feat(cgroup): 实现cgroup mvp版本#1826
Open
Vitus213 wants to merge 42 commits intoDragonOS-Community:masterfrom
Open
feat(cgroup): 实现cgroup mvp版本#1826Vitus213 wants to merge 42 commits intoDragonOS-Community:masterfrom
Vitus213 wants to merge 42 commits intoDragonOS-Community:masterfrom
Conversation
Contributor
Vitus213
commented
Mar 23, 2026
Vitus213
commented
- 实现cgroup v2文件系统
- 实现cgroup 树
- 实现cgroup在不同pid 下的相对视图
- 实现进程从出生开始就被cgroup pid 作用域限制
- derive Rust components from kernel/rust-toolchain.toml
- auto-add required components (cargo/rustc/rust-std) when missing
- emit trace warning when required components are absent in toml
- prioritize ${rust-toolchain}/bin in nix run yolo and devShell shellHook
- document fixed-output sha256 update workflow
- keep fixed-output hash strategy for reproducibility
This avoids cargo/rustc drift caused by PATH/toolchain mixing across Nix entrypoints.
# Conflicts: # .agents/skills/bug-hunter/SKILL.md # .agents/skills/bug-hunter/scripts/debate_picker.py # .agents/skills/bug-hunter/scripts/redact_sensitive.py # .agents/skills/bug-hunter/scripts/render_report.py # .agents/skills/bug-hunter/scripts/run_pipeline.py # .agents/skills/bug-hunter/scripts/semantic_bucket.py # .agents/skills/bug-hunter/scripts/shuffle_diff.py # .agents/skills/bug-hunter/scripts/update_resolution_history.py # .agents/skills/bug-hunter/scripts/weighted_vote.py # .agents/skills/bug-hunter/subskills/bug-hunter-stage1-input-randomization/SKILL.md # .agents/skills/bug-hunter/subskills/bug-hunter-stage2-parallel-review/SKILL.md # .agents/skills/bug-hunter/subskills/bug-hunter-stage3-evidence-fusion/SKILL.md # .agents/skills/bug-hunter/subskills/bug-hunter-stage4-consensus-judge/SKILL.md # .gitignore # kernel/src/filesystem/vfs/mount.rs # user/apps/default.nix
- 添加agents.md,强制说中文
Member
|
@codex review |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: b54f738833
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
Design document for cgroup v2 performance benchmark tool that: - Measures filesystem operations (mkdir/rmdir/read/write) - Measures process migration overhead - Measures pids controller fork overhead - Outputs JSON format for DragonOS/Linux comparison Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
问题: 1. 进程退出时缺少 cgroup_accounting_lock 保护,与 cgroup.procs 写入路径锁顺序不一致 2. set_task_cgroup_node() 在持有 task_cgroup.write() 时获取 tasks.write(),违反锁层次结构 修复: - 在 exit_thread() 和 release() 中的 cgroup 操作添加 cgroup_accounting_lock 保护 - 重构 set_task_cgroup_node() 避免锁嵌套:先用读锁获取 old 节点,释放后再执行迁移 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
这个分支专注于 cgroup 问题,poll 相关修改应单独处理
… into feat/cgroup
fslongjin
reviewed
Apr 12, 2026
fslongjin
reviewed
Apr 12, 2026
fslongjin
reviewed
Apr 12, 2026
fslongjin
reviewed
Apr 12, 2026
fslongjin
reviewed
Apr 12, 2026
fslongjin
reviewed
Apr 12, 2026
fslongjin
reviewed
Apr 12, 2026
fslongjin
reviewed
Apr 12, 2026
fslongjin
reviewed
Apr 12, 2026
fslongjin
reviewed
Apr 12, 2026
fslongjin
reviewed
Apr 12, 2026
fslongjin
reviewed
Apr 12, 2026
fslongjin
reviewed
Apr 12, 2026
fslongjin
reviewed
Apr 12, 2026
fslongjin
reviewed
Apr 12, 2026
问题:原检查逻辑为 , 允许向启用了controller但尚未承载进程的cgroup迁移进程。 修复:改为仅检查 ,只要启用了 subtree_control就禁止迁移,符合Linux kernel cgroup v2语义。 参考:DragonOS-Community#1826
1. 向 CgroupNode 引入 subtree_task_counter 原子计数器:
- add_task/remove_task 沿祖先链原子更新计数器
- subtree_task_count() 从 O(n) 子树遍历改为 O(1) 读取
2. 消除 fork 中的 TOCTOU 竞争:
- 在 fork.rs 中将 add_task 移入 cgroup_accounting_lock 保护范围内,
使 pids.max 检查与实际任务加入成为原子序列
- 同步将 add_pcb() 中的 add_task 移除,由 fork 路径统一负责
3. 修复 do_exit/release() 双重 remove_task:
- 删除 release() 中的重复 remove_task,避免计数器下溢,
符合 Linux 语义(zombie 不应出现在 cgroup.procs 中)
参考:DragonOS-Community#1826
问题:rmdir先获取child.inner.lock(),再在其中获取this.inner.lock() (parent lock),与lookup_child等路径的parent->child锁顺序相反, 存在ABBA死锁风险。 修复:将child状态检查(has_children/has_tasks)与parent lock操作 解耦。先仅持有child lock做检查并释放,再按parent->child顺序 获取parent lock执行remove_child,消除死锁可能。
问题:ksys_setns入口处无条件要求CAP_SYS_ADMIN,阻止了无特权 用户通过setns加入user namespace,违反Linux语义。 修复:删除顶层的一刀切权限检查,依赖后续的per-namespace权限 校验(如can_setns_cgroup、can_setns_target_userns等)自行决定 是否允许。
问题:is_populated_helper每次读取cgroup.events都递归遍历子树, 深度大时性能差。 修复:复用刚引入的subtree_task_counter原子计数器,将 is_populated改为直接检查 has_tasks() || subtree_task_counter > 0, 实现O(1)性能。同时删除不再需要的is_populated_helper递归函数。
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.