Commit Graph

11347 Commits

Author SHA1 Message Date
Eric Blake
323c2cc46c maint: simplify driver registration at startup
We had a lot of repetition of errors that would occur if we
ever register too many drivers; this is unlikely to occur
unless we start adding a lot of new hypervisor modules, but
if it does occur, it's better to have uniform handling of the
situation, so that a one-line change is all that would be
needed if we decide that an internal error is not the best.

* src/libvirt.c (virDriverCheckTabMaxReturn): New define.
(virRegister*Driver): Use it for less code duplication.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-16 12:29:25 -07:00
Eric Blake
27553573f2 maint: clean up error reporting in migration
The choice of error message and category was not consistent
in the migration code; furthermore, the use of virLibConnError
is no longer necessary now that we have a generic virReportError.

* src/qemu/qemu_migration.c (virDomainMigrate*): Prefer
virReportError over virLibConnError.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-16 12:28:17 -07:00
Eric Blake
c8ed177af4 maint: don't lose error on canceled migration
While auditing the error reporting, I noticed that migration
had some issues.  Some of the static helper functions tried
to call virDispatchError(), even though their caller will also
report the error.  Also, if a migration is cancelled early
because a uri was not set, we did not guarantee that the finish
stage would not overwrite the first error message.

* src/qemu/qemu_migration.c (doPeer2PeerMigrate2)
(doPeer2PeerMigrate3): Preserve first error when cancelling.
* src/libvirt.c (virDomainMigrateVersion3Full): Likewise.
(virDomainMigrateVersion1, virDomainMigrateVersion2)
(virDomainMigrateDirect): Avoid redundant error dispatch.
(virDomainMigrateFinish2, virDomainMigrateFinish3)
(virDomainMigrateFinish3Params): Don't report error on cleanup
path.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-16 12:26:54 -07:00
Eric Blake
25221a1b21 maint: avoid nested use of virConnect{Ref,Close}
The public virConnectRef and virConnectClose API are just thin
wrappers around virObjectRef/virObjectRef, with added object
validation and an error reset.  Within our backend drivers, use
of the object validation is just an inefficiency since we always
pass valid objects.  More important to think about is what
happens with the error reset; our uses of virConnectRef happened
to be safe (since we hadn't encountered any earlier errors), but
in several cases the use of virConnectClose could lose a real
error.

Ideally, we should also avoid calling virConnectOpen() from
within backend drivers - but that is a known situation that
needs much more design work.

* src/qemu/qemu_process.c (qemuProcessReconnectHelper)
(qemuProcessReconnect): Avoid nested public API call.
* src/qemu/qemu_driver.c (qemuAutostartDomains)
(qemuStateInitialize, qemuStateStop): Likewise.
* src/qemu/qemu_migration.c (doPeer2PeerMigrate): Likewise.
* src/storage/storage_driver.c (storageDriverAutostart):
Likewise.
* src/uml/uml_driver.c (umlAutostartConfigs): Likewise.
* src/lxc/lxc_process.c (virLXCProcessAutostartAll): Likewise.
(virLXCProcessReboot): Likewise, and avoid leaking conn on error.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-16 12:25:45 -07:00
Eric Blake
c05aebfd65 maint: don't leave garbage on early API exit
Several APIs clear out a user input buffer before attempting to
populate it; but in a few cases we missed this memset if we
detect a reason for an early exit.  Note that these APIs
check for non-NULL arguments, and exit early with an error
message when NULL is passed in; which means that we must be
careful to avoid a NULL deref in order to get to that error
message.  Also, we were inconsistent on the use of
sizeof(virType) vs. sizeof(expression); the latter is more
robust if we ever change the type of the expression (although
such action is unlikely since these types are part of our
public API).

* src/libvirt.c (virDomainGetInfo, virDomainGetBlockInfo)
(virStoragePoolGetInfo, virStorageVolGetInfo)
(virDomainGetJobInfo, virDomainGetBlockJobInfo): Move memset
before any returns.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-16 10:45:15 -07:00
Martin Kletzander
fe89b687a0 qemu: Change the default unix monitor timeout
There is a number of reported issues when we fail starting a domain.
Turns out that, in some scenarios like high load, 3 second timeout is
not enough for qemu to start up to the phase where the socket is
created.  Since there is no downside of waiting longer, raise the
timeout right to 30 seconds.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2014-01-16 17:20:08 +01:00
Peter Krempa
362da8209d storage: Introduce internal pool support
To allow using the storage driver APIs to do operation on generic domain
disks we will need to introduce internal storage pools that will give is
a base to support this stuff even on files that weren't originally
defined as a part of the pool.

This patch introduces the 'internal' flag for a storage pool that will
prevent it from being listed along with the user defined storage pools.
2014-01-16 11:39:53 +01:00
Peter Krempa
b3c1a25df8 storage: Sheepdog: Separate creating of the volume from building
Separate the steps to create libvirt's volume metadata from the actual
volume building process.
2014-01-16 11:39:53 +01:00
Peter Krempa
e103acba23 storage: RBD: Separate creating of the volume from building
Separate the steps to create libvirt's volume metadata from the actual
volume building process.
2014-01-16 11:39:53 +01:00
Peter Krempa
67ccf91bf2 storage: disk: Separate creating of the volume from building
Separate the steps to create libvirt's volume metadata from the actual
volume building process.
2014-01-16 11:39:53 +01:00
Peter Krempa
af1fb38f55 storage: lvm: Separate creating of the volume from building
Separate the steps to create libvirt's volume metadata from the actual
volume building process. This is already done for regular file based
pools to allow job support for storage APIs.
2014-01-16 11:39:53 +01:00
Peter Krempa
7de048829a storage: Support deletion of volumes on gluster pools
Implement the "deleteVol" storage backend function for gluster volumes.
2014-01-16 11:39:53 +01:00
Christophe Fergeau
9b73290f46 conf: Always use VIR_ERR_CONFIG_UNSUPPORTED on enumFromString() failures
Currently, during XML parsing, when a call to a FromString() function to
get an enum value fails, the error which is reported is either
VIR_ERR_CONFIG_UNSUPPORTED, VIR_ERR_INTERNAL_ERROR or VIR_ERR_XML_ERROR.

This commit makes such conversion failures consistently return
VIR_ERR_CONFIG_UNSUPPORTED.
2014-01-16 11:09:43 +01:00
Eric Blake
f9f5634053 event: filter global events by domain:getattr ACL [CVE-2014-0028]
Ever since ACL filtering was added in commit 7639736 (v1.1.1), a
user could still use event registration to obtain access to a
domain that they could not normally access via virDomainLookup*
or virConnectListAllDomains and friends.  We already have the
framework in the RPC generator for creating the filter, and
previous cleanup patches got us to the point that we can now
wire the filter through the entire object event stack.

Furthermore, whether or not domain:getattr is honored, use of
global events is a form of obtaining a list of networks, which
is covered by connect:search_domains added in a93cd08 (v1.1.0).
Ideally, we'd have a way to enforce connect:search_domains when
doing global registrations while omitting that check on a
per-domain registration.  But this patch just unconditionally
requires connect:search_domains, even when no list could be
obtained, based on the following observations:
1. Administrators are unlikely to grant domain:getattr for one
or all domains while still denying connect:search_domains - a
user that is able to manage domains will want to be able to
manage them efficiently, but efficient management includes being
able to list the domains they can access.  The idea of denying
connect:search_domains while still granting access to individual
domains is therefore not adding any real security, but just
serves as a layer of obscurity to annoy the end user.
2. In the current implementation, domain events are filtered
on the client; the server has no idea if a domain filter was
requested, and must therefore assume that all domain event
requests are global.  Even if we fix the RPC protocol to
allow for server-side filtering for newer client/server combos,
making the connect:serach_domains ACL check conditional on
whether the domain argument was NULL won't benefit older clients.
Therefore, we choose to document that connect:search_domains
is a pre-requisite to any domain event management.

Network events need the same treatment, with the obvious
change of using connect:search_networks and network:getattr.

* src/access/viraccessperm.h
(VIR_ACCESS_PERM_CONNECT_SEARCH_DOMAINS)
(VIR_ACCESS_PERM_CONNECT_SEARCH_NETWORKS): Document additional
effect of the permission.
* src/conf/domain_event.h (virDomainEventStateRegister)
(virDomainEventStateRegisterID): Add new parameter.
* src/conf/network_event.h (virNetworkEventStateRegisterID):
Likewise.
* src/conf/object_event_private.h (virObjectEventStateRegisterID):
Likewise.
* src/conf/object_event.c (_virObjectEventCallback): Track a filter.
(virObjectEventDispatchMatchCallback): Use filter.
(virObjectEventCallbackListAddID): Register filter.
* src/conf/domain_event.c (virDomainEventFilter): New function.
(virDomainEventStateRegister, virDomainEventStateRegisterID):
Adjust callers.
* src/conf/network_event.c (virNetworkEventFilter): New function.
(virNetworkEventStateRegisterID): Adjust caller.
* src/remote/remote_protocol.x
(REMOTE_PROC_CONNECT_DOMAIN_EVENT_REGISTER)
(REMOTE_PROC_CONNECT_DOMAIN_EVENT_REGISTER_ANY)
(REMOTE_PROC_CONNECT_NETWORK_EVENT_REGISTER_ANY): Generate a
filter, and require connect:search_domains instead of weaker
connect:read.
* src/test/test_driver.c (testConnectDomainEventRegister)
(testConnectDomainEventRegisterAny)
(testConnectNetworkEventRegisterAny): Update callers.
* src/remote/remote_driver.c (remoteConnectDomainEventRegister)
(remoteConnectDomainEventRegisterAny): Likewise.
* src/xen/xen_driver.c (xenUnifiedConnectDomainEventRegister)
(xenUnifiedConnectDomainEventRegisterAny): Likewise.
* src/vbox/vbox_tmpl.c (vboxDomainGetXMLDesc): Likewise.
* src/libxl/libxl_driver.c (libxlConnectDomainEventRegister)
(libxlConnectDomainEventRegisterAny): Likewise.
* src/qemu/qemu_driver.c (qemuConnectDomainEventRegister)
(qemuConnectDomainEventRegisterAny): Likewise.
* src/uml/uml_driver.c (umlConnectDomainEventRegister)
(umlConnectDomainEventRegisterAny): Likewise.
* src/network/bridge_driver.c
(networkConnectNetworkEventRegisterAny): Likewise.
* src/lxc/lxc_driver.c (lxcConnectDomainEventRegister)
(lxcConnectDomainEventRegisterAny): Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-15 13:55:21 -07:00
Eric Blake
8d9d098b6d event: wire up RPC for server-side network event filtering
We haven't had a release with network events yet, so we are free
to fix the RPC so that it actually does what we want.  Doing
client-side filtering of per-network events is inefficient if a
connection is only interested in events on a single network out
of hundreds available on the server.  But to do server-side
per-network filtering, the server needs to know which network
to filter on - so we need to pass an optional network over on
registration.  Furthermore, it is possible to have a client with
both a global and per-network filter; in the existing code, the
server sends only one event and the client replicates to both
callbacks.  But with server-side filtering, the server will send
the event twice, so we need a way for the client to know which
callbackID is sending an event, to ensure that the client can
filter out events from a registration that does not match the
callbackID from the server.  Likewise, the existing style of
deregistering by eventID alone is fine; but in the new style,
we have to remember which callbackID to delete.

This patch fixes the RPC wire definition to contain all the
needed pieces of information, and hooks into the server and
client side improvements of the previous patches, in order to
switch over to full server-side filtering of network events.
Also, since we fixed this in time, all released versions of
libvirtd that support network events also support per-network
filtering, so we can hard-code that assumption into
network_event.c.

Converting domain events to server-side filtering will require
the introduction of new RPC numbers, as well as a server
feature bit that the client can use to tell whether to use
old-style (server only supports global events) or new-style
(server supports filtered events), so that is deferred to a
later set of patches.

* src/conf/network_event.c (virNetworkEventStateRegisterClient):
Assume server-side filtering.
* src/remote/remote_protocol.x
(remote_connect_network_event_register_any_args): Add network
argument.
(remote_connect_network_event_register_any_ret): Return callbackID
instead of count.
(remote_connect_network_event_deregister_any_args): Pass
callbackID instead of eventID.
(remote_connect_network_event_deregister_any_ret): Drop unused
type.
(remote_network_event_lifecycle_msg): Add callbackID.
* daemon/remote.c
(remoteDispatchConnectNetworkEventDeregisterAny): Drop unused arg,
and deal with callbackID from client.
(remoteRelayNetworkEventLifecycle): Pass callbackID.
(remoteDispatchConnectNetworkEventRegisterAny): Likewise, and
recognize non-NULL network.
* src/remote/remote_driver.c
(remoteConnectNetworkEventRegisterAny): Pass network, and track
server side id.
(remoteConnectNetworkEventDeregisterAny): Deregister by callback id.
(remoteNetworkBuildEventLifecycle): Pass remote id to event queue.
* src/remote_protocol-structs: Regenerate.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-15 13:55:21 -07:00
Eric Blake
a59097e569 event: add notion of remoteID for filtering client network events
In order to mirror a server with per-object filtering, the client
needs to track which server callbackID is servicing the client
callback.  This patch introduces the notion of a serverID, as
well as the plumbing to use it for network events, although the
actual complexity of using per-object filtering in the remote
driver is deferred to a later patch.

* src/conf/object_event.h (virObjectEventStateEventID): Add parameter.
(virObjectEventStateQueueRemote, virObjectEventStateSetRemote):
New prototypes.
(virObjectEventStateRegisterID): Move...
* src/conf/object_event_private.h: ...here, and add parameter.
(_virObjectEvent): Add field.
* src/conf/network_event.h (virNetworkEventStateRegisterClient): New
prototype.
* src/conf/object_event.c (_virObjectEventCallback): Add field.
(virObjectEventStateSetRemote): New function.
(virObjectEventStateQueue): Make wrapper around...
(virObjectEventStateQueueRemote): New function.
(virObjectEventCallbackListCount): Tweak return count when remote
id matching is used.
(virObjectEventCallbackLookup, virObjectEventStateRegisterID):
Tweak registration when remote id matching will be used.
(virObjectEventNew): Default to no remote id.
(virObjectEventCallbackListAddID): Likewise, but set remote id
when one is available.
(virObjectEventCallbackListRemoveID)
(virObjectEventCallbackListMarkDeleteID): Adjust return value when
remote id was set.
(virObjectEventStateEventID): Query existing id.
(virObjectEventDispatchMatchCallback): Require matching event id.
(virObjectEventStateCallbackID): Adjust caller.
* src/conf/network_event.c (virNetworkEventStateRegisterClient): New
function.
(virNetworkEventStateRegisterID): Update caller.
* src/conf/domain_event.c (virDomainEventStateRegister)
(virDomainEventStateRegisterID): Update callers.
* src/remote/remote_driver.c
(remoteConnectNetworkEventRegisterAny)
(remoteConnectNetworkEventDeregisterAny)
(remoteConnectDomainEventDeregisterAny): Likewise.
(remoteEventQueue): Hoist earlier to avoid forward declaration,
and add parameter.  Adjust all callers.
* src/libvirt_private.syms (conf/object_event.h): Drop function.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-15 13:55:21 -07:00
Peter Krempa
b952cbbcca qemu: Avoid operations on NULL monitor if VM fails early
https://bugzilla.redhat.com/show_bug.cgi?id=1047659

If a VM dies very early during an attempted connect to the guest agent
while the locks are down the domain monitor object will be freed. The
object is then accessed later as any failure during guest agent startup
isn't considered fatal.

In the current upstream version this doesn't lead to a crash as
virObjectLock called when entering the monitor in
qemuProcessDetectVcpuPIDs checks the pointer before attempting to
dereference (lock) it. The NULL pointer is then caught in the monitor
helper code.

Before the introduction of virObjectLockable - observed on 0.10.2 - the
pointer is locked directly via virMutexLock leading to a crash.

To avoid this problem we need to differentiate between the guest agent
not being present and the VM quitting when the locks were down. The fix
reorganizes the code in qemuConnectAgent to add the check and then adds
special handling to the callers.
2014-01-15 18:04:25 +01:00
Pavel Hrdina
67fbf129fc Fix possible memory leak in util/virxml.c
A "xmlstr" string may not be assigned into a "doc" pointer and it
could cause memory leak. To fix it if the "doc" pointer is NULL and
the "xmlstr" string is not assigned we should free it.

This has been found by coverity.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2014-01-15 11:11:34 +01:00
Pavel Hrdina
788e6cb25b Fix possible memory leak in phyp_driver.c
There could be a memory leak caused by "managed_system" string, if any
error occurs before "managed_system" is assigned into
"phyp_driver->managed_system". The "managed_system" string wouldn't be
freed at all. The better way is to free the "managed_system" instead
of the one assigned in the "phyp_driver".

This has been found by coverity.

Pointed out by John, that the "phyp_driver->xmlopt" needs to be
unreferenced as well.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Signed-off-by: John Ferlan <jferlan@redhat.com>
2014-01-15 11:11:34 +01:00
Pavel Hrdina
7ed02a0003 Fix memory leak in openvz_conf.c
If there is no error while executing a function "openvzParseBarrierLimit"
a "str" string where is duplicate of a "value" string isn't freed and it
leads into memory leak.

This has been found by coverity.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2014-01-15 11:11:34 +01:00
Jiri Denemark
066c8ef6c1 Really don't crash if a connection closes early
https://bugzilla.redhat.com/show_bug.cgi?id=1047577

When writing commit 173c291, I missed the fact virNetServerClientClose
unlocks the client object before actually clearing client->sock and thus
it is possible to hit a window when client->keepalive is NULL while
client->sock is not NULL. I was thinking client->sock == NULL was a
better check for a closed connection but apparently we have to go with
client->keepalive == NULL to actually fix the crash.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2014-01-13 21:45:48 +01:00
Peter Krempa
fbe472d583 storage: FS: Tweak some comments and fix typos 2014-01-13 21:24:03 +01:00
Eric Blake
c91d13bd0f build: fix build on mingw with winpthreads
On my Fedora 20 box with mingw cross-compiler, the build failed with:

../../src/rpc/virnetclient.c: In function 'virNetClientSetTLSSession':
../../src/rpc/virnetclient.c:745:14: error: unused variable 'oldmask' [-Werror=unused-variable]
     sigset_t oldmask, blockedsigs;
              ^

I traced it to the fact that mingw64-winpthreads installs a header
that does #define pthread_sigmask(...) 0, which means any argument
only ever passed to pthread_sigmask is reported as unused.  This
patch works around the compilation failure, with behavior no worse
than what mingw already gives us regarding the function being a
no-op.

* configure.ac (pthread_sigmask): Probe for broken mingw macro.
* src/util/virutil.h (pthread_sigmask): Rewrite to something that
avoids unused variables.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-13 09:14:11 -07:00
Peter Krempa
d952619894 storage: Break long lines and clean up spaces in storage backend header 2014-01-13 11:21:33 +01:00
Jiri Denemark
173c291473 Don't crash if a connection closes early
https://bugzilla.redhat.com/show_bug.cgi?id=1047577

When a client closes its connection to libvirtd early during
virConnectOpen, more specifically just after making
REMOTE_PROC_CONNECT_SUPPORTS_FEATURE call to check if
VIR_DRV_FEATURE_PROGRAM_KEEPALIVE is supported without even waiting for
the result, libvirtd may crash due to a race in keep-alive
initialization. Once receiving the REMOTE_PROC_CONNECT_SUPPORTS_FEATURE
call, the daemon's event loop delegates it to a worker thread. In case
the event loop detects EOF on the connection and calls
virNetServerClientClose before the worker thread starts to handle
REMOTE_PROC_CONNECT_SUPPORTS_FEATURE call, client->keepalive will be
disposed by the time virNetServerClientStartKeepAlive gets called from
remoteDispatchConnectSupportsFeature. Because the flow is common for
both authenticated and read-only connections, even unprivileged clients
may cause the daemon to crash.

To avoid the crash, virNetServerClientStartKeepAlive needs to check if
the connection is still open before starting keep-alive protocol.

Every libvirt release since 0.9.8 is affected by this bug.
2014-01-13 11:09:59 +01:00
Daniel P. Berrange
53a699a07b Exercise the ABI stability check code in test suite
Any test suite which involves a virDomainDefPtr should
call virDomainDefCheckABIStability with itself just as
a basic sanity check that the identity-comparison always
succeeds. This would have caught the recent NULL pointer
access crash.

Make sure we cope with def->name being NULL since the
VMWare config parser produces NULL names.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-01-10 20:32:48 +00:00
Peter Krempa
558ffad55e storage: Improve error message when a storage backend is missing
Include the name of the storage backend in the error message instead of
just the number.
2014-01-10 09:39:57 +01:00
Peter Krempa
af38f83074 storage: lvm: Avoid forward decl of virStorageBackendLogicalDeleteVol
Change code ordering to avoid the need for a forward declaration.
2014-01-10 09:39:57 +01:00
Peter Krempa
1c0e2b6099 storage: fs: Fix comment for virStorageBackendFileSystemDelete
The comment was talking about creating the pool while the function is
deleting it. Fix the mismatch.
2014-01-10 09:35:30 +01:00
Claudio Bley
c4dadf2393 Clarify documentation on possible return values in case of errors 2014-01-10 09:30:57 +01:00
Eric Blake
f86e463040 event: don't queue NULL event on OOM
Ever since commit 61ac8ce, Coverity complained about
remoteNetworkBuildEventLifecycle not checking for NULL failure
to build an event, compared to other calls in the code base.
But the problem is latent from copy and paste; all 17 of our
remote*BuildEvent* functions in remote_driver.c have the same
issue - if an OOM causes an event to not be built, we happily
pass NULL to remoteEventQueue(), but that function has marked
event as a nonnull parameter.  We were getting lucky (the
event queue's first use of the event happened to be a call to
virIsObjectClass(), which acts gracefully on NULL, so there
was no way to crash); but this is a latent bug waiting to bite
us due to the disregard for the nonnull attribute, as well as
a waste of resources in the event queue.  Better is to just
refuse to queue NULL.  The discard is silent, since the problem
only happens on OOM, and since events are already best effort -
if we fail to get an event, it's not like we have any memory
left to report the issue, nor any idea of who would benefit
from knowing we couldn't create or queue the event.

* src/remote/remote_driver.c (remoteEventQueue): Ignore NULL event.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-09 20:21:38 -07:00
Eric Blake
3d007cb5f8 virt-login-shell: fix regressions in behavior
Our fixes for CVE-2013-4400 were so effective at "fixing" bugs
in virt-login-shell that we ended up fixing it into a useless
do-nothing program.

Commit 3e2f27e1 picked the name LIBVIRT_SETUID_RPC_CLIENT for
the witness macro when we are doing secure compilation.  But
commit 9cd6a57d checked whether the name IN_VIRT_LOGIN_SHELL,
from an earlier version of the patch series, was defined; with
the net result that virt-login-shell invariably detected that
it was setuid and failed virInitialize.

Commit b7fcc799 closed all fds larger than stderr, but in the
wrong place.  Looking at the larger context, we mistakenly did
the close in between obtaining the set of namespace fds, then
actually using those fds to switch namespace, which means that
virt-login-shell will ALWAYS fail.

This is the minimal patch to fix the regressions, although
further patches are also worth having to clean up poor
semantics of the resulting program (for example, it is rude to
not pass on the exit status of the wrapped program back to the
invoking shell).

* tools/virt-login-shell.c (main): Don't close fds until after
namespace swap.
* src/libvirt.c (virGlobalInit): Use correct macro.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-09 15:05:04 -07:00
Eric Blake
dd0e04d9d0 maint: improve VIR_ERR_INVALID_DOMAIN_SNAPSHOT usage
The existing check of domain snapshots validated that they
point to a domain, but did not validate that the domain
points to a connection, even though any errors blindly assume
the connection is valid.  On the other hand, as mentioned in
commit 6e130ddc, any valid domain is already tied to a valid
connection, and VIR_IS_SNAPSHOT vs. VIR_IS_DOMAIN_SNAPSHOT
makes no real difference; it's best to just validate the chain
of all three.  For consistency with previous patches, continue
the trend of using a common macro.  For now, we don't need
virCheckDomainSnapshotGoto().

* src/datatypes.h (virCheckDomainSnapshotReturn): New macro.
(VIR_IS_SNAPSHOT, VIR_IS_DOMAIN_SNAPSHOT):
Drop unused macros.
* src/libvirt.c: Use macro throughout.
(virLibDomainSnapshotError): Drop unused macro.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-09 14:47:02 -07:00
Eric Blake
7d0a0ab7dd maint: improve VIR_ERR_INVALID_NWFILTER usage
While all errors related to invalid nwfilters appeared to be
consistent, we might as well continue the trend of using a
common macro.  As in commit 6e130ddc, the difference between
VIR_IS_NWFILTER and VIR_IS_CONNECTED_NWFILTER is moot, since
reference counting means any valid nwfilter is also tied to
a valid connection.  For now, we don't need virCheckNWFilterGoto().

* src/datatypes.h (virCheckNWFilterReturn): New macro.
(VIR_IS_NWFILTER, VIR_IS_CONNECTED_NWFILTER): Drop unused macros.
* src/libvirt.c: Use macro throughout.
(virLibNWFilterError): Drop unused macro.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-09 14:35:08 -07:00
Eric Blake
101f176ae4 maint: improve VIR_ERR_INVALID_STREAM usage
For streams validation, we weren't consistent on whether to
use VIR_FROM_NONE or VIR_FROM_STREAMS.  Furthermore, in many
API, we want to ensure that a stream is tied to the same
connection as the other object we are operating on; while
other API failed to validate the stream at all.  And the
difference between VIR_IS_STREAM and VIR_IS_CONNECTED_STREAM
is moot; as in commit 6e130ddc, we know that reference
counting means a valid stream will always be tied to a valid
connection.  Similar to previous patches, use a common macro
to make it nicer.

* src/datatypes.h (virCheckStreamReturn, virCheckStreamGoto):
New macros.
(VIR_IS_STREAM, VIR_IS_CONNECTED_STREAM): Drop unused macros.
* src/libvirt.c: Use macro throughout.
(virLibStreamError): Drop unused macro.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-09 14:13:01 -07:00
Eric Blake
916273eb94 maint: improve VIR_ERR_INVALID_SECRET usage
While all errors related to invalid secrets appeared to be
consistent, we might as well continue the trend of using a
common macro.  Just as in commit 6e130ddc, the difference
between VIR_IS_SECRET and VIR_IS_CONNECTED_SECRET is moot
(due to reference counting, any valid secret must be tied to
a valid domain).  For now, we don't need virCheckSecretGoto().

* src/datatypes.h (virCheckSecretReturn): New macro.
(VIR_IS_SECRET, VIR_IS_CONNECTED_SECRET): Drop unused macros.
* src/libvirt.c: Use macro throughout.
(virLibSecretError): Drop unused macro.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-09 13:55:20 -07:00
Eric Blake
9ec935d565 maint: improve VIR_ERR_INVALID_NODE_DEVICE usage
While all errors related to invalid node device appeared to be
consistent, we might as well continue the trend of using a
common macro.  For now, we don't need virCheckNodeDeviceGoto().

* src/datatypes.h (virCheckNodeDeviceReturn): New macro.
(VIR_IS_NODE_DEVICE, VIR_IS_CONNECTED_NODE_DEVICE): Drop
unused macros.
* src/libvirt.c: Use macro throughout.
(virLibNodeDeviceError): Drop unused macro.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-09 11:29:45 -07:00
Martin Kletzander
2a6395aa1d storage: fix crash when listing volumes or undefining a pool
The commit cad3cf9a95 introduced a crash
due to wrong order of parameters being passed to the function.  When
deleting an element, the function decreased the iterator instead of
count and if listing volumes after that (or undefining the pool, NULL
was being dereferenced.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2014-01-09 16:48:11 +01:00
Michal Privoznik
4f588a1b46 qemuBuildNicDevStr: Set vectors= on Multiqueue
Yet another advice appeared on the Multiqueue wiki page:

http://www.linux-kvm.org/page/Multiqueue#Enable_MQ_feature

We should add vectors=N onto the qemu command line, where
N = 2 * (number of queues) + 1.
2014-01-09 15:23:57 +01:00
Eric Blake
097c9b52f4 maint: improve VIR_ERR_INVALID_STORAGE_VOL usage
For storage volume validation, we weren't consistent on
whether to use VIR_FROM_NONE or VIR_FROM_STORAGE.  Similar
to previous patches, use a common macro to make it nicer.
Furthermore, just as in commit 6e130ddc, the difference
between VIR_IS_STORAGE_VOL and VIR_IS_CONNECTED_STORAGE_VOL
is moot (due to reference counting, any valid volume must
be tied to a valid connection).

virStorageVolCreateXMLFrom allows cross-connection cloning,
where the error is reported against the connection of the
destination pool.

* src/datatypes.h (virCheckStorageVolReturn)
(virCheckStorageVolGoto): New macros.
(VIR_IS_STORAGE_VOL, VIR_IS_CONNECTED_STORAGE_VOL): Drop
unused macros.
* src/libvirt.c: Use macro throughout.
(virLibStorageVolError): Drop unused macro.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-09 06:53:26 -07:00
Guido Günther
1b9f5aa7fe Add Documentation fields to systemd service files
We point to the manpages where available and redirect to libvirt's
homepage as a last resort.
2014-01-09 09:32:55 +01:00
Stefan Bader
e1459c1fe8 libxl: Fix devid init in libxlMakeNicList
This basically reverts commit ba64b97134
"libxl: Allow libxl to set NIC devid". However assigning devid's
before calling libxlMakeNic does not work as that is calling
libxl_device_nic_init which sets it back to -1.
Right now auto-assignment only works in the hotplug case. But even if
that would be fixed at some point (if that is possible at all), this
would add a weird dependency between Xen and libvirt versions.
The change here should accept any auto-assignment that makes it into
libxl_device_nic_init. My understanding is that a caller always is
allowed to make the devid choice itself. And assuming libxlMakeNicList
is only used on domain creation, a sequential numbering should be ok.

Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
2014-01-08 19:07:01 -07:00
Eric Blake
8add79a991 maint: improve VIR_ERR_INVALID_STORAGE_POOL usage
virStoragePoolBuild reported an invalid pool as if it were an
invalid network.  Likewise, we weren't consistent on whether to
use VIR_FROM_NONE or VIR_FROM_STORAGE.  Similar to previous
patches, use a common macro to make it nicer.  Furthermore, just
as in commit 6e130ddc, the difference between VIR_IS_STORAGE_POOL
and VIR_IS_CONNECTED_STORAGE_POOL is moot (due to reference
counting, any valid pool must be tied to a valid connection).
For now, we don't need virCheckStoragePoolGoto().

* src/datatypes.h (virCheckStoragePoolReturn): New macro.
(VIR_IS_STORAGE_POOL, VIR_IS_CONNECTED_STORAGE_POOL): Drop
unused macros.
* src/libvirt.c: Use macro throughout.
(virLibStoragePoolError): Drop unused macro.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-08 15:33:57 -07:00
Richard W.M. Jones
e093351209 test driver: Add authentication to test driver.
There is no easy way to test authentication against libvirt.  This
commit modifies the test driver to allow simple username/password
authentication.

You modify the test XML by adding:

 <node>
   ...
   <auth>
     <user password="123456">rich</user>
     <user>jane</user>
   </auth>
 </node>

If there are any /node/auth/user elements, then authentication is
required by the test driver (if none are present, then the test driver
will work as before and not require authentication).

In the example above, two phony users are added:

 rich  password: 123456
 jane  no password required

The test driver will demand a username.  If the password attribute is
present (or if the username entered is wrong), then the password is
also asked for and checked:

 $ virsh -c test://$(pwd)/testnode.xml list
 Enter username for localhost: rich
 Enter rich's password for localhost: ***
  Id    Name                           State
 ----------------------------------------------------
  1     fv0                            running
  2     fc4                            running

Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
2014-01-08 20:12:23 +00:00
Eric Blake
459532b4f7 maint: improve VIR_ERR_INVALID_INTERFACE usage
When checking for a valid interface, we weren't consistent on
whether we reported as VIR_FROM_NONE or VIR_FROM_INTERFACE.
Similar to previous patches, use a common macro to make it nicer.
Furthermore, just as in commit 6e130ddc, the difference between
VIR_IS_INTERFACE and VIR_IS_CONNECTED_INTERFACE is moot (due to
reference counting, any valid interface must be tied to a valid
connection).  For now, we don't need virCheckInterfaceGoto().

* src/datatypes.h (virCheckInterfaceReturn): New macro.
(VIR_IS_INTERFACE, VIR_IS_CONNECTED_INTERFACE): Drop unused
macros.
* src/libvirt.c: Use macro throughout.
(virLibInterfaceError): Drop unused macro.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-08 12:40:06 -07:00
Eric Blake
6d8233fea2 event: clean up client side RPC code
Commit cfd62c1 was incomplete; I found more cases where error
messages were being overwritten, and where the code between
the three registration/deregistration APIs was not consistent.

Since it is fairly easy to trigger an attempt to deregister an
unregistered object through public API, I also changed the error
message from VIR_ERR_INTERNAL_ERROR to VIR_ERR_INVALID_ARG.

* src/conf/object_event.c (virObjectEventCallbackListEventID):
Inline...
(virObjectEventStateEventID): ...into lone caller, and report
error on failure.
(virObjectEventCallbackListAddID, virObjectEventStateCallbackID)
(virObjectEventCallbackListRemoveID)
(virObjectEventCallbackListMarkDeleteID): Tweak error category.
* src/remote/remote_driver.c (remoteConnectDomainEventRegister):
Don't leak registration on failure.
(remoteConnectDomainEventDeregisterAny)
(remoteConnectNetworkEventDeregisterAny): Don't overwrite error.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-08 12:34:19 -07:00
Eric Blake
e176159374 maint: improve VIR_ERR_INVALID_NETWORK usage
When checking for a valid network, we weren't consistent on
whether we reported an invalid network or a connection.  Similar
to previous patches such as commit 6e130ddc, the difference
between VIR_IS_NETWORK and VIR_IS_CONNECTED_NETWORK is moot (due
to reference counting, any valid network must be tied to a valid
connection).  Use a common macro to make the error reporting
for invalid networks nicer.

* src/datatypes.h (virCheckNetworkReturn, virCheckNetworkGoto): New
macros.
(VIR_IS_NETWORK, VIR_IS_CONNECTED_NETWORK): Drop unused macros.
* src/libvirt.c: Use macro throughout.
(virLibNetworkError): Drop unused macro.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-08 09:38:27 -07:00
Osier Yang
6f9894856c util: Use new array management macros
Like commit 94a26c7e from Eric Blake, the old fuzzy code should
be replaced by the new array management macros now.

And the type of scsi->count should be changed into "size_t", and
thus virSCSIDeviceListCount should return size_t instead, similar
for vir{PCI,USB}DeviceListCount.
2014-01-08 23:00:34 +08:00
Gao feng
afba32b897 LXC: create monitor socket under selinux context of domain
the unix socket /var/run/libvirt/lxc/domain.sock is not created
under the selinux context which configured by <seclabel>.

If we try to connect the domain.sock under the selinux context
of domain in virtLXCProcessConnectMonitor,selinux will deny
this connect operation.

type=AVC msg=audit(1387953696.067:662): avc:  denied  { connectto } for  pid=21206 comm="libvirtd" path="/usr/local/var/run/libvirt/lxc/systemd.sock" scontext=unconfined_u:system_r:svirt_lxc_net_t:s0:c770,c848 tcontext=unconfined_u:system_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket

fix this problem by creating socket under selinux context of domain.

Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
2014-01-08 11:10:03 +01:00
Martin Kletzander
4a66ffade5 conf: trivial typo fix
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2014-01-08 10:09:56 +01:00
Michal Privoznik
8ab6f1ad5f virConnect(Un)registerCloseCallback: Unlock @conn prior to error dispatch
The function checks for @conn to be valid and locks its mutex. Then, it
checks if callee is unregistering the same callback that he registered
previously. If this fails an error is reported and  the control jumps to
'error' label. Here, if @conn has some errors (and it certainly does -
the one that's been just reported) the conn->mutex is locked again -
without any previous unlock:

  Thread 1 (Thread 0x7fb500ef1800 (LWP 18982)):
  #0  __lll_lock_wait () at ../nptl/sysdeps/unix/sysv/linux/x86_64/lowlevellock.S:135
  #1  0x00007fb4fd99ce56 in _L_lock_918 () from /lib64/libpthread.so.0
  #2  0x00007fb4fd99ccaa in __GI___pthread_mutex_lock (mutex=0x7fb50153b670) at pthread_mutex_lock.c:64
  #3  0x00007fb5007e574d in virMutexLock (m=m@entry=0x7fb50153b670) at util/virthreadpthread.c:85
  #4  0x00007fb5007b198e in virDispatchError (conn=conn@entry=0x7fb50153b5e0) at util/virerror.c:594
  #5  0x00007fb5008a3735 in virConnectUnregisterCloseCallback (conn=0x7fb50153b5e0, cb=cb@entry=0x7fb500f588e0 <vshCatchDisconnect>) at libvirt.c:21025
  #6  0x00007fb500f5d690 in vshReconnect (ctl=ctl@entry=0x7fffff60e710) at virsh.c:328
  #7  0x00007fb500f5dc50 in vshCommandRun (ctl=ctl@entry=0x7fffff60e710, cmd=0x7fb50152ca80) at virsh.c:1755
  #8  0x00007fb500f5861b in main (argc=<optimized out>, argv=<optimized out>) at virsh.c:3393

And since the conn's mutex is not recursive, the virDispatchError will
never ever lock it successfully.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-01-08 09:12:57 +01:00
Eric Blake
c2aa14b4e2 maint: inline VIR_IS*_DOMAIN macro
Cleanup after a previous patch, commit 6e130dd.  In particular,
note that xenDomainUsedCpus can only be reached from
xenUnifiedDomainGetXMLDesc, which in turn is only reached from
public API that already validated the domain.

* src/xen/xen_driver.c (xenDomainUsedCpus): Drop redundant check.
* src/datatypes.h (VIR_IS_DOMAIN, VIR_IS_CONNECTED_DOMAIN):
Delete, and inline into all callers, since no other file uses it
any more.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-07 21:31:35 -07:00
Eric Blake
6e130ddc4d maint: improve VIR_ERR_INVALID_DOMAIN usage
In datatype.c, virGetDomainSnapshot could result in the message:

error: invalid domain pointer in bad domain

Furthermore, while there are a few functions in libvirt.c that
only care about a virDomainPtr without regards to the connection
(such as virDomainGetName), most functions also require a valid
connection.  Yet several functions were blindly dereferencing
the conn member without checking it for validity first (such as
virDomainOpenConsole).  Rather than try and correct all usage
of VIR_IS_DOMAIN vs. VIR_IS_CONNECTED_DOMAIN, it is easier to
just blindly require that a valid domain object always has a
valid connection object (which should be true anyways, since
every domain object holds a reference to its connection, so the
connection will not be closed until all domain objects have
also been closed to release their reference).

After this patch, all places that validate a domain consistently
report:

error: invalid domain pointer in someFunc

* src/datatypes.h (virCheckDomainReturn, virCheckDomainGoto): New
macros.
* src/datatypes.c (virGetDomainSnapshot): Use new macro.
(virLibConnError): Delete unused macro.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-07 14:38:12 -07:00
Eric Blake
36dd0bd88a event: make network events easier to use without casts
While comparing network and domain events, I noticed that the
test driver had to do a cast in one place and not the other.
For consistency, we should hide the necessary casting as low
as possible in the stack, with everything else using saner
types.

* src/conf/network_event.h (virNetworkEventStateRegisterID): Alter
type.
* src/conf/network_event.c (virNetworkEventStateRegisterID): Hoist
cast here.
* src/test/test_driver.c (testConnectNetworkEventRegisterAny):
Simplify callers.
* src/remote/remote_driver.c
(remoteConnectNetworkEventRegisterAny): Likewise.
* src/network/bridge_driver.c
(networkConnectNetworkEventRegisterAny): Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-07 13:05:27 -07:00
Eric Blake
e9568360a6 event: don't turn offline domain into global event
If a user registers for a domain event filtered to a particular
domain, but the persistent domain is offline at the time, then
the code silently failed to set up the filter.  As a result,
the event fires for all domains, rather than being filtered.
Network events were immune, since they always passed an id
0 argument.

The key to this patch is realizing that
virObjectEventDispatchMatchCallback() only cared about uuid;
so refusing to create a meta for a negative id is pointless,
and in fact, malloc'ing meta at all was overkill; instead,
just directly store a uuid and a flag of whether to filter.

Note that virObjectEventPtr still needs all fields of meta,
because this is how we reconstruct a virDomainPtr inside the
dispatch handler before calling the end user's callback
pointer with the correct object, even though only the uuid
portion of meta is used in deciding whether a callback
matches the given event.  So while uuid is optional for
callbacks, it is mandatory for events.

The change to testDomainCreateXMLMixed is merely on the setup
scenario (as you can't register for a domain unless it is either
running or persistent).  I actually first wrote that test for
this patch, then rebased it to also cover a prior patch (commit
4221d64), but had to adjust it for that patch to use Create
instead of Define for setting up the domain long enough to
register the event in order to work around this bug.  But while
the setup is changed, the main body of the test is still about
whether creation events fire as expected.

* src/conf/object_event_private.h (_virObjectEventCallback):
Replace meta with uuid and flag.
(virObjectEventCallbackListAddID): Update signature.
* src/conf/object_event.h (virObjectEventStateRegisterID):
Likewise.
* src/conf/object_event_private.h (virObjectEventNew): Document
use of name and uuid in events.
* src/conf/object_event.c (virObjectEventCallbackListAddID): Drop
arguments that don't affect filtering.
(virObjectEventCallbackListRemoveID)
(virObjectEventDispatchMatchCallback)
(virObjectEventStateRegisterID): Update clients.
* src/conf/domain_event.c (virDomainEventCallbackListAdd)
(virDomainEventStateRegisterID): Likewise.
* src/conf/network_event.c (virNetworkEventStateRegisterID):
Likewise.
* tests/objecteventtest.c (testDomainCreateXMLMixed): Enhance test.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-07 12:03:42 -07:00
Eric Blake
0cd02bca6e event: don't allow mix of old- and new-style registration
Consider these two calls, in either order:

id1 = virConnectDomainEventRegisterAny(conn, NULL,
   VIR_DOMAIN_EVENT_ID_LIFECYCLE,
   VIR_DOMAIN_EVENT_CALLBACK(callback), NULL, NULL);
virConnectDomainEventRegister(conn, callback, NULL, NULL);

Right now, the second call fails, because under the hood, the
old-style function registration is tightly coupled to the
new style lifecycle eventID, and the two calls both try
to register the same global eventID callback representation.

We've alreay documented that users should avoid old-style
registration and deregistration, so anyone heeding the advice
won't run into this situation.  But it would be even nicer if
we pretend the two interfaces are completely separate, and
disallow any cross-linking.  That is, a call to old-style
deregister should never remove a new-style callback even if it
is the same function pointer, and a call to new-style callback
using only callbackIDs obtained legitimately should never
remove an old-style callback (of course, since our callback
IDs are sequential, and there is still coupling under the
hood, you can easily guess the callbackID of an old style
registration and use new-style deregistration to nuke it - but
that starts to be blatantly bad coding on your part rather
than a surprising result on what looks like reasonable
stand-alone API).

With this patch, you can now register a global lifecycle event
handler twice, by using both old and new APIs; if such an event
occurs, your callback will be entered twice.  But that is not a
problem in practice, since it is already possible to use the
new API to register both a global and per-domain event handler
using the same function, which will likewise fire your callback
twice for that domain.  Duplicates are still prevented when
using the same API with same parameters twice (old-style twice,
new-style global twice, or new-style per-domain with same domain
twice), and things are still bounded (it is not possible to
register a single function pointer more than N+2 times per event
id, where N is the number of domains available on the connection).
Besides, it has always been possible to register as many
separate function pointers on the same event id as desired,
through either old or new style API, where the bound there is
the physical limitation of writing a program with enough
distinct function pointers.

Adding another event registration in the testsuite is sufficient
to cover this, where the test fails without the rest of the patch.

* src/conf/object_event.c (_virObjectEventCallback): Add field.
(virObjectEventCallbackLookup): Add argument.
(virObjectEventCallbackListAddID, virObjectEventStateCallbackID):
Adjust callers.
* tests/objecteventtest.c (testDomainCreateXMLMixed): Enhance test.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-07 11:43:56 -07:00
Eric Blake
995b2ebab6 event: properly filter count of remaining events
On the surface, this sequence of API calls should succeed:

id1 = virConnectDomainEventRegisterAny(..., VIR_DOMAIN_EVENT_ID_LIFECYCLE,...);
id2 = virConnectDomainEventRegisterAny(..., VIR_DOMAIN_EVENT_ID_RTC_CHANGE,...);
virConnectDomainEventDeregisterAny(id1);
id1 = virConnectDomainEventRegisterAny(..., VIR_DOMAIN_EVENT_ID_LIFECYCLE,...);

And for test:///default, it does.  But for qemu:///system, it fails:
libvirt: XML-RPC error : internal error: domain event 0 already registered

Looking closer, the bug is caused by miscommunication between
the object event engine and the client side of the remote driver.
In our implementation, we set up a single server-side event per
eventID, then the client side replicates that one event to all
callbacks that have been registered client side.  To know when
to turn the server side eventID on or off, the client side must
track how many events for the same eventID have been registered.
But while our code was filtering by eventID on event registration,
it did not filter on event deregistration.  So the above API calls
resulted in the deregister returning 1 instead of 0, so no RPC
deregister was issued, and the final register detects on the
server side that the server is already handling eventID 0.

Unfortunately, since the problem is only observable on remote
connections, it's not possible to enhance objecteventtest to
expose the semantics using only public API entry points.

* src/conf/object_event.c (virObjectEventCallbackListCount): New
function.
(virObjectEventCallbackListAddID)
(virObjectEventCallbackListRemoveID)
(virObjectEventCallbackListMarkDeleteID): Use it.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-07 10:53:24 -07:00
Lénaïc Huard
538daf7f3a Fix bridge configuration when OUTPUT policy is DROP on the host
When the host is configured with very restrictive firewall (default policy
is DROP for all chains, including OUTPUT), the bridge driver for Linux
adds netfilter entries to allow DHCP and DNS requests to go from the VM
to the dnsmasq of the host.

The issue that this commit fixes is the fact that a DROP policy on the OUTPUT
chain blocks the DHCP replies from the host’s dnsmasq to the VM.
As DHCP replies are sent in UDP, they are not caught by any --ctstate ESTABLISHED
rule and so, need to be explicitly allowed.

Signed-off-by: Lénaïc Huard <lenaic@lhuard.fr.eu.org>
2014-01-07 18:18:29 +01:00
Thadeu Lima de Souza Cascardo
9a3d7a4778 Read PCI class from sysfs class file instead of config space.
When determining if a device is behind a PCI bridge, the PCI device
class is checked by reading the config space. However, there are some
devices which have the wrong class on the config space, but the class is
initialized by Linux correctly as a PCI BRIDGE. This class can be read
by the sysfs file '/sys/bus/pci/devices/xxxx:xx:xx.x/class'.

One example of such bridge is IBM PCI Bridge 1014:03b9, which is
identified as a Host Bridge when reading the config space.

Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@linux.vnet.ibm.com>
2014-01-07 17:33:59 +01:00
Eric Blake
114aa0751e event: tighten scope of object_event
Tighten up scope after the previous patch avoided using
internals.  This will also make it easier to change
internal implementation without having to chase down quite
as many impacted callers or worrying about two files getting
implementations out of sync.

* src/conf/object_event_private.h
(virObjectEventCallbackListAddID, virObjectEventQueueClear)
(virObjectEventStateLock, virObjectEventStateUnlock)
(virObjectEventTimer): Drop prototype.
(_virObjectEventCallbackList, _virObjectEventState)
(_virObjectEventCallback): Move...
* src/conf/object_event.c: ...here.
(virObjectEventCallbackListAddID, virObjectEventQueueClear)
(virObjectEventStateLock, virObjectEventStateUnlock)
(virObjectEventTimer): Mark private.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-07 09:12:11 -07:00
Eric Blake
4221d64fcb event: don't let old-style events clobber per-domain events
Right now, the older virConnectDomainEventRegister (takes a
function pointer, returns 0 on success) and the newer
virConnectDomainEventRegisterID (takes an eventID, returns a
callbackID) share the underlying implementation (the older
API ends up consuming a callbackID for eventID 0 under the
hood).  We implemented that by a lot of copy and pasted
code between object_event.c and domain_event.c, according to
whether we are dealing with a function pointer or an eventID.
However, our copy and paste is not symmetric.  Consider this
sequence:

id1 = virConnectDomainEventRegisterAny(conn, dom,
   VIR_DOMAIN_EVENT_ID_LIFECYCLE,
   VIR_DOMAIN_EVENT_CALLBACK(callback), NULL, NULL);
virConnectDomainEventRegister(conn, callback, NULL, NULL);
virConnectDomainEventDeregister(conn, callback);
virConnectDomainEventDeregsiterAny(conn, id1);

the first three calls would succeed, but the third call ended
up nuking the id1 callbackID (the per-domain new-style handler),
then the fourth call failed with an error about an unknown
callbackID, leaving us with the global handler (old-style) still
live and receiving events.  It required another old-style
deregister to clean up the mess.  Root cause was that
virDomainEventCallbackList{Remove,MarkDelete} were only
checking for function pointer match, rather than also checking
for whether the registration was global.

Rather than playing with the guts of object_event ourselves
in domain_event, it is nicer to add a mapping function for the
internal callback id, then share common code for event removal.
For now, the function-to-id mapping is used only internally;
I thought about whether a new public API to let a user learn
the callback would be useful, but decided exposing this to the
user is probably a disservice, since we already publicly
document that they should avoid the old style, and since this
patch already demonstrates that older libvirt versions have
weird behavior when mixing old and new styles.

And like all good bug fix patches, I enhanced the testsuite,
validating that the changes in tests/ expose the failure
without the rest of the patch.

* src/conf/object_event.c (virObjectEventCallbackLookup)
(virObjectEventStateCallbackID): New functions.
(virObjectEventCallbackLookup): Use helper function.
* src/conf/object_event_private.h (virObjectEventStateCallbackID):
Declare new function.
* src/conf/domain_event.c (virDomainEventStateRegister)
(virDomainEventStateDeregister): Let common code handle the
complexity.
(virDomainEventCallbackListRemove)
(virDomainEventCallbackListMarkDelete)
(virDomainEventCallbackListAdd): Drop unused functions.
* tests/objecteventtest.c (testDomainCreateXMLMixed): New test.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-07 09:12:10 -07:00
Eric Blake
53827c125e event: rename confusing variable in test, remote drivers
Since the introduction of network events, any driver that uses
a single event state object to track both domain and network
events should not include 'domain' in the name of that object.

* src/test/test_driver.c (_testConn):
s/domainEventState/eventState/, and fix all callers.
* src/remote/remote_driver.c (private_data): Likewise.
(remoteDomainEventQueue): Rename to remoteEventQueue.
(remoteDomainEvents): Rename to remoteEvents.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-07 08:37:45 -07:00
Eric Blake
fc967c3ec9 event: share state driver between test:///default connections
Prior to this patch, every test:/// URI has its own event manager,
which means that registering for an event can only ever receive
events from the connection where it issued the API that triggered
the event.  But the whole idea of events is to be able to learn
about something where an API call did NOT trigger the action.

In order to actually test asynchronous events, I wanted to be able
to tie multiple test connections to the same state.  Use of a file
in a test URI is still per-connection state, but now parallel
connections to test:///default (from the same binary, of course)
now share common state and can affect one another.

The updated testsuite fails without the rest of this patch.
Valgrind didn't report any leaks.

* src/test/test_driver.c (testConnectOpen): Move per-connection
state initialization...
(testOpenFromFile): ...here.
(defaultConn, defaultConnections, defaultLock, testOnceInit): New
shared state.
(testOpenDefault): Only initialize on first connection.
(testConnectClose): Don't clobber state if still shared.
* tests/objecteventtest.c (testDomainStartStopEvent): Enhance to
cover this.
(timeout, mymain): Ensure test fails rather than blocks.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-07 08:30:32 -07:00
Michal Privoznik
d847792f86 lxc_controller: Fix error message on missing --handshakefd
The argument is --handshakefd not --handshake.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-01-07 16:21:03 +01:00
Michal Privoznik
0e6891106d lxc_controller: Don't leak @name
The @name variable is VIR_STRDUP()-ed into, but never freed. In fact,
there's no need to duplicate a command line argument since all places
where @name is used expect const char.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-01-07 16:21:03 +01:00
Jiri Denemark
3b56425938 qemu: Fix job usage in virDomainGetBlockIoTune
CVE-2013-6458

Every API that is going to begin a job should do that before fetching
data from vm->def.
2014-01-07 16:12:11 +01:00
Jiri Denemark
ff5f30b6bf qemu: Fix job usage in qemuDomainBlockCopy
Every API that is going to begin a job should do that before fetching
data from vm->def.
2014-01-07 16:12:01 +01:00
Jiri Denemark
f93d2caa07 qemu: Fix job usage in qemuDomainBlockJobImpl
CVE-2013-6458

Every API that is going to begin a job should do that before fetching
data from vm->def.
2014-01-07 16:10:42 +01:00
Jiri Denemark
b799259583 qemu: Avoid using stale data in virDomainGetBlockInfo
CVE-2013-6458

Generally, every API that is going to begin a job should do that before
fetching data from vm->def. However, qemuDomainGetBlockInfo does not
know whether it will have to start a job or not before checking vm->def.
To avoid using disk alias that might have been freed while we were
waiting for a job, we use its copy. In case the disk was removed in the
meantime, we will fail with "cannot find statistics for device '...'"
error message.
2014-01-07 16:10:02 +01:00
Jiri Denemark
db86da5ca2 qemu: Do not access stale data in virDomainBlockStats
CVE-2013-6458
https://bugzilla.redhat.com/show_bug.cgi?id=1043069

When virDomainDetachDeviceFlags is called concurrently to
virDomainBlockStats: libvirtd may crash because qemuDomainBlockStats
finds a disk in vm->def before getting a job on a domain and uses the
disk pointer after getting the job. However, the domain in unlocked
while waiting on a job condition and thus data behind the disk pointer
may disappear. This happens when thread 1 runs
virDomainDetachDeviceFlags and enters monitor to actually remove the
disk. Then another thread starts running virDomainBlockStats, finds the
disk in vm->def, and while it's waiting on the job condition (owned by
the first thread), the first thread finishes the disk removal. When the
second thread gets the job, the memory pointed to be the disk pointer is
already gone.

That said, every API that is going to begin a job should do that before
fetching data from vm->def.
2014-01-07 16:09:44 +01:00
Yudai Yamagish
729530749e Fix segmentation fault when accessing default qemu machine type
This patch fixes a segmentation fault when creating new virtual machines using QEMU.
The segmentation fault is caused by commit f41830680e
and commit cbb6ec42e2.

In virQEMUCapsProbeQMPMachineTypes, when copying machines to qemuCaps, "none" is skipped.
Therefore, the value of i and "qemuCaps->nmachineTypes - 1" do not always match.
However, defIdx value (used to call virQEMUCapsSetDefaultMachine) is set using the value in i
when the array elements are in qemuCaps->nmachineTypes - 1.
So, when libvirt tries to create virtual machines using the default machine type,
qemuCaps->machineTypes[defIdx] is accessed and since the defIdx is NULL, it results in segmentation fault.

Signed-off-by: Yudai Yamagishi <yummy@sfc.wide.ad.jp>
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2014-01-07 15:26:12 +01:00
Eric Blake
968fe2c8f8 maint: inline VIR_IS_CONNECT macro
Cleanup after commit db3dd08 removed all clients outside of
the .h file.

* src/datatypes.h (VIR_IS_CONNECT): Delete, and inline into all
callers, since no other file uses it any more.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-07 06:58:03 -07:00
Eric Blake
31b5bad9ff event: make deregister return value match docs
Ever since their introduction (commit 1509b80 in v0.5.0 for
virConnectDomainEventRegister, commit 4445723 in v0.8.0 for
virConnectDomainEventDeregisterAny), the event deregistration
functions have been documented as returning 0 on success;
likewise for older registration (only the newer RegisterAny
must return a non-zero callbackID).  And now that we are
adding virConnectNetworkEventDeregisterAny for v1.2.1, it
should have the same semantics.

Fortunately, all of the stateful drivers have been obeying
the docs and returning 0, thanks to the way the remote_driver
tracks things (in fact, the RPC wire protocol is unable to
send a return value for DomainEventRegisterAny, at least not
without adding a new RPC number).  Well, except for vbox,
which was always failing deregistration, due to failure to
set the return value to anything besides its initial -1.

But for local drivers, such as test:///default, we've been
returning non-zero numbers; worse, the non-zero numbers have
differed over time.  For example, in Fedora 12 (libvirt 0.8.2),
calling Register twice would return 0 and 1 [the callbackID
generated under the hood]; while in Fedora 20 (libvirt 1.1.3),
it returns 1 and 2 [the number of callbacks registered for
that event type].  Since we have changed the behavior over
time, and since it differs by local vs. remote, we can safely
argue that no one could have been reasonably relying on any
particular behavior, so we might as well obey the docs, as well
as prepare callers that might deal with older clients to not be
surprised if the docs are not strictly followed.

For consistency, this patch fixes the code for all drivers,
even though it only makes an impact for vbox and for local
drivers.  By fixing all drivers, future copy and paste from
a remote driver to a local driver is less likely to
reintroduce the bug.

Finally, update the testsuite to gain some coverage of the
issue for local drivers, including the first test of old-style
domain event registration via function pointer instead of
event id.

* src/libvirt.c (virConnectDomainEventRegister)
(virConnectDomainEventDeregister)
(virConnectDomainEventDeregisterAny): Clarify docs.
* src/libxl/libxl_driver.c (libxlConnectDomainEventRegister)
(libxlConnectDomainEventDeregister)
(libxlConnectDomainEventDeregisterAny): Match documentation.
* src/lxc/lxc_driver.c (lxcConnectDomainEventRegister)
(lxcConnectDomainEventDeregister)
(lxcConnectDomainEventDeregisterAny): Likewise.
* src/test/test_driver.c (testConnectDomainEventRegister)
(testConnectDomainEventDeregister)
(testConnectDomainEventDeregisterAny)
(testConnectNetworkEventDeregisterAny): Likewise.
* src/uml/uml_driver.c (umlConnectDomainEventRegister)
(umlConnectDomainEventDeregister)
(umlConnectDomainEventDeregisterAny): Likewise.
* src/vbox/vbox_tmpl.c (vboxConnectDomainEventRegister)
(vboxConnectDomainEventDeregister)
(vboxConnectDomainEventDeregisterAny): Likewise.
* src/xen/xen_driver.c (xenUnifiedConnectDomainEventRegister)
(xenUnifiedConnectDomainEventDeregister)
(xenUnifiedConnectDomainEventDeregisterAny): Likewise.
* src/network/bridge_driver.c
(networkConnectNetworkEventDeregisterAny): Likewise.
* tests/objecteventtest.c (testDomainCreateXMLOld): New test.
(mymain): Run it.
(testDomainCreateXML): Check return values.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-07 06:53:40 -07:00
Michal Privoznik
088ff08ce9 qemuProcessStop: Don't overwrite any errors
Currently, the qemuProcessStop tries to open the domain log file
and saves the original error afterwards. Then all the cleanup is
done after which the error is restored back. This has however one
flaw: if opening of the log file fails an error is reported,
which results in previous error being overwritten (the useful
one, e.g. "PCI device XXXX:XXXX could not be found"). Hence, user
sees something like:

  error: failed to create logfile /var/log/libvirt/qemu/ovirt_usb.log: No such file or directory

instead of:

  error: internal error: Did not find USB device 8644:8003

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reported-by: Zhou Yimin <zhouyimin@huawei.com>
2014-01-07 14:50:40 +01:00
Eric Blake
599ef94d85 maint: fix comment typos in qemu numa code
Introduced in commit 81fae6b9.

* src/qemu/qemu_driver.c (qemuDomainSetNumaParamsLive): Fix typos.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-07 06:36:41 -07:00
Roman Bogorodskiy
e7a65dc77c BSD: implement nodeGetMemoryStats
Add a BSD implementation of nodeGetMemoryStats based
on sysctl(3).
2014-01-07 06:26:33 -07:00
Minoru Usui
bcd0ac47d8 Fix argument order of qemuMigrationPerformJob().
@listenAddress and @cookiein arguments, should be exchanged,
because the order of the caller and the callee does not match.

This results in the listen address being ignored for peer-to-peer
migration and the cookie being ignored for v2 migration.

Introduced by c4ac7ef (v1.1.4-rc1~141).

https://bugzilla.redhat.com/show_bug.cgi?id=1049338

Signed-off-by: Minoru Usui <usui@mxm.nes.nec.co.jp>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2014-01-07 13:59:50 +01:00
Peter Krempa
aef39eb021 maint: Fix messy include of libvirt_internal.h
The libvirt_internal.h header was included by the internal.h header.
This made it painful to add new stuff to the header file that would
require some more specific types. Remove inclusion by internal.h and add
it to appropriate places manually.
2014-01-07 10:03:14 +01:00
Eric Blake
db3dd0824f maint: improve VIR_ERR_INVALID_CONN usage
The datatype.c object checks could result in a message like:

error: invalid connection pointer in no connection

This consolidates all clients of this message to have uniform contents:

error: invalid connection pointer in someFunc

Note that virCheckConnectReturn raises an error immediately; in
datatypes.c, where we don't need to raise the error (but instead
just leave it in the thread-local setting), we use
virCheckConnectGoto and the cleanup label instead.  Then, for
consistency in that file, all subsequent error messages are
touched to also use the cleanup error label.

* src/datatypes.h (virCheckConnectReturn)
(virCheckConnectGoto): New macros.
* src/datatypes.c: Use new macro.
* src/libvirt-qemu.c (virDomainQemuAttach): Likewise.
(virLibConnError): Delete unused macro.
* src/libvirt-lxc.c (virLibConnError): Likewise.
* src/libvirt.c: Use new macro throughout.
* docs/api_extension.html.in: Modernize documentation.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-06 21:41:02 -07:00
Jim Fehlig
7c98d1c153 libxl: Fix initialization of nictype in libxl_device_nic
As pointed out by the Xen folks [1], HVM nics should always be set
to type LIBXL_NIC_TYPE_VIF_IOEMU unless the user explicity requests
LIBXL_NIC_TYPE_VIF via model='netfront'.  The current logic in
libxlMakeNic() only sets the nictype to LIBXL_NIC_TYPE_VIF_IOEMU if
a model is specified that is not 'netfront', which breaks PXE booting
configurations where no model is specified (i.e. use the hypervisor
default).

  Reported-by: Stefan Bader <stefan.bader@canonical.com>

[1] https://www.redhat.com/archives/libvir-list/2013-December/msg01156.html
2014-01-06 16:15:32 -07:00
Eric Blake
f3e359d665 Revert "lxcDomainShutdownFlags: Cleanup @flags usage"
This reverts commit aa4619337c.

This patch was accidentally pushed prematurely, and has incorrect
logic for which shutdown methods to attempt.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-06 14:59:44 -07:00
Pranavkumar Sawargaonkar
27e32e0f3d AArch64: Porting of armv7l conditons to run qemu for aarch64.
AArch64 qemu has similar behavior as armv7l, like use of mmio etc.
This patch adds similar bypass checks what we have for armv7l to aarch64.
E.g. we are enabling mmio transport for Nicdev.
Making addDefaultUSB and addDefaultMemballoon to false etc.

V3:
- Adding missing domain rng schema for aarcg64 and test case in
  testutilsqemu.c which was causing test suite failure
  while running make check.

V2:
- Added testcase to qemuxml2argvtest as suggested
  during review comments of V1.

V1:
- Initial patch.

Signed-off-by: Anup Patel <anup.patel@linaro.org>
Signed-off-by: Pranavkumar Sawargaonkar <pranavkumar@linaro.org>
2014-01-06 11:02:24 -05:00
Eric Blake
d219826c65 maint: improve VIR_ERR_OPERATION_DENIED usage
Some of our operation denied messages are outright stupid; for
example, if virIdentitySetAttr fails:

error: operation Identity attribute is already set forbidden for read only access

This patch fixes things to a saner:

error: operation forbidden: Identity attribute is already set

It also consolidates the most common usage pattern for operation
denied errors: read-only connections preventing a public API.  In
this case, 'virsh -r -c test:///default destroy test' changes from:

error: operation virDomainDestroy forbidden for read only access

to:

error: operation forbidden: read only access prevents virDomainDestroy

Note that we were previously inconsistent on which APIs used
VIR_FROM_DOM (such as virDomainDestroy) vs. VIR_FROM_NONE (such as
virDomainPMSuspendForDuration).  After this patch, all uses
consistently use VIR_FROM_NONE, on the grounds that it is unlikely
that a caller learning that a call is denied can do anything in
particular with extra knowledge which error domain the call belongs
to (similar to what we did in commit baa7244).

* src/util/virerror.c (virErrorMsg): Rework OPERATION_DENIED error
message.
* src/internal.h (virCheckReadOnlyGoto): New macro.
* src/util/virerror.h (virReportRestrictedError): New macro.
* src/libvirt-lxc.c: Use new macros.
* src/libvirt-qemu.c: Likewise.
* src/libvirt.c: Likewise.
* src/locking/lock_daemon.c (virLockDaemonClientNew): Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-06 08:29:29 -07:00
Peter Krempa
6e7490c734 qemu: range check numa memory placement mode
https://bugzilla.redhat.com/show_bug.cgi?id=1047234

Add a range check for supported numa memory placement modes provided by
the user before setting them in the domain definition. Without the check
the user is able to provide a (yet) unknown mode which is then stored in
the domain definition. This potentially causes a NULL dereference when
the defintion is formatted into the XML.

To reproduce run:
 virsh numatune DOMNAME --mode 6 --nodeset 0

The XML will then contain:
  <numatune>
      <memory mode='(null)' nodeset='0'/>
  </numatune>

With this fix, the command fails:
 error: Unable to change numa parameters
 error: invalid argument: unsupported numa_mode: '6'
2014-01-06 16:11:49 +01:00
Peter Krempa
8b573a6b0d qemu: Clean up qemuDomainSetNumaParameters
Add whitespace to separate logical code blocks, reformat error messages
and clean up code flow.

This patch changes error handling in some cases where the the loop would
be continued to jump to cleanup instead and error out rather than modify
the domain any further.
2014-01-06 16:11:49 +01:00
Peter Krempa
cad3cf9a95 storage: Use VIR_DELETE_ELEMENT instead of open coding
Replace the open coded array element deletion by our new helper.
2014-01-06 16:05:31 +01:00
Eric Blake
94a26c7e88 event: use newer array management macros
We might as well take advantage of viralloc.h instead of open-coding
array management ourselves.  While at it, I simplified several
places that were doing repetitive pointer chasing to use an
intermediate variable for legibility (some other places remain,
but they will disapper in later refactoring patches).

* src/conf/object_event_private.h (_virObjectEventCallbackList):
Use size_t for count.
* src/conf/object_event.c (_virObjectEventQueue): Likewise.
(virObjectEventCallbackListRemoveID): Use VIR_DELETE_ELEMENT.
(virObjectEventQueuePush, virObjectEventCallbackListAddID): Use
VIR_APPEND_ELEMENT.
(virObjectEventCallbackListEventID)
(virObjectEventStateDispatchCallbacks): Simplify code.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-06 08:01:10 -07:00
Eric Blake
22e82aa596 event: use bool in more places
No need to use an int that only ever stores 0 and 1.

* src/conf/object_event_private.h (_virObjectEventCallback):
Change deleted to bool.
* src/conf/object_event.c (virObjectEventDispatchMatchCallback):
Switch return type to bool.
(virObjectEventCallbackListMarkDeleteID): Update client.
* src/conf/domain_event.c (virDomainEventCallbackListMarkDelete):
Likewise.
2014-01-06 07:58:08 -07:00
Ján Tomko
ec128e69f1 Fix explicit usage of default video PCI slots
Do not leave the PCI address of the primary video card set
to the legacy default (0000:00:02.0) if we're doing two-pass
allocation.

Since QEMU 1.6 (QEMU_CAPS_VIDEO_PRIMARY) we allow the primary
video card to be on other slots than 0000:00:02.0 (as we use
-device instead of -vga).

However we fail to assign it an address if:
* another device explicitly uses 0000:00:02.0 and
* the primary video device has no address specified

On the first pass, we have set the address to default, then checked
if it's available, leaving it set even if it wasn't. This address
got picked up by the second pass, resulting in a conflict:

XML error: Attempted double use of PCI slot 0000:00:02.0
(may need "multifunction='on'" for device on function 0)

Also fix the test that was supposed to catch this.
2014-01-06 09:31:32 +01:00
Eric Blake
baa7244951 maint: improve VIR_ERR_NO_SUPPORT usage
We weren't very consistent in our use of VIR_ERR_NO_SUPPORT; many
users just passed __FUNCTION__ on, while others passed "%s" to
silence over-eager compilers that warn about __FUNCTION__ not
containing any %.  It's nicer to route all these uses through
a single macro, so that if we ever need to change the reporting,
we can do it in one place.

I verified that 'virsh -c test:///default qemu-monitor-command test foo'
gives the same error message before and after this patch:
error: this function is not supported by the connection driver: virDomainQemuMonitorCommand

Note that in libvirt.c, we were inconsistent on whether virDomain*
API used virLibConnError() (with VIR_FROM_NONE) or virLibDomainError()
(with VIR_FROM_DOMAIN); this patch unifies these errors to all use
VIR_FROM_NONE, on the grounds that it is unlikely that a caller
learning that a call is unimplemented can do anything in particular
with extra knowledge of which error domain it belongs to.

One particular change to note is virDomainOpenGraphics which was
trying to fail with VIR_ERR_NO_SUPPORT after a failed
VIR_DRV_SUPPORTS_FEATURE check; all other places that fail a
feature check report VIR_ERR_ARGUMENT_UNSUPPORTED.

* src/util/virerror.h (virReportUnsupportedError): New macro.
* src/libvirt-qemu.c: Use new macro.
* src/libvirt-lxc.c: Likewise.
* src/lxc/lxc_driver.c: Likewise.
* src/security/security_manager.c: Likewise.
* src/util/virinitctl.c: Likewise.
* src/libvirt.c: Likewise.
(virDomainOpenGraphics): Use correct error for unsupported feature.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-04 12:15:08 -07:00
Eric Blake
8f6c845f17 maint: avoid nested public calls
Having one API call into another is generally not good; among
other issues, it gives confusing logs, and is not quite as
efficient.

This fixes several instances, but not all: we still have instances
in both libvirt.c and in backend hypervisors (lxc and qemu) calling
the public virTypedParamsGetString and friends, which dispatch
errors immediately.  I'm not sure if it is worth trying to clean
that up in a separate patch (such a cleanup may be easiest by
separating the public function into a wrapper around the internal,
then tweaking internal.h so that internal users directly use the
internal function).

* src/libvirt.c (virDomainGetUUIDString, virNetworkGetUUIDString)
(virStoragePoolGetUUIDString, virSecretGetUUIDString)
(virNWFilterGetUUIDString): Avoid nested public API call.
* src/util/virtypedparam.c (virTypedParamsReplaceString): Don't
dispatch errors here.
(virTypedParamsGet): No need to reset errors.
(virTypedParamsGetBoolean): Use consistent ordering.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-04 07:13:09 -07:00
Denis Kondratenko
d69415d4bc vmware: os x support is broken
https://bugzilla.redhat.com/show_bug.cgi?id=1036248

Incorrect usage of virAsprintf.  vmware-vmx reports version
information to stderr, at least for OS X 10.9.1.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-03 11:13:43 -07:00
Eric Blake
344e1f5130 event: remove unneeded virObjectEventGetEventID
Any file with access to object_event_private.h also has access to
the internals of virObjectEvent, without needing an accessor
function.  Not to mention the accessor function was doing type
checks that would always succeed.

* src/conf/object_event_private.h (virObjectEventGetEventID): Drop.
* src/conf/object_event.c (virObjectEventGetEventID): Drop.
(virObjectEventDispatchMatchCallback): Simplify caller.
* src/conf/domain_event.c (virDomainEventDispatchDefaultFunc):
Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-03 10:55:42 -07:00
Eric Blake
6742fb0b10 event: fix doc typos, and doc more public methods
While working on events, I found a number of minor issues; I'm
hoisting these to the front rather than doing it piecemeal in
the patches where I first noticed bad or missing documentation.

* src/conf/object_event.c: Fix grammar, document all parameters
of public functions, wrap some long lines.
* src/conf/object_event.h: Likewise.
* src/conf/network_event.c: Likewise.
* src/conf/domain_event.c: Likewise (except for the large number
of event creation functions).
* src/libvirt_private.cyms (conf/object_event.h): Split...
(conf/network_event.h): ...to account for new file.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-03 10:45:54 -07:00
Eric Blake
f06d55da7b maint: reset error on entrance to public API
We document that calling any public API wipes out all prior
libvirt errors in the same thread; but weren't obeying this
style in a few functions.

There are a couple of nested uses of virConnectRef (in lxc
and qemu reboot paths), but they should not be affected by
this change in semantics since there should not be any
previous error getting nuked (a later patch will clean up
the nested calls, along with abuse of virConnectClose on
cleanup paths which DOES nuke errors).

* src/libvirt.c (virGetVersion, virConnectRef, virDomainRef)
(virDomainGetSecurityLabel, virDomainGetSecurityLabelList)
(virDomainSetMetadata, virDomainGetMetadata)
(virNodeGetSecurityModel, virNetworkRef, virInterfaceRef)
(virStoragePoolRef, virStorageVolRef, virNodeDeviceGetName)
(virNodeDeviceRef, virSecretRef, virStreamRef, virNWFilterRef)
(virDomainSnapshotRef): Reset error on entrance.
(do_open): Drop redundant error reset.
* src/libvirt-qemu.c (virDomainQemuAgentCommand): Likewise.
* src/libvirt-lxc.c (virDomainLxcEnterNamespace)
(virDomainLxcEnterSecurityLabel): Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-03 09:38:31 -07:00
Eric Blake
ca0ea2a981 maint: improve error condition style in public API
While auditing error messages in libvirt.c, I found a couple
instances that had not been converted to modern error styles,
and a few places that failed to dispatch the error through
the known-good connection.

* src/libvirt.c (virDomainPinEmulator, virDomainGetDiskErrors)
(virDomainSendKey, virDomainGetSecurityLabelList)
(virDomainGetEmulatorPinInfo): Use typical error reporting.
(virConnectGetCPUModelNames, virConnectRegisterCloseCallback)
(virConnectUnregisterCloseCallback, virDomainGetUUID): Report
error through connection.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-03 07:15:23 -07:00
Eric Blake
5e3e211dd5 maint: split long lines in invalidArg errors
Style only.  In particular, the message on "flags 'affect live'
and 'affect config'" being mutually exclusive was already split
in some instances.

* src/libvirt.c: Wrap some long error messages to fit in 80 columns.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-03 07:11:46 -07:00
Eric Blake
ff65843480 maint: move debug statements first in public API
Most of our public APIs emit a debug log on entry, prior to anything
else.  There were a few exceptions where obvious failures were not
logged, so fix those.  When moving a debug earlier, this patch also
makes sure to avoid any NULL dereference during the log (the APIs
are supposed to gracefully fail if the user passes NULL for the object).

However, do NOT use VIR_DEBUG prior to virInitialize, since setting
up the error reporting can change where VIR_DEBUG output would be
routed.  Instead add documentation to virGlobalInit, virInitialize,
and virGetVersion that better explains initialization.

* src/libvirt.c (virGetVersion, virConnectRef, virDomainRef)
(virNetworkRef, virInterfaceRef, virStoragePoolRef)
(virStorageVolRef, virNodeDeviceRef, virSecretRef, virStreamRef)
(virNWFilterRef, virDomainSnapshotRef): Debug on function entry.
* src/libvirt-lxc.c (virDomainLxcEnterNamespace)
(virDomainLxcEnterSecurityLabel): Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-03 06:15:04 -07:00
Eric Blake
13f8372007 maint: improve debug of libvirt-{qemu,lxc} apis
I noticed that the virDomainQemuMonitorCommand debug output wasn't
telling me the name of the domain it was working on.  While it was
easy enough to determine which pointer matches the domain based on
other log messages, it is nicer to be consistent.

* src/util/viruuid.h (VIR_UUID_DEBUG): Moved here from...
* src/libvirt.c (VIR_UUID_DEBUG): ...here.
(VIR_ARG15, VIR_HAS_COMMA, VIR_DOMAIN_DEBUG_EXPAND)
(VIR_DOMAIN_DEBUG_PASTE, VIR_DOMAIN_DEBUG_0, VIR_DOMAIN_DEBUG_1)
(VIR_DOMAIN_DEBUG_2, VIR_DOMAIN_DEBUG): Move...
* src/datatypes.h: ...here.
* src/libvirt-qemu.c (virDomainQemuMonitorCommand)
(virDomainQemuAgentCommand): Better debug messages.
* src/libvirt-lxc.c (virDomainLxcOpenNamespace): Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-02 22:17:11 -07:00
Eric Blake
80aed9f87f maint: consistent formatting in libvirt.c
Preliminary cleanups to make search-and-replace easier in later
patches.  Many of these were done by grepping for (multiline)
pattern violations, then bundled all into one patch.

* src/libvirt.c: Uniform two spaces between functions, return
type and open brace on separate line, avoid blank lines around
open brace, label in column 1, drop redundant (), consistent
indentation for function headers split across lines.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-02 12:06:03 -07:00
Eric Blake
c8f95fff63 event: improve public API docs
Since libvirt 0.9.3, the entire virevent.c file has been a public
API, so improve the documentation in this file.  Also, fix a
potential core dump - it could only be triggered by bogus use of
the API and would only affect the caller (not libvirtd), but we
might as well be nice.

* src/libvirt.c (virConnectSetKeepAlive)
(virConnectDomainEventRegister, virConnectDomainEventRegisterAny)
(virConnectNetworkEventRegisterAny): Document event loop requirement.
* src/util/virevent.c (virEventAddHandle, virEventRemoveHandle)
(virEventAddTimeout, virEventRemoveTimeout): Likewise.
(virEventUpdateHandle, virEventUpdateTimeout): Likewise, and avoid
core dump if caller didn't register handler.
(virEventRunDefaultImpl): Expand example, and set up code block in
html docs.
(virEventRegisterImpl, virEventRegisterDefaultImpl): Document more
on the use of the event loop.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-02 07:29:54 -07:00
Eric Blake
cfd62c1f61 event: don't overwrite registration error message
Prior to this patch, an attempt to register an event without an
event loop started results in the vague:

libvirt: Remote Driver error : adding cb to list

Now it gives the much nicer:

libvirt:  error : internal error: could not initialize domain event timer

This also avoids hiding other reasonable error messages, such as
attempts to register a duplicate callback or OOM errors.

* src/remote/remote_driver.c (remoteConnectNetworkEventRegisterAny)
(remoteConnectDomainEventRegister)
(remoteConnectDomainEventRegisterAny): Preserve more detailed error.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-02 05:54:53 -07:00
Eric Blake
169700970d docs: return paragraph must be last
Commit eb70ceb tried to create a code block for
libvirt-libvirt.html#virConnectGetType, but failed to note
that our doc generator treats everything after "Returns" as
part of the return description rather than looking for
paragraph and code layout.  Fix some other API that also had
generic details crammed into the return type paragraph.

* src/libvirt.c (virConnectOpen, virConnectOpenReadOnly)
(virConnectOpenAuth, virConnectListAllDomains): Fit doc pattern.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-12-31 23:21:00 -07:00
Laine Stump
3337a98a5e domain: don't try to interpret <driver> as virtio config for hostdev interfaces
This resolves:

  https://bugzilla.redhat.com/show_bug.cgi?id=1046337

The <driver> name attribute of an interface is interpreted in two
different ways depending on the <interface> type - if the interface is
type='hostdev', then the driver name describes which backend to use
for the hostdev device assignment (vfio or kvm), but if the interface
is any emulated type *and* the model type is "virtio", then the driver
name can be "vhost" or "qemu", telling which backend qemu should use
to communicate with the emulated device.

The problem comes when someone has defined a an interface like this
(which is accepted by the parser as long as no <driver name='xxx'/> is
specified):

    <interface type='hostdev'>
       ...
       <model type='virtio'/>
       ...
    </interface>

As libvirt storing this definition in the domain's status, the driver
name is automatically filled in with the backend that was
automatically decided by libvirt, so it stores this in the status:

    <interface type='hostdev'>
       ...
       <driver name='vfio'/>
       ...
       <model type='virtio'/>
       ...
    </interface>

This isn't noticed until the next time libvirtd is restarted - as it
is reading the status of all domains, it encounters the above
interface definition, logs an error:

  internal error: Unknown interface <driver name='vfio'> has been specified

and fails to reload the domain status, so the domain is marked as
inactive.

The solution is to stop the parser from interpreting <driver>
attributes as if the device was an emulated virtio device, when it is
actually a hostdev.

(Although the bug has existed since vfio support was added, it has
just recently become more apparent because libvirt previously didn't
automatically set the driver name for hostdev interfaces in the domain
status to vfio/kvm as it does since commit f094aa, first appearing in
v1.1.4.)
2013-12-31 10:56:21 +02:00
Eric Blake
eb70ceba8a docs: fix layout of code snippets
Similar to commit 52dbeac, we should indent code snippets in
other places to ensure they appear correctly in html.  See
http://libvirt.org/html/libvirt-libvirt.html#virNodeGetCPUStats
for an example improved by this patch.  Also fix some missing
semicolons in the examples.

* src/libvirt.c: Indent code samples in comments.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-12-28 11:28:04 -07:00
Eric Blake
9d30e078be maint: fix typo in error message
* src/util/virerror.h (virReportInvalidZeroArg): Fix double space.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-12-27 14:30:25 -07:00
Michal Privoznik
72ffbd1bf3 virkeycode: Allow ANSI_A
https://bugzilla.redhat.com/show_bug.cgi?id=1044806

Currently, sending the ANSI_A keycode from os_x codepage doesn't work as
it has a special value of 0x0. Our internal code handles that no
different to other not defined keycodes. Hence, in order to allow it we
must change all the undefined keycodes from 0 to -1 and adapt some code
too.

  # virsh send-key guestname --codeset os_x ANSI_A
  error: invalid keycode: 'ANSI_A'

  # virsh send-key guestname --codeset os_x ANSI_B
  # virsh send-key guestname --codeset os_x ANSI_C

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-12-24 17:36:47 +01:00
Michal Privoznik
aa4619337c lxcDomainShutdownFlags: Cleanup @flags usage
Currently, the @flags usage is a bit unclear at first sight to say the
least. There's no need for such unclear code especially when we can
borrow the working code from qemuDomainShutdownFlags().

In addition, this fixes one bug too. If user requested both
VIR_DOMAIN_SHUTDOWN_INITCTL and VIR_DOMAIN_SHUTDOWN_SIGNAL at the same
time, he is basically saying: 'Use the force Luke! If initctl fails try
sending a signal.' But with the current code we don't do that. If
initctl fails for some reason (e.g. inability to write to /dev/initctl)
we don't try sending any signal but fail immediately. To make things
worse, making a domain shutdown with bare _SIGNAL was working by blind
chance of a @rc variable being placed at correct place on the stack so
its initial value was zero.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-12-24 17:36:47 +01:00
Michal Privoznik
5bd7ac029e interface: Take interface status into account when starting and destroying
https://bugzilla.redhat.com/show_bug.cgi?id=956994

Currently, it is possible to start an interface that is already running:

 # virsh iface-start eth2
 Interface eth2 started

 # echo $?
 0

 # virsh iface-start eth2
 Interface eth2 started

 # echo $?
 0

 # virsh iface-start eth2
 Interface eth2 started

 # echo $?
 0

Same applies for destroying a dead interface. We should not allow such
state transitions.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-12-24 17:20:00 +01:00
Michal Privoznik
50f5468c96 interface: Introduce netcfInterfaceObjIsActive
This function barely wraps ncf_if_status() and error handling code.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-12-24 17:20:00 +01:00
Dario Faggioli
9375ba2a6e libxl: correctly handle affinity reset in virDomainPinVcpu[Flags]
By actually removing the <vcpupin> element (from within the
<cputune> section) from the XML, rather than jus update it with
a fully set vcpu affinity mask.

Signed-off-by: Dario Faggioli <dario.faggioli@citrix.com>
Cc: Jim Fehlig <jfehlig@suse.com>
Cc: Ian Jackson <Ian.Jackson@eu.citrix.com>
2013-12-23 22:43:32 -07:00
Dario Faggioli
520c3fbd1b libxl: implement virDomainPinVcpuFlags
And use it to implement libxlDomainPinVcpu(), similarly to what
happens in the QEMU driver. This way, it is possible to both
query and change the vcpu affinity of a persistent but not
running domain.

In face, before this patch, we have:
 # virsh list --all
  Id    Name                           State
 ----------------------------------------------------
  5     debian_32                      running
  -     fedora20_64                    shut off
 # virsh vcpupin fedora20_64 0 2-4 --current
 error: this function is not supported by the connection driver: virDomainPinVcpuFlags

After (same situation as above):
 # virsh vcpupin  fedora20_64 0 2-4 --current
 # virsh vcpupin  fedora20_64 0
 VCPU: CPU Affinity
 ----------------------------------
    0: 2-4

Signed-off-by: Dario Faggioli <dario.faggioli@citrix.com>
Cc: Jim Fehlig <jfehlig@suse.com>
Cc: Ian Jackson <Ian.Jackson@eu.citrix.com>
2013-12-23 22:33:30 -07:00
Dario Faggioli
2682d0d522 libxl: implement virDomainGetVcpuPinInfo
So that it is possible to query vcpu related information of
a persistent but not running domain, like it is for the QEMU
driver.

In fact, before this patch, we have:
 # virsh list --all
  Id    Name                           State
 ----------------------------------------------------
  5     debian_32                      running
  -     fedora20_64                    shut off
 # virsh vcpuinfo fedora20_64
 error: this function is not supported by the connection driver: virDomainGetVcpuPinInfo

After (same situation as above, i.e., fedora20_64 not running):
 # virsh vcpuinfo fedora20_64
 VCPU:           0
 CPU:            N/A
 State:          N/A
 CPU time        N/A
 CPU Affinity:   yyyyyyyy

 VCPU:           1
 CPU:            N/A
 State:          N/A
 CPU time        N/A
 CPU Affinity:   yyyyyyyy

Signed-off-by: Dario Faggioli <dario.faggioli@citrix.com>
Cc: Jim Fehlig <jfehlig@suse.com>
Cc: Ian Jackson <Ian.Jackson@eu.citrix.com>
2013-12-23 22:17:03 -07:00
Laine Stump
8700b87800 qemu: re-add hostdev interfaces to hostdev array on libvirtd restart
This resolves:

   https://bugzilla.redhat.com/show_bug.cgi?id=1045002

If a domain has an <interface type='hostdev'> or an <interface
type='network'> where the network itself is a pool of hostdev devices,
then libvirt will internally keep that device on both the interface
list *and* the hostdev list for the domain. One of the places this
comes in handy is when a new device is being added and libvirt wants
to find a unique "alias" name for it - it just scans through the
hostdev array and makes sure it picks a name that doesn't match the
alias of any device in that array.

However, when libvirtd was restarted, if there was an <interface
type='network'> with the network being a hostdev pool, the device
would not be added to the reconstructed internal hostdev array, so its
alias would not be found during a scan of the hostdev array, thus
attempts to add a new hostdev (or <interface type='hostdev'> or
<interface type='network'>) would result in a message like this:

internal error: unable to execute QEMU command 'device_add':
                Duplicate ID 'hostdev0' for device

This patch simply fixes the existing code in the domain XML parser
that fixes up the hostdev array in the case of <interface
type='hostdev'> to do the same thing in the case of <interface
type='network'> with a hostdev network.

This bug has existed since the very first addition of hostdev networks
to libvirt (0.10.0).
2013-12-23 13:16:57 +02:00
Laine Stump
c0f511ee2b qemu: avoid duplicate security label restore on hostdev attach failure
This eliminates the misleading error message that was being logged
when a vfio hostdev hotplug failed:

  error: unable to set user and group to '107:107' on '/dev/vfio/22':
         No such file or directory

as documented in:

  https://bugzilla.redhat.com/show_bug.cgi?id=1035490

Commit ee414b5d (pushed as a fix for Bug 1016511 and part of Bug
1025108) replaced the single call to
virSecurityManagerSetHostdevLabel() in qemuDomainAttachHostDevice()
with individual calls to that same function in each
device-type-specific attach function (for PCI, USB, and SCSI). It also
added a corresponding call to virSecurityManagerRestoreHostdevLabel()
in the error handling of the device-type-specific functions, but
forgot to remove the common call to that from
qemuDomainAttachHostDevice() - this resulted in a duplicate call to
virSecurityManagerRestoreHostdevLabel(), with the second occurrence
being after (e.g.) a PCI device has already been re-attached to the
host driver, thus destroying some of the device nodes / links that we
then attempted to re-label (e.f. /dev/vfio/22) and generating an error
log that obscured the original error.
2013-12-23 13:16:57 +02:00
Laine Stump
6d867f72f4 qemu: properly set MaxMemLock when hotplugging with VFIO
This resolves:

  https://bugzilla.redhat.com/show_bug.cgi?id=1035490

virProcessSetMaxMemLock() (which is a wrapper over prlimit(3)) expects
the memory size in bytes, but libvirt's domain definition (which was
being used by qemuDomainAttachHostPciDevice()) stores all memory
tuning parameters in KiB. This was being accounted for when setting
MaxMemLock at domain startup time (so cold-plugged devices would
work), but not for hotplug.

This patch simplifies the few lines that call
virProcessSetMemMaxLock(), and multiply the amount * 1024 so that
we're locking the correct amount of memory.

What remains a mystery to me is why hot-plug of a managed='no' device
would succeed (at least on my system) while managed='yes' would
fail. I guess in one case the memory was coincidentally already
resident and in the other it wasn't.
2013-12-23 13:16:57 +02:00
John Ferlan
d53c57b806 PanicCheckABIStability: Need to check for existence
Commit id '4313fead' added a call to virDomainPanicCheckABIStability()
which did not check whether the panic device existed before making a call
to virDomainDeviceInfoCheckABIStability() which ended up segfaulting:

Thread 1 (Thread 0x7f5332837700 (LWP 10964)):
    (src=<optimized out>, dst=<optimized out>)
    at conf/domain_conf.c:13007
    (dst=<optimized out>, src=<optimized out>)
    at conf/domain_conf.c:13712
    (src=<optimized out>, dst=<optimized out>)
    at conf/domain_conf.c:14056
    (domain=domain@entry=0x7f53000057c0, vm=vm@entry=0x7f53000036d0,
     defptr=defptr@entry=0x7f5332836978, snap=snap@entry=0x7f5332836970,
     update_current=update_current@entry=0x7f5332836962, flags=flags@entry=1)
    at conf/snapshot_conf.c:1230
    (domain=0x7f53000057c0, xmlDesc=<optimized out>, flags=1)
    at qemu/qemu_driver.c:12719
    (domain=domain@entry=0x7f53000057c0, xmlDesc=0x7f53000081d0
     "<domainsnapshot>\n  <name>snap2</name>\n
     <description>new-desc</description>\n  <state>running</state>\n
     <parent>\n    <name>snap1</name>\n  </parent>\n
     <creationTime>1387487268</creationTime>\n  <memory s"..., flags=1)
    at libvirt.c:19695
...

(gdb) up 3
(gdb) print *other->def->dom
$2 = {virtType = 2, id = -1, ..
...
  rng = 0x0, panic = 0x0, namespaceData = 0x0,...
...
(gdb) print *def->dom
$3 = {virtType = 2, id = -1, ...
...
  rng = 0x0, panic = 0x0, namespaceData = 0x0,...
...
(gdb)

Also seen using following sequence:

virsh save $dom $file
virsh save-image-edit $file
  add (or remove) a <panic/> line
  <devices>
  ...
    <panic>
      <address type='isa' iobase='0x505'/>
    </panic>
  ...
  </devices>
2013-12-21 09:49:58 -05:00
Bamvor Jian Zhang
b03eba1376 libxl: fix segfault when domain create fail
there is a segfault in libxl logging in libxl_ctx_free when domain
create fail. because the log output handler vmessage is freed by
xtl_logger_destroy before libxl_ctx_free in virDomainObjListRemove.
move xtl_logger_destroy after libxl_ctx_free could fix this bug.

Signed-off-by: Bamvor Jian Zhang <bjzhang@suse.com>
2013-12-20 11:49:24 -07:00
Dario Faggioli
f9ee91d355 libxl: avoid crashing if calling `virsh numatune' on inactive domain
by, in libxlDomainGetNumaParameters(), calling libxl_bitmap_init() as soon as
possible, which avoids getting to 'cleanup:', where libxl_bitmap_dispose()
happens, without having initialized the nodemap, and hence crashing after some
invalid free()-s:

 # ./daemon/libvirtd -v
 *** Error in `/home/xen/libvirt.git/daemon/.libs/lt-libvirtd': munmap_chunk(): invalid pointer: 0x00007fdd42592666 ***
 ======= Backtrace: =========
 /lib64/libc.so.6(+0x7bbe7)[0x7fdd3f767be7]
 /lib64/libxenlight.so.4.3(libxl_bitmap_dispose+0xd)[0x7fdd2c88c045]
 /home/xen/libvirt.git/daemon/.libs/../../src/.libs/libvirt_driver_libxl.so(+0x12d26)[0x7fdd2caccd26]
 /home/xen/libvirt.git/src/.libs/libvirt.so.0(virDomainGetNumaParameters+0x15c)[0x7fdd4247898c]
 /home/xen/libvirt.git/daemon/.libs/lt-libvirtd(+0x1d9a2)[0x7fdd42ecc9a2]
 /home/xen/libvirt.git/src/.libs/libvirt.so.0(virNetServerProgramDispatch+0x3da)[0x7fdd424e9eaa]
 /home/xen/libvirt.git/src/.libs/libvirt.so.0(+0x1a6f38)[0x7fdd424e3f38]
 /home/xen/libvirt.git/src/.libs/libvirt.so.0(+0xa81e5)[0x7fdd423e51e5]
 /home/xen/libvirt.git/src/.libs/libvirt.so.0(+0xa783e)[0x7fdd423e483e]
 /lib64/libpthread.so.0(+0x7c53)[0x7fdd3febbc53]
 /lib64/libc.so.6(clone+0x6d)[0x7fdd3f7e1dbd]

Signed-off-by: Dario Faggili <dario.faggioli@citrix.com>
Cc: Jim Fehlig <jfehlig@suse.com>
Cc: Ian Jackson <Ian.Jackson@eu.citrix.com>
2013-12-20 11:11:50 -07:00
Martin Kletzander
9faf3f2950 Fix crash in lxcDomainSetMemoryParameters
The function doesn't check whether the request is made for active or
inactive domain.  Thus when the domain is not running it still tries
accessing non-existing cgroups (priv->cgroup, which is NULL).

I re-made the function in order for it to work the same way it's qemu
counterpart does.

Reproducer:
 1) Define an LXC domain
 2) Do 'virsh memtune <domain> --hard-limit 133T'

Backtrace:
 Thread 6 (Thread 0x7fffec8c0700 (LWP 26826)):
 #0  0x00007ffff70edcc4 in virCgroupPathOfController (group=0x0, controller=3,
     key=0x7ffff75734bd "memory.limit_in_bytes", path=0x7fffec8bf718) at util/vircgroup.c:1764
 #1  0x00007ffff70e9206 in virCgroupSetValueStr (group=0x0, controller=3,
     key=0x7ffff75734bd "memory.limit_in_bytes", value=0x7fffe409f360 "1073741824")
     at util/vircgroup.c:669
 #2  0x00007ffff70e98b4 in virCgroupSetValueU64 (group=0x0, controller=3,
     key=0x7ffff75734bd "memory.limit_in_bytes", value=1073741824) at util/vircgroup.c:740
 #3  0x00007ffff70ee518 in virCgroupSetMemory (group=0x0, kb=1048576) at util/vircgroup.c:1904
 #4  0x00007ffff70ee675 in virCgroupSetMemoryHardLimit (group=0x0, kb=1048576)
     at util/vircgroup.c:1944
 #5  0x00005555557d54c8 in lxcDomainSetMemoryParameters (dom=0x7fffe40cc420,
     params=0x7fffe409f100, nparams=1, flags=0) at lxc/lxc_driver.c:774
 #6  0x00007ffff72c20f9 in virDomainSetMemoryParameters (domain=0x7fffe40cc420,
     params=0x7fffe409f100, nparams=1, flags=0) at libvirt.c:4051
 #7  0x000055555561365f in remoteDispatchDomainSetMemoryParameters (server=0x555555eb7e00,
     client=0x555555ec4b10, msg=0x555555eb94e0, rerr=0x7fffec8bfb70, args=0x7fffe40b8510)
     at remote_dispatch.h:7621
 #8  0x00005555556133fd in remoteDispatchDomainSetMemoryParametersHelper (server=0x555555eb7e00,
     client=0x555555ec4b10, msg=0x555555eb94e0, rerr=0x7fffec8bfb70, args=0x7fffe40b8510,
     ret=0x7fffe40b84f0) at remote_dispatch.h:7591
 #9  0x00007ffff73b293f in virNetServerProgramDispatchCall (prog=0x555555ec3ae0,
     server=0x555555eb7e00, client=0x555555ec4b10, msg=0x555555eb94e0)
     at rpc/virnetserverprogram.c:435
 #10 0x00007ffff73b207f in virNetServerProgramDispatch (prog=0x555555ec3ae0,
     server=0x555555eb7e00, client=0x555555ec4b10, msg=0x555555eb94e0)
     at rpc/virnetserverprogram.c:305
 #11 0x00007ffff73a4d2c in virNetServerProcessMsg (srv=0x555555eb7e00, client=0x555555ec4b10,
     prog=0x555555ec3ae0, msg=0x555555eb94e0) at rpc/virnetserver.c:165
 #12 0x00007ffff73a4e8d in virNetServerHandleJob (jobOpaque=0x555555ec3e30, opaque=0x555555eb7e00)
     at rpc/virnetserver.c:186
 #13 0x00007ffff7187f3f in virThreadPoolWorker (opaque=0x555555eb7ac0) at util/virthreadpool.c:144
 #14 0x00007ffff718733a in virThreadHelper (data=0x555555eb7890) at util/virthreadpthread.c:161
 #15 0x00007ffff468ed89 in start_thread (arg=0x7fffec8c0700) at pthread_create.c:308
 #16 0x00007ffff3da26bd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2013-12-20 12:47:14 +00:00
Martin Kletzander
f8c1cb9021 CVE-2013-6436: fix crash in lxcDomainGetMemoryParameters
The function doesn't check whether the request is made for active or
inactive domain.  Thus when the domain is not running it still tries
accessing non-existing cgroups (priv->cgroup, which is NULL).

I re-made the function in order for it to work the same way it's qemu
counterpart does.

Reproducer:
 1) Define an LXC domain
 2) Do 'virsh memtune <domain>'

Backtrace:
 Thread 6 (Thread 0x7fffec8c0700 (LWP 13387)):
 #0  0x00007ffff70edcc4 in virCgroupPathOfController (group=0x0, controller=3,
     key=0x7ffff75734bd "memory.limit_in_bytes", path=0x7fffec8bf750) at util/vircgroup.c:1764
 #1  0x00007ffff70e958c in virCgroupGetValueStr (group=0x0, controller=3,
     key=0x7ffff75734bd "memory.limit_in_bytes", value=0x7fffec8bf7c0) at util/vircgroup.c:705
 #2  0x00007ffff70e9d29 in virCgroupGetValueU64 (group=0x0, controller=3,
     key=0x7ffff75734bd "memory.limit_in_bytes", value=0x7fffec8bf810) at util/vircgroup.c:804
 #3  0x00007ffff70ee706 in virCgroupGetMemoryHardLimit (group=0x0, kb=0x7fffec8bf8a8)
     at util/vircgroup.c:1962
 #4  0x00005555557d590f in lxcDomainGetMemoryParameters (dom=0x7fffd40024a0,
     params=0x7fffd40027a0, nparams=0x7fffec8bfa24, flags=0) at lxc/lxc_driver.c:826
 #5  0x00007ffff72c28d3 in virDomainGetMemoryParameters (domain=0x7fffd40024a0,
     params=0x7fffd40027a0, nparams=0x7fffec8bfa24, flags=0) at libvirt.c:4137
 #6  0x000055555563714d in remoteDispatchDomainGetMemoryParameters (server=0x555555eb7e00,
     client=0x555555ebaef0, msg=0x555555ebb3e0, rerr=0x7fffec8bfb70, args=0x7fffd40024e0,
     ret=0x7fffd4002420) at remote.c:1895
 #7  0x00005555556052c4 in remoteDispatchDomainGetMemoryParametersHelper (server=0x555555eb7e00,
     client=0x555555ebaef0, msg=0x555555ebb3e0, rerr=0x7fffec8bfb70, args=0x7fffd40024e0,
     ret=0x7fffd4002420) at remote_dispatch.h:4050
 #8  0x00007ffff73b293f in virNetServerProgramDispatchCall (prog=0x555555ec3ae0,
     server=0x555555eb7e00, client=0x555555ebaef0, msg=0x555555ebb3e0)
     at rpc/virnetserverprogram.c:435
 #9  0x00007ffff73b207f in virNetServerProgramDispatch (prog=0x555555ec3ae0,
     server=0x555555eb7e00, client=0x555555ebaef0, msg=0x555555ebb3e0)
     at rpc/virnetserverprogram.c:305
 #10 0x00007ffff73a4d2c in virNetServerProcessMsg (srv=0x555555eb7e00, client=0x555555ebaef0,
     prog=0x555555ec3ae0, msg=0x555555ebb3e0) at rpc/virnetserver.c:165
 #11 0x00007ffff73a4e8d in virNetServerHandleJob (jobOpaque=0x555555ebc7e0, opaque=0x555555eb7e00)
     at rpc/virnetserver.c:186
 #12 0x00007ffff7187f3f in virThreadPoolWorker (opaque=0x555555eb7ac0) at util/virthreadpool.c:144
 #13 0x00007ffff718733a in virThreadHelper (data=0x555555eb7890) at util/virthreadpthread.c:161
 #14 0x00007ffff468ed89 in start_thread (arg=0x7fffec8c0700) at pthread_create.c:308
 #15 0x00007ffff3da26bd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2013-12-20 12:46:47 +00:00
Eric Blake
3e67714e48 docs: improve event-related documentation
While looking at event code, I noticed that the documentation was
trying to refer me to functions that don't exist.  Also fix some
typos and poor formatting.

* src/libvirt.c (virConnectDomainEventDeregister)
(virConnectDomainEventRegisterAny)
(virConnectDomainEventDeregisterAny)
(virConnectNetworkEventRegisterAny)
(virConnectNetworkEventDeregisterAny): Link to correct function.
* include/libvirt.h.in (VIR_DOMAIN_EVENT_CALLBACK)
(VIR_NETWORK_EVENT_CALLBACK): Likewise.
(virDomainEventID, virConnectDomainEventGenericCallback)
(virNetworkEventID, virConnectNetworkEventGenericCallback):
Improve docs.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-12-19 09:45:50 -07:00
Eric Blake
3a96cebceb storage: fix bogus target in gluster volume xml
Commit 6cd60b6 was flat out broken - it tried to print into the
wrong variable.  My testing was obviously too cursory (did the
name get a slash added?); valgrind would have caught the error.
Thankfully it didn't hit any release.

Reported by Peter Krempa.

* src/storage/storage_backend_gluster.c
(virStorageBackendGlusterRefreshVol): Fix bogus code.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-12-19 09:17:11 -07:00
Daniel P. Berrange
147a3d2487 Remove stray semicolon after pragma macros
The VIR_WARNINGS_NO_CAST_ALIGN / VIR_WARNINGS_RESET should
not have any trailing ';' since they are pragmas. The use
of a ';' results in an empty statement which confuses CIL.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-12-19 16:02:38 +00:00
Peter Krempa
f17c968827 storage: Avoid forward declaration of virStorageVolDelete
Move the code around so that the forward declaration isn't needed. Also
fix code style of the opening brace of the function by moving it to a
separate line.
2013-12-19 11:53:41 +01:00
Peter Krempa
b560946c19 storage: Add gluster pool filter and fix virsh pool listing
Recent addition of the gluster pool type omitted fixing the virsh and
virConnectListAllStoragePool filters. A typecast of the converting
function in virsh showed that also the sheepdog pool was omitted in the
command parser.

This patch adds gluster pool filtering support and fixes virsh to
properly convert all supported storage pool types. The added typecast
should avoid doing such mistakes in the future.
2013-12-19 11:01:50 +01:00
Daniel P. Berrange
7d3a1c8bd1 Fix race leading to crash when setting up dbus watches
Currently the virDBusAddWatch does

  virEventAddHandle(fd, flags,
                    virDBusWatchCallback,
                    watch, NULL);
  dbus_watch_set_data(watch, info, virDBusWatchFree);

Unfortunately this is racy - since the event loop is in a
different thread, the virDBusWatchCallback method may be
run before we get to calling dbus_watch_set_data. We must
reverse the order of these calls

See https://bugzilla.redhat.com/show_bug.cgi?id=885445

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-12-18 16:59:02 +00:00
Dario Faggioli
284d2fc299 libxl: libxl_get_max_cpus returning a libxl error from 4.4 onward
Starting from commit 2e82c18c in Xen (will be included in Xen 4.4)
both libxl_get_max_cpus() and libxl_get_max_nodes() start returning
a proper libxl error code, in case of failure. This patch fixes
this in the libxl driver.

Note that, although it is now basically impossible for them to return
0, that would, theoretically, still be wrong. Also, checking that the
returned value is '<= 0' makes the code correct for both Xen 4.4 and
Xen 4.3 (and 4.2), and that is why we go for it (rather than
just '< 0').

Signed-off-by: Dario Faggioli <dario.faggioli@citrix.com>
Cc: Jim Fehlig <jfehlig@suse.com>
Cc: Ian Jackson <Ian.Jackson@eu.citrix.com>
Cc: Martin Kletzander <mkletzan@redhat.com>
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2013-12-18 17:08:41 +01:00
Eric Blake
a21cfb0f48 qemu: ask for -enable-fips when FIPS is required
On a system that is enforcing FIPS, most libraries honor the
current mode by default.  Qemu, on the other hand, refused to
honor FIPS mode unless you add the '-enable-fips' command
line option; worse, this option is not discoverable via QMP,
and is only present on binaries built for Linux.  So, if we
detect FIPS mode, then we unconditionally ask for FIPS; either
qemu is new enough to have the option and then correctly
cripple insecure VNC passwords, or it is so old that we are
correctly avoiding a FIPS violation by preventing qemu from
starting.  Meanwhile, if we don't detect FIPS mode, then
omitting the argument is safe whether the qemu has the option
(but it would do nothing because FIPS is disabled) or whether
qemu lacks the option (including in the case where we are not
running on Linux).

The testsuite was a bit interesting: we don't want our test
to depend on whether it is being run in FIPS mode, so I had
to tweak things to set the capability bit outside of our
normal interaction with capability parsing.

This fixes https://bugzilla.redhat.com/show_bug.cgi?id=1035474

* src/qemu/qemu_capabilities.h (QEMU_CAPS_ENABLE_FIPS): New bit.
* src/qemu/qemu_capabilities.c (virQEMUCapsInitQMP): Conditionally
set capability according to detection of FIPS mode.
* src/qemu/qemu_command.c (qemuBuildCommandLine): Use it.
* tests/qemucapabilitiestest.c (testQemuCaps): Conditionally set
capability to test expected output.
* tests/qemucapabilitiesdata/caps_1.2.2-1.caps: Update list.
* tests/qemucapabilitiesdata/caps_1.6.0-1.caps: Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-12-18 07:05:29 -07:00
Daniel P. Berrange
daf08f36b5 Set the 'container_ttys' env variable for LXC consoles
Systemd specified that any /dev/pts/NNN device on which it
is expected to spawn a agetty login, should be listed in
the 'container_ttys' env variable. It should just contain
the relative paths, eg 'pts/0' not '/dev/pts/0' and should
be space separated.

http://cgit.freedesktop.org/systemd/systemd/commit/?id=1d97ff7dd71902a5604c2fed8964925d54e09de9

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-12-18 11:21:10 +00:00
Michal Privoznik
b0579ed900 storage: resize vol against real allocated size
Currently, 'vol-resize --allocate' allocates new space at the
vol->capacity offset. But the vol->capacity is not necessarily the same
as vol->allocation. For instance:.

	[root@localhost ~]# virsh vol-list --pool tmp-pool --details
	 Name      Path                   Type  Capacity  Allocation
	-------------------------------------------------------------
	 tmp-vol  /root/tmp-pool/tmp-vol  file  1.00 GiB  1.00 GiB

	[root@localhost ~]# virsh vol-resize tmp-vol --pool tmp-pool 2G

	[root@localhost ~]# virsh vol-list --pool tmp-pool --details
	 Name      Path                   Type  Capacity  Allocation
	-------------------------------------------------------------
	 tmp-vol  /root/tmp-pool/tmp-vol  file  2.00 GiB  1.00 GiB

So, if we want to allocate more bytes, so the file is say 3G big, the
real allocated size is 2G actually:

	[root@localhost ~]# virsh vol-resize tmp-vol --pool tmp-pool 3G --allocate

	[root@localhost ~]# virsh vol-list --pool tmp-pool --details
	 Name      Path                   Type  Capacity  Allocation
	-------------------------------------------------------------
	 tmp-vol  /root/tmp-pool/tmp-vol  file  3.00 GiB  2.00 GiB

This commit uses the correct vol->allocation instead of incorrect
vol->capacity, so the output of the commands above looks like this:

	[root@localhost ~]# virsh vol-resize tmp-vol --pool tmp-pool 3G --allocate

	[root@localhost ~]# virsh vol-list --pool tmp-pool --details
	 Name      Path                   Type  Capacity  Allocation
	-------------------------------------------------------------
	 tmp-vol  /root/tmp-pool/tmp-vol  file  3.00 GiB  3.00 GiB

Moreover, if the '--alocate' flag was used, we must update the
vol->allocation member in storageVolResize API too, not just
vol->capacity.

Reported-by: Wang Sen <wangsen@linux.vnet.ibm.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-12-18 09:08:27 +01:00
Wout Mertens
5d7e4f0cf3 Support transient attribute on vmware disks
vmx/vmx.c ignores the transient attribute on the disk xml format. This patch
adds a 1-1 relationship between it and [disk].mode = "independent-nonpersistent".

The other modes are ignored as before. It works in my testing.

https://bugzilla.redhat.com/show_bug.cgi?id=1044023

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-12-17 14:24:49 -07:00
Martin Kletzander
b5857eb5be qemu: fix typo PCi => PCI
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2013-12-16 17:31:10 +01:00
Gao feng
fbc680a318 LXC: Change incorrect error report in lxcContainerPivotRoot
The newroot is not mounted as tmpfs, we bind root->src to it.

Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
2013-12-16 11:12:41 +01:00
Daniel P. Berrange
ef19b3e3f5 Add debug output when registering event handlers
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-12-13 16:07:55 +00:00
Daniel P. Berrange
dbcc38da15 Remove the event namespace concept
The event namespace concept is mostly redundant information.
With the re-written dispatcher, the namespace is only used
for equality comparisons between event IDs. This can be solved
by just comparing virClassPtr instances instead.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-12-13 16:07:55 +00:00
Daniel P. Berrange
8a4820ab23 Associate a dispatch function with the event objects
Instead of having the object event code have to know about each
type of event and their dispatch functions, associate a dispatch
function with the object instance. The dispatch code can thus be
significantly simplified.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-12-13 16:07:54 +00:00
Daniel P. Berrange
5c17a37142 Introduce abstract virNetworkEvent class
Inject a virNetworkEvent class between virObjectEvent
and virNetworkEventLifecycle to mirror virDomainEvent.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-12-13 16:07:54 +00:00
Daniel P. Berrange
6e2545c07b Add 'detail' arg to network lifecycle event internals
While the public API & wire protocol included the 'detail'
arg for network lifecycle events, the internal event handling
code did not process it. This meant that if a future libvirtd
server starts sending non-0 'detail' args, the current libvirt
client will not process them.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-12-13 16:07:54 +00:00
Nehal J Wani
34d52b3471 Fix memory leak in virObjectEventCallbackListRemoveID()
While running objecteventtest, it was found that valgrind pointed out the
following memory leak:

==13464== 5 bytes in 1 blocks are definitely lost in loss record 7 of 134
==13464==    at 0x4A0887C: malloc (vg_replace_malloc.c:270)
==13464==    by 0x341F485E21: strdup (strdup.c:42)
==13464==    by 0x4CAE28F: virStrdup (virstring.c:554)
==13464==    by 0x4CF3CBE: virObjectEventCallbackListAddID (object_event.c:286)
==13464==    by 0x4CF49CA: virObjectEventStateRegisterID (object_event.c:729)
==13464==    by 0x4CF73FE: virDomainEventStateRegisterID (domain_event.c:1424)
==13464==    by 0x4D7358F: testConnectDomainEventRegisterAny (test_driver.c:6032)
==13464==    by 0x4D600C8: virConnectDomainEventRegisterAny (libvirt.c:19128)
==13464==    by 0x402409: testDomainStartStopEvent (objecteventtest.c:232)
==13464==    by 0x403451: virtTestRun (testutils.c:138)
==13464==    by 0x402012: mymain (objecteventtest.c:395)
==13464==    by 0x403AF2: virtTestMain (testutils.c:593)
==13464==
2013-12-13 16:23:21 +01:00
Martin Kletzander
15275f2edb qemu: check for reboot-timeout on monitor
The support for <boot rebootTimeout="12345"/> was added before we were
checking for qemu command line options in QMP, so we haven't properly
adapted virQEMUCaps when using it and thus we report unsupported
option with new enough qemu.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1042690

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2013-12-13 15:20:09 +01:00
Chen Hanxiao
5ed324a205 lxc: return -1 if failed to kill lxc process
We missed a return when virProcessKillPainfully
failed to kill lxc process

Signed-off-by: Chen Hanxiao <chenhanxiao@cn.fujitsu.com>
2013-12-13 06:02:11 -07:00
Eric Blake
fca4f23340 object: require maximal alignment in base class
Recent changes to events (commit 8a29ffcf) resulted in new compile
failures on some targets (such as ARM OMAP5):
conf/domain_event.c: In function 'virDomainEventDispatchDefaultFunc':
conf/domain_event.c:1198:30: error: cast increases required alignment of
target type [-Werror=cast-align]
conf/domain_event.c:1314:34: error: cast increases required alignment of
target type [-Werror=cast-align]
cc1: all warnings being treated as errors

The error is due to alignment; the base class is merely aligned
to the worst of 'int' and 'void*', while the child class must
be aligned to a 'long long'.  The solution is to include a
'long long' (and for good measure, a function pointer) in the
base class to ensure correct alignment regardless of what a
child class may add, but to wrap the inclusion in a union so
as to not incur any wasted space.  On a typical x86_64 platform,
the base class remains 16 bytes; on i686, the base class remains
12 bytes; and on the impacted ARM platform, the base class grows
from 12 bytes to 16 bytes due to the increase of alignment from
4 to 8 bytes.

Reported by Michele Paolino and others.

* src/util/virobject.h (_virObject): Use a union to ensure that
subclasses never have stricter alignment than the parent.
* src/util/virobject.c (virObjectNew, virObjectUnref)
(virObjectRef): Adjust clients.
* src/libvirt.c (virConnectRef, virDomainRef, virNetworkRef)
(virInterfaceRef, virStoragePoolRef, virStorageVolRef)
(virNodeDeviceRef, virSecretRef, virStreamRef, virNWFilterRef)
(virDomainSnapshotRef): Likewise.
* src/qemu/qemu_monitor.c (qemuMonitorOpenInternal)
(qemuMonitorClose): Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-12-13 05:59:38 -07:00
Hu Tao
4d18758df8 qemu: add support for -device pvpanic
Map the new <panic> device in XML to the '-device pvpanic' command
line of qemu.  Clients can then couple the <panic> device and the
<on_crash> directive to control behavior when the guest reports
a panic to qemu.

Signed-off-by: Hu Tao <hutao@cn.fujitsu.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2013-12-13 05:53:33 -07:00
Hu Tao
4313feade4 conf: add support for panic device
panic device is a device that enables libvirt to receive notification
of guest panic event.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-12-12 21:17:26 -07:00
Hu Tao
f1a039ef57 conf: introduce generic ISA address
For example:
<address type='isa' iobase='0x505' irq='0x1'/>

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-12-12 21:11:21 -07:00
Gao feng
b9ce5d388f rename virBlkioDeviceWeightPtr to virBlkioDevicePtr
The throttle blkio cgroup will reuse this struct.

Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
2013-12-12 12:29:59 +00:00
Gao feng
b4710669c3 rename virBlkioDeviceWeightArrayClear to virBlkioDeviceArrayClear
Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
2013-12-12 12:29:54 +00:00
Gao feng
529739cc80 rename virDomainBlkioDeviceWeightParseXML to virDomainBlkioDeviceParseXML
virDomainBlkioDeviceWeightParseXML will be used to parse
the xml element read_bps, write_bps, read_iops, write_iops.

Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
2013-12-12 12:29:50 +00:00
Cédric Bosdonnat
a5a484ddfc Added default case with error for object event dispatching
Hitting this should be pretty rare, but at least developers will know
that they are providing a weird event ID. Otherwise for namespace that
are added in the normal way, gcc will raise a warning about unhandled
case in the switch.
2013-12-11 13:35:08 +00:00
Cédric Bosdonnat
1b07406e9e Fixed indentation in src/conf/*_event* 2013-12-11 13:35:06 +00:00
Cédric Bosdonnat
cd88e9293a Added network events to the bridged network driver 2013-12-11 13:32:21 +00:00
Cédric Bosdonnat
61ac8ce0a9 Add network events to the remote driver 2013-12-11 13:26:25 +00:00
Cédric Bosdonnat
2ef412bdba test driver: implemented network events 2013-12-11 13:15:01 +00:00
Cédric Bosdonnat
9ff38c5428 Added Network events API and virNetworkEventLifecycle.
Define the public API for (de-)registering network events
and the callbacks for receiving lifecycle events. The lifecycle
event includes a 'detail' parameter to match the domain lifecycle
event data, but this is currently unused.

The network events related code goes into its own set of internal
files src/conf/network_event.[ch]
2013-12-11 13:10:41 +00:00
Michael Chapman
6100cd985c storage_backend_rbd: rename "stat" variable
This variable shadows the stat(2) function, which only became visible in
this scope as of commit 9cac8639. Rename the variable so it doesn't
conflict.

Signed-off-by: Michael Chapman <mike@very.puzzling.org>
2013-12-11 10:18:15 +01:00
Eric Blake
6cd60b687a storage: fix omitted slash in gluster volume URI
When doing 'virsh vol-dumpxml' on a gluster pool's volume, the
resulting URI incorrectly omitted a slash between hostname and
path:  gluster://192.168.122.206rhsvol1/fedora-19.img

This is fallout from me rebasing earlier versions of my patch
that ended up as commit efee1af; I had originally played with
always requiring the gluster volume to have a leading slash,
but it was easier to use the gluster API if the gluster volume
name was guaranteed to have no slash.  While I got the URI of
the pool correct, I forgot to fix the URI of a libvirt volume.

* src/storage/storage_backend_gluster.c
(virStorageBackendGlusterRefreshVol): Use correct starting point
since uri construction requires leading slash.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-12-10 09:40:41 -07:00
Chen Hanxiao
6006c091e2 If we do not specify a readonly mount, we don't need to
re-mount it again.

Signed-off-by: Chen Hanxiao <chenhanxiao@cn.fujitsu.com>
2013-12-10 16:29:09 +00:00
Michal Privoznik
d10a6506b0 Revert "virtlockd: treat SIGHUP like SIGUSR1"
This reverts commit 8355d42dd3.

After some discussion upstream [1] this patch turns out to be spurious.
It better gets reverted prior to a release.

1: https://www.redhat.com/archives/libvir-list/2013-December/msg00563.html

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-12-10 15:49:06 +01:00
Michal Privoznik
11e44d66fd qemu_process: Read errors from child
https://bugzilla.redhat.com/show_bug.cgi?id=1035955

There's a window when starting a qemu process between fork() and exec()
during which we are doing things that may fail but not tunnelling the
error to the daemon. This is basically all within qemuProcessHook().
So whenever we fail in something, e.g. placing a process onto numa node,
users are left with:

    error: Child quit during startup handshake: Input/output error

while the original error is thrown into the domain log:

    libvirt:  error : internal error: NUMA memory tuning in 'preferred'
    mode only supports single node

Hence, we should read the log file and search for the error message and
report it to users.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-12-10 15:36:17 +01:00
Cédric Bosdonnat
9973032fd8 test driver: renamed testDomainEventQueue into testObjectEventQueue 2013-12-10 13:12:37 +00:00
Cédric Bosdonnat
620103feaf Extracted common parts of domain_event.[ch] to object_event.[ch] 2013-12-10 13:12:35 +00:00
Cédric Bosdonnat
f88241608a Split the virObjectEvent and virDomainEvent* to separate them after 2013-12-10 13:07:07 +00:00
Cédric Bosdonnat
d397bf2f6d Renamed virDomainEventTimer to virObjectEventTimer 2013-12-10 13:07:02 +00:00
Cédric Bosdonnat
abb65994b7 Add object event namespaces for the event IDs
Each unique event ID will thus be composed by 1 byte for the namespace
and 1 byte for a namespace-specific ID. The namespace for domain event
needs to be 0 for compatibility reasons.
2013-12-10 13:04:25 +00:00
Cédric Bosdonnat
67d91cb2bd Use virObjectEventPtr instead of virDomainEventPtr
The virDomainEvent class is kept as it indicates what meta informations
are valid for the children classes. This may be useful in the future.
2013-12-10 12:45:21 +00:00
Cédric Bosdonnat
d4d02b206a Create virDomainEventDeviceRemoved and remove the huge union
RIP virDomainEvent union. All data are now stored in each
virObjectEvent subclass.
2013-12-10 12:38:36 +00:00
Cédric Bosdonnat
d9c6ba31a5 Create virDomainEventBalloonChange to get rid of the huge union 2013-12-10 12:38:03 +00:00
Cédric Bosdonnat
8d53d6ab74 Create virDomainEventTrayChange to get rid of the huge union 2013-12-10 12:37:26 +00:00
Cédric Bosdonnat
bc7b304336 Create virDomainEventDiskChange to get rid of the huge union 2013-12-10 12:36:54 +00:00
Cédric Bosdonnat
0ac4c9edad Create virDomainEventBlockJob to get rid of the huge union 2013-12-10 12:35:12 +00:00
Cédric Bosdonnat
e6b83046b1 Create virDomainEventGraphics to get rid of the huge union 2013-12-10 12:34:52 +00:00
Cédric Bosdonnat
b223263850 Create virDomainEventIOError to get rid of the huge union 2013-12-10 12:33:24 +00:00
Cédric Bosdonnat
b044091540 Create virDomainEventWatchdog to get rid of the huge union 2013-12-10 12:31:55 +00:00
Cédric Bosdonnat
8a29ffcf9a Create virDomainEventRTCChange to get rid of the huge union 2013-12-10 12:30:55 +00:00
Cédric Bosdonnat
2c0008cc3e Renamed virDomainEventNewInternal to virDomainEventNew
This change may be confusing at first, but provides a much more
consistent naming scheme for the virObjectEvent children construction
functions.
2013-12-10 12:29:38 +00:00
Cédric Bosdonnat
6ffce0f698 Renamed virDomainEventNew* to virDomainEventLifecycleNew*
This aims at providing some consistency with other domain events
2013-12-10 12:27:37 +00:00
Cédric Bosdonnat
0d1d632d79 Create virDomainEventLifecycle to start removing the huge union 2013-12-10 12:25:26 +00:00
Cédric Bosdonnat
de463feb97 virObject-ified virDomainEvent
Added a parent class virObjectEvent for future event types
2013-12-10 12:05:06 +00:00
Cédric Bosdonnat
6893f37682 Created virObjectEventStateRegisterID
Keep virDomainEventStateRegisterID as a convenience wrapper around
this new function.
2013-12-10 11:38:30 +00:00
Cédric Bosdonnat
1ee803e590 Renamed virDomainEventCallbackList* to virObjectEventCallbackList*
Keep the legacy Domain lifecycle event functions as is.
2013-12-10 11:37:07 +00:00
Cédric Bosdonnat
146434efad Renamed virDomainEventState to virObjectEventState
Leave virDomainEventRegister and its Deregister brother as these are
legacy functions only for domain lifecycle events.
2013-12-10 11:35:34 +00:00
Cédric Bosdonnat
df328f9345 Renamed virDomainEventQueue to virObjectEventQueue
The event queue will be generalized to hold events related
to any object type.
2013-12-10 11:33:12 +00:00
Cédric Bosdonnat
9db86c87d7 Renamed virDomainMeta to virObjectMeta
The metadata struct will hold the unique identifiers for
any type of object, though not all fields will be used
for all types.
2013-12-10 11:31:02 +00:00
Cédric Bosdonnat
f95b1921a1 Rename virDomainEventCallback to virObjectEventCallback
The event callbacks will be generalized to handle events
for any object type.
2013-12-10 11:30:24 +00:00
Michael Chapman
f1b1752537 virtlockd: use common exit path when out-of-memory
Also use a distinct, valid exit status for daemon re-execution failure.

Signed-off-by: Michael Chapman <mike@very.puzzling.org>
2013-12-10 12:02:37 +01:00
Michael Chapman
8355d42dd3 virtlockd: treat SIGHUP like SIGUSR1
SIGHUP is commonly used to instruct a daemon to reload its config. For
now we should handle it in virtlockd just like SIGUSR1, rather than
having it kill the process.

Signed-off-by: Michael Chapman <mike@very.puzzling.org>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-12-10 12:02:37 +01:00
Michael Chapman
59d6e65d6c virtlockd: improve initscripts
- Use SIGUSR1, not SIGHUP, on reload. At present, virtlockd only
  responds to the former.

- Fix PID file for virtlockd.

- Do not start virtlockd in any runlevels by default. It needs to be
  explicitly selected in libvirt's qemu.conf anyway, so there is no
  need to have it running on all systems regardless.

- Fix chkconfig priorities to ensure virtlockd is started before
  libvirtd is started, and stopped after libvirtd is stopped.

- Add "Should-Start: virtlockd" to the libvirtd initscript's LSB header,
  for the same reason.

- Add "Default-Stop" to both libvirtd and virtlockd initscripts. LSB
  does not guarantee that this defaults to the inverse of
  "Default-Start".

Signed-off-by: Michael Chapman <mike@very.puzzling.org>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-12-10 12:02:37 +01:00
Michael Chapman
1163fa36b7 virtlockd: improve systemd units
- Pass VIRTLOCKD_ARGS through to virtlockd.

- Use SIGUSR1, not SIGHUP, in ExecReload. At present, virtlockd only
  responds to the former.

- Have "systemctl enable virtlockd.service" enable virtlockd.socket,
  rather than throw an error.

- Make virtlockd.socket wanted by sockets.target, rather than
  multi-user.target. This is consistent with other socket units in
  Fedora, and it ensures that the socket is available before libvirtd is
  started.

Signed-off-by: Michael Chapman <mike@very.puzzling.org>
2013-12-10 12:02:37 +01:00
Martin Kletzander
ea130e3bf6 conf: don't format memtune with unlimited values
When changing memtune limits to unlimited with AFFECT_CONFIG, the
values in virDomainDef are set to PARAM_UNLIMITED, which causes the
whole <memtune> to be formatted.  This can be changed in all drivers,
but it also makes sense to use the default (0) as another value for
"unlimited", since zero memory limit makes no sense.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2013-12-10 09:11:26 +01:00
Martin Kletzander
8d7c668e64 qemu: Fix minor inconsistency in error message
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2013-12-10 08:38:46 +01:00
Martin Kletzander
0c2fdd7b14 qemu: Report VIR_DOMAIN_MEMORY_PARAM_UNLIMITED properly
For dead domains that have no memtune limits, we return 0 instead of
"unlimited", this patch fixes it to return PARAM_UNLIMITED.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2013-12-10 08:38:46 +01:00
Martin Kletzander
231656bbeb cgroups: Redefine what "unlimited" means wrt memory limits
Since kernel 3.12 (commit 34ff8dc08956098563989d8599840b130be81252 in
linux-stable.git in particular) the value for 'unlimited' in cgroup
memory limits changed from LLONG_MAX to ULLONG_MAX.  Due to rather
unfortunate choice of our VIR_DOMAIN_MEMORY_PARAM_UNLIMITED constant
(which we transfer as an unsigned long long in Kibibytes), we ended up
with the situation described below (applies to x86_64):

 - 2^64-1 (ULLONG_MAX) -- "unlimited" in kernel = 3.12

 - 2^63-1 (LLONG_MAX) -- "unlimited" in kernel < 3.12
 - 2^63-1024 -- our PARAM_UNLIMITED scaled to Bytes

 - 2^53-1 -- our PARAM_UNLIMITED unscaled (in Kibibytes)

This means that when any number within (2^63-1, 2^64-1] is read from
memory cgroup, we are transferring that number instead of "unlimited".
Unfortunately, changing VIR_DOMAIN_MEMORY_PARAM_UNLIMITED would break
ABI compatibility and thus we have to resort to a different solution.

With this patch every value greater than PARAM_UNLIMITED means
"unlimited".  Even though this may seem misleading, we are already in
such unclear situation when running 3.12 kernel with memory limits set
to 2^63.

One example showing most of the problems at once (with kernel 3.12.2):
 # virsh memtune asdf --hard-limit 9007199254740991 --swap-hard-limit -1
 # echo 12345678901234567890 >\
/sys/fs/cgroup/memory/machine/asdf.libvirt-qemu/memory.soft_limit_in_bytes
 # virsh memtune asdf
 hard_limit     : 18014398509481983
 soft_limit     : 12056327051986884
 swap_hard_limit: 18014398509481983

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2013-12-10 08:38:46 +01:00
Cole Robinson
586b0ed818 qemu: hotplug: Fix adding USB devices to the driver list
We were unconditionally removing the device from the host list, when it
should only be done on error.

This fixes USB collision detection when hotplugging the same device to
two guests.
2013-12-09 13:43:48 -05:00
Cole Robinson
5953a73787 qemu: hotplug: Fix double free on USB collision
If we hit a collision, we free the USB device while it is still part
of our temporary USBDeviceList. When the list is unref'd, the device
is free'd again.

Make the initial device freeing dependent on whether it is present
in the temporary list or not.
2013-12-09 13:43:47 -05:00
Cole Robinson
ee414b5d6d qemu: hotplug: Only label hostdev after checking device conflicts
Similar to what Jiri did for cgroup setup/teardown in 05e149f94, push
it all into the device handler functions so we can do the necessary prep
work before claiming the device.

This also fixes hotplugging USB devices by product/vendor (virt-manager's
default behavior):

https://bugzilla.redhat.com/show_bug.cgi?id=1016511
2013-12-09 13:43:47 -05:00
Chen Hanxiao
78d04e556a lxcContainerMountFSDevPTS: Unify @ret usage pattern
Currently, if virFileMakePath() fails, the @ret is left initialized from
virAsprintf() just a few lines above leading to a wrong return value of
zero whereas -1 should be returned.

Signed-off-by: Chen Hanxiao <chenhanxiao@cn.fujitsu.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-12-06 16:27:12 +01:00
Zhou Yimin
036aeca721 Cgroup: Replace 'newpath' with 'newPath'
Unifying codding style, replace 'newpath' with 'newPath'.

From: Zhou Yimin <zhouyimin@huawei.com>
2013-12-06 16:18:14 +01:00
Ján Tomko
952ab4c993 Add qxl ram size to ABI stability check
55bfd02 added a 'ram' attribute for qxl video devices
but didn't update the ABI check.

https://bugzilla.redhat.com/show_bug.cgi?id=1035123
2013-12-06 15:00:16 +01:00
Peter Krempa
34b8449027 qemu: Improve error when setting invalid count of vcpus via agent
https://bugzilla.redhat.com/show_bug.cgi?id=1035108

When attempting to enable more vCPUs in the guest than is currently
enabled in the guest but less than the maximum count for the VM we
currently reported an unhelpful message:

 error: internal error: guest agent reports less cpu than requested

This patch changes it to:

 error: invalid argument: requested vcpu count is greater than the count
 of enabled vcpus in the domain: 3 > 2
2013-12-06 11:09:04 +01:00
Peter Krempa
be904e4eeb conf: Fix XML formatting of RNG device info
https://bugzilla.redhat.com/show_bug.cgi?id=1035118

When outputting the XML for the RNG device, the code didn't format the
PCI address info. Additionally the schema wasn't expecting the info
although it was being parsed and used internally. Fix those mistakes and
add test for the PCI info section.
2013-12-06 11:03:56 +01:00
Peter Krempa
dafdea74b0 qemu: snapshot: Fix incorrect disk type for auto-generated disks
When changing the parsing and formatting functions in commit
43f2ccdc73 I forgot to update the qemu
disk alignment function for snapshots that automatically adds snapshot
configs for disks that were not mentioned in the XML. The function
allocated a new disk snapshot definition but did not correctly
initialize the snapshot disk source type variable. This resulted into
the disks considered as block devices and invalid XML was generated.

Reported by John Ferlan.
2013-12-06 10:45:49 +01:00
Cole Robinson
79776aa594 qemu: hotplug: Mark 2 private functions as static
They aren't used outside of qemu_hotplug.c
2013-12-05 15:34:54 -05:00
Wang Yufei
d51855d10f docs: fix double articles bug
Delete the extra article 'the'.

Signed-off-by: Wang Yufei <james.wangyufei@huawei.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2013-12-05 13:16:33 -07:00
Michal Privoznik
e925aad324 virThreadPoolFree: Set n(Prio)Workers after the pool is locked
In 78839da I am trying to join the worker threads. However, I can't
sipmly reuse pool->nWorkers (same applies for pool->nPrioWorkers),
because of the following flow that is currently implemented:

1) the main thread executing virThreadPoolFree sets pool->quit = true,
wakes up all the workers and wait on pool->quit_cond.

2) A worker is woken up and see quit request. It immediately jumps of
the while() loop and decrements pool->nWorkers (or pool->nPrioWorkers in
case of priority worker). The last thread signalizes pool->quit_cond.

3) Main thread is woken up, with both pool->nWorkers and
pool->nPrioWorkers being zero.

So there's a need to copy the original value of worker thread counts
into local variables. However, these need to set *after* the check for
pool being NULL (dereferencing a NULL is no no). And for safety they can
be set right after the pool is locked.

Reported-by: John Ferlan <jferlan@redhat.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-12-05 15:52:23 +01:00
Peter Krempa
90f9ccb4f2 qemu: Fix indentation in qemuTranslateDiskSourcePool
Commit e1a4d08baf was pushed with bad
indentation the iSCSI pool translation code.
2013-12-05 12:05:08 +01:00
Wangyufei (James)
36ae35f02c qemuAgentDispose: Reset lastError
When an error occurred in qemuAgentIO, it will be saved in mon->lastError,
but it will not be freed at the end.  Present since commit c160ce33;
and compare to commit 9cc8a5af fixing the same problem in qemu_monitor.c.

==22219== 54 bytes in 1 blocks are definitely lost in loss record 982 of 1,379
==22219==    at 0x4C26B9B: malloc (vg_replace_malloc.c:263)
==22219==    by 0x8520521: strdup (in /lib64/libc-2.11.3.so)
==22219==    by 0x52E99CB: virStrdup (virstring.c:554)
==22219==    by 0x52B44C4: virCopyError (virerror.c:195)
==22219==    by 0x52B5123: virCopyLastError (virerror.c:312)
==22219==    by 0x10905877: qemuAgentIO (qemu_agent.c:660)
==22219==    by 0x52B6122: virEventPollDispatchHandles (vireventpoll.c:501)
==22219==    by 0x52B7AEA: virEventPollRunOnce (vireventpoll.c:647)
==22219==    by 0x52B5C1B: virEventRunDefaultImpl (virevent.c:274)
==22219==    by 0x54181FD: virNetServerRun (virnetserver.c:1112)
==22219==    by 0x11EF4D: main (libvirtd.c:1513)

Signed-off-by: Zhou Yimin <zhouyimin@huawei.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2013-12-04 14:43:54 -07:00
Nehal J Wani
f386d323e6 Fix memory leak in qemuBuildDriveStr()
This patch fixes memory leaks reported by valgrind on running
qemuxml2argvtest; introduced in commit 0df53f04.

Most of them are of the form:

==24777== 15 bytes in 1 blocks are definitely lost in loss record 39 of 129
==24777==    at 0x4A0887C: malloc (vg_replace_malloc.c:270)
==24777==    by 0x341F485E21: strdup (strdup.c:42)
==24777==    by 0x4CADE5F: virStrdup (virstring.c:554)
==24777==    by 0x4362B6: qemuBuildDriveStr (qemu_command.c:3848)
==24777==    by 0x43EF73: qemuBuildCommandLine (qemu_command.c:8500)
==24777==    by 0x426670: testCompareXMLToArgvHelper (qemuxml2argvtest.c:350)
==24777==    by 0x427C01: virtTestRun (testutils.c:138)
==24777==    by 0x41DDB5: mymain (qemuxml2argvtest.c:658)
==24777==    by 0x4282A2: virtTestMain (testutils.c:593)
==24777==    by 0x341F421A04: (below main) (libc-start.c:225)
==24777==

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-12-04 14:23:50 -07:00
Peter Krempa
df36af589f maint: Kill usage of atoi()
Kill the use of atoi() and introduce syntax check to forbid it and it's
friends (atol, atoll, atof, atoq).

Also fix a typo in variable name holding the cylinders count of a disk
pool (apparently unused).

examples/domsuspend/suspend.c will need a larger scale refactor as the
whole example file is broken thus it will be exempted from the syntax
check for now.
2013-12-04 18:56:06 +01:00
Daniel P. Berrange
d75d8b46f8 Don't overwrite errors from virConfReadFile
The SELinux security driver would overwrite errors from the
virConfReadFile function.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-12-04 15:40:23 +00:00
Michal Privoznik
78839da0bb virThreadPoolFree: Join worker threads
Even though currently we are freeing the pool of worker threads at the
daemon very end, nothing holds us back in joining the worker threads.
Moreover, we avoid leaks like this:

==26697== 1,680 bytes in 5 blocks are possibly lost in loss record 913 of 942
==26697==    at 0x4C2BDE4: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==26697==    by 0x4011131: allocate_dtv (in /lib64/ld-2.16.so)
==26697==    by 0x401176D: _dl_allocate_tls (in /lib64/ld-2.16.so)
==26697==    by 0x8499602: pthread_create@@GLIBC_2.2.5 (in /lib64/libpthread-2.16.so)
==26697==    by 0x52F53E9: virThreadCreate (virthreadpthread.c:188)
==26697==    by 0x52F5D4F: virThreadPoolNew (virthreadpool.c:221)
==26697==    by 0x53F30DB: virNetServerNew (virnetserver.c:377)
==26697==    by 0x11C6ED: main (libvirtd.c:1366)

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-12-04 16:36:46 +01:00
Shivaprasad G Bhat
81fae6b95c qemu: fix live pinning to memory node on NUMA system
Ever since the subcpusets(vcpu,emulator) were introduced, the parent
cpuset cannot be modified to remove the nodes that are in use by the
subcpusets.
The fix is to break the memory node modification into three steps:
 1. assign new nodes into the parent,
 2. change the nodes in the child nodes,
 3. remove the old nodes on the parent node.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1009880

Signed-off-by: Shivaprasad G Bhat <sbhat@linux.vnet.ibm.com>
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2013-12-04 13:32:07 +01:00
John Ferlan
37a02bab1e storage_driver: Resolve Coverity CHECKED_RETURN warning
The storageRegister() didn't check the return from the
virRegisterStorageDriver() like other callers did, so Coverity
flagged it.  Just check the return and handle.
2013-12-04 06:27:20 -05:00
John Ferlan
b17168cbf6 bridge_driver: Resolve Coverity CHECKED_RETURN warning
The networkRegister() didn't check the return status of the
virRegisterNetworkDriver() call like other callers, so just
check and handle here as well.
2013-12-04 06:27:20 -05:00
John Ferlan
950a493ba9 virnetserverclient: Fix conditional change HAVE_SASL to WITH_SASL 2013-12-04 06:27:20 -05:00
John Ferlan
643b5f843d virnetserverclient: Remove Coverity DEADCODE warning
The x509dname is only set inside a WITH_GNUTLS conditional, so
when used/check later on for NULL, Coverity detects this is not
possible.  Added WITH_GNUTLS around uses to remove message
2013-12-04 06:27:19 -05:00
John Ferlan
5a298ec040 nwfilter: Remove Coverity DEADCODE warning
The nwfilterStateInitialize() would only assign sysbus inside
a WITH_DBUS conditional, thus leaving a subsequent check for sysbus
and nwfilterDriverInstallDBusMatches() as a no-op

Rather than try to add WITH_DBUS conditions which ended up conflicting
with the usage of HAVE_FIREWALLD conditionals, just remove the WITH_DBUS
since virdbus.c has entry points for with and without conditions.
2013-12-04 06:27:19 -05:00
Michal Privoznik
2e1ced5794 src: Align make output
The make inserts six spaces instead of four:

  GEN      access/viraccessapichecklxc.h
  GEN    hyperv/hyperv_wmi.generated.h
  GEN      access/viraccessapichecklxc.c
  GEN    hyperv/hyperv_wmi.generated.c
  GEN    hyperv/hyperv_wmi_classes.generated.typedef
  GEN    hyperv/hyperv_wmi_classes.generated.h
  GEN    hyperv/hyperv_wmi_classes.generated.c
  GEN      libvirt_access_qemu.xml
  GEN      libvirt_access.syms
  GEN      libvirt_access_lxc.xml
  GEN      libvirt_access_qemu.syms
  GEN      libvirt_access_lxc.syms
  GEN      libvirt_qemu.def
  GEN    esx/esx_vi_types.generated.typedef
  GEN    esx/esx_vi_types.generated.typeenum
  GEN    esx/esx_vi_types.generated.typetostring
  GEN    esx/esx_vi_types.generated.typefromstring
  GEN    esx/esx_vi_types.generated.h
  GEN    esx/esx_vi_types.generated.c
  GEN    esx/esx_vi_methods.generated.h
  GEN    esx/esx_vi_methods.generated.c
  GEN    esx/esx_vi_methods.generated.macro
  GEN    esx/esx_vi.generated.h
  GEN    esx/esx_vi.generated.c
  GEN      libvirt_lxc.def

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-12-04 09:41:33 +01:00
Laine Stump
5e12641e0e qemu: report error on attempt to live change virtio-net queues
This resolves:

  https://bugzilla.redhat.com/show_bug.cgi?id=1029732

The BZ asked for the capability to change the number of queues used by
a virtio-net device while the device is in use. Because the number of
queues can only be set at the time the device is created, that isn't
possible. However, libvirt also shouldn't be silently reporting
success when someone tries to change the number of queues. So this
patch flags that as an error (just as attempts to change any of the
other virtio-specific parameters already do).
2013-12-03 16:50:59 +02:00
Laine Stump
96fddee322 qemu: add "-boot strict" to commandline whenever possible
This resolves:

  https://bugzilla.redhat.com/show_bug.cgi?id=888635

(which was already closed as CANTFIX because the qemu "-boot strict"
commandline option wasn't available at the time).

Problem: you couldn't have a domain that used PXE to boot, but also
had an un-bootable disk device *even if that disk wasn't listed in the
boot order*, because if PXE timed out (e.g. due to the bridge
forwarding delay), the BIOS would move on to the next target, which
would be the unbootable disk device (again - even though it wasn't
given a boot order), and get stuck at a "BOOT DISK FAILURE, PRESS ANY
KEY" message until a user intervened.

The solution available since sometime around QEMU 1.5, is to add
"-boot strict=on" to *every* qemu command. When this is done, if any
devices have a boot order specified, then QEMU will *only* attempt to
boot from those devices that have an explicit boot order, ignoring the
rest.
2013-12-03 11:58:26 +02:00
Laine Stump
47b9aae0ae qemu: default to vfio for nodedev-detach
This patch resolves:

  https://bugzilla.redhat.com/show_bug.cgi?id=1035188

Commit f094aaac48 changed the PCI device assignment in qemu domains
to default to using VFIO rather than legacy KVM device assignment
(when VFIO is available). It didn't change which driver was used by
default for virNodeDeviceDetachFlags(), though, so that API (and the
virsh nodedev-detach command) was still binding to the pci-stub
driver, used by legacy KVM assignment, by default.

This patch publicizes (only within the qemu module, though, so no
additions to the symbol exports are needed) the functions that check
for presence of KVM and VFIO device assignment, then uses those
functions to decide what to do when no driver is specified for
virNodeDeviceDetachFlags(); if the vfio driver is loaded, the device
will be bound to vfio-pci, or if legacy KVM assignment is supported on
this system, the device will be bound to pci-stub; if neither method
is available, the detach will fail.
2013-12-03 11:58:26 +02:00
Peter Krempa
26fb96d8c0 qemu: snapshots: Declare supported and unsupported snapshot configs
Currently the snapshot code did not check if it actually supports
snapshots on various disk backends for domains. To avoid future problems
add checkers that whitelist the supported configurations.
2013-12-03 10:41:05 +01:00
Peter Krempa
bdeb0f0123 qemu: Clear old translated pool source
Clear the old data to avoid leaking it when attempting to re-translate a
pool on the same domain object.
2013-12-03 10:38:40 +01:00
Peter Krempa
0df53f0432 qemu: Refactor disk source string formatting
This patch adds function qemuGetDriveSourceString to produce
qemu-compatible disk source strings that will enable to reuse the code
and refactors building of the qemu commandline of disks to use this new
helper.
2013-12-03 10:36:12 +01:00
Peter Krempa
b384e2b4d7 qemu: Unify formatting of RBD sources 2013-12-03 10:31:19 +01:00
Peter Krempa
d94fd0c9c2 qemu: Split out NBD command generation 2013-12-03 10:28:57 +01:00
Peter Krempa
eaa1539b2f qemu: Migrate sheepdog source generation into common function 2013-12-03 10:27:11 +01:00
Peter Krempa
078a102537 qemu: Use qemuBuildNetworkDriveURI to handle http/ftp and friends
Prepare the function to integrate other protocols and start folding
other network protocols into a common place.
2013-12-03 10:25:11 +01:00
Peter Krempa
927ddae197 qemu: Simplify call pattern of qemuBuildDriveURIString
Automatically assign secret type from the disk source definition and
pull in adding of the comma. Then update callers to keep generated
output the same.
2013-12-03 10:23:16 +01:00
Peter Krempa
a29d33ffcb qemu: Split out formatting of network disk source URI
The snapshot code will need to use qemu-style formatted URIs of network
disks. Split out the code to avoid duplication.
2013-12-03 10:19:30 +01:00
Peter Krempa
e1a4d08baf qemu: Refactor qemuTranslateDiskSourcePool
Before this patch, the translation function still needs a second ugly
helper function to actually format the command line for qemu. But if we
do the right stuff in the translation function, we don't have to bother
with the second function any more.

This patch removes the messy qemuBuildVolumeString function and changes
qemuTranslateDiskSourcePool to set stuff up correctly so that the
regular code paths meant for volumes can be used to format the command
line correctly.

For this purpose a new helper "qemuDiskGetActualType()" is introduced to
return the type of the volume in a pool.

As a part of the refactor the qemuTranslateDiskSourcePool function is
fixed to do decisions based on the pool type instead of the volume type.
This allows to separate pool-type-specific stuff more clearly and will
ease addition of other pool types that will require certain other
operations to get the correct pool source.

The previously fixed tests should make sure that we don't break stuff
that was working before.
2013-12-03 10:16:12 +01:00
Osier Yang
ec2fb767bb Doc: Explicitly declaring that nodedev-destroy only works for vHBA
Though trying to destroy a physical HBA doesn't make sense at all,
it's still a bit misleading with saying "only works for HBA".

Signed-off-by: Osier Yang <jyang@redhat.com>
2013-12-03 16:34:46 +08:00
Daniel P. Berrange
4cac241a7b Ensure to zero out the virDomainBlockJobInfo arg
The virDomainGetBlockJobInfo method did not zero out the
virDomainBlockJobInfo pointer arg, so when block jobs were
not active it would return garbage for the bandwidth/cur/end
fields.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-12-02 17:34:57 +00:00
Peter Krempa
7e6242e9a7 qemu: snapshot: Add functions similar to disk source pool translation
To avoid future pain, add placeholder functions to get the actual
snapshot disk type.
2013-12-02 14:43:13 +01:00
Peter Krempa
cdf02d6474 qemu: snapshot: Touch up error message 2013-12-02 14:43:07 +01:00
Peter Krempa
0018477fb2 conf: Add helper do clear disk source authentication struct
Add virDomainDiskAuthClear to help cleaning out the struct in other
places too.
2013-12-02 14:31:03 +01:00
Peter Krempa
d8cf91ae38 qemu: snapshot: Detect internal snapshots also for sheepdog and RBD
When doing an internal snapshot on a VM with sheepdog or RBD disks we
would not set a flag to mark the domain is using internal snapshots and
might end up creating a mixed snapshot. Move the setting of the variable
to avoid this problem.
2013-12-02 14:31:03 +01:00
Peter Krempa
ae361674ac conf: Add functions to copy and free network disk source definitions
To simplify operations on virDomainDiskHostDef arrays we will need deep
copy and freeing functions. Add and properly export them.
2013-12-02 14:31:03 +01:00
Peter Krempa
5a66c667ff snapshot: conf: Fix NULL dereference when <driver> element is empty
Consider the following valid snapshot XML as the <driver> element is
allowed to be empty in the domainsnapshot.rng schema:

$ cat snap.xml
<domainsnapshot>
  <disks>
    <disk name='vda' snapshot='external'>
      <source file='/tmp/foo'/>
      <driver/>
    </disk>
  </disks>
</domainsnapshot>

produces the following error:

$ virsh snapshot-create domain snap.xml
error: internal error: unknown disk snapshot driver '(null)'

The driver type is parsed as NULL from the XML as the attribute is not
present and then directly used to produce the error message.

With this patch the attempt to parse the driver type is skipped if not
present to avoid changing the schema to forbid the empty driver element.
2013-12-02 14:31:02 +01:00
Peter Krempa
43f2ccdc73 snapshot: conf: Use common parsing and formatting functions for source
Disk source elements for snapshots were using separate code from our
config parser. As snapshots can be stored on more than just regular
files, we will need the universal parser to allow us to expose a variety
of snapshot disk targets. This patch reuses the config parsers and
formatters to do the job.

This initial support only changes the code without any visible XML
change.
2013-12-02 14:28:20 +01:00
Peter Krempa
5f86d11e4a conf: Export disk source formatter and parser
This code will be reused in the snapshot disk definition parser.
2013-12-02 14:02:27 +01:00
Peter Krempa
30f7ca67d9 conf: Split out seclabel formating code for disk source
The code is common for all the various disk types. Split it out to a
common function.
2013-12-02 14:02:27 +01:00
Peter Krempa
03ad83cb5a conf: Clean up virDomainDiskSourceDefFormatInternal
Avoid if statements when used with virBufferEscapeString which
automaticaly omits the whole string. Also add some line breaks to
visualy separate the code.
2013-12-02 14:02:27 +01:00
Peter Krempa
d6b4c2cca9 conf: Support disk source formatting without needing a virDomainDiskDefPtr
The <source> element formatting function was expecting a
virDomainDiskDefPtr to store the data. As snapshots are not using this
data structure to hold the data, we need to add an internal function
which splits out individual fields separately.
2013-12-02 14:02:26 +01:00
Ryota Ozaki
1ed7e014dd vbox: handle errors of virDomainHostdevDefAlloc correctly
The original code ignored errors of virDomainHostdevDefAlloc,
however, we should properly do error return from the function
if it occurs.

The fix pulls out virDomainHostdevDefAlloc from the loop and
executes it all together before the loop. So we can easily
return on errors without the notion of other memory allocations
in the loop.

The deallocation code is separated from the allocation code
because it will be used by a further patch for fixing other error
handlings.

Reported-by: Laine Stump <laine@laine.org>
Signed-off-by: Ryota Ozaki <ozaki.ryota@gmail.com>
2013-12-02 10:59:21 +08:00
Ryota Ozaki
82b5dd23f3 vbox: fix incorrect loop condition in vboxHostDeviceGetXMLDesc
The fixed loop used logical OR to combine two conditions, however,
it is apparently incorrect and logical AND is correct.

We can fix it by replacing OR with AND, but this patch instead
fixes the problem by getting rid of the first conditional
statement: USBFilterCount < def->nhostdevs. It isn't needed
because USBFilterCount will never be greater than or equal to
def->nhostdevs.

def->nhostdevs is calculated in the following code
above the loop in question like this:

    for (i = 0; i < deviceFilters.count; i++) {
        PRBool active = PR_FALSE;
        IUSBDeviceFilter *deviceFilter = deviceFilters.items[i];

        deviceFilter->vtbl->GetActive(deviceFilter, &active);
        if (active) {
            def->nhostdevs++;
        }
    }

And the loop is constructed as like this:

    for (i = 0; (USBFilterCount < def->nhostdevs) || (i < deviceFilters.count); i++) {
        PRBool active                  = PR_FALSE;
(snip)
        deviceFilter->vtbl->GetActive(deviceFilter, &active);
        if (!active)
            continue;
(snip)
        USBFilterCount++;
    }

So def->nhostdevs is the number of active device filters and
USBFilterCount is counted up only when a device filter is active.
Thus, we can remove USBFilterCount < def->nhostdevs safely.

Reported-by: Laine Stump <laine@laine.org>
Signed-off-by: Ryota Ozaki <ozaki.ryota@gmail.com>
2013-12-02 10:57:14 +08:00
Nehal J Wani
6c874c01a0 Fix memory leak in virNWFilterDefParseXML()
While running nwfilterxml2xmltest, it was found that valgrind pointed out the
following error...

==7466== 16 bytes in 1 blocks are definitely lost in loss record 26 of 90
==7466==    at 0x4A06B6F: calloc (vg_replace_malloc.c:593)
    ==7466==    by 0x4C651AD: virAlloc (viralloc.c:142)
    ==7466==    by 0x4D0450D: virNWFilterDefParseNode (nwfilter_conf.c:2575)
    ==7466==    by 0x4D05D84: virNWFilterDefParse (nwfilter_conf.c:2647)
    ==7466==    by 0x401FDE: testCompareXMLToXMLHelper (nwfilterxml2xmltest.c:39)
    ==7466==    by 0x402DE1: virtTestRun (testutils.c:138)
    ==7466==    by 0x4018E9: mymain (nwfilterxml2xmltest.c:111)
    ==7466==    by 0x403482: virtTestMain (testutils.c:593)
    ==7466==    by 0x341F421A04: (below main) (libc-start.c:225)

...21 times, which are related to 21 tests in nwfilterxml2xmltest.c which sent
EXPECT_WARN = false. There were two scenarios in virNWFilterDefParseXML(),
when the variable 'entry' was malloc'ed, but not freed.
2013-12-02 10:39:44 +08:00
Nehal J Wani
2cfcd2ccd0 Fix memory leak in virDomainDefParseXML()
This patch fixes the memory leaks found while running qemuxml2argvtest

==8260== 3 bytes in 1 blocks are definitely lost in loss record 1 of
129
==8260==    at 0x4A0887C: malloc (vg_replace_malloc.c:270)
==8260==    by 0x341F485E21: strdup (strdup.c:42)
==8260==    by 0x4CADCFF: virStrdup (virstring.c:554)
==8260==    by 0x4CBB839: virXPathString (virxml.c:90)
==8260==    by 0x4CE753A: virDomainDefParseXML (domain_conf.c:11478)
==8260==    by 0x4CEB4FE: virDomainDefParseNode (domain_conf.c:12742)
==8260==    by 0x4CEB675: virDomainDefParse (domain_conf.c:12684)
==8260==    by 0x425958: testCompareXMLToArgvHelper (qemuxml2argvtest.c:107)
==8260==    by 0x427111: virtTestRun (testutils.c:138)
==8260==    by 0x41D3FE: mymain (qemuxml2argvtest.c:452)
==8260==    by 0x4277B2: virtTestMain (testutils.c:593)
==8260==    by 0x341F421A04: (below main) (libc-start.c:225)
==8260==
==8260== 4 bytes in 1 blocks are definitely lost in loss record 5 of
129
==8260==    at 0x4A0887C: malloc (vg_replace_malloc.c:270)
==8260==    by 0x341F485E21: strdup (strdup.c:42)
==8260==    by 0x4CADCFF: virStrdup (virstring.c:554)
==8260==    by 0x4CBB839: virXPathString (virxml.c:90)
==8260==    by 0x4CE753A: virDomainDefParseXML (domain_conf.c:11478)
==8260==    by 0x4CEB4FE: virDomainDefParseNode (domain_conf.c:12742)
==8260==    by 0x4CEB675: virDomainDefParse (domain_conf.c:12684)
==8260==    by 0x425958: testCompareXMLToArgvHelper (qemuxml2argvtest.c:107)
==8260==    by 0x427111: virtTestRun (testutils.c:138)
==8260==    by 0x41D39A: mymain (qemuxml2argvtest.c:451)
==8260==    by 0x4277B2: virtTestMain (testutils.c:593)
==8260==    by 0x341F421A04: (below main) (libc-start.c:225)
==8260==
2013-12-02 10:34:52 +08:00
Daniel P. Berrange
262157f651 LXC: Ensure security context is set when mounting images
When setting up filesystems backed by block devices or file
images, the SELinux mount options must be used to ensure the
correct context is set

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-11-29 12:19:37 +00:00
Laine Stump
54f9492353 network: properly update iptables rules during net-update
This patch resolves:

  https://bugzilla.redhat.com/show_bug.cgi?id=1035336

The basic problem is that during a network update, the required
iptables rules sometimes change, and this was being handled by simply
removing and re-adding the rules. However, the removal of the old
rules was done based on the *new* state of the network, which would
mean that some of the rules would not match those currently in the
system, so the old rules wouldn't be removed.

This patch removes the old rules prior to updating the network
definition then adds the new rules as soon as the definition is
updated. Note that this could lead to a stray packet or two during the
interim, but that was already a problem before (the period of limbo is
now just slightly longer).

While moving the location for the rules, I added a few more sections
that should result in the iptables rules being redone:

DHCP_RANGE and DHCP_HOST - these are needed because adding/removing a dhcp
host entry could lead to the dhcp service being started/stopped, which
would require that the mangle rule that fixes up dhcp response
checksums sould need to be added/removed, and this wasn't being done.
2013-11-28 16:55:20 +02:00
Daniel P. Berrange
84fd470d3d Fix bug in identifying sub-mounts
The code for extracting sub-mounts would just do a STRPREFIX
check on the mount. This was flawed because if there were
the following mounts

 /etc/aliases
 /etc/aliases.db

and '/etc/aliases' was asked for, it would return both even
though the latter isn't a sub-mount.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-11-28 11:49:01 +00:00
Daniel P. Berrange
d45b833d14 Pull lxcContainerGetSubtree out into shared virfile module
Move the code for lxcContainerGetSubtree into the virfile
module creating 2 new functions

  int virFileGetMountSubtree(const char *mtabpath,
                             const char *prefix,
                             char ***mountsret,
                             size_t *nmountsret);
  int virFileGetMountReverseSubtree(const char *mtabpath,
                                    const char *prefix,
                                    char ***mountsret,
                                    size_t *nmountsret);

Add a new virfiletest.c test case to validate the new code.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-11-28 11:49:01 +00:00
Daniel P. Berrange
c60a2713d6 Introduce standard methods for sorting strings with qsort
Add virStringSortCompare and virStringSortRevCompare as
standard functions to use with qsort.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-11-28 11:29:46 +00:00
Peter Krempa
69d20452ce conf: Export virStorageVolType enum helper functions
Export string conversion from and to the virStorageVolType enum.
2013-11-27 15:17:21 +01:00
Eric Blake
c8b8b50c3b storage: skip selinux cleanup when fd not available
When attempting to backport gluster pools to an older versoin
where there is no VIR_STRDUP, I got a crash from calling
strdup(,NULL). Rather than relying on the current else branch
safely doing nothing when there is no fd, it is easier to just
skip it. While at it, there's no need to explicitly set
perms.label to NULL after a VIR_FREE().

* src/storage/storage_backend.c
(virStorageBackendUpdateVolTargetInfoFD): Minor optimization.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-27 06:08:28 -07:00
Bing Bu Cao
8e043864ec qemu: preserve netdev MAC address during 'domxml-to-native'
The virsh command 'domxml-to-native' (virConnectDomainXMLToNative())
converts all network devices to "type='ethernet'" in order to make it
more likely that the generated command could be run directly from a
shell (other libvirt network device types end up referencing file
descriptors for tap devices assumed to have been created by libvirt,
which can't be done in this case).

During this conversion, all of the netdev parameters are cleared out,
then specific items are filled in after changing the type. The MAC
address was not one of these preserved items, and the result was that
mac addresses in the generated commandlines were always
00:00:00:00:00:00.

This patch saves the mac address before the conversion, then
repopulates it afterwards, so the proper mac addresses show up in the
commandline.

Signed-off-by: Bing Bu Cao <mars@linux.vnet.ibm.com>
Signed-off-by: Laine Stump <laine@laine.org>
2013-11-27 14:20:18 +02:00
Eric Blake
655ea8dc02 storage: don't read storage volumes in nonblock mode
Commit 348b4e2 introduced a potential problem (thankfully not
in any release): we are attempting to use virFileReadHeaderFD()
on a file that was opened with O_NONBLOCK.  While this
shouldn't be a problem in practice (because O_NONBLOCK
typically doesn't affect regular or block files, and fifos and
sockets cannot be storage volumes), it's better to play it safe
to avoid races from opening an unexpected file type while also
avoiding problems with having to handle EAGAIN while read()ing.

Based on a report by Dan Berrange.

* src/storage/storage_backend.c
(virStorageBackendVolOpenCheckMode): Fix up fd after avoiding race.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-26 13:43:44 -07:00
Gao feng
f575fda748 LXC: don't unmount mounts for shared root
Also after commit 5ff9d8a65ce80efb509ce4e8051394e9ed2cd942
vfs: Lock in place mounts from more privileged users,

unprivileged user has no rights to umount the mounts that
inherited from parent mountns.

right now, I have no good idea to fix this problem, we need
to do more research. this patch just skip unmounting these
mounts for shared root.

BTW, I think when libvirt lxc enables user namespace, the
configuation that shares root with host is very rara.

Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
2013-11-26 15:55:47 +00:00
Gao feng
46f2d16f07 LXC: fix the problem that libvirt lxc fail to start on latest kernel
After kernel commit 5ff9d8a65ce80efb509ce4e8051394e9ed2cd942
vfs: Lock in place mounts from more privileged users,

unprivileged user has no rights to move the mounts that
inherited from parent mountns. we use this feature to move
the /stateDir/domain-name.{dev, devpts} to the /dev/ and
/dev/pts directroy of container. this commit breaks libvirt lxc.

this patch changes the behavior to bind these mounts when
user namespace is enabled and move these mounts when user
namespace is disabled.

Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
2013-11-26 12:22:25 +00:00
Christophe Fergeau
78e9096865 sasl: Replace 'restep' label with 'continue'
Since the label is at the beginning of the loop, this has the same effect.
2013-11-26 11:52:58 +01:00
Christophe Fergeau
0955025b9c sasl: Fix authentication when using PLAIN mechanism
With some authentication mechanism (PLAIN for example), sasl_client_start()
can return SASL_OK, which translates to virNetSASLSessionClientStart()
returning VIR_NET_SASL_COMPLETE.
cyrus-sasl documentation is a bit vague as to what to do in such situation,
but upstream clarified this a bit in
http://asg.andrew.cmu.edu/archive/message.php?mailbox=archive.cyrus-sasl&msg=10104

When we got VIR_NET_SASL_COMPLETE after virNetSASLSessionClientStart() and
if the remote also tells us that authentication is complete, then we should
end the authentication procedure rather than forcing a call to
virNetSASLSessionClientStep(). Without this patch, when trying to use SASL
PLAIN, I get:
error :authentication failed : Failed to step SASL negotiation: -1
(SASL(-1): generic failure: Unable to find a callback: 32775)

This patch is based on a spice-gtk patch by Dietmar Maurer.
2013-11-26 11:52:58 +01:00
Christophe Fergeau
986900a5af Fix invalid read in virNetSASLSessionClientStep debug log
virNetSASLSessionClientStep logs the data that is going to be passed to
sasl_client_step as input data. However, it tries to log it as a string,
while there is no guarantee that this data is going to be nul-terminated.
This leads to this valgrind log:

==20938== Invalid read of size 1
==20938==    at 0x8BDB08F: vfprintf (vfprintf.c:1635)
==20938==    by 0x8C06DF2: vasprintf (vasprintf.c:62)
==20938==    by 0x4CCEDF9: virVasprintfInternal (virstring.c:337)
==20938==    by 0x4CA9516: virLogVMessage (virlog.c:842)
==20938==    by 0x4CA939A: virLogMessage (virlog.c:778)
==20938==    by 0x4E21E0D: virNetSASLSessionClientStep (virnetsaslcontext.c:458)
==20938==    by 0x4DE47B8: remoteAuthSASL (remote_driver.c:4136)
==20938==    by 0x4DE33AE: remoteAuthenticate (remote_driver.c:3635)
==20938==    by 0x4DDBFAA: doRemoteOpen (remote_driver.c:832)
==20938==    by 0x4DDC8BA: remoteConnectOpen (remote_driver.c:1027)
==20938==    by 0x4D8595F: do_open (libvirt.c:1239)
==20938==    by 0x4D863F3: virConnectOpenAuth (libvirt.c:1481)
==20938==    by 0x12762B: vshReconnect (virsh.c:337)
==20938==    by 0x12C9B0: vshInit (virsh.c:2470)
==20938==    by 0x12E9A5: main (virsh.c:3338)
==20938==  Address 0xe329ccd is 0 bytes after a block of size 141 alloc'd
==20938==    at 0x4A081D4: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==20938==    by 0x8CB91B4: xdr_array (xdr_array.c:94)
==20938==    by 0x4E039C2: xdr_remote_auth_sasl_start_ret (remote_protocol.c:3134)
==20938==    by 0x4E1F8AA: virNetMessageDecodePayload (virnetmessage.c:405)
==20938==    by 0x4E119F5: virNetClientProgramCall (virnetclientprogram.c:377)
==20938==    by 0x4DF8141: callFull (remote_driver.c:5794)
==20938==    by 0x4DF821A: call (remote_driver.c:5816)
==20938==    by 0x4DE46CF: remoteAuthSASL (remote_driver.c:4112)
==20938==    by 0x4DE33AE: remoteAuthenticate (remote_driver.c:3635)
==20938==    by 0x4DDBFAA: doRemoteOpen (remote_driver.c:832)
==20938==    by 0x4DDC8BA: remoteConnectOpen (remote_driver.c:1027)
==20938==    by 0x4D8595F: do_open (libvirt.c:1239)
==20938==    by 0x4D863F3: virConnectOpenAuth (libvirt.c:1481)
==20938==    by 0x12762B: vshReconnect (virsh.c:337)
==20938==    by 0x12C9B0: vshInit (virsh.c:2470)
==20938==    by 0x12E9A5: main (virsh.c:3338)
2013-11-26 11:52:58 +01:00
Christophe Fergeau
13fdc6d63e Tie SASL callbacks lifecycle to virNetSessionSASLContext
The array of sasl_callback_t callbacks which is passed to sasl_client_new()
must be kept alive as long as the created sasl_conn_t object is alive as
cyrus-sasl uses this structure internally for things like logging, so
the memory used for callbacks must only be freed after sasl_dispose() has
been called.

During testing of successful SASL logins with
virsh -c qemu+tls:///system list --all
I've been getting invalid read reports from valgrind

==9237== Invalid read of size 8
==9237==    at 0x6E93B6F: _sasl_getcallback (common.c:1745)
==9237==    by 0x6E95430: _sasl_log (common.c:1850)
==9237==    by 0x16593D87: digestmd5_client_mech_dispose (digestmd5.c:4580)
==9237==    by 0x6E91653: client_dispose (client.c:332)
==9237==    by 0x6E9476A: sasl_dispose (common.c:851)
==9237==    by 0x4E225A1: virNetSASLSessionDispose (virnetsaslcontext.c:678)
==9237==    by 0x4CBC551: virObjectUnref (virobject.c:262)
==9237==    by 0x4E254D1: virNetSocketDispose (virnetsocket.c:1042)
==9237==    by 0x4CBC551: virObjectUnref (virobject.c:262)
==9237==    by 0x4E2701C: virNetSocketEventFree (virnetsocket.c:1794)
==9237==    by 0x4C965D3: virEventPollCleanupHandles (vireventpoll.c:583)
==9237==    by 0x4C96987: virEventPollRunOnce (vireventpoll.c:652)
==9237==    by 0x4C94730: virEventRunDefaultImpl (virevent.c:274)
==9237==    by 0x12C7BA: vshEventLoop (virsh.c:2407)
==9237==    by 0x4CD3D04: virThreadHelper (virthreadpthread.c:161)
==9237==    by 0x7DAEF32: start_thread (pthread_create.c:309)
==9237==    by 0x8C86EAC: clone (clone.S:111)
==9237==  Address 0xe2d61b0 is 0 bytes inside a block of size 168 free'd
==9237==    at 0x4A07577: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==9237==    by 0x4C73827: virFree (viralloc.c:580)
==9237==    by 0x4DE4BC7: remoteAuthSASL (remote_driver.c:4219)
==9237==    by 0x4DE33D0: remoteAuthenticate (remote_driver.c:3639)
==9237==    by 0x4DDBFAA: doRemoteOpen (remote_driver.c:832)
==9237==    by 0x4DDC8DC: remoteConnectOpen (remote_driver.c:1031)
==9237==    by 0x4D8595F: do_open (libvirt.c:1239)
==9237==    by 0x4D863F3: virConnectOpenAuth (libvirt.c:1481)
==9237==    by 0x12762B: vshReconnect (virsh.c:337)
==9237==    by 0x12C9B0: vshInit (virsh.c:2470)
==9237==    by 0x12E9A5: main (virsh.c:3338)

This commit changes virNetSASLSessionNewClient() to take ownership of the SASL
callbacks. Then we can free them in virNetSASLSessionDispose() after the corresponding
sasl_conn_t has been freed.
2013-11-26 11:52:58 +01:00
Christophe Fergeau
c7cdc9b01c remote: Don't leak priv->tls object on connection failure
When testing SASL authentication over TLS with
virsh -c qemu+tls:///system list --all
I got this valgrind trace after entering wrong credentials:

==30540== 26,903 (88 direct, 26,815 indirect) bytes in 1 blocks are definitely lost in loss record 289 of 293
==30540==    at 0x4A081D4: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==30540==    by 0x4C7379A: virAllocVar (viralloc.c:558)
==30540==    by 0x4CBC178: virObjectNew (virobject.c:190)
==30540==    by 0x4CBC329: virObjectLockableNew (virobject.c:216)
==30540==    by 0x4E2D003: virNetTLSContextNew (virnettlscontext.c:719)
==30540==    by 0x4E2DC3F: virNetTLSContextNewPath (virnettlscontext.c:930)
==30540==    by 0x4E2DD5B: virNetTLSContextNewClientPath (virnettlscontext.c:957)
==30540==    by 0x4DDB618: doRemoteOpen (remote_driver.c:627)
==30540==    by 0x4DDC8BA: remoteConnectOpen (remote_driver.c:1031)
==30540==    by 0x4D8595F: do_open (libvirt.c:1239)
==30540==    by 0x4D863F3: virConnectOpenAuth (libvirt.c:1481)
==30540==    by 0x12762B: vshReconnect (virsh.c:337)
==30540==    by 0x12C9B0: vshInit (virsh.c:2470)
==30540==    by 0x12E9A5: main (virsh.c:3338)
2013-11-26 11:52:58 +01:00
Yuri Chornoivan
73a03e3063 Fix three minor typos 2013-11-26 18:37:09 +08:00
Eric Blake
053f45f8f6 storage: fix typo in previous patch
You'd think I'd learn to actually COMMIT my working tree
between testing that a last-minute fix compiles and pushing.

* src/storage/storage_backend_gluster.c
(virStorageBackendGlusterRefreshVol): Typo fix.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-25 14:45:46 -07:00
Eric Blake
14daa81280 storage: probe qcow2 volumes in gluster pool
Putting together pieces from previous patches, it is now possible
for 'virsh vol-dumpxml --pool gluster volname' to report metadata
about a qcow2 file stored on gluster.  The backing file is still
treated as raw; to fix that, more patches are needed to make the
storage backing chain analysis recursive rather than halting at
a network protocol name, but that work will not need any further
calls into libgfapi so much as just reusing this code, and that
should be the only code outside of the storage driver that needs
any help from libgfapi.  Any additional use of libgfapi within
libvirt should only be needed for implementing storage pool APIs
such as volume creation or resizing, where backing chain analysis
should be unaffected.

* src/storage/storage_backend_gluster.c
(virStorageBackendGlusterReadHeader): New helper function.
(virStorageBackendGlusterRefreshVol): Probe non-raw files.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-25 13:48:23 -07:00
Eric Blake
79eb21f976 storage: improve handling of symlinks in gluster
With this patch, dangling and looping symlinks are silently
ignored, while links to files and directories are treated the
same as the underlying file or directory.  This is the same
behavior as both 'directory' and 'netfs' pools.

* src/storage/storage_backend_gluster.c
(virStorageBackendGlusterRefreshVol): Treat symlinks similar to
directory and netfs pools.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-25 12:51:33 -07:00
Eric Blake
13e738cc0a storage: improve allocation stats reported on gluster files
We already had code for handling allocation different than
capacity for sparse files; we just had to wire it up to be
used when inspecting gluster images.

* src/storage/storage_backend.c
(virStorageBackendUpdateVolTargetInfoFD): Handle no fd.
* src/storage/storage_backend_gluster.c
(virStorageBackendGlusterRefreshVol): Handle sparse files.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-25 12:50:02 -07:00
Eric Blake
1458b2e963 storage: improve directory support in gluster pool
Take advantage of the previous patch's addition of 'netdir' as
a distinct volume type, to expose rather than silently skip
directories embedded in a gluster pool.  Also serves as an XML
validation for the previous patch.

* src/storage/storage_backend_gluster.c
(virStorageBackendGlusterRefreshVol): Don't skip directories.
* tests/storagevolxml2xmltest.c (mymain): Add test.
* tests/storagevolxml2xmlin/vol-gluster-dir.xml: New file.
* tests/storagevolxml2xmlout/vol-gluster-dir.xml: Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-25 12:46:19 -07:00
Eric Blake
ecd881b7a7 storage: add network-dir as new storage volume type
In the 'directory' and 'netfs' storage pools, a user can see
both 'file' and 'dir' storage volume types, to know when they
can descend into a subdirectory.  But in a network-based storage
pool, such as the upcoming 'gluster' pool, we use 'network'
instead of 'file', and did not have any counterpart for a
directory until this patch.  Adding a new volume type
'network-dir' is better than reusing 'dir', because it makes
it clear that the only way to access 'network' volumes within
that container is through the network mounting (leaving 'dir'
for something accessible in the local file system).

* include/libvirt/libvirt.h.in (virStorageVolType): Expand enum.
* docs/formatstorage.html.in: Document it.
* docs/schemasa/storagevol.rng (vol): Allow new value.
* src/conf/storage_conf.c (virStorageVol): Use new value.
* src/qemu/qemu_command.c (qemuBuildVolumeString): Fix client.
* src/qemu/qemu_conf.c (qemuTranslateDiskSourcePool): Likewise.
* tools/virsh-volume.c (vshVolumeTypeToString): Likewise.
* src/storage/storage_backend_fs.c
(virStorageBackendFileSystemVolDelete): Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-25 12:29:49 -07:00
Eric Blake
efee1af54a storage: implement rudimentary glusterfs pool refresh
Actually put gfapi to use, by allowing the creation of a gluster
pool.  Right now, all volumes are treated as raw and directories
are skipped; further patches will allow peering into files to
allow for qcow2 files and backing chains, and reporting proper
volume allocation.  This implementation was tested against Fedora
19's glusterfs 3.4.1; it might be made simpler by requiring a
higher minimum, and/or require more hacks to work with a lower
minimum.

* src/storage/storage_backend_gluster.c
(virStorageBackendGlusterRefreshPool): Initial implementation.
(virStorageBackendGlusterOpen, virStorageBackendGlusterClose)
(virStorageBackendGlusterRefreshVol): New helper functions.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-25 11:56:51 -07:00
Eric Blake
318ea3cb77 storage: initial support for linking with libgfapi
We support gluster volumes in domain XML, so we also ought to
support them as a storage pool.  Besides, a future patch will
want to take advantage of libgfapi to handle the case of a
gluster device holding qcow2 rather than raw storage, and for
that to work, we need a storage backend that can read gluster
storage volume contents.  This sets up the framework.

Note that the new pool is named 'gluster' to match a
<disk type='network'><source protocol='gluster'> image source
already supported in a <domain>; it does NOT match the
<pool type='netfs'><source><target type='glusterfs'>,
since that uses a FUSE mount to a local file name rather than
a network name.

This and subsequent patches have been tested against glusterfs
3.4.1 (available on Fedora 19); there are likely bugs in older
versions that may prevent decent use of gfapi, so this patch
enforces the minimum version tested.  A future patch may lower
the minimum.  On the other hand, I hit at least two bugs in
3.4.1 that will be fixed in 3.5/3.4.2, where it might be worth
raising the minimum: glfs_readdir is nicer to use than
glfs_readdir_r [1], and glfs_fini should only return failure on
an actual failure [2].

[1] http://lists.gnu.org/archive/html/gluster-devel/2013-10/msg00085.html
[2] http://lists.gnu.org/archive/html/gluster-devel/2013-10/msg00086.html

* configure.ac (WITH_STORAGE_GLUSTER): New conditional.
* m4/virt-gluster.m4: new file.
* libvirt.spec.in (BuildRequires): Support gluster in spec file.
* src/conf/storage_conf.h (VIR_STORAGE_POOL_GLUSTER): New pool
type.
* src/conf/storage_conf.c (poolTypeInfo): Treat similar to
sheepdog and rbd.
(virStoragePoolDefFormat): Don't output target for gluster.
* src/storage/storage_backend_gluster.h: New file.
* src/storage/storage_backend_gluster.c: Likewise.
* po/POTFILES.in: Add new file.
* src/storage/storage_backend.c (backends): Register new type.
* src/Makefile.am (STORAGE_DRIVER_GLUSTER_SOURCES): Build new files.
* src/storage/storage_backend.h (_virStorageBackend): Documet
assumption.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-25 11:02:52 -07:00
Eric Blake
1b5c8d4cbc storage: expose volume meta-type in XML
I got annoyed at having to use both 'virsh vol-list $pool --details'
AND 'virsh vol-dumpxml $vol $pool' to learn if I had populated
the volume correctly.  Since two-thirds of the data present in
virStorageVolGetInfo() already appears in virStorageVolGetXMLDesc(),
this just adds the remaining piece of information, as:

<volume type='...'>
  ...
</volume>

* docs/formatstorage.html.in: Document new <volume type=...>.
* docs/schemas/storagevol.rng (vol): Add it to RelaxNG.
* src/conf/storage_conf.h (virStorageVolTypeToString): Declare.
* src/conf/storage_conf.c (virStorageVolTargetDefFormat): Output
the metatype.
(virStorageVolDefParseXML): Parse it, for unit tests.
* tests/storagevolxml2xmlout/vol-*.xml: Update tests to match.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-25 10:55:19 -07:00
Shivaprasad G Bhat
ec1c34498b virsh domxml-from-native to treat SCSI as the bus type for pseries by default
The bus type IDE being enum Zero, the bus type on pseries system appears as IDE for all the -hda/-cdrom and for disk drives with if="none" type. Pseries platform needs this to appear as SCSI instead of IDE. The ide being not supported, the explicit requests for ide devices will return an error.

Signed-off-by: Shivaprasad G Bhat <sbhat@linux.vnet.ibm.com>
2013-11-25 10:44:46 -05:00
Eric Blake
d68f16447d maint: next release is 1.2.0
I didn't find any other instances with:
git grep '1\.1\.5'

* src/test/test_driver.c (testDriver): Tweak version info.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-25 07:31:08 -07:00
Ryota Ozaki
c677ee8529 vbox: add support for 4.3 APIs
Makefile.am, vbox_V4_3.c and vbox_driver.c do regular
modifitions to support a new version of APIs.

vbox_tmpl.c basically fixes incompatibilities since 4.2.

The affected incompatibilities of 4.3 are:
* IMachine::Delete() has been renamed to IMachine::deleteConfig()
* IMedium::CreateBaseStorage() now accepts multiple variant values
* IDisplay::GetScreenResolution() now returns the display position
  in the guest
* IMachine now has multiple IUSBControllers and IUSBDeviceFilters
  handles USB device filters instead of (obsolete) IUSBController

This patch is tested on Mac OS X 10.8.5 and Fedora 19.

Signed-off-by: Ryota Ozaki <ozaki.ryota@gmail.com>
2013-11-25 13:25:37 +02:00
Ryota Ozaki
f6a5fba2dc vbox: import vbox_CAPI_v4_3.h from SDK
vbox_CAPI_v4_3.h is almost same as
sdk/bindings/xpcom/include/VBoxCAPI_v4_3.h of
http://download.virtualbox.org/virtualbox/4.3.2/VirtualBoxSDK-4.3.2-90405.zip,
but modified to fix preprocessor indentations by using cppi.

Signed-off-by: Ryota Ozaki <ozaki.ryota@gmail.com>
2013-11-25 13:25:12 +02:00
Ryota Ozaki
0518502109 vbox: pull vboxHostDeviceGetXMLDesc out from vboxDomainGetXMLDesc
The USB-related code in vboxDomainGetXMLDesc is deeply nested and
difficult to add new code. So flatten it. To do so, the code is
pulled out from vboxDomainGetXMLDesc to make the function short
and to leaverage early return and goto for error handling.

Signed-off-by: Ryota Ozaki <ozaki.ryota@gmail.com>
2013-11-25 13:03:35 +02:00
Ryota Ozaki
1868b4574e vbox: cleanup vboxAttachUSB
This cleanup flattens deeply nested code.

Signed-off-by: Ryota Ozaki <ozaki.ryota@gmail.com>
2013-11-25 13:03:35 +02:00
Chen Hanxiao
55d1285ef4 lxc: don't do duplicate work when getting pagesize
Don't do duplicate work when getting pagesize.

Signed-off-by: Chen Hanxiao <chenhanxiao@cn.fujitsu.com>
2013-11-25 10:52:50 +01:00
Ján Tomko
9846402116 Don't start a nested job in qemuMigrationPrepareAny
This nested job is canceled by the first ExitMonitor call (even though
it was not created by the corresponding EnterMonitor call), and
again in qemuMigrationPrepareAny if qemuProcessStart failed.
This can lead to a crash if the vm object was disposed of before calling
qemuDomainRemoveInactive:
0  ..62bc in virClassIsDerivedFrom (klass=0xdeadbeef,
   parent=0x7ffce4cdd270) at util/virobject.c:166
1 ..6666 in virObjectIsClass at util/virobject.c:362
2 ..66b4 in virObjectLock at util/virobject.c:314
3 ..477e in virDomainObjListRemove at conf/domain_conf.c:2359
4 ..7a64 in qemuDomainRemoveInactive at qemu/qemu_domain.c:2087
5 ..956c in qemuMigrationPrepareAny at qemu/qemu_migration.c:2469

This was added by commit e4e2822, exposed by 5a4c237 and c7ac251.

https://bugzilla.redhat.com/show_bug.cgi?id=1018267
2013-11-22 16:22:31 +01:00
Michal Privoznik
cc38d68dc1 virDomainReboot: Document that migration might be unsafe
https://bugzilla.redhat.com/show_bug.cgi?id=744967

If a domain is rebooting and a migrate API is called meanwhile we would
have to transfer the fakeReboot attribute to the destination in order to
prevent domain doing plain shutdown over there. We shouldn't try to do
anything clever about it other than documenting this as a known
limitation.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-11-22 08:17:30 +01:00
Eric Blake
6cc4d6a3fe storage: use valid XML for awkward volume names
$ touch /var/lib/libvirt/images/'a<b>c'
$ virsh pool-refresh default
$ virsh vol-dumpxml 'a<b>c' default | head -n2
<volume>
  <name>a<b>c</name>

Oops.  That's not valid XML.  And when we fix the XML
generation, it fails RelaxNG validation.

I'm also tired of seeing <key>(null)</key> in the example
output for volume xml; while we used NULLSTR() to avoid
a NULL deref rather than relying on glibc's printf
extension behavior, it's even better if we avoid the issue
in the first place.  But this requires being careful that
we don't invalidate any storage backends that were relying
on key being unassigned during virStoragVolCreateXML[From].

I would have split this into two patches (one for escaping,
one for avoiding <key>(null)</key>), but since they both
end up touching a lot of the same test files, I ended up
merging it into one.

Note that this patch allows pretty much any volume name
that can appear in a directory (excluding . and .. because
those are special), but does nothing to change the current
(unenforced) RelaxNG claim that pool names will consist
only of letters, numbers, _, -, and +.  Tightening the C
code to match RelaxNG patterns and/or relaxing the grammar
to match the C code for pool names is a task for another
day (but remember, we DID recently tighten C code for
domain names to exclude a leading '.').

* src/conf/storage_conf.c (virStoragePoolSourceFormat)
(virStoragePoolDefFormat, virStorageVolTargetDefFormat)
(virStorageVolDefFormat): Escape user-controlled strings.
(virStorageVolDefParseXML): Parse key, for use in unit tests.
* src/storage/storage_driver.c (storageVolCreateXML)
(storageVolCreateXMLFrom): Ensure parsed key doesn't confuse
volume creation.
* docs/schemas/basictypes.rng (volName): Relax definition.
* tests/storagepoolxml2xmltest.c (mymain): Test it.
* tests/storagevolxml2xmltest.c (mymain): Likewise.
* tests/storagepoolxml2xmlin/pool-dir-naming.xml: New file.
* tests/storagepoolxml2xmlout/pool-dir-naming.xml: Likewise.
* tests/storagevolxml2xmlin/vol-file-naming.xml: Likewise.
* tests/storagevolxml2xmlout/vol-file-naming.xml: Likewise.
* tests/storagevolxml2xmlout/vol-*.xml: Fix fallout.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-21 17:29:47 -07:00
Wangyufei (A)
09f2395217 docs: delete extra character
delete extra character 'p' from the comment of virInterfaceCreate

Signed-off-by: Wang Yufei <james.wangyufei@huawei.com>
2013-11-21 11:53:59 +01:00
Eric Farman
881eb78064 qemu: Auto-generate controller for hotplugged hostdev
If a SCSI hostdev is included in an initial domain XML, without a
corresponding controller statement, one is created silently when the
guest is booted.

When hotplugging a SCSI hostdev, a presumption is that the controller
is already present in the domain either from the original XML, or via
an earlier hotplug.

  [root@xxxxxxxx ~]# cat disk.xml
  <hostdev mode='subsystem' type='scsi'>
    <source>
      <adapter name='scsi_host0'/>
      <address bus='0' target='3' unit='1088438288'/>
    </source>
  </hostdev>
  [root@xxxxxxxx ~]# virsh attach-device guest01 disk.xml
  error: Failed to attach device from disk.xml
  error: internal error: unable to execute QEMU command 'device_add': Bus 'scsi0.0' not found

Since the infrastructure is in place, we can also create a controller
silently for use by the hotplugged hostdev device.

Signed-off-by: Eric Farman <farman@linux.vnet.ibm.com>
2013-11-21 10:38:57 +01:00
Eric Farman
6f22f95f77 qemu: Separate calls based on controller bus type
For systems without a PCI bus, attaching a SCSI controller fails:

  [root@xxxxxxxx ~]# cat controller.xml
  <controller type='scsi' model='virtio-scsi' index='0' />
  [root@xxxxxxxx ~]# virsh attach-device guest01 controller.xml
  error: Failed to attach device from controller.xml
  error: XML error: No PCI buses available

A similar problem occurs with the detach of a controller:

  [root@xxxxxxxx ~]# virsh detach-device guest01 controller.xml
  error: Failed to detach device from controller.xml
  error: operation failed: controller scsi:0 not found

The qemuDomainXXtachPciControllerDevice routines made assumptions
that any caller had a PCI bus.  These routines now selectively calls
PCI functions where necessary, and assigns the device information
type to one appropriate for the bus in use.

Signed-off-by: Eric Farman <farman@linux.vnet.ibm.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2013-11-21 10:38:53 +01:00
Eric Farman
271eb0584b qemu: Rename controller hotplug functions to not be PCI-specific
For attach/detach of controller devices, we rename the functions to
remove 'PCI' from their title.  The actual separation of PCI-specific
operations will be handled in the next patch.

Signed-off-by: Eric Farman <farman@linux.vnet.ibm.com>
2013-11-21 10:05:46 +01:00
Osier Yang
b96651dec0 storage: Returns earlier if source adapter of the scsi pool is a HBA
It makes no sense to go forward to get the parent host number of a
HBA, and treat the HBA as a vHBA with trying to delete it.

Signed-off-by: Osier Yang <jyang@redhat.com>
2013-11-21 12:06:20 +08:00
Clark Laughlin
c7ccd2c44b qemu: Add support for virt machine type with virtio-mmio devices on armv7
These changes allow the correct virtio-blk-device and virtio-net-device
devices to be used for the 'virt' machine type for armv7 rather than the
PCI virtio devices.

A test case was added to qemuxml2argvtest for this change.

Signed-off-by: Clark Laughlin <clark.laughlin@linaro.org>
2013-11-20 14:31:17 -05:00
Eric Blake
e44a9a70d3 maint: fix comma style issues: remaining code
Most of our code base uses space after comma but not before;
fix the remaining uses before adding a syntax check.

* src/network/bridge_driver.c: Consistently use commas.
* src/node_device/node_device_hal.c: Likewise.
* src/node_device/node_device_udev.c: Likewise.
* src/storage/storage_backend_rbd.c: Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-20 09:14:55 -07:00
Eric Blake
64b2335c2a maint: fix comma style issues: remaining drivers
Most of our code base uses space after comma but not before;
fix the remaining uses before adding a syntax check.

* src/lxc/lxc_container.c: Consistently use commas.
* src/openvz/openvz_driver.c: Likewise.
* src/openvz/openvz_util.c: Likewise.
* src/remote/remote_driver.c: Likewise.
* src/test/test_driver.c: Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-20 09:14:55 -07:00
Eric Blake
eeed3bc63c maint: fix comma style issues: vbox
Most of our code base uses space after comma but not before;
fix the remaining uses before adding a syntax check.

* src/vbox/vbox_tmpl.c: Consistently use commas.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-20 09:14:55 -07:00
Eric Blake
c7c84fa54a maint: fix comma style issues: util
Most of our code base uses space after comma but not before;
fix the remaining uses before adding a syntax check.

* src/util/vircommand.c: Consistently use commas.
* src/util/virlog.c: Likewise.
* src/util/virnetdevbandwidth.c: Likewise.
* src/util/virnetdevmacvlan.c: Likewise.
* src/util/virnetdevvportprofile.c: Likewise.
* src/util/virnetlink.c: Likewise.
* src/util/virpci.c: Likewise.
* src/util/virsysinfo.c: Likewise.
* src/util/virusb.c: Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-20 09:14:55 -07:00
Eric Blake
5d509e9ee2 maint: fix comma style issues: qemu
Most of our code base uses space after comma but not before;
fix the remaining uses before adding a syntax check.

* src/qemu/qemu_cgroup.c: Consistently use commas.
* src/qemu/qemu_command.c: Likewise.
* src/qemu/qemu_conf.c: Likewise.
* src/qemu/qemu_driver.c: Likewise.
* src/qemu/qemu_monitor.c: Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-20 09:14:55 -07:00
Eric Blake
86f6748bda maint: fix comma style issues: xen
Most of our code base uses space after comma but not before;
fix the remaining uses before adding a syntax check.

* src/libxl/libxl_driver.c: Consistently use commas.
* src/xen/xend_internal.c: Likewise.
* src/xen/xs_internal.c: Likewise.
* src/xenapi/xenapi_driver.c: Likewise.
* src/xenapi/xenapi_utils.c: Likewise.
* src/xenxs/xen_sxpr.c: Likewise.
* src/xenxs/xen_xm.c: Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-20 09:14:54 -07:00
Eric Blake
6f4901e13b maint: fix comma style issues: conf
Most of our code base uses space after comma but not before;
fix the remaining uses before adding a syntax check.

* src/conf/capabilities.c: Consistently use commas.
* src/conf/domain_conf.c: Likewise.
* src/conf/network_conf.c: Likewise.
* src/conf/storage_conf.c: Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-20 09:14:54 -07:00
Eric Blake
f56903366f maint: fix comma style issues: nwfilter
Most of our code base uses space after comma but not before;
fix the remaining uses before adding a syntax check.

* src/nwfilter/nwfilter_ebiptables_driver.c: Consistently use
commas.
* src/nwfilter/nwfilter_gentech_driver.c: Likewise.
* src/nwfilter/nwfilter_learnipaddr.c: Likewise.
* src/conf/nwfilter_conf.c: Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-20 09:14:54 -07:00
Daniel P. Berrange
2b510e4903 Fix off-by-1 in default SELinux MCS range
For a while we're have random failures of 'securityselinuxtest'
which were not at all reproducible. Fortunately we finally
caught a failure with VIR_TEST_DEBUG=1 enabled. This revealed

TEST: securityselinuxtest
 1) GenLabel "dynamic unconfined, s0, c0.c1023"                       ... OK
 2) GenLabel "dynamic unconfined, s0, c0.c1023"                       ... OK
 3) GenLabel "dynamic unconfined, s0, c0.c1023"                       ... OK
 4) GenLabel "dynamic virtd, s0, c0.c1023"                            ... OK
 5) GenLabel "dynamic virtd, s0, c0.c10"                              ... OK
 6) GenLabel "dynamic virtd, s2-s3, c0.c1023"                         ... OK
 7) GenLabel "dynamic virtd, missing range"                           ... Category two 1024 is out of range 0-1023
FAILED
FAIL: securityselinuxtest

And sure enough we had an off-by-1 in the MCS range code when
the current process has no range set. The test suite randomly
allocates 2 categories from 0->1024 so the chances of hitting
this in the test suite were slim indeed :-)

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-11-20 13:09:00 +00:00
Ján Tomko
a18fa05a8f Remove redundant braces 2013-11-20 12:35:47 +01:00
Ján Tomko
c5d392748c Error out on unterminated arrays and objects in JSON parser 2013-11-20 12:35:44 +01:00
Eric Blake
6067b29a39 maint: ship .pl scripts as executables
All our .pl scripts had the executable bit set, except for one.
Make it consistent (even if we invoke the scripts as an argument
to $(PERL) rather than directly).

* src/check-aclrules.pl: Make executable.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-19 14:32:59 -07:00
Guido Günther
3c9e40a1e8 Don't depend on syslog.service
Syslog is socket activated since at least systemd v35 so we can drop
this dependency. Debian's linitian otherwise complains about it.

References:

    http://www.freedesktop.org/wiki/Software/systemd/syslog/
    http://lintian.debian.org/tags/systemd-service-file-refers-to-obsolete-target.html
2013-11-19 21:49:53 +01:00
Michal Privoznik
730af8f2cd qemuMonitorJSONGetCPUx86Data: Don't fail on ancient qemus
On the domain startup, this function is called to dump some info about
the CPUs. At the beginning of the function we check if we aren't running
older qemu which is not exposing the CPUs via 'qom-list'. However, we
are not checking for even older qemus, which throw 'CommandNotFound'
error.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-11-19 16:28:16 +01:00
Ryota Ozaki
8229e33adc vbox: fix segfault on virsh dumpxml with the existence of USB filters
A USB filter is stored in a hostdev. The original code doesn't
allocate hostdev->info that is expected to be allocated with hostdev.
So use virDomainHostdevDefAlloc() to allocate both as we expect.

Signed-off-by: Ryota Ozaki <ozaki.ryota@gmail.com>
2013-11-19 16:19:26 +02:00
Eric Blake
4a601c3080 maint: fix comment typos.
* src/qemu/qemu_command.c (qemuBuildVolumeString): Fix typo.
* src/qemu/qemu_monitor.c (qemuMonitorSend): Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-18 16:31:42 -07:00
Daniel P. Berrange
784bb73eaa Add missing 'return 0;' in stub lxcStartFuse() method impl.
Without a 'return 0' in the stub lxcStartFuse() method, the
compiler warns:

lxc/lxc_fuse.c:374: error: control reaches end of non-void function
[-Wreturn-type]

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-11-18 16:12:39 +00:00
Daniel P. Berrange
3563c51d3e Avoid async signal safety problem in glibc's setxid
The glibc setxid is supposed to be async signal safe, but
libc developers confirm that it is not. This causes a problem
when libvirt_lxc starts the FUSE thread and then runs clone()
to start the container. If the clone() was done before the
FUSE thread has completely started up, then the container
will hang in setxid after clone().

The fix is to avoid creating any threads until after the
container has been clone()'d. By avoiding any threads in
the parent, the child is no longer required to run in an
async signal safe context, and we thus avoid the glibc
bug.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-11-18 15:36:23 +00:00
Ján Tomko
8c41794af8 Return -1 in virPortAllocatorAcquire if all ports are used
Report the error in virPortAllocatorAcquire instead
of doing it in every caller.

The error contains the port range name instead of the intended
use for the port, e.g.:
Unable to find an unused port in range 'display' (65534-65535)
instead of:
Unable to find an unused port for SPICE

This also adds error reporting when the QEMU driver could not
find an unused port for VNC, VNC WebSockets or NBD migration.
2013-11-18 12:28:07 +01:00
Ján Tomko
d16d90fd40 Add a name to virPortAllocator
This allows its error messages to be more specific.
2013-11-18 12:28:02 +01:00
Ján Tomko
28ea39a004 Don't release spice port twice when no TLS port is available
Introduced by 7b4a630.
2013-11-18 12:26:59 +01:00
Ján Tomko
e68432e45f Properly unref a connection with a close callback
The connection pointer in the closeCallback data was never
initialized, making the unref in remoteClientCloseFunc a no-op.

This fixes the following leak in virsh when the daemon closes
the connection unexpectedly:

1,179 (288 direct, 891 indirect) bytes in 1 blocks are
   definitely lost in loss record 745 of 792
  at 0x4C2A6D0: calloc (in vgpreload_memcheck-amd64-linux.so)
  by 0x4E9643D: virAllocVar (viralloc.c:558)
  by 0x4ED2425: virObjectNew (virobject.c:190)
  by 0x4F675AC: virGetConnect (datatypes.c:116)
  by 0x4F6EA06: do_open (libvirt.c:1136)
  by 0x4F71017: virConnectOpenAuth (libvirt.c:1481)
  by 0x129FFA: vshReconnect (virsh.c:337)
  by 0x128310: main (virsh.c:2470)
2013-11-18 12:26:15 +01:00
Eric Blake
6385283add docs: improve job info details
Noticed while revieweing the patches for qemu's new migration state.

* include/libvirt/libvirt.h.in (_virDomainJobInfo): Fix typo,
grammar.
* src/libvirt.c (virDomainGetJobInfo): Add cross reference.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-15 06:00:49 -07:00
Michael Avdienko
d35ae4143d Fix migration with QEMU 1.6
QEMU 1.6.0 introduced new migration status: setup
Libvirt does not expect such string in QMP and refuses to migrate with error
"unexpected migration status in setup"

This patch fixes it.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2013-11-15 13:50:47 +01:00
Jiri Denemark
05e149f94c qemu: Call qemuSetupHostdevCGroup later during hotplug
https://bugzilla.redhat.com/show_bug.cgi?id=1025108

So far qemuSetupHostdevCGroup was called very early during hotplug, even
before we knew the device we were about to hotplug was actually
available. By calling the function later, we make sure QEMU won't be
allowed to access devices used by other domains.

Another important effect of this change is that hopluging USB devices
specified by vendor and product (but not by their USB address) works
again. This was broken since v1.0.5-171-g7d763ac, when the call to
qemuFindHostdevUSBDevice was moved after the call to
qemuSetupHostdevCGroup, which then used an uninitialized USB address.
2013-11-15 13:50:47 +01:00
Michal Privoznik
f417ad07df qemuMonitorIO: Don't use @mon after it's unrefed
https://bugzilla.redhat.com/show_bug.cgi?id=1018267

The aim of virObject refing and urefing is to tell where the object is
to be used and when is no longer needed. Hence any object shouldn't be
used after it has been unrefed, as we might be the last to hold the
reference. The better way is to call virObjectUnref() *after* the last
object usage. In this specific case, the monitor EOF handler was called
after the qemuMonitorIO called virObjectUnref. Not only that @mon was
disposed (which is not used in the handler anyway) but the @mon->vm
which is causing a SIGSEGV:

2013-11-15 10:17:54.425+0000: 20110: error : qemuMonitorIO:688 : internal error: early end of file from monitor: possible problem:
qemu-kvm: -incoming tcp:01.01.01.0:49152: Failed to bind socket: Cannot assign requested address

Program received signal SIGSEGV, Segmentation fault.
qemuProcessHandleMonitorEOF (mon=<optimized out>, vm=0x7fb728004170) at qemu/qemu_process.c:299
299         if (priv->beingDestroyed) {
(gdb) p *priv
Cannot access memory at address 0x0
(gdb) p vm
$1 = (virDomainObj *) 0x7fb728004170
(gdb) p *vm
$2 = {parent = {parent = {magic = 3735928559, refs = 0, klass = 0xdeadbeef}, lock = {lock = {__data = {__lock = 2, __count = 0, __owner = 20110, __nusers = 1, __kind = 0, __spins = 0, __list = {__prev = 0x0,
            __next = 0x0}}, __size = "\002\000\000\000\000\000\000\000\216N\000\000\001", '\000' <repeats 26 times>, __align = 2}}}, pid = 0, state = {state = 0, reason = 0}, autostart = 0, persistent = 0,
  updated = 0, def = 0x0, newDef = 0x0, snapshots = 0x0, current_snapshot = 0x0, hasManagedSave = false, privateData = 0x0, privateDataFreeFunc = 0x0, taint = 304}

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-11-15 11:32:35 +01:00
Michal Privoznik
3367c21dad qemuProcessReconnectHelper: Don't create joinable thread
In the qemuProcessReconnectHelper() a new thread that does all the
interesting work is spawned. The rationale is to not block the daemon
startup process in case of unresponsive qemu. However, the thread
handler is a local variable which gets lost once the control goes out of
scope. Hence the thread gets leaked. We can avoid this if the thread
isn't made joinable.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-11-14 17:44:20 +01:00
Michal Privoznik
ea13a759f5 virDomainEventCallbackListFree: Don't leak @list->callbacks
The @list->callbacks is an array that is inflated whenever a new event
is added, e.g. via virDomainEventCallbackListAddID(). However, when we
are freeing the array, we free the items within it but forgot to
actually free it.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-11-14 17:44:20 +01:00
Michal Privoznik
a593675594 virPCIDeviceBindToStub: Remove unused @oldDriverPath and @oldDriverName
These two chunks had to be part of df4283a55b. But for some unclear
reason, the weren't. Anyway, these two variables are not used anywhere
within function. They're initialized to NULL and then VIR_FREE()-d. And
there's no reason do do two NOPs, right?

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-11-14 17:44:20 +01:00
Michal Privoznik
223ce2f1a3 networkBuildDhcpDaemonCommandLine: Don't leak @configstr and @configfile
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-11-14 17:44:20 +01:00
Ján Tomko
b7829f959b Disable nwfilter driver when running unprivileged
When opening a new connection to the driver, nwfilterOpen
only succeeds if the driverState has been allocated.

Move the privilege check in driver initialization before
the state allocation to disable the driver.

This changes the nwfilter-define error from:
error: cannot create config directory (null): Bad address
To:
this function is not supported by the connection driver:
virNWFilterDefineXML

https://bugzilla.redhat.com/show_bug.cgi?id=1029266
2013-11-13 09:41:57 +01:00
Jason Andryuk
7d58c7fc8e libxl: Fix Xen 4.4 libxlVmStart logic
ifdef LIBXL_HAVE_DOMAIN_CREATE_RESTORE_PARAMS hides a multi-line body
for a brace-less else.  Add braces to ensure proper logic is applied.

Without this fix, new domains cannot be started.  Both
libxl_domain_create_new and libxl_domain_create_restore are called when
starting a new domain leading to this error:
libxl: error: libxl.c:324:libxl__domain_rename: domain with name "guest" already exists.
libxl: error: libxl_create.c:800:initiate_domain_create: cannot make domain: -6
2013-11-12 13:14:24 -07:00
Peter Krempa
84f6960214 qemu: Check for presence of device and properities when getting CPUID
The QOM path in qemu that contains the CPUID registers of a running VM
may not be present (introduced in QEMU 1.5).

Since commit d94b781771 we have a regression with QEMU that don't
support reporting of the CPUID register state via the monitor as the
process startup code expects the path to exist.

This patch adds code that checks with the monitor if the requested path
already exists and uses it only in this case.
2013-11-12 19:36:06 +01:00
Peter Krempa
a6a6f84af9 qemu: Change return type of qemuMonitorGetGuestCPU()
To allow returning more granular errors, change the error type to an
integer.
2013-11-12 19:35:51 +01:00
Daniel P. Berrange
5087a5a009 Fix busy wait loop in LXC container I/O handling
If the host side of an LXC container console disconnected
and the guest side continued to write data, until the PTY
buffer filled up, the LXC controller would busy wait. It
would repeatedly see POLLHUP from poll() and not disable
the watch.

This was due to some bogus logic detecting blocking
conditions. Upon seeing a POLLHUP we must disable all
reading & writing from the PTY, and setup the epoll to
wake us up again when the connection comes back.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-11-12 11:14:49 +00:00
Daniel P. Berrange
cbb6ec42e2 Don't expose 'none' machine type to capabilities
The 'none' machine type is something only intended for use
by libvirt probing capabilities. It isn't something that
is useful for running real VM instances. As such it should
not be exposed to users in the capabilities.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-11-12 10:47:30 +00:00
Daniel P. Berrange
f41830680e Fix mem leak in virQEMUCapsProbeQMPMachineTypes on OOM
The virQEMUCapsProbeQMPMachineTypes method iterates over machine
types copying them into the qemuCapsPtr object. It only updates
the qemuCaps->nmachinetypes value at the end though. So if OOM
occurs in the middle, the destructor of qemuCapsPtr will not
free the partially initialized machine types.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-11-12 10:47:30 +00:00
Peter Krempa
c2986ff0d3 conf: Refactor virDomainDiskSourceDefParse
Now that the function is separate clean out a few ugly places and fix up
error messages.
2013-11-12 11:12:36 +01:00
Peter Krempa
2b2decbdcc conf: Rename virDomainDiskHostDefFree to virDomainDiskHostDefClear
The function destroys only the contents not the object itself thus it
should be called Clear.
2013-11-12 10:38:34 +01:00
Peter Krempa
16bc786408 conf: Split out code to parse the source of a disk definition
To avoid code duplication between snapshot configuration code that
parses the disk source too we need to split out this code that will be
reused later on.

This patch tries to be code movement, some aspects of this function will
be refactored later.
2013-11-12 10:38:34 +01:00
Michal Privoznik
cfc28c66f9 qemuDomainObjStart: Warn on corrupted image
If the managedsave image is corrupted, e.g. the XML part is, we fail to
parse it and throw an error, e.g.:

error: Failed to start domain jms8
error: XML error: missing security model when using multiple labels

This is okay, as we can't really start the machine and avoid undefined
qemu behaviour. On the other hand, the error message doesn't give a
clue to users what should they do. The consensus here would be to thrown
a warning to logs saying "Hey, you've got a corrupted file".

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-11-11 17:16:39 +01:00
Michal Privoznik
9fb3f9571d virSecurityLabelDefParseXML: Don't parse label on model='none'
https://bugzilla.redhat.com/show_bug.cgi?id=1027096

If there's the following snippet in the domain XML, the domain will be
lost upon the daemon restart (if the domain is started prior restart):

    <seclabel type='dynamic' relabel='yes'/>

The problem is, the 'label', 'imagelabel' and 'baselabel' are parsed
whenever the VIR_DOMAIN_XML_INACTIVE is *not* present or the label is
static. The latter is not our case, obviously. So, when libvirtd starts
up, it finds domain state xml and parse it. During parsing, many XML
flags are enabled but VIR_DOMAIN_XML_INACTIVE. Hence, our parser tries
to extract 'label', 'imagelabel' and 'baselabel' from the XML which
fails for model='none'. Err, this model - even though not specified in
XML - can be taken from qemu wide config file: /etc/libvirtd/qemu.conf.

However, in order to know we are dealing with model='none' the code in
question must be moved forward a bit. Then a new check must be
introduced. This is what the first two chunks are doing.

But this alone is not sufficient. The domain state XML won't contain the
model attribute without slight modification. The model should be
inserted into the XML even if equal to 'none' and the state XML is being
generated - what if the origin (the @security_driver variable in
qemu.conf) changes during libvirtd restarts?

At the end, a test to catch this scenario is introduced.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-11-11 16:01:25 +01:00
Wang Yufei
af67a43659 docs: fix virDomainRestoreFlags description bug
In virDomainRestoreFlags with VIR_DOMAIN_SAVE_BYPASS_CACHE, it risks
slowing restores from NFS, but not saves to NFS.

Signed-off-by: Wang Yufei <james.wangyufei@huawei.com>
2013-11-08 12:08:39 -07:00
Eric Blake
d0b2d0177b docs: grammar fixes
Fix some user-visible wording from commits 72aafe9 and 1606d89.

* src/qemu/qemu.conf (migration_address): Better wording.
* include/libvirt/libvirt.h.in (VIR_MIGRATE_PARAM_LISTEN_ADDRESS):
Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-08 10:37:06 -07:00
Vitor de Lima
efdd591dfb qemu: Fix SCSI hotplug on pseries guests
This patch moves some code in the qemuDomainAttachSCSIDisk
function. The check for the existence of a PCI address assigned
to the SCSI controller was moved in order to be executed only
when needed. The PCI address of a controller is not necessary
if QEMU_CAPS_DEVICE is supported.

This fixes issues with the hotplug of SCSI disks on pseries guests.
2013-11-08 16:25:02 +02:00
Laine Stump
88c1fcd5e7 pci: properly handle out-of-order SRIOV virtual functions
This resolves:

  https://bugzilla.redhat.com/show_bug.cgi?id=1025397

When virPCIGetVirtualFunctions created the list of an SRIOV Physical
Function's (PF) Virtual Functions (VF), it had assumed that the order
of "virtfn*" links returned by readdir() from the PF's sysfs directory
was already in the correct order. Experience has shown that this is
not always the case - it can be in alphabetical order (which would
e.g. place virtfn11 before virtfn2) or even some seemingly random
order (see the example in the bugzilla report)

This results in 1) incorrect assumptions made by consumers of the
output of the virt_functions list of virsh nodedev-dumpxml, and 2)
setting MAC address and vlan tag on the wrong VF (since libvirt uses
netlink to set mac address and vlan tag, netlink requires the VF#, and
the function virPCIGetVirtualFunctionIndex() returns the wrong index
due to the improperly ordered VF list).

The solution provided by this patch is for virPCIGetVirtualFunctions
to no longer scan the entire device directory in its natural order,
but instead to check for links individually by name "virtfn%d" where
%d starts at 0 and increases with each success. Since VFs are created
contiguously by the kernel, this will guarantee that all VFs are
found, and placed in the arry in the correct order.

One note of use to the uninitiated is that VIR_APPEND_ELEMENT always
either increments *num_virtual_functions or fails, so no this isn't an
endless loop.

(NB: the SRIOV_* defines at the top of virpci.c were removed
because they are unnecessary and/or not used.)
2013-11-08 14:31:54 +02:00
Laine Stump
89e2a6c88c util: use size_t instead of unsigned int for num_virtual_functions
This is a prerequisite to the fix for the fix to:

  https://bugzilla.redhat.com/show_bug.cgi?id=1025397

num_virtual_functions needs to be size_t in order to use the
VIR_APPEND_ELEMENT macro.
2013-11-08 14:31:11 +02:00
Vitor de Lima
54e4d9d081 qemu: assign PCI address to primary video card
When adding support for Q35 guests, the code to assign a PCI address
to the primary video card was moved into Q35 and i440fx(PIIX3)
specific functions, but no fallback was kept for other machine types
that might have a video card.

This patch remedies that by assigning a PCI address to the primary
video card if it does not have any kind of address.  In particular,
this fixes issues with pseries guests.

Signed-off-by: Vitor de Lima <vitor.lima@eldorado.org.br>
Signed-off-by: Laine Stump <laine@laine.org>
2013-11-08 12:48:32 +02:00
Serge Hallyn
ba95426d6f util: use -w flag when calling iptables
When supported, ask iptables to wait rather than fail if it is in use
by another caller (like ufw).

(See https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1245322)

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
2013-11-08 12:48:25 +02:00
Peter Krempa
d94b781771 qemu: process: Validate specific CPUID flags of a guest
When starting a VM the qemu process may filter out some requested
features of a domain as it's not supported either by the host or by
qemu. Libvirt didn't check if this happened which might end up in
changing of the guest ABI when migrating.

The proof of concept implementation adds the check for the recently
introduced kvm_pv_unhalt cpuid feature bit. This feature depends on both
qemu and host kernel support and thus increase the possibility of guest
ABI breakage.
2013-11-08 09:44:42 +01:00
Peter Krempa
e0dc851164 qemu: Add support for paravirtual spinlocks in the guest
The linux kernel recently added support for paravirtual spinlock
handling to avoid performance regressions on overcomitted hosts. This
feature needs to be turned in the hypervisor so that the guest OS is
notified about the possible support.

This patch adds a new feature "paravirt-spinlock" to the XML and
supporting code to enable the "kvm_pv_unhalt" pseudo CPU feature in
qemu.

https://bugzilla.redhat.com/show_bug.cgi?id=1008989
2013-11-08 09:44:42 +01:00
Peter Krempa
de7b5faf43 conf: Refactor storing and usage of feature flags
Currently we were storing domain feature flags in a bit field as the
they were either enabled or disabled. New features such as paravirtual
spinlocks however can be tri-state as the default option may depend on
hypervisor version.

To allow storing tri-state feature state in the same place instead of
having to declare dedicated variables for each feature this patch
refactors the bit field to an array.
2013-11-08 09:44:42 +01:00
Peter Krempa
2e8f90802d cpu: x86: Add internal CPUID features support and KVM feature bits
Some of the emulator features are presented in the <features> element in
the domain XML although they are virtual CPUID feature bits when
presented to the guest. To avoid confusing the users with these
features, as they are not configurable via the <cpu> element, this patch
adds an internal array where those can be stored privately instead of
exposing them in the XML.

Additionaly KVM feature bits are added as example usage of this code.
2013-11-08 09:44:42 +01:00
Jiri Denemark
3afde0756f qemu: Add monitor APIs to fetch CPUID data from QEMU
The qemu monitor supports retrieval of actual CPUID bits presented to
the guest using QMP monitor. Add APIs to extract these information and
tests for them.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
2013-11-08 09:44:36 +01:00
Peter Krempa
f80a11c921 cpu_x86: Refactor storage of CPUID data to add support for KVM features
The CPUID functions were stored in multiple arrays according to a
specified prefix of those. This made it very hard to add another prefix
to store KVM CPUID features (0x40000000). Instead of hardcoding a third
array this patch changes the approach used:

The code is refactored to use a single array where the CPUID functions
are stored ordered by the cpuid function so that they don't depend on
the specific prefix and don't waste memory. The code is also less
complex using this approach. A trateoff to this is the change from O(N)
complexity to O(N^2) in x86DataAdd and x86DataSubtract. The rest of the
functions were already using O(N^2) algorithms.
2013-11-08 09:28:06 +01:00
Li Zhang
4ffcb0208c storage: Fix a vol-clone bug on ppc64
vol-clone reports out of memory error with disk type on ppc64.

Currently, wbytes is defined as size_t type (8 bytes), but
args's value in ioctl(fd, args..) in kernel is int (4 bytes).
This makes wbytes 2^32 times larger, causing an out of memory error.

This patch changes size_t to int to synchronize with kernel.

[1] https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/block/ioctl.c?id=5e01dc7b#n363
[2] https://lkml.org/lkml/2013/11/1/620

Signed-off-by: Li Zhang <zhlcindy@linux.vnet.ibm.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2013-11-08 07:51:43 +01:00
Michal Privoznik
1f2f879ed1 qemu: Don't access vm->priv on unlocked domain
Since 86d90b3a (yes, my patch; again) we are supporting NBD storage
migration. However, on error recovery path we got the steps reversed.
The correct order is: return NBD port to the virPortAllocator and then
either unlock the vm or remove it from the driver. Not vice versa.

==11192== Invalid write of size 4
==11192==    at 0x11488559: qemuMigrationPrepareAny (qemu_migration.c:2459)
==11192==    by 0x11488EA6: qemuMigrationPrepareDirect (qemu_migration.c:2652)
==11192==    by 0x114D1509: qemuDomainMigratePrepare3Params (qemu_driver.c:10332)
==11192==    by 0x519075D: virDomainMigratePrepare3Params (libvirt.c:7290)
==11192==    by 0x1502DA: remoteDispatchDomainMigratePrepare3Params (remote.c:4798)
==11192==    by 0x12DECA: remoteDispatchDomainMigratePrepare3ParamsHelper (remote_dispatch.h:5741)
==11192==    by 0x5212127: virNetServerProgramDispatchCall (virnetserverprogram.c:435)
==11192==    by 0x5211C86: virNetServerProgramDispatch (virnetserverprogram.c:305)
==11192==    by 0x520A8FD: virNetServerProcessMsg (virnetserver.c:165)
==11192==    by 0x520A9E1: virNetServerHandleJob (virnetserver.c:186)
==11192==    by 0x50DA78F: virThreadPoolWorker (virthreadpool.c:144)
==11192==    by 0x50DA11C: virThreadHelper (virthreadpthread.c:161)
==11192==  Address 0x1368baa0 is 576 bytes inside a block of size 688 free'd
==11192==    at 0x4A07F5C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==11192==    by 0x5079A2F: virFree (viralloc.c:580)
==11192==    by 0x11456C34: qemuDomainObjPrivateFree (qemu_domain.c:267)
==11192==    by 0x50F41B4: virDomainObjDispose (domain_conf.c:2034)
==11192==    by 0x50C2991: virObjectUnref (virobject.c:262)
==11192==    by 0x50F4CFC: virDomainObjListRemove (domain_conf.c:2361)
==11192==    by 0x1145C125: qemuDomainRemoveInactive (qemu_domain.c:2087)
==11192==    by 0x11488520: qemuMigrationPrepareAny (qemu_migration.c:2456)
==11192==    by 0x11488EA6: qemuMigrationPrepareDirect (qemu_migration.c:2652)
==11192==    by 0x114D1509: qemuDomainMigratePrepare3Params (qemu_driver.c:10332)
==11192==    by 0x519075D: virDomainMigratePrepare3Params (libvirt.c:7290)
==11192==    by 0x1502DA: remoteDispatchDomainMigratePrepare3Params (remote.c:4798)

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-11-08 07:34:11 +01:00
Michal Privoznik
5a4c2374a2 qemu: Avoid double free of VM
One of my previous patches (c7ac2519b7) did try to fix the issue when
domain dies too soon during migration. However, this clumsy approach was
missing removal of qemuProcessHandleMonitorDestroy resulting in double
unrefing of mon->vm and hence producing the daemon crash:

==11843== Invalid read of size 4
==11843==    at 0x50C28C5: virObjectUnref (virobject.c:255)
==11843==    by 0x1148F7DB: qemuMonitorDispose (qemu_monitor.c:258)
==11843==    by 0x50C2991: virObjectUnref (virobject.c:262)
==11843==    by 0x50C2D13: virObjectFreeCallback (virobject.c:388)
==11843==    by 0x509C37B: virEventPollCleanupHandles (vireventpoll.c:583)
==11843==    by 0x509C711: virEventPollRunOnce (vireventpoll.c:652)
==11843==    by 0x509A620: virEventRunDefaultImpl (virevent.c:274)
==11843==    by 0x520D21C: virNetServerRun (virnetserver.c:1112)
==11843==    by 0x11F368: main (libvirtd.c:1513)
==11843==  Address 0x13b88864 is 4 bytes inside a block of size 136 free'd
==11843==    at 0x4A07F5C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==11843==    by 0x5079A2F: virFree (viralloc.c:580)
==11843==    by 0x50C29E3: virObjectUnref (virobject.c:270)
==11843==    by 0x114770E4: qemuProcessHandleMonitorDestroy (qemu_process.c:1103)
==11843==    by 0x1148F7CB: qemuMonitorDispose (qemu_monitor.c:257)
==11843==    by 0x50C2991: virObjectUnref (virobject.c:262)
==11843==    by 0x50C2D13: virObjectFreeCallback (virobject.c:388)
==11843==    by 0x509C37B: virEventPollCleanupHandles (vireventpoll.c:583)
==11843==    by 0x509C711: virEventPollRunOnce (vireventpoll.c:652)
==11843==    by 0x509A620: virEventRunDefaultImpl (virevent.c:274)
==11843==    by 0x520D21C: virNetServerRun (virnetserver.c:1112)
==11843==    by 0x11F368: main (libvirtd.c:1513)

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-11-08 07:31:02 +01:00
Michal Privoznik
b2f31af701 qemuMigrationBeginPhase: Check for 'drive-mirror' for NBD
So far we are checking if qemu supports 'nbd-server-start'. This,
however, makes no sense on the source as nbd-server-* is used on the
destination. On the source the 'drive-mirror' is used instead.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-11-07 14:15:13 +01:00
Chen Hanxiao
4bcb74d03f conf: fix incorrect error log in virCPUDefIsEqual
A copy-paste error.
s/model/vendor id

Signed-off-by: Chen Hanxiao <chenhanxiao@cn.fujitsu.com>
2013-11-07 12:01:29 +01:00