Commit Graph

11631 Commits

Author SHA1 Message Date
Laine Stump
3f05dc6de8 util: eliminate hardcoded indent in virConnectSysInfo formatting
This same set of functions is used by the qemu, xen, and lxc drivers'
connectSysInfo function.
2014-03-14 00:02:42 -06:00
Laine Stump
acca913493 qemu: eliminate hardcoded indent from migration cookie xml
This is also never seen by a human.
2014-03-14 00:02:42 -06:00
Laine Stump
5f84543772 conf: eliminate hardcoded indent in volume/pool xml
Again completely mechanical, but a lot of lines.
2014-03-13 22:40:39 -06:00
Laine Stump
f728155f69 conf: eliminate hardcoded indentation in node device xml
Completely mechanical changes, but there were a lot of lines so I made
it a separate patch.
2014-03-13 22:40:39 -06:00
Laine Stump
75f0b66c3a conf: eliminate hardcoded indentation in capabilities xml
There were a lot of changes here, but all very mechanical. For some
reason, the virBufferPtr had been named "xml" instead of "buf" in this
file, so since the indentation changing touched almost every line
using the buffer, I took this chance to change its name for "buf" for
consistency with every other file.
2014-03-13 22:40:39 -06:00
Laine Stump
d3679928b1 conf: eliminate hardcoded indentation in nwfilter xml
This file was using multiple virBuffers, inserting the contents of
buf3 into buf2, then inserting the contents of buf2 into buf1, rather
than the more conventional method of just passing around a single
virBufferPtr and streaming everything into that single buffer. This
was unnecessary, and also made it more difficult to make indentation
relative, because when you insert a string into a buffer, the
indentation of the buffer is only applied once at the beginning of the
string, *not* each time a newline is encountered in the string.
2014-03-13 22:40:39 -06:00
Laine Stump
257e62dfee conf: eliminate outmoded/odd indent method from interface xml
These format functions needed the ability to be indented by an
arbitrary amount, but were written before the introduction of
virBufferAdjustIndent(). They instead used the much more clunky method
of adding a "level" arg to every format function, and padding with
spaces using the "%*s" printf format specifier (giving it the level,
and "", which has the effect of adding level spaces to the output).

While eliminating the hardcoded indentation in other xml, I decided it
was finally time to also modernize the interface formatter code to
make it more consistent.
2014-03-13 22:40:39 -06:00
Laine Stump
b1258b2747 conf: eliminate hardcoded indent from network xml
This was very simple, since the only place that had hardcoded
indentation was a few items in the network status xml.
2014-03-13 22:40:39 -06:00
Laine Stump
b9e9b76ec0 conf: eliminate hardcoded indent from domain snapshot xml
All leading spaces in domain snapshot xml format functions have been
replaced with appropriate calls to virBufferAdjustIndent(). This will
make it easier to call other similarly fixed format functions
(e.g. domain device format functions).
2014-03-13 22:40:39 -06:00
Laine Stump
ca6dc7b585 conf: eliminate hardcoded indent from domain xml
Many of the domain xml format functions (including all of the device
format functions) had hard-coded spaces, which made for incorrect
indentation when those functions were called in a different context
(for example, commit 2122cf39 added <interface> XML into the document
provided to a network hook script, and in this case it should have
been indented by 2 spaces, but was instead indented by 6 spaces).

To make it possible to insert a properly indented device anywhere into
an XML document, this patch removes hardcoded spaces from the
formatting functions, and calls virBufferAdjustIndent() at appropriate
places instead. (a regex search of domain_conf.c was done to assure
that all occurrences of hardcoded spaces were removed).

virDomainDiskSourceDefFormatInternal() is also called from
snapshot_conf.c, so two virBufferAdjustIndent() calls were temporarily
added around that call - those functions will have hardcoded spaces
removed in a separate patch.

This could cause some conflicts when backporting future changes to the
formatting functions to older branches, but fortunately the changes
are almost all trivial, so conflict resolution will be obvious.
2014-03-13 22:40:23 -06:00
Stefan Berger
a81756f1ff nwfilter: Add ARP src/dst IP mask for ebtables ARP
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=862887

Add a netmask for the source and destination IP address for the
ebtables --arp-ip-src and --arp-ip-dst options. Extend the XML
parser with support for XML attributes for these netmasks similar
to already supported netmasks. Extend the documentation.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
2014-03-13 18:30:09 -04:00
Stefan Berger
5a2b17beb8 nwfilter: Fix rule priority problem
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1072292

Fix a problem related to rule priorities that did not allow to
have rules applied that had a higher priority than the chain they
were in. In this case the chain did not exist yet when the rule
was instantiated. The solution is to adjust the priority of rules
if the priority of the chain is of higher value. That way the chain
will be created before the rule.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
2014-03-13 18:30:09 -04:00
Jim Fehlig
b322717f6e hostdev: add virObject field to virHostdevManager struct
Commit 6b306d66 converted virHostdevManager to a virObject, but
missed adding a virObject field to the virHostdevManager struct.
Result is memory corruption when taking a reference on an instance
of the object, where atomic inc is done on the stateDir field.
Later use of stateDir crashes libvirtd.
2014-03-13 08:41:43 -06:00
Michal Privoznik
41700d2152 qemu.conf: Mention virtlockd in @lock_manager description
When I played with virtlockd I was stunned by lacking
documentation. My frustration got bigger when I had to
read the patches to get the correct value to set in
qemu.conf.

Moreover, from pure libvirt-pride  I'm changing commented
value from sanlock to lockd. We want to favor our own
implementation after all.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-03-13 11:51:22 +01:00
Wang Rui
f613e894ec hotplug:Fix log mistake in qemuMonitorAddNetdev
VIR_DEBUG  in qemuMonitorAddNetdev should print vhostfdSize

Signed-off-by: Wang Rui <moon.wangrui@huawei.com>
2014-03-13 11:46:19 +01:00
Jiri Denemark
287e2b395a Make ABI stability issue easier to debug
When ABI stability check fails, we only log the error message describing
the incompatibility. Let's log both XMLs in case of an error to make it
easier to analyze where and why the stability check failed.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2014-03-13 11:17:30 +01:00
Osier Yang
ce346623c1 qemu: Forbid "sgio" support for SCSI generic host device
The kernel didn't support the unprivileged SGIO for SCSI generic
device finally, and since it's unknow whether the way to support
unprivileged SGIO for SCSI generic device will be similar as for
SCSI block device or not, even it's simliar (I.e. via sysfs, for
SCSI block device, it's /sys/dev/block/8\:0/queue/unpriv_sgio,
for example), the file name might be different, So it's better not
guess what it should be like currently.

This patch removes the related code (mainly about the "shareable"
checking on the "sgio" setting, it's not supported at all, why
we leave checking code there? :-), and error out if "sgio" is
specified in the domain config.
2014-03-13 18:01:40 +08:00
Stefan Bader
8c869ad9f9 libxl: Check for control_d string to decide about dom0
As soon as any guest mounts xenfs to /proc/xen, there is a capabilities
file in that directory. However it returns nothing when reading from it.
Change the test to actually check the contents of the file.

BugLink: http://bugs.launchpad.net/bugs/1248025

Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
2014-03-12 18:41:11 -06:00
Nehal J Wani
03fc0c626d vircrypto: fix Invalid write in virCryptoHashString()
While running vircryptotest, it was found that valgrind pointed out the
following error:

==27453== Invalid write of size 1
==27453==    at 0x4C7D7C9: virCryptoHashString (vircrypto.c:76)
==27453==    by 0x401C4E: testCryptoHash (vircryptotest.c:41)
==27453==    by 0x402A11: virtTestRun (testutils.c:199)
==27453==    by 0x401AD5: mymain (vircryptotest.c:76)
==27453==    by 0x40318D: virtTestMain (testutils.c:782)
==27453==    by 0x3E6CE1ED1C: (below main) (libc-start.c:226)
==27453==  Address 0x51f0541 is 0 bytes after a block of size 65 alloc'd
==27453==    at 0x4A0577B: calloc (vg_replace_malloc.c:593)
==27453==    by 0x4C69F2E: virAllocN (viralloc.c:189)
==27453==    by 0x4C7D76B: virCryptoHashString (vircrypto.c:69)
==27453==    by 0x401C4E: testCryptoHash (vircryptotest.c:41)
==27453==    by 0x402A11: virtTestRun (testutils.c:199)
==27453==    by 0x401AD5: mymain (vircryptotest.c:76)
==27453==    by 0x40318D: virtTestMain (testutils.c:782)
==27453==    by 0x3E6CE1ED1C: (below main) (libc-start.c:226)
==27453==

...and many more.  Two observations: hashstrlen was already set
to include the trailing NUL byte (so writing to hashstrlen as
the array offset was indeed writing one byte beyond bounds), and
VIR_ALLOC_N already guarantees zero-initialization (so we already
have a trailing NUL without needing to explicitly write one).

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-03-12 16:01:30 -06:00
Ján Tomko
f14c8a6be5 Fix type mismatch of virNetDev*NetConfig on non-Linux
Commit b4bbaee changed char* to const char*, but omitted
the non-Linux version.
2014-03-12 18:17:39 +01:00
Chunyan Liu
6225cb3df5 add pci passthrough to libxl driver
Add pci passthrough to libxl driver, support attach-device, detach-device and
start a vm with pci hostdev specified.
2014-03-12 17:03:50 +00:00
Chunyan Liu
98c5c53d69 add hostdev pci backend type for xen
Add VIR_DOMAIN_HOSTDEV_PCI_BACKEND_XEN. For legacy xen, it will use "pciback" as
stub driver.
2014-03-12 17:03:23 +00:00
Chunyan Liu
53aba258b2 change lxc_hostdev.c to use virhostdev common library APIs 2014-03-12 17:03:18 +00:00
Chunyan Liu
7becc46225 Add parameter checks/annotations to hostdev APIs
Mark many parameters as NONNULL and check for empty list of
hostdevs.
2014-03-12 16:53:33 +00:00
Chunyan Liu
e991b09ddd add 3 wrapper functions for prepare/reattach/update domain hostdevs 2014-03-12 16:53:20 +00:00
Chunyan Liu
4dd9f103fa improve virHostdevUpdate* parameters to make it more widely used
Changes parameter from vm def to specific hostdevs info and name info, so that
it could be used more widely, e.g, could be used without full vm def info.
2014-03-12 16:41:32 +00:00
Daniel P. Berrange
a65e6d3626 Capitalize USB, PCI and SCSI in hostdev variables
Change any variable names with Usb, Pci or Scsi to use
USB, PCI and SCSI since they are abbreviations.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-03-12 16:38:18 +00:00
Daniel P. Berrange
e9a60dcc7c Remove redundant duplicated 'Hostdev' string method names
Some virHostdevXXXX methods included the string Hostdev again
as a suffix. Change the latter to Device instead.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-03-12 16:35:30 +00:00
Chunyan Liu
7be4bddea1 Capitalize USB, PCI and SCSI in hostdev methods
Change any method names with Usb, Pci or Scsi to use
USB, PCI and SCSI since they are abbreviations.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-03-12 16:20:01 +00:00
Daniel P. Berrange
b4bbaeef41 Fixed const-ness of parameters in netdev/hostdev code
Various methods in virnetdev.c and virhostdev.c were missing
const-ness for several char * parameters.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-03-12 16:03:06 +00:00
Chunyan Liu
1c6ee84c9d improve parameter name to let it more meaningful 2014-03-12 16:03:06 +00:00
Chunyan Liu
1fabf06ca5 move virHostdevNodeDevice* to virhostdev.c 2014-03-12 16:03:06 +00:00
Chunyan Liu
de4aace4b0 extract general code of NodeDeviceReset 2014-03-12 16:03:06 +00:00
Chunyan Liu
1f12cef642 extract general code of NodeDeviceReAttach 2014-03-12 16:03:06 +00:00
Chunyan Liu
fdb313c4b2 extract general code of NodeDeviceDetach 2014-03-12 16:03:06 +00:00
Chunyan Liu
a4797138ad move virHostdevReAttachHostScsiDevices to virhostdev.c 2014-03-12 16:03:06 +00:00
Chunyan Liu
1136b8c153 pass driver name as parameter to virHostdevReAttachScciHostdevs 2014-03-12 16:03:06 +00:00
Chunyan Liu
b473b58344 extract general code from qemuDomainReAttachHostScsiDevices
Extract general code from qemuDomainReAttachHostScsiDevices to
virHostdevDomainReAttachHostScsiDevices.
2014-03-12 16:03:06 +00:00
Chunyan Liu
2d961cf3ba move virHostdevReAttachUsbHostdevs to virhostdev.c 2014-03-12 16:03:05 +00:00
Chunyan Liu
1ba06c3adf pass driver name as paramter to virHostdevReAttachUsbHostdevs 2014-03-12 16:03:05 +00:00
Chunyan Liu
08ae90266a extract general code from qemuDomainReAttachHostUsbDevices
Extract general code from qemuDomainReAttachHostUsbDevices to
virHostdevDomainReAttachHostUsbDevices.
2014-03-12 16:03:05 +00:00
Chunyan Liu
5035f75fed move virHostdevPrepareHostSCSIDevices to virhostdev.c 2014-03-12 16:03:05 +00:00
Chunyan Liu
c82c274581 pass driver name as parameter to virHostdevPrepareSCSIDevices 2014-03-12 16:03:05 +00:00
Chunyan Liu
313437ac64 extract general code from qemuPrepareHostSCSIDevices
Extract general code from qemuPrepareHostSCSIDevices to
virHostdevPrepareHostSCSIDevices.
2014-03-12 16:03:05 +00:00
Chunyan Liu
1c310c609c move virHostdevPrepareHostUSBDevices to virhostdev.c 2014-03-12 16:03:05 +00:00
Chunyan Liu
7972571142 pass driver name to virHostdevPrepareUSBDevices 2014-03-12 16:03:05 +00:00
Chunyan Liu
27da1757c8 rename qemu*USBDevices to virHostdev*USBDevices 2014-03-12 16:03:05 +00:00
Chunyan Liu
b7508481f1 extract general code from qemuPrepareHostUSBDevices
Extract general code from qemuPrepareHostUSBDevices to
virHostdevPrepareHostUSBDevices.
2014-03-12 16:03:05 +00:00
Chunyan Liu
00729f4559 move virHostdevUpdate* functions to virhostdev.c 2014-03-12 16:03:05 +00:00
Chunyan Liu
d44a20470e pass driver_name as parameter of virHostdevUpdate*Hostdevs functions 2014-03-12 16:03:05 +00:00
Chunyan Liu
e57f929dc1 extract general code from qemuUpdateActiveScsiHostdevs
Extract general code from qemuUpdateActiveScsiHostdevs to
virHostdevUpdateActiveScsiHostdevs
2014-03-12 16:03:05 +00:00
Chunyan Liu
ccf9d0f392 extract general code from qemuUpdateActiveUsbHostdevs
Extract general code from qemuUpdateActiveUsbHostdevs to
virHostdevUpdateActiveUsbHostdevs.
2014-03-12 16:03:05 +00:00
Chunyan Liu
94d505ba15 extract general code from qemuUpdateActivePciHostdevs
Extract general code from qemuUpdateActivePciHostdevs to
virHostdevUpdateActivePciHostdevs.
2014-03-12 16:03:05 +00:00
Chunyan Liu
899b261127 move virHostdevPrepare(ReAttach)PCIDevices to virhostdev.c 2014-03-12 16:03:05 +00:00
Daniel P. Berrange
63d4dd0336 rename qemuReAttachPciDevice to virHostdevReAttachPciDevice
Signed-off-by: Chunyan Liu <cyliu@suse.com>
2014-03-12 16:03:05 +00:00
Chunyan Liu
82e8dd4cf8 Conditionally wait for kvm_assigned_device cleanup
Only wait for kvm device cleanup if the driver is pci-stub
2014-03-12 16:03:05 +00:00
Chunyan Liu
4e46107e43 pass driver name as a parameter to virHostdevReAttachPCIDevices 2014-03-12 16:03:04 +00:00
Chunyan Liu
66dbc559a2 extract general code from qemuDomainReAttachHostdevDevices 2014-03-12 16:03:04 +00:00
Chunyan Liu
24786df527 pass driver name as a parameter to virHostdevPrepareHostdevPCIDevices 2014-03-12 16:03:04 +00:00
Chunyan Liu
4a3bc4902d rename qemuGet*PciHostDeviceList to virHostdevGet*PciHostDeviceList 2014-03-12 16:03:04 +00:00
Chunyan Liu
5a4f783608 rename qemu*NetConfigRestore/Replace to virHostdevNetConfigRestore/Replace 2014-03-12 16:03:04 +00:00
Chunyan Liu
996af57387 extract general code from qemuPrepareHostdevPCIDevices
Extract general code from qemuPrepareHostdevPCIDevices to
virHostdevPrepareHostdevPCIDevices.
2014-03-12 16:03:04 +00:00
Chunyan Liu
2c71d38269 qemu_hostdev: move netconfig file location to virhostdev stateDir 2014-03-12 16:03:04 +00:00
Chunyan Liu
e3c9e3a35b qemu_hostdev: move ColdBoot as a flag
For extracting hostdev codes from qemu_hostdev.c to common library, change qemu
specific COLD_BOOT handling to be a flag, and pass it to hostdev functions.
2014-03-12 16:03:04 +00:00
Chunyan Liu
3a331da883 qemu_hostdev: move cfg->relaxedACS as a flag
For extracting hostdev codes from qemu_hostdev.c to common library, change qemu
specific cfg->relaxedACS handling to be a flag, and pass it to hostdev
functions.
2014-03-12 16:03:04 +00:00
Chunyan Liu
0d4efed02b lxc: use general virhostdev lists instead of its own 2014-03-12 16:03:04 +00:00
Chunyan Liu
e640e98fa4 qemu: use general virhostdev lists instead of its own 2014-03-12 16:03:04 +00:00
Chunyan Liu
b5d5eb9bc5 qemu: remove functions used internally only from qemu_hostdev.h 2014-03-12 16:03:04 +00:00
Chunyan Liu
802c59d4b9 qemu: reuse hostdev interfaces to avoid duplicate
Same logic of preparing/reattaching hostdevs could be used in attach/detach
hotplug places, so reuse hostdev interfaces to avoid duplicate, also for later
extracting general code to common library.
2014-03-12 16:03:04 +00:00
Chunyan Liu
95fa4906b2 update qemuPrepareHostUSBDevices parameters to keep consistency
Update parameters from vm->def to specific name, hostdevs, nhostdevs to keep
consistentcy with PreparePCIDevices and PrepareSCSIDevices. And, at the same
time, make it reusable in later patch.
2014-03-12 16:03:04 +00:00
Chunyan Liu
6b306d66fa virhostdev: use virObject to virHostdevManager to keep reference
Use virObject to virHostdevManager, so that each driver using virHostdevManager
can keep a reference to it, and through counting refs to make virHostdevManager
get freed.
2014-03-12 16:03:04 +00:00
Jiri Denemark
e562e82f76 Load CPU map from builddir when run uninstalled
When libvirtd is run from a build directory without being installed, it
should not depend on files from a libvirt package installed in the
system. Not only because there may not be any libvirt installed at all.
We already do a good job for plugins but cpu_map.xml was still loaded
from the system.

The Makefile.am change is necessary to make this all work from VPATH
builds since libvirtd has no idea where to find libvirt sources. It only
knows the path from which it was started, i.e, a builddir.

https://bugzilla.redhat.com/show_bug.cgi?id=1074327
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2014-03-12 16:31:57 +01:00
Ján Tomko
7b91dc3ecd Introduce vircommandpriv.h for functions used by tests
So far it's just virCommandSetDryRun.
2014-03-12 15:53:16 +01:00
Ján Tomko
94b57a9de0 Use size_t for ndevice in pool source definition
This allows it to be used by the VIR_*_ELEMENT macros.

Also use them for parsing the definiton and remove the redundant
freeing of 'nodeset' before jumping to the cleanup label.
2014-03-12 15:51:40 +01:00
Ján Tomko
20f0cd4ca3 Introduce virStoragePoolSourceDeviceClear
Open-coding one VIR_FREE in the test suite just doesn't seem right.
2014-03-12 15:51:40 +01:00
Ján Tomko
cc8bc54bfc Change virStorageBackendISCSISession 'probe' arg to bool
It quacks like a bool.
2014-03-12 15:51:40 +01:00
Stefan Berger
41064facd4 nwfilter: Add missing goto err_exit in error path
https://bugzilla.redhat.com/show_bug.cgi?id=1071095

Add a missing goto err_exit in the error path where an unsupported
value is assigned to the CTRL_IP_LEARNING key.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
2014-03-12 10:35:13 -04:00
Daniel P. Berrange
06e788e518 Fix sec label setup when attaching to QEMU processes
When attaching to a QEMU process, the def->seclabels array is
going to be empty. The qemuProcessAttach method must thus
populate it with data for the security drivers.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-03-12 13:14:38 +00:00
Eric Blake
359f4b11a6 qemu: don't munge user input during block commit
While investigating https://bugzilla.redhat.com/show_bug.cgi?id=1061827
I noticed that we pass user input unscathed for block-pull, but
always pass a canonical absolute name through for block-commit.
[Note that we probably _ought_ to validate that the user's request
for block-pull actually matches the backing chain, the way we already
do for block-commit - but that's a separate issue.  Further note that
the ability to pass user input through unscathed allows backdoors
such as specifying a backing image that is a network URI such as
a gluster disk, instead of forcing things to the local file system;
which is an area still under active investigation on whether libvirt
needs to behave differently for network disks.]

Since qemu may write the name that the user passed in as the backing
file, a user may have a reason to want a relative file name passed
through to qemu, and always munging things to absolute prevents that.

Put another way, if you have the backing chain:

[A] <- [B(back=./A)] <- [C(back=./B)]

and commit B into A (virsh blockcommit $dom vda --base A --top B),
the metadata of C will have to be re-written. But should it be
rewritten as [C(back=./A)] or as [C(back=/path/to/A)]?  Still up in
the air is whether qemu's decision should be based on whether B
and/or C had relative paths, or on whether the --base and/or
--top arguments to the command were relative paths; but if we always
pass a canonical name, we've prevented the spelling of the command
arguments from being part of the hueristics that qemu uses.

I also audited the code, and verified that we never call
qemuMonitorBlockCommit() with a NULL base, either before or after
the change to qemu_driver.c.

* src/qemu/qemu_driver.c (qemuDomainBlockCommit): Preserve user's
spelling, since absolute vs. relative matters to qemu.
* src/qemu/qemu_monitor.h (qemuMonitorBlockCommit): Base is never
null.
* src/qemu/qemu_monitor.c (qemuMonitorBlockCommit): Likewise.
* src/qemu/qemu_monitor_json.h (qemuMonitorJSONBlockCommit):
Likewise.
* src/qemu/qemu_monitor_json.c (qemuMonitorJSONBlockCommit):
Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-03-11 17:53:19 -06:00
Eric Blake
e686ce8aa2 iptables: don't log command probe failures
Commit b9dd878f caused a regression in iptables interaction by
logging non-zero status at a higher level than VIR_INFO.  Revert
that portion of the commit, as well as adding a comment explaining
why we check the status ourselves.

Reported by Nehal J Wani.

* src/util/viriptables.c (virIpTablesOnceInit): Undo log regression.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-03-11 17:43:47 -06:00
Jim Fehlig
f68246ac94 libxl: support sexpr in native to XML conversion
Supporting sexpr in connectDomainXMLFromNative in the libxl driver
adds flexibility for users importing legacy Xen configuration into
libvirt.  E.g. this patch allows importing previous xend-managed
domains from /var/lib/xend/domains/<dom-uuid>/config.sxp into the
libvirt libxl driver.
2014-03-11 14:31:08 -06:00
John Ferlan
ea10cd76f8 storage: Fix bugs in VIR_APPEND_ELEMENT series
From commit id 'd53bbfd1'

Found one core and one possible memory leak. Core seen during local
virt-test/tp_libvirt run for the vol_create_from test. The memory leak
was seen by inspection during a review of all VIR_APPEND_ELEMENT changes

In storage_backend_disk/virStorageBackendDiskMakeDataVol(), the 'vol'
needs to be kept around since it's used later, so use the _COPY macro.
This caused a segv in libvirtd:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffe87c3700 (LWP 6919)]
virStorageBackendDiskMakeDataVol (vol=0x0, groups=0x7fffc8000d70, pool=0x7fffc8002460) at storage/storage_backend_disk.c:66
66          if (vol->target.path == NULL) {

In storage_backend_rbd/virStorageBackendRBDRefreshPool() there's a failure
path where the 'vol' needs to go through virStorageVolDefFree() since it
wouldn't be appended.
2014-03-11 15:51:47 -04:00
Daniel P. Berrange
cfb92c9b0c Remove broken error reporting in QEMU mac filtering
The qemu_bridge_filter.c file had some helpers for calling
the ebtablesXXX functions todo bridge filtering. The only
thing these helpers did was to overwrite the original error
message from the ebtables code. For added fun, the callers
of these helpers overwrote the errors yet again. For even
more fun, one of the helpers called another helper and
overwrite its errors too.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-03-11 11:04:55 +00:00
Daniel P. Berrange
dafa39adbc Remove unused ebtablesRemoveForwardPolicyReject method
The ebtablesRemoveForwardPolicyReject method was unused and
would not do anything useful even if called.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-03-11 11:01:52 +00:00
Daniel P. Berrange
6e69008f3e Remove worthless ebtRules data structure
The ebtRules data structure serves no useful purpose as
the table name is never used and only 1 single chain name
needs to be stored. Just store the chain name directly
in the ebtablesContext instead.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-03-11 11:01:52 +00:00
Daniel P. Berrange
78629cf531 Remove data structure holding list of ebtables rules
When adding/removing ebtables rules, the code would keep
an array of all rules in memory. This list of rules was
never used for any purpose and would be lost if libvirtd
restarted. Delete all the unused code.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-03-11 11:01:52 +00:00
Daniel P. Berrange
ca3dafef41 Remove unused variables from ebtablesContext
The input_filter and nat_postrouting variables were never
used to create any firewall rules.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-03-11 11:01:51 +00:00
Daniel P. Berrange
c383e13a37 Make ebtablesForwardPolicyReject static
The ebtablesForwardPolicyReject method is only used internally
to the ebtables code and thus should have been static.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-03-11 11:01:51 +00:00
Daniel P. Berrange
184d464661 Remove decl of method which doesn't exist in virebtables.h
There is no impl of the ebtablesSaveRules method and nothing
attempts to use it.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-03-11 11:01:51 +00:00
Daniel P. Berrange
a84f9bd555 Remove many decls from bridge driver platform header
The bridge_driver_platform.h defines many functions that
a platform driver must implement. Only two of these
functions are actually called from the main bridge driver
code. The remainder can be made internal to the linux
driver only.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-03-11 11:01:51 +00:00
Daniel P. Berrange
cbde35899b Cache result of QEMU capabilities extraction
Extracting capabilities from QEMU takes a notable amount of time
when all QEMU binaries are installed. Each system emulator
needs about 200-300ms multiplied by 26 binaries == ~5-8 seconds.

This change causes the QEMU driver to save an XML file containing
the content of the virQEMUCaps object instance in the cache
dir eg /var/cache/libvirt/qemu/capabilities/$SHA256(binarypath).xml
or $HOME/.cache/libvirt/qemu/cache/capabilities/$SHA256(binarypath).xml

We attempt to load this and only if it fails, do we fallback to
probing the QEMU binary. The ctime of the QEMU binary and libvirtd
are stored in the cached file and its data discarded if either
of them change.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-03-11 10:59:00 +00:00
Daniel P. Berrange
f5059a929e Change QEMU capabilities cache to check ctime instead of mtime
Debian's package manager will preserve mtime timestamp on binaries
from the time they are built, rather than installed. So if a
user downgrades their QEMU dpkg, the libvirt capabilities
cache will not refresh. The fix is to use ctime instead of mtime
since it cannot be faked.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-03-11 10:52:29 +00:00
Daniel P. Berrange
10ec072545 Add helper APIs to track if libvirtd or loadable modules have changed
The future QEMU capabilities cache needs to be able to invalidate
itself if the libvirtd binary or any loadable modules are changed
on disk. Record the 'ctime' value for these binaries and provide
helper APIs to query it. This approach assumes that if libvirt.so
is changed, then libvirtd will also change, which should usually
be the case with libtool's wrapper scripts that cause libvirtd to
get re-linked

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-03-11 10:51:49 +00:00
Michal Privoznik
f5796b61cc virSecurityDACSetSecurityImageLabel: Unmark @def as unused
The @def is clearly used just a few lines below. There's no need to use
ATTRIBUTE_UNUSED for it.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-03-11 11:18:06 +01:00
Stefan Berger
6768b21033 BZ1072677: Avoid freeing of 0 file descriptor
Avoid the freeing of an array of zero file descriptors in case
of error. Initialize the array to -1 using memset.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
2014-03-10 18:47:19 -04:00
Daniel P. Berrange
ed839f9aef Convert lock driver plugins to use new crypto APIs
Convert the sanlock and lockd lock driver plugins over to use
the new virCryptoHashString APIs instead of having their own
duplicated code.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-03-10 16:44:14 +00:00
Daniel P. Berrange
3a7fe8d508 Add helper APIs for generating cryptographic hashes
GNULIB provides APIs for calculating md5 and sha256 hashes,
but these APIs only return you raw byte arrays. Most users
in libvirt want the hash in printable string format. Add
some helper APIs in util/vircrypto.{c,h} for doing this.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-03-10 16:39:18 +00:00
Ján Tomko
9b9d7704b5 Change file names in comments to match the files they are in
Some of these are leftovers from renaming the files, others
are just typos.

Also introduce an ugly awk script to enforce this.
2014-03-10 14:26:04 +01:00
Michal Privoznik
17d6a91854 src/xenxs: Utilize more of VIR_(APPEND|INSERT|DELETE)_ELEMENT
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-03-10 13:45:11 +01:00
Michal Privoznik
ce17ddacca src/xen: Utilize more of VIR_(APPEND|INSERT|DELETE)_ELEMENT
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-03-10 13:45:11 +01:00
Michal Privoznik
fb9bec1055 src/util: Utilize more of VIR_(APPEND|INSERT|DELETE)_ELEMENT
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-03-10 13:45:11 +01:00
Michal Privoznik
7e89de172d src/test: Utilize more of VIR_(APPEND|INSERT|DELETE)_ELEMENT
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-03-10 13:45:10 +01:00
Michal Privoznik
d53bbfd159 src/storage: Utilize more of VIR_(APPEND|INSERT|DELETE)_ELEMENT
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-03-10 13:45:10 +01:00
Michal Privoznik
ba52e4c715 src/rpc: Utilize more of VIR_(APPEND|INSERT|DELETE)_ELEMENT
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-03-10 13:45:10 +01:00
Michal Privoznik
5ab80fc1ae src/qemu: Utilize more of VIR_(APPEND|INSERT|DELETE)_ELEMENT
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-03-10 13:45:10 +01:00
Michal Privoznik
3f8b040d9a src/phyp: Utilize more of VIR_(APPEND|INSERT|DELETE)_ELEMENT
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-03-10 13:45:10 +01:00
Michal Privoznik
d7d06cc183 src/parallels: Utilize more of VIR_(APPEND|INSERT|DELETE)_ELEMENT
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-03-10 13:45:10 +01:00
Michal Privoznik
d9e4d5cb7c src/openvz: Utilize more of VIR_(APPEND|INSERT|DELETE)_ELEMENT
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-03-10 13:45:10 +01:00
Michal Privoznik
6c1bde6a94 src/nwfilter: Utilize more of VIR_(APPEND|INSERT|DELETE)_ELEMENT
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-03-10 13:45:10 +01:00
Michal Privoznik
6fca03f0a0 src/lxc/: Utilize more of VIR_(APPEND|INSERT|DELETE)_ELEMENT
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-03-10 13:45:10 +01:00
Michal Privoznik
2133441a07 conf: Utilize more of VIR_(APPEND|INSERT|DELETE)_ELEMENT
This fixes a possible double free. In virNetworkAssignDef() if
virBitmapNew() fails, then virNetworkObjFree(network) is called.
However, with network->def pointing to actual @def. So if caller
frees @def again, ...

Moreover, this fixes one possible memory leak too. In
virInterfaceAssignDef() if appending to the list of interfaces
fails, we ought to call virInterfaceObjFree() instead of bare
VIR_FREE().

Although, in order to do that some array size variables needs
to be turned into size_t rather than int.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-03-10 13:45:10 +01:00
Daniel P. Berrange
925de19ed7 Add a mutex to serialize updates to firewall
The nwfilter conf update mutex previously serialized
updates to the internal data structures for firewall
rules, and updates to the firewall itself. The latter
was recently turned into a read/write lock, and filter
instantiation allowed to proceed in parallel. It was
believed that this was ok, since each filter is created
on a separate iptables/ebtables chain.

It turns out that there is a subtle lock ordering problem
on virNWFilterObjPtr instances. __virNWFilterInstantiateFilter
will hold a lock on the virNWFilterObjPtr it is instantiating.
This in turn invokes virNWFilterInstantiate which then invokes
virNWFilterDetermineMissingVarsRec which then invokes
virNWFilterObjFindByName. This iterates over every single
virNWFilterObjPtr in the list, locking them and checking their
name. So if 2 or more threads try to instantiate a filter in
parallel, they'll all hold 1 lock at the top level in the
__virNWFilterInstantiateFilter method which will cause the
other thread to deadlock in virNWFilterObjFindByName.

The fix is to add an exclusive mutex to serialize the
execution of __virNWFilterInstantiateFilter.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-03-10 11:56:45 +00:00
John Ferlan
ea1eadd6a3 virscsi: Introduce virSCSIDeviceUsedByInfoFree
This resolves a Coverity RESOURCE_LEAK issue introduced by commit
id 'de6fa535' where the virSCSIDeviceSetUsedBy() didn't VIR_FREE
the 'copy' or possibly VIR_STRDUP()'d values.  It also ensures that
the VIR_APPEND_ELEMENT is successful...
2014-03-07 12:24:44 -05:00
Michael Chapman
1af9800b55 virIdentityGetSystem: don't fail if SELinux is disabled
If SELinux is compiled into libvirt but it is disabled on the host,
libvirtd logs:

  error : virIdentityGetSystem:173 : Unable to lookup SELinux process
  context: Invalid argument

on each and every client connection.

Use is_selinux_enabled() to skip retrieval of the process's SELinux
context if SELinux is disabled.

Signed-off-by: Michael Chapman <mike@very.puzzling.org>
2014-03-07 15:01:33 +01:00
Martin Kletzander
45ad1adb4a qemu: Reject unsupported tuning in session mode
When domain is started with setting that cannot be done, i.e. those
that require cgroups, there is no error reported and it succeeds
without any message whatsoever.

When setting with API, virsh, an error is reported, but only due to
the fact that no cgroups are mounted (priv->cgroup == NULL).

Given the above it seems reasonable to reject such unsupported
settings.

This patch effectively changes the error message from:

$ virsh -c qemu:///session schedinfo dummy
Scheduler      : Unknown
error: Requested operation is not valid: cgroup CPU controller is not mounted

to:

$ virsh -c qemu:///session schedinfo dummy
Scheduler      : Unknown
error: Operation not supported: CPU tuning is not available in session mode

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1023366

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2014-03-06 15:29:07 +01:00
Michael Chapman
e5cd28c023 datatypes: update comments of Dispose functions
As of commit 46ec5f85, the conn.lock mutex does not need to be held
when calling any vir*Dispose() function in datatypes.c (via virObjectUnref()).

Signed-off-by: Michael Chapman <mike@very.puzzling.org>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2014-03-06 09:39:49 +01:00
Peter Krempa
3e04d65a07 qemu: monitor: Provide more information in generic block job error
The qemuMonitorJSONBlockJob handles a few errors internally. If qemu
returns a different error we would report a rather unhelpful message:

 $ virsh blockpull gluster-job vda --base /dev/null
 error: internal error: Unexpected error

As the actual message from qemu contains a bit more info, let's use it
to report something a little more useful:

 $ virsh blockpull gluster-job vda --base /dev/null
 error: internal error: Unexpected error: (GenericError) 'Base '/dev/null' not found'
2014-03-05 15:08:56 +01:00
Peter Krempa
46446313e8 storage: Don't lie about path used to look up in error message
In storageVolLookupByPath the provided path is "sanitized" at first.
This removes some extra slashes and stuff. When the lookup of the volume
fails the original path is used which makes it hard to trace errors in
some cases.

Improve the error message to print the sanitized path along with the
user provided path if they are not equal.
2014-03-05 09:22:09 +01:00
Peter Krempa
7fb3902b0f storage: Avoid mangling paths of non-local filesystems when looking up
When looking up a volume by path on a non-local filesystem don't use the
"cleaned" path that might be mangled in such a way that it will differ
from a path provided by a storage backend.

Skip the cleanup step for gluster, sheepdog and RBD.
2014-03-05 09:20:05 +01:00
Peter Krempa
429bf2534c storage: Error out when attempting to vol-upload into a remote pool
Pools that are not backed by files in the filesystem cause problems with
some APIs. Error out when attempting to upload a volume in such a pool
as currently we expect a local file representation for it.
2014-03-05 09:08:32 +01:00
Peter Krempa
e45c30ee69 storage: Use cleanup label instead of out 2014-03-05 09:08:32 +01:00
Chunyan Liu
6b4c0a635e add virhostdev files to maintain global state of host devices
Signed-off-by: Chunyan Liu <cyliu@suse.com>
2014-03-04 12:28:45 +00:00
Chunyan Liu
de6fa535b0 add 'driver' info to used_by
Specify which driver and which domain in used_by area to avoid conflict among
different drivers.

Signed-off-by: Chunyan Liu <cyliu@suse.com>
2014-03-04 12:24:13 +00:00
Cédric Bosdonnat
9194ccecf1 apparmor: handle "none" type 2014-03-04 11:26:59 +00:00
Cédric Bosdonnat
ef7dc7d429 add support for apparmor in lxc-enter-namespace 2014-03-04 11:15:47 +00:00
Cédric Bosdonnat
500b2e9655 apparmor: add debug traces when changing profile.
The reason for these is that aa-status doesn't show the process using
the profile as they are in another namespace.
2014-03-04 11:07:05 +00:00
Cédric Bosdonnat
43c030f046 LXC driver: generate apparmor profiles for guests
use_apparmor() was first designed to be called from withing libvirtd,
but libvirt_lxc also uses it. in libvirt_lxc, there is no need to check
whether to use apparmor or not: just use it if possible.
2014-03-04 11:07:05 +00:00
Peter Krempa
a31bd18f43 qemu: monitor: Fix error message and comment when getting cpu info
In qemuMonitorJSONExtractCPUInfo an error message hinted on missing
character device data which is wrong.

Also a comment states that only qemu-kvm tree includes the thread_id
field. This is no longer true.
2014-03-04 11:17:52 +01:00
Peter Krempa
d410e6f19d qemu: snapshot: Use better check when reverting external snapshots
https://bugzilla.redhat.com/show_bug.cgi?id=1071264

Reverting of external snapshots is not supported currently. The check
that is present doesn't properly check for all aspects that make a
snapshot external. Use virDomainSnapshotIsExternal() to do the check.
2014-03-04 11:12:44 +01:00
Michal Privoznik
042c4ab1c9 qemuBuildNicDevStr: Adapt to new advisory on multiqueue
As I did previously in 4f588a1b46, libvirt needs to set virtio vectors.
Previously, we were advised to use vectors=N, where

N = 2 * (number of queues) + 1

However, just recently this advisory has changed on the Multiquue wiki
page [1] to:

N = 2 * (number of queues) + 2

1: http://www.linux-kvm.org/page/Multiqueue#Enable_MQ_feature

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-03-04 10:43:05 +01:00
Ján Tomko
12ee0b98d3 Check if systemd is running before creating machines
If systemd is installed, but is not the init system,
systemd-machined fails with an unhelpful error message:
Launch helper exited with unknown return code 1

Currently we only check if the "machine1" service is
available (in ListActivatableNames).
Also check if "systemd1" service is registered with DBus
(ListNames).

This fixes https://bugs.gentoo.org/show_bug.cgi?id=493246#c22
2014-03-04 09:14:52 +01:00
Ján Tomko
65a4cb03c7 Split out most of virDBusIsServiceEnabled
Introduce virDBusIsServiceInList which can be used to call other
methods for listing services (ListNames), not just ListActivatableNames.

No functional change, fixed the 'Retruns' typo.
2014-03-04 09:14:52 +01:00
Eric Blake
b75c7bd6b9 build: fix cppi warning
Jenkins pointed out that the previous commit violates syntax
check when cppi is installed.

* src/nwfilter/nwfilter_dhcpsnoop.c (SNOOP_POLL_MAX_TIMEOUT_MS):
Update indentation.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-03-03 14:02:42 -07:00
Stefan Berger
49b59a151f nwfilter: Increase buffer size for libpcap
Libpcap 1.5 requires a larger buffer than previous pcap versions.
Adjust the size of the buffer to 128kb.

This patch should address symptoms in BZ 1071181 and BZ 731059

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
2014-03-03 15:13:50 -05:00
Stefan Berger
64df4c7518 nwfilter: Display the pcap errror message
Display the pcap error message in the log.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
2014-03-03 15:13:47 -05:00
Stefan Berger
a718eb19e3 nwfilter: Cap the poll timeout in the DHCP Snooping code
Cap the poll timeout in the DHCP Snooping code to a max. of 10 seconds
to not hold up the libvirt shutdown longer than this.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
2014-03-03 15:13:44 -05:00
Eric Blake
25f87817ab virFork: simplify semantics
The old semantics of virFork() violates the priciple of good
usability: it requires the caller to check the pid argument
after use, *even when virFork returned -1*, in order to properly
abort a child process that failed setup done immediately after
fork() - that is, the caller must call _exit() in the child.
While uses in virfile.c did this correctly, uses in 'virsh
lxc-enter-namespace' and 'virt-login-shell' would happily return
from the calling function in both the child and the parent,
leading to very confusing results. [Thankfully, I found the
problem by inspection, and can't actually trigger the double
return on error without an LD_PRELOAD library.]

It is much better if the semantics of virFork are impossible
to abuse.  Looking at virFork(), the parent could only ever
return -1 with a non-negative pid if it misused pthread_sigmask,
but this never happens.  Up until this patch series, the child
could return -1 with non-negative pid if it fails to set up
signals correctly, but we recently fixed that to make the child
call _exit() at that point instead of forcing the caller to do
it.  Thus, the return value and contents of the pid argument are
now redundant (a -1 return now happens only for failure to fork,
a child 0 return only happens for a successful 0 pid, and a
parent 0 return only happens for a successful non-zero pid),
so we might as well return the pid directly rather than an
integer of whether it succeeded or failed; this is also good
from the interface design perspective as users are already
familiar with fork() semantics.

One last change in this patch: before returning the pid directly,
I found cases where using virProcessWait unconditionally on a
cleanup path of a virFork's -1 pid return would be nicer if there
were a way to avoid it overwriting an earlier message.  While
such paths are a bit harder to come by with my change to a direct
pid return, I decided to keep the virProcessWait change in this
patch.

* src/util/vircommand.h (virFork): Change signature.
* src/util/vircommand.c (virFork): Guarantee that child will only
return on success, to simplify callers.  Return pid rather than
status, now that the situations are always the same.
(virExec): Adjust caller, also avoid open-coding process death.
* src/util/virprocess.c (virProcessWait): Tweak semantics when pid
is -1.
(virProcessRunInMountNamespace): Adjust caller.
* src/util/virfile.c (virFileAccessibleAs, virFileOpenForked)
(virDirCreate): Likewise.
* tools/virt-login-shell.c (main): Likewise.
* tools/virsh-domain.c (cmdLxcEnterNamespace): Likewise.
* tests/commandtest.c (test23): Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-03-03 12:40:32 -07:00
Eric Blake
b9dd878ff8 util: make it easier to grab only regular command exit
Auditing all callers of virCommandRun and virCommandWait that
passed a non-NULL pointer for exit status turned up some
interesting observations.  Many callers were merely passing
a pointer to avoid the overall command dying, but without
caring what the exit status was - but these callers would
be better off treating a child death by signal as an abnormal
exit.  Other callers were actually acting on the status, but
not all of them remembered to filter by WIFEXITED and convert
with WEXITSTATUS; depending on the platform, this can result
in a status being reported as 256 times too big.  And among
those that correctly parse the output, it gets rather verbose.
Finally, there were the callers that explicitly checked that
the status was 0, and gave their own message, but with fewer
details than what virCommand gives for free.

So the best idea is to move the complexity out of callers and
into virCommand - by default, we return the actual exit status
already cleaned through WEXITSTATUS and treat signals as a
failed command; but the few callers that care can ask for raw
status and act on it themselves.

* src/util/vircommand.h (virCommandRawStatus): New prototype.
* src/libvirt_private.syms (util/command.h): Export it.
* docs/internals/command.html.in: Document it.
* src/util/vircommand.c (virCommandRawStatus): New function.
(virCommandWait): Adjust semantics.
* tests/commandtest.c (test1): Test it.
* daemon/remote.c (remoteDispatchAuthPolkit): Adjust callers.
* src/access/viraccessdriverpolkit.c (virAccessDriverPolkitCheck):
Likewise.
* src/fdstream.c (virFDStreamCloseInt): Likewise.
* src/lxc/lxc_process.c (virLXCProcessStart): Likewise.
* src/qemu/qemu_command.c (qemuCreateInBridgePortWithHelper):
Likewise.
* src/xen/xen_driver.c (xenUnifiedXendProbe): Simplify.
* tests/reconnect.c (mymain): Likewise.
* tests/statstest.c (mymain): Likewise.
* src/bhyve/bhyve_process.c (virBhyveProcessStart)
(virBhyveProcessStop): Don't overwrite virCommand error.
* src/libvirt.c (virConnectAuthGainPolkit): Likewise.
* src/openvz/openvz_driver.c (openvzDomainGetBarrierLimit)
(openvzDomainSetBarrierLimit): Likewise.
* src/util/virebtables.c (virEbTablesOnceInit): Likewise.
* src/util/viriptables.c (virIpTablesOnceInit): Likewise.
* src/util/virnetdevveth.c (virNetDevVethCreate): Fix debug
message.
* src/qemu/qemu_capabilities.c (virQEMUCapsInitQMP): Add comment.
* src/storage/storage_backend_iscsi.c
(virStorageBackendISCSINodeUpdate): Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-03-03 12:40:32 -07:00
Eric Blake
c72e76c3d9 util: make it easier to grab only regular process exit
Right now, a caller waiting for a child process either requires
the child to have status 0, or must use WIFEXITED() and friends
itself.  But in many cases, we want the middle ground of treating
fatal signals as an error, and directly accessing the normal exit
value without having to use WEXITSTATUS(), in order to easily
detect an expected non-zero exit status.  This adds the middle
ground to the low-level virProcessWait; the next patch will add
it to virCommand.

* src/util/virprocess.h (virProcessWait): Alter signature.
* src/util/virprocess.c (virProcessWait): Add parameter.
(virProcessRunInMountNamespace): Adjust caller.
* src/util/vircommand.c (virCommandWait): Likewise.
* src/util/virfile.c (virFileAccessibleAs): Likewise.
* src/lxc/lxc_container.c (lxcContainerHasReboot)
(lxcContainerAvailable): Likewise.
* daemon/libvirtd.c (daemonForkIntoBackground): Likewise.
* tools/virt-login-shell.c (main): Likewise.
* tools/virsh-domain.c (cmdLxcEnterNamespace): Likewise.
* tests/testutils.c (virtTestCaptureProgramOutput): Likewise.
* tests/commandtest.c (test23): Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-03-03 12:40:31 -07:00
Eric Blake
8b24a803ad util: preserve exit status from mount namespace callback
The documentation of namespace callbacks was inconsistent on whether
it preserved positive return values.  Now that we have a dedicated
EXIT_CANCELED to flag all errors before getting to the callback,
it is possible to use positive return values (not that any of the
current callers do, but it is better to match the docs).

Also, while vircommand.c is careful to close fds that a child should
not have, it's still better to be in the practice of setting
FD_CLOEXEC up front.

* src/util/virprocess.c (virProcessRunInMountNamespace): Tweak
return value to pass back non-zero status.  Avoid leaking pipe fds
to other threads.
* src/util/virprocess.h: Fix comment.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-03-03 12:40:31 -07:00
Eric Blake
2b4f162eb4 util: make it easier to reflect child exit status
Thanks to namespaces, we have a couple of places in the code
base that want to reflect a child exit status, including the
ability to detect death by a signal, back to a grandparent.
Best to make it a reusable function.

* src/util/virprocess.h (virProcessExitWithStatus): New prototype.
* src/libvirt_private.syms (util/virprocess.h): Export it.
* src/util/virprocess.c (virProcessExitWithStatus): New function.
* tests/commandtest.c (test23): Test it.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-03-03 12:40:31 -07:00
Eric Blake
631923e7f2 virFork: give specific status on failure prior to exec
When a child fails without exec'ing, we want a well-known status;
best is to match what env(1), nice(1), su(1), and other wrapper
programs do.  This patch adds enum values that later patches will
use, and sets up virFork as the first client of EXIT_CANCELED
for errors detected prior to even attempting exec, as well as
virExec to distinguish between a missing executable vs. a binary
that cannot be executed.

This is a slight semantic change in the unlikely case of a child
process failing to restore its signal mask - we now kill the
child with a known status instead of relying on the caller to
notice and do an appropriate _exit().  A subsequent patch will
make further cleanups based on an audit of all callers.

* src/internal.h (EXIT_CANCELED, EXIT_CANNOT_INVOKE)
(EXIT_ENOENT): New enum.
* src/util/vircommand.c (virFork): Document specific exit value if
child aborts early.
(virExec): Distinguish between various exec failures.
* tests/commandtest.c (test1): Enhance test.
(test22): New test.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-03-03 12:40:31 -07:00
Eric Blake
f972a7c72c nwfilter: make ignoring non-zero status easier to follow
While auditing all callers of virCommandRun, I noticed that nwfilter
code never paid attention to commands with a non-zero status; they
were merely passing a pointer to avoid spamming the logs with a
message about commands that might indeed fail.  But proving this
required chasing through a lot of code; refactoring things to
localize the decision of whether to ignore non-zero status makes
it easier to prove that later changes to virFork don't negatively
affect this code.

While at it, I also noticed that ebiptablesRemoveRules would
actually report success if the child process failed for a
reason other than non-zero status, such as OOM.

* src/nwfilter/nwfilter_ebiptables_driver.c (ebiptablesExecCLI):
Change parameter from pointer to bool.
(ebtablesApplyBasicRules, ebtablesApplyDHCPOnlyRules)
(ebtablesApplyDropAllRules, ebtablesCleanAll)
(ebiptablesApplyNewRules, ebiptablesTearNewRules)
(ebiptablesTearOldRules, ebiptablesAllTeardown)
(ebiptablesDriverInitWithFirewallD)
(ebiptablesDriverTestCLITools, ebiptablesDriverProbeStateMatch):
Adjust all clients.
(ebiptablesRemoveRules): Likewise, and fix return value on failure.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-03-03 12:40:31 -07:00
Oleg Strikov
72bddd5f2f qemu: Implement a stub cpuArchDriver.baseline() handler for arm
Openstack Nova calls virConnectBaselineCPU() during initialization
of the instance to get a full list of CPU features.
This patch adds a stub to arm-specific code to handle
this request (no actual work is done).

Signed-off-by: Oleg Strikov <oleg.strikov@canonical.com>
2014-03-03 11:06:25 -05:00
Daniel P. Berrange
36ff4ed1ec Generate a unique journald log for QEMU capabilities failure
When probing QEMU capabilities fails for a binary generate a
log message with MESSAGE_ID==8ae2f3fb-2dbe-498e-8fbd-012d40afa361.

This can be directly queried from journald based on the UUID
instead of needing string grep. This lets tools like libguestfs'
bug reporting tool trivially do automated sanity tests on the
host they're running on.

 $ journalctl MESSAGE_ID=8ae2f3fb-2dbe-498e-8fbd-012d40afa361
 Feb 21 17:11:01 localhost.localdomain lt-libvirtd[9196]:
 Failed to probe capabilities for /bin/qemu-system-alpha:
 internal error: Child process (LC_ALL=C LD_LIBRARY_PATH=
 /home/berrange/src/virt/libvirt/src/.libs PATH=/usr/lib64/
 ccache:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:
 /usr/bin:/root/bin HOME=/root USER=root LOGNAME=root
 /bin/qemu-system-alpha -help) unexpected exit status 127:
 /bin/qemu-system-alpha: error while loading shared libraries:
 libglapi.so.0: cannot open shared object file: No such file
 or directory

 $ journalctl MESSAGE_ID=8ae2f3fb-2dbe-498e-8fbd-012d40afa361 --output=json
 { ...snip...
  "LIBVIRT_SOURCE" : "file",
  "PRIORITY" : "3",
  "CODE_FILE" : "qemu/qemu_capabilities.c",
  "CODE_LINE" : "2770",
  "CODE_FUNC" : "virQEMUCapsLogProbeFailure",
  "MESSAGE_ID" : "8ae2f3fb-2dbe-498e-8fbd-012d40afa361",
  "LIBVIRT_QEMU_BINARY" : "/bin/qemu-system-xtensa",
  "MESSAGE" : "Failed to probe capabilities for /bin/qemu-system-xtensa:
   internal error: Child process (LC_ALL=C LD_LIBRARY_PATH=/home/berrange
   /src/virt/libvirt/src/.libs PATH=/usr/lib64/ccache:/usr/local/sbin:
   /usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin HOME=/root
   USER=root LOGNAME=root /bin/qemu-system-xtensa -help) unexpected
   exit status 127: /bin/qemu-system-xtensa: error while loading shared
   libraries: libglapi.so.0: cannot open shared object file: No such
    file or directory\n" }

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-03-03 11:42:37 +00:00
Roman Bogorodskiy
e2d85e6fa1 bhyve: add basic documentation 2014-03-01 23:44:58 +04:00
Roman Bogorodskiy
ae49a093c8 bhyve: defined domains should be persistent 2014-03-01 11:44:19 +04:00
Roman Bogorodskiy
91f396b33b bhyve: support domain undefine
Implement domainUndefine and required helper functions:
 - domainIsActive
 - domainIsPersistent
2014-02-28 23:23:44 +04:00
Daniel P. Berrange
f223b96051 Add comments describing the different log sources
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-02-28 17:38:46 +00:00
Daniel P. Berrange
0915053e97 Include error domain and code in log messages from errors
When a virError is raised, pass the error domain and code
onto the systemd journald using metadata fields.

This allows error messages to be queried by code eg

  $ journalctl LIBVIRT_CODE=43

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-02-28 17:38:46 +00:00
Daniel P. Berrange
21d370f0b9 Fix journald PRIORITY values
The systemd journal expects log record PRIORITY values to
be encoded using the syslog compatible numbering scheme,
not libvirt's own native numbering scheme. We must therefore
apply a conversion.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-02-28 17:37:38 +00:00
Daniel P. Berrange
54209df345 Send virLogMetadata fields onto the journal
The systemd journal accepts arbitrary user specified log
fields. These can be passed into virLogMessage via the
virLogMetadata structure. Allow up to 5 custom fields to
be reported by libvirt callers.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-02-28 17:37:38 +00:00
Oleg Strikov
97962616c1 qemu: Enable 'host-passthrough' cpu mode for arm
This patch allows libvirt user to specify 'host-passthrough'
cpu mode while using qemu/kvm backend on arm (arm32).
It uses 'host' as a CPU model name instead of some other stub
(correct CPU detection is not implemented yet) to allow libvirt
user to specify 'host-model' cpu mode as well.

Signed-off-by: Oleg Strikov <oleg.strikov@canonical.com>
2014-02-28 11:31:00 -05:00
Michal Privoznik
1df00e2b22 virDomainBlockStats(Flags): Produce saner error message on empty disk path
As of 0bd2ccdec an empty disk path for virDomainBlockStats (or the one
with Flags) is allowed meaning "get me overall summarized statistics".
However, running 'virsh domblkstat $dom' throws a misleading error:

  # ./tools/virsh domblkstat dom
  error: Failed to get block stats dom
  error: invalid argument: invalid path:

while after this commit

  # virsh domblkstat dom
  error: Operation not supported: summary statistics are not supported yet

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-02-28 09:50:01 +01:00
Jiri Denemark
8f10c1e77f sanlock: Truncate domain names longer than SANLK_NAME_LEN
Libvirt uses a domain name to fill in owner_name in sanlock_options in
virLockManagerSanlockAcquire. Unfortunately, owner_name is limited to
SANLK_NAME_LEN characters (including trailing '\0'), which means domains
with longer names fail to start when sanlock is enabled. However, we can
truncate the name when setting owner_name as explained by sanlock's
author:

Setting sanlk_options or the owner_name is unnecessary, and has very
little to no benefit.  If you do provide something in owner_name, it can
be anything, sanlock doesn't care or use it.

If you run the command "sanlock status", the output will display a list
of clients connected to the sanlock daemon.  This client list is
displayed as "pid owner_name" if the client has provided an owner_name
via sanlk_options. This debugging output is the only usage of
owner_name, so its only benefit is to potentially provide a more human
friendly output for debugging purposes.
2014-02-27 09:32:41 +01:00
Ian Campbell
bf5dbce61e libxl: Recognise ARM architectures
Only tested on v7 but the v8 equivalent seems pretty obvious.

XEN_CAP_REGEX already accepts more than it should (e.g. x86_64p or x86_32be)
but I have stuck with the existing pattern.

With this I can create a guest from:
  <domain type='xen'>
    <name>libvirt-test</name>
    <uuid>6343998e-9eda-11e3-98f6-77252a7d02f3</uuid>
    <memory>393216</memory>
    <currentMemory>393216</currentMemory>
    <vcpu>1</vcpu>
    <os>
      <type arch='armv7l' machine='xenpv'>linux</type>
      <kernel>/boot/vmlinuz-arm-native</kernel>
      <cmdline>console=hvc0 earlyprintk debug root=/dev/xvda1</cmdline>
    </os>
    <clock offset='utc'/>
    <on_poweroff>destroy</on_poweroff>
    <on_reboot>restart</on_reboot>
    <on_crash>destroy</on_crash>
    <devices>
      <disk type='block' device='disk'>
        <source dev='/dev/marilith-n0/debian-disk'/>
        <target dev='xvda1'/>
      </disk>
      <interface type='bridge'>
        <mac address='8e:a7:8e:3c:f4:f6'/>
        <source bridge='xenbr0'/>
      </interface>
    </devices>
  </domain>

Using virsh create and I can destroy it too.

Currently virsh console fails with:
  Connected to domain libvirt-test
  Escape character is ^]
  error: internal error: cannot find character device <null>

I haven't investigated yet.

Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2014-02-26 06:33:23 -07:00
Laine Stump
eed46d4cfe network: unplug bandwidth and call networkRunHook only when appropriate
According to commit b4e0299d if networkAllocateActualDevice() was
successful, it will *always* allocate an iface->data.network.actual,
so we can use this during networkReleaseActualDevice() to know if
there is really anything to undo. We were properly using this
information to only decrement the network connections counter if it
had previously been incremented, but we were unconditionally
unplugging bandwidth and calling the "unplugged" network hook for
*all* interfaces (during qemuProcessStop()) whether they had been
previously plugged or not. This caused problems if a domain failed to
start at some time prior to all interfaces being allocated. (I
encountered this when an interface had a bandwidth floor set but no
inbound QoS).

This patch changes both the call to networkUnplugBandwidth() and the
call to networkRunHook() to only be called if there was a previous
call to "plug" for the same interface.
2014-02-26 13:08:56 +02:00
Laine Stump
0700a3dac4 network: don't even call networkRunHook if there is no network
networkAllocateActualDevice() is called for *all* interfaces, not just
those with type='network'. In that case, it will jump down to its
validate: label immediately, without allocating anything. After
validation is done, two counters are potentially updated (one for the
network, and one for any particular physical device that is chosen),
and then networkRunHook() is called.

This patch refactors that code a slight bit so that networkRunHook()
doesn't get called if netdef is NULL (i.e. type != network) and to
place the conditional increment of dev->connections inside the "if
(netdef)" as well - dev can never be non-null if netdef is null
(because "dev" is the pointer to a device in a network's pool of
devices), so this doesn't have any functional effect, it just makes
the code clearer.
2014-02-26 13:03:49 +02:00
Nehal J Wani
969493f91d Fix memory leak in virSCSIDeviceListDel()
While running virscsitest, it was found that valgrind pointed out the following
memory leak:

==320== 5 bytes in 1 blocks are definitely lost in loss record 4 of 37
==320==    at 0x4A069EE: malloc (vg_replace_malloc.c:270)
==320==    by 0x3E6CE81171: strdup (strdup.c:43)
==320==    by 0x4CB28DF: virStrdup (virstring.c:554)
==320==    by 0x4CAC987: virSCSIDeviceSetUsedBy (virscsi.c:289)
==320==    by 0x402321: test2 (virscsitest.c:100)
==320==    by 0x403231: virtTestRun (testutils.c:199)
==320==    by 0x402121: mymain (virscsitest.c:180)
==320==    by 0x4039AD: virtTestMain (testutils.c:782)
==320==    by 0x3E6CE1ED1C: (below main) (libc-start.c:226)
==320==

Introduced by commit fd243fc.
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2014-02-26 11:41:40 +01:00
Michal Privoznik
c0d162c68c virNetDevVethCreate: Serialize callers
Consider dozen of LXC domains, each of them having this type of interface:

    <interface type='network'>
      <mac address='52:54:00:a7:05:4b'/>
      <source network='default'/>
    </interface>

When starting these domain in parallel, all workers may meet in
virNetDevVethCreate() where a race starts. Race over allocating veth
pairs because allocation requires two steps:

  1) find first nonexistent '/sys/class/net/vnet%d/'
  2) run 'ip link add ...' command

Now consider two threads. Both of them find N as the first unused veth
index but only one of them succeeds allocating it. The other one fails.
For such cases, we are running the allocation in a loop with 10 rounds.
However this is very flaky synchronization. It should be rather used
when libvirt is competing with other process than when libvirt threads
fight each other. Therefore, internally we should use mutex to serialize
callers, and do the allocation in loop (just in case we are competing
with a different process). By the way we have something similar already
since 1cf97c87.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-02-26 08:50:47 +01:00
Eric Blake
fa2e4dbfd6 build: fix cgroups on non-Linux
Running ./autobuild.sh detected a mingw failure:

  CCLD     libvirt.la
Cannot export virCgroupGetPercpuStats: symbol not defined
Cannot export virCgroupSetOwner: symbol not defined

* src/util/vircgroup.c (virCgroupGetPercpuStats)
(virCgroupSetOwner): Implement stubs.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-02-25 17:38:46 -07:00
Jim Fehlig
4d975deddd libxl: queue domain event earlier in shutdown handler
The shutdown handler may restart a domain when handling a reboot
event or when <on_*> is set to 'restart'.  Restarting consists of
calling libxlVmCleanup followed by libxlVmStart.  libxlVmStart will
emit a VIR_DOMAIN_EVENT_STARTED event, but the SHUTDOWN event is
not emitted until exiting the shutdown handler, after the STARTED
event.

This patch changes the logic a bit to queue the event at the start
of the shutdown action, ensuring it is queued before any subsequent
events that may be generated while executing the shutdown action.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
2014-02-25 10:54:04 -07:00
Laine Stump
2122cf3979 network: include plugged interface XML in "plugged" network hook
The network hook script gets called whenever an interface is plugged
into or unplugged from a network, but even though the full XML of both
the network and the domain is included, there is no reasonable way to
determine what exact resources the plugged interface is using:

1) Prior to a recent patch which modified the status XML of interfaces
to include the information about actual hardware resources used, it
would be possible to scan through the domain XML output sent to the
hook, and from there find the correct interface, but that interface
definition would not include any runtime info (e.g. bandwidth or vlan
taken from a portgroup, or which physdev was used in case of a macvtap
network).

2) After the patch modifying the status XML of interfaces, the network
name would no longer be included in the domain XML, so it would be
completely impossible to determine which interface was the one being
plugged.

To solve that problem, this patch includes a single <interface>
element at the beginning of the XML sent to the network hook for
"plugged" and "unplugged" (just inside <hookData>) that is the status
XML of the interface being plugged. This XML will include all info
gathered from the chosen network and portgroup.

NB: due to hardcoded spaces in all of the device *Format() functions,
the <interface> element inside the <hookData> will be indented by 6
spaces rather than 2. I had intended to fix this, but it turns out
that to make virDomainNetDefFormat() indentation relative, I would
have to do the same to virDomainDeviceInfoFormat(), and that function
is called from 19 places - making that a prerequisite of this patch
would cause too many merge difficulties if we needed to backport
network hooks, so I chose to ignore the problem here and fix the
problem for *all* devices in a followup later.
2014-02-25 16:07:36 +02:00
Laine Stump
7d5bf48474 conf: output actual netdev status in <interface> XML
Until now, the "live" XML status of an <interface type='network'>
device would always show the network information, rather than the
exact hardware device that was used. It would also show the name of
any portgroup the interface belonged to, rather than providing the
configuration that was derived from that portgroup. As an example,
given the following network definition:

[A]
  <network>
    <name>testnet</name>
    <forward type='bridge' dev='p4p1_0'>
      <interface dev='p4p1_0'/>
      <interface dev='p4p1_1'/>
      <interface dev='p4p1_2'/>
      <interface dev='p4p1_3'/>
    </forward>
    <portgroup name='admin'>
      <bandwidth>
          <inbound average='1000' peak='5000' burst='1024'/>
          <outbound average='128' peak='256' burst='256'/>
      </bandwidth>
    </portgroup>
  </network>

and the following domain <interface>:

[B]
  <interface type='network'>
    <source network='testnet' portgroup='admin'/>
  </interface>

the output of "virsh dumpxml $domain" while the domain was running
would yield something like this:

[C]
  <interface type='network'>
    <source network='testnet' portgroup='admin'/>
    <target dev='macvtap0'/>
    <alias name='net0'/>
    <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
  </interface>

In order to learn the exact bandwidth information of the interface, a
management application would need to retrieve the XML for testnet,
then search for the portgroup named "admin". Even worse, there was no
simple and standard way to learn which host physdev the macvtap0
device is attached to.

Internally, libvirt has always kept this information in the
virDomainDef that is held in memory, as well as storing it in the
(libvirt-internal-only) domain status XML (in
/var/run/libvirt/qemu/$domain.xml). In order to not confuse the runtime
"actual state" with the config of the device, it's internally stored
like this:

[D]
  <interface type='network'>
    <source network='testnet' portgroup='admin'/>
    <actual type='direct'>
      <source dev='p4p1_0' mode='bridge'/>
      <bandwidth>
          <inbound average='1000' peak='5000' burst='1024'/>
          <outbound average='128' peak='256' burst='256'/>
      </bandwidth>
    </actual>
    <target dev='macvtap0'/>
    <alias name='net0'/>
    <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
  </interface>

This was never exposed outside of libvirt though, because I thought it
would be too awkward for a management application to need to look in
two places for the same information, but I also wasn't sure that it
would be okay to overwrite the config info (in this case "<source
network='testnet' portgroup='admin'/>") with the actual runtime info
(everything inside <actual> above).

Now we have a need for this information to be made available to
management applications (in particular, so that a network "plugged"
hook will have full information about the device that is being plugged
in), so it's time to take the leap and decide that it is acceptable
for the config info to be replaced with actual runtime state (but
*only* when reporting domain live status, *not* when saving state in
/var/run/libvirt/qemu/$domain.xml - that remains the same so that
there is no loss of information). That is what this patch does - once
applied, the output of "virsh dumpxml $domain" when the domain is
running will contain something like this:

[E]
  <interface type='direct'>
    <source dev='p4p1_0' mode='bridge'/>
    <bandwidth>
        <inbound average='1000' peak='5000' burst='1024'/>
        <outbound average='128' peak='256' burst='256'/>
    </bandwidth>
    <target dev='macvtap0'/>
    <alias name='net0'/>
    <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
  </interface>

In effect, everything that is internally stored within <actual> is
moved up a level to where a management application will expect
it. This means that the management application will only look in a
single place to learn - the type of interface in use, the name of the
physdev (if relevant), the <bandwidth>, <vlan>, and <virtualport>
settings in use.

The potential downside is that a management app looking at this output
will not see that the physdev 'p4p1_0' was actually allocated from the
network named 'testnet', or that the bandwidth numbers were taken from
the portgroup 'admin'. However, if they are interested in that info,
they can always get the "inactive" XML for the domain.

An example of where this could cause problems is in virt-manager's
network device display, which shows the status of the device, but
allows you to edit that status info and save it as the new
config. Previously virt-manager would always display the information
in example [C] above, and allow editing that. With this patch, it will
instead display what is in [E] and allow editing it directly, which
could lead to some confusion. I would suggest that virt-manager have
an "edit" button which would change the display from the "live" xml to
the "inactive" xml, so that editing would be done on that; such a
change would both handle the new situation, and also be compatible
with older releases.
2014-02-25 16:06:43 +02:00
Laine Stump
9da98aa5e1 conf: new function virDomainActualNetDefContentsFormat
This function is currently only called from one place, but in a
subsequent patch will be called from a 2nd place.

The new function exactly replicates the original behavior of the part
of virDomainActualNetDefFormat() that it replaces, but takes a
virDomainNetDefPtr instead of virDomainActualNetDefPtr, and uses the
virDomainNetGetActual*() functions whenever possible, rather than
reaching into def->data.network.actual - this is to be sure that we
are reporting exactly what is being used internally, just in case
there are any discrepancies (there shouldn't be).
2014-02-25 16:04:26 +02:00
Laine Stump
65487c0fc5 conf: re-situate <bandwidth> element in <interface>
This moves the call to virNetDevBandwidthFormat() in
virDomainNetDefFormat() to be called right after the call to
virNetDevVPortProfileFormat(), so that a single chunk of that function
can be placed inside an if that conditionally calls
virDomainActualNetDefContentsFormat() instead (next patch). The
re-ordering necessitates modifying a couple of test data files.
2014-02-25 16:03:05 +02:00
Laine Stump
7c39214cd4 conf: make virDomainNetDefFormat a public function
We will need to call virDomainNetDefFormat() from the network hook (in
the network driver).
2014-02-25 16:01:39 +02:00
Laine Stump
79358733b0 conf: handle null pointer in virNetDevVlanFormat
Other *Format() functions (e.g. virNetDevBandwidthFormat()) return
with no action when called with a NULL *Def pointer. This makes
virNetDevVlanFormat() consistent with that behavior.
2014-02-25 15:56:12 +02:00
Laine Stump
6d4ffae4fc conf: clarify what is returned for actual bandwidth and vlan
In practice, if a virDomainNetDef has a virDomainActualNetDef
allocated, the ActualNetDef will *always* contain the bandwidth and
vlan data from the NetDef (unless there was also a portgroup involved
- see networkAllocateActualDevice()).

However, virDomainNetGetActual(Bandwidth|Vlan)() were coded to make it
appear as if it might be possible to have a valid bandwidth/vlan in
the NetDef, but a NULL in the ActualNetDef. Believing this un-truth
could lead to writing unnecessarily defensive code when dealing with
the virDomainGetActual*() functions, so this patch makes it more
obvious:

   If there is an ActualNetDef, it will always have a copy of the
   various appropriate bits from its parent NetDef, and the
   virDomainGetActual* function will *always* return the data from the
   ActualNetDef, not from the NetDef.

The reason for this effective-NOP patch is that a subsequent patch to
change virDomainNetDefFormat will rely on the above rule.
2014-02-25 15:55:19 +02:00
Wido den Hollander
60f70542f9 rbd: Set timeout options for librados
These timeout values make librados/librbd return -ETIMEDOUT when a
operation is blocking due to a failing/unreachable Ceph cluster.

By having the operations time out libvirt will not block.
2014-02-25 11:14:44 +01:00
Wido den Hollander
761491eb7c rbd: Include return statuses from librados/librbd in logging
With this information it's easier for the user to debug what is
going wrong.
2014-02-25 11:14:28 +01:00
Jim Fehlig
cfad607b23 libxl: handle on_crash coredump actions
Add support for coredump-{destroy,restart} actions of <on_crash> event.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
2014-02-24 10:39:44 -07:00
Jim Fehlig
c2de456e4e libxl: add dump dir to libxlDriverConfig object
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
2014-02-24 10:27:53 -07:00
Jim Fehlig
51b9b39127 libxl: honor domain lifecycle event configuration
The libxl driver was ignoring the <on_*> domain event configuration,
causing e.g. a domain to be rebooted even when on_reboot is set to
destroy.

This patch honors the <on_*> configuration in the shutdown event
handler.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
2014-02-24 10:26:52 -07:00
Richard Weinberger
6fb42d7cdc Ensure systemd cgroup ownership is delegated to container with userns
This function is needed for user namespaces, where we need to chmod()
the cgroup to the initial uid/gid such that systemd is allowed to
use the cgroup.

Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-02-24 15:35:47 +00:00
Roman Bogorodskiy
8ca5f46c59 bhyve: implement node information reporting
- Implement nodeGetCPUStats using nodeGetCPUStats()
- Implement nodeGetMemoryStats using nodeGetMemoryStats()
2014-02-24 19:03:46 +04:00
Daniel P. Berrange
66e3a3e914 Add virStringReplace method for substring replacement
Add a virStringReplace method to virstring.{h,c} to perform
substring matching and replacement

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-02-24 10:51:22 +00:00
Manuel VIVES
12aa71dfde Add virStringSearch method for regex matching
Add a virStringSearch method to virstring.{c,h} which performs
a regex match against a string and returns the matching substrings.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-02-24 10:46:28 +00:00
Michal Privoznik
68954fb25c virNetServerRun: Notify systemd that we're accepting clients
Systemd does not forget about the cases, where client service needs to
wait for daemon service to initialize and start accepting new clients.
Setting a dependency in client is not enough as systemd doesn't know
when the daemon has initialized itself and started accepting new
clients. However, it offers a mechanism to solve this. The daemon needs
to call a special systemd function by which the daemon tells "I'm ready
to accept new clients". This is exactly what we need with
libvirtd-guests (client) and libvirtd (daemon). So now, with this
change, libvirt-guests.service is invoked not any sooner than
libvirtd.service calls the systemd notify function.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-02-24 10:54:48 +01:00
Michal Privoznik
ba79e3879e virSystemdCreateMachine: Set dependencies for slices
https://bugzilla.redhat.com/show_bug.cgi?id=1031696

When creating a new domain, we let systemd know about it by calling
CreateMachine() function via dbus. Systemd then creates a scope and
places domain into it. However, later when the host is shutting
down, systemd computes the shutdown order to see what processes can
be shut down in parallel. And since we were not setting
dependencies at all, the slices (and thus domains) were most likely
killed before libvirt-guests.service. So user domains that had to
be saved, shut off, whatever were in fact killed.  This problem can
be solved by letting systemd know that scopes we're creating must
not be killed before libvirt-guests.service.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-02-24 10:21:00 +01:00
Ján Tomko
57e17a74b7 Ignore additional fields in iscsiadm output
There has been a new field introduced in iscsiadm --mode session
output [1], but our regex only expects four fields. This breaks
startup of iscsi pools:
error: Failed to start pool iscsi
error: internal error: cannot find session

Fix this by ignoring anything after the fourth field.

https://bugzilla.redhat.com/show_bug.cgi?id=1067173

[1] https://github.com/mikechristie/open-iscsi/commit/181af9a
2014-02-21 10:35:57 +01:00
Ján Tomko
abf1daf0d7 Add a stub for virCgroupGetDomainTotalCpuStats
Commit 6515889 broke the build on FreeBSD:
In function `qemuDomainGetCPUStats':
/../../src/qemu/qemu_driver.c:16102:
undefined reference to `virCgroupGetDomainTotalCpuStats'
2014-02-21 09:10:48 +01:00
Jim Fehlig
84a6209d7f libxl: queue shutdown event on domain shutdown
Emit libvirt shutdown event when receiving LIBXL_SHUTDOWN_REASON_POWEROFF
event from libxl.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
2014-02-20 15:50:06 -07:00
Jim Fehlig
d716d942e2 libxl: always use libxlVmCleanupJob in shutdown thread
Commit e4a0e900 missed calling libxlVmCleanupJob in the shutdown
handler when processing a reboot event.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
2014-02-20 11:50:33 -07:00
Eric Blake
60f7303c15 qemu: adjust maxmem/maxvcpu computation
https://bugzilla.redhat.com/show_bug.cgi?id=1038363

If a domain has a different maximum for persistent and live maxmem
or max vcpus, then it is possible to hit cases where libvirt
refuses to adjust the current values or gets halfway through
the adjustment before failing.  Better is to determine up front
if the change is possible for all requested flags.

Based on an idea by Geoff Franks.

* src/qemu/qemu_driver.c (qemuDomainSetMemoryFlags): Compute
correct maximum if both live and config are being set.
(qemuDomainSetVcpusFlags): Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-02-20 11:27:16 -07:00
Daniel P. Berrange
432a3fee3b Rename virDomainGetRootFilesystem to virDomainGetFilesystemForTarget
The virDomainGetRootFilesystem method can be generalized to allow
any filesystem path to be obtained.

While doing this, start a new test case for purpose of testing various
helper methods in the domain_conf.{c,h} files, such as this one.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-02-20 15:50:46 +00:00
Daniel P. Berrange
cb9b3bc257 Fix multiple bugs in LXC domainMemoryStats driver
The virCgroupXXX APIs' return value must be checked for
being less than 0, not equal to 0.

An VIR_ERR_OPERATION_INVALID error must also be raised
when the VM is not running to prevent a crash on NULL
priv->cgroup field.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-02-20 15:32:49 +00:00
Thorsten Behrens
0bd2ccdecc Widening API change - accept empty path for virDomainBlockStats
And provide domain summary stat in that case, for lxc backend.
Use case is a container inheriting all devices from the host,
e.g. when doing application containerization.
2014-02-20 16:20:09 +01:00
Thorsten Behrens
dcc85c603e Implement lxcDomainBlockStats* for lxc driver
Adds lxcDomainBlockStatsFlags and lxcDomainBlockStats functions.
2014-02-20 16:20:09 +01:00
Thorsten Behrens
4b3b2f6ceb Implement domainGetCPUStats for lxc driver. 2014-02-20 16:20:09 +01:00
Thorsten Behrens
65158899b7 Make qemuGetDomainTotalCPUStats a virCgroup function.
To reuse this from other drivers, like lxc.
2014-02-20 16:20:09 +01:00
Thorsten Behrens
192604ddee Implement domainMemoryStats API slot for LXC driver. 2014-02-20 16:20:09 +01:00
Thorsten Behrens
a2bb187c7e Add util virCgroupGetBlkioIo*Serviced methods.
This reads blkio stats from blkio.throttle.io_service_bytes and
blkio.throttle.io_serviced.
2014-02-20 16:20:09 +01:00
Richard Weinberger
39aad72510 lxc: Add destroy support for suspended domains
Destroying a suspended domain needs special action.
We cannot simply terminate all process because they are frozen.
Do deal with that we send them SIGKILL and thaw them.
Upon wakeup the process sees the pending signal and dies immediately.

Signed-off-by: Richard Weinberger <richard@nod.at>
2014-02-20 10:46:31 +01:00
Ján Tomko
057d26b2ac Fix build of portallocator on mingw
IN6ADDR_ANY_INIT does not seem to be working as expected on MinGW:
error: missing braces around initializer [-Werror=missing-braces]
         .sin6_addr = IN6ADDR_ANY_INIT,

Use the in6addr_any variable instead.

Reported by Daniel P. Berrange.
2014-02-20 10:16:07 +01:00
Michal Privoznik
83c404ff9b networkRunHook: Run hook only if possible
Currently, networkRunHook() is called in networkAllocateActualDevice and
friends. These functions, however, doesn't necessarily work on networks,
For example, if domain's interface is defined in this fashion:

    <interface type='bridge'>
      <mac address='52:54:00:0b:3b:16'/>
      <source bridge='virbr1'/>
      <model type='rtl8139'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x09' function='0x0'/>
    </interface>

The networkAllocateActualDevice jumps directly onto 'validate' label as
the interface is not type of 'network'. Hence, @network is left
initialized to NULL and networkRunHook(network, ...) is called. One of
the things that the hook function does is dereference @network. Soupir.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-02-20 08:56:17 +01:00
Jim Fehlig
e6dcb0e2a1 libxl: use job functions in libxlDomainSetSchedulerParametersFlags
Modify operation that needs to wait in the queue of modify jobs.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
2014-02-19 11:10:01 -07:00
Jim Fehlig
7d9ff81603 libxl: use job functions in libxlDomainSetAutostart
Setting autostart is a modify operation that needs to wait in the
queue of modify jobs.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
2014-02-19 11:10:01 -07:00
Jim Fehlig
85ff3d7aec libxl: use job functions in device attach and detach functions
These operations aren't necessarily time consuming, but need to
wait in the queue of modify jobs.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
2014-02-19 11:10:01 -07:00
Jim Fehlig
7df46cff6b libxl: use job functions in vcpu set and pin functions
These operations aren't necessarily time consuming, but need to
wait in the queue of modify jobs.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
2014-02-19 11:10:01 -07:00
Jim Fehlig
f9e6b7024c libxl: use job functions in libxlDomainCoreDump
Dumping a domain's core can take considerable time.  Use the
recently added job functions and unlock the virDomainObj while
dumping core.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
2014-02-19 11:10:00 -07:00
Jim Fehlig
341870b10d libxl: use job functions in domain save operations
Saving domain memory and cpu state can take considerable time.
Use the recently added job functions and unlock the virDomainObj
while saving the domain.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
2014-02-19 11:10:00 -07:00
Jim Fehlig
e4a0e900d3 libxl: use job functions when cleaning up a domain
When explicitly destroying a domain (libxlDomainDestroyFlags), or
handling an out-of-band domain shutdown event, cleanup the domain
in the context of a job.  Introduce libxlVmCleanupJob to wrap
libxlVmCleanup in a job block.
2014-02-19 11:10:00 -07:00
Jim Fehlig
f5bc5bd4df libxl: use job functions in libxlDomain{Suspend,Resume}
These operations aren't necessarily time consuming, but need to
wait in the queue of modify jobs.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
2014-02-19 11:10:00 -07:00
Jim Fehlig
ac1444c35f libxl: use job functions in libxlDomainSetMemoryFlags
Large balloon operation can be time consuming.  Use the recently
added job functions and unlock the virDomainObj while ballooning.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
2014-02-19 11:10:00 -07:00
Jim Fehlig
491593e840 libxl: use job functions in libxlVmStart
Creating a large domain could potentially be time consuming.  Use the
recently added job functions and unlock the virDomainObj while
the create operation is in progress.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
2014-02-19 11:10:00 -07:00
Jim Fehlig
4b4b61c329 libxl: Add job support to libxl driver
Follows the pattern used in the QEMU driver for managing multiple,
simultaneous jobs within the driver.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
2014-02-19 11:10:00 -07:00
Jim Fehlig
343119a44b libxl: remove libxlVmReap function
This function, which only has five call sites, simply calls
libxl_domain_destroy and libxlVmCleanup.  Call those functions
directly at the call sites, allowing more control over how a
domain is destroyed and cleaned up.  This patch maintains the
existing semantic, leaving changes to a subsequent patch.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
2014-02-19 11:10:00 -07:00
Jim Fehlig
219d34cfe2 libxl: always set vm id to -1 on shutdown
Once a domain has reached the shutdown state, set its ID to -1.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
2014-02-19 11:10:00 -07:00
Oleg Strikov
41b9b71877 qemu: Use virtio network device for aarch64/virt
This patch changes network device type used by default from rtl8139
to virtio when architecture type is aarch64 and machine type is virt.
Qemu doesn't support any other machine types for aarch64 right now and
we can't make any other aarch64-specific tuning in this function yet.

Signed-off-by: Oleg Strikov <oleg.strikov@canonical.com>
2014-02-19 10:46:10 -05:00
Roman Bogorodskiy
0eb4a5f4f1 bhyve: add a basic driver
At this point it has a limited functionality and is highly
experimental. Supported domain operations are:

  * define
  * start
  * destroy
  * dumpxml
  * dominfo

It's only possible to have only one disk device and only one
network, which should be of type bridge.
2014-02-19 14:21:50 +00:00
Li Zhang
cffa51b81d Add a default USB keyboard and USB mouse for PPC64
There is no keyboard working on PPC64 and PS2 mouse is only for X86
when graphics are enabled.

Add a USB keyboard and USB mouse for PPC64 when graphics are enabled.

Signed-off-by: Li Zhang <zhlcindy@linux.vnet.ibm.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2014-02-19 09:16:31 +01:00
Li Zhang
2a81430c85 xen: format xen config for USB keyboard
Signed-off-by: Li Zhang <zhlcindy@linux.vnet.ibm.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2014-02-19 09:16:31 +01:00
Li Zhang
78730478aa qemu: format qemu command line for USB keyboard
Format qemu command line for USB keyboard
and add test cases for it.

Signed-off-by: Li Zhang <zhlcindy@linux.vnet.ibm.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2014-02-19 09:16:31 +01:00
Li Zhang
f5ffd45f4c qemu: Add USB keyboard capability
Add USB keyboard capability probing and test cases.

Signed-off-by: Li Zhang <zhlcindy@linux.vnet.ibm.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2014-02-19 09:16:31 +01:00
Li Zhang
b39275954b conf: Remove the implicit PS2 devices for non-X86 platforms
PS2 devices only work on X86 platform, other platforms may need
USB devices instead. Athough it doesn't influence the QEMU command line,
it's not right to add PS2 mouse/keyboard for non-X86 platform.

Signed-off-by: Li Zhang <zhlcindy@linux.vnet.ibm.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2014-02-19 09:16:31 +01:00
Li Zhang
bc18373391 conf: Add keyboard input device type
There is no keyboard support currently in libvirt.

For some platforms (PPC64 QEMU) this makes graphics unusable,
since the keyboard is not implicit and it can't be added via libvirt.

Signed-off-by: Li Zhang <zhlcindy@linux.vnet.ibm.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2014-02-19 09:16:31 +01:00
Li Zhang
f608a713f6 conf: Add one interface to add default input devices
Use it for the default mouse.

Signed-off-by: Li Zhang <zhlcindy@linux.vnet.ibm.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2014-02-19 09:16:30 +01:00
Michal Privoznik
4d88294483 bridge_driver.h: Fix build --without-network
The networkNotifyActualDevice function is accepting two arguments, not
one:

qemu/qemu_process.c: In function 'qemuProcessNotifyNets':
qemu/qemu_process.c:2776:47: error: macro "networkNotifyActualDevice" passed 2 arguments, but takes just 1
         if (networkNotifyActualDevice(def, net) < 0)
                                               ^

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-02-18 19:52:39 +01:00
Ján Tomko
adc8b2afbb Fix conflicting types of virInitctlSetRunLevel
aebbcdd didn't change the non-linux definition of the function,
breaking the build on FreeBSD:

../../src/util/virinitctl.c:164: error: conflicting types for
'virInitctlSetRunLevel'
../../src/util/virinitctl.h:40: error: previous declaration of
'virInitctlSetRunLevel' was here
2014-02-18 15:05:06 +01:00
Michal Privoznik
9de7309125 network: Taint networks that are using hook script
Basically, the idea is copied from domain code, where tainting
exists for a while. Currently, only one taint reason exists -
VIR_NETWORK_TAINT_HOOK to mark those networks which caused invoking
of hook script.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-02-18 14:46:49 +01:00
Michal Privoznik
f1ab06e43d network: Introduce network hooks
There might be some use cases, where user wants to prepare the host or
its environment prior to starting a network and do some cleanup after
the network has been shut down. Consider all the functionality that
libvirt doesn't currently have as an example what a hook script can
possibly do.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-02-18 14:46:49 +01:00
Michal Privoznik
e0a31274ec network_conf: Expose virNetworkDefFormatInternal
In the next patch I'm going to need the network format function that
takes virBuffer as argument. However, slightly change of name is more
appropriate then: virNetworkDefFormatBuf to match the rest of functions
that format an object to buffer.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-02-18 14:46:48 +01:00
Daniel P. Berrange
5fc590ad9f CVE-2013-6456: Avoid unsafe use of /proc/$PID/root in LXC hotunplug code
Rewrite multiple hotunplug functions to to use the
virProcessRunInMountNamespace helper. This avoids
risk of a malicious guest replacing /dev with an absolute
symlink, tricking the driver into changing the host OS
filesystem.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-02-18 12:59:14 +00:00
Daniel P. Berrange
1cadeafcaa CVE-2013-6456: Avoid unsafe use of /proc/$PID/root in LXC chardev hostdev hotplug
Rewrite lxcDomainAttachDeviceHostdevMiscLive function
to use the virProcessRunInMountNamespace helper. This avoids
risk of a malicious guest replacing /dev with a absolute
symlink, tricking the driver into changing the host OS
filesystem.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-02-18 12:59:14 +00:00
Daniel P. Berrange
1754c7f0ab CVE-2013-6456: Avoid unsafe use of /proc/$PID/root in LXC block hostdev hotplug
Rewrite lxcDomainAttachDeviceHostdevStorageLive function
to use the virProcessRunInMountNamespace helper. This avoids
risk of a malicious guest replacing /dev with a absolute
symlink, tricking the driver into changing the host OS
filesystem.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-02-18 12:59:11 +00:00
Daniel P. Berrange
7fba01c15c CVE-2013-6456: Avoid unsafe use of /proc/$PID/root in LXC USB hotplug
Rewrite lxcDomainAttachDeviceHostdevSubsysUSBLive function
to use the virProcessRunInMountNamespace helper. This avoids
risk of a malicious guest replacing /dev with a absolute
symlink, tricking the driver into changing the host OS
filesystem.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-02-18 12:59:07 +00:00
Daniel P. Berrange
4dd3a7d5bc CVE-2013-6456: Avoid unsafe use of /proc/$PID/root in LXC disk hotplug
Rewrite lxcDomainAttachDeviceDiskLive function to use the
virProcessRunInMountNamespace helper. This avoids risk of
a malicious guest replacing /dev with a absolute symlink,
tricking the driver into changing the host OS filesystem.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-02-18 12:59:05 +00:00
Eric Blake
aebbcdd33c CVE-2013-6456: Avoid unsafe use of /proc/$PID/root in LXC shutdown/reboot code
Use helper virProcessRunInMountNamespace in lxcDomainShutdownFlags and
lxcDomainReboot.  Otherwise, a malicious guest could use symlinks
to force the host to manipulate the wrong file in the host's namespace.

Idea by Dan Berrange, based on an initial report by Reco
<recoverym4n@gmail.com> at
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732394

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-02-18 12:59:02 +00:00
Daniel P. Berrange
7c72ef6f55 Add helper for running code in separate namespaces
Implement virProcessRunInMountNamespace, which runs callback of type
virProcessNamespaceCallback in a container namespace. This uses a
child process to run the callback, since you can't change the mount
namespace of a thread. This implies that callbacks have to be careful
about what code they run due to async safety rules.

Idea by Dan Berrange, based on an initial report by Reco
<recoverym4n@gmail.com> at
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732394

Signed-off-by: Daniel Berrange <berrange@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2014-02-18 12:45:41 +00:00
Daniel P. Berrange
c321bfc5c3 Add virFileMakeParentPath helper function
Add a helper function which takes a file path and ensures
that all directory components leading up to the file exist.
IOW, it strips the filename part of the path and passes
the result to virFileMakePath.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-02-18 12:39:06 +00:00
Daniel P. Berrange
c3eb12cace Move check for cgroup devices ACL upfront in LXC hotplug
The check for whether the cgroup devices ACL is available is
done quite late during LXC hotplug - in fact after the device
node is already created in the container in some cases. Better
to do it upfront so we fail immediately.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-02-17 15:40:01 +00:00
Daniel P. Berrange
d24e6b8b1e Disks are always block devices, never character devices
The LXC disk hotplug code was allowing block or character devices
to be given as disk. A disk is always a block device.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-02-17 15:39:55 +00:00
Daniel P. Berrange
2c2bec94d2 Fix reset of cgroup when detaching USB device from LXC guests
When detaching a USB device from an LXC guest we must remove
the device from the cgroup ACL. Unfortunately we were telling
the cgroup code to use the guest /dev path, not the host /dev
path, and the guest device node had already been unlinked.
This was, however, fortunate since the code passed &priv->cgroup
instead of priv->cgroup, so would have crash if the device node
were accessible.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-02-17 15:39:55 +00:00
Daniel P. Berrange
a537827d15 Record hotplugged USB device in LXC live guest config
After hotplugging a USB device, the LXC driver forgot
to add the device def to the virDomainDefPtr.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-02-17 15:39:37 +00:00
Daniel P. Berrange
c364897222 Fix path used for USB device attach with LXC
The LXC code missed the 'usb' component out of the path
/dev/bus/usb/$BUSNUM/$DEVNUM, so it failed to actually
setup cgroups for the device. This was in fact lucky
because the call to virLXCSetupHostUsbDeviceCgroup
was also mistakenly passing '&priv->cgroup' instead of
just 'priv->cgroup'. So once the path is fixed, libvirtd
would then crash trying to access the bogus virCgroupPtr
pointer. This would have been a security issue, were it
not for the bogus path preventing the pointer reference
being reached.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-02-17 15:11:06 +00:00
Daniel P. Berrange
7a44af963e Don't block use of USB with containers
virDomainDefCompatibleDevice blocks use of USB if no USB
controller is present. This is not correct for containers
since devices can be assigned directly regardless of any
controllers.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-02-17 15:11:06 +00:00
Michal Privoznik
3b2c279449 qemu: Implement VIR_DOMAIN_TAINT_HOOK
Currently, there's just one place where we care if hook script is
changing the domain XML: migration hook for incoming migration. In
all other places where a hook script is executed, we don't read the
XML back from the script.

Anyway, the hook script can alter domain XML and hence we should taint
it if the script did.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-02-17 11:38:15 +01:00
Michal Privoznik
287d30a816 virDomainTaintFlags: Introduce VIR_DOMAIN_TAINT_HOOK
This new flag is to be used for tainting domains which
XML definition was altered at runtime by a hook script.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-02-17 11:38:15 +01:00
Peter Krempa
98bbc8d59a Revert "storage: Introduce internal pool support"
The internal pools were an idea in one of the first iterations of the
gluster series, which we decided not to use. Somehow the patch still
got pushed. Remove it as the internal flag isn't needed.

This reverts commit 362da8209d.
2014-02-14 17:39:37 +01:00
Peter Krempa
0a584b1fcd lxc: Don't shadow global symbol "link"
Yet another variable name frowned upon by older compilers. Introduced in
commit b73c029d.
2014-02-14 14:01:45 +01:00
Ján Tomko
0ee9081215 Support IPv6 in port allocator
Also try to bind on IPv6 to check if the port is occupied.

Change the mocked bind in the test to return EADDRINUSE
for some ports only for the IPv4/IPv6 socket if we're testing
on a host with IPv6 compiled in.

Also mock socket() to make it fail with EAFNOTSUPPORTED
if LIBVIRT_TEST_IPV4ONLY is set in the environment, to
simulate a host without IPv6 support in the kernel. The
tests are repeated again with this variable set.

https://bugzilla.redhat.com/show_bug.cgi?id=1025407
2014-02-14 13:18:35 +01:00
Ján Tomko
531bc0bbd0 Split out bind() from virPortAllocatorAcquire 2014-02-14 13:18:35 +01:00
Peter Krempa
ad95fa5957 storage: gluster: Don't leak private data when storage file init fails
In a44b7b87bc I've introduced a function
that initializes a storage file wrapper object on gluster based volumes.

The initialization function leaks the private data pointer in case of
failure. This patch fixes it.

Reported by John Ferlan.
2014-02-14 13:08:39 +01:00
Peter Krempa
8d8b32b0da storage: Fix build with older compilers afeter gluster snapshot series
In commit e32268184b I accidentally added
twice a typedef for virStorageFileBackend when I moved it between files
across patch iterations. The double declaration breaks build on older
compilers in RHEL5 and FreeBSD.

Remove the spurious definition.
2014-02-14 11:46:37 +01:00
Peter Krempa
3cf074ee40 qemu: snapshot: Add support for external active snapshots on gluster
Add support for gluster backed images as sources for snapshots in the
qemu driver. This will also simplify adding further network backed
volumes as sources for snapshot in case qemu will support them.
2014-02-14 11:07:29 +01:00
Peter Krempa
7183d7d2e8 qemu: snapshot: Use new APIs to detect presence of existing storage files
Use the new storage driver based "stat" api to detect exiting files just
as we did with local files.
2014-02-14 11:07:29 +01:00
Peter Krempa
8f4091d677 qemu: Switch snapshot deletion to the new API functions
Use the new storage driver APIs to delete snapshot backing files in case
of failure instead of directly relying on "unlink". This will help us in
the future when we will be adding network based storage without local
representation in the host.
2014-02-14 11:07:29 +01:00
Peter Krempa
a44b7b87bc storage: Add storage file backends for gluster
Implement storage backend functions to deal with gluster volumes and
implement the "stat" and "unlink" backend APIs.
2014-02-14 11:07:23 +01:00
Peter Krempa
e62d09b155 storage: add file functions for local and block files
Implement the "stat" and "unlink" function for "file" volumes and "stat"
for "block" volumes using the regular system calls.
2014-02-14 10:47:57 +01:00