- 18 9月, 2012 2 次提交
- 12 9月, 2012 1 次提交
-
-
由 Hu Tao 提交于
Should not return 0 when failed to setup cgroup.
-
- 06 9月, 2012 1 次提交
-
-
由 Martin Kletzander 提交于
This is another fix for the emulator-pin series. When going through the cputune pinning settings, the current code is trying to pin all the CPUs, even when not all of them are specified. This causes error in the subsequent function which, of course, cannot find the cpu to pin. Since it's enough to pass the correct VCPU ID to the function, the fix is trivial.
-
- 31 8月, 2012 1 次提交
-
-
由 Jiri Denemark 提交于
When domain XML contains any of the elements for setting up CPU scheduling parameters (period, quota, emulator_period, or emulator_quota) we need cpu cgroup to enforce the configuration. However, the existing code would just ignore silently such settings if either cgroups were not available at all cpu cgroup was not available. Moreover, APIs for manipulating CPU scheduler parameters were already failing if cpu cgroup was not available. This patch makes cpu cgroup mandatory for all domains that use CPU scheduling elements in their XML.
-
- 29 8月, 2012 1 次提交
-
-
由 Jiri Denemark 提交于
If cgroups are enabled in general but cpu cgroup is disabled in qemu.conf or not mounted at all, libvirt would refuse to start any domain even though scheduler parameters are not set in domain XML. This patch makes cpu cgroup mandatory only for domains that actually want to use it.
-
- 27 8月, 2012 1 次提交
-
-
由 Martin Kletzander 提交于
Commit 4b03d591 changed the pinning behavior in a way that makes some machines non-startable. The comment mentioning that we cannot control each vcpu when there is not VCPU<-> PID mapping available is true, however, this isn't necessarily an error, because this can be caused by old QEMU without support for "query-cpus" command as well as a software emulated machines that don't create more than one process.
-
- 22 8月, 2012 5 次提交
-
-
由 Hu Tao 提交于
This patch introduces support of setting emulator's period and quota to limit cpu bandwidth when the vm starts. Also updates XML Schema for new entries and docs.
-
由 Hu Tao 提交于
This patch changes the behaviour of xml element cputune.period and cputune.quota to limit cpu bandwidth only for vcpus, and no longer limit cpu bandwidth for the whole guest. The reasons to do this are: - This matches docs of cputune.period and cputune.quota. - The other parts excepting vcpus are treated as "emulator", and there are separate period/quota settings for emulator in the subsequent patches
-
由 Tang Chen 提交于
Introduce qemuSetupCgroupEmulatorPin() function to add emulator threads pin info to cpuset cgroup, the same as vcpupin. Signed-off-by: NTang Chen <tangchen@cn.fujitsu.com> Signed-off-by: NHu Tao <hutao@cn.fujitsu.com>
-
由 Hu Tao 提交于
vcpu threads pin are implemented using sched_setaffinity(), but not controlled by cgroup. This patch does the following things: 1) enable cpuset cgroup 2) reflect all the vcpu threads pin info to cgroup Signed-off-by: NTang Chen <tangchen@cn.fujitsu.com> Signed-off-by: NHu Tao <hutao@cn.fujitsu.com>
-
由 Wen Congyang 提交于
Create a new cgroup and move all emulator threads to the new cgroup. And then we can do the other things: 1. limit only vcpu usage rather than the whole qemu 2. limit for emulator threads(include vhost-net threads) Signed-off-by: NWen Congyang <wency@cn.fujitsu.com> Signed-off-by: NTang Chen <tangchen@cn.fujitsu.com> Signed-off-by: NHu Tao <hutao@cn.fujitsu.com>
-
- 06 8月, 2012 1 次提交
-
-
由 Michal Privoznik 提交于
If there's a memory leak in qemu or qemu is exploited the host's system will sooner or later start trashing instead of killing the bad process. This however has impact on performance and other guests as well. Therefore we should set a reasonable RSS limit even when user hasn't set any. It's better to be secure by default.
-
- 27 7月, 2012 1 次提交
-
-
由 Eric Blake 提交于
Any time we have a string with no % passed through gettext, a translator can inject a % to cause a stack overread. When there is nothing to format, it's easier to ask for a string that cannot be used as a formatter, by using a trivial "%s" format instead. In the past, we have used --disable-nls to catch some of the offenders, but that doesn't get run very often, and many more uses have crept in. Syntax check to the rescue! The syntax check can catch uses such as virReportError(code, _("split " "string")); by using a sed script to fold context lines into one pattern space before checking for a string without %. This patch is just mechanical insertion of %s; there are probably several messages touched by this patch where we would be better off giving the user more information than a fixed string. * cfg.mk (sc_prohibit_diagnostic_without_format): New rule. * src/datatypes.c (virUnrefConnect, virGetDomain) (virUnrefDomain, virGetNetwork, virUnrefNetwork, virGetInterface) (virUnrefInterface, virGetStoragePool, virUnrefStoragePool) (virGetStorageVol, virUnrefStorageVol, virGetNodeDevice) (virGetSecret, virUnrefSecret, virGetNWFilter, virUnrefNWFilter) (virGetDomainSnapshot, virUnrefDomainSnapshot): Add %s wrapper. * src/lxc/lxc_driver.c (lxcDomainSetBlkioParameters) (lxcDomainGetBlkioParameters): Likewise. * src/conf/domain_conf.c (virSecurityDeviceLabelDefParseXML) (virDomainDiskDefParseXML, virDomainGraphicsDefParseXML): Likewise. * src/conf/network_conf.c (virNetworkDNSHostsDefParseXML) (virNetworkDefParseXML): Likewise. * src/conf/nwfilter_conf.c (virNWFilterIsValidChainName): Likewise. * src/conf/nwfilter_params.c (virNWFilterVarValueCreateSimple) (virNWFilterVarAccessParse): Likewise. * src/libvirt.c (virDomainSave, virDomainSaveFlags) (virDomainRestore, virDomainRestoreFlags) (virDomainSaveImageGetXMLDesc, virDomainSaveImageDefineXML) (virDomainCoreDump, virDomainGetXMLDesc) (virDomainMigrateVersion1, virDomainMigrateVersion2) (virDomainMigrateVersion3, virDomainMigrate, virDomainMigrate2) (virStreamSendAll, virStreamRecvAll) (virDomainSnapshotGetXMLDesc): Likewise. * src/nwfilter/nwfilter_dhcpsnoop.c (virNWFilterSnoopReqLeaseDel) (virNWFilterDHCPSnoopReq): Likewise. * src/openvz/openvz_driver.c (openvzUpdateDevice): Likewise. * src/openvz/openvz_util.c (openvzKBPerPages): Likewise. * src/qemu/qemu_cgroup.c (qemuSetupCgroup): Likewise. * src/qemu/qemu_command.c (qemuBuildHubDevStr, qemuBuildChrChardevStr) (qemuBuildCommandLine): Likewise. * src/qemu/qemu_driver.c (qemuDomainGetPercpuStats): Likewise. * src/qemu/qemu_hotplug.c (qemuDomainAttachNetDevice): Likewise. * src/rpc/virnetsaslcontext.c (virNetSASLSessionGetIdentity): Likewise. * src/rpc/virnetsocket.c (virNetSocketNewConnectUNIX) (virNetSocketSendFD, virNetSocketRecvFD): Likewise. * src/storage/storage_backend_disk.c (virStorageBackendDiskBuildPool): Likewise. * src/storage/storage_backend_fs.c (virStorageBackendFileSystemProbe) (virStorageBackendFileSystemBuild): Likewise. * src/storage/storage_backend_rbd.c (virStorageBackendRBDOpenRADOSConn): Likewise. * src/storage/storage_driver.c (storageVolumeResize): Likewise. * src/test/test_driver.c (testInterfaceChangeBegin) (testInterfaceChangeCommit, testInterfaceChangeRollback): Likewise. * src/vbox/vbox_tmpl.c (vboxListAllDomains): Likewise. * src/xenxs/xen_sxpr.c (xenFormatSxprDisk, xenFormatSxpr): Likewise. * src/xenxs/xen_xm.c (xenXMConfigGetUUID, xenFormatXMDisk) (xenFormatXM): Likewise.
-
- 23 7月, 2012 1 次提交
-
-
由 Osier Yang 提交于
Per the FSF address could be changed from time to time, and GNU recommends the following now: (http://www.gnu.org/licenses/gpl-howto.html) You should have received a copy of the GNU General Public License along with Foobar. If not, see <http://www.gnu.org/licenses/>. This patch removes the explicit FSF address, and uses above instead (of course, with inserting 'Lesser' before 'General'). Except a bunch of files for security driver, all others are changed automatically, the copyright for securify files are not complete, that's why to do it manually: src/security/security_selinux.h src/security/security_driver.h src/security/security_selinux.c src/security/security_apparmor.h src/security/security_apparmor.c src/security/security_driver.c
-
- 19 7月, 2012 2 次提交
-
-
由 Daniel P. Berrange 提交于
Update the QEMU driver to use virReportError instead of the qemuReportError custom macro Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Peter Krempa 提交于
This patch cleans up some missing "%s" before translation macros, for strings which are const without format specifiers
-
- 11 7月, 2012 1 次提交
-
-
由 Eric Blake 提交于
The only useful translation of "%s" as a format string is "%s" (I suppose you could claim "%1$s" is also valid, but why bother). So it is not worth translating; fixing this exposes some instances where we were failing to translate real error messages. This makes the fix of commit 097da1ab more generic, as well as ensuring no future regressions. * cfg.mk (sc_prohibit_useless_translation): New rule. * src/lxc/lxc_driver.c (lxcSetVcpuBWLive): Fix offender. * src/openvz/openvz_conf.c (openvzReadFSConf): Likewise. * src/qemu/qemu_cgroup.c (qemuSetupCgroupForVcpu): Likewise. * src/qemu/qemu_driver.c (qemuSetVcpusBWLive): Likewise. * src/xenapi/xenapi_utils.c (xenapiSessionErrorHandle): Likewise.
-
- 10 7月, 2012 1 次提交
-
-
由 tangchen 提交于
Signed-off-by: NTang Chen <tangchen@cn.fujitsu.com>
-
- 15 5月, 2012 1 次提交
-
-
由 Osier Yang 提交于
Like for 'static' placement, when the memory policy mode is 'strict', set the memory policy by writing the advisory nodeset returned from numad to cgroup file cpuset.mems,
-
- 04 2月, 2012 1 次提交
-
-
由 Laine Stump 提交于
This eliminates the warning message reported in: https://bugzilla.redhat.com/show_bug.cgi?id=624447 It was caused by a failure to open an image file that is not accessible by root (the uid libvirtd is running as) because it's on a root-squash NFS share, owned by a different user, with permissions of 660 (or maybe 600). The solution is to use virFileOpenAs() rather than open(). The codepath that generates the error is during qemuSetupDiskCGroup(), but the actual open() is in a lower-level generic function called from many places (virDomainDiskDefForeachPath), so some other pieces of the code were touched just to add dummy (or possibly useful) uid and gid arguments. Eliminating this warning message has the nice side effect that the requested operation may even succeed (which in this case isn't necessary, but shouldn't hurt anything either).
-
- 21 12月, 2011 1 次提交
-
-
由 Hu Tao 提交于
This patch also sets cgroup cpuset parameters for numatune.
-
- 01 12月, 2011 1 次提交
-
-
由 Hu Tao 提交于
filter 0-device-weight when: - getting blkio parameters with --config - starting up a domain When testing with blkio, I found these issues: (dom is down) virsh blkiotune dom --device-weights /dev/sda,300,/dev/sdb,500 virsh blkiotune dom --device-weights /dev/sda,300,/dev/sdb,0 virsh blkiotune dom weight : 800 device_weight : /dev/sda,200,/dev/sdb,0 # issue 1: shows 0 device weight of /dev/sdb that may confuse user (continued) virsh start dom # issue 2: If /dev/sdb doesn't exist, libvirt refuses to bring the # dom up because it wants to set the device weight to 0 of a # non-existing device. Since 0 means no weight-limit, we really don't # have to set it.
-
- 30 11月, 2011 1 次提交
-
-
由 Hu Tao 提交于
Implement setting/getting per-device blkio weights in qemu, using the cgroups blkio.weight_device tunable.
-
- 26 7月, 2011 1 次提交
-
-
由 Wen Congyang 提交于
The cpu bandwidth is applied at the vcpu group level. We should apply it at the vm group level too, because the vm may do heavy I/O, and it will affect the other vm. We apply cpu bandwidth at the vcpu and the vm group level, so we must ensure that max(child_quota) <= parent_quota when we modify cpu bandwidth.
-
- 21 7月, 2011 2 次提交
-
-
由 Wen Congyang 提交于
-
由 Wen Congyang 提交于
This patch implements period and quota tunable XML configuration and parsing. A quota or period of zero will be simply ignored.
-
- 13 7月, 2011 1 次提交
-
-
由 Daniel P. Berrange 提交于
The LXC and UML drivers can both make use of auditing. Move the qemu_audit.{c,h} files to src/conf/domain_audit.{c,h} * src/conf/domain_audit.c: Rename from src/qemu/qemu_audit.c * src/conf/domain_audit.h: Rename from src/qemu/qemu_audit.h * src/Makefile.am: Remove qemu_audit.{c,h}, add domain_audit.{c,h} * src/qemu/qemu_audit.h, src/qemu/qemu_cgroup.c, src/qemu/qemu_command.c, src/qemu/qemu_driver.c, src/qemu/qemu_hotplug.c, src/qemu/qemu_migration.c, src/qemu/qemu_process.c: Update for changed audit API names
-
- 08 6月, 2011 1 次提交
-
-
由 Eric Blake 提交于
Detected by Coverity. All existing callers happen to be in range, so this isn't too serious. * src/qemu/qemu_cgroup.c (qemuCgroupControllerActive): Check bounds before dereference.
-
- 12 5月, 2011 1 次提交
-
-
由 Lai Jiangshan 提交于
These VIR_XXXX0 APIs make us confused, use the non-0-suffix APIs instead. How do these coversions works? The magic is using the gcc extension of ##. When __VA_ARGS__ is empty, "##" will swallow the "," in "fmt," to avoid compile error. example: origin after CPP high_level_api("%d", a_int) low_level_api("%d", a_int) high_level_api("a string") low_level_api("a string") About 400 conversions. 8 special conversions: VIR_XXXX0("") -> VIR_XXXX("msg") (avoid empty format) 2 conversions VIR_XXXX0(string_literal_with_%) -> VIR_XXXX(%->%%) 0 conversions VIR_XXXX0(non_string_literal) -> VIR_XXXX("%s", non_string_literal) (for security) 6 conversions Signed-off-by: NLai Jiangshan <laijs@cn.fujitsu.com>
-
- 04 5月, 2011 1 次提交
-
-
由 Eric Blake 提交于
Clang warned about a dead assignment. In the process, I noticed that we are only using the function for a bool value. I audited all other callers in qemu_{migration,cgroup,driver,hotplug), and all were making the call in a bool context. Also, do bounds checking on the argument. * src/qemu/qemu_cgroup.c (qemuSetupCgroup): Delete dead assignment. (qemuCgroupControllerActive): Change return type to bool. * src/qemu/qemu_cgroup.h (qemuCgroupControllerActive): Likewise.
-
- 01 4月, 2011 1 次提交
-
-
由 Osier Yang 提交于
It throws errors as long as the cgroup controller is not available, regardless of whether we really want to use it to do setup or not, which is not what we want, fixing it with throwing error when need to use the controller. And change "VIR_WARN" to "qemuReportError" for memory controller incidentally.
-
- 29 3月, 2011 1 次提交
-
-
由 Osier Yang 提交于
When domain startup, setting cpu affinity and cpu shares according to the cputune xml specified in domain xml. Modify "qemudDomainPinVcpu" to update domain config for vcpupin, and modify "qemuSetSchedulerParameters" to update domain config for cpu shares. v1 - v2: * Use "VIR_ALLOC_N" instead of "VIR_ALLOC_VAR" * But keep raising error when it fails on adding vcpupin xml entry, as I still don't have a better idea yet.
-
- 18 3月, 2011 1 次提交
-
-
由 Nikunj A. Dadhania 提交于
* Correct the documentation for cgroup: the swap_hard_limit indicates mem+swap_hard_limit. * Change cgroup private apis to: virCgroupGet/SetMemSwapHardLimit Signed-off-by: NNikunj A. Dadhania <nikunj@linux.vnet.ibm.com>
-
- 10 3月, 2011 4 次提交
-
-
由 Eric Blake 提交于
Since libvirt always passes /dev/net/tun to qemu via fd, we should never trigger the cases where qemu tries to directly open the device. Therefore, it is safer to deny the cgroup device ACL. * src/qemu/qemu_cgroup.c (defaultDeviceACL): Remove /dev/net/tun. * src/qemu/qemu.conf (cgroup_device_acl): Reflect this change.
-
由 Eric Blake 提交于
* src/qemu/qemu_audit.h (qemuAuditCgroupMajor) (qemuAuditCgroupPath): Add parameter. * src/qemu/qemu_audit.c (qemuAuditCgroupMajor) (qemuAuditCgroupPath): Add 'acl=rwm' to cgroup audit entries. * src/qemu/qemu_cgroup.c: Update clients. * src/qemu/qemu_driver.c (qemudDomainSaveFlag): Likewise.
-
由 Eric Blake 提交于
Adding audit points showed that we were granting too much privilege to qemu; it should not need any mknod rights to recreate any devices. On the other hand, lxc should have all device privileges. The solution is adding a flag parameter. This also lets us restrict write access to read-only disks. * src/util/cgroup.h (virCgroup*Device*): Adjust prototypes. * src/util/cgroup.c (virCgroupAllowDevice) (virCgroupAllowDeviceMajor, virCgroupAllowDevicePath) (virCgroupDenyDevice, virCgroupDenyDeviceMajor) (virCgroupDenyDevicePath): Add parameter. * src/qemu/qemu_driver.c (qemudDomainSaveFlag): Update clients. * src/lxc/lxc_controller.c (lxcSetContainerResources): Likewise. * src/qemu/qemu_cgroup.c: Likewise. (qemuSetupDiskPathAllow): Also, honor read-only disks.
-
由 Eric Blake 提交于
Device names can be manipulated, so it is better to also log the major/minor device number corresponding to the cgroup ACL changes that libvirt made. This required some refactoring of the relatively new qemu cgroup audit code. Also, qemuSetupChardevCgroup was only auditing on failure, not success. * src/qemu/qemu_audit.h (qemuDomainCgroupAudit): Delete. (qemuAuditCgroup, qemuAuditCgroupMajor, qemuAuditCgroupPath): New prototypes. * src/qemu/qemu_audit.c (qemuDomainCgroupAudit): Rename... (qemuAuditCgroup): ...and drop a parameter. (qemuAuditCgroupMajor, qemuAuditCgroupPath): New functions, to allow listing device major/minor in audit. (qemuAuditGetRdev): New helper function. * src/qemu/qemu_driver.c (qemudDomainSaveFlag): Adjust callers. * src/qemu/qemu_cgroup.c (qemuSetupDiskPathAllow) (qemuSetupHostUsbDeviceCgroup, qemuSetupCgroup) (qemuTeardownDiskPathDeny): Likewise. (qemuSetupChardevCgroup): Likewise, fixing missing audit.
-
- 01 3月, 2011 1 次提交
-
-
由 Eric Blake 提交于
When a SPICE or VNC graphics controller is present, and sound is piggybacked over a channel to the graphics device rather than directly accessing host hardware, then there is no need to grant host hardware access to that qemu process. * src/qemu/qemu_cgroup.c (qemuSetupCgroup): Prevent sound with spice, and with vnc when vnc_allow_host_audio is 0. Reported by Daniel Berrange.
-
- 25 2月, 2011 1 次提交
-
-
由 Eric Blake 提交于
* src/qemu/qemu_audit.h (qemuDomainCgroupAudit): New prototype. * src/qemu/qemu_audit.c (qemuDomainCgroupAudit): Implement it. * src/qemu/qemu_driver.c (qemudDomainSaveFlag): Add audit. * src/qemu/qemu_cgroup.c (qemuSetupDiskPathAllow) (qemuSetupChardevCgroup, qemuSetupHostUsbDeviceCgroup) (qemuSetupCgroup, qemuTeardownDiskPathDeny): Likewise.
-