Commit Graph

8297 Commits

Author SHA1 Message Date
Daniel P. Berrange
6bcd732ead Add documentation for the seclabel XML element
The domain XML documentation is missing information about the
<seclabel> element used by security drivers

* formatdomain.html.in: Document <seclabel>
2011-07-04 11:19:20 +01:00
Daniel P. Berrange
6321fd9798 Allow for resource relabelling with static labels
Add a new attribute to the <seclabel> XML to allow resource
relabelling to be enabled with static label usage.

  <seclabel model='selinux' type='static' relabel='yes'>
    <label>system_u:system_r:svirt_t:s0:c392,c662</label>
  </seclabel>

* docs/schemas/domain.rng: Add relabel attribute
* src/conf/domain_conf.c, src/conf/domain_conf.h: Parse
  the 'relabel' attribute
* src/qemu/qemu_process.c: Unconditionally clear out the
  'imagelabel' attribute
* src/security/security_apparmor.c: Skip based on 'relabel'
  attribute instead of label type
* src/security/security_selinux.c: Skip based on 'relabel'
  attribute instead of label type and fill in <imagelabel>
  attribute if relabel is enabled.
2011-07-04 11:18:57 +01:00
Daniel P. Berrange
4ebfc42716 Allow a base label to be specified in dynamic labelling mode
Normally the dynamic labelling mode will always use a base
label of 'svirt_t' for VMs. Introduce a <baselabel> field
in the <seclabel> XML to allow this base label to be changed

eg

   <seclabel type='dynamic' model='selinux'>
     <baselabel>system_u:object_r:virt_t:s0</baselabel>
   </seclabel>

* docs/schemas/domain.rng: Add <baselabel>
* src/conf/domain_conf.c, src/conf/domain_conf.h: Parsing
  of base label
* src/qemu/qemu_process.c: Don't reset 'model' attribute if
  a base label is specified
* src/security/security_apparmor.c: Refuse to support base label
* src/security/security_selinux.c: Use 'baselabel' when generating
  label, if available
2011-07-04 11:17:19 +01:00
Osier Yang
49826eda7a storage: Do not override the exact error of createRawFile
virStorageBackendCreateRaw: createRawFile already reported the
exact error.

Before the fix:

error: Failed to create vol vol-create.img
error: cannot create path '/var/lib/libvirt/images/vol-create.img': Unknown error 18446744073709551597

After the fix:

error: Failed to create vol vol-create.img
error: cannot fill file '/var/lib/libvirt/images/vol-create.img': No space left on device
2011-07-04 16:13:23 +08:00
Daniel Veillard
7976d96dd7 Release of libvirt-0.9.3
* configure.ac docs/news.html.in libvirt.spec.in: update for the
  new release
* po/*.po*: updated and regenerated localizations
2011-07-04 15:54:36 +08:00
Wen Congyang
1aa5f85bb8 initialize pointer to NULL
cmd is not initialized to NULL, but we try to freed it if we
meet some error.
2011-07-04 14:00:28 +08:00
Eric Blake
5dc404b71d storage: avoid crash on parse error
Coverity detected that we could crash on bogus input.  Meanwhile,
strtok_r is rather heavy compared to strchr.

* src/storage/storage_backend_iscsi.c (virStorageBackendIQNFound):
  Check for parse failure, and use lighter-weight functions.
2011-07-04 10:41:38 +08:00
Eric Blake
222f6233b4 vmware: avoid null deref on failed lookup
* src/vmware/vmware_driver.c (vmwareDomainReboot): Check error
  before dereferencing memory.
2011-07-04 10:32:22 +08:00
Eric Blake
74d224fac3 qemu: avoid null deref on low memory
Detected by Coverity.  qemuDomainEventQueue requires a non-NULL
pointer; most callers silently drop the event if we encountered
and OOM situation trying to create the event.

* src/qemu/qemu_migration.c (qemuMigrationFinish): Check for OOM.
2011-07-04 10:30:43 +08:00
Eric Blake
3f81f8e4c1 cgroup: silence coverity warning
Coverity noted that most clients reacted to failure to hash; but in
a best-effort kill loop, we can ignore failure.

* src/util/cgroup.c (virCgroupKillInternal): Ignore hash failure.
2011-07-04 10:28:27 +08:00
Eric Blake
dd0c42abd4 rpc: silence coverity warning
Coverity noted that 4 out of 5 calls to virNetClientStreamRaiseError
checked the return value.  This case expects a particular value, so
warn if our expectations went wrong due to some bug elsewhere.

* src/rpc/virnetclient.c (virNetClientCallDispatchStream): Warn on
  unexpected scenario.
2011-07-04 10:26:05 +08:00
Eric Blake
aaea56dc99 qemu: silence coverity warnings
Coverity warns if the majority of callers check a function for
errors, but a few don't; but in qemu_audit and qemu_domain, the
choice to not check for failures was safe.  In qemu_command, the
failure to generate a uuid can only occur on a bad pointer.

* src/qemu/qemu_audit.c (qemuAuditCgroup): Ignore failure to get
  cgroup controller.
* src/qemu/qemu_domain.c (qemuDomainObjEnterMonitor)
  (qemuDomainObjEnterMonitorWithDriver): Ignore failure to get
  timestamp.
* src/qemu/qemu_command.c (qemuParseCommandLine): Check for error.
2011-07-04 10:23:46 +08:00
Eric Blake
6e07f72ee5 rpc: avoid memory leak on error
Detected by Coverity.  The leak is on an error path, but I'm not
sure whether that path is likely to be triggered in practice.

* src/rpc/virnetserverservice.c (virNetServerServiceAccept): Plug leak.
2011-07-04 10:22:50 +08:00
Eric Blake
2aa83b43d3 rpc: fix logic bug
Spotted by Coverity.  If we don't update tmp each time through
the loop, then if the filter being removed was not the head of
the list, we accidentally lose all filters prior to the one we
wanted to remove.

* src/rpc/virnetserverclient.c (virNetServerClientRemoveFilter):
    Don't lose unrelated filters.
2011-07-04 09:45:21 +08:00
Eric Blake
95eaf7ba7f pci: avoid memory leak on error
Detected by Coverity.  Some, but not all, error paths were clean;
but they were repetitive so I refactored them.

* src/util/pci.c (pciGetDevice): Plug leak.
2011-07-01 16:46:20 -06:00
Eric Blake
9e8b7c1523 interface: avoid memory leak on parse error
Detected by Coverity.  Unlikely to hit unless the file contents
were corrupted.

* src/util/interface.c (ifaceRestoreMacAddress): Plug leak.
2011-07-01 16:46:20 -06:00
Eric Blake
e07e9a9456 libvirtd: avoid memory leak on OOM
Detected by Coverity; only strikes on OOM so not serious.

* daemon/libvirtd.c (daemonPidFilePath): Plug leak.
2011-07-01 16:46:20 -06:00
Eric Blake
5d382c57a1 build: avoid 'make syntax-check' failure
* tests/utiltest.c (DO_TEST): Fix indentation for cppi.
2011-07-01 16:46:20 -06:00
Matthias Bolte
ab0b2c1996 tests: Add a general util test
Move non-esx specific tests from esxutilstest there and add a
test for virParseVersionString.
2011-07-01 19:58:15 +02:00
Eric Blake
8ce1afff88 util: choose whether to require micro in version strings
To avoid regressions, we let callers specify whether to require a
minor and micro version.  Callers that were parsing uname() output
benefit from defaulting to 0, whereas callers that were parsing
version strings from other sources should not change in behavior.

* src/util/util.c (virParseVersionString): Allow caller to choose
whether to fail if minor or micro is missing.
* src/util/util.h (virParseVersionString): Update signature.
* src/esx/esx_driver.c (esxGetVersion): Update callers.
* src/lxc/lxc_driver.c (lxcVersion): Likewise.
* src/openvz/openvz_conf.c (openvzExtractVersionInfo): Likewise.
* src/uml/uml_driver.c (umlGetVersion): Likewise.
* src/vbox/vbox_MSCOMGlue.c (vboxLookupVersionInRegistry):
Likewise.
* src/vbox/vbox_tmpl.c (vboxExtractVersion): Likewise.
* src/vmware/vmware_conf.c (vmwareExtractVersion): Likewise.
* src/xenapi/xenapi_driver.c (xenapiGetVersion): Likewise.
Reported by Matthias Bolte.
2011-07-01 11:22:11 -06:00
Eric Blake
6ae3052c06 build: consistently use CFLAGS
According to the automake manual, CPPFLAGS (aka INCLUDES, as spelled
in automake 1.9.6) should only include -I, -D, and -U directives; more
generic directives like -Wall belong in CFLAGS since they affect more
phases of the build process.  Therefore, we should be sticking CFLAGS
additions into a CFLAGS container, not a CPPFLAGS container.

* src/Makefile.am (libvirt_driver_vmware_la_CFLAGS): Use AM_CFLAGS.
(INCLUDES): Move CFLAGS items...
(AM_CFLAGS): ...to their proper location.
* python/Makefile.am (INCLUDES, AM_CFLAGS): Likewise.
* tests/Makefile.am (INCLUDES, AM_CFLAGS): Likewise.
(commandtest_CFLAGS, commandhelper_CFLAGS)
(virnetmessagetest_CFLAGS, virnetsockettest_CFLAGS): Use AM_CFLAGS.
2011-07-01 10:44:17 -06:00
Daniel Veillard
8c58abeae1 Explicitely invoke python for API doc generator
This fixes the problem of not finding python in /usr/bin
which broke build on FreeBSD
2011-07-01 17:46:52 +02:00
Scott Moser
d42b749abf fix virParseVersionString with linux 3.0
linux 3.0 has no micro version number, and that is causing problems
for virParseVersionString.  The patch below should allow for:
  major
  major.minor
  major.minor.micro

If major or minor are not present they just default to zero.
We found this in Ubuntu (https://bugs.launchpad.net/bugs/802977)
2011-07-01 07:09:48 -06:00
Eric Blake
0ac385bd6c build: remove dead variables
Detected by Coverity.  No real harm in leaving these, but fixing
them cuts down on the noise for future analysis.

* src/rpc/virnetserver.c (virNetServerAddService): Delete unused
entry.
* src/util/sysinfo.c (virSysinfoRead): Delete dead assignment to
base.
2011-07-01 06:48:33 -06:00
Daniel P. Berrange
20ce065124 Remove bogus jsondata.h file reference which does not exist
* tests/Makefile.am: Remove jsondata.h
2011-07-01 10:16:33 +01:00
Eric Blake
bf8fba1e75 build: simplify sanlock distribution
EXTRA_DIST files should unconditionally be part of the tarball,
rather than depending on the presence of sanlock-devel.

Meanwhile, parallel builds could fail if we don't use mkdir -p.

* src/Makefile.am (EXTRA_DIST): Always ship sanlock .aug and
template .conf files.
(%-sanlock.conf): Use MKDIR_P.
2011-06-30 17:26:15 -06:00
Eric Blake
addaa5374c build: allow 'make syntax-check' on fresh checkout
For good or for bad, I did a fresh checkout, ./autogen.sh, then
'configure', then 'make syntax-check', and was surprised that it
failed.  Running 'make' before 'make syntax-check' cleaned up the
issue, but this patch makes it work up front.

* cfg.mk (sc_po_check): Add prerequisites.
2011-06-30 16:45:56 -06:00
Eric Blake
1e1f65312f build: ignore generated file
* .gitignore: Exempt jsontest binary.
2011-06-30 12:15:56 -06:00
Daniel P. Berrange
0e4b921a57 Add conditionals to allow build without SASL
* daemon/libvirtd.c, daemon/remote.c: Add #if HAVE_SASL and
  suitable function stubs to allow build without SASL
2011-06-30 18:56:57 +01:00
Eric Blake
dbf055efa0 build: avoid double-close bug with pipe2
Based on Coverity's finding on the previous patch, I audited
gnulib's pipe2 code and found that we had the potential for
a subtle double-close bug, unless gnulib guarantees that the
contents of the fd array are unchanged on pipe2() failure.

* .gnulib: Update to latest, for pipe2 fix.
2011-06-30 11:36:52 -06:00
Eric Blake
0a8a79af53 rpc: avoid freeing uninitialized variable
Detected by Coverity.  Both are instances of bad things happening
if pipe2 fails; the virNetClientNew failure could free garbage,
and virNetSocketNewConnectCommand could close random fds.

Note: POSIX doesn't guarantee the contents of fd[0] and fd[1]
after pipe failure: http://austingroupbugs.net/view.php?id=467
We may need to introduce a virPipe2 wrapper that guarantees
that on pipe failure, the fds are explicitly set to -1, rather
than our current state of assuming the fds are unchanged from
their value prior to the failed pipe call.

* src/rpc/virnetclient.c (virNetClientNew): Initialize variable.
* src/rpc/virnetsocket.c (virNetSocketNewConnectCommand):
Likewise.
2011-06-30 11:36:52 -06:00
Eric Blake
cdb0e0dc3f virsh: avoid uninitialized variable
Detected by Coverity; neither vshCmddefHelp nor vshCmdOptParse
was initializing opts_required.

* tools/virsh.c (vshCmddefOptParse): Always initialize bitmaps.
2011-06-30 11:36:51 -06:00
Eric Blake
6f9432fcaf virsh: avoid integer overflow
Detected by Coverity.  info.nrVirtCpu is unsigned short, but if
cpumaplen is int, then the product of the two in vshMalloc risks
unintended sign extension.  cmdVcpuinfo had already solved this
by using size_t cpumaplen.

* tools/virsh.c (cmdVcpuPin): Use correct type.
2011-06-30 11:36:51 -06:00
Daniel P. Berrange
1414cc5fdd Fix stream procedure number for virDomainMigratePrepareTunnel3
The virDomainMigratePrepareTunnel3 impl in the remote driver
was using the procedure number for the virDomainMigratePrepareTunnel
method. This doesn't work out so well, because it makes the server
ignore & drop all stream packets

* src/remote/remote_driver.c: Fix procedure for PrepareTunnel3
2011-06-30 18:04:02 +01:00
Daniel P. Berrange
cfd4370ad0 Send back an error if we get unexpected stream control message
We ignore any stream data packets which come in for streams which
are not registered, since these packets are async and do not have
a reply. If we get a stream control packet though we must send back
an actual error, otherwise a (broken) client may hang forever
making it hard to diagnose the client bug.

* src/rpc/virnetserverprogram.c: Send back error for unexpected
  stream control messages
2011-06-30 18:04:02 +01:00
Daniel P. Berrange
c69ba67032 Fix release of virNetMessagePtr instances in streams processing
If a message packet for a invalid stream is received it is just
free'd. This is not good because it doesn't let the client RPC
request counter decrement. If a stream is shutdown with pending
packets the message also isn't released properly because of an
incorrect header type

* daemon/stream.c: Fix message header type
* src/rpc/virnetserverprogram.c: Send dummy reply instead of
  free'ing ignored stream message
2011-06-30 18:04:02 +01:00
Daniel P. Berrange
f1c2c0e2dc Add missing include of signal.h in virnetsocket.c
virNetSocketFree uses kill(SIGTERM) so we must include
signal.h for the definitions

* src/rpc/virnetsocket.c: Include signal.h
2011-06-30 18:04:02 +01:00
Daniel P. Berrange
06da1805bf Add test case for parsing JSON docs
While investigating some memory leaks it was unclear whether the
JSON code correctly free'd all memory during parsing. Add a test
case which can be run under valgrind to clearly demonstrate that
the parser is leak free.

* tests/Makefile.am: Add 'jsontest'
* tests/jsontest.c: A few simple JSON parsing tests
2011-06-30 18:04:02 +01:00
Daniel P. Berrange
e44bec2e34 Fix potential crash when saving guests
The qemudDomainSaveFlag method will call EndJob on the 'vm'
object it is passed in. This can result in the 'vm' object
being free'd if the last reference is removed. Thus no caller
of 'qemudDomainSaveFlag' must *ever* reference 'vm' again
upon return.

Unfortunately qemudDomainSave and qemuDomainManagedSave
both call 'virDomainObjUnlock', which can result in a
crash. This is non-deterministic since it involves a race
with the monitor I/O thread.

Fix this by making qemudDomainSaveFlag responsible for
calling virDomainObjUnlock instead.

* src/qemu/qemu_driver.c: Fix potential use after free
  when saving guests
2011-06-30 18:04:02 +01:00
Daniel P. Berrange
f870c99b45 Fix uninitialized value in QEMU monitor FD sending code
The 'char control[CMSG_SPACE(sizeof(int))];' was not being
wiped, so could potentially contain uninitialized bytes.
While this was harmless in this case, it caused complaints
from valgrind

* src/qemu/qemu_monitor.c: memset 'control' variable
  in qemuMonitorIOWriteWithFD
2011-06-30 18:04:02 +01:00
Daniel P. Berrange
5ab8746f69 Fix leak of JSON object for events
The event handler functions do not free the virJSONValuePtr
object. Every event received from a VM thus caused a memory
leak

* src/qemu/qemu_monitor_json.c: Fix leak of event object
2011-06-30 18:04:01 +01:00
Daniel P. Berrange
09a882bd4d Remove bogus warning message in JSON code
* src/util/json.c: Remove warning message
2011-06-30 18:04:01 +01:00
Daniel P. Berrange
56a77b4920 Fix use of uninitialized memory when releasing PCI slots
The 'function' field in the PCI address was not correctly
initialized, so it was building the wrong address address
string and so not removing all functions from the in use
list.

* src/qemu/qemu_command.c: Fix initialization of PCI function
2011-06-30 18:04:01 +01:00
Daniel P. Berrange
9f40b80ba8 Fix leak of virStreamPtr object with callback added in fdstream impl
When adding a callback to an FD stream, we take an extra reference
on the virStreamPtr instance. We forgot to registered a free function
with the callback, so when the callback was removed, the extra
reference held on virStreamPtr was not released.

* src/fdstream.c: Use a free callback to release reference on
  virStreamPtr when removing callback
2011-06-30 18:04:01 +01:00
Daniel P. Berrange
92fa2e58fd Fix leak of mdnsGroupName in virNetServer object
* src/rpc/virnetserver.c: Free mdnsGroupName
2011-06-30 18:04:01 +01:00
Daniel P. Berrange
df65adf136 Fix release of filtered stream messages
The stream code was reusing a stream message object before
it was removed from the linked list of filtered messages.
This caused any later queued messages to be completely lost.

* daemon/stream.c: Delay reuse of stream message until
  after it is removed from the queue
2011-06-30 18:04:01 +01:00
Daniel P. Berrange
d840fe93b0 Ensure RPC message is cleared before being reused
To save on memory reallocation, virNetMessage instances that
have been transmitted, may be reused for a subsequent incoming
message. We forgot to clear out the old data of the message
fully, which caused later confusion upon read.

* src/rpc/virnetserverclient.c: memset entire message before
  reusing it
2011-06-30 18:04:01 +01:00
Daniel P. Berrange
27111b350f Fix hardcoded limit on client requests in RPC code
The virNetServerClient object had a hardcoded limit of 10 requests
per client. Extend constructor to allow it to be passed in as a
configurable variable. Wire this up to the 'max_client_requests'
config parameter in libvirtd

* daemon/libvirtd.c: Pass max_client_requests into services
* src/rpc/virnetserverservice.c, src/rpc/virnetserverservice.h: Pass
  nrequests_client_max to clients
* src/rpc/virnetserverclient.c, src/rpc/virnetserverclient.h: Allow
  configurable request limit
2011-06-30 18:04:01 +01:00
Osier Yang
e5b9f355b0 tests: Add valgrind.supp into EXTRA_DIST 2011-06-30 23:23:23 +08:00
Osier Yang
e67bc20778 virsh: Fix a problem of buildPoolXML
It doesn't generate "<name>" and "<format>" nodes for "<source>"
even if they are explicitly specified. This patch fixes it.
2011-06-30 21:39:58 +08:00