1. 09 11月, 2010 1 次提交
    • D
      Support SPICE channel security options · b0ef5c53
      Daniel P. Berrange 提交于
      This extends the SPICE XML to allow channel security options
      
          <graphics type='spice' port='-1' tlsPort='-1' autoport='yes'>
            <channel name='main' mode='secure'/>
            <channel name='record' mode='insecure'/>
          </graphics>
      
      Any non-specified channel uses the default, which allows both
      secure & insecure usage
      
      * src/conf/domain_conf.c, src/conf/domain_conf.h,
        src/libvirt_private.syms: Add XML syntax for specifying per
        channel security options for spice.
      * src/qemu/qemu_conf.c: Configure channel security with spice
      b0ef5c53
  2. 08 11月, 2010 1 次提交
    • D
      Add a sysinfo util module and read host info API · 778c0976
      Daniel Veillard 提交于
      Move existing routines about virSysinfoDef to an util module,
      add a new entry point virSysinfoRead() to read the host values
      with dmidecode
      
      * src/conf/domain_conf.c src/conf/domain_conf.h src/util/sysinfo.c
        src/util/sysinfo.h: move to a new module, add virSysinfoRead()
      * src/Makefile.am: handle the new module build
      * src/libvirt_private.syms: new internal symbols
      * include/libvirt/virterror.h src/util/virterror.c: defined a new
        error code for that module
      * po/POTFILES.in: add new file for translations
      778c0976
  3. 02 11月, 2010 2 次提交
  4. 29 10月, 2010 1 次提交
    • L
      qemu_driver: add virCgroupMounted · 41b2cee2
      Lai Jiangshan 提交于
      When we mount any cgroup without "-o devices", we will fail to start vms:
      
      error: Failed to start domain vm1
      error: Unable to deny all devices for vm1: No such file or directory
      
      When we mount any cgroup without "-o cpu", we will fail to get schedinfo:
      Scheduler      : posix
      error: unable to get cpu shares tunable: No such file or directory
      
      We should only use the cgroup controllers which are mounted on host.
      So I add virCgroupMounted() for qemuCgroupControllerActive()
      Signed-off-by: NLai Jiangshan <laijs@cn.fujitsu.com>
      41b2cee2
  5. 28 10月, 2010 2 次提交
  6. 22 10月, 2010 1 次提交
    • D
      Expand virSocketFormat to be more flexible · 497adba2
      Daniel P. Berrange 提交于
      The getnameinfo() function is more flexible than inet_ntop()
      avoiding the need to if/else the code based on socket family.
      Also make it support UNIX socket addrs and allow inclusion
      of a port (service) address. Finally do proper error reporting
      via normal APIs.
      
      * src/conf/domain_conf.c, src/nwfilter/nwfilter_ebiptables_driver.c,
        src/qemu/qemu_conf.c: Fix error handling with virSocketFormat
      * src/util/network.c: Rewrite virSocketFormat to use getnameinfo
        and cope with UNIX socket addrs.
      497adba2
  7. 21 10月, 2010 1 次提交
    • E
      maint: sort private sym lists · 134bcb62
      Eric Blake 提交于
      * src/libvirt_private.syms: Sort by header name, then within
      header, and drop duplicate virNetworkDefParseNode,
      virFileLinkPointsTo and virXPathBoolean.
      134bcb62
  8. 20 10月, 2010 1 次提交
    • D
      Fix symbol exports & remove duplicated libvirt_util.la linkage · 9bd3cce0
      Daniel P. Berrange 提交于
      The libvirt_util.la library was mistakenly linked into libvirtd
      directly. Since libvirt_util.la is already linked to libvirt.so,
      this resulted in libvirtd getting two copies of the code and
      more critically 2 copies of static global variables.
      
      Testing in turn exposed a issue with loadable modules. The
      gnulib replacement functions are not exported to loadable
      modules. Rather than trying to figure out the name sof all
      gnulib functions & export them, just linkage all loadable
      modules against libgnu.la statically.
      
      * daemon/Makefile.am: Remove linkage of libvirt_util.la
        and libvirt_driver.la
      * src/Makefile.am: Link driver modules against libgnu.la
      * src/libvirt.c: Don't try to load modules which were
        compiled out
      * src/libvirt_private.syms: Export all other internal
        symbols that are required  by drivers
      9bd3cce0
  9. 19 10月, 2010 1 次提交
    • S
      Introduce VIR_CLOSE to be used rather than close() · f04de501
      Stefan Berger 提交于
      Since bugs due to double-closed file descriptors are difficult to track down in a multi-threaded system, I am introducing the VIR_CLOSE(fd) macro to help avoid mistakes here.
      
      There are lots of places where close() is being used. In this patch I am only cleaning up usage of close() in src/conf where the problems were.
      
      I also dare to declare close() as being deprecated in libvirt code base (HACKING).
      f04de501
  10. 13 10月, 2010 3 次提交
    • D
      Enable support for nested SVM · f98a6cd6
      Daniel P. Berrange 提交于
      This enables support for nested SVM using the regular CPU
      model/features block. If the CPU model or features include
      'svm', then the '-enable-nesting' flag will be added to the
      QEMU command line. Latest out of tree patches for nested
      'vmx', no longer require the '-enable-nesting' flag. They
      instead just look at the cpu features. Several of the models
      already include svm support, but QEMU was just masking out
      the svm bit silently. So this will enable SVM on such
      models
      
      * src/qemu/qemu_conf.h: flag for -enable-nesting
      * src/qemu/qemu_conf.c: Use -enable-nesting if VMX or SVM are in
        the CPUID
      * src/cpu/cpu.h, src/cpu/cpu.c: API to check for a named feature
      * src/cpu/cpu_x86.c: x86 impl of feature check
      * src/libvirt_private.syms: Add cpuHasFeature
      * src/qemuhelptest.c: Add nesting flag where required
      f98a6cd6
    • S
      nwfilter: resolve deadlock between VM ops and filter update · 4435f3c4
      Stefan Berger 提交于
       This is from a bug report and conversation on IRC where Soren reported that while a filter update is occurring on one or more VMs (due to a rule having been edited for example), a deadlock can occur when a VM referencing a filter is started.
      
      The problem is caused by the two locking sequences of
      
      qemu driver, qemu domain, filter             # for the VM start operation
      filter, qemu_driver, qemu_domain            # for the filter update operation
      
      that obviously don't lock in the same order. The problem is the 2nd lock sequence. Here the qemu_driver lock is being grabbed in qemu_driver:qemudVMFilterRebuild()
      
      The following solution is based on the idea of trying to re-arrange the 2nd sequence of locks as follows:
      
      qemu_driver, filter, qemu_driver, qemu_domain
      
      and making the qemu driver recursively lockable so that a second lock can occur, this would then lead to the following net-locking sequence
      
      qemu_driver, filter, qemu_domain
      
      where the 2nd qemu_driver lock has been ( logically ) eliminated.
      
      The 2nd part of the idea is that the sequence of locks (filter, qemu_domain) and (qemu_domain, filter) becomes interchangeable if all code paths where filter AND qemu_domain are locked have a preceding qemu_domain lock that basically blocks their concurrent execution
      
      So, the following code paths exist towards qemu_driver:qemudVMFilterRebuild where we now want to put a qemu_driver lock in front of the filter lock.
      
      -> nwfilterUndefine()   [ locks the filter ]
          -> virNWFilterTestUnassignDef()
              -> virNWFilterTriggerVMFilterRebuild()
                  -> qemudVMFilterRebuild()
      
      -> nwfilterDefine()
          -> virNWFilterPoolAssignDef() [ locks the filter ]
              -> virNWFilterTriggerVMFilterRebuild()
                  -> qemudVMFilterRebuild()
      
      -> nwfilterDriverReload()
          -> virNWFilterPoolLoadAllConfigs()
              ->virNWFilterPoolObjLoad()
                  -> virNWFilterPoolAssignDef() [ locks the filter ]
                      -> virNWFilterTriggerVMFilterRebuild()
                          -> qemudVMFilterRebuild()
      
      -> nwfilterDriverStartup()
          -> virNWFilterPoolLoadAllConfigs()
              ->virNWFilterPoolObjLoad()
                  -> virNWFilterPoolAssignDef() [ locks the filter ]
                      -> virNWFilterTriggerVMFilterRebuild()
                          -> qemudVMFilterRebuild()
      
      Qemu is not the only driver using the nwfilter driver, but also the UML driver calls into it. Therefore qemuVMFilterRebuild() can be exchanged with umlVMFilterRebuild() along with the driver lock of qemu_driver that can now be a uml_driver. Further, since UML and Qemu domains can be running on the same machine, the triggering of a rebuild of the filter can touch both types of drivers and their domains.
      
      In the patch below I am now extending each nwfilter callback driver with functions for locking and unlocking the (VM) driver (UML, QEMU) and introduce new functions for locking all registered callback drivers and unlocking them. Then I am distributing the lock-all-cbdrivers/unlock-all-cbdrivers call into the above call paths. The last shown callpath starting with nwfilterDriverStart() is problematic since it is initialize before the Qemu and UML drives are and thus a lock in the path would result in a NULL pointer attempted to be locked -- the call to virNWFilterTriggerVMFilterRebuild() is never called, so we never lock either the qemu_driver or the uml_driver in that path. Therefore, only the first 3 paths now receive calls to lock and unlock all callback drivers. Now that the locks are distributed where it matters I can remove the qemu_driver and uml_driver lock from qemudVMFilterRebuild() and umlVMFilterRebuild() and not requiring the recursive locks.
      
      For now I want to put this out as an RFC patch. I have tested it by 'stretching' the critical section after the define/undefine functions each lock the filter so I can (easily) concurrently execute another VM operation (suspend,start). That code is in this patch and if you want you can de-activate it. It seems to work ok and operations are being blocked while the update is being done.
      I still also want to verify the other assumption above that locking filter and qemu_domain always has a preceding qemu_driver lock.
      4435f3c4
    • N
      Implement cgroup memory controller tunables · 5f481e4d
      Nikunj A. Dadhania 提交于
      Provides interfaces for setting/getting memory tunables like hard_limit,
      soft_limit and swap_hard_limit
      5f481e4d
  11. 12 10月, 2010 1 次提交
    • E
      util: add missing export · 412b62d2
      Eric Blake 提交于
      Commit 1fe2927a forgot to export a symbol.
      
      * src/libvirt_private.syms (virHexToBin): Add.
      * src/.gitignore: Ignore temporary file.
      412b62d2
  12. 07 10月, 2010 1 次提交
  13. 25 8月, 2010 1 次提交
  14. 02 8月, 2010 1 次提交
    • L
      Add iptables rule to fixup DHCP response checksum. · fd5b15ff
      Laine Stump 提交于
      This patch attempts to take advantage of a newly added netfilter
      module to correct for a problem with some guest DHCP client
      implementations when used in conjunction with a DHCP server run on the
      host systems with packet checksum offloading enabled.
      
      The problem is that, when the guest uses a RAW socket to read the DHCP
      response packets, the checksum hasn't yet been fixed by the IP stack,
      so it is incorrect.
      
      The fix implemented here is to add a rule to the POSTROUTING chain of
      the mangle table in iptables that fixes up the checksum for packets on
      the virtual network's bridge that are destined for the bootpc port (ie
      "dhcpc", ie port 68) port on the guest.
      
      Only very new versions of iptables will have this support (it will be
      in the next upstream release), so a failure to add this rule only
      results in a warning message. The iptables patch is here:
      
        http://patchwork.ozlabs.org/patch/58525/
      
      A corresponding kernel module patch is also required (the backend of
      the iptables patch) and that will be in the next release of the
      kernel.
      fd5b15ff
  15. 29 7月, 2010 1 次提交
  16. 24 7月, 2010 1 次提交
    • C
      Qemu Monitor API entry point. · 21adf03c
      Chris Lalancette 提交于
      Add the library entry point for the new virDomainQemuMonitorCommand()
      entry point.  Because this is not part of the "normal" libvirt API,
      it gets its own header file, library file, and will eventually
      get its own over-the-wire protocol later in the series.
      
      Changes since v1:
       - Go back to using the virDriver table for qemuDomainMonitorCommand, due to
         linking issues
       - Added versioning information to the libvirt-qemu.so
      
      Changes since v2:
       - None
      
      Changes since v3:
       - Add LGPL header to libvirt-qemu.c
       - Make virLibConnError and virLibDomainError macros instead of function calls
      
      Changes since v4:
       - Move exported symbols to libvirt_qemu.syms
      Signed-off-by: NChris Lalancette <clalance@redhat.com>
      21adf03c
  17. 21 7月, 2010 1 次提交
    • D
      Explicitly represent balloon device in XML and handle PCI address · b2f18635
      Daniel P. Berrange 提交于
      To allow compatibility with older QEMU PCI device slot assignment
      it is necessary to explicitly track the balloon device in the
      XML. This introduces a new device
      
         <memballoon model='virtio|xen'/>
      
      It can also have a PCI address, auto-assigned if necessary.
      
      The memballoon will be automatically added to all Xen and QEMU
      guests by default.
      
      * docs/schemas/domain.rng: Add <memballoon> element
      * src/conf/domain_conf.c, src/conf/domain_conf.h: parsing
        and formatting for memballoon device. Always add a memory
        balloon device to Xen/QEMU if none exists in XML
      * src/libvirt_private.syms: Export memballoon model APIs
      * src/qemu/qemu_conf.c, src/qemu/qemu_conf.h: Honour the
        PCI device address in memory balloon device
      * tests/*: Update to test new functionality
      b2f18635
  18. 20 7月, 2010 1 次提交
    • D
      Add an API for iterating over disk paths · 9d0a630f
      Daniel P. Berrange 提交于
      There is duplicated code which iterates over disk backing stores
      performing some action. Provide a convenient helper for doing
      this to eliminate duplication & risk of mistakes with disk format
      probing
      
      * src/conf/domain_conf.c, src/conf/domain_conf.h,
        src/libvirt_private.syms: Add virDomainDiskDefForeachPath()
      9d0a630f
  19. 19 7月, 2010 1 次提交
    • D
      Refactor virStorageFileGetMetadataFromFD to separate functionality · c70cb0f4
      Daniel P. Berrange 提交于
      The virStorageFileGetMetadataFromFD did two jobs in one. First
      it probed for storage type, then it extracted metadata for the
      type. It is desirable to be able to separate these jobs, allowing
      probing without querying metadata, and querying metadata without
      probing.
      
      To prepare for this, split out probing code into a new pair of
      methods
      
        virStorageFileProbeFormatFromFD
        virStorageFileProbeFormat
      
      * src/util/storage_file.c, src/util/storage_file.h,
        src/libvirt_private.syms: Introduce virStorageFileProbeFormat
        and virStorageFileProbeFormatFromFD
      c70cb0f4
  20. 25 6月, 2010 1 次提交
    • D
      Add API for iterating over all character devices · bf1f3f7a
      Daniel P. Berrange 提交于
      The parallel, serial, console and channel devices are all just
      character devices. A lot of code needs todo the same thing to
      all these devices. This provides an convenient API for iterating
      over all of them.
      
      * src/conf/domain_conf.c, src/conf/domain_conf.c,
        src/libvirt_private.syms: Add virDomainChrDefForeach
      bf1f3f7a
  21. 22 6月, 2010 1 次提交
    • S
      nwfilter: fix loadable module support · cab5a52a
      Stefan Berger 提交于
      Following Daniel Berrange's multiple helpful suggestions for improving
      this patch and introducing another driver interface, I now wrote the
      below patch where the nwfilter driver registers the functions to
      instantiate and teardown the nwfilters with a function in
      conf/domain_nwfilter.c called virDomainConfNWFilterRegister. Previous
      helper functions that were called from qemu_driver.c and qemu_conf.c
      were move into conf/domain_nwfilter.h with slight renaming done for
      consistency. Those functions now call the function expored by
      domain_nwfilter.c, which in turn call the functions of the new driver
      interface, if available.
      cab5a52a
  22. 08 6月, 2010 2 次提交
    • D
      Network duplicate UUID/name checking · 3bb37439
      Daniel P. Berrange 提交于
      The network driver is not doing correct checking for
      duplicate UUID/name values. This introduces a new method
      virNetworkObjIsDuplicate, based on the previously
      written virDomainObjIsDuplicate.
      
      * src/conf/network_conf.c, src/conf/network_conf.c,
        src/libvirt_private.syms: Add virNetworkObjIsDuplicate,
      * src/network/bridge_driver.c: Call virNetworkObjIsDuplicate
        for checking uniqueness of uuid/names
      3bb37439
    • D
      Storage pool duplicate UUID/name checking · e9364d9f
      Daniel P. Berrange 提交于
      The storage pool driver is not doing correct checking for
      duplicate UUID/name values. This introduces a new method
      virStoragePoolObjIsDuplicate, based on the previously
      written virDomainObjIsDuplicate.
      
      * src/conf/storage_conf.c, src/conf/storage_conf.c,
        src/libvirt_private.syms: Add virStoragePoolObjIsDuplicate,
      * src/storage/storage_driver.c: Call virStoragePoolObjIsDuplicate
        for checking uniqueness of uuid/names
      e9364d9f
  23. 03 6月, 2010 1 次提交
    • S
      add 802.1Qbh and 802.1Qbg handling · ca3b22bb
      Stefan Berger 提交于
      This patch that adds support for configuring 802.1Qbg and 802.1Qbh
      switches. The 802.1Qbh part has been successfully tested with real
      hardware. The 802.1Qbg part has only been tested with a (dummy)
      server that 'behaves' similarly to how we expect lldpad to 'behave'.
      
      The following changes were made during the development of this patch:
      
       - Merging Scott's v13-pre1 patch
       - Fixing endptr related bug while using virStrToLong_ui() pointed out
         by Jim Meyering
       - Addressing Jim Meyering's comments to v11
       - requiring mac address to the vpDisassociateProfileId() function to
         pass it further to the 802.1Qbg disassociate part (802.1Qbh untouched)
       - determining pid of lldpad daemon by reading it from /var/run/libvirt.pid
         (hardcode as is hardcode alson in lldpad sources)
       - merging netlink send code for kernel target and user space target
         (lldpad) using one function nlComm() to send the messages
       - adding a select() after the sending and before the reading of the
         netlink response in case lldpad doesn't respond and so we don't hang
       - when reading the port status, in case of 802.1Qbg, no status may be
         received while things are 'in progress' and only at the end a status
         will be there.
       - when reading the port status, use the given instanceId and vf to pick
         the right IFLA_VF_PORT among those nested under IFLA_VF_PORTS.
       - never sending nor parsing IFLA_PORT_SELF type of messages in the
         802.1Qbg case
       - iterating over the elements in a IFLA_VF_PORTS to pick the right
         IFLA_VF_PORT by either IFLA_PORT_PROFILE and given profileId
         (802.1Qbh) or IFLA_PORT_INSTANCE_UUID and given instanceId (802.1Qbg)
         and reading the current status in IFLA_PORT_RESPONSE.
       - recycling a previous patch that adds functionality to interface.c to
         - get the vlan identifier on an interface
         - get the flags of an interface and some convenience function to
           check whether an interface is 'up' or not (not currently used here)
       - adding function to determine the root physical interface of an
         interface. For example if a macvtap is linked to eth0.100, it will
         find eth0. Also adding a function that finds the vlan on the 'way to
         the root physical interface'
       - conveying the root physical interface name and index in case of 802.1Qbg
       - conveying mac address of macvlan device and vlan identifier in
         IFLA_VFINFO_LIST[ IFLA_VF_INFO[ IFLA_VF_MAC(mac), IFLA_VF_VLAN(vlan) ] ]
         to (future) lldpad via netlink
        - To enable build with --without-macvtap rename the
          [dis|]associatePortProfileId functions, prepend 'vp' before their
          name and make them non-static functions.
        - Renaming variable multicast to nltarget_kernel and inverting
          the logic
        - Addressing Jim Meyering's comments; this also touches existing
          code for example for correcting indentation of break statements or
          simplification of switch statements.
        - Renamed occurrencvirVirtualPortProfileDef to virVirtualPortProfileParamses
        - 802.1Qbg part prepared for sending a RTM_SETLINK and getting
          processing status back plus a subsequent RTM_GETLINK to
          get IFLA_PORT_RESPONSE.
          Note: This interface for 802.1Qbg may still change
        - [David Allan] move getPhysfn inside IFLA_VF_PORT_MAX to avoid
      compiler
          warning when latest if_link.h isn't available
        - move from Stefan's 802.1Qb{g|h} XML v8 to v9
        - move hostuuid and vf index calcs to inside doPortProfileOp8021Qbh
        - remove debug fprintfs
        - use virGetHostUUID (thanks Stefan!)
        - fix compile issue when latest if_link.h isn't available
        - change poll timeout to 10s, at 1/8 intervals
           - if polling times out, log msg and return -ETIMEDOUT
        - Add Stefan's code for getPortProfileStatus
        - Poll for up to 2 secs for port-profile status, at 1/8 sec intervals:
           - if status indicates error, abort openMacvtapTap
           - if status indicates success, exit polling
           - if status is "in-progress" after 2 secs of polling, exit
             polling loop silently, without error
      
      My patch finishes out the 802.1Qbh parts, which Stefan had mostly complete.
      I've tested using the recent kernel updates for VF_PORT netlink msgs and
      enic for Cisco's 10G Ethernet NIC.  I tested many VMs, each with several
      direct interfaces, each configured with a port-profile per the XML.  VM-to-VM,
      and VM-to-external work as expected.  VM-to-VM on same host (using same NIC)
      works same as VM-to-VM where VMs are on diff hosts.  I'm able to change
      settings on the port-profile while the VM is running to change the virtual
      port behaviour.  For example, adjusting a QoS setting like rate limit.  All
      VMs with interfaces using that port-profile immediatly see the effect of the
      change to the port-profile.
      
      I don't have a SR-IOV device to test so source dev is a non-SR-IOV device,
      but most of the code paths include support for specifing the source dev and
      VF index.  We'll need to complete this by discovering the PF given the VF
      linkdev.  Once we have the PF, we'll also have the VF index.  All this info-
      mation is available from sysfs.
      ca3b22bb
  24. 26 5月, 2010 3 次提交
    • C
      Fix failing virGetHostname. · 0117b7da
      Chris Lalancette 提交于
      We've been running into a lot of situations where
      virGetHostname() is returning "localhost", where a plain
      gethostname() would have returned the correct thing.  This
      is because virGetHostname() is *always* trying to canonicalize
      the name returned from gethostname(), even when it doesn't
      have to.
      
      This patch changes virGetHostname so that if the value returned
      from gethostname() is already FQDN or localhost, it returns
      that string directly.  If the value returned from gethostname()
      is a shortened hostname, then we try to canonicalize it.  If
      that succeeds, we returned the canonicalized hostname.  If
      that fails, and/or returns "localhost", then we just return
      the original string we got from gethostname() and hope for
      the best.
      
      Note that after this patch it is up to clients to check whether
      "localhost" is an allowed return value.  The only place
      where it's currently not is in qemu migration.
      Signed-off-by: NChris Lalancette <clalance@redhat.com>
      0117b7da
    • C
      storage: Sanitize pool target paths · a7fb2258
      Cole Robinson 提交于
      Spurious / in a pool target path makes life difficult for apps using the
      GetVolByPath, and doing other path based comparisons with pools. This
      has caused a few issues for virt-manager users:
      
      https://bugzilla.redhat.com/show_bug.cgi?id=494005
      https://bugzilla.redhat.com/show_bug.cgi?id=593565
      
      Add a new util API which removes spurious /, virFileSanitizePath. Sanitize
      target paths when parsing pool XML, and for paths passed to GetVolByPath.
      
      v2: Leading // must be preserved, properly sanitize path=/, sanitize
          away /./ -> /
      
      v3: Properly handle starting ./ and ending /.
      
      v4: Drop all '.' handling, just sanitize / for now.
      a7fb2258
    • D
      Expose a host UUID in the capabilities XML · 60881161
      Daniel P. Berrange 提交于
      Allow for a host UUID in the capabilities XML. Local drivers
      will initialize this from the SMBIOS data. If a sanity check
      shows SMBIOS uuid is invalid, allow an override from the
      libvirtd.conf configuration file
      
      * daemon/libvirtd.c, daemon/libvirtd.conf: Support a host_uuid
        configuration option
      * docs/schemas/capability.rng: Add optional host uuid field
      * src/conf/capabilities.c, src/conf/capabilities.h: Include
        host UUID in XML
      * src/libvirt_private.syms: Export new uuid.h functions
      * src/lxc/lxc_conf.c, src/qemu/qemu_driver.c,
        src/uml/uml_conf.c: Set host UUID in capabilities
      * src/util/uuid.c, src/util/uuid.h: Support for host UUIDs
      * src/node_device/node_device_udev.c: Use the host UUID functions
      * tests/confdata/libvirtd.conf, tests/confdata/libvirtd.out: Add
        new host_uuid config option to test
      60881161
  25. 22 5月, 2010 1 次提交
    • J
      Add simple bitmap operations to utils · 2f32d7af
      Jim Fehlig 提交于
      V2:
        - Move bitmap impl to src/util/bitmap.[ch]
        - Use CHAR_BIT instead of explicit '8'
        - Use size_t instead of unsigned int
        - Fix calculation of bitmap size in virBitmapAlloc
        - Ensure bit is within range of map in the set, clear, and get
          operations
        - Use bool in virBitmapGetBit
        - Add virBitmapFree to free-like funcs in cfg.mk
      
      V3:
        - Check for overflow in virBitmapAlloc
        - Fix copy and paste bug in virBitmapAlloc
        - Use size_t in prototypes
        - Add ATTRIBUTE_NONNULL in prototypes where appropriate
          and remove NULL check from impl
      
      V4:
        - Add ATTRIBUTE_RETURN_CHECK in prototypes where appropriate.
      2f32d7af
  26. 21 5月, 2010 1 次提交
  27. 14 5月, 2010 1 次提交
    • D
      Don't reset user/group/security label on shared filesystems during migrate · 02ddaddf
      Daniel P. Berrange 提交于
      When QEMU runs with its disk on NFS, and as a non-root user, the
      disk is chownd to that non-root user. When migration completes
      the last step is shutting down the QEMU on the source host. THis
      normally resets user/group/security label. This is bad when the
      VM was just migrated because the file is still in use on the dest
      host. It is thus neccessary to skip the reset step for any files
      found to be on a shared filesystem
      
      * src/libvirt_private.syms: Export virStorageFileIsSharedFS
      * src/util/storage_file.c, src/util/storage_file.h: Add a new
        method virStorageFileIsSharedFS() to determine if a file is
        on a shared filesystem (NFS, GFS, OCFS2, etc)
      * src/qemu/qemu_driver.c: Tell security driver not to reset
        disk labels on migration completion
      * src/qemu/qemu_security_dac.c, src/qemu/qemu_security_stacked.c,
        src/security/security_selinux.c, src/security/security_driver.h,
        src/security/security_apparmor.c: Add ability to skip disk
        restore step for files on shared filesystems.
      02ddaddf
  28. 30 4月, 2010 1 次提交
    • D
      Add support for another explicit IO error event · 34dcbbb4
      Daniel P. Berrange 提交于
      This introduces a new event type
      
         VIR_DOMAIN_EVENT_ID_IO_ERROR_REASON
      
      This event is the same as the previous VIR_DOMAIN_ID_IO_ERROR
      event, but also includes a string describing the cause of
      the event.
      
      Thus there is a new callback definition for this event type
      
      typedef void (*virConnectDomainEventIOErrorReasonCallback)(virConnectPtr conn,
                                                                 virDomainPtr dom,
                                                                 const char *srcPath,
                                                                 const char *devAlias,
                                                                 int action,
                                                                 const char *reason,
                                                                 void *opaque);
      
      This is currently wired up to the QEMU block IO error events
      
      * daemon/remote.c: Dispatch IO error events to client
      * examples/domain-events/events-c/event-test.c: Watch for
        IO error events
      * include/libvirt/libvirt.h.in: Define new IO error event ID
        and callback signature
      * src/conf/domain_event.c, src/conf/domain_event.h,
        src/libvirt_private.syms: Extend API to handle IO error events
      * src/qemu/qemu_driver.c: Connect to the QEMU monitor event
        for block IO errors and emit a libvirt IO error event
      * src/remote/remote_driver.c: Receive and dispatch IO error
        events to application
      * src/remote/remote_protocol.x: Wire protocol definition for
        IO error events
      * src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
        src/qemu/qemu_monitor_json.c: Watch for BLOCK_IO_ERROR event
        from QEMU monitor
      34dcbbb4
  29. 26 4月, 2010 1 次提交
    • S
      Add build support for dnsmasq module · 51d203c6
      Satoru SATOH 提交于
      * po/POTFILES.in: the new module contains translatable strings
      * src/Makefile.am: include the files in the utils set
      * src/libvirt_private.syms: exports the symbols internally
      51d203c6
  30. 24 4月, 2010 1 次提交
  31. 13 4月, 2010 1 次提交
    • S
      Consolidate interface related functions in interface.c · 5174b02f
      Stefan Berger 提交于
      Changes from v1 to v2:
      - changed function name prefixes to 'iface' from previous 'Iface'
      
      - Further to make make syntax-check pass:
       - indentation fix in interface.h
       - added entry to POTFILES.in
      
      I am consolidating network interface related functions used in nwfilter
      and macvtap code in utils/interface.c. All function names are prefixed
      with 'Iface'. The following functions are now available through
      interface.h:
      
      int ifaceCtrl(const char *name, bool up);
      int ifaceUp(const char *name);
      int ifaceDown(const char *name);
      
      int ifaceCheck(bool reportError, const char *ifname,
                     const unsigned char *macaddr, int ifindex);
      
      int ifaceGetIndex(bool reportError, const char *ifname, int *ifindex);
      
      I added 'int ifindex' as parameter to ifaceCheck to the original
      function and modified the code accordingly.
      5174b02f
  32. 09 4月, 2010 1 次提交
  33. 08 4月, 2010 1 次提交
    • S
      nwfilter: Support for learning a VM's IP address · 3bf24abc
      Stefan Berger 提交于
      This patch implements support for learning a VM's IP address. It uses
      the pcap library to listen on the VM's backend network interface (tap)
      or the physical ethernet device (macvtap) and tries to capture packets
      with source or destination MAC address of the VM and learn from DHCP
      Offers, ARP traffic, or first-sent IPv4 packet what the IP address of
      the VM's interface is. This then allows to instantiate the network
      traffic filtering rules without the user having to provide the IP
      parameter somewhere in the filter description or in the interface
      description as a parameter. This only supports to detect the parameter
      IP, which is for the assumed single IPv4 address of a VM. There is not
      support for interfaces that may have multiple  IP addresses (IP
      aliasing) or IPv6 that may then require more than one valid IP address
      to be detected. A VM can have multiple independent interfaces that each
      uses a different IP address and in that case it will be attempted to
      detect each one of the address independently.
      
      So, when for example an interface description in the domain XML has
      looked like this up to now:
      
          <interface type='bridge'>
            <source bridge='mybridge'/>
            <model type='virtio'/>
            <filterref filter='clean-traffic'>
              <parameter name='IP' value='10.2.3.4'/>
            </filterref>
          </interface>
      
      you may omit the IP parameter:
      
          <interface type='bridge'>
            <source bridge='mybridge'/>
            <model type='virtio'/>
            <filterref filter='clean-traffic'/>
          </interface>
      
      Internally I am walking the 'tree' of a VM's referenced network filters
      and determine with the given variables which variables are missing. Now,
      the above IP parameter may be missing and this causes a libvirt-internal
      thread to be started that uses the pcap library's API to listen to the
      backend interface  (in case of macvtap to the physical interface) in an
      attempt to determine the missing IP parameter. If the backend interface
      disappears the thread terminates assuming the VM was brought down. In
      case of a macvtap device a timeout is being used to wait for packets
      from the given VM (filtering by VM's interface MAC address). If the VM's
      macvtap device disappeared the thread also terminates. In all other
      cases it tries to determine the IP address of the VM and will then apply
      the rules late on the given interface, which would have happened
      immediately if the IP parameter had been explicitly given. In case an
      error happens while the firewall rules are applied, the VM's backend
      interface is 'down'ed preventing it to communicate. Reasons for failure
      for applying the network firewall rules may that an ebtables/iptables
      command failes or OOM errors. Essentially the same failure reasons may
      occur as when the firewall rules are applied immediately on VM start,
      except that due to the late application of the filtering rules the VM
      now is already running and cannot be hindered anymore from starting.
      Bringing down the whole VM would probably be considered too drastic.
      While a VM's IP address is attempted to be determined only limited
      updates to network filters are allowed. In particular it is prevented
      that filters are modified in such a way that they would introduce new
      variables.
      
      A caveat: The algorithm does not know which one is the appropriate IP
      address of a VM. If the VM spoofs an IP address in its first ARP traffic
      or IPv4 packets its filtering rules will be instantiated for this IP
      address, thus 'locking' it to the found IP address. So, it's still
      'safer' to explicitly provide the IP address of a VM's interface in the
      filter description if it is known beforehand.
      
      * configure.ac: detect libpcap
      * libvirt.spec.in: require libpcap[-devel] if qemu is built
      * src/internal.h: add the new ATTRIBUTE_PACKED define
      * src/Makefile.am src/libvirt_private.syms: add the new modules and symbols
      * src/nwfilter/nwfilter_learnipaddr.[ch]: new module being added
      * src/nwfilter/nwfilter_driver.c src/conf/nwfilter_conf.[ch]
        src/nwfilter/nwfilter_ebiptables_driver.[ch]
        src/nwfilter/nwfilter_gentech_driver.[ch]: plu the new functionality in
      * tests/nwfilterxml2xmltest: extend testing
      3bf24abc