vircgroupv2: properly free BPF prog and map FDs

When nested cgroup was introduced it did not properly free file descriptors for BPF prog and map. With nested cgroups we create the BPF bits in the nested cgroup instead of the VM root cgroup. This would leak the FDs which would be the last reference to the prog and map so kernel would not remove the resources as well. It would only happen once libvirtd process exits. Fixes: 184245f53b94fc84f727eb6e8a2aa52df02d69c0 Reported-by: Eric Farman <farman@linux.ibm.com> Signed-off-by: Pavel Hrdina <phrdina@redhat.com> Tested-by: Eric Farman <farman@linux.ibm.com> Reviewed-by: Eric Farman <farman@linux.ibm.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2025-02-22 11:22:23 +00:00 · 2021-04-09 18:28:09 +02:00 · 2021-04-09 18:28:09 +02:00 · 6960a895ab
commit 6960a895ab
parent 8674faaf32
1 changed files with 2 additions and 1 deletions
--- a/src/util/vircgroupv2.c
+++ b/src/util/vircgroupv2.c
@ -523,6 +523,7 @@ static int
 virCgroupV2Remove(virCgroup *group)
 {
    g_autofree char *grppath = NULL;
+    virCgroup *parent = virCgroupGetNested(group);
    int controller;

    /* Don't delete the root group, if we accidentally
@ -534,7 +535,7 @@ virCgroupV2Remove(virCgroup *group)
    if (virCgroupV2PathOfController(group, controller, "", &grppath) < 0)
        return 0;

-    if (virCgroupV2DevicesRemoveProg(group) < 0)
+    if (virCgroupV2DevicesRemoveProg(parent) < 0)
        return -1;

    return virCgroupRemoveRecursively(grppath);