Commit Graph

19503 Commits

Author SHA1 Message Date
Luyao Huang
5f6fe84d57 qemu: fix double free when RNG cold-plug fails
https://bugzilla.redhat.com/show_bug.cgi?id=1220809

When cold-plugging an RNG device but something fails in
qemuDomainAssignAddresses, we will double free the RNG device.
Once a device is plugged into the domain, we should set the
device pointer to NULL to fix this issue.

...
5  0x00007fb7d180ac8a in virFree at util/viralloc.c:582
6  0x00007fb7d1895cdd in virDomainRNGDefFree at conf/domain_conf.c:19786
7  0x00007fb7d1895d99 in virDomainDeviceDefFree at conf/domain_conf.c:2022
8  0x00007fb7b92b8baf in qemuDomainAttachDeviceFlags at qemu/qemu_driver.c:8785
9  0x00007fb7d190c5d7 in virDomainAttachDeviceFlags at libvirt-domain.c:8488
10 0x00007fb7d23af9d2 in remoteDispatchDomainAttachDeviceFlags at remote_dispatch.h:2842
...

Signed-off-by: Luyao Huang <lhuang@redhat.com>
2015-05-12 17:09:14 +02:00
Peter Krempa
ecc997fd43 daemon: Suppress logging of VIR_ERR_NO_DOMAIN_METADATA
Similarly to other error codes that notify the user that the object does
not exist lower the priority of VIR_ERR_NO_DOMAIN_METADATA to
VIR_LOG_DEBUG when writing the log entry.
2015-05-12 14:18:39 +02:00
Pavel Hrdina
78e27b5e0a conf_capabilities: fix wrong indentation
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2015-05-12 12:12:58 +02:00
Pavel Hrdina
d091518b35 XML: escape strings where we should do it
There is a lot of places, were it's pretty easy for user to enter some
characters that we need to escape to create a valid XML description.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1197580

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2015-05-12 12:05:07 +02:00
Richard W.M. Jones
ed8155eafb Document that virNodeGetInfo can return mhz == 0.
On the s/390x architecture, libvirt may already return 0 in the
node_info->mhz field (see src/nodeinfo.c:linuxNodeInfoCPUPopulate).

We may also want to return this on aarch64 in future, because
calculating the proper value requires SMBIOS, which is not available
on non-server-class systems (specifically on systems which don't
adhere to the SBSA standard).

Therefore this change documents the existing behaviour and provides a
valid path for aarch64.

Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
Bug-URL: https://bugzilla.redhat.com/1206353
2015-05-12 10:08:43 +01:00
Michal Privoznik
64e070e8fe libvirt-guests: Initialize SYNC_TIME
https://bugzilla.redhat.com/show_bug.cgi?id=1191227

Since 0fa15b19 we have this variable SYNC_TIME which allows users to
synchronize time on domain resume. However, despite what documentation
says, it's by default on because it's never initialized. Fix this by
setting it to zero at the beginning of the libvirt-guests script.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-05-12 08:53:14 +02:00
Laine Stump
e27c5c8fcb qemu: eliminate duplicated code in qemuBuildDriveDevStr()
The code to add device type to the commandline was identical for lsi
and other models of SCSI controllers, but was duplicated (with the
exception of a minor ordering difference of the if-else clauses) for
the two cases. This patch replaces those two with a single instance of
the code just before the if().
2015-05-11 16:56:26 -04:00
Laine Stump
da558e72c4 qemu: use qemuDomainMachineIsI440FX() in appropriate place
This patch makes qemuValideDevicePCISlotsChipsets() more consistent in
appearance by replacing several clauses of an if with the equivalent
call to qemuDomainMachineIsI440FX. The if was checking exactly the
same items, just in a slightly different order.
2015-05-11 16:49:47 -04:00
Roman Bogorodskiy
97e70a5935 maint: extend PIE support check
GCC installed from FreeBSD ports doesn't support building PIE executables
and fails with:

/usr/local/bin/ld: /usr/lib/crt1.o: relocation R_X86_64_32 against
`_DYNAMIC' can not be used when making a shared object; recompile with
-fPIC
/usr/lib/crt1.o: error adding symbols: Bad value
collect2: error: ld returned 1 exit status

However, the configure check for '-fPIC -DPIC' doesn't catch that. In
order to catch this case, add '-pie' to CFLAGS in m4/virt-compile-pie.m4
so it could detect lack of PIE support on configure time and don't fail
the build.
2015-05-11 20:08:47 +03:00
Roman Bogorodskiy
846cc14c4d bhyve: fix bhyvexml2argvtest build with gcc
gcc5 reports an error like this:

bhyvexml2argvtest.c: In function 'testCompareXMLToArgvFiles':
bhyvexml2argvtest.c:24:18: error: variable 'vm' set but not used
[-Werror=unused-but-set-variable]
     virDomainObj vm;
                  ^
cc1: all warnings being treated as errors

Fix by dropping this variable.
2015-05-11 20:08:47 +03:00
Luyao Huang
c49b9032a2 conf: Report error for unknown shmem ioeventfd value
https://bugzilla.redhat.com/show_bug.cgi?id=1220265

Passing the return value to an enum directly is not safe.  Fix this by
comparing the true integer result of virTristateSwitchTypeFromString().

Signed-off-by: Luyao Huang <lhuang@redhat.com>
2015-05-11 16:05:07 +02:00
Ján Tomko
076dd37995 Ignore bridge template names with multiple printf conversions
For some reason, we allow a bridge name with %d in it, which we replace
with an unsigned integer to form a bridge name that does not yet exist
on the host.

Do not blindly pass it to virAsprintf if it's not the only conversion,
to prevent crashing on input like:

<network>
  <name>test</name>
  <forward mode='none'/>
  <bridge name='virbr%d%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s'/>
</network>

Ignore any template strings that do not have exactly one %d conversion,
like we do in various drivers before calling virNetDevTapCreateInBridgePort.
2015-05-11 14:14:33 +02:00
Peter Krempa
2f37362e44 qemu: Fix balloon size handling with memory hot(un)plug
Since libvirt doesn't call to update the new balloon size in qemu add
code that will handle tweaking of the size of the current balloon
statistic until qemu reports the new size using the event.
2015-05-11 08:50:36 +02:00
Peter Krempa
de03b1ddde conf: Fix up balloon size after removing a memory device from def
To avoid having the ballooned memory size larger than the actual
physical memory size, truncate the ballooned size if it overflows.
2015-05-11 08:50:36 +02:00
Peter Krempa
fccc2c3313 conf: Always truncate balloon size to maximum memory size
Specifying a balloon size more than the memory size of a guest isn't
something that should be rejected when parsing the XML. Truncate the
size to the maximum memory size.
2015-05-11 08:50:36 +02:00
Peter Krempa
85d8ede9eb qemu: Convert qemuConnectGetAllDomainStats to use new helpers
Use the new domain list collection helpers to avoid going through
virDomainPtrs.

This additionally implements filter capability when called through the
api that accepts domain list filters.
2015-05-11 08:47:42 +02:00
Peter Krempa
83726a14d2 conf: Add helper to convert list of virDomains to a list of virDomainObjs
Add virDomainObjListConvert that will take a list of virDomains, apply
filters and return a list of virDomainObjs.
2015-05-11 08:45:51 +02:00
Peter Krempa
cbe7bbf722 conf: Refactor domain list collection critical section
Until now the virDomainListAllDomains API would lock the domain list and
then every single domain object to access and filter it. This would
potentially allow a unresponsive VM to block the whole daemon if a
*listAllDomains call would get stuck.

To avoid this problem this patch collects a list of referenced domain
objects first from the list and then unlocks it right away. The
expensive operation requiring locking of the domain object is executed
after the list lock is dropped. While a single blocked domain will still
lock up a listAllDomains call, the domain list won't be held locked and
thus other APIs won't be blocked.

Additionally this patch also fixes the lookup code, where we'd ignore
the vm->removing flag and thus potentially return domain objects that
would be deleted very soon so calling any API wouldn't make sense.

As other clients also could benefit from operating on a list of domain
objects rather than the public domain descriptors a new intermediate
API - virDomainObjListCollect - is introduced by this patch.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1181074
2015-05-11 08:28:54 +02:00
Peter Krempa
7906d5fbbb conf: Rename virDomainObjListFilter type to virDomainObjListACLFilter
The passed function is meant to filter domains according to ACL match.
2015-05-11 08:28:54 +02:00
Peter Krempa
684675c33b conf: Extract code to filter domain list into a separate function
Separate the code to simplify future refactors.
2015-05-11 08:28:54 +02:00
Peter Krempa
a5e89ae16e util: Make the virDomainListFree helper more universal
Extend it to a universal helper used for clearing lists of any objects.
Note that the argument type is specifically void * to allow implicit
typecasting.

Additionally add a helper that works on non-NULL terminated arrays once
we know the length.
2015-05-11 08:28:53 +02:00
Cole Robinson
8910e063db caps: Fix regression defaulting to host arch
My commit 747761a79 (v1.2.15 only) dropped this bit of logic when filling
in a default arch in the XML:

-    /* First try to find one matching host arch */
-    for (i = 0; i < caps->nguests; i++) {
-        if (caps->guests[i]->ostype == ostype) {
-            for (j = 0; j < caps->guests[i]->arch.ndomains; j++) {
-                if (caps->guests[i]->arch.domains[j]->type == domain &&
-                    caps->guests[i]->arch.id == caps->host.arch)
-                    return caps->guests[i]->arch.id;
-            }
-        }
-    }

That attempt to match host.arch is important, otherwise we end up
defaulting to i686 on x86_64 host for KVM, which is not intended.
Duplicate it in the centralized CapsLookup function.

Additionally add some testcases that would have caught this.

https://bugzilla.redhat.com/show_bug.cgi?id=1219191
2015-05-08 11:11:32 -04:00
Cole Robinson
fd74e23175 tests: Remove redundant aarch64 tests
My commit 7b9de914 added some aarch64 CPU test cases. I wanted to test
two different code paths but inadvertently added two of the same test
cases.

The second code path (using <cpu><model>host</model</cpu>) isn't easily
exercised via the qemu tests anyways, I'll need to look elsewhere.

Regardless, remove the redundant tests for now
2015-05-07 11:54:46 -04:00
Michal Privoznik
2af51483cc processSerialChangedEvent: Close agent monitor early
https://bugzilla.redhat.com/show_bug.cgi?id=890648

So, imagine you've issued an API that involves guest agent. For
instance, you want to query guest's IP addresses. So the API acquires
QUERY_JOB, locks the guest agent and issues the agent command.
However, for some reason, guest agent replies to initial ping
correctly, but then crashes tragically while executing real command
(in this case guest-network-get-interfaces). Since initial ping went
well, libvirt thinks guest agent is accessible and awaits reply to the
real command. But it will never come. What will is a monitor event.
Our handler (processSerialChangedEvent) will try to acquire
MODIFY_JOB, which will fail obviously because the other thread that's
executing the API already holds a job. So the event handler exits
early, and the QUERY_JOB is never released nor ended.

The way how to solve this is to put flag somewhere in the monitor
internals. The flag is called @running and agent commands are issued
iff the flag is set. The flag itself is set when we connect to the
agent socket. And unset whenever we see DISCONNECT event from the
agent. Moreover, we must wake up all the threads waiting for the
agent. This is done by signalizing the condition they're waiting on.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-05-07 11:31:17 +02:00
Michal Privoznik
21e8fc36c6 qemuDomainShutdownFlags: check for domain activeness prior to guest presence
Running shutdown with mode agent on a shutoff domain gives cryptic
error message:

    virsh # shutdown --mode agent gentoo
    error: Failed to shutdown domain gentoo
    error: Guest agent is not responding: QEMU guest agent is not connected

After this patch, the error is more clear:

    virsh # shutdown --mode agent gentoo
    error: Failed to shutdown domain gentoo
    error: Requested operation is not valid: domain is not running

Reported-by: Martin Kletzander <mkletzan@redhat.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-05-06 18:03:04 +02:00
Lubomir Rintel
c3cf3c43a0 lxc: don't up the veth interfaces unless explicitly asked to
Upping an interface for no reason and not configuring it is a cardinal sin.

With the default addrgenmode if eui64 it sticks a link-local address to the
interface. That is not good, as NetworkManager would see an address configured,
assume the interface is already configured and won't touch it iself and the
interface might stay unconfigured until the end of the days.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1124721

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-05-06 18:00:36 +02:00
Boris Fiuczynski
808e771e83 qemu: multiqueue for ccw devices
Allow ccw devices to be used with multiqueues. ccw provides a one to
one relation of fds to queues and does not support the vectors option.

Signed-off-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
Reviewed-by: Matthew Rosato <mjrosato@linux.vnet.ibm.com>
Reviewed-by: Daniel Hansel <daniel.hansel@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2015-05-06 11:42:42 -04:00
John Ferlan
b8e60f00d8 qemu: Resolve Coverity FORWARD_NULL
Coverity points out that qemuMonitorGetAllBlockStatsInfo could return a
-1 and thus not fill in 'stats' (leaving it NULL). Then the call to
qemuMonitorBlockStatsUpdateCapacity will dereference it.
2015-05-05 20:02:37 -04:00
John Ferlan
3e4ce35926 qemu: Resolve Coverity FORWARD_NULL
Coverity complains over the [n]values pairing in virQEMUCapsFreeStringList
and rather than make a bunch if "if values" checks prior to calling, by
just adding the values check inside the free function we avoid the chance
that somehow nvalues is > 0, while values == NULL
2015-05-05 20:02:37 -04:00
John Ferlan
e7664eedaa qemu: Resolve Coverity FORWARD_NULL
Coverity points out it was possible to have a zero return from
qemuBuildRNGBackendProps thus not filling in 'props' and then
causing a NULL dereference on the next call.
2015-05-05 20:02:37 -04:00
John Ferlan
c9a8e59440 xen: Resolve Coverity FORWARD_NULL
Coverity found that xenXMConfigCacheAddFile has an error path in which
no error message and a -1 was not returned which could have resulted in
a NULL dereference in a VIR_DEBUG statement and of course an erroneous
0 value returned!
2015-05-05 20:02:37 -04:00
John Ferlan
75dfbb85c7 qemu: Resolve Coverity FORWARD_NULL
Coverity notes that ->ifname is used after the VIR_FREE done in the
code path after the call to virNetDevMacVLanDeleteWithVPortProfile
by a call to virNetDevOpenvswitchRemovePort.

Since the ->ifname will be VIR_FREE()'d eventually in virDomainNetDefFree
just remove the extraneous VIR_FREE here.

When originally added, the Openvswitch code wasn't present and checks
were made for non NULL prior to use.
2015-05-05 20:02:36 -04:00
John Ferlan
9ad32e5052 qemu: Resolve Coverity IDENTICAL_BRANCHES
Coverity complains that in the error paths both the < 0 condition and
the success path after the qemuDomainObjExitMonitor failure will end
up going to cleanup.  So just use ignore_value in this error path to
resolve the complaint.
2015-05-05 20:02:36 -04:00
John Ferlan
74aab575c4 vbox: Resolve Coverity RESOURCE_LEAK
If the virStringSearch() returns a 0 (zero), then each of the uses
of the call will just jump to cleanup forgetting to free the returned
empty list. Expand the scope a bit of each use and free at cleanup.
2015-05-05 20:02:36 -04:00
John Ferlan
11b9167954 libxl: Resolve Coverity RESOURCE_LEAK
The returned socks from virNetSocketNewListenTCP needs to be VIR_FREE'd
as well as seach of the Close/Unref on all the socks[i] that is
already done
2015-05-05 20:02:36 -04:00
Jim Fehlig
c0d3f608d6 libxl: support soundhw for hvm domains
The xend driver and the parsing/formating code in src/xenconfig
have long supported soundhw.  Add support in the libxl driver too.
2015-05-05 09:19:37 -06:00
Jim Fehlig
77664cb406 libxl: add logrotate config file
Add logrotate config for log files in /var/log/libvirt/libxl.
2015-05-05 09:08:11 -06:00
Luyao Huang
d12790ebe8 docs: fix a small xml error in docs
Signed-off-by: Luyao Huang <lhuang@redhat.com>
2015-05-05 09:30:44 -04:00
Luyao Huang
8fedbbdb67 conf: Add the cpu duplicate use check for vm numa settings
https://bugzilla.redhat.com/show_bug.cgi?id=1176020

We had a check for the vcpu count total number in <numa>
before, however this check is not good enough. There are
some examples:

1. one of cpu id is out of maxvcpus, can set success(cpu count = 5 < 10):

<vcpu placement='static'>10</vcpu>
<cell id='0' cpus='0-3,100' memory='512000' unit='KiB'/>

2. use the same cpu in 2 cell, can set success(cpu count = 8 < 10):
<vcpu placement='static'>10</vcpu>
<cell id='0' cpus='0-3' memory='512000' unit='KiB'/>
<cell id='1' cpus='0-3' memory='512000' unit='KiB'/>

3. use the same cpu in 2 cell, cannot set success(cpu count = 11 > 10):
<vcpu placement='static'>10</vcpu>
<cell id='0' cpus='0-6' memory='512000' unit='KiB'/>
<cell id='1' cpus='0-3' memory='512000' unit='KiB'/>

Add a check for numa cpus, check if duplicate use one cpu in more
than one cell.

Signed-off-by: Luyao Huang <lhuang@redhat.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-05-05 13:31:47 +02:00
Michal Privoznik
608c95c76c qemu: Implement GIC
The only version that's supported in QEMU is version 2, currently.
Fortunately, it is enabled by aarch64 automatically, so there's
nothing for us that needs to be put onto command line.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-05-05 09:45:52 +02:00
Michal Privoznik
921c52b0db Introduce GIC feature
Some platforms, like aarch64, don't have APIC but GIC. So there's
no reason to have <apic/> feature turned on. However, we are
still missing <gic/> feature. This commit introduces the feature
to XML parser and formatter, adds documentation and updates RNG
schema.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-05-05 09:45:43 +02:00
Jiri Denemark
fc3601a308 qemu: Properly rename persistent def after migration
When migrating a domain while changing its name and using
VIR_MIGRATE_PERSIST_DEST flag, libvirt would fail to properly change the
name in the persistent definition. The inconsistency results in weird
behavior when dumping domain XML, destroying the domain, restarting
libvirtd and likely in several other situations.

Since the new name is already stored in vm->def->name, we just need to
make sure the persistent definition uses this new name too.

https://bugzilla.redhat.com/show_bug.cgi?id=1076354

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2015-05-04 22:59:51 +02:00
Cole Robinson
e94979e901 polkit: Allow password-less access for 'libvirt' group
Many users, who admin their own machines, want to be able to access
system libvirtd via tools like virt-manager without having to enter
a root password. Just google 'virt-manager without password' and
you'll find many hits. I've read at least 5 blog posts over the years
describing slightly different ways of achieving this goal.

Let's finally add official support for this.

Install a polkit-1 rules file granting password-less auth for any user
in the new 'libvirt' group. Create the group on RPM install

https://bugzilla.redhat.com/show_bug.cgi?id=957300
2015-05-04 12:57:06 -04:00
Cole Robinson
28c547ed6d storage: fs: Don't try to chown directory unless user requested
Currently we try to chown any directory passed to virDirCreate,
even if the user didn't request any explicit owner/group via the
pool/vol XML.

This causes issues with qemu:///session: try to build a pool of
a root owned directory like /tmp, and it fails trying to chown the
directory to the session user. Instead it should just leave things
as they are, unless the user requests changing permissions via
the pool XML.

Similarly this is annoying if creating a storage pool via system
libvirtd of an existing directory in user $HOME, it's now owned
by root.

The virDirCreate function is pretty convoluted, since it needs to
fork off in certain specific cases. Try to document that, to make
it clear where exactly we are changing behavior.
2015-05-04 12:56:38 -04:00
Cole Robinson
262b3c05dd storage: fs: Don't attempt directory creation if it already exists
The current code attempts to handle this, but it only catches mkdir
failing with EEXIST. However if say trying to build /tmp for an
unprivileged qemu:///session, mkdir will fail with EPERM.

Rather than catch any errors, just don't attempt mkdir if the directory
already exists.
2015-05-04 12:56:38 -04:00
Cole Robinson
d6f8b35db5 storage: fs: Fill in permissions on pool refresh
This means pool XML actually reports accurate user/group/mode/label.

This uses UpdateVolTargetInfoFD in a bit of a hackish way, but it works
2015-05-04 12:56:38 -04:00
Cole Robinson
27a4c492f5 storage: fs: Don't overwrite virDirCreate error
virDirCreate will give us fine grained details about what actually failed.
2015-05-04 12:56:38 -04:00
Jiri Denemark
05cda3d3a4 virsh: Don't check migrate parameters
Just pass anything a user specified to the appropriate API. It's the API
or libvirtd that should be responsible for checking its parameters.

https://bugzilla.redhat.com/show_bug.cgi?id=1066375
https://bugzilla.redhat.com/show_bug.cgi?id=1073233

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2015-05-04 15:06:33 +02:00
Jiri Denemark
b45ec56f58 qemu: Forbid unsupported parameters for tunnelled migration
Neither migrate URI nor lister address make any sense for tunnelled
migration.

https://bugzilla.redhat.com/show_bug.cgi?id=1066375
https://bugzilla.redhat.com/show_bug.cgi?id=1073233

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2015-05-04 15:06:33 +02:00
Andrea Bolognani
320e61b26c tests: Fix grammar in comments.
Replace all occurrences of "stream write to differences to"
with "stream to write differences to".
2015-05-04 15:01:27 +02:00