1. 08 8月, 2013 2 次提交
    • D
      Fix validation of CA certificate chains · 31d41d92
      Daniel P. Berrange 提交于
      The code added to validate CA certificates did not take into
      account the possibility that the cacert.pem file can contain
      multiple (concatenated) cert data blocks. Extend the code for
      loading CA certs to use the gnutls APIs for loading cert lists.
      Add test cases to check that multi-level trees of certs will
      validate correctly.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      31d41d92
    • E
      maint: avoid C99 loop declaration · ed7e7c7d
      Eric Blake 提交于
      Commit 3d0e3c1a reintroduced a problem previously squelched in
      commit 7e5aa78d.  Add a syntax check this time around.
      
      util/virutil.c: In function 'virGetGroupList':
      util/virutil.c:1015: error: 'for' loop initial declaration used outside C99 mode
      
      * cfg.mk (sc_prohibit_loop_var_decl): New rule.
      * src/util/virutil.c (virGetGroupList): Fix offender.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      ed7e7c7d
  2. 07 8月, 2013 8 次提交
    • J
      Reverse logic allowing partial DHCP host XML · cf602e7c
      Ján Tomko 提交于
      Before, missing attributes were only OK when adding entries;
      modification and deletion required all of them.
      
      Now, only deletion works with missing attributes, as long as
      the host is uniquely identified.
      cf602e7c
    • G
      qemu: support to drop disk with 'optional' startupPolicy · 8a160f11
      Guannan Ren 提交于
      Go through disks of guest, if one disk doesn't exist or its backing
      chain is broken, with 'optional' startupPolicy, for CDROM and Floppy
      we only discard its source path definition in xml, for disks we drop
      it from disk list and free it.
      8a160f11
    • G
      conf: add startupPolicy attribute for harddisk · 93319da4
      Guannan Ren 提交于
      Add startupPolicy attribute for harddisk with type "file",
      "block" and "dir". 'requisite' is not supported currently for
      harddisk.
      93319da4
    • S
      nwfilter: Use -m conntrack rather than -m state · 06844ccb
      Stefan Berger 提交于
      Since iptables version 1.4.16 '-m state --state NEW' is converted to
      '-m conntrack --ctstate NEW'. Therefore, when encountering this or later
      versions of iptables use '-m conntrack --ctstate'.
      Signed-off-by: NStefan Berger <stefanb@linux.vnet.ibm.com>
      06844ccb
    • G
      virGetGroupList: always include the primary group · 3d0e3c1a
      Guido Günther 提交于
      The change from initgroups to virGetGroupList/setgroups in
      cab36cfe71ba83b71e536ba5c98e596f02b697b0 dropped the primary group from
      processes group list iff the passed in group to virGetGroupList differs
      from the user's primary group.
      
      So always include the primary group to bring back the old behaviour.
      
      Debian has the kvm group as primary group but uses
      libvirt-qemu:libvirt-qemu as user:group to run the kvm process so
      without this change the /dev/kvm is inaccessible.
      3d0e3c1a
    • S
      xen: Use internal interfaces in xenDomainUsedCpus · d7a45bf2
      Stefan Bader 提交于
      Since commit 95e18efd most public interfaces (xenUnified...) obtain
      a virDomainDefPtr via xenGetDomainDefFor...() which take the unified
      lock.
      This is already taken before calling xenDomainUsedCpus(), so we get
      a deadlock for active guests. Avoid this by splitting up
      xenUnifiedDomainGetVcpusFlags() and xenUnifiedDomainGetVcpus() into
      public and private function calls (which get the virDomainDefPtr passed)
      and use those in xenDomainUsedCpus().
      
          xenDomainUsedCpus
            ...
            nb_vcpu = xenUnifiedDomainGetMaxVcpus(dom);
              return xenUnifiedDomainGetVcpusFlags(...)
                ...
                if (!(def = xenGetDomainDefForDom(dom)))
                  return xenGetDomainDefForUUID(dom->conn, dom->uuid);
                    ...
                    ret = xenHypervisorLookupDomainByUUID(conn, uuid);
                      ...
                      xenUnifiedLock(priv);
                      name = xenStoreDomainGetName(conn, id);
                      xenUnifiedUnlock(priv);
            ...
            if ((ncpus = xenUnifiedDomainGetVcpus(dom, cpuinfo, nb_vcpu,
              ...
              if (!(def = xenGetDomainDefForDom(dom)))
                [again like above]
      Signed-off-by: NStefan Bader <stefan.bader@canonical.com>
      d7a45bf2
    • L
      qemu: improve error reporting during PCI address validation · c033e210
      Laine Stump 提交于
      This patch addresses two concerns with the error reporting when an
      incompatible PCI address is specified for a device:
      
      1) It wasn't always apparent which device had the problem. With this
      patch applied, any error about an incompatible address will always
      contain the full address as given in the config, so it will be easier
      to determine which device's config aused the problem.
      
      2) In some cases when the problem came from bad config, the error
      message was erroneously classified as VIR_ERR_INTERNAL_ERROR. With
      this patch applied, the same error message will be changed to indicate
      either "internal" or "xml" error depending on whether the address came
      from the config, or was automatically generated by libvirt.
      
      Note that in the case of "internal" (due to bad auto-generation)
      errors, the PCI address won't be of much use in finding the location
      in config to change (because it was automatically generated). Of
      course that makes perfect sense, but still the address could provide a
      clue about a bug in libvirt attempting to use a type of pci bus that
      doesn't have its flags set correctly (or something similar). In other
      words, it's not perfect, but it is definitely better.
      c033e210
    • L
      qemu: enable using implicit sata controller in q35 machines · 83718cfe
      Laine Stump 提交于
      q35 machines have an implicit ahci (sata) controller at 00:1F.2 which
      has no "id" associated with it. For this reason, we can't refer to it
      as "ahci0". Instead, we don't give an id on the commandline, which
      qemu interprets as "use the first ahci controller". We then need to
      specify the unit with "unit=%d" rather than adding it onto the bus
      arg.
      83718cfe
  3. 06 8月, 2013 7 次提交
    • M
      qemu_migration: Don't error on tunelled migration with --copy-storage · 5de58d87
      Michal Privoznik 提交于
      https://bugzilla.redhat.com/show_bug.cgi?id=979477
      
      Since 1.0.3 we are using the new way to copy non shared storage during
      migration (the NBD way). However, whether the new or old way is used is
      not controllable by user but unconditionally turned on if both sides of
      migration support it. Moreover, the implementation is not complete: the
      combination for VIR_MIGRATE_TUNNELLED flag is missing (as we need to
      open new port on the destination) in which case we just error out. This
      is a deadly combination: not letting users choose their destiny and
      erroring out. We should not do that but VIR_WARN and turn the NBD off
      instead.
      5de58d87
    • L
      qemu: properly set/use device alias for pci controllers · 01b88127
      Laine Stump 提交于
      We had been setting the device alias in the devinceinfo for pci
      controllers to "pci%u", but then hardcoding "pci.%u" when creating the
      device address for other devices using that pci bus. This all worked
      just fine until we encountered the built-in "pcie.0" bus (the PCIe
      root complex) in Q35 machines.
      
      In order to create the correct commandline for this one case, this
      patch:
      
      1) sets the alias for PCI controllers correctly, to "pci.%u" (or
      "pcie.%u" for the pcie-root controller)
      
      2) eliminates the hardcoded "pci.%u" for pci controllers when
      generatuing device address strings, and instead uses the controller's
      alias.
      
      3) plumbs a pointer to the virDomainDef all the way down to
      qemuBuildDeviceAddressStr. This was necessary in order to make the
      aliase of the controller *used by a device* available (previously
      qemuBuildDeviceAddressStr only had the deviceinfo of the device
      itself, *not* of the controller it was connecting to). This made for a
      larger than desired diff, but at least in the future we won't have to
      do it again, since all the information we could possibly ever need for
      future enhancements is in the virDomainDef. (right?)
      
      This should be done for *all* controllers, but for now we just do it
      in the case of PCI controllers, to reduce the likelyhood of
      regression.
      01b88127
    • L
      qemu: fix handling of default/implicit devices for q35 · c27b0bb1
      Laine Stump 提交于
      This patch adds in special handling for a few devices that need to be
      treated differently for q35 domains:
      
      usb - there is no implicit/default usb controller for the q35
      machinetype. This is done because normally the default usb controller
      is added to a domain by just adding "-usb" to the qemu commandline,
      and it's assumed that this will add a single piix3 usb1 controller at
      slot 1 function 2. That's not what happens when the machinetype is
      q35, though. Instead, adding -usb to the commandline adds 3 usb
      (version 2) controllers to the domain at slot 0x1D.{1,2,7}. Rather
      than having
      
        <controller type='usb' index='0'/>
      
      translate into 3 separate devices on the PCI bus, it's cleaner to not
      automatically add a default usb device; one can always be added
      explicitly if desired. Or we may decide that on q35 machines, 3 usb
      controllers will be automatically added when none is given. But for
      this initial commit, at least we aren't locking ourselves into
      something we later won't want.
      
      video - qemu always initializes the primary video device immediately
      after any integrated devices for the machinetype. Unless instructed
      otherwise (by using "-device vga..." instead of "-vga" which libvirt
      uses in many cases to work around deficiencies and bugs in various
      qemu versions) qemu will always pick the first unused slot. In the
      case of the "pc" machinetype and its derivatives, this is always slot
      2, but on q35 machinetypes, the first free slot is slot 1 (since the
      q35's integrated peripheral devices are placed in other slots,
      e.g. slot 0x1f). In order to make the PCI address of the video device
      predictable, that slot (1 or 2, depending on machinetype) is reserved
      even when no video device has been specified.
      
      sata - a q35 machine always has a sata controller implicitly added at
      slot 0x1F, function 2. There is no way to avoid this controller, so we
      always add it. Note that the xml2xml tests for the pcie-root and q35
      cases were changed to use DO_TEST_DIFFERENT() so that we can check for
      the sata controller being automatically added. This is especially
      important because we can't check for it in the xml2argv output (it has
      no effect on that output since it's an implicit device).
      
      ide - q35 has no ide controllers.
      
      isa and smbus controllers - these two are always present in a q35 (at
      slot 0x1F functions 0 and 3) but we have no way of modelling them in
      our config. We do need to reserve those functions so that the user
      doesn't attempt to put anything else there though. (note that the "pc"
      machine type also has an ISA controller, which we also ignore).
      c27b0bb1
    • L
      qemu: add dmi-to-pci-bridge controller · 62ac6b43
      Laine Stump 提交于
      This PCI controller, named "dmi-to-pci-bridge" in the libvirt config,
      and implemented with qemu's "i82801b11-bridge" device, connects to a
      PCI Express slot (e.g. one of the slots provided by the pcie-root
      controller, aka "pcie.0" on the qemu commandline), and provides 31
      *non-hot-pluggable* PCI (*not* PCIe) slots, numbered 1-31.
      
      Any time a machine is defined which has a pcie-root controller
      (i.e. any q35-based machinetype), libvirt will automatically add a
      dmi-to-pci-bridge controller if one doesn't exist, and also add a
      pci-bridge controller. The reasoning here is that any useful domain
      will have either an immediate (startup time) or eventual (subsequent
      hot-plug) need for a standard PCI slot; since the pcie-root controller
      only provides PCIe slots, we need to connect a dmi-to-pci-bridge
      controller to it in order to get a non-hot-plug PCI slot that we can
      then use to connect a pci-bridge - the slots provided by the
      pci-bridge will be both standard PCI and hot-pluggable.
      
      Since pci-bridge devices themselves can not be hot-plugged into a
      running system (although you can hot-plug other devices into a
      pci-bridge's slots), any new pci-bridge controller that is added can
      (and will) be plugged into the dmi-to-pci-bridge as long as it has
      empty slots available.
      
      This patch is also changing the qemuxml2xml-pcie test from a "DO_TEST"
      to a "DO_DIFFERENT_TEST". This is so that the "before" xml can omit
      the automatically added dmi-to-pci-bridge and pci-bridge devices, and
      the "after" xml can include it - this way we are testing if libvirt is
      properly adding these devices.
      62ac6b43
    • L
      qemu: add pcie-root controller · 48a3f48a
      Laine Stump 提交于
      This controller is implicit on q35 machinetypes. It provides 31 PCIe
      (*not* PCI) slots as controller 0.
      
      Currently there are no devices that can connect to pcie-root, and no
      implicit pci controller on a q35 machine, so q35 is still
      unusable. For a usable q35 system, we need to add a
      "dmi-to-pci-bridge" pci controller, which can connect to pcie-root,
      and provides standard pci slots that can be used to connect other
      devices.
      48a3f48a
    • L
      qemu: enable auto-allocate of all PCI addresses · c305783c
      Laine Stump 提交于
      Previous refactoring of the guest PCI address reservation/allocation
      code allowed for slot types other than basic PCI (e.g. PCI express,
      non-hotpluggable slots, etc) but would not auto-allocate a slot for a
      device that required any type other than a basic hot-pluggable
      PCI slot.
      
      This patch refactors the code to be aware of different slot types
      during auto-allocation of addresses as well - as long as there is an
      empty slot of the required type, it will be found and used.
      
      The piece that *wasn't* added is that we don't auto-create a new PCI
      bus when needed for anything except basic PCI devices. This is because
      there are multiple different types of controllers that can provide,
      for example, a PCI express slot (in addition to the pcie-root
      controller, these can also be found on a "root-port" or on a
      "downstream-switch-port"). Since we currently don't support any PCIe
      devices (except pending support for dmi-to-pci-bridge), we can defer
      any decision on what to do about this.
      c305783c
    • J
      xen: fix memory corruption in legacy driver · 0e671a16
      Jim Fehlig 提交于
      Commit 632180d1 introduced memory corruption in xenDaemonListDefinedDomains
      by starting to populate the names array at index -1, causing all sorts
      of havoc in libvirtd such as aborts like the following
      
      *** Error in `/usr/sbin/libvirtd': double free or corruption (out): 0x00007fffe00ccf20 ***
      ======= Backtrace: =========
      /lib64/libc.so.6(+0x7abf6)[0x7ffff3fa0bf6]
      /lib64/libc.so.6(+0x7b973)[0x7ffff3fa1973]
      /lib64/libc.so.6(xdr_array+0xde)[0x7ffff403cbae]
      /usr/sbin/libvirtd(+0x50251)[0x5555555a4251]
      /lib64/libc.so.6(xdr_free+0x15)[0x7ffff403ccd5]
      /usr/lib64/libvirt.so.0(+0x1fad34)[0x7ffff76b1d34]
      /usr/lib64/libvirt.so.0(virNetServerProgramDispatch+0x1fc)[0x7ffff76b16f1]
      /usr/lib64/libvirt.so.0(+0x1f214a)[0x7ffff76a914a]
      /usr/lib64/libvirt.so.0(+0x1f222d)[0x7ffff76a922d]
      /usr/lib64/libvirt.so.0(+0xbcc4f)[0x7ffff7573c4f]
      /usr/lib64/libvirt.so.0(+0xbc5e5)[0x7ffff75735e5]
      /lib64/libpthread.so.0(+0x7e0f)[0x7ffff48f7e0f]
      /lib64/libc.so.6(clone+0x6d)[0x7ffff400e7dd]
      
      Fix by initializing ret to 0 and only setting to error on failure path.
      0e671a16
  4. 05 8月, 2013 2 次提交
    • M
      Introduce max_queued_clients · 1199edb1
      Michal Privoznik 提交于
      This configuration knob lets user to set the length of queue of
      connection requests waiting to be accept()-ed by the daemon. IOW, it
      just controls the @backlog passed to listen:
      
        int listen(int sockfd, int backlog);
      1199edb1
    • M
      RPC: Don't accept client if it would overcommit max_clients · 2737aaaf
      Michal Privoznik 提交于
      Currently, even if max_client limit is hit, we accept() incoming
      connection request, but close it immediately. This has disadvantage of
      not using listen() queue. We should accept() only those clients we
      know we can serve and let all other wait in the (limited) queue.
      2737aaaf
  5. 04 8月, 2013 3 次提交
    • L
      qemu: eliminate almost-duplicate code in qemu_command.c · 3bb01257
      Laine Stump 提交于
      * The functions qemuDomainPCIAddressReserveAddr and
      qemuDomainPCIAddressReserveSlot were very similar (and should have
      been more similar) and were about to get more code added to them which
      would create even more duplicated code, so this patch gives
      qemuDomainPCIAddressReserveAddr a "reserveEntireSlot" arg, then
      replaces the body of qemuDomainPCIAddressReserveSlot with a call to
      qemuDomainPCIAddressReserveAddr.
      
      You will notice that addrs->lastaddr was previously set in
      qemuDomainPCIAddressReserveAddr (but *not* set in
      qemuDomainPCIAddressReserveSlot). For consistency and cleanliness of
      code, that bit was removed and put into the one caller of
      qemuDomainPCIAddressReserveAddr (there is a similar place where the
      caller of qemuDomainPCIAddressReserveSlot sets lastaddr). This does
      guarantee identical functionality to pre-patch code, but in practice
      isn't really critical, because lastaddr is just keeping track of where
      to start when looking for a free slot - if it isn't updated, we will
      just start looking on a slot that's already occupied, then skip up to
      one that isn't.
      
      * qemuCollectPCIAddress was essentially doing the same thing as
      qemuDomainPCIAddressReserveAddr, but with some extra special case
      checking at the beginning. The duplicate code has been replaced with
      a call to qemuDomainPCIAddressReserveAddr. This required adding a
      "fromConfig" boolean, which is only used to change the log error
      code from VIR_ERR_INTERNAL_ERROR (when the address was
      auto-generated by libvirt) to VIR_ERR_XML_ERROR (when the address is
      coming from the config); without this differentiation, it would be
      difficult to tell if an error was caused by something wrong in
      libvirt's auto-allocate code or just bad config.
      
      * the bit of code in qemuDomainPCIAddressValidate that checks the
      connect type flags is going to be used in a couple more places where
      we don't need to also check the slot limits (because we're generating
      the slot number ourselves), so that has been pulled out into a
      separate qemuDomainPCIAddressFlagsCompatible function.
      3bb01257
    • L
      qemu: rename some functions in qemu_command.c · 29e3a1df
      Laine Stump 提交于
      * qemuDomainPCIAddressSetNextAddr
      
      The name of this function was confusing because 1) other functions in
      the file that end in "Addr" are only operating on a single function of
      one PCI slot, not the entire slot, while functions that do something
      with the entire slot end in "Slot", and 2) it didn't contain a verb
      describing what it is doing (the "Set" refers to the set that contains
      all PCI buses in the system, used to keep track of which slots in
      which buses are already reserved for use).
      
      It is now renamed to qemuDomainPCIAddressReserveNextSlot, which more
      clearly describes what it is doing. Arguably, it could have been
      changed to qemuDomainPCIAddressSetReserveNextSlot, but 1) the word
      "set" is confusing in this context because it could be intended as a
      verb or as a noun, and 2) most other functions that operate on a
      single slot or address within this set are also named
      qemuDomainPCIAddress... rather than qemuDomainPCIAddressSet... Only
      the Create, Free, and Grow functions for an address set (which modify the
      entire set, not just one element) use "Set" in their name.
      
      * qemuPCIAddressAsString, qemuPCIAddressValidate
      
      All the other functions in this set are named
      qemuDomainPCIAddressxxxxx, so I renamed these to be consistent.
      29e3a1df
    • L
      conf: add default USB controller in qemu post-parse callback · c66da9d2
      Laine Stump 提交于
      The parser shouldn't be doing arch-specific things like adding in
      implicit controllers to the config. This should instead be done in the
      hypervisor's post-parse callback.
      
      This patch removes the auto-add of a usb controller from the domain
      parser, and puts it into the qemu driver's post-parse callback (just
      as is already done with the auto-add of the pci-root controller). In
      the future, any machine/arch that shouldn't have a default usb
      controller added should just set addDefaultUSB = false in this
      function.
      
      We've recently seen that q35 and ARMV7L domains shouldn't get a default USB
      controller, so I've set addDefaultUSB to false for both of those.
      c66da9d2
  6. 02 8月, 2013 4 次提交
  7. 01 8月, 2013 8 次提交
  8. 31 7月, 2013 6 次提交