From 4f2e62913d4f9489cd958fae1ff747a90eba2aa7 Mon Sep 17 00:00:00 2001
From: Bart Van Assche <bvanassche@google.com>
Date: Fri, 4 Feb 2022 18:04:32 +0000
Subject: [PATCH] Enable the memory_recursiveprot mount option

Enable the memory_recursiveprot mount option for v2 cgroups because the
v2 memcg documentation mentions the following: "Recursively apply
memory.min and memory.low protection to entire subtrees, without
requiring explicit downward propagation into leaf cgroups.  This allows
protecting entire subtrees from one another, while retaining free
competition within those subtrees. This should have been the default
behavior but is a mount-option to avoid regressing setups relying on the
original semantics (e.g. specifying bogusly high 'bypass' protection
values at higher tree levels)."

Source: https://www.kernel.org/doc/Documentation/admin-guide/cgroup-v2.rst

Bug: 213617178
Test: Verified this change inside the Cuttlefish emulator.
Change-Id: Iecd86109d9ecb9d3354f9d28577b147edf7c50a8
Signed-off-by: Bart Van Assche <bvanassche@google.com>
---
 libprocessgroup/setup/cgroup_map_write.cpp | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/libprocessgroup/setup/cgroup_map_write.cpp b/libprocessgroup/setup/cgroup_map_write.cpp
index 3121d244b..992cc2e23 100644
--- a/libprocessgroup/setup/cgroup_map_write.cpp
+++ b/libprocessgroup/setup/cgroup_map_write.cpp
@@ -263,8 +263,18 @@ static bool SetupCgroup(const CgroupDescriptor& descriptor) {
                 return false;
             }
 
-            result = mount("none", controller->path(), "cgroup2", MS_NODEV | MS_NOEXEC | MS_NOSUID,
-                           nullptr);
+            // The memory_recursiveprot mount option has been introduced by kernel commit
+            // 8a931f801340 ("mm: memcontrol: recursive memory.low protection"; v5.7). Try first to
+            // mount with that option enabled. If mounting fails because the kernel is too old,
+            // retry without that mount option.
+            if (mount("none", controller->path(), "cgroup2", MS_NODEV | MS_NOEXEC | MS_NOSUID,
+                      "memory_recursiveprot") < 0) {
+                LOG(INFO) << "Mounting memcg with memory_recursiveprot failed. Retrying without.";
+                if (mount("none", controller->path(), "cgroup2", MS_NODEV | MS_NOEXEC | MS_NOSUID,
+                          nullptr) < 0) {
+                    PLOG(ERROR) << "Failed to mount cgroup v2";
+                }
+            }
 
             // selinux permissions change after mounting, so it's ok to change mode and owner now
             if (!ChangeDirModeAndOwner(controller->path(), descriptor.mode(), descriptor.uid(),