Re: [PATCHv3] qemu: NUMA/network tuning shouldn't be supported in session mode

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 10/22/2014 03:00 PM, John Ferlan wrote:
> On 10/01/2014 08:57 AM, Erik Skultety wrote:
>> Tuning NUMA or network interface parameters require root
>> privileges to manage cgroups, thus an attempt to set some of these
>> parameters in session mode on a running domain should be invalid
>> followed by an error.
>> As an example might be memory tuning which raises an error in such case.
>> Following behavior in session mode will be present after applying
>> this patch:
>>
>>   Tuning  |      SET      |   GET  |
>> ----------|---------------|--------|
>> NUMA      | shut off only | always |
>> Memory    |     never     | never  |
>> Interface |     never     | always |
>>
>> Resolves https://bugzilla.redhat.com/show_bug.cgi?id=1126762
>> ---
>>  src/qemu/qemu_command.c | 13 ++++++++++++-
>>  src/qemu/qemu_driver.c  | 35 +++++++++++++++++++++++++----------
>>  2 files changed, 37 insertions(+), 11 deletions(-)
>>
>
> I was going through some of my list backlog - it seems this was orphaned
> :-)...  Since v3 addressed Mark's comment, I rebased it to top of
> tree... adjusted the title to be just:
>
> "qemu: Disallow NUMA/network tuning for session mode"
>
> adjusted the grammar of the commit message a bit, and pushed
>
> John
>
>
>> diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
>> index eb72451..4c335dc 100644
>> --- a/src/qemu/qemu_command.c
>> +++ b/src/qemu/qemu_command.c
>> @@ -7671,7 +7671,7 @@ qemuBuildCommandLine(virConnectPtr conn,
>>      emulator = def->emulator;
>>  
>>      if (!cfg->privileged) {
>> -        /* If we have no cgroups than we can have no tunings that
>> +        /* If we have no cgroups then we can have no tunings that
>>           * require them */
>>  
>>          if (def->mem.hard_limit || def->mem.soft_limit ||
>> @@ -7694,6 +7694,17 @@ qemuBuildCommandLine(virConnectPtr conn,
>>                             _("CPU tuning is not available in session mode"));
>>              goto error;
>>          }
>> +
>> +        virDomainNetDefPtr *nets = def->nets;
>> +        virNetDevBandwidthPtr bandwidth = NULL;
>> +        size_t nnets = def->nnets;
>> +        for (i = 0; i < nnets; i++) {
>> +            if ((bandwidth = virDomainNetGetActualBandwidth(nets[i])) != NULL) {
>> +                virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
>> +                    _("Network bandwidth tuning is not available in session mode"));
>> +                goto error;
>> +            }
>> +        }

John's review mail popped this patch (which I had missed before) up in
my inbox, and I noticed this snippet.

I think this is the wrong place to do this check - all the other bits
being checked inside this if (!cfg->privileged) are, as the comment
suggests, related to cgroups, while bandwidth management isn't (at least
not directly - it's setup with the "tc" command). I think it would be
better to check for !privileged at the place where the bandwidth is
actually set (although it doesn't have access to cfg, so you would only
be able to look at getuid() - is that adequate?). Doing the check at
that location would assure that it's properly done for *all* situations
when someone tries to set bandwidth, e.g. for an interface hotplug, for
LXC, for virDomainSetInterfaceParameters()...

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]