[libvirt PATCH v2 4/4] qemu: Only raise memlock limit if necessary

Andrea Bolognani abologna at redhat.com
Tue Mar 9 13:47:09 UTC 2021


Attempting to set the memlock limit might fail if we're running
in a containerized environment where CAP_SYS_RESOURCE is not
available, and if the limit is already high enough there's no
point in trying to raise anyway.

https://bugzilla.redhat.com/show_bug.cgi?id=1916346

Signed-off-by: Andrea Bolognani <abologna at redhat.com>
---
 src/qemu/qemu_domain.c | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)

diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index f8b0e1a62a..560c73b560 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -9247,11 +9247,20 @@ qemuDomainAdjustMaxMemLock(virDomainObjPtr vm,
         return -1;
 
     if (desiredMemLock > 0) {
-        /* If this is the first time adjusting the limit, save the current
-         * value so that we can restore it once memory locking is no longer
-         * required */
-        if (vm->originalMemlock == 0) {
-            vm->originalMemlock = currentMemLock;
+        if (currentMemLock < desiredMemLock) {
+            /* If this is the first time adjusting the limit, save the current
+             * value so that we can restore it once memory locking is no longer
+             * required */
+            if (vm->originalMemlock == 0) {
+                vm->originalMemlock = currentMemLock;
+            }
+        } else {
+            /* If the limit is already high enough, we can assume
+             * that some external process is taking care of managing
+             * process limits and we shouldn't do anything ourselves:
+             * we're probably running in a containerized environment
+             * where we don't have enough privilege anyway */
+            desiredMemLock = 0;
         }
     } else {
         /* Once memory locking is no longer required, we can restore the
-- 
2.26.2




More information about the libvir-list mailing list