From nobody Sun Feb  8 12:20:41 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1546438247299258.42018039184404;
 Wed, 2 Jan 2019 06:10:47 -0800 (PST)
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com
 [10.5.11.11])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 1F35E792B8;
	Wed,  2 Jan 2019 14:10:45 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id CF84E6013C;
	Wed,  2 Jan 2019 14:10:44 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 85DF6181A968;
	Wed,  2 Jan 2019 14:10:44 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com
	[10.5.11.13])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id x02E92VD000913 for <libvir-list@listman.util.phx.redhat.com>;
	Wed, 2 Jan 2019 09:09:02 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id 7E033608DC; Wed,  2 Jan 2019 14:09:02 +0000 (UTC)
Received: from antique-work.brq.redhat.com (unknown [10.43.2.181])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 04FA5608D9
	for <libvir-list@redhat.com>; Wed,  2 Jan 2019 14:09:01 +0000 (UTC)
From: Pavel Hrdina <phrdina@redhat.com>
To: libvir-list@redhat.com
Date: Wed,  2 Jan 2019 15:08:40 +0100
Message-Id: 
 <bcec67fca203d12f86bf1ee903f30ec3a51cc67a.1546437956.git.phrdina@redhat.com>
In-Reply-To: <cover.1546437956.git.phrdina@redhat.com>
References: <cover.1546437956.git.phrdina@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH 08/19] vircgroup: introduce
	virCgroupV2DevicePrepareProg
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]);
 Wed, 02 Jan 2019 14:10:46 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"

This function will be called for every virCgroup(Allow|Deny)* API in
order to prepare BPF program for guest.  Since libvirtd can be restarted
at any point we will first try to detect existing progam, if there is
none we will create a new empty BPF program and lastly if we don't have
any space left in the existing BPF map we will create a new copy of the
BPF map with more space and attach a new program with that map into the
guest cgroup.

This solution allows us to start with reasonably small BPF map consuming
only small amount of memory and if needed we can easily extend the BPF
map if there is a lot of host devices used in guest or if user wants to
hot-plug a lot of devices once the guest is running.

This overcomes all the limitations in BPF:

    - map used in program has to be created before the program is loaded
      into kernel

    - once map is created you cannot change its size

    - you cannot replace map in existing program

    - you cannot use an array of maps because it can store FD to maps
      of one specific size so we would not be able to use it to overcome
      the second issue

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
---
 src/util/vircgroupv2.c | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/src/util/vircgroupv2.c b/src/util/vircgroupv2.c
index d70eefd92f..aea094a328 100644
--- a/src/util/vircgroupv2.c
+++ b/src/util/vircgroupv2.c
@@ -1914,6 +1914,33 @@ virCgroupV2DeviceCreateProg(virCgroupPtr group)
 }
=20
=20
+static int
+virCgroupV2DevicePrepareProg(virCgroupPtr group)
+{
+    if (virCgroupV2DeviceDetectProg(group) < 0)
+        return -1;
+
+    if (virCgroupV2DeviceCreateProg(group) < 0)
+        return -1;
+
+    if (group->unified.devices.count >=3D group->unified.devices.max) {
+        size_t max =3D group->unified.devices.max * 2;
+        int newmapfd =3D virCgroupV2DeviceReallocMap(group->unified.device=
s.mapfd,
+                                                   max);
+
+        if (newmapfd < 0)
+            return -1;
+
+        if (virCgroupV2DeviceAttachProg(group, newmapfd, max) < 0) {
+            VIR_FORCE_CLOSE(newmapfd);
+            return -1;
+        }
+    }
+
+    return 0;
+}
+
+
 virCgroupBackend virCgroupV2Backend =3D {
     .type =3D VIR_CGROUP_BACKEND_TYPE_V2,
=20
--=20
2.20.1

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list