openstack/nova
Code Issues Proposed changes
a859481b79
nova/nova/virt
History
Sean Dague a859481b79 Bump prlimit cpu time for qemu from 2 to 8 
We've got user reported bugs that when opperating with slow NFS
backends with large (30+ GB) disk files, the prlimit of cpu_time 2 is
guessed to be the issue at hand because if folks hot patch a qemu-img
that runs before the prlimitted one, the prlimitted one succeeds.

This increases the allowed cpu timeout, as well as tweaking the error
message so that we return something more prescriptive when the
qemu-img command fails with prlimit abort.

The original bug (#1449062) the main mitigation concern here was a
carefully crafted image that gets qemu-img to generate > 1G of json,
and hence could be a node attack vector. cpu_time was never mentioned,
and I think was added originally as a belt and suspenders addition. As
such, bumping it to 8 seconds shouldn't impact our protection in any
real way.

Change-Id: I1f4549b787fd3b458e2c48a90bf80025987f08c4
Closes-Bug: #1646181
(cherry picked from commit b78b1f8ce3)
2016-12-12 12:48:03 +00:00
..
disk Merge "Don't use locals() and globals(), use a dict instead" 2016-07-25 20:51:16 +00:00
hyperv Hyper-V: fix image handling when shared storage is being used 2016-11-25 18:32:34 +00:00
image libvirt: virtuozzo instance resize support 2016-06-28 22:13:49 +03:00
ironic Merge "Add support for vd2 user context to other drivers" 2016-08-31 02:40:59 +00:00
libvirt Merge "Fix wait for detach code to handle 'disk not found error'" into stable/newton 2016-12-02 03:27:43 +00:00
vmwareapi Using get() method to prevent KeyError 2016-12-01 09:19:23 +00:00
xenapi Merge "Add support for vd2 user context to other drivers" 2016-08-31 02:40:59 +00:00
__init__.py Declare nova.virt namespace 2016-04-28 15:01:44 +00:00
block_device.py Remove virt.block_device._NoLegacy exception 2016-06-16 09:31:25 +01:00
configdrive.py Config options: centralize "configdrive" options 2016-04-06 09:35:51 +03:00
diagnostics.py Diagnostics: add validation for types 2014-08-05 01:49:17 -07:00
driver.py virt: handle unicode when logging LifecycleEvents 2016-09-08 11:14:52 -04:00
event.py Add 'suspended' lifecycle event 2015-04-03 03:59:20 +03:00
fake.py driver.pre_live_migration migrate_data is always an object 2016-08-22 12:12:24 -04:00
firewall.py Fix spelling mistake 2016-06-28 08:41:09 +02:00
hardware.py Allow linear packing of cores 2016-09-21 09:31:54 +01:00
imagecache.py Rename ImageCacheManager._list_base_images to _scan_base_images 2016-05-26 14:45:42 +01:00
images.py Bump prlimit cpu time for qemu from 2 to 8 2016-12-12 12:48:03 +00:00
interfaces.template Fixes interfaces template identification issue 2014-12-07 17:52:34 +02:00
netutils.py Fix network mtu in network_metadata 2016-05-15 11:45:23 +02:00
osinfo.py Trivial-Fix: Fix typos 2016-06-13 06:41:08 +00:00
storage_users.py Use oslo.log 2015-02-22 07:56:40 -05:00
virtapi.py Remove unused provider firewall rules functionality in nova 2016-02-01 15:50:04 +01:00
volumeutils.py nova.utils._get_root_helper() should be public 2015-08-19 04:00:50 +00:00
watchdog_actions.py Add watchdog device support to libvirt driver 2014-03-03 14:59:58 -05:00