[libvirt] [PATCH v3 06/15] vircgroup: introduce virCgroupV2DevicesPrepareProg

[Ján Tomko]

On Thu, Apr 25, 2019 at 09:44:23AM +0200, Pavel Hrdina wrote:
>This function will be called for every virCgroup(Allow|Deny)* API in
>order to prepare BPF program for guest.  Since libvirtd can be restarted
>at any point we will first try to detect existing progam, if there is
>none we will create a new empty BPF program and lastly if we don't have
>any space left in the existing BPF map we will create a new copy of the
>BPF map with more space and attach a new program with that map into the
>guest cgroup.
>
>This solution allows us to start with reasonably small BPF map consuming
>only small amount of memory and if needed we can easily extend the BPF
>map if there is a lot of host devices used in guest or if user wants to
>hot-plug a lot of devices once the guest is running.
>
>Since there is no way how to reallocate existing BPF map we need to
>create a new copy if we run out of space in current BPF map.
>
>This overcomes all the limitations in BPF:
>
>    - map used in program has to be created before the program is loaded
>      into kernel
>
>    - once map is created you cannot change its size
>
>    - you cannot replace map in existing program
>
>    - you cannot use an array of maps because it can store FD to maps
>      of one specific size so we would not be able to use it to overcome
>      the second issue
>
>Signed-off-by: Pavel Hrdina <phrdina at redhat.com>
>---
> src/libvirt_private.syms      |  1 +
> src/util/vircgroupv2devices.c | 83 +++++++++++++++++++++++++++++++++++
> src/util/vircgroupv2devices.h |  3 ++
> 3 files changed, 87 insertions(+)
>

Reviewed-by: Ján Tomko <jtomko at redhat.com>

Jano
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20190618/ba70f08d/attachment-0001.sig>