Commit Graph

18791 Commits

Author SHA1 Message Date
Pavel Hrdina
5c756e580f daemon: Fix segfault by reloading daemon right after start
Libvirt could crash with segfault if user issue "service reload" right
after "service start". One possible way to crash libvirt is to run reload
during initialization of QEMU driver.

It could happen when qemu driver will initialize qemu_driver_lock but
don't have a time to set it's "config" and the SIGHUP arrives. The
reload handler tries to get qemu_drv->config during "virStorageAutostart"
and dereference it which ends with segfault.

Let's ignore all reload requests until all drivers are initialized. In
addition set driversInitialized before we enter virStateCleanup to
ignore reload request while we are shutting down.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1179981

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2015-02-18 17:51:54 +01:00
Ján Tomko
794235e813 docs: clarify nat range behavior
All the addresses from the range are used, not just those
that are in use on the host.

https://bugzilla.redhat.com/show_bug.cgi?id=1079917
2015-02-18 15:36:45 +01:00
Daniel P. Berrange
b4c7f7eaea docs: add page about virtlockd setup
Introduce some basic docs describing the virtlockd setup.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2015-02-17 13:59:54 +00:00
Daniel P. Berrange
575c839b6e docs: split out sanlock setup docs
In preparation for adding docs about virtlockd, split out
the sanlock setup docs into a separate page.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2015-02-17 13:59:19 +00:00
Pavel Hrdina
77a9dc0b8d qemu_cgroup: initialize mem_mask to NULL
If 'virNumaGetHostNodeset()' fails then the error path will try to free
uninitialized pointer mem_mask. Introduced by commit af2a1f058.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2015-02-17 14:22:50 +01:00
Prerna Saxena
5e4f49ab8a PowerPC : Forbid NULL CPU model with 'host-model' mode.
PowerPC : Forbid NULL CPU model with 'host-model' mode in qemu command line.

This ensures that an XML such as following:
...
  <cpu mode='host-model'>
    <model fallback='allow'/>
  </cpu>
...

will not generate a '-cpu host,compat=(null)' command line with qemu-system-ppc64.

Signed-off-by: Prerna Saxena <prerna@linux.vnet.ibm.com>
2015-02-17 12:20:40 +01:00
Prerna Saxena
bdbe723fcd PowerPC : Make 'qemu-system-ppc64' the default emulator on ppc64[le].
PowerPC : Explicitly associate 'qemu-system-ppc64' as the
 default emulator for all 64-bit PowerPC guests ( both Big & Little Endian )

Signed-off-by: Prerna Saxena <prerna@linux.vnet.ibm.com>
2015-02-17 12:20:40 +01:00
Luyao Huang
337265bb52 qemu: fix vm deadlock when try to use numatune in session mode
https://bugzilla.redhat.com/show_bug.cgi?id=1126762

Commit 43b67f introduced a deadlock issue when we use numatune
to change numa settings to a vm in session mode.

Jump to endjob instead of jump to cleanup.

Signed-off-by: Luyao Huang <lhuang@redhat.com>
2015-02-17 11:08:00 +01:00
Michal Privoznik
7832fac847 qemuBuildMemoryBackendStr: Report backend requirement more appropriately
So, when building the '-numa' command line, the
qemuBuildMemoryBackendStr() function does quite a lot of checks to
chose the best backend, or to check if one is in fact needed. However,
it returned that backend is needed even for this little fella:

  <numatune>
    <memory mode="strict" nodeset="0,2"/>
  </numatune>

This can be guaranteed via CGroups entirely, there's no need to use
memory-backend-ram to let qemu know where to get memory from. Well, as
long as there's no <memnode/> element, which explicitly requires the
backend. Long story short, we wouldn't have to care, as qemu works
either way. However, the problem is migration (as always). Previously,
libvirt would have started qemu with:

  -numa node,memory=X

in this case and restricted memory placement in CGroups. Today, libvirt
creates more complicated command line:

  -object memory-backend-ram,id=ram-node0,size=X
  -numa node,memdev=ram-node0

Again, one wouldn't find anything wrong with these two approaches.
Both work just fine. Unless you try to migrated from the older libvirt
into the newer one. These two approaches are, unfortunately, not
compatible. My suggestion is, in order to allow users to migrate, lets
use the older approach for as long as the newer one is not needed.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-02-17 09:07:09 +01:00
Michal Privoznik
3806480696 qemuxml2argvtest: Fake response from numad
Well, we can pretend that we've asked numad for its suggestion and let
qemu command line be built with that respect. Again, this alone has no
big value, but see later commits which build on the top of this.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-02-17 08:38:19 +01:00
Michal Privoznik
65c0fd9dfc numatune_conf: Expose virDomainNumatuneNodeSpecified
This function is going to be needed in the near future.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-02-17 08:38:19 +01:00
Luyao Huang
073bef6412 virsh: fix IP address in vncdisplay for listen type='network'
Just like the fix for domdisplay in commit 1ba815.
2015-02-16 11:20:43 +01:00
John Ferlan
4438646c0d libxl: Resolve Coverity CHECKED_RETURN
Periodically my Coverity scan will return a checked_return failure
for libxlDomainShutdownThread call to libxlDomainStart. Followed the
libxlAutostartDomain example in order to check the status, emit a
message, and continue on.
2015-02-14 07:31:41 -05:00
John Ferlan
5a36cdbcce security: Resolve Coverity RESOURCE_LEAK
Introduced by commit id 'c3d9d3bb' - return from virSecurityManagerCheckModel
wasn't VIR_FREE()'ing the virSecurityManagerGetNested allocated memory.
2015-02-14 07:31:36 -05:00
Luyao Huang
8e6492f298 lxc: Fix container cleanup for LXCProcessStart
Jumping to the cleanup label prior to starting the container failed to
properly clean everything up that is handled by the virLXCProcessCleanup
which is called if virLXCProcessStop is called on failure after the
container properly starts. Most importantly is prior to this patch none
of the stop/release hooks, host device reattachment, and network cleanup
(that is reverse of virLXCProcessSetupInterfaces).

Signed-off-by: Luyao Huang <lhuang@redhat.com>
2015-02-13 13:44:52 -05:00
John Ferlan
2b8e018ad8 lxc: Modify/add some debug messages
Modify the VIR_DEBUG message in virLXCProcessCleanup to make it clearer
about the path.  Also add some more VIR_DEBUG messages in virLXCProcessStart
in order to help debug error flow.
2015-02-13 13:44:52 -05:00
Luyao Huang
72129907c1 lxc: Move console checks in LXCProcessStart
https://bugzilla.redhat.com/show_bug.cgi?id=1176503

Move the two console checks - one for zero nconsoles present and the
other for an invalid console type to earlier in the processing rather than
getting after performing some setup that has to be undone for what amounts
to an invalid configuration.

This resolves the above bug since it's not not possible to have changed
the security labels when we cause the configuration check failure.
2015-02-13 13:44:52 -05:00
Erik Skultety
aee3b77c33 security: Refactor virSecurityManagerGenLabel
if (mgr == NULL || mgr->drv == NULL)
    return ret;

This check isn't really necessary, security manager cannot be a NULL
pointer as it is either selinux (by default) or 'none', if no other driver is
set in the config. Even with no config file driver name yields 'none'.

The other hunk checks for domain's security model validity, but we should
also check devices' security model as well, therefore this hunk is moved into
a separate function which is called by virSecurityManagerCheckAllLabel that
checks both the domain's security model and devices' security model.

https://bugzilla.redhat.com/show_bug.cgi?id=1165485
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2015-02-13 14:49:23 +01:00
Erik Skultety
c3d9d3bbc9 security: introduce virSecurityManagerCheckAllLabel function
We do have a check for valid per-domain security model, however we still
do permit an invalid security model for a domain's device (those which
are specified with <source> element).
This patch introduces a new function virSecurityManagerCheckAllLabel
which compares user specified security model against currently
registered security drivers. That being said, it also permits 'none'
being specified as a device security model.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1165485
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2015-02-13 14:37:54 +01:00
Ján Tomko
6ba5d1afec Wire up mrg_rxbuf option for qemu
<interface ...>
  ...
  <model type='virtio'/>
  <driver ...>
    <host mrg_rxbuf='off'/>
  </driver>
</interface>

will result in:
-device virtio-net-pci,mrg_rxbuf=off,...

https://bugzilla.redhat.com/show_bug.cgi?id=1186886
2015-02-13 12:31:38 +01:00
Ján Tomko
6067182b0d Add mrg_rxbuf option to virtio interfaces
Add an XML attribute to allow disabling merge of rx buffers
on the host:
<interface ...>
  ...
  <model type='virtio'/>
  <driver ...>
    <host mrg_rxbuf='off'/>
  </driver>
</interface>

https://bugzilla.redhat.com/show_bug.cgi?id=1186886
2015-02-13 12:31:38 +01:00
Michal Privoznik
e008a03324 virsh attach-interface: Allow macvtap hotplug
Our hotplug code supports macvtap insertion to guests. However, we
somehow forgot about 'attach-interface' (which tries to build XML from
passed arguments and use virDomainAttachDeviceFlags()).
New type is accessible under 'direct' type, to keep the same type as
used in domain XML.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-02-13 09:33:12 +01:00
Michal Privoznik
dd6668f174 virsh attach-interface: Use virDomainNetType{From,To}String()
Instead of verbose string to enum conversion (if STREQ() else if
STREQ() else if STREQ() ...) lets use virDomainNetType{From,To}String.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-02-13 09:33:12 +01:00
Michal Privoznik
18bcba55cd virsh attach-interface: Use enum instead of arbitrary integers
The type of interface to attach is held in the variable 'typ'.
Depending on interface type selected by user, the variable is set
either to 1 (network), or 2 (bridge). Lets use already existing
enum from domain_conf.h instead: virDomainNetType.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-02-13 09:33:12 +01:00
Michal Privoznik
9993736f45 libvirt_private.syms: Expose virDomainNetTypeFromString
The enum converters are defined in the domain_conf.h (so
accessible widely across the code), but on the symbol layer, only
virDomainNetTypeToString was exposed. However, FromString variant
is going to be needed shortly.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-02-13 09:33:12 +01:00
Pavel Hrdina
94cc577807 virprocess: fix MinGW build and RHEL-5 build
Commit b6a2828e introduced new functions to set process scheduler. There
is a small typo in ELSE path for systems where scheduler is not
available.

Also some of the definitions were introduced later in kernel. For
example RHEL-5 is running on kernel 2.6.18, but SCHED_IDLE was introduces
in 2.6.23 [1] and SCHED_BATCH in 2.6.16 [1]. We should not count only on
existence of function sched_setscheduler(), we must also check for
existence of used macros as they might not be defined.

[1] see 'man 7 sched'

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2015-02-12 18:00:21 +01:00
Zhang Bo
d618cdc965 Fix a syntax error in the description text of libvirtd.conf
not yet not -> not yet.

Signed-off-by: Zhang Bo <oscar.zhangbo@huawei.com>
2015-02-12 09:24:10 -07:00
Martin Kletzander
a0638ff219 docs: Fix version reference in vcpu/iothread scheduling
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-02-12 13:29:21 +01:00
Daniel P. Berrange
aa9aa6a975 Allow shrinking of file based volumes
While the main storage driver code allows the flag
VIR_STORAGE_VOL_RESIZE_SHRINK to be set, none of the backend
drivers are supporting it. At the very least this can work
for plain file based volumes since we just ftruncate() them
to the new size. It does not work with qcow2 volumes, but we
can arguably delegate to qemu-img for error reporting for that
instead of second guessing this for ourselves:

$ virsh vol-resize --shrink /home/berrange/VirtualMachines/demo.qcow2 2G
error: Failed to change size of volume 'demo.qcow2' to 2G

error: internal error: Child process (/usr/bin/qemu-img resize /home/berrange/VirtualMachines/demo.qcow2 2147483648) unexpected exit status 1: qemu-img: qcow2 doesn't support shrinking images yet
qemu-img: This image does not support resize

See also https://bugzilla.redhat.com/show_bug.cgi?id=1021802
2015-02-12 11:11:52 +00:00
Daniel P. Berrange
9358b63a0d qemu: do upfront check for vcpupids being null when querying pinning
The qemuDomainHelperGetVcpus attempted to report an error when the
vcpupids info was NULL. Unfortunately earlier code would clamp the
value of 'maxinfo' to 0 when nvcpupids was 0, so the error reporting
would end up being skipped.

This lead to 'virsh vcpuinfo <dom>' just returning an empty list
instead of giving the user a clear error.
2015-02-12 10:02:50 +00:00
Daniel P. Berrange
a103bb105c qemu: fix setting of VM CPU affinity with TCG
If a previous commit I fixed the incorrect handling of vcpu pids
for TCG mode QEMU:

  commit b07f3d821d
  Author: Daniel P. Berrange <berrange@redhat.com>
  Date:   Thu Dec 18 16:34:39 2014 +0000

    Don't setup fake CPU pids for old QEMU

    The code assumes that def->vcpus == nvcpupids, so when we setup
    fake CPU pids for old QEMU with nvcpupids == 1, we cause the
    later code to read off the end of the array. This has fun results
    like sche_setaffinity(0, ...) which changes libvirtd's own CPU
    affinity, or even better sched_setaffinity($RANDOM, ...) which
    changes the affinity of a random OS process.

The intent was that this would merely disable the ability to set
per-vCPU affinity. It should still have been possible to set VM
level host CPU affinity.

Unfortunately, when you set  <vcpu cpuset='0-1'>4</vcpu>, the XML
parser will internally take this & initialize an entry in the
def->cputune.vcpupin array for every VCPU. IOW this is implicitly
being treated as

  <cputune>
    <vcpupin cpuset='0-1' vcpu='0'/>
    <vcpupin cpuset='0-1' vcpu='1'/>
    <vcpupin cpuset='0-1' vcpu='2'/>
    <vcpupin cpuset='0-1' vcpu='3'/>
  </cputune>

Even more fun, the faked cputune elements are hidden from view when
querying the live XML, because their cpuset mask is the same as the
VM default cpumask.

The upshot was that it was impossible to set VM level CPU affinity.

To fix this we must update qemuProcessSetVcpuAffinities so that it
only reports a fatal error if the per-VCPU cpu mask is different
from the VM level cpu mask.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2015-02-12 10:02:50 +00:00
Marek Marczykowski-Górecki
98780c6be6 libxl: disable VNC and SDL until explicitly enabled
When initializing a libxl_domain_build_info struct with
libxl_domain_build_info_init(), VNC is enabled by default.  As a
result, VMs configured with no graphics still have VNC enabled.
This behavior is a regression wrt to the legacy Xen driver.

Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
2015-02-11 20:24:20 -07:00
Marek Marczykowski-Górecki
8703ee58bd libxl: pass ipaddr to libxl toolstack
Do not silently ignore its value. LibXL support only one address, so
refuse multiple IPs.

Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
2015-02-11 16:46:36 -07:00
Martin Kletzander
104ba5966a qemu: Add support for setting vCPU and I/O thread scheduler setting
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1178986

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-02-11 17:30:07 +01:00
Martin Kletzander
8680ea9749 docs, schema, conf: Add support for setting scheduler parameters of guest threads
In order for QEMU vCPU (and other) threads to run with RT scheduler,
libvirt needs to take care of that so QEMU doesn't have to run privileged.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1178986

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-02-11 17:30:06 +01:00
Martin Kletzander
b6a2828e53 util: Add virProcessSetScheduler() function for scheduler settings
This function uses sched_setscheduler() function so it works with
processes and threads as well (even threads not created by us, which is
what we'll need in the future).

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-02-11 17:30:06 +01:00
Laine Stump
89d26890ee domain: include portgroup in interface status xml
Prior to commit 7d5bf48474 (first appearing in libvirt 1.2.2), the
status XML of a domain's interface was missing a lot of important
information; mainly it just output the config of the interface, plus
the name of the tap device and qemu device alias. Commit 7d5bf48474
changed the status XML to include many important bits of information
that were required to make network "hook" scripts useful - bandwidth
information, vlan tag, the name of the bridge (or physical device in
the case of macvtap) that the tap/macvtap device was attached to - the
commit log for 7d5bf48474 has a very detailed explanation of the
change. For quick reference - in the example given there, prior to the
change, status XML looked like figure [C]:

      <interface type='network'>
        <source network='testnet' portgroup='admin'/>
        <target dev='macvtap0'/>
        <alias name='net0'/>
        <address type='pci' domain='0x0000' bus='0x00'
                 slot='0x03' function='0x0'/>
      </interface>

and after the change, it looked like figure [E]:

      <interface type='direct'>
        <source dev='p4p1_0' mode='bridge'/>
        <bandwidth>
            <inbound average='1000' peak='5000' burst='1024'/>
            <outbound average='128' peak='256' burst='256'/>
        </bandwidth>
        <target dev='macvtap0'/>
        <alias name='net0'/>
        <address type='pci' domain='0x0000' bus='0x00'
                 slot='0x03' function='0x0'/>
      </interface>

You'll notice that bandwidth info, physdev, and macvtap mode have been
added, but the network and portgroup names are now missing - I didn't
think that this information was of any use once the needed
bandwidth/vlan/etc config had been pulled from the network/portgroup.

I was wrong.

A few months after that change a user on IRC asked what happened to
portgroup in the status XML and described how he used it (more or less
as a tag to decide what external information to use in a hook script
that was run at startup/migration time - see
http://wiki.libvirt.org/page/OVS_and_PVLANS ). At that time I planned
to make a patch to re-add portgroup, but life intervened as that was
just prior to a transatlantic move involving several weeks of
"vacation". During this time I somehow forgot to make the patch, and
also mistakenly remembered that I *had* made it.

Subsequent to this, as a part of mprivozn's work to add support for
network-specific hooks, I did re-add the output of the network name in
status XML, but once again completely forgot about portgroup. This was
in commit a3609121 (first appearing in libvirt 1.2.11). This made the
status XML from the above example look like this:

      <interface type='direct'>
        <source network='testnet' dev='p4p1_0' mode='bridge'/>
        <bandwidth>
            <inbound average='1000' peak='5000' burst='1024'/>
            <outbound average='128' peak='256' burst='256'/>
        </bandwidth>
        <target dev='macvtap0'/>
        <alias name='net0'/>
        <address type='pci' domain='0x0000' bus='0x00'
                 slot='0x03' function='0x0'/>
      </interface>

*This* patch just adds the portgroup back to the status XML, so the
 same example interface will look like this:

      <interface type='direct'>
        <source network='testnet' portgroup='admin'
                dev='p4p1_0' mode='bridge'/>
        <bandwidth>
            <inbound average='1000' peak='5000' burst='1024'/>
            <outbound average='128' peak='256' burst='256'/>
        </bandwidth>
        <target dev='macvtap0'/>
        <alias name='net0'/>
        <address type='pci' domain='0x0000' bus='0x00'
                 slot='0x03' function='0x0'/>
      </interface>

The result is that the status XML now contains all information about
how the interface is setup (bandwidth, physical device, tap device,
etc), in addition to pointers to its origin (the network and
portgroup).
2015-02-11 11:16:16 -05:00
Laine Stump
6d1194ffc0 domain: avoid potential memory leak in virDomainGraphicsListenSet*()
virDomainGraphicsListenSetAddress() and
virDomainGraphicsListenSetNetwork() both set their respective char* to
NULL directly when asked to set it to NULL, which is okay as long as
it's already set to NULL. If these functions are ever called to clear
a listen object that has a valid string in address or network, it will
end up leaking the old value. Currently that doesn't happen, so this
is just a preemptive strike.
2015-02-11 11:05:35 -05:00
Laine Stump
699299419b domain: backfill listen address to parent <graphics> listen attribute
Prior to 0.9.4, libvirt only supported a single listen, and it had to
be an IP address:

   <graphics listen='1.2.3.4' ..../>

Starting with 0.9.4, a graphics element could have a <listen>
subelement (actually the grammar supports multiples, but all of the
drivers only support a single <listen> per <graphics>), and that
listen element can be of type='address' or type='network'. For
type='address', <listen> also has an attribute called 'address' which
contains the IP address for listening:

    <graphics ....>
      <listen type='address' address='1.2.3.4' .../>
    </graphics>

type can also be "network", and in that case listen will have a
"network" attribute which will contain the name of a libvirt
network:

    <graphics ....>
      <listen type='network' network='testnet' .../>
    </graphics>

At domain start (or migrate) time, libvirt will attempt to
find an IP address associated with that network (e.g. the IP address
of the bridge device used by the network, or the physical device
listed in <forward dev='physdev'/>) and fill in that address in the
status XML:

    <graphics ....>
      <listen type='network' network='testnet' address='1.2.3.4' .../>
    </graphics>

In the case that a <graphics> element has a <listen> subelement of
type='address', that listen subelement's "address" attribute is
backfilled into the parent graphics element's "listen" *attribute* for
backward compatibility (so that a management application unaware of
the separate <listen> element can still learn the listen
address). This backfill should be done with the IP learned from
type='network' as well, and that's what this patch does:

    <graphics listen='1.2.3.4' ....>
      <listen type='network' network='testnet' address='1.2.3.4' .../>
    </graphics>

This is a continuation of the fix for:

   https://bugzilla.redhat.com/show_bug.cgi?id=1191016
2015-02-11 11:04:25 -05:00
Luyao Huang
1ba8156cc9 virsh: fix IP address in domdisplay for listen type='network'
https://bugzilla.redhat.com/show_bug.cgi?id=1191016

virsh's domdisplay command looks in /domain/devices/graphics/@listen
of the domain's XML for the listen address, however for listen
type='network' (added in libvirt 0.9.4), the <graphics> element
doesn't have a listen attribute, but has a <listen> subelement,
*still* with no address (this is the inactive XML):

 <graphics type='spice' autoport='yes' keymap='en-us'>
  <listen type='network' network='default'/>
 </graphics>

However, at domain start time the <listen> subelement gets its address
attribute filled in once libvirt figures out the IP address associated
with the named network (this is the status XML):

 <graphics type='spice' port='5901' autoport='yes' keymap='en-us'>
  <listen type='network' address='192.168.122.1' network='default'/>
 </graphics>

So in these cases, we need to look at
/domain/devices/graphics/listen/@address instead.

Even though another patch is being pushed that will backfill
listen/@address into @listen, this patch is still useful, as it fixes
domdisplay for cases of a new virsh (with this patch) connecting to a
libvirtd that is newer than 0.9.4 but doesn't have the followup patch.

Signed-off-by: Luyao Huang <lhuang@redhat.com>
Signed-off-by: Laine Stump <laine@laine.org>
2015-02-11 10:52:22 -05:00
Pavel Hrdina
9ec8da9704 bhyvexml2argvmock: change int to size_t for tapfdSize
Commit c5b6a4a5 forget to update also this mock function.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2015-02-11 14:30:45 +01:00
John Ferlan
92f09dab50 qemu: qemuOpenFileAs - set flag VIR_FILE_OPEN_FORCE_MODE
In the event we're falling into the code that tries to create the file
in a forked environment (VIR_FILE_OPEN_FORK) we pass different mode bits,
but those are never set because the virFileOpenForceOwnerMode has a check
if the OPEN_FORCE_MODE bit is set before attempting to change the mode.

Since this is a special case it seems reasonable to set u+rw,g+rw,o
2015-02-11 07:29:29 -05:00
John Ferlan
92d9114eac virfile: Adjust error path for virFileOpenForked
Rather than have a dummy waitpid loop and return of the failure status
from recvfd, adjust the logic to save the recvfd error & fd and then
in priority order:

- if waitpid failed, use that errno value
- waitpid succeeded, but if the child exited abnormally, report failure
(use EACCES to report as return failure, since either EACCES or EPERM is
what caused us to fall into the fork+setuid path)
- waitpid succeeded, but if the child reported non-zero status, report
failure (use the errno value that the child encoded into exit status)
- waitpid succeeded, but if recvfd failed, report recvfd_errno
- waitpid and recvfd succeeded, use the fd

NOTE: Original logic to retry the open and force owner mode was
"documented" as only being attempted if we had already tried opening
with the fork+setuid, but checked flags vs. VIR_FILE_OPEN_NOFORK which
is counter to how we would get to that point. So that code was removed.
2015-02-11 07:28:58 -05:00
Luyao Huang
45853b5289 qemu: fix crash when migrateuri has no scheme
https://bugzilla.redhat.com/show_bug.cgi?id=1191355

When we attempt to migrate a vm with a migrateuri that has no scheme:

 # virsh migrate test4 --live qemu+ssh://lhuang/system --migrateuri 127.0.0.1

target libvirtd will crash because uri->scheme is NULL in
qemuMigrationPrepareDirect on this line:

     if (STRNEQ(uri->scheme, "tcp") &&

Add a value check before this line. Also fix a bug like this in
doNativeMigrate, that could only happen when destination libvirtd
returned an incorrect URI.

Signed-off-by: Luyao Huang <lhuang@redhat.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2015-02-11 13:20:30 +01:00
Zhang Bo
2d27dcb0e9 conf: Fix libvirtd crash and memory leak caused by virDomainVcpuPinDel()
The function virDomainVcpuPinDel() used vcpupin_list to stand for
def->cputune.vcpupin, which made the codes more readable.
However, in this function, it will realloc vcpupin_list later.
As the definition of realloc(), it may free vcpupin_list and then
points it to a new-realloced address, but def->cputune.vcpupin doesn't
point to the new address(it's freed however).
Thus,
1) When we refer to the def->cputune.vcpupin afterwards, which was freed
by realloc(), an INVALID READ occurs, and libvirtd may crash.
2) As no one will use vcpupin_list any more, and no one frees it(it's just
alloced by realloc()), memory leak occurs.

Part of the valgrind logs are shown as below:
==1837== Thread 15:
==1837== Invalid read of size 8
==1837==    at 0x5367337: virDomainDefFormatInternal (domain_conf.c:18392)
        which is : virBufferAsprintf(buf, "<vcpupin vcpu='%u' ",
                          def->cputune.vcpupin[i]->vcpuid);
==1837==    by 0x536966C: virDomainObjFormat (domain_conf.c:18970)
==1837==    by 0x5369743: virDomainSaveStatus (domain_conf.c:19166)
==1837==    by 0x117B26DC: qemuDomainPinVcpuFlags (qemu_driver.c:4586)
==1837==    by 0x53EA313: virDomainPinVcpuFlags (libvirt.c:9803)
==1837==    by 0x14CB7D: remoteDispatchDomainPinVcpuFlags (remote_dispatch.h:6762)
==1837==    by 0x14CC81: remoteDispatchDomainPinVcpuFlagsHelper (remote_dispatch.h:6740)
==1837==    by 0x5464C30: virNetServerProgramDispatchCall (virnetserverprogram.c:437)
==1837==    by 0x546507A: virNetServerProgramDispatch (virnetserverprogram.c:307)
==1837==    by 0x171B83: virNetServerProcessMsg (virnetserver.c:172)
==1837==    by 0x171E6E: virNetServerHandleJob (virnetserver.c:193)
==1837==    by 0x5318E78: virThreadPoolWorker (virthreadpool.c:145)
==1837==  Address 0x12ea2870 is 0 bytes inside a block of size 16 free'd
==1837==    at 0x4C291AC: realloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==1837==    by 0x52A3D14: virReallocN (viralloc.c:245)
==1837==    by 0x52A3DFB: virShrinkN (viralloc.c:372)
==1837==    by 0x52A3F57: virDeleteElementsN (viralloc.c:503)
==1837==    by 0x533939E: virDomainVcpuPinDel (domain_conf.c:15405)  //doReset为true时才会进到。
==1837==    by 0x117B2642: qemuDomainPinVcpuFlags (qemu_driver.c:4573)
==1837==    by 0x53EA313: virDomainPinVcpuFlags (libvirt.c:9803)
==1837==    by 0x14CB7D: remoteDispatchDomainPinVcpuFlags (remote_dispatch.h:6762)
==1837==    by 0x14CC81: remoteDispatchDomainPinVcpuFlagsHelper (remote_dispatch.h:6740)
==1837==    by 0x5464C30: virNetServerProgramDispatchCall (virnetserverprogram.c:437)
==1837==    by 0x546507A: virNetServerProgramDispatch (virnetserverprogram.c:307)
==1837==    by 0x171B83: virNetServerProcessMsg (virnetserver.c:172)

Steps to reproduce the problem:
1) use virDomainPinVcpuFlags() to pin a guest's vcpu to all the pcpus
of the host.

This patch uses def->cputune.vcpupin instead of vcpupin_list to do the
realloc() job, to avoid invalid read or memory leaking.

Signed-off-by: Zhang Bo <oscar.zhangbo@huawei.com>
Signed-off-by: Yue Wenyuan <yuewenyuan@huawei.com@huawei.com>
2015-02-11 10:49:39 +01:00
Erik Skultety
357f0072ca conf: forbid seclabel duplicates for domain devices
Parser checks for per-domain seclabel duplicates, so it would be nice if
it checked for per-device seclabel duplicates the same way

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1165485
2015-02-11 09:45:22 +01:00
Erik Skultety
862bbf8a5a schema: allow multiple seclabel for devices in domaincommon.rng
In our RNG schema we do allow multiple (different) seclabels per-domain,
but don't allow this for devices, yet we neither have a check in our XML parser,
nor in a post-parse callback. In that case we should allow multiple
(different) seclabels for devices as well.
2015-02-11 09:41:36 +01:00
Ján Tomko
a7c9c7a6ab Fix qemu job handling in SetSchedulerParameters
Commit c5ee5cf added a job to SetSchedulerParameters, but
forgot to change one label in the SCHED_RANGE_CHECK macro.
2015-02-10 14:36:03 +01:00
Luyao Huang
862473fa12 qemu: Implement random number generator hotunplug
Signed-off-by: Luyao Huang <lhuang@redhat.com>
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
2015-02-10 13:05:23 +01:00
Luyao Huang
980b265d08 qemu: Implement random number generator hotplug
Export the required helpers and add backend code to hotplug RNG devices.

Signed-off-by: Luyao Huang <lhuang@redhat.com>
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
2015-02-10 13:05:22 +01:00