This function will be called if libvirtd was restarted while some
domains were running. It will try to detect existing programs attached
to the guest cgroup.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
---
src/libvirt_private.syms | 1 +
src/util/vircgroupv2devices.c | 117 ++++++++++++++++++++++++++++++++++
src/util/vircgroupv2devices.h | 3 +
3 files changed, 121 insertions(+)
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 24a783840f..4753507c0a 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -1655,6 +1655,7 @@ virCgroupV2Register;
# util/vircgroupv2devices.h
virCgroupV2DevicesAttachProg;
virCgroupV2DevicesAvailable;
+virCgroupV2DevicesDetectProg;
# util/virclosecallbacks.h
virCloseCallbacksGet;
diff --git a/src/util/vircgroupv2devices.c b/src/util/vircgroupv2devices.c
index c8686e8768..e936f0aa0e 100644
--- a/src/util/vircgroupv2devices.c
+++ b/src/util/vircgroupv2devices.c
@@ -328,6 +328,113 @@ virCgroupV2DevicesAttachProg(virCgroupPtr group,
VIR_FORCE_CLOSE(mapfd);
return ret;
}
+
+
+static int
+virCgroupV2DevicesCountMapEntries(int mapfd)
+{
+ int ret = 0;
+ int rc;
+ uint64_t key = 0;
+ uint64_t prevKey = 0;
+
+ while ((rc = virBPFGetNextElem(mapfd, &prevKey, &key)) == 0) {
+ ret++;
+ prevKey = key;
+ }
+
+ if (rc < 0)
+ return -1;
+
+ return ret;
+}
+
+
+# define MAX_PROG_IDS 10
+
+int
+virCgroupV2DevicesDetectProg(virCgroupPtr group)
+{
+ int ret = -1;
+ int cgroupfd = -1;
+ unsigned int progcnt = 0;
+ unsigned int progids[MAX_PROG_IDS] = { 0 };
+ VIR_AUTOFREE(char *) path = NULL;
+
+ if (group->unified.devices.progfd > 0 && group->unified.devices.mapfd > 0)
+ return 0;
+
+ if (virCgroupPathOfController(group, VIR_CGROUP_CONTROLLER_DEVICES,
+ NULL, &path) < 0) {
+ return -1;
+ }
+
+ cgroupfd = open(path, O_RDONLY);
+ if (cgroupfd < 0) {
+ virReportSystemError(errno, _("unable to open '%s'"), path);
+ goto cleanup;
+ }
+
+ if (virBPFQueryProg(cgroupfd, MAX_PROG_IDS, BPF_CGROUP_DEVICE,
+ &progcnt, progids) < 0) {
+ virReportSystemError(errno, "%s", _("unable to query cgroup BPF progs"));
+ goto cleanup;
+ }
+
+ if (progcnt > 0) {
+ /* No need to have alternate code, this function will not be called
+ * if compiled with old kernel. */
+ int progfd = virBPFGetProg(progids[0]);
+ int mapfd = -1;
+ int nitems = -1;
+ struct bpf_prog_info progInfo = { 0 };
+ struct bpf_map_info mapInfo = { 0 };
+ VIR_AUTOFREE(unsigned int *) mapIDs = NULL;
+
+ if (progfd < 0) {
+ virReportSystemError(errno, "%s", _("failed to get cgroup BPF prog FD"));
+ goto cleanup;
+ }
+
+ if (virBPFGetProgInfo(progfd, &progInfo, &mapIDs) < 0) {
+ virReportSystemError(errno, "%s", _("failed to get cgroup BPF prog info"));
+ goto cleanup;
+ }
+
+ if (progInfo.nr_map_ids == 0) {
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+ _("no map for cgroup BPF prog"));
+ goto cleanup;
+ }
+
+ mapfd = virBPFGetMap(mapIDs[0]);
+ if (mapfd < 0) {
+ virReportSystemError(errno, "%s", _("failed to get cgroup BPF map FD"));
+ goto cleanup;
+ }
+
+ if (virBPFGetMapInfo(mapfd, &mapInfo) < 0) {
+ virReportSystemError(errno, "%s", _("failed to get cgroup BPF map info"));
+ goto cleanup;
+ }
+
+ nitems = virCgroupV2DevicesCountMapEntries(mapfd);
+ if (nitems < 0) {
+ virReportSystemError(errno, "%s", _("failed to count cgroup BPF map items"));
+ goto cleanup;
+ }
+
+ group->unified.devices.progfd = progfd;
+ group->unified.devices.mapfd = mapfd;
+ group->unified.devices.max = mapInfo.max_entries;
+ group->unified.devices.count = nitems;
+ }
+
+ ret = 0;
+ cleanup:
+ VIR_FORCE_CLOSE(cgroupfd);
+ return ret;
+}
#else /* !HAVE_DECL_BPF_CGROUP_DEVICE */
bool
virCgroupV2DevicesAvailable(virCgroupPtr group ATTRIBUTE_UNUSED)
@@ -346,4 +453,14 @@ virCgroupV2DevicesAttachProg(virCgroupPtr group ATTRIBUTE_UNUSED,
"with this kernel"));
return -1;
}
+
+
+int
+virCgroupV2DevicesDetectProg(virCgroupPtr group ATTRIBUTE_UNUSED)
+{
+ virReportSystemError(ENOSYS, "%s",
+ _("cgroups v2 BPF devices not supported "
+ "with this kernel"));
+ return -1;
+}
#endif /* !HAVE_DECL_BPF_CGROUP_DEVICE */
diff --git a/src/util/vircgroupv2devices.h b/src/util/vircgroupv2devices.h
index 1ba87acb00..a8e50dcca5 100644
--- a/src/util/vircgroupv2devices.h
+++ b/src/util/vircgroupv2devices.h
@@ -29,4 +29,7 @@ virCgroupV2DevicesAttachProg(virCgroupPtr group,
int mapfd,
size_t max);
+int
+virCgroupV2DevicesDetectProg(virCgroupPtr group);
+
#endif /* LIBVIRT_VIRCGROUPV2DEVICES_H */
--
2.20.1
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
On Thu, Apr 25, 2019 at 09:44:21AM +0200, Pavel Hrdina wrote:
>This function will be called if libvirtd was restarted while some
>domains were running. It will try to detect existing programs attached
>to the guest cgroup.
>
>Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
>---
> src/libvirt_private.syms | 1 +
> src/util/vircgroupv2devices.c | 117 ++++++++++++++++++++++++++++++++++
> src/util/vircgroupv2devices.h | 3 +
> 3 files changed, 121 insertions(+)
>
>diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
>index 24a783840f..4753507c0a 100644
>--- a/src/libvirt_private.syms
>+++ b/src/libvirt_private.syms
>@@ -1655,6 +1655,7 @@ virCgroupV2Register;
> # util/vircgroupv2devices.h
> virCgroupV2DevicesAttachProg;
> virCgroupV2DevicesAvailable;
>+virCgroupV2DevicesDetectProg;
>
> # util/virclosecallbacks.h
> virCloseCallbacksGet;
>diff --git a/src/util/vircgroupv2devices.c b/src/util/vircgroupv2devices.c
>index c8686e8768..e936f0aa0e 100644
>--- a/src/util/vircgroupv2devices.c
>+++ b/src/util/vircgroupv2devices.c
>@@ -328,6 +328,113 @@ virCgroupV2DevicesAttachProg(virCgroupPtr group,
> VIR_FORCE_CLOSE(mapfd);
> return ret;
> }
>+
>+
>+static int
>+virCgroupV2DevicesCountMapEntries(int mapfd)
>+{
>+ int ret = 0;
>+ int rc;
>+ uint64_t key = 0;
>+ uint64_t prevKey = 0;
>+
>+ while ((rc = virBPFGetNextElem(mapfd, &prevKey, &key)) == 0) {
>+ ret++;
>+ prevKey = key;
>+ }
>+
>+ if (rc < 0)
>+ return -1;
>+
>+ return ret;
>+}
>+
>+
>+# define MAX_PROG_IDS 10
>+
>+int
>+virCgroupV2DevicesDetectProg(virCgroupPtr group)
>+{
>+ int ret = -1;
>+ int cgroupfd = -1;
With VIR_AUTOCLOSE
>+ unsigned int progcnt = 0;
>+ unsigned int progids[MAX_PROG_IDS] = { 0 };
>+ VIR_AUTOFREE(char *) path = NULL;
>+
>+ if (group->unified.devices.progfd > 0 && group->unified.devices.mapfd > 0)
>+ return 0;
>+
>+ if (virCgroupPathOfController(group, VIR_CGROUP_CONTROLLER_DEVICES,
>+ NULL, &path) < 0) {
>+ return -1;
>+ }
>+
>+ cgroupfd = open(path, O_RDONLY);
>+ if (cgroupfd < 0) {
>+ virReportSystemError(errno, _("unable to open '%s'"), path);
>+ goto cleanup;
>+ }
>+
>+ if (virBPFQueryProg(cgroupfd, MAX_PROG_IDS, BPF_CGROUP_DEVICE,
>+ &progcnt, progids) < 0) {
>+ virReportSystemError(errno, "%s", _("unable to query cgroup BPF progs"));
>+ goto cleanup;
>+ }
>+
and:
if (progcnt == 0)
return 0;
you can reduce the indentation level below
>+ if (progcnt > 0) {
>+ /* No need to have alternate code, this function will not be called
>+ * if compiled with old kernel. */
>+ int progfd = virBPFGetProg(progids[0]);
>+ int mapfd = -1;
>+ int nitems = -1;
>+ struct bpf_prog_info progInfo = { 0 };
>+ struct bpf_map_info mapInfo = { 0 };
>+ VIR_AUTOFREE(unsigned int *) mapIDs = NULL;
>+
>+ if (progfd < 0) {
>+ virReportSystemError(errno, "%s", _("failed to get cgroup BPF prog FD"));
>+ goto cleanup;
>+ }
>+
>+ if (virBPFGetProgInfo(progfd, &progInfo, &mapIDs) < 0) {
>+ virReportSystemError(errno, "%s", _("failed to get cgroup BPF prog info"));
>+ goto cleanup;
>+ }
>+
>+ if (progInfo.nr_map_ids == 0) {
>+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
>+ _("no map for cgroup BPF prog"));
>+ goto cleanup;
>+ }
>+
>+ mapfd = virBPFGetMap(mapIDs[0]);
>+ if (mapfd < 0) {
>+ virReportSystemError(errno, "%s", _("failed to get cgroup BPF map FD"));
>+ goto cleanup;
>+ }
>+
>+ if (virBPFGetMapInfo(mapfd, &mapInfo) < 0) {
>+ virReportSystemError(errno, "%s", _("failed to get cgroup BPF map info"));
>+ goto cleanup;
>+ }
>+
>+ nitems = virCgroupV2DevicesCountMapEntries(mapfd);
>+ if (nitems < 0) {
>+ virReportSystemError(errno, "%s", _("failed to count cgroup BPF map items"));
>+ goto cleanup;
>+ }
>+
>+ group->unified.devices.progfd = progfd;
>+ group->unified.devices.mapfd = mapfd;
>+ group->unified.devices.max = mapInfo.max_entries;
>+ group->unified.devices.count = nitems;
>+ }
>+
>+ ret = 0;
>+ cleanup:
>+ VIR_FORCE_CLOSE(cgroupfd);
>+ return ret;
>+}
> #else /* !HAVE_DECL_BPF_CGROUP_DEVICE */
> bool
> virCgroupV2DevicesAvailable(virCgroupPtr group ATTRIBUTE_UNUSED)
>@@ -346,4 +453,14 @@ virCgroupV2DevicesAttachProg(virCgroupPtr group ATTRIBUTE_UNUSED,
> "with this kernel"));
> return -1;
> }
>+
>+
>+int
>+virCgroupV2DevicesDetectProg(virCgroupPtr group ATTRIBUTE_UNUSED)
>+{
>+ virReportSystemError(ENOSYS, "%s",
>+ _("cgroups v2 BPF devices not supported "
>+ "with this kernel"));
>+ return -1;
>+}
> #endif /* !HAVE_DECL_BPF_CGROUP_DEVICE */
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Jano
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
© 2016 - 2026 Red Hat, Inc.