[libvirt] [PATCH v2 15/17] vircgroupv2: detech BPF program before removing cgroup
This function simply removes program from guest cgroup before we remove
the cgroup. This is required step because there is a bug [1] in kernel
where the program might not be properly freed if you remove cgroup with
attached program.
[1] <https://bugzilla.redhat.com/show_bug.cgi?id=1656432>
Signed-off-by: Pavel Hrdina <phrdina(a)redhat.com>
---
src/util/vircgroupv2devices.c | 27 ++++++++++++++++++++++++++-
1 file changed, 26 insertions(+), 1 deletion(-)
diff --git a/src/util/vircgroupv2devices.c b/src/util/vircgroupv2devices.c
index 8bf5100724..a481ba89b7 100644
--- a/src/util/vircgroupv2devices.c
+++ b/src/util/vircgroupv2devices.c
@@ -420,19 +420,44 @@ virCgroupV2DevicesPrepareProg(virCgroupPtr group)
int
virCgroupV2DevicesRemoveProg(virCgroupPtr group)
{
+ int ret = -1;
+ int cgroupfd = -1;
+ VIR_AUTOFREE(char *) path = NULL;
+
if (virCgroupV2DevicesDetectProg(group) < 0)
return -1;
if (group->unified.devices.progfd <= 0 &&
group->unified.devices.mapfd <= 0)
return 0;
+ if (virCgroupPathOfController(group, VIR_CGROUP_CONTROLLER_DEVICES,
+ NULL, &path) < 0) {
+ return -1;
+ }
+
+ cgroupfd = open(path, O_RDONLY);
+ if (cgroupfd < 0) {
+ virReportSystemError(errno, _("unable to open '%s'"), path);
+ goto cleanup;
+ }
+
+ if (virBPFDetachProg(group->unified.devices.progfd,
+ cgroupfd, BPF_CGROUP_DEVICE) < 0) {
+ virReportSystemError(errno, "%s", _("failed to detach cgroup BPF
prog"));
+ goto cleanup;
+ }
+
if (group->unified.devices.mapfd >= 0)
VIR_FORCE_CLOSE(group->unified.devices.mapfd);
if (group->unified.devices.progfd >= 0)
VIR_FORCE_CLOSE(group->unified.devices.progfd);
- return 0;
+ ret = 0;
+
+ cleanup:
+ VIR_FORCE_CLOSE(cgroupfd);
+ return ret;
}
--
2.20.1