Revision tags: 1.32.1-1, 1.32.0-1, 1.32.0, 1.31.1-1, 1.31.1, 1.31.0-1, 1.31.0, 1.30.0-1, 1.30.0 |
|
#
2450:14277f21a722 |
| 08-May-2023 |
Zhidao HONG |
NJS: supported loadable modules.
|
Revision tags: 1.29.1-1, 1.29.1 |
|
#
2352:7130340d4015 |
| 01-Dec-2022 |
Andrew Clayton |
Remove the nxt_getpid() alias.
Since the previous commit, nxt_getpid() is only ever aliased to getpid(2).
nxt_getpid() was only used once in the code, while there are multiple direct uses of getpid
Remove the nxt_getpid() alias.
Since the previous commit, nxt_getpid() is only ever aliased to getpid(2).
nxt_getpid() was only used once in the code, while there are multiple direct uses of getpid(2)
$ grep -r "getpid()" src/ src/nxt_unit.c: nxt_unit_pid = getpid(); src/nxt_process.c: nxt_pid = nxt_getpid(); src/nxt_process.c: nxt_pid = getpid(); src/nxt_lib.c: nxt_pid = getpid(); src/nxt_process.h:#define nxt_getpid() \ src/nxt_process.h:#define nxt_getpid() \ src/nxt_process.h: getpid()
Just remove it and convert the _single_ instance of nxt_getpid() to getpid(2).
Reviewed-by: Alejandro Colomar <alx@nginx.com> Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
show more ...
|
#
2351:c65c885ecd20 |
| 19-Nov-2022 |
Andrew Clayton |
Isolation: Remove the syscall(SYS_getpid) wrapper.
When using SYS_clone we used the getpid kernel system call directly via syscall(SYS_getpid) to avoid issues with cached pids.
However since we are
Isolation: Remove the syscall(SYS_getpid) wrapper.
When using SYS_clone we used the getpid kernel system call directly via syscall(SYS_getpid) to avoid issues with cached pids.
However since we are now only using fork(2) (+ unshare(2) for namespaces) we no longer need to call the kernel getpid directly as the fork(2) will ensure the cached pid is invalidated.
Reviewed-by: Alejandro Colomar <alx@nginx.com> Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
show more ...
|
#
2347:427a1ffda093 |
| 18-Nov-2022 |
Andrew Clayton |
Isolation: Rename NXT_HAVE_CLONE -> NXT_HAVE_LINUX_NS.
Due to the need to replace our use of clone/__NR_clone on Linux with fork(2)/unshare(2) for enabling Linux namespaces(7) to keep the pthreads(7
Isolation: Rename NXT_HAVE_CLONE -> NXT_HAVE_LINUX_NS.
Due to the need to replace our use of clone/__NR_clone on Linux with fork(2)/unshare(2) for enabling Linux namespaces(7) to keep the pthreads(7) API working. Let's rename NXT_HAVE_CLONE to NXT_HAVE_LINUX_NS, i.e name it after the feature, not how it's implemented, then in future if we change how we do namespaces again we don't have to rename this.
Reviewed-by: Alejandro Colomar <alx@nginx.com> Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
show more ...
|
#
2326:f0a41e2f9f14 |
| 01-Dec-2022 |
Andrew Clayton |
Remove the nxt_getpid() alias.
Since the previous commit, nxt_getpid() is only ever aliased to getpid(2).
nxt_getpid() was only used once in the code, while there are multiple direct uses of getpid
Remove the nxt_getpid() alias.
Since the previous commit, nxt_getpid() is only ever aliased to getpid(2).
nxt_getpid() was only used once in the code, while there are multiple direct uses of getpid(2)
$ grep -r "getpid()" src/ src/nxt_unit.c: nxt_unit_pid = getpid(); src/nxt_process.c: nxt_pid = nxt_getpid(); src/nxt_process.c: nxt_pid = getpid(); src/nxt_lib.c: nxt_pid = getpid(); src/nxt_process.h:#define nxt_getpid() \ src/nxt_process.h:#define nxt_getpid() \ src/nxt_process.h: getpid()
Just remove it and convert the _single_ instance of nxt_getpid() to getpid(2).
Reviewed-by: Alejandro Colomar <alx@nginx.com> Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
show more ...
|
#
2325:2f754a2ca783 |
| 19-Nov-2022 |
Andrew Clayton |
Isolation: Remove the syscall(SYS_getpid) wrapper.
When using SYS_clone we used the getpid kernel system call directly via syscall(SYS_getpid) to avoid issues with cached pids.
However since we are
Isolation: Remove the syscall(SYS_getpid) wrapper.
When using SYS_clone we used the getpid kernel system call directly via syscall(SYS_getpid) to avoid issues with cached pids.
However since we are now only using fork(2) (+ unshare(2) for namespaces) we no longer need to call the kernel getpid directly as the fork(2) will ensure the cached pid is invalidated.
Reviewed-by: Alejandro Colomar <alx@nginx.com> Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
show more ...
|
#
2321:b8d29a14676d |
| 18-Nov-2022 |
Andrew Clayton |
Isolation: Rename NXT_HAVE_CLONE -> NXT_HAVE_LINUX_NS.
Due to the need to replace our use of clone/__NR_clone on Linux with fork(2)/unshare(2) for enabling Linux namespaces(7) to keep the pthreads(7
Isolation: Rename NXT_HAVE_CLONE -> NXT_HAVE_LINUX_NS.
Due to the need to replace our use of clone/__NR_clone on Linux with fork(2)/unshare(2) for enabling Linux namespaces(7) to keep the pthreads(7) API working. Let's rename NXT_HAVE_CLONE to NXT_HAVE_LINUX_NS, i.e name it after the feature, not how it's implemented, then in future if we change how we do namespaces again we don't have to rename this.
Reviewed-by: Alejandro Colomar <alx@nginx.com> Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
show more ...
|
Revision tags: 1.29.0-1, 1.29.0 |
|
#
2260:3005b3de99a5 |
| 24-Oct-2022 |
Andrew Clayton |
Isolation: wired up per-application cgroup support internally.
This commit hooks into the cgroup infrastructure added in the previous commit to create per-application cgroups.
It does this by addin
Isolation: wired up per-application cgroup support internally.
This commit hooks into the cgroup infrastructure added in the previous commit to create per-application cgroups.
It does this by adding each "prototype process" into its own cgroup, then each child process inherits its parents cgroup.
If we fail to create a cgroup we simply fail the process. This behaviour may get enhanced in the future.
This won't actually do anything yet. Subsequent commits will hook this up to the build and config systems.
Reviewed-by: Alejandro Colomar <alx@nginx.com> Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
show more ...
|
Revision tags: 1.28.0-1, 1.28.0 |
|
#
2174:a7fb5d8a9590 |
| 17-Feb-2022 |
Max Romanov |
Fixing isolated process PID manipulation.
Registering an isolated PID in the global PID hash is wrong because it can be duplicated. Isolated processes are stored only in the children list until the
Fixing isolated process PID manipulation.
Registering an isolated PID in the global PID hash is wrong because it can be duplicated. Isolated processes are stored only in the children list until the response for the WHOAMI message is processed and the global PID is discovered.
To remove isolated siblings, a pointer to the children list is introduced in the nxt_process_init_t struct.
This closes #633 issue on GitHub.
show more ...
|
#
2153:37bccff06c9f |
| 18-Jun-2022 |
Alejandro Colomar |
Replaced Linux syscall macros by libc macros.
User-space programs should use the SYS_*form, as documented in syscall(2). That also adds compatibility to non-Linux systems.
|
Revision tags: 1.27.0-1, 1.27.0, 1.26.1-1, 1.26.1 |
|
#
2031:e8518399bc10 |
| 24-Nov-2021 |
Max Romanov |
Fixing alerts on router restart.
Splitting the process type connectivity matrix to 'keep ports' and 'send ports'; the 'keep ports' matrix is used to clean up unnecessary ports after forking a new pr
Fixing alerts on router restart.
Splitting the process type connectivity matrix to 'keep ports' and 'send ports'; the 'keep ports' matrix is used to clean up unnecessary ports after forking a new process, and the 'send ports' matrix determines which process types expect to get created process ports.
Unfortunately, the original single connectivity matrix no longer works because of an application stop delay caused by prototypes. Existing applications should not get the new router port at the moment.
show more ...
|
#
2015:4570130dd183 |
| 24-Nov-2021 |
Max Romanov |
Fixing alerts on router restart.
Splitting the process type connectivity matrix to 'keep ports' and 'send ports'; the 'keep ports' matrix is used to clean up unnecessary ports after forking a new pr
Fixing alerts on router restart.
Splitting the process type connectivity matrix to 'keep ports' and 'send ports'; the 'keep ports' matrix is used to clean up unnecessary ports after forking a new process, and the 'send ports' matrix determines which process types expect to get created process ports.
Unfortunately, the original single connectivity matrix no longer works because of an application stop delay caused by prototypes. Existing applications should not get the new router port at the moment.
show more ...
|
Revision tags: 1.26.0-1, 1.26.0 |
|
#
1998:c8790d2a89bb |
| 09-Nov-2021 |
Tiago Natel de Moura |
Introducing application prototype processes.
|
#
1997:a8a3f1d243ee |
| 09-Nov-2021 |
Tiago Natel de Moura |
Changed nxt_process_* for reuse.
This enables the reuse of process creation functions.
|
Revision tags: 1.25.0-1, 1.25.0, 1.24.0-1, 1.24.0, 1.23.0-1, 1.23.0, 1.22.0-1, 1.22.0 |
|
#
1781:e1f459d7469b |
| 28-Jan-2021 |
Max Romanov |
Removing unused mutex from nxt_process_t.
|
Revision tags: 1.21.0-1, 1.21.0 |
|
#
1708:4463c1fc26fd |
| 16-Nov-2020 |
Tiago Natel de Moura |
Isolation: added option to disable "procfs" mount.
Now users can disable the default procfs mount point in the rootfs.
{ "isolation": { "automount": { "procfs": false
Isolation: added option to disable "procfs" mount.
Now users can disable the default procfs mount point in the rootfs.
{ "isolation": { "automount": { "procfs": false } } }
show more ...
|
#
1704:6a003e0f3a6e |
| 13-Nov-2020 |
Tiago Natel de Moura |
Isolation: added option to disable tmpfs mount.
Now users can disable the default tmpfs mount point in the rootfs.
{ "isolation": { "automount": { "tmpfs": false
Isolation: added option to disable tmpfs mount.
Now users can disable the default tmpfs mount point in the rootfs.
{ "isolation": { "automount": { "tmpfs": false } } }
show more ...
|
#
1673:883f2f79c2f6 |
| 29-Oct-2020 |
Tiago Natel de Moura |
Isolation: mounting of procfs by default when using "rootfs".
|
Revision tags: 1.20.0-1, 1.20.0 |
|
#
1585:e941d77852d1 |
| 25-Aug-2020 |
Tiago Natel de Moura |
Isolation: added "automount" option.
Now it's possible to disable default bind mounts of languages by setting:
{ "isolation": { "automount": { "language_deps": fal
Isolation: added "automount" option.
Now it's possible to disable default bind mounts of languages by setting:
{ "isolation": { "automount": { "language_deps": false } } }
In this case, the user is responsible to provide a "rootfs" containing the language libraries and required files for the application.
show more ...
|
#
1579:c80e692dc644 |
| 20-Aug-2020 |
Tiago Natel de Moura |
Moved isolation related code to "nxt_isolation.c".
|
Revision tags: 1.19.0-1, 1.19.0 |
|
#
1548:a745db447e56 |
| 11-Aug-2020 |
Max Romanov |
Process structures refactoring in runtime and libunit.
Generic process-to-process shared memory exchange is no more required. Here, it is transformed into a router-to-application pattern. The outg
Process structures refactoring in runtime and libunit.
Generic process-to-process shared memory exchange is no more required. Here, it is transformed into a router-to-application pattern. The outgoing shared memory segments collection is now the property of the application structure. The applications connect to the router only, and the process only needs to group the ports.
show more ...
|
#
1545:78836321a126 |
| 11-Aug-2020 |
Max Romanov |
Changing router to application port exchange protocol.
The application process needs to request the port from the router instead of the latter pushing the port before sending a request to the applic
Changing router to application port exchange protocol.
The application process needs to request the port from the router instead of the latter pushing the port before sending a request to the application. This is required to simplify the communication between the router and the application and to prepare the router to use the application shared port and then the queue.
show more ...
|
Revision tags: 1.18.0-1, 1.18.0 |
|
#
1489:4a3ec07f4b19 |
| 28-May-2020 |
Tiago Natel de Moura |
Added "rootfs" feature.
|
#
1488:6976d36be926 |
| 09-Mar-2020 |
Tiago Natel de Moura |
Refactor of process management.
The process abstraction has changed to:
setup(task, process) start(task, process_data) prefork(task, process, mp)
The prefork() occurs in the main process rig
Refactor of process management.
The process abstraction has changed to:
setup(task, process) start(task, process_data) prefork(task, process, mp)
The prefork() occurs in the main process right before fork.
The file src/nxt_main_process.c is completely free of process specific logic.
The creation of a process now supports a PROCESS_CREATED state. The The setup() function of each process can set its state to either created or ready. If created, a MSG_PROCESS_CREATED is sent to main process, where external setup can be done (required for rootfs under container).
The core processes (discovery, controller and router) doesn't need external setup, then they all proceeds to their start() function straight away.
In the case of applications, the load of the module happens at the process setup() time and The module's init() function has changed to be the start() of the process.
The module API has changed to:
setup(task, process, conf) start(task, data)
As a direct benefit of the PROCESS_CREATED message, the clone(2) of processes using pid namespaces now doesn't need to create a pipe to make the child block until parent setup uid/gid mappings nor it needs to receive the child pid.
show more ...
|
Revision tags: 1.17.0-1, 1.17.0 |
|
#
1452:e95c10330013 |
| 10-Apr-2020 |
Max Romanov |
Resolving a racing condition while adding ports on the app's side.
An earlier attempt (ad6265786871) to resolve this condition on the router's side added a new issue: the app could get a request bef
Resolving a racing condition while adding ports on the app's side.
An earlier attempt (ad6265786871) to resolve this condition on the router's side added a new issue: the app could get a request before acquiring a port.
show more ...
|