The if ((nlptr...)) implicitly assumes commptr != NULL (and that "buf"
starts with "cmd"). Make the assumption explicit, it will be broken in
a future patch.
* src/qemu_driver.c: Don't assume buffered monitor output echoes the
command.
The XML allows <encryption format='unencrypted'/>, this implementation
canonicalizes the internal representation so that "disk->encryption" is
non-NULL iff encryption information is available.
A domain with partial encryption information can be defined,
completeness of the information is not verified. The domain won't
start until the remaining information is added, of course.
* docs/formatdomain.html, docs/formatdomain.html.in: Document
new encryption options for disks
* docs/schemas/domain.rng: Pull in storage encryption schema
rules
* src/domain_conf.h, src/domain_conf.c: Wire up storage encryption
XML parsing/formatting APIs
Supports only virStorageVolCreateXML, not virStorageVolCreateXMLFrom.
Curiously, qemu-img does not need the passphrase for anything to create
an encrypted volume. This implementation thus does not need to touch
any secrets to work with cooperating clients. More generic passphrase
handling is added in the next patch.
* src/storage_backend.c: Request encryption when creating qcow/qcow2
files
* src/storage_backend_disk.c, src/storage_backend_fs.c,
src/storage_backend_logical.c: Refuse to create volumes with
encryption params set.
(The implementation is not very generic, but that can be very
easily rectified if/when new encryption formats appear.)
* src/storage_backend_fs.c: Probe for qcow/qcow2 encryption
algorithm field
The XML allows <encryption format='unencrypted'/>, this implementation
canonicalizes the internal representation so that "vol->encryption" is
non-NULL iff the volume is encrypted.
Note that partial encryption information (e.g. specifying an encryption
format, but not the key/passphrase) is valid, libvirt will automatically
choose value for the missing information during volume creation. The
user can read the volume XML, and use the unmodified <encryption> tag in
future operations (without having to be able to understand) its contents.
* docs/formatstorage.html, docs/formatstorage.html.in: Document
storage volume encryption options
* src/storage_conf.c, src/storage_conf.h: Hook up storage
encryption XML handling
* tests/storagevolschemadata/vol-qcow2.xml: Test case for encryption
schema changes
Define an <encryption> tag specifying volume encryption format and
format-depenedent parameters (e.g. passphrase, cipher name, key
length, key).
Currently the only defined parameter is a reference to a "secret"
(passphrase/key) managed using the virSecret* API.
Only the qcow/qcow2 encryption format, and a "default" format used to
let libvirt choose the format during volume creation, is currently
supported.
This patch does not add any users; the <encryption> tag is added in
the following patches to both volumes (to support encrypted volume
creation) and domains.
* docs/*.html: Re-generate
* docs/formatstorageencryption.html.in, docs/sitemap.html.in:
Add page describing storage encryption data format
* docs/schemas/Makefile.am, docs/schemas/storageencryption.rng:
Add RNG schema for storage encryption format
* po/POTFILES.in: Add src/storage_encryption_conf.c
* src/libvirt_private.syms: Export virStorageEncryption* functions
* src/storage_encryption_conf.h, src/storage_encryption_conf.c: Internal
helper APIs for dealing with storage encryption format
* libvirt.spec.in, mingw32-libvirt.spec.in: Add storageencryption.rng
RNG schema
* include/libvirt/virterror.h, src/virterror.c: Add VIR_WAR_NO_SECRET
* src/libvirt_private.syms, src/datatypes.h, src/datatypes.c: Type
virSecret struct definition and helper APIs
* src/driver.h: Sub-driver API definitions for secrets
* src/libvirt.c: Define new sub-driver for secrets
This patch adds a "secret" as a separately managed object, using a
special-purpose API to transfer the secret values between nodes and
libvirt users.
* docs/schemas/secret.rng, docs/schemas/Makefilem.am: Add new
schema for virSecret objects
* docs/*html: Re-generated
* docs/formatsecret.html.in, docs/sitemap.html.in: Add page
describing the virSecret XML schema
* include/libvirt/libvirt.h.in: Define the new virSecret public
API
* src/libvirt_public.syms: Export symbols for new public APIs
* mingw32-libvirt.spec.in, libvirt.spec.in: Add secret.rng to
files list
Per prior discussion -- this was, indeed, trivial.
I'm a little disappointed to be breaking the ordering characteristics of
the enum (as it had been ordered by increasing time requirements and
decreasing output size), but breaking any save files with the old
constants in the headers would of course be worse.
>From 2a9cdcfc88de091a8d34aa3fc3b1208d7681790e Mon Sep 17 00:00:00 2001
From: Charles Duffy <Charles_Duffy@dell.com>
Date: Fri, 28 Aug 2009 11:49:54 -0500
Subject: [PATCH] support lzop save compression for qemu
One of the larger disincentives towards use of compression for migrated-out save
files is performance impact. This patch adds support for lzop; CPU time for
compression is about 5x faster than gzip (the next most performant algorithm)
and decompression is about 3x faster.
Signed-off-by: Charles Duffy <Charles_Duffy@dell.com>
Signed-off-by: Chris Lalancette <clalance@redhat.com>
All of the other drivers that support the getMaxVcpus callback
also accept a NULL value for type. Make openvz also accept a
NULL value.
Signed-off-by: Chris Lalancette <clalance@redhat.com>
qemudExtractMonitorPath() was doing a VIR_ALLOC_N followed by a
strncpy. However, this isn't necessary; we can do the same thing
using strndup, which is much safer.
Signed-off-by: Chris Lalancette <clalance@redhat.com>
The documentation for virNodeGetCellsFreeMemory claims the values
returned are in kilobytes, but that's actually wrong; the value
returned is actually in bytes. Fix up the documentation to be
correct.
Signed-off-by: Chris Lalancette <clalance@redhat.com>
S-expression containing empty lists, e.g. (cpus (() () () ())),
was not being handled properly in sexpr2string() serialization.
Emit an empty list when encountering NIL sexpr kind.
* src/remote_internal.c: Split remoteAuthPolkit into separate
impls for v0 and v1 to avoid compile warnings due to unused
variables/params
* qemud/remote.c: Remove accidental tabs
* configure.in: Check for pkcheck which indicates new policykit
* qemud/Makefile.am: Install different versions of policy
* qemud/libvirtd.policy: Rename to libvirtd.policy-0
* qemud/libvirtd.policy-1: new style policy
* qemud/qemud.c, qemud/qemud.h, qemud/remote.c: Support new
policykit API via external pkcheck helper
* src/remote_internal.c: Don't prompt for polkit auth with new
policykit API
* libvirt.spec.in: deal with new policy install locations & deps
Matthias correctly points out that escape_specialcharaters() takes a
length, and since we are now malloc()'ing string in phypOpen instead of
making it a static array, we can't use sizeof(string) anymore. Calculate
the proper strlen and then use that both to allocate the string and also
pass it to escape_specialcharacters().
Signed-off-by: Chris Lalancette <clalance@redhat.com>
I came across this line in the phypOpen function:
char string[strlen(conn->uri->path)];
Here the path part of the given URI is used without checking it for
NULL, this can cause a segfault as strlen expects a string != NULL.
Beside that uuid_db and connection_data leak in case of an error.
In this line
conn->uri->path = string;
the original path of the URI leaks. The patch adds a VIR_FREE call
before setting the new path.
The attached patch is compile-tested but I don't have a Power
Hypervisor installation at hand to test it for real.
Matthias
Signed-off-by: Chris Lalancette <clalance@redhat.com>
Fix up a small memory leak pointed out by DanB; I was forgetting
to release memory allocated to driver->saveImageFormat.
Also add the "save_image_format" and "security" entries to
the augeas lens.
Signed-off-by: Chris Lalancette <clalance@redhat.com>
https://bugzilla.redhat.com/517371
Matt Booth points out that if you use a non-existent bridge name when
start a guest you get a weird error message:
Failed to add tap interface 'vnet%d' to bridge 'virbr0'
and dev='vnet%d' appears in the dumpxml output.
Fix that by not including 'vnet%d' in the error message and freeing the
'vnet%d' string if adding the tap device to the bridge fails.
* src/qemu_conf.c, src/uml_conf.c: fix qemudNetworkIfaceConnect()
and umlConnectTapDevice() to not expose 'vnet%d' to the user
As we start/shutdown guests, or hotplug/hot-unplug devices, we can add
or delete devices as appropriate from a list of active devices.
Then, in pciReset(), we can use this to determine whether its safe to
reset a device as a side effect of resetting another device.
* src/qemu_conf.h: add activePciHostdevs to qemud_driver
* src/qemu_driver.c: maintain the activePciHostdevs list, and pass it
to pciResetDevice()
* src/pci.[ch]: pass the activeDevs list to pciResetDevice() and use
it to determine whether a Secondary Bus Reset is safe
The qemuPrepareHostDevices() and qemuDomainReAttachHostDevices()
functions are clutter with a bunch of calls to pciGetDevice() and
pciFreeDevice() obscuring the basic logic.
Add a pciDeviceList type and add a qemuGetPciHostDeviceList() function
to build a list from a domain definition. Use this in prepare/re-attach
fto simplify things and eliminate the multiple pciGetDevice calls.
This is especially useful because in the next patch we need to iterate
the hostdevs list a third time and we also need a list type for keeping
track of active devices.
* src/pci.[ch]: add pciDeviceList type and also a per-device 'managed'
property
* src/libvirt_private.syms: export the new functions
* src/qemu_driver.c: add qemuGetPciHostDeviceList() and re-write
qemuPrepareHostDevices() and qemuDomainReAttachHostDevices() to use it
Newer versions of QEMU accept 'pci_add auto', but older versions require
'pci_add pci_addr=auto'
* src/qemu_driver.c: use pci_addr= in qemudDomainAttachHostPciDevice()
for older versions of QEMU
When we hot-unplug a PCI host device from a guest, we should reset it.
Both managed and unmanaged devices should be reset, but only managed
devices should be re-attached.
* src/qemu_driver.c: reset devices in qemudDomainDetachHostPciDevice()
Right now we're only resetting managed devices before hotplug, but we
should reset them irrespective of whether they are managed.
* src/qemu_driver.c: reset all PCI hostdevs before hotplug
It turns out that the previous attempt at this doesn't work well
in the case of hotplug. We need qemuCheckPciHostDevice() to
disallow the reset affecting devices already attach to the guest,
but we still need to avoid double locking the virDomainObjPtr.
This is all getting messy, I've a better idea.
This reverts commit 6318808270 and
c106c8a18c.
* src/qemu_driver.c, src/pci.[ch], src/xen_unified.c,
src/libvirt_private.syms: revert a bunch of stuff.
The current code makes a poor effort at updating the device arrays after
hot-unplug. Fix that and combine the two code paths into one.
* src/qemu_driver.c: fix list updating in qemudDomainDetachNetDevice(),
qemudDomainDetachPciDiskDevice() and qemudDomainDetachHostPciDevice()
Maybe it's just me, but I try to select an item from the tree using
double-click and get annoyed when "+-" gets included in the selection.
* src/virsh.c: add a space between "+-" and the node device name
in 'virsh nodedev-list --tree'
Currently the reference counting for connections is busted. I
first noticed it while trying to use virConnectRef; it would
eventually cause a crash in the remote_internal driver, although
that was really just a victim. Really, we should only call the
close callbacks on the methods when the references drop to 0. To
accomplish this, move all of the close callbacks into
virUnrefConnect (since there are lots of internal users of that
function), and arrange for virConnectClose to call that.
V2: Make sure to drop the connection lock before we call the close
callbacks, otherwise we could deadlock the daemon
V3: Fix up a crash when we got an error from one of the drivers
Signed-off-by: Chris Lalancette <clalance@redhat.com>
* src/domain_conf.c: Make virDomainObjListFree a no-op if list
is NULL
* src/domain_event.c: make virDomainEventCallbackListFree a no-op
if event list is NULL
* src/lxc_driver.c: Log a message if LXC driver does not startup
due to lacking kernel support
Implement a compressed save image format for qemu. While ideally
we would have the choice between compressed/non-compressed
available to the libvirt API, unfortunately there is no "flags"
parameter to the virDomainSave() API. Therefore, implement this
as a qemu.conf option. gzip, bzip2, and lzma are implemented, and
it should be very easy to implement additional compression
methods.
One open question is if/how we should detect the compression
binaries. One way to do it is to do compile-time setting of the
paths (via configure.in), but that doesn't seem like a great thing
to do. My preferred solution is not to detect at all;
when we go to run the commands that need them, if they
aren't available, or aren't available in one of the standard paths,
then we'll fail. That's also the solution implemented in this patch.
In the future, we'll have a more robust (managed) save/restore API,
at which time we can expose this functionality properly in the API.
V2: get rid of redundant dd command and just use >> to append data.
V3: Add back the missing pieces for the enum and bumping the save version.
V4: Make the compressed field in the save_header an int.
Implement LZMA compression.
Signed-off-by: Chris Lalancette <clalance@redhat.com>
If a PCI device reset causes other devices to be reset, allow it so long
as those other devices are note assigned to another active domain.
Note, we need to take the driver lock qemudNodeDeviceReset() because the
check function will iterate over the domain list.
* src/qemu_conf.c: add qemuCheckPciHostDevice() to iterate over active
domains checking whether the affected device is assigned
* src/pci.[ch]: add pciDeviceEquals() helper
When using a Secondary Bus Reset, all devices on the bus are reset.
Extend the pciResetDevice() API so that a 'check' callback can be
supplied which will verify that it is safe to reset the other devices
on the bus.
The virDomainObjPtr parameter is needed so that when the check function
iterates over the domain list, it can avoid double locking.
* src/pci.[ch]: add a 'check' callback to pciResetDevice(), re-work
pciIterDevices() to pass the check function to the iter functions,
use the check function in the bus iterator, return the first unsafe
device from pciBusCheckOtherDevices() and include its details in
the bus reset error message.
* src/qemu_driver.c, src/xen_uninified.c: just pass NULL as the
check function for now
Currently, if we are unable to reset a PCI device we return a fairly
generic 'No PCI reset capability available' error message.
Fix that by returning an error from the individual reset messages and
using that error to construct the higher level error mesage.
* src/pci.c: set errors in pciTryPowerManagementReset() and
pciTrySecondaryBusReset() on failure; use those error messages
in pciResetDevice(), or explain that no reset support is available
When the guest shuts down, we should attempt to restore all PCI host
devices to a sane state.
In the case of managed hostdevs, we should reset and re-attach the
devices. In the case of unmanaged hostdevs, we should just reset them.
Note, KVM will already reset assigned devices when the guest shuts
down using whatever means it can, so we are only doing it to cover the
cases the kernel can't handle.
* src/qemu_driver.c: add qemuDomainReAttachHostDevices() and call
it from qemudShutdownVMDaemon()
It turns out that a PCI Power Management reset only affects individual
functions, and not the whole device.
The PCI Power Management spec talks about resetting the 'device' rather
than the 'function', but Intel's Dexuan Cui informs me that it is
actually a per-function reset.
Also, Yu Zhao has added pci_pm_reset() to the kernel, and it doesn't
reject multi-function devices, so it must be true! :-)
(A side issue is that we could defer the PM reset to the kernel if we
could detect that the kernel has PM reset support, but barring version
number checks we don't have a way to detect that support)
* src/pci.c: remove the pciDeviceContainsOtherFunctions() check from
pciTryPowerManagementReset() and prefer PM reset over bus reset
where both are available
Cc: Cui, Dexuan <dexuan.cui@intel.com>
Cc: Yu Zhao <yu.zhao@intel.com>
PCI device assignment is only supported in KVM's fork of qemu, so we
should really detect its availability and give a nice error if its
not supported.
* src/qemu_conf.[ch]: introduce QEMUD_CMD_FLAG_PCIDEVICE indicating
that the -pcidevice command line option is available
* tests/*: update the tests
Attaching a host PCI device to a qemu guest is done with a
straightforward 'pci_add auto host host=XX:XX.X' command.
Like with NIC and disk hotplug, we need to retain the guest PCI address
assigned by qemu so that we can use it for hot-unplug.
Identifying a device for detach is done using the host PCI address.
Managed mode is handled by detaching/resetting the device before
attaching it to the guest and re-attaching it after detaching it from
the guest.
* src/qemu_driver.c: add qemudDomainAttachHostPciDevice() and
qemudDomainDetachHostPciDevice()
* src/domain_conf.h: add somewhere to store the guest PCI address
* src/domain_conf.c: handle formatting and parsing the guest PCI
address
Re-factor the hostdev hotplug code so that we can easily add PCI
hostdev hotplug to qemudDomainAttachHostDevice().
* src/qemu_driver.c: rename qemudDomainAttachHostDevice() to
qemudDomainAttachHostUsbDevice(); make qemudDomainAttachHostDevice()
handle all hostdev types
* src/libvirt_private.syms: export a couple of hostdev related
ToString() functions
Some kernel versions expose broken NUMA topology for some machines.
This causes the LXC/UML drivers to fail to start. QEMU driver was
already fixed for this problem
* src/lxc_conf.c: Log and ignore failure to populate NUMA info
* src/uml_conf.c: Log and ignore failure to populate NUMA info
* src/capabilities.c: Reset nnumaCell to 0 after freeing
A couple of minor fixes to phyp escape_specialcharacters. Make it
a static function (since it's only used in phyp/phyp_driver.c), and
make it take a dstlen parameter. This paves the way for removing
strncpy in the future.
Signed-off-by: Chris Lalancette <clalance@redhat.com>
Minor fix to openvzGetVPSUUID to make it take a length parameter.
This ensures that it doesn't make assumptions about the length
of the UUID buffer, and paves the way for removal of strncpy in
the future.
Signed-off-by: Chris Lalancette <clalance@redhat.com>
As of qemu 0.10.6, qemu now honors the -S flag on incoming migration.
That means that when the migration completes, we have to issue a
'cont' command to get the VM running again. We do it unconditionally
since it won't hurt on older qemu.
Signed-off-by: Chris Lalancette <clalance@redhat.com>
Re-factor virDomainMigrate to split out the version 1 and version 2
protocols into their own functions. In reality, the two versions share
very little in common, so forcing them together in the same function was
just confusing. This will also make adding tunnelled migration easier.
Signed-off-by: Chris Lalancette <clalance@redhat.com>
When doing a restore, we were forgetting to update the state file
for the VM. That means that if you do a save/restore, then shut
down libvirtd, then start it back up, you'll see the state of the
guest as "paused", even though it is really running. We were
just forgetting a "virDomainSaveStatus" call in the restor path.
Signed-off-by: Chris Lalancette <clalance@redhat.com>
If the ipv6 kernel module is not loaded, then we get this when starting
a virtual network:
libvir: Network Config error :
cannot enable /proc/sys/net/ipv6/conf/virbr0/disable_ipv6:
No such file or directory
If disable_ipv6 is not present, we should just merrily continue on our
way.
* src/network_driver.c: make networkDisableIPV6() not fail if the kernel
has no ipv6 support
If we're running qemu unprivileged, we need to chown any supplied kernel
or initrd before spawning it.
* src/qemu_driver.c: rename qemuDomainSetDiskOwnership() to
qemuDomainSetFileOwnership(), pass it a path string instead of a disk
definition and use it for chowning the kernel/initrd in
qemuDomainSetAllDeviceOwnership()
While trying to remove uses of unsafe strncpy in the tree, I came
across a couple of usages in the ESX driver. To my eyes, the snprintf
replacements do the same thing in less code, and are also safer.
Signed-off-by: Chris Lalancette <clalance@redhat.com>
Tested-by: Mattias Bolte <matthias.bolte@googlemail.com>
* src/logging.c src/logging.h src/libvirt_private.syms:
define new functions virLogSetFromEnv and virLogParseDefaultPriority
* qemud/qemud.c src/libvirt.c tests/eventtest.c: cleanup to use the
unified functions
* qemud/qemud.c src/logging.[ch]: Similar as for general libvirt, don't
convert high priority levels to debug level. Ignore LIBVIRT_LOG_FILTERS
and LIBVIRT_LOG_OUTPUTS when they're set to the empty string, otherwise
they can override a valid setting from the config file. Send all
settings through the parser functions for validation, so that the
existence of a bad setting doesn't nullify a good setting that should
have applied -- particularly the default output. Keep the order of
precedence consistent for all variables between the environment and
the config file. Warn when an invalid log level, filter, or output
is ignored.
* src/libvirt_private.syms: export internally a few convenience functions
* src/libvirt.c src/logging.c: Don't convert high priority levels to the
debug level. Don't parse LIBVIRT_LOG_FILTERS and LIBVIRT_LOG_OUTPUTS
when they're set to the empty string. Warn when the user specifies an
invalid value (empty string remains a noop).
* po/POTFILES.in: src/logging.c now include translatable strings
* src/xm_internal.c: in case of multiple connections to the xen driver
and some clients were not using domain events, the whole /etc/xen
monitoring would break leading to disapearing domains.
* src/esx/esx_driver.c src/esx/esx_vi.[ch] src/esx/esx_vmx.[ch]:
adds version checking for GSX 2.0, allows to pass a specific port
for the connection and also add a new specific gsx scheme for
easier connections to GSX hosts
Fix up qemudDomainMigratePrepare2 to use virGetHostname instead of
gethostname. Besides the fact that virGetHostname is far more clever,
there was a latent bug in the handling that could cause a buffer overflow
on a very long hostname.
Signed-off-by: Chris Lalancette <clalance@redhat.com>
* autobuild.sh, mingw32-libvirt.spec.in: Enable esx on mingw32
* src/esx/esx_driver.c: Define AI_ADDRCONFIG if not set
* src/esx/esx_util.c, src/esx/esx_vi_types.c: Always use
%lld & friends, since gnulib guarentees we have these
and not the target's own variants
If the bridge device is configured to have IPv6 address and
accept router advertisments, then a malicious guest can send
out bogus advertisments and hijack/DOS host IPv6 connectivity
* src/network_driver.c: Set accept_ra=0, disable_ipv6=1, autoconf=0
for IPv6 sysctl on virual network bridge devices
PCIe DevCap register is actually 32 bits, not 16 bits. Since FLR is
bit 28, we clearly are failing to detect FLR support.
Known to fix device reset with some SR-IOV devices.
* src/pci.c: fix pciDetectFunctionLevelReset()
* src/util.c: Don't drop capabilities until after the PID file has
been written. Kill off child if writing the PID file fails
* src/qemu_driver.c: Remove bogus trailing '/' in state dir
* esx/esx_driver.c: add some documentation about the CPU scheduler
parameters and remove some old, unnecessary compensation code, since
virsh uses the proposed parameter types now.
