[libvirt] [PATCH] RFC: audit: add shmem resource type
Martin Kletzander
mkletzan at redhat.com
Sun Jul 12 10:36:59 UTC 2015
On Fri, Jul 10, 2015 at 06:11:35PM +0200, Marc-André Lureau wrote:
>Provide information about shared memory resources in audit log.
>
>Notes:
>
>- the same shm used several times will add up. This is a very uncommon
>case, but we may want to account only the different shm names instead.
>
>- the shm may exist before the VMs was started, so the shm may not
>actually be created by the VM (it can be there before, or created by
>the server for instance).
>
>https://bugzilla.redhat.com/show_bug.cgi?id=1218603
>
>Signed-off-by: Marc-André Lureau <marcandre.lureau at redhat.com>
>---
> docs/auditlog.html.in | 17 +++++++++++++++++
> src/conf/domain_audit.c | 10 ++++++++++
> src/conf/domain_audit.h | 6 ++++++
> src/conf/domain_conf.c | 21 +++++++++++++++++++++
> src/conf/domain_conf.h | 1 +
> src/libvirt_private.syms | 2 ++
> 6 files changed, 57 insertions(+)
>
As said in previous attempt by Luyao to do this, the auditing should
be handled differently, there's also lot more info to audit. Thanks
for the patch, but this must be done in another way.
>diff --git a/docs/auditlog.html.in b/docs/auditlog.html.in
>index 8a007ca..a6e5f6d 100644
>--- a/docs/auditlog.html.in
>+++ b/docs/auditlog.html.in
>@@ -172,6 +172,23 @@
> <dd>Updated memory size in bytes</dd>
> </dl>
>
>+ <h4><a name="typeresourceshmem">Shared Memory</a></h4>
>+
>+ <p>
>+ The <code>msg</code> field will include the following sub-fields
>+ </p>
>+
>+ <dl>
>+ <dt>reason</dt>
>+ <dd>The reason which caused the resource to be assigned to happen</dd>
>+ <dt>resrc</dt>
>+ <dd>The type of resource assigned. Set to <code>shmem</code></dd>
>+ <dt>old-shmem</dt>
>+ <dd>Original memory size in bytes, or 0</dd>
>+ <dt>new-shmem</dt>
>+ <dd>Updated memory size in bytes</dd>
>+ </dl>
>+
> <h4><a name="typeresourcedisk">Disk</a></h4>
> <p>
> The <code>msg</code> field will include the following sub-fields
>diff --git a/src/conf/domain_audit.c b/src/conf/domain_audit.c
>index caebdba..bc81aec 100644
>--- a/src/conf/domain_audit.c
>+++ b/src/conf/domain_audit.c
>@@ -783,6 +783,14 @@ virDomainAuditMemory(virDomainObjPtr vm,
> }
>
> void
>+virDomainAuditShmem(virDomainObjPtr vm,
>+ unsigned long long oldmem, unsigned long long newmem,
>+ const char *reason, bool success)
>+{
>+ return virDomainAuditResource(vm, "shmem", oldmem, newmem, reason, success);
>+}
>+
>+void
> virDomainAuditVcpu(virDomainObjPtr vm,
> unsigned int oldvcpu, unsigned int newvcpu,
> const char *reason, bool success)
>@@ -885,6 +893,8 @@ virDomainAuditStart(virDomainObjPtr vm, const char *reason, bool success)
>
> virDomainAuditMemory(vm, 0, virDomainDefGetMemoryActual(vm->def),
> "start", true);
>+ virDomainAuditShmem(vm, 0, virDomainDefGetShmem(vm->def),
>+ "start", true);
> virDomainAuditVcpu(vm, 0, vm->def->vcpus, "start", true);
> if (vm->def->iothreads)
> virDomainAuditIOThread(vm, 0, vm->def->iothreads, "start", true);
>diff --git a/src/conf/domain_audit.h b/src/conf/domain_audit.h
>index 97dadca..3db6ace 100644
>--- a/src/conf/domain_audit.h
>+++ b/src/conf/domain_audit.h
>@@ -96,6 +96,12 @@ void virDomainAuditMemory(virDomainObjPtr vm,
> const char *reason,
> bool success)
> ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(4);
>+void virDomainAuditShmem(virDomainObjPtr vm,
>+ unsigned long long oldmem,
>+ unsigned long long newmem,
>+ const char *reason,
>+ bool success)
>+ ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(4);
> void virDomainAuditVcpu(virDomainObjPtr vm,
> unsigned int oldvcpu,
> unsigned int newvcpu,
>diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
>index 5a9a88d..378aa1a 100644
>--- a/src/conf/domain_conf.c
>+++ b/src/conf/domain_conf.c
>@@ -7575,6 +7575,27 @@ virDomainDefGetMemoryActual(virDomainDefPtr def)
> }
>
>
>+/**
>+ * virDomainDefGetShmem:
>+ * @def: domain definition
>+ *
>+ * Returns the current shared memory size usable by the domain described by
>+ * @def.
>+ */
>+unsigned long long
>+virDomainDefGetShmem(virDomainDefPtr def)
>+{
>+ unsigned long long ret = 0;
>+ size_t i;
>+
>+ for (i = 0; i < def->nshmems; i++) {
>+ ret += def->shmems[i]->size;
>+ }
>+
>+ return ret;
>+}
>+
>+
> static int
> virDomainControllerModelTypeFromString(const virDomainControllerDef *def,
> const char *model)
>diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
>index 50750c1..041d619 100644
>--- a/src/conf/domain_conf.h
>+++ b/src/conf/domain_conf.h
>@@ -2287,6 +2287,7 @@ struct _virDomainDef {
> unsigned long long virDomainDefGetMemoryInitial(virDomainDefPtr def);
> void virDomainDefSetMemoryInitial(virDomainDefPtr def, unsigned long long size);
> unsigned long long virDomainDefGetMemoryActual(virDomainDefPtr def);
>+unsigned long long virDomainDefGetShmem(virDomainDefPtr def);
>
> typedef enum {
> VIR_DOMAIN_KEY_WRAP_CIPHER_NAME_AES,
>diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
>index 720afdf..0bb4513 100644
>--- a/src/libvirt_private.syms
>+++ b/src/libvirt_private.syms
>@@ -134,6 +134,7 @@ virDomainAuditNetDevice;
> virDomainAuditRedirdev;
> virDomainAuditRNG;
> virDomainAuditSecurityLabel;
>+virDomainAuditShmem;
> virDomainAuditStart;
> virDomainAuditStop;
> virDomainAuditVcpu;
>@@ -214,6 +215,7 @@ virDomainDefGetDefaultEmulator;
> virDomainDefGetMemoryActual;
> virDomainDefGetMemoryInitial;
> virDomainDefGetSecurityLabelDef;
>+virDomainDefGetShmem;
> virDomainDefHasDeviceAddress;
> virDomainDefMaybeAddController;
> virDomainDefMaybeAddInput;
>--
>2.4.3
>
>--
>libvir-list mailing list
>libvir-list at redhat.com
>https://www.redhat.com/mailman/listinfo/libvir-list
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20150712/05fc4bf4/attachment-0001.sig>
More information about the libvir-list
mailing list