From 43695c7877a99d12bab96ec17c7d7de250ffc39a Mon Sep 17 00:00:00 2001

Message-Id: <43695c7877a99d12bab96ec17c7d7de250ffc39a@dist-git>

From: Pavel Hrdina <phrdina@redhat.com>

Date: Mon, 1 Jul 2019 17:06:54 +0200

Subject: [PATCH] vircgroup: extract virCgroupV1(Allow|Deny)Device

MIME-Version: 1.0

Content-Type: text/plain; charset=UTF-8

Content-Transfer-Encoding: 8bit

Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>

Reviewed-by: Ján Tomko <jtomko@redhat.com>

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>

(cherry picked from commit 8cbb0c76ba24878229830c8d53b365cf4dc1b54d)

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1689297

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>

Message-Id: <9a4073085dbeb674b24544aa253960bb2b1b53dc.1561993100.git.phrdina@redhat.com>

Reviewed-by: Ján Tomko <jtomko@redhat.com>

---

 src/util/vircgroup.c        | 68 +++++++-----------------------------

 src/util/vircgroupbackend.h | 17 +++++++++

 src/util/vircgroupv1.c      | 69 +++++++++++++++++++++++++++++++++++++

 3 files changed, 98 insertions(+), 56 deletions(-)

diff --git a/src/util/vircgroup.c b/src/util/vircgroup.c

index 088e97cb3f..a30fc6241d 100644

--- a/src/util/vircgroup.c

+++ b/src/util/vircgroup.c

@@ -1875,29 +1875,7 @@ int

 virCgroupAllowDevice(virCgroupPtr group, char type, int major, int minor,

                      int perms)

 {

-    VIR_AUTOFREE(char *) devstr = NULL;

-    VIR_AUTOFREE(char *) majorstr = NULL;

-    VIR_AUTOFREE(char *) minorstr = NULL;

-

-    if ((major < 0 && VIR_STRDUP(majorstr, "*") < 0) ||

-        (major >= 0 && virAsprintf(&majorstr, "%i", major) < 0))

-        return -1;

-

-    if ((minor < 0 && VIR_STRDUP(minorstr, "*") < 0) ||

-        (minor >= 0 && virAsprintf(&minorstr, "%i", minor) < 0))

-        return -1;

-

-    if (virAsprintf(&devstr, "%c %s:%s %s", type, majorstr, minorstr,

-                    virCgroupGetDevicePermsString(perms)) < 0)

-        return -1;

-

-    if (virCgroupSetValueStr(group,

-                             VIR_CGROUP_CONTROLLER_DEVICES,

-                             "devices.allow",

-                             devstr) < 0)

-        return -1;

-

-    return 0;

+    VIR_CGROUP_BACKEND_CALL(group, allowDevice, -1, type, major, minor, perms);

 }

@@ -1936,11 +1914,11 @@ virCgroupAllowDevicePath(virCgroupPtr group,

     if (!S_ISCHR(sb.st_mode) && !S_ISBLK(sb.st_mode))

         return 1;

-    return virCgroupAllowDevice(group,

-                                S_ISCHR(sb.st_mode) ? 'c' : 'b',

-                                major(sb.st_rdev),

-                                minor(sb.st_rdev),

-                                perms);

+    VIR_CGROUP_BACKEND_CALL(group, allowDevice, -1,

+                            S_ISCHR(sb.st_mode) ? 'c' : 'b',

+                            major(sb.st_rdev),

+                            minor(sb.st_rdev),

+                            perms);

 }

@@ -1959,29 +1937,7 @@ int

 virCgroupDenyDevice(virCgroupPtr group, char type, int major, int minor,

                     int perms)

 {

-    VIR_AUTOFREE(char *) devstr = NULL;

-    VIR_AUTOFREE(char *) majorstr = NULL;

-    VIR_AUTOFREE(char *) minorstr = NULL;

-

-    if ((major < 0 && VIR_STRDUP(majorstr, "*") < 0) ||

-        (major >= 0 && virAsprintf(&majorstr, "%i", major) < 0))

-        return -1;

-

-    if ((minor < 0 && VIR_STRDUP(minorstr, "*") < 0) ||

-        (minor >= 0 && virAsprintf(&minorstr, "%i", minor) < 0))

-        return -1;

-

-    if (virAsprintf(&devstr, "%c %s:%s %s", type, majorstr, minorstr,

-                    virCgroupGetDevicePermsString(perms)) < 0)

-        return -1;

-

-    if (virCgroupSetValueStr(group,

-                             VIR_CGROUP_CONTROLLER_DEVICES,

-                             "devices.deny",

-                             devstr) < 0)

-        return -1;

-

-    return 0;

+    VIR_CGROUP_BACKEND_CALL(group, denyDevice, -1, type, major, minor, perms);

 }

@@ -2020,11 +1976,11 @@ virCgroupDenyDevicePath(virCgroupPtr group,

     if (!S_ISCHR(sb.st_mode) && !S_ISBLK(sb.st_mode))

         return 1;

-    return virCgroupDenyDevice(group,

-                               S_ISCHR(sb.st_mode) ? 'c' : 'b',

-                               major(sb.st_rdev),

-                               minor(sb.st_rdev),

-                               perms);

+    VIR_CGROUP_BACKEND_CALL(group, denyDevice, -1,

+                            S_ISCHR(sb.st_mode) ? 'c' : 'b',

+                            major(sb.st_rdev),

+                            minor(sb.st_rdev),

+                            perms);

 }

diff --git a/src/util/vircgroupbackend.h b/src/util/vircgroupbackend.h

index 27e6b18ea2..04897b5895 100644

--- a/src/util/vircgroupbackend.h

+++ b/src/util/vircgroupbackend.h

@@ -255,6 +255,20 @@ typedef int

 (*virCgroupGetMemSwapUsageCB)(virCgroupPtr group,

                               unsigned long long *kb);

+typedef int

+(*virCgroupAllowDeviceCB)(virCgroupPtr group,

+                          char type,

+                          int major,

+                          int minor,

+                          int perms);

+

+typedef int

+(*virCgroupDenyDeviceCB)(virCgroupPtr group,

+                         char type,

+                         int major,

+                         int minor,

+                         int perms);

+

 struct _virCgroupBackend {

     virCgroupBackendType type;

@@ -304,6 +318,9 @@ struct _virCgroupBackend {

     virCgroupSetMemSwapHardLimitCB setMemSwapHardLimit;

     virCgroupGetMemSwapHardLimitCB getMemSwapHardLimit;

     virCgroupGetMemSwapUsageCB getMemSwapUsage;

+

+    virCgroupAllowDeviceCB allowDevice;

+    virCgroupDenyDeviceCB denyDevice;

 };

 typedef struct _virCgroupBackend virCgroupBackend;

 typedef virCgroupBackend *virCgroupBackendPtr;

diff --git a/src/util/vircgroupv1.c b/src/util/vircgroupv1.c

index 55b1d3ebd0..02cd7ab956 100644

--- a/src/util/vircgroupv1.c

+++ b/src/util/vircgroupv1.c

@@ -1671,6 +1671,72 @@ virCgroupV1GetMemSwapUsage(virCgroupPtr group,

 }

+static int

+virCgroupV1AllowDevice(virCgroupPtr group,

+                       char type,

+                       int major,

+                       int minor,

+                       int perms)

+{

+    VIR_AUTOFREE(char *) devstr = NULL;

+    VIR_AUTOFREE(char *) majorstr = NULL;

+    VIR_AUTOFREE(char *) minorstr = NULL;

+

+    if ((major < 0 && VIR_STRDUP(majorstr, "*") < 0) ||

+        (major >= 0 && virAsprintf(&majorstr, "%i", major) < 0))

+        return -1;

+

+    if ((minor < 0 && VIR_STRDUP(minorstr, "*") < 0) ||

+        (minor >= 0 && virAsprintf(&minorstr, "%i", minor) < 0))

+        return -1;

+

+    if (virAsprintf(&devstr, "%c %s:%s %s", type, majorstr, minorstr,

+                    virCgroupGetDevicePermsString(perms)) < 0)

+        return -1;

+

+    if (virCgroupSetValueStr(group,

+                             VIR_CGROUP_CONTROLLER_DEVICES,

+                             "devices.allow",

+                             devstr) < 0)

+        return -1;

+

+    return 0;

+}

+

+

+static int

+virCgroupV1DenyDevice(virCgroupPtr group,

+                      char type,

+                      int major,

+                      int minor,

+                      int perms)

+{

+    VIR_AUTOFREE(char *) devstr = NULL;

+    VIR_AUTOFREE(char *) majorstr = NULL;

+    VIR_AUTOFREE(char *) minorstr = NULL;

+

+    if ((major < 0 && VIR_STRDUP(majorstr, "*") < 0) ||

+        (major >= 0 && virAsprintf(&majorstr, "%i", major) < 0))

+        return -1;

+

+    if ((minor < 0 && VIR_STRDUP(minorstr, "*") < 0) ||

+        (minor >= 0 && virAsprintf(&minorstr, "%i", minor) < 0))

+        return -1;

+

+    if (virAsprintf(&devstr, "%c %s:%s %s", type, majorstr, minorstr,

+                    virCgroupGetDevicePermsString(perms)) < 0)

+        return -1;

+

+    if (virCgroupSetValueStr(group,

+                             VIR_CGROUP_CONTROLLER_DEVICES,

+                             "devices.deny",

+                             devstr) < 0)

+        return -1;

+

+    return 0;

+}

+

+

 virCgroupBackend virCgroupV1Backend = {

     .type = VIR_CGROUP_BACKEND_TYPE_V1,

@@ -1718,6 +1784,9 @@ virCgroupBackend virCgroupV1Backend = {

     .setMemSwapHardLimit = virCgroupV1SetMemSwapHardLimit,

     .getMemSwapHardLimit = virCgroupV1GetMemSwapHardLimit,

     .getMemSwapUsage = virCgroupV1GetMemSwapUsage,

+

+    .allowDevice = virCgroupV1AllowDevice,

+    .denyDevice = virCgroupV1DenyDevice,

 };

-- 

2.22.0