Use mem cgroups if the kernel is built with CONFIG_MEMCG=y,
additionally add system group.
test: verified on both kernel with/without memcg enabled
Change-Id: Ib9d1c8e3c797e75f160e0e92edf3f11c9d8e9f17
libprocessgroup kills the cgroup associated with a given pid and uid,
but not the POSIX process group associated with it. This means that
to kill both, two of the same signals must be sent, which may cause
some issues.
This change kills all POSIX process groups whose group leaders are
found within a cgroup. It only then kills processes in the cgroup
that are not part of the POSIX process groups that have been killed.
Bug: 37853905
Bug: 62418791
Test: Boot, kill zygote, reboot
Change-Id: Id1d96935745899b4c454c36c351ec16a0b1d3827
- killProcessGroup retries if it fails while
killProcessGroupOnce only tries once.
- useful for sending signal like SIGTERM once.
bug: 36696408
Test: will add usage to init
Change-Id: Ia1e3d4ec848e785a3238f262b02914695cded4c7
This lets us see what's going on in init.
Bug: http://b/29751426
Merged-In: I73432dc7608ca0dc8e421a2f3a750b37c6743f62
Change-Id: I73432dc7608ca0dc8e421a2f3a750b37c6743f62
Put every service into a process group, kill the process group
and all child processes created within the group when killing the
service. Removed libutil dependency in libprocessgroup.
Bug: 25355957
Change-Id: Ieed60ec41579f638ab9b1e66a7e6330ed578ab05
Signed-off-by: Collin Mulliner <collinrm@squareup.com>
Commit b82bab66 introduced the use of memory cgroups for keeping track
of forked PIDs; it basically creates a separate memory cgroup for every
process forked from zygote.
Each such memory cgroup which also have its own LRU with (in)active file
and anonymous pages. The current theory is this could potentially introduce
two problems:
1) kswapd runs longer because it has to iterate over the LRUs of all mem
cgroups, instead of over the LRUs of a single root mem cgroup;
2) the way kswapd reclaims things will be different also - I think it will
tend to bias reclaim to smaller mem cgroups, and process private pages
will end up on ZRAM swap much sooner.
Until we figure this out, fall back to the CPU accounting cgroup for keeping
track of forked PIDs. This leaves us with a single root mem cgroup again. We
can also keep userspace lmkd enabled because it only requires the root mem
cgroup.
Bug: 27381069
Change-Id: Ife397a6ac232761f2adfe6f5056582be0d1b4ff1
libprocessgroup checks whether it can use memory
cgroups for keeping track of forked processes by
seeing whether /dev/memcg/apps is writable. However,
on systems with memory cgroups disabled, SELinux
(correctly) no longer classifies this directory as a cgroup,
and starts denying zygote access. To fix this,
first check whether /dev/memcg/apps/tasks exists to
see if the cgroup is mounted; only then check whether
we can write to the directory.
Bug: 27046965
Change-Id: I6e44cd62d8c396e20ceb162c50606b3e86f2cb3e
It turns out we were using the CPU accounting
cgroups for keeping track of processes that were
forked by an app without the framework's knowledge,
so we could kill all of them reliably (see b/15313911
for context).
Since we want to use memory cgroups for other purposes,
we might as well use memory cgroups for tracking forked
PIDs if they're enabled. This also gets us automatic cleanup
of empty mem cgroups.
Also, removed old mem cgroup mount point that is no
longer used, as well as cgroup release agent code that
we're not using.
Change-Id: I69d5cc31c162ffa49ef6945755f41381e306cc8b
to make the function faster on average. Since killing a process
takes about 40-60ms on a recent device, the previous logic tends
to sleep too long. This CL does not significantly change the total
timeout (old code: 204ms, new code: 200ms).
Bug: 21813611
Change-Id: Ica44b2437ccccaebadcf585d7a09d993ce71a499
Make a format string match the type of the parameter it represents
Change-Id: I0af88636448084b56450996ea9dafdba3c1fd2a3
Signed-off-by: Bernhard Rosenkränzer <Bernhard.Rosenkranzer@linaro.org
Currently, mkdirAndChown takes parameters for mode, uid and gid, but
ignores them and hardcodes 0750, AID_SYSTEM, AID_SYSTEM instead.
This doesn't matter much because so far its only invocation passes
exactly those values as parameters -- but clang complains about unused
parameters.
Might as well make the function do what it claims to do.
Change-Id: I5a8056be3278a0c5d0a576dbc061288aa0956a35
Signed-off-by: Bernhard Rosenkränzer <Bernhard.Rosenkranzer@linaro.org>
It looks like there were a couple problems in the code:
- It would not 0-terminate the string it read, to make sure we didn't
see garbage at the end.
- It didn't reduce buf_len as it processes data in the buffer, so if
we need to read more we will increase the buffer length to be longer
than the actual available data.
Also put in some logs about every thing we kill, so we can see what
is going on when debugging. And add a special check for us trying
to kill pid 0 for any reason, since doing so seem to be terminal to
the caller.
Change-Id: I2fe29bfef08938b8a2eb182475c0705c14d8d84f
removeAllProcessGroups and removeUidProcessGroups were calling
opendir, but never called closedir. This would leave a leaked
file descriptor for every /acct/uid_* directory that existed
at boot.
Change-Id: Ia08eccd42d6ad7a6c1c78402519ac2e53b4fc83a
libprocessgroup will allow Zygote to place processes
in a cgroup, and then kill the process and all forked processes
later. lmkd will also kill all forked processes.
Bug: 15313911
Change-Id: I20404d0dbe448f1c475d2f4c61cccca462f9e544