Commit Graph

901 Commits

Author SHA1 Message Date
Michal Privoznik
d715bfac08 admin_server: Avoid accessing unallocated memory
In 68b726b93c we tried to fix a mem leak. However, it
wasn't done quite well. Problem is, virNetDaemonGetServers() may
fail in which case virObjectListFreeCount() would be called with
-1 objects to free. But the number of elements is taken in
unsigned rather than signed integer.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-03-25 10:18:00 +01:00
Pavel Hrdina
68b726b93c admin_server: fix memory leak
If caller of adminConnectListServers() pass NULL instead of servers we
need to free the list we've received from virNetDaemonGetServers().

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2016-03-24 14:03:18 +01:00
Cole Robinson
360229e8b4 remote: Fix error message
We were printing the wrong MAX value
2016-03-23 16:52:12 -04:00
Martin Kletzander
b9a3ce95ce admin: Add virAdmConnectLookupServer
It does not have a suffix ByName because there are no other means of
looking up the server and since the name is known, this should be the
preferred one.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2016-03-17 17:06:22 +01:00
Martin Kletzander
42b85f173d remote: Generate what's possible
Since gendisplatch can now generate "modern" *ListAll* functions, let
them all be generated.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2016-03-11 12:58:41 +01:00
Martin Kletzander
d949280c72 admin: Generate ConnectListServers dispatch helpers
Since we have the opportunity now, let's save some precious code lines.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2016-03-11 12:58:41 +01:00
Martin Kletzander
d4218ca64f Change virNetDaemonGetServerNames to virNetDaemonGetServers
For now it does not matter which ones we return as the code is similarly
complex, however it will fit in with other constructs in the future,
mainly when we will be able to generate dispatch helpers.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2016-03-11 12:58:41 +01:00
Martin Kletzander
a0dbed6160 admin: Do not work with virAdm on the server side
virAdm is prefix only used on the client side.  Or at least for now.  On
server, though, this corresponds to virNet structures (virAdmConnect is
virNetDaemon, virAdmServer should be virNetServer, in the future
virAdmClient will be resolved to virNetServerClient, and so on).

This will also make future work clearer and easier.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2016-03-11 12:58:41 +01:00
Martin Kletzander
fd4f278e1a daemon: Get server name from the server itself
Since servers know their name, there is no need to supply such
information twice.  Also defeats inconsistencies.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2016-03-11 12:58:41 +01:00
Martin Kletzander
dad3b07814 server: Store server name in server object
At first I did not want to do this, but after trying to implement some
newer feaures in the admin API I realized we need that to make our lives
easier.  On the other hand they are not saved redundantly and the
virNetServer objects are still kept in a hash table.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2016-03-11 12:58:41 +01:00
Jiri Denemark
f289300181 Introduce job completed event
The VIR_DOMAIN_EVENT_ID_JOB_COMPLETED event will be triggered once a job
(such as migration) finishes and it will contain statistics for the job
as one would get by calling virDomainGetJobStats. Thanks to this event
it is now possible to get statistics of a completed migration of a
transient domain on the source host.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2016-03-08 16:26:00 +01:00
Nikolay Shirokovskiy
ce35122cfe daemon: fixup refcounting in close callback handling
remoteDispatchConnectCloseCallbackRegister introduced in
f484310a has problems. It refcounts network client object and in case of NOOP
driver operations for registering/unregistering close callback (any driver
except for vz) nobody will unref it later. As a result, client connection
will not be disposed and driver connection will not be closed.

The fix is easy. We don't need to refcount at all. We don't get a dangling
pointer because in remoteClientFreeFunc, which is called
upon disposing this network client object, we unregister the close
callback.

Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-03-03 11:02:11 +01:00
Jason J. Herne
b3a4b176f0 Libvirt: Add missing default value for config option max_queued_clients
Commit 1199edb1d4 added config option max_queued_clients and documented the
default value as 1000 but never actually set that value. This patch sets the
default value.

This addresses an issue whereby the following error message is reported if too
many migrations are started simultaneously:

error: End of file while reading data: Ncat: Invalid argument.: Input/output error

The problem is that too many ncat processes are spawned on the destination
system. They all attempt to connect to the libvirt socket. Because the
destination libvirtd cannot respond to the connect requests quickly enough we
overrun the socket's pending connections queue.

Signed-off-by: Jason J. Herne <jjherne@linux.vnet.ibm.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
2016-03-01 18:00:19 +01:00
Nikolay Shirokovskiy
f484310add daemon: add connection close rpc
Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
2016-03-01 14:18:16 +00:00
Michal Privoznik
702713af5a adminDaemonListServers: Don't leak @srv_names array
When getting a list of servers registered for a daemon, it's
returned as a dynamically allocated array filled in with pointers
to constant strings. Because the array is dynamic, it should be
freed when no longer needed (but not the strings!). Even the
function that creates the array suggests that.

==19446== 48 bytes in 3 blocks are definitely lost in loss record 821 of 1,034
==19446==    at 0x4C2C28E: realloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==19446==    by 0x54BAFC8: virReallocN (viralloc.c:245)
==19446==    by 0x54BB0BE: virExpandN (viralloc.c:294)
==19446==    by 0x54BB391: virInsertElementsN (viralloc.c:436)
==19446==    by 0x164E3D: virNetDaemonGetServerNames (virnetdaemon.c:217)
==19446==    by 0x15616F: adminDaemonListServers (admin_server.c:52)
==19446==    by 0x155B8C: adminDispatchConnectListServers (admin.c:151)
==19446==    by 0x155FD8: adminDispatchConnectListServersHelper (admin_dispatch.h:101)
==19446==    by 0x568E862: virNetServerProgramDispatchCall (virnetserverprogram.c:437)
==19446==    by 0x568E3C3: virNetServerProgramDispatch (virnetserverprogram.c:307)
==19446==    by 0x5687B5B: virNetServerProcessMsg (virnetserver.c:135)
==19446==    by 0x5687C1B: virNetServerHandleJob (virnetserver.c:156)

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-02-22 07:25:18 +01:00
Erik Skultety
1a07c2efb3 admin: Introduce adminDaemonConnectListServers API
This API is merely a convenience API, i.e. when managing clients connected to
daemon's servers, we should know (convenience) which server the specific client
is connected to. This implies a client-side representation of a server along
with a basic API to let the administrating client know what servers are actually
available on the daemon.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2016-02-17 12:46:34 +01:00
Erik Skultety
159a37f659 admin: Move admin_server.{h,c} to admin.{h,c}
This change is merely because admin_server would contain all the code
from dispatchers and helpers to the actual APIs. Admin should have
similar structure to the daemon-side remote driver - dispatchers and
helpers in a separate module, APIs in a separate module.

Best viewed with -M.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2016-02-17 12:46:34 +01:00
Erik Skultety
252610f7dd virnetdaemon: Store servers in a hash table
Since the daemon can manage and add (at fresh start) multiple servers,
we also should be able to add them from a JSON state file in case of a
daemon restart, so post exec restart support for multiple servers is also
provided. Patch also updates virnetdaemontest accordingly.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2016-02-17 12:46:34 +01:00
Erik Skultety
8cd1d546e6 util: Export remoteSerializeTypedParameters internally via util
Same as for deserializer, this method might get handy for admin one day.
The major reason for this patch is to stay consistent with idea, i.e.
when deserializer can be shared, why not serializer as well. The only
problem to be solved was that the daemon side serializer uses a code
snippet which handles sparse arrays returned by some APIs as well as
removes any string parameters that can't be returned to older clients.
This patch makes of the new virTypedParameterRemote datatype introduced
by one of the pvious patches.
2016-02-03 15:46:45 +01:00
Erik Skultety
0472cef685 util: Export remoteDeserializeTypedParameters internally via util
Currently, the deserializer is hardcoded into remote_driver which makes
it impossible for admin to use it. One way to achieve a shared implementation
(besides moving the code to another module) would be pass @ret_params_val as a
void pointer as opposed to the remote_typed_param pointer and add a new extra
argument specifying which of those two protocols is being used and typecast
the pointer at the function entry. An example from remote_protocol:

struct remote_typed_param_value {
        int type;
        union {
                int i;
                u_int ui;
                int64_t l;
                uint64_t ul;
                double d;
                int b;
                remote_nonnull_string s;
        } remote_typed_param_value_u;
};
typedef struct remote_typed_param_value remote_typed_param_value;

struct remote_typed_param {
        remote_nonnull_string field;
        remote_typed_param_value value;
};

That would leave us with a bunch of if-then-elses that needed to be used across
the method. This patch takes the other approach using the new datatype
introduced in one of earlier commits.
2016-02-03 15:46:45 +01:00
Jiri Denemark
0b50f4a025 Introduce migration iteration event
The VIR_DOMAIN_EVENT_ID_MIGRATION_ITERATION event will be triggered
whenever VIR_DOMAIN_JOB_MEMORY_ITERATION changes its value, i.e.,
whenever a new iteration over guest memory pages is started during
migration.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2016-01-21 16:36:08 +01:00
Martin Kletzander
6dc0e4f171 Fix LSB requirements in service script and sync them
Commit b22344f328 mistakenly reordered
Default-* lines.  Thanks to that I noticed that we are very inconsistent
with our init scripts, so I took the liberty of synchronizing them,
updating them and making them all look shiny and new.  So apart from
fixing the LSB requirements, I also fixed the ordering, specified
runlevels and fix the link to the reference specification.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2016-01-11 15:49:13 +01:00
Laine Stump
79e7872530 docs: update to properly reflect meaning of fields in log filter
The documentation (and comment in libvirtd.conf) says that the text in
a log filter is compared to the "source file name", and gives the
example of "util/json", but this is not correct (at least not since
commit 2835c1e, possibly earlier). It is instead compared to the
string given in the VIR_LOG_INIT() macro invocation at the top of each
source file, which is always "similar to but not the same as" the
source file name (in the example above, the proper name is
"util.json", while the file name is "util/virjson.c"). This patch
corrects the misstatement in both the documentation and in
libvirtd.conf.
2016-01-04 15:19:38 -05:00
Erik Skultety
3245e1783c Revert "admin: Rename virAdmConnect to virAdmDaemon"
Commmit df8192aa introduced admin related rename and some minor
(caused by automated approach, aka sed) and some more severe isues along with
it. First reason to revert is the inconsistency with libvirt library.
Although we deal with the daemon directly rather than with a specific
hypervisor, we still do have a connection. That being said, contributors might
get under the impression that AdmDaemonNew would spawn/start a new daemon
(since it's admin API, why not...), or AdmDaemonClose would do the exact
opposite or they might expect DaemonIsAlive report overall status of the daemon
which definitely isn't the case.
The second reason to revert this patch is renaming virt-admin client. The
client tool does not necessarily have to reflect the names of the API's it's
using in his internals. An example would be 's/vshAdmConnect/vshAdmDaemon'
where noone can be certain of what the latter function really does. The former
is quite expressive about some connection magic it performs, but the latter does
not say anything, especially when vshAdmReconnect and vshAdmDisconnect were
left untouched.
2015-12-21 10:07:59 +01:00
Daniel P. Berrange
5cce775e92 libvirtd: enable virtlockd/virtlogd socket activation on install
When someone does 'systemctl enable libvirtd.service' we should
also enable virtlockd.socket/virtlogd.socket, so that they can
be auto-activated if libvirtd tries to access the sockets.

Without this, people have to manually enable the units themselves
via 'systemctl enable virtdlogd.socket'.

This also ensures that if distros uses  'systemctl preset' for
enabling 'libvirtd.service', then the virtdlogd.socket gets
enabled without having to wait for the distro to update their
presets file.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2015-12-07 17:32:49 +00:00
Guido Günther
a8bb330f94 libvirtd: require virtlogd to start before libvirtd
In the non-systemd case, without socket activation, we need to proper
ordering.
2015-12-04 17:45:21 +01:00
Martin Kletzander
df8192aaf4 admin: Rename virAdmConnect to virAdmDaemon
virAdmConnect was named after virConnect, but after some discussions,
most of the APIs called will be working with remote daemon and starting
them virAdmDaemon will make more sense.  Only possibly controversal name
is CloseCallback (de)registration, and connecting to the daemon (which
will still be Open/Close), but even this makes sense if one thinks about
the daemon being opened and closed, e.g. as file, etc.

This way all the APIs working with the daemon will start with
virAdmDaemon prefix, they will accept virAdmDaemonPtr as first parameter
and that will better suit with other namings as well (virDomain*,
virAdmServer*, etc.).

Because in virt-admin, the connection name does not refer to a struct
that would have a connect in its name, also adjust 'connname' in
clients.  And because it is not used anywhere in the vsh code, move it
from there into each client.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-12-01 11:44:48 +01:00
Erik Skultety
a474371fc6 admin: Introduce virAdmConnectGetLibVersion
Introduce a new API to get libvirt version. It is worth noting, that
libvirt-admin and libvirt share the same version number. Unfortunately,
our existing API isn't generic enough to be used with virAdmConnectPtr
as well. Also this patch wires up this API to the virt-admin client
as a generic cmdVersion command.
2015-11-30 09:44:28 +01:00
Martin Kletzander
3418e7815a Start daemon only after filesystems are mounted
When images are on mounted filesystems, there is no guarantee libvirtd
will start before they are mounted.  Since we want to start after both
local and remote filesystems are mounted, we need to add both local-fs
and remote-fs as targets that should precede starting libvirtd service.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-08-26 16:27:49 +02:00
Guido Günther
6d71d54812 daemon: Use $(NULL) for libvird_admin's flags
This makes it consistent with the other FLAGS in this file and reduced
clutter in the diff when adding new entries.
2015-08-20 10:19:27 +02:00
Martin Kletzander
a8743c3938 rpc: Remove keepalive_required option
Since its introduction in 2011 (particularly in commit f4324e3292),
the option doesn't work.  It just effectively disables all incoming
connections.  That's because the client private data that contain the
'keepalive_supported' boolean, are initialized to zeroes so the bool is
false and the only other place where the bool is used is when checking
whether the client supports keepalive.  Thus, according to the server,
no client supports keepalive.

Removing this instead of fixing it is better because a) apparently
nobody ever tried it since 2011 (4 years without one month) and b) we
cannot know whether the client supports keepalive until we get a ping or
pong keepalive packet.  And that won't happen until after we dispatched
the ConnectOpen call.

Another two reasons would be c) the keepalive_required was tracked on
the server level, but keepalive_supported was in private data of the
client as well as the check that was made in the remote layer, thus
making all other instances of virNetServer miss this feature unless they
all implemented it for themselves and d) we can always add it back in
case there is a request and a use-case for it.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-08-10 13:15:56 +02:00
Martin Kletzander
7868f01783 admin: Tiny cleanups
First hunk changes the use of srcdir to top_srcdir so it complies with
other rules in the Makefile.  Second one removes the need of
remote_protocol.h in admin_protocol.h as it was suggested and worked in,
but this one line was missed apparently.  Last one just removes the
'remote' naming from admin protocol specification, just so it's cleaner.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-07-27 09:33:24 +02:00
Michal Privoznik
54997a4d0a daemonRunStateInit: Fix a typo on a comment
s/priviledged/privileged/

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-07-15 14:25:30 +02:00
Martin Kletzander
1bcc88bbdd Temporarily disable admin API
Don't listen on the admin socket in the daemon and comment out the
admin devel files out of specfile.

Library is still being compiled and installed in order to link easily
without any disturbing modifications to the daemon code.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-06-28 11:34:25 +08:00
Michal Privoznik
058d18bdbc daemonSetupNetworking: Don't leak services
When setting up the daemon networking, new services are created. These
services then have sockets to listen on. Once created, the service
objects are added to corresponding server object. However, during that
process, server increases reference counter of the service object. So,
at the end of the function, we should decrease it again. This way the
service objects will have only 1 reference, but that's okay since
servers are the only objects having a reference.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-06-19 11:18:08 +02:00
Peter Krempa
d7d910d98d daemon: Add the admin service to the admin server only if it was allocated
If the admin service is disabled it would not be allocated, but the NULL
pointer still would be added to the admin server. Since
virNetServerAddService would dereference it, the daemon would crash.

Move the service registration into the block that allocates it.
2015-06-18 13:32:37 +02:00
Michal Privoznik
13e5ea8bd9 daemon: Don't just include admin RPC
So, it's a little paradox that we use the file twice. Firstly to build
libvirt-admin.la (a client side of the Admin API), then once again to
build the server side. Well, the problem is, this does not play nicely
with the distclean since the file is generated. So while it's removed
in the src/ the distclean running in daemon/ will not find the file
and fail. The file is needed because it contains the RPC wrappers. So
let's leave the client code as is and from the daemon/ just link the
client library. The linker will find desired symbols and use them.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-06-18 09:27:47 +02:00
Michal Privoznik
297e18f42b daemon: Distribute admin_server.h
The Admin API consists of a few files on daemon side. Notably
daemon/admin_server.{ch}. While they are both on the repo, only
the .c file is mentioned in Makefile. Therefore, .h is not
distributed and 'make rpm' fails.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-06-17 14:22:23 +02:00
Michal Privoznik
c132b1b6e6 daemon/Makefile: Add forgotten dependency
In latest patches we added Admin API. However, the Makefile in daemon
was missing one dependency: admin_server.c is including generated file
admin_dispatch.h. However, this dependency was not explicitly marked
in the Makefile therefore the build happened to fail on some
occasions.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-06-16 18:11:17 +02:00
Martin Kletzander
2cc6c652cf Revert "admin: Add virAdmHello function"
This reverts commit 5792fabb7b.

I mistakenly pushed it along with the Admin API series.
2015-06-16 14:08:59 +02:00
Martin Kletzander
5792fabb7b admin: Add virAdmHello function
Just one of the simplest functions that returns string "Clients: X"
where X is the number of connected clients to daemon's first
subserver (the original one), so it can be tested using virsh, ipython,
etc.

The subserver is gathered by incrementing its reference
counter (similarly to getting qemu capabilities), so there is no
deadlock with admin subserver in this API.

Here you can see how functions should be named in the client (virAdm*)
and server (adm*).

There is also a parameter @flags that must be 0, which helps testing
proper error propagation into the client.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-06-16 13:46:21 +02:00
Martin Kletzander
d5f4241bbc Add support for admin API in libvirt daemon
For this to pe properly separated from other protocols used by the
server, there is second server added which allows access to the whole
virNetDaemon to its clients.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-06-16 13:46:21 +02:00
Martin Kletzander
beb0eda2e3 Add configuration options for permissions on daemon's admin socket
This is not going to be very widely used, but for some corner cases and
easier (unsafe) debugging, it might be nice.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-06-16 13:46:21 +02:00
Martin Kletzander
fa14207368 Move daemon-related parts of virNetServer to virNetDaemon
This allows to have more servers in one daemon which helps isolating
some resources.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-06-16 13:46:19 +02:00
Daniel P. Berrange
d587704cc7 rpc: allow selection of TCP address family
By default, getaddrinfo() will return addresses for both
IPv4 and IPv6 if both protocols are enabled, and so the
RPC code will listen/connect to both protocols too. There
may be cases where it is desirable to restrict this to
just one of the two protocols, so add an 'int family'
parameter to all the TCP related APIs.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2015-06-11 12:11:18 +01:00
Eric Blake
c7d0da23f1 remote: fix odd comma operator
Commit 1882c0bd accidentally used ',' instead of ';'; oddly
enough, the result was still syntactically valid (yes, C is
a fun language).  But it made me do a double take; it's better
to use idiomatic syntax.

* daemon/remote.c (remoteRelayDomainEventDeviceAdded): Fix
harmless typo.

Signed-off-by: Eric Blake <eblake@redhat.com>
2015-06-04 21:44:48 -06:00
Peter Krempa
ecc997fd43 daemon: Suppress logging of VIR_ERR_NO_DOMAIN_METADATA
Similarly to other error codes that notify the user that the object does
not exist lower the priority of VIR_ERR_NO_DOMAIN_METADATA to
VIR_LOG_DEBUG when writing the log entry.
2015-05-12 14:18:39 +02:00
Peter Krempa
a5e89ae16e util: Make the virDomainListFree helper more universal
Extend it to a universal helper used for clearing lists of any objects.
Note that the argument type is specifically void * to allow implicit
typecasting.

Additionally add a helper that works on non-NULL terminated arrays once
we know the length.
2015-05-11 08:28:53 +02:00
Jim Fehlig
77664cb406 libxl: add logrotate config file
Add logrotate config for log files in /var/log/libvirt/libxl.
2015-05-05 09:08:11 -06:00
Cole Robinson
e94979e901 polkit: Allow password-less access for 'libvirt' group
Many users, who admin their own machines, want to be able to access
system libvirtd via tools like virt-manager without having to enter
a root password. Just google 'virt-manager without password' and
you'll find many hits. I've read at least 5 blog posts over the years
describing slightly different ways of achieving this goal.

Let's finally add official support for this.

Install a polkit-1 rules file granting password-less auth for any user
in the new 'libvirt' group. Create the group on RPM install

https://bugzilla.redhat.com/show_bug.cgi?id=957300
2015-05-04 12:57:06 -04:00
Michal Privoznik
f58a3a51fc Cleanup srcdir usage
In a lot places we use path like this:

  $(srcdir)/../src/....

when in fact it can be:

  $(top_srcdir)/src/

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-04-27 16:03:31 +02:00
Jiri Denemark
0c68ec7d78 daemon: Prefix sysctl configuration filename with a number
Apparently, files in /usr/lib/sysctl.d are usually prefixed with numbers
for easier ordering. Let's be consistent with this. I chose 60 for
libvirtd so that it goes after 50-default.conf.

https://bugzilla.redhat.com/show_bug.cgi?id=1084876
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2015-04-16 14:39:38 +02:00
Ján Tomko
1882c0bd8d Add VIR_DOMAIN_EVENT_ID_DEVICE_ADDED event
The counterpart to VIR_DOMAIN_EVENT_ID_DEVICE_REMOVED.

https://bugzilla.redhat.com/show_bug.cgi?id=1206114
2015-04-15 17:06:01 +02:00
Ján Tomko
95964058df Do not include cpu_map.h in libvirtd.c
No longer needed after commit dd47723
2015-04-02 10:27:56 +02:00
Ján Tomko
a0482396d7 Remove unused macros
In the order of appearance:

* MAX_LISTEN - never used
  added by 23ad665c (qemud) and addec57 (lock daemon)

* NEXT_FREE_CLASS_ID - never used, added by 07d1b6b

* virLockError - never used, added by eb8268a4

* OPENVZ_MAX_ARG, CMDBUF_LEN, CMDOP_LEN
  unused since the removal of ADD_ARG_LIT in d8b31306

* QEMU_NB_PER_CPU_STAT_PARAM - unused since 897808e

* QEMU_CMD_PROMPT, QEMU_PASSWD_PROMPT - unused since 1dc10a7

* TEST_MODEL_WORDSIZE - unused since c25c18f7

* TEMPDIR - never used, added by 714bef5

* NSIG - workaround around old headers
  added by commit 60ed1d2
  unused since virExec was moved by commit 02e8691

* DO_TEST_PARSE - never used, added by 9afa006

* DIFF_MSEC, GETTIMEOFDAY - unused since eee6eb6
2015-04-02 10:27:56 +02:00
Ján Tomko
a96b68e7a4 Rename DomainGetIOThreadsInfo to DomainGetIOThreadInfo
While it returns info about multiple threads, the version
without the plural is easier to read.
2015-03-26 16:11:10 +01:00
Ján Tomko
cf8b828a72 Rename virDomainIOThreadsInfoFree to virDomainIOThreadInfoFree
This function only frees the info for one thread.
2015-03-26 16:11:10 +01:00
Peter Krempa
6ca857c7c8 daemon: Clear fake domain def object that is used to check ACL prior to use
The fake object is used to pass the domain name and UUID to the ACL code
for events where we don't have the full domain def when dispatching
events. The rest of the entries would be left uninitialized. While this
is not a problem code-wise as the used fields are initialized it looks
ugly in the debugger.
2015-03-25 13:37:41 +01:00
Jiri Denemark
667cce7b60 Set thread job for every RPC call
Since all APIs are also RPC calls, we automatically get all APIs covered
with thread jobs.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2015-03-25 10:00:54 +01:00
Michal Privoznik
3640245db7 RPC: Allow HW address in remote_domain_interface struct to be NULL
Not all NICs (esp. the virtual ones like TUN) must have a hardware
address. Teach our RPC that it's possible.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-03-18 09:12:36 +01:00
Nehal J Wani
71546d1798 domifaddr: Implement the remote protocol
daemon/remote.c
   * Define remoteSerializeDomainInterface, remoteDispatchDomainInterfaceAddresses

src/remote/remote_driver.c
   * Define remoteDomainInterfaceAddresses

src/remote/remote_protocol.x
   * New RPC procedure: REMOTE_PROC_DOMAIN_INTERFACE_ADDRESSES
   * Define structs remote_domain_ip_addr, remote_domain_interface,
     remote_domain_interfaces_addresse_args, remote_domain_interface_addresses_ret
   * Introduce upper bounds (to handle DoS attacks):
     REMOTE_DOMAIN_INTERFACE_MAX = 2048
     REMOTE_DOMAIN_IP_ADDR_MAX = 2048
     Restrictions on the maximum number of aliases per interface were
     removed after kernel v2.0, and theoretically, at present, there
     are no upper limits on number of interfaces per virtual machine
     and on the number of IP addresses per interface.

src/remote_protocol-structs
   * New structs added

Signed-off-by: Nehal J Wani <nehaljw.kkd1@gmail.com>
2015-03-17 15:15:38 +00:00
Eric Blake
3c2ff5029b daemon: avoid memleak when ListAll returns nothing
Commit 4f25146 (v1.2.8) managed to silence Coverity, but at the
cost of a memory leak detected by valgrind:
==24129== 40 bytes in 5 blocks are definitely lost in loss record 355 of 637
==24129==    at 0x4A08B1C: realloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==24129==    by 0x5084B8E: virReallocN (viralloc.c:245)
==24129==    by 0x514D5AA: virDomainObjListExport (domain_conf.c:22200)
==24129==    by 0x201227DB: qemuConnectListAllDomains (qemu_driver.c:18042)
==24129==    by 0x51CC1B6: virConnectListAllDomains (libvirt-domain.c:6797)
==24129==    by 0x14173D: remoteDispatchConnectListAllDomains (remote.c:1580)
==24129==    by 0x121BE1: remoteDispatchConnectListAllDomainsHelper (remote_dispatch.h:1072)

In short, every time a client calls a ListAll variant and asks
for the resulting list, but there are 0 elements to return, we
end up leaking the 1-entry array that holds the NULL terminator.

What's worse, a read-only client can access these functions in a
tight loop to cause libvirtd to eventually run out of memory; and
this can be considered a denial of service attack against more
privileged clients.  Thankfully, the leak is so small (8 bytes per
call) that you would already have some other denial of service with
any guest calling the API that frequently, so an out-of-memory
crash is unlikely enough that this did not warrant a CVE.

* daemon/remote.c (remoteDispatchConnectListAllDomains)
(remoteDispatchDomainListAllSnapshots)
(remoteDispatchDomainSnapshotListAllChildren)
(remoteDispatchConnectListAllStoragePools)
(remoteDispatchStoragePoolListAllVolumes)
(remoteDispatchConnectListAllNetworks)
(remoteDispatchConnectListAllInterfaces)
(remoteDispatchConnectListAllNodeDevices)
(remoteDispatchConnectListAllNWFilters)
(remoteDispatchConnectListAllSecrets)
(remoteDispatchNetworkGetDHCPLeases): Plug leak.

Signed-off-by: Eric Blake <eblake@redhat.com>
2015-03-16 10:03:10 -06:00
John Ferlan
1e5a8ddc81 remote: Implement the remote plumbing for virDomainGetIOThreadsInfo
Implement the remote plumbing for virDomainGetIOThreadsInfo

Signed-off-by: John Ferlan <jferlan@redhat.com>
2015-03-06 06:49:32 -05:00
Pavel Hrdina
5c756e580f daemon: Fix segfault by reloading daemon right after start
Libvirt could crash with segfault if user issue "service reload" right
after "service start". One possible way to crash libvirt is to run reload
during initialization of QEMU driver.

It could happen when qemu driver will initialize qemu_driver_lock but
don't have a time to set it's "config" and the SIGHUP arrives. The
reload handler tries to get qemu_drv->config during "virStorageAutostart"
and dereference it which ends with segfault.

Let's ignore all reload requests until all drivers are initialized. In
addition set driversInitialized before we enter virStateCleanup to
ignore reload request while we are shutting down.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1179981

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2015-02-18 17:51:54 +01:00
Zhang Bo
d618cdc965 Fix a syntax error in the description text of libvirtd.conf
not yet not -> not yet.

Signed-off-by: Zhang Bo <oscar.zhangbo@huawei.com>
2015-02-12 09:24:10 -07:00
Ján Tomko
d0ab79e9cd Fix shadowed variable warning
libvirtd.c: In function 'daemonSetupAccessManager':
libvirtd.c:730:18: error: declaration of 'driver' shadows
  a global declaration [-Werror=shadow]
     const char **driver = (const char **)config->access_drivers;
                  ^
In file included from libvirtd.c:95:0:
../src/node_device/node_device_driver.h:43:36: error: shadowed
  declaration is here [-Werror=shadow]
 extern virNodeDeviceDriverStatePtr driver;
                                    ^
2015-01-27 13:43:23 +01:00
Daniel P. Berrange
55ea7be7d9 Removing probing of secondary drivers
For stateless, client side drivers, it is never correct to
probe for secondary drivers. It is only ever appropriate to
use the secondary driver that is associated with the
hypervisor in question. As a result the ESX & HyperV drivers
have both been forced to do hacks where they register no-op
drivers for the ones they don't implement.

For stateful, server side drivers, we always just want to
use the same built-in shared driver. The exception is
virtualbox which is really a stateless driver and so wants
to use its own server side secondary drivers. To deal with
this virtualbox has to be built as 3 separate loadable
modules to allow registration to work in the right order.

This can all be simplified by introducing a new struct
recording the precise set of secondary drivers each
hypervisor driver wants

struct _virConnectDriver {
    virHypervisorDriverPtr hypervisorDriver;
    virInterfaceDriverPtr interfaceDriver;
    virNetworkDriverPtr networkDriver;
    virNodeDeviceDriverPtr nodeDeviceDriver;
    virNWFilterDriverPtr nwfilterDriver;
    virSecretDriverPtr secretDriver;
    virStorageDriverPtr storageDriver;
};

Instead of registering the hypervisor driver, we now
just register a virConnectDriver instead. This allows
us to remove all probing of secondary drivers. Once we
have chosen the primary driver, we immediately know the
correct secondary drivers to use.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2015-01-27 12:02:04 +00:00
Michal Privoznik
ca4f9518b8 virconf: Introduce VIR_CONF_ULONG
https://bugzilla.redhat.com/show_bug.cgi?id=1160995

In our config files users are expected to pass several integer values
for different configuration knobs. However, majority of them expect a
nonnegative number and only a few of them accept a negative number too
(notably keepalive_interval in libvirtd.conf).
Therefore, a new type to config value is introduced: VIR_CONF_ULONG
that is set whenever an integer is positive or zero. With this
approach knobs accepting VIR_CONF_LONG should accept VIR_CONF_ULONG
too.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-12-15 10:34:18 +01:00
Michal Privoznik
f81a702180 virConfType: switch to VIR_ENUM_{DECL,IMPL}
There's no need to implement ToString() function like we do if we
can use our shiny macros.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-12-15 10:34:18 +01:00
John Ferlan
c8230c4ded Replace virDomainSnapshotFree with virObjectUnref
Since virDomainSnapshotFree will call virObjectUnref anyway, let's just use
that directly so as to avoid the possibility that we inadvertently clear out
a pending error message when using the public API.
2014-12-02 11:03:41 -05:00
John Ferlan
c56a591a84 Replace virInterfaceFree with virObjectUnref
Since virInterfaceFree will call virObjectUnref anyway, let's just use that
directly so as to avoid the possibility that we inadvertently clear out
a pending error message when using the public API.
2014-12-02 11:03:41 -05:00
John Ferlan
7b4938f524 Replace virNWFilterFree with virObjectUnref
Since virNWFilterFree will call virObjectUnref anyway, let's just use that
directly so as to avoid the possibility that we inadvertently clear out
a pending error message when using the public API.
2014-12-02 11:03:41 -05:00
John Ferlan
a0b13d35e7 Replace virSecretFree with virObjectUnref
Since virSecretFree will call virObjectUnref anyway, let's just use that
directly so as to avoid the possibility that we inadvertently clear out
a pending error message when using the public API.
2014-12-02 11:03:41 -05:00
John Ferlan
1725a468f6 Replace virStreamFree with virObjectUnref
Since virStreamFree will call virObjectUnref anyway, let's just use that
directly so as to avoid the possibility that we inadvertently clear out
a pending error message when using the public API.
2014-12-02 11:03:41 -05:00
John Ferlan
adbbff5fb7 Replace virStoragePoolFree with virObjectUnref
Since virStoragePoolFree will call virObjectUnref anyway, let's just use that
directly so as to avoid the possibility that we inadvertently clear out
a pending error message when using the public API.
2014-12-02 11:03:40 -05:00
John Ferlan
d1219054e3 Replace virStorageVolFree with virObjectUnref
Since virStorageVolFree will call virObjectUnref anyway, let's just use that
directly so as to avoid the possibility that we inadvertently clear out
a pending error message when using the public API.
2014-12-02 11:03:40 -05:00
John Ferlan
e3b456de0f Replace virNodeDeviceFree with virObjectUnref
Since virNodeDeviceFree will call virObjectUnref anyway, let's just use that
directly so as to avoid the possibility that we inadvertently clear out
a pending error message when using the public API.
2014-12-02 11:03:40 -05:00
John Ferlan
121c09a90b Replace virNetworkFree with virObjectUnref
Since virNetworkFree will call virObjectUnref anyway, let's just use that
directly so as to avoid the possibility that we inadvertently clear out
a pending error message when using the public API.
2014-12-02 11:03:40 -05:00
John Ferlan
8fb3aee2f8 Replace virDomainFree with virObjectUnref
Since virDomainFree will call virObjectUnref anyway, let's just use that
directly so as to avoid the possibility that we inadvertently clear out
a pending error message when using the public API.
2014-12-02 11:03:40 -05:00
Tomoki Sekiyama
ee3dc4f19b remote: Implement the remote protocol for virDomainGetFSInfo
Add daemon and driver code to (de-)serialize virDomainFSInfo.

Signed-off-by: Tomoki Sekiyama <tomoki.sekiyama@hds.com>
2014-11-24 10:04:32 -05:00
Peter Krempa
1a4609101b event: Add guest agent lifecycle event
As qemu is now able to notify us about change of the channel state used
for communication with the guest agent we now can more precisely track
the state of the guest agent.

To allow notifying management apps this patch implements a new event
that will be triggered on changes of the guest agent state.
2014-11-24 15:39:17 +01:00
Martin Kletzander
cfd9c02802 Remove unnecessary curly brackets in daemon/ and examples/
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2014-11-14 17:13:00 +01:00
Eric Blake
0fe384f38e audit: use bool for audit log choice
We weren't ever using the value for anything other than being non-zero.

* src/util/viraudit.h (virAuditLog): Change signature.
* src/util/viraudit.c (virAuditLog): Update user.
* daemon/libvirtd.c (main): Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-10-29 09:55:09 -06:00
Pavel Hrdina
ceb7c90e69 tunable_event: extend debug message and tweak limit for remote message
It would be nice to also print a params pointer and number of params in
the debug message and the previous limit for number of params in the rpc
message was too large. The 2048 params will be enough for future events.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2014-09-25 10:56:04 +02:00
Michal Privoznik
fa5c5580d6 Introduce virNodeAllocPages
A long time ago in a galaxy far, far away it has been decided
that libvirt will manage not only domains but host as well. And
with my latest work on qemu driver supporting huge pages, we miss
the cherry on top: an API to allocate huge pages on the run.
Currently users are forced to log into the host and adjust the
huge pages pool themselves.  However, with this API the problem
is gone - they can both size up and size down the pool.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-09-25 10:24:44 +02:00
Daniel P. Berrange
c754257347 Convert remote daemon & acl code to use polkit API
Convert the remote daemon auth check and the access control
code to use the common polkit API for checking auth.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-09-24 15:29:22 +01:00
Pavel Hrdina
e426718129 event: introduce new event for tunable values
This new event will use typedParameters to expose what has been actually
updated and the reason is that we can in the future extend any tunable
values or add new tunable values. With typedParameters we don't have to
worry about creating some other events, we will just use this universal
event to inform user about updates.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2014-09-23 21:49:57 +02:00
Wang Yufei
18a6dc93e5 maint: clean up _virDomainMemoryStat
Clean up all _virDomainMemoryStat.

Signed-off-by: James <james.wangyufei@huawei.com>
Signed-off-by: Wang Rui <moon.wangrui@huawei.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2014-09-17 11:28:48 -06:00
John Ferlan
1f96775866 daemon: Resolve Coverity FORWARD_NULL
Coverity complains that the comparison:

  if (nfds && nfds > ((int)!!sock_path + (int)!!sock_path_ro))

could mean 'sock_path' is NULL. Later in virNetSocketNewListenUNIX
there's a direct dereference of path in the error path:

  if (path[0] != '@')

A bit of sleuthing proves that upon entry to daemonSetupNetworking
there is no way for 'sock_path' to be NULL since daemonUnixSocketPaths
will set up 'sock_file' (although it may not set up 'sock_file_ro')
in all 3 paths.

Adjusted code to add ATTRIBUTE_NONNULL(3) on incoming path parameter and
then fixup the comparison of nfds to be a comparison against 2 or 1
depending on whether sock_path_ro is NULL or not.
2014-09-15 11:01:37 -04:00
Martin Kletzander
8035f2e6f2 remove redundant pidfile path constructions
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2014-09-15 09:49:34 +02:00
John Ferlan
c77ac79d6b daemon: Resolve Coverity RESOURCE_LEAK
With eblake's help - adjust the checks for stdinfd/stdoutfd to ensure the
values are within the range we expect; otherwise the dup2()'s and subsequent
VIR_CLOSE() calls cause Coverity to believe there's a resource leak.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2014-09-12 06:12:50 -04:00
Eric Blake
d194d6e7e6 maint: use consistent if-else braces in remaining spots
I'm about to add a syntax check that enforces our documented
HACKING style of always using matching {} on if-else statements.

This patch focuses on all remaining problems, where there weren't
enough issues to warrant splitting it further.

* src/remote/remote_driver.c (doRemoteOpen): Correct use of {}.
* src/security/virt-aa-helper.c (vah_add_path, valid_path, main):
Likewise.
* src/rpc/virnetsocket.c (virNetSocketNewConnectLibSSH2):
Likewise.
* src/esx/esx_vi_types.c (esxVI_Type_FromString): Likewise.
* src/uml/uml_driver.c (umlDomainDetachDevice): Likewise.
* src/util/viralloc.c (virShrinkN): Likewise.
* src/util/virbuffer.c (virBufferURIEncodeString): Likewise.
* src/util/virdbus.c (virDBusCall): Likewise.
* src/util/virnetdev.c (virNetDevValidateConfig): Likewise.
* src/util/virnetdevvportprofile.c
(virNetDevVPortProfileGetNthParent): Likewise.
* src/util/virpci.c (virPCIDeviceIterDevices)
(virPCIDeviceWaitForCleanup)
(virPCIDeviceIsBehindSwitchLackingACS): Likewise.
* src/util/virsocketaddr.c (virSocketAddrGetNumNetmaskBits):
Likewise.
* src/util/viruri.c (virURIParseParams): Likewise.
* daemon/stream.c (daemonStreamHandleAbort): Likewise.
* tests/testutils.c (virtTestResult): Likewise.
* tests/cputest.c (cpuTestBaseline): Likewise.
* tools/virsh-domain.c (cmdDomPMSuspend): Likewise.
* tools/virsh-host.c (cmdNodeSuspend): Likewise.
* src/esx/esx_vi_generator.py (Type.generate_typefromstring):
Tweak generated code.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-09-04 14:34:03 -06:00
Wang Rui
3bd46c8174 remote: Resolve Coverity RESOURCE_LEAK
Need to free 'uri_out' on error path.

Signed-off-by: Wang Rui <moon.wangrui@huawei.com>
2014-09-03 15:00:19 -04:00
John Ferlan
4f25146bf4 daemon: Resolve Coverity NEGATIVE_RETURNS
In each of these cases, Coverity complains that the result count returned
on error paths would be -1 disregarding that the count and the corresponding
are "linked" together (it doesn't know that).  Simple enough to check and
remove the warning
2014-08-28 08:09:32 -04:00
Peter Krempa
89a706681c remote: Implement bulk domain stats APIs in the remote driver
Implement the remote driver support for shuffling the domain stats
around.
2014-08-28 11:59:21 +02:00
Michal Privoznik
dbb4cbf532 vbox: Register per partes
Since times when vbox moved to the daemon (due to some licensing
issue) the subdrivers that vbox implements were registered, but not
opened since our generic subdrivers took priority. I've tried to fix
this in 65b7d553f3 but it was not correct. Apparently moving
vbox driver registration upfront changes the default connection URI
which makes some users sad. So, this commit breaks vbox into pieces
and register vbox's network and storage drivers first, and vbox driver
then at the end. This way, the vbox driver is registered in the order
it always was, but its subdrivers are registered prior the generic
ones.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2014-08-27 08:05:25 +02:00
Eric Blake
b259e459b9 API: Tweak virDomainOpenGraphics to return fd directly
Let's fix this before we bake in a painful API.  Since we know
that we have exactly one non-negative fd on success, we might
as well return the fd directly instead of forcing the user to
pass in a pointer.  Furthermore, I found some memory and fd
leaks while reviewing the code - the idea is that on success,
libvirtd will have handed two fds in two different directions:
one to qemu, and one to the RPC client.

* include/libvirt/libvirt.h.in (virDomainOpenGraphicsFD): Drop
unneeded parameter.
* src/driver.h (virDrvDomainOpenGraphicsFD): Likewise.
* src/libvirt.c (virDomainOpenGraphicsFD): Adjust interface to
return fd directly.
* daemon/remote.c (remoteDispatchDomainOpenGraphicsFd): Adjust
semantics.
* src/qemu/qemu_driver.c (qemuDomainOpenGraphicsFD): Likewise,
and plug fd leak.
* src/remote/remote_driver.c (remoteDomainOpenGraphicsFD):
Likewise, and plug memory and fd leak.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-08-26 16:36:32 -06:00
Ján Tomko
408aae3849 Add RPC implementation for virDomainOpenGraphicsFd 2014-08-26 19:26:28 +02:00
Zhou Yimin
9eac73eb84 daemon: Fix option -v missing info priority log
Introduce by 63fbcc692.

When start libvirtd with commandline "/usr/sbin/libvirtd -d -l -v",
we expect verbose(info level) log if neither environment variable
nor config file about logging controls is set. But in fact we can't
get any info priority log in the default output file.

The log priority of default output is VIR_LOG_DEFAULT(VIR_LOG_WARN),
so the info log is filtered out.
To record info priority log we must parse option -v before setting the
default output.

After this patch, we get all verbose log in the default output file.

Signed-off-by: Zhou Yimin <zhouyimin@huawei.com>
2014-08-25 16:40:20 +02:00
Martin Kletzander
1e9808d3a1 daemon: use socket activation with systemd
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2014-08-22 09:12:14 +02:00
Martin Kletzander
27a7081c29 daemon: support passing FDs from the calling process
First FD is the RW unix socket to listen on, second one (if
applicable) is the RO unix socket.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2014-08-22 09:12:13 +02:00
Michal Privoznik
65b7d553f3 daemon: Fix driver registration ordering
There are some stateless drivers which implement subdrivers
(typically vbox and its own network and storage subdrivers). However,
as of ba5f3c7c8e the vbox driver lives in the daemon, not the
client library. This means, in order for vbox (or any stateless domain
driver) to use its subdrivers, it must register before the general
drivers. Later, when the virConnectOpen function goes through the
subdrivers, stateless drivers are searched first. If the connection
request is aiming at stateless driver, it will be opened. Otherwise
the generic subdriver is opened.

The other change done in this commit is moving interface module load a
bit earlier to match the ordering in case libvirt is built without
driver modules.

Reported-by: Taowei Luo <uaedante@gmail.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-08-18 11:49:10 +02:00
Peter Krempa
c018efa863 daemon: Limit default log level to journald to VIR_LOG_INFO
Libvirt is really chatty when the DEBUG log level is enabled. When a
host uses journald we'd enable debug logging to journald when only
specifying the debug log level. As journald may employ rate throttling
this would lock up the daemon until it's able to flush all debug
messages.

This patch changes the default log level to VIR_LOG_INFO when using the
default (unconfigured) log output to journald.

To still allow debug logging to journald the user now has to explicitly
specify journald as a log output with priority 1 in the "log_outputs"
configuration option. This patch also changes the config file template
to be explicit about this change and notify the user about the possible
consequence of debug logging into journald.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1121955
2014-08-13 10:29:05 +02:00
Peter Krempa
7b6228d159 libvirtd: conf: Mention support for logging into journald
Our docs didn't mention the explicit option to log into journald.
2014-08-13 10:12:02 +02:00
Wang Rui
2381af474b daemon: Fix indentation in libvirtd.c
Signed-off-by: Wang Rui <moon.wangrui@huawei.com>
2014-08-07 11:03:31 +02:00
Peter Krempa
02bffd47bd net: merge virNetworkGetDHCPLeases and virNetworkGetDHCPLeasesForMAC
Instead of maintaining two very similar APIs, add the "@mac" parameter
to virNetworkGetDHCPLeases and kill virNetworkGetDHCPLeasesForMAC. Both
of those functions would return data the same way, so making @mac an
optional filter simplifies a lot of stuff.
2014-06-27 09:38:13 +02:00
Ján Tomko
364586d3ed Rework remoteSerializeDHCPLease
Don't leak the temporary variables on success if NULL is returned
for that field.

Don't dereference NULL on failure to allocate some of the temporaries.

Introduced by commit 990c3b6
2014-06-24 14:41:50 +02:00
Daniel P. Berrange
6512c8b456 Change 'interface' to 'iface' in virNetworkDHCPLease
Variables/fields named 'interface' clash with system
header symbols on some platforms.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-06-24 13:30:16 +01:00
Nehal J Wani
990c3b6554 net-dhcp-leases: Implement the remote protocol
Implement RPC calls for virNetworkGetDHCPLeases, virNetworkGetDHCPLeasesForMAC

daemon/remote.c
   * Define remoteSerializeNetworkDHCPLeases,
            remoteDispatchNetworkGetDHCPLeases
   * Define remoteDispatchNetworkGetDHCPLeasesForMAC
   * Define helper function remoteSerializeDHCPLease

src/remote/remote_driver.c
   * Define remoteNetworkGetDHCPLeases
   * Define remoteNetworkGetDHCPLeasesForMAC
   * Define helper function remoteSerializeDHCPLease

src/remote/remote_protocol.x
   * New RPC procedure: REMOTE_PROC_NETWORK_GET_DHCP_LEASES
   * Define structs remote_network_dhcp_leases, remote_network_get_dhcp_leases_args,
                    remote_network_get_dhcp_leases_ret
   * New RPC procedure: REMOTE_PROC_NETWORK_GET_DHCP_LEASES_FOR_MAC
   * Define structs remote_network_dhcp_leases_for_mac, remote_network_get_dhcp_leases_for_mac_args,
                    remote_network_get_dhcp_leases_for_mac_ret

src/remote_protocol-structs
   * New structs added

src/rpc/gendispatch.pl
   * Add exception (s/Dhcp/DHCP) for auto-generating names of the remote functions
     in daemon/remote_dispatch.h
2014-06-24 12:26:31 +01:00
Michal Privoznik
34f2d0319d Introduce virNodeGetFreePages
The aim of the API is to get information on number of free pages
on the system. The API behaves similar to the
virNodeGetCellsFreeMemory(). User passes starting NUMA cell, the
count of nodes that he's interested in, pages sizes (yes,
multiple sizes can be queried at once) and the counts are
returned in an array.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-06-19 15:10:49 +02:00
Eric Blake
1bfe73a126 blockjob: use stable disk string in job event
When the block job event was first added, it was for block pull,
where the active layer of the disk remains the same name.  It was
also in a day where we only cared about local files, and so we
always had a canonical absolute file name.  But two things have
changed since then: we now have network disks, where determining
a single absolute string does not really make sense; and we have
two-phase jobs (copy and active commit) where the name of the
active layer changes between the first event (ready, on the old
name) and second (complete, on the pivoted name).

Adam Litke reported that having an unstable string between events
makes life harder for clients.  Furthermore, all of our API that
operate on a particular disk of a domain accept multiple strings:
not only the absolute name of the active layer, but also the
destination device name (such as 'vda').  As this latter name is
stable, even for network sources, it serves as a better string
to supply in block job events.

But backwards-compatibility demands that we should not change the
name handed to users unless they explicitly request it.  Therefore,
this patch adds a new event, BLOCK_JOB_2 (alas, I couldn't think of
any nicer name - but at least Migrate2 and Migrate3 are precedent
for a number suffix).  We must double up on emitting both old-style
and new-style events according to what clients have registered for
(see also how IOError and IOErrorReason emits double events, but
there the difference was a larger struct rather than changed
meaning of one of the struct members).

Unfortunately, adding a new event isn't something that can easily
be broken into pieces, so the commit is rather large.

* include/libvirt/libvirt.h.in (virDomainEventID): Add a new id
for VIR_DOMAIN_EVENT_ID_BLOCK_JOB_2.
(virConnectDomainEventBlockJobCallback): Document new semantics.
* src/conf/domain_event.c (_virDomainEventBlockJob): Rename field,
to ensure we catch all clients.
(virDomainEventBlockJobNew): Add parameter.
(virDomainEventBlockJobDispose)
(virDomainEventBlockJobNewFromObj)
(virDomainEventBlockJobNewFromDom)
(virDomainEventDispatchDefaultFunc): Adjust clients.
(virDomainEventBlockJob2NewFromObj)
(virDomainEventBlockJob2NewFromDom): New functions.
* src/conf/domain_event.h: Add new prototypes.
* src/libvirt_private.syms (domain_event.h): Export new functions.
* src/qemu/qemu_driver.c (qemuDomainBlockJobImpl): Generate two
different events.
* src/qemu/qemu_process.c (qemuProcessHandleBlockJob): Likewise.
* src/remote/remote_protocol.x
(remote_domain_event_block_job_2_msg): New struct.
(REMOTE_PROC_DOMAIN_EVENT_BLOCK_JOB_2): New RPC.
* src/remote/remote_driver.c
(remoteDomainBuildEventBlockJob2): New handler.
(remoteEvents): Register new event.
* daemon/remote.c (remoteRelayDomainEventBlockJob2): New handler.
(domainEventCallbacks): Register new event.
* tools/virsh-domain.c (vshEventCallbacks): Likewise.
(vshEventBlockJobPrint): Adjust client.
* src/remote_protocol-structs: Regenerate.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-06-19 06:54:12 -06:00
Ján Tomko
819ca36e2b Don't use AI_ADDRCONFIG when binding to wildcard addresses
https://bugzilla.redhat.com/show_bug.cgi?id=1098659

With parallel boot, network addresses might not yet be assigned [1],
but binding to wildcard addresses should work.

For non-wildcard addresses, ADDRCONFIG is still used. Document this
in libvirtd.conf.

[1] http://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/
2014-06-02 17:12:01 +02:00
Michal Privoznik
0abb369380 Introduce virDomain{Get,Set}Time APIs
These APIs allow users to get or set time in a domain, which may come
handy if the domain has been resumed just recently and NTP is not
configured or hasn't kicked in yet and the guest is running
something time critical. In addition, NTP may refuse to re-set the clock
if the skew is too big.

In addition, new ACL attribute is introduced 'set_time'.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-05-15 16:15:54 +02:00
Daniel P. Berrange
dd477238bc Use virFileFindResource to locate CPU map XML
Replace use of cpuMapOverride with virFileFindResource
to locate CPU map from build dir.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-04-25 11:59:46 +01:00
Daniel P. Berrange
bc2f42a094 Use virFileFindResource to locate driver plugins
Replace virDriverModuleInitialize with virFileFindResource
usage.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-04-25 11:59:46 +01:00
Daniel P. Berrange
d3c7684220 Use virFileFindResource to locate lock manager plugins
Replace virLockManagerSetPluginDir with virFileFindResource
usage.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-04-25 11:59:46 +01:00
Daniel P. Berrange
391ac4d990 Activate build dir overrides in libvirtd, virtlockd, virsh & tests
Add calls to virFileActivateDirOverride so that the build dir
overrides are activated.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-04-25 11:59:32 +01:00
Nehal J Wani
34542473e5 Fix Memory Leak in daemon/libvirtd.c
Fixes leak introduced by e562e82f

==4937== 64 bytes in 1 blocks are definitely lost in loss record 270 of 405
==4937==    at 0x4A06BE0: realloc (vg_replace_malloc.c:662)
==4937==    by 0x6FA41C4: __vasprintf_chk (vasprintf_chk.c:90)
==4937==    by 0x50C8D29: virVasprintfInternal (stdio2.h:199)
==4937==    by 0x50C8E3A: virAsprintfInternal (virstring.c:362)
==4937==    by 0x11D01A: main (libvirtd.c:1170)

Signed-off-by: Ján Tomko <jtomko@redhat.com>
2014-04-04 07:45:41 +02:00
Ján Tomko
60555fb8ed Indent top-level labels by one space in daemon/ 2014-03-25 14:58:38 +01:00
Eric Blake
e7708a1c47 qemu: wire up RPC for qemu monitor events
These are the first async events in the qemu protocol, so this
patch looks rather big compared to most RPC additions.  However,
a large majority of this patch is just mechanical copy-and-paste
from recently-added network events.  It didn't help that this
is also the first virConnect rather than virDomain prefix
associated with a qemu-specific API.

* src/remote/qemu_protocol.x (qemu_*_domain_monitor_event_*): New
structs and RPC messages.
* src/rpc/gendispatch.pl: Adjust naming conventions.
* daemon/libvirtd.h (daemonClientPrivate): Track qemu events.
* daemon/remote.c (remoteClientFreeFunc): Likewise.
(remoteRelayDomainQemuMonitorEvent)
(qemuDispatchConnectDomainMonitorEventRegister)
(qemuDispatchConnectDomainMonitorEventDeregister): New functions.
* src/remote/remote_driver.c (qemuEvents): Handle qemu events.
(doRemoteOpen): Register for events.
(remoteNetworkBuildEventLifecycle)
(remoteConnectDomainQemuMonitorEventRegister)
(remoteConnectDomainQemuMonitorEventDeregister): New functions.
* src/qemu_protocol-structs: Regenerate.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-03-20 11:25:37 -06:00
Martin Kletzander
95aed7febc Use K&R style for curly braces in remaining files
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2014-03-20 17:27:17 +01:00
Jiri Denemark
be8701d76c daemon: Enhance documentation for changing NOFILE limit
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2014-03-20 10:55:44 +01:00
Daniel P. Berrange
c0c8c1d7bb Remove global log buffer feature entirely
A earlier commit changed the global log buffer so that it only
records messages that are explicitly requested via the log
filters setting. This removes the performance burden, and
improves the signal/noise ratio for messages in the global
buffer. At the same time though, it is somewhat pointless, since
all the recorded log messages are already going to be sent to an
explicit log output like syslog, stderr or the journal. The
global log buffer is thus just duplicating this data on stderr
upon crash.

The log_buffer_size config parameter is left in the augeas
lens to prevent breakage for users on upgrade. It is however
completely ignored hereafter.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-03-18 14:29:22 +00:00
Daniel P. Berrange
2835c1e730 Add virLogSource variables to all source files
Any source file which calls the logging APIs now needs
to have a VIR_LOG_INIT("source.name") declaration at
the start of the file. This provides a static variable
of the virLogSource type.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-03-18 14:29:22 +00:00
Daniel P. Berrange
b29275d928 Move dtrace probe macros into separate header file
The dtrace probe macros rely on the logging API. We can't make
the internal.h header include the virlog.h header though since
that'd be a circular include. Instead simply split the dtrace
probes into their own header file, since there's no compelling
reason for them to be in the main internal.h header.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-03-18 14:29:21 +00:00
Michal Privoznik
68f60f669c daemon: Introduce max_anonymous_clients
https://bugzilla.redhat.com/show_bug.cgi?id=992980

This config tunable allows users to determine the maximum number of
accepted but yet not authenticated users.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-03-17 17:45:13 +01:00
Michal Privoznik
4015396b2c virNetServer: Introduce unauth clients counter
The counter gets incremented on each unauthenticated client added to the
server and decremented whenever the client authenticates.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-03-17 17:37:42 +01:00
Nehal J Wani
2250a2b5d2 Add parameter to wait for lock in file locking APIs
Our current pidfile acquire APis (virPidFileAcquire) simply return -1 upon
failure to acquire a lock. This patch adds a parameter 'bool waitForLock'
which instructs the APIs if we want to make it block and wait for the lock
or not.
2014-03-17 10:04:47 -06:00
Jiri Denemark
e562e82f76 Load CPU map from builddir when run uninstalled
When libvirtd is run from a build directory without being installed, it
should not depend on files from a libvirt package installed in the
system. Not only because there may not be any libvirt installed at all.
We already do a good job for plugins but cpu_map.xml was still loaded
from the system.

The Makefile.am change is necessary to make this all work from VPATH
builds since libvirtd has no idea where to find libvirt sources. It only
knows the path from which it was started, i.e, a builddir.

https://bugzilla.redhat.com/show_bug.cgi?id=1074327
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2014-03-12 16:31:57 +01:00
Daniel P. Berrange
10ec072545 Add helper APIs to track if libvirtd or loadable modules have changed
The future QEMU capabilities cache needs to be able to invalidate
itself if the libvirtd binary or any loadable modules are changed
on disk. Record the 'ctime' value for these binaries and provide
helper APIs to query it. This approach assumes that if libvirt.so
is changed, then libvirtd will also change, which should usually
be the case with libtool's wrapper scripts that cause libvirtd to
get re-linked

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-03-11 10:51:49 +00:00
Ján Tomko
9b9d7704b5 Change file names in comments to match the files they are in
Some of these are leftovers from renaming the files, others
are just typos.

Also introduce an ugly awk script to enforce this.
2014-03-10 14:26:04 +01:00
Cédric Bosdonnat
a3e4eeff52 Make sure apparmor is started before libvirtd
If apparmor security driver is enabled in either qemu or lxc
driver configuration and libvirtd starts before AppArmor, it will fail.
2014-03-04 11:07:05 +00:00
Eric Blake
b9dd878ff8 util: make it easier to grab only regular command exit
Auditing all callers of virCommandRun and virCommandWait that
passed a non-NULL pointer for exit status turned up some
interesting observations.  Many callers were merely passing
a pointer to avoid the overall command dying, but without
caring what the exit status was - but these callers would
be better off treating a child death by signal as an abnormal
exit.  Other callers were actually acting on the status, but
not all of them remembered to filter by WIFEXITED and convert
with WEXITSTATUS; depending on the platform, this can result
in a status being reported as 256 times too big.  And among
those that correctly parse the output, it gets rather verbose.
Finally, there were the callers that explicitly checked that
the status was 0, and gave their own message, but with fewer
details than what virCommand gives for free.

So the best idea is to move the complexity out of callers and
into virCommand - by default, we return the actual exit status
already cleaned through WEXITSTATUS and treat signals as a
failed command; but the few callers that care can ask for raw
status and act on it themselves.

* src/util/vircommand.h (virCommandRawStatus): New prototype.
* src/libvirt_private.syms (util/command.h): Export it.
* docs/internals/command.html.in: Document it.
* src/util/vircommand.c (virCommandRawStatus): New function.
(virCommandWait): Adjust semantics.
* tests/commandtest.c (test1): Test it.
* daemon/remote.c (remoteDispatchAuthPolkit): Adjust callers.
* src/access/viraccessdriverpolkit.c (virAccessDriverPolkitCheck):
Likewise.
* src/fdstream.c (virFDStreamCloseInt): Likewise.
* src/lxc/lxc_process.c (virLXCProcessStart): Likewise.
* src/qemu/qemu_command.c (qemuCreateInBridgePortWithHelper):
Likewise.
* src/xen/xen_driver.c (xenUnifiedXendProbe): Simplify.
* tests/reconnect.c (mymain): Likewise.
* tests/statstest.c (mymain): Likewise.
* src/bhyve/bhyve_process.c (virBhyveProcessStart)
(virBhyveProcessStop): Don't overwrite virCommand error.
* src/libvirt.c (virConnectAuthGainPolkit): Likewise.
* src/openvz/openvz_driver.c (openvzDomainGetBarrierLimit)
(openvzDomainSetBarrierLimit): Likewise.
* src/util/virebtables.c (virEbTablesOnceInit): Likewise.
* src/util/viriptables.c (virIpTablesOnceInit): Likewise.
* src/util/virnetdevveth.c (virNetDevVethCreate): Fix debug
message.
* src/qemu/qemu_capabilities.c (virQEMUCapsInitQMP): Add comment.
* src/storage/storage_backend_iscsi.c
(virStorageBackendISCSINodeUpdate): Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-03-03 12:40:32 -07:00
Eric Blake
c72e76c3d9 util: make it easier to grab only regular process exit
Right now, a caller waiting for a child process either requires
the child to have status 0, or must use WIFEXITED() and friends
itself.  But in many cases, we want the middle ground of treating
fatal signals as an error, and directly accessing the normal exit
value without having to use WEXITSTATUS(), in order to easily
detect an expected non-zero exit status.  This adds the middle
ground to the low-level virProcessWait; the next patch will add
it to virCommand.

* src/util/virprocess.h (virProcessWait): Alter signature.
* src/util/virprocess.c (virProcessWait): Add parameter.
(virProcessRunInMountNamespace): Adjust caller.
* src/util/vircommand.c (virCommandWait): Likewise.
* src/util/virfile.c (virFileAccessibleAs): Likewise.
* src/lxc/lxc_container.c (lxcContainerHasReboot)
(lxcContainerAvailable): Likewise.
* daemon/libvirtd.c (daemonForkIntoBackground): Likewise.
* tools/virt-login-shell.c (main): Likewise.
* tools/virsh-domain.c (cmdLxcEnterNamespace): Likewise.
* tests/testutils.c (virtTestCaptureProgramOutput): Likewise.
* tests/commandtest.c (test23): Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-03-03 12:40:31 -07:00
Michal Privoznik
68954fb25c virNetServerRun: Notify systemd that we're accepting clients
Systemd does not forget about the cases, where client service needs to
wait for daemon service to initialize and start accepting new clients.
Setting a dependency in client is not enough as systemd doesn't know
when the daemon has initialized itself and started accepting new
clients. However, it offers a mechanism to solve this. The daemon needs
to call a special systemd function by which the daemon tells "I'm ready
to accept new clients". This is exactly what we need with
libvirtd-guests (client) and libvirtd (daemon). So now, with this
change, libvirt-guests.service is invoked not any sooner than
libvirtd.service calls the systemd notify function.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-02-24 10:54:48 +01:00
Roman Bogorodskiy
0eb4a5f4f1 bhyve: add a basic driver
At this point it has a limited functionality and is highly
experimental. Supported domain operations are:

  * define
  * start
  * destroy
  * dumpxml
  * dominfo

It's only possible to have only one disk device and only one
network, which should be of type bridge.
2014-02-19 14:21:50 +00:00
Eric Blake
6831c1d327 event: pass reason for PM events
Commit 57ddcc23 (v0.9.11) introduced the pmwakeup event, with
an optional 'reason' field reserved for possible future expansion.
But it failed to wire the field through RPC, so even if we do
add a reason in the future, we will be unable to get it back
to the user.

Worse, commit 7ba5defb (v1.0.0) repeated the same mistake with
the pmsuspend_disk event.

As long as we are adding new RPC calls, we might as well fix
the events to actually match the signature so that we don't have
to add yet another RPC in the future if we do decide to start
using the reason field.

* src/remote/remote_protocol.x
(remote_domain_event_callback_pmwakeup_msg)
(remote_domain_event_callback_pmsuspend_msg)
(remote_domain_event_callback_pmsuspend_disk_msg): Add reason
field.
* daemon/remote.c (remoteRelayDomainEventPMWakeup)
(remoteRelayDomainEventPMSuspend)
(remoteRelayDomainEventPMSuspendDisk): Pass reason to client.
* src/conf/domain_event.h (virDomainEventPMWakeupNewFromDom)
(virDomainEventPMSuspendNewFromDom)
(virDomainEventPMSuspendDiskNewFromDom): Require additional
parameter.
* src/conf/domain_event.c (virDomainEventPMClass): New class.
(virDomainEventPMDispose): New function.
(virDomainEventPMWakeupNew*, virDomainEventPMSuspendNew*)
(virDomainEventPMSuspendDiskNew*)
(virDomainEventDispatchDefaultFunc): Use new class.
* src/remote/remote_driver.c (remoteDomainBuildEvent*PM*): Pass
reason through.
* src/remote_protocol-structs: Regenerate.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-02-12 10:48:16 -07:00
Eric Blake
158795d20e event: convert remaining domain events to new style
Following the patterns established by lifecycle events, this
creates all the new RPC calls needed to pass callback IDs
for every domain event, and changes the limits in client and
server codes to use modern style when possible.

I've tested all combinations: both 'old client and new server'
and 'new client and old server' continue to work with the old
RPCs, and 'new client and new server' benefit from server-side
filtering with the new RPCs.

* src/remote/remote_protocol.x (REMOTE_PROC_DOMAIN_EVENT_*): Add
REMOTE_PROC_DOMAIN_EVENT_CALLBACK_* counterparts.
* daemon/remote.c (remoteRelayDomainEvent*): Send callbackID via
newer RPC when used with new-style registration.
(remoteDispatchConnectDomainEventCallbackRegisterAny): Extend to
cover all domain events.
* src/remote/remote_driver.c (remoteDomainBuildEvent*): Add new
Callback and Helper functions.
(remoteEvents): Match order of RPC numbers, register new handlers.
(remoteConnectDomainEventRegisterAny)
(remoteConnectDomainEventDeregisterAny): Extend to cover all
domain events.
* src/remote_protocol-structs: Regenerate.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-02-12 10:48:16 -07:00
Eric Blake
0372295770 event: server RPC protocol tweaks for domain lifecycle events
This patch adds some new RPC call numbers, but for ease of review,
they sit idle until a later patch adds the client counterpart to
drive the new RPCs.  Also for ease of review, I limited this patch
to just the lifecycle event; although converting the remaining
15 domain events will be quite mechanical.  On the server side,
we have to have a function per RPC call, largely with duplicated
bodies (the key difference being that we store in our callback
opaque pointer whether events should be fired with old or new
style); meanwhile, a single function can drive multiple RPC
messages.  With a strategic choice of XDR struct layout, we can
make the event generation code for both styles fairly compact.

I debated about adding a tri-state witness variable per
connection (values 'unknown', 'legacy', 'modern').  It would start
as 'unknown', move to 'legacy' if any RPC call is made to a legacy
event call, and move to 'modern' if the feature probe is made;
then the event code could issue an error if the witness state is
incorrect (a legacy RPC call while in 'modern', a modern RPC call
while in 'unknown' or 'legacy', and a feature probe while in
'legacy' or 'modern').  But while it might prevent odd behavior
caused by protocol fuzzing, I don't see that it would prevent
any security holes, so I considered it bloat.

Note that sticking @acl markers on the new RPCs generates unused
functions in access/viraccessapicheck.c, because there is no new
API call that needs to use the new checks; however, having a
consistent .x file is worth the dead code.

* src/libvirt_internal.h (VIR_DRV_FEATURE_REMOTE_EVENT_CALLBACK):
New feature.
* src/remote/remote_protocol.x
(REMOTE_PROC_CONNECT_DOMAIN_EVENT_CALLBACK_REGISTER_ANY)
(REMOTE_PROC_CONNECT_DOMAIN_EVENT_CALLBACK_DEREGISTER_ANY)
(REMOTE_PROC_DOMAIN_EVENT_CALLBACK_LIFECYCLE): New RPCs.
* daemon/remote.c (daemonClientCallback): Add field.
(remoteDispatchConnectDomainEventCallbackRegisterAny)
(remoteDispatchConnectDomainEventCallbackDeregisterAny): New
functions.
(remoteDispatchConnectDomainEventRegisterAny)
(remoteDispatchConnectDomainEventDeregisterAny): Mark legacy use.
(remoteRelayDomainEventLifecycle): Change message based on legacy
or new use.
(remoteDispatchConnectSupportsFeature): Advertise new feature.
* src/remote_protocol-structs: Regenerate.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-02-12 10:48:15 -07:00
Eric Blake
047fd2e83e event: dynamically manage server-side RPC domain events
This patch continues the earlier conversion made for network
events, with a goal of introducing server-side event filtering
in a later patch.  Actual behavior is unchanged without
further RPC changes.

* daemon/libvirtd.h (daemonClientPrivate): Alter the tracking of
domain events.
* daemon/remote.c (remoteClientInitHook, remoteClientFreeFunc)
(remoteRelayDomainEvent*)
(remoteDispatchConnectDomainEventRegister)
(remoteDispatchConnectDomainEventRegisterAny): Track domain
callbacks dynamically.
2014-02-12 10:48:15 -07:00
Eric Blake
f34ea654de maint: fix grammar in conf file
Noticed a misuse of 'to' while testing my event regression under
polkit ACLs, and decided to review the entire conf files for
other legibility bugs.

* daemon/libvirtd.conf: Use correct grammar.
* src/qemu/qemu.conf: Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-02-05 10:40:14 -07:00
Eric Blake
11f20e43f1 event: move event filtering to daemon (regression fix)
https://bugzilla.redhat.com/show_bug.cgi?id=1058839

Commit f9f56340 for CVE-2014-0028 almost had the right idea - we
need to check the ACL rules to filter which events to send.  But
it overlooked one thing: the event dispatch queue is running in
the main loop thread, and therefore does not normally have a
current virIdentityPtr.  But filter checks can be based on current
identity, so when libvirtd.conf contains access_drivers=["polkit"],
we ended up rejecting access for EVERY event due to failure to
look up the current identity, even if it should have been allowed.

Furthermore, even for events that are triggered by API calls, it
is important to remember that the point of events is that they can
be copied across multiple connections, which may have separate
identities and permissions.  So even if events were dispatched
from a context where we have an identity, we must change to the
correct identity of the connection that will be receiving the
event, rather than basing a decision on the context that triggered
the event, when deciding whether to filter an event to a
particular connection.

If there were an easy way to get from virConnectPtr to the
appropriate virIdentityPtr, then object_event.c could adjust the
identity prior to checking whether to dispatch an event.  But
setting up that back-reference is a bit invasive.  Instead, it
is easier to delay the filtering check until lower down the
stack, at the point where we have direct access to the RPC
client object that owns an identity.  As such, this patch ends
up reverting a large portion of the framework of commit f9f56340.
We also have to teach 'make check' to special-case the fact that
the event registration filtering is done at the point of dispatch,
rather than the point of registration.  Note that even though we
don't actually use virConnectDomainEventRegisterCheckACL (because
the RegisterAny variant is sufficient), we still generate the
function for the purposes of documenting that the filtering
takes place.

Also note that I did not entirely delete the notion of a filter
from object_event.c; I still plan on using that for my upcoming
patch series for qemu monitor events in libvirt-qemu.so.  In
other words, while this patch changes ACL filtering to live in
remote.c and therefore we have no current client of the filtering
in object_event.c, the notion of filtering in object_event.c is
still useful down the road.

* src/check-aclrules.pl: Exempt event registration from having to
pass checkACL filter down call stack.
* daemon/remote.c (remoteRelayDomainEventCheckACL)
(remoteRelayNetworkEventCheckACL): New functions.
(remoteRelay*Event*): Use new functions.
* src/conf/domain_event.h (virDomainEventStateRegister)
(virDomainEventStateRegisterID): Drop unused parameter.
* src/conf/network_event.h (virNetworkEventStateRegisterID):
Likewise.
* src/conf/domain_event.c (virDomainEventFilter): Delete unused
function.
* src/conf/network_event.c (virNetworkEventFilter): Likewise.
* src/libxl/libxl_driver.c: Adjust caller.
* src/lxc/lxc_driver.c: Likewise.
* src/network/bridge_driver.c: Likewise.
* src/qemu/qemu_driver.c: Likewise.
* src/remote/remote_driver.c: Likewise.
* src/test/test_driver.c: Likewise.
* src/uml/uml_driver.c: Likewise.
* src/vbox/vbox_tmpl.c: Likewise.
* src/xen/xen_driver.c: Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-02-05 08:03:31 -07:00
Laine Stump
00e9d6071b build: add $(prefix) to SYSTEMD_UNIT_DIR
I noticed this problem when adding systemd support to netcf, because I
setup the configure.ac to automatically prefer using systemd over
initscripts when possible - although I had copied the
install-data-local target from the example of libvirt's
"libvirt-guests" service more or less verbatim, "make distcheck" would
fail because it was trying to install the service file directly into
/lib/systemd/system rather than into
/home/user/some/unimportant/name/lib/systemd/system.

This is caused by the install/uninstall rules for the systemd unit
files relying on $(DESTDIR) pointing the installed files to the right
place, but in reality $(DESTDIR) is empty during this part of make
distcheck - it instead sets $(prefix) with the toplevel directory used
for its test build/install/uninstall cycle.

(This problem hasn't been seen when running "make distcheck" in
libvirt because libvirt will never build/install systemd support
unless explicitly told to do so on the configure commandline, and
"make distcheck" doesn't put the "--with-initscript=..." option on the
configure commandline.)

I verified that the same problem does exist in libvirt by modifying
libvirt's configure.ac to set:

  init_systemd=yes
  with_init_script=systemd+redhat

This forces a build/install of the systemd unit files during
distcheck, which yields an error like this:

/usr/bin/install -c -m 644 virtlockd.service \
  /lib/systemd/system/
libtool: install: warning: relinking `libvirt-qemu.la'
/usr/bin/install: cannot remove '/lib/systemd/system/virtlockd.service': Permission denied
make[4]: *** [install-systemd] Error 1

After adding $(prefix) to all the definitions of SYSTEMD_UNIT_DIR,
make distcheck now completes successfully with the modified
configure.ac, and the above lines change to something like this:

/usr/bin/install -c -m 644 virtlockd.service \
  /home/laine/devel/libvirt/libvirt-1.2.1/_inst/lib/systemd/system/
2014-01-21 13:19:46 +02:00
Eric Blake
8d9d098b6d event: wire up RPC for server-side network event filtering
We haven't had a release with network events yet, so we are free
to fix the RPC so that it actually does what we want.  Doing
client-side filtering of per-network events is inefficient if a
connection is only interested in events on a single network out
of hundreds available on the server.  But to do server-side
per-network filtering, the server needs to know which network
to filter on - so we need to pass an optional network over on
registration.  Furthermore, it is possible to have a client with
both a global and per-network filter; in the existing code, the
server sends only one event and the client replicates to both
callbacks.  But with server-side filtering, the server will send
the event twice, so we need a way for the client to know which
callbackID is sending an event, to ensure that the client can
filter out events from a registration that does not match the
callbackID from the server.  Likewise, the existing style of
deregistering by eventID alone is fine; but in the new style,
we have to remember which callbackID to delete.

This patch fixes the RPC wire definition to contain all the
needed pieces of information, and hooks into the server and
client side improvements of the previous patches, in order to
switch over to full server-side filtering of network events.
Also, since we fixed this in time, all released versions of
libvirtd that support network events also support per-network
filtering, so we can hard-code that assumption into
network_event.c.

Converting domain events to server-side filtering will require
the introduction of new RPC numbers, as well as a server
feature bit that the client can use to tell whether to use
old-style (server only supports global events) or new-style
(server supports filtered events), so that is deferred to a
later set of patches.

* src/conf/network_event.c (virNetworkEventStateRegisterClient):
Assume server-side filtering.
* src/remote/remote_protocol.x
(remote_connect_network_event_register_any_args): Add network
argument.
(remote_connect_network_event_register_any_ret): Return callbackID
instead of count.
(remote_connect_network_event_deregister_any_args): Pass
callbackID instead of eventID.
(remote_connect_network_event_deregister_any_ret): Drop unused
type.
(remote_network_event_lifecycle_msg): Add callbackID.
* daemon/remote.c
(remoteDispatchConnectNetworkEventDeregisterAny): Drop unused arg,
and deal with callbackID from client.
(remoteRelayNetworkEventLifecycle): Pass callbackID.
(remoteDispatchConnectNetworkEventRegisterAny): Likewise, and
recognize non-NULL network.
* src/remote/remote_driver.c
(remoteConnectNetworkEventRegisterAny): Pass network, and track
server side id.
(remoteConnectNetworkEventDeregisterAny): Deregister by callback id.
(remoteNetworkBuildEventLifecycle): Pass remote id to event queue.
* src/remote_protocol-structs: Regenerate.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-15 13:55:21 -07:00
Eric Blake
b9d14ef03b event: track callbackID on daemon side of RPC
Right now, the daemon side of RPC events is hard-coded to at most
one callback per eventID.  But when there are hundreds of domains
or networks coupled and multiple conections, then sending every
event to every connection that wants an event, even for the
connections that only care about events for a particular object,
is inefficient.  In order to track more than one callback in the
server, we need to store callbacks by more than just their
eventID.  This patch rearranges the daemon side to store network
callbacks in a dynamic array, which can eventually be used for
multiple callbacks of the same eventID, although actual behavior
is unchanged without further patches to the RPC protocol.  For
ease of review, domain events are saved for a later patch, as
they touch more code.

While at it, fix a bug where a malicious client could send a
negative eventID to cause network event registration to access
outside of array bounds (thankfully not a CVE, since domain
events were already doing the bounds check, and since network
events have not been released).

* daemon/libvirtd.h (daemonClientPrivate): Alter the tracking of
network events.
* daemon/remote.c (daemonClientEventCallback): New struct.
(remoteEventCallbackFree): New function.
(remoteClientInitHook, remoteRelayNetworkEventLifecycle)
(remoteClientFreeFunc)
(remoteDispatchConnectNetworkEventRegisterAny): Track network
callbacks differently.
(remoteDispatchConnectNetworkEventDeregisterAny): Enforce bounds.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-15 13:55:20 -07:00
Guido Günther
1b9f5aa7fe Add Documentation fields to systemd service files
We point to the manpages where available and redirect to libvirt's
homepage as a last resort.
2014-01-09 09:32:55 +01:00
Cédric Bosdonnat
61ac8ce0a9 Add network events to the remote driver 2013-12-11 13:26:25 +00:00
Cédric Bosdonnat
008e877779 daemon/remote.c: renamed remoteDispatchDomainEventSend
into remoteDispatchObjectEventSend as it will later be used for both
the domain and network events.
2013-12-10 13:12:58 +00:00
Michael Chapman
59d6e65d6c virtlockd: improve initscripts
- Use SIGUSR1, not SIGHUP, on reload. At present, virtlockd only
  responds to the former.

- Fix PID file for virtlockd.

- Do not start virtlockd in any runlevels by default. It needs to be
  explicitly selected in libvirt's qemu.conf anyway, so there is no
  need to have it running on all systems regardless.

- Fix chkconfig priorities to ensure virtlockd is started before
  libvirtd is started, and stopped after libvirtd is stopped.

- Add "Should-Start: virtlockd" to the libvirtd initscript's LSB header,
  for the same reason.

- Add "Default-Stop" to both libvirtd and virtlockd initscripts. LSB
  does not guarantee that this defaults to the inverse of
  "Default-Start".

Signed-off-by: Michael Chapman <mike@very.puzzling.org>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-12-10 12:02:37 +01:00
Michal Privoznik
a602e90bc1 daemon: Run virStateCleanup conditionally
https://bugzilla.redhat.com/show_bug.cgi?id=1033061

Currently, initialization of drivers is done in a separate thread. This
is done for several reasons: a driver that is initialized may require
running event loop, it may take ages to initialize driver (e.g. due to
autostarting domains). While the thread is spawn and run, the main()
continues its execution. However, if something goes bad, or the event
loop is just exited (e.g. due to a --timeout or SIGINT) we try to
cleanup all the drivers. So we have two threads running Initialize() and
Cleanup() concurrently. This may result in accessing stale pointers -
e.g. netcf driver will free() itself in stateCleanup callback, while the
init thread may come, open a dummy connection in order to autostart some
domains and voilà: do_open() iterates over interface drivers and
accesses stale netcf driver.

The fix consists in not running stateCleanup if the init thread is still
running.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-12-03 14:32:08 +01:00