From 6960a895ab29d3bcac1a168481be3467b963dc2d Mon Sep 17 00:00:00 2001
From: Pavel Hrdina <phrdina@redhat.com>
Date: Fri, 9 Apr 2021 18:28:09 +0200
Subject: [PATCH] vircgroupv2: properly free BPF prog and map FDs

When nested cgroup was introduced it did not properly free file
descriptors for BPF prog and map. With nested cgroups we create the BPF
bits in the nested cgroup instead of the VM root cgroup.

This would leak the FDs which would be the last reference to the prog
and map so kernel would not remove the resources as well. It would only
happen once libvirtd process exits.

Fixes: 184245f53b94fc84f727eb6e8a2aa52df02d69c0
Reported-by: Eric Farman <farman@linux.ibm.com>
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Tested-by: Eric Farman <farman@linux.ibm.com>
Reviewed-by: Eric Farman <farman@linux.ibm.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
---
 src/util/vircgroupv2.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/util/vircgroupv2.c b/src/util/vircgroupv2.c
index a9e9b9805f..1c3a78427c 100644
--- a/src/util/vircgroupv2.c
+++ b/src/util/vircgroupv2.c
@@ -523,6 +523,7 @@ static int
 virCgroupV2Remove(virCgroup *group)
 {
     g_autofree char *grppath = NULL;
+    virCgroup *parent = virCgroupGetNested(group);
     int controller;
 
     /* Don't delete the root group, if we accidentally
@@ -534,7 +535,7 @@ virCgroupV2Remove(virCgroup *group)
     if (virCgroupV2PathOfController(group, controller, "", &grppath) < 0)
         return 0;
 
-    if (virCgroupV2DevicesRemoveProg(group) < 0)
+    if (virCgroupV2DevicesRemoveProg(parent) < 0)
         return -1;
 
     return virCgroupRemoveRecursively(grppath);