mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-01-09 01:18:00 +03:00
qemu: Disallow NUMA/network tuning for session mode
Tuning NUMA or network interface parameters requires root privileges to manage cgroups. Thus an attempt to set some of these parameters in session mode on a running domain should be invalid followed by an error. An example might be memory tuning which raises an error in such case. The following behavior in session mode will be present after applying this patch: Tuning | SET | GET | ----------|---------------|--------| NUMA | shut off only | always | Memory | never | never | Interface | never | always | Resolves https://bugzilla.redhat.com/show_bug.cgi?id=1126762
This commit is contained in:
parent
19b1ee42b4
commit
43b67f2e71
@ -7812,7 +7812,7 @@ qemuBuildCommandLine(virConnectPtr conn,
|
||||
emulator = def->emulator;
|
||||
|
||||
if (!cfg->privileged) {
|
||||
/* If we have no cgroups than we can have no tunings that
|
||||
/* If we have no cgroups then we can have no tunings that
|
||||
* require them */
|
||||
|
||||
if (def->mem.hard_limit || def->mem.soft_limit ||
|
||||
@ -7835,6 +7835,17 @@ qemuBuildCommandLine(virConnectPtr conn,
|
||||
_("CPU tuning is not available in session mode"));
|
||||
goto error;
|
||||
}
|
||||
|
||||
virDomainNetDefPtr *nets = def->nets;
|
||||
virNetDevBandwidthPtr bandwidth = NULL;
|
||||
size_t nnets = def->nnets;
|
||||
for (i = 0; i < nnets; i++) {
|
||||
if ((bandwidth = virDomainNetGetActualBandwidth(nets[i])) != NULL) {
|
||||
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
|
||||
_("Network bandwidth tuning is not available in session mode"));
|
||||
goto error;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
for (i = 0; i < def->ngraphics; ++i) {
|
||||
|
@ -9185,6 +9185,13 @@ qemuDomainSetNumaParameters(virDomainPtr dom,
|
||||
&persistentDef) < 0)
|
||||
goto endjob;
|
||||
|
||||
if (!cfg->privileged &&
|
||||
flags & VIR_DOMAIN_AFFECT_LIVE) {
|
||||
virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
|
||||
_("NUMA tuning is not available in session mode"));
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
if (flags & VIR_DOMAIN_AFFECT_LIVE) {
|
||||
if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_CPUSET)) {
|
||||
virReportError(VIR_ERR_OPERATION_INVALID, "%s",
|
||||
@ -9276,6 +9283,7 @@ qemuDomainGetNumaParameters(virDomainPtr dom,
|
||||
size_t i;
|
||||
virDomainObjPtr vm = NULL;
|
||||
virDomainDefPtr persistentDef = NULL;
|
||||
virQEMUDriverConfigPtr cfg = NULL;
|
||||
char *nodeset = NULL;
|
||||
int ret = -1;
|
||||
virCapsPtr caps = NULL;
|
||||
@ -9294,6 +9302,7 @@ qemuDomainGetNumaParameters(virDomainPtr dom,
|
||||
return -1;
|
||||
|
||||
priv = vm->privateData;
|
||||
cfg = virQEMUDriverGetConfig(driver);
|
||||
|
||||
if (virDomainGetNumaParametersEnsureACL(dom->conn, vm->def) < 0)
|
||||
goto cleanup;
|
||||
@ -9311,14 +9320,6 @@ qemuDomainGetNumaParameters(virDomainPtr dom,
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
if (flags & VIR_DOMAIN_AFFECT_LIVE) {
|
||||
if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_MEMORY)) {
|
||||
virReportError(VIR_ERR_OPERATION_INVALID,
|
||||
"%s", _("cgroup memory controller is not mounted"));
|
||||
goto cleanup;
|
||||
}
|
||||
}
|
||||
|
||||
for (i = 0; i < QEMU_NB_NUMA_PARAM && i < *nparams; i++) {
|
||||
virMemoryParameterPtr param = ¶ms[i];
|
||||
|
||||
@ -9341,9 +9342,16 @@ qemuDomainGetNumaParameters(virDomainPtr dom,
|
||||
if (!nodeset)
|
||||
goto cleanup;
|
||||
} else {
|
||||
if (virCgroupGetCpusetMems(priv->cgroup, &nodeset) < 0)
|
||||
if (!virCgroupHasController(priv->cgroup,
|
||||
VIR_CGROUP_CONTROLLER_MEMORY) ||
|
||||
virCgroupGetCpusetMems(priv->cgroup, &nodeset) < 0) {
|
||||
nodeset = virDomainNumatuneFormatNodeset(vm->def->numatune,
|
||||
NULL, -1);
|
||||
if (!nodeset)
|
||||
goto cleanup;
|
||||
}
|
||||
}
|
||||
|
||||
if (virTypedParameterAssign(param, VIR_DOMAIN_NUMA_NODESET,
|
||||
VIR_TYPED_PARAM_STRING, nodeset) < 0)
|
||||
goto cleanup;
|
||||
@ -9368,6 +9376,7 @@ qemuDomainGetNumaParameters(virDomainPtr dom,
|
||||
if (vm)
|
||||
virObjectUnlock(vm);
|
||||
virObjectUnref(caps);
|
||||
virObjectUnref(cfg);
|
||||
return ret;
|
||||
}
|
||||
|
||||
@ -10338,6 +10347,12 @@ qemuDomainSetInterfaceParameters(virDomainPtr dom,
|
||||
if (virDomainSetInterfaceParametersEnsureACL(dom->conn, vm->def, flags) < 0)
|
||||
goto cleanup;
|
||||
|
||||
if (!cfg->privileged) {
|
||||
virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
|
||||
_("Network bandwidth tuning is not available in session mode"));
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
if (!(caps = virQEMUDriverGetCapabilities(driver, false)))
|
||||
goto cleanup;
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user