vircgroup: introduce virCgroupV2DevicesAvailable

There is no exact way how to figure out whether BPF devices support is compiled into kernel. One way is to check kernel configure options but this is not reliable as it may not be available. Let's try to do syscall to which will list BPF cgroup device programs. Signed-off-by: Pavel Hrdina <phrdina@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
2024-07-11 04:15:49 +00:00 · 2019-09-09 09:40:06 +02:00 · 2019-09-09 09:40:06 +02:00 · 30b6ddc44c
commit 30b6ddc44c
parent 07946d6e39
6 changed files with 107 additions and 2 deletions
--- a/configure.ac
+++ b/configure.ac
@ -883,7 +883,8 @@ AC_CHECK_DECLS([clock_serv_t, host_get_clock_service, clock_get_time],

 # Check if we have new enough kernel to support BPF devices for cgroups v2
 if test "$with_linux" = "yes"; then
-    AC_CHECK_DECLS([BPF_PROG_QUERY], [], [], [#include <linux/bpf.h>])
+    AC_CHECK_DECLS([BPF_PROG_QUERY, BPF_CGROUP_DEVICE],
+                   [], [], [#include <linux/bpf.h>])
 fi

 # Check if we need to look for ifconfig
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@ -1716,6 +1716,9 @@ virCgroupV1Register;
 # util/vircgroupv2.h
 virCgroupV2Register;

+# util/vircgroupv2devices.h
+virCgroupV2DevicesAvailable;
+
 # util/virclosecallbacks.h
 virCloseCallbacksGet;
 virCloseCallbacksGetConn;
--- a/src/util/Makefile.inc.am
+++ b/src/util/Makefile.inc.am
@ -35,6 +35,8 @@ UTIL_SOURCES = \
 	util/vircgroupv1.h \
 	util/vircgroupv2.c \
 	util/vircgroupv2.h \
+	util/vircgroupv2devices.c \
+	util/vircgroupv2devices.h \
 	util/virclosecallbacks.c \
 	util/virclosecallbacks.h \
 	util/vircommand.c \
--- a/src/util/vircgroupv2.c
+++ b/src/util/vircgroupv2.c
@ -33,6 +33,7 @@
 #include "vircgroup.h"
 #include "vircgroupbackend.h"
 #include "vircgroupv2.h"
+#include "vircgroupv2devices.h"
 #include "virerror.h"
 #include "virfile.h"
 #include "virlog.h"
@ -301,6 +302,9 @@ virCgroupV2DetectControllers(virCgroupPtr group,
     * exists with usage stats. */
    group->unified.controllers |= 1 << VIR_CGROUP_CONTROLLER_CPUACCT;

+    if (virCgroupV2DevicesAvailable(group))
+        group->unified.controllers |= 1 << VIR_CGROUP_CONTROLLER_DEVICES;
+
    if (controllers >= 0)
        group->unified.controllers &= controllers;

@ -445,8 +449,10 @@ virCgroupV2MakeGroup(virCgroupPtr parent,
                    continue;

                /* Controllers that are implicitly enabled if available. */
-                if (i == VIR_CGROUP_CONTROLLER_CPUACCT)
+                if (i == VIR_CGROUP_CONTROLLER_CPUACCT ||
+                    i == VIR_CGROUP_CONTROLLER_DEVICES) {
                    continue;
+                }

                rc = virCgroupV2EnableController(group, parent, i, false);
                if (rc < 0) {
--- a/src/util/vircgroupv2devices.c
+++ b/src/util/vircgroupv2devices.c
@ -0,0 +1,69 @@
+/*
+ * vircgroupv2devices.c: methods for cgroups v2 BPF devices
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library.  If not, see
+ * <http://www.gnu.org/licenses/>.
+ */
+#include <config.h>
+
+#if HAVE_DECL_BPF_CGROUP_DEVICE
+# include <fcntl.h>
+# include <linux/bpf.h>
+# include <sys/stat.h>
+# include <sys/syscall.h>
+# include <sys/types.h>
+#endif /* !HAVE_DECL_BPF_CGROUP_DEVICE */
+
+#include "internal.h"
+
+#define LIBVIRT_VIRCGROUPPRIV_H_ALLOW
+#include "vircgrouppriv.h"
+
+#include "virbpf.h"
+#include "vircgroup.h"
+#include "vircgroupv2devices.h"
+#include "virfile.h"
+#include "virlog.h"
+
+VIR_LOG_INIT("util.cgroup");
+
+#define VIR_FROM_THIS VIR_FROM_CGROUP
+
+#if HAVE_DECL_BPF_CGROUP_DEVICE
+bool
+virCgroupV2DevicesAvailable(virCgroupPtr group)
+{
+    VIR_AUTOCLOSE cgroupfd = -1;
+    unsigned int progCnt = 0;
+
+    cgroupfd = open(group->unified.mountPoint, O_RDONLY);
+    if (cgroupfd < 0) {
+        VIR_DEBUG("failed to open cgroup '%s'", group->unified.mountPoint);
+        return false;
+    }
+
+    if (virBPFQueryProg(cgroupfd, 0, BPF_CGROUP_DEVICE, &progCnt, NULL) < 0) {
+        VIR_DEBUG("failed to query cgroup progs");
+        return false;
+    }
+
+    return true;
+}
+#else /* !HAVE_DECL_BPF_CGROUP_DEVICE */
+bool
+virCgroupV2DevicesAvailable(virCgroupPtr group G_GNUC_UNUSED)
+{
+    return false;
+}
+#endif /* !HAVE_DECL_BPF_CGROUP_DEVICE */
--- a/src/util/vircgroupv2devices.h
+++ b/src/util/vircgroupv2devices.h
@ -0,0 +1,24 @@
+/*
+ * vircgroupv2devices.h: methods for cgroups v2 BPF devices
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library.  If not, see
+ * <http://www.gnu.org/licenses/>.
+ */
+
+#pragma once
+
+#include "vircgroup.h"
+
+bool
+virCgroupV2DevicesAvailable(virCgroupPtr group);