- 09 3月, 2020 1 次提交
-
-
由 Michal Privoznik 提交于
When preparing images for block jobs we modify their seclabels so that QEMU can open them. However, as mentioned in the previous commit, secdrivers base some it their decisions whether the image they are working on is top of of the backing chain. Fortunately, in places where we call secdrivers we know this and the information can be passed to secdrivers. The problem is the following: after the first blockcommit from the base to one of the parents the XATTRs on the base image are not cleared and therefore the second attempt to do another blockcommit fails. This is caused by blockcommit code calling qemuSecuritySetImageLabel() over the base image, possibly multiple times (to ensure RW/RO access). A naive fix would be to call the restore function. But this is not possible, because that would deny QEMU the access to the base image. Fortunately, we can use the fact that seclabels are remembered only for the top of the backing chain and not for the rest of the backing chain. And thanks to the previous commit we can tell secdrivers which images are top of the backing chain. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1803551Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NPeter Krempa <pkrempa@redhat.com>
-
- 05 3月, 2020 8 次提交
-
-
由 Daniel P. Berrangé 提交于
Historically threads are given a name based on the C function, and this name is just used inside libvirt. With OS level thread naming this name is now visible to debuggers, but also has to fit in 15 characters on Linux, so function names are too long in some cases. Reviewed-by: NMichal Privoznik <mprivozn@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
The qemuMonitorOpenFD method has not been used since it was first introduced. Reviewed-by: NMichal Privoznik <mprivozn@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
Libvirt has never configured the QEMU agent to support running on a PTY implicitly. In theory an end user may have written such an XML config, but this is reasonably unlikely since when a bare <channel> is provided, libvirt will auto-expand it to a UNIX socket backend. With this change a user who has use the PTY backend will have to switch to the UNIX backend if they wish to use libvirt APIs for interacting with the agent. This will not have guest ABI impact. Reviewed-by: NMichal Privoznik <mprivozn@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Peter Krempa 提交于
qemuMonitorJSONMakeCommandInternal does the full command construction if you pass in what would become the value of the 'arguments' key. Refactor the open-coded implementation to use the helper and use modern cleanup helpers at the same time. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NDaniel Henrique Barboza <danielhb413@gmail.com>
-
由 Peter Krempa 提交于
Make it obvious that the function always returns a valid pointer and fix all callers. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NDaniel Henrique Barboza <danielhb413@gmail.com>
-
由 Michal Privoznik 提交于
I've found that if my virtlogd is socket activated but the daemon doesn't run yet, then the virt-qemu-run is killed right after it tries to start the domain. The problem is that because the default setting is to use virtlogd, the domain create code tries to connect to virtlogd socket, which in turn tries to detect who is connecting (virNetSocketGetUNIXIdentity()) and as a part of it, it will try to open /proc/${PID_OF_SHIM}/stat which is denied by SELinux: type=AVC msg=audit(1582903501.927:323): avc: denied { search } for \ pid=1210 comm="virtlogd" name="1843" dev="proc" ino=37224 \ scontext=system_u:system_r:virtlogd_t:s0-s0:c0.c1023 \ tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=dir \ permissive=0 Virtlogd reacts by closing the connection which the shim sees as SIGPIPE. Since the default response to the signal is Term, we don't even get to reporting any error nor to removing the temporary directory. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NAndrea Bolognani <abologna@redhat.com>
-
由 Michal Privoznik 提交于
When virt-qemu-run is ran without any root directory specified on the command line, a temporary directory is made and used instead. But since we are using g_dir_make_tmp() to create the directory it is going to have 0700 mode. So even though we create the whole directory structure under it and label everything, QEMU is very likely to not have the access. This is because in this case there is no qemu.conf and thus distro default UID:GID is used to run QEMU (e.g. qemu:kvm on Fedora). Change the mode of the temporary directory so that everybody has eXecute permission. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NAndrea Bolognani <abologna@redhat.com>
-
由 Michal Privoznik 提交于
Libvirt tries to forbid migration onto the same host and it does that by checking if local and remote hostnames are the same and whether local and remote UUIDs are the same. Well, the latter makes sense but the former doesn't really because libvirtd can be running inside an UTS namespace and hostnames can appear the same on both sides of migration. On the other hand, host UUIDs are unique, so rely on them when trying to prevent migration onto the same host. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1639596Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com>
-
- 04 3月, 2020 17 次提交
-
-
由 Peter Krempa 提交于
Use the 'flat' flag for 'query-named-block-nodes' if qemu supports QEMU_CAPS_QMP_QUERY_NAMED_BLOCK_NODES_FLAT in qemuBlockGetNamedNodeData. We don't need the data so plumb in whether qemu supports the 'flat' output. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Peter Krempa 提交于
Modern qemu allows to skip the nested redundant data in the output of query-named-block-nodes. Plumb in the support for the argument that enables it. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Peter Krempa 提交于
Replace qemuMonitorBlockGetNamedNodeData by qemuBlockGetNamedNodeData. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Peter Krempa 提交于
Use g_autoptr to get rid of the cleanup section. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Peter Krempa 提交于
Detect the presence of the flag and make it available internally as QEMU_CAPS_QMP_QUERY_NAMED_BLOCK_NODES_FLAT. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Peter Krempa 提交于
The monitor password callback was removed long time ago but the callback type and variable were left around. Finish the cleanup. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Ján Tomko 提交于
Format the 'vhost-user-fs' device on the QEMU command line. This device provides shared file system access using the FUSE protocol carried over virtio. The actual file server is implemented in an external vhost-user-fs device backend process. https://bugzilla.redhat.com/show_bug.cgi?id=1694166Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com> Reviewed-by: NPeter Krempa <pkrempa@redhat.com> Tested-by: NAndrea Bolognani <abologna@redhat.com>
-
由 Ján Tomko 提交于
Look into /usr/share/qemu/vhost-user to see whether we can find a suitable virtiofsd binary, in case the user did not provide one in the domain XML. Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com> Reviewed-by: NPeter Krempa <pkrempa@redhat.com> Tested-by: NAndrea Bolognani <abologna@redhat.com>
-
由 Ján Tomko 提交于
Wire up the code to put virtiofsd in the emulator cgroup on domain startup. Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NPeter Krempa <pkrempa@redhat.com> Tested-by: NAndrea Bolognani <abologna@redhat.com>
-
由 Ján Tomko 提交于
Start virtiofsd for each <filesystem> device using it. Pre-create the socket for communication with QEMU and pass it to virtiofsd. Note that virtiofsd needs to run as root. https://bugzilla.redhat.com/show_bug.cgi?id=1694166 Introduced by QEMU commit a43efa34c7d7b628cbf1ec0fe60043e5c91043ea Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NPeter Krempa <pkrempa@redhat.com> Tested-by: NAndrea Bolognani <abologna@redhat.com>
-
由 Ján Tomko 提交于
This is not yet supported. Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com> Reviewed-by: NPeter Krempa <pkrempa@redhat.com> Tested-by: NAndrea Bolognani <abologna@redhat.com>
-
由 Ján Tomko 提交于
Reject unsupported configurations. Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NPeter Krempa <pkrempa@redhat.com> Tested-by: NAndrea Bolognani <abologna@redhat.com> Reviewed-by: NMasayoshi Mizuma <m.mizuma@jp.fujitsu.com>
-
由 Ján Tomko 提交于
Add a 'virtiofsd_debug' option for tuning whether to run virtiofsd in debug mode. Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com> Reviewed-by: NPeter Krempa <pkrempa@redhat.com> Tested-by: NAndrea Bolognani <abologna@redhat.com>
-
由 Ján Tomko 提交于
Introduce a new 'virtiofs' driver type for filesystem. <filesystem type='mount' accessmode='passthrough'> <driver type='virtiofs'/> <source dir='/path'/> <target dir='mount_tag'> <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/> </filesystem> Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com> Reviewed-by: NPeter Krempa <pkrempa@redhat.com> Tested-by: NAndrea Bolognani <abologna@redhat.com>
-
由 Ján Tomko 提交于
Introduced by QEMU commit 98fc1ada4cf70af0f1df1a2d7183cf786fc7da05 virtio: add vhost-user-fs base device Released in QEMU v4.2.0. Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NPeter Krempa <pkrempa@redhat.com> Acked-by: NStefan Hajnoczi <stefanha@redhat.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com> Tested-by: NAndrea Bolognani <abologna@redhat.com>
-
由 Ján Tomko 提交于
Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NPeter Krempa <pkrempa@redhat.com> Tested-by: NAndrea Bolognani <abologna@redhat.com>
-
由 Ján Tomko 提交于
Pass logManager to qemuExtDevicesStart for future usage. Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com> Tested-by: NAndrea Bolognani <abologna@redhat.com>
-
- 27 2月, 2020 1 次提交
-
-
由 Pavel Hrdina 提交于
The default memlock limit is 64k which is not enough to start a single VM. The requirements for one VM are 12k, 8k for eBPF map and 4k for eBPF program, however, it fails to create eBPF map and program with 64k limit. By testing I figured out that the minimal limit is 80k to start a single VM with functional eBPF and if I add 12k I can start another one. This leads into following calculation: 80k as memlock limit worked to start a VM with eBPF which means there is 68k of lock memory that I was not able to figure out what was using it. So to get a number for 4096 VMs: 68 + 12 * 4096 = 49220 If we round it up we will get 64M of memory lock limit to support 4096 VMs with default map size which can hold 64 entries for devices. This should be good enough as a sane default and users can change it if the need to. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1807090Signed-off-by: NPavel Hrdina <phrdina@redhat.com> Reviewed-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 26 2月, 2020 4 次提交
-
-
由 Jiri Denemark 提交于
Whenever there is a guest CPU configured in domain XML, we will call some CPU driver APIs to validate the CPU definition and check its compatibility with the hypervisor. Thus domains with guest CPU specification can only be started if the guest architecture is supported by the CPU driver. But we would add a default CPU to any domain as long as QEMU reports it causing failures to start any domain on affected architectures. https://bugzilla.redhat.com/show_bug.cgi?id=1805755Signed-off-by: NJiri Denemark <jdenemar@redhat.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Peter Krempa 提交于
While our code can detect ISO as a separate format, qemu does not use it as such and just passes it through as raw. Add conversion for detected parts of the backing chain so that the validation code does not reject it right away. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Ján Tomko 提交于
This function only uses the domain definition. Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Ján Tomko 提交于
Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NPavel Mores <pmores@redhat.com> Reviewed-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 25 2月, 2020 2 次提交
-
-
由 Ján Tomko 提交于
Include virutil.h in all files that use it, instead of relying on it being pulled in somehow. Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NDaniel Henrique Barboza <danielhb413@gmail.com>
-
由 Ján Tomko 提交于
Historically, this file was a dump for most of our helper functions and needed almost everywhere. With the introduction of virfile.h and virstring.h, and more importantly, virenum.h and the introduction of GLib, that is no longer true. Remove its include from C files that don't even use it. Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NDaniel Henrique Barboza <danielhb413@gmail.com>
-
- 24 2月, 2020 2 次提交
-
-
由 Peter Krempa 提交于
Both callers pass false. Since we frown upon format probing, remove the unused possibility to do the probing. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Ján Tomko 提交于
The backend name is memory-backend-memfd but we've been checking for memory-backend-memory. Reported by GCC on rawhide: ../../../src/internal.h:75:22: error: 'strcmp' of a string of length 21 and an array of size 21 evaluates to nonzero [-Werror=string-compare] ../../../src/qemu/qemu_command.c:3525:20: note: in expansion of macro 'STREQ' 3525 | } else if (STREQ(backendType, "memory-backend-memory") && | ^~~~~ Signed-off-by: NJán Tomko <jtomko@redhat.com> Fixes: 24b74d18Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com>
-
- 23 2月, 2020 5 次提交
-
-
由 Daniel Henrique Barboza 提交于
Another vircgroup helper to avoid code repetition between the LXC and QEMU driver. Signed-off-by: NDaniel Henrique Barboza <danielhb413@gmail.com> Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Daniel Henrique Barboza 提交于
lxcDomainSetMemoryParameters() and qemuDomainSetMemoryParameters() has duplicated chunks of code that can be put in a new helper. Signed-off-by: NDaniel Henrique Barboza <danielhb413@gmail.com> Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Daniel Henrique Barboza 提交于
This new helper avoids more code repetition inside lxcDomainSetBlkioParameters() and qemuDomainSetBlkioParameters(). Signed-off-by: NDaniel Henrique Barboza <danielhb413@gmail.com> Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Daniel Henrique Barboza 提交于
After the introduction of virDomainDriverMergeBlkioDevice() in a previous patch, it is now clear that lxcDomainSetBlkioParameters() and qemuDomainSetBlkioParameters() uses the same loop to set cgroup blkio parameter of a domain. Avoid the repetition by adding a new helper called virDomainCgroupSetupDomainBlkioParameters(). Signed-off-by: NDaniel Henrique Barboza <danielhb413@gmail.com> Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Daniel Henrique Barboza 提交于
lxcDomainParseBlkioDeviceStr() and qemuDomainParseBlkioDeviceStr() are the same function. Avoid code repetition by putting the code in a new helper. Signed-off-by: NDaniel Henrique Barboza <danielhb413@gmail.com> Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-