[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[libvirt] [PATCH v2 15/17] vircgroupv2: detech BPF program before removing cgroup



This function simply removes program from guest cgroup before we remove
the cgroup.  This is required step because there is a bug [1] in kernel
where the program might not be properly freed if you remove cgroup with
attached program.

[1] <https://bugzilla.redhat.com/show_bug.cgi?id=1656432>

Signed-off-by: Pavel Hrdina <phrdina redhat com>
---
 src/util/vircgroupv2devices.c | 27 ++++++++++++++++++++++++++-
 1 file changed, 26 insertions(+), 1 deletion(-)

diff --git a/src/util/vircgroupv2devices.c b/src/util/vircgroupv2devices.c
index 8bf5100724..a481ba89b7 100644
--- a/src/util/vircgroupv2devices.c
+++ b/src/util/vircgroupv2devices.c
@@ -420,19 +420,44 @@ virCgroupV2DevicesPrepareProg(virCgroupPtr group)
 int
 virCgroupV2DevicesRemoveProg(virCgroupPtr group)
 {
+    int ret = -1;
+    int cgroupfd = -1;
+    VIR_AUTOFREE(char *) path = NULL;
+
     if (virCgroupV2DevicesDetectProg(group) < 0)
         return -1;
 
     if (group->unified.devices.progfd <= 0 && group->unified.devices.mapfd <= 0)
         return 0;
 
+    if (virCgroupPathOfController(group, VIR_CGROUP_CONTROLLER_DEVICES,
+                                  NULL, &path) < 0) {
+        return -1;
+    }
+
+    cgroupfd = open(path, O_RDONLY);
+    if (cgroupfd < 0) {
+        virReportSystemError(errno, _("unable to open '%s'"), path);
+        goto cleanup;
+    }
+
+    if (virBPFDetachProg(group->unified.devices.progfd,
+                         cgroupfd, BPF_CGROUP_DEVICE) < 0) {
+        virReportSystemError(errno, "%s", _("failed to detach cgroup BPF prog"));
+        goto cleanup;
+    }
+
     if (group->unified.devices.mapfd >= 0)
         VIR_FORCE_CLOSE(group->unified.devices.mapfd);
 
     if (group->unified.devices.progfd >= 0)
         VIR_FORCE_CLOSE(group->unified.devices.progfd);
 
-    return 0;
+    ret = 0;
+
+ cleanup:
+    VIR_FORCE_CLOSE(cgroupfd);
+    return ret;
 }
 
 
-- 
2.20.1


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]