diff --git a/src/qemu/qemu_audit.c b/src/qemu/qemu_audit.c index 76dacf7639..4e24e9aefd 100644 --- a/src/qemu/qemu_audit.c +++ b/src/qemu/qemu_audit.c @@ -148,6 +148,59 @@ cleanup: } +/** + * qemuDomainResourceAudit: + * @vm: domain making an integer resource change + * @resource: name of the resource: "mem" or "vcpu" + * @oldval: the old value of the resource + * @newval: the new value of the resource + * @reason: either "start" or "update" + * @success: true if the resource change succeeded + * + * Log an audit message about an attempted resource change. + */ +static void +qemuDomainResourceAudit(virDomainObjPtr vm, + const char *resource, + unsigned long long oldval, + unsigned long long newval, + const char *reason, + bool success) +{ + char uuidstr[VIR_UUID_STRING_BUFLEN]; + char *vmname; + + virUUIDFormat(vm->def->uuid, uuidstr); + if (!(vmname = virAuditEncode("vm", vm->def->name))) { + VIR_WARN0("OOM while encoding audit message"); + return; + } + + VIR_AUDIT(VIR_AUDIT_RECORD_RESOURCE, success, + "resrc=%s reason=%s %s uuid=%s old-%s=%lld new-%s=%lld", + resource, reason, vmname, uuidstr, + resource, oldval, resource, newval); + + VIR_FREE(vmname); +} + +void +qemuDomainMemoryAudit(virDomainObjPtr vm, + unsigned long long oldmem, unsigned long long newmem, + const char *reason, bool success) +{ + return qemuDomainResourceAudit(vm, "mem", oldmem, newmem, reason, success); +} + +void +qemuDomainVcpuAudit(virDomainObjPtr vm, + unsigned int oldvcpu, unsigned int newvcpu, + const char *reason, bool success) +{ + return qemuDomainResourceAudit(vm, "vcpu", oldvcpu, newvcpu, reason, + success); +} + static void qemuDomainLifecycleAudit(virDomainObjPtr vm, const char *op, const char *reason, @@ -185,6 +238,9 @@ void qemuDomainStartAudit(virDomainObjPtr vm, const char *reason, bool success) qemuDomainNetAudit(vm, NULL, net, "start", true); } + qemuDomainMemoryAudit(vm, 0, vm->def->mem.cur_balloon, "start", true); + qemuDomainVcpuAudit(vm, 0, vm->def->vcpus, "start", true); + qemuDomainLifecycleAudit(vm, "start", reason, success); } diff --git a/src/qemu/qemu_audit.h b/src/qemu/qemu_audit.h index da18eb4514..fa429f3c32 100644 --- a/src/qemu/qemu_audit.h +++ b/src/qemu/qemu_audit.h @@ -45,6 +45,16 @@ void qemuDomainCgroupAudit(virDomainObjPtr vm, const char *item, const char *name, bool success); +void qemuDomainMemoryAudit(virDomainObjPtr vm, + unsigned long long oldmem, + unsigned long long newmem, + const char *reason, + bool success); +void qemuDomainVcpuAudit(virDomainObjPtr vm, + unsigned int oldvcpu, + unsigned int newvcpu, + const char *reason, + bool success); void qemuDomainSecurityLabelAudit(virDomainObjPtr vm, bool success); #endif /* __QEMU_AUDIT_H__ */ diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 72e930cc5e..1a7bec9b82 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -1604,6 +1604,8 @@ static int qemudDomainSetMemory(virDomainPtr dom, unsigned long newmem) { qemuDomainObjEnterMonitor(vm); r = qemuMonitorSetBalloon(priv->mon, newmem); qemuDomainObjExitMonitor(vm); + qemuDomainMemoryAudit(vm, vm->def->mem.cur_balloon, newmem, "update", + r == 1); if (r < 0) goto endjob; @@ -2517,8 +2519,9 @@ static void processWatchdogEvent(void *data, void *opaque) static int qemudDomainHotplugVcpus(virDomainObjPtr vm, unsigned int nvcpus) { qemuDomainObjPrivatePtr priv = vm->privateData; - int i, rc; + int i, rc = 1; int ret = -1; + int oldvcpus = vm->def->vcpus; qemuDomainObjEnterMonitor(vm); @@ -2553,6 +2556,7 @@ static int qemudDomainHotplugVcpus(virDomainObjPtr vm, unsigned int nvcpus) cleanup: qemuDomainObjExitMonitor(vm); + qemuDomainVcpuAudit(vm, oldvcpus, nvcpus, "update", rc == 1); return ret; unsupported: