November 2011 - Devel - libvirt List Archives

[libvirt] virDomainBlockJobAbort and block_job_cancel
by Stefan Hajnoczi 08 Dec '11

08 Dec '11

Block job cancellation waits until the job has been cancelled before returning. This allows clients to know that the operation has been cancelled successfully. Unfortunately, these semantics are not really possible with today's QEMU and libvirt code. A command that waits for block I/O completion may wait for many minutes. During this time the monitor is unavailable. While the QMP protocol may in theory support multiple in-flight commands, both QEMU and libvirt's implemenations are geared towards one command at a time. So in practice a hung cancellation command would make the monitor unavailable - we need to avoid this. This means block_job_cancel cannot wait until the job is cancelled or it risks hanging the monitor if there is a block I/O timeout. We need a solution that reflects this in QEMU and libvirt, here is what I propose: block_job_cancel returns immediately upon marking the job cancelled. The job may still be finishing block I/O but will cancel itself at some point in the future. When the job actually completes it raises the new BLOCK_JOB_CANCELLED event. This means that virDomainBlockJobAbort() returns to the client without a guarantee that the job has completed. If the client enumerates jobs it may still see a job that has not finished cancelling. The client must register a handler for the BLOCK_JOB_CANCELLED event if it wants to know when the job really goes away. The BLOCK_JOB_CANCELLED event has the same fields as the BLOCK_JOB_COMPLETED event, except it lacks the optional "error" message field. The impact on clients is that they need to add a BLOCK_JOB_CANCELLED handler if they really want to wait. Most clients today (not many exist) will be fine without waiting for cancellation. Any objections or thoughts on this? Stefan

4 8

[libvirt] [PATCH 2/2] nwfilter: Pass the VM operation type into the nwfilter subsystem
by Stefan Berger 08 Dec '11

08 Dec '11

Another preparatory patch for DHCP snooping where we want to be able to differentiate between a VM start/interface attach and other operations like VM resume and libvirtd restart so that upon VM start we can internally discard all DHCP leases that may still be active for a VM's interface identified by its MAC address (and the VM's UUID). This then helps to prevent installation of filters with IP addresses from a previous run of the VM upon for example a libvird restart or a 'kill -SIGHUP': Pass the VM operation into the nwfilter subsystem. Also this parameter currently is an ATTRIBUTE_UNUSED in 'virNWFilterInstantiate' until the DHCP snooping patches make use of it. I am 'abusing' the enum type originally introduced for 802.1Qb{g|h} to determine what type of operation is being used. Introducing another type probably doesn't make much sense but maybe renaming this enum type to something like 'virVMOperation' would? --- src/conf/domain_nwfilter.c | 3 ++- src/conf/domain_nwfilter.h | 2 ++ src/lxc/lxc_driver.c | 10 ++++++++-- src/nwfilter/nwfilter_driver.c | 3 ++- src/nwfilter/nwfilter_gentech_driver.c | 15 +++++++++++---- src/nwfilter/nwfilter_gentech_driver.h | 1 + src/qemu/qemu_command.c | 8 +++++--- src/qemu/qemu_command.h | 1 + src/qemu/qemu_hotplug.c | 4 +++- src/qemu/qemu_process.c | 7 +++++-- src/uml/uml_conf.c | 14 +++++++++----- src/uml/uml_conf.h | 3 ++- src/uml/uml_driver.c | 3 ++- 13 files changed, 53 insertions(+), 21 deletions(-) Index: libvirt-acl/src/conf/domain_nwfilter.c =================================================================== --- libvirt-acl.orig/src/conf/domain_nwfilter.c +++ libvirt-acl/src/conf/domain_nwfilter.c @@ -38,9 +38,10 @@ virDomainConfNWFilterRegister(virDomainC int virDomainConfNWFilterInstantiate(virConnectPtr conn, const unsigned char *vmuuid, + enum virNetDevVPortProfileOp vmOp, virDomainNetDefPtr net) { if (nwfilterDriver != NULL) - return nwfilterDriver->instantiateFilter(conn, vmuuid, net); + return nwfilterDriver->instantiateFilter(conn, vmuuid, vmOp, net); /* driver module not available -- don't indicate failure */ return 0; } Index: libvirt-acl/src/conf/domain_nwfilter.h =================================================================== --- libvirt-acl.orig/src/conf/domain_nwfilter.h +++ libvirt-acl/src/conf/domain_nwfilter.h @@ -25,6 +25,7 @@ typedef int (*virDomainConfInstantiateNWFilter)(virConnectPtr conn, const unsigned char *vmuuid, + enum virNetDevVPortProfileOp, virDomainNetDefPtr net); typedef void (*virDomainConfTeardownNWFilter)(virDomainNetDefPtr net); @@ -38,6 +39,7 @@ void virDomainConfNWFilterRegister(virDo int virDomainConfNWFilterInstantiate(virConnectPtr conn, const unsigned char *vmuuid, + enum virNetDevVPortProfileOp vmOp, virDomainNetDefPtr net); void virDomainConfNWFilterTeardown(virDomainNetDefPtr net); void virDomainConfVMNWFilterTeardown(virDomainObjPtr vm); Index: libvirt-acl/src/nwfilter/nwfilter_driver.c =================================================================== --- libvirt-acl.orig/src/nwfilter/nwfilter_driver.c +++ libvirt-acl/src/nwfilter/nwfilter_driver.c @@ -444,9 +444,10 @@ cleanup: static int nwfilterInstantiateFilter(virConnectPtr conn, const unsigned char *vmuuid, + enum virNetDevVPortProfileOp vmOp, virDomainNetDefPtr net) { - return virNWFilterInstantiateFilter(conn, vmuuid, net); + return virNWFilterInstantiateFilter(conn, vmuuid, vmOp, net); } Index: libvirt-acl/src/nwfilter/nwfilter_gentech_driver.c =================================================================== --- libvirt-acl.orig/src/nwfilter/nwfilter_gentech_driver.c +++ libvirt-acl/src/nwfilter/nwfilter_gentech_driver.c @@ -627,6 +627,7 @@ virNWFilterRuleInstancesToArray(int nEnt */ static int virNWFilterInstantiate(const unsigned char *vmuuid ATTRIBUTE_UNUSED, + enum virNetDevVPortProfileOp vmOp ATTRIBUTE_UNUSED, virNWFilterTechDriverPtr techdriver, enum virDomainNetType nettype, virNWFilterDefPtr filter, @@ -764,6 +765,7 @@ err_unresolvable_vars: */ static int __virNWFilterInstantiateFilter(const unsigned char *vmuuid, + enum virNetDevVPortProfileOp vmOp, bool teardownOld, const char *ifname, int ifindex, @@ -856,7 +858,7 @@ __virNWFilterInstantiateFilter(const uns break; } - rc = virNWFilterInstantiate(vmuuid, + rc = virNWFilterInstantiate(vmuuid, vmOp, techdriver, nettype, filter, @@ -888,6 +890,7 @@ err_exit: static int _virNWFilterInstantiateFilter(virConnectPtr conn, const unsigned char *vmuuid, + enum virNetDevVPortProfileOp vmOp, const virDomainNetDefPtr net, bool teardownOld, enum instCase useNewFilter, @@ -913,7 +916,7 @@ _virNWFilterInstantiateFilter(virConnect goto cleanup; } - rc = __virNWFilterInstantiateFilter(vmuuid, + rc = __virNWFilterInstantiateFilter(vmuuid, vmOp, teardownOld, net->ifname, ifindex, @@ -951,6 +954,7 @@ virNWFilterInstantiateFilterLate(const u virNWFilterLockFilterUpdates(); rc = __virNWFilterInstantiateFilter(vmuuid, + VIR_NETDEV_VPORT_PROFILE_OP_NO_OP, true, ifname, ifindex, @@ -982,11 +986,12 @@ virNWFilterInstantiateFilterLate(const u int virNWFilterInstantiateFilter(virConnectPtr conn, const unsigned char *vmuuid, + enum virNetDevVPortProfileOp vmOp, const virDomainNetDefPtr net) { bool foundNewFilter = false; - return _virNWFilterInstantiateFilter(conn, vmuuid, net, + return _virNWFilterInstantiateFilter(conn, vmuuid, vmOp, net, 1, INSTANTIATE_ALWAYS, &foundNewFilter); @@ -1001,7 +1006,9 @@ virNWFilterUpdateInstantiateFilter(virCo { bool foundNewFilter = false; - int rc = _virNWFilterInstantiateFilter(conn, vmuuid, net, + int rc = _virNWFilterInstantiateFilter(conn, vmuuid, + VIR_NETDEV_VPORT_PROFILE_OP_NO_OP, + net, 0, INSTANTIATE_FOLLOW_NEWFILTER, &foundNewFilter); Index: libvirt-acl/src/nwfilter/nwfilter_gentech_driver.h =================================================================== --- libvirt-acl.orig/src/nwfilter/nwfilter_gentech_driver.h +++ libvirt-acl/src/nwfilter/nwfilter_gentech_driver.h @@ -39,6 +39,7 @@ enum instCase { int virNWFilterInstantiateFilter(virConnectPtr conn, const unsigned char *vmuuid, + enum virNetDevVPortProfileOp vmOp, const virDomainNetDefPtr net); int virNWFilterUpdateInstantiateFilter(virConnectPtr conn, const unsigned char *vmuuid, Index: libvirt-acl/src/qemu/qemu_command.c =================================================================== --- libvirt-acl.orig/src/qemu/qemu_command.c +++ libvirt-acl/src/qemu/qemu_command.c @@ -171,6 +171,7 @@ qemuPhysIfaceConnect(virDomainDefPtr def int qemuNetworkIfaceConnect(virDomainDefPtr def, virConnectPtr conn, + enum virNetDevVPortProfileOp vmOp, struct qemud_driver *driver, virDomainNetDefPtr net, virBitmapPtr qemuCaps) @@ -275,7 +276,8 @@ qemuNetworkIfaceConnect(virDomainDefPtr if (tapfd >= 0) { if ((net->filter) && (net->ifname)) { - if (virDomainConfNWFilterInstantiate(conn, def->uuid, net) < 0) + if (virDomainConfNWFilterInstantiate(conn, def->uuid, vmOp, + net) < 0) VIR_FORCE_CLOSE(tapfd); } } @@ -4339,8 +4341,8 @@ qemuBuildCommandLine(virConnectPtr conn, actualType = virDomainNetGetActualType(net); if (actualType == VIR_DOMAIN_NET_TYPE_NETWORK || actualType == VIR_DOMAIN_NET_TYPE_BRIDGE) { - int tapfd = qemuNetworkIfaceConnect(def, conn, driver, net, - qemuCaps); + int tapfd = qemuNetworkIfaceConnect(def, conn, vmop, driver, + net, qemuCaps); if (tapfd < 0) goto error; Index: libvirt-acl/src/lxc/lxc_driver.c =================================================================== --- libvirt-acl.orig/src/lxc/lxc_driver.c +++ libvirt-acl/src/lxc/lxc_driver.c @@ -1184,6 +1184,7 @@ static void lxcVmCleanup(lxc_driver_t *d static int lxcSetupInterfaceBridged(virConnectPtr conn, virDomainDefPtr vm, + enum virNetDevVPortProfileOp vmOp, virDomainNetDefPtr net, const char *brname, unsigned int *nveths, @@ -1228,7 +1229,8 @@ static int lxcSetupInterfaceBridged(virC } if (net->filter && - virDomainConfNWFilterInstantiate(conn, vm->uuid, net) < 0) + virDomainConfNWFilterInstantiate(conn, vm->uuid, vmOp, + net) < 0) goto cleanup; ret = 0; @@ -1319,6 +1321,7 @@ cleanup: */ static int lxcSetupInterfaces(virConnectPtr conn, virDomainDefPtr def, + enum virNetDevVPortProfileOp vmOp, unsigned int *nveths, char ***veths) { @@ -1349,6 +1352,7 @@ static int lxcSetupInterfaces(virConnect if (lxcSetupInterfaceBridged(conn, def, + vmOp, def->nets[i], brname, nveths, @@ -1368,6 +1372,7 @@ static int lxcSetupInterfaces(virConnect } if (lxcSetupInterfaceBridged(conn, def, + vmOp, def->nets[i], brname, nveths, @@ -1818,7 +1823,8 @@ static int lxcVmStart(virConnectPtr conn } } - if (lxcSetupInterfaces(conn, vm->def, &nveths, &veths) != 0) + if (lxcSetupInterfaces(conn, vm->def, VIR_NETDEV_VPORT_PROFILE_OP_CREATE, + &nveths, &veths) != 0) goto cleanup; /* Save the configuration for the controller */ Index: libvirt-acl/src/qemu/qemu_command.h =================================================================== --- libvirt-acl.orig/src/qemu/qemu_command.h +++ libvirt-acl/src/qemu/qemu_command.h @@ -126,6 +126,7 @@ char * qemuBuildRedirdevDevStr(virDomain int qemuNetworkIfaceConnect(virDomainDefPtr def, virConnectPtr conn, + enum virNetDevVPortProfileOp vmOp, struct qemud_driver *driver, virDomainNetDefPtr net, virBitmapPtr qemuCaps) Index: libvirt-acl/src/qemu/qemu_hotplug.c =================================================================== --- libvirt-acl.orig/src/qemu/qemu_hotplug.c +++ libvirt-acl/src/qemu/qemu_hotplug.c @@ -669,7 +669,9 @@ int qemuDomainAttachNetDevice(virConnect actualType = virDomainNetGetActualType(net); if (actualType == VIR_DOMAIN_NET_TYPE_BRIDGE || actualType == VIR_DOMAIN_NET_TYPE_NETWORK) { - if ((tapfd = qemuNetworkIfaceConnect(vm->def, conn, driver, net, + if ((tapfd = qemuNetworkIfaceConnect(vm->def, conn, + VIR_NETDEV_VPORT_PROFILE_OP_CREATE, + driver, net, priv->qemuCaps)) < 0) goto cleanup; iface_connected = true; Index: libvirt-acl/src/qemu/qemu_process.c =================================================================== --- libvirt-acl.orig/src/qemu/qemu_process.c +++ libvirt-acl/src/qemu/qemu_process.c @@ -2310,6 +2310,7 @@ qemuProcessNotifyNets(virDomainDefPtr de static int qemuProcessFiltersInstantiate(virConnectPtr conn, + enum virNetDevVPortProfileOp vmOp, virDomainDefPtr def) { int err = 0; @@ -2321,7 +2322,8 @@ qemuProcessFiltersInstantiate(virConnect for (i = 0 ; i < def->nnets ; i++) { virDomainNetDefPtr net = def->nets[i]; if ((net->filter) && (net->ifname)) { - if (virDomainConfNWFilterInstantiate(conn, def->uuid, net) < 0) { + if (virDomainConfNWFilterInstantiate(conn, def->uuid, vmOp, + net) < 0) { err = 1; break; } @@ -2662,7 +2664,8 @@ qemuProcessReconnect(void *opaque) if (qemuProcessNotifyNets(obj->def) < 0) goto error; - if (qemuProcessFiltersInstantiate(conn, obj->def)) + if (qemuProcessFiltersInstantiate(conn, VIR_NETDEV_VPORT_PROFILE_OP_NO_OP, + obj->def)) goto error; if (qemuDomainCheckEjectableMedia(driver, obj) < 0) Index: libvirt-acl/src/uml/uml_conf.c =================================================================== --- libvirt-acl.orig/src/uml/uml_conf.c +++ libvirt-acl/src/uml/uml_conf.c @@ -118,6 +118,7 @@ virCapsPtr umlCapsInit(void) { static int umlConnectTapDevice(virConnectPtr conn, virDomainDefPtr vm, + enum virNetDevVPortProfileOp vmOp, virDomainNetDefPtr net, const char *bridge) { @@ -144,7 +145,7 @@ umlConnectTapDevice(virConnectPtr conn, } if (net->filter) { - if (virDomainConfNWFilterInstantiate(conn, vm->uuid, net) < 0) { + if (virDomainConfNWFilterInstantiate(conn, vm->uuid, vmOp, net) < 0) { if (template_ifname) VIR_FREE(net->ifname); goto error; @@ -162,6 +163,7 @@ error: static char * umlBuildCommandLineNet(virConnectPtr conn, virDomainDefPtr vm, + enum virNetDevVPortProfileOp vmOp, virDomainNetDefPtr def, int idx) { @@ -227,7 +229,7 @@ umlBuildCommandLineNet(virConnectPtr con goto error; } - if (umlConnectTapDevice(conn, vm, def, bridge) < 0) { + if (umlConnectTapDevice(conn, vm, vmOp, def, bridge) < 0) { VIR_FREE(bridge); goto error; } @@ -238,7 +240,7 @@ umlBuildCommandLineNet(virConnectPtr con } case VIR_DOMAIN_NET_TYPE_BRIDGE: - if (umlConnectTapDevice(conn, vm, def, + if (umlConnectTapDevice(conn, vm, vmOp, def, def->data.bridge.brname) < 0) goto error; @@ -399,7 +401,8 @@ static char *umlNextArg(char *args) */ virCommandPtr umlBuildCommandLine(virConnectPtr conn, struct uml_driver *driver, - virDomainObjPtr vm) + virDomainObjPtr vm, + enum virNetDevVPortProfileOp vmOp) { int i, j; struct utsname ut; @@ -432,7 +435,8 @@ virCommandPtr umlBuildCommandLine(virCon } for (i = 0 ; i < vm->def->nnets ; i++) { - char *ret = umlBuildCommandLineNet(conn, vm->def, vm->def->nets[i], i); + char *ret = umlBuildCommandLineNet(conn, vm->def, vmOp, + vm->def->nets[i], i); if (!ret) goto error; virCommandAddArg(cmd, ret); Index: libvirt-acl/src/uml/uml_conf.h =================================================================== --- libvirt-acl.orig/src/uml/uml_conf.h +++ libvirt-acl/src/uml/uml_conf.h @@ -79,6 +79,7 @@ virCapsPtr umlCapsInit (v virCommandPtr umlBuildCommandLine(virConnectPtr conn, struct uml_driver *driver, - virDomainObjPtr dom); + virDomainObjPtr dom, + enum virNetDevVPortProfileOp vmOp); #endif /* __UML_CONF_H */ Index: libvirt-acl/src/uml/uml_driver.c =================================================================== --- libvirt-acl.orig/src/uml/uml_driver.c +++ libvirt-acl/src/uml/uml_driver.c @@ -1039,7 +1039,8 @@ static int umlStartVMDaemon(virConnectPt return -1; } - if (!(cmd = umlBuildCommandLine(conn, driver, vm))) { + if (!(cmd = umlBuildCommandLine(conn, driver, vm, + VIR_NETDEV_VPORT_PROFILE_OP_CREATE))) { VIR_FORCE_CLOSE(logfd); virDomainConfVMNWFilterTeardown(vm); umlCleanupTapDevices(vm);

1 1

[libvirt] KVM Call Agenda for 12/6 (Tuesday) @ 10am US/Eastern
by Anthony Liguori 07 Dec '11

07 Dec '11

Hi, I'd like to propose that we discuss guest agent convergence in our next KVM call. I've CC'd folks from oVirt and libvirt to join the discussion. I think we should probably attempt to have some structure to the discussion. I would suggest: 1. A short introduction to each of the guest agents, what guests they support, and what verbs they support. 2. A short description of key requirements from each party (oVirt, libvirt, QEMU) for a guest agent 3. An open discussion about possible ways to collaborate/converge. Regards, Anthony Liguori

6 7

[libvirt] [PATCH v2 0/2] Guest NUMA topology support
by Bharata B Rao 07 Dec '11

07 Dec '11

Hi, This is v2 of the patchset that adds support for specifying NUMA topology for guests. <cpu> ... <topology sockets='2' cores='4' threads='2'/> <numa> <cell cpus='0-7' mems='512000'/> <cell cpus='8-15' mems='512000'/> </numa> ... </cpu> This change allows libvirt to generate -numa options for QEMU/KVM. This patchset passes all tests except daemon-conf test. Changes for v2 -------------- - Renamed mems to memory in NUMA cell specification. - Make both cpus= and memory= mandatory in a NUMA cell. - Reuse cpuset and memoryKB definitions for cpus and memory. - Fix a bug in reading memory=. - Correct error handling for usages of virXMLPropString. - Support virsh dumpxml. - Fix XML in domaincommon.rng so that <numa> works correctly for both <cpu> ... <cpu> as well as <cpu match="..."> ... <cpu> - Don't use virBufferTruncate. - Modifiy qemuxml2argv test cases for s/mems/memory change. - Use virBufferLit wherever possible. - Now qemuBuildNumaCPUArgStr can't fail, hence doesn't need return val. - Pass memory in MB to qemu. v1 - https://www.redhat.com/archives/libvir-list/2011-November/msg00247.html v0 - https://www.redhat.com/archives/libvir-list/2011-October/msg00025.html RFC - http://permalink.gmane.org/gmane.comp.emulators.libvirt/44626 Regards, Bharata.

4 8

[libvirt] [PATCH 0/5] Interface pools and passthrough mode
by Shradha Shah 06 Dec '11

06 Dec '11

Interface Pools and Passthrough mode: Current Method: The passthrough mode uses a macvtap a direct connection to connect each guest to the network. The physical interface to be used is picked from among those listed in <interface> sub elements of the <forward> element. The current specification for <forward> extends to allow 0 or more <interface> sub-elements: Example: <forward mode='passthrough' dev='eth10'/> <interface dev='eth10'/> <interface dev='eth12'/> <interface dev='eth18'/> <interface dev='eth20'/> </forward> However with an ethernet card with 64 VF's or more, the above method gets tedious on the system. On the other hand, just parameterizing a string (eth%d) is inadequate, eg, when there are multiple non-contiguous ranges. Proposed Method: The 5 patches provided along with this introductory e-mail i) Introduce a structure to store the state of all the virtual functions attached to each physical function ii) Find a free virtual function given the physical function. The forward specification will hence only mention the physical function as the interface sub element: Example: <forward mode='passthrough' dev='eth2'/> <interface dev='eth2'/> </forward> Shradha Shah (5): Moving the declaration of _pciDevice and _pciDeviceList to pci.h Added function pciSysfsFile to enable access to the PCI SYSFS files. Adding functions virNetDevGetVirtualFunctions and virNetDevGetNetName virNetDevGetVirtualFunctions: Gets the BDF of all the Virtual Functions given a physical function virNetDevGetNetName: Gets the interface name of the PCI Device. Addition of a new device structure to store the state of a Virtual Function Modifications to the Physical Device Structure to store state of its Virtual Functions If a system has 64 or more VF's, it is quite tedious to mention each VF in the interface pool. The following modification find a Free VF given a Physical Function when mode=passthrough. We also save the state of each VF. Hence modifications to networkAllocateActualDevice, networkNotifyActualDevice and networkReleaseActualDevice were required. The following patch does just that. src/conf/network_conf.c | 19 ++++- src/conf/network_conf.h | 10 ++ src/network/bridge_driver.c | 208 +++++++++++++++++++++++++++++++++++++------ src/util/pci.c | 52 ++++------- src/util/pci.h | 36 ++++++++ src/util/virnetdev.c | 89 ++++++++++++++++++ src/util/virnetdev.h | 10 ++ 7 files changed, 359 insertions(+), 65 deletions(-) -- 1.7.4.4

3 19

[libvirt] [PATCH 00/14] Add a virtlockd lock manager daemon
by Daniel P. Berrange 05 Dec '11

05 Dec '11

The lock manager infrastructure we recently added to QEMU only has two possible drivers at this time, 'nop' and 'sanlock'. The former does absolutely nothing, while the latter requires a 3rd party package installed and is a little heavy on disk I/O and storage requirements. This series adds a new daemon 'virtlockd' which is intended to be enabled by default on all hosts running 'libvirtd'. This daemon provides a service for disk locking based on the traditional fcntl() lock primitives. There is a new libvirt manager plugin which talks to this daemon over RPC. The reason for doing the locks in a separate process is that we want the locks to remain active, even if libvirtd crashes, or is restarted. The virtlockd daemon has this one single job so should be pretty reliable and selfcontained. This patch series really benefits from the new RPC APIs, requiring minimal code for the new daemon / client At this time, virtlockd does not lock the actual disk files, but instead creates a lockspace & leases under /var/lib/libvirt/lockd. The lockspace we use for disks is named org.libvirt.lockd.files, and lease names are based on a SHA256 checksum of the fully qualified disk name. eg /var/lib/libvirt/lockd/org.libvirt.lockd.files/adf94fc33a24da1abff7dd7374a9919bb51efee646da8c3ac464c10cd59750bd These leases are all zero-bytes long and no I/O is ever performed on them, only fcntl() is used. So there is material overhead. Whenever creating or deleting leases, we first acquire a lock on /var/lib/libvirt/lockd/org.libvirt.lockd.files/org.libvirt.lockd.index A non-root virtlockd will instead use $HOME/.libvirt/lockd By default we gain protection out of the box against - Starting two guests on the same host with the same disk image not marked with <shareable/> - libvirtd getting confused and forgetting a guest, allowing it to be started for a 2nd time If the admin mounts a shared filesytem (eg NFS) on /var/lib/libvirt/lockd then this protection is extended across all hosts sharing that mount volume. As part of this series, I also introduce support for systemd services for libvirtd and libvir-guests.

4 27

[libvirt] [PATCH 00/10] Console coruption with two or more clients series
by Peter Krempa 05 Dec '11

05 Dec '11

This series fixes anoying console corruption if two clients try to connect at same time to the console. The current state of this is, that two/more of libvirt iohelpers are spawned on the same time that compete for data from the pty. This causes that each of the consoles get scrambled and unusable. Patches fdstream: Emit stream abort callback even if poll() doesnt. virnetclientstream: Propagate stream error messages to callback daemon: Subscribe the stream event callback for error events. add the ability to abort a stream from the daemon side. fdstream: Add internal function to check if a fdstream is open This patch adds a helper function that checks internally if a fdstream is open and working. virsh: fix console stream error reporting Add flags for virDomainOpenConsole virsh: add support for VIR_DOMAIN_CONSOLE_FORCE flag This patches add instrumentation to virsh that supports the new ability to abort streams from the daemon side and adapts the console callback to handle this. These patches also add a new flag set for virDomainOpenConsole API call that allow users to control the if the existing console connection should be left in place or killed in favor of the new one qemu: Add ability to abort existing console while creating new one lxc: Add ability to abort existing console when creating a new one uml: Add ability to abort existing console when creating a new one These patches modify the hypervisor drivers so that they are aware of existing console connections and refuse to create a new one (or kill the old). The xen driver also supports console in a similar way like the previously mentioned drivers, but lacks the means to store a stream reference permanently. I'll look in if it's possible to modify this driver to support this new functionality. For convinience, to review these patches: git checkout -b console_corruption 33b55fd85ae5435bda53c3cfcbe1385074befd01 git pull git://aeon.pipo.sk/libvirt.git console_corruption Peter Peter Krempa (10): fdstream: Emit stream abort callback even if poll() doesnt. virnetclientstream: Propagate stream error messages to callback daemon: Subscribe the stream event callback for error events. fdstream: Add internal function to check if a fdstream is open virsh: fix console stream error reporting Add flags for virDomainOpenConsole virsh: add support for VIR_DOMAIN_CONSOLE_FORCE flag qemu: Add ability to abort existing console while creating new one lxc: Add ability to abort existing console when creating a new one uml: Add ability to abort existing console when creating a new one daemon/stream.c | 2 +- include/libvirt/libvirt.h.in | 12 +++++++- src/fdstream.c | 61 ++++++++++++++++++++++++++++++++++++++--- src/fdstream.h | 2 + src/libvirt_private.syms | 1 + src/lxc/lxc_driver.c | 28 ++++++++++++++++++- src/qemu/qemu_domain.c | 3 ++ src/qemu/qemu_domain.h | 2 + src/qemu/qemu_driver.c | 23 +++++++++++++++- src/rpc/virnetclientstream.c | 12 +++++--- src/uml/uml_driver.c | 28 ++++++++++++++++++- tools/console.c | 27 ++++++++++++------ tools/console.h | 2 +- tools/virsh.c | 18 +++++++++--- 14 files changed, 192 insertions(+), 29 deletions(-) -- 1.7.3.4

3 21

[libvirt] [PATCH 0/2] Expose virNodeGetCPUStats and virNodeGetMemoryStats in python
by Peter Krempa 05 Dec '11

05 Dec '11

These patches add two API functions to the libvirt python bindings, that were missing. The constants denoting a summary stat value instead of a separate per-node values was declared using a preprocessor macro: ... #define VIR_NODE_MEMORY_STATS_ALL_CELLS (-1) #define VIR_NODE_CPU_STATS_ALL_CPUS (-1) ... This inhibits automatic generation of these constants in the automaticaly generated python library code. If this change is too controversial, there's another option: Including these constants in the python library (using libvirt-override.py). Please let me know which of those options you prefer. Thanks Peter Peter Krempa (2): python: Expose binding for virNodeGetCPUStats() python: Expose binding for virNodeGetMemoryStats() include/libvirt/libvirt.h.in | 12 +++-- - change macro definitions to enums python/libvirt-override-api.xml | 14 ++++++ - add doc's about newly added functions python/libvirt-override.c | 95 +++++++++++++++++++++++++++++++++++++++ - add code for calling those functions and reclaiming return values. 3 files changed, 117 insertions(+), 4 deletions(-) -- 1.7.3.4

2 8

[libvirt] [RFC v3 PATCH 0/5] PowerPC : Extend libvirt for the PowerPC-KVM platform
by Prerna Saxena 02 Dec '11

02 Dec '11

Recent development in KVM for 64-bit Power ISA Book3S machines, allows users to run multiple KVM guest instances on POWER7 and PPC970 processor based systems. Also qemu-system-ppc64 has been enhanced to support a new machine type "pseries" suitable for Power Book3S machines. This addition effectively brings the KVM+qemu combination to run multiple guest instances on a Power Book3S machine. Libvirt continues to be the key interface to configure and manage the KVM guest instances on x86. This patch set is an effort to enable libvirt to support KVM guest configuration and management on Power Book3S machines. Based on community discussion around the earlier version, this patch series augments the present 'kvm' driver to support PowerPC-KVM based guests.Since some of the supported devices vary between architectures, libvirt must be capable of choosing supported device backends and defaults for each architecture in qemu. To check if qemu supports a certain feature, libvirt at present parses the -help string which is generated by running the qemu binary with the '-h' argument. This approach is gated by QEMU's inherent limitation. When generating the list of allowed options with the '-h' flags, qemu today blindly lists all options defined for any architecture/platform instead of doing any arch-specific checking. This tricks libvirt into assuming a much bigger set of host capabilities than is actually available. Ideally, it would be good to have qemu specify a list of devices for a given architecture and platform which libvirt can parse to understand supported capabilities for that guest. As a part of this patchset, there is an attempt to cleanly bifurcate libvirt code and to remove x86-specific assumptions from generic qemu commandline code. Series Description: ------------------- This patch series consists of 5 patches : Patch 1/5 : Use sysfs to gather host topology in place of /proc/cpuinfo. Patch 2/5 : Add PowerPC CPU Driver Patch 3/5 : Add support for qemu-system-ppc64 Patch 4/5 : Clean up x86-specific assumptions from generic qemu code. Patch 5/5 : Add address family "spapr-vio" Changelog: --------- ** v1->v2 : * Patches 1,2,3 unchanged ; The hacks in Patch 4 of v1 replaced by a new patch to neatly select arch-specific features. ** v2->v3 : * Patches 1,2,3 have minor cleanups ; Patch 4 no longer has an arch-specific handler routine. It is now replaced by a much simpler patch that merely removes x86/pc-specific assumptions from libvirt. ** v3->v4 : * Patches 1,2,3,4 unchanged ; patch 5 is a new addition from Michael Ellerman that adds a new device-tree based addressing mechanism for the 'pseries' guest. -- Prerna Saxena Linux Technology Centre, IBM Systems and Technology Lab, Bangalore, India

5 24

[libvirt] [PATCH] nwfilter: Update of filters to handle multiple IP addresses
by Stefan Berger 02 Dec '11

02 Dec '11

With fragments borrowed from David Steven's previous submission and some further modifications: A set of modifications to existing filters to handle multiple IP addresses (and MAC addresses) per interface. Also: - enable DHCP traffic from VM to any DHCP server - will require an update to a libvirt-tck data file Signed-off-by: David L Stevens <dlstevens(a)us.ibm.com> Signed-off-by: Stefan Berger <stefanb(a)linux.vnet.ibm.com> --- examples/xml/nwfilter/Makefile.am | 2 + examples/xml/nwfilter/clean-traffic.xml | 12 +++++++- examples/xml/nwfilter/no-arp-ip-spoofing.xml | 9 ++++++ examples/xml/nwfilter/no-arp-mac-spoofing.xml | 7 ++++ examples/xml/nwfilter/no-arp-spoofing.xml | 38 ++------------------------ examples/xml/nwfilter/no-ip-spoofing.xml | 17 ++++++++--- examples/xml/nwfilter/no-mac-spoofing.xml | 11 +++++-- 7 files changed, 52 insertions(+), 44 deletions(-) Index: libvirt-acl/examples/xml/nwfilter/Makefile.am =================================================================== --- libvirt-acl.orig/examples/xml/nwfilter/Makefile.am +++ libvirt-acl/examples/xml/nwfilter/Makefile.am @@ -9,6 +9,8 @@ FILTERS = \ allow-ipv4.xml \ clean-traffic.xml \ no-arp-spoofing.xml \ + no-arp-ip-spoofing.xml \ + no-arp-mac-spoofing.xml \ no-ip-multicast.xml \ no-ip-spoofing.xml \ no-mac-broadcast.xml \ Index: libvirt-acl/examples/xml/nwfilter/no-arp-ip-spoofing.xml =================================================================== --- /dev/null +++ libvirt-acl/examples/xml/nwfilter/no-arp-ip-spoofing.xml @@ -0,0 +1,9 @@ +<filter name='no-arp-ip-spoofing' chain='arp-ip' priority='-510'> +  +  + <rule action='return' direction='out' priority='400' > + <arp match='yes' arpsrcipaddr='$IP' /> + </rule> +  + <rule action='drop' direction='out' priority='1000' /> +</filter> Index: libvirt-acl/examples/xml/nwfilter/no-arp-mac-spoofing.xml =================================================================== --- /dev/null +++ libvirt-acl/examples/xml/nwfilter/no-arp-mac-spoofing.xml @@ -0,0 +1,7 @@ +<filter name='no-arp-mac-spoofing' chain='arp-mac' priority='-520'> + <rule action='return' direction='out' priority='350' > + <arp match='yes' arpsrcmacaddr='$MAC'/> + </rule> +  + <rule action='drop' direction='out' priority='1000' /> +</filter> Index: libvirt-acl/examples/xml/nwfilter/clean-traffic.xml =================================================================== --- libvirt-acl.orig/examples/xml/nwfilter/clean-traffic.xml +++ libvirt-acl/examples/xml/nwfilter/clean-traffic.xml @@ -1,4 +1,4 @@ -<filter name='clean-traffic'> +<filter name='clean-traffic' chain='root'>  @@ -6,11 +6,21 @@  <filterref filter='no-ip-spoofing'/> + + <rule direction='out' action='accept' priority='-650'> + <mac protocolid='ipv4'/> + </rule> + <filterref filter='allow-incoming-ipv4'/>  <filterref filter='no-arp-spoofing'/> +  + <rule action='accept' direction='inout' priority='-500'> + <mac protocolid='arp'/> + </rule> +  <filterref filter='no-other-l2-traffic'/> Index: libvirt-acl/examples/xml/nwfilter/no-mac-spoofing.xml =================================================================== --- libvirt-acl.orig/examples/xml/nwfilter/no-mac-spoofing.xml +++ libvirt-acl/examples/xml/nwfilter/no-mac-spoofing.xml @@ -1,5 +1,10 @@ -<filter name='no-mac-spoofing' chain='ipv4'> - <rule action='drop' direction='out' priority='10'> - <mac match='no' srcmacaddr='$MAC' /> +<filter name='no-mac-spoofing' chain='mac' priority='-800'> +  + <rule direction='out' action='return'> + <mac srcmacaddr='$MAC'/> + </rule> +  + <rule direction='out' action='drop'> + <mac/> </rule> </filter> Index: libvirt-acl/examples/xml/nwfilter/no-arp-spoofing.xml =================================================================== --- libvirt-acl.orig/examples/xml/nwfilter/no-arp-spoofing.xml +++ libvirt-acl/examples/xml/nwfilter/no-arp-spoofing.xml @@ -1,36 +1,4 @@ -<filter name='no-arp-spoofing' chain='arp'> - <uuid>f88f1932-debf-4aa1-9fbe-f10d3aa4bc95</uuid> - <rule action='drop' direction='out' priority='300' > - <mac match='no' srcmacaddr='$MAC'/> - </rule> - -  -  - <rule action='drop' direction='out' priority='350' > - <arp match='no' arpsrcmacaddr='$MAC'/> - </rule> - <rule action='drop' direction='out' priority='400' > - <arp match='no' arpsrcipaddr='$IP' /> - </rule> -  - <rule action='accept' direction='in' priority='425'> - <arp gratuitous='true'/> - </rule> -  - <rule action='drop' direction='in' priority='450' > - <arp match='no' arpdstmacaddr='$MAC'/> - <arp opcode='reply'/> - </rule> - <rule action='drop' direction='in' priority='500' > - <arp match='no' arpdstipaddr='$IP' /> - </rule> -  - <rule action='accept' direction='inout' priority='600' > - <arp opcode='request'/> - </rule> - <rule action='accept' direction='inout' priority='650' > - <arp opcode='reply'/> - </rule> -  - <rule action='drop' direction='inout' priority='1000' /> +<filter name='no-arp-spoofing' chain='root'> + <filterref filter='no-arp-mac-spoofing'/> + <filterref filter='no-arp-ip-spoofing'/> </filter> Index: libvirt-acl/examples/xml/nwfilter/no-ip-spoofing.xml =================================================================== --- libvirt-acl.orig/examples/xml/nwfilter/no-ip-spoofing.xml +++ libvirt-acl/examples/xml/nwfilter/no-ip-spoofing.xml @@ -1,7 +1,14 @@ -<filter name='no-ip-spoofing' chain='ipv4'> +<filter name='no-ip-spoofing' chain='ipv4-ip' priority='-710'> +  + <rule action='accept' direction='out' priority='100'> + <ip srcipaddr='0.0.0.0' protocol='udp' srcportstart='68' srcportend='68'/> + </rule> -  - <rule action='drop' direction='out'> - <ip match='no' srcipaddr='$IP' /> - </rule> +  + <rule direction='out' action='return' priority='500'> + <ip srcipaddr='$IP'/> + </rule> + +  + <rule direction='out' action='drop' priority='1000'/> </filter>

2 3