February 2017 - Devel - Libvirt List Archives

[libvirt] [PATCH v2 00/10] perf: Add software perf events

by Nitesh Konkar

This patch series adds software perf events. The perl and go patches shall follow shortly. Nitesh Konkar (10): perf: add cpu_clock software perf event support perf: add task_clock software perf event support perf: add page_faults software perf event support perf: add context_switches software perf event support perf: add cpu_migrations software perf event support perf: add page_faults_min software perf event support perf: add page_faults_maj software perf event support perf: add alignment_faults software perf event support perf: add emulation_faults software perf event support news: Update the news.xml about perf events added docs/formatdomain.html.in | 74 +++++++++++++++++++++++ docs/news.xml | 11 ++++ docs/schemas/domaincommon.rng | 9 +++ include/libvirt/libvirt-domain.h | 92 +++++++++++++++++++++++++++++ src/libvirt-domain.c | 25 ++++++++ src/qemu/qemu_driver.c | 9 +++ src/util/virperf.c | 33 ++++++++++- src/util/virperf.h | 9 +++ tests/genericxml2xmlindata/generic-perf.xml | 9 +++ tools/virsh.pod | 27 +++++++++ 10 files changed, 297 insertions(+), 1 deletion(-) -- 1.9.3

7 years, 8 months

3
14
0 / 0

[libvirt] [PATCH 0/2] fix migration related graphics listen code bugs

by Pavel Hrdina

Pavel Hrdina (2): conf: store "autoGenerated" for graphics listen in status XML conf: properly skip graphics listen element in migratable XML src/conf/domain_conf.c | 18 +++++++++++++++++- src/qemu/qemu_domain.c | 3 ++- 2 files changed, 19 insertions(+), 2 deletions(-) -- 2.11.1

7 years, 8 months

2
3
0 / 0

[libvirt] [PATCH] Make use of PERF_COUNT_HW_REF_CPU_CYCLES conditional

by Daniel P. Berrange

The PERF_COUNT_HW_REF_CPU_CYCLES constant is not available on all Linux distros libvirt targets, so its use must be made conditional. Other constant have existed long enough that we can assume they exist, as we don't support very old distros like RHEL-5 any more. Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com> --- src/util/virperf.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/util/virperf.c b/src/util/virperf.c index 49ec258..f64692b 100644 --- a/src/util/virperf.c +++ b/src/util/virperf.c @@ -104,8 +104,14 @@ static struct virPerfEventAttr attrs[] = { .attrType = PERF_TYPE_HARDWARE, .attrConfig = PERF_COUNT_HW_STALLED_CYCLES_BACKEND}, {.type = VIR_PERF_EVENT_REF_CPU_CYCLES, +# ifdef PERF_COUNT_HW_REF_CPU_CYCLES .attrType = PERF_TYPE_HARDWARE, - .attrConfig = PERF_COUNT_HW_REF_CPU_CYCLES}, + .attrConfig = PERF_COUNT_HW_REF_CPU_CYCLES +# else + .attrType = 0, + .attrConfig = 0, +# endif + }, }; typedef struct virPerfEventAttr *virPerfEventAttrPtr; -- 2.9.3

7 years, 8 months

2
2
0 / 0

[libvirt] [PATCH] network: don't use dhcp-authoritative on static networks

by Martin Wilck

"Static" DHCP networks are those where no dynamic DHCP range is defined, only a list of host entries is used to serve permanent IP addresses. On such networks, we don't want dnsmasq to reply to other requests than those statically defined. But "dhcp-authoritative" will cause dnsmasq to do just that. Therefore we can't use "dhcp-authoritative" for static networks. Fixes: 4ac20b3ae "network: add dnsmasq option 'dhcp-authoritative'" Signed-off-by: Martin Wilck <mwilck(a)suse.com> --- src/network/bridge_driver.c | 9 ++++++++- tests/networkxml2confdata/dhcp6host-routed-network.conf | 1 - 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c index ae1589d8c..17c6f3a0f 100644 --- a/src/network/bridge_driver.c +++ b/src/network/bridge_driver.c @@ -1355,7 +1355,14 @@ networkDnsmasqConfContents(virNetworkObjPtr network, if (VIR_SOCKET_ADDR_IS_FAMILY(&ipdef->address, AF_INET)) { if (ipdef->nranges || ipdef->nhosts) { virBufferAddLit(&configbuf, "dhcp-no-override\n"); - virBufferAddLit(&configbuf, "dhcp-authoritative\n"); + /* + * Use "dhcp-authoritative" only for dynamic DHCP. + * In a static-only network, it would cause dnsmasq + * to reply to requests from other hosts than those + * statically defined. + */ + if (ipdef->nranges || !ipdef->nhosts) + virBufferAddLit(&configbuf, "dhcp-authoritative\n"); } if (ipdef->tftproot) { diff --git a/tests/networkxml2confdata/dhcp6host-routed-network.conf b/tests/networkxml2confdata/dhcp6host-routed-network.conf index 87a149880..5728ee430 100644 --- a/tests/networkxml2confdata/dhcp6host-routed-network.conf +++ b/tests/networkxml2confdata/dhcp6host-routed-network.conf @@ -10,7 +10,6 @@ bind-dynamic interface=virbr1 dhcp-range=192.168.122.1,static dhcp-no-override -dhcp-authoritative dhcp-range=2001:db8:ac10:fd01::1,static,64 dhcp-hostsfile=/var/lib/libvirt/dnsmasq/local.hostsfile addn-hosts=/var/lib/libvirt/dnsmasq/local.addnhosts -- 2.11.0

7 years, 8 months

2
5
0 / 0

[libvirt] [PATCH go v3] Add support for perf events

by Nitesh Konkar

Signed-off-by: Nitesh Konkar <nitkon12(a)linux.vnet.ibm.com> --- connect.go | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ domain.go | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ domain_compat.h | 36 ++++++++++++++++++++++++++++++++++++ 3 files changed, 144 insertions(+) diff --git a/connect.go b/connect.go index 3c53485..a4dd21b 100644 --- a/connect.go +++ b/connect.go @@ -2264,6 +2264,24 @@ type DomainStatsPerf struct { StalledCyclesBackend uint64 RefCpuCyclesSet bool RefCpuCycles uint64 + CpuClockSet bool + CpuClock uint64 + TaskClockSet bool + TaskClock uint64 + PageFaultsSet bool + PageFaults uint64 + ContextSwitchesSet bool + ContextSwitches uint64 + CpuMigrationsSet bool + CpuMigrations uint64 + PageFaultsMinSet bool + PageFaultsMin uint64 + PageFaultsMajSet bool + PageFaultsMaj uint64 + AlignmentFaultsSet bool + AlignmentFaults uint64 + EmulationFaultsSet bool + EmulationFaults uint64 } func getDomainStatsPerfFieldInfo(params *DomainStatsPerf) map[string]typedParamsFieldInfo { @@ -2320,6 +2338,42 @@ func getDomainStatsPerfFieldInfo(params *DomainStatsPerf) map[string]typedParams set: &params.RefCpuCyclesSet, ul: &params.RefCpuCycles, }, + "perf.cpu_clock": typedParamsFieldInfo{ + set: &params.CpuClockSet, + ul: &params.CpuClock, + }, + "perf.task_clock": typedParamsFieldInfo{ + set: &params.TaskClockSet, + ul: &params.TaskClock, + }, + "perf.page_faults": typedParamsFieldInfo{ + set: &params.PageFaultsSet, + ul: &params.PageFaults, + }, + "perf.context_switches": typedParamsFieldInfo{ + set: &params.ContextSwitchesSet, + ul: &params.ContextSwitches, + }, + "perf.cpu_migrations": typedParamsFieldInfo{ + set: &params.CpuMigrationsSet, + ul: &params.CpuMigrations, + }, + "perf.page_faults_min": typedParamsFieldInfo{ + set: &params.PageFaultsMinSet, + ul: &params.PageFaultsMin, + }, + "perf.page_faults_maj": typedParamsFieldInfo{ + set: &params.PageFaultsMajSet, + ul: &params.PageFaultsMaj, + }, + "perf.alignment_faults": typedParamsFieldInfo{ + set: &params.AlignmentFaultsSet, + ul: &params.AlignmentFaults, + }, + "perf.emulation_faults": typedParamsFieldInfo{ + set: &params.EmulationFaultsSet, + ul: &params.EmulationFaults, + }, } } diff --git a/domain.go b/domain.go index 2bd9852..9f3ecc3 100644 --- a/domain.go +++ b/domain.go @@ -3195,6 +3195,24 @@ type DomainPerfEvents struct { StalledCyclesBackend bool RefCpuCyclesSet bool RefCpuCycles bool + CpuClockSet bool + CpuClock bool + TaskClockSet bool + TaskClock bool + PageFaultsSet bool + PageFaults bool + ContextSwitchesSet bool + ContextSwitches bool + CpuMigrationsSet bool + CpuMigrations bool + PageFaultsMinSet bool + PageFaultsMin bool + PageFaultsMajSet bool + PageFaultsMaj bool + AlignmentFaultsSet bool + AlignmentFaults bool + EmulationFaultsSet bool + EmulationFaults bool } /* Remember to also update DomainStatsPerf in connect.go when adding to the stuct above */ @@ -3253,6 +3271,42 @@ func getDomainPerfEventsFieldInfo(params *DomainPerfEvents) map[string]typedPara set: &params.RefCpuCyclesSet, b: &params.RefCpuCycles, }, + C.VIR_PERF_PARAM_CPU_CLOCK: typedParamsFieldInfo{ + set: &params.CpuClockSet, + b: &params.CpuClock, + }, + C.VIR_PERF_PARAM_TASK_CLOCK: typedParamsFieldInfo{ + set: &params.TaskClockSet, + b: &params.TaskClock, + }, + C.VIR_PERF_PARAM_PAGE_FAULTS: typedParamsFieldInfo{ + set: &params.PageFaultsSet, + b: &params.PageFaults, + }, + C.VIR_PERF_PARAM_CONTEXT_SWITCHES: typedParamsFieldInfo{ + set: &params.ContextSwitchesSet, + b: &params.ContextSwitches, + }, + C.VIR_PERF_PARAM_CPU_MIGRATIONS: typedParamsFieldInfo{ + set: &params.CpuMigrationsSet, + b: &params.CpuMigrations, + }, + C.VIR_PERF_PARAM_PAGE_FAULTS_MIN: typedParamsFieldInfo{ + set: &params.PageFaultsMinSet, + b: &params.PageFaultsMin, + }, + C.VIR_PERF_PARAM_PAGE_FAULTS_MAJ: typedParamsFieldInfo{ + set: &params.PageFaultsMajSet, + b: &params.PageFaultsMaj, + }, + C.VIR_PERF_PARAM_ALIGNMENT_FAULTS: typedParamsFieldInfo{ + set: &params.AlignmentFaultsSet, + b: &params.AlignmentFaults, + }, + C.VIR_PERF_PARAM_REF_EMULATION_FAULTS: typedParamsFieldInfo{ + set: &params.EmulationFaultsSet, + b: &params.EmulationFaults, + }, } } diff --git a/domain_compat.h b/domain_compat.h index 9540435..a114173 100644 --- a/domain_compat.h +++ b/domain_compat.h @@ -45,6 +45,42 @@ #define VIR_PERF_PARAM_REF_CPU_CYCLES "ref_cpu_cycles" #endif +#ifndef VIR_PERF_PARAM_CPU_CLOCK +#define VIR_PERF_PARAM_CPU_CLOCK "cpu_clock" +#endif + +#ifndef VIR_PERF_PARAM_TASK_CLOCK +#define VIR_PERF_PARAM_TASK_CLOCK "task_clock" +#endif + +#ifndef VIR_PERF_PARAM_PAGE_FAULTS +#define VIR_PERF_PARAM_PAGE_FAULTS "page_faults" +#endif + +#ifndef VIR_PERF_PARAM_CONTEXT_SWITCHES +#define VIR_PERF_PARAM_CONTEXT_SWITCHES "context_switches" +#endif + +#ifndef VIR_PERF_PARAM_CPU_MIGRATIONS +#define VIR_PERF_PARAM_CPU_MIGRATIONS "cpu_migrations" +#endif + +#ifndef VIR_PERF_PARAM_PAGE_FAULTS_MIN +#define VIR_PERF_PARAM_PAGE_FAULTS_MIN "page_faults_min" +#endif + +#ifndef VIR_PERF_PARAM_PAGE_FAULTS_MAJ +#define VIR_PERF_PARAM_PAGE_FAULTS_MAJ "page_faults_maj" +#endif + +#ifndef VIR_PERF_PARAM_ALIGNMENT_FAULTS +#define VIR_PERF_PARAM__ALIGNMENT_FAULTS "alignment_faults" +#endif + +#ifndef VIR_PERF_PARAM_EMULATION_FAULTS +#define VIR_PERF_PARAM_EMULATION_FAULTS "emulation_faults" +#endif + #ifndef VIR_DOMAIN_EVENT_ID_METADATA_CHANGE #define VIR_DOMAIN_EVENT_ID_METADATA_CHANGE 23 #endif -- 1.9.3

7 years, 8 months

3
3
0 / 0

[libvirt] [PATCH perl v2] Add constants for new perf event support

by Nitesh Konkar

Signed-off-by: Nitesh Konkar <nitkon12(a)linux.vnet.ibm.com> --- Changes | 9 +++++++++ Virt.xs | 9 +++++++++ lib/Sys/Virt/Domain.pm | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 72 insertions(+) diff --git a/Changes b/Changes index 842f21f..7d637f5 100644 --- a/Changes +++ b/Changes @@ -5,6 +5,15 @@ Revision history for perl module Sys::Virt - Add VIR_CONNECT_LIST_STORAGE_POOLS_VSTORAGE constant - Add VIR_CONNECT_LIST_NODE_DEVICES_CAP_DRM constant - Add virDomainSetVcpu API + - Add PERF_PARAM_CPU_CLOCK constant + - Add PERF_PARAM_TASK_CLOCK constant + - Add PERF_PARAM_PAGE_FAULTS constant + - Add PERF_PARAM_CONTEXT_SWITCHES constant + - Add PERF_PARAM_CPU_MIGRATIONS constant + - Add PERF_PARAM_PAGE_FAULTS_MIN constant + - Add PERF_PARAM_PAGE_FAULTS_MAJ constant + - Add PERF_PARAM_ALIGNMENT_FAULTS constant + - Add PERF_PARAM_EMULATION_FAULTS constant 3.0.0 2017-01-19 diff --git a/Virt.xs b/Virt.xs index 9728fb0..e80182f 100644 --- a/Virt.xs +++ b/Virt.xs @@ -8500,6 +8500,15 @@ BOOT: REGISTER_CONSTANT_STR(VIR_PERF_PARAM_STALLED_CYCLES_FRONTEND, PERF_PARAM_STALLED_CYCLES_FRONTEND); REGISTER_CONSTANT_STR(VIR_PERF_PARAM_STALLED_CYCLES_BACKEND, PERF_PARAM_STALLED_CYCLES_BACKEND); REGISTER_CONSTANT_STR(VIR_PERF_PARAM_REF_CPU_CYCLES, PERF_PARAM_REF_CPU_CYCLES); + REGISTER_CONSTANT_STR(VIR_PERF_PARAM_CPU_CLOCK, PERF_PARAM_CPU_CLOCK); + REGISTER_CONSTANT_STR(VIR_PERF_PARAM_TASK_CLOCK, PERF_PARAM_TASK_CLOCK); + REGISTER_CONSTANT_STR(VIR_PERF_PARAM_PAGE_FAULTS, PERF_PARAM_PAGE_FAULTS); + REGISTER_CONSTANT_STR(VIR_PERF_PARAM_CONTEXT_SWITCHES, PERF_PARAM_CONTEXT_SWITCHES); + REGISTER_CONSTANT_STR(VIR_PERF_PARAM_CPU_MIGRATIONS, PERF_PARAM_CPU_MIGRATIONS); + REGISTER_CONSTANT_STR(VIR_PERF_PARAM_PAGE_FAULTS_MIN, PERF_PARAM_PAGE_FAULTS_MIN); + REGISTER_CONSTANT_STR(VIR_PERF_PARAM_PAGE_FAULTS_MAJ, PERF_PARAM_PAGE_FAULTS_MAJ); + REGISTER_CONSTANT_STR(VIR_PERF_PARAM_ALIGNMENT_FAULTS, PERF_PARAM_ALIGNMENT_FAULTS); + REGISTER_CONSTANT_STR(VIR_PERF_PARAM_EMULATION_FAULTS, PERF_PARAM_EMULATION_FAULTS); REGISTER_CONSTANT_STR(VIR_DOMAIN_BANDWIDTH_IN_AVERAGE, BANDWIDTH_IN_AVERAGE); REGISTER_CONSTANT_STR(VIR_DOMAIN_BANDWIDTH_IN_PEAK, BANDWIDTH_IN_PEAK); diff --git a/lib/Sys/Virt/Domain.pm b/lib/Sys/Virt/Domain.pm index 6b36e73..eea8b26 100644 --- a/lib/Sys/Virt/Domain.pm +++ b/lib/Sys/Virt/Domain.pm @@ -2814,6 +2814,60 @@ frequency scaling by applications running on the platform. It corresponds to the "perf.ref_cpu_cycles" field in the *Stats APIs. +=item Sys::Virt::Domain::PERF_PARAM_CPU_CLOCK +The cpu_clock perf event counter which can be used to +measure the count of cpu clock time by applications +running on the platform. It corresponds to the +"perf.cpu_clock" field in the *Stats APIs. + +=item Sys::Virt::Domain::PERF_PARAM_TASK_CLOCK +The task_clock perf event counter which can be used to +measure the count of task clock time by applications +running on the platform. It corresponds to the +"perf.task_clock" field in the *Stats APIs. + +=item Sys::Virt::Domain::PERF_PARAM_PAGE_FAULTS +The page_faults perf event counter which can be used to +measure the count of page faults by applications running +on the platform. It corresponds to the "perf.page_faults" +field in the *Stats APIs. + +=item Sys::Virt::Domain::PERF_PARAM_CONTEXT_SWITCHES +The context_switches perf event counter which can be used to +measure the count of context switches by applications running +on the platform. It corresponds to the "perf.context_switches" +field in the *Stats APIs. + +=item Sys::Virt::Domain::PERF_PARAM_CPU_MIGRATIONS +The cpu_migrations perf event counter which can be used to +measure the count of cpu migrations by applications running +on the platform. It corresponds to the "perf.cpu_migrations" +field in the *Stats APIs. + +=item Sys::Virt::Domain::PERF_PARAM_PAGE_FAULTS_MIN +The page_faults_min perf event counter which can be used to +measure the count of minor page faults by applications running +on the platform. It corresponds to the "perf.page_faults_min" +field in the *Stats APIs. + +=item Sys::Virt::Domain::PERF_PARAM_PAGE_FAULTS_MAJ +The page_faults_maj perf event counter which can be used to +measure the count of major page faults by applications running +on the platform. It corresponds to the "perf.page_faults_maj" +field in the *Stats APIs. + +=item Sys::Virt::Domain::PERF_PARAM_ALIGNMENT_FAULTS +The alignment_faults perf event counter which can be used to +measure the count of alignment faults by applications running +on the platform. It corresponds to the "perf.alignment_faults" +field in the *Stats APIs. + +=item Sys::Virt::Domain::PERF_PARAM_EMULATION_FAULTS +The emulation_faults perf event counter which can be used to +measure the count of emulation faults by applications running +on the platform. It corresponds to the "perf.emulation_faults" +field in the *Stats APIs. + =back =head2 VCPU FLAGS -- 1.9.3

7 years, 8 months

2
2
0 / 0

[libvirt] [PATCH] vz: correct error message

by Mikhail Feoktistov

--- src/vz/vz_sdk.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/vz/vz_sdk.c b/src/vz/vz_sdk.c index e16bb0c..84e89a5 100644 --- a/src/vz/vz_sdk.c +++ b/src/vz/vz_sdk.c @@ -2601,8 +2601,10 @@ prlsdkCheckUnsupportedParams(PRL_HANDLE sdkdom, virDomainDefPtr def) def->onCrash != VIR_DOMAIN_LIFECYCLE_CRASH_DESTROY) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", - _("on_reboot, on_poweroff and on_crash parameters " - "are not supported by vz driver")); + _("The following parameters must be " + "on_reboot = restart, on_poweroff = destroy, " + "on_crash = destroy. " + "Different actions are not supported by vz driver")); return -1; } -- 1.8.3.1

7 years, 8 months

2
1
0 / 0

[libvirt] [PATCH v2] Don't print extra newline in virsh domstats output

by Nitesh Konkar

Signed-off-by: Nitesh Konkar <nitkon12(a)linux.vnet.ibm.com> --- virsh domstats --perf Domain: 'Fedora123' perf.cache_misses=394986 Domain: 'Fedora' perf.cache_misses=447017 virsh domstats Domain: 'Fedora123' state.state=1 state.reason=1 cpu.time=562472167198 cpu.user=228340000000 cpu.system=303250000000 balloon.current=1048576 balloon.maximum=1048576 perf.cache_misses=634012 Domain: 'Fedora' state.state=1 state.reason=1 cpu.time=19303277561180 cpu.user=5634250000000 cpu.system=9536140000000 balloon.current=1048576 balloon.maximum=1048576 perf.cache_misses=699207 tools/virsh-domain-monitor.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/tools/virsh-domain-monitor.c b/tools/virsh-domain-monitor.c index 77aa272..901a6eb 100644 --- a/tools/virsh-domain-monitor.c +++ b/tools/virsh-domain-monitor.c @@ -2047,7 +2047,6 @@ virshDomainStatsPrintRecord(vshControl *ctl ATTRIBUTE_UNUSED, VIR_FREE(param); } - vshPrint(ctl, "\n"); return true; } @@ -2145,9 +2144,13 @@ cmdDomstats(vshControl *ctl, const vshCmd *cmd) goto cleanup; } - for (next = records; *next; next++) { + next = records; + while (*next) { if (!virshDomainStatsPrintRecord(ctl, *next, raw)) goto cleanup; + + if (*(++next)) + vshPrint(ctl, "\n"); } ret = true; -- 1.9.3

7 years, 8 months

2
2
0 / 0

[libvirt] [PATCH] qemu: Enforce qemuSecurity wrappers

by Michal Privoznik

Now that we have some qemuSecurity wrappers over virSecurityManager APIs, lets make sure everybody sticks with them. We have them for a reason and calling virSecurityManager API directly instead of wrapper may lead into accidentally labelling a file on the host instead of namespace. Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com> --- This is an alternative approach to: https://www.redhat.com/archives/libvir-list/2017-February/msg00271.html cfg.mk | 5 ++++ src/qemu/qemu_command.c | 7 +++--- src/qemu/qemu_conf.c | 9 ++++--- src/qemu/qemu_domain.c | 17 ++++++------- src/qemu/qemu_driver.c | 63 ++++++++++++++++++++++------------------------- src/qemu/qemu_hotplug.c | 4 +-- src/qemu/qemu_migration.c | 13 +++++----- src/qemu/qemu_process.c | 61 ++++++++++++++++++++++----------------------- src/qemu/qemu_security.h | 32 ++++++++++++++++++++++++ 9 files changed, 122 insertions(+), 89 deletions(-) diff --git a/cfg.mk b/cfg.mk index 69e3f3a1a..489fda8ea 100644 --- a/cfg.mk +++ b/cfg.mk @@ -983,6 +983,11 @@ sc_prohibit_sysconf_pagesize: halt='use virGetSystemPageSize[KB] instead of sysconf(_SC_PAGESIZE)' \ $(_sc_search_regexp) +sc_prohibit_virSecurity: + @grep -P 'virSecurityManager(?!Ptr)' $$($(VC_LIST_EXCEPT) | grep '^src/qemu/' | \ + grep -v '^src/qemu/qemu_security') && \ + { echo '$(ME): prefer qemuSecurity wrappers' 1>&2; exit 1; } || : + sc_prohibit_pthread_create: @prohibit='\bpthread_create\b' \ exclude='sc_prohibit_pthread_create' \ diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index c00a47a91..110540ba7 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -28,6 +28,7 @@ #include "qemu_capabilities.h" #include "qemu_interface.h" #include "qemu_alias.h" +#include "qemu_security.h" #include "cpu/cpu.h" #include "dirname.h" #include "viralloc.h" @@ -8321,8 +8322,8 @@ qemuBuildInterfaceCommandLine(virQEMUDriverPtr driver, } for (i = 0; i < tapfdSize; i++) { - if (virSecurityManagerSetTapFDLabel(driver->securityManager, - def, tapfd[i]) < 0) + if (qemuSecuritySetTapFDLabel(driver->securityManager, + def, tapfd[i]) < 0) goto cleanup; virCommandPassFD(cmd, tapfd[i], VIR_COMMAND_PASS_FD_CLOSE_PARENT); @@ -8403,7 +8404,7 @@ qemuBuildInterfaceCommandLine(virQEMUDriverPtr driver, /* NOTE: Not using const virDomainDef here since eventually a call is made - * into virSecurityManagerSetTapFDLabel which calls it's driver + * into qemuSecuritySetTapFDLabel which calls it's driver * API domainSetSecurityTapFDLabel that doesn't use the const format. */ static int diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c index 0223a95d2..4fc0dee39 100644 --- a/src/qemu/qemu_conf.c +++ b/src/qemu/qemu_conf.c @@ -38,6 +38,7 @@ #include "qemu_conf.h" #include "qemu_capabilities.h" #include "qemu_domain.h" +#include "qemu_security.h" #include "viruuid.h" #include "virbuffer.h" #include "virconf.h" @@ -904,7 +905,7 @@ virCapsPtr virQEMUDriverCreateCapabilities(virQEMUDriverPtr driver) } /* access sec drivers and create a sec model for each one */ - if (!(sec_managers = virSecurityManagerGetNested(driver->securityManager))) + if (!(sec_managers = qemuSecurityGetNested(driver->securityManager))) goto error; /* calculate length */ @@ -917,14 +918,14 @@ virCapsPtr virQEMUDriverCreateCapabilities(virQEMUDriverPtr driver) for (i = 0; sec_managers[i]; i++) { virCapsHostSecModelPtr sm = &caps->host.secModels[i]; - doi = virSecurityManagerGetDOI(sec_managers[i]); - model = virSecurityManagerGetModel(sec_managers[i]); + doi = qemuSecurityGetDOI(sec_managers[i]); + model = qemuSecurityGetModel(sec_managers[i]); if (VIR_STRDUP(sm->model, model) < 0 || VIR_STRDUP(sm->doi, doi) < 0) goto error; for (j = 0; j < ARRAY_CARDINALITY(virtTypes); j++) { - lbl = virSecurityManagerGetBaseLabel(sec_managers[i], virtTypes[j]); + lbl = qemuSecurityGetBaseLabel(sec_managers[i], virtTypes[j]); type = virDomainVirtTypeToString(virtTypes[j]); if (lbl && virCapabilitiesHostSecModelAddBaseLabel(sm, type, lbl) < 0) diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index f62bf8f1d..2c827ea2c 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -588,8 +588,8 @@ qemuDomainWriteMasterKeyFile(virQEMUDriverPtr driver, goto cleanup; } - if (virSecurityManagerDomainSetPathLabel(driver->securityManager, - vm->def, path) < 0) + if (qemuSecurityDomainSetPathLabel(driver->securityManager, + vm->def, path) < 0) goto cleanup; ret = 0; @@ -2688,7 +2688,7 @@ qemuDomainDefPostParse(virDomainDefPtr def, if (qemuDomainRecheckInternalPaths(def, cfg, parseFlags) < 0) goto cleanup; - if (virSecurityManagerVerify(driver->securityManager, def) < 0) + if (qemuSecurityVerify(driver->securityManager, def) < 0) goto cleanup; if (qemuDomainDefVcpusPostParse(def) < 0) @@ -7257,8 +7257,7 @@ qemuDomainSetupDev(virQEMUDriverPtr driver, VIR_DEBUG("Setting up /dev/ for domain %s", vm->def->name); - mount_options = virSecurityManagerGetMountOptions(driver->securityManager, - vm->def); + mount_options = qemuSecurityGetMountOptions(driver->securityManager, vm->def); if (!mount_options && VIR_STRDUP(mount_options, "") < 0) @@ -7679,7 +7678,7 @@ qemuDomainAttachDeviceMknodHelper(pid_t pid ATTRIBUTE_UNUSED, bool delDevice = false; bool isLink = S_ISLNK(data->sb.st_mode); - virSecurityManagerPostFork(data->driver->securityManager); + qemuSecurityPostFork(data->driver->securityManager); if (virFileMakeParentPath(data->file) < 0) { virReportSystemError(errno, @@ -7841,16 +7840,16 @@ qemuDomainAttachDeviceMknodRecursive(virQEMUDriverPtr driver, #endif if (STRPREFIX(file, DEVPREFIX)) { - if (virSecurityManagerPreFork(driver->securityManager) < 0) + if (qemuSecurityPreFork(driver->securityManager) < 0) goto cleanup; if (virProcessRunInMountNamespace(vm->pid, qemuDomainAttachDeviceMknodHelper, &data) < 0) { - virSecurityManagerPostFork(driver->securityManager); + qemuSecurityPostFork(driver->securityManager); goto cleanup; } - virSecurityManagerPostFork(driver->securityManager); + qemuSecurityPostFork(driver->securityManager); } if (isLink && diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 89bc833de..096fe36fe 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -405,26 +405,26 @@ qemuSecurityInit(virQEMUDriverPtr driver) cfg->securityDriverNames[0]) { names = cfg->securityDriverNames; while (names && *names) { - if (!(mgr = virSecurityManagerNew(*names, - QEMU_DRIVER_NAME, - flags))) + if (!(mgr = qemuSecurityNew(*names, + QEMU_DRIVER_NAME, + flags))) goto error; if (!stack) { - if (!(stack = virSecurityManagerNewStack(mgr))) + if (!(stack = qemuSecurityNewStack(mgr))) goto error; } else { - if (virSecurityManagerStackAddNested(stack, mgr) < 0) + if (qemuSecurityStackAddNested(stack, mgr) < 0) goto error; } mgr = NULL; names++; } } else { - if (!(mgr = virSecurityManagerNew(NULL, - QEMU_DRIVER_NAME, - flags))) + if (!(mgr = qemuSecurityNew(NULL, + QEMU_DRIVER_NAME, + flags))) goto error; - if (!(stack = virSecurityManagerNewStack(mgr))) + if (!(stack = qemuSecurityNewStack(mgr))) goto error; mgr = NULL; } @@ -432,17 +432,17 @@ qemuSecurityInit(virQEMUDriverPtr driver) if (virQEMUDriverIsPrivileged(driver)) { if (cfg->dynamicOwnership) flags |= VIR_SECURITY_MANAGER_DYNAMIC_OWNERSHIP; - if (!(mgr = virSecurityManagerNewDAC(QEMU_DRIVER_NAME, - cfg->user, - cfg->group, - flags, - qemuSecurityChownCallback))) + if (!(mgr = qemuSecurityNewDAC(QEMU_DRIVER_NAME, + cfg->user, + cfg->group, + flags, + qemuSecurityChownCallback))) goto error; if (!stack) { - if (!(stack = virSecurityManagerNewStack(mgr))) + if (!(stack = qemuSecurityNewStack(mgr))) goto error; } else { - if (virSecurityManagerStackAddNested(stack, mgr) < 0) + if (qemuSecurityStackAddNested(stack, mgr) < 0) goto error; } mgr = NULL; @@ -3088,7 +3088,7 @@ qemuDomainSaveMemory(virQEMUDriverPtr driver, if (fd < 0) goto cleanup; - if (virSecurityManagerSetImageFDLabel(driver->securityManager, vm->def, fd) < 0) + if (qemuSecuritySetImageFDLabel(driver->securityManager, vm->def, fd) < 0) goto cleanup; if (!(wrapperFd = virFileWrapperFdNew(&fd, path, wrapperFlags))) @@ -3553,8 +3553,7 @@ static int qemuDumpToFd(virQEMUDriverPtr driver, virDomainObjPtr vm, return -1; } - if (virSecurityManagerSetImageFDLabel(driver->securityManager, vm->def, - fd) < 0) + if (qemuSecuritySetImageFDLabel(driver->securityManager, vm->def, fd) < 0) return -1; VIR_FREE(priv->job.current); @@ -3846,7 +3845,7 @@ qemuDomainScreenshot(virDomainPtr dom, } unlink_tmp = true; - virSecurityManagerSetSavedStateLabel(driver->securityManager, vm->def, tmp); + qemuSecuritySetSavedStateLabel(driver->securityManager, vm->def, tmp); qemuDomainObjEnterMonitor(driver, vm); if (qemuMonitorScreendump(priv->mon, tmp) < 0) { @@ -5928,8 +5927,8 @@ static int qemuDomainGetSecurityLabel(virDomainPtr dom, virSecurityLabelPtr secl * QEMU monitor hasn't seen SIGHUP/ERR on poll(). */ if (virDomainObjIsActive(vm)) { - if (virSecurityManagerGetProcessLabel(driver->securityManager, - vm->def, vm->pid, seclabel) < 0) { + if (qemuSecurityGetProcessLabel(driver->securityManager, + vm->def, vm->pid, seclabel) < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("Failed to get security label")); goto cleanup; @@ -5973,8 +5972,7 @@ static int qemuDomainGetSecurityLabelList(virDomainPtr dom, ret = 0; } else { int len = 0; - virSecurityManagerPtr* mgrs = virSecurityManagerGetNested( - driver->securityManager); + virSecurityManagerPtr* mgrs = qemuSecurityGetNested(driver->securityManager); if (!mgrs) goto cleanup; @@ -5990,8 +5988,8 @@ static int qemuDomainGetSecurityLabelList(virDomainPtr dom, /* Fill the array */ for (i = 0; i < len; i++) { - if (virSecurityManagerGetProcessLabel(mgrs[i], vm->def, vm->pid, - &(*seclabels)[i]) < 0) { + if (qemuSecurityGetProcessLabel(mgrs[i], vm->def, vm->pid, + &(*seclabels)[i]) < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("Failed to get security label")); VIR_FREE(mgrs); @@ -6369,8 +6367,8 @@ qemuDomainSaveImageStartVM(virConnectPtr conn, cleanup: virCommandFree(cmd); VIR_FREE(errbuf); - if (virSecurityManagerRestoreSavedStateLabel(driver->securityManager, - vm->def, path) < 0) + if (qemuSecurityRestoreSavedStateLabel(driver->securityManager, + vm->def, path) < 0) VIR_WARN("failed to restore save state label on %s", path); virObjectUnref(cfg); return ret; @@ -11196,7 +11194,7 @@ qemuDomainMemoryPeek(virDomainPtr dom, goto endjob; } - virSecurityManagerSetSavedStateLabel(driver->securityManager, vm->def, tmp); + qemuSecuritySetSavedStateLabel(driver->securityManager, vm->def, tmp); priv = vm->privateData; qemuDomainObjEnterMonitor(driver, vm); @@ -17064,8 +17062,7 @@ qemuDomainOpenGraphics(virDomainPtr dom, goto endjob; } - if (virSecurityManagerSetImageFDLabel(driver->securityManager, vm->def, - fd) < 0) + if (qemuSecuritySetImageFDLabel(driver->securityManager, vm->def, fd) < 0) goto endjob; qemuDomainObjEnterMonitor(driver, vm); @@ -17129,13 +17126,13 @@ qemuDomainOpenGraphicsFD(virDomainPtr dom, goto cleanup; } - if (virSecurityManagerSetSocketLabel(driver->securityManager, vm->def) < 0) + if (qemuSecuritySetSocketLabel(driver->securityManager, vm->def) < 0) goto cleanup; if (socketpair(PF_UNIX, SOCK_STREAM, 0, pair) < 0) goto cleanup; - if (virSecurityManagerClearSocketLabel(driver->securityManager, vm->def) < 0) + if (qemuSecurityClearSocketLabel(driver->securityManager, vm->def) < 0) goto cleanup; if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_MODIFY) < 0) diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c index 2f209f12b..b99b0e9fb 100644 --- a/src/qemu/qemu_hotplug.c +++ b/src/qemu/qemu_hotplug.c @@ -1134,8 +1134,8 @@ qemuDomainAttachNetDevice(virQEMUDriverPtr driver, } for (i = 0; i < tapfdSize; i++) { - if (virSecurityManagerSetTapFDLabel(driver->securityManager, - vm->def, tapfd[i]) < 0) + if (qemuSecuritySetTapFDLabel(driver->securityManager, + vm->def, tapfd[i]) < 0) goto cleanup; } diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c index 0f4a6cf21..c40cb1391 100644 --- a/src/qemu/qemu_migration.c +++ b/src/qemu/qemu_migration.c @@ -40,6 +40,7 @@ #include "qemu_cgroup.h" #include "qemu_hotplug.h" #include "qemu_blockjob.h" +#include "qemu_security.h" #include "domain_audit.h" #include "virlog.h" @@ -4597,7 +4598,7 @@ qemuMigrationConnect(virQEMUDriverPtr driver, spec->destType = MIGRATION_DEST_FD; spec->dest.fd.qemu = -1; - if (virSecurityManagerSetSocketLabel(driver->securityManager, vm->def) < 0) + if (qemuSecuritySetSocketLabel(driver->securityManager, vm->def) < 0) goto cleanup; if (virNetSocketNewConnectTCP(host, port, AF_UNSPEC, @@ -4605,7 +4606,7 @@ qemuMigrationConnect(virQEMUDriverPtr driver, spec->dest.fd.qemu = virNetSocketDupFD(sock, true); virObjectUnref(sock); } - if (virSecurityManagerClearSocketLabel(driver->securityManager, vm->def) < 0 || + if (qemuSecurityClearSocketLabel(driver->securityManager, vm->def) < 0 || spec->dest.fd.qemu == -1) goto cleanup; @@ -5076,8 +5077,8 @@ static int doTunnelMigrate(virQEMUDriverPtr driver, spec.dest.fd.local = fds[0]; } if (spec.dest.fd.qemu == -1 || - virSecurityManagerSetImageFDLabel(driver->securityManager, vm->def, - spec.dest.fd.qemu) < 0) { + qemuSecuritySetImageFDLabel(driver->securityManager, vm->def, + spec.dest.fd.qemu) < 0) { virReportSystemError(errno, "%s", _("cannot create pipe for tunnelled migration")); goto cleanup; @@ -6463,8 +6464,8 @@ qemuMigrationToFile(virQEMUDriverPtr driver, virDomainObjPtr vm, * doesn't have to open() the file, so while we still have to * grant SELinux access, we can do it on fd and avoid cleanup * later, as well as skip futzing with cgroup. */ - if (virSecurityManagerSetImageFDLabel(driver->securityManager, vm->def, - compressor ? pipeFD[1] : fd) < 0) + if (qemuSecuritySetImageFDLabel(driver->securityManager, vm->def, + compressor ? pipeFD[1] : fd) < 0) goto cleanup; if (qemuDomainObjEnterMonitorAsync(driver, vm, asyncJob) < 0) diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index 92fa69b3c..5c44e565b 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -221,8 +221,7 @@ qemuConnectAgent(virQEMUDriverPtr driver, virDomainObjPtr vm) return 0; } - if (virSecurityManagerSetDaemonSocketLabel(driver->securityManager, - vm->def) < 0) { + if (qemuSecuritySetDaemonSocketLabel(driver->securityManager, vm->def) < 0) { VIR_ERROR(_("Failed to set security context for agent for %s"), vm->def->name); goto cleanup; @@ -250,8 +249,7 @@ qemuConnectAgent(virQEMUDriverPtr driver, virDomainObjPtr vm) return -1; } - if (virSecurityManagerClearSocketLabel(driver->securityManager, - vm->def) < 0) { + if (qemuSecurityClearSocketLabel(driver->securityManager, vm->def) < 0) { VIR_ERROR(_("Failed to clear security context for agent for %s"), vm->def->name); qemuAgentClose(agent); @@ -1657,8 +1655,7 @@ qemuConnectMonitor(virQEMUDriverPtr driver, virDomainObjPtr vm, int asyncJob, int ret = -1; qemuMonitorPtr mon = NULL; - if (virSecurityManagerSetDaemonSocketLabel(driver->securityManager, - vm->def) < 0) { + if (qemuSecuritySetDaemonSocketLabel(driver->securityManager, vm->def) < 0) { VIR_ERROR(_("Failed to set security context for monitor for %s"), vm->def->name); return -1; @@ -1695,7 +1692,7 @@ qemuConnectMonitor(virQEMUDriverPtr driver, virDomainObjPtr vm, int asyncJob, } priv->mon = mon; - if (virSecurityManagerClearSocketLabel(driver->securityManager, vm->def) < 0) { + if (qemuSecurityClearSocketLabel(driver->securityManager, vm->def) < 0) { VIR_ERROR(_("Failed to clear security context for monitor for %s"), vm->def->name); return -1; @@ -2638,7 +2635,7 @@ static int qemuProcessHook(void *data) * protected across fork() */ - virSecurityManagerPostFork(h->driver->securityManager); + qemuSecurityPostFork(h->driver->securityManager); /* Some later calls want pid present */ h->vm->pid = getpid(); @@ -2651,7 +2648,7 @@ static int qemuProcessHook(void *data) * sockets the lock driver opens that we don't want * labelled. So far we're ok though. */ - if (virSecurityManagerSetSocketLabel(h->driver->securityManager, h->vm->def) < 0) + if (qemuSecuritySetSocketLabel(h->driver->securityManager, h->vm->def) < 0) goto cleanup; if (virDomainLockProcessStart(h->driver->lockManager, h->cfg->uri, @@ -2660,7 +2657,7 @@ static int qemuProcessHook(void *data) true, &fd) < 0) goto cleanup; - if (virSecurityManagerClearSocketLabel(h->driver->securityManager, h->vm->def) < 0) + if (qemuSecurityClearSocketLabel(h->driver->securityManager, h->vm->def) < 0) goto cleanup; if (qemuDomainBuildNamespace(h->driver, h->vm) < 0) @@ -3260,8 +3257,8 @@ qemuProcessBuildDestroyHugepagesPath(virQEMUDriverPtr driver, goto cleanup; } - if (virSecurityManagerDomainSetPathLabel(driver->securityManager, - vm->def, hugepagePath) < 0) { + if (qemuSecurityDomainSetPathLabel(driver->securityManager, + vm->def, hugepagePath) < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("Unable to set huge path in security driver")); goto cleanup; @@ -3437,13 +3434,13 @@ qemuProcessReconnect(void *opaque) /* if domain requests security driver we haven't loaded, report error, but * do not kill the domain */ - ignore_value(virSecurityManagerCheckAllLabel(driver->securityManager, - obj->def)); + ignore_value(qemuSecurityCheckAllLabel(driver->securityManager, + obj->def)); if (qemuDomainRefreshVcpuInfo(driver, obj, QEMU_ASYNC_JOB_NONE, true) < 0) goto error; - if (virSecurityManagerReserveLabel(driver->securityManager, obj->def, obj->pid) < 0) + if (qemuSecurityReserveLabel(driver->securityManager, obj->def, obj->pid) < 0) goto error; if (qemuProcessNotifyNets(obj->def) < 0) @@ -4451,8 +4448,8 @@ qemuProcessMakeDir(virQEMUDriverPtr driver, goto cleanup; } - if (virSecurityManagerDomainSetPathLabel(driver->securityManager, - vm->def, path) < 0) + if (qemuSecurityDomainSetPathLabel(driver->securityManager, + vm->def, path) < 0) goto cleanup; ret = 0; @@ -4647,7 +4644,7 @@ qemuProcessStartValidate(virQEMUDriverPtr driver, } VIR_DEBUG("Checking domain and device security labels"); - if (virSecurityManagerCheckAllLabel(driver->securityManager, vm->def) < 0) + if (qemuSecurityCheckAllLabel(driver->securityManager, vm->def) < 0) return -1; } @@ -5202,7 +5199,7 @@ qemuProcessPrepareDomain(virConnectPtr conn, /* If you are using a SecurityDriver with dynamic labelling, then generate a security label for isolation */ VIR_DEBUG("Generating domain security label (if required)"); - if (virSecurityManagerGenLabel(driver->securityManager, vm->def) < 0) { + if (qemuSecurityGenLabel(driver->securityManager, vm->def) < 0) { virDomainAuditSecurityLabel(vm, false); goto cleanup; } @@ -5513,8 +5510,8 @@ qemuProcessLaunch(virConnectPtr conn, virCommandSetUmask(cmd, 0x002); VIR_DEBUG("Setting up security labelling"); - if (virSecurityManagerSetChildProcessLabel(driver->securityManager, - vm->def, cmd) < 0) + if (qemuSecuritySetChildProcessLabel(driver->securityManager, + vm->def, cmd) < 0) goto cleanup; virCommandSetOutputFD(cmd, &logfile); @@ -5524,10 +5521,10 @@ qemuProcessLaunch(virConnectPtr conn, virCommandDaemonize(cmd); virCommandRequireHandshake(cmd); - if (virSecurityManagerPreFork(driver->securityManager) < 0) + if (qemuSecurityPreFork(driver->securityManager) < 0) goto cleanup; rv = virCommandRun(cmd, NULL); - virSecurityManagerPostFork(driver->securityManager); + qemuSecurityPostFork(driver->securityManager); /* wait for qemu process to show up */ if (rv == 0) { @@ -5604,8 +5601,8 @@ qemuProcessLaunch(virConnectPtr conn, goto cleanup; } if (S_ISFIFO(stdin_sb.st_mode) && - virSecurityManagerSetImageFDLabel(driver->securityManager, - vm->def, incoming->fd) < 0) + qemuSecuritySetImageFDLabel(driver->securityManager, + vm->def, incoming->fd) < 0) goto cleanup; } @@ -6122,7 +6119,7 @@ void qemuProcessStop(virQEMUDriverPtr driver, qemuSecurityRestoreAllLabel(driver, vm, !!(flags & VIR_QEMU_PROCESS_STOP_MIGRATED)); - virSecurityManagerReleaseLabel(driver->securityManager, vm->def); + qemuSecurityReleaseLabel(driver->securityManager, vm->def); for (i = 0; i < vm->def->ndisks; i++) { virDomainDeviceDef dev; @@ -6366,13 +6363,13 @@ int qemuProcessAttach(virConnectPtr conn ATTRIBUTE_UNUSED, vm->pid = pid; VIR_DEBUG("Detect security driver config"); - sec_managers = virSecurityManagerGetNested(driver->securityManager); + sec_managers = qemuSecurityGetNested(driver->securityManager); if (sec_managers == NULL) goto error; for (i = 0; sec_managers[i]; i++) { seclabelgen = false; - model = virSecurityManagerGetModel(sec_managers[i]); + model = qemuSecurityGetModel(sec_managers[i]); seclabeldef = virDomainDefGetSecurityLabelDef(vm->def, model); if (seclabeldef == NULL) { if (!(seclabeldef = virSecurityLabelDefNew(model))) @@ -6382,8 +6379,8 @@ int qemuProcessAttach(virConnectPtr conn ATTRIBUTE_UNUSED, seclabeldef->type = VIR_DOMAIN_SECLABEL_STATIC; if (VIR_ALLOC(seclabel) < 0) goto error; - if (virSecurityManagerGetProcessLabel(sec_managers[i], - vm->def, vm->pid, seclabel) < 0) + if (qemuSecurityGetProcessLabel(sec_managers[i], vm->def, + vm->pid, seclabel) < 0) goto error; if (VIR_STRDUP(seclabeldef->model, model) < 0) @@ -6400,9 +6397,9 @@ int qemuProcessAttach(virConnectPtr conn ATTRIBUTE_UNUSED, } } - if (virSecurityManagerCheckAllLabel(driver->securityManager, vm->def) < 0) + if (qemuSecurityCheckAllLabel(driver->securityManager, vm->def) < 0) goto error; - if (virSecurityManagerGenLabel(driver->securityManager, vm->def) < 0) + if (qemuSecurityGenLabel(driver->securityManager, vm->def) < 0) goto error; if (qemuDomainPerfRestart(vm) < 0) diff --git a/src/qemu/qemu_security.h b/src/qemu/qemu_security.h index 54638908d..d86db3f6b 100644 --- a/src/qemu/qemu_security.h +++ b/src/qemu/qemu_security.h @@ -28,6 +28,7 @@ # include "qemu_conf.h" # include "domain_conf.h" +# include "security/security_manager.h" int qemuSecuritySetAllLabel(virQEMUDriverPtr driver, virDomainObjPtr vm, @@ -60,4 +61,35 @@ int qemuSecuritySetHostdevLabel(virQEMUDriverPtr driver, int qemuSecurityRestoreHostdevLabel(virQEMUDriverPtr driver, virDomainObjPtr vm, virDomainHostdevDefPtr hostdev); + +/* Please note that for these APIs there is no wrapper yet. Do NOT blindly add + * new APIs here. If an API can touch a /dev file add a proper wrapper instead. + */ +# define qemuSecurityCheckAllLabel virSecurityManagerCheckAllLabel +# define qemuSecurityClearSocketLabel virSecurityManagerClearSocketLabel +# define qemuSecurityDomainSetPathLabel virSecurityManagerDomainSetPathLabel +# define qemuSecurityGenLabel virSecurityManagerGenLabel +# define qemuSecurityGetBaseLabel virSecurityManagerGetBaseLabel +# define qemuSecurityGetDOI virSecurityManagerGetDOI +# define qemuSecurityGetModel virSecurityManagerGetModel +# define qemuSecurityGetMountOptions virSecurityManagerGetMountOptions +# define qemuSecurityGetNested virSecurityManagerGetNested +# define qemuSecurityGetProcessLabel virSecurityManagerGetProcessLabel +# define qemuSecurityNew virSecurityManagerNew +# define qemuSecurityNewDAC virSecurityManagerNewDAC +# define qemuSecurityNewStack virSecurityManagerNewStack +# define qemuSecurityPostFork virSecurityManagerPostFork +# define qemuSecurityPreFork virSecurityManagerPreFork +# define qemuSecurityReleaseLabel virSecurityManagerReleaseLabel +# define qemuSecurityReserveLabel virSecurityManagerReserveLabel +# define qemuSecurityRestoreSavedStateLabel virSecurityManagerRestoreSavedStateLabel +# define qemuSecuritySetChildProcessLabel virSecurityManagerSetChildProcessLabel +# define qemuSecuritySetDaemonSocketLabel virSecurityManagerSetDaemonSocketLabel +# define qemuSecuritySetImageFDLabel virSecurityManagerSetImageFDLabel +# define qemuSecuritySetSavedStateLabel virSecurityManagerSetSavedStateLabel +# define qemuSecuritySetSocketLabel virSecurityManagerSetSocketLabel +# define qemuSecuritySetTapFDLabel virSecurityManagerSetTapFDLabel +# define qemuSecurityStackAddNested virSecurityManagerStackAddNested +# define qemuSecurityVerify virSecurityManagerVerify + #endif /* __QEMU_SECURITY_H__ */ -- 2.11.0

7 years, 8 months

4
6
0 / 0

[libvirt] [PATH v9 00/12] Support cache tune in libvirt

by Eli Qiao

Addressed comment from v9 -> v8 Marcelo: * New public API to query cache usage Eli: * Fix core dump while multiple tasks are added. Addressed comment from v8 -> v7 Martin: * Patch subject prefix. * Move some of cpu related information to virhostcpu.c. * Fix some memory leak in src/utils/resctrl.c Martin & Marcelo: * Don't remove directories which are not maintained by libvirt. Addressed comment from v7 -> v6 Marcelo: * Fix flock usage while VM initialization. Addressed comment from v6 -> v5 Marcelo: * Support other APPs to operate /sys/fs/resctrl at same time Libvirt will scan /sys/fs/resctrl again before doing cache allocation. patch 10 will address this. Addressed comment from v4 -> v5: Marcelo: * Several typos * Use flock instead of virFileLock Addressed comment from v3 -> v4: Daniel & Marcelo: * Added concurrence support Addressed comment from v2 -> v3: Daniel: * Fixed coding style, passed `make check` and `make syntax-check` * Variables renaming and move from header file to c file. * For locking/mutex support, no progress. There are some discussion from mailing list, but I can not find a better way to add locking support without performance impact. I'll explain the process and please help to advice what shoud we do. VM create: 1) Get the cache left value on each bank of the host. This should be shared amount all VMs. 2) Calculate the schemata on the bank based on all created resctrl domain's schemata 3) Calculate the default schemata by scaning all domain's schemata. 4) Flush default schemata to /sys/fs/resctrl/schemata VM destroy: 1) Remove the resctrl domain of that VM 2) Recalculate default schemata 3) Flush default schemata to /sys/fs/resctrl/schemata The key point is that all VMs shares /sys/fs/resctrl/schemata, and when a VM create a resctrl domain, the schemata of that VM depends on the default schemata and all other exsited schematas. So a global mutex is reqired. Before calculate a schemata or update default schemata, libvirt should gain this global mutex. I will try to think more about how to support this gracefully in next patch set. Marcelo: * Added vcpu support for cachetune, this will allow user to define which vcpu using which cache allocation bank. <cachetune id='0' host_id=0 size='3072' unit='KiB' vcpus='0,1'/> vcpus is a cpumap, the vcpu pids will be added to tasks file * Added cdp compatible, user can specify l3 cache even host enable cdp. See patch 8. On a cdp enabled host, specify l3code/l3data by <cachetune id='0' host_id='0' type='l3' size='3072' unit='KiB'/> This will create a schemata like: L3data:0=0xff00;... L3code:0=0xff00;... * Would you please help to test if the functions work. Martin: * Xml test case, I have no time to work on this yet, would you please show me an example, would like to amend it later. This series patches are for supportting CAT featues, which also called cache tune in libvirt. First to expose cache information which could be tuned in capabilites XML. Then add new domain xml element support to add cacahe bank which will apply on this libvirt domain. This series patches add a util file `resctrl.c/h`, an interface to talk with linux kernel's system fs. There are still one TODO left: 1. Expose a new public interface to set cachetune lively. Some discussion about this feature support can be found from: https://www.redhat.com/archives/libvir-list/2017-January/msg00644.html Eli Qiao (12): Resctrl: Add some utils functions Resctrl: expose cache information to capabilities Resctrl: Add new xml element to support cache tune Resctrl: Add private interfaces to operate cache bank Qemu: Set cache tune while booting a new domain. Resctrl: enable l3code/l3data Resctrl: Make sure l3data/l3code are pairs Resctrl: Compatible mode for cdp enabled Resctrl: concurrence support Resctrl: Scan resctrl before doing cache allocation Resctrl: Add Public API for nodecachestats Resctrl: Add nodecachestats daemon/remote.c | 67 +++ docs/schemas/domaincommon.rng | 46 ++ include/libvirt/libvirt-host.h | 32 ++ include/libvirt/virterror.h | 1 + po/POTFILES.in | 1 + src/Makefile.am | 1 + src/conf/capabilities.c | 56 +++ src/conf/capabilities.h | 23 + src/conf/domain_conf.c | 182 +++++++ src/conf/domain_conf.h | 19 + src/driver-hypervisor.h | 7 + src/libvirt-host.c | 41 ++ src/libvirt_private.syms | 12 + src/libvirt_public.syms | 1 + src/nodeinfo.c | 64 +++ src/nodeinfo.h | 1 + src/qemu/qemu_capabilities.c | 8 + src/qemu/qemu_driver.c | 18 + src/qemu/qemu_process.c | 54 ++ src/remote/remote_driver.c | 52 ++ src/remote/remote_protocol.x | 25 +- src/remote_protocol-structs | 16 + src/util/virerror.c | 1 + src/util/virhostcpu.c | 186 ++++++- src/util/virhostcpu.h | 6 + src/util/virresctrl.c | 1082 ++++++++++++++++++++++++++++++++++++++++ src/util/virresctrl.h | 96 ++++ tools/virsh-host.c | 49 ++ 28 files changed, 2129 insertions(+), 18 deletions(-) create mode 100644 src/util/virresctrl.c create mode 100644 src/util/virresctrl.h -- 1.9.1

7 years, 8 months

3
16
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

Devel February 2017