Re: [RFC] Check host's minimum memory.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thu, Mar 08, 2007 at 01:03:48PM +0000, Daniel P. Berrange wrote:
> On Thu, Mar 08, 2007 at 05:33:45PM +0900, Atsushi SAKAI wrote:
> > Hi, Dan
> > 
> >  I and Sunou investivate this issue.
> > 
> >   virsh setmem commands directry writes xenstore(memory/target) 
> > by using xenStoreDomainSetMemory()@xs_internal.c.
> > This data (memory/target) is read by PVdomain balloon driver directly.
> > As you know, xenstore just pass through the data between inter domain.
> > For this reason, virsh setmem must protect at xs_internal.c not on Xen-side
> 
> Ahhh, yes that makes sense.  So looks like we have no choice but to 
> put some protection in libvirt here. Lets have a patch which applies
> to  xs_internal.c only, and protects Dom0 with a limit of 64 MB. This
> avoids imposing policy on non-Dom0, or QEMU/KVM guests.

  I applied the following patch which:
    1/ find the places where we had an arbitrary memory value set or
       tested, use MIN_XEN_GUEST_SIZE defined as 64 as the base minimum
       and 2 * MIN_XEN_GUEST_SIZE for default when not defined
    1/ add the protection to xenStoreDomainSetMemory, MIN_XEN_GUEST_SIZE
       for guests and 2 * MIN_XEN_GUEST_SIZE for Dom0

of course the actual values selected can be argued about but at least I think
the place which are affected are now well isolated,

Daniel

-- 
Red Hat Virtualization group http://redhat.com/virtualization/
Daniel Veillard      | virtualization library  http://libvirt.org/
veillard@xxxxxxxxxx  | libxml GNOME XML XSLT toolkit  http://xmlsoft.org/
http://veillard.com/ | Rpmfind RPM search engine  http://rpmfind.net/

? difdev
? fc4.xml
? fc5-2.xml
? fc5.xml
? kvm.xml
? libvirt v0.1.1.chm
? libvirt-autogen-configure-failure.patch
? libvirt-check-max-vcpu.patch
? min_memory.patch
? patch
? qemu.xml
? tmpcvs12627
? tmpwrk12627
? winxp.xml
? winxp_from_xend.sxp
? winxp_to_xend.sxp
? docs/APIchunk5.html
? docs/APIchunk6.html
? docs/devhelp/.memdump
? include/libvirt/patch
? python/libvir-export.c
? python/libvir-py.c
? python/libvir-py.h
? python/libvirclass.txt
? src/bug.xml
? src/fv0.xml
? src/libvir.loT
? src/libvirt.rng
? src/libvirt.xml
? src/tst1.xml
? src/tst2.xml
? src/xen_internal.c.diff
? tests/res
Index: src/internal.h
===================================================================
RCS file: /data/cvs/libxen/src/internal.h,v
retrieving revision 1.32
diff -u -p -r1.32 internal.h
--- src/internal.h	14 Feb 2007 15:40:54 -0000	1.32
+++ src/internal.h	8 Mar 2007 14:06:26 -0000
@@ -94,7 +94,11 @@ extern "C" {
 #define VIR_IS_NETWORK(obj)		((obj) && (obj)->magic==VIR_NETWORK_MAGIC)
 #define VIR_IS_CONNECTED_NETWORK(obj)	(VIR_IS_NETWORK(obj) && VIR_IS_CONNECT((obj)->conn))
 
+/*
+ * arbitrary limitations
+ */
 #define MAX_DRIVERS 10
+#define MIN_XEN_GUEST_SIZE 64  /* 64 megabytes */
 
 /*
  * Flags for Xen connections
Index: src/xend_internal.c
===================================================================
RCS file: /data/cvs/libxen/src/xend_internal.c,v
retrieving revision 1.100
diff -u -p -r1.100 xend_internal.c
--- src/xend_internal.c	8 Mar 2007 08:31:07 -0000	1.100
+++ src/xend_internal.c	8 Mar 2007 14:06:26 -0000
@@ -1383,7 +1383,7 @@ xend_parse_sexp_desc(virConnectPtr conn,
     if (cur_mem > max_mem)
         max_mem = cur_mem;
     virBufferVSprintf(&buf, "  <memory>%d</memory>\n", max_mem);
-    if ((cur_mem > 63) && (cur_mem != max_mem))
+    if ((cur_mem >= MIN_XEN_GUEST_SIZE) && (cur_mem != max_mem))
 	virBufferVSprintf(&buf, "  <currentMemory>%d</currentMemory>\n",
 	                  cur_mem);
     virBufferVSprintf(&buf, "  <vcpu>%d</vcpu>\n",
Index: src/xm_internal.c
===================================================================
RCS file: /data/cvs/libxen/src/xm_internal.c,v
retrieving revision 1.17
diff -u -p -r1.17 xm_internal.c
--- src/xm_internal.c	8 Mar 2007 08:31:07 -0000	1.17
+++ src/xm_internal.c	8 Mar 2007 14:06:26 -0000
@@ -540,7 +540,7 @@ int xenXMDomainGetInfo(virDomainPtr doma
     memset(info, 0, sizeof(virDomainInfo));
     if (xenXMConfigGetInt(entry->conf, "memory", &mem) < 0 ||
         mem < 0)
-        info->memory = 64 * 1024;
+        info->memory = MIN_XEN_GUEST_SIZE * 1024 * 2;
     else
         info->memory = (unsigned long)mem * 1024;
     if (xenXMConfigGetInt(entry->conf, "maxmem", &mem) < 0 ||
@@ -649,12 +649,13 @@ char *xenXMDomainFormatXML(virConnectPtr
     }
 
     if (xenXMConfigGetInt(conf, "memory", &val) < 0)
-        val = 64;
-    virBufferVSprintf(buf, "  <currentMemory>%ld</currentMemory>\n", val * 1024);
+        val = MIN_XEN_GUEST_SIZE * 2;
+    virBufferVSprintf(buf, "  <currentMemory>%ld</currentMemory>\n",
+                      val * 1024);
 
     if (xenXMConfigGetInt(conf, "maxmem", &val) < 0)
         if (xenXMConfigGetInt(conf, "memory", &val) < 0)
-            val = 64;
+            val = MIN_XEN_GUEST_SIZE * 2;
     virBufferVSprintf(buf, "  <memory>%ld</memory>\n", val * 1024);
 
 
@@ -663,7 +664,6 @@ char *xenXMDomainFormatXML(virConnectPtr
     virBufferVSprintf(buf, "  <vcpu>%ld</vcpu>\n", val);
 
 
-
     if (xenXMConfigGetString(conf, "on_poweroff", &str) < 0)
         str = "destroy";
     virBufferVSprintf(buf, "  <on_poweroff>%s</on_poweroff>\n", str);
@@ -1122,7 +1122,7 @@ unsigned long xenXMDomainGetMaxMemory(vi
         val < 0)
         if (xenXMConfigGetInt(entry->conf, "memory", &val) < 0 ||
             val < 0)
-            val = 64;
+            val = MIN_XEN_GUEST_SIZE * 2;
 
     return (val * 1024);
 }
Index: src/xml.c
===================================================================
RCS file: /data/cvs/libxen/src/xml.c,v
retrieving revision 1.63
diff -u -p -r1.63 xml.c
--- src/xml.c	8 Mar 2007 08:55:56 -0000	1.63
+++ src/xml.c	8 Mar 2007 14:06:26 -0000
@@ -1026,7 +1026,7 @@ virDomainParseXMLDesc(virConnectPtr conn
 
     obj = xmlXPathEval(BAD_CAST "number(/domain/memory[1])", ctxt);
     if ((obj == NULL) || (obj->type != XPATH_NUMBER) ||
-        (isnan(obj->floatval)) || (obj->floatval < 64000)) {
+        (isnan(obj->floatval)) || (obj->floatval < MIN_XEN_GUEST_SIZE * 1024)) {
         max_mem = 128;
     } else {
         max_mem = (obj->floatval / 1024);
@@ -1034,7 +1034,7 @@ virDomainParseXMLDesc(virConnectPtr conn
     xmlXPathFreeObject(obj);
     obj = xmlXPathEval(BAD_CAST "number(/domain/currentMemory[1])", ctxt);
     if ((obj == NULL) || (obj->type != XPATH_NUMBER) ||
-        (isnan(obj->floatval)) || (obj->floatval < 64000)) {
+        (isnan(obj->floatval)) || (obj->floatval < MIN_XEN_GUEST_SIZE * 1024)) {
         mem = max_mem;
     } else {
         mem = (obj->floatval / 1024);
Index: src/xs_internal.c
===================================================================
RCS file: /data/cvs/libxen/src/xs_internal.c,v
retrieving revision 1.33
diff -u -p -r1.33 xs_internal.c
--- src/xs_internal.c	8 Mar 2007 08:31:07 -0000	1.33
+++ src/xs_internal.c	8 Mar 2007 14:14:02 -0000
@@ -429,13 +429,16 @@ xenStoreDomainSetMemory(virDomainPtr dom
     int ret;
     char value[20];
 
-    if ((domain == NULL) || (domain->conn == NULL) || (memory < 4096)) {
+    if ((domain == NULL) || (domain->conn == NULL) ||
+        (memory < 1024 * MIN_XEN_GUEST_SIZE)) {
         virXenStoreError(domain ? domain->conn : NULL, VIR_ERR_INVALID_ARG,
 	                 __FUNCTION__);
 	return(-1);
     }
     if (domain->id == -1)
         return(-1);
+    if ((domain->id == 0) && (memory < (2 * MIN_XEN_GUEST_SIZE * 1024)))
+	return(-1);
     snprintf(value, 19, "%lu", memory);
     value[19] = 0;
     ret = virDomainDoStoreWrite(domain, "memory/target", &value[0]);
[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]