mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-10-30 09:53:10 +00:00
qemu: Set reasonable RSS limit on domain startup
If there's a memory leak in qemu or qemu is exploited the host's system will sooner or later start trashing instead of killing the bad process. This however has impact on performance and other guests as well. Therefore we should set a reasonable RSS limit even when user hasn't set any. It's better to be secure by default.
This commit is contained in:
parent
e534ec66dc
commit
addeb7cd05
@ -339,42 +339,54 @@ int qemuSetupCgroup(struct qemud_driver *driver,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (vm->def->mem.hard_limit != 0 ||
|
if (qemuCgroupControllerActive(driver, VIR_CGROUP_CONTROLLER_MEMORY)) {
|
||||||
vm->def->mem.soft_limit != 0 ||
|
unsigned long long hard_limit = vm->def->mem.hard_limit;
|
||||||
vm->def->mem.swap_hard_limit != 0) {
|
|
||||||
if (qemuCgroupControllerActive(driver, VIR_CGROUP_CONTROLLER_MEMORY)) {
|
|
||||||
if (vm->def->mem.hard_limit != 0) {
|
|
||||||
rc = virCgroupSetMemoryHardLimit(cgroup, vm->def->mem.hard_limit);
|
|
||||||
if (rc != 0) {
|
|
||||||
virReportSystemError(-rc,
|
|
||||||
_("Unable to set memory hard limit for domain %s"),
|
|
||||||
vm->def->name);
|
|
||||||
goto cleanup;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if (vm->def->mem.soft_limit != 0) {
|
|
||||||
rc = virCgroupSetMemorySoftLimit(cgroup, vm->def->mem.soft_limit);
|
|
||||||
if (rc != 0) {
|
|
||||||
virReportSystemError(-rc,
|
|
||||||
_("Unable to set memory soft limit for domain %s"),
|
|
||||||
vm->def->name);
|
|
||||||
goto cleanup;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if (vm->def->mem.swap_hard_limit != 0) {
|
if (!hard_limit) {
|
||||||
rc = virCgroupSetMemSwapHardLimit(cgroup, vm->def->mem.swap_hard_limit);
|
/* If there is no hard_limit set, set a reasonable
|
||||||
if (rc != 0) {
|
* one to avoid system trashing caused by exploited qemu.
|
||||||
virReportSystemError(-rc,
|
* As 'reasonable limit' has been chosen:
|
||||||
_("Unable to set swap hard limit for domain %s"),
|
* (1 + k) * (domain memory + total video memory) + F
|
||||||
vm->def->name);
|
* where k = 0.02 and F = 200MB. */
|
||||||
goto cleanup;
|
hard_limit = vm->def->mem.max_balloon;
|
||||||
}
|
for (i = 0; i < vm->def->nvideos; i++)
|
||||||
}
|
hard_limit += vm->def->videos[i]->vram;
|
||||||
} else {
|
hard_limit = hard_limit * 1.02 + 204800;
|
||||||
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
|
|
||||||
_("Memory cgroup is not available on this host"));
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
rc = virCgroupSetMemoryHardLimit(cgroup, hard_limit);
|
||||||
|
if (rc != 0) {
|
||||||
|
virReportSystemError(-rc,
|
||||||
|
_("Unable to set memory hard limit for domain %s"),
|
||||||
|
vm->def->name);
|
||||||
|
goto cleanup;
|
||||||
|
}
|
||||||
|
if (vm->def->mem.soft_limit != 0) {
|
||||||
|
rc = virCgroupSetMemorySoftLimit(cgroup, vm->def->mem.soft_limit);
|
||||||
|
if (rc != 0) {
|
||||||
|
virReportSystemError(-rc,
|
||||||
|
_("Unable to set memory soft limit for domain %s"),
|
||||||
|
vm->def->name);
|
||||||
|
goto cleanup;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (vm->def->mem.swap_hard_limit != 0) {
|
||||||
|
rc = virCgroupSetMemSwapHardLimit(cgroup, vm->def->mem.swap_hard_limit);
|
||||||
|
if (rc != 0) {
|
||||||
|
virReportSystemError(-rc,
|
||||||
|
_("Unable to set swap hard limit for domain %s"),
|
||||||
|
vm->def->name);
|
||||||
|
goto cleanup;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
} else if (vm->def->mem.hard_limit != 0 ||
|
||||||
|
vm->def->mem.soft_limit != 0 ||
|
||||||
|
vm->def->mem.swap_hard_limit != 0) {
|
||||||
|
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
|
||||||
|
_("Memory cgroup is not available on this host"));
|
||||||
|
} else {
|
||||||
|
VIR_WARN("Could not autoset a RSS limit for domain %s", vm->def->name);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (vm->def->cputune.shares != 0) {
|
if (vm->def->cputune.shares != 0) {
|
||||||
|
Loading…
Reference in New Issue
Block a user