1. 19 7月, 2013 4 次提交
    • E
      security_dac: compute supplemental groups before fork · 29fe5d74
      Eric Blake 提交于
      Commit 75c12564 states that virGetGroupList must not be called
      between fork and exec, then commit ee777e99 promptly violated
      that for lxc's use of virSecurityManagerSetProcessLabel.  Hoist
      the supplemental group detection to the time that the security
      manager needs to fork.  Qemu is safe, as it uses
      virSecurityManagerSetChildProcessLabel which in turn uses
      virCommand to determine supplemental groups.
      
      This does not fix the fact that virSecurityManagerSetProcessLabel
      calls virSecurityDACParseIds calls parseIds which eventually
      calls getpwnam_r, which also violates fork/exec async-signal-safe
      safety rules, but so far no one has complained of hitting
      deadlock in that case.
      
      * src/security/security_dac.c (_virSecurityDACData): Track groups
      in private data.
      (virSecurityDACPreFork): New function, to set them.
      (virSecurityDACClose): Clean up new fields.
      (virSecurityDACGetIds): Alter signature.
      (virSecurityDACSetSecurityHostdevLabelHelper)
      (virSecurityDACSetChardevLabel, virSecurityDACSetProcessLabel)
      (virSecurityDACSetChildProcessLabel): Update callers.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      29fe5d74
    • E
      security: framework for driver PreFork handler · fdb3bde3
      Eric Blake 提交于
      A future patch wants the DAC security manager to be able to safely
      get the supplemental group list for a given uid, but at the time
      of a fork rather than during initialization so as to pick up on
      live changes to the system's group database.  This patch adds the
      framework, including the possibility of a pre-fork callback
      failing.
      
      For now, any driver that implements a prefork callback must be
      robust against the possibility of being part of a security stack
      where a later element in the chain fails prefork.  This means
      that drivers cannot do any action that requires a call to postfork
      for proper cleanup (no grabbing a mutex, for example).  If this
      is too prohibitive in the future, we would have to switch to a
      transactioning sequence, where each driver has (up to) 3 callbacks:
      PreForkPrepare, PreForkCommit, and PreForkAbort, to either clean
      up or commit changes made during prepare.
      
      * src/security/security_driver.h (virSecurityDriverPreFork): New
      callback.
      * src/security/security_manager.h (virSecurityManagerPreFork):
      Change signature.
      * src/security/security_manager.c (virSecurityManagerPreFork):
      Optionally call into driver, and allow returning failure.
      * src/security/security_stack.c (virSecurityDriverStack):
      Wrap the handler for the stack driver.
      * src/qemu/qemu_process.c (qemuProcessStart): Adjust caller.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      fdb3bde3
    • G
      Use AC_LINK_IFELSE · c5d79fb0
      Guido Günther 提交于
      instead of the deprecated AC_TRY_LINK
      c5d79fb0
    • E
      tests: split long lines · 684c90bf
      Eric Blake 提交于
      Long lines are harder to read and harder to diff; in fact, if lines get
      too long (> 1000 bytes), it starts causing issues where git send-email
      refuses to send patches for the file.  I've cleaned up the tests
      directory in the past (see commits bd6c46fa, 3b750d13), but new long
      lines have been introduced in the meantime.
      
      Why 90 instead of 80? Because there were too many tests on the fringe
      edge, and I didn't want to edit that many files.
      
      Add a syntax check to prevent future long lines.
      
      * cfg.mk (sc_prohibit_long_lines): New rule.
      * tests/qemuxml2argvdata/qemuxml2argv-*.args: Split lines of any
      file with content longer than 90 columns.
      * tests/storagevolxml2argvdata/*.argv: Likewise.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      684c90bf
  2. 18 7月, 2013 36 次提交
    • G
      Check for link_addr more thoroughly · 77bac48b
      Guido Günther 提交于
      Some versions of kFreeBSD (like 9.0) declare link_addr in a header
      but lack an implementation. This makes ./configure pass but breaks
      compilation later with a
      
           undefined reference to `link_addr'
      
      Althought that's a bug in the OS header we can detect it easily by also
      trying to link.
      
      http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=715320
      77bac48b
    • J
      984c01ba
    • J
      3fbf78bd
    • J
      qemu: Add support for DEVICE_DELETED event · ab47cc9b
      Jiri Denemark 提交于
      ab47cc9b
    • J
      ae951e72
    • J
      Clarify virDomainDetachDeviceFlags documentation · 1f71de59
      Jiri Denemark 提交于
      1f71de59
    • J
      ee023f6c
    • J
      Add VIR_DOMAIN_EVENT_ID_DEVICE_REMOVED event · 4421e257
      Jiri Denemark 提交于
      4421e257
    • J
      d077cda4
    • P
      qemu: Cleanup coding style nits in qemu_cgroup.c · bac21820
      Peter Krempa 提交于
      bac21820
    • O
      qemu: Set cpuset.cpus for domain process · a39f69d2
      Osier Yang 提交于
      When either "cpuset" of <vcpu> is specified, or the "placement" of
      <vcpu> is "auto", only setting the cpuset.mems might cause the guest
      starting to fail. E.g. ("placement" of both <vcpu> and <numatune> is
      "auto"):
      
      1) Related XMLs
        <vcpu placement='auto'>4</vcpu>
        <numatune>
          <memory mode='strict' placement='auto'/>
        </numatune>
      
      2) Host NUMA topology
        % numactl --hardware
        available: 8 nodes (0-7)
        node 0 cpus: 0 4 8 12 16 20 24 28
        node 0 size: 16374 MB
        node 0 free: 11899 MB
        node 1 cpus: 32 36 40 44 48 52 56 60
        node 1 size: 16384 MB
        node 1 free: 15318 MB
        node 2 cpus: 2 6 10 14 18 22 26 30
        node 2 size: 16384 MB
        node 2 free: 15766 MB
        node 3 cpus: 34 38 42 46 50 54 58 62
        node 3 size: 16384 MB
        node 3 free: 15347 MB
        node 4 cpus: 3 7 11 15 19 23 27 31
        node 4 size: 16384 MB
        node 4 free: 15041 MB
        node 5 cpus: 35 39 43 47 51 55 59 63
        node 5 size: 16384 MB
        node 5 free: 15202 MB
        node 6 cpus: 1 5 9 13 17 21 25 29
        node 6 size: 16384 MB
        node 6 free: 15197 MB
        node 7 cpus: 33 37 41 45 49 53 57 61
        node 7 size: 16368 MB
        node 7 free: 15669 MB
      
      4) cpuset.cpus will be set as: (from debug log)
      
      2013-05-09 16:50:17.296+0000: 417: debug : virCgroupSetValueStr:331 :
      Set value '/sys/fs/cgroup/cpuset/libvirt/qemu/toy/cpuset.cpus'
      to '0-63'
      
      5) The advisory nodeset got from querying numad (from debug log)
      
      2013-05-09 16:50:17.295+0000: 417: debug : qemuProcessStart:3614 :
      Nodeset returned from numad: 1
      
      6) cpuset.mems will be set as: (from debug log)
      
      2013-05-09 16:50:17.296+0000: 417: debug : virCgroupSetValueStr:331 :
      Set value '/sys/fs/cgroup/cpuset/libvirt/qemu/toy/cpuset.mems'
      to '0-7'
      
      I.E, the domain process's memory is restricted on the first NUMA node,
      however, it can use all of the CPUs, which will likely cause the domain
      process to fail to start because of the kernel fails to allocate
      memory with the the memory policy as "strict".
      
      % tail -n 20 /var/log/libvirt/qemu/toy.log
      ...
      2013-05-09 05:53:32.972+0000: 7318: debug : virCommandHandshakeChild:377 :
      Handshake with parent is done
      char device redirected to /dev/pts/2 (label charserial0)
      kvm_init_vcpu failed: Cannot allocate memory
      ...
      Signed-off-by: NPeter Krempa <pkrempa@redhat.com>
      a39f69d2
    • P
      caps: Add helpers to convert NUMA nodes to corresponding CPUs · b8b38321
      Peter Krempa 提交于
      These helpers use the remembered host capabilities to retrieve the cpu
      map rather than query the host again. The intended usage for this
      helpers is to fix automatic NUMA placement with strict memory alloc. The
      code doing the prepare needs to pin the emulator process only to cpus
      belonging to a subset of NUMA nodes of the host.
      b8b38321
    • M
      Add virtio-scsi to fallback models of scsi controller · b7f1c0c3
      Martin Kletzander 提交于
      When user does not specify any model for scsi controller, or worse, no
      controller at all, but libvirt automatically adds scsi controller with
      no model, we are not searching for virtio-scsi and thus this can fail
      for example on qemu which doesn't support lsi logic adapter.
      
      This means that when qemu on x86 doesn't support lsi53c895a and the
      user adds the following to an XML without any scsi controller:
      
      <disk ...>
        ...
        <target dev='sda'>
      </disk>
      
      libvirt fails like this:
       # virsh define asdf.xml
       error: Failed to define domain from asdf.xml
       error: internal error Unable to determine model for scsi controller
      
      Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=974943
      b7f1c0c3
    • M
      Introduce lxcDomObjFromDomain · dbeb04a6
      Michal Privoznik 提交于
      Similarly to qemu driver, we can use a helper function to
      lookup a domain instead of copying multiple lines around.
      dbeb04a6
    • M
      Remove lxcDriverLock from almost everywhere · eb150c86
      Michal Privoznik 提交于
      With the majority of fields in the virLXCDriverPtr struct
      now immutable or self-locking, there is no need for practically
      any methods to be using the LXC driver lock. Only a handful
      of helper APIs now need it.
      eb150c86
    • M
      lxc: Make activeUsbHostdevs use locks · 2a82171a
      Michal Privoznik 提交于
      The activeUsbHostdevs item in LXCDriver are lockable, but the lock has
      to be called explicitly. Call the virObject(Un)Lock() in order to
      achieve mutual exclusion once lxcDriverLock is removed.
      2a82171a
    • M
      Stop accessing driver->caps directly in LXC driver · 64ec738e
      Michal Privoznik 提交于
      The 'driver->caps' pointer can be changed on the fly. Accessing
      it currently requires the global driver lock. Isolate this
      access in a single helper, so a future patch can relax the
      locking constraints.
      64ec738e
    • M
      lxc: switch to virCloseCallbacks API · c8695053
      Michal Privoznik 提交于
      c8695053
    • M
      Introduce annotations for virLXCDriverPtr fields · 4deeb74d
      Michal Privoznik 提交于
      Annotate the fields in virLXCDriverPtr to indicate the locking
      rules for their use.
      4deeb74d
    • M
      lxc: Use atomic ops for driver->nactive · 29bed27e
      Michal Privoznik 提交于
      29bed27e
    • M
      Introduce a virLXCDriverConfigPtr object · 7fca3755
      Michal Privoznik 提交于
      Currently the virLXCDriverPtr struct contains an wide variety
      of data with varying access needs. Move all the static config
      data into a dedicated virLXCDriverConfigPtr object. The only
      locking requirement is to hold the driver lock, while obtaining
      an instance of virLXCDriverConfigPtr. Once a reference is held
      on the config object, it can be used completely lockless since
      it is immutable.
      
      NB, not all APIs correctly hold the driver lock while getting
      a reference to the config object in this patch. This is safe
      for now since the config is never updated on the fly. Later
      patches will address this fully.
      7fca3755
    • M
      virLXCDriver: Drop unused @cgroup · 7e94a1a4
      Michal Privoznik 提交于
      It is not used anywhere, so it makes no sense to have it there.
      7e94a1a4
    • M
    • M
      qemuhotplugtest: Resolve some memleaks · 166db595
      Michal Privoznik 提交于
      If testQemuHotplugAttach succeeds, the vm->def steals the dev pointer.
      However, not the envelope, which needs to be freed. In addition,
      driver.config is allocated, but never freed.
      166db595
    • M
      qemuDomainDetachChrDevice: Don't leak @charAlias · b7658f62
      Michal Privoznik 提交于
      Moreover, since virAsprintf now does report OOM error, there's no need
      to call virReportOOMError in error path.
      b7658f62
    • J
      virAsprintf: correctly check return value · 23e938ee
      Ján Tomko 提交于
      When virAsprintf was changed from a function to a macro
      reporting OOM error in dc6f2dad, it was documented as returning
      0 on success. This is incorrect, it returns the number of bytes
      written as asprintf does.
      
      Some of the functions were converted to use virAsprintf's return
      value directly, changing the return value on success from 0 to >= 0.
      
      For most of these, this is not a problem, but the change in
      virPCIDriverDir breaks PCI passthrough.
      
      The return value check in virhashtest pre-dates virAsprintf OOM
      conversion.
      
      vmwareMakePath seems to be unused.
      23e938ee
    • D
      Merge virCommandPreserveFD / virCommandTransferFD · 040d9963
      Daniel P. Berrange 提交于
      Merge the virCommandPreserveFD / virCommandTransferFD methods
      into a single virCommandPasFD method, and use a new
      VIR_COMMAND_PASS_FD_CLOSE_PARENT to indicate their difference
      in behaviour
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      040d9963
    • D
      Enable FD passing when starting guests with virsh · afb50d79
      Daniel P. Berrange 提交于
      Add a "--pass-fds N,M,..." arg to the virsh start/create
      methods. This allows pre-opened file descriptors from the
      shell to be passed on into the guest
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      afb50d79
    • D
      LXC: Wire up the virDomainCreate{XML}WithFiles methods · 11693bc6
      Daniel P. Berrange 提交于
      Wire up the new virDomainCreate{XML}WithFiles methods in the
      LXC driver, so that FDs get passed down to the init process.
      
      The lxc_container code needs to do a little dance in order
      to renumber the file descriptors it receives into linear
      order, starting from STDERR_FILENO + 1.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      11693bc6
    • D
      Fix impl of virDomainCreateWithFlags remote client helper · ddaf15d7
      Daniel P. Berrange 提交于
      In the following commit:
      
        commit 03d813bb
        Author: Marek Marczykowski <marmarek@invisiblethingslab.com>
        Date:   Thu May 23 02:01:30 2013 +0200
      
          remote: fix dom->id after virDomainCreateWithFlags
      
      The virDomainCreateWithFlags remote client helper was made to
      invoke REMOTE_PROC_DOMAIN_LOOKUP_BY_UUID to refresh the 'id'
      of the domain, following the pattern used in the previous
      virDomainCreate method impl.
      
      The remote protocol for virDomainCreateWithFlags though did
      actually fix the design flaw in virDomainCreate, by directly
      returning the new domain info. For some reason, this data was
      never used. So we can just use that data now instead.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      ddaf15d7
    • D
      Introduce remote protocol support for virDomainCreate{XML}WithFiles · bfd663ef
      Daniel P. Berrange 提交于
      Since they make use of file descriptor passing, the remote protocol
      methods for virDomainCreate{XML}WithFiles must be written by hand.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      bfd663ef
    • D
      Introduce new domain create APIs to pass pre-opened FDs to LXC · d76227be
      Daniel P. Berrange 提交于
      With container based virt, it is useful to be able to pass
      pre-opened file descriptors to the container init process.
      This allows for containers to be auto-activated from incoming
      socket connections, passing the active socket into the container.
      
      To do this, introduce a pair of new APIs, virDomainCreateXMLWithFiles
      and virDomainCreateWithFiles, which accept an array of file
      descriptors. For the LXC driver, UNIX file descriptor passing
      will be used to send them to libvirtd, which will them pass
      them down to libvirt_lxc, which will then pass them to the container
      init process.
      
      This will only be implemented for LXC right now, but the design
      is generic enough it could work with other hypervisors, hence
      I suggest adding this to libvirt.so, rather than libvirt-lxc.so
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      d76227be
    • J
      maint: Make ctags work out of the box · d9301a9a
      Jiri Denemark 提交于
      The .ctags file specifies default options for ctags so that it does not
      ignore libvirt.h.in and ignores uninteresting files. As a result, you
      can just run "ctags" and navigating to a public API won't get you to a
      useless entry in api.html.
      d9301a9a
    • G
      esx: Support for disk-only and quiescing snapshots. · 6c8adeb4
      Geoff Hickey 提交于
      Add support for creating disk-only (no memory) snapshots in esx, and
      for quiescing the VM before taking the snapshot. The VMware API
      supports these operations directly, so adding support to libvirt is
      just a matter of setting the flags correctly when calling
      VMware. VIR_DOMAIN_SNAPSHOT_CREATE_DISK_ONLY and
      VIR_DOMAIN_SNAPSHOT_CREATE_QUIESCE are now valid flags for esx.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      6c8adeb4
    • D
      libxl: implement virDomainGetNumaParameters · 261c4f5f
      Dario Faggioli 提交于
      Although, having it depending on Xen >= 4.3 (by using the proper
      libxl feature flag).
      
      Xen currently implements a NUMA placement policy which is basically
      the same as the 'interleaved' policy of `numactl', although it can
      be applied on a subset of the available nodes. We therefore hardcode
      "interleave" as 'numa_mode', and we use the newly introduced libxl
      interface to figure out what nodes a domain spans ('numa_nodeset').
      
      With this change, it is now possible to query the NUMA node
      affinity of a running domain:
      
      [raistlin@Zhaman ~]$ sudo virsh --connect xen:/// list
       Id    Name                           State
      ----------------------------------------------------
       23    F18_x64                        running
      
      [raistlin@Zhaman ~]$ sudo virsh --connect xen:/// numatune 23
      numa_mode      : interleave
      numa_nodeset   : 1
      Signed-off-by: NDario Faggioli <dario.faggioli@citrix.com>
      261c4f5f
    • D
      libxl: advertise the support for VIR_TYPED_PARAM_STRING · 98984b71
      Dario Faggioli 提交于
      domainGetNumaParameters has a string typed parameter, hence it
      is necessary for the libxl driver to support this.
      
      This change implements the connectSupportsFeature hook for the
      libxl driver, advertising that VIR_DRV_FEATURE_TYPED_PARAM_STRING
      is supported.
      Signed-off-by: NDario Faggioli <dario.faggioli@citrix.com>
      Cc: Eric Blake <eblake@redhat.com>
      98984b71