[RHEL8,COMMIT] ve/cgroup: Skip non-virtualized roots in cgroup_{, un}mark_ve_roots()

Submitted by Konstantin Khorenko on March 3, 2021, 5:21 p.m.


Message ID 202103031721.123HLFuE295275@finist-co8.sw.ru
State New
Series "Port release_agent virtualization from vz7"
Headers show

Commit Message

Konstantin Khorenko March 3, 2021, 5:21 p.m.
The commit is pushed to "branch-rh8-4.18.0-240.1.1.vz8.5.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh8-4.18.0-240.1.1.vz8.5.5
commit 83484f463ac8550ceb385779f4f61d0f256c2acd
Author: Valeriy Vdovin <valeriy.vdovin@virtuozzo.com>
Date:   Wed Mar 3 20:21:15 2021 +0300

    ve/cgroup: Skip non-virtualized roots in cgroup_{,un}mark_ve_roots()
    During container start there might be a situation when not all cgroup
    hierarchies get virtualized by container manager (like vzctl). By
    virtualizing a cgroup hierarchy I mean creation of sub-directory within
    a particular mounted cgroup. When container starts it looks in css set
    of it's init process to list all affilated cgroups and perform actions
    on each. But non-virtualized cgroups will also be present in init's css_set
    and they should not be touched from inside of any non root ve.
    Signed-off-by: Valeriy Vdovin <valeriy.vdovin@virtuozzo.com>
    Reviewed-by: Kirill Tkhai <ktkhai@virtuozzo.com>
    Patchset description:
    ve/cgroup: Port release_agent virtualization from vz7
    This patchset ports virtualization of cgroup release_agent
    virtualization from vz7.
    Major challanges of porting are differences between vz7 and vz8 cgroup
    - transition of cgroups to kernfs
    - slightly changed locking scheme, which relies on css_set_lock in
      places, previously relied on cgroup_mutex.
    There is a small number of patches that have been ported without
    modifications, but most of the patches had suffered a lot of
    modification due to the factors described above.
      - original patchset
      - removed port of CGRP_REMOVED due to the use of CSS_ONLINE in VZ8 for
        same reason
      - changed ve_set(get)_release_agent_path signature for more optimal
      - added ve->is_running check before calling userspace executable
      - use goto after check for ve->is_running in last patch
 kernel/cgroup/cgroup.c | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

Patch hide | download patch | download mbox

diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c
index 8aea78f07b5b..75997b503d3c 100644
--- a/kernel/cgroup/cgroup.c
+++ b/kernel/cgroup/cgroup.c
@@ -1927,6 +1927,23 @@  static int cgroup_add_file(struct cgroup_subsys_state *css, struct cgroup *cgrp,
 			   struct cftype *cft, bool activate);
 #ifdef CONFIG_VE
+static inline bool is_virtualized_cgroup(struct cgroup *cgrp)
+	/*
+	 * no parent means this is the host cgroup
+	 */
+	if (!cgrp->kn->parent)
+		return false;
+	if (cgrp->root->subsys_mask)
+		return true;
+	if (!strcmp(cgrp->root->name, "systemd"))
+		return true;
+	return false;
 int cgroup_mark_ve_roots(struct ve_struct *ve)
 	int err;