[Devel] [PATCH RH8 v2] ve/cgroup: hide ve and ub cgroups in CT
Pavel Tikhomirov
ptikhomirov at virtuozzo.com
Mon Apr 26 14:45:52 MSK 2021
Code looks good, though can you please fix commit message and
description, we don't have "ub"/"beancounter" in code, so let's remove
it from general part of comments.
Though we should still be able to find the original patch if needed so
please copy original commit message somewhere in "Rebased to..." part.
On 4/26/21 1:26 PM, Andrey Zhadchenko wrote:
> From: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
>
> Reasons:
> 1) We don't need to show these cgroups in CT, they are vz specific,
> and nobody should use them inside.
> 2) Docker from v17.11 checks that all cgroups are mounted, but we
> don't mount beancounter and ve, thus docker fails.
>
> Still show ve and ub for pseudosuper, so that these change does not
> influence criu. I checked that with these patch c/r of container works
> fine and values in ve cgroup files persist.
>
> Docker ct starts fine after these change.
>
> https://jira.sw.ru/browse/PSBM-80421
>
> Signed-off-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
> Reviewed-by: Cyrill Gorcunov <gorcunov at openvz.org>
>
> Rebased to vz8:
> - Made ve_hide_cgroups non-static and added declaration to linux/cgroup.h
> because it is used in proc_cgroupstats_show which now belongs to cgroup-v1.c
> - Deleted beancounter
> - Added #ifdef CONFIG_VE
>
> (cherry picked from d1580bf6a02ab7d2bedf4b6ecd506a2c6a44d59e)
> Signed-off-by: Andrey Zhadchenko <andrey.zhadchenko at virtuozzo.com>
> ---
> include/linux/cgroup.h | 4 ++++
> kernel/cgroup/cgroup-v1.c | 8 +++++++-
> kernel/cgroup/cgroup.c | 20 ++++++++++++++++++++
> 3 files changed, 31 insertions(+), 1 deletion(-)
>
> diff --git a/include/linux/cgroup.h b/include/linux/cgroup.h
> index 42ce2ec..45da7be 100644
> --- a/include/linux/cgroup.h
> +++ b/include/linux/cgroup.h
> @@ -962,4 +962,8 @@ static inline void cgroup_bpf_put(struct cgroup *cgrp) {}
>
> #endif /* CONFIG_CGROUP_BPF */
>
> +#ifdef CONFIG_VE
> +int ve_hide_cgroups(struct cgroup_root *root);
> +#endif
> +
> #endif /* _LINUX_CGROUP_H */
> diff --git a/kernel/cgroup/cgroup-v1.c b/kernel/cgroup/cgroup-v1.c
> index cd1a0df..0876f54 100644
> --- a/kernel/cgroup/cgroup-v1.c
> +++ b/kernel/cgroup/cgroup-v1.c
> @@ -745,11 +745,17 @@ int proc_cgroupstats_show(struct seq_file *m, void *v)
> */
> mutex_lock(&cgroup_mutex);
>
> - for_each_subsys(ss, i)
> + for_each_subsys(ss, i) {
> +#ifdef CONFIG_VE
> + if (ve_hide_cgroups(ss->root))
> + continue;
> +#endif
> +
> seq_printf(m, "%s\t%d\t%d\t%d\n",
> ss->legacy_name, ss->root->hierarchy_id,
> _cg_virtualized(atomic_read(&ss->root->nr_cgrps)),
> cgroup_ssid_enabled(i));
> + }
>
> mutex_unlock(&cgroup_mutex);
> return 0;
> diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c
> index 779a71b..6cdb19c 100644
> --- a/kernel/cgroup/cgroup.c
> +++ b/kernel/cgroup/cgroup.c
> @@ -5984,6 +5984,21 @@ void cgroup_path_from_kernfs_id(const union kernfs_node_id *id,
> kernfs_put(kn);
> }
>
> +#ifdef CONFIG_VE
> +int ve_hide_cgroups(struct cgroup_root *root)
> +{
> + struct ve_struct *ve = get_exec_env();
> + unsigned long hidden_mask = (1UL << ve_cgrp_id);
> +
> + /*
> + * Hide ve cgroup in CT for docker,
> + * still showing it to pseudosuper (criu)
> + */
> + return !ve_is_super(ve) && !ve->is_pseudosuper
> + && (root->subsys_mask & hidden_mask);
> +}
> +#endif
> +
> /*
> * proc_cgroup_show()
> * - Print task's cgroup paths into seq_file, one line for each hierarchy
> @@ -6012,6 +6027,11 @@ int proc_cgroup_show(struct seq_file *m, struct pid_namespace *ns,
> if (root == &cgrp_dfl_root && !cgrp_dfl_visible)
> continue;
>
> +#ifdef CONFIG_VE
> + if (ve_hide_cgroups(root))
> + continue;
> +#endif
> +
> seq_printf(m, "%d:", root->hierarchy_id);
> if (root != &cgrp_dfl_root)
> for_each_subsys(ss, ssid)
>
--
Best regards, Tikhomirov Pavel
Software Developer, Virtuozzo.
More information about the Devel
mailing list