From nobody Mon Feb 9 19:53:15 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) client-ip=216.205.24.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1614971741; cv=none; d=zohomail.com; s=zohoarc; b=e2WUSZkPoIES7THapMww6R0ZZXocS957GsTpY+0h00ognOxFYtBJT1D1noc/I/1NnVT7cEa4hMCl5/bYeWu4v7Qg8Oy0U+cTx4gRLTK/UfeE58T/zyPzwk7ipP5MgBQRDpv20TNYj1Qr1iaZjklLVMEFWglM4POExpZWE/KHksk= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1614971741; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=B0CelQ0MQskM/HeXLb9Hl/BAyHOIUYmFKnDvQmOYkR4=; b=Yu/VvUXWuYp1we2wD4FUdxu7k038FpViQ1iY1/K1UO+JfcZyI5ag2y7PqD6S4mXvZQWW6Vt65o2K01T6xscUD6hscwxtaXx9xN1JGqA7ykXTzmrg9UH3qhYsg4po8w9MJLSfM5Au16rzXTVbPr9IYZb7mnOxIFxl2x3bq0+n8DM= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com with SMTPS id 1614971741239438.09051931884346; Fri, 5 Mar 2021 11:15:41 -0800 (PST) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-593-zd6Y2S7fPjibQ2LzoFyEnA-1; Fri, 05 Mar 2021 14:15:38 -0500 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 28B5D1084D7A; Fri, 5 Mar 2021 19:15:29 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 0540F37DD; Fri, 5 Mar 2021 19:15:29 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id C40DD1809C86; Fri, 5 Mar 2021 19:15:28 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 125JEWtQ001903 for ; Fri, 5 Mar 2021 14:14:32 -0500 Received: by smtp.corp.redhat.com (Postfix) id 1737A5D6B1; Fri, 5 Mar 2021 19:14:32 +0000 (UTC) Received: from harajuku.usersys.redhat.com (unknown [10.40.194.220]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 728185D72F for ; Fri, 5 Mar 2021 19:14:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1614971740; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=B0CelQ0MQskM/HeXLb9Hl/BAyHOIUYmFKnDvQmOYkR4=; b=cmt8tgDDo+Y3ogqIe9Y+NaHqGkNkAFUR6XLoWto9mwWfxFMXT5EeSkIeT77oXBUuWNRMW7 q4uTSqJdfM22jOz0/Jfi39PbbvENC+6yEn5lVydj429lJ9QPVWGJDmJLZb4s9l5FBGnd5X Tz+AqhWTVYR6YZrDSpWnJyuMxFNqPkg= X-MC-Unique: zd6Y2S7fPjibQ2LzoFyEnA-1 From: Andrea Bolognani To: libvir-list@redhat.com Subject: [libvirt PATCH 16/17] qemu: Wire up external limit manager Date: Fri, 5 Mar 2021 20:14:03 +0100 Message-Id: <20210305191404.529903-17-abologna@redhat.com> In-Reply-To: <20210305191404.529903-1-abologna@redhat.com> References: <20210305191404.529903-1-abologna@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" When the config knob is enabled, we simply skip the part where limits are set; for the memory locking limit, which can change dynamically over the lifetime of the guest, we still make sure that the external process has set it correctly and error out if that turns out not to be the case This commit is better viewed with 'git show -w'. https://bugzilla.redhat.com/show_bug.cgi?id=3D1916346 Signed-off-by: Andrea Bolognani --- src/conf/domain_conf.h | 1 + src/qemu/qemu_domain.c | 39 ++++++++++++++++++++++-------------- src/qemu/qemu_process.c | 44 +++++++++++++++++++++++------------------ 3 files changed, 50 insertions(+), 34 deletions(-) diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index 7d208d881c..d1333020e1 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -2807,6 +2807,7 @@ struct _virDomainObj { size_t ndeprecations; char **deprecations; =20 + bool externalLimitManager; /* Whether process limits are handled outsi= de of libvirt */ unsigned long long originalMemlock; /* Original RLIMIT_MEMLOCK, zero i= f no * restore will be required later = */ }; diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index f8b0e1a62a..0d9adb2f9c 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -9246,23 +9246,32 @@ qemuDomainAdjustMaxMemLock(virDomainObjPtr vm, if (virProcessGetMaxMemLock(vm->pid, ¤tMemLock) < 0) return -1; =20 - if (desiredMemLock > 0) { - /* If this is the first time adjusting the limit, save the current - * value so that we can restore it once memory locking is no longer - * required */ - if (vm->originalMemlock =3D=3D 0) { - vm->originalMemlock =3D currentMemLock; + if (!vm->externalLimitManager) { + if (desiredMemLock > 0) { + /* If this is the first time adjusting the limit, save the cur= rent + * value so that we can restore it once memory locking is no l= onger + * required */ + if (vm->originalMemlock =3D=3D 0) { + vm->originalMemlock =3D currentMemLock; + } + } else { + /* Once memory locking is no longer required, we can restore t= he + * original, usually very low, limit */ + desiredMemLock =3D vm->originalMemlock; + vm->originalMemlock =3D 0; } - } else { - /* Once memory locking is no longer required, we can restore the - * original, usually very low, limit */ - desiredMemLock =3D vm->originalMemlock; - vm->originalMemlock =3D 0; - } =20 - if (desiredMemLock > 0 && - virProcessSetMaxMemLock(vm->pid, desiredMemLock) < 0) { - return -1; + if (desiredMemLock > 0 && + virProcessSetMaxMemLock(vm->pid, desiredMemLock) < 0) { + return -1; + } + } else { + if (currentMemLock < desiredMemLock) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, + _("insufficient memlock limit (%llu < %llu)"), + currentMemLock, desiredMemLock); + return -1; + } } =20 return 0; diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index c05cbe3570..2eac3934c7 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -7016,25 +7016,31 @@ qemuProcessLaunch(virConnectPtr conn, virCommandSetPreExecHook(cmd, qemuProcessHook, &hookData); virCommandSetUmask(cmd, 0x002); =20 - VIR_DEBUG("Setting up process limits"); - - /* In some situations, eg. VFIO passthrough, QEMU might need to lock a - * significant amount of memory, so we need to set the limit according= ly */ - maxMemLock =3D qemuDomainGetMemLockLimitBytes(vm->def, false); - - /* For all these settings, zero indicates that the limit should - * not be set explicitly and the default/inherited limit should - * be applied instead */ - if (maxMemLock > 0) - virCommandSetMaxMemLock(cmd, maxMemLock); - if (cfg->maxProcesses > 0) - virCommandSetMaxProcesses(cmd, cfg->maxProcesses); - if (cfg->maxFiles > 0) - virCommandSetMaxFiles(cmd, cfg->maxFiles); - - /* In this case, however, zero means that core dumps should be - * disabled, and so we always need to set the limit explicitly */ - virCommandSetMaxCoreSize(cmd, cfg->maxCore); + if (cfg->externalLimitManager) { + VIR_DEBUG("Not setting up process limits (handled externally)"); + + vm->externalLimitManager =3D true; + } else { + VIR_DEBUG("Setting up process limits"); + + /* In some situations, eg. VFIO passthrough, QEMU might need to lo= ck a + * significant amount of memory, so we need to set the limit accor= dingly */ + maxMemLock =3D qemuDomainGetMemLockLimitBytes(vm->def, false); + + /* For all these settings, zero indicates that the limit should + * not be set explicitly and the default/inherited limit should + * be applied instead */ + if (maxMemLock > 0) + virCommandSetMaxMemLock(cmd, maxMemLock); + if (cfg->maxProcesses > 0) + virCommandSetMaxProcesses(cmd, cfg->maxProcesses); + if (cfg->maxFiles > 0) + virCommandSetMaxFiles(cmd, cfg->maxFiles); + + /* In this case, however, zero means that core dumps should be + * disabled, and so we always need to set the limit explicitly */ + virCommandSetMaxCoreSize(cmd, cfg->maxCore); + } =20 VIR_DEBUG("Setting up security labelling"); if (qemuSecuritySetChildProcessLabel(driver->securityManager, --=20 2.26.2