- 21 8月, 2018 14 次提交
-
-
由 Peter Krempa 提交于
The disk is not necessary to test the mdevs. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Peter Krempa 提交于
Allow referring to individual node name to resize. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Peter Krempa 提交于
The 'device' field reported by 'query-block' is empty when -blockdev is used. Add an argument which will allow matching disk by using the qdev id so we can use this code with -blockdev. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Peter Krempa 提交于
The 'device' argument matches only the legacy drive alias. For blockdev we need to set the throttling for a QOM id and thus we'll need to use the 'id' field. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Peter Krempa 提交于
The wrapper executes the command and does error detection so there's no need to open-code all of those things. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Peter Krempa 提交于
Move the preparation steps from qemuDomainAttachDiskGeneric up into qemuDomainAttachDeviceDiskLive so that also media changing can use the prepared file. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Peter Krempa 提交于
Use qemuDomainAttachDeviceDiskLive to change the media in qemuDomainChangeDiskLive as the former function already does all the necessary steps to prepare the new medium. This also allows us to turn qemuDomainChangeEjectableMedia static. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Peter Krempa 提交于
Turns out that 'query-nodes' is not what we want and the 'query-blockstats' command was in fact buggy. Revert the new field since it's not needed. This reverts commit 50edca13. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Peter Krempa 提交于
We don't use it for anything useful so it does not make much sense to extract it. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Peter Krempa 提交于
QEMU supports 'block_resize' since 0.14 so we don't need to do explicit checking. Additionally the caller did not use the different value at all. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Peter Krempa 提交于
Remove the pointless "empty path" check and use a better error message if the disk was not found. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Peter Krempa 提交于
Print the differences in case when the expected data does not match. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Peter Krempa 提交于
Currently we'd report the alias of the drive which is backing the cdrom rather than the device itself: $ virsh event ds tray-change --loop event 'tray-change' for domain ds disk drive-ide0-0-1: opened event 'tray-change' for domain ds disk drive-ide0-0-1: closed Report the disk device alias as we document in the API docs: https://libvirt.org/html/libvirt-libvirt-domain.html#virConnectDomainEventTrayChangeCallbackSigned-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Michal Privoznik 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=1610072 Due to historical reasons we were not parsing device info on guestfwd channel. Sure, it doesn't make much sense to parse <address/> but it surely makes sense to parse its alias (which might be an user alias). This reverts commit 47a3dd46 which fixed https://bugzilla.redhat.com/show_bug.cgi?id=1172526. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NAndrea Bolognani <abologna@redhat.com>
-
- 20 8月, 2018 4 次提交
-
-
由 Erik Skultety 提交于
Since we're not saving the platform-specific data into a cache, we're not going to populate the structure, which in turn will cause a crash upon calling virNodeGetSEVInfo because of a NULL pointer dereference. Ultimately, we should start caching this data along with host-specific capabilities like NUMA and SELinux stuff into a separate cache, but for the time being, this is a semi-proper fix for a potential crash. Backtrace (requires libvirtd restart to load qemu caps from cache): #0 qemuGetSEVInfoToParams #1 qemuNodeGetSEVInfo #2 virNodeGetSEVInfo #3 remoteDispatchNodeGetSevInfo #4 remoteDispatchNodeGetSevInfoHelper #5 virNetServerProgramDispatchCall #6 virNetServerProgramDispatch #7 virNetServerProcessMsg #8 virNetServerHandleJob #9 virThreadPoolWorker #10 virThreadHelper https: //bugzilla.redhat.com/show_bug.cgi?id=1612009 Signed-off-by: NErik Skultety <eskultet@redhat.com> Acked-by: NPeter Krempa <pkrempa@redhat.com> Tested-by: NBrijesh Singh <brijesh.singh@amd.com>
-
由 Erik Skultety 提交于
So the procedure to detect SEV support works like this: 1) we detect that sev-guest is among the QOM types and set the cap flag 2) we probe the monitor for SEV support - this is tricky, because QEMU with compiled SEV support will always report -object sev-guest and query-sev-capabilities command, that however doesn't mean SEV is supported 3) depending on what the monitor returned, we either keep or clear the capability flag for SEV Commit a349c6c2 added an explicit check for "GenericError" in the monitor reply to prevent libvirtd to spam logs about missing 'query-sev-capabilities' command. At the same time though, it returned success in this case which means that we didn't clear the capability flag afterwards and happily formatted SEV into qemuCaps. Therefore, adjust all the relevant callers to handle -1 on errors, 0 on SEV being unsupported and 1 on SEV being supported. Signed-off-by: NErik Skultety <eskultet@redhat.com> Acked-by: NPeter Krempa <pkrempa@redhat.com>
-
由 Erik Skultety 提交于
Keep with the recent effort of replacing as many explicit *Free functions with their automatic equivalents. Signed-off-by: NErik Skultety <eskultet@redhat.com> Acked-by: NPeter Krempa <pkrempa@redhat.com>
-
由 Erik Skultety 提交于
In order to test SEV we need real QEMU capabilities. Ideally, this would be tested with -latest capabilities, however, our capabilities are currently tied to Intel HW, even the 2.12.0 containing SEV were edited by hand, so we can only use that one for now, as splitting the capabilities according to the vendor is a refactor for another day. The need for real capabilities comes from the extended SEV platform data (PDH, cbitpos, etc.) we'll need to cache/parse. Signed-off-by: NErik Skultety <eskultet@redhat.com> Acked-by: NPeter Krempa <pkrempa@redhat.com>
-
- 17 8月, 2018 4 次提交
-
-
由 Peter Krempa 提交于
commit 5c81c342 forgot to skip the detaching of the shmem backend when async unplug is requested which meant that we've tried to unplug the backend prior to delivery of the DEVICE_DELETED event. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1618622Signed-off-by: NPeter Krempa <pkrempa@redhat.com>
-
由 Vitaly Kuznetsov 提交于
Qemu-3.0 supports Hyper-V-style PV TLB flush, Windows guests can benefit from this feature as KVM knows which vCPUs are not currently scheduled (and thus don't require any immediate action). Signed-off-by: NVitaly Kuznetsov <vkuznets@redhat.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
-
由 Vitaly Kuznetsov 提交于
Qemu-3.0 supports so-called 'Reenlightenment' notifications and this (in conjunction with 'hv-frequencies') can be used make Hyper-V on KVM pass stable TSC page clocksource to L2 guests. Signed-off-by: NVitaly Kuznetsov <vkuznets@redhat.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
-
由 Vitaly Kuznetsov 提交于
Qemu-2.12 gained 'hv-frequencies' cpu flag to enable Hyper-V frequency MSRs. These MSRs are required (but not sufficient) to make Hyper-V on KVM pass stable TSC page clocksource to L2 guests. Signed-off-by: NVitaly Kuznetsov <vkuznets@redhat.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
-
- 16 8月, 2018 18 次提交
-
-
由 Cole Robinson 提交于
Signed-off-by: NCole Robinson <crobinso@redhat.com>
-
由 Cole Robinson 提交于
Signed-off-by: NCole Robinson <crobinso@redhat.com>
-
由 Michal Privoznik 提交于
There are some path where the buffer is not passed to virCommandAddArgBuffer and therefore the buffer might leak. ==191201== 1,010 bytes in 1 blocks are definitely lost in loss record 826 of 836 ==191201== at 0x4C2CE3F: malloc (vg_replace_malloc.c:298) ==191201== by 0x4C2F1BF: realloc (vg_replace_malloc.c:785) ==191201== by 0x5D39E82: virReallocN (viralloc.c:245) ==191201== by 0x5D3E8F2: virBufferGrow (virbuffer.c:150) ==191201== by 0x5D3E9C8: virBufferAdd (virbuffer.c:185) ==191201== by 0x56EAC98: qemuBuildFloppyCommandLineControllerOptions (qemu_command.c:2162) ==191201== by 0x56EB3E1: qemuBuildDisksCommandLine (qemu_command.c:2370) ==191201== by 0x570055E: qemuBuildCommandLine (qemu_command.c:10315) ==191201== by 0x575EA7F: qemuProcessCreatePretendCmd (qemu_process.c:6777) ==191201== by 0x113DAB: testCompareXMLToArgv (qemuxml2argvtest.c:598) ==191201== by 0x13A75B: virTestRun (testutils.c:180) ==191201== by 0x138BE8: mymain (qemuxml2argvtest.c:2975) Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NErik Skultety <eskultet@redhat.com>
-
由 Christian Ehrhardt 提交于
Libvirt now tries to preserve all mounts under /dev in qemu namespaces. The old rules only listed a set of known paths but those are no more enough. I found some due to containers like /dev/.lxc/* and such but also /dev/console and /dev/net/tun. Libvirt is correct to do so, but we can no more predict the names properly, so we modify the rule to allow a wildcard based pattern matching what libvirt does. Acked-by: NJamie Strandboge <jamie@canonical.com> Signed-off-by: NChristian Ehrhardt <christian.ehrhardt@canonical.com>
-
由 Christian Ehrhardt 提交于
Several cases were found needing /tmp, for example ceph will try to list /tmp This is a compromise of security and usability: - we only allow generally enumerating the base dir - enumerating anything deeper in the dir is at least guarded by the "owner" restriction, but while that protects files of other services it won't protect qemu instances against each other as they usually run with the same user. - even with the owner restriction we only allow read for the wildcard path Acked-by: NJamie Strandboge <jamie@canonical.com> Signed-off-by: NChristian Ehrhardt <christian.ehrhardt@canonical.com>
-
由 Christian Ehrhardt 提交于
If a guest runs unconfined <seclabel type='none'>, but libvirtd is confined then the peer for signal can only be detected as 'unconfined'. That triggers issues like: apparmor="DENIED" operation="signal" profile="/usr/sbin/libvirtd" pid=22395 comm="libvirtd" requested_mask="send" denied_mask="send" signal=term peer="unconfined" To fix this add unconfined as an allowed peer for those operations. I discussed with the apparmor folks, right now there is no better separation to be made in this case. But there might be further down the road with "policy namespaces with scope and view control + stacking" This is more a use-case addition than a fix to the following two changes: - 3b1d19e6 AppArmor: add rules needed with additional mediation features - b482925c apparmor: support ptrace checks Signed-off-by: NChristian Ehrhardt <christian.ehrhardt@canonical.com> Acked-by: NJamie Strandboge <jamie@canonical.com> Acked-by: Nintrigeri <intrigeri+libvirt@boum.org>
-
由 Christian Ehrhardt 提交于
virt-manager's UI connection will need socket access for openGraphicsFD to work - otherwise users will face a failed connection error when opening the UI view. Depending on the exact versions of libvirt and qemu involved this needs either a rule from qemu to libvirt or vice versa. Acked-by: NJamie Strandboge <jamie@canonical.com> Signed-off-by: NChristian Ehrhardt <christian.ehrhardt@canonical.com>
-
由 John Ferlan 提交于
Now that the virAuthGet*Path API's generate all the error messages we can remove them from the callers. Signed-off-by: NJohn Ferlan <jferlan@redhat.com> Reviewed-by: NMarcos Paulo de Souza <marcos.souza.org@gmail.com>
-
由 John Ferlan 提交于
Now that the virAuthGet*Path API's generate all the error messages we can remove them from the callers. Signed-off-by: NJohn Ferlan <jferlan@redhat.com> Reviewed-by: NMarcos Paulo de Souza <marcos.souza.org@gmail.com>
-
由 John Ferlan 提交于
Now that the virAuthGet*Path API's generate all the error messages we can remove them from the callers. This means that we will no longer overwrite the error from the API. Signed-off-by: NJohn Ferlan <jferlan@redhat.com> Reviewed-by: NMarcos Paulo de Souza <marcos.souza.org@gmail.com>
-
由 John Ferlan 提交于
Now that the virAuthGet*Path API's generate all the error messages we can remove them from the callers. This means that we will no longer overwrite the error from the API. Signed-off-by: NJohn Ferlan <jferlan@redhat.com> Reviewed-by: NMarcos Paulo de Souza <marcos.souza.org@gmail.com>
-
由 John Ferlan 提交于
Now that the virAuthGet*Path API's generate all the error messages we can remove them from the callers. This means that we will no longer overwrite the error from the API. Signed-off-by: NJohn Ferlan <jferlan@redhat.com> Reviewed-by: NMarcos Paulo de Souza <marcos.souza.org@gmail.com>
-
由 John Ferlan 提交于
Now that the virAuthGet*Path API's generate all the error messages we can remove them from the callers. This means that we will no longer overwrite the error from the API. Signed-off-by: NJohn Ferlan <jferlan@redhat.com> Reviewed-by: NMarcos Paulo de Souza <marcos.souza.org@gmail.com>
-
由 John Ferlan 提交于
Rather than forcing the caller to generate an error, let's generate the Username or Password error message failure if the auth->cb fails. This is the last error path that needs a specific message for various callers. Signed-off-by: NJohn Ferlan <jferlan@redhat.com> Reviewed-by: NMarcos Paulo de Souza <marcos.souza.org@gmail.com>
-
由 John Ferlan 提交于
If we never find the valid credtype in the list, then we'd return NULL without an error signaled forcing the caller to generate one that will probably be incorrect. Let's be specific. Signed-off-by: NJohn Ferlan <jferlan@redhat.com> Reviewed-by: NMarcos Paulo de Souza <marcos.souza.org@gmail.com>
-
由 John Ferlan 提交于
Now that the virAuthGet*Path helpers make the checks, we can remove them from here. Signed-off-by: NJohn Ferlan <jferlan@redhat.com> Reviewed-by: NMarcos Paulo de Souza <marcos.souza.org@gmail.com>
-
由 John Ferlan 提交于
Before trying to call @auth->cb, let's ensure it exists. Signed-off-by: NJohn Ferlan <jferlan@redhat.com> Reviewed-by: NMarcos Paulo de Souza <marcos.souza.org@gmail.com>
-
由 John Ferlan 提交于
Before trying to dereference @auth, let's ensure it's valid. Signed-off-by: NJohn Ferlan <jferlan@redhat.com> Reviewed-by: NMarcos Paulo de Souza <marcos.souza.org@gmail.com>
-