core/cgroup: tweak unit_invalidate_cgroup_bpf() a bit

- Rename to unit_invalidate_cgroup_bpf_firewall() to make it clear
  that this is about CGROUP_CONTROLLER_BPF_FIREWALL only
- Report whether things changed in unit_invalidate_cgroup()
  to avoid duplicate checks

diff --git a/src/core/cgroup.c b/src/core/cgroup.c
index 30c37945dfa1585e7674cecfa27a34a8fbf9ce10..ee39680d68b63eda0f8dd3f79d7644ad509cd32c 100644 (file)
--- a/src/core/cgroup.c
+++ b/src/core/cgroup.c
@@ -3941,46 +3941,38 @@ int unit_reset_accounting(Unit *u) {
         return r;
 }
 
-void unit_invalidate_cgroup(Unit *u, CGroupMask m) {
+bool unit_invalidate_cgroup(Unit *u, CGroupMask m) {
         assert(u);
 
         if (!UNIT_HAS_CGROUP_CONTEXT(u))
-                return;
+                return false;
 
         CGroupRuntime *crt = unit_get_cgroup_runtime(u);
         if (!crt)
-                return;
+                return false;
 
         if (FLAGS_SET(crt->cgroup_invalidated_mask, m)) /* NOP? */
-                return;
+                return false;
 
         crt->cgroup_invalidated_mask |= m;
         unit_add_to_cgroup_realize_queue(u);
+
+        return true;
 }
 
-void unit_invalidate_cgroup_bpf(Unit *u) {
+void unit_invalidate_cgroup_bpf_firewall(Unit *u) {
         assert(u);
 
-        if (!UNIT_HAS_CGROUP_CONTEXT(u))
-                return;
-
-        CGroupRuntime *crt = unit_get_cgroup_runtime(u);
-        if (!crt)
-                return;
-
-        if (crt->cgroup_invalidated_mask & CGROUP_MASK_BPF_FIREWALL) /* NOP? */
+        if (!unit_invalidate_cgroup(u, CGROUP_MASK_BPF_FIREWALL))
                 return;
 
-        crt->cgroup_invalidated_mask |= CGROUP_MASK_BPF_FIREWALL;
-        unit_add_to_cgroup_realize_queue(u);
-
         /* If we are a slice unit, we also need to put compile a new BPF program for all our children, as the IP access
          * list of our children includes our own. */
         if (u->type == UNIT_SLICE) {
                 Unit *member;
 
                 UNIT_FOREACH_DEPENDENCY(member, u, UNIT_ATOM_SLICE_OF)
-                        unit_invalidate_cgroup_bpf(member);
+                        unit_invalidate_cgroup_bpf_firewall(member);
         }
 }
 

diff --git a/src/core/cgroup.h b/src/core/cgroup.h
index 0934a8eb3e35e7cd7df6441fbd57d60e67868735..4e30434f6d93c21a6d649f608fcad995640f970f 100644 (file)
--- a/src/core/cgroup.h
+++ b/src/core/cgroup.h
@@ -437,8 +437,8 @@ bool unit_has_host_root_cgroup(const Unit *u);
 
 bool unit_has_startup_cgroup_constraints(Unit *u);
 
-void unit_invalidate_cgroup(Unit *u, CGroupMask m);
-void unit_invalidate_cgroup_bpf(Unit *u);
+bool unit_invalidate_cgroup(Unit *u, CGroupMask m);
+void unit_invalidate_cgroup_bpf_firewall(Unit *u);
 
 void manager_invalidate_startup_units(Manager *m);
 

diff --git a/src/core/dbus-cgroup.c b/src/core/dbus-cgroup.c
index 32a483178793909f2ae3dfbaf478d3142cfc4587..dd4a6e8367efd0f3024a7c6930bdc4e29d7ef0ee 100644 (file)
--- a/src/core/dbus-cgroup.c
+++ b/src/core/dbus-cgroup.c
@@ -614,7 +614,7 @@ static int bus_cgroup_set_transient_property(
                         if (n == 0)
                                 *filters = strv_free(*filters);
 
-                        unit_invalidate_cgroup_bpf(u);
+                        unit_invalidate_cgroup_bpf_firewall(u);
 
                         f = memstream_init(&m);
                         if (!f)
@@ -1608,7 +1608,7 @@ int bus_cgroup_set_property(
                 if (!UNIT_WRITE_FLAGS_NOOP(flags)) {
                         c->ip_accounting = b;
 
-                        unit_invalidate_cgroup_bpf(u);
+                        unit_invalidate_cgroup_bpf_firewall(u);
                         unit_write_settingf(u, flags, name, "IPAccounting=%s", yes_no(b));
                 }
 
@@ -1670,7 +1670,7 @@ int bus_cgroup_set_property(
                         bool *reduced;
                         FILE *f;
 
-                        unit_invalidate_cgroup_bpf(u);
+                        unit_invalidate_cgroup_bpf_firewall(u);
 
                         f = memstream_init(&m);
                         if (!f)

diff --git a/src/core/unit-serialize.c b/src/core/unit-serialize.c
index a35d57986bd7b2935d4da168ca5301bc2c2e02e1..459ea141358ce3f7b4ee749394084483ecb0a2f9 100644 (file)
--- a/src/core/unit-serialize.c
+++ b/src/core/unit-serialize.c
@@ -376,7 +376,7 @@ int unit_deserialize_state(Unit *u, FILE *f, FDSet *fds) {
                         unit_release_cgroup(u, /* drop_cgroup_runtime = */ false);
                 else {
                         unit_invalidate_cgroup(u, _CGROUP_MASK_ALL);
-                        unit_invalidate_cgroup_bpf(u);
+                        unit_invalidate_cgroup_bpf_firewall(u);
                 }
         }