This function simply removes program from guest cgroup before we remove the cgroup. This is required step because there is a bug [1] in kernel where the program might not be properly freed if you remove cgroup with attached program. [1] <https://bugzilla.redhat.com/show_bug.cgi?id=1656432> Signed-off-by: Pavel Hrdina <phrdina@xxxxxxxxxx> --- src/util/vircgroupv2.c | 27 ++++++++++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) diff --git a/src/util/vircgroupv2.c b/src/util/vircgroupv2.c index e28703df89..0a4aa15d0b 100644 --- a/src/util/vircgroupv2.c +++ b/src/util/vircgroupv2.c @@ -1954,19 +1954,44 @@ virCgroupV2DevicePrepareProg(virCgroupPtr group) static int virCgroupV2DeviceRemoveProg(virCgroupPtr group) { + int ret = -1; + int cgroupfd = -1; + VIR_AUTOFREE(char *) path = NULL; + if (virCgroupV2DeviceDetectProg(group) < 0) return -1; if (group->unified.devices.progfd <= 0 && group->unified.devices.mapfd <= 0) return 0; + if (virCgroupV2PathOfController(group, VIR_CGROUP_CONTROLLER_DEVICES, + NULL, &path) < 0) { + return -1; + } + + cgroupfd = open(path, O_RDONLY); + if (cgroupfd < 0) { + virReportSystemError(errno, _("unable to open '%s'"), path); + goto cleanup; + } + + if (virBPFDetachProg(group->unified.devices.progfd, + cgroupfd, BPF_CGROUP_DEVICE) < 0) { + virReportSystemError(errno, "%s", _("failed to detach cgroup BPF prog")); + goto cleanup; + } + if (group->unified.devices.mapfd >= 0) VIR_FORCE_CLOSE(group->unified.devices.mapfd); if (group->unified.devices.progfd >= 0) VIR_FORCE_CLOSE(group->unified.devices.progfd); - return 0; + ret = 0; + + cleanup: + VIR_FORCE_CLOSE(cgroupfd); + return ret; } -- 2.20.1 -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
