2010-12-16 16:10:54 +00:00
|
|
|
/*
|
|
|
|
|
* qemu_cgroup.c: QEMU cgroup management
|
|
|
|
|
*
|
2013-01-09 23:39:18 +00:00
|
|
|
* Copyright (C) 2006-2013 Red Hat, Inc.
|
2010-12-16 16:10:54 +00:00
|
|
|
* Copyright (C) 2006 Daniel P. Berrange
|
|
|
|
|
*
|
|
|
|
|
* This library is free software; you can redistribute it and/or
|
|
|
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
|
|
|
* License as published by the Free Software Foundation; either
|
|
|
|
|
* version 2.1 of the License, or (at your option) any later version.
|
|
|
|
|
*
|
|
|
|
|
* This library is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
|
|
* Lesser General Public License for more details.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU Lesser General Public
|
2012-09-20 22:30:55 +00:00
|
|
|
* License along with this library. If not, see
|
2012-07-21 10:06:23 +00:00
|
|
|
* <http://www.gnu.org/licenses/>.
|
2010-12-16 16:10:54 +00:00
|
|
|
*
|
|
|
|
|
* Author: Daniel P. Berrange <berrange@redhat.com>
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#include <config.h>
|
|
|
|
|
|
|
|
|
|
#include "qemu_cgroup.h"
|
2011-07-21 02:10:31 +00:00
|
|
|
#include "qemu_domain.h"
|
qemu: Keep the affinity when creating cgroup for emulator thread
When the cpu placement model is "auto", it sets the affinity for
domain process with the advisory nodeset from numad, however,
creating cgroup for the domain process (called emulator thread
in some contexts) later overrides that with pinning it to all
available pCPUs.
How to reproduce:
* Configure the domain with "auto" placement for <vcpu>, e.g.
<vcpu placement='auto'>4</vcpu>
* % virsh start dom
* % cat /proc/$dompid/status
Though the emulator cgroup cause conflicts, but we can't simply
prohibit creating it, as other tunables are still useful, such
as "emulator_period", which is used by API
virDomainSetSchedulerParameter. So this patch doesn't prohibit
creating the emulator cgroup, but inherit the nodeset from numad,
and reset the affinity for domain process.
* src/qemu/qemu_cgroup.h: Modify definition of qemuSetupCgroupForEmulator
to accept the passed nodenet
* src/qemu/qemu_cgroup.c: Set the affinity with the passed nodeset
2012-10-24 09:27:56 +00:00
|
|
|
#include "qemu_process.h"
|
2012-12-03 15:03:47 +00:00
|
|
|
#include "vircgroup.h"
|
2012-12-12 17:59:27 +00:00
|
|
|
#include "virlog.h"
|
2012-12-12 18:06:53 +00:00
|
|
|
#include "viralloc.h"
|
2012-12-13 18:21:53 +00:00
|
|
|
#include "virerror.h"
|
2012-12-13 17:44:57 +00:00
|
|
|
#include "virutil.h"
|
Move qemu_audit.h helpers into shared code
The LXC and UML drivers can both make use of auditing. Move
the qemu_audit.{c,h} files to src/conf/domain_audit.{c,h}
* src/conf/domain_audit.c: Rename from src/qemu/qemu_audit.c
* src/conf/domain_audit.h: Rename from src/qemu/qemu_audit.h
* src/Makefile.am: Remove qemu_audit.{c,h}, add domain_audit.{c,h}
* src/qemu/qemu_audit.h, src/qemu/qemu_cgroup.c,
src/qemu/qemu_command.c, src/qemu/qemu_driver.c,
src/qemu/qemu_hotplug.c, src/qemu/qemu_migration.c,
src/qemu/qemu_process.c: Update for changed audit API names
2011-07-04 10:56:13 +00:00
|
|
|
#include "domain_audit.h"
|
2010-12-16 16:10:54 +00:00
|
|
|
|
|
|
|
|
#define VIR_FROM_THIS VIR_FROM_QEMU
|
|
|
|
|
|
|
|
|
|
static const char *const defaultDeviceACL[] = {
|
|
|
|
|
"/dev/null", "/dev/full", "/dev/zero",
|
|
|
|
|
"/dev/random", "/dev/urandom",
|
|
|
|
|
"/dev/ptmx", "/dev/kvm", "/dev/kqemu",
|
2011-03-09 22:05:00 +00:00
|
|
|
"/dev/rtc", "/dev/hpet",
|
2010-12-16 16:10:54 +00:00
|
|
|
NULL,
|
|
|
|
|
};
|
|
|
|
|
#define DEVICE_PTY_MAJOR 136
|
|
|
|
|
#define DEVICE_SND_MAJOR 116
|
|
|
|
|
|
2011-02-16 02:18:40 +00:00
|
|
|
static int
|
2011-03-09 03:13:18 +00:00
|
|
|
qemuSetupDiskPathAllow(virDomainDiskDefPtr disk,
|
2011-02-16 02:18:40 +00:00
|
|
|
const char *path,
|
|
|
|
|
size_t depth ATTRIBUTE_UNUSED,
|
|
|
|
|
void *opaque)
|
2010-12-16 16:10:54 +00:00
|
|
|
{
|
2013-03-21 14:40:29 +00:00
|
|
|
virDomainObjPtr vm = opaque;
|
|
|
|
|
qemuDomainObjPrivatePtr priv = vm->privateData;
|
2010-12-16 16:10:54 +00:00
|
|
|
int rc;
|
|
|
|
|
|
|
|
|
|
VIR_DEBUG("Process path %s for disk", path);
|
2013-03-21 14:40:29 +00:00
|
|
|
rc = virCgroupAllowDevicePath(priv->cgroup, path,
|
2011-03-09 03:13:18 +00:00
|
|
|
(disk->readonly ? VIR_CGROUP_DEVICE_READ
|
|
|
|
|
: VIR_CGROUP_DEVICE_RW));
|
2013-03-21 14:40:29 +00:00
|
|
|
virDomainAuditCgroupPath(vm, priv->cgroup, "allow", path,
|
Move qemu_audit.h helpers into shared code
The LXC and UML drivers can both make use of auditing. Move
the qemu_audit.{c,h} files to src/conf/domain_audit.{c,h}
* src/conf/domain_audit.c: Rename from src/qemu/qemu_audit.c
* src/conf/domain_audit.h: Rename from src/qemu/qemu_audit.h
* src/Makefile.am: Remove qemu_audit.{c,h}, add domain_audit.{c,h}
* src/qemu/qemu_audit.h, src/qemu/qemu_cgroup.c,
src/qemu/qemu_command.c, src/qemu/qemu_driver.c,
src/qemu/qemu_hotplug.c, src/qemu/qemu_migration.c,
src/qemu/qemu_process.c: Update for changed audit API names
2011-07-04 10:56:13 +00:00
|
|
|
disk->readonly ? "r" : "rw", rc);
|
2011-02-17 00:05:54 +00:00
|
|
|
if (rc < 0) {
|
|
|
|
|
if (rc == -EACCES) { /* Get this for root squash NFS */
|
2010-12-16 16:10:54 +00:00
|
|
|
VIR_DEBUG("Ignoring EACCES for %s", path);
|
|
|
|
|
} else {
|
|
|
|
|
virReportSystemError(-rc,
|
|
|
|
|
_("Unable to allow access for disk path %s"),
|
|
|
|
|
path);
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2012-10-17 20:22:24 +00:00
|
|
|
int qemuSetupDiskCgroup(virDomainObjPtr vm,
|
2010-12-16 16:10:54 +00:00
|
|
|
virDomainDiskDefPtr disk)
|
|
|
|
|
{
|
2013-03-21 14:40:29 +00:00
|
|
|
qemuDomainObjPrivatePtr priv = vm->privateData;
|
|
|
|
|
|
|
|
|
|
if (!virCgroupHasController(priv->cgroup,
|
|
|
|
|
VIR_CGROUP_CONTROLLER_DEVICES))
|
|
|
|
|
return 0;
|
|
|
|
|
|
2010-12-16 16:10:54 +00:00
|
|
|
return virDomainDiskDefForeachPath(disk,
|
|
|
|
|
true,
|
|
|
|
|
qemuSetupDiskPathAllow,
|
2013-03-21 14:40:29 +00:00
|
|
|
vm);
|
2010-12-16 16:10:54 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2011-02-16 02:18:40 +00:00
|
|
|
static int
|
|
|
|
|
qemuTeardownDiskPathDeny(virDomainDiskDefPtr disk ATTRIBUTE_UNUSED,
|
|
|
|
|
const char *path,
|
|
|
|
|
size_t depth ATTRIBUTE_UNUSED,
|
|
|
|
|
void *opaque)
|
2010-12-16 16:10:54 +00:00
|
|
|
{
|
2013-03-21 14:40:29 +00:00
|
|
|
virDomainObjPtr vm = opaque;
|
|
|
|
|
qemuDomainObjPrivatePtr priv = vm->privateData;
|
2010-12-16 16:10:54 +00:00
|
|
|
int rc;
|
|
|
|
|
|
|
|
|
|
VIR_DEBUG("Process path %s for disk", path);
|
2013-03-21 14:40:29 +00:00
|
|
|
rc = virCgroupDenyDevicePath(priv->cgroup, path,
|
2011-03-09 03:13:18 +00:00
|
|
|
VIR_CGROUP_DEVICE_RWM);
|
2013-03-21 14:40:29 +00:00
|
|
|
virDomainAuditCgroupPath(vm, priv->cgroup, "deny", path, "rwm", rc);
|
2011-02-17 00:05:54 +00:00
|
|
|
if (rc < 0) {
|
|
|
|
|
if (rc == -EACCES) { /* Get this for root squash NFS */
|
2010-12-16 16:10:54 +00:00
|
|
|
VIR_DEBUG("Ignoring EACCES for %s", path);
|
|
|
|
|
} else {
|
|
|
|
|
virReportSystemError(-rc,
|
|
|
|
|
_("Unable to deny access for disk path %s"),
|
|
|
|
|
path);
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2012-10-17 20:22:24 +00:00
|
|
|
int qemuTeardownDiskCgroup(virDomainObjPtr vm,
|
2010-12-16 16:10:54 +00:00
|
|
|
virDomainDiskDefPtr disk)
|
|
|
|
|
{
|
2013-03-21 14:40:29 +00:00
|
|
|
qemuDomainObjPrivatePtr priv = vm->privateData;
|
|
|
|
|
|
|
|
|
|
if (!virCgroupHasController(priv->cgroup,
|
|
|
|
|
VIR_CGROUP_CONTROLLER_DEVICES))
|
|
|
|
|
return 0;
|
|
|
|
|
|
2010-12-16 16:10:54 +00:00
|
|
|
return virDomainDiskDefForeachPath(disk,
|
|
|
|
|
true,
|
|
|
|
|
qemuTeardownDiskPathDeny,
|
2013-03-21 14:40:29 +00:00
|
|
|
vm);
|
2010-12-16 16:10:54 +00:00
|
|
|
}
|
|
|
|
|
|
2011-02-16 02:18:40 +00:00
|
|
|
static int
|
2013-04-12 20:55:46 +00:00
|
|
|
qemuSetupChrSourceCgroup(virDomainDefPtr def,
|
|
|
|
|
virDomainChrSourceDefPtr dev,
|
2013-03-21 14:40:29 +00:00
|
|
|
void *opaque)
|
2010-12-16 16:10:54 +00:00
|
|
|
{
|
2013-03-21 14:40:29 +00:00
|
|
|
virDomainObjPtr vm = opaque;
|
|
|
|
|
qemuDomainObjPrivatePtr priv = vm->privateData;
|
2010-12-16 16:10:54 +00:00
|
|
|
int rc;
|
|
|
|
|
|
2013-04-12 20:55:46 +00:00
|
|
|
if (dev->type != VIR_DOMAIN_CHR_TYPE_DEV)
|
2010-12-16 16:10:54 +00:00
|
|
|
return 0;
|
|
|
|
|
|
2013-04-12 20:55:46 +00:00
|
|
|
VIR_DEBUG("Process path '%s' for device", dev->data.file.path);
|
2010-12-16 16:10:54 +00:00
|
|
|
|
2013-03-21 14:40:29 +00:00
|
|
|
rc = virCgroupAllowDevicePath(priv->cgroup, dev->data.file.path,
|
2011-03-09 03:13:18 +00:00
|
|
|
VIR_CGROUP_DEVICE_RW);
|
2013-03-21 14:40:29 +00:00
|
|
|
virDomainAuditCgroupPath(vm, priv->cgroup, "allow",
|
2013-04-12 20:55:46 +00:00
|
|
|
dev->data.file.path, "rw", rc);
|
2011-02-17 00:05:54 +00:00
|
|
|
if (rc < 0) {
|
2010-12-16 16:10:54 +00:00
|
|
|
virReportSystemError(-rc,
|
|
|
|
|
_("Unable to allow device %s for %s"),
|
2013-04-12 20:55:46 +00:00
|
|
|
dev->data.file.path, def->name);
|
2010-12-16 16:10:54 +00:00
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2013-04-12 20:55:46 +00:00
|
|
|
static int
|
|
|
|
|
qemuSetupChardevCgroup(virDomainDefPtr def,
|
|
|
|
|
virDomainChrDefPtr dev,
|
|
|
|
|
void *opaque)
|
|
|
|
|
{
|
2013-03-21 14:40:29 +00:00
|
|
|
return qemuSetupChrSourceCgroup(def, &dev->source, opaque);
|
2013-04-12 20:55:46 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
|
qemuSetupTPMCgroup(virDomainDefPtr def,
|
|
|
|
|
virDomainTPMDefPtr dev,
|
2013-03-21 14:40:29 +00:00
|
|
|
void *opaque)
|
2013-04-12 20:55:46 +00:00
|
|
|
{
|
|
|
|
|
int rc = 0;
|
|
|
|
|
|
|
|
|
|
switch (dev->type) {
|
|
|
|
|
case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH:
|
|
|
|
|
rc = qemuSetupChrSourceCgroup(def, &dev->data.passthrough.source,
|
2013-03-21 14:40:29 +00:00
|
|
|
opaque);
|
2013-04-12 20:55:46 +00:00
|
|
|
break;
|
|
|
|
|
case VIR_DOMAIN_TPM_TYPE_LAST:
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return rc;
|
|
|
|
|
}
|
|
|
|
|
|
2010-12-16 16:10:54 +00:00
|
|
|
|
2013-01-14 22:11:44 +00:00
|
|
|
int qemuSetupHostUsbDeviceCgroup(virUSBDevicePtr dev ATTRIBUTE_UNUSED,
|
2010-12-16 16:10:54 +00:00
|
|
|
const char *path,
|
|
|
|
|
void *opaque)
|
|
|
|
|
{
|
2013-03-21 14:40:29 +00:00
|
|
|
virDomainObjPtr vm = opaque;
|
|
|
|
|
qemuDomainObjPrivatePtr priv = vm->privateData;
|
2010-12-16 16:10:54 +00:00
|
|
|
int rc;
|
|
|
|
|
|
|
|
|
|
VIR_DEBUG("Process path '%s' for USB device", path);
|
2013-03-21 14:40:29 +00:00
|
|
|
rc = virCgroupAllowDevicePath(priv->cgroup, path,
|
2011-03-09 03:13:18 +00:00
|
|
|
VIR_CGROUP_DEVICE_RW);
|
2013-03-21 14:40:29 +00:00
|
|
|
virDomainAuditCgroupPath(vm, priv->cgroup, "allow", path, "rw", rc);
|
2011-02-17 00:05:54 +00:00
|
|
|
if (rc < 0) {
|
2010-12-16 16:10:54 +00:00
|
|
|
virReportSystemError(-rc,
|
|
|
|
|
_("Unable to allow device %s"),
|
|
|
|
|
path);
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2013-03-21 14:40:29 +00:00
|
|
|
|
|
|
|
|
int qemuInitCgroup(virQEMUDriverPtr driver,
|
Change default cgroup layout for QEMU/LXC and honour XML config
Historically QEMU/LXC guests have been placed in a cgroup layout
that is
$LOCATION-OF-LIBVIRTD/libvirt/{qemu,lxc}/$VMNAME
This is bad for a number of reasons
- The cgroup hierarchy gets very deep which seriously
impacts kernel performance due to cgroups scalability
limitations.
- It is hard to setup cgroup policies which apply across
services and virtual machines, since all VMs are underneath
the libvirtd service.
To address this the default cgroup location is changed to
be
/system/$VMNAME.{lxc,qemu}.libvirt
This puts virtual machines at the same level in the hierarchy
as system services, allowing consistent policy to be setup
across all of them.
This also honours the new resource partition location from the
XML configuration, for example
<resource>
<partition>/virtualmachines/production</partitions>
</resource>
will result in the VM being placed at
/virtualmachines/production/$VMNAME.{lxc,qemu}.libvirt
NB, with the exception of the default, /system, path which
is intended to always exist, libvirt will not attempt to
auto-create the partitions in the XML. It is the responsibility
of the admin/app to configure the partitions. Later libvirt
APIs will provide a way todo this.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-04-03 10:01:49 +00:00
|
|
|
virDomainObjPtr vm,
|
|
|
|
|
bool startup)
|
2013-03-21 14:40:29 +00:00
|
|
|
{
|
Change default cgroup layout for QEMU/LXC and honour XML config
Historically QEMU/LXC guests have been placed in a cgroup layout
that is
$LOCATION-OF-LIBVIRTD/libvirt/{qemu,lxc}/$VMNAME
This is bad for a number of reasons
- The cgroup hierarchy gets very deep which seriously
impacts kernel performance due to cgroups scalability
limitations.
- It is hard to setup cgroup policies which apply across
services and virtual machines, since all VMs are underneath
the libvirtd service.
To address this the default cgroup location is changed to
be
/system/$VMNAME.{lxc,qemu}.libvirt
This puts virtual machines at the same level in the hierarchy
as system services, allowing consistent policy to be setup
across all of them.
This also honours the new resource partition location from the
XML configuration, for example
<resource>
<partition>/virtualmachines/production</partitions>
</resource>
will result in the VM being placed at
/virtualmachines/production/$VMNAME.{lxc,qemu}.libvirt
NB, with the exception of the default, /system, path which
is intended to always exist, libvirt will not attempt to
auto-create the partitions in the XML. It is the responsibility
of the admin/app to configure the partitions. Later libvirt
APIs will provide a way todo this.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-04-03 10:01:49 +00:00
|
|
|
int rc = -1;
|
2013-03-21 14:40:29 +00:00
|
|
|
qemuDomainObjPrivatePtr priv = vm->privateData;
|
Change default cgroup layout for QEMU/LXC and honour XML config
Historically QEMU/LXC guests have been placed in a cgroup layout
that is
$LOCATION-OF-LIBVIRTD/libvirt/{qemu,lxc}/$VMNAME
This is bad for a number of reasons
- The cgroup hierarchy gets very deep which seriously
impacts kernel performance due to cgroups scalability
limitations.
- It is hard to setup cgroup policies which apply across
services and virtual machines, since all VMs are underneath
the libvirtd service.
To address this the default cgroup location is changed to
be
/system/$VMNAME.{lxc,qemu}.libvirt
This puts virtual machines at the same level in the hierarchy
as system services, allowing consistent policy to be setup
across all of them.
This also honours the new resource partition location from the
XML configuration, for example
<resource>
<partition>/virtualmachines/production</partitions>
</resource>
will result in the VM being placed at
/virtualmachines/production/$VMNAME.{lxc,qemu}.libvirt
NB, with the exception of the default, /system, path which
is intended to always exist, libvirt will not attempt to
auto-create the partitions in the XML. It is the responsibility
of the admin/app to configure the partitions. Later libvirt
APIs will provide a way todo this.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-04-03 10:01:49 +00:00
|
|
|
virCgroupPtr parent = NULL;
|
2013-03-21 14:40:29 +00:00
|
|
|
virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
|
|
|
|
|
|
2013-04-04 11:10:55 +00:00
|
|
|
if (!cfg->privileged)
|
|
|
|
|
goto done;
|
|
|
|
|
|
2013-03-21 14:40:29 +00:00
|
|
|
virCgroupFree(&priv->cgroup);
|
|
|
|
|
|
Change default cgroup layout for QEMU/LXC and honour XML config
Historically QEMU/LXC guests have been placed in a cgroup layout
that is
$LOCATION-OF-LIBVIRTD/libvirt/{qemu,lxc}/$VMNAME
This is bad for a number of reasons
- The cgroup hierarchy gets very deep which seriously
impacts kernel performance due to cgroups scalability
limitations.
- It is hard to setup cgroup policies which apply across
services and virtual machines, since all VMs are underneath
the libvirtd service.
To address this the default cgroup location is changed to
be
/system/$VMNAME.{lxc,qemu}.libvirt
This puts virtual machines at the same level in the hierarchy
as system services, allowing consistent policy to be setup
across all of them.
This also honours the new resource partition location from the
XML configuration, for example
<resource>
<partition>/virtualmachines/production</partitions>
</resource>
will result in the VM being placed at
/virtualmachines/production/$VMNAME.{lxc,qemu}.libvirt
NB, with the exception of the default, /system, path which
is intended to always exist, libvirt will not attempt to
auto-create the partitions in the XML. It is the responsibility
of the admin/app to configure the partitions. Later libvirt
APIs will provide a way todo this.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-04-03 10:01:49 +00:00
|
|
|
if (!vm->def->resource && startup) {
|
|
|
|
|
virDomainResourceDefPtr res;
|
|
|
|
|
|
|
|
|
|
if (VIR_ALLOC(res) < 0) {
|
|
|
|
|
virReportOOMError();
|
|
|
|
|
goto cleanup;
|
2013-03-21 14:40:29 +00:00
|
|
|
}
|
|
|
|
|
|
2013-04-18 10:07:17 +00:00
|
|
|
if (!(res->partition = strdup("/machine"))) {
|
Change default cgroup layout for QEMU/LXC and honour XML config
Historically QEMU/LXC guests have been placed in a cgroup layout
that is
$LOCATION-OF-LIBVIRTD/libvirt/{qemu,lxc}/$VMNAME
This is bad for a number of reasons
- The cgroup hierarchy gets very deep which seriously
impacts kernel performance due to cgroups scalability
limitations.
- It is hard to setup cgroup policies which apply across
services and virtual machines, since all VMs are underneath
the libvirtd service.
To address this the default cgroup location is changed to
be
/system/$VMNAME.{lxc,qemu}.libvirt
This puts virtual machines at the same level in the hierarchy
as system services, allowing consistent policy to be setup
across all of them.
This also honours the new resource partition location from the
XML configuration, for example
<resource>
<partition>/virtualmachines/production</partitions>
</resource>
will result in the VM being placed at
/virtualmachines/production/$VMNAME.{lxc,qemu}.libvirt
NB, with the exception of the default, /system, path which
is intended to always exist, libvirt will not attempt to
auto-create the partitions in the XML. It is the responsibility
of the admin/app to configure the partitions. Later libvirt
APIs will provide a way todo this.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-04-03 10:01:49 +00:00
|
|
|
virReportOOMError();
|
|
|
|
|
VIR_FREE(res);
|
|
|
|
|
goto cleanup;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
vm->def->resource = res;
|
2013-03-21 14:40:29 +00:00
|
|
|
}
|
|
|
|
|
|
Change default cgroup layout for QEMU/LXC and honour XML config
Historically QEMU/LXC guests have been placed in a cgroup layout
that is
$LOCATION-OF-LIBVIRTD/libvirt/{qemu,lxc}/$VMNAME
This is bad for a number of reasons
- The cgroup hierarchy gets very deep which seriously
impacts kernel performance due to cgroups scalability
limitations.
- It is hard to setup cgroup policies which apply across
services and virtual machines, since all VMs are underneath
the libvirtd service.
To address this the default cgroup location is changed to
be
/system/$VMNAME.{lxc,qemu}.libvirt
This puts virtual machines at the same level in the hierarchy
as system services, allowing consistent policy to be setup
across all of them.
This also honours the new resource partition location from the
XML configuration, for example
<resource>
<partition>/virtualmachines/production</partitions>
</resource>
will result in the VM being placed at
/virtualmachines/production/$VMNAME.{lxc,qemu}.libvirt
NB, with the exception of the default, /system, path which
is intended to always exist, libvirt will not attempt to
auto-create the partitions in the XML. It is the responsibility
of the admin/app to configure the partitions. Later libvirt
APIs will provide a way todo this.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-04-03 10:01:49 +00:00
|
|
|
if (vm->def->resource &&
|
|
|
|
|
vm->def->resource->partition) {
|
|
|
|
|
if (vm->def->resource->partition[0] != '/') {
|
|
|
|
|
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
|
|
|
|
|
_("Resource partition '%s' must start with '/'"),
|
|
|
|
|
vm->def->resource->partition);
|
|
|
|
|
goto cleanup;
|
|
|
|
|
}
|
|
|
|
|
/* We only auto-create the default partition. In other
|
|
|
|
|
* cases we expec the sysadmin/app to have done so */
|
|
|
|
|
rc = virCgroupNewPartition(vm->def->resource->partition,
|
|
|
|
|
STREQ(vm->def->resource->partition, "/system"),
|
|
|
|
|
cfg->cgroupControllers,
|
|
|
|
|
&parent);
|
|
|
|
|
if (rc != 0) {
|
|
|
|
|
if (rc == -ENXIO ||
|
|
|
|
|
rc == -EPERM ||
|
|
|
|
|
rc == -EACCES) { /* No cgroups mounts == success */
|
|
|
|
|
VIR_DEBUG("No cgroups present/configured/accessible, ignoring error");
|
|
|
|
|
goto done;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
virReportSystemError(-rc,
|
|
|
|
|
_("Unable to initialize %s cgroup"),
|
|
|
|
|
vm->def->resource->partition);
|
|
|
|
|
goto cleanup;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
rc = virCgroupNewDomainPartition(parent,
|
|
|
|
|
"qemu",
|
|
|
|
|
vm->def->name,
|
|
|
|
|
true,
|
|
|
|
|
&priv->cgroup);
|
|
|
|
|
if (rc != 0) {
|
|
|
|
|
virReportSystemError(-rc,
|
|
|
|
|
_("Unable to create cgroup for %s"),
|
|
|
|
|
vm->def->name);
|
|
|
|
|
goto cleanup;
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
rc = virCgroupNewDriver("qemu",
|
|
|
|
|
true,
|
|
|
|
|
cfg->cgroupControllers,
|
|
|
|
|
&parent);
|
|
|
|
|
if (rc != 0) {
|
|
|
|
|
if (rc == -ENXIO ||
|
|
|
|
|
rc == -EPERM ||
|
|
|
|
|
rc == -EACCES) { /* No cgroups mounts == success */
|
|
|
|
|
VIR_DEBUG("No cgroups present/configured/accessible, ignoring error");
|
|
|
|
|
goto done;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
virReportSystemError(-rc,
|
|
|
|
|
_("Unable to create cgroup for %s"),
|
|
|
|
|
vm->def->name);
|
|
|
|
|
goto cleanup;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
rc = virCgroupNewDomainDriver(parent,
|
|
|
|
|
vm->def->name,
|
|
|
|
|
true,
|
|
|
|
|
&priv->cgroup);
|
|
|
|
|
if (rc != 0) {
|
|
|
|
|
virReportSystemError(-rc,
|
|
|
|
|
_("Unable to create cgroup for %s"),
|
|
|
|
|
vm->def->name);
|
|
|
|
|
goto cleanup;
|
|
|
|
|
}
|
2013-03-21 14:40:29 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
done:
|
|
|
|
|
rc = 0;
|
|
|
|
|
cleanup:
|
Change default cgroup layout for QEMU/LXC and honour XML config
Historically QEMU/LXC guests have been placed in a cgroup layout
that is
$LOCATION-OF-LIBVIRTD/libvirt/{qemu,lxc}/$VMNAME
This is bad for a number of reasons
- The cgroup hierarchy gets very deep which seriously
impacts kernel performance due to cgroups scalability
limitations.
- It is hard to setup cgroup policies which apply across
services and virtual machines, since all VMs are underneath
the libvirtd service.
To address this the default cgroup location is changed to
be
/system/$VMNAME.{lxc,qemu}.libvirt
This puts virtual machines at the same level in the hierarchy
as system services, allowing consistent policy to be setup
across all of them.
This also honours the new resource partition location from the
XML configuration, for example
<resource>
<partition>/virtualmachines/production</partitions>
</resource>
will result in the VM being placed at
/virtualmachines/production/$VMNAME.{lxc,qemu}.libvirt
NB, with the exception of the default, /system, path which
is intended to always exist, libvirt will not attempt to
auto-create the partitions in the XML. It is the responsibility
of the admin/app to configure the partitions. Later libvirt
APIs will provide a way todo this.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-04-03 10:01:49 +00:00
|
|
|
virCgroupFree(&parent);
|
2013-03-21 14:40:29 +00:00
|
|
|
virObjectUnref(cfg);
|
|
|
|
|
return rc;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2012-11-28 16:43:10 +00:00
|
|
|
int qemuSetupCgroup(virQEMUDriverPtr driver,
|
2012-05-12 12:53:15 +00:00
|
|
|
virDomainObjPtr vm,
|
2012-09-14 07:47:00 +00:00
|
|
|
virBitmapPtr nodemask)
|
2010-12-16 16:10:54 +00:00
|
|
|
{
|
2013-03-21 14:40:29 +00:00
|
|
|
int rc = -1;
|
2010-12-16 16:10:54 +00:00
|
|
|
unsigned int i;
|
2013-01-10 21:03:14 +00:00
|
|
|
virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
|
2013-03-21 14:40:29 +00:00
|
|
|
qemuDomainObjPrivatePtr priv = vm->privateData;
|
2010-12-16 16:10:54 +00:00
|
|
|
const char *const *deviceACL =
|
2013-01-10 21:03:14 +00:00
|
|
|
cfg->cgroupDeviceACL ?
|
|
|
|
|
(const char *const *)cfg->cgroupDeviceACL :
|
2010-12-16 16:10:54 +00:00
|
|
|
defaultDeviceACL;
|
|
|
|
|
|
Change default cgroup layout for QEMU/LXC and honour XML config
Historically QEMU/LXC guests have been placed in a cgroup layout
that is
$LOCATION-OF-LIBVIRTD/libvirt/{qemu,lxc}/$VMNAME
This is bad for a number of reasons
- The cgroup hierarchy gets very deep which seriously
impacts kernel performance due to cgroups scalability
limitations.
- It is hard to setup cgroup policies which apply across
services and virtual machines, since all VMs are underneath
the libvirtd service.
To address this the default cgroup location is changed to
be
/system/$VMNAME.{lxc,qemu}.libvirt
This puts virtual machines at the same level in the hierarchy
as system services, allowing consistent policy to be setup
across all of them.
This also honours the new resource partition location from the
XML configuration, for example
<resource>
<partition>/virtualmachines/production</partitions>
</resource>
will result in the VM being placed at
/virtualmachines/production/$VMNAME.{lxc,qemu}.libvirt
NB, with the exception of the default, /system, path which
is intended to always exist, libvirt will not attempt to
auto-create the partitions in the XML. It is the responsibility
of the admin/app to configure the partitions. Later libvirt
APIs will provide a way todo this.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-04-03 10:01:49 +00:00
|
|
|
if (qemuInitCgroup(driver, vm, true) < 0)
|
2013-03-21 14:40:29 +00:00
|
|
|
return -1;
|
2010-12-16 16:10:54 +00:00
|
|
|
|
2013-03-21 14:40:29 +00:00
|
|
|
if (!priv->cgroup)
|
|
|
|
|
goto done;
|
2010-12-16 16:10:54 +00:00
|
|
|
|
2013-03-21 14:40:29 +00:00
|
|
|
if (virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DEVICES)) {
|
|
|
|
|
rc = virCgroupDenyAllDevices(priv->cgroup);
|
|
|
|
|
virDomainAuditCgroup(vm, priv->cgroup, "deny", "all", rc == 0);
|
2010-12-16 16:10:54 +00:00
|
|
|
if (rc != 0) {
|
|
|
|
|
if (rc == -EPERM) {
|
2011-05-09 09:24:09 +00:00
|
|
|
VIR_WARN("Group devices ACL is not accessible, disabling whitelisting");
|
2010-12-16 16:10:54 +00:00
|
|
|
goto done;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
virReportSystemError(-rc,
|
|
|
|
|
_("Unable to deny all devices for %s"), vm->def->name);
|
|
|
|
|
goto cleanup;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for (i = 0; i < vm->def->ndisks ; i++) {
|
2013-03-21 14:40:29 +00:00
|
|
|
if (qemuSetupDiskCgroup(vm, vm->def->disks[i]) < 0)
|
2010-12-16 16:10:54 +00:00
|
|
|
goto cleanup;
|
|
|
|
|
}
|
|
|
|
|
|
2013-03-21 14:40:29 +00:00
|
|
|
rc = virCgroupAllowDeviceMajor(priv->cgroup, 'c', DEVICE_PTY_MAJOR,
|
2011-03-09 03:13:18 +00:00
|
|
|
VIR_CGROUP_DEVICE_RW);
|
2013-03-21 14:40:29 +00:00
|
|
|
virDomainAuditCgroupMajor(vm, priv->cgroup, "allow", DEVICE_PTY_MAJOR,
|
Move qemu_audit.h helpers into shared code
The LXC and UML drivers can both make use of auditing. Move
the qemu_audit.{c,h} files to src/conf/domain_audit.{c,h}
* src/conf/domain_audit.c: Rename from src/qemu/qemu_audit.c
* src/conf/domain_audit.h: Rename from src/qemu/qemu_audit.h
* src/Makefile.am: Remove qemu_audit.{c,h}, add domain_audit.{c,h}
* src/qemu/qemu_audit.h, src/qemu/qemu_cgroup.c,
src/qemu/qemu_command.c, src/qemu/qemu_driver.c,
src/qemu/qemu_hotplug.c, src/qemu/qemu_migration.c,
src/qemu/qemu_process.c: Update for changed audit API names
2011-07-04 10:56:13 +00:00
|
|
|
"pty", "rw", rc == 0);
|
2010-12-16 16:10:54 +00:00
|
|
|
if (rc != 0) {
|
|
|
|
|
virReportSystemError(-rc, "%s",
|
|
|
|
|
_("unable to allow /dev/pts/ devices"));
|
|
|
|
|
goto cleanup;
|
|
|
|
|
}
|
|
|
|
|
|
2011-02-25 18:55:44 +00:00
|
|
|
if (vm->def->nsounds &&
|
|
|
|
|
(!vm->def->ngraphics ||
|
|
|
|
|
((vm->def->graphics[0]->type == VIR_DOMAIN_GRAPHICS_TYPE_VNC &&
|
2013-01-10 21:03:14 +00:00
|
|
|
cfg->vncAllowHostAudio) ||
|
2011-02-25 18:55:44 +00:00
|
|
|
(vm->def->graphics[0]->type == VIR_DOMAIN_GRAPHICS_TYPE_SDL)))) {
|
2013-03-21 14:40:29 +00:00
|
|
|
rc = virCgroupAllowDeviceMajor(priv->cgroup, 'c', DEVICE_SND_MAJOR,
|
2011-03-09 03:13:18 +00:00
|
|
|
VIR_CGROUP_DEVICE_RW);
|
2013-03-21 14:40:29 +00:00
|
|
|
virDomainAuditCgroupMajor(vm, priv->cgroup, "allow", DEVICE_SND_MAJOR,
|
Move qemu_audit.h helpers into shared code
The LXC and UML drivers can both make use of auditing. Move
the qemu_audit.{c,h} files to src/conf/domain_audit.{c,h}
* src/conf/domain_audit.c: Rename from src/qemu/qemu_audit.c
* src/conf/domain_audit.h: Rename from src/qemu/qemu_audit.h
* src/Makefile.am: Remove qemu_audit.{c,h}, add domain_audit.{c,h}
* src/qemu/qemu_audit.h, src/qemu/qemu_cgroup.c,
src/qemu/qemu_command.c, src/qemu/qemu_driver.c,
src/qemu/qemu_hotplug.c, src/qemu/qemu_migration.c,
src/qemu/qemu_process.c: Update for changed audit API names
2011-07-04 10:56:13 +00:00
|
|
|
"sound", "rw", rc == 0);
|
2010-12-16 16:10:54 +00:00
|
|
|
if (rc != 0) {
|
|
|
|
|
virReportSystemError(-rc, "%s",
|
|
|
|
|
_("unable to allow /dev/snd/ devices"));
|
|
|
|
|
goto cleanup;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for (i = 0; deviceACL[i] != NULL ; i++) {
|
2013-02-27 16:57:16 +00:00
|
|
|
if (access(deviceACL[i], F_OK) < 0) {
|
|
|
|
|
VIR_DEBUG("Ignoring non-existant device %s",
|
|
|
|
|
deviceACL[i]);
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
2013-03-21 14:40:29 +00:00
|
|
|
rc = virCgroupAllowDevicePath(priv->cgroup, deviceACL[i],
|
2011-03-09 03:13:18 +00:00
|
|
|
VIR_CGROUP_DEVICE_RW);
|
2013-03-21 14:40:29 +00:00
|
|
|
virDomainAuditCgroupPath(vm, priv->cgroup, "allow", deviceACL[i], "rw", rc);
|
2010-12-16 16:10:54 +00:00
|
|
|
if (rc < 0 &&
|
|
|
|
|
rc != -ENOENT) {
|
|
|
|
|
virReportSystemError(-rc,
|
|
|
|
|
_("unable to allow device %s"),
|
|
|
|
|
deviceACL[i]);
|
|
|
|
|
goto cleanup;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (virDomainChrDefForeach(vm->def,
|
|
|
|
|
true,
|
|
|
|
|
qemuSetupChardevCgroup,
|
2013-03-21 14:40:29 +00:00
|
|
|
vm) < 0)
|
2010-12-16 16:10:54 +00:00
|
|
|
goto cleanup;
|
|
|
|
|
|
2013-03-21 14:40:29 +00:00
|
|
|
if (vm->def->tpm &&
|
|
|
|
|
(qemuSetupTPMCgroup(vm->def,
|
2013-04-12 20:55:46 +00:00
|
|
|
vm->def->tpm,
|
2013-03-21 14:40:29 +00:00
|
|
|
vm) < 0))
|
|
|
|
|
goto cleanup;
|
2013-04-12 20:55:46 +00:00
|
|
|
|
2010-12-16 16:10:54 +00:00
|
|
|
for (i = 0; i < vm->def->nhostdevs; i++) {
|
|
|
|
|
virDomainHostdevDefPtr hostdev = vm->def->hostdevs[i];
|
2013-01-14 22:11:44 +00:00
|
|
|
virUSBDevicePtr usb;
|
2010-12-16 16:10:54 +00:00
|
|
|
|
|
|
|
|
if (hostdev->mode != VIR_DOMAIN_HOSTDEV_MODE_SUBSYS)
|
|
|
|
|
continue;
|
|
|
|
|
if (hostdev->source.subsys.type != VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_USB)
|
|
|
|
|
continue;
|
2012-10-04 14:18:16 +00:00
|
|
|
if (hostdev->missing)
|
|
|
|
|
continue;
|
2010-12-16 16:10:54 +00:00
|
|
|
|
2013-01-14 22:11:44 +00:00
|
|
|
if ((usb = virUSBDeviceNew(hostdev->source.subsys.u.usb.bus,
|
|
|
|
|
hostdev->source.subsys.u.usb.device,
|
|
|
|
|
NULL)) == NULL)
|
2010-12-16 16:10:54 +00:00
|
|
|
goto cleanup;
|
|
|
|
|
|
2013-01-14 22:11:44 +00:00
|
|
|
if (virUSBDeviceFileIterate(usb, qemuSetupHostUsbDeviceCgroup,
|
2013-03-21 14:40:29 +00:00
|
|
|
vm) < 0) {
|
2013-01-14 22:11:44 +00:00
|
|
|
virUSBDeviceFree(usb);
|
2010-12-16 16:10:54 +00:00
|
|
|
goto cleanup;
|
2013-02-05 15:14:46 +00:00
|
|
|
}
|
2013-01-14 22:11:44 +00:00
|
|
|
virUSBDeviceFree(usb);
|
2010-12-16 16:10:54 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2011-04-01 03:41:33 +00:00
|
|
|
if (vm->def->blkio.weight != 0) {
|
2013-03-21 14:40:29 +00:00
|
|
|
if (virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_BLKIO)) {
|
|
|
|
|
rc = virCgroupSetBlkioWeight(priv->cgroup, vm->def->blkio.weight);
|
2012-10-17 09:23:12 +00:00
|
|
|
if (rc != 0) {
|
2011-02-08 06:59:38 +00:00
|
|
|
virReportSystemError(-rc,
|
|
|
|
|
_("Unable to set io weight for domain %s"),
|
|
|
|
|
vm->def->name);
|
|
|
|
|
goto cleanup;
|
|
|
|
|
}
|
2011-04-01 03:41:33 +00:00
|
|
|
} else {
|
2012-07-18 15:22:03 +00:00
|
|
|
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
|
|
|
|
|
_("Block I/O tuning is not available on this host"));
|
2011-11-08 11:00:34 +00:00
|
|
|
goto cleanup;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (vm->def->blkio.ndevices) {
|
2013-03-21 14:40:29 +00:00
|
|
|
if (virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_BLKIO)) {
|
2011-11-08 11:00:34 +00:00
|
|
|
for (i = 0; i < vm->def->blkio.ndevices; i++) {
|
|
|
|
|
virBlkioDeviceWeightPtr dw = &vm->def->blkio.devices[i];
|
qemu: filter blkio 0-device-weight at two other places
filter 0-device-weight when:
- getting blkio parameters with --config
- starting up a domain
When testing with blkio, I found these issues:
(dom is down)
virsh blkiotune dom --device-weights /dev/sda,300,/dev/sdb,500
virsh blkiotune dom --device-weights /dev/sda,300,/dev/sdb,0
virsh blkiotune dom
weight : 800
device_weight : /dev/sda,200,/dev/sdb,0
# issue 1: shows 0 device weight of /dev/sdb that may confuse user
(continued)
virsh start dom
# issue 2: If /dev/sdb doesn't exist, libvirt refuses to bring the
# dom up because it wants to set the device weight to 0 of a
# non-existing device. Since 0 means no weight-limit, we really don't
# have to set it.
2011-11-30 02:11:08 +00:00
|
|
|
if (!dw->weight)
|
|
|
|
|
continue;
|
2013-03-21 14:40:29 +00:00
|
|
|
rc = virCgroupSetBlkioDeviceWeight(priv->cgroup, dw->path,
|
2011-11-08 11:00:34 +00:00
|
|
|
dw->weight);
|
|
|
|
|
if (rc != 0) {
|
|
|
|
|
virReportSystemError(-rc,
|
|
|
|
|
_("Unable to set io device weight "
|
|
|
|
|
"for domain %s"),
|
|
|
|
|
vm->def->name);
|
|
|
|
|
goto cleanup;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
} else {
|
maint: don't permit format strings without %
Any time we have a string with no % passed through gettext, a
translator can inject a % to cause a stack overread. When there
is nothing to format, it's easier to ask for a string that cannot
be used as a formatter, by using a trivial "%s" format instead.
In the past, we have used --disable-nls to catch some of the
offenders, but that doesn't get run very often, and many more
uses have crept in. Syntax check to the rescue!
The syntax check can catch uses such as
virReportError(code,
_("split "
"string"));
by using a sed script to fold context lines into one pattern
space before checking for a string without %.
This patch is just mechanical insertion of %s; there are probably
several messages touched by this patch where we would be better
off giving the user more information than a fixed string.
* cfg.mk (sc_prohibit_diagnostic_without_format): New rule.
* src/datatypes.c (virUnrefConnect, virGetDomain)
(virUnrefDomain, virGetNetwork, virUnrefNetwork, virGetInterface)
(virUnrefInterface, virGetStoragePool, virUnrefStoragePool)
(virGetStorageVol, virUnrefStorageVol, virGetNodeDevice)
(virGetSecret, virUnrefSecret, virGetNWFilter, virUnrefNWFilter)
(virGetDomainSnapshot, virUnrefDomainSnapshot): Add %s wrapper.
* src/lxc/lxc_driver.c (lxcDomainSetBlkioParameters)
(lxcDomainGetBlkioParameters): Likewise.
* src/conf/domain_conf.c (virSecurityDeviceLabelDefParseXML)
(virDomainDiskDefParseXML, virDomainGraphicsDefParseXML):
Likewise.
* src/conf/network_conf.c (virNetworkDNSHostsDefParseXML)
(virNetworkDefParseXML): Likewise.
* src/conf/nwfilter_conf.c (virNWFilterIsValidChainName):
Likewise.
* src/conf/nwfilter_params.c (virNWFilterVarValueCreateSimple)
(virNWFilterVarAccessParse): Likewise.
* src/libvirt.c (virDomainSave, virDomainSaveFlags)
(virDomainRestore, virDomainRestoreFlags)
(virDomainSaveImageGetXMLDesc, virDomainSaveImageDefineXML)
(virDomainCoreDump, virDomainGetXMLDesc)
(virDomainMigrateVersion1, virDomainMigrateVersion2)
(virDomainMigrateVersion3, virDomainMigrate, virDomainMigrate2)
(virStreamSendAll, virStreamRecvAll)
(virDomainSnapshotGetXMLDesc): Likewise.
* src/nwfilter/nwfilter_dhcpsnoop.c (virNWFilterSnoopReqLeaseDel)
(virNWFilterDHCPSnoopReq): Likewise.
* src/openvz/openvz_driver.c (openvzUpdateDevice): Likewise.
* src/openvz/openvz_util.c (openvzKBPerPages): Likewise.
* src/qemu/qemu_cgroup.c (qemuSetupCgroup): Likewise.
* src/qemu/qemu_command.c (qemuBuildHubDevStr, qemuBuildChrChardevStr)
(qemuBuildCommandLine): Likewise.
* src/qemu/qemu_driver.c (qemuDomainGetPercpuStats): Likewise.
* src/qemu/qemu_hotplug.c (qemuDomainAttachNetDevice): Likewise.
* src/rpc/virnetsaslcontext.c (virNetSASLSessionGetIdentity):
Likewise.
* src/rpc/virnetsocket.c (virNetSocketNewConnectUNIX)
(virNetSocketSendFD, virNetSocketRecvFD): Likewise.
* src/storage/storage_backend_disk.c
(virStorageBackendDiskBuildPool): Likewise.
* src/storage/storage_backend_fs.c
(virStorageBackendFileSystemProbe)
(virStorageBackendFileSystemBuild): Likewise.
* src/storage/storage_backend_rbd.c
(virStorageBackendRBDOpenRADOSConn): Likewise.
* src/storage/storage_driver.c (storageVolumeResize): Likewise.
* src/test/test_driver.c (testInterfaceChangeBegin)
(testInterfaceChangeCommit, testInterfaceChangeRollback):
Likewise.
* src/vbox/vbox_tmpl.c (vboxListAllDomains): Likewise.
* src/xenxs/xen_sxpr.c (xenFormatSxprDisk, xenFormatSxpr):
Likewise.
* src/xenxs/xen_xm.c (xenXMConfigGetUUID, xenFormatXMDisk)
(xenFormatXM): Likewise.
2012-07-23 20:33:08 +00:00
|
|
|
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
|
2012-07-18 15:22:03 +00:00
|
|
|
_("Block I/O tuning is not available on this host"));
|
2011-11-08 11:00:34 +00:00
|
|
|
goto cleanup;
|
2011-02-08 06:59:38 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2013-03-21 14:40:29 +00:00
|
|
|
if (virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_MEMORY)) {
|
2012-07-17 16:38:47 +00:00
|
|
|
unsigned long long hard_limit = vm->def->mem.hard_limit;
|
|
|
|
|
|
|
|
|
|
if (!hard_limit) {
|
qemu: Relax hard RSS limit
Currently, if there's no hard memory limit defined for a domain,
libvirt tries to calculate one, based on domain definition and magic
equation and set it upon the domain startup. The rationale behind was,
if there's a memory leak or exploit in qemu, we should prevent the
host system trashing. However, the equation was too tightening, as it
didn't reflect what the kernel counts into the memory used by a
process. Since many hosts do have a swap, nobody hasn't noticed
anything, because if hard memory limit is reached, process can
continue allocating memory on a swap. However, if there is no swap on
the host, the process gets killed by OOM killer. In our case, the qemu
process it is.
To prevent this, we need to relax the hard RSS limit. Moreover, we
should reflect more precisely the kernel way of accounting the memory
for process. That is, even the kernel caches are counted within the
memory used by a process (within cgroups at least). Hence the magic
equation has to be changed:
limit = 1.5 * (domain memory + total video memory) + (32MB for cache
per each disk) + 200MB
2013-01-08 09:15:49 +00:00
|
|
|
/* If there is no hard_limit set, set a reasonable one to avoid
|
2013-01-09 23:39:18 +00:00
|
|
|
* system thrashing caused by exploited qemu. A 'reasonable
|
|
|
|
|
* limit' has been chosen:
|
qemu: Relax hard RSS limit
Currently, if there's no hard memory limit defined for a domain,
libvirt tries to calculate one, based on domain definition and magic
equation and set it upon the domain startup. The rationale behind was,
if there's a memory leak or exploit in qemu, we should prevent the
host system trashing. However, the equation was too tightening, as it
didn't reflect what the kernel counts into the memory used by a
process. Since many hosts do have a swap, nobody hasn't noticed
anything, because if hard memory limit is reached, process can
continue allocating memory on a swap. However, if there is no swap on
the host, the process gets killed by OOM killer. In our case, the qemu
process it is.
To prevent this, we need to relax the hard RSS limit. Moreover, we
should reflect more precisely the kernel way of accounting the memory
for process. That is, even the kernel caches are counted within the
memory used by a process (within cgroups at least). Hence the magic
equation has to be changed:
limit = 1.5 * (domain memory + total video memory) + (32MB for cache
per each disk) + 200MB
2013-01-08 09:15:49 +00:00
|
|
|
* (1 + k) * (domain memory + total video memory) + (32MB for
|
|
|
|
|
* cache per each disk) + F
|
|
|
|
|
* where k = 0.5 and F = 200MB. The cache for disks is important as
|
|
|
|
|
* kernel cache on the host side counts into the RSS limit. */
|
2012-07-17 16:38:47 +00:00
|
|
|
hard_limit = vm->def->mem.max_balloon;
|
|
|
|
|
for (i = 0; i < vm->def->nvideos; i++)
|
|
|
|
|
hard_limit += vm->def->videos[i]->vram;
|
qemu: Relax hard RSS limit
Currently, if there's no hard memory limit defined for a domain,
libvirt tries to calculate one, based on domain definition and magic
equation and set it upon the domain startup. The rationale behind was,
if there's a memory leak or exploit in qemu, we should prevent the
host system trashing. However, the equation was too tightening, as it
didn't reflect what the kernel counts into the memory used by a
process. Since many hosts do have a swap, nobody hasn't noticed
anything, because if hard memory limit is reached, process can
continue allocating memory on a swap. However, if there is no swap on
the host, the process gets killed by OOM killer. In our case, the qemu
process it is.
To prevent this, we need to relax the hard RSS limit. Moreover, we
should reflect more precisely the kernel way of accounting the memory
for process. That is, even the kernel caches are counted within the
memory used by a process (within cgroups at least). Hence the magic
equation has to be changed:
limit = 1.5 * (domain memory + total video memory) + (32MB for cache
per each disk) + 200MB
2013-01-08 09:15:49 +00:00
|
|
|
hard_limit = hard_limit * 1.5 + 204800;
|
|
|
|
|
hard_limit += vm->def->ndisks * 32768;
|
2012-07-17 16:38:47 +00:00
|
|
|
}
|
|
|
|
|
|
2013-03-21 14:40:29 +00:00
|
|
|
rc = virCgroupSetMemoryHardLimit(priv->cgroup, hard_limit);
|
2012-07-17 16:38:47 +00:00
|
|
|
if (rc != 0) {
|
|
|
|
|
virReportSystemError(-rc,
|
|
|
|
|
_("Unable to set memory hard limit for domain %s"),
|
|
|
|
|
vm->def->name);
|
|
|
|
|
goto cleanup;
|
|
|
|
|
}
|
|
|
|
|
if (vm->def->mem.soft_limit != 0) {
|
2013-03-21 14:40:29 +00:00
|
|
|
rc = virCgroupSetMemorySoftLimit(priv->cgroup, vm->def->mem.soft_limit);
|
2012-07-17 16:38:47 +00:00
|
|
|
if (rc != 0) {
|
|
|
|
|
virReportSystemError(-rc,
|
|
|
|
|
_("Unable to set memory soft limit for domain %s"),
|
|
|
|
|
vm->def->name);
|
|
|
|
|
goto cleanup;
|
2010-12-16 16:10:54 +00:00
|
|
|
}
|
2012-07-17 16:38:47 +00:00
|
|
|
}
|
2010-12-16 16:10:54 +00:00
|
|
|
|
2012-07-17 16:38:47 +00:00
|
|
|
if (vm->def->mem.swap_hard_limit != 0) {
|
2013-03-21 14:40:29 +00:00
|
|
|
rc = virCgroupSetMemSwapHardLimit(priv->cgroup, vm->def->mem.swap_hard_limit);
|
2012-07-17 16:38:47 +00:00
|
|
|
if (rc != 0) {
|
|
|
|
|
virReportSystemError(-rc,
|
|
|
|
|
_("Unable to set swap hard limit for domain %s"),
|
|
|
|
|
vm->def->name);
|
|
|
|
|
goto cleanup;
|
2010-12-16 16:10:54 +00:00
|
|
|
}
|
|
|
|
|
}
|
2012-07-17 16:38:47 +00:00
|
|
|
} else if (vm->def->mem.hard_limit != 0 ||
|
|
|
|
|
vm->def->mem.soft_limit != 0 ||
|
|
|
|
|
vm->def->mem.swap_hard_limit != 0) {
|
|
|
|
|
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
|
|
|
|
|
_("Memory cgroup is not available on this host"));
|
|
|
|
|
} else {
|
|
|
|
|
VIR_WARN("Could not autoset a RSS limit for domain %s", vm->def->name);
|
2010-12-16 16:10:54 +00:00
|
|
|
}
|
|
|
|
|
|
2011-04-01 03:41:33 +00:00
|
|
|
if (vm->def->cputune.shares != 0) {
|
2013-03-21 14:40:29 +00:00
|
|
|
if (virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_CPU)) {
|
|
|
|
|
rc = virCgroupSetCpuShares(priv->cgroup, vm->def->cputune.shares);
|
2012-10-17 09:23:12 +00:00
|
|
|
if (rc != 0) {
|
2011-03-29 13:41:25 +00:00
|
|
|
virReportSystemError(-rc,
|
|
|
|
|
_("Unable to set io cpu shares for domain %s"),
|
|
|
|
|
vm->def->name);
|
|
|
|
|
goto cleanup;
|
|
|
|
|
}
|
2011-04-01 03:41:33 +00:00
|
|
|
} else {
|
2012-07-18 15:22:03 +00:00
|
|
|
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
|
|
|
|
|
_("CPU tuning is not available on this host"));
|
2011-03-29 13:41:25 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2012-05-12 12:53:15 +00:00
|
|
|
if ((vm->def->numatune.memory.nodemask ||
|
|
|
|
|
(vm->def->numatune.memory.placement_mode ==
|
2013-03-20 03:35:08 +00:00
|
|
|
VIR_NUMA_TUNE_MEM_PLACEMENT_MODE_AUTO)) &&
|
2011-12-20 08:34:59 +00:00
|
|
|
vm->def->numatune.memory.mode == VIR_DOMAIN_NUMATUNE_MEM_STRICT &&
|
2013-03-21 14:40:29 +00:00
|
|
|
virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_CPUSET)) {
|
2012-05-12 12:53:15 +00:00
|
|
|
char *mask = NULL;
|
|
|
|
|
if (vm->def->numatune.memory.placement_mode ==
|
2013-03-20 03:35:08 +00:00
|
|
|
VIR_NUMA_TUNE_MEM_PLACEMENT_MODE_AUTO)
|
2012-09-14 07:47:00 +00:00
|
|
|
mask = virBitmapFormat(nodemask);
|
2012-05-12 12:53:15 +00:00
|
|
|
else
|
2012-09-14 07:47:00 +00:00
|
|
|
mask = virBitmapFormat(vm->def->numatune.memory.nodemask);
|
2011-12-20 08:34:59 +00:00
|
|
|
if (!mask) {
|
2012-07-18 15:22:03 +00:00
|
|
|
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
|
|
|
|
|
_("failed to convert memory nodemask"));
|
2011-12-20 08:34:59 +00:00
|
|
|
goto cleanup;
|
|
|
|
|
}
|
|
|
|
|
|
2013-03-21 14:40:29 +00:00
|
|
|
rc = virCgroupSetCpusetMems(priv->cgroup, mask);
|
2011-12-20 08:34:59 +00:00
|
|
|
VIR_FREE(mask);
|
|
|
|
|
if (rc != 0) {
|
|
|
|
|
virReportSystemError(-rc,
|
|
|
|
|
_("Unable to set cpuset.mems for domain %s"),
|
|
|
|
|
vm->def->name);
|
|
|
|
|
goto cleanup;
|
|
|
|
|
}
|
|
|
|
|
}
|
2010-12-16 16:10:54 +00:00
|
|
|
|
2013-03-21 14:40:29 +00:00
|
|
|
done:
|
|
|
|
|
rc = 0;
|
2010-12-16 16:10:54 +00:00
|
|
|
cleanup:
|
2013-01-10 21:03:14 +00:00
|
|
|
virObjectUnref(cfg);
|
2013-03-21 14:40:29 +00:00
|
|
|
return rc == 0 ? 0 : -1;
|
2010-12-16 16:10:54 +00:00
|
|
|
}
|
|
|
|
|
|
2011-07-21 02:10:31 +00:00
|
|
|
int qemuSetupCgroupVcpuBW(virCgroupPtr cgroup, unsigned long long period,
|
|
|
|
|
long long quota)
|
|
|
|
|
{
|
|
|
|
|
int rc;
|
|
|
|
|
unsigned long long old_period;
|
|
|
|
|
|
|
|
|
|
if (period == 0 && quota == 0)
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
if (period) {
|
|
|
|
|
/* get old period, and we can rollback if set quota failed */
|
|
|
|
|
rc = virCgroupGetCpuCfsPeriod(cgroup, &old_period);
|
|
|
|
|
if (rc < 0) {
|
|
|
|
|
virReportSystemError(-rc,
|
2011-07-21 09:32:57 +00:00
|
|
|
"%s", _("Unable to get cpu bandwidth period"));
|
2011-07-21 02:10:31 +00:00
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
rc = virCgroupSetCpuCfsPeriod(cgroup, period);
|
|
|
|
|
if (rc < 0) {
|
|
|
|
|
virReportSystemError(-rc,
|
2011-07-21 09:32:57 +00:00
|
|
|
"%s", _("Unable to set cpu bandwidth period"));
|
2011-07-21 02:10:31 +00:00
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (quota) {
|
|
|
|
|
rc = virCgroupSetCpuCfsQuota(cgroup, quota);
|
|
|
|
|
if (rc < 0) {
|
|
|
|
|
virReportSystemError(-rc,
|
2011-07-21 09:32:57 +00:00
|
|
|
"%s", _("Unable to set cpu bandwidth quota"));
|
2011-07-21 02:10:31 +00:00
|
|
|
goto cleanup;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
cleanup:
|
|
|
|
|
if (period) {
|
|
|
|
|
rc = virCgroupSetCpuCfsPeriod(cgroup, old_period);
|
|
|
|
|
if (rc < 0)
|
2012-07-10 21:43:08 +00:00
|
|
|
virReportSystemError(-rc, "%s",
|
2012-07-06 01:53:11 +00:00
|
|
|
_("Unable to rollback cpu bandwidth period"));
|
2011-07-21 02:10:31 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
2012-08-21 09:18:30 +00:00
|
|
|
int qemuSetupCgroupVcpuPin(virCgroupPtr cgroup,
|
|
|
|
|
virDomainVcpuPinDefPtr *vcpupin,
|
|
|
|
|
int nvcpupin,
|
|
|
|
|
int vcpuid)
|
|
|
|
|
{
|
2012-08-21 09:18:33 +00:00
|
|
|
int i;
|
2012-08-21 09:18:30 +00:00
|
|
|
|
|
|
|
|
for (i = 0; i < nvcpupin; i++) {
|
|
|
|
|
if (vcpuid == vcpupin[i]->vcpuid) {
|
2012-10-17 14:39:31 +00:00
|
|
|
return qemuSetupCgroupEmulatorPin(cgroup, vcpupin[i]->cpumask);
|
2012-08-21 09:18:30 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2012-08-21 09:18:33 +00:00
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int qemuSetupCgroupEmulatorPin(virCgroupPtr cgroup,
|
2012-10-17 14:39:31 +00:00
|
|
|
virBitmapPtr cpumask)
|
2012-08-21 09:18:33 +00:00
|
|
|
{
|
|
|
|
|
int rc = 0;
|
|
|
|
|
char *new_cpus = NULL;
|
|
|
|
|
|
2012-10-17 14:39:31 +00:00
|
|
|
new_cpus = virBitmapFormat(cpumask);
|
2012-08-21 09:18:33 +00:00
|
|
|
if (!new_cpus) {
|
|
|
|
|
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
|
|
|
|
|
_("failed to convert cpu mask"));
|
|
|
|
|
rc = -1;
|
|
|
|
|
goto cleanup;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
rc = virCgroupSetCpusetCpus(cgroup, new_cpus);
|
|
|
|
|
if (rc < 0) {
|
|
|
|
|
virReportSystemError(-rc,
|
|
|
|
|
"%s",
|
|
|
|
|
_("Unable to set cpuset.cpus"));
|
|
|
|
|
goto cleanup;
|
|
|
|
|
}
|
|
|
|
|
|
2012-08-21 09:18:30 +00:00
|
|
|
cleanup:
|
|
|
|
|
VIR_FREE(new_cpus);
|
|
|
|
|
return rc;
|
|
|
|
|
}
|
|
|
|
|
|
2013-03-21 14:40:29 +00:00
|
|
|
int qemuSetupCgroupForVcpu(virDomainObjPtr vm)
|
2011-07-21 02:10:31 +00:00
|
|
|
{
|
|
|
|
|
virCgroupPtr cgroup_vcpu = NULL;
|
|
|
|
|
qemuDomainObjPrivatePtr priv = vm->privateData;
|
2012-08-21 09:18:30 +00:00
|
|
|
virDomainDefPtr def = vm->def;
|
2011-07-21 02:10:31 +00:00
|
|
|
int rc;
|
2012-09-04 13:26:46 +00:00
|
|
|
unsigned int i, j;
|
2011-07-21 02:10:31 +00:00
|
|
|
unsigned long long period = vm->def->cputune.period;
|
|
|
|
|
long long quota = vm->def->cputune.quota;
|
|
|
|
|
|
2012-08-29 13:30:34 +00:00
|
|
|
if ((period || quota) &&
|
2013-03-21 14:40:29 +00:00
|
|
|
!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_CPU)) {
|
2012-08-29 14:08:59 +00:00
|
|
|
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
|
|
|
|
|
_("cgroup cpu is required for scheduler tuning"));
|
2012-08-21 09:18:41 +00:00
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
2012-08-29 14:08:59 +00:00
|
|
|
/* We are trying to setup cgroups for CPU pinning, which can also be done
|
|
|
|
|
* with virProcessInfoSetAffinity, thus the lack of cgroups is not fatal
|
|
|
|
|
* here.
|
|
|
|
|
*/
|
2013-03-21 14:40:29 +00:00
|
|
|
if (priv->cgroup == NULL)
|
2012-08-29 14:08:59 +00:00
|
|
|
return 0;
|
|
|
|
|
|
2011-07-21 02:10:31 +00:00
|
|
|
if (priv->nvcpupids == 0 || priv->vcpupids[0] == vm->pid) {
|
2012-08-21 09:18:42 +00:00
|
|
|
/* If we don't know VCPU<->PID mapping or all vcpu runs in the same
|
2011-07-21 09:32:57 +00:00
|
|
|
* thread, we cannot control each vcpu.
|
2011-07-21 02:10:31 +00:00
|
|
|
*/
|
2012-08-24 15:31:47 +00:00
|
|
|
VIR_WARN("Unable to get vcpus' pids.");
|
|
|
|
|
return 0;
|
2011-07-21 02:10:31 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for (i = 0; i < priv->nvcpupids; i++) {
|
2013-03-28 16:33:22 +00:00
|
|
|
rc = virCgroupNewVcpu(priv->cgroup, i, true, &cgroup_vcpu);
|
2011-07-21 02:10:31 +00:00
|
|
|
if (rc < 0) {
|
|
|
|
|
virReportSystemError(-rc,
|
|
|
|
|
_("Unable to create vcpu cgroup for %s(vcpu:"
|
|
|
|
|
" %d)"),
|
|
|
|
|
vm->def->name, i);
|
|
|
|
|
goto cleanup;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* move the thread for vcpu to sub dir */
|
|
|
|
|
rc = virCgroupAddTask(cgroup_vcpu, priv->vcpupids[i]);
|
|
|
|
|
if (rc < 0) {
|
|
|
|
|
virReportSystemError(-rc,
|
|
|
|
|
_("unable to add vcpu %d task %d to cgroup"),
|
|
|
|
|
i, priv->vcpupids[i]);
|
|
|
|
|
goto cleanup;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (period || quota) {
|
2012-08-21 09:18:41 +00:00
|
|
|
if (qemuSetupCgroupVcpuBW(cgroup_vcpu, period, quota) < 0)
|
|
|
|
|
goto cleanup;
|
2011-07-21 02:10:31 +00:00
|
|
|
}
|
|
|
|
|
|
2012-08-21 09:18:30 +00:00
|
|
|
/* Set vcpupin in cgroup if vcpupin xml is provided */
|
2013-03-21 14:40:29 +00:00
|
|
|
if (virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_CPUSET)) {
|
2012-09-04 13:26:46 +00:00
|
|
|
/* find the right CPU to pin, otherwise
|
|
|
|
|
* qemuSetupCgroupVcpuPin will fail. */
|
|
|
|
|
for (j = 0; j < def->cputune.nvcpupin; j++) {
|
|
|
|
|
if (def->cputune.vcpupin[j]->vcpuid != i)
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
if (qemuSetupCgroupVcpuPin(cgroup_vcpu,
|
|
|
|
|
def->cputune.vcpupin,
|
|
|
|
|
def->cputune.nvcpupin,
|
|
|
|
|
i) < 0)
|
|
|
|
|
goto cleanup;
|
|
|
|
|
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
2012-08-21 09:18:30 +00:00
|
|
|
|
2011-07-21 02:10:31 +00:00
|
|
|
virCgroupFree(&cgroup_vcpu);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
cleanup:
|
2012-08-21 09:18:26 +00:00
|
|
|
if (cgroup_vcpu) {
|
|
|
|
|
virCgroupRemove(cgroup_vcpu);
|
|
|
|
|
virCgroupFree(&cgroup_vcpu);
|
|
|
|
|
}
|
|
|
|
|
|
2011-07-21 02:10:31 +00:00
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
2012-11-28 16:43:10 +00:00
|
|
|
int qemuSetupCgroupForEmulator(virQEMUDriverPtr driver,
|
qemu: Keep the affinity when creating cgroup for emulator thread
When the cpu placement model is "auto", it sets the affinity for
domain process with the advisory nodeset from numad, however,
creating cgroup for the domain process (called emulator thread
in some contexts) later overrides that with pinning it to all
available pCPUs.
How to reproduce:
* Configure the domain with "auto" placement for <vcpu>, e.g.
<vcpu placement='auto'>4</vcpu>
* % virsh start dom
* % cat /proc/$dompid/status
Though the emulator cgroup cause conflicts, but we can't simply
prohibit creating it, as other tunables are still useful, such
as "emulator_period", which is used by API
virDomainSetSchedulerParameter. So this patch doesn't prohibit
creating the emulator cgroup, but inherit the nodeset from numad,
and reset the affinity for domain process.
* src/qemu/qemu_cgroup.h: Modify definition of qemuSetupCgroupForEmulator
to accept the passed nodenet
* src/qemu/qemu_cgroup.c: Set the affinity with the passed nodeset
2012-10-24 09:27:56 +00:00
|
|
|
virDomainObjPtr vm,
|
|
|
|
|
virBitmapPtr nodemask)
|
2012-08-21 09:18:26 +00:00
|
|
|
{
|
2012-10-17 14:39:31 +00:00
|
|
|
virBitmapPtr cpumask = NULL;
|
qemu: Keep the affinity when creating cgroup for emulator thread
When the cpu placement model is "auto", it sets the affinity for
domain process with the advisory nodeset from numad, however,
creating cgroup for the domain process (called emulator thread
in some contexts) later overrides that with pinning it to all
available pCPUs.
How to reproduce:
* Configure the domain with "auto" placement for <vcpu>, e.g.
<vcpu placement='auto'>4</vcpu>
* % virsh start dom
* % cat /proc/$dompid/status
Though the emulator cgroup cause conflicts, but we can't simply
prohibit creating it, as other tunables are still useful, such
as "emulator_period", which is used by API
virDomainSetSchedulerParameter. So this patch doesn't prohibit
creating the emulator cgroup, but inherit the nodeset from numad,
and reset the affinity for domain process.
* src/qemu/qemu_cgroup.h: Modify definition of qemuSetupCgroupForEmulator
to accept the passed nodenet
* src/qemu/qemu_cgroup.c: Set the affinity with the passed nodeset
2012-10-24 09:27:56 +00:00
|
|
|
virBitmapPtr cpumap = NULL;
|
2012-08-21 09:18:26 +00:00
|
|
|
virCgroupPtr cgroup_emulator = NULL;
|
2012-08-21 09:18:33 +00:00
|
|
|
virDomainDefPtr def = vm->def;
|
2013-03-21 14:40:29 +00:00
|
|
|
qemuDomainObjPrivatePtr priv = vm->privateData;
|
2012-08-21 09:18:42 +00:00
|
|
|
unsigned long long period = vm->def->cputune.emulator_period;
|
|
|
|
|
long long quota = vm->def->cputune.emulator_quota;
|
2013-03-21 13:27:13 +00:00
|
|
|
int rc;
|
2012-08-21 09:18:26 +00:00
|
|
|
|
2012-08-29 14:08:59 +00:00
|
|
|
if ((period || quota) &&
|
2013-03-21 14:40:29 +00:00
|
|
|
!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_CPU)) {
|
2012-08-29 14:08:59 +00:00
|
|
|
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
|
|
|
|
|
_("cgroup cpu is required for scheduler tuning"));
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
2013-03-21 14:40:29 +00:00
|
|
|
if (priv->cgroup == NULL)
|
2012-08-21 09:18:26 +00:00
|
|
|
return 0; /* Not supported, so claim success */
|
|
|
|
|
|
2013-03-28 16:33:22 +00:00
|
|
|
rc = virCgroupNewEmulator(priv->cgroup, true, &cgroup_emulator);
|
2012-08-21 09:18:26 +00:00
|
|
|
if (rc < 0) {
|
|
|
|
|
virReportSystemError(-rc,
|
|
|
|
|
_("Unable to create emulator cgroup for %s"),
|
|
|
|
|
vm->def->name);
|
|
|
|
|
goto cleanup;
|
|
|
|
|
}
|
|
|
|
|
|
2013-03-21 14:40:29 +00:00
|
|
|
rc = virCgroupMoveTask(priv->cgroup, cgroup_emulator);
|
2013-03-21 13:27:13 +00:00
|
|
|
if (rc < 0) {
|
|
|
|
|
virReportSystemError(-rc,
|
|
|
|
|
_("Unable to move tasks from domain cgroup to "
|
|
|
|
|
"emulator cgroup for %s"),
|
|
|
|
|
vm->def->name);
|
|
|
|
|
goto cleanup;
|
2012-08-21 09:18:26 +00:00
|
|
|
}
|
|
|
|
|
|
qemu: Keep the affinity when creating cgroup for emulator thread
When the cpu placement model is "auto", it sets the affinity for
domain process with the advisory nodeset from numad, however,
creating cgroup for the domain process (called emulator thread
in some contexts) later overrides that with pinning it to all
available pCPUs.
How to reproduce:
* Configure the domain with "auto" placement for <vcpu>, e.g.
<vcpu placement='auto'>4</vcpu>
* % virsh start dom
* % cat /proc/$dompid/status
Though the emulator cgroup cause conflicts, but we can't simply
prohibit creating it, as other tunables are still useful, such
as "emulator_period", which is used by API
virDomainSetSchedulerParameter. So this patch doesn't prohibit
creating the emulator cgroup, but inherit the nodeset from numad,
and reset the affinity for domain process.
* src/qemu/qemu_cgroup.h: Modify definition of qemuSetupCgroupForEmulator
to accept the passed nodenet
* src/qemu/qemu_cgroup.c: Set the affinity with the passed nodeset
2012-10-24 09:27:56 +00:00
|
|
|
if (def->placement_mode == VIR_DOMAIN_CPU_PLACEMENT_MODE_AUTO) {
|
|
|
|
|
if (!(cpumap = qemuPrepareCpumap(driver, nodemask)))
|
|
|
|
|
goto cleanup;
|
|
|
|
|
cpumask = cpumap;
|
|
|
|
|
} else if (def->cputune.emulatorpin) {
|
2012-10-17 14:39:31 +00:00
|
|
|
cpumask = def->cputune.emulatorpin->cpumask;
|
qemu: Keep the affinity when creating cgroup for emulator thread
When the cpu placement model is "auto", it sets the affinity for
domain process with the advisory nodeset from numad, however,
creating cgroup for the domain process (called emulator thread
in some contexts) later overrides that with pinning it to all
available pCPUs.
How to reproduce:
* Configure the domain with "auto" placement for <vcpu>, e.g.
<vcpu placement='auto'>4</vcpu>
* % virsh start dom
* % cat /proc/$dompid/status
Though the emulator cgroup cause conflicts, but we can't simply
prohibit creating it, as other tunables are still useful, such
as "emulator_period", which is used by API
virDomainSetSchedulerParameter. So this patch doesn't prohibit
creating the emulator cgroup, but inherit the nodeset from numad,
and reset the affinity for domain process.
* src/qemu/qemu_cgroup.h: Modify definition of qemuSetupCgroupForEmulator
to accept the passed nodenet
* src/qemu/qemu_cgroup.c: Set the affinity with the passed nodeset
2012-10-24 09:27:56 +00:00
|
|
|
} else if (def->cpumask) {
|
2012-10-17 14:39:31 +00:00
|
|
|
cpumask = def->cpumask;
|
qemu: Keep the affinity when creating cgroup for emulator thread
When the cpu placement model is "auto", it sets the affinity for
domain process with the advisory nodeset from numad, however,
creating cgroup for the domain process (called emulator thread
in some contexts) later overrides that with pinning it to all
available pCPUs.
How to reproduce:
* Configure the domain with "auto" placement for <vcpu>, e.g.
<vcpu placement='auto'>4</vcpu>
* % virsh start dom
* % cat /proc/$dompid/status
Though the emulator cgroup cause conflicts, but we can't simply
prohibit creating it, as other tunables are still useful, such
as "emulator_period", which is used by API
virDomainSetSchedulerParameter. So this patch doesn't prohibit
creating the emulator cgroup, but inherit the nodeset from numad,
and reset the affinity for domain process.
* src/qemu/qemu_cgroup.h: Modify definition of qemuSetupCgroupForEmulator
to accept the passed nodenet
* src/qemu/qemu_cgroup.c: Set the affinity with the passed nodeset
2012-10-24 09:27:56 +00:00
|
|
|
}
|
2012-10-17 14:39:31 +00:00
|
|
|
|
|
|
|
|
if (cpumask) {
|
2013-03-21 14:40:29 +00:00
|
|
|
if (virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_CPUSET)) {
|
2012-10-17 14:39:31 +00:00
|
|
|
rc = qemuSetupCgroupEmulatorPin(cgroup_emulator, cpumask);
|
|
|
|
|
if (rc < 0)
|
|
|
|
|
goto cleanup;
|
|
|
|
|
}
|
|
|
|
|
cpumask = NULL; /* sanity */
|
2012-09-06 10:13:52 +00:00
|
|
|
}
|
2012-08-21 09:18:33 +00:00
|
|
|
|
2012-08-21 09:18:42 +00:00
|
|
|
if (period || quota) {
|
2013-03-21 14:40:29 +00:00
|
|
|
if (virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_CPU)) {
|
2012-09-06 10:13:52 +00:00
|
|
|
if ((rc = qemuSetupCgroupVcpuBW(cgroup_emulator, period,
|
|
|
|
|
quota)) < 0)
|
2012-08-21 09:18:42 +00:00
|
|
|
goto cleanup;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2012-08-21 09:18:26 +00:00
|
|
|
virCgroupFree(&cgroup_emulator);
|
qemu: Keep the affinity when creating cgroup for emulator thread
When the cpu placement model is "auto", it sets the affinity for
domain process with the advisory nodeset from numad, however,
creating cgroup for the domain process (called emulator thread
in some contexts) later overrides that with pinning it to all
available pCPUs.
How to reproduce:
* Configure the domain with "auto" placement for <vcpu>, e.g.
<vcpu placement='auto'>4</vcpu>
* % virsh start dom
* % cat /proc/$dompid/status
Though the emulator cgroup cause conflicts, but we can't simply
prohibit creating it, as other tunables are still useful, such
as "emulator_period", which is used by API
virDomainSetSchedulerParameter. So this patch doesn't prohibit
creating the emulator cgroup, but inherit the nodeset from numad,
and reset the affinity for domain process.
* src/qemu/qemu_cgroup.h: Modify definition of qemuSetupCgroupForEmulator
to accept the passed nodenet
* src/qemu/qemu_cgroup.c: Set the affinity with the passed nodeset
2012-10-24 09:27:56 +00:00
|
|
|
virBitmapFree(cpumap);
|
2012-08-21 09:18:26 +00:00
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
cleanup:
|
qemu: Keep the affinity when creating cgroup for emulator thread
When the cpu placement model is "auto", it sets the affinity for
domain process with the advisory nodeset from numad, however,
creating cgroup for the domain process (called emulator thread
in some contexts) later overrides that with pinning it to all
available pCPUs.
How to reproduce:
* Configure the domain with "auto" placement for <vcpu>, e.g.
<vcpu placement='auto'>4</vcpu>
* % virsh start dom
* % cat /proc/$dompid/status
Though the emulator cgroup cause conflicts, but we can't simply
prohibit creating it, as other tunables are still useful, such
as "emulator_period", which is used by API
virDomainSetSchedulerParameter. So this patch doesn't prohibit
creating the emulator cgroup, but inherit the nodeset from numad,
and reset the affinity for domain process.
* src/qemu/qemu_cgroup.h: Modify definition of qemuSetupCgroupForEmulator
to accept the passed nodenet
* src/qemu/qemu_cgroup.c: Set the affinity with the passed nodeset
2012-10-24 09:27:56 +00:00
|
|
|
virBitmapFree(cpumap);
|
|
|
|
|
|
2012-08-21 09:18:26 +00:00
|
|
|
if (cgroup_emulator) {
|
|
|
|
|
virCgroupRemove(cgroup_emulator);
|
|
|
|
|
virCgroupFree(&cgroup_emulator);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return rc;
|
|
|
|
|
}
|
2010-12-16 16:10:54 +00:00
|
|
|
|
2013-03-21 14:40:29 +00:00
|
|
|
int qemuRemoveCgroup(virDomainObjPtr vm)
|
2010-12-16 16:10:54 +00:00
|
|
|
{
|
2013-03-21 14:40:29 +00:00
|
|
|
qemuDomainObjPrivatePtr priv = vm->privateData;
|
2010-12-16 16:10:54 +00:00
|
|
|
|
2013-03-21 14:40:29 +00:00
|
|
|
if (priv->cgroup == NULL)
|
2010-12-16 16:10:54 +00:00
|
|
|
return 0; /* Not supported, so claim success */
|
|
|
|
|
|
2013-03-21 14:40:29 +00:00
|
|
|
return virCgroupRemove(priv->cgroup);
|
2010-12-16 16:10:54 +00:00
|
|
|
}
|
|
|
|
|
|
2013-03-21 14:40:29 +00:00
|
|
|
int qemuAddToCgroup(virDomainObjPtr vm)
|
2010-12-16 16:10:54 +00:00
|
|
|
{
|
2013-03-21 14:40:29 +00:00
|
|
|
qemuDomainObjPrivatePtr priv = vm->privateData;
|
2010-12-16 16:10:54 +00:00
|
|
|
int rc;
|
|
|
|
|
|
2013-03-21 14:40:29 +00:00
|
|
|
if (priv->cgroup == NULL)
|
2010-12-16 16:10:54 +00:00
|
|
|
return 0; /* Not supported, so claim success */
|
|
|
|
|
|
2013-03-21 14:40:29 +00:00
|
|
|
rc = virCgroupAddTask(priv->cgroup, getpid());
|
2010-12-16 16:10:54 +00:00
|
|
|
if (rc != 0) {
|
|
|
|
|
virReportSystemError(-rc,
|
|
|
|
|
_("unable to add domain %s task %d to cgroup"),
|
2013-03-21 14:40:29 +00:00
|
|
|
vm->def->name, getpid());
|
|
|
|
|
return -1;
|
2010-12-16 16:10:54 +00:00
|
|
|
}
|
|
|
|
|
|
2013-03-21 14:40:29 +00:00
|
|
|
return 0;
|
2010-12-16 16:10:54 +00:00
|
|
|
}
|
