vircgroupv2: properly free BPF prog and map FDs

When nested cgroup was introduced it did not properly free file
descriptors for BPF prog and map. With nested cgroups we create the BPF
bits in the nested cgroup instead of the VM root cgroup.

This would leak the FDs which would be the last reference to the prog
and map so kernel would not remove the resources as well. It would only
happen once libvirtd process exits.

Fixes: 184245f53b94fc84f727eb6e8a2aa52df02d69c0
Reported-by: Eric Farman <farman@linux.ibm.com>
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Tested-by: Eric Farman <farman@linux.ibm.com>
Reviewed-by: Eric Farman <farman@linux.ibm.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>

diff --git a/src/util/vircgroupv2.c b/src/util/vircgroupv2.c
index a9e9b9805ff40936a9591bb34e16396b2c78b15e..1c3a78427cccb25747753ac3d09fc849759bb946 100644 (file)
--- a/src/util/vircgroupv2.c
+++ b/src/util/vircgroupv2.c
@@ -523,6 +523,7 @@ static int
 virCgroupV2Remove(virCgroup *group)
 {
     g_autofree char *grppath = NULL;
+    virCgroup *parent = virCgroupGetNested(group);
     int controller;
 
     /* Don't delete the root group, if we accidentally
@@ -534,7 +535,7 @@ virCgroupV2Remove(virCgroup *group)
     if (virCgroupV2PathOfController(group, controller, "", &grppath) < 0)
         return 0;
 
-    if (virCgroupV2DevicesRemoveProg(group) < 0)
+    if (virCgroupV2DevicesRemoveProg(parent) < 0)
         return -1;
 
     return virCgroupRemoveRecursively(grppath);