[PATCH v2 04/17] vircgroup: introduce virCgroupV2DevicesDetectProg

Pavel Hrdina <phrdina@xxxxxxxxxx> · Mon, 14 Jan 2019 16:47:38 +0100

This function will be called if libvirtd was restarted while some
domains were running.  It will try to detect existing programs attached
to the guest cgroup.

Signed-off-by: Pavel Hrdina <phrdina@xxxxxxxxxx>
---
 src/libvirt_private.syms      |   1 +
 src/util/vircgroupv2devices.c | 117 ++++++++++++++++++++++++++++++++++
 src/util/vircgroupv2devices.h |   3 +
 3 files changed, 121 insertions(+)

diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 3fc91ce207..7f1050ef5a 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -1614,6 +1614,7 @@ virCgroupV2Register;
 # util/vircgroupv2devices.h
 virCgroupV2DevicesAttachProg;
 virCgroupV2DevicesAvailable;
+virCgroupV2DevicesDetectProg;
 
 # util/virclosecallbacks.h
 virCloseCallbacksGet;
diff --git a/src/util/vircgroupv2devices.c b/src/util/vircgroupv2devices.c
index 0b721a0aad..e609faa210 100644
--- a/src/util/vircgroupv2devices.c
+++ b/src/util/vircgroupv2devices.c
@@ -192,6 +192,113 @@ virCgroupV2DevicesAttachProg(virCgroupPtr group,
     VIR_FORCE_CLOSE(mapfd);
     return ret;
 }
+
+
+static int
+virCgroupV2DevicesCountMapEntries(int mapfd)
+{
+    int ret = 0;
+    int rc;
+    uint64_t key = 0;
+    uint64_t prevKey = 0;
+
+    while ((rc = virBPFGetNextElem(mapfd, &prevKey, &key)) == 0) {
+        ret++;
+        prevKey = key;
+    }
+
+    if (rc < 0)
+        return -1;
+
+    return ret;
+}
+
+
+# define MAX_PROG_IDS 10
+
+int
+virCgroupV2DevicesDetectProg(virCgroupPtr group)
+{
+    int ret = -1;
+    int cgroupfd = -1;
+    unsigned int progcnt = 0;
+    unsigned int progids[MAX_PROG_IDS] = { 0 };
+    VIR_AUTOFREE(char *) path = NULL;
+
+    if (group->unified.devices.progfd > 0 && group->unified.devices.mapfd > 0)
+        return 0;
+
+    if (virCgroupPathOfController(group, VIR_CGROUP_CONTROLLER_DEVICES,
+                                  NULL, &path) < 0) {
+        return -1;
+    }
+
+    cgroupfd = open(path, O_RDONLY);
+    if (cgroupfd < 0) {
+        virReportSystemError(errno, _("unable to open '%s'"), path);
+        goto cleanup;
+    }
+
+    if (virBPFQueryProg(cgroupfd, MAX_PROG_IDS, BPF_CGROUP_DEVICE,
+                        &progcnt, progids) < 0) {
+        virReportSystemError(errno, "%s", _("unable to query cgroup BPF progs"));
+        goto cleanup;
+    }
+
+    if (progcnt > 0) {
+        /* No need to have alternate code, this function will not be called
+         * if compiled with old kernel. */
+        int progfd = virBPFGetProg(progids[0]);
+        int mapfd = -1;
+        int nitems = -1;
+        struct bpf_prog_info progInfo = { 0 };
+        struct bpf_map_info mapInfo = { 0 };
+        VIR_AUTOFREE(unsigned int *) mapIDs = NULL;
+
+        if (progfd < 0) {
+            virReportSystemError(errno, "%s", _("failed to get cgroup BPF prog FD"));
+            goto cleanup;
+        }
+
+        if (virBPFGetProgInfo(progfd, &progInfo, &mapIDs) < 0) {
+            virReportSystemError(errno, "%s", _("failed to get cgroup BPF prog info"));
+            goto cleanup;
+        }
+
+        if (progInfo.nr_map_ids == 0) {
+            virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+                           _("no map for cgroup BPF prog"));
+            goto cleanup;
+        }
+
+        mapfd = virBPFGetMap(mapIDs[0]);
+        if (mapfd < 0) {
+            virReportSystemError(errno, "%s", _("failed to get cgroup BPF map FD"));
+            goto cleanup;
+        }
+
+        if (virBPFGetMapInfo(mapfd, &mapInfo) < 0) {
+            virReportSystemError(errno, "%s", _("failed to get cgroup BPF map info"));
+            goto cleanup;
+        }
+
+        nitems = virCgroupV2DevicesCountMapEntries(mapfd);
+        if (nitems < 0) {
+            virReportSystemError(errno, "%s", _("failed to count cgroup BPF map items"));
+            goto cleanup;
+        }
+
+        group->unified.devices.progfd = progfd;
+        group->unified.devices.mapfd = mapfd;
+        group->unified.devices.max = mapInfo.max_entries;
+        group->unified.devices.count = nitems;
+    }
+
+    ret = 0;
+ cleanup:
+    VIR_FORCE_CLOSE(cgroupfd);
+    return ret;
+}
 #else /* !HAVE_DECL_BPF_CGROUP_DEVICE */
 bool
 virCgroupV2DevicesAvailable(virCgroupPtr group ATTRIBUTE_UNUSED)
@@ -210,4 +317,14 @@ virCgroupV2DevicesAttachProg(virCgroupPtr group ATTRIBUTE_UNUSED,
                            "with this kernel"));
     return -1;
 }
+
+
+int
+virCgroupV2DevicesDetectProg(virCgroupPtr group ATTRIBUTE_UNUSED)
+{
+    virReportSystemError(ENOSYS, "%s",
+                         _("cgroups v2 BPF devices not supported "
+                           "with this kernel"));
+    return -1;
+}
 #endif /* !HAVE_DECL_BPF_CGROUP_DEVICE */
diff --git a/src/util/vircgroupv2devices.h b/src/util/vircgroupv2devices.h
index 1ba87acb00..a8e50dcca5 100644
--- a/src/util/vircgroupv2devices.h
+++ b/src/util/vircgroupv2devices.h
@@ -29,4 +29,7 @@ virCgroupV2DevicesAttachProg(virCgroupPtr group,
                              int mapfd,
                              size_t max);
 
+int
+virCgroupV2DevicesDetectProg(virCgroupPtr group);
+
 #endif /* LIBVIRT_VIRCGROUPV2DEVICES_H */
-- 
2.20.1

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list






