libctr: Reset the inherited cpu affinity

Old kernels do that automatically, but new kernels remember the affinity that was set before the cgroup move due to https://lore.kernel.org/lkml/20220922180041.1768141-1-longman@redhat.com This is undesirable for containers, because they inherit the systemd affinity when the should really move to the container space cpus. see https://issues.redhat.com/browse/OCPBUGS-15102 for more information Co-authored-by: Martin Sivak <msivak@redhat.com> Signed-off-by: Peter Hunt <pehunt@redhat.com>
opencontainers · Sep 28, 2023 · d946178 · d946178
1 parent 1614cab
commit d946178
Showing 1 changed file with 17 additions and 0 deletions.
diff --git a/libcontainer/process_linux.go b/libcontainer/process_linux.go
@@ -130,6 +130,7 @@ func (p *setnsProcess) start() (retErr error) {
 				initProcCgroupFile := fmt.Sprintf("/proc/%d/cgroup", p.initProcessPid)
 				initCg, initCgErr := cgroups.ParseCgroupFile(initProcCgroupFile)
 				if initCgErr == nil {
+					s
 					if initCgPath, ok := initCg[""]; ok {
 						initCgDirpath := filepath.Join(fs2.UnifiedMountpoint, initCgPath)
 						logrus.Debugf("adding pid %d to cgroups %v failed (%v), attempting to join %q (obtained from %s)",
@@ -144,6 +145,14 @@ func (p *setnsProcess) start() (retErr error) {
 			}
 		}
 	}
+	// Reset the inherited cpu affinity. Old kernels do that automatically, but
+	// new kernels remember the affinity that was set before the cgroup move.
+	// This is undesirable, because it inherits the systemd affinity when the container
+	// should really move to the container space cpus.
+	if err := unix.SchedSetaffinity(p.pid(), &unix.CPUSet{}); err != nil && err != unix.EINVAL && err != unix.ENODEV {
+		return fmt.Errorf("error resetting pid %d affinity: %w", p.pid(), err)
+	}
+
 	if p.intelRdtPath != "" {
 		// if Intel RDT "resource control" filesystem path exists
 		_, err := os.Stat(p.intelRdtPath)
@@ -419,6 +428,14 @@ func (p *initProcess) start() (retErr error) {
 	if err := p.manager.Apply(p.pid()); err != nil {
 		return fmt.Errorf("unable to apply cgroup configuration: %w", err)
 	}
+
+	// Reset the inherited cpu affinity. Old kernels do that automatically, but
+	// new kernels remember the affinity that was set before the cgroup move.
+	// This is undesirable, because it inherits the systemd affinity when the container
+	// should really move to the container space cpus.
+	if err := unix.SchedSetaffinity(p.pid(), &unix.CPUSet{}); err != nil && err != unix.EINVAL && err != unix.ENODEV {
+		return fmt.Errorf("error resetting pid %d affinity: %w", p.pid(), err)
+	}
 	if p.intelRdtManager != nil {
 		if err := p.intelRdtManager.Apply(p.pid()); err != nil {
 			return fmt.Errorf("unable to apply Intel RDT configuration: %w", err)