[Devel] [PATCH RHEL7 COMMIT] ve/cgroups: fake num_cgroups in /proc/cgroups output

Mon May 18 05:32:55 PDT 2015

The commit is pushed to "branch-rh7-3.10.0-123.1.2-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-123.1.2.vz7.5.1
------>
commit 213b5800cbf1e1f36efaab61f2f49ea198bdb1e8
Author: Vasily Averin <vvs at odin.com>
Date:   Mon May 18 16:32:55 2015 +0400

    ve/cgroups: fake num_cgroups in /proc/cgroups output
    
    Like in rh6-based kernels,
    /proc/cgroups output inside container will show 1 in 'num_cgroups' column.
    
    https://jira.sw.ru/browse/PSBM-33400
    
    Signed-off-by: Vasily Averin <vvs at openvz.org>
    
    khorenko@:
    This is done in order to prevent people to try guessing the
    number of Containers running on a Hardware Node
    because even if the guess is correct, it gives no useful info,
    but people can easily come to wrong conclusions.
---
 kernel/cgroup.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/kernel/cgroup.c b/kernel/cgroup.c
index f881f69..f897042 100644
--- a/kernel/cgroup.c
+++ b/kernel/cgroup.c
@@ -4815,6 +4815,8 @@ out:
 	return retval;
 }
 
+#define _cg_virtualized(x) ((ve_is_super(get_exec_env())) ? (x) : 1)
+
 /* Display information about each subsystem and each hierarchy */
 static int proc_cgroupstats_show(struct seq_file *m, void *v)
 {
@@ -4829,11 +4831,14 @@ static int proc_cgroupstats_show(struct seq_file *m, void *v)
 	mutex_lock(&cgroup_mutex);
 	for (i = 0; i < CGROUP_SUBSYS_COUNT; i++) {
 		struct cgroup_subsys *ss = subsys[i];
+		int num;
+
 		if (ss == NULL)
 			continue;
+		num = _cg_virtualized(ss->root->number_of_cgroups);
 		seq_printf(m, "%s\t%d\t%d\t%d\n",
 			   ss->name, ss->root->hierarchy_id,
-			   ss->root->number_of_cgroups, !ss->disabled);
+			   num, !ss->disabled);
 	}
 	mutex_unlock(&cgroup_mutex);
 	return 0;

