From 3cddd63aec979c98f7ab09e510ba4a777b88b5a8 Mon Sep 17 00:00:00 2001 From: Michal Privoznik Date: Wed, 22 Feb 2017 15:20:15 +0100 Subject: [PATCH] qemu_cgroup: Only try to allow devices if devices CGroup's available When a domain needs an access to some device (be it a disk, RNG, chardev, whatever), we have to allow it in the devices CGroup (if it is available), because by default we disallow all the devices. But some of the functions that are responsible for setting up devices CGroup are lacking check whether there is any CGroup available. Thus users might be unable to hotplug some devices: virsh # attach-device fedora rng.xml error: Failed to attach device from rng.xml error: internal error: Controller 'devices' is not mounted Signed-off-by: Michal Privoznik --- src/qemu/qemu_cgroup.c | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c index f0729743ab..42a47a7987 100644 --- a/src/qemu/qemu_cgroup.c +++ b/src/qemu/qemu_cgroup.c @@ -176,6 +176,9 @@ qemuSetupChrSourceCgroup(virDomainObjPtr vm, qemuDomainObjPrivatePtr priv = vm->privateData; int ret; + if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DEVICES)) + return 0; + if (source->type != VIR_DOMAIN_CHR_TYPE_DEV) return 0; @@ -197,6 +200,9 @@ qemuTeardownChrSourceCgroup(virDomainObjPtr vm, qemuDomainObjPrivatePtr priv = vm->privateData; int ret; + if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DEVICES)) + return 0; + if (source->type != VIR_DOMAIN_CHR_TYPE_DEV) return 0; @@ -247,6 +253,9 @@ qemuSetupInputCgroup(virDomainObjPtr vm, qemuDomainObjPrivatePtr priv = vm->privateData; int ret = 0; + if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DEVICES)) + return 0; + switch (dev->type) { case VIR_DOMAIN_INPUT_TYPE_PASSTHROUGH: VIR_DEBUG("Process path '%s' for input device", dev->source.evdev); @@ -270,6 +279,9 @@ qemuSetupHostdevCgroup(virDomainObjPtr vm, size_t i, npaths = 0; int rv, ret = -1; + if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DEVICES)) + return 0; + if (qemuDomainGetHostdevPath(NULL, dev, false, &npaths, &path, &perms) < 0) goto cleanup; @@ -344,6 +356,9 @@ qemuSetupGraphicsCgroup(virDomainObjPtr vm, const char *rendernode = gfx->data.spice.rendernode; int ret; + if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DEVICES)) + return 0; + if (gfx->type != VIR_DOMAIN_GRAPHICS_TYPE_SPICE || gfx->data.spice.gl != VIR_TRISTATE_BOOL_YES || !rendernode) @@ -481,6 +496,9 @@ qemuSetupRNGCgroup(virDomainObjPtr vm, qemuDomainObjPrivatePtr priv = vm->privateData; int rv; + if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DEVICES)) + return 0; + if (rng->backend == VIR_DOMAIN_RNG_BACKEND_RANDOM) { VIR_DEBUG("Setting Cgroup ACL for RNG device"); rv = virCgroupAllowDevicePath(priv->cgroup, @@ -505,6 +523,9 @@ qemuTeardownRNGCgroup(virDomainObjPtr vm, qemuDomainObjPrivatePtr priv = vm->privateData; int rv; + if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DEVICES)) + return 0; + if (rng->backend == VIR_DOMAIN_RNG_BACKEND_RANDOM) { VIR_DEBUG("Tearing down Cgroup ACL for RNG device"); rv = virCgroupDenyDevicePath(priv->cgroup,