[Bug] Duplicated attach_pid and create_dir_all on cgroup v2

[XieGuochao]

Describe the bug

The current implementation contains duplicated attach_pid and create_dir_all. Since cgroup v2 uses a unified hierarchy, there is no need to do multiple create_dir_all and attach_pid. Only one create_dir_all and one attach_pid are sufficient. Such redundant overheads will cause significant latency when multiple Firecrackers boot in parallel.

To Reproduce

You may use strace to see the redundant operations.

Additional context

The relevant codes are in src/jailer/src/cgroup.rs and src/jailer/src/env.rs. You may need to distinguish the cgroup V1 and V2 when preparing the cgroup environment.

Checks

• [x] Have you searched the Firecracker Issues database for similar problems?
• [x] Have you read the existing relevant Firecracker documentation?
• [x] Are you certain the bug being reported is a Firecracker issue?

[pb8o]

Hi, I hadn't seen this issue before. Thanks for the suggestion. It is very interesting, do you have a way of reproducing this so we can analyze the performance difference?

[XieGuochao]

Hi, a micro-benchmark that creates Firecrackers (jailers) with multiple threads can reproduce this issue, although I am not sure if this is a case in production where cloud providers bypass concurrency contentions with tricks like reusing Firecrackers. If this is a valuable use case, I can draft the micro-benchmark to reproduce this.

[pb8o]

I think having a simple example how to set up the cgroups and how to run one firecracker would be enough to reproduce it. Thanks!