Eric Blake [Mon, 27 Sep 2010 22:37:53 +0000 (16:37 -0600)]
vcpu: make old API trivially wrap to new API
Note - this wrapping is completely mechanical; the old API will
function identically, since the new API validates that the exact
same flags are provided by the old API. On a per-driver basis,
it may make sense to have the old API pass a different set of flags,
but that should be done in the per-driver patch that implements
the full range of flag support in the new API.
Eric Blake [Fri, 24 Sep 2010 22:48:45 +0000 (16:48 -0600)]
vcpu: add new public API
API agreed on in
https://www.redhat.com/archives/libvir-list/2010-September/msg00456.html,
but modified for enum names to be consistent with virDomainDeviceModifyFlags.
* include/libvirt/libvirt.h.in (virDomainVcpuFlags)
(virDomainSetVcpusFlags, virDomainGetVcpusFlags): New
declarations.
* src/libvirt_public.syms: Export new symbols.
Eric Blake [Mon, 27 Sep 2010 23:36:06 +0000 (17:36 -0600)]
vcpu: add current attribute to <vcpu> element
Syntax agreed on in
https://www.redhat.com/archives/libvir-list/2010-September/msg00476.html
<domain ...>
<vcpu current='x'>y</vcpu>
...
can now be used to specify 1 <= x <= y current vcpus, in relation
to the boot-time max of y vcpus. If current is omitted, then
current and max are assumed to be the same value.
* docs/schemas/domain.rng: Add new attribute.
* docs/formatdomain.html.in: Document it.
* tests/qemuxml2argvdata/qemuxml2argv-smp.xml: Add to
domainschematest.
* tests/xml2sexprdata/xml2sexpr-pv-vcpus.xml: Likewise.
Stefan Berger [Tue, 19 Oct 2010 15:35:58 +0000 (11:35 -0400)]
nwfilter: changes to rules in VM->host table
In the table built for traffic coming from the VM going to the host make the following changes:
- don't ACCEPT the packets but do a 'RETURN' and let the host-specific firewall rules in subsequent rules evaluate whether the traffic is allowed to enter
- use the '-m state' in the rules as everywhere else
Stefan Berger [Tue, 19 Oct 2010 14:23:51 +0000 (10:23 -0400)]
Introduce VIR_CLOSE to be used rather than close()
Since bugs due to double-closed file descriptors are difficult to track down in a multi-threaded system, I am introducing the VIR_CLOSE(fd) macro to help avoid mistakes here.
There are lots of places where close() is being used. In this patch I am only cleaning up usage of close() in src/conf where the problems were.
I also dare to declare close() as being deprecated in libvirt code base (HACKING).
Dan Kenigsberg [Tue, 19 Oct 2010 13:26:32 +0000 (15:26 +0200)]
root_squash: virFileOperation may fail with EPERM too
Over root-squashing nfs, when virFileOperation() is called as uid==0,
it may fail with EACCES, but also with EPERM, due to
virFileOperationNoFork()'s failed attemp to chown a writable file.
qemudDomainSaveFlag() should expect this case, too.
Dan Kenigsberg [Tue, 19 Oct 2010 13:22:57 +0000 (15:22 +0200)]
Run initgroups() in qemudOpenAsUID()
qemudOpenAsUID is intended to open a file with the credentials of a
specified uid. Current implementation fails if the file is accessible to
one of uid's groups but not owned by uid.
This patch replaces the supplementary group list that the child process
inherited from libvirtd with the default group list of uid.
Update docs for memory parameters and memtune command
* docs/formatdomain.html.in: Add memtune element details, added min_guarantee
* src/libvirt.c: Update virDomainGetMemoryParameters api description, make
it more clear that the user first needs to call the api to get the number
of parameters supported and then call again to get the values.
* tools/virsh.pod: Add usage of new command memtune in virsh manpage
The location of the socket below /var/lib/libvirt/qemu/channels makes
sense, to humans and selinux policy alike. However, that socket should
be accessible to vdsm, too.
Due to other (storage) reasons, vdsm is to join the "qemu" group. With
this patch, vdsm can look below /var/lib/libvirt/qemu and connect to the
socket.
The socket itself should be chmod'ed to allow qemu group read/write, but
that's for another project.
Eric Blake [Fri, 15 Oct 2010 13:38:49 +0000 (07:38 -0600)]
virsh: add support for accepting arbitrary argv
* tools/virsh.c (vshCmdOptType): Add VSH_OT_ARGV. Delete
unused VSH_OT_NONE.
(vshCmddefGetData): Special case new opt flag.
(vshCmddefHelp): Display help for argv.
(vshCommandOptArgv): New function.
Eric Blake [Fri, 15 Oct 2010 19:34:24 +0000 (13:34 -0600)]
docs: document how to disable memballoon
https://bugzilla.redhat.com/show_bug.cgi?id=623903 documents a qemu
bug that causes libvirt to hang if virt-manager happens to be
querying balloon info when a guest is paused. Until the qemu bug
is fixed, people need to know how to avoid the issue.
This introduces new attribute to filesystem element
to support customizable access mode for mount type.
Valid accessmode are: passthrough, mapped and squash.
did previously not cut off existing (ssh) connections but only prevented newly initiated ones. The attached patch allows to cut off existing connections as well, thus enforcing what the filter is showing.
I had only tested with a configuration where the physical interface is connected to the bridge where the filters are applied. This patch now also solves a filtering problem where the physical interface is not connected to the bridge, but the bridge is given an IP address and the host routes between bridge and physical interface. Here the filters drop non-allowed traffic on the outgoing side on the host.
Eric Blake [Wed, 13 Oct 2010 22:14:58 +0000 (16:14 -0600)]
build: fix mingw build
* .gnulib: Update to latest, for termios fix.
* configure.ac (AC_CHECK_HEADERS): Drop redundent check.
* bootstrap: Synchronize from upstream.
Reported by Daniel P. Berrange.
Jiri Denemark [Wed, 13 Oct 2010 13:51:50 +0000 (15:51 +0200)]
qemu: Prohibit migration of guests with host devices
Explicitly raising a nice error in the case user tries to migrate a
guest with assigned host devices is much better than waiting for a
mysterious error with no clue for the reason.
Jiri Denemark [Wed, 13 Oct 2010 10:26:22 +0000 (12:26 +0200)]
cpu: Use vendor in baseline CPU only if all hosts use it
When only some host CPUs given to cpuBaseline contain <vendor> element,
baseline CPU should not contain it. Otherwise the result would not be
compatible with the host CPUs without vendor. CPU vendors are still
taken into account when computing baseline CPU, it's just removed from
the result.
Jiri Denemark [Wed, 13 Oct 2010 09:42:19 +0000 (11:42 +0200)]
cpu: Fix vendor for recent CPU models
Recent CPU models were specified using invalid vendor element
<vendor>NAME</vendor>, which was silently ignored due to a bug in the
code which was parsing it.
Eric Blake [Wed, 13 Oct 2010 17:09:40 +0000 (11:09 -0600)]
memory: fix remote protocol compilation
'make -C src rpcgen' is supposed to be idempotent. But commit f928f43b7b mistakently manually edited a generated file rather
than fixing the upstream file.
* src/remote/remote_protocol.x (remote_memory_param_value): Use
correct spelling of enum values.
* src/remote/remote_protocol.c: Regenerate.
This enables support for nested SVM using the regular CPU
model/features block. If the CPU model or features include
'svm', then the '-enable-nesting' flag will be added to the
QEMU command line. Latest out of tree patches for nested
'vmx', no longer require the '-enable-nesting' flag. They
instead just look at the cpu features. Several of the models
already include svm support, but QEMU was just masking out
the svm bit silently. So this will enable SVM on such
models
* src/qemu/qemu_conf.h: flag for -enable-nesting
* src/qemu/qemu_conf.c: Use -enable-nesting if VMX or SVM are in
the CPUID
* src/cpu/cpu.h, src/cpu/cpu.c: API to check for a named feature
* src/cpu/cpu_x86.c: x86 impl of feature check
* src/libvirt_private.syms: Add cpuHasFeature
* src/qemuhelptest.c: Add nesting flag where required
Fix Xen SEXPR generation to properly quote strings containing ()
* src/xen/sexpr.c: Ensure () are escaped in sexpr2string
* tests/sexpr2xmldata/sexpr2xml-boot-grub.sexpr,
tests/sexpr2xmldata/sexpr2xml-boot-grub.xml,
tests/xml2sexprdata/xml2sexpr-boot-grub.sexpr,
tests/xml2sexprdata/xml2sexpr-boot-grub.xml: Data files to
check escaping
* tests/sexpr2xmltest.c, tests/xml2sexprtest.c: Add boot-grub
escaping test case
Stefan Berger [Wed, 13 Oct 2010 14:33:26 +0000 (10:33 -0400)]
nwfilter: resolve deadlock between VM ops and filter update
This is from a bug report and conversation on IRC where Soren reported that while a filter update is occurring on one or more VMs (due to a rule having been edited for example), a deadlock can occur when a VM referencing a filter is started.
The problem is caused by the two locking sequences of
qemu driver, qemu domain, filter # for the VM start operation
filter, qemu_driver, qemu_domain # for the filter update operation
that obviously don't lock in the same order. The problem is the 2nd lock sequence. Here the qemu_driver lock is being grabbed in qemu_driver:qemudVMFilterRebuild()
The following solution is based on the idea of trying to re-arrange the 2nd sequence of locks as follows:
qemu_driver, filter, qemu_driver, qemu_domain
and making the qemu driver recursively lockable so that a second lock can occur, this would then lead to the following net-locking sequence
qemu_driver, filter, qemu_domain
where the 2nd qemu_driver lock has been ( logically ) eliminated.
The 2nd part of the idea is that the sequence of locks (filter, qemu_domain) and (qemu_domain, filter) becomes interchangeable if all code paths where filter AND qemu_domain are locked have a preceding qemu_domain lock that basically blocks their concurrent execution
So, the following code paths exist towards qemu_driver:qemudVMFilterRebuild where we now want to put a qemu_driver lock in front of the filter lock.
Qemu is not the only driver using the nwfilter driver, but also the UML driver calls into it. Therefore qemuVMFilterRebuild() can be exchanged with umlVMFilterRebuild() along with the driver lock of qemu_driver that can now be a uml_driver. Further, since UML and Qemu domains can be running on the same machine, the triggering of a rebuild of the filter can touch both types of drivers and their domains.
In the patch below I am now extending each nwfilter callback driver with functions for locking and unlocking the (VM) driver (UML, QEMU) and introduce new functions for locking all registered callback drivers and unlocking them. Then I am distributing the lock-all-cbdrivers/unlock-all-cbdrivers call into the above call paths. The last shown callpath starting with nwfilterDriverStart() is problematic since it is initialize before the Qemu and UML drives are and thus a lock in the path would result in a NULL pointer attempted to be locked -- the call to virNWFilterTriggerVMFilterRebuild() is never called, so we never lock either the qemu_driver or the uml_driver in that path. Therefore, only the first 3 paths now receive calls to lock and unlock all callback drivers. Now that the locks are distributed where it matters I can remove the qemu_driver and uml_driver lock from qemudVMFilterRebuild() and umlVMFilterRebuild() and not requiring the recursive locks.
For now I want to put this out as an RFC patch. I have tested it by 'stretching' the critical section after the define/undefine functions each lock the filter so I can (easily) concurrently execute another VM operation (suspend,start). That code is in this patch and if you want you can de-activate it. It seems to work ok and operations are being blocked while the update is being done.
I still also want to verify the other assumption above that locking filter and qemu_domain always has a preceding qemu_driver lock.
Lai Jiangshan [Tue, 12 Oct 2010 07:14:01 +0000 (15:14 +0800)]
virsh: rework command parsing
Old virsh command parsing mashes all the args back into a string and
miss the quotes, this patches fix it. It is also needed for introducing
qemu-monitor-command which is very useful.
This patches uses the new vshCommandParser abstraction and adds
vshCommandArgvParse() for arguments vector, so we don't need
to mash arguments vector into a command sting.
And the usage was changed:
old:
virsh [options] [commands]
Lai Jiangshan [Tue, 12 Oct 2010 07:13:39 +0000 (15:13 +0800)]
virsh: better handling the boolean option
in old code the following commands are equivalent:
virsh # dumpxml --update-cpu=vm1
virsh # dumpxml --update-cpu vm1
because the old code split the option argument into 2 parts:
--update-cpu=vm1 is split into update-cpu and vm1,
and update-cpu is a boolean option, so the parser takes vm1 as another
argument, very strange.
after this patch applied, the first one will become illegal.
To achieve this, we don't parse/check options when parsing command sting,
but check options when parsing a command argument. And the argument is
not split when parsing command sting.
Signed-off-by: Lai Jiangshan <laijs@cn.fujitsu.com>
Eric Blake [Tue, 12 Oct 2010 17:24:00 +0000 (11:24 -0600)]
virsh: poison raw allocation routines
* tools/virsh.c (malloc, calloc, realloc, strdup): Enforce that
within this file, we use the safe vsh wrappers instead.
(cmdNodeListDevices, cmdSnapshotCreate, main): Fix violations of
this policy.
Lai Jiangshan [Tue, 12 Oct 2010 07:13:16 +0000 (15:13 +0800)]
virsh: better support double quote
In origin code, double quote is only allowed at the begin or end
"complicated argument"
--some_opt="complicated string" (we split this argument into 2 parts,
option and data, the data is "complicated string").
This patch makes it allow double quote at any position of
an argument:
complicated" argument"
complicated" "argument
--"some opt=complicated string"
This patch is also needed for the following patches,
the following patches will not split option argument into 2 parts,
so we have to allow double quote at any position of an argument.
Signed-off-by: Lai Jiangshan <laijs@cn.fujitsu.com>
Daniel Veillard [Wed, 13 Oct 2010 10:19:02 +0000 (12:19 +0200)]
Fixes for documentation extraction
* include/libvirt/libvirt.h.in: some of the function type description
were broken so they could not be automatically documented
* src/util/event.c docs/apibuild.py: event.c exports one public API
so it needs to be scanned too, avoid a few warnings
The command helps to control the memory/swap parameters for the system, for
eg. hard_limit (max memory the vm can use), soft_limit (limit during memory
contention), swap_hard_limit(max swap the vm can use)
Adding parsing code for memory tunables in the domain xml file
also change the internal define structures used for domain memory
informations
Adds a new specific test
Jiri Denemark [Mon, 11 Oct 2010 08:57:04 +0000 (10:57 +0200)]
cpu: Remove redundant features
Some features provided by the recently added CPU models were mentioned
twice for each model. This was a result of automatic generation of the
XML from qemu's CPU configuration file without noticing this redundancy.
Set sensible defaults for cpu match and feature policy
To enable the CPU XML from the capabilities to be pasted directly
into the guest XML with no editing, pick a sensible default for
match and feature policy. The CPU match will be exact and the
feature policy will be require. This should ensure safety for
migration and give DWIM semantics for users
* src/conf/cpu_conf.c: Default to exact match and require policy
* docs/formatdomain.html.in: Document new defaults
This adds a script to generate the todo item page from
bugzilla. This requires a valid username+password for
bugzilla, so it is intended that this only be run on
the libvirt.org website via cron. Normal usage will just
generate an empty stub page.
* docs/todo.pl: Script to extract todo items from bugzilla
* docs/todo.cfg-example: Example config file
* docs/sitemap.html.in: Add todo page
* docs/Makefile.am: Generation rules for todo items
Jiri Denemark [Fri, 1 Oct 2010 14:45:55 +0000 (16:45 +0200)]
xen: Fix virDomain{At,De}tachDevice
According to API documentation virDomain{At,De}tachDevice calls are
supposed to only work on active guests for device hotplug. For anything
beyond that, their *Flags variants have to be used.
Despite the variant which was acked on libvirt mailing list
(https://www.redhat.com/archives/libvir-list/2010-January/msg00385.html)
commit ed9c14a7ef86d7a45a6d57cbfee5410fca428633 (by Jim Fehlig)
introduced automagic behavior of these API calls for xen driver. Since
January, these calls always change persistent configuration of a guest
and if the guest is currently active, they also hot(un)plug the device.
That change didn't follow API documentation and also broke device
hot(un)plug for older xend implementations which do not support changing
persistent configuration of a guest and hot(un)plugging in one step.
This patch should not break anything for active guests. On the other
hand, changing inactive guests is not supported any more.
Jiri Denemark [Fri, 1 Oct 2010 14:22:29 +0000 (16:22 +0200)]
xen: Make xenDaemon*DeviceFlags errors less confusing
When a user calls to virDomain{Attach,Detach,Update}DeviceFlags() with
flags == VIR_DOMAIN_DEVICE_MODIFY_LIVE on an inactive guest running on
an old Xen hypervisor (such as RHEL-5) xend_internal driver reports:
Xend version does not support modifying persistent config
which is pretty confusing since no-one requested to modify persistent
config.
Stefan Berger [Thu, 7 Oct 2010 10:50:26 +0000 (06:50 -0400)]
nwfilter: Add 2nd example to the html docs
This patch adds another example to the nwfilter html page and provides 2 solutions for how to write a filter meeting the given requirements using newly added features.
Stefan Berger [Thu, 7 Oct 2010 10:43:35 +0000 (06:43 -0400)]
nwfilter: Add test case for testing the state attribute
This patch adds a test case for testing the XML parser's and instantiator's
support of the state attribute. The other test case tests existing
capabilities. Both test cases will be used in TCK again.
Stefan Berger [Thu, 7 Oct 2010 10:41:37 +0000 (06:41 -0400)]
nwfilter: Instantiate state match in ip(6)tables rules
In this patch I am extending the rule instantiator to create the state
match according to the state attribute in the XML. Only one iptables
rule in the incoming or outgoing direction will be created for a rule
in direction 'in' or 'out' respectively. A rule in direction 'inout' does
get iptables rules in both directions.
Eric Blake [Tue, 5 Oct 2010 15:10:31 +0000 (09:10 -0600)]
build: require pkg-config for bootstrap
* .gnulib: Update to latest, for bootstrap fixes.
* bootstrap: Synchronize with upstream.
* bootstrap.conf: Add pkg-config pre-requisite.
* autogen.sh: Tweak wording message.
Reported by Justin Clift, and with feedback from Bruno Haible.
Jiri Denemark [Tue, 5 Oct 2010 11:39:37 +0000 (13:39 +0200)]
xen: Fix bogus error when attaching a device
The xm internal xen driver only supports disk and network devices to be
added to a guest. On an attempt to attach any other device the xm driver
used VIR_ERR_XML_ERROR which resulted in a completely bogus error
message:
error: Failed to attach device from pci.xml
error: XML description for unknown device is not well formed or invalid
Justin Clift [Tue, 5 Oct 2010 01:31:05 +0000 (12:31 +1100)]
configure: disable network and storage-fs drivers on mac os x
Disabling these two drivers on MacOS X, where they are known to
not work, allows libvirt (including the daemon) to compile without
any further changes.
projects / libvirt.git / log