commit a859481b797048579f69e8c07b09a4628776fb1f
Author: Sean Dague <email address hidden>
Date: Thu Dec 8 10:09:06 2016 -0500
Bump prlimit cpu time for qemu from 2 to 8
We've got user reported bugs that when opperating with slow NFS
backends with large (30+ GB) disk files, the prlimit of cpu_time 2 is
guessed to be the issue at hand because if folks hot patch a qemu-img
that runs before the prlimitted one, the prlimitted one succeeds.
This increases the allowed cpu timeout, as well as tweaking the error
message so that we return something more prescriptive when the
qemu-img command fails with prlimit abort.
The original bug (#1449062) the main mitigation concern here was a
carefully crafted image that gets qemu-img to generate > 1G of json,
and hence could be a node attack vector. cpu_time was never mentioned,
and I think was added originally as a belt and suspenders addition. As
such, bumping it to 8 seconds shouldn't impact our protection in any
real way.
Change-Id: I1f4549b787fd3b458e2c48a90bf80025987f08c4
Closes-Bug: #1646181
(cherry picked from commit b78b1f8ce3aa407307a6adc5c60de1e960547897)
Reviewed: https:/ /review. openstack. org/409774 /git.openstack. org/cgit/ openstack/ nova/commit/ ?id=a859481b797 048579f69e8c07b 09a4628776fb1f
Committed: https:/
Submitter: Jenkins
Branch: stable/newton
commit a859481b7970485 79f69e8c07b09a4 628776fb1f
Author: Sean Dague <email address hidden>
Date: Thu Dec 8 10:09:06 2016 -0500
Bump prlimit cpu time for qemu from 2 to 8
We've got user reported bugs that when opperating with slow NFS
backends with large (30+ GB) disk files, the prlimit of cpu_time 2 is
guessed to be the issue at hand because if folks hot patch a qemu-img
that runs before the prlimitted one, the prlimitted one succeeds.
This increases the allowed cpu timeout, as well as tweaking the error
message so that we return something more prescriptive when the
qemu-img command fails with prlimit abort.
The original bug (#1449062) the main mitigation concern here was a
carefully crafted image that gets qemu-img to generate > 1G of json,
and hence could be a node attack vector. cpu_time was never mentioned,
and I think was added originally as a belt and suspenders addition. As
such, bumping it to 8 seconds shouldn't impact our protection in any
real way.
Change-Id: I1f4549b787fd3b 458e2c48a90bf80 025987f08c4 307a6adc5c60de1 e960547897)
Closes-Bug: #1646181
(cherry picked from commit b78b1f8ce3aa407