The series adds optimization in network filters instantiation as suggested
in [1]. Applied on top of [2].
However this approach has drawback I'm unfortunately discovered too late)
Next steps will left us with no network filters after this series applied:
systemctl stop libvirtd
systemctl restart
We need reinstantiation because reload will flush rules installed
by libvirtd.
Signed-off-by: Nikolay Shirokovskiy
---
src/nwfilter/nwfilter_driver.c | 6 +++---
src/nwfilter/nwfilter_gentech_driver.c | 13 +
src/nwfilter/nwfilter_gentech_driver.h | 3 ++-
3 files changed,
On 18.10.2018 03:26, John Ferlan wrote:
>
>
> On 10/17/18 4:25 AM, Nikolay Shirokovskiy wrote:
>>
>>
>> On 17.10.2018 01:28, John Ferlan wrote:
>>>
>>>
>>> On 10/12/18 3:23 AM, Nikolay Shirokovskiy wrote:
If learning thread is configured to learn on all ethernet frames (which is
hard
This helps us bring correct firewall rules if previous binary
install them incorrectly.
Signed-off-by: Nikolay Shirokovskiy
---
src/conf/virnwfilterbindingobj.c | 20
src/conf/virnwfilterbindingobj.h | 3 +++
src/libvirt_private.syms | 1 +
src/nw
For filter without references to other filters hash is just sha-256 of filter's
xml. For filters with references hash is sha-256 of string consisting of
filter's self hash and hashes of directly referenced filters.
If filter is not complete that is some of filters it's referencing directly or
indi
Skip binding's filter reinstantiation if it is not changed since it was
instantiated last time. The purpose it to fasten libvirtd restart at least if
filters won't changed, see RFC [1]. Thus we need to keep instantiated filter
hash for binding in binding's status.
This patch skips filters reinsta
On Wed, Oct 17, 2018 at 4:46 PM Martin Kletzander
wrote:
> On Tue, Oct 16, 2018 at 07:19:41PM -0400, John Ferlan wrote:
> >
> >
> >On 10/14/18 10:26 AM, Han Han wrote:
> >> https://bugzilla.redhat.com/show_bug.cgi?id=1535930
> >>
> >> Report more clear err msg instead of unknown error when coales
On Thu, Oct 18, 2018 at 11:07 AM Luyao Zhong wrote:
> Hi Han,
>
> I'm not sure which release my patches will merge into. How about adding
> the patch to update the release news after my last version of these
> patches. Waiting for more reviews and comments.
>
Well. That's OK.
> Regards,
> Luyao
Hi Han,
I'm not sure which release my patches will merge into. How about adding
the patch to update the release news after my last version of these
patches. Waiting for more reviews and comments.
Regards,
Luyao Zhong
On 2018/10/18 上午9:10, Han Han wrote:
On Wed, Oct 17, 2018 at 10:25 AM L
If qemuDomainSnapshotDiscard() fails for any reason (rare,
but possible with an ill-timed ENOMEM or if
qemuDomainSnapshotForEachQcow2() has problems talking to the
qemu guest monitor), then an attempt to retry the snapshot
deletion API will crash because we didn't undo the effects
of virDomainSnaps
On Wed, Oct 17, 2018 at 10:25 AM Luyao Zhong wrote:
> Hi libvirt experts,
>
> This is the RFC for updating NVDIMM support in libvirt.
>
> QEMU has supported four more properties which libvirt has not introduced
> yet, including 'align', 'pmem', 'nvdimm-persistences' and 'unarmed'.
>
> The 'align'
On 10/17/18 7:30 PM, Eric Blake wrote:
If qemuDomainSnapshotDiscard() fails for any reason (rare,
but possible with an ill-timed ENOMEM or if
qemuDomainSnapshotForEachQcow2() has problems talking to the
qemu guest monitor), then an attempt to retry the snapshot
deletion API will crash because we
Self-NACK. I'vebeen informed by the original reporter that for IPv4 we
have to specify a netmask rather than prefix (it worked for me with
prefix, but for him it didn't :-/)
I'll send a V2 in the morning. Too close to bedtime now to do anything
that requires attention to detail...
On 10/17/2018 1
If qemuDomainSnapshotDiscard() fails for any reason (rare,
but possible with an ill-timed ENOMEM or if
qemuDomainSnapshotForEachQcow2() has problems talking to the
qemu guest monitor), then an attempt to retry the snapshot
deletion API will crash because we didn't undo the effects
of virDomainSnaps
On 10/17/18 4:25 AM, Nikolay Shirokovskiy wrote:
>
>
> On 17.10.2018 01:28, John Ferlan wrote:
>>
>>
>> On 10/12/18 3:23 AM, Nikolay Shirokovskiy wrote:
>>> If learning thread is configured to learn on all ethernet frames (which is
>>> hardcoded) then chances are big that there is packet on ev
On 10/16/18 3:22 AM, Nikolay Shirokovskiy wrote:
>
>
> On 16.10.2018 03:00, John Ferlan wrote:
>>
>>
>> On 10/8/18 4:10 AM, Nikolay Shirokovskiy wrote:
>>> Block job abort operation can not handle properly qemu crashes when waiting
>>> for
>>> abort/pivot completion. Deadlock scenario is next
On Sat, Oct 13, 2018 at 08:46:19AM -0600, Jim Fehlig wrote:
> I had some couch time at the start of the weekend and was finally able to
> try using this series with virt-install. As it turns out, reporting
> duplicate blocks for 'xen' is not quite right. Instead we
> will want to report the addit
On 10/16/18 7:23 PM, Marek Marczykowski-Górecki wrote:
On Sat, Oct 13, 2018 at 08:46:19AM -0600, Jim Fehlig wrote:
I had some couch time at the start of the weekend and was finally able to
try using this series with virt-install. As it turns out, reporting
duplicate blocks for 'xen' is not qui
>From fca1732c0e1f691fb25c614349d5486bbc73a109 Mon Sep 17 00:00:00 2001
From: Jie Wang
Date: Wed, 17 Oct 2018 22:55:51 +0800
Subject: [PATCH] qemu: Fix IOThread pids lost after qemuProcessReconnect
IOThread pids info will lost after libvirtd restart, then
if we call pinIOThread, sched_setaffinity
dnsmasq documentation says that the *IPv4* prefix/network
address/broadcast address sent to dhcp clients will be automatically
determined by dnsmasq by looking at the interface it's listening on,
so the original libvirt code that added dhcp support to virtual
networks did not add a prefix to the dn
On Tue, 2018-10-16 at 11:28 +0800, Yi Min Zhao wrote:
> 在 2018/10/11 下午10:50, Andrea Bolognani 写道:
> > On Fri, 2018-09-28 at 16:46 +0800, Yi Min Zhao wrote:
> > > # conf/device_conf.h
> > > +virDeviceInfoPCIAddressExtensionIsPresent;
> > > +virDeviceInfoPCIAddressExtensionIsWanted;
> > > virDev
This reverts commit 8b035c84d8a7362a87a95e6114b8e7f959685ed9.
The MTTCG impl in QEMU does allow pinning vCPUs.
When the guest is running we already check if pinning is
possible in the qemuDomainPinVcpuLive method, so this
check was adding no benefit.
When the guest is not running, we cannot know
QEMU is using MTTCG by default on an increasingly large
set of host/guest combinations. This allows us to use the
normal vCPU pinning support we already have for KVM. We
just need to stop throwing away the PID info, and stop
artificially blocking pinning APIs.
Daniel P. Berrangé (2):
qemu: fix r
MTTCG is the new multi-threaded impl of TCG which follows
KVM in having one host OS thread per vCPU. Historically
we have discarded all PIDs reported for TCG guests, but
we must now selectively honour this data.
We don't have anything in the domain XML that indicates
whether a guest is using TCG o
Daniel P. Berrangé wrote:
> From: "Daniel P. Berrange"
>
> Currently any client which can complete the TLS handshake is able to use
> a chardev server. The server admin can turn on the 'verify-peer' option
> for the x509 creds to require the client to provide a x509
> certificate. This means the
Daniel P. Berrangé wrote:
> From: "Daniel P. Berrange"
>
> As with the previous patch to qemu-nbd, the nbd-server-start QMP command
> also needs to be able to specify authorization when enabling TLS encryption.
>
> First the client must create a QAuthZ object instance using the
> 'object-add' com
Daniel P. Berrangé wrote:
> From: "Daniel P. Berrange"
>
> The QEMU instance that runs as the server for the migration data
> transport (ie the target QEMU) needs to be able to configure access
> control so it can prevent unauthorized clients initiating an incoming
> migration. This adds a new 't
Daniel P. Berrangé wrote:
> From: "Daniel P. Berrange"
>
> Currently any client which can complete the TLS handshake is able to use
> the NBD server. The server admin can turn on the 'verify-peer' option
> for the x509 creds to require the client to provide a x509 certificate.
> This means the cl
On 10/17/2018 01:46 PM, Daniel P. Berrangé wrote:
> On Wed, Oct 17, 2018 at 12:52:50PM +0200, Michal Privoznik wrote:
>> On 10/17/2018 11:45 AM, Daniel P. Berrangé wrote:
>>> On Wed, Oct 17, 2018 at 11:06:46AM +0200, Michal Privoznik wrote:
Trying to use virlockd to lock metadata turns out to
On Wed, 2018-10-17 at 16:27 +0800, Wang Huaqiang wrote:
> Signed-off-by: Wang Huaqiang
> ---
> src/util/virresctrl.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
Reviewed-by: Andrea Bolognani
and pushed.
--
Andrea Bolognani / Red Hat / Virtualization
--
libvir-list mailing list
l
On Wed, Oct 17, 2018 at 12:52:50PM +0200, Michal Privoznik wrote:
> On 10/17/2018 11:45 AM, Daniel P. Berrangé wrote:
> > On Wed, Oct 17, 2018 at 11:06:46AM +0200, Michal Privoznik wrote:
> >> Trying to use virlockd to lock metadata turns out to be too big
> >> gun. Since we will always spawn a sep
On 10/17/2018 11:45 AM, Daniel P. Berrangé wrote:
> On Wed, Oct 17, 2018 at 11:06:46AM +0200, Michal Privoznik wrote:
>> Trying to use virlockd to lock metadata turns out to be too big
>> gun. Since we will always spawn a separate process for relabeling
>> we are safe to use thread unsafe POSIX loc
On Wed, Oct 17, 2018 at 11:06:46AM +0200, Michal Privoznik wrote:
> Trying to use virlockd to lock metadata turns out to be too big
> gun. Since we will always spawn a separate process for relabeling
> we are safe to use thread unsafe POSIX locks and take out
> virtlockd completely out of the pictu
On Wed, Oct 17, 2018 at 11:06:43AM +0200, Michal Privoznik wrote:
> This new helper can be used to spawn a child process and run
> passed callback from it. This will come handy esp. if the
> callback is not thread safe.
>
> Signed-off-by: Michal Privoznik
> ---
> src/libvirt_private.syms | 1 +
This reverts commit afd5a27575e8b6a494d2728552fe0e89c71e32b4.
Signed-off-by: Michal Privoznik
---
src/locking/lock_daemon_dispatch.c | 3 ---
src/util/virlockspace.c| 15 +--
src/util/virlockspace.h| 4
tests/virlockspacetest.c | 29 +-
This reverts commit 21c34b86be5233634eb38f77be64e2263bfc4e48.
Signed-off-by: Michal Privoznik
---
src/locking/lock_daemon_dispatch.c | 10 ++
src/locking/lock_driver_lockd.c| 3 +--
src/locking/lock_driver_lockd.h| 1 -
3 files changed, 3 insertions(+), 11 deletions(-)
diff --
This reverts commit 22baf6e08c65d9174b24f66370724ce961ce9576.
Signed-off-by: Michal Privoznik
---
src/locking/lock_driver.h | 2 -
src/locking/lock_driver_lockd.c | 297 +++---
src/locking/lock_driver_sanlock.c | 37 ++--
3 files changed, 116 insertions(+), 2
This reverts commit aaf34cb9013d6d746f4edf9807408cb9dfbcf01d.
Signed-off-by: Michal Privoznik
---
src/locking/lock_driver_lockd.c | 8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/locking/lock_driver_lockd.c b/src/locking/lock_driver_lockd.c
index 268676c407..22a5a9
This reverts commit 35b5b244da825fb41e35e4dc62e740d716214ec9.
Signed-off-by: Michal Privoznik
---
src/locking/lock_driver.h | 4
src/locking/lock_driver_lockd.c | 4 +---
src/locking/lock_driver_sanlock.c | 4 +---
src/locking/lock_manager.c| 10 +++---
4 files chan
v3 of:
https://www.redhat.com/archives/libvir-list/2018-October/msg00667.html
diff to v2:
- Introduced two new patches (1/13 and 2/13) so that even non-Linux
platforms are covered
- In 4/13 I switched from indefinite wait for lock to a lock with
timeout (of 10 seconds). This is basically to p
This reverts commit 8b8aefb3d6ae2139ea3d4ef6d7dd2c06f57f6075.
Signed-off-by: Michal Privoznik
---
src/qemu/qemu_conf.c | 1 -
src/qemu/qemu_conf.h | 1 -
2 files changed, 2 deletions(-)
diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
index 17b7e11e02..32da9a7351 100644
--- a/src/qemu/q
This reverts commit 385eb8399bdb1610447c2857abfe99cee4a9fb9e.
Signed-off-by: Michal Privoznik
---
src/locking/lock_driver.h | 4 --
src/locking/lock_driver_lockd.c | 82 ++---
2 files changed, 24 insertions(+), 62 deletions(-)
diff --git a/src/locking/lock_dri
Trying to use virlockd to lock metadata turns out to be too big
gun. Since we will always spawn a separate process for relabeling
we are safe to use thread unsafe POSIX locks and take out
virtlockd completely out of the picture.
Signed-off-by: Michal Privoznik
---
src/security/security_dac.c
This reverts commit 3e26b476b5f322353bf0dcd8e3f037ca672b8c62.
Signed-off-by: Michal Privoznik
---
cfg.mk | 4 +---
src/lxc/lxc_controller.c | 3 +--
src/lxc/lxc_driver.c | 2 +-
src/qemu/qemu_driver.c | 3 ---
src/security/security_mana
For supported mdev driver to create aggregated device, this creates
new "aggregation" attribute for target type, which will show maximum
number of instance resources that can be aggregated.
Cc: Kirti Wankhede
Cc: Alex Williamson
Cc: Kevin Tian
Cc: Cornelia Huck
Signed-off-by: Zhenyu Wang
---
This reverts commit 997283b54b0e1f599aed3085ceba027eb8110acb.
Signed-off-by: Michal Privoznik
---
src/locking/lock_driver.h | 2 --
src/locking/lock_driver_lockd.c | 47 +--
src/locking/lock_driver_sanlock.c | 3 +-
3 files changed, 14 insertions(+), 38 de
This new helper can be used to spawn a child process and run
passed callback from it. This will come handy esp. if the
callback is not thread safe.
Signed-off-by: Michal Privoznik
---
src/libvirt_private.syms | 1 +
src/util/virprocess.c| 81
src/uti
In the next commit the virSecurityManagerMetadataLock() is going
to be turned thread unsafe. Therefore, we have to spawn a
separate process for it. Always.
Signed-off-by: Michal Privoznik
---
src/security/security_dac.c | 2 +-
src/security/security_selinux.c | 2 +-
2 files changed, 2 inser
Both virProcessRunInMountNamespace() and virProcessRunInFork()
look very similar. De-duplicate the code and make
virProcessRunInMountNamespace() call virProcessRunInFork().
Signed-off-by: Michal Privoznik
---
src/util/virprocess.c | 62 +--
1 file changed,
Update vfio/mdev ABI description for new aggregation attributes.
Cc: Kirti Wankhede
Cc: Alex Williamson
Cc: Kevin Tian
Cc: Cornelia Huck
Signed-off-by: Zhenyu Wang
---
Documentation/ABI/testing/sysfs-bus-vfio-mdev | 25 +++
1 file changed, 25 insertions(+)
diff --git a/Docum
Update vfio/mdev doc on new "aggregate" create parameter, new "aggregation"
attribute and "aggregated_instances" attribute for mdev device.
Cc: Kirti Wankhede
Cc: Alex Williamson
Cc: Kevin Tian
Cc: Cornelia Huck
Signed-off-by: Zhenyu Wang
---
Documentation/vfio-mediated-device.txt | 44 +
For special mdev type which can aggregate instances for mdev device,
this extends mdev create interface by allowing extra "aggregate=xxx"
parameter, which is passed to mdev device model to be able to create
bundled number of instances for target mdev device.
v2: create new create_with_instances op
New aggregation type is created for KVMGT which can be used
to combine minimal resource number for target instances, to create
user defined number of resources. For KVMGT, aggregated resource
is determined by memory and fence resource allocation for target
number of instances.
v2:
- apply for new
For mdev device created by "aggregate" parameter, this creates new mdev
device attribute "aggregated_instances" to show number of aggregated
instances allocated.
v2:
- change attribute name as "aggregated_instances"
v3:
- create only for aggregated allocation
Cc: Kirti Wankhede
Cc: Alex William
Current mdev device create interface depends on fixed mdev type, which get uuid
from user to create instance of mdev device. If user wants to use customized
number of resource for mdev device, then only can create new mdev type for that
which may not be flexible. This requirement comes not only fro
I don't see any patch actually adding (nevermind using) the attibute,
so something seems wrong here.
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
On 16.10.2018 21:46, John Ferlan wrote:
>
> $SUBJ:
>
> s/don't/Don't
>
> On 10/10/18 4:04 AM, Nikolay Shirokovskiy wrote:
>> Now when STOP event handler has correct both suspended event reason
>> and paused state reason let's wipe out duplicated event sending and
>> state changed in/after qem
On 16.10.2018 21:42, John Ferlan wrote:
>
> $SUBJ:
>
> s/map/Map
>
> On 10/10/18 4:04 AM, Nikolay Shirokovskiy wrote:
>> Map is based on existing cases in code where we send suspended
>> event after changing domain state to paused.
>>
>> Signed-off-by: Nikolay Shirokovskiy
>> ---
>> src/qem
On Wed, 2018-10-17 at 09:10 +0800, Han Han wrote:
> Signed-off-by: Han Han
> ---
> src/conf/domain_addr.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/src/conf/domain_addr.c b/src/conf/domain_addr.c
> index 442e6aab94..e4ed143b76 100644
> --- a/src/conf/domain_add
On Tue, Oct 16, 2018 at 07:19:41PM -0400, John Ferlan wrote:
On 10/14/18 10:26 AM, Han Han wrote:
https://bugzilla.redhat.com/show_bug.cgi?id=1535930
Report more clear err msg instead of unknown error when coalesce
settings is incomplete.
Incomplete is not an error. It's request for remov
On 16.10.2018 21:40, John Ferlan wrote:
>
> $SUBJ:
>
> s/pass/Pass
>
> On 10/10/18 4:04 AM, Nikolay Shirokovskiy wrote:
>> We send duplicate suspended lifecycle events on qemu process stop in several
>> places. The reason is stop event handler always send suspended event and
>> we addidionall
Signed-off-by: Wang Huaqiang
---
src/util/virresctrl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/util/virresctrl.c b/src/util/virresctrl.c
index df5b512..5d811a2 100644
--- a/src/util/virresctrl.c
+++ b/src/util/virresctrl.c
@@ -259,7 +259,7 @@ virResctrlInfoMonFree(
On 17.10.2018 01:28, John Ferlan wrote:
>
>
> On 10/12/18 3:23 AM, Nikolay Shirokovskiy wrote:
>> If learning thread is configured to learn on all ethernet frames (which is
>> hardcoded) then chances are big that there is packet on every iteration of
>> inspecting frames loop. As result we wil
On 16.10.2018 15:48, John Ferlan wrote:
>
>
> On 10/8/18 7:21 AM, Nikolay Shirokovskiy wrote:
>> Let's introduce shutdown reason "daemon" which means we have to
>> kill running domain ourselves as the best action we can take at
>> that moment. Failure to pick up domain on daemon restart is
>>
64 matches
Mail list logo