Subprocess can change cgroup

Reviewed By: Gownta

Differential Revision: D70378826

fbshipit-source-id: e2f1b5c57f74b1bd87bffd23e57c31e22a785588

Author: yfeldblum

folly/Subprocess.cpp

@@ -138,12 +138,17 @@ static Ret subprocess_libc_load(
   X(signal, signal)                            \
   X(sprintf, sprintf)                          \
   X(strtol, strtol)                            \
-  X(vfork, vfork)
+  X(vfork, vfork)                              \
+  X(write, write)
 
 #if defined(__BIONIC_INCLUDE_FORTIFY_HEADERS)
-#define FOLLY_DETAIL_SUBPROCESS_LIBC_X_OPEN(X) X(open, __open_real)
+#define FOLLY_DETAIL_SUBPROCESS_LIBC_X_OPEN(X) \
+  X(open, __open_real)                         \
+  X(openat, __openat_real)
 #else
-#define FOLLY_DETAIL_SUBPROCESS_LIBC_X_OPEN(X) X(open, open)
+#define FOLLY_DETAIL_SUBPROCESS_LIBC_X_OPEN(X) \
+  X(open, open)                                \
+  X(openat, openat)
 #endif
 
 #if defined(__linux__)
@@ -202,8 +207,20 @@ struct Subprocess::SpawnRawArgs {
     }
   };
 
+  template <typename T>
+  struct AttrWithMeta {
+    T value{};
+    int* errout{};
+  };
+
+  static char const* getCStrForNonEmpty(std::string const& str) {
+    return str.empty() ? nullptr : str.c_str();
+  }
+
   // from options
   char const* childDir{};
+  AttrWithMeta<int> linuxCGroupFd{-1, nullptr};
+  AttrWithMeta<char const*> linuxCGroupPath{nullptr, nullptr};
   bool closeOtherFds{};
 #if defined(__linux__)
   cpu_set_t const* cpuSet{};
@@ -229,7 +246,12 @@ struct Subprocess::SpawnRawArgs {
   sigset_t oldSignals{};
 
   explicit SpawnRawArgs(Scratch const& scratch, Options const& options)
-      : childDir{options.childDir_.empty() ? nullptr : options.childDir_.c_str()},
+      : childDir{getCStrForNonEmpty(options.childDir_)},
+        linuxCGroupFd{
+            options.linuxCGroupFd_.value, options.linuxCGroupFd_.errout},
+        linuxCGroupPath{
+            getCStrForNonEmpty(options.linuxCGroupPath_.value),
+            options.linuxCGroupPath_.errout},
         closeOtherFds{options.closeOtherFds_},
 #if defined(__linux__)
         cpuSet{get_pointer(options.cpuSet_)},
@@ -391,6 +413,28 @@ Subprocess::Options& Subprocess::Options::fd(int fd, int action) {
   return *this;
 }
 
+#if defined(__linux__)
+
+Subprocess::Options& Subprocess::Options::setLinuxCGroupFd(
+    int cgroupFd, std::shared_ptr<int> errout) {
+  if (linuxCGroupFd_.value >= 0 || !linuxCGroupPath_.value.empty()) {
+    throw std::runtime_error("setLinuxCGroup* called more than once");
+  }
+  linuxCGroupFd_ = {cgroupFd, std::move(errout)};
+  return *this;
+}
+
+Subprocess::Options& Subprocess::Options::setLinuxCGroupPath(
+    const std::string& cgroupPath, std::shared_ptr<int> errout) {
+  if (linuxCGroupFd_.value >= 0 || !linuxCGroupPath_.value.empty()) {
+    throw std::runtime_error("setLinuxCGroup* called more than once");
+  }
+  linuxCGroupPath_ = {cgroupPath, std::move(errout)};
+  return *this;
+}
+
+#endif
+
 Subprocess::Options& Subprocess::Options::addPrintPidToBuffer(span<char> buf) {
   if (buf.size() < kPidBufferMinSize) {
     throw std::invalid_argument("buf size too small");
@@ -695,6 +739,46 @@ pid_t Subprocess::spawnInternalDoFork(SpawnRawArgs const& args) {
 }
 FOLLY_POP_WARNING
 
+FOLLY_DETAIL_SUBPROCESS_RAW
+int Subprocess::prepareChildDoOptionalError(int* errout) {
+  if (errout) {
+    *errout = errno;
+    return 0;
+  } else {
+    return errno;
+  }
+}
+
+FOLLY_DETAIL_SUBPROCESS_RAW
+int Subprocess::prepareChildDoLinuxCGroup(SpawnRawArgs const& args) {
+  auto cgroupPath = args.linuxCGroupPath;
+  auto cgroupFd = args.linuxCGroupFd;
+  if (nullptr != cgroupPath.value) {
+    int fd = detail::subprocess_libc::open(
+        cgroupPath.value, O_RDONLY | O_DIRECTORY | O_CLOEXEC);
+    if (-1 == fd) {
+      return prepareChildDoOptionalError(cgroupPath.errout);
+    }
+    cgroupFd = {fd, cgroupPath.errout};
+  }
+  if (-1 != cgroupFd.value) {
+    int fd = detail::subprocess_libc::openat(
+        cgroupFd.value, "cgroup.procs", O_WRONLY | O_CLOEXEC);
+    if (fd == -1) {
+      return prepareChildDoOptionalError(cgroupFd.errout);
+    }
+    int rc = 0;
+    do {
+      constexpr char const buf = '0';
+      rc = detail::subprocess_libc::write(fd, &buf, 1);
+    } while (rc == -1 && errno == EINTR);
+    if (rc == -1) {
+      return prepareChildDoOptionalError(cgroupFd.errout);
+    }
+  }
+  return 0;
+}
+
 // If requested, close all other file descriptors.  Don't close
 // any fds in options.fdActions_, and don't touch stdin, stdout, stderr.
 // Ignore errors.
@@ -778,6 +862,11 @@ int Subprocess::prepareChild(SpawnRawArgs const& args) {
     }
   }
 
+  // Move the child process into a linux cgroup, if one is given
+  if (auto rc = prepareChildDoLinuxCGroup(args)) {
+    return rc;
+  }
+
   // Change the working directory, if one is given
   if (args.childDir) {
     if (::chdir(args.childDir) == -1) {

folly/Subprocess.h

@@ -545,6 +545,18 @@ class Subprocess {
       cpuSet_ = cpuSet;
       return *this;
     }
+
+    /*
+     * setLinuxCGroup*
+     * Takes a fd or a path to the cgroup dir. Only one may be provided.
+     * Note that the cgroup filesystem may be mounted at any arbitrary point in
+     * the filesystem hierarchy, and that different distributions may have their
+     * own standard points. So just taking a cgroup name would be non-portable.
+     */
+    Options& setLinuxCGroupFd(
+        int cgroupFd, std::shared_ptr<int> errout = nullptr);
+    Options& setLinuxCGroupPath(
+        const std::string& cgroupPath, std::shared_ptr<int> errout = nullptr);
 #endif
 
     Options& setUid(uid_t uid, std::shared_ptr<int> errout = nullptr) {
@@ -593,6 +605,8 @@ class Subprocess {
     // terminateOrKill() to kill the child process.
     TimeoutDuration::rep destroyBehavior_{DestroyBehaviorFatal};
     std::string childDir_; // "" keeps the parent's working directory
+    AttrWithMeta<int> linuxCGroupFd_{-1, nullptr}; // -1 means no cgroup
+    AttrWithMeta<std::string> linuxCGroupPath_{}; // empty means no cgroup
 #if defined(__linux__)
     int parentDeathSignal_{0};
 #endif
@@ -1056,6 +1070,8 @@ class Subprocess {
   // Note that this runs after vfork(), so tread lightly.
   // Returns 0 on success, or an errno value on failure.
   static int prepareChild(SpawnRawArgs const& args);
+  static int prepareChildDoOptionalError(int* errout);
+  static int prepareChildDoLinuxCGroup(SpawnRawArgs const& args);
   static int runChild(SpawnRawArgs const& args);
 
   // Closes fds inherited from parent in child process

folly/test/SubprocessTest.cpp

@@ -44,6 +44,7 @@ FOLLY_GNU_DISABLE_WARNING("-Wdeprecated-declarations")
 
 using namespace folly;
 using namespace std::chrono_literals;
+using namespace std::string_literals;
 using namespace std::string_view_literals;
 
 namespace std::chrono {
@@ -1103,4 +1104,165 @@ TEST(SetUserGroupId, CanOverrideAndReportFailure) {
   EXPECT_EQ(fmt::format("{}\t{}\t{}\t{}", gid, egid, gid, gid), gidline);
 }
 
+TEST(SetLinuxCGroup, CanSetCGroupFdAbsent) {
+  folly::test::TemporaryDirectory cgdir; // not a real cgroup dir
+  auto cgdirfd = ::open(cgdir.path().native().c_str(), O_DIRECTORY | O_CLOEXEC);
+  auto cgdirfdGuard = folly::makeGuard([&] { ::close(cgdirfd); });
+  auto options = Subprocess::Options();
+  options.setLinuxCGroupFd(cgdirfd);
+  EXPECT_THROW(
+      Subprocess(std::vector{"/bin/true"s}, options), SubprocessSpawnError);
+}
+
+TEST(SetLinuxCGroup, CanSetCGroupFdAbsentIntoErrnum) {
+  folly::test::TemporaryDirectory cgdir; // not a real cgroup dir
+  auto cgdirfd = ::open(cgdir.path().native().c_str(), O_DIRECTORY | O_CLOEXEC);
+  auto cgdirfdGuard = folly::makeGuard([&] { ::close(cgdirfd); });
+  auto options = Subprocess::Options();
+  std::shared_ptr<int> emptysp;
+  int errnum = 0;
+  options.setLinuxCGroupFd(cgdirfd, std::shared_ptr<int>{emptysp, &errnum});
+  Subprocess proc(std::vector{"/bin/true"s}, options);
+  EXPECT_EQ(ENOENT, errnum) << ::strerror(errnum);
+  proc.wait();
+  EXPECT_EQ(0, proc.returnCode().exitStatus());
+}
+
+TEST(SetLinuxCGroup, CanSetCGroupFdPresent) {
+  folly::test::TemporaryDirectory cgdir; // not a real cgroup dir
+  auto cgdirfd = ::open(cgdir.path().native().c_str(), O_DIRECTORY | O_CLOEXEC);
+  auto cgdirfdGuard = folly::makeGuard([&] { ::close(cgdirfd); });
+  auto cgprocs = cgdir.path() / "cgroup.procs";
+  ::creat(cgprocs.native().c_str(), 0755); // rm'd with cgdir
+  auto options = Subprocess::Options();
+  options.setLinuxCGroupFd(cgdirfd);
+  Subprocess proc(std::vector{"/bin/true"s}, options);
+  std::string s;
+  EXPECT_TRUE(readFile(cgprocs.native().c_str(), s));
+  EXPECT_EQ("0", s);
+  proc.wait();
+}
+
+TEST(SetLinuxCGroup, CanSetCGroupFdPresentIntoErrnum) {
+  folly::test::TemporaryDirectory cgdir; // not a real cgroup dir
+  auto cgdirfd = ::open(cgdir.path().native().c_str(), O_DIRECTORY | O_CLOEXEC);
+  auto cgdirfdGuard = folly::makeGuard([&] { ::close(cgdirfd); });
+  auto cgprocs = cgdir.path() / "cgroup.procs";
+  ::creat(cgprocs.native().c_str(), 0755); // rm'd with cgdir
+  auto options = Subprocess::Options();
+  std::shared_ptr<int> emptysp;
+  int errnum = 0;
+  options.setLinuxCGroupFd(cgdirfd, std::shared_ptr<int>{emptysp, &errnum});
+  Subprocess proc(std::vector{"/bin/true"s}, options);
+  EXPECT_EQ(0, errnum) << ::strerror(errnum);
+  std::string s;
+  EXPECT_TRUE(readFile(cgprocs.native().c_str(), s));
+  EXPECT_EQ("0", s);
+  proc.wait();
+}
+
+TEST(SetLinuxCGroup, CanSetCGroupFdPresentProcsNoOpen) {
+  folly::test::TemporaryDirectory cgdir; // not a real cgroup dir
+  auto cgprocs = cgdir.path() / "cgroup.procs";
+  ::creat(cgprocs.native().c_str(), 0); // rm'd with cgdir
+  auto cgdirfd = ::open(cgdir.path().native().c_str(), O_DIRECTORY | O_CLOEXEC);
+  auto cgdirfdGuard = folly::makeGuard([&] { ::close(cgdirfd); });
+  auto options = Subprocess::Options();
+  options.setLinuxCGroupFd(cgdirfd);
+  EXPECT_THROW(
+      Subprocess(std::vector{"/bin/true"s}, options), SubprocessSpawnError);
+}
+
+TEST(SetLinuxCGroup, CanSetCGroupFdPresentProcsNoOpenIntoErrnum) {
+  folly::test::TemporaryDirectory cgdir; // not a real cgroup dir
+  auto cgprocs = cgdir.path() / "cgroup.procs";
+  ::creat(cgprocs.native().c_str(), 0); // rm'd with cgdir
+  auto cgdirfd = ::open(cgdir.path().native().c_str(), O_DIRECTORY | O_CLOEXEC);
+  auto cgdirfdGuard = folly::makeGuard([&] { ::close(cgdirfd); });
+  auto options = Subprocess::Options();
+  std::shared_ptr<int> emptysp;
+  int errnum = 0;
+  options.setLinuxCGroupFd(cgdirfd, std::shared_ptr<int>{emptysp, &errnum});
+  Subprocess proc(std::vector{"/bin/true"s}, options);
+  EXPECT_EQ(EACCES, errnum) << ::strerror(errnum);
+  proc.wait();
+  EXPECT_EQ(0, proc.returnCode().exitStatus());
+}
+
+TEST(SetLinuxCGroup, CanSetCGroupPathAbsent) {
+  folly::test::TemporaryDirectory cgdir; // not a real cgroup dir
+  auto options = Subprocess::Options();
+  options.setLinuxCGroupPath(cgdir.path().string());
+  EXPECT_THROW(
+      Subprocess(std::vector{"/bin/true"s}, options), SubprocessSpawnError);
+}
+
+TEST(SetLinuxCGroup, CanSetCGroupPathAbsentIntoErrnum) {
+  folly::test::TemporaryDirectory cgdir; // not a real cgroup dir
+  auto options = Subprocess::Options();
+  std::shared_ptr<int> emptysp;
+  int errnum = 0;
+  options.setLinuxCGroupPath(
+      cgdir.path().string(), std::shared_ptr<int>{emptysp, &errnum});
+  Subprocess proc(std::vector{"/bin/true"s}, options);
+  EXPECT_EQ(ENOENT, errnum) << ::strerror(errnum);
+  proc.wait();
+  EXPECT_EQ(0, proc.returnCode().exitStatus());
+}
+
+TEST(SetLinuxCGroup, CanSetCGroupPathPresent) {
+  folly::test::TemporaryDirectory cgdir; // not a real cgroup dir
+  auto cgprocs = cgdir.path() / "cgroup.procs";
+  ::creat(cgprocs.native().c_str(), 0755); // rm'd with cgdir
+  auto options = Subprocess::Options();
+  options.setLinuxCGroupPath(cgdir.path().string());
+  Subprocess proc(std::vector{"/bin/true"s}, options);
+  std::string s;
+  EXPECT_TRUE(readFile(cgprocs.native().c_str(), s));
+  EXPECT_EQ("0", s);
+  proc.wait();
+}
+
+TEST(SetLinuxCGroup, CanSetCGroupPathPresentIntoErrnum) {
+  folly::test::TemporaryDirectory cgdir; // not a real cgroup dir
+  auto cgprocs = cgdir.path() / "cgroup.procs";
+  ::creat(cgprocs.native().c_str(), 0755); // rm'd with cgdir
+  auto options = Subprocess::Options();
+  std::shared_ptr<int> emptysp;
+  int errnum = 0;
+  options.setLinuxCGroupPath(
+      cgdir.path().string(), std::shared_ptr<int>{emptysp, &errnum});
+  Subprocess proc(std::vector{"/bin/true"s}, options);
+  EXPECT_EQ(0, errnum) << ::strerror(errnum);
+  std::string s;
+  EXPECT_TRUE(readFile(cgprocs.native().c_str(), s));
+  EXPECT_EQ("0", s);
+  proc.wait();
+}
+
+TEST(SetLinuxCGroup, CanSetCGroupPathPresentProcsNoOpen) {
+  folly::test::TemporaryDirectory cgdir; // not a real cgroup dir
+  auto cgprocs = cgdir.path() / "cgroup.procs";
+  ::creat(cgprocs.native().c_str(), 0); // rm'd with cgdir
+  auto options = Subprocess::Options();
+  options.setLinuxCGroupPath(cgdir.path().string());
+  EXPECT_THROW(
+      Subprocess(std::vector{"/bin/true"s}, options), SubprocessSpawnError);
+}
+
+TEST(SetLinuxCGroup, CanSetCGroupPathPresentProcsNoOpenIntoErrnum) {
+  folly::test::TemporaryDirectory cgdir; // not a real cgroup dir
+  auto cgprocs = cgdir.path() / "cgroup.procs";
+  ::creat(cgprocs.native().c_str(), 0); // rm'd with cgdir
+  auto options = Subprocess::Options();
+  std::shared_ptr<int> emptysp;
+  int errnum = 0;
+  options.setLinuxCGroupPath(
+      cgdir.path().string(), std::shared_ptr<int>{emptysp, &errnum});
+  Subprocess proc(std::vector{"/bin/true"s}, options);
+  EXPECT_EQ(EACCES, errnum) << ::strerror(errnum);
+  proc.wait();
+  EXPECT_EQ(0, proc.returnCode().exitStatus());
+}
+
 #endif