Re: [PATCH] RFC: audit: add shmem resource type

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Jul 10, 2015 at 06:11:35PM +0200, Marc-André Lureau wrote:
Provide information about shared memory resources in audit log.

Notes:

- the same shm used several times will add up.  This is a very uncommon
case, but we may want to account only the different shm names instead.

- the shm may exist before the VMs was started, so the shm may not
actually be created by the VM (it can be there before, or created by
the server for instance).

https://bugzilla.redhat.com/show_bug.cgi?id=1218603

Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
---
docs/auditlog.html.in    | 17 +++++++++++++++++
src/conf/domain_audit.c  | 10 ++++++++++
src/conf/domain_audit.h  |  6 ++++++
src/conf/domain_conf.c   | 21 +++++++++++++++++++++
src/conf/domain_conf.h   |  1 +
src/libvirt_private.syms |  2 ++
6 files changed, 57 insertions(+)


As said in previous attempt by Luyao to do this, the auditing should
be handled differently, there's also lot more info to audit.  Thanks
for the patch, but this must be done in another way.

diff --git a/docs/auditlog.html.in b/docs/auditlog.html.in
index 8a007ca..a6e5f6d 100644
--- a/docs/auditlog.html.in
+++ b/docs/auditlog.html.in
@@ -172,6 +172,23 @@
      <dd>Updated memory size in bytes</dd>
    </dl>

+    <h4><a name="typeresourceshmem">Shared Memory</a></h4>
+
+    <p>
+      The <code>msg</code> field will include the following sub-fields
+    </p>
+
+    <dl>
+      <dt>reason</dt>
+      <dd>The reason which caused the resource to be assigned to happen</dd>
+      <dt>resrc</dt>
+      <dd>The type of resource assigned. Set to <code>shmem</code></dd>
+      <dt>old-shmem</dt>
+      <dd>Original memory size in bytes, or 0</dd>
+      <dt>new-shmem</dt>
+      <dd>Updated memory size in bytes</dd>
+    </dl>
+
    <h4><a name="typeresourcedisk">Disk</a></h4>
    <p>
      The <code>msg</code> field will include the following sub-fields
diff --git a/src/conf/domain_audit.c b/src/conf/domain_audit.c
index caebdba..bc81aec 100644
--- a/src/conf/domain_audit.c
+++ b/src/conf/domain_audit.c
@@ -783,6 +783,14 @@ virDomainAuditMemory(virDomainObjPtr vm,
}

void
+virDomainAuditShmem(virDomainObjPtr vm,
+                    unsigned long long oldmem, unsigned long long newmem,
+                    const char *reason, bool success)
+{
+    return virDomainAuditResource(vm, "shmem", oldmem, newmem, reason, success);
+}
+
+void
virDomainAuditVcpu(virDomainObjPtr vm,
                   unsigned int oldvcpu, unsigned int newvcpu,
                   const char *reason, bool success)
@@ -885,6 +893,8 @@ virDomainAuditStart(virDomainObjPtr vm, const char *reason, bool success)

    virDomainAuditMemory(vm, 0, virDomainDefGetMemoryActual(vm->def),
                         "start", true);
+    virDomainAuditShmem(vm, 0, virDomainDefGetShmem(vm->def),
+                        "start", true);
    virDomainAuditVcpu(vm, 0, vm->def->vcpus, "start", true);
    if (vm->def->iothreads)
        virDomainAuditIOThread(vm, 0, vm->def->iothreads, "start", true);
diff --git a/src/conf/domain_audit.h b/src/conf/domain_audit.h
index 97dadca..3db6ace 100644
--- a/src/conf/domain_audit.h
+++ b/src/conf/domain_audit.h
@@ -96,6 +96,12 @@ void virDomainAuditMemory(virDomainObjPtr vm,
                          const char *reason,
                          bool success)
    ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(4);
+void virDomainAuditShmem(virDomainObjPtr vm,
+                         unsigned long long oldmem,
+                         unsigned long long newmem,
+                         const char *reason,
+                         bool success)
+    ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(4);
void virDomainAuditVcpu(virDomainObjPtr vm,
                        unsigned int oldvcpu,
                        unsigned int newvcpu,
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 5a9a88d..378aa1a 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -7575,6 +7575,27 @@ virDomainDefGetMemoryActual(virDomainDefPtr def)
}


+/**
+ * virDomainDefGetShmem:
+ * @def: domain definition
+ *
+ * Returns the current shared memory size usable by the domain described by
+ * @def.
+ */
+unsigned long long
+virDomainDefGetShmem(virDomainDefPtr def)
+{
+    unsigned long long ret = 0;
+    size_t i;
+
+    for (i = 0; i < def->nshmems; i++) {
+        ret += def->shmems[i]->size;
+    }
+
+    return ret;
+}
+
+
static int
virDomainControllerModelTypeFromString(const virDomainControllerDef *def,
                                       const char *model)
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 50750c1..041d619 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -2287,6 +2287,7 @@ struct _virDomainDef {
unsigned long long virDomainDefGetMemoryInitial(virDomainDefPtr def);
void virDomainDefSetMemoryInitial(virDomainDefPtr def, unsigned long long size);
unsigned long long virDomainDefGetMemoryActual(virDomainDefPtr def);
+unsigned long long virDomainDefGetShmem(virDomainDefPtr def);

typedef enum {
    VIR_DOMAIN_KEY_WRAP_CIPHER_NAME_AES,
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 720afdf..0bb4513 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -134,6 +134,7 @@ virDomainAuditNetDevice;
virDomainAuditRedirdev;
virDomainAuditRNG;
virDomainAuditSecurityLabel;
+virDomainAuditShmem;
virDomainAuditStart;
virDomainAuditStop;
virDomainAuditVcpu;
@@ -214,6 +215,7 @@ virDomainDefGetDefaultEmulator;
virDomainDefGetMemoryActual;
virDomainDefGetMemoryInitial;
virDomainDefGetSecurityLabelDef;
+virDomainDefGetShmem;
virDomainDefHasDeviceAddress;
virDomainDefMaybeAddController;
virDomainDefMaybeAddInput;
--
2.4.3

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list

Attachment: signature.asc
Description: PGP signature

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list

[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]