Implemented the clone fallback when clone3 returns ENOSYS

[yihuaf]

For a number of reasons, platforms can choose to block clone3 and force return ENOSYS. We implement a clone fallback in the case that we can't use clone3.

Also, clone3 has no libc wrapper at this point. The current implementation calls the kernel version of the syscall directly. There are undefined behaviors potentially when we create process bypassing the libc. However, we have not observed any issue with our tests. This is likely because youki runs short lived process and calls exec or exit in the end. Nonetheless, we should have a backup plan and this change is our way out in the case that we discover clone3 has issue as the default code path.

Remove the use of the clone3 crate. We use clone3 is a very specific way to create a process. We don't have to support the many other flags and usecases of the clone3 call. So it is simpler for us to use the libc crate directly for the syscall. This avoids an extra dependency and reduces our binary size.

[codecov-commenter]

Codecov Report

Merging #2203 (a67d180) into main (f3da56e) will increase coverage by 0.11%.
Report is 42 commits behind head on main.
The diff coverage is 64.65%.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2203      +/-   ##
==========================================
+ Coverage   64.93%   65.05%   +0.11%     
==========================================
  Files         129      129              
  Lines       14979    15139     +160     
==========================================
+ Hits         9727     9848     +121     
- Misses       5252     5291      +39     

[YJDoc2]

Hey @yihuaf is it possible that we do this as a clone3 feature which is enabled by default? Maybe then we can disable this for musl, and if someone don't want / knows that clone3 cannot be used, they can disable it via features instead of allowing it to fallback.

To be clear, I am saying that we should keep the current fallback mechanism even with feature, but if the feature is disabled, we will directly use clone, without trying clone3 first. wdyt?

[yihuaf]

Hey @yihuaf is it possible that we do this as a clone3 feature which is enabled by default? Maybe then we can disable this for musl, and if someone don't want / knows that clone3 cannot be used, they can disable it via features instead of allowing it to fallback.

To be clear, I am saying that we should keep the current fallback mechanism even with feature, but if the feature is disabled, we will directly use clone, without trying clone3 first. wdyt?

I think this is a great idea, but I would want to implement this in a different PR as a follow up. This will also make the testing of this feature easier, otherwise I have to resort to seccomp to force clone3 to return enosys.

[utam0k]

Great challenge 👍 Is it possible to have it benchmarked?

[yihuaf]

Great challenge 👍 Is it possible to have it benchmarked?

So there is no visible performance difference between clone and clone3. We benchmarked it before and here is the simple benchmark I did with this PR, using the clone and clone3 path.

This is using clone3

[eng@stardust youki]$ just hack-benchmark
Benchmark 1: sudo /home/eng/private/youki/youki create -b tutorial a && sudo /home/eng/private/youki/youki start a && sudo /home/eng/private/youki/youki delete -f a
  Time (mean ± σ):     928.4 ms ± 141.5 ms    [User: 20.8 ms, System: 232.5 ms]
  Range (min … max):   725.0 ms … 1383.5 ms    100 runs
 
[eng@stardust youki]$ 

This is using clone

[eng@stardust youki]$ just hack-benchmark
Benchmark 1: sudo /home/eng/private/youki/youki create -b tutorial a && sudo /home/eng/private/youki/youki start a && sudo /home/eng/private/youki/youki delete -f a
  Time (mean ± σ):     797.2 ms ±  42.7 ms    [User: 20.3 ms, System: 233.0 ms]
  Range (min … max):   709.1 ms … 1069.1 ms    100 runs
 
[eng@stardust youki]$ 

With the fallback path, we do need to make an extra clone3 call before making the clone call, but this is one extra syscall that will return ENOSYS. I don't anticipate there is any performance difference tbh.

[yihuaf]

If there is no blocking issue, I would like to get this merged as is and address any review comments in a follow up PR along with clone3 as a feature.

[YJDoc2]

lgtm 👍 I think @utam0k didn't have any issues with this, but if there are any problems, we can fix them in follow up PRs. Merging this for now --- After the CI is done :)

[YJDoc2]

Hey, given that this is a single command, I don't thing we need to specify the shell here, we can just run it. Also I think this is the best way we have currently to run benchmarks, and this is not in hacks, so we can just name it benchmark instead of hack benchmark.

[YJDoc2]

@yihuaf take a look at this in your next PR of clone regarding changes. Merging this one as not a blocking issue.

[utam0k]

Thanks a lot @yihuaf @YJDoc2