audit: audit qemu memory and vcpu adjusments

author Eric Blake <eblake@redhat.com>

Tue, 22 Feb 2011 00:02:17 +0000 (17:02 -0700)

committer Eric Blake <eblake@redhat.com>

Thu, 24 Feb 2011 20:32:17 +0000 (13:32 -0700)
author Eric Blake <eblake@redhat.com>
Tue, 22 Feb 2011 00:02:17 +0000 (17:02 -0700)
committer Eric Blake <eblake@redhat.com>
Thu, 24 Feb 2011 20:32:17 +0000 (13:32 -0700)
diff --git a/src/qemu/qemu_audit.c b/src/qemu/qemu_audit.c

index 76dacf7639d6aa318f89fea73cdcebb6b266599e..4e24e9aefdf66ce4bb86366392d5bd7d736541d0 100644 (file)
--- a/src/qemu/qemu_audit.c
+++ b/src/qemu/qemu_audit.c
@@ -148,6 +148,59 @@ cleanup:
  }
  
  
+/**
+ * qemuDomainResourceAudit:
+ * @vm: domain making an integer resource change
+ * @resource: name of the resource: "mem" or "vcpu"
+ * @oldval: the old value of the resource
+ * @newval: the new value of the resource
+ * @reason: either "start" or "update"
+ * @success: true if the resource change succeeded
+ *
+ * Log an audit message about an attempted resource change.
+ */
+static void
+qemuDomainResourceAudit(virDomainObjPtr vm,
+                        const char *resource,
+                        unsigned long long oldval,
+                        unsigned long long newval,
+                        const char *reason,
+                        bool success)
+{
+    char uuidstr[VIR_UUID_STRING_BUFLEN];
+    char *vmname;
+
+    virUUIDFormat(vm->def->uuid, uuidstr);
+    if (!(vmname = virAuditEncode("vm", vm->def->name))) {
+        VIR_WARN0("OOM while encoding audit message");
+        return;
+    }
+
+    VIR_AUDIT(VIR_AUDIT_RECORD_RESOURCE, success,
+              "resrc=%s reason=%s %s uuid=%s old-%s=%lld new-%s=%lld",
+              resource, reason, vmname, uuidstr,
+              resource, oldval, resource, newval);
+
+    VIR_FREE(vmname);
+}
+
+void
+qemuDomainMemoryAudit(virDomainObjPtr vm,
+                      unsigned long long oldmem, unsigned long long newmem,
+                      const char *reason, bool success)
+{
+    return qemuDomainResourceAudit(vm, "mem", oldmem, newmem, reason, success);
+}
+
+void
+qemuDomainVcpuAudit(virDomainObjPtr vm,
+                    unsigned int oldvcpu, unsigned int newvcpu,
+                    const char *reason, bool success)
+{
+    return qemuDomainResourceAudit(vm, "vcpu", oldvcpu, newvcpu, reason,
+                                   success);
+}
+
  static void qemuDomainLifecycleAudit(virDomainObjPtr vm,
                                       const char *op,
                                       const char *reason,
@@ -185,6 +238,9 @@ void qemuDomainStartAudit(virDomainObjPtr vm, const char *reason, bool success)
          qemuDomainNetAudit(vm, NULL, net, "start", true);
      }
  
+    qemuDomainMemoryAudit(vm, 0, vm->def->mem.cur_balloon, "start", true);
+    qemuDomainVcpuAudit(vm, 0, vm->def->vcpus, "start", true);
+
      qemuDomainLifecycleAudit(vm, "start", reason, success);
  }
  
diff --git a/src/qemu/qemu_audit.h b/src/qemu/qemu_audit.h

index da18eb45140dd4c41aa089f14e04b288c314ee86..fa429f3c322d7a3266242bff405228460e92ebcf 100644 (file)
--- a/src/qemu/qemu_audit.h
+++ b/src/qemu/qemu_audit.h
@@ -45,6 +45,16 @@ void qemuDomainCgroupAudit(virDomainObjPtr vm,
                             const char *item,
                             const char *name,
                             bool success);
+void qemuDomainMemoryAudit(virDomainObjPtr vm,
+                           unsigned long long oldmem,
+                           unsigned long long newmem,
+                           const char *reason,
+                           bool success);
+void qemuDomainVcpuAudit(virDomainObjPtr vm,
+                         unsigned int oldvcpu,
+                         unsigned int newvcpu,
+                         const char *reason,
+                         bool success);
  void qemuDomainSecurityLabelAudit(virDomainObjPtr vm, bool success);
  
  #endif /* __QEMU_AUDIT_H__ */
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c

index 72e930cc5e10f5726d1af76d7ce8f9cb91def552..1a7bec9b82c01e8c0cc671942e3f8ccb83e29a2d 100644 (file)
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -1604,6 +1604,8 @@ static int qemudDomainSetMemory(virDomainPtr dom, unsigned long newmem) {
      qemuDomainObjEnterMonitor(vm);
      r = qemuMonitorSetBalloon(priv->mon, newmem);
      qemuDomainObjExitMonitor(vm);
+    qemuDomainMemoryAudit(vm, vm->def->mem.cur_balloon, newmem, "update",
+                          r == 1);
      if (r < 0)
          goto endjob;
  
@@ -2517,8 +2519,9 @@ static void processWatchdogEvent(void *data, void *opaque)
  static int qemudDomainHotplugVcpus(virDomainObjPtr vm, unsigned int nvcpus)
  {
      qemuDomainObjPrivatePtr priv = vm->privateData;
-    int i, rc;
+    int i, rc = 1;
      int ret = -1;
+    int oldvcpus = vm->def->vcpus;
  
      qemuDomainObjEnterMonitor(vm);
  
@@ -2553,6 +2556,7 @@ static int qemudDomainHotplugVcpus(virDomainObjPtr vm, unsigned int nvcpus)
  
  cleanup:
      qemuDomainObjExitMonitor(vm);
+    qemuDomainVcpuAudit(vm, oldvcpus, nvcpus, "update", rc == 1);
      return ret;
  
  unsupported:
author	Eric Blake <eblake@redhat.com>
	Tue, 22 Feb 2011 00:02:17 +0000 (17:02 -0700)
committer	Eric Blake <eblake@redhat.com>
	Thu, 24 Feb 2011 20:32:17 +0000 (13:32 -0700)
src/qemu/qemu_audit.c		patch \| blob \| blame \| history
src/qemu/qemu_audit.h		patch \| blob \| blame \| history
src/qemu/qemu_driver.c		patch \| blob \| blame \| history