[libvirt] [PATCH 0/2] cgroups v2 fixes
Pavel Hrdina (2): Revert "util: vircgroup: pass parent cgroup into virCgroupDetectControllersCB" util: vircgroupv2: stop enabling missing controllers with systemd src/util/vircgroup.c | 4 ++-- src/util/vircgroupbackend.h | 6 ++++-- src/util/vircgroupv1.c | 3 +-- src/util/vircgroupv2.c | 22 +++++++++++----------- 4 files changed, 18 insertions(+), 17 deletions(-) -- 2.21.0
This reverts commit 7bca1c9bdc85247446129f856e27c80a32819e17. As it turns out it's not a good idea on systemd hosts. The root cgroup can have all controllers enabled but they don't have to be enabled for sub-cgroups. Signed-off-by: Pavel Hrdina <phrdina@redhat.com> --- src/util/vircgroup.c | 2 +- src/util/vircgroupbackend.h | 3 +-- src/util/vircgroupv1.c | 3 +-- src/util/vircgroupv2.c | 17 ++++++----------- 4 files changed, 9 insertions(+), 16 deletions(-) diff --git a/src/util/vircgroup.c b/src/util/vircgroup.c index da506fc0b0..e4675a0977 100644 --- a/src/util/vircgroup.c +++ b/src/util/vircgroup.c @@ -407,7 +407,7 @@ virCgroupDetect(virCgroupPtr group, for (i = 0; i < VIR_CGROUP_BACKEND_TYPE_LAST; i++) { if (group->backends[i]) { - int rc = group->backends[i]->detectControllers(group, controllers, parent); + int rc = group->backends[i]->detectControllers(group, controllers); if (rc < 0) return -1; controllersAvailable |= rc; diff --git a/src/util/vircgroupbackend.h b/src/util/vircgroupbackend.h index 1fe0851184..e58e327c68 100644 --- a/src/util/vircgroupbackend.h +++ b/src/util/vircgroupbackend.h @@ -95,8 +95,7 @@ typedef char * typedef int (*virCgroupDetectControllersCB)(virCgroupPtr group, - int controllers, - virCgroupPtr parent); + int controllers); typedef bool (*virCgroupHasControllerCB)(virCgroupPtr cgroup, diff --git a/src/util/vircgroupv1.c b/src/util/vircgroupv1.c index 4231d8d6fa..7968ab3cf0 100644 --- a/src/util/vircgroupv1.c +++ b/src/util/vircgroupv1.c @@ -420,8 +420,7 @@ virCgroupV1StealPlacement(virCgroupPtr group) static int virCgroupV1DetectControllers(virCgroupPtr group, - int controllers, - virCgroupPtr parent ATTRIBUTE_UNUSED) + int controllers) { size_t i; size_t j; diff --git a/src/util/vircgroupv2.c b/src/util/vircgroupv2.c index 502afb0b56..b3297dbb13 100644 --- a/src/util/vircgroupv2.c +++ b/src/util/vircgroupv2.c @@ -286,21 +286,16 @@ virCgroupV2ParseControllersFile(virCgroupPtr group) static int virCgroupV2DetectControllers(virCgroupPtr group, - int controllers, - virCgroupPtr parent) + int controllers) { size_t i; - if (parent) { - group->unified.controllers = parent->unified.controllers; - } else { - if (virCgroupV2ParseControllersFile(group) < 0) - return -1; + if (virCgroupV2ParseControllersFile(group) < 0) + return -1; - /* In cgroup v2 there is no cpuacct controller, the cpu.stat file always - * exists with usage stats. */ - group->unified.controllers |= 1 << VIR_CGROUP_CONTROLLER_CPUACCT; - } + /* In cgroup v2 there is no cpuacct controller, the cpu.stat file always + * exists with usage stats. */ + group->unified.controllers |= 1 << VIR_CGROUP_CONTROLLER_CPUACCT; if (controllers >= 0) group->unified.controllers &= controllers; -- 2.21.0
Because of a systemd delegation policy [1] we should not write to any cgroups files owned by systemd which in case of cgroups v2 includes 'cgroups.subtree_control'. systemd will enable controllers automatically for us to have them available for VM cgroups. [1] <https://github.com/systemd/systemd/blob/master/docs/CGROUP_DELEGATION.md> Signed-off-by: Pavel Hrdina <phrdina@redhat.com> --- src/util/vircgroup.c | 2 +- src/util/vircgroupbackend.h | 3 +++ src/util/vircgroupv2.c | 5 +++++ 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/src/util/vircgroup.c b/src/util/vircgroup.c index e4675a0977..268e4013e3 100644 --- a/src/util/vircgroup.c +++ b/src/util/vircgroup.c @@ -1082,7 +1082,7 @@ virCgroupEnableMissingControllers(char *path, &tmp) < 0) goto cleanup; - if (virCgroupMakeGroup(parent, tmp, true, VIR_CGROUP_NONE) < 0) { + if (virCgroupMakeGroup(parent, tmp, true, VIR_CGROUP_SYSTEMD) < 0) { virCgroupFree(&tmp); goto cleanup; } diff --git a/src/util/vircgroupbackend.h b/src/util/vircgroupbackend.h index e58e327c68..a91719f89d 100644 --- a/src/util/vircgroupbackend.h +++ b/src/util/vircgroupbackend.h @@ -34,6 +34,9 @@ typedef enum { * attaching tasks */ VIR_CGROUP_THREAD = 1 << 1, /* cgroup v2 handles threads differently */ + VIR_CGROUP_SYSTEMD = 1 << 2, /* with systemd and cgroups v2 we cannot + * manually enable controllers that systemd + * doesn't know how to delegate */ } virCgroupBackendFlags; typedef enum { diff --git a/src/util/vircgroupv2.c b/src/util/vircgroupv2.c index b3297dbb13..9d8a38925a 100644 --- a/src/util/vircgroupv2.c +++ b/src/util/vircgroupv2.c @@ -395,6 +395,11 @@ virCgroupV2MakeGroup(virCgroupPtr parent ATTRIBUTE_UNUSED, VIR_AUTOFREE(char *) path = NULL; int controller; + if (flags & VIR_CGROUP_SYSTEMD) { + VIR_DEBUG("Running with systemd so we should not create cgroups ourselves."); + return 0; + } + VIR_DEBUG("Make group %s", group->path); controller = virCgroupV2GetAnyController(group); -- 2.21.0
On Thu, Jun 27, 2019 at 04:18:45PM +0200, Pavel Hrdina wrote:
Pavel Hrdina (2): Revert "util: vircgroup: pass parent cgroup into virCgroupDetectControllersCB" util: vircgroupv2: stop enabling missing controllers with systemd
src/util/vircgroup.c | 4 ++-- src/util/vircgroupbackend.h | 6 ++++-- src/util/vircgroupv1.c | 3 +-- src/util/vircgroupv2.c | 22 +++++++++++----------- 4 files changed, 18 insertions(+), 17 deletions(-)
Reviewed-by: Ján Tomko <jtomko@redhat.com> Jano
participants (2)
-
Ján Tomko -
Pavel Hrdina