1. 11 2月, 2014 3 次提交
  2. 10 2月, 2014 5 次提交
    • P
      qemu: Use correct permissions when determining the image chain · 9bf629ab
      Peter Krempa 提交于
      The code took into account only the global permissions. The domains now
      support per-vm DAC labels and per-image DAC labels. Use the most
      specific label available.
      9bf629ab
    • M
      networkStartNetwork: Be more verbose · e209c077
      Michal Privoznik 提交于
      The lack of debug printings might be frustrating in the future.
      Moreover, this function doesn't follow the usual pattern we have in the
      rest of the code:
      
        int ret = -1;
        /* do some work */
        ret = 0;
      cleanup:
        /* some cleanup work */
        return ret;
      Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
      e209c077
    • P
      qemu: hyperv: Add support for timer enlightenments · 600bca59
      Peter Krempa 提交于
      Add a new <timer> for the HyperV reference time counter enlightenment
      and the iTSC reference page for Windows guests.
      
      This feature provides a paravirtual approach to track timer events for
      the guest (similar to kvmclock) with the option to use real hardware
      clock on systems with a iTSC with compensation across various hosts.
      600bca59
    • P
      conf: Enforce supported options for certain timers · 8ffaa42d
      Peter Krempa 提交于
      According to the documentation various timer options are only supported
      by certain timer types. Add a post parse check to verify that the user
      didn't specify invalid options.
      
      Also fix the qemu command line parsing function to set correct default
      values for the kvmclock timer so that it passes the new check.
      8ffaa42d
    • P
      schema: Fix guest timer specification schema according to the docs · bbd392ff
      Peter Krempa 提交于
      According to the documentation describing various tunables for domain
      timers not all the fields are supported by all the driver types. Express
      these in the RNG:
      
      - rtc, platform: Only these support the "track" attribute.
      - tsc: only one to support "frequency" and "mode" attributes
      - hpet, pit: tickpolicy/catchup attribute/element
      - kvmclock: no extra attributes are supported
      
      Additionally the attributes of the <catchup> element for
      tickpolicy='catchup' are optional according to the parsing code. Express
      this in the XML and fix a spurious space added while formatting the
      <catchup> element and add tests for it.
      bbd392ff
  3. 08 2月, 2014 1 次提交
  4. 07 2月, 2014 11 次提交
    • J
      virpci: Resolve coverity issues · b60644f3
      John Ferlan 提交于
      Coverity complains about "USE_AFTER_FREE" due to how virPCIDeviceSetStubDriver
      "could" return either -1, 0, or 1 from the VIR_STRDUP() and then possibly makes
      a call to virPCIDeviceDetach().
      
      The only way this could happen is if NULL were passed as the "driver" name
      and virStrdup() returned 0.  Since the calling functions check < 0 on the
      initial function call, the 0 possibility causes Coverity to complain.
      
      To fix this - enforce that the second parameter is not NULL using
      ATTRIBUTE_NONNULL(2) for the function prototype, then in virPCIDeviceDetach
      add an sa_assert(dev->stubDriver). This will result in Coverity not complaining
      any more.
      b60644f3
    • C
      Add glusterfs to VIR_CONNECT_LIST_STORAGE_POOLS_FILTERS_POOL_TYPE · f336b1cc
      Christophe Fergeau 提交于
      If it's not present in this list, we won't be able to get only
      glusterfs pools when using virConnectListAllStoragePools.
      f336b1cc
    • C
      build-sys: Removed unused variable from configure.ac · 1b9c6739
      Christophe Fergeau 提交于
      LIBGLUSTER_LIBS is emptied before gluster is enabled/disabled, but nothing
      else sets/uses this variable, so it can be removed.
      1b9c6739
    • M
      qemu: keep pre-migration domain state after failed migration · 440a1aa5
      Martin Kletzander 提交于
      Couple of codepaths shared the same code which can be moved out to a
      function and on one of such places, qemuMigrationConfirmPhase(), the
      domain was resumed even if it wasn't running before the migration
      started.
      
      Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1057407Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
      440a1aa5
    • J
      libxl: remove unneeded locking of driver when restoring · 630b6456
      Jim Fehlig 提交于
      libxlDomainRestoreFlags acquires the driver lock while reading the
      domain config from the save file and adding it to
      libxlDriverPrivatePtr->domains.  But virDomainObjList provides
      self-locking APIs, so remove the needless driver locking.
      Signed-off-by: NJim Fehlig <jfehlig@suse.com>
      630b6456
    • J
      libxl: improve subprocess handling · 778067e1
      Jim Fehlig 提交于
      If available, let libxl handle reaping any children it creates by
      specifying libxl_sigchld_owner_libxl_always_selective_reap.  This
      feature was added to improve subprocess handling in libxl when used
      in an application that does not install a SIGCHLD handler like
      libvirt
      
      http://lists.xen.org/archives/html/xen-devel/2014-01/msg01555.html
      
      Prior to this patch, it is possible to hit asserts in libxl when
      reaping subprocesses, particularly during simultaneous operations
      on multiple domains.  With this patch, and the corresponding changes
      to libxl, I no longer see the asserts.  Note that the libxl changes
      will be included in Xen 4.4.0.  Previous Xen versions will be
      susceptible to hitting the asserts even with this patch applied to
      the libvirt libxl driver.
      Signed-off-by: NJim Fehlig <jfehlig@suse.com>
      778067e1
    • J
      libxl: handle domain shutdown events in a thread · 03b3f894
      Jim Fehlig 提交于
      Handling the domain shutdown event within the event handler seems
      a bit unfair to libxl's event machinery.  Domain "shutdown" could
      take considerable time.  E.g. if the shutdown reason is reboot,
      the domain must be reaped and then started again.
      
      Spawn a shutdown handler thread to do this work, allowing libxl's
      event machinery to go about its business.
      Signed-off-by: NJim Fehlig <jfehlig@suse.com>
      03b3f894
    • J
      libxl: remove list of timer registrations from libxlDomainObjPrivate · eaa8d9b2
      Jim Fehlig 提交于
      Due to some misunderstanding of requirements libxl places on timer
      handling, I introduced the half-brained idea of maintaining a list
      of timeouts that the driver could force to expire before freeing a
      libxlDomainObjPrivate (and hence libxl_ctx).  But testing all
      the latest versions of Xen supported by the libxl driver (4.2.3,
      4.3.1, 4.4.0 RC3), I see that libxl will handle this just fine and
      there is no need to force expiration behind libxl's back.  Indeed it
      may be harmful to do so.
      
      This patch removes the timer list, allowing libxl to handle cleanup
      of its timer registrations.
      Signed-off-by: NJim Fehlig <jfehlig@suse.com>
      eaa8d9b2
    • J
      libxl: fix leaking libxlDomainObjPrivate · cda52dbf
      Jim Fehlig 提交于
      When libxl registers an FD with the libxl driver, the refcnt of the
      associated libxlDomainObjPrivate object is incremented. The refcnt
      is decremented when libxl deregisters the FD.  But some FDs are only
      deregistered when their libxl ctx is freed, which unfortunately is
      done in the libxlDomainObjPrivate dispose function.  With references
      held by the FDs, libxlDomainObjPrivate is never disposed.
      
      I added the ref/unref in FD registration/deregistration when adding
      the same in timer registration/deregistration.  For timers, this
      is a simple approach to ensuring the libxlDomainObjPrivate is not
      disposed prior to their expirtation, which libxl guarantees will
      occur.  It is not needed for FDs, and only causes
      libxlDomainObjPrivate to leak.
      
      This patch removes the reference on libxlDomainObjPrivate for FD
      registrations, but retains them for timer registrations.  Tested on
      the latest releases of Xen supported by the libxl driver:  4.2.3,
      4.3.1, and 4.4.0 RC3.
      Signed-off-by: NJim Fehlig <jfehlig@suse.com>
      cda52dbf
    • M
      qemu_driver: Introduce <filesystem/> support in device attach/detach · 0778fc1a
      Matthieu Coudron 提交于
      This commit allows to attach/detach a <filesystem> device in qemu. For
      this purpose I'm introducing two new functions: virDomainFSInsert() and
      virDomainFSRemove() and adding necessary code in the qemu driver.  It
      compares filesystems based on their "destination" folder. So if two
      filesystems share the same destination, they are considered equal and
      the qemu driver would reject the insertion.
      Signed-off-by: NMatthieu Coudron <mattator@gmail.com>
      0778fc1a
    • M
      virDomainHostdev{Insert,Delete}: Replace VIR_REALLOC_N by VIR_{APPEND,DELETE}_ELEMENT · 8fc98ac8
      Matthieu Coudron 提交于
      With this change the code gets shorter and more readable.
      Signed-off-by: NMatthieu Coudron <mattator@gmail.com>
      8fc98ac8
  5. 06 2月, 2014 11 次提交
  6. 05 2月, 2014 4 次提交
    • E
      event: move event filtering to daemon (regression fix) · 11f20e43
      Eric Blake 提交于
      https://bugzilla.redhat.com/show_bug.cgi?id=1058839
      
      Commit f9f56340 for CVE-2014-0028 almost had the right idea - we
      need to check the ACL rules to filter which events to send.  But
      it overlooked one thing: the event dispatch queue is running in
      the main loop thread, and therefore does not normally have a
      current virIdentityPtr.  But filter checks can be based on current
      identity, so when libvirtd.conf contains access_drivers=["polkit"],
      we ended up rejecting access for EVERY event due to failure to
      look up the current identity, even if it should have been allowed.
      
      Furthermore, even for events that are triggered by API calls, it
      is important to remember that the point of events is that they can
      be copied across multiple connections, which may have separate
      identities and permissions.  So even if events were dispatched
      from a context where we have an identity, we must change to the
      correct identity of the connection that will be receiving the
      event, rather than basing a decision on the context that triggered
      the event, when deciding whether to filter an event to a
      particular connection.
      
      If there were an easy way to get from virConnectPtr to the
      appropriate virIdentityPtr, then object_event.c could adjust the
      identity prior to checking whether to dispatch an event.  But
      setting up that back-reference is a bit invasive.  Instead, it
      is easier to delay the filtering check until lower down the
      stack, at the point where we have direct access to the RPC
      client object that owns an identity.  As such, this patch ends
      up reverting a large portion of the framework of commit f9f56340.
      We also have to teach 'make check' to special-case the fact that
      the event registration filtering is done at the point of dispatch,
      rather than the point of registration.  Note that even though we
      don't actually use virConnectDomainEventRegisterCheckACL (because
      the RegisterAny variant is sufficient), we still generate the
      function for the purposes of documenting that the filtering
      takes place.
      
      Also note that I did not entirely delete the notion of a filter
      from object_event.c; I still plan on using that for my upcoming
      patch series for qemu monitor events in libvirt-qemu.so.  In
      other words, while this patch changes ACL filtering to live in
      remote.c and therefore we have no current client of the filtering
      in object_event.c, the notion of filtering in object_event.c is
      still useful down the road.
      
      * src/check-aclrules.pl: Exempt event registration from having to
      pass checkACL filter down call stack.
      * daemon/remote.c (remoteRelayDomainEventCheckACL)
      (remoteRelayNetworkEventCheckACL): New functions.
      (remoteRelay*Event*): Use new functions.
      * src/conf/domain_event.h (virDomainEventStateRegister)
      (virDomainEventStateRegisterID): Drop unused parameter.
      * src/conf/network_event.h (virNetworkEventStateRegisterID):
      Likewise.
      * src/conf/domain_event.c (virDomainEventFilter): Delete unused
      function.
      * src/conf/network_event.c (virNetworkEventFilter): Likewise.
      * src/libxl/libxl_driver.c: Adjust caller.
      * src/lxc/lxc_driver.c: Likewise.
      * src/network/bridge_driver.c: Likewise.
      * src/qemu/qemu_driver.c: Likewise.
      * src/remote/remote_driver.c: Likewise.
      * src/test/test_driver.c: Likewise.
      * src/uml/uml_driver.c: Likewise.
      * src/vbox/vbox_tmpl.c: Likewise.
      * src/xen/xen_driver.c: Likewise.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      11f20e43
    • E
      rpm: create libvirt-wireshark sub-package · f9ada9f3
      Eric Blake 提交于
      On Fedora 20, with wireshark-devel installed, 'make rpm' failed
      due to installed but unpackaged files related to wireshark.  As
      F20 is already released without wireshark, I chose to add a new
      sub-package that is enabled only for F21 and later.  Furthermore,
      all existing wireshark plugins belong to the wireshark package,
      so I got to invent behavior of how the first third-party wireshark
      module will behave.
      
      * libvirt.spec.in (with_wireshark): Add new conditional.
      * configure.ac (ws-plugindir): Improve wording.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      f9ada9f3
    • L
      network: disallow <bandwidth>/<mac> for bridged/macvtap/hostdev networks · eafb53fe
      Laine Stump 提交于
      https://bugzilla.redhat.com/show_bug.cgi?id=1057321
      
      pointed out that we weren't honoring the <bandwidth> element in
      libvirt networks using <forward mode='bridge'/>. In fact, these
      networks are just a method of giving a libvirt network name to an
      existing Linux host bridge on the system, and libvirt doesn't have
      enough information to know where to set such limits. We are working on
      a method of supporting network bandwidths for some specific cases of
      <forward mode='bridge'/>, but currently libvirt doesn't support it. So
      the proper thing to do now is just log an error when someone tries to
      put a <bandwidth> element in that type of network. (It's unclear if we
      will be able to do proper bandwidth limiting for macvtap networks, and
      most definitely we will not be able to support it for hostdev
      networks).
      
      While looking through the network XML documentation and comparing it
      to the networkValidate function, I noticed that we also ignore the
      presence of a mac address in the config in the same cases, rather than
      failing so that the user will understand that their desired action has
      not been taken.
      
      This patch updates networkValidate() (which is called any time a
      persistent network is defined, or a transient network created) to log
      an error and fail if it finds either a <bandwidth> or <mac> element
      and the network forward mode is anything except 'route'. 'nat', or
      nothing. (Yes, neither of those elements is acceptable for any macvtap
      mode, nor for a hostdev network).
      
      NB: This does *not* cause failure to start any existing network that
      contains one of those elements, so someone might have erroneously
      defined such a network in the past, and that network will continue to
      function unmodified. I considered it too disruptive to suddenly break
      working configs on the next reboot after a libvirt upgrade.
      eafb53fe
    • J
      Fix minor typo in governance doc · a6992f60
      Justin Clift 提交于
      While at it, also relinquish active commit rights:
      [x years between commits] is probably a poster child example of inactivity :)
      Signed-off-by: NEric Blake <eblake@redhat.com>
      a6992f60
  7. 04 2月, 2014 5 次提交
    • J
      Honor blacklist for modprobe command · 19259574
      John Ferlan 提交于
      https://bugzilla.redhat.com/show_bug.cgi?id=1045124
      
      When loading modules, libvirt does not honor the modprobe blacklist.
      Use the new virKModLoad() API in order to attempt load with blacklist check.
      Use the new virKModIsBlacklisted() API to check if the failure to load
      was due to the blacklist
      Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
      19259574
    • J
      tests: Add test for new virkmod functions · 02bf6568
      John Ferlan 提交于
      Adding tests for new virKMod{Config|Load|Unload}() API's.
      
      A test for virKModIsBlacklisted() would require some setup which cannot
      be assumed.
      02bf6568
    • J
      utils: Introduce functions for kernel module manipulation · 4a2179ea
      John Ferlan 提交于
      virKModConfig()        - Return a buffer containing kernel module configuration
      virKModLoad()          - Load a specific module into the kernel configuration
      virKModUnload()        - Unload a specific module from the kernel configuration
      virKModIsBlacklisted() - Determine whether a module is blacklisted within
                               the kernel configuration
      4a2179ea
    • L
      qemu: be sure we're using the updated value of backend during hotplug · 0d0a7bf4
      Laine Stump 提交于
      commit f094aaac changed qemuPrepareHostdevPCIDevices() such that it
      may modify the "backend" (vfio vs. legacy kvm) setting in the
      virHostdevDef. However, qemuDomainAttachHostPciDevice() (used by
      hotplug) copies the backend setting into a local *before* calling
      qemuPrepareHostdevPCIDevices(), and then later makes a decision based
      on that pre-change value.
      
      The result is that, if the backend had been set to "default" (i.e. not
      specified in the config) and was later updated to "VFIO" by
      qemuPrepareHostdevPCIDevices(), the qemu process' MacMemLock is not
      increased (as is required for VFIO device assignment).
      
      This patch delays making the local copy of backend until after its
      potential modification.
      0d0a7bf4
    • D
      Write up the project governance process · e45b0731
      Daniel P. Berrange 提交于
      The project has historically operated as a meritocratic
      consensus based community. Formally document what has
      always been an unwritten assumption amongst the community
      participants. Also include an explicit code of conduct
      to preempt any potential, but unlikely, future problems.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      e45b0731