- 17 12月, 2019 31 次提交
-
-
由 Michal Privoznik 提交于
With NVMe disks, one can start a blockjob with a NVMe disk that is not visible in domain XML (at least right away). Usually, it's fairly easy to override this limitation of qemuDomainGetMemLockLimitBytes() - for instance for hostdevs we temporarily add the device to domain def, let the function calculate the limit and then remove the device. But it's not so easy with virStorageSourcePtr - in some cases they don't necessarily are attached to a disk. And even if they are it's done later in the process and frankly, I find it too complicated to be able to use the simple trick we use with hostdevs. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NCole Robinson <crobinso@redhat.com>
-
由 Michal Privoznik 提交于
There are couple of places where a domain with a VFIO device gets special treatment: in CGroups when enabling/disabling access to /dev/vfio/vfio, and when creating/removing nodes in domain mount namespace. Well, a NVMe disk is a VFIO device too. Fortunately, we have this qemuDomainNeedsVFIO() function which is the only place that needs adjustment. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NCole Robinson <crobinso@redhat.com>
-
由 Michal Privoznik 提交于
If a domain has an NVMe disk configured, then we need to create /dev/vfio/* paths in domain's namespace so that qemu can open them. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NCole Robinson <crobinso@redhat.com>
-
由 Michal Privoznik 提交于
We have this beautiful function that does crystal ball divination. The function is named qemuDomainGetMemLockLimitBytes() and it calculates the upper limit of how much locked memory is given guest going to need. The function bases its guess on devices defined for a domain. For instance, if there is a VFIO hostdev defined then it adds 1GiB to the guessed maximum. Since NVMe disks are pretty much VFIO hostdevs (but not quite), we have to do the same sorcery. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> ACKed-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NCole Robinson <crobinso@redhat.com>
-
由 Michal Privoznik 提交于
Sometimes, we have a PCI address and not fully allocated virPCIDevice and yet we still want to know its /dev/vfio/N path. Introduce virPCIDeviceAddressGetIOMMUGroupDev() function exactly for that. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NCole Robinson <crobinso@redhat.com>
-
由 Michal Privoznik 提交于
Previous patches rendered some of 'cleanup' labels needless. Drop them. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NCole Robinson <crobinso@redhat.com>
-
由 Michal Privoznik 提交于
Now that all callers of qemuDomainGetHostdevPath() handle /dev/vfio/vfio on their own, we can safely drop handling in this function. In near future the decision whether domain needs VFIO file is going to include more device types than just virDomainHostdev. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NCole Robinson <crobinso@redhat.com>
-
由 Michal Privoznik 提交于
There are several variables which could be automatically freed upon return from the function. I'm not changing @tmpPaths (which is a string list) because it is going to be removed in next commit. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NCole Robinson <crobinso@redhat.com>
-
由 Michal Privoznik 提交于
In near future, the decision what to do with /dev/vfio/vfio with respect to domain namespace and CGroup is going to be moved out of qemuDomainGetHostdevPath() because there will be some other types of devices than hostdevs that need access to VFIO. All functions that I'm changing (except qemuSetupHostdevCgroup()) assume that hostdev we are adding/removing to VM is not in the definition yet (because of how qemuDomainNeedsVFIO() is written). Fortunately, this assumption is true. For qemuSetupHostdevCgroup(), the worst thing that may happen is that we allow /dev/vfio/vfio which was already allowed. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NCole Robinson <crobinso@redhat.com>
-
由 Daniel Henrique Barboza 提交于
qemuBuildSoundCodecStr() validates if a given QEMU binary supports the sound codec. This validation can be moved to qemu_domain.c to be executed in domain define time. The codec validation was moved to the existing qemuDomainDeviceDefValidateSound() function. Reviewed-by: NCole Robinson <crobinso@redhat.com> Signed-off-by: NDaniel Henrique Barboza <danielhb413@gmail.com>
-
由 Daniel Henrique Barboza 提交于
Move QEMU caps validation of QEMU_CAPS_OBJECT_USB_AUDIO and QEMU_CAPS_DEVICE_ICH9_INTEL_HDA to a new function in qemu_domain.c, qemuDomainDeviceDefValidateSound(). This function is called by qemuDomainDeviceDefValidate() to validate the sound device in domain define time. qemuxml2xmltest.c was adjusted to add the now required caps for domain definition. Reviewed-by: NCole Robinson <crobinso@redhat.com> Signed-off-by: NDaniel Henrique Barboza <danielhb413@gmail.com>
-
由 Daniel Henrique Barboza 提交于
qemuBuildTPMDevStr() does TPM model validation that can be moved to qemu_domain.c, allowing validation in domain define time. This patch moves it to the existing qemuDomainDeviceDefValidateTPM() function. Reviewed-by: NCole Robinson <crobinso@redhat.com> Signed-off-by: NDaniel Henrique Barboza <danielhb413@gmail.com>
-
由 Daniel Henrique Barboza 提交于
Console validation is currently being done by qemuBuildConsoleCommandLine(). This patch moves it to a new qemuDomainDefValidateConsole() function. This new function is then called by qemuDomainDefValidate(), validating the console in domain define time. Reviewed-by: NCole Robinson <crobinso@redhat.com> Signed-off-by: NDaniel Henrique Barboza <danielhb413@gmail.com>
-
由 Daniel Henrique Barboza 提交于
Move the SPICE caps validation from qemuBuildGraphicsSPICECommandLine() to a new function called qemuDomainDeviceDefValidateSPICEGraphics(). This function is called by qemuDomainDeviceDefValidateGraphics(), which in turn is called by qemuDomainDefValidate(), validating the graphics parameters in domain define time. This validation move exposed a flaw in the 'default-video-type' tests for PPC64, AARCH64 and s390 archs. The XML was considering 'spice' as the default video type, which isn't true for those architectures. This was flying under the radar until now because the SPICE validation was being made in 'virsh start' time, while the XML validation done in qemuxml2xmltest.c considers define time. All other tests were adapted to consider SPICE validation in this earlier stage. Reviewed-by: NCole Robinson <crobinso@redhat.com> Signed-off-by: NDaniel Henrique Barboza <danielhb413@gmail.com>
-
由 Daniel Henrique Barboza 提交于
Move the VNC cap validation from qemuBuildGraphicsVNCCommandLine() to qemuDomainDeviceDefValidateGraphics(). This function is called by qemuDomainDefValidate(), validating the graphics parameters in domain define time. Tests were adapted to consider SDL validation in this earlier stage. Reviewed-by: NCole Robinson <crobinso@redhat.com> Signed-off-by: NDaniel Henrique Barboza <danielhb413@gmail.com>
-
由 Daniel Henrique Barboza 提交于
There are validations for SDL, VNC, SPICE and EGL_HEADLESS around several BuildGraphics*CommandLine in qemu_command.c. This patch starts to move all of them to qemu_domain.c, inside the existent qemuDomainDeviceDefValidateGraphics() function. This function is called by qemuDomainDefValidate(), validating the graphics parameters in domain define time. In this patch we'll move the SDL validation code from qemuBuildGraphicsSDLCommandLine(). Tests were adapted to consider SDL validation in this earlier stage. Reviewed-by: NCole Robinson <crobinso@redhat.com> Signed-off-by: NDaniel Henrique Barboza <danielhb413@gmail.com>
-
由 Daniel Henrique Barboza 提交于
Move the pcihole64 validation being done by qemuBuildGlobalControllerCommandLine() to the existing function qemuDomainDeviceDefValidateControllerPCI(), which provides domain define time validation. The existing pcihole64 validations in qemu_domain.c were replaced by the ones moved from qemu_command.c. The reason is that they are more specific, allowing VIR_DOMAIN_CONTROLLER_MODEL_PCI_ROOT and VIR_DOMAIN_CONTROLLER_MODEL_PCIE_ROOT to have distinct validation, with exclusive QEMU caps and machine types. Tests were adapted to consider the new caps being needed in this earlier stage. Reviewed-by: NCole Robinson <crobinso@redhat.com> Signed-off-by: NDaniel Henrique Barboza <danielhb413@gmail.com>
-
由 Daniel Henrique Barboza 提交于
Move the boot validation being done by qemuBuildBootCommandLine() to to a new qemuDomainDefValidateBoot() function. This new function is called by qemuDomainDefValidate(), allowing boot validation in domain define time. Tests were adapted to consider the new caps being needed in this earlier stage. Reviewed-by: NCole Robinson <crobinso@redhat.com> Signed-off-by: NDaniel Henrique Barboza <danielhb413@gmail.com>
-
由 Daniel Henrique Barboza 提交于
Move the PM validation being done by qemuBuildPMCommandLine() to to a new qemuDomainDefValidatePM() function. This new function is called by qemuDomainDefValidate(), promoting PM validation in domain define time. Tests were adapted to consider the new caps being needed in this earlier stage. Reviewed-by: NCole Robinson <crobinso@redhat.com> Signed-off-by: NDaniel Henrique Barboza <danielhb413@gmail.com>
-
由 Daniel Henrique Barboza 提交于
@def->clock validation is done by qemuBuildClockCommandLine() and qemuBuildClockArgStr(). This patch centralize the validation done in both these functions to a new qemuDomainDefValidateClockTimers() function. This new function is then called by qemuDomainDefValidate(), promoting clock validation in domain define time. Tests were adapted to consider the new caps being needed in this earlier stage. Reviewed-by: NCole Robinson <crobinso@redhat.com> Signed-off-by: NDaniel Henrique Barboza <danielhb413@gmail.com>
-
由 Daniel Henrique Barboza 提交于
Move QEMU caps validation of qemuBuildSgaCommandLine() to qemuDomainDefValidate(), allowing validation at domain define time. Reviewed-by: NCole Robinson <crobinso@redhat.com> Signed-off-by: NDaniel Henrique Barboza <danielhb413@gmail.com>
-
由 Daniel Henrique Barboza 提交于
QEMU_CAPS_DEVICE_VMGENID is now being validated by qemuDomainDefValidate(). Reviewed-by: NCole Robinson <crobinso@redhat.com> Signed-off-by: NDaniel Henrique Barboza <danielhb413@gmail.com>
-
由 Daniel Henrique Barboza 提交于
Move QEMU caps validation of qemuBuildHostdevCommandLine() to qemuDomainDeviceDefValidateHostdev() and qemuDomainMdevDefValidate(), allowing them to be validated at domain define time. Tests were adapted to consider the new caps being needed in this earlier stage. Reviewed-by: NCole Robinson <crobinso@redhat.com> Signed-off-by: NDaniel Henrique Barboza <danielhb413@gmail.com>
-
由 Daniel Henrique Barboza 提交于
Move QEMU caps validation of QEMU_CAPS_CHARDEV_FILE_APPEND and QEMU_CAPS_CHARDEV_LOGFILE to qemuDomainChrSourceDefValidate(). Reviewed-by: NCole Robinson <crobinso@redhat.com> Signed-off-by: NDaniel Henrique Barboza <danielhb413@gmail.com>
-
由 Daniel Henrique Barboza 提交于
Move QEMU caps validation of QEMU_CAPS_USB_HUB to a new function in qemu_domain.c, qemuDomainDeviceDefValidateHub(). This function is called by qemuDomainDeviceDefValidate() to validate the sound device in domain define time. qemuxml2xmltest.c was adjusted to add the now required caps for domain definition. Reviewed-by: NCole Robinson <crobinso@redhat.com> Signed-off-by: NDaniel Henrique Barboza <danielhb413@gmail.com>
-
由 Daniel Henrique Barboza 提交于
A new function qemuDomainDeviceDefValidateNVRAM() was created to validate the NVRAM in domain define time. Unit test was adjusted to account for the extra QEMU_CAPS_DEVICE_NVRAM required during domain define. Reviewed-by: NCole Robinson <crobinso@redhat.com> Signed-off-by: NDaniel Henrique Barboza <danielhb413@gmail.com>
-
由 Daniel Henrique Barboza 提交于
A new qemuDomainDefValidateNuma() function was created to host all the QEMU caps validation being done inside qemuBuildNumaArgStr(). This new function is called by qemuDomainValidateCpuCount() to allow NUMA validation in domain define time. Tests were changed to account for the QEMU capabilities that need to be present at domain define time. Reviewed-by: NCole Robinson <crobinso@redhat.com> Signed-off-by: NDaniel Henrique Barboza <danielhb413@gmail.com>
-
由 Daniel Henrique Barboza 提交于
Validation of MACHINE_KERNEL_IRQCHIP and MACHINE_KERNEL_IRQCHIP_SPLIT QEMU caps are now being done in qemuDomainDefValidateFeatures(). Reviewed-by: NCole Robinson <crobinso@redhat.com> Signed-off-by: NDaniel Henrique Barboza <danielhb413@gmail.com>
-
由 Daniel Henrique Barboza 提交于
virQEMUCapsSupportsVmport() is now being called inside qemuDomainDefValidateFeatures() for VIR_DOMAIN_FEATURE_VMPORT feature. qemuxml2xmltest.c was changed to account for this caps being now validated at domain define time. Reviewed-by: NCole Robinson <crobinso@redhat.com> Signed-off-by: NDaniel Henrique Barboza <danielhb413@gmail.com>
-
由 Daniel Henrique Barboza 提交于
Move QEMU_CAPS_MEM_MERGE validation from qemuBuildMachineCommandLine() to qemuDomainDefValidateMemory(). Reviewed-by: NCole Robinson <crobinso@redhat.com> Signed-off-by: NDaniel Henrique Barboza <danielhb413@gmail.com>
-
由 Daniel Henrique Barboza 提交于
Introduce a new function called qemuDomainDefValidatePSeriesFeature() that will center all the PSeries validation done in qemu_command.c. qemuDomainDefValidatePSeriesFeature() is then called during domain define time, in qemuDomainDefValidateFeatures(). qemuxml2argvtest.c is also changed to include all the caps that now are being validated in define time. Reviewed-by: NCole Robinson <crobinso@redhat.com> Signed-off-by: NDaniel Henrique Barboza <danielhb413@gmail.com>
-
- 13 12月, 2019 2 次提交
-
-
由 Daniel P. Berrangé 提交于
The use of the parseOpaque parameter was mistakenly removed in commit 4a4132b4 Author: Daniel P. Berrangé <berrange@redhat.com> Date: Tue Dec 3 10:49:49 2019 +0000 conf: don't use passed in caps in post parse method causing the method to re-fetch qemuCaps that were already just fetched and put into parseOpaque. This is inefficient when parsing incoming XML, but for live XML this is more serious as it means we use the capabilities for the current QEMU binary on disk, rather than the running QEMU. That commit, however, did have a useful side effect of fixing a crasher bug in the qemu post parse callback introduced by commit 5e939cea Author: Jiri Denemark <jdenemar@redhat.com> Date: Thu Sep 26 18:42:02 2019 +0200 qemu: Store default CPU in domain XML The qemuDomainDefSetDefaultCPU() method in that patch did not allow for the possibility that qemuCaps would be NULL and thus resulted in a SEGV. This shows a risk in letting each check in the post parse callback look for qemuCaps == NULL. The safer option is to check once upfront and immediately stop (postpone) further validation. Reviewed-by: NMichal Privoznik <mprivozn@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
Don't check os type / virt type / arch in the post-parse callback because we can't assume qemuCaps is non-NULL at this point. It also conceptually belongs to the validation callback. Reviewed-by: NMichal Privoznik <mprivozn@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
- 12 12月, 2019 2 次提交
-
-
由 Pavel Mores 提交于
This commit aims to fix https://bugzilla.redhat.com/show_bug.cgi?id=1610207 The cause was apparently incorrect handling of jobs in snapshot revert code which allowed a thread executing snapshot delete to begin job while snapshot revert was still running on another thread. The snapshot delete thread then waited on a condition variable in qemuMonitorSend() while the revert thread finished, changing (and effectively corrupting) the qemuMonitor structure under the delete thread which led to its crash. The incorrect handling of jobs in revert code was due to the fact that although qemuDomainRevertToSnapshot() correctly begins a job at the start, the job was implicitly ended when qemuProcessStop() was called because the job lives in the QEMU driver's private data (qemuDomainObjPrivate) that was purged during qemuProcessStop(). This fix prevents qemuProcessStop() from clearing jobs as the idea of qemuProcessStop() clearing jobs seems wrong in the first place. It was (inadvertently) introduced in commit 888aa4b6, which is effectively reverted by the second hunk of this commit. To preserve the desired effects of the faulty commit, the first hunk is included as suggested by Michal. Signed-off-by: NPavel Mores <pmores@redhat.com> Reviewed-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Daniel P. Berrangé 提交于
When QEMU uid/gid is set to non-root this is pointless as if we just used a regular setuid/setgid call, the process will have all its capabilities cleared anyway by the kernel. When QEMU uid/gid is set to root, this is almost (always?) never what people actually want. People make QEMU run as root in order to access some privileged resource that libvirt doesn't support yet and this often requires capabilities. As a result they have to go find the qemu.conf param to turn this off. This is not viable for libguestfs - they want to control everything via the XML security label to request running as root regardless of the qemu.conf settings for user/group. Clearing capabilities was implemented originally because there was a proposal in Fedora to change permissions such that root, with no capabilities would not be able to compromise the system. ie a locked down root account. This never went anywhere though, and as a result clearing capabilities when running as root does not really get us any security benefit AFAICT. The root user can easily do something like create a cronjob, which will then faithfully be run with full capabilities, trivially bypassing the restriction we place. IOW, our clearing of capabilities is both useless from a security POV, and breaks valid use cases when people need to run as root. This removes the clear_emulator_capabilities configuration option from qemu.conf, and always runs QEMU with capabilities when root. The behaviour when non-root is unchanged. Reviewed-by: NCole Robinson <crobinso@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
- 11 12月, 2019 1 次提交
-
-
由 Pavel Mores 提交于
Since blockcommit is asynchronous, libvirtd can be restarted while the operation runs. To ensure the information necessary to finish up the job is not lost, serialisation to and deserialisation from the status XML is added. To unittest this, the new element was only added to the active commit test, the non-active commit test doesn't have the new element so as to test its absence. Signed-off-by: NPavel Mores <pmores@redhat.com> Reviewed-by: NPeter Krempa <pkrempa@redhat.com>
-
- 10 12月, 2019 4 次提交
-
-
由 Pavel Hrdina 提交于
Signed-off-by: NPavel Hrdina <phrdina@redhat.com> Reviewed-by: NCole Robinson <crobinso@redhat.com>
-
由 Peter Krempa 提交于
A backup blockjob needs to be able to notify the parent backup job as well as track all data to be able to clean up the bitmap and blockdev used for the backup. Add the data structure, job allocation function and status XML formatter and parser. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Peter Krempa 提交于
Store the data of a backup job along with the index counter for new backup jobs in the status XML. Currently we will support only one backup job and thus there's no necessity to add arrays of jobs. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Peter Krempa 提交于
A backup job may consist of many backup sub-blockjobs. Add the new blockjob type and add all type converter strings. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-