[Devel] [PATCH 2/2] cgroup: dont check debug cgroup at container start
Valeriy Vdovin
valeriy.vdovin at virtuozzo.com
Wed Apr 21 18:36:01 MSK 2021
Fixes: 1d668375f702847d11301882cb36ddc750226ed2
A follow up fix for a cherry-picked cset validation code that
runs at container start.
The validation code consists of 2 functions is_virtualized_cgroup
and css_has_host_cgroups. Both check that cgroup_mark_ve_roots
is safe to proceed. In case if container is started with invalid
configuration they will forbit further ve root marking.
The fix is needed due to the new debug cgroup which appeared in
VZ8.
- vzctl doesn't know about debug cgroup and does not create a
subfolder for it.
- The validation code detects it and forces cgroup_mark_ve_roots
to return with -EINVAL.
- debug cgroup is only present kernel debug configuration so it
only plays role in development builds.
- also debug cgroup does not have any value for virtualization.
- That is why we can just skip it's validation and ignore it
totally at VE_ROOT marking procedure.
Signed-off-by: Valeriy Vdovin <valeriy.vdovin at virtuozzo.com>
---
kernel/cgroup/cgroup.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c
index 75447685f258..eeced498b121 100644
--- a/kernel/cgroup/cgroup.c
+++ b/kernel/cgroup/cgroup.c
@@ -1928,6 +1928,10 @@ static int cgroup_add_file(struct cgroup_subsys_state *css, struct cgroup *cgrp,
#ifdef CONFIG_VE
static inline bool is_virtualized_cgroup(struct cgroup *cgrp)
{
+#if IS_ENABLED(CONFIG_CGROUP_DEBUG)
+ if (cgrp->subsys[debug_cgrp_id])
+ return false;
+#endif
if (cgrp->root->subsys_mask)
return true;
--
2.27.0
More information about the Devel
mailing list