QEMU 1.3 and newer support an alternative URI-based syntax to specify
the location of an NBD server. Libvirt can keep on using the old
syntax in general, but only the URI syntax supports IPv6 addresses.
The URI syntax also supports relative paths to Unix sockets. These
should never be used but aren't explicitly blocked either by the parser,
so support it just in case.
The URI syntax is intentionally compatible with Gluster's, and the
code can be reused.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
This reuses the XML format that was introduced for Gluster.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
These are supported by nbd-server and by the NBD server that QEMU
embeds for live image access.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
Enable more testing of NBD parsing, to ensure rewrites work.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
Adding test cases for virtio-scsi and virtio-rng. Since ccw is covering
the superset of the s390 bus handling, these are deemed to be sufficient.
Signed-off-by: Viktor Mihajlovski <mihajlov@linux.vnet.ibm.com>
QEMU_CAPS_VIRTIO_SCSI_PCI implies that virtio-scsi is only supported
for the PCI bus, which is not the case. Remove the _PCI suffix.
Signed-off-by: Viktor Mihajlovski <mihajlov@linux.vnet.ibm.com>
Multi-head QXL support is so useful that distros have started to
backport it to qemu earlier than 1.2. After discussion with
Alon Levy, we determined that the existence of the qxl-vga.surfaces
property is a reliable indicator of whether '-device qxl-vga' works,
or whether we have to stick to the older '-vga qxl'. I'm leaving
in the existing check for QEMU_CAPS_DEVICE_VIDEO_PRIMARY tied to
qemu 1.2 and newer (in case qemu is built without qxl support),
but for those distros that backport qxl, this additional capability
check will allow the correct command line for both RHEL 6.3 (which
lacks the feature) and RHEL 6.4 (where qemu still claims to be
version 0.12.2.x, but has backported multi-head qxl).
* src/qemu/qemu_capabilities.c (virQEMUCapsObjectPropsQxlVga): New
property test.
(virQEMUCapsExtractDeviceStr): Probe for backport of new
capability to qemu earlier than 1.2.
* tests/qemuhelpdata/qemu-kvm-1.2.0-device: Update test.
* tests/qemuhelpdata/qemu-1.2.0-device: Likewise.
* tests/qemuhelpdata/qemu-kvm-0.12.1.2-rhel62-beta-device:
Likewise.
Normally libvirtd should run with a SELinux label
system_u:system_r:virtd_t:s0-s0:c0.c1023
If a user manually runs libvirtd though, it is sometimes
possible to get into a situation where it is running
system_u:system_r:init_t:s0
The SELinux security driver isn't expecting this and can't
parse the security label since it lacks the ':c0.c1023' part
causing it to complain
internal error Cannot parse sensitivity level in s0
This updates the parser to cope with this, so if no category
is present, libvirtd will hardcode the equivalent of c0.c1023.
Now this won't work if SELinux is in Enforcing mode, but that's
not an issue, because the user can only get into this problem
if in Permissive mode. This means they can now start VMs in
Permissive mode without hitting that parsing error
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Qemu's implementation of virtio RNG supports rate limiting of the
entropy used. This patch exposes the option to tune this functionality.
This patch is based on qemu commit 904d6f588063fb5ad2b61998acdf1e73fb4
The rate limiting is exported in the XML as:
<devices>
...
<rng model='virtio'>
<rate bytes='123' period='1234'/>
<backend model='random'/>
</rng>
...
The virCaps structure gathered a ton of irrelevant data over time that.
The original reason is that it was propagated to the XML parser
functions.
This patch aims to create a new data structure virDomainXMLConf that
will contain immutable data that are used by the XML parser. This will
allow two things we need:
1) Get rid of the stuff from virCaps
2) Allow us to add callbacks to check and add driver specific stuff
after domain XML is parsed.
This first attempt removes pointers to private data allocation functions
to this new structure and update all callers and function that require
them.
'virsh capabilities' will now include a new <memory> element
per <cell> of the topology, as in:
<topology>
<cells num='2'>
<cell id='0'>
<memory unit='KiB'>12572412</memory>
<cpus num='12'>
...
</cell>
Signed-off-by: Eric Blake <eblake@redhat.com>
Code that validates the whitelist for the RNG device filename
didn't account for fact that filename may be NULL. This led
to a NULL reference crash. This wasn't caught since the test
suite was not covering this XML syntax
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
There is some controversy[1] on the qemu list on whether qemu should
have ever allowed arbitrary file name passthrough, or whether it
should be restricted to JUST /dev/random and /dev/hwrng. It is
always easier to add support for additional filenames than it is
to remove support for something once released, so this patch
restricts libvirt 1.0.3 (where the virtio-random backend was first
supported) to just the two uncontroversial names, letting us defer
to a later date any decision on whether supporting arbitrary files
makes sense. Additionally, since qemu 1.4 does NOT support
/dev/fdset/nnn fd passthrough for the backend, limiting to just
two known names means that we don't get tempted to try fd
passthrough where it won't work.
[1]https://lists.gnu.org/archive/html/qemu-devel/2013-03/threads.html#00023
* src/conf/domain_conf.c (virDomainRNGDefParseXML): Only allow
/dev/random and /dev/hwrng.
* docs/schemas/domaincommon.rng: Flag invalid files.
* docs/formatdomain.html.in (elementsRng): Document this.
* tests/qemuxml2argvdata/qemuxml2argv-virtio-rng-random.args:
Update test to match.
* tests/qemuxml2argvdata/qemuxml2argv-virtio-rng-random.xml:
Likewise.
When given a CA cert with basic constraints to set non-critical,
and key usage of 'key signing', this should be rejected. Version
of GNUTLS < 3 do not rejecte it though, so we never noticed the
test case was broken
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
This reverts commit 383ebc4694.
We decided the xml for this feature needed more thought to make sure
we are doing it the best way, in particular wrt option values that
have multiple items.
virstoragetest was failing on RHEL 5, but with no good error message:
TEST: virstoragetest
0 FAIL
It turns out that qemu-img was so old, that it lacked support for
-o backing_file. It didn't help that the test was also using
qemu-img from PATH, even after first probing for kvm-img.
* tests/virstoragetest.c (testPrepImages): Consistently use
discovered binary. Skip instead of fail if qemu-img fails during
setup.
On RHEL 5, 'make check' included failures such as:
TEST: virstoragetest
unable to create directory /virstoragedata/sub
unable to return to correct directory, refusing to clean up /virstoragedata
It turns out that with automake 1.9.x, $(abs_builddir) is not
automatically provided. We have previously worked around this
by using `pwd` before, but because we did not do it everywhere,
we had a number of broken tests.
This patch brings RHEL 5 from 8 failed tests down to 5 (the
remaining failures may be due to bugs in the older libxml2 and
RNG schema validation available in RHEL 5, so I'm not sure if
they can be fixed in libvirt, but I'm still investigating).
* tests/Makefile.am (AM_CFLAGS): Reliably set abs_builddir.
(*_la_CFLAGS): Factor out common settings; delete when nothing
remains to be added.
On RHEL 5, I noticed this test failure message:
TEST: qemumonitorjsontest
libvirt not compiled with yajl, skippingSKIP: qemumonitorjsontest
* tests/virstoragetest.c (testPrepImages): Use simpler fputs.
* tests/qemumonitorjsontest.c (mymain): Ensure trailing newline.
testutils.c likes to print summaries after a test completes,
including if it failed. But if the test outright exit()s,
this summary is skipped. Enforce that we return instead of exit.
* cfg.mk (sc_prohibit_exit_in_tests): New syntax check.
* tests/commandhelper.c (main): Fix offenders.
* tests/qemumonitorjsontest.c (mymain): Likewise.
* tests/seclabeltest.c (main): Likewise.
* tests/securityselinuxlabeltest.c (mymain): Likewise.
* tests/securityselinuxtest.c (mymain): Likewise.
* tests/testutils.h (VIRT_TEST_MAIN_PRELOAD): Likewise.
* tests/testutils.c (virtTestMain): Likewise.
(virtTestCaptureProgramOutput): Use symbolic name.
Now that the segfault is solved, we can skip instead of fail
the test when yajl is not present.
* tests/qemumonitorjsontest.c (mymain): Skip if no yajl.
On a machine without yajl headers, I was seeing random segfaults
from qemumonitorjsontest (about 90% of the runs on my particular
machine). The segfault was inside virClassIsDerivedFrom, which
points to a case of a race leading to unreferencing a stale
pointer to an object that had already been freed. I also noticed
that if I got the segfault, I was seeing messages such as:
2013-02-22 16:12:37.504+0000: 19833: error : virNetSocketWriteWire:1361 : Cannot write data: Bad file descriptor
which is also evidence of deferencing a stale pointer. I traced it
to a race where qemuMonitorTestIO could execute late, after the
main thread had already called qemuMonitorTestFree and called
virNetSocketClose(test->client) but not clearing it out to NULL.
Sure enough, after test->client has been closed, fd is -1, which
causes an attempt to write to the socket to fail, which in turn
triggers the error code of qemuMonitorTestIO that tries to re-close
test->client.
* tests/qemumonitortestutils.c (qemuMonitorTestIO): Don't attempt
to free client again if test already quit.
Originally, only a host name was used to associate a
DHCPv6 request with a specific IPv6 address. Further testing
demonstrates that this is an unreliable method and, instead,
a client-id or DUID needs to be used. According to DHCPv6
standards, this id can be a duid-LLT, duid-LL, or duid-UUID
even though dnsmasq will accept almost any text string.
Although validity checking of a specified string makes sure it is
hexadecimal notation with bytes separated by colons, there is no
rigorous check to make sure it meets the standard.
Documentation and schemas have been updated.
Signed-off-by: Gene Czarcinski <gene@czarc.net>
Signed-off-by: Laine Stump <laine@laine.org>
This patch adds support for a new <option>-Tag in the <dhcp> block of
network configs, based on a subset of the fifth proposal by Laine
Stump in the mailing list discussion at
https://www.redhat.com/archives/libvir-list/2012-November/msg01054.html.
Any such defined option will result in a dhcp-option=<number>,"<value>"
statement in the generated dnsmasq configuration file.
Currently, DHCP options can be specified by number only and there is
no whitelisting or blacklisting of option numbers, which should
probably be added.
Signed-off-by: Pieter Hollants <pieter@hollants.com>
Signed-off-by: Laine Stump <laine@laine.org>
Testing our backing chain handling will make it much easier to
ensure that we avoid issues in the future. If only I had written
this test before I first caused several regressions...
* tests/virstoragetest.c: New test.
* tests/Makefile.am (test_programs): Build it.
* .gitignore: Ignore new files.
No need to use HAVE_REGEX_H - our use of gnulib guarantees that
the header exists and works, regardless of platform. Similarly,
we can unconditionally assume a compiling <sys/wait.h> (although
the mingw version of this header is not full-featured).
* src/storage/storage_backend.c: Drop useless conditional.
* tests/testutils.c: Likewise.
We have several cases where we need to read endian-dependent
data regardless of host endianness; rather than open-coding
these call sites, it will be nicer to funnel things through
a macro.
The virendian.h file can be expanded to add writer functions,
and/or 16-bit access patterns, if needed. Also, if we need
to turn things into a function to avoid multiple evaluations
of buf, that can be done later. But for now, a macro worked.
* src/util/virendian.h: New file.
* src/Makefile.am (UTIL_SOURCES): Ship it.
* tests/virendiantest.c: New test.
* tests/Makefile.am (test_programs, virendiantest_SOURCES): Run
the test.
* .gitignore: Ignore built file.
'make check' has been failing on VPATH builds since commit
907a39e7. The tests already had magic for munging path names,
but were munging to the wrong location, thus working only on
an in-tree build.
* tests/securityselinuxlabeltest.c (testSELinuxMungePath): Munge
to correct path.
To enable locking to be introduced to the security manager
objects later, turn virSecurityManager into a virObjectLockable
class
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
To avoid confusion between 'virCapsPtr' and 'qemuCapsPtr'
do some renaming of various fucntions/variables. All
instances of 'qemuCapsPtr' are renamed to 'qemuCaps'. To
avoid that clashing with the 'qemuCaps' typedef though,
rename the latter to virQEMUCaps.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
To enable virCapabilities instances to be reference counted,
turn it into a virObject. All cases of virCapabilitiesFree
turn into virObjectUnref
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
The data files for testing QEMU command line generation are
hardcoded to use /etc/pki, so we should explicitly set that
in the test case, avoiding the dynamic SYSCONFDIR value.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
When Valgrind runs the 'qemumonitorjsontest' it would claim that the
thread created is leaked. That's because the virThreadJoin won't get
called due to the 'running' flag being cleared. In order to avoid that,
call virThreadJoin unconditionally at cleanup time. Also noted that the
qemuMonitorTestWorker() didn't get the test mutex lock on the failure path.
The incoming and outgoing buffers allocated by qemuMonitorTestIO() and
qemuMonitorTestAddReponse() were never VIR_FREE()'d in qemuMonitorTestFree().
The 'package' string returned by qemuMonitorGetVersion() needs to
be VIR_FREE()'d.
testQemuMonitorJSONGetMachines(), testQemuMonitorJSONGetCPUDefinitions(),
and testQemuMonitorJSONGetCommands() did not VIR_FREE() the array and
array elements allocated by their respective qemuMonitorGet* routines.
Valgrind deterimined that fakeSecretGetValue() was using the secret
value without checking validity. Returning NULL causes the caller
to emit a message and results in failure.
Additionally commit 'b090aa7d' changes leaked vncSASLdir and vncTLSx509certdir
We had an easy way to iterate set bits, but not for iterating
cleared bits.
* src/util/virbitmap.h (virBitmapNextClearBit): New prototype.
* src/util/virbitmap.c (virBitmapNextClearBit): Implement it.
* src/libvirt_private.syms (bitmap.h): Export it.
* tests/virbitmaptest.c (test4): Test it.
Commit 39c77fe triggered random failures, depending on the platform
and what other fds leak into the testsuite (for me, it passed on
RHEL 6 but failed on Fedora 18). The reason was that we were
expecting an fd that fell outside of our reserved range. By reserving
a larger range, the test once again passes on all platforms.
* tests/commandtest.c (mymain): Reserve enough fds.
Currently the virQEMUDriverPtr struct contains an wide variety
of data with varying access needs. Move all the static config
data into a dedicated virQEMUDriverConfigPtr object. The only
locking requirement is to hold the driver lock, while obtaining
an instance of virQEMUDriverConfigPtr. Once a reference is held
on the config object, it can be used completely lockless since
it is immutable.
NB, not all APIs correctly hold the driver lock while getting
a reference to the config object in this patch. This is safe
for now since the config is never updated on the fly. Later
patches will address this fully.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
This is just a basic test, so we don't break virCommand in the
future. A "Hello world\n" string is written to commanhelper,
which copies input to stdout and stderr where we read it from.
Then the read strings are compared with expected values.
