1. 07 2月, 2017 1 次提交
    • M
      qemuDomainPrepareDisk: Fix ordering · 0a465238
      Michal Privoznik 提交于
      The current ordering is as follows:
      1) set label
      2) create the device in namespace
      3) allow device in the cgroup
      
      While this might work for now, it will definitely not work if the
      security driver would use transactions as in that case there
      would be no device to relabel in the domain namespace as the
      device is created in the second step.
      Swap steps 1) and 2) to allow security driver to use more
      transactions.
      Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
      0a465238
  2. 30 1月, 2017 1 次提交
  3. 20 1月, 2017 1 次提交
  4. 18 1月, 2017 1 次提交
  5. 04 1月, 2017 1 次提交
    • J
      qemu: Don't assume secret provided for LUKS encryption · 7f7d9904
      John Ferlan 提交于
      https://bugzilla.redhat.com/show_bug.cgi?id=1405269
      
      If a secret was not provided for what was determined to be a LUKS
      encrypted disk (during virStorageFileGetMetadata processing when
      called from qemuDomainDetermineDiskChain as a result of hotplug
      attach qemuDomainAttachDeviceDiskLive), then do not attempt to
      look it up (avoiding a libvirtd crash) and do not alter the format
      to "luks" when adding the disk; otherwise, the device_add would
      fail with a message such as:
      
         "unable to execute QEMU command 'device_add': Property 'scsi-hd.drive'
          can't find value 'drive-scsi0-0-0-0'"
      
      because of assumptions that when the format=luks that libvirt would have
      provided the secret to decrypt the volume.
      
      Access to unlock the volume will thus be left to the application.
      7f7d9904
  6. 15 12月, 2016 4 次提交
  7. 01 12月, 2016 3 次提交
    • G
      qemuDomainAttachNetDevice: pass mq and vectors for vhost-user with multiqueue · f81b33b5
      gaohaifeng 提交于
      Two reasons:
      1.in none hotplug, we will pass it. We can see from libvirt function
      qemuBuildVhostuserCommandLine
      2.qemu will use this vetcor num to init msix table. If we don't pass, qemu
      will use default value, this will cause VM can only use default value
      interrupts at most.
      Signed-off-by: Ngaohaifeng <gaohaifeng.gao@huawei.com>
      f81b33b5
    • E
      qemu: Prevent detaching SCSI controller used by hostdev · 655429a0
      Eric Farman 提交于
      Consider the following XML snippets:
      
        $ cat scsicontroller.xml
            <controller type='scsi' model='virtio-scsi' index='0'/>
        $ cat scsihostdev.xml
            <hostdev mode='subsystem' type='scsi'>
              <source>
                <adapter name='scsi_host0'/>
                <address bus='0' target='8' unit='1074151456'/>
              </source>
            </hostdev>
      
      If we create a guest that includes the contents of scsihostdev.xml,
      but forget the virtio-scsi controller described in scsicontroller.xml,
      one is silently created for us.  The same holds true when attaching
      a hostdev before the matching virtio-scsi controller.
      (See qemuDomainFindOrCreateSCSIDiskController for context.)
      
      Detaching the hostdev, followed by the controller, works well and the
      guest behaves appropriately.
      
      If we detach the virtio-scsi controller device first, any associated
      hostdevs are detached for us by the underlying virtio-scsi code (this
      is fine, since the connection is broken).  But all is not well, as the
      guest is unable to receive new virtio-scsi devices (the attach commands
      succeed, but devices never appear within the guest), nor even be
      shutdown, after this point.
      
      While this is not libvirt's problem, we can prevent falling into this
      scenario by checking if a controller is being used by any hostdev
      devices.  The same is already done for disk elements today.
      
      Applying this patch and then using the XML snippets from earlier:
      
        $ virsh detach-device guest_01 scsicontroller.xml
        error: Failed to detach device from scsicontroller.xml
        error: operation failed: device cannot be detached: device is busy
      
        $ virsh detach-device guest_01 scsihostdev.xml
        Device detached successfully
      
        $ virsh detach-device guest_01 scsicontroller.xml
        Device detached successfully
      Signed-off-by: NEric Farman <farman@linux.vnet.ibm.com>
      Reviewed-by: NBjoern Walk <bwalk@linux.vnet.ibm.com>
      Reviewed-by: NBoris Fiuczynski <fiuczy@linux.vnet.ibm.com>
      655429a0
    • L
      qemu: propagate virQEMUDriver object to qemuDomainDeviceCalculatePCIConnectFlags · 9b0848d5
      Laine Stump 提交于
      If libvirtd is running unprivileged, it can open a device's PCI config
      data in sysfs, but can only read the first 64 bytes. But as part of
      determining whether a device is Express or legacy PCI,
      qemuDomainDeviceCalculatePCIConnectFlags() will be updated in a future
      patch to call virPCIDeviceIsPCIExpress(), which tries to read beyond
      the first 64 bytes of the PCI config data and fails with an error log
      if the read is unsuccessful.
      
      In order to avoid creating a parallel "quiet" version of
      virPCIDeviceIsPCIExpress(), this patch passes a virQEMUDriverPtr down
      through all the call chains that initialize the
      qemuDomainFillDevicePCIConnectFlagsIterData, and saves the driver
      pointer with the rest of the iterdata so that it can be used by
      qemuDomainDeviceCalculatePCIConnectFlags(). This pointer isn't used
      yet, but will be used in an upcoming patch (that detects Express vs
      legacy PCI for VFIO assigned devices) to examine driver->privileged.
      9b0848d5
  8. 25 11月, 2016 2 次提交
    • E
      qemu: Allow hotplug of vhost-scsi device · 8c6d3653
      Eric Farman 提交于
      Adjust the device string that is built for vhost-scsi devices so that it
      can be invoked from hotplug.
      
      From the QEMU command line, the file descriptors are expect to be numeric only.
      However, for hotplug, the file descriptors are expected to begin with at least
      one alphabetic character else this error occurs:
      
        # virsh attach-device guest_0001 ~/vhost.xml
        error: Failed to attach device from /root/vhost.xml
        error: internal error: unable to execute QEMU command 'getfd':
        Parameter 'fdname' expects a name not starting with a digit
      
      We also close the file descriptor in this case, so that shutting down the
      guest cleans up the host cgroup entries and allows future guests to use
      vhost-scsi devices.  (Otherwise the guest will silently end.)
      Signed-off-by: NEric Farman <farman@linux.vnet.ibm.com>
      8c6d3653
    • E
      Introduce framework for a hostdev SCSI_host subsystem type · fc0e627b
      Eric Farman 提交于
      We already have a "scsi" hostdev subsys type, which refers to a single
      LUN that is passed through to a guest.  But what of things where
      multiple LUNs are passed through via a single SCSI HBA, such as with
      the vhost-scsi target?  Create a new hostdev subsys type that will
      carry this.
      Signed-off-by: NEric Farman <farman@linux.vnet.ibm.com>
      fc0e627b
  9. 23 11月, 2016 2 次提交
  10. 15 11月, 2016 1 次提交
    • L
      qemu: set/use proper pciConnectFlags during hotplug · abb7a4bd
      Laine Stump 提交于
      Before now, all the qemu hotplug functions assumed that all devices to
      be hotplugged were legacy PCI endpoint devices
      (VIR_PCI_CONNECT_TYPE_PCI_DEVICE). This worked out "okay", because all
      devices *are* legacy PCI endpoint devices on x86/440fx machinetypes,
      and hotplug didn't work properly on machinetypes using PCIe anyway
      (hotplugging onto a legacy PCI slot doesn't work, and until commit
      b87703cf any attempt to manually specify a PCIe address for a
      hotplugged device would be erroneously rejected).
      
      This patch makes all qemu hotplug operations honor the pciConnectFlags
      set by the single all-knowing function
      qemuDomainDeviceCalculatePCIConnectFlags(). This is done in 3 steps,
      but in a single commit since we would have to touch the other points
      at each step anyway:
      
      1) add a flags argument to the hypervisor-agnostic
      virDomainPCIAddressEnsureAddr() (previously it hardcoded
      ..._PCI_DEVICE)
      
      2) add a new qemu-specific function qemuDomainEnsurePCIAddress() which
      gets the correct pciConnectFlags for the device from
      qemuDomainDeviceConnectFlags(), then calls
      virDomainPCIAddressEnsureAddr().
      
      3) in qemu_hotplug.c replace all calls to
      virDomainPCIAddressEnsureAddr() with calls to
      qemuDomainEnsurePCIAddress()
      
      So in effect, we're putting a "shim" on top of all calls to
      virDomainPCIAddressEnsureAddr() that sets the right pciConnectFlags.
      abb7a4bd
  11. 14 11月, 2016 1 次提交
  12. 11 11月, 2016 2 次提交
  13. 10 11月, 2016 2 次提交
  14. 09 11月, 2016 1 次提交
  15. 03 11月, 2016 1 次提交
  16. 27 10月, 2016 5 次提交
  17. 26 10月, 2016 6 次提交
    • G
      qemu: Add support for using AES secret for SCSI hotplug · 0701abcb
      Gema Gomez 提交于
      Support for virtio disks was added in commit id 'fceeeda2', but not for
      SCSI drives. Add the secret for the server when hotplugging a SCSI drive.
      No need to make any adjustments for unplug since that's handled during
      the qemuDomainDetachDiskDevice call to qemuDomainRemoveDiskDevice in
      the qemuDomainDetachDeviceDiskLive switch.
      
      Added a test to/for the command line processing to show the command line
      options when adding a SCSI drive for the guest.
      0701abcb
    • J
      qemu: Add secret object hotplug for TCP chardev TLS · 8550e858
      John Ferlan 提交于
      https://bugzilla.redhat.com/show_bug.cgi?id=1300776
      
      Complete the implementation of support for TLS encryption on
      chardev TCP transports by adding the hotplug ability of a secret
      to generate the passwordid for the TLS object for chrdev, RNG,
      and redirdev.
      
      Fix up the order of object removal on failure to be the inverse
      of the attempted attach (for redirdev, chr, rng) - for each the
      tls object was being removed before the chardev backend.
      
      Likewise, add the ability to hot unplug that secret object as well
      and be sure the order of unplug matches that inverse order of plug.
      Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
      8550e858
    • J
      qemu: Add a secret object to/for a char source dev · daf5c651
      John Ferlan 提交于
      Add the secret object so the 'passwordid=' can be added if the command line
      if there's a secret defined in/on the host for TCP chardev TLS objects.
      
      Preparation for the secret involves adding the secinfo to the char source
      device prior to command line processing. There are multiple possibilities
      for TCP chardev source backend usage.
      
      Add test for at least a serial chardev as an example.
      daf5c651
    • J
      qemu: Need to remove TLS object in RemoveRNGDevice · 68808516
      John Ferlan 提交于
      Commit id '6e6b4bfc' added the object, but forgot the other end.
      68808516
    • J
      qemu: Fix depedency order in qemuRemoveDiskDevice · 502c747a
      John Ferlan 提交于
      Need to remove the drive first, then the secobj and/or encobj if they exist.
      This is because the drive has a dependency on secobj (or the secret for
      the networked storage server) and/or the encobj (or the secret for the
      LUKS encrypted volume).  Deleting either object first leaves an drive
      without it's respective objects.
      Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
      502c747a
    • J
      qemu: Move TLS object remove from DetachChr to RemoveChr · 1b93def2
      John Ferlan 提交于
      Commit id '2c322378' added the TLS object removal to the DetachChrDevice
      all when it should have been added to the RemoveChrDevice since that's
      the norm for similar processing (e.g. disk)
      Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
      1b93def2
  18. 24 10月, 2016 5 次提交