- 19 7月, 2013 4 次提交
-
-
由 Eric Blake 提交于
Commit 75c12564 states that virGetGroupList must not be called between fork and exec, then commit ee777e99 promptly violated that for lxc's use of virSecurityManagerSetProcessLabel. Hoist the supplemental group detection to the time that the security manager needs to fork. Qemu is safe, as it uses virSecurityManagerSetChildProcessLabel which in turn uses virCommand to determine supplemental groups. This does not fix the fact that virSecurityManagerSetProcessLabel calls virSecurityDACParseIds calls parseIds which eventually calls getpwnam_r, which also violates fork/exec async-signal-safe safety rules, but so far no one has complained of hitting deadlock in that case. * src/security/security_dac.c (_virSecurityDACData): Track groups in private data. (virSecurityDACPreFork): New function, to set them. (virSecurityDACClose): Clean up new fields. (virSecurityDACGetIds): Alter signature. (virSecurityDACSetSecurityHostdevLabelHelper) (virSecurityDACSetChardevLabel, virSecurityDACSetProcessLabel) (virSecurityDACSetChildProcessLabel): Update callers. Signed-off-by: NEric Blake <eblake@redhat.com>
-
由 Eric Blake 提交于
A future patch wants the DAC security manager to be able to safely get the supplemental group list for a given uid, but at the time of a fork rather than during initialization so as to pick up on live changes to the system's group database. This patch adds the framework, including the possibility of a pre-fork callback failing. For now, any driver that implements a prefork callback must be robust against the possibility of being part of a security stack where a later element in the chain fails prefork. This means that drivers cannot do any action that requires a call to postfork for proper cleanup (no grabbing a mutex, for example). If this is too prohibitive in the future, we would have to switch to a transactioning sequence, where each driver has (up to) 3 callbacks: PreForkPrepare, PreForkCommit, and PreForkAbort, to either clean up or commit changes made during prepare. * src/security/security_driver.h (virSecurityDriverPreFork): New callback. * src/security/security_manager.h (virSecurityManagerPreFork): Change signature. * src/security/security_manager.c (virSecurityManagerPreFork): Optionally call into driver, and allow returning failure. * src/security/security_stack.c (virSecurityDriverStack): Wrap the handler for the stack driver. * src/qemu/qemu_process.c (qemuProcessStart): Adjust caller. Signed-off-by: NEric Blake <eblake@redhat.com>
-
由 Guido Günther 提交于
instead of the deprecated AC_TRY_LINK
-
由 Eric Blake 提交于
Long lines are harder to read and harder to diff; in fact, if lines get too long (> 1000 bytes), it starts causing issues where git send-email refuses to send patches for the file. I've cleaned up the tests directory in the past (see commits bd6c46fa, 3b750d13), but new long lines have been introduced in the meantime. Why 90 instead of 80? Because there were too many tests on the fringe edge, and I didn't want to edit that many files. Add a syntax check to prevent future long lines. * cfg.mk (sc_prohibit_long_lines): New rule. * tests/qemuxml2argvdata/qemuxml2argv-*.args: Split lines of any file with content longer than 90 columns. * tests/storagevolxml2argvdata/*.argv: Likewise. Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 18 7月, 2013 36 次提交
-
-
由 Guido Günther 提交于
Some versions of kFreeBSD (like 9.0) declare link_addr in a header but lack an implementation. This makes ./configure pass but breaks compilation later with a undefined reference to `link_addr' Althought that's a bug in the OS header we can detect it easily by also trying to link. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=715320
-
由 Jiri Denemark 提交于
-
由 Jiri Denemark 提交于
-
由 Jiri Denemark 提交于
-
由 Jiri Denemark 提交于
-
由 Jiri Denemark 提交于
-
由 Jiri Denemark 提交于
-
由 Jiri Denemark 提交于
-
由 Jiri Denemark 提交于
-
由 Peter Krempa 提交于
-
由 Osier Yang 提交于
When either "cpuset" of <vcpu> is specified, or the "placement" of <vcpu> is "auto", only setting the cpuset.mems might cause the guest starting to fail. E.g. ("placement" of both <vcpu> and <numatune> is "auto"): 1) Related XMLs <vcpu placement='auto'>4</vcpu> <numatune> <memory mode='strict' placement='auto'/> </numatune> 2) Host NUMA topology % numactl --hardware available: 8 nodes (0-7) node 0 cpus: 0 4 8 12 16 20 24 28 node 0 size: 16374 MB node 0 free: 11899 MB node 1 cpus: 32 36 40 44 48 52 56 60 node 1 size: 16384 MB node 1 free: 15318 MB node 2 cpus: 2 6 10 14 18 22 26 30 node 2 size: 16384 MB node 2 free: 15766 MB node 3 cpus: 34 38 42 46 50 54 58 62 node 3 size: 16384 MB node 3 free: 15347 MB node 4 cpus: 3 7 11 15 19 23 27 31 node 4 size: 16384 MB node 4 free: 15041 MB node 5 cpus: 35 39 43 47 51 55 59 63 node 5 size: 16384 MB node 5 free: 15202 MB node 6 cpus: 1 5 9 13 17 21 25 29 node 6 size: 16384 MB node 6 free: 15197 MB node 7 cpus: 33 37 41 45 49 53 57 61 node 7 size: 16368 MB node 7 free: 15669 MB 4) cpuset.cpus will be set as: (from debug log) 2013-05-09 16:50:17.296+0000: 417: debug : virCgroupSetValueStr:331 : Set value '/sys/fs/cgroup/cpuset/libvirt/qemu/toy/cpuset.cpus' to '0-63' 5) The advisory nodeset got from querying numad (from debug log) 2013-05-09 16:50:17.295+0000: 417: debug : qemuProcessStart:3614 : Nodeset returned from numad: 1 6) cpuset.mems will be set as: (from debug log) 2013-05-09 16:50:17.296+0000: 417: debug : virCgroupSetValueStr:331 : Set value '/sys/fs/cgroup/cpuset/libvirt/qemu/toy/cpuset.mems' to '0-7' I.E, the domain process's memory is restricted on the first NUMA node, however, it can use all of the CPUs, which will likely cause the domain process to fail to start because of the kernel fails to allocate memory with the the memory policy as "strict". % tail -n 20 /var/log/libvirt/qemu/toy.log ... 2013-05-09 05:53:32.972+0000: 7318: debug : virCommandHandshakeChild:377 : Handshake with parent is done char device redirected to /dev/pts/2 (label charserial0) kvm_init_vcpu failed: Cannot allocate memory ... Signed-off-by: NPeter Krempa <pkrempa@redhat.com>
-
由 Peter Krempa 提交于
These helpers use the remembered host capabilities to retrieve the cpu map rather than query the host again. The intended usage for this helpers is to fix automatic NUMA placement with strict memory alloc. The code doing the prepare needs to pin the emulator process only to cpus belonging to a subset of NUMA nodes of the host.
-
由 Martin Kletzander 提交于
When user does not specify any model for scsi controller, or worse, no controller at all, but libvirt automatically adds scsi controller with no model, we are not searching for virtio-scsi and thus this can fail for example on qemu which doesn't support lsi logic adapter. This means that when qemu on x86 doesn't support lsi53c895a and the user adds the following to an XML without any scsi controller: <disk ...> ... <target dev='sda'> </disk> libvirt fails like this: # virsh define asdf.xml error: Failed to define domain from asdf.xml error: internal error Unable to determine model for scsi controller Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=974943
-
由 Michal Privoznik 提交于
Similarly to qemu driver, we can use a helper function to lookup a domain instead of copying multiple lines around.
-
由 Michal Privoznik 提交于
With the majority of fields in the virLXCDriverPtr struct now immutable or self-locking, there is no need for practically any methods to be using the LXC driver lock. Only a handful of helper APIs now need it.
-
由 Michal Privoznik 提交于
The activeUsbHostdevs item in LXCDriver are lockable, but the lock has to be called explicitly. Call the virObject(Un)Lock() in order to achieve mutual exclusion once lxcDriverLock is removed.
-
由 Michal Privoznik 提交于
The 'driver->caps' pointer can be changed on the fly. Accessing it currently requires the global driver lock. Isolate this access in a single helper, so a future patch can relax the locking constraints.
-
由 Michal Privoznik 提交于
-
由 Michal Privoznik 提交于
Annotate the fields in virLXCDriverPtr to indicate the locking rules for their use.
-
由 Michal Privoznik 提交于
-
由 Michal Privoznik 提交于
Currently the virLXCDriverPtr struct contains an wide variety of data with varying access needs. Move all the static config data into a dedicated virLXCDriverConfigPtr object. The only locking requirement is to hold the driver lock, while obtaining an instance of virLXCDriverConfigPtr. Once a reference is held on the config object, it can be used completely lockless since it is immutable. NB, not all APIs correctly hold the driver lock while getting a reference to the config object in this patch. This is safe for now since the config is never updated on the fly. Later patches will address this fully.
-
由 Michal Privoznik 提交于
It is not used anywhere, so it makes no sense to have it there.
-
由 Michal Privoznik 提交于
-
由 Michal Privoznik 提交于
If testQemuHotplugAttach succeeds, the vm->def steals the dev pointer. However, not the envelope, which needs to be freed. In addition, driver.config is allocated, but never freed.
-
由 Michal Privoznik 提交于
Moreover, since virAsprintf now does report OOM error, there's no need to call virReportOOMError in error path.
-
由 Ján Tomko 提交于
When virAsprintf was changed from a function to a macro reporting OOM error in dc6f2dad, it was documented as returning 0 on success. This is incorrect, it returns the number of bytes written as asprintf does. Some of the functions were converted to use virAsprintf's return value directly, changing the return value on success from 0 to >= 0. For most of these, this is not a problem, but the change in virPCIDriverDir breaks PCI passthrough. The return value check in virhashtest pre-dates virAsprintf OOM conversion. vmwareMakePath seems to be unused.
-
由 Daniel P. Berrange 提交于
Merge the virCommandPreserveFD / virCommandTransferFD methods into a single virCommandPasFD method, and use a new VIR_COMMAND_PASS_FD_CLOSE_PARENT to indicate their difference in behaviour Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Add a "--pass-fds N,M,..." arg to the virsh start/create methods. This allows pre-opened file descriptors from the shell to be passed on into the guest Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Wire up the new virDomainCreate{XML}WithFiles methods in the LXC driver, so that FDs get passed down to the init process. The lxc_container code needs to do a little dance in order to renumber the file descriptors it receives into linear order, starting from STDERR_FILENO + 1. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
In the following commit: commit 03d813bb Author: Marek Marczykowski <marmarek@invisiblethingslab.com> Date: Thu May 23 02:01:30 2013 +0200 remote: fix dom->id after virDomainCreateWithFlags The virDomainCreateWithFlags remote client helper was made to invoke REMOTE_PROC_DOMAIN_LOOKUP_BY_UUID to refresh the 'id' of the domain, following the pattern used in the previous virDomainCreate method impl. The remote protocol for virDomainCreateWithFlags though did actually fix the design flaw in virDomainCreate, by directly returning the new domain info. For some reason, this data was never used. So we can just use that data now instead. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Since they make use of file descriptor passing, the remote protocol methods for virDomainCreate{XML}WithFiles must be written by hand. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
With container based virt, it is useful to be able to pass pre-opened file descriptors to the container init process. This allows for containers to be auto-activated from incoming socket connections, passing the active socket into the container. To do this, introduce a pair of new APIs, virDomainCreateXMLWithFiles and virDomainCreateWithFiles, which accept an array of file descriptors. For the LXC driver, UNIX file descriptor passing will be used to send them to libvirtd, which will them pass them down to libvirt_lxc, which will then pass them to the container init process. This will only be implemented for LXC right now, but the design is generic enough it could work with other hypervisors, hence I suggest adding this to libvirt.so, rather than libvirt-lxc.so Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Jiri Denemark 提交于
The .ctags file specifies default options for ctags so that it does not ignore libvirt.h.in and ignores uninteresting files. As a result, you can just run "ctags" and navigating to a public API won't get you to a useless entry in api.html.
-
由 Geoff Hickey 提交于
Add support for creating disk-only (no memory) snapshots in esx, and for quiescing the VM before taking the snapshot. The VMware API supports these operations directly, so adding support to libvirt is just a matter of setting the flags correctly when calling VMware. VIR_DOMAIN_SNAPSHOT_CREATE_DISK_ONLY and VIR_DOMAIN_SNAPSHOT_CREATE_QUIESCE are now valid flags for esx. Signed-off-by: NEric Blake <eblake@redhat.com>
-
由 Dario Faggioli 提交于
Although, having it depending on Xen >= 4.3 (by using the proper libxl feature flag). Xen currently implements a NUMA placement policy which is basically the same as the 'interleaved' policy of `numactl', although it can be applied on a subset of the available nodes. We therefore hardcode "interleave" as 'numa_mode', and we use the newly introduced libxl interface to figure out what nodes a domain spans ('numa_nodeset'). With this change, it is now possible to query the NUMA node affinity of a running domain: [raistlin@Zhaman ~]$ sudo virsh --connect xen:/// list Id Name State ---------------------------------------------------- 23 F18_x64 running [raistlin@Zhaman ~]$ sudo virsh --connect xen:/// numatune 23 numa_mode : interleave numa_nodeset : 1 Signed-off-by: NDario Faggioli <dario.faggioli@citrix.com>
-
由 Dario Faggioli 提交于
domainGetNumaParameters has a string typed parameter, hence it is necessary for the libxl driver to support this. This change implements the connectSupportsFeature hook for the libxl driver, advertising that VIR_DRV_FEATURE_TYPED_PARAM_STRING is supported. Signed-off-by: NDario Faggioli <dario.faggioli@citrix.com> Cc: Eric Blake <eblake@redhat.com>
-