On Wed, Jan 02, 2019 at 03:08:32PM +0100, Pavel Hrdina wrote:
In cgroups v2 there is no devices controller, BPF should be used instead.Patches 3 - 12 will be squashed into single commit and they need to be compiled together, I've separated them to make review easier. Pavel Hrdina (19): util: introduce virbpf helpers vircgroup: introduce virCgroupV2DevicesAvailable vircgroup: introduce virCgroupV2DeviceLoadProg vircgroup: introduce virCgroupV2DeviceAttachProg vircgroup: introduce virCgroupV2DeviceDetectProg vircgroup: introduce virCgroupV2DeviceCreateProg vircgroup: introduce virCgroupV2DeviceReallocMap vircgroup: introduce virCgroupV2DevicePrepareProg vircgroup: introduce virCgroupV2DeviceRemoveProg vircgroup: introduce virCgroupV2DeviceGetPerms vircgroup: introduce virCgroupV2DeviceGetKey vircgroup: introduce virCgroupV2AllowDevice vircgroup: introduce virCgroupV2DenyDevice vircgroup: introduce virCgroupV2AllowAllDevices vircgroup: introduce virCgroupV2DenyAllDevices vircgroup: workaround devices in hybrid mode vircgroupv2: detech BPF program before removing cgroup vircgroupv2: use dummy process to workaround kernel bug with systemd vircgroupmock: mock virBPFQueryProg include/libvirt/virterror.h | 1 + src/Makefile.am | 1 + src/libvirt_private.syms | 17 + src/lxc/lxc_cgroup.c | 1 + src/qemu/qemu_cgroup.c | 6 +- src/util/Makefile.inc.am | 2 + src/util/virbpf.c | 263 ++++++++++++ src/util/virbpf.h | 249 ++++++++++++ src/util/vircgroup.c | 18 +- src/util/vircgroup.h | 1 + src/util/vircgroupbackend.h | 3 +- src/util/vircgrouppriv.h | 12 + src/util/vircgroupv1.c | 9 +- src/util/vircgroupv2.c | 638 +++++++++++++++++++++++++++++- src/util/virerror.c | 1 + src/util/virsystemd.c | 2 +- src/util/virsystemd.h | 2 + tests/vircgroupdata/hybrid.parsed | 2 +- tests/vircgroupmock.c | 11 + tests/vircgrouptest.c | 4 +- 20 files changed, 1233 insertions(+), 10 deletions(-) create mode 100644 src/util/virbpf.c create mode 100644 src/util/virbpf.h
I haven't had the time to look at this closely, but this fails to compile
on my Gentoo with sys-kernel/linux-headers-4.14-r1:
util/virbpf.c:121:10: error: field designator 'query' does not refer to any
field in type 'union bpf_attr'
.query.target_fd = targetfd,
^
util/virbpf.c:122:10: error: field designator 'query' does not refer to any
field in type 'union bpf_attr'
.query.attach_type = attachType,
^
util/virbpf.c:123:10: error: field designator 'query' does not refer to any
field in type 'union bpf_attr'
.query.prog_cnt = maxprogids,
^
util/virbpf.c:124:10: error: field designator 'query' does not refer to any
field in type 'union bpf_attr'
.query.prog_ids = (__u64)progids,
^
util/virbpf.c:127:27: error: use of undeclared identifier 'BPF_PROG_QUERY'; did
you mean 'BPF_PROG_LOAD'?
rc = syscall(SYS_bpf, BPF_PROG_QUERY, &attr, sizeof(attr));
^~~~~~~~~~~~~~
BPF_PROG_LOAD
/usr/include/linux/bpf.h:85:2: note: 'BPF_PROG_LOAD' declared here
BPF_PROG_LOAD,
^
util/virbpf.c:162:25: error: no member named 'nr_map_ids' in 'struct
bpf_prog_info'
if (mapIDs && info->nr_map_ids > 0) {
~~~~ ^
util/virbpf.c:163:37: error: no member named 'nr_map_ids' in 'struct
bpf_prog_info'
unsigned int maplen = info->nr_map_ids;
~~~~ ^
util/virbpf.c:170:15: error: no member named 'nr_map_ids' in 'struct
bpf_prog_info'
info->nr_map_ids = maplen;
~~~~ ^
util/virbpf.c:171:15: error: no member named 'map_ids' in 'struct bpf_prog_info'
info->map_ids = (__u64)retmapIDs;
~~~~ ^
9 errors generated.
CC util/libvirt_util_la-viriptables.lo
CC util/libvirt_util_la-viriscsi.lo
make[3]: *** [Makefile:11083: util/libvirt_util_la-virbpf.lo] Error 1
make[3]: *** Waiting for unfinished jobs....
util/vircgroupv2.c:305:38: error: use of undeclared identifier
'BPF_CGROUP_DEVICE'; did you mean 'VIR_CGROUP_DEVICE_RW'?
if (virBPFQueryProg(cgroupfd, 0, BPF_CGROUP_DEVICE, &progCnt, NULL) < 0) {
^~~~~~~~~~~~~~~~~
VIR_CGROUP_DEVICE_RW
./util/vircgroup.h:200:5: note: 'VIR_CGROUP_DEVICE_RW' declared here
VIR_CGROUP_DEVICE_RW = VIR_CGROUP_DEVICE_READ | VIR_CGROUP_DEVICE_WRITE,
^
util/vircgroupv2.c:1686:33: error: use of undeclared identifier
'BPF_PROG_TYPE_CGROUP_DEVICE'; did you mean 'BPF_PROG_TYPE_CGROUP_SOCK'?
return virBPFLoadProg(prog, BPF_PROG_TYPE_CGROUP_DEVICE,
ARRAY_CARDINALITY(prog));
^~~~~~~~~~~~~~~~~~~~~~~~~~~
BPF_PROG_TYPE_CGROUP_SOCK
/usr/include/linux/bpf.h:127:2: note: 'BPF_PROG_TYPE_CGROUP_SOCK' declared here
BPF_PROG_TYPE_CGROUP_SOCK,
^
util/vircgroupv2.c:1717:44: error: use of undeclared identifier
'BPF_CGROUP_DEVICE'; did you mean 'VIR_CGROUP_DEVICE_RW'?
if (virBPFAttachProg(progfd, cgroupfd, BPF_CGROUP_DEVICE) < 0) {
^~~~~~~~~~~~~~~~~
VIR_CGROUP_DEVICE_RW
./util/vircgroup.h:200:5: note: 'VIR_CGROUP_DEVICE_RW' declared here
VIR_CGROUP_DEVICE_RW = VIR_CGROUP_DEVICE_READ | VIR_CGROUP_DEVICE_WRITE,
^
util/vircgroupv2.c:1787:49: error: use of undeclared identifier
'BPF_CGROUP_DEVICE'; did you mean 'VIR_CGROUP_DEVICE_RW'?
if (virBPFQueryProg(cgroupfd, MAX_PROG_IDS, BPF_CGROUP_DEVICE,
^~~~~~~~~~~~~~~~~
VIR_CGROUP_DEVICE_RW
./util/vircgroup.h:200:5: note: 'VIR_CGROUP_DEVICE_RW' declared here
VIR_CGROUP_DEVICE_RW = VIR_CGROUP_DEVICE_READ | VIR_CGROUP_DEVICE_WRITE,
^
util/vircgroupv2.c:1811:22: error: no member named 'nr_map_ids' in 'struct
bpf_prog_info'
if (progInfo.nr_map_ids == 0) {
~~~~~~~~ ^
util/vircgroupv2.c:2043:36: error: use of undeclared identifier
'BPF_CGROUP_DEVICE'; did you mean 'VIR_CGROUP_DEVICE_RW'?
cgroupfd, BPF_CGROUP_DEVICE) < 0) {
^~~~~~~~~~~~~~~~~
VIR_CGROUP_DEVICE_RW
./util/vircgroup.h:200:5: note: 'VIR_CGROUP_DEVICE_RW' declared here
VIR_CGROUP_DEVICE_RW = VIR_CGROUP_DEVICE_READ | VIR_CGROUP_DEVICE_WRITE,
^
util/vircgroupv2.c:2069:16: error: use of undeclared identifier
'BPF_DEVCG_ACC_MKNOD'
ret |= BPF_DEVCG_ACC_MKNOD << 16;
^
util/vircgroupv2.c:2072:16: error: use of undeclared identifier
'BPF_DEVCG_ACC_READ'
ret |= BPF_DEVCG_ACC_READ << 16;
^
util/vircgroupv2.c:2075:16: error: use of undeclared identifier
'BPF_DEVCG_ACC_WRITE'
ret |= BPF_DEVCG_ACC_WRITE << 16;
^
util/vircgroupv2.c:2078:16: error: use of undeclared identifier
'BPF_DEVCG_DEV_BLOCK'
ret |= BPF_DEVCG_DEV_BLOCK;
^
util/vircgroupv2.c:2080:16: error: use of undeclared identifier
'BPF_DEVCG_DEV_CHAR'
ret |= BPF_DEVCG_DEV_CHAR;
^
util/vircgroupv2.c:2082:16: error: use of undeclared identifier
'BPF_DEVCG_DEV_BLOCK'
ret |= BPF_DEVCG_DEV_BLOCK | BPF_DEVCG_DEV_CHAR;
^
util/vircgroupv2.c:2082:38: error: use of undeclared identifier
'BPF_DEVCG_DEV_CHAR'
ret |= BPF_DEVCG_DEV_BLOCK | BPF_DEVCG_DEV_CHAR;
^
13 errors generated.
Jano
signature.asc
Description: PGP signature
-- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
