1. 28 2月, 2013 1 次提交
  2. 21 2月, 2013 1 次提交
    • O
      qemu: Merge qemuCheckSharedDisk into qemuAddSharedDisk · 371df778
      Osier Yang 提交于
      Based on moving various checking into qemuAddSharedDisk, this
      avoids the caller using it in wrong ways. Also this adds two
      new checking for qemuCheckSharedDisk (disk device not 'lun'
      and kernel doesn't support unpriv_sgio simply returns 0).
      371df778
  3. 13 2月, 2013 1 次提交
    • D
      Remove qemuDriverLock from almost everywhere · a9e97e0c
      Daniel P. Berrange 提交于
      With the majority of fields in the virQEMUDriverPtr struct
      now immutable or self-locking, there is no need for practically
      any methods to be using the QEMU driver lock. Only a handful
      of helper APIs in qemu_conf.c now need it
      a9e97e0c
  4. 11 2月, 2013 1 次提交
  5. 05 2月, 2013 1 次提交
    • D
      Introduce a virQEMUDriverConfigPtr object · b090aa7d
      Daniel P. Berrange 提交于
      Currently the virQEMUDriverPtr struct contains an wide variety
      of data with varying access needs. Move all the static config
      data into a dedicated virQEMUDriverConfigPtr object. The only
      locking requirement is to hold the driver lock, while obtaining
      an instance of virQEMUDriverConfigPtr. Once a reference is held
      on the config object, it can be used completely lockless since
      it is immutable.
      
      NB, not all APIs correctly hold the driver lock while getting
      a reference to the config object in this patch. This is safe
      for now since the config is never updated on the fly. Later
      patches will address this fully.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      b090aa7d
  6. 07 1月, 2013 2 次提交
  7. 29 11月, 2012 1 次提交
  8. 24 10月, 2012 1 次提交
  9. 21 9月, 2012 1 次提交
  10. 15 8月, 2012 1 次提交
  11. 23 7月, 2012 1 次提交
    • O
      Desert the FSF address in copyright · f9ce7dad
      Osier Yang 提交于
      Per the FSF address could be changed from time to time, and GNU
      recommends the following now: (http://www.gnu.org/licenses/gpl-howto.html)
      
        You should have received a copy of the GNU General Public License
        along with Foobar.  If not, see <http://www.gnu.org/licenses/>.
      
      This patch removes the explicit FSF address, and uses above instead
      (of course, with inserting 'Lesser' before 'General').
      
      Except a bunch of files for security driver, all others are changed
      automatically, the copyright for securify files are not complete,
      that's why to do it manually:
      
        src/security/security_selinux.h
        src/security/security_driver.h
        src/security/security_selinux.c
        src/security/security_apparmor.h
        src/security/security_apparmor.c
        src/security/security_driver.c
      f9ce7dad
  12. 12 6月, 2012 2 次提交
    • M
      qemu: Don't overwrite security labels · 86032b22
      Michal Privoznik 提交于
      Currently, if qemuProcessStart fail at some point, e.g. because
      domain being started wants a PCI/USB device already assigned to
      a different domain, we jump to cleanup label where qemuProcessStop
      is performed. This unconditionally calls virSecurityManagerRestoreAllLabel
      which is wrong because the other domain is still using those devices.
      
      However, once we successfully label all devices/paths in
      qemuProcessStart() from that point on, we have to perform a rollback
      on failure - that is - we have to virSecurityManagerRestoreAllLabel.
      86032b22
    • M
      qemuProcessStop: Switch to flags · 69dd7714
      Michal Privoznik 提交于
      Currently, we are passing only one boolean (migrated) so there is
      no real profit in this. But it creates starting position for
      next patch.
      69dd7714
  13. 16 4月, 2012 1 次提交
  14. 30 3月, 2012 1 次提交
    • W
      fix a deadlock when qemu cannot start · ff68d6ee
      Wen Congyang 提交于
      When qemu cannot start, we may call qemuProcessStop() twice.
      We have check whether the vm is running at the beginning of
      qemuProcessStop() to avoid libvirt deadlock. We call
      qemuProcessStop() with driver and vm locked. It seems that
      we can avoid libvirt deadlock. But unfortunately we may
      unlock driver and vm in the function qemuProcessKill() while
      vm->def->id is not -1. So qemuProcessStop() will be run twice,
      and monitor will be freed unexpectedly. So we should set
      vm->def->id to -1 at the beginning of qemuProcessStop().
      ff68d6ee
  15. 08 3月, 2012 1 次提交
    • M
      qemu: Fix startupPolicy for snapshot-revert · b819b3b7
      Michal Privoznik 提交于
      Currently, startupPolicy='requisite' was determining cold boot
      by migrateFrom != NULL. That means, if domain was started up
      with migrateFrom set we didn't require disk source path and allowed
      it to be dropped. However, on snapshot-revert domain wasn't migrated
      but according to documentation, requisite should drop disk source
      as well.
      b819b3b7
  16. 02 3月, 2012 1 次提交
    • E
      build: use correct type for pid and similar types · 3e2c3d8f
      Eric Blake 提交于
      No thanks to 64-bit windows, with 64-bit pid_t, we have to avoid
      constructs like 'int pid'.  Our API in libvirt-qemu cannot be
      changed without breaking ABI; but then again, libvirt-qemu can
      only be used on systems that support UNIX sockets, which rules
      out Windows (even if qemu could be compiled there) - so for all
      points on the call chain that interact with this API decision,
      we require a different variable name to make it clear that we
      audited the use for safety.
      
      Adding a syntax-check rule only solves half the battle; anywhere
      that uses printf on a pid_t still needs to be converted, but that
      will be a separate patch.
      
      * cfg.mk (sc_correct_id_types): New syntax check.
      * src/libvirt-qemu.c (virDomainQemuAttach): Document why we didn't
      use pid_t for pid, and validate for overflow.
      * include/libvirt/libvirt-qemu.h (virDomainQemuAttach): Tweak name
      for syntax check.
      * src/vmware/vmware_conf.c (vmwareExtractPid): Likewise.
      * src/driver.h (virDrvDomainQemuAttach): Likewise.
      * tools/virsh.c (cmdQemuAttach): Likewise.
      * src/remote/qemu_protocol.x (qemu_domain_attach_args): Likewise.
      * src/qemu_protocol-structs (qemu_domain_attach_args): Likewise.
      * src/util/cgroup.c (virCgroupPidCode, virCgroupKillInternal):
      Likewise.
      * src/qemu/qemu_command.c(qemuParseProcFileStrings): Likewise.
      (qemuParseCommandLinePid): Use pid_t for pid.
      * daemon/libvirtd.c (daemonForkIntoBackground): Likewise.
      * src/conf/domain_conf.h (_virDomainObj): Likewise.
      * src/probes.d (rpc_socket_new): Likewise.
      * src/qemu/qemu_command.h (qemuParseCommandLinePid): Likewise.
      * src/qemu/qemu_driver.c (qemudGetProcessInfo, qemuDomainAttach):
      Likewise.
      * src/qemu/qemu_process.c (qemuProcessAttach): Likewise.
      * src/qemu/qemu_process.h (qemuProcessAttach): Likewise.
      * src/uml/uml_driver.c (umlGetProcessInfo): Likewise.
      * src/util/virnetdev.h (virNetDevSetNamespace): Likewise.
      * src/util/virnetdev.c (virNetDevSetNamespace): Likewise.
      * tests/testutils.c (virtTestCaptureProgramOutput): Likewise.
      * src/conf/storage_conf.h (_virStoragePerms): Use mode_t, uid_t,
      and gid_t rather than int.
      * src/security/security_dac.c (virSecurityDACSetOwnership): Likewise.
      * src/conf/storage_conf.c (virStorageDefParsePerms): Avoid
      compiler warning.
      3e2c3d8f
  17. 16 2月, 2012 1 次提交
    • L
      qemu: drop driver lock while trying to terminate qemu process · 595e26c0
      Laine Stump 提交于
      This patch is based on an earlier patch by Eric Blake which was never
      committed:
      
      https://www.redhat.com/archives/libvir-list/2011-November/msg00243.html
      
      Aside from rebasing, this patch only drops the driver lock once (prior
      to the first time the function sleeps), then leaves it dropped until
      it returns (Eric's patch would drop and re-acquire the lock around
      each call to sleep).
      
      At the time Eric sent his patch, the response (from Dan Berrange) was
      that, while it wasn't a good thing to be holding the driver lock while
      sleeping, we really need to rethink locking wrt the driver object,
      switching to a finer-grained approach that locks individual items
      within the driver object separately to allow for greater concurrency.
      
      This is a good plan, and at the time it made sense to not apply the
      patch because there was no known bug related to the driver lock being
      held in this function.
      
      However, we now know that the length of the wait in qemuProcessKill is
      sometimes too short to allow the qemu process to fully flush its disk
      cache before SIGKILL is sent, so we need to lengthen the timeout (in
      order to improve the situation with management applications until they
      can be updated to use the new VIR_DOMAIN_DESTROY_GRACEFUL flag added
      in commit 72f8a7f1). But, if we
      lengthen the timeout, we also lengthen the amount of time that all
      other threads in libvirtd are essentially blocked from doing anything
      (since just about everything needs to acquire the driver lock, if only
      for long enough to get a pointer to a domain).
      
      The solution is to modify qemuProcessKill to drop the driver lock
      while sleeping, as proposed in Eric's patch. Then we can increase the
      timeout with a clear conscience, and thus at least lower the chances
      that someone running with existing management software will suffer the
      consequence's of qemu's disk cache not being flushed.
      
      In the meantime, we still should work on Dan's proposal to make
      locking within the driver object more fine grained.
      
      (NB: although I couldn't find any instance where qemuProcessKill() was
      called with no jobs active for the domain (or some other guarantee
      that the current thread had at least one refcount on the domain
      object), this patch still follows Eric's method of temporarily adding
      a ref prior to unlocking the domain object, because I couldn't
      convince myself 100% that this was the case.)
      595e26c0
  18. 04 2月, 2012 1 次提交
    • L
      qemu: new GRACEFUL flag for virDomainDestroy w/ QEMU support · 72f8a7f1
      Laine Stump 提交于
      When libvirt's virDomainDestroy API is shutting down the qemu process,
      it first sends SIGTERM, then waits for 1.6 seconds and, if it sees the
      process still there, sends a SIGKILL.
      
      There have been reports that this behavior can lead to data loss
      because the guest running in qemu doesn't have time to flush its disk
      cache buffers before it's unceremoniously whacked.
      
      This patch maintains that default behavior, but provides a new flag
      VIR_DOMAIN_DESTROY_GRACEFUL to alter the behavior. If this flag is set
      in the call to virDomainDestroyFlags, SIGKILL will never be sent to
      the qemu process; instead, if the timeout is reached and the qemu
      process still exists, virDomainDestroy will return an error.
      
      Once this patch is in, the recommended method for applications to call
      virDomainDestroyFlags will be with VIR_DOMAIN_DESTROY_GRACEFUL
      included. If that fails, then the application can decide if and when
      to call virDomainDestroyFlags again without
      VIR_DOMAIN_DESTROY_GRACEFUL (to force the issue with SIGKILL).
      
      (Note that this does not address the issue of existing applications
      that have not yet been modified to use VIR_DOMAIN_DESTROY_GRACEFUL.
      That is a separate patch.)
      72f8a7f1
  19. 19 11月, 2011 1 次提交
    • D
      Rename Macvtap management APIs · 43925db7
      Daniel P. Berrange 提交于
      In preparation for code re-organization, rename the Macvtap
      management APIs to have the following patterns
      
        virNetDevMacVLanXXXXX     - macvlan/macvtap interface management
        virNetDevVPortProfileXXXX - virtual port profile management
      
      * src/util/macvtap.c, src/util/macvtap.h: Rename APIs
      * src/conf/domain_conf.c, src/network/bridge_driver.c,
        src/qemu/qemu_command.c, src/qemu/qemu_command.h,
        src/qemu/qemu_driver.c, src/qemu/qemu_hotplug.c,
        src/qemu/qemu_migration.c, src/qemu/qemu_process.c,
        src/qemu/qemu_process.h: Update for renamed APIs
      43925db7
  20. 16 9月, 2011 1 次提交
    • J
      qemu: Prevent disk corruption on domain shutdown · 96fc4784
      Jiri Denemark 提交于
      Ever since we introduced fake reboot, we call qemuProcessKill as a
      reaction to SHUTDOWN event. Unfortunately, qemu doesn't guarantee it
      flushed all internal buffers before sending SHUTDOWN, in which case
      killing the process forcibly may result in (virtual) disk corruption.
      
      By sending just SIGTERM without SIGKILL we give qemu time to to flush
      all buffers and exit. Once qemu exits, we will see an EOF on monitor
      connection and tear down the domain. In case qemu ignores SIGTERM or
      just hangs there, the process stays running but that's not any different
      from a possible hang anytime during the shutdown process so I think it's
      just fine.
      
      Also qemu (since 0.14 until it's fixed) has a bug in SIGTERM processing
      which causes it not to exit but instead send new SHUTDOWN event and keep
      waiting. I think the best we can do is to ignore duplicate SHUTDOWN
      events to avoid a SHUTDOWN-SIGTERM loop and leave the domain in paused
      state.
      96fc4784
  21. 26 8月, 2011 1 次提交
    • E
      snapshot: only pass snapshot to qemu command line when reverting · 5e47785b
      Eric Blake 提交于
      Changing the current vm, and writing that change to the file
      system, all before a new qemu starts, is risky; it's hard to
      roll back if starting the new qemu fails for some reason.
      Instead of abusing vm->current_snapshot and making the command
      line generator decide whether the current snapshot warrants
      using -loadvm, it is better to just directly pass a snapshot all
      the way through the call chain if it is to be loaded.
      
      This frees up the last use of snapshot->def->active for qemu's
      use, so the next patch can repurpose that field for tracking
      which snapshot is current.
      
      * src/qemu/qemu_command.c (qemuBuildCommandLine): Don't use active
      field of snapshot.
      * src/qemu/qemu_process.c (qemuProcessStart): Add a parameter.
      * src/qemu/qemu_process.h (qemuProcessStart): Update prototype.
      * src/qemu/qemu_migration.c (qemuMigrationPrepareAny): Update
      callers.
      * src/qemu/qemu_driver.c (qemudDomainCreate)
      (qemuDomainSaveImageStartVM, qemuDomainObjStart)
      (qemuDomainRevertToSnapshot): Likewise.
      (qemuDomainSnapshotSetCurrentActive)
      (qemuDomainSnapshotSetCurrentInactive): Delete unused functions.
      5e47785b
  22. 01 8月, 2011 1 次提交
    • E
      qemu: fix crash when mixing sync and async monitor jobs · 193cd0f3
      Eric Blake 提交于
      Currently, we attempt to run sync job and async job at the same time. It
      means that the monitor commands for two jobs can be run in any order.
      
      In the function qemuDomainObjEnterMonitorInternal():
          if (priv->job.active == QEMU_JOB_NONE && priv->job.asyncJob) {
              if (qemuDomainObjBeginNestedJob(driver, obj) < 0)
      We check whether the caller is an async job by priv->job.active and
      priv->job.asynJob. But when an async job is running, and a sync job is
      also running at the time of the check, then priv->job.active is not
      QEMU_JOB_NONE. So we cannot check whether the caller is an async job
      in the function qemuDomainObjEnterMonitorInternal(), and must instead
      put the burden on the caller to tell us when an async command wants
      to do a nested job.
      
      Once the burden is on the caller, then only async monitor enters need
      to worry about whether the VM is still running; for sync monitor enter,
      the internal return is always 0, so lots of ignore_value can be dropped.
      
      * src/qemu/THREADS.txt: Reflect new rules.
      * src/qemu/qemu_domain.h (qemuDomainObjEnterMonitorAsync): New
      prototype.
      * src/qemu/qemu_process.h (qemuProcessStartCPUs)
      (qemuProcessStopCPUs): Add parameter.
      * src/qemu/qemu_migration.h (qemuMigrationToFile): Likewise.
      (qemuMigrationWaitForCompletion): Make static.
      * src/qemu/qemu_domain.c (qemuDomainObjEnterMonitorInternal): Add
      parameter.
      (qemuDomainObjEnterMonitorAsync): New function.
      (qemuDomainObjEnterMonitor, qemuDomainObjEnterMonitorWithDriver):
      Update callers.
      * src/qemu/qemu_driver.c (qemuDomainSaveInternal)
      (qemudDomainCoreDump, doCoreDump, processWatchdogEvent)
      (qemudDomainSuspend, qemudDomainResume, qemuDomainSaveImageStartVM)
      (qemuDomainSnapshotCreateActive, qemuDomainRevertToSnapshot):
      Likewise.
      * src/qemu/qemu_process.c (qemuProcessStopCPUs)
      (qemuProcessFakeReboot, qemuProcessRecoverMigration)
      (qemuProcessRecoverJob, qemuProcessStart): Likewise.
      * src/qemu/qemu_migration.c (qemuMigrationToFile)
      (qemuMigrationWaitForCompletion, qemuMigrationUpdateJobStatus)
      (qemuMigrationJobStart, qemuDomainMigrateGraphicsRelocate)
      (doNativeMigrate, doTunnelMigrate, qemuMigrationPerformJob)
      (qemuMigrationPerformPhase, qemuMigrationFinish)
      (qemuMigrationConfirm): Likewise.
      * src/qemu/qemu_hotplug.c: Drop unneeded ignore_value.
      193cd0f3
  23. 12 7月, 2011 1 次提交
    • D
      Implement code to attach to external QEMU instances. · 109efd79
      Daniel P. Berrange 提交于
      Given a PID, the QEMU driver reads /proc/$PID/cmdline and
      /proc/$PID/environ to get the configuration. This is fed
      into the ARGV->XML convertor to build an XML configuration
      for the process.
      
      /proc/$PID/exe is resolved to identify the full command
      binary path
      
      After checking for name/uuid uniqueness, an attempt is
      made to connect to the monitor socket. If successful
      then 'info status' and 'info kvm' are issued to determine
      whether the CPUs are running and if KVM is enabled.
      
      * src/qemu/qemu_driver.c: Implement virDomainQemuAttach
      * src/qemu/qemu_process.h, src/qemu/qemu_process.c: Add
        qemuProcessAttach to connect to the monitor of an
        existing QEMU process
      109efd79
  24. 24 6月, 2011 2 次提交
    • D
      Allow automatic kill of guests when a connection is closed · 3ba937da
      Daniel P. Berrange 提交于
      If an application is using libvirt + KVM as a piece of its
      internal infrastructure to perform a specific task, it can
      be desirable to guarentee the VM dies when the virConnectPtr
      disconnects from libvirtd. This ensures the app can't leak
      any VMs it was using. Adding VIR_DOMAIN_START_AUTOKILL as
      a flag when starting guests enables this to be done.
      
      * include/libvirt/libvirt.h.in: All VIR_DOMAIN_START_AUTOKILL
      * src/qemu/qemu_driver.c: Support automatic killing of guests
        upon connection close
      * tools/virsh.c: Add --autokill flag to 'start' and 'create'
        commands
      3ba937da
    • D
      Add infrastructure to automatically destroy guests when a connection closes · 558b7fd0
      Daniel P. Berrange 提交于
      Sometimes it is useful to be able to automatically destroy a guest when
      a connection is closed. For example, kill an incoming migration if
      the client managing the migration dies. This introduces a map between
      guest 'uuid' strings and virConnectPtr objects. When a connection is
      closed, any associated guests are killed off.
      
      * src/qemu/qemu_conf.h: Add autokill hash table to qemu driver
      * src/qemu/qemu_process.c, src/qemu/qemu_process.h: Add APIs
        for performing autokill of guests associated with a connection
      * src/qemu/qemu_driver.c: Initialize autodestroy map
      558b7fd0
  25. 16 5月, 2011 1 次提交
    • J
      Implement domain state reason · b046c55d
      Jiri Denemark 提交于
      Only in drivers which use virDomainObj, drivers that query hypervisor
      for domain status need to be updated separately in case their hypervisor
      supports this functionality.
      
      The reason is also saved into domain state XML so if a domain is not
      running (i.e., no state XML exists) the reason will be lost by libvirtd
      restart. I think this is an acceptable limitation.
      b046c55d
  26. 11 5月, 2011 1 次提交
    • D
      Allow destroying QEMU VM even if a job is active · cbf9f2f2
      Daniel P. Berrange 提交于
      Introduce a virProcessKill function that can be safely called
      even when the job mutex is held. This allows virDomainDestroy
      to kill any VM even if it is asleep in a monitor job. The PID
      will die and the thread asleep on the monitor will then wake
      up releasing the job mutex.
      
      * src/qemu/qemu_driver.c: Kill process before using qemuProcessStop
        to ensure job is released
      * src/qemu/qemu_process.c: Add virProcessKill for killing off
        QEMU processes
      cbf9f2f2
  27. 17 2月, 2011 1 次提交
    • D
      Split all QEMU process mangement code into separate file · 48c2d6c6
      Daniel P. Berrange 提交于
      Move the qemudStartVMDaemon and qemudShutdownVMDaemon
      methods into a separate file, renaming them to
      qemuProcessStart, qemuProcessStop. All helper methods
      called by these are also moved & renamed to match
      
      * src/Makefile.am: Add qemu_process.c/.h
      * src/qemu/qemu_command.c: Add qemuDomainAssignPCIAddresses
      * src/qemu/qemu_command.h: Add VNC port min/max
      * src/qemu/qemu_domain.c, src/qemu/qemu_domain.h: Add
        domain event queue helpers
      * src/qemu/qemu_driver.c, src/qemu/qemu_driver.h: Remove
        all QEMU process startup/shutdown functions
      * src/qemu/qemu_process.c, src/qemu/qemu_process.h: Add
        all QEMU process startup/shutdown functions
      48c2d6c6