Commit Graph

10975 Commits

Author SHA1 Message Date
Eric Blake
63bfc59823 python: don't mask libvirt errors
A user reported this crash when using python bindings:

  File "/home/nox/workspace/NOX/src/NOX/hooks.py", line 134, in trigger
    hook.trigger(event)
  File "/home/nox/workspace/NOX/src/NOX/hooks.py", line 33, in trigger
    self.handlers[event]()
  File "/home/nox/workspace/NOX/hooks/volatility.py", line 81, in memory_dump
    for block in Memory(self.ctx):
  File "/home/see/workspace/NOX/src/NOX/lib/libtools.py", line 179, in next
    libvirt.VIR_MEMORY_PHYSICAL)
  File "/usr/lib/python2.7/dist-packages/libvirt.py", line 1759, in memoryPeek
    ret = libvirtmod.virDomainMemoryPeek(self._o, start, size, flags)
SystemError: error return without exception set

In the python bindings, returning NULL makes python think an
exception was thrown, while returning the None object lets the
wrappers know that a libvirt error exists.

Reported by Nox DaFox, fix suggested by Dan Berrange.

* python/libvirt-override.c (libvirt_virDomainBlockPeek)
(libvirt_virDomainMemoryPeek): Return python's None object, so
wrapper knows to check libvirt error.
2012-08-31 14:31:13 -07:00
Viktor Mihajlovski
277a49bce7 qemu: Support for Block Device IO Limits.
Implementation of iolimits for the qemu driver with
capability probing for block size attribute and
command line generation for block sizes.
Including testcase for qemuxml2argvtest.

Signed-off-by: Viktor Mihajlovski <mihajlov@linux.vnet.ibm.com>
2012-08-31 11:27:47 -07:00
Viktor Mihajlovski
5cc50ad7a4 conf: Support for Block Device IO Limits
Introducing a new iolimits element allowing to override certain
properties of a guest block device like the physical and logical
block size.
This can be useful for platforms with 'non-standard' disk formats
like S390 DASD with its 4K block size.

Signed-off-by: Viktor Mihajlovski <mihajlov@linux.vnet.ibm.com>
2012-08-31 11:27:27 -07:00
Eric Blake
54e99644bf command: shell-quote when logging commands
Without this patch, logged command executions can be ambiguous if
the command contained any shell metacharacters.  This has caused
more than one person to attempt to patch clients to add unnecessary
quoting, without realizing that the command itself was run with
correct args, and only the logged output was ambiguous.

* src/util/command.c (virCommandToString): Add shell escapes.
* tests/commandtest.c (test16): Test new behavior.
* tests/commanddata/test16.log: Update expected output.
* tests/qemuxml2argvdata/qemuxml2argv-*.args: Likewise.
* tests/networkxml2argvdata/*.argv: Likewise.
2012-08-31 08:10:58 -07:00
Peter Krempa
67f83cd497 virsh: remove unneeded usage of vshConnectionUsability()
Now that vshCommandRun() checks for the connection automaticaly, remove
all of the redundant checks in the code.

vshConnectionUsability() no longer needs to be exported and this patch
marks it static.
2012-08-31 16:22:22 +02:00
Peter Krempa
70e608918e virsh: Improve checking for connection when running commands
Almost each virsh command uses the function vshConnectionUsability
before doing anything, to check if the connection is "alive".  Commands
that don't need an conection are already conveniently marked with
VSH_CMD_FLAG_NOCONNECT. We can automaticaly check for the connection
before calling any remote command so we don't forget to do so.

This patch also upgrades the connection check to use virConnectIsAlive
along with the current approach.
2012-08-31 16:22:22 +02:00
Martin Kletzander
b805e3428e qemu: fix remote port searching
After fixing the last review comments on remote port searching (commit
a14b4aea51), the commit right after that
wasn't modified accordingly, therefore two values weren't changed as
they should and the configurable ports don't work as expected.

This simple commit changes last two values missed and fixes the issue.
2012-08-31 16:08:02 +02:00
Osier Yang
c289ebacd6 schemas: Fix wwn pattern
It should be [] instead of ().
2012-08-31 21:49:27 +08:00
Osier Yang
a2145faef9 util: Update the inconsistent and outdated comments
The codes were updated to allow to reset the device as long as
there is no devices/functions behind the same bus. However, the
comments were kept without touched.
2012-08-31 21:48:26 +08:00
Daniel Veillard
383a41657f Release of libvirt-0.10.1
* configure.ac docs/news.html.in libvirt.spec.in: update for release
* po/*.po*: pulled localization updates for sp,ja,mr,pa,uk,zh_CN,zh_TW
  and regenerated
2012-08-31 20:41:06 +08:00
Marcelo Cerri
990e46c454 conf: Avoid formatting auto-generated DAC labels
To avoid backward compatibility issues, this patch suppresses
auto-generated DAC labels from XML. This change affects commands such as
dumpxml and save.

Signed-off-by: Marcelo Cerri <mhcerri@linux.vnet.ibm.com>
2012-08-31 20:14:44 +08:00
Marcelo Cerri
86e205a24f conf: Fix parsing of seclabels without model
With this patch libvirt tries to assign a model to a single seclabel
when model is missing. Libvirt will look up at host's capabilities and
assign the first model to seclabel.

This patch fixes:

1. The problem with existing guests that have a seclabel defined in its XML.
2. A XML parse error when a guest is restored.

Signed-off-by: Marcelo Cerri <mhcerri@linux.vnet.ibm.com>
2012-08-31 20:14:41 +08:00
Viktor Mihajlovski
641d406d27 virsh: fixed incorrect timing report
When executing virsh -t <command> the reported timing was off
by 3 orders of magnitude if the command took more than one
second.

Signed-off-by: Viktor Mihajlovski <mihajlov@linux.vnet.ibm.com>
2012-08-31 20:00:20 +08:00
Jiri Denemark
eac1ab053c virsh: Document subdriver option of attach-disk 2012-08-31 13:30:19 +02:00
Jiri Denemark
774eb45be6 qemu: Don't ignore CPU tuning config if required cgroups are missing
When domain XML contains any of the elements for setting up CPU
scheduling parameters (period, quota, emulator_period, or
emulator_quota) we need cpu cgroup to enforce the configuration.
However, the existing code would just ignore silently such settings if
either cgroups were not available at all cpu cgroup was not available.
Moreover, APIs for manipulating CPU scheduler parameters were already
failing if cpu cgroup was not available. This patch makes cpu cgroup
mandatory for all domains that use CPU scheduling elements in their XML.
2012-08-31 13:24:02 +02:00
Guannan Ren
c3e7245af5 doc: update option force to subcommand change-media
BZ: https://bugzilla.redhat.com/show_bug.cgi?id=837761
2012-08-31 18:17:02 +08:00
Guannan Ren
fccab89def cgroup: fix libvirtd crash caused by messed memory
The variable max_id is initialized again in the step of
getting cpu mapping variable map2. But in the next for loop
we still expect original value of max_id, the bug will
crash libvirtd when using on NUMA machine with big number
of cpus.
2012-08-31 16:45:02 +08:00
Guannan Ren
657fef1401 cgroup: fix a typo on extracting data from vcpu cgroup 2012-08-31 16:40:10 +08:00
Guannan Ren
c402eebc71 cgroup: read more data from cgroup cpuacct.usage_percpu
On NUMA machine, the length of string got from file
cpuacct.usage_percpu is quite large, so expand the
limit of 1024 bytes.

errors like:
Failed to read file \
'/cgroup/cpuacct/libvirt/qemu/rhel6q/cpuacct.usage_percpu': \
Value too large for defined data type
2012-08-31 16:31:30 +08:00
Jiri Denemark
b10ec38d52 docs: Fix typo in CPU tuning 2012-08-31 10:18:28 +02:00
Peter Krempa
f8fbfbc281 doc: Fix emulator pinning example in formatdomain.html
Add correct closing tags.
2012-08-31 09:59:34 +02:00
Stefan Berger
4021b85fce nwfilter: adapt IP learning for broadcasted DHCP replies
Adapt the IP learning code to also accept broadcasted DHCP replies
2012-08-31 11:41:30 +08:00
Stefan Berger
c828a746fa nwfilter: accept broadcasted DHCP replies in DHCP snooping code
Some DHCP servers send their DHCP replies to the broadcast MAC address
rather than to the MAC address of the VM. The existing DHCP snooping
code assumes that the reply always goes to the MAC address of the VM
thus filtering the traffic of some DHCP servers' replies.

The below patch adapts the code to

1) filter DHCP replies by comparing the MAC address in the reply against
   the MAC address of the VM (held in the snoop request)

2) adapts the pcap filter for traffic towards the VM to accept DHCP replies
   sent to any MAC address; for further filtering we rely on 1)

3) creates initial rules that are active while waiting for DHCP replies;
   these rules now accept DHCP replies to the VM's MAC address or to the
   MAC broadcast address
2012-08-31 11:41:26 +08:00
Stefan Berger
46b2cafb25 Implement virMacAddrIsBroadcastRaw
Add function for testing for Ethernet broadcast address
2012-08-31 11:41:23 +08:00
Kyle Mestery
7b9d55e629 Fix adding ports to OVS bridges without VLAN tags
The introduction of the new VLAN code, along with the fix
from 5e465df6be, caused the
addition of OVS ports to fail with the following message:

ovs-vsctl: 00002|vsctl|ERR|: missing column name

This fix takes into account the VLAN arguments are optional,
and correctly sets up the command line to run the "ovs-vsctl"
command to add ports to the OVS bridge.

Signed-off-by: Kyle Mestery <kmestery@cisco.com>
CC: Eric Blake <eblake@redhat.com>
2012-08-31 10:57:00 +08:00
Jim Fehlig
f781e27653 Fix xen driver following changes to make it stateful
Recent work to improve support for loadable driver modules introduced
a regression in the xen driver.  The legacy xen driver is now a
stateful, libvirtd driver but was not being registered when building
without driver modules.

A slight behavior change was also noted in the xen drivers when
built as driver modules.  Previously, explicitly specifying a
connection URI was not necessary, but now

Compiled against library: libvirt 0.10.0
Using library: libvirt 0.10.0
Using API: QEMU 0.10.0
error: failed to get the hypervisor version
error: internal error Cannot find suitable emulator for x86_64

The xen drivers need to be registered before the qemu driver since
the qemu driver will return success with a null connection URI.
This ordering is safe since the xen drivers will decline when not
running the xen kernel.
2012-08-31 10:28:55 +08:00
Nishank Trivedi
3044433f29 Fix issue of PF brought down if VF is 8021.Qbh and pci passthrough
If a 8021.Qbh network device supports SRIOV and its VF is being used
in pci passthrough mode, when the guest is shutdown or destroyed, the
PF inteface is also brought down. qemuDomainHostdevNetConfigRestore()
finds out the PF for provided hostdev (which is VF) and passes it to
virNetDevPortProfileDisassociate() as linkdev. Later, linkdev gets passed
to virNetDevSetOnline() where the interface is brought down by clearing
IFF_UP flag.

Bringing down a PF, when only VF is being brought down is not expected
behavior. This patch adds a check so that virNetDevSetOnline() is called
only for PF and not if device is a VF.

Signed-off-by: Nishank Trivedi <nistrive@cisco.com>
2012-08-30 15:27:27 -04:00
Stefan Berger
9e995c9a23 nwfilter: loop generated too many rules
The loop processing the trusted DHCP server generated one too
many rules and added one final rules that accepted responses
from all DHCP servers. Below patch fixes this.
2012-08-30 13:51:27 -04:00
Peter Krempa
1497e36db9 security: Re-apply commit ce53382ba2
Recent changes in the security driver discarded changes that fixed
labeling un-confined guests.
2012-08-30 16:45:38 +02:00
Peter Krempa
077e7bf51f vcpupin: Fix returning of arrays from virDomainVcpuPinAdd
virDomainVcpuPinAdd does a realloc on vcpupin_list if the new vcpu pin
definition doesn't fit into the array. The list is an array of pointers
but the function definition didn't support returning the changed pointer
to the caller if it was realloced. This caused segfaults if realloc
would change the base pointer.
2012-08-30 16:45:38 +02:00
Peter Krempa
40dfb52517 qemu: Fix possible infinite loop and segfault on error path.
virDomainVcpuPinDefCopy when the control flow reaches out of memory
cleanup code, the flow would end in a infinite loop as the loop variable
wasn't decremented.

Also a dereference of NULL pointers was possible if allocation of the
Vcpu pinning definiton structure failed.
2012-08-30 16:45:38 +02:00
Peter Krempa
46514ff752 qemu: Clean up security driver initialisation and config file
Commit d0c0e79ac6 left behind some dead
code (hasDAC can't be efectively set to true, because
virSecurityManagerNew fails to load the "dac" driver).

This patch also enhances the condition for adding the default
auto-detected security manager if the manager array is allocated but
empty.

Also the configuration file for qemu driver still contains reference to
the DAC driver that can't be enabled manualy.
2012-08-30 16:45:38 +02:00
Jiri Denemark
7444ccce4c qemu: Revert to blocking behavior of qemuAgentCommand
Before commit 05447e3af4, qemuAgentCommand
blocked until it got a reply or appropriate event. When new parameter
was added to qemuAgentCommand in the above commit, all existing callers
of it were updated in a wrong way changing them from blocking to
5-seconds timeout.
2012-08-30 16:27:00 +02:00
Jiri Denemark
e360a96067 qemu: Remove redundant parameter from qemuAgentSend
The @timeout parameter of qemuAgentSend is both redundant and confusing.
This patch should not result in any functional changes.
2012-08-30 16:26:59 +02:00
Laine Stump
b3bd5d6c5a network: get vlan info for Open vSwitch interfaces from proper source
This bug was revealed by the crash described in

  https://bugzilla.redhat.com/show_bug.cgi?id=852383

The vlan info pointer sent to virNetDevOpenvswitchAddPort should never
be non-NULL unless there is at least one tag. The factthat such a vlan
info pointer was receveid pointed out that a caller was passing the
wrong pointer. Instead of sending &net->vlan, the result of
virDomainNetGetActualVlan(net) should be sent - that function will
look for vlan info in net->data.network.actual->vlan, and in cany case
return NULL instead of a pointer if the vlan info it finds has no
tags.

Aside from causing the crash, sending a hardcoded &net->vlan has the
effect of ignoring vlan info from a <network> or <portgroup> config.
2012-08-30 18:05:18 +08:00
Daniel Veillard
3219cc3292 Small cleanup on previous patch
As pointed by Eric Blake
2012-08-30 15:18:02 +08:00
Kyle Mestery
5e465df6be Fix a crash when using Open vSwitch virtual ports
Fixup buffer usage when handling VLANs. Also fix the logic
used to determine if the virNetDevVlanPtr is valid or not.
Fixes crashes in the latest code when using Open vSwitch
virtualports.

Signed-off-by: Kyle Mestery <kmestery@cisco.com>
2012-08-30 13:48:52 +08:00
Osier Yang
20b780aec9 qemu: Sort the numa params only when it affects the live config
As the next boot doesn't have to worry about the previous numa
params setting (there is no).
2012-08-30 12:29:56 +08:00
Daniel P. Berrange
d0c0e79ac6 Fix configuration of QEMU security drivers
If no 'security_driver' config option was set, then the code
just loaded the 'dac' security driver. This is a regression
on previous behaviour, where we would probe for a possible
security driver. ie default to SELinux if available.

This changes things so that it 'security_driver' is not set,
we once again do probing. For simplicity we also always
create the stack driver, even if there is only one driver
active.

The desired semantics are:

 - security_driver not set
     -> probe for selinux/apparmour/nop
     -> auto-add DAC driver
 - security_driver set to a string
     -> add that one driver
     -> auto-add DAC driver
 - security_driver set to a list
     -> add all drivers in list
     -> auto-add DAC driver

It is not allowed, or possible to specify 'dac' in the
security_driver config param, since that is always
enabled.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-08-30 11:36:28 +08:00
Peter Krempa
eb8e9b6027 qemu: Refactor initialisation of security drivers.
The security driver loading code in qemu has a flaw that causes it to
register the DAC security driver twice. This causes problems (machines
unable to start) as the two DAC drivers clash together.

This patch refactors the code to allow loading the DAC driver even if
its specified in configuration (it can't be registered as a common
security driver), and does not add the driver twice.
2012-08-29 16:18:41 +02:00
Peter Krempa
ba150e5504 Revert "security: Add DAC to security_drivers"
This reverts commit 9f9b7b85c9.

The DAC security driver needs special handling and extra parameters and
can't just be added to regular security drivers.
2012-08-29 16:18:41 +02:00
Jiri Denemark
0c7cca36e7 qemu: Fix starting domains with no cpu cgroup
If cgroups are enabled in general but cpu cgroup is disabled in
qemu.conf or not mounted at all, libvirt would refuse to start any
domain even though scheduler parameters are not set in domain XML.

This patch makes cpu cgroup mandatory only for domains that actually
want to use it.
2012-08-29 16:13:38 +02:00
Alex Jia
95c61007e7 security: remove dead code from virSecurityDACGenLabel
* src/security/security_dac.c: remove useless dead code.

Signed-off-by: Alex Jia <ajia@redhat.com>
2012-08-29 18:25:57 +08:00
Daniel Veillard
6540efa40d Release of libvirt-0.10.0
* configure.ac docs/news.html.in libvirt.spec.in: updates for the release
* po/*.po*: update localizations for zh_CN, uk, ja, pt_BR, as, sp, mr, zh_TW
2012-08-29 12:00:36 +08:00
Peter Krempa
f33dfffc41 nwfilter: Don't try to acquire DBus context when DBus is disabled
To silence error if DBus support is not compiled in.
2012-08-29 12:00:23 +08:00
Guido Günther
2a41bc95b5 Don't require gawk for a simple print expression
Fedora uses gawk as awk so there's no change and in behavior while
Debian/Ubuntu use mawk by default.

This was reported by Luca Capello in
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=636712
2012-08-29 12:00:03 +08:00
Alex Jia
83b85e3e8f util: Prevent libvirtd crash from virNetDevOpenvswitchAddPort()
* src/util/virnetdevopenvswitch.c (virNetDevOpenvswitchAddPort): avoid libvirtd
crash due to derefing a NULL virtVlan->tag.

RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=852383

Signed-off-by: Alex Jia <ajia@redhat.com>
2012-08-29 11:04:42 +08:00
Osier Yang
6fd1708fad qemu: Set placement when setting numa parameters
To keep the internal data structure consistent.
2012-08-29 09:45:28 +08:00
Daniel Veillard
d3bbe33880 Portability fixes for non-linux or old linux platforms
The commits d575679401 and
080bf330e3 made use directly of
macro defined in recent linux netlink version. Make those
part conditional on the definition

* daemon/libvirtd.c: do not use NETLINK_ROUTE and NETLINK_KOBJECT_UEVENT
  without some check first
2012-08-29 09:21:38 +08:00
Peter Krempa
f2f0af3960 security_dac: Don't return uninitialised uid and gid for image labels
As in the previous commit, images are also chowned to uninitialised
uid and gid if the label is not present.
2012-08-29 01:31:30 +02:00