From nobody Mon Feb  9 05:01:36 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.25
 as permitted sender) client-ip=209.132.183.25;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx4-phx2.redhat.com;
Authentication-Results: mx.zoho.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.25 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx4-phx2.redhat.com (mx4-phx2.redhat.com [209.132.183.25]) by
 mx.zohomail.com
	with SMTPS id 1487840993119628.7572178996736;
 Thu, 23 Feb 2017 01:09:53 -0800 (PST)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by mx4-phx2.redhat.com (8.13.8/8.13.8) with ESMTP id v1N96hDN001143;
	Thu, 23 Feb 2017 04:06:43 -0500
Received: from int-mx09.intmail.prod.int.phx2.redhat.com
	(int-mx09.intmail.prod.int.phx2.redhat.com [10.5.11.22])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id v1N93WHL009906 for <libvir-list@listman.util.phx.redhat.com>;
	Thu, 23 Feb 2017 04:03:32 -0500
Received: from moe.brq.redhat.com (dhcp129-131.brq.redhat.com [10.34.129.131])
	by int-mx09.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with
	ESMTP id v1N93H6q012322; Thu, 23 Feb 2017 04:03:31 -0500
From: Michal Privoznik <mprivozn@redhat.com>
To: libvir-list@redhat.com
Date: Thu, 23 Feb 2017 10:02:56 +0100
Message-Id: 
 <49d4f5f548d3099128e33ba6e1977dda5eb9c885.1487839955.git.mprivozn@redhat.com>
In-Reply-To: <cover.1487839955.git.mprivozn@redhat.com>
References: <cover.1487839955.git.mprivozn@redhat.com>
In-Reply-To: <cover.1487839955.git.mprivozn@redhat.com>
References: <cover.1487839955.git.mprivozn@redhat.com>
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.22
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH 13/14] qemu: Allow nvdimm in devices CGroups
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-ZohoMail: RSF_0  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

Some users might want to pass a blockdev or a chardev as a
backend for NVDIMM. In fact, this is expected to be the mostly
used configuration. Therefore libvirt should allow the device in
devices CGroup then.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
 src/qemu/qemu_cgroup.c  | 49 +++++++++++++++++++++++++++++++++++++++++++++=
++++
 src/qemu/qemu_cgroup.h  |  4 ++++
 src/qemu/qemu_hotplug.c | 10 ++++++++++
 3 files changed, 63 insertions(+)

diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c
index 42a47a798..8f68a22dc 100644
--- a/src/qemu/qemu_cgroup.c
+++ b/src/qemu/qemu_cgroup.c
@@ -348,6 +348,50 @@ qemuTeardownHostdevCgroup(virDomainObjPtr vm,
 }
=20
=20
+int
+qemuSetupMemoryDevicesCgroup(virDomainObjPtr vm,
+                             virDomainMemoryDefPtr mem)
+{
+    qemuDomainObjPrivatePtr priv =3D vm->privateData;
+    int rv;
+
+    if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DEVICE=
S))
+        return 0;
+
+    if (mem->model !=3D VIR_DOMAIN_MEMORY_MODEL_NVDIMM)
+        return 0;
+
+    VIR_DEBUG("Setting devices Cgroup for NVDIMM device: %s", mem->path);
+    rv =3D virCgroupAllowDevicePath(priv->cgroup, mem->path,
+                                  VIR_CGROUP_DEVICE_RW, false);
+    virDomainAuditCgroupPath(vm, priv->cgroup, "allow",
+                             mem->path, "rw", rv =3D=3D 0);
+
+    return rv;
+}
+
+
+int
+qemuTeardownMemoryDevicesCgroup(virDomainObjPtr vm,
+                                virDomainMemoryDefPtr mem)
+{
+    qemuDomainObjPrivatePtr priv =3D vm->privateData;
+    int rv;
+
+    if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DEVICE=
S))
+        return 0;
+
+    if (mem->model !=3D VIR_DOMAIN_MEMORY_MODEL_NVDIMM)
+        return 0;
+
+    rv =3D virCgroupDenyDevicePath(priv->cgroup, mem->path,
+                                 VIR_CGROUP_DEVICE_RWM, false);
+    virDomainAuditCgroupPath(vm, priv->cgroup,
+                             "deny", mem->path, "rwm", rv =3D=3D 0);
+    return rv;
+}
+
+
 static int
 qemuSetupGraphicsCgroup(virDomainObjPtr vm,
                         virDomainGraphicsDefPtr gfx)
@@ -647,6 +691,11 @@ qemuSetupDevicesCgroup(virQEMUDriverPtr driver,
             goto cleanup;
     }
=20
+    for (i =3D 0; i < vm->def->nmems; i++) {
+        if (qemuSetupMemoryDevicesCgroup(vm, vm->def->mems[i]) < 0)
+            goto cleanup;
+    }
+
     for (i =3D 0; i < vm->def->ngraphics; i++) {
         if (qemuSetupGraphicsCgroup(vm, vm->def->graphics[i]) < 0)
             goto cleanup;
diff --git a/src/qemu/qemu_cgroup.h b/src/qemu/qemu_cgroup.h
index 8ae4a72ab..d016ce29d 100644
--- a/src/qemu/qemu_cgroup.h
+++ b/src/qemu/qemu_cgroup.h
@@ -43,6 +43,10 @@ int qemuSetupHostdevCgroup(virDomainObjPtr vm,
 int qemuTeardownHostdevCgroup(virDomainObjPtr vm,
                               virDomainHostdevDefPtr dev)
    ATTRIBUTE_RETURN_CHECK;
+int qemuSetupMemoryDevicesCgroup(virDomainObjPtr vm,
+                                 virDomainMemoryDefPtr mem);
+int qemuTeardownMemoryDevicesCgroup(virDomainObjPtr vm,
+                                    virDomainMemoryDefPtr mem);
 int qemuSetupRNGCgroup(virDomainObjPtr vm,
                        virDomainRNGDefPtr rng);
 int qemuTeardownRNGCgroup(virDomainObjPtr vm,
diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
index 7e837a422..e821596bf 100644
--- a/src/qemu/qemu_hotplug.c
+++ b/src/qemu/qemu_hotplug.c
@@ -2192,6 +2192,7 @@ qemuDomainAttachMemory(virQEMUDriverPtr driver,
     const char *backendType;
     bool objAdded =3D false;
     bool teardownlabel =3D false;
+    bool teardowncgroup =3D false;
     virJSONValuePtr props =3D NULL;
     virObjectEventPtr event;
     int id;
@@ -2233,6 +2234,10 @@ qemuDomainAttachMemory(virQEMUDriverPtr driver,
         goto removedef;
     }
=20
+    if (qemuSetupMemoryDevicesCgroup(vm, mem) < 0)
+        goto removedef;
+    teardowncgroup =3D true;
+
     if (qemuSecuritySetMemoryLabel(driver, vm, mem) < 0)
         goto removedef;
     teardownlabel =3D true;
@@ -2272,6 +2277,8 @@ qemuDomainAttachMemory(virQEMUDriverPtr driver,
     virDomainAuditMemory(vm, oldmem, newmem, "update", ret =3D=3D 0);
  cleanup:
     if (mem && ret < 0) {
+        if (teardowncgroup && qemuTeardownMemoryDevicesCgroup(vm, mem) < 0)
+            VIR_WARN("Unable to remove memory device cgroup ACL on hotplug=
 fail");
         if (teardownlabel && qemuSecurityRestoreMemoryLabel(driver, vm, me=
m) < 0)
             VIR_WARN("Unable to restore security label on memdev");
     }
@@ -3739,6 +3746,9 @@ qemuDomainRemoveMemoryDevice(virQEMUDriverPtr driver,
     if (qemuSecurityRestoreMemoryLabel(driver, vm, mem) < 0)
         VIR_WARN("Unable to restore security label on memdev");
=20
+    if (qemuTeardownMemoryDevicesCgroup(vm, mem) < 0)
+        VIR_WARN("Unable to remove memory device cgroup ACL");
+
     virDomainMemoryDefFree(mem);
=20
     /* fix the balloon size */
--=20
2.11.0

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list