Commit Graph

50 Commits

Author SHA1 Message Date
Daniel P. Berrangé
09d37f9d65 interface: acquire a pidfile in the driver root directory
When we allow multiple instances of the driver for the same user
account, using a separate root directory, we need to ensure mutual
exclusion. Use a pidfile to guarantee this.

In privileged libvirtd this ends up locking

   /var/run/libvirt/interface/driver.pid

In unprivileged libvirtd this ends up locking

  /run/user/$UID/libvirt/interface/run/driver.pid

NB, the latter can vary depending on $XDG_RUNTIME_DIR

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-11 12:46:20 +01:00
Ján Tomko
0f110d5ac8 Use NULLSTR_EMPTY
Instead of repetitive:
  s ? s : ""
use NULLSTR_EMPTY.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2019-02-14 14:09:38 +01:00
Cole Robinson
af36f8a641 Require a semicolon for VIR_ONCE_GLOBAL_INIT calls
Missing semicolon at the end of macros can confuse some analyzers
(like cppcheck <filename>). VIR_ONCE_GLOBAL_INIT is almost
exclusively called without an ending semicolon, but let's
standardize on using one like the other macros.

Add a dummy struct definition at the end of the macro, so
the compiler will require callers to add a semicolon.

Reviewed-by: John Ferlan <jferlan@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
2019-02-03 17:46:29 -05:00
Daniel P. Berrangé
600462834f Remove all Author(s): lines from source file headers
In many files there are header comments that contain an Author:
statement, supposedly reflecting who originally wrote the code.
In a large collaborative project like libvirt, any non-trivial
file will have been modified by a large number of different
contributors. IOW, the Author: comments are quickly out of date,
omitting people who have made significant contribitions.

In some places Author: lines have been added despite the person
merely being responsible for creating the file by moving existing
code out of another file. IOW, the Author: lines give an incorrect
record of authorship.

With this all in mind, the comments are useless as a means to identify
who to talk to about code in a particular file. Contributors will always
be better off using 'git log' and 'git blame' if they need to  find the
author of a particular bit of code.

This commit thus deletes all Author: comments from the source and adds
a rule to prevent them reappearing.

The Copyright headers are similarly misleading and inaccurate, however,
we cannot delete these as they have legal meaning, despite being largely
inaccurate. In addition only the copyright holder is permitted to change
their respective copyright statement.

Reviewed-by: Erik Skultety <eskultet@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-12-13 16:08:38 +00:00
Michal Privoznik
10f94828ea virobject: Introduce VIR_CLASS_NEW() macro
So far we are repeating the following lines over and over:

  if (!(virSomeObjectClass = virClassNew(virClassForObject(),
                             "virSomeObject",
                             sizeof(virSomeObject),
                             virSomeObjectDispose)))
      return -1;

While this works, it is impossible to do some checking. Firstly,
the class name (the 2nd argument) doesn't match the name in the
code in all cases (the 3rd argument). Secondly, the current style
is needlessly verbose. This commit turns example into following:

  if (!(VIR_CLASS_NEW(virSomeObject,
                      virClassForObject)))
      return -1;

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2018-04-18 10:04:55 +02:00
Daniel P. Berrangé
4c8574c85c driver: ensure NULL URI isn't passed to drivers with whitelisted URIs
Ensuring that we don't call the virDrvConnectOpen method with a NULL URI
means that the drivers can drop various checks for NULL URIs. These were
not needed anymore since the probe functionality was split

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-04-12 16:52:02 +01:00
Daniel P. Berrangé
8e4f9a2773 driver: declare supported URI schemes in virConnectDriver struct
Declare what URI schemes a driver supports in its virConnectDriver
struct. This allows us to skip trying to open the driver entirely
if the URI scheme doesn't match.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-04-12 16:52:02 +01:00
Daniel P. Berrangé
3714cc952d driver: allow drivers to indicate if they permit remote connections
Add a localOnly flag to the virConnectDriver struct which allows a
driver to indicate whether it is local-only, or permits remote
connections. Stateful drivers running inside libvirtd are generally
local only. This allows us to remote the check for uri->server != NULL
from most drivers.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-04-12 16:52:02 +01:00
Daniel P. Berrangé
3bd64d3306 interface: allow opening with interface:///system and interface:///session URIs
Allow the possibility of opening a connection to only the interface
driver, by defining interface:///system and interface:///session URIs
and registering a fake hypervisor driver that supports them.

The hypervisor drivers can now directly open a interface driver
connection at time of need, instead of having to pass around a
virConnectPtr through many functions. This will facilitate the later
change to support separate daemons for each driver.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-01-31 17:45:51 +00:00
Wang King
1b1b045915 interface: Fix resource leak in netcfConnectListAllInterfaces error path
On virGetInterface failure, call virInterfaceDefFree for the @def.
2017-04-12 10:38:24 +02:00
John Ferlan
eabeff8ea3 conf: Introduce virinterfaceobj
Move all the InterfaceObj API's into their own module virinterfaceobj
from the interface_conf

Purely code motion at this point.
2017-03-06 07:07:01 -05:00
Laine Stump
ce692d5ea6 interface: let netcf pre-filter for active vs. inactive
If a system has a large number of active or active interfaces, it can
be a big waste of time to retrieve and qualify all interfaces if the
caller only wanted one subset. Since netcf has a simple flag for this,
translate the libvirt flag into a netcf flag and let netcf pre-filter.
2015-10-02 11:16:11 -04:00
Laine Stump
070732735f interface: re-use name and mac address rather than re-retrieving
Getting the MAC address of an interface is actually fairly expensive,
and we've already gotten it and stored it into def, so just keep def
around a bit longer and retrieve it from there.

This reduces the time for "virsh iface-list --all" from 28 to 23
seconds when there are 400 interfaces.
2015-10-02 11:16:11 -04:00
Laine Stump
6fda6699e5 interface: report correct interface count when not returning list
The spec for virConnectListAllInterfaces says that if the pointer that
is supposed to hold the list of interfaces is NULL, the function
should just return the count of interfaces that matched the filter,
but the code never increments the count if the list pointer is NULL.
2015-10-02 11:16:11 -04:00
Laine Stump
ead2df32ba interface: fail on OOM from virGetInterface() 2015-10-02 11:16:11 -04:00
Daniel P. Berrange
55ea7be7d9 Removing probing of secondary drivers
For stateless, client side drivers, it is never correct to
probe for secondary drivers. It is only ever appropriate to
use the secondary driver that is associated with the
hypervisor in question. As a result the ESX & HyperV drivers
have both been forced to do hacks where they register no-op
drivers for the ones they don't implement.

For stateful, server side drivers, we always just want to
use the same built-in shared driver. The exception is
virtualbox which is really a stateless driver and so wants
to use its own server side secondary drivers. To deal with
this virtualbox has to be built as 3 separate loadable
modules to allow registration to work in the right order.

This can all be simplified by introducing a new struct
recording the precise set of secondary drivers each
hypervisor driver wants

struct _virConnectDriver {
    virHypervisorDriverPtr hypervisorDriver;
    virInterfaceDriverPtr interfaceDriver;
    virNetworkDriverPtr networkDriver;
    virNodeDeviceDriverPtr nodeDeviceDriver;
    virNWFilterDriverPtr nwfilterDriver;
    virSecretDriverPtr secretDriver;
    virStorageDriverPtr storageDriver;
};

Instead of registering the hypervisor driver, we now
just register a virConnectDriver instead. This allows
us to remove all probing of secondary drivers. Once we
have chosen the primary driver, we immediately know the
correct secondary drivers to use.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2015-01-27 12:02:04 +00:00
John Ferlan
c56a591a84 Replace virInterfaceFree with virObjectUnref
Since virInterfaceFree will call virObjectUnref anyway, let's just use that
directly so as to avoid the possibility that we inadvertently clear out
a pending error message when using the public API.
2014-12-02 11:03:41 -05:00
Daniel P. Berrange
6cc9855127 Remove use of networkPrivateData from netcf driver
The shared netcf driver is stateful and inside the daemon so
there is no need to use the networkPrivateData field to get the
driver handle. Just access the global driver handle directly.
2014-11-07 11:12:50 +01:00
Eric Blake
ff99c79195 maint: avoid static zero init in helpers
C guarantees that static variables are zero-initialized.  Some older
compilers (and also gcc -fno-zero-initialized-in-bss) create larger
binaries if you explicitly zero-initialize a static variable.

* src/conf/nwfilter_conf.c: Fix initialization.
* src/cpu/cpu_x86.c: Likewise.
* src/interface/interface_backend_netcf.c: Likewise.
* src/locking/lock_daemon.c: Likewise.
* src/locking/lock_driver_lockd.c: Likewise.
* src/locking/lock_driver_sanlock.c: Likewise.
* src/network/bridge_driver.c: Likewise.
* src/node_device/node_device_udev.c: Likewise.
* src/nwfilter/nwfilter_learnipaddr.c: Likewise.
* src/rpc/virnetserver.c: Likewise.
* src/security/security_selinux.c
(virSecuritySELinuxGenSecurityLabel): Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-10-29 09:55:09 -06:00
Eric Blake
625e04a86e maint: use hanging curly braces
Our style overwhelmingly uses hanging braces (the open brace
hangs at the end of the compound condition, rather than on
its own line), with the primary exception of the top level function
body.  Fix the few remaining outliers, before adding a syntax
check in a later patch.

* src/interface/interface_backend_netcf.c (netcfStateReload)
(netcfInterfaceClose, netcf_to_vir_err): Correct use of { in
compound statement.
* src/conf/domain_conf.c (virDomainHostdevDefFormatSubsys)
(virDomainHostdevDefFormatCaps): Likewise.
* src/network/bridge_driver.c (networkAllocateActualDevice):
Likewise.
* src/util/virfile.c (virBuildPathInternal): Likewise.
* src/util/virnetdev.c (virNetDevGetVirtualFunctions): Likewise.
* src/util/virnetdevmacvlan.c
(virNetDevMacVLanVPortProfileCallback): Likewise.
* src/util/virtypedparam.c (virTypedParameterAssign): Likewise.
* src/util/virutil.c (virGetWin32DirectoryRoot)
(virFileWaitForDevices): Likewise.
* src/vbox/vbox_common.c (vboxDumpNetwork): Likewise.
* tests/seclabeltest.c (main): Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-09-04 15:18:43 -06:00
Nehal J Wani
3d5c29a17c Fix typos in src/*
Fix minor typos in source comments

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-04-21 16:49:08 -06:00
Laine Stump
7284c499e5 interface: dump inactive xml when interface isn't active
Other drivers in libvirt (e.g. network, qemu) will automatically
return the "inactive" (persistent configuration) XML of an object when
that object is inactive. The netcf backend of the interface driver
would always try to return the live status XML of the interface, even
when it was down. Although netcf does return valid XML in that case,
for bond interfaces it is missing almost all of its content, including
the <bond> subelement itself, leading to this error message from
"virsh iface-dumpxml" of a bond interface that is inactive:

  error: XML error: bond interface misses the bond element

(this is because libvirt's validation of the XML returned by netcf
always requires a <bond> element be present).

This patch modifies the interface driver netcf backend to check if the
interface is inactive, and in that case always return the inactive XML
(which will always have a <bond> element, thus eliminating the error
message, as well as making operation more in line with other drivers.

This fixes the following bug:

  https://bugzilla.redhat.com/show_bug.cgi?id=878394
2014-04-07 16:25:40 +03:00
Ján Tomko
9e7ecabf94 Indent top-level labels by one space in the rest of src/ 2014-03-25 14:58:40 +01:00
Martin Kletzander
95aed7febc Use K&R style for curly braces in remaining files
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2014-03-20 17:27:17 +01:00
Daniel P. Berrange
2835c1e730 Add virLogSource variables to all source files
Any source file which calls the logging APIs now needs
to have a VIR_LOG_INIT("source.name") declaration at
the start of the file. This provides a static variable
of the virLogSource type.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-03-18 14:29:22 +00:00
Pavel Hrdina
b396fae9e2 Fix issue found by coverity and cleanup
Coverity found an issue in lxc_driver and uml_driver that we don't
check the return value of register functions.

I've also updated all other places and unify the way we check the
return value.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2014-03-17 15:02:51 +01:00
Ján Tomko
9b9d7704b5 Change file names in comments to match the files they are in
Some of these are leftovers from renaming the files, others
are just typos.

Also introduce an ugly awk script to enforce this.
2014-03-10 14:26:04 +01:00
Michal Privoznik
5bd7ac029e interface: Take interface status into account when starting and destroying
https://bugzilla.redhat.com/show_bug.cgi?id=956994

Currently, it is possible to start an interface that is already running:

 # virsh iface-start eth2
 Interface eth2 started

 # echo $?
 0

 # virsh iface-start eth2
 Interface eth2 started

 # echo $?
 0

 # virsh iface-start eth2
 Interface eth2 started

 # echo $?
 0

Same applies for destroying a dead interface. We should not allow such
state transitions.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-12-24 17:20:00 +01:00
Michal Privoznik
50f5468c96 interface: Introduce netcfInterfaceObjIsActive
This function barely wraps ncf_if_status() and error handling code.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-12-24 17:20:00 +01:00
Christophe Fergeau
68eb3709a1 netcf: Don't complain when cleanup is called before init
netcfStateInitialize() initializes the driverState variable,
and when netcfStateCleanup is called, it will call virReportError()
if driverState is NULL.
This is not consistent with what other state objects are doing,
they return -1 without reporting an error in such cases.

See also
https://www.redhat.com/archives/libvir-list/2013-October/msg00809.html:

On Thu, Oct 17, 2013 at 01:40:19PM +0100, Daniel P. Berrange wrote:
> We don't want virStateCleanup to skip execution if virStateInitialize
> has failed though - every callback in virStateCleanup should be written
> to be safe if its corresponding init function hasn't run.
2013-10-18 14:31:51 +02:00
Laine Stump
822fe1367d netcf driver: use a single netcf handle for all connections
This resolves: https://bugzilla.redhat.com/show_bug.cgi?id=983026

The netcf interface driver previously had no state driver associated
with it - as a connection was opened, it would create a new netcf
instance just for that connection, and close it when it was
finished. the problem with this is that each connection to libvirt
used up a netlink socket, and there is a per process maximum of ~1000
netlink sockets.

The solution is to create a state driver to go along with the netcf
driver. The state driver will opens a netcf instance, then all
connections share that same netcf instance, thus only a single
netlink socket will be used no matter how many connections are mde to
libvirtd.

This was rather simple to do - a new virObjectLockable class is
created for the single driverState object, which is created in
netcfStateInitialize and contains the single netcf handle; instead of
creating a new object for each client connection, netcfInterfaceOpen
now just increments the driverState object's reference count and puts
a pointer to it into the connection's privateData. Similarly,
netcfInterfaceClose() just un-refs the driverState object (as does
netcfStateCleanup()), and virNetcfInterfaceDriverStateDispose()
handles closing the netcf instance. Since all the functions already
have locking around them, the static lock functions used by all
functions just needed to be changed to call virObjectLock() and
virObjectUnlock() instead of directly calling the virMutex* functions.
2013-09-12 07:33:24 -04:00
Laine Stump
4c5fa43097 rename "struct interface_driver" to virNetcfDriverState
This better fits the modern naming scheme in libvirt, and anticipates
an upcoming change where a single instance of this state will be
maintained by a separate state driver, and every instance of the netcf
driver will share the same state.
2013-09-12 07:33:19 -04:00
Daniel P. Berrange
c0b9e9b544 Convert 'int i' to 'size_t i' in src/interface/ files
Convert the type of loop iterators named 'i', 'j', k',
'ii', 'jj', 'kk', to be 'size_t' instead of 'int' or
'unsigned int', also santizing 'ii', 'jj', 'kk' to use
the normal 'i', 'j', 'k' naming

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-07-10 17:55:16 +01:00
Michal Privoznik
d89f8056a8 Adapt to VIR_ALLOC and virAsprintf in src/interface/* 2013-07-10 11:07:31 +02:00
Daniel P. Berrange
71f2434fe7 Add access control filtering of interface objects
Ensure that all APIs which list interface objects filter
them against the access control system.

This makes the APIs for listing names and counting devices
slightly less efficient, since we can't use the direct
netcf APIs for these tasks. Instead we have to ask netcf
for the full list of objects & iterate over the list
filtering them out.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-07-03 15:54:54 +01:00
Daniel P. Berrange
244e0b8cf1 Crash of libvirtd by unprivileged user in virConnectListAllInterfaces
On Thu, Jun 27, 2013 at 03:56:42PM +0100, Daniel P. Berrange wrote:
> Hi Security Team,
>
> I've discovered a way for an unprivileged user with a readonly connection
> to libvirtd, to crash the daemon.

Ok, the final patch for this is issue will be the simpler variant that
Eric suggested

The embargo can be considered to be lifted on Monday July 1st, at
0900 UTC

The following is the GIT change that DV or myself will apply to libvirt
GIT master immediately before the 1.1.0 release:

>From 177b4165c531a4b3ba7f6ab6aa41dca9ceb0b8cf Mon Sep 17 00:00:00 2001
From: "Daniel P. Berrange" <berrange@redhat.com>
Date: Fri, 28 Jun 2013 10:48:37 +0100
Subject: [PATCH] CVE-2013-2218: Fix crash listing network interfaces with
 filters

The virConnectListAllInterfaces method has a double-free of the
'struct netcf_if' object when any of the filtering flags cause
an interface to be skipped over. For example when running the
command 'virsh iface-list --inactive'

This is a regression introduced in release 1.0.6 by

  commit 7ac2c4fe62
  Author: Guannan Ren <gren@redhat.com>
  Date:   Tue May 21 21:29:38 2013 +0800

    interface: list all interfaces with flags == 0

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-07-01 15:05:24 +08:00
Daniel P. Berrange
a7147bc68e Add ACL checks into the interface driver
Insert calls to the ACL checking APIs in all interface
driver entrypoints.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-06-24 15:25:44 +01:00
Guannan Ren
7ac2c4fe62 interface: list all interfaces with flags == 0
virConnectListAllInterfaces should support to list all of
interfaces when the value of flags is 0. The behaviour is
consistent with other virConnectListAll* APIs
2013-05-22 09:50:34 +08:00
Daniel P. Berrange
90430791ae Make driver method names consistent with public APIs
Ensure that all drivers implementing public APIs use a
naming convention for their implementation that matches
the public API name.

eg for the public API   virDomainCreate make sure QEMU
uses qemuDomainCreate and not qemuDomainStart

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-04-24 11:00:18 +01:00
Daniel P. Berrange
d407a11eab Dedicated name for sub-driver open/close methods
It will simplify later work if the sub-drivers have dedicated
APIs / field names. ie virNetworkDriver should have
virDrvNetworkOpen and virDrvNetworkClose methods

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-04-24 10:59:54 +01:00
Daniel P. Berrange
abe038cfc0 Extend previous check to validate driver struct field names
Ensure that the driver struct field names match the public
API names. For an API virXXXX we must have a driver struct
field xXXXX. ie strip the leading 'vir' and lowercase any
leading uppercase letters.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-04-24 10:59:53 +01:00
John Ferlan
c6248f0484 interface: Resolve resource leak wth 'tmp_iface_objs' 2013-01-15 14:50:27 +01:00
Daniel P. Berrange
f24404a324 Rename virterror.c virterror_internal.h to virerror.{c,h} 2012-12-21 11:19:50 +00:00
Daniel P. Berrange
ab9b7ec2f6 Rename memory.{c,h} to viralloc.{c,h} 2012-12-21 11:17:14 +00:00
Daniel P. Berrange
936d95d347 Rename logging.{c,h} to virlog.{c,h} 2012-12-21 11:17:14 +00:00
Daniel P. Berrange
1c04f99970 Remove spurious whitespace between function name & open brackets
The libvirt coding standard is to use 'function(...args...)'
instead of 'function (...args...)'. A non-trivial number of
places did not follow this rule and are fixed in this patch.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-11-02 13:36:49 +00:00
Doug Goldstein
43dbcb1541 interface: always build all available backends
Always build all available backends to avoid bit-rot. At run time we
select the correct backend and load it by attempting netcf first and
then udev.
2012-10-09 09:44:51 -06:00
Doug Goldstein
b871830ac8 interface: fix netcf based backend naming
All other backends for virInterface or other HVs implementations of
virInterface list their own names for the name instead of the generic
'Interface' value. This does the same for the netcf based backend.
Also, report any errors during registration.
2012-10-09 09:43:38 -06:00
Eric Blake
4ecb723b9e maint: fix up copyright notice inconsistencies
https://www.gnu.org/licenses/gpl-howto.html recommends that
the 'If not, see <url>.' phrase be a separate sentence.

* tests/securityselinuxhelper.c: Remove doubled line.
* tests/securityselinuxtest.c: Likewise.
* globally: s/;  If/.  If/
2012-09-20 16:30:55 -06:00
Doug Goldstein
b95ad92e05 build: define WITH_INTERFACE for the driver
Based exclusively on work by Eric Blake in a patch posted with the same
subject. However some modifications related to comments and my plans to
add another backend.

Added WITH_INTERFACE as the only automake variable deciding whether to
build the driver and using WITH_NETCF to identify that we're wanting to
use the netcf library as the backend.

* configure.ac: Added with_interface
* src/interface/netcf_driver.c: Renamed..
* src/interface/interface_backend_netcf.c: ..to this to match storage.
* src/interface/netcf_driver.h: Renamed..
* src/interface/interface_driver.h: ..to this.
* daemon/Makefile.am: Respect WITH_INTERFACE and WITH_NETCF.
* libvirt.spec.in: Add RPM support for --with-interface
2012-09-19 08:27:01 -06:00