[libvirt] [PATCH v4] network: use firewalld instead of iptables, when available
From: Thomas Woerner twoer...@redhat.com (This is Thomas v3 version of 1/2 of the firewalld patches, modified to check for firewall-cmd and firewalld state only once, rather than every time an iptables rule is added or removed. It's not intended to be pushed, because I'm still having issues with it, at least on my machine. I'm mostly concerned with item (1) on the list below; the others could be solved later or tolerated.) * configure.ac, spec file: firewalld defaults to enabled if dbus is available, otherwise is disabled. If --with_firewalld is explicitly requested and dbus is not available, configure will fail. * bridge_driver: add dbus filters to get the FirewallD1.Reloaded signal and DBus.NameOwnerChanged on org.fedoraproject.FirewallD1. When these are encountered, reload all the iptables reuls of all libvirt's virtual networks (similar to what happens when libvirtd is restarted). * iptables, ebtables: use firewall-cmd's direct passthrough interface when available, otherwise use iptables and ebtables commands. This decision is made once the first time libvirt calls iptables/ebtables, and that decision is maintained for the life of libvirtd. * Note that the nwfilter part of this patch was separated out into another patch by Stefan in V2, so that needs to be revised and re-reviewed as well. All the configure.ac and specfile changes are unchanged from Thomas' V3. V3 re-ran firewall-cmd --state every time a new rule was added, which was extremely inefficient. V4 uses VIR_ONCE_GLOBAL_INIT to set up a one-time initialization function. The VIR_ONCE_GLOBAL_INIT(x) macro references a static function called vir(Ip|Eb)OnceInit(), which will then be called the first time that the static function vir(Ip|Eb)TablesInitialize() is called (that function is defined for you by the macro). This is thread-safe, so there is no chance of any race. IMPORTANT NOTE: I've left the VIR_DEBUG messages in these two init functions (one for iptables, on for ebtables) as VIR_WARN so that I don't have to turn on all the other debug message just to see these. Even if this patch doesn't need any other modification, those messages need to be changed to VIR_DEBUG before pushing. This one-time initialization works well. However, I've encountered problems with testing: 1) Whenever I have enabled the firewalld service, *all* attempts to call firewall-cmd from within libvirtd end with firewall-cmd hanging internally somewhere. This is *not* the case if firewall-cmd returns non-0 in response to firewall-cmd --state (i.e. *that* command runs and returns to libvirt successfully.) 2) If I start libvirtd while firewalld is stopped, then start firewalld later, this triggers libvirtd to reload its iptables rules, however it also spits out a *ton* of complaints about deletion failing (I suppose because firewalld has nuked all of libvirt's rules). I guess we need to suppress those messages (which is a more annoying problem to fix than you might think, but that's another story). 3) I noticed a few times during this long line of errors that firewalld made a complaint about Resource Temporarily unavailable. Having libvirtd access iptables commands directly at the same time as firewalld is doing so is apparently problematic. 4) In general, I'm concerned about the set it once and never change it method - if firewalld is disabled at libvirtd startup, causing libvirtd to always use iptables/ebtables directly, this won't cause *terrible* problems, but if libvirtd decides to use firewall-cmd and firewalld is later disabled, libvirtd will not be able to recover. --- AUTHORS | 2 +- configure.ac| 17 +++ libvirt.spec.in | 11 ++ src/Makefile.am | 4 ++-- src/network/bridge_driver.c | 49 ++ src/util/ebtables.c | 52 - src/util/iptables.c | 49 +++--- 7 files changed, 177 insertions(+), 7 deletions(-) diff --git a/AUTHORS b/AUTHORS index 8581aea..5dec3a2 100644 --- a/AUTHORS +++ b/AUTHORS @@ -257,7 +257,7 @@ Patches have also been contributed by: Frido Roose frido.ro...@gmail.com Asad Saeed asad.sa...@acidseed.com Sukadev Bhattiprolu suka...@linux.vnet.ibm.com - + Thomas Woerner twoer...@redhat.com [send patches to get your name here] The libvirt Logo was designed by Diana Fong diff --git a/configure.ac b/configure.ac index ba5a3cd..0150f99 100644 --- a/configure.ac +++ b/configure.ac @@ -1321,6 +1321,22 @@ AM_CONDITIONAL([HAVE_POLKIT1], [test x$with_polkit1 = xyes]) AC_SUBST([POLKIT_CFLAGS]) AC_SUBST([POLKIT_LIBS]) +dnl firewalld +AC_ARG_WITH([firewalld], + AC_HELP_STRING([--with-firewalld], [enable firewalld support @:@default=check@:@]), + [], + [with_firewalld=check]) +if test x$with_firewalld = xcheck ; then +
Re: [libvirt] [PATCHv2] build: avoid warnings on older gcc
On 08/15/2012 09:25 PM, Eric Blake wrote: The previous patch pulled in a newer version of stat-time.h from gnulib, which tries to suppress some stupid gcc warnings (see http://gcc.gnu.org/bugzilla/show_bug.cgi?id=54113) by exploiting a feature of newer gcc. But we still aim to compile on RHEL 6.3, with gcc 4.4.6 (not to mention even older devel platforms like RHEL 5), which fails to build thanks to our development -Werror. It took me a while to figure out how to make our set of warnings smaller on older gcc without losing the benefit of the warnings when using newer gcc (such as the one on Fedora 17), but this should do the trick. * m4/virt-compile-warnings.m4 (LIBVIRT_COMPILE_WARNINGS): Avoid warnings that gnulib can't silence on older gcc. --- v2: Use AC_CACHE_CHECK, add -Werror, and test further. Pushing under the build-breaker rule. m4/virt-compile-warnings.m4 | 18 ++ 1 file changed, 18 insertions(+) diff --git a/m4/virt-compile-warnings.m4 b/m4/virt-compile-warnings.m4 index 9dee000..26f6134 100644 --- a/m4/virt-compile-warnings.m4 +++ b/m4/virt-compile-warnings.m4 @@ -58,6 +58,24 @@ AC_DEFUN([LIBVIRT_COMPILE_WARNINGS],[ # Gnulib's stat-time.h violates this dontwarn=$dontwarn -Waggregate-return +# Gnulib uses '#pragma GCC diagnostic push' to silence some +# warnings, but older gcc doesn't support this. +AC_CACHE_CHECK([whether pragma GCC diagnostic push works], + [lv_cv_gcc_pragma_push_works], [ + save_CFLAGS=$CFLAGS + CFLAGS='-Wunknown-pragmas -Werror' + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ +#pragma GCC diagnostic push +#pragma GCC diagnostic pop + ]])], + [lv_cv_gcc_pragma_push_works=yes], + [lv_cv_gcc_pragma_push_works=no]) + CFLAGS=$save_CFLAGS]) +if test $lv_cv_gcc_pragma_push_works = no; then + dontwarn=$dontwarn -Wmissing-prototypes + dontwarn=$dontwarn -Wmissing-declarations +fi + # We might fundamentally need some of these disabled forever, but # ideally we'd turn many of them on dontwarn=$dontwarn -Wfloat-equal Works for me now -- thanks! -- Mit freundlichen Grüßen/Kind Regards Viktor Mihajlovski IBM Deutschland Research Development GmbH Vorsitzender des Aufsichtsrats: Martin Jetter Geschäftsführung: Dirk Wittkopp Sitz der Gesellschaft: Böblingen Registergericht: Amtsgericht Stuttgart, HRB 243294 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 1/2] util: properly save/restore original vlan tag for VFs
On 2012年08月16日 12:34, Laine Stump wrote: When a network device that is a VF of an SR-IOV card was assigned to a guest usinginterface type='hostdev', only the MAC address was being saved/restored, but the VLAN tag was left untouched. Up to now we haven't actually used vlan tags on SR-IOV devices, so the guest would have used whatever was set, and left it the same at the end. The patch following this one will hook up thevlan element from the interface config, so save/restore of the device state needs to also include the vlan tag. MAC address is being saved as a simple ASCII string in a file named for the device under /var/run. The VLAN tag is now just added at the end of that file, after a newline. It might be nicer if the file was XML (in case it ever gets more complicated) but at the moment there's nothing else on the horizon, and this makes backward compatibility easier. --- src/util/virnetdev.c | 56 +--- 1 file changed, 40 insertions(+), 16 deletions(-) diff --git a/src/util/virnetdev.c b/src/util/virnetdev.c index f1ee0a4..25bdf01 100644 --- a/src/util/virnetdev.c +++ b/src/util/virnetdev.c @@ -1533,33 +1533,41 @@ virNetDevReplaceVfConfig(const char *pflinkdev, int vf, int vlanid, const char *stateDir) { +int ret = -1; virMacAddr oldmac; int oldvlanid = -1; char *path = NULL; char macstr[VIR_MAC_STRING_BUFLEN]; +char *fileData = NULL; int ifindex = -1; if (virNetDevGetVfConfig(pflinkdev, vf,oldmac,oldvlanid) 0) -return -1; +goto cleanup; if (virAsprintf(path, %s/%s_vf%d, stateDir, pflinkdev, vf) 0) { virReportOOMError(); -return -1; +goto cleanup; } -virMacAddrFormat(oldmac, macstr); -if (virFileWriteStr(path, macstr, O_CREAT|O_TRUNC|O_WRONLY) 0) { -virReportSystemError(errno, _(Unable to preserve mac for pf = %s, - vf = %d), pflinkdev, vf); -VIR_FREE(path); -return -1; +if (virAsprintf(fileData, %s\n%d\n, +virMacAddrFormat(oldmac, macstr), oldvlanid) 0) { +virReportOOMError(); +goto cleanup; +} +if (virFileWriteStr(path, fileData, O_CREAT|O_TRUNC|O_WRONLY) 0) { +virReportSystemError(errno, _(Unable to preserve mac/vlan tag + for pf = %s, vf = %d), pflinkdev, vf); +goto cleanup; } -VIR_FREE(path); - -return virNetDevSetVfConfig(pflinkdev, ifindex, vf, true, +ret = virNetDevSetVfConfig(pflinkdev, ifindex, vf, true, macaddress, vlanid, NULL); + +cleanup: +VIR_FREE(path); +VIR_FREE(fileData); +return ret; } static int @@ -1567,8 +1575,9 @@ virNetDevRestoreVfConfig(const char *pflinkdev, int vf, const char *stateDir) { int rc = -1; -char *macstr = NULL; char *path = NULL; +char *fileData = NULL; +char *vlan = NULL; virMacAddr oldmac; int vlanid = -1; int ifindex = -1; @@ -1579,14 +1588,29 @@ virNetDevRestoreVfConfig(const char *pflinkdev, int vf, return rc; } -if (virFileReadAll(path, VIR_MAC_STRING_BUFLEN,macstr) 0) { +if (virFileReadAll(path, 128,fileData) 0) { goto cleanup; } -if (virMacAddrParse(macstr,oldmac) != 0) { +if ((vlan = strchr(fileData, '\n'))) { +char *endptr; + +*vlan++ = 0; /* NULL terminate the mac address */ s/terminate/terminates/ +if (*vlan) { +if ((virStrToLong_i(vlan,endptr, 10,vlanid) 0) || +(endptr *endptr != '\n' *endptr != 0)) { +virReportError(VIR_ERR_INTERNAL_ERROR, + _(Cannot parse vlan tag from '%s'), + vlan); +goto cleanup; +} +} +} + +if (virMacAddrParse(fileData,oldmac) != 0) { virReportError(VIR_ERR_INTERNAL_ERROR, _(Cannot parse MAC address from '%s'), - macstr); + fileData); goto cleanup; } @@ -1597,7 +1621,7 @@ virNetDevRestoreVfConfig(const char *pflinkdev, int vf, cleanup: VIR_FREE(path); -VIR_FREE(macstr); +VIR_FREE(fileData); return rc; } Looks good for me, ACK. -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 2/2] qemu: support setting vlan tag for interface type='hostdev'
On 2012年08月16日 12:34, Laine Stump wrote: The underlying function to set the vlan tag of an SR-IOV network device was already in place (although an extra patch to save/restore the original vlan tag was needed), and recent patches added the ability to configure a vlan tag. This patch just ties those two together. An SR-IOV device doesn't support vlan trunking, so if anyone tries to configure more than a single tag, or set the trunk flag, and error is logged. --- src/qemu/qemu_hostdev.c | 40 ++-- 1 file changed, 34 insertions(+), 6 deletions(-) diff --git a/src/qemu/qemu_hostdev.c b/src/qemu/qemu_hostdev.c index 7619fd0..46c84b5 100644 --- a/src/qemu/qemu_hostdev.c +++ b/src/qemu/qemu_hostdev.c @@ -301,6 +301,7 @@ qemuDomainHostdevNetConfigReplace(virDomainHostdevDefPtr hostdev, char *stateDir) { char *linkdev = NULL; +virNetDevVlanPtr vlan; virNetDevVPortProfilePtr virtPort; int ret = -1; int vf = -1; @@ -319,19 +320,46 @@ qemuDomainHostdevNetConfigReplace(virDomainHostdevDefPtr hostdev, if (qemuDomainHostdevNetDevice(hostdev,linkdev,vf) 0) return ret; +vlan = virDomainNetGetActualVlan(hostdev-parent.data.net); virtPort = virDomainNetGetActualVirtPortProfile( hostdev-parent.data.net); -if (virtPort) +if (virtPort) { +if (vlan) { +virReportError(VIR_ERR_CONFIG_UNSUPPORTED, + _(direct setting of the vlan tag is not allowed + for hostdev devices using %s mode), + virNetDevVPortTypeToString(virtPort-virtPortType)); +goto cleanup; +} ret = qemuDomainHostdevNetConfigVirtPortProfile(linkdev, vf, virtPort,hostdev-parent.data.net-mac, uuid, port_profile_associate); -else -/* Set only mac */ +} else { +/* Set only mac and vlan */ +if (vlan) { +if (vlan-nTags != 1 || vlan-trunk) { +virReportError(VIR_ERR_CONFIG_UNSUPPORTED, %s, + _(vlan trunking is not supported + by SR-IOV network devices)); +goto cleanup; +} +if (vf == -1) { +virReportError(VIR_ERR_CONFIG_UNSUPPORTED, + _(vlan can only be set for SR-IOV VFs, but + %s is not a VF), linkdev); +goto cleanup; +} +vlanid = vlan-tag[0]; +} else if (vf= 0) { +vlanid = 0; /* assure any current vlan tag is reset */ +} + ret = virNetDevReplaceNetConfig(linkdev, vf, -hostdev-parent.data.net-mac, vlanid, -stateDir); +hostdev-parent.data.net-mac, +vlanid, stateDir); +} +cleanup: VIR_FREE(linkdev); - return ret; } ACK. -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] qemu: Ensure the cpuset is formated as expected before passing to cgroup
On 2012年08月16日 13:06, Eric Blake wrote: On 08/15/2012 09:35 PM, Osier Yang wrote: The parameter value for cpuset could be in special format like 0-10,^7, which is not recongnized by cgroup. This patch is to s/recongnized/recognized/ ensure the cpuset is formated as expected before passing it to s/formated/formatted/ cgroup. As a side effect, after the patch, it parses the cpuset early before cgroup setting, to avoid the rollback if cpuset parsing fails afterwards. --- src/qemu/qemu_driver.c | 77 +-- 1 files changed, 41 insertions(+), 36 deletions(-) diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 369e8ed..fc412a1 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -6952,8 +6952,23 @@ qemuDomainSetNumaParameters(virDomainPtr dom, } } else if (STREQ(param-field, VIR_DOMAIN_NUMA_NODESET)) { int rc; -bool savedmask; -char oldnodemask[VIR_DOMAIN_CPUMASK_LEN]; +char *nodeset = NULL; +char *nodeset_str = NULL; + +if (VIR_ALLOC_N(nodeset, VIR_DOMAIN_CPUMASK_LEN) 0) { +virReportOOMError(); +ret = -1; +goto cleanup; +}; + +if (virDomainCpuSetParse(params[i].value.s, + 0, nodeset, + VIR_DOMAIN_CPUMASK_LEN) 0) { +virReportError(VIR_ERR_INTERNAL_ERROR, %s, + _(Failed to parse nodeset)); +ret = -1; +continue; +} We have enough of this open-coded conversions in the code base that it would be worth common helper routines to make the conversion much easier to use in the clients (for a later patch). But for the purposes of fixing the bug at hand, your patch does the trick. if (flags VIR_DOMAIN_AFFECT_LIVE) { if (vm-def-numatune.memory.mode != @@ -6961,72 +6976,62 @@ qemuDomainSetNumaParameters(virDomainPtr dom, virReportError(VIR_ERR_OPERATION_INVALID, %s, _(change of nodeset for running domain requires strict numa mode)); +VIR_FREE(nodeset); ret = -1; continue; } -rc = virCgroupSetCpusetMems(group, params[i].value.s); -if (rc != 0) { + +/* Ensure the cpuset string is formated before passing to cgroup */ s/formated/formatted/ hum, you corrected my typos on recongnized and formated several times. /shy. ACK with nits fixed. Thanks, pushed with the nits fixed. Regards, Osier -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [test-API][PATCH 1/2] New get_conn function in utils
The get_conn function return connection object from libvirt module. This function could be used by both framework and testcases. The patch includes: * get_conn in utils/utils.py * sync env_inspect.py using the new function Signed-off-by: Wayne Sun g...@redhat.com --- src/env_inspect.py | 22 ++ utils/utils.py | 27 +++ 2 files changed, 29 insertions(+), 20 deletions(-) diff --git a/src/env_inspect.py b/src/env_inspect.py index b260ff8..2c1a701 100644 --- a/src/env_inspect.py +++ b/src/env_inspect.py @@ -20,6 +20,7 @@ import commands import libvirt import sharedmod +from utils import utils def check_libvirt(logger): virsh = 'virsh -v' @@ -68,20 +69,6 @@ def hostinfo(logger): return 1 return 0 -def request_credentials(credentials, user_data): -for credential in credentials: -if credential[0] == libvirt.VIR_CRED_AUTHNAME: -credential[4] = user_data[0] - -if len(credential[4]) == 0: -credential[4] = credential[3] -elif credential[0] == libvirt.VIR_CRED_PASSPHRASE: -credential[4] = user_data[1] -else: -return -1 - -return 0 - def sharemod_init(env_parser, logger): get connection object from libvirt module initialize sharemod for use by testcases @@ -89,12 +76,7 @@ def sharemod_init(env_parser, logger): uri = env_parser.get_value('variables', 'defaulturi') username = env_parser.get_value('variables', 'username') password = env_parser.get_value('variables', 'password') -user_data = [username, password] -auth = [[libvirt.VIR_CRED_AUTHNAME, libvirt.VIR_CRED_PASSPHRASE], request_credentials, user_data] -conn = libvirt.openAuth(uri, auth, 0) -if not conn: -logger.error(Failed to setup libvirt connection); -return 1 +conn = utils.get_conn(uri, username, password) # initialize conn object in sharedmod sharedmod.libvirtobj.clear() diff --git a/utils/utils.py b/utils/utils.py index be87cdc..eade10d 100644 --- a/utils/utils.py +++ b/utils/utils.py @@ -29,6 +29,7 @@ import struct import pexpect import string import subprocess +import libvirt from xml.dom import minidom from urlparse import urlparse @@ -57,6 +58,32 @@ def get_uri(ip): uri = qemu+ssh://%s/system % ip return uri +def request_credentials(credentials, user_data): +for credential in credentials: +if credential[0] == libvirt.VIR_CRED_AUTHNAME: +credential[4] = user_data[0] + +if len(credential[4]) == 0: +credential[4] = credential[3] +elif credential[0] == libvirt.VIR_CRED_PASSPHRASE: +credential[4] = user_data[1] +else: +return -1 + +return 0 + +def get_conn(uri='', username='', password=''): + get connection object from libvirt module + +user_data = [username, password] +auth = [[libvirt.VIR_CRED_AUTHNAME, libvirt.VIR_CRED_PASSPHRASE], request_credentials, user_data] +conn = libvirt.openAuth(uri, auth, 0) +if not conn: +logger.error(Failed to setup libvirt connection); +sys.exit(1) +else: +return conn + def parse_uri(uri): # This is a simple parser for uri return urlparse(uri) -- 1.7.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [test-API][PATCH 2/2] Update cases with libvirtd restart problem
Restart libvirtd during test will break conn from framework. Update cases with: * Add notes in case description * Using get_conn to reconnect in cases Signed-off-by: Wayne Sun g...@redhat.com --- repos/domain/ownership_test.py |6 -- repos/libvirtd/qemu_hang.py |1 - repos/libvirtd/restart.py |3 +++ repos/libvirtd/upstart.py |3 +++ repos/sVirt/domain_nfs_start.py | 11 --- 5 files changed, 18 insertions(+), 6 deletions(-) diff --git a/repos/domain/ownership_test.py b/repos/domain/ownership_test.py index b479708..33b57e2 100644 --- a/repos/domain/ownership_test.py +++ b/repos/domain/ownership_test.py @@ -3,6 +3,9 @@ # check the ownership of saved domain file. Test could # be on local or root_squash nfs. The default owner of # the saved domain file is qemu:qemu in this case. +# +# NOTES: Libvirtd will be restarted during test, better run this +# case alone. import os import re @@ -11,7 +14,6 @@ import sys import libvirt from libvirt import libvirtError -from src import sharedmod from utils import utils required_params = ('guestname', 'dynamic_ownership', 'use_nfs',) @@ -180,7 +182,7 @@ def ownership_test(params): logger.error(failed to prepare the environment) return 1 -conn = sharedmod.libvirtobj['conn'] +conn = utils.get_conn() # save domain to the file logger.info(save domain %s to the file %s % (guestname, SAVE_FILE)) diff --git a/repos/libvirtd/qemu_hang.py b/repos/libvirtd/qemu_hang.py index 7a58f50..9127ed6 100644 --- a/repos/libvirtd/qemu_hang.py +++ b/repos/libvirtd/qemu_hang.py @@ -17,7 +17,6 @@ required_params = ('guestname',) optional_params = {} VIRSH_LIST = virsh list --all -RESTART_CMD = service libvirtd restart def check_domain_running(conn, guestname, logger): check if the domain exists, may or may not be active diff --git a/repos/libvirtd/restart.py b/repos/libvirtd/restart.py index 803fa2e..e66f30a 100644 --- a/repos/libvirtd/restart.py +++ b/repos/libvirtd/restart.py @@ -2,6 +2,9 @@ # Restart libvirtd testing. A running guest is required in # this test. During libvirtd restart, the guest remains # running and not affected by libvirtd restart. +# +# NOTES: Libvirtd will be restarted during test, better run this +# case alone. import os import re diff --git a/repos/libvirtd/upstart.py b/repos/libvirtd/upstart.py index 13cb349..c57ba1c 100644 --- a/repos/libvirtd/upstart.py +++ b/repos/libvirtd/upstart.py @@ -1,5 +1,8 @@ #!/usr/bin/env python # Upstart libvirtd testing +# +# NOTES: Libvirtd will be restarted during test, better run this +# case alone. import os import re diff --git a/repos/sVirt/domain_nfs_start.py b/repos/sVirt/domain_nfs_start.py index 88d349c..5ce9a7a 100644 --- a/repos/sVirt/domain_nfs_start.py +++ b/repos/sVirt/domain_nfs_start.py @@ -5,6 +5,9 @@ # check whether the guest can be started or not. The nfs could # be root_squash or no_root_squash. SElinux should be enabled # and enforcing on host. +# +# NOTES: Libvirtd will be restarted during test, better run this +# case alone. import os import re @@ -12,7 +15,6 @@ import sys import libvirt from libvirt import libvirtError - from src import sharedmod from utils import utils from shutil import copy @@ -171,6 +173,9 @@ def domain_nfs_start(params): logger.error(failed to prepare the environment) return 1 +# reconnect libvirt +conn = utils.get_conn() + domobj = conn.lookupByName(guestname) logger.info(begin to test start domain from nfs storage) @@ -283,7 +288,7 @@ def domain_nfs_start(params): logger.error(Error: fail to get domain %s state % guestname) return 1 -if state != shutoff: +if state != libvirt.VIR_DOMAIN_SHUTOFF: logger.info(shut down the domain %s % guestname) try: domobj.destroy() @@ -407,7 +412,7 @@ def domain_nfs_start_clean(params): # Connect to local hypervisor connection URI -conn = sharedmod.libvirtobj['conn'] +conn = utils.get_conn() domobj = conn.lookupByName(guestname) if domobj.info()[0] != libvirt.VIR_DOMAIN_SHUTOFF: -- 1.7.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] libvirtd crash when attach-disk to VM
Hi all, I got a depressed problem(libvirtd crash with SIGABRT or SIGSEGV sometimes) when attach a nbd disk to a VM by using cmd as follow: virsh attach-disk 228 --source /dev/nbd0 --target vdd --sourcetype block --driver qemu --subdriver raw or just using virsh attach-disk 228 /dev/nbd0 vdd. and this problem occurs everytime when I attach a nbd disk to VM. the device nbd0 is create by qemu-nbd cmd: qemu-nbd -c /dev/nbd0 /home/hzwangpan/zero root@114-113-199-15:/home/hzwangpan# qemu-nbd -V qemu-nbd version 0.0.1 the 'zero' file was created by qemu-img cmd: qemu-img create -f raw zero 512M qemu-img version 1.1.0, Copyright (c) 2004-2008 Fabrice Bellard Some info of packages' version is listed below: root@114-113-199-15:/home/hzwangpan# dpkg -l | grep libvi ii libvirt-bin0.9.12-4 programs for the libvirt library ii libvirt-dev0.9.12-4 development files for the libvirt library ii libvirt0 0.9.12-4 library for interfacing with different virtualization systems ii libvirt0-dbg 0.9.12-4 library for interfacing with different virtualization systems root@114-113-199-15:/home/hzwangpan# virsh version Compiled against library: libvir 0.9.12 Using library: libvir 0.9.12 Using API: QEMU 0.9.12 Running hypervisor: QEMU 1.1.0 root@114-113-199-15:/home/hzwangpan# kvm -version QEMU emulator version 1.1.0 (qemu-kvm-1.1.0+dfsg-3, Debian), Copyright (c) 2003-2008 Fabrice Bellard root@114-113-199-15:/home/hzwangpan# uname -a Linux 114-113-199-15 3.2.0-3-amd64 #1 SMP Thu Jun 28 09:07:26 UTC 2012 x86_64 GNU/Linux root@114-113-199-15:/home/hzwangpan# cat /etc/issue Debian GNU/Linux wheezy/sid \n \l the backtrace info when libvirtd crash is list here: 1) one situation: *** glibc detected *** /usr/sbin/libvirtd: malloc(): memory corruption (fast): 0x0087bc10 *** === Backtrace: = /lib/x86_64-linux-gnu/libc.so.6(+0x75b46)[0x74608b46] /lib/x86_64-linux-gnu/libc.so.6(+0x79428)[0x7460c428] /lib/x86_64-linux-gnu/libc.so.6(__libc_malloc+0x70)[0x7460d960] /lib/x86_64-linux-gnu/libc.so.6(__strdup+0x22)[0x74612912] /usr/lib/libvirt.so.0(virJSONValueObjectAppend+0x39)[0x777b75c9] /usr/lib/libvirt.so.0(virJSONValueObjectAppendString+0x37)[0x777b7e87] /usr/sbin/libvirtd[0x4aa884] /usr/sbin/libvirtd[0x4ac3a7] /usr/sbin/libvirtd[0x49d303] /usr/sbin/libvirtd[0x4a8bfe] /usr/sbin/libvirtd[0x4b0814] /usr/sbin/libvirtd[0x484a5d] /usr/sbin/libvirtd[0x461d9e] /usr/lib/libvirt.so.0(virDomainAttachDevice+0xdd)[0x77846f5d] /usr/sbin/libvirtd[0x43ccfe] /usr/lib/libvirt.so.0(+0x129866)[0x7788a866] /usr/lib/libvirt.so.0(+0x1254d1)[0x778864d1] /usr/lib/libvirt.so.0(+0x6273e)[0x777c373e] /usr/lib/libvirt.so.0(+0x621c9)[0x777c31c9] /lib/x86_64-linux-gnu/libpthread.so.0(+0x6b50)[0x74d27b50] /lib/x86_64-linux-gnu/libc.so.6(clone+0x6d)[0x7466b6dd] === Memory map: 0040-0053d000 r-xp 08:01 69457 /usr/sbin/libvirtd 0073c000-0073e000 r--p 0013c000 08:01 69457 /usr/sbin/libvirtd 0073e000-00746000 rw-p 0013e000 08:01 69457 /usr/sbin/libvirtd 00746000-00aa1000 rw-p 00:00 0 [heap] 7fffe000-7fffe021f000 rw-p 00:00 0 7fffe021f000-7fffe400 ---p 00:00 0 7fffe77ff000-7fffe780 ---p 00:00 0 7fffe780-7fffe800 rw-p 00:00 0 7fffe800-7fffe8175000 rw-p 00:00 0 7fffe8175000-7fffec00 ---p 00:00 0 7fffec138000-7fffec139000 ---p 00:00 0 7fffec139000-7fffec939000 rw-p 00:00 0 7fffec939000-7fffec96e000 r--s 08:06 286722 /var/cache/nscd/passwd 7fffec96e000-7fffec99a000 rw-p 00:00 0 7fffec99a000-7fffec99b000 ---p 00:00 0 7fffec99b000-7fffed19b000 rw-p 00:00 0 7fffed19b000-7fffed315000 r-xp 08:01 124989 /usr/lib/x86_64-linux-gnu/libdb-5.1.so 7fffed315000-7fffed515000 ---p 0017a000 08:01 124989 /usr/lib/x86_64-linux-gnu/libdb-5.1.so 7fffed515000-7fffed51b000 r--p 0017a000 08:01 124989 /usr/lib/x86_64-linux-gnu/libdb-5.1.so 7fffed51b000-7fffed51e000 rw-p 0018 08:01 124989 /usr/lib/x86_64-linux-gnu/libdb-5.1.so 7fffed51e000-7fffed524000 r-xp 08:01 133549 /usr/lib/x86_64-linux-gnu/sasl2/libsasldb.so.2.0.25 7fffed524000-7fffed723000 ---p 6000 08:01 133549 /usr/lib/x86_64-linux-gnu/sasl2/libsasldb.so.2.0.25 7fffed723000-7fffed724000 r--p 5000 08:01 133549 /usr/lib/x86_64-linux-gnu/sasl2/libsasldb.so.2.0.25 7fffed724000-7fffed725000 rw-p 6000 08:01 133549
Re: [libvirt] QEMU 1.2 Test Day - August 16 2012
On Tue, Aug 14, 2012 at 2:37 PM, Stefan Hajnoczi stefa...@gmail.com wrote: On Thu, Aug 2, 2012 at 1:22 PM, Stefan Hajnoczi stefa...@gmail.com wrote: I have set up the QEMU 1.2 Testing wiki page and suggest August 16 as the Test Day: http://wiki.qemu.org/Planning/1.2/Testing QEMU 1.2 Test Day is only 2 days away! Please help test QEMU 1.2-rc and add yourself to the wiki: http://wiki.qemu.org/Planning/1.2/Testing More about QEMU 1.2 Test Day from my original email: An update on Test Day and the QEMU 1.2 release: Postponing Test Day until -rc0 is tagged. v1.2-rc0 has not been tagged yet. Release blockers being discussed and will be resolved before -rc0 is tagged. If you are hitting build failures or critical bugs in qemu.git/master at this point, please discuss on qemu-de...@nongnu.org as soon as possible and mention 1.2 in the email subject line. Stefan -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [test-API][PATCH 1/2] New get_conn function in utils
On 2012年08月16日 17:00, Wayne Sun wrote: The get_conn function return connection object from libvirt module. This function could be used by both framework and testcases. The patch includes: * get_conn in utils/utils.py * sync env_inspect.py using the new function Signed-off-by: Wayne Sung...@redhat.com --- src/env_inspect.py | 22 ++ utils/utils.py | 27 +++ 2 files changed, 29 insertions(+), 20 deletions(-) diff --git a/src/env_inspect.py b/src/env_inspect.py index b260ff8..2c1a701 100644 --- a/src/env_inspect.py +++ b/src/env_inspect.py @@ -20,6 +20,7 @@ import commands import libvirt import sharedmod +from utils import utils def check_libvirt(logger): virsh = 'virsh -v' @@ -68,20 +69,6 @@ def hostinfo(logger): return 1 return 0 -def request_credentials(credentials, user_data): -for credential in credentials: -if credential[0] == libvirt.VIR_CRED_AUTHNAME: -credential[4] = user_data[0] - -if len(credential[4]) == 0: -credential[4] = credential[3] -elif credential[0] == libvirt.VIR_CRED_PASSPHRASE: -credential[4] = user_data[1] -else: -return -1 - -return 0 - def sharemod_init(env_parser, logger): get connection object from libvirt module initialize sharemod for use by testcases @@ -89,12 +76,7 @@ def sharemod_init(env_parser, logger): uri = env_parser.get_value('variables', 'defaulturi') username = env_parser.get_value('variables', 'username') password = env_parser.get_value('variables', 'password') -user_data = [username, password] -auth = [[libvirt.VIR_CRED_AUTHNAME, libvirt.VIR_CRED_PASSPHRASE], request_credentials, user_data] -conn = libvirt.openAuth(uri, auth, 0) -if not conn: -logger.error(Failed to setup libvirt connection); -return 1 +conn = utils.get_conn(uri, username, password) # initialize conn object in sharedmod sharedmod.libvirtobj.clear() diff --git a/utils/utils.py b/utils/utils.py index be87cdc..eade10d 100644 --- a/utils/utils.py +++ b/utils/utils.py @@ -29,6 +29,7 @@ import struct import pexpect import string import subprocess +import libvirt from xml.dom import minidom from urlparse import urlparse @@ -57,6 +58,32 @@ def get_uri(ip): uri = qemu+ssh://%s/system % ip return uri +def request_credentials(credentials, user_data): +for credential in credentials: +if credential[0] == libvirt.VIR_CRED_AUTHNAME: +credential[4] = user_data[0] + +if len(credential[4]) == 0: +credential[4] = credential[3] +elif credential[0] == libvirt.VIR_CRED_PASSPHRASE: +credential[4] = user_data[1] +else: +return -1 + +return 0 + +def get_conn(uri='', username='', password=''): + get connection object from libvirt module + +user_data = [username, password] +auth = [[libvirt.VIR_CRED_AUTHNAME, libvirt.VIR_CRED_PASSPHRASE], request_credentials, user_data] +conn = libvirt.openAuth(uri, auth, 0) +if not conn: +logger.error(Failed to setup libvirt connection); +sys.exit(1) +else: +return conn Isn't there a shared 'conn' in sharemod.py? + def parse_uri(uri): # This is a simple parser for uri return urlparse(uri) -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [test-API][PATCH 1/2] New get_conn function in utils
On 08/16/2012 06:07 PM, Osier Yang wrote: On 2012年08月16日 17:00, Wayne Sun wrote: The get_conn function return connection object from libvirt module. This function could be used by both framework and testcases. The patch includes: * get_conn in utils/utils.py * sync env_inspect.py using the new function Signed-off-by: Wayne Sung...@redhat.com --- src/env_inspect.py | 22 ++ utils/utils.py | 27 +++ 2 files changed, 29 insertions(+), 20 deletions(-) diff --git a/src/env_inspect.py b/src/env_inspect.py index b260ff8..2c1a701 100644 --- a/src/env_inspect.py +++ b/src/env_inspect.py @@ -20,6 +20,7 @@ import commands import libvirt import sharedmod +from utils import utils def check_libvirt(logger): virsh = 'virsh -v' @@ -68,20 +69,6 @@ def hostinfo(logger): return 1 return 0 -def request_credentials(credentials, user_data): -for credential in credentials: -if credential[0] == libvirt.VIR_CRED_AUTHNAME: -credential[4] = user_data[0] - -if len(credential[4]) == 0: -credential[4] = credential[3] -elif credential[0] == libvirt.VIR_CRED_PASSPHRASE: -credential[4] = user_data[1] -else: -return -1 - -return 0 - def sharemod_init(env_parser, logger): get connection object from libvirt module initialize sharemod for use by testcases @@ -89,12 +76,7 @@ def sharemod_init(env_parser, logger): uri = env_parser.get_value('variables', 'defaulturi') username = env_parser.get_value('variables', 'username') password = env_parser.get_value('variables', 'password') -user_data = [username, password] -auth = [[libvirt.VIR_CRED_AUTHNAME, libvirt.VIR_CRED_PASSPHRASE], request_credentials, user_data] -conn = libvirt.openAuth(uri, auth, 0) -if not conn: -logger.error(Failed to setup libvirt connection); -return 1 +conn = utils.get_conn(uri, username, password) # initialize conn object in sharedmod sharedmod.libvirtobj.clear() diff --git a/utils/utils.py b/utils/utils.py index be87cdc..eade10d 100644 --- a/utils/utils.py +++ b/utils/utils.py @@ -29,6 +29,7 @@ import struct import pexpect import string import subprocess +import libvirt from xml.dom import minidom from urlparse import urlparse @@ -57,6 +58,32 @@ def get_uri(ip): uri = qemu+ssh://%s/system % ip return uri +def request_credentials(credentials, user_data): +for credential in credentials: +if credential[0] == libvirt.VIR_CRED_AUTHNAME: +credential[4] = user_data[0] + +if len(credential[4]) == 0: +credential[4] = credential[3] +elif credential[0] == libvirt.VIR_CRED_PASSPHRASE: +credential[4] = user_data[1] +else: +return -1 + +return 0 + +def get_conn(uri='', username='', password=''): + get connection object from libvirt module + +user_data = [username, password] +auth = [[libvirt.VIR_CRED_AUTHNAME, libvirt.VIR_CRED_PASSPHRASE], request_credentials, user_data] +conn = libvirt.openAuth(uri, auth, 0) +if not conn: +logger.error(Failed to setup libvirt connection); +sys.exit(1) +else: +return conn Isn't there a shared 'conn' in sharemod.py? Yes, but it will be broke when restart libvirtd and some case do need restart libvirtd. In those cases need a to get a new 'conn', so add this function for this. The 'conn' in sharemod.py is from sharemod_init in env_inspect.py, extract the get connection method from there to utils for benefit of the framework and testcases. Wayne Sun + def parse_uri(uri): # This is a simple parser for uri return urlparse(uri) -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH v2] qemu: Set swap_hard_limit before hard_limit
Setting hard_limit larger than previous swap_hard_limit must fail, it's not that good if one wants to change the swap_hard_limit and hard_limit together. E.g. % virsh memtune rhel6 hard_limit : 100 soft_limit : 100 swap_hard_limit: 100 % virsh memtune rhel6 --hard-limit 120 --soft-limit 120 \ --swap-hard-limit 120 --live This patch reoder the limits setting to set the swap_hard_limit first, hard_limit then, and soft_limit last if it's greater than current swap_hard_limit. And soft_limit first, hard_limit then, swap_hard_limit last, if not. --- src/qemu/qemu_driver.c | 59 +-- 1 files changed, 51 insertions(+), 8 deletions(-) diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 80cfa84..a26d3cd 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -6651,11 +6651,18 @@ qemuDomainSetMemoryParameters(virDomainPtr dom, virDomainDefPtr persistentDef = NULL; virCgroupPtr group = NULL; virDomainObjPtr vm = NULL; +virTypedParameterPtr hard_limit = NULL; +virTypedParameterPtr soft_limit = NULL; +virTypedParameterPtr swap_hard_limit = NULL; +virTypedParameterPtr sorted_params[nparams]; +unsigned long long val = 0; + int ret = -1; int rc; virCheckFlags(VIR_DOMAIN_AFFECT_LIVE | VIR_DOMAIN_AFFECT_CONFIG, -1); + if (virTypedParameterArrayValidate(params, nparams, VIR_DOMAIN_MEMORY_HARD_LIMIT, VIR_TYPED_PARAM_ULLONG, @@ -6694,13 +6701,49 @@ qemuDomainSetMemoryParameters(virDomainPtr dom, } } +for (i = 0; i nparams; i++) { +if (STREQ(params[i].field, VIR_DOMAIN_MEMORY_HARD_LIMIT)) +hard_limit = params[i]; +else if (STREQ(params[i].field, VIR_DOMAIN_MEMORY_SOFT_LIMIT)) +soft_limit = params[i]; +else if (STREQ(params[i].field, VIR_DOMAIN_MEMORY_SWAP_HARD_LIMIT)) +swap_hard_limit = params[i]; +} + +/* It will fail if hard limit greater than swap hard limit anyway */ +if (swap_hard_limit +hard_limit +(hard_limit-value.ul swap_hard_limit-value.ul)) { +virReportError(VIR_ERR_INVALID_ARG, %s, + _(hard limit must be lower than swap hard limit)); +goto cleanup; +} + +/* Get current swap hard limit */ +rc = virCgroupGetMemSwapHardLimit(group, val); +if (rc != 0) { +virReportSystemError(-rc, %s, + _(unable to get swap hard limit)); +goto cleanup; +} + +if (swap_hard_limit-value.ul val) { +sorted_params[0] = swap_hard_limit; +sorted_params[1] = hard_limit; +sorted_params[2] = soft_limit; +} else { +sorted_params[0] = soft_limit; +sorted_params[1] = hard_limit; +sorted_params[2] = swap_hard_limit; +} + ret = 0; for (i = 0; i nparams; i++) { -virTypedParameterPtr param = params[i]; +virTypedParameterPtr param = sorted_params[i]; if (STREQ(param-field, VIR_DOMAIN_MEMORY_HARD_LIMIT)) { if (flags VIR_DOMAIN_AFFECT_LIVE) { -rc = virCgroupSetMemoryHardLimit(group, params[i].value.ul); +rc = virCgroupSetMemoryHardLimit(group, sorted_params[i]-value.ul); if (rc != 0) { virReportSystemError(-rc, %s, _(unable to set memory hard_limit tunable)); @@ -6709,11 +6752,11 @@ qemuDomainSetMemoryParameters(virDomainPtr dom, } if (flags VIR_DOMAIN_AFFECT_CONFIG) { -persistentDef-mem.hard_limit = params[i].value.ul; +persistentDef-mem.hard_limit = sorted_params[i]-value.ul; } } else if (STREQ(param-field, VIR_DOMAIN_MEMORY_SOFT_LIMIT)) { if (flags VIR_DOMAIN_AFFECT_LIVE) { -rc = virCgroupSetMemorySoftLimit(group, params[i].value.ul); +rc = virCgroupSetMemorySoftLimit(group, sorted_params[i]-value.ul); if (rc != 0) { virReportSystemError(-rc, %s, _(unable to set memory soft_limit tunable)); @@ -6722,11 +6765,11 @@ qemuDomainSetMemoryParameters(virDomainPtr dom, } if (flags VIR_DOMAIN_AFFECT_CONFIG) { -persistentDef-mem.soft_limit = params[i].value.ul; +persistentDef-mem.soft_limit = sorted_params[i]-value.ul; } } else if (STREQ(param-field, VIR_DOMAIN_MEMORY_SWAP_HARD_LIMIT)) { if (flags VIR_DOMAIN_AFFECT_LIVE) { -rc = virCgroupSetMemSwapHardLimit(group, params[i].value.ul); +rc = virCgroupSetMemSwapHardLimit(group, sorted_params[i]-value.ul); if (rc != 0) { virReportSystemError(-rc, %s,
Re: [libvirt] [PATCH v2] qemu: Set swap_hard_limit before hard_limit
On 08/16/2012 12:37 PM, Osier Yang wrote: Setting hard_limit larger than previous swap_hard_limit must fail, it's not that good if one wants to change the swap_hard_limit and hard_limit together. E.g. % virsh memtune rhel6 hard_limit : 100 soft_limit : 100 swap_hard_limit: 100 % virsh memtune rhel6 --hard-limit 120 --soft-limit 120 \ --swap-hard-limit 120 --live This patch reoder the limits setting to set the swap_hard_limit first, hard_limit then, and soft_limit last if it's greater than current swap_hard_limit. And soft_limit first, hard_limit then, swap_hard_limit last, if not. --- src/qemu/qemu_driver.c | 59 +-- 1 files changed, 51 insertions(+), 8 deletions(-) diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 80cfa84..a26d3cd 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -6651,11 +6651,18 @@ qemuDomainSetMemoryParameters(virDomainPtr dom, virDomainDefPtr persistentDef = NULL; virCgroupPtr group = NULL; virDomainObjPtr vm = NULL; +virTypedParameterPtr hard_limit = NULL; +virTypedParameterPtr soft_limit = NULL; +virTypedParameterPtr swap_hard_limit = NULL; +virTypedParameterPtr sorted_params[nparams]; You allocate the correct number of params here, but ... @@ -6694,13 +6701,49 @@ qemuDomainSetMemoryParameters(virDomainPtr dom, } } +for (i = 0; i nparams; i++) { +if (STREQ(params[i].field, VIR_DOMAIN_MEMORY_HARD_LIMIT)) +hard_limit = params[i]; +else if (STREQ(params[i].field, VIR_DOMAIN_MEMORY_SOFT_LIMIT)) +soft_limit = params[i]; +else if (STREQ(params[i].field, VIR_DOMAIN_MEMORY_SWAP_HARD_LIMIT)) +swap_hard_limit = params[i]; +} + +/* It will fail if hard limit greater than swap hard limit anyway */ +if (swap_hard_limit +hard_limit +(hard_limit-value.ul swap_hard_limit-value.ul)) { +virReportError(VIR_ERR_INVALID_ARG, %s, + _(hard limit must be lower than swap hard limit)); +goto cleanup; +} + +/* Get current swap hard limit */ +rc = virCgroupGetMemSwapHardLimit(group, val); +if (rc != 0) { +virReportSystemError(-rc, %s, + _(unable to get swap hard limit)); +goto cleanup; +} + +if (swap_hard_limit-value.ul val) { +sorted_params[0] = swap_hard_limit; +sorted_params[1] = hard_limit; +sorted_params[2] = soft_limit; +} else { +sorted_params[0] = soft_limit; +sorted_params[1] = hard_limit; +sorted_params[2] = swap_hard_limit; +} ... you always access all 3 of them and you go through this list. Unfortunately this means that in case you want to change only one value (e.g. hard limit), you will dereference NULL couple of lines later and it will crash libvirtd (tried). To test this, you can try running 'virsh memtune rhel6 --hard-limit 120' in your previous scenario. Martin. -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 2/7] add qemuAgentArbitraryCommand() for general qemu agent command.
On 08/15/2012 03:36 AM, MATSUDA Daiki wrote: add qemuAgentArbitraryCommand() for general qemu agent command. Twice the same line in the message, could be less brief, maybe :) Signed-off-by: MATSUDA Daiki matsuda...@intellilink.co.jp --- src/qemu/qemu_agent.c | 31 +++ src/qemu/qemu_agent.h |5 + 2 files changed, 36 insertions(+), 0 deletions(-) diff --git a/src/qemu/qemu_agent.c b/src/qemu/qemu_agent.c index 26c2726..c634c23 100644 --- a/src/qemu/qemu_agent.c +++ b/src/qemu/qemu_agent.c @@ -1408,3 +1408,34 @@ qemuAgentSuspend(qemuAgentPtr mon, virJSONValueFree(reply); return ret; } + +int +qemuAgentArbitraryCommand(qemuAgentPtr mon, + const char *cmd_str, + char **result, + int timeout) +{ +int ret = -1; +virJSONValuePtr cmd; +virJSONValuePtr reply = NULL; + +if (timeout -2) +return ret; I think you can leave the test to only one layer of the code and that would be 'qemuAgentSend'. + +cmd = virJSONValueFromString(cmd_str); +if (!cmd) +return ret; + +ret = qemuAgentCommand(mon, cmd, reply, timeout); + +if (ret == 0) { +ret = qemuAgentCheckError(cmd, reply); +*result = virJSONValueToString(reply); +} else { +result = NULL; First of all, you probably wanted to do '*result = NULL', because 'result = NULL' won't do anything here, however in case of any other failure (timeout == -3, fail in virJSONValuFromSting) you don't guarantee the *result to be NULL, so I don't think you need to do this here. Martin -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 1/7] Add @seconds vaiable to qemuAgentSend()
On 08/15/2012 03:36 AM, MATSUDA Daiki wrote: Add @seconds variable to qemuAgentSend(). When @tiemout is true, @seconds controls how long to wait for a response (if @seconds is VIR_DOMAIN_QEMU_AGENT_COMMAND_DEFAULT, default to QEMU_AGENT_WAIT_TIME). If @timeout is false, @seconds is ignored. Signed-off-by: MATSUDA Daiki matsuda...@intellilink.co.jp --- include/libvirt/libvirt-qemu.h |6 ++ src/qemu/qemu_agent.c | 30 -- 2 files changed, 26 insertions(+), 10 deletions(-) diff --git a/include/libvirt/libvirt-qemu.h b/include/libvirt/libvirt-qemu.h index a37f897..013ed5a 100644 --- a/include/libvirt/libvirt-qemu.h +++ b/include/libvirt/libvirt-qemu.h @@ -44,6 +44,12 @@ virDomainPtr virDomainQemuAttach(virConnectPtr domain, unsigned int pid_value, unsigned int flags); +typedef enum { +VIR_DOMAIN_QEMU_AGENT_COMMAND_BLOCK = -2, Correct me if I'm wrong, but isn't this the same as setting timeout to false? +VIR_DOMAIN_QEMU_AGENT_COMMAND_DEFAULT = -1, +VIR_DOMAIN_QEMU_AGENT_COMMAND_NOWAIT = 0, +} virDomainQemuAgentCommandTimeoutValues; + # ifdef __cplusplus } # endif diff --git a/src/qemu/qemu_agent.c b/src/qemu/qemu_agent.c index 15af758..26c2726 100644 --- a/src/qemu/qemu_agent.c +++ b/src/qemu/qemu_agent.c @@ -837,6 +837,8 @@ void qemuAgentClose(qemuAgentPtr mon) * @mon: Monitor * @msg: Message * @timeout: use timeout? + * @seconds: timeout seconds. if VIR_DOMAIN_QEMU_AGENT_COMMAND_DEFAULT and + * @timeout is true, use default value. If my previous assumption is correct, than the timeout parameter can be completely thrown away. * * Send @msg to agent @mon. * Wait max QEMU_AGENT_WAIT_TIME for agent @@ -848,7 +850,8 @@ void qemuAgentClose(qemuAgentPtr mon) */ static int qemuAgentSend(qemuAgentPtr mon, qemuAgentMessagePtr msg, - bool timeout) + bool timeout, + int seconds) { int ret = -1; unsigned long long now, then = 0; @@ -864,7 +867,8 @@ static int qemuAgentSend(qemuAgentPtr mon, if (timeout) { if (virTimeMillisNow(now) 0) return -1; -then = now + QEMU_AGENT_WAIT_TIME; +then = now + (seconds == VIR_DOMAIN_QEMU_AGENT_COMMAND_DEFAULT ? + QEMU_AGENT_WAIT_TIME : seconds * 1000ull); } Also if seconds == VIR_DOMAIN_QEMU_AGENT_COMMAND_BLOCK, then this causes 'then' to be smaller than now. I'm not sure what that would do with pthread_cond_timedwait, but that's definitely not wanted behavior. Martin -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 3/7] add virAgentCommand()
On 08/15/2012 03:36 AM, MATSUDA Daiki wrote: diff --git a/include/libvirt/libvirt-qemu.h b/include/libvirt/libvirt-qemu.h index 013ed5a..60b83ef 100644 --- a/include/libvirt/libvirt-qemu.h +++ b/include/libvirt/libvirt-qemu.h @@ -50,6 +50,9 @@ typedef enum { VIR_DOMAIN_QEMU_AGENT_COMMAND_NOWAIT = 0, } virDomainQemuAgentCommandTimeoutValues; +char *virAgentCommand(virDomainPtr domain, const char *cmd, + int timeout, unsigned int flags); + I wondered why this is type 'char *', when we can use 'int' as usual and have '**result' (same as monitor command does). diff --git a/src/libvirt-qemu.c b/src/libvirt-qemu.c index 78480bb..49dfc20 100644 --- a/src/libvirt-qemu.c +++ b/src/libvirt-qemu.c @@ -185,3 +185,54 @@ error: virDispatchError(conn); return NULL; } + +/** + * virAgentCommand: + * @domain: a domain object + * @cmd: the guest agent command string + * @timeout: timeout seconds + * @flags: execution flags + * + * Execute an arbitrary Guest Agent command. + * + * Issue @cmd to the guest agent running in @domain. + * If @result is NULL, then don't wait for a result (and @timeout And then I noticed that there is no @result here, so maybe you wanted to make it that way and didn't change something? + * must be 0). Otherwise, wait for @timeout seconds for a + * @timeout must be -2, -1, 0 or positive. + * VIR_DOMAIN_QEMU_AGENT_COMMAND_BLOCK(-2): meaning to block forever waiting for + * a result. + * VIR_DOMAIN_QEMU_AGENT_COMMAND_DEFAULT(-1): use default timeout value. + * VIR_DOMAIN_QEMU_AGENT_COMMAND_NOWAIT(0): does not wait. + * positive value: wait for @timeout seconds + * + * Returns strings if success, NULL in failure. + */ +char * +virAgentCommand(virDomainPtr domain, +const char *cmd, +int timeout, +unsigned int flags) +{ +virConnectPtr conn; + +VIR_DEBUG(domain=%p, cmd=%s, timeout=%d, flags=%x, + domain, cmd, timeout, flags); + +if (!VIR_IS_CONNECTED_DOMAIN(domain)) { +virLibDomainError(NULL, VIR_ERR_INVALID_DOMAIN, __FUNCTION__); +virDispatchError(NULL); +return NULL; +} + +conn = domain-conn; + +if (conn-driver-qemuAgentCommand) { +return conn-driver-qemuAgentCommand(domain, cmd, timeout, flags); Shouldn't this be allowed only for read-only connections? +} + +virLibConnError(conn, VIR_ERR_NO_SUPPORT, __FUNCTION__); + +/* Copy to connection error object for back compatability */ s/compatability/compatibility/ +virDispatchError(domain-conn); You have 'domain-conn' in 'conn' already. Martin -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 5/7] add qemuAgentCommand() for .qemuAgentCommand to remote driver
On 08/15/2012 03:36 AM, MATSUDA Daiki wrote: diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c index 353a153..3c60709 100644 --- a/src/remote/remote_driver.c +++ b/src/remote/remote_driver.c @@ -5368,6 +5368,7 @@ static virDriver remote_driver = { .domainSetMetadata = remoteDomainSetMetadata, /* 0.9.10 */ .domainGetMetadata = remoteDomainGetMetadata, /* 0.9.10 */ .domainGetHostname = remoteDomainGetHostname, /* 0.10.0 */ +.qemuAgentCommand = qemuAgentCommand, /* 0.10.0 */ You probably want to call some function like 'remoteQemuDomainAgentCommand' or something like that since qemuAgentCommand works locally and not remotely. I haven't had a look at the rest of the series. Please feel free to correct me in case I've misunderstood the code somewhere. Martin -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 1/2] util: properly save/restore original vlan tag for VFs
On 08/16/2012 02:34 AM, Osier Yang wrote: -if (virMacAddrParse(macstr,oldmac) != 0) { +if ((vlan = strchr(fileData, '\n'))) { +char *endptr; + +*vlan++ = 0; /* NULL terminate the mac address */ s/terminate/terminates/ Actually, 'terminate' is correct - this is a comment describing what the assignment is good for (convert arbitrary contents into 0 in order to NUL-terminate the vlan variable), not the vlan format itself (a valid vlan exists when NUL terminates the string). -- Eric Blake ebl...@redhat.com+1-919-301-3266 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [User question] Huge buffer size on KVM host
On 08/16/2012 05:54 PM, Martin Wawro wrote: On Aug 15, 2012, at 2:57 PM, Avi Kivity wrote: We are using logical volumes and the cache is set to 'none'. Strange, that should work without any buffering. What the contents of /sys/block/sda/queue/hw_sector_size and /sys/block/sda/queue/logical_block_size ? Hi Avi, It seems that the kernel on that particular machine is too old, those entries are not featured. We checked on a comparable setup with a newer kernel and both entries were set to 512. We also did have a third more thorough look on the caching. It turns out that the virt-manager does not seem to honor the caching adjusted in the GUI correctly. We disabled caching on all virtual devices for this particular VM and checking with ps -fxal revealed, that only one of those devices (and a rather small one too) had this set. We corrected this in the XML file directly and the buffer size currently resides at around 1.8 GB after rebooting the VM (the only virtio device not having the cache=none option set is now the (non-mounted) cdrom). cc += libvirt-list Is there a reason that cdroms don't get cache=none? -- error compiling committee.c: too many arguments to function -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH 2/7] network: helper function to create interface pool from PF
Existing code that creates a list of forwardIfs from a single PF was moved to the new utility function networkCreateInterfacePool. No functional change. Signed-off-by: Shradha Shah ss...@solarflare.com --- src/network/bridge_driver.c | 82 ++- 1 files changed, 50 insertions(+), 32 deletions(-) diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c index 474bbfa..ff17c7f 100644 --- a/src/network/bridge_driver.c +++ b/src/network/bridge_driver.c @@ -2771,6 +2771,55 @@ int networkRegister(void) { * backend function table. */ +/* networkCreateInterfacePool: + * @netdef: the original NetDef from the network + * + * Creates an implicit interface pool of VF's when a PF dev is given + */ +static int +networkCreateInterfacePool(virNetworkDefPtr netdef) { +unsigned int num_virt_fns = 0; +char **vfname = NULL; +int ret = -1, ii = 0; + +if ((virNetDevGetVirtualFunctions(netdef-forwardPfs-dev, + vfname, num_virt_fns)) 0) { +virReportError(VIR_ERR_INTERNAL_ERROR, + _(Could not get Virtual functions on %s), + netdef-forwardPfs-dev); +goto finish; +} + +if (num_virt_fns == 0) { +virReportError(VIR_ERR_INTERNAL_ERROR, + _(No Vf's present on SRIOV PF %s), + netdef-forwardPfs-dev); + goto finish; +} + +if ((VIR_ALLOC_N(netdef-forwardIfs, num_virt_fns)) 0) { +virReportOOMError(); +goto finish; +} + +netdef-nForwardIfs = num_virt_fns; + +for (ii = 0; ii netdef-nForwardIfs; ii++) { +netdef-forwardIfs[ii].dev = strdup(vfname[ii]); +if (!netdef-forwardIfs[ii].dev) { +virReportOOMError(); +goto finish; +} +} + +ret = 0; +finish: +for (ii = 0; ii num_virt_fns; ii++) +VIR_FREE(vfname[ii]); +VIR_FREE(vfname); +return ret; +} + /* networkAllocateActualDevice: * @iface: the original NetDef from the domain * @@ -2793,8 +2842,6 @@ networkAllocateActualDevice(virDomainNetDefPtr iface) virNetDevVPortProfilePtr virtport = iface-virtPortProfile; virNetDevVlanPtr vlan = NULL; virNetworkForwardIfDefPtr dev = NULL; -unsigned int num_virt_fns = 0; -char **vfname = NULL; int ii; int ret = -1; @@ -2969,35 +3016,9 @@ networkAllocateActualDevice(virDomainNetDefPtr iface) */ if (netdef-forwardType == VIR_NETWORK_FORWARD_PASSTHROUGH) { if ((netdef-nForwardPfs 0) (netdef-nForwardIfs = 0)) { -if ((virNetDevGetVirtualFunctions(netdef-forwardPfs-dev, - vfname, num_virt_fns)) 0) { -virReportError(VIR_ERR_INTERNAL_ERROR, - _(Could not get Virtual functions on %s), - netdef-forwardPfs-dev); +if ((networkCreateInterfacePool(netdef)) 0) { goto error; } - -if (num_virt_fns == 0) { -virReportError(VIR_ERR_INTERNAL_ERROR, - _(No Vf's present on SRIOV PF %s), - netdef-forwardPfs-dev); -goto error; -} - -if ((VIR_ALLOC_N(netdef-forwardIfs, num_virt_fns)) 0) { -virReportOOMError(); -goto error; -} - -netdef-nForwardIfs = num_virt_fns; - -for (ii = 0; ii netdef-nForwardIfs; ii++) { -netdef-forwardIfs[ii].dev = strdup(vfname[ii]); -if (!netdef-forwardIfs[ii].dev) { -virReportOOMError(); -goto error; -} -} } /* pick first dev with 0 connections */ @@ -3105,9 +3126,6 @@ validate: ret = 0; cleanup: -for (ii = 0; ii num_virt_fns; ii++) -VIR_FREE(vfname[ii]); -VIR_FREE(vfname); if (network) virNetworkObjUnlock(network); return ret; -- 1.7.4.4 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH 1/7] conf: move DevicePCIAddress functions to separate file
Move the functions the parse/format, and validate PCI addresses to their own file so they can be conveniently used in other places besides device_conf.c Refactoring existing code without causing any functional changes to prepare for new code. This patch makes the code reusable. Signed-off-by: Shradha Shah ss...@solarflare.com --- include/libvirt/virterror.h |1 + src/Makefile.am |7 ++- src/conf/device_conf.c | 131 ++ src/conf/device_conf.h | 65 + src/conf/domain_conf.c | 114 + src/conf/domain_conf.h | 25 +--- src/libvirt_private.syms | 10 ++- src/qemu/qemu_command.c | 13 ++-- src/qemu/qemu_hotplug.c |7 +- src/qemu/qemu_monitor.c | 14 ++-- src/qemu/qemu_monitor.h | 17 +++--- src/qemu/qemu_monitor_json.c | 14 ++-- src/qemu/qemu_monitor_json.h | 14 ++-- src/qemu/qemu_monitor_text.c | 16 +++--- src/qemu/qemu_monitor_text.h | 14 ++-- src/util/virterror.c |3 +- src/xen/xend_internal.c |3 +- 17 files changed, 287 insertions(+), 181 deletions(-) diff --git a/include/libvirt/virterror.h b/include/libvirt/virterror.h index 913fc5d..d0af43d 100644 --- a/include/libvirt/virterror.h +++ b/include/libvirt/virterror.h @@ -110,6 +110,7 @@ typedef enum { VIR_FROM_AUTH = 46, /* Error from auth handling */ VIR_FROM_DBUS = 47, /* Error from DBus */ VIR_FROM_PARALLELS = 48,/* Error from Parallels */ +VIR_FROM_DEVICE = 49, /* Error from Device */ # ifdef VIR_ENUM_SENTINELS VIR_ERR_DOMAIN_LAST diff --git a/src/Makefile.am b/src/Makefile.am index b5f8056..ad24534 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -199,6 +199,10 @@ CPU_CONF_SOURCES = \ CONSOLE_CONF_SOURCES = \ conf/virconsole.c conf/virconsole.h +# Device Helper APIs +DEVICE_CONF_SOURCES = \ + conf/device_conf.c conf/device_conf.h + CONF_SOURCES = \ $(NETDEV_CONF_SOURCES) \ $(DOMAIN_CONF_SOURCES) \ @@ -211,7 +215,8 @@ CONF_SOURCES = \ $(INTERFACE_CONF_SOURCES) \ $(SECRET_CONF_SOURCES) \ $(CPU_CONF_SOURCES) \ - $(CONSOLE_CONF_SOURCES) + $(CONSOLE_CONF_SOURCES) \ + $(DEVICE_CONF_SOURCES) # The remote RPC driver, covering domains, storage, networks, etc REMOTE_DRIVER_GENERATED = \ diff --git a/src/conf/device_conf.c b/src/conf/device_conf.c new file mode 100644 index 000..ca600c5 --- /dev/null +++ b/src/conf/device_conf.c @@ -0,0 +1,131 @@ +/* + * device_conf.c: device XML handling + * + * Copyright (C) 2006-2012 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * + * Author: Daniel P. Berrange berra...@redhat.com + */ + +#include config.h +#include virterror_internal.h +#include datatypes.h +#include memory.h +#include xml.h +#include uuid.h +#include util.h +#include buf.h +#include device_conf.h + +#define VIR_FROM_THIS VIR_FROM_DEVICE + +VIR_ENUM_IMPL(virDeviceAddressPciMulti, + VIR_DEVICE_ADDRESS_PCI_MULTI_LAST, + default, + on, + off) + +int virDevicePCIAddressIsValid(virDevicePCIAddressPtr addr) +{ +/* PCI bus has 32 slots and 8 functions per slot */ +if (addr-slot = 32 || addr-function = 8) +return 0; +return addr-domain || addr-bus || addr-slot; +} + + +int +virDevicePCIAddressParseXML(xmlNodePtr node, +virDevicePCIAddressPtr addr) +{ +char *domain, *slot, *bus, *function, *multi; +int ret = -1; + +memset(addr, 0, sizeof(*addr)); + +domain = virXMLPropString(node, domain); +bus = virXMLPropString(node, bus); +slot = virXMLPropString(node, slot); +function = virXMLPropString(node, function); +multi
Re: [libvirt] [PATCH 0/8] Honour current process label when generating SELinux labels
On 08/10/2012 03:47 PM, Daniel P. Berrange wrote: This patch series makes a number of changes to the SELinux label generation code. This is intended to make it fully honour the current process label when generating VM labels, so that dynamic label generation works better with custom policies, or confined user accounts. -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list Unfortunately I am not selinux-savvy enough to understand exactly why, but I cannot start guests any more after pulling master. The issue is that the virtual disk's security context (a block device in this case) cannot be set, message shown below. 012-08-16 15:02:18.891+: 1536: error : virSecuritySELinuxSetFileconHelper:652 : unable to set security context 'system_u:system_r:svirt_image_t:s0:c786,c986' on '/dev/disk/by-path/ccw-0.0.3770-part1': Invalid argument Prior to that the security context would have looked like this system_u:object_r:svirt_image_t:s0:c153,c923, i.e. using object_r instead of system_r. I am running on RHEL 6.2, not sure whether this is relevant. -- Mit freundlichen Grüßen/Kind Regards Viktor Mihajlovski IBM Deutschland Research Development GmbH Vorsitzender des Aufsichtsrats: Martin Jetter Geschäftsführung: Dirk Wittkopp Sitz der Gesellschaft: Böblingen Registergericht: Amtsgericht Stuttgart, HRB 243294 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH 6/7] Forward Mode Hostdev network driver Implementation
This patch updates the network driver to properly utilize the new attributes/elements that are now in virNetworkDef Signed-off-by: Shradha Shah ss...@solarflare.com --- docs/formatnetwork.html.in | 62 ++ src/network/bridge_driver.c | 282 ++- 2 files changed, 284 insertions(+), 60 deletions(-) diff --git a/docs/formatnetwork.html.in b/docs/formatnetwork.html.in index ed9f7a9..5ab5f3c 100644 --- a/docs/formatnetwork.html.in +++ b/docs/formatnetwork.html.in @@ -223,6 +223,37 @@ (usually either a domain start, or a hotplug interface attach to a domain).span class=sinceSince 0.9.4/span /dd + dtcodehostdev/code/dt + dd +This network facilitates PCI Passthrough of a network device. +A network device is chosen from the interface pool and +directly assigned to the guest using generic device +passthrough, after first optionally setting the device's MAC +address to the configured value, and optionally associating +the device with an 802.1Qbh capable switch using an optionally +specified codelt;virtualportgt;/code element. +Note that - due to limitations in standard single-port PCI +ethernet card driver design - only SR-IOV (Single Root I/O +Virtualization) virtual function (VF) devices can be assigned +in this manner; to assign a standard single-port PCI or PCIe +ethernet card to a guest, use the traditional codelt; +hostdevgt;/code device definition. span class=since +Since 0.10.0/span + +pNote that this intelligent passthrough of network devices is +very similar to the functionality of a standard codelt; +hostdevgt;/code device, the difference being that this +method allows specifying a MAC address and codelt;virtualport +gt;/code for the passed-through device. If these capabilities +are not required, if you have a standard single-port PCI, PCIe, +or USB network card that doesn't support SR-IOV (and hence would +anyway lose the configured MAC address during reset after being +assigned to the guest domain), or if you are using a version of +libvirt older than 0.10.0, you should use a standard +codelt;hostdevgt;/code definition to assign the device to +the guest instead of codelt;forward mode='hostdev'/gt;/code. +/p + /dd /dl As mentioned above, a codelt;forwardgt;/code element can have multiple codelt;interfacegt;/code subelements, each @@ -272,6 +303,37 @@ particular, 'passthrough' mode, and 'private' mode when using 802.1Qbh), libvirt will choose an unused physical interface or, if it can't find an unused interface, fail the operation./p + +span class=sincesince 0.9.12/span and when using forward mode +'hostdev' we specify the interface pool by using the +codelt;addressgt;/code element and codelt; +typegt;/code codelt;domaingt;/code codelt;busgt;/code +codelt;slotgt;/code and codelt;functiongt;/code +sub-elements. + +pre +... + lt;forward mode='hostdev' managed='yes'gt; +lt;address type='pci' domain='0' bus='4' slot='0' function='1'/gt; +lt;address type='pci' domain='0' bus='4' slot='0' function='2'/gt; +lt;address type='pci' domain='0' bus='4' slot='0' function='3'/gt; + lt;/forwardgt; +... +/pre + +Alternatively the interface pool can also be defined using a +single physical function codelt;pfgt;/code subelement to +call out the corresponding physical interface associated with +multiple virtual interfaces (similar to passthrough mode): + +pre +... + lt;forward mode='hostdev' managed='yes'gt; +lt;pf dev='eth0'/gt; + lt;/forwardgt; +... +/pre + /dd /dl h5a name=elementQoSQuality of service/a/h5 diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c index 38f6d12..065af3e 100644 --- a/src/network/bridge_driver.c +++ b/src/network/bridge_driver.c @@ -47,6 +47,7 @@ #include datatypes.h #include bridge_driver.h #include network_conf.h +#include device_conf.h #include driver.h #include buf.h #include virpidfile.h @@ -1935,7 +1936,7 @@ networkStartNetworkExternal(struct network_driver *driver ATTRIBUTE_UNUSED, virNetworkObjPtr network ATTRIBUTE_UNUSED) { /* put anything here that needs to be done each time a network of - * type BRIDGE, PRIVATE, VEPA, or PASSTHROUGH is started. On + * type BRIDGE, PRIVATE, VEPA, HOSTDEV or PASSTHROUGH is started. On * failure, undo anything you've done, and return -1. On success * return 0. */ @@ -1946,7 +1947,7 @@ static int
[libvirt] [PATCH 5/7] Add function virDevicePCIAddressEqual
This function is needed by the network driver in a later commit. This function is useful in functions like networkNotifyActualDevice and networkReleaseActualDevice --- src/conf/device_conf.c | 16 src/conf/device_conf.h |3 +++ src/libvirt_private.syms |1 + 3 files changed, 20 insertions(+), 0 deletions(-) diff --git a/src/conf/device_conf.c b/src/conf/device_conf.c index ca600c5..8edcc0a 100644 --- a/src/conf/device_conf.c +++ b/src/conf/device_conf.c @@ -129,3 +129,19 @@ virDevicePCIAddressFormat(virBufferPtr buf, addr.function); return 0; } + +int +virDevicePCIAddressEqual(virDevicePCIAddress addr1, + virDevicePCIAddress addr2) +{ +int ret = -1; + +if (addr1.domain == addr2.domain +addr1.bus == addr2.bus +addr1.slot == addr2.slot +addr1.function == addr2.function) { +ret = 0; +} + +return ret; +} diff --git a/src/conf/device_conf.h b/src/conf/device_conf.h index c679bce..7c4d356 100644 --- a/src/conf/device_conf.h +++ b/src/conf/device_conf.h @@ -59,6 +59,9 @@ int virDevicePCIAddressFormat(virBufferPtr buf, virDevicePCIAddress addr, bool includeTypeInAddr); +int virDevicePCIAddressEqual(virDevicePCIAddress addr1, + virDevicePCIAddress addr2); + VIR_ENUM_DECL(virDeviceAddressPciMulti) diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 1f32f8e..063d0bc 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -224,6 +224,7 @@ virDeviceAddressPciMultiTypeToString; virDevicePCIAddressIsValid; virDevicePCIAddressParseXML; virDevicePCIAddressFormat; +virDevicePCIAddressEqual; # dnsmasq.h dnsmasqAddDhcpHost; -- 1.7.4.4 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH 3/7] RNG updates, new xml parser/formatter code to support forward mode=hostdev
This patch introduces the new forward mode='hostdev' along with attribute managed Includes updates to the network RNG and new xml parser/formatter code. Signed-off-by: Shradha Shah ss...@solarflare.com --- docs/schemas/basictypes.rng| 46 +++ docs/schemas/domaincommon.rng | 44 --- docs/schemas/network.rng | 53 ++--- src/conf/network_conf.c| 130 +++- src/conf/network_conf.h| 26 ++- src/network/bridge_driver.c| 18 ++-- tests/networkxml2xmlin/hostdev-pf.xml |7 ++ tests/networkxml2xmlin/hostdev.xml | 10 +++ tests/networkxml2xmlout/hostdev-pf.xml |7 ++ tests/networkxml2xmlout/hostdev.xml| 10 +++ tests/networkxml2xmltest.c |2 + 11 files changed, 266 insertions(+), 87 deletions(-) diff --git a/docs/schemas/basictypes.rng b/docs/schemas/basictypes.rng index 9dbda4a..766f9a0 100644 --- a/docs/schemas/basictypes.rng +++ b/docs/schemas/basictypes.rng @@ -54,6 +54,31 @@ /choice /define + define name=pciaddress +optional + attribute name=domain +ref name=pciDomain/ + /attribute +/optional +attribute name=bus + ref name=pciBus/ +/attribute +attribute name=slot + ref name=pciSlot/ +/attribute +attribute name=function + ref name=pciFunc/ +/attribute +optional + attribute name=multifunction +choice + valueon/value + valueoff/value +/choice + /attribute +/optional + /define + !-- a 6 byte MAC address in ASCII-hex format, eg 12:34:56:78:9A:BC -- !-- The lowest bit of the 1st byte is the multicast bit. a -- !-- uniMacAddr requires that bit to be 0, and a multiMacAddr -- @@ -167,4 +192,25 @@ ref name='unsignedLong'/ /define + define name=pciDomain +data type=string + param name=pattern(0x)?[0-9a-fA-F]{1,4}/param +/data + /define + define name=pciBus +data type=string + param name=pattern(0x)?[0-9a-fA-F]{1,2}/param +/data + /define + define name=pciSlot +data type=string + param name=pattern(0x)?[0-1]?[0-9a-fA-F]/param +/data + /define + define name=pciFunc +data type=string + param name=pattern(0x)?[0-7]/param +/data + /define + /grammar diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng index 4903ca6..35e9f82 100644 --- a/docs/schemas/domaincommon.rng +++ b/docs/schemas/domaincommon.rng @@ -2652,30 +2652,6 @@ /attribute /optional /define - define name=pciaddress -optional - attribute name=domain -ref name=pciDomain/ - /attribute -/optional -attribute name=bus - ref name=pciBus/ -/attribute -attribute name=slot - ref name=pciSlot/ -/attribute -attribute name=function - ref name=pciFunc/ -/attribute -optional - attribute name=multifunction -choice - valueon/value - valueoff/value -/choice - /attribute -/optional - /define define name=driveaddress optional attribute name=controller @@ -3376,26 +3352,6 @@ param name=pattern((0x)?[0-9a-fA-F]{1,3}\.){0,3}(0x)?[0-9a-fA-F]{1,3}/param /data /define - define name=pciDomain -data type=string - param name=pattern(0x)?[0-9a-fA-F]{1,4}/param -/data - /define - define name=pciBus -data type=string - param name=pattern(0x)?[0-9a-fA-F]{1,2}/param -/data - /define - define name=pciSlot -data type=string - param name=pattern(0x)?[0-1]?[0-9a-fA-F]/param -/data - /define - define name=pciFunc -data type=string - param name=pattern(0x)?[0-7]/param -/data - /define define name=driveController data type=string param name=pattern[0-9]{1,2}/param diff --git a/docs/schemas/network.rng b/docs/schemas/network.rng index e55105a..4abfd91 100644 --- a/docs/schemas/network.rng +++ b/docs/schemas/network.rng @@ -87,22 +87,51 @@ valuepassthrough/value valueprivate/value valuevepa/value + valuehostdev/value +/choice + /attribute +/optional + +optional + attribute name=managed +choice + valueyes/value + valueno/value /choice /attribute /optional interleave - zeroOrMore -element name='interface' - attribute name='dev' -ref name='deviceName'/ - /attribute - optional -attribute name=connections - data type=unsignedInt/ -/attribute - /optional -/element - /zeroOrMore + choice +
[libvirt] [PATCH 4/7] Code to return interface name or pci_addr of the VF in actualDevice
The network pool should be able to keep track of both, network device names nad PCI addresses, and return the appropriate one in the actualDevice when networkAllocateActualDevice is called. Signed-off-by: Shradha Shah ss...@solarflare.com --- src/network/bridge_driver.c | 60 +-- src/util/virnetdev.c| 25 - src/util/virnetdev.h|4 ++- 3 files changed, 50 insertions(+), 39 deletions(-) diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c index ddd66e5..38f6d12 100644 --- a/src/network/bridge_driver.c +++ b/src/network/bridge_driver.c @@ -59,6 +59,7 @@ #include dnsmasq.h #include configmake.h #include virnetdev.h +#include pci.h #include virnetdevbridge.h #include virnetdevtap.h #include virnetdevvportprofile.h @@ -2780,10 +2781,11 @@ static int networkCreateInterfacePool(virNetworkDefPtr netdef) { unsigned int num_virt_fns = 0; char **vfname = NULL; +struct pci_config_address **virt_fns; int ret = -1, ii = 0; if ((virNetDevGetVirtualFunctions(netdef-forwardPfs-dev, - vfname, num_virt_fns)) 0) { + vfname, virt_fns, num_virt_fns)) 0) { virReportError(VIR_ERR_INTERNAL_ERROR, _(Could not get Virtual functions on %s), netdef-forwardPfs-dev); @@ -2805,18 +2807,34 @@ networkCreateInterfacePool(virNetworkDefPtr netdef) { netdef-nForwardIfs = num_virt_fns; for (ii = 0; ii netdef-nForwardIfs; ii++) { -netdef-forwardIfs[ii].device.dev = strdup(vfname[ii]); -if (!netdef-forwardIfs[ii].device.dev) { -virReportOOMError(); -goto finish; +if ((netdef-forwardType == VIR_NETWORK_FORWARD_BRIDGE) || +(netdef-forwardType == VIR_NETWORK_FORWARD_PRIVATE) || +(netdef-forwardType == VIR_NETWORK_FORWARD_VEPA) || +(netdef-forwardType == VIR_NETWORK_FORWARD_PASSTHROUGH)) { +netdef-forwardIfs[ii].type = VIR_NETWORK_FORWARD_HOSTDEV_DEVICE_NETDEV; +if(vfname[ii]) { +netdef-forwardIfs[ii].device.dev = strdup(vfname[ii]); +if (!netdef-forwardIfs[ii].device.dev) { +virReportOOMError(); +goto finish; +} +} +else { +virReportError(VIR_ERR_INTERNAL_ERROR, %s, + _(Direct mode types requires interface names)); +goto finish; +} } } ret = 0; finish: -for (ii = 0; ii num_virt_fns; ii++) +for (ii = 0; ii num_virt_fns; ii++) { VIR_FREE(vfname[ii]); +VIR_FREE(virt_fns[ii]); +} VIR_FREE(vfname); +VIR_FREE(virt_fns); return ret; } @@ -3008,31 +3026,23 @@ networkAllocateActualDevice(virDomainNetDefPtr iface) } else { /* pick an interface from the pool */ +if ((netdef-nForwardPfs 0) (netdef-nForwardIfs = 0)) { +if ((networkCreateInterfacePool(netdef)) 0) { +goto error; +} +} + /* PASSTHROUGH mode, and PRIVATE Mode + 802.1Qbh both * require exclusive access to a device, so current * connections count must be 0. Other modes can share, so * just search for the one with the lowest number of * connections. */ -if (netdef-forwardType == VIR_NETWORK_FORWARD_PASSTHROUGH) { -if ((netdef-nForwardPfs 0) (netdef-nForwardIfs = 0)) { -if ((networkCreateInterfacePool(netdef)) 0) { -goto error; -} -} - -/* pick first dev with 0 connections */ - -for (ii = 0; ii netdef-nForwardIfs; ii++) { -if (netdef-forwardIfs[ii].connections == 0) { -dev = netdef-forwardIfs[ii]; -break; -} -} -} else if ((netdef-forwardType == VIR_NETWORK_FORWARD_PRIVATE) - iface-data.network.actual-virtPortProfile - (iface-data.network.actual-virtPortProfile-virtPortType -== VIR_NETDEV_VPORT_PROFILE_8021QBH)) { +if ((netdef-forwardType == VIR_NETWORK_FORWARD_PASSTHROUGH) || +((netdef-forwardType == VIR_NETWORK_FORWARD_PRIVATE) + iface-data.network.actual-virtPortProfile + (iface-data.network.actual-virtPortProfile-virtPortType + == VIR_NETDEV_VPORT_PROFILE_8021QBH))) { /* pick first dev with 0 connections */ for (ii = 0; ii netdef-nForwardIfs; ii++) { diff --git a/src/util/virnetdev.c b/src/util/virnetdev.c index 25bdf01..f9eba1a
[libvirt] [PATCH 7/7] Forward Mode 'Hostdev' qemu driver implementation
For a network with forward mode='hostdev', there is a need to add the newly minted hostdev to the hostdevs array. In this case we also call qemuPrepareHostDevicesas it has already been called by the time we get to here and are building the qemu commandline Signed-off-by: Shradha Shah ss...@solarflare.com --- src/qemu/qemu_command.c | 39 +-- 1 files changed, 33 insertions(+), 6 deletions(-) diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index 6f6c6cd..1470edd 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -24,6 +24,7 @@ #include config.h #include qemu_command.h +#include qemu_hostdev.h #include qemu_capabilities.h #include qemu_bridge_filter.h #include cpu/cpu.h @@ -5221,12 +5222,38 @@ qemuBuildCommandLine(virConnectPtr conn, actualType = virDomainNetGetActualType(net); if (actualType == VIR_DOMAIN_NET_TYPE_HOSTDEV) { -/* type='hostdev' interfaces are handled in codepath - * for standard hostdev (NB: when there is a network - * with forward mode='hostdev', there will need to be - * code here that adds the newly minted hostdev to the - * hostdevs array). - */ +if (net-type == VIR_DOMAIN_NET_TYPE_NETWORK) { +virDomainHostdevDefPtr hostdev = virDomainNetGetActualHostdev(net); +virDomainHostdevDefPtr found; +/* For a network with forward mode='hostdev', there is a need to + * add the newly minted hostdev to the hostdevs array. + */ +if (qemuAssignDeviceHostdevAlias(def, hostdev, + (def-nhostdevs-1)) 0) { +virReportError(VIR_ERR_INTERNAL_ERROR, %s, + _(Could not assign alias to Net Hostdev)); +goto error; +} + +if (virDomainHostdevFind(def, hostdev, found) 0) { +if (virDomainHostdevInsert(def, hostdev) 0) { +virReportError(VIR_ERR_INTERNAL_ERROR, %s, + _(Hostdev not inserted into the array)); +goto error; +} +if (qemuPrepareHostdevPCIDevices(driver, def-name, def-uuid, + hostdev, 1) 0) { +virReportError(VIR_ERR_INTERNAL_ERROR, %s, + _(Prepare Hostdev PCI Devices failed)); +goto error; +} +} +else { +virReportError(VIR_ERR_INTERNAL_ERROR, %s, + _(The Hostdev is being used by some other device)); +goto error; +} +} continue; } -- 1.7.4.4 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH 0/7] Forward mode='hostdev' patch series
This patch series supports the forward mode='hostdev'. The functionality of this mode is the same as interface type='hostdev' but with the added benefit of using interface pools. The patch series also contains a patch to support use of interface names and PCI device addresses interchangeably in a network xml, and return the appropriate one in actualDevice when networkAllocateActualDevice is called. At the top level managed attribute can be specified with identical results as when it's specified for a hostdev. Currently forward mode='hostdev' does not support USB devices. Shradha Shah (7): conf: move DevicePCIAddress functions to separate file network: helper function to create interface pool from PF RNG updates, new xml parser/formatter code to support forward mode=hostdev Code to return interface name or pci_addr of the VF in actualDevice Add function virDevicePCIAddressEqual Forward Mode Hostdev network driver Implementation Forward Mode 'Hostdev' qemu driver implementation docs/formatnetwork.html.in | 62 + docs/schemas/basictypes.rng| 46 docs/schemas/domaincommon.rng | 44 docs/schemas/network.rng | 53 - include/libvirt/virterror.h|1 + src/Makefile.am|7 +- src/conf/device_conf.c | 147 +++ src/conf/device_conf.h | 68 ++ src/conf/domain_conf.c | 114 + src/conf/domain_conf.h | 25 +-- src/conf/network_conf.c| 130 +-- src/conf/network_conf.h| 26 ++- src/libvirt_private.syms | 11 +- src/network/bridge_driver.c| 414 +++- src/qemu/qemu_command.c| 52 +++- src/qemu/qemu_hotplug.c|7 +- src/qemu/qemu_monitor.c| 14 +- src/qemu/qemu_monitor.h| 17 +- src/qemu/qemu_monitor_json.c | 14 +- src/qemu/qemu_monitor_json.h | 14 +- src/qemu/qemu_monitor_text.c | 16 +- src/qemu/qemu_monitor_text.h | 14 +- src/util/virnetdev.c | 25 +- src/util/virnetdev.h |4 +- src/util/virterror.c |3 +- src/xen/xend_internal.c|3 +- tests/networkxml2xmlin/hostdev-pf.xml |7 + tests/networkxml2xmlin/hostdev.xml | 10 + tests/networkxml2xmlout/hostdev-pf.xml |7 + tests/networkxml2xmlout/hostdev.xml| 10 + tests/networkxml2xmltest.c |2 + 31 files changed, 976 insertions(+), 391 deletions(-) create mode 100644 src/conf/device_conf.c create mode 100644 src/conf/device_conf.h create mode 100644 tests/networkxml2xmlin/hostdev-pf.xml create mode 100644 tests/networkxml2xmlin/hostdev.xml create mode 100644 tests/networkxml2xmlout/hostdev-pf.xml create mode 100644 tests/networkxml2xmlout/hostdev.xml -- 1.7.4.4 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 2/7] network: helper function to create interface pool from PF
On 08/16/2012 11:41 AM, Shradha Shah wrote: Existing code that creates a list of forwardIfs from a single PF was moved to the new utility function networkCreateInterfacePool. No functional change. Signed-off-by: Shradha Shah ss...@solarflare.com ACK. Just one small change to the code (and a shorter title :-) had been requested, and both have been resolved. -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 1/7] conf: move DevicePCIAddress functions to separate file
On 08/16/2012 11:41 AM, Shradha Shah wrote: Move the functions the parse/format, and validate PCI addresses to their own file so they can be conveniently used in other places besides device_conf.c Refactoring existing code without causing any functional changes to prepare for new code. This patch makes the code reusable. Signed-off-by: Shradha Shah ss...@solarflare.com ACK. You've taken care of all my nits from the previous version. -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 3/7] RNG updates, new xml parser/formatter code to support forward mode=hostdev
On 08/16/2012 11:41 AM, Shradha Shah wrote: This patch introduces the new forward mode='hostdev' along with attribute managed Includes updates to the network RNG and new xml parser/formatter code. Signed-off-by: Shradha Shah ss...@solarflare.com I'm in tears! ACK. You've taken care of every one of my points in the last review, *AND* rebased on top of my conflicting changes! (Thanks for putting up with that, btw :-) -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 08/23] Refactor the way new clients are registered with the server
On 08/09/2012 09:20 AM, Daniel P. Berrange wrote: From: Daniel P. Berrange berra...@redhat.com Currently the virNetServerDispatchNewClient both creates the virNetServerClientPtr instance and registers it with the virNetServerPtr internal state. Split the client registration code out into a separate virNetServerAddClient method to allow future reuse from other contexts Signed-off-by: Daniel P. Berrange berra...@redhat.com --- src/rpc/virnetserver.c | 46 -- 1 file changed, 28 insertions(+), 18 deletions(-) ACK. -- Eric Blake ebl...@redhat.com+1-919-301-3266 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 09/23] Refactor impl of the virNetServerClientNew method
On 08/09/2012 09:20 AM, Daniel P. Berrange wrote: From: Daniel P. Berrange berra...@redhat.com In preparation for adding further constructors, refactor the virNetServerClientNew method to move most of the code into a common virNetServerClientNewInternal helper API. Signed-off-by: Daniel P. Berrange berra...@redhat.com --- src/rpc/virnetserverclient.c | 52 +--- 1 file changed, 34 insertions(+), 18 deletions(-) ACK. -- Eric Blake ebl...@redhat.com+1-919-301-3266 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 5/7] Add function virDevicePCIAddressEqual
On 08/16/2012 11:42 AM, Shradha Shah wrote: This function is needed by the network driver in a later commit. This function is useful in functions like networkNotifyActualDevice and networkReleaseActualDevice --- src/conf/device_conf.c | 16 src/conf/device_conf.h |3 +++ src/libvirt_private.syms |1 + 3 files changed, 20 insertions(+), 0 deletions(-) diff --git a/src/conf/device_conf.c b/src/conf/device_conf.c index ca600c5..8edcc0a 100644 --- a/src/conf/device_conf.c +++ b/src/conf/device_conf.c @@ -129,3 +129,19 @@ virDevicePCIAddressFormat(virBufferPtr buf, addr.function); return 0; } + +int +virDevicePCIAddressEqual(virDevicePCIAddress addr1, + virDevicePCIAddress addr2) +{ +int ret = -1; The other xxxEqual() functions in libvirt return a bool true/false rather than 0 / -1. ACK with that fix (don't bother re-sending - I'll just fix it up (along with the places you call it in later patches) before I push. + +if (addr1.domain == addr2.domain +addr1.bus == addr2.bus +addr1.slot == addr2.slot +addr1.function == addr2.function) { +ret = 0; +} + +return ret; +} diff --git a/src/conf/device_conf.h b/src/conf/device_conf.h index c679bce..7c4d356 100644 --- a/src/conf/device_conf.h +++ b/src/conf/device_conf.h @@ -59,6 +59,9 @@ int virDevicePCIAddressFormat(virBufferPtr buf, virDevicePCIAddress addr, bool includeTypeInAddr); +int virDevicePCIAddressEqual(virDevicePCIAddress addr1, + virDevicePCIAddress addr2); + VIR_ENUM_DECL(virDeviceAddressPciMulti) diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 1f32f8e..063d0bc 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -224,6 +224,7 @@ virDeviceAddressPciMultiTypeToString; virDevicePCIAddressIsValid; virDevicePCIAddressParseXML; virDevicePCIAddressFormat; +virDevicePCIAddressEqual; # dnsmasq.h dnsmasqAddDhcpHost; -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 10/23] Add support for creating sockets RPC servers from a pre-opened fd
On 08/09/2012 09:20 AM, Daniel P. Berrange wrote: From: Daniel P. Berrange berra...@redhat.com In order to support systemd socket based activation, it needs to be possible to create virNetSocketPtr and virNetServerServicePtr instance from a pre-opened file descriptor --- src/libvirt_private.syms | 2 ++ src/rpc/virnetserverservice.c | 49 +++ src/rpc/virnetserverservice.h | 5 + src/rpc/virnetsocket.c| 20 ++ src/rpc/virnetsocket.h| 3 +++ 5 files changed, 79 insertions(+) ACK. -- Eric Blake ebl...@redhat.com+1-919-301-3266 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 0/8] Honour current process label when generating SELinux labels
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 08/16/2012 11:41 AM, Viktor Mihajlovski wrote: On 08/10/2012 03:47 PM, Daniel P. Berrange wrote: This patch series makes a number of changes to the SELinux label generation code. This is intended to make it fully honour the current process label when generating VM labels, so that dynamic label generation works better with custom policies, or confined user accounts. -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list Unfortunately I am not selinux-savvy enough to understand exactly why, but I cannot start guests any more after pulling master. The issue is that the virtual disk's security context (a block device in this case) cannot be set, message shown below. 012-08-16 15:02:18.891+: 1536: error : virSecuritySELinuxSetFileconHelper:652 : unable to set security context 'system_u:system_r:svirt_image_t:s0:c786,c986' on '/dev/disk/by-path/ccw-0.0.3770-part1': Invalid argument Prior to that the security context would have looked like this system_u:object_r:svirt_image_t:s0:c153,c923, i.e. using object_r instead of system_r. I am running on RHEL 6.2, not sure whether this is relevant. Yes the security context should be system_u:object_r:svirt_image_t:s0:c786,c986 These patches should have just affected the Process label not the file label. On the file label we should alter the role on the file label to include object_r. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAlAtMVIACgkQrlYvE4MpobMYqQCgz+d7yeXhYXTz0IGFIsRYUqJl GGgAniHHX21m7D5BHZgeMHskS8zww4B1 =Ex2S -END PGP SIGNATURE- -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 1/7] conf: move DevicePCIAddress functions to separate file
On 08/16/2012 12:12 PM, Laine Stump wrote: On 08/16/2012 11:41 AM, Shradha Shah wrote: Move the functions the parse/format, and validate PCI addresses to their own file so they can be conveniently used in other places besides device_conf.c Refactoring existing code without causing any functional changes to prepare for new code. This patch makes the code reusable. Signed-off-by: Shradha Shah ss...@solarflare.com ACK. You've taken care of all my nits from the previous version. Actually, make check was failing on a bunch of cases. But it turned out to just be that the address line was indented 4 extra spaces instead of two. I'll squash in this change when I push: diff --git a/src/conf/device_conf.c b/src/conf/device_conf.c index ca600c5..aefffec 100644 --- a/src/conf/device_conf.c +++ b/src/conf/device_conf.c @@ -120,7 +120,7 @@ virDevicePCIAddressFormat(virBufferPtr buf, virDevicePCIAddress addr, bool includeTypeInAddr) { -virBufferAsprintf(buf, address %sdomain='0x%.4x' bus='0x%.2x' +virBufferAsprintf(buf, address %sdomain='0x%.4x' bus='0x%.2x' slot='0x%.2x' function='0x%.1x'/\n, includeTypeInAddr ? type='pci' : , addr.domain, diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 78d5685..ff225e6 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -11435,18 +11435,19 @@ virDomainHostdevSourceFormat(virBufferPtr buf, bool includeTypeInAddr) { virBufferAddLit(buf, source\n); +virBufferAdjustIndent(buf, 2); switch (def-source.subsys.type) { case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_USB: if (def-source.subsys.u.usb.vendor) { -virBufferAsprintf(buf, vendor id='0x%.4x'/\n, +virBufferAsprintf(buf, vendor id='0x%.4x'/\n, def-source.subsys.u.usb.vendor); -virBufferAsprintf(buf, product id='0x%.4x'/\n, +virBufferAsprintf(buf, product id='0x%.4x'/\n, def-source.subsys.u.usb.product); } if (def-source.subsys.u.usb.bus || def-source.subsys.u.usb.device) { -virBufferAsprintf(buf, address %sbus='%d' device='%d'/\n, +virBufferAsprintf(buf, address %sbus='%d' device='%d'/\n, includeTypeInAddr ? type='usb' : , def-source.subsys.u.usb.bus, def-source.subsys.u.usb.device); @@ -11463,14 +11464,14 @@ virDomainHostdevSourceFormat(virBufferPtr buf, (def-origstates.states.pci.unbind_from_stub || def-origstates.states.pci.remove_slot || def-origstates.states.pci.reprobe)) { -virBufferAddLit(buf, origstates\n); +virBufferAddLit(buf, origstates\n); if (def-origstates.states.pci.unbind_from_stub) -virBufferAddLit(buf, unbind/\n); +virBufferAddLit(buf, unbind/\n); if (def-origstates.states.pci.remove_slot) -virBufferAddLit(buf, removeslot/\n); +virBufferAddLit(buf, removeslot/\n); if (def-origstates.states.pci.reprobe) -virBufferAddLit(buf, reprobe/\n); -virBufferAddLit(buf, /origstates\n); +virBufferAddLit(buf, reprobe/\n); +virBufferAddLit(buf, /origstates\n); } break; default: @@ -11480,6 +11481,7 @@ virDomainHostdevSourceFormat(virBufferPtr buf, return -1; } +virBufferAdjustIndent(buf, -2); virBufferAddLit(buf, /source\n); return 0; } -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 4/7] Code to return interface name or pci_addr of the VF in actualDevice
On 08/16/2012 11:41 AM, Shradha Shah wrote: The network pool should be able to keep track of both, network device names nad PCI addresses, and return the appropriate one in the actualDevice when networkAllocateActualDevice is called. Signed-off-by: Shradha Shah ss...@solarflare.com ACK again. It's good that the autogeneration of the device pool from pf now works for PRIVATE and BRIDGE modes too. -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH] build: ship stamp files
'make distcheck' fails because the generated ESX and HyperV files are (intentionally) marked read-only, but since the stamp file was missing, make assumes they need to be rebuilt. Shipping the stamp file solves the problem. * src/Makefile.am (EXTRA_DIST): Ship stamp files. --- Pushing under the build-breaker rule. src/Makefile.am | 4 1 file changed, 4 insertions(+) diff --git a/src/Makefile.am b/src/Makefile.am index ac5a27f..213bd83 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -930,6 +930,8 @@ BUILT_SOURCES += $(ESX_DRIVER_GENERATED) ESX_GENERATED_STAMP = .esx_vi_generator.stamp +EXTRA_DIST += $(ESX_GENERATED_STAMP) + $(ESX_DRIVER_GENERATED): $(ESX_GENERATED_STAMP) $(ESX_GENERATED_STAMP): $(srcdir)/esx/esx_vi_generator.input \ @@ -956,6 +958,8 @@ BUILT_SOURCES += $(HYPERV_DRIVER_GENERATED) HYPERV_GENERATED_STAMP = .hyperv_wmi_generator.stamp +EXTRA_DIST += $(HYPERV_GENERATED_STAMP) + $(HYPERV_DRIVER_GENERATED): $(HYPERV_GENERATED_STAMP) $(HYPERV_GENERATED_STAMP): $(srcdir)/hyperv/hyperv_wmi_generator.input \ -- 1.7.11.2 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 5/7] Add function virDevicePCIAddressEqual
On 08/16/2012 09:42 AM, Shradha Shah wrote: This function is needed by the network driver in a later commit. This function is useful in functions like networkNotifyActualDevice and networkReleaseActualDevice --- src/conf/device_conf.c | 16 src/conf/device_conf.h |3 +++ src/libvirt_private.syms |1 + 3 files changed, 20 insertions(+), 0 deletions(-) +++ b/src/libvirt_private.syms @@ -224,6 +224,7 @@ virDeviceAddressPciMultiTypeToString; virDevicePCIAddressIsValid; virDevicePCIAddressParseXML; virDevicePCIAddressFormat; +virDevicePCIAddressEqual; Several patches have now failed to sort this section of the file. I'm okay with either rebasing to touch it up as you go, or one big cleanup at the end of the series. -- Eric Blake ebl...@redhat.com+1-919-301-3266 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] distcheck issues on maint and master
On 08/13/2012 10:19 AM, Eric Blake wrote: On 08/13/2012 08:04 AM, Cole Robinson wrote: On 08/13/2012 09:59 AM, Daniel P. Berrange wrote: On Mon, Aug 13, 2012 at 09:56:49AM -0400, Cole Robinson wrote: I just pushed a bunch of patches to -maint branches, but both are giving me distcheck errors that seem related to a gnulib update: ERROR: files left in build directory after distclean: ./.sc-start-sc_vulnerable_makefile_CVE-2012-3386 'make maintainer-clean' doesn't clean up leftover .sc-start files from one failed syntax check, even if you resolve the syntax check in the meantime. I don't know why the .sc file is getting bundled into the tarball, but it should not be; and that would possibly explain the error you are seeing. There may be further improvements needed on gnulib's side (hence the cc), but for now, I think the workaround for you is to just manually delete that .sc-start* file prior to running distcheck. Found the root of the issue - it's libvirt's fault. Gnulib's maint.mk takes the initial definition of local-checks-to-skip, and from that, creates a macro 'local-checks' using a := rule: local-check := \ $(patsubst sc_%, sc_%.z, \ $(filter-out $(local-checks-to-skip), $(local-checks-available))) But libvirt's cfg.mk is conditionally running the local-checks-to-skip rule, via: # Most developers don't run 'make distcheck'. We want the official # dist to be secure, but don't want to penalize other developers # using a distro that has not yet picked up the automake fix. # FIXME remove this ifeq (making the syntax check unconditional) # once fixed automake (1.11.6 or 1.12.2+) is more common. ifeq ($(filter dist%, $(MAKECMDGOALS)), ) local-checks-to-skip += sc_vulnerable_makefile_CVE-2012-3386 else distdir: sc_vulnerable_makefile_CVE-2012-3386 endif Because distdir depends on the full sc_ name, rather than the sc_.z rewrite, maint.mk's timing rules don't get properly run, so the .sc-start-* file doesn't get cleaned up. I think with a bit more tweaking to libvirt's cfg.mk, I can get this working again. Meanwhile, would gnulib like to incorporate this hack from libvirt? After all, the current Automake vulnerability only affects you if you run 'make dist' or 'make distcheck'; it does not impact normal day-to-day development. Therefore, running the syntax check only in the vulnerable cases, and in such a way that the syntax check stops make before the vulnerability can actually be triggered, without penalizing day-to-day development for people relying on their distro rather than using a hand-built automake, seems like it would be nice to share among multiple packages. [It's a shame that more than a month after the CVE was reported and both Fedora 17 and RHEL 6.3 are still vulnerable, but that's a story for another day.] -- Eric Blake ebl...@redhat.com+1-919-301-3266 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH] build: fix syntax check during 'make distcheck'
'make distcheck' was failing because a syntax check file, .sc-start-sc_vulnerable_makefile_CVE-2012-3386, got left behind. I traced it to the 'distdir' rule depending on a shortcut syntax-check name rather than the full rule name normally used during 'local-check' from maint.mk. * cfg.mk (distdir): Depend on full rule, not shorthand name. --- Pushing under the build-breaker rule. cfg.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cfg.mk b/cfg.mk index 1318593..e9138a8 100644 --- a/cfg.mk +++ b/cfg.mk @@ -85,7 +85,7 @@ local-checks-to-skip =\ ifeq ($(filter dist%, $(MAKECMDGOALS)), ) local-checks-to-skip +=sc_vulnerable_makefile_CVE-2012-3386 else -distdir: sc_vulnerable_makefile_CVE-2012-3386 +distdir: sc_vulnerable_makefile_CVE-2012-3386.z endif # Files that should never cause syntax check failures. -- 1.7.11.2 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 11/23] Introduce an internal API for handling file based lockspaces
On 08/09/2012 09:20 AM, Daniel P. Berrange wrote: From: Daniel P. Berrange berra...@redhat.com The previously introduced virFile{Lock,Unlock} APIs provide a way to acquire/release fcntl() locks on individual files. For unknown reason though, the POSIX spec says that fcntl() locks are released when *any* file handle refering to the same path s/refering/referring/ is closed. In the following sequence threadA: fd1 = open(foo) threadB: fd2 = open(foo) threadA: virFileLock(fd1) threadB: virFileLock(fd2) threadB: close(fd2) you'd expect threadA to come out holding a lock on 'foo', and indeed it does hold a lock for a very short time. Unfortunately when threadB does close(fd2) this releases the lock associated with fd1. For the current libvirt use case for virFileLock - pidfiles - this doesn't matter since the lock is acquired at startup while single threaded an never released until exit. To provide a more generally useful API though, it is neccessary s/neccessary/necessary/ to introduce a slightly higher level abstraction, which is to be referred to as a lockspace. This is to be provided by a virLockSpacePtr object in src/util/virlockspace.{c,h}. The core idea is that the lockspace keeps track of what files are already open+locked. This means that when a 2nd thread comes along and tries to acquire a lock, it doesn't end up opening and closing a new FD. The lockspace just checks the current list of held locks and immediately returns VIR_ERR_RESOURCE_BUSY. NB, the API as it stands is designed on the basis that the files being locked are not being otherwise opened and used by the application code. One approach to using this API is to acquire locks based on a hash of the filepath. eg to lock /var/lib/libvirt/images/foo.img the application might do virLockSpacePtr lockspace = virLockSpaceNew(/var/lib/libvirt/imagelocks); lockname = md5sum(/var/lib/libvirt/images/foo.img) virLockSpaceAcquireLock(lockspace, lockname) s/)$/),/g Don't you want to ensure that the canonical name is used (that is, symlinks can allow two different names to resolve to the same file, but you want to hash the name without symlinks). It is also possible to do locks directly on resources by using a NULL lockspace directory and then using the file path as the lock name eg virLockSpacePtr lockspace = virLockSpaceNew(NULL) virLockSpaceAcquireLock(lockspace, /var/lib/libvirt/images/foo.img) more missing semicolons This is only safe todo though if no other part of the proces s/todo/to do/; s/proces/process/ will be opening the files. This will be the case when this code is used inside the soon-to-be-reposted virlockd daemon Signed-off-by: Daniel P. Berrange berra...@redhat.com --- This patch failed to apply directly for me; you'll have to rebase it again. I was able to figure out the changes, though (a new error in virterror.[ch]). + + +static char *virLockSpaceGetResourcePath(virLockSpacePtr lockspace, + const char *resname) +{ +char *ret; +if (lockspace-dir) { +if (virAsprintf(ret, %s/%s, lockspace-dir, resname) 0) { +virReportOOMError(); +return NULL; +} +} else { +if (!(ret = strdup(resname))) { +virReportOOMError(); +return NULL; +} +} Fine as-is, but could be written shorter as: if (lockspace-dir) ignore_value(virAsprintf(ret, %s/%s, lockspace-dir, resname)); else ret = strdup(resname); if (!ret) { virReportOOMError(); return NULL; } +static void virLockSpaceResourceFree(virLockSpaceResourcePtr res) +{ +if (!res) +return; + +if (res-lockHeld +(res-flags VIR_LOCK_SPACE_ACQUIRE_AUTOCREATE)) { +if (res-flags VIR_LOCK_SPACE_ACQUIRE_SHARED) { +/* We must upgrade to an exclusive lock to ensure + * no one else still has it before trying to delete */ +if (virFileLock(res-fd, false, 0, 1) 0) { +VIR_DEBUG(Could not upgrade shared lease to exclusive, not deleting); +} else { +unlink(res-path); Should we log failures to unlink()? +static virLockSpaceResourcePtr +virLockSpaceResourceNew(virLockSpacePtr lockspace, +VIR_DEBUG(Resource '%s' disappeared: %s, + res-path, virStrerror(errno, ebuf, sizeof(ebuf))); +VIR_FORCE_CLOSE(res-fd); +/* Someone else must be racing with us, so try agin */ s/agin/again/ + +void virLockSpaceFree(virLockSpacePtr lockspace) +{ +if (!lockspace) +return; + +virHashFree(lockspace-resources); +VIR_FREE(lockspace-dir); Should we first try to rmdir() the directory, and silently ignore errors related to the directory still being full? +++ b/tests/virlockspacetest.c + +static int testLockSpaceCreate(const void *args
Re: [libvirt] [PATCH 12/23] Add JSON serialization of virLockSpacePtr objects for process re-exec()
On 08/09/2012 09:20 AM, Daniel P. Berrange wrote: From: Daniel P. Berrange berra...@redhat.com Add two new APIs virLockSpaceNewPostExecRestart and virLockSpacePreExecRestart which allow a virLockSpacePtr object to be created from a JSON object and saved to a JSON object, for the purposes of re-exec'ing a process. As well as saving the state in JSON format, the second method will disable the O_CLOEXEC flag so that the open file descriptors are preserved across the process re-exec() Signed-off-by: Daniel P. Berrange berra...@redhat.com --- Is virLockSpacePreExecRestart called in the parent prior to forking (mostly good, with one caveat) or in the child between fork and exec (bad, since you malloc and do a lot of other non-async-safe stuff)? If the latter, we risk deadlock; if the former, then you have at least one bug... + +virLockSpacePtr virLockSpaceNewPostExecRestart(virJSONValuePtr object) +{ +virLockSpacePtr lockspace; +virJSONValuePtr resources; +int n; +size_t i; + +VIR_DEBUG(object=%p, object); Would it be any better to pretty-print the contents of object instead of just listing its address? +if (virJSONValueObjectGetNumberInt(child, fd, res-fd) 0) { +virReportError(VIR_ERR_INTERNAL_ERROR, %s, + _(Missing resource fd in JSON document)); +virLockSpaceResourceFree(res); +goto error; +} +if (virSetInherit(res-fd, false) 0) { +virReportSystemError(errno, %s, + _(Cannot enable close-on-exec flag)); +goto error; Is the reparse loop called while the exec'd process is still single-threaded, so as to avoid any races with the fds that are not yet re-marked CLOEXEC? + +virJSONValuePtr virLockSpacePreExecRestart(virLockSpacePtr lockspace) +{ + +if (virSetInherit(res-fd, true) 0) { +virReportSystemError(errno, %s, + _(Cannot disable close-on-exec flag)); +goto error; +} ...clearing O_CLOEXEC in the parent is wrong. You cannot clear O_CLOEXEC until you are in the child (so as not to leak into any other child process spawned by another thread), which really means that you have to use virCommandPreserveFD instead of virSetInherit (virCommand will then call virSetInherit in the child, between fork and exec, on your behalf). But that makes it sound like you need to pass a virCommandPtr in to this function, in addition to the lockspace. Overall, looks like a mostly sane serialization - simpler than coding it up in XML, and still robust to pass between parent and child, but you do need to solve the CLOEXEC safety issues. -- Eric Blake ebl...@redhat.com+1-919-301-3266 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 13/23] Add JSON serialization of virNetSocketPtr objects for process re-exec()
On 08/09/2012 09:20 AM, Daniel P. Berrange wrote: From: Daniel P. Berrange berra...@redhat.com Add two new APIs virNetSocketNewPostExecRestart and virNetSocketPreExecRestart which allow a virNetSocketPtr object to be created from a JSON object and saved to a JSON object, for the purpose of re-exec'ing a process. As well as saving the state in JSON format, the second method will disable the O_CLOEXEC flag so that the open file descriptors are preserved across the process re-exec() Same problem as 12/23 regarding _when_ you clear O_CLOEXEC. Since it is not possible to serialize SASL or TLS encryption state, an error will be raised if attempting to perform serialization on non-raw sockets Signed-off-by: Daniel P. Berrange berra...@redhat.com --- src/libvirt_private.syms | 2 + src/rpc/virnetsocket.c | 108 +++ src/rpc/virnetsocket.h | 6 +++ 3 files changed, 116 insertions(+) +virNetSocketPtr virNetSocketNewPostExecRestart(virJSONValuePtr object) +{ +virSocketAddr localAddr; +virSocketAddr remoteAddr; +int fd, thepid, errfd; +bool isClient; + +if (virJSONValueObjectGetNumberInt(object, fd, fd) 0) { +virReportError(VIR_ERR_INTERNAL_ERROR, %s, + _(Missing fd data in JSON document)); +return NULL; +} + +if (virJSONValueObjectGetNumberInt(object, pid, thepid) 0) { +virReportError(VIR_ERR_INTERNAL_ERROR, %s, + _(Missing pid data in JSON document)); +return NULL; +} + +if (virJSONValueObjectGetNumberInt(object, errfd, errfd) 0) { +virReportError(VIR_ERR_INTERNAL_ERROR, %s, + _(Missing errfd data in JSON document)); +return NULL; +} Do you need to re-enable FD_CLOEXEC on fd and errfd at this point? -- Eric Blake ebl...@redhat.com+1-919-301-3266 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 14/23] Add JSON serialization of virNetServerServicePtr objects for process re-exec()
On 08/09/2012 09:20 AM, Daniel P. Berrange wrote: From: Daniel P. Berrange berra...@redhat.com Add two new APIs virNetServerServiceNewPostExecRestart and virNetServerServicePreExecRestart which allow a virNetServerServicePtr object to be created from a JSON object and saved to a JSON object, for the purpose of re-exec'ing a process. This includes serialization of the listening sockets associated with the service Signed-off-by: Daniel P. Berrange berra...@redhat.com --- po/POTFILES.in| 1 + src/libvirt_private.syms | 2 + src/rpc/virnetserverservice.c | 124 ++ src/rpc/virnetserverservice.h | 4 ++ 4 files changed, 131 insertions(+) May need some signature changes if the solution to 12 and 13 requires passing a virCommandPtr through the PreExecRestart commands. -- Eric Blake ebl...@redhat.com+1-919-301-3266 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 15/23] Add JSON serialization of virNetServerClientPtr objects for process re-exec()
On 08/09/2012 09:20 AM, Daniel P. Berrange wrote: From: Daniel P. Berrange berra...@redhat.com Add two new APIs virNetServerClientNewPostExecRestart and virNetServerClientPreExecRestart which allow a virNetServerClientPtr object to be created from a JSON object and saved to a JSON object, for the purpose of re-exec'ing a process. This includes serialization of the connected socket associated with the client Signed-off-by: Daniel P. Berrange berra...@redhat.com --- +virNetServerClientPtr virNetServerClientNewPostExecRestart(virJSONValuePtr object, + virNetServerClientPrivNewPostExecRestart privNew, + virNetServerClientPrivPreExecRestart privPreExecRestart, + virFreeCallback privFree, + void *privOpaque) +{ +virJSONValuePtr child; +virNetServerClientPtr client = NULL; +virNetSocketPtr sock; +const char *identity = NULL; +int auth; +bool readonly; +unsigned int nrequests_max; + +if (virJSONValueObjectGetNumberInt(object, auth, auth) 0) { +virReportError(VIR_ERR_INTERNAL_ERROR, %s, + _(Missing auth field in JSON state document)); +return NULL; +} +if (virJSONValueObjectGetBoolean(object, readonly, readonly) 0) { +virReportError(VIR_ERR_INTERNAL_ERROR, %s, + _(Missing readonly field in JSON state document)); +return NULL; +} +if (virJSONValueObjectGetNumberUint(object, nrequests_max, +(unsigned int *)nrequests_max) 0) { Why the cast? nrequests_max is already (unsigned int *). -- Eric Blake ebl...@redhat.com+1-919-301-3266 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 16/23] Add JSON serialization of virNetServerPtr objects for process re-exec()
On 08/09/2012 09:20 AM, Daniel P. Berrange wrote: From: Daniel P. Berrange berra...@redhat.com Add two new APIs virNetServerNewPostExecRestart and virNetServerPreExecRestart which allow a virNetServerPtr object to be created from a JSON object and saved to a JSON object, for the purpose of re-exec'ing a process. This includes serialization of all registered services and clients Signed-off-by: Daniel P. Berrange berra...@redhat.com --- src/libvirt_private.syms | 2 + src/rpc/virnetserver.c | 252 +++ src/rpc/virnetserver.h | 10 ++ 3 files changed, 264 insertions(+) Looks reasonable, but may be impacted by any changes to earlier patches. -- Eric Blake ebl...@redhat.com+1-919-301-3266 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 5/7] Add function virDevicePCIAddressEqual
On 08/16/2012 04:07 PM, Eric Blake wrote: On 08/16/2012 09:42 AM, Shradha Shah wrote: This function is needed by the network driver in a later commit. This function is useful in functions like networkNotifyActualDevice and networkReleaseActualDevice --- src/conf/device_conf.c | 16 src/conf/device_conf.h |3 +++ src/libvirt_private.syms |1 + 3 files changed, 20 insertions(+), 0 deletions(-) +++ b/src/libvirt_private.syms @@ -224,6 +224,7 @@ virDeviceAddressPciMultiTypeToString; virDevicePCIAddressIsValid; virDevicePCIAddressParseXML; virDevicePCIAddressFormat; +virDevicePCIAddressEqual; Several patches have now failed to sort this section of the file. I'm okay with either rebasing to touch it up as you go, or one big cleanup at the end of the series. Now that you've pointed it out, I'm just squashing in the simple fixes to keep the order alphabetic as they go (along with a few other minor changes like extra spaces at the end of lines, etc). (Doing a make check and make syntax-check after applying each patch, I also found some problems in 3/7 that cause networkxml2xmltest to fail - that required enough changes that I'll be posting a patch for review (and squashing into 3/7 before pushing) rather than just silently squashing in the changes. -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH] Add support for setting VLANs on Open vSwitch ports
Add the ability to support VLAN tags for Open vSwitch virtual port types. To accomplish this, modify virNetDevOpenvswitchAddPort and virNetDevTapCreateInBridgePort to take a virNetDevVlanPtr argument. When adding the port to the OVS bridge, setup either a single VLAN or a trunk port based on the configuration from the virNetDevVlanPtr. Signed-off-by: Kyle Mestery kmest...@cisco.com --- .gnulib | 2 +- src/lxc/lxc_process.c | 2 +- src/network/bridge_driver.c | 2 +- src/qemu/qemu_command.c | 1 + src/uml/uml_conf.c | 1 + src/util/virnetdevopenvswitch.c | 34 +++--- src/util/virnetdevopenvswitch.h | 4 +++- src/util/virnetdevtap.c | 3 ++- src/util/virnetdevtap.h | 2 ++ 9 files changed, 43 insertions(+), 8 deletions(-) diff --git a/.gnulib b/.gnulib index 271dd74..dbd9144 16 --- a/.gnulib +++ b/.gnulib @@ -1 +1 @@ -Subproject commit 271dd74fdf54ec2a03e73a5173b0b5697f6088f1 +Subproject commit dbd914496c99c52220e5f5ba4121d6cb55fb3beb diff --git a/src/lxc/lxc_process.c b/src/lxc/lxc_process.c index 046ed86..dc34bef 100644 --- a/src/lxc/lxc_process.c +++ b/src/lxc/lxc_process.c @@ -325,7 +325,7 @@ static int virLXCProcessSetupInterfaceBridged(virConnectPtr conn, if (vport vport-virtPortType == VIR_NETDEV_VPORT_PROFILE_OPENVSWITCH) ret = virNetDevOpenvswitchAddPort(brname, parentVeth, net-mac, - vm-uuid, vport); + vm-uuid, vport, net-vlan); else ret = virNetDevBridgeAddPort(brname, parentVeth); if (ret 0) diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c index 474bbfa..a78e3b6 100644 --- a/src/network/bridge_driver.c +++ b/src/network/bridge_driver.c @@ -1763,7 +1763,7 @@ networkStartNetworkVirtual(struct network_driver *driver, } if (virNetDevTapCreateInBridgePort(network-def-bridge, macTapIfName, network-def-mac, - NULL, NULL, NULL, + NULL, NULL, NULL, NULL, VIR_NETDEV_TAP_CREATE_USE_MAC_FOR_BRIDGE) 0) { VIR_FREE(macTapIfName); goto err0; diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index 9383530..e0062a1 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -255,6 +255,7 @@ qemuNetworkIfaceConnect(virDomainDefPtr def, err = virNetDevTapCreateInBridgePort(brname, net-ifname, net-mac, def-uuid, tapfd, virDomainNetGetActualVirtPortProfile(net), + net-vlan, tap_create_flags); virDomainAuditNetDevice(def, net, /dev/net/tun, tapfd = 0); if (err 0) { diff --git a/src/uml/uml_conf.c b/src/uml/uml_conf.c index 4c299d8..5461b42 100644 --- a/src/uml/uml_conf.c +++ b/src/uml/uml_conf.c @@ -141,6 +141,7 @@ umlConnectTapDevice(virConnectPtr conn, if (virNetDevTapCreateInBridgePort(bridge, net-ifname, net-mac, vm-uuid, NULL, virDomainNetGetActualVirtPortProfile(net), + net-vlan, VIR_NETDEV_TAP_CREATE_IFUP) 0) { if (template_ifname) VIR_FREE(net-ifname); diff --git a/src/util/virnetdevopenvswitch.c b/src/util/virnetdevopenvswitch.c index b57532b..8a31e77 100644 --- a/src/util/virnetdevopenvswitch.c +++ b/src/util/virnetdevopenvswitch.c @@ -46,9 +46,11 @@ int virNetDevOpenvswitchAddPort(const char *brname, const char *ifname, const virMacAddrPtr macaddr, const unsigned char *vmuuid, - virNetDevVPortProfilePtr ovsport) + virNetDevVPortProfilePtr ovsport, + virNetDevVlanPtr virtVlan) { int ret = -1; +int i = 0; virCommandPtr cmd = NULL; char macaddrstr[VIR_MAC_STRING_BUFLEN]; char ifuuidstr[VIR_UUID_STRING_BUFLEN]; @@ -57,6 +59,7 @@ int virNetDevOpenvswitchAddPort(const char *brname, const char *ifname, char *ifaceid_ex_id = NULL; char *profile_ex_id = NULL; char *vmid_ex_id = NULL; +virBufferPtr buf; virMacAddrFormat(macaddr, macaddrstr); virUUIDFormat(ovsport-interfaceID, ifuuidstr); @@ -76,11 +79,35 @@ int virNetDevOpenvswitchAddPort(const char *brname, const char *ifname, ovsport-profileID) 0) goto out_of_memory; } +if (virtVlan) { +if (VIR_ALLOC(buf) 0) +goto out_of_memory; + +/* Trunk port first */ +if (virtVlan-trunk) { +
[libvirt] [PATCH 3.5/7] fixes to get 3/7 past make check
Patch 3/7 fails make check, so I need to sqaush in the following to fix it. It seemed a bit too much to squash in without getting somebody to review it first: 1) The indentation was off for the new use of virDevicePCIAddressFormat in network_conf.c. Rather than just hacking in even more tweaks of virBufferAdjustIndent(), I corrected virNetworkDefFormat and the other format functions it calls (i.e. the rest of the file) to properly use the buffer indent everywhere. 2) the accessor function virNetworkDefForwardIf() needed to be updated to not access the newly unionized member device.dev unless the type was NETDEV. This caused a segfault when non-pointer data was interpreted as a pointer. 3) Some of the network XML test cases didn't match the output format (PCI addresses are always printed in hex with a 0x at the beginning). 4) Previously it was legal to put both a pf and a list of interface elements inside a forward element. That has now been made illegal, so it can't show up even in the *input* XML. --- src/conf/network_conf.c | 83 +-- src/conf/network_conf.h | 3 +- tests/networkxml2xmlin/hostdev-pf.xml | 2 +- tests/networkxml2xmlin/hostdev.xml| 10 ++-- tests/networkxml2xmlin/passthrough-pf.xml | 2 - tests/networkxml2xmlout/hostdev-pf.xml| 4 +- tests/networkxml2xmlout/hostdev.xml | 10 ++-- 7 files changed, 61 insertions(+), 53 deletions(-) diff --git a/src/conf/network_conf.c b/src/conf/network_conf.c index ef519f6..9d53d8e 100644 --- a/src/conf/network_conf.c +++ b/src/conf/network_conf.c @@ -1388,17 +1388,18 @@ virNetworkDNSDefFormat(virBufferPtr buf, if (def == NULL) goto out; -virBufferAddLit(buf, dns\n); +virBufferAddLit(buf, dns\n); +virBufferAdjustIndent(buf, 2); for (i = 0 ; i def-ntxtrecords ; i++) { -virBufferAsprintf(buf, txt name='%s' value='%s' /\n, +virBufferAsprintf(buf, txt name='%s' value='%s' /\n, def-txtrecords[i].name, def-txtrecords[i].value); } for (i = 0 ; i def-nsrvrecords ; i++) { if (def-srvrecords[i].service def-srvrecords[i].protocol) { -virBufferAsprintf(buf, srv service='%s' protocol='%s', +virBufferAsprintf(buf, srv service='%s' protocol='%s', def-srvrecords[i].service, def-srvrecords[i].protocol); @@ -1423,18 +1424,19 @@ virNetworkDNSDefFormat(virBufferPtr buf, for (ii = 0 ; ii def-nhosts; ii++) { char *ip = virSocketAddrFormat(def-hosts[ii].ip); -virBufferAsprintf(buf, host ip='%s'\n, ip); - +virBufferAsprintf(buf, host ip='%s'\n, ip); +virBufferAdjustIndent(buf, 2); for (j = 0; j def-hosts[ii].nnames; j++) -virBufferAsprintf(buf, hostname%s/hostname\n, - def-hosts[ii].names[j]); +virBufferAsprintf(buf, hostname%s/hostname\n, + def-hosts[ii].names[j]); -virBufferAsprintf(buf, /host\n); +virBufferAdjustIndent(buf, -2); +virBufferAsprintf(buf, /host\n); VIR_FREE(ip); } } - -virBufferAddLit(buf, /dns\n); +virBufferAdjustIndent(buf, -2); +virBufferAddLit(buf, /dns\n); out: return result; } @@ -1445,7 +1447,7 @@ virNetworkIpDefFormat(virBufferPtr buf, { int result = -1; -virBufferAddLit(buf, ip); +virBufferAddLit(buf, ip); if (def-family) { virBufferAsprintf(buf, family='%s', def-family); @@ -1468,14 +1470,17 @@ virNetworkIpDefFormat(virBufferPtr buf, virBufferAsprintf(buf, prefix='%u', def-prefix); } virBufferAddLit(buf, \n); +virBufferAdjustIndent(buf, 2); if (def-tftproot) { -virBufferEscapeString(buf, tftp root='%s' /\n, +virBufferEscapeString(buf, tftp root='%s' /\n, def-tftproot); } if ((def-nranges || def-nhosts)) { int ii; -virBufferAddLit(buf, dhcp\n); +virBufferAddLit(buf, dhcp\n); +virBufferAdjustIndent(buf, 2); + for (ii = 0 ; ii def-nranges ; ii++) { char *saddr = virSocketAddrFormat(def-ranges[ii].start); if (!saddr) @@ -1485,13 +1490,13 @@ virNetworkIpDefFormat(virBufferPtr buf, VIR_FREE(saddr); goto error; } -virBufferAsprintf(buf, range start='%s' end='%s' /\n, +virBufferAsprintf(buf, range start='%s' end='%s' /\n, saddr, eaddr); VIR_FREE(saddr); VIR_FREE(eaddr); } for (ii = 0 ; ii def-nhosts ; ii++) { -virBufferAddLit(buf, host ); +