diff options
| author | Guido Günther <agx@sigxcpu.org> | 2012-09-06 09:17:58 +0200 |
|---|---|---|
| committer | Guido Günther <agx@sigxcpu.org> | 2012-09-06 09:17:58 +0200 |
| commit | aa3d87ec696b05698edfc56b5381c7500ccd220b (patch) | |
| tree | 717ef1e09c1ae3bfd108ae6b1d29b00ec7822506 /src | |
| parent | b3ae72431ba8920182c992aa13178740c1ea0162 (diff) | |
New upstream version 0.10.1
Diffstat (limited to 'src')
| -rw-r--r-- | src/conf/domain_conf.c | 100 | ||||
| -rw-r--r-- | src/conf/domain_conf.h | 3 | ||||
| -rw-r--r-- | src/libvirt_private.syms | 1 | ||||
| -rw-r--r-- | src/libxl/libxl_driver.c | 2 | ||||
| -rw-r--r-- | src/lxc/lxc_process.c | 2 | ||||
| -rw-r--r-- | src/nwfilter/nwfilter_dhcpsnoop.c | 36 | ||||
| -rw-r--r-- | src/nwfilter/nwfilter_ebiptables_driver.c | 41 | ||||
| -rw-r--r-- | src/nwfilter/nwfilter_learnipaddr.c | 11 | ||||
| -rw-r--r-- | src/qemu/qemu.conf | 4 | ||||
| -rw-r--r-- | src/qemu/qemu_agent.c | 46 | ||||
| -rw-r--r-- | src/qemu/qemu_cgroup.c | 30 | ||||
| -rw-r--r-- | src/qemu/qemu_command.c | 2 | ||||
| -rw-r--r-- | src/qemu/qemu_driver.c | 183 | ||||
| -rw-r--r-- | src/security/security_dac.c | 1 | ||||
| -rw-r--r-- | src/security/security_driver.c | 2 | ||||
| -rw-r--r-- | src/security/security_manager.c | 14 | ||||
| -rw-r--r-- | src/security/security_stack.c | 38 | ||||
| -rw-r--r-- | src/security/security_stack.h | 8 | ||||
| -rw-r--r-- | src/uml/uml_conf.c | 2 | ||||
| -rw-r--r-- | src/util/cgroup.c | 2 | ||||
| -rw-r--r-- | src/util/virmacaddr.c | 9 | ||||
| -rw-r--r-- | src/util/virmacaddr.h | 2 | ||||
| -rw-r--r-- | src/util/virnetdevopenvswitch.c | 32 | ||||
| -rw-r--r-- | src/util/virnetdevvportprofile.c | 3 | ||||
| -rw-r--r-- | src/xen/xend_internal.c | 2 |
25 files changed, 315 insertions, 261 deletions
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 224aec51d..49327dfc0 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -1496,7 +1496,7 @@ virDomainVcpuPinDefPtr * virDomainVcpuPinDefCopy(virDomainVcpuPinDefPtr *src, int nvcpupin) { int i = 0; - virDomainVcpuPinDefPtr *ret; + virDomainVcpuPinDefPtr *ret = NULL; if (VIR_ALLOC_N(ret, nvcpupin) < 0) { goto no_memory; @@ -1514,11 +1514,15 @@ virDomainVcpuPinDefCopy(virDomainVcpuPinDefPtr *src, int nvcpupin) return ret; no_memory: - while (i >= 0) { - VIR_FREE(ret[i]->cpumask); - VIR_FREE(ret[i]); + if (ret) { + for ( ; i >= 0; --i) { + if (ret[i]) { + VIR_FREE(ret[i]->cpumask); + VIR_FREE(ret[i]); + } + } + VIR_FREE(ret); } - VIR_FREE(ret); virReportOOMError(); return NULL; @@ -3102,22 +3106,10 @@ virSecurityLabelDefParseXML(xmlXPathContextPtr ctxt, def->baselabel = p; } - /* Only parse model, if static labelling, or a base - * label is set, or doing active XML - */ - if (def->type == VIR_DOMAIN_SECLABEL_STATIC || - def->baselabel || - (!(flags & VIR_DOMAIN_XML_INACTIVE) && - def->type != VIR_DOMAIN_SECLABEL_NONE)) { - - p = virXPathStringLimit("string(./@model)", - VIR_SECURITY_MODEL_BUFLEN-1, ctxt); - if (p == NULL && def->type != VIR_DOMAIN_SECLABEL_NONE) { - virReportError(VIR_ERR_XML_ERROR, - "%s", _("missing security model")); - } - def->model = p; - } + /* Always parse model */ + p = virXPathStringLimit("string(./@model)", + VIR_SECURITY_MODEL_BUFLEN-1, ctxt); + def->model = p; return def; @@ -3129,10 +3121,12 @@ error: static int virSecurityLabelDefsParseXML(virDomainDefPtr def, xmlXPathContextPtr ctxt, + virCapsPtr caps, unsigned int flags) { int i = 0, n; xmlNodePtr *list = NULL, saved_node; + virCapsHostPtr host = &caps->host; /* Check args and save context */ if (def == NULL || ctxt == NULL) @@ -3159,18 +3153,47 @@ virSecurityLabelDefsParseXML(virDomainDefPtr def, ctxt->node = saved_node; VIR_FREE(list); - /* Checking missing model information - * when there is more than one seclabel */ - if (n > 1) { + /* libvirt versions prior to 0.10.0 support just a single seclabel element + * in guest's XML and model attribute can be suppressed if type is none or + * type is dynamic, baselabel is not defined and INACTIVE flag is set. + * + * To avoid compatibility issues, for this specific case the first model + * defined in host's capabilities is used as model for the seclabel. + */ + if (def->nseclabels == 1 && + !def->seclabels[0]->model && + host->nsecModels > 0) { + if (def->seclabels[0]->type == VIR_DOMAIN_SECLABEL_NONE || + (def->seclabels[0]->type == VIR_DOMAIN_SECLABEL_DYNAMIC && + !def->seclabels[0]->baselabel && + (flags & VIR_DOMAIN_XML_INACTIVE))) { + /* Copy model from host. */ + VIR_DEBUG("Found seclabel without a model, using '%s'", + host->secModels[0].model); + def->seclabels[0]->model = strdup(host->secModels[0].model); + if (!def->seclabels[0]->model) { + virReportOOMError(); + goto error; + } + } else { + virReportError(VIR_ERR_XML_ERROR, "%s", + _("missing security model in domain seclabel")); + goto error; + } + } + + /* Checking missing model information */ + if (def->nseclabels > 1) { for(; n; n--) { if (def->seclabels[n - 1]->model == NULL) { virReportError(VIR_ERR_XML_ERROR, "%s", - _("missing security model " - "when using multiple labels")); + _("missing security model " + "when using multiple labels")); goto error; } } } + return 0; error: @@ -8166,7 +8189,7 @@ static virDomainDefPtr virDomainDefParseXML(virCapsPtr caps, /* analysis of security label, done early even though we format it * late, so devices can refer to this for defaults */ - if (virSecurityLabelDefsParseXML(def, ctxt, flags) == -1) + if (virSecurityLabelDefsParseXML(def, ctxt, caps, flags) == -1) goto error; /* Extract domain memory */ @@ -11033,7 +11056,7 @@ cleanup: return bitmap; } -int virDomainVcpuPinAdd(virDomainVcpuPinDefPtr *vcpupin_list, +int virDomainVcpuPinAdd(virDomainVcpuPinDefPtr **vcpupin_list, int *nvcpupin, unsigned char *cpumap, int maplen, @@ -11048,7 +11071,7 @@ int virDomainVcpuPinAdd(virDomainVcpuPinDefPtr *vcpupin_list, if ((cpumask = bitmapFromBytemap(cpumap, maplen)) == NULL) return -1; - vcpupin = virDomainVcpuPinFindByVcpu(vcpupin_list, + vcpupin = virDomainVcpuPinFindByVcpu(*vcpupin_list, *nvcpupin, vcpu); if (vcpupin) { @@ -11069,14 +11092,14 @@ int virDomainVcpuPinAdd(virDomainVcpuPinDefPtr *vcpupin_list, vcpupin->cpumask = cpumask; - if (VIR_REALLOC_N(vcpupin_list, *nvcpupin + 1) < 0) { + if (VIR_REALLOC_N(*vcpupin_list, *nvcpupin + 1) < 0) { virReportOOMError(); VIR_FREE(cpumask); VIR_FREE(vcpupin); return -1; } - vcpupin_list[(*nvcpupin)++] = vcpupin; + (*vcpupin_list)[(*nvcpupin)++] = vcpupin; return 0; } @@ -11221,10 +11244,16 @@ virSecurityLabelDefFormat(virBufferPtr buf, virSecurityLabelDefPtr def) if (def->type == VIR_DOMAIN_SECLABEL_DEFAULT) return; + /* To avoid backward compatibility issues, suppress DAC labels that are + * automatically generated. + */ + if (STREQ_NULLABLE(def->model, "dac") && def->implicit) + return; + virBufferAsprintf(buf, "<seclabel type='%s'", sectype); - if (def->model) + if (def->model && STRNEQ(def->model, "none")) virBufferEscapeString(buf, " model='%s'", def->model); if (def->type == VIR_DOMAIN_SECLABEL_NONE) { @@ -14972,6 +15001,7 @@ virSecurityLabelDefPtr virDomainDefGetSecurityLabelDef(virDomainDefPtr def, const char *model) { int i; + virSecurityLabelDefPtr seclabel = NULL; if (def == NULL || model == NULL) return NULL; @@ -14983,7 +15013,11 @@ virDomainDefGetSecurityLabelDef(virDomainDefPtr def, const char *model) return def->seclabels[i]; } - return virDomainDefAddSecurityLabelDef(def, model); + seclabel = virDomainDefAddSecurityLabelDef(def, model); + if (seclabel) + seclabel->implicit = true; + + return seclabel; } virSecurityDeviceLabelDefPtr diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index 9ee57e1cb..034bebfa1 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -295,6 +295,7 @@ struct _virSecurityLabelDef { char *baselabel; /* base name of label string */ int type; /* virDomainSeclabelType */ bool norelabel; + bool implicit; /* true if seclabel is auto-added */ }; @@ -1885,7 +1886,7 @@ int virDomainCpuSetParse(const char *str, char *virDomainCpuSetFormat(char *cpuset, int maxcpu); -int virDomainVcpuPinAdd(virDomainVcpuPinDefPtr *vcpupin_list, +int virDomainVcpuPinAdd(virDomainVcpuPinDefPtr **vcpupin_list, int *nvcpupin, unsigned char *cpumap, int maplen, diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 27eb43e74..6f14763e7 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -1326,6 +1326,7 @@ virMacAddrCompare; virMacAddrFormat; virMacAddrGenerate; virMacAddrGetRaw; +virMacAddrIsBroadcastRaw; virMacAddrIsMulticast; virMacAddrIsUnicast; virMacAddrParse; diff --git a/src/libxl/libxl_driver.c b/src/libxl/libxl_driver.c index d8ecf1330..1638314c0 100644 --- a/src/libxl/libxl_driver.c +++ b/src/libxl/libxl_driver.c @@ -2461,7 +2461,7 @@ libxlDomainPinVcpu(virDomainPtr dom, unsigned int vcpu, unsigned char *cpumap, } vm->def->cputune.nvcpupin = 0; } - if (virDomainVcpuPinAdd(vm->def->cputune.vcpupin, + if (virDomainVcpuPinAdd(&vm->def->cputune.vcpupin, &vm->def->cputune.nvcpupin, cpumap, maplen, diff --git a/src/lxc/lxc_process.c b/src/lxc/lxc_process.c index cdbf14b19..bcd59cb09 100644 --- a/src/lxc/lxc_process.c +++ b/src/lxc/lxc_process.c @@ -325,7 +325,7 @@ static int virLXCProcessSetupInterfaceBridged(virConnectPtr conn, if (vport && vport->virtPortType == VIR_NETDEV_VPORT_PROFILE_OPENVSWITCH) ret = virNetDevOpenvswitchAddPort(brname, parentVeth, &net->mac, - vm->uuid, vport, &net->vlan); + vm->uuid, vport, virDomainNetGetActualVlan(net)); else ret = virNetDevBridgeAddPort(brname, parentVeth); if (ret < 0) diff --git a/src/nwfilter/nwfilter_dhcpsnoop.c b/src/nwfilter/nwfilter_dhcpsnoop.c index 23cbdde67..eb03f9dd1 100644 --- a/src/nwfilter/nwfilter_dhcpsnoop.c +++ b/src/nwfilter/nwfilter_dhcpsnoop.c @@ -1010,6 +1010,17 @@ virNWFilterSnoopDHCPDecode(virNWFilterSnoopReqPtr req, if (len < 0) return -2; /* invalid packet length */ + /* + * some DHCP servers send their responses as MAC broadcast replies + * filter messages from the server also by the destination MAC + * inside the DHCP response + */ + if (!fromVM) { + if (virMacAddrCmpRaw(&req->macaddr, + (unsigned char *)&pd->d_chaddr) != 0) + return -2; + } + if (virNWFilterSnoopDHCPGetOpt(pd, len, &mtype, &leasetime) < 0) return -2; @@ -1069,7 +1080,6 @@ virNWFilterSnoopDHCPOpen(const char *ifname, virMacAddr *mac, char pcap_errbuf[PCAP_ERRBUF_SIZE]; char *ext_filter = NULL; char macaddr[VIR_MAC_STRING_BUFLEN]; - const char *ext; virMacAddrFormat(mac, macaddr); @@ -1080,14 +1090,24 @@ virNWFilterSnoopDHCPOpen(const char *ifname, virMacAddr *mac, * extend the filter with the macaddr of the VM; filter the * more unlikely parameters first, then go for the MAC */ - ext = "and ether src"; + if (virAsprintf(&ext_filter, + "%s and ether src %s", filter, macaddr) < 0) { + virReportOOMError(); + return NULL; + } } else { - ext = "and ether dst"; - } - - if (virAsprintf(&ext_filter, "%s %s %s", filter, ext, macaddr) < 0) { - virReportOOMError(); - return NULL; + /* + * Some DHCP servers respond via MAC broadcast; we rely on later + * filtering of responses by comparing the MAC address inside the + * DHCP response against the one of the VM. Assuming that the + * bridge learns the VM's MAC address quickly this should not + * generate much more traffic than if we filtered by VM and + * braodcast MAC as well + */ + if (virAsprintf(&ext_filter, "%s", filter) < 0) { + virReportOOMError(); + return NULL; + } } handle = pcap_create(ifname, pcap_errbuf); diff --git a/src/nwfilter/nwfilter_ebiptables_driver.c b/src/nwfilter/nwfilter_ebiptables_driver.c index ad1d0555e..034e6c4ad 100644 --- a/src/nwfilter/nwfilter_ebiptables_driver.c +++ b/src/nwfilter/nwfilter_ebiptables_driver.c @@ -3345,6 +3345,7 @@ ebtablesApplyDHCPOnlyRules(const char *ifname, while (true) { char *srcIPParam = NULL; + int ctr; if (idx < num_dhcpsrvrs) { const char *dhcpserver; @@ -3357,27 +3358,33 @@ ebtablesApplyDHCPOnlyRules(const char *ifname, } } - virBufferAsprintf(&buf, - CMD_DEF("$EBT -t nat -A %s" - " -d %s" - " -p ipv4 --ip-protocol udp" - " %s" - " --ip-sport 67 --ip-dport 68" - " -j ACCEPT") CMD_SEPARATOR - CMD_EXEC - "%s", - - chain_out, - macaddr_str, - srcIPParam != NULL ? srcIPParam : "", - CMD_STOPONERR(1)); + /* + * create two rules allowing response to MAC address of VM + * or to broadcast MAC address + */ + for (ctr = 0; ctr < 2; ctr++) { + virBufferAsprintf(&buf, + CMD_DEF("$EBT -t nat -A %s" + " -d %s" + " -p ipv4 --ip-protocol udp" + " %s" + " --ip-sport 67 --ip-dport 68" + " -j ACCEPT") CMD_SEPARATOR + CMD_EXEC + "%s", + + chain_out, + (ctr == 0) ? macaddr_str : "ff:ff:ff:ff:ff:ff", + srcIPParam != NULL ? srcIPParam : "", + CMD_STOPONERR(1)); + } VIR_FREE(srcIPParam); - if (idx == num_dhcpsrvrs) - break; - idx++; + + if (idx >= num_dhcpsrvrs) + break; } virBufferAsprintf(&buf, diff --git a/src/nwfilter/nwfilter_learnipaddr.c b/src/nwfilter/nwfilter_learnipaddr.c index cb8005041..51ac43a66 100644 --- a/src/nwfilter/nwfilter_learnipaddr.c +++ b/src/nwfilter/nwfilter_learnipaddr.c @@ -414,9 +414,7 @@ learnIPAddressThread(void *arg) req->status = EINVAL; goto done; } - virBufferAsprintf(&buf, " ether dst %s" - " and src port 67 and dst port 68", - macaddr); + virBufferAsprintf(&buf, "src port 67 and dst port 68"); break; default: if (techdriver->applyBasicRules(req->ifname, @@ -424,7 +422,8 @@ learnIPAddressThread(void *arg) req->status = EINVAL; goto done; } - virBufferAsprintf(&buf, "ether host %s", macaddr); + virBufferAsprintf(&buf, "ether host %s or ether dst ff:ff:ff:ff:ff:ff", + macaddr); } if (virBufferError(&buf)) { @@ -529,7 +528,9 @@ learnIPAddressThread(void *arg) } } } else if (virMacAddrCmpRaw(&req->macaddr, - ether_hdr->ether_dhost) == 0) { + ether_hdr->ether_dhost) == 0 || + /* allow Broadcast replies from DHCP server */ + virMacAddrIsBroadcastRaw(ether_hdr->ether_dhost)) { /* packets to the VM */ if (etherType == ETHERTYPE_IP && (header.len >= ethHdrSize + diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf index fb22b7cd8..d3175fa75 100644 --- a/src/qemu/qemu.conf +++ b/src/qemu/qemu.conf @@ -162,7 +162,9 @@ # driver at the same time, for this use a list of names separated by # comma and delimited by square brackets. For example: # -# security_driver = [ "selinux", "dac" ] +# security_driver = [ "selinux", "apparmor" ] +# +# Note: The DAC security driver is always enabled. # #security_driver = "selinux" diff --git a/src/qemu/qemu_agent.c b/src/qemu/qemu_agent.c index aaff9fc61..51e60d21e 100644 --- a/src/qemu/qemu_agent.c +++ b/src/qemu/qemu_agent.c @@ -832,19 +832,22 @@ void qemuAgentClose(qemuAgentPtr mon) virObjectUnref(mon); } -#define QEMU_AGENT_WAIT_TIME (1000ull * 5) +#define QEMU_AGENT_WAIT_TIME 5 /** * qemuAgentSend: * @mon: Monitor * @msg: Message - * @timeout: use timeout? - * @seconds: timeout seconds. if VIR_DOMAIN_QEMU_AGENT_COMMAND_DEFAULT and - * @timeout is true, use default value. + * @seconds: number of seconds to wait for the result, it can be either + * -2, -1, 0 or positive. * - * Send @msg to agent @mon. - * Wait max QEMU_AGENT_WAIT_TIME for agent - * to reply. + * Send @msg to agent @mon. If @seconds is equal to + * VIR_DOMAIN_QEMU_AGENT_COMMAND_BLOCK(-2), this function will block forever + * waiting for the result. The value of + * VIR_DOMAIN_QEMU_AGENT_COMMAND_DEFAULT(-1) means use default timeout value + * and VIR_DOMAIN_QEMU_AGENT_COMMAND_NOWAIT(0) makes this this function return + * immediately without waiting. Any positive value means the number of seconds + * to wait for the result. * * Returns: 0 on success, * -2 on timeout, @@ -852,11 +855,10 @@ void qemuAgentClose(qemuAgentPtr mon) */ static int qemuAgentSend(qemuAgentPtr mon, qemuAgentMessagePtr msg, - bool timeout, int seconds) { int ret = -1; - unsigned long long now, then = 0; + unsigned long long then = 0; /* Check whether qemu quit unexpectedly */ if (mon->lastError.code != VIR_ERR_OK) { @@ -866,21 +868,21 @@ static int qemuAgentSend(qemuAgentPtr mon, return -1; } - if (timeout) { + if (seconds > VIR_DOMAIN_QEMU_AGENT_COMMAND_BLOCK) { + unsigned long long now; if (virTimeMillisNow(&now) < 0) return -1; - if (!(seconds >= 0 || seconds == VIR_DOMAIN_QEMU_AGENT_COMMAND_DEFAULT)) - return -1; - then = now + (seconds == VIR_DOMAIN_QEMU_AGENT_COMMAND_DEFAULT ? - QEMU_AGENT_WAIT_TIME : seconds * 1000ull); + if (seconds == VIR_DOMAIN_QEMU_AGENT_COMMAND_DEFAULT) + seconds = QEMU_AGENT_WAIT_TIME; + then = now + seconds * 1000ull; } mon->msg = msg; qemuAgentUpdateWatch(mon); while (!mon->msg->finished) { - if ((timeout && virCondWaitUntil(&mon->notify, &mon->lock, then) < 0) || - (!timeout && virCondWait(&mon->notify, &mon->lock) < 0)) { + if ((then && virCondWaitUntil(&mon->notify, &mon->lock, then) < 0) || + (!then && virCondWait(&mon->notify, &mon->lock) < 0)) { if (errno == ETIMEDOUT) { virReportError(VIR_ERR_AGENT_UNRESPONSIVE, "%s", _("Guest agent not available for now")); @@ -945,7 +947,7 @@ qemuAgentGuestSync(qemuAgentPtr mon) VIR_DEBUG("Sending guest-sync command with ID: %llu", id); - send_ret = qemuAgentSend(mon, &sync_msg, true, + send_ret = qemuAgentSend(mon, &sync_msg, VIR_DOMAIN_QEMU_AGENT_COMMAND_DEFAULT); VIR_DEBUG("qemuAgentSend returned: %d", send_ret); @@ -1015,7 +1017,7 @@ qemuAgentCommand(qemuAgentPtr mon, VIR_DEBUG("Send command '%s' for write, seconds = %d", cmdstr, seconds); - ret = qemuAgentSend(mon, &msg, seconds < -1 ? false : true, seconds); + ret = qemuAgentSend(mon, &msg, seconds); VIR_DEBUG("Receive command reply ret=%d rxObject=%p", ret, msg.rxObject); @@ -1294,7 +1296,7 @@ int qemuAgentShutdown(qemuAgentPtr mon, mon->await_event = QEMU_AGENT_EVENT_SHUTDOWN; ret = qemuAgentCommand(mon, cmd, &reply, - VIR_DOMAIN_QEMU_AGENT_COMMAND_DEFAULT); + VIR_DOMAIN_QEMU_AGENT_COMMAND_BLOCK); if (reply && ret == 0) ret = qemuAgentCheckError(cmd, reply); @@ -1327,7 +1329,7 @@ int qemuAgentFSFreeze(qemuAgentPtr mon) return -1; if (qemuAgentCommand(mon, cmd, &reply, - VIR_DOMAIN_QEMU_AGENT_COMMAND_DEFAULT) < 0 || + VIR_DOMAIN_QEMU_AGENT_COMMAND_BLOCK) < 0 || qemuAgentCheckError(cmd, reply) < 0) goto cleanup; @@ -1365,7 +1367,7 @@ int qemuAgentFSThaw(qemuAgentPtr mon) return -1; if (qemuAgentCommand(mon, cmd, &reply, - VIR_DOMAIN_QEMU_AGENT_COMMAND_DEFAULT) < 0 || + VIR_DOMAIN_QEMU_AGENT_COMMAND_BLOCK) < 0 || qemuAgentCheckError(cmd, reply) < 0) goto cleanup; @@ -1403,7 +1405,7 @@ qemuAgentSuspend(qemuAgentPtr mon, mon->await_event = QEMU_AGENT_EVENT_SUSPEND; ret = qemuAgentCommand(mon, cmd, &reply, - VIR_DOMAIN_QEMU_AGENT_COMMAND_DEFAULT); + VIR_DOMAIN_QEMU_AGENT_COMMAND_BLOCK); if (reply && ret == 0) ret = qemuAgentCheckError(cmd, reply); diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c index be1b96d71..7298e2872 100644 --- a/src/qemu/qemu_cgroup.c +++ b/src/qemu/qemu_cgroup.c @@ -546,15 +546,21 @@ int qemuSetupCgroupForVcpu(struct qemud_driver *driver, virDomainObjPtr vm) unsigned long long period = vm->def->cputune.period; long long quota = vm->def->cputune.quota; - if (driver->cgroup == NULL) - return 0; /* Not supported, so claim success */ - - if (!qemuCgroupControllerActive(driver, VIR_CGROUP_CONTROLLER_CPU)) { - virReportError(VIR_ERR_SYSTEM_ERROR, "%s", - _("cgroup cpu is not active")); + if ((period || quota) && + (!driver->cgroup || + !qemuCgroupControllerActive(driver, VIR_CGROUP_CONTROLLER_CPU))) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("cgroup cpu is required for scheduler tuning")); return -1; } + /* We are trying to setup cgroups for CPU pinning, which can also be done + * with virProcessInfoSetAffinity, thus the lack of cgroups is not fatal + * here. + */ + if (driver->cgroup == NULL) + return 0; + rc = virCgroupForDomain(driver->cgroup, vm->def->name, &cgroup, 0); if (rc != 0) { virReportSystemError(-rc, @@ -635,6 +641,14 @@ int qemuSetupCgroupForEmulator(struct qemud_driver *driver, long long quota = vm->def->cputune.emulator_quota; int rc, i; + if ((period || quota) && + (!driver->cgroup || + !qemuCgroupControllerActive(driver, VIR_CGROUP_CONTROLLER_CPU))) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("cgroup cpu is required for scheduler tuning")); + return -1; + } + if (driver->cgroup == NULL) return 0; /* Not supported, so claim success */ @@ -655,10 +669,8 @@ int qemuSetupCgroupForEmulator(struct qemud_driver *driver, } for (i = 0; i < VIR_CGROUP_CONTROLLER_LAST; i++) { - if (!qemuCgroupControllerActive(driver, i)) { - VIR_WARN("cgroup %d is not active", i); + if (!qemuCgroupControllerActive(driver, i)) continue; - } rc = virCgroupMoveTask(cgroup, cgroup_emulator, i); if (rc < 0) { virReportSystemError(-rc, diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index 8c32a4dcd..25f2451f9 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -258,7 +258,7 @@ qemuNetworkIfaceConnect(virDomainDefPtr def, err = virNetDevTapCreateInBridgePort(brname, &net->ifname, &net->mac, def->uuid, &tapfd, virDomainNetGetActualVirtPortProfile(net), - &net->vlan, + virDomainNetGetActualVlan(net), tap_create_flags); virDomainAuditNetDevice(def, net, "/dev/net/tun", tapfd >= 0); if (err < 0) { diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 955744a04..53d6e5b56 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -249,94 +249,66 @@ static int qemuSecurityInit(struct qemud_driver *driver) { char **names; - char *primary; - virSecurityManagerPtr mgr, nested, stack = NULL; + virSecurityManagerPtr mgr = NULL; + virSecurityManagerPtr stack = NULL; - if (driver->securityDriverNames == NULL) - primary = NULL; - else - primary = driver->securityDriverNames[0]; - - /* Create primary driver */ - mgr = virSecurityManagerNew(primary, - QEMU_DRIVER_NAME, - driver->allowDiskFormatProbing, - driver->securityDefaultConfined, - driver->securityRequireConfined); - if (!mgr) - goto error; - - /* If a DAC driver is required or additional drivers are provived, a stack - * driver should be create to group them all */ - if (driver->privileged || - (driver->securityDriverNames && driver->securityDriverNames[1])) { - stack = virSecurityManagerNewStack(mgr); - if (!stack) - goto error; - mgr = stack; - } - - /* Loop through additional driver names and add a secudary driver to each - * one */ - if (driver->securityDriverNames) { - names = driver->securityDriverNames + 1; + if (driver->securityDriverNames && + driver->securityDriverNames[0]) { + names = driver->securityDriverNames; while (names && *names) { - if (STREQ("dac", *names)) { - /* A DAC driver has specific parameters */ - nested = virSecurityManagerNewDAC(QEMU_DRIVER_NAME, - driver->user, - driver->group, - driver->allowDiskFormatProbing, - driver->securityDefaultConfined, - driver->securityRequireConfined, - driver->dynamicOwnership); + if (!(mgr = virSecurityManagerNew(*names, + QEMU_DRIVER_NAME, + driver->allowDiskFormatProbing, + driver->securityDefaultConfined, + driver->securityRequireConfined))) + goto error; + if (!stack) { + if (!(stack = virSecurityManagerNewStack(mgr))) + goto error; } else { - nested = virSecurityManagerNew(*names, - QEMU_DRIVER_NAME, - driver->allowDiskFormatProbing, - driver->securityDefaultConfined, - driver->securityRequireConfined); + if (virSecurityManagerStackAddNested(stack, mgr) < 0) + goto error; } - if (nested == NULL) - goto error; - if (virSecurityManagerStackAddNested(stack, nested)) - goto error; + mgr = NULL; names++; } + } else { + if (!(mgr = virSecurityManagerNew(NULL, + QEMU_DRIVER_NAME, + driver->allowDiskFormatProbing, + driver->securityDefaultConfined, + driver->securityRequireConfined))) + goto error; + if (!(stack = virSecurityManagerNewStack(mgr))) + goto error; + mgr = NULL; } if (driver->privileged) { - /* When a DAC driver is required, check if there is already one in the - * additional drivers */ - names = driver->securityDriverNames; - while (names && *names) { - if (STREQ("dac", *names)) { - break; - } - names++; - } - /* If there is no DAC driver, create a new one and add it to the stack - * manager */ - if (names == NULL || *names == NULL) { - nested = virSecurityManagerNewDAC(QEMU_DRIVER_NAME, - driver->user, - driver->group, - driver->allowDiskFormatProbing, - driver->securityDefaultConfined, - driver->securityRequireConfined, - driver->dynamicOwnership); - if (nested == NULL) + if (!(mgr = virSecurityManagerNewDAC(QEMU_DRIVER_NAME, + driver->user, + driver->group, + driver->allowDiskFormatProbing, + driver->securityDefaultConfined, + driver->securityRequireConfined, + driver->dynamicOwnership))) + goto error; + if (!stack) { + if (!(stack = virSecurityManagerNewStack(mgr))) goto error; - if (virSecurityManagerStackAddNested(stack, nested)) + } else { + if (virSecurityManagerStackAddNested(stack, mgr) < 0) goto error; } + mgr = NULL; } - driver->securityManager = mgr; + driver->securityManager = stack; return 0; error: VIR_ERROR(_("Failed to initialize security drivers")); + virSecurityManagerFree(stack); virSecurityManagerFree(mgr); return -1; } @@ -3810,7 +3782,7 @@ qemudDomainPinVcpuFlags(virDomainPtr dom, newVcpuPinNum = 0; } - if (virDomainVcpuPinAdd(newVcpuPin, &newVcpuPinNum, cpumap, maplen, vcpu) < 0) { + if (virDomainVcpuPinAdd(&newVcpuPin, &newVcpuPinNum, cpumap, maplen, vcpu) < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("failed to update vcpupin")); virDomainVcpuPinDefFree(newVcpuPin, newVcpuPinNum); @@ -3877,7 +3849,7 @@ qemudDomainPinVcpuFlags(virDomainPtr dom, } persistentDef->cputune.nvcpupin = 0; } - if (virDomainVcpuPinAdd(persistentDef->cputune.vcpupin, + if (virDomainVcpuPinAdd(&persistentDef->cputune.vcpupin, &persistentDef->cputune.nvcpupin, cpumap, maplen, @@ -4070,7 +4042,7 @@ qemudDomainPinEmulator(virDomainPtr dom, newVcpuPinNum = 0; } - if (virDomainVcpuPinAdd(newVcpuPin, &newVcpuPinNum, cpumap, maplen, -1) < 0) { + if (virDomainVcpuPinAdd(&newVcpuPin, &newVcpuPinNum, cpumap, maplen, -1) < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("failed to update vcpupin")); virDomainVcpuPinDefFree(newVcpuPin, newVcpuPinNum); @@ -7204,32 +7176,34 @@ qemuDomainSetMemoryParameters(virDomainPtr dom, goto cleanup; } - /* Get current swap hard limit */ - rc = virCgroupGetMemSwapHardLimit(group, &val); - if (rc != 0) { - virReportSystemError(-rc, "%s", - _("unable to get swap hard limit")); - goto cleanup; - } + if (flags & VIR_DOMAIN_AFFECT_LIVE) { + /* Get current swap hard limit */ + rc = virCgroupGetMemSwapHardLimit(group, &val); + if (rc != 0) { + virReportSystemError(-rc, "%s", + _("unable to get swap hard limit")); + goto cleanup; + } - /* Swap hard_limit and swap_hard_limit to ensure the setting - * could succeed if both of them are provided. - */ - if (swap_hard_limit && hard_limit) { - virTypedParameter param; - - if (swap_hard_limit->value.ul > val) { - if (hard_limit_index < swap_hard_limit_index) { - param = params[hard_limit_index]; - params[hard_limit_index] = params[swap_hard_limit_index]; - params[swap_hard_limit_index] = param; - } - } else { - if (hard_limit_index > swap_hard_limit_index) { - param = params[hard_limit_index]; - params[hard_limit_index] = params[swap_hard_limit_index]; - params[swap_hard_limit_index] = param; - } + /* Swap hard_limit and swap_hard_limit to ensure the setting + * could succeed if both of them are provided. + */ + if (swap_hard_limit && hard_limit) { + virTypedParameter param; + + if (swap_hard_limit->value.ul > val) { + if (hard_limit_index < swap_hard_limit_index) { + param = params[hard_limit_index]; + params[hard_limit_index] = params[swap_hard_limit_index]; + params[swap_hard_limit_index] = param; + } + } else { + if (hard_limit_index > swap_hard_limit_index) { + param = params[hard_limit_index]; + params[hard_limit_index] = params[swap_hard_limit_index]; + params[swap_hard_limit_index] = param; + } + } } } @@ -13486,7 +13460,7 @@ getSumVcpuPercpuStats(virCgroupPtr group, goto cleanup; } - if (virCgroupGetCpuacctPercpuUsage(group, &buf) < 0) + if (virCgroupGetCpuacctPercpuUsage(group_vcpu, &buf) < 0) goto cleanup; pos = buf; @@ -13522,7 +13496,7 @@ qemuDomainGetPercpuStats(virDomainPtr domain, char *map = NULL; char *map2 = NULL; int rv = -1; - int i, max_id; + int i, id, max_id; char *pos; char *buf = NULL; unsigned long long *sum_cpu_time = NULL; @@ -13563,10 +13537,13 @@ qemuDomainGetPercpuStats(virDomainPtr domain, /* return percpu cputime in index 0 */ param_idx = 0; + /* number of cpus to compute */ + id = max_id; + if (max_id - start_cpu > ncpus - 1) - max_id = start_cpu + ncpus - 1; + id = start_cpu + ncpus - 1; - for (i = 0; i <= max_id; i++) { + for (i = 0; i <= id; i++) { if (!map[i]) { cpu_time = 0; } else if (virStrToLong_ull(pos, &pos, 10, &cpu_time) < 0) { @@ -13606,7 +13583,7 @@ qemuDomainGetPercpuStats(virDomainPtr domain, } sum_cpu_pos = sum_cpu_time; - for (i = 0; i <= max_id; i++) { + for (i = 0; i <= id; i++) { if (!map[i]) cpu_time = 0; else diff --git a/src/security/security_dac.c b/src/security/security_dac.c index 5de739149..211fb37e9 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -891,7 +891,6 @@ virSecurityDACGenLabel(virSecurityManagerPtr mgr, case VIR_DOMAIN_SECLABEL_NONE: /* no op */ return 0; - break; default: virReportError(VIR_ERR_INTERNAL_ERROR, _("unexpected security label type '%s'"), diff --git a/src/security/security_driver.c b/src/security/security_driver.c index e6da2208b..f450a9437 100644 --- a/src/security/security_driver.c +++ b/src/security/security_driver.c @@ -35,7 +35,6 @@ # include "security_apparmor.h" #endif -#include "security_dac.h" #include "security_nop.h" #define VIR_FROM_THIS VIR_FROM_SECURITY @@ -47,7 +46,6 @@ static virSecurityDriverPtr security_drivers[] = { #ifdef WITH_SECDRIVER_APPARMOR &virAppArmorSecurityDriver, #endif - &virSecurityDriverDAC, &virSecurityDriverNop, /* Must always be last, since it will always probe */ }; diff --git a/src/security/security_manager.c b/src/security/security_manager.c index 0e106d5fe..07f5a9ba7 100644 --- a/src/security/security_manager.c +++ b/src/security/security_manager.c @@ -49,6 +49,12 @@ static virSecurityManagerPtr virSecurityManagerNewDriver(virSecurityDriverPtr dr { virSecurityManagerPtr mgr; + VIR_DEBUG("drv=%p (%s) virtDriver=%s allowDiskFormatProbing=%d " + "defaultConfined=%d requireConfined=%d", + drv, drv->name, virtDriver, + allowDiskFormatProbing, defaultConfined, + requireConfined); + if (VIR_ALLOC_VAR(mgr, char, drv->privateDataLen) < 0) { virReportOOMError(); return NULL; @@ -80,7 +86,7 @@ virSecurityManagerPtr virSecurityManagerNewStack(virSecurityManagerPtr primary) if (!mgr) return NULL; - virSecurityStackAddPrimary(mgr, primary); + virSecurityStackAddNested(mgr, primary); return mgr; } @@ -334,10 +340,12 @@ int virSecurityManagerGenLabel(virSecurityManagerPtr mgr, } if (seclabel->type == VIR_DOMAIN_SECLABEL_DEFAULT) { - if (sec_managers[i]->defaultConfined) + if (sec_managers[i]->defaultConfined) { seclabel->type = VIR_DOMAIN_SECLABEL_DYNAMIC; - else + } else { seclabel->type = VIR_DOMAIN_SECLABEL_NONE; + seclabel->norelabel = true; + } } if ((seclabel->type == VIR_DOMAIN_SECLABEL_NONE) && diff --git a/src/security/security_stack.c b/src/security/security_stack.c index 7dcd62629..0eb7e7658 100644 --- a/src/security/security_stack.c +++ b/src/security/security_stack.c @@ -38,35 +38,31 @@ struct _virSecurityStackItem { }; struct _virSecurityStackData { - virSecurityManagerPtr primary; virSecurityStackItemPtr itemsHead; }; int -virSecurityStackAddPrimary(virSecurityManagerPtr mgr, - virSecurityManagerPtr primary) -{ - virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr); - if (virSecurityStackAddNested(mgr, primary) < 0) - return -1; - priv->primary = primary; - return 0; -} - -int virSecurityStackAddNested(virSecurityManagerPtr mgr, virSecurityManagerPtr nested) { virSecurityStackItemPtr item = NULL; virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr); + virSecurityStackItemPtr tmp; + + tmp = priv->itemsHead; + while (tmp && tmp->next) + tmp = tmp->next; if (VIR_ALLOC(item) < 0) { virReportOOMError(); return -1; } item->securityManager = nested; - item->next = priv->itemsHead; - priv->itemsHead = item; + if (tmp) + tmp->next = item; + else + priv->itemsHead = item; + return 0; } @@ -74,19 +70,7 @@ virSecurityManagerPtr virSecurityStackGetPrimary(virSecurityManagerPtr mgr) { virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr); - return (priv->primary) ? priv->primary : priv->itemsHead->securityManager; -} - -void virSecurityStackSetPrimary(virSecurityManagerPtr mgr, - virSecurityManagerPtr primary) -{ - virSecurityStackAddPrimary(mgr, primary); -} - -void virSecurityStackSetSecondary(virSecurityManagerPtr mgr, - virSecurityManagerPtr secondary) -{ - virSecurityStackAddNested(mgr, secondary); + return priv->itemsHead->securityManager; } static virSecurityDriverStatus diff --git a/src/security/security_stack.h b/src/security/security_stack.h index 6898c03b7..5bb3be765 100644 --- a/src/security/security_stack.h +++ b/src/security/security_stack.h @@ -27,19 +27,11 @@ extern virSecurityDriver virSecurityDriverStack; int -virSecurityStackAddPrimary(virSecurityManagerPtr mgr, - virSecurityManagerPtr primary); -int virSecurityStackAddNested(virSecurityManagerPtr mgr, virSecurityManagerPtr nested); virSecurityManagerPtr virSecurityStackGetPrimary(virSecurityManagerPtr mgr); -void virSecurityStackSetPrimary(virSecurityManagerPtr mgr, - virSecurityManagerPtr primary); -void virSecurityStackSetSecondary(virSecurityManagerPtr mgr, - virSecurityManagerPtr secondary); - virSecurityManagerPtr* virSecurityStackGetNested(virSecurityManagerPtr mgr); diff --git a/src/uml/uml_conf.c b/src/uml/uml_conf.c index 5461b42a8..410f3e269 100644 --- a/src/uml/uml_conf.c +++ b/src/uml/uml_conf.c @@ -141,7 +141,7 @@ umlConnectTapDevice(virConnectPtr conn, if (virNetDevTapCreateInBridgePort(bridge, &net->ifname, &net->mac, vm->uuid, NULL, virDomainNetGetActualVirtPortProfile(net), - &net->vlan, + virDomainNetGetActualVlan(net), VIR_NETDEV_TAP_CREATE_IFUP) < 0) { if (template_ifname) VIR_FREE(net->ifname); diff --git a/src/util/cgroup.c b/src/util/cgroup.c index 8541c7fda..5dc07649d 100644 --- a/src/util/cgroup.c +++ b/src/util/cgroup.c @@ -360,7 +360,7 @@ static int virCgroupGetValueStr(virCgroupPtr group, VIR_DEBUG("Get value %s", keypath); - rc = virFileReadAll(keypath, 1024, value); + rc = virFileReadAll(keypath, 1024*1024, value); if (rc < 0) { rc = -errno; VIR_DEBUG("Failed to read %s: %m\n", keypath); diff --git a/src/util/virmacaddr.c b/src/util/virmacaddr.c index e20792711..671ba98d5 100644 --- a/src/util/virmacaddr.c +++ b/src/util/virmacaddr.c @@ -30,6 +30,9 @@ #include "virmacaddr.h" #include "virrandom.h" +static const unsigned char virMacAddrBroadcastAddrRaw[VIR_MAC_BUFLEN] = + { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; + /* Compare two MAC addresses, ignoring differences in case, * as well as leading zeros. */ @@ -218,3 +221,9 @@ virMacAddrIsUnicast(const virMacAddrPtr mac) { return !(mac->addr[0] & 1); } + +bool +virMacAddrIsBroadcastRaw(const unsigned char s[VIR_MAC_BUFLEN]) +{ + return memcmp(virMacAddrBroadcastAddrRaw, s, sizeof(*s)) == 0; +} diff --git a/src/util/virmacaddr.h b/src/util/virmacaddr.h index 4c5074ce3..1a2ff74da 100644 --- a/src/util/virmacaddr.h +++ b/src/util/virmacaddr.h @@ -52,4 +52,6 @@ int virMacAddrParse(const char* str, virMacAddrPtr addr) ATTRIBUTE_RETURN_CHECK; bool virMacAddrIsUnicast(const virMacAddrPtr addr); bool virMacAddrIsMulticast(const virMacAddrPtr addr); +bool virMacAddrIsBroadcastRaw(const unsigned char s[VIR_MAC_BUFLEN]); + #endif /* __VIR_MACADDR_H__ */ diff --git a/src/util/virnetdevopenvswitch.c b/src/util/virnetdevopenvswitch.c index b903ae4ee..764f478a6 100644 --- a/src/util/virnetdevopenvswitch.c +++ b/src/util/virnetdevopenvswitch.c @@ -59,7 +59,7 @@ int virNetDevOpenvswitchAddPort(const char *brname, const char *ifname, char *ifaceid_ex_id = NULL; char *profile_ex_id = NULL; char *vmid_ex_id = NULL; - virBufferPtr buf; + virBuffer buf = VIR_BUFFER_INITIALIZER; virMacAddrFormat(macaddr, macaddrstr); virUUIDFormat(ovsport->interfaceID, ifuuidstr); @@ -79,13 +79,12 @@ int virNetDevOpenvswitchAddPort(const char *brname, const char *ifname, ovsport->profileID) < 0) goto out_of_memory; } - if (virtVlan) { - if (VIR_ALLOC(buf) < 0) - goto out_of_memory; + + if (virtVlan && virtVlan->nTags > 0) { /* Trunk port first */ if (virtVlan->trunk) { - virBufferAddLit(buf, "trunk="); + virBufferAddLit(&buf, "trunk="); /* * Trunk ports have at least one VLAN. Do the first one @@ -93,21 +92,27 @@ int virNetDevOpenvswitchAddPort(const char *brname, const char *ifname, * start of the for loop if there are more than one VLANs * on this trunk port. */ - virBufferAsprintf(buf, "%d", virtVlan->tag[i]); + virBufferAsprintf(&buf, "%d", virtVlan->tag[i]); for (i = 1; i < virtVlan->nTags; i++) { - virBufferAddLit(buf, ","); - virBufferAsprintf(buf, "%d", virtVlan->tag[i]); + virBufferAddLit(&buf, ","); + virBufferAsprintf(&buf, "%d", virtVlan->tag[i]); } } else if (virtVlan->nTags) { - virBufferAsprintf(buf, "tag=%d", virtVlan->tag[0]); + virBufferAsprintf(&buf, "tag=%d", virtVlan->tag[0]); } } cmd = virCommandNew(OVSVSCTL); + + virCommandAddArgList(cmd, "--", "--may-exist", "add-port", + brname, ifname, NULL); + + if (virBufferUse(&buf) != 0) + virCommandAddArgList(cmd, virBufferCurrentContent(&buf), NULL); + if (ovsport->profileID[0] == '\0') { - virCommandAddArgList(cmd, "--", "--may-exist", "add-port", - brname, ifname, virBufferContentAndReset(buf), + virCommandAddArgList(cmd, "--", "set", "Interface", ifname, attachedmac_ex_id, "--", "set", "Interface", ifname, ifaceid_ex_id, "--", "set", "Interface", ifname, vmid_ex_id, @@ -115,8 +120,7 @@ int virNetDevOpenvswitchAddPort(const char *brname, const char *ifname, "external-ids:iface-status=active", NULL); } else { - virCommandAddArgList(cmd, "--", "--may-exist", "add-port", - brname, ifname, virBufferContentAndReset(buf), + virCommandAddArgList(cmd, "--", "set", "Interface", ifname, attachedmac_ex_id, "--", "set", "Interface", ifname, ifaceid_ex_id, "--", "set", "Interface", ifname, vmid_ex_id, @@ -135,7 +139,7 @@ int virNetDevOpenvswitchAddPort(const char *brname, const char *ifname, ret = 0; cleanup: - VIR_FREE(buf); + virBufferFreeAndReset(&buf); VIR_FREE(attachedmac_ex_id); VIR_FREE(ifaceid_ex_id); VIR_FREE(vmid_ex_id); diff --git a/src/util/virnetdevvportprofile.c b/src/util/virnetdevvportprofile.c index 52133782f..fbbdde91a 100644 --- a/src/util/virnetdevvportprofile.c +++ b/src/util/virnetdevvportprofile.c @@ -1235,7 +1235,8 @@ virNetDevVPortProfileDisassociate(const char *macvtap_ifname, /* avoid disassociating twice */ if (vmOp == VIR_NETDEV_VPORT_PROFILE_OP_MIGRATE_IN_FINISH) break; - ignore_value(virNetDevSetOnline(linkdev, false)); + if (vf < 0) + ignore_value(virNetDevSetOnline(linkdev, false)); rc = virNetDevVPortProfileOp8021Qbh(linkdev, macvtap_macaddr, vf, virtPort, NULL, VIR_NETDEV_VPORT_PROFILE_LINK_OP_DISASSOCIATE); diff --git a/src/xen/xend_internal.c b/src/xen/xend_internal.c index 99def429a..984f0404a 100644 --- a/src/xen/xend_internal.c +++ b/src/xen/xend_internal.c @@ -2303,7 +2303,7 @@ xenDaemonDomainPinVcpu(virDomainPtr domain, unsigned int vcpu, } def->cputune.nvcpupin = 0; } - if (virDomainVcpuPinAdd(def->cputune.vcpupin, + if (virDomainVcpuPinAdd(&def->cputune.vcpupin, &def->cputune.nvcpupin, cpumap, maplen, |