1. 22 10月, 2012 6 次提交
    • D
      qemu: Don't blindly assume VNC is supported · 2da776b1
      Doug Goldstein 提交于
      Currently it's assumed that qemu always supports VNC, however it is
      definitely possible to compile qemu without VNC support so we should at
      the very least check for it and handle that correctly.
      2da776b1
    • E
      storage: let format probing work on root-squash NFS · d9d77bfa
      Eric Blake 提交于
      Yet another instance of where using plain open() mishandles files
      that live on root-squash NFS, and where improving the API can
      improve the chance of a successful probe.
      
      * src/util/storage_file.h (virStorageFileProbeFormat): Alter
      signature.
      * src/util/storage_file.c (virStorageFileProbeFormat): Use better
      method for opening file.
      * src/qemu/qemu_driver.c (qemuDomainGetBlockInfo): Update caller.
      * src/storage/storage_backend_fs.c (virStorageBackendProbeTarget):
      Likewise.
      d9d77bfa
    • J
      migrate: v2: use VIR_DOMAIN_XML_MIGRATABLE when available · b6ab7a06
      Ján Tomko 提交于
      In v2 migration protocol, XML is obtained by calling domainGetXMLDesc.
      This includes the default USB controller in XML, which breaks migration
      to older libvirt (before 0.9.2).
      
      Commit 409b5f54
          qemu: Emit compatible XML when migrating a domain
      only fixed this for v3 migration.
      
      This patch uses the new VIR_DOMAIN_XML_MIGRATABLE flag (detected by
      VIR_DRV_FEATURE_XML_MIGRATABLE) to obtain XML without the default controller,
      enabling backward v2 migration.
      b6ab7a06
    • M
      qemu: set seamless migration capability · 508451e4
      Michal Privoznik 提交于
      As we switched to setting capabilities based on QMP communication,
      qemu seamless-migration capability was not set. In the -help output
      this knob is called seamless-migration=[on|off]. The equivalent in
      QMP world is SPICE_MIGRATE_COMPLETED event (qemu upstream commit
      2fdd16e2).
      508451e4
    • O
      b0f1ba47
    • O
      qemu: Cleanup the unused 'nodeinfo' · 5828080f
      Osier Yang 提交于
      "nodeinfo" is not used in these two functions, and it's waste
      of goto in qemuProcessSetEmulatorAffinites
      5828080f
  2. 20 10月, 2012 15 次提交
    • E
      blockjob: avoid segv on early error · a172dfbe
      Eric Blake 提交于
      Gcc with optimization warns:
      ../../src/qemu/qemu_driver.c: In function 'qemuDomainBlockCommit':
      ../../src/qemu/qemu_driver.c:12813:46: error: 'disk' may be used uninitialized in this function [-Werror=maybe-uninitialized]
      ../../src/qemu/qemu_driver.c:12698:25: note: 'disk' was declared here
      cc1: all warnings being treated as errors
      
      so obviously I had only been testing with optimization off.
      
      * src/qemu/qemu_driver.c (qemuDomainBlockCommit): Guard cleanup.
      a172dfbe
    • E
      blockjob: properly label disks for qemu block-commit · 2e43cb8e
      Eric Blake 提交于
      I finally have all the pieces in place to perform a block-commit with
      SELinux enforcing.  There's still missing cleanup work when the commit
      completes, but doing that requires tracking both the backing chain and
      the base and top files within that chain in domain XML across libvirtd
      restarts.  Furthermore, from a security standpoint, once you have
      granted access, you must assume any damage that can be done will be
      done; later revoking access is nice to minimize the window of damage,
      but less important as it does not affect the fact that damage can be
      done in the first place.  Therefore, deferring the revoke efforts until
      we have better XML tracking of what chain operations are in effect,
      including across a libvirtd restart, is reasonable.
      
      * src/qemu/qemu_driver.c (qemuDomainBlockCommit): Label disks as
      needed.
      (qemuDomainPrepareDiskChainElement): Cast away const.
      2e43cb8e
    • E
      blockjob: refactor qemu disk chain permission grants · 35a2f5bc
      Eric Blake 提交于
      Previously, snapshot code did its own permission granting (lock
      manager, cgroup device controller, and security manager labeling)
      inline.  But now that we are adding block-commit and block-copy
      which also have to change permissions, it's better to reuse
      common code for the task.  While snapshot should fall back to
      no access if read-write access failed, block-commit will want to
      fall back to read-only access.  The common code doesn't know
      whether failure to grant read-write access should revert to no
      access (snapshot, block-copy) or read-only access (block-commit).
      This code can also be used to revoke access to unused files after
      block-pull.
      
      It might be nice to clean things up in a future patch by adding
      new functions to the lock manager, cgroup manager, and security
      manager that takes a single file name and applies context of a
      disk to that file, rather than the current semantics of applying
      context to the entire chain already associated to a disk.  That
      way, we could avoid the games this patch plays of temporarily
      swapping out the disk->src and related fields of the disk.  But
      that would involve more code changes, so this patch really is
      the smallest hack for doing the necessary work; besides, this
      patch is more or less code motion (the hack was already employed
      by the snapshot creation code, we are just making it reusable).
      
      * src/qemu/qemu_driver.c (qemuDomainSnapshotCreateSingleDiskActive)
      (qemuDomainSnapshotUndoSingleDiskActive): Refactor labeling hacks...
      (qemuDomainPrepareDiskChainElement): ...into new function.
      35a2f5bc
    • E
      blockjob: implement shallow commit flag in qemu · 0a220e22
      Eric Blake 提交于
      Now that we can crawl the chain of backing files, we can do
      argument validation and implement the 'shallow' flag.  In
      testing this, I discovered that it can be handy to pass the
      shallow flag and an explicit base, as a means of validating
      that the base is indeed the file we expected.
      
      * src/qemu/qemu_driver.c (qemuDomainBlockCommit): Crawl through
      chain to implement shallow flag.
      * src/libvirt.c (virDomainBlockCommit): Relax API.
      0a220e22
    • E
      blockjob: wire up online qemu block-commit · 2cbc1fd8
      Eric Blake 提交于
      This is the bare minimum to kick off a block commit.  In particular,
      flags support is missing (shallow requires us to crawl the backing
      chain to determine the file name to pass to the qemu monitor command;
      delete requires us to track what needs to be deleted at the time
      the completion event fires).  Also, we are relying on qemu to do
      error checking (such as validating 'top' and 'base' as being members
      of the backing chain), including the fact that the current qemu code
      does not support committing the active layer (although it is still
      planned to add that before qemu 1.3).  Since the active layer won't
      change, we have it easy and do not have to alter the domain XML.
      Additionally, this will fail if SELinux is enforcing, because we fail
      to grant qemu proper read/write access to the files it will modify.
      
      * src/qemu/qemu_driver.c (qemuDomainBlockCommit): New function.
      (qemuDriver): Register it.
      2cbc1fd8
    • E
      blockjob: manage qemu block-commit monitor command · 3f38c7e3
      Eric Blake 提交于
      qemu 1.3 will be adding a 'block-commit' monitor command, per
      qemu.git commit ed61fc1.  It matches nicely to the libvirt API
      virDomainBlockCommit.
      
      * src/qemu/qemu_capabilities.h (QEMU_CAPS_BLOCK_COMMIT): New bit.
      * src/qemu/qemu_capabilities.c (qemuCapsProbeQMPCommands): Set it.
      * src/qemu/qemu_monitor.h (qemuMonitorBlockCommit): New prototype.
      * src/qemu/qemu_monitor_json.h (qemuMonitorJSONBlockCommit):
      Likewise.
      * src/qemu/qemu_monitor.c (qemuMonitorBlockCommit): Implement it.
      * src/qemu/qemu_monitor_json.c (qemuMonitorJSONBlockCommit):
      Likewise.
      (qemuMonitorJSONHandleBlockJobImpl)
      (qemuMonitorJSONGetBlockJobInfoOne): Handle new event type.
      3f38c7e3
    • E
      blockjob: remove unused parameters after previous patch · 67aea3fb
      Eric Blake 提交于
      Minor cleanup made possible by previous simplifications.
      
      * src/qemu/qemu_cgroup.h (qemuSetupDiskCgroup)
      (qemuTeardownDiskCgroup): Alter signature.
      * src/qemu/qemu_cgroup.c (qemuSetupDiskCgroup)
      (qemuTeardownDiskCgroup, qemuSetupCgroup): Update all uses.
      * src/qemu/qemu_hotplug.c (qemuDomainDetachPciDiskDevice)
      (qemuDomainDetachDiskDevice): Likewise.
      * src/qemu/qemu_driver.c (qemuDomainAttachDeviceDiskLive)
      (qemuDomainChangeDiskMediaLive)
      (qemuDomainSnapshotCreateSingleDiskActive)
      (qemuDomainSnapshotUndoSingleDiskActive): Likewise.
      67aea3fb
    • E
      storage: use cache to walk backing chain · 38c4a9cc
      Eric Blake 提交于
      We used to walk the backing file chain at least twice per disk,
      once to set up cgroup device whitelisting, and once to set up
      security labeling.  Rather than walk the chain every iteration,
      which possibly includes calls to fork() in order to open root-squashed
      NFS files, we can exploit the cache of the previous patch.
      
      * src/conf/domain_conf.h (virDomainDiskDefForeachPath): Alter
      signature.
      * src/conf/domain_conf.c (virDomainDiskDefForeachPath): Require caller
      to supply backing chain via disk, if recursion is desired.
      * src/security/security_dac.c
      (virSecurityDACSetSecurityImageLabel): Adjust caller.
      * src/security/security_selinux.c
      (virSecuritySELinuxSetSecurityImageLabel): Likewise.
      * src/security/virt-aa-helper.c (get_files): Likewise.
      * src/qemu/qemu_cgroup.c (qemuSetupDiskCgroup)
      (qemuTeardownDiskCgroup): Likewise.
      (qemuSetupCgroup): Pre-populate chain.
      38c4a9cc
    • E
      storage: cache backing chain while qemu domain is live · 4d34c929
      Eric Blake 提交于
      Technically, we should not be re-probing any file that qemu might
      be currently writing to.  As such, we should cache the backing
      file chain prior to starting qemu.  This patch adds the cache,
      but does not use it until the next patch.
      
      Ultimately, we want to also store the chain in domain XML, so that
      it is remembered across libvirtd restarts, and so that the only
      kosher way to modify the backing chain of an offline domain will be
      through libvirt API calls, but we aren't there yet.  So for now, we
      merely invalidate the cache any time we do a live operation that
      alters the chain (block-pull, block-commit, external disk snapshot),
      as well as tear down the cache when the domain is not running.
      
      * src/conf/domain_conf.h (_virDomainDiskDef): New field.
      * src/conf/domain_conf.c (virDomainDiskDefFree): Clean new field.
      * src/qemu/qemu_domain.h (qemuDomainDetermineDiskChain): New
      prototype.
      * src/qemu/qemu_domain.c (qemuDomainDetermineDiskChain): New
      function.
      * src/qemu/qemu_driver.c (qemuDomainAttachDeviceDiskLive)
      (qemuDomainChangeDiskMediaLive): Pre-populate chain.
      (qemuDomainSnapshotCreateSingleDiskActive): Uncache chain before
      snapshot.
      * src/qemu/qemu_process.c (qemuProcessHandleBlockJob): Update
      chain after block pull.
      4d34c929
    • E
      storage: don't require caller to pre-allocate metadata struct · 1fc95932
      Eric Blake 提交于
      Requiring pre-allocation was an unusual idiom.  It allowed iteration
      over the backing chain to use fewer mallocs, but made one-shot
      clients harder to read.  Also, this makes it easier for a future
      patch to move away from opening fds on every iteration over the chain.
      
      * src/util/storage_file.h (virStorageFileGetMetadataFromFD): Alter
      signature.
      * src/util/storage_file.c (virStorageFileGetMetadataFromFD): Allocate
      return value.
       (virStorageFileGetMetadata): Update clients.
      * src/conf/domain_conf.c (virDomainDiskDefForeachPath): Likewise.
      * src/qemu/qemu_driver.c (qemuDomainGetBlockInfo): Likewise.
      * src/storage/storage_backend_fs.c (virStorageBackendProbeTarget):
      Likewise.
      1fc95932
    • E
      storage: use enum for snapshot driver type · 1246640b
      Eric Blake 提交于
      This is the last use of raw strings for disk formats throughout
      the src/conf directory.
      
      * src/conf/snapshot_conf.h (_virDomainSnapshotDiskDef): Store enum
      rather than string for disk type.
      * src/conf/snapshot_conf.c (virDomainSnapshotDiskDefClear)
      (virDomainSnapshotDiskDefParseXML, virDomainSnapshotDefFormat):
      Adjust users.
      * src/qemu/qemu_driver.c (qemuDomainSnapshotDiskPrepare)
      (qemuDomainSnapshotCreateSingleDiskActive): Likewise.
      1246640b
    • E
      storage: use enum for disk driver type · e5e8d5d0
      Eric Blake 提交于
      Actually use the enum in the domain conf structure.
      
      * src/conf/domain_conf.h (_virDomainDiskDef): Store enum rather
      than string for disk type.
      * src/conf/domain_conf.c (virDomainDiskDefFree)
      (virDomainDiskDefParseXML, virDomainDiskDefFormat)
      (virDomainDiskDefForeachPath): Adjust users.
      * src/xenxs/xen_sxpr.c (xenParseSxprDisks, xenFormatSxprDisk):
      Likewise.
      * src/xenxs/xen_xm.c (xenParseXM, xenFormatXMDisk): Likewise.
      * src/vbox/vbox_tmpl.c (vboxAttachDrives): Likewise.
      * src/libxl/libxl_conf.c (libxlMakeDisk): Likewise.
      e5e8d5d0
    • E
      storage: use enum for default driver type · 09e7fb5e
      Eric Blake 提交于
      Express the default disk type as an enum, for easier handling.
      
      * src/conf/capabilities.h (_virCaps): Store enum rather than
      string for disk type.
      * src/conf/domain_conf.c (virDomainDiskDefParseXML): Adjust
      clients.
      * src/qemu/qemu_driver.c (qemuCreateCapabilities): Likewise.
      09e7fb5e
    • E
      storage: list more file types · f772b3d9
      Eric Blake 提交于
      When an image has no backing file, using VIR_STORAGE_FILE_AUTO
      for its type is a bit confusing.  Additionally, a future patch
      would like to reserve a default value for the case of no file
      type specified in the XML, but different from the current use
      of -1 to imply probing, since probing is not always safe.
      
      Also, a couple of file types were missing compared to supported
      code: libxl supports 'vhd', and qemu supports 'fat' for directories
      passed through as a file system.
      
      * src/util/storage_file.h (virStorageFileFormat): Add
      VIR_STORAGE_FILE_NONE, VIR_STORAGE_FILE_FAT, VIR_STORAGE_FILE_VHD.
      * src/util/storage_file.c (virStorageFileMatchesVersion): Match
      documentation when version probing not supported.
      (cowGetBackingStore, qcowXGetBackingStore, qcow1GetBackingStore)
      (qcow2GetBackingStoreFormat, qedGetBackingStore)
      (virStorageFileGetMetadataFromBuf)
      (virStorageFileGetMetadataFromFD): Take NONE into account.
      * src/conf/domain_conf.c (virDomainDiskDefForeachPath): Likewise.
      * src/qemu/qemu_driver.c (qemuDomainGetBlockInfo): Likewise.
      * src/conf/storage_conf.c (virStorageVolumeFormatFromString): New
      function.
      (poolTypeInfo): Use it.
      f772b3d9
    • G
      selinux: relabel tapfd in qemuPhysIfaceConnect · 4492ef7f
      Guannan Ren 提交于
      Relabeling tapfd right after the tap device is created.
      qemuPhysIfaceConnect is common function called both for static
      netdevs and for hotplug netdevs.
      4492ef7f
  3. 19 10月, 2012 4 次提交
  4. 18 10月, 2012 5 次提交
  5. 17 10月, 2012 3 次提交
    • M
      qemu: Pin the emulator when only cpuset is specified · ba63d8f7
      Martin Kletzander 提交于
      According to our recent changes (clarifications), we should be pinning
      qemu's emulator processes using the <vcpu> 'cpuset' attribute in case
      there is no <emulatorpin> specified.  This however doesn't work
      entirely as expected and this patch should resolve all the remaining
      issues.
      ba63d8f7
    • J
      qemu: Clear async job when p2p migration fails early · 837993d8
      Jiri Denemark 提交于
      When p2p migration fails early because qemuMigrationIsAllowed or
      qemuMigrationIsSafe say migration should be cancelled, we fail to clear
      the migration-out async job. As a result of that, further APIs called
      for the same domain may fail with Timed out during operation: cannot
      acquire state change lock.
      
      Reported by Guido Winkelmann.
      837993d8
    • G
      selinux: fix wrong tapfd relablling · 89b63f0a
      Guannan Ren 提交于
      It should relabel tapfd of virtual network of type VIR_DOMAIN_NET_TYPE_DIRECT
      rather than VIR_DOMAIN_NET_TYPE_NETWORK and VIR_DOMAIN_NET_TYPE_BRIDGE
      (commit ae368ebf introduced this bug)
      
      Caution: The context of the two hunks is identical other than indentation.
      Please be extremely cautious of where the patch gets applied.
      89b63f0a
  6. 15 10月, 2012 7 次提交
    • E
      maint: drop spurious semicolons · 2cfa14bc
      Eric Blake 提交于
      Detected with:
      git grep ';;$' -- '**/*.[ch]'
      
      * src/network/bridge_driver.c (networkRadvdConfContents): Fix
      harmless typo.
      * src/phyp/phyp_driver.c (phypUUIDTable_Pull): Likewise.
      * src/qemu/qemu_monitor_json.c (qemuMonitorJSONDriveDel):
      Likewise.
      2cfa14bc
    • G
      selinux: add security selinux function to label tapfd · ae368ebf
      Guannan Ren 提交于
      BZ:https://bugzilla.redhat.com/show_bug.cgi?id=851981
      When using macvtap, a character device gets first created by
      kernel with name /dev/tapN, its selinux context is:
      system_u:object_r:device_t:s0
      
      Shortly, when udev gets notification when new file is created
      in /dev, it will then jump in and relabel this file back to the
      expected default context:
      system_u:object_r:tun_tap_device_t:s0
      
      There is a time gap happened.
      Sometimes, it will have migration failed, AVC error message:
      type=AVC msg=audit(1349858424.233:42507): avc:  denied  { read write } for
      pid=19926 comm="qemu-kvm" path="/dev/tap33" dev=devtmpfs ino=131524
      scontext=unconfined_u:system_r:svirt_t:s0:c598,c908
      tcontext=system_u:object_r:device_t:s0 tclass=chr_file
      
      This patch will label the tapfd device before qemu process starts:
      system_u:object_r:tun_tap_device_t:MCS(MCS from seclabel->label)
      ae368ebf
    • M
      Add support for SUSPEND_DISK event · 7ba5defb
      Martin Kletzander 提交于
      This patch adds support for SUSPEND_DISK event; both lifecycle and
      separated.  The support is added for QEMU, machines are changed to
      PMSUSPENDED, but as QEMU sends SHUTDOWN afterwards, the state changes
      to shut-off.  This and much more needs to be done in order for libvirt
      to work with transient devices, wake-ups etc.  This patch is not
      aiming for that functionality.
      7ba5defb
    • L
      qemu: reorganize qemuDomainChangeNet and qemuDomainChangeNetBridge · 6bde0a1a
      Laine Stump 提交于
      This patch resolves:
      
        https://bugzilla.redhat.com/show_bug.cgi?id=805071
      
      to the extent that it can be resolved with current qemu functionality.
      It attempts to detect as many situations as possible when the simple
      operation of disconnecting an existing tap device from one bridge and
      attaching it to another will satisfy the change requested in
      virDomainUpdateDeviceFlags() for a network device. Before this patch,
      that situation could only be detected if the pre-change interface
      *and* the post-change interface definition were both "type='bridge'".
      After this patch, it can also be detected if the before or after
      interfaces are any combination of type='bridge' and type='network'
      (the networks can be <forward mode='nat|route|bridge'>, as long as
      they use a Linux host bridge and not macvtap connections).
      
      This extra effort is especially useful since the recent discovery that
      a netdev_del+netdev_add combo (to reconnect the network device with
      completely different hostside configuration) doesn't work properly
      with current qemu (1.2) unless it is accompanied by the matching
      device_del+device_add - see this mailing list message for details:
      
        http://lists.nongnu.org/archive/html/qemu-devel/2012-10/msg02355.html
      
      (A slight modification of the patch referenced there has been prepared
      to apply on top of this patch, but won't be pushed until qemu can be
      made to work with it.)
      
      * qemuDomainChangeNet needs access to the virDomainDeviceDef that
      holds the new netdef (so that it can clear out the virDomainDeviceDef
      if it ends up using the NetDef to replace the original), so the
      virDomainNetDefPtr arg is replaced with a virDomainDeviceDefPtr.
      
      * qemuDomainChangeNet previously checked for *some* changes to the
      interface config, but this check was by no means complete. It was also
      a bit disorganized.
      
      This refactoring of the code is (I believe) complete in its check of
      all NetDef attributes that might be changed, and either returns a
      failure (for changes that are simply impossible), or sets one of three
      flags:
      
        needLinkStateChange - if the device link state needs to go up/down
        needBridgeChange    - if everything else is the same, but it needs
                              to be connected to a difference linux host
                              bridge
        needReconnect       - if the entire host side of the device needs
                              to be torn down and reconstructed (currently
                              non-working, as mentioned above)
      
      Note that this function will refuse to make any change that requires
      the *guest* side of the device to be detached (e.g. changing the PCI
      address or mac address). Those would be disruptive enough to the guest
      that it's reasonable to require an explicit detach/attach sequence
      from the management application.
      
      * As mentioned above, qemuDomainChangeNet also does its best to
      understand when a simple change in attached bridge for the existing
      tap device will work vs. the need to completely tear down/reconstruct
      the host side of the device (including tap device).
      
      This patch *does not* implement the "reconnect" code anyway - there is
      a placeholder that turns that into an error. Rather, the purpose of
      this patch is to replicate existing behavior with code that is ready
      to have that functionality plugged in in a later patch.
      
      * The expanded uses for qemuDomainChangeNetBridge meant that it needed
      to be enhanced as well - it no longer replaces the original brname
      string in olddev with the new brname; instead, it relies on the
      caller to replace the *entire* olddev with newdev (since we've gone
      to great lengths to assure they are functionally identical other
      than the name of the bridge, this is now not only safe, but more
      correct). Additionally, qemuDomainNetChangeBridge can now set the
      bridge for type='network' interfaces as well as plain type='bridge'
      interfaces. (Note that I had to make this change simultaneous to the
      reorganization of qemuDomainChangeNet because the two are too
      closely intertwined to separate).
      6bde0a1a
    • G
      Fix tab vs space · a2b80edb
      Guido Günther 提交于
      that broke "make syntax-check"
      
      found by http://honk.sigxcpu.org:8001/job/libvirt-syntax-check/157/
      
      Pushed under the build breaker rule.
      a2b80edb
    • O
      qemu: Ignore def->cpumask if emulatorpin is specified · 3635b41e
      Osier Yang 提交于
      If the vcpu placement is "static", it's just fine to ignore the
      def->cpumask if emulatorpin is specified.
      3635b41e
    • O
      qemu: Initialize cpuset for hotplugged vcpu as def->cpuset · 0df1a790
      Osier Yang 提交于
      The onlined vcpu pinning policy should inherit def->cpuset if
      it's not specified explicitly, and the affinity should be set
      in this case. Oppositely, the offlined vcpu pinning policy should
      be free()'ed.
      0df1a790