]> git.ipfire.org Git - thirdparty/lxc.git/commitdiff
projects / thirdparty / lxc.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 87d0990)
cgroups: port bpf devices to new list type
authorChristian Brauner <christian.brauner@ubuntu.com>
Wed, 25 Aug 2021 12:27:09 +0000 (14:27 +0200)
committerChristian Brauner <christian.brauner@ubuntu.com>
Wed, 25 Aug 2021 12:28:06 +0000 (14:28 +0200)
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
src/lxc/cgroups/cgfsng.c patch | blob | blame | history
src/lxc/cgroups/cgroup2_devices.c patch | blob | blame | history
src/lxc/conf.c patch | blob | blame | history
src/lxc/conf.h patch | blob | blame | history

diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c
index 8246e194ee9c764939bb3d29afcee6d8e2720ebb..54b298910c1c16e3e81447f91fed3cac4457ef62 100644 (file)
--- a/src/lxc/cgroups/cgfsng.c
+++ b/src/lxc/cgroups/cgfsng.c
@@ -2858,8 +2858,7 @@ __cgfsng_ops static bool cgfsng_devices_activate(struct cgroup_ops *ops, struct
 
        unified = ops->unified;
        if (!unified || !device_utility_controller(unified) ||
-           !unified->path_con ||
-           lxc_list_empty(&(conf->bpf_devices).device_item))
+           !unified->path_con || list_empty(&(conf->bpf_devices).devices))
                return true;
 
        return bpf_cgroup_devices_attach(ops, &conf->bpf_devices);
diff --git a/src/lxc/cgroups/cgroup2_devices.c b/src/lxc/cgroups/cgroup2_devices.c
index e4a526fd0500b3dbd4fd96c2cf0cf31b4d3fe7b7..ebccd025c27a41d8db59de44b74e1d1efdc75d00 100644 (file)
--- a/src/lxc/cgroups/cgroup2_devices.c
+++ b/src/lxc/cgroups/cgroup2_devices.c
@@ -453,9 +453,8 @@ static inline bool bpf_device_add(const struct bpf_devices *bpf_devices,
 int bpf_list_add_device(struct bpf_devices *bpf_devices,
                        struct device_item *device)
 {
-       __do_free struct lxc_list *list_elem = NULL;
        __do_free struct device_item *new_device = NULL;
-       struct lxc_list *it;
+       struct device_item *dev;
 
        if (!bpf_devices || !device)
                return ret_errno(EINVAL);
@@ -482,27 +481,25 @@ int bpf_list_add_device(struct bpf_devices *bpf_devices,
        TRACE("Processing new device rule: type %c, major %d, minor %d, access %s, allow %d",
              device->type, device->major, device->minor, device->access, device->allow);
 
-       lxc_list_for_each(it, &bpf_devices->device_item) {
-               struct device_item *cur = it->elem;
-
-               if (cur->type != device->type)
+       list_for_each_entry(dev, &bpf_devices->devices, head) {
+               if (dev->type != device->type)
                        continue;
-               if (cur->major != device->major)
+               if (dev->major != device->major)
                        continue;
-               if (cur->minor != device->minor)
+               if (dev->minor != device->minor)
                        continue;
-               if (!strequal(cur->access, device->access))
+               if (!strequal(dev->access, device->access))
                        continue;
 
-               if (!bpf_device_add(bpf_devices, cur))
+               if (!bpf_device_add(bpf_devices, dev))
                        continue;
 
                /*
                 * The rule is switched from allow to deny or vica versa so
                 * don't bother allocating just flip the existing one.
                 */
-               if (cur->allow != device->allow) {
-                       cur->allow = device->allow;
+               if (dev->allow != device->allow) {
+                       dev->allow = device->allow;
 
                        return log_trace(1, "Switched existing device rule"); /* The device list was altered. */
                }
@@ -511,18 +508,14 @@ int bpf_list_add_device(struct bpf_devices *bpf_devices,
                return log_trace(0, "Reused existing device rule"); /* The device list wasn't altered. */
        }
 
-       list_elem = malloc(sizeof(*list_elem));
-       if (!list_elem)
-               return syserror_set(ENOMEM, "Failed to allocate new device list");
-
        new_device = memdup(device, sizeof(struct device_item));
        if (!new_device)
                return syserror_set(ENOMEM, "Failed to allocate new device item");
 
-       lxc_list_add_elem(list_elem, move_ptr(new_device));
-       lxc_list_add_tail(&bpf_devices->device_item, move_ptr(list_elem));
+       list_add(&new_device->head, &bpf_devices->devices);
 
-       return log_trace(1, "Added new device rule"); /* The device list was altered. */
+       TRACE("Added new device rule"); /* The device list was altered. */
+       return 1;
 }
 
 bool bpf_devices_cgroup_supported(void)
@@ -565,7 +558,7 @@ static struct bpf_program *__bpf_cgroup_devices(struct bpf_devices *bpf_devices)
 {
        __do_bpf_program_free struct bpf_program *prog = NULL;
        int ret;
-       struct lxc_list *it;
+       struct device_item *dev;
 
        prog = bpf_program_new(BPF_PROG_TYPE_CGROUP_DEVICE);
        if (!prog)
@@ -579,16 +572,14 @@ static struct bpf_program *__bpf_cgroup_devices(struct bpf_devices *bpf_devices)
        TRACE("Device cgroup %s all devices by default",
              bpf_device_list_block_all(bpf_devices) ? "blocks" : "allows");
 
-       lxc_list_for_each(it, &bpf_devices->device_item) {
-               struct device_item *cur = it->elem;
-
+       list_for_each_entry(dev, &bpf_devices->devices, head) {
                TRACE("Processing device rule: type %c, major %d, minor %d, access %s, allow %d",
-                     cur->type, cur->major, cur->minor, cur->access, cur->allow);
+                     dev->type, dev->major, dev->minor, dev->access, dev->allow);
 
-               if (!bpf_device_add(bpf_devices, cur))
+               if (!bpf_device_add(bpf_devices, dev))
                        continue;
 
-               ret = bpf_program_append_device(prog, cur);
+               ret = bpf_program_append_device(prog, dev);
                if (ret)
                        return syserror_ret(NULL, "Failed adding new device rule");
 
diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index c086f4c81c29f9befeedeef829e7ca1cbcedd79d..dd75ccacf4a8392670f281066e62621a2bacb262 100644 (file)
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -3378,7 +3378,7 @@ struct lxc_conf *lxc_conf_init(void)
        lxc_list_init(&new->cgroup2);
        /* Block ("allowlist") all devices by default. */
        new->bpf_devices.list_type = LXC_BPF_DEVICE_CGROUP_ALLOWLIST;
-       lxc_list_init(&(new->bpf_devices).device_item);
+       INIT_LIST_HEAD(&(new->bpf_devices).devices);
        lxc_list_init(&new->mount_list);
        lxc_list_init(&new->caps);
        lxc_list_init(&new->keepcaps);
diff --git a/src/lxc/conf.h b/src/lxc/conf.h
index 696ebd74161ddfffcea7a3936e69f91f1a4945f7..786631731e8332924bf34186a9db06eb42cb6fd0 100644 (file)
--- a/src/lxc/conf.h
+++ b/src/lxc/conf.h
@@ -312,11 +312,12 @@ struct device_item {
        int minor;
        char access[4];
        int allow;
+       struct list_head head;
 };
 
 struct bpf_devices {
        lxc_bpf_devices_rule_t list_type;
-       struct lxc_list device_item;
+       struct list_head devices;
 };
 
 struct timens_offsets {
@@ -624,15 +625,12 @@ static inline void put_lxc_rootfs(struct lxc_rootfs *rootfs, bool unpin)
 
 static inline void lxc_clear_cgroup2_devices(struct bpf_devices *bpf_devices)
 {
-       struct lxc_list *list = &bpf_devices->device_item;
-       struct lxc_list *it, *next;
+       struct device_item *device, *n;
 
-       lxc_list_for_each_safe (it, list, next) {
-               lxc_list_del(it);
-               free(it);
-       }
+       list_for_each_entry_safe(device, n, &bpf_devices->devices, head)
+               list_del(&device->head);
 
-       lxc_list_init(&bpf_devices->device_item);
+       INIT_LIST_HEAD(&bpf_devices->devices);
 }
 
 static inline int lxc_personality(personality_t persona)
Mirror of https://github.com/lxc/lxc.git