systemd/5009-cgroup-Restrict-effective-limits-with-global-resourc.patch
Franck Bui 639acacb5d - Upgrade to v255.3 (commit 96edf7ad1866172b994cafb4df49e27d68ce8e87)
See https://github.com/openSUSE/systemd/blob/SUSE/v255/NEWS for details.
  - This includes the following bug fixes:
    - commit 6e10405aa25fe5e76b740d9ec59730e3f4470c7a (bsc#1219766)
  - The following patches have been rebased:
    - 0002-rc-local-fix-ordering-startup-for-etc-init.d-boot.lo.patch
    - 0008-sysv-generator-translate-Required-Start-into-a-Wants.patch
    - 0009-pid1-handle-console-specificities-weirdness-for-s390.patch
    - 5001-Revert-udev-update-devlink-with-the-newer-device-nod.patch
    - 5002-Revert-udev-revert-workarounds-for-issues-caused-by-.patch
  - The following patches have been removed since they're part of v255:
    - 5003-cgroup-rename-TasksMax-structure-to-CGroupTasksMax.patch
    - 5004-bus-print-properties-ignore-CGROUP_LIMIT_MAX-for-Mem.patch
    - 5005-bus-print-properties-prettify-more-unset-properties.patch
  - systemd-boot has been added to the list of the dependencies of the
    systemd-testsuite package as the installation of the bootloader is now
    tested.
  - the following patches have been backported on top of v255.3:
    96edf7ad18 service: Demote log level of NotifyAccess= messages to debug (bsc#1210113 jsc#PED-6214)
    fdde7f26d6 vconsole-setup: don't fail if the only found vc is already used by plymouth (bsc#1218618)
    f96c587d41 rules: set up tty permissions and group for /dev/hvc* nodes (bsc#1218137)
    63a41b8899 vconsole-setup: remember the correct error value when open_terminal() fails
    f51a2e038c vconsole-setup: handle the case where the vc is in KD_GRAPHICS mode more gracefully (bsc#1215282)
    15025a04c4 test: make sure to install the filesystem package in the test image on SUSE
    06fecfb635 test: make sure that sd-boot is installed before testing bootctl
    1e8788ea68 test: install systemd-boot in openSUSE test images
    6e2875ad43 test/test-shutdown.py: optionally display the test I/Os in a dedicated log file
    4be1a801b4 test-69: send SIGTERM to ask systemd-nspawn to properly stop the container
    7bdab7b7c7 man: Document ranges for distributions config files and local config files
    3f12a6c22f test: systemd-update-utmp is optional

OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=1497
2024-02-23 16:24:26 +00:00

57 lines
2.6 KiB
Diff

From 355275a7708d09f7be27ea239478cb3c6defbb9a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20Koutn=C3=BD?= <mkoutny@suse.com>
Date: Mon, 14 Aug 2023 19:59:57 +0200
Subject: [PATCH 5009/5010] cgroup: Restrict effective limits with global
resource provision
Global resource (whole system or root cg's (e.g. in a container)) is
also a well-defined limit for memory and tasks, take it into account
when calculating effective limits.
(cherry picked from commit 93f8e88d23bd383b5134f32c1e2ee315ac3a38c8)
[mkoutny: fixes jsc#PED-5659]
---
man/systemd.resource-control.xml | 2 +-
src/core/cgroup.c | 11 +++++++++++
2 files changed, 12 insertions(+), 1 deletion(-)
diff --git a/man/systemd.resource-control.xml b/man/systemd.resource-control.xml
index bd8b6a5719..c2aa5b57e8 100644
--- a/man/systemd.resource-control.xml
+++ b/man/systemd.resource-control.xml
@@ -438,7 +438,7 @@ CPUWeight=20 DisableControllers=cpu / \
<literal>memory.max</literal> control group attribute. For details about this control group attribute, see
<ulink url="https://docs.kernel.org/admin-guide/cgroup-v2.html#memory-interface-files">Memory Interface Files</ulink>.
The effective configuration is reported as <varname>EffectiveMemoryMax=</varname> (the value is
- the most stringent limit of the unit and parent slices).</para>
+ the most stringent limit of the unit and parent slices and it is capped by physical memory).</para>
<para>While <varname>StartupMemoryMax=</varname> applies to the startup and shutdown phases of the system,
<varname>MemoryMax=</varname> applies to normal runtime of the system, and if the former is not set also to
diff --git a/src/core/cgroup.c b/src/core/cgroup.c
index 78ca67216a..285fa200d6 100644
--- a/src/core/cgroup.c
+++ b/src/core/cgroup.c
@@ -4249,6 +4249,17 @@ static uint64_t unit_get_effective_limit_one(Unit *u, CGroupLimitType type) {
assert(u);
assert(UNIT_HAS_CGROUP_CONTEXT(u));
+ if (unit_has_name(u, SPECIAL_ROOT_SLICE))
+ switch (type) {
+ case CGROUP_LIMIT_MEMORY_MAX:
+ case CGROUP_LIMIT_MEMORY_HIGH:
+ return physical_memory();
+ case CGROUP_LIMIT_TASKS_MAX:
+ return system_tasks_max();
+ default:
+ assert_not_reached();
+ }
+
cc = unit_get_cgroup_context(u);
switch (type) {
/* Note: on legacy/hybrid hierarchies memory_max stays CGROUP_LIMIT_MAX unless configured
--
2.35.3