[libvirt PATCH] daemon: set default memlock limit for systemd service
Pavel Hrdina
phrdina at redhat.com
Wed Feb 26 16:04:55 UTC 2020
On Wed, Feb 26, 2020 at 10:35:58AM -0500, Cole Robinson wrote:
> On 2/26/20 10:07 AM, Pavel Hrdina wrote:
> > The default memlock limit is 64k which is not enough to start a single
> > VM. The requirements for one VM are 12k, 8k for eBPF map and 4k for eBPF
> > program, however, it fails to create eBPF map and program with 64k limit.
> > By testing I figured out that the minimal limit is 80k to start a single
> > VM with functional eBPF and if I add 12k I can start another one.
> >
> > This leads into following calculation:
> >
> > 80k as memlock limit worked to start a VM with eBPF which means there
> > is 68k of lock memory that I was not able to figure out what was using
> > it. So to get a number for 4096 VMs:
> >
> > 68 + 12 * 4096 = 49220
> >
> > If we round it up we will get 49M of memory lock limit to support 4096
> > VMs with default map size which can hold 64 entries for devices.
> >
> > This should be good enough as a sane default and users can change it if
> > the need to.
> >
> > Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1807090
> >
> > Signed-off-by: Pavel Hrdina <phrdina at redhat.com>
> > ---
> > src/remote/libvirtd.service.in | 5 +++++
> > 1 file changed, 5 insertions(+)
> >
> > diff --git a/src/remote/libvirtd.service.in b/src/remote/libvirtd.service.in
> > index 9c8c54a2ef..8a3ace5bdb 100644
> > --- a/src/remote/libvirtd.service.in
> > +++ b/src/remote/libvirtd.service.in
> > @@ -40,6 +40,11 @@ LimitNOFILE=8192
> > # A conservative default of 8 tasks per guest results in a TasksMax of
> > # 32k to support 4096 guests.
> > TasksMax=32768
> > +# With cgroups v2 there is no devices controller anymore, we have to use
> > +# eBPF to control access to devices. In order to do that we create a eBPF
> > +# hash MAP which locked memory. The default map size for 64 devices together
> > +# with program takes 12k per guest which results in 49M to support 4096 guests.
> > +LimitMEMLOCK=49M
> >
> > [Install]
> > WantedBy=multi-user.target
> >
>
> I guess we will want this for virtqemud and virtlxcd as well.
> Any ideas if the root issue affects qemu:///session ?
Good point about the virtlxcd and virtqemud, I'll add it there in v2.
Cgroups are not used for session daemon.
Pavel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20200226/c82ae4d0/attachment-0001.sig>
More information about the libvir-list
mailing list