[Devel] [PATCH RHEL8 COMMIT] cgroup: Don't check debug cgroup at container start
Konstantin Khorenko
khorenko at virtuozzo.com
Tue Apr 27 13:43:20 MSK 2021
The commit is pushed to "branch-rh8-4.18.0-240.1.1.vz8.5.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh8-4.18.0-240.1.1.vz8.5.21
------>
commit e0830a658b23dacda42c19e0f72067c2ed0ff6b7
Author: Valeriy Vdovin <valeriy.vdovin at virtuozzo.com>
Date: Wed Apr 21 18:55:05 2021 +0300
cgroup: Don't check debug cgroup at container start
A follow up fix for a cherry-picked cset validation code that
runs at container start.
The validation code consists of 2 functions is_virtualized_cgroup
and css_has_host_cgroups. Both check that cgroup_mark_ve_roots
is safe to proceed. In case if container is started with invalid
configuration they will forbit further ve root marking.
The fix is needed due to the new debug cgroup which appeared in
VZ8.
- vzctl doesn't know about debug cgroup and does not create a
subfolder for it.
- The validation code detects it and forces cgroup_mark_ve_roots
to return with -EINVAL.
- debug cgroup is only present kernel debug configuration so it
only plays role in development builds.
- also debug cgroup does not have any value for virtualization.
- That is why we can just skip it's validation and ignore it
totally at VE_ROOT marking procedure.
Signed-off-by: Valeriy Vdovin <valeriy.vdovin at virtuozzo.com>
---
kernel/cgroup/cgroup.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c
index b02c88063a27..e7c8cafb9c4c 100644
--- a/kernel/cgroup/cgroup.c
+++ b/kernel/cgroup/cgroup.c
@@ -1934,6 +1934,10 @@ static inline bool is_virtualized_cgroup(struct cgroup *cgrp)
if (!cgrp->kn->parent)
return false;
+#if IS_ENABLED(CONFIG_CGROUP_DEBUG)
+ if (cgrp->subsys[debug_cgrp_id])
+ return false;
+#endif
if (cgrp->root->subsys_mask)
return true;
More information about the Devel
mailing list