[Devel] [PATCH RHEL7 v20 14/14] ve/cgroup: At cgroup_mark(unmark)_ve_roots skip non-virtualized roots

[Valeriy Vdovin]

During container start there might be a situation when not all cgroup
hierarchies get virtualized by container manager (like vzctl). By
virtualizing a cgroup hierarchy I mean creation of sub-directory within
a particular mounted cgroup. When container starts it looks in css set
of it's init process to list all affilated cgroups and perform actions
on each. But non-virtualized cgroups will also be present in init's css_set
and they should not be touched from inside of any non root ve.

Signed-off-by: Valeriy Vdovin <valeriy.vdovin at virtuozzo.com>
---
 kernel/cgroup.c | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/kernel/cgroup.c b/kernel/cgroup.c
index 68d8d80..b8d69d5 100644
--- a/kernel/cgroup.c
+++ b/kernel/cgroup.c
@@ -4448,6 +4448,17 @@ int cgroup_mark_ve_roots(struct ve_struct *ve)
 	mutex_lock(&cgroup_mutex);
 	for_each_active_root(root) {
 		cgrp = css_cgroup_from_root(ve->root_css_set, root);
+
+		/*
+		 * In some situations not all cgroup roots are
+		 * virtualized by container manager (vzctl). In that
+		 * case cgrp will point at the actual top cgroup of
+		 * the hierarchy which is private property of host,
+		 * we should not modify it and just skip.
+		 */
+		if (cgrp == &root->top_cgroup)
+			continue;
+
 		rcu_assign_pointer(cgrp->ve_owner, ve);
 		set_bit(CGRP_VE_ROOT, &cgrp->flags);
 
@@ -4493,6 +4504,14 @@ void cgroup_unmark_ve_roots(struct ve_struct *ve)
 	mutex_lock(&cgroup_mutex);
 	for_each_active_root(root) {
 		cgrp = css_cgroup_from_root(ve->root_css_set, root);
+
+		/*
+		 * For this line see comments in
+		 * cgroup_mark_ve_roots
+		 */
+		if (cgrp == &root->top_cgroup)
+			continue;
+
 		dget(cgrp->dentry);
 		list_add_tail(&cgrp->cft_q_node, &pending);
 	}
-- 
1.8.3.1