[libvirt PATCH 12/17] util: Try to get limits from /proc

Daniel P. Berrangé berrange at redhat.com
Mon Mar 8 15:23:53 UTC 2021 

On Mon, Mar 08, 2021 at 04:21:16PM +0100, Andrea Bolognani wrote:
> On Mon, 2021-03-08 at 10:50 +0000, Daniel P. Berrangé wrote:
> > On Fri, Mar 05, 2021 at 08:13:59PM +0100, Andrea Bolognani wrote:
> > > +    if (!(label = virProcessLimitResourceToLabel(resource))) {
> > > +        virReportError(VIR_ERR_INTERNAL_ERROR,
> > > +                       _("Unknown resource %d requested for process %lld"),
> > > +                       resource, (long long)pid);
> > > +        return -1;
> > 
> > Setting errors on -1
> 
> This is only hit if virProcessGetLimitFromProc() has been asked to
> obtain limits for a resource it doesn't know how to fetch, which
> indicates a bug in libvirt and is thus reported as internal error.

The our coding standard is that we only call virReportError if the
caller is actually going to honour the errors.

> 
> > > +    procfile = g_strdup_printf("/proc/%lld/limits", (long long)pid);
> > > +
> > > +    if (!g_file_get_contents(procfile, &buf, &len, NULL))
> > > +        return -1;
> > 
> > Not setting errors on -1
> 
> This is simply "file couldn't be read", which would be the case on
> FreeBSD for example.

Right, but we *must* always be consistent in whether a method uses
virReportError or not.  We have two code paths here returning -1,
and only one of which reports errors. Either all must report
errors, or none. Since the only caller is ignoring errors, then
it looks like none should report errors.

> 
> > > +    /* For whatever reason, using prlimit() on another process - even
> > > +     * when it's just to obtain the current limit rather than changing
> > > +     * it - requires CAP_SYS_RESOURCE, which we might not have in a
> > > +     * containerized environment; on the other hand, no particular
> > > +     * permission is needed to poke around /proc, so try that if going
> > > +     * through the syscall didn't work */
> > > +    if (virProcessGetLimitFromProc(pid, resource, old_limit) == 0)
> > > +        return 0;
> > 
> > This ought to be conditional for Linux only and error reporting needs
> > to be made consistent.
> 
> The intent above was to have this fail quietly on non-Linux without
> adding checks for it, but sure I can have an actual stub on other
> platforms instead.
> 
> -- 
> Andrea Bolognani / Red Hat / Virtualization
> 

Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

More information about the libvir-list mailing list