Commit Graph

19475 Commits

Author SHA1 Message Date
Michal Privoznik
77d92e2e77 nwfilter: Partly initialize driver even for non-privileged users
https://bugzilla.redhat.com/show_bug.cgi?id=1211436

This reverts commit b7829f959b.

The previous fix was not correct. Like everywhere else, a driver is a
global variable allocated in stateInitialize function (or something
similar for stateless drivers). Later, when a driver API is called,
it's possible that the global variable is accessed and dereferenced.
Now, some drivers require root privileges because they undertake some
actions reserved only for the system admin (e.g. manipulating host
firewall). And here's the trouble, the NWFilter state initializer
exited too early when finding out it's running unprivileged, leaving
the global NWFilter driver variable uninitialized. Any subsequent
API call that tried to lock the driver resulted in dereferencing the
driver and thus crash.

On the other hand, in order to not resurrect the bug the original
commit was fixing, Let's forbid the nwfilter define in session mode.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>

Conflicts:
	src/nwfilter/nwfilter_driver.c: Context. Code changed a bit
        since 2013.
2015-04-17 10:04:05 +02:00
Michal Privoznik
1fdac3d99a virNetSocketNewConnectUNIX: Don't unlink(NULL)
There is a possibility that we jump onto error label with @lockpath
still initialized to NULL. Here, the @lockpath should be unlink()-ed,
but passing there a NULL is not a good idea. Don't do that. In fact,
we should call unlink() only if we created the lock file successfully.

Reported-by: John Ferlan <jferlan@redhat.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-04-17 10:02:28 +02:00
Lubomir Rintel
3a495948b9 lxc: move wireless PHYs to a network namespace
The 802.11 interfaces can not be moved by themselves, their Phy has to move too.

If there are other interfaces, they have to move too -- hopefully it's not too
confusing. This is a less-invasive alternative to defining a new hostdev type
for PHYs.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-04-17 09:53:47 +02:00
Jim Fehlig
6dfec1efba libxl: drop virDomainObj lock when destroying a domain
A destroy operation can take considerable time on large memory
domains due to scrubbing the domain's memory.  Unlock the
virDomainObj while libxl_domain_destroy is executing.

Implement libxlDomainDestroyInternal wrapper to handle unlocking,
calling destroy, and locking.  Change all callers of
libxl_domain_destroy to use the wrapper.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
2015-04-16 16:43:19 -06:00
Jim Fehlig
894d2ff759 libxl: acquire a job when destroying a domain
A job should be acquired at the beginning of a domain destroy operation,
not at the end when cleaning up the domain.  Fix two occurrences of this
late job acquisition in the libxl driver.  Doing so renders
libxlDomainCleanupJob unused, so it is removed.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
2015-04-16 16:43:18 -06:00
Jim Fehlig
f86ae40324 libxl: Move job acquisition in libxlDomainStart to callers
Let callers of libxlDomainStart decide when it is appropriate to
acquire a job on the associated virDomainObj.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
2015-04-16 16:42:53 -06:00
Jim Fehlig
13e2c22099 libxl: support HVM direct kernel boot
Add support for HVM direct kernel boot in libxl.  Also add a
test to verify domXML <-> native conversions.

Signed-off-by: Chunyan Liu <cyliu@suse.com>
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
2015-04-16 16:14:51 -06:00
Jim Fehlig
0fe504f15a xenconfig: don't use "kernel" for hvmloader
In xl config, hvmloader is implied for hvm guests.  It is not
specified with the "kernel" option like xm config.  The "kernel"
option, along with "ramdisk" and "extra", is used for HVM direct
kernel boot.  Instead of using "kernel" option to populate
virDomainDef object's os.loader->path, use hvmloader discovered
when gathering capabilities.

This change required fixing initialization of capabilities in
the test utils and removing 'kernel = "/usr/lib/xen/boot/hvmloader"'
from the test config files.
2015-04-16 16:11:01 -06:00
Jim Fehlig
717a92513d xenconfig: move <os> parsing/formating to config-specific files
xl and xm differ a bit in how <os> configuration is represented.
E.g. xl config supports <os><nvram .../></os> via its "bios"
setting.

Move the xenParseOS and xenFormatOS functions from xen_common.c
and copy to xen_xl.c and xen_xm.c so they can be customized for
xm vs xl config.  An unfortunate fallout is reordering of entries
in the test config files.
2015-04-16 16:11:01 -06:00
Jim Fehlig
a9b0d647bc xenconfig: remove redunant parsing of device_model
device_model is parsed in xenParseOS(), then later in
xenParseConfigCommon().  <emulator> is not part of <os>,
so makes sense to remove the parsing in xenParseOS().
2015-04-16 16:11:01 -06:00
Jim Fehlig
8680a19bc8 xenconfig: export xenConfigCopyString
Export xenConfigCopyString for use outside of xen_common.c

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
2015-04-16 16:11:01 -06:00
Pavel Hrdina
358dbf8457 virbuffer: fix build on rhel-6
On rhel-6 is broken gcc that reports this warning:

util/virbuffer.c:500: error: logical '&&' with non-zero constant will
    always evaluate as true [-Wlogical-op]

Move the pragma directive before function virBufferEscapeString because
since commit aeb5262e this function uses 'strchr' too.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2015-04-16 18:35:41 +02:00
John Ferlan
0cf87b51d4 storage: Refactor virStorageBackendSCSINewLun
Invert the logical of retval and clean up code paths, especially goto's

Signed-off-by: John Ferlan <jferlan@redhat.com>
2015-04-16 12:28:04 -04:00
Michael Chapman
3617e3b36d virCondWaitUntil: calculate timespec correctly
ts.tv_nsec was off by a factor of 1000, making timeouts less than a
second in the future often expiring immediately.

Signed-off-by: Michael Chapman <mike@very.puzzling.org>
2015-04-16 15:39:22 +02:00
Peter Krempa
c44108522b qemu: monitor: Refactor and fix monitor checking
Among all the monitor APIs some where checking if mon is NULL and some
were not. Since it's possible to have mon equal to NULL in case a second
call is attempted once entered the monitor. This requires that every
single API checks for the monitor.

This patch adds a macro that helps checking the state of the monitor and
either refactors existing checking code to use the macro or adds it in
case it was missing.
2015-04-16 14:49:46 +02:00
Jiri Denemark
0c68ec7d78 daemon: Prefix sysctl configuration filename with a number
Apparently, files in /usr/lib/sysctl.d are usually prefixed with numbers
for easier ordering. Let's be consistent with this. I chose 60 for
libvirtd so that it goes after 50-default.conf.

https://bugzilla.redhat.com/show_bug.cgi?id=1084876
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2015-04-16 14:39:38 +02:00
Peter Krempa
25aa7035d3 qemu: bulk stats: Ignore errors from missing/inaccessible disks
Rather than erroring out make the best attempt to retrieve other data if
disks are inaccessible or missing. The failure will still be logged
though.

Since the bulk stats API is called on multiple domains an error like
this makes the API unusable. This regression was introduced by commit
596a137134

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1209394
2015-04-16 09:24:04 +02:00
Michal Privoznik
7cf87f750b RNG schema: allow plain @floor to <bandwidth/>
The <inbound/> element to <bandwidth/> has several attributes from
which two are mandatory. Well, from two at least one has to be
present: @average or @floor or both. Instead of inventing crazy RNG
schema, let's make all the attributes optional there and rely on our
parsing code to correctly handle the situation.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-04-16 09:07:43 +02:00
Michal Privoznik
3535de4626 virNetDevBandwidthPlug: Update function description
The comment is describing arguments passed to the function.
However, there's no @ifmac argument. In 955af4d4 it was replaced
with @ifmac_ptr.  Unfortunately, the comment wasn't updated.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-04-16 09:07:35 +02:00
Eric Blake
9289c85841 tests: fix build on old 32-bit platforms
gcc 4.1.2 (hello RHEL 5) on 32-bit platforms complains:

vircgrouptest.c: In function 'testCgroupGetPercpuStats':
vircgrouptest.c:627: warning: integer constant is too large for 'long' type
vircgrouptest.c:628: warning: this decimal constant is unsigned only in ISO C90
vircgrouptest.c:634: warning: integer constant is too large for 'long' type
vircgrouptest.c:635: warning: this decimal constant is unsigned only in ISO C90
vircgrouptest.c:636: warning: this decimal constant is unsigned only in ISO C90
vircgrouptest.c:644: warning: integer constant is too large for 'long' type

* tests/vircgrouptest.c (testCgroupGetPercpuStats): Use ULL suffix.

Signed-off-by: Eric Blake <eblake@redhat.com>
2015-04-15 12:50:23 -06:00
Ján Tomko
aeb5262e43 Strip control codes in virBufferEscapeString
These cannot be represented in XML.

We have been stripping them, but only if the string had
characters that needed escaping: <>"'&

Extend the strcspn check to include control codes, and strip
them even if we don't do any escaping.

https://bugzilla.redhat.com/show_bug.cgi?id=1184131
https://bugzilla.redhat.com/show_bug.cgi?id=1066564
2015-04-15 18:41:20 +02:00
Ján Tomko
60db2bc80f Ignore storage volumes with control codes in their names
To prevent generating invalid XML.

https://bugzilla.redhat.com/show_bug.cgi?id=1066564
2015-04-15 18:41:20 +02:00
Ján Tomko
557107500b Strip control characters from sysfs attributes
Including them in the XML makes them unparsable.

https://bugzilla.redhat.com/show_bug.cgi?id=1184131
2015-04-15 18:41:20 +02:00
Ján Tomko
2a530a3e50 Add functions dealing with control characters in strings
Add virStringHasControlChars that checks if the string has
any control characters other than \t\r\n,
and virStringStripControlChars that removes them in-place.
2015-04-15 18:41:20 +02:00
Ján Tomko
e892842dfd tests: rename testStripIPv6BracketsData to testStripData
For reuse with other Strip* functions.
2015-04-15 18:41:20 +02:00
Ján Tomko
a809c4749e Add an example for EVENT_ID_DEVICE_ADDED 2015-04-15 17:06:01 +02:00
Ján Tomko
b693b2fb73 Emit VIR_DOMAIN_EVENT_ID_DEVICE_ADDED in the QEMU driver
Only for devices that have an alias.
2015-04-15 17:06:01 +02:00
Ján Tomko
1882c0bd8d Add VIR_DOMAIN_EVENT_ID_DEVICE_ADDED event
The counterpart to VIR_DOMAIN_EVENT_ID_DEVICE_REMOVED.

https://bugzilla.redhat.com/show_bug.cgi?id=1206114
2015-04-15 17:06:01 +02:00
Michal Privoznik
96a21e975f Cleanup "/sys/class/net" usage
Throughout the code, we have several places need to construct a path
somewhere in /sys/class/net/... They are not consistent and nearly
each code piece invents its own way how to do it. So unify this by:

1) use virNetDevSysfsFile() wherever possible

2) At least use common macro SYSFS_NET_DIR declared in virnetdev.h at
   the rest of places which can't go with 1)

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-04-15 16:43:28 +02:00
Michal Privoznik
598f3fddbc tests: Add virnetdevtestdata to EXTRA_DIST
In one of my previous commits (49ed6cff9) I've introduced a test
among with some files stored under virnetdevtestdata folder.
While this works perfectly within a git tree, the folder was not
getting into .tar.gz and therefore the dist-check would fail.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-04-15 16:43:28 +02:00
John Ferlan
960e009c58 tests: Resolve Coverity RESOURCE_LEAK
Commit id 'b77ce18a2' added a new bitmap, but neglected to virBitmapFree it
2015-04-15 10:29:41 -04:00
Eric Blake
31ef0836a7 virsh: fix regression in 'virsh event' by domain
Commit a0670ae caused a regression in 'virsh event' and
'virsh qemu-monitor-event' - if a user tries to filter the
command to a specific domain, an error message is printed:

$ virsh event dom --loop
error: internal error: virsh qemu-monitor-event: no domain VSH_OT_DATA option

and then the command continues as though no domain had been
supplied (giving events for ALL domains, instead of the
requested one).  This is because the code was incorrectly
assuming that all "domain" options would be supplied via a
mandatory VSH_OT_DATA, even though "domain" is optional for
these two commands, so we had changed them to VSH_OT_STRING
to quit failing for other reasons (ever since it was decided
that VSH_OT_DATA and VSH_OT_STRING should no longer be
synonyms).

In looking at the situation, though, the code for looking up
a domain was making a pointless check for whether the option
exists prior to finding the option's string value, as
vshCommandOptStringReq does just fine at reporting any errors
when looking up a string whether or not the option was present.

So this is a case of regression fixing by pure code deletion :)

* tools/virsh-domain.c (vshCommandOptDomainBy): Drop useless filter.
* tools/virsh-interface.c (vshCommandOptInterfaceBy): Likewise.
* tools/virsh-network.c (vshCommandOptNetworkBy): Likewise.
* tools/virsh-nwfilter.c (vshCommandOptNWFilterBy): Likewise.
* tools/virsh-secret.c (vshCommandOptSecret): Likewise.
* tools/virsh.h (vshCmdHasOption): Drop unused function.
* tools/virsh.c (vshCmdHasOption): Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2015-04-15 08:13:53 -06:00
Peter Krempa
ee1cc9a459 node: udev: Remove some redundant error reports
All the called functions already report an error.
2015-04-15 15:20:12 +02:00
Michal Privoznik
6515f3df94 virPidFileConstructPath: Drop useless VIR_FREE()
If a virAsprintf() within the function fails, we call VIR_FREE()
over @rundir variable and jump onto cleanup label, where it is
freed again.  It doesn't hurt, but not make much sense too.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-04-15 15:01:02 +02:00
Peter Krempa
7961713410 qemu: monitor: Fix qemuMonitorGetAllBlockStatsInfo with HMP
Commit f6563bc3 introduced HMP impl of the function (so that a different
uglier function could be removed). Before the HMP code is called there's
a leftover check that the monitor is JSON which inhibits the code from
working.
2015-04-15 13:58:26 +02:00
Peter Krempa
a745d83fe0 qemu: monitor: @running in qemuMonitorGetStatus is always non-NULL
Add the attribute and remove the check.
2015-04-15 13:58:26 +02:00
Peter Krempa
81d14c0252 qemu: monitor: Don't use 'ret' variable where not necessary
Quite a lot places set the 'ret' variable just once right before
returning it's value. Remove such usage.
2015-04-15 13:58:26 +02:00
Peter Krempa
ee591240c2 qemu: monitor: Ensure that qemuMonitorSetLink is called with non-null name 2015-04-15 13:58:26 +02:00
Peter Krempa
0e9fadd66d qemu: monitor: Sanitize control flow in qemuMonitorSetCapabilities 2015-04-15 13:58:26 +02:00
Peter Krempa
119aa5d35a qemu: monitor: Clean up coding style
Fix line spacing between functions, ensure that function return type is
on a separate line and reflow arguments for VIR_DEBUG statements.
2015-04-15 13:58:25 +02:00
Michal Privoznik
be78814ae0 virNetSocketNewConnectUNIX: Use flocks when spawning a daemon
https://bugzilla.redhat.com/show_bug.cgi?id=1200149

Even though we have a mutex mechanism so that two clients don't spawn
two daemons, it's not strong enough. It can happen that while one
client is spawning the daemon, the other one fails to connect.
Basically two possible errors can happen:

  error: Failed to connect socket to '/home/mprivozn/.cache/libvirt/libvirt-sock': Connection refused

or:

  error: Failed to connect socket to '/home/mprivozn/.cache/libvirt/libvirt-sock': No such file or directory

The problem in both cases is, the daemon is only starting up, while we
are trying to connect (and fail). We should postpone the connecting
phase until the daemon is started (by the other thread that is
spawning it). In order to do that, create a file lock 'libvirt-lock'
in the directory where session daemon would create its socket. So even
when called from multiple processes, spawning a daemon will serialize
on the file lock. So only the first to come will spawn the daemon.

Tested-by: Richard W. M. Jones <rjones@redhat.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-04-15 13:39:13 +02:00
Martin Kletzander
bb6a62d4ab json: export non-static functions
Two non-static functions in virjson.c were missing their export info in
libvirt_private.syms, so they couldn't be used anywhere it the code (and
that's about to get changed).

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-04-15 13:33:35 +02:00
Martin Kletzander
fae5b555c8 Change virConnectPtr into virObjectLocklable
It already had a virMutex inside, so this is just a cleanup.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-04-15 13:33:35 +02:00
Martin Kletzander
6dfbaca7b7 closeCallback is already lockable, initialize it as such
Luckily we are allocating structs as clean memory and
PTHREAD_MUTEX_INITIALIZER is "{ 0 }", so nothing happened, but it should
still be created as lockable object.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-04-15 13:33:35 +02:00
Martin Kletzander
5336a3a47c configure: Align messages
The first two were a bit off.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-04-15 13:33:35 +02:00
John Ferlan
5817451947 storage: Add duplicate devices check for zfs pool def
Check proposed pool definitions to ensure they aren't trying to use the
same devices as currently defined definitions - disallow the duplicate
2015-04-15 06:51:20 -04:00
John Ferlan
2184ade3a0 storage: Add duplicate source pool for Gluster pool def
Check the proposed pool source host XML definition against existing gluster
pools to ensure the incoming definition doesn't use the same source dir and
soure host XML definition as an existing pool.
2015-04-15 06:50:27 -04:00
John Ferlan
521add056e storage: Add duplicate host check for Sheepdog pool def
Check the proposed pool source host XML definition against existing sheepdog
pools to ensure the incoming definition doesn't use the same source host XML
definition as an existing pool.
2015-04-15 06:40:08 -04:00
John Ferlan
556a21f9fb storage: Remove default from switch in virStoragePoolSourceFindDuplicate
So that we can cover all the cases.
2015-04-15 06:40:08 -04:00
John Ferlan
d92be7f42f storage: Use virStoragePoolSourceMatchSingleHost for NETFS
Rather than have duplicate code doing the same check, have the netfs
matching processing code use the new virStoragePoolSourceMatchSingleHost.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2015-04-15 06:40:07 -04:00