feat(cgroup): 实现cgroup mvp版本#1826
feat(cgroup): 实现cgroup mvp版本#1826Vitus213 wants to merge 27 commits intoDragonOS-Community:masterfrom
Conversation
Vitus213
commented
Mar 23, 2026
Vitus213
commented
- 实现cgroup v2文件系统
- 实现cgroup 树
- 实现cgroup在不同pid 下的相对视图
- 实现进程从出生开始就被cgroup pid 作用域限制
- derive Rust components from kernel/rust-toolchain.toml
- auto-add required components (cargo/rustc/rust-std) when missing
- emit trace warning when required components are absent in toml
- prioritize ${rust-toolchain}/bin in nix run yolo and devShell shellHook
- document fixed-output sha256 update workflow
- keep fixed-output hash strategy for reproducibility
This avoids cargo/rustc drift caused by PATH/toolchain mixing across Nix entrypoints.
# Conflicts: # .agents/skills/bug-hunter/SKILL.md # .agents/skills/bug-hunter/scripts/debate_picker.py # .agents/skills/bug-hunter/scripts/redact_sensitive.py # .agents/skills/bug-hunter/scripts/render_report.py # .agents/skills/bug-hunter/scripts/run_pipeline.py # .agents/skills/bug-hunter/scripts/semantic_bucket.py # .agents/skills/bug-hunter/scripts/shuffle_diff.py # .agents/skills/bug-hunter/scripts/update_resolution_history.py # .agents/skills/bug-hunter/scripts/weighted_vote.py # .agents/skills/bug-hunter/subskills/bug-hunter-stage1-input-randomization/SKILL.md # .agents/skills/bug-hunter/subskills/bug-hunter-stage2-parallel-review/SKILL.md # .agents/skills/bug-hunter/subskills/bug-hunter-stage3-evidence-fusion/SKILL.md # .agents/skills/bug-hunter/subskills/bug-hunter-stage4-consensus-judge/SKILL.md # .gitignore # kernel/src/filesystem/vfs/mount.rs # user/apps/default.nix
- 添加agents.md,强制说中文
|
@codex review |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: b54f738833
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| let fs_dir = ensure_dir(&sys, "fs", InodeMode::from_bits_truncate(0o755))?; | ||
| let cgroup_dir = ensure_dir(&fs_dir, "cgroup", InodeMode::from_bits_truncate(0o755))?; | ||
|
|
||
| let cgroup_fs = Cgroup2Fs::new(cgroup_root().root(), false); |
There was a problem hiding this comment.
这里把 /sys/fs/cgroup 的初始挂载固定到全局根 cgroup_root().root(),该挂载随后会被所有进程复用;当进程执行 unshare(CLONE_NEWCGROUP) 但未重新挂载 cgroup2 时,它仍可通过这棵全局树访问/操作 namespace 根之外的 cgroup(而 cgroup.procs 写路径仅在 nsdelegate 时才额外做 namespace 边界检查)。这会破坏 cgroup namespace 的隔离语义,并允许越过 namespace 根进行迁移或管理。
Useful? React with 👍 / 👎.
| pub fn subtree_task_count(self: &Arc<Self>) -> usize { | ||
| let mut total = self.tasks.read().len(); | ||
| for child in self.children() { | ||
| total = total.saturating_add(child.subtree_task_count()); | ||
| } |
There was a problem hiding this comment.
subtree_task_count() 对 cgroup 子树做无界递归遍历,但本提交没有对层级深度做限制;用户可通过连续创建深层 cgroup 目录触发该路径(例如 pids.max 检查、迁移校验或 pids.current 读取),在深树下造成内核栈过深甚至栈溢出。这个问题会直接影响稳定性,建议改为显式栈的迭代遍历或增加统一深度约束与防护。
Useful? React with 👍 / 👎.
2 participants
