[libvirt] [PATCH 17/19] vircgroupv2: detech BPF program before removing cgroup
This function simply removes program from guest cgroup before we remove
the cgroup. This is required step because there is a bug [1] in kernel
where the program might not be properly freed if you remove cgroup with
attached program.
[1] <https://bugzilla.redhat.com/show_bug.cgi?id=1656432>
Signed-off-by: Pavel Hrdina <phrdina(a)redhat.com>
---
src/util/vircgroupv2.c | 27 ++++++++++++++++++++++++++-
1 file changed, 26 insertions(+), 1 deletion(-)
diff --git a/src/util/vircgroupv2.c b/src/util/vircgroupv2.c
index e28703df89..0a4aa15d0b 100644
--- a/src/util/vircgroupv2.c
+++ b/src/util/vircgroupv2.c
@@ -1954,19 +1954,44 @@ virCgroupV2DevicePrepareProg(virCgroupPtr group)
static int
virCgroupV2DeviceRemoveProg(virCgroupPtr group)
{
+ int ret = -1;
+ int cgroupfd = -1;
+ VIR_AUTOFREE(char *) path = NULL;
+
if (virCgroupV2DeviceDetectProg(group) < 0)
return -1;
if (group->unified.devices.progfd <= 0 &&
group->unified.devices.mapfd <= 0)
return 0;
+ if (virCgroupV2PathOfController(group, VIR_CGROUP_CONTROLLER_DEVICES,
+ NULL, &path) < 0) {
+ return -1;
+ }
+
+ cgroupfd = open(path, O_RDONLY);
+ if (cgroupfd < 0) {
+ virReportSystemError(errno, _("unable to open '%s'"), path);
+ goto cleanup;
+ }
+
+ if (virBPFDetachProg(group->unified.devices.progfd,
+ cgroupfd, BPF_CGROUP_DEVICE) < 0) {
+ virReportSystemError(errno, "%s", _("failed to detach cgroup BPF
prog"));
+ goto cleanup;
+ }
+
if (group->unified.devices.mapfd >= 0)
VIR_FORCE_CLOSE(group->unified.devices.mapfd);
if (group->unified.devices.progfd >= 0)
VIR_FORCE_CLOSE(group->unified.devices.progfd);
- return 0;
+ ret = 0;
+
+ cleanup:
+ VIR_FORCE_CLOSE(cgroupfd);
+ return ret;
}
--
2.20.1