From nobody Sun Feb  8 12:19:19 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1547480905439795.7144860703683;
 Mon, 14 Jan 2019 07:48:25 -0800 (PST)
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com
 [10.5.11.16])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 2459EC0D263A;
	Mon, 14 Jan 2019 15:48:20 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 9BCB06149A;
	Mon, 14 Jan 2019 15:48:19 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 422CD18436BF;
	Mon, 14 Jan 2019 15:48:19 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com
	[10.5.11.16])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id x0EFm49A012889 for <libvir-list@listman.util.phx.redhat.com>;
	Mon, 14 Jan 2019 10:48:04 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id 960CF6531A; Mon, 14 Jan 2019 15:48:04 +0000 (UTC)
Received: from antique-work.brq.redhat.com (unknown [10.43.2.63])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 035E517AFC
	for <libvir-list@redhat.com>; Mon, 14 Jan 2019 15:48:03 +0000 (UTC)
From: Pavel Hrdina <phrdina@redhat.com>
To: libvir-list@redhat.com
Date: Mon, 14 Jan 2019 16:47:48 +0100
Message-Id: 
 <9b50d68fc016844af2dcbafaed7bbfb704e8d74f.1547480099.git.phrdina@redhat.com>
In-Reply-To: <cover.1547480099.git.phrdina@redhat.com>
References: <cover.1547480099.git.phrdina@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH v2 14/17] vircgroup: workaround devices in hybrid
	mode
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.31]);
 Mon, 14 Jan 2019 15:48:23 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"

So the issue here is that you can end up with configuration where
you have cgroup v1 and v2 enabled at the same time and the devices
controllers is enabled for cgroup v1.

In cgroup v2 there is no devices controller, the device access is
controlled using BPF and since it is not a cgroup controller both
of them can exists at the same time and both of them are applied while
resolving access to devices.

In order to avoid configuring both BPF and cgroup v1 devices we will
use BPF if possible and otherwise fallback to cgroup v1 devices.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
---
 src/util/vircgroup.c        | 3 ++-
 src/util/vircgroupbackend.h | 3 ++-
 src/util/vircgroupv1.c      | 9 ++++++++-
 src/util/vircgroupv2.c      | 5 ++++-
 4 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/src/util/vircgroup.c b/src/util/vircgroup.c
index 3ebb3b0a0f..9d284e9bf4 100644
--- a/src/util/vircgroup.c
+++ b/src/util/vircgroup.c
@@ -381,7 +381,8 @@ virCgroupDetect(virCgroupPtr group,
=20
     for (i =3D 0; i < VIR_CGROUP_BACKEND_TYPE_LAST; i++) {
         if (group->backends[i]) {
-            int rc =3D group->backends[i]->detectControllers(group, contro=
llers);
+            int rc =3D group->backends[i]->detectControllers(group, contro=
llers,
+                                                           controllersAvai=
lable);
             if (rc < 0)
                 return -1;
             controllersAvailable |=3D rc;
diff --git a/src/util/vircgroupbackend.h b/src/util/vircgroupbackend.h
index 24b45be9bb..9bc8e7b11d 100644
--- a/src/util/vircgroupbackend.h
+++ b/src/util/vircgroupbackend.h
@@ -96,7 +96,8 @@ typedef char *
=20
 typedef int
 (*virCgroupDetectControllersCB)(virCgroupPtr group,
-                                int controllers);
+                                int controllers,
+                                int detected);
=20
 typedef bool
 (*virCgroupHasControllerCB)(virCgroupPtr cgroup,
diff --git a/src/util/vircgroupv1.c b/src/util/vircgroupv1.c
index f6707e4894..c94fad0591 100644
--- a/src/util/vircgroupv1.c
+++ b/src/util/vircgroupv1.c
@@ -417,7 +417,8 @@ virCgroupV1StealPlacement(virCgroupPtr group)
=20
 static int
 virCgroupV1DetectControllers(virCgroupPtr group,
-                             int controllers)
+                             int controllers,
+                             int detected)
 {
     size_t i;
     size_t j;
@@ -427,6 +428,9 @@ virCgroupV1DetectControllers(virCgroupPtr group,
         /* First mark requested but non-existing controllers to be ignored=
 */
         for (i =3D 0; i < VIR_CGROUP_CONTROLLER_LAST; i++) {
             if (((1 << i) & controllers)) {
+                int type =3D 1 << i;
+                if (type & detected)
+                    VIR_FREE(group->legacy[i].mountPoint);
                 /* Remove non-existent controllers  */
                 if (!group->legacy[i].mountPoint) {
                     VIR_DEBUG("Requested controller '%s' not mounted, igno=
ring",
@@ -466,6 +470,9 @@ virCgroupV1DetectControllers(virCgroupPtr group,
         VIR_DEBUG("Auto-detecting controllers");
         controllers =3D 0;
         for (i =3D 0; i < VIR_CGROUP_CONTROLLER_LAST; i++) {
+            int type =3D 1 << i;
+            if (type & detected)
+                VIR_FREE(group->legacy[i].mountPoint);
             VIR_DEBUG("Controller '%s' present=3D%s",
                       virCgroupV1ControllerTypeToString(i),
                       group->legacy[i].mountPoint ? "yes" : "no");
diff --git a/src/util/vircgroupv2.c b/src/util/vircgroupv2.c
index f2ea1eb7df..44c4c7fc90 100644
--- a/src/util/vircgroupv2.c
+++ b/src/util/vircgroupv2.c
@@ -284,7 +284,8 @@ virCgroupV2ParseControllersFile(virCgroupPtr group)
=20
 static int
 virCgroupV2DetectControllers(virCgroupPtr group,
-                             int controllers)
+                             int controllers,
+                             int detected)
 {
     size_t i;
=20
@@ -297,6 +298,8 @@ virCgroupV2DetectControllers(virCgroupPtr group,
     if (virCgroupV2DevicesAvailable(group))
         group->unified.controllers |=3D 1 << VIR_CGROUP_CONTROLLER_DEVICES;
=20
+    group->unified.controllers &=3D ~detected;
+
     for (i =3D 0; i < VIR_CGROUP_CONTROLLER_LAST; i++)
         VIR_DEBUG("Controller '%s' present=3D%s",
                   virCgroupV2ControllerTypeToString(i),
--=20
2.20.1

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list