[libvirt] [PATCH v2 0/3] Add caching of QEMU probed capabilities
by Daniel P. Berrange
A followup to
https://www.redhat.com/archives/libvir-list/2014-March/msg00297.html
Probing capabilities takes 200-300ms per binary and we have as many
as 26 binaries. This noticably slows down libvirtd startup. It does
not look like performance of probing QEMU can be improved, so this
series introduces caching of the capabilities information. So the
first time libvirtd starts it'll be slow, but thereafter it is fast.
The cache is invalidated any time the QEMU binary timestamp changes
or the libvirtd binary or driver module timestamp changes.
In v2:
- Store timestamps in XML file instead of non-portable utimes()
- Use ctime instead of mtime since the latter can be faked
by package managers to go backwards in time.
Daniel P. Berrange (3):
Add helper APIs to track if libvirtd or loadable modules have changed
Change QEMU capabilities cache to check ctime instead of mtime
Cache result of QEMU capabilities extraction
daemon/libvirtd.c | 2 +
src/driver.c | 2 +
src/libvirt_private.syms | 2 +
src/qemu/qemu_capabilities.c | 442 +++++++++++++++++++++++++++++++++++++++++--
src/qemu/qemu_capabilities.h | 2 +
src/qemu/qemu_driver.c | 1 +
src/util/virutil.c | 23 +++
src/util/virutil.h | 4 +
8 files changed, 467 insertions(+), 11 deletions(-)
--
1.8.5.3
10 years, 9 months
[libvirt] [PATCH] tests: Distribute securityselinuxhelperdata
by Jiri Denemark
Signed-off-by: Jiri Denemark <jdenemar(a)redhat.com>
---
Notes:
Pushed as a build-breaker since 'make distcheck' fails without
this patch.
tests/Makefile.am | 1 +
1 file changed, 1 insertion(+)
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 5c1f420..3267ad3 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -97,6 +97,7 @@ EXTRA_DIST = \
qemuxml2xmloutdata \
qemuxmlnsdata \
secretxml2xmlin \
+ securityselinuxhelperdata \
securityselinuxlabeldata \
schematestutils.sh \
sexpr2xmldata \
--
1.9.0
10 years, 9 months
[libvirt] [PATCH] BZ1072677: Avoid freeing of 0 file descriptor
by Stefan Berger
From: Stefan Berger <stefanb(a)linux.vnet.ibm.com>
Avoid the freeing of an array of zero file descriptors in case
of error. Introduce a macro VIR_INIT_N_FD to initialize such
an array's elements to -1.
Signed-off-by: Stefan Berger <stefanb(a)linux.vnet.ibm.com>
---
src/qemu/qemu_hotplug.c | 14 +++++++++++---
src/util/virfile.h | 12 ++++++++++++
2 files changed, 23 insertions(+), 3 deletions(-)
diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
index 6703c92..b295db2 100644
--- a/src/qemu/qemu_hotplug.c
+++ b/src/qemu/qemu_hotplug.c
@@ -874,9 +874,12 @@ int qemuDomainAttachNetDevice(virConnectPtr conn,
tapfdSize = vhostfdSize = net->driver.virtio.queues;
if (!tapfdSize)
tapfdSize = vhostfdSize = 1;
- if (VIR_ALLOC_N(tapfd, tapfdSize) < 0 ||
- VIR_ALLOC_N(vhostfd, vhostfdSize) < 0)
+ if (VIR_ALLOC_N(tapfd, tapfdSize) < 0)
goto cleanup;
+ VIR_INIT_N_FD(tapfd, tapfdSize);
+ if (VIR_ALLOC_N(vhostfd, vhostfdSize) < 0)
+ goto cleanup;
+ VIR_INIT_N_FD(vhostfd, vhostfdSize);
if (qemuNetworkIfaceConnect(vm->def, conn, driver, net,
priv->qemuCaps, tapfd, &tapfdSize) < 0)
goto cleanup;
@@ -885,8 +888,12 @@ int qemuDomainAttachNetDevice(virConnectPtr conn,
goto cleanup;
} else if (actualType == VIR_DOMAIN_NET_TYPE_DIRECT) {
tapfdSize = vhostfdSize = 1;
- if (VIR_ALLOC(tapfd) < 0 || VIR_ALLOC(vhostfd) < 0)
+ if (VIR_ALLOC(tapfd) < 0)
+ goto cleanup;
+ *tapfd = -1;
+ if (VIR_ALLOC(vhostfd) < 0)
goto cleanup;
+ *vhostfd = -1;
if ((tapfd[0] = qemuPhysIfaceConnect(vm->def, driver, net,
priv->qemuCaps,
VIR_NETDEV_VPORT_PROFILE_OP_CREATE)) < 0)
@@ -898,6 +905,7 @@ int qemuDomainAttachNetDevice(virConnectPtr conn,
vhostfdSize = 1;
if (VIR_ALLOC(vhostfd) < 0)
goto cleanup;
+ *vhostfd = -1;
if (qemuOpenVhostNet(vm->def, net, priv->qemuCaps, vhostfd, &vhostfdSize) < 0)
goto cleanup;
}
diff --git a/src/util/virfile.h b/src/util/virfile.h
index 20baf6f..802cf01 100644
--- a/src/util/virfile.h
+++ b/src/util/virfile.h
@@ -75,6 +75,18 @@ FILE *virFileFdopen(int *fdptr, const char *mode) ATTRIBUTE_RETURN_CHECK;
VIR_FILE_CLOSE_PRESERVE_ERRNO | \
VIR_FILE_CLOSE_DONT_LOG))
+static inline void vir_init_n_int(int *ptr, int count, int value)
+{
+ int i;
+
+ for (i = 0; i < count; i++)
+ ptr[i] = value;
+}
+
+/* Initialize an array of file descriptors to -1 */
+# define VIR_INIT_N_FD(ptr, count) \
+ vir_init_n_int(ptr, count, -1)
+
/* Opaque type for managing a wrapper around a fd. */
struct _virFileWrapperFd;
--
1.8.1.4
10 years, 9 months
[libvirt] [PATCH v2] qemu: cleanup tap devices on FreeBSD
by Roman Bogorodskiy
We have to explicitly destroy TAP devices on FreeBSD because
they're not freed after being closed, otherwise we end up with
orphaned TAP devices after destroying a domain.
---
src/qemu/qemu_process.c | 7 +++++++
src/util/virnetdevtap.h | 6 ++++++
2 files changed, 13 insertions(+)
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index ffa939a..6806539 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -61,6 +61,7 @@
#include "viruuid.h"
#include "virprocess.h"
#include "virtime.h"
+#include "virnetdevbridge.h"
#include "virnetdevtap.h"
#include "virbitmap.h"
#include "viratomic.h"
@@ -4381,6 +4382,12 @@ void qemuProcessStop(virQEMUDriverPtr driver,
virDomainNetGetActualVirtPortProfile(net),
cfg->stateDir));
VIR_FREE(net->ifname);
+#ifdef VIR_NETDEV_TAP_REQUIRE_MANUAL_CLEANUP
+ } else if (virDomainNetGetActualType(net) == VIR_DOMAIN_NET_TYPE_BRIDGE) {
+ ignore_value(virNetDevBridgeRemovePort(virDomainNetGetActualBridgeName(net),
+ net->ifname));
+ ignore_value(virNetDevTapDelete(net->ifname));
+#endif
}
/* release the physical device (or any other resources used by
* this interface in the network driver
diff --git a/src/util/virnetdevtap.h b/src/util/virnetdevtap.h
index a762b31..1e5bd19 100644
--- a/src/util/virnetdevtap.h
+++ b/src/util/virnetdevtap.h
@@ -27,6 +27,12 @@
# include "virnetdevvportprofile.h"
# include "virnetdevvlan.h"
+# ifdef __FreeBSD__
+/* This should be defined on OSes that don't automatically
+ * cleanup released devices */
+# define VIR_NETDEV_TAP_REQUIRE_MANUAL_CLEANUP 1
+# endif
+
int virNetDevTapCreate(char **ifname,
int *tapfd,
int tapfdSize,
--
1.8.4.3
10 years, 9 months
[libvirt] [PATCH] datatypes: Fix comments
by Michael Chapman
- As of commit 2ff4c137, all virGet*() functions in datatypes.c always
return pointers to new objects. Objects are not cached in a
per-connection hashtable.
- Fix variable names in comments for all vir*Dispose() functions in
datatypes.c.
- Add comments for virGetStream(), virStreamDispose(),
virGetDomainSnapshot(), virDomainSnapshotDispose().
Signed-off-by: Michael Chapman <mike(a)very.puzzling.org>
---
src/datatypes.c | 126 +++++++++++++++++++++++++++++++++-----------------------
1 file changed, 74 insertions(+), 52 deletions(-)
diff --git a/src/datatypes.c b/src/datatypes.c
index 20752cd..6f98aed 100644
--- a/src/datatypes.c
+++ b/src/datatypes.c
@@ -96,9 +96,9 @@ VIR_ONCE_GLOBAL_INIT(virDataTypes)
/**
* virGetConnect:
*
- * Allocates a new hypervisor connection structure
+ * Allocates a new hypervisor connection object.
*
- * Returns a new pointer or NULL in case of error.
+ * Returns a pointer to the connection object, or NULL on error.
*/
virConnectPtr
virGetConnect(void)
@@ -126,7 +126,7 @@ error:
/**
* virConnectDispose:
- * @conn: the hypervisor connection to release
+ * @obj: the hypervisor connection to release
*
* Unconditionally release all memory associated with a connection.
* The connection object must not be used once this method returns.
@@ -196,12 +196,10 @@ virConnectCloseCallbackDataDispose(void *obj)
* @name: pointer to the domain name
* @uuid: pointer to the uuid
*
- * Lookup if the domain is already registered for that connection,
- * if yes return a new pointer to it, if no allocate a new structure,
- * and register it in the table. In any case a corresponding call to
- * virObjectUnref() is needed to not leak data.
+ * Allocates a new domain object. When the object is no longer needed,
+ * virObjectUnref() must be called in order to not leak data.
*
- * Returns a pointer to the domain, or NULL in case of failure
+ * Returns a pointer to the domain object, or NULL on error.
*/
virDomainPtr
virGetDomain(virConnectPtr conn, const char *name, const unsigned char *uuid)
@@ -234,7 +232,7 @@ error:
/**
* virDomainDispose:
- * @domain: the domain to release
+ * @obj: the domain to release
*
* Unconditionally release all memory associated with a domain.
* The domain object must not be used once this method returns.
@@ -262,12 +260,10 @@ virDomainDispose(void *obj)
* @name: pointer to the network name
* @uuid: pointer to the uuid
*
- * Lookup if the network is already registered for that connection,
- * if yes return a new pointer to it, if no allocate a new structure,
- * and register it in the table. In any case a corresponding call to
- * virObjectUnref() is needed to not leak data.
+ * Allocates a new network object. When the object is no longer needed,
+ * virObjectUnref() must be called in order to not leak data.
*
- * Returns a pointer to the network, or NULL in case of failure
+ * Returns a pointer to the network object, or NULL on error.
*/
virNetworkPtr
virGetNetwork(virConnectPtr conn, const char *name, const unsigned char *uuid)
@@ -299,7 +295,7 @@ error:
/**
* virNetworkDispose:
- * @network: the network to release
+ * @obj: the network to release
*
* Unconditionally release all memory associated with a network.
* The network object must not be used once this method returns.
@@ -327,13 +323,10 @@ virNetworkDispose(void *obj)
* @name: pointer to the interface name
* @mac: pointer to the mac
*
- * Lookup if the interface is already registered for that connection,
- * if yes return a new pointer to it (possibly updating the MAC
- * address), if no allocate a new structure, and register it in the
- * table. In any case a corresponding call to virObjectUnref() is
- * needed to not leak data.
+ * Allocates a new interface object. When the object is no longer needed,
+ * virObjectUnref() must be called in order to not leak data.
*
- * Returns a pointer to the interface, or NULL in case of failure
+ * Returns a pointer to the interface object, or NULL on error.
*/
virInterfacePtr
virGetInterface(virConnectPtr conn, const char *name, const char *mac)
@@ -368,7 +361,7 @@ error:
/**
* virInterfaceDispose:
- * @interface: the interface to release
+ * @obj: the interface to release
*
* Unconditionally release all memory associated with an interface.
* The interface object must not be used once this method returns.
@@ -396,12 +389,10 @@ virInterfaceDispose(void *obj)
* @privateData: pointer to driver specific private data
* @freeFunc: private data cleanup function pointer specfic to driver
*
- * Lookup if the storage pool is already registered for that connection,
- * if yes return a new pointer to it, if no allocate a new structure,
- * and register it in the table. In any case a corresponding call to
- * virObjectUnref() is needed to not leak data.
+ * Allocates a new storage pool object. When the object is no longer needed,
+ * virObjectUnref() must be called in order to not leak data.
*
- * Returns a pointer to the storage pool, or NULL in case of failure
+ * Returns a pointer to the storage pool object, or NULL on error.
*/
virStoragePoolPtr
virGetStoragePool(virConnectPtr conn, const char *name,
@@ -440,7 +431,7 @@ error:
/**
* virStoragePoolDispose:
- * @pool: the pool to release
+ * @obj: the storage pool to release
*
* Unconditionally release all memory associated with a pool.
* The pool object must not be used once this method returns.
@@ -475,12 +466,10 @@ virStoragePoolDispose(void *obj)
* @privateData: pointer to driver specific private data
* @freeFunc: private data cleanup function pointer specfic to driver
*
- * Lookup if the storage vol is already registered for that connection,
- * if yes return a new pointer to it, if no allocate a new structure,
- * and register it in the table. In any case a corresponding call to
- * virObjectUnref() is needed to not leak data.
+ * Allocates a new storage volume object. When the object is no longer needed,
+ * virObjectUnref() must be called in order to not leak data.
*
- * Returns a pointer to the storage vol, or NULL in case of failure
+ * Returns a pointer to the storage volume object, or NULL on error.
*/
virStorageVolPtr
virGetStorageVol(virConnectPtr conn, const char *pool, const char *name,
@@ -520,7 +509,7 @@ error:
/**
* virStorageVolDispose:
- * @vol: the vol to release
+ * @obj: the storage volume to release
*
* Unconditionally release all memory associated with a volume.
* The volume object must not be used once this method returns.
@@ -550,12 +539,10 @@ virStorageVolDispose(void *obj)
* @conn: the hypervisor connection
* @name: device name (unique on node)
*
- * Lookup if the device is already registered for that connection,
- * if yes return a new pointer to it, if no allocate a new structure,
- * and register it in the table. In any case a corresponding call to
- * virObjectUnref() is needed to not leak data.
+ * Allocates a new node device object. When the object is no longer needed,
+ * virObjectUnref() must be called in order to not leak data.
*
- * Returns a pointer to the node device, or NULL in case of failure
+ * Returns a pointer to the node device object, or NULL on error.
*/
virNodeDevicePtr
virGetNodeDevice(virConnectPtr conn, const char *name)
@@ -585,7 +572,7 @@ error:
/**
* virNodeDeviceDispose:
- * @dev: the dev to release
+ * @obj: the node device to release
*
* Unconditionally release all memory associated with a device.
* The device object must not be used once this method returns.
@@ -611,12 +598,10 @@ virNodeDeviceDispose(void *obj)
* @conn: the hypervisor connection
* @uuid: secret UUID
*
- * Lookup if the secret is already registered for that connection, if so return
- * a pointer to it, otherwise allocate a new structure, and register it in the
- * table. In any case a corresponding call to virObjectUnref() is needed to not
- * leak data.
+ * Allocates a new secret object. When the object is no longer needed,
+ * virObjectUnref() must be called in order to not leak data.
*
- * Returns a pointer to the secret, or NULL in case of failure
+ * Returns a pointer to the secret object, or NULL on error.
*/
virSecretPtr
virGetSecret(virConnectPtr conn, const unsigned char *uuid,
@@ -650,7 +635,7 @@ error:
/**
* virSecretDispose:
- * @secret: the secret to release
+ * @obj: the secret to release
*
* Unconditionally release all memory associated with a secret.
* The secret object must not be used once this method returns.
@@ -672,6 +657,15 @@ virSecretDispose(void *obj)
}
+/**
+ * virGetStream:
+ * @conn: the hypervisor connection
+ *
+ * Allocates a new stream object. When the object is no longer needed,
+ * virObjectUnref() must be called in order to not leak data.
+ *
+ * Returns a pointer to the stream object, or NULL on error.
+ */
virStreamPtr
virGetStream(virConnectPtr conn)
{
@@ -688,6 +682,16 @@ virGetStream(virConnectPtr conn)
return ret;
}
+/**
+ * virStreamDispose:
+ * @obj: the stream to release
+ *
+ * Unconditionally release all memory associated with a stream.
+ * The stream object must not be used once this method returns.
+ *
+ * It will also unreference the associated connection object,
+ * which may also be released if its ref count hits zero.
+ */
static void
virStreamDispose(void *obj)
{
@@ -704,12 +708,10 @@ virStreamDispose(void *obj)
* @name: pointer to the network filter pool name
* @uuid: pointer to the uuid
*
- * Lookup if the network filter is already registered for that connection,
- * if yes return a new pointer to it, if no allocate a new structure,
- * and register it in the table. In any case a corresponding call to
- * virObjectUnref() is needed to not leak data.
+ * Allocates a new network filter object. When the object is no longer needed,
+ * virObjectUnref() must be called in order to not leak data.
*
- * Returns a pointer to the network, or NULL in case of failure
+ * Returns a pointer to the network filter object, or NULL on error.
*/
virNWFilterPtr
virGetNWFilter(virConnectPtr conn, const char *name,
@@ -744,7 +746,7 @@ error:
/**
* virNWFilterDispose:
- * @nwfilter: the nwfilter to release
+ * @obj: the network filter to release
*
* Unconditionally release all memory associated with a nwfilter.
* The nwfilter object must not be used once this method returns.
@@ -766,6 +768,16 @@ virNWFilterDispose(void *obj)
}
+/**
+ * virGetDomainSnapshot:
+ * @domain: the domain to snapshot
+ * @name: pointer to the domain snapshot name
+ *
+ * Allocates a new domain snapshot object. When the object is no longer needed,
+ * virObjectUnref() must be called in order to not leak data.
+ *
+ * Returns a pointer to the domain snapshot object, or NULL on error.
+ */
virDomainSnapshotPtr
virGetDomainSnapshot(virDomainPtr domain, const char *name)
{
@@ -792,6 +804,16 @@ error:
}
+/**
+ * virDomainSnapshotDispose:
+ * @obj: the domain snapshot to release
+ *
+ * Unconditionally release all memory associated with a snapshot.
+ * The snapshot object must not be used once this method returns.
+ *
+ * It will also unreference the associated connection object,
+ * which may also be released if its ref count hits zero.
+ */
static void
virDomainSnapshotDispose(void *obj)
{
--
1.8.5.3
10 years, 9 months
[libvirt] [PATCH] datatypes: Fix comments
by Michael Chapman
- As of commit 2ff4c137, all virGet*() functions in datatypes.c always
return pointers to new objects. Objects are not cached in a
per-connection hashtable.
- As of commit 46ec5f85, the conn.lock mutex does not need to be held
when calling any vir*Dispose() function in datatypes.c (via
virObjectUnref()).
- Add comments for virGetStream(), virStreamDispose(),
virGetDomainSnapshot(), virDomainSnapshotDispose().
Signed-off-by: Michael Chapman <mike(a)very.puzzling.org>
---
src/datatypes.c | 174 ++++++++++++++++++++++++++++++++------------------------
1 file changed, 99 insertions(+), 75 deletions(-)
diff --git a/src/datatypes.c b/src/datatypes.c
index 73f17e7..aafa54b 100644
--- a/src/datatypes.c
+++ b/src/datatypes.c
@@ -96,9 +96,8 @@ VIR_ONCE_GLOBAL_INIT(virDataTypes)
/**
* virGetConnect:
*
- * Allocates a new hypervisor connection structure
- *
- * Returns a new pointer or NULL in case of error.
+ * Allocates and returns a pointer to a new hypervisor connection object.
+ * Returns NULL on error.
*/
virConnectPtr
virGetConnect(void)
@@ -129,9 +128,7 @@ error:
* @conn: the hypervisor connection to release
*
* Unconditionally release all memory associated with a connection.
- * The conn.lock mutex must be held prior to calling this, and will
- * be released prior to this returning. The connection obj must not
- * be used once this method returns.
+ * The connection object must not be used once this method returns.
*/
static void
virConnectDispose(void *obj)
@@ -198,12 +195,12 @@ virConnectCloseCallbackDataDispose(void *obj)
* @name: pointer to the domain name
* @uuid: pointer to the uuid
*
- * Lookup if the domain is already registered for that connection,
- * if yes return a new pointer to it, if no allocate a new structure,
- * and register it in the table. In any case a corresponding call to
- * virObjectUnref() is needed to not leak data.
+ * Allocates and returns a pointer to a new domain object.
+ * Returns NULL on error.
*
- * Returns a pointer to the domain, or NULL in case of failure
+ * The domain object holds a reference to the hypervisor connection.
+ * When the domain object is no longer needed, virObjectUnref() must be
+ * called in order to not leak data.
*/
virDomainPtr
virGetDomain(virConnectPtr conn, const char *name, const unsigned char *uuid)
@@ -239,9 +236,7 @@ error:
* @domain: the domain to release
*
* Unconditionally release all memory associated with a domain.
- * The conn.lock mutex must be held prior to calling this, and will
- * be released prior to this returning. The domain obj must not
- * be used once this method returns.
+ * The domain object must not be used once this method returns.
*
* It will also unreference the associated connection object,
* which may also be released if its ref count hits zero.
@@ -266,12 +261,12 @@ virDomainDispose(void *obj)
* @name: pointer to the network name
* @uuid: pointer to the uuid
*
- * Lookup if the network is already registered for that connection,
- * if yes return a new pointer to it, if no allocate a new structure,
- * and register it in the table. In any case a corresponding call to
- * virObjectUnref() is needed to not leak data.
+ * Allocates and returns a pointer to a new network object.
+ * Returns NULL on error.
*
- * Returns a pointer to the network, or NULL in case of failure
+ * The network object holds a reference to the hypervisor connection.
+ * When the network object is no longer needed, virObjectUnref() must be
+ * called in order to not leak data.
*/
virNetworkPtr
virGetNetwork(virConnectPtr conn, const char *name, const unsigned char *uuid)
@@ -306,9 +301,7 @@ error:
* @network: the network to release
*
* Unconditionally release all memory associated with a network.
- * The conn.lock mutex must be held prior to calling this, and will
- * be released prior to this returning. The network obj must not
- * be used once this method returns.
+ * The network object must not be used once this method returns.
*
* It will also unreference the associated connection object,
* which may also be released if its ref count hits zero.
@@ -333,13 +326,12 @@ virNetworkDispose(void *obj)
* @name: pointer to the interface name
* @mac: pointer to the mac
*
- * Lookup if the interface is already registered for that connection,
- * if yes return a new pointer to it (possibly updating the MAC
- * address), if no allocate a new structure, and register it in the
- * table. In any case a corresponding call to virObjectUnref() is
- * needed to not leak data.
+ * Allocates and returns a pointer to a new interface object.
+ * Returns NULL on error.
*
- * Returns a pointer to the interface, or NULL in case of failure
+ * The interface object holds a reference to the hypervisor connection.
+ * When the interface object is no longer needed, virObjectUnref() must be
+ * called in order to not leak data.
*/
virInterfacePtr
virGetInterface(virConnectPtr conn, const char *name, const char *mac)
@@ -377,9 +369,7 @@ error:
* @interface: the interface to release
*
* Unconditionally release all memory associated with an interface.
- * The conn.lock mutex must be held prior to calling this, and will
- * be released prior to this returning. The interface obj must not
- * be used once this method returns.
+ * The interface object must not be used once this method returns.
*
* It will also unreference the associated connection object,
* which may also be released if its ref count hits zero.
@@ -404,12 +394,12 @@ virInterfaceDispose(void *obj)
* @privateData: pointer to driver specific private data
* @freeFunc: private data cleanup function pointer specfic to driver
*
- * Lookup if the storage pool is already registered for that connection,
- * if yes return a new pointer to it, if no allocate a new structure,
- * and register it in the table. In any case a corresponding call to
- * virObjectUnref() is needed to not leak data.
+ * Allocates and returns a pointer to a new storage pool object.
+ * Returns NULL on error.
*
- * Returns a pointer to the storage pool, or NULL in case of failure
+ * The pool object holds a reference to the hypervisor connection.
+ * When the pool object is no longer needed, virObjectUnref() must be
+ * called in order to not leak data.
*/
virStoragePoolPtr
virGetStoragePool(virConnectPtr conn, const char *name,
@@ -451,9 +441,7 @@ error:
* @pool: the pool to release
*
* Unconditionally release all memory associated with a pool.
- * The conn.lock mutex must be held prior to calling this, and will
- * be released prior to this returning. The pool obj must not
- * be used once this method returns.
+ * The pool object must not be used once this method returns.
*
* It will also unreference the associated connection object,
* which may also be released if its ref count hits zero.
@@ -485,12 +473,12 @@ virStoragePoolDispose(void *obj)
* @privateData: pointer to driver specific private data
* @freeFunc: private data cleanup function pointer specfic to driver
*
- * Lookup if the storage vol is already registered for that connection,
- * if yes return a new pointer to it, if no allocate a new structure,
- * and register it in the table. In any case a corresponding call to
- * virObjectUnref() is needed to not leak data.
+ * Allocates and returns a pointer to a new storage volume object.
+ * Returns NULL on error.
*
- * Returns a pointer to the storage vol, or NULL in case of failure
+ * The volume object holds a reference to the hypervisor connection.
+ * When the volume object is no longer needed, virObjectUnref() must be
+ * called in order to not leak data.
*/
virStorageVolPtr
virGetStorageVol(virConnectPtr conn, const char *pool, const char *name,
@@ -532,10 +520,8 @@ error:
* virStorageVolDispose:
* @vol: the vol to release
*
- * Unconditionally release all memory associated with a vol.
- * The conn.lock mutex must be held prior to calling this, and will
- * be released prior to this returning. The vol obj must not
- * be used once this method returns.
+ * Unconditionally release all memory associated with a volume.
+ * The volume object must not be used once this method returns.
*
* It will also unreference the associated connection object,
* which may also be released if its ref count hits zero.
@@ -562,12 +548,12 @@ virStorageVolDispose(void *obj)
* @conn: the hypervisor connection
* @name: device name (unique on node)
*
- * Lookup if the device is already registered for that connection,
- * if yes return a new pointer to it, if no allocate a new structure,
- * and register it in the table. In any case a corresponding call to
- * virObjectUnref() is needed to not leak data.
+ * Allocates and returns a pointer to a new node device object.
+ * Returns NULL on error.
*
- * Returns a pointer to the node device, or NULL in case of failure
+ * The device object holds a reference to the hypervisor connection.
+ * When the device object is no longer needed, virObjectUnref() must be
+ * called in order to not leak data.
*/
virNodeDevicePtr
virGetNodeDevice(virConnectPtr conn, const char *name)
@@ -599,10 +585,8 @@ error:
* virNodeDeviceDispose:
* @dev: the dev to release
*
- * Unconditionally release all memory associated with a dev.
- * The conn.lock mutex must be held prior to calling this, and will
- * be released prior to this returning. The dev obj must not
- * be used once this method returns.
+ * Unconditionally release all memory associated with a device.
+ * The device object must not be used once this method returns.
*
* It will also unreference the associated connection object,
* which may also be released if its ref count hits zero.
@@ -625,12 +609,12 @@ virNodeDeviceDispose(void *obj)
* @conn: the hypervisor connection
* @uuid: secret UUID
*
- * Lookup if the secret is already registered for that connection, if so return
- * a pointer to it, otherwise allocate a new structure, and register it in the
- * table. In any case a corresponding call to virObjectUnref() is needed to not
- * leak data.
+ * Allocates and returns a pointer to a new secret object.
+ * Returns NULL on error.
*
- * Returns a pointer to the secret, or NULL in case of failure
+ * The secret object holds a reference to the hypervisor connection.
+ * When the secret object is no longer needed, virObjectUnref() must be
+ * called in order to not leak data.
*/
virSecretPtr
virGetSecret(virConnectPtr conn, const unsigned char *uuid,
@@ -666,12 +650,11 @@ error:
* virSecretDispose:
* @secret: the secret to release
*
- * Unconditionally release all memory associated with a secret. The conn.lock
- * mutex must be held prior to calling this, and will be released prior to this
- * returning. The secret obj must not be used once this method returns.
+ * Unconditionally release all memory associated with a secret.
+ * The secret object must not be used once this method returns.
*
- * It will also unreference the associated connection object, which may also be
- * released if its ref count hits zero.
+ * It will also unreference the associated connection object,
+ * which may also be released if its ref count hits zero.
*/
static void
virSecretDispose(void *obj)
@@ -687,6 +670,17 @@ virSecretDispose(void *obj)
}
+/**
+ * virGetStream:
+ * @conn: the hypervisor connection
+ *
+ * Allocates and returns a pointer to a new stream object.
+ * Returns NULL on error.
+ *
+ * The secret object holds a reference to the hypervisor connection.
+ * When the secret object is no longer needed, virObjectUnref() must be
+ * called in order to not leak data.
+ */
virStreamPtr
virGetStream(virConnectPtr conn)
{
@@ -703,6 +697,16 @@ virGetStream(virConnectPtr conn)
return ret;
}
+/**
+ * virStreamDispose:
+ * @stream: the stream to release
+ *
+ * Unconditionally release all memory associated with a stream.
+ * The stream object must not be used once this method returns.
+ *
+ * It will also unreference the associated connection object,
+ * which may also be released if its ref count hits zero.
+ */
static void
virStreamDispose(void *obj)
{
@@ -719,12 +723,12 @@ virStreamDispose(void *obj)
* @name: pointer to the network filter pool name
* @uuid: pointer to the uuid
*
- * Lookup if the network filter is already registered for that connection,
- * if yes return a new pointer to it, if no allocate a new structure,
- * and register it in the table. In any case a corresponding call to
- * virObjectUnref() is needed to not leak data.
+ * Allocates and returns a pointer to a new nwfilter object.
+ * Returns NULL on error.
*
- * Returns a pointer to the network, or NULL in case of failure
+ * The nwfilter object holds a reference to the hypervisor connection.
+ * When the nwfilter object is no longer needed, virObjectUnref() must be
+ * called in order to not leak data.
*/
virNWFilterPtr
virGetNWFilter(virConnectPtr conn, const char *name,
@@ -762,9 +766,7 @@ error:
* @nwfilter: the nwfilter to release
*
* Unconditionally release all memory associated with a nwfilter.
- * The conn.lock mutex must be held prior to calling this, and will
- * be released prior to this returning. The nwfilter obj must not
- * be used once this method returns.
+ * The nwfilter object must not be used once this method returns.
*
* It will also unreference the associated connection object,
* which may also be released if its ref count hits zero.
@@ -783,6 +785,18 @@ virNWFilterDispose(void *obj)
}
+/**
+ * virGetDomainSnapshot:
+ * @conn: the hypervisor connection
+ * @name: pointer to the domain snapshot name
+ *
+ * Allocates and returns a pointer to a new domain snapshot object.
+ * Returns NULL on error.
+ *
+ * The snapshot object holds a reference to the hypervisor connection.
+ * When the snapshot object is no longer needed, virObjectUnref() must be
+ * called in order to not leak data.
+ */
virDomainSnapshotPtr
virGetDomainSnapshot(virDomainPtr domain, const char *name)
{
@@ -809,6 +823,16 @@ error:
}
+/**
+ * virDomainSnapshotDispose:
+ * @snapshot: the snapshot to release
+ *
+ * Unconditionally release all memory associated with a snapshot.
+ * The snapshot object must not be used once this method returns.
+ *
+ * It will also unreference the associated connection object,
+ * which may also be released if its ref count hits zero.
+ */
static void
virDomainSnapshotDispose(void *obj)
{
--
1.8.5.3
10 years, 9 months
[libvirt] [PATCH] nwfilter: Deactivate iptables MAC address check where needed
by Stefan Berger
From: Stefan Berger <stefanb(a)linux.vnet.ibm.com>
Recent Linux iptables (3.11.7) refuses to create iptables MAC address
check rules using -m mac --mac-source <addr> where previous versions
still allowed it. So we now need to deactivate the filtering rules for
when the incoming traffic is filtered before it is sent into the VM.
Those are typically the chains that start with FO-* or start with FP-*
when they are being built.
Adapt the documentation to reflect the fact that srcmacaddr, when
used in iptables rules, should be regarded as deprecated due to the
above mentioned problems.
Signed-off-by: Stefan Berger <stefanb(a)linux.vnet.ibm.com>
---
docs/formatnwfilter.html.in | 42 +++++--------------------------
src/nwfilter/nwfilter_ebiptables_driver.c | 29 +++++++++++++--------
2 files changed, 24 insertions(+), 47 deletions(-)
diff --git a/docs/formatnwfilter.html.in b/docs/formatnwfilter.html.in
index 4b95fce..ee23d8e 100644
--- a/docs/formatnwfilter.html.in
+++ b/docs/formatnwfilter.html.in
@@ -1209,7 +1209,7 @@
<tr>
<td>srcmacaddr</td>
<td>MAC_ADDR</td>
- <td>MAC address of sender</td>
+ <td>MAC address of sender; this option is deprecated</td>
</tr>
<tr>
<td>srcipaddr</td>
@@ -1320,22 +1320,7 @@
<tr>
<td>srcmacaddr</td>
<td>MAC_ADDR</td>
- <td>MAC address of sender</td>
- </tr>
- <tr>
- <td>srcmacmask</td>
- <td>MAC_MASK</td>
- <td>Mask applied to MAC address of sender</td>
- </tr>
- <tr>
- <td>dstmacaddr</td>
- <td>MAC_ADDR</td>
- <td>MAC address of destination</td>
- </tr>
- <tr>
- <td>dstmacmask</td>
- <td>MAC_MASK</td>
- <td>Mask applied to MAC address of destination</td>
+ <td>MAC address of sender; this option is deprecated</td>
</tr>
<tr>
<td>srcipaddr</td>
@@ -1429,22 +1414,7 @@
<tr>
<td>srcmacaddr</td>
<td>MAC_ADDR</td>
- <td>MAC address of sender</td>
- </tr>
- <tr>
- <td>srcmacmask</td>
- <td>MAC_MASK</td>
- <td>Mask applied to MAC address of sender</td>
- </tr>
- <tr>
- <td>dstmacaddr</td>
- <td>MAC_ADDR</td>
- <td>MAC address of destination</td>
- </tr>
- <tr>
- <td>dstmacmask</td>
- <td>MAC_MASK</td>
- <td>Mask applied to MAC address of destination</td>
+ <td>MAC address of sender; this option is deprecated</td>
</tr>
<tr>
<td>srcipaddr</td>
@@ -1529,7 +1499,7 @@
<tr>
<td>srcmacaddr</td>
<td>MAC_ADDR</td>
- <td>MAC address of sender</td>
+ <td>MAC address of sender; this option is deprecated</td>
</tr>
<tr>
<td>srcipaddr</td>
@@ -1640,7 +1610,7 @@
<tr>
<td>srcmacaddr</td>
<td>MAC_ADDR</td>
- <td>MAC address of sender</td>
+ <td>MAC address of sender; this option is deprecated</td>
</tr>
<tr>
<td>srcipaddr</td>
@@ -1735,7 +1705,7 @@
<tr>
<td>srcmacaddr</td>
<td>MAC_ADDR</td>
- <td>MAC address of sender</td>
+ <td>MAC address of sender; this option is deprecated</td>
</tr>
<tr>
<td>srcipaddr</td>
diff --git a/src/nwfilter/nwfilter_ebiptables_driver.c b/src/nwfilter/nwfilter_ebiptables_driver.c
index 9d6cc90..ebc3505 100644
--- a/src/nwfilter/nwfilter_ebiptables_driver.c
+++ b/src/nwfilter/nwfilter_ebiptables_driver.c
@@ -972,7 +972,7 @@ static int
iptablesHandleSrcMacAddr(virBufferPtr buf,
virNWFilterVarCombIterPtr vars,
nwItemDescPtr srcMacAddr,
- bool directionIn,
+ const char *chain, bool directionIn,
bool *srcmacskipped)
{
char macaddr[VIR_MAC_STRING_BUFLEN];
@@ -984,6 +984,14 @@ iptablesHandleSrcMacAddr(virBufferPtr buf,
return 0;
}
+ /* recent Linux iptables does not allow this filteirng rule to be
+ * applied to all FO-* chains
+ */
+ if (chain[1] == CHAINPREFIX_HOST_OUT_TEMP ) {
+ *srcmacskipped = true;
+ return 0;
+ }
+
if (printDataType(vars,
macaddr, sizeof(macaddr),
srcMacAddr) < 0)
@@ -1366,7 +1374,7 @@ _iptablesCreateRuleInstance(bool directionIn,
if (iptablesHandleSrcMacAddr(&buf,
vars,
&rule->p.tcpHdrFilter.dataSrcMACAddr,
- directionIn,
+ chain, directionIn,
&srcMacSkipped) < 0)
goto err_exit;
@@ -1421,7 +1429,7 @@ _iptablesCreateRuleInstance(bool directionIn,
if (iptablesHandleSrcMacAddr(&buf,
vars,
&rule->p.udpHdrFilter.dataSrcMACAddr,
- directionIn,
+ chain, directionIn,
&srcMacSkipped) < 0)
goto err_exit;
@@ -1454,7 +1462,7 @@ _iptablesCreateRuleInstance(bool directionIn,
if (iptablesHandleSrcMacAddr(&buf,
vars,
&rule->p.udpliteHdrFilter.dataSrcMACAddr,
- directionIn,
+ chain, directionIn,
&srcMacSkipped) < 0)
goto err_exit;
@@ -1482,7 +1490,7 @@ _iptablesCreateRuleInstance(bool directionIn,
if (iptablesHandleSrcMacAddr(&buf,
vars,
&rule->p.espHdrFilter.dataSrcMACAddr,
- directionIn,
+ chain, directionIn,
&srcMacSkipped) < 0)
goto err_exit;
@@ -1506,11 +1514,10 @@ _iptablesCreateRuleInstance(bool directionIn,
virBufferAddLit(&buf, " -p ah");
bufUsed = virBufferUse(&buf);
-
if (iptablesHandleSrcMacAddr(&buf,
vars,
&rule->p.ahHdrFilter.dataSrcMACAddr,
- directionIn,
+ chain, directionIn,
&srcMacSkipped) < 0)
goto err_exit;
@@ -1538,7 +1545,7 @@ _iptablesCreateRuleInstance(bool directionIn,
if (iptablesHandleSrcMacAddr(&buf,
vars,
&rule->p.sctpHdrFilter.dataSrcMACAddr,
- directionIn,
+ chain, directionIn,
&srcMacSkipped) < 0)
goto err_exit;
@@ -1574,7 +1581,7 @@ _iptablesCreateRuleInstance(bool directionIn,
if (iptablesHandleSrcMacAddr(&buf,
vars,
&rule->p.icmpHdrFilter.dataSrcMACAddr,
- directionIn,
+ chain, directionIn,
&srcMacSkipped) < 0)
goto err_exit;
@@ -1636,7 +1643,7 @@ _iptablesCreateRuleInstance(bool directionIn,
if (iptablesHandleSrcMacAddr(&buf,
vars,
&rule->p.igmpHdrFilter.dataSrcMACAddr,
- directionIn,
+ chain, directionIn,
&srcMacSkipped) < 0)
goto err_exit;
@@ -1664,7 +1671,7 @@ _iptablesCreateRuleInstance(bool directionIn,
if (iptablesHandleSrcMacAddr(&buf,
vars,
&rule->p.allHdrFilter.dataSrcMACAddr,
- directionIn,
+ chain, directionIn,
&srcMacSkipped) < 0)
goto err_exit;
--
1.8.1.4
10 years, 9 months
[libvirt] [PATCH 1/3] no_mac_source
by Stefan Berger
From: Stefan Berger <stefanb(a)linux.vnet.ibm.com>
Subject nwfilter: Deactivate iptables MAC address check where needed
Recent Linux iptables (3.11.7) refuses to create iptables MAC address
check rules using -m mac --mac-source <addr> where previous versions
still allowed it. So we now need to deactivate the filtering rules for
when the incoming traffic is filtered before it is sent into the VM.
Those are typically the chains that start with FO-* or start with FP-*
when they are being built.
Adapt the documentation to reflect the fact that srcmacaddr, when
used in iptables rules, should be regarded as deprecated due to the
above mentioned problems.
Signed-off-by: Stefan Berger <stefanb(a)linux.vnet.ibm.com>
---
docs/formatnwfilter.html.in | 42 +++++--------------------------
src/nwfilter/nwfilter_ebiptables_driver.c | 29 +++++++++++++--------
2 files changed, 24 insertions(+), 47 deletions(-)
diff --git a/docs/formatnwfilter.html.in b/docs/formatnwfilter.html.in
index 4b95fce..ee23d8e 100644
--- a/docs/formatnwfilter.html.in
+++ b/docs/formatnwfilter.html.in
@@ -1209,7 +1209,7 @@
<tr>
<td>srcmacaddr</td>
<td>MAC_ADDR</td>
- <td>MAC address of sender</td>
+ <td>MAC address of sender; this option is deprecated</td>
</tr>
<tr>
<td>srcipaddr</td>
@@ -1320,22 +1320,7 @@
<tr>
<td>srcmacaddr</td>
<td>MAC_ADDR</td>
- <td>MAC address of sender</td>
- </tr>
- <tr>
- <td>srcmacmask</td>
- <td>MAC_MASK</td>
- <td>Mask applied to MAC address of sender</td>
- </tr>
- <tr>
- <td>dstmacaddr</td>
- <td>MAC_ADDR</td>
- <td>MAC address of destination</td>
- </tr>
- <tr>
- <td>dstmacmask</td>
- <td>MAC_MASK</td>
- <td>Mask applied to MAC address of destination</td>
+ <td>MAC address of sender; this option is deprecated</td>
</tr>
<tr>
<td>srcipaddr</td>
@@ -1429,22 +1414,7 @@
<tr>
<td>srcmacaddr</td>
<td>MAC_ADDR</td>
- <td>MAC address of sender</td>
- </tr>
- <tr>
- <td>srcmacmask</td>
- <td>MAC_MASK</td>
- <td>Mask applied to MAC address of sender</td>
- </tr>
- <tr>
- <td>dstmacaddr</td>
- <td>MAC_ADDR</td>
- <td>MAC address of destination</td>
- </tr>
- <tr>
- <td>dstmacmask</td>
- <td>MAC_MASK</td>
- <td>Mask applied to MAC address of destination</td>
+ <td>MAC address of sender; this option is deprecated</td>
</tr>
<tr>
<td>srcipaddr</td>
@@ -1529,7 +1499,7 @@
<tr>
<td>srcmacaddr</td>
<td>MAC_ADDR</td>
- <td>MAC address of sender</td>
+ <td>MAC address of sender; this option is deprecated</td>
</tr>
<tr>
<td>srcipaddr</td>
@@ -1640,7 +1610,7 @@
<tr>
<td>srcmacaddr</td>
<td>MAC_ADDR</td>
- <td>MAC address of sender</td>
+ <td>MAC address of sender; this option is deprecated</td>
</tr>
<tr>
<td>srcipaddr</td>
@@ -1735,7 +1705,7 @@
<tr>
<td>srcmacaddr</td>
<td>MAC_ADDR</td>
- <td>MAC address of sender</td>
+ <td>MAC address of sender; this option is deprecated</td>
</tr>
<tr>
<td>srcipaddr</td>
diff --git a/src/nwfilter/nwfilter_ebiptables_driver.c b/src/nwfilter/nwfilter_ebiptables_driver.c
index 9d6cc90..ebc3505 100644
--- a/src/nwfilter/nwfilter_ebiptables_driver.c
+++ b/src/nwfilter/nwfilter_ebiptables_driver.c
@@ -972,7 +972,7 @@ static int
iptablesHandleSrcMacAddr(virBufferPtr buf,
virNWFilterVarCombIterPtr vars,
nwItemDescPtr srcMacAddr,
- bool directionIn,
+ const char *chain, bool directionIn,
bool *srcmacskipped)
{
char macaddr[VIR_MAC_STRING_BUFLEN];
@@ -984,6 +984,14 @@ iptablesHandleSrcMacAddr(virBufferPtr buf,
return 0;
}
+ /* recent Linux iptables does not allow this filteirng rule to be
+ * applied to all FO-* chains
+ */
+ if (chain[1] == CHAINPREFIX_HOST_OUT_TEMP ) {
+ *srcmacskipped = true;
+ return 0;
+ }
+
if (printDataType(vars,
macaddr, sizeof(macaddr),
srcMacAddr) < 0)
@@ -1366,7 +1374,7 @@ _iptablesCreateRuleInstance(bool directionIn,
if (iptablesHandleSrcMacAddr(&buf,
vars,
&rule->p.tcpHdrFilter.dataSrcMACAddr,
- directionIn,
+ chain, directionIn,
&srcMacSkipped) < 0)
goto err_exit;
@@ -1421,7 +1429,7 @@ _iptablesCreateRuleInstance(bool directionIn,
if (iptablesHandleSrcMacAddr(&buf,
vars,
&rule->p.udpHdrFilter.dataSrcMACAddr,
- directionIn,
+ chain, directionIn,
&srcMacSkipped) < 0)
goto err_exit;
@@ -1454,7 +1462,7 @@ _iptablesCreateRuleInstance(bool directionIn,
if (iptablesHandleSrcMacAddr(&buf,
vars,
&rule->p.udpliteHdrFilter.dataSrcMACAddr,
- directionIn,
+ chain, directionIn,
&srcMacSkipped) < 0)
goto err_exit;
@@ -1482,7 +1490,7 @@ _iptablesCreateRuleInstance(bool directionIn,
if (iptablesHandleSrcMacAddr(&buf,
vars,
&rule->p.espHdrFilter.dataSrcMACAddr,
- directionIn,
+ chain, directionIn,
&srcMacSkipped) < 0)
goto err_exit;
@@ -1506,11 +1514,10 @@ _iptablesCreateRuleInstance(bool directionIn,
virBufferAddLit(&buf, " -p ah");
bufUsed = virBufferUse(&buf);
-
if (iptablesHandleSrcMacAddr(&buf,
vars,
&rule->p.ahHdrFilter.dataSrcMACAddr,
- directionIn,
+ chain, directionIn,
&srcMacSkipped) < 0)
goto err_exit;
@@ -1538,7 +1545,7 @@ _iptablesCreateRuleInstance(bool directionIn,
if (iptablesHandleSrcMacAddr(&buf,
vars,
&rule->p.sctpHdrFilter.dataSrcMACAddr,
- directionIn,
+ chain, directionIn,
&srcMacSkipped) < 0)
goto err_exit;
@@ -1574,7 +1581,7 @@ _iptablesCreateRuleInstance(bool directionIn,
if (iptablesHandleSrcMacAddr(&buf,
vars,
&rule->p.icmpHdrFilter.dataSrcMACAddr,
- directionIn,
+ chain, directionIn,
&srcMacSkipped) < 0)
goto err_exit;
@@ -1636,7 +1643,7 @@ _iptablesCreateRuleInstance(bool directionIn,
if (iptablesHandleSrcMacAddr(&buf,
vars,
&rule->p.igmpHdrFilter.dataSrcMACAddr,
- directionIn,
+ chain, directionIn,
&srcMacSkipped) < 0)
goto err_exit;
@@ -1664,7 +1671,7 @@ _iptablesCreateRuleInstance(bool directionIn,
if (iptablesHandleSrcMacAddr(&buf,
vars,
&rule->p.allHdrFilter.dataSrcMACAddr,
- directionIn,
+ chain, directionIn,
&srcMacSkipped) < 0)
goto err_exit;
--
1.8.1.4
10 years, 9 months
[libvirt] Unable to start Nehalem VM on Nehalem host
by Ruben Kerkhof
Hi list,
I'm trying to debug a strange issue I have, and I'd appreciate some help.
I've upgraded libvirt to 1.2.2, on Scientific Linux, with qemu-kvm-0.12.1.2-2.415.el6_5.3
Here’s my analysis so far:
I figured out that libvirt uses HMP to get the list of models from qemu-kvm by running qemu-kvm -cpu ?model -nodefconfig. This returns the following:
x86 Opteron_G5 AMD Opteron 63xx class CPU
x86 Opteron_G4 AMD Opteron 62xx class CPU
x86 Opteron_G3 AMD Opteron 23xx (Gen 3 Class Opteron)
x86 Opteron_G2 AMD Opteron 22xx (Gen 2 Class Opteron)
x86 Opteron_G1 AMD Opteron 240 (Gen 1 Class Opteron)
x86 Haswell Intel Core Processor (Haswell)
x86 SandyBridge Intel Xeon E312xx (Sandy Bridge)
x86 Westmere Westmere E56xx/L56xx/X56xx (Nehalem-C)
x86 Nehalem Intel Core i7 9xx (Nehalem Class Core i7)
x86 Penryn Intel Core 2 Duo P9xxx (Penryn Class Core 2)
x86 Conroe Intel Celeron_4x0 (Conroe/Merom Class Core 2)
x86 cpu64-rhel5 QEMU Virtual CPU version (cpu64-rhel5)
x86 cpu64-rhel6 QEMU Virtual CPU version (cpu64-rhel6)
x86 n270 Intel(R) Atom(TM) CPU N270 @ 1.60GHz
x86 athlon QEMU Virtual CPU version 0.12.1
x86 pentium3
x86 pentium2
x86 pentium
x86 486
x86 coreduo Genuine Intel(R) CPU T2600 @ 2.16GHz
x86 qemu32 QEMU Virtual CPU version 0.12.1
x86 kvm64 Common KVM processor
x86 core2duo Intel(R) Core(TM)2 Duo CPU T7700 @ 2.40GHz
x86 phenom AMD Phenom(tm) 9550 Quad-Core Processor
x86 qemu64 QEMU Virtual CPU version 0.12.1
The comment describing the function parsing this list states that the output is expected to be as follows:
/* Format:
* <arch> <model>
* qemu-0.13 encloses some model names in []:
* <arch> [<model>]
*/
static int
virQEMUCapsParseX86Models(const char *output,
virQEMUCapsPtr qemuCaps)
{
but this function doesn’t strip the rest of the line, so the models array becomes:
Breakpoint 1, x86Decode (cpu=0x7fffd82a8460, data=0x7fffd8272d00, models=0x7fffd82b7440, nmodels=25, preferred=0x7fffd82a81f0 "Nehalem", flags=0) at cpu/cpu_x86.c:1487
1487 {
(gdb) p models
$1 = (const char **) 0x7fffd82b7440
(gdb) p *models
$2 = 0x7fffd82ba240 "Opteron_G5 AMD Opteron 63xx class CPU", ' ' <repeats 22 times>
(gdb) p *models@25
$3 = {0x7fffd82ba240 "Opteron_G5 AMD Opteron 63xx class CPU", ' ' <repeats 22 times>, 0x7fffd82c8c30 "Opteron_G4 AMD Opteron 62xx class CPU", ' ' <repeats 22 times>,
0x7fffd8169e00 "Opteron_G3 AMD Opteron 23xx (Gen 3 Class Opteron) ", 0x7fffd8169cb0 "Opteron_G2 AMD Opteron 22xx (Gen 2 Class Opteron) ",
0x7fffd8169b60 "Opteron_G1 AMD Opteron 240 (Gen 1 Class Opteron)", ' ' <repeats 11 times>, 0x7fffd8169a10 "Haswell Intel Core Processor (Haswell)", ' ' <repeats 18 times>,
0x7fffd81697e0 "SandyBridge Intel Xeon E312xx (Sandy Bridge)", ' ' <repeats 16 times>, 0x7fffd8169690 "Westmere Westmere E56xx/L56xx/X56xx (Nehalem-C) ",
0x7fffd8169460 "Nehalem Intel Core i7 9xx (Nehalem Class Core i7) ", 0x7fffd81693f0 "Penryn Intel Core 2 Duo P9xxx (Penryn Class Core 2) ", 0x7fffd8169310 "Conroe Intel Celeron_4x0 (Conroe/Merom Class Core 2) ",
0x7fffd8169230 "cpu64-rhel5 QEMU Virtual CPU version (cpu64-rhel5) ", 0x7fffd8169150 "cpu64-rhel6 QEMU Virtual CPU version (cpu64-rhel6) ", 0x7fffd82ba2b0 "n270 Intel(R) Atom(TM) CPU N270 @ 1.60GHz ",
0x7fffd81690e0 "athlon QEMU Virtual CPU version 0.12.1", ' ' <repeats 17 times>, 0x7fffd8169000 "pentium3", ' ' <repeats 50 times>, 0x7fffd8168f90 "pentium2", ' ' <repeats 50 times>, 0x7fffd8168eb0 "pentium", ' ' <repeats 50 times>,
0x7fffd82a8760 "486", ' ' <repeats 50 times>, 0x7fffd8168e40 "coreduo Genuine Intel(R) CPU", ' ' <repeats 11 times>, "T2600 @ 2.16GHz ", 0x7fffd8168d60 "qemu32 QEMU Virtual CPU version 0.12.1", ' ' <repeats 17 times>,
0x7fffd82bb150 "kvm64 Common KVM processor", ' ' <repeats 28 times>, 0x7fffd8168cf0 "core2duo Intel(R) Core(TM)2 Duo CPU T7700 @ 2.40GHz ", 0x7fffd8168c10 "phenom AMD Phenom(tm) 9550 Quad-Core Processor ",
0x7fffd8168b30 "qemu64 QEMU Virtual CPU version 0.12.1", ' ' <repeats 17 times>}
cpuModellsAllowed then does a strcmp between “Nehalem” and "Nehalem Intel Core i7 9xx (Nehalem Class Core i7)” which fails, and the vm fails to start with:
2014-03-10 14:56:16.917+0000: 8328: info : qemuDomainDefineXML:6231 : Creating domain '530df8bd-7b64-4553-b4f4-18922e1327bf'
2014-03-10 14:56:17.114+0000: 8329: warning : x86Decode:1515 : Preferred CPU model Nehalem not allowed by hypervisor; closest supported model will be used
2014-03-10 14:56:17.114+0000: 8329: error : x86Decode:1571 : internal error: Cannot find suitable CPU model for given data
Kind regards,
Ruben Kerkhof
10 years, 9 months