[Devel] [PATCH RH9] cgroup/ve: fix ve_hide_cgroups calling in cgroup_get_tree
Pavel Tikhomirov
ptikhomirov at virtuozzo.com
Sat Mar 5 13:27:30 MSK 2022
Please merge only after https://jira.sw.ru/browse/PSBM-139100 dev-task
is resolved and proper kernel parameter is provided.
On 05.03.2022 13:02, Pavel Tikhomirov wrote:
> Hm, probably we need to do something in userspace before commiting this
> patch, as with it vz9 cgroup mounts look like this:
>
> [root at ptikh-vz9 ~]# cat /proc/self/mountinfo | grep cgroup
>
> 28 22 0:25 / /sys/fs/cgroup rw,nosuid,nodev,noexec,relatime shared:5 -
> cgroup2 cgroup2 rw
>
> So it looks like this error I try to fix had protected us from systemd
> switching to cgroup-v2, hmm.
>
> On 05.03.2022 12:40, Pavel Tikhomirov wrote:
>> Variable ret was used uninitialized in case of !ve_hide_cgroups() and
>> also reference on cgrp_dfl_root.cgrp was leaked in the oposite case.
>>
>> Fixes: 360077892030 ("ve/cgroup: hide non-virtualized cgroups in
>> container")
>> Signed-off-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
>> ---
>> kernel/cgroup/cgroup.c | 9 ++++-----
>> 1 file changed, 4 insertions(+), 5 deletions(-)
>>
>> diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c
>> index be154b5eed77..f0c844087964 100644
>> --- a/kernel/cgroup/cgroup.c
>> +++ b/kernel/cgroup/cgroup.c
>> @@ -2475,15 +2475,14 @@ static int cgroup_get_tree(struct fs_context *fc)
>> struct cgroup_fs_context *ctx = cgroup_fc2context(fc);
>> int ret;
>> + if (ve_hide_cgroups(ctx->root))
>> + return -EPERM;
>> +
>> cgrp_dfl_visible = true;
>> cgroup_get_live(&cgrp_dfl_root.cgrp);
>> ctx->root = &cgrp_dfl_root;
>> - if (ve_hide_cgroups(ctx->root))
>> - ret = -EPERM;
>> -
>> - if (!ret)
>> - ret = cgroup_do_get_tree(fc);
>> + ret = cgroup_do_get_tree(fc);
>> if (!ret)
>> apply_cgroup_root_flags(ctx->flags);
>> return ret;
>
--
Best regards, Tikhomirov Pavel
Software Developer, Virtuozzo.
More information about the Devel
mailing list