2010-12-16 16:10:54 +00:00
|
|
|
/*
|
|
|
|
* qemu_cgroup.c: QEMU cgroup management
|
|
|
|
*
|
2015-03-11 11:17:15 +01:00
|
|
|
* Copyright (C) 2006-2015 Red Hat, Inc.
|
2010-12-16 16:10:54 +00:00
|
|
|
* Copyright (C) 2006 Daniel P. Berrange
|
|
|
|
*
|
|
|
|
* This library is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
|
|
* License as published by the Free Software Foundation; either
|
|
|
|
* version 2.1 of the License, or (at your option) any later version.
|
|
|
|
*
|
|
|
|
* This library is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
|
* Lesser General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU Lesser General Public
|
2012-09-20 16:30:55 -06:00
|
|
|
* License along with this library. If not, see
|
2012-07-21 18:06:23 +08:00
|
|
|
* <http://www.gnu.org/licenses/>.
|
2010-12-16 16:10:54 +00:00
|
|
|
*
|
|
|
|
* Author: Daniel P. Berrange <berrange@redhat.com>
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include <config.h>
|
|
|
|
|
|
|
|
#include "qemu_cgroup.h"
|
2011-07-21 10:10:31 +08:00
|
|
|
#include "qemu_domain.h"
|
qemu: Keep the affinity when creating cgroup for emulator thread
When the cpu placement model is "auto", it sets the affinity for
domain process with the advisory nodeset from numad, however,
creating cgroup for the domain process (called emulator thread
in some contexts) later overrides that with pinning it to all
available pCPUs.
How to reproduce:
* Configure the domain with "auto" placement for <vcpu>, e.g.
<vcpu placement='auto'>4</vcpu>
* % virsh start dom
* % cat /proc/$dompid/status
Though the emulator cgroup cause conflicts, but we can't simply
prohibit creating it, as other tunables are still useful, such
as "emulator_period", which is used by API
virDomainSetSchedulerParameter. So this patch doesn't prohibit
creating the emulator cgroup, but inherit the nodeset from numad,
and reset the affinity for domain process.
* src/qemu/qemu_cgroup.h: Modify definition of qemuSetupCgroupForEmulator
to accept the passed nodenet
* src/qemu/qemu_cgroup.c: Set the affinity with the passed nodeset
2012-10-24 17:27:56 +08:00
|
|
|
#include "qemu_process.h"
|
2012-12-03 15:03:47 +00:00
|
|
|
#include "vircgroup.h"
|
2012-12-12 17:59:27 +00:00
|
|
|
#include "virlog.h"
|
2012-12-12 18:06:53 +00:00
|
|
|
#include "viralloc.h"
|
2012-12-13 18:21:53 +00:00
|
|
|
#include "virerror.h"
|
Move qemu_audit.h helpers into shared code
The LXC and UML drivers can both make use of auditing. Move
the qemu_audit.{c,h} files to src/conf/domain_audit.{c,h}
* src/conf/domain_audit.c: Rename from src/qemu/qemu_audit.c
* src/conf/domain_audit.h: Rename from src/qemu/qemu_audit.h
* src/Makefile.am: Remove qemu_audit.{c,h}, add domain_audit.{c,h}
* src/qemu/qemu_audit.h, src/qemu/qemu_cgroup.c,
src/qemu/qemu_command.c, src/qemu/qemu_driver.c,
src/qemu/qemu_hotplug.c, src/qemu/qemu_migration.c,
src/qemu/qemu_process.c: Update for changed audit API names
2011-07-04 11:56:13 +01:00
|
|
|
#include "domain_audit.h"
|
2013-05-04 02:07:27 +08:00
|
|
|
#include "virscsi.h"
|
2013-05-20 11:23:13 +02:00
|
|
|
#include "virstring.h"
|
2013-09-13 15:32:43 +02:00
|
|
|
#include "virfile.h"
|
2014-09-09 16:34:12 +02:00
|
|
|
#include "virtypedparam.h"
|
2014-12-12 15:29:48 +01:00
|
|
|
#include "virnuma.h"
|
2016-02-01 16:50:54 +01:00
|
|
|
#include "virsystemd.h"
|
2010-12-16 16:10:54 +00:00
|
|
|
|
|
|
|
#define VIR_FROM_THIS VIR_FROM_QEMU
|
|
|
|
|
2014-02-28 12:16:17 +00:00
|
|
|
VIR_LOG_INIT("qemu.qemu_cgroup");
|
|
|
|
|
2010-12-16 16:10:54 +00:00
|
|
|
static const char *const defaultDeviceACL[] = {
|
|
|
|
"/dev/null", "/dev/full", "/dev/zero",
|
|
|
|
"/dev/random", "/dev/urandom",
|
|
|
|
"/dev/ptmx", "/dev/kvm", "/dev/kqemu",
|
2013-04-29 13:15:26 -04:00
|
|
|
"/dev/rtc", "/dev/hpet", "/dev/vfio/vfio",
|
2010-12-16 16:10:54 +00:00
|
|
|
NULL,
|
|
|
|
};
|
|
|
|
#define DEVICE_PTY_MAJOR 136
|
|
|
|
#define DEVICE_SND_MAJOR 116
|
|
|
|
|
2016-02-16 15:46:40 +01:00
|
|
|
|
2014-06-20 14:05:05 +02:00
|
|
|
static int
|
2016-02-16 15:46:40 +01:00
|
|
|
qemuSetupImagePathCgroup(virDomainObjPtr vm,
|
|
|
|
const char *path,
|
|
|
|
bool readonly)
|
2010-12-16 16:10:54 +00:00
|
|
|
{
|
2013-03-21 14:40:29 +00:00
|
|
|
qemuDomainObjPrivatePtr priv = vm->privateData;
|
2014-06-18 13:09:05 +02:00
|
|
|
int perms = VIR_CGROUP_DEVICE_READ;
|
2013-07-08 11:08:46 +01:00
|
|
|
int ret;
|
2010-12-16 16:10:54 +00:00
|
|
|
|
2016-02-16 15:46:40 +01:00
|
|
|
if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DEVICES))
|
2014-06-18 13:09:05 +02:00
|
|
|
return 0;
|
|
|
|
|
2016-02-18 10:19:51 +01:00
|
|
|
if (!readonly)
|
2016-02-16 15:37:01 +01:00
|
|
|
perms |= VIR_CGROUP_DEVICE_WRITE;
|
2014-06-18 13:09:05 +02:00
|
|
|
|
2016-02-16 15:37:01 +01:00
|
|
|
VIR_DEBUG("Allow path %s, perms: %s",
|
2016-02-16 15:46:40 +01:00
|
|
|
path, virCgroupGetDevicePermsString(perms));
|
2014-06-18 13:09:05 +02:00
|
|
|
|
2016-02-16 15:46:40 +01:00
|
|
|
ret = virCgroupAllowDevicePath(priv->cgroup, path, perms, true);
|
2014-06-18 13:09:05 +02:00
|
|
|
|
2016-02-16 15:46:40 +01:00
|
|
|
virDomainAuditCgroupPath(vm, priv->cgroup, "allow", path,
|
2014-06-18 13:09:05 +02:00
|
|
|
virCgroupGetDevicePermsString(perms),
|
|
|
|
ret == 0);
|
2013-07-08 11:08:46 +01:00
|
|
|
|
|
|
|
return ret;
|
2010-12-16 16:10:54 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2016-02-16 15:46:40 +01:00
|
|
|
static int
|
|
|
|
qemuSetupImageCgroupInternal(virDomainObjPtr vm,
|
|
|
|
virStorageSourcePtr src,
|
|
|
|
bool forceReadonly)
|
|
|
|
{
|
|
|
|
if (!src->path || !virStorageSourceIsLocalStorage(src)) {
|
|
|
|
VIR_DEBUG("Not updating cgroups for disk path '%s', type: %s",
|
|
|
|
NULLSTR(src->path), virStorageTypeToString(src->type));
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
return qemuSetupImagePathCgroup(vm, src->path, src->readonly || forceReadonly);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2014-06-20 14:05:05 +02:00
|
|
|
int
|
2016-02-15 16:15:58 +01:00
|
|
|
qemuSetupImageCgroup(virDomainObjPtr vm,
|
|
|
|
virStorageSourcePtr src)
|
2014-06-20 14:05:05 +02:00
|
|
|
{
|
2016-02-16 15:37:01 +01:00
|
|
|
return qemuSetupImageCgroupInternal(vm, src, false);
|
2016-02-15 16:15:58 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
int
|
|
|
|
qemuTeardownImageCgroup(virDomainObjPtr vm,
|
|
|
|
virStorageSourcePtr src)
|
|
|
|
{
|
2016-02-16 15:37:01 +01:00
|
|
|
qemuDomainObjPrivatePtr priv = vm->privateData;
|
|
|
|
int perms = VIR_CGROUP_DEVICE_READ |
|
|
|
|
VIR_CGROUP_DEVICE_WRITE |
|
|
|
|
VIR_CGROUP_DEVICE_MKNOD;
|
|
|
|
int ret;
|
|
|
|
|
|
|
|
if (!virCgroupHasController(priv->cgroup,
|
|
|
|
VIR_CGROUP_CONTROLLER_DEVICES))
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
if (!src->path || !virStorageSourceIsLocalStorage(src)) {
|
|
|
|
VIR_DEBUG("Not updating cgroups for disk path '%s', type: %s",
|
|
|
|
NULLSTR(src->path), virStorageTypeToString(src->type));
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
VIR_DEBUG("Deny path %s", src->path);
|
|
|
|
|
|
|
|
ret = virCgroupDenyDevicePath(priv->cgroup, src->path, perms, true);
|
|
|
|
|
|
|
|
virDomainAuditCgroupPath(vm, priv->cgroup, "deny", src->path,
|
|
|
|
virCgroupGetDevicePermsString(perms), ret == 0);
|
|
|
|
|
|
|
|
return ret;
|
2014-06-20 14:05:05 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2013-07-18 11:29:27 +02:00
|
|
|
int
|
|
|
|
qemuSetupDiskCgroup(virDomainObjPtr vm,
|
|
|
|
virDomainDiskDefPtr disk)
|
2010-12-16 16:10:54 +00:00
|
|
|
{
|
2014-06-18 13:09:05 +02:00
|
|
|
virStorageSourcePtr next;
|
2014-06-20 14:05:05 +02:00
|
|
|
bool forceReadonly = false;
|
2013-07-08 11:08:46 +01:00
|
|
|
|
2014-06-18 13:09:05 +02:00
|
|
|
for (next = disk->src; next; next = next->backingStore) {
|
2016-02-16 15:37:01 +01:00
|
|
|
if (qemuSetupImageCgroupInternal(vm, next, forceReadonly) < 0)
|
2014-06-18 13:09:05 +02:00
|
|
|
return -1;
|
2014-06-20 14:05:05 +02:00
|
|
|
|
|
|
|
/* setup only the top level image for read-write */
|
|
|
|
forceReadonly = true;
|
2010-12-16 16:10:54 +00:00
|
|
|
}
|
2014-06-18 13:09:05 +02:00
|
|
|
|
|
|
|
return 0;
|
2010-12-16 16:10:54 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2013-07-18 11:29:27 +02:00
|
|
|
int
|
|
|
|
qemuTeardownDiskCgroup(virDomainObjPtr vm,
|
|
|
|
virDomainDiskDefPtr disk)
|
2010-12-16 16:10:54 +00:00
|
|
|
{
|
2014-06-18 13:09:05 +02:00
|
|
|
virStorageSourcePtr next;
|
2013-03-21 14:40:29 +00:00
|
|
|
|
2014-06-18 13:09:05 +02:00
|
|
|
for (next = disk->src; next; next = next->backingStore) {
|
2016-02-16 15:37:01 +01:00
|
|
|
if (qemuTeardownImageCgroup(vm, next) < 0)
|
2014-06-18 13:09:05 +02:00
|
|
|
return -1;
|
|
|
|
}
|
2013-03-21 14:40:29 +00:00
|
|
|
|
2014-06-18 13:09:05 +02:00
|
|
|
return 0;
|
2010-12-16 16:10:54 +00:00
|
|
|
}
|
|
|
|
|
2014-06-18 13:09:05 +02:00
|
|
|
|
2011-02-15 19:18:40 -07:00
|
|
|
static int
|
2015-11-19 14:25:44 +01:00
|
|
|
qemuSetupChrSourceCgroup(virDomainObjPtr vm,
|
2015-11-19 16:26:56 +01:00
|
|
|
virDomainChrSourceDefPtr source)
|
2010-12-16 16:10:54 +00:00
|
|
|
{
|
2013-03-21 14:40:29 +00:00
|
|
|
qemuDomainObjPrivatePtr priv = vm->privateData;
|
2013-07-08 11:08:46 +01:00
|
|
|
int ret;
|
2010-12-16 16:10:54 +00:00
|
|
|
|
2015-11-19 16:26:56 +01:00
|
|
|
if (source->type != VIR_DOMAIN_CHR_TYPE_DEV)
|
2010-12-16 16:10:54 +00:00
|
|
|
return 0;
|
|
|
|
|
2015-11-19 16:26:56 +01:00
|
|
|
VIR_DEBUG("Process path '%s' for device", source->data.file.path);
|
2010-12-16 16:10:54 +00:00
|
|
|
|
2015-11-19 16:26:56 +01:00
|
|
|
ret = virCgroupAllowDevicePath(priv->cgroup, source->data.file.path,
|
2016-02-16 14:43:41 +01:00
|
|
|
VIR_CGROUP_DEVICE_RW, false);
|
2013-03-21 14:40:29 +00:00
|
|
|
virDomainAuditCgroupPath(vm, priv->cgroup, "allow",
|
2015-11-19 16:26:56 +01:00
|
|
|
source->data.file.path, "rw", ret == 0);
|
2010-12-16 16:10:54 +00:00
|
|
|
|
2013-07-08 11:08:46 +01:00
|
|
|
return ret;
|
2010-12-16 16:10:54 +00:00
|
|
|
}
|
|
|
|
|
2016-11-18 11:45:44 +01:00
|
|
|
|
|
|
|
static int
|
|
|
|
qemuTeardownChrSourceCgroup(virDomainObjPtr vm,
|
|
|
|
virDomainChrSourceDefPtr source)
|
|
|
|
{
|
|
|
|
qemuDomainObjPrivatePtr priv = vm->privateData;
|
|
|
|
int ret;
|
|
|
|
|
|
|
|
if (source->type != VIR_DOMAIN_CHR_TYPE_DEV)
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
VIR_DEBUG("Process path '%s' for device", source->data.file.path);
|
|
|
|
|
|
|
|
ret = virCgroupDenyDevicePath(priv->cgroup, source->data.file.path,
|
|
|
|
VIR_CGROUP_DEVICE_RW, false);
|
|
|
|
virDomainAuditCgroupPath(vm, priv->cgroup, "deny",
|
|
|
|
source->data.file.path, "rw", ret == 0);
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2013-04-12 16:55:46 -04:00
|
|
|
static int
|
2016-11-18 11:45:44 +01:00
|
|
|
qemuSetupChardevCgroupCB(virDomainDefPtr def ATTRIBUTE_UNUSED,
|
|
|
|
virDomainChrDefPtr dev,
|
|
|
|
void *opaque)
|
2013-04-12 16:55:46 -04:00
|
|
|
{
|
2015-11-19 14:25:44 +01:00
|
|
|
virDomainObjPtr vm = opaque;
|
|
|
|
|
2016-10-21 07:45:54 -04:00
|
|
|
return qemuSetupChrSourceCgroup(vm, dev->source);
|
2013-04-12 16:55:46 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static int
|
2015-11-19 14:25:44 +01:00
|
|
|
qemuSetupTPMCgroup(virDomainObjPtr vm)
|
2013-04-12 16:55:46 -04:00
|
|
|
{
|
2013-07-08 11:08:46 +01:00
|
|
|
int ret = 0;
|
2015-11-19 14:25:44 +01:00
|
|
|
virDomainTPMDefPtr dev = vm->def->tpm;
|
2013-04-12 16:55:46 -04:00
|
|
|
|
|
|
|
switch (dev->type) {
|
|
|
|
case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH:
|
2015-11-19 14:25:44 +01:00
|
|
|
ret = qemuSetupChrSourceCgroup(vm, &dev->data.passthrough.source);
|
2013-04-12 16:55:46 -04:00
|
|
|
break;
|
|
|
|
case VIR_DOMAIN_TPM_TYPE_LAST:
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
2013-07-08 11:08:46 +01:00
|
|
|
return ret;
|
2013-04-12 16:55:46 -04:00
|
|
|
}
|
|
|
|
|
2010-12-16 16:10:54 +00:00
|
|
|
|
2015-11-19 14:32:22 +01:00
|
|
|
static int
|
|
|
|
qemuSetupInputCgroup(virDomainObjPtr vm,
|
|
|
|
virDomainInputDefPtr dev)
|
|
|
|
{
|
|
|
|
qemuDomainObjPrivatePtr priv = vm->privateData;
|
|
|
|
int ret = 0;
|
|
|
|
|
|
|
|
switch (dev->type) {
|
|
|
|
case VIR_DOMAIN_INPUT_TYPE_PASSTHROUGH:
|
|
|
|
VIR_DEBUG("Process path '%s' for input device", dev->source.evdev);
|
|
|
|
ret = virCgroupAllowDevicePath(priv->cgroup, dev->source.evdev,
|
2016-02-16 14:43:41 +01:00
|
|
|
VIR_CGROUP_DEVICE_RW, false);
|
2015-11-19 14:32:22 +01:00
|
|
|
virDomainAuditCgroupPath(vm, priv->cgroup, "allow", dev->source.evdev, "rw", ret == 0);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2013-04-29 16:19:19 -04:00
|
|
|
static int
|
2014-03-13 11:58:17 +00:00
|
|
|
qemuSetupHostUSBDeviceCgroup(virUSBDevicePtr dev ATTRIBUTE_UNUSED,
|
2013-04-29 16:19:19 -04:00
|
|
|
const char *path,
|
|
|
|
void *opaque)
|
2010-12-16 16:10:54 +00:00
|
|
|
{
|
2013-03-21 14:40:29 +00:00
|
|
|
virDomainObjPtr vm = opaque;
|
|
|
|
qemuDomainObjPrivatePtr priv = vm->privateData;
|
2013-07-08 11:08:46 +01:00
|
|
|
int ret;
|
2010-12-16 16:10:54 +00:00
|
|
|
|
|
|
|
VIR_DEBUG("Process path '%s' for USB device", path);
|
2013-07-08 11:08:46 +01:00
|
|
|
ret = virCgroupAllowDevicePath(priv->cgroup, path,
|
2016-02-16 14:43:41 +01:00
|
|
|
VIR_CGROUP_DEVICE_RW, false);
|
2013-07-08 11:08:46 +01:00
|
|
|
virDomainAuditCgroupPath(vm, priv->cgroup, "allow", path, "rw", ret == 0);
|
2010-12-16 16:10:54 +00:00
|
|
|
|
2013-07-08 11:08:46 +01:00
|
|
|
return ret;
|
2010-12-16 16:10:54 +00:00
|
|
|
}
|
|
|
|
|
2013-05-04 02:07:27 +08:00
|
|
|
static int
|
2014-03-13 11:55:46 +00:00
|
|
|
qemuSetupHostSCSIDeviceCgroup(virSCSIDevicePtr dev ATTRIBUTE_UNUSED,
|
2013-05-04 02:07:27 +08:00
|
|
|
const char *path,
|
|
|
|
void *opaque)
|
|
|
|
{
|
|
|
|
virDomainObjPtr vm = opaque;
|
|
|
|
qemuDomainObjPrivatePtr priv = vm->privateData;
|
2013-07-08 11:08:46 +01:00
|
|
|
int ret;
|
2013-05-04 02:07:27 +08:00
|
|
|
|
|
|
|
VIR_DEBUG("Process path '%s' for SCSI device", path);
|
|
|
|
|
2013-07-08 11:08:46 +01:00
|
|
|
ret = virCgroupAllowDevicePath(priv->cgroup, path,
|
|
|
|
virSCSIDeviceGetReadonly(dev) ?
|
|
|
|
VIR_CGROUP_DEVICE_READ :
|
2016-02-16 14:43:41 +01:00
|
|
|
VIR_CGROUP_DEVICE_RW, false);
|
2013-05-04 02:07:27 +08:00
|
|
|
|
|
|
|
virDomainAuditCgroupPath(vm, priv->cgroup, "allow", path,
|
2013-07-08 11:08:46 +01:00
|
|
|
virSCSIDeviceGetReadonly(dev) ? "r" : "rw", ret == 0);
|
2013-05-04 02:07:27 +08:00
|
|
|
|
2013-07-08 11:08:46 +01:00
|
|
|
return ret;
|
2013-05-04 02:07:27 +08:00
|
|
|
}
|
2013-03-21 14:40:29 +00:00
|
|
|
|
2016-11-21 22:58:18 -05:00
|
|
|
static int
|
|
|
|
qemuSetupHostSCSIVHostDeviceCgroup(virSCSIVHostDevicePtr dev ATTRIBUTE_UNUSED,
|
|
|
|
const char *path,
|
|
|
|
void *opaque)
|
|
|
|
{
|
|
|
|
virDomainObjPtr vm = opaque;
|
|
|
|
qemuDomainObjPrivatePtr priv = vm->privateData;
|
|
|
|
int ret;
|
|
|
|
|
|
|
|
VIR_DEBUG("Process path '%s' for scsi_host device", path);
|
|
|
|
|
|
|
|
ret = virCgroupAllowDevicePath(priv->cgroup, path,
|
|
|
|
VIR_CGROUP_DEVICE_RW, false);
|
|
|
|
|
|
|
|
virDomainAuditCgroupPath(vm, priv->cgroup, "allow", path, "rw", ret == 0);
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2013-04-29 13:15:26 -04:00
|
|
|
int
|
2015-11-19 14:35:46 +01:00
|
|
|
qemuSetupHostdevCgroup(virDomainObjPtr vm,
|
2013-04-29 13:15:26 -04:00
|
|
|
virDomainHostdevDefPtr dev)
|
|
|
|
{
|
|
|
|
int ret = -1;
|
|
|
|
qemuDomainObjPrivatePtr priv = vm->privateData;
|
2014-07-03 15:43:05 -04:00
|
|
|
virDomainHostdevSubsysUSBPtr usbsrc = &dev->source.subsys.u.usb;
|
2014-07-03 16:31:39 -04:00
|
|
|
virDomainHostdevSubsysPCIPtr pcisrc = &dev->source.subsys.u.pci;
|
2014-07-03 17:01:10 -04:00
|
|
|
virDomainHostdevSubsysSCSIPtr scsisrc = &dev->source.subsys.u.scsi;
|
2016-11-21 22:58:18 -05:00
|
|
|
virDomainHostdevSubsysSCSIVHostPtr hostsrc = &dev->source.subsys.u.scsi_host;
|
2013-04-29 13:15:26 -04:00
|
|
|
virPCIDevicePtr pci = NULL;
|
2013-04-29 16:19:19 -04:00
|
|
|
virUSBDevicePtr usb = NULL;
|
2013-05-04 02:07:27 +08:00
|
|
|
virSCSIDevicePtr scsi = NULL;
|
2016-11-21 22:58:18 -05:00
|
|
|
virSCSIVHostDevicePtr host = NULL;
|
2013-04-29 13:15:26 -04:00
|
|
|
char *path = NULL;
|
|
|
|
|
|
|
|
/* currently this only does something for PCI devices using vfio
|
|
|
|
* for device assignment, but it is called for *all* hostdev
|
|
|
|
* devices.
|
|
|
|
*/
|
|
|
|
|
|
|
|
if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DEVICES))
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
if (dev->mode == VIR_DOMAIN_HOSTDEV_MODE_SUBSYS) {
|
|
|
|
|
2016-11-08 13:26:23 -05:00
|
|
|
switch ((virDomainHostdevSubsysType) dev->source.subsys.type) {
|
2013-04-29 13:15:26 -04:00
|
|
|
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI:
|
2014-07-03 16:31:39 -04:00
|
|
|
if (pcisrc->backend == VIR_DOMAIN_HOSTDEV_PCI_BACKEND_VFIO) {
|
2013-07-08 11:08:46 +01:00
|
|
|
int rv;
|
2013-04-29 13:15:26 -04:00
|
|
|
|
2014-07-03 16:31:39 -04:00
|
|
|
pci = virPCIDeviceNew(pcisrc->addr.domain,
|
|
|
|
pcisrc->addr.bus,
|
|
|
|
pcisrc->addr.slot,
|
|
|
|
pcisrc->addr.function);
|
2013-04-29 13:15:26 -04:00
|
|
|
if (!pci)
|
|
|
|
goto cleanup;
|
|
|
|
|
2013-06-14 16:18:44 -04:00
|
|
|
if (!(path = virPCIDeviceGetIOMMUGroupDev(pci)))
|
2013-04-29 13:15:26 -04:00
|
|
|
goto cleanup;
|
|
|
|
|
|
|
|
VIR_DEBUG("Cgroup allow %s for PCI device assignment", path);
|
2013-07-08 11:08:46 +01:00
|
|
|
rv = virCgroupAllowDevicePath(priv->cgroup, path,
|
2016-02-16 14:43:41 +01:00
|
|
|
VIR_CGROUP_DEVICE_RW, false);
|
2013-04-29 13:15:26 -04:00
|
|
|
virDomainAuditCgroupPath(vm, priv->cgroup,
|
2013-07-08 11:08:46 +01:00
|
|
|
"allow", path, "rw", rv == 0);
|
|
|
|
if (rv < 0)
|
2013-04-29 13:15:26 -04:00
|
|
|
goto cleanup;
|
|
|
|
}
|
|
|
|
break;
|
2013-04-29 16:19:19 -04:00
|
|
|
|
|
|
|
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_USB:
|
|
|
|
/* NB: hostdev->missing wasn't previously checked in the
|
|
|
|
* case of hotplug, only when starting a domain. Now it is
|
|
|
|
* always checked, and the cgroup setup skipped if true.
|
|
|
|
*/
|
|
|
|
if (dev->missing)
|
|
|
|
break;
|
2014-07-03 15:43:05 -04:00
|
|
|
if ((usb = virUSBDeviceNew(usbsrc->bus, usbsrc->device,
|
2013-04-29 16:19:19 -04:00
|
|
|
NULL)) == NULL) {
|
|
|
|
goto cleanup;
|
|
|
|
}
|
|
|
|
|
2014-03-13 11:58:17 +00:00
|
|
|
/* oddly, qemuSetupHostUSBDeviceCgroup doesn't ever
|
2013-04-29 16:19:19 -04:00
|
|
|
* reference the usb object we just created
|
|
|
|
*/
|
2014-03-13 11:58:17 +00:00
|
|
|
if (virUSBDeviceFileIterate(usb, qemuSetupHostUSBDeviceCgroup,
|
2013-04-29 16:19:19 -04:00
|
|
|
vm) < 0) {
|
|
|
|
goto cleanup;
|
|
|
|
}
|
|
|
|
break;
|
2013-05-04 02:07:27 +08:00
|
|
|
|
2014-06-20 11:35:46 -04:00
|
|
|
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_SCSI: {
|
2014-07-09 09:31:38 -04:00
|
|
|
if (scsisrc->protocol ==
|
|
|
|
VIR_DOMAIN_HOSTDEV_SCSI_PROTOCOL_TYPE_ISCSI) {
|
|
|
|
virDomainHostdevSubsysSCSIiSCSIPtr iscsisrc = &scsisrc->u.iscsi;
|
|
|
|
/* Follow qemuSetupDiskCgroup() and qemuSetImageCgroupInternal()
|
|
|
|
* which does nothing for non local storage
|
|
|
|
*/
|
|
|
|
VIR_DEBUG("Not updating cgroups for hostdev iSCSI path '%s'",
|
|
|
|
iscsisrc->path);
|
|
|
|
} else {
|
|
|
|
virDomainHostdevSubsysSCSIHostPtr scsihostsrc =
|
|
|
|
&scsisrc->u.host;
|
|
|
|
if ((scsi = virSCSIDeviceNew(NULL,
|
|
|
|
scsihostsrc->adapter,
|
|
|
|
scsihostsrc->bus,
|
|
|
|
scsihostsrc->target,
|
|
|
|
scsihostsrc->unit,
|
|
|
|
dev->readonly,
|
|
|
|
dev->shareable)) == NULL)
|
|
|
|
goto cleanup;
|
2013-05-04 02:07:27 +08:00
|
|
|
|
2014-07-09 09:31:38 -04:00
|
|
|
if (virSCSIDeviceFileIterate(scsi,
|
|
|
|
qemuSetupHostSCSIDeviceCgroup,
|
|
|
|
vm) < 0)
|
|
|
|
goto cleanup;
|
|
|
|
}
|
2014-06-20 11:35:46 -04:00
|
|
|
break;
|
|
|
|
}
|
2013-05-04 02:07:27 +08:00
|
|
|
|
2016-11-21 22:58:16 -05:00
|
|
|
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_SCSI_HOST: {
|
2016-11-21 22:58:18 -05:00
|
|
|
if (hostsrc->protocol ==
|
|
|
|
VIR_DOMAIN_HOSTDEV_SUBSYS_SCSI_HOST_PROTOCOL_TYPE_VHOST) {
|
|
|
|
if (!(host = virSCSIVHostDeviceNew(hostsrc->wwpn)))
|
|
|
|
goto cleanup;
|
|
|
|
|
|
|
|
if (virSCSIVHostDeviceFileIterate(host,
|
|
|
|
qemuSetupHostSCSIVHostDeviceCgroup,
|
|
|
|
vm) < 0)
|
|
|
|
goto cleanup;
|
|
|
|
}
|
2016-11-21 22:58:16 -05:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
2016-11-08 13:26:23 -05:00
|
|
|
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_LAST:
|
2013-04-29 13:15:26 -04:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
ret = 0;
|
2014-03-25 07:49:44 +01:00
|
|
|
cleanup:
|
2013-04-29 13:15:26 -04:00
|
|
|
virPCIDeviceFree(pci);
|
2013-04-29 16:19:19 -04:00
|
|
|
virUSBDeviceFree(usb);
|
2013-05-04 02:07:27 +08:00
|
|
|
virSCSIDeviceFree(scsi);
|
2016-11-21 22:58:18 -05:00
|
|
|
virSCSIVHostDeviceFree(host);
|
2013-04-29 13:15:26 -04:00
|
|
|
VIR_FREE(path);
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
qemuTeardownHostdevCgroup(virDomainObjPtr vm,
|
|
|
|
virDomainHostdevDefPtr dev)
|
|
|
|
{
|
|
|
|
int ret = -1;
|
|
|
|
qemuDomainObjPrivatePtr priv = vm->privateData;
|
2014-07-03 16:31:39 -04:00
|
|
|
virDomainHostdevSubsysPCIPtr pcisrc = &dev->source.subsys.u.pci;
|
2013-04-29 13:15:26 -04:00
|
|
|
virPCIDevicePtr pci = NULL;
|
|
|
|
char *path = NULL;
|
|
|
|
|
|
|
|
/* currently this only does something for PCI devices using vfio
|
|
|
|
* for device assignment, but it is called for *all* hostdev
|
|
|
|
* devices.
|
|
|
|
*/
|
|
|
|
|
|
|
|
if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DEVICES))
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
if (dev->mode == VIR_DOMAIN_HOSTDEV_MODE_SUBSYS) {
|
|
|
|
|
2016-11-08 13:26:23 -05:00
|
|
|
switch ((virDomainHostdevSubsysType) dev->source.subsys.type) {
|
2013-04-29 13:15:26 -04:00
|
|
|
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI:
|
2014-07-03 16:31:39 -04:00
|
|
|
if (pcisrc->backend == VIR_DOMAIN_HOSTDEV_PCI_BACKEND_VFIO) {
|
2013-07-08 11:08:46 +01:00
|
|
|
int rv;
|
2013-04-29 13:15:26 -04:00
|
|
|
|
2014-07-03 16:31:39 -04:00
|
|
|
pci = virPCIDeviceNew(pcisrc->addr.domain,
|
|
|
|
pcisrc->addr.bus,
|
|
|
|
pcisrc->addr.slot,
|
|
|
|
pcisrc->addr.function);
|
2013-04-29 13:15:26 -04:00
|
|
|
if (!pci)
|
|
|
|
goto cleanup;
|
|
|
|
|
2013-06-14 16:18:44 -04:00
|
|
|
if (!(path = virPCIDeviceGetIOMMUGroupDev(pci)))
|
2013-04-29 13:15:26 -04:00
|
|
|
goto cleanup;
|
|
|
|
|
|
|
|
VIR_DEBUG("Cgroup deny %s for PCI device assignment", path);
|
2013-07-08 11:08:46 +01:00
|
|
|
rv = virCgroupDenyDevicePath(priv->cgroup, path,
|
2016-02-16 14:43:41 +01:00
|
|
|
VIR_CGROUP_DEVICE_RWM, false);
|
2013-04-29 13:15:26 -04:00
|
|
|
virDomainAuditCgroupPath(vm, priv->cgroup,
|
2013-07-08 11:08:46 +01:00
|
|
|
"deny", path, "rwm", rv == 0);
|
|
|
|
if (rv < 0)
|
2013-04-29 13:15:26 -04:00
|
|
|
goto cleanup;
|
|
|
|
}
|
|
|
|
break;
|
2013-04-29 16:19:19 -04:00
|
|
|
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_USB:
|
|
|
|
/* nothing to tear down for USB */
|
|
|
|
break;
|
2016-11-08 13:26:23 -05:00
|
|
|
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_SCSI:
|
|
|
|
/* nothing to tear down for SCSI */
|
|
|
|
break;
|
2016-11-21 22:58:16 -05:00
|
|
|
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_SCSI_HOST:
|
|
|
|
/* nothing to tear down for scsi_host */
|
|
|
|
break;
|
2016-11-08 13:26:23 -05:00
|
|
|
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_LAST:
|
2013-04-29 13:15:26 -04:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
ret = 0;
|
2014-03-25 07:49:44 +01:00
|
|
|
cleanup:
|
2013-04-29 13:15:26 -04:00
|
|
|
virPCIDeviceFree(pci);
|
|
|
|
VIR_FREE(path);
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2013-05-17 19:59:31 +08:00
|
|
|
static int
|
|
|
|
qemuSetupBlkioCgroup(virDomainObjPtr vm)
|
|
|
|
{
|
|
|
|
qemuDomainObjPrivatePtr priv = vm->privateData;
|
Convert 'int i' to 'size_t i' in src/qemu files
Convert the type of loop iterators named 'i', 'j', k',
'ii', 'jj', 'kk', to be 'size_t' instead of 'int' or
'unsigned int', also santizing 'ii', 'jj', 'kk' to use
the normal 'i', 'j', 'k' naming
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-07-08 15:09:33 +01:00
|
|
|
size_t i;
|
2013-05-17 19:59:31 +08:00
|
|
|
|
|
|
|
if (!virCgroupHasController(priv->cgroup,
|
|
|
|
VIR_CGROUP_CONTROLLER_BLKIO)) {
|
|
|
|
if (vm->def->blkio.weight || vm->def->blkio.ndevices) {
|
|
|
|
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
|
|
|
|
_("Block I/O tuning is not available on this host"));
|
|
|
|
return -1;
|
|
|
|
} else {
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2013-07-08 11:08:46 +01:00
|
|
|
if (vm->def->blkio.weight != 0 &&
|
|
|
|
virCgroupSetBlkioWeight(priv->cgroup, vm->def->blkio.weight) < 0)
|
|
|
|
return -1;
|
2013-05-17 19:59:31 +08:00
|
|
|
|
|
|
|
if (vm->def->blkio.ndevices) {
|
|
|
|
for (i = 0; i < vm->def->blkio.ndevices; i++) {
|
2013-12-11 16:29:48 +08:00
|
|
|
virBlkioDevicePtr dev = &vm->def->blkio.devices[i];
|
2013-12-11 16:29:50 +08:00
|
|
|
if (dev->weight &&
|
|
|
|
(virCgroupSetBlkioDeviceWeight(priv->cgroup, dev->path,
|
2015-08-03 15:56:20 +02:00
|
|
|
dev->weight) < 0 ||
|
|
|
|
virCgroupGetBlkioDeviceWeight(priv->cgroup, dev->path,
|
|
|
|
&dev->weight) < 0))
|
2013-12-11 16:29:50 +08:00
|
|
|
return -1;
|
|
|
|
|
|
|
|
if (dev->riops &&
|
|
|
|
(virCgroupSetBlkioDeviceReadIops(priv->cgroup, dev->path,
|
2015-08-03 15:56:20 +02:00
|
|
|
dev->riops) < 0 ||
|
|
|
|
virCgroupGetBlkioDeviceReadIops(priv->cgroup, dev->path,
|
|
|
|
&dev->riops) < 0))
|
2013-12-11 16:29:50 +08:00
|
|
|
return -1;
|
|
|
|
|
|
|
|
if (dev->wiops &&
|
|
|
|
(virCgroupSetBlkioDeviceWriteIops(priv->cgroup, dev->path,
|
2015-08-03 15:56:20 +02:00
|
|
|
dev->wiops) < 0 ||
|
|
|
|
virCgroupGetBlkioDeviceWriteIops(priv->cgroup, dev->path,
|
|
|
|
&dev->wiops) < 0))
|
2013-12-11 16:29:50 +08:00
|
|
|
return -1;
|
|
|
|
|
|
|
|
if (dev->rbps &&
|
|
|
|
(virCgroupSetBlkioDeviceReadBps(priv->cgroup, dev->path,
|
2015-08-03 15:56:20 +02:00
|
|
|
dev->rbps) < 0 ||
|
|
|
|
virCgroupGetBlkioDeviceReadBps(priv->cgroup, dev->path,
|
|
|
|
&dev->rbps) < 0))
|
2013-12-11 16:29:50 +08:00
|
|
|
return -1;
|
|
|
|
|
|
|
|
if (dev->wbps &&
|
|
|
|
(virCgroupSetBlkioDeviceWriteBps(priv->cgroup, dev->path,
|
2015-08-03 15:56:20 +02:00
|
|
|
dev->wbps) < 0 ||
|
|
|
|
virCgroupGetBlkioDeviceWriteBps(priv->cgroup, dev->path,
|
|
|
|
&dev->wbps) < 0))
|
2013-05-17 19:59:31 +08:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2013-04-29 13:15:26 -04:00
|
|
|
|
2013-05-20 19:39:54 +08:00
|
|
|
static int
|
|
|
|
qemuSetupMemoryCgroup(virDomainObjPtr vm)
|
|
|
|
{
|
|
|
|
qemuDomainObjPrivatePtr priv = vm->privateData;
|
|
|
|
|
2013-11-19 15:45:43 -07:00
|
|
|
if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_MEMORY)) {
|
2015-03-02 20:04:12 +01:00
|
|
|
if (virMemoryLimitIsSet(vm->def->mem.hard_limit) ||
|
|
|
|
virMemoryLimitIsSet(vm->def->mem.soft_limit) ||
|
|
|
|
virMemoryLimitIsSet(vm->def->mem.swap_hard_limit)) {
|
2013-05-20 19:39:54 +08:00
|
|
|
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
|
|
|
|
_("Memory cgroup is not available on this host"));
|
|
|
|
return -1;
|
2013-05-21 23:02:36 +08:00
|
|
|
} else {
|
|
|
|
return 0;
|
2013-05-20 19:39:54 +08:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-03-02 20:04:12 +01:00
|
|
|
if (virMemoryLimitIsSet(vm->def->mem.hard_limit))
|
|
|
|
if (virCgroupSetMemoryHardLimit(priv->cgroup, vm->def->mem.hard_limit) < 0)
|
|
|
|
return -1;
|
2013-05-20 19:39:54 +08:00
|
|
|
|
2015-03-02 20:04:12 +01:00
|
|
|
if (virMemoryLimitIsSet(vm->def->mem.soft_limit))
|
|
|
|
if (virCgroupSetMemorySoftLimit(priv->cgroup, vm->def->mem.soft_limit) < 0)
|
|
|
|
return -1;
|
2013-07-08 11:08:46 +01:00
|
|
|
|
2015-03-02 20:04:12 +01:00
|
|
|
if (virMemoryLimitIsSet(vm->def->mem.swap_hard_limit))
|
|
|
|
if (virCgroupSetMemSwapHardLimit(priv->cgroup, vm->def->mem.swap_hard_limit) < 0)
|
|
|
|
return -1;
|
2013-05-20 19:39:54 +08:00
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2016-02-16 16:26:01 +01:00
|
|
|
static int
|
|
|
|
qemuSetupFirmwareCgroup(virDomainObjPtr vm)
|
|
|
|
{
|
|
|
|
if (!vm->def->os.loader)
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
if (vm->def->os.loader->path &&
|
|
|
|
qemuSetupImagePathCgroup(vm, vm->def->os.loader->path,
|
|
|
|
vm->def->os.loader->readonly == VIR_TRISTATE_BOOL_YES) < 0)
|
|
|
|
return -1;
|
|
|
|
|
|
|
|
if (vm->def->os.loader->nvram &&
|
|
|
|
qemuSetupImagePathCgroup(vm, vm->def->os.loader->nvram, false) < 0)
|
|
|
|
return -1;
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2016-11-18 11:17:51 +01:00
|
|
|
int
|
|
|
|
qemuSetupRNGCgroup(virDomainObjPtr vm,
|
|
|
|
virDomainRNGDefPtr rng)
|
|
|
|
{
|
|
|
|
qemuDomainObjPrivatePtr priv = vm->privateData;
|
|
|
|
int rv;
|
|
|
|
|
|
|
|
if (rng->backend == VIR_DOMAIN_RNG_BACKEND_RANDOM) {
|
|
|
|
VIR_DEBUG("Setting Cgroup ACL for RNG device");
|
|
|
|
rv = virCgroupAllowDevicePath(priv->cgroup,
|
|
|
|
rng->source.file,
|
|
|
|
VIR_CGROUP_DEVICE_RW, false);
|
|
|
|
virDomainAuditCgroupPath(vm, priv->cgroup, "allow",
|
|
|
|
rng->source.file,
|
|
|
|
"rw", rv == 0);
|
|
|
|
if (rv < 0 &&
|
|
|
|
!virLastErrorIsSystemErrno(ENOENT))
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
int
|
|
|
|
qemuTeardownRNGCgroup(virDomainObjPtr vm,
|
|
|
|
virDomainRNGDefPtr rng)
|
|
|
|
{
|
|
|
|
qemuDomainObjPrivatePtr priv = vm->privateData;
|
|
|
|
int rv;
|
|
|
|
|
|
|
|
if (rng->backend == VIR_DOMAIN_RNG_BACKEND_RANDOM) {
|
|
|
|
VIR_DEBUG("Tearing down Cgroup ACL for RNG device");
|
|
|
|
rv = virCgroupDenyDevicePath(priv->cgroup,
|
|
|
|
rng->source.file,
|
|
|
|
VIR_CGROUP_DEVICE_RW, false);
|
|
|
|
virDomainAuditCgroupPath(vm, priv->cgroup, "deny",
|
|
|
|
rng->source.file,
|
|
|
|
"rw", rv == 0);
|
|
|
|
if (rv < 0 &&
|
|
|
|
!virLastErrorIsSystemErrno(ENOENT))
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2016-11-18 11:45:44 +01:00
|
|
|
int
|
|
|
|
qemuSetupChardevCgroup(virDomainObjPtr vm,
|
|
|
|
virDomainChrDefPtr dev)
|
|
|
|
{
|
|
|
|
return qemuSetupChrSourceCgroup(vm, dev->source);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
int
|
|
|
|
qemuTeardownChardevCgroup(virDomainObjPtr vm,
|
|
|
|
virDomainChrDefPtr dev)
|
|
|
|
{
|
|
|
|
return qemuTeardownChrSourceCgroup(vm, dev->source);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2013-05-17 19:59:33 +08:00
|
|
|
static int
|
|
|
|
qemuSetupDevicesCgroup(virQEMUDriverPtr driver,
|
|
|
|
virDomainObjPtr vm)
|
|
|
|
{
|
|
|
|
qemuDomainObjPrivatePtr priv = vm->privateData;
|
|
|
|
virQEMUDriverConfigPtr cfg = NULL;
|
|
|
|
const char *const *deviceACL = NULL;
|
2013-07-08 11:08:46 +01:00
|
|
|
int rv = -1;
|
2013-05-17 19:59:33 +08:00
|
|
|
int ret = -1;
|
Convert 'int i' to 'size_t i' in src/qemu files
Convert the type of loop iterators named 'i', 'j', k',
'ii', 'jj', 'kk', to be 'size_t' instead of 'int' or
'unsigned int', also santizing 'ii', 'jj', 'kk' to use
the normal 'i', 'j', 'k' naming
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-07-08 15:09:33 +01:00
|
|
|
size_t i;
|
2013-05-17 19:59:33 +08:00
|
|
|
|
|
|
|
if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DEVICES))
|
|
|
|
return 0;
|
|
|
|
|
2013-07-08 11:08:46 +01:00
|
|
|
rv = virCgroupDenyAllDevices(priv->cgroup);
|
|
|
|
virDomainAuditCgroup(vm, priv->cgroup, "deny", "all", rv == 0);
|
|
|
|
if (rv < 0) {
|
|
|
|
if (virLastErrorIsSystemErrno(EPERM)) {
|
|
|
|
virResetLastError();
|
2013-05-17 19:59:33 +08:00
|
|
|
VIR_WARN("Group devices ACL is not accessible, disabling whitelisting");
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
goto cleanup;
|
|
|
|
}
|
|
|
|
|
2016-02-16 16:26:01 +01:00
|
|
|
if (qemuSetupFirmwareCgroup(vm) < 0)
|
|
|
|
goto cleanup;
|
|
|
|
|
2013-05-21 15:21:20 +08:00
|
|
|
for (i = 0; i < vm->def->ndisks; i++) {
|
2013-05-17 19:59:33 +08:00
|
|
|
if (qemuSetupDiskCgroup(vm, vm->def->disks[i]) < 0)
|
|
|
|
goto cleanup;
|
|
|
|
}
|
|
|
|
|
2016-02-16 13:57:10 +01:00
|
|
|
rv = virCgroupAllowDevice(priv->cgroup, 'c', DEVICE_PTY_MAJOR, -1,
|
|
|
|
VIR_CGROUP_DEVICE_RW);
|
2013-05-17 19:59:33 +08:00
|
|
|
virDomainAuditCgroupMajor(vm, priv->cgroup, "allow", DEVICE_PTY_MAJOR,
|
2013-07-08 11:08:46 +01:00
|
|
|
"pty", "rw", rv == 0);
|
|
|
|
if (rv < 0)
|
2013-05-17 19:59:33 +08:00
|
|
|
goto cleanup;
|
|
|
|
|
|
|
|
cfg = virQEMUDriverGetConfig(driver);
|
|
|
|
deviceACL = cfg->cgroupDeviceACL ?
|
|
|
|
(const char *const *)cfg->cgroupDeviceACL :
|
|
|
|
defaultDeviceACL;
|
|
|
|
|
|
|
|
if (vm->def->nsounds &&
|
2013-08-17 15:30:47 -04:00
|
|
|
((!vm->def->ngraphics && cfg->nogfxAllowHostAudio) ||
|
2013-10-01 07:55:19 -04:00
|
|
|
(vm->def->graphics &&
|
|
|
|
((vm->def->graphics[0]->type == VIR_DOMAIN_GRAPHICS_TYPE_VNC &&
|
2013-05-17 19:59:33 +08:00
|
|
|
cfg->vncAllowHostAudio) ||
|
2013-10-01 07:55:19 -04:00
|
|
|
(vm->def->graphics[0]->type == VIR_DOMAIN_GRAPHICS_TYPE_SDL))))) {
|
2016-02-16 13:57:10 +01:00
|
|
|
rv = virCgroupAllowDevice(priv->cgroup, 'c', DEVICE_SND_MAJOR, -1,
|
|
|
|
VIR_CGROUP_DEVICE_RW);
|
2013-05-17 19:59:33 +08:00
|
|
|
virDomainAuditCgroupMajor(vm, priv->cgroup, "allow", DEVICE_SND_MAJOR,
|
2013-07-08 11:08:46 +01:00
|
|
|
"sound", "rw", rv == 0);
|
|
|
|
if (rv < 0)
|
2013-05-17 19:59:33 +08:00
|
|
|
goto cleanup;
|
|
|
|
}
|
|
|
|
|
2013-05-21 15:21:20 +08:00
|
|
|
for (i = 0; deviceACL[i] != NULL; i++) {
|
2013-09-13 15:32:43 +02:00
|
|
|
if (!virFileExists(deviceACL[i])) {
|
2014-04-21 01:37:46 +05:30
|
|
|
VIR_DEBUG("Ignoring non-existent device %s", deviceACL[i]);
|
2013-05-17 19:59:33 +08:00
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
2013-07-08 11:08:46 +01:00
|
|
|
rv = virCgroupAllowDevicePath(priv->cgroup, deviceACL[i],
|
2016-02-16 14:43:41 +01:00
|
|
|
VIR_CGROUP_DEVICE_RW, false);
|
2013-07-08 11:08:46 +01:00
|
|
|
virDomainAuditCgroupPath(vm, priv->cgroup, "allow", deviceACL[i], "rw", rv == 0);
|
|
|
|
if (rv < 0 &&
|
|
|
|
!virLastErrorIsSystemErrno(ENOENT))
|
2013-05-17 19:59:33 +08:00
|
|
|
goto cleanup;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (virDomainChrDefForeach(vm->def,
|
|
|
|
true,
|
2016-11-18 11:45:44 +01:00
|
|
|
qemuSetupChardevCgroupCB,
|
2013-05-17 19:59:33 +08:00
|
|
|
vm) < 0)
|
|
|
|
goto cleanup;
|
|
|
|
|
2015-11-19 14:25:44 +01:00
|
|
|
if (vm->def->tpm && qemuSetupTPMCgroup(vm) < 0)
|
2013-05-17 19:59:33 +08:00
|
|
|
goto cleanup;
|
|
|
|
|
|
|
|
for (i = 0; i < vm->def->nhostdevs; i++) {
|
2015-11-19 14:35:46 +01:00
|
|
|
if (qemuSetupHostdevCgroup(vm, vm->def->hostdevs[i]) < 0)
|
2013-05-17 19:59:33 +08:00
|
|
|
goto cleanup;
|
|
|
|
}
|
|
|
|
|
2015-11-19 14:32:22 +01:00
|
|
|
for (i = 0; i < vm->def->ninputs; i++) {
|
|
|
|
if (qemuSetupInputCgroup(vm, vm->def->inputs[i]) < 0)
|
|
|
|
goto cleanup;
|
|
|
|
}
|
|
|
|
|
2013-02-25 23:31:11 +01:00
|
|
|
for (i = 0; i < vm->def->nrngs; i++) {
|
2016-11-18 11:17:51 +01:00
|
|
|
if (qemuSetupRNGCgroup(vm, vm->def->rngs[i]) < 0)
|
|
|
|
goto cleanup;
|
2014-01-16 19:11:17 +05:30
|
|
|
}
|
|
|
|
|
2013-05-17 19:59:33 +08:00
|
|
|
ret = 0;
|
2014-03-25 07:49:44 +01:00
|
|
|
cleanup:
|
2013-05-17 19:59:33 +08:00
|
|
|
virObjectUnref(cfg);
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2014-12-12 15:03:12 +01:00
|
|
|
int
|
2014-12-12 15:23:12 +01:00
|
|
|
qemuSetupCpusetMems(virDomainObjPtr vm)
|
2013-05-17 19:59:34 +08:00
|
|
|
{
|
2014-11-10 21:53:19 +08:00
|
|
|
virCgroupPtr cgroup_temp = NULL;
|
2013-05-17 19:59:34 +08:00
|
|
|
qemuDomainObjPrivatePtr priv = vm->privateData;
|
2015-05-19 11:55:26 +02:00
|
|
|
virDomainNumatuneMemMode mode;
|
2013-05-24 17:08:28 +08:00
|
|
|
char *mem_mask = NULL;
|
2013-05-17 19:59:34 +08:00
|
|
|
int ret = -1;
|
|
|
|
|
|
|
|
if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_CPUSET))
|
|
|
|
return 0;
|
|
|
|
|
2015-05-19 11:55:26 +02:00
|
|
|
if (virDomainNumatuneGetMode(vm->def->numa, -1, &mode) < 0 ||
|
|
|
|
mode != VIR_DOMAIN_NUMATUNE_MEM_STRICT)
|
2014-11-10 21:53:17 +08:00
|
|
|
return 0;
|
|
|
|
|
2015-02-11 14:54:59 +01:00
|
|
|
if (virDomainNumatuneMaybeFormatNodeset(vm->def->numa,
|
2014-12-12 15:23:12 +01:00
|
|
|
priv->autoNodeset,
|
2014-06-26 19:46:45 +02:00
|
|
|
&mem_mask, -1) < 0)
|
2014-06-09 15:00:22 +02:00
|
|
|
goto cleanup;
|
2013-05-17 19:59:34 +08:00
|
|
|
|
2014-11-10 21:53:19 +08:00
|
|
|
if (mem_mask)
|
2015-04-07 08:53:35 -04:00
|
|
|
if (virCgroupNewThread(priv->cgroup, VIR_CGROUP_THREAD_EMULATOR, 0,
|
|
|
|
false, &cgroup_temp) < 0 ||
|
2014-12-12 15:29:48 +01:00
|
|
|
virCgroupSetCpusetMems(cgroup_temp, mem_mask) < 0)
|
2014-11-10 21:53:19 +08:00
|
|
|
goto cleanup;
|
2013-05-17 19:59:34 +08:00
|
|
|
|
2014-07-08 09:53:06 +02:00
|
|
|
ret = 0;
|
|
|
|
cleanup:
|
|
|
|
VIR_FREE(mem_mask);
|
2014-11-10 21:53:19 +08:00
|
|
|
virCgroupFree(&cgroup_temp);
|
2014-07-08 09:53:06 +02:00
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static int
|
2015-03-27 10:11:00 +01:00
|
|
|
qemuSetupCpusetCgroup(virDomainObjPtr vm)
|
2014-07-08 09:53:06 +02:00
|
|
|
{
|
|
|
|
qemuDomainObjPrivatePtr priv = vm->privateData;
|
|
|
|
|
|
|
|
if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_CPUSET))
|
|
|
|
return 0;
|
|
|
|
|
2015-03-11 11:17:15 +01:00
|
|
|
if (virCgroupSetCpusetMemoryMigrate(priv->cgroup, true) < 0)
|
|
|
|
return -1;
|
|
|
|
|
2015-03-27 10:23:19 +01:00
|
|
|
return 0;
|
2013-05-17 19:59:34 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2013-05-24 17:08:27 +08:00
|
|
|
static int
|
2014-09-29 13:47:44 +02:00
|
|
|
qemuSetupCpuCgroup(virQEMUDriverPtr driver,
|
|
|
|
virDomainObjPtr vm)
|
2013-05-24 17:08:27 +08:00
|
|
|
{
|
|
|
|
qemuDomainObjPrivatePtr priv = vm->privateData;
|
2014-09-09 16:34:12 +02:00
|
|
|
virObjectEventPtr event = NULL;
|
|
|
|
virTypedParameterPtr eventParams = NULL;
|
|
|
|
int eventNparams = 0;
|
|
|
|
int eventMaxparams = 0;
|
2013-05-24 17:08:27 +08:00
|
|
|
|
|
|
|
if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_CPU)) {
|
2014-03-04 12:39:46 +01:00
|
|
|
if (vm->def->cputune.sharesSpecified) {
|
2013-05-24 17:08:27 +08:00
|
|
|
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
|
|
|
|
_("CPU tuning is not available on this host"));
|
|
|
|
return -1;
|
|
|
|
} else {
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2014-03-04 13:56:24 +01:00
|
|
|
if (vm->def->cputune.sharesSpecified) {
|
|
|
|
unsigned long long val;
|
|
|
|
if (virCgroupSetCpuShares(priv->cgroup, vm->def->cputune.shares) < 0)
|
|
|
|
return -1;
|
|
|
|
|
|
|
|
if (virCgroupGetCpuShares(priv->cgroup, &val) < 0)
|
|
|
|
return -1;
|
2014-09-09 16:34:12 +02:00
|
|
|
if (vm->def->cputune.shares != val) {
|
|
|
|
vm->def->cputune.shares = val;
|
|
|
|
if (virTypedParamsAddULLong(&eventParams, &eventNparams,
|
|
|
|
&eventMaxparams,
|
2014-09-25 17:48:01 +01:00
|
|
|
VIR_DOMAIN_TUNABLE_CPU_CPU_SHARES,
|
2014-09-09 16:34:12 +02:00
|
|
|
val) < 0)
|
|
|
|
return -1;
|
|
|
|
|
|
|
|
event = virDomainEventTunableNewFromObj(vm, eventParams, eventNparams);
|
|
|
|
}
|
|
|
|
|
2015-07-07 15:33:53 +02:00
|
|
|
qemuDomainEventQueue(driver, event);
|
2014-03-04 13:56:24 +01:00
|
|
|
}
|
2013-05-24 17:08:27 +08:00
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2013-07-22 13:59:28 +01:00
|
|
|
static int
|
2013-07-18 11:29:27 +02:00
|
|
|
qemuInitCgroup(virQEMUDriverPtr driver,
|
2015-01-16 11:25:50 +00:00
|
|
|
virDomainObjPtr vm,
|
|
|
|
size_t nnicindexes,
|
|
|
|
int *nicindexes)
|
2013-03-21 14:40:29 +00:00
|
|
|
{
|
2013-07-08 11:08:46 +01:00
|
|
|
int ret = -1;
|
2013-03-21 14:40:29 +00:00
|
|
|
qemuDomainObjPrivatePtr priv = vm->privateData;
|
|
|
|
virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
|
|
|
|
|
2015-06-15 20:59:58 +02:00
|
|
|
if (!virQEMUDriverIsPrivileged(driver))
|
2013-04-04 12:10:55 +01:00
|
|
|
goto done;
|
|
|
|
|
2013-07-04 16:49:24 +01:00
|
|
|
if (!virCgroupAvailable())
|
|
|
|
goto done;
|
|
|
|
|
2013-03-21 14:40:29 +00:00
|
|
|
virCgroupFree(&priv->cgroup);
|
|
|
|
|
2013-07-22 13:59:28 +01:00
|
|
|
if (!vm->def->resource) {
|
Change default cgroup layout for QEMU/LXC and honour XML config
Historically QEMU/LXC guests have been placed in a cgroup layout
that is
$LOCATION-OF-LIBVIRTD/libvirt/{qemu,lxc}/$VMNAME
This is bad for a number of reasons
- The cgroup hierarchy gets very deep which seriously
impacts kernel performance due to cgroups scalability
limitations.
- It is hard to setup cgroup policies which apply across
services and virtual machines, since all VMs are underneath
the libvirtd service.
To address this the default cgroup location is changed to
be
/system/$VMNAME.{lxc,qemu}.libvirt
This puts virtual machines at the same level in the hierarchy
as system services, allowing consistent policy to be setup
across all of them.
This also honours the new resource partition location from the
XML configuration, for example
<resource>
<partition>/virtualmachines/production</partitions>
</resource>
will result in the VM being placed at
/virtualmachines/production/$VMNAME.{lxc,qemu}.libvirt
NB, with the exception of the default, /system, path which
is intended to always exist, libvirt will not attempt to
auto-create the partitions in the XML. It is the responsibility
of the admin/app to configure the partitions. Later libvirt
APIs will provide a way todo this.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-04-03 11:01:49 +01:00
|
|
|
virDomainResourceDefPtr res;
|
|
|
|
|
2013-07-04 12:14:12 +02:00
|
|
|
if (VIR_ALLOC(res) < 0)
|
Change default cgroup layout for QEMU/LXC and honour XML config
Historically QEMU/LXC guests have been placed in a cgroup layout
that is
$LOCATION-OF-LIBVIRTD/libvirt/{qemu,lxc}/$VMNAME
This is bad for a number of reasons
- The cgroup hierarchy gets very deep which seriously
impacts kernel performance due to cgroups scalability
limitations.
- It is hard to setup cgroup policies which apply across
services and virtual machines, since all VMs are underneath
the libvirtd service.
To address this the default cgroup location is changed to
be
/system/$VMNAME.{lxc,qemu}.libvirt
This puts virtual machines at the same level in the hierarchy
as system services, allowing consistent policy to be setup
across all of them.
This also honours the new resource partition location from the
XML configuration, for example
<resource>
<partition>/virtualmachines/production</partitions>
</resource>
will result in the VM being placed at
/virtualmachines/production/$VMNAME.{lxc,qemu}.libvirt
NB, with the exception of the default, /system, path which
is intended to always exist, libvirt will not attempt to
auto-create the partitions in the XML. It is the responsibility
of the admin/app to configure the partitions. Later libvirt
APIs will provide a way todo this.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-04-03 11:01:49 +01:00
|
|
|
goto cleanup;
|
2013-03-21 14:40:29 +00:00
|
|
|
|
2013-05-20 11:23:13 +02:00
|
|
|
if (VIR_STRDUP(res->partition, "/machine") < 0) {
|
Change default cgroup layout for QEMU/LXC and honour XML config
Historically QEMU/LXC guests have been placed in a cgroup layout
that is
$LOCATION-OF-LIBVIRTD/libvirt/{qemu,lxc}/$VMNAME
This is bad for a number of reasons
- The cgroup hierarchy gets very deep which seriously
impacts kernel performance due to cgroups scalability
limitations.
- It is hard to setup cgroup policies which apply across
services and virtual machines, since all VMs are underneath
the libvirtd service.
To address this the default cgroup location is changed to
be
/system/$VMNAME.{lxc,qemu}.libvirt
This puts virtual machines at the same level in the hierarchy
as system services, allowing consistent policy to be setup
across all of them.
This also honours the new resource partition location from the
XML configuration, for example
<resource>
<partition>/virtualmachines/production</partitions>
</resource>
will result in the VM being placed at
/virtualmachines/production/$VMNAME.{lxc,qemu}.libvirt
NB, with the exception of the default, /system, path which
is intended to always exist, libvirt will not attempt to
auto-create the partitions in the XML. It is the responsibility
of the admin/app to configure the partitions. Later libvirt
APIs will provide a way todo this.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-04-03 11:01:49 +01:00
|
|
|
VIR_FREE(res);
|
|
|
|
goto cleanup;
|
|
|
|
}
|
|
|
|
|
|
|
|
vm->def->resource = res;
|
2013-03-21 14:40:29 +00:00
|
|
|
}
|
|
|
|
|
2013-07-22 13:59:28 +01:00
|
|
|
if (vm->def->resource->partition[0] != '/') {
|
|
|
|
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
|
|
|
|
_("Resource partition '%s' must start with '/'"),
|
|
|
|
vm->def->resource->partition);
|
|
|
|
goto cleanup;
|
|
|
|
}
|
2013-07-22 16:44:52 +01:00
|
|
|
|
2016-02-01 16:50:54 +01:00
|
|
|
/*
|
|
|
|
* We need to do this because of systemd-machined, because
|
|
|
|
* CreateMachine requires the name to be a valid hostname.
|
|
|
|
*/
|
|
|
|
priv->machineName = virSystemdMakeMachineName("qemu",
|
|
|
|
vm->def->id,
|
|
|
|
vm->def->name,
|
|
|
|
virQEMUDriverIsPrivileged(driver));
|
|
|
|
if (!priv->machineName)
|
|
|
|
goto cleanup;
|
|
|
|
|
|
|
|
if (virCgroupNewMachine(priv->machineName,
|
2013-07-22 16:44:52 +01:00
|
|
|
"qemu",
|
|
|
|
vm->def->uuid,
|
|
|
|
NULL,
|
|
|
|
vm->pid,
|
|
|
|
false,
|
2015-01-16 11:25:50 +00:00
|
|
|
nnicindexes, nicindexes,
|
2013-07-22 16:44:52 +01:00
|
|
|
vm->def->resource->partition,
|
|
|
|
cfg->cgroupControllers,
|
|
|
|
&priv->cgroup) < 0) {
|
2013-07-22 13:59:28 +01:00
|
|
|
if (virCgroupNewIgnoreError())
|
|
|
|
goto done;
|
Change default cgroup layout for QEMU/LXC and honour XML config
Historically QEMU/LXC guests have been placed in a cgroup layout
that is
$LOCATION-OF-LIBVIRTD/libvirt/{qemu,lxc}/$VMNAME
This is bad for a number of reasons
- The cgroup hierarchy gets very deep which seriously
impacts kernel performance due to cgroups scalability
limitations.
- It is hard to setup cgroup policies which apply across
services and virtual machines, since all VMs are underneath
the libvirtd service.
To address this the default cgroup location is changed to
be
/system/$VMNAME.{lxc,qemu}.libvirt
This puts virtual machines at the same level in the hierarchy
as system services, allowing consistent policy to be setup
across all of them.
This also honours the new resource partition location from the
XML configuration, for example
<resource>
<partition>/virtualmachines/production</partitions>
</resource>
will result in the VM being placed at
/virtualmachines/production/$VMNAME.{lxc,qemu}.libvirt
NB, with the exception of the default, /system, path which
is intended to always exist, libvirt will not attempt to
auto-create the partitions in the XML. It is the responsibility
of the admin/app to configure the partitions. Later libvirt
APIs will provide a way todo this.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-04-03 11:01:49 +01:00
|
|
|
|
2013-07-22 13:59:28 +01:00
|
|
|
goto cleanup;
|
|
|
|
}
|
Change default cgroup layout for QEMU/LXC and honour XML config
Historically QEMU/LXC guests have been placed in a cgroup layout
that is
$LOCATION-OF-LIBVIRTD/libvirt/{qemu,lxc}/$VMNAME
This is bad for a number of reasons
- The cgroup hierarchy gets very deep which seriously
impacts kernel performance due to cgroups scalability
limitations.
- It is hard to setup cgroup policies which apply across
services and virtual machines, since all VMs are underneath
the libvirtd service.
To address this the default cgroup location is changed to
be
/system/$VMNAME.{lxc,qemu}.libvirt
This puts virtual machines at the same level in the hierarchy
as system services, allowing consistent policy to be setup
across all of them.
This also honours the new resource partition location from the
XML configuration, for example
<resource>
<partition>/virtualmachines/production</partitions>
</resource>
will result in the VM being placed at
/virtualmachines/production/$VMNAME.{lxc,qemu}.libvirt
NB, with the exception of the default, /system, path which
is intended to always exist, libvirt will not attempt to
auto-create the partitions in the XML. It is the responsibility
of the admin/app to configure the partitions. Later libvirt
APIs will provide a way todo this.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-04-03 11:01:49 +01:00
|
|
|
|
2014-03-25 07:49:44 +01:00
|
|
|
done:
|
2013-07-22 13:59:28 +01:00
|
|
|
ret = 0;
|
2014-03-25 07:49:44 +01:00
|
|
|
cleanup:
|
2013-07-22 13:59:28 +01:00
|
|
|
virObjectUnref(cfg);
|
|
|
|
return ret;
|
|
|
|
}
|
Change default cgroup layout for QEMU/LXC and honour XML config
Historically QEMU/LXC guests have been placed in a cgroup layout
that is
$LOCATION-OF-LIBVIRTD/libvirt/{qemu,lxc}/$VMNAME
This is bad for a number of reasons
- The cgroup hierarchy gets very deep which seriously
impacts kernel performance due to cgroups scalability
limitations.
- It is hard to setup cgroup policies which apply across
services and virtual machines, since all VMs are underneath
the libvirtd service.
To address this the default cgroup location is changed to
be
/system/$VMNAME.{lxc,qemu}.libvirt
This puts virtual machines at the same level in the hierarchy
as system services, allowing consistent policy to be setup
across all of them.
This also honours the new resource partition location from the
XML configuration, for example
<resource>
<partition>/virtualmachines/production</partitions>
</resource>
will result in the VM being placed at
/virtualmachines/production/$VMNAME.{lxc,qemu}.libvirt
NB, with the exception of the default, /system, path which
is intended to always exist, libvirt will not attempt to
auto-create the partitions in the XML. It is the responsibility
of the admin/app to configure the partitions. Later libvirt
APIs will provide a way todo this.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-04-03 11:01:49 +01:00
|
|
|
|
2014-12-12 15:29:48 +01:00
|
|
|
static void
|
|
|
|
qemuRestoreCgroupState(virDomainObjPtr vm)
|
|
|
|
{
|
2015-02-17 14:08:22 +01:00
|
|
|
char *mem_mask = NULL;
|
2015-03-11 11:17:15 +01:00
|
|
|
char *nodeset = NULL;
|
2014-12-12 15:29:48 +01:00
|
|
|
int empty = -1;
|
|
|
|
qemuDomainObjPrivatePtr priv = vm->privateData;
|
2015-03-11 11:17:15 +01:00
|
|
|
size_t i = 0;
|
2014-12-12 15:29:48 +01:00
|
|
|
virBitmapPtr all_nodes;
|
2015-03-11 11:17:15 +01:00
|
|
|
virCgroupPtr cgroup_temp = NULL;
|
2014-12-12 15:29:48 +01:00
|
|
|
|
2016-11-24 13:28:00 +01:00
|
|
|
if (!virNumaIsAvailable() ||
|
|
|
|
!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_CPUSET))
|
|
|
|
return;
|
|
|
|
|
2016-09-13 15:55:06 +02:00
|
|
|
if (!(all_nodes = virNumaGetHostMemoryNodeset()))
|
2014-12-12 15:29:48 +01:00
|
|
|
goto error;
|
|
|
|
|
|
|
|
if (!(mem_mask = virBitmapFormat(all_nodes)))
|
|
|
|
goto error;
|
|
|
|
|
|
|
|
if ((empty = virCgroupHasEmptyTasks(priv->cgroup,
|
2014-12-16 19:59:33 +01:00
|
|
|
VIR_CGROUP_CONTROLLER_CPUSET)) <= 0)
|
2014-12-12 15:29:48 +01:00
|
|
|
goto error;
|
|
|
|
|
|
|
|
if (virCgroupSetCpusetMems(priv->cgroup, mem_mask) < 0)
|
|
|
|
goto error;
|
|
|
|
|
2015-11-20 16:10:04 +01:00
|
|
|
for (i = 0; i < virDomainDefGetVcpusMax(vm->def); i++) {
|
2016-06-29 13:16:22 +02:00
|
|
|
virDomainVcpuDefPtr vcpu = virDomainDefGetVcpu(vm->def, i);
|
2015-11-20 16:10:04 +01:00
|
|
|
|
|
|
|
if (!vcpu->online)
|
|
|
|
continue;
|
|
|
|
|
2015-04-07 08:53:35 -04:00
|
|
|
if (virCgroupNewThread(priv->cgroup, VIR_CGROUP_THREAD_VCPU, i,
|
|
|
|
false, &cgroup_temp) < 0 ||
|
2015-03-11 11:17:15 +01:00
|
|
|
virCgroupSetCpusetMemoryMigrate(cgroup_temp, true) < 0 ||
|
|
|
|
virCgroupGetCpusetMems(cgroup_temp, &nodeset) < 0 ||
|
|
|
|
virCgroupSetCpusetMems(cgroup_temp, nodeset) < 0)
|
|
|
|
goto cleanup;
|
|
|
|
|
2015-04-08 14:25:59 +08:00
|
|
|
VIR_FREE(nodeset);
|
2015-03-11 11:17:15 +01:00
|
|
|
virCgroupFree(&cgroup_temp);
|
|
|
|
}
|
|
|
|
|
2015-04-10 09:21:23 -04:00
|
|
|
for (i = 0; i < vm->def->niothreadids; i++) {
|
|
|
|
if (virCgroupNewThread(priv->cgroup, VIR_CGROUP_THREAD_IOTHREAD,
|
|
|
|
vm->def->iothreadids[i]->iothread_id,
|
2015-04-07 08:53:35 -04:00
|
|
|
false, &cgroup_temp) < 0 ||
|
2015-03-11 11:17:15 +01:00
|
|
|
virCgroupSetCpusetMemoryMigrate(cgroup_temp, true) < 0 ||
|
|
|
|
virCgroupGetCpusetMems(cgroup_temp, &nodeset) < 0 ||
|
|
|
|
virCgroupSetCpusetMems(cgroup_temp, nodeset) < 0)
|
|
|
|
goto cleanup;
|
|
|
|
|
2015-04-08 14:25:59 +08:00
|
|
|
VIR_FREE(nodeset);
|
2015-03-11 11:17:15 +01:00
|
|
|
virCgroupFree(&cgroup_temp);
|
|
|
|
}
|
|
|
|
|
2015-04-07 08:53:35 -04:00
|
|
|
if (virCgroupNewThread(priv->cgroup, VIR_CGROUP_THREAD_EMULATOR, 0,
|
|
|
|
false, &cgroup_temp) < 0 ||
|
2015-03-11 11:17:15 +01:00
|
|
|
virCgroupSetCpusetMemoryMigrate(cgroup_temp, true) < 0 ||
|
|
|
|
virCgroupGetCpusetMems(cgroup_temp, &nodeset) < 0 ||
|
|
|
|
virCgroupSetCpusetMems(cgroup_temp, nodeset) < 0)
|
|
|
|
goto cleanup;
|
|
|
|
|
2014-12-12 15:29:48 +01:00
|
|
|
cleanup:
|
|
|
|
VIR_FREE(mem_mask);
|
2015-03-11 11:17:15 +01:00
|
|
|
VIR_FREE(nodeset);
|
2014-12-12 15:29:48 +01:00
|
|
|
virBitmapFree(all_nodes);
|
2015-03-11 11:17:15 +01:00
|
|
|
virCgroupFree(&cgroup_temp);
|
2014-12-12 15:29:48 +01:00
|
|
|
return;
|
|
|
|
|
|
|
|
error:
|
|
|
|
virResetLastError();
|
|
|
|
VIR_DEBUG("Couldn't restore cgroups to meaningful state");
|
|
|
|
goto cleanup;
|
|
|
|
}
|
2013-07-22 13:59:28 +01:00
|
|
|
|
|
|
|
int
|
|
|
|
qemuConnectCgroup(virQEMUDriverPtr driver,
|
|
|
|
virDomainObjPtr vm)
|
|
|
|
{
|
|
|
|
virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
|
|
|
|
qemuDomainObjPrivatePtr priv = vm->privateData;
|
|
|
|
int ret = -1;
|
|
|
|
|
2015-06-15 20:59:58 +02:00
|
|
|
if (!virQEMUDriverIsPrivileged(driver))
|
2013-07-22 13:59:28 +01:00
|
|
|
goto done;
|
|
|
|
|
|
|
|
if (!virCgroupAvailable())
|
|
|
|
goto done;
|
|
|
|
|
|
|
|
virCgroupFree(&priv->cgroup);
|
|
|
|
|
2013-07-24 17:36:42 +01:00
|
|
|
if (virCgroupNewDetectMachine(vm->def->name,
|
|
|
|
"qemu",
|
2016-02-01 16:50:54 +01:00
|
|
|
vm->def->id,
|
|
|
|
virQEMUDriverIsPrivileged(driver),
|
2013-07-24 17:36:42 +01:00
|
|
|
vm->pid,
|
2013-07-24 17:31:25 +01:00
|
|
|
cfg->cgroupControllers,
|
2013-07-24 17:36:42 +01:00
|
|
|
&priv->cgroup) < 0)
|
2013-07-22 13:59:28 +01:00
|
|
|
goto cleanup;
|
2013-03-21 14:40:29 +00:00
|
|
|
|
2016-02-01 16:50:54 +01:00
|
|
|
priv->machineName = virSystemdGetMachineNameByPID(vm->pid);
|
|
|
|
if (!priv->machineName)
|
|
|
|
virResetLastError();
|
|
|
|
|
2014-12-12 15:29:48 +01:00
|
|
|
qemuRestoreCgroupState(vm);
|
|
|
|
|
2014-03-25 07:49:44 +01:00
|
|
|
done:
|
2013-07-08 11:08:46 +01:00
|
|
|
ret = 0;
|
2014-03-25 07:49:44 +01:00
|
|
|
cleanup:
|
2013-03-21 14:40:29 +00:00
|
|
|
virObjectUnref(cfg);
|
2013-07-08 11:08:46 +01:00
|
|
|
return ret;
|
2013-03-21 14:40:29 +00:00
|
|
|
}
|
|
|
|
|
2013-07-18 11:29:27 +02:00
|
|
|
int
|
|
|
|
qemuSetupCgroup(virQEMUDriverPtr driver,
|
2015-01-16 11:25:50 +00:00
|
|
|
virDomainObjPtr vm,
|
|
|
|
size_t nnicindexes,
|
|
|
|
int *nicindexes)
|
2010-12-16 16:10:54 +00:00
|
|
|
{
|
2013-03-21 14:40:29 +00:00
|
|
|
qemuDomainObjPrivatePtr priv = vm->privateData;
|
2013-05-24 17:08:27 +08:00
|
|
|
int ret = -1;
|
2010-12-16 16:10:54 +00:00
|
|
|
|
2013-07-22 15:21:15 +01:00
|
|
|
if (!vm->pid) {
|
|
|
|
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
|
|
|
|
_("Cannot setup cgroups until process is started"));
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
2015-01-16 11:25:50 +00:00
|
|
|
if (qemuInitCgroup(driver, vm, nnicindexes, nicindexes) < 0)
|
2013-03-21 14:40:29 +00:00
|
|
|
return -1;
|
2010-12-16 16:10:54 +00:00
|
|
|
|
2013-03-21 14:40:29 +00:00
|
|
|
if (!priv->cgroup)
|
2013-05-24 17:08:27 +08:00
|
|
|
return 0;
|
2010-12-16 16:10:54 +00:00
|
|
|
|
2013-05-17 19:59:33 +08:00
|
|
|
if (qemuSetupDevicesCgroup(driver, vm) < 0)
|
|
|
|
goto cleanup;
|
2010-12-16 16:10:54 +00:00
|
|
|
|
2013-05-17 19:59:31 +08:00
|
|
|
if (qemuSetupBlkioCgroup(vm) < 0)
|
|
|
|
goto cleanup;
|
2011-02-08 14:59:38 +08:00
|
|
|
|
2013-05-20 19:39:54 +08:00
|
|
|
if (qemuSetupMemoryCgroup(vm) < 0)
|
|
|
|
goto cleanup;
|
2010-12-16 16:10:54 +00:00
|
|
|
|
2014-09-29 13:47:44 +02:00
|
|
|
if (qemuSetupCpuCgroup(driver, vm) < 0)
|
2013-05-24 17:08:27 +08:00
|
|
|
goto cleanup;
|
2011-03-29 21:41:25 +08:00
|
|
|
|
2015-03-27 10:11:00 +01:00
|
|
|
if (qemuSetupCpusetCgroup(vm) < 0)
|
2013-05-17 19:59:34 +08:00
|
|
|
goto cleanup;
|
2010-12-16 16:10:54 +00:00
|
|
|
|
2013-05-24 17:08:27 +08:00
|
|
|
ret = 0;
|
2014-03-25 07:49:44 +01:00
|
|
|
cleanup:
|
2013-05-24 17:08:27 +08:00
|
|
|
return ret;
|
2010-12-16 16:10:54 +00:00
|
|
|
}
|
|
|
|
|
2013-07-18 11:29:27 +02:00
|
|
|
int
|
|
|
|
qemuSetupCgroupVcpuBW(virCgroupPtr cgroup,
|
|
|
|
unsigned long long period,
|
|
|
|
long long quota)
|
2011-07-21 10:10:31 +08:00
|
|
|
{
|
|
|
|
unsigned long long old_period;
|
|
|
|
|
|
|
|
if (period == 0 && quota == 0)
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
if (period) {
|
|
|
|
/* get old period, and we can rollback if set quota failed */
|
2013-07-08 11:08:46 +01:00
|
|
|
if (virCgroupGetCpuCfsPeriod(cgroup, &old_period) < 0)
|
2011-07-21 10:10:31 +08:00
|
|
|
return -1;
|
|
|
|
|
2013-07-08 11:08:46 +01:00
|
|
|
if (virCgroupSetCpuCfsPeriod(cgroup, period) < 0)
|
2011-07-21 10:10:31 +08:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
2013-07-08 11:08:46 +01:00
|
|
|
if (quota &&
|
|
|
|
virCgroupSetCpuCfsQuota(cgroup, quota) < 0)
|
|
|
|
goto error;
|
2011-07-21 10:10:31 +08:00
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
2014-03-25 07:49:44 +01:00
|
|
|
error:
|
2011-07-21 10:10:31 +08:00
|
|
|
if (period) {
|
2013-07-08 11:08:46 +01:00
|
|
|
virErrorPtr saved = virSaveLastError();
|
|
|
|
ignore_value(virCgroupSetCpuCfsPeriod(cgroup, old_period));
|
|
|
|
if (saved) {
|
|
|
|
virSetError(saved);
|
|
|
|
virFreeError(saved);
|
|
|
|
}
|
2011-07-21 10:10:31 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
2014-09-03 09:05:02 -04:00
|
|
|
|
2013-07-18 11:29:27 +02:00
|
|
|
int
|
2015-03-27 13:28:59 +01:00
|
|
|
qemuSetupCgroupCpusetCpus(virCgroupPtr cgroup,
|
|
|
|
virBitmapPtr cpumask)
|
2012-08-21 17:18:33 +08:00
|
|
|
{
|
2013-07-08 11:08:46 +01:00
|
|
|
int ret = -1;
|
2012-08-21 17:18:33 +08:00
|
|
|
char *new_cpus = NULL;
|
|
|
|
|
2014-06-05 11:24:24 +02:00
|
|
|
if (!(new_cpus = virBitmapFormat(cpumask)))
|
2012-08-21 17:18:33 +08:00
|
|
|
goto cleanup;
|
|
|
|
|
2013-07-08 11:08:46 +01:00
|
|
|
if (virCgroupSetCpusetCpus(cgroup, new_cpus) < 0)
|
2012-08-21 17:18:33 +08:00
|
|
|
goto cleanup;
|
|
|
|
|
2013-07-08 11:08:46 +01:00
|
|
|
ret = 0;
|
2014-03-25 07:49:44 +01:00
|
|
|
cleanup:
|
2012-08-21 17:18:30 +08:00
|
|
|
VIR_FREE(new_cpus);
|
2013-07-08 11:08:46 +01:00
|
|
|
return ret;
|
2012-08-21 17:18:30 +08:00
|
|
|
}
|
|
|
|
|
2011-07-21 10:10:31 +08:00
|
|
|
|
2016-02-16 16:43:37 +03:00
|
|
|
int
|
|
|
|
qemuSetupGlobalCpuCgroup(virDomainObjPtr vm)
|
|
|
|
{
|
|
|
|
qemuDomainObjPrivatePtr priv = vm->privateData;
|
|
|
|
unsigned long long period = vm->def->cputune.global_period;
|
|
|
|
long long quota = vm->def->cputune.global_quota;
|
|
|
|
char *mem_mask = NULL;
|
|
|
|
virDomainNumatuneMemMode mem_mode;
|
|
|
|
|
|
|
|
if ((period || quota) &&
|
|
|
|
!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_CPU)) {
|
|
|
|
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
|
|
|
|
_("cgroup cpu is required for scheduler tuning"));
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* If CPU cgroup controller is not initialized here, then we need
|
|
|
|
* neither period nor quota settings. And if CPUSET controller is
|
|
|
|
* not initialized either, then there's nothing to do anyway.
|
|
|
|
*/
|
|
|
|
if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_CPU) &&
|
|
|
|
!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_CPUSET))
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
|
|
if (virDomainNumatuneGetMode(vm->def->numa, -1, &mem_mode) == 0 &&
|
|
|
|
mem_mode == VIR_DOMAIN_NUMATUNE_MEM_STRICT &&
|
|
|
|
virDomainNumatuneMaybeFormatNodeset(vm->def->numa,
|
|
|
|
priv->autoNodeset,
|
|
|
|
&mem_mask, -1) < 0)
|
|
|
|
goto cleanup;
|
|
|
|
|
|
|
|
if (period || quota) {
|
|
|
|
if (qemuSetupCgroupVcpuBW(priv->cgroup, period, quota) < 0)
|
|
|
|
goto cleanup;
|
|
|
|
}
|
|
|
|
|
|
|
|
VIR_FREE(mem_mask);
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
cleanup:
|
|
|
|
VIR_FREE(mem_mask);
|
|
|
|
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2013-07-18 11:29:27 +02:00
|
|
|
int
|
2016-02-01 16:50:54 +01:00
|
|
|
qemuRemoveCgroup(virDomainObjPtr vm)
|
2010-12-16 16:10:54 +00:00
|
|
|
{
|
2013-03-21 14:40:29 +00:00
|
|
|
qemuDomainObjPrivatePtr priv = vm->privateData;
|
2010-12-16 16:10:54 +00:00
|
|
|
|
2013-03-21 14:40:29 +00:00
|
|
|
if (priv->cgroup == NULL)
|
2010-12-16 16:10:54 +00:00
|
|
|
return 0; /* Not supported, so claim success */
|
|
|
|
|
2016-02-01 16:50:54 +01:00
|
|
|
if (virCgroupTerminateMachine(priv->machineName) < 0) {
|
2014-09-25 13:32:58 +02:00
|
|
|
if (!virCgroupNewIgnoreError())
|
|
|
|
VIR_DEBUG("Failed to terminate cgroup for %s", vm->def->name);
|
|
|
|
}
|
|
|
|
|
2016-04-08 15:29:40 +02:00
|
|
|
VIR_FREE(priv->machineName);
|
|
|
|
|
2013-03-21 14:40:29 +00:00
|
|
|
return virCgroupRemove(priv->cgroup);
|
2010-12-16 16:10:54 +00:00
|
|
|
}
|
2016-09-07 13:11:59 +02:00
|
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
qemuCgroupEmulatorAllNodesDataFree(qemuCgroupEmulatorAllNodesDataPtr data)
|
|
|
|
{
|
|
|
|
if (!data)
|
|
|
|
return;
|
|
|
|
|
|
|
|
virCgroupFree(&data->emulatorCgroup);
|
|
|
|
VIR_FREE(data->emulatorMemMask);
|
|
|
|
VIR_FREE(data);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
* qemuCgroupEmulatorAllNodesAllow:
|
|
|
|
* @cgroup: domain cgroup pointer
|
|
|
|
* @retData: filled with structure used to roll back the operation
|
|
|
|
*
|
|
|
|
* Allows all NUMA nodes for the qemu emulator thread temporarily. This is
|
|
|
|
* necessary when hotplugging cpus since it requires memory allocated in the
|
|
|
|
* DMA region. Afterwards the operation can be reverted by
|
2016-09-13 12:24:02 +02:00
|
|
|
* qemuCgroupEmulatorAllNodesRestore.
|
2016-09-07 13:11:59 +02:00
|
|
|
*
|
|
|
|
* Returns 0 on success -1 on error
|
|
|
|
*/
|
|
|
|
int
|
|
|
|
qemuCgroupEmulatorAllNodesAllow(virCgroupPtr cgroup,
|
|
|
|
qemuCgroupEmulatorAllNodesDataPtr *retData)
|
|
|
|
{
|
|
|
|
qemuCgroupEmulatorAllNodesDataPtr data = NULL;
|
|
|
|
char *all_nodes_str = NULL;
|
|
|
|
virBitmapPtr all_nodes = NULL;
|
|
|
|
int ret = -1;
|
|
|
|
|
|
|
|
if (!virNumaIsAvailable() ||
|
|
|
|
!virCgroupHasController(cgroup, VIR_CGROUP_CONTROLLER_CPUSET))
|
|
|
|
return 0;
|
|
|
|
|
2016-09-13 15:55:06 +02:00
|
|
|
if (!(all_nodes = virNumaGetHostMemoryNodeset()))
|
2016-09-07 13:11:59 +02:00
|
|
|
goto cleanup;
|
|
|
|
|
|
|
|
if (!(all_nodes_str = virBitmapFormat(all_nodes)))
|
|
|
|
goto cleanup;
|
|
|
|
|
|
|
|
if (VIR_ALLOC(data) < 0)
|
|
|
|
goto cleanup;
|
|
|
|
|
|
|
|
if (virCgroupNewThread(cgroup, VIR_CGROUP_THREAD_EMULATOR, 0,
|
|
|
|
false, &data->emulatorCgroup) < 0)
|
|
|
|
goto cleanup;
|
|
|
|
|
|
|
|
if (virCgroupGetCpusetMems(data->emulatorCgroup, &data->emulatorMemMask) < 0 ||
|
|
|
|
virCgroupSetCpusetMems(data->emulatorCgroup, all_nodes_str) < 0)
|
|
|
|
goto cleanup;
|
|
|
|
|
|
|
|
VIR_STEAL_PTR(*retData, data);
|
|
|
|
ret = 0;
|
|
|
|
|
|
|
|
cleanup:
|
|
|
|
VIR_FREE(all_nodes_str);
|
|
|
|
virBitmapFree(all_nodes);
|
|
|
|
qemuCgroupEmulatorAllNodesDataFree(data);
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
2016-09-13 12:24:02 +02:00
|
|
|
* qemuCgroupEmulatorAllNodesRestore:
|
2016-09-07 13:11:59 +02:00
|
|
|
* @data: data structure created by qemuCgroupEmulatorAllNodesAllow
|
|
|
|
*
|
|
|
|
* Rolls back the setting done by qemuCgroupEmulatorAllNodesAllow and frees the
|
|
|
|
* associated data.
|
|
|
|
*/
|
|
|
|
void
|
2016-09-13 12:24:02 +02:00
|
|
|
qemuCgroupEmulatorAllNodesRestore(qemuCgroupEmulatorAllNodesDataPtr data)
|
2016-09-07 13:11:59 +02:00
|
|
|
{
|
|
|
|
virErrorPtr err;
|
|
|
|
|
|
|
|
if (!data)
|
|
|
|
return;
|
|
|
|
|
|
|
|
err = virSaveLastError();
|
|
|
|
virCgroupSetCpusetMems(data->emulatorCgroup, data->emulatorMemMask);
|
|
|
|
virSetError(err);
|
|
|
|
virFreeError(err);
|
|
|
|
|
|
|
|
qemuCgroupEmulatorAllNodesDataFree(data);
|
|
|
|
}
|