提交 43b67f2e 编写于 作者: E Erik Skultety 提交者: John Ferlan

qemu: Disallow NUMA/network tuning for session mode

Tuning NUMA or network interface parameters requires root
privileges to manage cgroups. Thus an attempt to set some of these
parameters in session mode on a running domain should be invalid
followed by an error. An example might be memory tuning which raises
an error in such case.

The following behavior in session mode will be present after applying
this patch:

  Tuning  |      SET      |   GET  |
----------|---------------|--------|
NUMA      | shut off only | always |
Memory    |     never     | never  |
Interface |     never     | always |

Resolves https://bugzilla.redhat.com/show_bug.cgi?id=1126762
上级 19b1ee42
...@@ -7812,7 +7812,7 @@ qemuBuildCommandLine(virConnectPtr conn, ...@@ -7812,7 +7812,7 @@ qemuBuildCommandLine(virConnectPtr conn,
emulator = def->emulator; emulator = def->emulator;
if (!cfg->privileged) { if (!cfg->privileged) {
/* If we have no cgroups than we can have no tunings that /* If we have no cgroups then we can have no tunings that
* require them */ * require them */
if (def->mem.hard_limit || def->mem.soft_limit || if (def->mem.hard_limit || def->mem.soft_limit ||
...@@ -7835,6 +7835,17 @@ qemuBuildCommandLine(virConnectPtr conn, ...@@ -7835,6 +7835,17 @@ qemuBuildCommandLine(virConnectPtr conn,
_("CPU tuning is not available in session mode")); _("CPU tuning is not available in session mode"));
goto error; goto error;
} }
virDomainNetDefPtr *nets = def->nets;
virNetDevBandwidthPtr bandwidth = NULL;
size_t nnets = def->nnets;
for (i = 0; i < nnets; i++) {
if ((bandwidth = virDomainNetGetActualBandwidth(nets[i])) != NULL) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
_("Network bandwidth tuning is not available in session mode"));
goto error;
}
}
} }
for (i = 0; i < def->ngraphics; ++i) { for (i = 0; i < def->ngraphics; ++i) {
......
...@@ -9185,6 +9185,13 @@ qemuDomainSetNumaParameters(virDomainPtr dom, ...@@ -9185,6 +9185,13 @@ qemuDomainSetNumaParameters(virDomainPtr dom,
&persistentDef) < 0) &persistentDef) < 0)
goto endjob; goto endjob;
if (!cfg->privileged &&
flags & VIR_DOMAIN_AFFECT_LIVE) {
virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
_("NUMA tuning is not available in session mode"));
goto cleanup;
}
if (flags & VIR_DOMAIN_AFFECT_LIVE) { if (flags & VIR_DOMAIN_AFFECT_LIVE) {
if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_CPUSET)) { if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_CPUSET)) {
virReportError(VIR_ERR_OPERATION_INVALID, "%s", virReportError(VIR_ERR_OPERATION_INVALID, "%s",
...@@ -9276,6 +9283,7 @@ qemuDomainGetNumaParameters(virDomainPtr dom, ...@@ -9276,6 +9283,7 @@ qemuDomainGetNumaParameters(virDomainPtr dom,
size_t i; size_t i;
virDomainObjPtr vm = NULL; virDomainObjPtr vm = NULL;
virDomainDefPtr persistentDef = NULL; virDomainDefPtr persistentDef = NULL;
virQEMUDriverConfigPtr cfg = NULL;
char *nodeset = NULL; char *nodeset = NULL;
int ret = -1; int ret = -1;
virCapsPtr caps = NULL; virCapsPtr caps = NULL;
...@@ -9294,6 +9302,7 @@ qemuDomainGetNumaParameters(virDomainPtr dom, ...@@ -9294,6 +9302,7 @@ qemuDomainGetNumaParameters(virDomainPtr dom,
return -1; return -1;
priv = vm->privateData; priv = vm->privateData;
cfg = virQEMUDriverGetConfig(driver);
if (virDomainGetNumaParametersEnsureACL(dom->conn, vm->def) < 0) if (virDomainGetNumaParametersEnsureACL(dom->conn, vm->def) < 0)
goto cleanup; goto cleanup;
...@@ -9311,14 +9320,6 @@ qemuDomainGetNumaParameters(virDomainPtr dom, ...@@ -9311,14 +9320,6 @@ qemuDomainGetNumaParameters(virDomainPtr dom,
goto cleanup; goto cleanup;
} }
if (flags & VIR_DOMAIN_AFFECT_LIVE) {
if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_MEMORY)) {
virReportError(VIR_ERR_OPERATION_INVALID,
"%s", _("cgroup memory controller is not mounted"));
goto cleanup;
}
}
for (i = 0; i < QEMU_NB_NUMA_PARAM && i < *nparams; i++) { for (i = 0; i < QEMU_NB_NUMA_PARAM && i < *nparams; i++) {
virMemoryParameterPtr param = &params[i]; virMemoryParameterPtr param = &params[i];
...@@ -9341,9 +9342,16 @@ qemuDomainGetNumaParameters(virDomainPtr dom, ...@@ -9341,9 +9342,16 @@ qemuDomainGetNumaParameters(virDomainPtr dom,
if (!nodeset) if (!nodeset)
goto cleanup; goto cleanup;
} else { } else {
if (virCgroupGetCpusetMems(priv->cgroup, &nodeset) < 0) if (!virCgroupHasController(priv->cgroup,
goto cleanup; VIR_CGROUP_CONTROLLER_MEMORY) ||
virCgroupGetCpusetMems(priv->cgroup, &nodeset) < 0) {
nodeset = virDomainNumatuneFormatNodeset(vm->def->numatune,
NULL, -1);
if (!nodeset)
goto cleanup;
}
} }
if (virTypedParameterAssign(param, VIR_DOMAIN_NUMA_NODESET, if (virTypedParameterAssign(param, VIR_DOMAIN_NUMA_NODESET,
VIR_TYPED_PARAM_STRING, nodeset) < 0) VIR_TYPED_PARAM_STRING, nodeset) < 0)
goto cleanup; goto cleanup;
...@@ -9368,6 +9376,7 @@ qemuDomainGetNumaParameters(virDomainPtr dom, ...@@ -9368,6 +9376,7 @@ qemuDomainGetNumaParameters(virDomainPtr dom,
if (vm) if (vm)
virObjectUnlock(vm); virObjectUnlock(vm);
virObjectUnref(caps); virObjectUnref(caps);
virObjectUnref(cfg);
return ret; return ret;
} }
...@@ -10338,6 +10347,12 @@ qemuDomainSetInterfaceParameters(virDomainPtr dom, ...@@ -10338,6 +10347,12 @@ qemuDomainSetInterfaceParameters(virDomainPtr dom,
if (virDomainSetInterfaceParametersEnsureACL(dom->conn, vm->def, flags) < 0) if (virDomainSetInterfaceParametersEnsureACL(dom->conn, vm->def, flags) < 0)
goto cleanup; goto cleanup;
if (!cfg->privileged) {
virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
_("Network bandwidth tuning is not available in session mode"));
goto cleanup;
}
if (!(caps = virQEMUDriverGetCapabilities(driver, false))) if (!(caps = virQEMUDriverGetCapabilities(driver, false)))
goto cleanup; goto cleanup;
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册