cgroup: unavailable controller prevents controller disabling

The cgroup controller filtering in virCgroupDetect does not work properly if the following conditions are met: 1) the host system does not have a cgroup controller which libvirt requests (unavailable controller) and 2) libvirt is configured to disable a controller (disabled controller) and 3) the disabled controller is located before the unavailable controller in virCgroupController. As an example: The memory controller is unavailable and the cpuset controller is configured to be disabled. In this scenario trying to start a domain results in the error error: Controller 'cpuset' is not wanted, but 'memory' is co-mounted: Invalid argument This error occurs when virCgroupDetect is called with a valid parent group. The resulting group created by virCgroupCopyMounts holds for cpuset and memory controller empty mount points. The filtering of disabled controllers checks for co-mounts by comparing the mount points. The cpuset controller causes the filtering to occur before the memory controller is marked as to be ignored by modifying the controller mask since it is unavailable. Therefore the co-mount detection logic compares the cpuset and memory controller mount points and since both are empty the memory controller is regarded erroneously as being co-mounted. Signed-off-by: N Boris Fiuczynski <fiuczy@linux.vnet.ibm.com> Reviewed-by: N Marc Hartmayer <mhartmay@linux.vnet.ibm.com> Reviewed-by: N Bjoern Walk <bwalk@linux.vnet.ibm.com> Signed-off-by: N Michal Privoznik <mprivozn@redhat.com>

cgroup: unavailable controller prevents controller disabling
The cgroup controller filtering in virCgroupDetect does not work properly if the following conditions are met: 1) the host system does not have a cgroup controller which libvirt requests (unavailable controller) and 2) libvirt is configured to disable a controller (disabled controller) and 3) the disabled controller is located before the unavailable controller in virCgroupController. As an example: The memory controller is unavailable and the cpuset controller is configured to be disabled. In this scenario trying to start a domain results in the error error: Controller 'cpuset' is not wanted, but 'memory' is co-mounted: Invalid argument This error occurs when virCgroupDetect is called with a valid parent group. The resulting group created by virCgroupCopyMounts holds for cpuset and memory controller empty mount points. The filtering of disabled controllers checks for co-mounts by comparing the mount points. The cpuset controller causes the filtering to occur before the memory controller is marked as to be ignored by modifying the controller mask since it is unavailable. Therefore the co-mount detection logic compares the cpuset and memory controller mount points and since both are empty the memory controller is regarded erroneously as being co-mounted. Signed-off-by: N Boris Fiuczynski <fiuczy@linux.vnet.ibm.com> Reviewed-by: N Marc Hartmayer <mhartmay@linux.vnet.ibm.com> Reviewed-by: N Bjoern Walk <bwalk@linux.vnet.ibm.com> Signed-off-by: N Michal Privoznik <mprivozn@redhat.com>
dfcfe0bb · Boris Fiuczynski · Michal Privoznik · 9ab36bc2 · dfcfe0bb
隐藏空白更改
内联并排

Showing with 5 addition and 0 deletion

src/util/vircgroup.c src/util/vircgroup.c +5 -0

未找到文件。
--- a/src/util/vircgroup.c
+++ b/src/util/vircgroup.c
@@ -669,6 +669,11 @@ virCgroupDetect(virCgroupPtr group,
                    controllers &= ~(1 << i);
                }
            } else {
+                if (!group->controllers[i].mountPoint) {
+                    /* without controller co-mounting is impossible */
+                    continue;
+                }
+
                /* Check whether a request to disable a controller
                 * clashes with co-mounting of controllers */
                for (j = 0; j < VIR_CGROUP_CONTROLLER_LAST; j++) {