1. 14 10月, 2010 11 次提交
    • S
      nwfilter: cut off connections after changing filters · 2b3df906
      Stefan Berger 提交于
      The following filter transition from a filter allowing incoming TCP connections
      
        <rule action='accept' direction='in' priority='401'>
          <tcp/>
        </rule>
        <rule action='accept' direction='out' priority='500'>
          <tcp/>
        </rule>
      
      to one that does not allow them
      
        <rule action='drop' direction='in' priority='401'>
          <tcp/>
        </rule>
        <rule action='accept' direction='out' priority='500'>
          <tcp/>
        </rule>
      
      did previously not cut off existing (ssh) connections but only prevented newly initiated ones. The attached patch allows to cut off existing connections as well, thus enforcing what the filter is showing.
      
      I had only tested with a configuration where the physical interface is connected to the bridge where the filters are applied. This patch now also solves a filtering problem where the physical interface is not connected to the bridge, but the bridge is given an IP address and the host routes between bridge and physical interface. Here the filters drop non-allowed traffic on the outgoing side on the host.
      2b3df906
    • E
      build: provide URL in 'configure --help' · 8f11a9be
      Eric Blake 提交于
      * configure.ac (AC_INIT): Provide email and URL.
      8f11a9be
    • E
      build: fix mingw build · 2399597a
      Eric Blake 提交于
      * .gnulib: Update to latest, for termios fix.
      * configure.ac (AC_CHECK_HEADERS): Drop redundent check.
      * bootstrap: Synchronize from upstream.
      Reported by Daniel P. Berrange.
      2399597a
    • J
      qemu: Prohibit migration of guests with host devices · f93924f4
      Jiri Denemark 提交于
      Explicitly raising a nice error in the case user tries to migrate a
      guest with assigned host devices is much better than waiting for a
      mysterious error with no clue for the reason.
      f93924f4
    • J
      tests: Honor LIBVIRT_{DEBUG,LOG_*} variables · a4d9d98f
      Jiri Denemark 提交于
      a4d9d98f
    • J
      tests: Do not override LIBVIRT_DEBUG variable · d3ad0ee0
      Jiri Denemark 提交于
      d3ad0ee0
    • J
      cpu: Use vendor in baseline CPU only if all hosts use it · b2de33e2
      Jiri Denemark 提交于
      When only some host CPUs given to cpuBaseline contain <vendor> element,
      baseline CPU should not contain it. Otherwise the result would not be
      compatible with the host CPUs without vendor. CPU vendors are still
      taken into account when computing baseline CPU, it's just removed from
      the result.
      b2de33e2
    • J
      cpu: Fix vendor for recent CPU models · ac7afbeb
      Jiri Denemark 提交于
      Recent CPU models were specified using invalid vendor element
      <vendor>NAME</vendor>, which was silently ignored due to a bug in the
      code which was parsing it.
      ac7afbeb
    • S
      test: silence nwfilter test · 677b7cf9
      Stefan Berger 提交于
       This patch silences the nwfilter test case.
      677b7cf9
    • E
      tests: fix spurious test failure · 94eb11f6
      Eric Blake 提交于
      Failure introduced in commit 3a092f38.
      
      * tests/xml2sexprdata/xml2sexpr-boot-grub.sexpr: Fix typo.
      94eb11f6
    • E
      memory: fix remote protocol compilation · 450cbebe
      Eric Blake 提交于
      'make -C src rpcgen' is supposed to be idempotent.  But commit
      f928f43b mistakently manually edited a generated file rather
      than fixing the upstream file.
      
      * src/remote/remote_protocol.x (remote_memory_param_value): Use
      correct spelling of enum values.
      * src/remote/remote_protocol.c: Regenerate.
      450cbebe
  2. 13 10月, 2010 29 次提交
    • D
      Enable support for nested SVM · f98a6cd6
      Daniel P. Berrange 提交于
      This enables support for nested SVM using the regular CPU
      model/features block. If the CPU model or features include
      'svm', then the '-enable-nesting' flag will be added to the
      QEMU command line. Latest out of tree patches for nested
      'vmx', no longer require the '-enable-nesting' flag. They
      instead just look at the cpu features. Several of the models
      already include svm support, but QEMU was just masking out
      the svm bit silently. So this will enable SVM on such
      models
      
      * src/qemu/qemu_conf.h: flag for -enable-nesting
      * src/qemu/qemu_conf.c: Use -enable-nesting if VMX or SVM are in
        the CPUID
      * src/cpu/cpu.h, src/cpu/cpu.c: API to check for a named feature
      * src/cpu/cpu_x86.c: x86 impl of feature check
      * src/libvirt_private.syms: Add cpuHasFeature
      * src/qemuhelptest.c: Add nesting flag where required
      f98a6cd6
    • D
      Improve error reporting in test suites · 80aa7660
      Daniel P. Berrange 提交于
      Before running each test case clear the thread local error
      indicator. After running each test case, dispatch any error
      that was reported
      
      * tests/testutils.c: Fix error reporting in test suites
      80aa7660
    • D
      Update todo list file to point at bugzilla/website · 02fe0e94
      Daniel P. Berrange 提交于
      The TODO list changes frequently so cannot be well maintained
      under GIT. Update the TODO file to point people at bugzilla
      and the libvirt website
      
      * TODO: Point at bugzilla/website
      02fe0e94
    • D
      Fix Xen SEXPR generation to properly quote strings containing () · 3a092f38
      Daniel P. Berrange 提交于
      * src/xen/sexpr.c: Ensure () are escaped in sexpr2string
      * tests/sexpr2xmldata/sexpr2xml-boot-grub.sexpr,
        tests/sexpr2xmldata/sexpr2xml-boot-grub.xml,
        tests/xml2sexprdata/xml2sexpr-boot-grub.sexpr,
        tests/xml2sexprdata/xml2sexpr-boot-grub.xml: Data files to
        check escaping
      * tests/sexpr2xmltest.c, tests/xml2sexprtest.c: Add boot-grub
        escaping test case
      3a092f38
    • S
      nwfilter: resolve deadlock between VM ops and filter update · 4435f3c4
      Stefan Berger 提交于
       This is from a bug report and conversation on IRC where Soren reported that while a filter update is occurring on one or more VMs (due to a rule having been edited for example), a deadlock can occur when a VM referencing a filter is started.
      
      The problem is caused by the two locking sequences of
      
      qemu driver, qemu domain, filter             # for the VM start operation
      filter, qemu_driver, qemu_domain            # for the filter update operation
      
      that obviously don't lock in the same order. The problem is the 2nd lock sequence. Here the qemu_driver lock is being grabbed in qemu_driver:qemudVMFilterRebuild()
      
      The following solution is based on the idea of trying to re-arrange the 2nd sequence of locks as follows:
      
      qemu_driver, filter, qemu_driver, qemu_domain
      
      and making the qemu driver recursively lockable so that a second lock can occur, this would then lead to the following net-locking sequence
      
      qemu_driver, filter, qemu_domain
      
      where the 2nd qemu_driver lock has been ( logically ) eliminated.
      
      The 2nd part of the idea is that the sequence of locks (filter, qemu_domain) and (qemu_domain, filter) becomes interchangeable if all code paths where filter AND qemu_domain are locked have a preceding qemu_domain lock that basically blocks their concurrent execution
      
      So, the following code paths exist towards qemu_driver:qemudVMFilterRebuild where we now want to put a qemu_driver lock in front of the filter lock.
      
      -> nwfilterUndefine()   [ locks the filter ]
          -> virNWFilterTestUnassignDef()
              -> virNWFilterTriggerVMFilterRebuild()
                  -> qemudVMFilterRebuild()
      
      -> nwfilterDefine()
          -> virNWFilterPoolAssignDef() [ locks the filter ]
              -> virNWFilterTriggerVMFilterRebuild()
                  -> qemudVMFilterRebuild()
      
      -> nwfilterDriverReload()
          -> virNWFilterPoolLoadAllConfigs()
              ->virNWFilterPoolObjLoad()
                  -> virNWFilterPoolAssignDef() [ locks the filter ]
                      -> virNWFilterTriggerVMFilterRebuild()
                          -> qemudVMFilterRebuild()
      
      -> nwfilterDriverStartup()
          -> virNWFilterPoolLoadAllConfigs()
              ->virNWFilterPoolObjLoad()
                  -> virNWFilterPoolAssignDef() [ locks the filter ]
                      -> virNWFilterTriggerVMFilterRebuild()
                          -> qemudVMFilterRebuild()
      
      Qemu is not the only driver using the nwfilter driver, but also the UML driver calls into it. Therefore qemuVMFilterRebuild() can be exchanged with umlVMFilterRebuild() along with the driver lock of qemu_driver that can now be a uml_driver. Further, since UML and Qemu domains can be running on the same machine, the triggering of a rebuild of the filter can touch both types of drivers and their domains.
      
      In the patch below I am now extending each nwfilter callback driver with functions for locking and unlocking the (VM) driver (UML, QEMU) and introduce new functions for locking all registered callback drivers and unlocking them. Then I am distributing the lock-all-cbdrivers/unlock-all-cbdrivers call into the above call paths. The last shown callpath starting with nwfilterDriverStart() is problematic since it is initialize before the Qemu and UML drives are and thus a lock in the path would result in a NULL pointer attempted to be locked -- the call to virNWFilterTriggerVMFilterRebuild() is never called, so we never lock either the qemu_driver or the uml_driver in that path. Therefore, only the first 3 paths now receive calls to lock and unlock all callback drivers. Now that the locks are distributed where it matters I can remove the qemu_driver and uml_driver lock from qemudVMFilterRebuild() and umlVMFilterRebuild() and not requiring the recursive locks.
      
      For now I want to put this out as an RFC patch. I have tested it by 'stretching' the critical section after the define/undefine functions each lock the filter so I can (easily) concurrently execute another VM operation (suspend,start). That code is in this patch and if you want you can de-activate it. It seems to work ok and operations are being blocked while the update is being done.
      I still also want to verify the other assumption above that locking filter and qemu_domain always has a preceding qemu_driver lock.
      4435f3c4
    • E
      virsh: update comment about parsing · 59ce32b0
      Eric Blake 提交于
      * tools/virsh.c: Update comments to match patch series.
      59ce32b0
    • E
      virsh: move code into topological order · ce828d10
      Eric Blake 提交于
      * tools/virsh.c (vshCommandParse): Float up, to avoid the need for
      a forward declaration.
      ce828d10
    • E
      virsh: simplify top-level option parsing · 5405cffc
      Eric Blake 提交于
      This makes 'virsh --conn test:///default help help' work right;
      previously, the abbreviation confused our hand-rolled option parsing.
      
      * tools/virsh.c (vshParseArgv): Use getopt_long feature, rather
      than (incorrectly) reparsing options ourselves.
      5405cffc
    • L
      virsh: add -- support · 227f5df8
      Lai Jiangshan 提交于
      "--" means no option at the following arguments.
      Signed-off-by: NLai Jiangshan <laijs@cn.fujitsu.com>
      227f5df8
    • L
      virsh: support single quote · 57868d12
      Lai Jiangshan 提交于
      Some users may type command like this at the virsh shell:
      virsh # somecmd 'some arg'
      
      because they often use single quote in linux shell.
      Signed-off-by: NLai Jiangshan <laijs@cn.fujitsu.com>
      57868d12
    • L
      virsh: add escaper \ for command string parsing · 52321014
      Lai Jiangshan 提交于
      add escaper \ for command string parsing, example:
      
      virsh # cd /path/which/have/a/double\"quote
      Signed-off-by: NLai Jiangshan <laijs@cn.fujitsu.com>
      52321014
    • E
      virsh: document options in man page · 2f72becc
      Eric Blake 提交于
      * tools/virsh.pod: Document top-level options.
      2f72becc
    • L
      virsh: rework command parsing · a2943243
      Lai Jiangshan 提交于
      Old virsh command parsing mashes all the args back into a string and
      miss the quotes, this patches fix it. It is also needed for introducing
      qemu-monitor-command which is very useful.
      
      This patches uses the new vshCommandParser abstraction and adds
      vshCommandArgvParse() for arguments vector, so we don't need
      to mash arguments vector into a command sting.
      
      And the usage was changed:
      old:
      virsh [options] [commands]
      
      new:
      virsh [options]... [<command_string>]
      virsh [options]... <command> [args...]
      
      So we still support commands like:
      "define D.xml; dumpxml D" was parsed as a commands-string.
      
      and support commands like:
      we will not mash them into a string, we use new argv parser for it.
      
      But we don't support the command like:
      "define D.xml; dumpxml" was parsed as a command-name, but we have no such command-name.
      Signed-off-by: NLai Jiangshan <laijs@cn.fujitsu.com>
      a2943243
    • L
      virsh: add vshCommandParser abstraction · a93f514f
      Lai Jiangshan 提交于
      add vshCommandParser and make vshCommandParse() accept different
      parsers.
      
      the current code for parse command string is integrated as
      vshCommandStringParse().
      Signed-off-by: NLai Jiangshan <laijs@cn.fujitsu.com>
      a93f514f
    • L
      virsh: better handling the boolean option · 4417f08d
      Lai Jiangshan 提交于
      in old code the following commands are equivalent:
           virsh # dumpxml --update-cpu=vm1
           virsh # dumpxml --update-cpu vm1
      because the old code split the option argument into 2 parts:
      --update-cpu=vm1 is split into update-cpu and vm1,
      and update-cpu is a boolean option, so the parser takes vm1 as another
      argument, very strange.
      
      after this patch applied, the first one will become illegal.
      
      To achieve this, we don't parse/check options when parsing command sting,
      but check options when parsing a command argument. And the argument is
      not split when parsing command sting.
      Signed-off-by: NLai Jiangshan <laijs@cn.fujitsu.com>
      4417f08d
    • L
      virsh: allow zero length arguments · cdfe543f
      Lai Jiangshan 提交于
      the following command is allowed at shell, we also make it allowed at virsh shell.
      Signed-off-by: NLai Jiangshan <laijs@cn.fujitsu.com>
      cdfe543f
    • E
      virsh: poison raw allocation routines · d9adac3e
      Eric Blake 提交于
      * tools/virsh.c (malloc, calloc, realloc, strdup): Enforce that
      within this file, we use the safe vsh wrappers instead.
      (cmdNodeListDevices, cmdSnapshotCreate, main): Fix violations of
      this policy.
      d9adac3e
    • L
      virsh: better support double quote · ad2f1b60
      Lai Jiangshan 提交于
      In origin code, double quote is only allowed at the begin or end
      "complicated argument"
      --some_opt="complicated string"  (we split this argument into 2 parts,
      option and data, the data is "complicated string").
      
      This patch makes it allow double quote at any position of
      an argument:
      complicated" argument"
      complicated" "argument
      --"some opt=complicated string"
      
      This patch is also needed for the following patches,
      the following patches will not split option argument into 2 parts,
      so we have to allow double quote at any position of an argument.
      Signed-off-by: NLai Jiangshan <laijs@cn.fujitsu.com>
      ad2f1b60
    • G
      Don't fail on missing D-Bus · 94f232bb
      Guido Günther 提交于
      We don't fail when we can't contact HAL so we shouldn't fail if we can't
      contact D-Bus either.
      94f232bb
    • D
      Fixes for documentation extraction · 0df67151
      Daniel Veillard 提交于
      * include/libvirt/libvirt.h.in: some of the function type description
        were broken so they could not be automatically documented
      * src/util/event.c docs/apibuild.py: event.c exports one public API
        so it needs to be scanned too, avoid a few warnings
      0df67151
    • D
      Implement support for virtio plan9fs filesystem passthrough in QEMU · a5c646a7
      Daniel P. Berrange 提交于
      Make use of the existing <filesystem> element to support plan9fs
      filesystem passthrough in the QEMU driver
      
          <filesystem type='mount'>
            <source dir='/export/to/guest'/>
            <target dir='/import/from/host'/>
          </filesystem>
      
      NB, the target is not actually a directory, it is merely a arbitrary
      string tag that is exported to the guest as a hint for where to mount
      it.
      a5c646a7
    • D
      Add todo.pl and config example to EXTRA_DIST · 458c99b1
      Daniel P. Berrange 提交于
      * docs/Makefile.am: Add todo.pl and todo.cfg-example to EXTRA_DIST
      458c99b1
    • M
      Fix several minor problems introduced by the memtune series · 43c2c61f
      Matthias Bolte 提交于
      Add proper documentation to the new VIR_DOMAIN_MEMORY_* macros in
      libvirt.h.in to placate apibuild.py.
      
      Mark args as unused in for libvirt_virDomain{Get,Set}MemoryParameters
      in the Python bindings and add both to the libvirtMethods array.
      
      Update remote_protocol-structs to placate make syntax-check.
      
      Undo unintended modifications in vboxDomainGetInfo.
      
      Update the function table of the VirtualBox and XenAPI drivers.
      43c2c61f
    • N
    • N
      Adding memtune command to virsh tool · e3e2ca77
      Nikunj A. Dadhania 提交于
      The command helps to control the memory/swap parameters for the system, for
      eg. hard_limit (max memory the vm can use), soft_limit (limit during memory
      contention), swap_hard_limit(max swap the vm can use)
      e3e2ca77
    • D
      Avoid checking against strncpy in virsh.c · d1d77ae1
      Daniel Veillard 提交于
      since the replacement function virStrcpy is not available
      d1d77ae1
    • N
      Implement domainGetMemoryParamters for LXC · fe3ee289
      Nikunj A. Dadhania 提交于
      Driver interface for getting memory parameters, eg. hard_limit,
      soft_limit and swap_hard_limit.
      fe3ee289
    • N
      Implement domainSetMemoryParamters for LXC · 0cdd1ed9
      Nikunj A. Dadhania 提交于
      Add support in the lxc driver for various memory controllable parameters
      0cdd1ed9
    • N
      Adding memtunables to libvirt-lxc command · 809e1430
      Nikunj A. Dadhania 提交于
      libvirt-lxc now configures the hardlimit, softlimit and swaplimit, if
      specified in the domain xml file or picks up the defaults.
      809e1430