1 /* Copyright 2005 Princeton University
3 Redistribution and use in source and binary forms, with or without
4 modification, are permitted provided that the following conditions
7 * Redistributions of source code must retain the above copyright
8 notice, this list of conditions and the following disclaimer.
10 * Redistributions in binary form must reproduce the above
11 copyright notice, this list of conditions and the following
12 disclaimer in the documentation and/or other materials provided
13 with the distribution.
15 * Neither the name of the copyright holder nor the names of its
16 contributors may be used to endorse or promote products derived
17 from this software without specific prior written permission.
19 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
20 "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
21 LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
22 A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL PRINCETON
23 UNIVERSITY OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
24 INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
25 BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
26 OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
27 AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY
29 WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30 POSSIBILITY OF SUCH DAMAGE.
45 #include <sys/resource.h>
51 #include "planetlab.h"
53 #ifndef VC_NXC_RAW_SOCKET
54 # define VC_NXC_RAW_SOCKET 0x00000200ull
56 #ifndef VC_NXC_RAW_SEND
57 # define VC_NXC_RAW_SEND 0x00000400ull
59 #ifndef VC_NXF_LBACK_ALLOW
60 # define VC_NXF_LBACK_ALLOW 0x00000400ull
64 create_context(xid_t ctx, uint64_t bcaps, uint32_t unshare_flags)
66 struct vc_ctx_caps vc_caps;
67 struct vc_net_flags vc_nf;
68 struct vc_net_caps vc_ncaps;
70 /* Create network context */
71 if (vc_net_create(ctx) == VC_NOCTX) {
77 /* Make the network context persistent */
78 vc_nf.mask = vc_nf.flagword = VC_NXF_PERSISTENT | VC_NXF_LBACK_ALLOW;
79 if (vc_set_nflags(ctx, &vc_nf))
82 /* Give it raw sockets capabilities */
83 vc_ncaps.ncaps = vc_ncaps.cmask = VC_NXC_RAW_ICMP | VC_NXC_RAW_SOCKET;
84 if (vc_set_ncaps(ctx, &vc_ncaps))
88 /* Create tag context */
89 if (vc_tag_create(ctx) == VC_NOCTX)
95 * Create context info - this sets the STATE_SETUP and STATE_INIT flags.
97 if (vc_ctx_create(ctx, 0) == VC_NOCTX)
100 if (unshare_flags != 0) {
101 unshare(unshare_flags);
102 unshare_flags |= vc_get_space_mask();
103 //printf("vc_set_namespace(%d, %X)\n", ctx, unshare_flags);
104 //vc_set_namespace(ctx, unshare_flags);
107 /* Set capabilities - these don't take effect until SETUP flag is unset */
108 vc_caps.bcaps = bcaps;
109 vc_caps.bmask = ~0ULL; /* currently unused */
110 vc_caps.ccaps = 0; /* don't want any of these */
111 vc_caps.cmask = ~0ULL;
112 if (vc_set_ccaps(ctx, &vc_caps))
115 if (pl_setsched(ctx, 0, 1) < 0) {
116 PERROR("pl_setsched(%u)", ctx);
124 pl_setup_done(xid_t ctx)
126 struct vc_ctx_flags vc_flags;
128 /* unset SETUP flag - this allows other processes to migrate */
129 /* set the PERSISTENT flag - so the context doesn't vanish */
130 /* Don't clear the STATE_INIT flag, as that would make us the init task. */
131 vc_flags.mask = VC_VXF_STATE_SETUP|VC_VXF_PERSISTENT;
132 vc_flags.flagword = VC_VXF_PERSISTENT;
133 if (vc_set_cflags(ctx, &vc_flags))
139 #define RETRY_LIMIT 10
142 pl_chcontext(xid_t ctx, uint64_t bcaps, const struct sliver_resources *slr,
146 int net_migrated = 0;
148 if (pl_set_ulimits(slr) != 0)
153 struct vc_ctx_flags vc_flags;
155 if (vc_get_cflags(ctx, &vc_flags))
157 uint32_t unshare_flags;
161 /* Always unshare the net namespace for a new context */
162 unshare_flags = CLONE_NEWNET;
164 /* context doesn't exist - create it */
165 if (create_context(ctx, bcaps, unshare_flags))
168 /* another process beat us in a race */
171 /* another process is creating - poll the SETUP flag */
176 /* created context and migrated to it i.e., we're done */
180 /* check the SETUP flag */
181 if (vc_flags.flagword & VC_VXF_STATE_SETUP)
183 /* context is still being setup - wait a while then retry */
184 if (retry_count++ >= RETRY_LIMIT)
193 /* context has been setup */
195 if (net_migrated || !vc_net_migrate(ctx))
197 uint32_t unshare_flags;
199 /* Unshare the net namespace if requested in the slice config */
200 unshare_flags = unshare_netns ? CLONE_NEWNET : 0;
202 if (unshare_flags != 0) {
203 unshare_flags |=vc_get_space_mask();
204 //printf("vc_enter_namespace(%d, %X)\n", ctx, unshare_flags);
205 //vc_enter_namespace(ctx, unshare_flags);
208 if (!vc_tag_migrate(ctx) && !vc_ctx_migrate(ctx, 0))
213 /* context disappeared - retry */
219 /* it's okay for a syscall to fail because the context doesn't exist */
220 #define VC_SYSCALL(x) \
224 return errno == ESRCH ? 0 : -1; \
229 pl_setsched(xid_t ctx, uint32_t cpu_min, uint32_t cpu_share)
231 struct vc_set_sched vc_sched;
232 struct vc_ctx_flags vc_flags;
234 vc_sched.set_mask = (VC_VXSM_FILL_RATE | VC_VXSM_INTERVAL | VC_VXSM_TOKENS |
235 VC_VXSM_TOKENS_MIN | VC_VXSM_TOKENS_MAX | VC_VXSM_MSEC |
236 VC_VXSM_FILL_RATE2 | VC_VXSM_INTERVAL2 | VC_VXSM_FORCE);
237 vc_sched.fill_rate = cpu_min; /* percent reserved */
238 vc_sched.interval = 100;
239 vc_sched.fill_rate2 = cpu_share; /* best-effort fair share of unreserved */
240 vc_sched.interval2 = 1000; /* milliseconds */
241 vc_sched.tokens = 100; /* initial allocation of tokens */
242 vc_sched.tokens_min = 50; /* need this many tokens to run */
243 vc_sched.tokens_max = 100; /* max accumulated number of tokens */
246 if (cpu_share == (uint32_t)VC_LIM_KEEP)
247 vc_sched.set_mask &= ~(VC_VXSM_FILL_RATE|VC_VXSM_FILL_RATE2);
249 vc_sched.set_mask |= VC_VXSM_IDLE_TIME;
252 VC_SYSCALL(vc_set_sched(ctx, &vc_sched));
254 vc_flags.mask = VC_VXF_SCHED_FLAGS;
255 vc_flags.flagword = VC_VXF_SCHED_HARD;
256 VC_SYSCALL(vc_set_cflags(ctx, &vc_flags));
266 struct pl_resources {
270 unsigned long long *limit;
271 unsigned long int *personality;
275 #define WHITESPACE(buffer,index,len) \
276 while(isspace((int)buffer[index])) \
277 if (index < len) index++; else goto out;
279 #define VSERVERCONF "/etc/vservers/"
282 pl_get_limits(const char *context, struct sliver_resources *slr)
286 size_t len = strlen(VSERVERCONF) + strlen(context) + NULLBYTE_SIZE;
287 char *conf = (char *)malloc(len + strlen("rlimits/openfd.hard"));
288 struct pl_resources *r;
289 struct pl_resources sliver_list[] = {
290 {"sched/fill-rate2", TYPE_LONG, &slr->vs_cpu},
292 {"rlimits/nproc.hard", TYPE_LONG, &slr->vs_nproc.hard},
293 {"rlimits/nproc.soft", TYPE_LONG, &slr->vs_nproc.soft},
294 {"rlimits/nproc.min", TYPE_LONG, &slr->vs_nproc.min},
296 {"rlimits/rss.hard", TYPE_LONG, &slr->vs_rss.hard},
297 {"rlimits/rss.soft", TYPE_LONG, &slr->vs_rss.soft},
298 {"rlimits/rss.min", TYPE_LONG, &slr->vs_rss.min},
300 {"rlimits/as.hard", TYPE_LONG, &slr->vs_as.hard},
301 {"rlimits/as.soft", TYPE_LONG, &slr->vs_as.soft},
302 {"rlimits/as.min", TYPE_LONG, &slr->vs_as.min},
304 {"rlimits/openfd.hard", TYPE_LONG, &slr->vs_openfd.hard},
305 {"rlimits/openfd.soft", TYPE_LONG, &slr->vs_openfd.soft},
306 {"rlimits/openfd.min", TYPE_LONG, &slr->vs_openfd.min},
308 {"personality", TYPE_PERS, &slr->personality},
313 sprintf(conf, "%s%s", VSERVERCONF, context);
315 slr->vs_rss.hard = VC_LIM_KEEP;
316 slr->vs_rss.soft = VC_LIM_KEEP;
317 slr->vs_rss.min = VC_LIM_KEEP;
319 slr->vs_as.hard = VC_LIM_KEEP;
320 slr->vs_as.soft = VC_LIM_KEEP;
321 slr->vs_as.min = VC_LIM_KEEP;
323 slr->vs_nproc.hard = VC_LIM_KEEP;
324 slr->vs_nproc.soft = VC_LIM_KEEP;
325 slr->vs_nproc.min = VC_LIM_KEEP;
327 slr->vs_openfd.hard = VC_LIM_KEEP;
328 slr->vs_openfd.soft = VC_LIM_KEEP;
329 slr->vs_openfd.min = VC_LIM_KEEP;
331 slr->personality = 0;
333 cwd = open(".", O_RDONLY);
335 perror("cannot get a handle on .");
338 if (chdir(conf) == -1) {
339 fprintf(stderr, "cannot chdir to ");
344 for (r = &sliver_list[0]; r->name; r++) {
346 fb = fopen(r->name, "r");
349 if (fgets(buf, sizeof(buf), fb) != NULL) {
351 /* remove trailing newline */
352 if (buf[len-1] == '\n') {
356 if ( (r->type == TYPE_LONG) && isdigit(*buf)) {
357 *r->limit = atoi(buf);
358 } else if ( (r->type == TYPE_PERS) && isalpha(*buf)) {
359 unsigned long int res;
360 res = vc_str2personalitytype(buf,len);
361 if (res != VC_BAD_PERSONALITY) {
362 *r->personality = res;
378 adjust_lim(const struct vc_rlimit *vcr, struct rlimit *lim)
381 if (vcr->min != VC_LIM_KEEP) {
382 if (vcr->min > lim->rlim_cur) {
383 lim->rlim_cur = vcr->min;
386 if (vcr->min > lim->rlim_max) {
387 lim->rlim_max = vcr->min;
392 if (vcr->soft != VC_LIM_KEEP) {
393 switch (vcr->min != VC_LIM_KEEP) {
395 if (vcr->soft < vcr->min)
398 lim->rlim_cur = vcr->soft;
403 if (vcr->hard != VC_LIM_KEEP) {
404 switch (vcr->min != VC_LIM_KEEP) {
406 if (vcr->hard < vcr->min)
409 lim->rlim_max = vcr->hard;
417 set_one_ulimit(int resource, const struct vc_rlimit *limit)
420 getrlimit(resource, &lim);
421 adjust_lim(limit, &lim);
422 setrlimit(resource, &lim);
426 set_personality(unsigned long int personality_arg)
428 if (personality_arg == 0)
430 if (personality(personality_arg) < 0) {
437 pl_set_ulimits(const struct sliver_resources *slr)
442 set_one_ulimit(RLIMIT_RSS, &slr->vs_rss);
443 set_one_ulimit(RLIMIT_AS, &slr->vs_as);
444 set_one_ulimit(RLIMIT_NPROC, &slr->vs_nproc);
445 set_one_ulimit(RLIMIT_NOFILE, &slr->vs_openfd);
446 return set_personality(slr->personality);