1. 08 7月, 2014 2 次提交
  2. 03 7月, 2014 1 次提交
  3. 27 6月, 2014 1 次提交
  4. 26 6月, 2014 1 次提交
  5. 24 6月, 2014 2 次提交
    • D
      Change 'interface' to 'iface' in virNetworkDHCPLease · 6512c8b4
      Daniel P. Berrange 提交于
      Variables/fields named 'interface' clash with system
      header symbols on some platforms.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      6512c8b4
    • N
      net-dhcp-leases: Implement the public APIs · 03e0e79e
      Nehal J Wani 提交于
      Introduce 3 new APIs, virNetworkGetDHCPLeases, virNetworkGetDHCPLeasesForMAC
      and virNetworkDHCPLeaseFree.
      
      * virNetworkGetDHCPLeases: returns the dhcp leases information for a given
           virtual network.
      
        For DHCPv4, the information returned:
        - Network Interface Name
        - Expiry Time
        - MAC address
        - IAID (NULL)
        - IPv4 address (with type and prefix)
        - Hostname (can be NULL)
        - Client ID (can be NULL)
      
        For DHCPv6, the information returned:
        - Network Interface Name
        - Expiry Time
        - MAC address
        - IAID (can be NULL, only in rare cases)
        - IPv6 address (with type and prefix)
        - Hostname (can be NULL)
        - Client DUID
      
        Note: @mac, @iaid, @ipaddr, @clientid are in ASCII form, not raw bytes.
        Note: @expirytime can 0, in case the lease is for infinite time.
      
      * virNetworkGetDHCPLeasesForMAC: returns the dhcp leases information for a
           given virtual network and specified MAC Address.
      
      * virNetworkDHCPLeaseFree: allows the upper layer application to free the
           network interface object conveniently.
      
      There is no support for flags, so user is expected to pass 0 for
      both the APIs.
      
      include/libvirt/libvirt.h.in:
        * Define virNetworkGetDHCPLeases
        * Define virNetworkGetDHCPLeasesForMAC
        * Define virNetworkDHCPLeaseFree
      
      src/driver.h:
        * Define networkGetDHCPLeases
        * Define networkGetDHCPLeasesForMAC
      
      src/libvirt.c:
        * Implement virNetworkGetDHCPLeases
        * Implement virNetworkGetDHCPLeasesForMAC
        * Implement virNetworkDHCPLeaseFree
      
      src/libvirt_public.syms:
        * Export the new symbols
      03e0e79e
  6. 19 6月, 2014 1 次提交
    • M
      Introduce virNodeGetFreePages · 34f2d031
      Michal Privoznik 提交于
      The aim of the API is to get information on number of free pages
      on the system. The API behaves similar to the
      virNodeGetCellsFreeMemory(). User passes starting NUMA cell, the
      count of nodes that he's interested in, pages sizes (yes,
      multiple sizes can be queried at once) and the counts are
      returned in an array.
      Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
      34f2d031
  7. 11 6月, 2014 1 次提交
    • E
      blockcommit: document semantics of committing active layer · b2980250
      Eric Blake 提交于
      Now that qemu 2.0 allows commit of the active layer, people are
      attempting to use virsh blockcommit and getting into a stuck
      state, because libvirt is unprepared to handle the two-phase
      commit required by qemu.
      
      Stepping back a bit, there are two valid semantics for a
      commit operation:
      
      1. Maintain a 'golden' base, and a transient overlay. Make
      changes in the overlay, and if everything appears to work,
      commit those changes into the base, but still keep the overlay
      for the next round of changes; repeat the cycle as desired.
      
      2. Create an external snapshot, then back up the stable state
      in the backing file. Once the backup is complete, commit the
      overlay back into the base, and delete the temporary snapshot.
      
      Since qemu doesn't know up front which of the two styles is
      preferred, a block commit of the active layer merely gets
      the job into a synchronized state, and sends an event; then
      the user must either cancel (case 1) or complete (case 2),
      where qemu then sends a second event that actually ends the
      job.  However, until commit e6bcbcd3, libvirt was blindly
      assuming the semantics that apply to a commit of an
      intermediate image, where there is only one sane conclusion
      (the job automatically ends with fewer elements in the chain);
      and getting stuck because it wasn't prepared for qemu to enter
      a second phase of the job.
      
      This patch adds a flag to the libvirt API that a user MUST
      supply in order to acknowledge that they will be using two-phase
      semantics.  It might be possible to have a mode where if the
      flag is omitted, we automatically do the case 2 semantics on
      the user's behalf; but before that happens, I must do additional
      patches to track the fact that we are doing an active commit
      in the domain XML.  Later patches will add support of the flag,
      and once 2-phase semantics are working, we can then decide
      whether to relax things to allow an omitted flag to cause an
      automatic pivot.
      
      * include/libvirt/libvirt.h.in (VIR_DOMAIN_BLOCK_COMMIT_ACTIVE)
      (VIR_DOMAIN_BLOCK_JOB_TYPE_ACTIVE_COMMIT): New enums.
      * src/libvirt.c (virDomainBlockCommit): Document two-phase job
      when committing active layer, through new flag.
      (virDomainBlockJobAbort): Document that pivot also occurs after
      active commit.
      * tools/virsh-domain.c (vshDomainBlockJob): Cover new job.
      * src/qemu/qemu_driver.c (qemuDomainBlockCommit): Explicitly
      reject active copy; later patches will add it in.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      b2980250
  8. 28 5月, 2014 1 次提交
  9. 23 5月, 2014 1 次提交
  10. 17 5月, 2014 1 次提交
  11. 15 5月, 2014 1 次提交
    • M
      Introduce virDomain{Get,Set}Time APIs · 0abb3693
      Michal Privoznik 提交于
      These APIs allow users to get or set time in a domain, which may come
      handy if the domain has been resumed just recently and NTP is not
      configured or hasn't kicked in yet and the guest is running
      something time critical. In addition, NTP may refuse to re-set the clock
      if the skew is too big.
      
      In addition, new ACL attribute is introduced 'set_time'.
      Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
      0abb3693
  12. 07 5月, 2014 1 次提交
  13. 01 5月, 2014 1 次提交
  14. 25 4月, 2014 1 次提交
    • J
      Add support for addressing backing stores by index · f22b7899
      Jiri Denemark 提交于
      Each backing store of a given disk is associated with a unique index
      (which is also formatted in domain XML) for easier addressing of any
      particular backing store. With this patch, any backing store can be
      addressed by its disk target and the index. For example, "vdc[4]"
      addresses the backing store with index equal to 4 of the disk identified
      by "vdc" target. Such shorthand can be used in any API in place for a
      backing file path:
      
          virsh blockcommit domain vda --base vda[3] --top vda[2]
      Signed-off-by: NJiri Denemark <jdenemar@redhat.com>
      f22b7899
  15. 23 4月, 2014 1 次提交
  16. 25 3月, 2014 2 次提交
  17. 21 3月, 2014 1 次提交
    • C
      libvirt support to force convergence of live guest migration · 05e1b06a
      Chegu Vinod 提交于
      Busy enterprise workloads hosted on large sized VM's tend to dirty
      memory faster than the transfer rate achieved via live guest migration.
      Despite some good recent improvements (& using dedicated 10Gig NICs
      between hosts) the live migration may NOT converge.
      
      Recently support was added in qemu (version 1.6) to allow a user to
      choose if they wish to force convergence of their migration via a
      new migration capability : "auto-converge". This feature allows for qemu
      to auto-detect lack of convergence and trigger a throttle-down of the
      VCPUs.
      
      This patch includes the libvirt support needed to trigger this
      feature. (Testing is in progress)
      Signed-off-by: NChegu Vinod <chegu_vinod@hp.com>
      Signed-off-by: NJiri Denemark <jdenemar@redhat.com>
      05e1b06a
  18. 18 3月, 2014 2 次提交
  19. 04 3月, 2014 1 次提交
    • E
      util: make it easier to grab only regular command exit · b9dd878f
      Eric Blake 提交于
      Auditing all callers of virCommandRun and virCommandWait that
      passed a non-NULL pointer for exit status turned up some
      interesting observations.  Many callers were merely passing
      a pointer to avoid the overall command dying, but without
      caring what the exit status was - but these callers would
      be better off treating a child death by signal as an abnormal
      exit.  Other callers were actually acting on the status, but
      not all of them remembered to filter by WIFEXITED and convert
      with WEXITSTATUS; depending on the platform, this can result
      in a status being reported as 256 times too big.  And among
      those that correctly parse the output, it gets rather verbose.
      Finally, there were the callers that explicitly checked that
      the status was 0, and gave their own message, but with fewer
      details than what virCommand gives for free.
      
      So the best idea is to move the complexity out of callers and
      into virCommand - by default, we return the actual exit status
      already cleaned through WEXITSTATUS and treat signals as a
      failed command; but the few callers that care can ask for raw
      status and act on it themselves.
      
      * src/util/vircommand.h (virCommandRawStatus): New prototype.
      * src/libvirt_private.syms (util/command.h): Export it.
      * docs/internals/command.html.in: Document it.
      * src/util/vircommand.c (virCommandRawStatus): New function.
      (virCommandWait): Adjust semantics.
      * tests/commandtest.c (test1): Test it.
      * daemon/remote.c (remoteDispatchAuthPolkit): Adjust callers.
      * src/access/viraccessdriverpolkit.c (virAccessDriverPolkitCheck):
      Likewise.
      * src/fdstream.c (virFDStreamCloseInt): Likewise.
      * src/lxc/lxc_process.c (virLXCProcessStart): Likewise.
      * src/qemu/qemu_command.c (qemuCreateInBridgePortWithHelper):
      Likewise.
      * src/xen/xen_driver.c (xenUnifiedXendProbe): Simplify.
      * tests/reconnect.c (mymain): Likewise.
      * tests/statstest.c (mymain): Likewise.
      * src/bhyve/bhyve_process.c (virBhyveProcessStart)
      (virBhyveProcessStop): Don't overwrite virCommand error.
      * src/libvirt.c (virConnectAuthGainPolkit): Likewise.
      * src/openvz/openvz_driver.c (openvzDomainGetBarrierLimit)
      (openvzDomainSetBarrierLimit): Likewise.
      * src/util/virebtables.c (virEbTablesOnceInit): Likewise.
      * src/util/viriptables.c (virIpTablesOnceInit): Likewise.
      * src/util/virnetdevveth.c (virNetDevVethCreate): Fix debug
      message.
      * src/qemu/qemu_capabilities.c (virQEMUCapsInitQMP): Add comment.
      * src/storage/storage_backend_iscsi.c
      (virStorageBackendISCSINodeUpdate): Likewise.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      b9dd878f
  20. 20 2月, 2014 1 次提交
  21. 19 2月, 2014 1 次提交
    • R
      bhyve: add a basic driver · 0eb4a5f4
      Roman Bogorodskiy 提交于
      At this point it has a limited functionality and is highly
      experimental. Supported domain operations are:
      
        * define
        * start
        * destroy
        * dumpxml
        * dominfo
      
      It's only possible to have only one disk device and only one
      network, which should be of type bridge.
      0eb4a5f4
  22. 13 2月, 2014 1 次提交
  23. 25 1月, 2014 1 次提交
    • J
      Block info query: Add check for transient domain · 46a0737e
      John Ferlan 提交于
      Currently the qemuDomainGetBlockInfo will return allocation == physical
      for most backing stores. For a qcow2 block backed device it's possible
      to return the highest lv extent allocated from qemu for an active guest.
      That is a value where allocation != physical and one would hope be less.
      However, if the guest is not running, then the code falls back to returning
      allocation == physical. This turns out to be problematic for rhev which
      monitors the size of the backing store. During a migration, before the
      VM has been started on the target and while it is deemed inactive on the
      source, there's a small window of time where the allocation is returned
      as physical triggering the code to extend the file unnecessarily.
      
      Since rhev uses transient domains and this is edge condition for a transient
      domain, rather than returning good status and allocation == physical when
      this "window of opportunity" exists, this patch will check for a transient
      (or non persistent) domain and return a failure to the caller rather than
      returning the defaults. For a persistent domain, the defaults will be
      returned. The description for the virDomainGetBlockInfo has been updated
      to describe the phenomena.
      46a0737e
  24. 23 1月, 2014 1 次提交
    • E
      api: require write permission for guest agent interaction · 7f2d27d1
      Eric Blake 提交于
      I noticed that we allow virDomainGetVcpusFlags even for read-only
      connections, but that with a flag, it can require guest agent
      interaction.  It is feasible that a malicious guest could
      intentionally abuse the replies it sends over the guest agent
      connection to possibly trigger a bug in libvirt's JSON parser,
      or withhold an answer so as to prevent the use of the agent
      in a later command such as a shutdown request.  Although we
      don't know of any such exploits now (and therefore don't mind
      posting this patch publicly without trying to get a CVE assigned),
      it is better to err on the side of caution and explicitly require
      full access to any domain where the API requires guest interaction
      to operate correctly.
      
      I audited all commands that are marked as conditionally using a
      guest agent.  Note that at least virDomainFSTrim is documented
      as needing a guest agent, but that such use is unconditional
      depending on the hypervisor (so the existing domain:fs_trim ACL
      should be sufficient there, rather than also requirng domain:write).
      But when designing future APIs, such as the plans for obtaining
      a domain's IP addresses, we should copy the approach of this patch
      in making interaction with the guest be specified via a flag, and
      use that flag to also require stricter access checks.
      
      * src/libvirt.c (virDomainGetVcpusFlags): Forbid guest interaction
      on read-only connection.
      (virDomainShutdownFlags, virDomainReboot): Improve docs on agent
      interaction.
      * src/remote/remote_protocol.x
      (REMOTE_PROC_DOMAIN_SNAPSHOT_CREATE_XML)
      (REMOTE_PROC_DOMAIN_SET_VCPUS_FLAGS)
      (REMOTE_PROC_DOMAIN_GET_VCPUS_FLAGS, REMOTE_PROC_DOMAIN_REBOOT)
      (REMOTE_PROC_DOMAIN_SHUTDOWN_FLAGS): Require domain:write for any
      conditional use of a guest agent.
      * src/xen/xen_driver.c: Fix clients.
      * src/libxl/libxl_driver.c: Likewise.
      * src/uml/uml_driver.c: Likewise.
      * src/qemu/qemu_driver.c: Likewise.
      * src/lxc/lxc_driver.c: Likewise.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      7f2d27d1
  25. 20 1月, 2014 1 次提交
  26. 17 1月, 2014 5 次提交
    • E
      maint: replace remaining virLib*Error with better names · 42358e3a
      Eric Blake 提交于
      Finish the cleanup of libvirt.c; all uses of virLib*Error have
      now been converted to more canonical conventions.
      
      * src/libvirt.c: Use virReportError in remaining errors.
      (virLibConnError, virLibDomainError): Delete unused macros.
      * cfg.mk (msg_gen_function): Drop unused names.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      42358e3a
    • E
      maint: simplify driver registration at startup · 323c2cc4
      Eric Blake 提交于
      We had a lot of repetition of errors that would occur if we
      ever register too many drivers; this is unlikely to occur
      unless we start adding a lot of new hypervisor modules, but
      if it does occur, it's better to have uniform handling of the
      situation, so that a one-line change is all that would be
      needed if we decide that an internal error is not the best.
      
      * src/libvirt.c (virDriverCheckTabMaxReturn): New define.
      (virRegister*Driver): Use it for less code duplication.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      323c2cc4
    • E
      maint: clean up error reporting in migration · 27553573
      Eric Blake 提交于
      The choice of error message and category was not consistent
      in the migration code; furthermore, the use of virLibConnError
      is no longer necessary now that we have a generic virReportError.
      
      * src/qemu/qemu_migration.c (virDomainMigrate*): Prefer
      virReportError over virLibConnError.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      27553573
    • E
      maint: don't lose error on canceled migration · c8ed177a
      Eric Blake 提交于
      While auditing the error reporting, I noticed that migration
      had some issues.  Some of the static helper functions tried
      to call virDispatchError(), even though their caller will also
      report the error.  Also, if a migration is cancelled early
      because a uri was not set, we did not guarantee that the finish
      stage would not overwrite the first error message.
      
      * src/qemu/qemu_migration.c (doPeer2PeerMigrate2)
      (doPeer2PeerMigrate3): Preserve first error when cancelling.
      * src/libvirt.c (virDomainMigrateVersion3Full): Likewise.
      (virDomainMigrateVersion1, virDomainMigrateVersion2)
      (virDomainMigrateDirect): Avoid redundant error dispatch.
      (virDomainMigrateFinish2, virDomainMigrateFinish3)
      (virDomainMigrateFinish3Params): Don't report error on cleanup
      path.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      c8ed177a
    • E
      maint: don't leave garbage on early API exit · c05aebfd
      Eric Blake 提交于
      Several APIs clear out a user input buffer before attempting to
      populate it; but in a few cases we missed this memset if we
      detect a reason for an early exit.  Note that these APIs
      check for non-NULL arguments, and exit early with an error
      message when NULL is passed in; which means that we must be
      careful to avoid a NULL deref in order to get to that error
      message.  Also, we were inconsistent on the use of
      sizeof(virType) vs. sizeof(expression); the latter is more
      robust if we ever change the type of the expression (although
      such action is unlikely since these types are part of our
      public API).
      
      * src/libvirt.c (virDomainGetInfo, virDomainGetBlockInfo)
      (virStoragePoolGetInfo, virStorageVolGetInfo)
      (virDomainGetJobInfo, virDomainGetBlockJobInfo): Move memset
      before any returns.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      c05aebfd
  27. 10 1月, 2014 6 次提交
    • C
      c4dadf23
    • E
      virt-login-shell: fix regressions in behavior · 3d007cb5
      Eric Blake 提交于
      Our fixes for CVE-2013-4400 were so effective at "fixing" bugs
      in virt-login-shell that we ended up fixing it into a useless
      do-nothing program.
      
      Commit 3e2f27e1 picked the name LIBVIRT_SETUID_RPC_CLIENT for
      the witness macro when we are doing secure compilation.  But
      commit 9cd6a57d checked whether the name IN_VIRT_LOGIN_SHELL,
      from an earlier version of the patch series, was defined; with
      the net result that virt-login-shell invariably detected that
      it was setuid and failed virInitialize.
      
      Commit b7fcc799 closed all fds larger than stderr, but in the
      wrong place.  Looking at the larger context, we mistakenly did
      the close in between obtaining the set of namespace fds, then
      actually using those fds to switch namespace, which means that
      virt-login-shell will ALWAYS fail.
      
      This is the minimal patch to fix the regressions, although
      further patches are also worth having to clean up poor
      semantics of the resulting program (for example, it is rude to
      not pass on the exit status of the wrapped program back to the
      invoking shell).
      
      * tools/virt-login-shell.c (main): Don't close fds until after
      namespace swap.
      * src/libvirt.c (virGlobalInit): Use correct macro.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      3d007cb5
    • E
      maint: improve VIR_ERR_INVALID_DOMAIN_SNAPSHOT usage · dd0e04d9
      Eric Blake 提交于
      The existing check of domain snapshots validated that they
      point to a domain, but did not validate that the domain
      points to a connection, even though any errors blindly assume
      the connection is valid.  On the other hand, as mentioned in
      commit 6e130ddc, any valid domain is already tied to a valid
      connection, and VIR_IS_SNAPSHOT vs. VIR_IS_DOMAIN_SNAPSHOT
      makes no real difference; it's best to just validate the chain
      of all three.  For consistency with previous patches, continue
      the trend of using a common macro.  For now, we don't need
      virCheckDomainSnapshotGoto().
      
      * src/datatypes.h (virCheckDomainSnapshotReturn): New macro.
      (VIR_IS_SNAPSHOT, VIR_IS_DOMAIN_SNAPSHOT):
      Drop unused macros.
      * src/libvirt.c: Use macro throughout.
      (virLibDomainSnapshotError): Drop unused macro.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      dd0e04d9
    • E
      maint: improve VIR_ERR_INVALID_NWFILTER usage · 7d0a0ab7
      Eric Blake 提交于
      While all errors related to invalid nwfilters appeared to be
      consistent, we might as well continue the trend of using a
      common macro.  As in commit 6e130ddc, the difference between
      VIR_IS_NWFILTER and VIR_IS_CONNECTED_NWFILTER is moot, since
      reference counting means any valid nwfilter is also tied to
      a valid connection.  For now, we don't need virCheckNWFilterGoto().
      
      * src/datatypes.h (virCheckNWFilterReturn): New macro.
      (VIR_IS_NWFILTER, VIR_IS_CONNECTED_NWFILTER): Drop unused macros.
      * src/libvirt.c: Use macro throughout.
      (virLibNWFilterError): Drop unused macro.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      7d0a0ab7
    • E
      maint: improve VIR_ERR_INVALID_STREAM usage · 101f176a
      Eric Blake 提交于
      For streams validation, we weren't consistent on whether to
      use VIR_FROM_NONE or VIR_FROM_STREAMS.  Furthermore, in many
      API, we want to ensure that a stream is tied to the same
      connection as the other object we are operating on; while
      other API failed to validate the stream at all.  And the
      difference between VIR_IS_STREAM and VIR_IS_CONNECTED_STREAM
      is moot; as in commit 6e130ddc, we know that reference
      counting means a valid stream will always be tied to a valid
      connection.  Similar to previous patches, use a common macro
      to make it nicer.
      
      * src/datatypes.h (virCheckStreamReturn, virCheckStreamGoto):
      New macros.
      (VIR_IS_STREAM, VIR_IS_CONNECTED_STREAM): Drop unused macros.
      * src/libvirt.c: Use macro throughout.
      (virLibStreamError): Drop unused macro.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      101f176a
    • E
      maint: improve VIR_ERR_INVALID_SECRET usage · 916273eb
      Eric Blake 提交于
      While all errors related to invalid secrets appeared to be
      consistent, we might as well continue the trend of using a
      common macro.  Just as in commit 6e130ddc, the difference
      between VIR_IS_SECRET and VIR_IS_CONNECTED_SECRET is moot
      (due to reference counting, any valid secret must be tied to
      a valid domain).  For now, we don't need virCheckSecretGoto().
      
      * src/datatypes.h (virCheckSecretReturn): New macro.
      (VIR_IS_SECRET, VIR_IS_CONNECTED_SECRET): Drop unused macros.
      * src/libvirt.c: Use macro throughout.
      (virLibSecretError): Drop unused macro.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      916273eb