Commit Graph

7531 Commits

Author SHA1 Message Date
Daniel P. Berrange
718ac9b52f Log taint warnings in QEMU driver
Wire up logging of VM tainting to the QEMU driver

 - If running QEMU as root user/group or without capabilities
   being cleared
 - If passing custom QEMU command line args
 - If issuing custom QEMU monitor commands
 - If using a network interface config with an associated
   shell script
 - If using a disk config relying on format probing

The warnings, per-VM appear in the main libvirtd logs

  11:56:17.571: 10832: warning : qemuDomainObjTaint:712 : Domain id=1 name='l2' uuid=c7a3edbd-edaf-9455-926a-d65c16db1802 is tainted: high-privileges
  11:56:17.571: 10832: warning : qemuDomainObjTaint:712 : Domain id=1 name='l2' uuid=c7a3edbd-edaf-9455-926a-d65c16db1802 is tainted: disk-probing

The taint flags are reset when the VM is stopped.

* src/qemu/qemu_domain.c, src/qemu/qemu_domain.h: Helper APIs
  for logging taint warnings
* src/qemu/qemu_driver.c: Log tainting with custom QEMU monitor
  commands and disk/net hotplug with unsupported configs
* src/qemu/qemu_process.c: Log tainting at startup based on
  unsupported configs
2011-05-06 12:02:02 +01:00
Daniel P. Berrange
7998465005 Add field to virDomainObjPtr to track "tainting"
Some configuration setups for guests are allowed, but strongly
discouraged and unsupportable in production systems. Introduce
a concept of 'tainting' to virDomainObjPtr to allow such setups
to be identified. Drivers can then log warnings at suitable
times

* src/conf/domain_conf.c, src/conf/domain_conf.h: Declare taint
  flags and add parsing/formatting of domain status XML
2011-05-06 12:01:57 +01:00
Doug Goldstein
1945d74cc3 virsh: improve TLS certificate error messages
Print the name of the CA cert, certificate, and key file that resulted
in the failure so that the user has an idea what to troubleshoot.

Signed-off-by: Doug Goldstein <cardoe@gentoo.org>
2011-05-05 17:16:58 -06:00
Eric Blake
f99e1389cc virsh: use new method for easier log to file
Easier to maintain, and no longer an arbitrary line length limit.

* tools/virsh.c (vshOutputLogFile): Replace snprintf with
virBuffer.
2011-05-05 13:48:19 -06:00
Eric Blake
f09acccfd7 buf: add virBufferVasprintf
Match the fact that we have virAsprintf and virVasprintf.

* src/util/buf.h (virBufferVasprintf): New prototype.
* src/util/buf.c (virBufferAsprintf): Move guts...
(virBufferVasprintf): ...to new function.
* src/libvirt_private.syms (buf.h): Export it.
* bootstrap.conf (gnulib_modules): Add stdarg, for va_copy.
2011-05-05 13:48:19 -06:00
Eric Blake
68ea80cfdd maint: rename virBufferVSprintf to virBufferAsprintf
We already have virAsprintf, so picking a similar name helps for
seeing a similar purpose.  Furthermore, the prefix V before printf
generally implies 'va_list', even though this variant was '...', and
the old name got in the way of adding a new va_list version.

global rename performed with:

$ git grep -l virBufferVSprintf \
  | xargs -L1 sed -i 's/virBufferVSprintf/virBufferAsprintf/g'

then revert the changes in ChangeLog-old.
2011-05-05 13:47:40 -06:00
Cole Robinson
79b914e8f6 docs: <filesystem> attr is 'accessmode', not 'mode' 2011-05-05 15:28:23 -04:00
Daniel P. Berrange
f7fc885dec Fix qemuMigrationToFile nonull annotation
The qemuMigrationToFile method was accidentally annotated for
the 'compressor' parameter to be non-null, instead of the
'path' parameter. Thus GCC with -O2, unhelpfully deleted the
entire 'if (compressor == NULL)' block of code during
optimization. Thus NULL was passed to virCommandNew() with
predictably bad results.

* src/qemu/qemu_migration.h: Fix non-null annotation to be
  against path instead of compressor
2011-05-05 12:53:23 +01:00
Daniel P. Berrange
7c31e1ef0f Make QEMU migration use cached qemu capabilities data
* src/qemu/qemu_migration.c, src/qemu/qemu_migration.h: Remove
  qemuCaps parameters & use cached data
* src/qemu/qemu_driver.c: Don't create & pass qemuCaps to
  migration methods
2011-05-05 11:33:15 +01:00
Daniel P. Berrange
a623bff450 Make QEMU hotplug use cached qemu capabilities data
* src/qemu/qemu_hotplug.h, src/qemu/qemu_hotplug.c: Remove
  qemuCaps parameters from all methods
* src/qemu/qemu_driver.c: Don't create & pass qemuCaps to
  hotplug methods
2011-05-05 11:33:10 +01:00
Daniel P. Berrange
43c01d3838 Persist qemu capabilities in the domain status file
To cope with the QEMU binary being changed while a VM is running,
it is neccessary to persist the original qemu capabilities at the
time the VM is booted.

* src/qemu/qemu_capabilities.c, src/qemu/qemu_capabilities.h: Add
  an enum for a string rep of every capability
* src/qemu/qemu_domain.c, src/qemu/qemu_domain.h: Support for
  storing capabilities in the domain status XML
* src/qemu/qemu_process.c: Populate & free QEMU capabilities at
  domain startup
2011-05-05 11:33:03 +01:00
Daniel Veillard
9b889aacef Release of libvirt-0.9.1
* configure.ac libvirt.spec.in docs/news.html.in: update and document
  the release
* po/*.po*: update localizations for german, polish, spanish, ukrainian
  and vietnamese coming from transifex, regenerate
2011-05-05 11:25:13 +08:00
Eric Blake
2ffa8b341c maint: detect clang 2.9
In Fedora 15, with clang 2.8, 'scan-build env' shows:
CCC_ANALYZER_ANALYSIS=-analyzer-check-objc-mem -analyzer-check-security-syntactic -analyzer-check-dead-stores -analyzer-check-objc-unused-ivars -analyzer-check-objc-methodsigs

But in rawhide, with clang 2.9, the same variable is set but
empty, implying the default set of analysis.  We still want
sa_assert defined in that case, to stop clang from hitting
false positives.

* configure.ac (STATIC_ANALYSIS): Detect clang even when the set
of analyses is the default.
2011-05-04 17:22:22 -06:00
Eric Blake
4644f0b253 storage: avoid null deref and leak on failure
Detected by clang.  NULL deref added in commit 343a27a (Mar 11),
but leak of voldef present since commit 2cd9b2d (Apr 09).

* src/storage/storage_driver.c (storageVolumeCreateXML): Don't
leak voldef or dereference null volobj.
2011-05-04 15:01:13 -06:00
Matthias Bolte
6eb3a1f4f7 esx: Disable performance counter queries in esxDomainGetInfo
The queried values aren't used yet.
2011-05-04 20:41:09 +02:00
Matthias Bolte
62a6b7cc9b esx: Avoid null dereference on error in esxDomainGetInfo
Add missing early exits and convert error logging to proper API level
error reporting.

Centralize cleanup code for the PerfQuerySpec object.

Reported by Eric Blake, detected by clang.
2011-05-04 20:25:28 +02:00
Eric Blake
85cb292681 remote: avoid null dereference on error
Clang found three instances of uninitialized use of nparams in
the cleanup path.  Unfortunately, one is a false positive: clang
couldn't see that ret->params.params_val is guaranteed to be
NULL unless allocated within a function, and that nparams is
guaranteed to be assigned prior to the allocation; hoisting the
assignment to nparams to be earlier in the function shuts up
that false positive.  But two of the reports also happened to
highlight a real bug - the error path can dereference NULL.

Regression introduced in commit 158ba873.

* daemon/remote.c (remoteDispatchDomainGetMemoryParameters)
(remoteDispatchDomainGetBlkioParameters): Don't clear fields if
array was not allocated.
(remoteDispatchDomainGetSchedulerParameters): Initialize nparams
earlier.
2011-05-04 10:55:29 -06:00
Matthias Bolte
d0a8f99c75 esx: Remove dead store in esxUtil_ParseDatastorePath
The ++ on preliminaryFileName was a left over from a previous version
of this function that explicitly returned the filename and did a strdup
on preliminaryFileName afterwards.

As the filename isn't returned explicitly anymore remove the preliminary
variable for it and reuse the tmp variable instead.

Reported by Eric Blake, detected by clang.
2011-05-04 18:33:14 +02:00
Eric Blake
29e131dec2 qemu: update qemuCgroupControllerActive signature
Clang warned about a dead assignment.  In the process, I noticed
that we are only using the function for a bool value.  I audited
all other callers in qemu_{migration,cgroup,driver,hotplug), and
all were making the call in a bool context.

Also, do bounds checking on the argument.

* src/qemu/qemu_cgroup.c (qemuSetupCgroup): Delete dead
assignment.
(qemuCgroupControllerActive): Change return type to bool.
* src/qemu/qemu_cgroup.h (qemuCgroupControllerActive): Likewise.
2011-05-04 09:35:47 -06:00
Eric Blake
44aa49aefe util: remove dead assignment
Clang complained about this, and it was easy enough to fix.

* src/util/util.c (virFileOpenAs): Drop dead assignment.
2011-05-04 09:25:07 -06:00
Eric Blake
32388f12d5 lxc: report correct error
Clang noticed a dead assignment, which turned out to be the use
of the wrong variable.  rc starts life as -1, and is only ever
assigned to 0 just before a successful cleanup.

* src/lxc/lxc_driver.c (lxcSetupInterfaces): Don't call
virReportSystemError(-1).
2011-05-04 09:24:09 -06:00
Eric Blake
710f8811f5 libxl: avoid compiler warning
Detected by gcc:

libxl/libxl_driver.c: In function 'libxlDomainDestroy':
libxl/libxl_drier.c:1351:30: error: variable 'priv' set but not used [-Werror=unused-but-set-variable]

* src/libxl/libxl_driver.c (libxlDomainDestroy): Delete unused
variable.
2011-05-04 09:21:05 -06:00
Eric Blake
5f929dd3aa qemu: remove dead assignment
Detected by clang.

* src/qemu/qemu_migration.c (qemuMigrationToFile): Nothing later
uses is_reg.
2011-05-04 09:14:13 -06:00
Eric Blake
f72393fa97 storage: use virCommand to avoid compiler warning
clang didn't like the last increment to nargs.  But why even
track nargs ourselves, when virCommand does it for us?

* src/storage/storage_backend_iscsi.c
(virStorageBackendISCSIConnection): Switch to virCommand to avoid
a dead-store warning on nargs.
2011-05-04 08:54:20 -06:00
Eric Blake
ead2b43357 cgroup: avoid leaking a file
Clang detected a dead store to rc.  It turns out that in fixing this,
I also found a FILE* leak.

This is a subtle change in behavior, although unlikely to hit.  The
pidfile is a kernel file, so we've probably got more serious problems
under foot if we fail to parse one.  However, the previous behavior
was that even if one pid file failed to parse, we tried others,
whereas now we give up on the first failure.  Either way, though,
the function returns -1, so the caller will know that something is
going wrong, and that not all pids were necessarily reaped.  Besides,
there were other instances already in the code where failure in the
inner loop aborted the outer loop.

* src/util/cgroup.c (virCgroupKillInternal): Abort rather than
resuming loop on fscanf failure, and cleanup file on error.
2011-05-04 08:38:27 -06:00
Eric Blake
d8f7528157 qemu: silence clang false positives
Clang 2.8 wasn't quite able to follow that persistentDef was
assigned earlier if (flags & VIR_DOMAIN_MEM_CONFIG) is true.
Silence this false positive, to make clang analysis easier to use.

* src/qemu/qemu_driver.c (qemudDomainSetMemoryFlags): Add an
annotation to silence clang's claim of a NULL dereference.
2011-05-03 13:19:48 -06:00
Eric Blake
44699b3283 virsh: avoid null pointer dereference
Clang detected that vol-download will call unlink(NULL) if there
is a parse error during option parsing.  Also, mingw doesn't like
unlinking an open file.

* tools/virsh.c (cmdVolDownload): Only unlink file if created.
2011-05-03 11:00:25 -06:00
Eric Blake
1164e1a2da pci: fix null pointer dereference
Clang detected a null-pointer dereference regression, introduced
in commit 4e8969eb.  Without this patch, a device with
unbind_from_stub set to false would eventually try to call
virFileExists on uncomputed drvdir.

* src/util/pci.c (pciUnbindDeviceFromStub): Ensure drvdir is set
before use.
2011-05-03 10:59:57 -06:00
Eric Blake
4d080ee403 qemu: avoid null pointer dereference
This code has had problems historically.  As originally
written, in commit 6bcf2501 (Jun 08), it could call unlink
on a random string, nuking an unrelated file.

Then commit 182a80b9 (Sep 09), the code was rewritten to
allocate tmp, with both a use-after-free bug and a chance to
call unlink(NULL).

Commit e206946 (Mar 11) fixed the use-after-free, but not the
NULL dereference.  Thanks to clang for catching this!

* src/qemu/qemu_driver.c (qemudDomainMemoryPeek): Don't call
unlink on NULL.
2011-05-03 10:59:55 -06:00
Eric Blake
4b4e8b57c2 tests: avoid null pointer dereference
Unlikely to hit in real life, but clang noticed it.

* tests/commandtest.c (checkoutput, test4, test18): Avoid
unlink(NULL) on OOM.
2011-05-03 10:50:56 -06:00
Eric Blake
6e177fa1b6 Revert "lxc: Do not try to reconnect inactive domain when do lxcStartup"
This reverts commit 0e7f7f8566.

From the mailing list:

> So, AFAICT, this patch means we will never reconnect to any LXC
> VMs now.
>
> The correct solution, is to refactor LXC driver startup to work
> the same way as the QEMU driver startup.
>
>   - Load all the live state XML files (to pick up running VMs)
>   - Reconnect to all VMs
>   - Load all the persistent config XML files (to pick up any additional
>     inactive guets)

But that solution is invasive enough to be post-0.9.1.
2011-05-03 10:07:48 -06:00
Eric Blake
3109d2bffa tests: suppress more valgrind situations
* tests/.valgrind.supp: Consolidate bash suppressions.  Ignore
more libnl issues.
2011-05-03 08:03:39 -06:00
Michal Privoznik
a2eab0033c Fix disability to run on systems with no PCI bus
The patch which moved libpciaccess initialization to one place caused
regression - we were not able to run on system with no PCI bus, like
s390(x).
2011-05-03 13:46:22 +02:00
Osier Yang
0e7f7f8566 lxc: Do not try to reconnect inactive domain when do lxcStartup
Otherwise if there are inactive lxc domains, lxcStartup will
try to reconnect to sockets of these domains, which results in
errors in libvirtd log.
2011-05-03 14:48:03 +08:00
Eric Blake
0620e83d10 tests: avoid compiler warning
../../tests/xmconfigtest.c: In function 'testCompareParseXML':
../../tests/xmconfigtest.c:49:19: error: 'conn' may be used uninitialized in this function [-Wuninitialized]

* tests/xmconfigtest.c (testCompareParseXML): Initialize variable.
2011-05-02 17:35:18 -06:00
Christophe Fergeau
b15a8a1bdf qemu: fix uninitialized variable warning
This commit fixes
qemu/qemu_driver.c: In function 'qemuDomainModifyDeviceFlags':
qemu/qemu_driver.c:4041:8: warning: 'ret' may be used uninitialized in this
function [-Wuninitialized]
qemu/qemu_driver.c:4013:9: note: 'ret' was declared here

The variable is set to -1 so that the error paths are taken when the code
to set it didn't get a chance to run. Without initializing it, we could
return some an undefined value from this function.

While I was at it, I made a trivial whitespace change in the same function
to improve readability.
2011-05-02 09:23:47 -06:00
Gerhard Stenzel
170f2a8747 fix missing VLAN id for Qbg example
For IEEE 802.1Qbg, it is necessary to use a VLAN interface.
vepa itself does not require a VLAN interface.

Signed-off-by: Gerhard Stenzel <stenzel at de.ibm.com>
2011-05-02 09:13:54 -06:00
Matthias Bolte
9ba4eb3c08 tests: Lower stack usage below 4096 bytes
Make virtTestLoadFile allocate the buffer to read the file into.

Fix logic error in virtTestLoadFile, stop reading on the first empty line.

Use virFileReadLimFD in virtTestCaptureProgramOutput to avoid manual
buffer handling.
2011-04-30 19:59:52 +02:00
Matthias Bolte
88823ec90a tests: Update valgrind suppressions file 2011-04-30 19:33:58 +02:00
Supriya Kannery
0431551435 virsh: fix regression in log to file
Commit 36deff04 introduced a regression due to which virsh is not able
to log to a file - msg_buf was changed from an array to a pointer
without corresponding change to usage of "sizeof()".

Fix regression in virsh logging

Signed-off-by: Supriya Kannery <supriyak@in.ibm.com>
2011-04-30 10:28:02 -06:00
Matthias Bolte
0e7c7b8b32 nwfilter: Fix memory leak in the ebtables subdriver
Call shutdown functions for all subcomponents in nwfilterDriverShutdown.

Make sure that this shutdown functions can safely be called multiple times
and independent from the actual subcomponents state.
2011-04-30 17:37:54 +02:00
Matthias Bolte
feecc9f395 qemu: Fix qemuDomainModifyDeviceFlags leaking the caps bitmap 2011-04-30 17:37:34 +02:00
Matthias Bolte
9d50b323a9 Fix memory leak in __virExec
Commit e0d014f237 made binary potentially allocated on the heap.
It was freed in the parent in the error path, but not in the success path
that doesn't goto the cleanup label.

Found by 'make -C tests valgrind'.
2011-04-30 17:37:29 +02:00
Eric Blake
701bee0193 hash: fix memory leak regression
Commit 1671d1d introduced a memory leak in virHashFree, and
wholesale table corruption in virHashRemoveSet (elements not
requested to be freed are lost).

* src/util/hash.c (virHashFree): Free bucket array.
(virHashRemoveSet): Don't lose elements.
* tests/hashtest.c (testHashCheckForEachCount): New method.
(testHashCheckCount): Expose the bug.
2011-04-29 14:26:40 -06:00
Cole Robinson
41a7835fa0 docs: Document <filesystem> device
Tried to dredge through old changelogs and commits to come up with it, so
may not be completely accurate.

v2:
Drop ambiguous 'containers'
Use same mail archive for all links
2011-04-29 14:35:23 -04:00
Eric Blake
e39c46a5fd build: fix getcwd portability problems
* bootstrap.conf (gnulib_modules): Add getcwd-lgpl.
* tests/commandtest.c (checkoutput): Drop unused cwd.
* tests/commandhelper.c (main): Let getcwd malloc.
* tests/testutils.c (virTestMain): Likewise.
* tools/virsh.c (cmdPwd): Likewise.
(virshCmds): Expose cmdPwd and cmdCd on mingw.
2011-04-29 12:08:26 -06:00
Eric Blake
20986e58aa tests: simplify common setup
A few of the tests were missing basic sanity checks, while most
of them were doing copy-and-paste initialization (in fact, some
of them pasted the argc > 1 check more than once!).  It's much
nicer to do things in one common place, and minimizes the size of
the next patch that fixes getcwd usage.

* tests/testutils.h (EXIT_AM_HARDFAIL): New define.
(progname, abs_srcdir): Define for all tests.
(VIRT_TEST_MAIN): Change callback signature.
* tests/testutils.c (virtTestMain): Do more common init.
* tests/commandtest.c (mymain): Simplify.
* tests/cputest.c (mymain): Likewise.
* tests/esxutilstest.c (mymain): Likewise.
* tests/eventtest.c (mymain): Likewise.
* tests/hashtest.c (mymain): Likewise.
* tests/networkxml2xmltest.c (mymain): Likewise.
* tests/nodedevxml2xmltest.c (myname): Likewise.
* tests/nodeinfotest.c (mymain): Likewise.
* tests/nwfilterxml2xmltest.c (mymain): Likewise.
* tests/qemuargv2xmltest.c (mymain): Likewise.
* tests/qemuhelptest.c (mymain): Likewise.
* tests/qemuxml2argvtest.c (mymain): Likewise.
* tests/qemuxml2xmltest.c (mymain): Likewise.
* tests/qparamtest.c (mymain): Likewise.
* tests/sexpr2xmltest.c (mymain): Likewise.
* tests/sockettest.c (mymain): Likewise.
* tests/statstest.c (mymain): Likewise.
* tests/storagepoolxml2xmltest.c (mymain): Likewise.
* tests/storagevolxml2xmltest.c (mymain): Likewise.
* tests/virbuftest.c (mymain): Likewise.
* tests/virshtest.c (mymain): Likewise.
* tests/vmx2xmltest.c (mymain): Likewise.
* tests/xencapstest.c (mymain): Likewise.
* tests/xmconfigtest.c (mymain): Likewise.
* tests/xml2sexprtest.c (mymain): Likewise.
* tests/xml2vmxtest.c (mymain): Likewise.
2011-04-29 10:21:20 -06:00
Eric Blake
63956ca055 build: avoid test warnings on mingw
* .gnulib: Update to latest, for getaddrinfo fixes.
Reported by Matthias Bolte.
2011-04-29 09:06:12 -06:00
Eric Blake
c63ec6e347 virsh: avoid compiler warning on mingw
We don't use gnulib's sanitizations for vfprintf, but vshDebug
was used with %zu, which means that it would fail on mingw.
Thank goodness the compiler indirectly caught this for us :)

virsh.c: In function 'vshDebug':
virsh.c:12105:5: warning: function might be possible candidate for
'ms_printf' format attribute [-Wmissing-format-attribute]

since mingw <stdio.h> hasn't yet added gcc attributes to vfprintf.

* tools/virsh.c (vshDebug): Avoid vfprintf.
(vshPrintExtra): Use lighter-weight fputs.
Reported by Matthias Bolte.
2011-04-28 15:09:08 -06:00
KAMEZAWA Hiroyuki
f37c29c8aa libvirt/qemu - support persistent update of disks
Support update of disks by MODIFY_CONFIG

This patch includes changes for qemu's disk to support
virDomainUpdateDeviceFlags() with VIR_DOMAIN_DEVICE_MODIFY_CONFIG.

This patch adds support for CDROM/foppy disk types.

Signed-off-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>

* src/qemu/qemu_driver.c
(qemuDomainUpdateDeviceConfig): support cdrom/floppy.
2011-04-28 14:59:06 -06:00