On 07.09.2012 16:05, Eric Blake wrote:
On 09/07/2012 06:51 AM, Peter Krempa wrote:
> When setting processor count for a domain using the API libvirt enforced
> a maximum processor count that was determined using an IOCTL on
> /dev/kvm. Unfortunately this value isn't representative enough and qemu
> happily accepts and starts with values greater than the reported value.
But isn't there still _some_ reasonable limit that we should be
checking? That is, although qemu will let me run a guest with 3 vcpus
on my 2-cpu laptop, I'm sure that even qemu will reject an attempt to
run 1000000 vcpus - how do we know what the real limit is?
Also, I'm a bit worried that we may have other places in our code that
might need fixing if vcpus > max pcpus, but I guess we'll discover those
as we go along.
As to the patch itself, the code looks fine; and since it only relaxes
constraints, I think it is safe to apply; I'm just worried that we are
relaxing too far, so you might want to wait for a second opinion or
research further into the max limit enforced by qemu.
I am comfortable with taking this in. The VCPU count comes from user. It
is different from 'being secure by default' patch I've committed earlier
- setting RSS limit for qemu instance; I mean - the difference is qemu
can start to leak without any user interference which can lead to host
system trashing. However, if users wants to shoot themselves into the
leg and start million VCPU domain on a singlecore - well, that's their
own <insert-correct-word-here>.
Michal
--
libvir-list mailing list
libvir-list(a)redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list