From nobody Sun Feb 8 07:57:51 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 154643820394610.30910996077148; Wed, 2 Jan 2019 06:10:03 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id EFA432D7F2; Wed, 2 Jan 2019 14:10:00 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id ADE13608E0; Wed, 2 Jan 2019 14:10:00 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 5C84B3F606; Wed, 2 Jan 2019 14:10:00 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x02E8x3r000878 for ; Wed, 2 Jan 2019 09:08:59 -0500 Received: by smtp.corp.redhat.com (Postfix) id 433F6608DC; Wed, 2 Jan 2019 14:08:59 +0000 (UTC) Received: from antique-work.brq.redhat.com (unknown [10.43.2.181]) by smtp.corp.redhat.com (Postfix) with ESMTP id BD444608D9 for ; Wed, 2 Jan 2019 14:08:58 +0000 (UTC) From: Pavel Hrdina To: libvir-list@redhat.com Date: Wed, 2 Jan 2019 15:08:36 +0100 Message-Id: <4b61da0f9304d94bb97e8c0ef346caabfc6efe20.1546437956.git.phrdina@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 04/19] vircgroup: introduce virCgroupV2DeviceAttachProg X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.30]); Wed, 02 Jan 2019 14:10:02 +0000 (UTC) Content-Type: text/plain; charset="utf-8" This function loads the BPF prog with prepared map into kernel and attaches it into guest cgroup. It can be also used to replace existing program in the cgroup if we need to resize BPF map to store more rules for devices. The old program will be closed and removed from kernel. Signed-off-by: Pavel Hrdina --- src/util/vircgrouppriv.h | 10 ++++++++ src/util/vircgroupv2.c | 52 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 62 insertions(+) diff --git a/src/util/vircgrouppriv.h b/src/util/vircgrouppriv.h index a6fb3bb9f8..085fea375c 100644 --- a/src/util/vircgrouppriv.h +++ b/src/util/vircgrouppriv.h @@ -42,10 +42,20 @@ struct _virCgroupV1Controller { typedef struct _virCgroupV1Controller virCgroupV1Controller; typedef virCgroupV1Controller *virCgroupV1ControllerPtr; =20 +struct _virCgroupV2Devices { + int mapfd; + int progfd; + ssize_t count; + ssize_t max; +}; +typedef struct _virCgroupV2Devices virCgroupV2Devices; +typedef virCgroupV2Devices *virCgroupV2DevicesPtr; + struct _virCgroupV2Controller { int controllers; char *mountPoint; char *placement; + virCgroupV2Devices devices; }; typedef struct _virCgroupV2Controller virCgroupV2Controller; typedef virCgroupV2Controller *virCgroupV2ControllerPtr; diff --git a/src/util/vircgroupv2.c b/src/util/vircgroupv2.c index 63e3123cd9..7a8cc040eb 100644 --- a/src/util/vircgroupv2.c +++ b/src/util/vircgroupv2.c @@ -1671,6 +1671,58 @@ virCgroupV2DeviceLoadProg(int mapfd) } =20 =20 +static int +virCgroupV2DeviceAttachProg(virCgroupPtr group, + int mapfd, + size_t max) +{ + int ret =3D -1; + int progfd =3D -1; + int cgroupfd =3D -1; + VIR_AUTOFREE(char *) path =3D NULL; + + if (virCgroupV2PathOfController(group, VIR_CGROUP_CONTROLLER_DEVICES, + NULL, &path) < 0) { + goto cleanup; + } + + progfd =3D virCgroupV2DeviceLoadProg(mapfd); + if (progfd < 0) { + virReportSystemError(errno, "%s", _("failed to load cgroup BPF pro= g")); + goto cleanup; + } + + cgroupfd =3D open(path, O_RDONLY); + if (cgroupfd < 0) { + virReportSystemError(errno, _("unable to open '%s'"), path); + goto cleanup; + } + + if (virBPFAttachProg(progfd, cgroupfd, BPF_CGROUP_DEVICE) < 0) { + virReportSystemError(errno, "%s", _("failed to attach cgroup BPF p= rog")); + goto cleanup; + } + + if (group->unified.devices.progfd > 0) { + VIR_DEBUG("Closing existing program that was replaced by new one."= ); + VIR_FORCE_CLOSE(group->unified.devices.progfd); + } + + group->unified.devices.progfd =3D progfd; + group->unified.devices.mapfd =3D mapfd; + group->unified.devices.max =3D max; + progfd =3D -1; + mapfd =3D -1; + + ret =3D 0; + cleanup: + VIR_FORCE_CLOSE(cgroupfd); + VIR_FORCE_CLOSE(progfd); + VIR_FORCE_CLOSE(mapfd); + return ret; +} + + virCgroupBackend virCgroupV2Backend =3D { .type =3D VIR_CGROUP_BACKEND_TYPE_V2, =20 --=20 2.20.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list