From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 9 Jul 2025 07:35:12 +0000 (+0200)
Subject: machined: explicitly watch machine cgroup for getting empty
X-Git-Tag: v258-rc1~79^2~15
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=74546a7e292228f21511d8ea49d781dbea694234;p=thirdparty%2Fsystemd.git

machined: explicitly watch machine cgroup for getting empty
---

diff --git a/src/machine/machine.c b/src/machine/machine.c
index 0a8db2dfa82..26252ff9cdd 100644
--- a/src/machine/machine.c
+++ b/src/machine/machine.c
@@ -137,6 +137,8 @@ Machine* machine_free(Machine *m) {
 
         sd_bus_message_unref(m->create_message);
 
+        m->cgroup_empty_event_source = sd_event_source_disable_unref(m->cgroup_empty_event_source);
+
         free(m->name);
 
         free(m->state_file);
@@ -146,6 +148,7 @@ Machine* machine_free(Machine *m) {
         free(m->unit);
         free(m->subgroup);
         free(m->scope_job);
+        free(m->cgroup);
 
         free(m->netif);
         free(m->ssh_address);
@@ -584,6 +587,43 @@ static int machine_watch_pidfd(Machine *m, PidRef *pidref, sd_event_source **sou
         return 0;
 }
 
+static int machine_dispatch_cgroup_empty(sd_event_source *s, const struct inotify_event *event, void *userdata) {
+        Machine *m = ASSERT_PTR(userdata);
+        int r;
+
+        assert(m->cgroup);
+
+        r = cg_is_empty(SYSTEMD_CGROUP_CONTROLLER, m->cgroup);
+        if (r < 0)
+                return log_error_errno(r, "Failed to determine if cgroup '%s' is empty: %m", m->cgroup);
+
+        if (r > 0)
+                machine_add_to_gc_queue(m);
+
+        return 0;
+}
+
+static int machine_watch_cgroup(Machine *m) {
+        int r;
+
+        assert(m);
+        assert(!m->cgroup_empty_event_source);
+
+        if (!m->cgroup)
+                return 0;
+
+        _cleanup_free_ char *p = NULL;
+        r = cg_get_path(SYSTEMD_CGROUP_CONTROLLER, m->cgroup, "cgroup.events", &p);
+        if (r < 0)
+                return log_error_errno(r, "Failed to get cgroup path for cgroup '%s': %m", m->cgroup);
+
+        r = sd_event_add_inotify(m->manager->event, &m->cgroup_empty_event_source, p, IN_MODIFY, machine_dispatch_cgroup_empty, m);
+        if (r < 0)
+                return log_error_errno(r, "Failed to watch %s events: %m", p);
+
+        return 0;
+}
+
 int machine_start(Machine *m, sd_bus_message *properties, sd_bus_error *error) {
         int r;
 
@@ -607,6 +647,10 @@ int machine_start(Machine *m, sd_bus_message *properties, sd_bus_error *error) {
         if (r < 0)
                 return r;
 
+        r = machine_watch_cgroup(m);
+        if (r < 0)
+                return r;
+
         /* Create cgroup */
         r = machine_ensure_scope(m, properties, error);
         if (r < 0)
@@ -728,6 +772,14 @@ bool machine_may_gc(Machine *m, bool drop_not_started) {
                         return false;
         }
 
+        if (m->cgroup) {
+                r = cg_is_empty(SYSTEMD_CGROUP_CONTROLLER, m->cgroup);
+                if (IN_SET(r, 0, -ENOENT))
+                        return true;
+                if (r < 0)
+                        log_debug_errno(r, "Failed to determine if cgroup '%s' is empty, ignoring: %m", m->cgroup);
+        }
+
         return true;
 }
 
diff --git a/src/machine/machine.h b/src/machine/machine.h
index dda1612916c..8f1a044f7a0 100644
--- a/src/machine/machine.h
+++ b/src/machine/machine.h
@@ -50,6 +50,7 @@ typedef struct Machine {
         char *unit;
         char *subgroup;
         char *scope_job;
+        char *cgroup;
 
         /* Leader: the top-level process that encapsulates the machine itself. For containers that's PID 1,
          * for VMs that's qemu or whatever process wraps the actual VM code. This process defines the runtime
@@ -64,6 +65,8 @@ typedef struct Machine {
 
         dual_timestamp timestamp;
 
+        sd_event_source *cgroup_empty_event_source;
+
         bool in_gc_queue:1;
         bool started:1;
         bool stopping:1;
diff --git a/src/machine/machined-dbus.c b/src/machine/machined-dbus.c
index 72141b8116d..883c8c1338c 100644
--- a/src/machine/machined-dbus.c
+++ b/src/machine/machined-dbus.c
@@ -442,6 +442,19 @@ static int method_register_machine_internal(sd_bus_message *message, bool read_n
                 goto fail;
         }
 
+        if (!empty_or_root(m->subgroup)) {
+                /* If this is not a top-level cgroup, then we need the cgroup path to be able to watch when
+                 * it empties */
+
+                r = cg_pidref_get_path(SYSTEMD_CGROUP_CONTROLLER, &m->leader, &m->cgroup);
+                if (r < 0) {
+                        r = sd_bus_error_set_errnof(error, r,
+                                                    "Failed to determine cgroup of process "PID_FMT" : %m",
+                                                    m->leader.pid);
+                        goto fail;
+                }
+        }
+
         r = machine_start(m, NULL, error);
         if (r < 0)
                 goto fail;