August 2016 - Devel - libvirt List Archives

[libvirt] [PATCH v2 0/3] Introduce support for rx_queue_size
by Michal Privoznik 01 Sep '16

01 Sep '16

v2 of: https://www.redhat.com/archives/libvir-list/2016-August/msg00960.html diff to v1: - rename attribute to rx_queue_size - added more documentation and test cases - Other small nits John found Michal Privoznik (3): conf: Add support for virtio-net.rx_queue_size qemu_capabilities: Introduce virtio-net-*.rx_queue_size qemu: Implement virtio-net rx_queue_size docs/formatdomain.html.in | 16 ++++++++- docs/schemas/domaincommon.rng | 5 +++ src/conf/domain_conf.c | 16 +++++++++ src/conf/domain_conf.h | 1 + src/qemu/qemu_capabilities.c | 3 ++ src/qemu/qemu_capabilities.h | 3 ++ src/qemu/qemu_command.c | 8 +++++ src/qemu/qemu_domain.c | 7 ++++ ...ml2argv-net-virtio-rxqueuesize-invalid-size.xml | 29 +++++++++++++++ .../qemuxml2argv-net-virtio-rxqueuesize.args | 25 +++++++++++++ .../qemuxml2argv-net-virtio-rxqueuesize.xml | 29 +++++++++++++++ tests/qemuxml2argvtest.c | 3 ++ .../qemuxml2xmlout-net-virtio-rxqueuesize.xml | 41 ++++++++++++++++++++++ tests/qemuxml2xmltest.c | 1 + 14 files changed, 186 insertions(+), 1 deletion(-) create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-net-virtio-rxqueuesize-invalid-size.xml create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-net-virtio-rxqueuesize.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-net-virtio-rxqueuesize.xml create mode 100644 tests/qemuxml2xmloutdata/qemuxml2xmlout-net-virtio-rxqueuesize.xml -- 2.8.4

2 5

[libvirt] [PATCH v2] libxl: add memory attach support
by Bob Liu 01 Sep '16

01 Sep '16

Support for VIR_DOMAIN_DEVICE_MEMORY on domainAttachDeviceFlags API in libxl driver, using libxl_set_memory_target in xen libxl. With "virsh attach-device" command we can then hotplug memory to a domain: <memory model='dimm'> <target> <size unit='MiB'>128</size> <node>0</node> </target> </memory> $ virsh attach-device domain_name this.xml --live Signed-off-by: Bob Liu <bob.liu(a)oracle.com> --- v2: * Unlock virDomainObj while attaching. * Fix memory leak of mem. --- src/libxl/libxl_domain.c | 1 + src/libxl/libxl_driver.c | 35 +++++++++++++++++++++++++++++++++++ 2 files changed, 36 insertions(+) diff --git a/src/libxl/libxl_domain.c b/src/libxl/libxl_domain.c index f529a2e..3924ba0 100644 --- a/src/libxl/libxl_domain.c +++ b/src/libxl/libxl_domain.c @@ -414,6 +414,7 @@ virDomainDefParserConfig libxlDomainDefParserConfig = { .macPrefix = { 0x00, 0x16, 0x3e }, .devicesPostParseCallback = libxlDomainDeviceDefPostParse, .domainPostParseCallback = libxlDomainDefPostParse, + .features = VIR_DOMAIN_DEF_FEATURE_MEMORY_HOTPLUG }; diff --git a/src/libxl/libxl_driver.c b/src/libxl/libxl_driver.c index a34eb02..b23c1d4 100644 --- a/src/libxl/libxl_driver.c +++ b/src/libxl/libxl_driver.c @@ -3085,6 +3085,34 @@ libxlDomainAttachHostUSBDevice(libxlDriverPrivatePtr driver, #endif static int +libxlDomainAttachMemory(libxlDriverPrivatePtr driver, + virDomainObjPtr vm, + virDomainMemoryDefPtr mem) +{ + int res = -1; + libxlDriverConfigPtr cfg = libxlDriverConfigGet(driver); + + if (mem->targetNode != 0) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("Non-zero target node is not supported.")); + goto out; + } + + /* Unlock virDomainObj while attaching memory */ + virObjectUnlock(vm); + res = libxl_set_memory_target(cfg->ctx, vm->def->id, mem->size, 1, 1); + virObjectLock(vm); + if (res < 0) + virReportError(VIR_ERR_INTERNAL_ERROR, + _("Failed to attach %lluKB memory for domain %d"), + mem->size, vm->def->id); + + out: + virDomainMemoryDefFree(mem); + return res; +} + +static int libxlDomainAttachHostDevice(libxlDriverPrivatePtr driver, virDomainObjPtr vm, virDomainHostdevDefPtr hostdev) @@ -3284,6 +3312,13 @@ libxlDomainAttachDeviceLive(libxlDriverPrivatePtr driver, dev->data.hostdev = NULL; break; + case VIR_DOMAIN_DEVICE_MEMORY: + /* Note that libxlDomainAttachMemory always consumes + * dev->data.memory. */ + ret = libxlDomainAttachMemory(driver, vm, dev->data.memory); + dev->data.memory = NULL; + break; + default: virReportError(VIR_ERR_CONFIG_UNSUPPORTED, _("device type '%s' cannot be attached"), -- 2.6.5

2 1

[libvirt] [PATCH 0/3] Introduce support for rx_queue_size
by Michal Privoznik 31 Aug '16

31 Aug '16

This series is implementing support for something, that is not merged yet to qemu. Therefore I won't push it until qemu side patch (which is in queue as qemu is preparing for 2.7 release) is in [1]. However, review is welcome! 1: http://lists.nongnu.org/archive/html/qemu-devel/2016-08/msg02029.html Michal Privoznik (3): conf: Add support for virtio-net.rx_queue_size qemu_capabilities: Introduce virtio-net-*.rx_queue_size qemu: Implement virtio-net rx_queue_size docs/formatdomain.html.in | 7 +++++- docs/schemas/domaincommon.rng | 5 ++++ src/conf/domain_conf.c | 16 ++++++++++++ src/conf/domain_conf.h | 1 + src/qemu/qemu_capabilities.c | 2 ++ src/qemu/qemu_capabilities.h | 1 + src/qemu/qemu_command.c | 8 ++++++ src/qemu/qemu_domain.c | 7 ++++++ .../qemuxml2argv-net-virtio-rxqueuesize.args | 25 +++++++++++++++++++ .../qemuxml2argv-net-virtio-rxqueuesize.xml | 29 ++++++++++++++++++++++ tests/qemuxml2argvtest.c | 2 ++ 11 files changed, 102 insertions(+), 1 deletion(-) create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-net-virtio-rxqueuesize.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-net-virtio-rxqueuesize.xml -- 2.8.4

2 9

[libvirt] [PATCH] Check for --live flag for postcopy-after-precopy migration
by Kothapally Madhu Pavan 31 Aug '16

31 Aug '16

Unlike postcopy migration there is no --live flag check for postcopy-after-precopy. Signed-off-by: Kothapally Madhu Pavan <kmp(a)linux.vnet.ibm.com> --- tools/virsh-domain.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tools/virsh-domain.c b/tools/virsh-domain.c index de2a22c..798a1ff 100644 --- a/tools/virsh-domain.c +++ b/tools/virsh-domain.c @@ -10317,6 +10317,12 @@ cmdMigrate(vshControl *ctl, const vshCmd *cmd) } if (vshCommandOptBool(cmd, "postcopy-after-precopy")) { + if (!live_flag) { + virReportError(VIR_ERR_ARGUMENT_UNSUPPORTED, "%s", + _("post-copy migration is not supported with " + "non-live or paused migration")); + goto cleanup; + } iterEvent = virConnectDomainEventRegisterAny( priv->conn, dom, VIR_DOMAIN_EVENT_ID_MIGRATION_ITERATION,

4 4

[libvirt] [PATCH] tools: Don't list virsh-* under EXTRA_DIST
by Michal Privoznik 31 Aug '16

31 Aug '16

When we wanted to break huge and unmaintainable virsh into smaller files first thing we did was to just move funcs into virsh-.c files and then #include them from virsh. Having it done this way we also needed to have them listed under EXTRA_DIST. However, things got changed since then and now all the virsh-*.c files are proper source files. Therefore they are listed under virsh_SOURCES too. But for some reason we forgot to remove them from EXTRA_DIST. Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com> --- tools/Makefile.am | 7 ------- 1 file changed, 7 deletions(-) diff --git a/tools/Makefile.am b/tools/Makefile.am index a01c58d..e7e42c3 100644 --- a/tools/Makefile.am +++ b/tools/Makefile.am @@ -64,13 +64,6 @@ EXTRA_DIST = \ libvirt-guests.sysconf \ virt-login-shell.conf \ virsh-edit.c \ - virsh-domain.c \ - virsh-domain-monitor.c \ - virsh-host.c virsh-interface.c \ - virsh-network.c virsh-nodedev.c \ - virsh-nwfilter.c virsh-pool.c \ - virsh-secret.c virsh-snapshot.c \ - virsh-volume.c \ $(PODFILES) \ $(MANINFILES) \ $(NULL) -- 2.8.4

2 1

[libvirt] [PATCH v2] qemu: neglect cur_balloon in supplied xml
by Nikolay Shirokovskiy 31 Aug '16

31 Aug '16

cur_balloon value can change in between preparing external config and using it in operations like save and migrate. As a resutl operation will fail for ABI inconsistency. cur_balloon changes can not be predicted generally and thus operations will fail from time to time. Skip checking cur_balloon if domain lock can not be hold between preparing external config outside of libvirt and checking it against active config. Instead update cur_balloon value in external config from active config. This way it is protected from forges and is keeped up to date too. Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy(a)virtuozzo.com> --- src/conf/domain_conf.c | 14 +++++++++++--- src/conf/domain_conf.h | 9 +++++++++ src/libvirt_private.syms | 1 + src/qemu/qemu_domain.c | 29 ++++++++++++++++++++--------- src/qemu/qemu_domain.h | 6 +++--- src/qemu/qemu_driver.c | 5 +++-- src/qemu/qemu_migration.c | 4 ++-- 7 files changed, 49 insertions(+), 19 deletions(-) diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 85f6e31..f1cf87f 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -18493,8 +18493,9 @@ virDomainDefVcpuCheckAbiStability(virDomainDefPtr src, * validation of custom XML config passed in during migration */ bool -virDomainDefCheckABIStability(virDomainDefPtr src, - virDomainDefPtr dst) +virDomainDefCheckABIStabilityFlags(virDomainDefPtr src, + virDomainDefPtr dst, + unsigned int flags) { size_t i; virErrorPtr err; @@ -18538,7 +18539,8 @@ virDomainDefCheckABIStability(virDomainDefPtr src, virDomainDefGetMemoryInitial(src)); goto error; } - if (src->mem.cur_balloon != dst->mem.cur_balloon) { + if (!(flags & VIR_DOMAIN_DEF_ABI_CHECK_SKIP_VOLATILE) && + src->mem.cur_balloon != dst->mem.cur_balloon) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, _("Target domain current memory %lld does not match source %lld"), dst->mem.cur_balloon, src->mem.cur_balloon); @@ -18963,6 +18965,12 @@ virDomainDefCheckABIStability(virDomainDefPtr src, return false; } +bool +virDomainDefCheckABIStability(virDomainDefPtr src, + virDomainDefPtr dst) +{ + return virDomainDefCheckABIStabilityFlags(src, dst, 0); +} static int virDomainDefAddDiskControllersForType(virDomainDefPtr def, diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index 3792562..cd7b966 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -2623,6 +2623,11 @@ typedef enum { VIR_DOMAIN_DEF_FORMAT_CLOCK_ADJUST = 1 << 9, } virDomainDefFormatFlags; +typedef enum { + /* skip checking values like cur_balloon that can be changed meanwhile */ + VIR_DOMAIN_DEF_ABI_CHECK_SKIP_VOLATILE = 1 << 0, +} virDomainDefABICheckFlags; + virDomainDeviceDefPtr virDomainDeviceDefParse(const char *xmlStr, const virDomainDef *def, virCapsPtr caps, @@ -2658,6 +2663,10 @@ virDomainObjPtr virDomainObjParseFile(const char *filename, bool virDomainDefCheckABIStability(virDomainDefPtr src, virDomainDefPtr dst); +bool virDomainDefCheckABIStabilityFlags(virDomainDefPtr src, + virDomainDefPtr dst, + unsigned int flags); + int virDomainDefAddImplicitDevices(virDomainDefPtr def); virDomainIOThreadIDDefPtr virDomainIOThreadIDFind(const virDomainDef *def, diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 42f664c..4e7840c 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -208,6 +208,7 @@ virDomainDefAddController; virDomainDefAddImplicitDevices; virDomainDefAddUSBController; virDomainDefCheckABIStability; +virDomainDefCheckABIStabilityFlags; virDomainDefClearCCWAddresses; virDomainDefClearDeviceAliases; virDomainDefClearPCIAddresses; diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index d1f8175..4b45caf 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -4620,21 +4620,32 @@ qemuDomainUpdateMemoryDeviceInfo(virQEMUDriverPtr driver, } -bool -qemuDomainDefCheckABIStability(virQEMUDriverPtr driver, - virDomainDefPtr src, - virDomainDefPtr dst) +int +qemuDomainDefUpdateVolatile(virQEMUDriverPtr driver, + virDomainDefPtr src, + virDomainDefPtr dst) { virDomainDefPtr migratableDefSrc = NULL; virDomainDefPtr migratableDefDst = NULL; - const int flags = VIR_DOMAIN_XML_SECURE | VIR_DOMAIN_XML_UPDATE_CPU | VIR_DOMAIN_XML_MIGRATABLE; - bool ret = false; + const unsigned int copy_flags = VIR_DOMAIN_XML_SECURE | + VIR_DOMAIN_XML_UPDATE_CPU | + VIR_DOMAIN_XML_MIGRATABLE; + const unsigned int check_flags = VIR_DOMAIN_DEF_ABI_CHECK_SKIP_VOLATILE; + int ret = -1; - if (!(migratableDefSrc = qemuDomainDefCopy(driver, src, flags)) || - !(migratableDefDst = qemuDomainDefCopy(driver, dst, flags))) + + if (!(migratableDefSrc = qemuDomainDefCopy(driver, src, copy_flags)) || + !(migratableDefDst = qemuDomainDefCopy(driver, dst, copy_flags))) + goto cleanup; + + if (!virDomainDefCheckABIStabilityFlags(migratableDefSrc, + migratableDefDst, + check_flags)) goto cleanup; - ret = virDomainDefCheckABIStability(migratableDefSrc, migratableDefDst); + dst->mem.cur_balloon = src->mem.cur_balloon; + + ret = 0; cleanup: virDomainDefFree(migratableDefSrc); diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h index 2443e97..7581fff 100644 --- a/src/qemu/qemu_domain.h +++ b/src/qemu/qemu_domain.h @@ -578,9 +578,9 @@ int qemuDomainUpdateMemoryDeviceInfo(virQEMUDriverPtr driver, virDomainObjPtr vm, int asyncJob); -bool qemuDomainDefCheckABIStability(virQEMUDriverPtr driver, - virDomainDefPtr src, - virDomainDefPtr dst); +int qemuDomainDefUpdateVolatile(virQEMUDriverPtr driver, + virDomainDefPtr src, + virDomainDefPtr dst); bool qemuDomainAgentAvailable(virDomainObjPtr vm, bool reportError); diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index e70d3ce..a819f53 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -3244,7 +3244,7 @@ qemuDomainSaveInternal(virQEMUDriverPtr driver, virDomainPtr dom, VIR_DOMAIN_DEF_PARSE_SKIP_VALIDATE))) { goto endjob; } - if (!qemuDomainDefCheckABIStability(driver, vm->def, def)) { + if (qemuDomainDefUpdateVolatile(driver, vm->def, def) < 0) { virDomainDefFree(def); goto endjob; } @@ -15103,7 +15103,8 @@ qemuDomainRevertToSnapshot(virDomainSnapshotPtr snapshot, /* Transitions 5, 6, 8, 9 */ /* Check for ABI compatibility. We need to do this check against * the migratable XML or it will always fail otherwise */ - if (config && !qemuDomainDefCheckABIStability(driver, vm->def, config)) { + if (config + && qemuDomainDefUpdateVolatile(driver, vm->def, config) < 0) { virErrorPtr err = virGetLastError(); if (!(flags & VIR_DOMAIN_SNAPSHOT_REVERT_FORCE)) { diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c index 89350c8..38f471b 100644 --- a/src/qemu/qemu_migration.c +++ b/src/qemu/qemu_migration.c @@ -3237,7 +3237,7 @@ qemuMigrationBeginPhase(virQEMUDriverPtr driver, VIR_DOMAIN_DEF_PARSE_SKIP_VALIDATE))) goto cleanup; - if (!qemuDomainDefCheckABIStability(driver, vm->def, def)) + if (qemuDomainDefUpdateVolatile(driver, vm->def, def) < 0) goto cleanup; rv = qemuDomainDefFormatLive(driver, def, false, true); @@ -3582,7 +3582,7 @@ qemuMigrationPrepareAny(virQEMUDriverPtr driver, if (!newdef) goto cleanup; - if (!qemuDomainDefCheckABIStability(driver, *def, newdef)) { + if (qemuDomainDefUpdateVolatile(driver, *def, newdef) < 0) { virDomainDefFree(newdef); goto cleanup; } -- 1.8.3.1

2 4

[libvirt] [PATCH] libxl: advertise support for migration V3
by Jim Fehlig 30 Aug '16

30 Aug '16

The libxl driver has long supported migration V3 but has never indicated so in the connectSupportsFeature API. As a result, apps such as virt-manager that use the more generic virDomainMigrate API fail with libvirtError: this function is not supported by the connection driver: virDomainMigrate Add VIR_DRV_FEATURE_MIGRATION_V3 to the list of features marked as supported in the connectSupportsFeature API. Signed-off-by: Jim Fehlig <jfehlig(a)suse.com> --- src/libxl/libxl_driver.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/libxl/libxl_driver.c b/src/libxl/libxl_driver.c index a573c82..3ffaa74 100644 --- a/src/libxl/libxl_driver.c +++ b/src/libxl/libxl_driver.c @@ -5677,6 +5677,7 @@ libxlConnectSupportsFeature(virConnectPtr conn, int feature) return -1; switch (feature) { + case VIR_DRV_FEATURE_MIGRATION_V3: case VIR_DRV_FEATURE_TYPED_PARAM_STRING: case VIR_DRV_FEATURE_MIGRATION_PARAMS: case VIR_DRV_FEATURE_MIGRATION_P2P: -- 2.9.2

3 5

Re: [libvirt] Virtqueue size exceeded error when resuming VM
by Moshe Levi 30 Aug '16

30 Aug '16

It seem that on Ubuntu they reverted the patch See https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1612089 I tested on Ubuntu with 14.04 and it working ii ipxe-qemu 1.0.0+git-20131111.c3d1e78-2ubuntu1.1 all PXE boot firmware - ROM images for qemu ii qemu-keymaps 2.0.0+dfsg-2ubuntu1.22 all QEMU keyboard maps ii qemu-kvm 2.0.0+dfsg-2ubuntu1.27 amd64 QEMU Full virtualization ii qemu-system-common 2.0.0+dfsg-2ubuntu1.22 amd64 QEMU full system emulation binaries (common files) ii qemu-system-x86 2.0.0+dfsg-2ubuntu1.27 I also test it with Ubuntu 16.04 and it working. But on redhat 7.2 I still have the issue. qemu-img-1.5.3-105.el7_2.7.x86_64 libvirt-daemon-driver-qemu-1.2.17-13.el7_2.5.x86_64 qemu-system-x86-2.0.0-1.el7.6.x86_64 ipxe-roms-qemu-20160127-1.git6366fa7a.el7.noarch qemu-common-2.0.0-1.el7.6.x86_64 qemu-kvm-common-1.5.3-105.el7_2.7.x86_64 qemu-kvm-1.5.3-105.el7_2.7.x86_64 I didn't find new packages that revert the patch. Does anyone know what is the plan for RedHat? > -----Original Message----- > From: Moshe Levi > Sent: Monday, August 08, 2016 2:50 PM > To: Libvirt <libvir-list(a)redhat.com> > Subject: Virtqueue size exceeded error when resuming VM > > Hi, > A new security fix [1],[2] and [3] merged to qemu. > After updating the packages we started to get "qemu-system-x86_64: > Virtqueue size exceeded", when resuming the guest. > > Our environment is OpenStack master and we have Mellanox CI that test SR- > IOV functionality. > Ubuntu 14.04 with Qemu 2.0.0+dfsg-2ubuntu1.26 that contains the fixes see > [2] > ii qemu-kvm 2.0.0+dfsg-2ubuntu1.26 amd64 QEMU > Full virtualization > ii qemu-system-x86 2.0.0+dfsg-2ubuntu1.26 amd64 > QEMU full system emulation binaries (x86) > ii qemu-utils 2.0.0+dfsg-2ubuntu1.26 amd64 QEMU > utilities > Our CI started to fail last week when this security packages released. > > The scenarios is as follows (sorry for the OpenStack commands :)) : > 1. nova boot guest > 2. nova suspend guest > 3. nova resume guest > > The result is that the guest is in poweroff state and when I power it on > everything is working fine. > > I tested in direct port (SR-IOV) and normal port (virtual port) and it happens > in both cases. > > > According to the [3] it prevent from malicious guest to submit more requests > than the virtqueuesize permits. > Our CI uses proprietary Cirros image with mlnx4_en driver. > (http://13.69.151.247/images/mellanox_eth.img) > I started to test it with other images to see if the problem with our image. > I also tested with Ubuntu image - https://cloud- > images.ubuntu.com/wily/current/wily-server-cloudimg-amd64-disk1.img > And OpenStack Cirros image http://download.cirros-cloud.net/0.3.4/cirros- > 0.3.4-x86_64-disk.img > > The Ubuntu image had the same failure, but the Cirros worked. > > I wonder if there is a problem with the patch or with the images? > What in these images can make them malicious guest? > > > > [1] - https://access.redhat.com/security/cve/cve-2016-5403 > [2] - http://www.ubuntu.com/usn/usn-3047-1/ > [3] - https://lists.gnu.org/archive/html/qemu-devel/2016-07/msg06257.html

1 0

[libvirt] [PATCH v2] tests: fix segfault in objecteventtest
by Roman Bogorodskiy 29 Aug '16

29 Aug '16

Test 12 from objecteventtest (createXML add event) segaults on FreeBSD with bus error. At some point it calls testNodeDeviceDestroy() from the test driver. And it fails when it tries to unlock the device in the "out:" label of this function. Unlocking fails because the previous step was a call to virNodeDeviceObjRemove from conf/node_device_conf.c. This function removes the given device from the device list and cleans up the object, including destroying of its mutex. However, it does not nullify the pointer that was given to it. As a result, we end up in testNodeDeviceDestroy() here: out: if (obj) virNodeDeviceObjUnlock(obj); And instead of skipping this, we try to do Unlock and fail because of malformed mutex. Change virNodeDeviceObjRemove to use double pointer and set pointer to NULL. --- src/conf/node_device_conf.c | 13 +++++++------ src/conf/node_device_conf.h | 2 +- src/node_device/node_device_hal.c | 4 ++-- src/test/test_driver.c | 2 +- 4 files changed, 11 insertions(+), 10 deletions(-) diff --git a/src/conf/node_device_conf.c b/src/conf/node_device_conf.c index a23d8ef..719abcd 100644 --- a/src/conf/node_device_conf.c +++ b/src/conf/node_device_conf.c @@ -207,22 +207,23 @@ virNodeDeviceObjPtr virNodeDeviceAssignDef(virNodeDeviceObjListPtr devs, } void virNodeDeviceObjRemove(virNodeDeviceObjListPtr devs, - virNodeDeviceObjPtr dev) + virNodeDeviceObjPtr *dev) { size_t i; - virNodeDeviceObjUnlock(dev); + virNodeDeviceObjUnlock(*dev); for (i = 0; i < devs->count; i++) { - virNodeDeviceObjLock(dev); - if (devs->objs[i] == dev) { - virNodeDeviceObjUnlock(dev); + virNodeDeviceObjLock(*dev); + if (devs->objs[i] == *dev) { + virNodeDeviceObjUnlock(*dev); virNodeDeviceObjFree(devs->objs[i]); + *dev = NULL; VIR_DELETE_ELEMENT(devs->objs, i, devs->count); break; } - virNodeDeviceObjUnlock(dev); + virNodeDeviceObjUnlock(*dev); } } diff --git a/src/conf/node_device_conf.h b/src/conf/node_device_conf.h index 8f23a98..9f00500 100644 --- a/src/conf/node_device_conf.h +++ b/src/conf/node_device_conf.h @@ -249,7 +249,7 @@ virNodeDeviceObjPtr virNodeDeviceAssignDef(virNodeDeviceObjListPtr devs, virNodeDeviceDefPtr def); void virNodeDeviceObjRemove(virNodeDeviceObjListPtr devs, - virNodeDeviceObjPtr dev); + virNodeDeviceObjPtr *dev); char *virNodeDeviceDefFormat(const virNodeDeviceDef *def); diff --git a/src/node_device/node_device_hal.c b/src/node_device/node_device_hal.c index ef0cd9c..fb7bf25 100644 --- a/src/node_device/node_device_hal.c +++ b/src/node_device/node_device_hal.c @@ -530,7 +530,7 @@ dev_refresh(const char *udi) /* Simply "rediscover" device -- incrementally handling changes * to sub-capabilities (like net.80203) is nasty ... so avoid it. */ - virNodeDeviceObjRemove(&driver->devs, dev); + virNodeDeviceObjRemove(&driver->devs, &dev); } else { VIR_DEBUG("no device named %s", name); } @@ -560,7 +560,7 @@ device_removed(LibHalContext *ctx ATTRIBUTE_UNUSED, dev = virNodeDeviceFindByName(&driver->devs, name); VIR_DEBUG("%s", name); if (dev) - virNodeDeviceObjRemove(&driver->devs, dev); + virNodeDeviceObjRemove(&driver->devs, &dev); else VIR_DEBUG("no device named %s", name); nodeDeviceUnlock(); diff --git a/src/test/test_driver.c b/src/test/test_driver.c index bc1f93d..53cfa3c 100644 --- a/src/test/test_driver.c +++ b/src/test/test_driver.c @@ -5534,7 +5534,7 @@ testNodeDeviceDestroy(virNodeDevicePtr dev) 0); virNodeDeviceObjLock(obj); - virNodeDeviceObjRemove(&driver->devs, obj); + virNodeDeviceObjRemove(&driver->devs, &obj); out: if (obj) -- 2.7.4

2 2

[libvirt] RFC: Limited dynamic ownership
by Martin Kletzander 29 Aug '16

29 Aug '16

Hi everyone, so there was an idea about limiting the relabelling of images that libvirt does. And I'm taking the liberty of pitching my idea how to approach this. I feel like it's pretty simple thing and there's not much to talk about, but a) I could've missed something and b) you might hate the way I approach it. The idea is to extend the seclabel XML, for example: <seclabel type='dynamic' model='dac' relabel='whitelist'> <path>/var/lib/libvirt/images</path> <path>/data/virt-stuff</path> </seclabel> Either we allow 'relabel' to be set to 'whitelist' or add a new attribute with a name like 'mode' or something, which will control how we relabel the files (actually relabel='no' can mean 'whitelist' and relabel='yes' can mean blacklist without adding anything there). After that you can specify what paths are (dis)allowed to be labelled. Actually thinking about it I like the following the most: <seclabel type='dynamic' model='dac' relabel='no'> <whitelist path='/data'/> <blacklist path='/data/private/non-virt/stuff'/> </seclabel> which I believe is pretty explanatory. Feel free to ask if it's not. And let me know what you think. And have a nice day!!! Martin

2 4