- 11 3月, 2011 2 次提交
-
-
由 Taku Izumi 提交于
This patch implements the code to address the new API in the qemu driver. Signed-off-by: NTaku Izumi <izumi.taku@jp.fujitsu.com>
-
由 Taku Izumi 提交于
This patch introduces a new libvirt API (virDomainSetMemoryFlags) and a flag (virDomainMemoryModFlags). Signed-off-by: NTaku Izumi <izumi.taku@jp.fujitsu.com>
-
- 10 3月, 2011 16 次提交
-
-
由 Eric Blake 提交于
Opening raw network devices with the intent of passing those fds to qemu is worth an audit point. This makes a multi-part audit: first, we audit the device(s) that libvirt opens on behalf of the MAC address of a to-be-created interface (which can independently succeed or fail), then we audit whether qemu actually started the network device with the same MAC (so searching backwards for successful audits with the same MAC will show which fd(s) qemu is actually using). Note that it is possible for the fd to be successfully opened but no attempt made to pass the fd to qemu (for example, because intermediate nwfilter operations failed) - no interface start audit will occur in that case; so the audit for a successful opened fd does not imply rights given to qemu unless there is a followup audit about the attempt to start a new interface. Likewise, when a network device is hot-unplugged, there is only one audit message about the MAC being discontinued; again, searching back to the earlier device open audits will show which fds that qemu quits using (and yes, I checked via /proc/<qemu-pid>/fd that qemu _does_ close out the fds associated with an interface on hot-unplug). The code would require much more refactoring to be able to definitively state which device(s) were discontinued at that point, since we currently don't record anywhere in the XML whether /dev/vhost-net was opened for a given interface. * src/qemu/qemu_audit.h (qemuAuditNetDevice): New prototype. * src/qemu/qemu_audit.c (qemuAuditNetDevice): New function. * src/qemu/qemu_command.h (qemuNetworkIfaceConnect) (qemuPhysIfaceConnect, qemuOpenVhostNet): Adjust prototype. * src/qemu/qemu_command.c (qemuNetworkIfaceConnect) (qemuPhysIfaceConnect, qemuOpenVhostNet): Add audit points and adjust parameters. (qemuBuildCommandLine): Adjust caller. * src/qemu/qemu_hotplug.c (qemuDomainAttachNetDevice): Likewise.
-
由 Eric Blake 提交于
Since libvirt always passes /dev/net/tun to qemu via fd, we should never trigger the cases where qemu tries to directly open the device. Therefore, it is safer to deny the cgroup device ACL. * src/qemu/qemu_cgroup.c (defaultDeviceACL): Remove /dev/net/tun. * src/qemu/qemu.conf (cgroup_device_acl): Reflect this change.
-
由 Eric Blake 提交于
* src/qemu/qemu_hotplug.c (qemuDomainAttachNetDevice): Honor vhost designations, similar to qemu_command code paths. * src/qemu/qemu_command.h (qemuOpenVhostNet): New prototype. * src/qemu/qemu_command.c (qemuOpenVhostNet): Export.
-
由 Jiri Denemark 提交于
-
由 Jiri Denemark 提交于
-
由 Jiri Denemark 提交于
-
由 Jiri Denemark 提交于
qemu driver in libvirt gained support for creating domain snapshots almost a year ago in libvirt 0.8.0. Since then we enabled QMP support for qemu >= 0.13.0 but QMP equivalents of {save,load,del}vm commands are not implemented in current qemu (0.14.0) so the domain snapshot support is not very useful. This patch detects when the appropriate QMP command is not implemented and tries to use human-monitor-command (aka HMP passthrough) to run it's HMP equivalent.
-
由 Jiri Denemark 提交于
To make it more obvious that it is only used for text monitor. The naming also matches the style of qemuMonitorTextCommandWithFd.
-
由 Jiri Denemark 提交于
So that it's obvious that they are supposed to be used with HMP commands.
-
由 Jiri Denemark 提交于
JSON monitor command implementation can now just directly call text monitor implementation and it will be automatically encapsulated into QMP's human-monitor-command.
-
由 Jiri Denemark 提交于
Some qemu monitor event handlers were issuing inadequate warning when virDomainSaveStatus() failed. They copied the message from I/O error handler without customizing it to provide better information on why virDomainSaveStatus() was called.
-
由 Eric Blake 提交于
* src/qemu/qemu_audit.h (qemuAuditCgroupMajor) (qemuAuditCgroupPath): Add parameter. * src/qemu/qemu_audit.c (qemuAuditCgroupMajor) (qemuAuditCgroupPath): Add 'acl=rwm' to cgroup audit entries. * src/qemu/qemu_cgroup.c: Update clients. * src/qemu/qemu_driver.c (qemudDomainSaveFlag): Likewise.
-
由 Eric Blake 提交于
Adding audit points showed that we were granting too much privilege to qemu; it should not need any mknod rights to recreate any devices. On the other hand, lxc should have all device privileges. The solution is adding a flag parameter. This also lets us restrict write access to read-only disks. * src/util/cgroup.h (virCgroup*Device*): Adjust prototypes. * src/util/cgroup.c (virCgroupAllowDevice) (virCgroupAllowDeviceMajor, virCgroupAllowDevicePath) (virCgroupDenyDevice, virCgroupDenyDeviceMajor) (virCgroupDenyDevicePath): Add parameter. * src/qemu/qemu_driver.c (qemudDomainSaveFlag): Update clients. * src/lxc/lxc_controller.c (lxcSetContainerResources): Likewise. * src/qemu/qemu_cgroup.c: Likewise. (qemuSetupDiskPathAllow): Also, honor read-only disks.
-
由 Eric Blake 提交于
Also add ATTRIBUTE_NONNULL markers. * src/qemu/qemu_audit.h: The pattern qemuDomainXXXAudit is inconsistent; prefer qemuAuditXXX instead. * src/qemu/qemu_audit.c: Reflect the renames. * src/qemu/qemu_driver.c: Likewise. * src/qemu/qemu_hotplug.c: Likewise. * src/qemu/qemu_migration.c: Likewise. * src/qemu/qemu_process.c: Likewise.
-
由 Eric Blake 提交于
Although the cgroup device ACL controller path can be worked out by researching the code, it is more efficient to include that information directly in the audit message. * src/util/cgroup.h (virCgroupPathOfController): New prototype. * src/util/cgroup.c (virCgroupPathOfController): Export. * src/libvirt_private.syms: Likewise. * src/qemu/qemu_audit.c (qemuAuditCgroup): Use it.
-
由 Eric Blake 提交于
Device names can be manipulated, so it is better to also log the major/minor device number corresponding to the cgroup ACL changes that libvirt made. This required some refactoring of the relatively new qemu cgroup audit code. Also, qemuSetupChardevCgroup was only auditing on failure, not success. * src/qemu/qemu_audit.h (qemuDomainCgroupAudit): Delete. (qemuAuditCgroup, qemuAuditCgroupMajor, qemuAuditCgroupPath): New prototypes. * src/qemu/qemu_audit.c (qemuDomainCgroupAudit): Rename... (qemuAuditCgroup): ...and drop a parameter. (qemuAuditCgroupMajor, qemuAuditCgroupPath): New functions, to allow listing device major/minor in audit. (qemuAuditGetRdev): New helper function. * src/qemu/qemu_driver.c (qemudDomainSaveFlag): Adjust callers. * src/qemu/qemu_cgroup.c (qemuSetupDiskPathAllow) (qemuSetupHostUsbDeviceCgroup, qemuSetupCgroup) (qemuTeardownDiskPathDeny): Likewise. (qemuSetupChardevCgroup): Likewise, fixing missing audit.
-
- 09 3月, 2011 3 次提交
-
-
由 Eric Blake 提交于
* src/qemu/qemu_audit.c (qemuDomainHostdevAudit): Avoid use of "type", which has a pre-defined meaning. (qemuDomainCgroupAudit): Likewise, as well as "item".
-
由 Cole Robinson 提交于
virRun gives pretty useful error output, let's not overwrite it unless there is a good reason. Some places were providing more information about what the commands were _attempting_ to do, however that's usually less useful from a debugging POV than what actually happened.
-
由 Hu Tao 提交于
* src/qemu/qemu_driver.c: qemuDomainUpdateDeviceFlags() is not disk specific as the message suggests
-
- 08 3月, 2011 3 次提交
-
-
由 Wen Congyang 提交于
Signed-off-by: NWen Congyang <wency@cn.fujitsu.com>
-
由 Wen Congyang 提交于
The way to detach a USB disk is the same as that to detach a SCSI disk. Rename this function and we can use it to detach a USB disk. Signed-off-by: NWen Congyang <wency@cn.fujitsu.com>
-
由 Cole Robinson 提交于
Currently it sounds like spice is completely unsupported, which is confusing.
-
- 06 3月, 2011 1 次提交
-
-
由 Osier Yang 提交于
For qemu names the primary vga as "qxl-vga": 1) if vram is specified for 2nd qxl device: -vga qxl -global qxl-vga.vram_size=$SIZE \ -device qxl,id=video1,vram_size=$SIZE,... 2) if vram is not specified for 2nd qxl device, (use the default set by global): -vga qxl -global qxl-vga.vram_size=$SIZE \ -device qxl,id=video1,... For qemu names all qxl devices as "qxl": 1) if vram is specified for 2nd qxl device: -vga qxl -global qxl.vram_size=$SIZE \ -device qxl,id=video1,vram_size=$SIZE ... 2) if vram is not specified for 2nd qxl device: -vga qxl -global qxl-vga.vram_size=$SIZE \ -device qxl,id=video1,... "-global" is the only way to define vram_size for the primary qxl device, regardless of how qemu names it, (It's not good a good way, as original idea of "-global" is to set a global default for a driver property, but to specify vram for first qxl device, we have to use it). For other qxl devices, as they are represented by "-device", could specify it directly and seperately for each, and it overrides the default set by "-global" if specified. v1 - v2: * modify "virDomainVideoDefaultRAM" so that it returns 16M as the default vram_size for qxl device. * vram_size * 1024 (qemu accepts bytes for vram_size). * apply default vram_size for qxl device for which vram_size is not specified. * modify "graphics-spice" tests (more sensiable vram_size) * Add an argument of virDomainDefPtr type for qemuBuildVideoDevStr, to use virDomainVideoDefaultRAM in qemuBuildVideoDevStr). v2 - v3: * Modify default video memory size for qxl device from 16M to 24M * Update codes to be consistent with changes on qemu_capabilities.*
-
- 04 3月, 2011 2 次提交
-
-
由 Laine Stump 提交于
This was also found while investigating https://bugzilla.redhat.com/show_bug.cgi?id=670848 An EOF on a domain's monitor socket results in an event being queued to handle the EOF. The handler calls qemuProcessHandleMonitorEOF. If it is a transient domain, this leads to a call to virDomainRemoveInactive, which removes the domain from the driver's hashtable and unref's it. Nowhere in this code is the qemu driver lock acquired. However, all modifications to the driver's domain hashtable *must* be done while holding the driver lock, otherwise the hashtable can become corrupt, and (even more likely) another thread could call a different hashtable function and acquire a pointer to the domain that is in the process of being destroyed. To prevent such a disaster, qemuProcessHandleMonitorEOF must get the qemu driver lock *before* it gets the DomainObj's lock, and hold it until it is finished with the DomainObj. This guarantees that nobody else modifies the hashtable at the same time, and that anyone who had already gotten the DomainObj from the hashtable prior to this call has finished with it before we remove/destroy it.
-
由 Laine Stump 提交于
This was found while researching the root cause of: https://bugzilla.redhat.com/show_bug.cgi?id=670848 virDomainUnref should only be called with the lock held for the virDomainObj in question. However, when a transient qemu domain gets EOF on its monitor socket, it queues an event which frees the monitor, which unref's the virDomainObj without first locking it. If another thread has already locked the virDomainObj, the modification of the refcount could potentially be corrupted. In an extreme case, it could also be potentially unlocked by virDomainObjFree, thus left open to modification by anyone else who would have otherwise waited for the lock (not to mention the fact that they would be accessing freed data!). The solution is to have qemuMonitorFree lock the domain object right before unrefing it. Since the caller to qemuMonitorFree doesn't expect this lock to be held, if the refcount doesn't go all the way to 0, qemuMonitorFree must unlock it after the unref.
-
- 02 3月, 2011 1 次提交
-
-
由 Eric Blake 提交于
qemudDomainSaveImageStartVM was evil - it closed the incoming fd argument on some, but not all, code paths, without informing the caller about that action. No wonder that this resulted in double-closes: https://bugzilla.redhat.com/show_bug.cgi?id=672725 * src/qemu/qemu_driver.c (qemudDomainSaveImageStartVM): Alter signature, to avoid double-close. (qemudDomainRestore, qemudDomainObjRestore): Update callers.
-
- 01 3月, 2011 1 次提交
-
-
由 Eric Blake 提交于
When a SPICE or VNC graphics controller is present, and sound is piggybacked over a channel to the graphics device rather than directly accessing host hardware, then there is no need to grant host hardware access to that qemu process. * src/qemu/qemu_cgroup.c (qemuSetupCgroup): Prevent sound with spice, and with vnc when vnc_allow_host_audio is 0. Reported by Daniel Berrange.
-
- 25 2月, 2011 7 次提交
-
-
由 Daniel P. Berrange 提交于
Relax the restriction that the hash table key must be a string by allowing an arbitrary hash code generator + comparison func to be provided * util/hash.c, util/hash.h: Allow any pointer as a key * internal.h: Include stdbool.h as standard. * conf/domain_conf.c, conf/domain_conf.c, conf/nwfilter_params.c, nwfilter/nwfilter_gentech_driver.c, nwfilter/nwfilter_gentech_driver.h, nwfilter/nwfilter_learnipaddr.c, qemu/qemu_command.c, qemu/qemu_driver.c, qemu/qemu_process.c, uml/uml_driver.c, xen/xm_internal.c: s/char */void */ in hash callbacks
-
由 Daniel P. Berrange 提交于
Since the deallocator is passed into the constructor of a hash table it is not desirable to pass it into each function again. Remove it from all functions, but provide a virHashSteal to allow a item to be removed from a hash table without deleteing it. * src/util/hash.c, src/util/hash.h: Remove deallocator param from all functions. Add virHashSteal * src/libvirt_private.syms: Add virHashSteal * src/conf/domain_conf.c, src/conf/nwfilter_params.c, src/nwfilter/nwfilter_learnipaddr.c, src/qemu/qemu_command.c, src/xen/xm_internal.c: Update for changed hash API
-
由 Eric Blake 提交于
* src/qemu/qemu_audit.h (qemuDomainHostdevAudit): New prototype. * src/qemu/qemu_audit.c (qemuDomainHostdevAudit): New function. (qemuDomainStartAudit): Call as appropriate. * src/qemu/qemu_hotplug.c (qemuDomainAttachHostPciDevice) (qemuDomainAttachHostUsbDevice, qemuDomainDetachHostPciDevice) (qemuDomainDetachHostUsbDevice): Likewise.
-
由 Eric Blake 提交于
* src/qemu/qemu_audit.h (qemuDomainMemoryAudit) (qemuDomainVcpuAudit): New prototypes. * src/qemu/qemu_audit.c (qemuDomainResourceAudit) (qemuDomainMemoryAudit, qemuDomainVcpuAudit): New functions. (qemuDomainStartAudit): Call as appropriate. * src/qemu/qemu_driver.c (qemudDomainSetMemory) (qemudDomainHotplugVcpus): Likewise.
-
由 Eric Blake 提交于
* src/qemu/qemu_audit.h (qemuDomainCgroupAudit): New prototype. * src/qemu/qemu_audit.c (qemuDomainCgroupAudit): Implement it. * src/qemu/qemu_driver.c (qemudDomainSaveFlag): Add audit. * src/qemu/qemu_cgroup.c (qemuSetupDiskPathAllow) (qemuSetupChardevCgroup, qemuSetupHostUsbDeviceCgroup) (qemuSetupCgroup, qemuTeardownDiskPathDeny): Likewise.
-
由 Eric Blake 提交于
* src/qemu/qemu_cgroup.h (struct qemuCgroupData): New helper type. (qemuSetupDiskPathAllow, qemuSetupChardevCgroup) (qemuTeardownDiskPathDeny): Drop unneeded prototypes. (qemuSetupDiskCgroup, qemuTeardownDiskCgroup): Adjust prototype. * src/qemu/qemu_cgroup.c (qemuSetupDiskPathAllow, qemuSetupChardevCgroup) (qemuTeardownDiskPathDeny): Mark static and use new type. (qemuSetupHostUsbDeviceCgroup): Use new type. (qemuSetupDiskCgroup): Alter signature. (qemuSetupCgroup): Adjust caller. * src/qemu/qemu_hotplug.c (qemuDomainAttachHostUsbDevice) (qemuDomainDetachPciDiskDevice, qemuDomainDetachSCSIDiskDevice): Likewise. * src/qemu/qemu_driver.c (qemudDomainAttachDevice) (qemuDomainUpdateDeviceFlags): Likewise.
-
由 Eric Blake 提交于
* src/util/cgroup.c (virCgroupAllowDevicePath) (virCgroupDenyDevicePath): Don't fail with EINVAL for non-devices. * src/qemu/qemu_driver.c (qemudDomainSaveFlag): Update caller. * src/qemu/qemu_cgroup.c (qemuSetupDiskPathAllow) (qemuSetupChardevCgroup, qemuSetupHostUsbDeviceCgroup) (qemuSetupCgroup, qemuTeardownDiskPathDeny): Likewise.
-
- 24 2月, 2011 4 次提交
-
-
由 Daniel P. Berrange 提交于
Remove the <stdbool.h> header from all source files / headers and just put it into internal.h * src/internal.h: Add <stdbool.h>
-
由 Jiri Denemark 提交于
This is done for two reasons: - we are getting very close to 64 flags which is the maximum we can use with unsigned long long - by using LL constants in enum we already violates C99 constraint that enum values have to fit into int
-
由 Jiri Denemark 提交于
The new name complies more with the fact that it contains a set of qemuCapsFlags.
-
由 Jiri Denemark 提交于
Three new functions (qemuCapsSet, qemuCapsClear, and qemuCapsGet) were introduced replacing direct bit operations.
-