- 30 4月, 2018 4 次提交
-
-
由 Peter Krempa 提交于
To allow encryption of the non-shared storage migration NBD connection we will need to instantiated the NBD server with the TLS env. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Peter Krempa 提交于
The NBD server in qemu supports TLS transport. Detect this capability. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Peter Krempa 提交于
When a VM is destroyed while being migrated (waiting in qemuMigrationSrcWaitForCompletion) the private object cleanup code frees the 'current' job info. Since the migration code attempts to setup various aspects of the current job even on failure this results into a crash. Job data is cleared in qemuDomainObjPrivateDataClear since commit 888aa4b6 Fix this by skipping all of the code which requires the qemu process to be alive if the VM is not active any more. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJiri Denemark <jdenemar@redhat.com>
-
由 Peter Krempa 提交于
Since libvirt is currently not able to setup the NBD migration stream secured by TLS we should not allow such migration since data would be transferred unencrypted. This will break compatibility of TLS migration if non-shared storage is requested but the security implications are more severe. Signed-off-by: NPeter Krempa <pkrempa@redhat.com>
-
- 27 4月, 2018 2 次提交
-
-
由 Peter Krempa 提交于
The code setting TLS parameters verifies that TLS is supported by looking at the dump of parameters which will be reset after migration, but sets the parameters in the list of new parameters. As qemuMigrationParamsSetString did not set the 'set' property, the TLS parameters would not be used. This is a regression after the series refactoring migration parameters and it resulted into TLS not being used even when requested. Signed-off-by: NPeter Krempa <pkrempa@redhat.com>
-
由 Peter Krempa 提交于
The function is not used outside of the src/qemu/qemu_migration_params.c file so unexport it. Signed-off-by: NPeter Krempa <pkrempa@redhat.com>
-
- 26 4月, 2018 1 次提交
-
-
由 Ján Tomko 提交于
Introduce a perl script that is able to regroup both the QEMU_CAPS constants and the capability strings. Check correct grouping as a part of syntax check. For in-place regrouping after a rebase, just run: tests/group-qemu-caps.pl without any parameters. Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
-
- 23 4月, 2018 3 次提交
-
-
由 Andrea Bolognani 提交于
The attribute can be used to disable ROM loading completely for a device. This might be needed because, even when the guest is configured such that the PCI ROM will not be loaded in the PCI BAR, some hypervisors (eg. QEMU) might still make it available to the guest in a form (eg. fw_cfg) that some firmwares (eg. SeaBIOS) will consume, thus not achieving the desired result. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1425058Signed-off-by: NAndrea Bolognani <abologna@redhat.com>
-
由 John Ferlan 提交于
Rework the code such that virDomainObjListFindByID will always return a locked/ref counted object so that the callers can always do the same cleanup logic to call virDomainObjEndAPI. Makes accessing the objects much more consistent. NB: There were 2 callers (lxcDomainLookupByID and qemuDomainLookupByID) that were already using the ByID name, but not virDomainObjEndAPI - these were changed as well in this update/patch. Signed-off-by: NJohn Ferlan <jferlan@redhat.com> Reviewed-by: NJim Fehlig <jfehlig@suse.com>
-
由 John Ferlan 提交于
Now that every caller is using virDomainObjListFindByUUIDRef, let's just remove it and keep the name as virDomainObjListFindByUUID. Signed-off-by: NJohn Ferlan <jferlan@redhat.com> Reviewed-by: NJim Fehlig <jfehlig@suse.com>
-
- 20 4月, 2018 3 次提交
-
-
由 John Ferlan 提交于
If virJSONValueArraySize(caps) <= 0, then we will still need to virJSONValueFree(caps) because qemuMonitorSetMigrationCapabilities won't consume it. Found by Coverity Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
-
由 Michal Privoznik 提交于
The code is generic enough to be reused. Move it into a separate function. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Michal Privoznik 提交于
So far all the properties we are trying to fetch are device properties, i.e. -device $dev on qemu command line. Change misleading variable names to express what's queried for better. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
- 19 4月, 2018 5 次提交
-
-
由 Andrea Bolognani 提交于
The current private XML parsing code relies on the assumption that NUMA node IDs start from 0 and are densely allocated, neither of which is necessarily the case. Change it so that the bitmap size is dynamically calculated by looking at NUMA node IDs instead, which ensures all nodes will be able to fit and thus the bitmap will be parsed successfully. Update one of the test cases so that it would fail with the previous approach, but passes with the new one. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1490158Signed-off-by: NAndrea Bolognani <abologna@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Michal Privoznik 提交于
Allocated in qemuMigrationParamsNew() we need to free priv->job.migParams when no longer needed. ==8061== 234 (192 direct, 42 indirect) bytes in 1 blocks are definitely lost in loss record 112 of 123 ==8061== at 0x4C2CF26: calloc (vg_replace_malloc.c:711) ==8061== by 0x5325D05: virAlloc (viralloc.c:144) ==8061== by 0x1984F9: qemuMigrationParamsNew (qemu_migration_params.c:218) ==8061== by 0x19A352: qemuMigrationParamsParse (qemu_migration_params.c:1185) ==8061== by 0x1604D8: qemuDomainObjPrivateXMLParseJob (qemu_domain.c:2390) ==8061== by 0x160AE9: qemuDomainObjPrivateXMLParse (qemu_domain.c:2517) ==8061== by 0x5419EAE: virDomainObjParseXML (domain_conf.c:20442) ==8061== by 0x541A25E: virDomainObjParseNode (domain_conf.c:20555) ==8061== by 0x541A2FC: virDomainObjParseFile (domain_conf.c:20574) ==8061== by 0x13607D: testCompareStatusXMLToXMLFiles (qemuxml2xmltest.c:75) ==8061== by 0x14F3E8: virTestRun (testutils.c:180) ==8061== by 0x14DCD0: mymain (qemuxml2xmltest.c:1200) Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Peter Krempa 提交于
The disk cache mode translates to various frontend and backend attributes for the qemu block layer. For the frontend device the 'writeback' parameter is used and provided as 'write-cache'. Implement this so that we can later switch to using -blockdev where we will not pass the cachemode directly any more. Signed-off-by: NPeter Krempa <pkrempa@redhat.com>
-
由 Peter Krempa 提交于
QEMU translates the cache mode of a disk internally into 3 flags. 'write-cache' is a flag of the frontend while others are flag of the backing storage. Add capability which will allow expressing it via the frontend attribute. Signed-off-by: NPeter Krempa <pkrempa@redhat.com>
-
由 Peter Krempa 提交于
Add helper which will map values of disk cache mode to the flags which are accepted by various parts of the qemu block layer. Signed-off-by: NPeter Krempa <pkrempa@redhat.com>
-
- 18 4月, 2018 15 次提交
-
-
由 Peter Krempa 提交于
When qemu does not support changing of the backing store string, we'd reaport that block pull is not supported instead of block commit. Signed-off-by: NPeter Krempa <pkrempa@redhat.com>
-
由 Peter Krempa 提交于
Replace direct usage of disk->src->driverName with the existing accessors. The parser code where we assign the driver from XML is intentionally not fixed to save an allocation. Signed-off-by: NPeter Krempa <pkrempa@redhat.com>
-
由 Peter Krempa 提交于
There were two places where we'd check this independently. Move it to the disk definition validation callback. This also fixes possible use of NULL in a printf for network storage. Signed-off-by: NPeter Krempa <pkrempa@redhat.com>
-
由 Nikolay Shirokovskiy 提交于
On Core i5 650 x86_64 kvm guest fail to start with error [1] for next cpu config: <cpu mode='host-model' check='partial'> <model fallback='allow'/> <feature policy='require' name='x2apic'/> </cpu> The problem is in full CPU calculation in virQEMUCapsInitHostCPUModel. It is supposed to include features emulated by qemu and missed on host. Some of such features may be not included however. For Core i5 650 host CPU is detected as Westmere and reported CPU as SandyBridge. x2apic is missed on host and provided by installed qemu. The feature is not mentioned in reported CPU features explicitly because SandyBridge model include it. As a result full CPU does not include x2apic too. Solution is to expand guest cpu features before updating fullCPU features. [1] error: the CPU is incompatible with host CPU: \ Host CPU does not provide required features: x2apic Signed-off-by: NNikolay Shirokovskiy <nshirokovskiy@virtuozzo.com> Reviewed-by: NJiri Denemark <jdenemar@redhat.com>
-
由 Michal Privoznik 提交于
So far we are repeating the following lines over and over: if (!(virSomeObjectClass = virClassNew(virClassForObject(), "virSomeObject", sizeof(virSomeObject), virSomeObjectDispose))) return -1; While this works, it is impossible to do some checking. Firstly, the class name (the 2nd argument) doesn't match the name in the code in all cases (the 3rd argument). Secondly, the current style is needlessly verbose. This commit turns example into following: if (!(VIR_CLASS_NEW(virSomeObject, virClassForObject))) return -1; Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Michal Privoznik 提交于
Whenever we declare a new object the first member of the struct has to be virObject (or any other member of that family). Now, up until now we did not care about the name of the struct member. But lets unify it so that we can do some checks at compile time later. The unified name is 'parent'. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NErik Skultety <eskultet@redhat.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Sukrit Bhatnagar 提交于
Add comma escaping for loader->path and loader->nvram. Signed-off-by: NSukrit Bhatnagar <skrtbhtngr@gmail.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
-
由 Sukrit Bhatnagar 提交于
Add comma escaping for cfg->vncTLSx509certdir. Signed-off-by: NSukrit Bhatnagar <skrtbhtngr@gmail.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
-
由 Sukrit Bhatnagar 提交于
Add comma escaping for fs->src->path and fs->dst. Signed-off-by: NSukrit Bhatnagar <skrtbhtngr@gmail.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
-
由 Sukrit Bhatnagar 提交于
Add comma escaping for disk->vendor and disk->product when being built for the command line (and not from hotplug). Signed-off-by: NSukrit Bhatnagar <skrtbhtngr@gmail.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
-
由 Sukrit Bhatnagar 提交于
Add comma escaping for info->romfile. Signed-off-by: NSukrit Bhatnagar <skrtbhtngr@gmail.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
-
由 Viktor Mihajlovski 提交于
In order to not affect running VMs, refreshing the halted state is only performed if QEMU supports the query-cpus-fast QAPI. Signed-off-by: NViktor Mihajlovski <mihajlov@linux.vnet.ibm.com> Reviewed-by: NBoris Fiuczynski <fiuczy@linux.vnet.ibm.com> Reviewed-by: NMarc Hartmayer <mhartmay@linux.vnet.ibm.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
-
由 Viktor Mihajlovski 提交于
Extract architecture specific data from query-cpus[-fast] if available. A new function qemuMonitorJSONExtractCPUArchInfo() can then call architecture-specific extraction handlers. Initially, there's a handler for s390 cpu info to set the halted property depending on the s390 cpu state returned by QEMU. With this it's still possible to report the halted condition even when using query-cpus-fast. Signed-off-by: NViktor Mihajlovski <mihajlov@linux.vnet.ibm.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
-
由 Viktor Mihajlovski 提交于
Use query-cpus-fast instead of query-cpus if supported by QEMU. Based on the QEMU_CAPS_QUERY_CPUS_FAST capability. Signed-off-by: NViktor Mihajlovski <mihajlov@linux.vnet.ibm.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
-
由 Viktor Mihajlovski 提交于
Detect whether QEMU supports the QMP query-cpus-fast API and set QEMU_CAPS_QUERY_CPUS_FAST in this case. Signed-off-by: NViktor Mihajlovski <mihajlov@linux.vnet.ibm.com> Reviewed-by: NBoris Fiuczynski <fiuczy@linux.vnet.ibm.com> Reviewed-by: NMarc Hartmayer <mhartmay@linux.vnet.ibm.com> Acked-by: NPeter Krempa <pkrempa@redhat.com>
-
- 17 4月, 2018 7 次提交
-
-
由 Ján Tomko 提交于
If QEMU uses a seccomp blacklist (since 2.11), -sandbox on no longer tries to whitelist all the calls, but uses sets of blacklists: default (always blacklisted with -sandbox on) obsolete (defaults to deny) elevateprivileges (setuid & co, default: allow) spawn (fork & execve, default: allow) resourcecontrol (setaffinity, setscheduler, default: allow) If these are supported, default to sandbox with all four categories blacklisted. https://bugzilla.redhat.com/show_bug.cgi?id=1492597Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Ján Tomko 提交于
QEMU commit 1bd6152 changed the default behavior from whitelist to blacklist and introduced a few sets of system calls. Use the 'elevateprivileges' parameter of -sandbox as a witness of this change. https://bugzilla.redhat.com/show_bug.cgi?id=1492597Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Ján Tomko 提交于
Exit early if possible to simplify the logic. Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Ján Tomko 提交于
Move the building of -sandbox command line into a separate function. Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Ján Tomko 提交于
Implied by QEMU >= 1.3.0. Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NAndrea Bolognani <abologna@redhat.com>
-
由 Ján Tomko 提交于
Implied by QEMU >= 1.2.0. Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NAndrea Bolognani <abologna@redhat.com>
-
由 Ján Tomko 提交于
Implied by QEMU >= 1.2.0. Delete the negative test cases now that they always pass. Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NAndrea Bolognani <abologna@redhat.com>
-