commit 3e9eeb8329f5d3f9b8df329077149161ba5c540d
author Bart Van Assche <bvanassche@google.com> Wed Mar 23 20:34:22 2022 +0000
committer Gerrit Code Review <noreply-gerritcodereview@google.com> Wed Mar 23 20:34:22 2022 +0000
tree 7bd6689078acf460dc0b2b8ff3d4d01dbcae102a
parent b51b109ea9eed67ff771d5946c7ec03d395245bb
parent 4f2e62913d4f9489cd958fae1ff747a90eba2aa7

Merge "Enable the memory_recursiveprot mount option"

libprocessgroup/setup/cgroup_map_write.cpp

diff --git a/libprocessgroup/setup/cgroup_map_write.cpp b/libprocessgroup/setup/cgroup_map_write.cpp
index 3121d24..992cc2e 100644
--- a/libprocessgroup/setup/cgroup_map_write.cpp
+++ b/libprocessgroup/setup/cgroup_map_write.cpp
@@ -263,8 +263,18 @@
                 return false;
             }
 
-            result = mount("none", controller->path(), "cgroup2", MS_NODEV | MS_NOEXEC | MS_NOSUID,
-                           nullptr);
+            // The memory_recursiveprot mount option has been introduced by kernel commit
+            // 8a931f801340 ("mm: memcontrol: recursive memory.low protection"; v5.7). Try first to
+            // mount with that option enabled. If mounting fails because the kernel is too old,
+            // retry without that mount option.
+            if (mount("none", controller->path(), "cgroup2", MS_NODEV | MS_NOEXEC | MS_NOSUID,
+                      "memory_recursiveprot") < 0) {
+                LOG(INFO) << "Mounting memcg with memory_recursiveprot failed. Retrying without.";
+                if (mount("none", controller->path(), "cgroup2", MS_NODEV | MS_NOEXEC | MS_NOSUID,
+                          nullptr) < 0) {
+                    PLOG(ERROR) << "Failed to mount cgroup v2";
+                }
+            }
 
             // selinux permissions change after mounting, so it's ok to change mode and owner now
             if (!ChangeDirModeAndOwner(controller->path(), descriptor.mode(), descriptor.uid(),