From 43695c7877a99d12bab96ec17c7d7de250ffc39a Mon Sep 17 00:00:00 2001 Message-Id: <43695c7877a99d12bab96ec17c7d7de250ffc39a@dist-git> From: Pavel Hrdina Date: Mon, 1 Jul 2019 17:06:54 +0200 Subject: [PATCH] vircgroup: extract virCgroupV1(Allow|Deny)Device MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reviewed-by: Fabiano Fidêncio Reviewed-by: Ján Tomko Signed-off-by: Pavel Hrdina (cherry picked from commit 8cbb0c76ba24878229830c8d53b365cf4dc1b54d) Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1689297 Signed-off-by: Pavel Hrdina Message-Id: <9a4073085dbeb674b24544aa253960bb2b1b53dc.1561993100.git.phrdina@redhat.com> Reviewed-by: Ján Tomko --- src/util/vircgroup.c | 68 +++++++----------------------------- src/util/vircgroupbackend.h | 17 +++++++++ src/util/vircgroupv1.c | 69 +++++++++++++++++++++++++++++++++++++ 3 files changed, 98 insertions(+), 56 deletions(-) diff --git a/src/util/vircgroup.c b/src/util/vircgroup.c index 088e97cb3f..a30fc6241d 100644 --- a/src/util/vircgroup.c +++ b/src/util/vircgroup.c @@ -1875,29 +1875,7 @@ int virCgroupAllowDevice(virCgroupPtr group, char type, int major, int minor, int perms) { - VIR_AUTOFREE(char *) devstr = NULL; - VIR_AUTOFREE(char *) majorstr = NULL; - VIR_AUTOFREE(char *) minorstr = NULL; - - if ((major < 0 && VIR_STRDUP(majorstr, "*") < 0) || - (major >= 0 && virAsprintf(&majorstr, "%i", major) < 0)) - return -1; - - if ((minor < 0 && VIR_STRDUP(minorstr, "*") < 0) || - (minor >= 0 && virAsprintf(&minorstr, "%i", minor) < 0)) - return -1; - - if (virAsprintf(&devstr, "%c %s:%s %s", type, majorstr, minorstr, - virCgroupGetDevicePermsString(perms)) < 0) - return -1; - - if (virCgroupSetValueStr(group, - VIR_CGROUP_CONTROLLER_DEVICES, - "devices.allow", - devstr) < 0) - return -1; - - return 0; + VIR_CGROUP_BACKEND_CALL(group, allowDevice, -1, type, major, minor, perms); } @@ -1936,11 +1914,11 @@ virCgroupAllowDevicePath(virCgroupPtr group, if (!S_ISCHR(sb.st_mode) && !S_ISBLK(sb.st_mode)) return 1; - return virCgroupAllowDevice(group, - S_ISCHR(sb.st_mode) ? 'c' : 'b', - major(sb.st_rdev), - minor(sb.st_rdev), - perms); + VIR_CGROUP_BACKEND_CALL(group, allowDevice, -1, + S_ISCHR(sb.st_mode) ? 'c' : 'b', + major(sb.st_rdev), + minor(sb.st_rdev), + perms); } @@ -1959,29 +1937,7 @@ int virCgroupDenyDevice(virCgroupPtr group, char type, int major, int minor, int perms) { - VIR_AUTOFREE(char *) devstr = NULL; - VIR_AUTOFREE(char *) majorstr = NULL; - VIR_AUTOFREE(char *) minorstr = NULL; - - if ((major < 0 && VIR_STRDUP(majorstr, "*") < 0) || - (major >= 0 && virAsprintf(&majorstr, "%i", major) < 0)) - return -1; - - if ((minor < 0 && VIR_STRDUP(minorstr, "*") < 0) || - (minor >= 0 && virAsprintf(&minorstr, "%i", minor) < 0)) - return -1; - - if (virAsprintf(&devstr, "%c %s:%s %s", type, majorstr, minorstr, - virCgroupGetDevicePermsString(perms)) < 0) - return -1; - - if (virCgroupSetValueStr(group, - VIR_CGROUP_CONTROLLER_DEVICES, - "devices.deny", - devstr) < 0) - return -1; - - return 0; + VIR_CGROUP_BACKEND_CALL(group, denyDevice, -1, type, major, minor, perms); } @@ -2020,11 +1976,11 @@ virCgroupDenyDevicePath(virCgroupPtr group, if (!S_ISCHR(sb.st_mode) && !S_ISBLK(sb.st_mode)) return 1; - return virCgroupDenyDevice(group, - S_ISCHR(sb.st_mode) ? 'c' : 'b', - major(sb.st_rdev), - minor(sb.st_rdev), - perms); + VIR_CGROUP_BACKEND_CALL(group, denyDevice, -1, + S_ISCHR(sb.st_mode) ? 'c' : 'b', + major(sb.st_rdev), + minor(sb.st_rdev), + perms); } diff --git a/src/util/vircgroupbackend.h b/src/util/vircgroupbackend.h index 27e6b18ea2..04897b5895 100644 --- a/src/util/vircgroupbackend.h +++ b/src/util/vircgroupbackend.h @@ -255,6 +255,20 @@ typedef int (*virCgroupGetMemSwapUsageCB)(virCgroupPtr group, unsigned long long *kb); +typedef int +(*virCgroupAllowDeviceCB)(virCgroupPtr group, + char type, + int major, + int minor, + int perms); + +typedef int +(*virCgroupDenyDeviceCB)(virCgroupPtr group, + char type, + int major, + int minor, + int perms); + struct _virCgroupBackend { virCgroupBackendType type; @@ -304,6 +318,9 @@ struct _virCgroupBackend { virCgroupSetMemSwapHardLimitCB setMemSwapHardLimit; virCgroupGetMemSwapHardLimitCB getMemSwapHardLimit; virCgroupGetMemSwapUsageCB getMemSwapUsage; + + virCgroupAllowDeviceCB allowDevice; + virCgroupDenyDeviceCB denyDevice; }; typedef struct _virCgroupBackend virCgroupBackend; typedef virCgroupBackend *virCgroupBackendPtr; diff --git a/src/util/vircgroupv1.c b/src/util/vircgroupv1.c index 55b1d3ebd0..02cd7ab956 100644 --- a/src/util/vircgroupv1.c +++ b/src/util/vircgroupv1.c @@ -1671,6 +1671,72 @@ virCgroupV1GetMemSwapUsage(virCgroupPtr group, } +static int +virCgroupV1AllowDevice(virCgroupPtr group, + char type, + int major, + int minor, + int perms) +{ + VIR_AUTOFREE(char *) devstr = NULL; + VIR_AUTOFREE(char *) majorstr = NULL; + VIR_AUTOFREE(char *) minorstr = NULL; + + if ((major < 0 && VIR_STRDUP(majorstr, "*") < 0) || + (major >= 0 && virAsprintf(&majorstr, "%i", major) < 0)) + return -1; + + if ((minor < 0 && VIR_STRDUP(minorstr, "*") < 0) || + (minor >= 0 && virAsprintf(&minorstr, "%i", minor) < 0)) + return -1; + + if (virAsprintf(&devstr, "%c %s:%s %s", type, majorstr, minorstr, + virCgroupGetDevicePermsString(perms)) < 0) + return -1; + + if (virCgroupSetValueStr(group, + VIR_CGROUP_CONTROLLER_DEVICES, + "devices.allow", + devstr) < 0) + return -1; + + return 0; +} + + +static int +virCgroupV1DenyDevice(virCgroupPtr group, + char type, + int major, + int minor, + int perms) +{ + VIR_AUTOFREE(char *) devstr = NULL; + VIR_AUTOFREE(char *) majorstr = NULL; + VIR_AUTOFREE(char *) minorstr = NULL; + + if ((major < 0 && VIR_STRDUP(majorstr, "*") < 0) || + (major >= 0 && virAsprintf(&majorstr, "%i", major) < 0)) + return -1; + + if ((minor < 0 && VIR_STRDUP(minorstr, "*") < 0) || + (minor >= 0 && virAsprintf(&minorstr, "%i", minor) < 0)) + return -1; + + if (virAsprintf(&devstr, "%c %s:%s %s", type, majorstr, minorstr, + virCgroupGetDevicePermsString(perms)) < 0) + return -1; + + if (virCgroupSetValueStr(group, + VIR_CGROUP_CONTROLLER_DEVICES, + "devices.deny", + devstr) < 0) + return -1; + + return 0; +} + + virCgroupBackend virCgroupV1Backend = { .type = VIR_CGROUP_BACKEND_TYPE_V1, @@ -1718,6 +1784,9 @@ virCgroupBackend virCgroupV1Backend = { .setMemSwapHardLimit = virCgroupV1SetMemSwapHardLimit, .getMemSwapHardLimit = virCgroupV1GetMemSwapHardLimit, .getMemSwapUsage = virCgroupV1GetMemSwapUsage, + + .allowDevice = virCgroupV1AllowDevice, + .denyDevice = virCgroupV1DenyDevice, }; -- 2.22.0