November 2014 - Devel - libvirt List Archives

[libvirt] [PATCH] qemu: Drop OVMF whitelist
by Michal Privoznik 01 Dec '14

01 Dec '14

As discussed on the upstream list, it's better not to make this kind of predictions in libvirt. It may happen that qemu learns how to enable OVMF on other architectures too and we shouldn't try to chase that. Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com> --- src/qemu/qemu_capabilities.c | 9 +++------ src/qemu/qemu_command.c | 10 ---------- 2 files changed, 3 insertions(+), 16 deletions(-) diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c index 4bd8a4d..56bd2d5 100644 --- a/src/qemu/qemu_capabilities.c +++ b/src/qemu/qemu_capabilities.c @@ -3628,7 +3628,6 @@ virQEMUCapsGetDefaultMachine(virQEMUCapsPtr qemuCaps) static int virQEMUCapsFillDomainLoaderCaps(virQEMUCapsPtr qemuCaps, virDomainCapsLoaderPtr capsLoader, - virArch arch, char **loader, size_t nloader) { @@ -3656,8 +3655,7 @@ virQEMUCapsFillDomainLoaderCaps(virQEMUCapsPtr qemuCaps, VIR_DOMAIN_CAPS_ENUM_SET(capsLoader->type, VIR_DOMAIN_LOADER_TYPE_ROM); - if (arch == VIR_ARCH_X86_64 && - virQEMUCapsGet(qemuCaps, QEMU_CAPS_DRIVE) && + if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_DRIVE) && virQEMUCapsGet(qemuCaps, QEMU_CAPS_DRIVE_FORMAT)) VIR_DOMAIN_CAPS_ENUM_SET(capsLoader->type, VIR_DOMAIN_LOADER_TYPE_PFLASH); @@ -3674,14 +3672,13 @@ virQEMUCapsFillDomainLoaderCaps(virQEMUCapsPtr qemuCaps, static int virQEMUCapsFillDomainOSCaps(virQEMUCapsPtr qemuCaps, virDomainCapsOSPtr os, - virArch arch, char **loader, size_t nloader) { virDomainCapsLoaderPtr capsLoader = &os->loader; os->device.supported = true; - if (virQEMUCapsFillDomainLoaderCaps(qemuCaps, capsLoader, arch, + if (virQEMUCapsFillDomainLoaderCaps(qemuCaps, capsLoader, loader, nloader) < 0) return -1; return 0; @@ -3777,7 +3774,7 @@ virQEMUCapsFillDomainCaps(virDomainCapsPtr domCaps, domCaps->maxvcpus = maxvcpus; - if (virQEMUCapsFillDomainOSCaps(qemuCaps, os, domCaps->arch, + if (virQEMUCapsFillDomainOSCaps(qemuCaps, os, loader, nloader) < 0 || virQEMUCapsFillDomainDeviceDiskCaps(qemuCaps, disk) < 0 || virQEMUCapsFillDomainDeviceHostdevCaps(qemuCaps, hostdev) < 0) diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index 3d62d11..8ed7934 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -7748,16 +7748,6 @@ qemuBuildDomainLoaderCommandLine(virCommandPtr cmd, break; case VIR_DOMAIN_LOADER_TYPE_PFLASH: - /* UEFI is supported only for x86_64 currently */ - if (def->os.arch != VIR_ARCH_X86_64 && - def->os.arch != VIR_ARCH_ARMV7L && - def->os.arch != VIR_ARCH_AARCH64) { - virReportError(VIR_ERR_CONFIG_UNSUPPORTED, - _("pflash is not supported for %s guest architecture"), - virArchToString(def->os.arch)); - goto cleanup; - } - if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_DRIVE)) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", _("this QEMU binary doesn't support -drive")); -- 2.0.4

3 2

[libvirt] [PATCH 0/2] Add device-related code for TPM and panic devices
by Martin Kletzander 01 Dec '14

01 Dec '14

TPM and panic devices were added without the foundation code for things like hot/cold-(un)plugging, ABI stability checking, etc. This series adds that device-related code in order to properly handle those devices, even though in some cases it just means outputting a better error message. Martin Kletzander (2): conf: Add device-related code for TPM devices conf: Add device-related code for panic devices src/conf/domain_conf.c | 126 ++++++++++++++++++++++++++++++++++++++++-------- src/conf/domain_conf.h | 7 +++ src/qemu/qemu_driver.c | 12 +++++ src/qemu/qemu_hotplug.c | 2 + 4 files changed, 128 insertions(+), 19 deletions(-) -- 2.1.3

2 5

[libvirt] [PATCH v1 0/5] Precreate storage on migration
by Michal Privoznik 01 Dec '14

01 Dec '14

Yet another attempt. One thing that I'm not sure about is, whether this functionality should be on by default or tunable via say flag to migrate APIs. Thing is, in my approach I require disks to be in a storage pool (see the last patch for reasoning). On the other hand, if users still precreate storage themselves, they won't see any failure if disks doesn't belong to any pool. So I'm undecided yet, thoughts? Michal Privoznik (5): qemu: Expose qemuOpenFile and qemuOpenFileAs qemu: Split qemuDomainGetBlockInfo storage: Introduce storagePoolLookupByPath qemu_migration: Send disk sizes to the other side qemu_migration: Precreate missing storage src/qemu/qemu_domain.c | 319 ++++++++++++++++++++++++++++++++++++++ src/qemu/qemu_domain.h | 16 ++ src/qemu/qemu_driver.c | 316 +------------------------------------- src/qemu/qemu_migration.c | 354 ++++++++++++++++++++++++++++++++++++++++--- src/storage/storage_driver.c | 36 +++++ src/storage/storage_driver.h | 4 + 6 files changed, 711 insertions(+), 334 deletions(-) -- 2.0.4

2 6

[libvirt] [PATCH 0/2] qemu: update jobinfo type if the job is not completed in qemuMigrationRun
by Wang Rui 01 Dec '14

01 Dec '14

In qemuMigrationRun the jobinfo type won't be updated until qemuMigrationWaitForCompletion. If migration is failed or cancelled before that(such as in qemuMigrationDriveMirror), we can't get the right jobinfo type. The following patches fix it. Wang Rui (2): qemu: set jobinfo type to CANCELLED if migration is cancelled in all conditions qemu: set jobinfo type to FAILED if job is failed in qemuMigrationRun src/qemu/qemu_migration.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) -- 1.7.12.4

2 7

[libvirt] systemd-cgroups-agent not working in containers
by Richard Weinberger 30 Nov '14

30 Nov '14

Hi! I run a Linux container setup with openSUSE 13.1/2 as guest distro. After some time containers slow down. An investigation showed that the containers slow down because a lot of stale user sessions slow down almost all systemd tools, mostly systemctl. loginctl reports many thousand sessions. All in state "closing". The vast majority of these sessions are from crond an ssh logins. It turned out that sessions are never closed and stay around. The control group of a said session contains zero tasks. So I started to explore why systemd keeps it. After another few hours of debugging I realized that systemd never issues the release signal from cgroups. Also calling the release agent by hand did not help. i.e. /usr/lib/systemd/systemd-cgroups-agent /user.slice/user-0.slice/session-c324.scope Therefore systemd never recognizes that a server/session has no more tasks and will close it. First I thought it is an issue in libvirt combined with user namespaces. But I can trigger this also without user namespaces and also with systemd-nspawn. Tested with systemd 208 and 210 from openSUSE, their packages have all known bugfixes. Any idea where to look further? How do you run the most current systemd on your distro? Thanks, //richard

5 7

[libvirt] [PATCH] conf: replace call to virNetworkFree() with virOjectUnref()
by Laine Stump 30 Nov '14

30 Nov '14

The function virNetworkObjListExport() in network_conf.c had a call to the public API virNetworkFree() which was causing a link error: CCLD libvirt_driver_vbox_network_impl.la ./.libs/libvirt_conf.a(libvirt_conf_la-network_conf.o): In function `virNetworkObjListExport': /home/laine/devel/libvirt/src/conf/network_conf.c:4496: undefined reference to `virNetworkFree' This would happen when I added #include "network_conf.h" into domain_conf.c, then attempted to call a new function from that file (and enum converter, similar to virNetworkForwardTypeToString()) In the end, virNetworkFree() ends up just calling virObjectUnref(obj) anyway (after clearing all pending errors, which we probably *don't* want to do in the cleanup of a utility function), so this is likely more correct than the original code as well. --- A quick look showed that there may be other places where we are calling public APIs such as virNetworkFree and virDomainFree when we really don't want to be clearning out the pending error - this would result in the good old "an error was encountered but the cause is unknown" type of log messages. It may warrant an audit... src/conf/network_conf.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/src/conf/network_conf.c b/src/conf/network_conf.c index 067334e..a249e32 100644 --- a/src/conf/network_conf.c +++ b/src/conf/network_conf.c @@ -4463,10 +4463,8 @@ virNetworkObjListExport(virConnectPtr conn, cleanup: if (tmp_nets) { - for (i = 0; i < nnets; i++) { - if (tmp_nets[i]) - virNetworkFree(tmp_nets[i]); - } + for (i = 0; i < nnets; i++) + virObjectUnref(tmp_nets[i]); } VIR_FREE(tmp_nets); -- 1.9.3

3 2

[libvirt] [PATCH] Doc: some small issue in the document
by Luyao Huang 30 Nov '14

30 Nov '14

When i pasted some xml from libvirt.org, i found some small mistake. Signed-off-by: Luyao Huang <lhuang(a)redhat.com> --- docs/formatdomain.html.in | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in index 9c1d0f4..c08b244 100644 --- a/docs/formatdomain.html.in +++ b/docs/formatdomain.html.in @@ -3871,7 +3871,7 @@ <source> <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x0'/> </source> - <mac address='52:54:00:6d:90:02'> + <mac address='52:54:00:6d:90:02'/> <virtualport type='802.1Qbh'> <parameters profileid='finance'/> </virtualport> @@ -3898,7 +3898,7 @@ ... <devices> <interface type='mcast'> - <mac address='52:54:00:6d:90:01'> + <mac address='52:54:00:6d:90:01'/> <source address='230.0.0.1' port='5558'/> </interface> </devices> @@ -4772,11 +4772,11 @@ qemu-kvm -net nic,model=? /dev/null <source path='/dev/pts/3'/> <target port='0'/> </serial> - <serial type='file> + <serial type='file'> <source path='/tmp/file'> <seclabel model='dac' relabel='no'/> </source> - <target port='0'> + <target port='0'/> </serial> <console type='pty'> <source path='/dev/pts/4'/> -- 1.8.3.1

2 1

Re: [libvirt] [GIT PULL] namespace updates for v3.17-rc1
by Richard Weinberger 29 Nov '14

29 Nov '14

On Wed, Aug 6, 2014 at 2:57 AM, Eric W. Biederman <ebiederm(a)xmission.com> wrote: > > Linus, > > Please pull the for-linus branch from the git tree: > > git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace.git for-linus > > HEAD: 344470cac42e887e68cfb5bdfa6171baf27f1eb5 proc: Point /proc/mounts at /proc/thread-self/mounts instead of /proc/self/mounts > > This is a bunch of small changes built against 3.16-rc6. The most > significant change for users is the first patch which makes setns > drmatically faster by removing unneded rcu handling. > > The next chunk of changes are so that "mount -o remount,.." will not > allow the user namespace root to drop flags on a mount set by the system > wide root. Aks this forces read-only mounts to stay read-only, no-dev > mounts to stay no-dev, no-suid mounts to stay no-suid, no-exec mounts to > stay no exec and it prevents unprivileged users from messing with a > mounts atime settings. I have included my test case as the last patch > in this series so people performing backports can verify this change > works correctly. > > The next change fixes a bug in NFS that was discovered while auditing > nsproxy users for the first optimization. Today you can oops the kernel > by reading /proc/fs/nfsfs/{servers,volumes} if you are clever with pid > namespaces. I rebased and fixed the build of the !CONFIG_NFS_FS case > yesterday when a build bot caught my typo. Given that no one to my > knowledge bases anything on my tree fixing the typo in place seems more > responsible that requiring a typo-fix to be backported as well. > > The last change is a small semantic cleanup introducing > /proc/thread-self and pointing /proc/mounts and /proc/net at it. This > prevents several kinds of problemantic corner cases. It is a > user-visible change so it has a minute chance of causing regressions so > the change to /proc/mounts and /proc/net are individual one line commits > that can be trivially reverted. Unfortunately I lost and could not find > the email of the original reporter so he is not credited. From at least > one perspective this change to /proc/net is a refgression fix to allow > pthread /proc/net uses that were broken by the introduction of the network > namespace. > > Eric > > Eric W. Biederman (11): > namespaces: Use task_lock and not rcu to protect nsproxy > mnt: Only change user settable mount flags in remount > mnt: Move the test for MNT_LOCK_READONLY from change_mount_flags into do_remount > mnt: Correct permission checks in do_remount This commit breaks libvirt-lxc. libvirt does in lxcContainerMountBasicFS(): /* * We can't immediately set the MS_RDONLY flag when mounting filesystems * because (in at least some kernel versions) this will propagate back * to the original mount in the host OS, turning it readonly too. Thus * we mount the filesystem in read-write mode initially, and then do a * separate read-only bind mount on top of that. */ bindOverReadonly = !!(mnt_mflags & MS_RDONLY); VIR_DEBUG("Mount %s on %s type=%s flags=%x", mnt_src, mnt->dst, mnt->type, mnt_mflags & ~MS_RDONLY); if (mount(mnt_src, mnt->dst, mnt->type, mnt_mflags & ~MS_RDONLY, NULL) < 0) { ^^^^ Here it fails for sysfs because with user namespaces we bind the existing /sys into the container and would have to read out all existing mount flags from the current /sys mount. Otherwise mount() fails with EPERM. On my test system /sys is mounted with "rw,nosuid,nodev,noexec,relatime" and libvirt misses the realtime... virReportSystemError(errno, _("Failed to mount %s on %s type %s flags=%x"), mnt_src, mnt->dst, NULLSTR(mnt->type), mnt_mflags & ~MS_RDONLY); goto cleanup; } if (bindOverReadonly && mount(mnt_src, mnt->dst, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY, NULL) < 0) { ^^^ Here it fails because now we'd have to specify all flags as used for the first mount. For the procfs case MS_NOSUID|MS_NOEXEC|MS_NODEV. See lxcBasicMounts[]. In this case the fix is easy, add mnt_mflags to the mount flags. virReportSystemError(errno, _("Failed to re-mount %s on %s flags=%x"), mnt_src, mnt->dst, MS_BIND|MS_REMOUNT|MS_RDONLY); goto cleanup; } -- Thanks, //richard

5 12

[libvirt] [PATCH] docs: fix simple typo in TPM paragraph
by Martin Kletzander 28 Nov '14

28 Nov '14

Signed-off-by: Martin Kletzander <mkletzan(a)redhat.com> --- Pushed under the 'super-trivial' rule. docs/formatdomain.html.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in index 9c1d0f4..46b5b19 100644 --- a/docs/formatdomain.html.in +++ b/docs/formatdomain.html.in @@ -5596,7 +5596,7 @@ qemu-kvm -net nic,model=? /dev/null The TPM passthrough device type provides access to the host's TPM - for one QEMU guest. No other software may be is using the TPM device, + for one QEMU guest. No other software may be using the TPM device, typically /dev/tpm0, at the time the QEMU guest is started. 'passthrough' since 1.0.5 -- 2.1.3

2 1

[libvirt] [PATCH v3 00/12] parallels: rewrite driver with parallels SDK
by Dmitry Guryanov 28 Nov '14

28 Nov '14

This patch series replaces all code, which used prlctl command to interact with parallels cloud server with calls to parallels sdk functions. The model of this driver remain almost the same - in creates a list of virDomainObj objects on connect and then functions, which returns different information get info from this list. Changes in v2: * Rebase to latest libvirt sources * Use only "parallels" prefix for functions in parallelsDriver, so that make check will pass * Update privconn->domains in case we change something from current connection. Changes in v3: * in parallels: get domain info with SDK: replace + case VIR_ARCH_X86_64: with + case PCM_CPU_MODE_64: * in parallels: handle events from parallels server fix make syntax-check error in: + if (PRL_FAILED(ret)) { + logPrlError(ret); + } * in rewrite parallelsApplyConfig with SDK: in prlsdkApplyConfig function, don't commit changes if there is an error in parallelsDoApplyConfig * in parallels: create VMs and containers with sdk Handle error from parallelsDoApplyConfig in prlsdkCreateVm. Alexander Burluka (4): parallels: get domain info with SDK parallels: handle events from parallels server parallels: added function virDomainIsActive() parallels: Add domainCreateWithFlags() function. Dmitry Guryanov (8): parallels: move IS_CT macro to parallels_utils.h parallels: move parallelsDomNotFoundError to parallels_utils.h parallels: reimplement functions, which change domain state parallels: rewrite parallelsApplyConfig with SDK parallels: create VMs and containers with sdk parallels: refactor parallelsDomainDefineXML parallels: add cdroms support parallels: implement domainUndefine and domainUndefineFlags src/parallels/parallels_driver.c | 2456 ++++++++------------------------------ src/parallels/parallels_sdk.c | 2454 +++++++++++++++++++++++++++++++++++++ src/parallels/parallels_sdk.h | 25 + src/parallels/parallels_utils.h | 11 + 4 files changed, 2960 insertions(+), 1986 deletions(-) -- 1.9.3

3 28