During container start there might be a situation when not all cgroup hierarchies get virtualized by container manager (like vzctl). By virtualizing a cgroup hierarchy I mean creation of sub-directory within a particular mounted cgroup. When container starts it looks in css set of it's init process to list all affilated cgroups and perform actions on each. But non-virtualized cgroups will also be present in init's css_set and they should not be touched from inside of any non root ve.
Signed-off-by: Valeriy Vdovin <[email protected]> --- kernel/cgroup.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/kernel/cgroup.c b/kernel/cgroup.c index 68d8d80..b8d69d5 100644 --- a/kernel/cgroup.c +++ b/kernel/cgroup.c @@ -4448,6 +4448,17 @@ int cgroup_mark_ve_roots(struct ve_struct *ve) mutex_lock(&cgroup_mutex); for_each_active_root(root) { cgrp = css_cgroup_from_root(ve->root_css_set, root); + + /* + * In some situations not all cgroup roots are + * virtualized by container manager (vzctl). In that + * case cgrp will point at the actual top cgroup of + * the hierarchy which is private property of host, + * we should not modify it and just skip. + */ + if (cgrp == &root->top_cgroup) + continue; + rcu_assign_pointer(cgrp->ve_owner, ve); set_bit(CGRP_VE_ROOT, &cgrp->flags); @@ -4493,6 +4504,14 @@ void cgroup_unmark_ve_roots(struct ve_struct *ve) mutex_lock(&cgroup_mutex); for_each_active_root(root) { cgrp = css_cgroup_from_root(ve->root_css_set, root); + + /* + * For this line see comments in + * cgroup_mark_ve_roots + */ + if (cgrp == &root->top_cgroup) + continue; + dget(cgrp->dentry); list_add_tail(&cgrp->cft_q_node, &pending); } -- 1.8.3.1 _______________________________________________ Devel mailing list [email protected] https://lists.openvz.org/mailman/listinfo/devel
