Merge branch 'upstream-all-capabilities-for-mig-config-monitor' into 'master'

klueska · klueska · commit cdb311839437 · 2021-04-22T16:14:11.000Z
Mount all of /proc/.../nvidia/capabilities with --mig-{config, monitor}

See merge request nvidia/container-toolkit/libnvidia-container!61
diff --git a/src/nvc_mount.c b/src/nvc_mount.c
@@ -937,12 +937,8 @@ nvc_mig_config_global_caps_mount(struct nvc_context *ctx, const struct nvc_conta
         if (ns_enter(&ctx->err, cnt->mnt_ns, CLONE_NEWNS) < 0)
                 return (-1);
 
-        // Construct the path to the global MIG 'config' file in '/proc'.
-        if (path_join(&ctx->err, config, NV_MIG_CAPS_PATH, NV_MIG_CONFIG_FILE) < 0)
-                goto fail;
-
-        // Mount the 'config' file into the container.
-        if ((proc_mnt = mount_procfs_mig(&ctx->err, ctx->cfg.root, cnt, config)) == NULL)
+        // Mount the entire 'nvidia-capabilities' folder from '/proc' into the container.
+        if ((proc_mnt = mount_procfs_mig(&ctx->err, ctx->cfg.root, cnt, NV_PROC_DRIVER_CAPS)) == NULL)
                 goto fail;
 
         // Check if NV_CAPS_MODULE_NAME exists as a major device,
@@ -951,6 +947,9 @@ nvc_mig_config_global_caps_mount(struct nvc_context *ctx, const struct nvc_conta
                 if ((dev_mnt = mount_directory(&ctx->err, ctx->cfg.root, cnt, NV_CAPS_DEVICE_DIR)) == NULL)
                     goto fail;
 
+                if (path_join(&ctx->err, config, NV_MIG_CAPS_PATH, NV_MIG_CONFIG_FILE) < 0)
+                        goto fail;
+
                 if (nvc_nvcaps_device_from_proc_path(ctx, config, &node) < 0)
                         goto fail;
 
@@ -1000,12 +999,8 @@ nvc_mig_monitor_global_caps_mount(struct nvc_context *ctx, const struct nvc_cont
         if (ns_enter(&ctx->err, cnt->mnt_ns, CLONE_NEWNS) < 0)
                 return (-1);
 
-        // Construct the path to the global MIG 'monitor' file in '/proc'.
-        if (path_join(&ctx->err, monitor, NV_MIG_CAPS_PATH, NV_MIG_MONITOR_FILE) < 0)
-                goto fail;
-
-        // Mount the 'monitor' file into the container.
-        if ((proc_mnt = mount_procfs_mig(&ctx->err, ctx->cfg.root, cnt, monitor)) == NULL)
+        // Mount the entire 'nvidia-capabilities' folder from '/proc' into the container.
+        if ((proc_mnt = mount_procfs_mig(&ctx->err, ctx->cfg.root, cnt, NV_PROC_DRIVER_CAPS)) == NULL)
                 goto fail;
 
         // Check if NV_CAPS_MODULE_NAME exists as a major device,
@@ -1014,6 +1009,9 @@ nvc_mig_monitor_global_caps_mount(struct nvc_context *ctx, const struct nvc_cont
                 if ((dev_mnt = mount_directory(&ctx->err, ctx->cfg.root, cnt, NV_CAPS_DEVICE_DIR)) == NULL)
                         goto fail;
 
+                if (path_join(&ctx->err, monitor, NV_MIG_CAPS_PATH, NV_MIG_MONITOR_FILE) < 0)
+                        goto fail;
+
                 if (nvc_nvcaps_device_from_proc_path(ctx, monitor, &node) < 0)
                         goto fail;
 
@@ -1047,7 +1045,6 @@ int
 nvc_device_mig_caps_mount(struct nvc_context *ctx, const struct nvc_container *cnt, const struct nvc_device *dev)
 {
         // Initialize local variables.
-        char *proc_mnt = NULL;
         int nvcaps_major = -1;
         int rv = -1;
 
@@ -1061,10 +1058,6 @@ nvc_device_mig_caps_mount(struct nvc_context *ctx, const struct nvc_container *c
         if (ns_enter(&ctx->err, cnt->mnt_ns, CLONE_NEWNS) < 0)
                 return (-1);
 
-        // Mount the path to the mig MIG capabilities directory for this device in '/proc'.
-        if ((proc_mnt = mount_procfs_mig(&ctx->err, ctx->cfg.root, cnt, dev->mig_caps_path)) == NULL)
-                goto fail;
-
         // Check if NV_CAPS_MODULE_NAME exists as a major device, and if so,
         // mount in the appropriate /dev based capabilities as devices.
         if ((nvcaps_major = nvidia_get_chardev_major(NV_CAPS_MODULE_NAME)) != -1) {
@@ -1078,17 +1071,10 @@ nvc_device_mig_caps_mount(struct nvc_context *ctx, const struct nvc_container *c
 
  fail:
         if (rv < 0) {
-                // If we failed above for any reason, unmount the 'access' file
-                // we mounted and exit the mount namespace.
-                unmount(proc_mnt);
                 assert_func(ns_enter_at(NULL, ctx->mnt_ns, CLONE_NEWNS));
         } else {
-                // Otherwise, just exit the mount namespace.
                 rv = ns_enter_at(&ctx->err, ctx->mnt_ns, CLONE_NEWNS);
         }
 
-        // In all cases, free the string associated with the mounted 'access'
-        // file and return.
-        free(proc_mnt);
         return (rv);
 }
