- 24 6月, 2019 1 次提交
-
-
由 Ján Tomko 提交于
The virDomainSaveImageGetXMLDesc API is taking a path parameter, which can point to any path on the system. This file will then be read and parsed by libvirtd running with root privileges. Forbid it on read-only connections. Fixes: CVE-2019-10161 Reported-by: NMatthias Gerstner <mgerstner@suse.de> Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com> (cherry picked from commit aed6a032) Signed-off-by: NJán Tomko <jtomko@redhat.com> Conflicts: src/libvirt-domain.c src/remote/remote_protocol.x Upstream commit 12a51f37 which introduced the VIR_DOMAIN_SAVE_IMAGE_XML_SECURE alias for VIR_DOMAIN_XML_SECURE is not backported. Just skip the commit since we now disallow the whole API on read-only connections, regardless of the flag. Signed-off-by: NJán Tomko <jtomko@redhat.com>
-
- 17 1月, 2017 1 次提交
-
-
由 Daniel P. Berrange 提交于
This reverts commit ae16c95f.
-
- 11 1月, 2017 4 次提交
-
-
由 Peter Krempa 提交于
For the blockjobs, where libvirt is able to track the state internally we can fix locking of images we can remove the appropriate locks. Also when doing a pivoting operation we should not acquire the lock on any of those images since both are actually locked already. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1302168
-
由 Peter Krempa 提交于
Images that became the backing chain of the current image due to the snapshot need to be unlocked in the lock manager. Also if qemu was paused during the snapshot the current top level images need to be released until qemu is resumed so that they can be acquired properly. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1191901
-
由 Peter Krempa 提交于
The code at first changed the definition and then rolled it back in case of failure. This was ridiculous. Refactor the code so that the image in the definition is changed only when the snapshot is successful. The refactor will also simplify further fix of image locking when doing snapshots.
-
由 Peter Krempa 提交于
Libvirt is able to properly model what happens to the backing chain after a snapshot so there's no real need to redetect the data. Additionally with the _REUSE_EXT flag this might end up in redetecting wrong data if the user puts wrong backing chain reference into the snapshot image.
-
- 10 1月, 2017 3 次提交
-
-
由 Michal Privoznik 提交于
The code at the very bottom of the DAC secdriver that calls chown() should be fine with read-only data. If something needs to be prepared it should have been done beforehand. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Peter Krempa 提交于
When coldplugging vcpus to a VM that already has a few hotpluggable vcpus the code might generate invalid configuration as non-hotpluggable cpus need to be clustered starting from vcpu 0. This fix forces the added vcpus to be hotpluggable in such case. Fixes a corner case described in: https://bugzilla.redhat.com/show_bug.cgi?id=1370357
-
由 Nitesh Konkar 提交于
This patch adds support and documentation for a generalized hardware cache event called cache_l1d perf event. Signed-off-by: NNitesh Konkar <nitkon12@linux.vnet.ibm.com>
-
- 09 1月, 2017 1 次提交
-
-
由 Daniel P. Berrange 提交于
When changing the metadata via virDomainSetMetadata, we now emit an event to notify the app of changes. This is useful when co-ordinating different applications read/write of custom metadata. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 04 1月, 2017 1 次提交
-
-
由 Peter Krempa 提交于
Commit 4b951d1e missed the fact that the VM needs to be resumed after a live external checkpoint (memory snapshot) where the cpus would be paused by the migration rather than libvirt.
-
- 21 12月, 2016 1 次提交
-
-
由 John Ferlan 提交于
According to commit id '0282ca45' the 'physical' value should essentially be the last offset of the image or the host physical size in bytes of the image container. However, commit id '15fa84ac' refactored the GetBlockInfo to use the same returned data as the GetStatsBlock API for an active domain. For the 'entry->physical' that would end up being the "actual-size" as set through the qemuMonitorJSONBlockStatsUpdateCapacityOne (commit '7b11f5e5'). Digging deeper into QEMU code one finds that actual_size is filled in using the same algorithm as GetBlockInfo has used for setting the 'allocation' field when the domain is inactive. The difference in values is seen primarily in sparse raw files and other container type files (such as qcow2), which will return a smaller value via the stat API for 'st_blocks'. Additionally for container files, the 'capacity' field (populated via the QEMU "virtual-size" value) may be slightly different (smaller) in order to accomodate the overhead for the container. For sparse files, the state 'st_size' field is returned. This patch thus alters the allocation and physical values for sparse backed storage files to be more appropriate to the API contract. The result for GetBlockInfo is the following: capacity: logical size in bytes of the image (how much storage the guest will see) allocation: host storage in bytes occupied by the image (such as highest allocated extent if there are no holes, similar to 'du') physical: host physical size in bytes of the image container (last offset, similar to 'ls') NB: The GetStatsBlock API allows a different contract for the values: "block.<num>.allocation" - offset of the highest written sector as unsigned long long. "block.<num>.capacity" - logical size in bytes of the block device backing image as unsigned long long. "block.<num>.physical" - physical size in bytes of the container of the backing image as unsigned long long.
-
- 20 12月, 2016 1 次提交
-
-
由 Peter Krempa 提交于
The error would be overwritten otherwise producing a meaningless error message. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1302171
-
- 17 12月, 2016 1 次提交
-
-
由 Peter Krempa 提交于
Similarly to 29bb0669 forbid paths used with blockjobs to be relative. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1300177
-
- 16 12月, 2016 4 次提交
-
-
由 Nitesh Konkar 提交于
This patch adds support and documentation for the ref_cpu_cycles perf event. Signed-off-by: NNitesh Konkar <nitkon12@linux.vnet.ibm.com>
-
由 Nitesh Konkar 提交于
This patch adds support and documentation for the stalled_cycles_backend perf event. Signed-off-by: NNitesh Konkar <nitkon12@linux.vnet.ibm.com>
-
由 Nitesh Konkar 提交于
This patch adds support and documentation for the stalled_cycles_frontend perf event. Signed-off-by: NNitesh Konkar <nitkon12@linux.vnet.ibm.com>
-
由 Nitesh Konkar 提交于
This patch adds support and documentation for the bus_cycles perf event. Signed-off-by: NNitesh Konkar <nitkon12@linux.vnet.ibm.com>
-
- 15 12月, 2016 2 次提交
-
-
由 Peter Krempa 提交于
External disk-only snapshots with recent enough qemu don't require libvirt to pause the VM. The logic determining when to resume cpus was slightly flawed and attempted to resume them even if they were not paused by the snapshot code. This normally was not a problem, but with locking enabled the code would attempt to acquire the lock twice. The fallout of this bug would be a error from the API, but the actual snapshot being created. The bug was introduced with when adding support for external snapshots with memory (checkpoints) in commit f569b87f. Resolves problems described by: https://bugzilla.redhat.com/show_bug.cgi?id=1403691
-
由 Michal Privoznik 提交于
When attaching a device to a domain that's using separate mount namespace we must maintain /dev entries in order for qemu process to see them. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 13 12月, 2016 9 次提交
-
-
由 Nitesh Konkar 提交于
This patch adds support and documentation for the branch_misses perf event. Signed-off-by: NNitesh Konkar <nitkon12@linux.vnet.ibm.com>
-
由 Nikolay Shirokovskiy 提交于
Current call to qemuAgentGetFSInfo in qemuDomainGetFSInfo is unsafe. Domain lock is dropped and we use vm->def. Let's make def copy to fix that.
-
由 John Ferlan 提交于
The libvirt-domain.h documentation indicates that for a qcow2 file in a filesystem being used for a backing store should report the disk space occupied by a file; however, commit id '15fa84ac' altered the code to trust that the wr_highest_offset should be used whenever wr_highest_offset_valid was set. As it turns out this will lead to indeterminite results. For an active domain when qemu hasn't yet had the need to find the wr_highest_offset value, qemu will report 0 even though qemu-img will report the proper disk size. This causes reporting of the following XML: <disk type='file' device='disk'> <driver name='qemu' type='qcow2'/> <source file='/path/to/test-1g.qcow2'/> to be as follows: Capacity: 1073741824 Allocation: 0 Physical: 1074139136 with qemu-img indicating: image: /path/to/test-1g.qcow2 file format: qcow2 virtual size: 1.0G (1073741824 bytes) disk size: 1.0G Once the backing source file is opened on the guest, then wr_highest_offset is updated, but only to the high water mark and not the size of the file. This patch will adjust the logic to check for the file backed qcow2 image and enforce setting the allocation to the returned 'physical' value, which is the 'actual-size' value from a 'query-block' operation. NB: The other consumer of the wr_highest_offset output (GetAllDomainStats) has a contract that indicates 'allocation' is the offset of the highest written sector, so it doesn't need adjustment. Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
-
由 John Ferlan 提交于
Instead of having duplicated code in qemuStorageLimitsRefresh and virStorageBackendUpdateVolTargetInfo to get capacity specific data about the storage backing source or volume -- create a common API to handle the details for both. As a side effect, virStorageFileProbeFormatFromBuf returns to being a local/static helper to virstoragefile.c For the QEMU code - if the probe is done, then the format is saved so as to avoid future such probes. For the storage backend code, there is no need to deal with the probe since we cannot call the new API if target->format == NONE. Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
-
由 John Ferlan 提交于
Instead of having duplicated code in qemuStorageLimitsRefresh and virStorageBackendUpdateVolTargetInfoFD to fill in the storage backing source or volume allocation, capacity, and physical values - create a common API that will handle the details for both. The common API will fill in "default" capacity values as well - although those more than likely will be overridden by subsequent code. Having just one place to make the determination of what the values should be will make things be more consistent. For the QEMU code - the data filled in will be for inactive domains for the GetBlockInfo and DomainGetStatsOneBlock API's. For the storage backend code - the data will be filled in during the volume updates. Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
-
由 John Ferlan 提交于
Commit id '8dc27259' introduced virStorageSourceUpdateBlockPhysicalSize in order to retrieve the physical size for a block backed source device for an active domain since commit id '15fa84ac' changed to use the qemuMonitorGetAllBlockStatsInfo and qemuMonitorBlockStatsUpdateCapacity API's to (essentially) retrieve the "actual-size" from a 'query-block' operation for the source device. However, the code only was made functional for a BLOCK backing type and it neglected to use qemuOpenFile, instead using just open. After the open the block lseek would find the end of the block and set the physical value, close the fd and return. Since the code would return 0 immediately if the source device wasn't a BLOCK backed device, the physical would be displayed incorrectly, such as follows in domblkinfo for a file backed source device: Capacity: 1073741824 Allocation: 0 Physical: 0 This patch will modify the algorithm to get the physical size for other backing types and it will make use of the qemuDomainStorageOpenStat helper in order to open/stat the source file depending on its type. The qemuDomainGetStatsOneBlock will no longer inhibit printing errors, but it will still ignore them leaving the physical value set to 0. Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
-
由 John Ferlan 提交于
Currently just a shim to call virStorageSourceUpdateBlockPhysicalSize Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
-
由 John Ferlan 提交于
Split out the opening of the file and fetch of the stat buffer into a helper qemuDomainStorageOpenStat. This will handle either opening the local or remote storage. Additionally split out the cleanup of that into a separate helper qemuDomainStorageCloseStat which will either close the file or call the virStorageFileDeinit function. Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
-
由 John Ferlan 提交于
Originally added by commit id '89646e69' prior to commit id '15fa84ac' and '71d2c172' which ensured that qemuStorageLimitsRefresh was only called for inactive domains. Adjust the comment describing the need for FIXME and move all the text to the function description. Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
-
- 09 12月, 2016 4 次提交
-
-
由 Mehdi Abaakouk 提交于
This is just a code move of virstat.c to virnetdevtap.c
-
由 Mehdi Abaakouk 提交于
In preparation to the code move to virnetdevtap.c, this change: * renames virNetInterfaceStats to virNetDevTapInterfaceStats * changes 'path' to 'ifname', to use the same vocable as other method in virnetdevtap.c. * Add the attributes checker
-
由 Mehdi Abaakouk 提交于
When vhostuser interfaces are used, the interface statistics are not available in /proc/net/dev. This change looks at the openvswitch interfaces statistics tables to provide this information for vhostuser interface. Note that in openvswitch world drop/error doesn't always make sense for some interface type. When these informations are not available we set them to 0 on the virDomainInterfaceStats. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Peter Krempa 提交于
There's nothing to compress if the requested snapshot memory format is set to 'raw' explicitly. After commit 9e14689e libvirt would try to run /sbin/raw to process the memory stream if the qemu.conf option snapshot_image_format is set. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1402726
-
- 08 12月, 2016 2 次提交
-
-
由 Michal Privoznik 提交于
If you've ever tried running a huge page backed guest under different user than in qemu.conf, you probably failed. Problem is even though we have corresponding APIs in the security drivers, there's no implementation and thus we don't relabel the huge page path. But even if we did, so far all of the domains share the same path: /hugepageMount/libvirt/qemu Our only option there would be to set 0777 mode on the qemu dir which is totally unsafe. Therefore, we can create dir on per-domain basis, i.e.: /hugepageMount/libvirt/qemu/domainName and chown domainName dir to the user that domain is configured to run under. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Michal Privoznik 提交于
So far this function takes virDomainObjPtr which: 1) is an overkill, 2) might be not available in all the places we will use it. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 07 12月, 2016 1 次提交
-
-
由 Nitesh Konkar 提交于
With current perf framework, this patch adds support and documentation for the branch_instructions perf event. Signed-off-by: NNitesh Konkar <nitkon12@linux.vnet.ibm.com>
-
- 06 12月, 2016 3 次提交
-
-
由 John Ferlan 提交于
Add support to read/parse the iotune group setting for qemu. Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
-
由 John Ferlan 提交于
Rather than have multiple bool values, create a single enum with bits representing what fields are set. Fields are generally set in groups of 3 (read, write, total).
-
由 John Ferlan 提交于
Rather than using negative logic and setting the maxparams to a lesser value based on which capabilities exist, alter the logic to modify the maxparams based on a base value plus the found capabilities. Reduces the chance that some backported feature produces an incorrect value.
-
- 26 11月, 2016 1 次提交
-
-
由 Jiri Denemark 提交于
The function just returned cached capabilities without checking whether they are still valid. We should check that and refresh the capabilities to make sure we don't return stale data. In other words, we should do what all other lookup functions do. Signed-off-by: NJiri Denemark <jdenemar@redhat.com>
-