[libvirt] [PATCH v3 02/15] vircgroup: introduce virCgroupV2DevicesAvailable

Pavel Hrdina phrdina at redhat.com
Thu Apr 25 07:44:19 UTC 2019 

There is no exact way how to figure out whether BPF devices support is
compiled into kernel.  One way is to check kernel configure options but
this is not reliable as it may not be available.  Let's try to do
syscall to which will list BPF cgroup device programs.

Signed-off-by: Pavel Hrdina <phrdina at redhat.com>
---
 configure.ac                  |  3 +-
 src/Makefile.am               |  2 +
 src/libvirt_private.syms      |  3 ++
 src/util/Makefile.inc.am      |  2 +
 src/util/vircgroupv2.c        |  7 +++-
 src/util/vircgroupv2devices.c | 73 +++++++++++++++++++++++++++++++++++
 src/util/vircgroupv2devices.h | 27 +++++++++++++
 7 files changed, 115 insertions(+), 2 deletions(-)
 create mode 100644 src/util/vircgroupv2devices.c
 create mode 100644 src/util/vircgroupv2devices.h

diff --git a/configure.ac b/configure.ac
index fbbc88303a..67c87c1042 100644
--- a/configure.ac
+++ b/configure.ac
@@ -878,7 +878,8 @@ AC_CHECK_DECLS([clock_serv_t, host_get_clock_service, clock_get_time],
 
 # Check if we have new enough kernel to support BPF devices for cgroups v2
 if test "$with_linux" = "yes"; then
-    AC_CHECK_DECLS([BPF_PROG_QUERY], [], [], [#include <linux/bpf.h>])
+    AC_CHECK_DECLS([BPF_PROG_QUERY, BPF_CGROUP_DEVICE],
+                   [], [], [#include <linux/bpf.h>])
 fi
 
 # Check if we need to look for ifconfig
diff --git a/src/Makefile.am b/src/Makefile.am
index 7d452a9490..a65125bac6 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -663,11 +663,13 @@ libvirt_setuid_rpc_client_la_SOURCES = \
 		util/viratomic.h \
 		util/virautoclean.h \
 		util/virbitmap.c \
+		util/virbpf.c \
 		util/virbuffer.c \
 		util/vircgroup.c \
 		util/vircgroupbackend.c \
 		util/vircgroupv1.c \
 		util/vircgroupv2.c \
+		util/vircgroupv2devices.c \
 		util/vircommand.c \
 		util/virconf.c \
 		util/virdbus.c \
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 56db5d92cd..9eac05009c 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -1652,6 +1652,9 @@ virCgroupV1Register;
 # util/vircgroupv2.h
 virCgroupV2Register;
 
+# util/vircgroupv2devices.h
+virCgroupV2DevicesAvailable;
+
 # util/virclosecallbacks.h
 virCloseCallbacksGet;
 virCloseCallbacksGetConn;
diff --git a/src/util/Makefile.inc.am b/src/util/Makefile.inc.am
index 0c2ee03c2f..5485fe621e 100644
--- a/src/util/Makefile.inc.am
+++ b/src/util/Makefile.inc.am
@@ -34,6 +34,8 @@ UTIL_SOURCES = \
 	util/vircgroupv1.h \
 	util/vircgroupv2.c \
 	util/vircgroupv2.h \
+	util/vircgroupv2devices.c \
+	util/vircgroupv2devices.h \
 	util/virclosecallbacks.c \
 	util/virclosecallbacks.h \
 	util/vircommand.c \
diff --git a/src/util/vircgroupv2.c b/src/util/vircgroupv2.c
index 0cfbc96264..dc7573e05c 100644
--- a/src/util/vircgroupv2.c
+++ b/src/util/vircgroupv2.c
@@ -33,6 +33,7 @@
 #include "vircgroup.h"
 #include "vircgroupbackend.h"
 #include "vircgroupv2.h"
+#include "vircgroupv2devices.h"
 #include "virerror.h"
 #include "virfile.h"
 #include "virlog.h"
@@ -295,6 +296,8 @@ virCgroupV2DetectControllers(virCgroupPtr group,
     /* In cgroup v2 there is no cpuacct controller, the cpu.stat file always
      * exists with usage stats. */
     group->unified.controllers |= 1 << VIR_CGROUP_CONTROLLER_CPUACCT;
+    if (virCgroupV2DevicesAvailable(group))
+        group->unified.controllers |= 1 << VIR_CGROUP_CONTROLLER_DEVICES;
 
     for (i = 0; i < VIR_CGROUP_CONTROLLER_LAST; i++)
         VIR_DEBUG("Controller '%s' present=%s",
@@ -415,8 +418,10 @@ virCgroupV2MakeGroup(virCgroupPtr parent ATTRIBUTE_UNUSED,
                     continue;
 
                 /* Controllers that are implicitly enabled if available. */
-                if (i == VIR_CGROUP_CONTROLLER_CPUACCT)
+                if (i == VIR_CGROUP_CONTROLLER_CPUACCT ||
+                    i == VIR_CGROUP_CONTROLLER_DEVICES) {
                     continue;
+                }
 
                 if (virCgroupV2EnableController(parent, i) < 0)
                     return -1;
diff --git a/src/util/vircgroupv2devices.c b/src/util/vircgroupv2devices.c
new file mode 100644
index 0000000000..10080d4fff
--- /dev/null
+++ b/src/util/vircgroupv2devices.c
@@ -0,0 +1,73 @@
+/*
+ * vircgroupv2devices.c: methods for cgroups v2 BPF devices
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library.  If not, see
+ * <http://www.gnu.org/licenses/>.
+ */
+#include <config.h>
+
+#if HAVE_DECL_BPF_CGROUP_DEVICE
+# include <fcntl.h>
+# include <linux/bpf.h>
+# include <sys/stat.h>
+# include <sys/syscall.h>
+# include <sys/types.h>
+#endif /* !HAVE_DECL_BPF_CGROUP_DEVICE */
+
+#include "internal.h"
+
+#define LIBVIRT_VIRCGROUPPRIV_H_ALLOW
+#include "vircgrouppriv.h"
+
+#include "virbpf.h"
+#include "vircgroup.h"
+#include "vircgroupv2devices.h"
+#include "virfile.h"
+#include "virlog.h"
+
+VIR_LOG_INIT("util.cgroup");
+
+#define VIR_FROM_THIS VIR_FROM_CGROUP
+
+#if HAVE_DECL_BPF_CGROUP_DEVICE
+bool
+virCgroupV2DevicesAvailable(virCgroupPtr group)
+{
+    bool ret = false;
+    int cgroupfd = -1;
+    unsigned int progCnt = 0;
+
+    cgroupfd = open(group->unified.mountPoint, O_RDONLY);
+    if (cgroupfd < 0) {
+        VIR_DEBUG("failed to open cgroup '%s'", group->unified.mountPoint);
+        goto cleanup;
+    }
+
+    if (virBPFQueryProg(cgroupfd, 0, BPF_CGROUP_DEVICE, &progCnt, NULL) < 0) {
+        VIR_DEBUG("failed to query cgroup progs");
+        goto cleanup;
+    }
+
+    ret = true;
+ cleanup:
+    VIR_FORCE_CLOSE(cgroupfd);
+    return ret;
+}
+#else /* !HAVE_DECL_BPF_CGROUP_DEVICE */
+bool
+virCgroupV2DevicesAvailable(virCgroupPtr group ATTRIBUTE_UNUSED)
+{
+    return false;
+}
+#endif /* !HAVE_DECL_BPF_CGROUP_DEVICE */
diff --git a/src/util/vircgroupv2devices.h b/src/util/vircgroupv2devices.h
new file mode 100644
index 0000000000..2ab35681db
--- /dev/null
+++ b/src/util/vircgroupv2devices.h
@@ -0,0 +1,27 @@
+/*
+ * vircgroupv2devices.h: methods for cgroups v2 BPF devices
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library.  If not, see
+ * <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef LIBVIRT_VIRCGROUPV2DEVICES_H
+# define LIBVIRT_VIRCGROUPV2DEVICES_H
+
+# include "vircgroup.h"
+
+bool
+virCgroupV2DevicesAvailable(virCgroupPtr group);
+
+#endif /* LIBVIRT_VIRCGROUPV2DEVICES_H */
-- 
2.20.1

More information about the libvir-list mailing list