1. 15 3月, 2013 4 次提交
    • V
      S390: Testcases for virtio-scsi and virtio-rng · 53187afd
      Viktor Mihajlovski 提交于
      Adding test cases for virtio-scsi and virtio-rng. Since ccw is covering
      the superset of the s390 bus handling, these are deemed to be sufficient.
      Signed-off-by: NViktor Mihajlovski <mihajlov@linux.vnet.ibm.com>
      53187afd
    • V
      S390: Enable virtio-scsi and virtio-rng · 4c1d1497
      Viktor Mihajlovski 提交于
      Newer versions of QEMU support virtio-scsi and virtio-rng devices
      on the virtio-s390 and ccw buses. Adding capability detection,
      address assignment and command line generation for that.
      Signed-off-by: NViktor Mihajlovski <mihajlov@linux.vnet.ibm.com>
      4c1d1497
    • V
      qemu: Rename virtio-scsi capability · 6c927732
      Viktor Mihajlovski 提交于
      QEMU_CAPS_VIRTIO_SCSI_PCI implies that virtio-scsi is only supported
      for the PCI bus, which is not the case. Remove the _PCI suffix.
      Signed-off-by: NViktor Mihajlovski <mihajlov@linux.vnet.ibm.com>
      6c927732
    • L
      util: fix clear_emulator_capabilities=0 · 49fa91b3
      Laine Stump 提交于
      My commit 7a2e845a (and its
      prerequisites) managed to effectively ignore the
      clear_emulator_capabilities setting in qemu.conf (visible in the code
      as the VIR_EXEC_CLEAR_CAPS flag when qemu is being exec'ed), with the
      result that the capabilities are always cleared regardless of the
      qemu.conf setting. This patch fixes it by passing the flag through to
      virSetUIDGIDWithCaps(), which uses it to decide whether or not to
      clear existing capabilities before adding in those that were
      requested.
      
      Note that the existing capabilities are *always* cleared if the new
      process is going to run as non-root, since the whole point of running
      non-root is to have the capabilities removed (it's still possible to
      maintain individual capabilities as needed using the capBits argument
      though).
      49fa91b3
  2. 14 3月, 2013 17 次提交
    • E
      qemu: detect multi-head qxl via more than version check · 5ac846e4
      Eric Blake 提交于
      Multi-head QXL support is so useful that distros have started to
      backport it to qemu earlier than 1.2.  After discussion with
      Alon Levy, we determined that the existence of the qxl-vga.surfaces
      property is a reliable indicator of whether '-device qxl-vga' works,
      or whether we have to stick to the older '-vga qxl'.  I'm leaving
      in the existing check for QEMU_CAPS_DEVICE_VIDEO_PRIMARY tied to
      qemu 1.2 and newer (in case qemu is built without qxl support),
      but for those distros that backport qxl, this additional capability
      check will allow the correct command line for both RHEL 6.3 (which
      lacks the feature) and RHEL 6.4 (where qemu still claims to be
      version 0.12.2.x, but has backported multi-head qxl).
      
      * src/qemu/qemu_capabilities.c (virQEMUCapsObjectPropsQxlVga): New
      property test.
      (virQEMUCapsExtractDeviceStr): Probe for backport of new
      capability to qemu earlier than 1.2.
      * tests/qemuhelpdata/qemu-kvm-1.2.0-device: Update test.
      * tests/qemuhelpdata/qemu-1.2.0-device: Likewise.
      * tests/qemuhelpdata/qemu-kvm-0.12.1.2-rhel62-beta-device:
      Likewise.
      5ac846e4
    • D
      Fix deps for generating RPC dispatch code · 0946c5f5
      Daniel P. Berrange 提交于
      The src/lxc/lxc_*_dispatch.h files only had deps on the
      RPC generator script & the XDR definition file. So when
      the Makefile.am args passed to the generator were change,
      the disaptch code was not re-generated. This caused a
      build failure
      
        CC       libvirt_lxc-lxc_controller.o
      lxc/lxc_controller.c: In function 'virLXCControllerSetupServer':
      lxc/lxc_controller.c:718:47: error: 'virLXCMonitorProcs' undeclared (first use in this function)
      lxc/lxc_controller.c:718:47: note: each undeclared identifier is reported only once for each function it appears in
      lxc/lxc_controller.c:719:47: error: 'virLXCMonitorNProcs' undeclared (first use in this function)
      make[3]: *** [libvirt_lxc-lxc_controller.o] Error 1
      
      For added fun, the generated files were not listed in
      CLEANFILES, so only a 'git clean -f' would fix the build
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      0946c5f5
    • J
      Fix size probing for VDI images · 6e46477c
      Ján Tomko 提交于
      Commit 027bf2ea used the wrong offset: the text field at the start
      of the header has 64 bytes, not 68. [1]
      
      Bug: https://bugzilla.redhat.com/show_bug.cgi?id=921452
      
      [1] https://forums.virtualbox.org/viewtopic.php?p=29267#p29267
      6e46477c
    • D
      Fix generation of systemtap probes for RPC protocols · 403594eb
      Daniel P. Berrange 提交于
      The naming used in the RPC protocols for the LXC monitor and
      lock daemon confused the script used to generate systemtap
      helper functions. Rename the LXC monitor protocol symbols to
      reduce confusion. Adapt the gensystemtap.pl script to cope
      with the LXC monitor / lock daemon naming conversions.
      
      This has no functional impact on RPC wire protocol, since
      names are only used in the C layer
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      403594eb
    • D
      Re-add DTrace probes on 'dispose' functions · ad9ea4a9
      Daniel P. Berrange 提交于
      When converting to virObject, the probes on the 'Free' functions
      were removed on the basis that there is a probe on virObjectFree
      that suffices. This puts a burden on people writing probe scripts
      to identify which object is being dispose. This adds back probes
      in the 'Dispose' functions and updates the rpc monitor systemtap
      example to use them
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      ad9ea4a9
    • D
      Fix parsing of SELinux ranges without a category · 1732c1c6
      Daniel P. Berrange 提交于
      Normally libvirtd should run with a SELinux label
      
        system_u:system_r:virtd_t:s0-s0:c0.c1023
      
      If a user manually runs libvirtd though, it is sometimes
      possible to get into a situation where it is running
      
        system_u:system_r:init_t:s0
      
      The SELinux security driver isn't expecting this and can't
      parse the security label since it lacks the ':c0.c1023' part
      causing it to complain
      
        internal error Cannot parse sensitivity level in s0
      
      This updates the parser to cope with this, so if no category
      is present, libvirtd will hardcode the equivalent of c0.c1023.
      
      Now this won't work if SELinux is in Enforcing mode, but that's
      not an issue, because the user can only get into this problem
      if in Permissive mode. This means they can now start VMs in
      Permissive mode without hitting that parsing error
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      1732c1c6
    • D
      Separate MCS range parsing from MCS range checking · 4a92fe44
      Daniel P. Berrange 提交于
      Pull the code which parses the current process MCS range
      out of virSecuritySELinuxMCSFind and into a new method
      virSecuritySELinuxMCSGetProcessRange.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      4a92fe44
    • D
      Fix memory leak on OOM in virSecuritySELinuxMCSFind · f2d8190c
      Daniel P. Berrange 提交于
      The body of the loop in virSecuritySELinuxMCSFind would
      directly 'return NULL' on OOM, instead of jumping to the
      cleanup label. This caused a leak of several local vars.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      f2d8190c
    • D
      Avoid closing uninitialized FDs when LXC startup fails · 2f98a7f7
      Daniel P. Berrange 提交于
      If an LXC domain failed to start because of a bogus SELinux
      label, virLXCProcessStart would call VIR_CLOSE(0) by mistake.
      This is because the code which initializes the member of the
      ttyFDs array to -1 got moved too far away from the place where
      the array is first allocated.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      2f98a7f7
    • D
      Prevent streams from becoming libvirtd controlling TTY · b2878ed8
      Daniel P. Berrange 提交于
      When opening a stream to a device which is a TTY, that device
      may become the controlling TTY of libvirtd, if libvirtd was
      daemonized. This in turn means when the other end of the stream
      closes, libvirtd gets SIGHUP, causing it to reload its config.
      Prevent this by forcing O_NOCTTY on all streams that are opened
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      b2878ed8
    • P
      virtio-rng: Add rate limiting options for virtio-RNG · 32bd699f
      Peter Krempa 提交于
      Qemu's implementation of virtio RNG supports rate limiting of the
      entropy used. This patch exposes the option to tune this functionality.
      
      This patch is based on qemu commit 904d6f588063fb5ad2b61998acdf1e73fb4
      
      The rate limiting is exported in the XML as:
      <devices>
        ...
        <rng model='virtio'>
          <rate bytes='123' period='1234'/>
          <backend model='random'/>
        </rng>
        ...
      32bd699f
    • G
      util: escapes special characters in VIR_LOG_REGEX · eb086eb5
      Guannan Ren 提交于
      In debug mode, the bug failed to start vm
      error: Failed to start domain rhel5u9
      error: internal error Out of space while reading console log output:
      ...
      eb086eb5
    • V
      S390: Testcases for virtio-ccw machines · 3eefaccd
      Viktor Mihajlovski 提交于
      This adds and corrects testcases for virtio devices on s390
      guests.
      Signed-off-by: NViktor Mihajlovski <mihajlov@linux.vnet.ibm.com>
      3eefaccd
    • J
      S390: Add hotplug support for s390 virtio devices · f946462e
      J.B. Joret 提交于
      We didn't yet expose the virtio device attach and detach functionality
      for s390 domains as the device hotplug was very limited with the old
      virtio-s390 bus. With the CCW bus there's full hotplug support for
      virtio devices in QEMU, so we are adding this to libvirt too.
      
      Since the virtio hotplug isn't limited to PCI anymore, we change the
      function names from xxxPCIyyy to xxxVirtioyyy, where we handle all
      three virtio bus types.
      Signed-off-by: NJ.B. Joret <jb@linux.vnet.ibm.com>
      Signed-off-by: NViktor Mihajlovski <mihajlov@linux.vnet.ibm.com>
      f946462e
    • V
      S390: QEMU driver support for CCW addresses · 608512b2
      Viktor Mihajlovski 提交于
      This commit adds the QEMU driver support for CCW addresses. The
      current QEMU only allows virtio devices to be attached to the
      CCW bus. We named the new capability indicating that support
      QEMU_CAPS_VIRTIO_CCW accordingly.
      
      The fact that CCW devices can only be assigned to domains with a
      machine type of s390-ccw-virtio requires a few extra checks for
      machine type in qemu_command.c on top of querying
      QEMU_CAPS_VIRTIO_{CCW|S390}.
      
      The majority of the new functions deals with CCW address generation
      and management.
      Signed-off-by: NViktor Mihajlovski <mihajlov@linux.vnet.ibm.com>
      608512b2
    • V
      S390: domain_conf support for CCW · e50a1bae
      Viktor Mihajlovski 提交于
      Add necessary handling code for the new s390 CCW address type to
      virDomainDeviceInfo. Further, introduce  memory management, XML
      parsing, output formatting and range validation for the new
      virDomainDeviceCCWAddress type.
      Signed-off-by: NViktor Mihajlovski <mihajlov@linux.vnet.ibm.com>
      e50a1bae
    • V
      S390: Documentation for CCW address type · 41ce2c9e
      Viktor Mihajlovski 提交于
      The native bus for s390 I/O is called CCW (channel command word).
      As QEMU has added basic support for the CCW bus, i.e. the
      ability to assign CCW devnos (bus addresses) to devices.
      Domains with the new machine type s390-ccw-virtio can use the
      CCW bus. Currently QEMU will only allow to define virtio
      devices on the CCW bus.
      Here we add the new machine type and the new device address to the
      schema definition and add a new paragraph to the domain XML
      documentation.
      Signed-off-by: NViktor Mihajlovski <mihajlov@linux.vnet.ibm.com>
      41ce2c9e
  3. 13 3月, 2013 9 次提交
    • D
      Daemonize fuse thread in libvirt_lxc · e31f32c6
      Daniel P. Berrange 提交于
      In some startup failure modes, the fuse thread may get itself
      wedged. This will cause the entire libvirt_lxc process to
      hang trying to the join the thread. There is no compelling
      reason to wait for the thread to exit if the whole process
      is exiting, so just daemonize the fuse thread instead.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      e31f32c6
    • D
      Use separate symbol file for GNUTLS symbols · 83d7e4e4
      Daniel P. Berrange 提交于
      A number of symbols are only present when GNUTLS is enabled.
      Thus we must use a separate libvirt_gnutls.syms file for them
      instead of libvirt_private.syms
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      83d7e4e4
    • D
      Fix missing error dispatch in virDomainLxcEnterNamespace · b5d014c3
      Daniel P. Berrange 提交于
      The virDomainLxcEnterNamespace method mistakenly uses
      virCheckFlags, which returns immediately instead of
      virCheckFlagsGoto which jumps to the error cleanup
      patch where there is a virDispatchError call
      b5d014c3
    • D
      Fix query of LXC security label · a0881019
      Daniel P. Berrange 提交于
      The virDomainGetSecurityLabel method is currently (mistakenly)
      showing the label of the libvirt_lxc process:
      
      ...snip...
      Security model: selinux
      Security DOI:   0
      Security label: system_u:system_r:virtd_t:s0-s0:c0.c1023 (permissive)
      
      when it should be showing the init process label
      
      ...snip...
      Security model: selinux
      Security DOI:   0
      Security label: system_u:system_r:svirt_t:s0:c724,c995 (permissive)
      a0881019
    • D
      Apply security label when entering LXC namespaces · e4e69e89
      Daniel P. Berrange 提交于
      Add a new virDomainLxcEnterSecurityLabel() function as a
      counterpart to virDomainLxcEnterNamespaces(), which can
      change the current calling process to have a new security
      context. This call runs client side, not in libvirtd
      so we can't use the security driver infrastructure.
      
      When entering a namespace, the process spawned from virsh
      will default to running with the security label of virsh.
      The actual desired behaviour is to run with the security
      label of the container most of the time. So this changes
      virsh lxc-enter-namespace command to invoke the
      virDomainLxcEnterSecurityLabel method.
      
      The current behaviour is:
      
      LABEL                             PID TTY          TIME CMD
      system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 1 pts/0 00:00:00 systemd
      system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 3 pts/1 00:00:00 sh
      system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 24 ? 00:00:00 systemd-journal
      system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 29 ? 00:00:00 dhclient
      staff_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 47 ? 00:00:00 ps
      
      Note the ps command is running as unconfined_t,  After this patch,
      
      The new behaviour is this:
      
      virsh -c lxc:/// lxc-enter-namespace dan -- /bin/ps -eZ
      LABEL                             PID TTY          TIME CMD
      system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 1 pts/0 00:00:00 systemd
      system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 3 pts/1 00:00:00 sh
      system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 24 ? 00:00:00 systemd-journal
      system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 32 ? 00:00:00 dhclient
      system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 38 ? 00:00:00 ps
      
      The '--noseclabel' flag can be used to skip security labelling.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      e4e69e89
    • M
      qemu_driver: Try KVM_CAP_MAX_VCPUS only if defined · 3b94239f
      Michal Privoznik 提交于
      With our recent patch (1715c83b) we thrive to get the correct
      number of maximal VCPUs. However, we are using a constant from
      linux/kvm.h which may be not defined in every distro. Hence, we
      should guard usage of the constant with ifdef preprocessor
      directive. This was introduced in kernel:
      
          commit 8c3ba334f8588e1d5099f8602cf01897720e0eca
          Author: Sasha Levin <levinsasha928@gmail.com>
          Date:   Mon Jul 18 17:17:15 2011 +0300
      
          KVM: x86: Raise the hard VCPU count limit
      
          The patch raises the hard limit of VCPU count to 254.
      
          This will allow developers to easily work on scalability
          and will allow users to test high VCPU setups easily without
          patching the kernel.
      
          To prevent possible issues with current setups, KVM_CAP_NR_VCPUS
          now returns the recommended VCPU limit (which is still 64) - this
          should be a safe value for everybody, while a new KVM_CAP_MAX_VCPUS
          returns the hard limit which is now 254.
      
      $ git desc 8c3ba334f
      v3.1-rc7-48-g8c3ba33
      3b94239f
    • P
      virCaps: conf: start splitting out irrelevat data · 27cf98e2
      Peter Krempa 提交于
      The virCaps structure gathered a ton of irrelevant data over time that.
      The original reason is that it was propagated to the XML parser
      functions.
      
      This patch aims to create a new data structure virDomainXMLConf that
      will contain immutable data that are used by the XML parser. This will
      allow two things we need:
      
      1) Get rid of the stuff from virCaps
      
      2) Allow us to add callbacks to check and add driver specific stuff
      after domain XML is parsed.
      
      This first attempt removes pointers to private data allocation functions
      to this new structure and update all callers and function that require
      them.
      27cf98e2
    • D
      Remove hack using existance of an 'identity' string to disable auth · be27de6e
      Daniel P. Berrange 提交于
      Currently the server determines whether authentication of clients
      is complete, by checking whether an identity is set. This patch
      removes that lame hack and replaces it with an explicit method
      for changing the client auth code
      
      * daemon/remote.c: Update for new APis
      * src/libvirt_private.syms, src/rpc/virnetserverclient.c,
        src/rpc/virnetserverclient.h: Remove virNetServerClientGetIdentity
        and virNetServerClientSetIdentity, adding a new method
        virNetServerClientSetAuth.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      be27de6e
    • D
      Add API for thread cancellation · a2997142
      Daniel P. Berrange 提交于
      Add a virThreadCancel function. This functional is inherently
      dangerous and not something we want to use in general, but
      integration with SELinux requires that we provide this stub.
      We leave out any Win32 impl to discourage further use and
      because obviously SELinux isn't enabled on Win32
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      a2997142
  4. 12 3月, 2013 4 次提交
  5. 11 3月, 2013 5 次提交
    • H
      5c86ace1
    • J
      virsh: fix snapshot-create with no xmlfile · 2fc5ff11
      Ján Tomko 提交于
      Properly check the return value of vshCommandOptStringReq for xmlfile:
      * error out on incorrect input (--xmlfile '')
      * use default XML <domainsnapshot/> with no --xmlfile specified
      
      (Broken by commit b2e85855)
      
      Bug: https://bugzilla.redhat.com/show_bug.cgi?id=919826
      2fc5ff11
    • G
      Convert HAVE_SELINUX to WITH_SELINUX · 531b4fe8
      Guido Günther 提交于
      these were missed by 63f18f37
      531b4fe8
    • G
      lxc: Init activeUsbHostdevs · 6082bc27
      Guido Günther 提交于
      otherwise we crash with
      
       #0  virUSBDeviceListFind (list=0x0, dev=dev@entry=0x8193d70) at util/virusb.c:526
       #1  0xb1a4995b in virLXCPrepareHostdevUSBDevices (driver=driver@entry=0x815d9a0, name=0x815dbf8 "debian-700267", list=list@entry=0x81d8f08) at lxc/lxc_hostdev.c:88
       #2  0xb1a49fce in virLXCPrepareHostUSBDevices (def=0x8193af8, driver=0x815d9a0) at lxc/lxc_hostdev.c:261
       #3  virLXCPrepareHostDevices (driver=driver@entry=0x815d9a0, def=0x8193af8) at lxc/lxc_hostdev.c:328
       #4  0xb1a4c5b1 in virLXCProcessStart (conn=0x817d3f8, driver=driver@entry=0x815d9a0, vm=vm@entry=0x8190908, autoDestroy=autoDestroy@entry=false, reason=reason@entry=VIR_DOMAIN_RUNNING_BOOTED)
           at lxc/lxc_process.c:1068
       #5  0xb1a57e00 in lxcDomainStartWithFlags (dom=dom@entry=0x815e460, flags=flags@entry=0) at lxc/lxc_driver.c:1014
       #6  0xb1a57fc3 in lxcDomainStart (dom=0x815e460) at lxc/lxc_driver.c:1046
       #7  0xb79c8375 in virDomainCreate (domain=domain@entry=0x815e460) at libvirt.c:8450
       #8  0x08078959 in remoteDispatchDomainCreate (args=0x81920a0, rerr=0xb65c21d0, client=0xb0d00490, server=<optimized out>, msg=<optimized out>) at remote_dispatch.h:1066
       #9  remoteDispatchDomainCreateHelper (server=0x80c4928, client=0xb0d00490, msg=0xb0d005b0, rerr=0xb65c21d0, args=0x81920a0, ret=0x815d208) at remote_dispatch.h:1044
       #10 0xb7a36901 in virNetServerProgramDispatchCall (msg=0xb0d005b0, client=0xb0d00490, server=0x80c4928, prog=0x80c6438) at rpc/virnetserverprogram.c:432
       #11 virNetServerProgramDispatch (prog=0x80c6438, server=server@entry=0x80c4928, client=0xb0d00490, msg=0xb0d005b0) at rpc/virnetserverprogram.c:305
       #12 0xb7a300a7 in virNetServerProcessMsg (msg=<optimized out>, prog=<optimized out>, client=<optimized out>, srv=0x80c4928) at rpc/virnetserver.c:162
       #13 virNetServerHandleJob (jobOpaque=0xb0d00510, opaque=0x80c4928) at rpc/virnetserver.c:183
       #14 0xb7924f98 in virThreadPoolWorker (opaque=opaque@entry=0x80a94b0) at util/virthreadpool.c:144
       #15 0xb7924515 in virThreadHelper (data=0x80a9440) at util/virthreadpthread.c:161
       #16 0xb7887c39 in start_thread (arg=0xb65c2b70) at pthread_create.c:304
       #17 0xb77eb78e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130
      
      when adding a domain with a usb device. This is Debian bug
      
          http://bugs.debian.org/700267
      6082bc27
    • M
      bandwidth: Require network QoS if interface uses 'floor' · f3fb916d
      Michal Privoznik 提交于
      By current implementation, network inbound is required in order
      to use 'floor' for guaranteeing  minimal throughput. This is so,
      because we want user to tell us the maximal throughput of the
      network instead of finding out ourselves (and detect bogus values
      in case of virtual interfaces). However, we are nowadays
      requiring this only on documentation level. So if user starts a
      domain with 'floor' set on one its interfaces, we silently ignore
      the setting. We should error out instead.
      f3fb916d
  6. 10 3月, 2013 1 次提交