Commit Graph

4171 Commits

Author SHA1 Message Date
Chris Lalancette
9757e10d6d Revert "Fix libvirtd restart for domains with PCI passthrough devices"
This reverts commit cdc42d0a48.
As DanB pointed out, this patch is actually wrong.  The real
bug that was causing me to see this problem is a bug
introduced in a RHEL-5 libvirt snapshot, and I'm going to
fix the real bug there.

Signed-off-by: Chris Lalancette <clalance@redhat.com>
2010-01-25 16:26:54 -05:00
Chris Lalancette
7cc5410bfd Fix a crash when restarting libvirtd.
If you shutdown libvirtd while a domain with PCI
devices is running, then try to restart libvirtd,
libvirtd will crash.

This happens because qemuUpdateActivePciHostdevs() is calling
pciDeviceListSteal() with a dev of 0x0 (NULL), and then trying
to dereference it.  This patch fixes it up so that
qemuUpdateActivePciHostdevs() steals the devices after first
Get()'ting them, avoiding the crash.

Signed-off-by: Chris Lalancette <clalance@redhat.com>
2010-01-25 16:25:47 -05:00
Chris Lalancette
a7d17c6187 Fix two instances of misspelled 'pseudo'
Signed-off-by: Chris Lalancette <clalance@redhat.com>
2010-01-25 16:25:28 -05:00
Jim Meyering
1af75828a0 qemuMonitorTextAttachDrive: avoid two leaks
* src/qemu/qemu_monitor_text.c (qemuMonitorTextAttachDrive): Most other
failures in this function would "goto cleanup", but one mistakenly
returned directly, skipping the cleanup and resulting in a leak.
In addition, iterating the "try_command" loop would clobber, and
thus leak, the "cmd" allocated on the first iteration,
so be careful to free it in addition to "reply" beforehand.
2010-01-25 22:06:47 +01:00
Matthias Bolte
731c738652 qemu: Search binaries in PATH instead of hardcoding /usr/bin 2010-01-25 21:38:28 +01:00
Daniel P. Berrange
72a8405a47 Implement QMP support for extracting CPU thread ID
The KVM build of QEMU includs the thread ID of each vCPU in the
'query-cpus' output. This is required for pinning guests to
particular host CPUs

* src/qemu/qemu_monitor_json.c: Extract 'thread_id' from CPU info
2010-01-25 17:08:37 +00:00
Daniel P. Berrange
2c7f5ca662 Misc fixes to QMP monitor support for QEMU
* src/util/json.c, src/util/json.h: Declare returned strings
  to be const
* src/qemu/qemu_monitor.c: Wire up JSON mode for qemuMonitorGetPtyPaths
* src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_json.h: Fix
  const correctness. Add missing error message in the function
  qemuMonitorJSONGetAllPCIAddresses. Add implementation of the
  qemuMonitorGetPtyPaths function calling 'query-chardev'.
2010-01-25 17:08:37 +00:00
Daniel P. Berrange
a5a46c6fc2 Add some missing include files which break build in certain platforms
Two files were using functions from <sys/stat.h> but not including
in. Most of the time they got this automatically via another header,
but certain build flag combinations can reveal the problem

* src/lxc/lxc_container.c, src/node_device/node_device_linux_sysfs.c:
  Add <sys/stat.h>
2010-01-25 17:08:37 +00:00
Daniel P. Berrange
7d8f5eb3bc Fix setup of compatability serial devices from console device
The <console> tag is supposed to result in addition of a single
<serial> device for HVM guests. The 'targetType' attribute was
missing though causing the compatibility code to add a second
<console> device

* src/conf/domain_conf.c: Set targetType for serial device
2010-01-25 17:08:37 +00:00
Jim Meyering
3dc4268669 usbGetDevice: don't leak a "usbDevice" buffer on failure path
* src/util/hostusb.c (usbGetDevice): Free "dev" when returning NULL.
2010-01-25 17:07:06 +01:00
Jim Meyering
9827e0a42c qemuMonitorTextGetMemoryStats: plug a leak on an error path
* src/qemu/qemu_monitor_text.c (qemuMonitorCommandWithHandler):
Always free *reply, upon failure.
2010-01-25 17:04:27 +01:00
Jim Meyering
1f9da29de1 usbFindBusByVendor: don't leak a DIR buffer and FD
* src/util/hostusb.c (usbFindBusByVendor): Don't leak a DIR buffer
and file descriptor.
2010-01-25 16:50:28 +01:00
Eric Blake
eaa2fd6939 Start modernizing configure
* configure.ac: reanmed configura.in, use AC_CONFIG_HEADERS instead of
  AM_CONFIG_HEADER
2010-01-25 16:00:43 +01:00
Chris Lalancette
cdc42d0a48 Fix libvirtd restart for domains with PCI passthrough devices
When libvirtd shuts down, it places a <state/> tag in the XML
state file it writes out for guests with PCI passthrough
devices.  For devices that are attached at bootup time, the
state tag is empty.  However, at libvirtd startup time, it
ignores anything with a <state/> tag in the XML, effectively
hiding the guest.
This patch remove the check for VIR_DOMAIN_XML_INTERNAL_STATUS
when parsing the XML.
* src/conf/domain_conf.c: remove VIR_DOMAIN_XML_INTERNAL_STATUS
  flag check in virDomainHostdevSubsysPciDefParseXML()
2010-01-22 18:39:15 +01:00
Chris Lalancette
be34c3c7ef qemu: Fix race between device rebind and kvm cleanup
Certain hypervisors (like qemu/kvm) map the PCI bar(s) on
the host when doing device passthrough.  This can lead to a race
condition where the hypervisor is still cleaning up the device while
libvirt is trying to re-attach it to the host device driver.  To avoid
this situation, we look through /proc/iomem, and if the hypervisor is
still holding onto the bar (denoted by the string in the matcher variable),
then we can wait around a bit for that to clear up.

v2: Thanks to review by DV, make sure we wait the full timeout per-device

Signed-off-by: Chris Lalancette <clalance@redhat.com>
2010-01-22 12:03:49 -05:00
Chris Lalancette
654dd2902d Fix device assignment with root devices
The patches to add ACS checking to PCI device passthrough
introduced a bug.  With the current code, if you try to
passthrough a device on the root bus (i.e. bus 0), then
it denies the passthrough.  This is because the code in
pciDeviceIsBehindSwitchLackingACS() to check for a parent
device doesn't take into account the possibility of the
root bus.  If we are on the root bus, it means we
legitimately can't find a parent, and it also means that
we don't have to worry about whether ACS is enabled.
Therefore return 0 (indicating we don't lack ACS) from
pciDeviceIsBehindSwitchLackingACS().

Signed-off-by: Chris Lalancette <clalance@redhat.com>
2010-01-22 09:42:45 -05:00
Chris Lalancette
54c973d52b Add a rule to check for uses of readlink.
Signed-off-by: Chris Lalancette <clalance@redhat.com>
2010-01-22 09:42:35 -05:00
Chris Lalancette
b195f20f18 Use virFileResolveLink instead of readlink in AppArmor
Signed-off-by: Chris Lalancette <clalance@redhat.com>
2010-01-22 09:38:22 -05:00
Chris Lalancette
1f703731d3 Fix a compile warning in parthelper.c
Signed-off-by: Chris Lalancette <clalance@redhat.com>
2010-01-22 09:37:09 -05:00
Taizo ITO
912f5e5884 Add virConnectGetVersion Python API
adds a new python API call for retrieving the running
hypervisor version used by a connection: virConnectGetVersion

* python/generator.py: skip virConnectGetVersion from autogenerated
* python/libvirt-override-api.xml python/libvirt-override.c: define
  direct native bindings
2010-01-22 11:01:09 +01:00
Jamie Strandboge
e09086b074 Remove AppArmor compile warnings
* src/security/security_apparmor.c: unused variable in
  AppArmorSetSecurityAllLabel and unused parameter in
  AppArmorReleaseSecurityLabel
2010-01-22 10:48:34 +01:00
Chris Lalancette
db2ae2044a Remove unused PROC_MOUNT_BUF_LEN #define 2010-01-22 10:25:44 +01:00
Daniel Veillard
952eb15deb Update polish translation and regenerate localizations 2010-01-22 10:02:16 +01:00
Daniel P. Berrange
e2c03da940 Add docs about new mailing list
* docs/contact.html.in: Document new users mailing list
2010-01-21 16:48:11 +01:00
Adam Litke
80b4d20dfe domMemoryStats / qemu: Fix parsing of unknown stats
Fix a small problem with the qemu memory stats parsing algorithm.  If qemu
reports a stat that libvirt does not recognize, skip past it so parsing can
continue.  This corrects a potential infinite loop in the parsing code that can
only be triggered if new statistics are added to qemu.

* src/qemu/qemu_monitor_text.c: qemuMonitorParseExtraBalloonInfo add a
  skip for extra ','
2010-01-21 16:28:50 +01:00
David Allan
2dccf5ef07 Corrected log level of WWN path message
* src/node_device/node_device_linux_sysfs.c: open_wwn_file() the
  VIR_ERROR resllay should be just a VIR_DEBUG
2010-01-21 15:55:13 +01:00
Daniel Veillard
e5df24a11c Fix an error when looking for devices in syspath
* src/node_device/node_device_udev.c: udevSetupSystemDev() only print the
  error message if lookup failed in both DMI_DEVPATH and DMI_DEVPATH_FALLBACK
2010-01-21 15:45:44 +01:00
Dan Kenigsberg
ca18b7108d Allow surrounding whitespace in uuid
* src/util/uuid.c: extend virUUIDParse to allow leading and trailing
  spaces in UUIDs
2010-01-21 15:32:37 +01:00
Jim Meyering
2c8eb68969 fix "make distcheck" failure
* tests/Makefile.am (qemuhelpdata): Add qemu-0.12.1.
2010-01-21 15:24:15 +01:00
Jim Meyering
d47b6e54fd avoid more format-related warnings
* src/qemu/qemu_conf.c (qemuBuildDriveStr): Use "%s".
* src/qemu/qemu_monitor_json.c (qemuMonitorJSONGetGuestPCIAddress):
(qemuMonitorJSONGetGuestDriveAddress): Likewise.
2010-01-21 15:12:12 +01:00
Jim Meyering
dfff67c082 avoid format-related warnings
* src/conf/domain_conf.c (virDomainDeviceInfoParseXML): Use "%s".
2010-01-21 15:08:25 +01:00
Daniel P. Berrange
6512d09cf8 Fix off-by-1 in SCSI drive hotplug
The loop looking for the controller associated with a SCI drive had
an off by one, causing it to miss the last controller.

* src/qemu/qemu_driver.c: Fix off-by-1 in searching for SCSI
  drive hotplug
2010-01-21 14:00:17 +00:00
Daniel P. Berrange
e3a0c80f1d Fix leak in hotplug code in QEMU driver
The hotplug code in QEMU was leaking memory because although the
inner device object was being moved into the main virDomainDefPtr
config object, the outer container virDomainDeviceDefPtr was not.

 * src/qemu/qemu_driver.c: Clarify code to show that the inner
   device object is owned by the main domain config upon
   successfull attach.
2010-01-21 14:00:16 +00:00
Daniel P. Berrange
5b6782f941 Add configuration option to turn off dynamic permissions management
Add the ability to turn off dynamic management of file permissions
for libvirt guests.

* qemu/libvirtd_qemu.aug: Support 'dynamic_ownership' flag
* qemu/qemu.conf: Document 'dynamic_ownership' flag.
* qemu/qemu_conf.c: Load 'dynamic_ownership' flag
* qemu/test_libvirtd_qemu.aug: Test 'dynamic_ownership' flag
2010-01-21 14:00:16 +00:00
Daniel P. Berrange
2df1657686 Fix security driver calls in hotplug cleanup paths
The hotplug code was not correctly invoking the security driver
in error paths. If a hotplug attempt failed, the device would
be left with VM permissions applied, rather than restored to the
original permissions. Also, a CDROM media that is ejected was
not restored to original permissions. Finally there was a bogus
call to set hostdev permissions in the hostdev unplug code

* qemu/qemu_driver.c: Fix security driver usage in hotplug/unplug
2010-01-21 14:00:16 +00:00
Daniel P. Berrange
b2a2ba71b4 Add missing call to re-attach host devices if VM startup fails
If there is a problem with VM startup, PCI devices may be left
assigned to pci-stub / pci-back. Adding a call to reattach
host devices in the cleanup path is required.

* qemu/qemu_driver.c: qemuDomainReAttachHostDevices() when
  VM startup fails
2010-01-21 14:00:16 +00:00
Daniel P. Berrange
3812c7b42d Switch QEMU driver over to use the DAC security driver
Remove all the QEMU driver calls for setting file ownership and
process uid/gid. Instead wire in the QEMU DAC security driver,
stacking it ontop of the primary SELinux/AppArmour driver.

* qemu/qemu_driver.c: Switch over to new DAC security driver
2010-01-21 14:00:16 +00:00
Daniel P. Berrange
15f5eaa098 Introduce a new DAC security driver for QEMU
This new security driver is responsible for managing UID/GID changes
to the QEMU process, and any files/disks/devices assigned to it.

* qemu/qemu_conf.h: Add flag for disabling automatic file permission
  changes
* qemu/qemu_security_dac.h, qemu/qemu_security_dac.c: New DAC driver
  for QEMU guests
* Makefile.am: Add new files
2010-01-21 14:00:16 +00:00
Daniel P. Berrange
80fd73ca09 Introduce a stacked security driver impl for QEMU
* qemu/qemu_conf.h: Add securityPrimaryDriver and
  securitySecondaryDriver fields to 'struct qemud_driver'
* Makefile.am: Add new files
* qemu/qemu_security_stacked.c, qemu/qemu_security_stacked.h: A
  simple stacked security driver
2010-01-21 14:00:16 +00:00
Daniel P. Berrange
08fd20b04a Pull initial disk labelling out into libvirtd instead of exec hook
Pulling the disk labelling code out of the exec hook, and into
libvirtd will allow it to access shared state in the daemon. It
will also make debugging & error reporting easier / more reliable.

* qemu/qemu_driver.c: Move initial disk labelling calls up into
  libvirtd. Add cleanup of disk labels upon failure
2010-01-21 14:00:16 +00:00
Daniel P. Berrange
9c48360b1a Fix leak of allocated security label
If a VM fails to start, we can't simply free the security label
strings, we must call the domainReleaseSecurityLabel() method
otherwise the reserved 'mcs' level will be leaked in SElinux

* src/qemu/qemu_driver.c: Invoke domainReleaseSecurityLabel()
  when domain fails to start
2010-01-21 14:00:16 +00:00
Daniel P. Berrange
0c0e0d0263 Refactor setup & cleanup of security labels in security driver
The current security driver architecture has the following
split of logic

 * domainGenSecurityLabel

    Allocate the unique label for the domain about to be started

 * domainGetSecurityLabel

    Retrieve the current live security label for a process

 * domainSetSecurityLabel

    Apply the previously allocated label to the current process
    Setup all disk image / device labelling

 * domainRestoreSecurityLabel

    Restore the original disk image / device labelling.
    Release the unique label for the domain

The 'domainSetSecurityLabel' method is special because it runs
in the context of the child process between the fork + exec.

This is require in order to set the process label. It is not
required in order to label disks/devices though. Having the
disk labelling code run in the child process limits what it
can do.

In particularly libvirtd would like to remember the current
disk image label, and only change shared image labels for the
first VM to start. This requires use & update of global state
in the libvirtd daemon, and thus cannot run in the child
process context.

The solution is to split domainSetSecurityLabel into two parts,
one applies process label, and the other handles disk image
labelling. At the same time domainRestoreSecurityLabel is
similarly split, just so that it matches the style. Thus the
previous 4 methods are replaced by the following 6 new methods

 * domainGenSecurityLabel

    Allocate the unique label for the domain about to be started
    No actual change here.

 * domainReleaseSecurityLabel

   Release the unique label for the domain

 * domainGetSecurityProcessLabel

   Retrieve the current live security label for a process
   Merely renamed for clarity.

 * domainSetSecurityProcessLabel

   Apply the previously allocated label to the current process

 * domainRestoreSecurityAllLabel

    Restore the original disk image / device labelling.

 * domainSetSecurityAllLabel

    Setup all disk image / device labelling

The SELinux and AppArmour drivers are then updated to comply with
this new spec. Notice that the AppArmour driver was actually a
little different. It was creating its profile for the disk image
and device labels in the 'domainGenSecurityLabel' method, where as
the SELinux driver did it in 'domainSetSecurityLabel'. With the
new method split, we can have consistency, with both drivers doing
that in the domainSetSecurityAllLabel method.

NB, the AppArmour changes here haven't been compiled so may not
build.
2010-01-21 14:00:16 +00:00
Daniel P. Berrange
81fbb4cb23 Make security drivers responsible for checking dynamic vs static labelling
The QEMU driver is doing 90% of the calls to check for static vs
dynamic labelling. Except it is forgetting todo so in many places,
in particular hotplug is mistakenly assigning disk labels. Move
all this logic into the security drivers themselves, so the HV
drivers don't have to think about it.

* src/security/security_driver.h: Add virDomainObjPtr parameter
  to virSecurityDomainRestoreHostdevLabel and to
  virSecurityDomainRestoreSavedStateLabel
* src/security/security_selinux.c, src/security/security_apparmor.c:
  Add explicit checks for VIR_DOMAIN_SECLABEL_STATIC and skip all
  chcon() code in those cases
* src/qemu/qemu_driver.c: Remove all checks for VIR_DOMAIN_SECLABEL_STATIC
  or VIR_DOMAIN_SECLABEL_DYNAMIC. Add missing checks for possibly NULL
  driver entry points.
2010-01-21 14:00:16 +00:00
David Allan
6aabcb5bd8 Implement support for multi IQN
Allows the initiator to use a variety of IQNs rather than just the
system IQN when creating iSCSI pools.
* docs/schemas/storagepool.rng: extends the syntax with <iqn name="..."/>
* src/conf/storage_conf.[ch]: read and stores the iqn name
* src/storage/storage_backend_iscsi.[ch]: implement the IQN selection
  when detected
2010-01-21 12:50:52 +01:00
Jiri Denemark
39d883bb3d Let make fail when XHTML validation fails
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2010-01-21 09:45:59 +01:00
Laine Stump
623bc48ad8 Fix uses of virFileMakePath
* src/lxc/lxc_container.c src/lxc/lxc_controller.c src/lxc/lxc_driver.c
  src/network/bridge_driver.c src/qemu/qemu_driver.c
  src/uml/uml_driver.c: virFileMakePath returns 0 for success, or the
  value of errno on failure, so error checking should be to test
  if non-zero, not if lower than 0
2010-01-21 00:52:13 +01:00
Laine Stump
62927dd8f0 Create storage pool directories with proper uid/gid/mode
Previously the uid/gid/mode in the xml was ignored when creating new
storage pool directories. This commit attempts to honor the requested
permissions, and spits out an error if it can't.

Note that when creating the directory, the rest of the path leading up
to the final element is created using current uid/gid/mode, and the
final element gets the settings from xml. It is NOT an error for the
directory to already exist; in this case, the perms for the existing
directory are just set (if necessary).

* src/storage/storage_backend_fs.c: update the virStorageBackendFileSystemBuild
  function to check the directory hierarchy separately then create the
  leaf directory with the right attributes
2010-01-21 00:46:32 +01:00
Laine Stump
e1f2778434 Create storage volumes directly with desired uid/gid
In order to avoid problems trying to chown files that were created by
root on a root-squashing nfs server, fork a new process that setuid's
to the desired uid before creating the file. (It's only done this way
if the pool containing the new volume is of type 'netfs', otherwise
the old method of creating the file followed by chown() is used.)

This changes the semantics of the "create_func" slightly - previously
it was assumed that this function just created the file, then the
caller would chown it to the desired uid. Now, create_func does both
operations.

There are multiple functions that can take on the role of create_func:

createFileDir - previously called mkdir(), now calls virDirCreate().
virStorageBackendCreateRaw - previously called open(),
                             now calls virFileCreate().
virStorageBackendCreateQemuImg - use virRunWithHook() to setuid/gid.
virStorageBackendCreateQcowCreate - same.
virStorageBackendCreateBlockFrom - preserve old behavior (but attempt
                                   chown when necessary even if not root)

* src/storage/storage_backend.[ch] src/storage/storage_backend_disk.c
  src/storage/storage_backend_fs.c src/storage/storage_backend_logical.c
  src/storage/storage_driver.c: change the create_func implementations,
  also propagate the pool information to be able to detect NETFS ones.
2010-01-21 00:41:52 +01:00
Laine Stump
98f6f381c8 New utility functions virFileCreate and virDirCreate
These functions create a new file or directory with the given
uid/gid. If the flag VIR_FILE_CREATE_AS_UID is given, they do this by
forking a new process, calling setuid/setgid in the new process, and
then creating the file. This is better than simply calling open then
fchown, because in the latter case, a root-squashing nfs server would
create the new file as user nobody, then refuse to allow fchown.

If VIR_FILE_CREATE_AS_UID is not specified, the simpler tactic of
creating the file/dir, then chowning is is used. This gives better
results in cases where the parent directory isn't on a root-squashing
NFS server, but doesn't give permission for the specified uid/gid to
create files. (Note that if the fork/setuid method fails to create the
file due to access privileges, the parent process will make a second
attempt using this simpler method.)

If the bit VIR_FILE_CREATE_ALLOW_EXIST is set in the flags, an
existing file/directory will not cause an error; in this case, the
function will simply set the permissions of the file/directory to
those requested. If VIR_FILE_CREATE_ALLOW_EXIST is not specified, an
existing file/directory is considered (and reported as) an error.

Return from both of these functions is 0 on success, or the value of
errno if there was a failure.

* src/util/util.[ch]: add the 2 new util functions
2010-01-21 00:33:43 +01:00
Laine Stump
d2259ada49 Add virRunWithHook util function
* src/util/util.[ch]: similar to virExecWithHook, but waits for child to
  exit. Useful for doing things like setuid after the fork but before the
  exec.
2010-01-21 00:30:36 +01:00