From: Christian Brauner <christian.brauner@ubuntu.com>
Date: Sun, 27 Dec 2020 11:18:13 +0000 (+0100)
Subject: cgroup2: move bpf device cgroup program to struct cgroup_ops
X-Git-Tag: lxc-5.0.0~326^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=31b84c7a026fb9f75e4f9fc625790af2b6a6c92b;p=thirdparty%2Flxc.git

cgroup2: move bpf device cgroup program to struct cgroup_ops

Cc: stable-4.0
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
---

diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c
index cade4d3c7..0078b3c85 100644
--- a/src/lxc/cgroups/cgfsng.c
+++ b/src/lxc/cgroups/cgfsng.c
@@ -1027,7 +1027,7 @@ __cgfsng_ops static void cgfsng_payload_destroy(struct cgroup_ops *ops,
 	}
 
 #ifdef HAVE_STRUCT_BPF_CGROUP_DEV_CTX
-	ret = bpf_program_cgroup_detach(handler->conf->cgroup2_devices);
+	ret = bpf_program_cgroup_detach(handler->cgroup_ops->cgroup2_devices);
 	if (ret < 0)
 		WARN("Failed to detach bpf program from cgroup");
 #endif
@@ -3028,8 +3028,8 @@ __cgfsng_ops static bool cgfsng_devices_activate(struct cgroup_ops *ops, struct
 		return log_error_errno(false, ENOMEM, "Failed to attach bpf program");
 
 	/* Replace old bpf program. */
-	devices_old = move_ptr(conf->cgroup2_devices);
-	conf->cgroup2_devices = move_ptr(devices);
+	devices_old = move_ptr(ops->cgroup2_devices);
+	ops->cgroup2_devices = move_ptr(devices);
 	devices = move_ptr(devices_old);
 #endif
 	return true;
diff --git a/src/lxc/cgroups/cgroup2_devices.c b/src/lxc/cgroups/cgroup2_devices.c
index 422d70d22..54d333c3f 100644
--- a/src/lxc/cgroups/cgroup2_devices.c
+++ b/src/lxc/cgroups/cgroup2_devices.c
@@ -439,17 +439,18 @@ int bpf_program_cgroup_detach(struct bpf_program *prog)
 					       prog->attached_path);
 	}
 
-	free(prog->attached_path);
-	prog->attached_path = NULL;
+        TRACE("Detached bpf program from cgroup %s", prog->attached_path);
+        free_disarm(prog->attached_path);
 
-	return 0;
+        return 0;
 }
 
-void lxc_clear_cgroup2_devices(struct lxc_conf *conf)
+void bpf_device_program_free(struct cgroup_ops *ops)
 {
-	if (conf->cgroup2_devices) {
-		(void)bpf_program_cgroup_detach(conf->cgroup2_devices);
-		(void)bpf_program_free(conf->cgroup2_devices);
+	if (ops->cgroup2_devices) {
+		(void)bpf_program_cgroup_detach(ops->cgroup2_devices);
+		(void)bpf_program_free(ops->cgroup2_devices);
+		ops->cgroup2_devices = NULL;
 	}
 }
 
diff --git a/src/lxc/cgroups/cgroup2_devices.h b/src/lxc/cgroups/cgroup2_devices.h
index 83d2fd3cc..04f493e02 100644
--- a/src/lxc/cgroups/cgroup2_devices.h
+++ b/src/lxc/cgroups/cgroup2_devices.h
@@ -15,6 +15,7 @@
 #include <sys/types.h>
 #include <unistd.h>
 
+#include "cgroup.h"
 #include "compiler.h"
 #include "conf.h"
 #include "config.h"
@@ -61,7 +62,7 @@ __hidden extern int bpf_program_cgroup_attach(struct bpf_program *prog, int type
 					      uint32_t flags);
 __hidden extern int bpf_program_cgroup_detach(struct bpf_program *prog);
 __hidden extern void bpf_program_free(struct bpf_program *prog);
-__hidden extern void lxc_clear_cgroup2_devices(struct lxc_conf *conf);
+__hidden extern void bpf_device_program_free(struct cgroup_ops *ops);
 __hidden extern bool bpf_devices_cgroup_supported(void);
 
 static inline void __auto_bpf_program_free__(struct bpf_program **prog)
@@ -119,7 +120,7 @@ static inline void bpf_program_free(struct bpf_program *prog)
 {
 }
 
-static inline void lxc_clear_cgroup2_devices(struct lxc_conf *conf)
+static inline void bpf_device_program_free(struct cgroup_ops *ops)
 {
 }
 
diff --git a/src/lxc/commands.c b/src/lxc/commands.c
index cca09a126..a9a03ca2c 100644
--- a/src/lxc/commands.c
+++ b/src/lxc/commands.c
@@ -1198,7 +1198,8 @@ static int lxc_cmd_add_bpf_device_cgroup_callback(int fd, struct lxc_cmd_req *re
 	__do_bpf_program_free struct bpf_program *devices = NULL;
 	struct lxc_cmd_rsp rsp = {0};
 	struct lxc_conf *conf = handler->conf;
-	struct hierarchy *unified = handler->cgroup_ops->unified;
+	struct cgroup_ops *cgroup_ops = handler->cgroup_ops;
+	struct hierarchy *unified = cgroup_ops->unified;
 	int ret;
 	struct lxc_list *it;
 	struct device_item *device;
@@ -1249,8 +1250,8 @@ static int lxc_cmd_add_bpf_device_cgroup_callback(int fd, struct lxc_cmd_req *re
 		goto respond;
 
 	/* Replace old bpf program. */
-	devices_old = move_ptr(conf->cgroup2_devices);
-	conf->cgroup2_devices = move_ptr(devices);
+	devices_old = move_ptr(cgroup_ops->cgroup2_devices);
+	cgroup_ops->cgroup2_devices = move_ptr(devices);
 	devices = move_ptr(devices_old);
 
 	rsp.ret = 0;
diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 27f970668..d5c069553 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -36,7 +36,6 @@
 #include "af_unix.h"
 #include "caps.h"
 #include "cgroup.h"
-#include "cgroup2_devices.h"
 #include "conf.h"
 #include "config.h"
 #include "confile.h"
@@ -3842,7 +3841,6 @@ void lxc_conf_free(struct lxc_conf *conf)
 	lxc_clear_cgroups(conf, "lxc.cgroup", CGROUP_SUPER_MAGIC);
 	lxc_clear_cgroups(conf, "lxc.cgroup2", CGROUP2_SUPER_MAGIC);
 	lxc_clear_devices(conf);
-	lxc_clear_cgroup2_devices(conf);
 	lxc_clear_hooks(conf, "lxc.hook");
 	lxc_clear_mount_entries(conf);
 	lxc_clear_idmaps(conf);
diff --git a/src/lxc/conf.h b/src/lxc/conf.h
index 116479df9..84b0f81b0 100644
--- a/src/lxc/conf.h
+++ b/src/lxc/conf.h
@@ -299,7 +299,6 @@ struct lxc_conf {
 	struct {
 		struct lxc_list cgroup;
 		struct lxc_list cgroup2;
-		struct bpf_program *cgroup2_devices;
 		/* This should be reimplemented as a hashmap. */
 		struct lxc_list devices;
 	};