1. 20 2月, 2020 1 次提交
  2. 07 2月, 2020 2 次提交
    • Z
      qemu: support Panic Crashloaded event handling · 26badd13
      zhenwei pi 提交于
      Pvpanic device supports bit 1 as crashloaded event, it means that
      guest actually panicked and run kexec to handle error by guest side.
      
      Handle crashloaded as a lifecyle event in libvirt.
      
      Test case:
      Guest side:
      before testing, we need make sure kdump is enabled,
      1, build new pvpanic driver (with commit from upstream
         e0b9a42735f2672ca2764cfbea6e55a81098d5ba
         191941692a3d1b6a9614502b279be062926b70f5)
      2, insmod new kmod
      3, enable crash_kexec_post_notifiers,
        # echo 1 > /sys/module/kernel/parameters/crash_kexec_post_notifiers
      4, trigger kernel panic
        # echo 1 > /proc/sys/kernel/sysrq
        # echo c > /proc/sysrq-trigger
      
      Host side:
      1, build new qemu with pvpanic patches (with commit from upstream
         600d7b47e8f5085919fd1d1157f25950ea8dbc11
         7dc58deea79a343ac3adc5cadb97215086054c86)
      2, build libvirt with this patch
      3, handle lifecycle event and trigger guest side panic
        # virsh event stretch --event lifecycle
        event 'lifecycle' for domain stretch: Crashed Crashloaded
        events received: 1
      Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com>
      Signed-off-by: Nzhenwei pi <pizhenwei@bytedance.com>
      26badd13
    • J
      qemu: Pass machine type to virQEMUCapsIsCPUModeSupported · 80791859
      Jiri Denemark 提交于
      The usability of a specific CPU mode may depend on machine type, let's
      prepare for this by passing it to virQEMUCapsIsCPUModeSupported.
      Signed-off-by: NJiri Denemark <jdenemar@redhat.com>
      Reviewed-by: NJán Tomko <jtomko@redhat.com>
      80791859
  3. 02 2月, 2020 3 次提交
  4. 27 1月, 2020 1 次提交
    • D
      qemu: add support for running QEMU driver in embedded mode · 068efae5
      Daniel P. Berrangé 提交于
      This enables support for running QEMU embedded to the calling
      application process using a URI:
      
         qemu:///embed?root=/some/path
      
      Note that it is important to keep the path reasonably short to
      avoid risk of hitting the limit on UNIX socket path names
      which is 108 characters.
      
      When using the embedded mode with a root=/var/tmp/embed, the
      driver will use the following paths:
      
                      logDir: /var/tmp/embed/log/qemu
                 swtpmLogDir: /var/tmp/embed/log/swtpm
               configBaseDir: /var/tmp/embed/etc/qemu
                    stateDir: /var/tmp/embed/run/qemu
               swtpmStateDir: /var/tmp/embed/run/swtpm
                    cacheDir: /var/tmp/embed/cache/qemu
                      libDir: /var/tmp/embed/lib/qemu
             swtpmStorageDir: /var/tmp/embed/lib/swtpm
       defaultTLSx509certdir: /var/tmp/embed/etc/pki/qemu
      
      These are identical whether the embedded driver is privileged
      or unprivileged.
      
      This compares with the system instance which uses
      
                      logDir: /var/log/libvirt/qemu
                 swtpmLogDir: /var/log/swtpm/libvirt/qemu
               configBaseDir: /etc/libvirt/qemu
                    stateDir: /run/libvirt/qemu
               swtpmStateDir: /run/libvirt/qemu/swtpm
                    cacheDir: /var/cache/libvirt/qemu
                      libDir: /var/lib/libvirt/qemu
             swtpmStorageDir: /var/lib/libvirt/swtpm
       defaultTLSx509certdir: /etc/pki/qemu
      
      At this time all features present in the QEMU driver are available when
      running in embedded mode, availability matching whether the embedded
      driver is privileged or unprivileged.
      Reviewed-by: NMichal Privoznik <mprivozn@redhat.com>
      Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
      068efae5
  5. 17 1月, 2020 2 次提交
  6. 16 1月, 2020 1 次提交
    • J
      qemu: Don't emit SUSPENDED_POSTCOPY event on destination · bd04d63a
      Jiri Denemark 提交于
      When pause-before-switchover QEMU capability is enabled, we get STOP
      event before MIGRATION event with postcopy-active state. To properly
      handle post-copy migration and emit correct events commit
      v4.10.0-rc1-4-geca9d21e added a hack to
      qemuProcessHandleMigrationStatus which translates the paused state
      reason to VIR_DOMAIN_PAUSED_POSTCOPY and emits
      VIR_DOMAIN_EVENT_SUSPENDED_POSTCOPY event when migration state changes
      to post-copy.
      
      However, the code was effective on both sides of migration resulting in
      a confusing VIR_DOMAIN_EVENT_SUSPENDED_POSTCOPY event on the destination
      host, where entering post-copy mode is already properly advertised by
      VIR_DOMAIN_EVENT_RESUMED_POSTCOPY event.
      
      https://bugzilla.redhat.com/show_bug.cgi?id=1791458Signed-off-by: NJiri Denemark <jdenemar@redhat.com>
      Reviewed-by: NJán Tomko <jtomko@redhat.com>
      bd04d63a
  7. 07 1月, 2020 1 次提交
  8. 06 1月, 2020 2 次提交
  9. 24 12月, 2019 1 次提交
    • N
      qemu: hide details of fake reboot · 6c6d93bc
      Nikolay Shirokovskiy 提交于
      If we use fake reboot then domain goes thru running->shutdown->running
      state changes with shutdown state only for short period of time.  At
      least this is implementation details leaking into API. And also there is
      one real case when this is not convinient. I'm doing a backup with the
      help of temporary block snapshot (with the help of qemu's API which is
      used in the newly created libvirt's backup API). If guest is shutdowned
      I want to continue to backup so I don't kill the process and domain is
      in shutdown state. Later when backup is finished I want to destroy qemu
      process. So I check if it is in shutdowned state and destroy it if it
      is. Now if instead of shutdown domain got fake reboot then I can destroy
      process in the middle of fake reboot process.
      
      After shutdown event we also get stop event and now as domain state is
      running it will be transitioned to paused state and back to running
      later. Though this is not critical for the described case I guess it is
      better not to leak these details to user too. So let's leave domain in
      running state on stop event if fake reboot is in process.
      
      Reconnection code handles this patch without modification. It detects
      that qemu is not running due to shutdown and then calls qemuProcessShutdownOrReboot
      which reboots as fake reboot flag is set.
      Signed-off-by: NNikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
      Reviewed-by: NCole Robinson <crobinso@redhat.com>
      6c6d93bc
  10. 21 12月, 2019 4 次提交
  11. 17 12月, 2019 1 次提交
  12. 12 12月, 2019 2 次提交
    • D
      Revert "qemu: directly create virResctrlInfo ignoring capabilities" · 766c8ae9
      Daniel P. Berrangé 提交于
      This reverts commit 7be5fe66.
      
      This commit broke resctrl, because it missed the fact that the
      virResctrlInfoGetCache() has side-effects causing it to actually
      change the virResctrlInfo parameter, not merely get data from
      it.
      
      This code will need some refactoring before we can try separating
      it from virCapabilities again.
      Reviewed-by: NCole Robinson <crobinso@redhat.com>
      Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
      766c8ae9
    • D
      qemu: keep capabilities when running QEMU as root · 19023562
      Daniel P. Berrangé 提交于
      When QEMU uid/gid is set to non-root this is pointless as if we just
      used a regular setuid/setgid call, the process will have all its
      capabilities cleared anyway by the kernel.
      
      When QEMU uid/gid is set to root, this is almost (always?) never
      what people actually want. People make QEMU run as root in order
      to access some privileged resource that libvirt doesn't support
      yet and this often requires capabilities. As a result they have
      to go find the qemu.conf param to turn this off. This is not
      viable for libguestfs - they want to control everything via the
      XML security label to request running as root regardless of the
      qemu.conf settings for user/group.
      
      Clearing capabilities was implemented originally because there
      was a proposal in Fedora to change permissions such that root,
      with no capabilities would not be able to compromise the system.
      ie a locked down root account. This never went anywhere though,
      and as a result clearing capabilities when running as root does
      not really get us any security benefit AFAICT. The root user
      can easily do something like create a cronjob, which will then
      faithfully be run with full capabilities, trivially bypassing
      the restriction we place.
      
      IOW, our clearing of capabilities is both useless from a security
      POV, and breaks valid use cases when people need to run as root.
      
      This removes the clear_emulator_capabilities configuration
      option from qemu.conf, and always runs QEMU with capabilities
      when root.  The behaviour when non-root is unchanged.
      Reviewed-by: NCole Robinson <crobinso@redhat.com>
      Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
      19023562
  13. 10 12月, 2019 1 次提交
  14. 09 12月, 2019 10 次提交
  15. 05 12月, 2019 1 次提交
  16. 03 12月, 2019 7 次提交