Commit Graph

15726 Commits

Author SHA1 Message Date
John Ferlan
344d480611 Revert "lxc_cgroup: Add check for NULL cgroup before AddTask call"
This reverts commit ae09988eb7.

Since commit id '71ce4759' has been reverted, this one is no
longer necessary.
2016-01-14 11:01:50 -05:00
John Ferlan
d41bd09596 Revert "util: cgroups do not implicitly add task to new machine cgroup"
This reverts commit 71ce475967.

Since commit id 'a41c00b47' has been reverted, this no longer is
necessary
2016-01-14 11:00:25 -05:00
John Ferlan
f8f6907284 Revert "qemu: do not put a task into machine cgroup"
This reverts commit a41c00b472.

After much testing and upstream discussion this has been deemed to be
the incorrect operation since it means we no longer have any guarantee
about which resource controllers the QEMU processes in general are in.
2016-01-14 10:56:53 -05:00
Cédric Bosdonnat
c726af2d5a virt-aa-helper: don't deny writes to readonly mounts
There is no need to deny writes on a readonly mount: write still
won't be accepted, even if the user remounts the folder as RW in
the guest as qemu sets the 9p mount as ro.

This deny rule was leading to problems for example with readonly /:
The qemu process had to write to a bunch of files in / like logs,
sockets, etc. This deny rule was also preventing auditing of these
denials, making it harder to debug.
2016-01-14 15:42:05 +01:00
John Ferlan
3e2d637458 conf: Initialize 'deflate' for balloon parse XML
Commit id '7bf3198df' neglected to initialize deflate leading to a
possibility if model allocation/checks fail, then the VIR_FREE(deflate)
would be erroneous. Noted by Jan Tomko.
2016-01-14 05:54:58 -05:00
Michal Privoznik
e988ba94aa qemuProcessCleanupChardevDevice: Don't unlink NULL paths
So, you try to start a domain, but before we even get to the part
where chardev part of qemu command line is generated (and
possibly missing path to unix sockets is made up) an error occurs
which results in calling qemuProcessStop. This will then try to
clean up the mess and possibly ends up calling unlink(NULL).

==8085== Thread 3:
==8085== Syscall param unlink(pathname) points to unaddressable byte(s)
==8085==    at 0xA85EA57: unlink (in /lib64/libc-2.21.so)
==8085==    by 0x213D3C24: qemuProcessCleanupChardevDevice (qemu_process.c:2866)
==8085==    by 0x558D6B1: virDomainChrDefForeach (domain_conf.c:22924)
==8085==    by 0x213DA9AE: qemuProcessStop (qemu_process.c:5326)
==8085==    by 0x213DA2F2: qemuProcessStart (qemu_process.c:5190)
==8085==    by 0x2142957F: qemuDomainObjStart (qemu_driver.c:7396)
==8085==    by 0x214297DB: qemuDomainCreateWithFlags (qemu_driver.c:7450)
==8085==    by 0x21429842: qemuDomainCreate (qemu_driver.c:7468)
==8085==    by 0x5611B95: virDomainCreate (libvirt-domain.c:6753)
==8085==    by 0x125D9A: remoteDispatchDomainCreate (remote_dispatch.h:3613)
==8085==    by 0x125CB7: remoteDispatchDomainCreateHelper (remote_dispatch.h:3589)
==8085==    by 0x568BF41: virNetServerProgramDispatchCall (virnetserverprogram.c:437)
==8085==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
==8085==

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-01-13 11:30:38 +01:00
Jim Fehlig
71daae9671 xenconfig: check return value of regcomp
Commit ec63000a missed checking the return value of regcomp(),
which coverity promptly identified.
2016-01-12 14:22:54 -07:00
Jim Fehlig
6564de5e95 Xen: use correct domctl version in domaininfolist union
Commmit fd2e3c4c used the domctl version 8 structure for version 9
in the xen_getdomaininfolist union, resulting in insufficient buffer
size (and subsequent memory corruption) for the GETDOMAININFOLIST
ioctl.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
2016-01-12 10:37:56 -07:00
Dmitry Andreev
981c01d419 qemu: add support of optional 'autodeflate' attribute
Autodeflate can be enabled/disabled for memballon device
of model 'virtio'.

xml:
<devices>
  <memballoon model='virtio' autodeflate='on'/>
</devices>

qemu:
qemu -device virtio-balloon-pci,...,deflate-on-oom=on

Autodeflate cannot be enabled/disabled for running domain.
2016-01-12 10:48:21 -05:00
Dmitry Andreev
3522a311ea qemu: add capability check for memballoon 'deflate-on-oom' feature
Add appropriate capability check and new virQEMUCaps flag for the new
virtio balloon feature. QEMU commit with the complete feature description:
http://git.qemu.org/?p=qemu.git;a=commit;h=e3816255bf4b6377bb405331e2ee0dc14d841b80
2016-01-12 10:48:21 -05:00
Dmitry Andreev
7bf3198df6 conf: introduce 'autodeflate' attribute for memballoon device
Excessive memory balloon inflation can cause invocation of OOM-killer,
when Linux is under severe memory pressure. QEMU memballoon device
has a feature to release some memory at the last moment before some
process will be get killed by OOM-killer.

Introduce a new optional balloon device attribute 'autodeflate' to
enable or disable this feature.
2016-01-12 10:48:21 -05:00
Cole Robinson
2eb7a97575 rpc: socket: Don't repeatedly attempt to launch daemon
On every socket connect(2) attempt we were re-launching session
libvirtd, up to 100 times in 5 seconds.

This understandably caused some weird load races and intermittent
qemu:///session startup failures

https://bugzilla.redhat.com/show_bug.cgi?id=1271183
2016-01-12 10:45:45 -05:00
Cole Robinson
8da02d5280 rpc: socket: Explicitly error if we exceed retry count
When we autolaunch libvirtd for session URIs, we spin in a retry
loop waiting for the daemon to start and the connect(2) to succeed.

However if we exceed the retry count, we don't explicitly raise an
error, which can yield a slew of different error messages elsewhere
in the code.

Explicitly raise the last connect(2) failure if we run out of retries.
2016-01-12 10:45:45 -05:00
Cole Robinson
f102c7146e rpc: socket: Minor cleanups
- Add some debugging
- Make the loop dependent only on retries
- Make it explicit that connect(2) success exits the loop
- Invert the error checking logic
2016-01-12 10:45:45 -05:00
Roman Bogorodskiy
bc451c4980 Add missing virxdrdefs.h include to log_protocol
Commit 2b6f6ad introduced the virxdrdefs.h header with
common definitions to be included in the protocol files,
but logging/log_protocol.x was missed, so add it there as well.

Hopefully this fixes build on OS X.
2016-01-12 18:15:09 +03:00
Ben Gray
133c511b52 rpc: Don't rewrite msg->fds on every read dispatch
When we are receiving data in smaller chunks it might happen that
virNetServerClientDispatchRead() will be called multiple times.  And as
that happens, if it is a message that also transfer headers, we decode
the number of them every single time and, unfortunately, also allocate
the memory for them.  That causes a leak, in the best scenario.

Best viewed with '-w'.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2016-01-12 08:56:50 +01:00
Laine Stump
21e63916dc util: eliminate bogus error log in virNetDevVPortProfileGetStatus
if instanceId is NULL

When virNetDevVPortProfileGetStatus() was called with instanceId =
NULL (which is the case for all DISASSOCIATE requests in 802.1Qbh) it
would log the following error:

   Could not find netlink response with expected parameters

even though the disassociate had been successfully completely. Then,
due to the fortunate coincidence of status having been initialized to
0 and then not changed when the "failure" was encountered, it would
still return a status of 0 (PORT_VDP_RESPONSE_SUCCESS), so the caller
would assume a successful operation.

This would result in a spurious log message though, and would fill in
LastErrorMessage, so that the API would return that error if it
happened during cleanup from some other error. That, in turn, would
lead to an incorrect supposition that the response to the port profile
disassociate was the cause of the failure.

During debugging, I noticed that the VF in question usually had *no
uuid* associated with it (big surprise)by the time the disassociate
completed, so the solution is *not* to send the previous instanceId
down.

This patch fixes virNetDevVPortProfileGetStatus() to only check the
VF's uuid in the status if it was given an instanceId to check against
when originally called. Otherwise it only checks that the particular
VF is present (it will be).

This does cause a slight difference in behavior - rather than
returning with status unchanged (and thus always 0) it will actually
get the IFLA_PORT_RESPONSE. This could lead to revelation of error
conditions we were previously ignoring. Or not. So far "not".
2016-01-11 17:09:28 -05:00
Laine Stump
47b830370a qemu: use enum when setting PCI "multi" value, not 0 or 1
Use the VIR_TRISTATE_SWITCH_* enums appropriately.

No functional change.
2016-01-11 15:13:54 -05:00
Laine Stump
bd04ad42e7 qemu: auto-add a USB2 controller set for Q35 machines
Use virDomainDefAddUSBController() to add an EHCI1+UHCI1+UHCI2+UHCI3
controller set to newly defined Q35 domains that don't have any USB
controllers defined.
2016-01-11 13:21:10 -05:00
Laine Stump
8ebca27bb7 qemu: define virDomainDevAddUSBController()
This new function will add a single controller of the given model,
except the case of ich9-usb-ehci1 (the master controller for a USB2
controller set) in which case a set of related controllers will be
added (EHCI1, UHCI1, UHCI2, UHCI3). These controllers will not be
given PCI addresses, but should be otherwise ready to use.

"-1" is allowed for controller model, and means "default for this
machinetype". This matches the existing practice in
qemuDomainDefPostParse(), which always adds the default controller
with model = -1, and relies on the commandline builder to set a model
(that is wrong, but will be fixed later).
2016-01-11 13:16:51 -05:00
Laine Stump
ed64d92bea conf: add virDomainDefAddController()
We need a virDomainDefAddController() that doesn't check for an
existing controller at the same index (since USB2 controllers must be
added in sets of 4 that are all at the same index), so rather than
duplicating the code in virDomainDefMaybeAddController(), split it
into two functions, in the process eliminating existing duplicated
code that loops through the controller list by calling
virDomainControllerFind(), which does the same thing).
2016-01-11 13:08:26 -05:00
Laine Stump
163338ec28 qemu: prefer 00:1D.x and 00:1A.x for USB2 controllers on Q35
The real Q35 machine puts the first USB controller set (EHCI+(UHCIx4))
on bus 0 slot 0x1D, and the 2nd USB controller set on bus 0 slot 0x1A,
so let's attempt to make the virtual machine match that for
controllers with auto-assigned addresses when possible.

Three test cases were added to assure that the proper addresses are
assigned - one with a single set of unaddressed USB controllers, one
with 3 (to grab both preferred slots plus one more), and one with the
order of the controller definitions reordered, to assure that the
auto-assignment isn't mixed up by order.
2016-01-11 13:04:17 -05:00
Laine Stump
7dbb5fce06 qemu: don't assume slot 0 is unused/reserved.
When qemuAssignDevicePCISlots() is looking for companion controllers
for a USB controller that has no PCI address specified, it initializes
a virDevicePCIAddress to 0000:00:00.0, fills it in with the
companion's address if one is found, then checks whether or not there
was a find based on slot == 0. On a system with a single PCI bus, that
is a valid way to check, because slot 0 is reserved, but on most other
PCI buses, slot 0 is not reserved, and is open for use by any
device. This patch adds a separate bool that is set when a companion
is found rather than relying on the faulty information provided with
"slot == 0".
2016-01-11 12:58:40 -05:00
Jasper Lievisse Adriaanse
2b6f6ad64b Unify int types handling in protocol files
Some of the protocol files already include handing of the missing int
types such as xdr_uint64_t, some don't. To fix it everywhere, move out
of the appropriate defines to the utils/virxdrdefs.h file and include
it where needed.

Signed-off-by: Roman Bogorodskiy <bogorodskiy@gmail.com>
2016-01-11 19:56:06 +03:00
Jasper Lievisse Adriaanse
91b423beb7 Use struct sockpeercred when available
OpenBSD uses 'struct sockpeercred' instead of 'struct ucred'. Add a
configure check that detects its presence and use if in the code that
could be compiled on OpenBSD.

Signed-off-by: Roman Bogorodskiy <bogorodskiy@gmail.com>
2016-01-11 19:56:06 +03:00
Jasper Lievisse Adriaanse
1b60f1b401 cgroup: don't include sys/mount.h if not needed
As cgroup implementation only works on Linux, it does not
make much sense to include sys/mount.h if other requirements are
not met, such as HAVE_MNTENT_H and HAVE_GETMNTENT_R.

Also, it fixes build on OpenBSD that requires to include sys/param.h
along with sys/mount.h.

Signed-off-by: Roman Bogorodskiy <bogorodskiy@gmail.com>
2016-01-11 19:56:06 +03:00
Michal Privoznik
0a84286d8f qemu: Introduce QEMU_CAPS_VSERPORT_CHANGE
This capability tells if qemu is capable of vserport_change
events.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-01-11 17:17:52 +01:00
Michal Privoznik
d5762cc034 qemu: change qemuFindAgentConfig return type
While this is no functional change, whole channel definition is
going to be needed very soon. Moreover, while touching this obey
const correctness rule in qemuAgentOpen() - so far it was passed
regular pointer to channel config even though the function is
expected to not change pointee at all. Pass const pointer
instead.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-01-11 17:17:52 +01:00
Michal Privoznik
2f50445537 qemu: Set virtio channel state sooner
In qemu driver we listen to virtio channel events like an agent
connected to or disconnected from the guest part of socket.
However, with a little exception - when we find out that the
socket in question is the guest agent one, we connect or
disconnect guest agent which is done prior setting new state in
internal structure. Due to a bug in our code it may happen that
we got the event but failed to set it in internal structure
representing the channel.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-01-11 17:16:29 +01:00
Martin Kletzander
6dc0e4f171 Fix LSB requirements in service script and sync them
Commit b22344f328 mistakenly reordered
Default-* lines.  Thanks to that I noticed that we are very inconsistent
with our init scripts, so I took the liberty of synchronizing them,
updating them and making them all look shiny and new.  So apart from
fixing the LSB requirements, I also fixed the ordering, specified
runlevels and fix the link to the reference specification.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2016-01-11 15:49:13 +01:00
Michal Privoznik
506e9d6c2d virDomainGetTime: Deny on RO connections
We have a policy that if API may end up talking to a guest agent
it should require RW connection. We don't obey the rule in
virDomainGetTime().

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-01-11 13:36:19 +01:00
Michal Privoznik
95c370f0ee virDomainInterfaceAddresses: Allow API on RO connection too
This API does not change domain state. However, we have a policy
that an API talking to a guest agent requires RW access. But that
happens only if source == VIR_DOMAIN_INTERFACE_ADDRESSES_SRC_AGENT.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-01-11 13:36:19 +01:00
Martin Kletzander
8223bd22ed Don't clear libvirt-internal paths when parsing status XML
Earlier commit 7140807917 forgot to deal
properly with status XMLs where we want the libvirt-internal paths to be
kept in place and not cleared, otherwise we could end up copying a NULL
string and segfaulting th daemon.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2016-01-11 10:54:50 +01:00
Martin Kletzander
93103da84b Provide parse flags to PostParse functions
This way both Domain and Device PostParse functions can act based on the
flags.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2016-01-11 10:54:50 +01:00
Cole Robinson
fde937bda0 qemu: command: wire up usage of q35/ich9 disable s3/s4
If the q35 specific disable s3/s4 setting isn't supported, fallback to
specifying the PIIX setting, which is the previous behavior. It doesn't
have any effect, but qemu will just warn about it rather than error:

  qemu-system-x86_64: Warning: global PIIX4_PM.disable_s3=1 not used
  qemu-system-x86_64: Warning: global PIIX4_PM.disable_s4=1 not used

Since it doesn't error, I don't think we should either, since there
may be configs in the wild that already have q35 + disable_s3/4 (via
virt-manager)
2016-01-10 15:16:38 -05:00
Cole Robinson
c77fd89000 qemu: caps: check for q35/ICH9 disable S3/S4
Update test data to match
2016-01-10 14:59:53 -05:00
Cole Robinson
5900356efb qemu: caps: Rename CAPS_DISABLE_S[34] to CAPS_PIIX_DISABLE_S[34]
These settings are specific to PIIX, so clarify it
2016-01-10 14:59:53 -05:00
Cole Robinson
ab963449dc qemu: capabilities: s/Pixx/Piix/g
The chipset is called PIIX; the functions are misnamed
2016-01-10 14:59:53 -05:00
Michal Privoznik
b7fac9f77f virDomainMigrateUnmanagedParams: Don't blindly dereference @dconnuri
This function may be called with @dconnuri == NULL, e.g. from
virDomainMigrateToURI3() if the flags are missing
VIR_MIGRATE_PEER2PEER flag. Moreover, all later functions called
from here do wrap it into NULLSTR() so why not do the same here?

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-01-09 18:44:44 +01:00
Martin Kletzander
8156493d8d Fix USB model defaults for ppc64
The condition was checking for UHCI (and OHCI for ppc64) availability so
that it can specify the proper device instead of legacy usb.  However,
for ppc64, we don't need to check both OHCI and UHCI, but only OHCI as
that is the legacy default.  The condition is so big that it was just a
matter of time when someone will make a mistake there, so let's use more
lines so that it is visible what the condition checks for.

This fixes usage of -device instead of -usb for ppc64 that supports
pci-usb-ohci and does not support piix3-usb-uhci.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1297020

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2016-01-09 18:39:17 +01:00
Jim Fehlig
f988ecfb34 libxl: support vif outgoing bandwidth QoS
The libxl_device_nic structure supports specifying an outgoing rate
limit based on a time interval and bytes allowed per interval. In xl
config a rate limit is specified as "<RATE>/s@<INTERVAL>". INTERVAL
is optional and defaults to 50ms.

libvirt expresses outgoing limits by average (required), peak, burst,
and floor attributes in units of KB/s. This patch supports the outgoing
bandwidth limit by converting the average KB/s to bytes per interval
based on the same default interval (50ms) used by xl.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
2016-01-08 18:56:00 -07:00
Jim Fehlig
ec63000a62 xenconfig: support vif bandwidth in xm and xl parser and formatter
Both xm and xl config have long supported specifying vif rate
limiting, e.g.

vif = [ 'mac=00:16:3E:74:3d:76,bridge=br0,rate=10MB/s' ]

Add support for mapping rate to and from <bandwidth> in the xenconfig
parser and formatter. rate is mapped to the required 'average' attribute
of the <outbound> element, e.g.

  <interface type='bridge'>
    ...
    <bandwidth>
      <outbound average='10240'/>
    </bandwidth>
  </interface>

Also add a unit test to check the conversion logic.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
2016-01-08 18:56:00 -07:00
Jim Fehlig
1dd34bbb4b xenconfig: support vif bandwidth in sexpr parser and formatter
The xen sexpr config format has long supported specifying vif rate
limiting, e.g.

  (device
    (vif
      (mac '00:16:3e:1b:b1:47')
      (rate '10240KB/s')
      ...
    )
  )

Add support for mapping rate to and from <bandwidth> in the xenconfig
sexpr parser and formatter. rate is mapped to the required 'average'
attribute of the <outbound> element, e.g.

  <interface type='bridge'>
    ...
    <bandwidth>
      <outbound average='10240'/>
    </bandwidth>
  </interface>

Also add unit tests to check the conversion logic.

This patch benefits both the old xen driver and the libxl driver.
Both drivers gain support for vif bandwidth when converting to/from
domXML and xen-sxpr. In addition, the old xen driver will now be
able to handle vif 'rate' setting when communicating with xend.
2016-01-08 18:56:00 -07:00
Cole Robinson
3d92a000ff qemu: Fix crash when defining XML with bogus emulator
We weren't checking for failure of qemuCaps lookup
2016-01-08 20:05:31 -05:00
Laine Stump
79ba107670 util: add missing newline
Somehow I managed to backspace over the newline between the closing
brace and goto cleanup; in commit 36e244f3.
2016-01-08 14:09:31 -05:00
Cole Robinson
74abc3deac qemu: Handle SecurityManagerVerify in post parse
Rather than open coding calls. I can't see any reason not to
2016-01-08 13:25:21 -05:00
Cole Robinson
a8b628e7a8 qemu: Handle CanonicalizeMachine in post parse
Rather than open coding calls. I can't see any reason not to
2016-01-08 13:25:20 -05:00
Cole Robinson
9cec6239c1 qemu: domain: split out post parse default device handling
Should be a no-op
2016-01-08 13:25:20 -05:00
Cole Robinson
ee719cdcca domain: separate out function for post parse timer validation
This should be a no-op
2016-01-08 13:25:20 -05:00
Cole Robinson
11de45bb71 domain: separate out function for post parse console compat
This should be a no-op
2016-01-08 13:25:20 -05:00