| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
There are some disk formats commonly supported by both qdisk and blktap.
As qdisk is better supported and blktap is unmaintained, we choose qdisk
over blktap whenever possible.
Signed-off-by: Wei Liu <wei.liu2@citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Matthew Daley has observed that the PV console protocol places sensitive host
state into a guest writeable xenstore locations, this includes:
- The pty used to communicate between the console backend daemon and its
client, allowing the guest administrator to read and write arbitrary host
files.
- The output file, allowing the guest administrator to write arbitrary host
files or to target arbitrary qemu chardevs which include sockets, udp, ptr,
pipes etc (see -chardev in qemu(1) for a more complete list).
- The maximum buffer size, allowing the guest administrator to consume more
resources than the host administrator has configured.
- The backend to use (qemu vs xenconsoled), potentially allowing the guest
administrator to confuse host software.
So we arrange to make the sensitive keys in the xenstore frontend directory
read only for the guest. This is safe since the xenstore permissions model,
unlike POSIX directory permissions, does not allow the guest to remove and
recreate a node if it has write access to the containing directory.
There are a few associated wrinkles:
- The primary PV console is "special". It's xenstore node is not under the
usual /devices/ subtree and it does not use the customary xenstore state
machine protocol. Unfortunately its directory is used for other things,
including the vnc-port node, which we do not want the guest to be able to
write to. Rather than trying to track down all the possible secondary uses
of this directory just make it r/o to the guest. All newly created
subdirectories inherit these permissions and so are now safe by default.
- The other serial consoles do use the customary xenstore state machine and
therefore need write access to at least the "protocol" and "state" nodes,
however they may also want to use arbitrary "feature-foo" nodes (although
I'm not aware of any) and therefore we cannot simply lock down the entire
frontend directory. Instead we add support to libxl__device_generic_add for
frontend keys which are explicitly read only and use that to lock down the
sensitive keys.
- Minios' console frontend wants to write the "type" node, which it has no
business doing since this is a host/toolstack level decision. This fails
now that the node has become read only to the PV guest. Since the toolstack
already writes this node just remove the attempt to set it.
This is a security issue, XSA-57.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
|
| |
|
|
|
|
|
|
| |
Prevent hotplug script execution from libxl if device is on a
different domain.
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Don't try to check physical devices if they belong to a domain
different than the one where the toolstack is running. This prevents
the following error when trying to use storage driver domains:
libxl: debug: libxl_create.c:1246:do_domain_create: ao 0x1819240: create: how=(nil) callback=(nil) poller=0x1818fa0
libxl: debug: libxl_device.c:235:libxl__device_disk_set_backend: Disk vdev=xvda spec.backend=phy
libxl: debug: libxl_device.c:175:disk_try_backend: Disk vdev=xvda, backend phy unsuitable as phys path not a block device
libxl: error: libxl_device.c:278:libxl__device_disk_set_backend: no suitable backend for disk xvda
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
blktap does not support the insert / eject commands, and so is not
suitable for cd-roms.
This fixes the bug where libxl uses tapdisk as a cdrom back-end, causing
subsequent eject / insert commands to fail.
Signed-off-by: George Dunlap <george.dunlap@eu.citrix.com>
CC: Fabio Fantoni <fabio.fantoni@heliman.it>
CC: Stefano Stabellini <stefano.stabellini@citrix.com>
CC: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The commit a8a1f236a296 "libxl: Only call stat() when adding a disk if we
expect a device to exist." changed things to only stat the file when the phy
backend was explicitly requested. This broke the case where we are probing and
would normally be able to decide on the phy option.
Since the intention of that commit was to allow for backends with no explicit
file in dom0 (i.e. network remote backend such as ceph) the lowest impact fix
appears to be to make that explicit. It turns out that tap disk can also
potentially handle such paths.
The only backend which requires a local file/device is PHY but we need to
handle UNKNOWN too in order for subsequent probing to work. Note that it is
not possible to autoprobe the backend if the path is not a local object, so we
don't need to worry about autoprobing ceph etc.
This should probably be revisited to rationalize the probing.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Roger Pau Monné <roger.pau@citrix.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We consider calling stat() a helpful error check in the following
circumstances only:
1. the disk backend type must be PHYsical
2. the disk backend domain must be the same as the running libxl
code (ie LIBXL_TOOLSTACK_DOMID)
3. there must not be a hotplug script because this would imply that
the device won't be created until after the hotplug script has
run.
With this fix, it is possible to use qemu's built-in block drivers
such as ceph/rbd, with a xl config disk spec like this:
disk=[ 'backendtype=qdisk,format=raw,vdev=hda,access=rw,target=rbd:rbd/ubuntu1204.img' ]
Signed-off-by: David Scott <dave.scott@eu.citrix.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Roger Pau Monné <roger.pau@citrix.com>
|
| |
|
|
|
|
|
|
| |
Move to idl for ease of expansion and auto-generated functions.
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
Cc: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
| |
|
|
|
|
|
|
| |
num_exec was not cleared when calling libxl__prepare_ao_device.
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Committed-by: Ian Campbell <ian.campbell@citrix.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This patch adds vtpm support to libxl. It adds vtpm parsing to config
files and 3 new xl commands:
vtpm-attach
vtpm-detach
vtpm-list
Signed-off-by: Matthew Fioravante <matthew.fioravante@jhuapl.edu>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Committed-by: Ian Campbell <ian.campbell@citrix.com>
|
| |
|
|
|
|
|
|
|
|
| |
device_backend_callback error path always says "unable to disconnect",
but this can also happen during the connection of a device. Fix the
error message using the information in aodev->action.
Signed-off-by: Roger Pau Monne <roger.pau@citrix.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Committed-by: Ian Campbell <ian.campbell@citrix.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These are provided using the "script=" syntax described in
docs/misc/xl-disk-configuration.txt.
The existing hotplug scripts currently conflate two different
concepts, namely that of making a datapath available in the backend
domain (logging into iSCSI LUNs and the like) and that of actually
connecting that datapath to a Xen backend path (e.g. writing
"physical-device" node in xenstore to bring up blkback).
For this reason the script support implemented here is only supported
in conjunction with backendtype=phy.
Eventually we hope to rework the hotplug scripts to separate the to
concepts, but that is not 4.2 material.
In addition there are some other subtleties:
- Previously in the blktap case we would add "script = .../blktap" to
the backend flex array, but then jumped to the PHY case which added
"script = .../block" too. The block one takes precendence since it
comes second.
This was, accidentally, correct. The blktap script is for blktap1
devices and not blktap2 devices. libxl completely manages the
blktap2 side of things without resorting to hotplug scripts and
creates a blkback device directly. Therefore the "block" script is
always the correct one to call. Custom script are not supported in
this context.
- libxl should not write the "physical-device" node. This is the
responsibility of the block script. Writing the "physical-device"
node in libxl basically completely short-cuts the standard block
hotplug script which uses "physical-device" to know if it has run
already or not.
In the case of more complex scripts libxl cannot know the right
value to write here anyway, in particular the device may not exist
until after the script is called.
This change has the side effect of re-enabling the checks for
device sharing aspect of the default block script, which I have tested
and which now cause libxl to properly abort now that libxl properly
checks for hotplug script errors.
There is no sharing check for blktap2 since even if you reuse the
same vhd the resulting tap device is different. I would have preferred
to simply write the "physical-device" node for the blktap2 case but
the hotplug script infrastructure is not currently setup to handle
LIBXL__DEVICE_KIND_VBD
devices without a hotplug script (backendtype phy and tap both end
up as KIND_VBD). Changing this was more surgery than I was happy doing
for 4.2 and therefore I have simply hardcoded to the block script for
the LIBXL_DISK_BACKEND_TAP case.
- libxl__device_disk_set_backend running against a phy device with a
script cannot stat the device to check its properties since it may
not exist until the script is run. Therefore I have special cased
this in disk_try_backend to simply assume that backend == phy is
always ok if a script was
configured. Similarly the other backend types are always rejected
if a script was configured.
Note that the reason for implementing the default script behaviour
in device_disk_add instead of libxl__device_disk_setdefault is
because we need to be able to tell when the script was
user-supplied rather than defaulted by libxl in order to correctly
implement the above. The setdefault function must be idempotent so
we cannot simply update disk->script.
I suspect that for 4.3 a script member should be added to
libxl__device, this would also help in the case above of handling
devices with no script in a consistent manner. This is not 4.2
material.
- When the block script falls through and shells out to a block-$type
script it used to pass "$node" however the only place this was
assigned was in the remove+phy case (in which case it contains the
file:// derived /dev/loopN device), and in that case the script
exits without falling through to the block-$type case.
Since libxl never creates a type other than phy this never happens
in practice anyway and we now call the correct block-$type script
directly. But fix it up anyway since it is confusing.
- The block-nbd and block-enbd scripts which we supply appear to be
broken WRT the hotplug calling convention, in that they seem to
expect a command line parameter (perhaps the $node described above)
rather than reading the appropriate node from xenstore.
I rather suspect this was broken by 7774:e2e7f47e6f79 in November
2005. I think it is safe to say no one is using these scripts! I
haven't fixed this here. It would be good to track down some working
scripts and either incorproate them or defer to them in their existing
home (e.g. if they live somewhere useful like the nbd tools
package).
- Added a few block script related entries to check-xl-disk-parse
from http://backdrift.org/xen-block-iscsi-script-with-multipath-support
and http://lists.linbit.com/pipermail/drbd-user/2008-September/010221.html /
http://www.drbd.org/users-guide-emb/s-xen-configure-domu.html (and
snuck in another interesting empty CDROM case)
This highlighted two bugs in the libxlu disk parser handling of the
deprecated "<script>:" prefix:
- It was failing to prefix with "block-" to construct the actual
script name
- The regex for matching iscsi or drdb or e?nbd was incorrect
- Use libxl__abs_path for the nic script too. Just because the
existing code nearly tricked me into repeating the mistake
I have tested with a custom block script which uses "lvchange -a" to
dynamically add remove the referenced device (simulates iSCSI
login/logout without requiring me to faff around setting up an iSCSI
target). I also tested on a blktap2 system.
I haven't directly tested anything more complex like iscsi: or nbd:
other than what check-xl-disk-parse exercises.
[ Recommit of correct version of 25727:a8d708fcb347, which was mangled
during commit. Sorry. -iwj ]
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| | |
25727:a8d708fcb347 was mangled during commit. Back it out so that we
can commit it properly.
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We pass be_path to tapdisk_destroy but we've already deleted it so it
fails to read tapdisk-params. However it appears that we need to
destroy the tap device after tearing down xenstore, to avoid the leak
reported by Greg Wettstein in
<201207312141.q6VLfJje012656@wind.enjellic.com>.
So read the tapdisk-params in the cleanup transaction, before the
remove, and pass that down to destroy_tapdisk instead. tapdisk-params
may of course be NULL if the device isn't a tap device.
There is no need to tear down the tap device from
libxl__initiate_device_remove since this ultimately calls
libxl__device_destroy.
Propagate and log errors from libxl__device_destroy_tapdisk.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These are provided using the "script=" syntax described in
docs/misc/xl-disk-configuration.txt.
The existing hotplug scripts currently conflate two different
concepts, namely that of making a datapath available in the backend
domain (logging into iSCSI LUNs and the like) and that of actually
connecting that datapath to a Xen backend path (e.g. writing
"physical-device" node in xenstore to bring up blkback).
For this reason the script support implemented here is only supported
in conjunction with backendtype=phy.
Eventually we hope to rework the hotplug scripts to separate the to
concepts, but that is not 4.2 material.
In addition there are some other subtleties:
- Previously in the blktap case we would add "script = .../blktap" to
the backend flex array, but then jumped to the PHY case which added
"script = .../block" too. The block one takes precendence since it
comes second.
This was, accidentally, correct. The blktap script is for blktap1
devices and not blktap2 devices. libxl completely manages the
blktap2 side of things without resorting to hotplug scripts and
creates a blkback device directly. Therefore the "block" script is
always the correct one to call. Custom script are not supported in
this context.
- libxl should not write the "physical-device" node. This is the
responsibility of the block script. Writing the "physical-device"
node in libxl basically completely short-cuts the standard block
hotplug script which uses "physical-device" to know if it has run
already or not.
In the case of more complex scripts libxl cannot know the right
value to write here anyway, in particular the device may not exist
until after the script is called.
This change has the side effect of re-enabling the checks for
device sharing aspect of the default block script, which I have tested
and which now cause libxl to properly abort now that libxl properly
checks for hotplug script errors.
There is no sharing check for blktap2 since even if you reuse the
same vhd the resulting tap device is different. I would have preferred
to simply write the "physical-device" node for the blktap2 case but
the hotplug script infrastructure is not currently setup to handle
LIBXL__DEVICE_KIND_VBD
devices without a hotplug script (backendtype phy and tap both end
up as KIND_VBD). Changing this was more surgery than I was happy doing
for 4.2 and therefore I have simply hardcoded to the block script for
the LIBXL_DISK_BACKEND_TAP case.
- libxl__device_disk_set_backend running against a phy device with a
script cannot stat the device to check its properties since it may
not exist until the script is run. Therefore I have special cased
this in disk_try_backend to simply assume that backend == phy is
always ok if a script was
configured. Similarly the other backend types are always rejected
if a script was configured.
Note that the reason for implementing the default script behaviour
in device_disk_add instead of libxl__device_disk_setdefault is
because we need to be able to tell when the script was
user-supplied rather than defaulted by libxl in order to correctly
implement the above. The setdefault function must be idempotent so
we cannot simply update disk->script.
I suspect that for 4.3 a script member should be added to
libxl__device, this would also help in the case above of handling
devices with no script in a consistent manner. This is not 4.2
material.
- When the block script falls through and shells out to a block-$type
script it used to pass "$node" however the only place this was
assigned was in the remove+phy case (in which case it contains the
file:// derived /dev/loopN device), and in that case the script
exits without falling through to the block-$type case.
Since libxl never creates a type other than phy this never happens
in practice anyway and we now call the correct block-$type script
directly. But fix it up anyway since it is confusing.
- The block-nbd and block-enbd scripts which we supply appear to be
broken WRT the hotplug calling convention, in that they seem to
expect a command line parameter (perhaps the $node described above)
rather than reading the appropriate node from xenstore.
I rather suspect this was broken by 7774:e2e7f47e6f79 in November
2005. I think it is safe to say no one is using these scripts! I
haven't fixed this here. It would be good to track down some working
scripts and either incorproate them or defer to them in their existing
home (e.g. if they live somewhere useful like the nbd tools
package).
- Added a few block script related entries to check-xl-disk-parse
from http://backdrift.org/xen-block-iscsi-script-with-multipath-support
and http://lists.linbit.com/pipermail/drbd-user/2008-September/010221.html /
http://www.drbd.org/users-guide-emb/s-xen-configure-domu.html (and
snuck in another interesting empty CDROM case)
This highlighted two bugs in the libxlu disk parser handling of the
deprecated "<script>:" prefix:
- It was failing to prefix with "block-" to construct the actual
script name
- The regex for matching iscsi or drdb or e?nbd was incorrect
- Use libxl__abs_path for the nic script too. Just because the
existing code nearly tricked me into repeating the mistake
I have tested with a custom block script which uses "lvchange -a" to
dynamically add remove the referenced device (simulates iSCSI
login/logout without requiring me to faff around setting up an iSCSI
target). I also tested on a blktap2 system.
I haven't directly tested anything more complex like iscsi: or nbd:
other than what check-xl-disk-parse exercises.
[ reran flex/bison -iwj ]
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
| |
|
|
|
|
| |
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Campbell <ian.campbell@citrix.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
To be consistent with the new function naming, rename
libxl__ao_devices to libxl__multidev and all variables aodevs to
multidev.
No functional change.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Committed-by: Ian Campbell <ian.campbell@citrix.com>
|
| |
|
|
|
|
|
|
|
| |
0 is always passed for this parameter and the code doesn't, actually,
use it, now.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Committed-by: Ian Campbell <ian.campbell@citrix.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
These lines were exactly 80 columns wide, which produces hideous wrap
damage in an 80 column emacs. Reformat using emacs's C-c \,
which puts the \ in column 72 (by default) where possible.
Whitespace change only.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Committed-by: Ian Campbell <ian.campbell@citrix.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Don't have a fixed number of devices in the aodevs array, and instead
size it depending on the devices present in xenstore. Somewhat
formalise the multiple device addition/removal machinery to make this
clearer and easier to do.
As a side-effect we fix a few "lost thread of control" bug which would
occur if there were no devices of a particular kind. (Various if
statements which checked for there being no devices have become
redundant, but are retained to avoid making the patch bigger.)
Specifically:
* Users of libxl__ao_devices are no longer expected to know in
advance how many device operations they are going to do. Instead
they can initiate them one at a time, between bracketing calls to
"begin" and "prepared".
* The array of aodevs used for this is dynamically sized; to support
this it's an array of pointers rather than of structs.
* Users of libxl__ao_devices are presented with a more opaque interface.
They are are no longer expected to, themselves,
- look into the array of aodevs (this is now private)
- know that the individual addition/removal completions are
handled by libxl__ao_devices_callback (this callback function
is now a private function for the multidev machinery)
- ever deal with populating the contents of an aodevs
* The doc comments relating to some of the members of
libxl__ao_device are clarified. (And the member `aodevs' is moved
to put it with the other members with the same status.)
* The multidev machinery allocates an aodev to represent the
operation of preparing all of the other operations. See
the comment in libxl__multidev_begin.
A wrinkle is that the functions are called "multidev" but the structs
are called "libxl__ao_devices" and "aodevs". I have given these
functions this name to distinguish them from "libxl__ao_device" and
"aodev" and so forth by more than just the use of the plural "s"
suffix.
In the next patch we will rename the structs.
Signed-off-by: Roger Pau Monne <roger.pau@citrix.com>
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Acked-by: Ian Campbell <ian.campbell@eu.citrix.com>
Committed-by: Ian Campbell <ian.campbell@citrix.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
device_hotplug_done contains an open-coded but improved version of
libxl__device_destroy. So move the contents of device_hotplug_done
into libxl__device_destroy, deleting the old code, and replace it at
its old location with a function call.
Add the missing call to libxl__xs_transaction_abort (which was present
in neither version and technically speaking is always a no-op with
this code as it stands at the moment because no-one does "goto out"
other than after libxl__xs_transaction_start or _commit).
Also fix the error handling: the rc from the destroy should be
propagated into the aodev.
Reported-by: Ian Campbell <Ian.Campbell@citrix.com>
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Committed-by: Ian Campbell <ian.campbell@citrix.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since most of the needed work is already done in previous patches,
this patch only contains the necessary code to call hotplug scripts
for nic devices, that should be called when the device is added or
removed from a guest.
Added another parameter to libxl__get_hotplug_script_info, that is
used to know the number of times hotplug scripts have been called for
that device. This is currently used by IOEMU nics on Linux.
Signed-off-by: Roger Pau Monne <roger.pau@citrix.com>
Acked-by: Ian Jackson<ian.jackson@eu.citrix.com>
Committed-by: Ian Campbell <ian.campbell@citrix.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since most of the needed work is already done in previous patches,
this patch only contains the necessary code to call hotplug scripts
for disk devices, that should be called when the device is added or
removed from a guest.
We will chain the launch of the disk hotplug scripts after the
device_backend_callback callback, or directly from
libxl__initiate_device_{add,remove} if the device is already in the
desired state.
Signed-off-by: Roger Pau Monne <roger.pau@citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Campbell <ian.campbell@citrix.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch converts libxl_device_nic_add to an ao operation that
waits for device backend to reach state XenbusStateInitWait and then
marks the operation as completed. This is not really useful now, but
will be used by latter patches that will launch hotplug scripts after
we reached the desired xenbus state.
Calls to libxl_device_nic_add have also been moved to occur after the
device model has been launched, so when hotplug scripts are called
from this functions the interfaces already exists.
As usual, libxl_device_nic_add callers have been modified, and the
internal function libxl__device_disk_add has been used if the call was
inside an already running ao.
Signed-off-by: Roger Pau Monne <roger.pau@citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Campbell <ian.campbell@citrix.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch converts libxl_device_disk_add to an ao operation that
waits for device backend to reach state XenbusStateInitWait and then
marks the operation as completed. This is not really useful now, but
will be used by later patches that will launch hotplug scripts after
we reached the desired xenbus state.
As usual, libxl_device_disk_add callers have been modified, and the
internal function libxl__device_disk_add has been used if the call was
inside an already running ao.
Signed-off-by: Roger Pau Monne <roger.pau@citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
[ ijc -- drop hunk modifying libxl_cdrom_insert which is not needed after
25670:3666e9712eaf "libxl: make libxl_cdrom_insert async" ]
Committed-by: Ian Campbell <ian.campbell@citrix.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Secondary consoles are processed by libxl with the rest of the
devices by calling libxl__initiate_device_remove that waits for the
device to reach state 6 before procceeding with the removal.
When libxl is destroying the console devices, Qemu is already dead or
dying, and xenconsoled completely ignores the state backend entry for
console devices, since it performs the cleanup based on the result of
reads/writes to the tty.
Since we don't want to execute hotplug scripts for consoles, leave the
behaviour as it was previously, and just nuke the backend/frontend
xenstore entries by calling libxl__device_destroy.
Report: http://markmail.org/message/yqgppcsdip6tnmh6
Reported-by: Ian Campbell <ian.campbell@eu.citrix.com>
Signed-off-by: Roger Pau Monne <roger.pau@citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Campbell <ian.campbell@citrix.com>
|
| |
|
|
|
|
|
|
|
|
| |
Since the hotplug script that was in charge of cleaning the backend is
no longer launched, we need to clean the backend by ourselves, so use
libxl__xs_path_cleanup instead of xs_rm.
Signed-off-by: Roger Pau Monne <roger.pau@citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Campbell <ian.campbell@citrix.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change introduces some new structures, and breaks the mutual
dependency that libxl_domain_destroy and libxl__destroy_device_model
had. This is done by checking if the domid passed to
libxl_domain_destroy has a stubdom, and then having the bulk of the
destroy machinery in a separate function (libxl__destroy_domid) that
doesn't check for stubdom presence, since we check for it in the upper
level function. The reason behind this change is the need to use
structures for ao operations, and it was impossible to have two
different self-referencing structs.
All uses of libxl_domain_destroy have been changed, and either
replaced by the new libxl_domain_destroy ao function or by the
internal libxl__domain_destroy that can be used inside an already
running ao.
Signed-off-by: Roger Pau Monne <roger.pau@citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Campbell <ian.campbell@citrix.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Introduce a new structure to track state of device backends, that will
be used in following patches on this series.
This structure if used for both device creation and device
destruction and removes libxl__ao_device_remove.
Signed-off-by: Roger Pau Monne <roger.pau@citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Campbell <ian.campbell@citrix.com>
|
| |
|
|
|
|
|
|
|
| |
Check backend state before unconditionally setting it to "closing"
(5), since it might already be in "closed" (6).
Signed-off-by: Roger Pau Monne <roger.pau@citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Campbell <ian.campbell@citrix.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a xs_transaction_t parameter to libxl__device_generic_add, if it is
XBT_NULL, allocate a proper one.
Update all the callers.
This patch contains a large number of unchecked xenstore operations, we
might want to fix this in the future.
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Committed-by: Ian Campbell <ian.campbell@citrix.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
This is a reorder of functions, no functional change. This is needed
because in future patches much code is added to libxl_device and it
needs to follow the usual ao operation scheme (prototypes, functions
and callbacks in order they should be called)
Signed-off-by: Roger Pau Monne <roger.pau@citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Campbell <ian.campbell@citrix.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
libxl__initiate_device_remove might discover that the operation was
complete, immediately (typically, if the device is already removed).
Previously, in this situation, it would return 0 to the caller but
never call libxl__ao_complete. Fix this. This necessitates passing
the egc in from the functions which are the ao initiators.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Cc: Roger Pau Monne <roger.pau@entel.upc.edu>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Convert libxl_FOO_device_remove, and the function which does the bulk
of the work, libxl__device_remove, to the new async ops scheme.
Adjust all callers.
Also remove libxl__wait_for_device_state which is now obsolete.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Currently if libxl__parse_backend_path is used and then you try to get
the original path again with libxl__device_backend_path the
result is wrong. This patch fixes the issue, so transformation from
path to libxl__device and back is reciprocal.
Signed-off-by: Roger Pau Monne <roger.pau@entel.upc.edu>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Move a lot of
#include <stdfoo.h>
from individual files into libxl_internal.h. This helps avoid
portability mistakes where necessary system headers are omitted from
individual files, and is also of course a convenience when developing.
Also add
#include "libxl_osdeps.h" /* must come before any other headers */
to the top of most libxl*.c files, so that anyone who adds any headers
before libxl_internal.h will put the in the right place.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
|
| |
|
|
|
|
|
|
|
| |
Remove the force flag, and always use forced destruction.
Signed-off-by: Roger Pau Monne <roger.pau@entel.upc.edu>
Acked-by: Ian Jackson <ian.jackson.citrix.com>
Committed-by: Ian Jackson <ian.jackson.citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This is a generic function, that waits for xs watches to reach a
certain state and then executes the passed helper function. Removed
wait_for_dev_destroy and used this new function instead. This
function will also be used by future patches that need to wait for
the initialization of devices before executing hotplug scripts.
Signed-off-by: Roger Pau Monne <roger.pau@entel.upc.edu>
Acked-by: Ian Jackson <ian.jackson.citrix.com>
Committed-by: Ian Jackson <ian.jackson.citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Created a helper function to detect if the OS is capable of using
image files as phy backends. Create two OS specific files, and
changed the Makefile to choose the correct one at compile time.
Signed-off-by: Roger Pau Monne <roger.pau@entel.upc.edu>
Acked-by: Ian Jackson <ian.jackson.citrix.com>
Committed-by: Ian Jackson <ian.jackson.citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
At least one compiler (some Ubuntu version) uses this by default and it seems
like a good idea anyway and the fixup required is trivial.
One hunk is from a patch by Ian Jackson.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Reported-by: Adda Rathbone <addarathbone@googlemail.com>
Tested-by: Adda Rathbone <addarathbone@googlemail.com>
Tested-by: Andrew Pounce <andrew.pounce@citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
libxl_internal.h now #includes libxl.h and various system headers.
This
1. makes the order of header inclusion more predictable
2. explicitly allows libxl_internal.h to use objects defined in libxl.h
3. removes the need for individual files to include these headers
Also
- remove some unnecessary #includes of libxl_utils.h,
flexarray.h, etc. in some libxl*.c files,
- include libxl_osdeps.h at the top of libxl_internal.h
- add missing includes of libxl_osdeps.h to a couple of files
- change libxl.h to libxl_internal.h in a couple of files
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
either GCC 4.6.1 or Ubuntu add -Werror=format-security to the -Wall set,
so libxl compilation breaks:
libxl_create.c: In function 'store_libxl_entry':
libxl_create.c:454:9: error: format not a string literal and no
format arguments [-Werror=format-security]
cc1: all warnings being treated as errors
Attached patch fixes this and another occurrence.
Patch from: Uwe Dannowski
Signed-off-by: Andre Przywara <andre.przywara@amd.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Handle the return value of the select call inside wait_for_dev_destroy
properly, and return 0 if a device is removed, or ERROR_* if a timeout
or error happened. Use the return value of wait_for_dev_destroy inside
libxl__device_remove to properly return from that function.
Signed-off-by: Roger Pau Monne <roger.pau@entel.upc.edu>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
libxl__wait_for_offspring() is a generic version of
libxl__wait_for_device_model().
Use libxl__wait_for_offspring for device model.
Signed-off-by: Olaf Hering <olaf@aepfle.de>
Acked-by: Ian Jackson <ian.jackson.citrix.com>
Committed-by: Ian Jackson <ian.jackson.citrix.com>
|
| |
|
|
|
|
|
|
|
|
| |
It's not immediately clear that "l1" iterates over device types and "l2"
iterates over individual devices. Name things in a way which makes this more
obvious.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Ian Jackson <ian.jackson.citrix.com>
Committed-by: Ian Jackson <ian.jackson.citrix.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Note that the "wait" parameter added to libxl_device_remove is different to the
wait paramter previously used by similar functions. In the past not-wait meant
forced whereas now in means wait for a graceful shutdown, as opposed to setting
off a graceful shutdown but not waiting.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Ian Jackson <ian.jackson.citrix.com>
Committed-by: Ian Jackson <ian.jackson.citrix.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Use libxl__device in libxl_devices_destroy and
libxl__device_pci_remove_xenstore.
Doing this allows us to use the common functions for removing devices.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Ian Jackson <ian.jackson.citrix.com>
Committed-by: Ian Jackson <ian.jackson.citrix.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Currently this appears to only include "/local/domain/<domid>/device/suspend".
Ultimately the caller will nuke the whole guest directory anyway but not having
this function remove things which don't look like devices seems less
surprising.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Ian Jackson <ian.jackson.citrix.com>
Committed-by: Ian Jackson <ian.jackson.citrix.com>
|
| |
|
|
|
|
|
|
| |
I'd like to use the from_string functionality...
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Ian Jackson <ian.jackson.citrix.com>
Committed-by: Ian Jackson <ian.jackson.citrix.com>
|
