From nobody Thu Apr 25 06:08:16 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1499353428340908.2352607060332; Thu, 6 Jul 2017 08:03:48 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 673D47F419; Thu, 6 Jul 2017 15:03:39 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 34FEF7090B; Thu, 6 Jul 2017 15:03:39 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 1B8B31804753; Thu, 6 Jul 2017 15:03:38 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id v66F3bRd032552 for ; Thu, 6 Jul 2017 11:03:37 -0400 Received: by smtp.corp.redhat.com (Postfix) id 202AF77FF0; Thu, 6 Jul 2017 15:03:37 +0000 (UTC) Received: from server0.mad.redhat.com (unknown [10.32.170.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id E13B87800A; Thu, 6 Jul 2017 15:03:33 +0000 (UTC) Received: by server0.mad.redhat.com (Postfix, from userid 1000) id 6C71F100680; Thu, 6 Jul 2017 17:03:32 +0200 (CEST) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 673D47F419 Authentication-Results: ext-mx01.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx01.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=libvir-list-bounces@redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 673D47F419 From: Juan Hernandez To: libvir-list@redhat.com Date: Thu, 6 Jul 2017 17:03:31 +0200 Message-Id: <20170706150331.27644-1-jhernand@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-loop: libvir-list@redhat.com Cc: Juan Hernandez Subject: [libvirt] [PATCH] Avoid hidden cgroup mount points X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Thu, 06 Jul 2017 15:03:40 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Currently the scan of the /proc/mounts file used to find cgroup mount points doesn't take into account that mount points may hidden by other mount points. For, example in certain Kubernetes environments the /proc/mounts contains the following lines: cgroup /sys/fs/cgroup/net_prio,net_cls cgroup ... tmpfs /sys/fs/cgroup tmpfs ... cgroup /sys/fs/cgroup/net_cls,net_prio cgroup ... In this particular environment the first mount point is hidden by the second one. The correct mount point is the third one, but libvirt will never process it because it only checks the first mount point for each controller (net_cls in this case). So libvirt will try to use the first mount point, which doesn't actually exist, and the complete detection process will fail. To avoid that issue this patch changes the virCgroupDetectMountsFromFile function so that when there are duplicates it takes the information from the last line in /proc/mounts. This requires removing the previous explicit condition to skip duplicates, and adding code to free the memory used by the processing of duplicated lines. Related-To: https://bugzilla.redhat.com/1468214 Related-To: https://github.com/kubevirt/libvirt/issues/4 Signed-off-by: Juan Hernandez --- src/util/vircgroup.c | 23 ++++++++++++++--------- tests/vircgroupdata/kubevirt.mounts | 36 +++++++++++++++++++++++++++++++++= +++ tests/vircgroupdata/kubevirt.parsed | 10 ++++++++++ tests/vircgrouptest.c | 1 + 4 files changed, 61 insertions(+), 9 deletions(-) create mode 100644 tests/vircgroupdata/kubevirt.mounts create mode 100644 tests/vircgroupdata/kubevirt.parsed diff --git a/src/util/vircgroup.c b/src/util/vircgroup.c index 5aa1db5..41d90e7 100644 --- a/src/util/vircgroup.c +++ b/src/util/vircgroup.c @@ -397,6 +397,7 @@ virCgroupDetectMountsFromFile(virCgroupPtr group, const char *typestr =3D virCgroupControllerTypeToString(i); int typelen =3D strlen(typestr); char *tmp =3D entry.mnt_opts; + struct virCgroupController *controller =3D &group->controllers= [i]; while (tmp) { char *next =3D strchr(tmp, ','); int len; @@ -406,18 +407,21 @@ virCgroupDetectMountsFromFile(virCgroupPtr group, } else { len =3D strlen(tmp); } - /* NB, the same controller can appear >1 time in mount list - * due to bind mounts from one location to another. Pick t= he - * first entry only - */ - if (typelen =3D=3D len && STREQLEN(typestr, tmp, len) && - !group->controllers[i].mountPoint) { + + if (typelen =3D=3D len && STREQLEN(typestr, tmp, len)) { char *linksrc; struct stat sb; char *tmp2; =20 - if (VIR_STRDUP(group->controllers[i].mountPoint, - entry.mnt_dir) < 0) + /* Note that the lines in /proc/mounts have the same + * order than the mount operations, and that there may + * be duplicates due to bind mounts. This means + * that the same mount point may be processed more than + * once. We need to save the results of the last one, + * and we need to be careful to release the memory used + * by previous processing. */ + VIR_FREE(controller->mountPoint); + if (VIR_STRDUP(controller->mountPoint, entry.mnt_dir) = < 0) goto error; =20 tmp2 =3D strrchr(entry.mnt_dir, '/'); @@ -453,7 +457,8 @@ virCgroupDetectMountsFromFile(virCgroupPtr group, VIR_WARN("Expecting a symlink at %s for co= ntroller %s", linksrc, typestr); } else { - group->controllers[i].linkPoint =3D linksr= c; + VIR_FREE(controller->linkPoint); + controller->linkPoint =3D linksrc; } } } diff --git a/tests/vircgroupdata/kubevirt.mounts b/tests/vircgroupdata/kube= virt.mounts new file mode 100644 index 0000000..b0d31bb --- /dev/null +++ b/tests/vircgroupdata/kubevirt.mounts @@ -0,0 +1,36 @@ +tmpfs /sys/fs/cgroup tmpfs rw,nosuid,nodev,noexec,relatime,mode=3D755 0 0 +cgroup /sys/fs/cgroup/systemd cgroup rw,nosuid,nodev,noexec,relatime,xattr= ,release_agent=3D/usr/lib/systemd/systemd-cgroups-agent,name=3Dsystemd 0 0 +cgroup /sys/fs/cgroup/cpuacct,cpu cgroup rw,nosuid,nodev,noexec,relatime,c= puacct,cpu 0 0 +cgroup /sys/fs/cgroup/pids cgroup rw,nosuid,nodev,noexec,relatime,pids 0 0 +cgroup /sys/fs/cgroup/blkio cgroup rw,nosuid,nodev,noexec,relatime,blkio 0= 0 +cgroup /sys/fs/cgroup/cpuset cgroup rw,nosuid,nodev,noexec,relatime,cpuset= 0 0 +cgroup /sys/fs/cgroup/memory cgroup rw,nosuid,nodev,noexec,relatime,memory= 0 0 +cgroup /sys/fs/cgroup/hugetlb cgroup rw,nosuid,nodev,noexec,relatime,huget= lb 0 0 +cgroup /sys/fs/cgroup/devices cgroup rw,nosuid,nodev,noexec,relatime,devic= es 0 0 +cgroup /sys/fs/cgroup/freezer cgroup rw,nosuid,nodev,noexec,relatime,freez= er 0 0 +cgroup /sys/fs/cgroup/perf_event cgroup rw,nosuid,nodev,noexec,relatime,pe= rf_event 0 0 +cgroup /sys/fs/cgroup/net_prio,net_cls cgroup rw,nosuid,nodev,noexec,relat= ime,net_prio,net_cls 0 0 +tmpfs /host-sys/fs/cgroup tmpfs ro,nosuid,nodev,noexec,relatime,mode=3D755= 0 0 +cgroup /host-sys/fs/cgroup/systemd cgroup rw,nosuid,nodev,noexec,relatime,= xattr,release_agent=3D/usr/lib/systemd/systemd-cgroups-agent,name=3Dsystemd= 0 0 +cgroup /host-sys/fs/cgroup/cpu,cpuacct cgroup rw,nosuid,nodev,noexec,relat= ime,cpuacct,cpu 0 0 +cgroup /host-sys/fs/cgroup/pids cgroup rw,nosuid,nodev,noexec,relatime,pid= s 0 0 +cgroup /host-sys/fs/cgroup/blkio cgroup rw,nosuid,nodev,noexec,relatime,bl= kio 0 0 +cgroup /host-sys/fs/cgroup/cpuset cgroup rw,nosuid,nodev,noexec,relatime,c= puset 0 0 +cgroup /host-sys/fs/cgroup/memory cgroup rw,nosuid,nodev,noexec,relatime,m= emory 0 0 +cgroup /host-sys/fs/cgroup/hugetlb cgroup rw,nosuid,nodev,noexec,relatime,= hugetlb 0 0 +cgroup /host-sys/fs/cgroup/devices cgroup rw,nosuid,nodev,noexec,relatime,= devices 0 0 +cgroup /host-sys/fs/cgroup/freezer cgroup rw,nosuid,nodev,noexec,relatime,= freezer 0 0 +cgroup /host-sys/fs/cgroup/perf_event cgroup rw,nosuid,nodev,noexec,relati= me,perf_event 0 0 +cgroup /host-sys/fs/cgroup/net_cls,net_prio cgroup rw,nosuid,nodev,noexec,= relatime,net_prio,net_cls 0 0 +tmpfs /sys/fs/cgroup tmpfs ro,nosuid,nodev,noexec,relatime,mode=3D755 0 0 +cgroup /sys/fs/cgroup/systemd cgroup rw,nosuid,nodev,noexec,relatime,xattr= ,release_agent=3D/usr/lib/systemd/systemd-cgroups-agent,name=3Dsystemd 0 0 +cgroup /sys/fs/cgroup/cpu,cpuacct cgroup rw,nosuid,nodev,noexec,relatime,c= puacct,cpu 0 0 +cgroup /sys/fs/cgroup/pids cgroup rw,nosuid,nodev,noexec,relatime,pids 0 0 +cgroup /sys/fs/cgroup/blkio cgroup rw,nosuid,nodev,noexec,relatime,blkio 0= 0 +cgroup /sys/fs/cgroup/cpuset cgroup rw,nosuid,nodev,noexec,relatime,cpuset= 0 0 +cgroup /sys/fs/cgroup/memory cgroup rw,nosuid,nodev,noexec,relatime,memory= 0 0 +cgroup /sys/fs/cgroup/hugetlb cgroup rw,nosuid,nodev,noexec,relatime,huget= lb 0 0 +cgroup /sys/fs/cgroup/devices cgroup rw,nosuid,nodev,noexec,relatime,devic= es 0 0 +cgroup /sys/fs/cgroup/freezer cgroup rw,nosuid,nodev,noexec,relatime,freez= er 0 0 +cgroup /sys/fs/cgroup/perf_event cgroup rw,nosuid,nodev,noexec,relatime,pe= rf_event 0 0 +cgroup /sys/fs/cgroup/net_cls,net_prio cgroup rw,nosuid,nodev,noexec,relat= ime,net_prio,net_cls 0 0 diff --git a/tests/vircgroupdata/kubevirt.parsed b/tests/vircgroupdata/kube= virt.parsed new file mode 100644 index 0000000..3377af0 --- /dev/null +++ b/tests/vircgroupdata/kubevirt.parsed @@ -0,0 +1,10 @@ +cpu /sys/fs/cgroup/cpu,cpuacct +cpuacct /sys/fs/cgroup/cpu,cpuacct +cpuset /sys/fs/cgroup/cpuset +memory /sys/fs/cgroup/memory +devices /sys/fs/cgroup/devices +freezer /sys/fs/cgroup/freezer +blkio /sys/fs/cgroup/blkio +net_cls /sys/fs/cgroup/net_cls,net_prio +perf_event /sys/fs/cgroup/perf_event +name=3Dsystemd /sys/fs/cgroup/systemd diff --git a/tests/vircgrouptest.c b/tests/vircgrouptest.c index 8af5e2c..b932b1a 100644 --- a/tests/vircgrouptest.c +++ b/tests/vircgrouptest.c @@ -885,6 +885,7 @@ mymain(void) DETECT_MOUNTS("cgroups3"); DETECT_MOUNTS("all-in-one"); DETECT_MOUNTS("no-cgroups"); + DETECT_MOUNTS("kubevirt"); =20 if (virTestRun("New cgroup for self", testCgroupNewForSelf, NULL) < 0) ret =3D -1; --=20 2.9.4 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list