[Devel] [PATCH RHEL7 COMMIT] ve/cgroup: At cgroup_mark(unmark)_ve_roots skip non-virtualized roots

Denis V. Lunev den at virtuozzo.com
Thu Aug 6 17:30:04 MSK 2020 

On 8/6/20 8:32 AM, Vasily Averin wrote:
> The commit is pushed to "branch-rh7-3.10.0-1127.18.2.vz7.163.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
> after rh7-3.10.0-1127.18.2.el7
> ------>
> commit 2c7e88541f87587f184eb3e23ba44e89428ed7a6
> Author: Valeriy Vdovin <valeriy.vdovin at virtuozzo.com>
> Date:   Thu Aug 6 08:32:28 2020 +0300
>
>     ve/cgroup: At cgroup_mark(unmark)_ve_roots skip non-virtualized roots
>     
>     During container start there might be a situation when not all cgroup
>     hierarchies get virtualized by container manager (like vzctl). By
>     virtualizing a cgroup hierarchy I mean creation of sub-directory within
>     a particular mounted cgroup. When container starts it looks in css set
>     of it's init process to list all affilated cgroups and perform actions
>     on each. But non-virtualized cgroups will also be present in init's css_set
>     and they should not be touched from inside of any non root ve.
>     
>     Signed-off-by: Valeriy Vdovin <valeriy.vdovin at virtuozzo.com>
> ---
>  kernel/cgroup.c | 31 +++++++++++++++++++++++++++++++
>  1 file changed, 31 insertions(+)
>
> diff --git a/kernel/cgroup.c b/kernel/cgroup.c
> index 64cbc5d..55713a0 100644
> --- a/kernel/cgroup.c
> +++ b/kernel/cgroup.c
> @@ -4615,6 +4615,18 @@ static struct cftype *get_cftype_by_name(const char *name)
>  }
>  
>  #ifdef CONFIG_VE
> +static inline bool is_virtualized_cgroup(struct cgroup *cgrp)
> +{
> +	lockdep_assert_held(&cgroup_mutex);
> +	if (cgrp->root->subsys_mask)
> +		return true;
> +
> +	if (!strcmp(cgrp->root->name, "systemd"))
> +		return true;
> +
> +	return false;
> +}
> +
>  int cgroup_mark_ve_roots(struct ve_struct *ve)
>  {
>  	struct cgroup *cgrp, *tmp;
> @@ -4630,6 +4642,17 @@ int cgroup_mark_ve_roots(struct ve_struct *ve)
>  	mutex_lock(&cgroup_mutex);
>  	for_each_active_root(root) {
>  		cgrp = css_cgroup_from_root(ve->root_css_set, root);
> +
> +		/*
> +		 * At container start, vzctl creates special cgroups to serve
> +		 * as virtualized cgroup roots. They are bind-mounted on top
> +		 * of original cgroup mount point in container namespace. But
> +		 * not all cgroup mounts undergo this procedure. We should
> +		 * skip cgroup mounts that are not virtualized.
> +		 */
> +		if (!is_virtualized_cgroup(cgrp))
> +			continue;
> +
>  		rcu_assign_pointer(cgrp->ve_owner, ve);
>  		set_bit(CGRP_VE_ROOT, &cgrp->flags);
>  
> @@ -4679,6 +4702,14 @@ void cgroup_unmark_ve_roots(struct ve_struct *ve)
>  	mutex_lock(&cgroup_mutex);
>  	for_each_active_root(root) {
>  		cgrp = css_cgroup_from_root(ve->root_css_set, root);
> +
> +		/*
> +		 * For this line see comments in
> +		 * cgroup_mark_ve_roots
> +		 */
> +		if (!is_virtualized_cgroup(cgrp))
> +			continue;
> +
>  		dget(cgrp->dentry);
>  		list_add_tail(&cgrp->cft_q_node, &pending);
>  	}
> _______________________________________________
> Devel mailing list
> Devel at openvz.org
> https://lists.openvz.org/mailman/listinfo/devel
WOW! This is finally done!

More information about the Devel mailing list