- 16 4月, 2019 15 次提交
-
-
由 Michal Privoznik 提交于
We're setting seclabels on unix sockets but never restoring them. Surprisingly, we are doing so in SELinux driver. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Pino Toscano 提交于
Reviewed-by: NCole Robinson <crobinso@redhat.com> Signed-off-by: NPino Toscano <ptoscano@redhat.com>
-
由 Pino Toscano 提交于
When writing the VMX file from the domain XML, write the firmware key according to the firmware autoselection. Though, at the moment only 'efi' is supported. Reviewed-by: NCole Robinson <crobinso@redhat.com> Signed-off-by: NPino Toscano <ptoscano@redhat.com>
-
由 Pino Toscano 提交于
Convert the firmware key to a type of autoselected firmware. Only the 'efi' firmware is allowed for now, in case the key is present. It seems VMware (at least ESXi) does not write the key in VMX files when setting BIOS as firmware. Reviewed-by: NCole Robinson <crobinso@redhat.com> Signed-off-by: NPino Toscano <ptoscano@redhat.com>
-
由 Laine Stump 提交于
The network driver used to reload the firewall rules whenever a dbus NameOwnerChanged message for org.fedoraproject.FirewallD1 was received. Presumably at some point in the past this was successful at reloading our rules after a firewalld restart. Recently though I noticed that once firewalld was restarted, libvirt's logs would get this message: The name org.fedoraproject.FirewallD1 was not provided by any .service files After this point, no networks could be started until libvirtd itself was restarted. The problem is that the NameOwnerChanged message is sent twice during a firewalld restart - once when the old firewalld is stopped, and again when the new firewalld is started. If we try to reload at the point the old firewalld is stopped, none of the firewalld dbus calls will succeed. The solution is to check the new_owner field of the message - we should reload our firewall rules only if new_owner is non-empty (it is set to "" when firewalld is stopped, and some sort of epoch number when it is again started). Signed-off-by: NLaine Stump <laine@laine.org> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Laine Stump 提交于
When virDBusMessageRead() and virDBusMessageDecode were first added in commit 834c9c94, they were identical except that virDBusMessageRead() would unref the message after decoding it. This difference was eliminated later in commit dc7f3ffc after it became apparent that unref-ing the message so soon was never the right thing to do. The two identical functions remained though, with the tests and virDBus library itself calling the Decode variant, and all other users calling the Read variant. This patch eliminates the duplication, switching all users to virDBusMessageDecode (and moving the nice API documentation comment from the Read function up to the Decode function). Signed-off-by: NLaine Stump <laine@laine.org> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
Support for compiling this version was dropped in an earlier commit. Reviewed-by: NAndrea Bolognani <abologna@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
Support for compiling this version was dropped in an earlier commit. Reviewed-by: NAndrea Bolognani <abologna@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
Support for compiling this version was dropped in an earlier commit. Reviewed-by: NAndrea Bolognani <abologna@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
Support for compiling this version was dropped in an earlier commit. Reviewed-by: NAndrea Bolognani <abologna@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
Support for compiling this version was dropped in an earlier commit. Reviewed-by: NAndrea Bolognani <abologna@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
Support for compiling this version was dropped in an earlier commit. Reviewed-by: NAndrea Bolognani <abologna@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
Support for all the 4.x releases was ended by VirtualBox maintainers in Dec 2015. Even the "newest" 4.3.40 of those is only supported on old versions of Linux (Ubuntu <= 13.03, RHEL <= 6, SLES <= 11), which are all discontinued hosts from libvirt's POV. We can thus reasonably drop all 4.x support from the libvirt VirtualBox driver. Reviewed-by: NAndrea Bolognani <abologna@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
Since: commit 9f4e35dc Author: Daniel P. Berrangé <berrange@redhat.com> Date: Mon Mar 18 17:31:21 2019 +0000 network: improve error report when firewall chain creation fails We cache an error when failing to create the top level firewall chains. This commit failed to account for fact that we may invoke networkPreReloadFirewallRules() many times while libvirtd is running. For example when firewalld is restarted. When this happens the original failure may no longer occurr and we'll successfully create our top level chains. We failed to clear the cached error resulting in us failing to start virtual networks. Reviewed-by: NLaine Stump <laine@laine.org> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Andrea Bolognani 提交于
The table included in the sample output for 'list --title' is unnecessarily wide, which causes man to complain: warning [p 8, 0.5i]: can't break line Make the table narrower. Spotted by Lintian (manpage-has-errors-from-man tag). Signed-off-by: NAndrea Bolognani <abologna@redhat.com> Acked-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 15 4月, 2019 14 次提交
-
-
由 Andrea Bolognani 提交于
Apparently "allow(s) to frobnicate" is not correct English, and either "allow(s) one to frobnicate" or "allow(s) frobnicating" should be used instead. Spotted by Lintian (spelling-error-in-{binary,manpage} tags). Signed-off-by: NAndrea Bolognani <abologna@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com>
-
由 Andrea Bolognani 提交于
Spotted by Lintian (manpage-has-bad-whatis-entry tag). Signed-off-by: NAndrea Bolognani <abologna@redhat.com> Reviewed-by: NMartin Kletzander <mkletzan@redhat.com>
-
由 Andrea Bolognani 提交于
We need commit 6280c94f306d in order to fix our generated man pages. Signed-off-by: NAndrea Bolognani <abologna@redhat.com> Reviewed-by: NMartin Kletzander <mkletzan@redhat.com>
-
由 Andrea Bolognani 提交于
Signed-off-by: NAndrea Bolognani <abologna@redhat.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Jiri Denemark 提交于
My earlier commit be46f613 was incomplete. It removed caching of microcode version in the CPU driver, which means the capabilities XML will see the correct microcode version. But it is also cached in the QEMU capabilities cache where it is used to detect whether we need to reprobe QEMU. By missing the second place, the original commit be46f613 made the situation even worse since libvirt would report correct microcode version while still using the old host CPU model (visible in domain capabilities XML). Signed-off-by: NJiri Denemark <jdenemar@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Ján Tomko 提交于
Support for kqemu was dropped in libvirt by commit 8e91a400 and even back then we never set these capabilities when doing QMP probing. Since no QEMU we aim to support has these, drop them completely. Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NAndrea Bolognani <abologna@redhat.com>
-
由 Martin Kletzander 提交于
This is a zero-cost workaround for a bug in GCC 8.3.0 which causes the compilation to fail, because the compiler thinks that the value might be used uninitialized even though it clearly cannot be. Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
-
由 Andrea Bolognani 提交于
Though it used to be called "Mac OS X" and "OS X" in the past, it was never "MacOS X" nor "OS-X", and it's just "macOS" now. Signed-off-by: NAndrea Bolognani <abologna@redhat.com>
-
由 Andrea Bolognani 提交于
We have occasionally failed to document certain categories of changes in the release notes, yet still left the corresponding sections in the file even though they were completely empty. Signed-off-by: NAndrea Bolognani <abologna@redhat.com>
-
由 Michal Privoznik 提交于
In e17d1038 these functions were mistakenly moved into an #ifdef block, but remained used outside of it leaving the build broken for platforms where #ifdef evaluated to false. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NJiri Denemark <jdenemar@redhat.com>
-
由 Michal Privoznik 提交于
Model specific registers are a thing only on x86. Also, the /dev/cpu/0/msr path exists only on Linux and the fallback mechanism (asking KVM) exists on Linux and FreeBSD only. Therefore, move the function within #ifdef that checks all aforementioned constraints and provide a dummy stub for all other cases. This fixes the build on my arm box, mingw-* builds, etc. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NJiri Denemark <jdenemar@redhat.com>
-
由 Michal Privoznik 提交于
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NJiri Denemark <jdenemar@redhat.com>
-
由 Daniel Henrique Barboza 提交于
The NVIDIA V100 GPU has an onboard RAM that is mapped into the host memory and accessible as normal RAM via an NVLink2 bridge. When passed through in a guest, QEMU puts the NVIDIA RAM window in a non-contiguous area, above the PCI MMIO area that starts at 32TiB. This means that the NVIDIA RAM window starts at 64TiB and go all the way to 128TiB. This means that the guest might request a 64-bit window, for each PCI Host Bridge, that goes all the way to 128TiB. However, the NVIDIA RAM window isn't counted as regular RAM, thus this window is considered only for the allocation of the Translation and Control Entry (TCE). For more information about how NVLink2 support works in QEMU, refer to the accepted implementation [1]. This memory layout differs from the existing VFIO case, requiring its own formula. This patch changes the PPC64 code of @qemuDomainGetMemLockLimitBytes to: - detect if we have a NVLink2 bridge being passed through to the guest. This is done by using the @ppc64VFIODeviceIsNV2Bridge function added in the previous patch. The existence of the NVLink2 bridge in the guest means that we are dealing with the NVLink2 memory layout; - if an IBM NVLink2 bridge exists, passthroughLimit is calculated in a different way to account for the extra memory the TCE table can alloc. The 64TiB..128TiB window is more than enough to fit all possible GPUs, thus the memLimit is the same regardless of passing through 1 or multiple V100 GPUs. Further reading explaining the background [1] https://lists.gnu.org/archive/html/qemu-devel/2019-03/msg03700.html [2] https://www.redhat.com/archives/libvir-list/2019-March/msg00660.html [3] https://www.redhat.com/archives/libvir-list/2019-April/msg00527.htmlSigned-off-by: NDaniel Henrique Barboza <danielhb413@gmail.com> Reviewed-by: NErik Skultety <eskultet@redhat.com>
-
由 Daniel Henrique Barboza 提交于
The NVLink2 support in QEMU implements the detection of NVLink2 capable devices by verifying the attributes of the VFIO mem region QEMU allocates for the NVIDIA GPUs. To properly allocate an adequate amount of memLock, Libvirt needs this information before a QEMU instance is even created, thus querying QEMU is not possible and opening a VFIO window is too much. An alternative is presented in this patch. Making the following assumptions: - if we want GPU RAM to be available in the guest, an NVLink2 bridge must be passed through; - an unknown PCI device can be classified as a NVLink2 bridge if its device tree node has 'ibm,gpu', 'ibm,nvlink', 'ibm,nvlink-speed' and 'memory-region'. This patch introduces a helper called @ppc64VFIODeviceIsNV2Bridge that checks the device tree node of a given PCI device and check if it meets the criteria to be a NVLink2 bridge. This new function will be used in a follow-up patch that, using the first assumption, will set up the rlimits of the guest accordingly. Signed-off-by: NDaniel Henrique Barboza <danielhb413@gmail.com>
-
- 14 4月, 2019 1 次提交
-
-
由 Michal Privoznik 提交于
In 2878278c we've added new cpu model but we've forgot to distribute the XML file it comes in. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 13 4月, 2019 10 次提交
-
-
由 Martin Kletzander 提交于
This does not cause a problem in usual scenarios thanks to us allowing CAP_DAC_OVERRIDE for the qemu process, however in some scenarios this might be an issue because the directory is created with mkdtemp(3) which explicitly creates that with 0700 permissions and qemu running as non-root cannot access that. The scenarios include: - Builds without CAPNG - Running libvirtd in certain container configurations [1] - and possibly others. [1] https://github.com/kubevirt/kubevirt/pull/2181#issuecomment-481840304Signed-off-by: NMartin Kletzander <mkletzan@redhat.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Jiri Denemark 提交于
The new virHostCPUGetMSR internal API will try to read the MSR from /dev/cpu/0/msr and if it is not possible (the device does not exist or libvirt is running unprivileged), it will fallback to asking KVM for the MSR using KVM_GET_MSRS ioctl. Signed-off-by: NJiri Denemark <jdenemar@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Jiri Denemark 提交于
Signed-off-by: NJiri Denemark <jdenemar@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Jiri Denemark 提交于
The script just parses whatever cpu-gather.sh printed out. Signed-off-by: NJiri Denemark <jdenemar@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Jiri Denemark 提交于
This patch adds an inline python code for reading MSR features. Since reading MSRs is a privileged operation, we have to read them from /dev/cpu/*/msr if it is readable (i.e., the script runs as root) or fallback to using KVM ioctl which can be done by any user that can start virtual machines. The python code is inlined rather than provided in a separate script because whenever there's an issue with proper detection of CPU features, we ask the reporter to run cpu-gather.sh script to give us all data we need to know about the host CPU. Asking them to run several scripts would likely result in one of them being ignored or forgotten. Signed-off-by: NJiri Denemark <jdenemar@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Jiri Denemark 提交于
The parseMapFeature for parsing features from CPU map XML can be easily generalized to support more feature types. Signed-off-by: NJiri Denemark <jdenemar@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Jiri Denemark 提交于
Let's make sure the current CPUID specific code is only applied to CPUID features. Signed-off-by: NJiri Denemark <jdenemar@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Jiri Denemark 提交于
This will let us simplify the code since the dictionary keys will match attribute names in various XMLs. Signed-off-by: NJiri Denemark <jdenemar@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Jiri Denemark 提交于
leaf["eax"] & eax > 0 check works correctly only if there's at most 1 bit set in eax. Luckily that's been always the case, but fixing this could save us from future surprises. Signed-off-by: NJiri Denemark <jdenemar@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Jiri Denemark 提交于
The function will have to deal with both CPUID and MSR features. Signed-off-by: NJiri Denemark <jdenemar@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-