11:11 a.m.
Provide information about shared memory resources in audit log.
Notes:
- the same shm used several times will add up. This is a very uncommon
case, but we may want to account only the different shm names instead.
- the shm may exist before the VMs was started, so the shm may not
actually be created by the VM (it can be there before, or created by
the server for instance).
https://bugzilla.redhat.com/show_bug.cgi?id=1218603
Signed-off-by: Marc-André Lureau <marcandre.lureau(a)redhat.com>
---
docs/auditlog.html.in | 17 +++++++++++++++++
src/conf/domain_audit.c | 10 ++++++++++
src/conf/domain_audit.h | 6 ++++++
src/conf/domain_conf.c | 21 +++++++++++++++++++++
src/conf/domain_conf.h | 1 +
src/libvirt_private.syms | 2 ++
6 files changed, 57 insertions(+)
diff --git a/docs/auditlog.html.in b/docs/auditlog.html.in
index 8a007ca..a6e5f6d 100644
--- a/docs/auditlog.html.in
+++ b/docs/auditlog.html.in
@@ -172,6 +172,23 @@
<dd>Updated memory size in bytes</dd>
</dl>
+ <h4><a name="typeresourceshmem">Shared
Memory</a></h4>
+
+ <p>
+ The <code>msg</code> field will include the following sub-fields
+ </p>
+
+ <dl>
+ <dt>reason</dt>
+ <dd>The reason which caused the resource to be assigned to happen</dd>
+ <dt>resrc</dt>
+ <dd>The type of resource assigned. Set to
<code>shmem</code></dd>
+ <dt>old-shmem</dt>
+ <dd>Original memory size in bytes, or 0</dd>
+ <dt>new-shmem</dt>
+ <dd>Updated memory size in bytes</dd>
+ </dl>
+
<h4><a name="typeresourcedisk">Disk</a></h4>
<p>
The <code>msg</code> field will include the following sub-fields
diff --git a/src/conf/domain_audit.c b/src/conf/domain_audit.c
index caebdba..bc81aec 100644
--- a/src/conf/domain_audit.c
+++ b/src/conf/domain_audit.c
@@ -783,6 +783,14 @@ virDomainAuditMemory(virDomainObjPtr vm,
}
void
+virDomainAuditShmem(virDomainObjPtr vm,
+ unsigned long long oldmem, unsigned long long newmem,
+ const char *reason, bool success)
+{
+ return virDomainAuditResource(vm, "shmem", oldmem, newmem, reason,
success);
+}
+
+void
virDomainAuditVcpu(virDomainObjPtr vm,
unsigned int oldvcpu, unsigned int newvcpu,
const char *reason, bool success)
@@ -885,6 +893,8 @@ virDomainAuditStart(virDomainObjPtr vm, const char *reason, bool
success)
virDomainAuditMemory(vm, 0, virDomainDefGetMemoryActual(vm->def),
"start", true);
+ virDomainAuditShmem(vm, 0, virDomainDefGetShmem(vm->def),
+ "start", true);
virDomainAuditVcpu(vm, 0, vm->def->vcpus, "start", true);
if (vm->def->iothreads)
virDomainAuditIOThread(vm, 0, vm->def->iothreads, "start",
true);
diff --git a/src/conf/domain_audit.h b/src/conf/domain_audit.h
index 97dadca..3db6ace 100644
--- a/src/conf/domain_audit.h
+++ b/src/conf/domain_audit.h
@@ -96,6 +96,12 @@ void virDomainAuditMemory(virDomainObjPtr vm,
const char *reason,
bool success)
ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(4);
+void virDomainAuditShmem(virDomainObjPtr vm,
+ unsigned long long oldmem,
+ unsigned long long newmem,
+ const char *reason,
+ bool success)
+ ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(4);
void virDomainAuditVcpu(virDomainObjPtr vm,
unsigned int oldvcpu,
unsigned int newvcpu,
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 5a9a88d..378aa1a 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -7575,6 +7575,27 @@ virDomainDefGetMemoryActual(virDomainDefPtr def)
}
+/**
+ * virDomainDefGetShmem:
+ * @def: domain definition
+ *
+ * Returns the current shared memory size usable by the domain described by
+ * @def.
+ */
+unsigned long long
+virDomainDefGetShmem(virDomainDefPtr def)
+{
+ unsigned long long ret = 0;
+ size_t i;
+
+ for (i = 0; i < def->nshmems; i++) {
+ ret += def->shmems[i]->size;
+ }
+
+ return ret;
+}
+
+
static int
virDomainControllerModelTypeFromString(const virDomainControllerDef *def,
const char *model)
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 50750c1..041d619 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -2287,6 +2287,7 @@ struct _virDomainDef {
unsigned long long virDomainDefGetMemoryInitial(virDomainDefPtr def);
void virDomainDefSetMemoryInitial(virDomainDefPtr def, unsigned long long size);
unsigned long long virDomainDefGetMemoryActual(virDomainDefPtr def);
+unsigned long long virDomainDefGetShmem(virDomainDefPtr def);
typedef enum {
VIR_DOMAIN_KEY_WRAP_CIPHER_NAME_AES,
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 720afdf..0bb4513 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -134,6 +134,7 @@ virDomainAuditNetDevice;
virDomainAuditRedirdev;
virDomainAuditRNG;
virDomainAuditSecurityLabel;
+virDomainAuditShmem;
virDomainAuditStart;
virDomainAuditStop;
virDomainAuditVcpu;
@@ -214,6 +215,7 @@ virDomainDefGetDefaultEmulator;
virDomainDefGetMemoryActual;
virDomainDefGetMemoryInitial;
virDomainDefGetSecurityLabelDef;
+virDomainDefGetShmem;
virDomainDefHasDeviceAddress;
virDomainDefMaybeAddController;
virDomainDefMaybeAddInput;
--
2.4.3
5:36 a.m.
On Fri, Jul 10, 2015 at 06:11:35PM +0200, Marc-André Lureau wrote:
Provide information about shared memory resources in audit log.
Notes:
- the same shm used several times will add up. This is a very uncommon
case, but we may want to account only the different shm names instead.
- the shm may exist before the VMs was started, so the shm may not
actually be created by the VM (it can be there before, or created by
the server for instance).
https://bugzilla.redhat.com/show_bug.cgi?id=1218603
Signed-off-by: Marc-André Lureau <marcandre.lureau(a)redhat.com>
---
docs/auditlog.html.in | 17 +++++++++++++++++
src/conf/domain_audit.c | 10 ++++++++++
src/conf/domain_audit.h | 6 ++++++
src/conf/domain_conf.c | 21 +++++++++++++++++++++
src/conf/domain_conf.h | 1 +
src/libvirt_private.syms | 2 ++
6 files changed, 57 insertions(+)
As said in previous attempt by Luyao to do this, the auditing should
be handled differently, there's also lot more info to audit. Thanks
for the patch, but this must be done in another way.
diff --git a/docs/auditlog.html.in b/docs/auditlog.html.in
index 8a007ca..a6e5f6d 100644
--- a/docs/auditlog.html.in
+++ b/docs/auditlog.html.in
@@ -172,6 +172,23 @@
<dd>Updated memory size in bytes</dd>
</dl>
+ <h4><a name="typeresourceshmem">Shared
Memory</a></h4>
+
+ <p>
+ The <code>msg</code> field will include the following sub-fields
+ </p>
+
+ <dl>
+ <dt>reason</dt>
+ <dd>The reason which caused the resource to be assigned to happen</dd>
+ <dt>resrc</dt>
+ <dd>The type of resource assigned. Set to
<code>shmem</code></dd>
+ <dt>old-shmem</dt>
+ <dd>Original memory size in bytes, or 0</dd>
+ <dt>new-shmem</dt>
+ <dd>Updated memory size in bytes</dd>
+ </dl>
+
<h4><a name="typeresourcedisk">Disk</a></h4>
<p>
The <code>msg</code> field will include the following sub-fields
diff --git a/src/conf/domain_audit.c b/src/conf/domain_audit.c
index caebdba..bc81aec 100644
--- a/src/conf/domain_audit.c
+++ b/src/conf/domain_audit.c
@@ -783,6 +783,14 @@ virDomainAuditMemory(virDomainObjPtr vm,
}
void
+virDomainAuditShmem(virDomainObjPtr vm,
+ unsigned long long oldmem, unsigned long long newmem,
+ const char *reason, bool success)
+{
+ return virDomainAuditResource(vm, "shmem", oldmem, newmem, reason,
success);
+}
+
+void
virDomainAuditVcpu(virDomainObjPtr vm,
unsigned int oldvcpu, unsigned int newvcpu,
const char *reason, bool success)
@@ -885,6 +893,8 @@ virDomainAuditStart(virDomainObjPtr vm, const char *reason, bool
success)
virDomainAuditMemory(vm, 0, virDomainDefGetMemoryActual(vm->def),
"start", true);
+ virDomainAuditShmem(vm, 0, virDomainDefGetShmem(vm->def),
+ "start", true);
virDomainAuditVcpu(vm, 0, vm->def->vcpus, "start", true);
if (vm->def->iothreads)
virDomainAuditIOThread(vm, 0, vm->def->iothreads, "start",
true);
diff --git a/src/conf/domain_audit.h b/src/conf/domain_audit.h
index 97dadca..3db6ace 100644
--- a/src/conf/domain_audit.h
+++ b/src/conf/domain_audit.h
@@ -96,6 +96,12 @@ void virDomainAuditMemory(virDomainObjPtr vm,
const char *reason,
bool success)
ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(4);
+void virDomainAuditShmem(virDomainObjPtr vm,
+ unsigned long long oldmem,
+ unsigned long long newmem,
+ const char *reason,
+ bool success)
+ ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(4);
void virDomainAuditVcpu(virDomainObjPtr vm,
unsigned int oldvcpu,
unsigned int newvcpu,
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 5a9a88d..378aa1a 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -7575,6 +7575,27 @@ virDomainDefGetMemoryActual(virDomainDefPtr def)
}
+/**
+ * virDomainDefGetShmem:
+ * @def: domain definition
+ *
+ * Returns the current shared memory size usable by the domain described by
+ * @def.
+ */
+unsigned long long
+virDomainDefGetShmem(virDomainDefPtr def)
+{
+ unsigned long long ret = 0;
+ size_t i;
+
+ for (i = 0; i < def->nshmems; i++) {
+ ret += def->shmems[i]->size;
+ }
+
+ return ret;
+}
+
+
static int
virDomainControllerModelTypeFromString(const virDomainControllerDef *def,
const char *model)
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 50750c1..041d619 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -2287,6 +2287,7 @@ struct _virDomainDef {
unsigned long long virDomainDefGetMemoryInitial(virDomainDefPtr def);
void virDomainDefSetMemoryInitial(virDomainDefPtr def, unsigned long long size);
unsigned long long virDomainDefGetMemoryActual(virDomainDefPtr def);
+unsigned long long virDomainDefGetShmem(virDomainDefPtr def);
typedef enum {
VIR_DOMAIN_KEY_WRAP_CIPHER_NAME_AES,
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 720afdf..0bb4513 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -134,6 +134,7 @@ virDomainAuditNetDevice;
virDomainAuditRedirdev;
virDomainAuditRNG;
virDomainAuditSecurityLabel;
+virDomainAuditShmem;
virDomainAuditStart;
virDomainAuditStop;
virDomainAuditVcpu;
@@ -214,6 +215,7 @@ virDomainDefGetDefaultEmulator;
virDomainDefGetMemoryActual;
virDomainDefGetMemoryInitial;
virDomainDefGetSecurityLabelDef;
+virDomainDefGetShmem;
virDomainDefHasDeviceAddress;
virDomainDefMaybeAddController;
virDomainDefMaybeAddInput;
--
2.4.3
--
libvir-list mailing list
libvir-list(a)redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
4:49 p.m.
On Sun, Jul 12, 2015 at 12:36 PM, Martin Kletzander <mkletzan(a)redhat.com> wrote:
As said in previous attempt by Luyao to do this, the auditing should
be handled differently, there's also lot more info to audit. Thanks
for the patch, but this must be done in another way.
Could you please give me a pointer?
thanks
--
Marc-André Lureau
12:46 a.m.
Hi Marc-André:
On 07/13/2015 05:49 AM, Marc-André Lureau wrote:
On Sun, Jul 12, 2015 at 12:36 PM, Martin Kletzander
<mkletzan(a)redhat.com> wrote:
> As said in previous attempt by Luyao to do this, the auditing should
> be handled differently, there's also lot more info to audit. Thanks
> for the patch, but this must be done in another way.
Could you please give me a pointer?
Here : http://www.redhat.com/archives/libvir-list/2015-July/msg00316.html
As Martin's reply in this mail, the memory size is not enought, we need
audit more information (just like shmobj name, the server socket path).
Thanks a lot for your patch.
thanks
Luyao
3408
days inactive
3411
days old
3 comments
4 participants
participants (4)
-
lhuang -
Marc-André Lureau -
Marc-André Lureau -
Martin Kletzander