- 10 9月, 2019 3 次提交
-
-
由 Laine Stump 提交于
Traditionally, macvtap devices are supported using <interface type='direct'>, but that type requires specifying a source device name and macvtap mode which can't be altered after the initial device creation (and may not even be available to the management software that's creating the XML config to feed to libvirt). But the attributes in the <source> are essentially describing how the device will be connected to the network, and if libvirt is to be supplied with the name of a macvtap device that has already been created, that device will also already be connected to the network (and the connection can't be changed). Thus it seems more appropriate to use type='ethernet', which was created explicitly for this purpose - for devices that have already been (or will be) connected to the external network by someone/something outside of libvirt. The fact that it is a *macv*tap rather than a contentional tap device is just a detail. This patch supports using an existing macvtap device with <interface type='ethernet'> by checking the supplied target dev name to see if it is a macvtap device and, when this is the case, calling virNetDevMacVLanTapOpen() instead of virNetDevTapCreate(). For consistency, this is only done when target managed='no'. Resolves: https://bugzilla.redhat.com/1723367 (partially) Signed-off-by: NLaine Stump <laine@redhat.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Laine Stump 提交于
If managed='no', then the tap device must already exist, and setting of MAC address and online status (IFF_UP) is skipped. NB: we still set IFF_VNET_HDR and IFF_MULTI_QUEUE as appropriate, because those bits must be properly set in the TUNSETIFF we use to set the tap device name of the handle we've opened - if IFF_VNET_HDR has not been set and we set it the request will be honored even when running libvirtd unprivileged; if IFF_MULTI_QUEUE is requested to be different than how it was created, that will result in an error from the kernel. This means that you don't need to pay attention to IFF_VNET_HDR when creating the tap devices, but you *do* need to set IFF_MULTI_QUEUE if you're going to use multiple queues for your tap device. NB2: /dev/vhost-net normally has permissions 600, so it can't be opened by an unprivileged process. This would normally cause a warning message when using a virtio net device from an unprivileged libvirtd. I've found that setting the permissions for /dev/vhost-net permits unprivileged libvirtd to use vhost-net for virtio devices, but have no idea what sort of security implications that has. I haven't changed libvrit's code to avoid *attempting* to open /dev/vhost-net - if you are concerned about the security of opening up permissions of /dev/vhost-net (probably a good idea at least until we ask someone who knows about the code) then add <driver name='qemu'/> to the interface definition and you'll avoid the warning message. Note that virNetDevTapCreate() is the correct function to call in the case of an existing device, because the same ioctl() that creates a new tap device will also open an existing tap device. Resolves: https://bugzilla.redhat.com/1723367 (partially) Signed-off-by: NLaine Stump <laine@redhat.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Laine Stump 提交于
This just moves around a few things in qemuInterfaceConnect() with no functional difference (except that a few failures that would have previously resulted in a "success" audit log will now properly produce a "fail" audit). The change is so that adding support for unmanaged tap/macvtap devices will be more easily reviewable. Signed-off-by: NLaine Stump <laine@redhat.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com>
-
- 09 9月, 2019 7 次提交
-
-
由 Eric Farman 提交于
When starting a domain, we use the presence of a vfio-pci or mdev hostdev to determine if the memlock maximum needs to be increased. But if we hotplug either of these devices, only the vfio-pci path gets that love. This means that attaching a, say, vfio-ccw device will appear to succeed but the device may be unusable as the guest may see I/O errors on long CCW chains. The host, meanwhile, would be flooded with these messages: vfio_pin_page_external: Task qemu-system-s39 (11584) RLIMIT_MEMLOCK (65536) exceeded Let's adjust the maximum memlock value in the mdev hotplug path, so that the domain has the same value as if it were started with one or more mdev devices in its configuration. Signed-off-by: NEric Farman <farman@linux.ibm.com> Reviewed-by: NDaniel Henrique Barboza <danielhb413@gmail.com> Reviewed-by: NPavel Hrdina <phrdina@redhat.com>
-
由 Eric Farman 提交于
If attaching a PCI hostdev fails, there are several things that need to be un-done as part of the cleanup. One thing that is not done is re-calculating/re-setting the maximum amount of locked memory for the domain, since we may have changed that. Let's fix that, just to ensure everything is back the way it was. Signed-off-by: NEric Farman <farman@linux.ibm.com> Reviewed-by: NDaniel Henrique Barboza <danielhb413@gmail.com> Reviewed-by: NPavel Hrdina <phrdina@redhat.com>
-
由 Eric Farman 提交于
Let's pull this hunk out into a function, so it can be reused in another codepath that needs to do the same thing. Signed-off-by: NEric Farman <farman@linux.ibm.com> Reviewed-by: NDaniel Henrique Barboza <danielhb413@gmail.com> Reviewed-by: NPavel Hrdina <phrdina@redhat.com>
-
由 Daniel Henrique Barboza 提交于
After the previous commits, qemuAddSharedDevice() and qemuRemoveSharedDevice() are now the same code with a different flag to call the internal functions. This patch aggregates the common code into a new function called qemuAddRemoveSharedDeviceInternal() to further reduce code repetition. Both qemuAddSharedDevice() and qemuRemoveSharedDevice() are kept since they are public functions used elsewhere. No functional change was made. Signed-off-by: NDaniel Henrique Barboza <danielhb413@gmail.com> Reviewed-by: NPavel Hrdina <phrdina@redhat.com>
-
由 Daniel Henrique Barboza 提交于
Following the same idea of avoid code repetition from the previous patch, this commit introduces a new function that aggregates the functions of qemuAddSharedDisk() and qemuRemoveSharedDisk() into a single place, using a flag to switch between add/remove operations. Both qemuAddSharedDisk() and qemuRemoveSharedDisk() are public, so keep them around to avoid changing other files due to an internal qemu_conf.c refactory. No functional change was made. Signed-off-by: NDaniel Henrique Barboza <danielhb413@gmail.com> Reviewed-by: NPavel Hrdina <phrdina@redhat.com>
-
由 Daniel Henrique Barboza 提交于
qemuAddSharedHostdev() has a code similar to qemuRemoveSharedHostdev(), with exception of one line that defines the operation (add or remove). This patch introduces a new function that aggregates the common code, using a flag to switch between the operations, avoiding code repetition. No functional change was made. Signed-off-by: NDaniel Henrique Barboza <danielhb413@gmail.com> Reviewed-by: NPavel Hrdina <phrdina@redhat.com>
-
由 Jonathon Jongsma 提交于
Since commit fd9ef3b3, virDomainFindByUUIDRef() no longer exists and all virDomainObjListFindBy*() functions now increment the reference count. Signed-off-by: NJonathon Jongsma <jjongsma@redhat.com> Reviewed-by: NDaniel Henrique Barboza <danielhb413@gmail.com> Reviewed-by: NPavel Hrdina <phrdina@redhat.com>
-
- 07 9月, 2019 1 次提交
-
-
由 Michal Privoznik 提交于
In some places where virDomainObjListForEach() is called the passed callback calls virDomainObjListRemoveLocked(). Well, this is unsafe, because the former only grabs a read lock but the latter modifies the list. I've identified the following unsafe calls: - qemuProcessReconnectAll() - libxlReconnectDomains() The rest seem to be safe. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
- 06 9月, 2019 29 次提交
-
-
由 Michal Privoznik 提交于
The @cmdstr variable is not used really. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Marc-André Lureau 提交于
Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Marc-André Lureau 提交于
When the network interface is of "user" type, and QEMU has the "-net socket,fd=" datagram support, call qemuInterfacePrepareSlirp() to probe and associate a slirp-helper with the interface. The usage of automated slirp-helper can be prevented with disableSlirp (in particular when resuming a VM that didn't start with slirp-helper before). Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Marc-André Lureau 提交于
If a slirp-helper is associated with a network interface (after probing & preparing succesfully), pass the socket fd to QEMU and use "-net socket,fd=". Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Marc-André Lureau 提交于
If a slirp-helper is associated with a network interface, prepare/start/stop the process via qemu-extdevice. Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Marc-André Lureau 提交于
Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Marc-André Lureau 提交于
Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Marc-André Lureau 提交于
For VM started and migrated/saved without slirp-helpers, let's prevent the automatic setup (as it would fail to migrate otherwise). Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Marc-André Lureau 提交于
Save & restore the slirp helper PID associated with a network interface & the probed features. Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Marc-André Lureau 提交于
The unit provides the functions associated with a slirp-helper: - probing / checking capabilities - opening the socketpair - starting / stoping the helper - registering for dbus-vmstate migration Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Marc-André Lureau 提交于
Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Marc-André Lureau 提交于
A slirp helper is a process that provides user-mode networking through a unix domain socket. It is expected to follow the following specification: https://gitlab.freedesktop.org/slirp/libslirp-rs/blob/master/src/bin/README.rstSigned-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Marc-André Lureau 提交于
Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Marc-André Lureau 提交于
Add dbusVMStates to keep a list of dbus-vmstate objects needed for migration. They are populated on the command line during start or qemuDBusVMStateAdd/Remove() will hotplug them as needed. Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Marc-André Lureau 提交于
Add a generic way to run a command through the security management. Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Marc-André Lureau 提交于
pid filenames (from swtpm and other helpers from this series) are based on VM shortname, which is derived from VM id. If the id is reset to early, the state filenames will not be found. Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Marc-André Lureau 提交于
This object is being proposed to qemu upstream "Add dbus-vmstate object". It handles data migration of external processes. Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Marc-André Lureau 提交于
Datagram socket is available since qemu 4.0, commit fdec16e3c2a614e2861f3086b05d444b5d8c3406 ("net/socket: learn to talk with a unix dgram socket"). Required for slirp-helper communication. Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Marc-André Lureau 提交于
Once QEMU is started, the qemuDomainLogContext is owned by it, and can no longer be used from libvirt. Instead, use qemuDomainLogAppendMessage() which will redirect the log. This is not strictly necessary for swtpm, but the following patches are going to reuse qemuExtDeviceLogCommand(). Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Peter Krempa 提交于
Implicitly the query depth is limited by the length of the QAPI schema query, but 'alternate' and 'array' QAPI meta-types don't consume a part of the query string thus a loop on such types would get our traversal code stuck in an infinite loop. Prevent this from happening by limiting the nesting depth to 1000. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Peter Krempa 提交于
When blockdev is used we always should use the blockdev mode for non-shared storage migration. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com>
-
由 Peter Krempa 提交于
Use VIR_AUTOUNREF and remove the cleanup label. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com>
-
由 Peter Krempa 提交于
Use VIR_AUTOFREE and remove the cleanup label. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com>
-
由 Peter Krempa 提交于
Remove the cleanup label as it's empty. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com>
-
由 Peter Krempa 提交于
Remove libvirt's support check for the target of an external snapshot to the blockdev code or qemu. This will potentially require a more complex cleanup but removes a level of hardcoded feature checks. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Peter Krempa 提交于
Use the code for creating or attaching new storage source in the snapshot code and switch to 'blockdev-snapshot' for creating the snapshot itself. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Peter Krempa 提交于
With blockdev we'll be able to support protocols which are not supported by the storage backends in libvirt. This means that we have to be able to skip the creation and relative storage path reading if it's not supported. This will make it impossible to use relative backing for network protocols but that would be almost insane anyways. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Peter Krempa 提交于
Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Peter Krempa 提交于
After we always assume support for the 'transaction' command (c358adc5) and follow-up cleanups qemuDomainSnapshotCreateSingleDiskActive lost its value. Move the code into appropriate helpers and remove the function. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-