The generated output is dependent on perl hashtable ordering, which
gives different results for i686 and x86_64. Fix this by sorting
the hash keys before iterating over them
https://bugzilla.redhat.com/show_bug.cgi?id=1173641
(cherry picked from commit a1edb05c6028470aa24b74aa0f8d5fb5a181128a)
If dnsmasq specified DNSMASQ_IAID (so we're dealing with an IPv6
lease) but no DNSMASQ_MAC, we skip creation of the new lease object.
Also skip adding it to the leases array.
https://bugzilla.redhat.com/show_bug.cgi?id=1202350
(cherry picked from commit df9fe124d650bc438c531673492569da87523d20)
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Allow <name> and <uuid> anywhere under <domain>, not just at the top:
error:XML document failed to validate against schema: Unable to validate
doc against /usr/share/libvirt/schemas/domain.rng
Expecting an element name, got nothing
Invalid sequence in interleave
Element domain failed to validate content
Introduced with the first RelaxNG schema in commit c642103.
https://bugzilla.redhat.com/show_bug.cgi?id=1292131
(cherry picked from commit b4e0549febe416ffefc16f389423740d6d65fa74)
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Several callers were using vshCommandOptString without setting an error.
Use vshCommandOptStringReq which sets the error.
https://bugzilla.redhat.com/show_bug.cgi?id=1281707
(cherry picked from commit 45138725cf2a14575aa5204fe55efd6668b9b03a)
Instead of comparing garbage strings against real MAC addresses,
introduce an error mesage for unparsable ones:
$ virsh net-dhcp-leases default --mac t12
error: Failed to get leases info for default
error: invalid MAC address: t12
https://bugzilla.redhat.com/show_bug.cgi?id=1261432
(cherry picked from commit 1e6d87bdfc801d2c006a17054bd19273430dce14)
Link it to virDomainDetachDeviceFlags.
https://bugzilla.redhat.com/show_bug.cgi?id=1257280
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
(cherry picked from commit 63fd27cfa35f39b32692b9c66e59c4d157ce8806)
This adds the qemu binaries as of 1.2.4 in Debian. It also removes a
duplicate sparc64 entry.
(cherry picked from commit d8ca0cbd4b01eed79d1845ca7d734b9196d28f9d)
https://bugzilla.redhat.com/show_bug.cgi?id=1270715
Commit id '9deb96f' removed the code to fetch the nodeset from the
CpusetMems cgroup for a running vm in favor of using the return from
virDomainNumatuneFormatNodeset introduced by commit id '43b67f2e7'.
However, that API will return the value of the passed 'auto_nodeset'
when placement is VIR_DOMAIN_NUMATUNE_PLACEMENT_AUTO, which happens
to be NULL.
Since commit id 'c74d58ad' started using priv->autoNodeset in order
to manage the auto placement value during qemuProcessStart, it should
be passed along in order to return the correct value if the domain
requests the auto placement.
Signed-off-by: Luyao Huang <lhuang@redhat.com>
(cherry picked from commit 4eac55238f856d29d07a60448adb2e0b2f8e28b5)
Tunnelled migration can hang if the destination qemu exits despite all the
ABI checks. This happens whenever the destination qemu exits before the
complete transfer is noticed by source qemu. The savevm state checks at
runtime can fail at destination and cause qemu to error out.
The source qemu cant notice it as the EPIPE is not propogated to it.
The qemuMigrationIOFunc() notices the stream being broken from virStreamSend()
and it cleans up the stream alone. The qemuMigrationWaitForCompletion() would
never get to 100% transfer completion.
The qemuMigrationWaitForCompletion() never breaks out as well since
the ssh connection to destination is healthy, and the source qemu also thinks
the migration is ongoing as the Fd to which it transfers, is never
closed or broken. So, the migration will hang forever. Even Ctrl-C on the
virsh migrate wouldn't be honoured. Close the source side FD when there is
an error in the stream. That way, the source qemu updates itself and
qemuMigrationWaitForCompletion() notices the failure.
Close the FD for all kinds of errors to be sure. The error message is not
copied for EPIPE so that the destination error is copied instead later.
Note:
Reproducible with repeated migrations between Power hosts running in different
subcores-per-core modes.
Signed-off-by: Shivaprasad G Bhat <sbhat@linux.vnet.ibm.com>
(cherry picked from commit b39a1fe1656ee4be0d244466b474cad7ada100c8)
https://bugzilla.redhat.com/show_bug.cgi?id=1256999
After creating a copy of the 'authdef' in a pool -> disk translation,
unconditionally clear the 'authType' in the resulting disk auth def
structure since that's used for a storage pool and not a disk. This
ensures virStorageAuthDefFormat will properly format the <auth> XML
for a <disk> (e.g. it won't have a <auth type='%s'.../>).
(cherry picked from commit 5275c0f4a1267c630b5c3b77fac8cbe4fcaa3adb)
Currently we just check that various devices are accessible.
This leads to inaccurate errors reported for /dev/kvm and
/dev/vhost-net if they exist but an unprivileged user lacks
access. Switch existing checks to look for file existance,
and add a separate check for accessibility of /dev/kvm
since some distros don't grant users access by default.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
(cherry picked from commit fd6d506c50d9c885fd500627bddefe2f93ded0c2)
I'm hitting this little annoyance in fedora's package repo:
$ fedpkg prep
Downloading libvirt-1.2.20.tar.gz
...
+ /usr/bin/gzip -dc /home/crobinso/src/fedora/libvirt/libvirt-1.2.20.tar.gz
$ git clean -xdf
Removing libvirt-1.2.20.tar.gz
Skipping repository libvirt-1.2.20/
We git-ify the libvirt directory as part of applying patches in the spec
file, but 'git clean' will ignore subfolders that appear to be standalone
git repos.
Let's just delete the .git directory after we're done with it.
(cherry picked from commit 62ff210e5d6542bda3f25ed5e96c5088a840ce1b)
profile_status function was not making any difference between error
cases and unconfined profiles. The problem with this approach is that
dominfo was throwing an error on unconfined domains.
(cherry picked from commit a1bdf04b27f8f28b6e96ecd10de2a8e78d80271f)
https://bugzilla.redhat.com/show_bug.cgi?id=1247987
Calculation of the extended and logical partition values for the disk
pool is complex. As the bz points out an extended partition should have
it's allocation initialized to 0 (zero) and keep the capacity as the size
dictated by the extents read. Then for each logical partition found,
adjust the allocation of the extended partition.
Finally, previous logic tried to avoid recalculating things if a logical
partition was deleted; however, since we now have special logic to handle
the allocation of the extended partition, just make life easier by reading
the partition table again - rather than doing the reverse adjustment.
(cherry picked from commit 1895b42114c932495c2242d6847e47c054955998)
qemu-kvm can be used to run ppc64 guests on ppc64le hosts and vice
versa, since the hardware is actually the same and the endianness
is chosen by the guest kernel.
Up until now, however, libvirt didn't allow the use of qemu-kvm
to run guests if their endianness didn't match the host's.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1267882
(cherry picked from commit 938368f8382ca94c5156c44ad85a06cf9e4f8f8f)
Commit 792f81a40e caused a regression in the libssh2 host key
verification code by changing the variable type of 'i' to unsigned.
Since one of the loops used -1 as a special value if the asking
callback was found the conversion made a subsequent test always fail.
The bug was stealth enough to pass review, compilers and coverity.
Refactor the condition to avoid problems.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1047861
(cherry picked from commit 9869f24d08af1f0d5f45175117953704064556c2)
Since commit e0139e3, we update the pool allocation with
the user-provided allocation values.
For qcow2, the allocation is ignored for volume building,
but we still subtracted it from pool's allocation.
This can result in interesting values if the user-provided
allocation is large enough:
Capacity: 104.71 GiB
Allocation: 109.13 GiB
Available: 16.00 EiB
We already do a VolRefresh on volume creation. Also refresh
the volume after creating and use the new value to update the pool.
https://bugzilla.redhat.com/show_bug.cgi?id=1163091
(cherry picked from commit 56a4e9cb613aff9cd6f828c0a9283fba55ac5951)
https://bugzilla.redhat.com/show_bug.cgi?id=871452
So, you want to create a domain from XML. The domain already
exists in libvirt's database of domains. It's okay, because name
and UUID matches. However, on domain startup, internal
representation of the domain is overwritten with your XML even
though we claim that the XML you've provided is a transient one.
The bug is to be found across nearly all the drivers.
Le sigh.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
(cherry picked from commit c99b8cec82a53f091ca3de7532d305a93765b467)
https://bugzilla.redhat.com/show_bug.cgi?id=871452
Okay, so we allow users to 'virsh create' an already existing
domain, providing completely different XML than the one stored in
Libvirt. Well, as long as name and UUID matches. However, in some
drivers the code that handles errors unconditionally removes the
domain that failed to start even though the domain might have
been persistent. Fortunately, the domain is removed just from the
internal list of domains and the config file is kept around.
Steps to reproduce:
1) virsh dumpxml $dom > /tmp/dom.xml
2) change XML so that it is still parse-able but won't boot, e.g.
change guest agent path to /foo/bar
3) virsh create /tmp/dom.xml
4) virsh dumpxml $dom
5) Observe "No such domain" error
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
(cherry picked from commit 37405b910907bd1ad338fb0d6a967bfd23529cf6)
Qemu unfortunately doesn't update internal state right after migration
and so the actual balloon size as returned by 'query-balloon' are
invalid for a while after the CPUs are started after migration. If we'd
refresh our internal state at this point we would report invalid current
memory size until the next balloon event would arrive.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1242940
(cherry picked from commit d7a0386e229176ec67531aac1412b8a98914da8e)
As of commit 6992994, we set graphics/@listen attribute according to the
first listen child element even if that element is of type='network'.
This was done for backward compatibility with applications which only
support the original listen attribute. However, by doing so we broke
migration to older libvirt which tried to check that the listen
attribute matches one of the listen child elements but which did not
take type='network' elements into account.
We are not concerned about compatibility with old applications when
formatting domain XML for migration for two reasons. The XML is consumed
only by libvirtd and the IP address associated with type='network'
listen address on the source host is just useless on the destination
host. Thus, we can safely avoid propagating the type='network' IP
address to graphics/@listen attribute when creating migratable XML.
https://bugzilla.redhat.com/show_bug.cgi?id=1265111
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
(cherry picked from commit c0806dc30bda562810b0d686e33c903862e3c8f1)
This patch addresses BZ 1244895.
Adapt the sysfs TPM command cancel path for the TPM driver that
does not use a miscdevice anymore since Linux 4.0. Support old
and new paths and check their availability.
Add a mockup for the test cases to avoid the testing for
availability of the cancel path.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
(cherry picked from commit 5ed7afa9de4e8d2b7e83fee334a0c3f2bddc6a48)
Since we can't know at service start how many VMs will be running we
can't calculate an apropriate shutdown timeout. So instead of killing
off the service just let it use it's own internal timeout mechanism.
References:
http://bugs.debian.org/803714https://bugzilla.redhat.com/show_bug.cgi?id=1195544
(cherry picked from commit ba08d16d6cec81656b333435650aef36a012034c)
Machine name escaping follows the same rules as serice name escape,
except that '.' and '-' must not be escaped in machine names, due
to a bug in systemd-machined.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1282846
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
(cherry picked from commit 0e0149ce91d84f40b98acf4c4bb0da6e29b9c15c)
According to the documentation, CreateMachine accepts only 7bit ASCII
characters in the machinename parameter, so let's make sure we can start
machines with unicode names with systemd. We already have a function
for that, we just forgot to use it.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1062943
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1282846
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
(cherry picked from commit e24eda48cfae84a9003456b68eaf753a26123639)
The libvirt file system storage driver determines what file to
act on by concatenating the pool location with the volume name.
If a user is able to pick names like "../../../etc/passwd", then
they can escape the bounds of the pool. For that matter,
virStoragePoolListVolumes() doesn't descend into subdirectories,
so a user really shouldn't use a name with a slash.
Normally, only privileged users can coerce libvirt into creating
or opening existing files using the virStorageVol APIs; and such
users already have full privilege to create any domain XML (so it
is not an escalation of privilege). But in the case of
fine-grained ACLs, it is feasible that a user can be granted
storage_vol:create but not domain:write, and it violates
assumptions if such a user can abuse libvirt to access files
outside of the storage pool.
Therefore, prevent all use of volume names that contain "/",
whether or not such a name is actually attempting to escape the
pool.
This changes things from:
$ virsh vol-create-as default ../../../../../../etc/haha --capacity 128
Vol ../../../../../../etc/haha created
$ rm /etc/haha
to:
$ virsh vol-create-as default ../../../../../../etc/haha --capacity 128
error: Failed to create vol ../../../../../../etc/haha
error: Requested operation is not valid: volume name '../../../../../../etc/haha' cannot contain '/'
Signed-off-by: Eric Blake <eblake@redhat.com>
(cherry picked from commit 034e47c338b13a95cf02106a3af912c1c5f818d7)
Event implementations need to be registered before a connection to the
Hypervisor is opened, otherwise event handling can be impaired (e.g.
delayed messages). This fact is referenced in an e-mail [1], but should
also be noted in the documentation of the registration functions.
[1] https://www.redhat.com/archives/libvirt-users/2014-April/msg00011.html
(cherry picked from commit 9bf1cef7371b119cf1ad1e83daaa9cd0da893352)
$ rpmbuild -ba libvirt.spec
warning: Macro expanded in comment on line 5: # If neither fedora nor rhel was defined, try to guess them from %{dist}
warning: Macro %enable_autotools defined but not used within scope
warning: Macro %client_only defined but not used within scope
...
(cherry picked from commit dae1250b24404f7f21e7bd8aeeb304565d175de4)
Commit 307fb904 (Sep 10) added a 'privileged' variable when creating
the DAC driver:
@@ -153,6 +157,7 @@ virSecurityManagerNewDAC(const char *virtDriver,
bool defaultConfined,
bool requireConfined,
bool dynamicOwnership,
+ bool privileged,
virSecurityManagerDACChownCallback chownCallback)
But argument order is mixed up at the caller, swapping dynamicOwnership
and privileged values. This corrects the argument order
https://bugzilla.redhat.com/show_bug.cgi?id=1266628
(cherry picked from commit 68572de8228e3971174a83c227fcb018d6f684c7)
Invalid read of size 4
at 0x945CA30: __pthread_mutex_unlock_full (in /lib64/libpthread-2.20.so)
by 0x4F0404B: virMutexUnlock (virthread.c:94)
by 0x4F7161B: virStoragePoolObjUnlock (storage_conf.c:2603)
by 0x4FE0476: testStoragePoolUndefine (test_driver.c:4328)
by 0x4FCF086: virStoragePoolUndefine (libvirt-storage.c:656)
by 0x15A7F5: cmdPoolUndefine (virsh-pool.c:1721)
by 0x12F48D: vshCommandRun (vsh.c:1212)
by 0x132AA7: main (virsh.c:943)
Address 0xfda56a0 is 16 bytes inside a block of size 104 free'd
at 0x4C2BA6C: free (vg_replace_malloc.c:473)
by 0x4EA5C96: virFree (viralloc.c:582)
by 0x4F70B69: virStoragePoolObjFree (storage_conf.c:412)
by 0x4F7167B: virStoragePoolObjRemove (storage_conf.c:437)
by 0x4FE0468: testStoragePoolUndefine (test_driver.c:4323)
by 0x4FCF086: virStoragePoolUndefine (libvirt-storage.c:656)
by 0x15A7F5: cmdPoolUndefine (virsh-pool.c:1721)
by 0x12F48D: vshCommandRun (vsh.c:1212)
by 0x132AA7: main (virsh.c:943)
(cherry picked from commit 03cf57a37df750da46289b0f8aeac6463d521785)
After attach-device a <hostdev> with --config, new device doesn't
show up in dumpxml and in guest.
To fix that, set dev->data.hostdev = NULL after work so that the
pointer is not freed, since vmdef has the pointer and still need it.
Signed-off-by: Chunyan Liu <cyliu@suse.com>
(cherry picked from commit 56945e1374bd254148643d76a98fba9be67fba15)
https://bugzilla.redhat.com/show_bug.cgi?id=1124841
If running in session mode it may happen that we fail to set
correct SELinux label, but the image may still be readable to
the qemu process. Take this into account.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
(cherry picked from commit 00e5b967168bab252ea2bef977ad40b4155f08df)
Remove unused variable, tag unused parameter and adjust return type.
introduced by 3f48345f7ec0c44b8ce2371cab454d2118f830b4
CC security/libvirt_security_manager_la-security_selinux.lo
security/security_selinux.c: In function 'virSecuritySELinuxDomainSetDirLabel':
security/security_selinux.c:2520:5: error: return makes pointer from integer without a cast [-Werror]
security/security_selinux.c:2514:9: error: unused variable 'ret' [-Werror=unused-variable]
security/security_selinux.c:2509:59: error: unused parameter 'mgr' [-Werror=unused-parameter]
(cherry picked from commit 4d4c90dfd5475c100c6fd3fb705011e0d90d793e)
That function can be used for setting security labels on arbitrary
directories.
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
(cherry picked from commit f65a2a12f4b9ab6144a979774f0486cdc4f7a60a)
In virSecuritySELinuxSetSecurityChardevLabel() we are labelling unix
socket path, but accessing another structure of the union. This does
not pose a problem currently as both paths are at the same offset, but
this should be fixed for the future.
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
(cherry picked from commit 4ac6ce38d3bc60f45491509ede4fc8437348048c)
We have plenty of callbacks in the driver. Some of these
callbacks require more than one argument to be passed. For that
we currently have a data type (struct) per each callback. Well,
so far for only one - SELinuxSCSICallbackData. But lets turn it
into more general name so it can be reused in other callbacks too
instead of each one introducing a new, duplicate data type.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
(cherry picked from commit 276c409163fb94b0c325900d6e2581eaa3e3ada6)
The check is done in virSecuritySELinuxSetFilecon itself. There's
no need to check it again.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
(cherry picked from commit 370461d1dbcdcf63fbe6c34d188c28cf11488845)
We may want to do some decisions in drivers based on fact if we
are running as privileged user or not. Propagate this info there.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
(cherry picked from commit 307fb9044c1c9a5394b66e6909c6fd943d7f84c8)
Commit 8125113c added code that should remove the disk backend if the
fronted hotplug failed for any reason. The code had a bug though as it
used the disk string for unplug rather than the backend alias. Fix the
code by pre-creating an alias string and using it instead of the disk
string. In cases where qemu does not support QEMU_CAPS_DEVICE, we ignore
the unplug of the backend since we can't really create an alias in that
case.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1262399
(cherry picked from commit 64c6695f1ad72f0a99faace5deb1caf7effa2275)
The xenXMConfigCacheRefresh method scans /etc/xen and loads
all config files it finds. It then scans its internal hash
table and purges any (previously) loaded config files whose
refresh timestamp does not match the timestamp recorded at
the start of xenXMConfigCacheRefresh(). There is unfortunately
a subtle flaw in this, because if loading the config files
takes longer than 1 second, some of the config files will
have a refresh timestamp that is 1 or more seconds different
(newer) than is checked for. So we immediately purge a bunch
of valid config files we just loaded.
To avoid this flaw, we must pass the timestamp we record at
the start of xenXMConfigCacheRefresh() into the
xenXMConfigCacheAddFile() method, instead of letting the
latter call time(NULL) again.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
(cherry picked from commit 427067f7ed880abb053ffe8f5b904b0be4af8195)
commit 4b53d0d4ac9c "libxl: don't remove persistent domain on start
failure" cleans up the vm object and sets it to NULL if the vm is not
persistent, however at end job vm (now NULL) is dereferenced via the call to
libxlDomainObjEndJob. Avoid this by skipping "endjob" and going
straight to "cleanup" in this case.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
(cherry picked from commit ee7758f09bad855f5d0fdf9804d8979cdbbff40e)
https://bugzilla.redhat.com/show_bug.cgi?id=1260846
Introduced by 8fedbbdb, if we parse an unordered NUMA cell, will
get a segfault. This is because of a check for overlapping @cpus
sets we have there. However, since the array to hold guest NUMA
cells is allocated upfront and therefore it contains all zeros,
an out of order cell will break our assumption that cell IDs have
increasing character. At this point we try to access yet NULL
bitmap and therefore segfault.
Signed-off-by: Luyao Huang <lhuang@redhat.com>
(cherry picked from commit 83ae3ee39bd13feddecc49aaad382d5cae72c257)
Commit id '2e7cea243' added a check for an error from Finish instead
of 'unexpected error'; however, if for some reason there wasn't an
error, then virGetLastError could return NULL resulting in the
NULL pointer deref to err->domain.
(cherry picked from commit ea3c5f25eb94f08d2a54385362c7ad60c6b1854e)
Remove redundant error reporting in libxlDomainMigrationPerform().
virNetSocketNewConnectTCP() is perfectly capable of reporting
sensible errors.
(cherry picked from commit 6ce939c2472e8cd97dfe448e902bc878c826351e)
