We've re-implemented the restrictions to join ve cgroup to ve namespace path, in previous patches, so now we remove the restrictions from cgroup join path. Now anyone can join ve cgroup at any moment without any repercussions.
We need this to be able to make ve cgroup working with intermediate cgroups in cgroup-v2 hierarchy. https://virtuozzo.atlassian.net/browse/VSTOR-119941 Signed-off-by: Pavel Tikhomirov <[email protected]> Feature: ve: ve generic structures --- kernel/ve/ve.c | 71 -------------------------------------------------- 1 file changed, 71 deletions(-) diff --git a/kernel/ve/ve.c b/kernel/ve/ve.c index 61448af310c7..718d7811b629 100644 --- a/kernel/ve/ve.c +++ b/kernel/ve/ve.c @@ -1101,76 +1101,6 @@ static void ve_destroy(struct cgroup_subsys_state *css) kmem_cache_free(ve_cachep, ve); } -static bool ve_task_can_attach(struct cgroup_taskset *tset) -{ - struct cgroup_subsys_state *css; - struct task_struct *task; - - task = cgroup_taskset_first(tset, &css); - if (task != current) - pr_err_ratelimited("ve_cgroup: Add task_work-based interface for attaching!!!\n"); - - if (cgroup_taskset_next(tset, &css) != NULL) { - pr_err_ratelimited("ve_cgroup: attach of a thread group is not supported\n"); - return false; - } - if (!thread_group_leader(task)) { - pr_err_ratelimited("ve_cgroup: only thread group leader is allowed to attach\n"); - return false; - } - if (!thread_group_empty(task)) { - pr_err_ratelimited("ve_cgroup: only single-threaded process is allowed to attach\n"); - return false; - } - return true; -} - -static int ve_is_attachable(struct cgroup_taskset *tset) -{ - struct cgroup_subsys_state *css; - struct task_struct *task; - struct ve_struct *ve; - - task = cgroup_taskset_first(tset, &css); - ve = css_to_ve(css); - - if (VE_IS_RUNNING(ve)) - return 0; - - if (!ve->veid) { - pr_err_ratelimited("ve_cgroup: container's veid is not set\n"); - return -EINVAL; - } - - if (task->flags & PF_KTHREAD) { - /* Paranoia check: allow to attach kthread only, if cgroup is - * not empty. - * This check is required for kthreadd, which is created on CT - * start. - */ - if (cgroup_is_populated(css->cgroup)) - return 0; - pr_err_ratelimited("ve_cgroup: can't attach kthread - empty group\n"); - } else { - /* In case of generic task only one is allowed to enter to - * non-running container: init. - */ - if (!cgroup_is_populated(css->cgroup)) - return 0; - pr_err_ratelimited("ve_cgroup: can't attach more than 1 task to " - "non-running container\n"); - } - return -EINVAL; -} - -static int ve_can_attach(struct cgroup_taskset *tset) -{ - if (!ve_task_can_attach(tset)) - return -EINVAL; - - return ve_is_attachable(tset); -} - static int ve_state_show(struct seq_file *sf, void *v) { struct cgroup_subsys_state *css = seq_css(sf); @@ -1876,7 +1806,6 @@ struct cgroup_subsys ve_cgrp_subsys = { .css_online = ve_online, .css_offline = ve_offline, .css_free = ve_destroy, - .can_attach = ve_can_attach, .legacy_cftypes = ve_cftypes, .dfl_cftypes = ve_cftypes, }; -- 2.52.0 _______________________________________________ Devel mailing list [email protected] https://lists.openvz.org/mailman/listinfo/devel
