[libvirt] [PATCHv2] build: avoid -lgcrypt with newer gnutls
by Eric Blake
https://bugzilla.redhat.com/show_bug.cgi?id=951637
Newer gnutls uses nettle, rather than gcrypt, which is a lot nicer
regarding initialization. Yet we were unconditionally initializing
gcrypt even when gnutls wouldn't be using it, and having two crypto
libraries linked into libvirt.so is pointless.
Assume that the switch to gnutls 3.0 is a reliable witness, when
pkg-config is present; otherwise be pessimistic and use gcrypt.
* configure.ac (WITH_GNUTLS): Probe whether to add -lgcrypt, and
define a witness WITH_GNUTLS_GCRYPT.
* src/libvirt.c (virTLSMutexInit, virTLSMutexDestroy)
(virTLSMutexLock, virTLSMutexUnlock, virTLSThreadImpl)
(virGlobalInit): Honor the witness.
* libvirt.spec.in (BuildRequires): Make gcrypt usage conditional,
no longer needed in Fedora 19.
Signed-off-by: Eric Blake <eblake(a)redhat.com>
---
v2: use second pkg-config invocation rather than ldd to determine
whether gnutls uses gcrypt
configure.ac | 27 +++++++++++++++++++--------
libvirt.spec.in | 2 ++
src/libvirt.c | 10 ++++++----
3 files changed, 27 insertions(+), 12 deletions(-)
diff --git a/configure.ac b/configure.ac
index cc9942a..eb56b63 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1076,12 +1076,19 @@ if test "x$with_gnutls" != "xno"; then
LIBS="$LIBS $GNUTLS_LIBS"
GNUTLS_FOUND=no
+ GNUTLS_GCRYPT=no
if test -x "$PKG_CONFIG" ; then
+ dnl double probe, since we know that gnutls 3.0 switched to nettle instead of
+ dnl gcrypt
PKG_CHECK_MODULES(GNUTLS, gnutls >= $GNUTLS_REQUIRED,
- [GNUTLS_FOUND=yes], [GNUTLS_FOUND=no])
+ [GNUTLS_FOUND=yes
+ PKG_CHECK_MODULES([GNUTLS], [gnutls >= 3.0], [], [GNUTLS_GCRYPT=yes])],
+ [GNUTLS_FOUND=no])
fi
if test "$GNUTLS_FOUND" = "no"; then
+ dnl pkg-config couldn't help us, assume gcrypt is necessary
fail=0
+ GNUTLS_GCRYPT=yes
AC_CHECK_HEADER([gnutls/gnutls.h], [], [fail=1])
AC_CHECK_LIB([gnutls], [gnutls_handshake],[], [fail=1], [-lgcrypt])
@@ -1098,13 +1105,17 @@ if test "x$with_gnutls" != "xno"; then
AC_MSG_ERROR([You must install the GnuTLS library in order to compile and run libvirt])
fi
else
- dnl Not all versions of gnutls include -lgcrypt, and so we add
- dnl it explicitly for the calls to gcry_control/check_version
- GNUTLS_LIBS="$GNUTLS_LIBS -lgcrypt"
-
- dnl We're not using gcrypt deprecated features so define
- dnl GCRYPT_NO_DEPRECATED to avoid deprecated warnings
- GNUTLS_CFLAGS="$GNUTLS_CFLAGS -DGCRYPT_NO_DEPRECATED"
+ dnl If gnutls linked against -lgcrypt, then we must initialize gcrypt
+ dnl prior to using gnutls. Newer versions of gnutls use -lnettle, in
+ dnl which case we don't want to drag in gcrypt ourselves.
+ if test "$GNUTLS_GCRYPT" = yes; then
+ GNUTLS_LIBS="$GNUTLS_LIBS -lgcrypt"
+ dnl We're not using gcrypt deprecated features so define
+ dnl GCRYPT_NO_DEPRECATED to avoid deprecated warnings
+ GNUTLS_CFLAGS="$GNUTLS_CFLAGS -DGCRYPT_NO_DEPRECATED"
+ AC_DEFINE_UNQUOTED([WITH_GNUTLS_GCRYPT], 1,
+ [set to 1 if it is known or assumed that GNUTLS uses gcrypt])
+ fi
dnl gnutls 3.x moved some declarations to a new header
AC_CHECK_HEADERS([gnutls/crypto.h], [], [], [[
diff --git a/libvirt.spec.in b/libvirt.spec.in
index e0e0004..4320281 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -422,7 +422,9 @@ BuildRequires: readline-devel
BuildRequires: ncurses-devel
BuildRequires: gettext
BuildRequires: libtasn1-devel
+%if (0%{?rhel} && 0%{?rhel} < 7) || (0%{?fedora} && 0%{?fedora} < 19)
BuildRequires: libgcrypt-devel
+%endif
BuildRequires: gnutls-devel
BuildRequires: libattr-devel
%if %{with_libvirtd}
diff --git a/src/libvirt.c b/src/libvirt.c
index 8157488..66e8248 100644
--- a/src/libvirt.c
+++ b/src/libvirt.c
@@ -55,7 +55,9 @@
#include "intprops.h"
#include "virconf.h"
#if WITH_GNUTLS
-# include <gcrypt.h>
+# if WITH_GNUTLS_GCRYPT
+# include <gcrypt.h>
+# endif
# include "rpc/virnettlscontext.h"
#endif
#include "vircommand.h"
@@ -270,7 +272,7 @@ winsock_init(void)
#endif
-#ifdef WITH_GNUTLS
+#ifdef WITH_GNUTLS_GCRYPT
static int virTLSMutexInit(void **priv)
{
virMutexPtr lock = NULL;
@@ -323,7 +325,7 @@ static struct gcry_thread_cbs virTLSThreadImpl = {
virTLSMutexUnlock,
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
};
-#endif
+#endif /* WITH_GNUTLS_GCRYPT */
/* Helper macros to implement VIR_DOMAIN_DEBUG using just C99. This
* assumes you pass fewer than 15 arguments to VIR_DOMAIN_DEBUG, but
@@ -407,7 +409,7 @@ virGlobalInit(void)
virErrorInitialize() < 0)
goto error;
-#ifdef WITH_GNUTLS
+#ifdef WITH_GNUTLS_GCRYPT
/*
* This sequence of API calls it copied exactly from
* gnutls 2.12.23 source lib/gcrypt/init.c, with
--
1.8.3.1
11 years, 3 months
[libvirt] [PATCH 1/1] cpu: Fix one compile error for PPC.
by Li Zhang
From: Li Zhang <zhlcindy(a)linux.vnet.ibm.com>
CPU data structure is refined, which causes one compile error for PPC.
Signed-off-by: Li Zhang <zhlcindy(a)linux.vnet.ibm.com>
---
src/cpu/cpu_powerpc.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/cpu/cpu_powerpc.c b/src/cpu/cpu_powerpc.c
index 62437d3..55a4153 100644
--- a/src/cpu/cpu_powerpc.c
+++ b/src/cpu/cpu_powerpc.c
@@ -354,15 +354,15 @@ ppcDataFree(virCPUDataPtr data)
static virCPUDataPtr
ppcNodeData(void)
{
- virCPUDataPtr data;
+ virCPUDataPtr cpuData;
- if (VIR_ALLOC(data) < 0)
+ if (VIR_ALLOC(cpuData) < 0)
return NULL;
asm("mfpvr %0"
- : "=r" (data->ppc.pvr));
+ : "=r" (cpuData->data.ppc.pvr));
- return data;
+ return cpuData;
}
#endif
--
1.8.1.4
11 years, 3 months
[libvirt] Use flock() instead of fcntl()
by David Weber
Hi,
we are interested in using virtlockd on an OCFS2 shared filesystem.
We are now facing the problem that virtlockd uses fcntl() locks which
aren't supported by OCFS2 with the o2cb cluster stack and we want
to avoid using indirect leases.
OCFS2 instead supports flock() which is quite similar to fcntl(). I
attached a patch which makes libvirt use flock() *instead* of fcntl()
and it seems to work.
NFS on the contrast only supports fcntl() so it should be configurable
which lock type to use.
I'm not very experienced with locking, so would such a patch be
acceptable or do you see possible problems with it?
Cheers,
David
>From b823a9a9bd60a870d64341c4273c42d4eeba8d9b Mon Sep 17 00:00:00 2001
From: David Weber <wb(a)munzinger.de>
Date: Thu, 25 Jul 2013 08:20:20 +0000
Subject: [PATCH] Use flock() instead of fcntl()
---
src/util/virfile.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/util/virfile.c b/src/util/virfile.c
index 8f0eec3..e243c26 100644
--- a/src/util/virfile.c
+++ b/src/util/virfile.c
int virFileLock(int fd, bool shared, off_t start, off_t len)
.l_len = len,
};
- if (fcntl(fd, F_SETLK, &fl) < 0)
+ if (flock(fd, LOCK_EX | LOCK_NB) < 0)
return -errno;
return 0;
int virFileUnlock(int fd, off_t start, off_t len)
.l_len = len,
};
- if (fcntl(fd, F_SETLK, &fl) < 0)
+ if (flock(fd, LOCK_UN) < 0)
return -errno;
return 0;
--
1.8.1.5
11 years, 3 months
[libvirt] [PATCH] build: fix VPATH 'make check'
by Eric Blake
A VPATH build 'make check' was failing with:
GEN check-driverimpls
Can't open ../../src/../../src/lxc/lxc_monitor_protocol.h: No such file or directory at ../../src/check-driverimpls.pl line 29, <> line 27153.
Can't open ../../src/../../src/lxc/lxc_monitor_protocol.c: No such file or directory at ../../src/check-driverimpls.pl line 29, <> line 27153.
...
GEN check-aclrules
cannot read ../../src/../../src/remote/remote_protocol.x at ../../src/check-aclrules.pl line 128.
because $(srcdir) was being prepended to file names that already
included it.
* src/Makefile.am (check-driverimpls): Don't add srcdir twice.
Signed-off-by: Eric Blake <eblake(a)redhat.com>
---
Pushing under the build-breaker rule.
src/Makefile.am | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/Makefile.am b/src/Makefile.am
index 84372cb..62e427e 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -499,11 +499,13 @@ STATEFUL_DRIVER_SOURCE_FILES = \
check-driverimpls:
$(AM_V_GEN)$(PERL) $(srcdir)/check-driverimpls.pl \
$(filter /%,$(DRIVER_SOURCE_FILES)) \
- $(addprefix $(srcdir)/,$(filter-out /%,$(DRIVER_SOURCE_FILES)))
+ $(filter $(srcdir)/%,$(DRIVER_SOURCE_FILES)) \
+ $(addprefix $(srcdir)/,$(filter-out $(srcdir)/%, \
+ $(filter-out /%,$(DRIVER_SOURCE_FILES))))
check-aclrules:
$(AM_V_GEN)$(PERL) $(srcdir)/check-aclrules.pl \
- $(addprefix $(srcdir)/,$(filter-out /%,$(REMOTE_PROTOCOL))) \
+ $(REMOTE_PROTOCOL) \
$(addprefix $(srcdir)/,$(filter-out /%,$(STATEFUL_DRIVER_SOURCE_FILES)))
EXTRA_DIST += check-driverimpls.pl check-aclrules.pl
--
1.8.3.1
11 years, 3 months
[libvirt] [PATCH] python: Drop TODO
by Cole Robinson
File hasn't been really touched for 7 years. And with recent rawhide
changes it contributed to an RPM build failure. Let's drop it.
This also removes installation of a libvirt-python doc dir, so drop
handling of it from the RPM spec.
---
libvirt.spec.in | 7 -------
python/Makefile.am | 7 -------
python/TODO | 6 ------
3 files changed, 20 deletions(-)
delete mode 100644 python/TODO
diff --git a/libvirt.spec.in b/libvirt.spec.in
index e0e0004..81101e8 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -1440,12 +1440,6 @@ rm -f $RPM_BUILD_ROOT%{_datadir}/augeas/lenses/libvirtd_lxc.aug
rm -f $RPM_BUILD_ROOT%{_datadir}/augeas/lenses/tests/test_libvirtd_lxc.aug
%endif
-%if ! %{with_python}
-rm -rf $RPM_BUILD_ROOT%{_datadir}/doc/libvirt-python-%{version}
-%else
-rm -rf $RPM_BUILD_ROOT%{_datadir}/doc/libvirt-python-%{version}/examples
-%endif
-
%if ! %{with_qemu}
rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/libvirt/qemu.conf
rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/libvirtd.qemu
@@ -2060,7 +2054,6 @@ fi
%{_libdir}/python*/site-packages/libvirt_lxc.py*
%{_libdir}/python*/site-packages/libvirtmod*
%doc python/tests/*.py
-%doc python/TODO
%doc examples/python
%doc examples/domain-events/events-python
%endif
diff --git a/python/Makefile.am b/python/Makefile.am
index 9e957d1..7eb42c6 100644
--- a/python/Makefile.am
+++ b/python/Makefile.am
@@ -31,10 +31,6 @@ INCLUDES = \
AM_CFLAGS = $(WARN_CFLAGS)
-DOCS_DIR = $(datadir)/doc/libvirt-python-$(VERSION)
-
-DOCS = ${srcdir}/TODO
-
CLASSES_EXTRA = \
libvirt-override-virConnect.py \
libvirt-override-virDomain.py \
@@ -152,9 +148,6 @@ install-data-local:
$(INSTALL) -m 0644 libvirt.py $(DESTDIR)$(pyexecdir)
$(INSTALL) -m 0644 libvirt_lxc.py $(DESTDIR)$(pyexecdir)
$(INSTALL) -m 0644 libvirt_qemu.py $(DESTDIR)$(pyexecdir)
- $(mkinstalldirs) $(DESTDIR)$(DOCS_DIR)
- @(for doc in $(DOCS) ; \
- do $(INSTALL) -m 0644 $$doc $(DESTDIR)$(DOCS_DIR) ; done)
uninstall-local:
rm -f $(DESTDIR)$(pyexecdir)/libvirt.py
diff --git a/python/TODO b/python/TODO
deleted file mode 100644
index 4627482..0000000
--- a/python/TODO
+++ /dev/null
@@ -1,6 +0,0 @@
-- Need to complete, add custom wrapper function for those
- which could not be handled fully automatically
-- Check the names generated, iD is bad, fix the name generation routine
-- add examples, web page and python based test suite
-
-Daniel Veillard
--
1.8.3.1
11 years, 3 months
[libvirt] [PATCH 0/3] qemu: libvirt RDMA live migration support
by mrhines@linux.vnet.ibm.com
From: "Michael R. Hines" <mrhines(a)us.ibm.com>
QEMU has in tree now planned for 1.6 support for RDMA-based live migration.
Changes to libvirt:
1. QEMU has a new 'setup' phase in their state machine.
2. Expose the 'x-rdma' migration protocol URI.
3. Expose the 'x-rdma-pin-all' capability for pre-registration of memory.
Michael R. Hines (3):
qemu: handle new 'setup' migration state
qemu: RDMA migration support using 'x-rdma' URI
qemu: memory pre-pinning support for RDMA migration
include/libvirt/libvirt.h.in | 3 +
src/qemu/qemu_capabilities.c | 7 +++
src/qemu/qemu_capabilities.h | 4 ++
src/qemu/qemu_command.c | 8 +++
src/qemu/qemu_migration.c | 131 ++++++++++++++++++++++++++++++++++++------
src/qemu/qemu_migration.h | 3 +-
src/qemu/qemu_monitor.c | 7 ++-
src/qemu/qemu_monitor.h | 13 +++++
src/qemu/qemu_monitor_json.c | 18 ++++++
tools/virsh-domain.c | 7 +++
10 files changed, 178 insertions(+), 23 deletions(-)
--
1.7.10.4
11 years, 3 months
[libvirt] [PATCH 0/2] Rework client connection handling
by Michal Privoznik
There are few cases where users don't want to raise 'max_client', but are doing
many concurrent connection and don't want them to fail too. However, we are
currently accept()-ing the incoming request even though we have reached the
limit. If that's the case, error is reported and connection is thrown away.
Gross. What about leaving the requests we know we can't handle yet in the
listen() queue and accepting only those we know we can handle?
For more info see:
https://bugzilla.redhat.com/show_bug.cgi?id=981729
Michal Privoznik (2):
RPC: Don't accept client if it would overcommit max_clients
Introduce max_queued_clients
daemon/libvirtd-config.c | 1 +
daemon/libvirtd-config.h | 1 +
daemon/libvirtd.aug | 1 +
daemon/libvirtd.c | 4 ++++
daemon/libvirtd.conf | 6 ++++++
src/locking/lock_daemon.c | 2 +-
src/lxc/lxc_controller.c | 1 +
src/rpc/virnetserver.c | 40 ++++++++++++++++++++++++++++++++++++++++
src/rpc/virnetserverservice.c | 15 +++++++++++++--
src/rpc/virnetserverservice.h | 6 ++++++
10 files changed, 74 insertions(+), 3 deletions(-)
--
1.8.1.5
11 years, 3 months
[libvirt] Entering freeze for libvirt-1.1.1
by Daniel Veillard
As planned I tagged the release candidate 1 for libvirt 1.1.1 in git,
I also made tarball and rpms available on the ftp:
ftp://libvirt.org/libvirt/
There is still some patches not completely ready after initial review
it is probably safe to push the simplest ones, but not big sets now.
Bug fixes are okay until final release obviously !
The release seems to work fine in my local testing (my fedora 19
crashed when shutdown a window guest, but that sounds like a kernel
problem). Goal is to release next tuesday,
please give it a try, and report problems :-)
thanks !
Daniel
--
Daniel Veillard | Open Source and Standards, Red Hat
veillard(a)redhat.com | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
http://veillard.com/ | virtualization library http://libvirt.org/
11 years, 3 months
[libvirt] [RFC] Image Fleecing for Libvirt (BZ 955734, 905125)
by Richard W.M. Jones
On Mon, Jul 15, 2013 at 05:57:12PM +0800, Fam Zheng wrote:
> Hi all,
>
> QEMU-KVM BZ 955734, and libvirt BZ 905125 are about feature "Read-only
> point-in-time throwaway snapshot". The development is ongoing on
> upstream, which implements the core functionality by QMP command
> drive-backup. I want to demonstrate the HMP/QMP commands here for image
> fleecing tasks (again) and make sure this interface looks ready and
> satisfying from Libvirt point of view.
>
> We get cheap point-in-time snapshot, and export it through built in NBD
> server, by commands described below:
>
> 1. qemu-img create -f qcow2 -o backing_file=RUNNING-VM.img BACKUP.qcow2
>
> (although the backing_file option is not honoured in the next step
> because we *override* backing file with an existing
> BlockDriverState, giving it here does no harm and also makes sure
> the created image is of right size.)
>
> 2. (HMP) drive_add backing=ide0-hd0,file=BACKUP.qcow2,id=target0,if=none
>
> (where ide0-hd0 is the running BlockDriverState name for
> RUNNING-VM.img)
>
> 3. (QMP) drive-backup device=ide0-hd0 mode=drive sync=none target=target0
>
> (NewImageMode 'drive' means target is looked up as a device id, sync
> mode 'none' means don't copy any data except copy-on-write the
> point in time snapshot data)
>
> 4. (QMP) nbd-server-add device=target0
>
> When image fleecing done:
>
> 1. (QMP) block-job-complete device=ide0-hd0
>
> 2. (HMP) drive_del target0
>
> 3. rm BACKUP.qcow2
>
> Note: HMP drive_add/drive_del has no counterpart in QMP now but a new
> command blockdev-add to do similar things is WIP, which can be an
> alternative in QMP flavor.
>
> Any comments are welcome!
>
> --
> Best regards,
> Fam Zheng
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Fedora Windows cross-compiler. Compile Windows programs, test, and
build Windows installers. Over 100 libraries supported.
http://fedoraproject.org/wiki/MinGW
11 years, 3 months
[libvirt] [PATCH] caps: use -device for primary video when qemu >=1.6
by Guannan Ren
https://bugzilla.redhat.com/show_bug.cgi?id=981094
The commit 0ad9025ef introduce qemu flag QEMU_CAPS_DEVICE_VIDEO_PRIMARY
for using -device VGA, -device cirrus-vga, -device vmware-svga and
-device qxl-vga. In use, for -device qxl-vga, mouse doesn't display
in guest window like the desciption in above bug.
This patch try to use -device for primary video when qemu >=1.6 which
is safe.
---
src/qemu/qemu_capabilities.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index 5dc3c9e..08406b8 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -1189,8 +1189,6 @@ virQEMUCapsComputeCmdFlags(const char *help,
virQEMUCapsSet(qemuCaps, QEMU_CAPS_VNC_SHARE_POLICY);
}
- if (version >= 1002000)
- virQEMUCapsSet(qemuCaps, QEMU_CAPS_DEVICE_VIDEO_PRIMARY);
return 0;
}
@@ -2424,7 +2422,6 @@ virQEMUCapsInitQMPBasic(virQEMUCapsPtr qemuCaps)
virQEMUCapsSet(qemuCaps, QEMU_CAPS_MACHINE_OPT);
virQEMUCapsSet(qemuCaps, QEMU_CAPS_DUMP_GUEST_CORE);
virQEMUCapsSet(qemuCaps, QEMU_CAPS_VNC_SHARE_POLICY);
- virQEMUCapsSet(qemuCaps, QEMU_CAPS_DEVICE_VIDEO_PRIMARY);
}
/* Capabilities that are architecture depending
@@ -2597,6 +2594,9 @@ virQEMUCapsInitQMP(virQEMUCapsPtr qemuCaps,
if (qemuCaps->version >= 1003001)
virQEMUCapsSet(qemuCaps, QEMU_CAPS_VNC_WEBSOCKET);
+ if (qemuCaps->version >= 1006000)
+ virQEMUCapsSet(qemuCaps, QEMU_CAPS_DEVICE_VIDEO_PRIMARY);
+
if (virQEMUCapsProbeQMPCommands(qemuCaps, mon) < 0)
goto cleanup;
if (virQEMUCapsProbeQMPEvents(qemuCaps, mon) < 0)
--
1.8.3.1
11 years, 3 months
