- 06 6月, 2018 1 次提交
-
-
由 Stefan Berger 提交于
This patch adds support for an external swtpm TPM emulator. The XML for this type of TPM looks as follows: <tpm model='tpm-tis'> <backend type='emulator'/> </tpm> The XML will currently only define a TPM 1.2. Extend the documentation. Add a test case testing the XML parser and formatter. Signed-off-by: NStefan Berger <stefanb@linux.vnet.ibm.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
- 11 5月, 2018 1 次提交
-
-
由 Michal Privoznik 提交于
Just like in previous commit, qemu-pr-helper might want to open /dev/mapper/control under certain circumstances. Therefore we have to allow it in cgroups. The change virdevmapper.c might look spurious but it isn't. After 6dd84f68 any path that we're allowing in deivces CGroup is subject to virDevMapperGetTargets() inspection. And libdevmapper returns ENXIO for the path from subject. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
-
- 05 4月, 2018 1 次提交
-
-
由 Michal Privoznik 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=1557769 Problem with device mapper targets is that there can be several other devices 'hidden' behind them. For instance, /dev/dm-1 can consist of /dev/sda, /dev/sdb and /dev/sdc. Therefore, when setting up devices CGroup and namespaces we have to take this into account. This bug was exposed after Linux kernel was fixed. Initially, kernel used different functions for getting block device in open() and ioctl(). While CGroup permissions were checked in the former case, due to a bug in kernel they were not checked in the latter case. This changed with the upstream commit of 519049afead4f7c3e6446028c41e99fde958cc04 (v4.16-rc5~11^2~4). Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 31 1月, 2018 1 次提交
-
-
由 Martin Kletzander 提交于
The virresctrl will use this as well and we need to have that info after restart to properly clean up /sys/fs/resctrl. Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
-
- 04 1月, 2018 1 次提交
-
-
由 Eduardo Habkost 提交于
All calls to virDomainAuditCgroupPath() were passing 'rc == 0' as argument, when it was supposed to pass the 'rc' value directly. As a consequence, the audit events that were supposed to be logged (actual cgroup changes) were never being logged, and bogus audit events were logged when using regular files as disk image. Fix all calls to use the return value of virCgroup{Allow,Deny}Device*() directly as the 'rc' argument. Signed-off-by: NEduardo Habkost <ehabkost@redhat.com> Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 25 11月, 2017 1 次提交
-
-
由 Ján Tomko 提交于
Export qemuSetupInputCgroup and introduce qemuTeardownInputCgroup for hotunplug.
-
- 17 10月, 2017 1 次提交
-
-
由 Peter Krempa 提交于
Add helpers that will simplify checking if a backing file is valid or whether it has backing store. The helper virStorageSourceIsBacking returns true if the given virStorageSource is a valid backing store member. virStorageSourceHasBacking returns true if the virStorageSource has a backing store child. Adding these functions creates a central points for further refactors.
-
- 26 7月, 2017 1 次提交
-
-
由 Martin Kletzander 提交于
Since commit 2e6ecba1, the pointer to the qemu driver is saved in domain object's private data and hence does not have to be passed as yet another parameter if domain object is already one of them. This is a first (example) patch of this kind of clean up, others will hopefully follow. Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
-
- 25 7月, 2017 1 次提交
-
-
由 Martin Kletzander 提交于
It is more related to a domain as we might use it even when there is no systemd and it does not use any dbus/systemd functions. In order not to use code from conf/ in util/ pass machineName in cgroups code as a parameter. That also fixes a leak of machineName in the lxc driver and cleans up and de-duplicates some code. Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
-
- 15 3月, 2017 1 次提交
-
-
由 Michal Privoznik 提交于
Some users might want to pass a blockdev or a chardev as a backend for NVDIMM. In fact, this is expected to be the mostly used configuration. Therefore libvirt should allow the device in devices CGroup then. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 23 2月, 2017 1 次提交
-
-
由 Michal Privoznik 提交于
When a domain needs an access to some device (be it a disk, RNG, chardev, whatever), we have to allow it in the devices CGroup (if it is available), because by default we disallow all the devices. But some of the functions that are responsible for setting up devices CGroup are lacking check whether there is any CGroup available. Thus users might be unable to hotplug some devices: virsh # attach-device fedora rng.xml error: Failed to attach device from rng.xml error: internal error: Controller 'devices' is not mounted Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 20 2月, 2017 7 次提交
-
-
由 Michal Privoznik 提交于
When enabling virgl, qemu opens /dev/dri/render*. So far, we are not allowing that in devices CGroup nor creating the file in domain's namespace and thus requiring users to set the paths in qemu.conf. This, however, is suboptimal as it allows access to ALL qemu processes even those which don't have virgl configured. Now that we have a way to specify render node that qemu will use we can be more cautious and enable just that. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Michal Privoznik 提交于
So far, qemuDomainGetHostdevPath has no knowledge of the reasong it is called and thus reports /dev/vfio/vfio for every VFIO backed device. This is suboptimal, as we want it to: a) report /dev/vfio/vfio on every addition or domain startup b) report /dev/vfio/vfio only on last VFIO device being unplugged If a domain is being stopped then namespace and CGroup die with it so no need to worry about that. I mean, even when a domain that's exiting has more than one VFIO devices assigned to it, this function does not clean /dev/vfio/vfio in CGroup nor in the namespace. But that doesn't matter. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
-
由 Michal Privoznik 提交于
So far, we are allowing /dev/vfio/vfio in the devices cgroup unconditionally (and creating it in the namespace too). Even if domain has no hostdev assignment configured. This is potential security hole. Therefore, when starting the domain (or hotplugging a hostdev) create & allow /dev/vfio/vfio too (if needed). Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
-
由 Michal Privoznik 提交于
Since these two functions are nearly identical (with qemuSetupHostdevCgroup actually calling virCgroupAllowDevicePath) we can have one function call the other and thus de-duplicate some code. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
-
由 Michal Privoznik 提交于
There's no need for this function. Currently it is passed as a callback to virSCSIVHostDeviceFileIterate(). However, SCSI host devices have just one file path. Therefore we can mimic approach used in qemuDomainGetHostdevPath() to get path and call virCgroupAllowDevicePath() directly. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
-
由 Michal Privoznik 提交于
There's no need for this function. Currently it is passed as a callback to virSCSIDeviceFileIterate(). However, SCSI devices have just one file path. Therefore we can mimic approach used in qemuDomainGetHostdevPath() to get path and call virCgroupAllowDevicePath() directly. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
-
由 Michal Privoznik 提交于
There's no need for this function. Currently it is passed as a callback to virUSBDeviceFileIterate(). However, USB devices have just one file path. Therefore we can mimic approach used in qemuDomainGetHostdevPath() to get path and call virCgroupAllowDevicePath() directly. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
-
- 15 12月, 2016 1 次提交
-
-
由 Michal Privoznik 提交于
This is a list of devices that qemu needs for its run (apart from what's configured for domain). The devices on the list are enabled in the CGroups by default so they will be good candidates for initial /dev for new qemu. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 25 11月, 2016 3 次提交
-
-
由 Boris Fiuczynski 提交于
If libvirt is compiled without NUMACTL support starting libvirtd reports a libvirt internal error "NUMA isn't available on this host" without checking if NUMA support is compiled into the libvirt binaries. This patch adds the missing NUMA support check to prevent the internal error. It also includes a check if the cgroup controller cpuset is available before using it. The error was noticed when libvirtd was restarted with running domains and on libvirtd start the qemuConnectCgroup gets called during qemuProcessReconnect. Signed-off-by: NBoris Fiuczynski <fiuczy@linux.vnet.ibm.com> Reviewed-by: NBjoern Walk <bwalk@linux.vnet.ibm.com>
-
由 Eric Farman 提交于
Open /dev/vhost-scsi, and record the resulting file descriptor, so that the guest has access to the host device outside of the libvirt daemon. Pass this information, along with data parsed from the XML file, to build a device string for the qemu command line. That device string will be for either a vhost-scsi-ccw device in the case of an s390 machine, or vhost-scsi-pci for any others. Signed-off-by: NEric Farman <farman@linux.vnet.ibm.com>
-
由 Eric Farman 提交于
We already have a "scsi" hostdev subsys type, which refers to a single LUN that is passed through to a guest. But what of things where multiple LUNs are passed through via a single SCSI HBA, such as with the vhost-scsi target? Create a new hostdev subsys type that will carry this. Signed-off-by: NEric Farman <farman@linux.vnet.ibm.com>
-
- 23 11月, 2016 2 次提交
-
-
由 Michal Privoznik 提交于
Just like in the previous commit, we are not updating CGroups on chardev hot(un-)plug and thus leaving qemu unable to access any non-default device users are trying to hotplug. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Michal Privoznik 提交于
If users try to hotplug RNG device with a backend different to /dev/random or /dev/urandom the whole operation fails as qemu is unable to access the device. The problem is we don't update device CGroups during the operation. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 12 11月, 2016 1 次提交
-
-
由 Eric Farman 提交于
As was suggested in an earlier review comment[1], we can catch some additional code points by cleaning up how we use the hostdev subsystem type in some switch statements. [1] End of https://www.redhat.com/archives/libvir-list/2016-September/msg00399.htmlSigned-off-by: NEric Farman <farman@linux.vnet.ibm.com> Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
-
- 22 10月, 2016 1 次提交
-
-
由 John Ferlan 提交于
Change the virDomainChrDef to use a pointer to 'source' and allocate that pointer during virDomainChrDefNew. This has tremendous "fallout" in the rest of the code which mainly has to change source.$field to source->$field. Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
-
- 14 9月, 2016 1 次提交
-
-
由 Peter Krempa 提交于
Name it virNumaGetHostMemoryNodeset and return only NUMA nodes which have memory installed. This is necessary as the kernel is not very happy to set the memory cgroup setting for nodes which do not have any memory. This would break vcpu hotplug with following message on such configruation: Invalid value '0,8' for 'cpuset.mems': Invalid argument Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1375268
-
- 13 9月, 2016 1 次提交
-
-
由 Peter Krempa 提交于
-
- 07 9月, 2016 1 次提交
-
-
由 Peter Krempa 提交于
When hot-adding vcpus qemu needs to allocate some structures in the DMA zone which may be outside of the numa pinning. Extract the code doing this in a set of helpers so that it can be reused.
-
- 11 7月, 2016 1 次提交
-
-
由 Peter Krempa 提交于
-
- 23 5月, 2016 1 次提交
-
- 19 5月, 2016 1 次提交
-
-
由 Ján Tomko 提交于
QEMU needs access to the /dev/dri/render* device for virgl to work. Allow access to all /dev/dri/* devices for domains with <video> <model type='virtio' heads='1' primary='yes'> <acceleration accel3d='yes'/> </model> </video> https://bugzilla.redhat.com/show_bug.cgi?id=1337290
-
- 11 4月, 2016 1 次提交
-
-
由 Martin Kletzander 提交于
Commit c3bd0019 forgot to cleanup after itself. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1325043Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
-
- 01 3月, 2016 2 次提交
-
-
由 Alexander Burluka 提交于
This functions setups per-domain cpu bandwidth parameters Signed-off-by: NAlexander Burluka <aburluka@virtuozzo.com>
-
由 Peter Krempa 提交于
Similarly to the refactors to iothreads and vcpus, move the code that initializes the emulator thread settings into single function.
-
- 18 2月, 2016 1 次提交
-
-
由 Bjoern Walk 提交于
Fix logic error introduced in commit d6c91b3c which essentially broke starting any domain. Signed-off-by: NBjoern Walk <bwalk@linux.vnet.ibm.com>
-
- 17 2月, 2016 4 次提交
-
-
由 Peter Krempa 提交于
oVirt wants to use OVMF images on top of lvm for their 'logical' storage thus we should set up device ACLs for them so it will actually work. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1305922
-
由 Peter Krempa 提交于
They will later be reused for setting cgroup for other image backed devices.
-
由 Peter Krempa 提交于
Separate the Teardown and Setup code paths into separate helpers.
-
由 Peter Krempa 提交于
For other objects we use the two functions rather than one with a bool. Convert qemuSetImageCgroup to the same approach.
-