[RHEL7,COMMIT] ve/cgroup: At cgroup_mark(unmark)_ve_roots skip non-virtualized roots

Submitted by Vasily Averin on Aug. 6, 2020, 5:32 a.m.

Details

Message ID 202008060532.0765WTVm004381@vz7build.vvs.sw.ru
State New
Series "Make release_agent per-cgroup property. Run release_agent in proper ve."
Headers show

Commit Message

Vasily Averin Aug. 6, 2020, 5:32 a.m.
The commit is pushed to "branch-rh7-3.10.0-1127.18.2.vz7.163.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-1127.18.2.el7
------>
commit 2c7e88541f87587f184eb3e23ba44e89428ed7a6
Author: Valeriy Vdovin <valeriy.vdovin@virtuozzo.com>
Date:   Thu Aug 6 08:32:28 2020 +0300

    ve/cgroup: At cgroup_mark(unmark)_ve_roots skip non-virtualized roots
    
    During container start there might be a situation when not all cgroup
    hierarchies get virtualized by container manager (like vzctl). By
    virtualizing a cgroup hierarchy I mean creation of sub-directory within
    a particular mounted cgroup. When container starts it looks in css set
    of it's init process to list all affilated cgroups and perform actions
    on each. But non-virtualized cgroups will also be present in init's css_set
    and they should not be touched from inside of any non root ve.
    
    Signed-off-by: Valeriy Vdovin <valeriy.vdovin@virtuozzo.com>
---
 kernel/cgroup.c | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

Patch hide | download patch | download mbox

diff --git a/kernel/cgroup.c b/kernel/cgroup.c
index 64cbc5d..55713a0 100644
--- a/kernel/cgroup.c
+++ b/kernel/cgroup.c
@@ -4615,6 +4615,18 @@  static struct cftype *get_cftype_by_name(const char *name)
 }
 
 #ifdef CONFIG_VE
+static inline bool is_virtualized_cgroup(struct cgroup *cgrp)
+{
+	lockdep_assert_held(&cgroup_mutex);
+	if (cgrp->root->subsys_mask)
+		return true;
+
+	if (!strcmp(cgrp->root->name, "systemd"))
+		return true;
+
+	return false;
+}
+
 int cgroup_mark_ve_roots(struct ve_struct *ve)
 {
 	struct cgroup *cgrp, *tmp;
@@ -4630,6 +4642,17 @@  int cgroup_mark_ve_roots(struct ve_struct *ve)
 	mutex_lock(&cgroup_mutex);
 	for_each_active_root(root) {
 		cgrp = css_cgroup_from_root(ve->root_css_set, root);
+
+		/*
+		 * At container start, vzctl creates special cgroups to serve
+		 * as virtualized cgroup roots. They are bind-mounted on top
+		 * of original cgroup mount point in container namespace. But
+		 * not all cgroup mounts undergo this procedure. We should
+		 * skip cgroup mounts that are not virtualized.
+		 */
+		if (!is_virtualized_cgroup(cgrp))
+			continue;
+
 		rcu_assign_pointer(cgrp->ve_owner, ve);
 		set_bit(CGRP_VE_ROOT, &cgrp->flags);
 
@@ -4679,6 +4702,14 @@  void cgroup_unmark_ve_roots(struct ve_struct *ve)
 	mutex_lock(&cgroup_mutex);
 	for_each_active_root(root) {
 		cgrp = css_cgroup_from_root(ve->root_css_set, root);
+
+		/*
+		 * For this line see comments in
+		 * cgroup_mark_ve_roots
+		 */
+		if (!is_virtualized_cgroup(cgrp))
+			continue;
+
 		dget(cgrp->dentry);
 		list_add_tail(&cgrp->cft_q_node, &pending);
 	}

Comments

Denis V. Lunev Aug. 6, 2020, 2:30 p.m.
On 8/6/20 8:32 AM, Vasily Averin wrote:
> The commit is pushed to "branch-rh7-3.10.0-1127.18.2.vz7.163.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
> after rh7-3.10.0-1127.18.2.el7
> ------>
> commit 2c7e88541f87587f184eb3e23ba44e89428ed7a6
> Author: Valeriy Vdovin <valeriy.vdovin@virtuozzo.com>
> Date:   Thu Aug 6 08:32:28 2020 +0300
>
>     ve/cgroup: At cgroup_mark(unmark)_ve_roots skip non-virtualized roots
>     
>     During container start there might be a situation when not all cgroup
>     hierarchies get virtualized by container manager (like vzctl). By
>     virtualizing a cgroup hierarchy I mean creation of sub-directory within
>     a particular mounted cgroup. When container starts it looks in css set
>     of it's init process to list all affilated cgroups and perform actions
>     on each. But non-virtualized cgroups will also be present in init's css_set
>     and they should not be touched from inside of any non root ve.
>     
>     Signed-off-by: Valeriy Vdovin <valeriy.vdovin@virtuozzo.com>
> ---
>  kernel/cgroup.c | 31 +++++++++++++++++++++++++++++++
>  1 file changed, 31 insertions(+)
>
> diff --git a/kernel/cgroup.c b/kernel/cgroup.c
> index 64cbc5d..55713a0 100644
> --- a/kernel/cgroup.c
> +++ b/kernel/cgroup.c
> @@ -4615,6 +4615,18 @@ static struct cftype *get_cftype_by_name(const char *name)
>  }
>  
>  #ifdef CONFIG_VE
> +static inline bool is_virtualized_cgroup(struct cgroup *cgrp)
> +{
> +	lockdep_assert_held(&cgroup_mutex);
> +	if (cgrp->root->subsys_mask)
> +		return true;
> +
> +	if (!strcmp(cgrp->root->name, "systemd"))
> +		return true;
> +
> +	return false;
> +}
> +
>  int cgroup_mark_ve_roots(struct ve_struct *ve)
>  {
>  	struct cgroup *cgrp, *tmp;
> @@ -4630,6 +4642,17 @@ int cgroup_mark_ve_roots(struct ve_struct *ve)
>  	mutex_lock(&cgroup_mutex);
>  	for_each_active_root(root) {
>  		cgrp = css_cgroup_from_root(ve->root_css_set, root);
> +
> +		/*
> +		 * At container start, vzctl creates special cgroups to serve
> +		 * as virtualized cgroup roots. They are bind-mounted on top
> +		 * of original cgroup mount point in container namespace. But
> +		 * not all cgroup mounts undergo this procedure. We should
> +		 * skip cgroup mounts that are not virtualized.
> +		 */
> +		if (!is_virtualized_cgroup(cgrp))
> +			continue;
> +
>  		rcu_assign_pointer(cgrp->ve_owner, ve);
>  		set_bit(CGRP_VE_ROOT, &cgrp->flags);
>  
> @@ -4679,6 +4702,14 @@ void cgroup_unmark_ve_roots(struct ve_struct *ve)
>  	mutex_lock(&cgroup_mutex);
>  	for_each_active_root(root) {
>  		cgrp = css_cgroup_from_root(ve->root_css_set, root);
> +
> +		/*
> +		 * For this line see comments in
> +		 * cgroup_mark_ve_roots
> +		 */
> +		if (!is_virtualized_cgroup(cgrp))
> +			continue;
> +
>  		dget(cgrp->dentry);
>  		list_add_tail(&cgrp->cft_q_node, &pending);
>  	}
> _______________________________________________
> Devel mailing list
> Devel@openvz.org
> https://lists.openvz.org/mailman/listinfo/devel
WOW! This is finally done!