proc_fuse: cleanup proc_uptime_read() a little

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

proc_fuse: move get_reaper_busy() down

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

proc_loadavg: avoid needless memory allocation

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

proc_loadavg: remove dummy variable

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

proc_loadavg: use must_* alloc helpers

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

proc_fuse: use zalloc()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxcfs: free opts on lxcfs binary exit

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

bindings: avoid dynamic stack allocations in clone()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

bindings: wipe initpid cache on library reload

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

proc_loadavg: simplify calc_pid()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

proc_loadavg(): use strdup() in calc_pid()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

macro: use ISO C compatible __typeof__

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

proc_loadavg: replace malloc() with asprintf() in calc_pid()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

proc_loadavg: don't leak getline() memory

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

proc_loadavg: ensure pointer is NULL when passing to calc_pid()

We passed down an uninitialized pointer that we then pass to realloc()
which is problematic since it contains garbage.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

proc_loadavg: don't leak getline() memory in calc_pid()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

bindings: s/get_init_pid_for_task()/scm_init_pid()/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cpuview: fix /proc/stat virtualization

Closes: #406.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

bindings: cleanup init pid verification

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

bindings: cleanup cache locking

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

bindings: use brackets to make logic clearer

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

bindings: make opts pointer const

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

bindings: fix init pid hashing

We were stupidly always hashing entry->ino where entry was just freshly
allocated zeroed-memory so we effectively added stuff to the cache
forever but this meant:
- we never found a match when we hashed the actual inode
- we kept growing the cache
- we leaked memory

Closes: #407.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

coverity: Use build custom build script

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Fix https://github.com/lxc/lxcfs/issues/404

reset  read_pos=0 after building usage_str

Signed-off-by: Joseph Moore <joemoore1123@gmail.com>

sysfs_fuse: remove logically dead code

Fixes: Coverity 357808.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

sysfs: cpuinfo: show cgroup cpuset value

To stop the immediate bleeding.

Closes #401.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

proc_fuse: silence error when we find no memlimit

We get a positive result with an empty string if we do not
encounter any limits while walking up the cgroup.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

Release LXCFS 4.0.3

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

proc_fuse: improve swap calculation

Stéphane has been running into issues with wrong sawp limits. The logic
he suggested does:
- if memory == memory+swap, we list both at the memlimit for total size
- if memory+swap is larger than memory, then we add the extra amount to
  total swap but still cap to physical swap limit

We came to the conclusion that this is currently the best approach as we
show the mem limit as both Memory and Swap so advertising twice as much
as allowed but there's no way around that really or we'd need to
dynamically update both MemTotal and SwapTotal based on what's used to
keep MemTotal+SwapTotal == limit that's certainly doable but it will be
somewhat racy and also likely confused userspace more than mis-reporting
swap.

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: simplify cgroup_walkup_to_root()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: please Coverity

Fixes: Coverity 355759.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

tests: correctly skip readdir test

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: more cgroup2 fun

Try too read a valid value from a given cgroup file. If it is a legacy
cgroup hierarchy and we fail to find a valid value we terminate early
and report an error.
The cgroup2 hierarchy however, has different semantics. In a few
controller files it will show the value "max" or simply leave it
completely empty thereby indicating that no limit has been set for this
particular cgroup.  However, that doesn't mean that there's no limit. A
cgroup further up the hierarchy could have a limit set that also applies
to the cgroup we are interested in. So for the unified cgroup hierarchy
we need to keep walking towards the cgroup2 root cgroup and try to parse
a valid value.

Fixes: #389.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

bindings: use zalloc()

Fixes: Coverity 355747.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

utils: fix recv_creds()

Fixes: Coverity 355704.
Fixes: Coverity 355718.
Fixes: Coverity 355738.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxcfs: don't cause a uaf

Fixes: Coverity 355711.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroup_fuse: be cautios when dereferencing d->controller

Fixes: Coverity 355712.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

bindings: do not falsely return

This may also explain some of the performance regressions that Blub\0
reported.

Fixes: Coverity 355716.
Cc: Wolfgang Bumiller <w.bumiller@proxmox.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroup_fuse: s/clone/lxcfs_clone/g

Fixes: Coverity 355713.
Fixes: Coverity 355723.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxcfs: remove fl.* prefix

Fixes: Coverity 355708.
Fixes: Coverity 355702.
Fixes: Coverity 355729.
Fixes: Coverity 355735.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroup_fuse: do not double-close

Fixes: Coverity 355703.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

.travis: fix coverity

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

memory_utils: make it easier for Coverity

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

travis: enable coverity integration

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

relax init pid store locking a bit

So we don't keep holding it throughout the expensive the
fork/clone/send cycle of figuring out a namespace's init
pid.

Also change some functions to pass the init namespace inode
instead of the process' struct stat, so that it is obvious
that we don't use other parts of the stat info. The reason
is that we previously acquired the store lock before doing
the call to `stat()` and therefore it may not be immediately
obvious that things such as the timestamps found inside the
`struct stat` are not contributing to any race between the
multiple acquisitions of the store lock.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

Fix #387. Include `:` in matching of lines in /proc/meminfo

Some lines of /proc/meminfo can be prefixes of the other,
e.g. `Writeback:` and `WritebackTmp:`

This means that in order to to precise match, the code should always match up until `:`

Signed-off-by: Dmitry Petrashko <dark@d-d.me>

Release LXCFS 4.0.2

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

tests: Handle different lib paths

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

proc_fuse: fix swap calculations

The sscanf() line got removed on accident.

Closes #384.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

tree-wide: add and use syscall_numbers.h

The same thing that I did for LXC.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

proc_fuse: improve /proc/uptime virtualization

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

proc_fuse: memory virtualization improvements

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

proc_fuse: improve /proc/meminfo

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Release LXCFS 4.0.1

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

cgroup_fuse: actually make asz check mean something

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

tests: Silence build output

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

cgroup_utils: remove dot_or_empty()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroup_fuse: rework cgfs_iterate_cgroup()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroup_fuse: rework cgfs_set_value()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroup_fuse: rework open_pids_file()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroup_fuse: rework cgfs_chown_file()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroup_fuse: rework cgfs_chmod_file()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroup_fuse: rework cgfs_remove()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroup_fuse: rework cgfs_create()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroup_fuse: rework cgfs_get_key()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroup_fuse: rework is_child_cgroup()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

tree-wide: remove is_relative() and use must_make_path_relative()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

tree-wide: add and use must_make_path_relative()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

proc_cpuview: fix compiler warning

proc_cpuview.c: In function ‘read_cpu_cfs_param’:
proc_cpuview.c:440:39: error: use of assignment suppression and length modifier together in gnu_scanf format [-Werror=format=]
  440 |  if (sscanf(str, first ? "%" PRId64 : "%*" PRId64 " %" PRId64, value) != 1)
      |                                       ^~~~

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

proc_loadvg: fixes

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

utils: shut up compiler

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: remove unused function

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

tree-wide: fix dot_or_empty()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

tree-wide: memory utils improvements

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroup_fuse: fix cgroupfs virtualization needed on non-cgns systems

This also removes "default_permissions" again.
We can't use default_permissions since we still support systems that
don't have kernels with cgroup namespace support. On such kernels lxcfs
will provide a namespaced cgroup view and needs explicit access helpers
to make that work.
Another reason that came to me is that we can't or at least shouldn't
guarantee that we don't need more complicated access helpers for proc
and sys virtualization in the future.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

bindings: introduce set_signal_handler

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

test_sigusr2: improve tests

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

proc_fuse: remove unused variable

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

test_proc: add SIGUSR2 virtualization switch tests

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

bindings: allow users to switch between virtualization and non-virtualization mode

When LXCFS has a bug and provides wrong or inconsistent values user
often want to turn off virtualization until we have figured out a fix
and rollout an upgrade to reload the shared library. Allow them to
toggle between virtualization mode and non-virtualization mode by
sending SIGUSR2 to lxcfs:

 Kernel supports pidfds
 api_extensions:
 - cgroups
 - sys_cpu_online
 - proc_cpuinfo
 - proc_diskstats
 - proc_loadavg
 - proc_meminfo
 - proc_stat
 - proc_swaps
 - proc_uptime
 - shared_pidns
 - cpuview_daemon
 - loadavg_daemon
 - pidfds
 Switched into non-virtualization mode
 Switched into virtualization mode
 Switched into non-virtualization mode
 Switched into virtualization mode
 Switched into non-virtualization mode

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

tree-wide: use {u}int64_t types

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

proc_fuse: port to uint64_t

Using unsigned long and uint64_t is problematic on 32bit.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

usage: Fix lxcfs description

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

usage: Fix cfs help

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

liblxcfs: handle broken upgrade gracefully

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

bindings: make constructor failures non-fatal

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

tree-wide: mark lxcfs fuse ops

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

bindings: handle current working directory on upgrade

Recenly I've made failures to run the constructor or destructor fatal.
Mostly, because we can't guarantee correct functionality if they fail.
In fact we can't do anything useful at all (Maybe I can come up with
something more useful soon.)
In any case, this surfaced a bug where on systems that replace/delete
the current workding directory of lxcfs will cause the constructor to
crash on reload because the path that getcwd() returns does not exist
anymore. Fix this by always escaping to root after the construtor has
run but also make it optional in case someone is messing with chroot()s
or other things.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

tree-wide: add missing O_CLOEXEC

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

configure: add -Wvla and -std=gnu11

Both are standard in LXC for a long time now. And gcc-4.8 which is the
minimal compiler version we require (same as the Linux kernel) deals
with this.

Closes #362.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

proc_fuse: fix meminfo with unified cgroup layout

Signed-off-by: Jonathan Calmels <jbjcalmels@gmail.com>

proc_cpuview: add minimal support for unified cgroup layout

Signed-off-by: Jonathan Calmels <jbjcalmels@gmail.com>

Release LXCFS 4.0.0

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Merge pull request #358 from stgraber/master

travis: Enable all architectures

tests: Append to LD_LIBRARY_PATH

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

travis: Pass env through sudo

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

travis: Add uuid-runtime

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

tests: Don't overwrite LD_LIBRARY_PATH

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

gitignore: Add dirstamp

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>