FW: 8241423: NUMA APIs may fail to work in the docker due to operation not permitted

[jiefu(傅杰)]

Forward it to hotspot-gc-dev.

May I get reviews for this change?

Thanks a lot.
Best regards,
Jie

From: "jiefu(傅杰)" <jiefu at tencent.com>
Date: Monday, March 23, 2020 at 11:58 PM
To: "hotspot-dev at openjdk.java.net" <hotspot-dev at openjdk.java.net>
Cc: Per Liden <per.liden at oracle.com>, Stefan Karlsson <stefan.karlsson at oracle.com>, Thomas Schatzl <thomas.schatzl at oracle.com>, Erik Österlund <erik.osterlund at oracle.com>
Subject: RFR: 8241423: NUMA APIs may fail to work in the docker due to operation not permitted

Hi all,

JBS:    https://bugs.openjdk.java.net/browse/JDK-8241423
Webrev: http://cr.openjdk.java.net/~jiefu/8241423/webrev.00/

A VM fatal error may be observed if ZGC is used (see JDK-8241354).
The background is that some of our products run in the docker.
And for safety reasons, SYS_get_mempolicy is not allowed by default [1].

At first, we thought it just a zgc-only problem and filed JDK-8241354.
But Thomas had reminded me that other collectors are also affected [2].
So it would be better to fix them together.

After more investigation, we found that NUMA APIs are actually dependent on several syscalls, such as get_mempolicy, mbind and set_mempolicy.
When the required syscalls are unavailable, NUMA APIs fail to work as expected.

The fix is to check whether the required syscalls are available.
In theory, all NUMA-related syscalls should be checked.
But it seems hard to do so because some of them will cause unexpected side effect.
To fix our issue, checking get_mempolicy is enough.
And just as Per suggested that we can refine this later if it turns out to be a problem [3].

Please review it and give me some advice.

Thanks a lot.
Best regards,
Jie

[1] https://docs.docker.com/engine/security/seccomp/
[2] https://mail.openjdk.java.net/pipermail/hotspot-gc-dev/2020-March/028923.html
[3] https://mail.openjdk.java.net/pipermail/hotspot-gc-dev/2020-March/028933.html