[libvirt] [PATCH v3] qemu: change monitor.sock from /var/lib/libvirt/qemu/domain-*** to /var/run/libvirt/qemu/domain-***
by xinhua.Cao
directory /var/lib alway is Persistence directory, but in redhat system, /var/run is memory directory.
our running domain xml is saved at /var/run/libvirt/qemu. so if we cold reset system,
the /var/run/libvirt/qemu directory is clear, but /var/lib/libvirt/qemu/domain-*** is saved., so there
have same /var/lib/libvirt/qemu/domain-*** directory will be left over at system cold reset.
---
src/qemu/qemu_domain.c | 2 +-
tests/qemuxml2argvtest.c | 4 ++++
2 files changed, 5 insertions(+), 1 deletion(-)
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 13e77ee..67da8fa 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -1713,7 +1713,7 @@ qemuDomainSetPrivatePaths(virQEMUDriverPtr driver,
goto cleanup;
if (!priv->libDir &&
- virAsprintf(&priv->libDir, "%s/domain-%s", cfg->libDir, domname) < 0)
+ virAsprintf(&priv->libDir, "%s/domain-%s", cfg->stateDir, domname) < 0)
goto cleanup;
if (!priv->channelTargetDir &&
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
index 03b1bcb..b596bd2 100644
--- a/tests/qemuxml2argvtest.c
+++ b/tests/qemuxml2argvtest.c
@@ -620,6 +620,10 @@ mymain(void)
if (VIR_STRDUP_QUIET(driver.config->memoryBackingDir, "/var/lib/libvirt/qemu/ram") < 0)
return EXIT_FAILURE;
+ VIR_FREE(driver.config->stateDir);
+ if (VIR_STRDUP(driver.config->stateDir, "/tmp/lib") < 0)
+ return EXIT_FAILURE;
+
# define DO_TEST_FULL(name, migrateFrom, migrateFd, flags, \
parseFlags, gic, ...) \
do { \
--
2.8.3
6 years, 11 months
[libvirt] [PATCH 0/4] libvirtd: fix hang on termination in qemu driver
by Nikolay Shirokovskiy
Libvirtd termination can hang. For example if some API call in qemu
driver awaiting monitor response it will never finish because event
loop does not functional during termination. As a result we hang
in virNetDaemonClose call during termination as this call finishes RPC
threads.
Let's ask hypervisor drivers to finish all API calls by calling
introduced state driver shutdown function before call to virNetDaemonClose.
Nikolay Shirokovskiy (4):
libvirt: introduce hypervisor driver shutdown function
qemu: implement state driver shutdown function
qemu: agent: fix monitor close during first sync
qemu: monitor: check monitor not closed upon send
daemon/libvirtd.c | 2 ++
src/driver-state.h | 4 ++++
src/libvirt.c | 18 ++++++++++++++++++
src/libvirt_internal.h | 1 +
src/libvirt_private.syms | 1 +
src/qemu/qemu_agent.c | 14 +++++++-------
src/qemu/qemu_driver.c | 39 +++++++++++++++++++++++++++++++++++++++
src/qemu/qemu_monitor.c | 27 +++++++++++++--------------
8 files changed, 85 insertions(+), 21 deletions(-)
--
1.8.3.1
6 years, 11 months
[libvirt] [PATCH] nwfilter: fix deadlock on firewalld restart/reload
by Nikolay Shirokovskiy
Deadlock scenario:
1. domain is being started and domain driver takes read lock
for nwfilter update lock thru virNWFilterReadLockFilterUpdates.
2. firewalld restarted and event loop hangs trying to take write lock
for nwfilter update lock in nwfilterStateReload.
This is deadlock because for thread 1 to proceed we need a
response from qemu/timeout but whole event loop is stuck by 2.
Let's just offload nwfilter driver reload to a distinct thread.
Besides resolving a deadlock this change offloads rather heavy
operation (many hypervisor drivers X many domains for a driver)
off the event loop.
---
Concrete stacktrace.
Thread 17 (Thread 0x7fbd5a22d880 (LWP 7329)):
0 0x00007fbd56bb903e in pthread_rwlock_wrlock () from /lib64/libpthread.so.0
1 0x00007fbd3d511297 in nwfilterStateReload () from /usr/lib64/libvirt/connection-driver/libvirt_driver_nwfilter.so
2 0x00007fbd3d511355 in nwfilterFirewalldDBusFilter () from /usr/lib64/libvirt/connection-driver/libvirt_driver_nwfilter.so
3 0x00007fbd57bc5dfe in dbus_connection_dispatch () from /lib64/libdbus-1.so.3
4 0x00007fbd5953e641 in virDBusWatchCallback () from /lib64/libvirt.so.0
5 0x00007fbd5954868e in virEventPollRunOnce () from /lib64/libvirt.so.0
6 0x00007fbd59547942 in virEventRunDefaultImpl () from /lib64/libvirt.so.0
7 0x00007fbd596a94ed in virNetDaemonRun () from /lib64/libvirt.so.0
8 0x00007fbd5a28b07c in main ()
Thread 3 (Thread 0x7fbd49553700 (LWP 8029)):
0 0x00007fbd56bb96d5 in pthread_cond_wait@(a)GLIBC_2.3.2 () from /lib64/libpthread.so.0
1 0x00007fbd59596816 in virCondWait () from /lib64/libvirt.so.0
2 0x00007fbd3d0183db in qemuMonitorSend () from /usr/lib64/libvirt/connection-driver/libvirt_driver_qemu.so
3 0x00007fbd3d02c8d0 in qemuMonitorJSONCommandWithFd () from /usr/lib64/libvirt/connection-driver/libvirt_driver_qemu.so
4 0x00007fbd3d02e1a1 in qemuMonitorJSONSetCapabilities () from /usr/lib64/libvirt/connection-driver/libvirt_driver_qemu.so
5 0x00007fbd3cff965c in qemuConnectMonitor () from /usr/lib64/libvirt/connection-driver/libvirt_driver_qemu.so
6 0x00007fbd3cffcb70 in qemuProcessWaitForMonitor () from /usr/lib64/libvirt/connection-driver/libvirt_driver_qemu.so
7 0x00007fbd3d004668 in qemuProcessLaunch () from /usr/lib64/libvirt/connection-driver/libvirt_driver_qemu.so
8 0x00007fbd3d0062a8 in qemuProcessStart () from /usr/lib64/libvirt/connection-driver/libvirt_driver_qemu.so
9 0x00007fbd3d0679cb in qemuDomainObjStart.constprop.50 () from /usr/lib64/libvirt/connection-driver/libvirt_driver_qemu.so
10 0x00007fbd3d068106 in qemuDomainCreateWithFlags () from /usr/lib64/libvirt/connection-driver/libvirt_driver_qemu.so
11 0x00007fbd5964247d in virDomainCreateWithFlags () from /lib64/libvirt.so.0
12 0x00007fbd5a2a3b81 in remoteDispatchDomainCreateWithFlagsHelper ()
13 0x00007fbd596af3c3 in virNetServerProgramDispatch () from /lib64/libvirt.so.0
14 0x00007fbd5a2c56cd in virNetServerHandleJob ()
15 0x00007fbd59597221 in virThreadPoolWorker () from /lib64/libvirt.so.0
16 0x00007fbd595965a8 in virThreadHelper () from /lib64/libvirt.so.0
17 0x00007fbd56bb5dc5 in start_thread () from /lib64/libpthread.so.0
18 0x00007fbd568e473d in clone () from /lib64/libc.so.6
src/nwfilter/nwfilter_driver.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/src/nwfilter/nwfilter_driver.c b/src/nwfilter/nwfilter_driver.c
index 2f9a51c..bcb4400 100644
--- a/src/nwfilter/nwfilter_driver.c
+++ b/src/nwfilter/nwfilter_driver.c
@@ -81,6 +81,12 @@ static void nwfilterDriverUnlock(void)
#if HAVE_FIREWALLD
+static void
+nwfilterStateReloadAdapter(void *opaque ATTRIBUTE_UNUSED)
+{
+ nwfilterStateReload();
+}
+
static DBusHandlerResult
nwfilterFirewalldDBusFilter(DBusConnection *connection ATTRIBUTE_UNUSED,
DBusMessage *message,
@@ -90,8 +96,12 @@ nwfilterFirewalldDBusFilter(DBusConnection *connection ATTRIBUTE_UNUSED,
"NameOwnerChanged") ||
dbus_message_is_signal(message, "org.fedoraproject.FirewallD1",
"Reloaded")) {
+ virThread thread;
+
VIR_DEBUG("Reload in nwfilter_driver because of firewalld.");
- nwfilterStateReload();
+ if (virThreadCreate(&thread, false, nwfilterStateReloadAdapter, NULL) < 0)
+ VIR_ERROR(_("Could not create thread. Network filter "
+ "driver reload failed"));
}
return DBUS_HANDLER_RESULT_NOT_YET_HANDLED;
--
1.8.3.1
6 years, 11 months
[libvirt] [PATCH v3 REBASE v2 0/2] qemu: report block job errors from qemu to the user
by Nikolay Shirokovskiy
So that you can see nice report on migration:
"error: operation failed: migration of disk sda failed: No space left on device"
diff from v2:
============
1. split into 2 patches
2. change formal documentation where it is present accordingly
3. add variable initialization for safety
Nikolay Shirokovskiy (2):
qemu: prepare blockjob complete event error usage
qemu: report drive mirror errors on migration
src/qemu/qemu_blockjob.c | 14 +++++++++--
src/qemu/qemu_blockjob.h | 3 ++-
src/qemu/qemu_domain.c | 10 +++++++-
src/qemu/qemu_domain.h | 1 +
src/qemu/qemu_driver.c | 4 ++--
src/qemu/qemu_migration.c | 55 +++++++++++++++++++++++++++++++-------------
src/qemu/qemu_monitor.c | 5 ++--
src/qemu/qemu_monitor.h | 4 +++-
src/qemu/qemu_monitor_json.c | 4 +++-
src/qemu/qemu_process.c | 4 ++++
10 files changed, 78 insertions(+), 26 deletions(-)
--
1.8.3.1
6 years, 11 months
[libvirt] [PATCH] spec: don't package product dirs
by Nikolay Shirokovskiy
Directories /var/{lib,cache}/libvirt/qemu/ are created by libvirtd on
start and their owner:group is changed according to the config. Thus
no need to include them in libvirt-daemon-driver-qemu package. Otherwise
we see noisy "directory changed" on rpm -V for the package.
---
libvirt.spec.in | 2 --
1 file changed, 2 deletions(-)
diff --git a/libvirt.spec.in b/libvirt.spec.in
index a3bd77f..e20f65c 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -1911,8 +1911,6 @@ exit 0
%config(noreplace) %{_sysconfdir}/libvirt/qemu-lockd.conf
%config(noreplace) %{_sysconfdir}/logrotate.d/libvirtd.qemu
%ghost %dir %attr(0700, root, root) %{_localstatedir}/run/libvirt/qemu/
-%dir %attr(0751, %{qemu_user}, %{qemu_group}) %{_localstatedir}/lib/libvirt/qemu/
-%dir %attr(0750, %{qemu_user}, %{qemu_group}) %{_localstatedir}/cache/libvirt/qemu/
%{_datadir}/augeas/lenses/libvirtd_qemu.aug
%{_datadir}/augeas/lenses/tests/test_libvirtd_qemu.aug
%{_libdir}/%{name}/connection-driver/libvirt_driver_qemu.so
--
1.8.3.1
6 years, 11 months
[libvirt] [PATCH v2] qemu_domain: Error out eariler when configuring IDE controller incorrectly
by Lin Ma
Move error handling of IDE controller from qemuBuildControllerDevStr to
qemuDomainDeviceDefValidate for reminding users eariler.
Signed-off-by: Lin Ma <lma(a)suse.com>
---
src/qemu/qemu_command.c | 17 -----------------
src/qemu/qemu_domain.c | 26 ++++++++++++++++++++++++++
2 files changed, 26 insertions(+), 17 deletions(-)
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index b1cfafa79..463952d9b 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -3106,23 +3106,6 @@ qemuBuildControllerDevStr(const virDomainDef *domainDef,
}
break;
- case VIR_DOMAIN_CONTROLLER_TYPE_IDE:
- /* Since we currently only support the integrated IDE
- * controller on various boards, if we ever get to here, it's
- * because some other machinetype had an IDE controller
- * specified, or one with a single IDE contraller had multiple
- * ide controllers specified.
- */
- if (qemuDomainHasBuiltinIDE(domainDef))
- virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
- _("Only a single IDE controller is supported "
- "for this machine type"));
- else
- virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
- _("IDE controllers are unsupported for "
- "this QEMU binary or machine type"));
- goto error;
-
default:
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
_("Unsupported controller type: %s"),
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index ece8ee7dd..d0be2afaf 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -3539,6 +3539,29 @@ qemuDomainWatchdogDefValidate(const virDomainWatchdogDef *dev,
}
+static int
+qemuDomainControllerDefValidate(const virDomainControllerDefPtr controller,
+ const virDomainDef *def)
+{
+ if (controller->type == VIR_DOMAIN_CONTROLLER_TYPE_IDE) {
+ if (qemuDomainHasBuiltinIDE(def) && controller->idx != 0) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("Only a single IDE controller is supported "
+ "for this machine type"));
+ return -1;
+ }
+ if (qemuDomainIsQ35(def)) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("IDE controllers are unsupported for q35 "
+ "machine type"));
+ return -1;
+ }
+ }
+
+ return 0;
+}
+
+
static int
qemuDomainDeviceDefValidate(const virDomainDeviceDef *dev,
const virDomainDef *def,
@@ -3650,6 +3673,9 @@ qemuDomainDeviceDefValidate(const virDomainDeviceDef *dev,
} else if (dev->type == VIR_DOMAIN_DEVICE_WATCHDOG) {
if (qemuDomainWatchdogDefValidate(dev->data.watchdog, def) < 0)
goto cleanup;
+ } else if (dev->type == VIR_DOMAIN_DEVICE_CONTROLLER) {
+ if (qemuDomainControllerDefValidate(dev->data.controller, def) < 0)
+ goto cleanup;
}
/* forbid capabilities mode hostdev in this kind of hypervisor */
--
2.14.0
6 years, 12 months
[libvirt] New QEMU daemon for persistent reservations
by Paolo Bonzini
Hi all,
I am adding a new daemon to QEMU, that QEMU can connect to in order to
issue persistent reservation commands.
The daemon can only issue the commands on file descriptor that QEMU
already has. In addition normal users shouldn't have access to the
daemon's Unix socket in /run, so the daemon is protected against misuse.
My question is what is the best way to handle the connection to the
daemon socket. Currently, the path to the socket is passed to QEMU on
the command line:
-object pr-manager-helper,id=mgr,path=/run/qemu-pr-helper.sock \
-drive if=none,id=hd,driver=raw,filename=/dev/sdb,file.pr-manager=mgr \
-device scsi-block,drive=hd
(the new parts are "-object pr-manager-helper" and "file.pr-manager").
I could just make it root:root and pass a file descriptor from libvirt
to QEMU, but this would make it impossible for QEMU to reconnect to the
daemon in case someone does a "systemctl restart" or even just kills it
inadvertently. The daemon is stateless, so transparent reconnection
would be a nice feature to have.
The alternative is to somehow label the daemon socket so that it can be
accessed by QEMU, but I'm not very well versed in SELinux.
Any ideas?
Paolo
6 years, 12 months
[libvirt] [PATCH] AppArmor: add rules needed with additional mediation features brought by Linux 4.14.
by intrigeri
---
examples/apparmor/libvirt-qemu | 2 ++
examples/apparmor/usr.sbin.libvirtd | 9 +++++++++
2 files changed, 11 insertions(+)
diff --git a/examples/apparmor/libvirt-qemu b/examples/apparmor/libvirt-qemu
index b341e31f42..5994a35042 100644
--- a/examples/apparmor/libvirt-qemu
+++ b/examples/apparmor/libvirt-qemu
@@ -16,6 +16,8 @@
network inet stream,
network inet6 stream,
+ signal (receive) set=("term") peer=/usr/sbin/libvirtd,
+
/dev/net/tun rw,
/dev/kvm rw,
/dev/ptmx rw,
diff --git a/examples/apparmor/usr.sbin.libvirtd b/examples/apparmor/usr.sbin.libvirtd
index 819068ffc3..17b5ee38ff 100644
--- a/examples/apparmor/usr.sbin.libvirtd
+++ b/examples/apparmor/usr.sbin.libvirtd
@@ -30,6 +30,8 @@
# Needed for vfio
capability sys_resource,
+ mount,
+
network inet stream,
network inet dgram,
network inet6 stream,
@@ -37,11 +39,18 @@
network packet dgram,
network packet raw,
+ network netlink raw,
+ network unix dgram,
+ network unix stream,
+
ptrace (trace) peer=unconfined,
ptrace (trace) peer=/usr/sbin/libvirtd,
ptrace (trace) peer=/usr/sbin/dnsmasq,
ptrace (trace) peer=libvirt-*,
+ signal (send) set=("hup") peer=/usr/sbin/dnsmasq,
+ signal (send) set=("term") peer=libvirt-*,
+
# Very lenient profile for libvirtd since we want to first focus on confining
# the guests. Guests will have a very restricted profile.
/ r,
--
2.15.0.rc2
7 years
[libvirt] [PATCH] numa: avoid failure in nodememstats on non-NUMA systems
by Viktor Mihajlovski
libvirt reports a fake NUMA topology in virConnectGetCapabilities
even if built without numactl support. The fake NUMA topology consists
of a single cell representing the host's cpu and memory resources.
Currently this is the case for ARM and s390[x] RPM builds.
A client iterating over NUMA cells obtained via virConnectGetCapabilities
and invoking virNodeGetMemoryStats on them will see an internal failure
"NUMA isn't available on this host". An example for such a client is
VDSM.
Since the intention seems to be that libvirt always reports at least
a single cell it is necessary to return "fake" node memory statistics
matching the previously reported fake cell in case NUMA isn't supported
on the system.
Signed-off-by: Viktor Mihajlovski <mihajlov(a)linux.vnet.ibm.com>
---
src/util/virhostmem.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/src/util/virhostmem.c b/src/util/virhostmem.c
index a9ba278..fa04a37 100644
--- a/src/util/virhostmem.c
+++ b/src/util/virhostmem.c
@@ -267,6 +267,14 @@ virHostMemGetStats(int cellNum ATTRIBUTE_UNUSED,
FILE *meminfo;
int max_node;
+ /*
+ * Even if built without numactl, libvirt claims
+ * to have a one-cells NUMA topology. In such a
+ * case return the statistics for the entire host.
+ */
+ if (!virNumaIsAvailable() && cellNum == 0)
+ cellNum = VIR_NODE_MEMORY_STATS_ALL_CELLS;
+
if (cellNum == VIR_NODE_MEMORY_STATS_ALL_CELLS) {
if (VIR_STRDUP(meminfo_path, MEMINFO_PATH) < 0)
return -1;
--
1.9.1
7 years
[libvirt] [PATCH v3 0/5] nwfilter common object adjustments
by John Ferlan
v2: https://www.redhat.com/archives/libvir-list/2017-July/msg00673.html
(and a few pings along the way)
Don't think much survived from v2 - this is a fresh start anyway.
Perhaps old patch 2 the same, but beyond that a different approach
to remove recursive read/write locks and replace with using rwlock
read/write where the write's are in very tight confines.
I've run the changes through avocado with success. There were some
really strange deadlocks along the way - even causing libvirtd to
go defunct. There's a lot of strange ways to use/access the nwfilters.
John Ferlan (5):
nwfilter: Add update locking to Initialization
nwfilter: Remove unnecessary UUID comparison bypass
nwfilter: Convert _virNWFilterObj to use virObjectRWLockable
nwfilter: Convert _virNWFilterObjList to use virObjectRWLockable
nwfilter: Remove need for nwfilterDriverLock in some API's
src/conf/virnwfilterobj.c | 555 +++++++++++++++++++++++----------
src/conf/virnwfilterobj.h | 11 +-
src/libvirt_private.syms | 3 +-
src/nwfilter/nwfilter_driver.c | 77 +++--
src/nwfilter/nwfilter_gentech_driver.c | 11 +-
5 files changed, 433 insertions(+), 224 deletions(-)
--
2.13.6
7 years