From nobody Thu May  2 17:10:56 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 205.139.110.61 as permitted sender) client-ip=205.139.110.61;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-1.mimecast.com;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.61 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1582729668; cv=none;
	d=zohomail.com; s=zohoarc;
	b=W8qK7gGYFlsGYd24qR2OHJTPFE0zAHPxegskpYZuOr7m877Y0jQ7+POI4NC2owqoACIkcuIYTt7nGj7m1bnDhJC7SuA+Eef3+AQ6h5my06d88Qpeij7MfrkrbacX+ErlmkBf+4j8ED0ewviAScZaez7FrzvdOjeB0jW3NuY8UX4=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1582729668;
 h=Content-Type:Content-Transfer-Encoding:Date:From:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Sender:Subject:To;
	bh=AmSTDV+vOHNVdYHhSyipjQxtgsyfUuEwdeJsVpZwDvw=;
	b=j6Bd2XgxqfiWAq9KS77n2NpXG5H8C3D7mktWg/QscUiTIttsN2FU0TV2G36aByyI7OFmofm7GEOXLHUay+MC2JW8P6F8Q//i1GFbvObhBcQNAVVBLhBIidp3a9JELnV8U3hvkhVy69Y7xW2NBlm7RYoLgPdgqSja5X14ohIMfy8=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.61 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass header.from=<phrdina@redhat.com> (p=none dis=none)
 header.from=<phrdina@redhat.com>
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-1.mimecast.com (us-smtp-2.mimecast.com
 [205.139.110.61]) by mx.zohomail.com
	with SMTPS id 1582729668539721.3732396747442;
 Wed, 26 Feb 2020 07:07:48 -0800 (PST)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-98-vCk0sgXxOvGhVuG3FeZYQg-1; Wed, 26 Feb 2020 10:07:44 -0500
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com
 [10.5.11.16])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 89371190B2BD;
	Wed, 26 Feb 2020 15:07:36 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id E5BDD5C241;
	Wed, 26 Feb 2020 15:07:33 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 4EC6A18089CD;
	Wed, 26 Feb 2020 15:07:29 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com
	[10.5.11.22])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 01QF7RkA012095 for <libvir-list@listman.util.phx.redhat.com>;
	Wed, 26 Feb 2020 10:07:27 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id 5A7EB1001DC0; Wed, 26 Feb 2020 15:07:27 +0000 (UTC)
Received: from antique-laptop.redhat.com (ovpn-200-40.brq.redhat.com
	[10.40.200.40])
	by smtp.corp.redhat.com (Postfix) with ESMTP id BBF231001902
	for <libvir-list@redhat.com>; Wed, 26 Feb 2020 15:07:23 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1582729667;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=AmSTDV+vOHNVdYHhSyipjQxtgsyfUuEwdeJsVpZwDvw=;
	b=GLPFKSPxnXTMit55N/RCqH/KcQr2wZhxKLYfuV8pyUsuZNiRahOLtoc+096so5RcfEWlPM
	wyKwxM+ZwJsPaxekdzavuWZlAM6MP5x1IFulifkRVGCoF7RNfMmY/aKP/vJWl5Xb9VYVEQ
	X9oXBu/j9ZIeCz+WM+lXJuMnhnOc6rM=
X-MC-Unique: vCk0sgXxOvGhVuG3FeZYQg-1
From: Pavel Hrdina <phrdina@redhat.com>
To: libvir-list@redhat.com
Subject: [libvirt PATCH] daemon: set default memlock limit for systemd service
Date: Wed, 26 Feb 2020 16:07:23 +0100
Message-Id: 
 <d87d08ed109af6b7831a695312dba2bc25b4c67c.1582729604.git.phrdina@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
X-loop: libvir-list@redhat.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
Content-Type: text/plain; charset="utf-8"

The default memlock limit is 64k which is not enough to start a single
VM. The requirements for one VM are 12k, 8k for eBPF map and 4k for eBPF
program, however, it fails to create eBPF map and program with 64k limit.
By testing I figured out that the minimal limit is 80k to start a single
VM with functional eBPF and if I add 12k I can start another one.

This leads into following calculation:

80k as memlock limit worked to start a VM with eBPF which means there
is 68k of lock memory that I was not able to figure out what was using
it.  So to get a number for 4096 VMs:

        68 + 12 * 4096 =3D 49220

If we round it up we will get 49M of memory lock limit to support 4096
VMs with default map size which can hold 64 entries for devices.

This should be good enough as a sane default and users can change it if
the need to.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=3D1807090

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
---
 src/remote/libvirtd.service.in | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/remote/libvirtd.service.in b/src/remote/libvirtd.service.in
index 9c8c54a2ef..8a3ace5bdb 100644
--- a/src/remote/libvirtd.service.in
+++ b/src/remote/libvirtd.service.in
@@ -40,6 +40,11 @@ LimitNOFILE=3D8192
 # A conservative default of 8 tasks per guest results in a TasksMax of
 # 32k to support 4096 guests.
 TasksMax=3D32768
+# With cgroups v2 there is no devices controller anymore, we have to use
+# eBPF to control access to devices.  In order to do that we create a eBPF
+# hash MAP which locked memory.  The default map size for 64 devices toget=
her
+# with program takes 12k per guest which results in 49M to support 4096 gu=
ests.
+LimitMEMLOCK=3D49M
=20
 [Install]
 WantedBy=3Dmulti-user.target
--=20
2.24.1