RFR: 8241423: NUMA APIs fail to work in dockers due to dependent syscalls are disabled by default

[David Holmes]

On Wed, 26 May 2021 12:49:34 GMT, Jie Fu <jiefu at openjdk.org> wrote:

> Hi all,
> 
> NUMA APIs fail to work in dockers due to dependent syscalls are disabled by default.
> 
> NUMA APIs depend on several syscalls.
> E.g., `get_mempolicy` is required for `numa_get_membind` and `numa_get_interleave_mask`.
> But these dependent syscalls can be unsupported for various reasons.
> Especially in dockers, `get_mempolicy` is not allowed with the default configuration [1].
> So it's necessary to check whether the syscalls are available.
> 
> In theory, all NUMA-related syscalls should be checked.
> But it seems hard to do so because some of them like `mbind` would cause unexpected side effects.
> So only `get_mempolicy` is checked in the fix, which is already enough for all the default dockers.
> And this can be refined in the future if it turns out to be a problem.
> 
> Thanks.
> Best regards,
> Jie
> 
> [1] https://docs.docker.com/engine/security/seccomp/

Hi Jie,

This wasn't as bad as I thought it might be. :) But I have one suggested change and a query.

Thanks,
David

src/hotspot/os/linux/os_linux.cpp line 4482:

> 4480: 
> 4481: // Check numa dependent syscalls
> 4482: bool os::Linux::numa_syscall_check() {

This can just be a static function in the file rather then being in the os::Linux "namespace"

src/hotspot/os/linux/os_linux.cpp line 4489:

> 4487:   // others like mbind would cause unexpected side effects.
> 4488:   int dummy = 0;
> 4489:   if (syscall(SYS_get_mempolicy, &dummy, NULL, 0, (void*)&dummy, 3) == -1) {

Is this SYS_get_mempolicy symbol guaranteed to be available on our supported Linux versions? See earlier in the file for how we handle SYS_gettid and SYS_getcpu.

-------------

Changes requested by dholmes (Reviewer).

PR: https://git.openjdk.java.net/jdk/pull/4205