- 27 6月, 2018 1 次提交
-
-
由 Daniel P. Berrangé 提交于
Remove the callbacks that the nwfilter driver registers with the domain object config layer. Instead make the current helper methods call into the public API for creating/deleting nwfilter bindings. Reviewed-by: NJohn Ferlan <jferlan@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
- 26 6月, 2018 1 次提交
-
-
由 Daniel P. Berrangé 提交于
The UNIX socket FDs were we passing to QEMU inherited a label based on libvirtd's context. QEMU is thus denied ability to access the UNIX socket. We need to use the security manager to change our current context temporarily when creating the UNIX socket FD. Reviewed-by: NLaine Stump <laine@laine.org> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
- 20 6月, 2018 2 次提交
-
-
由 Luyao Huang 提交于
Be more consistent and use 'preparing' instead of 'prepare' here. Signed-off-by: NLuyao Huang <lhuang@redhat.com> Reviewed-by: NErik Skultety <eskultet@redhat.com>
-
由 Luyao Huang 提交于
When commit 6718132d enforced usage of the cleanup label, it forgot to set the @ret variable to 0 on "success" exit path. Signed-off-by: NLuyao Huang <lhuang@redhat.com> Reviewed-by: NErik Skultety <eskultet@redhat.com>
-
- 14 6月, 2018 4 次提交
-
-
由 Ján Tomko 提交于
Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NBrijesh Singh <brijesh.singh@amd.com> Tested-by: NBrijesh Singh <brijesh.singh@amd.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Ján Tomko 提交于
Some identifiers use Sev, some SEV. Prefer the latter. Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NBrijesh Singh <brijesh.singh@amd.com> Tested-by: NBrijesh Singh <brijesh.singh@amd.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Ján Tomko 提交于
A common cleanup path for both the success and the error case. Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NBrijesh Singh <brijesh.singh@amd.com> Tested-by: NBrijesh Singh <brijesh.singh@amd.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Ján Tomko 提交于
Make the function prefix match the file it's in. Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NBrijesh Singh <brijesh.singh@amd.com> Tested-by: NBrijesh Singh <brijesh.singh@amd.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com>
-
- 13 6月, 2018 1 次提交
-
-
由 Anya Harter 提交于
And replace all calls with virObjectEventStateQueue such that: qemuDomainEventQueue(driver, event); becomes: virObjectEventStateQueue(driver->domainEventState, event); And remove NULL checking from all callers. Signed-off-by: NAnya Harter <aharter@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com> Signed-off-by: NJán Tomko <jtomko@redhat.com>
-
- 12 6月, 2018 1 次提交
-
-
由 Brijesh Singh 提交于
QEMU >= 2.12 provides 'sev-guest' object which is used to launch encrypted VMs on AMD platform using SEV feature. The various inputs required to launch SEV guest is provided through the <launch-security> tag. A typical SEV guest launch command line looks like this: -object sev-guest,id=sev0,cbitpos=47,reduced-phys-bits=5 ...\ -machine memory-encryption=sev0 \ Signed-off-by: NBrijesh Singh <brijesh.singh@amd.com> Reviewed-by: NErik Skultety <eskultet@redhat.com>
-
- 06 6月, 2018 4 次提交
-
-
由 Stefan Berger 提交于
Add the external swtpm to the emulator cgroup so that upper limits of CPU usage can be enforced on the emulated TPM. To enable this we need to have the swtpm write its process id (pid) into a file. We then read it from the file to configure the emulator cgroup. The PID file is created in /var/run/libvirt/qemu/swtpm: [root@localhost swtpm]# ls -lZ /var/run/libvirt/qemu/swtpm/ total 4 -rw-r--r--. 1 tss tss system_u:object_r:qemu_var_run_t:s0 5 Apr 10 12:26 1-testvm-swtpm.pid srw-rw----. 1 qemu qemu system_u:object_r:svirt_image_t:s0:c597,c632 0 Apr 10 12:26 1-testvm-swtpm.sock The swtpm command line now looks as follows: root@localhost testvm]# ps auxZ | grep swtpm | grep socket | grep -v grep system_u:system_r:virtd_t:s0:c597,c632 tss 18697 0.0 0.0 28172 3892 ? Ss 16:46 0:00 /usr/bin/swtpm socket --daemon --ctrl type=unixio,path=/var/run/libvirt/qemu/swtpm/1-testvm-swtpm.sock,mode=0600 --tpmstate dir=/var/lib/libvirt/swtpm/485d0004-a48f-436a-8457-8a3b73e28568/tpm1.2/ --log file=/var/log/swtpm/libvirt/qemu/testvm-swtpm.log --pid file=/var/run/libvirt/qemu/swtpm/1-testvm-swtpm.pid Signed-off-by: NStefan Berger <stefanb@linux.vnet.ibm.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Stefan Berger 提交于
Implement functions for managing the storage of the external swtpm as well as starting and stopping it. Also implement functions to use swtpm_setup, which simulates the manufacturing of a TPM, which includes creation of certificates for the device. Further, the external TPM needs storage on the host that we need to set up before it can be run. We can clean up the host once the domain is undefined. This patch also implements a small layer for external device support that calls into the TPM device layer if a domain has an attached TPM. This is the layer we will wire up later on. Signed-off-by: NStefan Berger <stefanb@linux.vnet.ibm.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 ramyelkest 提交于
Replace instances where we previously called virGetLastError just to either get the code or to check if an error exists with virGetLastErrorCode to avoid a validity pre-check. Signed-off-by: NRamy Elkest <ramyelkest@gmail.com> Reviewed-by: NErik Skultety <eskultet@redhat.com>
-
由 Daniel P. Berrangé 提交于
Since libvirt called bind() and listen() on the UNIX socket, it is guaranteed that connect() will immediately succeed, if QEMU is running normally. It will only fail if QEMU has closed the monitor socket by mistake or if QEMU has exited, letting the kernel close it. With this in mind we can remove the retry loop and timeout when connecting to the QEMU monitor if we are doing FD passing. Libvirt can go straight to sending the QMP greeting and will simply block waiting for a reply until QEMU is ready. Reviewed-by: NJohn Ferlan <jferlan@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
- 05 6月, 2018 2 次提交
-
-
由 Peter Krempa 提交于
Now that the old qcow2 encryption is removed we can safely delete all this code since it's not needed any more. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Ján Tomko 提交于
Allow hotplugging the vsock device. https://bugzilla.redhat.com/show_bug.cgi?id=1291851Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
-
- 29 5月, 2018 1 次提交
-
-
由 Ján Tomko 提交于
Create a new vsock endpoint by opening /dev/vhost-vsock, set the requested CID via ioctl (or assign a free one if auto='yes'), pass the file descriptor to QEMU and build the command line. https://bugzilla.redhat.com/show_bug.cgi?id=1291851Signed-off-by: NJán Tomko <jtomko@redhat.com>
-
- 25 5月, 2018 1 次提交
-
-
由 John Ferlan 提交于
Before we generate the command line for qemu, if the domain about to be launched desires to utilize the VM Generation ID functionality, then handle both the regenerating the GUID value for backup recovery (restore operation) and the startup after snapshot as both require a new GUID to be generated to allow the guest operating system to recognize the VM is re-executing something that has already executed before. Signed-off-by: NJohn Ferlan <jferlan@redhat.com> ACKed-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 23 5月, 2018 1 次提交
-
-
由 Peter Krempa 提交于
After the text monitor was deleted this event can't be triggered. Remove it and all the unnecessary code. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
- 21 5月, 2018 1 次提交
-
-
由 Daniel P. Berrangé 提交于
We currently print the libvirt and qemu version strings into the per-guest logfile. It would be useful to know what kernel is running too, so add that. Reviewed-by: NKashyap Chamarthy <kchamart@redhat.com> Tested-by: NKashyap Chamarthy <kchamart@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
- 16 5月, 2018 3 次提交
-
-
由 Peter Krempa 提交于
Extract the lookup code so that it can be reused later. Signed-off-by: NPeter Krempa <pkrempa@redhat.com>
-
由 Peter Krempa 提交于
Libvirt only manages one PR daemon. This means that we don't need to pass the 'disk' object and also rename the functions dealing with this so that it's obvious we only deal with the managed PR daemon. Signed-off-by: Peter Krempa <pkrempa@redhat st.com>
-
由 Peter Krempa 提交于
Rather than always checking which path to use pre-assign it when preparing storage source. This reduces the need to pass 'vm' around too much. For later use the path can be retrieved from the status XML. Signed-off-by: NPeter Krempa <pkrempa@redhat.com>
-
- 11 5月, 2018 2 次提交
-
-
由 Michal Privoznik 提交于
When attaching a disk that requires pr-manager we might need to plug the pr-manager object and start the pr-helper process. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
-
由 Michal Privoznik 提交于
Before we exec() qemu we have to spawn pr-helper processes for all managed reservations (well, technically there can only one). The only caveat there is that we should place the process into the same namespace and cgroup as qemu (so that it shares the same view of the system). But we can do that only after we've forked. That means calling the setup function between fork() and exec(). Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
-
- 04 5月, 2018 2 次提交
-
-
由 Martin Kletzander 提交于
Signed-off-by: NMartin Kletzander <mkletzan@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Daniel P. Berrangé 提交于
The vm name is not needed for any functional requirement, but it will be useful when debugging problems to identify which VM is associated with a filter, since UUID is not human friendly. Reviewed-by: NJiri Denemark <jdenemar@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
- 17 4月, 2018 8 次提交
-
-
由 Jiri Denemark 提交于
Trying to delete the non-existent TLS objects results in ugly error messages in the log, which could easily confuse users. Let's avoid this confusion by not trying to delete the objects if we were not asked to enable TLS migration and thus we didn't created the objects anyway. This patch restores the behavior to the state before "qemu: Reset all migration parameters". Signed-off-by: NJiri Denemark <jdenemar@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Jiri Denemark 提交于
When an async job is running, we sometimes need to know how it was started to distinguish between several types of the job, e.g., post-copy vs. normal migration. So far we added a specific bool item to qemuDomainJobObj for such cases, which doesn't scale very well and storing such bools in status XML would be painful so we didn't do it. A better approach is to store the flags passed to the API which started the async job, which can be easily stored in status XML. Signed-off-by: NJiri Denemark <jdenemar@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Jiri Denemark 提交于
Restore the original values of all migration parameters we store in qemuDomainJobObj instead of explicitly resting only a limited set of them. The result is not strictly equivalent to the previous code wrt reseting TLS state because the previous code would only reset it if we changed it before while the new code will reset it always if QEMU supports TLS migration. This is not a problem for the parameters themselves, but it can cause spurious errors about missing TLS objects being logged at the end of non-TLS migration. This issue will be fixed ~50 patches later. Signed-off-by: NJiri Denemark <jdenemar@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Jiri Denemark 提交于
Currently, only job->phase is passed and both APIs will need to look at more details about the job. Signed-off-by: NJiri Denemark <jdenemar@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Jiri Denemark 提交于
Signed-off-by: NJiri Denemark <jdenemar@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Jiri Denemark 提交于
Since the function is tightly connected to migration, it was renamed as qemuMigrationCapsCheck and moved to qemu_migration_params.c. Signed-off-by: NJiri Denemark <jdenemar@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Jiri Denemark 提交于
In the end, this will allow us to have most of the logic around migration parameters and capabilities done in one place. Signed-off-by: NJiri Denemark <jdenemar@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Ján Tomko 提交于
Implied by QEMU >= 1.2.0. Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NAndrea Bolognani <abologna@redhat.com>
-
- 12 4月, 2018 2 次提交
-
-
由 Ján Tomko 提交于
We require QEMU >= 1.5.0, assume every QEMU supports it. Sadly that does not let us trivially drop qemuMonitor's priv->monJSON bool, because of qemuDomainQemuAttach. Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NAndrea Bolognani <abologna@redhat.com>
-
由 Ján Tomko 提交于
This makes qemuDomainSupportsNetdev identical to qemuDomainSupportsNicdev and leaves some code in qemuDomainAttachNetDevice to be cleaned up later. Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NAndrea Bolognani <abologna@redhat.com>
-
- 10 4月, 2018 3 次提交
-
-
由 John Ferlan 提交于
Because we allow a QEMU_JOB_DESTROY to occur while we're starting up and we drop the @vm lock prior to qemuMonitorOpen, it's possible that a domain destroy operation "wins" the race, calls qemuProcessStop which will free and reinitialize priv->monConfig. Depending on the exact timing either qemuMonitorOpen will be passed a NULL @config variable or it will be using free'd (and possibly reclaimed) memory as the @config parameter - neither of which is good. Resolve this by localizing the @monConfig, taking an extra reference, and then once we get the @vm lock again removing our reference since we are done with it. Signed-off-by: NJohn Ferlan <jferlan@redhat.com> Reviewed-by: NMarc Hartmayer <mhartmay@linux.vnet.ibm.com>
-
由 John Ferlan 提交于
Rather than VIR_ALLOC, use the New function for allocation. We already use the Free function anyway. Signed-off-by: NJohn Ferlan <jferlan@redhat.com> Reviewed-by: NLaine Stump <laine@laine.org> Reviewed-by: NMarc Hartmayer <mhartmay@linux.vnet.ibm.com>
-
由 John Ferlan 提交于
Since virCloseCallbacksRun was ignoring the value anyway, let's just change it to be a void function. Signed-off-by: NJohn Ferlan <jferlan@redhat.com> Reviewed-by: NMarc Hartmayer <mhartmay@linux.vnet.ibm.com>
-