ops
->get(cgroup_ops
, "cpu", cg
, file
, &str
))
3571 if (sscanf(str
, "%ld", value
) != 1)
3578 * Return the maximum number of visible CPUs based on CPU quotas.
3579 * If there is no quota set, zero is returned.
3581 int max_cpu_count(const char *cg
)
3584 int64_t cfs_quota
, cfs_period
;
3585 int nr_cpus_in_cpuset
= 0;
3586 char *cpuset
= NULL
;
3588 if (!read_cpu_cfs_param(cg
, "quota", &cfs_quota
))
3591 if (!read_cpu_cfs_param(cg
, "period", &cfs_period
))
3594 cpuset
= get_cpuset(cg
);
3596 nr_cpus_in_cpuset
= cpu_number_in_cpuset(cpuset
);
3598 if (cfs_quota
<= 0 || cfs_period
<= 0){
3599 if (nr_cpus_in_cpuset
> 0)
3600 return nr_cpus_in_cpuset
;
3605 rv
= cfs_quota
/ cfs_period
;
3607 /* In case quota/period does not yield a whole number, add one CPU for
3610 if ((cfs_quota
% cfs_period
) > 0)
3613 nprocs
= get_nprocs();
3618 /* use min value in cpu quota and cpuset */
3619 if (nr_cpus_in_cpuset
> 0 && nr_cpus_in_cpuset
< rv
)
3620 rv
= nr_cpus_in_cpuset
;
3626 * Return the exact number of visible CPUs based on CPU quotas.
3627 * If there is no quota set, zero is returned.
3629 static double exact_cpu_count(const char *cg
)
3633 int64_t cfs_quota
, cfs_period
;
3635 if (!read_cpu_cfs_param(cg
, "quota", &cfs_quota
))
3638 if (!read_cpu_cfs_param(cg
, "period", &cfs_period
))
3641 if (cfs_quota
<= 0 || cfs_period
<= 0)
3644 rv
= (double)cfs_quota
/ (double)cfs_period
;
3646 nprocs
= get_nprocs();
3655 * check whether this is a '^processor" line in /proc/cpuinfo
3657 static bool is_processor_line(const char *line
)
3661 if (sscanf(line
, "processor : %d", &cpu
) == 1)
3666 static int proc_cpuinfo_read(char *buf
, size_t size
, off_t offset
,
3667 struct fuse_file_info
*fi
)
3669 __do_free
char *cg
= NULL
, *cpuset
= NULL
, *line
= NULL
;
3670 __do_fclose
FILE *f
= NULL
;
3671 struct fuse_context
*fc
= fuse_get_context();
3672 struct file_info
*d
= (struct file_info
*)fi
->fh
;
3673 size_t linelen
= 0, total_len
= 0;
3674 bool am_printing
= false, firstline
= true, is_s390x
= false;
3675 int curcpu
= -1, cpu
, max_cpus
= 0;
3677 char *cache
= d
->buf
;
3678 size_t cache_size
= d
->buflen
;
3683 if (offset
> d
->size
)
3689 left
= d
->size
- offset
;
3690 total_len
= left
> size
? size
: left
;
3691 memcpy(buf
, cache
+ offset
, total_len
);
3696 pid_t initpid
= lookup_initpid_in_store(fc
->pid
);
3697 if (initpid
<= 1 || is_shared_pidns(initpid
))
3699 cg
= get_pid_cgroup(initpid
, "cpuset");
3701 return read_file_fuse("proc/cpuinfo", buf
, size
, d
);
3702 prune_init_slice(cg
);
3704 cpuset
= get_cpuset(cg
);
3708 use_view
= cgroup_ops
->can_use_cpuview(cgroup_ops
);
3710 max_cpus
= max_cpu_count(cg
);
3712 f
= fopen("/proc/cpuinfo", "r");
3716 while (getline(&line
, &linelen
, f
) != -1) {
3720 if (strstr(line
, "IBM/S390") != NULL
) {
3726 if (strncmp(line
, "# processors:", 12) == 0)
3728 if (is_processor_line(line
)) {
3729 if (use_view
&& max_cpus
> 0 && (curcpu
+1) == max_cpus
)
3731 am_printing
= cpuline_in_cpuset(line
, cpuset
);
3734 l
= snprintf(cache
, cache_size
, "processor : %d\n", curcpu
);
3736 perror("Error writing to cache");
3739 if (l
>= cache_size
) {
3740 lxcfs_error("%s\n", "Internal error: truncated write to cache.");
3748 } else if (is_s390x
&& sscanf(line
, "processor %d:", &cpu
) == 1) {
3750 if (use_view
&& max_cpus
> 0 && (curcpu
+1) == max_cpus
)
3752 if (!cpu_in_cpuset(cpu
, cpuset
))
3755 p
= strchr(line
, ':');
3759 l
= snprintf(cache
, cache_size
, "processor %d:%s", curcpu
, p
);
3761 perror("Error writing to cache");
3764 if (l
>= cache_size
) {
3765 lxcfs_error("%s\n", "Internal error: truncated write to cache.");
3775 l
= snprintf(cache
, cache_size
, "%s", line
);
3777 perror("Error writing to cache");
3780 if (l
>= cache_size
) {
3781 lxcfs_error("%s\n", "Internal error: truncated write to cache.");
3791 __do_free
char *origcache
= d
->buf
;
3794 d
->buf
= malloc(d
->buflen
);
3796 d
->buf
= move_ptr(origcache
);
3801 cache_size
= d
->buflen
;
3803 l
= snprintf(cache
, cache_size
, "vendor_id : IBM/S390\n");
3804 if (l
< 0 || l
>= cache_size
)
3810 l
= snprintf(cache
, cache_size
, "# processors : %d\n", curcpu
+ 1);
3811 if (l
< 0 || l
>= cache_size
)
3817 l
= snprintf(cache
, cache_size
, "%s", origcache
);
3818 if (l
< 0 || l
>= cache_size
)
3824 d
->size
= total_len
;
3825 if (total_len
> size
) total_len
= size
;
3827 /* read from off 0 */
3828 memcpy(buf
, d
->buf
, total_len
);
3832 static uint64_t get_reaper_start_time(pid_t pid
)
3837 /* strlen("/proc/") = 6
3841 * strlen("/stat") = 5
3845 #define __PROC_PID_STAT_LEN (6 + LXCFS_NUMSTRLEN64 + 5 + 1)
3846 char path
[__PROC_PID_STAT_LEN
];
3849 qpid
= lookup_initpid_in_store(pid
);
3851 /* Caller can check for EINVAL on 0. */
3856 ret
= snprintf(path
, __PROC_PID_STAT_LEN
, "/proc/%d/stat", qpid
);
3857 if (ret
< 0 || ret
>= __PROC_PID_STAT_LEN
) {
3858 /* Caller can check for EINVAL on 0. */
3863 f
= fopen(path
, "r");
3865 /* Caller can check for EINVAL on 0. */
3870 /* Note that the *scanf() argument supression requires that length
3871 * modifiers such as "l" are omitted. Otherwise some compilers will yell
3872 * at us. It's like telling someone you're not married and then asking
3873 * if you can bring your wife to the party.
3875 ret
= fscanf(f
, "%*d " /* (1) pid %d */
3876 "%*s " /* (2) comm %s */
3877 "%*c " /* (3) state %c */
3878 "%*d " /* (4) ppid %d */
3879 "%*d " /* (5) pgrp %d */
3880 "%*d " /* (6) session %d */
3881 "%*d " /* (7) tty_nr %d */
3882 "%*d " /* (8) tpgid %d */
3883 "%*u " /* (9) flags %u */
3884 "%*u " /* (10) minflt %lu */
3885 "%*u " /* (11) cminflt %lu */
3886 "%*u " /* (12) majflt %lu */
3887 "%*u " /* (13) cmajflt %lu */
3888 "%*u " /* (14) utime %lu */
3889 "%*u " /* (15) stime %lu */
3890 "%*d " /* (16) cutime %ld */
3891 "%*d " /* (17) cstime %ld */
3892 "%*d " /* (18) priority %ld */
3893 "%*d " /* (19) nice %ld */
3894 "%*d " /* (20) num_threads %ld */
3895 "%*d " /* (21) itrealvalue %ld */
3896 "%" PRIu64
, /* (22) starttime %llu */
3900 /* Caller can check for EINVAL on 0. */
3911 static double get_reaper_start_time_in_sec(pid_t pid
)
3913 uint64_t clockticks
, ticks_per_sec
;
3917 clockticks
= get_reaper_start_time(pid
);
3918 if (clockticks
== 0 && errno
== EINVAL
) {
3919 lxcfs_debug("failed to retrieve start time of pid %d\n", pid
);
3923 ret
= sysconf(_SC_CLK_TCK
);
3924 if (ret
< 0 && errno
== EINVAL
) {
3927 "failed to determine number of clock ticks in a second");
3931 ticks_per_sec
= (uint64_t)ret
;
3932 res
= (double)clockticks
/ ticks_per_sec
;
3936 static double get_reaper_age(pid_t pid
)
3939 double procstart
, procage
;
3941 /* We need to substract the time the process has started since system
3942 * boot minus the time when the system has started to get the actual
3945 procstart
= get_reaper_start_time_in_sec(pid
);
3946 procage
= procstart
;
3947 if (procstart
> 0) {
3949 struct timespec spec
;
3951 ret
= clock_gettime(CLOCK_BOOTTIME
, &spec
);
3955 /* We could make this more precise here by using the tv_nsec
3956 * field in the timespec struct and convert it to milliseconds
3957 * and then create a double for the seconds and milliseconds but
3958 * that seems more work than it is worth.
3960 uptime_ms
= (spec
.tv_sec
* 1000) + (spec
.tv_nsec
* 1e-6);
3961 procage
= (uptime_ms
- (procstart
* 1000)) / 1000;
3968 * Returns 0 on success.
3969 * It is the caller's responsibility to free `return_usage`, unless this
3970 * function returns an error.
3972 static int read_cpuacct_usage_all(char *cg
, char *cpuset
, struct cpuacct_usage
**return_usage
, int *size
)
3974 __do_free
char *usage_str
= NULL
;
3975 __do_free
struct cpuacct_usage
*cpu_usage
= NULL
;
3976 int cpucount
= get_nprocs_conf();
3977 int read_pos
= 0, read_cnt
=0;
3980 uint64_t cg_user
, cg_system
;
3981 int64_t ticks_per_sec
;
3983 ticks_per_sec
= sysconf(_SC_CLK_TCK
);
3985 if (ticks_per_sec
< 0 && errno
== EINVAL
) {
3988 "read_cpuacct_usage_all failed to determine number of clock ticks "
3993 cpu_usage
= malloc(sizeof(struct cpuacct_usage
) * cpucount
);
3997 memset(cpu_usage
, 0, sizeof(struct cpuacct_usage
) * cpucount
);
3998 if (!cgroup_ops
->get(cgroup_ops
, "cpuacct", cg
, "cpuacct.usage_all", &usage_str
)) {
4000 int i
= 0, read_pos
= 0, read_cnt
=0;
4001 size_t sz
= 0, asz
= 0;
4003 /* read cpuacct.usage_percpu instead. */
4004 lxcfs_v("failed to read cpuacct.usage_all. reading cpuacct.usage_percpu instead\n%s", "");
4005 if (!cgroup_ops
->get(cgroup_ops
, "cpuacct", cg
, "cpuacct.usage_percpu", &usage_str
))
4007 lxcfs_v("usage_str: %s\n", usage_str
);
4009 /* convert cpuacct.usage_percpu into cpuacct.usage_all. */
4010 lxcfs_v("converting cpuacct.usage_percpu into cpuacct.usage_all\n%s", "");
4012 must_strcat(&data
, &sz
, &asz
, "cpu user system\n");
4014 while (sscanf(usage_str
+ read_pos
, "%lu %n", &cg_user
, &read_cnt
) > 0) {
4015 lxcfs_debug("i: %d, cg_user: %lu, read_pos: %d, read_cnt: %d\n", i
, cg_user
, read_pos
, read_cnt
);
4016 must_strcat(&data
, &sz
, &asz
, "%d %lu 0\n", i
, cg_user
);
4018 read_pos
+= read_cnt
;
4023 lxcfs_v("usage_str: %s\n", usage_str
);
4026 if (sscanf(usage_str
, "cpu user system\n%n", &read_cnt
) != 0) {
4027 lxcfs_error("read_cpuacct_usage_all reading first line from "
4028 "%s/cpuacct.usage_all failed.\n", cg
);
4032 read_pos
+= read_cnt
;
4034 for (i
= 0, j
= 0; i
< cpucount
; i
++) {
4035 ret
= sscanf(usage_str
+ read_pos
, "%d %lu %lu\n%n", &cg_cpu
, &cg_user
,
4036 &cg_system
, &read_cnt
);
4042 lxcfs_error("read_cpuacct_usage_all reading from %s/cpuacct.usage_all "
4047 read_pos
+= read_cnt
;
4049 /* Convert the time from nanoseconds to USER_HZ */
4050 cpu_usage
[j
].user
= cg_user
/ 1000.0 / 1000 / 1000 * ticks_per_sec
;
4051 cpu_usage
[j
].system
= cg_system
/ 1000.0 / 1000 / 1000 * ticks_per_sec
;
4055 *return_usage
= move_ptr(cpu_usage
);
4060 static unsigned long diff_cpu_usage(struct cpuacct_usage
*older
, struct cpuacct_usage
*newer
, struct cpuacct_usage
*diff
, int cpu_count
)
4063 unsigned long sum
= 0;
4065 for (i
= 0; i
< cpu_count
; i
++) {
4066 if (!newer
[i
].online
)
4069 /* When cpuset is changed on the fly, the CPUs might get reordered.
4070 * We could either reset all counters, or check that the substractions
4071 * below will return expected results.
4073 if (newer
[i
].user
> older
[i
].user
)
4074 diff
[i
].user
= newer
[i
].user
- older
[i
].user
;
4078 if (newer
[i
].system
> older
[i
].system
)
4079 diff
[i
].system
= newer
[i
].system
- older
[i
].system
;
4083 if (newer
[i
].idle
> older
[i
].idle
)
4084 diff
[i
].idle
= newer
[i
].idle
- older
[i
].idle
;
4088 sum
+= diff
[i
].user
;
4089 sum
+= diff
[i
].system
;
4090 sum
+= diff
[i
].idle
;
4096 static void add_cpu_usage(unsigned long *surplus
, struct cpuacct_usage
*usage
, unsigned long *counter
, unsigned long threshold
)
4098 unsigned long free_space
, to_add
;
4100 free_space
= threshold
- usage
->user
- usage
->system
;
4102 if (free_space
> usage
->idle
)
4103 free_space
= usage
->idle
;
4105 to_add
= free_space
> *surplus
? *surplus
: free_space
;
4108 usage
->idle
-= to_add
;
4112 static struct cg_proc_stat
*prune_proc_stat_list(struct cg_proc_stat
*node
)
4114 struct cg_proc_stat
*first
= NULL
, *prev
, *tmp
;
4116 for (prev
= NULL
; node
; ) {
4117 if (!cgfs_param_exist("cpu", node
->cg
, "cpu.shares")) {
4119 lxcfs_debug("Removing stat node for %s\n", node
->cg
);
4122 prev
->next
= node
->next
;
4127 free_proc_stat_node(tmp
);
4139 #define PROC_STAT_PRUNE_INTERVAL 10
4140 static void prune_proc_stat_history(void)
4143 time_t now
= time(NULL
);
4145 for (i
= 0; i
< CPUVIEW_HASH_SIZE
; i
++) {
4146 pthread_rwlock_wrlock(&proc_stat_history
[i
]->lock
);
4148 if ((proc_stat_history
[i
]->lastcheck
+ PROC_STAT_PRUNE_INTERVAL
) > now
) {
4149 pthread_rwlock_unlock(&proc_stat_history
[i
]->lock
);
4153 if (proc_stat_history
[i
]->next
) {
4154 proc_stat_history
[i
]->next
= prune_proc_stat_list(proc_stat_history
[i
]->next
);
4155 proc_stat_history
[i
]->lastcheck
= now
;
4158 pthread_rwlock_unlock(&proc_stat_history
[i
]->lock
);
4162 static struct cg_proc_stat
*find_proc_stat_node(struct cg_proc_stat_head
*head
, const char *cg
)
4164 struct cg_proc_stat
*node
;
4166 pthread_rwlock_rdlock(&head
->lock
);
4169 pthread_rwlock_unlock(&head
->lock
);
4176 if (strcmp(cg
, node
->cg
) == 0)
4178 } while ((node
= node
->next
));
4183 pthread_rwlock_unlock(&head
->lock
);
4184 prune_proc_stat_history();
4188 static struct cg_proc_stat
*new_proc_stat_node(struct cpuacct_usage
*usage
, int cpu_count
, const char *cg
)
4190 struct cg_proc_stat
*node
;
4193 node
= malloc(sizeof(struct cg_proc_stat
));
4201 node
->cg
= malloc(strlen(cg
) + 1);
4205 strcpy(node
->cg
, cg
);
4207 node
->usage
= malloc(sizeof(struct cpuacct_usage
) * cpu_count
);
4211 memcpy(node
->usage
, usage
, sizeof(struct cpuacct_usage
) * cpu_count
);
4213 node
->view
= malloc(sizeof(struct cpuacct_usage
) * cpu_count
);
4217 node
->cpu_count
= cpu_count
;
4220 if (pthread_mutex_init(&node
->lock
, NULL
) != 0) {
4221 lxcfs_error("%s\n", "Failed to initialize node lock");
4225 for (i
= 0; i
< cpu_count
; i
++) {
4226 node
->view
[i
].user
= 0;
4227 node
->view
[i
].system
= 0;
4228 node
->view
[i
].idle
= 0;
4234 if (node
&& node
->cg
)
4236 if (node
&& node
->usage
)
4238 if (node
&& node
->view
)
4246 static struct cg_proc_stat
*add_proc_stat_node(struct cg_proc_stat
*new_node
)
4248 int hash
= calc_hash(new_node
->cg
) % CPUVIEW_HASH_SIZE
;
4249 struct cg_proc_stat_head
*head
= proc_stat_history
[hash
];
4250 struct cg_proc_stat
*node
, *rv
= new_node
;
4252 pthread_rwlock_wrlock(&head
->lock
);
4255 head
->next
= new_node
;
4262 if (strcmp(node
->cg
, new_node
->cg
) == 0) {
4263 /* The node is already present, return it */
4264 free_proc_stat_node(new_node
);
4274 node
->next
= new_node
;
4279 pthread_rwlock_unlock(&head
->lock
);
4283 static bool expand_proc_stat_node(struct cg_proc_stat
*node
, int cpu_count
)
4285 __do_free
struct cpuacct_usage
*new_usage
= NULL
, *new_view
= NULL
;
4287 /* Allocate new memory */
4288 new_usage
= malloc(sizeof(struct cpuacct_usage
) * cpu_count
);
4292 new_view
= malloc(sizeof(struct cpuacct_usage
) * cpu_count
);
4296 /* Copy existing data & initialize new elements */
4297 for (int i
= 0; i
< cpu_count
; i
++) {
4298 if (i
< node
->cpu_count
) {
4299 new_usage
[i
].user
= node
->usage
[i
].user
;
4300 new_usage
[i
].system
= node
->usage
[i
].system
;
4301 new_usage
[i
].idle
= node
->usage
[i
].idle
;
4303 new_view
[i
].user
= node
->view
[i
].user
;
4304 new_view
[i
].system
= node
->view
[i
].system
;
4305 new_view
[i
].idle
= node
->view
[i
].idle
;
4307 new_usage
[i
].user
= 0;
4308 new_usage
[i
].system
= 0;
4309 new_usage
[i
].idle
= 0;
4311 new_view
[i
].user
= 0;
4312 new_view
[i
].system
= 0;
4313 new_view
[i
].idle
= 0;
4318 node
->usage
= move_ptr(new_usage
);
4321 node
->view
= move_ptr(new_view
);
4322 node
->cpu_count
= cpu_count
;
4327 static struct cg_proc_stat
*find_or_create_proc_stat_node(struct cpuacct_usage
*usage
, int cpu_count
, const char *cg
)
4329 int hash
= calc_hash(cg
) % CPUVIEW_HASH_SIZE
;
4330 struct cg_proc_stat_head
*head
= proc_stat_history
[hash
];
4331 struct cg_proc_stat
*node
;
4333 node
= find_proc_stat_node(head
, cg
);
4336 node
= new_proc_stat_node(usage
, cpu_count
, cg
);
4340 node
= add_proc_stat_node(node
);
4341 lxcfs_debug("New stat node (%d) for %s\n", cpu_count
, cg
);
4344 pthread_mutex_lock(&node
->lock
);
4346 /* If additional CPUs on the host have been enabled, CPU usage counter
4347 * arrays have to be expanded */
4348 if (node
->cpu_count
< cpu_count
) {
4349 lxcfs_debug("Expanding stat node %d->%d for %s\n",
4350 node
->cpu_count
, cpu_count
, cg
);
4352 if (!expand_proc_stat_node(node
, cpu_count
)) {
4353 pthread_mutex_unlock(&node
->lock
);
4354 lxcfs_debug("Unable to expand stat node %d->%d for %s\n",
4355 node
->cpu_count
, cpu_count
, cg
);
4363 static void reset_proc_stat_node(struct cg_proc_stat
*node
, struct cpuacct_usage
*usage
, int cpu_count
)
4367 lxcfs_debug("Resetting stat node for %s\n", node
->cg
);
4368 memcpy(node
->usage
, usage
, sizeof(struct cpuacct_usage
) * cpu_count
);
4370 for (i
= 0; i
< cpu_count
; i
++) {
4371 node
->view
[i
].user
= 0;
4372 node
->view
[i
].system
= 0;
4373 node
->view
[i
].idle
= 0;
4376 node
->cpu_count
= cpu_count
;
4379 static int cpuview_proc_stat(const char *cg
, const char *cpuset
,
4380 struct cpuacct_usage
*cg_cpu_usage
,
4381 int cg_cpu_usage_size
, FILE *f
, char *buf
,
4384 __do_free
char *line
= NULL
;
4385 __do_free
struct cpuacct_usage
*diff
= NULL
;
4386 size_t linelen
= 0, total_len
= 0, l
;
4387 int curcpu
= -1; /* cpu numbering starts at 0 */
4389 int max_cpus
= max_cpu_count(cg
), cpu_cnt
= 0;
4390 unsigned long user
= 0, nice
= 0, system
= 0, idle
= 0, iowait
= 0,
4391 irq
= 0, softirq
= 0, steal
= 0, guest
= 0, guest_nice
= 0;
4392 unsigned long user_sum
= 0, system_sum
= 0, idle_sum
= 0;
4393 unsigned long user_surplus
= 0, system_surplus
= 0;
4394 unsigned long total_sum
, threshold
;
4395 struct cg_proc_stat
*stat_node
;
4396 int nprocs
= get_nprocs_conf();
4398 if (cg_cpu_usage_size
< nprocs
)
4399 nprocs
= cg_cpu_usage_size
;
4401 /* Read all CPU stats and stop when we've encountered other lines */
4402 while (getline(&line
, &linelen
, f
) != -1) {
4404 char cpu_char
[10]; /* That's a lot of cores */
4405 uint64_t all_used
, cg_used
;
4407 if (strlen(line
) == 0)
4410 /* not a ^cpuN line containing a number N */
4411 if (sscanf(line
, "cpu%9[^ ]", cpu_char
) != 1)
4414 if (sscanf(cpu_char
, "%d", &physcpu
) != 1)
4417 if (physcpu
>= cg_cpu_usage_size
)
4423 if (!cpu_in_cpuset(physcpu
, cpuset
)) {
4424 for (i
= curcpu
; i
<= physcpu
; i
++)
4425 cg_cpu_usage
[i
].online
= false;
4429 if (curcpu
< physcpu
) {
4430 /* Some CPUs may be disabled */
4431 for (i
= curcpu
; i
< physcpu
; i
++)
4432 cg_cpu_usage
[i
].online
= false;
4437 cg_cpu_usage
[curcpu
].online
= true;
4439 ret
= sscanf(line
, "%*s %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu",
4454 all_used
= user
+ nice
+ system
+ iowait
+ irq
+ softirq
+ steal
+ guest
+ guest_nice
;
4455 cg_used
= cg_cpu_usage
[curcpu
].user
+ cg_cpu_usage
[curcpu
].system
;
4457 if (all_used
>= cg_used
) {
4458 cg_cpu_usage
[curcpu
].idle
= idle
+ (all_used
- cg_used
);
4461 lxcfs_error("cpu%d from %s has unexpected cpu time: %lu in /proc/stat, "
4462 "%lu in cpuacct.usage_all; unable to determine idle time\n",
4463 curcpu
, cg
, all_used
, cg_used
);
4464 cg_cpu_usage
[curcpu
].idle
= idle
;
4468 /* Cannot use more CPUs than is available due to cpuset */
4469 if (max_cpus
> cpu_cnt
)
4472 stat_node
= find_or_create_proc_stat_node(cg_cpu_usage
, nprocs
, cg
);
4475 lxcfs_error("unable to find/create stat node for %s\n", cg
);
4479 diff
= malloc(sizeof(struct cpuacct_usage
) * nprocs
);
4485 * If the new values are LOWER than values stored in memory, it means
4486 * the cgroup has been reset/recreated and we should reset too.
4488 for (curcpu
= 0; curcpu
< nprocs
; curcpu
++) {
4489 if (!cg_cpu_usage
[curcpu
].online
)
4492 if (cg_cpu_usage
[curcpu
].user
< stat_node
->usage
[curcpu
].user
)
4493 reset_proc_stat_node(stat_node
, cg_cpu_usage
, nprocs
);
4498 total_sum
= diff_cpu_usage(stat_node
->usage
, cg_cpu_usage
, diff
, nprocs
);
4500 for (curcpu
= 0, i
= -1; curcpu
< nprocs
; curcpu
++) {
4501 stat_node
->usage
[curcpu
].online
= cg_cpu_usage
[curcpu
].online
;
4503 if (!stat_node
->usage
[curcpu
].online
)
4508 stat_node
->usage
[curcpu
].user
+= diff
[curcpu
].user
;
4509 stat_node
->usage
[curcpu
].system
+= diff
[curcpu
].system
;
4510 stat_node
->usage
[curcpu
].idle
+= diff
[curcpu
].idle
;
4512 if (max_cpus
> 0 && i
>= max_cpus
) {
4513 user_surplus
+= diff
[curcpu
].user
;
4514 system_surplus
+= diff
[curcpu
].system
;
4518 /* Calculate usage counters of visible CPUs */
4520 unsigned long diff_user
= 0;
4521 unsigned long diff_system
= 0;
4522 unsigned long diff_idle
= 0;
4523 unsigned long max_diff_idle
= 0;
4524 unsigned long max_diff_idle_index
= 0;
4527 /* threshold = maximum usage per cpu, including idle */
4528 threshold
= total_sum
/ cpu_cnt
* max_cpus
;
4530 for (curcpu
= 0, i
= -1; curcpu
< nprocs
; curcpu
++) {
4531 if (!stat_node
->usage
[curcpu
].online
)
4539 if (diff
[curcpu
].user
+ diff
[curcpu
].system
>= threshold
)
4543 add_cpu_usage(&user_surplus
, &diff
[curcpu
],
4544 &diff
[curcpu
].user
, threshold
);
4546 if (diff
[curcpu
].user
+ diff
[curcpu
].system
>= threshold
)
4549 /* If there is still room, add system */
4550 add_cpu_usage(&system_surplus
, &diff
[curcpu
],
4551 &diff
[curcpu
].system
, threshold
);
4554 if (user_surplus
> 0)
4555 lxcfs_debug("leftover user: %lu for %s\n", user_surplus
, cg
);
4556 if (system_surplus
> 0)
4557 lxcfs_debug("leftover system: %lu for %s\n", system_surplus
, cg
);
4559 for (curcpu
= 0, i
= -1; curcpu
< nprocs
; curcpu
++) {
4560 if (!stat_node
->usage
[curcpu
].online
)
4568 stat_node
->view
[curcpu
].user
+= diff
[curcpu
].user
;
4569 stat_node
->view
[curcpu
].system
+= diff
[curcpu
].system
;
4570 stat_node
->view
[curcpu
].idle
+= diff
[curcpu
].idle
;
4572 user_sum
+= stat_node
->view
[curcpu
].user
;
4573 system_sum
+= stat_node
->view
[curcpu
].system
;
4574 idle_sum
+= stat_node
->view
[curcpu
].idle
;
4576 diff_user
+= diff
[curcpu
].user
;
4577 diff_system
+= diff
[curcpu
].system
;
4578 diff_idle
+= diff
[curcpu
].idle
;
4579 if (diff
[curcpu
].idle
> max_diff_idle
) {
4580 max_diff_idle
= diff
[curcpu
].idle
;
4581 max_diff_idle_index
= curcpu
;
4584 lxcfs_v("curcpu: %d, diff_user: %lu, diff_system: %lu, diff_idle: %lu\n", curcpu
, diff
[curcpu
].user
, diff
[curcpu
].system
, diff
[curcpu
].idle
);
4586 lxcfs_v("total. diff_user: %lu, diff_system: %lu, diff_idle: %lu\n", diff_user
, diff_system
, diff_idle
);
4588 /* revise cpu usage view to support partial cpu case. */
4589 exact_cpus
= exact_cpu_count(cg
);
4590 if (exact_cpus
< (double)max_cpus
){
4591 unsigned long delta
= (unsigned long)((double)(diff_user
+ diff_system
+ diff_idle
) * (1 - exact_cpus
/ (double)max_cpus
));
4593 lxcfs_v("revising cpu usage view to match the exact cpu count [%f]\n", exact_cpus
);
4594 lxcfs_v("delta: %lu\n", delta
);
4595 lxcfs_v("idle_sum before: %lu\n", idle_sum
);
4596 idle_sum
= idle_sum
> delta
? idle_sum
- delta
: 0;
4597 lxcfs_v("idle_sum after: %lu\n", idle_sum
);
4599 curcpu
= max_diff_idle_index
;
4600 lxcfs_v("curcpu: %d, idle before: %lu\n", curcpu
, stat_node
->view
[curcpu
].idle
);
4601 stat_node
->view
[curcpu
].idle
= stat_node
->view
[curcpu
].idle
> delta
? stat_node
->view
[curcpu
].idle
- delta
: 0;
4602 lxcfs_v("curcpu: %d, idle after: %lu\n", curcpu
, stat_node
->view
[curcpu
].idle
);
4605 for (curcpu
= 0; curcpu
< nprocs
; curcpu
++) {
4606 if (!stat_node
->usage
[curcpu
].online
)
4609 stat_node
->view
[curcpu
].user
= stat_node
->usage
[curcpu
].user
;
4610 stat_node
->view
[curcpu
].system
= stat_node
->usage
[curcpu
].system
;
4611 stat_node
->view
[curcpu
].idle
= stat_node
->usage
[curcpu
].idle
;
4613 user_sum
+= stat_node
->view
[curcpu
].user
;
4614 system_sum
+= stat_node
->view
[curcpu
].system
;
4615 idle_sum
+= stat_node
->view
[curcpu
].idle
;
4619 /* Render the file */
4621 l
= snprintf(buf
, buf_size
, "cpu %lu 0 %lu %lu 0 0 0 0 0 0\n",
4625 lxcfs_v("cpu-all: %s\n", buf
);
4628 perror("Error writing to cache");
4631 if (l
>= buf_size
) {
4632 lxcfs_error("%s\n", "Internal error: truncated write to cache.");
4640 /* Render visible CPUs */
4641 for (curcpu
= 0, i
= -1; curcpu
< nprocs
; curcpu
++) {
4642 if (!stat_node
->usage
[curcpu
].online
)
4647 if (max_cpus
> 0 && i
== max_cpus
)
4650 l
= snprintf(buf
, buf_size
, "cpu%d %lu 0 %lu %lu 0 0 0 0 0 0\n",
4652 stat_node
->view
[curcpu
].user
,
4653 stat_node
->view
[curcpu
].system
,
4654 stat_node
->view
[curcpu
].idle
);
4655 lxcfs_v("cpu: %s\n", buf
);
4658 perror("Error writing to cache");
4662 if (l
>= buf_size
) {
4663 lxcfs_error("%s\n", "Internal error: truncated write to cache.");
4672 /* Pass the rest of /proc/stat, start with the last line read */
4673 l
= snprintf(buf
, buf_size
, "%s", line
);
4676 perror("Error writing to cache");
4680 if (l
>= buf_size
) {
4681 lxcfs_error("%s\n", "Internal error: truncated write to cache.");
4689 /* Pass the rest of the host's /proc/stat */
4690 while (getline(&line
, &linelen
, f
) != -1) {
4691 l
= snprintf(buf
, buf_size
, "%s", line
);
4693 perror("Error writing to cache");
4696 if (l
>= buf_size
) {
4697 lxcfs_error("%s\n", "Internal error: truncated write to cache.");
4706 pthread_mutex_unlock(&stat_node
->lock
);
4710 #define CPUALL_MAX_SIZE (BUF_RESERVE_SIZE / 2)
4711 static int proc_stat_read(char *buf
, size_t size
, off_t offset
,
4712 struct fuse_file_info
*fi
)
4714 __do_free
char *cg
= NULL
, *cpuset
= NULL
, *line
= NULL
;
4715 __do_free
struct cpuacct_usage
*cg_cpu_usage
= NULL
;
4716 __do_fclose
FILE *f
= NULL
;
4717 struct fuse_context
*fc
= fuse_get_context();
4718 struct file_info
*d
= (struct file_info
*)fi
->fh
;
4719 size_t linelen
= 0, total_len
= 0;
4720 int curcpu
= -1; /* cpu numbering starts at 0 */
4722 unsigned long user
= 0, nice
= 0, system
= 0, idle
= 0, iowait
= 0,
4723 irq
= 0, softirq
= 0, steal
= 0, guest
= 0, guest_nice
= 0;
4724 unsigned long user_sum
= 0, nice_sum
= 0, system_sum
= 0, idle_sum
= 0,
4725 iowait_sum
= 0, irq_sum
= 0, softirq_sum
= 0,
4726 steal_sum
= 0, guest_sum
= 0, guest_nice_sum
= 0;
4727 char cpuall
[CPUALL_MAX_SIZE
];
4728 /* reserve for cpu all */
4729 char *cache
= d
->buf
+ CPUALL_MAX_SIZE
;
4730 size_t cache_size
= d
->buflen
- CPUALL_MAX_SIZE
;
4731 int cg_cpu_usage_size
= 0;
4734 if (offset
> d
->size
)
4738 int left
= d
->size
- offset
;
4739 total_len
= left
> size
? size
: left
;
4740 memcpy(buf
, d
->buf
+ offset
, total_len
);
4744 pid_t initpid
= lookup_initpid_in_store(fc
->pid
);
4745 lxcfs_v("initpid: %d\n", initpid
);
4750 * when container run with host pid namespace initpid == 1, cgroup will "/"
4751 * we should return host os's /proc contents.
4752 * in some case cpuacct_usage.all in "/" will larger then /proc/stat
4755 return read_file_fuse("/proc/stat", buf
, size
, d
);
4758 cg
= get_pid_cgroup(initpid
, "cpuset");
4759 lxcfs_v("cg: %s\n", cg
);
4761 return read_file_fuse("/proc/stat", buf
, size
, d
);
4762 prune_init_slice(cg
);
4764 cpuset
= get_cpuset(cg
);
4769 * Read cpuacct.usage_all for all CPUs.
4770 * If the cpuacct cgroup is present, it is used to calculate the container's
4771 * CPU usage. If not, values from the host's /proc/stat are used.
4773 if (read_cpuacct_usage_all(cg
, cpuset
, &cg_cpu_usage
, &cg_cpu_usage_size
) != 0) {
4774 lxcfs_v("%s\n", "proc_stat_read failed to read from cpuacct, "
4775 "falling back to the host's /proc/stat");
4778 f
= fopen("/proc/stat", "r");
4783 if (getline(&line
, &linelen
, f
) < 0) {
4784 lxcfs_error("%s\n", "proc_stat_read read first line failed.");
4788 if (cgroup_ops
->can_use_cpuview(cgroup_ops
) && cg_cpu_usage
) {
4789 total_len
= cpuview_proc_stat(cg
, cpuset
, cg_cpu_usage
, cg_cpu_usage_size
,
4790 f
, d
->buf
, d
->buflen
);
4794 while (getline(&line
, &linelen
, f
) != -1) {
4796 char cpu_char
[10]; /* That's a lot of cores */
4798 uint64_t all_used
, cg_used
, new_idle
;
4801 if (strlen(line
) == 0)
4803 if (sscanf(line
, "cpu%9[^ ]", cpu_char
) != 1) {
4804 /* not a ^cpuN line containing a number N, just print it */
4805 l
= snprintf(cache
, cache_size
, "%s", line
);
4807 perror("Error writing to cache");
4810 if (l
>= cache_size
) {
4811 lxcfs_error("%s\n", "Internal error: truncated write to cache.");
4820 if (sscanf(cpu_char
, "%d", &physcpu
) != 1)
4822 if (!cpu_in_cpuset(physcpu
, cpuset
))
4826 ret
= sscanf(line
, "%*s %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu",
4838 if (ret
!= 10 || !cg_cpu_usage
) {
4839 c
= strchr(line
, ' ');
4842 l
= snprintf(cache
, cache_size
, "cpu%d%s", curcpu
, c
);
4844 perror("Error writing to cache");
4848 if (l
>= cache_size
) {
4849 lxcfs_error("%s\n", "Internal error: truncated write to cache.");
4862 if (physcpu
>= cg_cpu_usage_size
)
4865 all_used
= user
+ nice
+ system
+ iowait
+ irq
+ softirq
+ steal
+ guest
+ guest_nice
;
4866 cg_used
= cg_cpu_usage
[physcpu
].user
+ cg_cpu_usage
[physcpu
].system
;
4868 if (all_used
>= cg_used
) {
4869 new_idle
= idle
+ (all_used
- cg_used
);
4872 lxcfs_error("cpu%d from %s has unexpected cpu time: %lu in /proc/stat, "
4873 "%lu in cpuacct.usage_all; unable to determine idle time\n",
4874 curcpu
, cg
, all_used
, cg_used
);
4878 l
= snprintf(cache
, cache_size
, "cpu%d %lu 0 %lu %lu 0 0 0 0 0 0\n",
4879 curcpu
, cg_cpu_usage
[physcpu
].user
, cg_cpu_usage
[physcpu
].system
,
4883 perror("Error writing to cache");
4887 if (l
>= cache_size
) {
4888 lxcfs_error("%s\n", "Internal error: truncated write to cache.");
4896 user_sum
+= cg_cpu_usage
[physcpu
].user
;
4897 system_sum
+= cg_cpu_usage
[physcpu
].system
;
4898 idle_sum
+= new_idle
;
4903 system_sum
+= system
;
4905 iowait_sum
+= iowait
;
4907 softirq_sum
+= softirq
;
4910 guest_nice_sum
+= guest_nice
;
4916 int cpuall_len
= snprintf(cpuall
, CPUALL_MAX_SIZE
, "cpu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu\n",
4927 if (cpuall_len
> 0 && cpuall_len
< CPUALL_MAX_SIZE
) {
4928 memcpy(cache
, cpuall
, cpuall_len
);
4929 cache
+= cpuall_len
;
4931 /* shouldn't happen */
4932 lxcfs_error("proc_stat_read copy cpuall failed, cpuall_len=%d.", cpuall_len
);
4936 memmove(cache
, d
->buf
+ CPUALL_MAX_SIZE
, total_len
);
4937 total_len
+= cpuall_len
;
4941 d
->size
= total_len
;
4942 if (total_len
> size
)
4945 memcpy(buf
, d
->buf
, total_len
);
4949 /* This function retrieves the busy time of a group of tasks by looking at
4950 * cpuacct.usage. Unfortunately, this only makes sense when the container has
4951 * been given it's own cpuacct cgroup. If not, this function will take the busy
4952 * time of all other taks that do not actually belong to the container into
4953 * account as well. If someone has a clever solution for this please send a
4956 static double get_reaper_busy(pid_t task
)
4958 __do_free
char *cgroup
= NULL
, *usage_str
= NULL
;
4959 unsigned long usage
= 0;
4962 initpid
= lookup_initpid_in_store(task
);
4966 cgroup
= get_pid_cgroup(initpid
, "cpuacct");
4969 prune_init_slice(cgroup
);
4970 if (!cgroup_ops
->get(cgroup_ops
, "cpuacct", cgroup
, "cpuacct.usage",
4974 usage
= strtoul(usage_str
, NULL
, 10);
4975 return ((double)usage
/ 1000000000);
4983 fd
= creat("/tmp/lxcfs-iwashere", 0644);
4990 * We read /proc/uptime and reuse its second field.
4991 * For the first field, we use the mtime for the reaper for
4992 * the calling pid as returned by getreaperage
4994 static int proc_uptime_read(char *buf
, size_t size
, off_t offset
,
4995 struct fuse_file_info
*fi
)
4997 struct fuse_context
*fc
= fuse_get_context();
4998 struct file_info
*d
= (struct file_info
*)fi
->fh
;
4999 double busytime
= get_reaper_busy(fc
->pid
);
5000 char *cache
= d
->buf
;
5001 ssize_t total_len
= 0;
5002 double idletime
, reaperage
;
5011 if (offset
> d
->size
)
5013 int left
= d
->size
- offset
;
5014 total_len
= left
> size
? size
: left
;
5015 memcpy(buf
, cache
+ offset
, total_len
);
5019 reaperage
= get_reaper_age(fc
->pid
);
5020 /* To understand why this is done, please read the comment to the
5021 * get_reaper_busy() function.
5023 idletime
= reaperage
;
5024 if (reaperage
>= busytime
)
5025 idletime
= reaperage
- busytime
;
5027 total_len
= snprintf(d
->buf
, d
->buflen
, "%.2lf %.2lf\n", reaperage
, idletime
);
5028 if (total_len
< 0 || total_len
>= d
->buflen
){
5029 lxcfs_error("%s\n", "failed to write to cache");
5033 d
->size
= (int)total_len
;
5036 if (total_len
> size
) total_len
= size
;
5038 memcpy(buf
, d
->buf
, total_len
);
5042 static int proc_diskstats_read(char *buf
, size_t size
, off_t offset
,
5043 struct fuse_file_info
*fi
)
5045 __do_free
char *cg
= NULL
, *io_serviced_str
= NULL
,
5046 *io_merged_str
= NULL
, *io_service_bytes_str
= NULL
,
5047 *io_wait_time_str
= NULL
, *io_service_time_str
= NULL
,
5049 __do_fclose
FILE *f
= NULL
;
5050 struct fuse_context
*fc
= fuse_get_context();
5051 struct file_info
*d
= (struct file_info
*)fi
->fh
;
5052 unsigned long read
= 0, write
= 0;
5053 unsigned long read_merged
= 0, write_merged
= 0;
5054 unsigned long read_sectors
= 0, write_sectors
= 0;
5055 unsigned long read_ticks
= 0, write_ticks
= 0;
5056 unsigned long ios_pgr
= 0, tot_ticks
= 0, rq_ticks
= 0;
5057 unsigned long rd_svctm
= 0, wr_svctm
= 0, rd_wait
= 0, wr_wait
= 0;
5058 char *cache
= d
->buf
;
5059 size_t cache_size
= d
->buflen
;
5060 size_t linelen
= 0, total_len
= 0;
5061 unsigned int major
= 0, minor
= 0;
5069 if (offset
> d
->size
)
5075 left
= d
->size
- offset
;
5076 total_len
= left
> size
? size
: left
;
5077 memcpy(buf
, cache
+ offset
, total_len
);
5082 pid_t initpid
= lookup_initpid_in_store(fc
->pid
);
5083 if (initpid
<= 1 || is_shared_pidns(initpid
))
5085 cg
= get_pid_cgroup(initpid
, "blkio");
5087 return read_file_fuse("/proc/diskstats", buf
, size
, d
);
5088 prune_init_slice(cg
);
5090 ret
= cgroup_ops
->get_io_serviced(cgroup_ops
, cg
, &io_serviced_str
);
5092 if (ret
== -EOPNOTSUPP
)
5093 return read_file_fuse("/proc/diskstats", buf
, size
, d
);
5096 ret
= cgroup_ops
->get_io_merged(cgroup_ops
, cg
, &io_merged_str
);
5098 if (ret
== -EOPNOTSUPP
)
5099 return read_file_fuse("/proc/diskstats", buf
, size
, d
);
5102 ret
= cgroup_ops
->get_io_service_bytes(cgroup_ops
, cg
, &io_service_bytes_str
);
5104 if (ret
== -EOPNOTSUPP
)
5105 return read_file_fuse("/proc/diskstats", buf
, size
, d
);
5108 ret
= cgroup_ops
->get_io_wait_time(cgroup_ops
, cg
, &io_wait_time_str
);
5110 if (ret
== -EOPNOTSUPP
)
5111 return read_file_fuse("/proc/diskstats", buf
, size
, d
);
5114 ret
= cgroup_ops
->get_io_service_time(cgroup_ops
, cg
, &io_service_time_str
);
5116 if (ret
== -EOPNOTSUPP
)
5117 return read_file_fuse("/proc/diskstats", buf
, size
, d
);
5120 f
= fopen("/proc/diskstats", "r");
5124 while (getline(&line
, &linelen
, f
) != -1) {
5128 i
= sscanf(line
, "%u %u %71s", &major
, &minor
, dev_name
);
5132 get_blkio_io_value(io_serviced_str
, major
, minor
, "Read", &read
);
5133 get_blkio_io_value(io_serviced_str
, major
, minor
, "Write", &write
);
5134 get_blkio_io_value(io_merged_str
, major
, minor
, "Read", &read_merged
);
5135 get_blkio_io_value(io_merged_str
, major
, minor
, "Write", &write_merged
);
5136 get_blkio_io_value(io_service_bytes_str
, major
, minor
, "Read", &read_sectors
);
5137 read_sectors
= read_sectors
/512;
5138 get_blkio_io_value(io_service_bytes_str
, major
, minor
, "Write", &write_sectors
);
5139 write_sectors
= write_sectors
/512;
5141 get_blkio_io_value(io_service_time_str
, major
, minor
, "Read", &rd_svctm
);
5142 rd_svctm
= rd_svctm
/1000000;
5143 get_blkio_io_value(io_wait_time_str
, major
, minor
, "Read", &rd_wait
);
5144 rd_wait
= rd_wait
/1000000;
5145 read_ticks
= rd_svctm
+ rd_wait
;
5147 get_blkio_io_value(io_service_time_str
, major
, minor
, "Write", &wr_svctm
);
5148 wr_svctm
= wr_svctm
/1000000;
5149 get_blkio_io_value(io_wait_time_str
, major
, minor
, "Write", &wr_wait
);
5150 wr_wait
= wr_wait
/1000000;
5151 write_ticks
= wr_svctm
+ wr_wait
;
5153 get_blkio_io_value(io_service_time_str
, major
, minor
, "Total", &tot_ticks
);
5154 tot_ticks
= tot_ticks
/1000000;
5156 memset(lbuf
, 0, 256);
5157 if (read
|| write
|| read_merged
|| write_merged
|| read_sectors
|| write_sectors
|| read_ticks
|| write_ticks
)
5158 snprintf(lbuf
, 256, "%u %u %s %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu\n",
5159 major
, minor
, dev_name
, read
, read_merged
, read_sectors
, read_ticks
,
5160 write
, write_merged
, write_sectors
, write_ticks
, ios_pgr
, tot_ticks
, rq_ticks
);
5164 l
= snprintf(cache
, cache_size
, "%s", lbuf
);
5166 perror("Error writing to fuse buf");
5169 if (l
>= cache_size
) {
5170 lxcfs_error("%s\n", "Internal error: truncated write to cache.");
5179 d
->size
= total_len
;
5180 if (total_len
> size
) total_len
= size
;
5181 memcpy(buf
, d
->buf
, total_len
);
5186 static int proc_swaps_read(char *buf
, size_t size
, off_t offset
,
5187 struct fuse_file_info
*fi
)
5189 __do_free
char *cg
= NULL
, *memswlimit_str
= NULL
, *memusage_str
= NULL
,
5190 *memswusage_str
= NULL
;
5191 struct fuse_context
*fc
= fuse_get_context();
5192 struct file_info
*d
= (struct file_info
*)fi
->fh
;
5193 unsigned long memswlimit
= 0, memlimit
= 0, memusage
= 0,
5194 memswusage
= 0, swap_total
= 0, swap_free
= 0;
5195 ssize_t total_len
= 0;
5197 char *cache
= d
->buf
;
5203 if (offset
> d
->size
)
5209 left
= d
->size
- offset
;
5210 total_len
= left
> size
? size
: left
;
5211 memcpy(buf
, cache
+ offset
, total_len
);
5216 pid_t initpid
= lookup_initpid_in_store(fc
->pid
);
5217 if (initpid
<= 1 || is_shared_pidns(initpid
))
5219 cg
= get_pid_cgroup(initpid
, "memory");
5221 return read_file_fuse("/proc/swaps", buf
, size
, d
);
5222 prune_init_slice(cg
);
5224 memlimit
= get_min_memlimit(cg
, false);
5226 ret
= cgroup_ops
->get_memory_current(cgroup_ops
, cg
, &memusage_str
);
5230 memusage
= strtoul(memusage_str
, NULL
, 10);
5232 ret
= cgroup_ops
->get_memory_swap_max(cgroup_ops
, cg
, &memswlimit_str
);
5234 ret
= cgroup_ops
->get_memory_swap_current(cgroup_ops
, cg
, &memswusage_str
);
5236 memswlimit
= get_min_memlimit(cg
, true);
5237 memswusage
= strtoul(memswusage_str
, NULL
, 10);
5238 swap_total
= (memswlimit
- memlimit
) / 1024;
5239 swap_free
= (memswusage
- memusage
) / 1024;
5242 total_len
= snprintf(d
->buf
, d
->size
, "Filename\t\t\t\tType\t\tSize\tUsed\tPriority\n");
5244 /* When no mem + swap limit is specified or swapaccount=0*/
5246 __do_free
char *line
= NULL
;
5247 __do_fclose
FILE *f
= NULL
;
5250 f
= fopen("/proc/meminfo", "r");
5254 while (getline(&line
, &linelen
, f
) != -1) {
5255 if (startswith(line
, "SwapTotal:"))
5256 sscanf(line
, "SwapTotal: %8lu kB", &swap_total
);
5257 else if (startswith(line
, "SwapFree:"))
5258 sscanf(line
, "SwapFree: %8lu kB", &swap_free
);
5262 if (swap_total
> 0) {
5263 l
= snprintf(d
->buf
+ total_len
, d
->size
- total_len
,
5264 "none%*svirtual\t\t%lu\t%lu\t0\n", 36, " ",
5265 swap_total
, swap_free
);
5269 if (total_len
< 0 || l
< 0) {
5270 perror("Error writing to cache");
5275 d
->size
= (int)total_len
;
5277 if (total_len
> size
) total_len
= size
;
5278 memcpy(buf
, d
->buf
, total_len
);
5283 * Find the process pid from cgroup path.
5284 * eg:from /sys/fs/cgroup/cpu/docker/containerid/cgroup.procs to find the process pid.
5285 * @pid_buf : put pid to pid_buf.
5286 * @dpath : the path of cgroup. eg: /docker/containerid or /docker/containerid/child-cgroup ...
5287 * @depth : the depth of cgroup in container.
5288 * @sum : return the number of pid.
5289 * @cfd : the file descriptor of the mounted cgroup. eg: /sys/fs/cgroup/cpu
5291 static int calc_pid(char ***pid_buf
, char *dpath
, int depth
, int sum
, int cfd
)
5293 __do_free
char *path
= NULL
;
5294 __do_close_prot_errno
int fd
= -EBADF
;
5295 __do_fclose
FILE *f
= NULL
;
5296 __do_closedir
DIR *dir
= NULL
;
5297 struct dirent
*file
;
5303 /* path = dpath + "/cgroup.procs" + /0 */
5304 path
= malloc(strlen(dpath
) + 20);
5308 strcpy(path
, dpath
);
5309 fd
= openat(cfd
, path
, O_RDONLY
| O_CLOEXEC
| O_NOFOLLOW
);
5313 dir
= fdopendir(move_fd(fd
));
5317 while (((file
= readdir(dir
)) != NULL
) && depth
> 0) {
5318 if (strcmp(file
->d_name
, ".") == 0)
5321 if (strcmp(file
->d_name
, "..") == 0)
5324 if (file
->d_type
== DT_DIR
) {
5325 __do_free
char *path_dir
= NULL
;
5327 /* path + '/' + d_name +/0 */
5328 path_dir
= malloc(strlen(path
) + 2 + sizeof(file
->d_name
));
5332 strcpy(path_dir
, path
);
5333 strcat(path_dir
, "/");
5334 strcat(path_dir
, file
->d_name
);
5336 sum
= calc_pid(pid_buf
, path_dir
, pd
, sum
, cfd
);
5340 strcat(path
, "/cgroup.procs");
5341 fd
= openat(cfd
, path
, O_RDONLY
);
5345 f
= fdopen(move_fd(fd
), "r");
5349 while (getline(&line
, &linelen
, f
) != -1) {
5350 pid
= realloc(*pid_buf
, sizeof(char *) * (sum
+ 1));
5355 *(*pid_buf
+ sum
) = malloc(strlen(line
) + 1);
5356 if (!*(*pid_buf
+ sum
))
5359 strcpy(*(*pid_buf
+ sum
), line
);
5367 * calc_load calculates the load according to the following formula:
5368 * load1 = load0 * exp + active * (1 - exp)
5370 * @load1: the new loadavg.
5371 * @load0: the former loadavg.
5372 * @active: the total number of running pid at this moment.
5373 * @exp: the fixed-point defined in the beginning.
5375 static unsigned long
5376 calc_load(unsigned long load
, unsigned long exp
, unsigned long active
)
5378 unsigned long newload
;
5380 active
= active
> 0 ? active
* FIXED_1
: 0;
5381 newload
= load
* exp
+ active
* (FIXED_1
- exp
);
5383 newload
+= FIXED_1
- 1;
5385 return newload
/ FIXED_1
;
5389 * Return 0 means that container p->cg is closed.
5390 * Return -1 means that error occurred in refresh.
5391 * Positive num equals the total number of pid.
5393 static int refresh_load(struct load_node
*p
, char *path
)
5395 __do_free
char *line
= NULL
;
5397 char proc_path
[256];
5398 int i
, ret
, run_pid
= 0, total_pid
= 0, last_pid
= 0;
5401 struct dirent
*file
;
5403 idbuf
= malloc(sizeof(char *));
5407 sum
= calc_pid(&idbuf
, path
, DEPTH_DIR
, 0, p
->cfd
);
5412 for (i
= 0; i
< sum
; i
++) {
5413 __do_closedir
DIR *dp
= NULL
;
5416 length
= strlen(idbuf
[i
])-1;
5417 idbuf
[i
][length
] = '\0';
5418 ret
= snprintf(proc_path
, 256, "/proc/%s/task", idbuf
[i
]);
5419 if (ret
< 0 || ret
> 255) {
5420 lxcfs_error("%s\n", "snprintf() failed in refresh_load.");
5426 dp
= opendir(proc_path
);
5428 lxcfs_error("%s\n", "Open proc_path failed in refresh_load.");
5431 while ((file
= readdir(dp
)) != NULL
) {
5432 __do_fclose
FILE *f
= NULL
;
5434 if (strncmp(file
->d_name
, ".", 1) == 0)
5436 if (strncmp(file
->d_name
, "..", 1) == 0)
5439 /* We make the biggest pid become last_pid.*/
5440 ret
= atof(file
->d_name
);
5441 last_pid
= (ret
> last_pid
) ? ret
: last_pid
;
5443 ret
= snprintf(proc_path
, 256, "/proc/%s/task/%s/status", idbuf
[i
], file
->d_name
);
5444 if (ret
< 0 || ret
> 255) {
5445 lxcfs_error("%s\n", "snprintf() failed in refresh_load.");
5451 f
= fopen(proc_path
, "r");
5453 while (getline(&line
, &linelen
, f
) != -1) {
5455 if ((line
[0] == 'S') && (line
[1] == 't'))
5459 if ((line
[7] == 'R') || (line
[7] == 'D'))
5464 /*Calculate the loadavg.*/
5465 p
->avenrun
[0] = calc_load(p
->avenrun
[0], EXP_1
, run_pid
);
5466 p
->avenrun
[1] = calc_load(p
->avenrun
[1], EXP_5
, run_pid
);
5467 p
->avenrun
[2] = calc_load(p
->avenrun
[2], EXP_15
, run_pid
);
5468 p
->run_pid
= run_pid
;
5469 p
->total_pid
= total_pid
;
5470 p
->last_pid
= last_pid
;
5481 * Traverse the hash table and update it.
5483 void *load_begin(void *arg
)
5486 int i
, sum
, length
, ret
;
5487 struct load_node
*f
;
5489 clock_t time1
, time2
;
5492 if (loadavg_stop
== 1)
5496 for (i
= 0; i
< LOAD_SIZE
; i
++) {
5497 pthread_mutex_lock(&load_hash
[i
].lock
);
5498 if (load_hash
[i
].next
== NULL
) {
5499 pthread_mutex_unlock(&load_hash
[i
].lock
);
5502 f
= load_hash
[i
].next
;
5505 __do_free
char *path
= NULL
;
5507 length
= strlen(f
->cg
) + 2;
5508 /* strlen(f->cg) + '.' or '' + \0 */
5509 path
= malloc(length
);
5513 ret
= snprintf(path
, length
, "%s%s", dot_or_empty(f
->cg
), f
->cg
);
5514 if (ret
< 0 || ret
> length
- 1) {
5515 /* snprintf failed, ignore the node.*/
5516 lxcfs_error("Refresh node %s failed for snprintf().\n", f
->cg
);
5520 sum
= refresh_load(f
, path
);
5525 /* load_hash[i].lock locks only on the first node.*/
5526 if (first_node
== 1) {
5528 pthread_mutex_unlock(&load_hash
[i
].lock
);
5533 if (loadavg_stop
== 1)
5537 usleep(FLUSH_TIME
* 1000000 - (int)((time2
- time1
) * 1000000 / CLOCKS_PER_SEC
));
5541 static int proc_loadavg_read(char *buf
, size_t size
, off_t offset
,
5542 struct fuse_file_info
*fi
)
5544 struct fuse_context
*fc
= fuse_get_context();
5545 struct file_info
*d
= (struct file_info
*)fi
->fh
;
5548 size_t total_len
= 0;
5549 char *cache
= d
->buf
;
5550 struct load_node
*n
;
5553 unsigned long a
, b
, c
;
5556 if (offset
> d
->size
)
5560 int left
= d
->size
- offset
;
5561 total_len
= left
> size
? size
: left
;
5562 memcpy(buf
, cache
+ offset
, total_len
);
5566 return read_file_fuse("/proc/loadavg", buf
, size
, d
);
5568 initpid
= lookup_initpid_in_store(fc
->pid
);
5569 if (initpid
<= 1 || is_shared_pidns(initpid
))
5571 cg
= get_pid_cgroup(initpid
, "cpu");
5573 return read_file_fuse("/proc/loadavg", buf
, size
, d
);
5575 prune_init_slice(cg
);
5576 hash
= calc_hash(cg
) % LOAD_SIZE
;
5577 n
= locate_node(cg
, hash
);
5581 cfd
= find_mounted_controller("cpu");
5584 * In locate_node() above, pthread_rwlock_unlock() isn't used
5585 * because delete is not allowed before read has ended.
5587 pthread_rwlock_unlock(&load_hash
[hash
].rdlock
);
5592 n
= malloc(sizeof(struct load_node
));
5596 n
->cg
= malloc(strlen(cg
)+1);
5604 n
->last_pid
= initpid
;
5606 insert_node(&n
, hash
);
5608 a
= n
->avenrun
[0] + (FIXED_1
/200);
5609 b
= n
->avenrun
[1] + (FIXED_1
/200);
5610 c
= n
->avenrun
[2] + (FIXED_1
/200);
5611 total_len
= snprintf(d
->buf
, d
->buflen
, "%lu.%02lu %lu.%02lu %lu.%02lu %d/%d %d\n",
5612 LOAD_INT(a
), LOAD_FRAC(a
),
5613 LOAD_INT(b
), LOAD_FRAC(b
),
5614 LOAD_INT(c
), LOAD_FRAC(c
),
5615 n
->run_pid
, n
->total_pid
, n
->last_pid
);
5616 pthread_rwlock_unlock(&load_hash
[hash
].rdlock
);
5617 if (total_len
< 0 || total_len
>= d
->buflen
) {
5618 lxcfs_error("%s\n", "Failed to write to cache");
5622 d
->size
= (int)total_len
;
5625 if (total_len
> size
)
5627 memcpy(buf
, d
->buf
, total_len
);
5634 /* Return a positive number on success, return 0 on failure.*/
5635 pthread_t
load_daemon(int load_use
)
5642 lxcfs_error("%s\n", "Initialize hash_table fails in load_daemon!");
5645 ret
= pthread_create(&pid
, NULL
, load_begin
, NULL
);
5647 lxcfs_error("%s\n", "Create pthread fails in load_daemon!");
5651 /* use loadavg, here loadavg = 1*/
5656 /* Returns 0 on success. */
5657 int stop_load_daemon(pthread_t pid
)
5661 /* Signal the thread to gracefully stop */
5664 s
= pthread_join(pid
, NULL
); /* Make sure sub thread has been canceled. */
5666 lxcfs_error("%s\n", "stop_load_daemon error: failed to join");
5676 static off_t
get_procfile_size(const char *which
)
5678 FILE *f
= fopen(which
, "r");
5681 ssize_t sz
, answer
= 0;
5685 while ((sz
= getline(&line
, &len
, f
)) != -1)
5693 int proc_getattr(const char *path
, struct stat
*sb
)
5695 struct timespec now
;
5697 memset(sb
, 0, sizeof(struct stat
));
5698 if (clock_gettime(CLOCK_REALTIME
, &now
) < 0)
5700 sb
->st_uid
= sb
->st_gid
= 0;
5701 sb
->st_atim
= sb
->st_mtim
= sb
->st_ctim
= now
;
5702 if (strcmp(path
, "/proc") == 0) {
5703 sb
->st_mode
= S_IFDIR
| 00555;
5707 if (strcmp(path
, "/proc/meminfo") == 0 ||
5708 strcmp(path
, "/proc/cpuinfo") == 0 ||
5709 strcmp(path
, "/proc/uptime") == 0 ||
5710 strcmp(path
, "/proc/stat") == 0 ||
5711 strcmp(path
, "/proc/diskstats") == 0 ||
5712 strcmp(path
, "/proc/swaps") == 0 ||
5713 strcmp(path
, "/proc/loadavg") == 0) {
5715 sb
->st_mode
= S_IFREG
| 00444;
5723 int proc_readdir(const char *path
, void *buf
, fuse_fill_dir_t filler
, off_t offset
,
5724 struct fuse_file_info
*fi
)
5726 if (filler(buf
, ".", NULL
, 0) != 0 ||
5727 filler(buf
, "..", NULL
, 0) != 0 ||
5728 filler(buf
, "cpuinfo", NULL
, 0) != 0 ||
5729 filler(buf
, "meminfo", NULL
, 0) != 0 ||
5730 filler(buf
, "stat", NULL
, 0) != 0 ||
5731 filler(buf
, "uptime", NULL
, 0) != 0 ||
5732 filler(buf
, "diskstats", NULL
, 0) != 0 ||
5733 filler(buf
, "swaps", NULL
, 0) != 0 ||
5734 filler(buf
, "loadavg", NULL
, 0) != 0)
5739 int proc_open(const char *path
, struct fuse_file_info
*fi
)
5742 struct file_info
*info
;
5744 if (strcmp(path
, "/proc/meminfo") == 0)
5745 type
= LXC_TYPE_PROC_MEMINFO
;
5746 else if (strcmp(path
, "/proc/cpuinfo") == 0)
5747 type
= LXC_TYPE_PROC_CPUINFO
;
5748 else if (strcmp(path
, "/proc/uptime") == 0)
5749 type
= LXC_TYPE_PROC_UPTIME
;
5750 else if (strcmp(path
, "/proc/stat") == 0)
5751 type
= LXC_TYPE_PROC_STAT
;
5752 else if (strcmp(path
, "/proc/diskstats") == 0)
5753 type
= LXC_TYPE_PROC_DISKSTATS
;
5754 else if (strcmp(path
, "/proc/swaps") == 0)
5755 type
= LXC_TYPE_PROC_SWAPS
;
5756 else if (strcmp(path
, "/proc/loadavg") == 0)
5757 type
= LXC_TYPE_PROC_LOADAVG
;
5761 info
= malloc(sizeof(*info
));
5765 memset(info
, 0, sizeof(*info
));
5768 info
->buflen
= get_procfile_size(path
) + BUF_RESERVE_SIZE
;
5770 info
->buf
= malloc(info
->buflen
);
5771 } while (!info
->buf
);
5772 memset(info
->buf
, 0, info
->buflen
);
5773 /* set actual size to buffer size */
5774 info
->size
= info
->buflen
;
5776 fi
->fh
= (unsigned long)info
;
5780 int proc_access(const char *path
, int mask
)
5782 if (strcmp(path
, "/proc") == 0 && access(path
, R_OK
) == 0)
5785 /* these are all read-only */
5786 if ((mask
& ~R_OK
) != 0)
5791 int proc_release(const char *path
, struct fuse_file_info
*fi
)
5793 do_release_file_info(fi
);
5797 int proc_read(const char *path
, char *buf
, size_t size
, off_t offset
,
5798 struct fuse_file_info
*fi
)
5800 struct file_info
*f
= (struct file_info
*) fi
->fh
;
5803 case LXC_TYPE_PROC_MEMINFO
:
5804 return proc_meminfo_read(buf
, size
, offset
, fi
);
5805 case LXC_TYPE_PROC_CPUINFO
:
5806 return proc_cpuinfo_read(buf
, size
, offset
, fi
);
5807 case LXC_TYPE_PROC_UPTIME
:
5808 return proc_uptime_read(buf
, size
, offset
, fi
);
5809 case LXC_TYPE_PROC_STAT
:
5810 return proc_stat_read(buf
, size
, offset
, fi
);
5811 case LXC_TYPE_PROC_DISKSTATS
:
5812 return proc_diskstats_read(buf
, size
, offset
, fi
);
5813 case LXC_TYPE_PROC_SWAPS
:
5814 return proc_swaps_read(buf
, size
, offset
, fi
);
5815 case LXC_TYPE_PROC_LOADAVG
:
5816 return proc_loadavg_read(buf
, size
, offset
, fi
);
5823 * Functions needed to setup cgroups in the __constructor__.
5826 static bool umount_if_mounted(void)
5828 if (umount2(BASEDIR
, MNT_DETACH
) < 0 && errno
!= EINVAL
) {
5829 lxcfs_error("Failed to unmount %s: %s.\n", BASEDIR
, strerror(errno
));
5835 /* __typeof__ should be safe to use with all compilers. */
5836 typedef __typeof__(((struct statfs
*)NULL
)->f_type
) fs_type_magic
;
5837 static bool has_fs_type(const struct statfs
*fs
, fs_type_magic magic_val
)
5839 return (fs
->f_type
== (fs_type_magic
)magic_val
);
5843 * looking at fs/proc_namespace.c, it appears we can
5844 * actually expect the rootfs entry to very specifically contain
5845 * " - rootfs rootfs "
5846 * IIUC, so long as we've chrooted so that rootfs is not our root,
5847 * the rootfs entry should always be skipped in mountinfo contents.
5849 static bool is_on_ramfs(void)
5857 f
= fopen("/proc/self/mountinfo", "r");
5861 while (getline(&line
, &len
, f
) != -1) {
5862 for (p
= line
, i
= 0; p
&& i
< 4; i
++)
5863 p
= strchr(p
+ 1, ' ');
5866 p2
= strchr(p
+ 1, ' ');
5870 if (strcmp(p
+ 1, "/") == 0) {
5871 // this is '/'. is it the ramfs?
5872 p
= strchr(p2
+ 1, '-');
5873 if (p
&& strncmp(p
, "- rootfs rootfs ", 16) == 0) {
5885 static int pivot_enter()
5887 int ret
= -1, oldroot
= -1, newroot
= -1;
5889 oldroot
= open("/", O_DIRECTORY
| O_RDONLY
);
5891 lxcfs_error("%s\n", "Failed to open old root for fchdir.");
5895 newroot
= open(ROOTDIR
, O_DIRECTORY
| O_RDONLY
);
5897 lxcfs_error("%s\n", "Failed to open new root for fchdir.");
5901 /* change into new root fs */
5902 if (fchdir(newroot
) < 0) {
5903 lxcfs_error("Failed to change directory to new rootfs: %s.\n", ROOTDIR
);
5907 /* pivot_root into our new root fs */
5908 if (pivot_root(".", ".") < 0) {
5909 lxcfs_error("pivot_root() syscall failed: %s.\n", strerror(errno
));
5914 * At this point the old-root is mounted on top of our new-root.
5915 * To unmounted it we must not be chdir'd into it, so escape back
5918 if (fchdir(oldroot
) < 0) {
5919 lxcfs_error("%s\n", "Failed to enter old root.");
5923 if (umount2(".", MNT_DETACH
) < 0) {
5924 lxcfs_error("%s\n", "Failed to detach old root.");
5928 if (fchdir(newroot
) < 0) {
5929 lxcfs_error("%s\n", "Failed to re-enter new root.");
5944 static int chroot_enter()
5946 if (mount(ROOTDIR
, "/", NULL
, MS_REC
| MS_BIND
, NULL
)) {
5947 lxcfs_error("Failed to recursively bind-mount %s into /.", ROOTDIR
);
5951 if (chroot(".") < 0) {
5952 lxcfs_error("Call to chroot() failed: %s.\n", strerror(errno
));
5956 if (chdir("/") < 0) {
5957 lxcfs_error("Failed to change directory: %s.\n", strerror(errno
));
5964 static int permute_and_enter(void)
5968 if (statfs("/", &sb
) < 0) {
5969 lxcfs_error("%s\n", "Could not stat / mountpoint.");
5973 /* has_fs_type() is not reliable. When the ramfs is a tmpfs it will
5974 * likely report TMPFS_MAGIC. Hence, when it reports no we still check
5975 * /proc/1/mountinfo. */
5976 if (has_fs_type(&sb
, RAMFS_MAGIC
) || is_on_ramfs())
5977 return chroot_enter();
5979 if (pivot_enter() < 0) {
5980 lxcfs_error("%s\n", "Could not perform pivot root.");
5987 /* Prepare our new clean root. */
5988 static int permute_prepare(void)
5990 if (mkdir(ROOTDIR
, 0700) < 0 && errno
!= EEXIST
) {
5991 lxcfs_error("%s\n", "Failed to create directory for new root.");
5995 if (mount("/", ROOTDIR
, NULL
, MS_BIND
, 0) < 0) {
5996 lxcfs_error("Failed to bind-mount / for new root: %s.\n", strerror(errno
));
6000 if (mount(RUNTIME_PATH
, ROOTDIR RUNTIME_PATH
, NULL
, MS_BIND
, 0) < 0) {
6001 lxcfs_error("Failed to bind-mount /run into new root: %s.\n", strerror(errno
));
6005 if (mount(BASEDIR
, ROOTDIR BASEDIR
, NULL
, MS_REC
| MS_MOVE
, 0) < 0) {
6006 printf("Failed to move " BASEDIR
" into new root: %s.\n", strerror(errno
));
6013 /* Calls chroot() on ramfs, pivot_root() in all other cases. */
6014 static bool permute_root(void)
6016 /* Prepare new root. */
6017 if (permute_prepare() < 0)
6020 /* Pivot into new root. */
6021 if (permute_and_enter() < 0)
6027 static int preserve_mnt_ns(int pid
)
6030 size_t len
= sizeof("/proc/") + 21 + sizeof("/ns/mnt");
6033 ret
= snprintf(path
, len
, "/proc/%d/ns/mnt", pid
);
6034 if (ret
< 0 || (size_t)ret
>= len
)
6037 return open(path
, O_RDONLY
| O_CLOEXEC
);
6040 static bool cgfs_prepare_mounts(void)
6042 if (!mkdir_p(BASEDIR
, 0700)) {
6043 lxcfs_error("%s\n", "Failed to create lxcfs cgroup mountpoint.");
6047 if (!umount_if_mounted()) {
6048 lxcfs_error("%s\n", "Failed to clean up old lxcfs cgroup mountpoint.");
6052 if (unshare(CLONE_NEWNS
) < 0) {
6053 lxcfs_error("Failed to unshare mount namespace: %s.\n", strerror(errno
));
6057 cgroup_ops
->mntns_fd
= preserve_mnt_ns(getpid());
6058 if (cgroup_ops
->mntns_fd
< 0) {
6059 lxcfs_error("Failed to preserve mount namespace: %s.\n", strerror(errno
));
6063 if (mount(NULL
, "/", NULL
, MS_REC
| MS_PRIVATE
, 0) < 0) {
6064 lxcfs_error("Failed to remount / private: %s.\n", strerror(errno
));
6068 if (mount("tmpfs", BASEDIR
, "tmpfs", 0, "size=100000,mode=700") < 0) {
6069 lxcfs_error("%s\n", "Failed to mount tmpfs over lxcfs cgroup mountpoint.");
6076 static bool cgfs_mount_hierarchies(void)
6078 if (!mkdir_p(BASEDIR DEFAULT_CGROUP_MOUNTPOINT
, 0755))
6081 if (!cgroup_ops
->mount(cgroup_ops
, BASEDIR
))
6084 for (struct hierarchy
**h
= cgroup_ops
->hierarchies
; h
&& *h
; h
++) {
6085 __do_free
char *path
= must_make_path(BASEDIR
, (*h
)->mountpoint
, NULL
);
6086 (*h
)->fd
= open(path
, O_DIRECTORY
| O_CLOEXEC
| O_NOFOLLOW
);
6094 static bool cgfs_setup_controllers(void)
6096 if (!cgfs_prepare_mounts())
6099 if (!cgfs_mount_hierarchies()) {
6100 lxcfs_error("%s\n", "Failed to set up private lxcfs cgroup mounts.");
6104 if (!permute_root())
6110 static void __attribute__((constructor
)) lxcfs_init(void)
6112 __do_close_prot_errno
int init_ns
= -EBADF
;
6114 char cwd
[MAXPATHLEN
];
6116 cgroup_ops
= cgroup_init();
6118 log_exit("Failed to initialize cgroup support");
6120 /* Preserve initial namespace. */
6121 init_ns
= preserve_mnt_ns(getpid());
6123 log_exit("Failed to preserve initial mount namespace");
6125 cret
= getcwd(cwd
, MAXPATHLEN
);
6126 log_exit("%s - Could not retrieve current working directory", strerror(errno
));
6128 /* This function calls unshare(CLONE_NEWNS) our initial mount namespace
6129 * to privately mount lxcfs cgroups. */
6130 if (!cgfs_setup_controllers())
6131 log_exit("Failed to setup private cgroup mounts for lxcfs");
6133 if (setns(init_ns
, 0) < 0)
6134 log_exit("%s - Failed to switch back to initial mount namespace", strerror(errno
));
6136 if (!cret
|| chdir(cwd
) < 0)
6137 log_exit("%s - Could not change back to original working directory", strerror(errno
));
6139 if (!init_cpuview())
6140 log_exit("Failed to init CPU view");
6145 static void __attribute__((destructor
)) lxcfs_exit(void)
6147 lxcfs_debug("%s\n", "Running destructor for liblxcfs");
6149 cgroup_exit(cgroup_ops
);