You need to sign in or sign up before continuing.
- 09 5月, 2016 1 次提交
-
-
由 Peter Krempa 提交于
Extract the relevant parts of the existing checker and reuse them for blockcopy since copying to a non-block device creates an invalid configuration. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1209802
-
- 06 5月, 2016 3 次提交
-
-
由 John Ferlan 提交于
Add the data structure and infrastructure to support an initialization vector (IV) secrets. The IV secret generation will need to have access to the domain private master key, so let's make sure the prepare disk and hostdev functions can accept that now. Anywhere that needs to make a decision over which secret type to use in order to fill in or use the IV secret has a switch added. Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
-
由 John Ferlan 提交于
A recent review of related changes noted that we should split the creation (or generation) of the master key into the qemuProcessPrepareDomain and leave the writing of the master key for qemuProcessPrepareHost. Made the adjustment and modified some comments to functions that have changed calling parameters, but didn't change the intro doc. Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
-
由 John Ferlan 提交于
From a review after push, add the "_TYPE" into the name. Also use qemuDomainSecretInfoType in the struct rather than int with the comment field containing the struct name Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
-
- 03 5月, 2016 1 次提交
-
-
由 Ján Tomko 提交于
Use it everywhere except for virQEMUCapsFillDomainFeatureGICCaps.
-
- 02 5月, 2016 4 次提交
-
-
由 John Ferlan 提交于
Similar to the qemuDomainSecretDiskPrepare, generate the secret for the Hostdev's prior to call qemuProcessLaunch which calls qemuBuildCommandLine. Additionally, since the secret is not longer added as part of building the command, the hotplug code will need to make the call to add the secret in the hostdevPriv. Since this then is the last requirement to pass a virConnectPtr to qemuBuildCommandLine, we now can remove that as part of these changes. That removal has cascading effects through various callers. Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
-
由 John Ferlan 提交于
Modeled after the qemuDomainDiskPrivatePtr logic, create a privateData pointer in the _virDomainHostdevDef to allow storage of private data for a hypervisor in order to at least temporarily store auth/secrets data for usage during qemuBuildCommandLine. NB: Since the qemu_parse_command (qemuParseCommandLine) code is not expecting to restore the auth/secret data, there's no need to add code to handle this new structure there. Updated copyrights for modules touched. Some didn't have updates in a couple years even though changes have been made. Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
-
由 John Ferlan 提交于
Rather than needing to pass the conn parameter to various command line building API's, add qemuDomainSecretPrepare just prior to the qemuProcessLaunch which calls qemuBuilCommandLine. The function must be called after qemuProcessPrepareHost since it's expected to eventually need the domain masterKey generated during the prepare host call. Additionally, future patches may require device aliases (assigned during the prepare domain call) in order to associate the secret objects. The qemuDomainSecretDestroy is called after the qemuProcessLaunch finishes in order to clear and free memory used by the secrets that were recently prepared, so they are not kept around in memory too long. Placing the setup here is beneficial for future patches which will need the domain masterKey in order to generate an encrypted secret along with an initialization vector to be saved and passed (since the masterKey shouldn't be passed around). Finally, since the secret is not added during command line build, the hotplug code will need to get the secret into the private disk data. Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
-
由 John Ferlan 提交于
Introduce a new private structure to hold qemu domain auth/secret data. This will be stored in the qemuDomainDiskPrivate as a means to store the auth and fetched secret data rather than generating during building of the command line. The initial changes will handle the current username and secret values for rbd and iscsi disks (in their various forms). The rbd secret is stored as a base64 encoded value, while the iscsi secret is stored as a plain text value. Future changes will store encoded/encrypted secret data as well as an initialization vector needed to be given to qemu in order to decrypt the encoded password along with the domain masterKey. The inital assumption will be that VIR_DOMAIN_SECRET_INFO_PLAIN is being used. Although it's expected that the cleanup of the secret data will be done immediately after command line generation, reintroduce the object dispose function qemuDomainDiskPrivateDispose to handle removing memory associated with the structure for "normal" cleanup paths. Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
-
- 16 4月, 2016 1 次提交
-
-
由 Martin Kletzander 提交于
When creating the master key, we used mode 0600 (which we should) but because we were creating it as root, the file is not readable by any qemu running as non-root. Fortunately, it's just a matter of labelling the file. We are generating the file path few times already, so let's label it in the same function that has access to the path already. Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
-
- 13 4月, 2016 2 次提交
-
-
由 Peter Krempa 提交于
Similarly to the DEVICE_DELETED event we will be able to tell when unplug of certain device types will be rejected by the guest OS. Wire up the device deletion signalling code to allow handling this.
-
由 Peter Krempa 提交于
No need to keep two separate conditions. A slight juggling of return values is needed to accomodate virDomainObjWaitUntil.
-
- 07 4月, 2016 1 次提交
-
-
由 John Ferlan 提交于
Add a masterKey and masterKeyLen to _qemuDomainObjPrivate to store a random domain master key and its length in order to support the ability to encrypt/decrypt sensitive data shared between libvirt and qemu. The key will be base64 encoded and written to a file to be used by the command line building code to share with qemu. New API's from this patch: qemuDomainGetMasterKeyFilePath: Return a path to where the key is located qemuDomainWriteMasterKeyFile: (private) Open (create/trunc) the masterKey path and write the masterKey qemuDomainMasterKeyReadFile: Using the master key path, open/read the file, and store the masterKey and masterKeyLen. Expected use only from qemuProcessReconnect qemuDomainGenerateRandomKey: (private) Generate a random key using available algorithms The key is generated either from the gnutls_rnd function if it exists or a less cryptographically strong mechanism using virGenerateRandomBytes qemuDomainMasterKeyRemove: Remove traces of the master key, remove the *KeyFilePath qemuDomainMasterKeyCreate: Generate the domain master key and save the key in the location returned by qemuDomainGetMasterKeyFilePath. This API will first ensure the QEMU_CAPS_OBJECT_SECRET is set in the capabilities. If not, then there's no need to generate the secret or file. The creation of the key will be attempted from qemuProcessPrepareHost once the libDir directory structure exists. The removal of the key will handled from qemuProcessStop just prior to deleting the libDir tree. Since the key will not be written out to the domain object XML file, the qemuProcessReconnect will read the saved file and restore the masterKey and masterKeyLen.
-
- 04 4月, 2016 2 次提交
-
-
由 Martin Kletzander 提交于
The paths have the domain ID in them. Without cleaning them, they would contain the same ID even after multiple restarts. That could cause various problems, e.g. with access. Add function qemuDomainClearPrivatePaths() for this as a counterpart of qemuDomainSetPrivatePaths(). Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
-
由 Martin Kletzander 提交于
Since commit 9dca74ee, the function can take driver and a vm, no need to overcomplicate. Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
-
- 29 3月, 2016 3 次提交
-
-
由 Peter Krempa 提交于
Move the function to qemu_domain.c and export them for further use.
-
由 Peter Krempa 提交于
The function has terrible semantics. Split it into two functions.
-
由 Qiaowei Ren 提交于
This patch implement the internal driver API for perf event into qemu driver. Signed-off-by: NQiaowei Ren <qiaowei.ren@intel.com> Message-id: 1459171833-26416-5-git-send-email-qiaowei.ren@intel.com
-
- 21 3月, 2016 1 次提交
-
-
由 Cristian Klein 提交于
Signed-off-by: NCristian Klein <cristiklein@gmail.com> Signed-off-by: NJiri Denemark <jdenemar@redhat.com>
-
- 10 3月, 2016 1 次提交
-
-
由 Daniel P. Berrange 提交于
If use of virtlogd is enabled, then use it for backing the character device log files too. This avoids the possibility of a guest denial of service by writing too much data to the log file.
-
- 08 3月, 2016 2 次提交
-
-
由 Jiri Denemark 提交于
Signed-off-by: NJiri Denemark <jdenemar@redhat.com>
-
由 Jiri Denemark 提交于
With a very old QEMU which doesn't support events we need to explicitly call qemuMigrationSetOffline at the end of migration to update our internal state. On the other hand, if we talk to QEMU using QMP, we should just wait for the STOP event and let the event handler update the state and trigger a libvirt event. Signed-off-by: NJiri Denemark <jdenemar@redhat.com>
-
- 01 3月, 2016 2 次提交
-
-
由 Jiri Denemark 提交于
When SPICE graphics is configured for a domain but we did not ask the client to switch to the destination, we should not wait for SPICE_MIGRATE_COMPLETED event (which will never come). https://bugzilla.redhat.com/show_bug.cgi?id=1151723Signed-off-by: NJiri Denemark <jdenemar@redhat.com>
-
由 Martin Kletzander 提交于
Per-domain directories were introduced in order to be able to completely separate security labels for each domain (commit f1f68ca3). However when the domain name is long (let's say a ridiculous 110 characters), we cannot connect to the monitor socket because on length of UNIX socket address is limited. In order to get around this, let's shorten it in similar fashion and in order to avoid conflicts, throw in an ID there as well. Also save that into the status XML and load the old status XMLs properly (to clean up after older domains). That way we can change it in the future. The shortening can be seen in qemuxml2argv tests, for example in the hugepages-pages2 case. Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
-
- 19 2月, 2016 2 次提交
-
-
由 Jiri Denemark 提交于
Stopping a domain without a job risks a race condition with another thread which started a job a which does not expect anyone else to be messing around with the same domain object. Signed-off-by: NJiri Denemark <jdenemar@redhat.com>
-
由 Jiri Denemark 提交于
Signed-off-by: NJiri Denemark <jdenemar@redhat.com>
-
- 17 2月, 2016 3 次提交
-
-
由 Erik Skultety 提交于
Our existing virHashForEach method iterates through all items disregarding the fact, that some of the iterators might have actually failed. Errors are usually dispatched through an error element in opaque data which then causes the original caller of virHashForEach to return -1. In that case, virHashForEach could return as soon as one of the iterators fail. This patch changes the iterator return type and adjusts all of its instances accordingly, so the actual refactor of virHashForEach method can be dealt with later. Signed-off-by: NErik Skultety <eskultet@redhat.com>
-
由 John Ferlan 提交于
Move function into qemu_domain.c.
-
由 John Ferlan 提交于
Move qemuDomainSupportsNicdev and qemuDomainSupportsNetdev into qemu_domain.c and expose from there. Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
-
- 05 2月, 2016 2 次提交
-
-
由 Martin Kletzander 提交于
So, systemd-machined has this philosophy that machine names are like hostnames and hence should follow the same rules. But we always allowed international characters in domain names. Thus we need to modify the machine name we are passing to systemd. In order to change some machine names that we will be passing to systemd, we also need to call TerminateMachine at the end of a lifetime of a domain. Even for domains that were started with older libvirt. That can be achieved thanks to virSystemdGetMachineNameByPID(). And because we can change machine names, we can get rid of the inconsistent and pointless escaping of domain names when creating machine names. So this patch modifies the naming in the following way. It creates the name as <drivername>-<id>-<name> where invalid hostname characters are stripped out of the name and if the resulting name is longer, it truncates it to 64 characters. That way we can start domains we couldn't start before. Well, at least on systemd. To make it work all together, the machineName (which is needed only with systemd) is saved in domain's private data. That way the generation is moved to the driver and we don't need to pass various unnecessary arguments to cgroup functions. The only thing this complicates a bit is the scope generation when validating a cgroup where we must check both old and new naming, so a slight modification was needed there. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1282846Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
-
由 Joao Martins 提交于
The virDomainSnapshotDefFormat calls into virDomainDefFormat, so should be providing a non-NULL virCapsPtr instance. On the qemu driver we change qemuDomainSnapshotWriteMetadata to also include caps since it calls virDomainSnapshotDefFormat. Signed-off-by: NJoao Martins <joao.m.martins@oracle.com>
-
- 03 2月, 2016 1 次提交
-
-
由 Peter Krempa 提交于
Future patches will tweak and reuse the function in different places so move it separately first.
-
- 12 1月, 2016 1 次提交
-
-
由 Michal Privoznik 提交于
While this is no functional change, whole channel definition is going to be needed very soon. Moreover, while touching this obey const correctness rule in qemuAgentOpen() - so far it was passed regular pointer to channel config even though the function is expected to not change pointee at all. Pass const pointer instead. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 09 1月, 2016 1 次提交
-
-
由 Jiri Denemark 提交于
The structure actually contains migration statistics rather than just the status as the name suggests. Renaming it as qemuMonitorMigrationStats removes the confusion. Signed-off-by: NJiri Denemark <jdenemar@redhat.com>
-
- 17 12月, 2015 2 次提交
-
-
由 Andrea Bolognani 提交于
MemLock is already used in other modules and, while still an abbreviation, is not ambiguous.
-
由 Andrea Bolognani 提交于
This function detects whether a domain needs RLIMIT_MEMLOCK to be set, and if so, uses an appropriate value.
-
- 09 12月, 2015 3 次提交
-
-
由 Peter Krempa 提交于
Instead of directly accessing the array add a helper to do this.
-
由 Peter Krempa 提交于
Add qemuDomainHasVCpuPids to do the checking and replace in place checks with it. We no longer need checking whether the thread contains fake data (vcpupids[0] == vm->pid) as in b07f3d82 and 65686e5a this was removed.
-
由 Peter Krempa 提交于
As in commit 88dc7e0c, the helper can be used in cases where the function actually does not access anyting in the private data besides the agent.
-
- 26 11月, 2015 1 次提交
-
-
由 Daniel P. Berrange 提交于
Currently the QEMU monitor is given an FD to the logfile. This won't work in the future with virtlogd, so it needs to use the qemuDomainLogContextPtr instead, but it shouldn't directly access that object either. So define a callback that the monitor can use for reporting errors from the log file. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-