1. 14 1月, 2011 1 次提交
    • J
      Add HAP to virDomainFeature enum · 48a5dccd
      Jim Fehlig 提交于
      Extend the virDomainFeature enumeration to include HAP (hardware
      assisted paging) feature.
      
      Hardware features such as Extended Page Table and Nested Page
      Table augment hypervisor software techniques such as shadow
      page table.  Adding HAP to the virDomainFeature enumeration
      allows users to select between hardware and software memory
      management mechanisms for their guests.
      48a5dccd
  2. 13 1月, 2011 9 次提交
  3. 12 1月, 2011 4 次提交
  4. 11 1月, 2011 10 次提交
    • R
      qemu: Watchdog IB700 is not a PCI device (RHBZ#667091). · feddaf1d
      Richard W.M. Jones 提交于
      Skip IB700 when assigning PCI slots.
      
      Note: the I6300ESB watchdog _is_ a PCI device.
      
      To test this: I applied this patch to libvirt-0.8.3-2.fc14 (rebasing
      it slightly: qemu_command.c didn't exist in that version) and
      installed this on my machine, then tested that I could successfully
      add an ib700 watchdog device to a guest, start the guest, and the
      ib700 was available to the guest.  I also added an i6300esb (PCI)
      watchdog to another guest, and verified that libvirt assigned a PCI
      device to it, that the guest could be started, and that i6300esb was
      present in the guest.
      
      Note that if you previously had a domain with a ib700 watchdog, it
      would have had an <address type='pci' .../> clause added to it in the
      libvirt configuration.  This patch does not attempt to remove this.
      You cannot start such a domain -- qemu gives an error if you try.
      With this patch you are able to remove the bogus address element
      without libvirt adding it back.
      Signed-off-by: NRichard W.M. Jones <rjones@redhat.com>
      feddaf1d
    • E
      cpu: plug memory leak · fae1b8aa
      Eric Blake 提交于
      * src/cpu/cpu_x86.c (x86ModelLoad): Free data before overwriting.
      fae1b8aa
    • E
      network: plug memory leak · 6e2bab80
      Eric Blake 提交于
      * src/conf/network_conf.c (virNetworkDefParseXML): Release ipNodes.
      6e2bab80
    • E
      network: plug unininitialized read found by valgrind · 243b7814
      Eric Blake 提交于
      * src/util/network.c (virSocketAddrMask): Zero out port, so that
      iptables can initialize just the netmask then call
      virSocketFormatAddr without an uninitialized read in getnameinfo.
      243b7814
    • J
      718a8dc6
    • C
      python: Use PyCapsule API if available · 4254dfea
      Cole Robinson 提交于
      On Fedore 14, virt-manager spews a bunch of warnings to the console:
      
      /usr/lib64/python2.7/site-packages/libvirt.py:1781: PendingDeprecationWarning: The CObject type is marked Pending Deprecation in Python 2.7.  Please use capsule objects instead.
      
      Have libvirt use the capsule API if available. I've verified this compiles
      fine on older python (2.6 in RHEL6 which doesn't have capsules), and
      virt-manager seems to function fine.
      4254dfea
    • C
      event-test: Simplify debug on/off · 8f3b6bc2
      Cole Robinson 提交于
      Make it easy to change debugging if being used by a client program.
      8f3b6bc2
    • C
      remote: Don't lose track of events when callbacks are slow · 1dd5c7f2
      Cole Robinson 提交于
      After the remote driver runs an event callback, it unconditionally disables the
      loop timer, thinking it just flushed every queued event. This doesn't work
      correctly though if an event is queued while a callback is running.
      
      The events actually aren't being lost, it's just that the event loop didn't
      think there was anything that needed to be dispatched. So all those 'lost
      events' should actually get re-triggered if you manually kick the loop by
      generating a new event (like creating a new guest).
      
      The solution is to disable the dispatch timer _before_ we invoke any event
      callbacks. Events queued while a callback is running will properly reenable the
      timer.
      
      More info at https://bugzilla.redhat.com/show_bug.cgi?id=624252
      1dd5c7f2
    • D
      Refactor the security drivers to simplify usage · d6623003
      Daniel P. Berrange 提交于
      The current security driver usage requires horrible code like
      
          if (driver->securityDriver &&
              driver->securityDriver->domainSetSecurityHostdevLabel &&
              driver->securityDriver->domainSetSecurityHostdevLabel(driver->securityDriver,
                                                                    vm, hostdev) < 0)
      
      This pair of checks for NULL clutters up the code, making the driver
      calls 2 lines longer than they really need to be. The goal of the
      patchset is to change the calling convention to simply
      
        if (virSecurityManagerSetHostdevLabel(driver->securityDriver,
                                              vm, hostdev) < 0)
      
      The first check for 'driver->securityDriver' being NULL is removed
      by introducing a 'no op' security driver that will always be present
      if no real driver is enabled. This guarentees driver->securityDriver
      != NULL.
      
      The second check for 'driver->securityDriver->domainSetSecurityHostdevLabel'
      being non-NULL is hidden in a new abstraction called virSecurityManager.
      This separates the driver callbacks, from main internal API. The addition
      of a virSecurityManager object, that is separate from the virSecurityDriver
      struct also allows for security drivers to carry state / configuration
      information directly. Thus the DAC/Stack drivers from src/qemu which
      used to pull config from 'struct qemud_driver' can now be moved into
      the 'src/security' directory and store their config directly.
      
      * src/qemu/qemu_conf.h, src/qemu/qemu_driver.c: Update to
        use new virSecurityManager APIs
      * src/qemu/qemu_security_dac.c,  src/qemu/qemu_security_dac.h
        src/qemu/qemu_security_stacked.c, src/qemu/qemu_security_stacked.h:
        Move into src/security directory
      * src/security/security_stack.c, src/security/security_stack.h,
        src/security/security_dac.c, src/security/security_dac.h: Generic
        versions of previous QEMU specific drivers
      * src/security/security_apparmor.c, src/security/security_apparmor.h,
        src/security/security_driver.c, src/security/security_driver.h,
        src/security/security_selinux.c, src/security/security_selinux.h:
        Update to take virSecurityManagerPtr object as the first param
        in all callbacks
      * src/security/security_nop.c, src/security/security_nop.h: Stub
        implementation of all security driver APIs.
      * src/security/security_manager.h, src/security/security_manager.c:
        New internal API for invoking security drivers
      * src/libvirt.c: Add missing debug for security APIs
      d6623003
    • O
      conf: Report error if invalid type specified for character device · 92d65301
      Osier Yang 提交于
      If invalid type is specified, e.g.
      <serial type='foo'>
          <target port='0'/>
      </serial>
      
      We replace 'foo' with "null" type implicitly, without reporting an
      error message to tell the user, and "start" or "edit" the domain
      will be success.
      
      It's not good to guess what the user wants, This patch is to fix
      the problem.
      
      * src/conf/domain_conf.c
      92d65301
  5. 10 1月, 2011 1 次提交
    • J
      daemon: Fix core dumps if unix_sock_group is set · 5e5acbc8
      Jiri Denemark 提交于
      Setting unix_sock_group to something else than default "root" in
      /etc/libvirt/libvirtd.conf prevents system libvirtd from dumping core on
      crash. This is because we used setgid(unix_sock_group) before binding to
      /var/run/libvirt/libvirt-sock* and setgid() back to original group.
      However, if a process changes its effective or filesystem group ID, it
      will be forbidden from leaving core dumps unless fs.suid_dumpable sysctl
      is set to something else then 0 (and it is 0 by default).
      
      Changing socket's group ownership after bind works better. And we can do
      so without introducing a race condition since we loosen access rights by
      changing the group from root to something else.
      5e5acbc8
  6. 08 1月, 2011 2 次提交
  7. 07 1月, 2011 6 次提交
  8. 06 1月, 2011 7 次提交
    • E
      schema: tighten <serial><protocol type=...> relaxNG · 2d44cb49
      Eric Blake 提交于
      * docs/schemas/domain.rng (qemucdevSrcDef): Restrict list of
      supported <protocol type=> values.
      2d44cb49
    • K
      bridge: Fix generation of dnsmasq's --dhcp-hostsfile option · a43c7338
      Kay Schubert 提交于
      I added a host definition to a network definition:
      
      <network>
        <name>Lokal</name>
        <uuid>2074f379-b82c-423f-9ada-305d8088daaa</uuid>
        <bridge name='virbr1' stp='on' delay='0' />
        <ip address='192.168.180.1' netmask='255.255.255.0'>
          <dhcp>
            <range start='192.168.180.128' end='192.168.180.254' />
            <host mac='23:74:00:03:42:02' name='somevm' ip='192.168.180.10' />
          </dhcp>
        </ip>
      </network>
      
      But due to the wrong if-statement the argument --dhcp-hostsfile doesn't get
      added to the dnsmasq command. The patch below fixes it for me.
      a43c7338
    • J
      qemu: Fix bogus warning about uninitialized saveptr · 4684f478
      Jiri Denemark 提交于
      The warning is bogus since strtok_r doesn't use the value when it's
      first called and initializes it for the following calls.
      4684f478
    • L
      Don't chown qemu saved image back to root after save if dynamic_ownership=0 · a691cb88
      Laine Stump 提交于
      When dynamic_ownership=0, saved images must be owned by the same uid
      as is used to run the qemu process, otherwise restore won't work. To
      accomplish this, qemuSecurityDACRestoreSavedStateLabel() needs to
      simply return when it's called.
      
      This fix is in response to:
      
        https://bugzilla.redhat.com/show_bug.cgi?id=661720
      a691cb88
    • E
      maint: document dislike of mismatched if/else bracing · 1000d9c2
      Eric Blake 提交于
      * docs/hacking.html.in (Curly braces): Tighten recommendations to
      disallow if (cond) one-line; else { block; }.
      * HACKING: Regenerate.
      Suggested by Daniel P. Berrange.
      1000d9c2
    • L
      Log an error on attempts to add a NAT rule for non-IPv4 addresses · cd6a8f9c
      Laine Stump 提交于
      Although the upper-layer code protected against it, it was possible to
      call iptablesForwardMasquerade() with an IPv6 address and have it
      attempt to add a rule to the MASQUERADE chain of ip6tables (which
      doesn't exist).
      
      This patch changes that function to check the protocol of the given
      address, generate an error log if it's not IPv4 (AF_INET), and finally
      hardcodes all the family parameters sent down to lower-level functions.
      cd6a8f9c
    • L
      Improve error reporting when parsing dhcp info for virtual networks · 6741ca36
      Laine Stump 提交于
      This is partially in response to
      
        https://bugzilla.redhat.com/show_bug.cgi?id=653300
      
      The crash in that report was coincidentally fixed when we switched
      from using inet_pton() to using virSocketParseAddr(), but the absence
      of an ip address in a dhcp static host definition was still silently
      ignored (and that entry discarded from the saved XML). This patch
      turns that into a logged failure; likewise if the entry has neither a
      mac address nor a name attribute (the entry is useless without at
      least one of those, plus an ip address).
      
      Since the network name is now pulled into this function in order for
      those error logs to be more informative, the other error messages in
      the function have also been changed to take advantage.
      6741ca36