- 21 9月, 2018 9 次提交
-
-
由 Fabiano Fidêncio 提交于
Signed-off-by: NFabiano Fidêncio <fidencio@redhat.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
-
由 Boris Fiuczynski 提交于
Signed-off-by: NBoris Fiuczynski <fiuczy@linux.ibm.com>
-
由 Boris Fiuczynski 提交于
The QEMU binary is compiled from the v3.0.0 tag. Signed-off-by: NBoris Fiuczynski <fiuczy@linux.ibm.com>
-
由 John Ferlan 提交于
Commit 12093f1f used %ld instead of %zd for a size_t. Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
-
由 John Ferlan 提交于
There seems to be no need to add the ignore_value wrapper or caste with (void) to the unlink() calls, so let's just remove them. I assume at one point in time Coverity complained. So, let's just be consistent - those that care to check the return status can and those that don't can just have the naked unlink. Signed-off-by: NJohn Ferlan <jferlan@redhat.com> Reviewed-by: NErik Skultety <eskultet@redhat.com>
-
由 Wang Huaqiang 提交于
This patch is introducing cache monitor(CMT) to cache and memory bandwidth monitor(MBM) for monitoring CPU memory bandwidth. The host capability of the two monitors is also introduced in this patch. For CMT, the host capability is shown like: <host> ... <cache> <bank id='0' level='3' type='both' size='15' unit='MiB' cpus='0-5'> <control granularity='768' min='1536' unit='KiB' type='both' maxAllocs='4'/> </bank> <monitor level='3' 'reuseThreshold'='270336' maxMonitors='176'> <feature name='llc_occupancy'/> </monitor> </cache> ... </host> For MBM, the capability is shown like this: <host> ... <memory_bandwidth> <node id='1' cpus='6-11'> <control granularity='10' min ='10' maxAllocs='4'/> </node> <monitor maxMonitors='176'> <feature name='mbm_total_bytes'/> <feature name='mbm_local_bytes'/> </monitor> </memory_bandwidth> ... </host> Signed-off-by: NWang Huaqiang <huaqiang.wang@intel.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
-
由 Wang Huaqiang 提交于
Move memory bandwidth capability nodes into one data structure, this allows us to add a monitor for memory bandwidth. Signed-off-by: NWang Huaqiang <huaqiang.wang@intel.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
-
由 Wang Huaqiang 提交于
Move all cache banks into one data structure, this allows us to add other cache component, such as cache monitor. Signed-off-by: NWang Huaqiang <huaqiang.wang@intel.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
-
由 Wang Huaqiang 提交于
This patch introduces the resource monitor and creates the interface for getting host capability of resource monitor from the system resource control file system. The resource monitor takes the role of RDT monitoring group and could be used to monitor the resource consumption information, such as the last level cache occupancy and the utilization of memory bandwidth. Signed-off-by: NWang Huaqiang <huaqiang.wang@intel.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
-
- 20 9月, 2018 10 次提交
-
-
由 Jim Fehlig 提交于
With the assumption that all Xen >= 4.6 contains a pkgconfig file for libxenlight, commit 5bdcef13 dropped the fallback check to probe libxenlight with LIBVIRT_CHECK_LIB. At the time it was not known that the various Xen pkgconfig files are in the -runtime package in Fedora, instead of the traditional -devel package. This bug [1] was fixed in Fedora > 28, but until Fedora 28 reaches EOL we'll need to re-introduce the fallback check. [1] https://bugzilla.redhat.com/show_bug.cgi?id=1629643Signed-off-by: NJim Fehlig <jfehlig@suse.com>
-
由 Jim Fehlig 提交于
Signed-off-by: NJim Fehlig <jfehlig@suse.com>
-
由 John Ferlan 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=1614283 Save the error from the refresh failure because the stopPool processing may overwrite the error or even worse clear it due to calling an external libvirt API that resets the last error such as is the case with the SCSI pool which may call virGetConnectNodeDev (see commit decaeb28) in order to process deleting an NPIV vport. Signed-off-by: NJohn Ferlan <jferlan@redhat.com> ACKed-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 John Ferlan 提交于
Create a common pool refresh failure handling method as the same code is repeated multiple times. Signed-off-by: NJohn Ferlan <jferlan@redhat.com> ACKed-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 John Ferlan 提交于
Rather than duplicate the error code, let's create an error label to keep code common. Signed-off-by: NJohn Ferlan <jferlan@redhat.com> ACKed-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 John Ferlan 提交于
Alter the code path to remove the need to to go cleanup and thus remove the label completely. Signed-off-by: NJohn Ferlan <jferlan@redhat.com> ACKed-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 John Ferlan 提交于
If the virStoragePoolRefresh fails and we call stopPool, the code neglected to clean up the state file leading to the next libvirtd restart attempting to start the pool. For a transient pool this could make it unexpectedly reappear. Signed-off-by: NJohn Ferlan <jferlan@redhat.com> ACKed-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 John Ferlan 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=1607202 It's essentially stated in the nwfilterBindingDelete that we will allow the admin to shoot themselves in the foot by deleting the nwfilter binding which then allows them to undefine the nwfilter that is in use for the running guest... However, by allowing this we cause a problem for libvirtd restart reconnect processing which would then try to recreate the missing binding attempting to use the deleted filter resulting in an error and thus shutting the guest down. So rather than keep adding virDomainConfNWFilterInstantiate flags to "ignore" specific error conditions, modify the logic to ignore, but VIR_WARN errors other than ignoreExists. This will at least allow the guest to not shutdown for only nwfilter binding errors that we can now perhaps recover from since we have the binding create/delete capability. Signed-off-by: NJohn Ferlan <jferlan@redhat.com> ACKed-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Erik Skultety 提交于
All of the ones being removed are pulled in by internal.h. The only exception is sanlock which expects the application to include <stdint.h> before sanlock's headers, because sanlock prototypes use fixed width int, but they don't include stdint.h themselves, so we have to leave that one in place. Signed-off-by: NErik Skultety <eskultet@redhat.com> Acked-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Erik Skultety 提交于
It doesn't really make sense for us to have stdlib.h and string.h but not stdio.h in the internal.h header. Signed-off-by: NErik Skultety <eskultet@redhat.com> Acked-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 19 9月, 2018 7 次提交
-
-
由 Jim Fehlig 提交于
The libxl_domain_config_from_json API appeared in Xen 4.5, hence there is no need to check for its existence after changing the minimum supported Xen version to 4.6. Remove the check and its use in the tests. Signed-off-by: NJim Fehlig <jfehlig@suse.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Erik Skultety 提交于
So, when trying to add some secret util sources, we referenced them with a non-existent symbol. Signed-off-by: NErik Skultety <eskultet@redhat.com>
-
由 Jiri Denemark 提交于
Introduced in QEMU by commit v3.0.0-156-g8a11c62da9. Signed-off-by: NJiri Denemark <jdenemar@redhat.com>
-
由 Jiri Denemark 提交于
QEMU commits: e37a5c7fa4 (v2.12.0) i386: Add Intel Processor Trace feature support c2f193b538 (v2.7.0) target-i386: Add support for UMIP and RDPID CPUID bits aff9e6e46a (v2.12.0) x86/cpu: Enable new SSE/AVX/AVX512 cpu features f77543772d (v2.9.0) x86: add AVX512_VPOPCNTDQ features 5131dc433d (v3.1.0) i386: Add CPUID bit for PCONFIG 59a80a19ca (v3.1.0) i386: Add CPUID bit for WBNOINVD Signed-off-by: NJiri Denemark <jdenemar@redhat.com>
-
由 Jiri Denemark 提交于
When restoring a domain from a compressed image, we launch an intermediate process for decompressing the saved data. If QEMU fails to load the data for some reason, we force close the stdin/stdout file descriptors of the intermediate process and wait for it to die. However, virCommandWait can report various errors which would overwrite the real error from QEMU. Thus instead of getting something useful: internal error: process exited while connecting to monitor: 2018-09-17T15:17:29.998910Z qemu-system-x86_64: can't apply global Skylake-Client-x86_64-cpu.osxsave=off: Property '.osxsave' not found we could get an irrelevant error message: internal error: Child process (lzop -dc --ignore-warn) unexpected fatal signal 13 Signed-off-by: NJiri Denemark <jdenemar@redhat.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
-
由 Jiri Denemark 提交于
Signed-off-by: NJiri Denemark <jdenemar@redhat.com> Reviewed-by: NPavel Hrdina <phrdina@redhat.com>
-
由 Michal Privoznik 提交于
In 2e974504 we've mistakenly removed gettext macro for translating static strings. This results in table header being printed in English regardless of user locale. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
-
- 18 9月, 2018 14 次提交
-
-
由 Michal Privoznik 提交于
Lock all the paths we want to relabel to mutually exclude other libvirt daemons. The only hitch here is that directories can't be locked. Therefore, when relabeling a directory do not lock it (this happens only when setting up some domain private paths anyway, e.g. huge pages directory). Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
-
由 Michal Privoznik 提交于
So far the whole transaction handling is done virSecuritySELinuxSetFileconHelper(). This needs to change for the sake of security label remembering and locking. Otherwise we would be locking a path when only appending it to transaction list and not when actually relabelling it. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
-
由 Michal Privoznik 提交于
Firstly, the following code pattern is harder to follow: if (func() < 0) { error(); } else { /* success */ } We should put 'goto cleanup' into the error branch and move the else branch one level up. Secondly, 'rc' should really be named 'ret' because it holds return value of the function. Not some intermediate value. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
-
由 Michal Privoznik 提交于
This label is used in both successful and error paths. Therefore it should be named 'cleanup' and not 'err'. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
-
由 Michal Privoznik 提交于
Lock all the paths we want to relabel to mutually exclude other libvirt daemons. The only hitch here is that directories can't be locked. Therefore, when relabeling a directory do not lock it (this happens only when setting up some domain private paths anyway, e.g. huge pages directory). Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
-
由 Michal Privoznik 提交于
Firstly, the message that says we're setting uid:gid shouldn't be called from virSecurityDACSetOwnershipInternal() because virSecurityDACRestoreFileLabelInternal() is calling it too. Secondly, there are places between us reporting label restore and us actually doing it where we can quit. Don't say we're doing something until we are actually about to do it. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
-
由 Michal Privoznik 提交于
So far the whole transaction handling is done virSecurityDACSetOwnershipInternal(). This needs to change for the sake of security label remembering and locking. Otherwise we would be locking a path when only appending it to transaction list and not when actually relabeling it. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
-
由 Michal Privoznik 提交于
Two new APIs are added so that security driver can lock and unlock paths it wishes to touch. These APIs are not for other drivers to call but security drivers (DAC and SELinux). That is the reason these APIs are not exposed through our libvirt_private.syms file. Three interesting things happen in this commit. The first is the global @lockManagerMutex. Unfortunately, this has to exist so that there is only one thread talking to virtlockd at a time. If there were more threads and one of them closed the connection prematurely, it would cause virtlockd killing libvirtd. Instead of complicated code that would handle that, let's have a mutex and keep the code simple. The second interesting thing is keeping connection open between lock and unlock API calls. This is achieved by duplicating client FD and keeping it open until unlock is called. This trick is used by regular disk content locking code when the FD is leaked to qemu. Finally, the third thing is polling implemented at client side. Since virtlockd has only one thread that handles locking requests, all it can do is either acquire lock or error out. Therefore, the polling has to be implemented in client. The polling is capped at 60 second timeout, which should be plenty since the metadata lock is held only for a fraction of a second. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
-
由 Michal Privoznik 提交于
Now that we know what metadata lock manager user wishes to use we can load it when initializing security driver. This is achieved by adding new argument to virSecurityManagerNewDriver() and subsequently to all functions that end up calling it. The cfg.mk change is needed in order to allow lock_manager.h inclusion in security driver without 'syntax-check' complaining. This is safe thing to do as locking APIs will always exist (it's only backend implementation that changes). However, instead of allowing the include for all other drivers (like cpu, network, and so on) allow it only for security driver. This will still trigger the error if including from other drivers. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
-
由 Michal Privoznik 提交于
This config option allows users to set and enable lock manager for domain metadata. The lock manager is going to be used by security drivers to serialize each other when changing a file ownership or changing the SELinux label. The only supported lock manager is 'lockd' for now. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
-
由 Michal Privoznik 提交于
In some cases we might want to not load the lock driver config. Alter virLockManagerPluginNew() and the lock drivers to cope with this fact. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
-
由 Michal Privoznik 提交于
Soon there will be a virtlockd client that wants to either lock all the resources or none (in order to avoid virtlockd killing the client on connection close). Because on the RPC layer we can only acquire one resource at a time, we have to perform a rollback once we hit a resource that can't be acquired. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
-
由 Michal Privoznik 提交于
This is a new type of object that lock drivers can handle. Currently, it is supported by lockd driver only. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
-
由 Michal Privoznik 提交于
The fact whether domain has or doesn't have RW disks is specific to VIR_LOCK_MANAGER_OBJECT_TYPE_DOMAIN and therefore should reside in union specific to it. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
-