Re: [libvirt] [PATCH 0/6] Support for per-guest-node binding
On Thu, 2014-06-26 at 07:35 +0200, Martin Kletzander wrote: On Thu, Jun 26, 2014 at 01:50:22AM +, chen.fan.f...@cn.fujitsu.com wrote: On Wed, 2014-06-04 at 16:56 +0200, Martin Kletzander wrote: Currently we are only able to bind the whole domain to some host nodes using the /domain/numatune/memory element. Numerous requests were made to support host-guest numa node bindings, so this series tries to pinch an idea on how to do that using /domain/numatune/memnode elements. That is incompatible with automatic numa placement (numad) since that makes no sense. Also this disables any live changes to numa parameters (the /domain/numatune/memory settings) since we cannot change the settings given to qemu. Hi Martin, Sorry for that I have not observed this patch. I made a duplicated work about this recently. and I found this patch has not been updated for several days, but since the QEMU have extra supported memory-file and some flags/properties, this patches should be refactored. Do you plan to send a new version ? If not, Can I take over them? I'm completely re-factoring the numatune parsing code and reworking few other things for this patch. For memory-file, that will be automatically supported as well, but with Michal's patches. We already have an option that says use hugepages and we would like to re-use that instead of creating new device(s). But we will greatly value your input on these patches (both mine and Michal's) when these hit the list. So if there's something else you find missing or wrong, that should be added or fixed, let me know. Ok. Thanks, Chen Martin -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] build: link virstoragetest with libxml
On Mon, Jun 23, 2014 at 04:08:42PM +0200, Martin Kletzander wrote: Signed-off-by: Martin Kletzander mklet...@redhat.com --- Notes: To be honest, I have no idea why this fails for me in one situation, but it prevents the following error during compilation: /usr/lib/gcc/x86_64-pc-linux-gnu/4.9.0/../../../../x86_64-pc-linux-gnu/bin/ld: ../src/.libs/libvirt_driver_storage_impl.a(libvirt_driver_storage_impl_la-storage_backend.o): undefined reference to symbol 'xmlFreeDoc@@LIBXML2_2.4.30' /usr/lib/gcc/x86_64-pc-linux-gnu/4.9.0/../../../../lib64/libxml2.so: error adding symbols: DSO missing from command line collect2: error: ld returned 1 exit status Makefile:4228: recipe for target 'virstoragetest' failed Therefore I'm not pushing it as a build-breaker since this might not be the root cause or the best solution. The other fix (and probably more appropriate one) would be to add LIBXML_LIBS into libvirt_conf_la_LIBADD since the xmlFreeDoc() is called in storage_conf.c. Any other preferred way is accepted as well, feel free to comment. tests/Makefile.am | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/Makefile.am b/tests/Makefile.am index 025b847..457eb99 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -899,6 +899,7 @@ virstoragetest_LDADD = $(LDADDS) \ ../src/libvirt_util.la \ ../src/libvirt_driver_storage_impl.la \ ../gnulib/lib/libgnu.la \ + $(LIBXML_LIBS) \ $(NULL) viridentitytest_SOURCES = \ -- 2.0.0 Ping? signature.asc Description: Digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] Entering freeze for libvirt-1.2.6
On Thu, Jun 26, 2014 at 11:05:55AM +0800, Daniel Veillard wrote: As stated yesterday, we just entered freeze for libvirt-1.2.6, I have pushed a first release candidate tarball and signed rpms at the usual place: ftp://libvirt.org/libvirt/ I gave it a try and with my limited testing it looks okay, but please have a look and test. The goal is to make the release on Tues 1st if all goes well. I was wondering what's the status of the translations (wrt the problem with gettext-0.19) [1]? Apart from that (because the fix is pushed) two build problems that I have right now are: Building virstoragetest with Gentoo's package manager fails, but looking at the code, it probably should, so I've sent a patch [2], although it may just be my setup causing this. Python bindings can't be built, but that's just because virNetwork*DHCPLease* are not covered. [1] https://www.redhat.com/archives/libvir-list/2014-June/msg00160.html [2] https://www.redhat.com/archives/libvir-list/2014-June/msg01060.html Also of note I will likely move the libvirt.org server Monday morning (chinese time i.e. sunday for most), it should be quick, just that if you hit the old IP untim DNS propagates you may have the old server (I will block ssh access after the move on the old to avoid split pushes) Daniel -- Daniel Veillard | Open Source and Standards, Red Hat veill...@redhat.com | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ http://veillard.com/ | virtualization library http://libvirt.org/ signature.asc Description: Digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] Fix a typo in a localized string
As pointed by Yuri Chornoivan in transifex: https://fedora.transifex.com/projects/p/libvirt/translate/#uk/strings/27026506 pushed as trivial since same string is used before and after that broken one, Daniel diff --git a/src/vbox/vbox_tmpl.c b/src/vbox/vbox_tmpl.c index 4ba9ad7..b27ab02 100644 --- a/src/vbox/vbox_tmpl.c +++ b/src/vbox/vbox_tmpl.c @@ -7279,7 +7279,7 @@ int vboxSnapshotGetReadWriteDisks(virDomainSnapshotDefPtr def, rc = imediumattach-vtbl-GetPort(imediumattach, devicePort); if (NS_FAILED(rc)) { virReportError(VIR_ERR_INTERNAL_ERROR, %s, - _(cannot get medium attachchment type)); + _(cannot get medium attachment type)); goto cleanup; } rc = imediumattach-vtbl-GetDevice(imediumattach, deviceSlot); -- Daniel Veillard | Open Source and Standards, Red Hat veill...@redhat.com | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ http://veillard.com/ | virtualization library http://libvirt.org/ -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] RFC: network interface tags vs. portgroups
On 06/19/2014 09:08 AM, Michal Privoznik wrote: On 10.06.2014 12:01, Laine Stump wrote: A couple releases ago (commit 7d5bf484, first appeared in 1.2.2) I modified the domain interface status xml to show what resources are actually in use for an interface, superseding the interface config in the cases where they conflict with each other. In particular, if there is an interface of type='network' that references a portgroup of the network in the source element, the interface status will not contain a source element showing the network and portgroup names, but instead the source resulting from applying the config is shown. For example, given the following domain interface and network definitions: interface type='network' source network='mynet' portgroup='xyzzy'/ ... /interface network namemynet/name forward mode='bridge'/\ bridge name='br0'/ portgroup name='xyzzy' bandwidth inbound average='1000' peak='5000' floor='200' burst='1024'/ outbound average='128' peak='256' burst='256'/ /bandwidth /portgroup /network the status that was previously displayed when the domain was running would be identical to the config above (except that it would also contain the tap device name and alias). But now the status will be this: interface type='bridge' source bridge='br0'/ bandwidth inbound average='1000' peak='5000' floor='200' burst='1024'/ outbound average='128' peak='256' burst='256'/ /bandwidth ... /interface The advantage here is that a hook script for the domain will be able to see the bandwidth (and vlan and physical device, if any) that are actually being used by the domain's interface. Because the config and status both use the same elements/attributes, we can only show one or the other; the thinking was that normally the status will be what is desired, and anyone who really wants to look at the config should use the VIR_DOMAIN_XML_INACTIVE flag when calling virDomainGetXMLDesc(). As you would expect, a few months later (after the release of 1.2.4) someone on IRC checked in with a problem caused by this change - they had been using the portgroup name in the source element of the interface to determine what action to take during migration; they didn't even have any libvirt config stored in the portgroup, but were just using its name as a tag. Since the portgroup name is only a part of the source element when the interface is type='network', they now don't have a tag in the xml to use for their decision (and since they aren't explicitly calling virDomainGetXMLDesc() themselves, they can't simply get the INACTIVE xml to solve their problem). This use of a portgroup name struck me as potentially useful (although it is a slight hijacking of the original intent of portgroups), so I would like to restore that functionality. I came up with a couple different ways to solve the problem, and am looking for opinions before I spend any time on either. Solution 1: My initial thought was to just restore the portgroup name in the status XML; that could be done by moving the portgroup name out of the network-specific part of the object and into common data for all interface types (this way it could show up in the source element no matter what is the network type). However, once we've done that it becomes enticing to allow specification of a portgroup even in cases where the interface type != network; in those cases though, the portgroup would be *only* a tag to be used by external entities; this would lead to lax checking for existence of the specified portgroup, and may end up with people misspelling a portgroup name, then mistakenly believing that (e.g.) they had a bandwidth limit applied to a domain interface when none was in fact in effect. (alternately, we could allow it only if the interface *config* was for type='network', but that seems somehow logically broken, and you can bet that eventually someone would ask for us to allow it for all types) Solution 2: An alternate idea I had was to add a new tag name='x'/ element to interfaces, networks, and portgroups. An interface could have multiple tags, and would assume the tags of its network when active. A tag would be purely for use by external entities - it would mean nothing to libvirt. For example, given this extreme example: interface type='network' source network='mynet' portgroup='xyzzy'/ tag name='wumpus'/ ... /interface network namemynet/name tag name='twisty'/ forward mode='bridge'/\ bridge name='br0'/ portgroup name='xyzzy' tag name='xyzzytag'/ bandwidth inbound average='1000' peak='5000' floor='200' burst='1024'/ outbound average='128' peak='256' burst='256'/ /bandwidth
Re: [libvirt] Entering freeze for libvirt-1.2.6
Python bindings can't be built, but that's just because virNetwork*DHCPLease* are not covered. I have sent a patch for the python bindings for virNetwork*DHCPLease* APIs: http://www.redhat.com/archives/libvir-list/2014-June/msg01300.html Regards, Nehal J Wani -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCHv3 3/3] lxc: update doc to mention features/capabilities/* domain configuration
--- docs/drvlxc.html.in | 47 +++ 1 file changed, 47 insertions(+) diff --git a/docs/drvlxc.html.in b/docs/drvlxc.html.in index fc4bc20..403ce24 100644 --- a/docs/drvlxc.html.in +++ b/docs/drvlxc.html.in @@ -540,6 +540,53 @@ debootstrap, whatever) under /opt/vm-1-root: lt;/domaingt; /pre +h2a name=capabilitiesAltering the available capabilities/a/h2 + +p +By default the libvirt LXC driver drops some capabilities among which CAP_MKNOD. +However span class=sincesince 1.2.6/span libvirt can be told to keep or +drop some capabilities using a domain configuration like the following: +/p +pre +... +lt;featuresgt; + lt;capabilities policy='default'gt; +lt;mknod state='on'/gt; +lt;sys_chroot state='off'/gt; + lt;/capabilitiesgt; +lt;/featuresgt; +... +/pre +p +The capabilities children elements are named after the capabilities as defined in +codeman 7 capabilities/code. An codeoff/code state tells libvirt to drop the +capability, while an codeon/code state will force to keep the capability even though +this one is dropped by default. +/p +p +The codepolicy/code attribute can be one of codedefault/code, codeallow/code +or codedeny/code. It defines the default rules for capabilities: either keep the +default behavior that is dropping a few selected capabilities, or keep all capabilities +or drop all capabilities. The interest of codeallow/code and codedeny/code is that +they guarantee that all capabilities will be kept (or removed) even if new ones are added +later. +/p +p +The following example, drops all capabilities but CAP_MKNOD: +/p +pre +... +lt;featuresgt; + lt;capabilities policy='deny'gt; +lt;mknod state='on'/gt; + lt;/capabilitiesgt; +lt;/featuresgt; +... +/pre +p +Note that allowing capabilities that are normally dropped by default can seriously +affect the security of the container and the host. +/p h2a name=usageContainer usage / management/a/h2 -- 1.8.4.5 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCHv3 0/3] lxc keep/drop capabilities
I found out that the previous versions were not building on older kernels. Thus n lxc/lxc_container.c I added a bunch of #ifndef CAP_XXX #define CAP_XXX -1 #endif And capabilities are handled later only if they are valid. I'm not sure the lxc_container.c file is the best place to put those, but at least it's not far away from the only place these are actually used. Cédric Bosdonnat (3): lxc: allow to keep or drop capabilities lxc domain from xml: convert lxc.cap.drop lxc: update doc to mention features/capabilities/* domain configuration docs/drvlxc.html.in| 47 docs/schemas/domaincommon.rng | 207 ++ src/conf/domain_conf.c | 126 ++- src/conf/domain_conf.h | 56 + src/libvirt_private.syms | 3 + src/lxc/lxc_cgroup.c | 8 + src/lxc/lxc_container.c| 241 +++-- src/lxc/lxc_native.c | 25 +++ src/util/vircgroup.c | 74 ++- src/util/vircgroup.h | 2 + tests/domainschemadata/domain-caps-features.xml| 28 +++ tests/lxcconf2xmldata/lxcconf2xml-blkiotune.xml| 2 + tests/lxcconf2xmldata/lxcconf2xml-cpusettune.xml | 2 + tests/lxcconf2xmldata/lxcconf2xml-cputune.xml | 2 + tests/lxcconf2xmldata/lxcconf2xml-idmap.xml| 2 + .../lxcconf2xmldata/lxcconf2xml-macvlannetwork.xml | 4 + tests/lxcconf2xmldata/lxcconf2xml-memtune.xml | 2 + tests/lxcconf2xmldata/lxcconf2xml-nonenetwork.xml | 4 + tests/lxcconf2xmldata/lxcconf2xml-nonetwork.xml| 2 + tests/lxcconf2xmldata/lxcconf2xml-physnetwork.xml | 4 + tests/lxcconf2xmldata/lxcconf2xml-simple.xml | 8 + tests/lxcconf2xmldata/lxcconf2xml-vlannetwork.xml | 4 + 22 files changed, 828 insertions(+), 25 deletions(-) create mode 100644 tests/domainschemadata/domain-caps-features.xml -- 1.8.4.5 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCHv3 1/3] lxc: allow to keep or drop capabilities
Added capabilities in the features section of LXC domains configuration. This section can contain elements named after the capabilities like: mknod state=on/, keep CAP_MKNOD capability sys_chroot state=off/ drop CAP_SYS_CHROOT capability Users can restrict or give more capabilities than the default using this mechanism. --- docs/schemas/domaincommon.rng | 207 src/conf/domain_conf.c | 126 - src/conf/domain_conf.h | 56 ++ src/libvirt_private.syms| 3 + src/lxc/lxc_cgroup.c| 8 + src/lxc/lxc_container.c | 241 ++-- src/util/vircgroup.c| 74 +++- src/util/vircgroup.h| 2 + tests/domainschemadata/domain-caps-features.xml | 28 +++ 9 files changed, 720 insertions(+), 25 deletions(-) create mode 100644 tests/domainschemadata/domain-caps-features.xml diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng index 33d0308..22eb098 100644 --- a/docs/schemas/domaincommon.rng +++ b/docs/schemas/domaincommon.rng @@ -3744,6 +3744,9 @@ empty/ /element /optional + optional +ref name=capabilities/ + /optional /interleave /element /optional @@ -4311,6 +4314,200 @@ /element /define + !-- Optional capabilities features -- + define name=capabilities +element name=capabilities + ref name=capabilitiespolicy/ + interleave +optional + element name=audit_control +ref name=featurestate/ + /element +/optional +optional + element name=audit_write +ref name=featurestate/ + /element +/optional +optional + element name=block_suspend +ref name=featurestate/ + /element +/optional +optional + element name=chown +ref name=featurestate/ + /element +/optional +optional + element name=dac_override +ref name=featurestate/ + /element +/optional +optional + element name=dac_read_search +ref name=featurestate/ + /element +/optional +optional + element name=fowner +ref name=featurestate/ + /element +/optional +optional + element name=fsetid +ref name=featurestate/ + /element +/optional +optional + element name=ipc_lock +ref name=featurestate/ + /element +/optional +optional + element name=ipc_owner +ref name=featurestate/ + /element +/optional +optional + element name=kill +ref name=featurestate/ + /element +/optional +optional + element name=lease +ref name=featurestate/ + /element +/optional +optional + element name=linux_immutable +ref name=featurestate/ + /element +/optional +optional + element name=mac_admin +ref name=featurestate/ + /element +/optional +optional + element name=mac_override +ref name=featurestate/ + /element +/optional +optional + element name=mknod +ref name=featurestate/ + /element +/optional +optional + element name=net_admin +ref name=featurestate/ + /element +/optional +optional + element name=net_bind_service +ref name=featurestate/ + /element +/optional +optional + element name=net_broadcast +ref name=featurestate/ + /element +/optional +optional + element name=net_raw +ref name=featurestate/ + /element +/optional +optional + element name=setgid +ref name=featurestate/ + /element +/optional +optional + element name=setfcap +ref name=featurestate/ + /element +/optional +optional + element name=setpcap +ref name=featurestate/ + /element +/optional +optional + element name=setuid +ref name=featurestate/ + /element +/optional +optional + element name=sys_admin +ref name=featurestate/ + /element +/optional +optional + element name=sys_boot +ref name=featurestate/ + /element +/optional +optional + element name=sys_chroot +
[libvirt] [PATCHv3 2/3] lxc domain from xml: convert lxc.cap.drop
--- src/lxc/lxc_native.c | 25 ++ tests/lxcconf2xmldata/lxcconf2xml-blkiotune.xml| 2 ++ tests/lxcconf2xmldata/lxcconf2xml-cpusettune.xml | 2 ++ tests/lxcconf2xmldata/lxcconf2xml-cputune.xml | 2 ++ tests/lxcconf2xmldata/lxcconf2xml-idmap.xml| 2 ++ .../lxcconf2xmldata/lxcconf2xml-macvlannetwork.xml | 4 tests/lxcconf2xmldata/lxcconf2xml-memtune.xml | 2 ++ tests/lxcconf2xmldata/lxcconf2xml-nonenetwork.xml | 4 tests/lxcconf2xmldata/lxcconf2xml-nonetwork.xml| 2 ++ tests/lxcconf2xmldata/lxcconf2xml-physnetwork.xml | 4 tests/lxcconf2xmldata/lxcconf2xml-simple.xml | 8 +++ tests/lxcconf2xmldata/lxcconf2xml-vlannetwork.xml | 4 12 files changed, 61 insertions(+) diff --git a/src/lxc/lxc_native.c b/src/lxc/lxc_native.c index f4c4556..29ec188 100644 --- a/src/lxc/lxc_native.c +++ b/src/lxc/lxc_native.c @@ -838,6 +838,28 @@ lxcSetBlkioTune(virDomainDefPtr def, virConfPtr properties) return 0; } +static void +lxcSetCapDrop(virDomainDefPtr def, virConfPtr properties) +{ +virConfValuePtr value; +char **toDrop = NULL; +const char *capString; +size_t i; + +if ((value = virConfGetValue(properties, lxc.cap.drop)) value-str) +toDrop = virStringSplit(value-str, , 0); + +for (i = 0; i VIR_DOMAIN_CAPS_FEATURE_LAST; i++) { +capString = virDomainCapsFeatureTypeToString(i); +if (toDrop != NULL virStringArrayHasString(toDrop, capString)) +def-caps_features[i] = VIR_DOMAIN_FEATURE_STATE_OFF; +} + +def-features[VIR_DOMAIN_FEATURE_CAPABILITIES] = VIR_DOMAIN_CAPABILITIES_POLICY_ALLOW; + +virStringFreeList(toDrop); +} + virDomainDefPtr lxcParseConfigString(const char *config) { @@ -935,6 +957,9 @@ lxcParseConfigString(const char *config) if (lxcSetBlkioTune(vmdef, properties) 0) goto error; +/* lxc.cap.drop */ +lxcSetCapDrop(vmdef, properties); + goto cleanup; error: diff --git a/tests/lxcconf2xmldata/lxcconf2xml-blkiotune.xml b/tests/lxcconf2xmldata/lxcconf2xml-blkiotune.xml index 36b8e52..c9c0469 100644 --- a/tests/lxcconf2xmldata/lxcconf2xml-blkiotune.xml +++ b/tests/lxcconf2xmldata/lxcconf2xml-blkiotune.xml @@ -25,6 +25,8 @@ /os features privnet/ +capabilities policy='allow' +/capabilities /features clock offset='utc'/ on_poweroffdestroy/on_poweroff diff --git a/tests/lxcconf2xmldata/lxcconf2xml-cpusettune.xml b/tests/lxcconf2xmldata/lxcconf2xml-cpusettune.xml index 932ab61..e7863fa 100644 --- a/tests/lxcconf2xmldata/lxcconf2xml-cpusettune.xml +++ b/tests/lxcconf2xmldata/lxcconf2xml-cpusettune.xml @@ -13,6 +13,8 @@ /os features privnet/ +capabilities policy='allow' +/capabilities /features clock offset='utc'/ on_poweroffdestroy/on_poweroff diff --git a/tests/lxcconf2xmldata/lxcconf2xml-cputune.xml b/tests/lxcconf2xmldata/lxcconf2xml-cputune.xml index 1bab1c6..50c5358 100644 --- a/tests/lxcconf2xmldata/lxcconf2xml-cputune.xml +++ b/tests/lxcconf2xmldata/lxcconf2xml-cputune.xml @@ -15,6 +15,8 @@ /os features privnet/ +capabilities policy='allow' +/capabilities /features clock offset='utc'/ on_poweroffdestroy/on_poweroff diff --git a/tests/lxcconf2xmldata/lxcconf2xml-idmap.xml b/tests/lxcconf2xmldata/lxcconf2xml-idmap.xml index 050ccd6..80a83ff 100644 --- a/tests/lxcconf2xmldata/lxcconf2xml-idmap.xml +++ b/tests/lxcconf2xmldata/lxcconf2xml-idmap.xml @@ -14,6 +14,8 @@ /idmap features privnet/ +capabilities policy='allow' +/capabilities /features clock offset='utc'/ on_poweroffdestroy/on_poweroff diff --git a/tests/lxcconf2xmldata/lxcconf2xml-macvlannetwork.xml b/tests/lxcconf2xmldata/lxcconf2xml-macvlannetwork.xml index 996c0f7..3105b8c 100644 --- a/tests/lxcconf2xmldata/lxcconf2xml-macvlannetwork.xml +++ b/tests/lxcconf2xmldata/lxcconf2xml-macvlannetwork.xml @@ -8,6 +8,10 @@ typeexe/type init/sbin/init/init /os + features +capabilities policy='allow' +/capabilities + /features clock offset='utc'/ on_poweroffdestroy/on_poweroff on_rebootrestart/on_reboot diff --git a/tests/lxcconf2xmldata/lxcconf2xml-memtune.xml b/tests/lxcconf2xmldata/lxcconf2xml-memtune.xml index b7c919e..7df1ef0 100644 --- a/tests/lxcconf2xmldata/lxcconf2xml-memtune.xml +++ b/tests/lxcconf2xmldata/lxcconf2xml-memtune.xml @@ -15,6 +15,8 @@ /os features privnet/ +capabilities policy='allow' +/capabilities /features clock offset='utc'/ on_poweroffdestroy/on_poweroff diff --git a/tests/lxcconf2xmldata/lxcconf2xml-nonenetwork.xml b/tests/lxcconf2xmldata/lxcconf2xml-nonenetwork.xml index 6d9e16d..e002b99 100644 --- a/tests/lxcconf2xmldata/lxcconf2xml-nonenetwork.xml +++ b/tests/lxcconf2xmldata/lxcconf2xml-nonenetwork.xml @@ -8,6 +8,10 @@ typeexe/type init/sbin/init/init /os + features +capabilities policy='allow' +
Re: [libvirt] [PATCHv3 26/26] qemu: blockcopy: Don't remove existing disk mirror info
On 06/26/14 05:29, Eric Blake wrote: On 06/25/2014 10:55 AM, Peter Krempa wrote: When creating a new disk mirror the new struct is stored in a separate variable until everything went well. The removed hunk would actually remove existing mirror information for example when the api would be run if a mirror still exists. --- src/qemu/qemu_driver.c | 4 1 file changed, 4 deletions(-) diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 66752f1..f6f5ace 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -15382,10 +15382,6 @@ qemuDomainBlockCopy(virDomainObjPtr vm, endjob: if (need_unlink unlink(dest)) VIR_WARN(unable to unlink just-created %s, dest); -if (ret 0 disk) { -virStorageSourceFree(disk-mirror); -disk-mirror = NULL; -} Oh my. This was a regression latently introduced in commit ff5f30b, v1.2.1, then aggravated in commit 7b7bf001 (thankfully unreleased). Thanks for catching and fixing this. ACK. I've pushed this one and 1-7 of this series as they are trivial enough to get in during the freeze. I'm not sure though about the other changes. Peter signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] libxl: detect support for save and restore
On Wed, Jun 25, 2014 at 01:10:20PM -0600, Eric Blake wrote: On 06/25/2014 12:13 PM, Jim Fehlig wrote: libxl does not support save, restore, or migrate on all architectures, notably ARM. Detect whether libxl supports these operations using LIBXL_HAVE_NO_SUSPEND_RESUME. If not supported, drop advertisement of migration_features. Found by Ian Campbell while improving Xen's OSSTEST infrastructure http://lists.xen.org/archives/html/xen-devel/2014-06/msg02171.html Signed-off-by: Jim Fehlig jfeh...@suse.com --- Derived from a test patch I sent to Ian Campbell http://lists.xen.org/archives/html/xen-devel/2014-06/msg03150.html Includes fixups Ian provided later in the thread. src/libxl/libxl_conf.c | 4 src/libxl/libxl_driver.c | 8 2 files changed, 12 insertions(+) +#ifndef LIBXL_HAVE_NO_SUSPEND_RESUME Double negative logic is hard to read. Oh well. static virDriver libxlDriver = { @@ -4594,10 +4598,12 @@ static virDriver libxlDriver = { .domainSetMemoryFlags = libxlDomainSetMemoryFlags, /* 0.9.0 */ .domainGetInfo = libxlDomainGetInfo, /* 0.9.0 */ .domainGetState = libxlDomainGetState, /* 0.9.2 */ +#ifndef LIBXL_HAVE_NO_SUSPEND_RESUME .domainSave = libxlDomainSave, /* 0.9.2 */ .domainSaveFlags = libxlDomainSaveFlags, /* 0.9.4 */ .domainRestore = libxlDomainRestore, /* 0.9.2 */ .domainRestoreFlags = libxlDomainRestoreFlags, /* 0.9.4 */ +#endif Hmm - do we do conditional registration in any other driver based on configure-time results? I'd almost rather always provide the driver registration, and then use #ifdefs in the body of that function to either provide a sane result or else report that the compilation environment was too old, rather than omit the support altogether. Maybe get Dan's opinion on this? I think it'd end up pretty much the same in both cases since we'd end up using VIR_ERR_NO_SUPPORT in both cases. The argument in favour of providing the driver registration and #ifdef in the impl is that you could give a slightly more precise error report. eg instead of This function isn't supported you could say This function isn't supported on this architecture/version, but that's pretty much the only difference you'd get. Regards, Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [python PATCH] maint: document development against uninstalled libvirt
On Wed, Jun 25, 2014 at 11:12:52AM -0600, Eric Blake wrote: On 06/25/2014 10:59 AM, Peter Krempa wrote: On 06/25/14 18:53, Eric Blake wrote: Thanks to Dan's recent work in libvirt.git, it is much easier to develop against uninstalled libvirt. Mention how. * README: More details. Signed-off-by: Eric Blake ebl...@redhat.com --- README | 15 +++ 1 file changed, 15 insertions(+) ACK, Thanks; pushed. FYI: I'm also using this (but considered it hackish enough to not publish as a formal patch): $ echo /GNUmakefile .git/info/exclude $ cat GNUmakefile # My hidden wrapper to preset things that I like... include Makefile export LD_LIBRARY_PATH=/home/eblake/libvirt/src/.libs/ export PKG_CONFIG_PATH=/home/eblake/libvirt/src/ $ Now all I have to do is run 'python setup.py build' to build against installed libvirt, vs. 'make' to build against development libvirt, at least for my machine. It occurs to me that if we edit the 'run' script in libvirt GIT to set that PKG_CONFIG_PATH setting, then you could build and test the python bindings by doing /home/eblake/libvirt/run python setup.py build Or in your case with the make wrapper /home/eblake/libvirt/run make Regards, Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] Issue about do Auto Core Dump with compress file format on FC 20
Hi, I'm trying to do Auto Core Dump with compress file format for dump_image_format (such as: bzip2) on Fedora Core 20, but the generated dump image format is not bzip2. Here are my steps: 1. Prepare a running guest with following configuration in guest's xml # virsh dumpxml domU domain type='kvm' xmlns:qemu='http://libvirt.org/schemas/domain/qemu/1.0' ... on_crashcoredump-destroy/on_crash qemu:commandline qemu:arg value='-device'/ qemu:arg value='pvpanic'/ /qemu:commandline /domain 2. Set following values in /etc/libvirt/qemu.conf dump_image_format = bzip2 auto_dump_path = /var/lib/libvirt/qemu/dump 3. Restart libvirtd service 4. Crash the guest os with the following command in guest #sync #echo c /proc/sysrq-trigger 5. Check the core dump file under /var/lib/libvirt/qemu/dump with file command The output for file command is: (not bzip2 compress format) #file coreDumpFile ELF 64-bit LSB core file x86-64, version 1 (SYSV), SVR4-style So, I want to confirm whether compress file format for dump_image_format is supported by Auto Core Dump? Thanks. Zhengqin -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCHv3 1/3] lxc: allow to keep or drop capabilities
On Thu, Jun 26, 2014 at 10:40:27AM +0200, Cédric Bosdonnat wrote: Added capabilities in the features section of LXC domains configuration. This section can contain elements named after the capabilities like: mknod state=on/, keep CAP_MKNOD capability sys_chroot state=off/ drop CAP_SYS_CHROOT capability Users can restrict or give more capabilities than the default using this mechanism. --- docs/schemas/domaincommon.rng | 207 src/conf/domain_conf.c | 126 - src/conf/domain_conf.h | 56 ++ src/libvirt_private.syms| 3 + src/lxc/lxc_cgroup.c| 8 + src/lxc/lxc_container.c | 241 ++-- src/util/vircgroup.c| 74 +++- src/util/vircgroup.h| 2 + tests/domainschemadata/domain-caps-features.xml | 28 +++ 9 files changed, 720 insertions(+), 25 deletions(-) create mode 100644 tests/domainschemadata/domain-caps-features.xml ACK Regards, Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCHv3 2/3] lxc domain from xml: convert lxc.cap.drop
On Thu, Jun 26, 2014 at 10:40:28AM +0200, Cédric Bosdonnat wrote: --- src/lxc/lxc_native.c | 25 ++ tests/lxcconf2xmldata/lxcconf2xml-blkiotune.xml| 2 ++ tests/lxcconf2xmldata/lxcconf2xml-cpusettune.xml | 2 ++ tests/lxcconf2xmldata/lxcconf2xml-cputune.xml | 2 ++ tests/lxcconf2xmldata/lxcconf2xml-idmap.xml| 2 ++ .../lxcconf2xmldata/lxcconf2xml-macvlannetwork.xml | 4 tests/lxcconf2xmldata/lxcconf2xml-memtune.xml | 2 ++ tests/lxcconf2xmldata/lxcconf2xml-nonenetwork.xml | 4 tests/lxcconf2xmldata/lxcconf2xml-nonetwork.xml| 2 ++ tests/lxcconf2xmldata/lxcconf2xml-physnetwork.xml | 4 tests/lxcconf2xmldata/lxcconf2xml-simple.xml | 8 +++ tests/lxcconf2xmldata/lxcconf2xml-vlannetwork.xml | 4 12 files changed, 61 insertions(+) ACK Regards, Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCHv3 3/3] lxc: update doc to mention features/capabilities/* domain configuration
On Thu, Jun 26, 2014 at 10:40:29AM +0200, Cédric Bosdonnat wrote: --- docs/drvlxc.html.in | 47 +++ 1 file changed, 47 insertions(+) ACK Regards, Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [RFC] powerpc : Add support for VM in compat mode
PowerISA allows processors to run VMs in binary compatibility (compat) mode supporting an older version of ISA. Eg,in compatibility mode, a POWER8 host can run a Power7 VM,conforming to PowerISA v2.06, while a POWER7 host can run a POWER6 VM, conforming to PowerISA v2.05. QEMU has recently added support to explicitly denote a VM running in compatibility mode through commit 6d9412ea. Now, a compat mode VM can be run by invoking this qemu commandline on a POWER8 host: -cpu host,compat=power7 as against the older specification of -cpu power7. However, running in compatibility mode is not identical to running natively on an older processor. Hence the virtualization stack needs to explicitly provide for a compat-mode VM. This patch allows libvirt to extend the fallback semantics of cpu model to describe this new mode for PowerKVM guests. Additionally with the new scheme of things, qemu doesn't provide a way to query for the supported compat models and models returned when querying with '-cpu ?' are no longer valid. Hence removing the check cpuModelIsAllowed() for now. When a user wants to request a power7 vm to run in compatibility mode on a Power8 host, this can be described in XML as follows : cpu mode='custom' match='exact' model fallback='compat'power7/model /cpu An alternative approach could be to leave the libvirt XML intact, and merely change the backend qemu command generation when the VM-requested cpu does not match the host processor. Looking forward to suggestions on how this can best be implemented.. Signed-off-by: Li Zhang zhlci...@linux.vnet.ibm.com Signed-off-by: Pradipta Kr. Banerjee bpra...@in.ibm.com Signed-off-by: Prerna Saxena pre...@linux.vnet.ibm.com diff --git a/src/conf/cpu_conf.c b/src/conf/cpu_conf.c index ebdaa19..2f41bd7 100644 --- a/src/conf/cpu_conf.c +++ b/src/conf/cpu_conf.c @@ -47,7 +47,8 @@ VIR_ENUM_IMPL(virCPUMatch, VIR_CPU_MATCH_LAST, VIR_ENUM_IMPL(virCPUFallback, VIR_CPU_FALLBACK_LAST, allow, - forbid) + forbid, + compat) VIR_ENUM_IMPL(virCPUFeaturePolicy, VIR_CPU_FEATURE_LAST, force, diff --git a/src/conf/cpu_conf.h b/src/conf/cpu_conf.h index 8c932ce..50354f2 100644 --- a/src/conf/cpu_conf.h +++ b/src/conf/cpu_conf.h @@ -65,6 +65,7 @@ VIR_ENUM_DECL(virCPUMatch) typedef enum { VIR_CPU_FALLBACK_ALLOW, VIR_CPU_FALLBACK_FORBID, +VIR_CPU_FALLBACK_COMPAT, VIR_CPU_FALLBACK_LAST } virCPUFallback; diff --git a/src/cpu/cpu_powerpc.c b/src/cpu/cpu_powerpc.c index b220448..218c013 100644 --- a/src/cpu/cpu_powerpc.c +++ b/src/cpu/cpu_powerpc.c @@ -457,8 +457,8 @@ ppcCompare(virCPUDefPtr host, static int ppcDecode(virCPUDefPtr cpu, const virCPUData *data, - const char **models, - unsigned int nmodels, + const char **models ATTRIBUTE_UNUSED, + unsigned int nmodels ATTRIBUTE_UNUSED, const char *preferred ATTRIBUTE_UNUSED, unsigned int flags) { @@ -478,13 +478,6 @@ ppcDecode(virCPUDefPtr cpu, goto cleanup; } -if (!cpuModelIsAllowed(model-name, models, nmodels)) { -virReportError(VIR_ERR_CONFIG_UNSUPPORTED, - _(CPU model %s is not supported by hypervisor), - model-name); -goto cleanup; -} - if (VIR_STRDUP(cpu-model, model-name) 0 || (model-vendor VIR_STRDUP(cpu-vendor, model-vendor-name) 0)) { goto cleanup; @@ -498,7 +491,6 @@ ppcDecode(virCPUDefPtr cpu, return ret; } - static void ppcDataFree(virCPUDataPtr data) { @@ -561,8 +553,8 @@ ppcUpdate(virCPUDefPtr guest, static virCPUDefPtr ppcBaseline(virCPUDefPtr *cpus, unsigned int ncpus, -const char **models, -unsigned int nmodels, +const char **models ATTRIBUTE_UNUSED, +unsigned int nmodels ATTRIBUTE_UNUSED, unsigned int flags) { struct ppc_map *map = NULL; @@ -582,13 +574,6 @@ ppcBaseline(virCPUDefPtr *cpus, goto error; } -if (!cpuModelIsAllowed(model-name, models, nmodels)) { -virReportError(VIR_ERR_CONFIG_UNSUPPORTED, -_(CPU model %s is not supported by hypervisor), -model-name); -goto error; -} - for (i = 0; i ncpus; i++) { const struct ppc_vendor *vnd; diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index 1d5bce6..94e9b78 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -6176,7 +6176,9 @@ qemuBuildCpuArgStr(virQEMUDriverPtr driver, *hasHwVirt = hasSVM 0 ? true : false; } -if (cpu-mode == VIR_CPU_MODE_HOST_PASSTHROUGH) { +if ((cpu-mode == VIR_CPU_MODE_HOST_PASSTHROUGH) || + ((cpu-mode == VIR_CPU_MODE_HOST_MODEL) + (def-os.arch == VIR_ARCH_PPC64))) { const char *mode = virCPUModeTypeToString(cpu-mode); if
Re: [libvirt] [PATCH] Initial implementation of new job control api
On Wed, Jun 18, 2014 at 05:59:47PM -0400, Tucker DiNapoli wrote: This is my initial definition of a new internal job control api. I am working on this as a part of the google summer of code. These patches contain the core job control api and deal only with managing individual jobs. I am currently working on writing code using this api to manage jobs in domains, in such a way that I will be able to replace the current job control code in qemu and libxl. Ultimately I will use this to implement job control in the storage driver which is my ultimate goal for the summer of code. --- src/Makefile.am | 1 + src/util/virjobcontrol.c | 574 +++ src/util/virjobcontrol.h | 342 3 files changed, 917 insertions(+) create mode 100644 src/util/virjobcontrol.c create mode 100644 src/util/virjobcontrol.h diff --git a/src/Makefile.am b/src/Makefile.am index 2b9ac61..77de0e7 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -118,6 +118,7 @@ UTIL_SOURCES = \ util/virinitctl.c util/virinitctl.h \ util/viriptables.c util/viriptables.h \ util/viriscsi.c util/viriscsi.h \ + util/virjobcontrol.h util/virjobcontrol.c \ util/virjson.c util/virjson.h \ util/virkeycode.c util/virkeycode.h \ util/virkeyfile.c util/virkeyfile.h \ diff --git a/src/util/virjobcontrol.c b/src/util/virjobcontrol.c new file mode 100644 index 000..04a5246 --- /dev/null +++ b/src/util/virjobcontrol.c @@ -0,0 +1,574 @@ +/* + * virjobcontrol.c Core implementation of job control + * + * Copyright (C) 2014 Tucker DiNapoli + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library. If not, see + * http://www.gnu.org/licenses/. + * + * Author: Tucker DiNapoli + */ + +#include config.h + +#include virjobcontrol.h +#include viralloc.h +#include virtime.h +#include virlog.h +VIR_LOG_INIT(virjobcontrol); + +VIR_ENUM_IMPL(virJob, 4, You should use VIR_JOB_LAST for easy extension and proper size checking. I've just now discovered that running make syntax-check would tell you the same. + none, + query, + modify, + destroy, +); These are probably general enough, yet. +/* + No files other then this and virjobcontrol.c should need to + have access to the core implmentation of jobs. The code in these + files is intended to serve as a base for job control independent of + drivers. +*/ + +#define LOCK_JOB(job) \ +virMutexLock(job-lock) +#define UNLOCK_JOB(job) \ +virMutexUnlock(job-lock) +#define LOCK_JOB_INFO(job) \ +virMutexLock(job-info-lock) +#define UNLOCK_JOB_INFO(job)\ +virMutexUnlock(job-info-lock) We prefer having these in a separate functions. Not only can you trace them better when debugging (for such purposes I use CFLAGS=-ggdb -O0), but it also shouldn't add too much of an overhead with proper compiler optimizations. +#define GET_CURRENT_TIME(time) \ +if (virTimeMillisNow(time) 0) { \ +return -1; \ +} + This creates code with two flaws. One is readability, because it can return from function (skipping possible clean-ups, e.g. in future code) even though it's not obvious from the name. Second one is that there is no need to have a semicolon after the macro (which confuses some editors). The usual workaround is: #define ASDF() \ do {\ asdf(); \ while (0) + +#define CHECK_FLAG_ATOMIC(job, flag) (virAtomicIntGet(job-flags) VIR_JOB_FLAG_##flag) +#define CHECK_FLAG(job, flag) (job-flags VIR_JOB_FLAG_##flag) +#define SET_FLAG_ATOMIC(job, flag) (virAtomicIntOr(job-flags, VIR_JOB_FLAG_##flag)) +#define SET_FLAG(job, flag) (job-flags |= VIR_JOB_FLAG_##flag) +#define UNSET_FLAG_ATOMIC(job, flag) (virAtomicIntAnd(job-flags, (~VIR_JOB_FLAG_##flag))) +#define UNSET_FLAG(job, flag) (job-flags = (~VIR_JOB_FLAG_##flag)) +#define CLEAR_FLAGS_ATOMIC(job) (virAtomicIntSet(job-flags, VIR_JOB_FLAG_NONE)) +#define CLEAR_FLAGS(job) (job-flags = VIR_JOB_FLAG_NONE) + While the resulting code looks
[libvirt] [PATCH RFC 1/4] Introduce domain_capabilities
Signed-off-by: Michal Privoznik mpriv...@redhat.com --- src/Makefile.am| 1 + src/conf/domain_capabilities.c | 217 + src/conf/domain_capabilities.h | 89 + src/libvirt_private.syms | 5 + 4 files changed, 312 insertions(+) create mode 100644 src/conf/domain_capabilities.c create mode 100644 src/conf/domain_capabilities.h diff --git a/src/Makefile.am b/src/Makefile.am index 2b9ac61..e81af0c 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -248,6 +248,7 @@ NETDEV_CONF_SOURCES = \ DOMAIN_CONF_SOURCES = \ conf/capabilities.c conf/capabilities.h \ conf/domain_addr.c conf/domain_addr.h \ + conf/domain_capabilities.c conf/domain_capabilities.h \ conf/domain_conf.c conf/domain_conf.h \ conf/domain_audit.c conf/domain_audit.h \ conf/domain_nwfilter.c conf/domain_nwfilter.h \ diff --git a/src/conf/domain_capabilities.c b/src/conf/domain_capabilities.c new file mode 100644 index 000..896aba9 --- /dev/null +++ b/src/conf/domain_capabilities.c @@ -0,0 +1,217 @@ +/* + * domain_capabilities.c: domain capabilities XML processing + * + * Copyright (C) 2014 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library. If not, see + * http://www.gnu.org/licenses/. + * + * Author: Michal Privoznik mpriv...@redhat.com + */ + +#include config.h + +#include domain_capabilities.h +#include domain_conf.h +#include viralloc.h +#include virstring.h + +#define VIR_FROM_THIS VIR_FROM_CAPABILITIES + +static virClassPtr virDomainCapsClass; + +static void virDomainCapsDispose(void *obj); + +static int virDomainCapsOnceInit(void) +{ +if (!(virDomainCapsClass = virClassNew(virClassForObjectLockable(), + virDomainCapsClass, + sizeof(virDomainCaps), + virDomainCapsDispose))) +return -1; +return 0; +} + + +VIR_ONCE_GLOBAL_INIT(virDomainCaps) + + +static void +virDomainCapsDispose(void *obj) +{ +virDomainCapsPtr caps = obj; + +VIR_FREE(caps-path); +VIR_FREE(caps-machine); +} + + +virDomainCapsPtr +virDomainCapsNew(const char *path, + const char *machine, + virArch arch, + virDomainVirtType virttype) +{ +virDomainCapsPtr caps = NULL; + +if (virDomainCapsInitialize() 0) +return NULL; + +if (!(caps = virObjectLockableNew(virDomainCapsClass))) +return NULL; + +if (VIR_STRDUP(caps-path, path) 0 || +VIR_STRDUP(caps-machine, machine) 0) +goto error; +caps-arch = arch; +caps-virttype = virttype; + +return caps; + error: +virObjectUnref(caps); +return NULL; +} + + +#define FORMAT_PROLOGUE(item) \ +do {\ +virBufferAsprintf(buf, #item supported='%s'%s\n, \ + item-device.supported ? yes : no,\ + item-device.supported ? : /); \ +if (!item-device.supported)\ +return; \ +virBufferAdjustIndent(buf, 2); \ +} while (0) + +#define FORMAT_EPILOGUE(item) \ +do {\ +virBufferAdjustIndent(buf, -2); \ +virBufferAddLit(buf, / #item \n); \ +} while (0) + +static int +virDomainCapsEnumFormat(virBufferPtr buf, +virDomainCapsEnumPtr capsEnum, +const char *capsEnumName, +virDomainCapsValToStr valToStr) +{ +int ret = -1; +size_t i; + +virBufferAsprintf(buf, enum name='%s', capsEnumName); +if (!capsEnum-values) { +virBufferAddLit(buf, /\n); +ret = 0; +goto cleanup; +} +virBufferAddLit(buf, \n); +virBufferAdjustIndent(buf, 2); + +for (i = 0; i sizeof(capsEnum-values) * CHAR_BIT; i++) { +const char
[libvirt] [PATCH RFC 2/4] Introduce virConnectGetDomainCapabilities
Signed-off-by: Michal Privoznik mpriv...@redhat.com --- include/libvirt/libvirt.h.in | 7 ++ src/driver.h | 9 src/libvirt.c| 52 src/libvirt_public.syms | 1 + src/remote/remote_driver.c | 1 + src/remote/remote_protocol.x | 20 - src/remote_protocol-structs | 11 ++ 7 files changed, 100 insertions(+), 1 deletion(-) diff --git a/include/libvirt/libvirt.h.in b/include/libvirt/libvirt.h.in index 594521e..de2d606 100644 --- a/include/libvirt/libvirt.h.in +++ b/include/libvirt/libvirt.h.in @@ -1585,6 +1585,13 @@ int virNodeGetInfo (virConnectPtr conn, virNodeInfoPtr info); char * virConnectGetCapabilities (virConnectPtr conn); +char * virConnectGetDomainCapabilities(virConnectPtr conn, + const char *emulatorbin, + const char *arch, + const char *machine, + const char *virttype, + unsigned int flags); + int virNodeGetCPUStats (virConnectPtr conn, int cpuNum, virNodeCPUStatsPtr params, diff --git a/src/driver.h b/src/driver.h index 6e72e92..1fbea1b 100644 --- a/src/driver.h +++ b/src/driver.h @@ -126,6 +126,14 @@ typedef int typedef char * (*virDrvConnectGetCapabilities)(virConnectPtr conn); +typedef char * +(*virDrvConnectGetDomainCapabilities)(virConnectPtr conn, + const char *emulatorbin, + const char *arch, + const char *machine, + const char *virttype, + unsigned int flags); + typedef int (*virDrvConnectListDomains)(virConnectPtr conn, int *ids, @@ -1412,6 +1420,7 @@ struct _virDriver { virDrvDomainGetTime domainGetTime; virDrvDomainSetTime domainSetTime; virDrvNodeGetFreePages nodeGetFreePages; +virDrvConnectGetDomainCapabilities connectGetDomainCapabilities; }; diff --git a/src/libvirt.c b/src/libvirt.c index 566f984..fa4b9de 100644 --- a/src/libvirt.c +++ b/src/libvirt.c @@ -21189,3 +21189,55 @@ virNetworkDHCPLeaseFree(virNetworkDHCPLeasePtr lease) VIR_FREE(lease-clientid); VIR_FREE(lease); } + +/** + * virConnectGetDomainCapabilities: + * @conn: pointer to the hypervisor connection + * @emulatorbin: path to emulator + * @arch: domain architecture + * @machine: machine type + * @virttype: virtualization type + * @flags: extra flags; not used yet, so callers should always pass 0 + * + * Prior creating a domain (for instance via virDomainCreateXML + * or virDomainDefineXML) it may be suitable to know what the + * underlying emulator and/or libvirt is capable of. For + * instance, if host, libvirt and qemu is capable of VFIO + * passthrough and so on. + * + * Returns NULL in case of error, or an XML string + * defining the capabilities. + */ +char * +virConnectGetDomainCapabilities(virConnectPtr conn, +const char *emulatorbin, +const char *arch, +const char *machine, +const char *virttype, +unsigned int flags) +{ +VIR_DEBUG(conn=%p, emulatorbin=%s, arch=%s, + machine=%s, virttype=%s, flags=%x, + conn, emulatorbin, arch, machine, virttype, flags); + +virResetLastError(); + +virCheckConnectReturn(conn, NULL); + +if (conn-driver-connectGetDomainCapabilities) { +char *ret; +ret = conn-driver-connectGetDomainCapabilities(conn, emulatorbin, + arch, machine, + virttype, flags); +if (!ret) +goto error; +VIR_DEBUG(conn=%p, ret=%s, conn, ret); +return ret; +} + +virReportUnsupportedError(); + + error: +virDispatchError(conn); +return NULL; +} diff --git a/src/libvirt_public.syms b/src/libvirt_public.syms index f64462e..3088ee8 100644 --- a/src/libvirt_public.syms +++ b/src/libvirt_public.syms @@ -664,6 +664,7 @@ LIBVIRT_1.2.6 { virNetworkDHCPLeaseFree; virNetworkGetDHCPLeases; virNetworkGetDHCPLeasesForMAC; +virConnectGetDomainCapabilities; } LIBVIRT_1.2.5; # define new API here using predicted next version number diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c index 76ce4a9..549c238 100644 --- a/src/remote/remote_driver.c +++ b/src/remote/remote_driver.c @@ -8070,6 +8070,7 @@ static virDriver
[libvirt] [PATCH RFC 4/4] qemu: Implement virConnectGetDomainCapabilities
Signed-off-by: Michal Privoznik mpriv...@redhat.com --- src/libvirt_private.syms | 1 + src/qemu/qemu_capabilities.c | 82 ++ src/qemu/qemu_capabilities.h | 4 ++ src/qemu/qemu_driver.c | 102 +++ 4 files changed, 189 insertions(+) diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 6c583b0..4bf57a4 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -437,6 +437,7 @@ virDomainVideoTypeFromString; virDomainVideoTypeToString; virDomainVirtioEventIdxTypeFromString; virDomainVirtioEventIdxTypeToString; +virDomainVirtTypeFromString; virDomainVirtTypeToString; virDomainWatchdogActionTypeFromString; virDomainWatchdogActionTypeToString; diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c index 8e0a550..0a1f6fc 100644 --- a/src/qemu/qemu_capabilities.c +++ b/src/qemu/qemu_capabilities.c @@ -39,6 +39,7 @@ #include virnodesuspend.h #include qemu_monitor.h #include virstring.h +#include qemu_hostdev.h #include fcntl.h #include sys/stat.h @@ -3509,3 +3510,84 @@ virQEMUCapsSupportsChardev(virDomainDefPtr def, (chr-deviceType == VIR_DOMAIN_CHR_DEVICE_TYPE_CONSOLE chr-targetType == VIR_DOMAIN_CHR_CONSOLE_TARGET_TYPE_VIRTIO)); } + + +static void +virQEMUCapsFillDomainDeviceDiskCaps(virQEMUCapsPtr qemuCaps, +virDomainCapsDeviceDiskPtr disk) +{ +disk-device.supported = true; +/* QEMU supports all of these */ +disk-diskDevice.values = (1 VIR_DOMAIN_DISK_DEVICE_DISK) | + (1 VIR_DOMAIN_DISK_DEVICE_CDROM) | + (1 VIR_DOMAIN_DISK_DEVICE_FLOPPY) | + (1 VIR_DOMAIN_DISK_DEVICE_LUN); + +disk-bus.values = (1 VIR_DOMAIN_DISK_BUS_IDE) | + (1 VIR_DOMAIN_DISK_BUS_FDC) | + (1 VIR_DOMAIN_DISK_BUS_SCSI) | + (1 VIR_DOMAIN_DISK_BUS_VIRTIO) | + (1 VIR_DOMAIN_DISK_BUS_XEN) | + (1 VIR_DOMAIN_DISK_BUS_SD); + +if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_DEVICE_USB_STORAGE)) +disk-bus.values |= (1 VIR_DOMAIN_DISK_BUS_USB); +} + + +static void +virQEMUCapsFillDomainDeviceHostdevCaps(virQEMUCapsPtr qemuCaps, + virDomainCapsDeviceHostdevPtr hostdev) +{ +bool supportsPassthroughKVM = qemuHostdevHostSupportsPassthroughLegacy(); +bool supportsPassthroughVFIO = qemuHostdevHostSupportsPassthroughVFIO(); + +hostdev-device.supported = true; +/* VIR_DOMAIN_HOSTDEV_MODE_CAPABILITIES is for containers only */ +hostdev-subsysType.values = (1 VIR_DOMAIN_HOSTDEV_MODE_SUBSYS); + +hostdev-startupPolicy.values = (1 VIR_DOMAIN_STARTUP_POLICY_DEFAULT) | +(1 VIR_DOMAIN_STARTUP_POLICY_MANDATORY) | +(1 VIR_DOMAIN_STARTUP_POLICY_REQUISITE) | +(1 VIR_DOMAIN_STARTUP_POLICY_OPTIONAL); + +hostdev-subsysType.values = (1 VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_USB) | +(1 VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI); +if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_DRIVE) +virQEMUCapsGet(qemuCaps, QEMU_CAPS_DEVICE) +virQEMUCapsGet(qemuCaps, QEMU_CAPS_DEVICE_SCSI_GENERIC)) +hostdev-subsysType.values |= 1 VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_SCSI; + +/* No virDomainHostdevCapsType for QEMU */ +hostdev-capsType.values = 0; + +hostdev-pciBackend.values = 0; +if (supportsPassthroughVFIO +virQEMUCapsGet(qemuCaps, QEMU_CAPS_DEVICE_VFIO_PCI)) { +hostdev-pciBackend.values |= (1 VIR_DOMAIN_HOSTDEV_PCI_BACKEND_DEFAULT) | + (1 VIR_DOMAIN_HOSTDEV_PCI_BACKEND_VFIO); + +} + +if (supportsPassthroughKVM +(virQEMUCapsGet(qemuCaps, QEMU_CAPS_PCIDEVICE) || + virQEMUCapsGet(qemuCaps, QEMU_CAPS_DEVICE))) { +hostdev-pciBackend.values |= (1 VIR_DOMAIN_HOSTDEV_PCI_BACKEND_DEFAULT) | + (1 VIR_DOMAIN_HOSTDEV_PCI_BACKEND_KVM); +} +} + + +void +virQEMUCapsFillDomainCaps(virQEMUCapsPtr qemuCaps, + virDomainCapsPtr domCaps) +{ +virDomainCapsDeviceDiskPtr disk = domCaps-disk; +virDomainCapsDeviceHostdevPtr hostdev = domCaps-hostdev; +int maxvcpus = virQEMUCapsGetMachineMaxCpus(qemuCaps, domCaps-machine); + +domCaps-maxvcpus = maxvcpus; + +virQEMUCapsFillDomainDeviceDiskCaps(qemuCaps, disk); +virQEMUCapsFillDomainDeviceHostdevCaps(qemuCaps, hostdev); +} diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h index 53ebe90..bb59172 100644 --- a/src/qemu/qemu_capabilities.h +++ b/src/qemu/qemu_capabilities.h @@ -28,6 +28,7 @@ # include capabilities.h # include vircommand.h # include qemu_monitor.h +# include domain_capabilities.h /* Internal flags to keep track of qemu command line capabilities */ typedef enum { @@ -307,4 +308,7 @@ int
[libvirt] [PATCH RFC 3/4] virsh: expose virConnectGetDomainCapabilities
Signed-off-by: Michal Privoznik mpriv...@redhat.com --- tools/virsh-host.c | 84 ++ 1 file changed, 84 insertions(+) diff --git a/tools/virsh-host.c b/tools/virsh-host.c index 734f1a8..2f926d6 100644 --- a/tools/virsh-host.c +++ b/tools/virsh-host.c @@ -69,6 +69,84 @@ cmdCapabilities(vshControl *ctl, const vshCmd *cmd ATTRIBUTE_UNUSED) } /* + * domcapabilities command + */ +static const vshCmdInfo info_domcapabilities[] = { +{.name = help, + .data = N_(domain capabilities) +}, +{.name = desc, + .data = N_(Returns capabilities of emulator with respect to host and libvirt.) +}, +{.name = NULL} +}; + +static const vshCmdOptDef opts_domcapabilities[] = { +{.name = emulatorbin, + .type = VSH_OT_STRING, + .help = N_(path to emulator binary), +}, +{.name = virttype, + .type = VSH_OT_STRING, + .help = N_(virtualization type (/domain/@type)), +}, +{.name = machine, + .type = VSH_OT_STRING, + .help = N_(machine type (/domain/os/type/@machine)), +}, +{.name = arch, + .type = VSH_OT_STRING, + .help = N_(domain architecture (/domain/os/type/@arch)), +}, +{.name = NULL} +}; + +static bool +cmdDomCapabilities(vshControl *ctl, const vshCmd *cmd) +{ +bool ret = false; +char *caps; +const char *emulatorbin = NULL; +const char *machine = NULL; +const char *virttype = NULL; +const char *arch = NULL; +const unsigned int flags = 0; /* No flags so far */ + +if (vshCommandOptString(cmd, emulatorbin, emulatorbin) 0) { +vshError(ctl, %s, _(ble)); +goto cleanup; +} + +if (vshCommandOptString(cmd, virttype, virttype) 0) { +vshError(ctl, %s, _(ble)); +goto cleanup; +} + +if (vshCommandOptString(cmd, machine, machine) 0) { +vshError(ctl, %s, _(ble)); +goto cleanup; +} + +if (vshCommandOptString(cmd, arch, arch) 0) { +vshError(ctl, %s, _(ble)); +goto cleanup; +} + +caps = virConnectGetDomainCapabilities(ctl-conn, emulatorbin, + arch, machine, virttype, flags); +if (!caps) { +vshError(ctl, %s, _(failed to get emulator capabilities)); +goto cleanup; +} + +vshPrint(ctl, %s\n, caps); +ret = true; + cleanup: +VIR_FREE(caps); +return ret; +} + +/* * freecell command */ static const vshCmdInfo info_freecell[] = { @@ -1131,6 +1209,12 @@ const vshCmdDef hostAndHypervisorCmds[] = { .info = info_cpu_models, .flags = 0 }, +{.name = domcapabilities, + .handler = cmdDomCapabilities, + .opts = opts_domcapabilities, + .info = info_domcapabilities, + .flags = 0 +}, {.name = freecell, .handler = cmdFreecell, .opts = opts_freecell, -- 1.8.5.5 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH RFC 0/4] Expose Expose IOMMU and VFIO host capabilities
*** NOT FOR UPSTREAM MERGE *** This is pure RFC, that's why it contains just code without any documentation, RNG schemas, tests, ..., with sparse commit messages. I just want to make sure I'm on the right track this time. BTW: The ACL issue on the command is still not resolved and honestly, I've no solution. Long story short, with this API I'm introducing users with RO connection can execute arbitrary files on the host. Isn't that just nice? So, what you should see after these patches are applied? Something like this: virsh # domcapabilities /usr/bin/qemu-system-x86_64 kvm emulatorCapabilities path/usr/bin/qemu-system-x86_64/path domainkvm/domain machinepc-i440fx-2.1/machine archx86_64/arch vcpu255/vcpu devices disk supported='yes' enum name='diskDevice' valuedisk/value valuecdrom/value valuefloppy/value valuelun/value /enum enum name='bus' valueide/value valuefdc/value valuescsi/value valuevirtio/value valuexen/value valueusb/value valuesd/value /enum /disk hostdev supported='yes' enum name='mode'/ enum name='startupPolicy' valuedefault/value valuemandatory/value valuerequisite/value valueoptional/value /enum enum name='subsysType' valueusb/value valuepci/value valuescsi/value /enum enum name='capsType'/ enum name='pciBackend' valuedefault/value valuekvm/value valuevfio/value /enum /hostdev /devices /emulatorCapabilities Michal Privoznik (4): Introduce domain_capabilities Introduce virConnectGetDomainCapabilities virsh: expose virConnectGetDomainCapabilities qemu: Implement virConnectGetDomainCapabilities include/libvirt/libvirt.h.in | 7 ++ src/Makefile.am| 1 + src/conf/domain_capabilities.c | 217 + src/conf/domain_capabilities.h | 89 + src/driver.h | 9 ++ src/libvirt.c | 52 ++ src/libvirt_private.syms | 6 ++ src/libvirt_public.syms| 1 + src/qemu/qemu_capabilities.c | 82 src/qemu/qemu_capabilities.h | 4 + src/qemu/qemu_driver.c | 102 +++ src/remote/remote_driver.c | 1 + src/remote/remote_protocol.x | 20 +++- src/remote_protocol-structs| 11 +++ tools/virsh-host.c | 84 15 files changed, 685 insertions(+), 1 deletion(-) create mode 100644 src/conf/domain_capabilities.c create mode 100644 src/conf/domain_capabilities.h -- 1.8.5.5 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH RFC 0/4] Expose Expose IOMMU and VFIO host capabilities
On Thu, Jun 26, 2014 at 12:18:24PM +0200, Michal Privoznik wrote: *** NOT FOR UPSTREAM MERGE *** This is pure RFC, that's why it contains just code without any documentation, RNG schemas, tests, ..., with sparse commit messages. I just want to make sure I'm on the right track this time. BTW: The ACL issue on the command is still not resolved and honestly, I've no solution. Long story short, with this API I'm introducing users with RO connection can execute arbitrary files on the host. Isn't that just nice? Yes, that's the same scenario as the XMLToNative / NativeToXML APIs. In that case we set connect:write as the permission and I think that's probably reasonable here too. Regards, Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH RFC 1/4] Introduce domain_capabilities
On Thu, Jun 26, 2014 at 12:18:25PM +0200, Michal Privoznik wrote: Signed-off-by: Michal Privoznik mpriv...@redhat.com --- src/Makefile.am| 1 + src/conf/domain_capabilities.c | 217 + src/conf/domain_capabilities.h | 89 + src/libvirt_private.syms | 5 + 4 files changed, 312 insertions(+) create mode 100644 src/conf/domain_capabilities.c create mode 100644 src/conf/domain_capabilities.h +static int +virDomainCapsFormatInternal(virBufferPtr buf, +virDomainCapsPtr const caps) +{ +const char *virttype_str = virDomainVirtTypeToString(caps-virttype); +const char *arch_str = virArchToString(caps-arch); + +virBufferAddLit(buf, emulatorCapabilities\n); s/emulator/domain/ +virBufferAdjustIndent(buf, 2); + +virBufferAsprintf(buf, path%s/path\n, caps-path); +virBufferAsprintf(buf, domain%s/domain\n, virttype_str); +virBufferAsprintf(buf, machine%s/machine\n, caps-machine); +virBufferAsprintf(buf, arch%s/arch\n, arch_str); + +if (caps-maxvcpus) +virBufferAsprintf(buf, vcpu%d/vcpu\n, caps-maxvcpus); I might suggest using max='%d' so if we need to expose more info about vcpus in future we can still have child elements + +virBufferAddLit(buf, devices\n); +virBufferAdjustIndent(buf, 2); + +virDomainCapsDeviceDiskFormat(buf, caps-disk); +virDomainCapsDeviceHostdevFormat(buf, caps-hostdev); + +virBufferAdjustIndent(buf, -2); +virBufferAddLit(buf, /devices\n); + +virBufferAdjustIndent(buf, -2); +virBufferAddLit(buf, /emulatorCapabilities\n); +return 0; +} Basically this looks sane to me. Regards, Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH RFC 2/4] Introduce virConnectGetDomainCapabilities
On Thu, Jun 26, 2014 at 12:18:26PM +0200, Michal Privoznik wrote: static virNetworkDriver network_driver = { diff --git a/src/remote/remote_protocol.x b/src/remote/remote_protocol.x index 4b75bdb..9d141e9 100644 --- a/src/remote/remote_protocol.x +++ b/src/remote/remote_protocol.x @@ -5419,5 +5431,11 @@ enum remote_procedure { * @generate: none * @acl: network:read */ -REMOTE_PROC_NETWORK_GET_DHCP_LEASES_FOR_MAC = 342 +REMOTE_PROC_NETWORK_GET_DHCP_LEASES_FOR_MAC = 342, + +/** + * @generate: both + * @acl: connect:read As mentioned against cover letter we'll need 'connect:write' here I think. Perhaps we could allow for 'connect:read' if-and-only-if emulatorbin is NULL. ie we'd use the combination of arch + machine + virttype to lookup the binary in the primary capabilities when emulatorbin is NULL. That would avoid any risk of running arbitrary user provided paths, and so we safe to allow connect:read there. Regards, Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH RFC 4/4] qemu: Implement virConnectGetDomainCapabilities
On Thu, Jun 26, 2014 at 12:18:28PM +0200, Michal Privoznik wrote: Signed-off-by: Michal Privoznik mpriv...@redhat.com --- src/libvirt_private.syms | 1 + src/qemu/qemu_capabilities.c | 82 ++ src/qemu/qemu_capabilities.h | 4 ++ src/qemu/qemu_driver.c | 102 +++ 4 files changed, 189 insertions(+) diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 6c583b0..4bf57a4 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -437,6 +437,7 @@ virDomainVideoTypeFromString; virDomainVideoTypeToString; virDomainVirtioEventIdxTypeFromString; virDomainVirtioEventIdxTypeToString; +virDomainVirtTypeFromString; virDomainVirtTypeToString; virDomainWatchdogActionTypeFromString; virDomainWatchdogActionTypeToString; diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c index 8e0a550..0a1f6fc 100644 --- a/src/qemu/qemu_capabilities.c +++ b/src/qemu/qemu_capabilities.c @@ -39,6 +39,7 @@ #include virnodesuspend.h #include qemu_monitor.h #include virstring.h +#include qemu_hostdev.h #include fcntl.h #include sys/stat.h @@ -3509,3 +3510,84 @@ virQEMUCapsSupportsChardev(virDomainDefPtr def, (chr-deviceType == VIR_DOMAIN_CHR_DEVICE_TYPE_CONSOLE chr-targetType == VIR_DOMAIN_CHR_CONSOLE_TARGET_TYPE_VIRTIO)); } + + +static void +virQEMUCapsFillDomainDeviceDiskCaps(virQEMUCapsPtr qemuCaps, +virDomainCapsDeviceDiskPtr disk) +{ +disk-device.supported = true; +/* QEMU supports all of these */ +disk-diskDevice.values = (1 VIR_DOMAIN_DISK_DEVICE_DISK) | + (1 VIR_DOMAIN_DISK_DEVICE_CDROM) | + (1 VIR_DOMAIN_DISK_DEVICE_FLOPPY) | + (1 VIR_DOMAIN_DISK_DEVICE_LUN); IIRC, LUN required a specific version of QEMU, but can't remember which. + +disk-bus.values = (1 VIR_DOMAIN_DISK_BUS_IDE) | + (1 VIR_DOMAIN_DISK_BUS_FDC) | + (1 VIR_DOMAIN_DISK_BUS_SCSI) | + (1 VIR_DOMAIN_DISK_BUS_VIRTIO) | + (1 VIR_DOMAIN_DISK_BUS_XEN) | + (1 VIR_DOMAIN_DISK_BUS_SD); I think 'SD' requires a particular QEMU version. Also, don't think we support 'XEN' any more actually - that was probably left over from the Xenner support we ripped out a while ago. + +if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_DEVICE_USB_STORAGE)) +disk-bus.values |= (1 VIR_DOMAIN_DISK_BUS_USB); +} + + +static void +virQEMUCapsFillDomainDeviceHostdevCaps(virQEMUCapsPtr qemuCaps, + virDomainCapsDeviceHostdevPtr hostdev) +{ +bool supportsPassthroughKVM = qemuHostdevHostSupportsPassthroughLegacy(); +bool supportsPassthroughVFIO = qemuHostdevHostSupportsPassthroughVFIO(); + +hostdev-device.supported = true; +/* VIR_DOMAIN_HOSTDEV_MODE_CAPABILITIES is for containers only */ +hostdev-subsysType.values = (1 VIR_DOMAIN_HOSTDEV_MODE_SUBSYS); + +hostdev-startupPolicy.values = (1 VIR_DOMAIN_STARTUP_POLICY_DEFAULT) | +(1 VIR_DOMAIN_STARTUP_POLICY_MANDATORY) | +(1 VIR_DOMAIN_STARTUP_POLICY_REQUISITE) | +(1 VIR_DOMAIN_STARTUP_POLICY_OPTIONAL); + +hostdev-subsysType.values = (1 VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_USB) | +(1 VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI); +if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_DRIVE) +virQEMUCapsGet(qemuCaps, QEMU_CAPS_DEVICE) +virQEMUCapsGet(qemuCaps, QEMU_CAPS_DEVICE_SCSI_GENERIC)) +hostdev-subsysType.values |= 1 VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_SCSI; + +/* No virDomainHostdevCapsType for QEMU */ +hostdev-capsType.values = 0; + +hostdev-pciBackend.values = 0; +if (supportsPassthroughVFIO +virQEMUCapsGet(qemuCaps, QEMU_CAPS_DEVICE_VFIO_PCI)) { +hostdev-pciBackend.values |= (1 VIR_DOMAIN_HOSTDEV_PCI_BACKEND_DEFAULT) | + (1 VIR_DOMAIN_HOSTDEV_PCI_BACKEND_VFIO); + +} + +if (supportsPassthroughKVM +(virQEMUCapsGet(qemuCaps, QEMU_CAPS_PCIDEVICE) || + virQEMUCapsGet(qemuCaps, QEMU_CAPS_DEVICE))) { +hostdev-pciBackend.values |= (1 VIR_DOMAIN_HOSTDEV_PCI_BACKEND_DEFAULT) | + (1 VIR_DOMAIN_HOSTDEV_PCI_BACKEND_KVM); +} +} +static char * +qemuConnectGetDomainCapabilities(virConnectPtr conn, + const char *emulatorbin, + const char *arch_str, + const char *machine, + const char *virttype_str, + unsigned int flags) +{ +char *ret = NULL; +virQEMUDriverPtr driver = conn-privateData; +
Re: [libvirt] [PATCH V2] libxl: detect support for save and restore
On Wed, 2014-06-25 at 18:09 -0600, Jim Fehlig wrote: libxl does not support save, restore, or migrate on all architectures, notably ARM. Detect whether libxl supports these operations using LIBXL_HAVE_NO_SUSPEND_RESUME. If not supported, drop advertisement of migration_features. Found by Ian Campbell while improving Xen's OSSTEST infrastructure http://lists.xen.org/archives/html/xen-devel/2014-06/msg02171.html Signed-off-by: Jim Fehlig jfeh...@suse.com --- Another option for https://www.redhat.com/archives/libvir-list/2014-June/msg01276.html With this one, we even avoid the distasteful double negative :). Compile-tested on x86 only at this point. The ARM build is still slowly grinding away... Build and runtime tested on ARM and x86 here, works fine. Thanks! Ian. src/libxl/libxl_conf.c | 4 src/libxl/libxl_driver.c | 35 +++ 2 files changed, 39 insertions(+) diff --git a/src/libxl/libxl_conf.c b/src/libxl/libxl_conf.c index 4b6b5c0..8eeaf82 100644 --- a/src/libxl/libxl_conf.c +++ b/src/libxl/libxl_conf.c @@ -1340,7 +1340,11 @@ libxlMakeCapabilities(libxl_ctx *ctx) { virCapsPtr caps; +#ifdef LIBXL_HAVE_NO_SUSPEND_RESUME +if ((caps = virCapabilitiesNew(virArchFromHost(), 0, 0)) == NULL) +#else if ((caps = virCapabilitiesNew(virArchFromHost(), 1, 1)) == NULL) +#endif return NULL; if (libxlCapsInitHost(ctx, caps) 0) diff --git a/src/libxl/libxl_driver.c b/src/libxl/libxl_driver.c index 1ea99e2..646c9b9 100644 --- a/src/libxl/libxl_driver.c +++ b/src/libxl/libxl_driver.c @@ -1379,6 +1379,11 @@ libxlDomainSaveFlags(virDomainPtr dom, const char *to, const char *dxml, int ret = -1; bool remove_dom = false; +#ifdef LIBXL_HAVE_NO_SUSPEND_RESUME +virReportUnsupportedError(); +return -1; +#endif + virCheckFlags(0, -1); if (dxml) { virReportError(VIR_ERR_ARGUMENT_UNSUPPORTED, %s, @@ -1440,6 +1445,11 @@ libxlDomainRestoreFlags(virConnectPtr conn, const char *from, int fd = -1; int ret = -1; +#ifdef LIBXL_HAVE_NO_SUSPEND_RESUME +virReportUnsupportedError(); +return -1; +#endif + virCheckFlags(VIR_DOMAIN_SAVE_PAUSED, -1); if (dxml) { virReportError(VIR_ERR_ARGUMENT_UNSUPPORTED, %s, @@ -4351,6 +4361,11 @@ libxlDomainMigrateBegin3Params(virDomainPtr domain, const char *xmlin = NULL; virDomainObjPtr vm = NULL; +#ifdef LIBXL_HAVE_NO_SUSPEND_RESUME +virReportUnsupportedError(); +return NULL; +#endif + virCheckFlags(LIBXL_MIGRATION_FLAGS, NULL); if (virTypedParamsValidate(params, nparams, LIBXL_MIGRATION_PARAMETERS) 0) return NULL; @@ -4395,6 +4410,11 @@ libxlDomainMigratePrepare3Params(virConnectPtr dconn, const char *dname = NULL; const char *uri_in = NULL; +#ifdef LIBXL_HAVE_NO_SUSPEND_RESUME +virReportUnsupportedError(); +return -1; +#endif + virCheckFlags(LIBXL_MIGRATION_FLAGS, -1); if (virTypedParamsValidate(params, nparams, LIBXL_MIGRATION_PARAMETERS) 0) goto error; @@ -4445,6 +4465,11 @@ libxlDomainMigratePerform3Params(virDomainPtr dom, const char *uri = NULL; int ret = -1; +#ifdef LIBXL_HAVE_NO_SUSPEND_RESUME +virReportUnsupportedError(); +return -1; +#endif + virCheckFlags(LIBXL_MIGRATION_FLAGS, -1); if (virTypedParamsValidate(params, nparams, LIBXL_MIGRATION_PARAMETERS) 0) goto cleanup; @@ -4497,6 +4522,11 @@ libxlDomainMigrateFinish3Params(virConnectPtr dconn, virDomainObjPtr vm = NULL; const char *dname = NULL; +#ifdef LIBXL_HAVE_NO_SUSPEND_RESUME +virReportUnsupportedError(); +return NULL; +#endif + virCheckFlags(LIBXL_MIGRATION_FLAGS, NULL); if (virTypedParamsValidate(params, nparams, LIBXL_MIGRATION_PARAMETERS) 0) return NULL; @@ -4545,6 +4575,11 @@ libxlDomainMigrateConfirm3Params(virDomainPtr domain, libxlDriverPrivatePtr driver = domain-conn-privateData; virDomainObjPtr vm = NULL; +#ifdef LIBXL_HAVE_NO_SUSPEND_RESUME +virReportUnsupportedError(); +return -1; +#endif + virCheckFlags(LIBXL_MIGRATION_FLAGS, -1); if (virTypedParamsValidate(params, nparams, LIBXL_MIGRATION_PARAMETERS) 0) return -1; -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH] Fix typo s/SASL_CONF_DIR/SASL_CONF_PATH/ in QEMU VNC code
The QEMU VNC client arg code has a long standing typo of SASL_CONF_DIR when it should be SASL_CONFIG_PATH for the env variable name. Signed-off-by: Daniel P. Berrange berra...@redhat.com --- src/qemu/qemu_command.c| 2 +- tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-sasl.args | 2 +- tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-tls.args | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index 93d303e..d53315a 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -6541,7 +6541,7 @@ qemuBuildGraphicsVNCCommandLine(virQEMUDriverConfigPtr cfg, virBufferAddLit(opt, ,sasl); if (cfg-vncSASLdir) -virCommandAddEnvPair(cmd, SASL_CONF_DIR, cfg-vncSASLdir); +virCommandAddEnvPair(cmd, SASL_CONF_PATH, cfg-vncSASLdir); /* TODO: Support ACLs later */ } diff --git a/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-sasl.args b/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-sasl.args index 67ef88f..239fde1 100644 --- a/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-sasl.args +++ b/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-sasl.args @@ -1,5 +1,5 @@ LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test \ -SASL_CONF_DIR=/root/.sasl2 QEMU_AUDIO_DRV=none \ +SASL_CONF_PATH=/root/.sasl2 QEMU_AUDIO_DRV=none \ /usr/bin/qemu -S -M pc -m 214 \ -smp 1 -monitor unix:/tmp/test-monitor,server,nowait -no-acpi -boot c -usb -hda \ /dev/HostVG/QEMUGuest1 -net none -serial none -parallel none -vnc \ diff --git a/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-tls.args b/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-tls.args index d71a998..c681b1b 100644 --- a/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-tls.args +++ b/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-tls.args @@ -1,5 +1,5 @@ LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test \ -SASL_CONF_DIR=/root/.sasl2 QEMU_AUDIO_DRV=none \ +SASL_CONF_PATH=/root/.sasl2 QEMU_AUDIO_DRV=none \ /usr/bin/qemu -S -M pc -m 214 \ -smp 1 -monitor unix:/tmp/test-monitor,server,nowait -no-acpi -boot c -usb -hda \ /dev/HostVG/QEMUGuest1 -net none -serial none -parallel none -vnc \ -- 1.9.3 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH] Add PKG_CONFIG_PATH to run.in script.
Allow people to build external bindings using the 'run' script by defining the PKG_CONFIG_PATH var in it. eg to build Python you could do ../libvirt/run python setup.py build Signed-off-by: Daniel P. Berrange berra...@redhat.com --- run.in | 7 +++ 1 file changed, 7 insertions(+) diff --git a/run.in b/run.in index 1a379dd..cbef61a 100644 --- a/run.in +++ b/run.in @@ -53,6 +53,13 @@ else fi export LD_LIBRARY_PATH +if [ -z $PKG_CONFIG_PATH ]; then +PKG_CONFIG_PATH=$b/src +else +PKG_CONFIG_PATH=$b/src:$PKG_CONFIG_PATH +fi +export PKG_CONFIG_PATH + export LIBVIRT_DRIVER_DIR=$b/src/.libs export LIBVIRT_LOCK_MANAGER_PLUGIN_DIR=$b/src/.libs export VIRTLOCKD_PATH=$b/src -- 1.9.3 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH] qemu: don't label anything before locking the domain
If locking the domain failed, files were already labelled and thus we restored the previous label on them. Having disks on NFS means the domain having the lock already gets permission denial. This code moves the labelling part into the command hook since it's still privileged, and also moves the clearing of VIR_QEMU_PROCESS_STOP_NO_RELABEL from stop_flags right after the handshare after hook. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1113327 Signed-off-by: Martin Kletzander mklet...@redhat.com --- src/qemu/qemu_process.c | 69 - 1 file changed, 39 insertions(+), 30 deletions(-) diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index 5b598be..bc751b9 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -2700,6 +2700,8 @@ struct qemuProcessHookData { virQEMUDriverPtr driver; virBitmapPtr nodemask; virQEMUDriverConfigPtr cfg; +const char *stdin_path; +int stdin_fd; }; static int qemuProcessHook(void *data) @@ -2739,6 +2741,34 @@ static int qemuProcessHook(void *data) if (virNumaSetupMemoryPolicy(h-vm-def-numatune, h-nodemask) 0) goto cleanup; +/* + * Only after we managed to get a domain lock we can label + * domain-related objects. + */ +VIR_DEBUG(Setting domain security labels); +if (virSecurityManagerSetAllLabel(h-driver-securityManager, + h-vm-def, h-stdin_path) 0) +goto cleanup; + +if (h-stdin_fd != -1) { +/* if there's an fd to migrate from, and it's a pipe, put the + * proper security label on it + */ +struct stat stdin_sb; + +VIR_DEBUG(setting security label on pipe used for migration); + +if (fstat(h-stdin_fd, stdin_sb) 0) { +virReportSystemError(errno, + _(cannot stat fd %d), h-stdin_fd); +goto cleanup; +} +if (S_ISFIFO(stdin_sb.st_mode) +virSecurityManagerSetImageFDLabel(h-driver-securityManager, + h-vm-def, h-stdin_fd) 0) +goto cleanup; +} + ret = 0; cleanup: @@ -3702,6 +3732,8 @@ int qemuProcessStart(virConnectPtr conn, hookData.driver = driver; /* We don't increase cfg's reference counter here. */ hookData.cfg = cfg; +hookData.stdin_path = stdin_path; +hookData.stdin_fd = stdin_fd; VIR_DEBUG(Beginning VM startup process); @@ -4082,6 +4114,12 @@ int qemuProcessStart(virConnectPtr conn, goto cleanup; } +/* Security manager labeled all devices, therefore + * if any operation from now on fails and we goto cleanup, + * where virSecurityManagerRestoreAllLabel() is called + * (hidden under qemuProcessStop) we need to restore labels. */ +stop_flags = ~VIR_QEMU_PROCESS_STOP_NO_RELABEL; + VIR_DEBUG(Setting up domain cgroup (if required)); if (qemuSetupCgroup(driver, vm, nodemask) 0) goto cleanup; @@ -4092,36 +4130,7 @@ int qemuProcessStart(virConnectPtr conn, qemuProcessInitCpuAffinity(driver, vm, nodemask) 0) goto cleanup; -VIR_DEBUG(Setting domain security labels); -if (virSecurityManagerSetAllLabel(driver-securityManager, - vm-def, stdin_path) 0) -goto cleanup; - -/* Security manager labeled all devices, therefore - * if any operation from now on fails and we goto cleanup, - * where virSecurityManagerRestoreAllLabel() is called - * (hidden under qemuProcessStop) we need to restore labels. */ -stop_flags = ~VIR_QEMU_PROCESS_STOP_NO_RELABEL; - -if (stdin_fd != -1) { -/* if there's an fd to migrate from, and it's a pipe, put the - * proper security label on it - */ -struct stat stdin_sb; - -VIR_DEBUG(setting security label on pipe used for migration); - -if (fstat(stdin_fd, stdin_sb) 0) { -virReportSystemError(errno, - _(cannot stat fd %d), stdin_fd); -goto cleanup; -} -if (S_ISFIFO(stdin_sb.st_mode) -virSecurityManagerSetImageFDLabel(driver-securityManager, vm-def, stdin_fd) 0) -goto cleanup; -} - -VIR_DEBUG(Labelling done, completing handshake to child); +VIR_DEBUG(Affinity/cgroups set, completing handshake to child); if (virCommandHandshakeNotify(cmd) 0) { goto cleanup; } -- 2.0.0 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [for 1.2.6] Redundancy of virNetworkGetDHCPLeases and virNetworkGetDHCPLeasesForMAC
Hi, when reviewing the patch to add python bindings for the said APIs it occurred to me that the two APIs are so close in their prototypes and way of functioning that we could actually merge them into one. Both of those return a list of lease structures and the only difference is the presence of the @mac argument. We could unify those two APIs into one with the following signature: int virNetworkGetDHCPLeases(virNetworkPtr network, const char *mac, virNetworkDHCPLeasePtr **leases, unsigned int flags) And tweak the semantics of @mac where when the user passes NULL we'd return the complete unfiltered list. This would simplify our API and also the python bindings. If we decide this is a good idea (in time for the release) I'll post patches to flesh out the redundant parts. Peter signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] Add PKG_CONFIG_PATH to run.in script.
On Thu, Jun 26, 2014 at 11:54:11 +0100, Daniel Berrange wrote: Allow people to build external bindings using the 'run' script by defining the PKG_CONFIG_PATH var in it. eg to build Python you could do ../libvirt/run python setup.py build Signed-off-by: Daniel P. Berrange berra...@redhat.com ACK Jirka -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] qemu: don't label anything before locking the domain
On Thu, Jun 26, 2014 at 01:20:02PM +0200, Martin Kletzander wrote: If locking the domain failed, files were already labelled and thus we restored the previous label on them. Having disks on NFS means the domain having the lock already gets permission denial. This code moves the labelling part into the command hook since it's still privileged, and also moves the clearing of VIR_QEMU_PROCESS_STOP_NO_RELABEL from stop_flags right after the handshare after hook. This problem description / fix doesn't make much sense to me. IIUC the control flow is - Parent runs fork() - Parent waits for handshake notify - Child runs hook - Hook *only* registers with lock daemon - Child sends handshake notify to parent - Child waits for handshake response - Parent received handshake notify - Parent does labelling - Parent sends handshake response - Child execs QEMU - QEMU launches but CPUs are paused - Parent acquires disk locks - Parent tells QEMU to start CPUs Note that the hook does not acquire any locks - it merely connects to the lock daemon. Locks are not acquired until the CPUs are ready to be started. So I don't see how moving labelling into the hook solves anything. Note that the goal of the locking code as it is today, was only to prevent the content of the disk image being corrupted by 2 QEMUs running concurrently. The design as it is succeeds in this. Stopping changes to the labelling was not attempted. Yes, this will result in a running QEMU loosing access to a disk if another QEMU attempts to start and use those disks, but the content is protected in this way. It isn't actually possible to protect against concurrent changes to both the content and the labelling with a single lock because there are differing lock ordering protection rules requires for these. To do that, we actually need to incorporate use of the lock manager into the security drivers using a separate lock space and use locking rules that apply explicitly to the needs of the labelling. Regards, Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] qemu: don't label anything before locking the domain
On Thu, Jun 26, 2014 at 12:42:52PM +0100, Daniel P. Berrange wrote: On Thu, Jun 26, 2014 at 01:20:02PM +0200, Martin Kletzander wrote: If locking the domain failed, files were already labelled and thus we restored the previous label on them. Having disks on NFS means the domain having the lock already gets permission denial. This code moves the labelling part into the command hook since it's still privileged, and also moves the clearing of VIR_QEMU_PROCESS_STOP_NO_RELABEL from stop_flags right after the handshare after hook. This problem description / fix doesn't make much sense to me. IIUC the control flow is - Parent runs fork() - Parent waits for handshake notify - Child runs hook - Hook *only* registers with lock daemon - Child sends handshake notify to parent - Child waits for handshake response - Parent received handshake notify - Parent does labelling - Parent sends handshake response - Child execs QEMU - QEMU launches but CPUs are paused - Parent acquires disk locks - Parent tells QEMU to start CPUs Note that the hook does not acquire any locks - it merely connects to the lock daemon. Locks are not acquired until the CPUs are ready to be started. So I don't see how moving labelling into the hook solves anything. Note that the goal of the locking code as it is today, was only to prevent the content of the disk image being corrupted by 2 QEMUs running concurrently. The design as it is succeeds in this. Stopping changes to the labelling was not attempted. Yes, this will result in a running QEMU loosing access to a disk if another QEMU attempts to start and use those disks, but the content is protected in this way. It isn't actually possible to protect against concurrent changes to both the content and the labelling with a single lock because there are differing lock ordering protection rules requires for these. To do that, we actually need to incorporate use of the lock manager into the security drivers using a separate lock space and use locking rules that apply explicitly to the needs of the labelling. Specifically what the security drivers would have todo is - Acquire exclusive lock on the image - If not already labelled - Label image Else - See if current labelling is readonly or shared and this matches desired labelling - Release the exclusive lock on the image So see that the lock only has to be held for the short time that the labelling is being changed. This is very different from the existing content lock which must be held for the entire time the guest is running. This all really ties back into the previous problem we've tried to solve of tracking the original image label so we can correctly restore upon guest shutdown. Both the locking and that tracking have to be solved at the same time - two facets of the same problem. Regards, Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] qemu: don't label anything before locking the domain
On Thu, Jun 26, 2014 at 12:42:52PM +0100, Daniel P. Berrange wrote: On Thu, Jun 26, 2014 at 01:20:02PM +0200, Martin Kletzander wrote: If locking the domain failed, files were already labelled and thus we restored the previous label on them. Having disks on NFS means the domain having the lock already gets permission denial. This code moves the labelling part into the command hook since it's still privileged, and also moves the clearing of VIR_QEMU_PROCESS_STOP_NO_RELABEL from stop_flags right after the handshare after hook. This problem description / fix doesn't make much sense to me. IIUC the control flow is - Parent runs fork() - Parent waits for handshake notify - Child runs hook - Hook *only* registers with lock daemon - Child sends handshake notify to parent - Child waits for handshake response - Parent received handshake notify - Parent does labelling - Parent sends handshake response - Child execs QEMU - QEMU launches but CPUs are paused - Parent acquires disk locks - Parent tells QEMU to start CPUs Note that the hook does not acquire any locks - it merely connects to the lock daemon. Locks are not acquired until the CPUs are ready to be started. So I don't see how moving labelling into the hook solves anything. Oh, my fault, I haven't realized, we're just registering there. Note that the goal of the locking code as it is today, was only to prevent the content of the disk image being corrupted by 2 QEMUs running concurrently. The design as it is succeeds in this. Stopping changes to the labelling was not attempted. Yes, this will result in a running QEMU loosing access to a disk if another QEMU attempts to start and use those disks, but the content is protected in this way. It isn't actually possible to protect against concurrent changes to both the content and the labelling with a single lock because there are differing lock ordering protection rules requires for these. To do that, we actually need to incorporate use of the lock manager into the security drivers using a separate lock space and use locking rules that apply explicitly to the needs of the labelling. It occurred to me too that this might be either fixed or the fix eased after Michal's patches are applied (not my area, though): http://www.redhat.com/archives/libvir-list/2014-March/msg00826.html What I think is that it would (almost) solve it automatically, since it would restore the original label, even though there would be a small window when the first QEMU process doesn't have access to the disk. But definitely better result than now. Martin signature.asc Description: Digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] qemu: don't label anything before locking the domain
On Thu, Jun 26, 2014 at 01:57:34PM +0200, Martin Kletzander wrote: On Thu, Jun 26, 2014 at 12:42:52PM +0100, Daniel P. Berrange wrote: On Thu, Jun 26, 2014 at 01:20:02PM +0200, Martin Kletzander wrote: If locking the domain failed, files were already labelled and thus we restored the previous label on them. Having disks on NFS means the domain having the lock already gets permission denial. This code moves the labelling part into the command hook since it's still privileged, and also moves the clearing of VIR_QEMU_PROCESS_STOP_NO_RELABEL from stop_flags right after the handshare after hook. This problem description / fix doesn't make much sense to me. IIUC the control flow is - Parent runs fork() - Parent waits for handshake notify - Child runs hook - Hook *only* registers with lock daemon - Child sends handshake notify to parent - Child waits for handshake response - Parent received handshake notify - Parent does labelling - Parent sends handshake response - Child execs QEMU - QEMU launches but CPUs are paused - Parent acquires disk locks - Parent tells QEMU to start CPUs Note that the hook does not acquire any locks - it merely connects to the lock daemon. Locks are not acquired until the CPUs are ready to be started. So I don't see how moving labelling into the hook solves anything. Oh, my fault, I haven't realized, we're just registering there. Note that the goal of the locking code as it is today, was only to prevent the content of the disk image being corrupted by 2 QEMUs running concurrently. The design as it is succeeds in this. Stopping changes to the labelling was not attempted. Yes, this will result in a running QEMU loosing access to a disk if another QEMU attempts to start and use those disks, but the content is protected in this way. It isn't actually possible to protect against concurrent changes to both the content and the labelling with a single lock because there are differing lock ordering protection rules requires for these. To do that, we actually need to incorporate use of the lock manager into the security drivers using a separate lock space and use locking rules that apply explicitly to the needs of the labelling. It occurred to me too that this might be either fixed or the fix eased after Michal's patches are applied (not my area, though): http://www.redhat.com/archives/libvir-list/2014-March/msg00826.html What I think is that it would (almost) solve it automatically, since it would restore the original label, even though there would be a small window when the first QEMU process doesn't have access to the disk. But definitely better result than now. Once the security managers are doing locking they can look at what the current label is, and if it is set to a label used by another VM, they can avoid changing the label at all. It might need a bit of cleverness in the migration code path but nothing too bad. Regards, Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] Fix typo s/SASL_CONF_DIR/SASL_CONF_PATH/ in QEMU VNC code
Hey, On Thu, Jun 26, 2014 at 11:49:21AM +0100, Daniel P. Berrange wrote: The QEMU VNC client arg code has a long standing typo of SASL_CONF_DIR when it should be SASL_CONFIG_PATH for the env variable name. You've already sent this last Octoer ;) Ján Tomko pointed out that the log should mention SASL_CONF_PATH, not SASL_CONFIG_PATH, and I had ACK'ed it. Christophe pgpKQgBTZQUyb.pgp Description: PGP signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [for 1.2.6] Redundancy of virNetworkGetDHCPLeases and virNetworkGetDHCPLeasesForMAC
On Thu, Jun 26, 2014 at 4:58 PM, Peter Krempa pkre...@redhat.com wrote: Hi, when reviewing the patch to add python bindings for the said APIs it occurred to me that the two APIs are so close in their prototypes and way of functioning that we could actually merge them into one. Both of those return a list of lease structures and the only difference is the presence of the @mac argument. We could unify those two APIs into one with the following signature: int virNetworkGetDHCPLeases(virNetworkPtr network, const char *mac, virNetworkDHCPLeasePtr **leases, unsigned int flags) And tweak the semantics of @mac where when the user passes NULL we'd return the complete unfiltered list. This would simplify our API and also the python bindings. If we decide this is a good idea (in time for the release) I'll post patches to flesh out the redundant parts. Peter A long long while ago, there was already a discussion on this References: (i) http://www.redhat.com/archives/libvir-list/2013-July/msg01609.html (ii) http://www.redhat.com/archives/libvir-list/2013-July/msg01623.html (iii) http://www.redhat.com/archives/libvir-list/2013-July/msg01624.html For TL;DR: Message 1: At a conceptual level, what you're after here is a list of all the IP, mac address mappings of the virtual network. This information is useful even outside the context of the hypervisor driver method you're working on. So we should create formal APIs for exposing this, something like: virNetworkGetDHCPLeases(virNetworkPtr network, virNetworkDHCPLeasePtr *leases, unsigned int nleases); And/or this virNetworkGetDHCPLeaseForMAC(virNetworkPtr network, unsigned char *macaddr, virNetworkDHCPLeasePtr lease); and a corresponding 'virsh net-dhcp-leases netname' command Daniel Message 2: for the api interface: int virNetworkGetDHCPLeases(virNetworkPtr network, unsigned char *macaddr, virNetworkDHCPLeasePtr *leases, unsigned int nleases); i think this is better. which returns all of the leases if no mac is specified. otherwise just returns the lease of the network matches the mac. osier Message 3: I rather prefer to see separate APIs for this job as I described. Sure you could have an optional macaddr parameter, but I think it is nicer to just have clear APIs for the list many vs get one tasks. Regards, Daniel Regards, Nehal J Wani -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [python PATCH] maint: document development against uninstalled libvirt
On 06/26/2014 03:38 AM, Daniel P. Berrange wrote: Now all I have to do is run 'python setup.py build' to build against installed libvirt, vs. 'make' to build against development libvirt, at least for my machine. It occurs to me that if we edit the 'run' script in libvirt GIT to set that PKG_CONFIG_PATH setting, then you could build and test the python bindings by doing /home/eblake/libvirt/run python setup.py build Or in your case with the make wrapper /home/eblake/libvirt/run make Nice; I'll post a followup patch to document that (it fits well with the run script being able to do anything else that favors the uninstalled libvirt). -- Eric Blake eblake redhat com+1-919-301-3266 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] Fix typo s/SASL_CONF_DIR/SASL_CONF_PATH/ in QEMU VNC code
On Thu, Jun 26, 2014 at 02:18:51PM +0200, Christophe Fergeau wrote: Hey, On Thu, Jun 26, 2014 at 11:49:21AM +0100, Daniel P. Berrange wrote: The QEMU VNC client arg code has a long standing typo of SASL_CONF_DIR when it should be SASL_CONFIG_PATH for the env variable name. You've already sent this last Octoer ;) Ján Tomko pointed out that the log should mention SASL_CONF_PATH, not SASL_CONFIG_PATH, and I had ACK'ed it. Ha, so I have. Will push it with the fix Regards, Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCHv6 2/7] qemu: monitor: Add argument for specifying backing name for block commit
To allow changing the name that is recorded in the overlay of the TOP image used in a block commit operation, we need to specify the backing name to qemu. This is done via the backing-file attribute to the block-commit command. --- src/qemu/qemu_driver.c | 1 + src/qemu/qemu_monitor.c | 10 ++ src/qemu/qemu_monitor.h | 1 + src/qemu/qemu_monitor_json.c | 2 ++ src/qemu/qemu_monitor_json.h | 1 + tests/qemumonitorjsontest.c | 2 +- 6 files changed, 12 insertions(+), 5 deletions(-) diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 224df54..9f9fdea 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -15642,6 +15642,7 @@ qemuDomainBlockCommit(virDomainPtr dom, ret = qemuMonitorBlockCommit(priv-mon, device, top !topIndex ? top : topSource-path, base !baseIndex ? base : baseSource-path, + NULL, bandwidth); qemuDomainObjExitMonitor(driver, vm); diff --git a/src/qemu/qemu_monitor.c b/src/qemu/qemu_monitor.c index 2d584fc..3bc06e5 100644 --- a/src/qemu/qemu_monitor.c +++ b/src/qemu/qemu_monitor.c @@ -3234,13 +3234,14 @@ qemuMonitorTransaction(qemuMonitorPtr mon, virJSONValuePtr actions) int qemuMonitorBlockCommit(qemuMonitorPtr mon, const char *device, const char *top, const char *base, + const char *backingName, unsigned long bandwidth) { int ret = -1; unsigned long long speed; -VIR_DEBUG(mon=%p, device=%s, top=%s, base=%s, bandwidth=%ld, - mon, device, top, base, bandwidth); +VIR_DEBUG(mon=%p, device=%s, top=%s, base=%s, backingName=%s, bandwidth=%lu, + mon, device, top, base, NULLSTR(backingName), bandwidth); /* Convert bandwidth MiB to bytes - unfortunately the JSON QMP protocol is * limited to LLONG_MAX also for unsigned values */ @@ -3254,7 +3255,8 @@ qemuMonitorBlockCommit(qemuMonitorPtr mon, const char *device, speed = 20; if (mon-json) -ret = qemuMonitorJSONBlockCommit(mon, device, top, base, speed); +ret = qemuMonitorJSONBlockCommit(mon, device, top, base, + backingName, speed); else virReportError(VIR_ERR_OPERATION_UNSUPPORTED, %s, _(block-commit requires JSON monitor)); @@ -3269,7 +3271,7 @@ qemuMonitorSupportsActiveCommit(qemuMonitorPtr mon) if (!mon-json) return false; -return qemuMonitorJSONBlockCommit(mon, bogus, NULL, NULL, 0) == -2; +return qemuMonitorJSONBlockCommit(mon, bogus, NULL, NULL, NULL, 0) == -2; } diff --git a/src/qemu/qemu_monitor.h b/src/qemu/qemu_monitor.h index 63e78d8..4652ea5 100644 --- a/src/qemu/qemu_monitor.h +++ b/src/qemu/qemu_monitor.h @@ -662,6 +662,7 @@ int qemuMonitorBlockCommit(qemuMonitorPtr mon, const char *device, const char *top, const char *base, + const char *backingName, unsigned long bandwidth) ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3) ATTRIBUTE_NONNULL(4); diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c index 75b33e8..719be66 100644 --- a/src/qemu/qemu_monitor_json.c +++ b/src/qemu/qemu_monitor_json.c @@ -3465,6 +3465,7 @@ qemuMonitorJSONTransaction(qemuMonitorPtr mon, virJSONValuePtr actions) int qemuMonitorJSONBlockCommit(qemuMonitorPtr mon, const char *device, const char *top, const char *base, + const char *backingName, unsigned long long speed) { int ret = -1; @@ -3476,6 +3477,7 @@ qemuMonitorJSONBlockCommit(qemuMonitorPtr mon, const char *device, U:speed, speed, S:top, top, S:base, base, + S:backing-file, backingName, NULL); if (!cmd) return -1; diff --git a/src/qemu/qemu_monitor_json.h b/src/qemu/qemu_monitor_json.h index 89e668c..652a4b6 100644 --- a/src/qemu/qemu_monitor_json.h +++ b/src/qemu/qemu_monitor_json.h @@ -261,6 +261,7 @@ int qemuMonitorJSONBlockCommit(qemuMonitorPtr mon, const char *device, const char *top, const char *base, + const char *backingName, unsigned long long bandwidth) ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2); diff --git a/tests/qemumonitorjsontest.c b/tests/qemumonitorjsontest.c index d136576..6debe13 100644 --- a/tests/qemumonitorjsontest.c +++ b/tests/qemumonitorjsontest.c @@ -1164,7 +1164,7 @@
[libvirt] [PATCHv6 0/7] Rest of the relative backing and network commit series
Mostly cosmetical changes since the last round. Peter Krempa (7): qemu: caps: Add capability for change-backing-file command qemu: monitor: Add argument for specifying backing name for block commit qemu: monitor: Add support for backing name specification for block-stream lib: Introduce flag VIR_DOMAIN_BLOCK_COMMIT_RELATIVE lib: Introduce flag VIR_DOMAIN_BLOCK_REBASE_RELATIVE qemu: Add support for networked disks for block commit qemu: Add support for networked disks for block pull/block rebase include/libvirt/libvirt.h.in | 6 +++ src/libvirt.c| 8 src/qemu/qemu_capabilities.c | 2 + src/qemu/qemu_capabilities.h | 1 + src/qemu/qemu_driver.c | 87 +++- src/qemu/qemu_migration.c| 6 +-- src/qemu/qemu_monitor.c | 22 ++- src/qemu/qemu_monitor.h | 4 +- src/qemu/qemu_monitor_json.c | 17 + src/qemu/qemu_monitor_json.h | 2 + tests/qemumonitorjsontest.c | 2 +- tools/virsh-domain.c | 18 - tools/virsh.pod | 9 - 13 files changed, 156 insertions(+), 28 deletions(-) -- 1.9.3 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCHv6 4/7] lib: Introduce flag VIR_DOMAIN_BLOCK_COMMIT_RELATIVE
Introduce flag for the block commit API to allow the commit operation to leave the chain relatively addressed. Also adds a virsh switch to enable this behavior. --- include/libvirt/libvirt.h.in | 3 +++ src/libvirt.c| 5 + tools/virsh-domain.c | 6 ++ tools/virsh.pod | 5 +++-- 4 files changed, 17 insertions(+), 2 deletions(-) diff --git a/include/libvirt/libvirt.h.in b/include/libvirt/libvirt.h.in index 594521e..d6a4a0f 100644 --- a/include/libvirt/libvirt.h.in +++ b/include/libvirt/libvirt.h.in @@ -2599,6 +2599,9 @@ typedef enum { have been committed */ VIR_DOMAIN_BLOCK_COMMIT_ACTIVE = 1 2, /* Allow a two-phase commit when top is the active layer */ +VIR_DOMAIN_BLOCK_COMMIT_RELATIVE = 1 3, /* keep the backing chain + referenced using relative + names */ } virDomainBlockCommitFlags; int virDomainBlockCommit(virDomainPtr dom, const char *disk, const char *base, diff --git a/src/libvirt.c b/src/libvirt.c index 566f984..5c19ec9 100644 --- a/src/libvirt.c +++ b/src/libvirt.c @@ -19884,6 +19884,11 @@ virDomainBlockRebase(virDomainPtr dom, const char *disk, * VIR_DOMAIN_BLOCK_COMMIT_DELETE, then this command will unlink all files * that were invalidated, after the commit successfully completes. * + * If @flags contains VIR_DOMAIN_BLOCK_COMMIT_RELATIVE, the name recorded + * into the overlay of the @top image (if there is such image) as the + * path to the new backing file will be kept relative to other images. + * The operation will fail if libvirt can't infer the name. + * * By default, if @base is NULL, the commit target will be the bottom of * the backing chain; if @flags contains VIR_DOMAIN_BLOCK_COMMIT_SHALLOW, * then the immediate backing file of @top will be used instead. If @top diff --git a/tools/virsh-domain.c b/tools/virsh-domain.c index f55dae4..b825a05 100644 --- a/tools/virsh-domain.c +++ b/tools/virsh-domain.c @@ -1496,6 +1496,8 @@ blockJobImpl(vshControl *ctl, const vshCmd *cmd, vshCommandOptBool(cmd, pivot) || vshCommandOptBool(cmd, keep-overlay)) flags |= VIR_DOMAIN_BLOCK_COMMIT_ACTIVE; +if (vshCommandOptBool(cmd, keep-relative)) +flags |= VIR_DOMAIN_BLOCK_COMMIT_RELATIVE; ret = virDomainBlockCommit(dom, path, base, top, bandwidth, flags); break; case VSH_CMD_BLOCK_JOB_COPY: @@ -1629,6 +1631,10 @@ static const vshCmdOptDef opts_block_commit[] = { .type = VSH_OT_BOOL, .help = N_(with --wait, don't wait for cancel to finish) }, +{.name = keep-relative, + .type = VSH_OT_BOOL, + .help = N_(keep the backing chain relatively referenced) +}, {.name = NULL} }; diff --git a/tools/virsh.pod b/tools/virsh.pod index b248c9a..1fe359c 100644 --- a/tools/virsh.pod +++ b/tools/virsh.pod @@ -785,7 +785,7 @@ address of virtual interface (such as Idetach-interface or Idomif-setlink) will accept the MAC address printed by this command. =item Bblockcommit Idomain Ipath [Ibandwidth] -[Ibase] [I--shallow] [Itop] [I--delete] +[Ibase] [I--shallow] [Itop] [I--delete] [I--keep-relative] [I--wait [I--async] [I--verbose]] [I--timeout Bseconds] [I--active] [{I--pivot | I--keep-overlay}] @@ -798,7 +798,8 @@ I--shallow can be used instead of Ibase to specify the immediate backing file of the resulting top image to be committed. The files being committed are rendered invalid, possibly as soon as the operation starts; using the I--delete flag will attempt to remove these invalidated -files at the successful completion of the commit operation. +files at the successful completion of the commit operation. When the +I--keep-relative flag is used, the backing file paths will be kept relative. When Itop is omitted or specified as the active image, it is also possible to specify I--active to trigger a two-phase active commit. In -- 1.9.3 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCHv6 3/7] qemu: monitor: Add support for backing name specification for block-stream
To allow changing the name that is recorded in the top of the current image chain used in a block pull/rebase operation, we need to specify the backing name to qemu. This is done via the backing-file attribute to the block-stream commad. --- src/qemu/qemu_driver.c | 8 src/qemu/qemu_migration.c| 6 +++--- src/qemu/qemu_monitor.c | 12 +++- src/qemu/qemu_monitor.h | 3 ++- src/qemu/qemu_monitor_json.c | 15 +++ src/qemu/qemu_monitor_json.h | 1 + 6 files changed, 32 insertions(+), 13 deletions(-) diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 9f9fdea..ba1bfe2 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -14894,7 +14894,7 @@ qemuDomainBlockPivot(virConnectPtr conn, /* Probe the status, if needed. */ if (!disk-mirroring) { qemuDomainObjEnterMonitor(driver, vm); -rc = qemuMonitorBlockJob(priv-mon, device, NULL, 0, info, +rc = qemuMonitorBlockJob(priv-mon, device, NULL, NULL, 0, info, BLOCK_JOB_INFO, true); qemuDomainObjExitMonitor(driver, vm); if (rc 0) @@ -15112,7 +15112,7 @@ qemuDomainBlockJobImpl(virDomainObjPtr vm, qemuDomainObjEnterMonitor(driver, vm); ret = qemuMonitorBlockJob(priv-mon, device, baseIndex ? baseSource-path : base, - bandwidth, info, mode, async); + NULL, bandwidth, info, mode, async); qemuDomainObjExitMonitor(driver, vm); if (ret 0) goto endjob; @@ -15158,8 +15158,8 @@ qemuDomainBlockJobImpl(virDomainObjPtr vm, virDomainBlockJobInfo dummy; qemuDomainObjEnterMonitor(driver, vm); -ret = qemuMonitorBlockJob(priv-mon, device, NULL, 0, dummy, - BLOCK_JOB_INFO, async); +ret = qemuMonitorBlockJob(priv-mon, device, NULL, NULL, 0, + dummy, BLOCK_JOB_INFO, async); qemuDomainObjExitMonitor(driver, vm); if (ret = 0) diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c index 7684aec..addae1d 100644 --- a/src/qemu/qemu_migration.c +++ b/src/qemu/qemu_migration.c @@ -1308,7 +1308,7 @@ qemuMigrationDriveMirror(virQEMUDriverPtr driver, _(canceled by client)); goto error; } -mon_ret = qemuMonitorBlockJob(priv-mon, diskAlias, NULL, 0, +mon_ret = qemuMonitorBlockJob(priv-mon, diskAlias, NULL, NULL, 0, info, BLOCK_JOB_INFO, true); qemuDomainObjExitMonitor(driver, vm); @@ -1360,7 +1360,7 @@ qemuMigrationDriveMirror(virQEMUDriverPtr driver, continue; if (qemuDomainObjEnterMonitorAsync(driver, vm, QEMU_ASYNC_JOB_MIGRATION_OUT) == 0) { -if (qemuMonitorBlockJob(priv-mon, diskAlias, NULL, 0, +if (qemuMonitorBlockJob(priv-mon, diskAlias, NULL, NULL, 0, NULL, BLOCK_JOB_ABORT, true) 0) { VIR_WARN(Unable to cancel block-job on '%s', diskAlias); } @@ -1426,7 +1426,7 @@ qemuMigrationCancelDriveMirror(qemuMigrationCookiePtr mig, QEMU_ASYNC_JOB_MIGRATION_OUT) 0) goto cleanup; -if (qemuMonitorBlockJob(priv-mon, diskAlias, NULL, 0, +if (qemuMonitorBlockJob(priv-mon, diskAlias, NULL, NULL, 0, NULL, BLOCK_JOB_ABORT, true) 0) VIR_WARN(Unable to stop block job on %s, diskAlias); qemuDomainObjExitMonitor(driver, vm); diff --git a/src/qemu/qemu_monitor.c b/src/qemu/qemu_monitor.c index 3bc06e5..4693870 100644 --- a/src/qemu/qemu_monitor.c +++ b/src/qemu/qemu_monitor.c @@ -3365,6 +3365,7 @@ int qemuMonitorScreendump(qemuMonitorPtr mon, int qemuMonitorBlockJob(qemuMonitorPtr mon, const char *device, const char *base, +const char *backingName, unsigned long bandwidth, virDomainBlockJobInfoPtr info, qemuMonitorBlockJobCmd mode, @@ -3373,9 +3374,10 @@ int qemuMonitorBlockJob(qemuMonitorPtr mon, int ret = -1; unsigned long long speed; -VIR_DEBUG(mon=%p, device=%s, base=%s, bandwidth=%luM, info=%p, mode=%o, - modern=%d, mon, device, NULLSTR(base), bandwidth, info, mode, - modern); +VIR_DEBUG(mon=%p, device=%s, base=%s, backingName=%s, bandwidth=%luM, + info=%p, mode=%o, modern=%d, + mon, device, NULLSTR(base), NULLSTR(backingName), + bandwidth, info, mode, modern); /* Convert bandwidth MiB to bytes - unfortunately the JSON QMP protocol is * limited to LLONG_MAX also for
[libvirt] [PATCHv6 5/7] lib: Introduce flag VIR_DOMAIN_BLOCK_REBASE_RELATIVE
Introduce flag for the block rebase API to allow the rebase operation to leave the chain relatively addressed. Also adds a virsh switch to enable this behavior. --- include/libvirt/libvirt.h.in | 3 +++ src/libvirt.c| 3 +++ tools/virsh-domain.c | 12 ++-- tools/virsh.pod | 4 4 files changed, 20 insertions(+), 2 deletions(-) diff --git a/include/libvirt/libvirt.h.in b/include/libvirt/libvirt.h.in index d6a4a0f..d438251 100644 --- a/include/libvirt/libvirt.h.in +++ b/include/libvirt/libvirt.h.in @@ -2580,6 +2580,9 @@ typedef enum { file for a copy */ VIR_DOMAIN_BLOCK_REBASE_COPY_RAW = 1 2, /* Make destination file raw */ VIR_DOMAIN_BLOCK_REBASE_COPY = 1 3, /* Start a copy job */ +VIR_DOMAIN_BLOCK_REBASE_RELATIVE = 1 4, /* Keep backing chain + referenced using relative + names */ } virDomainBlockRebaseFlags; int virDomainBlockRebase(virDomainPtr dom, const char *disk, diff --git a/src/libvirt.c b/src/libvirt.c index 5c19ec9..307de2a 100644 --- a/src/libvirt.c +++ b/src/libvirt.c @@ -19721,6 +19721,9 @@ virDomainBlockPull(virDomainPtr dom, const char *disk, * exists. If the job is aborted, a new one can be started later to * resume from the same point. * + * If @flags contains VIR_DOMAIN_BLOCK_REBASE_RELATIVE, the name recorded + * into the active disk as the location for @base will be kept relative. + * * When @flags includes VIR_DOMAIN_BLOCK_REBASE_COPY, this starts a copy, * where @base must be the name of a new file to copy the chain to. By * default, the copy will pull the entire source chain into the destination diff --git a/tools/virsh-domain.c b/tools/virsh-domain.c index b825a05..8275755 100644 --- a/tools/virsh-domain.c +++ b/tools/virsh-domain.c @@ -1479,10 +1479,14 @@ blockJobImpl(vshControl *ctl, const vshCmd *cmd, case VSH_CMD_BLOCK_JOB_PULL: if (vshCommandOptStringReq(ctl, cmd, base, base) 0) goto cleanup; -if (base) -ret = virDomainBlockRebase(dom, path, base, bandwidth, 0); + if (vshCommandOptBool(cmd, keep-relative)) + flags |= VIR_DOMAIN_BLOCK_REBASE_RELATIVE; + +if (base || flags) +ret = virDomainBlockRebase(dom, path, base, bandwidth, flags); else ret = virDomainBlockPull(dom, path, bandwidth, 0); + break; case VSH_CMD_BLOCK_JOB_COMMIT: if (vshCommandOptStringReq(ctl, cmd, base, base) 0 || @@ -2118,6 +2122,10 @@ static const vshCmdOptDef opts_block_pull[] = { .type = VSH_OT_BOOL, .help = N_(with --wait, don't wait for cancel to finish) }, +{.name = keep-relative, + .type = VSH_OT_BOOL, + .help = N_(keep the backing chain relatively referenced) +}, {.name = NULL} }; diff --git a/tools/virsh.pod b/tools/virsh.pod index 1fe359c..949cf57 100644 --- a/tools/virsh.pod +++ b/tools/virsh.pod @@ -876,6 +876,7 @@ Ibandwidth specifies copying bandwidth limit in MiB/s. =item Bblockpull Idomain Ipath [Ibandwidth] [Ibase] [I--wait [I--verbose] [I--timeout Bseconds] [I--async]] +[I--keep-relative] Populate a disk from its backing image chain. By default, this command flattens the entire chain; but if Ibase is specified, containing the @@ -895,6 +896,9 @@ is triggered, I--async will return control to the user as fast as possible, otherwise the command may continue to block a little while longer until the job is done cleaning up. +Using the I--keep-relative flag will keep the backing chain names +relative. + Ipath specifies fully-qualified path of the disk; it corresponds to a unique target name (target dev='name'/) or source file (source file='name'/) for one of the disk devices attached to Idomain (see -- 1.9.3 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCHv6 7/7] qemu: Add support for networked disks for block pull/block rebase
Now that we are able to select images from the backing chain via indexed access we should also convert possible network sources to qemu-compatible strings before passing them to qemu. --- src/qemu/qemu_driver.c | 45 + 1 file changed, 41 insertions(+), 4 deletions(-) diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index c142646..dd7ea88 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -15042,6 +15042,8 @@ qemuDomainBlockJobImpl(virDomainObjPtr vm, virDomainDiskDefPtr disk; virStorageSourcePtr baseSource = NULL; unsigned int baseIndex = 0; +char *basePath = NULL; +char *backingPath = NULL; if (!virDomainObjIsActive(vm)) { virReportError(VIR_ERR_OPERATION_INVALID, %s, @@ -15049,6 +15051,13 @@ qemuDomainBlockJobImpl(virDomainObjPtr vm, goto cleanup; } +if (flags VIR_DOMAIN_BLOCK_REBASE_RELATIVE !base) { +virReportError(VIR_ERR_INVALID_ARG, %s, + _(flag VIR_DOMAIN_BLOCK_REBASE_RELATIVE is valid only + with non-null base )); +goto cleanup; +} + priv = vm-privateData; if (virQEMUCapsGet(priv-qemuCaps, QEMU_CAPS_BLOCKJOB_ASYNC)) { async = true; @@ -15109,10 +15118,35 @@ qemuDomainBlockJobImpl(virDomainObjPtr vm, base, baseIndex, NULL goto endjob; +if (baseSource) { +if (qemuGetDriveSourceString(baseSource, NULL, basePath) 0) +goto endjob; + +if (flags VIR_DOMAIN_BLOCK_REBASE_RELATIVE) { +if (!virQEMUCapsGet(priv-qemuCaps, QEMU_CAPS_CHANGE_BACKING_FILE)) { +virReportError(VIR_ERR_CONFIG_UNSUPPORTED, %s, + _(this QEMU binary doesn't support relative + block pull/rebase)); +goto endjob; +} + +if (virStorageFileGetRelativeBackingPath(disk-src-backingStore, + baseSource, + backingPath) 0) +goto endjob; + + +if (!backingPath) { +virReportError(VIR_ERR_OPERATION_INVALID, %s, + _(can't keep relative backing relationship)); +goto endjob; +} +} +} + qemuDomainObjEnterMonitor(driver, vm); -ret = qemuMonitorBlockJob(priv-mon, device, - baseIndex ? baseSource-path : base, - NULL, bandwidth, info, mode, async); +ret = qemuMonitorBlockJob(priv-mon, device, basePath, backingPath, + bandwidth, info, mode, async); qemuDomainObjExitMonitor(driver, vm); if (ret 0) goto endjob; @@ -15188,6 +15222,8 @@ qemuDomainBlockJobImpl(virDomainObjPtr vm, } cleanup: +VIR_FREE(basePath); +VIR_FREE(backingPath); VIR_FREE(device); if (vm) virObjectUnlock(vm); @@ -15434,7 +15470,8 @@ qemuDomainBlockRebase(virDomainPtr dom, const char *path, const char *base, virCheckFlags(VIR_DOMAIN_BLOCK_REBASE_SHALLOW | VIR_DOMAIN_BLOCK_REBASE_REUSE_EXT | VIR_DOMAIN_BLOCK_REBASE_COPY | - VIR_DOMAIN_BLOCK_REBASE_COPY_RAW, -1); + VIR_DOMAIN_BLOCK_REBASE_COPY_RAW | + VIR_DOMAIN_BLOCK_REBASE_RELATIVE, -1); if (!(vm = qemuDomObjFromDomain(dom))) return -1; -- 1.9.3 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCHv6 1/7] qemu: caps: Add capability for change-backing-file command
This command allows to change the backing file name recorded in the metadata of a qcow (or other) image. The capability also notifies that the block-stream and block-commit commands understand the backing-file attribute. --- src/qemu/qemu_capabilities.c | 2 ++ src/qemu/qemu_capabilities.h | 1 + 2 files changed, 3 insertions(+) diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c index d5f2ef3..0baff2f 100644 --- a/src/qemu/qemu_capabilities.c +++ b/src/qemu/qemu_capabilities.c @@ -257,6 +257,7 @@ VIR_ENUM_IMPL(virQEMUCaps, QEMU_CAPS_LAST, host-pci-multidomain, msg-timestamp, active-commit, + change-backing-file, ); @@ -1416,6 +1417,7 @@ struct virQEMUCapsStringFlags virQEMUCapsCommands[] = { { blockdev-snapshot-sync, QEMU_CAPS_DISK_SNAPSHOT }, { add-fd, QEMU_CAPS_ADD_FD }, { nbd-server-start, QEMU_CAPS_NBD_SERVER }, +{ change-backing-file, QEMU_CAPS_CHANGE_BACKING_FILE }, }; struct virQEMUCapsStringFlags virQEMUCapsEvents[] = { diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h index 3dae302..89dcc6f 100644 --- a/src/qemu/qemu_capabilities.h +++ b/src/qemu/qemu_capabilities.h @@ -207,6 +207,7 @@ typedef enum { QEMU_CAPS_HOST_PCI_MULTIDOMAIN = 166, /* support domain 0 in host pci address */ QEMU_CAPS_MSG_TIMESTAMP = 167, /* -msg timestamp */ QEMU_CAPS_ACTIVE_COMMIT = 168, /* block-commit works without 'top' */ +QEMU_CAPS_CHANGE_BACKING_FILE = 169, /* change name of backing file in metadata */ QEMU_CAPS_LAST, /* this must always be the last item */ } virQEMUCapsFlags; -- 1.9.3 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [for 1.2.6] Redundancy of virNetworkGetDHCPLeases and virNetworkGetDHCPLeasesForMAC
On Thu, Jun 26, 2014 at 06:00:22PM +0530, Nehal J Wani wrote: On Thu, Jun 26, 2014 at 4:58 PM, Peter Krempa pkre...@redhat.com wrote: Hi, when reviewing the patch to add python bindings for the said APIs it occurred to me that the two APIs are so close in their prototypes and way of functioning that we could actually merge them into one. Both of those return a list of lease structures and the only difference is the presence of the @mac argument. We could unify those two APIs into one with the following signature: int virNetworkGetDHCPLeases(virNetworkPtr network, const char *mac, virNetworkDHCPLeasePtr **leases, unsigned int flags) And tweak the semantics of @mac where when the user passes NULL we'd return the complete unfiltered list. This would simplify our API and also the python bindings. If we decide this is a good idea (in time for the release) I'll post patches to flesh out the redundant parts. Peter A long long while ago, there was already a discussion on this References: (i) http://www.redhat.com/archives/libvir-list/2013-July/msg01609.html (ii) http://www.redhat.com/archives/libvir-list/2013-July/msg01623.html (iii) http://www.redhat.com/archives/libvir-list/2013-July/msg01624.html For TL;DR: Message 1: At a conceptual level, what you're after here is a list of all the IP, mac address mappings of the virtual network. This information is useful even outside the context of the hypervisor driver method you're working on. So we should create formal APIs for exposing this, something like: virNetworkGetDHCPLeases(virNetworkPtr network, virNetworkDHCPLeasePtr *leases, unsigned int nleases); And/or this virNetworkGetDHCPLeaseForMAC(virNetworkPtr network, unsigned char *macaddr, virNetworkDHCPLeasePtr lease); and a corresponding 'virsh net-dhcp-leases netname' command Unfortunately I didn't realize at the time, but my idea here was retarded. The reason I suggested having separate APIs is because it would make the 'ForMAC' case more app friendly as they'd only need to pass in a existing virNetworkDHCPLeasePtr instance, and not have to deal with dynamically allocated lists of leases. Of course what I completely missed was that even in the ForMAC case, we have to return a dynamic list of leases, because you can have both IPv4 and IPv6 leases for the same MAC. This basically kills the main compelling reason to have 2 separate APIs. So in retrospect I was wrong, and I agree with Peter that we should kill the ForMAC API and just add an (optional) macaddr parameter to the first API. Of course we can only decided to do this now before we release. Other opinions... Regards, Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCHv6 6/7] qemu: Add support for networked disks for block commit
Now that we are able to select images from the backing chain via indexed access we should also convert possible network sources to qemu-compatible strings before passing them to qemu. --- src/qemu/qemu_driver.c | 39 ++- 1 file changed, 34 insertions(+), 5 deletions(-) diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index ba1bfe2..c142646 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -15499,11 +15499,14 @@ qemuDomainBlockCommit(virDomainPtr dom, const char *top_parent = NULL; bool clean_access = false; virStorageSourcePtr mirror = NULL; - +char *topPath = NULL; +char *basePath = NULL; +char *backingPath = NULL; /* XXX Add support for COMMIT_DELETE */ virCheckFlags(VIR_DOMAIN_BLOCK_COMMIT_SHALLOW | - VIR_DOMAIN_BLOCK_COMMIT_ACTIVE, -1); + VIR_DOMAIN_BLOCK_COMMIT_ACTIVE | + VIR_DOMAIN_BLOCK_COMMIT_RELATIVE, -1); if (!(vm = qemuDomObjFromDomain(dom))) goto cleanup; @@ -15633,6 +15636,31 @@ qemuDomainBlockCommit(virDomainPtr dom, mirror-format = baseSource-format; } +if (qemuGetDriveSourceString(topSource, NULL, topPath) 0) +goto endjob; + +if (qemuGetDriveSourceString(baseSource, NULL, basePath) 0) +goto endjob; + +if (flags VIR_DOMAIN_BLOCK_COMMIT_RELATIVE +topSource != disk-src) { +if (!virQEMUCapsGet(priv-qemuCaps, QEMU_CAPS_CHANGE_BACKING_FILE)) { +virReportError(VIR_ERR_CONFIG_UNSUPPORTED, %s, + _(this qemu doesn't support relative blockpull)); +goto endjob; +} + +if (virStorageFileGetRelativeBackingPath(topSource, baseSource, + backingPath) 0) +goto endjob; + +if (!backingPath) { +virReportError(VIR_ERR_OPERATION_INVALID, %s, + _(can't keep relative backing relationship)); +goto endjob; +} +} + /* Start the commit operation. Pass the user's original spelling, * if any, through to qemu, since qemu may behave differently * depending on whether the input was specified as relative or @@ -15640,9 +15668,7 @@ qemuDomainBlockCommit(virDomainPtr dom, * thing if the user specified a relative name). */ qemuDomainObjEnterMonitor(driver, vm); ret = qemuMonitorBlockCommit(priv-mon, device, - top !topIndex ? top : topSource-path, - base !baseIndex ? base : baseSource-path, - NULL, + topPath, basePath, backingPath, bandwidth); qemuDomainObjExitMonitor(driver, vm); @@ -15667,6 +15693,9 @@ qemuDomainBlockCommit(virDomainPtr dom, vm = NULL; cleanup: +VIR_FREE(topPath); +VIR_FREE(basePath); +VIR_FREE(backingPath); VIR_FREE(device); if (vm) virObjectUnlock(vm); -- 1.9.3 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCHv4 3/4]vbox: Use vboxUniformedAPI to write common code
In vbox_common.c: vboxInitialize and vboxDomainSave are rewrited with vboxUniformedAPI. In vbox_common.h Some common definitions in vbox_CAPI_v*.h are directly extracted to this file. Some other incompatible defintions are simplified here. So we can write common code with it. --- po/POTFILES.in |1 + src/Makefile.am|1 + src/vbox/vbox_common.c | 150 +++ src/vbox/vbox_common.h | 151 4 files changed, 303 insertions(+) create mode 100644 src/vbox/vbox_common.c create mode 100644 src/vbox/vbox_common.h diff --git a/po/POTFILES.in b/po/POTFILES.in index 31a8381..8c1b712 100644 --- a/po/POTFILES.in +++ b/po/POTFILES.in @@ -213,6 +213,7 @@ src/util/virxml.c src/vbox/vbox_MSCOMGlue.c src/vbox/vbox_XPCOMCGlue.c src/vbox/vbox_driver.c +src/vbox/vbox_common.c src/vbox/vbox_snapshot_conf.c src/vbox/vbox_tmpl.c src/vmware/vmware_conf.c diff --git a/src/Makefile.am b/src/Makefile.am index c1e3f45..7a935e5 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -674,6 +674,7 @@ VBOX_DRIVER_SOURCES = \ vbox/vbox_V4_2_20.c vbox/vbox_CAPI_v4_2_20.h\ vbox/vbox_V4_3.c vbox/vbox_CAPI_v4_3.h \ vbox/vbox_V4_3_4.c vbox/vbox_CAPI_v4_3_4.h \ + vbox/vbox_common.c vbox/vbox_common.h \ vbox/vbox_uniformed_api.h VBOX_DRIVER_EXTRA_DIST = \ diff --git a/src/vbox/vbox_common.c b/src/vbox/vbox_common.c new file mode 100644 index 000..27211a0 --- /dev/null +++ b/src/vbox/vbox_common.c @@ -0,0 +1,150 @@ +/* + * Copyright 2014, Taowei Luo (uaeda...@gmail.com) + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library. If not, see + * http://www.gnu.org/licenses/. + */ + +#include config.h + +#include unistd.h + +#include internal.h +#include datatypes.h +#include domain_conf.h +#include domain_event.h +#include virlog.h + +#include vbox_common.h +#include vbox_uniformed_api.h + +/* Common codes for vbox driver. With the definitions in vbox_common.h, + * it treats vbox structs as a void*. Though vboxUniformedAPI + * it call vbox functions. This file is a high level implement about + * the vbox driver. + */ + +#define VIR_FROM_THIS VIR_FROM_VBOX + +VIR_LOG_INIT(vbox.vbox_common); + +#define RC_SUCCEEDED(rc) NS_SUCCEEDED(rc.resultCode) +#define RC_FAILED(rc) NS_FAILED(rc.resultCode) + +#define VBOX_RELEASE(arg) \ +do { \ +if (arg) {\ +pVBoxAPI-nsisupportsRelease((void *)arg);\ +(arg) = NULL; \ +} \ +} while (0) + +#define VBOX_OBJECT_CHECK(conn, type, value) \ +vboxGlobalData *data = conn-privateData;\ +type ret = value;\ +if (!data-vboxObj) {\ +return ret;\ +} + +static vboxUniformedAPI *pVBoxAPI; + +void vboxRegisterUniformedAPI(vboxUniformedAPI *vboxAPI) +{ +VIR_DEBUG(VirtualBox Uniformed API has been registered); +pVBoxAPI = vboxAPI; +} + +int vboxInitialize(vboxGlobalData *data) +{ +if (pVBoxAPI-pfnInitialize(data) != 0) +goto cleanup; + +if (pVBoxAPI-fWatchNeedInitialize pVBoxAPI-initializeFWatch(data) != 0) +goto cleanup; + +if (data-vboxObj == NULL) { +virReportError(VIR_ERR_INTERNAL_ERROR, %s, + _(IVirtualBox object is null)); +goto cleanup; +} + +if (data-vboxSession == NULL) { +virReportError(VIR_ERR_INTERNAL_ERROR, %s, + _(ISession object is null)); +goto cleanup; +} + +return 0; + + cleanup: +return -1; +} + +int vboxDomainSave(virDomainPtr dom, const char *path ATTRIBUTE_UNUSED) +{ +VBOX_OBJECT_CHECK(dom-conn, int, -1); +IConsole *console= NULL; +vboxIIDUnion iid; +IMachine *machine = NULL; +nsresult rc; + +pVBoxAPI-initializeVboxIID(iid); +/* VirtualBox currently doesn't support saving to a file + * at a location other then the machine folder and thus + * setting path to ATTRIBUTE_UNUSED for now,
[libvirt] [PATCHv4 4/4]vbox: Install vboxUniformedAPI
Install the uniformed API for common code. --- src/vbox/vbox_driver.c | 35 +++ 1 file changed, 31 insertions(+), 4 deletions(-) diff --git a/src/vbox/vbox_driver.c b/src/vbox/vbox_driver.c index 7d004b2..e90b7ef 100644 --- a/src/vbox/vbox_driver.c +++ b/src/vbox/vbox_driver.c @@ -39,6 +39,9 @@ #include vbox_glue.h #include virerror.h #include virutil.h +#include domain_event.h +#include domain_conf.h +#include vbox_uniformed_api.h #define VIR_FROM_THIS VIR_FROM_VBOX @@ -47,33 +50,43 @@ VIR_LOG_INIT(vbox.vbox_driver); extern virDriver vbox22Driver; extern virNetworkDriver vbox22NetworkDriver; extern virStorageDriver vbox22StorageDriver; +extern vboxUniformedAPI vbox22UniformedAPI; extern virDriver vbox30Driver; extern virNetworkDriver vbox30NetworkDriver; extern virStorageDriver vbox30StorageDriver; +extern vboxUniformedAPI vbox30UniformedAPI; extern virDriver vbox31Driver; extern virNetworkDriver vbox31NetworkDriver; extern virStorageDriver vbox31StorageDriver; +extern vboxUniformedAPI vbox31UniformedAPI; extern virDriver vbox32Driver; extern virNetworkDriver vbox32NetworkDriver; extern virStorageDriver vbox32StorageDriver; +extern vboxUniformedAPI vbox32UniformedAPI; extern virDriver vbox40Driver; extern virNetworkDriver vbox40NetworkDriver; extern virStorageDriver vbox40StorageDriver; +extern vboxUniformedAPI vbox40UniformedAPI; extern virDriver vbox41Driver; extern virNetworkDriver vbox41NetworkDriver; extern virStorageDriver vbox41StorageDriver; +extern vboxUniformedAPI vbox41UniformedAPI; extern virDriver vbox42Driver; extern virNetworkDriver vbox42NetworkDriver; extern virStorageDriver vbox42StorageDriver; +extern vboxUniformedAPI vbox42UniformedAPI; extern virDriver vbox42_20Driver; extern virNetworkDriver vbox42_20NetworkDriver; extern virStorageDriver vbox42_20StorageDriver; +extern vboxUniformedAPI vbox42_20UniformedAPI; extern virDriver vbox43Driver; extern virNetworkDriver vbox43NetworkDriver; extern virStorageDriver vbox43StorageDriver; +extern vboxUniformedAPI vbox43UniformedAPI; extern virDriver vbox43_4Driver; extern virNetworkDriver vbox43_4NetworkDriver; extern virStorageDriver vbox43_4StorageDriver; +extern vboxUniformedAPI vbox43_4UniformedAPI; static virDriver vboxDriverDummy; @@ -84,6 +97,7 @@ int vboxRegister(void) virDriverPtrdriver; virNetworkDriverPtr networkDriver; virStorageDriverPtr storageDriver; +vboxUniformedAPI*vboxAPI; uint32_tuVersion; /* @@ -95,6 +109,7 @@ int vboxRegister(void) driver= vboxDriverDummy; networkDriver = vbox22NetworkDriver; storageDriver = vbox22StorageDriver; +vboxAPI = vbox22UniformedAPI; /* Init the glue and get the API version. */ if (VBoxCGlueInit(uVersion) == 0) { @@ -113,51 +128,61 @@ int vboxRegister(void) driver= vbox22Driver; networkDriver = vbox22NetworkDriver; storageDriver = vbox22StorageDriver; +vboxAPI = vbox22UniformedAPI; } else if (uVersion = 2002051 uVersion 351) { VIR_DEBUG(VirtualBox API version: 3.0); driver= vbox30Driver; networkDriver = vbox30NetworkDriver; storageDriver = vbox30StorageDriver; +vboxAPI = vbox30UniformedAPI; } else if (uVersion = 351 uVersion 3001051) { VIR_DEBUG(VirtualBox API version: 3.1); driver= vbox31Driver; networkDriver = vbox31NetworkDriver; storageDriver = vbox31StorageDriver; +vboxAPI = vbox31UniformedAPI; } else if (uVersion = 3001051 uVersion 3002051) { VIR_DEBUG(VirtualBox API version: 3.2); driver= vbox32Driver; networkDriver = vbox32NetworkDriver; storageDriver = vbox32StorageDriver; +vboxAPI = vbox32UniformedAPI; } else if (uVersion = 3002051 uVersion 451) { VIR_DEBUG(VirtualBox API version: 4.0); driver= vbox40Driver; networkDriver = vbox40NetworkDriver; storageDriver = vbox40StorageDriver; +vboxAPI = vbox40UniformedAPI; } else if (uVersion = 451 uVersion 4001051) { VIR_DEBUG(VirtualBox API version: 4.1); driver= vbox41Driver; networkDriver = vbox41NetworkDriver; storageDriver = vbox41StorageDriver; +vboxAPI = vbox41UniformedAPI; } else if (uVersion = 4001051 uVersion 4002020) { VIR_DEBUG(VirtualBox API version: 4.2); driver= vbox42Driver; networkDriver = vbox42NetworkDriver; storageDriver = vbox42StorageDriver; +vboxAPI = vbox42UniformedAPI; } else if (uVersion = 4002020 uVersion 4002051) { -
[libvirt] [PATCHv4 1/4]vbox: Add definitions for vboxUniformedAPI
Introducing a new file vbox_uniformed_api to define the uniformed API and some other common types used by the API. All symbols defined in this file are treated the same in vbox_common.c as well as vbox_tmpl.c. Other specified defines will be put in vbox_CAPI_v*.h , vbox_tmpl.c(version specified) and vbox_common.h (only used for common code). --- src/Makefile.am |3 +- src/vbox/vbox_uniformed_api.h | 168 + 2 files changed, 170 insertions(+), 1 deletion(-) create mode 100644 src/vbox/vbox_uniformed_api.h diff --git a/src/Makefile.am b/src/Makefile.am index 2b9ac61..c1e3f45 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -673,7 +673,8 @@ VBOX_DRIVER_SOURCES = \ vbox/vbox_V4_2.c vbox/vbox_CAPI_v4_2.h \ vbox/vbox_V4_2_20.c vbox/vbox_CAPI_v4_2_20.h\ vbox/vbox_V4_3.c vbox/vbox_CAPI_v4_3.h \ - vbox/vbox_V4_3_4.c vbox/vbox_CAPI_v4_3_4.h + vbox/vbox_V4_3_4.c vbox/vbox_CAPI_v4_3_4.h \ + vbox/vbox_uniformed_api.h VBOX_DRIVER_EXTRA_DIST = \ vbox/vbox_tmpl.c vbox/README\ diff --git a/src/vbox/vbox_uniformed_api.h b/src/vbox/vbox_uniformed_api.h new file mode 100644 index 000..dfd9497 --- /dev/null +++ b/src/vbox/vbox_uniformed_api.h @@ -0,0 +1,168 @@ +/* + * Copyright 2014, Taowei Luo (uaeda...@gmail.com) + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library. If not, see + * http://www.gnu.org/licenses/. + */ + +#ifndef VBOX_UNIFORMED_API_H +# define VBOX_UNIFORMED_API_H + +# include internal.h + +/* This file may be used in three place. That is vbox_tmpl.c, + * vbox_common.c and vbox_driver.c. The vboxUniformedAPI and some + * types used for vboxUniformedAPI is defined here. + * + * The vbox_tmpl.c is the only place where the driver knows the inside + * architecture of those vbox structs(vboxObj, vboxSession, + * pFuncs, vboxCallback and vboxQueue). The file should be included + * after the currect vbox_CAPI_v*.h, then we can use the vbox structs + * in vboxGlobalData. The vbox_tmpl.c should implement functions + * defined in vboxUniformedAPI. + * + * In vbox_driver.c, it is used to define the struct vboxUniformedAPI. + * The vbox_driver.c collects vboxUniformedAPI for all versions. + * Then vboxRegister calls the vboxRegisterUniformedAPI to register. + * Note: In vbox_driver.c, the vbox structs in vboxGlobalData is + * defined by vbox_CAPI_v2.2.h. + * + * The vbox_common.c, it is used to generate common codes for all vbox + * versions. Bacause the same member varible's offset in a vbox struct + * may change between different vbox versions. The vbox_common.c + * shouldn't directly use struct's member varibles defined in + * vbox_CAPI_v*.h. To make things safety, we include the + * vbox_common.h in vbox_common.c. In this case, we treat structs + * defined by vbox as a void*. The common codes don't concern about + * the inside of this structs(actually, we can't, in the common level). + * With the help of vboxUniformed API, we call VirtualBox's API and + * implement the vbox driver in a high level. + * + * In conclusion: + * * In vbox_tmpl.c, this file is included after vbox_CAPI_v*.h + * * In vbox_driver.c, this file is included after vbox_glue.h + * * In vbox_common.c, this file is included after vbox_common.h + * + */ + +/* Extracted define from vbox_tmpl.c */ + +# ifdef WIN32 +struct _vboxIID_v2_x_WIN32 { +/* IID is represented by a GUID value. */ +GUID value; +}; +# endif /* !WIN32 */ + +struct _vboxIID_v2_x { +/* IID is represented by a pointer to a nsID. */ +nsID *value; + +/* backing is used in cases where we need to create or copy an IID. + * We cannot allocate memory that can be freed by ComUnallocMem. + * Therefore, we use this stack allocated nsID instead. */ +nsID backing; +}; + +struct _vboxIID_v3_x { +/* IID is represented by a UTF-16 encoded UUID in string form. */ +PRUnichar *value; + +/* owner indicates if we own the value and need to free it. */ +bool owner; +}; + +typedef union { +# ifdef WIN32 +struct _vboxIID_v2_x_WIN32 vboxIID_v2_x_WIN32; +# endif /* !WIN32 */ +struct _vboxIID_v2_x vboxIID_v2_x; +struct _vboxIID_v3_x vboxIID_v3_x; +} vboxIIDUnion; + +typedef
[libvirt] [PATCHv4 0/4] vbox: Rewrite vbox driver.
Use vboxUniformedAPI to rewrite vbox driver. vboxInitialize and vboxDomainSave are rewrited in this way. Taowei (4): add definitions for vboxUniformedAPI implement vboxUniformedAPI in vbox_tmpl.c use vboxUniformedAPI to generate common code install vboxUniformedAPI po/POTFILES.in|1 + src/Makefile.am |4 +- src/vbox/vbox_common.c| 150 +++ src/vbox/vbox_common.h| 151 +++ src/vbox/vbox_driver.c| 35 +++- src/vbox/vbox_tmpl.c | 419 - src/vbox/vbox_uniformed_api.h | 168 + 7 files changed, 749 insertions(+), 179 deletions(-) create mode 100644 src/vbox/vbox_common.c create mode 100644 src/vbox/vbox_common.h create mode 100644 src/vbox/vbox_uniformed_api.h -- 1.7.9.5 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH v1.2.[1-5]-maint] qemu: blockcopy: Don't remove existing disk mirror info
From: Peter Krempa pkre...@redhat.com When creating a new disk mirror the new struct is stored in a separate variable until everything went well. The removed hunk would actually remove existing mirror information for example when the api would be run if a mirror still exists. (cherry picked from commit 02b364e186d487f54ed410c01af042f23e812d42) This fixes a regression introduced in commit ff5f30b. Signed-off-by: Eric Blake ebl...@redhat.com Conflicts: src/qemu/qemu_driver.c - no refactoring of commit 7b7bf001 --- As Peter's patch resolves a regression, I'd like to backport it to the maint branches; however, that means redoing the patch. src/qemu/qemu_driver.c | 18 +- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 59185c6..591864f 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -15203,6 +15203,7 @@ qemuDomainBlockCopy(virDomainObjPtr vm, struct stat st; bool need_unlink = false; char *mirror = NULL; +int mirrorFormat; virQEMUDriverConfigPtr cfg = NULL; /* Preliminaries: find the disk we are editing, sanity checks */ @@ -15290,10 +15291,10 @@ qemuDomainBlockCopy(virDomainObjPtr vm, goto endjob; VIR_FORCE_CLOSE(fd); if (!format) -disk-mirrorFormat = disk-src.format; +mirrorFormat = disk-src.format; } else if (format) { -disk-mirrorFormat = virStorageFileFormatTypeFromString(format); -if (disk-mirrorFormat = 0) { +mirrorFormat = virStorageFileFormatTypeFromString(format); +if (mirrorFormat = 0) { virReportError(VIR_ERR_INVALID_ARG, _(unrecognized format '%s'), format); goto endjob; @@ -15303,11 +15304,11 @@ qemuDomainBlockCopy(virDomainObjPtr vm, * also passed the RAW flag (and format is non-NULL), or it is * safe for us to probe the format from the file that we will * be using. */ -disk-mirrorFormat = virStorageFileProbeFormat(dest, cfg-user, - cfg-group); +mirrorFormat = virStorageFileProbeFormat(dest, cfg-user, + cfg-group); } -if (!format disk-mirrorFormat 0) -format = virStorageFileFormatTypeToString(disk-mirrorFormat); +if (!format mirrorFormat 0) +format = virStorageFileFormatTypeToString(mirrorFormat); if (VIR_STRDUP(mirror, dest) 0) goto endjob; @@ -15333,13 +15334,12 @@ qemuDomainBlockCopy(virDomainObjPtr vm, /* Update vm in place to match changes. */ need_unlink = false; disk-mirror = mirror; +disk-mirrorFormat = mirrorFormat; mirror = NULL; endjob: if (need_unlink unlink(dest)) VIR_WARN(unable to unlink just-created %s, dest); -if (ret 0 disk) -disk-mirrorFormat = VIR_STORAGE_FILE_NONE; VIR_FREE(mirror); if (!qemuDomainObjEndJob(driver, vm)) vm = NULL; -- 1.9.3 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] securityselinuxlabeltest test fails on v1.2.5
On 06/25/2014 01:18 PM, Eric Blake wrote: On 06/25/2014 11:08 AM, Scott Sullivan wrote: I am trying to build v1.2.5-maint, however I have one test failing causing the build to fail: TEST: securityselinuxlabeltest !!!. 4 FAIL Can you rerun this to give more details on the failure: make -C tests check TESTS=securityselinuxlabeltest VIR_TEST_DEBUG=1 Thanks for the help. Here's the requested output: -bash-4.1$ make -C tests check TESTS=securityselinuxlabeltest VIR_TEST_DEBUG=1 make: Entering directory `/home/rpmbuild/packages/libvirt/tests' make libshunload.la libvirportallocatormock.la virnetserverclientmock.la vircgroupmock.la virpcimock.la libqemumonitortestutils.la qemuxml2argvmock.lavirusbmock.la libsecurityselinuxhelper.la virshtest sockettest nodeinfotest virbuftest commandtest seclabeltest virhashtest viratomictest utiltest shunloadtest vir timetest viruritest virkeyfiletest viralloctest virauthconfigtest virbitmaptest vircgrouptest vircryptotest virpcitest virendiantest virfiletest virfirewalltest viriscsitest virkeycodetest virlockspacetest virlogtest virstringtest virportallocatortest sysinfotest virstoragetest virnetdevbandwidthtest virkmodtest virca pstest domainconftest virhostdevtest virnetmessagetest virnetsockettest virnetserverclienttest virnettlscontexttest virnettlssessiontest fchosttest fdstreamtest securityselinuxtest viridentitytest securityselinuxlabeltest virdrivermoduletest qemuxml2argvtest qemuxml2xmltest qemuxmlnstest qemuargv2xmltest qemuhelptes t domainsnapshotxml2xmltest qemumonitortest qemumonitorjsontest qemuhotplugtest qemuagenttest qemucapabilitiestest qemucaps2xmltest lxcxml2xmltest lxcconf2xmltest openvzutilstest esxutilstest vmx2xmltest xml2vmxtest vmwarevertest jsontest networkxml2xmltest networkxml2xmlupdatetest networkxml2conftest networkxml2fir ewalltest nwfilterxml2xmltest nwfilterebiptablestest nwfilterxml2firewalltest storagevolxml2argvtest virscsitest storagevolxml2xmltest storagepoolxml2xmltest nodedevxml2xmltest interfacexml2xmltest cputest metadatatest secretxml2xmltest virusbtest eventtest libvirtdconftest objecteventtest commandhelper ssh test_conf make[1]: Entering directory `/home/rpmbuild/packages/libvirt/tests' make[1]: `libshunload.la' is up to date. make[1]: `libvirportallocatormock.la' is up to date. make[1]: `virnetserverclientmock.la' is up to date. make[1]: `vircgroupmock.la' is up to date. make[1]: `virpcimock.la' is up to date. make[1]: `libqemumonitortestutils.la' is up to date. make[1]: `qemuxml2argvmock.la' is up to date. make[1]: `virusbmock.la' is up to date. make[1]: `libsecurityselinuxhelper.la' is up to date. make[1]: `virshtest' is up to date. make[1]: `sockettest' is up to date. make[1]: `nodeinfotest' is up to date. make[1]: `virbuftest' is up to date. make[1]: `commandtest' is up to date. make[1]: `seclabeltest' is up to date. make[1]: `virhashtest' is up to date. make[1]: `viratomictest' is up to date. make[1]: `utiltest' is up to date. make[1]: `shunloadtest' is up to date. make[1]: `virtimetest' is up to date. make[1]: `viruritest' is up to date. make[1]: `virkeyfiletest' is up to date. make[1]: `viralloctest' is up to date. make[1]: `virauthconfigtest' is up to date. make[1]: `virbitmaptest' is up to date. make[1]: `vircgrouptest' is up to date. make[1]: `vircryptotest' is up to date. make[1]: `virpcitest' is up to date. make[1]: `virendiantest' is up to date. make[1]: `virfiletest' is up to date. make[1]: `virfirewalltest' is up to date. make[1]: `viriscsitest' is up to date. make[1]: `virkeycodetest' is up to date. make[1]: `virlockspacetest' is up to date. make[1]: `virlogtest' is up to date. make[1]: `virstringtest' is up to date. make[1]: `virportallocatortest' is up to date. make[1]: `sysinfotest' is up to date. make[1]: `virstoragetest' is up to date. make[1]: `virnetdevbandwidthtest' is up to date. make[1]: `virkmodtest' is up to date. make[1]: `vircapstest' is up to date. make[1]: `domainconftest' is up to date. make[1]: `virhostdevtest' is up to date. make[1]: `virnetmessagetest' is up to date. make[1]: `virnetsockettest' is up to date. make[1]: `virnetserverclienttest' is up to date. make[1]: `virnettlscontexttest' is up to date. make[1]: `virnettlssessiontest' is up to date. make[1]: `fchosttest' is up to date. make[1]: `fdstreamtest' is up to date. make[1]: `securityselinuxtest' is up to date. make[1]: `viridentitytest' is up to date. make[1]: `securityselinuxlabeltest' is up to date. make[1]: `virdrivermoduletest' is up to date. make[1]: `qemuxml2argvtest' is up to date. make[1]: `qemuxml2xmltest' is up to date. make[1]: `qemuxmlnstest' is up to date. make[1]: `qemuargv2xmltest' is up to date. make[1]: `qemuhelptest' is up to date. make[1]: `domainsnapshotxml2xmltest' is up to date. make[1]: `qemumonitortest' is up to date. make[1]: `qemumonitorjsontest' is up to date. make[1]: `qemuhotplugtest' is up to date. make[1]:
[libvirt] [PATCHv4 2/4]vbox: Implement vboxUniformedAPI in vbox_tmpl.c
Implement vboxUniformedAPI for each vbox API version. Some common code and definitions are moved to vbox_common.c and vbox_uniformed_api.h. --- src/vbox/vbox_tmpl.c | 419 +- 1 file changed, 245 insertions(+), 174 deletions(-) diff --git a/src/vbox/vbox_tmpl.c b/src/vbox/vbox_tmpl.c index 4ba9ad7..7d01308 100644 --- a/src/vbox/vbox_tmpl.c +++ b/src/vbox/vbox_tmpl.c @@ -89,7 +89,7 @@ /* Include this *last* or we'll get the wrong vbox_CAPI_*.h. */ #include vbox_glue.h - +#include vbox_uniformed_api.h #define VIR_FROM_THIS VIR_FROM_VBOX @@ -189,7 +189,7 @@ if (strUtf16) {\ #define DEBUGUUID(msg, iid) \ {\ -VIR_DEBUG(msg : {%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x},\ +VIR_DEBUG(%s: {%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x}, msg,\ (unsigned)(iid)-m0,\ (unsigned)(iid)-m1,\ (unsigned)(iid)-m2,\ @@ -203,42 +203,6 @@ if (strUtf16) {\ (unsigned)(iid)-m3[7]);\ }\ -typedef struct { -virMutex lock; -unsigned long version; - -virCapsPtr caps; -virDomainXMLOptionPtr xmlopt; - -IVirtualBox *vboxObj; -ISession *vboxSession; - -/** Our version specific API table pointer. */ -PCVBOXXPCOM pFuncs; - -#if VBOX_API_VERSION == 2002000 - -} vboxGlobalData; - -#else /* !(VBOX_API_VERSION == 2002000) */ - -/* Async event handling */ -virObjectEventStatePtr domainEvents; -int fdWatch; - -# if VBOX_API_VERSION = 3002000 -/* IVirtualBoxCallback is used in VirtualBox 3.x only */ -IVirtualBoxCallback *vboxCallback; -# endif /* VBOX_API_VERSION = 3002000 */ - -nsIEventQueue *vboxQueue; -int volatile vboxCallBackRefCount; - -/* pointer back to the connection */ -virConnectPtr conn; - -} vboxGlobalData; - /* g_pVBoxGlobalData has to be global variable, * there is no other way to make the callbacks * work other then having g_pVBoxGlobalData as @@ -249,6 +213,8 @@ typedef struct { * them that way */ +#if VBOX_API_VERSION 2002000 + static vboxGlobalData *g_pVBoxGlobalData = NULL; #endif /* !(VBOX_API_VERSION == 2002000) */ @@ -386,13 +352,10 @@ static void nsIDFromChar(nsID *iid, const unsigned char *uuid) typedef struct _vboxIID_v2_x_WIN32 vboxIID; typedef struct _vboxIID_v2_x_WIN32 vboxIID_v2_x_WIN32; -struct _vboxIID_v2_x_WIN32 { -/* IID is represented by a GUID value. */ -GUID value; -}; - # define VBOX_IID_INITIALIZER { { 0, 0, 0, { 0, 0, 0, 0, 0, 0, 0, 0 } } } +# define IIDU(name) (iidu-vboxIID_v2_x_WIN32.name) + static void vboxIIDUnalloc_v2_x_WIN32(vboxGlobalData *data ATTRIBUTE_UNUSED, vboxIID_v2_x_WIN32 *iid ATTRIBUTE_UNUSED) @@ -401,6 +364,13 @@ vboxIIDUnalloc_v2_x_WIN32(vboxGlobalData *data ATTRIBUTE_UNUSED, } static void +_vboxIIDUnalloc_v2_x_WIN32(vboxGlobalData *data ATTRIBUTE_UNUSED, + vboxIIDUnion *iid ATTRIBUTE_UNUSED) +{ +/* Nothing to free */ +} + +static void vboxIIDToUUID_v2_x_WIN32(vboxIID_v2_x_WIN32 *iid, unsigned char *uuid) { nsIDtoChar(uuid, (nsID *)iid-value); @@ -415,6 +385,13 @@ vboxIIDFromUUID_v2_x_WIN32(vboxGlobalData *data, vboxIID_v2_x_WIN32 *iid, nsIDFromChar((nsID *)iid-value, uuid); } +static void +_vboxIIDFromUUID_v2_x_WIN32(vboxGlobalData *data, vboxIIDUnion *iidu, + const unsigned char *uuid) +{ +vboxIIDFromUUID_v2_x_WIN32(data, iidu-vboxIID_v2_x_WIN32, uuid); +} + static bool vboxIIDIsEqual_v2_x_WIN32(vboxIID_v2_x_WIN32 *iid1, vboxIID_v2_x_WIN32 *iid2) { @@ -432,6 +409,7 @@ vboxIIDFromArrayItem_v2_x_WIN32(vboxGlobalData *data, vboxIID_v2_x_WIN32 *iid, memcpy(iid-value, items[idx], sizeof(GUID)); } + # define vboxIIDUnalloc(iid) vboxIIDUnalloc_v2_x_WIN32(data, iid) # define vboxIIDToUUID(iid, uuid) vboxIIDToUUID_v2_x_WIN32(iid, uuid) # define vboxIIDFromUUID(iid, uuid) vboxIIDFromUUID_v2_x_WIN32(data, iid, uuid) @@ -440,23 +418,16 @@ vboxIIDFromArrayItem_v2_x_WIN32(vboxGlobalData *data, vboxIID_v2_x_WIN32 *iid, vboxIIDFromArrayItem_v2_x_WIN32(data, iid, array, idx) # define DEBUGIID(msg, iid) DEBUGUUID(msg, (nsID *)(iid)) + # else /* !WIN32 */ typedef struct _vboxIID_v2_x vboxIID; typedef struct _vboxIID_v2_x vboxIID_v2_x; -struct _vboxIID_v2_x { -/* IID is represented by a pointer to a nsID. */ -nsID *value; - -/* backing is used in cases where we need to create or copy an IID. - * We cannot allocate memory that can be freed by ComUnallocMem. - * Therefore, we use this stack allocated nsID instead. */ -nsID backing; -}; - # define VBOX_IID_INITIALIZER { NULL, { 0, 0, 0, { 0, 0, 0, 0, 0, 0, 0, 0 } } } +# define IIDU(name) (iidu-vboxIID_v2_x.name) + static void vboxIIDUnalloc_v2_x(vboxGlobalData *data, vboxIID_v2_x *iid) { @@ -472,6 +443,12 @@ vboxIIDUnalloc_v2_x(vboxGlobalData *data, vboxIID_v2_x *iid) } static void +_vboxIIDUnalloc_v2_x(vboxGlobalData *data,
Re: [libvirt] [PATCH v1.2.[1-5]-maint] qemu: blockcopy: Don't remove existing disk mirror info
On 06/26/14 15:51, Eric Blake wrote: From: Peter Krempa pkre...@redhat.com When creating a new disk mirror the new struct is stored in a separate variable until everything went well. The removed hunk would actually remove existing mirror information for example when the api would be run if a mirror still exists. (cherry picked from commit 02b364e186d487f54ed410c01af042f23e812d42) This fixes a regression introduced in commit ff5f30b. Signed-off-by: Eric Blake ebl...@redhat.com Conflicts: src/qemu/qemu_driver.c - no refactoring of commit 7b7bf001 --- As Peter's patch resolves a regression, I'd like to backport it to the maint branches; however, that means redoing the patch. src/qemu/qemu_driver.c | 18 +- 1 file changed, 9 insertions(+), 9 deletions(-) ACK, Peter signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] docs: publish correct enum values
On 06/25/2014 05:23 PM, Eric Blake wrote: On 06/25/2014 03:09 PM, Eric Blake wrote: We publish libvirt-api.xml for others to use, and in fact, the libvirt-python bindings use it to generate enum values. However, we had an off-by-one bug that any enum that relied on C's rules for implicit initialization of the first enum member to 0 got listed in the xml as having a value of 1 (and all later members of the enum were equally botched). Affected are: - virDomainCoreDumpFormat (such as VIR_DOMAIN_CORE_DUMP_FORMAT_RAW), since libvirt TBD commit 9fbaff0 v1.2.3 - virDomainEventGraphicsAddressType (such as VIR_DOMAIN_EVENT_GRAPHICS_ADDRESS_IPV4), since libvirt TBD commit 987e31e v0.8.0 - virIPAddrType (such as VIR_IP_ADDR_TYPE_IPV4), since libvirt TBD commit 03e0e79, not yet released The fix is simple - since we add one to the previous value when encountering an enum without an initializer, the previous value must start at -1 so that the first enum member is assigned 0. Thanks to Nehal J Wani for reporting the problem on IRC, and for helping me zero in on the culprit function. Nehal reported on IRC that this fixed the problem, so I'm pushing the patch, and backporting to the maint branches. * docs/apibuild.py (CParser.parseEnumBlock): Fix implicit enum values. Signed-off-by: Eric Blake ebl...@redhat.com --- I'm going to touch up the commit message before pushing, once I do enough research on which versions of libvirt were impacted; but I just got interrupted, so I'm posting this now to get the review started. Research done. Bummer that our graphics event python bindings have been broken since 0.8.0 :( -- Eric Blake eblake redhat com+1-919-301-3266 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] securityselinuxlabeltest test fails on v1.2.5
On 06/26/2014 03:56 PM, Scott Sullivan wrote: 1) Labelling disks ... internal error: File /home/rpmbuild/packages/libvirt/tests/securityselinuxlabeldata/plain.raw context 'EOPNOTSUPP' did not match epected 'system_u:object_r:svirt_image_t:s0:c41,c264' libvirt: error : internal error: File /home/rpmbuild/packages/libvirt/tests/securityselinuxlabeldata/plain.raw context 'EOPNOTSUPP' did not match epected 'system_u:object_r:svirt_image_t:s0:c41,c264' FAILED 2) Labelling kernel... internal error: File /home/rpmbuild/packages/libvirt/tests/securityselinuxlabeldata/vmlinuz.raw context 'EOPNOTSUPP' did not match epected 'system_u:object_r:virt_content_t:s0' libvirt: error : internal error: File /home/rpmbuild/packages/libvirt/tests/securityselinuxlabeldata/vmlinuz.raw context 'EOPNOTSUPP' did not match epected 'system_u:object_r:virt_content_t:s0' FAILED 3) Labelling chardev ... internal error: File /home/rpmbuild/packages/libvirt/tests/securityselinuxlabeldata/plain.txt context 'EOPNOTSUPP' did not match epected 'system_u:object_r:svirt_image_t:s0:c41,c264' libvirt: error : internal error: File /home/rpmbuild/packages/libvirt/tests/securityselinuxlabeldata/plain.txt context 'EOPNOTSUPP' did not match epected 'system_u:object_r:svirt_image_t:s0:c41,c264' FAILED 4) Labelling nfs ... OK FAIL: securityselinuxlabeltest There was a patch skipping the test if setting xattrs is not supported, but it's not merged yet: https://www.redhat.com/archives/libvir-list/2014-June/msg00402.html Jan signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH] qemu: fix guestfwd chardev option back how it was
Since commit d86c876a66e320b55220d00113027c9ad6199cff we are using guestfwd=tcp:IP:PORT,chardev=ID for guestfwd specification, however, that has not changed in qemu, so guestfwd does not work since. Apart from that, guestfwd is not working with older qemu that doesn't have QEMU_CAPS_DEVICE. Both regressions exist since late 2009 and nobody found that (until now), so I'm only fixing the first one. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1112066 Signed-off-by: Martin Kletzander mklet...@redhat.com --- src/qemu/qemu_command.c | 2 +- tests/qemuxml2argvdata/qemuxml2argv-channel-guestfwd.args | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index 93d303e..5074aa1 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -9186,7 +9186,7 @@ qemuBuildChannelChrDeviceStr(char **deviceStr, port = virSocketAddrGetPort(chr-target.addr); if (virAsprintf(deviceStr, -user,guestfwd=tcp:%s:%i,chardev=char%s,id=user-%s, +user,guestfwd=tcp:%s:%i-chardev:char%s,id=user-%s, addr, port, chr-info.alias, chr-info.alias) 0) { virReportOOMError(); goto cleanup; diff --git a/tests/qemuxml2argvdata/qemuxml2argv-channel-guestfwd.args b/tests/qemuxml2argvdata/qemuxml2argv-channel-guestfwd.args index 7a15369..eb13430 100644 --- a/tests/qemuxml2argvdata/qemuxml2argv-channel-guestfwd.args +++ b/tests/qemuxml2argvdata/qemuxml2argv-channel-guestfwd.args @@ -4,5 +4,5 @@ pc -m 214 -smp 1 -nographic -nodefconfig -nodefaults -chardev socket,\ id=charmonitor,path=/tmp/test-monitor,server,nowait -mon chardev=charmonitor,\ id=monitor,mode=readline -no-acpi -boot c -usb -hda /dev/HostVG/QEMUGuest1 -chardev \ pipe,id=charchannel0,path=/tmp/guestfwd -netdev user,\ -guestfwd=tcp:10.0.2.1:4600,chardev=charchannel0,id=user-channel0 -device \ +guestfwd=tcp:10.0.2.1:4600-chardev:charchannel0,id=user-channel0 -device \ virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x3 -- 2.0.0 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] qemu: fix guestfwd chardev option back how it was
On 06/26/2014 04:36 PM, Martin Kletzander wrote: Since commit d86c876a66e320b55220d00113027c9ad6199cff we are using guestfwd=tcp:IP:PORT,chardev=ID for guestfwd specification, however, that has not changed in qemu, so guestfwd does not work since. Apart from that, guestfwd is not working with older qemu that doesn't have QEMU_CAPS_DEVICE. Both regressions exist since late 2009 and nobody found that (until now), so I'm only fixing the first one. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1112066 Signed-off-by: Martin Kletzander mklet...@redhat.com --- src/qemu/qemu_command.c | 2 +- tests/qemuxml2argvdata/qemuxml2argv-channel-guestfwd.args | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) ACK diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index 93d303e..5074aa1 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -9186,7 +9186,7 @@ qemuBuildChannelChrDeviceStr(char **deviceStr, port = virSocketAddrGetPort(chr-target.addr); if (virAsprintf(deviceStr, -user,guestfwd=tcp:%s:%i,chardev=char%s,id=user-%s, +user,guestfwd=tcp:%s:%i-chardev:char%s,id=user-%s, addr, port, chr-info.alias, chr-info.alias) 0) { virReportOOMError(); The OOM error is redundant here and right above it in qemuBuildParallelChrDeviceStr. signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH] net: merge virNetworkGetDHCPLeases and virNetworkGetDHCPLeasesForMAC
Instead of maintaining two very similar APIs, add the @mac parameter to virNetworkGetDHCPLeases and kill virNetworkGetDHCPLeasesForMAC. Both of those functions would return data the same way, so making @mac an optional filter simplifies a lot of stuff. --- daemon/remote.c | 69 +- include/libvirt/libvirt.h.in | 6 +--- src/driver.h | 8 + src/libvirt.c| 70 ++- src/libvirt_public.syms | 1 - src/network/bridge_driver.c | 69 +++--- src/remote/remote_driver.c | 71 ++-- src/remote/remote_protocol.x | 20 ++--- src/remote_protocol-structs | 15 +- tools/virsh-network.c| 5 +--- 10 files changed, 35 insertions(+), 299 deletions(-) diff --git a/daemon/remote.c b/daemon/remote.c index 9ffc1cb..ea16789 100644 --- a/daemon/remote.c +++ b/daemon/remote.c @@ -6292,6 +6292,7 @@ remoteDispatchNetworkGetDHCPLeases(virNetServerPtr server ATTRIBUTE_UNUSED, goto cleanup; if ((nleases = virNetworkGetDHCPLeases(net, + args-mac ? *args-mac : NULL, args-need_results ? leases : NULL, args-flags)) 0) goto cleanup; @@ -6336,74 +6337,6 @@ remoteDispatchNetworkGetDHCPLeases(virNetServerPtr server ATTRIBUTE_UNUSED, } -static int -remoteDispatchNetworkGetDHCPLeasesForMAC(virNetServerPtr server ATTRIBUTE_UNUSED, - virNetServerClientPtr client, - virNetMessagePtr msg ATTRIBUTE_UNUSED, - virNetMessageErrorPtr rerr, - remote_network_get_dhcp_leases_for_mac_args *args, - remote_network_get_dhcp_leases_for_mac_ret *ret) -{ -int rv = -1; -size_t i; -struct daemonClientPrivate *priv = virNetServerClientGetPrivateData(client); -virNetworkDHCPLeasePtr *leases = NULL; -virNetworkPtr net = NULL; -int nleases = 0; - -if (!priv-conn) { -virReportError(VIR_ERR_INTERNAL_ERROR, %s, _(connection not open)); -goto cleanup; -} - -if (!(net = get_nonnull_network(priv-conn, args-net))) -goto cleanup; - -if ((nleases = virNetworkGetDHCPLeasesForMAC(net, args-mac, - args-need_results ? leases : NULL, - args-flags)) 0) -goto cleanup; - -if (nleases REMOTE_NETWORK_DHCP_LEASES_MAX) { -virReportError(VIR_ERR_INTERNAL_ERROR, - _(Number of leases is %d, which exceeds max limit: %d), - nleases, REMOTE_NETWORK_DHCP_LEASES_MAX); -return -1; -} - -if (leases nleases) { -if (VIR_ALLOC_N(ret-leases.leases_val, nleases) 0) -goto cleanup; - -ret-leases.leases_len = nleases; - -for (i = 0; i nleases; i++) { -if (remoteSerializeDHCPLease(ret-leases.leases_val + i, leases[i]) 0) -goto cleanup; -} - -} else { -ret-leases.leases_len = 0; -ret-leases.leases_val = NULL; -} - -ret-ret = nleases; - -rv = 0; - - cleanup: -if (rv 0) -virNetMessageSaveError(rerr); -if (leases) { -for (i = 0; i nleases; i++) -virNetworkDHCPLeaseFree(leases[i]); -VIR_FREE(leases); -} -virNetworkFree(net); -return rv; -} - - /*- Helpers. -*/ /* get_nonnull_domain and get_nonnull_network turn an on-wire diff --git a/include/libvirt/libvirt.h.in b/include/libvirt/libvirt.h.in index 594521e..032d6e6 100644 --- a/include/libvirt/libvirt.h.in +++ b/include/libvirt/libvirt.h.in @@ -5169,14 +5169,10 @@ struct _virNetworkDHCPLease { void virNetworkDHCPLeaseFree(virNetworkDHCPLeasePtr lease); int virNetworkGetDHCPLeases(virNetworkPtr network, +const char *mac, virNetworkDHCPLeasePtr **leases, unsigned int flags); -int virNetworkGetDHCPLeasesForMAC(virNetworkPtr network, - const char *mac, - virNetworkDHCPLeasePtr **leases, - unsigned int flags); - /** * virConnectNetworkEventGenericCallback: * @conn: the connection pointer diff --git a/src/driver.h b/src/driver.h index 6e72e92..5018068 100644 --- a/src/driver.h +++ b/src/driver.h @@ -1184,15 +1184,10 @@ typedef int typedef int (*virDrvNetworkGetDHCPLeases)(virNetworkPtr network, + const char *mac, virNetworkDHCPLeasePtr **leases, unsigned int flags); -typedef int
Re: [libvirt] [PATCH] qemu: fix guestfwd chardev option back how it was
On Thu, Jun 26, 2014 at 04:48:23PM +0200, Ján Tomko wrote: On 06/26/2014 04:36 PM, Martin Kletzander wrote: Since commit d86c876a66e320b55220d00113027c9ad6199cff we are using guestfwd=tcp:IP:PORT,chardev=ID for guestfwd specification, however, that has not changed in qemu, so guestfwd does not work since. Apart from that, guestfwd is not working with older qemu that doesn't have QEMU_CAPS_DEVICE. Both regressions exist since late 2009 and nobody found that (until now), so I'm only fixing the first one. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1112066 Signed-off-by: Martin Kletzander mklet...@redhat.com --- src/qemu/qemu_command.c | 2 +- tests/qemuxml2argvdata/qemuxml2argv-channel-guestfwd.args | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) ACK diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index 93d303e..5074aa1 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -9186,7 +9186,7 @@ qemuBuildChannelChrDeviceStr(char **deviceStr, port = virSocketAddrGetPort(chr-target.addr); if (virAsprintf(deviceStr, -user,guestfwd=tcp:%s:%i,chardev=char%s,id=user-%s, +user,guestfwd=tcp:%s:%i-chardev:char%s,id=user-%s, addr, port, chr-info.alias, chr-info.alias) 0) { virReportOOMError(); The OOM error is redundant here and right above it in qemuBuildParallelChrDeviceStr. And few other places all over the code as well. Since this is pre-existing and not related to this code I won't change it in this patch, but cleanup for more of these would be nice. 'git grep virReportOOMError src/ tests/' reports 273 matching lines and I'm _pretty_ certain we don't have that many allocation functions. Thanks, pushed. Martin signature.asc Description: Digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] net: merge virNetworkGetDHCPLeases and virNetworkGetDHCPLeasesForMAC
On 06/26/2014 04:51 PM, Peter Krempa wrote: Instead of maintaining two very similar APIs, add the @mac parameter to virNetworkGetDHCPLeases and kill virNetworkGetDHCPLeasesForMAC. Both of those functions would return data the same way, so making @mac an optional filter simplifies a lot of stuff. --- daemon/remote.c | 69 +- include/libvirt/libvirt.h.in | 6 +--- src/driver.h | 8 + src/libvirt.c| 70 ++- src/libvirt_public.syms | 1 - src/network/bridge_driver.c | 69 +++--- src/remote/remote_driver.c | 71 ++-- src/remote/remote_protocol.x | 20 ++--- src/remote_protocol-structs | 15 +- tools/virsh-network.c| 5 +--- 10 files changed, 35 insertions(+), 299 deletions(-) diff --git a/src/libvirt.c b/src/libvirt.c index 566f984..49c9d16 100644 --- a/src/libvirt.c +++ b/src/libvirt.c @@ -21110,65 +21117,6 @@ virNetworkGetDHCPLeases(virNetworkPtr network, return -1; } -/** - * virNetworkGetDHCPLeasesForMAC: - * @network: Pointer to network object - * @mac: ASCII formatted MAC address of an interface - * @leases: Pointer to a variable to store the array containing details on - * obtained leases, or NULL if the list is not required (just returns - * number of leases). - * @flags: extra flags, not used yet, so callers should always pass 0 - * - * The API fetches leases info of the interface which matches with the - * given @mac. There can be multiple leases for a single @mac because this - * API supports DHCPv6 too. - * - * Returns the number of leases found or -1 and sets @leases to NULL in case of - * error. On success, the array stored into @leases is guaranteed to have an - * extra allocated element set to NULL but not included in the return count, - * to make iteration easier. The caller is responsible for calling - * virNetworkDHCPLeaseFree() on each array element, then calling free() on @leases. - * - * See virNetworkGetDHCPLeases() for more details on list contents. - */ -int -virNetworkGetDHCPLeasesForMAC(virNetworkPtr network, - const char *mac, - virNetworkDHCPLeasePtr **leases, - unsigned int flags) -{ -virConnectPtr conn; - -VIR_DEBUG(network=%p, mac=%s, leases=%p, flags=%x, - network, mac, leases, flags); You should add mac to the debug message at the start of the other API. - -virResetLastError(); - -if (leases) -*leases = NULL; - -virCheckNonNullArgGoto(mac, error); - -virCheckNetworkReturn(network, -1); --- a/src/remote/remote_driver.c +++ b/src/remote/remote_driver.c @@ -7614,6 +7615,7 @@ remoteNetworkGetDHCPLeases(virNetworkPtr net, remoteDriverLock(priv); make_nonnull_network(args.net, net); +args.mac = mac == NULL ? NULL : (char **) mac; Nit: mac ? (char **) mac : NULL would be IMO nicer. args.flags = flags; args.need_results = !!leases; diff --git a/tools/virsh-network.c b/tools/virsh-network.c index 2d5b9be..e7499fa 100644 --- a/tools/virsh-network.c +++ b/tools/virsh-network.c @@ -1348,10 +1348,7 @@ cmdNetworkDHCPLeases(vshControl *ctl, const vshCmd *cmd) if (!(network = vshCommandOptNetwork(ctl, cmd, name))) return false; -nleases = mac ? virNetworkGetDHCPLeasesForMAC(network, mac, leases, flags) -: virNetworkGetDHCPLeases(network, leases, flags); - -if (nleases 0) { +if ((nleases = virNetworkGetDHCPLeases(network, mac, leases, flags) 0)) { Wrong parenthesising. ACK with the debug message added and virsh functionality fixed. Jan signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] securityselinuxlabeltest test fails on v1.2.5
On 06/26/2014 10:09 AM, Ján Tomko wrote: On 06/26/2014 03:56 PM, Scott Sullivan wrote: 1) Labelling disks ... internal error: File /home/rpmbuild/packages/libvirt/tests/securityselinuxlabeldata/plain.raw context 'EOPNOTSUPP' did not match epected 'system_u:object_r:svirt_image_t:s0:c41,c264' libvirt: error : internal error: File /home/rpmbuild/packages/libvirt/tests/securityselinuxlabeldata/plain.raw context 'EOPNOTSUPP' did not match epected 'system_u:object_r:svirt_image_t:s0:c41,c264' FAILED 2) Labelling kernel... internal error: File /home/rpmbuild/packages/libvirt/tests/securityselinuxlabeldata/vmlinuz.raw context 'EOPNOTSUPP' did not match epected 'system_u:object_r:virt_content_t:s0' libvirt: error : internal error: File /home/rpmbuild/packages/libvirt/tests/securityselinuxlabeldata/vmlinuz.raw context 'EOPNOTSUPP' did not match epected 'system_u:object_r:virt_content_t:s0' FAILED 3) Labelling chardev ... internal error: File /home/rpmbuild/packages/libvirt/tests/securityselinuxlabeldata/plain.txt context 'EOPNOTSUPP' did not match epected 'system_u:object_r:svirt_image_t:s0:c41,c264' libvirt: error : internal error: File /home/rpmbuild/packages/libvirt/tests/securityselinuxlabeldata/plain.txt context 'EOPNOTSUPP' did not match epected 'system_u:object_r:svirt_image_t:s0:c41,c264' FAILED 4) Labelling nfs ... OK FAIL: securityselinuxlabeltest There was a patch skipping the test if setting xattrs is not supported, but it's not merged yet: https://www.redhat.com/archives/libvir-list/2014-June/msg00402.html Jan Jan, Thanks for this. I've applied the patch and it has solved my issues. Thanks again. -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [for 1.2.6] Redundancy of virNetworkGetDHCPLeases and virNetworkGetDHCPLeasesForMAC
On 06/26/2014 07:36 AM, Daniel P. Berrange wrote: Both of those return a list of lease structures and the only difference is the presence of the @mac argument. We could unify those two APIs into one with the following signature: int virNetworkGetDHCPLeases(virNetworkPtr network, const char *mac, virNetworkDHCPLeasePtr **leases, unsigned int flags) And tweak the semantics of @mac where when the user passes NULL we'd return the complete unfiltered list. I'm in favor of this simplification as well. Of course what I completely missed was that even in the ForMAC case, we have to return a dynamic list of leases, because you can have both IPv4 and IPv6 leases for the same MAC. This basically kills the main compelling reason to have 2 separate APIs. I remember the earlier debate, and think I kind of missed that point at the time, as well. So in retrospect I was wrong, and I agree with Peter that we should kill the ForMAC API and just add an (optional) macaddr parameter to the first API. Of course we can only decided to do this now before we release. Yes, now is the time to make the fix, before RC-2 is spun (so we still have some test time), and before it is baked into the 1.2.6 release. -- Eric Blake eblake redhat com+1-919-301-3266 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH V2] libxl: detect support for save and restore
Eric Blake wrote: On 06/25/2014 06:09 PM, Jim Fehlig wrote: libxl does not support save, restore, or migrate on all architectures, notably ARM. Detect whether libxl supports these operations using LIBXL_HAVE_NO_SUSPEND_RESUME. If not supported, drop advertisement of migration_features. Found by Ian Campbell while improving Xen's OSSTEST infrastructure http://lists.xen.org/archives/html/xen-devel/2014-06/msg02171.html Signed-off-by: Jim Fehlig jfeh...@suse.com --- Another option for https://www.redhat.com/archives/libvir-list/2014-June/msg01276.html With this one, we even avoid the distasteful double negative :). Compile-tested on x86 only at this point. The ARM build is still slowly grinding away... src/libxl/libxl_conf.c | 4 src/libxl/libxl_driver.c | 35 +++ 2 files changed, 39 insertions(+) Looks better; thanks for putting up with me :) ACK if it passes your testing Ian provided the passing test results. I've pushed this now. Thanks! Regards, Jim -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] test: add user_xattr check for securityselinuxlabeltest
On 06/09/2014 05:36 AM, Jincheng Miao wrote: libvirt unit test used setxattr with user.libvirt.selinux name to emulate setfilecon of selinux. But for some old kernel filesystem (like 2.6.32-431.el6.x86_64), if the filesystem is not mounted with user_xattr flag, the setxattr with user.libvirt.selinux will fail. So adding testUserXattrEnabled() in securityselinuxlabeltest.c, if user_xattr is not enabled, skip this case. The user_xattr is departed in newer kernel, therefore this commit is only for the compatablity for old kernel. Signed-off-by: Jincheng Miao jm...@redhat.com --- tests/securityselinuxlabeltest.c | 33 + 1 files changed, 33 insertions(+), 0 deletions(-) Tested here: https://www.redhat.com/archives/libvir-list/2014-June/msg01387.html ACK and pushed, with a tweak: +static int +testUserXattrEnabled(void) This is a tri-state return ( 0 for error, 0 for unsupported, 1 for enabled)... @@ -322,6 +352,9 @@ mymain(void) { int ret = 0; +if (!testUserXattrEnabled()) +return EXIT_AM_SKIP; ...but this was a binary check. Really, it should fail the test on -1, rather than blindly proceeding on. -- Eric Blake eblake redhat com+1-919-301-3266 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] Add test for type none model dac seclabel
On 06/10/2014 02:19 AM, Ján Tomko wrote: --- .../qemuxml2argv-seclabel-dac-none.args| 4 .../qemuxml2argv-seclabel-dac-none.xml | 28 ++ tests/qemuxml2argvtest.c | 1 + tests/qemuxml2xmltest.c| 1 + 4 files changed, 34 insertions(+) create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-seclabel-dac-none.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-seclabel-dac-none.xml ACK, and safe for freeze (more tests are always good) -- Eric Blake eblake redhat com+1-919-301-3266 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] securityselinuxlabeltest test fails on v1.2.5
On 06/26/2014 09:38 AM, Scott Sullivan wrote: On 06/26/2014 10:09 AM, Ján Tomko wrote: On 06/26/2014 03:56 PM, Scott Sullivan wrote: 1) Labelling disks ... internal error: File /home/rpmbuild/packages/libvirt/tests/securityselinuxlabeldata/plain.raw context 'EOPNOTSUPP' did not match epected 'system_u:object_r:svirt_image_t:s0:c41,c264' There was a patch skipping the test if setting xattrs is not supported, but it's not merged yet: https://www.redhat.com/archives/libvir-list/2014-June/msg00402.html Jan Jan, Thanks for this. I've applied the patch and it has solved my issues. Now pushed; it missed 1.2.6-rc1, but should be in rc2, if you want to test that in a couple days. -- Eric Blake eblake redhat com+1-919-301-3266 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH v1.2.[1-5]-maint] qemu: blockcopy: Don't remove existing disk mirror info
On 06/26/2014 07:56 AM, Peter Krempa wrote: On 06/26/14 15:51, Eric Blake wrote: From: Peter Krempa pkre...@redhat.com When creating a new disk mirror the new struct is stored in a separate variable until everything went well. The removed hunk would actually remove existing mirror information for example when the api would be run if a mirror still exists. (cherry picked from commit 02b364e186d487f54ed410c01af042f23e812d42) This fixes a regression introduced in commit ff5f30b. Signed-off-by: Eric Blake ebl...@redhat.com Conflicts: src/qemu/qemu_driver.c - no refactoring of commit 7b7bf001 --- As Peter's patch resolves a regression, I'd like to backport it to the maint branches; however, that means redoing the patch. src/qemu/qemu_driver.c | 18 +- 1 file changed, 9 insertions(+), 9 deletions(-) ACK, I'm awaiting word on whether this regression represents a CVE. Obviously, the fix is already public, so I'm not making the situation any worse by mentioning that this patch is under evaluation; but at the same time, I'm not going into the details of the scenario I found while while playing with this patch. Worse, the regression was introduced when plugging an earlier CVE last year - it's never fun when solving one CVE causes another, so all the more reason that I hope the libvirt-security list doesn't deem this as a vulnerability. At any rate, whether or not this gets a CVE designation, it was more than just v1.2.1-maint affected - everything back to v0.9.12-maint had the bug by virtue of CVE-2013-6458; I'm in the process of backporting this patch to ALL branches. -- Eric Blake eblake redhat com+1-919-301-3266 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] securityselinuxlabeltest test fails on v1.2.5
On 06/26/2014 11:38 PM, Scott Sullivan wrote: On 06/26/2014 10:09 AM, Ján Tomko wrote: On 06/26/2014 03:56 PM, Scott Sullivan wrote: 1) Labelling disks ... internal error: File /home/rpmbuild/packages/libvirt/tests/securityselinuxlabeldata/plain.raw context 'EOPNOTSUPP' did not match epected 'system_u:object_r:svirt_image_t:s0:c41,c264' libvirt: error : internal error: File /home/rpmbuild/packages/libvirt/tests/securityselinuxlabeldata/plain.raw context 'EOPNOTSUPP' did not match epected 'system_u:object_r:svirt_image_t:s0:c41,c264' FAILED 2) Labelling kernel... internal error: File /home/rpmbuild/packages/libvirt/tests/securityselinuxlabeldata/vmlinuz.raw context 'EOPNOTSUPP' did not match epected 'system_u:object_r:virt_content_t:s0' libvirt: error : internal error: File /home/rpmbuild/packages/libvirt/tests/securityselinuxlabeldata/vmlinuz.raw context 'EOPNOTSUPP' did not match epected 'system_u:object_r:virt_content_t:s0' FAILED 3) Labelling chardev ... internal error: File /home/rpmbuild/packages/libvirt/tests/securityselinuxlabeldata/plain.txt context 'EOPNOTSUPP' did not match epected 'system_u:object_r:svirt_image_t:s0:c41,c264' libvirt: error : internal error: File /home/rpmbuild/packages/libvirt/tests/securityselinuxlabeldata/plain.txt context 'EOPNOTSUPP' did not match epected 'system_u:object_r:svirt_image_t:s0:c41,c264' FAILED 4) Labelling nfs ... OK FAIL: securityselinuxlabeltest There was a patch skipping the test if setting xattrs is not supported, but it's not merged yet: https://www.redhat.com/archives/libvir-list/2014-June/msg00402.html Jan Jan, Thanks for this. I've applied the patch and it has solved my issues. Hi Scott, Because this patch is only for compatibilities for the old kernel, and it skips the securityselinuxlabeltest, the better way is to upgrade to the kernel that default to support xattr in its filesystem, or remount the currently filesystem with xattr, for ext4: # mount -o acl,user_xattr /dev/sda1 /mount/point or add one line to /etc/mtab /dev/sda1 /mount/point ext4 rw,acl,user_xattr 0 0 Best wishes, Jincheng Miao Thanks again. -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] block/sheepdog: rename management program from collie to dog
Hi Eric, Daniel, thanks for your reply and sorry for my late reply. On Tue, Jun 24, 2014 at 1:43 AM, Eric Blake ebl...@redhat.com wrote: On 06/23/2014 12:20 AM, Hitoshi Mitake wrote: The management program of latest sheepdog is named as dog, collie is obsolete. This patch updates the name in the configure script and the sheepdog driver. Signed-off-by: Vasiliy Tolstov v.tols...@selfip.ru Signed-off-by: Hitoshi Mitake mitake.hito...@lab.ntt.co.jp --- configure.ac | 10 +- src/storage/storage_backend_sheepdog.c | 12 ++-- 2 files changed, 11 insertions(+), 11 deletions(-) Please re-read the comments given at the first attempt at this patch: https://www.redhat.com/archives/libvir-list/2014-June/msg00760.html diff --git a/configure.ac b/configure.ac index 710cb71..186d9e3 100644 --- a/configure.ac +++ b/configure.ac @@ -1926,14 +1926,14 @@ AC_SUBST([LIBRBD_LIBS]) if test $with_storage_sheepdog = yes || test $with_storage_sheepdog = check; then - AC_PATH_PROG([COLLIE], [collie], [], [$PATH:/sbin:/usr/sbin]) + AC_PATH_PROG([DOG], [dog], [], [$PATH:/sbin:/usr/sbin]) This is wrong; you need to test for both names, and use the correct one, in order to be back-compat safe. -- Eric Blake eblake redhat com+1-919-301-3266 Libvirt virtualization library http://libvirt.org I missed the point of compatibility. I'll post v2 which doesn't break it later. Thanks, Hitoshi -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] Change of server
I went ahead and switched earlier today, the new IP for libvirt.org is 91.121.203.120 , seems to me that all services are functionning as before, I also migrated the various cron. The DNS TTL should expire within 2 hours and everybody should see the new box then. it has twice the memory and twice the CPU power (still not a speed daemon by any measure but should be a bit better). Main point is that the hardware is newer and hence less likely to fail, but don't repeat it Murphy could hear about it ! Daniel -- Daniel Veillard | Open Source and Standards, Red Hat veill...@redhat.com | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ http://veillard.com/ | virtualization library http://libvirt.org/ -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list