RFR: 8252359 - HotSpot Not Identifying it is Running in a Container
Bob Vandette
bob.vandette at oracle.com
Wed Sep 2 17:54:09 UTC 2020
Problem:
Hotspot does not properly detect that it’s running in a container on Mac and Windows docker desktop
based containers.
BUG:
https://bugs.openjdk.java.net/browse/JDK-8252359
WEBREV:
http://cr.openjdk.java.net/~bobv/8252359/webrev.01
CAUSE:
The problem is caused by improper scanning of /proc/mountinfo.
Failing System
439 434 0:33 /docker/0a67832faae434cc8fa0a942e04a308bb8b120b5099018f1ee09f1d7a52746b7 /sys/fs/cgroup/memory ro,nosuid,nodev,noexec,relatime master:22 - cgroup memory rw,memory
Working System
36 31 0:31 / /sys/fs/cgroup/memory rw,nosuid,nodev,noexec,relatime shared:15 - cgroup cgroup rw,memory
When the cgroupv2 support was added [2] we started scanning the second “cgroup” entry in /proc/mountinfo as the file system type. According to the man pages, the first “cgroup” is the file system type. Entry position 10 in [1]mountinfo is “mount source: filesystem-specific information”. All systems we’ve tested on thus far have had two cgroup strings so this problem was not caught.
The fix is to scan the proper file system type entry and ignore the second entry.
I also updated the container test to validate that we do indeed look to match the correct token in the mountinfo string.
TESTING:
Ran the container tests on cgroupv1 and cgroupv2 systems along with the original failure configuration (Docker on Mac).
Bob.
[1] https://man7.org/linux/man-pages/man5/proc.5.htm
[2] https://bugs.openjdk.java.net/browse/JDK-8230305
More information about the hotspot-runtime-dev
mailing list