[Devel] [PATCH vz10] cgroup-v2: Validate controllers are enabled before hide/show
Pavel Tikhomirov
ptikhomirov at virtuozzo.com
Fri Dec 12 16:43:39 MSK 2025
I intentionally made this interface independent from cgroup_ss_mask, this way you can hide controller "in advance", even before enabling it. I.e. ve controller is hidden by default and when it is enabled on some cgroup, css is created but files are not populated.
On 12/12/25 21:35, Konstantin Khorenko wrote:
> Add validation to check that controllers are enabled in cgroup_ss_mask
> before attempting to hide or show them. This prevents silent no-op
> operations and returns -ENOENT error, consistent with the validation
> logic in cgroup_subtree_control_write().
>
> https://virtuozzo.atlassian.net/browse/VSTOR-119803
> Signed-off-by: Konstantin Khorenko <khorenko at virtuozzo.com>
> ---
> kernel/cgroup/cgroup.c | 10 ++++++++++
> 1 file changed, 10 insertions(+)
>
> diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c
> index f99f1672bde8c..5ab96088eee31 100644
> --- a/kernel/cgroup/cgroup.c
> +++ b/kernel/cgroup/cgroup.c
> @@ -4003,11 +4003,21 @@ static ssize_t cgroup_controllers_hidden_write(struct kernfs_open_file *of,
> hide &= ~(1 << ssid);
> continue;
> }
> + /* Validate that controller is enabled in this cgroup */
> + if (!(cgroup_ss_mask(cgrp) & (1 << ssid))) {
> + ret = -ENOENT;
> + goto out_unlock;
> + }
> } else if (show & (1 << ssid)) {
> if (!(cgrp->hidden_ss_mask & (1 << ssid))) {
> show &= ~(1 << ssid);
> continue;
> }
> + /* Validate that controller is enabled in this cgroup */
> + if (!(cgroup_ss_mask(cgrp) & (1 << ssid))) {
> + ret = -ENOENT;
> + goto out_unlock;
> + }
> }
> }
>
--
Best regards, Pavel Tikhomirov
Senior Software Developer, Virtuozzo.
More information about the Devel
mailing list