Commit Graph

12003 Commits

Author SHA1 Message Date
Michal Privoznik
3c83df679e qemu: Relax hard RSS limit
Currently, if there's no hard memory limit defined for a domain,
libvirt tries to calculate one, based on domain definition and magic
equation and set it upon the domain startup. The rationale behind was,
if there's a memory leak or exploit in qemu, we should prevent the
host system trashing. However, the equation was too tightening, as it
didn't reflect what the kernel counts into the memory used by a
process. Since many hosts do have a swap, nobody hasn't noticed
anything, because if hard memory limit is reached, process can
continue allocating memory on a swap. However, if there is no swap on
the host, the process gets killed by OOM killer. In our case, the qemu
process it is.

To prevent this, we need to relax the hard RSS limit. Moreover, we
should reflect more precisely the kernel way of accounting the memory
for process. That is, even the kernel caches are counted within the
memory used by a process (within cgroups at least). Hence the magic
equation has to be changed:

  limit = 1.5 * (domain memory + total video memory) + (32MB for cache
          per each disk) + 200MB
2013-01-08 16:32:11 +01:00
John Ferlan
51811e4161 Resolve COPY_PASTE error found by Coverity
Fix copy-paste error doing handshake.

The clientShake was not set to true, thus we'd potentially never leave
the handshake while loop.
2013-01-08 16:21:46 +01:00
Ján Tomko
afc4631b63 storage: fix leak in virStorageBackendLogicalMakeVol
Use regfree instead of VIR_FREE.
2013-01-08 14:01:52 +01:00
Claudio Bley
1e8b4b5810 docs: remove duplicate check in index.add 2013-01-08 11:45:47 +01:00
J.B. Joret
db2b6861dc S390: Enable SCLP Console in QEMU driver
This is the QEMU backend code for the SCLP console support.
It includes SCLP capability detection, QEMU command line generation
and a test case.

Signed-off-by: J.B. Joret <jb@linux.vnet.ibm.com>
Signed-off-by: Viktor Mihajlovski <mihajlov@linux.vnet.ibm.com>
2013-01-08 11:37:52 +01:00
J.B. Joret
d760255d01 S390: Add SCLP console front end support
The SCLP console is the native console type for s390 and is preferred
over the virtio console as it doesn't require special drivers and
is more efficient. Recent versions of QEMU come with SCLP support
which is hereby enabled.

The new target types 'sclp' and 'sclplm' can be used to specify a
SCLP console. Adding documentation, domain schema and XML processing
support.

Signed-off-by: J.B. Joret <jb@linux.vnet.ibm.com>
Signed-off-by: Viktor Mihajlovski <mihajlov@linux.vnet.ibm.com>
2013-01-08 11:37:52 +01:00
Daniel P. Berrange
014afe6501 Rename lxc_protocol.x to lxc_monitor_protocol.x
To avoid confusion between the LXC driver <-> controller
monitor RPC protocol and the libvirt-lxc.so <-> libvirtd public
RPC protocol, rename the former to lxc_monitor_protocol.x

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-01-08 09:21:08 +00:00
Daniel P. Berrange
5f669ea976 Add internal APIs for dealing with namespaces
Add some APIs for acquiring namespace file descriptors and
switching namespaces

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-01-08 09:21:08 +00:00
Daniel P. Berrange
3fd121c170 Add a way to return FDs to the RPC caller
Currently the libvirt client can pass FDs to the server, but the
dispatch mechanism provides no way to return FDs back from the
server to the client. Tweak the dispatch code, such that if a
dispatcher returns '1', this indicates that it populated the
virNetMessagePtr with FDs to return

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-01-08 08:56:49 +00:00
Daniel P. Berrange
18937c3ae0 Fix receiving of file descriptors from server
A number of bugs handling file descriptors received from the
server caused the FDs to be lost and leaked.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-01-08 08:56:49 +00:00
Daniel P. Berrange
24bcd8d45a Move qemu-XXX commands from virsh-host.c to virsh-domain.c
The QEMU specific APIs all operate on domains, not the host,
so should be in the virsh-domain.c file / group

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-01-08 08:56:49 +00:00
Guido Günther
a839dcb850 Add missing flags to migrate documentation 2013-01-08 06:49:34 +01:00
John Ferlan
3e251af561 cpu: Avoid NULL dereference
Don't dereference 'model' in PowerPCBaseline when there's no outputModel
2013-01-07 17:11:57 -07:00
John Ferlan
36ac6e37be lxc: Avoid possible NULL dereference on *root prior to opendir().
If running on older Linux without mounted cgroups then its possible that
*root would be NULL.
2013-01-07 17:11:57 -07:00
John Ferlan
2e0e1a91f7 remote: Avoid calling virAuthConfigLookup() if 'credname' is NULL. 2013-01-07 17:11:56 -07:00
John Ferlan
185478af09 vmware: Avoid NULL dereference for 'caps'
When virCapabilitiesNew() fails, caps will be NULL resulting in possible
core when deref'd in cpuDataFree() call.
2013-01-07 17:11:56 -07:00
John Ferlan
f36d83c441 xen: Avoid possible NULL dereference
Change calling sequence to only call xenUnifiedDomainSetVcpusFlags() when
'dom' is not NULL. Use the GET_PRIVATE() macro to reference privateData.
Just return -1 if dom is NULL.
2013-01-07 17:11:56 -07:00
Daniel P. Berrange
4f1f9d91ab Fix virLXCPrepareHostDevices method
The virLXCPrepareHostDevices method was returning success even
when it reported an error, and failed to handle several host
device types
2013-01-07 18:16:54 +00:00
Daniel P. Berrange
f0e4af91e4 Ensure we always setup a private mount namespace for LXC controller
The code for setting up a private /dev/pts for the containers
is also responsible for making the LXC controller have a
private mount namespace. Unfortunately the /dev/pts code is
not run if launching a container without a custom root. This
causes the LXC FUSE mount to leak into the host FS.
2013-01-07 18:14:34 +00:00
Daniel P. Berrange
198c992d26 Speed up fallback to legacy non-QMP probing
Since we daemonized QEMU for capabilities probing there is a long
time if QEMU fails to launch. This is because we're not passing in
any virDomainObjPtr instance and thus the monitor code can not
check to see if the PID is still alive.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-01-07 18:13:54 +00:00
Daniel P. Berrange
038cffd831 Only initialize capabilities after setting dir permissions
The current code is initializing capabilities before setting
directory permissions. Thus the QEMU binaries being run may
not have the ability to create the UNIX monitor socket on
the first run of libvirtd.
2013-01-07 18:13:39 +00:00
Jim Fehlig
68e7bc4561 build: Add libxenctrl to LIBXL_LIBS
Commit dfa1e1dd removed libxenctrl from LIBXL_LIBS, but the libxl
driver uses a symbol from this library.  Explicitly link with
libxenctrl instead of relying on the build system to support
implicit DSO linking.
2013-01-07 10:15:56 -07:00
Eric Blake
a1fd56cb30 build: install libvirt sysctl file correctly
https://bugzilla.redhat.com/show_bug.cgi?id=887017 reports that
even though libvirt attempts to set fs.aio-max-nr via sysctl,
the file was installed with the wrong name and gets ignored by
sysctl.  Furthermore, 'man systcl.d' recommends that packages
install into hard-coded /usr/lib/sysctl.d (even when libdir is
/usr/lib64), so that sysadmins can use /etc/sysctl.d for overrides.

* daemon/Makefile.am (install-sysctl, uninstall-sysctl): Use
correct location.
* libvirt.spec.in (network_files): Reflect this.
2013-01-07 08:56:37 -07:00
Eric Blake
5ec4b22b77 build: .service files don't need to be executable
See also commit 66ff2dd, where we avoided installing these files
as executables.

* daemon/Makefile.am (libvirtd.service): Drop chmod.
* tools/Makefile.am (libvirt-guests.service): Likewise.
* src/Makefile.am (virtlockd.service, virtlockd.socket):
Likewise.
2013-01-07 08:56:36 -07:00
Eric Blake
cb854b8f61 build: properly substitute virtlockd.socket
virtlockd.service could be installed to a configurable root,
but virtlockd.socket was hardcoded to installation into a
distro.

* src/Makefile.am (virtlockd.service, virtlockd.socket): Drop
unused substitutions.
* src/locking/virtlockd.socket.in (ListenStream): Don't hard-code
/var.
2013-01-07 08:56:36 -07:00
Eric Blake
462a69621e build: use common .in replacement mechanism
We had several different styles of .in conversion in our Makefiles:
ALLCAPS, @ALLCAPS@, @lower@, ::lower::
Canonicalize on one form, to make it easier to copy and paste
between .in files.

Also, we were using some non-portable sed constructs: \@ is an
undefined escape sequence (it happens to be @ itself in GNU sed,
but POSIX allows it to mean something else), as well as risky
behavior (failure to consistently quote things means a space
in $(sysconfdir) could throw things off; also, Autoconf recommends
using | rather than , or ! in the s||| operator, because | has to
be quoted in shell and is therefore less likely to appear in file
names than , or !).

Fix all of these uses to follow the same syntax.

* daemon/libvirtd.8.in: Switch to @var@.
* tools/virt-xml-validate.in: Likewise.
* tools/virt-pki-validate.in: Likewise.
* src/locking/virtlockd.init.in: Likewise.
* daemon/Makefile.am: Prefer | over ! in sed.
(libvirtd.8): Prefer consistent substitution.
(libvirtd.init, libvirtd.service): Avoid non-portable sed.
* tools/Makefile.am (libvirt-guests.sh, libvirt-guests.init)
(libvirt-guests.service): Likewise.
(virt-xml-validate, virt-pki-validate, virt-sanlock-cleanup):
Prefer consistent capitalization.
* src/Makefile.am (virtlockd.init, virtlockd.service)
(virtlockd.socket): Prefer consistent substitution.
2013-01-07 08:56:36 -07:00
Osier Yang
1279e421b2 qemu: Check if the shared disk's cdbfilter conflicts with others
This prevents domain starting and disk attaching if the shared disk's
setting conflicts with other active domain(s), E.g. A domain with
"sgio" set as "filtered", however, another active domain is using
it set as "unfiltered".
2013-01-07 21:39:20 +08:00
Osier Yang
278f87c4b5 qemu: set unpriv_sgio when starting domain and attaching disk
This ignores the default "filtered" if unpriv_sgio is not supported
by kernel, but for explicit request "filtered", it error out for
domain starting.
2013-01-07 21:39:06 +08:00
Osier Yang
535aed56a2 conf: Parse and format the new XML
Like "rawio", "sgio" is only allowed for block disk of device
type "lun".

It doesn't default disk->sgio to "filtered" when parsing, as
it won't be able to distinguish explicitly requested "filtered"
and a default "filtered" in driver then. We have to error out for
explicit request when the kernel doesn't support the new sysfs
knob "unpriv_sgio", however, for defaulted "filtered", we can
just ignore it if the kernel doesn't support "unpriv_sgio".
2013-01-07 21:38:43 +08:00
Osier Yang
b9c57e7b0d docs: Add docs and rng schema for new XML tag sgio
This introduces new XML tag "sgio" for disk, its valid values
are "filtered" and "unfiltered", setting it as "filtered" will
set the disk's unpriv_sgio to 0, and "unfiltered" to set it
as 1, which allows the unprivileged SG_IO commands.
2013-01-07 21:37:24 +08:00
Osier Yang
d7ead3e19a qemu: Add a hash table for the shared disks
This introduces a hash table for qemu driver, to store the shared
disk's info as (@major:minor, @ref_count). @ref_count is the number
of domains which shares the disk.

Since we only care about if the disk support unprivileged SG_IO
commands, and the SG_IO commands only make sense for block disk,
this patch only manages (add/remove hash entry) the shared disk for
block disk.

* src/qemu/qemu_conf.h: (Add member 'sharedDisks' of type
                         virHashTablePtr; Declare helpers
                         qemuGetSharedDiskKey, qemuAddSharedDisk
                         and qemuRemoveSharedDisk)
* src/qemu/qemu_conf.c (Implement the 3 helpers)
* src/qemu/qemu_process.c (Update 'sharedDisks' when domain
                           starting and shutdown)
* src/qemu/qemu_driver.c (Update 'sharedDisks' when attaching
                          or detaching disk).
2013-01-07 21:35:19 +08:00
Osier Yang
ba72cb12fa util: Prepare helpers for unpriv_sgio setting
"virGetDeviceID" could be used across the sources, but it doesn't
relate with this series, and could be done later.

* src/util/virutil.h: (Declare virGetDeviceID, and
                       vir{Get,Set}DeviceUnprivSGIO)
* src/util/virutil.c: (Implement virGetDeviceID and
                       vir{Get,Set}DeviceUnprivSGIO)
* src/libvirt_private.syms: Export private symbols of upper helpers
2013-01-07 21:34:01 +08:00
Peter Krempa
731a5a4df7 snapshot: qemu: Allow redefinition of external snapshots
A redefinition of an external inactive snapshot/checkpoint wasn't
possible without this change.
2013-01-05 08:40:01 +01:00
Peter Krempa
709b0f37c5 snapshot: qemu: Fix segfault and vanishing snapshots when redefining
When the disk alignment check done while redefining an existing snapshot
failed, the qemu driver attempted to free the existing snapshot. As in
the cleanup path the definition of the snapshot wasn't assigned, the
cleanup code dereferenced a NULL pointer.

This patch changes the behavior on error paths while redefining snapshot
in two ways:

1) On failure, modifications done on the snapshot definition object are
rolled back.

2) The previous definition of the data isn't freed until it's certain it
won't be needed any more.

This change avoids the segfault and additionally the snapshot doesn't
vanish if redefinition fails for some reason.
2013-01-05 08:40:01 +01:00
Peter Krempa
4494b11f8f snapshot: qemu: Separate logic blocks with newlines 2013-01-05 08:40:00 +01:00
Peter Krempa
51b12b8cca snapshot: conf: Make virDomainSnapshotIsExternal more reusable
Allow to use definition objects with this predicate function.
2013-01-05 08:40:00 +01:00
John Eckersberg
346e43ecfd qemu: Implement virDomainOpenChannel API 2013-01-04 19:03:32 -07:00
John Eckersberg
66a0664974 conf: Add unix socket support to virChrdevOpen
This also changes the function signature to take a
virDomainChrSourceDefPtr instead of just a path, since it needs to
differentiate behavior based on source->type.
2013-01-04 18:07:11 -07:00
John Eckersberg
3c971c675a conf: Rename console-specific identifiers to be more generic
The functionality provided in virchrdev.c (previously virconsole.c) is
applicable to other types of character devices besides consoles, such
as channels.  This patch is just code motion, renaming things such as
"console" or "pty", instead using more general terms such as
"character device" or "device path".
2013-01-04 17:43:21 -07:00
John Eckersberg
4c85421c6c conf: Rename virconsole.* to virchrdev.*
This is just code motion, in preparation to rename identifiers to be
less console-specific.
2013-01-04 17:26:30 -07:00
John Eckersberg
d52add46ed api: Add API to tunnel a guest channel via stream
This patch adds a new API, virDomainOpenChannel, that uses streams to
connect to a virtio channel on a guest.  This creates a secure
communication channel between a guest and a libvirt client.

This behaves the same as virDomainOpenConsole, except on channels
instead of console/serial/parallel devices.
2013-01-04 17:10:55 -07:00
Eric Blake
54df702ed0 build: fix mingw rpm build
Commit d13155c changed which files get installed for the
libvirt-guests service, but did not touch up the mingw spec
file.  As a result, rpmbuild complained:

RPM build errors:
    Installed (but unpackaged) file(s) found:
   /usr/i686-w64-mingw32/sys-root/mingw/libexec/libvirt-guests.sh
   /usr/x86_64-w64-mingw32/sys-root/mingw/libexec/libvirt-guests.sh

which in turn breaks ./autobuild.sh when cross-compilers are present.

* mingw-libvirt.spec.in: Remove files not relevant to mingw.
2013-01-04 17:06:39 -07:00
Eric Blake
f5b654e33e network: fix check for ambiguous lookup
gcc -O2 complained:
../../src/conf/network_conf.c: In function 'virNetworkDefUpdateDNSSrv':
../../src/conf/network_conf.c:3232: error: 'foundIdx' may be used uninitialized in this function [-Wuninitialized]

It turned out to be a spurious warning (we didn't use foundIdx
unless foundCt was non-zero).  But in investigating that, I noticed
a worse problem: we were using 'if (foundCt > 1)', but since foundCt
was bool, it could never be > 1.

* src/conf/network_conf.c (virNetworkDefUpdateDNSHost): Use
correct type.
(virNetworkDefUpdateDNSSrv): Likewise, and silence compiler
warning.
2013-01-04 15:08:25 -07:00
John Ferlan
b667125065 Check and handle select() errors from waitsocket(). 2013-01-04 10:57:25 -07:00
John Ferlan
7ac12d84d0 tests: check and handle error for virAsprintf() calls 2013-01-04 10:57:20 -07:00
John Ferlan
0c6e95fe78 Check return on mkdir for LOCKSPACE_DIR 2013-01-04 10:57:09 -07:00
John Ferlan
0527d6bd41 vmware: silence Coverity warning
Ignore the return status check for vmwareUpdateVMStatus in convenience
routine vmwareDomainObjListUpdateDomain
2013-01-04 10:56:37 -07:00
Michal Privoznik
632c60edde qemu: Detect VGA_QXL capability correctly
Since 4c993d8a we failed to set this important capability, which
allows starting a domain with QXL video card. We set DEVICE_QXL
capability bit instead, which is not necessary wrong. Anyway, if
qemu supports the new '-device qxl' it supports older '-vga qxl'
as well. The latter is used for the primary (the first) qxl video
card, the former for other video cards.
2013-01-04 15:37:09 +01:00
Guido Günther
66ff2ddc29 Install virtlockd.{socket,service} non executable
since they're not scripts but systemd service files.
2013-01-04 11:48:05 +01:00
Ján Tomko
b7a443fcbb qemu: fix a segfault in qemuProcessWaitForMonitor
Commit b3f2b4ca5c left buf unallocated in
the case of QMP capability probing being used, leading to a segfault in
strlen in the cleanup path.

This patch opens the log and allocates the buffer if QMP probing was
used, so we can display the helpful error message.
2013-01-04 11:00:43 +01:00