| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
Coverity-ID: 1054975
Coverity-ID: 1055196
Signed-off-by: Matthew Daley <mattjd@gmail.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
|
|
|
|
|
|
|
|
|
| |
Fix pointer checks introduced in changeset 24757:aae516b78fce.
Signed-off-by: Christoph Egger <Christoph.Egger@amd.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Campbell <ian.campbell@citrix.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This parameter identifies an alternative service domain which has
superuser access to the xenstore database, which is currently required
to set up a new domain's xenstore entries.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Cc: Ian Jackson <ian.jackson@eu.citrix.com>
Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
|
|
|
|
|
|
|
|
|
|
|
| |
This centralizes all the permission checking for privileged domains in
preparation for allowing domains other than dom0 to be privileged.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Cc: Ian Jackson <ian.jackson@eu.citrix.com>
Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
When xenstored is run in a minios domain, it needs a bootstrap
connection to dom0 so that additional domain introduce messages can be
sent to it.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Cc: Ian Jackson <ian.jackson@eu.citrix.com>
Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A previous versions of this patch has been sent to xen-devel. See
http://lists.xensource.com/archives/html/xen-devel/2009-03/msg01655.html
Signed-off-by: Diego Ongaro <diego.ongaro@citrix.com>
Signed-off-by: Alex Zeffertt <alex.zeffertt@eu.citrix.com>
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Cc: Ian Jackson <ian.jackson@eu.citrix.com>
Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
make xenstored use grantref rather than map_foreign_range (which can
only be used by privileged domains)
This patch modifies the xenstore daemon to use xc_gnttab_map_grant_ref
instead of xc_map_foreign_range where available.
Previous versions of this patch have been sent to xen-devel. See
http://lists.xensource.com/archives/html/xen-devel/2008-07/msg00610.html
http://lists.xensource.com/archives/html/xen-devel/2009-03/msg01492.html
Signed-off-by: Diego Ongaro <diego.ongaro@citrix.com>
Signed-off-by: Alex Zeffertt <alex.zeffertt@eu.citrix.com>
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Cc: Ian Jackson <ian.jackson@eu.citrix.com>
Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
During kexec all old watches have to be removed, otherwise the new
kernel will receive unexpected events. Allow a guest to reset itself
and cleanup all of its watches and transactions.
Add a new XS_RESET_WATCHES command to do the reset on behalf of the
guest.
(Changes by iwj: specify the argument to be a single nul byte. Permit
read-only clients to use the new command.)
Signed-off-by: Olaf Hering <olaf@aepfle.de>
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
|
|
|
|
|
|
| |
This patch seems to have been applied by mistake, despite adverse
comments on the list and a lack of an appropriate ack.
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
|
|
|
|
|
|
|
|
| |
During kexec all old watches have to be removed, otherwise the new
kernel will receive unexpected events. Allow a guest to introduce
itself
and cleanup all of its watches.
Signed-off-by: Olaf Hering <olaf@aepfle.de>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This makes the interface consistent with the changes made to the main
interface in 21483:779c0ef9682c.
Also fix some references to "struct xc_interface" which should have
been simply "xc_interface" in tools/xenpaging, and update QEMU_TAG to
pull in the corresponding qemu change.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For now assume all such connections come from domain 0.
Failure to do this breaks various scripts which assume that they
operate relative to the domains "home directory".
This matches the behaviour of the ocaml xenstored.
Thanks to report from Olaf Hering.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch eliminate the global variables in libxenctrl (used for
logging and error reporting).
Instead the information which was in the global variables is now in a
new xc_interface* opaque structure, which xc_interface open returns
instead of the raw file descriptor; furthermore, logging is done via
xentoollog.
There are three new parameters to xc_interface_open to control the
logging, but existing callers can just pass "0" for all three to get
the old behaviour.
All libxc callers have been adjusted accordingly.
Also update QEMU_TAG for corresponding qemu change.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
|
|
|
|
|
|
| |
mb/rmb/wmb. Instead add a xen_ prefix. Modify Xen's public headers to
expect the prefixed names instead of bare mb/rmb/wmb, but gate this
expectation on a bump of __XEN_INTERFACE_VERSION__.
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Stubdomains (and probably other domain disagregation elements too)
need to be able to tinker with another domain. This adds
XS_SET_TARGET so that XenStore allows domains to have permissions on
files on which the "target" has permissions. This also adds
xs_set_target, called by the domain builder when the 'target' option
is used in the configuration.
Signed-off-by: Samuel Thibault <samuel.thibault@eu.citrix.com>
|
|
|
|
|
|
| |
This fixes client reader-thread deaths in which a 'garbage string' was
being read instead of a well-formed message header.
Signed-off-by: Keir Fraser <keir@xensource.com>
|
|
|
|
|
|
|
|
| |
1. readfd/writefd account for EINTR/EAGAIN errno returns.
2. Handle zero return from ->read() and ->write() handlers
symmetrically.
3. Fix some indentation issues (use hard tabs).
Signed-off-by: Keir Fraser <keir@xensource.com>
|
|
|
|
|
|
| |
Previously this would be missed on some bail paths within xenstored
which would talloc_free() the connection.
Signed-off-by: Keir Fraser <keir@xensource.com>
|
|
|
|
| |
Signed-off-by: Keir Fraser <keir@xensource.com>
|
|
|
|
|
|
|
|
|
| |
xenstored is incorrectly accounting domain nodes when transactions
fail. Store pending count changes in the transaction structure, and
apply at transaction completion, instead of directly applying the
changes.
Signed-off-by: Max Zhen <max.zhen@sun.com>
|
|
|
|
|
|
|
| |
If xc_map_foreign_range fails, the new domain object is freed,
but it is not removed from the connection list.
Signed-off-by: Christian Limpach <Christian.Limpach@xensource.com>
|
|
|
|
|
|
| |
xenstored.
Signed-off-by: Keir Fraser <keir@xensource.com>
|
|
|
|
|
|
|
|
|
|
| |
Related changesets:
14148:b67c253d1cdb4f502dec2
13519:b4a8000e76db6b4b27341
These three changesets must be applied as a set!
Signed-off-by: Keir Fraser <keir@xensource.com>
|
|
|
|
| |
Signed-off-by: Andrei Petrov <andrei.petrov@xensource.com>
|
|
|
|
|
|
|
|
| |
This clears the shutdown flag for a domain in xenstore, allowing
subsequent shutdowns of the same domain to fire the appropriate
watches.
Signed-off-by: Brendan Cully <brendan@cs.ubc.ca>
|
|
|
|
|
|
| |
a second instance of xenstored running (and we're using different pid files).
Signed-off-by: Ewan Mellor <ewan@xensource.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
the guest but deleted by dom0 were remaining accounted against the guest,
which meant that the guest would eventually run out of quota.
This patch also prevents unprivileged domains from changing the owner of a
node. One guest could attack another by creating nodes and then transferring
them to the ownership of another, and though the accounting could be made to
work properly in this case, domains should never be transferring nodes in any
case, so it seems safer just to disallow the operation entirely.
Signed-off-by: Ewan Mellor <ewan@xensource.com>
|
|
|
|
|
|
|
|
| |
No longer open the device as non-blocking: all reads immediately follow
a select() on the device indicating it's ready to read.
Signed-off-by: John Levon <john.levon@sun.com>
|
|
|
|
|
|
|
| |
implementation.
Signed-off-by: John Levon <john.levon@sun.com>
|
|
|
|
|
| |
Signed-off-by: Vincent Hanquez <vincent@xensource.com>
|
|
|
|
|
| |
Signed-off-by: Vincent Hanquez <vincent@xensource.com>
|
|
|
|
|
|
|
|
| |
domain0 xenbus page.
Signed-off-by: Keir Fraser <keir@xensource.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
mapping interface.
Change /proc/xen/xsd_mfn to /proc/xen/xsd_kva containing the kernel
virtual address of the dom0 xenstore page. Update xenstored to use
/proc/xen/xsd_kva.
Signed-off-by: Keir Fraser <keir@xensource.com>
Signed-off-by: Christian Limpach <Christian.Limpach@cl.cam.ac.uk>
|
|
|
|
|
| |
Signed-off-by: Vincent Hanquez <vincent@xensource.com>
|
|
|
|
|
|
|
| |
instead of crashing, it now prints a more meaningful error message.
Signed-off-by: Vincent Hanquez <vincent@xensource.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
the permission checking in xenstored.
Default the store permissions to read/write nobody (apart from the privileged
domain). Create a /local node with these permissions, ready for inheriting by
children. In Xend, create a /vm node with these permissions too, for the same
reason, and set the permissions on /local/domain/<domid> and each device
backend path to allow the guest domain to access these paths appropriately.
Added xstransact.{set_permissions,SetPermissions,mkdir,Mkdir,complete} as
support facilities.
This closes bug #290.
Signed-off-by: Ewan Mellor <ewan@xensource.com>
|
|
|
|
|
|
|
|
| |
to user space thru /dev/xen/evtchn.
Signed-off-by: Keir Fraser <keir@xensource.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
whether a domain has been introduced to the store. Added a separate message
XS_IS_DOMAIN_INTRODUCED and API for that (xs_is_domain_introduced) to determine
whether the domain has really been introduced. This change means that the
tools can determine the correct domain path earlier in the domain creation
process, which is particularly a factor with live migration, as it allows us
to create the devices earlier in the process, and unpause the new domain before
performing the introduce. Until recently we already had these features, but
the simplification of the interface between xend and xenstored caused breakage.
No longer clear out the domain path when a domain is introduced -- this was a
hack to work around the recent problematic semantics of GetDomainPath.
Do not write the contents of the info block to the store. All the configuration
info is written to the /vm path, and anything else in the info block is either
dealt with explicitly or is ephemeral and has no place in the store.
Signed-off-by: Ewan Mellor <ewan@xensource.com>
|
|
|
|
|
| |
Signed-off-by: Ewan Mellor <ewan@xensource.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
recreation semantics.
Remove the unpause at the end of xc_linux_restore, and move it to
XendDomainInfo. This is necessary because xenstored now allocates the domain
path when the domain is introduced, which means that the new domain cannot
start running until that introduce is performed and the new devices
configured.
Give restore a separate completion phase in which domain details are stored.
This is required because the domain path is no longer available until after
the introduceDomain call.
TODO: Split the domain introduction into two so that the domain path is
available earlier. At the moment, the domain <-> store channel details are
passed in to xenstored when the domain is introduced, but in the case of
restore it is necessary to wait until the restore is completed before the
channel MFN is available.
Change the interface between XendDomainInfo and XendCheckpoint/image to not
have hideous callbacks through setConsoleRef and setStoreRef. Instead,
image.createImage explicitly returns those values, and XendCheckpoint passes
them through to completeRestore.
Move the purging of the domain path corresponding to a new domain from Xend
to xenstored, since xenstored is now in charge of this path. With the domain
path creation moved to xenstored, Xend cannot remove the path, because watches
may have fired on it already.
Fix the printf statement in xenstored in verbose mode that details the
messages being written. This statement was printing the buffer using %s, but
this buffer has an explicit length field, so we were seeing garbage after the
correct details.
Signed-off-by: Ewan Mellor <ewan@xensource.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
that loop completely -- the xc_init_store, initDomainStore calls can all go.
Have xenstored understand where the local domain information goes. Xend no
longer has to generate a path and pass it to xenstored through
xs_introduce_domain -- we just allow xenstored to generate the path, and then
call GetDomainPath later. There is still some work required to tidy this up.
Change the uuid module to generate uuids as lists of bytes, not in the
stringified form. Added a unit test for that module.
Change the semantics of Xend restart, relying on these changes to the
xenstored semantics and earlier changes to add an opaque handle to the
hypervisor's domain-specific data block. The semantics are now clearer, as
Xend can validate whether the details in the store match the current live
domain.
Added a usage statement to xenstored.
Some of this code is by Steven Hand.
Signed-off-by: Ewan Mellor <ewan@xensource.com>
|
|
|
|
|
|
|
|
|
|
|
| |
for other inter-domain comms (power-of-two-sized rings, and
free-running indexes). The interface is defined in the spirit of
the console protocol, so maybe some chance of merging them
together later?
Signed-off-by: Keir Fraser <keir@xensource.com>
|
|
|
|
|
|
|
|
| |
use stdint-format bitsize types (uint32_t and friends).
Signed-off-by: Keir Fraser <keir@xensource.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
happened, and only return EINVAL if the event channel details have changed.
This allows Xend to introduce domains when it starts without having to be
concerned about whether xenstored has restarted at the same time. This
behaviour used to be subsumed by the bind_interdomain semantics for existing
channels, but in the simplification of that interface, the check must now move
to userspace.
Signed-off-by: Ewan Mellor <ewan@xensource.com>
|
|
|
|
|
|
| |
connection on whether there are pending replies/watches.
Signed-off-by: Keir Fraser <keir@xensource.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
of pending replies that are sent out in order.
Currently we only read new requests when the reply list is
empty. In fact there is no good reason for this restriction.
Another interesting point is that (on my test machine)
hotplug blk setup fails if xenstored_client connects to
xenstored via the unix domain socket rather than through the
kernel --- this points to some user/kernel races that are
'fixed' by the extra serialisation of the in-kernel mutexes.
It definitely needs looking into.
Signed-off-by: Keir Fraser <keir@xensource.com>
|
|
|
|
|
|
|
|
| |
rather than using hypercall directly.
Signed-off-by: Keir Fraser <keir@xensource.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
tools. /dev/xen/evtchn is now used by daemons to connect to
remote domains: the advantage is that the local ports are garbage
collected automatically if the daemon dies. xen no longer
constructs end-to-end event-channel port pairs -- it allocates an
unbound port in new domU and writes that port to xenstore. It is
then picked up by teh appropriate daemon which does interdomain bind
via /dev/xen/evtchn.
Signed-off-by: Keir Fraser <keir@xensource.com>
|
|
|
|
|
|
|
|
|
|
|
| |
down and when it eventually dies. xenconsoled now only
relinquishes its handle on a domain when it dies. This
allows us to 'xm console' connect to a crashed domain,
which is very useful!
Signed-off-by: Keir Fraser <keir@xensource.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Transactions no longer take root dir, no longer lock & block: commit can fail spuriously with EAGAIN, not ETIMEDOUT.
Speeds up transactions by over 1000 times, should be NFS safe.
New program: xs_tdb_dump to dump raw TDB contents.
Don't do failure testing: we are no longer robust against all ENOMEM 8(
Introduce "struct node" which contains perms, children and data.
Make struct xs_permissions unpadded, so we can write to tdb w/o valgrind complaints.
Gently modify TDB to use talloc, not do alloc on tdb_delete.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
|