[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH] qemu: Remove limit enforcing when setting processor count



On 07.09.2012 16:05, Eric Blake wrote:
> On 09/07/2012 06:51 AM, Peter Krempa wrote:
>> When setting processor count for a domain using the API libvirt enforced
>> a maximum processor count that was determined using an IOCTL on
>> /dev/kvm. Unfortunately this value isn't representative enough and qemu
>> happily accepts and starts with values greater than the reported value.
> 
> But isn't there still _some_ reasonable limit that we should be
> checking?  That is, although qemu will let me run a guest with 3 vcpus
> on my 2-cpu laptop, I'm sure that even qemu will reject an attempt to
> run 1000000 vcpus - how do we know what the real limit is?
> 
> Also, I'm a bit worried that we may have other places in our code that
> might need fixing if vcpus > max pcpus, but I guess we'll discover those
> as we go along.
> 
> As to the patch itself, the code looks fine; and since it only relaxes
> constraints, I think it is safe to apply; I'm just worried that we are
> relaxing too far, so you might want to wait for a second opinion or
> research further into the max limit enforced by qemu.
> 

I am comfortable with taking this in. The VCPU count comes from user. It
is different from 'being secure by default' patch I've committed earlier
- setting RSS limit for qemu instance; I mean - the difference is qemu
can start to leak without any user interference which can lead to host
system trashing. However, if users wants to shoot themselves into the
leg and start million VCPU domain on a singlecore - well, that's their
own <insert-correct-word-here>.

Michal
> 
> 
> --
> libvir-list mailing list
> libvir-list redhat com
> https://www.redhat.com/mailman/listinfo/libvir-list
> 


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]