[libvirt] [PATCH] qemu: Auto generate a controller when attach hostdev and chr device
by Luyao Huang
https://bugzilla.redhat.com/show_bug.cgi?id=1174154
When we use attach-device add a hostdev or chr device which have a
iscsi address or others (just like guest agent, subsys iscsi disk...),
we will find there is no basic controller for our new attached device.
Somtimes this will make guest cannot start after we add them (although
they can start at the second time).
Signed-off-by: Luyao Huang <lhuang(a)redhat.com>
---
src/qemu/qemu_driver.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index df3ba6d..62fb784 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -7250,6 +7250,8 @@ qemuDomainAttachDeviceConfig(virQEMUCapsPtr qemuCaps,
if (virDomainHostdevInsert(vmdef, hostdev))
return -1;
dev->data.hostdev = NULL;
+ if (virDomainDefAddImplicitControllers(vmdef) < 0)
+ return -1;
if (qemuDomainAssignAddresses(vmdef, qemuCaps, NULL) < 0)
return -1;
break;
@@ -7290,6 +7292,8 @@ qemuDomainAttachDeviceConfig(virQEMUCapsPtr qemuCaps,
if (qemuDomainChrInsert(vmdef, dev->data.chr) < 0)
return -1;
dev->data.chr = NULL;
+ if (virDomainDefAddImplicitControllers(vmdef) < 0)
+ return -1;
break;
case VIR_DOMAIN_DEVICE_FS:
--
1.8.3.1
9 years, 11 months
[libvirt] [PATCH V2 0/3] qemu: support update graphic device persistently
by Wang Rui
We can change vnc password by using virDomainUpdateDeviceFlags API with
live flag. But it can't be changed with config flag.
v1: https://www.redhat.com/archives/libvir-list/2014-November/msg00627.html
diff to v1:
according to Jan's suggestion,
1. (patch 1/3) change error number to VIR_ERR_OPERATION_UNSUPPORTED
2. (patch 3/3) add 'VIR_DOMAIN_XML_SECURE' to flags in initialization.
3. (patch 3/3) Introduce a new function qemuDomainFindGraphicsIndex.
Free the old graphics def and replace it with the new one as what
we did for DEVICE_NET.
Wang Rui (3):
qemu: report properer error number when change graphics failed
qemu: fix alignment of qemuDomainFindGraphics
qemu: make persistent update of graphics device supported
src/conf/domain_conf.c | 2 +-
src/qemu/qemu_driver.c | 18 +++++++++++++++++-
src/qemu/qemu_hotplug.c | 36 ++++++++++++++++++++++++------------
src/qemu/qemu_hotplug.h | 2 ++
4 files changed, 44 insertions(+), 14 deletions(-)
--
1.7.12.4
9 years, 11 months
[libvirt] [PATCH] conf: fix virDomainLeaseIndex cannot work when both parameter have lockspaces present
by Luyao Huang
https://bugzilla.redhat.com/show_bug.cgi?id=1174096
When both parameter have lockspaces present, virDomainLeaseIndex
will always -1 even there is a lease the same with the one we check.
I think we shouldn't do 'continue' when the two lockspaces are the same.
Signed-off-by: Luyao Huang <lhuang(a)redhat.com>
---
src/conf/domain_conf.c | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 5cf0b1a..f36affc 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -11667,13 +11667,14 @@ int virDomainLeaseIndex(virDomainDefPtr def,
for (i = 0; i < def->nleases; i++) {
vlease = def->leases[i];
- /* Either both must have lockspaces present which match.. */
- if (vlease->lockspace && lease->lockspace &&
- STRNEQ(vlease->lockspace, lease->lockspace))
- continue;
+ /* Either both must have lockspaces present which match.. */
+ if (vlease->lockspace && lease->lockspace) {
+ if (STRNEQ(vlease->lockspace, lease->lockspace))
+ continue;
/* ...or neither must have a lockspace present */
- if (vlease->lockspace || lease->lockspace)
+ } else if (vlease->lockspace || lease->lockspace)
continue;
+
if (STREQ(vlease->key, lease->key))
return i;
}
--
1.8.3.1
9 years, 11 months
[libvirt] [PATCH] xenconfig: fix boot device parsing
by Wei Liu
The original code always checked *boot which was in effect boot[0]. It
should use boot[i].
Signed-off-by: Wei Liu <wei.liu2(a)citrix.com>
---
src/xenconfig/xen_common.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/xenconfig/xen_common.c b/src/xenconfig/xen_common.c
index 7f4ec89..48431a7 100644
--- a/src/xenconfig/xen_common.c
+++ b/src/xenconfig/xen_common.c
@@ -1071,7 +1071,7 @@ xenParseOS(virConfPtr conf, virDomainDefPtr def)
return -1;
for (i = 0; i < VIR_DOMAIN_BOOT_LAST && boot[i]; i++) {
- switch (*boot) {
+ switch (boot[i]) {
case 'a':
def->os.bootDevs[i] = VIR_DOMAIN_BOOT_FLOPPY;
break;
--
1.7.10.4
9 years, 11 months
[libvirt] [PATCH] conf: fix crash when match a network iscsi hostdev with a host iscsi hostdev
by Luyao Huang
https://bugzilla.redhat.com/show_bug.cgi?id=1174053
When we use attach-device to coldplug a network iscsi hostdev,
libvirt will check if there is already a device in XML. But if
the 'b' is a host iscsi hostdev and 'a' is a network iscsi hostdev
, libvirtd will crash in virDomainHostdevMatchSubsysSCSIiSCSI,
because 'b' doesn't have a hostname.
Add a check in virDomainHostdevMatchSubsys, if the a's protocol
and b's protocol is not the same.
backtrace like this:
0 0x00007f850d6bc307 in virDomainHostdevMatchSubsysSCSIiSCSI at conf/domain_conf.c:10889
1 virDomainHostdevMatchSubsys at conf/domain_conf.c:10911
2 virDomainHostdevMatch at conf/domain_conf.c:10973
3 virDomainHostdevFind at conf/domain_conf.c:10998
4 0x00007f84f6a10560 in qemuDomainAttachDeviceConfig at qemu/qemu_driver.c:7223
5 qemuDomainAttachDeviceFlags at qemu/qemu_driver.c:7554
Signed-off-by: Luyao Huang <lhuang(a)redhat.com>
---
src/conf/domain_conf.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 5cf0b1a..eb63c93 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -11184,7 +11184,9 @@ static int
virDomainHostdevMatchSubsys(virDomainHostdevDefPtr a,
virDomainHostdevDefPtr b)
{
- if (a->source.subsys.type != b->source.subsys.type)
+ if (a->source.subsys.type != b->source.subsys.type ||
+ (a->source.subsys.type == VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_SCSI &&
+ a->source.subsys.u.scsi.protocol != b->source.subsys.u.scsi.protocol))
return 0;
switch (a->source.subsys.type) {
--
1.8.3.1
9 years, 11 months
[libvirt] [PATCH 01/10] parallels: support NULL virDomainVideoAccelDefPtr
by Dmitry Guryanov
I support if virDomainVideoAccelDefPtr is NULL it means
default values for video acceleration. So we don't need
to report error.
---
src/parallels/parallels_sdk.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/parallels/parallels_sdk.c b/src/parallels/parallels_sdk.c
index 0b05bc1..0980f50 100644
--- a/src/parallels/parallels_sdk.c
+++ b/src/parallels/parallels_sdk.c
@@ -2029,7 +2029,7 @@ static int prlsdkCheckVideoUnsupportedParams(virDomainDefPtr def)
return -1;
}
- if (v->accel == NULL || v->accel->support2d || v->accel->support3d) {
+ if (v->accel != NULL && (v->accel->support2d || v->accel->support3d)) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
_("Parallels Cloud Server doesn't support "
"setting video acceleration parameters."));
--
2.1.0
9 years, 11 months
[libvirt] [PATCH] fix typo in sanlock driver s/VIR_CONF_UONG/VIR_CONF_ULONG/
by Daniel P. Berrange
fix typo introduced in previous commit
Pushed as build-breaker fix
---
src/locking/lock_driver_sanlock.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/locking/lock_driver_sanlock.c b/src/locking/lock_driver_sanlock.c
index b24e910..60f305c 100644
--- a/src/locking/lock_driver_sanlock.c
+++ b/src/locking/lock_driver_sanlock.c
@@ -141,7 +141,7 @@ static int virLockManagerSanlockLoadConfig(const char *configFile)
}
p = virConfGetValue(conf, "host_id");
- CHECK_TYPE("host_id", VIR_CONF_UONG);
+ CHECK_TYPE("host_id", VIR_CONF_ULONG);
if (p) driver->hostID = p->l;
p = virConfGetValue(conf, "require_lease_for_disks");
--
2.1.0
9 years, 11 months
[libvirt] [PATCH 0/3] Fix starting/stopping of netdevs when starting/stopping CPUs
by Laine Stump
The first two patches provide a cleaner, more complete fix to a fix
that was recently pushed for
https://bugzilla.redhat.com/show_bug.cgi?id=1081461
While the original patch does fix the symptoms in the report, applying
these two additional patches handle some situations that weren't
addressed by the original.
Patch 3 fixes a similar problem with tap devices when the newly added
macTableManager='libvirt' is used. It should make migration of guests
with this new type of network connection work properly with no loss of
network connectivity (including once post-copy migration is working).
Laine Stump (3):
qemu: always call qemuInterfaceStartDevices() when starting CPUs
qemu: add a qemuInterfaceStopDevices(), called when guest CPUs stop
qemu: add/remove bridge fdb entries as guest CPUs are started/stopped
src/qemu/qemu_command.c | 10 ++----
src/qemu/qemu_hotplug.c | 8 +++++
src/qemu/qemu_interface.c | 92 +++++++++++++++++++++++++++++++++++++++++++++++
src/qemu/qemu_interface.h | 2 ++
src/qemu/qemu_process.c | 7 ++--
5 files changed, 109 insertions(+), 10 deletions(-)
--
1.9.3
9 years, 11 months
[libvirt] libseccomp and KVM
by Raymond Durand
How is libseccomp used/enabled/configured with KVM/QEMU Hypervisor?
Does it need a system call profiling per VMs?
Regards,
9 years, 11 months
[libvirt] [PATCHv2] lxc: give RW access to /proc/sys/net/ipv[46] to containers
by Cédric Bosdonnat
Some programs want to change some values for the network interfaces
configuration in /proc/sys/net/ipv[46] folders. Giving RW access on them
allows wicked to work on openSUSE 13.2+.
In order to mount those folders RW but keep the rest of /proc/sys RO,
we add temporary mounts for these folders before bind-mounting
/proc/sys. Those mounts will be skipped if the container doesn't have
its own network namespace.
It may happen that one of the temporary mounts in /proc/ filesystem
isn't available due to a missing kernel feature. We need not to fail
in that case.
---
Diffs to v1:
* Only mount the /proc/sys/net/ipv[46] if the container has its own netns
* Don't test for the existence of files in /proc before mounting them: they
may not be ready when checking. Instead try to mount them and skip them if
the source doesn't exist.
* Use existing lxcNeedNetworkNamespace to tell lxcContainerMountBasicFS if we
have our own netns: at least we now have the proper value.
src/lxc/lxc_container.c | 153 ++++++++++++++++++++++++++++++++++++++----------
1 file changed, 121 insertions(+), 32 deletions(-)
diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c
index 3b08b86..140d54f 100644
--- a/src/lxc/lxc_container.c
+++ b/src/lxc/lxc_container.c
@@ -800,15 +800,21 @@ typedef struct {
int mflags;
bool skipUserNS;
bool skipUnmounted;
+ bool skipNoPrivNet;
+ bool temporary;
} virLXCBasicMountInfo;
static const virLXCBasicMountInfo lxcBasicMounts[] = {
- { "proc", "/proc", "proc", MS_NOSUID|MS_NOEXEC|MS_NODEV, false, false },
- { "/proc/sys", "/proc/sys", NULL, MS_BIND|MS_RDONLY, false, false },
- { "sysfs", "/sys", "sysfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, false, false },
- { "securityfs", "/sys/kernel/security", "securityfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, true, true },
+ { "proc", "/proc", "proc", MS_NOSUID|MS_NOEXEC|MS_NODEV, false, false, false, false },
+ { "/proc/sys/net/ipv4", "TMP1", NULL, MS_BIND, false, false, true, true },
+ { "/proc/sys/net/ipv6", "TMP2", NULL, MS_BIND, false, false, true, true },
+ { "/proc/sys", "/proc/sys", NULL, MS_BIND|MS_RDONLY, false, false, false, false },
+ { "TMP1", "/proc/sys/net/ipv4", NULL, MS_BIND, false, false, true, false },
+ { "TMP2", "/proc/sys/net/ipv6", NULL, MS_BIND, false, false, true, false },
+ { "sysfs", "/sys", "sysfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, false, false, false, false },
+ { "securityfs", "/sys/kernel/security", "securityfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, true, true, false, false },
#if WITH_SELINUX
- { SELINUX_MOUNT, SELINUX_MOUNT, "selinuxfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, true, true },
+ { SELINUX_MOUNT, SELINUX_MOUNT, "selinuxfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, true, true, false, false },
#endif
};
@@ -885,14 +891,23 @@ static int lxcContainerSetReadOnly(void)
static int lxcContainerMountBasicFS(bool userns_enabled,
bool netns_disabled)
{
- size_t i;
+ size_t i, j;
int rc = -1;
char* mnt_src = NULL;
+ char* mnt_dst = NULL;
int mnt_mflags;
+ char **tmpkeys = NULL;
+ char **tmppaths = NULL;
+ size_t nmounts = ARRAY_CARDINALITY(lxcBasicMounts);
VIR_DEBUG("Mounting basic filesystems");
- for (i = 0; i < ARRAY_CARDINALITY(lxcBasicMounts); i++) {
+ if (VIR_ALLOC_N(tmpkeys, nmounts) < 0 ||
+ VIR_ALLOC_N(tmppaths, nmounts) < 0) {
+ goto cleanup;
+ }
+
+ for (i = 0; i < nmounts; i++) {
bool bindOverReadonly;
virLXCBasicMountInfo const *mnt = &lxcBasicMounts[i];
@@ -906,11 +921,41 @@ static int lxcContainerMountBasicFS(bool userns_enabled,
goto cleanup;
mnt_mflags = MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY|MS_BIND;
} else {
- if (VIR_STRDUP(mnt_src, mnt->src) < 0)
+ bool foundKey = false;
+ /* Look for potential temporary folder match */
+ for (j = 0; j < i; j++) {
+ if (STREQ_NULLABLE(mnt->src, tmpkeys[j])) {
+ /* We found the key without path: skip */
+ foundKey = true;
+ if (tmppaths[j] && VIR_STRDUP(mnt_src, tmppaths[j]) < 0)
+ goto cleanup;
+ break;
+ }
+ }
+ if (foundKey && !mnt_src)
+ continue;
+ if (!mnt_src && VIR_STRDUP(mnt_src, mnt->src) < 0)
goto cleanup;
mnt_mflags = mnt->mflags;
}
+ if (mnt->temporary) {
+ char tmppath[] = "/tmp/mount-XXXXXX";
+ if (mkdtemp(tmppath) == NULL) {
+ virReportSystemError(errno,
+ _("Failed to create temporary folder %s"),
+ tmppath);
+ }
+ if (VIR_STRDUP(tmppaths[i], tmppath) < 0 ||
+ VIR_STRDUP(tmpkeys[i], mnt->dst) < 0 ||
+ VIR_STRDUP(mnt_dst, tmppath) < 0) {
+ goto cleanup;
+ }
+ } else {
+ if (VIR_STRDUP(mnt_dst, mnt->dst) < 0)
+ goto cleanup;
+ }
+
VIR_DEBUG("Processing %s -> %s",
mnt_src, mnt->dst);
@@ -930,6 +975,7 @@ static int lxcContainerMountBasicFS(bool userns_enabled,
VIR_DEBUG("Skipping '%s' which isn't mounted in host",
mnt->dst);
VIR_FREE(mnt_src);
+ VIR_FREE(mnt_dst);
continue;
}
}
@@ -937,13 +983,21 @@ static int lxcContainerMountBasicFS(bool userns_enabled,
if (mnt->skipUserNS && userns_enabled) {
VIR_DEBUG("Skipping due to user ns enablement");
VIR_FREE(mnt_src);
+ VIR_FREE(mnt_dst);
+ continue;
+ }
+
+ if (mnt->skipNoPrivNet && netns_disabled) {
+ VIR_DEBUG("Skipping due to absence of network namespace");
+ VIR_FREE(mnt_src);
+ VIR_FREE(mnt_dst);
continue;
}
- if (virFileMakePath(mnt->dst) < 0) {
+ if (virFileMakePath(mnt_dst) < 0) {
virReportSystemError(errno,
_("Failed to mkdir %s"),
- mnt_src);
+ mnt_dst);
goto cleanup;
}
@@ -957,32 +1011,67 @@ static int lxcContainerMountBasicFS(bool userns_enabled,
bindOverReadonly = !!(mnt_mflags & MS_RDONLY);
VIR_DEBUG("Mount %s on %s type=%s flags=%x",
- mnt_src, mnt->dst, mnt->type, mnt_mflags & ~MS_RDONLY);
- if (mount(mnt_src, mnt->dst, mnt->type, mnt_mflags & ~MS_RDONLY, NULL) < 0) {
+ mnt_src, mnt_dst, mnt->type, mnt_mflags & ~MS_RDONLY);
+ if (mount(mnt_src, mnt_dst, mnt->type, mnt_mflags & ~MS_RDONLY, NULL) < 0) {
+ /* Don't shout if some folder doesn't exist in /proc since they
+ * can be depending on an unloaded kernel module. */
+ if (errno == ENOENT && STRPREFIX(mnt_src, "/proc/")) {
+ VIR_DEBUG("Skipped: %s doesn't exist", mnt_src);
+ /* Cleanup the temporary path */
+ if (virFileDeleteTree(tmppaths[i]) < 0)
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("Failed to remove temporary folder %s"),
+ tmppaths[i]);
+ VIR_FREE(tmppaths[i]);
+
+ VIR_FREE(mnt_src);
+ VIR_FREE(mnt_dst);
+ continue;
+ }
virReportSystemError(errno,
_("Failed to mount %s on %s type %s flags=%x"),
- mnt_src, mnt->dst, NULLSTR(mnt->type),
+ mnt_src, mnt_dst, NULLSTR(mnt->type),
mnt_mflags & ~MS_RDONLY);
goto cleanup;
}
if (bindOverReadonly &&
- mount(mnt_src, mnt->dst, NULL,
+ mount(mnt_src, mnt_dst, NULL,
MS_BIND|MS_REMOUNT|MS_RDONLY, NULL) < 0) {
virReportSystemError(errno,
_("Failed to re-mount %s on %s flags=%x"),
- mnt_src, mnt->dst,
+ mnt_src, mnt_dst,
MS_BIND|MS_REMOUNT|MS_RDONLY);
goto cleanup;
}
VIR_FREE(mnt_src);
+ VIR_FREE(mnt_dst);
}
rc = 0;
cleanup:
+ /* Cleanup temporary mounts */
+ for (i = 0; i < nmounts; i++) {
+ virLXCBasicMountInfo const *mnt = &lxcBasicMounts[i];
+ if (mnt->temporary && tmppaths[i]) {
+ if (umount(tmppaths[i]) < 0) {
+ virReportSystemError(errno,
+ _("Failed to un-mount temporary %s"),
+ tmppaths[i]);
+ }
+ if (virFileDeleteTree(tmppaths[i]) < 0)
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("Failed to remove temporary folder %s"),
+ tmppaths[i]);
+ }
+ }
+
+ virStringFreeList(tmpkeys);
+ virStringFreeList(tmppaths);
VIR_FREE(mnt_src);
+ VIR_FREE(mnt_dst);
VIR_DEBUG("rc=%d", rc);
return rc;
}
@@ -1696,6 +1785,22 @@ static int lxcContainerUnmountForSharedRoot(const char *stateDir,
return ret;
}
+static bool
+lxcNeedNetworkNamespace(virDomainDefPtr def)
+{
+ size_t i;
+ if (def->nets != NULL)
+ return true;
+ if (def->features[VIR_DOMAIN_FEATURE_PRIVNET] == VIR_TRISTATE_SWITCH_ON)
+ return true;
+ for (i = 0; i < def->nhostdevs; i++) {
+ if (def->hostdevs[i]->mode == VIR_DOMAIN_HOSTDEV_MODE_CAPABILITIES &&
+ def->hostdevs[i]->source.caps.type == VIR_DOMAIN_HOSTDEV_CAPS_TYPE_NET)
+ return true;
+ }
+ return false;
+}
+
/* Got a FS mapped to /, we're going the pivot_root
* approach to do a better-chroot-than-chroot
@@ -1741,7 +1846,7 @@ static int lxcContainerSetupPivotRoot(virDomainDefPtr vmDef,
/* Mounts the core /proc, /sys, etc filesystems */
if (lxcContainerMountBasicFS(vmDef->idmap.nuidmap,
- !vmDef->nnets) < 0)
+ !lxcNeedNetworkNamespace(vmDef)) < 0)
goto cleanup;
/* Ensure entire root filesystem (except /.oldroot) is readonly */
@@ -2240,22 +2345,6 @@ virArch lxcContainerGetAlt32bitArch(virArch arch)
}
-static bool
-lxcNeedNetworkNamespace(virDomainDefPtr def)
-{
- size_t i;
- if (def->nets != NULL)
- return true;
- if (def->features[VIR_DOMAIN_FEATURE_PRIVNET] == VIR_TRISTATE_SWITCH_ON)
- return true;
- for (i = 0; i < def->nhostdevs; i++) {
- if (def->hostdevs[i]->mode == VIR_DOMAIN_HOSTDEV_MODE_CAPABILITIES &&
- def->hostdevs[i]->source.caps.type == VIR_DOMAIN_HOSTDEV_CAPS_TYPE_NET)
- return true;
- }
- return false;
-}
-
/**
* lxcContainerStart:
* @def: pointer to virtual machine structure
--
2.1.2
9 years, 11 months
