1. 16 12月, 2015 10 次提交
    • M
      qemu: Search all nodes for shared memory access · 68d4245d
      Martin Kletzander 提交于
      In commit 686eb7a2, the break was not considered part of the
      condition, hence breaking after first node when searching.
      Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
      68d4245d
    • A
      pci: Use virPCIDeviceAddress in virPCIDevice · 77434541
      Andrea Bolognani 提交于
      Instead of replicating the information (domain, bus, slot, function)
      inside the virPCIDevice structure, use the already-existing
      virPCIDeviceAddress structure.
      
      For users of the module, this means that the object returned by
      virPCIDeviceGetAddress() can no longer be NULL and must no longer
      be freed by the caller.
      77434541
    • I
      libxl: Use libxentoollog in preference to libxenctrl if available. · 716be257
      Ian Campbell 提交于
      Upstream Xen is in the process of splitting the (stable API) xtl_*
      interfaces out from the (unstable API) libxenctrl library and into a
      new (stable API) libxentoollog.
      
      In order to be compatible with Xen both before and after this
      transition check for xtl_createlogger_stdiostream in a libxentoollog
      library and use it if present. If it is not present assume it is in
      libxenctrl.
      
      Compile tested on Xen 4.6 and a development tree with the split in
      place.
      Signed-off-by: NIan Campbell <ian.campbell@citrix.com>
      716be257
    • J
      libxl: implement virDomainGetJobStats · b7b43919
      Joao Martins 提交于
      Introduces support for domainGetJobStats which has the same
      info as domainGetJobInfo but in a slightly different format.
      Another difference is that virDomainGetJobStats can also
      retrieve info on the most recently completed job. Though so
      far this is only used in the source node to know if the
      migration has been completed. But because we don't support
      completed jobs we will deliver an error.
      Signed-off-by: NJoao Martins <joao.m.martins@oracle.com>
      b7b43919
    • J
      libxl: implement virDomainGetJobInfo · ad716651
      Joao Martins 提交于
      Introduce support for domainGetJobInfo to get info about the
      ongoing job. If the job is active it will update the
      timeElapsed which is computed with the "started" field added to
      struct libxlDomainJobObj.  For now we support just the very basic
      info and all jobs have VIR_DOMAIN_JOB_UNBOUNDED (i.e. no completion
      time estimation) plus timeElapsed computed.
      
      Openstack Kilo uses the Job API to monitor live-migration
      progress which is currently nonexistent in libxl driver and
      therefore leads to a crash in the nova compute node. Right
      now, migration doesn't use jobs in the source node and will
      return VIR_DOMAIN_JOB_NONE. Though nova handles this case and
      will migrate it properly instead of crashing.
      Signed-off-by: NJoao Martins <joao.m.martins@oracle.com>
      ad716651
    • J
      storage: Add helper to compare logical pool def against pvs output · 71b803ac
      John Ferlan 提交于
      https://bugzilla.redhat.com/show_bug.cgi?id=1025230
      
      Add a new helper virStorageBackendLogicalMatchPoolSource to compare the
      pool's source name against the output from a 'pvs' command to list all
      volume group physical volume data on the host.  In addition, compare the
      pool's source device list against the particular volume group's device
      list to ensure the source device(s) listed for the pool match what the
      was listed for the volume group.
      
      Then for pool startup or check API's we need to call this new API in
      order to ensure that the pool we're about to start or declare active
      during checkPool has a valid definition vs. the running host.
      71b803ac
    • J
      storage: Create helper for virStorageBackendLogicalFindPoolSources · ae5519f7
      John Ferlan 提交于
      Rework virStorageBackendLogicalFindPoolSources a bit to create a
      helper virStorageBackendLogicalGetPoolSources that will make the
      pvs call in order to generate a list of associated pv_name and vg_name's.
      
      A future patch will make use of this for start/check processing to
      ensure the storage pool source definition matches expectations.
      ae5519f7
    • J
      storage: Check FS pool source during virStorageBackendFileSystemIsMounted · dae7007d
      John Ferlan 提交于
      https://bugzilla.redhat.com/show_bug.cgi?id=1025230
      
      When determining whether a FS pool is mounted, rather than assuming that
      the FS pool is mounted just because the target.path is in the mount list,
      let's make sure that the FS pool source matches what is mounted
      dae7007d
    • J
      storage: Refactor virStorageBackendFileSystemGetPoolSource · 61c29fe5
      John Ferlan 提交于
      Refactor code to use standard return functioning with respect to setting
      a ret value and going to cleanup.
      61c29fe5
    • J
      storage: Create helper to generate FS pool source value · 1d1330f3
      John Ferlan 提交于
      Refactor the code that builds the pool source string during the FS
      storage pool mount to be a separate helper.
      
      A future patch will use the helper in order to validate the mounted
      FS matches the pool's expectation during poolCheck processing
      1d1330f3
  2. 15 12月, 2015 10 次提交
    • L
      qemu: add bootindex option to hostdev network interface commandline · a8e3247e
      Laine Stump 提交于
      when appropriate, of course. If the config for a domain specifies boot
      order with <boot dev='blah'/> elements, e.g.:
      
           <os>
             ...
             <boot dev='hd'/>
             <boot dev='network'/>
           </os>
      
      Then the first disk device in the config will have ",bootindex=1"
      appended to its qemu commandline -device options, and the first (and
      *only* the first) network interface device will get ",bootindex=2".
      
      However, if the first network interface device is a "hostdev" device
      (an SRIOV Virtual Function (VF) being assigned to the domain with
      vfio), then the bootindex option will *not* be appended. This happens
      because the bootindex=n option corresponding to the order of "<boot
      dev='network'/>" is added to the -device for the first network device
      when network device commandline args are constructed, but if it's a
      hostdev network device, its commandline arg is instead constructed in
      the loop for hostdevs.
      
      This patch fixes that omission by noticing (in bootHostdevNet) if the
      first network device was a hostdev, and if so passing on the proper
      bootindex to the commandline generator for hostdev devices - the
      result is that ",bootindex=2" will be properly appended to the first
      "network" device in the config even if it is really a hostdev
      (including if it is assigned from a libvirt network pool). (note that
      this is only the case if there is no <bootmenu enabled='yes'/> element
      in the config ("-boot menu-on" in qemu) , since the two are mutually
      exclusive - when the bootmenu is enabled, the individual per-device
      bootindex options can't be used by qemu, and we revert to using "-boot
      order=xyz" instead).
      
      If a greater level of control over boot order is desired (e.g., more
      than one network device should be tried, or a network device other
      than the first one encountered in the config), then <boot
      dev='network'/> in the <os> element should not be used; instead, the
      individual device elements in the config should be given a "<boot
      order='n'/>
      
      Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1278421
      a8e3247e
    • J
      security_stack: remove extra Security from function names · 077bdba5
      Ján Tomko 提交于
      Many of the functions follow the pattern:
      virSecurity.*Security.*Label
      
      Remove the second 'Security' from the names, it should be
      obvious that the virSecurity* functions deal with security
      labels even without it.
      077bdba5
    • J
      security_selinux: remove extra Security from function names · ba9285b3
      Ján Tomko 提交于
      Many of the functions follow the pattern:
      virSecurity.*Security.*Label
      
      Remove the second 'Security' from the names, it should be obvious
      that the virSecurity* functions deal with security labels even
      without it.
      ba9285b3
    • J
      security_dac: remove extra Security from function names · be33e965
      Ján Tomko 提交于
      Many of the functions follow the pattern:
      virSecurity.*Security.*Label
      
      Remove the second 'Security' from the names, it should be obvious
      that the virSecurity* functions deal with security labels even
      without it.
      be33e965
    • P
      qemuMonitorJSONEjectMedia: don't stringify the replay at all · cbd3d065
      Pavel Hrdina 提交于
      Commit 256496e1 introduced a detection if "is locked" in error replay
      from qemu monitor. Commit c4073657 fixed a memory leak, but it was
      pointed out by Peter, that this could be done cleaner without
      stringifing the replay.
      Signed-off-by: NPavel Hrdina <phrdina@redhat.com>
      cbd3d065
    • A
      pci: Use 'addr' instead of 'dev' for virPCIDeviceAddressPtr · 90791fbf
      Andrea Bolognani 提交于
      The name 'dev' is more appropriate for virPCIDevicePtr.
      90791fbf
    • M
      qemuMonitorJSONEjectMedia: Don't leak stringified reply · c4073657
      Michal Privoznik 提交于
      The return value of virJSONValueToString() should be freed when
      no longer needed. This is not the case after 256496e1.
      
      ==26902== 138 bytes in 2 blocks are definitely lost in loss record 1,051 of 1,239
      ==26902==    at 0x4C29F80: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
      ==26902==    by 0xAA5F599: strdup (in /lib64/libc-2.21.so)
      ==26902==    by 0x552BAD9: virStrdup (virstring.c:726)
      ==26902==    by 0x54F60A7: virJSONValueToString (virjson.c:1790)
      ==26902==    by 0x1DF6EBB9: qemuMonitorJSONEjectMedia (qemu_monitor_json.c:2225)
      ==26902==    by 0x1DF57A4C: qemuMonitorEjectMedia (qemu_monitor.c:1985)
      ==26902==    by 0x1DF1EF2D: qemuDomainChangeEjectableMedia (qemu_hotplug.c:199)
      ==26902==    by 0x1DF90314: qemuDomainChangeDiskLive (qemu_driver.c:7985)
      ==26902==    by 0x1DF90476: qemuDomainUpdateDeviceLive (qemu_driver.c:8030)
      ==26902==    by 0x1DF91ED7: qemuDomainUpdateDeviceFlags (qemu_driver.c:8677)
      ==26902==    by 0x561785F: virDomainUpdateDeviceFlags (libvirt-domain.c:8559)
      ==26902==    by 0x134210: remoteDispatchDomainUpdateDeviceFlags (remote_dispatch.h:10966)
      
      ==26902== 106 bytes in 1 blocks are definitely lost in loss record 1,033 of 1,239
      ==26902==    at 0x4C29F80: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
      ==26902==    by 0xAA5F599: strdup (in /lib64/libc-2.21.so)
      ==26902==    by 0x552BAD9: virStrdup (virstring.c:726)
      ==26902==    by 0x54F60A7: virJSONValueToString (virjson.c:1790)
      ==26902==    by 0x1DF6EC0C: qemuMonitorJSONEjectMedia (qemu_monitor_json.c:2227)
      ==26902==    by 0x1DF57A4C: qemuMonitorEjectMedia (qemu_monitor.c:1985)
      ==26902==    by 0x1DF1EF2D: qemuDomainChangeEjectableMedia (qemu_hotplug.c:199)
      ==26902==    by 0x1DF90314: qemuDomainChangeDiskLive (qemu_driver.c:7985)
      ==26902==    by 0x1DF90476: qemuDomainUpdateDeviceLive (qemu_driver.c:8030)
      ==26902==    by 0x1DF91ED7: qemuDomainUpdateDeviceFlags (qemu_driver.c:8677)
      ==26902==    by 0x561785F: virDomainUpdateDeviceFlags (libvirt-domain.c:8559)
      ==26902==    by 0x134210: remoteDispatchDomainUpdateDeviceFlags (remote_dispatch.h:10966)
      Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
      c4073657
    • H
      qemu cgroups: move new threads to new cgroup after cpuset is set up · 90b721e4
      Henning Schild 提交于
      Moving tasks to cgroups implied sched_setaffinity. Changing the cpus in
      a set implies the same for all tasks in the group.
      The old code put the the thread into the cpuset inherited from the
      machine cgroup, which allowed it to run outside of vcpupin for a short
      while.
      Signed-off-by: NHenning Schild <henning.schild@siemens.com>
      90b721e4
    • H
      qemu: do not put a task into machine cgroup · a41c00b4
      Henning Schild 提交于
      The machine cgroup is a superset, a parent to the emulator and vcpuX
      cgroups. The parent cgroup should never have any tasks directly in it.
      In fact the parent cpuset might contain way more cpus than the sum of
      emulatorpin and vcpupins. So putting tasks in the superset will allow
      them to run outside of <cputune>.
      Signed-off-by: NHenning Schild <henning.schild@siemens.com>
      a41c00b4
    • H
      util: cgroups do not implicitly add task to new machine cgroup · 71ce4759
      Henning Schild 提交于
      virCgroupNewMachine used to add the pidleader to the newly created
      machine cgroup. Do not do this implicit anymore.
      Signed-off-by: NHenning Schild <henning.schild@siemens.com>
      71ce4759
  3. 14 12月, 2015 2 次提交
  4. 13 12月, 2015 1 次提交
    • M
      virNetDevMacVLanTapSetup: Work around older systems · ec93cc25
      Michal Privoznik 提交于
      Some older systems, e.g. RHEL-6 do not have IFF_MULTI_QUEUE flag
      which we use to enable multiqueue feature. Therefore one gets the
      following compile error there:
      
        CC     util/libvirt_util_la-virnetdevmacvlan.lo
      util/virnetdevmacvlan.c: In function 'virNetDevMacVLanTapSetup':
      util/virnetdevmacvlan.c:338: error: 'IFF_MULTI_QUEUE' undeclared (first use in this function)
      util/virnetdevmacvlan.c:338: error: (Each undeclared identifier is reported only once
      util/virnetdevmacvlan.c:338: error: for each function it appears in.)
      make[3]: *** [util/libvirt_util_la-virnetdevmacvlan.lo] Error 1
      
      So, whenever user wants us to enable the feature on such systems,
      we will just throw a runtime error instead.
      Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
      ec93cc25
  5. 12 12月, 2015 1 次提交
    • E
      CVE-2015-5313: storage: don't allow '/' in filesystem volume names · 034e47c3
      Eric Blake 提交于
      The libvirt file system storage driver determines what file to
      act on by concatenating the pool location with the volume name.
      If a user is able to pick names like "../../../etc/passwd", then
      they can escape the bounds of the pool.  For that matter,
      virStoragePoolListVolumes() doesn't descend into subdirectories,
      so a user really shouldn't use a name with a slash.
      
      Normally, only privileged users can coerce libvirt into creating
      or opening existing files using the virStorageVol APIs; and such
      users already have full privilege to create any domain XML (so it
      is not an escalation of privilege).  But in the case of
      fine-grained ACLs, it is feasible that a user can be granted
      storage_vol:create but not domain:write, and it violates
      assumptions if such a user can abuse libvirt to access files
      outside of the storage pool.
      
      Therefore, prevent all use of volume names that contain "/",
      whether or not such a name is actually attempting to escape the
      pool.
      
      This changes things from:
      
      $ virsh vol-create-as default ../../../../../../etc/haha --capacity 128
      Vol ../../../../../../etc/haha created
      $ rm /etc/haha
      
      to:
      
      $ virsh vol-create-as default ../../../../../../etc/haha --capacity 128
      error: Failed to create vol ../../../../../../etc/haha
      error: Requested operation is not valid: volume name '../../../../../../etc/haha' cannot contain '/'
      Signed-off-by: NEric Blake <eblake@redhat.com>
      034e47c3
  6. 11 12月, 2015 10 次提交
  7. 10 12月, 2015 6 次提交
    • J
      storage: Ignore block devices that fail format detection · a523770c
      John Ferlan 提交于
      https://bugzilla.redhat.com/show_bug.cgi?id=1276198
      
      Prior to commit id '98322052' failure to saferead the block device would
      cause an error to be logged and the device to be skipped while attempting
      to discover/create a stable target path for a new LUN (NPIV).
      
      This was because virStorageBackendSCSIFindLUs ignored errors from
      processLU and virStorageBackendSCSINewLun.
      
      Ignoring the failure allowed a multipath device with an "active" and
      "ghost" to be present on the host with the "ghost" block device being
      ignored. This patch will return a -2 to the caller indicating the desire
      to ignore the block device since it cannot be used directly rather than
      fail the pool startup.
      a523770c
    • J
      storage: Add debug message · b3df72c4
      John Ferlan 提交于
      I found this useful while processing a volume that wouldn't end up
      showing up in the resulting list of block volumes. In this case, the
      partition type wasn't found in the disk_types table.
      b3df72c4
    • J
      storage: Handle readflags errors · 1bc84b0a
      John Ferlan 提交于
      Similar to the openflags VIR_STORAGE_VOL_OPEN_NOERROR processing, if some
      read processing operation fails, check the readflags for the corresponding
      error flag being set. If so, rather then causing an error - use VIR_WARN
      to flag the error, but return -2 which some callers can use to perform
      specific actions. Use a new VIR_STORAGE_VOL_READ_NOERROR flag in a new
      VolReadErrorMode enum.
      1bc84b0a
    • J
      storage: Set ret = -1 on failures in virStorageBackendUpdateVolTargetInfo · 1edfce9b
      John Ferlan 提交于
      While processing the volume for lseek, virFileReadHeaderFD, and
      virStorageFileGetMetadataFromBuf - failure would cause an error,
      but ret would not be set. That would result in an error message being
      sent, but successful status being returned.
      1edfce9b
    • J
      storage: Add comments for backend APIs · af4028dc
      John Ferlan 提交于
      Just so it's clearer what to expect upon input and what types of return
      values could be generated.  These were loosely copied from existing
      virStorageBackendUpdateVolTargetInfoFD.
      af4028dc
    • J
      storage: Add readflags for backend error processing · 22346003
      John Ferlan 提交于
      Similar to the openflags which allow VIR_STORAGE_VOL_OPEN_NOERROR to be
      passed to avoid open errors, add a 'readflags' variable so that in the
      future read failures could also be ignored.
      22346003