[libvirt] [PATCH] qemu_cgroup: allow access to /dev/dri for virtio-vga
QEMU needs access to the /dev/dri/render* device for virgl to work. Allow access to all /dev/dri/* devices for domains with <video> <model type='virtio' heads='1' primary='yes'> <acceleration accel3d='yes'/> </model> </video> https://bugzilla.redhat.com/show_bug.cgi?id=1337290 --- src/qemu/qemu_cgroup.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c index 1e04a68..d676d66 100644 --- a/src/qemu/qemu_cgroup.c +++ b/src/qemu/qemu_cgroup.c @@ -51,6 +51,7 @@ static const char *const defaultDeviceACL[] = { }; #define DEVICE_PTY_MAJOR 136 #define DEVICE_SND_MAJOR 116 +#define DEVICE_DRI_MAJOR 226 static int @@ -626,6 +627,19 @@ qemuSetupDevicesCgroup(virQEMUDriverPtr driver, goto cleanup; } + if (vm->def->nvideos) { + virDomainVideoDefPtr vid = vm->def->videos[0]; + if (vid->type == VIR_DOMAIN_VIDEO_TYPE_VIRTIO && + vid->accel && vid->accel->accel3d) { + rv = virCgroupAllowDevice(priv->cgroup, 'c', DEVICE_DRI_MAJOR, -1, + VIR_CGROUP_DEVICE_RW); + virDomainAuditCgroupMajor(vm, priv->cgroup, "allow", DEVICE_DRI_MAJOR, + "sound", "rw", rv == 0); + if (rv < 0) + goto cleanup; + } + } + for (i = 0; deviceACL[i] != NULL; i++) { if (!virFileExists(deviceACL[i])) { VIR_DEBUG("Ignoring non-existent device %s", deviceACL[i]); -- 2.7.3
On Thu, May 19, 2016 at 09:33:46 +0200, Ján Tomko wrote:
QEMU needs access to the /dev/dri/render* device for virgl to work.
Allow access to all /dev/dri/* devices for domains with <video> <model type='virtio' heads='1' primary='yes'> <acceleration accel3d='yes'/> </model> </video>
https://bugzilla.redhat.com/show_bug.cgi?id=1337290 --- src/qemu/qemu_cgroup.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+)
diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c index 1e04a68..d676d66 100644 --- a/src/qemu/qemu_cgroup.c +++ b/src/qemu/qemu_cgroup.c @@ -51,6 +51,7 @@ static const char *const defaultDeviceACL[] = { }; #define DEVICE_PTY_MAJOR 136 #define DEVICE_SND_MAJOR 116 +#define DEVICE_DRI_MAJOR 226
static int @@ -626,6 +627,19 @@ qemuSetupDevicesCgroup(virQEMUDriverPtr driver, goto cleanup; }
+ if (vm->def->nvideos) { + virDomainVideoDefPtr vid = vm->def->videos[0];
So only the primary video device can use accel? if yes please comment it here.
+ if (vid->type == VIR_DOMAIN_VIDEO_TYPE_VIRTIO && + vid->accel && vid->accel->accel3d) {
vid->accel->accel3d is a virTristateBool thus this check isn't enough.
+ rv = virCgroupAllowDevice(priv->cgroup, 'c', DEVICE_DRI_MAJOR, -1, + VIR_CGROUP_DEVICE_RW); + virDomainAuditCgroupMajor(vm, priv->cgroup, "allow", DEVICE_DRI_MAJOR, + "sound", "rw", rv == 0);
I presume that "video" is a more appropriate reason.
+ if (rv < 0) + goto cleanup; + } + }
ACK if only primary video can have accel. Otherwise please send a V2. Peter
On Thu, May 19, 2016 at 10:05:38AM +0200, Peter Krempa wrote:
On Thu, May 19, 2016 at 09:33:46 +0200, Ján Tomko wrote:
QEMU needs access to the /dev/dri/render* device for virgl to work.
Allow access to all /dev/dri/* devices for domains with <video> <model type='virtio' heads='1' primary='yes'> <acceleration accel3d='yes'/> </model> </video>
https://bugzilla.redhat.com/show_bug.cgi?id=1337290 --- src/qemu/qemu_cgroup.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+)
diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c index 1e04a68..d676d66 100644 --- a/src/qemu/qemu_cgroup.c +++ b/src/qemu/qemu_cgroup.c @@ -51,6 +51,7 @@ static const char *const defaultDeviceACL[] = { }; #define DEVICE_PTY_MAJOR 136 #define DEVICE_SND_MAJOR 116 +#define DEVICE_DRI_MAJOR 226
static int @@ -626,6 +627,19 @@ qemuSetupDevicesCgroup(virQEMUDriverPtr driver, goto cleanup; }
+ if (vm->def->nvideos) { + virDomainVideoDefPtr vid = vm->def->videos[0];
So only the primary video device can use accel? if yes please comment it here.
Yes, currently libvirt only allows the primary video to be virtio.
+ if (vid->type == VIR_DOMAIN_VIDEO_TYPE_VIRTIO && + vid->accel && vid->accel->accel3d) {
vid->accel->accel3d is a virTristateBool thus this check isn't enough.
+ rv = virCgroupAllowDevice(priv->cgroup, 'c', DEVICE_DRI_MAJOR, -1, + VIR_CGROUP_DEVICE_RW); + virDomainAuditCgroupMajor(vm, priv->cgroup, "allow", DEVICE_DRI_MAJOR, + "sound", "rw", rv == 0);
I presume that "video" is a more appropriate reason.
+ if (rv < 0) + goto cleanup; + } + }
ACK if only primary video can have accel. Otherwise please send a V2.
Thanks, pushed with the issues fixed. Jan
-- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
On Do, 2016-05-19 at 09:33 +0200, Ján Tomko wrote:
QEMU needs access to the /dev/dri/render* device for virgl to work.
Allow access to all /dev/dri/* devices for domains with <video> <model type='virtio' heads='1' primary='yes'> <acceleration accel3d='yes'/> </model> </video>
This should depend on <graphics> not <video>, specifically on "<gl enable='yes'/>" being present. cheers, Gerd
participants (3)
-
Gerd Hoffmann -
Ján Tomko -
Peter Krempa