Assuming a hypervisor that supports multiple smartcard devices in the
guest, this would be a valid XML description:
<devices>
<smartcard mode='host'/>
<smartcard mode='host-certificates'>
<certificate>/path/to/cert1</certificate>
<certificate>/path/to/cert2</certificate>
<certificate>/path/to/cert3</certificate>
</smartcard>
<smartcard mode='passthrough' type='tcp'>
<source mode='bind' host='127.0.0.1' service='2001'/>
<protocol type='raw'/>
</smartcard>
</devices>
(As of this commit, the qemu hypervisor will be the first
implementation, but it only supports one smartcard.)
* docs/formatdomain.html.in (Smartcard devices): New section.
* docs/schemas/domain.rng (smartcard): New define, used in
devices.
* tests/qemuxml2argvdata/qemuxml2argv-smartcard-host.xml: New file
to test schema.
* tests/qemuxml2argvdata/qemuxml2argv-smartcard-host-certificates.xml:
Likewise.
* tests/qemuxml2argvdata/qemuxml2argv-smartcard-passthrough-tcp.xml:
Likewise.
* tests/qemuxml2argvdata/qemuxml2argv-smartcard-controller.xml:
Likewise.
Currently users who want to use virDomainQemuMonitorCommand() API or
it's virsh equivalent has to use the same protocol as libvirt uses for
communication to qemu. Since the protocol is QMP with current qemu and
HMP much more usable for humans, one ends up typing something like the
following:
virsh qemu-monitor-command DOM \
'{"execute":"human-monitor-command","arguments":{"command-line":"info kvm"}}'
which is not a very convenient way of debugging qemu.
This patch introduces --hmp option to qemu-monitor-command, which says
that the provided command is in HMP. If libvirt uses QMP to talk with
qemu, the command will automatically be converted into QMP. So the
example above is simplified to just
virsh qemu-monitor-command --hmp DOM "info kvm"
Also the result is converted from
{"return":"kvm support: enabled\r\n"}
to just plain HMP:
kvm support: enabled
If libvirt talks to qemu in HMP, --hmp flag is obviously a noop.
This patch fixes 2 occurrences of nla_put expression with a '!' in
front of them that basically prevented the detection that the buffer
is too small. However, code further below would then detect that the
buffer is too small when further parts are added to the netlink message.
* src/qemu/qemu_driver.c (qemudShutdownVMDaemon): Check that vm is
still active.
Reported by Wen Congyang as follows:
Steps to reproduce this bug:
1. use gdb to debug libvirtd, and set breakpoint in the function
qemuConnectMonitor()
2. start a vm, and the libvirtd will be stopped in qemuConnectMonitor()
3. kill -STOP $(cat /var/run/libvirt/qemu/<domain>.pid)
4. continue to run libvirtd in gdb, and libvirtd will be blocked in the
function qemuMonitorSetCapabilities()
5. kill -9 $(cat /var/run/libvirt/qemu/<domain>.pid)
Here is log of the qemu:
=========
LC_ALL=C PATH=/sbin:/usr/sbin:/bin:/usr/bin ...
char device redirected to /dev/pts/3
2011-01-27 09:38:48.101: shutting down
2011-01-27 09:41:26.401: shutting down
=========
The vm is shut down twice. I do not know whether this behavior has
side effect, but I think we should shutdown the vm only once.
When compiling libvirt with GCC 3.4.6 the following warning is being triggered quite a lot:
util/memory.h:60: warning: declaration of 'remove' shadows a global declaration
/usr/include/stdio.h:175: warning: shadowed declaration is here
Fix this by renaming the parameter to 'toremove'.
Depending if the qemu binary supports multiple pci-busses, the device
options will contain "bus=pci" or "bus=pci.0".
Only x86_64 and i686 seem to have support for multiple PCI-busses. When
a guest of these architectures is started, set the
QEMUD_CMD_FLAG_PCI_MULTIBUS flag.
Signed-off-by: Niels de Vos <ndevos@redhat.com>
In the SASL codepath we typically read far more data off the
wire than we immediately need. When using a connection from a
single thread this isn't a problem, since only our reply will
be pending (or an event we can handle directly). When using a
connection from multiple threads though, we may read the data
from replies from other threads. If those replies occur after
our own reply, they'll not be processed. The other thread will
then go into poll() and wait for its reply which has already
been received and decoded. The solution is to set poll() timeout
to 0 if there is pending SASL data.
* src/remote/remote_driver.c: Don't sleep in poll() if SASL
data exists
Command line building for incoming tunneled migration is missed,
as a result, all the tunneled migration will fail with "unknown
migration protocol".
* src/qemu/qemu_command.c
This patch teaches testutil how to read multi-line input files with
backspace-newline line continuation markers.
The patch also breaks up all the single-line arguments test input files into
multi-line files with lines shorter than 80 characters.
commit f1fe9671e was supposed to make sure we use files.h
macros to avoid double close, but it didn't work.
Meanwhile, virCommand is vastly superior to system(), fork(),
and popen() (also to virExec, but we haven't completed that
conversion), so enforce that, too.
* cfg.mk (sc_prohibit_close): Fix typo that excluded close, and
add pclose.
(sc_prohibit_fork_wrappers): New rule, for fork, system, and popen.
* .x-sc_prohibit_close: More exemptions.
* .x-sc_prohibit_fork_wrappers: New file.
* Makefile.am (syntax_check_exceptions): Ship new file.
* src/datatypes.c (virReleaseConnect): Tweak comment to avoid
false positive.
* src/util/files.h (VIR_CLOSE): Likewise.
* src/fdstream.c (virFDStreamOpenFile, virFDStreamCreateFile):
Use VIR_FORCE_CLOSE instead of close.
* tests/commandtest.c (mymain): Likewise.
* tools/virsh.c (editFile): Use virCommand instead of system.
* src/util/util.c (__virExec): Special case preservation of std
file descriptors to child.
Use it in all places where a memory or storage request size is converted
to a larger granularity. This avoids requesting too small memory or storage
sizes that could result from the truncation done by a simple division.
This extends the round up fix in 6002e0406c
to the whole codebase.
Instead of reporting errors for odd values in the VMX code round them up.
Update the QEMU Argv tests accordingly as the original memory size 219200
isn't a even multiple of 1024 and is rounded up to 215 megabyte now. Change
it to 219100 and 219136. Use two different values intentionally to make
sure that rounding up works.
Update virsh.pod accordingly, as rounding down and rejecting are replaced
by rounding up.
Fixes test failure that was overlooked after commit 1e1f7a8950.
* daemon/Makefile.am (check-local): Let 'make check' fail on error.
* daemon/test_libvirtd.aug: Move qemu-specific option...
* src/qemu/test_libvirtd_qemu.aug: ...into correct test.
* src/qemu/libvirtd_qemu.aug: Parse new option.
qemu allows the user to choose what io storage api should be used,
either the default (threads) or native (linux aio) which in the latter
case can result in better performance.
Based on a patch originally by Matthias Dahl.
Red Hat Bugzilla #591703
Signed-off-by: Eric Blake <eblake@redhat.com>
The refactoring of QEMU command startup was comitted with
a couple of VIR_WARN lines left in from debugging.
* src/qemu/qemu_driver.c: Remove log warning lines
When qemuMonitorSetCapabilities() fails, there is no need to
call qemuMonitorClose(), because the caller will already see
the error code and tear down the entire VM. The extra call to
qemuMonitorClose resulted in a double-free due to it removing
a ref count prematurely.
* src/qemu/qemu_driver.c: Remove premature close of monitor
If the event loop takes a very long time todo something, it is
possible for the 'self pipe' buffer to become full at which
point the entire event loop + remote driver deadlock. Use a
boolean flag to ensure we have strict one-in, one-out behaviour
on writes/reads of the 'self pipe'
Regression in commit caa805ea let a lot of bad messages slip in.
* cfg.mk (msg_gen_function): Fix function name.
* src/qemu/qemu_cgroup.c (qemuRemoveCgroup): Fix fallout from
'make syntax-check'.
* src/qemu/qemu_driver.c (qemudDomainGetInfo)
(qemuDomainWaitForMigrationComplete, qemudStartVMDaemon)
(qemudDomainSaveFlag, qemudDomainAttachDevice)
(qemuDomainUpdateDeviceFlags): Likewise.
* src/qemu/qemu_hotplug.c (qemuDomainAttachHostUsbDevice)
(qemuDomainDetachPciDiskDevice, qemuDomainDetachSCSIDiskDevice):
Likewise.
When attaching device from a xml file and the device is mis-configured,
virsh gives mis-leading message "out of memory". This patch fixes this.
Signed-off-by: Eric Blake <eblake@redhat.com>
If the memory of guest OS is changed constantly, the live migration
can not be ended ever for ever.
We can use the command 'virsh migrate-setmaxdowntime' to control the
live migration. But the value of maxdowntime is diffcult to calculate
because it depends on the transfer speed of network and constantly
changing memroy size. We need a easy way to control the live migration.
This patch adds the support of forcing guest to suspend at timeout.
With this patch, when we migrate the guest OS, we can specify a
timeout. If the live migration timeouts, auto-suspend the guest OS,
where the migration will complete offline.
While migration is in progress and virsh is waiting for its
completion, user may want to terminate the progress by pressing
Ctrl-C. But virsh just exits on user's Ctrl-C leaving migration
in background that user isn't even aware of. It's not reasonable.
This patch changes the behaviour for migration. For other
commands Ctrl-C still terminates virsh itself.
* src/qemu/qemu_command.c (qemuBuildChrChardevStr): Alter the
chardev alias.
(qemuBuildCommandLine): Output an id for the chardev counterpart.
* tests/qemuxml2argvdata/*: Update tests to match.
Reported by Daniel P. Berrange.
Steps to reproduce this bug:
1. service libvirtd start
2. virsh start <domain>
3. kill -STOP $(cat /var/run/libvirt/qemu/<domain>.pid)
4. service libvirtd restart
5. kill -9 $(cat /var/run/libvirt/qemu/<domain>.pid)
Then libvirtd will core dump or be in deadlock state.
Make sure that json is built into libvirt and the version
of qemu is newer than 0.13.0.
The reason of libvirtd cores dump is that:
We add vm->refs when we alloc the memory, and decrease it
in the function qemuHandleMonitorEOF() in other thread.
We add vm->refs in the function qemuConnectMonitor() and
decrease it when the vm is inactive.
The libvirtd will block in the function qemuMonitorSetCapabilities()
because the vm is stopped by signal SIGSTOP. Now the vm->refs is 2.
Then we kill the vm by signal SIGKILL. The function
qemuMonitorSetCapabilities() failed, and then we will decrease vm->refs
in the function qemuMonitorClose().
In another thread, mon->fd is broken and the function
qemuHandleMonitorEOF() is called.
If qemuHandleMonitorEOF() decreases vm->refs before qemuConnectMonitor()
returns, vm->refs will be decrease to 0 and the memory is freed.
We will call qemudShutdownVMDaemon() as qemuConnectMonitor() failed.
The memory has been freed, so qemudShutdownVMDaemon() is too dangerous.
We will reference NULL pointer in the function virDomainConfVMNWFilterTeardown():
=============
void
virDomainConfVMNWFilterTeardown(virDomainObjPtr vm) {
int i;
if (nwfilterDriver != NULL) {
for (i = 0; i < vm->def->nnets; i++)
virDomainConfNWFilterTeardown(vm->def->nets[i]);
}
}
============
vm->def->nnets is not 0 but vm->def->nets is NULL(We don't set vm->def->nnets
to 0 when we free vm).
We should add an extra reference of vm to avoid vm to be deleted if
qemuConnectMonitor() failed.
Signed-off-by: Wen Congyang <wency@cn.fujitsu.com>
As noticed by Eric, commit 8e28c5d402,
which fixed generation of virtio-serial port numbers, forgot to adjust
test files which resulted in make check failure.
Regression introduced in commit e6b68d7 (Nov 2010).
Prior to that point, handlesAlloc was always a multiple of
EVENT_ALLOC_EXTENT (10), and was an int (so even if the subtraction
had been able to wrap, a negative value would be less than the count
not try to free the handles array). But after that point,
VIR_RESIZE_N made handlesAlloc grow geometrically (with a pattern of
10, 20, 30, 45 for the handles array) but still freed in multiples of
EVENT_ALLOC_EXTENT; and the count changed to size_t. Which means that
after 31 handles have been created, then 30 handles destroyed,
handlesAlloc is 5 while handlesCount is 1, and since (size_t)(1 - 5)
is indeed greater than 1, this then tried to free 10 elements, which
had the awful effect of nuking the handles array while there were
still live handles.
Nuking live handles puts libvirtd in an inconsistent state, and was
easily reproducible by starting and then stopping 60 faqemu guests.
* daemon/event.c (virEventCleanupTimeouts, virEventCleanupHandles):
Avoid integer wrap-around causing us to delete the entire array
while entries are still active.
* tests/eventtest.c (mymain): Expose the bug.
This new parameter allows user specifies where the client
cerficate, client key, CA certificate of x509 is, instead of
hardcoding it. If 'pkipath' is not specified, and the user
is not root, try to find files in $HOME/.pki/libvirt, as long
as one of client cerficate, client key, CA certificate can
not be found, use default global location (LIBVIRT_CACERT,
LIBVIRT_CLIENTCERT, LIBVIRT_CLIENTKEY, see
src/remote/remote_driver.h)
Example of use:
[root@Osier client]# virsh -c qemu+tls://10.66.93.111/system?pkipath=/tmp/pki/client
error: Cannot access CA certificate '/tmp/pki/client/cacert.pem': No such file
or directory
error: failed to connect to the hypervisor
[root@Osier client]# ls -l
total 24
-rwxrwxr-x. 1 root root 6424 Jan 24 21:35 a.out
-rw-r--r--. 1 root root 1245 Jan 23 19:04 clientcert.pem
-rw-r--r--. 1 root root 132 Jan 23 19:04 client.info
-rw-r--r--. 1 root root 1679 Jan 23 19:04 clientkey.pem
[root@Osier client]# cp /tmp/cacert.pem .
[root@Osier client]# virsh -c qemu+tls://10.66.93.111/system?pkipath=/tmp/pki/client
Welcome to virsh, the virtualization interactive terminal.
Type: 'help' for help with commands
'quit' to quit
virsh #
* src/remote/remote_driver.c: adds support for the new pkipath URI parameter