From bca17d16ca0dabbe1b533bb78f367d64e076fe73 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 14 Jul 2022 21:18:15 -0700 Subject: syscall: add CgroupFD support for ForkExec on Linux Implement CLONE_INTO_CGROUP feature, allowing to put a child in a specified cgroup in a clean and simple way. Note that the feature only works for cgroup v2, and requires Linux kernel 5.7 or newer. Using the feature requires a new syscall, clone3. Currently this is the only reason to use clone3, but the code is structured in a way so that other cases may be easily added in the future. Add a test case. While at it, try to simplify the syscall calling code in forkAndExecInChild1, which became complicated over time because: 1. It was using either rawVforkSyscall or RawSyscall6 depending on whether CLONE_NEWUSER was set. 2. On Linux/s390, the first two arguments to clone(2) system call are swapped (which deserved a mention in Linux ABI hall of shame). It was worked around in rawVforkSyscall on s390, but had to be implemented via a switch/case when using RawSyscall6, making the code less clear. Let's - modify rawVforkSyscall to have two arguments (which is also required for clone3); - remove the arguments workaround from s390 asm, instead implementing arguments swap in the caller (which still looks ugly but at least it's done once and is clearly documented now); - use rawVforkSyscall for all cases (since it is essentially similar to RawSyscall6, except for having less parameters, not returning r2, and saving/restoring the return address before/after syscall on 386 and amd64). Updates #51246. Change-Id: Ifcd418ebead9257177338ffbcccd0bdecb94474e Reviewed-on: https://go-review.googlesource.com/c/go/+/417695 Auto-Submit: Ian Lance Taylor Reviewed-by: Michael Knyszek Reviewed-by: Ian Lance Taylor Run-TryBot: Ian Lance Taylor Run-TryBot: Kirill Kolyshkin TryBot-Result: Gopher Robot --- api/next/51246.txt | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'api/next') diff --git a/api/next/51246.txt b/api/next/51246.txt index ae583cf1da..b00f540466 100644 --- a/api/next/51246.txt +++ b/api/next/51246.txt @@ -8,6 +8,8 @@ pkg syscall (linux-386), const CLONE_NEWTIME = 128 #51246 pkg syscall (linux-386), const CLONE_NEWTIME ideal-int #51246 pkg syscall (linux-386), const CLONE_PIDFD = 4096 #51246 pkg syscall (linux-386), const CLONE_PIDFD ideal-int #51246 +pkg syscall (linux-386), type SysProcAttr struct, CgroupFD int #51246 +pkg syscall (linux-386), type SysProcAttr struct, UseCgroupFD bool #51246 pkg syscall (linux-386-cgo), const CLONE_CLEAR_SIGHAND = 4294967296 #51246 pkg syscall (linux-386-cgo), const CLONE_CLEAR_SIGHAND ideal-int #51246 pkg syscall (linux-386-cgo), const CLONE_INTO_CGROUP = 8589934592 #51246 @@ -18,6 +20,8 @@ pkg syscall (linux-386-cgo), const CLONE_NEWTIME = 128 #51246 pkg syscall (linux-386-cgo), const CLONE_NEWTIME ideal-int #51246 pkg syscall (linux-386-cgo), const CLONE_PIDFD = 4096 #51246 pkg syscall (linux-386-cgo), const CLONE_PIDFD ideal-int #51246 +pkg syscall (linux-386-cgo), type SysProcAttr struct, CgroupFD int #51246 +pkg syscall (linux-386-cgo), type SysProcAttr struct, UseCgroupFD bool #51246 pkg syscall (linux-amd64), const CLONE_CLEAR_SIGHAND = 4294967296 #51246 pkg syscall (linux-amd64), const CLONE_CLEAR_SIGHAND ideal-int #51246 pkg syscall (linux-amd64), const CLONE_INTO_CGROUP = 8589934592 #51246 @@ -28,6 +32,8 @@ pkg syscall (linux-amd64), const CLONE_NEWTIME = 128 #51246 pkg syscall (linux-amd64), const CLONE_NEWTIME ideal-int #51246 pkg syscall (linux-amd64), const CLONE_PIDFD = 4096 #51246 pkg syscall (linux-amd64), const CLONE_PIDFD ideal-int #51246 +pkg syscall (linux-amd64), type SysProcAttr struct, CgroupFD int #51246 +pkg syscall (linux-amd64), type SysProcAttr struct, UseCgroupFD bool #51246 pkg syscall (linux-amd64-cgo), const CLONE_CLEAR_SIGHAND = 4294967296 #51246 pkg syscall (linux-amd64-cgo), const CLONE_CLEAR_SIGHAND ideal-int #51246 pkg syscall (linux-amd64-cgo), const CLONE_INTO_CGROUP = 8589934592 #51246 @@ -38,6 +44,8 @@ pkg syscall (linux-amd64-cgo), const CLONE_NEWTIME = 128 #51246 pkg syscall (linux-amd64-cgo), const CLONE_NEWTIME ideal-int #51246 pkg syscall (linux-amd64-cgo), const CLONE_PIDFD = 4096 #51246 pkg syscall (linux-amd64-cgo), const CLONE_PIDFD ideal-int #51246 +pkg syscall (linux-amd64-cgo), type SysProcAttr struct, CgroupFD int #51246 +pkg syscall (linux-amd64-cgo), type SysProcAttr struct, UseCgroupFD bool #51246 pkg syscall (linux-arm), const CLONE_CLEAR_SIGHAND = 4294967296 #51246 pkg syscall (linux-arm), const CLONE_CLEAR_SIGHAND ideal-int #51246 pkg syscall (linux-arm), const CLONE_INTO_CGROUP = 8589934592 #51246 @@ -48,6 +56,8 @@ pkg syscall (linux-arm), const CLONE_NEWTIME = 128 #51246 pkg syscall (linux-arm), const CLONE_NEWTIME ideal-int #51246 pkg syscall (linux-arm), const CLONE_PIDFD = 4096 #51246 pkg syscall (linux-arm), const CLONE_PIDFD ideal-int #51246 +pkg syscall (linux-arm), type SysProcAttr struct, CgroupFD int #51246 +pkg syscall (linux-arm), type SysProcAttr struct, UseCgroupFD bool #51246 pkg syscall (linux-arm-cgo), const CLONE_CLEAR_SIGHAND = 4294967296 #51246 pkg syscall (linux-arm-cgo), const CLONE_CLEAR_SIGHAND ideal-int #51246 pkg syscall (linux-arm-cgo), const CLONE_INTO_CGROUP = 8589934592 #51246 @@ -58,3 +68,5 @@ pkg syscall (linux-arm-cgo), const CLONE_NEWTIME = 128 #51246 pkg syscall (linux-arm-cgo), const CLONE_NEWTIME ideal-int #51246 pkg syscall (linux-arm-cgo), const CLONE_PIDFD = 4096 #51246 pkg syscall (linux-arm-cgo), const CLONE_PIDFD ideal-int #51246 +pkg syscall (linux-arm-cgo), type SysProcAttr struct, CgroupFD int #51246 +pkg syscall (linux-arm-cgo), type SysProcAttr struct, UseCgroupFD bool #51246 -- cgit v1.3