Serge Hallyn [Mon, 7 Mar 2016 23:50:50 +0000 (15:50 -0800)]
meminfo_read: return 0 for Slab
Slab: is supposed to be the "in-kernel data structures cache". I don't
know of a good way to calculate this from memory cgroup info. If/when
we find it we can update it. This value is used by free -m meaning
that if we don't shrink it, we can end up with negative values for
used memory.
Serge Hallyn [Tue, 23 Feb 2016 19:52:22 +0000 (11:52 -0800)]
Add upstart and systemd init jobs
Mostly copied from the Ubuntu package.
Note someone still needs to write the bsd and gentoo init
scripts. (You can look at the sysvinit jobs here and the
bsd+gentoo jobs in git://github.com/lxc/cgmanager for
inspiration).
Serge Hallyn [Thu, 18 Feb 2016 18:10:16 +0000 (10:10 -0800)]
pid_from_ns_wrapper: remove the loop
If we clone a child which can't reply to us within the timeout, do
not keep looping, just return an error. Commonize the function
superficially to make it look like pid_to_ns_wrapper(). Presumably
we can now merge these into one function, that's left for later.
Because of the different signatures of fork() and clone(),
pid_to_ns and pid_from_ns get an additional wrapper that is
passed to clone(). To pass the needed arguments to
pid_ns_clone_wrapper, a new struct called pid_ns_clone_args
is introduced.
The return type of pid_to_ns and pid_from_ns need to be
changed to int, returning equals exiting with clone().
(serge - inline fix of erorr typo which bled through from the original)
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
cgfs_list_children() and cgfs_list_keys() follow the same
pattern with the differences being that one lists
directories, the other files, and that cgfs_list_children()
always allocates an empty list while cgfs_list_keys()
NULL-initializes the list.
Both have a case which returns an error after a list has
been allocated, and in both cases the cleanup code is
guarded with an if(list).
In both cases on success the caller assumes the list is
non-empty which is why cgfs_list_children() returned a list
with a terminating NULL-entry.
This deduplicates the iteration code into a function with a
flag for whether regular files or directories are of
interest and a callback to create the list element.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
We already assume tmp[] is big enough when using an unsized
sprintf(), considering it contains a single pid number and
is 30 bytes we can assume it was also big enough to hold the
terminating null byte.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Mon, 1 Feb 2016 11:21:01 +0000 (12:21 +0100)]
Make the bulk of the lxcfs code reloadable
Move the majority of the code (the bits most likely to have security
bugs coming up) reloadable. Sending USR1 signal to lxcfs will cause
it to reload the shared library so as to immediately start using the
fixed code. This allows us to upgrade lxcfs in the majority of
cases without having to restart containers.
To achieve this, some code was moved around so that lxcfs.c itself
does not risk pinning any symbols from the shared library (which
would prevent it being unloaded). We track the number of threads
currently using the bindings, and do the reload after it hits
zero (specifically, the next time that we turn the count from 0 to 1)
Also add a test case to make sure an updated library does in fact
get loaded.
Seth Forshee [Thu, 28 Jan 2016 16:17:42 +0000 (17:17 +0100)]
Remove unused chunks in caching code
Several pieces of code which deal with caching contents for proc
files contain code like this:
if (l >= cache_size) {
...
goto err;
}
if (l < cache_size) {
...
} else {
...
}
When the first condition is false the second condition will
always be true, so the code in the else block is never used.
The second if/else statement can then just be replaced with the
code from the if block.
Serge Hallyn [Thu, 28 Jan 2016 13:48:19 +0000 (14:48 +0100)]
tests: update to handle lxcfs virtualizing based on init
lxcfs used to use $current's cgroups to virtualize proc, but
switched in 0.17 to using $current's init's cgroups. The
tests need to be updated to reflect that.
Serge Hallyn [Fri, 22 Jan 2016 02:21:13 +0000 (18:21 -0800)]
simplify getreaperage
We don't need to switch to their ns, mount their proc, and check /proc/1.
Just find out their init pid using scm credentials and check /pid/$initpid
in our own procfs.
When no limit is specified using lxc.cgroup.memory.memsw.limit_in_bytes,
overflow occurs while calculating Swap{Total,Free}. Commit a2de34b tried
to fix this, but introduced another bug, wherein if
memory.memsw.limit_in_bytes >= memory.limit_in_bytes, then Swap{Total,Free}
are not shown as expected.
cgfs: make dorealloc allocate the first batch, too
With a short first line the case can be
*mem = NULL
oldlen = 0
newlen = 5 (anything < 50)
making newbatches == oldbatches == 1 causing the
(newbatches <= oldbatches)
condition to be true.
Let realloc() handle *mem==NULL and use
(!*mem || newbatches > oldbatches) as the only condition.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Thu, 7 Jan 2016 19:17:17 +0000 (11:17 -0800)]
dorealloc: avoid extra reallocs
The original check was very wrong, using % instead of /. However
the length we track is the actual used length, not the allocated
length, which is always (len / BATCH_SIZE) + 1. We don't want
to realloc when newlen is between oldlen and (oldlen / BATCH_SIZE) + 1)
getline() returns the length which can be passed to
append_line to avoid a strlen() call.
Additionally with the length already known memcpy() can be
used instead of strcpy(). A +1 to the length will include
the terminating null byte as it is included in getline(3)'s
output.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
The initial check should use real lengths as with modulo a
new required length of eg. 52 would be considered smaller
than an old length of 48 (2 < 48).
To get the 'batches' count 'newlen' must be divided and not
taken modulo BATCH_SIZE. Otherwise '101', which would need a
3rd batch to reach 150, would end up with two (2*50 = 100
bytes) and thereby be truncated instead.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
If the first realloc() call fails then 'd' becomes NULL,
subsequent realloc() retries will behave like malloc() and
the the original src pointer is never freed. Further more
the newly allocated data then contains uninitialized data
where the previous pids had been stored.
Avoid this by passing the the original pointer from '*src'
to realloc().
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
- reaper_busy was off by a factor of 10 (possibly originally
for precision?)
- get_pid1_time was expecting a '1' byte like in
the pid_to/from_ns_wrapper functions instead of reading its
value which is what is actually written
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>