On Wed, Jan 02, 2019 at 03:08:32PM +0100, Pavel Hrdina wrote:
>In cgroups v2 there is no devices controller, BPF should be used
>instead.
>
>Patches 3 - 12 will be squashed into single commit and they need to be
>compiled together, I've separated them to make review easier.
>
>Pavel Hrdina (19):
> util: introduce virbpf helpers
> vircgroup: introduce virCgroupV2DevicesAvailable
> vircgroup: introduce virCgroupV2DeviceLoadProg
> vircgroup: introduce virCgroupV2DeviceAttachProg
> vircgroup: introduce virCgroupV2DeviceDetectProg
> vircgroup: introduce virCgroupV2DeviceCreateProg
> vircgroup: introduce virCgroupV2DeviceReallocMap
> vircgroup: introduce virCgroupV2DevicePrepareProg
> vircgroup: introduce virCgroupV2DeviceRemoveProg
> vircgroup: introduce virCgroupV2DeviceGetPerms
> vircgroup: introduce virCgroupV2DeviceGetKey
> vircgroup: introduce virCgroupV2AllowDevice
> vircgroup: introduce virCgroupV2DenyDevice
> vircgroup: introduce virCgroupV2AllowAllDevices
> vircgroup: introduce virCgroupV2DenyAllDevices
> vircgroup: workaround devices in hybrid mode
> vircgroupv2: detech BPF program before removing cgroup
> vircgroupv2: use dummy process to workaround kernel bug with systemd
> vircgroupmock: mock virBPFQueryProg
>
> include/libvirt/virterror.h | 1 +
> src/Makefile.am | 1 +
> src/libvirt_private.syms | 17 +
> src/lxc/lxc_cgroup.c | 1 +
> src/qemu/qemu_cgroup.c | 6 +-
> src/util/Makefile.inc.am | 2 +
> src/util/virbpf.c | 263 ++++++++++++
> src/util/virbpf.h | 249 ++++++++++++
> src/util/vircgroup.c | 18 +-
> src/util/vircgroup.h | 1 +
> src/util/vircgroupbackend.h | 3 +-
> src/util/vircgrouppriv.h | 12 +
> src/util/vircgroupv1.c | 9 +-
> src/util/vircgroupv2.c | 638 +++++++++++++++++++++++++++++-
> src/util/virerror.c | 1 +
> src/util/virsystemd.c | 2 +-
> src/util/virsystemd.h | 2 +
> tests/vircgroupdata/hybrid.parsed | 2 +-
> tests/vircgroupmock.c | 11 +
> tests/vircgrouptest.c | 4 +-
> 20 files changed, 1233 insertions(+), 10 deletions(-)
> create mode 100644 src/util/virbpf.c
> create mode 100644 src/util/virbpf.h
>
I haven't had the time to look at this closely, but this fails to compile
on my Gentoo with sys-kernel/linux-headers-4.14-r1:
util/virbpf.c:121:10: error: field designator 'query' does not refer to any field in type 'union bpf_attr'
.query.target_fd = targetfd,
^
util/virbpf.c:122:10: error: field designator 'query' does not refer to any field in type 'union bpf_attr'
.query.attach_type = attachType,
^
util/virbpf.c:123:10: error: field designator 'query' does not refer to any field in type 'union bpf_attr'
.query.prog_cnt = maxprogids,
^
util/virbpf.c:124:10: error: field designator 'query' does not refer to any field in type 'union bpf_attr'
.query.prog_ids = (__u64)progids,
^
util/virbpf.c:127:27: error: use of undeclared identifier 'BPF_PROG_QUERY'; did you mean 'BPF_PROG_LOAD'?
rc = syscall(SYS_bpf, BPF_PROG_QUERY, &attr, sizeof(attr));
^~~~~~~~~~~~~~
BPF_PROG_LOAD
/usr/include/linux/bpf.h:85:2: note: 'BPF_PROG_LOAD' declared here
BPF_PROG_LOAD,
^
util/virbpf.c:162:25: error: no member named 'nr_map_ids' in 'struct bpf_prog_info'
if (mapIDs && info->nr_map_ids > 0) {
~~~~ ^
util/virbpf.c:163:37: error: no member named 'nr_map_ids' in 'struct bpf_prog_info'
unsigned int maplen = info->nr_map_ids;
~~~~ ^
util/virbpf.c:170:15: error: no member named 'nr_map_ids' in 'struct bpf_prog_info'
info->nr_map_ids = maplen;
~~~~ ^
util/virbpf.c:171:15: error: no member named 'map_ids' in 'struct bpf_prog_info'
info->map_ids = (__u64)retmapIDs;
~~~~ ^
9 errors generated.
CC util/libvirt_util_la-viriptables.lo
CC util/libvirt_util_la-viriscsi.lo
make[3]: *** [Makefile:11083: util/libvirt_util_la-virbpf.lo] Error 1
make[3]: *** Waiting for unfinished jobs....
util/vircgroupv2.c:305:38: error: use of undeclared identifier 'BPF_CGROUP_DEVICE'; did you mean 'VIR_CGROUP_DEVICE_RW'?
if (virBPFQueryProg(cgroupfd, 0, BPF_CGROUP_DEVICE, &progCnt, NULL) < 0) {
^~~~~~~~~~~~~~~~~
VIR_CGROUP_DEVICE_RW
./util/vircgroup.h:200:5: note: 'VIR_CGROUP_DEVICE_RW' declared here
VIR_CGROUP_DEVICE_RW = VIR_CGROUP_DEVICE_READ | VIR_CGROUP_DEVICE_WRITE,
^
util/vircgroupv2.c:1686:33: error: use of undeclared identifier 'BPF_PROG_TYPE_CGROUP_DEVICE'; did you mean 'BPF_PROG_TYPE_CGROUP_SOCK'?
return virBPFLoadProg(prog, BPF_PROG_TYPE_CGROUP_DEVICE, ARRAY_CARDINALITY(prog));
^~~~~~~~~~~~~~~~~~~~~~~~~~~
BPF_PROG_TYPE_CGROUP_SOCK
/usr/include/linux/bpf.h:127:2: note: 'BPF_PROG_TYPE_CGROUP_SOCK' declared here
BPF_PROG_TYPE_CGROUP_SOCK,
^
util/vircgroupv2.c:1717:44: error: use of undeclared identifier 'BPF_CGROUP_DEVICE'; did you mean 'VIR_CGROUP_DEVICE_RW'?
if (virBPFAttachProg(progfd, cgroupfd, BPF_CGROUP_DEVICE) < 0) {
^~~~~~~~~~~~~~~~~
VIR_CGROUP_DEVICE_RW
./util/vircgroup.h:200:5: note: 'VIR_CGROUP_DEVICE_RW' declared here
VIR_CGROUP_DEVICE_RW = VIR_CGROUP_DEVICE_READ | VIR_CGROUP_DEVICE_WRITE,
^
util/vircgroupv2.c:1787:49: error: use of undeclared identifier 'BPF_CGROUP_DEVICE'; did you mean 'VIR_CGROUP_DEVICE_RW'?
if (virBPFQueryProg(cgroupfd, MAX_PROG_IDS, BPF_CGROUP_DEVICE,
^~~~~~~~~~~~~~~~~
VIR_CGROUP_DEVICE_RW
./util/vircgroup.h:200:5: note: 'VIR_CGROUP_DEVICE_RW' declared here
VIR_CGROUP_DEVICE_RW = VIR_CGROUP_DEVICE_READ | VIR_CGROUP_DEVICE_WRITE,
^
util/vircgroupv2.c:1811:22: error: no member named 'nr_map_ids' in 'struct bpf_prog_info'
if (progInfo.nr_map_ids == 0) {
~~~~~~~~ ^
util/vircgroupv2.c:2043:36: error: use of undeclared identifier 'BPF_CGROUP_DEVICE'; did you mean 'VIR_CGROUP_DEVICE_RW'?
cgroupfd, BPF_CGROUP_DEVICE) < 0) {
^~~~~~~~~~~~~~~~~
VIR_CGROUP_DEVICE_RW
./util/vircgroup.h:200:5: note: 'VIR_CGROUP_DEVICE_RW' declared here
VIR_CGROUP_DEVICE_RW = VIR_CGROUP_DEVICE_READ | VIR_CGROUP_DEVICE_WRITE,
^
util/vircgroupv2.c:2069:16: error: use of undeclared identifier 'BPF_DEVCG_ACC_MKNOD'
ret |= BPF_DEVCG_ACC_MKNOD << 16;
^
util/vircgroupv2.c:2072:16: error: use of undeclared identifier 'BPF_DEVCG_ACC_READ'
ret |= BPF_DEVCG_ACC_READ << 16;
^
util/vircgroupv2.c:2075:16: error: use of undeclared identifier 'BPF_DEVCG_ACC_WRITE'
ret |= BPF_DEVCG_ACC_WRITE << 16;
^
util/vircgroupv2.c:2078:16: error: use of undeclared identifier 'BPF_DEVCG_DEV_BLOCK'
ret |= BPF_DEVCG_DEV_BLOCK;
^
util/vircgroupv2.c:2080:16: error: use of undeclared identifier 'BPF_DEVCG_DEV_CHAR'
ret |= BPF_DEVCG_DEV_CHAR;
^
util/vircgroupv2.c:2082:16: error: use of undeclared identifier 'BPF_DEVCG_DEV_BLOCK'
ret |= BPF_DEVCG_DEV_BLOCK | BPF_DEVCG_DEV_CHAR;
^
util/vircgroupv2.c:2082:38: error: use of undeclared identifier 'BPF_DEVCG_DEV_CHAR'
ret |= BPF_DEVCG_DEV_BLOCK | BPF_DEVCG_DEV_CHAR;
^
13 errors generated.
Jano
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list