From: Mike Yuan Date: Tue, 27 May 2025 23:02:04 +0000 (+0200) Subject: core/cgroup: tweak unit_invalidate_cgroup_bpf() a bit X-Git-Tag: v258-rc1~147^2~3 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7af676c1b6cdee1fcec6e1b9ec0b5111f6daa6aa;p=thirdparty%2Fsystemd.git core/cgroup: tweak unit_invalidate_cgroup_bpf() a bit - Rename to unit_invalidate_cgroup_bpf_firewall() to make it clear that this is about CGROUP_CONTROLLER_BPF_FIREWALL only - Report whether things changed in unit_invalidate_cgroup() to avoid duplicate checks --- diff --git a/src/core/cgroup.c b/src/core/cgroup.c index 30c37945dfa..ee39680d68b 100644 --- a/src/core/cgroup.c +++ b/src/core/cgroup.c @@ -3941,46 +3941,38 @@ int unit_reset_accounting(Unit *u) { return r; } -void unit_invalidate_cgroup(Unit *u, CGroupMask m) { +bool unit_invalidate_cgroup(Unit *u, CGroupMask m) { assert(u); if (!UNIT_HAS_CGROUP_CONTEXT(u)) - return; + return false; CGroupRuntime *crt = unit_get_cgroup_runtime(u); if (!crt) - return; + return false; if (FLAGS_SET(crt->cgroup_invalidated_mask, m)) /* NOP? */ - return; + return false; crt->cgroup_invalidated_mask |= m; unit_add_to_cgroup_realize_queue(u); + + return true; } -void unit_invalidate_cgroup_bpf(Unit *u) { +void unit_invalidate_cgroup_bpf_firewall(Unit *u) { assert(u); - if (!UNIT_HAS_CGROUP_CONTEXT(u)) - return; - - CGroupRuntime *crt = unit_get_cgroup_runtime(u); - if (!crt) - return; - - if (crt->cgroup_invalidated_mask & CGROUP_MASK_BPF_FIREWALL) /* NOP? */ + if (!unit_invalidate_cgroup(u, CGROUP_MASK_BPF_FIREWALL)) return; - crt->cgroup_invalidated_mask |= CGROUP_MASK_BPF_FIREWALL; - unit_add_to_cgroup_realize_queue(u); - /* If we are a slice unit, we also need to put compile a new BPF program for all our children, as the IP access * list of our children includes our own. */ if (u->type == UNIT_SLICE) { Unit *member; UNIT_FOREACH_DEPENDENCY(member, u, UNIT_ATOM_SLICE_OF) - unit_invalidate_cgroup_bpf(member); + unit_invalidate_cgroup_bpf_firewall(member); } } diff --git a/src/core/cgroup.h b/src/core/cgroup.h index 0934a8eb3e3..4e30434f6d9 100644 --- a/src/core/cgroup.h +++ b/src/core/cgroup.h @@ -437,8 +437,8 @@ bool unit_has_host_root_cgroup(const Unit *u); bool unit_has_startup_cgroup_constraints(Unit *u); -void unit_invalidate_cgroup(Unit *u, CGroupMask m); -void unit_invalidate_cgroup_bpf(Unit *u); +bool unit_invalidate_cgroup(Unit *u, CGroupMask m); +void unit_invalidate_cgroup_bpf_firewall(Unit *u); void manager_invalidate_startup_units(Manager *m); diff --git a/src/core/dbus-cgroup.c b/src/core/dbus-cgroup.c index 32a48317879..dd4a6e8367e 100644 --- a/src/core/dbus-cgroup.c +++ b/src/core/dbus-cgroup.c @@ -614,7 +614,7 @@ static int bus_cgroup_set_transient_property( if (n == 0) *filters = strv_free(*filters); - unit_invalidate_cgroup_bpf(u); + unit_invalidate_cgroup_bpf_firewall(u); f = memstream_init(&m); if (!f) @@ -1608,7 +1608,7 @@ int bus_cgroup_set_property( if (!UNIT_WRITE_FLAGS_NOOP(flags)) { c->ip_accounting = b; - unit_invalidate_cgroup_bpf(u); + unit_invalidate_cgroup_bpf_firewall(u); unit_write_settingf(u, flags, name, "IPAccounting=%s", yes_no(b)); } @@ -1670,7 +1670,7 @@ int bus_cgroup_set_property( bool *reduced; FILE *f; - unit_invalidate_cgroup_bpf(u); + unit_invalidate_cgroup_bpf_firewall(u); f = memstream_init(&m); if (!f) diff --git a/src/core/unit-serialize.c b/src/core/unit-serialize.c index a35d57986bd..459ea141358 100644 --- a/src/core/unit-serialize.c +++ b/src/core/unit-serialize.c @@ -376,7 +376,7 @@ int unit_deserialize_state(Unit *u, FILE *f, FDSet *fds) { unit_release_cgroup(u, /* drop_cgroup_runtime = */ false); else { unit_invalidate_cgroup(u, _CGROUP_MASK_ALL); - unit_invalidate_cgroup_bpf(u); + unit_invalidate_cgroup_bpf_firewall(u); } }