From bb418dc42efe0de82401ede1898878c4adeb18e2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 29 Apr 2025 04:17:13 +0000 Subject: [PATCH] build(deps): bump github.com/opencontainers/cgroups from 0.0.1 to 0.0.2 Bumps [github.com/opencontainers/cgroups](https://github.com/opencontainers/cgroups) from 0.0.1 to 0.0.2. - [Release notes](https://github.com/opencontainers/cgroups/releases) - [Changelog](https://github.com/opencontainers/cgroups/blob/main/RELEASES.md) - [Commits](https://github.com/opencontainers/cgroups/compare/v0.0.1...v0.0.2) --- updated-dependencies: - dependency-name: github.com/opencontainers/cgroups dependency-version: 0.0.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 +- .../cgroups/.golangci-extra.yml | 21 ++++ .../opencontainers/cgroups/.golangci.yml | 31 ++++++ .../opencontainers/cgroups/RELEASES.md | 2 +- .../opencontainers/cgroups/config_linux.go | 104 +++++++++--------- .../cgroups/devices/config/device.go | 4 +- .../cgroups/devices/devices_emulator.go | 7 +- .../opencontainers/cgroups/devices/systemd.go | 2 +- .../opencontainers/cgroups/fs/freezer.go | 2 +- .../opencontainers/cgroups/fs2/cpu.go | 6 + .../opencontainers/cgroups/fs2/memory.go | 21 ++-- .../opencontainers/cgroups/fscommon/rdma.go | 2 +- .../opencontainers/cgroups/stats.go | 9 ++ .../opencontainers/cgroups/systemd/common.go | 16 ++- .../opencontainers/cgroups/systemd/v1.go | 5 +- .../opencontainers/cgroups/systemd/v2.go | 7 +- .../opencontainers/cgroups/utils.go | 4 +- .../opencontainers/cgroups/v1_utils.go | 7 +- vendor/modules.txt | 2 +- 20 files changed, 166 insertions(+), 92 deletions(-) create mode 100644 vendor/github.com/opencontainers/cgroups/.golangci-extra.yml create mode 100644 vendor/github.com/opencontainers/cgroups/.golangci.yml diff --git a/go.mod b/go.mod index 5ef52592e11..635aac37c76 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( github.com/moby/sys/user v0.4.0 github.com/moby/sys/userns v0.1.0 github.com/mrunalp/fileutils v0.5.1 - github.com/opencontainers/cgroups v0.0.1 + github.com/opencontainers/cgroups v0.0.2 github.com/opencontainers/runtime-spec v1.2.1 github.com/opencontainers/selinux v1.12.0 github.com/seccomp/libseccomp-golang v0.11.0 diff --git a/go.sum b/go.sum index b66c64a467c..5cbbf48a937 100644 --- a/go.sum +++ b/go.sum @@ -45,8 +45,8 @@ github.com/moby/sys/userns v0.1.0 h1:tVLXkFOxVu9A64/yh59slHVv9ahO9UIev4JZusOLG/g github.com/moby/sys/userns v0.1.0/go.mod h1:IHUYgu/kao6N8YZlp9Cf444ySSvCmDlmzUcYfDHOl28= github.com/mrunalp/fileutils v0.5.1 h1:F+S7ZlNKnrwHfSwdlgNSkKo67ReVf8o9fel6C3dkm/Q= github.com/mrunalp/fileutils v0.5.1/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ= -github.com/opencontainers/cgroups v0.0.1 h1:MXjMkkFpKv6kpuirUa4USFBas573sSAY082B4CiHEVA= -github.com/opencontainers/cgroups v0.0.1/go.mod h1:s8lktyhlGUqM7OSRL5P7eAW6Wb+kWPNvt4qvVfzA5vs= +github.com/opencontainers/cgroups v0.0.2 h1:A+mAPPMfgKNCEZUUtibESFx06uvhAmvo8sSz3Abwk7o= +github.com/opencontainers/cgroups v0.0.2/go.mod h1:s8lktyhlGUqM7OSRL5P7eAW6Wb+kWPNvt4qvVfzA5vs= github.com/opencontainers/runtime-spec v1.2.1 h1:S4k4ryNgEpxW1dzyqffOmhI1BHYcjzU8lpJfSlR0xww= github.com/opencontainers/runtime-spec v1.2.1/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/selinux v1.12.0 h1:6n5JV4Cf+4y0KNXW48TLj5DwfXpvWlxXplUkdTrmPb8= diff --git a/vendor/github.com/opencontainers/cgroups/.golangci-extra.yml b/vendor/github.com/opencontainers/cgroups/.golangci-extra.yml new file mode 100644 index 00000000000..b98dba1ba15 --- /dev/null +++ b/vendor/github.com/opencontainers/cgroups/.golangci-extra.yml @@ -0,0 +1,21 @@ +# This is golangci-lint config file which is used to check NEW code in +# github PRs only (see lint-extra in .github/workflows/validate.yml). +# +# For the default linter config, see .golangci.yml. This config should +# only enable additional linters and/or linter settings not enabled +# in the default config. +version: "2" + +linters: + default: none + enable: + - godot + - revive + - staticcheck + settings: + staticcheck: + checks: + - all + - -QF1008 # https://staticcheck.dev/docs/checks/#QF1008 Omit embedded fields from selector expression. + exclusions: + generated: strict diff --git a/vendor/github.com/opencontainers/cgroups/.golangci.yml b/vendor/github.com/opencontainers/cgroups/.golangci.yml new file mode 100644 index 00000000000..90799883cad --- /dev/null +++ b/vendor/github.com/opencontainers/cgroups/.golangci.yml @@ -0,0 +1,31 @@ +# For documentation, see https://golangci-lint.run/usage/configuration/ +version: "2" + +formatters: + enable: + - gofumpt + exclusions: + generated: strict + +linters: + enable: + - errorlint + - nolintlint + - unconvert + - unparam + settings: + govet: + enable: + - nilness + staticcheck: + checks: + - all + - -ST1000 # https://staticcheck.dev/docs/checks/#ST1000 Incorrect or missing package comment. + - -ST1003 # https://staticcheck.dev/docs/checks/#ST1003 Poorly chosen identifier. + - -ST1005 # https://staticcheck.dev/docs/checks/#ST1005 Incorrectly formatted error string. + - -QF1008 # https://staticcheck.dev/docs/checks/#QF1008 Omit embedded fields from selector expression. + exclusions: + generated: strict + presets: + - comments + - std-error-handling diff --git a/vendor/github.com/opencontainers/cgroups/RELEASES.md b/vendor/github.com/opencontainers/cgroups/RELEASES.md index 028ec265df9..e3802706f57 100644 --- a/vendor/github.com/opencontainers/cgroups/RELEASES.md +++ b/vendor/github.com/opencontainers/cgroups/RELEASES.md @@ -23,7 +23,7 @@ However, specification releases have special restrictions in the [OCI charter][c * They are the target of backwards compatibility (§7.g), and * They are subject to the OFWa patent grant (§8.d and e). -To avoid unfortunate side effects (onerous backwards compatibity requirements or Member resignations), the following additional procedures apply to specification releases: +To avoid unfortunate side effects (onerous backwards compatibility requirements or Member resignations), the following additional procedures apply to specification releases: ### Planning a release diff --git a/vendor/github.com/opencontainers/cgroups/config_linux.go b/vendor/github.com/opencontainers/cgroups/config_linux.go index ce98b3d7847..9f1d44537b0 100644 --- a/vendor/github.com/opencontainers/cgroups/config_linux.go +++ b/vendor/github.com/opencontainers/cgroups/config_linux.go @@ -23,16 +23,16 @@ type Cgroup struct { // Path specifies the path to cgroups that are created and/or joined by the container. // The path is assumed to be relative to the host system cgroup mountpoint. - Path string `json:"path"` + Path string `json:"path,omitempty"` - // ScopePrefix describes prefix for the scope name - ScopePrefix string `json:"scope_prefix"` + // ScopePrefix describes prefix for the scope name. + ScopePrefix string `json:"scope_prefix,omitempty"` - // Resources contains various cgroups settings to apply - *Resources + // Resources contains various cgroups settings to apply. + *Resources `json:"Resources,omitempty"` // Systemd tells if systemd should be used to manage cgroups. - Systemd bool + Systemd bool `json:"Systemd,omitempty"` // SystemdProps are any additional properties for systemd, // derived from org.systemd.property.xxx annotations. @@ -40,7 +40,7 @@ type Cgroup struct { SystemdProps []systemdDbus.Property `json:"-"` // Rootless tells if rootless cgroups should be used. - Rootless bool + Rootless bool `json:"Rootless,omitempty"` // The host UID that should own the cgroup, or nil to accept // the default ownership. This should only be set when the @@ -52,96 +52,96 @@ type Cgroup struct { type Resources struct { // Devices is the set of access rules for devices in the container. - Devices []*devices.Rule `json:"devices"` + Devices []*devices.Rule `json:"devices,omitempty"` - // Memory limit (in bytes) - Memory int64 `json:"memory"` + // Memory limit (in bytes). + Memory int64 `json:"memory,omitempty"` - // Memory reservation or soft_limit (in bytes) - MemoryReservation int64 `json:"memory_reservation"` + // Memory reservation or soft_limit (in bytes). + MemoryReservation int64 `json:"memory_reservation,omitempty"` - // Total memory usage (memory + swap); set `-1` to enable unlimited swap - MemorySwap int64 `json:"memory_swap"` + // Total memory usage (memory+swap); use -1 for unlimited swap. + MemorySwap int64 `json:"memory_swap,omitempty"` - // CPU shares (relative weight vs. other containers) - CpuShares uint64 `json:"cpu_shares"` + // CPU shares (relative weight vs. other containers). + CpuShares uint64 `json:"cpu_shares,omitempty"` //nolint:revive // Suppress "var-naming: struct field CpuShares should be CPUShares". // CPU hardcap limit (in usecs). Allowed cpu time in a given period. - CpuQuota int64 `json:"cpu_quota"` + CpuQuota int64 `json:"cpu_quota,omitempty"` //nolint:revive // Suppress "var-naming: struct field CpuQuota should be CPUQuota". // CPU hardcap burst limit (in usecs). Allowed accumulated cpu time additionally for burst in a given period. - CpuBurst *uint64 `json:"cpu_burst"` //nolint:revive + CpuBurst *uint64 `json:"cpu_burst,omitempty"` //nolint:revive // Suppress "var-naming: struct field CpuBurst should be CPUBurst". // CPU period to be used for hardcapping (in usecs). 0 to use system default. - CpuPeriod uint64 `json:"cpu_period"` + CpuPeriod uint64 `json:"cpu_period,omitempty"` //nolint:revive // Suppress "var-naming: struct field CpuPeriod should be CPUPeriod". // How many time CPU will use in realtime scheduling (in usecs). - CpuRtRuntime int64 `json:"cpu_rt_quota"` + CpuRtRuntime int64 `json:"cpu_rt_quota,omitempty"` //nolint:revive // Suppress "var-naming: struct field CpuRtRuntime should be CPURtRuntime". // CPU period to be used for realtime scheduling (in usecs). - CpuRtPeriod uint64 `json:"cpu_rt_period"` + CpuRtPeriod uint64 `json:"cpu_rt_period,omitempty"` //nolint:revive // Suppress "var-naming: struct field CpuQuota should be CPUQuota". - // CPU to use - CpusetCpus string `json:"cpuset_cpus"` + // Cpuset CPUs to use. + CpusetCpus string `json:"cpuset_cpus,omitempty"` - // MEM to use - CpusetMems string `json:"cpuset_mems"` + // Cpuset memory nodes to use. + CpusetMems string `json:"cpuset_mems,omitempty"` - // cgroup SCHED_IDLE + // Cgroup's SCHED_IDLE value. CPUIdle *int64 `json:"cpu_idle,omitempty"` // Process limit; set <= `0' to disable limit. - PidsLimit int64 `json:"pids_limit"` + PidsLimit int64 `json:"pids_limit,omitempty"` // Specifies per cgroup weight, range is from 10 to 1000. - BlkioWeight uint16 `json:"blkio_weight"` + BlkioWeight uint16 `json:"blkio_weight,omitempty"` - // Specifies tasks' weight in the given cgroup while competing with the cgroup's child cgroups, range is from 10 to 1000, cfq scheduler only - BlkioLeafWeight uint16 `json:"blkio_leaf_weight"` + // Tasks' weight in the given cgroup while competing with the cgroup's child cgroups, range is from 10 to 1000, cfq scheduler only. + BlkioLeafWeight uint16 `json:"blkio_leaf_weight,omitempty"` // Weight per cgroup per device, can override BlkioWeight. - BlkioWeightDevice []*WeightDevice `json:"blkio_weight_device"` + BlkioWeightDevice []*WeightDevice `json:"blkio_weight_device,omitempty"` // IO read rate limit per cgroup per device, bytes per second. - BlkioThrottleReadBpsDevice []*ThrottleDevice `json:"blkio_throttle_read_bps_device"` + BlkioThrottleReadBpsDevice []*ThrottleDevice `json:"blkio_throttle_read_bps_device,omitempty"` // IO write rate limit per cgroup per device, bytes per second. - BlkioThrottleWriteBpsDevice []*ThrottleDevice `json:"blkio_throttle_write_bps_device"` + BlkioThrottleWriteBpsDevice []*ThrottleDevice `json:"blkio_throttle_write_bps_device,omitempty"` // IO read rate limit per cgroup per device, IO per second. - BlkioThrottleReadIOPSDevice []*ThrottleDevice `json:"blkio_throttle_read_iops_device"` + BlkioThrottleReadIOPSDevice []*ThrottleDevice `json:"blkio_throttle_read_iops_device,omitempty"` // IO write rate limit per cgroup per device, IO per second. - BlkioThrottleWriteIOPSDevice []*ThrottleDevice `json:"blkio_throttle_write_iops_device"` + BlkioThrottleWriteIOPSDevice []*ThrottleDevice `json:"blkio_throttle_write_iops_device,omitempty"` - // set the freeze value for the process - Freezer FreezerState `json:"freezer"` + // Freeze value for the process. + Freezer FreezerState `json:"freezer,omitempty"` - // Hugetlb limit (in bytes) - HugetlbLimit []*HugepageLimit `json:"hugetlb_limit"` + // Hugetlb limit (in bytes). + HugetlbLimit []*HugepageLimit `json:"hugetlb_limit,omitempty"` - // Whether to disable OOM Killer - OomKillDisable bool `json:"oom_kill_disable"` + // Whether to disable OOM killer. + OomKillDisable bool `json:"oom_kill_disable,omitempty"` - // Tuning swappiness behaviour per cgroup - MemorySwappiness *uint64 `json:"memory_swappiness"` + // Tuning swappiness behaviour per cgroup. + MemorySwappiness *uint64 `json:"memory_swappiness,omitempty"` - // Set priority of network traffic for container - NetPrioIfpriomap []*IfPrioMap `json:"net_prio_ifpriomap"` + // Set priority of network traffic for container. + NetPrioIfpriomap []*IfPrioMap `json:"net_prio_ifpriomap,omitempty"` - // Set class identifier for container's network packets - NetClsClassid uint32 `json:"net_cls_classid_u"` + // Set class identifier for container's network packets. + NetClsClassid uint32 `json:"net_cls_classid_u,omitempty"` - // Rdma resource restriction configuration - Rdma map[string]LinuxRdma `json:"rdma"` + // Rdma resource restriction configuration. + Rdma map[string]LinuxRdma `json:"rdma,omitempty"` // Used on cgroups v2: // CpuWeight sets a proportional bandwidth limit. - CpuWeight uint64 `json:"cpu_weight"` + CpuWeight uint64 `json:"cpu_weight,omitempty"` //nolint:revive // Suppress "var-naming: struct field CpuWeight should be CPUWeight". // Unified is cgroupv2-only key-value map. - Unified map[string]string `json:"unified"` + Unified map[string]string `json:"unified,omitempty"` // SkipDevices allows to skip configuring device permissions. // Used by e.g. kubelet while creating a parent cgroup (kubepods) @@ -165,5 +165,5 @@ type Resources struct { // MemoryCheckBeforeUpdate is a flag for cgroup v2 managers to check // if the new memory limits (Memory and MemorySwap) being set are lower // than the current memory usage, and reject if so. - MemoryCheckBeforeUpdate bool `json:"memory_check_before_update"` + MemoryCheckBeforeUpdate bool `json:"memory_check_before_update,omitempty"` } diff --git a/vendor/github.com/opencontainers/cgroups/devices/config/device.go b/vendor/github.com/opencontainers/cgroups/devices/config/device.go index 05ad3ef8cab..295575cbfa7 100644 --- a/vendor/github.com/opencontainers/cgroups/devices/config/device.go +++ b/vendor/github.com/opencontainers/cgroups/devices/config/device.go @@ -20,10 +20,10 @@ type Device struct { FileMode os.FileMode `json:"file_mode"` // Uid of the device. - Uid uint32 `json:"uid"` + Uid uint32 `json:"uid,omitempty"` //nolint:revive // Suppress "var-naming: struct field Uid should be UID". // Gid of the device. - Gid uint32 `json:"gid"` + Gid uint32 `json:"gid,omitempty"` //nolint:revive // Suppress "var-naming: struct field Gid should be GID". } // Permissions is a cgroupv1-style string to represent device access. It diff --git a/vendor/github.com/opencontainers/cgroups/devices/devices_emulator.go b/vendor/github.com/opencontainers/cgroups/devices/devices_emulator.go index ab1826826f6..df258fb85d6 100644 --- a/vendor/github.com/opencontainers/cgroups/devices/devices_emulator.go +++ b/vendor/github.com/opencontainers/cgroups/devices/devices_emulator.go @@ -261,7 +261,7 @@ func (e *emulator) Apply(rule devices.Rule) error { } // emulatorFromList takes a reader to a "devices.list"-like source, and returns -// a new Emulator that represents the state of the devices cgroup. Note that +// a new emulator that represents the state of the devices cgroup. Note that // black-list devices cgroups cannot be fully reconstructed, due to limitations // in the devices cgroup API. Instead, such cgroups are always treated as // "allow all" cgroups. @@ -301,11 +301,12 @@ func emulatorFromList(list io.Reader) (*emulator, error) { // disruptive rules (like denying all device access) will only be applied if // necessary. // -// This function is the sole reason for all of Emulator -- to allow us +// This function is the sole reason for all of emulator -- to allow us // to figure out how to update a containers' cgroups without causing spurious // device errors (if possible). -func (source *emulator) Transition(target *emulator) ([]*devices.Rule, error) { //nolint:revive // Ignore receiver-naming warning. +func (e *emulator) Transition(target *emulator) ([]*devices.Rule, error) { var transitionRules []*devices.Rule + source := e oldRules := source.rules // If the default policy doesn't match, we need to include a "disruptive" diff --git a/vendor/github.com/opencontainers/cgroups/devices/systemd.go b/vendor/github.com/opencontainers/cgroups/devices/systemd.go index 010f7f22ee2..3f5fdceba77 100644 --- a/vendor/github.com/opencontainers/cgroups/devices/systemd.go +++ b/vendor/github.com/opencontainers/cgroups/devices/systemd.go @@ -166,7 +166,7 @@ func systemdProperties(r *cgroups.Resources, sdVer int) ([]systemdDbus.Property, return properties, nil } -func newProp(name string, units interface{}) systemdDbus.Property { +func newProp(name string, units any) systemdDbus.Property { return systemdDbus.Property{ Name: name, Value: dbus.MakeVariant(units), diff --git a/vendor/github.com/opencontainers/cgroups/fs/freezer.go b/vendor/github.com/opencontainers/cgroups/fs/freezer.go index dae4a605894..fe0f0dde482 100644 --- a/vendor/github.com/opencontainers/cgroups/fs/freezer.go +++ b/vendor/github.com/opencontainers/cgroups/fs/freezer.go @@ -57,7 +57,7 @@ func (s *FreezerGroup) Set(path string, r *cgroups.Resources) (Err error) { // Alas, this is still a game of chances, since the real fix // belong to the kernel (cgroup v2 do not have this bug). - for i := 0; i < 1000; i++ { + for i := range 1000 { if i%50 == 49 { // Occasional thaw and sleep improves // the chances to succeed in freezing diff --git a/vendor/github.com/opencontainers/cgroups/fs2/cpu.go b/vendor/github.com/opencontainers/cgroups/fs2/cpu.go index 8eae67351cf..8a22a32c45b 100644 --- a/vendor/github.com/opencontainers/cgroups/fs2/cpu.go +++ b/vendor/github.com/opencontainers/cgroups/fs2/cpu.go @@ -108,6 +108,12 @@ func statCpu(dirPath string, stats *cgroups.Stats) error { case "throttled_usec": stats.CpuStats.ThrottlingData.ThrottledTime = v * 1000 + + case "nr_bursts": + stats.CpuStats.BurstData.BurstsPeriods = v + + case "burst_usec": + stats.CpuStats.BurstData.BurstTime = v * 1000 } } if err := sc.Err(); err != nil { diff --git a/vendor/github.com/opencontainers/cgroups/fs2/memory.go b/vendor/github.com/opencontainers/cgroups/fs2/memory.go index d67fd8aba55..761330756f6 100644 --- a/vendor/github.com/opencontainers/cgroups/fs2/memory.go +++ b/vendor/github.com/opencontainers/cgroups/fs2/memory.go @@ -18,17 +18,14 @@ import ( // cgroupv2 files with .min, .max, .low, or .high suffix. // The value of -1 is converted to "max" for cgroupv1 compatibility // (which used to write -1 to remove the limit). -func numToStr(value int64) (ret string) { - switch { - case value == 0: - ret = "" - case value == -1: - ret = "max" - default: - ret = strconv.FormatInt(value, 10) - } - - return ret +func numToStr(value int64) string { + switch value { + case 0: + return "" + case -1: + return "max" + } + return strconv.FormatInt(value, 10) } func isMemorySet(r *cgroups.Resources) bool { @@ -57,7 +54,7 @@ func setMemory(dirPath string, r *cgroups.Resources) error { if swapStr != "" { if err := cgroups.WriteFile(dirPath, "memory.swap.max", swapStr); err != nil { // If swap is not enabled, silently ignore setting to max or disabling it. - if !(errors.Is(err, os.ErrNotExist) && (swapStr == "max" || swapStr == "0")) { + if !(errors.Is(err, os.ErrNotExist) && (swapStr == "max" || swapStr == "0")) { //nolint:staticcheck // Ignore "QF1001: could apply De Morgan's law". return err } } diff --git a/vendor/github.com/opencontainers/cgroups/fscommon/rdma.go b/vendor/github.com/opencontainers/cgroups/fscommon/rdma.go index 86e38fdcbaa..960126ce7ce 100644 --- a/vendor/github.com/opencontainers/cgroups/fscommon/rdma.go +++ b/vendor/github.com/opencontainers/cgroups/fscommon/rdma.go @@ -50,7 +50,7 @@ func readRdmaEntries(dir, file string) ([]cgroups.RdmaEntry, error) { if err != nil { return nil, err } - defer fd.Close() //nolint:errorlint + defer fd.Close() scanner := bufio.NewScanner(fd) for scanner.Scan() { parts := strings.SplitN(scanner.Text(), " ", 4) diff --git a/vendor/github.com/opencontainers/cgroups/stats.go b/vendor/github.com/opencontainers/cgroups/stats.go index b475567d821..6cd6253ee0a 100644 --- a/vendor/github.com/opencontainers/cgroups/stats.go +++ b/vendor/github.com/opencontainers/cgroups/stats.go @@ -9,6 +9,14 @@ type ThrottlingData struct { ThrottledTime uint64 `json:"throttled_time,omitempty"` } +type BurstData struct { + // Number of periods bandwidth burst occurs + BurstsPeriods uint64 `json:"bursts_periods,omitempty"` + // Cumulative wall-time that any cpus has used above quota in respective periods + // Units: nanoseconds. + BurstTime uint64 `json:"burst_time,omitempty"` +} + // CpuUsage denotes the usage of a CPU. // All CPU stats are aggregate since container inception. type CpuUsage struct { @@ -48,6 +56,7 @@ type CpuStats struct { CpuUsage CpuUsage `json:"cpu_usage,omitempty"` ThrottlingData ThrottlingData `json:"throttling_data,omitempty"` PSI *PSIStats `json:"psi,omitempty"` + BurstData BurstData `json:"burst_data,omitempty"` } type CPUSetStats struct { diff --git a/vendor/github.com/opencontainers/cgroups/systemd/common.go b/vendor/github.com/opencontainers/cgroups/systemd/common.go index b3077bd37fa..875a589e3d8 100644 --- a/vendor/github.com/opencontainers/cgroups/systemd/common.go +++ b/vendor/github.com/opencontainers/cgroups/systemd/common.go @@ -89,7 +89,7 @@ func ExpandSlice(slice string) (string, error) { return path, nil } -func newProp(name string, units interface{}) systemdDbus.Property { +func newProp(name string, units any) systemdDbus.Property { return systemdDbus.Property{ Name: name, Value: dbus.MakeVariant(units), @@ -266,7 +266,7 @@ func systemdVersionAtoi(str string) (int, error) { // Unconditionally remove the leading prefix ("v). str = strings.TrimLeft(str, `"v`) // Match on the first integer we can grab. - for i := 0; i < len(str); i++ { + for i := range len(str) { if str[i] < '0' || str[i] > '9' { // First non-digit: cut the tail. str = str[:i] @@ -280,7 +280,9 @@ func systemdVersionAtoi(str string) (int, error) { return ver, nil } -func addCpuQuota(cm *dbusConnManager, properties *[]systemdDbus.Property, quota int64, period uint64) { +// addCPUQuota adds CPUQuotaPeriodUSec and CPUQuotaPerSecUSec to the properties. The passed quota may be modified +// along with round-up during calculation in order to write the same value to cgroupfs later. +func addCPUQuota(cm *dbusConnManager, properties *[]systemdDbus.Property, quota *int64, period uint64) { if period != 0 { // systemd only supports CPUQuotaPeriodUSec since v242 sdVer := systemdVersion(cm) @@ -292,10 +294,10 @@ func addCpuQuota(cm *dbusConnManager, properties *[]systemdDbus.Property, quota " (setting will still be applied to cgroupfs)", sdVer) } } - if quota != 0 || period != 0 { + if *quota != 0 || period != 0 { // corresponds to USEC_INFINITY in systemd cpuQuotaPerSecUSec := uint64(math.MaxUint64) - if quota > 0 { + if *quota > 0 { if period == 0 { // assume the default period = defCPUQuotaPeriod @@ -304,9 +306,11 @@ func addCpuQuota(cm *dbusConnManager, properties *[]systemdDbus.Property, quota // (integer percentage of CPU) internally. This means that if a fractional percent of // CPU is indicated by Resources.CpuQuota, we need to round up to the nearest // 10ms (1% of a second) such that child cgroups can set the cpu.cfs_quota_us they expect. - cpuQuotaPerSecUSec = uint64(quota*1000000) / period + cpuQuotaPerSecUSec = uint64(*quota*1000000) / period if cpuQuotaPerSecUSec%10000 != 0 { cpuQuotaPerSecUSec = ((cpuQuotaPerSecUSec / 10000) + 1) * 10000 + // Update the requested quota along with the round-up in order to write the same value to cgroupfs. + *quota = int64(cpuQuotaPerSecUSec) * int64(period) / 1000000 } } *properties = append(*properties, diff --git a/vendor/github.com/opencontainers/cgroups/systemd/v1.go b/vendor/github.com/opencontainers/cgroups/systemd/v1.go index 8453e9b4962..b8959adbfa6 100644 --- a/vendor/github.com/opencontainers/cgroups/systemd/v1.go +++ b/vendor/github.com/opencontainers/cgroups/systemd/v1.go @@ -90,7 +90,7 @@ func genV1ResourcesProperties(r *cgroups.Resources, cm *dbusConnManager) ([]syst newProp("CPUShares", r.CpuShares)) } - addCpuQuota(cm, &properties, r.CpuQuota, r.CpuPeriod) + addCPUQuota(cm, &properties, &r.CpuQuota, r.CpuPeriod) if r.BlkioWeight != 0 { properties = append(properties, @@ -334,6 +334,9 @@ func (m *LegacyManager) Set(r *cgroups.Resources) error { if r.Unified != nil { return cgroups.ErrV1NoUnified } + // Use a copy since CpuQuota in r may be modified. + rCopy := *r + r = &rCopy properties, err := genV1ResourcesProperties(r, m.dbus) if err != nil { return err diff --git a/vendor/github.com/opencontainers/cgroups/systemd/v2.go b/vendor/github.com/opencontainers/cgroups/systemd/v2.go index 42a6e355119..636b9cb01b5 100644 --- a/vendor/github.com/opencontainers/cgroups/systemd/v2.go +++ b/vendor/github.com/opencontainers/cgroups/systemd/v2.go @@ -113,7 +113,7 @@ func unifiedResToSystemdProps(cm *dbusConnManager, res map[string]string) (props return nil, fmt.Errorf("unified resource %q quota value conversion error: %w", k, err) } } - addCpuQuota(cm, &props, quota, period) + addCPUQuota(cm, &props, "a, period) case "cpu.weight": if shouldSetCPUIdle(cm, strings.TrimSpace(res["cpu.idle"])) { @@ -254,7 +254,7 @@ func genV2ResourcesProperties(dirPath string, r *cgroups.Resources, cm *dbusConn } } - addCpuQuota(cm, &properties, r.CpuQuota, r.CpuPeriod) + addCPUQuota(cm, &properties, &r.CpuQuota, r.CpuPeriod) if r.PidsLimit > 0 || r.PidsLimit == -1 { properties = append(properties, @@ -480,6 +480,9 @@ func (m *UnifiedManager) Set(r *cgroups.Resources) error { if r == nil { return nil } + // Use a copy since CpuQuota in r may be modified. + rCopy := *r + r = &rCopy properties, err := genV2ResourcesProperties(m.fsMgr.Path(""), r, m.dbus) if err != nil { return err diff --git a/vendor/github.com/opencontainers/cgroups/utils.go b/vendor/github.com/opencontainers/cgroups/utils.go index 9ef24b1ac6e..98b6a07fab8 100644 --- a/vendor/github.com/opencontainers/cgroups/utils.go +++ b/vendor/github.com/opencontainers/cgroups/utils.go @@ -231,7 +231,7 @@ func rmdir(path string, retry bool) error { again: err := unix.Rmdir(path) - switch err { // nolint:errorlint // unix errors are bare + switch err { case nil, unix.ENOENT: return nil case unix.EINTR: @@ -395,7 +395,7 @@ func WriteCgroupProc(dir string, pid int) error { } defer file.Close() - for i := 0; i < 5; i++ { + for range 5 { _, err = file.WriteString(strconv.Itoa(pid)) if err == nil { return nil diff --git a/vendor/github.com/opencontainers/cgroups/v1_utils.go b/vendor/github.com/opencontainers/cgroups/v1_utils.go index 81193e20983..19b8af1344b 100644 --- a/vendor/github.com/opencontainers/cgroups/v1_utils.go +++ b/vendor/github.com/opencontainers/cgroups/v1_utils.go @@ -5,6 +5,7 @@ import ( "fmt" "os" "path/filepath" + "slices" "strings" "sync" "syscall" @@ -144,10 +145,8 @@ func FindCgroupMountpointAndRoot(cgroupPath, subsystem string) (string, string, func findCgroupMountpointAndRootFromMI(mounts []*mountinfo.Info, cgroupPath, subsystem string) (string, string, error) { for _, mi := range mounts { if strings.HasPrefix(mi.Mountpoint, cgroupPath) { - for _, opt := range strings.Split(mi.VFSOptions, ",") { - if opt == subsystem { - return mi.Mountpoint, mi.Root, nil - } + if slices.Contains(strings.Split(mi.VFSOptions, ","), subsystem) { + return mi.Mountpoint, mi.Root, nil } } } diff --git a/vendor/modules.txt b/vendor/modules.txt index 1ebab6dcc25..83a12f3700c 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -51,7 +51,7 @@ github.com/moby/sys/userns # github.com/mrunalp/fileutils v0.5.1 ## explicit; go 1.13 github.com/mrunalp/fileutils -# github.com/opencontainers/cgroups v0.0.1 +# github.com/opencontainers/cgroups v0.0.2 ## explicit; go 1.23.0 github.com/opencontainers/cgroups github.com/opencontainers/cgroups/devices