RFR: 8241423: NUMA APIs fail to work in dockers due to dependent syscalls are disabled by default
David Holmes
dholmes at openjdk.java.net
Wed May 26 13:12:13 UTC 2021
On Wed, 26 May 2021 12:49:34 GMT, Jie Fu <jiefu at openjdk.org> wrote:
> Hi all,
>
> NUMA APIs fail to work in dockers due to dependent syscalls are disabled by default.
>
> NUMA APIs depend on several syscalls.
> E.g., `get_mempolicy` is required for `numa_get_membind` and `numa_get_interleave_mask`.
> But these dependent syscalls can be unsupported for various reasons.
> Especially in dockers, `get_mempolicy` is not allowed with the default configuration [1].
> So it's necessary to check whether the syscalls are available.
>
> In theory, all NUMA-related syscalls should be checked.
> But it seems hard to do so because some of them like `mbind` would cause unexpected side effects.
> So only `get_mempolicy` is checked in the fix, which is already enough for all the default dockers.
> And this can be refined in the future if it turns out to be a problem.
>
> Thanks.
> Best regards,
> Jie
>
> [1] https://docs.docker.com/engine/security/seccomp/
Hi Jie,
This wasn't as bad as I thought it might be. :) But I have one suggested change and a query.
Thanks,
David
src/hotspot/os/linux/os_linux.cpp line 4482:
> 4480:
> 4481: // Check numa dependent syscalls
> 4482: bool os::Linux::numa_syscall_check() {
This can just be a static function in the file rather then being in the os::Linux "namespace"
src/hotspot/os/linux/os_linux.cpp line 4489:
> 4487: // others like mbind would cause unexpected side effects.
> 4488: int dummy = 0;
> 4489: if (syscall(SYS_get_mempolicy, &dummy, NULL, 0, (void*)&dummy, 3) == -1) {
Is this SYS_get_mempolicy symbol guaranteed to be available on our supported Linux versions? See earlier in the file for how we handle SYS_gettid and SYS_getcpu.
-------------
Changes requested by dholmes (Reviewer).
PR: https://git.openjdk.java.net/jdk/pull/4205
More information about the hotspot-runtime-dev
mailing list