| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
|
|
| |
*should* in fact cause the connection to be destroyed. Fix this with a
little extra code in the readfd() handler.
Signed-off-by: Keir Fraser <keir@xensource.com>
|
|
|
|
|
|
|
|
| |
1. readfd/writefd account for EINTR/EAGAIN errno returns.
2. Handle zero return from ->read() and ->write() handlers
symmetrically.
3. Fix some indentation issues (use hard tabs).
Signed-off-by: Keir Fraser <keir@xensource.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a domain name check and a UUID check to xm new command. The check
logic is as follows:
- If the UUID is not specified
- If a VM with same name exists
=> Update the config for that existing VM
- Else no vm with same name exists
=> Define a brand new VM with auto-generated UUID
- Else UUID is specified
- If a VM with same UUID exists
- If name is different
=> Error
- Else if name is same
=> Update the config for that existing VM
- Else no VM with same UUID exists
- If name is different
=> Define a branch new VM with that name
- Else if name is same
=> Error
Signed-off-by: Masaki Kanno <kanno.masaki@jp.fujitsu.com>
|
|
|
|
|
|
| |
Use the same xenstore area for log-dirty commands as for save/continue,
and avoid a race condition by acking the save command after the save.
Signed-off-by: Tim Deegan <Tim.Deegan@xensource.com>
|
|\ |
|
| |
| |
| |
| |
| | |
Avoids total starvation under some workloads.
Signed-off-by: Keir Fraser <keir@xensource.com>
|
| |
| |
| |
| |
| |
| | |
Previously this would be missed on some bail paths within xenstored
which would talloc_free() the connection.
Signed-off-by: Keir Fraser <keir@xensource.com>
|
|/
|
|
|
|
|
| |
This lets us verify that qemu has indeed stopped processing before
we start saving guest memory. Also allow qemu to continue processing
after the save has happened, instead of exiting immediately.
Signed-off-by: Tim Deegan <Tim.Deegan@xensource.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is a problem in the input of the key in the VNC connection on
the PV domain. When client's keyboard is not the same as the kind of
the keyboard of PVFB and GuestOS, it is not possible to input it correctly.
This patch handled the state of shift from the set keymap. When
client's keyboard is not same as the kind of PVFB/GuestOS, it is
possible to input it correctly. It was confirmed to input it correctly
mutually with this patch between en-us and ja.
Signed-off-by: Takanori Kasai <kasai.takanori@jp.fujitsu.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is a problem in the input of the key in the VNC connection on
the HVM domain. When client's keyboard is not the same as the kind of
the keyboard of qemu-dm and GuestOS, it is not possible to input it
correctly.
VNC client qemu-dm & GuestOS
--------------+-----------------------
ja en-us ==> NG
en-us en-us ==> OK
Originally, the same keysym-code between client and qemu-dm is
transmitted. However, even if it is the same character, the state of
shift is different according to the kind of keyboard.
ex.
"=" charactor
---------------------
en-us : "="
ja : shift + "-"
Therefore, it is necessary to handle the state of the shift by setting
qemu-dm and GuestOS. There is information on whether shift is
necessary for each key for the keymap of qemu-dm.
ex.
VNC client : ja
qemu-dm & GuestOS : en-us
input key : "="
event client to qemu-dm :
shift(push) >> "="(push) >> "="(release) >> shift(release)
event qemu-dm to guest :
shift(push) >> shift(release) >> "="(push) >> "="(release) >>
shift(push) >>
shift(release)
This patch handled the state of shift from the set keymap.
When client's keyboard is not same as the kind of qemu-dm/GuestOS,
it is possible to input it correctly.
It was confirmed to input it correctly mutually with this patch
between en-us and ja.
Signed-off-by: Takanori Kasai <kasai.takanori@jp.fujitsu.com>
|
|
|
|
| |
Signed-off-by: Masaki Kanno <kanno.masaki@jp.fujitsu.com>
|
|
|
|
| |
Signed-off-by: Frank van der Linden <frank.vanderlinden@sun.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds labeling of virtual network interfaces to xend and
makes this manageable through the Xen-API. It's a feature that is
only usable if ACM is enabled in Xen and xend is used through the
xen-api. A labeled virtual network interface will be plugged into a
bridge where other domains with the same-labeled network interface are
connected to, so that only same-colored domains can communicate with
each other. The bridge should be connected to the outside world using
VLAN for isolation, extending the isolation beyond the local machine.
If a virtual machine is labeled with a VM label that only has one
Simple Type Enforcement Type then it is not necessary to label the
virtual network interface, but the color of the network interface is
determined from the VM's label. If, however, a virtual machine is
labeled with a VM label that has multiple Simple Type Enforcement
Types, then the explicit labeling of each virtual network interface is
required. To specify the label of a network interface, the vif line in
the VM's configuration file has been extended with parameters similar
use for specifying the label of the VM:
vif = ['policy=<policy name>,label=<resource label>']
This labels the VIF of the virtual machine for usage under the policy
'policy name' and labels it with the label 'resource label'.
Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
|
|
|
|
|
| |
VM.set_memory_[dynamic|static]_[min|max] via Xen API.
Signed-off-by: Jim Fehlig <jfehlig@novell.com>
|
|
|
|
|
|
|
| |
This patch provides some more fixes related to the recent
security-related extensions to xend.
Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
|
|
|
|
|
|
|
| |
This adds a couple of test cases exercising the new policy management
functionality to the security tests.
Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
|
|
|
|
| |
Signed-off-by: Masaki Kanno <kanno.masaki@jp.fujitsu.com>
|
|
|
|
|
|
|
|
|
|
| |
Make the vTPM hotplug script use the UUID of the vTPM instance for
associating it with its instance number rather than the name of the
domain.
Also change the cleanup in the xm test to use the atexit mechanism
rather than explicitly calling a function to clean up.
Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
|
|
|
|
| |
Signed-off-by: Tim Deegan <Tim.Deegan@xensource.com>
|
|
|
|
|
| |
The rx DMA should never overrun when it hits the end of a 64k buffer
Signed-off-by: Tim Deegan <Tim.Deegan@xensource.com>
|
|
|
|
|
|
|
|
|
|
| |
When domains are destroyed/suspend-resume/migration using the Xen-API
things break due to the domid not having been reset. This patch fixes
this. This is the best place I found for fixing this problem. I could
not push this line into _stateSet() for the case of DOM_STATE_HALTED
and left a comment regarding this.
Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Allow multiple ChineseWallTypes in a VM labels
- check for surfacing exceptions in the python code
- check for array sizes in the XML DOM in python
- properly display the labels when doing 'xm list --label' in xm's
non-Xen-API mode
- rely on the security checking hooks in xend to check access to the
block interface rather than doing this in xm.
Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
|
|
|
|
|
|
|
|
| |
This patch fixes the xc_map_grant_refs() function, which would fail
because, instead of passing the malloc()-ed ioctl argument pointer to
the ioctl, the address of this pointer was being passed instead.
Signed-off-by: Derek Murray <Derek.Murray@cl.cam.ac.uk>
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Once the presence of LPT1 is baked into a Windows guest, it gets upset
if it is subsequently removed. Hence we add the 'LTP1' device object
back into the ACPI DSDT, and remove IRQ 7 from the list of IRQs usable
by the PCI-ISA links.
Signed-off-by: Keir Fraser <keir@xensource.com>
|
| |
| |
| |
| |
| |
| |
| |
| | |
functionality is needed for probing how much memory is available in a
given node prior to VM creation.
Signed-off-by: Ryan Harper <ryanh@us.ibm.com>
Signed-off-by: Keir Fraser <keir@xensource.com>
|
| |
| |
| |
| |
| |
| |
| |
| | |
Replaces an instance of pthread_mutex_lock() that should be
pthreaad_mutex_unlock(). With thanks to our OpenTC partners at the
Technical University of Sofia, whose static analysis found this bug.
Signed-off-by: Derek G. Murray <Derek.Murray@cl.cam.ac.uk>
|
| |
| |
| |
| | |
Signed-off-by: Masaki Kanno <kanno.masaki@jp.fujitsu.com>
|
| |
| |
| |
| | |
Signed-off-by: Masaki Kanno <kanno.masaki@jp.fujitsu.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
contents of xenstore entries. There is a bit of code cleanup as well
(snprintf vs. sprintf), one formatting fix, and comments).
There is no change to the behavior of xenstore-ls without -w.
Signed-off-by: John Zulauf <john.zulauf@intel.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This patch adds a couple of new commands for using the Xen-API
extensions for security policies. Older tools are converted to support
going through the Xen-API for their operations rather than doing the
operations directly in their own code.
Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
drives to fix a hang during SLES 9 HVM guest installation.
Without this, the SLES 9 installer kernels (32 and 64 bit) were
getting inconsistent information from QEMU as to whether the
(emulated) IDE drives support write caching (which they do). So part
of the kernel thought write caching was enabled (and enabled the usage
of barrier writes) and part of it didn't, which triggered a bug in
which the same barrier write is submitted over and over again ...
Fixed by setting another bit in the WIN_IDENTIFY (IDE drive "identify"
command) response to indicate we really, truly support write caching.
Signed-off-by: David Lively <dlively@virtualiron.com>
Signed-off-by: Ben Guthro <bguthro@virtualiron.com>
|
| |
| |
| |
| |
| |
| | |
policies
Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
|
| |
| |
| |
| | |
Signed-off-by: Keir Fraser <keir@xensource.com>
|
|\| |
|
| |
| |
| |
| | |
Signed-off-by: Masaki Kanno <kanno.masaki@jp.fujitsu.com>
|
| |
| |
| |
| |
| | |
nodes/sockets/cores/threads relationship.
Signed-off-by: Alex Williamson <alex.williamson@hp.com>
|
| |
| |
| |
| | |
Signed-off-by: Masaki Kanno <kanno.masaki@jp.fujitsu.com>
|
| |
| |
| |
| | |
Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
|
| |
| |
| |
| | |
Signed-off-by: Kieran Mansley <kmansley@solarflare.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This patch implements extensions for managing security policies in
xend. The XSPolicy and ACMPolicy classes provide the interface for the
Xen-API and implement functionality for setting, updating and
activating of a Xen security policy as well as labeling of virtual
machines and resources such as block devices. Labeling of network
devices will follow.
The acmpolicy class implements a compiler for translating an XML
policy into their binary format and provides functionality for
comparing a current policy against a new one when changing/updating a
policy.
The xspolicyadmin class administers the policy of the system.
Some of the xend-internal code deals with transforming the labeling
information from the S-Expression format into the new Xen-API
format. This is similar to much of the other code that is already
there.
Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
|
| |
| |
| |
| | |
Signed-off-by: Masaki Kanno <kanno.masaki@jp.fujitsu.com>
|
| |
| |
| |
| | |
Signed-off-by: Masaki Kanno <kanno.masaki@jp.fujitsu.com>
|
| |
| |
| |
| |
| |
| |
| |
| | |
Fixes correctness issues with xenstored and gcc-4.2.
Original patch by Charles Coffing <ccoffing@novell.com>
Signed-off-by: Keir Fraser <keir@xensource.com>
|
| |
| |
| |
| |
| |
| |
| | |
Add global default keymap setting to be used when a VM does not have
a keymap configuration set.
Signed-off-by: Pat Campbell <plc@novell.com>
|
| |
| |
| |
| |
| |
| | |
Print this in 'xm info'.
Signed-off-by: Ryan Harper <ryanh@us.ibm.com>
Signed-off-by: Keir Fraser <keir@xensource.com>
|
| |
| |
| |
| |
| |
| |
| |
| | |
Block-device specifiers in ioemu can contain colons, so skipping
always past the first colon is not a good idea. Better solutions are
in the pipeline to solve the blktap issues.
Signed-off-by: Keir Fraser <keir@xensource.com>
|
| |
| |
| |
| | |
Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
|
| |
| |
| |
| | |
Signed-off-by: Tristan Gingold <tgingold@free.fr>
|
| |
| |
| |
| | |
Signed-off-by: Masaki Kanno <kanno.masaki@jp.fujitsu.com>
|