When the config knob is enabled, we simply skip the part where
limits are set; for the memory locking limit, which can change
dynamically over the lifetime of the guest, we still make sure
that the external process has set it correctly and error out
if that turns out not to be the case
This
qemuProcessLaunch() is the correct place to set process limits,
and in fact is where we were dealing with almost all of them,
but the memory locking limit was handled in
qemuBuildCommandLine() instead for some reason.
The code is rewritten so that the desired limit is calculated
and applied in
Up until now we've implicitly relied on the fact that failures
reported from this function were simply ignored, but that's
about to change and so we need a proper mock.
Signed-off-by: Andrea Bolognani
---
src/util/virprocess.h | 2 +-
tests/virprocessmock.c | 7 +++
2 files changed, 8
This will be useful when libvirtd is running in a containerized
environment with limited capabilities, and in order to make
things like VFIO device assignment still work an external
privileged process changes the limits from outside of the
container. KubeVirt is an example of this setup.
Currently, the functions accept either an explicit pid or zero,
in which case the current process should be modified: the latter
might sound like a convenient little feature, but in reality
obtaining the pid of the current process is a single additional
function call away, so it hardly makes a
This behavior reflects the needs of the QEMU driver and has no
place in a generic module such as virProcess.
Thanks to the changes made with the previous commit, it is now
safe to remove these checks and make all virProcessSetMax*()
functions finally behave the same way.
Signed-off-by: Andrea
Calling prlimit() requires elevated privileges, specifically
CAP_SYS_RESOURCE, and getrlimit() only works for the current
process which is too limiting for our needs; /proc/$pid/limits,
on the other hand, can be read by any process, so implement
parsing that file as a fallback for when prlimit()
Store the current memory locking limit and the desired one
separately, which will help with later changes.
Signed-off-by: Andrea Bolognani
---
src/qemu/qemu_domain.c | 20 +++-
1 file changed, 11 insertions(+), 9 deletions(-)
diff --git a/src/qemu/qemu_domain.c
Calling a stub should always result in ENOSYS being raised,
regardless of what arguments are passed to it.
Signed-off-by: Andrea Bolognani
---
src/util/virprocess.c | 22 ++
1 file changed, 6 insertions(+), 16 deletions(-)
diff --git a/src/util/virprocess.c
That's more consistent with our usual naming convention.
Signed-off-by: Andrea Bolognani
---
src/conf/domain_conf.h | 4 ++--
src/qemu/qemu_domain.c | 10 +-
2 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index
Now that we've implemented a fallback for the function that
obtains the information from /proc, there is no reason we would
get a failure unless there's something seriously wrong with the
environment we're running in, in which case we're better off
reporting the issue to the user rather than
Signed-off-by: Andrea Bolognani
---
NEWS.rst | 10 ++
1 file changed, 10 insertions(+)
diff --git a/NEWS.rst b/NEWS.rst
index bd40373a80..3a3e3962c2 100644
--- a/NEWS.rst
+++ b/NEWS.rst
@@ -13,6 +13,16 @@ v7.2.0 (unreleased)
* **New features**
+ * qemu: Allow process limits to be
The current code is written under the assumption that, for all
limits except the core size, asking for the limit to be set to
zero is a no-op, and so the operation is performed
unconditionally.
While this is the behavior we want for the QEMU driver, the
virCommand and virProcess facilities are
We're going to change their behavior, so it's good to have the
current one documented to serve as baseline.
Signed-off-by: Andrea Bolognani
---
src/util/virprocess.c | 46 +++
1 file changed, 46 insertions(+)
diff --git a/src/util/virprocess.c
Doing this now will make the next changes nicer.
Signed-off-by: Andrea Bolognani
---
src/qemu/qemu_process.c | 5 -
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index d3208e5203..1e1df6da64 100644
---
These functions abstract part of the existing logic, which is
the same in all virProcessSetMax*() functions, and changes it
so that which underlying syscall is used depends on their
availability rather than on the context in which they are
called: since prlimit() and {g,s}etrlimit() have slightly
This feature has been requested by KubeVirt developers and will make
it possible for them to make some VFIO-related features, such as
migration and hotplug, work correctly.
https://bugzilla.redhat.com/show_bug.cgi?id=1916346
The first part of the series, especially the first 9 patches, is
Currently this only happens for the core size, but we want the
behavior to be consistent for other limits as well.
Signed-off-by: Andrea Bolognani
---
src/util/vircommand.c | 15 ---
1 file changed, 12 insertions(+), 3 deletions(-)
diff --git a/src/util/vircommand.c
Andrea Bolognani wrote:
> On Fri, 2021-03-05 at 13:43 +0100, Ján Tomko wrote:
> > On a Friday in 2021, Andrea Bolognani wrote:
> > > On Thu, 2021-03-04 at 17:47 +0100, Ján Tomko wrote:
> > > > On a Wednesday in 2021, Roman Bogorodskiy wrote:
> > > > > +keycode_dep = declare_dependency(sources:
On Fri, 2021-03-05 at 13:43 +0100, Ján Tomko wrote:
> On a Friday in 2021, Andrea Bolognani wrote:
> > On Thu, 2021-03-04 at 17:47 +0100, Ján Tomko wrote:
> > > On a Wednesday in 2021, Roman Bogorodskiy wrote:
> > > > +keycode_dep = declare_dependency(sources: keycode_gen_sources)
> > >
> > >
On a Friday in 2021, Andrea Bolognani wrote:
On Thu, 2021-03-04 at 17:47 +0100, Ján Tomko wrote:
On a Wednesday in 2021, Roman Bogorodskiy wrote:
> +keycode_dep = declare_dependency(sources: keycode_gen_sources)
Please format this as:
keycode_dep = declare_dependency(
sources:
With this, XML fails if config video type 'ramfb' contains
address, since address is not supported for 'ramfb' video
devices. Previously it didn't raise error.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1891416
Signed-off-by: Kristina Hanicova
---
src/conf/domain_validate.c | 8
When generating TC rules for domain's outbound traffic, Libvirt
will use the 'average' as the default for 'burst' - it's been
this way since the feature introduction in v0.9.4-rc1~22. The
reason is that 'average' considers 'burst' for policing. However,
when parsing its command line TC uses an
On 3/5/21 10:45 AM, Andrea Bolognani wrote:
On Thu, 2021-03-04 at 20:55 +0100, Michal Privoznik wrote:
Surprisingly, we never documented the relationship between
connection URI and the location of qemu.conf. Users might wonder
what qemu.conf is loaded when they are connecting to the session
On Thu, 2021-03-04 at 17:47 +0100, Ján Tomko wrote:
> On a Wednesday in 2021, Roman Bogorodskiy wrote:
> > +keycode_dep = declare_dependency(sources: keycode_gen_sources)
>
> Please format this as:
>
> keycode_dep = declare_dependency(
>sources: keycode_gen_sources
> )
>
> to match the
On Fri, Mar 05, 2021 at 10:42:06AM +0100, Peter Krempa wrote:
> Commit bbc25f0d03d443efd35381463efc81b01cb6ae96 juggled around some
> error reporting. Unfortunately virFirewallApply tries to report the
> errno stored in the firewall object and we'd try to do that when the
> firewall object is NULL
On Thu, 2021-03-04 at 20:55 +0100, Michal Privoznik wrote:
> Surprisingly, we never documented the relationship between
> connection URI and the location of qemu.conf. Users might wonder
> what qemu.conf is loaded when they are connecting to the session
> daemon or embed URI. And what to do if the
Commit bbc25f0d03d443efd35381463efc81b01cb6ae96 juggled around some
error reporting. Unfortunately virFirewallApply tries to report the
errno stored in the firewall object and we'd try to do that when the
firewall object is NULL too. Report EINVAL if 'firewall' is NULL.
Found by Coverity.
On Thu, Feb 25, 2021 at 14:23:06 +0100, Tim Wiederhake wrote:
> See https://bugzilla.redhat.com/show_bug.cgi?id=1840770
>
> Signed-off-by: Tim Wiederhake
> ---
> src/qemu/qemu_process.c | 27 +++
> 1 file changed, 27 insertions(+)
>
> diff --git
Markus Armbruster writes:
> Daniel P. Berrangé writes:
>
>> On Thu, Mar 04, 2021 at 11:00:57AM +0100, Markus Armbruster wrote:
>>> Drop the crap deprecated in commit 4a27a638e7 "fdc: Deprecate
>>> configuring floppies with -global isa-fdc" (v5.1.0).
>>>
>>> Signed-off-by: Markus Armbruster
30 matches
Mail list logo