Previously, the parent process opened 'null' to /dev/null, then
the child process closes 'null' as well as 'childout'. But if
childout was set to be null, then this is a double close. At
least the double close was confined to the child process after a
fork, and therefore there is no risk of another thread opening
an fd of the same value to be bitten by the double close, but it
is always better to avoid double-close to begin with.
Additionally, if all three fds were specified, then opening
'null' was wasted.
This patch fixes things to lazily open null on the first use,
then guarantees it gets closed exactly once.
* src/util/command.c (getDevNull): New helper function.
(virExecWithHook): Use it to avoid spurious opens and double close.
This also reduces malloc pressure for invoking a child when
VIR_DEBUG is enabled.
* src/util/command.c (virExecWithHook): Drop debug, since the only
caller (virCommandRunAsync) also prints debug info.
If qemu supports -chardev, our char frontend aliases are ex. 'charserial0'
not just 'serial0'. Typically we don't use this code path because the
pty's are scraped from stdout.
Qemu once supported following memory stats which will returned by
"query_balloon":
stat_put(dict, "actual", actual);
stat_put(dict, "mem_swapped_in", dev->stats[VIRTIO_BALLOON_S_SWAP_IN]);
stat_put(dict, "mem_swapped_out", dev->stats[VIRTIO_BALLOON_S_SWAP_OUT]);
stat_put(dict, "major_page_faults", dev->stats[VIRTIO_BALLOON_S_MAJFLT]);
stat_put(dict, "minor_page_faults", dev->stats[VIRTIO_BALLOON_S_MINFLT]);
stat_put(dict, "free_mem", dev->stats[VIRTIO_BALLOON_S_MEMFREE]);
stat_put(dict, "total_mem", dev->stats[VIRTIO_BALLOON_S_MEMTOT]);
But it later disabled all the stats except "actual" by commit
07b0403dfc2b2ac179ae5b48105096cc2d03375a.
libvirt doesn't parse "actual", so user will always see a empty result
with "virsh dommemstat $domain". Even qemu haven't disabled the stats,
we should support parsing "actual".
There is the case where cpu affinites for vcpu of qemu doesn't work
correctly. For example, if only one vcpupin setting entry is provided
and its setting is not for vcpu0, it doesn't work.
# virsh dumpxml VM
...
<vcpu>4</vcpu>
<cputune>
<vcpupin vcpu='3' cpuset='9-11'/>
</cputune>
...
# virsh start VM
Domain VM started
# virsh vcpuinfo VM
VCPU: 0
CPU: 31
State: running
CPU time: 2.5s
CPU Affinity: yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy
VCPU: 1
CPU: 12
State: running
CPU time: 0.9s
CPU Affinity: yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy
VCPU: 2
CPU: 30
State: running
CPU time: 1.5s
CPU Affinity: yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy
VCPU: 3
CPU: 13
State: running
CPU time: 1.7s
CPU Affinity: yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy
This patch fixes this problem.
Signed-off-by: Taku Izumi <izumi.taku@jp.fujitsu.com>
Since the addition of the lock manager framework in 6a943419c5
dlopen is always required, but the checks in configure wasn't changed
to reflect that. This didn't show up directly because the VirtualBox
driver linking dlopen in covered it. But disabling the VirtualBox
driver makes the build fail due to missing dlopen.
Change the dlopen check in configure to pick up dlopen when available.
Reported by Ruben Kerkhof.
This patch deprecates following enums:
VIR_DOMAIN_MEM_CURRENT
VIR_DOMAIN_MEM_LIVE
VIR_DOMAIN_MEM_CONFIG
VIR_DOMAIN_VCPU_LIVE
VIR_DOMAIN_VCPU_CONFIG
VIR_DOMAIN_DEVICE_MODIFY_CURRENT
VIR_DOMAIN_DEVICE_MODIFY_LIVE
VIR_DOMAIN_DEVICE_MODIFY_CONFIG
And modify internal codes to use virDomainModificationImpact.
The below patch decreases the response time of libvirt to errors reported by Qemu upon startup by checking whether the qemu process is still alive while polling for the local socket to show up.
This patch also introduces a special handling of signal for the Win32 part of virKillProcess.
This patch adds the new option (--live, --config and --current) to
"virsh vcpupin" command. The behavior of above aption is the same as
that of "virsh setmem", "virsh setvcpus", and whatnot.
When the --config option is specified, the command affects a persistent
domain, while --live option is specified, it affects a running (live) domain.
The --current option cannot be used with --config or --live at the same
time, and when --current is specified, it affects a "current" domain.
If qemu supports multi function PCI device, the format of the PCI address passed
to qemu is "bus=pci.0,multifunction=on,addr=slot.function".
If qemu does not support multi function PCI device, the format of the PCI address
passed to qemu is "bus=pci.0,addr=slot".
Hot pluging/unpluging multi PCI device is not supported now. So the function
of hotplugged PCI device must be 0. When we hot unplug it, we should set release
all functions in the slot.
We save all used PCI address in the hash table. The key is generated by domain,
bus and slot now. We will support multi function PCI device, so the key should
be generated by domain, bus, slot and function.
We do not support to hot unplug multi function PCI device now. If the device is
one function of multi function PCI device, we shoul not allow to hot unplugg
it.
XenAPI session login can fail for a number of reasons, but currently no
specific
reason is displayed to the user, e.g.:
virsh -c XenAPI://citrix-xen.example.com/
Enter username for citrix-xen.example.com: root
Enter root's password for citrix-xen.example.com:
error: authentication failed: (null)
error: failed to connect to the hypervisor
This patch displays the session error description on failure.
Detected by Coverity. Commit ef21beda was incomplete; it solved
a leak one one path, but not on the other.
* daemon/libvirtd.c (qemudSetLogging): Avoid leak on success.
Coverity complained about these intentional fallthrough cases, but
not about other cases that were explicitly marked with nice comments.
For some reason, Coverity doesn't seem smart enough to parse the
up-front English comment in virsh about intentional fallthrough :)
* tools/virsh.c (cmdVolSize): Mark fallthrough in a more typical
fashion.
* src/conf/nwfilter_conf.c (virNWFilterRuleDefDetailsFormat)
(virNWFilterRuleDetailsParse): Mark explicit fallthrough.
Detected by Coverity. The beginning of the function already filtered
out NULL objectContentList as invalid. Further investigation shows:
esxVI_RetrieveProperties is generated and returns a list of objects
that match the given propertyFilterSpec.
esxVI_LookupObjectContentByType then tests whether the result
corresponds to the expected occurrence and reports an error otherwise.
This simplifies the callers of esxVI_LookupObjectContentByType, but
due to the missing dereference the check was never performed because
the code thought that at least one item was obtained. NULL represents
an empty list. This is a potential segfault fix because callers of
esxVI_LookupObjectContentByType that specified "required" occurrence
assume *objectContentList to be non-NULL when
esxVI_LookupObjectContentByType succeeds.
* src/esx/esx_vi.c (esxVI_LookupObjectContentByType): Check
correct pointer.
Detected by Coverity. The only ways to get to the cleanup label
were by an early abort (list still unassigned) or after successfully
transferring list to dest, so there is no list to clean up.
* src/secret/secret_driver.c (loadSecrets): Kill dead code.
Detected by Coverity. All existing callers happen to be in
range, so this isn't too serious.
* src/qemu/qemu_cgroup.c (qemuCgroupControllerActive): Check
bounds before dereference.
Coverity already saw through a NULL dereference without these
annotations, and gcc is still too puny to do good NULL analysis.
But clang still benefits (and is easier to run than coverity),
not to mention that adding this bit of documentation to the code
may help future developers remember the constraints.
* src/util/uuid.h (virGetHostUUID, virUUIDFormat): Document
restrictions, for improved static analysis.
Detected by Coverity. Commit a98d8f0d tried to make uuid debugging
more robust, but missed some APIs. And on the APIs that it visited,
the mere act of preparing the debug message ends up dereferencing
uuid prior to the null check. Which means the APIs which are supposed
to gracefully reject NULL arguments now end up with SIGSEGV.
* src/libvirt.c (VIR_UUID_DEBUG): New macro.
(virDomainLookupByUUID, virDomainLookupByUUIDString)
(virNetworkLookupByUUID, virNetworkLookupByUUIDString)
(virStoragePoolLookupByUUID, virStoragePoolLookupByUUIDString)
(virSecretLookupByUUID, virSecretLookupByUUIDString)
(virNWFilterLookupByUUID, virNWFilterLookupByUUIDString): Avoid
null dereference.
Detected by Coverity. cpumap was allocated with a value of
(unsigned short)*(int), which is an int computation, and then
promotes to size_t. On a 64-bit platform, this fails if bit
32 of the product is set (because of sign extension giving
a HUGE value to malloc), even though a naive programmer would
assume that since the first value is unsigned, the product
is also unsigned and at most 4GB would be allocated.
Won't bite in practice (the product should never be that large),
but worth using the right types to begin with, so that we are
now computing (unsigned short)*(size_t).
* python/libvirt-override.c (libvirt_virDomainGetVcpus): Use
correct type.
Similar in nature to commit fd21ecfd, which shut up valgrind.
sigaction is apparently a nasty interface for analyzer tools,
at least for how many false positives it generates.
* src/util/command.c (virExecWithHook): Initialize entire var, since
coverity gripes about the (unused and non-standard) sa_restorer.
Detected by Coverity. The code was doing math on shifted unsigned
char (which promotes to int), then promoting that to unsigned long
during assignment to size. On 64-bit platforms, this risks sign
extending values of size > 2GiB. Bug present since commit
489fd3 (v0.6.0).
I'm not sure if a specially-crafted bogus qcow2 image could
exploit this, although it's probably not possible, since we
were already checking for the computed results being within
range of our fixed-size buffer.
* src/util/storage_file.c (qcowXGetBackingStore): Avoid sign
extension.
Coverity 5.3.0 still outputs lots of COVERITY_* variables, but no
longer modifies COVERITY_BUILD_COMMAND in the environment. Pick
one that seems likely to stay around.
* configure.ac (STATIC_ANALYSIS): Detect newer Coverity.
