Commit Graph

11162 Commits

Author SHA1 Message Date
Peter Krempa
0018477fb2 conf: Add helper do clear disk source authentication struct
Add virDomainDiskAuthClear to help cleaning out the struct in other
places too.
2013-12-02 14:31:03 +01:00
Peter Krempa
d8cf91ae38 qemu: snapshot: Detect internal snapshots also for sheepdog and RBD
When doing an internal snapshot on a VM with sheepdog or RBD disks we
would not set a flag to mark the domain is using internal snapshots and
might end up creating a mixed snapshot. Move the setting of the variable
to avoid this problem.
2013-12-02 14:31:03 +01:00
Peter Krempa
ae361674ac conf: Add functions to copy and free network disk source definitions
To simplify operations on virDomainDiskHostDef arrays we will need deep
copy and freeing functions. Add and properly export them.
2013-12-02 14:31:03 +01:00
Peter Krempa
5a66c667ff snapshot: conf: Fix NULL dereference when <driver> element is empty
Consider the following valid snapshot XML as the <driver> element is
allowed to be empty in the domainsnapshot.rng schema:

$ cat snap.xml
<domainsnapshot>
  <disks>
    <disk name='vda' snapshot='external'>
      <source file='/tmp/foo'/>
      <driver/>
    </disk>
  </disks>
</domainsnapshot>

produces the following error:

$ virsh snapshot-create domain snap.xml
error: internal error: unknown disk snapshot driver '(null)'

The driver type is parsed as NULL from the XML as the attribute is not
present and then directly used to produce the error message.

With this patch the attempt to parse the driver type is skipped if not
present to avoid changing the schema to forbid the empty driver element.
2013-12-02 14:31:02 +01:00
Peter Krempa
43f2ccdc73 snapshot: conf: Use common parsing and formatting functions for source
Disk source elements for snapshots were using separate code from our
config parser. As snapshots can be stored on more than just regular
files, we will need the universal parser to allow us to expose a variety
of snapshot disk targets. This patch reuses the config parsers and
formatters to do the job.

This initial support only changes the code without any visible XML
change.
2013-12-02 14:28:20 +01:00
Peter Krempa
5f86d11e4a conf: Export disk source formatter and parser
This code will be reused in the snapshot disk definition parser.
2013-12-02 14:02:27 +01:00
Peter Krempa
30f7ca67d9 conf: Split out seclabel formating code for disk source
The code is common for all the various disk types. Split it out to a
common function.
2013-12-02 14:02:27 +01:00
Peter Krempa
03ad83cb5a conf: Clean up virDomainDiskSourceDefFormatInternal
Avoid if statements when used with virBufferEscapeString which
automaticaly omits the whole string. Also add some line breaks to
visualy separate the code.
2013-12-02 14:02:27 +01:00
Peter Krempa
d6b4c2cca9 conf: Support disk source formatting without needing a virDomainDiskDefPtr
The <source> element formatting function was expecting a
virDomainDiskDefPtr to store the data. As snapshots are not using this
data structure to hold the data, we need to add an internal function
which splits out individual fields separately.
2013-12-02 14:02:26 +01:00
Ryota Ozaki
1ed7e014dd vbox: handle errors of virDomainHostdevDefAlloc correctly
The original code ignored errors of virDomainHostdevDefAlloc,
however, we should properly do error return from the function
if it occurs.

The fix pulls out virDomainHostdevDefAlloc from the loop and
executes it all together before the loop. So we can easily
return on errors without the notion of other memory allocations
in the loop.

The deallocation code is separated from the allocation code
because it will be used by a further patch for fixing other error
handlings.

Reported-by: Laine Stump <laine@laine.org>
Signed-off-by: Ryota Ozaki <ozaki.ryota@gmail.com>
2013-12-02 10:59:21 +08:00
Ryota Ozaki
82b5dd23f3 vbox: fix incorrect loop condition in vboxHostDeviceGetXMLDesc
The fixed loop used logical OR to combine two conditions, however,
it is apparently incorrect and logical AND is correct.

We can fix it by replacing OR with AND, but this patch instead
fixes the problem by getting rid of the first conditional
statement: USBFilterCount < def->nhostdevs. It isn't needed
because USBFilterCount will never be greater than or equal to
def->nhostdevs.

def->nhostdevs is calculated in the following code
above the loop in question like this:

    for (i = 0; i < deviceFilters.count; i++) {
        PRBool active = PR_FALSE;
        IUSBDeviceFilter *deviceFilter = deviceFilters.items[i];

        deviceFilter->vtbl->GetActive(deviceFilter, &active);
        if (active) {
            def->nhostdevs++;
        }
    }

And the loop is constructed as like this:

    for (i = 0; (USBFilterCount < def->nhostdevs) || (i < deviceFilters.count); i++) {
        PRBool active                  = PR_FALSE;
(snip)
        deviceFilter->vtbl->GetActive(deviceFilter, &active);
        if (!active)
            continue;
(snip)
        USBFilterCount++;
    }

So def->nhostdevs is the number of active device filters and
USBFilterCount is counted up only when a device filter is active.
Thus, we can remove USBFilterCount < def->nhostdevs safely.

Reported-by: Laine Stump <laine@laine.org>
Signed-off-by: Ryota Ozaki <ozaki.ryota@gmail.com>
2013-12-02 10:57:14 +08:00
Nehal J Wani
6c874c01a0 Fix memory leak in virNWFilterDefParseXML()
While running nwfilterxml2xmltest, it was found that valgrind pointed out the
following error...

==7466== 16 bytes in 1 blocks are definitely lost in loss record 26 of 90
==7466==    at 0x4A06B6F: calloc (vg_replace_malloc.c:593)
    ==7466==    by 0x4C651AD: virAlloc (viralloc.c:142)
    ==7466==    by 0x4D0450D: virNWFilterDefParseNode (nwfilter_conf.c:2575)
    ==7466==    by 0x4D05D84: virNWFilterDefParse (nwfilter_conf.c:2647)
    ==7466==    by 0x401FDE: testCompareXMLToXMLHelper (nwfilterxml2xmltest.c:39)
    ==7466==    by 0x402DE1: virtTestRun (testutils.c:138)
    ==7466==    by 0x4018E9: mymain (nwfilterxml2xmltest.c:111)
    ==7466==    by 0x403482: virtTestMain (testutils.c:593)
    ==7466==    by 0x341F421A04: (below main) (libc-start.c:225)

...21 times, which are related to 21 tests in nwfilterxml2xmltest.c which sent
EXPECT_WARN = false. There were two scenarios in virNWFilterDefParseXML(),
when the variable 'entry' was malloc'ed, but not freed.
2013-12-02 10:39:44 +08:00
Nehal J Wani
2cfcd2ccd0 Fix memory leak in virDomainDefParseXML()
This patch fixes the memory leaks found while running qemuxml2argvtest

==8260== 3 bytes in 1 blocks are definitely lost in loss record 1 of
129
==8260==    at 0x4A0887C: malloc (vg_replace_malloc.c:270)
==8260==    by 0x341F485E21: strdup (strdup.c:42)
==8260==    by 0x4CADCFF: virStrdup (virstring.c:554)
==8260==    by 0x4CBB839: virXPathString (virxml.c:90)
==8260==    by 0x4CE753A: virDomainDefParseXML (domain_conf.c:11478)
==8260==    by 0x4CEB4FE: virDomainDefParseNode (domain_conf.c:12742)
==8260==    by 0x4CEB675: virDomainDefParse (domain_conf.c:12684)
==8260==    by 0x425958: testCompareXMLToArgvHelper (qemuxml2argvtest.c:107)
==8260==    by 0x427111: virtTestRun (testutils.c:138)
==8260==    by 0x41D3FE: mymain (qemuxml2argvtest.c:452)
==8260==    by 0x4277B2: virtTestMain (testutils.c:593)
==8260==    by 0x341F421A04: (below main) (libc-start.c:225)
==8260==
==8260== 4 bytes in 1 blocks are definitely lost in loss record 5 of
129
==8260==    at 0x4A0887C: malloc (vg_replace_malloc.c:270)
==8260==    by 0x341F485E21: strdup (strdup.c:42)
==8260==    by 0x4CADCFF: virStrdup (virstring.c:554)
==8260==    by 0x4CBB839: virXPathString (virxml.c:90)
==8260==    by 0x4CE753A: virDomainDefParseXML (domain_conf.c:11478)
==8260==    by 0x4CEB4FE: virDomainDefParseNode (domain_conf.c:12742)
==8260==    by 0x4CEB675: virDomainDefParse (domain_conf.c:12684)
==8260==    by 0x425958: testCompareXMLToArgvHelper (qemuxml2argvtest.c:107)
==8260==    by 0x427111: virtTestRun (testutils.c:138)
==8260==    by 0x41D39A: mymain (qemuxml2argvtest.c:451)
==8260==    by 0x4277B2: virtTestMain (testutils.c:593)
==8260==    by 0x341F421A04: (below main) (libc-start.c:225)
==8260==
2013-12-02 10:34:52 +08:00
Daniel P. Berrange
262157f651 LXC: Ensure security context is set when mounting images
When setting up filesystems backed by block devices or file
images, the SELinux mount options must be used to ensure the
correct context is set

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-11-29 12:19:37 +00:00
Laine Stump
54f9492353 network: properly update iptables rules during net-update
This patch resolves:

  https://bugzilla.redhat.com/show_bug.cgi?id=1035336

The basic problem is that during a network update, the required
iptables rules sometimes change, and this was being handled by simply
removing and re-adding the rules. However, the removal of the old
rules was done based on the *new* state of the network, which would
mean that some of the rules would not match those currently in the
system, so the old rules wouldn't be removed.

This patch removes the old rules prior to updating the network
definition then adds the new rules as soon as the definition is
updated. Note that this could lead to a stray packet or two during the
interim, but that was already a problem before (the period of limbo is
now just slightly longer).

While moving the location for the rules, I added a few more sections
that should result in the iptables rules being redone:

DHCP_RANGE and DHCP_HOST - these are needed because adding/removing a dhcp
host entry could lead to the dhcp service being started/stopped, which
would require that the mangle rule that fixes up dhcp response
checksums sould need to be added/removed, and this wasn't being done.
2013-11-28 16:55:20 +02:00
Daniel P. Berrange
84fd470d3d Fix bug in identifying sub-mounts
The code for extracting sub-mounts would just do a STRPREFIX
check on the mount. This was flawed because if there were
the following mounts

 /etc/aliases
 /etc/aliases.db

and '/etc/aliases' was asked for, it would return both even
though the latter isn't a sub-mount.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-11-28 11:49:01 +00:00
Daniel P. Berrange
d45b833d14 Pull lxcContainerGetSubtree out into shared virfile module
Move the code for lxcContainerGetSubtree into the virfile
module creating 2 new functions

  int virFileGetMountSubtree(const char *mtabpath,
                             const char *prefix,
                             char ***mountsret,
                             size_t *nmountsret);
  int virFileGetMountReverseSubtree(const char *mtabpath,
                                    const char *prefix,
                                    char ***mountsret,
                                    size_t *nmountsret);

Add a new virfiletest.c test case to validate the new code.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-11-28 11:49:01 +00:00
Daniel P. Berrange
c60a2713d6 Introduce standard methods for sorting strings with qsort
Add virStringSortCompare and virStringSortRevCompare as
standard functions to use with qsort.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-11-28 11:29:46 +00:00
Peter Krempa
69d20452ce conf: Export virStorageVolType enum helper functions
Export string conversion from and to the virStorageVolType enum.
2013-11-27 15:17:21 +01:00
Eric Blake
c8b8b50c3b storage: skip selinux cleanup when fd not available
When attempting to backport gluster pools to an older versoin
where there is no VIR_STRDUP, I got a crash from calling
strdup(,NULL). Rather than relying on the current else branch
safely doing nothing when there is no fd, it is easier to just
skip it. While at it, there's no need to explicitly set
perms.label to NULL after a VIR_FREE().

* src/storage/storage_backend.c
(virStorageBackendUpdateVolTargetInfoFD): Minor optimization.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-27 06:08:28 -07:00
Bing Bu Cao
8e043864ec qemu: preserve netdev MAC address during 'domxml-to-native'
The virsh command 'domxml-to-native' (virConnectDomainXMLToNative())
converts all network devices to "type='ethernet'" in order to make it
more likely that the generated command could be run directly from a
shell (other libvirt network device types end up referencing file
descriptors for tap devices assumed to have been created by libvirt,
which can't be done in this case).

During this conversion, all of the netdev parameters are cleared out,
then specific items are filled in after changing the type. The MAC
address was not one of these preserved items, and the result was that
mac addresses in the generated commandlines were always
00:00:00:00:00:00.

This patch saves the mac address before the conversion, then
repopulates it afterwards, so the proper mac addresses show up in the
commandline.

Signed-off-by: Bing Bu Cao <mars@linux.vnet.ibm.com>
Signed-off-by: Laine Stump <laine@laine.org>
2013-11-27 14:20:18 +02:00
Eric Blake
655ea8dc02 storage: don't read storage volumes in nonblock mode
Commit 348b4e2 introduced a potential problem (thankfully not
in any release): we are attempting to use virFileReadHeaderFD()
on a file that was opened with O_NONBLOCK.  While this
shouldn't be a problem in practice (because O_NONBLOCK
typically doesn't affect regular or block files, and fifos and
sockets cannot be storage volumes), it's better to play it safe
to avoid races from opening an unexpected file type while also
avoiding problems with having to handle EAGAIN while read()ing.

Based on a report by Dan Berrange.

* src/storage/storage_backend.c
(virStorageBackendVolOpenCheckMode): Fix up fd after avoiding race.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-26 13:43:44 -07:00
Gao feng
f575fda748 LXC: don't unmount mounts for shared root
Also after commit 5ff9d8a65ce80efb509ce4e8051394e9ed2cd942
vfs: Lock in place mounts from more privileged users,

unprivileged user has no rights to umount the mounts that
inherited from parent mountns.

right now, I have no good idea to fix this problem, we need
to do more research. this patch just skip unmounting these
mounts for shared root.

BTW, I think when libvirt lxc enables user namespace, the
configuation that shares root with host is very rara.

Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
2013-11-26 15:55:47 +00:00
Gao feng
46f2d16f07 LXC: fix the problem that libvirt lxc fail to start on latest kernel
After kernel commit 5ff9d8a65ce80efb509ce4e8051394e9ed2cd942
vfs: Lock in place mounts from more privileged users,

unprivileged user has no rights to move the mounts that
inherited from parent mountns. we use this feature to move
the /stateDir/domain-name.{dev, devpts} to the /dev/ and
/dev/pts directroy of container. this commit breaks libvirt lxc.

this patch changes the behavior to bind these mounts when
user namespace is enabled and move these mounts when user
namespace is disabled.

Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
2013-11-26 12:22:25 +00:00
Christophe Fergeau
78e9096865 sasl: Replace 'restep' label with 'continue'
Since the label is at the beginning of the loop, this has the same effect.
2013-11-26 11:52:58 +01:00
Christophe Fergeau
0955025b9c sasl: Fix authentication when using PLAIN mechanism
With some authentication mechanism (PLAIN for example), sasl_client_start()
can return SASL_OK, which translates to virNetSASLSessionClientStart()
returning VIR_NET_SASL_COMPLETE.
cyrus-sasl documentation is a bit vague as to what to do in such situation,
but upstream clarified this a bit in
http://asg.andrew.cmu.edu/archive/message.php?mailbox=archive.cyrus-sasl&msg=10104

When we got VIR_NET_SASL_COMPLETE after virNetSASLSessionClientStart() and
if the remote also tells us that authentication is complete, then we should
end the authentication procedure rather than forcing a call to
virNetSASLSessionClientStep(). Without this patch, when trying to use SASL
PLAIN, I get:
error :authentication failed : Failed to step SASL negotiation: -1
(SASL(-1): generic failure: Unable to find a callback: 32775)

This patch is based on a spice-gtk patch by Dietmar Maurer.
2013-11-26 11:52:58 +01:00
Christophe Fergeau
986900a5af Fix invalid read in virNetSASLSessionClientStep debug log
virNetSASLSessionClientStep logs the data that is going to be passed to
sasl_client_step as input data. However, it tries to log it as a string,
while there is no guarantee that this data is going to be nul-terminated.
This leads to this valgrind log:

==20938== Invalid read of size 1
==20938==    at 0x8BDB08F: vfprintf (vfprintf.c:1635)
==20938==    by 0x8C06DF2: vasprintf (vasprintf.c:62)
==20938==    by 0x4CCEDF9: virVasprintfInternal (virstring.c:337)
==20938==    by 0x4CA9516: virLogVMessage (virlog.c:842)
==20938==    by 0x4CA939A: virLogMessage (virlog.c:778)
==20938==    by 0x4E21E0D: virNetSASLSessionClientStep (virnetsaslcontext.c:458)
==20938==    by 0x4DE47B8: remoteAuthSASL (remote_driver.c:4136)
==20938==    by 0x4DE33AE: remoteAuthenticate (remote_driver.c:3635)
==20938==    by 0x4DDBFAA: doRemoteOpen (remote_driver.c:832)
==20938==    by 0x4DDC8BA: remoteConnectOpen (remote_driver.c:1027)
==20938==    by 0x4D8595F: do_open (libvirt.c:1239)
==20938==    by 0x4D863F3: virConnectOpenAuth (libvirt.c:1481)
==20938==    by 0x12762B: vshReconnect (virsh.c:337)
==20938==    by 0x12C9B0: vshInit (virsh.c:2470)
==20938==    by 0x12E9A5: main (virsh.c:3338)
==20938==  Address 0xe329ccd is 0 bytes after a block of size 141 alloc'd
==20938==    at 0x4A081D4: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==20938==    by 0x8CB91B4: xdr_array (xdr_array.c:94)
==20938==    by 0x4E039C2: xdr_remote_auth_sasl_start_ret (remote_protocol.c:3134)
==20938==    by 0x4E1F8AA: virNetMessageDecodePayload (virnetmessage.c:405)
==20938==    by 0x4E119F5: virNetClientProgramCall (virnetclientprogram.c:377)
==20938==    by 0x4DF8141: callFull (remote_driver.c:5794)
==20938==    by 0x4DF821A: call (remote_driver.c:5816)
==20938==    by 0x4DE46CF: remoteAuthSASL (remote_driver.c:4112)
==20938==    by 0x4DE33AE: remoteAuthenticate (remote_driver.c:3635)
==20938==    by 0x4DDBFAA: doRemoteOpen (remote_driver.c:832)
==20938==    by 0x4DDC8BA: remoteConnectOpen (remote_driver.c:1027)
==20938==    by 0x4D8595F: do_open (libvirt.c:1239)
==20938==    by 0x4D863F3: virConnectOpenAuth (libvirt.c:1481)
==20938==    by 0x12762B: vshReconnect (virsh.c:337)
==20938==    by 0x12C9B0: vshInit (virsh.c:2470)
==20938==    by 0x12E9A5: main (virsh.c:3338)
2013-11-26 11:52:58 +01:00
Christophe Fergeau
13fdc6d63e Tie SASL callbacks lifecycle to virNetSessionSASLContext
The array of sasl_callback_t callbacks which is passed to sasl_client_new()
must be kept alive as long as the created sasl_conn_t object is alive as
cyrus-sasl uses this structure internally for things like logging, so
the memory used for callbacks must only be freed after sasl_dispose() has
been called.

During testing of successful SASL logins with
virsh -c qemu+tls:///system list --all
I've been getting invalid read reports from valgrind

==9237== Invalid read of size 8
==9237==    at 0x6E93B6F: _sasl_getcallback (common.c:1745)
==9237==    by 0x6E95430: _sasl_log (common.c:1850)
==9237==    by 0x16593D87: digestmd5_client_mech_dispose (digestmd5.c:4580)
==9237==    by 0x6E91653: client_dispose (client.c:332)
==9237==    by 0x6E9476A: sasl_dispose (common.c:851)
==9237==    by 0x4E225A1: virNetSASLSessionDispose (virnetsaslcontext.c:678)
==9237==    by 0x4CBC551: virObjectUnref (virobject.c:262)
==9237==    by 0x4E254D1: virNetSocketDispose (virnetsocket.c:1042)
==9237==    by 0x4CBC551: virObjectUnref (virobject.c:262)
==9237==    by 0x4E2701C: virNetSocketEventFree (virnetsocket.c:1794)
==9237==    by 0x4C965D3: virEventPollCleanupHandles (vireventpoll.c:583)
==9237==    by 0x4C96987: virEventPollRunOnce (vireventpoll.c:652)
==9237==    by 0x4C94730: virEventRunDefaultImpl (virevent.c:274)
==9237==    by 0x12C7BA: vshEventLoop (virsh.c:2407)
==9237==    by 0x4CD3D04: virThreadHelper (virthreadpthread.c:161)
==9237==    by 0x7DAEF32: start_thread (pthread_create.c:309)
==9237==    by 0x8C86EAC: clone (clone.S:111)
==9237==  Address 0xe2d61b0 is 0 bytes inside a block of size 168 free'd
==9237==    at 0x4A07577: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==9237==    by 0x4C73827: virFree (viralloc.c:580)
==9237==    by 0x4DE4BC7: remoteAuthSASL (remote_driver.c:4219)
==9237==    by 0x4DE33D0: remoteAuthenticate (remote_driver.c:3639)
==9237==    by 0x4DDBFAA: doRemoteOpen (remote_driver.c:832)
==9237==    by 0x4DDC8DC: remoteConnectOpen (remote_driver.c:1031)
==9237==    by 0x4D8595F: do_open (libvirt.c:1239)
==9237==    by 0x4D863F3: virConnectOpenAuth (libvirt.c:1481)
==9237==    by 0x12762B: vshReconnect (virsh.c:337)
==9237==    by 0x12C9B0: vshInit (virsh.c:2470)
==9237==    by 0x12E9A5: main (virsh.c:3338)

This commit changes virNetSASLSessionNewClient() to take ownership of the SASL
callbacks. Then we can free them in virNetSASLSessionDispose() after the corresponding
sasl_conn_t has been freed.
2013-11-26 11:52:58 +01:00
Christophe Fergeau
c7cdc9b01c remote: Don't leak priv->tls object on connection failure
When testing SASL authentication over TLS with
virsh -c qemu+tls:///system list --all
I got this valgrind trace after entering wrong credentials:

==30540== 26,903 (88 direct, 26,815 indirect) bytes in 1 blocks are definitely lost in loss record 289 of 293
==30540==    at 0x4A081D4: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==30540==    by 0x4C7379A: virAllocVar (viralloc.c:558)
==30540==    by 0x4CBC178: virObjectNew (virobject.c:190)
==30540==    by 0x4CBC329: virObjectLockableNew (virobject.c:216)
==30540==    by 0x4E2D003: virNetTLSContextNew (virnettlscontext.c:719)
==30540==    by 0x4E2DC3F: virNetTLSContextNewPath (virnettlscontext.c:930)
==30540==    by 0x4E2DD5B: virNetTLSContextNewClientPath (virnettlscontext.c:957)
==30540==    by 0x4DDB618: doRemoteOpen (remote_driver.c:627)
==30540==    by 0x4DDC8BA: remoteConnectOpen (remote_driver.c:1031)
==30540==    by 0x4D8595F: do_open (libvirt.c:1239)
==30540==    by 0x4D863F3: virConnectOpenAuth (libvirt.c:1481)
==30540==    by 0x12762B: vshReconnect (virsh.c:337)
==30540==    by 0x12C9B0: vshInit (virsh.c:2470)
==30540==    by 0x12E9A5: main (virsh.c:3338)
2013-11-26 11:52:58 +01:00
Yuri Chornoivan
73a03e3063 Fix three minor typos 2013-11-26 18:37:09 +08:00
Eric Blake
053f45f8f6 storage: fix typo in previous patch
You'd think I'd learn to actually COMMIT my working tree
between testing that a last-minute fix compiles and pushing.

* src/storage/storage_backend_gluster.c
(virStorageBackendGlusterRefreshVol): Typo fix.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-25 14:45:46 -07:00
Eric Blake
14daa81280 storage: probe qcow2 volumes in gluster pool
Putting together pieces from previous patches, it is now possible
for 'virsh vol-dumpxml --pool gluster volname' to report metadata
about a qcow2 file stored on gluster.  The backing file is still
treated as raw; to fix that, more patches are needed to make the
storage backing chain analysis recursive rather than halting at
a network protocol name, but that work will not need any further
calls into libgfapi so much as just reusing this code, and that
should be the only code outside of the storage driver that needs
any help from libgfapi.  Any additional use of libgfapi within
libvirt should only be needed for implementing storage pool APIs
such as volume creation or resizing, where backing chain analysis
should be unaffected.

* src/storage/storage_backend_gluster.c
(virStorageBackendGlusterReadHeader): New helper function.
(virStorageBackendGlusterRefreshVol): Probe non-raw files.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-25 13:48:23 -07:00
Eric Blake
79eb21f976 storage: improve handling of symlinks in gluster
With this patch, dangling and looping symlinks are silently
ignored, while links to files and directories are treated the
same as the underlying file or directory.  This is the same
behavior as both 'directory' and 'netfs' pools.

* src/storage/storage_backend_gluster.c
(virStorageBackendGlusterRefreshVol): Treat symlinks similar to
directory and netfs pools.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-25 12:51:33 -07:00
Eric Blake
13e738cc0a storage: improve allocation stats reported on gluster files
We already had code for handling allocation different than
capacity for sparse files; we just had to wire it up to be
used when inspecting gluster images.

* src/storage/storage_backend.c
(virStorageBackendUpdateVolTargetInfoFD): Handle no fd.
* src/storage/storage_backend_gluster.c
(virStorageBackendGlusterRefreshVol): Handle sparse files.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-25 12:50:02 -07:00
Eric Blake
1458b2e963 storage: improve directory support in gluster pool
Take advantage of the previous patch's addition of 'netdir' as
a distinct volume type, to expose rather than silently skip
directories embedded in a gluster pool.  Also serves as an XML
validation for the previous patch.

* src/storage/storage_backend_gluster.c
(virStorageBackendGlusterRefreshVol): Don't skip directories.
* tests/storagevolxml2xmltest.c (mymain): Add test.
* tests/storagevolxml2xmlin/vol-gluster-dir.xml: New file.
* tests/storagevolxml2xmlout/vol-gluster-dir.xml: Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-25 12:46:19 -07:00
Eric Blake
ecd881b7a7 storage: add network-dir as new storage volume type
In the 'directory' and 'netfs' storage pools, a user can see
both 'file' and 'dir' storage volume types, to know when they
can descend into a subdirectory.  But in a network-based storage
pool, such as the upcoming 'gluster' pool, we use 'network'
instead of 'file', and did not have any counterpart for a
directory until this patch.  Adding a new volume type
'network-dir' is better than reusing 'dir', because it makes
it clear that the only way to access 'network' volumes within
that container is through the network mounting (leaving 'dir'
for something accessible in the local file system).

* include/libvirt/libvirt.h.in (virStorageVolType): Expand enum.
* docs/formatstorage.html.in: Document it.
* docs/schemasa/storagevol.rng (vol): Allow new value.
* src/conf/storage_conf.c (virStorageVol): Use new value.
* src/qemu/qemu_command.c (qemuBuildVolumeString): Fix client.
* src/qemu/qemu_conf.c (qemuTranslateDiskSourcePool): Likewise.
* tools/virsh-volume.c (vshVolumeTypeToString): Likewise.
* src/storage/storage_backend_fs.c
(virStorageBackendFileSystemVolDelete): Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-25 12:29:49 -07:00
Eric Blake
efee1af54a storage: implement rudimentary glusterfs pool refresh
Actually put gfapi to use, by allowing the creation of a gluster
pool.  Right now, all volumes are treated as raw and directories
are skipped; further patches will allow peering into files to
allow for qcow2 files and backing chains, and reporting proper
volume allocation.  This implementation was tested against Fedora
19's glusterfs 3.4.1; it might be made simpler by requiring a
higher minimum, and/or require more hacks to work with a lower
minimum.

* src/storage/storage_backend_gluster.c
(virStorageBackendGlusterRefreshPool): Initial implementation.
(virStorageBackendGlusterOpen, virStorageBackendGlusterClose)
(virStorageBackendGlusterRefreshVol): New helper functions.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-25 11:56:51 -07:00
Eric Blake
318ea3cb77 storage: initial support for linking with libgfapi
We support gluster volumes in domain XML, so we also ought to
support them as a storage pool.  Besides, a future patch will
want to take advantage of libgfapi to handle the case of a
gluster device holding qcow2 rather than raw storage, and for
that to work, we need a storage backend that can read gluster
storage volume contents.  This sets up the framework.

Note that the new pool is named 'gluster' to match a
<disk type='network'><source protocol='gluster'> image source
already supported in a <domain>; it does NOT match the
<pool type='netfs'><source><target type='glusterfs'>,
since that uses a FUSE mount to a local file name rather than
a network name.

This and subsequent patches have been tested against glusterfs
3.4.1 (available on Fedora 19); there are likely bugs in older
versions that may prevent decent use of gfapi, so this patch
enforces the minimum version tested.  A future patch may lower
the minimum.  On the other hand, I hit at least two bugs in
3.4.1 that will be fixed in 3.5/3.4.2, where it might be worth
raising the minimum: glfs_readdir is nicer to use than
glfs_readdir_r [1], and glfs_fini should only return failure on
an actual failure [2].

[1] http://lists.gnu.org/archive/html/gluster-devel/2013-10/msg00085.html
[2] http://lists.gnu.org/archive/html/gluster-devel/2013-10/msg00086.html

* configure.ac (WITH_STORAGE_GLUSTER): New conditional.
* m4/virt-gluster.m4: new file.
* libvirt.spec.in (BuildRequires): Support gluster in spec file.
* src/conf/storage_conf.h (VIR_STORAGE_POOL_GLUSTER): New pool
type.
* src/conf/storage_conf.c (poolTypeInfo): Treat similar to
sheepdog and rbd.
(virStoragePoolDefFormat): Don't output target for gluster.
* src/storage/storage_backend_gluster.h: New file.
* src/storage/storage_backend_gluster.c: Likewise.
* po/POTFILES.in: Add new file.
* src/storage/storage_backend.c (backends): Register new type.
* src/Makefile.am (STORAGE_DRIVER_GLUSTER_SOURCES): Build new files.
* src/storage/storage_backend.h (_virStorageBackend): Documet
assumption.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-25 11:02:52 -07:00
Eric Blake
1b5c8d4cbc storage: expose volume meta-type in XML
I got annoyed at having to use both 'virsh vol-list $pool --details'
AND 'virsh vol-dumpxml $vol $pool' to learn if I had populated
the volume correctly.  Since two-thirds of the data present in
virStorageVolGetInfo() already appears in virStorageVolGetXMLDesc(),
this just adds the remaining piece of information, as:

<volume type='...'>
  ...
</volume>

* docs/formatstorage.html.in: Document new <volume type=...>.
* docs/schemas/storagevol.rng (vol): Add it to RelaxNG.
* src/conf/storage_conf.h (virStorageVolTypeToString): Declare.
* src/conf/storage_conf.c (virStorageVolTargetDefFormat): Output
the metatype.
(virStorageVolDefParseXML): Parse it, for unit tests.
* tests/storagevolxml2xmlout/vol-*.xml: Update tests to match.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-25 10:55:19 -07:00
Shivaprasad G Bhat
ec1c34498b virsh domxml-from-native to treat SCSI as the bus type for pseries by default
The bus type IDE being enum Zero, the bus type on pseries system appears as IDE for all the -hda/-cdrom and for disk drives with if="none" type. Pseries platform needs this to appear as SCSI instead of IDE. The ide being not supported, the explicit requests for ide devices will return an error.

Signed-off-by: Shivaprasad G Bhat <sbhat@linux.vnet.ibm.com>
2013-11-25 10:44:46 -05:00
Eric Blake
d68f16447d maint: next release is 1.2.0
I didn't find any other instances with:
git grep '1\.1\.5'

* src/test/test_driver.c (testDriver): Tweak version info.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-25 07:31:08 -07:00
Ryota Ozaki
c677ee8529 vbox: add support for 4.3 APIs
Makefile.am, vbox_V4_3.c and vbox_driver.c do regular
modifitions to support a new version of APIs.

vbox_tmpl.c basically fixes incompatibilities since 4.2.

The affected incompatibilities of 4.3 are:
* IMachine::Delete() has been renamed to IMachine::deleteConfig()
* IMedium::CreateBaseStorage() now accepts multiple variant values
* IDisplay::GetScreenResolution() now returns the display position
  in the guest
* IMachine now has multiple IUSBControllers and IUSBDeviceFilters
  handles USB device filters instead of (obsolete) IUSBController

This patch is tested on Mac OS X 10.8.5 and Fedora 19.

Signed-off-by: Ryota Ozaki <ozaki.ryota@gmail.com>
2013-11-25 13:25:37 +02:00
Ryota Ozaki
f6a5fba2dc vbox: import vbox_CAPI_v4_3.h from SDK
vbox_CAPI_v4_3.h is almost same as
sdk/bindings/xpcom/include/VBoxCAPI_v4_3.h of
http://download.virtualbox.org/virtualbox/4.3.2/VirtualBoxSDK-4.3.2-90405.zip,
but modified to fix preprocessor indentations by using cppi.

Signed-off-by: Ryota Ozaki <ozaki.ryota@gmail.com>
2013-11-25 13:25:12 +02:00
Ryota Ozaki
0518502109 vbox: pull vboxHostDeviceGetXMLDesc out from vboxDomainGetXMLDesc
The USB-related code in vboxDomainGetXMLDesc is deeply nested and
difficult to add new code. So flatten it. To do so, the code is
pulled out from vboxDomainGetXMLDesc to make the function short
and to leaverage early return and goto for error handling.

Signed-off-by: Ryota Ozaki <ozaki.ryota@gmail.com>
2013-11-25 13:03:35 +02:00
Ryota Ozaki
1868b4574e vbox: cleanup vboxAttachUSB
This cleanup flattens deeply nested code.

Signed-off-by: Ryota Ozaki <ozaki.ryota@gmail.com>
2013-11-25 13:03:35 +02:00
Chen Hanxiao
55d1285ef4 lxc: don't do duplicate work when getting pagesize
Don't do duplicate work when getting pagesize.

Signed-off-by: Chen Hanxiao <chenhanxiao@cn.fujitsu.com>
2013-11-25 10:52:50 +01:00
Ján Tomko
9846402116 Don't start a nested job in qemuMigrationPrepareAny
This nested job is canceled by the first ExitMonitor call (even though
it was not created by the corresponding EnterMonitor call), and
again in qemuMigrationPrepareAny if qemuProcessStart failed.
This can lead to a crash if the vm object was disposed of before calling
qemuDomainRemoveInactive:
0  ..62bc in virClassIsDerivedFrom (klass=0xdeadbeef,
   parent=0x7ffce4cdd270) at util/virobject.c:166
1 ..6666 in virObjectIsClass at util/virobject.c:362
2 ..66b4 in virObjectLock at util/virobject.c:314
3 ..477e in virDomainObjListRemove at conf/domain_conf.c:2359
4 ..7a64 in qemuDomainRemoveInactive at qemu/qemu_domain.c:2087
5 ..956c in qemuMigrationPrepareAny at qemu/qemu_migration.c:2469

This was added by commit e4e2822, exposed by 5a4c237 and c7ac251.

https://bugzilla.redhat.com/show_bug.cgi?id=1018267
2013-11-22 16:22:31 +01:00
Michal Privoznik
cc38d68dc1 virDomainReboot: Document that migration might be unsafe
https://bugzilla.redhat.com/show_bug.cgi?id=744967

If a domain is rebooting and a migrate API is called meanwhile we would
have to transfer the fakeReboot attribute to the destination in order to
prevent domain doing plain shutdown over there. We shouldn't try to do
anything clever about it other than documenting this as a known
limitation.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-11-22 08:17:30 +01:00
Eric Blake
6cc4d6a3fe storage: use valid XML for awkward volume names
$ touch /var/lib/libvirt/images/'a<b>c'
$ virsh pool-refresh default
$ virsh vol-dumpxml 'a<b>c' default | head -n2
<volume>
  <name>a<b>c</name>

Oops.  That's not valid XML.  And when we fix the XML
generation, it fails RelaxNG validation.

I'm also tired of seeing <key>(null)</key> in the example
output for volume xml; while we used NULLSTR() to avoid
a NULL deref rather than relying on glibc's printf
extension behavior, it's even better if we avoid the issue
in the first place.  But this requires being careful that
we don't invalidate any storage backends that were relying
on key being unassigned during virStoragVolCreateXML[From].

I would have split this into two patches (one for escaping,
one for avoiding <key>(null)</key>), but since they both
end up touching a lot of the same test files, I ended up
merging it into one.

Note that this patch allows pretty much any volume name
that can appear in a directory (excluding . and .. because
those are special), but does nothing to change the current
(unenforced) RelaxNG claim that pool names will consist
only of letters, numbers, _, -, and +.  Tightening the C
code to match RelaxNG patterns and/or relaxing the grammar
to match the C code for pool names is a task for another
day (but remember, we DID recently tighten C code for
domain names to exclude a leading '.').

* src/conf/storage_conf.c (virStoragePoolSourceFormat)
(virStoragePoolDefFormat, virStorageVolTargetDefFormat)
(virStorageVolDefFormat): Escape user-controlled strings.
(virStorageVolDefParseXML): Parse key, for use in unit tests.
* src/storage/storage_driver.c (storageVolCreateXML)
(storageVolCreateXMLFrom): Ensure parsed key doesn't confuse
volume creation.
* docs/schemas/basictypes.rng (volName): Relax definition.
* tests/storagepoolxml2xmltest.c (mymain): Test it.
* tests/storagevolxml2xmltest.c (mymain): Likewise.
* tests/storagepoolxml2xmlin/pool-dir-naming.xml: New file.
* tests/storagepoolxml2xmlout/pool-dir-naming.xml: Likewise.
* tests/storagevolxml2xmlin/vol-file-naming.xml: Likewise.
* tests/storagevolxml2xmlout/vol-file-naming.xml: Likewise.
* tests/storagevolxml2xmlout/vol-*.xml: Fix fallout.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-21 17:29:47 -07:00
Wangyufei (A)
09f2395217 docs: delete extra character
delete extra character 'p' from the comment of virInterfaceCreate

Signed-off-by: Wang Yufei <james.wangyufei@huawei.com>
2013-11-21 11:53:59 +01:00
Eric Farman
881eb78064 qemu: Auto-generate controller for hotplugged hostdev
If a SCSI hostdev is included in an initial domain XML, without a
corresponding controller statement, one is created silently when the
guest is booted.

When hotplugging a SCSI hostdev, a presumption is that the controller
is already present in the domain either from the original XML, or via
an earlier hotplug.

  [root@xxxxxxxx ~]# cat disk.xml
  <hostdev mode='subsystem' type='scsi'>
    <source>
      <adapter name='scsi_host0'/>
      <address bus='0' target='3' unit='1088438288'/>
    </source>
  </hostdev>
  [root@xxxxxxxx ~]# virsh attach-device guest01 disk.xml
  error: Failed to attach device from disk.xml
  error: internal error: unable to execute QEMU command 'device_add': Bus 'scsi0.0' not found

Since the infrastructure is in place, we can also create a controller
silently for use by the hotplugged hostdev device.

Signed-off-by: Eric Farman <farman@linux.vnet.ibm.com>
2013-11-21 10:38:57 +01:00
Eric Farman
6f22f95f77 qemu: Separate calls based on controller bus type
For systems without a PCI bus, attaching a SCSI controller fails:

  [root@xxxxxxxx ~]# cat controller.xml
  <controller type='scsi' model='virtio-scsi' index='0' />
  [root@xxxxxxxx ~]# virsh attach-device guest01 controller.xml
  error: Failed to attach device from controller.xml
  error: XML error: No PCI buses available

A similar problem occurs with the detach of a controller:

  [root@xxxxxxxx ~]# virsh detach-device guest01 controller.xml
  error: Failed to detach device from controller.xml
  error: operation failed: controller scsi:0 not found

The qemuDomainXXtachPciControllerDevice routines made assumptions
that any caller had a PCI bus.  These routines now selectively calls
PCI functions where necessary, and assigns the device information
type to one appropriate for the bus in use.

Signed-off-by: Eric Farman <farman@linux.vnet.ibm.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2013-11-21 10:38:53 +01:00
Eric Farman
271eb0584b qemu: Rename controller hotplug functions to not be PCI-specific
For attach/detach of controller devices, we rename the functions to
remove 'PCI' from their title.  The actual separation of PCI-specific
operations will be handled in the next patch.

Signed-off-by: Eric Farman <farman@linux.vnet.ibm.com>
2013-11-21 10:05:46 +01:00
Osier Yang
b96651dec0 storage: Returns earlier if source adapter of the scsi pool is a HBA
It makes no sense to go forward to get the parent host number of a
HBA, and treat the HBA as a vHBA with trying to delete it.

Signed-off-by: Osier Yang <jyang@redhat.com>
2013-11-21 12:06:20 +08:00
Clark Laughlin
c7ccd2c44b qemu: Add support for virt machine type with virtio-mmio devices on armv7
These changes allow the correct virtio-blk-device and virtio-net-device
devices to be used for the 'virt' machine type for armv7 rather than the
PCI virtio devices.

A test case was added to qemuxml2argvtest for this change.

Signed-off-by: Clark Laughlin <clark.laughlin@linaro.org>
2013-11-20 14:31:17 -05:00
Eric Blake
e44a9a70d3 maint: fix comma style issues: remaining code
Most of our code base uses space after comma but not before;
fix the remaining uses before adding a syntax check.

* src/network/bridge_driver.c: Consistently use commas.
* src/node_device/node_device_hal.c: Likewise.
* src/node_device/node_device_udev.c: Likewise.
* src/storage/storage_backend_rbd.c: Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-20 09:14:55 -07:00
Eric Blake
64b2335c2a maint: fix comma style issues: remaining drivers
Most of our code base uses space after comma but not before;
fix the remaining uses before adding a syntax check.

* src/lxc/lxc_container.c: Consistently use commas.
* src/openvz/openvz_driver.c: Likewise.
* src/openvz/openvz_util.c: Likewise.
* src/remote/remote_driver.c: Likewise.
* src/test/test_driver.c: Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-20 09:14:55 -07:00
Eric Blake
eeed3bc63c maint: fix comma style issues: vbox
Most of our code base uses space after comma but not before;
fix the remaining uses before adding a syntax check.

* src/vbox/vbox_tmpl.c: Consistently use commas.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-20 09:14:55 -07:00
Eric Blake
c7c84fa54a maint: fix comma style issues: util
Most of our code base uses space after comma but not before;
fix the remaining uses before adding a syntax check.

* src/util/vircommand.c: Consistently use commas.
* src/util/virlog.c: Likewise.
* src/util/virnetdevbandwidth.c: Likewise.
* src/util/virnetdevmacvlan.c: Likewise.
* src/util/virnetdevvportprofile.c: Likewise.
* src/util/virnetlink.c: Likewise.
* src/util/virpci.c: Likewise.
* src/util/virsysinfo.c: Likewise.
* src/util/virusb.c: Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-20 09:14:55 -07:00
Eric Blake
5d509e9ee2 maint: fix comma style issues: qemu
Most of our code base uses space after comma but not before;
fix the remaining uses before adding a syntax check.

* src/qemu/qemu_cgroup.c: Consistently use commas.
* src/qemu/qemu_command.c: Likewise.
* src/qemu/qemu_conf.c: Likewise.
* src/qemu/qemu_driver.c: Likewise.
* src/qemu/qemu_monitor.c: Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-20 09:14:55 -07:00
Eric Blake
86f6748bda maint: fix comma style issues: xen
Most of our code base uses space after comma but not before;
fix the remaining uses before adding a syntax check.

* src/libxl/libxl_driver.c: Consistently use commas.
* src/xen/xend_internal.c: Likewise.
* src/xen/xs_internal.c: Likewise.
* src/xenapi/xenapi_driver.c: Likewise.
* src/xenapi/xenapi_utils.c: Likewise.
* src/xenxs/xen_sxpr.c: Likewise.
* src/xenxs/xen_xm.c: Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-20 09:14:54 -07:00
Eric Blake
6f4901e13b maint: fix comma style issues: conf
Most of our code base uses space after comma but not before;
fix the remaining uses before adding a syntax check.

* src/conf/capabilities.c: Consistently use commas.
* src/conf/domain_conf.c: Likewise.
* src/conf/network_conf.c: Likewise.
* src/conf/storage_conf.c: Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-20 09:14:54 -07:00
Eric Blake
f56903366f maint: fix comma style issues: nwfilter
Most of our code base uses space after comma but not before;
fix the remaining uses before adding a syntax check.

* src/nwfilter/nwfilter_ebiptables_driver.c: Consistently use
commas.
* src/nwfilter/nwfilter_gentech_driver.c: Likewise.
* src/nwfilter/nwfilter_learnipaddr.c: Likewise.
* src/conf/nwfilter_conf.c: Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-20 09:14:54 -07:00
Daniel P. Berrange
2b510e4903 Fix off-by-1 in default SELinux MCS range
For a while we're have random failures of 'securityselinuxtest'
which were not at all reproducible. Fortunately we finally
caught a failure with VIR_TEST_DEBUG=1 enabled. This revealed

TEST: securityselinuxtest
 1) GenLabel "dynamic unconfined, s0, c0.c1023"                       ... OK
 2) GenLabel "dynamic unconfined, s0, c0.c1023"                       ... OK
 3) GenLabel "dynamic unconfined, s0, c0.c1023"                       ... OK
 4) GenLabel "dynamic virtd, s0, c0.c1023"                            ... OK
 5) GenLabel "dynamic virtd, s0, c0.c10"                              ... OK
 6) GenLabel "dynamic virtd, s2-s3, c0.c1023"                         ... OK
 7) GenLabel "dynamic virtd, missing range"                           ... Category two 1024 is out of range 0-1023
FAILED
FAIL: securityselinuxtest

And sure enough we had an off-by-1 in the MCS range code when
the current process has no range set. The test suite randomly
allocates 2 categories from 0->1024 so the chances of hitting
this in the test suite were slim indeed :-)

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-11-20 13:09:00 +00:00
Ján Tomko
a18fa05a8f Remove redundant braces 2013-11-20 12:35:47 +01:00
Ján Tomko
c5d392748c Error out on unterminated arrays and objects in JSON parser 2013-11-20 12:35:44 +01:00
Eric Blake
6067b29a39 maint: ship .pl scripts as executables
All our .pl scripts had the executable bit set, except for one.
Make it consistent (even if we invoke the scripts as an argument
to $(PERL) rather than directly).

* src/check-aclrules.pl: Make executable.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-19 14:32:59 -07:00
Guido Günther
3c9e40a1e8 Don't depend on syslog.service
Syslog is socket activated since at least systemd v35 so we can drop
this dependency. Debian's linitian otherwise complains about it.

References:

    http://www.freedesktop.org/wiki/Software/systemd/syslog/
    http://lintian.debian.org/tags/systemd-service-file-refers-to-obsolete-target.html
2013-11-19 21:49:53 +01:00
Michal Privoznik
730af8f2cd qemuMonitorJSONGetCPUx86Data: Don't fail on ancient qemus
On the domain startup, this function is called to dump some info about
the CPUs. At the beginning of the function we check if we aren't running
older qemu which is not exposing the CPUs via 'qom-list'. However, we
are not checking for even older qemus, which throw 'CommandNotFound'
error.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-11-19 16:28:16 +01:00
Ryota Ozaki
8229e33adc vbox: fix segfault on virsh dumpxml with the existence of USB filters
A USB filter is stored in a hostdev. The original code doesn't
allocate hostdev->info that is expected to be allocated with hostdev.
So use virDomainHostdevDefAlloc() to allocate both as we expect.

Signed-off-by: Ryota Ozaki <ozaki.ryota@gmail.com>
2013-11-19 16:19:26 +02:00
Eric Blake
4a601c3080 maint: fix comment typos.
* src/qemu/qemu_command.c (qemuBuildVolumeString): Fix typo.
* src/qemu/qemu_monitor.c (qemuMonitorSend): Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-18 16:31:42 -07:00
Daniel P. Berrange
784bb73eaa Add missing 'return 0;' in stub lxcStartFuse() method impl.
Without a 'return 0' in the stub lxcStartFuse() method, the
compiler warns:

lxc/lxc_fuse.c:374: error: control reaches end of non-void function
[-Wreturn-type]

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-11-18 16:12:39 +00:00
Daniel P. Berrange
3563c51d3e Avoid async signal safety problem in glibc's setxid
The glibc setxid is supposed to be async signal safe, but
libc developers confirm that it is not. This causes a problem
when libvirt_lxc starts the FUSE thread and then runs clone()
to start the container. If the clone() was done before the
FUSE thread has completely started up, then the container
will hang in setxid after clone().

The fix is to avoid creating any threads until after the
container has been clone()'d. By avoiding any threads in
the parent, the child is no longer required to run in an
async signal safe context, and we thus avoid the glibc
bug.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-11-18 15:36:23 +00:00
Ján Tomko
8c41794af8 Return -1 in virPortAllocatorAcquire if all ports are used
Report the error in virPortAllocatorAcquire instead
of doing it in every caller.

The error contains the port range name instead of the intended
use for the port, e.g.:
Unable to find an unused port in range 'display' (65534-65535)
instead of:
Unable to find an unused port for SPICE

This also adds error reporting when the QEMU driver could not
find an unused port for VNC, VNC WebSockets or NBD migration.
2013-11-18 12:28:07 +01:00
Ján Tomko
d16d90fd40 Add a name to virPortAllocator
This allows its error messages to be more specific.
2013-11-18 12:28:02 +01:00
Ján Tomko
28ea39a004 Don't release spice port twice when no TLS port is available
Introduced by 7b4a630.
2013-11-18 12:26:59 +01:00
Ján Tomko
e68432e45f Properly unref a connection with a close callback
The connection pointer in the closeCallback data was never
initialized, making the unref in remoteClientCloseFunc a no-op.

This fixes the following leak in virsh when the daemon closes
the connection unexpectedly:

1,179 (288 direct, 891 indirect) bytes in 1 blocks are
   definitely lost in loss record 745 of 792
  at 0x4C2A6D0: calloc (in vgpreload_memcheck-amd64-linux.so)
  by 0x4E9643D: virAllocVar (viralloc.c:558)
  by 0x4ED2425: virObjectNew (virobject.c:190)
  by 0x4F675AC: virGetConnect (datatypes.c:116)
  by 0x4F6EA06: do_open (libvirt.c:1136)
  by 0x4F71017: virConnectOpenAuth (libvirt.c:1481)
  by 0x129FFA: vshReconnect (virsh.c:337)
  by 0x128310: main (virsh.c:2470)
2013-11-18 12:26:15 +01:00
Eric Blake
6385283add docs: improve job info details
Noticed while revieweing the patches for qemu's new migration state.

* include/libvirt/libvirt.h.in (_virDomainJobInfo): Fix typo,
grammar.
* src/libvirt.c (virDomainGetJobInfo): Add cross reference.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-15 06:00:49 -07:00
Michael Avdienko
d35ae4143d Fix migration with QEMU 1.6
QEMU 1.6.0 introduced new migration status: setup
Libvirt does not expect such string in QMP and refuses to migrate with error
"unexpected migration status in setup"

This patch fixes it.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2013-11-15 13:50:47 +01:00
Jiri Denemark
05e149f94c qemu: Call qemuSetupHostdevCGroup later during hotplug
https://bugzilla.redhat.com/show_bug.cgi?id=1025108

So far qemuSetupHostdevCGroup was called very early during hotplug, even
before we knew the device we were about to hotplug was actually
available. By calling the function later, we make sure QEMU won't be
allowed to access devices used by other domains.

Another important effect of this change is that hopluging USB devices
specified by vendor and product (but not by their USB address) works
again. This was broken since v1.0.5-171-g7d763ac, when the call to
qemuFindHostdevUSBDevice was moved after the call to
qemuSetupHostdevCGroup, which then used an uninitialized USB address.
2013-11-15 13:50:47 +01:00
Michal Privoznik
f417ad07df qemuMonitorIO: Don't use @mon after it's unrefed
https://bugzilla.redhat.com/show_bug.cgi?id=1018267

The aim of virObject refing and urefing is to tell where the object is
to be used and when is no longer needed. Hence any object shouldn't be
used after it has been unrefed, as we might be the last to hold the
reference. The better way is to call virObjectUnref() *after* the last
object usage. In this specific case, the monitor EOF handler was called
after the qemuMonitorIO called virObjectUnref. Not only that @mon was
disposed (which is not used in the handler anyway) but the @mon->vm
which is causing a SIGSEGV:

2013-11-15 10:17:54.425+0000: 20110: error : qemuMonitorIO:688 : internal error: early end of file from monitor: possible problem:
qemu-kvm: -incoming tcp:01.01.01.0:49152: Failed to bind socket: Cannot assign requested address

Program received signal SIGSEGV, Segmentation fault.
qemuProcessHandleMonitorEOF (mon=<optimized out>, vm=0x7fb728004170) at qemu/qemu_process.c:299
299         if (priv->beingDestroyed) {
(gdb) p *priv
Cannot access memory at address 0x0
(gdb) p vm
$1 = (virDomainObj *) 0x7fb728004170
(gdb) p *vm
$2 = {parent = {parent = {magic = 3735928559, refs = 0, klass = 0xdeadbeef}, lock = {lock = {__data = {__lock = 2, __count = 0, __owner = 20110, __nusers = 1, __kind = 0, __spins = 0, __list = {__prev = 0x0,
            __next = 0x0}}, __size = "\002\000\000\000\000\000\000\000\216N\000\000\001", '\000' <repeats 26 times>, __align = 2}}}, pid = 0, state = {state = 0, reason = 0}, autostart = 0, persistent = 0,
  updated = 0, def = 0x0, newDef = 0x0, snapshots = 0x0, current_snapshot = 0x0, hasManagedSave = false, privateData = 0x0, privateDataFreeFunc = 0x0, taint = 304}

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-11-15 11:32:35 +01:00
Michal Privoznik
3367c21dad qemuProcessReconnectHelper: Don't create joinable thread
In the qemuProcessReconnectHelper() a new thread that does all the
interesting work is spawned. The rationale is to not block the daemon
startup process in case of unresponsive qemu. However, the thread
handler is a local variable which gets lost once the control goes out of
scope. Hence the thread gets leaked. We can avoid this if the thread
isn't made joinable.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-11-14 17:44:20 +01:00
Michal Privoznik
ea13a759f5 virDomainEventCallbackListFree: Don't leak @list->callbacks
The @list->callbacks is an array that is inflated whenever a new event
is added, e.g. via virDomainEventCallbackListAddID(). However, when we
are freeing the array, we free the items within it but forgot to
actually free it.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-11-14 17:44:20 +01:00
Michal Privoznik
a593675594 virPCIDeviceBindToStub: Remove unused @oldDriverPath and @oldDriverName
These two chunks had to be part of df4283a55b. But for some unclear
reason, the weren't. Anyway, these two variables are not used anywhere
within function. They're initialized to NULL and then VIR_FREE()-d. And
there's no reason do do two NOPs, right?

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-11-14 17:44:20 +01:00
Michal Privoznik
223ce2f1a3 networkBuildDhcpDaemonCommandLine: Don't leak @configstr and @configfile
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-11-14 17:44:20 +01:00
Ján Tomko
b7829f959b Disable nwfilter driver when running unprivileged
When opening a new connection to the driver, nwfilterOpen
only succeeds if the driverState has been allocated.

Move the privilege check in driver initialization before
the state allocation to disable the driver.

This changes the nwfilter-define error from:
error: cannot create config directory (null): Bad address
To:
this function is not supported by the connection driver:
virNWFilterDefineXML

https://bugzilla.redhat.com/show_bug.cgi?id=1029266
2013-11-13 09:41:57 +01:00
Jason Andryuk
7d58c7fc8e libxl: Fix Xen 4.4 libxlVmStart logic
ifdef LIBXL_HAVE_DOMAIN_CREATE_RESTORE_PARAMS hides a multi-line body
for a brace-less else.  Add braces to ensure proper logic is applied.

Without this fix, new domains cannot be started.  Both
libxl_domain_create_new and libxl_domain_create_restore are called when
starting a new domain leading to this error:
libxl: error: libxl.c:324:libxl__domain_rename: domain with name "guest" already exists.
libxl: error: libxl_create.c:800:initiate_domain_create: cannot make domain: -6
2013-11-12 13:14:24 -07:00
Peter Krempa
84f6960214 qemu: Check for presence of device and properities when getting CPUID
The QOM path in qemu that contains the CPUID registers of a running VM
may not be present (introduced in QEMU 1.5).

Since commit d94b781771 we have a regression with QEMU that don't
support reporting of the CPUID register state via the monitor as the
process startup code expects the path to exist.

This patch adds code that checks with the monitor if the requested path
already exists and uses it only in this case.
2013-11-12 19:36:06 +01:00
Peter Krempa
a6a6f84af9 qemu: Change return type of qemuMonitorGetGuestCPU()
To allow returning more granular errors, change the error type to an
integer.
2013-11-12 19:35:51 +01:00
Daniel P. Berrange
5087a5a009 Fix busy wait loop in LXC container I/O handling
If the host side of an LXC container console disconnected
and the guest side continued to write data, until the PTY
buffer filled up, the LXC controller would busy wait. It
would repeatedly see POLLHUP from poll() and not disable
the watch.

This was due to some bogus logic detecting blocking
conditions. Upon seeing a POLLHUP we must disable all
reading & writing from the PTY, and setup the epoll to
wake us up again when the connection comes back.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-11-12 11:14:49 +00:00
Daniel P. Berrange
cbb6ec42e2 Don't expose 'none' machine type to capabilities
The 'none' machine type is something only intended for use
by libvirt probing capabilities. It isn't something that
is useful for running real VM instances. As such it should
not be exposed to users in the capabilities.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-11-12 10:47:30 +00:00
Daniel P. Berrange
f41830680e Fix mem leak in virQEMUCapsProbeQMPMachineTypes on OOM
The virQEMUCapsProbeQMPMachineTypes method iterates over machine
types copying them into the qemuCapsPtr object. It only updates
the qemuCaps->nmachinetypes value at the end though. So if OOM
occurs in the middle, the destructor of qemuCapsPtr will not
free the partially initialized machine types.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-11-12 10:47:30 +00:00
Peter Krempa
c2986ff0d3 conf: Refactor virDomainDiskSourceDefParse
Now that the function is separate clean out a few ugly places and fix up
error messages.
2013-11-12 11:12:36 +01:00
Peter Krempa
2b2decbdcc conf: Rename virDomainDiskHostDefFree to virDomainDiskHostDefClear
The function destroys only the contents not the object itself thus it
should be called Clear.
2013-11-12 10:38:34 +01:00
Peter Krempa
16bc786408 conf: Split out code to parse the source of a disk definition
To avoid code duplication between snapshot configuration code that
parses the disk source too we need to split out this code that will be
reused later on.

This patch tries to be code movement, some aspects of this function will
be refactored later.
2013-11-12 10:38:34 +01:00
Michal Privoznik
cfc28c66f9 qemuDomainObjStart: Warn on corrupted image
If the managedsave image is corrupted, e.g. the XML part is, we fail to
parse it and throw an error, e.g.:

error: Failed to start domain jms8
error: XML error: missing security model when using multiple labels

This is okay, as we can't really start the machine and avoid undefined
qemu behaviour. On the other hand, the error message doesn't give a
clue to users what should they do. The consensus here would be to thrown
a warning to logs saying "Hey, you've got a corrupted file".

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-11-11 17:16:39 +01:00
Michal Privoznik
9fb3f9571d virSecurityLabelDefParseXML: Don't parse label on model='none'
https://bugzilla.redhat.com/show_bug.cgi?id=1027096

If there's the following snippet in the domain XML, the domain will be
lost upon the daemon restart (if the domain is started prior restart):

    <seclabel type='dynamic' relabel='yes'/>

The problem is, the 'label', 'imagelabel' and 'baselabel' are parsed
whenever the VIR_DOMAIN_XML_INACTIVE is *not* present or the label is
static. The latter is not our case, obviously. So, when libvirtd starts
up, it finds domain state xml and parse it. During parsing, many XML
flags are enabled but VIR_DOMAIN_XML_INACTIVE. Hence, our parser tries
to extract 'label', 'imagelabel' and 'baselabel' from the XML which
fails for model='none'. Err, this model - even though not specified in
XML - can be taken from qemu wide config file: /etc/libvirtd/qemu.conf.

However, in order to know we are dealing with model='none' the code in
question must be moved forward a bit. Then a new check must be
introduced. This is what the first two chunks are doing.

But this alone is not sufficient. The domain state XML won't contain the
model attribute without slight modification. The model should be
inserted into the XML even if equal to 'none' and the state XML is being
generated - what if the origin (the @security_driver variable in
qemu.conf) changes during libvirtd restarts?

At the end, a test to catch this scenario is introduced.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-11-11 16:01:25 +01:00
Wang Yufei
af67a43659 docs: fix virDomainRestoreFlags description bug
In virDomainRestoreFlags with VIR_DOMAIN_SAVE_BYPASS_CACHE, it risks
slowing restores from NFS, but not saves to NFS.

Signed-off-by: Wang Yufei <james.wangyufei@huawei.com>
2013-11-08 12:08:39 -07:00
Eric Blake
d0b2d0177b docs: grammar fixes
Fix some user-visible wording from commits 72aafe9 and 1606d89.

* src/qemu/qemu.conf (migration_address): Better wording.
* include/libvirt/libvirt.h.in (VIR_MIGRATE_PARAM_LISTEN_ADDRESS):
Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-08 10:37:06 -07:00
Vitor de Lima
efdd591dfb qemu: Fix SCSI hotplug on pseries guests
This patch moves some code in the qemuDomainAttachSCSIDisk
function. The check for the existence of a PCI address assigned
to the SCSI controller was moved in order to be executed only
when needed. The PCI address of a controller is not necessary
if QEMU_CAPS_DEVICE is supported.

This fixes issues with the hotplug of SCSI disks on pseries guests.
2013-11-08 16:25:02 +02:00
Laine Stump
88c1fcd5e7 pci: properly handle out-of-order SRIOV virtual functions
This resolves:

  https://bugzilla.redhat.com/show_bug.cgi?id=1025397

When virPCIGetVirtualFunctions created the list of an SRIOV Physical
Function's (PF) Virtual Functions (VF), it had assumed that the order
of "virtfn*" links returned by readdir() from the PF's sysfs directory
was already in the correct order. Experience has shown that this is
not always the case - it can be in alphabetical order (which would
e.g. place virtfn11 before virtfn2) or even some seemingly random
order (see the example in the bugzilla report)

This results in 1) incorrect assumptions made by consumers of the
output of the virt_functions list of virsh nodedev-dumpxml, and 2)
setting MAC address and vlan tag on the wrong VF (since libvirt uses
netlink to set mac address and vlan tag, netlink requires the VF#, and
the function virPCIGetVirtualFunctionIndex() returns the wrong index
due to the improperly ordered VF list).

The solution provided by this patch is for virPCIGetVirtualFunctions
to no longer scan the entire device directory in its natural order,
but instead to check for links individually by name "virtfn%d" where
%d starts at 0 and increases with each success. Since VFs are created
contiguously by the kernel, this will guarantee that all VFs are
found, and placed in the arry in the correct order.

One note of use to the uninitiated is that VIR_APPEND_ELEMENT always
either increments *num_virtual_functions or fails, so no this isn't an
endless loop.

(NB: the SRIOV_* defines at the top of virpci.c were removed
because they are unnecessary and/or not used.)
2013-11-08 14:31:54 +02:00
Laine Stump
89e2a6c88c util: use size_t instead of unsigned int for num_virtual_functions
This is a prerequisite to the fix for the fix to:

  https://bugzilla.redhat.com/show_bug.cgi?id=1025397

num_virtual_functions needs to be size_t in order to use the
VIR_APPEND_ELEMENT macro.
2013-11-08 14:31:11 +02:00
Vitor de Lima
54e4d9d081 qemu: assign PCI address to primary video card
When adding support for Q35 guests, the code to assign a PCI address
to the primary video card was moved into Q35 and i440fx(PIIX3)
specific functions, but no fallback was kept for other machine types
that might have a video card.

This patch remedies that by assigning a PCI address to the primary
video card if it does not have any kind of address.  In particular,
this fixes issues with pseries guests.

Signed-off-by: Vitor de Lima <vitor.lima@eldorado.org.br>
Signed-off-by: Laine Stump <laine@laine.org>
2013-11-08 12:48:32 +02:00
Serge Hallyn
ba95426d6f util: use -w flag when calling iptables
When supported, ask iptables to wait rather than fail if it is in use
by another caller (like ufw).

(See https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1245322)

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
2013-11-08 12:48:25 +02:00
Peter Krempa
d94b781771 qemu: process: Validate specific CPUID flags of a guest
When starting a VM the qemu process may filter out some requested
features of a domain as it's not supported either by the host or by
qemu. Libvirt didn't check if this happened which might end up in
changing of the guest ABI when migrating.

The proof of concept implementation adds the check for the recently
introduced kvm_pv_unhalt cpuid feature bit. This feature depends on both
qemu and host kernel support and thus increase the possibility of guest
ABI breakage.
2013-11-08 09:44:42 +01:00
Peter Krempa
e0dc851164 qemu: Add support for paravirtual spinlocks in the guest
The linux kernel recently added support for paravirtual spinlock
handling to avoid performance regressions on overcomitted hosts. This
feature needs to be turned in the hypervisor so that the guest OS is
notified about the possible support.

This patch adds a new feature "paravirt-spinlock" to the XML and
supporting code to enable the "kvm_pv_unhalt" pseudo CPU feature in
qemu.

https://bugzilla.redhat.com/show_bug.cgi?id=1008989
2013-11-08 09:44:42 +01:00
Peter Krempa
de7b5faf43 conf: Refactor storing and usage of feature flags
Currently we were storing domain feature flags in a bit field as the
they were either enabled or disabled. New features such as paravirtual
spinlocks however can be tri-state as the default option may depend on
hypervisor version.

To allow storing tri-state feature state in the same place instead of
having to declare dedicated variables for each feature this patch
refactors the bit field to an array.
2013-11-08 09:44:42 +01:00
Peter Krempa
2e8f90802d cpu: x86: Add internal CPUID features support and KVM feature bits
Some of the emulator features are presented in the <features> element in
the domain XML although they are virtual CPUID feature bits when
presented to the guest. To avoid confusing the users with these
features, as they are not configurable via the <cpu> element, this patch
adds an internal array where those can be stored privately instead of
exposing them in the XML.

Additionaly KVM feature bits are added as example usage of this code.
2013-11-08 09:44:42 +01:00
Jiri Denemark
3afde0756f qemu: Add monitor APIs to fetch CPUID data from QEMU
The qemu monitor supports retrieval of actual CPUID bits presented to
the guest using QMP monitor. Add APIs to extract these information and
tests for them.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
2013-11-08 09:44:36 +01:00
Peter Krempa
f80a11c921 cpu_x86: Refactor storage of CPUID data to add support for KVM features
The CPUID functions were stored in multiple arrays according to a
specified prefix of those. This made it very hard to add another prefix
to store KVM CPUID features (0x40000000). Instead of hardcoding a third
array this patch changes the approach used:

The code is refactored to use a single array where the CPUID functions
are stored ordered by the cpuid function so that they don't depend on
the specific prefix and don't waste memory. The code is also less
complex using this approach. A trateoff to this is the change from O(N)
complexity to O(N^2) in x86DataAdd and x86DataSubtract. The rest of the
functions were already using O(N^2) algorithms.
2013-11-08 09:28:06 +01:00
Li Zhang
4ffcb0208c storage: Fix a vol-clone bug on ppc64
vol-clone reports out of memory error with disk type on ppc64.

Currently, wbytes is defined as size_t type (8 bytes), but
args's value in ioctl(fd, args..) in kernel is int (4 bytes).
This makes wbytes 2^32 times larger, causing an out of memory error.

This patch changes size_t to int to synchronize with kernel.

[1] https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/block/ioctl.c?id=5e01dc7b#n363
[2] https://lkml.org/lkml/2013/11/1/620

Signed-off-by: Li Zhang <zhlcindy@linux.vnet.ibm.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2013-11-08 07:51:43 +01:00
Michal Privoznik
1f2f879ed1 qemu: Don't access vm->priv on unlocked domain
Since 86d90b3a (yes, my patch; again) we are supporting NBD storage
migration. However, on error recovery path we got the steps reversed.
The correct order is: return NBD port to the virPortAllocator and then
either unlock the vm or remove it from the driver. Not vice versa.

==11192== Invalid write of size 4
==11192==    at 0x11488559: qemuMigrationPrepareAny (qemu_migration.c:2459)
==11192==    by 0x11488EA6: qemuMigrationPrepareDirect (qemu_migration.c:2652)
==11192==    by 0x114D1509: qemuDomainMigratePrepare3Params (qemu_driver.c:10332)
==11192==    by 0x519075D: virDomainMigratePrepare3Params (libvirt.c:7290)
==11192==    by 0x1502DA: remoteDispatchDomainMigratePrepare3Params (remote.c:4798)
==11192==    by 0x12DECA: remoteDispatchDomainMigratePrepare3ParamsHelper (remote_dispatch.h:5741)
==11192==    by 0x5212127: virNetServerProgramDispatchCall (virnetserverprogram.c:435)
==11192==    by 0x5211C86: virNetServerProgramDispatch (virnetserverprogram.c:305)
==11192==    by 0x520A8FD: virNetServerProcessMsg (virnetserver.c:165)
==11192==    by 0x520A9E1: virNetServerHandleJob (virnetserver.c:186)
==11192==    by 0x50DA78F: virThreadPoolWorker (virthreadpool.c:144)
==11192==    by 0x50DA11C: virThreadHelper (virthreadpthread.c:161)
==11192==  Address 0x1368baa0 is 576 bytes inside a block of size 688 free'd
==11192==    at 0x4A07F5C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==11192==    by 0x5079A2F: virFree (viralloc.c:580)
==11192==    by 0x11456C34: qemuDomainObjPrivateFree (qemu_domain.c:267)
==11192==    by 0x50F41B4: virDomainObjDispose (domain_conf.c:2034)
==11192==    by 0x50C2991: virObjectUnref (virobject.c:262)
==11192==    by 0x50F4CFC: virDomainObjListRemove (domain_conf.c:2361)
==11192==    by 0x1145C125: qemuDomainRemoveInactive (qemu_domain.c:2087)
==11192==    by 0x11488520: qemuMigrationPrepareAny (qemu_migration.c:2456)
==11192==    by 0x11488EA6: qemuMigrationPrepareDirect (qemu_migration.c:2652)
==11192==    by 0x114D1509: qemuDomainMigratePrepare3Params (qemu_driver.c:10332)
==11192==    by 0x519075D: virDomainMigratePrepare3Params (libvirt.c:7290)
==11192==    by 0x1502DA: remoteDispatchDomainMigratePrepare3Params (remote.c:4798)

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-11-08 07:34:11 +01:00
Michal Privoznik
5a4c2374a2 qemu: Avoid double free of VM
One of my previous patches (c7ac2519b7) did try to fix the issue when
domain dies too soon during migration. However, this clumsy approach was
missing removal of qemuProcessHandleMonitorDestroy resulting in double
unrefing of mon->vm and hence producing the daemon crash:

==11843== Invalid read of size 4
==11843==    at 0x50C28C5: virObjectUnref (virobject.c:255)
==11843==    by 0x1148F7DB: qemuMonitorDispose (qemu_monitor.c:258)
==11843==    by 0x50C2991: virObjectUnref (virobject.c:262)
==11843==    by 0x50C2D13: virObjectFreeCallback (virobject.c:388)
==11843==    by 0x509C37B: virEventPollCleanupHandles (vireventpoll.c:583)
==11843==    by 0x509C711: virEventPollRunOnce (vireventpoll.c:652)
==11843==    by 0x509A620: virEventRunDefaultImpl (virevent.c:274)
==11843==    by 0x520D21C: virNetServerRun (virnetserver.c:1112)
==11843==    by 0x11F368: main (libvirtd.c:1513)
==11843==  Address 0x13b88864 is 4 bytes inside a block of size 136 free'd
==11843==    at 0x4A07F5C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==11843==    by 0x5079A2F: virFree (viralloc.c:580)
==11843==    by 0x50C29E3: virObjectUnref (virobject.c:270)
==11843==    by 0x114770E4: qemuProcessHandleMonitorDestroy (qemu_process.c:1103)
==11843==    by 0x1148F7CB: qemuMonitorDispose (qemu_monitor.c:257)
==11843==    by 0x50C2991: virObjectUnref (virobject.c:262)
==11843==    by 0x50C2D13: virObjectFreeCallback (virobject.c:388)
==11843==    by 0x509C37B: virEventPollCleanupHandles (vireventpoll.c:583)
==11843==    by 0x509C711: virEventPollRunOnce (vireventpoll.c:652)
==11843==    by 0x509A620: virEventRunDefaultImpl (virevent.c:274)
==11843==    by 0x520D21C: virNetServerRun (virnetserver.c:1112)
==11843==    by 0x11F368: main (libvirtd.c:1513)

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-11-08 07:31:02 +01:00
Michal Privoznik
b2f31af701 qemuMigrationBeginPhase: Check for 'drive-mirror' for NBD
So far we are checking if qemu supports 'nbd-server-start'. This,
however, makes no sense on the source as nbd-server-* is used on the
destination. On the source the 'drive-mirror' is used instead.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-11-07 14:15:13 +01:00
Chen Hanxiao
4bcb74d03f conf: fix incorrect error log in virCPUDefIsEqual
A copy-paste error.
s/model/vendor id

Signed-off-by: Chen Hanxiao <chenhanxiao@cn.fujitsu.com>
2013-11-07 12:01:29 +01:00
Peter Krempa
6e037015a4 conf: Refactor virDomainDiskSourcePoolDefParse
For some strange reason virDomainDiskSourcePoolDefParse accessed def of
the disk and allocated the pool object in it. To avoid the need to carry
over the disk definition object, refactor this function to return the
allocated object instead.
2013-11-07 10:12:49 +01:00
Eric Blake
adb44955c4 nodeinfo: fix build on non-Linux
Commit b0f8546 broke the build on mingw, by exposing code that
had Linux-specific dependencies but which was previously protected
by libnuma ifdef guards:

make[3]: Entering directory `/home/eblake/libvirt-tmp/build/src'
  CC       libvirt_driver_la-nodeinfo.lo
../../src/nodeinfo.c: In function 'virNodeGetSiblingsList':
../../src/nodeinfo.c:1543:30: error: 'SYSFS_THREAD_SIBLINGS_LIST_LENGTH_MAX' undeclared (first use in this function)
     if (virFileReadAll(path, SYSFS_THREAD_SIBLINGS_LIST_LENGTH_MAX, &buf) < 0)
                              ^
../../src/nodeinfo.c:1543:30: note: each undeclared identifier is reported only once for each function it appears in
../../src/nodeinfo.c: In function 'virNodeCapsFillCPUInfo':
../../src/nodeinfo.c:1562:5: error: implicit declaration of function 'virNodeGetCpuValue' [-Werror=implicit-function-declaration]
     if ((tmp = virNodeGetCpuValue(SYSFS_CPU_PATH, cpu_id,
     ^
../../src/nodeinfo.c:1562:5: error: nested extern declaration of 'virNodeGetCpuValue' [-Werror=nested-externs]
../../src/nodeinfo.c:1562:35: error: 'SYSFS_CPU_PATH' undeclared (first use in this function)
     if ((tmp = virNodeGetCpuValue(SYSFS_CPU_PATH, cpu_id,
                                   ^
cc1: all warnings being treated as errors

* src/nodeinfo.c (virNodeCapsFillCPUInfo): Make conditional.
(virNodeGetSiblingsList): Move into #ifdef linux block.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-06 17:36:44 -07:00
Eric Blake
348b4e254b storage: always probe type with buffer
This gets rid of another stat() per volume, as well as cutting
bytes read in half, when populating the volumes of a directory
pool during a pool refresh.  Not to mention that it provides an
interface that can let gluster pools also probe file types.

* src/util/virstoragefile.h (virStorageFileProbeFormatFromFD):
Delete.
(virStorageFileProbeFormatFromBuf): New prototype.
(VIR_STORAGE_MAX_HEADER): New constant, based on...
* src/util/virstoragefile.c (STORAGE_MAX_HEAD): ...old name.
(vmdk4GetBackingStore, virStorageFileGetMetadataInternal)
(virStorageFileProbeFormat): Adjust clients.
(virStorageFileProbeFormatFromFD): Delete.
(virStorageFileProbeFormatFromBuf): Export.
* src/storage/storage_backend_fs.c (virStorageBackendProbeTarget):
Adjust client.
* src/libvirt_private.syms (virstoragefile.h): Adjust exports.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-06 17:31:51 -07:00
Eric Blake
3ead2e7ded storage: refactor backing chain division of labor
Future patches will want to learn metadata about a file using
a buffer that was already parsed in order to probe the file's
format.  Rather than reopening and re-reading the file, it makes
sense to separate getting file contents from actually parsing
those contents.

* src/util/virstoragefile.c (virStorageFileGetMetadataFromBuf)
(virStorageFileGetMetadataFromFDInternal): New functions.
(virStorageFileGetMetadataInternal): Hoist fstat() and read() into
callers.
(virStorageFileGetMetadataFromFD)
(virStorageFileGetMetadataRecurse): Rework clients.
* src/util/virstoragefile.h (virStorageFileGetMetadataFromBuf):
New prototype.
* src/libvirt_private.syms (virstoragefile.h): Export it.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-06 17:28:12 -07:00
Eric Blake
9cac863965 storage: reduce number of stat calls
We are calling fstat() at least twice per storage volume in
a directory storage pool; this is rather wasteful.  Refactoring
this is also a step towards making code reusable for gluster,
where gluster can provide struct stat but cannot use fstat().

* src/storage/storage_backend.h
(virStorageBackendVolOpenCheckMode)
(virStorageBackendUpdateVolTargetInfoFD): Update signature.
* src/storage/storage_backend.c
(virStorageBackendVolOpenCheckMode): Pass stat results back.
(virStorageBackendUpdateVolTargetInfoFD): Use existing stats.
(virStorageBackendVolOpen, virStorageBackendUpdateVolTargetInfo):
Update callers.
* src/storage/storage_backend_fs.c (virStorageBackendProbeTarget):
Likewise.
* src/storage/storage_backend_scsi.c
(virStorageBackendSCSIUpdateVolTargetInfo): Likewise.
* src/storage/storage_backend_mpath.c
(virStorageBackendMpathUpdateVolTargetInfo): Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-06 17:17:08 -07:00
Eric Blake
5327fad4f2 storage: avoid short reads while chasing backing chain
Our backing file chain code was not very robust to an ill-timed
EINTR, which could lead to a short read causing us to randomly
treat metadata differently than usual.  But the existing
virFileReadLimFD forces an error if we don't read the entire
file, even though we only care about the header of the file.
So add a new virFile function that does what we want.

* src/util/virfile.h (virFileReadHeaderFD): New prototype.
* src/util/virfile.c (virFileReadHeaderFD): New function.
* src/libvirt_private.syms (virfile.h): Export it.
* src/util/virstoragefile.c (virStorageFileGetMetadataInternal)
(virStorageFileProbeFormatFromFD): Use it.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-06 17:14:02 -07:00
Eric Blake
5717ee6ab8 storage: use simpler 'char *'
'unsigned char *' makes sense if you are doing math on bytes and
don't want to worry about wraparound from a signed 'char'; but
since all we are doing is memcmp() or virReadBufInt*[LB]E(), which
are both safe on either type of char, and since read() prefers to
operate on 'char *', it's simpler to avoid casts by just typing
things as 'char *' from the get-go.  [Technically, read can
operate on an 'unsigned char *' thanks to the C rule that any
pointer can be implicitly converted to 'char *' for legacy K&R
compatibility; but where this patch saves us is if we try to use
virfile.h functions that take 'char **' in order to allocate the
buffer, where the compiler would barf on type mismatch.]

* src/util/virstoragefile.c (FileTypeInfo): Avoid unsigned char.
(cowGetBackingStore, qcow2GetBackingStoreFormat)
(qcowXGetBackingStore, qcow1GetBackingStore)
(qcow2GetBackingStore, vmdk4GetBackingStore, qedGetBackingStore)
(virStorageFileMatchesMagic, virStorageFileMatchesVersion)
(virStorageFileProbeFormatFromBuf, qcow2GetFeatures)
(virStorageFileGetMetadataInternal)
(virStorageFileProbeFormatFromFD): Simplify clients.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-06 15:41:12 -07:00
Giuseppe Scrivano
2b68ad7161 test driver: add support for .connectBaselineCPU
It uses the same functionalities of the qemu driver.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2013-11-06 15:01:17 -07:00
Michal Privoznik
9cc8a5af02 qemuMonitorDispose: Reset lastError
Since the 90139a62 commit the error is copied into mon->lastError but
it's never freed from there.

==31989== 395 bytes in 1 blocks are definitely lost in loss record 877 of 978
==31989==    at 0x4A06C2B: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==31989==    by 0x7EAF129: strdup (in /lib64/libc-2.15.so)
==31989==    by 0x50D586C: virStrdup (virstring.c:554)
==31989==    by 0x50976C1: virCopyError (virerror.c:191)
==31989==    by 0x5097A35: virCopyLastError (virerror.c:312)
==31989==    by 0x114909A9: qemuMonitorIO (qemu_monitor.c:690)
==31989==    by 0x509BEDE: virEventPollDispatchHandles (vireventpoll.c:501)
==31989==    by 0x509C701: virEventPollRunOnce (vireventpoll.c:648)
==31989==    by 0x509A620: virEventRunDefaultImpl (virevent.c:274)
==31989==    by 0x520D21C: virNetServerRun (virnetserver.c:1112)
==31989==    by 0x11F368: main (libvirtd.c:1513)

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-11-06 19:03:30 +01:00
Zeng Junliang
c92ca769af qemu: clean up migration ports when migration cancelled
If there's a migration cancelled, the bitmap of migration port should be
cleaned up too.

Signed-off-by: Zeng Junliang <zengjunliang@huawei.com>
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2013-11-06 15:08:43 +01:00
Laine Stump
b4e0299d4f network: fix connections count in case of allocate failure
This resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1020135

If networkAllocateActualDevice() had failed due to a pool of hostdev
or direct devices being depleted, the calling function could still
call networkReleaseActualDevice() as part of its cleanup, and that
function would then unconditionally decrement the connections count
for the network, even though it hadn't been incremented (due to
failure of allocate). This *was* necessary because the .actual member
of the netdef was allocated with a "lazy" algorithm, only being
created if there was a need to store data there (e.g. if a device was
allocated from a pool, or bandwidth was allocated for the device), so
there was no simple way for networkReleaseActualDevice() to tell if
something really had been allocated (i.e. if "connections++" had been
executed).

This patch changes networkAllocateDevice() to *always* allocate an
actual device for any netdef of type='network', even if it isn't
needed for any other reason. This has no ill effects anywhere else in
the code (except for using a small amount of memory), and
networkReleaseActualDevice() can then determine if there was a
previous successful allocate by checking for .actual != NULL (if not,
it skips the "connections--").
2013-11-06 13:14:57 +02:00
Guido Günther
12dc729a71 virt-login-shell: also build virAtomic.h
Needed for architectures that don't use gcc atomic ops but pthread. This
fixes the armel build that otherwise breaks like:

 CCLD     virt-login-shell
 ../src/.libs/libvirt-setuid-rpc-client.a(libvirt_setuid_rpc_client_la-virobject.o): In function `virClassNew':
 /«PKGBUILDDIR»/debian/build/src/../../../src/util/virobject.c:150: undefined reference to `virAtomicLock'
 ../src/.libs/libvirt-setuid-rpc-client.a(libvirt_setuid_rpc_client_la-virobject.o): In function `virObjectNew':
 /«PKGBUILDDIR»/debian/build/src/../../../src/util/virobject.c:202: undefined reference to `virAtomicLock'
 ../src/.libs/libvirt-setuid-rpc-client.a(libvirt_setuid_rpc_client_la-virobject.o): In function `virObjectUnref':
 /«PKGBUILDDIR»/debian/build/src/../../../src/util/virobject.c:274: undefined reference to `virAtomicLock'
 ../src/.libs/libvirt-setuid-rpc-client.a(libvirt_setuid_rpc_client_la-virobject.o): In function `virObjectRef':
 /«PKGBUILDDIR»/debian/build/src/../../../src/util/virobject.c:295: undefined reference to `virAtomicLock'
 collect2: error: ld returned 1 exit status

See https://buildd.debian.org/status/fetch.php?pkg=libvirt&arch=armel&ver=1.1.4-1&stamp=1383588268
2013-11-05 19:44:27 +01:00
Eric Blake
0705933b89 storage: recognize gluster as networked file
A qcow2 file with a backing file of 'gluster://host/vol/file' should
not try to look for a directory named './gluster:/' in the file system.

* src/util/virstoragefile.c (virBackingStoreIsFile): Broaden check
to include all protocols.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-05 08:36:43 -07:00
Ján Tomko
1569fa14d8 qemu: don't use deprecated -no-kvm-pit-reinjection
Since qemu-kvm 1.1 [1] (since 1.3. in upstream QEMU [2])
'-no-kvm-pit-reinjection' has been deprecated.
Use -global kvm-pit.lost_tick_policy=discard instead.

https://bugzilla.redhat.com/show_bug.cgi?id=978719

[1] http://git.kernel.org/cgit/virt/kvm/qemu-kvm.git/commit/?id=4e4fa39
[2] http://git.qemu.org/?p=qemu.git;a=commitdiff;h=c21fb4f
2013-11-05 16:04:06 +01:00
John Ferlan
5669045580 Resolve Coverity issue regarding not checking return value
Coverity complains that the call to virPCIDeviceDetach() in
qemuPrepareHostdevPCIDevices() doesn't check status return like
other calls.  Seems this just was lurking until a recent change
to this module resulted in Coverity looking harder and finding
the issue.  Introduced by 'a4efb2e33' when function was called
'pciReAttachDevice()'

Just added a ignore_value() since it doesn't appear to matter
if the call fails since we're on a failure path already.
2013-11-05 07:55:54 -05:00
Daniel P. Berrange
9ecbd38c4c Skip any files which are not mounted on the host
Currently the LXC container tries to skip selinux/securityfs
mounts if the directory does not exist in the filesystem,
or if SELinux is disabled.

The former check is flawed because the /sys/fs/selinux
or /sys/kernel/securityfs directories may exist in sysfs
even if the mount type is disabled. Instead of just doing
an access() check, use an virFileIsMounted() to see if
the FS is actually present in the host OS. This also
avoids the need to check is_selinux_enabled().

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-11-05 15:51:48 +08:00
Daniel P. Berrange
bf8874025e Add flag to lxcBasicMounts to control use in user namespaces
Some mounts must be skipped if running inside a user namespace,
since the kernel forbids their use. Instead of strcmp'ing the
filesystem type in the body of the loop, set an explicit flag
in the lxcBasicMounts table.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-11-05 15:51:47 +08:00
Daniel P. Berrange
6d5fdde3dd Remove duplicate entries in lxcBasicMounts array
Currently the lxcBasicMounts array has separate entries for
most mounts, to reflect that we must do a separate mount
operation to make mounts read-only. Remove the duplicate
entries and instead set the MS_RDONLY flag against the main
entry. Then change lxcContainerMountBasicFS to look for the
MS_RDONLY flag, mask it out & do a separate bind mount.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-11-05 15:51:47 +08:00
Daniel P. Berrange
f567a583f3 Remove pointless 'srcpath' variable in lxcContainerMountBasicFS
The 'srcpath' variable is initialized from 'mnt->src' and never
changed thereafter. Some places continue to use 'mnt->src' and
others use 'srcpath'. Remove the pointless 'srcpath' variable
and use 'mnt->src' everywhere.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-11-05 15:51:47 +08:00
Daniel P. Berrange
c6b84a9dee Remove unused 'opts' field from LXC basic mounts struct
The virLXCBasicMountInfo struct contains a 'char *opts'
field passed onto the mount() syscall. Every entry in the
list sets this to NULL though, so it can be removed to
simplify life.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-11-05 15:51:47 +08:00
Daniel P. Berrange
ccacd4fe3b Add virFileIsMountPoint function
Add a function for efficiently checking if a path is a filesystem
mount point.

NB will not work for bind mounts, only true filesystem mounts.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-11-05 15:51:47 +08:00
Michal Privoznik
df4283a55b virpci: Don't error on unbinded devices
https://bugzilla.redhat.com/show_bug.cgi?id=1018897

If a PCI deivce is not binded to any driver (e.g. there's yet no PCI
driver in the linux kernel) but still users want to passthru the device
we fail the whole operation as we fail to resolve the 'driver' link
under the PCI device sysfs tree. Obviously, this is not a fatal error
and it shouldn't be error at all.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-11-04 17:28:51 +01:00
Peter Krempa
629aff378f cpu: x86: Parse the CPU feature map only once
Until now the map was loaded from the XML definition file every time a
operation on the flags was requested. With the introduciton of one shot
initializers we can store the definition forever (as it will never
change) instead of parsing it over and over again.
2013-11-04 11:51:09 +01:00
Jiri Denemark
6f6e1f902a cpu: Export few x86-specific APIs
This makes virCPUx86DataAddCPUID, virCPUx86DataFree, and
virCPUx86MakeData available for direct usage outside of cpu driver in
tests and the new qemu monitor that will request the actual CPU
definition from a running qemu instance.
2013-11-04 11:26:55 +01:00
Peter Krempa
b0f8546203 nodeinfo: Remove libnuma include
Now that all libnuma functions used by libvirt are wrapped in virNuma we
can remove the dependancy from nodeinfo.
2013-11-04 10:50:20 +01:00
Peter Krempa
223521bd33 numa: Add wrapper of numa_node_to_cpus and use it 2013-11-04 10:50:20 +01:00
Peter Krempa
f162a229e7 caps: Fix function docs for virCapabilitiesAddHostNUMACell 2013-11-04 10:50:20 +01:00
Peter Krempa
15ca990229 numa: Replace NUMA_MAX_N_CPUS macro with virNumaGetMaxCPUs() 2013-11-04 10:50:20 +01:00
Peter Krempa
5ed9b3bc29 nodeinfo: Get rid of nodeGetCellMemory
The function was called in a single place only and was reporting errors
that were later ignored. Use the virNumaGetNodeMemory helper to get the
size of the memory in the NUMA node and remove the helper
2013-11-04 10:50:20 +01:00
Peter Krempa
9dd02965a5 numa: Introduce virNumaGetNodeMemory and use it instead of numa_node_size64 2013-11-04 10:50:19 +01:00
Peter Krempa
f72cfea1ab numa: Introduce virNumaGetMaxNode and use it instead of numa_max_node
Avoid necessary checks for the numa library with this helper.
2013-11-04 10:50:19 +01:00
Peter Krempa
0ce5d94636 nodeinfo: Avoid forward declarations of static functions
linuxNodeGetCPUStats() and linuxNodeGetMemoryStats() are static and
don't need a forward declaration.
2013-11-04 10:50:14 +01:00
Peter Krempa
f8ee8fe3f9 numa: Introduce virNumaIsAvailable and use it instead of numa_available
All functions from libnuma must be protected with ifdefs. Avoid this by
using our own wrapper.
2013-11-04 10:48:00 +01:00
Ryota Ozaki
8079b0e0f4 virnetsocket: fix getsockopt on FreeBSD
aa0f099 introduced a strict error checking for getsockopt and it
revealed that getting a peer credential of a socket on FreeBSD
didn't work. Libvirtd hits the error:
  error : virNetSocketGetUNIXIdentity:1198 : Failed to get valid
  client socket identity groups

SOL_SOCKET (0xffff) was used as a level of getsockopt for
LOCAL_PEERCRED, however, it was wrong. 0 is correct as well as
Mac OS X.

So for LOCAL_PEERCRED our options are SOL_LOCAL (if defined) or
0 on Mac OS X and FreeBSD. According to the fact, the patch
simplifies the code by removing ifdef __APPLE__.

I tested the patch on FreeBSD 8.4, 9.2 and 10.0-BETA1.

Signed-off-by: Ryota Ozaki <ozaki.ryota@gmail.com>
2013-11-03 17:08:55 -06:00
Doug Goldstein
9fa3a8ab6f MacOS: Handle changes to xdrproc_t definition
With Mac OS X 10.9, xdrproc_t is no longer defined as:

typedef bool_t (*xdrproc_t)(XDR *, ...);

but instead as:

typdef bool_t (*xdrproc_t)(XDR *, void *, unsigned int);

For reference, Linux systems typically define it as:

typedef bool_t (*xdrproc_t)(XDR *, void *, ...);

The rationale explained in the header is that using a vararg is
incorrect and has a potential to change the ABI slightly do to compiler
optimizations taken and the undefined behavior. They decided
to specify the exact number of parameters and for compatibility with old
code decided to make the signature require 3 arguments. The third
argument is ignored for cases that its not used and its recommended to
supply a 0.
2013-11-03 09:34:10 -06:00
Jeremy Fitzhardinge
ba1bf10063 libxl: fix dubious cpumask handling in libxlDomainSetVcpuAffinities
Rather than casting the virBitmap pointer to uint8_t* and then using
the structure contents as a byte array, use the virBitmap API to determine
the bitmap size and test each bit.

Signed-off-by: Jeremy Fitzhardinge <jeremy@goop.org>
2013-11-01 09:05:36 -06:00
Jim Fehlig
835f992a68 Revert "libxl: Fix possible invalid read"
This reverts commit 394d6e0a95.
The real problem is accessing the virtBitmap structure as a byte
array, which was correctly identified and fixed by Jeremy Fitzhardinge

https://www.redhat.com/archives/libvir-list/2013-October/msg01257.html
2013-11-01 09:05:36 -06:00
Bamvor Jian Zhang
a52fa5569a fix api changes in xen restore
in recently xen commit: 7051d5c8, there is a api changes in
libxl_domain_create_restore.
Author: Andrew Cooper <andrew.cooper3@citrix.com>
Date:   Thu Oct 10 12:23:10 2013 +0100

    tools/migrate: Fix regression when migrating from older version of Xen

use the macro LIBXL_HAVE_DOMAIN_CREATE_RESTORE_PARAMS in libxl.h
in order to make libvirt could compile with old and new xen.

the params checkpointed_stream is useful if libvirt libxl driver
support migration. for new, set it as zero.

Signed-off-by: Bamvor Jian Zhang <bjzhang@suse.com>
2013-11-01 08:10:48 -06:00
Daniel P. Berrange
89759301de Fix race in starting transient VMs
When starting a transient VM the first thing done is to check
for duplicates. The check looks if there are any running VMs
with the matching name/uuid. It explicitly allows there to
be inactive VMs, so that a persistent VM can be temporarily
booted with a different config.

There is a race condition, however, where 2 or more clients
try to create the same transient VM. The first client will
cause a virDomainObjPtr to be added to the domain list, and
it is inactive at this stage. The second client may then
come along and see this inactive VM, and mistake it for a
persistent VM.

If the first VM fails to start its transient guest for any
reason, then it'll remove the virDomainObjPtr from the list.
The second client now has a virDomainObjPtr that it can try
to boot, which libvirt no longer has a record of. The result
can be a running QEMU process that is orphaned.

It was also, however, possible for the virDomainObjPtr to be
completely free'd which will cause libvirtd to crash in some
scenarios.

The fix is to only allow an existing inactive VM if it is
marked as persistent.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-11-01 11:10:25 +00:00
Ján Tomko
3e1e16aa8d Use a port from the migration range for NBD as well
Instead of using a port from the remote display range.

https://bugzilla.redhat.com/show_bug.cgi?id=1025699
2013-11-01 12:07:12 +01:00
Ryota Ozaki
87176d0ce9 nodedev_hal: fix segfault when virDBusGetSystemBus fails
Thie patch fixes the segfault:
    error : nodeStateInitialize:658 : DBus not available,
      disabling HAL driver: internal error: Unable to get DBus
      system bus connection: Failed to connect to socket
      /var/run/dbus/system_bus_socket: No such file or directory
    error : nodeStateInitialize:719 :  ?:
    Caught Segmentation violation dumping internal log buffer:

This segfault occurs at the below VIR_ERROR:
  failure:
      if (dbus_error_is_set(&err)) {
          VIR_ERROR(_("%s: %s"), err.name, err.message);

When virDBusGetSystemBus fails, the code jumps to the above failure
path. However, the err variable is not correctly initialized
before calling virDBusGetSystemBus. As a result, dbus_error_is_set
may pass over the uninitialized err variable whose name or
message may point to somewhere unknown memory region, which
causes a segfault on VIR_ERROR.

The new code initializes the err variable before calling
virDBusGetSystemBus.

Signed-off-by: Ryota Ozaki <ozaki.ryota@gmail.com>
2013-10-31 11:21:10 -06:00
Daniel P. Berrange
4b9862775c Improve debugging of QEMU start/stop
Include reference of the VM object pointer and name in debug
logs for QEMU start/stop functions. Also make sure we log the
PID that we started, since it isn't available elsewhere in the
logs.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-31 16:56:01 +00:00
Daniel P. Berrange
dddc57a339 Improve debugging of job enter/exit code
In debugging a recent oVirt/libvirt race condition, I was very
frustrated by lack of logging in the job enter/exit code. This
patch adds some key data which would have been useful in by
debugging attempts.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-31 16:56:01 +00:00
Hongwei Bi
903bd69782 xenapi: fix coding style in xenapi_driver.c
Fix the if statement coding style.

Signed-off-by: Hongwei Bi <hwbi2008@gmail.com>
2013-10-31 14:53:05 +01:00
Eric Blake
41183cf7bb storage: use correct type for array count
Using size_t counts will let us use VIR_APPEND_ELEMENT and friends.

* src/conf/storage_conf.h (_virStoragePoolObjList)
(_virStorageVolDefList): Track list sizes with size_t.
* src/storage/storage_backend_rbd.c
(virStorageBackendRBDRefreshPool): Fix type fallout.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-10-30 17:13:24 -06:00
Eric Blake
fb8613525d maint: avoid further typedef accidents
To make it easier to forbid future attempts at a confusing typedef
name ending in Ptr that isn't actually a pointer, insist that we
follow our preferred style of 'typedef foo *fooPtr'.

* cfg.mk (sc_forbid_const_pointer_typedef): Enforce consistent
style, to prevent issue fixed in previous storage patch.
* src/conf/capabilities.h (virCapsPtr): Fix offender.
* src/security/security_stack.c (virSecurityStackItemPtr):
Likewise.
* tests/qemucapabilitiestest.c (testQemuDataPtr): Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-10-30 17:02:12 -06:00
Claudio Bley
52dbeac8e7 libvirt.c: indent code of virDomainGetMemoryParameters's documentation
By indenting code inside of comments, it gets recognized as a
code block when generating the HTML documentation.
2013-10-30 17:30:12 +01:00
Claudio Bley
6d19d742bc libvirt.c: add 2 spaces of indentation to example code of virStreamSend
See libvirt-libvirt.html#virStreamSend for the effect.
2013-10-30 17:30:12 +01:00
Daniel P. Berrange
f26701f565 Fix race condition reconnecting to vms & loading configs
The following sequence

 1. Define a persistent QMEU guest
 2. Start the QEMU guest
 3. Stop libvirtd
 4. Kill the QEMU process
 5. Start libvirtd
 6. List persistent guests

At the last step, the previously running persistent guest
will be missing. This is because of a race condition in the
QEMU driver startup code. It does

 1. Load all VM state files
 2. Spawn thread to reconnect to each VM
 3. Load all VM config files

Only at the end of step 3, does the 'virDomainObjPtr' get
marked as "persistent". There is therefore a window where
the thread reconnecting to the VM will remove the persistent
VM from the list.

The easy fix is to simply switch the order of steps 2 & 3.

In addition to this though, we must only attempt to reconnect
to a VM which had a non-zero PID loaded from its state file.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-30 11:16:18 +00:00
Daniel P. Berrange
54a2411220 Fix leak of objects when reconnecting to QEMU instances
The 'error' cleanup block in qemuProcessReconnect() had a
'return' statement in the middle of it. This caused a leak
of virConnectPtr & virQEMUDriverConfigPtr instances. This
was identified because netcf recently started checking its
refcount in libvirtd shutdown:

netcfStateCleanup:109 : internal error: Attempt to close netcf state driver with open connections

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-30 11:16:17 +00:00
Daniel P. Berrange
b260a77e34 Don't update dom->persistent without lock held
virDomainObjListLoadAllConfigs sets dom->persistent after
having released its lock on the domain object. This exposes
a possible race condition.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-30 11:16:17 +00:00
John Ferlan
aa42bb1700 Add '+' to uid/gid printing for label processing
To ensure proper processing by virGetUserID() and virGetGroupID()
of a uid/gid add a "+" prior to the uid/gid to denote it's really
a uid/gid for the label.
2013-10-29 17:10:15 -04:00
Eric Blake
8e7f57a7b8 storage: fix incorrect typedef
The rbd code had a confusing typedef ending in Ptr that was not
actually a pointer, which made the rest of the code harder to
read.  This fixes things to actually pass by pointer rather than
by copy.

* src/storage/storage_backend_rbd.c (virStorageBackendStatePtr):
Fix typedef.
(virStorageBackendRBDOpenRADOSConn)
(virStorageBackendRBDCloseRADOSConn)
(volStorageBackendRBDRefreshVolInfo)
(virStorageBackendRBDRefreshPool, virStorageBackendRBDDeleteVol)
(virStorageBackendRBDCreateVol, virStorageBackendRBDRefreshVol)
(virStorageBackendRBDResizeVol): Fix fallout.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-10-29 10:27:43 -06:00
Peter Krempa
8e362a8955 apparmor: Fix typo in function name in driver struct initialization
Commit 64a68a4a introduced a typo in the initialization of the apparmor
driver structure breaking the build with apparmor enabled.
2013-10-29 17:01:22 +01:00
Michael Chapman
0883f3ba04 qemu: fix well-formed migration URI formatting
When adding an automatically allocated port to a well-formed migration
URI, keep it well-formed:

  tcp://1.2.3.4/  ->  tcp://1.2.3.4/:12345   # wrong
  tcp://1.2.3.4/  ->  tcp://1.2.3.4:12345/   # fixed
  tcp://1.2.3.4   ->  tcp://1.2.3.4:12345    # still works
  tcp:1.2.3.4     ->  tcp:1.2.3.4:12345      # still works (old syntax)

Signed-off-by: Michael Chapman <mike@very.puzzling.org>
2013-10-29 08:49:42 -06:00
Gao feng
919374c73e LXC: don't free tty before using it in lxcContainerSetupDevices
Introduced by commit 0f31f7b.

Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2013-10-29 15:44:56 +01:00
Giuseppe Scrivano
b51038a4cd capabilities: add baselabel per sec driver/virt type to secmodel
Expand the "secmodel" XML fragment of "host" with a sequence of
baselabel's which describe the default security context used by
libvirt with a specific security model and virtualization type:

<secmodel>
  <model>selinux</model>
  <doi>0</doi>
  <baselabel type='kvm'>system_u:system_r:svirt_t:s0</baselabel>
  <baselabel type='qemu'>system_u:system_r:svirt_tcg_t:s0</baselabel>
</secmodel>
<secmodel>
  <model>dac</model>
  <doi>0</doi>
  <baselabel type='kvm'>107:107</baselabel>
  <baselabel type='qemu'>107:107</baselabel>
</secmodel>

"baselabel" is driver-specific information, e.g. in the DAC security
model, it indicates USER_ID:GROUP_ID.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2013-10-29 07:06:04 -06:00
Giuseppe Scrivano
64a68a4a09 security: add new internal function "virSecurityManagerGetBaseLabel"
virSecurityManagerGetBaseLabel queries the default settings used by
a security model.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2013-10-29 06:57:07 -06:00
Giuseppe Scrivano
4387132f31 security: use a single function to set DAC user and group
Merge the functions 'virSecurityDACSetUser' and
'virSecurityDACSetGroup' into 'virSecurityDACSetUserAndGroup'.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2013-10-29 06:55:09 -06:00
Chen Hanxiao
8e1336fea9 Skip debug message in lxcContainerSetID if no map is set.
The lxcContainerSetID() method prints a misleading log
message about setting the uid/gid when no ID map is
present in the XML config. Skip the debug message in
this case.

Signed-off-by: Chen Hanxiao <chenhanxiao@cn.fujitsu.com>
2013-10-28 11:19:20 +00:00
John Ferlan
ab479c9038 Avoid Coverity DEADCODE warning
Commit '922b7fda' resulted in two DEADCODE warnings from Coverity in
remoteDispatchAuthPolkit and virAccessDriverPolkitFormatProcess.
Commit '604ae657' modified the daemon.c code to remove the deadcode
issue, but did not do so for viracessdriverpolkit.c. This just mimics
the same changes
2013-10-24 06:40:18 -04:00
Martin Kletzander
394d6e0a95 libxl: Fix possible invalid read
According to the following valgrind output, there seems to be a
invalid limit for the iterator (captured on Fedora 19):

==3945== Invalid read of size 1
==3945==    at 0x1E1FA410: libxlVmStart (libxl_driver.c:475)
==3945==    by 0x1E1FAD9A: libxlDomainCreateWithFlags (libxl_driver.c:2633)
==3945==    by 0x5187D46: virDomainCreate (libvirt.c:9439)
==3945==    by 0x13BAA6: remoteDispatchDomainCreateHelper (remote_dispatch.h:2910)
==3945==    by 0x51DE5B9: virNetServerProgramDispatch (virnetserverprogram.c:435)
==3945==    by 0x51D93E7: virNetServerHandleJob (virnetserver.c:165)
==3945==    by 0x50F5BF4: virThreadPoolWorker (virthreadpool.c:144)
==3945==    by 0x50F5670: virThreadHelper (virthreadpthread.c:161)
==3945==    by 0x8046C52: start_thread (pthread_create.c:308)
==3945==    by 0x8758E1C: clone (clone.S:113)
==3945==  Address 0x23424d81 is 0 bytes after a block of size 1 alloc'd
==3945==    at 0x4A08121: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==3945==    by 0x50B1F8C: virAllocN (viralloc.c:189)
==3945==    by 0x1E1FA3CA: libxlVmStart (libxl_driver.c:468)
==3945==    by 0x1E1FAD9A: libxlDomainCreateWithFlags (libxl_driver.c:2633)
==3945==    by 0x5187D46: virDomainCreate (libvirt.c:9439)
==3945==    by 0x13BAA6: remoteDispatchDomainCreateHelper (remote_dispatch.h:2910)
==3945==    by 0x51DE5B9: virNetServerProgramDispatch (virnetserverprogram.c:435)
==3945==    by 0x51D93E7: virNetServerHandleJob (virnetserver.c:165)
==3945==    by 0x50F5BF4: virThreadPoolWorker (virthreadpool.c:144)
==3945==    by 0x50F5670: virThreadHelper (virthreadpthread.c:161)
==3945==    by 0x8046C52: start_thread (pthread_create.c:308)
==3945==    by 0x8758E1C: clone (clone.S:113)
==3945==

Related: https://bugzilla.redhat.com/show_bug.cgi?id=1013045
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2013-10-24 11:14:28 +01:00
Hongwei Bi
3a8cc9cf50 networkStartDhcpDaemon: Check for dnsmasqCapsRefresh failure
Currently, we ignore whether dnsmasqCapsRefresh succeeds or fails. We
shouldn't do that as we may generate wrong dnsmasq command line (what
is done just a few lines below).

Signed-off-by: Hongwei Bi <hwbi2008@gmail.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-10-22 17:14:13 +01:00
Doug Goldstein
e24aec629d rpc: Retrieve peer PID via new getsockopt() for Mac
While LOCAL_PEERCRED on the BSDs does not return the pid information of
the peer, Mac OS X 10.8 added LOCAL_PEERPID to retrieve the pid so we
should use that when its available to get that information.
2013-10-22 10:51:31 -05:00
Michal Privoznik
e3e9d3b1be Get rid of shadowed booleans
There are still two places where we are using 1bit width unsigned
integer to store a boolean. There's no real need for this and these
occurrences can be replaced with 'bool'.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-10-22 15:50:47 +01:00
Jim Fehlig
5a0ea4b7b9 build: fix linking virt-login-shell
After commit 3e2f27e1, I've noticed build failures of virt-login-shell
when libapparmor-devel is installed on the build host

CCLD     virt-login-shell
../src/.libs/libvirt-setuid-rpc-client.a(libvirt_setuid_rpc_client_la-vircommand.o):
In function `virExec':
/home/jfehlig/virt/upstream/libvirt/src/util/vircommand.c:653: undefined
reference to `aa_change_profile'
collect2: error: ld returned 1 exit status

I was about to commit an easy fix under the build-breaker rule
(build-fix-1.patch), but thought to extend the notion of SECDRIVER_LIBS
to SECDRIVER_CFLAGS, and use both throughout src/Makefile.am where it
makes sense (build-fix-2.patch).

Should I just stick with the simple fix, or is something along the lines
of patch 2 preferred?

Regards,
Jim

>From a0f35945f3127ab70d051101037e821b1759b4bb Mon Sep 17 00:00:00 2001
From: Jim Fehlig <jfehlig@suse.com>
Date: Mon, 21 Oct 2013 15:30:02 -0600
Subject: [PATCH] build: fix virt-login-shell build with apparmor

With libapparmor-devel installed, virt-login-shell fails to link

CCLD     virt-login-shell
../src/.libs/libvirt-setuid-rpc-client.a(libvirt_setuid_rpc_client_la-vircommand.o): In function `virExec':
/home/jfehlig/virt/upstream/libvirt/src/util/vircommand.c:653: undefined reference to `aa_change_profile'
collect2: error: ld returned 1 exit status

Fix by linking libvirt_setuid_rpc_client with previously determined
SECDRIVER_LIBS in src/Makefile.am.  While at it, introduce SECDRIVER_CFLAGS
and use both throughout src/Makefile.am where it makes sense.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
2013-10-22 15:50:47 +01:00
Ryota Ozaki
ae6b5da3d1 nodeinfo: fix physical memory size on Mac OS X
HW_PHYSMEM is available on Mac OS X as well as FreeBSD, however,
its resulting value for Mac OS X is 32 bits. Mac OS X provides
HW_MEMSIZE that is 64 bits version of HW_PHYSMEM. We have to use it.

I tested the patch on Mac OS X 10.6.8, 10.7.4, 10.8.5 and FreeBSD 9.2.

Signed-off-by: Ryota Ozaki <ozaki.ryota@gmail.com>
2013-10-21 23:45:28 -05:00
Laine Stump
69e047ae21 qemu: fix removal of <interface type='hostdev'>
This patch (and the two patches that precede it) resolve:

  https://bugzilla.redhat.com/show_bug.cgi?id=1005682

When libvirt was changed to delay the final cleanup of device removal
until the qemu process had signaled it with a DEVICE_DELETED event for
that device, the hostdev removal function
(qemuDomainRemoveHostDevice()) was written to properly handle the
removal of a hostdev that was actually an SRIOV virtual function
(defined with <interface type='hostdev'>). However, the function used
to search for a device matching the alias name provided in the
DEVICE_DELETED message (virDomainDefFindDevice()) would search through
the list of netdevs before hostdevs, so qemuDomainRemoveHostDevice()
was never called; instead the netdev function,
qemuDomainRemoveNetDevice() (which *doesn't* properly cleanup after
removal of <interface type='hostdev'>), was called.

(As a reminder - each <interface type='hostdev'> results in a
virDomainNetDef which contains a virDomainHostdevDef having a parent
type of VIR_DOMAIN_DEVICE_NET, and parent.data.net pointing back to
the virDomainNetDef; both Defs point to the same device info object
(and the info contains the device's "alias", which is used by qemu to
identify the device). The virDomainHostdevDef is added to the domain's
hostdevs list *and* the virDomainNetDef is added to the domain's nets
list, so searching either list for a particular alias will yield a
positive result.)

This function modifies the qemuDomainRemoveNetDevice() to short
circuit itself and call qemu DomainRemoveHostDevice() instead when the
actual device is a VIR_DOMAIN_NET_TYPE_HOSTDEV (similar logic to what
is done in the higher level qemuDomainDetachNetDevice())

Note that even if virDomainDefFindDevice() changes in the future so
that it finds the hostdev entry first, the current code will continue
to work properly.
2013-10-21 18:09:04 +03:00
Laine Stump
c5561644d8 qemu: move qemuDomainRemoveNetDevice to avoid forward reference
pure code movement to setup for next patch.
2013-10-21 18:07:49 +03:00
Laine Stump
7a600cf77f qemu: simplify calling qemuDomainHostdevNetConfigRestore
This function was called in three places, and in each the call was
qualified by a slightly different conditional. In reality, this
function should only be called for a hostdev if all of the following
are true:

  1) mode='subsystem'
  2) type='pci'
  3) there is a parent device definition which is an <interface>
     (VIR_DOMAIN_DEVICE_NET)

We can simplify the callers and make them more consistent by checking
these conditions at the top ov qemuDomainHostdevNetConfigRestore and
returning 0 if one of them isn't satisfied.

The location of the call to qemuDomainHostdevNetConfigRestore() has
also been changed in the hot-plug case - it is moved into the caller
of its previous location (i.e. from qemuDomainRemovePCIHostDevice() to
qemuDomainRemoveHostDevice()). This was done to be more consistent
about which functions pay attention to whether or not this is one of
the special <interface> hostdevs or just a normal hostdev -
qemuDomainRemoveHostDevice() already contained a call to
networkReleaseActualDevice() and virDomainNetDefFree(), so it makes
sense for it to also handle the resetting of the device's MAC address
and vlan tag (which is what's done by
qemuDomainHostdevNetConfigRestore()).
2013-10-21 18:06:30 +03:00
Daniel P. Berrange
9cd6a57db6 Block all use of libvirt.so in setuid programs
Avoid people introducing security flaws in their apps by
forbidding the use of libvirt.so in setuid programs, with
a check in virInitialize.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-21 14:03:52 +01:00
Daniel P. Berrange
9b0af09240 Remove (nearly) all use of getuid()/getgid()
Most of the usage of getuid()/getgid() is in cases where we are
considering what privileges we have. As such the code should be
using the effective IDs, not real IDs.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-21 14:03:52 +01:00
Daniel P. Berrange
c566fa1ad0 Add stub getegid impl for platforms lacking it
We already have stubs for getuid, geteuid, getgid but
not for getegid. Something in gnulib already does a
check for it during configure, so we already have the
HAVE_GETEGID macro defined.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-21 14:03:52 +01:00
Daniel P. Berrange
171bb12911 Don't allow remote driver daemon autostart when running setuid
We don't want setuid programs automatically spawning libvirtd,
so disable any use of autostart when setuid.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-21 14:03:52 +01:00
Daniel P. Berrange
e22b0232c7 Only allow the UNIX transport in remote driver when setuid
We don't know enough about quality of external libraries used
for non-UNIX transports, nor do we want to spawn external
commands when setuid. Restrict to the bare minimum which is
UNIX transport for local usage. Users shouldn't need to be
running setuid if connecting to remote hypervisors in any
case.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-21 14:03:52 +01:00
Daniel P. Berrange
71b21f12be Block all use of getenv with syntax-check
The use of getenv is typically insecure, and we want people
to use our wrappers, to force them to think about setuid
needs.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-21 14:03:52 +01:00
Daniel P. Berrange
1e4a02bdfe Remove all direct use of getenv
Unconditional use of getenv is not secure in setuid env.
While not all libvirt code runs in a setuid env (since
much of it only exists inside libvirtd) this is not always
clear to developers. So make all the code paranoid, even
if it only ever runs inside libvirtd.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-21 14:03:52 +01:00
Daniel P. Berrange
9b8f307c6a Make virCommand env handling robust in setuid env
When running setuid, we must be careful about what env vars
we allow commands to inherit from us. Replace the
virCommandAddEnvPass function with two new ones which do
filtering

  virCommandAddEnvPassAllowSUID
  virCommandAddEnvPassBlockSUID

And make virCommandAddEnvPassCommon use the appropriate
ones

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-21 14:03:52 +01:00
Daniel P. Berrange
3e2f27e13b Don't link virt-login-shell against libvirt.so (CVE-2013-4400)
The libvirt.so library has far too many library deps to allow
linking against it from setuid programs. Those libraries can
do stuff in __attribute__((constructor) functions which is
not setuid safe.

The virt-login-shell needs to link directly against individual
files that it uses, with all library deps turned off except
for libxml2 and libselinux.

Create a libvirt-setuid-rpc-client.la library which is linked
to by virt-login-shell. A config-post.h file allows this library
to disable all external deps except libselinux and libxml2.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-21 14:03:52 +01:00
Daniel P. Berrange
8c3586ea75 Only allow 'stderr' log output when running setuid (CVE-2013-4400)
We must not allow file/syslog/journald log outputs when running
setuid since they can be abused to do bad things. In particular
the 'file' output can be used to overwrite files.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-21 14:03:52 +01:00
Daniel P. Berrange
ae53e5d10e Add helpers for getting env vars in a setuid environment
Care must be taken accessing env variables when running
setuid. Introduce a virGetEnvAllowSUID for env vars which
are safe to use in a setuid environment, and another
virGetEnvBlockSUID for vars which are not safe. Also add
a virIsSUID helper method for any other non-env var code
to use.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-21 14:03:52 +01:00
Daniel P. Berrange
57687fd6bf Fix perms for virConnectDomainXML{To,From}Native (CVE-2013-4401)
The virConnectDomainXMLToNative API should require 'connect:write'
not 'connect:read', since it will trigger execution of the QEMU
binaries listed in the XML.

Also make virConnectDomainXMLFromNative API require a full
read-write connection and 'connect:write' permission. Although the
current impl doesn't trigger execution of QEMU, we should not
rely on that impl detail from an API permissioning POV.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-21 13:58:40 +01:00
Geoff Hickey
2de2458efa Fix a problem introduced by commit 99889012
The meaning of one line of code was accidentally inverted.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-10-18 12:44:05 -06:00
Michal Privoznik
d9be5a7157 qemu: Fix augeas support for migration ports
Commit e3ef20d7 allows user to configure migration ports range via
qemu.conf. However, it forgot to update augeas definition file and
even the test data was malicious.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-10-18 18:30:13 +02:00
Jiri Denemark
e3ef20d7f7 qemu: Make migration port range configurable
https://bugzilla.redhat.com/show_bug.cgi?id=1019053
2013-10-18 16:35:38 +02:00
Wang Yufei
0196845d3a qemu: Avoid assigning unavailable migration ports
https://bugzilla.redhat.com/show_bug.cgi?id=1019053

When we migrate vms concurrently, there's a chance that libvirtd on
destination assigns the same port for different migrations, which will
lead to migration failure during prepare phase on destination. So we use
virPortAllocator here to solve the problem.

Signed-off-by: Wang Yufei <james.wangyufei@huawei.com>
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2013-10-18 16:34:09 +02:00
Michal Privoznik
9b3c8bd4f8 viralloc.h: Fix typo in VIR_APPEND_ELEMENT_COPY_QUIT
In fact, the suffix should be _QUIET not _QUIT to stress the
fact, that no OOM error is reported on error.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-10-18 15:50:31 +02:00
Christophe Fergeau
68eb3709a1 netcf: Don't complain when cleanup is called before init
netcfStateInitialize() initializes the driverState variable,
and when netcfStateCleanup is called, it will call virReportError()
if driverState is NULL.
This is not consistent with what other state objects are doing,
they return -1 without reporting an error in such cases.

See also
https://www.redhat.com/archives/libvir-list/2013-October/msg00809.html:

On Thu, Oct 17, 2013 at 01:40:19PM +0100, Daniel P. Berrange wrote:
> We don't want virStateCleanup to skip execution if virStateInitialize
> has failed though - every callback in virStateCleanup should be written
> to be safe if its corresponding init function hasn't run.
2013-10-18 14:31:51 +02:00
Zhou Yimin
9712c2510e remote: fix regression in event deregistration
Introduced by 7b87a3
When I quit the process which only register VIR_DOMAIN_EVENT_ID_REBOOT,
I got error like:
"libvirt: XML-RPC error : internal error: domain event 0 not registered".
Then I add the following code, it fixed.

Signed-off-by: Zhou Yimin <zhouyimin@huawei.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2013-10-18 06:21:29 -06:00
John Ferlan
0cacffac64 Remove ATTRIBUTE_NONNULL(3) from qemuMonitorJSONDrivePivot
The header definition didn't match the function declaration, so adjusted
header to reflect the definition.

Found during a Coverity build where STATIC_ANALYSIS is enabled resulting
in the internal.h adding __nonnull__ handling to arguments.

Commit '6d264c91' added support for the qemuMonitorJSONDrivePivot() and
commit 'fbc3adc9' added a corresponding test which ended up triggering
the build failure which I didn't notice until today!
2013-10-17 19:36:42 -04:00
Geoff Hickey
7ab40c5d09 esx: Remove unnecessary NULL comparisons (3/3)
Code cleanup: remove explicit NULL comparisons like ptr == NULL and
ptr != NULL from the ESX code, replacing them with the simpler ptr
and !ptr.

Part three of three.
2013-10-17 11:27:08 -06:00
Geoff Hickey
42c20d4bef esx: Remove unnecessary NULL comparisons (2/3)
Code cleanup: remove explicit NULL comparisons like ptr == NULL and
ptr != NULL from the ESX code, replacing them with the simpler ptr
and !ptr.

Part two of three.
2013-10-17 11:27:08 -06:00
Geoff Hickey
9988901267 esx: Remove unnecessary NULL comparisons (1/3)
Code cleanup: remove explicit NULL comparisons like ptr == NULL and
ptr != NULL from the ESX code, replacing them with the simpler ptr
and !ptr.

Part one of three.
2013-10-17 11:27:08 -06:00
Daniel P. Berrange
291a6ef3e4 Add support for enabling SASL for SPICE guests
QEMU has support for SASL auth for SPICE guests, but libvirt
has no way to enable it. Following the example from VNC where
it is globally enabled via qemu.conf

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-17 16:02:43 +01:00
Michal Privoznik
ac5f3f292b qemuDomainCleanupRemove: s/memmove/VIR_DELETE_ELEMENT_INPLACE/
The last argument of memmove is the amount of bytes to be moved. The
amount is in Bytes. We are moving some void pointers around. However,
since sizeof(void *) is not Byte on any architecture, we've got the
arithmetic wrong.
2013-10-17 15:24:05 +02:00
Brian Candler
aa0f09929d better error checking for LOCAL_PEERCRED
This patch improves the error checking in the LOCAL_PEERCRED version
of virNetSocketGetUNIXIdentity, used by FreeBSD and Mac OSX.

1. The error return paths now correctly unlock the socket. This is
implemented in exactly the same way as the SO_PEERCRED version,
using "goto cleanup"

2. cr.cr_ngroups is initialised to -1, and cr.cr_ngroups is checked
for negative and overlarge values.

This means that if the getsockopt() call returns success but doesn't
actually update the xucred structure, this is now caught. This
happened previously when getsockopt was called with SOL_SOCKET
instead of SOL_LOCAL, prior to commit 5a468b3, and resulted in
random uids being accepted.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-10-17 06:24:49 -06:00
Christophe Fergeau
6340c7dda0 remote-driver: Fix 'leav' typo in comment 2013-10-16 17:27:19 +02:00
Osier Yang
0959785d3b rpc: Correct the wrong payload size checking
<...>
/* Size of message length field. Not counted in VIR_NET_MESSAGE_MAX
 * and VIR_NET_MESSAGE_INITIAL.
 */
const VIR_NET_MESSAGE_LEN_MAX = 4;
</...>

However, msg->bufferLength includes the length word. The wrong checking
was introduced by commit e914dcfd.

* src/rpc/virnetmessage.c:
  - Correct the checking in virNetMessageEncodePayloadRaw
  - Use a new variable to track the new payload length in
    virNetMessageEncodePayloadRaw
2013-10-16 20:36:46 +08:00
Daniel P. Berrange
8757d0abbc Add support for detecting PPC little endian arches
The recent patch series proposing the addition of PPC little endian
arch support to Linux defines new arch names 'ppcle' and 'ppc64le':

https://lists.ozlabs.org/pipermail/linuxppc-dev/2013-August/109908.html

This just makes libvirt know about these arch names, so it doesn't
immediately trip up if it seems these new names from uname.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-16 12:40:35 +01:00
Daniel P. Berrange
0894ce863f Fix typo breaking cgroups for NBD backed filesystems
A typo in the setup of NBD backed filesystems meant the
/dev/nbdN device would not be added to the cgroups device
ACL.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-16 12:22:40 +01:00
Daniel P. Berrange
8f132ef1b1 Add some logging to LXC disk/fs nbd/loop setup
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-16 12:22:40 +01:00
Daniel P. Berrange
1d8afffecd Add logging to LXC cgroup devices setup
To facilitate debugging, add some more logging to LXC cgroup
devices ACL setup.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-16 12:22:40 +01:00
Daniel P. Berrange
64d4eb6a50 Add log statement when NBD device is setup
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-16 12:22:40 +01:00
Pranavkumar Sawargaonkar
2f064f35d5 Implement minimal sysinfo for AArch64 platforms.
Implement the bare minimal sysinfo for AArch64 platforms by
reading the CPU models from /proc/cpuinfo.

Signed-off-by: Anup Patel <anup.patel@linaro.org>
Signed-off-by: Pranavkumar Sawargaonkar <pranavkumar@linaro.org>
2013-10-15 16:59:43 -04:00
Pranavkumar Sawargaonkar
950127620d AArch64: Parse cputopology from /proc/cpuinfo.
CPU "parser" for AArch64.
Showing cputopology in arm64 linux is work-in-progress so for now
all AArch64 cpus belong to same socket (like PPC).

Also we parse BogoMIPS same like arm 32bit.

Signed-off-by: Anup Patel <anup.patel@linaro.org>
Signed-off-by: Pranavkumar Sawargaonkar <pranavkumar@linaro.org>
2013-10-15 16:59:43 -04:00
Pranavkumar Sawargaonkar
5cb6816715 AArch64: CPU Support for AArch64 (ARMv8 64bit).
Adding CPU encoder/decoder for AArch64.

Signed-off-by: Anup Patel <anup.patel@linaro.org>
Signed-off-by: Pranavkumar Sawargaonkar <pranavkumar@linaro.org>

(crobinso: fix for recent libvirt Ptr refactoring)
2013-10-15 16:59:26 -04:00
Pranavkumar Sawargaonkar
670c08afd4 AArch64: Add AArch64 architecture to list of valid arches.
Adding AArch64(ARMv8 64bit) to the current list of valid architectures.

For now, AArch64 name would imply AArch64 LE mode only. In future,
we might have separate names for AArch64 LE and BE.

Signed-off-by: Anup Patel <anup.patel@linaro.org>
Signed-off-by: Pranavkumar Sawargaonkar <pranavkumar@linaro.org>
2013-10-15 16:55:11 -04:00
Dusty Mabe
4132dede06 Ignore thin pool LVM devices.
This should resolve:

  https://bugzilla.redhat.com/show_bug.cgi?id=924672

For BZ 924672 the problem stems from the fact that thin pool logical
volume devices show up in /sbin/lvs output just like normal logical
volumes do. Libvirt incorrectly assumes they are just normal logical
volumes and that they will have a corresponding /dev/vgname/lvname
device that has been created by udev and tries to use this device.

To illustrate here is an example of the /dev/vgname/ directory and
the lvs output for a normal lv, thin lv, and thin pool:

    LV     VG       Attr      LSize  Pool Origin Data%  Move Log Copy%  Convert
    lv     vgguests -wi-a----  1.00g
    pool   vgguests twi-a-tz- 11.00g               0.00
    thinlv vgguests Vwi-a-tz-  1.00g pool          0.00
total 0
lrwxrwxrwx. 1 root root 7 Oct  8 19:35 lv -> ../dm-7
lrwxrwxrwx. 1 root root 7 Oct  8 19:37 thinlv -> ../dm-6

This patch modifies virStorageBackendLogicalMakeVol() to ignore thin pool
devices.
2013-10-15 16:52:57 -04:00
Michal Privoznik
da716da3e4 domain_conf.c: Initialize arrVar and cntVar
Some ancient gcc fails to see the variables are initialized in a
separate function and a false positive is produced:

cc1: warnings being treated as errors
conf/domain_conf.c: In function 'virDomainChrGetDomainPtrs':
conf/domain_conf.c:10342: error: 'arrVar' may be used uninitialized in this function [-Wuninitialized]
conf/domain_conf.c:10343: error: 'cntVar' may be used uninitialized in this function [-Wuninitialized]
conf/domain_conf.c: In function 'virDomainChrInsert':
conf/domain_conf.c:10362: error: 'arrPtr' may be used uninitialized in this function [-Wuninitialized]
conf/domain_conf.c:10363: error: 'cntPtr' may be used uninitialized in this function [-Wuninitialized]
conf/domain_conf.c: In function 'virDomainChrRemove':
conf/domain_conf.c:10374: error: 'arrPtr' may be used uninitialized in this function [-Wuninitialized]
conf/domain_conf.c:10375: error: 'cntPtr' may be used uninitialized in this function [-Wuninitialized]

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-10-15 19:34:10 +02:00
Peter Krempa
f2eca83cb6 cpu: x86: Clean up error messages in x86VendorLoad()
Avoid a line exceeding 80 characters and change argument alignment in
two error messages.
2013-10-15 16:46:43 +02:00
Peter Krempa
6355e2630c cpu: x86: Use whitespace to clarify context and use consistent labels 2013-10-15 16:46:43 +02:00
Peter Krempa
25cbc13cd1 cpu: x86: Fix function header formatting and whitespace 2013-10-15 16:46:43 +02:00
Peter Krempa
57d27a84a3 cpu: x86: Fix return types of x86cpuidMatch and x86cpuidMatchMasked
These return boolean results.
2013-10-15 16:46:42 +02:00
Peter Krempa
1bda29d16d cpu: x86: Rename data_iterator and DATA_ITERATOR_INIT
Use virCPUx86DataIterator and virCPUx86DataIteratorInit.
2013-10-15 16:46:42 +02:00
Jiri Denemark
955be92773 cpu: x86: Rename x86DataAddCpuid as virCPUx86DataAddCPUID 2013-10-15 16:46:42 +02:00
Jiri Denemark
4a530268c0 cpu: x86: Rename x86MakeCPUData as virCPUx86MakeData 2013-10-15 16:46:42 +02:00
Jiri Denemark
a3e224e2d9 cpu: x86: Rename x86DataFree() as virCPUx86DataFree() 2013-10-15 16:46:42 +02:00
Jiri Denemark
0c63d12004 cpu: x86: Rename struct cpuX86Data as virCPUx86Data 2013-10-15 16:46:42 +02:00
Jiri Denemark
01fabe2eda cpu: x86: Rename struct cpuX86cpuid as virCPUx86CPUID 2013-10-15 16:46:42 +02:00
Jiri Denemark
376261d164 cpu: Add support for loading and storing CPU data
This patch adds cpuDataFormat and cpuDataParse APIs to be used in unit
tests for testing APIs that deal with virCPUData. In the x86 world, this
means we can now store/load arbitrary CPUID data in the test suite to
check correctness of CPU related APIs that could not be tested before.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
2013-10-15 16:46:41 +02:00
Peter Krempa
fe1bf917f9 qemu: command: Fix macro indentation 2013-10-15 16:46:41 +02:00
Peter Krempa
59ae97b4d5 conf: Mark user provided strings in error messages when parsing XML
Use apostrophes to denote user provided option names when parsing the
domain XML.
2013-10-15 16:43:41 +02:00
Hongwei Bi
dcd0f6d724 fix typo in lxc_driver.c and virsh-nodedev.c 2013-10-15 06:47:24 -06:00
Chen Hanxiao
521cec2aab cgroup: leave blkio cgroup value checking to kernel
The range of valid values for cgroup tunables has
changed in the past and may change again in future
kernels. Avoid hardcoding range checks in libvirt
code, delegating range checking to the kernel itself.

Signed-off-by: Chen Hanxiao <chenhanxiao@cn.fujitsu.com>
2013-10-15 12:22:07 +01:00
Chen Hanxiao
501476fccf cgroup: show error when EINVAL is returned
When EINVAL is returned while changing a cgroups value, tell
user that what values are invalid for the field.

Signed-off-by: Chen Hanxiao <chenhanxiao@cn.fujitsu.com>
2013-10-15 12:18:47 +01:00
Ryota Ozaki
e06d23fd65 vbox: handle 'saved' state of VMs
VirtualBox has 'saved' state for VMs saved by the hypervisor.
However, the state is treated as VIR_DOMAIN_NOSTATE by the vbox
driver, resulting that virsh shows 'no state' for saved VMs.

The fix treats the state as VIR_DOMAIN_SHUTOFF as same as
other domains such as qemu.

Signed-off-by: Ryota Ozaki <ozaki.ryota@gmail.com>
2013-10-15 12:03:29 +01:00
Ryota Ozaki
b98654fafd vbox: merge duplicate state conversions
The code for converting between virtualbox API states
and libvirt states was duplicated in two places. Pull
the code out into a shared helper method.

Signed-off-by: Ryota Ozaki <ozaki.ryota@gmail.com>
2013-10-15 12:02:57 +01:00
Geoff Hickey
842f6fd338 esx: Fix floppy.fileName handling in the vmx file parser
The vmx file parsing code was reporting errors when parsing floppy.fileName
entries if the filename didn't end in .flp. There is no such restriction in
ESX; even using the GUI to configure floppy filenames you can specify any
arbitrary file with any extension.

Fix by changing the vmx parsing code so that it uses the floppy.fileType
value to determine whether floppy.fileName refers to a block device or a
regular file.

Also remove code that would have generated an error if no floppy.fileName
was specified. This is not an error either.

Updated the floppy tests in vmx2xmltest.c and xml2vmxtest.c.
2013-10-15 11:39:02 +01:00
Ján Tomko
15fac93b95 Convert uuid to a string before printing it
Introduced by 1fa7946.

https://bugzilla.redhat.com/show_bug.cgi?id=1019023
2013-10-15 12:30:21 +02:00
Peter Krempa
342cd2dd1a xenapi: Fix build after const correctnes changes
In commit d24677090f the header of one of
the post parse callbacks was changed, but the function used as the
callback in the xenapi driver wasn't adapted. This resulted into:

  CC       xenapi/libvirt_driver_xenapi_la-xenapi_utils.lo
 xenapi/xenapi_driver.c:63:5: error: initialization from incompatible pointer type [-Werror]
 xenapi/xenapi_driver.c:63:5: error: (near initialization for 'xenapiDomainDefParserConfig.devicesPostParseCallback') [-Werror]
2013-10-15 10:36:41 +02:00
Eric Blake
33aec50684 maint: avoid 'const fooPtr' in all remaining places
'const fooPtr' is the same as 'foo * const' (the pointer won't
change, but it's contents can).  But in general, if an interface
is trying to be const-correct, it should be using 'const foo *'
(the pointer is to data that can't be changed).

Fix up all remaining offenders.

* src/lxc/lxc_process.c (virLXCProcessSetupInterfaceBridged): Drop
needless const.
* src/uml/uml_driver.c (umlMonitorCommand): Use intended type.
(umlMonitorAddress): Fix fallout.
* src/xen/xm_internal.c (xenXMDomainSearchForUUID): Use intended type.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-10-14 14:34:38 -06:00
Eric Blake
9a520a591d maint: avoid 'const fooPtr' in qemu
'const fooPtr' is the same as 'foo * const' (the pointer won't
change, but it's contents can).  But in general, if an interface
is trying to be const-correct, it should be using 'const foo *'
(the pointer is to data that can't be changed).

Fix up offenders in src/qemu.

* src/qemu/qemu_bridge_filter.h (networkAllowMacOnPort)
(networkDisallowMacOnPort): Use intended type.
* src/qemu/qemu_bridge_filter.c (networkAllowMacOnPort)
(networkDisallowMacOnPort): Likewise.
* src/qemu/qemu_command.c (qemuBuildTPMBackendStr)
(qemuBuildTPMDevStr, qemuBuildCpuArgStr)
(qemuBuildObsoleteAccelArg, qemuBuildMachineArgStr)
(qemuBuildSmpArgStr, qemuBuildNumaArgStr): Likewise.
* src/qemu/qemu_conf.c (qemuSharedDeviceEntryCopy): Likewise.
* src/qemu/qemu_driver.c (qemuDomainSaveImageStartVM): Likewise.
* src/qemu/qemu_hostdev.c
(qemuDomainHostdevNetConfigVirtPortProfile): Likewise.
* src/qemu/qemu_monitor_json.c
(qemuMonitorJSONAttachCharDevCommand): Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-10-14 14:34:38 -06:00
Eric Blake
84e8091796 maint: avoid 'const fooPtr' in security
'const fooPtr' is the same as 'foo * const' (the pointer won't
change, but it's contents can).  But in general, if an interface
is trying to be const-correct, it should be using 'const foo *'
(the pointer is to data that can't be changed).

Fix up offenders in src/security.

* src/security/security_apparmor.c (reload_profile)
(AppArmorSetSecurityHostdevLabelHelper)
(AppArmorReleaseSecurityLabel, AppArmorRestoreSecurityAllLabel)
(AppArmorSetSecurityProcessLabel)
(AppArmorSetSecurityChildProcessLabel)
(AppArmorSetSecurityImageLabel, AppArmorSecurityVerify)
(AppArmorSetSecurityHostdevLabel)
(AppArmorRestoreSecurityHostdevLabel, AppArmorSetFDLabel): Drop
needless const.
* src/security/security_selinux.c
(virSecuritySELinuxSetSecurityFileLabel): Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-10-14 14:34:38 -06:00
Eric Blake
539a9faeec maint: avoid 'const fooPtr' in conf
'const fooPtr' is the same as 'foo * const' (the pointer won't
change, but it's contents can).  But in general, if an interface
is trying to be const-correct, it should be using 'const foo *'
(the pointer is to data that can't be changed).

Fix up remaining offenders in src/conf, and their fallout.

* src/conf/snapshot_conf.h (virDomainSnapshotAssignDef)
(virDomainSnapshotFindByName): Drop attempt at const.
* src/conf/interface_conf.h (virInterfaceObjIsActive)
(virInterfaceDefFormat): Use intended type.
(virInterfaceFindByMACString, virInterfaceFindByName)
(virInterfaceAssignDef, virInterfaceRemove): Drop attempt at
const.
* src/conf/network_conf.h (virNetworkObjIsActive)
(virNetworkDefFormat, virNetworkDefForwardIf)
(virNetworkDefGetIpByIndex, virNetworkIpDefPrefix)
(virNetworkIpDefNetmask): Use intended type.
(virNetworkFindByUUID, virNetworkFindByName, virNetworkAssignDef)
(virNetworkObjAssignDef, virNetworkRemoveInactive)
(virNetworkBridgeInUse, virNetworkSetBridgeName)
(virNetworkAllocateBridge): Drop attempt at const.
* src/conf/netdev_vlan_conf.h (virNetDevVlanFormat): Make
const-correct.
* src/conf/node_device_conf.h (virNodeDeviceHasCap)
(virNodeDeviceDefFormat): Use intended type.
(virNodeDeviceFindByName, virNodeDeviceFindBySysfsPath)
(virNodeDeviceAssignDef, virNodeDeviceObjRemove)
(virNodeDeviceGetParentHost): Drop attempt at const.
* src/conf/secret_conf.h (virSecretDefFormat): Use intended type.
* src/conf/snapshot_conf.c (virDomainSnapshotAssignDef)
(virDomainSnapshotFindByName): Fix fallout.
* src/conf/interface_conf.c (virInterfaceBridgeDefFormat)
(virInterfaceBondDefFormat, virInterfaceVlanDefFormat)
(virInterfaceProtocolDefFormat, virInterfaceDefDevFormat)
(virInterfaceDefFormat, virInterfaceFindByMACString)
(virInterfaceFindByName, virInterfaceAssignDef)
(virInterfaceRemove): Likewise.
* src/conf/network_conf.c
(VIR_ENUM_IMPL, virNetworkFindByName, virNetworkObjAssignDef)
(virNetworkAssignDef, virNetworkRemoveInactive)
(virNetworkDefGetIpByIndex, virNetworkIpDefPrefix)
(virNetworkIpDefNetmask, virNetworkDHCPHostDefParseXML)
(virNetworkIpDefFormat, virNetworkRouteDefFormat)
(virPortGroupDefFormat, virNetworkForwardNatDefFormat)
(virNetworkDefFormatInternal, virNetworkBridgeInUse)
(virNetworkAllocateBridge, virNetworkSetBridgeName)
(virNetworkDNSDefFormat, virNetworkDefFormat): Likewise.
* src/conf/netdev_vlan_conf.c (virNetDevVlanFormat): Likewise.
* src/conf/node_device_conf.c (virNodeDeviceHasCap)
(virNodeDeviceFindBySysfsPath, virNodeDeviceFindByName)
(virNodeDeviceAssignDef, virNodeDeviceObjRemove)
(virNodeDeviceDefFormat, virNodeDeviceGetParentHost): Likewise.
* src/conf/secret_conf.c (virSecretDefFormatUsage)
(virSecretDefFormat): Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-10-14 14:34:38 -06:00
Eric Blake
d24677090f maint: avoid 'const fooPtr' in domain_conf
'const fooPtr' is the same as 'foo * const' (the pointer won't
change, but it's contents can).  But in general, if an interface
is trying to be const-correct, it should be using 'const foo *'
(the pointer is to data that can't be changed).

Fix up offenders in src/conf/domain_conf, and their fallout.

Several things to note: virObjectLock() requires a non-const
argument; if this were C++, we could treat the locking field
as 'mutable' and allow locking an otherwise 'const' object, but
that is a more invasive change, so I instead dropped attempts
to be const-correct on domain lookup.  virXMLPropString and
friends require a non-const xmlNodePtr - this is because libxml2
is not a const-correct library.  We could make the src/util/virxml
wrappers cast away const, but I figured it was easier to not
try to mark xmlNodePtr as const.  Finally, virDomainDeviceDefCopy
was a rather hard conversion - it calls virDomainDeviceDefPostParse,
which in turn in the xen driver was actually modifying the domain
outside of the current device being visited.  We should not be
adding a device on the first per-device callback, but waiting until
after all per-device callbacks are complete.

* src/conf/domain_conf.h (virDomainObjListFindByID)
(virDomainObjListFindByUUID, virDomainObjListFindByName)
(virDomainObjAssignDef, virDomainObjListAdd): Drop attempt at
const.
(virDomainDeviceDefCopy): Use intended type.
(virDomainDeviceDefParse, virDomainDeviceDefPostParseCallback)
(virDomainVideoDefaultType, virDomainVideoDefaultRAM)
(virDomainChrGetDomainPtrs): Make const-correct.
* src/conf/domain_conf.c (virDomainObjListFindByID)
(virDomainObjListFindByUUID, virDomainObjListFindByName)
(virDomainDeviceDefCopy, virDomainObjListAdd)
(virDomainObjAssignDef, virDomainHostdevSubsysUsbDefParseXML)
(virDomainHostdevSubsysPciOrigStatesDefParseXML)
(virDomainHostdevSubsysPciDefParseXML)
(virDomainHostdevSubsysScsiDefParseXML)
(virDomainControllerModelTypeFromString)
(virDomainTPMDefParseXML, virDomainTimerDefParseXML)
(virDomainSoundCodecDefParseXML, virDomainSoundDefParseXML)
(virDomainWatchdogDefParseXML, virDomainRNGDefParseXML)
(virDomainMemballoonDefParseXML, virDomainNVRAMDefParseXML)
(virSysinfoParseXML, virDomainVideoAccelDefParseXML)
(virDomainVideoDefParseXML, virDomainHostdevDefParseXML)
(virDomainRedirdevDefParseXML)
(virDomainRedirFilterUsbDevDefParseXML)
(virDomainRedirFilterDefParseXML, virDomainIdMapEntrySort)
(virDomainIdmapDefParseXML, virDomainVcpuPinDefParseXML)
(virDiskNameToBusDeviceIndex, virDomainDeviceDefCopy)
(virDomainVideoDefaultType, virDomainHostdevAssignAddress)
(virDomainDeviceDefPostParseInternal, virDomainDeviceDefPostParse)
(virDomainChrGetDomainPtrs, virDomainControllerSCSINextUnit)
(virDomainSCSIDriveAddressIsUsed)
(virDomainDriveAddressIsUsedByDisk)
(virDomainDriveAddressIsUsedByHostdev): Fix fallout.
* src/openvz/openvz_driver.c (openvzDomainDeviceDefPostParse):
Likewise.
* src/libxl/libxl_domain.c (libxlDomainDeviceDefPostParse):
Likewise.
* src/qemu/qemu_domain.c (qemuDomainDeviceDefPostParse)
(qemuDomainDefaultNetModel): Likewise.
* src/lxc/lxc_domain.c (virLXCDomainDeviceDefPostParse):
Likewise.
* src/uml/uml_driver.c (umlDomainDeviceDefPostParse): Likewise.
* src/xen/xen_driver.c (xenDomainDeviceDefPostParse): Split...
(xenDomainDefPostParse): ...since per-device callback is not the
time to be adding a device.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-10-14 14:34:38 -06:00
Eric Blake
f8fa2b3e3a maint: fix awkward typing of virDomainChrGetDomainPtrs
virDomainChrGetDomainPtrs() required 4 levels of pointers (taking
a parameter that will be used as an output variable to return the
address of another variable that contains an array of pointers).
This is rather complex to reason about, especially when outside
of the domain_conf file, no other caller should be modifying
the resulting array of pointers directly.  Changing the public
signature gives something is easier to reason with, and actually
make const-correct; which is important as it was the only function
that was blocking virDomainDeviceDefCopy from treating its source
as const.

* src/conf/domain_conf.h (virDomainChrGetDomainPtrs): Use simpler
types, and make const-correct for external users.
* src/conf/domain_conf.c (virDomainChrGetDomainPtrs): Split...
(virDomainChrGetDomainPtrsInternal): ...into an internal version
that lets us modify terms, vs. external form that is read-only.
(virDomainDeviceDefPostParseInternal, virDomainChrFind)
(virDomainChrInsert): Adjust callers.
* src/qemu/qemu_command.c (qemuGetNextChrDevIndex): Adjust caller.
(qemuDomainDeviceAliasIndex): Make const-correct.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-10-14 14:34:37 -06:00
Eric Blake
1b7ec657c5 maint: avoid 'const fooPtr' in nwfilter files
'const fooPtr' is the same as 'foo * const' (the pointer won't
change, but it's contents can).  But in general, if an interface
is trying to be const-correct, it should be using 'const foo *'
(the pointer is to data that can't be changed).

Fix up offenders in nwfilter code.

This patch does nothing about the stupidity evident in having
__virNWFilterInstantiateFilter, _virNWFilterInstantiateFilter,
and virNWFilterInstantiateFilter, which differ only by leading
underscores, and which infringes on the namespace reserved to
the implementation - that would need to be a separate cleanup.

* src/nwfilter/nwfilter_dhcpsnoop.h (virNWFilterDHCPSnoopReq): Use
intended type.
* src/nwfilter/nwfilter_gentech_driver.h
(virNWFilterInstantiateFilter)
(virNWFilterUpdateInstantiateFilter)
(virNWFilterInstantiataeFilterLate, virNWFilterTeardownFilter)
(virNWFilterCreateVarHashmap): Likewise.
* src/nwfilter/nwfilter_learnipaddr.h (virNWFilterLearnIPAddress):
Likewise.
* src/conf/nwfilter_conf.h (virNWFilterApplyBasicRules)
(virNWFilterApplyDHCPOnlyRules): Likewise.
(virNWFilterDefFormat): Make const-correct.
* src/conf/nwfilter_params.h (virNWFilterVarValueCopy)
(virNWFilterVarValueGetSimple, virNWFilterVarValueGetCardinality)
(virNWFilterVarValueEqual, virNWFilterVarAccessEqual)
(virNWFilterVarAccessGetVarName, virNWFilterVarAccessGetType)
(virNWFilterVarAccessGetIterId, virNWFilterVarAccessGetIndex)
(virNWFilterVarAccessIsAvailable)
(virNWFilterVarCombIterGetVarValue): Use intended type.
(virNWFilterVarValueGetNthValue): Make const-correct.
* src/nwfilter/nwfilter_dhcpsnoop.c (virNWFilterSnoopReqLeaseDel)
(virNWFilterSnoopIFKeyFMT, virNWFilterDHCPSnoopReq)
(virNWFilterSnoopPruneIter, virNWFilterSnoopRemAllReqIter)
(virNWFilterDHCPSnoopReq): Fix fallout.
* src/nwfilter/nwfilter_gentech_driver.c
(virNWFilterVarHashmapAddStdValues, virNWFilterCreateVarHashmap)
(virNWFilterInstantiate, __virNWFilterInstantiateFilter)
(_virNWFilterInstantiateFilter, virNWFilterInstantiateFilterLate)
(virNWFilterInstantiateFilter)
(virNWFilterUpdateInstantiateFilter)
(virNWFilterRollbackUpdateFilter, virNWFilterTeardownFilter):
Likewise.
* src/nwfilter/nwfilter_learnipaddr.c (virNWFilterLearnIPAddress):
Likewise.
* src/conf/nwfilter_params.c (virNWFilterVarValueCopy)
(virNWFilterVarValueGetSimple)
(virNWFilterVarValueGetCardinality, virNWFilterVarValueEqual)
(virNWFilterVarCombIterAddVariable)
(virNWFilterVarCombIterGetVarValue, virNWFilterVarValueCompare)
(virNWFilterFormatParamAttributes, virNWFilterVarAccessEqual)
(virNWFilterVarAccessGetVarName, virNWFilterVarAccessGetType)
(virNWFilterVarAccessGetIterId, virNWFilterVarAccessGetIndex)
(virNWFilterVarAccessGetIntIterId)
(virNWFilterVarAccessIsAvailable)
(virNWFilterVarValueGetNthValue): Likewise.
* src/nwfilter/nwfilter_ebiptables_driver.c (ebtablesApplyBasicRules)
(ebtablesApplyDHCPOnlyRules, ebiptablesRuleOrderSort)
(ebiptablesRuleOrderSortPtr): Likewise.
* src/conf/nwfilter_conf.c (virNWFilterDefEqual)
(virNWFilterDefFormat): Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-10-14 13:13:18 -06:00
Eric Blake
d694ae0c55 maint: avoid 'const fooPtr' in cpu files
'const fooPtr' is the same as 'foo * const' (the pointer won't
change, but it's contents can).  But in general, if an interface
is trying to be const-correct, it should be using 'const foo *'
(the pointer is to data that can't be changed).

Fix up offenders in src/cpu.

* src/cpu/cpu.h (cpuArchDecode, cpuArchEncode, cpuArchUpdate)
(cpuArchHasFeature, cpuDecode, cpuEncode, cpuUpdate)
(cpuHasFeature): Use intended type.
* src/conf/cpu_conf.h (virCPUDefCopyModel, virCPUDefCopy):
Likewise.
(virCPUDefParseXML): Drop const.
* src/cpu/cpu.c (cpuDecode, cpuEncode, cpuUpdate, cpuHasFeature):
Fix fallout.
* src/cpu/cpu_x86.c (x86ModelFromCPU, x86ModelSubtractCPU)
(x86DecodeCPUData, x86EncodePolicy, x86Encode, x86UpdateCustom)
(x86UpdateHostModel, x86Update, x86HasFeature): Likewise.
* src/cpu/cpu_s390.c (s390Decode): Likewise.
* src/cpu/cpu_arm.c (ArmDecode): Likewise.
* src/cpu/cpu_powerpc.c (ppcModelFromCPU, ppcCompute, ppcDecode)
(ppcUpdate): Likewise.
* src/conf/cpu_conf.c (virCPUDefCopyModel, virCPUDefCopy)
(virCPUDefParseXML): Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-10-14 13:11:20 -06:00
Eric Blake
955af4d4c1 maint: avoid 'const fooPtr' in virnet files
'const fooPtr' is the same as 'foo * const' (the pointer won't
change, but it's contents can).  But in general, if an interface
is trying to be const-correct, it should be using 'const foo *'
(the pointer is to data that can't be changed).

Fix up remaining offenders in src/util.

* src/util/virnetdev.h (virNetDevSetMAC)
(virNetDevReplaceMacAddress, virNetDevValidateConfig)
(virNetDevReplaceNetConfig): Use intended type.
* src/util/virnetdevbandwidth.h (virNetDevBandwidthCopy)
(virNetDevBandwidthPlug): Likewise.
* src/util/virnetdevmacvlan.h (virNetDevMacVLanCreate)
(virNetDevMacVLanCreateWithVPortProfile)
(virNetDevMacVLanDeleteWithVPortProfile)
(virNetDevMacVLanRestartWithVPortProfile)
(virNetDevMacVLanVPortProfileRegisterCallback): Likewise.
* src/util/virnetdevopenvswitch.h (virNetDevOpenvswitchAddPort):
Likewise.
* src/util/virnetdevtap.h (virNetDevTapCreateInBridgePort):
Likewise.
* src/util/virnetdevvlan.h (virNetDevVlanEqual)
(virNetDevVlanCopy): Likewise.
* src/util/virnetdevvportprofile.h
(virNetDevVPortProfileAssociate)
(virNetDevVPortProfileDisassociate): Likewise.
* src/util/virnetlink.h (virNetlinkEventRemoveCallback)
(virNetlinkEventAddClient, virNetlinkEventRemoveClient):
Likewise.
* src/util/virnetdev.c (virNetDevSetMAC)
(virNetDevReplaceMacAddress, virNetDevValidateConfig)
(virNetDevReplaceNetConfig): Fix fallout.
* src/util/virnetdevbandwidth.c (virNetDevBandwidthCopy)
(virNetDevBandwidthPlug): Likewise.
* src/util/virnetdevmacvlan.c (virNetDevMacVLanCreate)
(virNetDevMacVLanCreateWithVPortProfile)
(virNetDevMacVLanDeleteWithVPortProfile)
(virNetDevMacVLanRestartWithVPortProfile)
(virNetDevMacVLanVPortProfileRegisterCallback): Likewise.
* src/util/virnetdevopenvswitch.c (virNetDevOpenvswitchAddPort):
Likewise.
* src/util/virnetdevtap.c (virNetDevTapCreateInBridgePort):
Likewise.
* src/util/virnetdevvlan.c (virNetDevVlanEqual)
(virNetDevVlanCopy): Likewise.
* src/util/virnetdevvportprofile.c
(virNetDevVPortProfileAssociate)
(virNetDevVPortProfileDisassociate)
(virNetDevVPortProfileOpSetLink, virNetDevVPortProfileOpCommon)
(virNetDevVPortProfileOp8021Qbg, virNetDevVPortProfileOp8021Qbh):
Likewise.
* src/util/virnetlink.c (virNetlinkEventRemoveCallback)
(virNetlinkEventAddClient, virNetlinkEventRemoveClient):
Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-10-14 13:05:34 -06:00
Eric Blake
1b0bc4169f maint: avoid 'const fooPtr' in several util files
'const fooPtr' is the same as 'foo * const' (the pointer won't
change, but it's contents can).  But in general, if an interface
is trying to be const-correct, it should be using 'const foo *'
(the pointer is to data that can't be changed).

Fix up offenders in src/util outside of the virnet namespace.

Also, make a few virSocketAddr functions const-correct, for easier
conversions in future patches.

* src/util/virbuffer.h (virBufferError, virBufferUse)
(virBufferGetIndent): Use intended type.
* src/util/virmacaddr.h (virMacAddrCmp, virMacAddrCmpRaw)
(virMacAddrSet, virMcAddrFormat, virMacAddrIsUnicast)
(virMacAddrIsMulticast): Likewise.
* src/util/virebtables.h (ebtablesAddForwardAllowIn)
(ebtablesRemoveForwardAllowIn): Likewise.
* src/util/virsocketaddr.h (virSocketAddrSetIPv4Addr): Drop
incorrect const.
(virMacAddrGetRaw, virSocketAddrFormat, virSocketAddrFormatFull):
Make const-correct.
(virSocketAddrMask, virSocketAddrMaskByPrefix)
(virSocketAddrBroadcast, virSocketAddrBroadcastByPrefix)
(virSocketAddrGetNumNetmaskBits, virSocketAddrGetIpPrefix)
(virSocketAddrEqual, virSocketAddrIsPrivate)
(virSocketAddrIsWildcard): Use intended type.
* src/util/virbuffer.c (virBufferError, virBufferUse)
(virBufferGetIndent): Fix fallout.
* src/util/virmacaddr.c (virMacAddrCmp, virMacAddrCmpRaw)
(virMacAddrSet, virMcAddrFormat, virMacAddrIsUnicast)
(virMacAddrIsMulticast): Likewise.
* src/util/virebtables.c (ebtablesAddForwardAllowIn)
(ebtablesRemoveForwardAllowIn): Likewise.
* src/util/virsocketaddr.c (virSocketAddrMask, virMacAddrGetRaw)
(virSocketAddrMaskByPrefix, virSocketAddrBroadcast)
(virSocketAddrBroadcastByPrefix, virSocketAddrGetNumNetmaskBits)
(virSocketAddrGetIpPrefix, virSocketAddrEqual)
(virSocketAddrIsPrivate, virSocketAddrIsWildcard)
(virSocketAddrGetIPv4Addr, virSocketAddrGetIPv6Addr)
(virSocketAddrFormat, virSocketAddrFormatFull): Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-10-14 13:02:18 -06:00
Eric Blake
b43efdaa13 maint: avoid 'const fooPtr' in hashes
'const fooPtr' is the same as 'foo * const' (the pointer won't
change, but it's contents can).  But in general, if an interface
is trying to be const-correct, it should be using 'const foo *'
(the pointer is to data that can't be changed).

Fix up virhash to provide a const-correct interface: all actions
that don't modify the table take a const table.  Note that in
one case (virHashSearch), we actually strip const away - we aren't
modifying the contents of the table, so much as associated data
for ensuring that the code uses the table correctly (if this were
C++, it would be a case for the 'mutable' keyword).

* src/util/virhash.h (virHashKeyComparator, virHashEqual): Use
intended type.
(virHashSize, virHashTableSize, virHashLookup, virHashSearch):
Make const-correct.
* src/util/virhash.c (virHashEqualData, virHashEqual)
(virHashLookup, virHashSize, virHashTableSize, virHashSearch)
(virHashComputeKey): Fix fallout.
* src/conf/nwfilter_params.c
(virNWFilterFormatParameterNameSorter): Likewise.
* src/nwfilter/nwfilter_ebiptables_driver.c
(ebiptablesFilterOrderSort): Likewise.
* tests/virhashtest.c (testHashGetItemsCompKey)
(testHashGetItemsCompValue): Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-10-14 11:40:24 -06:00
Daniel P. Berrange
5a1cb1075a Improve log filtering in virLXCProcessReadLogOutputData
Make the virLXCProcessReadLogOutputData method ignore the log
lines about the container startup argv, ignore the generic
error message from libvirt_lxc when lxcContainerMain fails
and skip over blank lines.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-14 15:38:20 +01:00
Daniel P. Berrange
01100c7f60 Ensure lxcContainerResolveSymlinks reports errors
The lxcContainerResolveSymlinks method merely logged some errors
as debug messages, rather than reporting them as proper errors.
This meant startup failures were not diagnosed at all.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-14 15:38:20 +01:00
Daniel P. Berrange
558546fb8f Ensure lxcContainerMain reports errors on stderr
Ensure the lxcContainerMain method reports any errors that
occur during setup to stderr, where libvirtd will pick them
up.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-14 15:38:20 +01:00
Doug Goldstein
541a761bc9 VMX: Serial devices don't have to be attached
Serial devices don't necessarily have to be attached to an output to be
shown to the guest.
2013-10-14 09:18:52 -05:00
Doug Goldstein
604065a339 Revert "VMX: Some serial ports are not actually connected"
This reverts commit dba04e7fa0.
This change was unfortunately not correct. We should have been
changing the boolean argument supplied.
2013-10-14 09:18:52 -05:00
Peter Krempa
7df5093f67 qemu: snapshot: Add support for compressing external snapshot memory
The regular save image code has the support to compress images using a
specified algorithm. This was not implemented for external checkpoints
although it shares most of the backend code.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1017227
2013-10-14 15:54:19 +02:00
Peter Krempa
550cae847b qemu: managedsave: Add support for compressing managed save images
The regular save image code has the support to compress images using a
specified algorithm. This was not implemented for managed save although
it shares most of the backend code.
2013-10-14 15:36:57 +02:00
Daniel P. Berrange
97973ebb7a Initialize threading & error layer in LXC controller
In Fedora 20, libvirt_lxc crashes immediately at startup with a
trace

 #0  0x00007f0cddb653ec in free () from /lib64/libc.so.6
 #1  0x00007f0ce0e16f4a in virFree (ptrptr=ptrptr@entry=0x7f0ce1830058) at util/viralloc.c:580
 #2  0x00007f0ce0e2764b in virResetError (err=0x7f0ce1830030) at util/virerror.c:354
 #3  0x00007f0ce0e27a5a in virResetLastError () at util/virerror.c:387
 #4  0x00007f0ce0e28858 in virEventRegisterDefaultImpl () at util/virevent.c:233
 #5  0x00007f0ce0db47c6 in main (argc=11, argv=0x7fff4596c328) at lxc/lxc_controller.c:2352

Normally virInitialize calls virErrorInitialize and
virThreadInitialize, but we don't link to libvirt.so
in libvirt_lxc, and nor did we ever call the error
or thread initializers.

I have absolutely no idea how this has ever worked, let alone
what caused it to stop working in Fedora 20.

In addition not all code paths from virLogSetFromEnv will
ensure virLogInitialize is called correctly, which is another
possible crash scenario.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-14 12:16:23 +01:00
Daniel P. Berrange
6bd8860001 Don't ignore all dbus connection errors
Previous commit

  commit 7ada155cdf
  Author: Gao feng <gaofeng@cn.fujitsu.com>
  Date:   Wed Sep 11 11:15:02 2013 +0800

    DBus: introduce virDBusIsServiceEnabled

Made the cgroups code fallback to non-systemd based setup
when dbus is not running. It was too big a hammer though,
as it did not check what error code was received when the
dbus connection failed. Thus it silently ignored serious
errors from dbus such as "too many client connections",
which should always be treated as fatal.

We only want to ignore errors if the dbus unix socket does
not exist, or if nothing is listening on it.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-14 10:33:10 +01:00
Daniel P. Berrange
1815e2d081 Improve error reporting with LXC controller
The LXC code would read the log file if an LXC guest failed to
startup. There were a number of failure cases where the guest
will not start and libvirtd never gets as far as looking at the
log file.

Fix this by replacing some earlier generic errors with messages
from the log.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-14 10:33:07 +01:00
Daniel P. Berrange
13c011c337 Fix exit status of lxc controller
The LXC controller main() method initialized 'rc' to 1
rather than '-1'. In the cleanup path it will print any
error to stderr, if-and-only-if rc < 0. Hence the incorrect
initialization caused errors to be lost.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-14 10:31:01 +01:00
Daniel P. Berrange
5787f0b95e Fix flaw in detecting log format
The log message regex has been

[0-9]{4}-[0-9]{2}-[0-9]{2} [0-9]{2}:[0-9]{2}:[0-9]{2}\.[0-9]{3}\+[0-9]{4}: [0-9]+: debug|info|warning|error :

The precedence of '|' is high though, so this is equivalent to matching

   [0-9]{4}-[0-9]{2}-[0-9]{2} [0-9]{2}:[0-9]{2}:[0-9]{2}\.[0-9]{3}\+[0-9]{4}: [0-9]+: debug

Or

   info

Or

   warning

Or

   error :

Which is clearly not what it should have done. This caused the code to
skip over things which are not log messages. The solution is to simply
add brackets.

A test case is also added to validate correctness.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-14 10:31:01 +01:00
Daniel P. Berrange
ae9a0485ae Make LXC controller use a private dbus connection & close it
The LXC controller uses dbus to talk to systemd to create
cgroups. This means that each LXC controller instance has
a dbus connection. The DBus daemon is limited to 256
connections by default and we want to be able to run many
1000 of containers.

While the dbus limit could be raised in the config files,
it is simpler to make libvirt LXC controller close its
dbus connection once everything is configured.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-14 10:31:01 +01:00
Daniel P. Berrange
489beb0aba Add a method for closing the dbus system bus connection
If the dbus system bus connection is marked as private, then
allow it to be closed.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-14 10:31:01 +01:00
Daniel P. Berrange
0cb774f051 Allow use of a private dbus bus connection
The dbus_bus_get() function returns a shared bus connection that
all libraries in a process can use. You are forbidden from calling
close on this connection though, since you can never know if any
other code might be using it.

Add an option to use private dbus bus connections, if the app
wants to be able to close the connection.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-14 10:31:01 +01:00
Chen Hanxiao
2c9ccd1e0c lxc: Fix an improper comment in lxc_process.c
Fix the improper comment for the "release" hook.

Signed-off-by: Chen Hanxiao <chenhanxiao@cn.fujitsu.com>
2013-10-14 16:15:14 +08:00
Hongwei Bi
3a49c34ace nwfilter: fix a typo in nwfilter_gentech_driver.c
s/occcurred/occurred
2013-10-11 08:29:05 -06:00
Doug Goldstein
2f776d4979 rpc: Fix getsockopt on Snow Leopard and lower
Since 5a468b38b6 we use SOL_LOCAL for the 2nd argument of getsockopt()
however Lion added the define SOL_LOCAL set to 0, which is the value to
the 2nd argument of getsockopt() for Unix sockets on Mac OS X. So
instead of using the define just pass 0 so we restore compatibility
with Snow Leopard and Leopard.

Reported at https://github.com/mxcl/homebrew/pull/23141
2013-10-11 09:22:57 -05:00
Doug Goldstein
fa23f9fcbb VMware: Do version detection earlier
Do VMware version detection earlier as future patches will need the
version information to populate capabilities correctly.
2013-10-11 09:10:23 -05:00
Doug Goldstein
9e7cfcb7db VMware: Simplify array walk for driver type
Rather than walking the possible driver backends by handle, use a helper
function. Additionally I've done a bit of refactoring in the code over
the past few commits so add myself to the copyright line.
2013-10-11 09:10:23 -05:00
Michal Privoznik
be65186044 qemu: Include listenAddress in debug prints
After my patches, some functions gained one more argument
(@listenAddress) which wasn't included in debug printing of
arguments they were called with. Functions in question are:
qemuMigrationPrepareDirect and qemuMigrationPerform.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-10-11 15:19:23 +02:00
Michal Privoznik
c7ac2519b7 qemu_migration: Avoid crashing if domain dies too quickly
I've noticed a SIGSEGV-ing libvirtd on the destination when the qemu
died too quickly = in Prepare phase. What is happening here is:

1) [Thread 3493] We are in qemuMigrationPrepareAny() and calling
qemuProcessStart() which subsequently calls qemuProcessWaitForMonitor()
and qemuConnectMonitor(). So far so good. The qemuMonitorOpen()
succeeds, however switching monitor to QMP mode fails as qemu died
meanwhile. That is qemuMonitorSetCapabilities() returns -1.

2013-10-08 15:54:10.629+0000: 3493: debug : qemuMonitorSetCapabilities:1356 : mon=0x14a53da0
2013-10-08 15:54:10.630+0000: 3493: debug : qemuMonitorJSONCommandWithFd:262 : Send command '{"execute":"qmp_capabilities","id":"libvirt-1"}' for write with FD -1
2013-10-08 15:54:10.630+0000: 3493: debug : virEventPollUpdateHandle:147 : EVENT_POLL_UPDATE_HANDLE: watch=17 events=13
...
2013-10-08 15:54:10.631+0000: 3493: debug : qemuMonitorSend:956 : QEMU_MONITOR_SEND_MSG: mon=0x14a53da0 msg={"execute":"qmp_capabilities","id":"libvirt-1"}
 fd=-1
2013-10-08 15:54:10.631+0000: 3262: debug : virEventPollRunOnce:641 : Poll got 1 event(s)

2) [Thread 3262] The event loop is trying to do the talking to monitor.
However, qemu is dead already, remember?

2013-10-08 15:54:13.436+0000: 3262: error : qemuMonitorIORead:551 : Unable to read from monitor: Connection reset by peer
2013-10-08 15:54:13.516+0000: 3262: debug : virFileClose:90 : Closed fd 25
...
2013-10-08 15:54:13.533+0000: 3493: debug : qemuMonitorSend:968 : Send command resulted in error internal error: early end of file from monitor: possible problem:

3) [Thread 3493] qemuProcessStart() failed. No big deal. Go to the
'endjob' label and subsequently to the 'cleanup'. Since the domain is
not persistent and ret is -1, the qemuDomainRemoveInactive() is called.
This has an (unpleasant) effect of virObjectUnref()-in the @vm object.
Unpleasant because the event loop which is about to trigger EOF callback
still holds a pointer to the @vm (not the reference). See the valgrind
output below.

4) [Thread 3262] So the event loop starts triggering EOF:

2013-10-08 15:54:13.542+0000: 3262: debug : qemuMonitorIO:729 : Triggering EOF callback
2013-10-08 15:54:13.543+0000: 3262: debug : qemuProcessHandleMonitorEOF:294 : Received EOF on 0x14549110 'migt10'

And the monitor is cleaned up. This results in calling
qemuProcessHandleMonitorEOF with the @vm pointer passed. The pointer is
kept in qemuMonitor struct.

==3262== Thread 1:
==3262== Invalid read of size 4
==3262==    at 0x77ECCAA: pthread_mutex_lock (in /lib64/libpthread-2.15.so)
==3262==    by 0x52FAA06: virMutexLock (virthreadpthread.c:85)
==3262==    by 0x52E3891: virObjectLock (virobject.c:320)
==3262==    by 0x11626743: qemuProcessHandleMonitorEOF (qemu_process.c:296)
==3262==    by 0x11642593: qemuMonitorIO (qemu_monitor.c:730)
==3262==    by 0x52BD526: virEventPollDispatchHandles (vireventpoll.c:501)
==3262==    by 0x52BDD49: virEventPollRunOnce (vireventpoll.c:648)
==3262==    by 0x52BBC68: virEventRunDefaultImpl (virevent.c:274)
==3262==    by 0x542D3D9: virNetServerRun (virnetserver.c:1112)
==3262==    by 0x11F368: main (libvirtd.c:1513)
==3262==  Address 0x14549128 is 24 bytes inside a block of size 136 free'd
==3262==    at 0x4C2AF5C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==3262==    by 0x529B1FF: virFree (viralloc.c:580)
==3262==    by 0x52E3703: virObjectUnref (virobject.c:270)
==3262==    by 0x531557E: virDomainObjListRemove (domain_conf.c:2355)
==3262==    by 0x1160E899: qemuDomainRemoveInactive (qemu_domain.c:2061)
==3262==    by 0x1163A0C6: qemuMigrationPrepareAny (qemu_migration.c:2450)
==3262==    by 0x1163A923: qemuMigrationPrepareDirect (qemu_migration.c:2626)
==3262==    by 0x11682D71: qemuDomainMigratePrepare3Params (qemu_driver.c:10309)
==3262==    by 0x53B0976: virDomainMigratePrepare3Params (libvirt.c:7266)
==3262==    by 0x1502D3: remoteDispatchDomainMigratePrepare3Params (remote.c:4797)
==3262==    by 0x12DECA: remoteDispatchDomainMigratePrepare3ParamsHelper (remote_dispatch.h:5741)
==3262==    by 0x54322EB: virNetServerProgramDispatchCall (virnetserverprogram.c:435)

The mon->vm is set in qemuMonitorOpenInternal() which is the correct
place to increase @vm ref counter. The correct place to decrease the ref
counter is then qemuMonitorDispose().

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-10-11 14:55:51 +02:00
Bing Bu Cao
19e7c04dce util: fix two virCompareLimitUlong bugs
The helper function virCompareLimitUlong compares limit values,
where value of 0 is equal to unlimited. If the latter parameter is 0,
it should return -1 instead of 1, hence the user can only set hard_limit when
swap_hard_limit currently is unlimited.

Worse, all callers pass 2 64-bit values, but on 32-bit platforms,
the second argument was silently truncated to 32 bits, which
could lead to incorrect computations.

Signed-off-by: Bing Bu Cao <mars@linux.vnet.ibm.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2013-10-11 06:34:18 -06:00
Daniel P. Berrange
1fb4d8923f Move virNetDevVPort enum impl into virnetdevvportprofile.c
The enum for virNetDevVPort is declared in the header file
virnetdevvportprofile.h, but for some reason the impl is
in netdev_vport_profile_conf.c.

This causes a dep from src/util onto src/conf which is not
allowed. Move the enum impl into virnetdevvportprofile.c
to break the circle.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-11 11:45:54 +01:00
Michal Privoznik
1606d89c86 qemu_conf: Introduce "migration_address"
This configuration knob is there to override default listen address for
-incoming for all qemu domains.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-10-11 11:11:33 +02:00
Michal Privoznik
c4ac7ef663 qemu: Implement support for VIR_MIGRATE_PARAM_LISTEN_ADDRESS
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-10-11 11:08:55 +02:00
Michal Privoznik
1f9546e365 virsocket: Introduce virSocketAddrIsWildcard
This function takes exactly one argument: an address to check.
It returns true, if the address is an IPv4 or IPv6 address in numeric
format, false otherwise (e.g. for "examplehost").

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-10-11 11:05:06 +02:00
Michal Privoznik
7d704812b9 qemu: Introduce qemuDomainDefCheckABIStability
https://bugzilla.redhat.com/show_bug.cgi?id=994364

Whenever we check for ABI stability, we have new xml (e.g. provided by
user, or obtained from snapshot, whatever) which we compare to old xml
and see if ABI won't break. However, if the new xml was produced via
virDomainGetXMLDesc(..., VIR_DOMAIN_XML_MIGRATABLE) it lacks some
devices, e.g. 'pci-root' controller. Hence, the ABI stability check
fails even though it is stable. Moreover, we can't simply fix
virDomainDefCheckABIStability because removing the correct devices is
task for the driver. For instance, qemu driver wants to remove the usb
controller too, while LXC driver doesn't. That's why we need special
qemu wrapper over virDomainDefCheckABIStability which removes the
correct devices from domain XML, produces MIGRATABLE xml and calls the
check ABI stability function.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-10-11 10:31:35 +02:00
John Ferlan
77fb4c4f9e storage_backend: Fix issue with allocation of 0 length volume
Commit id '532fef36' added a call to fallocate() and some error
handling based on whether or not the function existed. This new
call resulted in libvirt-cim/cimtest failures when attempting to
create a volume with "0" (zero) allocation value. The failure is
logged as:

Oct  9 07:51:33 localhost libvirtd[8030]: cannot allocate 0 bytes in
file '/var/lib/libvirt/images/cimtest-vol.img': Invalid argument

This can also be seen with virsh vol-create-as:

error: Failed to create vol test
error: cannot allocate 0 bytes in file '/home/vm-images/test': Invalid
argument

error: Failed to create vol test
error: cannot allocate 0 bytes in file '/home/vm-images/test': Invalid
argument

It turns out fallocate() will return EINVAL when the incoming 'len'
(or allocation) value is 0 (or less).
2013-10-10 08:33:04 -04:00
Michal Privoznik
9c228e0817 qemu: Init @pcidevs in qemuPrepareHostdevPCIDevices
At the beginning of the function qemuPrepareHostdevPCICheckSupport() is
called. After that @pcidevs is initialized. However, if the very first
command fails, we go to 'cleanup' label where virObjectUnref(pcidevs) is
called. Obviously, it is called before @pcidevs was able to get
initialized. Compiler warns about it:

  CC       qemu/libvirt_driver_qemu_impl_la-qemu_hostdev.lo
qemu/qemu_hostdev.c: In function 'qemuPrepareHostdevPCIDevices':
qemu/qemu_hostdev.c:824:19: error: 'pcidevs' may be used uninitialized in this function [-Werror=maybe-uninitialized]
     virObjectUnref(pcidevs);
                   ^
cc1: all warnings being treated as errors
2013-10-10 12:32:49 +02:00
Peter Krempa
f094aaac48 qemu: Prefer VFIO for PCI device passthrough
Prefer using VFIO (if available) to the legacy KVM device passthrough.

With this patch a PCI passthrough device without the driver configured
will be started with VFIO if it's available on the host. If not legacy
KVM passthrough is checked and error is reported if it's not available.
2013-10-10 12:00:56 +02:00
Peter Krempa
467b561ac2 qemu: hostdev: Add checks if PCI passthrough is available in the host
Add code to check availability of PCI passhthrough using VFIO and the
legacy KVM passthrough and use it when starting VMs and hotplugging
devices to live machine.
2013-10-10 10:35:01 +02:00
Peter Krempa
f24150b1f5 qemu: hostdev: Fix function spacing and header formatting 2013-10-10 10:32:07 +02:00
Peter Krempa
a863b89010 qemu: refactor qemuCompressProgramAvailable() 2013-10-09 18:26:48 +02:00
Peter Krempa
f2b0a5336e qemu: Fix coding style in qemuDomainSaveFlags()
Avoid mixed brace style in an if statement and fix formatting of error
messages.
2013-10-09 18:26:48 +02:00
Ján Tomko
3f029fb531 LXC: Fix handling of RAM filesystem size units
Since 76b644c when the support for RAM filesystems was introduced,
libvirt accepted the following XML:
<source usage='1024' unit='KiB'/>

This was parsed correctly and internally stored in bytes, but it
was formatted as (with an extra 's'):
<source usage='1024' units='KiB'/>
When read again, this was treated as if the units were missing,
meaning libvirt was unable to parse its own XML correctly.

The usage attribute was documented as being in KiB, but it was not
scaled if the unit was missing. Transient domains still worked,
because this was balanced by an extra 'k' in the mount options.

This patch:
Changes the parser to use 'units' instead of 'unit', as the latter
was never documented (fixing persistent domains) and some programs
(libvirt-glib, libvirt-sandbox) already parse the 'units' attribute.

Removes the extra 'k' from the tmpfs mount options, which is needed
because now we parse our own XML correctly.

Changes the default input unit to KiB to match documentation, fixing:
https://bugzilla.redhat.com/show_bug.cgi?id=1015689
2013-10-09 17:44:45 +02:00
Chen Hanxiao
fc9a416df7 cgroup: fix a comment typo in vircgroup.c
s/shoule/should

Signed-off-by: Chen Hanxiao <chenhanxiao@cn.fujitsu.com>
2013-10-09 17:16:58 +02:00
Ján Tomko
63b6e59fd0 storage: Use bool instead of int
Commit 532fef3 added two-state 'need_alloc' and exposed
'want_sparse' which also only has two states.

Change their type from int to bool.
2013-10-09 09:37:12 +02:00
Giuseppe Scrivano
a90b9778c2 build: fix linker error on FreeBSD
Commit 2d74822a9e renamed
"freebsdNodeGetCPUCount" to "appleFreebsdNodeGetCPUCount", leaving one
call to "freebsdNodeGetCPUCount".  Fix this other case.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2013-10-08 12:45:20 -06:00
Peter Krempa
9d13298901 qemu: hostdev: Refactor PCI passhrough handling
To simplify future patches dealing with this code, simplify and refactor
some conditions to switch statements.
2013-10-08 15:24:27 +02:00
Michal Privoznik
4b744d7d00 virerror: s/VIR_ERR_STORAGE_VOL_EXISTS/VIR_ERR_STORAGE_VOL_EXISTS/
We currently have other error codes in singular form, e.g.
VIR_ERR_NETWORK_EXIST. Cleanup the previous patch to match the form.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-10-07 19:21:47 +02:00
Hongwei Bi
91875896d5 fix a ambiguous output of the command:'virsh vol-create-as'
I created a storage volume(eg: test) from a storage pool(eg:vg10) using
the following command:"virsh vol-create-as --pool vg10 --name test --capacity 300M."
When I re-executed the above command, the output was as the following:
"error: Failed to create vol test
 error: Storage volume not found: storage vol 'test' already exists"

I think the output "Storage volume not found" is not appropriate. Because in fact storage
vol test has been found at this time. And then I think virErrorNumber should includes
VIR_ERR_STORAGE_EXIST which can also be used elsewhere. So I make this patch. The result
is as following:
"error: Failed to create vol test
 error: storage volume 'test' exists already"
2013-10-07 18:26:09 +02:00
Daniel P. Berrange
999d72fbd5 Remove use of virConnectPtr from all remaining nwfilter code
The virConnectPtr is passed around loads of nwfilter code in
order to provide it as a parameter to the callback registered
by the virt drivers. None of the virt drivers use this param
though, so it serves no purpose.

Avoiding the need to pass a virConnectPtr means that the
nwfilterStateReload method no longer needs to open a bogus
QEMU driver connection. This addresses a race condition that
can lead to a crash on startup.

The nwfilter driver starts before the QEMU driver and registers
some callbacks with DBus to detect firewalld reload. If the
firewalld reload happens while the QEMU driver is still starting
up though, the nwfilterStateReload method will open a connection
to the partially initialized QEMU driver and cause a crash.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-07 14:19:10 +01:00
Daniel P. Berrange
ebca369e3f Don't pass virConnectPtr in nwfilter 'struct domUpdateCBStruct'
The nwfilter driver only needs a reference to its private
state object, not a full virConnectPtr. Update the domUpdateCBStruct
struct to have a 'void *opaque' field instead of a virConnectPtr.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-07 14:19:10 +01:00
Daniel P. Berrange
b77b16ce41 Remove virConnectPtr arg from virNWFilterDefParse*
None of the virNWFilterDefParse* methods require a virConnectPtr
arg, so just drop it

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-07 14:19:10 +01:00
Claudio Bley
609eb987c6 Adjust legacy max payload size to account for header information
Commit 27e81517a8 set the payload size to 256 KB, which is
actually the max packet size, including the size of the header.

Reduce this by VIR_NET_MESSAGE_HEADER_MAX (24) and set
VIR_NET_MESSAGE_LEGACY_PAYLOAD_MAX to 262120, which was the original
value before increasing the limit in commit eb635de1fe.
2013-10-07 13:28:44 +02:00
Ryota Ozaki
2d74822a9e nodeinfo: make freebsdNodeGetCPUCount work on Mac OS X
This fixes the following error:
  error : nodeGetInfo:933 : this function is not supported
  by the connection driver: node info not implemented on this platform

The freebsdNodeGetCPUCount was renamed to appleFreebsdNodeGetCPUCount
in order to make more visible the fact, that it works on Mac OS X too.

Mac OS X can use sysctlbyname as same as FreeBSD to get the CPU
frequency. However, the MIB style name is different from FreeBSD's.
And the unit of the return frequency is also different.

Signed-off-by: Ryota Ozaki <ozaki.ryota@gmail.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-10-07 10:28:18 +02:00
Ryota Ozaki
5a468b38b6 rpc: fix getsockopt for LOCAL_PEERCRED on Mac OS X
This fixes the following error:
  error : virGetUserEnt:703 : Failed to find user record for uid '32654'

'32654' (it's random and varies) comes from getsockopt with
LOCAL_PEERCRED option. getsockopt returns w/o error but seems
to not set any value to the buffer for uid.

For Mac OS X, LOCAL_PEERCRED has to be used with SOL_LOCAL level.
With SOL_LOCAL, getsockopt returns a correct uid.

Note that SOL_LOCAL can be found in
/System/Library/Frameworks/Kernel.framework/Versions/A/Headers/sys/un.h.

Signed-off-by: Ryota Ozaki <ozaki.ryota@gmail.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-10-07 10:18:55 +02:00
Eric Blake
51c8216594 build: fix build on RHEL 5
On RHEL 5, compilation fails with:

storage/storage_backend.c: In function 'createRawFile':
storage/storage_backend.c:339: warning: implicit declaration of function 'fallocate'
storage/storage_backend.c:339: warning: nested extern declaration of 'fallocate' [-Wnested-externs]

But:

$ grep HAVE_FALLOCATE config.h
/* #undef HAVE_FALLOCATE */

Huh? It turns out that in kernels that old, fallocate() is not
implemented (config.h is correct), but <linux/fs.h> defines
HAVE_FALLOCATE as an empty witness macro for a completely
different purpose.  Since storage_backend.c is including
<linux/fs.h> on RHEL 5, we are hosed by the kernel definition.
Newer kernels no longer pollute the namespace, and it's fairly
easy to convert to an expression that works with both the old
kernel witness and the new-style config.h (undefined or 1).

Problem introduced in commit 532fef3.

* src/storage/storage_backend.c (createRawFile): Avoid namespace
pollution from kernel, by checking HAVE_FALLOCATE for a value.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-10-04 17:33:37 -06:00
Eric Blake
bdc55cc7d2 build: fix build --without-remote
I tried to test ./configure --without-lxc --without-remote.
First, the build failed with some odd errors, such as an
inability to build xen, or link failures for virNetTLSInit.
But when you think about it, once there is no remote code,
all of libvirtd is useless, any stateful driver that depends
on libvirtd is also not worth compiling, and any libraries
used only by RPC code are not needed.  So I patched
configure.ac to make for some saner defaults when an
explicit disable is attempted.  Similarly, since we have
migrated virnetdevbridge into generic code, the workaround
for Linux kernel stupidity must not depend on stateful
drivers being in use.

Then there's 'make check' that needs segregation.

Wow - quite a bit of cleanup to make --without-remote useful :)

* configure.ac: Let --without-remote toggle defaults on stateful
drivers and other libraries.  Pick up Linux kernel workarounds
even when qemu and lxc are not being compiled.
* tests/Makefile.am (test_programs): Factor out programs that
require remote.
* src/libvirt_private.syms (rpc/virnet*.h): Move...
* src/libvirt_remote.syms: ...into new file.
* src/Makefile.am (SYM_FILES): Ship new syms file.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-10-04 17:01:47 -06:00
Oskari Saarenmaa
532fef369f storage: fix file allocation behavior in file cloning
Fixed the safezero call for allocating the rest of the file after cloning
an existing volume; it used to always use a zero offset, causing it to
only allocate the beginning of the file.

Also modified file creation to try to use fallocate(2) to pre-allocate
disk space before copying any data to make sure it fails early on if disk
is full and makes sure we can skip zero blocks when copying file contents.

If fallocate isn't available we will zero out the rest of the file after
cloning and only use sparse cloning if client requested a lower allocation
than the input volume's capacity.

Signed-off-by: Oskari Saarenmaa <os@ohmu.fi>
2013-10-04 16:18:44 +02:00
Oskari Saarenmaa
b63a1d0e95 virfile: safezero: fix buffer allocation max size
My previous commit 7dc1d4ab was supposed to change safezero to allocate
1 megabyte at maximum, but had the logic reversed and will allocate 1
megabyte at minimum (and a lot more at maximum.)

Signed-off-by: Oskari Saarenmaa <os@ohmu.fi>
2013-10-04 16:10:27 +02:00
Cole Robinson
fc9ff1f249 test: Fix coverity warnings 2013-10-04 10:06:56 -04:00
Peter Krempa
f8e2da01be qemu: Use maximum guest memory size when getting NUMA placement advice
When starting the VM the guest balloon driver is not loaded at that
time. We need to ask numad for placement of the complete VM.
2013-10-04 14:57:54 +02:00
Gao feng
391b82722e Free cmd in virNetDevVethCreate
Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
2013-10-04 12:03:19 +01:00
Gao feng
524b21979a Free cmd in virNetDevVethDelete
Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
2013-10-04 12:02:38 +01:00
Oskari Saarenmaa
7dc1d4ab89 virfile: safezero: fall back to writing block by block if mmap fails
mmap can fail on 32-bit systems if we're trying to zero out a lot of data.
Fall back to using block-by-block writing in that case.  While we could map
smaller blocks it's unlikely that this code is used a lot and its easier to
just fall back to one of the existing methods.

Also modified the block-by-block zeroing to not allocate a megabyte of
zeroes if we're writing less than that.

Signed-off-by: Oskari Saarenmaa <os@ohmu.fi>
2013-10-04 08:22:36 +02:00
Cole Robinson
68cc45b6f9 test: snapshot: Add REDEFINE support 2013-10-03 17:31:55 -04:00
Cole Robinson
670e86bfd7 qemu: snapshot: Break out redefine preparation to shared function 2013-10-03 17:31:55 -04:00
Cole Robinson
390c06b675 test: Implement snapshot create/delete/revert APIs
Again stolen from qemu_driver.c, but dropping all the unneeded bits.
This aims to copy all the current qemu validation checks since that's
the most commonly used real driver, but some of the checks are
completely artificial in the test driver.

This only supports creation of internal snapshots for initial
simplicity.
2013-10-03 17:26:50 -04:00
Cole Robinson
1d24185284 test: Allow specifying domainsnapshot XML
The user can pass it as a <test:domainsnapshot> subelement of a <domain>.
2013-10-03 16:52:54 -04:00
Cole Robinson
56ff156d15 qemu: snapshots: Simplify REDEFINE flag check
Makes things more readable IMO
2013-10-03 16:52:54 -04:00
Laine Stump
9881bfed25 qemu: check actual netdev type rather than config netdev type during init
This resolves:

   https://bugzilla.redhat.com/show_bug.cgi?id=1012824
   https://bugzilla.redhat.com/show_bug.cgi?id=1012834

Note that a similar problem was reported in:

   https://bugzilla.redhat.com/show_bug.cgi?id=827519

but the fix only worked for <interface type='hostdev'>, *not* for
<interface type='network'> where the network itself was a pool of
hostdevs.

The symptom in both cases was this error message:

   internal error: Unable to determine device index for network device

In both cases the cause was lack of proper handling for netdevs
(<interface>) of type='hostdev' when scanning the netdev list looking
for alias names in qemuAssignDeviceNetAlias() - those that aren't
type='hostdev' have an alias of the form "net%d", while those that are
hostdev use "hostdev%d". This special handling was completely lacking
prior to the fix for Bug 827519 which was:

When searching for the highest alias index, libvirt looks at the alias
for each netdev and if it is type='hostdev' it ignores the entry. If
the type is not hostdev, then it expects the "net%d" form; if it
doesn't find that, it fails and logs the above error message.

That fix works except in the case of <interface type='network'> where
the network uses hostdev (i.e. the network is a pool of VFs to be
assigned to the guests via PCI passthrough). In this case, the check
for type='hostdev' would fail because it was done as:

     def->net[i]->type == VIR_DOMAIN_NET_TYPE_HOSTDEV

(which compares what was written in the config) when it actually
should have been:

    virDomainNetGetActualType(def->net[i]) == VIR_DOMAIN_NET_TYPE_HOSTDEV

(which compares the type of netdev that was actually allocated from
the network at runtime).

Of course the latter wouldn't be of any use if the netdevs of
type='network' hadn't already acquired their actual network connection
yet, but manual examination of the code showed that this is never the
case.

While looking through qemu_command.c, two other places were found to
directly compare the net[i]->type field rather than getting actualType:

* qemuAssignDeviceAliases() - in this case, the incorrect comparison
  would cause us to create a "net%d" alias for a netdev with
  type='network' but actualType='hostdev'. This alias would be
  subsequently overwritten by the proper "hostdev%d" form, so
  everything would operate properly, but a string would be
  leaked. This patch also fixes this problem.

* qemuAssignDevicePCISlots() - would defer assigning a PCI address to
  a netdev if it was type='hostdev', but not for type='network +
  actualType='hostdev'. In this case, the actual device usually hasn't
  been acquired yet anyway, and even in the case that it has, there is
  no practical difference between assigning a PCI address while
  traversing the netdev list or while traversing the hostdev
  list. Because changing it would be an effective NOP (but potentially
  cause some unexpected regression), this usage was left unchanged.
2013-10-03 11:06:45 -04:00
Daniel P. Berrange
fe3f108d85 Use 'vnet' as prefix for veth devices
The XML parser reserves 'vnet' as a prefix for automatically
generated NIC device names. Switch the veth device creation
to use this prefix, so it does not have to worry about clashes
with user specified names in the XML.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-03 11:28:44 +01:00
Daniel P. Berrange
f2e53555eb Retry veth device creation on failure
The veth device creation code run in two steps, first it looks
for two free veth device names, then it runs ip link to create
the veth pair. There is an obvious race between finding free
names and creating them, when guests are started in parallel.

Rewrite the code to loop and re-try creation if it fails, to
deal with the race condition.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-03 11:28:30 +01:00
Daniel P. Berrange
8766e9b5a5 Avoid deleting NULL veth device name
If veth device allocation has a fatal error, the veths
array may contain NULL device names. Avoid calling the
virNetDevVethDelete function on such names.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-03 11:28:08 +01:00
Daniel P. Berrange
10caf94ddc Avoid reporting an error if veth device is already deleted
The kernel automatically destroys veth devices when cleaning
up the container network namespace. During normal shutdown, it
is thus likely that the attempt to run 'ip link del vethN'
will fail. If it fails, check if the device exists, and avoid
reporting an error if it has gone. This switches to use the
virCommand APIs instead of virRun too.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-03 11:28:06 +01:00
Daniel P. Berrange
f5eae57086 Don't set netdev offline in container cleanup
During container cleanup there is a race where the kernel may
have destroyed the veth device before we try to set it offline.
This causes log error messages. Given that we're about to
delete the device entirely, setting it offline is pointless.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-03 11:25:20 +01:00
Michal Privoznik
3e8343e151 qemuMonitorJSONSendKey: Avoid double free
After successful @cmd construction the memory where @keys points to is
part of @cmd. Avoid double freeing it.
2013-10-03 08:57:57 +02:00
Michal Privoznik
ec07a9e84b qemuMonitorJSONGetVirtType: Fix error message
When querying for kvm, we try to find 'enabled' field. Hence the error
message should report we haven't found 'enabled' and not 'running'
(which is not even in the reply). Probably a typo or copy-paste error.
2013-10-03 08:57:50 +02:00
Michal Privoznik
9fa10d3901 qemu_hotplug: Allow QoS update in qemuDomainChangeNet
The qemuDomainChangeNet() is called when 'virsh update-device' is
invoked on a NIC. Currently, we fail to update the QoS even though
we have routines for that.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-10-02 10:48:03 +02:00
Michal Privoznik
ee02fbc8e4 virNetDevBandwidthEqual: Make it more robust
So far the virNetDevBandwidthEqual() expected both ->in and ->out items
to be allocated for both @a and @b compared. This is not necessary true
for all our code. For instance, running 'update-device' twice over a NIC
with the very same XML results in SIGSEGV-ing in this function.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-10-02 10:47:22 +02:00
Cole Robinson
c4510fd147 test: Implement readonly snapshot APIs
This is just stolen from qemu_driver.c with tweaks to fit the
test driver.
2013-10-01 11:59:07 -04:00
Cole Robinson
25314fa6c5 test: Wire up managed save APIs
Also add a <test:hasmanagedsave> element to set this data when starting
the connection.
2013-10-01 11:33:56 -04:00
Cole Robinson
d82ea6ec4e test: Allow specifying object transient state in driver XML
Similar to the runstate commit, allow a boolean <test:transient/>
element for setting domain persistence at driver startup.
2013-10-01 11:27:21 -04:00
Cole Robinson
a924d9d083 qemu: cgroup: Fix crash if starting nographics guest
We can dereference graphics[0] even if guest has no graphics device
configured. I screwed this up in a216e64872

https://bugzilla.redhat.com/show_bug.cgi?id=1014088
2013-10-01 11:22:18 -04:00
Ján Tomko
f1bdcb2be9 selinux: Only close the selabel_handle once
On selinux driver initialization failure (missing/incorrectly
formatted contexts file), selabel_handle was closed twice.

Introduced by 6159710.
2013-10-01 15:00:07 +02:00
Laine Stump
e4e73337e5 util: recognize SMB/CIFS filesystems as shared
This should resolve:

  https://bugzilla.redhat.com/show_bug.cgi?id=1012085

libvirt previously recognized NFS, GFS2, OCFS2, and AFS filesystems as
"shared", and thus eligible for exceptions to certain rules/actions
about chowning image files before handing them off to a guest. This
patch widens the definition of "shared filesystem" to include SMB and
CIFS filesystems (aka "Windows file sharing"); both of these use the
same protocol, but different drivers so there are different magic
numbers for each.
2013-10-01 05:45:05 -04:00
Michal Privoznik
64f1e1688d qemu_capabilities: Introduce virQEMUCapsInitQMPMonitor
This basically covers the talking-to-monitor part of
virQEMUCapsInitQMP.  The patch itself has no real value,
but it creates an entity to be tested in the next patches.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-10-01 10:48:47 +02:00
Chen Hanxiao
4b2b078a8b lxc: do cleanup when failed to bind fs as read-only
We forgot to do cleanup when lxcContainerMountFSTmpfs
failed to bind fs as read-only.

Signed-off-by: Chen Hanxiao <chenhanxiao@cn.fujitsu.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2013-09-30 13:30:43 -06:00
Daniel P. Berrange
27e81517a8 Fix max stream packet size for old clients
The libvirtd server pushes data out to clients. It does not
know what protocol version the client might have, so must be
conservative and use the old payload limits. ie send no more
than 256kb of data per packet.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-30 19:01:23 +01:00
Cédric Bosdonnat
bd773e74f0 LXC: workaround machined uncleaned data with containers running systemd.
The problem is described by [0] but its effect on libvirt is that
starting a container with a full distro running systemd after having
stopped it simply fails.

The container cleanup now calls the machined Terminate function to make
sure that everything is in order for the next run.

 [0]: https://bugs.freedesktop.org/show_bug.cgi?id=68370
2013-09-30 16:47:23 +01:00
Oskari Saarenmaa
edc61bf63e virfile: safezero: align mmap offset to page size
mmap's offset must be aligned to page size or mapping will fail.
mmap-based safezero is only used if posix_fallocate isn't available.

Signed-off-by: Oskari Saarenmaa <os@ohmu.fi>
2013-09-30 15:18:13 +02:00
Boris Fiuczynski
11d9dd7ba0 virscsi: hostdev SCSI AdapterId retrieval fix
Fixed the retrieval of the AdapterId from the AdapterName of the
hostdev source so it does return an error instead of leaving the
adapter_id uninitialized.

Signed-off-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
Reviewed-by: Viktor Mihajlovski <mihajlov@linux.vnet.ibm.com>
2013-09-30 15:04:46 +02:00
Peter Krempa
59e21e973f qemu: process: Silence coverity warning when rewinding log file
The change in ef29de14c3 that introduced
better error logging from qemu introduced a warning from coverity about
unused return value from lseek. Silence this warning and fix typo in the
corresponding error message.

Reported by: John Ferlan
2013-09-30 13:43:32 +02:00
Daniel Veillard
b3f6f8ba19 Remove tab from previous commit 2013-09-30 00:09:59 +08:00
Doug Goldstein
45cd9aa2d4 VMware: Initial VMware Fusion support
Add support for VMware Fusion in the existing VMware driver.  Connect
via the URI vmwarefusion:///session
2013-09-29 18:40:36 +08:00
Doug Goldstein
ca91e55407 VMware: Support more than 2 driver backends
Currently the VMware version check code only supports two types of
VMware backends, Workstation and Player. But in the near future we will
have an additional one so we need to support more. Additionally, we
discover and cache the path to the vmrun binary so we should use that
path when using the corresponding binary from the VMware VIX SDK.
2013-09-29 18:40:36 +08:00
Eric Blake
51f98bbab8 build: tweak vpath builds of net_rpc
Another case missed by commits 716c7bb and 6973e02.

* src/Makefile.am (VIR_NET_RPC_GENERATED): Drop $(srcdir).
(libvirt_net_rpc_la_SOURCES): List generated files more compactly.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-09-27 17:01:05 -06:00
Michal Privoznik
ecbb3d51b5 Makefile.am: Always include rule to make org.libvirt.api.policy
When running 'make dist' on a system without policykit, we currently
fail. This is because $(srcdir)/access/org.libvirt.api.policy is in
EXTRA_DIST, however, the rule to generate the file is conditional
whether we build with polkit or not.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-09-27 18:32:43 +02:00
Michal Privoznik
3f573fbae1 genprotocol.pl: Fix code on FreeBSD too
On some systems (linux, cygwin and gnukfreebsd) rpcgen generates files
which when compiling produces this warning:

remote/remote_protocol.c: In function 'xdr_remote_node_get_cpu_stats_ret':
remote/remote_protocol.c:530: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]

Hence, on those systems we need to post-process the files by the
rpc/genprotocol.pl perl script. At the beginning of the script the OS is
detected via $^O perl variable. From my latest build on FreeBSD I see we
need to fix the code there too. On FreeBSD the variable contains
'freebsd' string:

http://perldoc.perl.org/perlport.html#PLATFORMS

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-09-27 18:32:42 +02:00
Doug Goldstein
b41bed70f1 event: Make debug message match function comments
The debug message said there was a timeout of 0 pending for -1 ms which
made me think this is where a hang was coming from but according to the
function comments this case means that there is no timeout pending so
make the debug message say that instead of saying there's a -1 ms
timeout.
2013-09-27 11:16:35 -05:00
Doug Goldstein
03ee919e9b BSD: Ensure process creation timestamp is init'd
While BSDs don't support process creation timestamp information via
PEERCRED for Unix sockets, we need to actually initialize the value
because it is used by the libvirt code.
2013-09-27 11:16:35 -05:00
Doug Goldstein
68674169af BSD: Ensure UNIX socket credentials are valid
Ensure that the socket credentials we got back on BSD are valid before
using them.
2013-09-27 11:16:35 -05:00
Jiri Denemark
9e03f313b8 qemu: Free all driver data in qemuStateCleanup
https://bugzilla.redhat.com/show_bug.cgi?id=1011330 (case A)

While activeScsiHostdevs and webSocketPorts were allocated in
qemuStateInitialize, they were not freed in qemuStateCleanup.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2013-09-27 15:57:14 +02:00
Jiri Denemark
833cdab6d2 qemu: Don't leak reference to virQEMUDriverConfigPtr
https://bugzilla.redhat.com/show_bug.cgi?id=1011330 (case D)

qemuProcessStart created two references to virQEMUDriverConfigPtr before
calling fork():

    cfg = virQEMUDriverGetConfig(driver);
    ...
    hookData.cfg = virObjectRef(cfg);

However, the child only unreferenced hookData.cfg and the parent only
removed the cfg reference. That said, we don't need to increment the
reference counter when assigning cfg to hookData. Both the child and the
parent will correctly remove the reference on cfg (the child will do
that through hookData).

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2013-09-27 15:57:14 +02:00
Viktor Mihajlovski
6973e02b3d build: Fix VPATH build error for locking daemon
Removed superfluous/wrong srcdir prefix.

Signed-off-by: Viktor Mihajlovski <mihajlov@linux.vnet.ibm.com>
2013-09-27 07:26:09 -06:00
Jiri Denemark
f25a08747d rpc: Increase bound limit for virDomainGetJobStats
https://bugzilla.redhat.com/show_bug.cgi?id=1012818

Commit 6d7d0b1869 (in 1.1.2) added bounds
checking to virDomainGetJobStats. But even at that time the API was able
to return 20 parameters while the limit was set to 16.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2013-09-27 12:56:13 +02:00
Chen Hanxiao
cc5b920b24 lxc: fix a warning typo in virLXCControllerEventSend
s/becuase/because/

Signed-off-by: Chen Hanxiao <chenhanxiao@cn.fujitsu.com>
2013-09-27 08:15:06 +02:00
Eric Blake
8de47efd3f maint: fix comment typos
* src/lxc/lxc_controller.c (virLXCControllerSetupDisk): Fix typo.
* src/lxc/lxc_driver.c (lxcDomainAttachDeviceDiskLive): Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-09-26 15:40:34 -06:00
Chen Hanxiao
c82513acc2 LXC: free dst before lxcDomainAttachDeviceDiskLive returns
Free dst before lxcDomainAttachDeviceDiskLive returns

Signed-off-by: Chen Hanxiao <chenhanxiao@cn.fujitsu.com>
2013-09-26 15:13:55 +02:00
Chen Hanxiao
21813c9fb5 qemu: virDomainControllerFind may return 0 if controller found
The return value of virDomainControllerFind >=0 means that
the specific controller was found.
But some functions invoke it and treat 0 as not found.
This patch fix these incorrect invocation.

Signed-off-by: Chen Hanxiao <chenhanxiao@cn.fujitsu.com>
2013-09-26 15:13:36 +02:00
Guido Günther
40942b788e Distribute check-aclperms.pl
so "make check" can work for the distributed tarballs too.
2013-09-26 14:26:53 +02:00
Peter Krempa
0dd948cb2b conf: clean up virDomainChrSourceDefParseXML
Tweak some conditions and use correct typecasts in enums.
2013-09-26 09:24:09 +02:00
Peter Krempa
795527548f conf: Don't crash on invalid chardev source definition of RNGs and other
Since commit 297c99a5 an invalid source definition XML of a character
device that is used as backend for RNG devices, smartcards and redirdevs
causes crash of the daemon when parsing such a definition.

The device types mentioned above are not a part of a regular character
device but are backends for other types. Thus when parsing such device
NULL is passed as the argument @chr_def. Later when checking the
validity of the definition @chr_def was dereferenced when parsing a UNIX
socket backend with missing path of the socket and crashed the daemon.

Sample offending configuration:
  <devices>
  ...
    <rng model='virtio'>
      <backend model='egd' type='unix'>
        <source mode='bind' service='1024'/>
      </backend>
    </rng>
  </devices>

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1012196
2013-09-26 08:48:38 +02:00
Cole Robinson
e791033df6 test: Allow specifying object runstate in driver XML
When passing in custom driver XML, allow a block like

<domain xmlns:test='http://libvirt.org/schemas/domain/test/1.0'>
  ...
  <test:runstate>5</test:runstate>
</domain>

This is only read at initial driver start time, and sets the initial
run state of the object. This is handy for UI testing.

It's only wired up for domains, since that's the only conf/
infrastructure that supports namespaces at the moment.
2013-09-25 13:30:36 -04:00
Daniel P. Berrange
4f2094346d Don't ignore errors parsing nwfilter rules
For inexplicable reasons, the nwfilter XML parser is intentionally
ignoring errors that arise during parsing. As well as meaning that
users don't get any feedback on their XML mistakes, this will lead
it to silently drop data in OOM conditions.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-25 18:12:09 +01:00
Daniel P. Berrange
06bfe6fe2b Fix leak in virLockSpaceResourceFree
Normally a lockspace resource is not freed while there are
active owners. During initial resource creation though, an
OOM error will trigger this scenario. virLockSpaceResourceFree
was not freeing the 'owners' field in this case.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-25 18:12:09 +01:00
Daniel P. Berrange
ec48aaee23 Fix leak of parser state in virJSONValueFromString
If OOM or another error occurs in virJSONValueFromString the
parser state object will be leaked.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-25 18:12:09 +01:00
Daniel P. Berrange
d3f8fec456 Fix double-free in virJSONParserHandleStartMap on OOM
If OOM occurs in virJSONParserHandleStartMap it will free
a variable that is owned by another object. This leads to
a later double-free.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-25 18:12:09 +01:00
Daniel P. Berrange
6bf3078657 Fix leak of iterators in virDBusMessageIterEncode
If virDBusMessageIterEncode hits an OOM condition it often
leaks the memory associated with the dbus iterator object

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-25 18:12:09 +01:00
Daniel P. Berrange
a8412f868b Fix leak of comment string if virConfAddEntry fails on OOM
The code parsing comments in config files called virConfAddEntry
but did not check for failure. This caused the comment string to
leak on OOM.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-25 18:12:09 +01:00
Daniel P. Berrange
1f66001c69 Add missing check for OOM with virVMXEscapeHexPipe
The virVMXFormatConfig called virVMXEscapeHexPipe but
forgot to check for OOM. This caused data to silently
be lost.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-25 18:12:09 +01:00
Daniel P. Berrange
6b663b6fd1 Fix crash on OOM parsing storage pool XML
The virStoragePoolDefParseSource method would set def->nhosts
before allocating def->hosts. If the allocation failed due to
OOM, the cleanup code would crash accessing out of bounds.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-25 18:12:08 +01:00
Daniel P. Berrange
0dff76c2d3 Fix double free of hostdev on OOM in xenParseSxprPCI
If xenParseSxprPCI failed to expand the def->hostdevs array
due to OOM, it would free the hostdev instance twice.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-25 18:12:08 +01:00
Daniel P. Berrange
93ac954094 Fix crash on OOM in virDomainSnapshotDefParse
The virDomainSnapshotDefParse method assigned to def->ndisks
before allocating def->disks. Thus if an OOM occurred, the
cleanup code would access out of bounds.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-25 18:12:08 +01:00
Daniel P. Berrange
8feae8e136 Don't clobber return value in virInterfaceDefParseProtoIPv6
Several places in virInterfaceDefParseProtoIPv6 clobber the
default 'ret' return value. So when jumping to cleanup on
error, 'ret' may mistakenly be set to 0 instead of -1. This
caused failure to report OOM errors, meaning data was silently
lost during parsing.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-25 18:12:08 +01:00
Daniel P. Berrange
3169991555 Fix handling of OOM when getting Xen dom ID
The methods for obtaining the Xen dom ID cannot distinguish
between returning -1 due to an error and returning -1 due to
the domain being shutoff. Change them to return the dom ID
via an output parameter.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-25 18:12:08 +01:00
Daniel P. Berrange
d508f70df0 Fix crash on OOM in xenParseSxpr
The xenParseSxpr method sets def->nconsoles to 1 before allocating
the def->consoles array. If the allocation fails due to OOM the
cleanup code will thus crash accessing out of bounds.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-25 18:12:08 +01:00
Daniel P. Berrange
0377238fe8 Fix leak of serial value in xenFormatXM on OOM
If an OOM occurs in xenFormatXM when formatting to the
serial device value, the value is leaked.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-25 15:49:28 +01:00
Daniel P. Berrange
760b59e909 Fix broken formatting on OOM in xenFormatXM
If an OOM occurs when xenFormatXM is setting the 'hpet'
variable it is silently ignored. Fix it to propagate
to the callers.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-25 15:49:28 +01:00
Daniel P. Berrange
10b7d19fdd Fix crash on OOM in xenParseXM handling consoles
The xenParseXM sets def->nconsoles to 1 before claling
VIR_REALLOC_N on def->consoles. So if the alloc fails
due to OOM, the cleanup code will crash accessing a
console that does not exist.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-25 15:49:28 +01:00
Daniel P. Berrange
fa911ec44e Fix leak of char device in xenParseXM
If an OOM occurs in xenParseXM, a virDomainChrDef may be
leaked.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-25 15:49:28 +01:00
Daniel P. Berrange
145de7b8f3 Fix leak of command line args in qemuParseCommandLine
If qemuParseCommandLine finds an arg it does not understand
it adds it to the QEMU passthrough custom arg list. If the
qemuParseCommandLine method hits an error for any reason
though, it just does 'VIR_FREE(cmd)' on the custom arg list.
This means all actual args / env vars are leaked. Introduce
a qemuDomainCmdlineDefFree method to be used for cleanup.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-25 15:49:28 +01:00
Daniel P. Berrange
94e6b94ab7 Fix leak in qemuParseCommandLine on OOM
If the call to virDomainControllerInsert fails in
qemuParseCommandLine, the controller struct is leaked.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-25 15:49:28 +01:00
Daniel P. Berrange
b391b19144 Fix leak in qemuStringToArgvEnv upon OOM
The 'qemuStringToArgvEnv' method splits up a string of command
line env/args to an 'arglist' array. It then copies env vars
to a 'progenv' array and args to a 'progargv' array. When
copyin the env vars, it NULL-ifies the element in 'arglist'
that is copied.

Upon OOM the 'virStringListFree' is called on progenv and
arglist. Unfortunately, because the elements in 'arglist'
related to env vars have been set to NULL, the call to
virStringListFree(arglist) doesn't free anything, even
though some non-NULL args vars still exist later in the
array.

To fix this leak, stop NULL-ifying the 'arglist' elements,
and change the cleanup code to only free elements in the
'arglist' array, not 'progenv'.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-25 15:49:28 +01:00
Daniel P. Berrange
6bb7f19eb1 Fix missing jump to error cleanup in qemuParseCommandLineDisk
In a number of places in qemuParseCommandLineDisk, an error
is reported, but no 'goto error' jump is used. This causes
failure to report OOM conditions to the caller.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-25 15:49:27 +01:00
Daniel P. Berrange
fbf82783e8 Fix leak in qemuParseCommandLineDisk on OOM
If OOM occurs in qemuParseCommandLineDisk some intermediate
variables will be leaked when parsing Sheepdog or RBD disks.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-25 15:49:27 +01:00
Daniel P. Berrange
86139a408d Fix leak on OOM in qemuBuildCommandLine dealing with sound card
The qemuBuildCommandLine code for parsing sound cards will leak
an intermediate variable if an OOM occurs. Move the free'ing of
the variable earlier to avoid the leak.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-25 15:49:27 +01:00
Daniel P. Berrange
a72d25f40f Fix failure to honour OOM status in qemuParseNBDString
In qemuParseNBDString, if the virURIParse fails, the
error is not reported to the caller. Instead execution
falls through to the non-URI codepath causing memory
leaks later on.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-25 15:49:13 +01:00
Daniel P. Berrange
d7e9f9f7e8 Avoid leak in qemuParseRBDString on failure of qemuAddRBDHost
If qemuAddRBDHost fails due to parsing problems or OOM, then
qemuParseRBDString cleanup is skipped causing a memory leak.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-25 15:49:13 +01:00
Daniel P. Berrange
e7b7a2019d Fix leak of address string in qemuDomainPCIAddressGetNextSlot
qemuDomainPCIAddressGetNextSlot has a loop for finding
compatible PCI buses. In the loop body it creates a
PCI address string, but never frees this. This causes
a leak if the loop executes more than one iteration,
or if a call in the loop body fails.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-25 15:49:12 +01:00
Daniel P. Berrange
66f2db7311 Fix leak in virDomainDefParseXML parsing vcpupin
If virBitmapNew fails due to OOM, the 'vcpupin' variable
is leaked.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-25 15:49:12 +01:00
Daniel P. Berrange
d9bae31250 Fix leak in virDomainVcpuPinDefParseXML parsing cpumask
If the virBitmapParse method fails due to OOM, we leak
the 'tmp' variable string.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-25 15:49:12 +01:00
Daniel P. Berrange
1fff45cca9 Avoid leak if virDomainSoundCodecDefParseXML return error
If virDomainSoundCodecDefParseXML returns an error (eg due
to OOM), then the xml nodeset codecNodes is leaked.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-25 15:49:12 +01:00
Daniel P. Berrange
fbf8e1c314 Fix leak in virDomainVcpuPinDefArrayFree
If virDomainVcpuPinDefArrayFree is called with def != NULL,
but nvcpupin == 0, then it leaks memory for 'def'. This is
an unusual scenario, but it hits when cleaning up after an
OOM during parsing of XML.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-25 15:49:12 +01:00
Laine Stump
386ebb47a5 qemu: prefer to put a Q35 machine's dmi-to-pci-bridge at 00:1E.0
This resolves one of the issues listed in:

   https://bugzilla.redhat.com/show_bug.cgi?id=1003983

00:1E.0 is the location of this controller on at least some actual Q35
hardware, so we try to replicate the placement. The bridge should work
just as well in any other location though, so if 00:1E.0 isn't
available, just allow it to be auto-assigned anywhere appropriate.
2013-09-25 10:39:23 -04:00
Laine Stump
c484fe16cb qemu: turn if into switch in qemuDomainValidateDevicePCISlotsQ35
This will make it simpler to add checks for other types of
controllers.

This is a prerequisite for patches to resolve:

   https://bugzilla.redhat.com/show_bug.cgi?id=1003983
2013-09-25 10:38:50 -04:00
Laine Stump
b83d26f6c4 qemu: support ich9-intel-hda audio device
This resolves one of the issues in:

   https://bugzilla.redhat.com/show_bug.cgi?id=1003983

This device is identical to qemu's "intel-hda" device (known as "ich6"
in libvirt), but has a different PCI device ID (which matches the ID
of the hda audio built into the ich9 chipset, of course). It's not
supported in earlier versions of qemu, so it requires a capability
bit.
2013-09-25 10:38:02 -04:00
Laine Stump
8e0dab3a8e qemu: replace multiple strcmps with a switch on an enum
I'm not sure why this code was written to compare the strings that it
had just retrieved from an enum->string conversion, rather than just
look at the original enum values, but this yields the same results,
and is much more efficient (especially as you add more devices).

This is a prerequisite for patches to resolve:

   https://bugzilla.redhat.com/show_bug.cgi?id=1003983
2013-09-25 10:37:33 -04:00
Laine Stump
07af519298 qemu: allow some PCI devices to be attached to PCIe slots
Part of the resolution to:

   https://bugzilla.redhat.com/show_bug.cgi?id=1003983

Although most devices available in qemu area defined as PCI devices,
and strictly speaking should only be attached via a PCI slot, in
practice qemu allows them to be attached to a PCIe slot and sometimes
this makes sense.

For example, The UHCI and EHCI USB controllers are usually attached
directly to the PCIe "root complex" (i.e. PCIe slots) on real
hardware, so that should be possible for a Q35-based qemu virtual
machine as well.

We still want to prefer a standard PCI slot when auto-assigning
addresses, though, and in general to disallow attaching PCI devices
via PCIe slots.

This patch makes that possible by adding a new
QEMU_PCI_CONNECT_TYPE_EITHER_IF_CONFIG flag. Three things are done
with this flag:

1) It is set for the "pcie-root" controller

2) qemuCollectPCIAddress() now has a set of nested switches that set
this "EITHER" flag for devices that we want to allow connecting to
pcie-root when specifically requested in the config.

3) qemuDomainPCIAddressFlagsCompatible() adds this new flag to the
"flagsMatchMask" if the address being checked came from config rather
than being newly auto-allocated by libvirt (this knowledge is
conveniently already available in the "fromConfig" arg).

Now any device having the EITHER flag set can be connected to
pcie-root if explicitly requested, but auto-allocated addresses for
those devices will still be standard PCI slots instead.

This patch only loosens the restrictions on devices that have been
specifically requested, but the setup is such that it should be fairly
easy to add new devices.
2013-09-25 10:36:45 -04:00
Laine Stump
fbd9be484c qemu: eliminate redundant if clauses in qemuCollectPCIAddress
Replace them with switch cases. This will make it more efficient when
we add exceptions for more controller types, and other device types.

This is a prerequisite for patches to resolve:

   https://bugzilla.redhat.com/show_bug.cgi?id=1003983
2013-09-25 10:35:49 -04:00
Laszlo Ersek
51e184e982 bridge driver: don't masquerade local subnet broadcast/multicast packets
Packets sent by guests on virbrN, *or* by dnsmasq on the same, to
- 255.255.255.255/32 (netmask-independent local network broadcast
  address), or to
- 224.0.0.0/24 (local subnetwork multicast range)
are never forwarded, hence it is not necessary to masquerade them.

In fact we must not masquerade them: translating their source addresses or
source ports (where applicable) may confuse receivers on virbrN.

One example is the DHCP client in OVMF (= UEFI firmware for virtual
machines):

  http://thread.gmane.org/gmane.comp.bios.tianocore.devel/1506/focus=2640

It expects DHCP replies to arrive from remote source port 67. Even though
dnsmasq conforms to that, the destination address (255.255.255.255) and
the source address (eg. 192.168.122.1) in the reply allow the UDP
masquerading rule to match, which rewrites the source port to or above
1024. This prevents the DHCP client in OVMF from accepting the packet.

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=709418

Signed-off-by: Laszlo Ersek <lersek@redhat.com>
2013-09-25 08:31:50 -04:00
Laszlo Ersek
ccca5dc3a2 util/viriptables: add/remove rules that short-circuit masquerading
The functions
- iptablesAddForwardDontMasquerade(),
- iptablesRemoveForwardDontMasquerade
handle exceptions in the masquerading implemented in the POSTROUTING chain
of the "nat" table. Such exceptions should be added as chronologically
latest, logically top-most rules.

The bridge driver will call these functions beginning with the next patch:
some special destination IP addresses always refer to the local
subnetwork, even though they don't match any practical subnetwork's
netmask. Packets from virbrN targeting such IP addresses are never routed
outwards, but the current rules treat them as non-virbrN-destined packets
and masquerade them. This causes problems for some receivers on virbrN.

Signed-off-by: Laszlo Ersek <lersek@redhat.com>
2013-09-25 08:24:09 -04:00