From 827507c63678f7160f84faf47e445dd95fa48c73 Mon Sep 17 00:00:00 2001
From: Maksym Belei <Maksym_Belei@jabil.com>
Date: Tue, 2 Mar 2021 19:52:33 +0200
Subject: [PATCH] [net] Disable prio and cls cgroups to make working cgroup2
 sock matching

* Unset CONFIG_CGROUP_NET_CLASSID, CONFIG_CGROUP_NET_PRIO and depended
  modules CONFIG_NET_CLS_CGROUP, CONFIG_NETFILTER_XT_MATCH_CGROUP
  in Kconfig to disable those v1 cgroups.
  The system contains programs, which use both groups v1 and v2, e.g. docker
  uses net_prio, net_cls and "ip vrf" uses cgroup2 socket matching.
  But, Linux kernel does not allow to work with net_prio, net_cls and
  socket matching from cgroup2 in the same time. Link to comment in source file:
  https://elixir.bootlin.com/linux/v4.19.156/source/include/linux/cgroup-defs.h#L745
  The related warning, appearing on startup: "sonic INFO kernel: [ 14.057746] cgroup:
  cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation".
  Disabling of net_prio and net_cls will prevent this conflict and make programs,
  which uses cgroup2 socket matching, to be working correct.

Signed-off-by: Maksym Belei <Maksym_Belei@jabil.com>
---
 patch/kconfig-exclusions | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/patch/kconfig-exclusions b/patch/kconfig-exclusions
index de35a6940..b166ea04e 100644
--- a/patch/kconfig-exclusions
+++ b/patch/kconfig-exclusions
@@ -1,6 +1,11 @@
 [common]
 # Unset STRICT_DEVMEM according to Broadcom's requirement and for CENTEC arm64 arch
 CONFIG_STRICT_DEVMEM
+# Unset classid and priority network cgroups due to conflict between cgroups v1 and v2
+CONFIG_CGROUP_NET_CLASSID
+CONFIG_NET_CLS_CGROUP
+CONFIG_NETFILTER_XT_MATCH_CGROUP
+CONFIG_CGROUP_NET_PRIO
 
 [amd64]
 # Unset X86_PAT according to Broadcom's requirement