1. 26 1月, 2010 12 次提交
  2. 25 1月, 2010 1 次提交
  3. 23 1月, 2010 2 次提交
    • C
      Fix libvirtd restart for domains with PCI passthrough devices · cdc42d0a
      Chris Lalancette 提交于
      When libvirtd shuts down, it places a <state/> tag in the XML
      state file it writes out for guests with PCI passthrough
      devices.  For devices that are attached at bootup time, the
      state tag is empty.  However, at libvirtd startup time, it
      ignores anything with a <state/> tag in the XML, effectively
      hiding the guest.
      This patch remove the check for VIR_DOMAIN_XML_INTERNAL_STATUS
      when parsing the XML.
      * src/conf/domain_conf.c: remove VIR_DOMAIN_XML_INTERNAL_STATUS
        flag check in virDomainHostdevSubsysPciDefParseXML()
      cdc42d0a
    • C
      qemu: Fix race between device rebind and kvm cleanup · be34c3c7
      Chris Lalancette 提交于
      Certain hypervisors (like qemu/kvm) map the PCI bar(s) on
      the host when doing device passthrough.  This can lead to a race
      condition where the hypervisor is still cleaning up the device while
      libvirt is trying to re-attach it to the host device driver.  To avoid
      this situation, we look through /proc/iomem, and if the hypervisor is
      still holding onto the bar (denoted by the string in the matcher variable),
      then we can wait around a bit for that to clear up.
      
      v2: Thanks to review by DV, make sure we wait the full timeout per-device
      Signed-off-by: NChris Lalancette <clalance@redhat.com>
      be34c3c7
  4. 22 1月, 2010 5 次提交
  5. 21 1月, 2010 20 次提交
    • A
      domMemoryStats / qemu: Fix parsing of unknown stats · 80b4d20d
      Adam Litke 提交于
      Fix a small problem with the qemu memory stats parsing algorithm.  If qemu
      reports a stat that libvirt does not recognize, skip past it so parsing can
      continue.  This corrects a potential infinite loop in the parsing code that can
      only be triggered if new statistics are added to qemu.
      
      * src/qemu/qemu_monitor_text.c: qemuMonitorParseExtraBalloonInfo add a
        skip for extra ','
      80b4d20d
    • D
      Corrected log level of WWN path message · 2dccf5ef
      David Allan 提交于
      * src/node_device/node_device_linux_sysfs.c: open_wwn_file() the
        VIR_ERROR resllay should be just a VIR_DEBUG
      2dccf5ef
    • D
      Fix an error when looking for devices in syspath · e5df24a1
      Daniel Veillard 提交于
      * src/node_device/node_device_udev.c: udevSetupSystemDev() only print the
        error message if lookup failed in both DMI_DEVPATH and DMI_DEVPATH_FALLBACK
      e5df24a1
    • D
      Allow surrounding whitespace in uuid · ca18b710
      Dan Kenigsberg 提交于
      * src/util/uuid.c: extend virUUIDParse to allow leading and trailing
        spaces in UUIDs
      ca18b710
    • J
      avoid more format-related warnings · d47b6e54
      Jim Meyering 提交于
      * src/qemu/qemu_conf.c (qemuBuildDriveStr): Use "%s".
      * src/qemu/qemu_monitor_json.c (qemuMonitorJSONGetGuestPCIAddress):
      (qemuMonitorJSONGetGuestDriveAddress): Likewise.
      d47b6e54
    • J
      avoid format-related warnings · dfff67c0
      Jim Meyering 提交于
      * src/conf/domain_conf.c (virDomainDeviceInfoParseXML): Use "%s".
      dfff67c0
    • D
      Fix off-by-1 in SCSI drive hotplug · 6512d09c
      Daniel P. Berrange 提交于
      The loop looking for the controller associated with a SCI drive had
      an off by one, causing it to miss the last controller.
      
      * src/qemu/qemu_driver.c: Fix off-by-1 in searching for SCSI
        drive hotplug
      6512d09c
    • D
      Fix leak in hotplug code in QEMU driver · e3a0c80f
      Daniel P. Berrange 提交于
      The hotplug code in QEMU was leaking memory because although the
      inner device object was being moved into the main virDomainDefPtr
      config object, the outer container virDomainDeviceDefPtr was not.
      
       * src/qemu/qemu_driver.c: Clarify code to show that the inner
         device object is owned by the main domain config upon
         successfull attach.
      e3a0c80f
    • D
      Add configuration option to turn off dynamic permissions management · 5b6782f9
      Daniel P. Berrange 提交于
      Add the ability to turn off dynamic management of file permissions
      for libvirt guests.
      
      * qemu/libvirtd_qemu.aug: Support 'dynamic_ownership' flag
      * qemu/qemu.conf: Document 'dynamic_ownership' flag.
      * qemu/qemu_conf.c: Load 'dynamic_ownership' flag
      * qemu/test_libvirtd_qemu.aug: Test 'dynamic_ownership' flag
      5b6782f9
    • D
      Fix security driver calls in hotplug cleanup paths · 2df16576
      Daniel P. Berrange 提交于
      The hotplug code was not correctly invoking the security driver
      in error paths. If a hotplug attempt failed, the device would
      be left with VM permissions applied, rather than restored to the
      original permissions. Also, a CDROM media that is ejected was
      not restored to original permissions. Finally there was a bogus
      call to set hostdev permissions in the hostdev unplug code
      
      * qemu/qemu_driver.c: Fix security driver usage in hotplug/unplug
      2df16576
    • D
      Add missing call to re-attach host devices if VM startup fails · b2a2ba71
      Daniel P. Berrange 提交于
      If there is a problem with VM startup, PCI devices may be left
      assigned to pci-stub / pci-back. Adding a call to reattach
      host devices in the cleanup path is required.
      
      * qemu/qemu_driver.c: qemuDomainReAttachHostDevices() when
        VM startup fails
      b2a2ba71
    • D
      Switch QEMU driver over to use the DAC security driver · 3812c7b4
      Daniel P. Berrange 提交于
      Remove all the QEMU driver calls for setting file ownership and
      process uid/gid. Instead wire in the QEMU DAC security driver,
      stacking it ontop of the primary SELinux/AppArmour driver.
      
      * qemu/qemu_driver.c: Switch over to new DAC security driver
      3812c7b4
    • D
      Introduce a new DAC security driver for QEMU · 15f5eaa0
      Daniel P. Berrange 提交于
      This new security driver is responsible for managing UID/GID changes
      to the QEMU process, and any files/disks/devices assigned to it.
      
      * qemu/qemu_conf.h: Add flag for disabling automatic file permission
        changes
      * qemu/qemu_security_dac.h, qemu/qemu_security_dac.c: New DAC driver
        for QEMU guests
      * Makefile.am: Add new files
      15f5eaa0
    • D
      Introduce a stacked security driver impl for QEMU · 80fd73ca
      Daniel P. Berrange 提交于
      * qemu/qemu_conf.h: Add securityPrimaryDriver and
        securitySecondaryDriver fields to 'struct qemud_driver'
      * Makefile.am: Add new files
      * qemu/qemu_security_stacked.c, qemu/qemu_security_stacked.h: A
        simple stacked security driver
      80fd73ca
    • D
      Pull initial disk labelling out into libvirtd instead of exec hook · 08fd20b0
      Daniel P. Berrange 提交于
      Pulling the disk labelling code out of the exec hook, and into
      libvirtd will allow it to access shared state in the daemon. It
      will also make debugging & error reporting easier / more reliable.
      
      * qemu/qemu_driver.c: Move initial disk labelling calls up into
        libvirtd. Add cleanup of disk labels upon failure
      08fd20b0
    • D
      Fix leak of allocated security label · 9c48360b
      Daniel P. Berrange 提交于
      If a VM fails to start, we can't simply free the security label
      strings, we must call the domainReleaseSecurityLabel() method
      otherwise the reserved 'mcs' level will be leaked in SElinux
      
      * src/qemu/qemu_driver.c: Invoke domainReleaseSecurityLabel()
        when domain fails to start
      9c48360b
    • D
      Refactor setup & cleanup of security labels in security driver · 0c0e0d02
      Daniel P. Berrange 提交于
      The current security driver architecture has the following
      split of logic
      
       * domainGenSecurityLabel
      
          Allocate the unique label for the domain about to be started
      
       * domainGetSecurityLabel
      
          Retrieve the current live security label for a process
      
       * domainSetSecurityLabel
      
          Apply the previously allocated label to the current process
          Setup all disk image / device labelling
      
       * domainRestoreSecurityLabel
      
          Restore the original disk image / device labelling.
          Release the unique label for the domain
      
      The 'domainSetSecurityLabel' method is special because it runs
      in the context of the child process between the fork + exec.
      
      This is require in order to set the process label. It is not
      required in order to label disks/devices though. Having the
      disk labelling code run in the child process limits what it
      can do.
      
      In particularly libvirtd would like to remember the current
      disk image label, and only change shared image labels for the
      first VM to start. This requires use & update of global state
      in the libvirtd daemon, and thus cannot run in the child
      process context.
      
      The solution is to split domainSetSecurityLabel into two parts,
      one applies process label, and the other handles disk image
      labelling. At the same time domainRestoreSecurityLabel is
      similarly split, just so that it matches the style. Thus the
      previous 4 methods are replaced by the following 6 new methods
      
       * domainGenSecurityLabel
      
          Allocate the unique label for the domain about to be started
          No actual change here.
      
       * domainReleaseSecurityLabel
      
         Release the unique label for the domain
      
       * domainGetSecurityProcessLabel
      
         Retrieve the current live security label for a process
         Merely renamed for clarity.
      
       * domainSetSecurityProcessLabel
      
         Apply the previously allocated label to the current process
      
       * domainRestoreSecurityAllLabel
      
          Restore the original disk image / device labelling.
      
       * domainSetSecurityAllLabel
      
          Setup all disk image / device labelling
      
      The SELinux and AppArmour drivers are then updated to comply with
      this new spec. Notice that the AppArmour driver was actually a
      little different. It was creating its profile for the disk image
      and device labels in the 'domainGenSecurityLabel' method, where as
      the SELinux driver did it in 'domainSetSecurityLabel'. With the
      new method split, we can have consistency, with both drivers doing
      that in the domainSetSecurityAllLabel method.
      
      NB, the AppArmour changes here haven't been compiled so may not
      build.
      0c0e0d02
    • D
      Make security drivers responsible for checking dynamic vs static labelling · 81fbb4cb
      Daniel P. Berrange 提交于
      The QEMU driver is doing 90% of the calls to check for static vs
      dynamic labelling. Except it is forgetting todo so in many places,
      in particular hotplug is mistakenly assigning disk labels. Move
      all this logic into the security drivers themselves, so the HV
      drivers don't have to think about it.
      
      * src/security/security_driver.h: Add virDomainObjPtr parameter
        to virSecurityDomainRestoreHostdevLabel and to
        virSecurityDomainRestoreSavedStateLabel
      * src/security/security_selinux.c, src/security/security_apparmor.c:
        Add explicit checks for VIR_DOMAIN_SECLABEL_STATIC and skip all
        chcon() code in those cases
      * src/qemu/qemu_driver.c: Remove all checks for VIR_DOMAIN_SECLABEL_STATIC
        or VIR_DOMAIN_SECLABEL_DYNAMIC. Add missing checks for possibly NULL
        driver entry points.
      81fbb4cb
    • D
      Implement support for multi IQN · 6aabcb5b
      David Allan 提交于
      Allows the initiator to use a variety of IQNs rather than just the
      system IQN when creating iSCSI pools.
      * docs/schemas/storagepool.rng: extends the syntax with <iqn name="..."/>
      * src/conf/storage_conf.[ch]: read and stores the iqn name
      * src/storage/storage_backend_iscsi.[ch]: implement the IQN selection
        when detected
      6aabcb5b
    • L
      Fix uses of virFileMakePath · 623bc48a
      Laine Stump 提交于
      * src/lxc/lxc_container.c src/lxc/lxc_controller.c src/lxc/lxc_driver.c
        src/network/bridge_driver.c src/qemu/qemu_driver.c
        src/uml/uml_driver.c: virFileMakePath returns 0 for success, or the
        value of errno on failure, so error checking should be to test
        if non-zero, not if lower than 0
      623bc48a