Commit Graph

14289 Commits

Author SHA1 Message Date
Osier Yang
b8a0103d45 storage: Fix coverity warning
Introduced by commit e0139e3044:

1777 	    /* Updating pool metadata */

(40) Event var_deref_op: Dereferencing null pointer "newvol".
     Also see events: [assign_zero]

1778 	    pool->def->allocation += newvol->allocation;
1779 	    pool->def->available -= newvol->allocation;
2013-08-21 17:28:11 +08:00
John Ferlan
c753749c27 docs: Update iSCSI storage pool example
Update the iSCSI storage pool example to include the secret
2013-08-20 13:27:44 -04:00
John Ferlan
4ba0529078 docs: Update formatsecrets to include more examples of each type
Update formatsecret docs to describe the various options and provide examples
in order to set up secrets for each type of secret.
2013-08-20 13:27:44 -04:00
John Ferlan
cb3b7dce7c docs: Update the formatdomain disk examples
Add more iSCSI examples including having a secret attached. There are 4 new
examples; one for each way to have an iSCSI - a network disk using virtio,
a passthrough network lun using scsi, a volume disk using "mode='host'",
and a volume disk using "mode='direct'"
2013-08-20 13:27:44 -04:00
John Ferlan
1fa7946fba Report secret usage error message similarly
Each of the modules handled reporting error messages from the secret fetching
slightly differently with respect to the error. Provide a similar message
for each error case and provide as much data as possible.
2013-08-20 13:27:44 -04:00
Osier Yang
109d026a16 qemu_conf: Fix broken logic for adding passthrough iscsi lun
Following XML would fail :

    <disk type='network' device='lun'>
      <driver name='qemu' type='raw'/>
      <source protocol='iscsi' name='iqn.2013-07.com.example:iscsi/1'>
        <host name='example.com' port='3260'/>
      </source>
      <target dev='sda' bus='scsi'/>
    </disk>

With the message:

error: Failed to start domain iscsilun
error: Unable to get device ID 'iqn.2013-07.com.example:iscsi/1': No such fi

Cause was commit id '1f49b05a' which added 'virDomainDiskSourceIsBlockType'
2013-08-20 13:27:44 -04:00
John Ferlan
db1382f322 virsh: Print cephx and iscsi usage
When using virsh secret-list - if the secret types are cephx or iscsi,
then allow fetch/print of the usage information. Prior to the change
the following would print:

UUID                                 Usage
-----------------------------------------------------------
1b40a534-8301-45d5-b1aa-11894ebb1735 Unused
a5ba3efe-6adf-4a6a-b243-f010a043e314 Unused

Afterwards:

UUID                                 Usage
-----------------------------------------------------------
1b40a534-8301-45d5-b1aa-11894ebb1735 ceph ceph_example
a5ba3efe-6adf-4a6a-b243-f010a043e314 iscsi libvirtiscsi
2013-08-20 13:27:44 -04:00
John Ferlan
6aea4ebcd0 libxl: Resolve possible NULL dereference
If we reached cleanup: prior to allocating cpus, it was possible that
'nr_nodes' had a value, but cpus was NULL leading to a possible NULL
deref. Add a 'cpus' as an end condition to for loop
2013-08-20 13:20:56 -04:00
Eric Blake
95577af442 selinux: enhance test to cover nfs label failure
Daniel Berrange (correctly) pointed out that we should do a better
job of testing selinux labeling fallbacks on NFS disks that lack
labeling support.

* tests/securityselinuxhelper.c (includes): Makefile already
guaranteed xattr support.  Add additional headers.
(init_syms): New function, borrowing from vircgroupmock.c.
(setfilecon_raw, getfilecon_raw): Fake NFS failure.
(statfs): Fake an NFS mount point.
(security_getenforce, security_get_boolean_active): Don't let host
environment affect test.
* tests/securityselinuxlabeldata/nfs.data: New file.
* tests/securityselinuxlabeldata/nfs.xml: New file.
* tests/securityselinuxlabeltest.c (testSELinuxCreateDisks)
(testSELinuxDeleteDisks): Setup and cleanup for fake NFS mount.
(testSELinuxCheckLabels): Test handling of SELinux NFS denial.
Fix memory leak.
(testSELinuxLabeling): Avoid infinite loop on dirty tree.
(mymain): Add new test.
2013-08-20 10:46:58 -06:00
Eric Blake
0f082e699e selinux: distinguish failure to label from request to avoid label
https://bugzilla.redhat.com/show_bug.cgi?id=924153

Commit 904e05a2 (v0.9.9) added a per-<disk> seclabel element with
an attribute relabel='no' in order to try and minimize the
impact of shutdown delays when an NFS server disappears.  The idea
was that if a disk is on NFS and can't be labeled in the first
place, there is no need to attempt the (no-op) relabel on domain
shutdown.  Unfortunately, the way this was implemented was by
modifying the domain XML so that the optimization would survive
libvirtd restart, but in a way that is indistinguishable from an
explicit user setting.  Furthermore, once the setting is turned
on, libvirt avoids attempts at labeling, even for operations like
snapshot or blockcopy where the chain is being extended or pivoted
onto non-NFS, where SELinux labeling is once again possible.  As
a result, it was impossible to do a blockcopy to pivot from an
NFS image file onto a local file.

The solution is to separate the semantics of a chain that must
not be labeled (which the user can set even on persistent domains)
vs. the optimization of not attempting a relabel on cleanup (a
live-only annotation), and using only the user's explicit notation
rather than the optimization as the decision on whether to skip
a label attempt in the first place.  When upgrading an older
libvirtd to a newer, an NFS volume will still attempt the relabel;
but as the avoidance of a relabel was only an optimization, this
shouldn't cause any problems.

In the ideal future, libvirt will eventually have XML describing
EVERY file in the backing chain, with each file having a separate
<seclabel> element.  At that point, libvirt will be able to track
more closely which files need a relabel attempt at shutdown.  But
until we reach that point, the single <seclabel> for the entire
<disk> chain is treated as a hint - when a chain has only one
file, then we know it is accurate; but if the chain has more than
one file, we have to attempt relabel in spite of the attribute,
in case part of the chain is local and SELinux mattered for that
portion of the chain.

* src/conf/domain_conf.h (_virSecurityDeviceLabelDef): Add new
member.
* src/conf/domain_conf.c (virSecurityDeviceLabelDefParseXML):
Parse it, for live images only.
(virSecurityDeviceLabelDefFormat): Output it.
(virDomainDiskDefParseXML, virDomainChrSourceDefParseXML)
(virDomainDiskSourceDefFormat, virDomainChrDefFormat)
(virDomainDiskDefFormat): Pass flags on through.
* src/security/security_selinux.c
(virSecuritySELinuxRestoreSecurityImageLabelInt): Honor labelskip
when possible.
(virSecuritySELinuxSetSecurityFileLabel): Set labelskip, not
norelabel, if labeling fails.
(virSecuritySELinuxSetFileconHelper): Fix indentation.
* docs/formatdomain.html.in (seclabel): Document new xml.
* docs/schemas/domaincommon.rng (devSeclabel): Allow it in RNG.
* tests/qemuxml2argvdata/qemuxml2argv-seclabel-*-labelskip.xml:
* tests/qemuxml2argvdata/qemuxml2argv-seclabel-*-labelskip.args:
* tests/qemuxml2xmloutdata/qemuxml2xmlout-seclabel-*-labelskip.xml:
New test files.
* tests/qemuxml2argvtest.c (mymain): Run the new tests.
* tests/qemuxml2xmltest.c (mymain): Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-08-20 10:39:03 -06:00
Peter Krempa
04898f60d2 virsh: Don't leak list of volumes when undefining domain with storage
Use the new semantics of vshStringToArray to avoid leaking the array of
volumes to be deleted. The array would be leaked in case the first
volume was found in the domain definition. Also refactor the code a bit
to sanitize naming of variables hoding arrays and dimensions of the
arrays.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=996050
2013-08-20 17:55:08 +02:00
Peter Krempa
5b5da08226 virsh-pool: Improve error message in cmdPoolList
Explicitly let the user know about the unknown pool type.
2013-08-20 17:55:08 +02:00
Peter Krempa
d64af6ce3c virsh: modify vshStringToArray to duplicate the elements too
At a slightly larger memory expense allow stealing of items from the
string array returned from vshStringToArray and turn the result into a
string list compatible with virStringSplit. This will allow to use the
common dealloc function.

This patch also fixes a few forgotten checks of return from
vshStringToArray and one memory leak.
2013-08-20 17:53:49 +02:00
Michal Privoznik
a7f94a40bb qemuBuildCommandLine: Fall back to mem balloon if there's no hard_limit
If there's no hard_limit set and domain uses VFIO we still must lock the
guest memory (prerequisite from qemu). Hence, we should compute the
amount to be locked from max_balloon.
2013-08-20 15:16:07 +02:00
Michal Privoznik
94a24dd3a9 qemuSetupMemoryCgroup: Handle hard_limit properly
Since 16bcb3 we have a regression. The hard_limit is set
unconditionally. By default the limit is zero. Hence, if user hasn't
configured any, we set the zero in cgroup subsystem making the kernel
kill the corresponding qemu process immediately. The proper fix is to
set hard_limit iff user has configured any.
2013-08-20 15:03:17 +02:00
Michal Privoznik
8563b091ff docs: Clean 09adfdc62d up 2013-08-20 10:33:33 +02:00
Eric Blake
53924ad5d5 virt-pki-validate: add --help/--version option
Another program gains --help/--version :)

* tools/virt-pki-validate.in: Add option parsing.  Update
documentation to match.
* tools/Makefile.am (virt-pki-validate): Substitute version.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-08-19 20:25:53 -06:00
Eric Blake
ab4304b7e0 virt-xml-validate: add missing schemas
We were failing to autoprobe which schema to use for several
top-level XML elements.

* tools/virt-xml-validate.in (TYPE): Recognize <domainsnapshot>,
<filter>, and <secret>.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-08-19 20:25:49 -06:00
Eric Blake
b2ea248ef7 virt-xml-validate: add --help/--version option
All good tools should have --help and --version output :)

Furthermore, we want to ensure a failed exit if xmllint fails,
or even for 'virt-xml-validate > /dev/full'.

* tools/virt-xml-validate.in: Add option parsing.  Output errors
to stderr.  Update documentation to match.
* tools/Makefile.am (virt-xml-validate): Substitute version.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-08-19 20:23:39 -06:00
Jim Fehlig
0192fd6711 libxl: implement NUMA capabilities reporting
From: Dario Faggioli <dario.faggioli@citrix.com>

Starting from Xen 4.2, libxl has all the bits and pieces in place
for retrieving an adequate amount of information about the host
NUMA topology. It is therefore possible, after a bit of shuffling,
to arrange those information in the way libvirt wants to present
them to the outside world.

Therefore, with this patch, the <topology> section of the host
capabilities is properly populated, when running on Xen, so that
we can figure out whether or not we're running on a NUMA host,
and what its characteristics are.

[raistlin@Zhaman ~]$ sudo virsh --connect xen:/// capabilities
<capabilities>
  <host>
    <cpu>
    ....
    <topology>
      <cells num='2'>
        <cell id='0'>
          <memory unit='KiB'>6291456</memory>
          <cpus num='8'>
            <cpu id='0' socket_id='1' core_id='0' siblings='0-1'/>
            <cpu id='1' socket_id='1' core_id='0' siblings='0-1'/>
            <cpu id='2' socket_id='1' core_id='1' siblings='2-3'/>
            <cpu id='3' socket_id='1' core_id='1' siblings='2-3'/>
            <cpu id='4' socket_id='1' core_id='9' siblings='4-5'/>
            <cpu id='5' socket_id='1' core_id='9' siblings='4-5'/>
            <cpu id='6' socket_id='1' core_id='10' siblings='6-7'/>
            <cpu id='7' socket_id='1' core_id='10' siblings='6-7'/>
          </cpus>
        </cell>
        <cell id='1'>
          <memory unit='KiB'>6881280</memory>
          <cpus num='8'>
            <cpu id='8' socket_id='0' core_id='0' siblings='8-9'/>
            <cpu id='9' socket_id='0' core_id='0' siblings='8-9'/>
            <cpu id='10' socket_id='0' core_id='1' siblings='10-11'/>
            <cpu id='11' socket_id='0' core_id='1' siblings='10-11'/>
            <cpu id='12' socket_id='0' core_id='9' siblings='12-13'/>
            <cpu id='13' socket_id='0' core_id='9' siblings='12-13'/>
            <cpu id='14' socket_id='0' core_id='10' siblings='14-15'/>
            <cpu id='15' socket_id='0' core_id='10' siblings='14-15'/>
          </cpus>
        </cell>
      </cells>
    </topology>
  </host>
  ....
2013-08-19 12:04:55 -06:00
Peter Krempa
e0e61b4cf7 nwfilter: Don't fail to start if DBus isn't available
When the daemon is compiled with firewalld support but the DBus message
bus isn't started in the system, the initialization of the nwfilter
driver fails even if there are fallback options.
2013-08-19 16:31:57 +02:00
Peter Krempa
ee3db56fe9 virsystemd: Don't fail to start VM if DBus isn't available or compiled in
On hosts that don't have the DBus service running or installed the new
systemd cgroups code failed with hard error instead of falling back to
"manual" cgroup creation.

Use the new helper to check for the system bus and use the fallback code
in case it isn't available.
2013-08-19 16:31:57 +02:00
Peter Krempa
2398dd3d3e virdbus: Add virDBusHasSystemBus()
Some systems may not use DBus in their system. Add a method to check if
the system bus is available that doesn't print error messages so that
code can later check for this condition and use an alternative approach.
2013-08-19 16:27:51 +02:00
Peter Krempa
39d963d1c0 virbitmaptest: Shut coverity up in case of broken test
Coverity reported a memleak in the test added in 7efd5fd1b0. In case
the code will be broken and the code will actually parse a faulty bitmap
the resulting pointer would be leaked. Free it although that shouldn't
ever happen.
2013-08-19 15:54:43 +02:00
David Weber
9f5b4b1f62 Make max_clients in virtlockd configurable
Each new VM requires a new connection from libvirtd to virtlockd.
The default max clients limit in virtlockd of 20 is thus woefully
insufficient. virtlockd sockets are only accessible to matching
users, so there is no security need for such a tight limit. Make
it configurable and default to 1024.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-19 12:40:26 +01:00
Michal Privoznik
09adfdc62d docs: Discourage users to set hard_limit
In one of my previous patches I am removing the hard_limit heuristic to
guess the correct value if none set. However, it turned out, this limit
is hard to guess even for users. We should advise them to not set the
limit as their domains may be OOM killed. Sigh.
2013-08-19 12:15:25 +02:00
Michal Privoznik
16bcb3b616 qemu: Drop qemuDomainMemoryLimit
This function is to guess the correct limit for maximal memory
usage by qemu for given domain. This can never be guessed
correctly, not to mention all the pains and sleepless nights this
code has caused. Once somebody discovers algorithm to solve the
Halting Problem, we can compute the limit algorithmically. But
till then, this code should never see the light of the release
again.
2013-08-19 11:16:58 +02:00
Osier Yang
e0139e3044 storage: Update pool metadata after adding/removing/resizing volume
One has to refresh the pool to get the correct pool info after
adding/removing/resizing a volume, this updates the pool metadata
(allocation, available) after those operation are done.
2013-08-19 14:32:59 +08:00
Cole Robinson
e7c7e32200 tools: Make sure to distribute conf_DATA, fix RPM build 2013-08-17 15:02:25 -04:00
Cole Robinson
302e49f7d2 snapshot_conf: Allow parsing an XML node
Similar to how other objects arrange their parse APIs. This will be
used by the test driver.
2013-08-16 19:12:38 -04:00
Cole Robinson
49ecff3eab test: Unify object XML parsing
Right now things are split a bit between parsing from a relative file
path or parsing from inline XML. Unify it. This will simplify upcoming
bits.
2013-08-16 19:05:30 -04:00
Cole Robinson
23d5e6f57a test: Simplify args passed to testDomainStartState
Passing virConnectPtr is redundant, just pass testConnPtr and simplify
certain callers.
2013-08-16 19:05:30 -04:00
Cole Robinson
b0e56db59a test: Split object parsing into their own functions
The function that parses custom driver XML was getting pretty unruly,
split the object parsing into their own functions. Rename some variables
to be consistent across each function. This should be functionally
identical.
2013-08-16 19:05:30 -04:00
Don Dugger
d4952d36d0 Add flag to BaselineCPU API to return detailed CPU features
Currently the virConnectBaselineCPU API does not expose the CPU features
that are part of the CPU's model.  This patch adds a new flag,
VIR_CONNECT_BASELINE_CPU_EXPAND_FEATURES, that causes the API to explicitly
list all features that are part of that model.

Signed-off-by: Don Dugger <donald.d.dugger@intel.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2013-08-16 15:31:18 -06:00
Eric Blake
10ec64105b maint: slightly reduce configure size
Rather than inlining gl_WARN_ADD loads of time, we can shave about
17k size off of the configure script by delaying it to a cleanup
shell loop.

* m4/virt-compile-warnings.m4 (LIBVIRT_COMPILE_WARNINGS): Track a
list of things to check, rather than inlining multiple checks.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-08-16 13:31:05 -06:00
Jim Fehlig
aeab0243e1 libxl: refactor capabilities code
Cleanup the libxl capabilities code to be a bit more extensible,
splitting out the creation of host and guest capabilities.  This
should make it easier to implement additional capabilities in the
future, such as NUMA topology reporting.
2013-08-16 10:07:30 -06:00
Daniel P. Berrange
7a7cb0934e Update polkit examples to use 'lookup' method
Feedback from the polkit developers indicates that the
"_detail_XXXX" attributes are a private implementation
detail. Our examples should be recommending use of the
"action.lookup('XXX')" method instead.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-16 16:57:09 +01:00
Peter Krempa
7efd5fd1b0 virbitmaptest: Add test for out of bounds condition
Previous patch fixed an issue where, when parsing a bitmap from the
string, the bounds of the bitmap weren't checked. That flaw resulted into
crashes. This test tests that case to avoid it in the future.
2013-08-16 14:39:16 +02:00
Peter Krempa
536d38128e virbitmaptest: Fix function header formatting 2013-08-16 14:39:16 +02:00
Peter Krempa
47b9127e88 virbitmap: Refactor virBitmapParse to avoid access beyond bounds of array
The virBitmapParse function was calling virBitmapIsSet() function that
requires the caller to check the bounds of the bitmap without checking
them. This resulted into crashes when parsing a bitmap string that was
exceeding the bounds used as argument.

This patch refactors the function to use virBitmapSetBit without
checking if the bit is set (this function does the checks internally)
and then counts the bits in the bitmap afterwards (instead of keeping
track while parsing the string).

This patch also changes the "parse_error" label to a more common
"error".

The refactor should also get rid of the need to call sa_assert on the
returned variable as the callpath should allow coverity to infer the
possible return values.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=997367

Thanks to Alex Jia for tracking down the issue. This issue is introduced
by commit 0fc8909.
2013-08-16 14:39:05 +02:00
Peter Krempa
f4ec861641 virsh-domain: Fix memleak in cmdCPUBaseline
https://bugzilla.redhat.com/show_bug.cgi?id=997765

==1349431== 8 bytes in 1 blocks are definitely lost in loss record 11 of 760
==1349431==    at 0x4C2A554: calloc (vg_replace_malloc.c:593)
==1349431==    by 0x4E9AA3E: virAllocN (in /usr/lib64/libvirt.so.0.1001.1)
==1349431==    by 0x4EF28C4: virXPathNodeSet (in /usr/lib64/libvirt.so.0.1001.1)
==1349431==    by 0x130B83: cmdCPUBaseline (in /usr/bin/virsh)
==1349431==    by 0x12C608: vshCommandRun (in /usr/bin/virsh)
==1349431==    by 0x12889A: main (in /usr/bin/virsh)
2013-08-16 10:37:39 +02:00
Eric Blake
692a4fc412 maint: update gnulib submodule
Gnulib recently patched gcc warning detection so that it does
not treat things like -Wno-unused-command-line-argument as
supported in gcc (treating it as supported merely resulted in
extra verbosity when an actual compile error occurred).  It
has also improved bootstrap to work with less hassle on OpenBSD.

* .gnulib: Update to latest, in part for bootstrap and warnings
improvements.
* bootstrap: Resync from gnulib.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-08-15 16:54:30 -06:00
Eric Blake
14b4b1e2cb maint: avoid bootstrap warning
I noticed that in a fresh checkout, autogen.sh generated the
following output, but continued on with execution:

autoreconf: running: automake --add-missing --copy --force-missing
gnulib/tests/Makefile.am:28: TESTS was already defined in condition TRUE, which includes condition WITH_EXPENSIVE_TESTS ...
gnulib/tests/gnulib.mk:28: ... `TESTS' previously defined here
gnulib/tests/Makefile.am:19:   `gnulib/tests/gnulib.mk' included from here

and after the run, line 28 of gnulib.mk lists GNULIB_TESTS, not TESTS.
After more investigation, I found that it is because gnulib bootstrap
provides two hooks, one before automake, and the other after; we used
the one that ran after, and were then rerunning automake ourselves;
and the warning was from the first run.  But a manual second run is
pointless if we use the right hook in the first place.

The wrong function name has been latent since commit 38c9440, and we
tried to work around it in commit 6cbab7c, but it took commit 70363ea
to finally change output enough for me to realize the root cause.

* bootstrap.conf (bootstrap_epilogue): Rename...
(bootstrap_post_import_hook): ...so that it gets run before automake.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-08-15 16:54:06 -06:00
Eric Blake
c53b9c3e9f maint: fix typo for 'switch'
* src/util/virnetdevvportprofile.c: Fix typo.
* src/conf/domain_conf.c: Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-08-15 16:54:06 -06:00
Jim Fehlig
f0c513a6a0 libxl: unref DomainObjPrivate on error path
There is a potential leak of a newly created libxlDomainObjPrivate
when subsequent allocation of the object's chrdev field fails.
Unref the object on such an error so that it is properly disposed.
2013-08-15 10:49:14 -06:00
Peter Krempa
5075248ac9 virsh-domain: Fix memleak in cmdUndefine with storage
When undefining a domain with storage when the volume isn't managed by
libvirt the name and path strings weren't freed properly.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=996050
2013-08-15 16:47:49 +02:00
Ján Tomko
9ceaaa08e9 Fix qemuProcessReadLog with non-zero offset
This restores the error message when QMP probing is not used.

https://bugzilla.redhat.com/show_bug.cgi?id=991334
2013-08-15 15:05:29 +02:00
Xuesong Zhang
3607ab58c9 docs: fix usb node device sub-element names 2013-08-15 11:40:50 +02:00
Jim Fehlig
54e43dc302 libxl: remove unnecessary curly braces
As per HACKING, remove some unneeded curly braces in the
libxl driver.
2013-08-14 16:12:25 -06:00
Giuseppe Scrivano
2576f17805 examples: support crash events in event-test.py
commit 14e7e0ae8d adds the support for
crash events.

Solves: https://bugzilla.redhat.com/show_bug.cgi?id=994317

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2013-08-14 15:59:21 -06:00