}
+int
+qemuSetupMemoryDevicesCgroup(virDomainObjPtr vm,
+ virDomainMemoryDefPtr mem)
+{
+ qemuDomainObjPrivatePtr priv = vm->privateData;
+ int rv;
+
+ if (mem->model != VIR_DOMAIN_MEMORY_MODEL_NVDIMM)
+ return 0;
+
+ if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DEVICES))
+ return 0;
+
+ VIR_DEBUG("Setting devices Cgroup for NVDIMM device: %s", mem->nvdimmPath);
+ rv = virCgroupAllowDevicePath(priv->cgroup, mem->nvdimmPath,
+ VIR_CGROUP_DEVICE_RW, false);
+ virDomainAuditCgroupPath(vm, priv->cgroup, "allow",
+ mem->nvdimmPath, "rw", rv == 0);
+
+ return rv;
+}
+
+
+int
+qemuTeardownMemoryDevicesCgroup(virDomainObjPtr vm,
+ virDomainMemoryDefPtr mem)
+{
+ qemuDomainObjPrivatePtr priv = vm->privateData;
+ int rv;
+
+ if (mem->model != VIR_DOMAIN_MEMORY_MODEL_NVDIMM)
+ return 0;
+
+ if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DEVICES))
+ return 0;
+
+ rv = virCgroupDenyDevicePath(priv->cgroup, mem->nvdimmPath,
+ VIR_CGROUP_DEVICE_RWM, false);
+ virDomainAuditCgroupPath(vm, priv->cgroup,
+ "deny", mem->nvdimmPath, "rwm", rv == 0);
+ return rv;
+}
+
+
static int
qemuSetupGraphicsCgroup(virDomainObjPtr vm,
virDomainGraphicsDefPtr gfx)
goto cleanup;
}
+ for (i = 0; i < vm->def->nmems; i++) {
+ if (qemuSetupMemoryDevicesCgroup(vm, vm->def->mems[i]) < 0)
+ goto cleanup;
+ }
+
for (i = 0; i < vm->def->ngraphics; i++) {
if (qemuSetupGraphicsCgroup(vm, vm->def->graphics[i]) < 0)
goto cleanup;
int qemuTeardownHostdevCgroup(virDomainObjPtr vm,
virDomainHostdevDefPtr dev)
ATTRIBUTE_RETURN_CHECK;
+int qemuSetupMemoryDevicesCgroup(virDomainObjPtr vm,
+ virDomainMemoryDefPtr mem);
+int qemuTeardownMemoryDevicesCgroup(virDomainObjPtr vm,
+ virDomainMemoryDefPtr mem);
int qemuSetupRNGCgroup(virDomainObjPtr vm,
virDomainRNGDefPtr rng);
int qemuTeardownRNGCgroup(virDomainObjPtr vm,
const char *backendType;
bool objAdded = false;
bool teardownlabel = false;
+ bool teardowncgroup = false;
virJSONValuePtr props = NULL;
virObjectEventPtr event;
int id;
priv->qemuCaps, vm->def, mem, NULL, true) < 0)
goto cleanup;
+ if (qemuSetupMemoryDevicesCgroup(vm, mem) < 0)
+ goto cleanup;
+ teardowncgroup = true;
+
if (qemuSecuritySetMemoryLabel(driver, vm, mem) < 0)
goto cleanup;
teardownlabel = true;
virDomainAuditMemory(vm, oldmem, newmem, "update", ret == 0);
cleanup:
if (mem && ret < 0) {
+ if (teardowncgroup && qemuTeardownMemoryDevicesCgroup(vm, mem) < 0)
+ VIR_WARN("Unable to remove memory device cgroup ACL on hotplug fail");
if (teardownlabel && qemuSecurityRestoreMemoryLabel(driver, vm, mem) < 0)
VIR_WARN("Unable to restore security label on memdev");
}
if (qemuSecurityRestoreMemoryLabel(driver, vm, mem) < 0)
VIR_WARN("Unable to restore security label on memdev");
+ if (qemuTeardownMemoryDevicesCgroup(vm, mem) < 0)
+ VIR_WARN("Unable to remove memory device cgroup ACL");
+
virDomainMemoryDefFree(mem);
/* fix the balloon size */
projects / thirdparty / libvirt.git / commitdiff
