From nobody Sun May 5 06:27:44 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1556178286; cv=none; d=zoho.com; s=zohoarc; b=DtVUqbyDWEkv/4fex+8e2TrUbHglBdi7TvaaGkhEn1AYkB8s97PKocLB0w2mbgE0S1FzVIsxcBJw6lUj0vA+zWvEws4+rKKh7MJUvlvqOo0vpJu44Rb27gcvnOvZ8WHtnpDmgV+obINZwKKfU4aq1RfIf+LvAerepJRWsBTu1lI= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1556178286; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=JG0uk/YqvYAazqOuTxPUh5YDk4LdT6itQ8UJ2p/d1Jg=; b=mpXNLRjATr+lbtcEML0V2xSsDvEXMhN5rXaPIlTr1+6e7uBLhgzhulB2Fm8NfRBiYwdy9h+Cp4I7QfOOmxV5gyM2FpMu6ies0GefL55ffkN94B0+13AmtfbpAOq684dr4peQjOfk/a6+knuwZBTMweYkaQ13rHo6elDKMYZABQY= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1556178286264688.6512933614048; Thu, 25 Apr 2019 00:44:46 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 7B57A308BBCD; Thu, 25 Apr 2019 07:44:39 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 2E6005D719; Thu, 25 Apr 2019 07:44:39 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id EDB2565D14; Thu, 25 Apr 2019 07:44:35 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x3P7iYNd007806 for ; Thu, 25 Apr 2019 03:44:34 -0400 Received: by smtp.corp.redhat.com (Postfix) id 9588E66074; Thu, 25 Apr 2019 07:44:34 +0000 (UTC) Received: from antique-work.brq.redhat.com (unknown [10.43.2.63]) by smtp.corp.redhat.com (Postfix) with ESMTP id CE3BF69184 for ; Thu, 25 Apr 2019 07:44:33 +0000 (UTC) From: Pavel Hrdina To: libvir-list@redhat.com Date: Thu, 25 Apr 2019 09:44:18 +0200 Message-Id: In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v3 01/15] util: introduce virbpf helpers X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.47]); Thu, 25 Apr 2019 07:44:45 +0000 (UTC) Content-Type: text/plain; charset="utf-8" In order to implement devices controller with cgroup v2 we need to add support for BPF programs, cgroup v2 doesn't have devices controller. This introduces required helpers wrapping linux syscalls. Signed-off-by: Pavel Hrdina Reviewed-by: J=C3=A1n Tomko --- configure.ac | 5 + include/libvirt/virterror.h | 2 + src/libvirt_private.syms | 16 ++ src/util/Makefile.inc.am | 2 + src/util/virbpf.c | 438 ++++++++++++++++++++++++++++++++++++ src/util/virbpf.h | 259 +++++++++++++++++++++ src/util/virerror.c | 2 + 7 files changed, 724 insertions(+) create mode 100644 src/util/virbpf.c create mode 100644 src/util/virbpf.h diff --git a/configure.ac b/configure.ac index dcd78f64bf..fbbc88303a 100644 --- a/configure.ac +++ b/configure.ac @@ -876,6 +876,11 @@ AC_CHECK_DECLS([clock_serv_t, host_get_clock_service, = clock_get_time], #include ]) =20 +# Check if we have new enough kernel to support BPF devices for cgroups v2 +if test "$with_linux" =3D "yes"; then + AC_CHECK_DECLS([BPF_PROG_QUERY], [], [], [#include ]) +fi + # Check if we need to look for ifconfig if test "$want_ifconfig" =3D "yes"; then AC_PATH_PROG([IFCONFIG_PATH], [ifconfig]) diff --git a/include/libvirt/virterror.h b/include/libvirt/virterror.h index 6dc83a17cc..f1fb9d4721 100644 --- a/include/libvirt/virterror.h +++ b/include/libvirt/virterror.h @@ -134,6 +134,8 @@ typedef enum { VIR_FROM_FIREWALLD =3D 68, /* Error from firewalld */ VIR_FROM_DOMAIN_CHECKPOINT =3D 69, /* Error from domain checkpoint */ =20 + VIR_FROM_BPF =3D 70, /* Error from BPF code */ + # ifdef VIR_ENUM_SENTINELS VIR_ERR_DOMAIN_LAST # endif diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index a03cf0b645..56db5d92cd 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -1519,6 +1519,22 @@ virBitmapToDataBuf; virBitmapToString; =20 =20 +# util/virbpf.h +virBPFAttachProg; +virBPFCreateMap; +virBPFDeleteElem; +virBPFDetachProg; +virBPFGetMap; +virBPFGetMapInfo; +virBPFGetNextElem; +virBPFGetProg; +virBPFGetProgInfo; +virBPFLoadProg; +virBPFLookupElem; +virBPFQueryProg; +virBPFUpdateElem; + + # util/virbuffer.h virBufferAdd; virBufferAddBuffer; diff --git a/src/util/Makefile.inc.am b/src/util/Makefile.inc.am index c757f5a6ae..0c2ee03c2f 100644 --- a/src/util/Makefile.inc.am +++ b/src/util/Makefile.inc.am @@ -20,6 +20,8 @@ UTIL_SOURCES =3D \ util/virautoclean.h \ util/virbitmap.c \ util/virbitmap.h \ + util/virbpf.c \ + util/virbpf.h \ util/virbuffer.c \ util/virbuffer.h \ util/virperf.c \ diff --git a/src/util/virbpf.c b/src/util/virbpf.c new file mode 100644 index 0000000000..a79a97d578 --- /dev/null +++ b/src/util/virbpf.c @@ -0,0 +1,438 @@ +/* + * virbpf.c: methods for eBPF + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library. If not, see + * . + */ +#include + +#include + +#include "internal.h" + +#include "viralloc.h" +#include "virbpf.h" +#include "virerror.h" +#include "virfile.h" +#include "virlog.h" +#include "virstring.h" + +VIR_LOG_INIT("util.bpf"); + +#define VIR_FROM_THIS VIR_FROM_BPF + +#if HAVE_DECL_BPF_PROG_QUERY +int +virBPFCreateMap(unsigned int mapType, + unsigned int keySize, + unsigned int valSize, + unsigned int maxEntries) +{ + union bpf_attr attr; + + memset(&attr, 0, sizeof(attr)); + + attr.map_type =3D mapType; + attr.key_size =3D keySize; + attr.value_size =3D valSize; + attr.max_entries =3D maxEntries; + + return syscall(SYS_bpf, BPF_MAP_CREATE, &attr, sizeof(attr)); +} + + +# define LOG_BUF_SIZE (256 * 1024) + +int +virBPFLoadProg(struct bpf_insn *insns, + int progType, + unsigned int insnCnt) +{ + VIR_AUTOFREE(char *) logbuf =3D NULL; + int progfd =3D -1; + union bpf_attr attr; + + if (VIR_ALLOC_N(logbuf, LOG_BUF_SIZE) < 0) + return -1; + + memset(&attr, 0, sizeof(attr)); + + attr.prog_type =3D progType; + attr.insn_cnt =3D (uint32_t)insnCnt; + attr.insns =3D (uint64_t)insns; + attr.license =3D (uint64_t)"GPL"; + attr.log_buf =3D (uint64_t)logbuf; + attr.log_size =3D LOG_BUF_SIZE; + attr.log_level =3D 1; + + progfd =3D syscall(SYS_bpf, BPF_PROG_LOAD, &attr, sizeof(attr)); + + if (progfd < 0) + VIR_DEBUG("%s", logbuf); + + return progfd; +} + + +int +virBPFAttachProg(int progfd, + int targetfd, + int attachType) +{ + union bpf_attr attr; + + memset(&attr, 0, sizeof(attr)); + + attr.target_fd =3D targetfd; + attr.attach_bpf_fd =3D progfd; + attr.attach_type =3D attachType; + + return syscall(SYS_bpf, BPF_PROG_ATTACH, &attr, sizeof(attr)); +} + + +int +virBPFDetachProg(int progfd, + int targetfd, + int attachType) +{ + union bpf_attr attr; + + memset(&attr, 0, sizeof(attr)); + + attr.target_fd =3D targetfd; + attr.attach_bpf_fd =3D progfd; + attr.attach_type =3D attachType; + + return syscall(SYS_bpf, BPF_PROG_DETACH, &attr, sizeof(attr)); +} + + +int +virBPFQueryProg(int targetfd, + unsigned int maxprogids, + int attachType, + unsigned int *progcnt, + void *progids) +{ + union bpf_attr attr; + int rc; + + memset(&attr, 0, sizeof(attr)); + + attr.query.target_fd =3D targetfd; + attr.query.attach_type =3D attachType; + attr.query.prog_cnt =3D maxprogids; + attr.query.prog_ids =3D (uint64_t)progids; + + rc =3D syscall(SYS_bpf, BPF_PROG_QUERY, &attr, sizeof(attr)); + + if (rc >=3D 0) + *progcnt =3D attr.query.prog_cnt; + + return rc; +} + + +int +virBPFGetProg(unsigned int id) +{ + union bpf_attr attr; + + memset(&attr, 0, sizeof(attr)); + + attr.prog_id =3D id; + + return syscall(SYS_bpf, BPF_PROG_GET_FD_BY_ID, &attr, sizeof(attr)); +} + + +int +virBPFGetProgInfo(int progfd, + struct bpf_prog_info *info, + unsigned int **mapIDs) +{ + union bpf_attr attr; + int rc; + + memset(&attr, 0, sizeof(attr)); + + attr.info.bpf_fd =3D progfd; + attr.info.info_len =3D sizeof(struct bpf_prog_info); + attr.info.info =3D (uint64_t)info; + + rc =3D syscall(SYS_bpf, BPF_OBJ_GET_INFO_BY_FD, &attr, sizeof(attr)); + if (rc < 0) + return rc; + + if (mapIDs && info->nr_map_ids > 0) { + unsigned int maplen =3D info->nr_map_ids; + VIR_AUTOFREE(unsigned int *) retmapIDs =3D NULL; + + if (VIR_ALLOC_N(retmapIDs, maplen) < 0) + return -1; + + memset(info, 0, sizeof(struct bpf_prog_info)); + info->nr_map_ids =3D maplen; + info->map_ids =3D (uint64_t)retmapIDs; + + memset(&attr, 0, sizeof(attr)); + attr.info.bpf_fd =3D progfd; + attr.info.info_len =3D sizeof(struct bpf_prog_info); + attr.info.info =3D (uint64_t)info; + + rc =3D syscall(SYS_bpf, BPF_OBJ_GET_INFO_BY_FD, &attr, sizeof(attr= )); + if (rc < 0) + return rc; + + VIR_STEAL_PTR(*mapIDs, retmapIDs); + } + + return rc; +} + + +int +virBPFGetMap(unsigned int id) +{ + union bpf_attr attr; + + memset(&attr, 0, sizeof(attr)); + + attr.map_id =3D id; + + return syscall(SYS_bpf, BPF_MAP_GET_FD_BY_ID, &attr, sizeof(attr)); +} + + +int +virBPFGetMapInfo(int mapfd, + struct bpf_map_info *info) +{ + union bpf_attr attr; + + memset(&attr, 0, sizeof(attr)); + + attr.info.bpf_fd =3D mapfd; + attr.info.info_len =3D sizeof(struct bpf_map_info); + attr.info.info =3D (uint64_t)info; + + return syscall(SYS_bpf, BPF_OBJ_GET_INFO_BY_FD, &attr, sizeof(attr)); +} + + +int +virBPFLookupElem(int mapfd, + void *key, + void *val) +{ + union bpf_attr attr; + + memset(&attr, 0, sizeof(attr)); + + attr.map_fd =3D mapfd; + attr.key =3D (uint64_t)key; + attr.value =3D (uint64_t)val; + + return syscall(SYS_bpf, BPF_MAP_LOOKUP_ELEM, &attr, sizeof(attr)); +} + + +int +virBPFGetNextElem(int mapfd, + void *key, + void *nextKey) +{ + union bpf_attr attr; + + memset(&attr, 0, sizeof(attr)); + + attr.map_fd =3D mapfd; + attr.key =3D (uint64_t)key; + attr.next_key =3D (uint64_t)nextKey; + + return syscall(SYS_bpf, BPF_MAP_GET_NEXT_KEY, &attr, sizeof(attr)); +} + + +int +virBPFUpdateElem(int mapfd, + void *key, + void *val) +{ + union bpf_attr attr; + + memset(&attr, 0, sizeof(attr)); + + attr.map_fd =3D mapfd; + attr.key =3D (uint64_t)key; + attr.value =3D (uint64_t)val; + + return syscall(SYS_bpf, BPF_MAP_UPDATE_ELEM, &attr, sizeof(attr)); +} + + +int +virBPFDeleteElem(int mapfd, + void *key) +{ + union bpf_attr attr; + + memset(&attr, 0, sizeof(attr)); + + attr.map_fd =3D mapfd; + attr.key =3D (uint64_t)key; + + return syscall(SYS_bpf, BPF_MAP_DELETE_ELEM, &attr, sizeof(attr)); +} +#else /* HAVE_DECL_BPF_PROG_QUERY */ +int +virBPFCreateMap(unsigned int mapType ATTRIBUTE_UNUSED, + unsigned int keySize ATTRIBUTE_UNUSED, + unsigned int valSize ATTRIBUTE_UNUSED, + unsigned int maxEntries ATTRIBUTE_UNUSED) +{ + virReportSystemError(ENOSYS, "%s", + _("BPF not supported with this kernel")); + return -1; +} + + +int +virBPFLoadProg(struct bpf_insn *insns ATTRIBUTE_UNUSED, + int progType ATTRIBUTE_UNUSED, + unsigned int insnCnt ATTRIBUTE_UNUSED) +{ + virReportSystemError(ENOSYS, "%s", + _("BPF not supported with this kernel")); + return -1; +} + + +int +virBPFAttachProg(int progfd ATTRIBUTE_UNUSED, + int targetfd ATTRIBUTE_UNUSED, + int attachType ATTRIBUTE_UNUSED) +{ + virReportSystemError(ENOSYS, "%s", + _("BPF not supported with this kernel")); + return -1; +} + + +int +virBPFDetachProg(int progfd ATTRIBUTE_UNUSED, + int targetfd ATTRIBUTE_UNUSED, + int attachType ATTRIBUTE_UNUSED) +{ + virReportSystemError(ENOSYS, "%s", + _("BPF not supported with this kernel")); + return -1; +} + + +int +virBPFQueryProg(int targetfd ATTRIBUTE_UNUSED, + unsigned int maxprogids ATTRIBUTE_UNUSED, + int attachType ATTRIBUTE_UNUSED, + unsigned int *progcnt ATTRIBUTE_UNUSED, + void *progids ATTRIBUTE_UNUSED) +{ + virReportSystemError(ENOSYS, "%s", + _("BPF not supported with this kernel")); + return -1; +} + + +int +virBPFGetProg(unsigned int id ATTRIBUTE_UNUSED) +{ + virReportSystemError(ENOSYS, "%s", + _("BPF not supported with this kernel")); + return -1; +} + + +int +virBPFGetProgInfo(int progfd ATTRIBUTE_UNUSED, + struct bpf_prog_info *info ATTRIBUTE_UNUSED, + unsigned int **mapIDs ATTRIBUTE_UNUSED) +{ + virReportSystemError(ENOSYS, "%s", + _("BPF not supported with this kernel")); + return -1; +} + + +int +virBPFGetMap(unsigned int id ATTRIBUTE_UNUSED) +{ + virReportSystemError(ENOSYS, "%s", + _("BPF not supported with this kernel")); + return -1; +} + + +int +virBPFGetMapInfo(int mapfd ATTRIBUTE_UNUSED, + struct bpf_map_info *info ATTRIBUTE_UNUSED) +{ + virReportSystemError(ENOSYS, "%s", + _("BPF not supported with this kernel")); + return -1; +} + + +int +virBPFLookupElem(int mapfd ATTRIBUTE_UNUSED, + void *key ATTRIBUTE_UNUSED, + void *val ATTRIBUTE_UNUSED) +{ + virReportSystemError(ENOSYS, "%s", + _("BPF not supported with this kernel")); + return -1; +} + + +int +virBPFGetNextElem(int mapfd ATTRIBUTE_UNUSED, + void *key ATTRIBUTE_UNUSED, + void *nextKey ATTRIBUTE_UNUSED) +{ + virReportSystemError(ENOSYS, "%s", + _("BPF not supported with this kernel")); + return -1; +} + + +int +virBPFUpdateElem(int mapfd ATTRIBUTE_UNUSED, + void *key ATTRIBUTE_UNUSED, + void *val ATTRIBUTE_UNUSED) +{ + virReportSystemError(ENOSYS, "%s", + _("BPF not supported with this kernel")); + return -1; +} + + +int +virBPFDeleteElem(int mapfd ATTRIBUTE_UNUSED, + void *key ATTRIBUTE_UNUSED) +{ + virReportSystemError(ENOSYS, "%s", + _("BPF not supported with this kernel")); + return -1; +} +#endif /* HAVE_DECL_BPF_PROG_QUERY */ diff --git a/src/util/virbpf.h b/src/util/virbpf.h new file mode 100644 index 0000000000..b5874e1e8d --- /dev/null +++ b/src/util/virbpf.h @@ -0,0 +1,259 @@ +/* + * virbpf.h: methods for eBPF + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library. If not, see + * . + */ + +#ifndef LIBVIRT_VIRBPF_H +# define LIBVIRT_VIRBPF_H + +# if HAVE_DECL_BPF_PROG_QUERY + +# include + +/* ALU ops on registers, bpf_add|sub|...: dst_reg +=3D src_reg */ + +# define VIR_BPF_ALU64_REG(op, dst, src) \ + ((struct bpf_insn) { \ + .code =3D BPF_ALU64 | BPF_OP(op) | BPF_X, \ + .dst_reg =3D dst, \ + .src_reg =3D src, \ + .off =3D 0, \ + .imm =3D 0, \ + }) + +/* ALU ops on immediates, bpf_add|sub|...: dst_reg +=3D imm32 */ + +# define VIR_BPF_ALU64_IMM(op, dst, immval) \ + ((struct bpf_insn) { \ + .code =3D BPF_ALU64 | BPF_OP(op) | BPF_K, \ + .dst_reg =3D dst, \ + .src_reg =3D 0, \ + .off =3D 0, \ + .imm =3D immval, \ + }) + +/* mov of registers, dst_reg =3D src_reg */ + +# define VIR_BPF_MOV64_REG(dst, src) \ + ((struct bpf_insn) { \ + .code =3D BPF_ALU64 | BPF_MOV | BPF_X, \ + .dst_reg =3D dst, \ + .src_reg =3D src, \ + .off =3D 0, \ + .imm =3D 0, \ + }) + +/* mov of immediates, dst_reg =3D imm32 */ + +# define VIR_BPF_MOV64_IMM(dst, immval) \ + ((struct bpf_insn) { \ + .code =3D BPF_ALU64 | BPF_MOV | BPF_K, \ + .dst_reg =3D dst, \ + .src_reg =3D 0, \ + .off =3D 0, \ + .imm =3D immval, \ + }) + +/* helper to encode 16 byte instruction */ + +# define _VIR_BPF_LD_IMM64_RAW(dst, src, immval) \ + ((struct bpf_insn) { \ + .code =3D BPF_LD | BPF_DW | BPF_IMM, \ + .dst_reg =3D dst, \ + .src_reg =3D src, \ + .off =3D 0, \ + .imm =3D (uint32_t)immval, \ + }), \ + ((struct bpf_insn) { \ + .code =3D 0, \ + .dst_reg =3D 0, \ + .src_reg =3D 0, \ + .off =3D 0, \ + .imm =3D ((uint64_t)immval) >> 32, \ + }) + +/* encodes single 'load 64-bit immediate' insn, dst_reg =3D imm ll */ + +# define VIR_BPF_LD_IMM64(dst, imm) \ + _VIR_BPF_LD_IMM64_RAW(dst, 0, imm) + +/* pseudo VIR_BPF_LD_IMM64 insn used to refer to process-local map_fd */ + +# define VIR_BPF_LD_MAP_FD(dst, mapfd) \ + _VIR_BPF_LD_IMM64_RAW(dst, 1, mapfd) + +/* memory load, dst_reg =3D *(size *) (src_reg + off16) */ + +# define VIR_BPF_LDX_MEM(size, dst, src, offval) \ + ((struct bpf_insn) { \ + .code =3D BPF_LDX | BPF_SIZE(size) | BPF_MEM, \ + .dst_reg =3D dst, \ + .src_reg =3D src, \ + .off =3D offval, \ + .imm =3D 0, \ + }) + +/* memory store of registers, *(size *) (dst_reg + off16) =3D src_reg */ + +# define VIR_BPF_STX_MEM(size, dst, src, offval) \ + ((struct bpf_insn) { \ + .code =3D BPF_STX | BPF_SIZE(size) | BPF_MEM, \ + .dst_reg =3D dst, \ + .src_reg =3D src, \ + .off =3D offval, \ + .imm =3D 0, \ + }) + +/* memory store of immediates, *(size *) (dst_reg + off16) =3D imm32 */ + +# define VIR_BPF_ST_MEM(size, dst, immval, offval) \ + ((struct bpf_insn) { \ + .code =3D BPF_ST | BPF_SIZE(size) | BPF_MEM, \ + .dst_reg =3D dst, \ + .src_reg =3D 0, \ + .off =3D offval, \ + .imm =3D immval, \ + }) + +/* conditional jumps against registers, if (dst_reg 'op' src_reg) goto pc = + off16 */ + +# define VIR_BPF_JMP_REG(op, dst, src, offval) \ + ((struct bpf_insn) { \ + .code =3D BPF_JMP | BPF_OP(op) | BPF_X, \ + .dst_reg =3D dst, \ + .src_reg =3D src, \ + .off =3D offval, \ + .imm =3D 0, \ + }) + +/* conditional jumps against immediates, if (dst_reg 'op' imm32) goto pc += off16 */ + +# define VIR_BPF_JMP_IMM(op, dst, immval, offval) \ + ((struct bpf_insn) { \ + .code =3D BPF_JMP | BPF_OP(op) | BPF_K, \ + .dst_reg =3D dst, \ + .src_reg =3D 0, \ + .off =3D offval, \ + .imm =3D immval, \ + }) + +/* call eBPF function, call imm32 */ + +# define VIR_BPF_CALL_INSN(func) \ + ((struct bpf_insn) { \ + .code =3D BPF_JMP | BPF_CALL, \ + .dst_reg =3D 0, \ + .src_reg =3D 0, \ + .off =3D 0, \ + .imm =3D func, \ + }) + +/* program exit */ + +# define VIR_BPF_EXIT_INSN() \ + ((struct bpf_insn) { \ + .code =3D BPF_JMP | BPF_EXIT, \ + .dst_reg =3D 0, \ + .src_reg =3D 0, \ + .off =3D 0, \ + .imm =3D 0, \ + }) + +# else /* HAVE_DECL_BPF_PROG_QUERY */ + +struct bpf_prog_info; +struct bpf_map_info; +struct bpf_insn; + +# define VIR_BPF_ALU64_REG(op, dst, src) +# define VIR_BPF_ALU64_IMM(op, dst, immval) +# define VIR_BPF_MOV64_REG(dst, src) +# define VIR_BPF_MOV64_IMM(dst, immval) +# define VIR_BPF_LD_IMM64(dst, imm) +# define VIR_BPF_LD_MAP_FD(dst, mapfd) +# define VIR_BPF_LDX_MEM(size, dst, src, offval) +# define VIR_BPF_STX_MEM(size, dst, src, offval) +# define VIR_BPF_ST_MEM(size, dst, immval, offval) +# define VIR_BPF_JMP_REG(op, dst, src, offval) +# define VIR_BPF_JMP_IMM(op, dst, immval, offval) +# define VIR_BPF_CALL_INSN(func) +# define VIR_BPF_EXIT_INSN() + +# endif /* HAVE_DECL_BPF_PROG_QUERY */ + +int +virBPFCreateMap(unsigned int mapType, + unsigned int keySize, + unsigned int valSize, + unsigned int maxEntries); + +int +virBPFGetMapInfo(int mapfd, + struct bpf_map_info *info); + +int +virBPFLoadProg(struct bpf_insn *insns, + int progType, + unsigned int insnCnt); + +int +virBPFAttachProg(int progfd, + int targetfd, + int attachType); + +int +virBPFDetachProg(int progfd, + int targetfd, + int attachType); + +int +virBPFQueryProg(int targetfd, + unsigned int maxprogids, + int attachType, + unsigned int *progcnt, + void *progids); + +int +virBPFGetProg(unsigned int id); + +int +virBPFGetProgInfo(int progfd, + struct bpf_prog_info *info, + unsigned int **mapIDs); + +int +virBPFGetMap(unsigned int id); + +int +virBPFLookupElem(int mapfd, + void *key, + void *val); + +int +virBPFGetNextElem(int mapfd, + void *key, + void *nextKey); + +int +virBPFUpdateElem(int mapfd, + void *key, + void *val); + +int +virBPFDeleteElem(int mapfd, + void *key); + +#endif /* LIBVIRT_VIRBPF_H */ diff --git a/src/util/virerror.c b/src/util/virerror.c index 37b5b2f3f9..f8944698d7 100644 --- a/src/util/virerror.c +++ b/src/util/virerror.c @@ -142,6 +142,8 @@ VIR_ENUM_IMPL(virErrorDomain, "Resource control", "FirewallD", "Domain Checkpoint", + + "BPF", /* 70 */ ); =20 =20 --=20 2.20.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Sun May 5 06:27:44 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1556178296; cv=none; d=zoho.com; s=zohoarc; b=nwN21fJyjQfNK9MXmEWC13aG4zpdBwIFRm9/Msi3lJAshEU5MdIU4zRPvM5c38jlBclXOiUUFsvs6t4c7zvCRXCGnTbTOrcWJ8s95Y93nqPRJc/K/oDrjyAw0kmYNLiS1WGELcUYOz9ZgfZezh6k7yS0xtE2GSwV+yk+j56wrmk= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1556178296; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=R8PaSUP6sSrmU7w46EEDhZeiem88lBNWoeYWtxkhk2g=; b=FpNvdctV8G8r4YWzxlmgqRbdvM9uwKkTluNX6vxkjZEFc3f/mb73GfC990viMiFTL8E+mNI5nk6YgoxNXpYIuI+3QP9hJm3JepwjFeUCxOflyclRFS0usWBc03PpWdniK6QUxZ3PIF+f6cSdrX4ssT0+MTUotMNo+MvkRB6NzIA= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1556178296102382.23414736313816; Thu, 25 Apr 2019 00:44:56 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id B67253088DAF; Thu, 25 Apr 2019 07:44:54 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 83246600C1; Thu, 25 Apr 2019 07:44:54 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 45B5365D19; Thu, 25 Apr 2019 07:44:54 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x3P7iZlD007811 for ; Thu, 25 Apr 2019 03:44:35 -0400 Received: by smtp.corp.redhat.com (Postfix) id 5DA13648B3; Thu, 25 Apr 2019 07:44:35 +0000 (UTC) Received: from antique-work.brq.redhat.com (unknown [10.43.2.63]) by smtp.corp.redhat.com (Postfix) with ESMTP id D2333648A2 for ; Thu, 25 Apr 2019 07:44:34 +0000 (UTC) From: Pavel Hrdina To: libvir-list@redhat.com Date: Thu, 25 Apr 2019 09:44:19 +0200 Message-Id: <227f57e6abbb8fb66feeed5f7d4827907a2bd367.1556178064.git.phrdina@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v3 02/15] vircgroup: introduce virCgroupV2DevicesAvailable X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.42]); Thu, 25 Apr 2019 07:44:55 +0000 (UTC) Content-Type: text/plain; charset="utf-8" There is no exact way how to figure out whether BPF devices support is compiled into kernel. One way is to check kernel configure options but this is not reliable as it may not be available. Let's try to do syscall to which will list BPF cgroup device programs. Signed-off-by: Pavel Hrdina Reviewed-by: J=C3=A1n Tomko --- configure.ac | 3 +- src/Makefile.am | 2 + src/libvirt_private.syms | 3 ++ src/util/Makefile.inc.am | 2 + src/util/vircgroupv2.c | 7 +++- src/util/vircgroupv2devices.c | 73 +++++++++++++++++++++++++++++++++++ src/util/vircgroupv2devices.h | 27 +++++++++++++ 7 files changed, 115 insertions(+), 2 deletions(-) create mode 100644 src/util/vircgroupv2devices.c create mode 100644 src/util/vircgroupv2devices.h diff --git a/configure.ac b/configure.ac index fbbc88303a..67c87c1042 100644 --- a/configure.ac +++ b/configure.ac @@ -878,7 +878,8 @@ AC_CHECK_DECLS([clock_serv_t, host_get_clock_service, c= lock_get_time], =20 # Check if we have new enough kernel to support BPF devices for cgroups v2 if test "$with_linux" =3D "yes"; then - AC_CHECK_DECLS([BPF_PROG_QUERY], [], [], [#include ]) + AC_CHECK_DECLS([BPF_PROG_QUERY, BPF_CGROUP_DEVICE], + [], [], [#include ]) fi =20 # Check if we need to look for ifconfig diff --git a/src/Makefile.am b/src/Makefile.am index 7d452a9490..a65125bac6 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -663,11 +663,13 @@ libvirt_setuid_rpc_client_la_SOURCES =3D \ util/viratomic.h \ util/virautoclean.h \ util/virbitmap.c \ + util/virbpf.c \ util/virbuffer.c \ util/vircgroup.c \ util/vircgroupbackend.c \ util/vircgroupv1.c \ util/vircgroupv2.c \ + util/vircgroupv2devices.c \ util/vircommand.c \ util/virconf.c \ util/virdbus.c \ diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 56db5d92cd..9eac05009c 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -1652,6 +1652,9 @@ virCgroupV1Register; # util/vircgroupv2.h virCgroupV2Register; =20 +# util/vircgroupv2devices.h +virCgroupV2DevicesAvailable; + # util/virclosecallbacks.h virCloseCallbacksGet; virCloseCallbacksGetConn; diff --git a/src/util/Makefile.inc.am b/src/util/Makefile.inc.am index 0c2ee03c2f..5485fe621e 100644 --- a/src/util/Makefile.inc.am +++ b/src/util/Makefile.inc.am @@ -34,6 +34,8 @@ UTIL_SOURCES =3D \ util/vircgroupv1.h \ util/vircgroupv2.c \ util/vircgroupv2.h \ + util/vircgroupv2devices.c \ + util/vircgroupv2devices.h \ util/virclosecallbacks.c \ util/virclosecallbacks.h \ util/vircommand.c \ diff --git a/src/util/vircgroupv2.c b/src/util/vircgroupv2.c index 0cfbc96264..dc7573e05c 100644 --- a/src/util/vircgroupv2.c +++ b/src/util/vircgroupv2.c @@ -33,6 +33,7 @@ #include "vircgroup.h" #include "vircgroupbackend.h" #include "vircgroupv2.h" +#include "vircgroupv2devices.h" #include "virerror.h" #include "virfile.h" #include "virlog.h" @@ -295,6 +296,8 @@ virCgroupV2DetectControllers(virCgroupPtr group, /* In cgroup v2 there is no cpuacct controller, the cpu.stat file alwa= ys * exists with usage stats. */ group->unified.controllers |=3D 1 << VIR_CGROUP_CONTROLLER_CPUACCT; + if (virCgroupV2DevicesAvailable(group)) + group->unified.controllers |=3D 1 << VIR_CGROUP_CONTROLLER_DEVICES; =20 for (i =3D 0; i < VIR_CGROUP_CONTROLLER_LAST; i++) VIR_DEBUG("Controller '%s' present=3D%s", @@ -415,8 +418,10 @@ virCgroupV2MakeGroup(virCgroupPtr parent ATTRIBUTE_UNU= SED, continue; =20 /* Controllers that are implicitly enabled if available. */ - if (i =3D=3D VIR_CGROUP_CONTROLLER_CPUACCT) + if (i =3D=3D VIR_CGROUP_CONTROLLER_CPUACCT || + i =3D=3D VIR_CGROUP_CONTROLLER_DEVICES) { continue; + } =20 if (virCgroupV2EnableController(parent, i) < 0) return -1; diff --git a/src/util/vircgroupv2devices.c b/src/util/vircgroupv2devices.c new file mode 100644 index 0000000000..10080d4fff --- /dev/null +++ b/src/util/vircgroupv2devices.c @@ -0,0 +1,73 @@ +/* + * vircgroupv2devices.c: methods for cgroups v2 BPF devices + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library. If not, see + * . + */ +#include + +#if HAVE_DECL_BPF_CGROUP_DEVICE +# include +# include +# include +# include +# include +#endif /* !HAVE_DECL_BPF_CGROUP_DEVICE */ + +#include "internal.h" + +#define LIBVIRT_VIRCGROUPPRIV_H_ALLOW +#include "vircgrouppriv.h" + +#include "virbpf.h" +#include "vircgroup.h" +#include "vircgroupv2devices.h" +#include "virfile.h" +#include "virlog.h" + +VIR_LOG_INIT("util.cgroup"); + +#define VIR_FROM_THIS VIR_FROM_CGROUP + +#if HAVE_DECL_BPF_CGROUP_DEVICE +bool +virCgroupV2DevicesAvailable(virCgroupPtr group) +{ + bool ret =3D false; + int cgroupfd =3D -1; + unsigned int progCnt =3D 0; + + cgroupfd =3D open(group->unified.mountPoint, O_RDONLY); + if (cgroupfd < 0) { + VIR_DEBUG("failed to open cgroup '%s'", group->unified.mountPoint); + goto cleanup; + } + + if (virBPFQueryProg(cgroupfd, 0, BPF_CGROUP_DEVICE, &progCnt, NULL) < = 0) { + VIR_DEBUG("failed to query cgroup progs"); + goto cleanup; + } + + ret =3D true; + cleanup: + VIR_FORCE_CLOSE(cgroupfd); + return ret; +} +#else /* !HAVE_DECL_BPF_CGROUP_DEVICE */ +bool +virCgroupV2DevicesAvailable(virCgroupPtr group ATTRIBUTE_UNUSED) +{ + return false; +} +#endif /* !HAVE_DECL_BPF_CGROUP_DEVICE */ diff --git a/src/util/vircgroupv2devices.h b/src/util/vircgroupv2devices.h new file mode 100644 index 0000000000..2ab35681db --- /dev/null +++ b/src/util/vircgroupv2devices.h @@ -0,0 +1,27 @@ +/* + * vircgroupv2devices.h: methods for cgroups v2 BPF devices + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library. If not, see + * . + */ + +#ifndef LIBVIRT_VIRCGROUPV2DEVICES_H +# define LIBVIRT_VIRCGROUPV2DEVICES_H + +# include "vircgroup.h" + +bool +virCgroupV2DevicesAvailable(virCgroupPtr group); + +#endif /* LIBVIRT_VIRCGROUPV2DEVICES_H */ --=20 2.20.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Sun May 5 06:27:44 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1556178281; cv=none; d=zoho.com; s=zohoarc; b=IO/O6grSDYxp4wjKCgoNMrbWgHvSKXNuxOGZCnr7eOEv21Yodcr5UPW1CSz3KyCUZGzYLZGmg9Uj937US5IL8o+QdDE1JM7D/PMX+HMtWSd6M0m91aDGGTFIx+nm/ohpHciBX5JygNf9vYs1Zdnc3uK9C8YBY3dUDFtB661NBco= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1556178281; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=Iuvdw3t3+y4GB4JIlyE2sFj7X5KhVk+XqLBhTUHXjqI=; b=EzEkGyamNsO0zZIkHxLW9Qq1/GomnpeFs5o41IbH7ZVQt+hyhdIS+5ok/lvc89quNv1up2IqbLpMeqcTDBB9VJfjry8j/rx5CsjG9O66zqlF2ZBG4vCGNS55T8rRd8GMXTkJrk8loEnUNzKKn//p0F88RsWz7TyVQm4FQX49ihc= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1556178281621490.9693005158923; Thu, 25 Apr 2019 00:44:41 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id BE7C33003B53; Thu, 25 Apr 2019 07:44:39 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 3C52A171D0; Thu, 25 Apr 2019 07:44:39 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id D03C0181AC92; Thu, 25 Apr 2019 07:44:37 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x3P7iagN007819 for ; Thu, 25 Apr 2019 03:44:36 -0400 Received: by smtp.corp.redhat.com (Postfix) id 52C99646D3; Thu, 25 Apr 2019 07:44:36 +0000 (UTC) Received: from antique-work.brq.redhat.com (unknown [10.43.2.63]) by smtp.corp.redhat.com (Postfix) with ESMTP id CEA2E648A2 for ; Thu, 25 Apr 2019 07:44:35 +0000 (UTC) From: Pavel Hrdina To: libvir-list@redhat.com Date: Thu, 25 Apr 2019 09:44:20 +0200 Message-Id: <538830fc772d0462143679b326254092257976e8.1556178064.git.phrdina@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v3 03/15] vircgroup: introduce virCgroupV2DevicesAttachProg X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.46]); Thu, 25 Apr 2019 07:44:40 +0000 (UTC) Content-Type: text/plain; charset="utf-8" This function loads the BPF prog with prepared map into kernel and attaches it into guest cgroup. It can be also used to replace existing program in the cgroup if we need to resize BPF map to store more rules for devices. The old program will be closed and removed from kernel. There are two possible ways how to create BPF program: - One way is to write simple C-like code which can by compiled into BPF object file which can be loaded into kernel using elfutils. - The second way is to define macros which looks like assembler instructions and can be used directly to create BPF program that can be directly loaded into kernel. Since the program is not too complex we can use the second option. If there is no program, all devices are allowed, if there is some program it is executed and based on the exit status the access is denied for 0 and allowed for 1. Our program will follow these rules: - first it will try to look for the specific key using major and minor to see if there is any rule for that specific device - if there is no specific rule it will try to look for any rule that matches only major of the device - if there is no match with major it will try the same but with minor of the device - as the last attempt it will try to look for rule for all devices and if there is no match it will return 0 to deny that access Signed-off-by: Pavel Hrdina Reviewed-by: J=C3=A1n Tomko --- src/libvirt_private.syms | 1 + src/util/vircgrouppriv.h | 10 ++ src/util/vircgroupv2devices.c | 276 ++++++++++++++++++++++++++++++++++ src/util/vircgroupv2devices.h | 5 + 4 files changed, 292 insertions(+) diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 9eac05009c..24a783840f 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -1653,6 +1653,7 @@ virCgroupV1Register; virCgroupV2Register; =20 # util/vircgroupv2devices.h +virCgroupV2DevicesAttachProg; virCgroupV2DevicesAvailable; =20 # util/virclosecallbacks.h diff --git a/src/util/vircgrouppriv.h b/src/util/vircgrouppriv.h index 9110c77297..7eba4ade23 100644 --- a/src/util/vircgrouppriv.h +++ b/src/util/vircgrouppriv.h @@ -41,10 +41,20 @@ struct _virCgroupV1Controller { typedef struct _virCgroupV1Controller virCgroupV1Controller; typedef virCgroupV1Controller *virCgroupV1ControllerPtr; =20 +struct _virCgroupV2Devices { + int mapfd; + int progfd; + ssize_t count; + ssize_t max; +}; +typedef struct _virCgroupV2Devices virCgroupV2Devices; +typedef virCgroupV2Devices *virCgroupV2DevicesPtr; + struct _virCgroupV2Controller { int controllers; char *mountPoint; char *placement; + virCgroupV2Devices devices; }; typedef struct _virCgroupV2Controller virCgroupV2Controller; typedef virCgroupV2Controller *virCgroupV2ControllerPtr; diff --git a/src/util/vircgroupv2devices.c b/src/util/vircgroupv2devices.c index 10080d4fff..c8686e8768 100644 --- a/src/util/vircgroupv2devices.c +++ b/src/util/vircgroupv2devices.c @@ -30,6 +30,7 @@ #define LIBVIRT_VIRCGROUPPRIV_H_ALLOW #include "vircgrouppriv.h" =20 +#include "viralloc.h" #include "virbpf.h" #include "vircgroup.h" #include "vircgroupv2devices.h" @@ -64,10 +65,285 @@ virCgroupV2DevicesAvailable(virCgroupPtr group) VIR_FORCE_CLOSE(cgroupfd); return ret; } + + +/* Steps to get assembly version of devices BPF program: + * + * Save the following program into bpfprog.c, compile it using clang: + * + * clang -O2 -Wall -target bpf -c bpfprog.c -o bpfprog.o + * + * Now you can use llvm-objdump to get the list if instructions: + * + * llvm-objdump -S -no-show-raw-insn bpfprog.o + * + * which can be converted into program using VIR_BPF_* macros. + * + * -----------------------------------------------------------------------= ----- + * #include + * #include + * + * #define SEC(NAME) __attribute__((section(NAME), used)) + * + * struct bpf_map_def { + * unsigned int type; + * unsigned int key_size; + * unsigned int value_size; + * unsigned int max_entries; + * unsigned int map_flags; + * unsigned int inner_map_idx; + * unsigned int numa_node; + * }; + * + * static void *(*bpf_map_lookup_elem)(void *map, void *key) =3D + * (void *) BPF_FUNC_map_lookup_elem; + * + * struct bpf_map_def SEC("maps") devices =3D { + * .type =3D BPF_MAP_TYPE_HASH, + * .key_size =3D sizeof(__u64), + * .value_size =3D sizeof(__u32), + * .max_entries =3D 65, + * }; + * + * SEC("cgroup/dev") int + * bpf_libvirt_cgroup_device(struct bpf_cgroup_dev_ctx *ctx) + * { + * __u64 key =3D ((__u64)ctx->major << 32) | ctx->minor; + * __u32 *val =3D 0; + * + * val =3D bpf_map_lookup_elem(&devices, &key); + * if (val && (ctx->access_type & *val) =3D=3D ctx->access_type) + * return 1; + * + * key =3D ((__u64)ctx->major << 32) | 0xffffffff; + * val =3D bpf_map_lookup_elem(&devices, &key); + * if (val && (ctx->access_type & *val) =3D=3D ctx->access_type) + * return 1; + * + * key =3D 0xffffffff00000000 | ctx->minor; + * val =3D bpf_map_lookup_elem(&devices, &key); + * if (val && (ctx->access_type & *val) =3D=3D ctx->access_type) + * return 1; + * + * key =3D 0xffffffffffffffff; + * val =3D bpf_map_lookup_elem(&devices, &key); + * if (val && (ctx->access_type & *val) =3D=3D ctx->access_type) + * return 1; + * + * return 0; + * } + * + * char _license[] SEC("license") =3D "GPL"; + * __u32 _version SEC("version") =3D LINUX_VERSION_CODE; + * -----------------------------------------------------------------------= ----- + * */ +static int +virCgroupV2DevicesLoadProg(int mapfd) +{ + struct bpf_insn prog[] =3D { + /* 0: r6 =3D r1 */ + VIR_BPF_MOV64_REG(BPF_REG_6, BPF_REG_1), + /* 1: r1 =3D *(u32 *)(r6 + 8) */ + VIR_BPF_LDX_MEM(BPF_W, BPF_REG_1, BPF_REG_6, 8), + /* 2: r2 =3D *(u32 *)(r6 + 4) */ + VIR_BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_6, 4), + /* 3: r2 <<=3D 32 */ + VIR_BPF_ALU64_IMM(BPF_LSH, BPF_REG_2, 32), + /* 4: r2 |=3D r1 */ + VIR_BPF_ALU64_REG(BPF_OR, BPF_REG_2, BPF_REG_1), + /* 5: *(u64 *)(r10 - 8) =3D r2 */ + VIR_BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_2, -8), + /* 6: r2 =3D r10 */ + VIR_BPF_MOV64_REG(BPF_REG_2, BPF_REG_10), + /* 7: r2 +=3D -8 */ + VIR_BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8), + /* 8: r1 =3D 0 ll */ + VIR_BPF_LD_MAP_FD(BPF_REG_1, mapfd), + /* 10: call 1 */ + VIR_BPF_CALL_INSN(BPF_FUNC_map_lookup_elem), + /* 11: r1 =3D r0 */ + VIR_BPF_MOV64_REG(BPF_REG_1, BPF_REG_0), + /* 12: if r1 =3D=3D 0 goto +5 */ + VIR_BPF_JMP_IMM(BPF_JEQ, BPF_REG_1, 0, 5), + /* 13: r0 =3D 1 */ + VIR_BPF_MOV64_IMM(BPF_REG_0, 1), + /* 14: r2 =3D *(u32 *)(r6 + 0) */ + VIR_BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_6, 0), + /* 15: r1 =3D *(u32 *)(r1 + 0) */ + VIR_BPF_LDX_MEM(BPF_W, BPF_REG_1, BPF_REG_1, 0), + /* 16: r1 &=3D r2 */ + VIR_BPF_ALU64_REG(BPF_AND, BPF_REG_1, BPF_REG_2), + /* 17: if r1 =3D=3D r2 goto +50 */ + VIR_BPF_JMP_REG(BPF_JEQ, BPF_REG_1, BPF_REG_2, 50), + /* LBB0_2: */ + /* 18: r1 =3D *(u32 *)(r6 + 4) */ + VIR_BPF_LDX_MEM(BPF_W, BPF_REG_1, BPF_REG_6, 4), + /* 19: r1 <<=3D 32 */ + VIR_BPF_ALU64_IMM(BPF_LSH, BPF_REG_1, 32), + /* 20: r2 =3D 4294967295 ll */ + VIR_BPF_LD_IMM64(BPF_REG_2, 0xffffffff), + /* 22: r1 |=3D r2 */ + VIR_BPF_ALU64_REG(BPF_OR, BPF_REG_1, BPF_REG_2), + /* 23: *(u64 *)(r10 - 8) =3D r1 */ + VIR_BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_1, -8), + /* 24: r2 =3D r10 */ + VIR_BPF_MOV64_REG(BPF_REG_2, BPF_REG_10), + /* 25: r2 +=3D -8 */ + VIR_BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8), + /* 26: r1 =3D 0 ll */ + VIR_BPF_LD_MAP_FD(BPF_REG_1, mapfd), + /* 28: call 1 */ + VIR_BPF_CALL_INSN(BPF_FUNC_map_lookup_elem), + /* 29: r1 =3D r0 */ + VIR_BPF_MOV64_REG(BPF_REG_1, BPF_REG_0), + /* 30: if r1 =3D=3D 0 goto +5 */ + VIR_BPF_JMP_IMM(BPF_JEQ, BPF_REG_1, 0, 5), + /* 31: r0 =3D 1 */ + VIR_BPF_MOV64_IMM(BPF_REG_0, 1), + /* 32: r2 =3D *(u32 *)(r6 + 0) */ + VIR_BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_6, 0), + /* 33: r1 =3D *(u32 *)(r1 + 0) */ + VIR_BPF_LDX_MEM(BPF_W, BPF_REG_1, BPF_REG_1, 0), + /* 34: r1 &=3D r2 */ + VIR_BPF_ALU64_REG(BPF_AND, BPF_REG_1, BPF_REG_2), + /* 35: if r1 =3D=3D r2 goto +32 */ + VIR_BPF_JMP_REG(BPF_JEQ, BPF_REG_1, BPF_REG_2, 32), + /* LBB0_4: */ + /* 36: r1 =3D *(u32 *)(r6 + 8) */ + VIR_BPF_LDX_MEM(BPF_W, BPF_REG_1, BPF_REG_6, 8), + /* 37: r2 =3D -4294967296 ll */ + VIR_BPF_LD_IMM64(BPF_REG_2, 0xffffffff00000000), + /* 39: r1 |=3D r2 */ + VIR_BPF_ALU64_REG(BPF_OR, BPF_REG_1, BPF_REG_2), + /* 40: *(u64 *)(r10 - 8) =3D r1 */ + VIR_BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_1, -8), + /* 41: r2 =3D r10 */ + VIR_BPF_MOV64_REG(BPF_REG_2, BPF_REG_10), + /* 42: r2 +=3D -8 */ + VIR_BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8), + /* 43: r1 =3D 0 ll */ + VIR_BPF_LD_MAP_FD(BPF_REG_1, mapfd), + /* 45: call 1 */ + VIR_BPF_CALL_INSN(BPF_FUNC_map_lookup_elem), + /* 46: r1 =3D r0 */ + VIR_BPF_MOV64_REG(BPF_REG_1, BPF_REG_0), + /* 47: if r1 =3D=3D 0 goto +5 */ + VIR_BPF_JMP_IMM(BPF_JEQ, BPF_REG_1, 0, 5), + /* 48: r0 =3D 1 */ + VIR_BPF_MOV64_IMM(BPF_REG_0, 1), + /* 49: r2 =3D *(u32 *)(r6 + 0) */ + VIR_BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_6, 0), + /* 50: r1 =3D *(u32 *)(r1 + 0) */ + VIR_BPF_LDX_MEM(BPF_W, BPF_REG_1, BPF_REG_1, 0), + /* 51: r1 &=3D r2 */ + VIR_BPF_ALU64_REG(BPF_AND, BPF_REG_1, BPF_REG_2), + /* 52: if r1 =3D=3D r2 goto +15 */ + VIR_BPF_JMP_REG(BPF_JEQ, BPF_REG_1, BPF_REG_2, 15), + /* LBB0_6: */ + /* 53: r1 =3D -1 */ + VIR_BPF_MOV64_IMM(BPF_REG_1, -1), + /* 54: *(u64 *)(r10 - 8) =3D r1 */ + VIR_BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_1, -8), + /* 55: r2 =3D r10 */ + VIR_BPF_MOV64_REG(BPF_REG_2, BPF_REG_10), + /* 56: r2 +=3D -8 */ + VIR_BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8), + /* 57: r1 =3D 0 ll */ + VIR_BPF_LD_MAP_FD(BPF_REG_1, mapfd), + /* 59: call 1 */ + VIR_BPF_CALL_INSN(BPF_FUNC_map_lookup_elem), + /* 60: r1 =3D r0 */ + VIR_BPF_MOV64_REG(BPF_REG_1, BPF_REG_0), + /* 61: if r1 =3D=3D 0 goto +5 */ + VIR_BPF_JMP_IMM(BPF_JEQ, BPF_REG_1, 0, 5), + /* 62: r0 =3D 1 */ + VIR_BPF_MOV64_IMM(BPF_REG_0, 1), + /* 63: r2 =3D *(u32 *)(r6 + 0) */ + VIR_BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_6, 0), + /* 64: r1 =3D *(u32 *)(r1 + 0) */ + VIR_BPF_LDX_MEM(BPF_W, BPF_REG_1, BPF_REG_1, 0), + /* 65: r1 &=3D r2 */ + VIR_BPF_ALU64_REG(BPF_AND, BPF_REG_1, BPF_REG_2), + /* 66: if r1 =3D=3D r2 goto +1 */ + VIR_BPF_JMP_REG(BPF_JEQ, BPF_REG_1, BPF_REG_2, 1), + /* LBB0_8: */ + /* 67: r0 =3D 0 */ + VIR_BPF_MOV64_IMM(BPF_REG_0, 0), + /* LBB0_9: */ + /* 68: exit */ + VIR_BPF_EXIT_INSN(), + }; + + return virBPFLoadProg(prog, BPF_PROG_TYPE_CGROUP_DEVICE, ARRAY_CARDINA= LITY(prog)); +} + + +int +virCgroupV2DevicesAttachProg(virCgroupPtr group, + int mapfd, + size_t max) +{ + int ret =3D -1; + int progfd =3D -1; + int cgroupfd =3D -1; + VIR_AUTOFREE(char *) path =3D NULL; + + if (virCgroupPathOfController(group, VIR_CGROUP_CONTROLLER_DEVICES, + NULL, &path) < 0) { + goto cleanup; + } + + progfd =3D virCgroupV2DevicesLoadProg(mapfd); + if (progfd < 0) { + virReportSystemError(errno, "%s", _("failed to load cgroup BPF pro= g")); + goto cleanup; + } + + cgroupfd =3D open(path, O_RDONLY); + if (cgroupfd < 0) { + virReportSystemError(errno, _("unable to open '%s'"), path); + goto cleanup; + } + + if (virBPFAttachProg(progfd, cgroupfd, BPF_CGROUP_DEVICE) < 0) { + virReportSystemError(errno, "%s", _("failed to attach cgroup BPF p= rog")); + goto cleanup; + } + + if (group->unified.devices.progfd > 0) { + VIR_DEBUG("Closing existing program that was replaced by new one."= ); + VIR_FORCE_CLOSE(group->unified.devices.progfd); + } + + group->unified.devices.progfd =3D progfd; + group->unified.devices.mapfd =3D mapfd; + group->unified.devices.max =3D max; + progfd =3D -1; + mapfd =3D -1; + + ret =3D 0; + cleanup: + VIR_FORCE_CLOSE(cgroupfd); + VIR_FORCE_CLOSE(progfd); + VIR_FORCE_CLOSE(mapfd); + return ret; +} #else /* !HAVE_DECL_BPF_CGROUP_DEVICE */ bool virCgroupV2DevicesAvailable(virCgroupPtr group ATTRIBUTE_UNUSED) { return false; } + + +int +virCgroupV2DevicesAttachProg(virCgroupPtr group ATTRIBUTE_UNUSED, + int mapfd ATTRIBUTE_UNUSED, + size_t max ATTRIBUTE_UNUSED) +{ + virReportSystemError(ENOSYS, "%s", + _("cgroups v2 BPF devices not supported " + "with this kernel")); + return -1; +} #endif /* !HAVE_DECL_BPF_CGROUP_DEVICE */ diff --git a/src/util/vircgroupv2devices.h b/src/util/vircgroupv2devices.h index 2ab35681db..1ba87acb00 100644 --- a/src/util/vircgroupv2devices.h +++ b/src/util/vircgroupv2devices.h @@ -24,4 +24,9 @@ bool virCgroupV2DevicesAvailable(virCgroupPtr group); =20 +int +virCgroupV2DevicesAttachProg(virCgroupPtr group, + int mapfd, + size_t max); + #endif /* LIBVIRT_VIRCGROUPV2DEVICES_H */ --=20 2.20.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Sun May 5 06:27:44 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1556178296; cv=none; d=zoho.com; s=zohoarc; b=e8J1W8bUPJLB5LF38YyJOiW4P9Jk+JFFEKLxZIBDnyoM00DdB1bZdtszEz4IzYGnMKQpiA9duIP0pwm3ah0BstNxJFrMBb/+02hBACbAhFkQrHMP/V74h1PcSh0dcX8ZKSclajH9b/QW4Al0MwOmdD9ZIJYcQaCexkEwIfU7Dl0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1556178296; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=kvPeyEBSXuOCFC5UbNA/0OHQZPDfWLuOwDHbiPI3svc=; b=kd8nOhj1mcaBQqbjQ6c98BiEdy5H4Z4gVO4RLle2YG2Du/Q3/kqzrkARW59RqJB8DwgMwy3shL0jh6lhsit3QC7prXWl5C8wvsJFQzAsEbKLjm24pzRw9ZXqvqfpP7G+1C3g4Qjlo6dEZQfOrkAodw2aFdDHgshZnd2TF+hPPP8= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1556178296091274.4356676798691; Thu, 25 Apr 2019 00:44:56 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id A3A8E7D0F1; Thu, 25 Apr 2019 07:44:54 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 7E5275F9AC; Thu, 25 Apr 2019 07:44:54 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 401F965D18; Thu, 25 Apr 2019 07:44:54 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x3P7ibxl007829 for ; Thu, 25 Apr 2019 03:44:37 -0400 Received: by smtp.corp.redhat.com (Postfix) id 21CA01825B; Thu, 25 Apr 2019 07:44:37 +0000 (UTC) Received: from antique-work.brq.redhat.com (unknown [10.43.2.63]) by smtp.corp.redhat.com (Postfix) with ESMTP id 9EEB52CFA7 for ; Thu, 25 Apr 2019 07:44:36 +0000 (UTC) From: Pavel Hrdina To: libvir-list@redhat.com Date: Thu, 25 Apr 2019 09:44:21 +0200 Message-Id: <291f9706a09cb4661b94ed4dc3bdbcbbc9acad51.1556178064.git.phrdina@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v3 04/15] vircgroup: introduce virCgroupV2DevicesDetectProg X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.26]); Thu, 25 Apr 2019 07:44:55 +0000 (UTC) Content-Type: text/plain; charset="utf-8" This function will be called if libvirtd was restarted while some domains were running. It will try to detect existing programs attached to the guest cgroup. Signed-off-by: Pavel Hrdina Reviewed-by: J=C3=A1n Tomko --- src/libvirt_private.syms | 1 + src/util/vircgroupv2devices.c | 117 ++++++++++++++++++++++++++++++++++ src/util/vircgroupv2devices.h | 3 + 3 files changed, 121 insertions(+) diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 24a783840f..4753507c0a 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -1655,6 +1655,7 @@ virCgroupV2Register; # util/vircgroupv2devices.h virCgroupV2DevicesAttachProg; virCgroupV2DevicesAvailable; +virCgroupV2DevicesDetectProg; =20 # util/virclosecallbacks.h virCloseCallbacksGet; diff --git a/src/util/vircgroupv2devices.c b/src/util/vircgroupv2devices.c index c8686e8768..e936f0aa0e 100644 --- a/src/util/vircgroupv2devices.c +++ b/src/util/vircgroupv2devices.c @@ -328,6 +328,113 @@ virCgroupV2DevicesAttachProg(virCgroupPtr group, VIR_FORCE_CLOSE(mapfd); return ret; } + + +static int +virCgroupV2DevicesCountMapEntries(int mapfd) +{ + int ret =3D 0; + int rc; + uint64_t key =3D 0; + uint64_t prevKey =3D 0; + + while ((rc =3D virBPFGetNextElem(mapfd, &prevKey, &key)) =3D=3D 0) { + ret++; + prevKey =3D key; + } + + if (rc < 0) + return -1; + + return ret; +} + + +# define MAX_PROG_IDS 10 + +int +virCgroupV2DevicesDetectProg(virCgroupPtr group) +{ + int ret =3D -1; + int cgroupfd =3D -1; + unsigned int progcnt =3D 0; + unsigned int progids[MAX_PROG_IDS] =3D { 0 }; + VIR_AUTOFREE(char *) path =3D NULL; + + if (group->unified.devices.progfd > 0 && group->unified.devices.mapfd = > 0) + return 0; + + if (virCgroupPathOfController(group, VIR_CGROUP_CONTROLLER_DEVICES, + NULL, &path) < 0) { + return -1; + } + + cgroupfd =3D open(path, O_RDONLY); + if (cgroupfd < 0) { + virReportSystemError(errno, _("unable to open '%s'"), path); + goto cleanup; + } + + if (virBPFQueryProg(cgroupfd, MAX_PROG_IDS, BPF_CGROUP_DEVICE, + &progcnt, progids) < 0) { + virReportSystemError(errno, "%s", _("unable to query cgroup BPF pr= ogs")); + goto cleanup; + } + + if (progcnt > 0) { + /* No need to have alternate code, this function will not be called + * if compiled with old kernel. */ + int progfd =3D virBPFGetProg(progids[0]); + int mapfd =3D -1; + int nitems =3D -1; + struct bpf_prog_info progInfo =3D { 0 }; + struct bpf_map_info mapInfo =3D { 0 }; + VIR_AUTOFREE(unsigned int *) mapIDs =3D NULL; + + if (progfd < 0) { + virReportSystemError(errno, "%s", _("failed to get cgroup BPF = prog FD")); + goto cleanup; + } + + if (virBPFGetProgInfo(progfd, &progInfo, &mapIDs) < 0) { + virReportSystemError(errno, "%s", _("failed to get cgroup BPF = prog info")); + goto cleanup; + } + + if (progInfo.nr_map_ids =3D=3D 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("no map for cgroup BPF prog")); + goto cleanup; + } + + mapfd =3D virBPFGetMap(mapIDs[0]); + if (mapfd < 0) { + virReportSystemError(errno, "%s", _("failed to get cgroup BPF = map FD")); + goto cleanup; + } + + if (virBPFGetMapInfo(mapfd, &mapInfo) < 0) { + virReportSystemError(errno, "%s", _("failed to get cgroup BPF = map info")); + goto cleanup; + } + + nitems =3D virCgroupV2DevicesCountMapEntries(mapfd); + if (nitems < 0) { + virReportSystemError(errno, "%s", _("failed to count cgroup BP= F map items")); + goto cleanup; + } + + group->unified.devices.progfd =3D progfd; + group->unified.devices.mapfd =3D mapfd; + group->unified.devices.max =3D mapInfo.max_entries; + group->unified.devices.count =3D nitems; + } + + ret =3D 0; + cleanup: + VIR_FORCE_CLOSE(cgroupfd); + return ret; +} #else /* !HAVE_DECL_BPF_CGROUP_DEVICE */ bool virCgroupV2DevicesAvailable(virCgroupPtr group ATTRIBUTE_UNUSED) @@ -346,4 +453,14 @@ virCgroupV2DevicesAttachProg(virCgroupPtr group ATTRIB= UTE_UNUSED, "with this kernel")); return -1; } + + +int +virCgroupV2DevicesDetectProg(virCgroupPtr group ATTRIBUTE_UNUSED) +{ + virReportSystemError(ENOSYS, "%s", + _("cgroups v2 BPF devices not supported " + "with this kernel")); + return -1; +} #endif /* !HAVE_DECL_BPF_CGROUP_DEVICE */ diff --git a/src/util/vircgroupv2devices.h b/src/util/vircgroupv2devices.h index 1ba87acb00..a8e50dcca5 100644 --- a/src/util/vircgroupv2devices.h +++ b/src/util/vircgroupv2devices.h @@ -29,4 +29,7 @@ virCgroupV2DevicesAttachProg(virCgroupPtr group, int mapfd, size_t max); =20 +int +virCgroupV2DevicesDetectProg(virCgroupPtr group); + #endif /* LIBVIRT_VIRCGROUPV2DEVICES_H */ --=20 2.20.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Sun May 5 06:27:44 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1556178299; cv=none; d=zoho.com; s=zohoarc; b=kcikWjbm4ew2n61sCV9pi7zdE0Abc4KFbulKHr9rwy6j+FFkG2Eb+fGA2sNJQcGf78jEvoxvocqBZ+RIklYpceRH0MwehNafhJXN66qYZiDbrIfyIoRujNFqifxUBtGqfxY4MN4byibPkj968uS6Acj8UrI7wnbiFLXIt9o/80I= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1556178299; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=OuAdF3YhC6j4QuoaAlpX9JIEVs9NS34TYZ2xg+qBSVE=; b=Dqc6jVwmmlqcemnGIfwesG8f2ERyI+seivte5bGbeyiQmihSMe27/RFaqTRcyN3rAp5UYZ3sJBDnJ4aP2wZKgJiMCpomQNfiY53exurTY9cLmLc6R0NzrzaR1+J0KjRpWh+rMnzZk56MddpcnCHjvkAqnVNavq+rLHBHiOg2RJY= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1556178299762554.8514019706843; Thu, 25 Apr 2019 00:44:59 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 3081930A3143; Thu, 25 Apr 2019 07:44:58 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id F082D5D721; Thu, 25 Apr 2019 07:44:57 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id B3EAC181B9E2; Thu, 25 Apr 2019 07:44:57 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x3P7ibSO007836 for ; Thu, 25 Apr 2019 03:44:37 -0400 Received: by smtp.corp.redhat.com (Postfix) id E6C3D648A2; Thu, 25 Apr 2019 07:44:37 +0000 (UTC) Received: from antique-work.brq.redhat.com (unknown [10.43.2.63]) by smtp.corp.redhat.com (Postfix) with ESMTP id 6EE734384 for ; Thu, 25 Apr 2019 07:44:37 +0000 (UTC) From: Pavel Hrdina To: libvir-list@redhat.com Date: Thu, 25 Apr 2019 09:44:22 +0200 Message-Id: In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v3 05/15] vircgroup: introduce virCgroupV2DevicesCreateProg X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.43]); Thu, 25 Apr 2019 07:44:58 +0000 (UTC) Content-Type: text/plain; charset="utf-8" This function creates new BPF program with new empty BPF map with the default size and attaches it to the guest cgroup. Signed-off-by: Pavel Hrdina Reviewed-by: J=C3=A1n Tomko --- src/libvirt_private.syms | 1 + src/util/vircgroupv2devices.c | 53 +++++++++++++++++++++++++++++++++++ src/util/vircgroupv2devices.h | 3 ++ 3 files changed, 57 insertions(+) diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 4753507c0a..f49f401d2b 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -1655,6 +1655,7 @@ virCgroupV2Register; # util/vircgroupv2devices.h virCgroupV2DevicesAttachProg; virCgroupV2DevicesAvailable; +virCgroupV2DevicesCreateProg; virCgroupV2DevicesDetectProg; =20 # util/virclosecallbacks.h diff --git a/src/util/vircgroupv2devices.c b/src/util/vircgroupv2devices.c index e936f0aa0e..d8934e8add 100644 --- a/src/util/vircgroupv2devices.c +++ b/src/util/vircgroupv2devices.c @@ -435,6 +435,49 @@ virCgroupV2DevicesDetectProg(virCgroupPtr group) VIR_FORCE_CLOSE(cgroupfd); return ret; } + + +# define VIR_CGROUP_V2_INITIAL_BPF_MAP_SIZE 64 + +static int +virCgroupV2DevicesCreateMap(size_t size) +{ + int mapfd =3D virBPFCreateMap(BPF_MAP_TYPE_HASH, sizeof(uint64_t), + sizeof(uint32_t), size); + + if (mapfd < 0) { + virReportSystemError(errno, "%s", + _("failed to initialize device BPF map")); + return -1; + } + + return mapfd; +} + + +int +virCgroupV2DevicesCreateProg(virCgroupPtr group) +{ + int mapfd; + + if (group->unified.devices.progfd > 0 && group->unified.devices.mapfd = > 0) + return 0; + + mapfd =3D virCgroupV2DevicesCreateMap(VIR_CGROUP_V2_INITIAL_BPF_MAP_SI= ZE); + if (mapfd < 0) + return -1; + + if (virCgroupV2DevicesAttachProg(group, mapfd, + VIR_CGROUP_V2_INITIAL_BPF_MAP_SIZE) <= 0) { + goto error; + } + + return 0; + + error: + VIR_FORCE_CLOSE(mapfd); + return -1; +} #else /* !HAVE_DECL_BPF_CGROUP_DEVICE */ bool virCgroupV2DevicesAvailable(virCgroupPtr group ATTRIBUTE_UNUSED) @@ -463,4 +506,14 @@ virCgroupV2DevicesDetectProg(virCgroupPtr group ATTRIB= UTE_UNUSED) "with this kernel")); return -1; } + + +int +virCgroupV2DevicesCreateProg(virCgroupPtr group ATTRIBUTE_UNUSED) +{ + virReportSystemError(ENOSYS, "%s", + _("cgroups v2 BPF devices not supported " + "with this kernel")); + return -1; +} #endif /* !HAVE_DECL_BPF_CGROUP_DEVICE */ diff --git a/src/util/vircgroupv2devices.h b/src/util/vircgroupv2devices.h index a8e50dcca5..bcbd761537 100644 --- a/src/util/vircgroupv2devices.h +++ b/src/util/vircgroupv2devices.h @@ -32,4 +32,7 @@ virCgroupV2DevicesAttachProg(virCgroupPtr group, int virCgroupV2DevicesDetectProg(virCgroupPtr group); =20 +int +virCgroupV2DevicesCreateProg(virCgroupPtr group); + #endif /* LIBVIRT_VIRCGROUPV2DEVICES_H */ --=20 2.20.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Sun May 5 06:27:44 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1556178299; cv=none; d=zoho.com; s=zohoarc; b=Z6Rfeguhw7KjbcU9UniWHCK002alV1ZTD5rRTZGDw6NLGj+BGpPgysUSSGA9KB8R7HGTBND+0khyXG3soA+81DINO5FrnBBGFp5ovfXMCVFoUQEhTGnCQ7D3zsxyVH4+5y0ZXiB/+sq/nns/cy4k3P77GRd1vmS+fMvk9ZiQZtw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1556178299; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=ru1sU2DkRImQUhDKr0NkdSI/CPBZlGyhWUetb9RCUvw=; b=Ppg6X1AG9W6ijbRkMg9arNyI6jHaFlrJDzXO0aV98sS0NuKRh+8vpNS4pNWD9lBUh8QGUCV6MjmodWPeXJP+G9NvnY8Zqm163ywo8oRU6tyb0ag9o8xMKuJofyMo0FmsAlM92PG6JDLZF5e/MrRYMNzJZt8b8b3Xusg+QSnVbJ0= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1556178299841557.3921759762305; Thu, 25 Apr 2019 00:44:59 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 418BBC7CB2; Thu, 25 Apr 2019 07:44:58 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 19BDD194A0; Thu, 25 Apr 2019 07:44:58 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id C7CFF181B9E0; Thu, 25 Apr 2019 07:44:57 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x3P7icID007845 for ; Thu, 25 Apr 2019 03:44:38 -0400 Received: by smtp.corp.redhat.com (Postfix) id B7B704384; Thu, 25 Apr 2019 07:44:38 +0000 (UTC) Received: from antique-work.brq.redhat.com (unknown [10.43.2.63]) by smtp.corp.redhat.com (Postfix) with ESMTP id 40050648A2 for ; Thu, 25 Apr 2019 07:44:38 +0000 (UTC) From: Pavel Hrdina To: libvir-list@redhat.com Date: Thu, 25 Apr 2019 09:44:23 +0200 Message-Id: <7d6522cd779e2dee31640392e5e9249a53dd7b37.1556178064.git.phrdina@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v3 06/15] vircgroup: introduce virCgroupV2DevicesPrepareProg X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]); Thu, 25 Apr 2019 07:44:58 +0000 (UTC) Content-Type: text/plain; charset="utf-8" This function will be called for every virCgroup(Allow|Deny)* API in order to prepare BPF program for guest. Since libvirtd can be restarted at any point we will first try to detect existing progam, if there is none we will create a new empty BPF program and lastly if we don't have any space left in the existing BPF map we will create a new copy of the BPF map with more space and attach a new program with that map into the guest cgroup. This solution allows us to start with reasonably small BPF map consuming only small amount of memory and if needed we can easily extend the BPF map if there is a lot of host devices used in guest or if user wants to hot-plug a lot of devices once the guest is running. Since there is no way how to reallocate existing BPF map we need to create a new copy if we run out of space in current BPF map. This overcomes all the limitations in BPF: - map used in program has to be created before the program is loaded into kernel - once map is created you cannot change its size - you cannot replace map in existing program - you cannot use an array of maps because it can store FD to maps of one specific size so we would not be able to use it to overcome the second issue Signed-off-by: Pavel Hrdina Reviewed-by: J=C3=A1n Tomko --- src/libvirt_private.syms | 1 + src/util/vircgroupv2devices.c | 83 +++++++++++++++++++++++++++++++++++ src/util/vircgroupv2devices.h | 3 ++ 3 files changed, 87 insertions(+) diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index f49f401d2b..9ab07de06d 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -1657,6 +1657,7 @@ virCgroupV2DevicesAttachProg; virCgroupV2DevicesAvailable; virCgroupV2DevicesCreateProg; virCgroupV2DevicesDetectProg; +virCgroupV2DevicesPrepareProg; =20 # util/virclosecallbacks.h virCloseCallbacksGet; diff --git a/src/util/vircgroupv2devices.c b/src/util/vircgroupv2devices.c index d8934e8add..e8c6f74091 100644 --- a/src/util/vircgroupv2devices.c +++ b/src/util/vircgroupv2devices.c @@ -455,6 +455,52 @@ virCgroupV2DevicesCreateMap(size_t size) } =20 =20 +static int +virCgroupV2DevicesReallocMap(int mapfd, + size_t size) +{ + uint64_t key =3D 0; + uint64_t prevKey =3D 0; + int rc; + int newmapfd =3D virCgroupV2DevicesCreateMap(size); + + VIR_DEBUG("realloc devices map mapfd:%d, size:%lu", mapfd, size); + + if (newmapfd < 0) + return -1; + + while ((rc =3D virBPFGetNextElem(mapfd, &prevKey, &key)) =3D=3D 0) { + uint32_t val =3D 0; + + if (virBPFLookupElem(mapfd, &key, &val) < 0) { + virReportSystemError(errno, "%s", + _("failed to lookup device in old map")); + goto error; + } + + if (virBPFUpdateElem(newmapfd, &key, &val) < 0) { + virReportSystemError(errno, "%s", + _("failed to add device into new map")); + goto error; + } + + prevKey =3D key; + } + + if (rc < 0 && errno !=3D ENOENT) { + virReportSystemError(errno, "%s", + _("failed to copy all device rules")); + goto error; + } + + return newmapfd; + + error: + VIR_FORCE_CLOSE(newmapfd); + return -1; +} + + int virCgroupV2DevicesCreateProg(virCgroupPtr group) { @@ -478,6 +524,33 @@ virCgroupV2DevicesCreateProg(virCgroupPtr group) VIR_FORCE_CLOSE(mapfd); return -1; } + + +int +virCgroupV2DevicesPrepareProg(virCgroupPtr group) +{ + if (virCgroupV2DevicesDetectProg(group) < 0) + return -1; + + if (virCgroupV2DevicesCreateProg(group) < 0) + return -1; + + if (group->unified.devices.count >=3D group->unified.devices.max) { + size_t max =3D group->unified.devices.max * 2; + int newmapfd =3D virCgroupV2DevicesReallocMap(group->unified.devic= es.mapfd, + max); + + if (newmapfd < 0) + return -1; + + if (virCgroupV2DevicesAttachProg(group, newmapfd, max) < 0) { + VIR_FORCE_CLOSE(newmapfd); + return -1; + } + } + + return 0; +} #else /* !HAVE_DECL_BPF_CGROUP_DEVICE */ bool virCgroupV2DevicesAvailable(virCgroupPtr group ATTRIBUTE_UNUSED) @@ -516,4 +589,14 @@ virCgroupV2DevicesCreateProg(virCgroupPtr group ATTRIB= UTE_UNUSED) "with this kernel")); return -1; } + + +int +virCgroupV2DevicesPrepareProg(virCgroupPtr group ATTRIBUTE_UNUSED) +{ + virReportSystemError(ENOSYS, "%s", + _("cgroups v2 BPF devices not supported " + "with this kernel")); + return -1; +} #endif /* !HAVE_DECL_BPF_CGROUP_DEVICE */ diff --git a/src/util/vircgroupv2devices.h b/src/util/vircgroupv2devices.h index bcbd761537..10c80c8ae4 100644 --- a/src/util/vircgroupv2devices.h +++ b/src/util/vircgroupv2devices.h @@ -35,4 +35,7 @@ virCgroupV2DevicesDetectProg(virCgroupPtr group); int virCgroupV2DevicesCreateProg(virCgroupPtr group); =20 +int +virCgroupV2DevicesPrepareProg(virCgroupPtr group); + #endif /* LIBVIRT_VIRCGROUPV2DEVICES_H */ --=20 2.20.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Sun May 5 06:27:44 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1556178303; cv=none; d=zoho.com; s=zohoarc; b=mD640FShbZ+e3wl04hU10D+y6hCk6ICRZkcH0elScMsTrZXQ4AE8nxUrvdeav7+ncEv98uY9BcbIAuTHYDbwy7RNWx6lxMKufd9jQz6Be1PswhmrodrNJOnLPckhDw+NOCuWJBmyFVBigpryQZlceaT9k7eXn5JtDIZKKS2hn8k= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1556178303; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=UxK0nUCEmPcv8wNDKiYFvY6s9Jvd3Z5dUwbHG90hkCM=; b=Xm8DmqaxkqV9M/uC6AawI0yP24PQykHIPudJDmkIFzqs711hiNPAQ0J7geJF2BI8au0sm9Rhx3y7vJ1UMnCjp0f2ieJc9hGfHgMga3su4G4uy1lBx+4l1Wjl1N2DyBhmaQfLoggxbkBPu5z+PeiEbIJBhDp9bBm/R6ZU9Upi5rM= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1556178303487750.9333831718321; Thu, 25 Apr 2019 00:45:03 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 9D4E97FD6C; Thu, 25 Apr 2019 07:45:01 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 69DAC1001E81; Thu, 25 Apr 2019 07:45:01 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 21999181B9E6; Thu, 25 Apr 2019 07:45:01 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x3P7id4A007855 for ; Thu, 25 Apr 2019 03:44:39 -0400 Received: by smtp.corp.redhat.com (Postfix) id 880E21825B; Thu, 25 Apr 2019 07:44:39 +0000 (UTC) Received: from antique-work.brq.redhat.com (unknown [10.43.2.63]) by smtp.corp.redhat.com (Postfix) with ESMTP id 1171D4384 for ; Thu, 25 Apr 2019 07:44:38 +0000 (UTC) From: Pavel Hrdina To: libvir-list@redhat.com Date: Thu, 25 Apr 2019 09:44:24 +0200 Message-Id: <5ad9f8dbe8ffe22ccbc0a0c64fc7ce4256756d9f.1556178064.git.phrdina@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v3 07/15] vircgroup: introduce virCgroupV2DevicesRemoveProg X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.27]); Thu, 25 Apr 2019 07:45:02 +0000 (UTC) Content-Type: text/plain; charset="utf-8" We need to close our FD that we have for BPF program and map in order to let kernel remove all resources once the cgroup is removed as well. Signed-off-by: Pavel Hrdina Reviewed-by: J=C3=A1n Tomko --- src/libvirt_private.syms | 1 + src/util/vircgroupv2.c | 3 +++ src/util/vircgroupv2devices.c | 26 ++++++++++++++++++++++++++ src/util/vircgroupv2devices.h | 3 +++ 4 files changed, 33 insertions(+) diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 9ab07de06d..f42bdad9ef 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -1658,6 +1658,7 @@ virCgroupV2DevicesAvailable; virCgroupV2DevicesCreateProg; virCgroupV2DevicesDetectProg; virCgroupV2DevicesPrepareProg; +virCgroupV2DevicesRemoveProg; =20 # util/virclosecallbacks.h virCloseCallbacksGet; diff --git a/src/util/vircgroupv2.c b/src/util/vircgroupv2.c index dc7573e05c..ce19169fe7 100644 --- a/src/util/vircgroupv2.c +++ b/src/util/vircgroupv2.c @@ -448,6 +448,9 @@ virCgroupV2Remove(virCgroupPtr group) if (virCgroupV2PathOfController(group, controller, "", &grppath) < 0) return 0; =20 + if (virCgroupV2DevicesRemoveProg(group) < 0) + return -1; + return virCgroupRemoveRecursively(grppath); } =20 diff --git a/src/util/vircgroupv2devices.c b/src/util/vircgroupv2devices.c index e8c6f74091..70e29b8470 100644 --- a/src/util/vircgroupv2devices.c +++ b/src/util/vircgroupv2devices.c @@ -551,6 +551,25 @@ virCgroupV2DevicesPrepareProg(virCgroupPtr group) =20 return 0; } + + +int +virCgroupV2DevicesRemoveProg(virCgroupPtr group) +{ + if (virCgroupV2DevicesDetectProg(group) < 0) + return -1; + + if (group->unified.devices.progfd <=3D 0 && group->unified.devices.map= fd <=3D 0) + return 0; + + if (group->unified.devices.mapfd >=3D 0) + VIR_FORCE_CLOSE(group->unified.devices.mapfd); + + if (group->unified.devices.progfd >=3D 0) + VIR_FORCE_CLOSE(group->unified.devices.progfd); + + return 0; +} #else /* !HAVE_DECL_BPF_CGROUP_DEVICE */ bool virCgroupV2DevicesAvailable(virCgroupPtr group ATTRIBUTE_UNUSED) @@ -599,4 +618,11 @@ virCgroupV2DevicesPrepareProg(virCgroupPtr group ATTRI= BUTE_UNUSED) "with this kernel")); return -1; } + + +int +virCgroupV2DevicesRemoveProg(virCgroupPtr group ATTRIBUTE_UNUSED) +{ + return 0; +} #endif /* !HAVE_DECL_BPF_CGROUP_DEVICE */ diff --git a/src/util/vircgroupv2devices.h b/src/util/vircgroupv2devices.h index 10c80c8ae4..ae02f9c334 100644 --- a/src/util/vircgroupv2devices.h +++ b/src/util/vircgroupv2devices.h @@ -38,4 +38,7 @@ virCgroupV2DevicesCreateProg(virCgroupPtr group); int virCgroupV2DevicesPrepareProg(virCgroupPtr group); =20 +int +virCgroupV2DevicesRemoveProg(virCgroupPtr group); + #endif /* LIBVIRT_VIRCGROUPV2DEVICES_H */ --=20 2.20.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Sun May 5 06:27:44 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1556178309; cv=none; d=zoho.com; s=zohoarc; b=H+J8WBuVo6Dan16b24gixR5018XCmxItvj04lJwG5sgCoVj6qp+98qlhm5CRSTm1UEJlGRuoeCkTnVRJbRATXyj5Cj26YtNoQd1vNEzIUZhL5sZEfk5T/BlJJWK+nIVtNFxbaYeyj27zI93sm6q4FcESLx2FAc1ELK6bk2OFoAM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1556178309; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=JUBLqvNyQWZGYteG34uwsBswoGWRVt17ORtzBC2T/+s=; b=hpizwhGMTfqJggoym8oCNtb8U2s5obAeXoW6U5DiasknBNY9aGqN3NUe7qR5iz6/vJ6mt00655xM9SPzqcNtBwMn4J6J281hRdLUpK6gilNmJQuyt0nwCRfY7m9BnhDhV1GLDONPseNTazIB6hScYPUwuAId0/3kyulN9p9Y9ug= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1556178309345141.29397718644566; Thu, 25 Apr 2019 00:45:09 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 1636C59466; Thu, 25 Apr 2019 07:45:08 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id CF79760C9F; Thu, 25 Apr 2019 07:45:07 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 6F22B65D17; Thu, 25 Apr 2019 07:45:07 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x3P7ieHe007867 for ; Thu, 25 Apr 2019 03:44:40 -0400 Received: by smtp.corp.redhat.com (Postfix) id 57E061825B; Thu, 25 Apr 2019 07:44:40 +0000 (UTC) Received: from antique-work.brq.redhat.com (unknown [10.43.2.63]) by smtp.corp.redhat.com (Postfix) with ESMTP id D544B4384 for ; Thu, 25 Apr 2019 07:44:39 +0000 (UTC) From: Pavel Hrdina To: libvir-list@redhat.com Date: Thu, 25 Apr 2019 09:44:25 +0200 Message-Id: <7fa715eed1d14e830960c38b08703c2ca0f7b3fa.1556178064.git.phrdina@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v3 08/15] vircgroup: introduce virCgroupV2DeviceGetPerms X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]); Thu, 25 Apr 2019 07:45:08 +0000 (UTC) Content-Type: text/plain; charset="utf-8" Signed-off-by: Pavel Hrdina Reviewed-by: J=C3=A1n Tomko --- src/libvirt_private.syms | 1 + src/util/vircgroupv2devices.c | 34 ++++++++++++++++++++++++++++++++++ src/util/vircgroupv2devices.h | 6 ++++++ 3 files changed, 41 insertions(+) diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index f42bdad9ef..469a1cdbe0 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -1657,6 +1657,7 @@ virCgroupV2DevicesAttachProg; virCgroupV2DevicesAvailable; virCgroupV2DevicesCreateProg; virCgroupV2DevicesDetectProg; +virCgroupV2DevicesGetPerms; virCgroupV2DevicesPrepareProg; virCgroupV2DevicesRemoveProg; =20 diff --git a/src/util/vircgroupv2devices.c b/src/util/vircgroupv2devices.c index 70e29b8470..0455ff6b24 100644 --- a/src/util/vircgroupv2devices.c +++ b/src/util/vircgroupv2devices.c @@ -570,6 +570,32 @@ virCgroupV2DevicesRemoveProg(virCgroupPtr group) =20 return 0; } + + +uint32_t +virCgroupV2DevicesGetPerms(int perms, + char type) +{ + uint32_t ret =3D 0; + + if (perms & VIR_CGROUP_DEVICE_MKNOD) + ret |=3D BPF_DEVCG_ACC_MKNOD << 16; + + if (perms & VIR_CGROUP_DEVICE_READ) + ret |=3D BPF_DEVCG_ACC_READ << 16; + + if (perms & VIR_CGROUP_DEVICE_WRITE) + ret |=3D BPF_DEVCG_ACC_WRITE << 16; + + if (type =3D=3D 'b') + ret |=3D BPF_DEVCG_DEV_BLOCK; + else if (type =3D=3D 'c') + ret |=3D BPF_DEVCG_DEV_CHAR; + else + ret |=3D BPF_DEVCG_DEV_BLOCK | BPF_DEVCG_DEV_CHAR; + + return ret; +} #else /* !HAVE_DECL_BPF_CGROUP_DEVICE */ bool virCgroupV2DevicesAvailable(virCgroupPtr group ATTRIBUTE_UNUSED) @@ -625,4 +651,12 @@ virCgroupV2DevicesRemoveProg(virCgroupPtr group ATTRIB= UTE_UNUSED) { return 0; } + + +uint32_t +virCgroupV2DevicesGetPerms(int perms ATTRIBUTE_UNUSED, + char type ATTRIBUTE_UNUSED) +{ + return 0; +} #endif /* !HAVE_DECL_BPF_CGROUP_DEVICE */ diff --git a/src/util/vircgroupv2devices.h b/src/util/vircgroupv2devices.h index ae02f9c334..cbfd9ae119 100644 --- a/src/util/vircgroupv2devices.h +++ b/src/util/vircgroupv2devices.h @@ -19,6 +19,8 @@ #ifndef LIBVIRT_VIRCGROUPV2DEVICES_H # define LIBVIRT_VIRCGROUPV2DEVICES_H =20 +# include + # include "vircgroup.h" =20 bool @@ -41,4 +43,8 @@ virCgroupV2DevicesPrepareProg(virCgroupPtr group); int virCgroupV2DevicesRemoveProg(virCgroupPtr group); =20 +uint32_t +virCgroupV2DevicesGetPerms(int perms, + char type); + #endif /* LIBVIRT_VIRCGROUPV2DEVICES_H */ --=20 2.20.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Sun May 5 06:27:44 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1556178300; cv=none; d=zoho.com; s=zohoarc; b=nVbRXR2O6xKXHseDzcD6xJro5AfsuwHcM2fGDOXEknxhyf387mf+Kj5q3WBv6OkF3c6DFL+r56PbvoU3IaiA+WyOOHjwaxU5FnMDVm+GroHr77NOoP+Z/n6mlKAO4mbO9H7wq1yKSyFHRoSHhiypRZkxZ+OaZWzaeYwg1zEdGII= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1556178300; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=YvGIf1xS5knD9Cvx9dNjnv1frLNvQ9UEE+QWHine7Ek=; b=TkbgTjLWNQKstOGmG9lh7F5UBT5SKh4YW1LbYY2RvXl7hstWIzq08eAONovDMxUl2ihTTzA/YOWELjatm9LR1zJBQM12K9AqzwzqjlLyxDAq4iwXIgNnPA3G6jVdVvymnnweF41fafRz+FjzxglHClWGRjytW7w5LeiqWdVECoc= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1556178300438790.7937098255809; Thu, 25 Apr 2019 00:45:00 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 56D73AC2F1; Thu, 25 Apr 2019 07:44:59 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 351174A8; Thu, 25 Apr 2019 07:44:59 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id F0FA765D15; Thu, 25 Apr 2019 07:44:58 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x3P7ifk5007889 for ; Thu, 25 Apr 2019 03:44:41 -0400 Received: by smtp.corp.redhat.com (Postfix) id 28706648A2; Thu, 25 Apr 2019 07:44:41 +0000 (UTC) Received: from antique-work.brq.redhat.com (unknown [10.43.2.63]) by smtp.corp.redhat.com (Postfix) with ESMTP id A5012648AD for ; Thu, 25 Apr 2019 07:44:40 +0000 (UTC) From: Pavel Hrdina To: libvir-list@redhat.com Date: Thu, 25 Apr 2019 09:44:26 +0200 Message-Id: <21643e7b386b69568ddc8485bab9fe58d89e04e3.1556178064.git.phrdina@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v3 09/15] vircgroup: introduce virCgroupV2DevicesGetKey X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.38]); Thu, 25 Apr 2019 07:44:59 +0000 (UTC) Content-Type: text/plain; charset="utf-8" Device rules are stored in BPF map that is a hash type, this function will create a key based on major and minor id of device. Signed-off-by: Pavel Hrdina Reviewed-by: J=C3=A1n Tomko --- src/libvirt_private.syms | 1 + src/util/vircgroupv2devices.c | 8 ++++++++ src/util/vircgroupv2devices.h | 4 ++++ 3 files changed, 13 insertions(+) diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 469a1cdbe0..18cb3715a2 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -1657,6 +1657,7 @@ virCgroupV2DevicesAttachProg; virCgroupV2DevicesAvailable; virCgroupV2DevicesCreateProg; virCgroupV2DevicesDetectProg; +virCgroupV2DevicesGetKey; virCgroupV2DevicesGetPerms; virCgroupV2DevicesPrepareProg; virCgroupV2DevicesRemoveProg; diff --git a/src/util/vircgroupv2devices.c b/src/util/vircgroupv2devices.c index 0455ff6b24..9b154ccb5d 100644 --- a/src/util/vircgroupv2devices.c +++ b/src/util/vircgroupv2devices.c @@ -660,3 +660,11 @@ virCgroupV2DevicesGetPerms(int perms ATTRIBUTE_UNUSED, return 0; } #endif /* !HAVE_DECL_BPF_CGROUP_DEVICE */ + + +uint64_t +virCgroupV2DevicesGetKey(int major, + int minor) +{ + return (uint64_t)major << 32 | ((uint64_t)minor & 0x00000000ffffffff); +} diff --git a/src/util/vircgroupv2devices.h b/src/util/vircgroupv2devices.h index cbfd9ae119..d717c9755f 100644 --- a/src/util/vircgroupv2devices.h +++ b/src/util/vircgroupv2devices.h @@ -47,4 +47,8 @@ uint32_t virCgroupV2DevicesGetPerms(int perms, char type); =20 +uint64_t +virCgroupV2DevicesGetKey(int major, + int minor); + #endif /* LIBVIRT_VIRCGROUPV2DEVICES_H */ --=20 2.20.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Sun May 5 06:27:44 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1556178303; cv=none; d=zoho.com; s=zohoarc; b=NJTQ0Nz/0/DQ3KifSCZmZwt2ExX5fy5cmqT0fZBJETDYf5OyAP+BbWFDITNEtVZ7rGbHFEQtZSoL4SIZQoPwiy/Aks+jUKbYHydhxwXyN2M1BJgoL+5bONkXTNQzzHyo/dG3Sw0Sym5tyS2Za1wVFScJzt6KrG+lFvp+qD3HbJQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1556178303; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=mybJIYG5Njg+DKDC5VtfxSo07hTAzk9V4/O5AFaa12M=; b=EvNNp0TrliwczXvqKBYt8gsIhgDnCpza/y4OMeQnXFnPVRsA07kzty9S6dJdRXEFOb2XRc3eY4Za7oQCEvW08PyjqeirNu9WvphK99Ye/LuOP7FjIpqLcN7WG/px8d1ZtmhAcsfz8fondjyaXmWY3OYQJaN1HkV3rqRx/wjdAWE= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1556178303721867.9365617175614; Thu, 25 Apr 2019 00:45:03 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 7400B88ABE; Thu, 25 Apr 2019 07:45:01 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 48EB5648B5; Thu, 25 Apr 2019 07:45:01 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id F2D5A181B9ED; Thu, 25 Apr 2019 07:45:00 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x3P7ifVw007905 for ; Thu, 25 Apr 2019 03:44:42 -0400 Received: by smtp.corp.redhat.com (Postfix) id ED826648AD; Thu, 25 Apr 2019 07:44:41 +0000 (UTC) Received: from antique-work.brq.redhat.com (unknown [10.43.2.63]) by smtp.corp.redhat.com (Postfix) with ESMTP id 7508A648A2 for ; Thu, 25 Apr 2019 07:44:41 +0000 (UTC) From: Pavel Hrdina To: libvir-list@redhat.com Date: Thu, 25 Apr 2019 09:44:27 +0200 Message-Id: In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v3 10/15] vircgroup: introduce virCgroupV2AllowDevice X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.26]); Thu, 25 Apr 2019 07:45:02 +0000 (UTC) Content-Type: text/plain; charset="utf-8" In order to allow device we need to create key and value which will be used to update BPF map. virBPFUpdateElem() can override existing entries in BPF map so we need to check if that entry exists in order to track number of entries in our map. This can add rule for specific device but major and minor can be both -1 which follows the same behavior as in cgroup v1. Signed-off-by: Pavel Hrdina Reviewed-by: J=C3=A1n Tomko --- src/util/vircgroupv2.c | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/src/util/vircgroupv2.c b/src/util/vircgroupv2.c index ce19169fe7..9f9802bb2f 100644 --- a/src/util/vircgroupv2.c +++ b/src/util/vircgroupv2.c @@ -30,6 +30,7 @@ #include "vircgrouppriv.h" =20 #include "viralloc.h" +#include "virbpf.h" #include "vircgroup.h" #include "vircgroupbackend.h" #include "vircgroupv2.h" @@ -1638,6 +1639,35 @@ virCgroupV2GetCpusetCpus(virCgroupPtr group, } =20 =20 +static int +virCgroupV2AllowDevice(virCgroupPtr group, + char type, + int major, + int minor, + int perms) +{ + uint64_t key =3D virCgroupV2DevicesGetKey(major, minor); + uint32_t val =3D virCgroupV2DevicesGetPerms(perms, type); + int rc; + + if (virCgroupV2DevicesPrepareProg(group) < 0) + return -1; + + rc =3D virBPFLookupElem(group->unified.devices.mapfd, &key, NULL); + + if (virBPFUpdateElem(group->unified.devices.mapfd, &key, &val) < 0) { + virReportSystemError(errno, "%s", + _("failed to update device in BPF cgroup map"= )); + return -1; + } + + if (rc < 0) + group->unified.devices.count++; + + return 0; +} + + virCgroupBackend virCgroupV2Backend =3D { .type =3D VIR_CGROUP_BACKEND_TYPE_V2, =20 @@ -1687,6 +1717,8 @@ virCgroupBackend virCgroupV2Backend =3D { .getMemSwapHardLimit =3D virCgroupV2GetMemSwapHardLimit, .getMemSwapUsage =3D virCgroupV2GetMemSwapUsage, =20 + .allowDevice =3D virCgroupV2AllowDevice, + .setCpuShares =3D virCgroupV2SetCpuShares, .getCpuShares =3D virCgroupV2GetCpuShares, .setCpuCfsPeriod =3D virCgroupV2SetCpuCfsPeriod, --=20 2.20.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Sun May 5 06:27:44 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1556178309; cv=none; d=zoho.com; s=zohoarc; b=XtJlCW/o/3D7hxSnKs6vNgljukvfICL3NUB84ismDMEAxyPlPTsJ1+rqV0a25sDJsNYpF2mtqLl2EF5hGzL05Q/1T/T4atjOqr10ood5w8wfziMzYm0GQrRGmnPM2b2Azuy32gMRdHeeNIeZ01zpV/q2DXUd3zB8fjlm8b62nns= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1556178309; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=TU2OdeHugzCR82UGgTbLAh4fnx8f0nzuMywrJGipt80=; b=EUTHbRMM7T+hf7HYw7iy7Pij5BChHQgKunq5U4KJk3lab7fuGWlVgs6fwVjEpUgmXbT5Fc55/4Fgo4MOwx23ELLxcf/WZaJOowuTDWt08nw8bTLKnKgtcniGUar0mB5LCHdfzRh9L0Bl/4uwBhBuC6PEIZDWVd4y5nLiLM1VIiQ= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1556178309638760.7982125564214; Thu, 25 Apr 2019 00:45:09 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 1CF742D81A; Thu, 25 Apr 2019 07:45:08 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id CBEFC648C9; Thu, 25 Apr 2019 07:45:07 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 578C8181B9F0; Thu, 25 Apr 2019 07:45:07 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x3P7ig2H007923 for ; Thu, 25 Apr 2019 03:44:42 -0400 Received: by smtp.corp.redhat.com (Postfix) id BE0E0648B3; Thu, 25 Apr 2019 07:44:42 +0000 (UTC) Received: from antique-work.brq.redhat.com (unknown [10.43.2.63]) by smtp.corp.redhat.com (Postfix) with ESMTP id 464B1648AE for ; Thu, 25 Apr 2019 07:44:42 +0000 (UTC) From: Pavel Hrdina To: libvir-list@redhat.com Date: Thu, 25 Apr 2019 09:44:28 +0200 Message-Id: <9f82da3a66ca1bcd061d9ef4392cb738846bee95.1556178064.git.phrdina@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v3 11/15] vircgroup: introduce virCgroupV2DenyDevice X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.30]); Thu, 25 Apr 2019 07:45:08 +0000 (UTC) Content-Type: text/plain; charset="utf-8" In order to deny device we need to check if there is any entry in BPF map and we need to load the current value from map if there is already entry for that device. If both values are same we can remove that entry but if they are different we need to update the entry because we don't have to deny all access, but for example only write access. Signed-off-by: Pavel Hrdina Reviewed-by: J=C3=A1n Tomko --- src/util/vircgroupv2.c | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/src/util/vircgroupv2.c b/src/util/vircgroupv2.c index 9f9802bb2f..bf78c33519 100644 --- a/src/util/vircgroupv2.c +++ b/src/util/vircgroupv2.c @@ -1668,6 +1668,46 @@ virCgroupV2AllowDevice(virCgroupPtr group, } =20 =20 +static int +virCgroupV2DenyDevice(virCgroupPtr group, + char type, + int major, + int minor, + int perms) +{ + uint64_t key =3D virCgroupV2DevicesGetKey(major, minor); + uint32_t newval =3D virCgroupV2DevicesGetPerms(perms, type); + uint32_t val =3D 0; + + if (virCgroupV2DevicesPrepareProg(group) < 0) + return -1; + + if (group->unified.devices.count <=3D 0 || + virBPFLookupElem(group->unified.devices.mapfd, &key, &val) < 0) { + VIR_DEBUG("nothing to do, device is not allowed"); + return 0; + } + + if (newval =3D=3D val) { + if (virBPFDeleteElem(group->unified.devices.mapfd, &key) < 0) { + virReportSystemError(errno, "%s", + _("failed to remove device from BPF cgrou= p map")); + return -1; + } + group->unified.devices.count--; + } else { + val ^=3D val & newval; + if (virBPFUpdateElem(group->unified.devices.mapfd, &key, &val) < 0= ) { + virReportSystemError(errno, "%s", + _("failed to update device in BPF cgroup = map")); + return -1; + } + } + + return 0; +} + + virCgroupBackend virCgroupV2Backend =3D { .type =3D VIR_CGROUP_BACKEND_TYPE_V2, =20 @@ -1718,6 +1758,7 @@ virCgroupBackend virCgroupV2Backend =3D { .getMemSwapUsage =3D virCgroupV2GetMemSwapUsage, =20 .allowDevice =3D virCgroupV2AllowDevice, + .denyDevice =3D virCgroupV2DenyDevice, =20 .setCpuShares =3D virCgroupV2SetCpuShares, .getCpuShares =3D virCgroupV2GetCpuShares, --=20 2.20.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Sun May 5 06:27:44 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1556178313; cv=none; d=zoho.com; s=zohoarc; b=URQmSPU8Zk/FcjMB1b9Fi5KbYsA/RKF8U1iPigDKg2vlHF0WEpByZcdOoxiUwOi6pWyagxf5VMZMDZeych48yGI4d6jQ4Ck1rLO1QkJcq10zWeTLTuHqPd33BCtU9Rlt+8lZUcTwI+5kdoG/gjhzD51kr7EtHxh1/7/NBInMnRo= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1556178313; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=WKWOnz+DNPFe+anAzizZnKA6Es6tuFCabrlp8zQH6Bs=; b=bbq8loNIr+u7EzFBQjPxn3IR7nHuZ3KQMSNNiR34F1GgyGAGDpNnEq2RBs1xOc0a5vU4Csc4iABFicl1o9xw1BOTUSXeqFNhSlkMHcAFJsq/VFgM4+WX51L+Sy8eUFzd/2poPtEZnOU9rjQzT+TsXmsRvDnw5JO27QPKJLCkTOs= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1556178313943827.2816243810969; Thu, 25 Apr 2019 00:45:13 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 980543094B1E; Thu, 25 Apr 2019 07:45:12 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 609BF5DE4E; Thu, 25 Apr 2019 07:45:12 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 0670B65D1B; Thu, 25 Apr 2019 07:45:12 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x3P7ihlZ007933 for ; Thu, 25 Apr 2019 03:44:43 -0400 Received: by smtp.corp.redhat.com (Postfix) id 8DF88648AE; Thu, 25 Apr 2019 07:44:43 +0000 (UTC) Received: from antique-work.brq.redhat.com (unknown [10.43.2.63]) by smtp.corp.redhat.com (Postfix) with ESMTP id 16EF3648B5 for ; Thu, 25 Apr 2019 07:44:42 +0000 (UTC) From: Pavel Hrdina To: libvir-list@redhat.com Date: Thu, 25 Apr 2019 09:44:29 +0200 Message-Id: <665e6c96be2f704689cd5922685555a080a539a5.1556178064.git.phrdina@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v3 12/15] vircgroup: introduce virCgroupV2AllowAllDevices X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.48]); Thu, 25 Apr 2019 07:45:13 +0000 (UTC) Content-Type: text/plain; charset="utf-8" If we want to allow all devices with all permissions we need to replace any existing program that has any rule configured, otherwise we just need to add new rule which will for example allow read access to all devices. Signed-off-by: Pavel Hrdina Reviewed-by: J=C3=A1n Tomko --- src/util/vircgroupv2.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/src/util/vircgroupv2.c b/src/util/vircgroupv2.c index bf78c33519..a8ba9b9e9e 100644 --- a/src/util/vircgroupv2.c +++ b/src/util/vircgroupv2.c @@ -1708,6 +1708,23 @@ virCgroupV2DenyDevice(virCgroupPtr group, } =20 =20 +static int +virCgroupV2AllowAllDevices(virCgroupPtr group, + int perms) +{ + if (virCgroupV2DevicesPrepareProg(group) < 0) + return -1; + + if (group->unified.devices.count > 0 && + perms =3D=3D VIR_CGROUP_DEVICE_RWM && + virCgroupV2DevicesCreateProg(group) < 0) { + return -1; + } + + return virCgroupV2AllowDevice(group, 'a', -1, -1, perms); +} + + virCgroupBackend virCgroupV2Backend =3D { .type =3D VIR_CGROUP_BACKEND_TYPE_V2, =20 @@ -1759,6 +1776,7 @@ virCgroupBackend virCgroupV2Backend =3D { =20 .allowDevice =3D virCgroupV2AllowDevice, .denyDevice =3D virCgroupV2DenyDevice, + .allowAllDevices =3D virCgroupV2AllowAllDevices, =20 .setCpuShares =3D virCgroupV2SetCpuShares, .getCpuShares =3D virCgroupV2GetCpuShares, --=20 2.20.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Sun May 5 06:27:44 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1556178314; cv=none; d=zoho.com; s=zohoarc; b=Y54thkez9gHgDXyAYU1Zgp3cX15x1T90I80Tn4m6KUNQSMDExw33LosQDVvKv6aivbLGjQiHMxy++6A3pEBql0zDeJmUb4wUvZEF5tA6dD9tn0Y79+cCW/dE6ki8WG7imrB7LiN+nZlVD0IlRc8pgC64l9GljAkQCZX++H8dm2M= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1556178314; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=DLU9NC0XXJLYE1ZuOQ/PgXXT/kTLgy1v+SeB2oH3M3o=; b=GKe1I84Kep8PLtkkBn/U96vkYU5DMNUmYx10nzU6wmlZskucEkt1EiJ6By20klpgSULaCNIsHCz7itk6Gy5TJjMcE1P6UCk7oFfVa4s9rbaWBc7AP79ZmEdrTxdB71ebAOdmDPQq4qOtkh2nTe1jUba2xQSKt/hNov570Rq2syo= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1556178314267394.0268684143234; Thu, 25 Apr 2019 00:45:14 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id ED8188B960; Thu, 25 Apr 2019 07:45:12 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id B52DD648C2; Thu, 25 Apr 2019 07:45:12 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 4B061181B9ED; Thu, 25 Apr 2019 07:45:12 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x3P7iiW8007943 for ; Thu, 25 Apr 2019 03:44:44 -0400 Received: by smtp.corp.redhat.com (Postfix) id 5F4B4648B1; Thu, 25 Apr 2019 07:44:44 +0000 (UTC) Received: from antique-work.brq.redhat.com (unknown [10.43.2.63]) by smtp.corp.redhat.com (Postfix) with ESMTP id DC366648AE for ; Thu, 25 Apr 2019 07:44:43 +0000 (UTC) From: Pavel Hrdina To: libvir-list@redhat.com Date: Thu, 25 Apr 2019 09:44:30 +0200 Message-Id: In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v3 13/15] vircgroup: introduce virCgroupV2DenyAllDevices X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.27]); Thu, 25 Apr 2019 07:45:13 +0000 (UTC) Content-Type: text/plain; charset="utf-8" If we want to deny all devices we just need to replace any existing program with new program with empty map. Signed-off-by: Pavel Hrdina Reviewed-by: J=C3=A1n Tomko --- src/util/vircgroupv2.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/src/util/vircgroupv2.c b/src/util/vircgroupv2.c index a8ba9b9e9e..6c851f9637 100644 --- a/src/util/vircgroupv2.c +++ b/src/util/vircgroupv2.c @@ -1725,6 +1725,16 @@ virCgroupV2AllowAllDevices(virCgroupPtr group, } =20 =20 +static int +virCgroupV2DenyAllDevices(virCgroupPtr group) +{ + if (virCgroupV2DevicesDetectProg(group) < 0) + return -1; + + return virCgroupV2DevicesCreateProg(group); +} + + virCgroupBackend virCgroupV2Backend =3D { .type =3D VIR_CGROUP_BACKEND_TYPE_V2, =20 @@ -1777,6 +1787,7 @@ virCgroupBackend virCgroupV2Backend =3D { .allowDevice =3D virCgroupV2AllowDevice, .denyDevice =3D virCgroupV2DenyDevice, .allowAllDevices =3D virCgroupV2AllowAllDevices, + .denyAllDevices =3D virCgroupV2DenyAllDevices, =20 .setCpuShares =3D virCgroupV2SetCpuShares, .getCpuShares =3D virCgroupV2GetCpuShares, --=20 2.20.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Sun May 5 06:27:44 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1556178306; cv=none; d=zoho.com; s=zohoarc; b=ZtupZd96QxvhdDiXcMt+U9JlzbngUkoZWV1Ee0rgVs5c57/muFB2Ve8Vcjo2k+7lFf9W7We38OInJB58nUMLSMH/9dkyvy3Tl4yu17FopPN/W1HcWnWibznkrgRx4VnKruOTdZg835OoO82MfHlSGZ2GklaSvDoKGsPAY2dqiIM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1556178306; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=FZHhdFJLUR4VjRPFifJMyp8098znFGSqEqKO1uzGMfM=; b=C+q/R/+qLXZCeBlwSJdhNqJzl8jQf1W05s3vIZtTfjTNKP5PcjXBuqOJGlBlI2qCEnb+OzTv0PqSnPKNuW8dno+jntMLlmHeuqIHrctKIfLQZtBVITXr9vHA1jFCmFYbjRGaD1VOtwlLj9us6Y8PMrw690oq+HLXDNNBdy9FlQo= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 155617830639212.99787801463458; Thu, 25 Apr 2019 00:45:06 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id EB859124564; Thu, 25 Apr 2019 07:45:04 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id AB22116584; Thu, 25 Apr 2019 07:45:04 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 3C91065D1C; Thu, 25 Apr 2019 07:45:04 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x3P7ijSh007953 for ; Thu, 25 Apr 2019 03:44:45 -0400 Received: by smtp.corp.redhat.com (Postfix) id 2FBCC648AE; Thu, 25 Apr 2019 07:44:45 +0000 (UTC) Received: from antique-work.brq.redhat.com (unknown [10.43.2.63]) by smtp.corp.redhat.com (Postfix) with ESMTP id ACF48648B7 for ; Thu, 25 Apr 2019 07:44:44 +0000 (UTC) From: Pavel Hrdina To: libvir-list@redhat.com Date: Thu, 25 Apr 2019 09:44:31 +0200 Message-Id: <39a685082b8b2084fedb9d57e1e75b4842a5ea78.1556178064.git.phrdina@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v3 14/15] vircgroup: workaround devices in hybrid mode X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.38]); Thu, 25 Apr 2019 07:45:05 +0000 (UTC) Content-Type: text/plain; charset="utf-8" So the issue here is that you can end up with configuration where you have cgroup v1 and v2 enabled at the same time and the devices controllers is enabled for cgroup v1. In cgroup v2 there is no devices controller, the device access is controlled using BPF and since it is not a cgroup controller both of them can exists at the same time and both of them are applied while resolving access to devices. In order to avoid configuring both BPF and cgroup v1 devices we will use BPF if possible and otherwise fallback to cgroup v1 devices. Signed-off-by: Pavel Hrdina Reviewed-by: J=C3=A1n Tomko --- src/util/vircgroup.c | 3 ++- src/util/vircgroupbackend.h | 3 ++- src/util/vircgroupv1.c | 9 ++++++++- src/util/vircgroupv2.c | 5 ++++- 4 files changed, 16 insertions(+), 4 deletions(-) diff --git a/src/util/vircgroup.c b/src/util/vircgroup.c index 4238d7014b..2ec9d28fc9 100644 --- a/src/util/vircgroup.c +++ b/src/util/vircgroup.c @@ -383,7 +383,8 @@ virCgroupDetect(virCgroupPtr group, =20 for (i =3D 0; i < VIR_CGROUP_BACKEND_TYPE_LAST; i++) { if (group->backends[i]) { - int rc =3D group->backends[i]->detectControllers(group, contro= llers); + int rc =3D group->backends[i]->detectControllers(group, contro= llers, + controllersAvai= lable); if (rc < 0) return -1; controllersAvailable |=3D rc; diff --git a/src/util/vircgroupbackend.h b/src/util/vircgroupbackend.h index 24b45be9bb..9bc8e7b11d 100644 --- a/src/util/vircgroupbackend.h +++ b/src/util/vircgroupbackend.h @@ -96,7 +96,8 @@ typedef char * =20 typedef int (*virCgroupDetectControllersCB)(virCgroupPtr group, - int controllers); + int controllers, + int detected); =20 typedef bool (*virCgroupHasControllerCB)(virCgroupPtr cgroup, diff --git a/src/util/vircgroupv1.c b/src/util/vircgroupv1.c index 8ce10d3608..f879c76595 100644 --- a/src/util/vircgroupv1.c +++ b/src/util/vircgroupv1.c @@ -420,7 +420,8 @@ virCgroupV1StealPlacement(virCgroupPtr group) =20 static int virCgroupV1DetectControllers(virCgroupPtr group, - int controllers) + int controllers, + int detected) { size_t i; size_t j; @@ -430,6 +431,9 @@ virCgroupV1DetectControllers(virCgroupPtr group, /* First mark requested but non-existing controllers to be ignored= */ for (i =3D 0; i < VIR_CGROUP_CONTROLLER_LAST; i++) { if (((1 << i) & controllers)) { + int type =3D 1 << i; + if (type & detected) + VIR_FREE(group->legacy[i].mountPoint); /* Remove non-existent controllers */ if (!group->legacy[i].mountPoint) { VIR_DEBUG("Requested controller '%s' not mounted, igno= ring", @@ -469,6 +473,9 @@ virCgroupV1DetectControllers(virCgroupPtr group, VIR_DEBUG("Auto-detecting controllers"); controllers =3D 0; for (i =3D 0; i < VIR_CGROUP_CONTROLLER_LAST; i++) { + int type =3D 1 << i; + if (type & detected) + VIR_FREE(group->legacy[i].mountPoint); VIR_DEBUG("Controller '%s' present=3D%s", virCgroupV1ControllerTypeToString(i), group->legacy[i].mountPoint ? "yes" : "no"); diff --git a/src/util/vircgroupv2.c b/src/util/vircgroupv2.c index 6c851f9637..c14bdd1f6d 100644 --- a/src/util/vircgroupv2.c +++ b/src/util/vircgroupv2.c @@ -287,7 +287,8 @@ virCgroupV2ParseControllersFile(virCgroupPtr group) =20 static int virCgroupV2DetectControllers(virCgroupPtr group, - int controllers) + int controllers, + int detected) { size_t i; =20 @@ -300,6 +301,8 @@ virCgroupV2DetectControllers(virCgroupPtr group, if (virCgroupV2DevicesAvailable(group)) group->unified.controllers |=3D 1 << VIR_CGROUP_CONTROLLER_DEVICES; =20 + group->unified.controllers &=3D ~detected; + for (i =3D 0; i < VIR_CGROUP_CONTROLLER_LAST; i++) VIR_DEBUG("Controller '%s' present=3D%s", virCgroupV2ControllerTypeToString(i), --=20 2.20.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Sun May 5 06:27:44 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1556178318; cv=none; d=zoho.com; s=zohoarc; b=Nl1T5EnlN2iWx/w3Hny4bFE9SbOje2XmxWXJyj8vFg4LKK4A5eugWqvpI85O3GgBz7KiqoQUr8WCIwjzFY+0TKgA6Ft5OfnbumwyvMv4/Vd1/N746Q4gYExvUDm13mfIsg6o9NGosYeVf1KfI/yGGaQ7fMIbhiNAeXFQfdvRcF0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1556178318; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=ZhFOm9mJ2swJkOpdbnbpQ9Up4Eqsyb3W2dBS8Dx7Aoo=; b=UgbwyCxNRZjZFpI4cwrZavJKf4eYADnihrsymYlPXZbN9lKVfvuZJWRvjbSUBA3gdLxJ7jxXe+mEMuhDEJxoLE1v/lGe2LawdEeRaj8u17gHrFwJ965UOtgaov2eRchkk3i98x/z5OEHyFkzIT8WYrFK09ljc1BBHYjw2ljGQlQ= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1556178318959642.7418141292482; Thu, 25 Apr 2019 00:45:18 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id F3AF5309CC0E; Thu, 25 Apr 2019 07:45:16 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id CA1BB61D0F; Thu, 25 Apr 2019 07:45:16 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 7F11665D1D; Thu, 25 Apr 2019 07:45:16 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x3P7ik0c007963 for ; Thu, 25 Apr 2019 03:44:46 -0400 Received: by smtp.corp.redhat.com (Postfix) id 00ABC648BB; Thu, 25 Apr 2019 07:44:46 +0000 (UTC) Received: from antique-work.brq.redhat.com (unknown [10.43.2.63]) by smtp.corp.redhat.com (Postfix) with ESMTP id 7D97E648AE for ; Thu, 25 Apr 2019 07:44:45 +0000 (UTC) From: Pavel Hrdina To: libvir-list@redhat.com Date: Thu, 25 Apr 2019 09:44:32 +0200 Message-Id: <7d6e71a81245720598f0a4ee44dc8688ca2a054e.1556178064.git.phrdina@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v3 15/15] vircgroupmock: mock virCgroupV2DevicesAvailable X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.48]); Thu, 25 Apr 2019 07:45:17 +0000 (UTC) Content-Type: text/plain; charset="utf-8" We need to mock virCgroupV2DevicesAvailable() in order to remove any dependency on kernel as BPF devices might not be available. Signed-off-by: Pavel Hrdina Reviewed-by: J=C3=A1n Tomko --- src/util/vircgroupv2devices.h | 5 ++++- tests/vircgroupdata/hybrid.parsed | 2 +- tests/vircgroupmock.c | 7 +++++++ tests/vircgrouptest.c | 4 ++-- 4 files changed, 14 insertions(+), 4 deletions(-) diff --git a/src/util/vircgroupv2devices.h b/src/util/vircgroupv2devices.h index d717c9755f..5fc35942ef 100644 --- a/src/util/vircgroupv2devices.h +++ b/src/util/vircgroupv2devices.h @@ -21,10 +21,13 @@ =20 # include =20 +# include "internal.h" + # include "vircgroup.h" =20 bool -virCgroupV2DevicesAvailable(virCgroupPtr group); +virCgroupV2DevicesAvailable(virCgroupPtr group) + ATTRIBUTE_NOINLINE; =20 int virCgroupV2DevicesAttachProg(virCgroupPtr group, diff --git a/tests/vircgroupdata/hybrid.parsed b/tests/vircgroupdata/hybrid= .parsed index 7600de5f45..f755eed465 100644 --- a/tests/vircgroupdata/hybrid.parsed +++ b/tests/vircgroupdata/hybrid.parsed @@ -2,7 +2,7 @@ cpu cpuacct cpuset /not/really/sys/fs/cgroup/cpuset memory -devices /not/really/sys/fs/cgroup/devices +devices freezer /not/really/sys/fs/cgroup/freezer blkio net_cls /not/really/sys/fs/cgroup/net_cls diff --git a/tests/vircgroupmock.c b/tests/vircgroupmock.c index 7bbaa6dd0f..5aeeb80bb3 100644 --- a/tests/vircgroupmock.c +++ b/tests/vircgroupmock.c @@ -35,6 +35,7 @@ # include "virstring.h" # include "virfile.h" # include "viralloc.h" +# include "vircgroupv2devices.h" =20 static int (*real_open)(const char *path, int flags, ...); static FILE *(*real_fopen)(const char *path, const char *mode); @@ -600,6 +601,12 @@ int open(const char *path, int flags, ...) free(newpath); return ret; } + +bool +virCgroupV2DevicesAvailable(virCgroupPtr group ATTRIBUTE_UNUSED) +{ + return true; +} #else /* Nothing to override on non-__linux__ platforms */ #endif diff --git a/tests/vircgrouptest.c b/tests/vircgrouptest.c index 20f4c57b04..4c1f53d924 100644 --- a/tests/vircgrouptest.c +++ b/tests/vircgrouptest.c @@ -587,6 +587,7 @@ static int testCgroupNewForSelfUnified(const void *args= ATTRIBUTE_UNUSED) (1 << VIR_CGROUP_CONTROLLER_CPU) | (1 << VIR_CGROUP_CONTROLLER_CPUACCT) | (1 << VIR_CGROUP_CONTROLLER_MEMORY) | + (1 << VIR_CGROUP_CONTROLLER_DEVICES) | (1 << VIR_CGROUP_CONTROLLER_BLKIO); =20 if (virCgroupNewSelf(&cgroup) < 0) { @@ -609,14 +610,12 @@ static int testCgroupNewForSelfHybrid(const void *arg= s ATTRIBUTE_UNUSED) const char *empty[VIR_CGROUP_CONTROLLER_LAST] =3D { 0 }; const char *mounts[VIR_CGROUP_CONTROLLER_LAST] =3D { [VIR_CGROUP_CONTROLLER_CPUSET] =3D "/not/really/sys/fs/cgroup/cpus= et", - [VIR_CGROUP_CONTROLLER_DEVICES] =3D "/not/really/sys/fs/cgroup/dev= ices", [VIR_CGROUP_CONTROLLER_FREEZER] =3D "/not/really/sys/fs/cgroup/fre= ezer", [VIR_CGROUP_CONTROLLER_NET_CLS] =3D "/not/really/sys/fs/cgroup/net= _cls", [VIR_CGROUP_CONTROLLER_PERF_EVENT] =3D "/not/really/sys/fs/cgroup/= perf_event", }; const char *placement[VIR_CGROUP_CONTROLLER_LAST] =3D { [VIR_CGROUP_CONTROLLER_CPUSET] =3D "/", - [VIR_CGROUP_CONTROLLER_DEVICES] =3D "/", [VIR_CGROUP_CONTROLLER_FREEZER] =3D "/", [VIR_CGROUP_CONTROLLER_NET_CLS] =3D "/", [VIR_CGROUP_CONTROLLER_PERF_EVENT] =3D "/", @@ -625,6 +624,7 @@ static int testCgroupNewForSelfHybrid(const void *args = ATTRIBUTE_UNUSED) (1 << VIR_CGROUP_CONTROLLER_CPU) | (1 << VIR_CGROUP_CONTROLLER_CPUACCT) | (1 << VIR_CGROUP_CONTROLLER_MEMORY) | + (1 << VIR_CGROUP_CONTROLLER_DEVICES) | (1 << VIR_CGROUP_CONTROLLER_BLKIO); =20 if (virCgroupNewSelf(&cgroup) < 0) { --=20 2.20.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list