[libvirt] [RFC PATCH v2 0/4] numa: describe sibling nodes distances
by Wim Ten Have
From: Wim ten Have <wim.ten.have(a)oracle.com>
This patch extents guest domain administration adding support to advertise
node sibling distances when configuring HVM numa guests.
NUMA (non-uniform memory access), a method of configuring a cluster of nodes
within a single multiprocessing system such that it shares processor
local memory amongst others improving performance and the ability of the
system to be expanded.
A NUMA system could be illustrated as shown below. Within this 4-node
system, every socket is equipped with its own distinct memory. The whole
typically resembles a SMP (symmetric multiprocessing) system being a
"tightly-coupled," "share everything" system in which multiple processors
are working under a single operating system and can access each others'
memory over multiple "Bus Interconnect" paths.
+-----+-----+-----+ +-----+-----+-----+
| M | CPU | CPU | | CPU | CPU | M |
| E | | | | | | E |
| M +- Socket0 -+ +- Socket3 -+ M |
| O | | | | | | O |
| R | CPU | CPU <---------> CPU | CPU | R |
| Y | | | | | | Y |
+-----+--^--+-----+ +-----+--^--+-----+
| |
| Bus Interconnect |
| |
+-----+--v--+-----+ +-----+--v--+-----+
| M | | | | | | M |
| E | CPU | CPU <---------> CPU | CPU | E |
| M | | | | | | M |
| O +- Socket1 -+ +- Socket2 -+ O |
| R | | | | | | R |
| Y | CPU | CPU | | CPU | CPU | Y |
+-----+-----+-----+ +-----+-----+-----+
In contrast there is the limitation of a flat SMP system, not illustrated.
Here, as sockets are added, the bus (data and address path), under high
activity, gets overloaded and easily becomes a performance bottleneck.
NUMA adds an intermediate level of memory shared amongst a few cores per
socket as illustrated above, so that data accesses do not have to travel
over a single bus.
Unfortunately the way NUMA does this adds its own limitations. This,
as visualized in the illustration above, happens when data is stored in
memory associated with Socket2 and is accessed by a CPU (core) in Socket0.
The processors use the "Bus Interconnect" to create gateways between the
sockets (nodes) enabling inter-socket access to memory. These "Bus
Interconnect" hops add data access delays when a CPU (core) accesses
memory associated with a remote socket (node).
For terminology we refer to sockets as "nodes" where access to each
others' distinct resources such as memory make them "siblings" with a
designated "distance" between them. A specific design is described under
the ACPI (Advanced Configuration and Power Interface Specification)
within the chapter explaining the system's SLIT (System Locality Distance
Information Table).
These patches extend core libvirt's XML description of a virtual machine's
hardware to include NUMA distance information for sibling nodes, which
is then passed to Xen guests via libxl. Recently qemu landed support for
constructing the SLIT since commit 0f203430dd ("numa: Allow setting NUMA
distance for different NUMA nodes"), hence these core libvirt extensions
can also help other drivers in supporting this feature.
The XML changes made allow to describe the <cell> (or node/sockets) <distances>
amongst <sibling> node identifiers and propagate these towards the numa
domain functionality finally adding support to libxl.
[below is an example illustrating a 4 node/socket <cell> setup]
<cpu>
<numa>
<cell id='0' cpus='0,4-7' memory='2097152' unit='KiB'>
<distances>
<sibling id='0' value='10'/>
<sibling id='1' value='21'/>
<sibling id='2' value='31'/>
<sibling id='3' value='41'/>
</distances>
</cell>
<cell id='1' cpus='1,8-10,12-15' memory='2097152' unit='KiB'>
<distances>
<sibling id='0' value='21'/>
<sibling id='1' value='10'/>
<sibling id='2' value='21'/>
<sibling id='3' value='31'/>
</distances>
</cell>
<cell id='2' cpus='2,11' memory='2097152' unit='KiB'>
<distances>
<sibling id='0' value='31'/>
<sibling id='1' value='21'/>
<sibling id='2' value='10'/>
<sibling id='3' value='21'/>
</distances>
</cell>
<cell id='3' cpus='3' memory='2097152' unit='KiB'>
<distances>
<sibling id='0' value='41'/>
<sibling id='1' value='31'/>
<sibling id='2' value='21'/>
<sibling id='3' value='10'/>
</distances>
</cell>
</numa>
</cpu>
By default on libxl, if no <distances> are given to describe the SLIT data
between different <cell>s, this patch will default to a scheme using 10
for local and 21 for any remote node/socket, which is the assumption of
guest OS when no SLIT is specified. While SLIT is optional, libxl requires
that distances are set nonetheless.
On Linux systems the SLIT detail can be listed with help of the 'numactl -H'
command. An above HVM guest as described would on such prompt with below output.
[root@f25 ~]# numactl -H
available: 4 nodes (0-3)
node 0 cpus: 0 4 5 6 7
node 0 size: 1988 MB
node 0 free: 1743 MB
node 1 cpus: 1 8 9 10 12 13 14 15
node 1 size: 1946 MB
node 1 free: 1885 MB
node 2 cpus: 2 11
node 2 size: 2011 MB
node 2 free: 1912 MB
node 3 cpus: 3
node 3 size: 2010 MB
node 3 free: 1980 MB
node distances:
node 0 1 2 3
0: 10 21 31 41
1: 21 10 21 31
2: 31 21 10 21
3: 41 31 21 10
Wim ten Have (4):
numa: describe siblings distances within cells
libxl: vnuma support
xenconfig: add domxml conversions for xen-xl
xlconfigtest: add tests for numa cell sibling distances
docs/formatdomain.html.in | 64 ++++-
docs/schemas/basictypes.rng | 8 +
docs/schemas/cputypes.rng | 18 ++
src/conf/cpu_conf.c | 2 +-
src/conf/numa_conf.c | 260 +++++++++++++++++-
src/conf/numa_conf.h | 25 +-
src/libvirt_private.syms | 6 +
src/libxl/libxl_conf.c | 124 +++++++++
src/xenconfig/xen_xl.c | 303 +++++++++++++++++++++
.../test-fullvirt-vnuma-nodistances.cfg | 26 ++
.../test-fullvirt-vnuma-nodistances.xml | 53 ++++
tests/xlconfigdata/test-fullvirt-vnuma.cfg | 26 ++
tests/xlconfigdata/test-fullvirt-vnuma.xml | 81 ++++++
tests/xlconfigtest.c | 4 +
14 files changed, 993 insertions(+), 7 deletions(-)
create mode 100644 tests/xlconfigdata/test-fullvirt-vnuma-nodistances.cfg
create mode 100644 tests/xlconfigdata/test-fullvirt-vnuma-nodistances.xml
create mode 100644 tests/xlconfigdata/test-fullvirt-vnuma.cfg
create mode 100644 tests/xlconfigdata/test-fullvirt-vnuma.xml
--
2.9.4
7 years, 8 months
[libvirt] [PATCH 0/2] Fix a couple issues found w/ vHBA logic
by John Ferlan
Patch 1 fixes something seen whilst working through patch 2. Long
description in patch 2 describes the problem.
John Ferlan (2):
storage: Alter check for default managed setting
conf: Fix vHBA checkParent logic for pool creation
src/conf/node_device_conf.c | 50 ++++++++++++++++++++++++++++++++------
src/storage/storage_backend_scsi.c | 6 ++---
2 files changed, 45 insertions(+), 11 deletions(-)
--
2.9.4
7 years, 8 months
[libvirt] [PATCH] wireshark: Adapt to tvb_new_subset() rename
by Michal Privoznik
In Wireshark commit of 7cd6906056922e4b8 (contained in v2.4.0)
the tvb_new_subset() function was renamed to
tvb_new_subset_length_caplen(). However, we can take the extra
step and rename to tvb_new_subset_remaining() directly (see
Wireshark commit 0ecfc7280cf3d7). The reasoning is that there is
no other protocol in the packet than libvirt. Therefore, from the
point that libvirt dissector takes over till the end of the
packet it's all libvirt packet.
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
tools/wireshark/src/packet-libvirt.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/tools/wireshark/src/packet-libvirt.c b/tools/wireshark/src/packet-libvirt.c
index a1f5a34f4..c15e9c340 100644
--- a/tools/wireshark/src/packet-libvirt.c
+++ b/tools/wireshark/src/packet-libvirt.c
@@ -313,7 +313,12 @@ dissect_libvirt_payload_xdr_data(tvbuff_t *tvb, proto_tree *tree, gint payload_l
payload_length -= 4;
}
+#if WIRESHARK_VERSION < 200400
payload_tvb = tvb_new_subset(tvb, start, -1, payload_length);
+#else
+ payload_tvb = tvb_new_subset_remaining(tvb, start);
+#endif
+
#if WIRESHARK_VERSION < 1012000
payload_data = (caddr_t)tvb_memdup(payload_tvb, 0, payload_length);
#else
--
2.13.0
7 years, 8 months
[libvirt] [PATCH] nodedev: Fix call to virNodeDeviceObjListFree in nodeStateReload
by John Ferlan
Commit id '9c5d98fd8' missed changing this call to use driver->devs
rather than @driver->devs.
Signed-off-by: John Ferlan <jferlan(a)redhat.com>
---
Pushed under build breaker rule (debian-8 and centos-6)
src/node_device/node_device_hal.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/node_device/node_device_hal.c b/src/node_device/node_device_hal.c
index b220798..7f246f0 100644
--- a/src/node_device/node_device_hal.c
+++ b/src/node_device/node_device_hal.c
@@ -744,7 +744,7 @@ nodeStateReload(void)
VIR_INFO("Reloading HAL device state");
nodeDeviceLock();
VIR_INFO("Removing existing objects");
- virNodeDeviceObjListFree(&driver->devs);
+ virNodeDeviceObjListFree(driver->devs);
nodeDeviceUnlock();
hal_ctx = DRV_STATE_HAL_CTX(driver);
--
2.9.4
7 years, 8 months
[libvirt] [PATCH] security: dac: relabel spice rendernode
by Cole Robinson
For a logged in user this a path like /dev/dri/renderD128 will have
default ownership root:video which won't work for the qemu:qemu user,
so we need to chown it.
Thankfully with the namespace work we don't need to worry about this
shutting out other legitimate users
https://bugzilla.redhat.com/show_bug.cgi?id=1460804
Signed-off-by: Cole Robinson <crobinso(a)redhat.com>
---
Sidenote: Not sure about security_selinux changes... Fedora selinux policy
doesn't require relabeling /dev/dri/* nowadays so it isn't required to get
qemu to startup, and infact will probably cause issues for qemu:///session
and non-namespace qemu:///system
src/security/security_dac.c | 61 +++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 61 insertions(+)
diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index ca7a6af6d..4c86e5fe8 100644
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -1371,6 +1371,57 @@ virSecurityDACRestoreTPMFileLabel(virSecurityManagerPtr mgr,
static int
+virSecurityDACSetGraphicsLabel(virSecurityManagerPtr mgr,
+ virDomainDefPtr def,
+ virDomainGraphicsDefPtr gfx)
+
+{
+ virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
+ virSecurityLabelDefPtr seclabel;
+ uid_t user;
+ gid_t group;
+
+ seclabel = virDomainDefGetSecurityLabelDef(def, SECURITY_DAC_NAME);
+ if (seclabel && !seclabel->relabel)
+ return 0;
+
+ if (virSecurityDACGetIds(seclabel, priv, &user, &group, NULL, NULL) < 0)
+ return -1;
+
+ if (gfx->type == VIR_DOMAIN_GRAPHICS_TYPE_SPICE &&
+ gfx->data.spice.gl == VIR_TRISTATE_BOOL_YES &&
+ gfx->data.spice.rendernode) {
+ if (virSecurityDACSetOwnership(priv, NULL,
+ gfx->data.spice.rendernode,
+ user, group) < 0)
+ return -1;
+ }
+
+ return 0;
+}
+
+
+static int
+virSecurityDACRestoreGraphicsLabel(virSecurityManagerPtr mgr,
+ virDomainDefPtr def ATTRIBUTE_UNUSED,
+ virDomainGraphicsDefPtr gfx)
+
+{
+ virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
+
+ if (gfx->type == VIR_DOMAIN_GRAPHICS_TYPE_SPICE &&
+ gfx->data.spice.gl == VIR_TRISTATE_BOOL_YES &&
+ gfx->data.spice.rendernode) {
+ if (virSecurityDACRestoreFileLabel(priv,
+ gfx->data.spice.rendernode) < 0)
+ return -1;
+ }
+
+ return 0;
+}
+
+
+static int
virSecurityDACSetInputLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def,
virDomainInputDefPtr input)
@@ -1481,6 +1532,11 @@ virSecurityDACRestoreAllLabel(virSecurityManagerPtr mgr,
rc = -1;
}
+ for (i = 0; i < def->ngraphics; i++) {
+ if (virSecurityDACRestoreGraphicsLabel(mgr, def, def->graphics[i]) < 0)
+ return -1;
+ }
+
for (i = 0; i < def->ninputs; i++) {
if (virSecurityDACRestoreInputLabel(mgr, def, def->inputs[i]) < 0)
rc = -1;
@@ -1601,6 +1657,11 @@ virSecurityDACSetAllLabel(virSecurityManagerPtr mgr,
return -1;
}
+ for (i = 0; i < def->ngraphics; i++) {
+ if (virSecurityDACSetGraphicsLabel(mgr, def, def->graphics[i]) < 0)
+ return -1;
+ }
+
for (i = 0; i < def->ninputs; i++) {
if (virSecurityDACSetInputLabel(mgr, def, def->inputs[i]) < 0)
return -1;
--
2.13.3
7 years, 8 months
[libvirt] backingStore info adding late breaks virt-aa-helper
by Christian Ehrhardt
Hi,
there is a behavioral change I try to track down that affects
virt-aa-helper.
TL;DR:
- it seems backingStore info gets added "later" in recent versions which
causes issues in virt-aa-helper
Details:
For a guest containing a qcow2 disk like this:
<disk type='file' device='disk'>
<driver name='qemu' type='qcow2'/>
<source
file='/var/lib/uvtool/libvirt/images/kvmguest-artful-normal.qcow'/>
<target dev='vda' bus='virtio'/>
</disk>
And said qcow disk having a backing file:
$ qemu-img info /var/lib/uvtool/libvirt/images/kvmguest-artful-normal.qcow
image: /var/lib/uvtool/libvirt/images/kvmguest-artful-normal.qcow
[...]
backing file:
/var/lib/uvtool/libvirt/images/x-uvt-b64-Y29tLnVidW50dS5jbG91ZC5kYWlseTpzZXJ2ZXI6MTcuMTA6cHBjNjRlbCAyMDE3MDcxMw==
Now when instantiating the guest this gets the backingStore info added like:
<backingStore type='file' index='1'>
<format type='qcow2'/>
<source
file='/var/lib/uvtool/libvirt/images/x-uvt-b64-Y29tLnVidW50dS5jbG91ZC5kYWlseTpzZXJ2ZXI6MTcuMTA6cHBjNjRlbCAyMDE3MDcxMw=='/>
<backingStore/>
</backingStore>
But this now seems to come in "too late" for virt-aa-helper.
That tool is reading the guest definition to create custom rules for that
guest that opens up the apparmor profile.
And in relation to the devices the following in
src/security/virt-aa-helper.c is the important part:
Loops over disks and in those "down" the chain of backing stores:
929 for (i = 0; i < ctl->def->ndisks; i++) {
[...]
947 if (virDomainDiskDefForeachPath(disk, true, add_file_path,
&buf) < 0)
If you pass virt-aa-helper as in libvirt 3.5 a full snippet with
backingStore info it behaves the same as back in 2.5 emmitting a rule for
the backing store.
But when starting a guest on libvirt 3.5 this does no more work, so it
seems that on instantiating the guest
Past (2.5)
1. add backingStore info to guest representation
2. virt-aa-helper parses guest representation and creates rules
3. guest starts fine
changed to now (3.5):
1. virt-aa-helper parses guest representation and creates rules
2. add backingStore info to guest representation
3. guest fails to start as the apparmor rule to allow it access to its
backing file is missing.
I've verified that recent libvirt properly adds the backingStore eventually
(by disabling the apparmor profile and then starting the guest). Once fully
started the live xml representation has the backing store info added.
But as outlined above, at the point virt-aa-helper runs now the necessary
backingStore data seems to be missing.
I couldn't find the related change or a way to fix it so far, so any hints
are welcome.
--
Christian Ehrhardt
Software Engineer, Ubuntu Server
Canonical Ltd
7 years, 8 months
[libvirt] [PATCH v4 0/4] Host device isolation for pSeries guests
by Andrea Bolognani
Changes from [v3]:
* correctly handle interfaces connected to hostdev-backed
networks;
* drop patches implementing support for multiple PHBs, as
they have been merged already;
* some minor cleanups.
Changes from [v2]:
* support hot(un)plug properly;
* add documentation.
Changes from [v1]:
* address review comments;
* implement a much better isolation algorithm that doesn't
require parsing and formatting the isolation group and
can handle more dynamic scenarios, such as empty PHBs
changing their isolation groups to accomodate hotplugged
hostdevs;
* add more test cases.
[v3] https://www.redhat.com/archives/libvir-list/2017-June/msg01018.html
[v2] https://www.redhat.com/archives/libvir-list/2017-June/msg00695.html
[v1] https://www.redhat.com/archives/libvir-list/2017-June/msg00110.html
Andrea Bolognani (4):
conf: Introduce isolation groups
conf: Implement isolation rules
qemu: Isolate hostdevs on pSeries guests
news: Update for hostdev isolation
docs/news.xml | 10 +
src/bhyve/bhyve_device.c | 4 +-
src/conf/device_conf.h | 10 +
src/conf/domain_addr.c | 86 ++++++-
src/conf/domain_addr.h | 12 +-
src/conf/domain_conf.c | 2 +
src/qemu/qemu_domain_address.c | 276 +++++++++++++++++++--
src/qemu/qemu_domain_address.h | 4 +
src/qemu/qemu_hotplug.c | 7 +
tests/qemumemlocktest.c | 2 +-
.../qemuxml2argv-pseries-hostdevs-1.args | 8 +-
.../qemuxml2argv-pseries-hostdevs-2.args | 3 +-
.../qemuxml2argv-pseries-hostdevs-3.args | 2 +-
.../qemuxml2xmlout-pseries-hostdevs-1.xml | 14 +-
.../qemuxml2xmlout-pseries-hostdevs-2.xml | 6 +-
.../qemuxml2xmlout-pseries-hostdevs-3.xml | 2 +-
16 files changed, 410 insertions(+), 38 deletions(-)
--
2.7.5
7 years, 8 months
[libvirt] [v2 RESEND PATCH] qemu: reduce packet loss rate for vm with macvtap passthrough mode in migration
by ZhiPeng Lu
Before libvirt that calls virNetDevMacVLanCreateWithVPortProfile sets mac address
or vlan of a Virtual Function(VF) linked to a macvtap passthrough device of migration
destination host in migration start step. If we ping the migrating vm,
we get the network does not pass. Because VFs of migration source and destination
have the same MAC address. The patch later calling qemuMigrationVPAssociatePortProfiles
sets mac address of VF in migration finish step instead of start step.
The patch aims to reduce packet loss rate.
Signed-off-by: ZhiPeng Lu <lu.zhipeng(a)zte.com.cn>
---
src/qemu/qemu_migration.c | 18 ++++++++++++++++--
src/util/virnetdevmacvlan.c | 17 +++++++++++------
2 files changed, 27 insertions(+), 8 deletions(-)
diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c
index 09adb04..795ed71 100644
--- a/src/qemu/qemu_migration.c
+++ b/src/qemu/qemu_migration.c
@@ -5004,7 +5004,7 @@ qemuMigrationPerform(virQEMUDriverPtr driver,
}
static int
-qemuMigrationVPAssociatePortProfiles(virDomainDefPtr def)
+qemuMigrationVPAssociatePortProfiles(virDomainDefPtr def, const char *stateDir)
{
size_t i;
int last_good_net = -1;
@@ -5013,6 +5013,20 @@ qemuMigrationVPAssociatePortProfiles(virDomainDefPtr def)
for (i = 0; i < def->nnets; i++) {
net = def->nets[i];
if (virDomainNetGetActualType(net) == VIR_DOMAIN_NET_TYPE_DIRECT) {
+ if ((!virDomainNetGetActualVirtPortProfile(net) || (virDomainNetGetActualVirtPortProfile(net) &&
+ virDomainNetGetActualVirtPortProfile(net)->virtPortType != VIR_NETDEV_VPORT_PROFILE_8021QBG &&
+ virDomainNetGetActualVirtPortProfile(net)->virtPortType != VIR_NETDEV_VPORT_PROFILE_8021QBH)) &&
+ virDomainNetGetActualDirectMode(net) ==
+ VIR_NETDEV_MACVLAN_MODE_PASSTHRU) {
+ if (virNetDevSaveNetConfig(virDomainNetGetActualDirectDev(net),
+ -1, stateDir, false) < 0) {
+ goto err_exit;
+ }
+ if (virNetDevSetNetConfig(virDomainNetGetActualDirectDev(net),
+ -1, NULL, virDomainNetGetActualVlan(net), &net->mac, false) < 0) {
+ goto err_exit;
+ }
+ }
if (virNetDevVPortProfileAssociate(net->ifname,
virDomainNetGetActualVirtPortProfile(net),
&net->mac,
@@ -5187,7 +5201,7 @@ qemuMigrationFinish(virQEMUDriverPtr driver,
goto endjob;
}
- if (qemuMigrationVPAssociatePortProfiles(vm->def) < 0)
+ if (qemuMigrationVPAssociatePortProfiles(vm->def, cfg->stateDir) < 0)
goto endjob;
if (mig->network && qemuDomainMigrateOPDRelocate(driver, vm, mig) < 0)
diff --git a/src/util/virnetdevmacvlan.c b/src/util/virnetdevmacvlan.c
index 7222b0f..682dcd1 100644
--- a/src/util/virnetdevmacvlan.c
+++ b/src/util/virnetdevmacvlan.c
@@ -1020,12 +1020,17 @@ virNetDevMacVLanCreateWithVPortProfile(const char *ifnameRequested,
*/
setVlan = false;
}
-
- if (virNetDevSaveNetConfig(linkdev, -1, stateDir, setVlan) < 0)
- return -1;
-
- if (virNetDevSetNetConfig(linkdev, -1, NULL, vlan, macaddress, setVlan) < 0)
- return -1;
+ if (vmOp != VIR_NETDEV_VPORT_PROFILE_OP_MIGRATE_IN_START &&
+ virtPortProfile && (virtPortProfile->virtPortType == VIR_NETDEV_VPORT_PROFILE_8021QBH ||
+ virtPortProfile->virtPortType == VIR_NETDEV_VPORT_PROFILE_8021QBG)) {
+ if (virNetDevSaveNetConfig(linkdev, -1, stateDir, setVlan) < 0) {
+ return -1;
+ }
+ if (virNetDevSetNetConfig(linkdev, -1, NULL, vlan, macaddress,
+ setVlan) < 0) {
+ return -1;
+ }
+ }
}
if (ifnameRequested) {
--
1.8.3.1
7 years, 8 months
[libvirt] [PATCH] Revert "nwfilter: Move save of config until after successful assign"
by John Ferlan
This reverts commit b3e71a8830b2683ee88fa10cb048eabb99a446c0.
As it turns out this ends up very badly as the @def could be Free'd
even though it's owned by @obj as a result of the AssignDef.
Signed-off-by: John Ferlan <jferlan(a)redhat.com>
---
src/conf/virnwfilterobj.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/conf/virnwfilterobj.c b/src/conf/virnwfilterobj.c
index b5aaa6b..b36eda1 100644
--- a/src/conf/virnwfilterobj.c
+++ b/src/conf/virnwfilterobj.c
@@ -501,14 +501,14 @@ virNWFilterObjListLoadConfig(virNWFilterObjListPtr nwfilters,
goto error;
}
- if (!(obj = virNWFilterObjListAssignDef(nwfilters, def)))
- goto error;
-
/* We generated a UUID, make it permanent by saving the config to disk */
if (!def->uuid_specified &&
virNWFilterSaveConfig(configDir, def) < 0)
goto error;
+ if (!(obj = virNWFilterObjListAssignDef(nwfilters, def)))
+ goto error;
+
VIR_FREE(configFile);
return obj;
--
2.9.4
7 years, 8 months
[libvirt] [PATCH] security: Use VIR_DEBUG instead of VIR_INFO in virSecurityDACSetOwnershipInternal
by xinhua.Cao
virSecurityDACSetOwnershipInternal was called by libvirt child process,
so if we log message by VIR_INFO at normal scene, it would probability occurs dead lock sence,
then libvirtd will also by dead lock because libvirtd is waitting for child message.
so our suggest is use VIR_DEBUG instead of VIR_INFO to avoid this sence.
---
src/security/security_dac.c | 22 +++++++++++-----------
1 file changed, 11 insertions(+), 11 deletions(-)
diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index ca7a6af..7bfd090 100644
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -552,8 +552,8 @@ virSecurityDACSetOwnershipInternal(const virSecurityDACData *priv,
else if (rc > 0)
return 0;
- VIR_INFO("Setting DAC user and group on '%s' to '%ld:%ld'",
- NULLSTR(src ? src->path : path), (long) uid, (long) gid);
+ VIR_DEBUG("Setting DAC user and group on '%s' to '%ld:%ld'",
+ NULLSTR(src ? src->path : path), (long) uid, (long) gid);
if (priv && src && priv->chownCallback) {
rc = priv->chownCallback(src, uid, gid);
@@ -591,17 +591,17 @@ virSecurityDACSetOwnershipInternal(const virSecurityDACData *priv,
if (rc < 0) {
if (errno == EOPNOTSUPP || errno == EINVAL) {
- VIR_INFO("Setting user and group to '%ld:%ld' on '%s' not "
- "supported by filesystem",
- (long) uid, (long) gid, path);
+ VIR_DEBUG("Setting user and group to '%ld:%ld' on '%s' not "
+ "supported by filesystem",
+ (long) uid, (long) gid, path);
} else if (errno == EPERM) {
- VIR_INFO("Setting user and group to '%ld:%ld' on '%s' not "
- "permitted",
- (long) uid, (long) gid, path);
+ VIR_DEBUG("Setting user and group to '%ld:%ld' on '%s' not "
+ "permitted",
+ (long) uid, (long) gid, path);
} else if (errno == EROFS) {
- VIR_INFO("Setting user and group to '%ld:%ld' on '%s' not "
- "possible on readonly filesystem",
- (long) uid, (long) gid, path);
+ VIR_DEBUG("Setting user and group to '%ld:%ld' on '%s' not "
+ "possible on readonly filesystem",
+ (long) uid, (long) gid, path);
} else {
virReportSystemError(errno,
_("unable to set user and group to '%ld:%ld' "
--
2.8.3
7 years, 8 months