From nobody Sun Jul 13 02:59:10 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.39 as permitted sender) client-ip=209.132.183.39; envelope-from=libvir-list-bounces@redhat.com; helo=mx6-phx2.redhat.com; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.39 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; Return-Path: Received: from mx6-phx2.redhat.com (mx6-phx2.redhat.com [209.132.183.39]) by mx.zohomail.com with SMTPS id 1487840809087956.7470749744954; Thu, 23 Feb 2017 01:06:49 -0800 (PST) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by mx6-phx2.redhat.com (8.14.4/8.14.4) with ESMTP id v1N93M33026605; Thu, 23 Feb 2017 04:03:22 -0500 Received: from int-mx09.intmail.prod.int.phx2.redhat.com (int-mx09.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id v1N93K8L009808 for ; Thu, 23 Feb 2017 04:03:20 -0500 Received: from moe.brq.redhat.com (dhcp129-131.brq.redhat.com [10.34.129.131]) by int-mx09.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id v1N93H6e012322; Thu, 23 Feb 2017 04:03:19 -0500 From: Michal Privoznik To: libvir-list@redhat.com Date: Thu, 23 Feb 2017 10:02:44 +0100 Message-Id: <30c735897bed7f1a5b796f3edfff783a41867d33.1487839955.git.mprivozn@redhat.com> In-Reply-To: References: In-Reply-To: References: X-Scanned-By: MIMEDefang 2.68 on 10.5.11.22 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 01/14] qemu_cgroup: Only try to allow devices if devices CGroup's available X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" When a domain needs an access to some device (be it a disk, RNG, chardev, whatever), we have to allow it in the devices CGroup (if it is available), because by default we disallow all the devices. But some of the functions that are responsible for setting up devices CGroup are lacking check whether there is any CGroup available. Thus users might be unable to hotplug some devices: virsh # attach-device fedora rng.xml error: Failed to attach device from rng.xml error: internal error: Controller 'devices' is not mounted Signed-off-by: Michal Privoznik --- src/qemu/qemu_cgroup.c | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c index f0729743a..42a47a798 100644 --- a/src/qemu/qemu_cgroup.c +++ b/src/qemu/qemu_cgroup.c @@ -176,6 +176,9 @@ qemuSetupChrSourceCgroup(virDomainObjPtr vm, qemuDomainObjPrivatePtr priv =3D vm->privateData; int ret; =20 + if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DEVICE= S)) + return 0; + if (source->type !=3D VIR_DOMAIN_CHR_TYPE_DEV) return 0; =20 @@ -197,6 +200,9 @@ qemuTeardownChrSourceCgroup(virDomainObjPtr vm, qemuDomainObjPrivatePtr priv =3D vm->privateData; int ret; =20 + if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DEVICE= S)) + return 0; + if (source->type !=3D VIR_DOMAIN_CHR_TYPE_DEV) return 0; =20 @@ -247,6 +253,9 @@ qemuSetupInputCgroup(virDomainObjPtr vm, qemuDomainObjPrivatePtr priv =3D vm->privateData; int ret =3D 0; =20 + if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DEVICE= S)) + return 0; + switch (dev->type) { case VIR_DOMAIN_INPUT_TYPE_PASSTHROUGH: VIR_DEBUG("Process path '%s' for input device", dev->source.evdev); @@ -270,6 +279,9 @@ qemuSetupHostdevCgroup(virDomainObjPtr vm, size_t i, npaths =3D 0; int rv, ret =3D -1; =20 + if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DEVICE= S)) + return 0; + if (qemuDomainGetHostdevPath(NULL, dev, false, &npaths, &path, &perms)= < 0) goto cleanup; =20 @@ -344,6 +356,9 @@ qemuSetupGraphicsCgroup(virDomainObjPtr vm, const char *rendernode =3D gfx->data.spice.rendernode; int ret; =20 + if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DEVICE= S)) + return 0; + if (gfx->type !=3D VIR_DOMAIN_GRAPHICS_TYPE_SPICE || gfx->data.spice.gl !=3D VIR_TRISTATE_BOOL_YES || !rendernode) @@ -481,6 +496,9 @@ qemuSetupRNGCgroup(virDomainObjPtr vm, qemuDomainObjPrivatePtr priv =3D vm->privateData; int rv; =20 + if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DEVICE= S)) + return 0; + if (rng->backend =3D=3D VIR_DOMAIN_RNG_BACKEND_RANDOM) { VIR_DEBUG("Setting Cgroup ACL for RNG device"); rv =3D virCgroupAllowDevicePath(priv->cgroup, @@ -505,6 +523,9 @@ qemuTeardownRNGCgroup(virDomainObjPtr vm, qemuDomainObjPrivatePtr priv =3D vm->privateData; int rv; =20 + if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DEVICE= S)) + return 0; + if (rng->backend =3D=3D VIR_DOMAIN_RNG_BACKEND_RANDOM) { VIR_DEBUG("Tearing down Cgroup ACL for RNG device"); rv =3D virCgroupDenyDevicePath(priv->cgroup, --=20 2.11.0 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list