[Devel] [PATCH RHEL8 COMMIT] ve/cgroup: Skip non-virtualized roots in cgroup_{, un}mark_ve_roots()

Konstantin Khorenko khorenko at virtuozzo.com
Wed Mar 3 20:21:15 MSK 2021 

The commit is pushed to "branch-rh8-4.18.0-240.1.1.vz8.5.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh8-4.18.0-240.1.1.vz8.5.5
------>
commit 83484f463ac8550ceb385779f4f61d0f256c2acd
Author: Valeriy Vdovin <valeriy.vdovin at virtuozzo.com>
Date:   Wed Mar 3 20:21:15 2021 +0300

    ve/cgroup: Skip non-virtualized roots in cgroup_{,un}mark_ve_roots()
    
    During container start there might be a situation when not all cgroup
    hierarchies get virtualized by container manager (like vzctl). By
    virtualizing a cgroup hierarchy I mean creation of sub-directory within
    a particular mounted cgroup. When container starts it looks in css set
    of it's init process to list all affilated cgroups and perform actions
    on each. But non-virtualized cgroups will also be present in init's css_set
    and they should not be touched from inside of any non root ve.
    
    Signed-off-by: Valeriy Vdovin <valeriy.vdovin at virtuozzo.com>
    Reviewed-by: Kirill Tkhai <ktkhai at virtuozzo.com>
    
    =====================
    Patchset description:
    
    ve/cgroup: Port release_agent virtualization from vz7
    
    This patchset ports virtualization of cgroup release_agent
    virtualization from vz7.
    
    Major challanges of porting are differences between vz7 and vz8 cgroup
    implementations:
    - transition of cgroups to kernfs
    - slightly changed locking scheme, which relies on css_set_lock in
      places, previously relied on cgroup_mutex.
    
    There is a small number of patches that have been ported without
    modifications, but most of the patches had suffered a lot of
    modification due to the factors described above.
    
    v1:
      - original patchset
    v2:
      - removed port of CGRP_REMOVED due to the use of CSS_ONLINE in VZ8 for
        same reason
      - changed ve_set(get)_release_agent_path signature for more optimal
      - added ve->is_running check before calling userspace executable
    v3:
      - use goto after check for ve->is_running in last patch
---
 kernel/cgroup/cgroup.c | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c
index 8aea78f07b5b..75997b503d3c 100644
--- a/kernel/cgroup/cgroup.c
+++ b/kernel/cgroup/cgroup.c
@@ -1927,6 +1927,23 @@ static int cgroup_add_file(struct cgroup_subsys_state *css, struct cgroup *cgrp,
 			   struct cftype *cft, bool activate);
 
 #ifdef CONFIG_VE
+static inline bool is_virtualized_cgroup(struct cgroup *cgrp)
+{
+	/*
+	 * no parent means this is the host cgroup
+	 */
+	if (!cgrp->kn->parent)
+		return false;
+
+	if (cgrp->root->subsys_mask)
+		return true;
+
+	if (!strcmp(cgrp->root->name, "systemd"))
+		return true;
+
+	return false;
+}
+
 int cgroup_mark_ve_roots(struct ve_struct *ve)
 {
 	int err;

More information about the Devel mailing list