One functionality change here is that we no longer force enable the event
timeout for every queued event, only enable it for the first event after
the queue has been flushed. This is how other drivers have already done it,
and I haven't encountered problems in practice.
v3:
Adjust for new virDomainEventStateNew argument
The same code for queueing, flushing, and deregistering events exists
in multiple drivers, which will soon use these common functions.
v2:
Adjust libvirt_private.syms
isDispatching bool fixes
NONNULL tagging
v3:
Add requireTimer parameter to virDomainEventStateNew
This structure will be used to unify lots of duplicated event handling code
across the state drivers.
v2:
Check for state == NULL in StateFree
Add NONNULL tagging
Use bool for isDispatching
Signed-off-by: Cole Robinson <crobinso@redhat.com>
Use capabilities to allow a driver to register a default <init> if none
is specified in the XML. Openvz was already open-coding this to be /sbin/init
LXC currently falls over if no init is specified, so an explicit error is
an improvement IMO.
(Side note: I don't think we can set a default value for LXC. If we use
/sbin/init but the user doesn't specify a separate root FS for their guest,
the container will rerun the host's init which can be traumatic :). For
virt-install I'm thinking of defaulting to /sbin/init if a root FS has
been specified, otherwise require the user to manually specify <init>)
This is needed if we want to transfer a temporary file. If the
transfer is done with iohelper, we might run into a race condition,
where we unlink() file before iohelper is executed.
* src/fdstream.c, src/fdstream.h,
src/util/iohelper.c: Add new option
* src/lxc/lxc_driver.c, src/qemu/qemu_driver.c,
src/storage/storage_driver.c, src/uml/uml_driver.c,
src/xen/xen_driver.c: Expand existing function calls
Add public API for taking screenshots of current domain console.
* include/libvirt/libvirt.h.in: add virDomainScreenshot
* src/libvirt_public.syms: Export new symbol
The public API and RPC over-the-wire format have no flags argument,
so neither should the internal callback API. This simplifies the
RPC generator.
* src/driver.h (virDrvNWFilterDefineXML): Drop argument that does
not match public API.
* src/nwfilter/nwfilter_driver.c (nwfilterDefine): Likewise.
* src/libvirt.c (virNWFilterDefineXML): Likewise.
* daemon/remote_generator.pl: Drop special case.
We were 31/73 on whether to translate; since less than 50% translated
and since VIR_INFO is less than VIR_WARN which also doesn't translate,
this makes sense.
* cfg.mk (sc_prohibit_gettext_markup): Add VIR_INFO, since it
falls between WARN and DEBUG.
* daemon/libvirtd.c (qemudDispatchSignalEvent, remoteCheckAccess)
(qemudDispatchServer): Adjust offenders.
* daemon/remote.c (remoteDispatchAuthPolkit): Likewise.
* src/network/bridge_driver.c (networkReloadIptablesRules)
(networkStartNetworkDaemon, networkShutdownNetworkDaemon)
(networkCreate, networkDefine, networkUndefine): Likewise.
* src/qemu/qemu_driver.c (qemudDomainDefine)
(qemudDomainUndefine): Likewise.
* src/storage/storage_driver.c (storagePoolCreate)
(storagePoolDefine, storagePoolUndefine, storagePoolStart)
(storagePoolDestroy, storagePoolDelete, storageVolumeCreateXML)
(storageVolumeCreateXMLFrom, storageVolumeDelete): Likewise.
* src/util/bridge.c (brProbeVnetHdr): Likewise.
* po/POTFILES.in: Drop src/util/bridge.c.
This one's tricker than the VIR_DEBUG0() removal, but the end
result is still C99 compliant, and reasonable with enough comments.
* src/libvirt.c (VIR_ARG10, VIR_HAS_COMMA)
(VIR_DOMAIN_DEBUG_EXPAND, VIR_DOMAIN_DEBUG_PASTE): New macros.
(VIR_DOMAIN_DEBUG): Rewrite to handle one argument, moving
multi-argument guts to...
(VIR_DOMAIN_DEBUG_1): New macro.
(VIR_DOMAIN_DEBUG0): Rename to VIR_DOMAIN_DEBUG_0.
Use of ',##__VA_ARGS__' is a gcc extension not guaranteed by
C99; thankfully, we can avoid it by lumping the format argument
into the var-args set.
* src/util/logging.h (VIR_DEBUG_INT, VIR_INFO_INT, VIR_WARN_INT)
(VIR_ERROR_INT, VIR_DEBUG, VIR_INFO, VIR_WARN, VIR_ERROR): Stick
to C99 var-arg macro syntax.
* examples/domain-events/events-c/event-test.c (VIR_DEBUG):
Simplify.
These VIR_XXXX0 APIs make us confused, use the non-0-suffix APIs instead.
How do these coversions works? The magic is using the gcc extension of ##.
When __VA_ARGS__ is empty, "##" will swallow the "," in "fmt," to
avoid compile error.
example: origin after CPP
high_level_api("%d", a_int) low_level_api("%d", a_int)
high_level_api("a string") low_level_api("a string")
About 400 conversions.
8 special conversions:
VIR_XXXX0("") -> VIR_XXXX("msg") (avoid empty format) 2 conversions
VIR_XXXX0(string_literal_with_%) -> VIR_XXXX(%->%%) 0 conversions
VIR_XXXX0(non_string_literal) -> VIR_XXXX("%s", non_string_literal)
(for security) 6 conversions
Signed-off-by: Lai Jiangshan <laijs@cn.fujitsu.com>
If we plow on after udev_device_get_syspath fails, we will hit a NULL
dereference. Clang found one due to strdup later in udevSetParent,
but in fact we hit a NULL dereference sooner because of the use of
STREQ within virNodeDeviceFindBySysfsPath.
* src/conf/node_device_conf.h (virNodeDeviceFindBySysfsPath): Mark
path argument non-null.
* src/node_device/node_device_udev.c (udevSetParent): Avoid null
dereference.
No syntactic effect; this merely silences some clang warnings.
* src/libxl/libxl_driver.c (libxlDomainSetVcpusFlags): Drop
redundant ret=0 statement.
* src/qemu/qemu_monitor_text.c (qemuMonitorTextDriveDel):
Likewise.
Introduce a virProcessKill function that can be safely called
even when the job mutex is held. This allows virDomainDestroy
to kill any VM even if it is asleep in a monitor job. The PID
will die and the thread asleep on the monitor will then wake
up releasing the job mutex.
* src/qemu/qemu_driver.c: Kill process before using qemuProcessStop
to ensure job is released
* src/qemu/qemu_process.c: Add virProcessKill for killing off
QEMU processes
Version 2.0.0 or yajl changed API. It is fairly trivial for us to
cope with both APIs in libvirt, so adapt.
* configure.ac: Probe for yajl2 API
* src/util/json.c: Conditional support for yajl2 API
libxl accepts hpet configuration in its domain info struct. Parse the
domain definition's <clock> element in order to set the value.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Apologies from Eric Blake, for mistakenly committing the broken
intermediate version.
libxl accepts hpet configuration in its domain info struct. Parse the
domain definition's <clock> element in order to set the value.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Recent versions of Xen disable the virtual HPET by default. This is
usually more precise because tick policies are not implemented for
the HPET in Xen. However, there may be several reasons to control
the HPET manually: 1) to test the emulation; 2) because distros may
provide the knob while leaving the default to "enabled" for compatibility
reasons.
This patch provides support for the hpet item in both sexpr and xm
formats, and translates it to a <timer> element.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Allow the CA certificate to come from the user's home directory or from
the global location independently of the client certificate/key pair.
Mostly for the case when each user on a system has their own cert/key
pair but the system as a whole shares the same CA.
Signed-off-by: Doug Goldstein <cardoe@gentoo.org>
This matches the public API and helps to get rid of some special
case code in the remote generator.
Rename driver API functions and XDR protocol structs.
No functional change included outside of the remote generator.
Actually execs the argv/env we've generated, replacing the current process.
Kind of has a limited usage, but allows us to use virCommand in LXC
driver to launch the 'init' process
assert() is forbidden in libvirt code, and these two cases would
in fact never execute due to earlier error checks.
* src/libvirt.c: Remove assert() usage
Noticed this while trying to run rpcgen on cygwin.
* src/Makefile.am ($(srcdir)/remote/%_protocol.h)
($(srcdir)/remote/%_protocol.c): Add a dependency.
Stop storing the generated files for the remote protocol client
and server in source control. The generated files will still be
included in the result of 'make dist' to avoid end-users needing
to generate the files
Signed-off-by: Eric Blake <eblake@redhat.com>
Unfortunately, this means that the strings marked for translation
in generated files are not picked up by gnulib's syntax-check,
I'm working on fixing that in gnulib.
* .gitignore, cfg.mk, po/POTFILES.in: Reflect deletion.
Always generate the rpc files, and require rpcgen during bootstrap.
* daemon/Makefile.am: Removed generated files with
maintainer-clean target
* src/Makefile.am: Removed generated files with
maintainer-clean target. Always run 'rpcgen' if
generated files are missing
In preparation for removing generated files, it is necessary
to tell automake that the generated files must be distributed
but not directly compiled (since they are included into the
body of a larger .c file that is compiled). Hence, even though
these files are code and not headers in the strict sense of
the word, it is easier to rename them to .h for automake's sake.
* daemon/remote_client_bodies.c: Rename to .h.
* daemon/qemu_client_bodies.c: Likewise.
* src/remote/remote_client_bodies.c: Likewise.
* src/remote/qemu_client_bodies.c: Likewise.
* daemon/Makefile.am (remote_dispatch_bodies.c)
(qemu_dispatch_bodies.c): Rename to .h.
(remote.c, EXTRA_DIST): Reflect rename.
* daemon/remote.c: Likewise.
* daemon/remote_generator.pl: Likewise.
* src/Makefile.am (remote/remote_driver.c): Likewise.
* src/remote/remote_driver.c: Likewise.
* po/POTFILES.in: Likewise.
* cfg.mk (exclude_file_name_regexp--sc_require_config_h)
(exclude_file_name_regexp--sc_require_config_h_first)
(exclude_file_name_regexp--sc_prohibit_empty_lines_at_EOF):
Likewise.
This patch just covers the simple functions without explicit return
values. There is more to be handled.
The generator collects the members of the XDR argument structs and uses
this information to generate the function bodies.
Exclude the generated files from offending syntax-checks.
Suggested by Richard W.M. Jones
Creating a domU on a freshly booted dom0 does not work,
because the libxl driver does not allocate memory for the domU.
After creating a domain with xl libvirt is able to create domains too.
This patch reserves enough memory for the domU first.
Users often edit XML file stored in configuration directory
thinking of modifying a domain/network/pool/etc. Thus it is wise
to let them know they are using the wrong way and give them hint.
When setting up a FIFO for QEMU, it allows either a pair
of fifos used unidirectionally, or a single fifo used
bidirectionally. Look for the bidirectional fifo first
when labelling since that is more useful
* src/security/security_dac.c,
src/security/security_selinux.c: Fix fifo handling
As well as taint warnings going to the main libvirt log,
add taint warnings to the per-domain logfile
Domain id=3 is tainted: high-privileges
Domain id=3 is tainted: disk-probing
Domain id=3 is tainted: shell-scripts
Domain id=3 is tainted: custom-monitor
* src/qemu/qemu_domain.c, src/qemu/qemu_domain.h: Enhance
qemuDomainTaint to also log to the domain logfile
* src/qemu/qemu_driver.c: Pass -1 for logFD to taint methods to
auto-append to logfile
* src/qemu/qemu_process.c: Pass open logFD at startup for taint
methods
The qemuDomainAppendLog method allows writing a formatted string
to the end of the domain logfile, optionally opening it if needed.
* src/qemu/qemu_domain.c, src/qemu/qemu_domain.h: Add
qemuDomainAppendLog
Move the qemuProcessLogReadFD and qemuProcessLogFD methods
into qemu_domain.c, renaming them to qemuDomainCreateLog
and qemuDomainOpenLog.
* src/qemu/qemu_domain.c, src/qemu/qemu_domain.h: Add
qemuDomainCreateLog and qemuDomainOpenLog.
* src/qemu/qemu_process.c: Remove qemuProcessLogFD
and qemuProcessLogReadFD
Wire up logging of VM tainting to the QEMU driver
- If running QEMU as root user/group or without capabilities
being cleared
- If passing custom QEMU command line args
- If issuing custom QEMU monitor commands
- If using a network interface config with an associated
shell script
- If using a disk config relying on format probing
The warnings, per-VM appear in the main libvirtd logs
11:56:17.571: 10832: warning : qemuDomainObjTaint:712 : Domain id=1 name='l2' uuid=c7a3edbd-edaf-9455-926a-d65c16db1802 is tainted: high-privileges
11:56:17.571: 10832: warning : qemuDomainObjTaint:712 : Domain id=1 name='l2' uuid=c7a3edbd-edaf-9455-926a-d65c16db1802 is tainted: disk-probing
The taint flags are reset when the VM is stopped.
* src/qemu/qemu_domain.c, src/qemu/qemu_domain.h: Helper APIs
for logging taint warnings
* src/qemu/qemu_driver.c: Log tainting with custom QEMU monitor
commands and disk/net hotplug with unsupported configs
* src/qemu/qemu_process.c: Log tainting at startup based on
unsupported configs
Some configuration setups for guests are allowed, but strongly
discouraged and unsupportable in production systems. Introduce
a concept of 'tainting' to virDomainObjPtr to allow such setups
to be identified. Drivers can then log warnings at suitable
times
* src/conf/domain_conf.c, src/conf/domain_conf.h: Declare taint
flags and add parsing/formatting of domain status XML
Print the name of the CA cert, certificate, and key file that resulted
in the failure so that the user has an idea what to troubleshoot.
Signed-off-by: Doug Goldstein <cardoe@gentoo.org>
Match the fact that we have virAsprintf and virVasprintf.
* src/util/buf.h (virBufferVasprintf): New prototype.
* src/util/buf.c (virBufferAsprintf): Move guts...
(virBufferVasprintf): ...to new function.
* src/libvirt_private.syms (buf.h): Export it.
* bootstrap.conf (gnulib_modules): Add stdarg, for va_copy.
We already have virAsprintf, so picking a similar name helps for
seeing a similar purpose. Furthermore, the prefix V before printf
generally implies 'va_list', even though this variant was '...', and
the old name got in the way of adding a new va_list version.
global rename performed with:
$ git grep -l virBufferVSprintf \
| xargs -L1 sed -i 's/virBufferVSprintf/virBufferAsprintf/g'
then revert the changes in ChangeLog-old.
The qemuMigrationToFile method was accidentally annotated for
the 'compressor' parameter to be non-null, instead of the
'path' parameter. Thus GCC with -O2, unhelpfully deleted the
entire 'if (compressor == NULL)' block of code during
optimization. Thus NULL was passed to virCommandNew() with
predictably bad results.
* src/qemu/qemu_migration.h: Fix non-null annotation to be
against path instead of compressor
To cope with the QEMU binary being changed while a VM is running,
it is neccessary to persist the original qemu capabilities at the
time the VM is booted.
* src/qemu/qemu_capabilities.c, src/qemu/qemu_capabilities.h: Add
an enum for a string rep of every capability
* src/qemu/qemu_domain.c, src/qemu/qemu_domain.h: Support for
storing capabilities in the domain status XML
* src/qemu/qemu_process.c: Populate & free QEMU capabilities at
domain startup
Add missing early exits and convert error logging to proper API level
error reporting.
Centralize cleanup code for the PerfQuerySpec object.
Reported by Eric Blake, detected by clang.
The ++ on preliminaryFileName was a left over from a previous version
of this function that explicitly returned the filename and did a strdup
on preliminaryFileName afterwards.
As the filename isn't returned explicitly anymore remove the preliminary
variable for it and reuse the tmp variable instead.
Reported by Eric Blake, detected by clang.
Clang warned about a dead assignment. In the process, I noticed
that we are only using the function for a bool value. I audited
all other callers in qemu_{migration,cgroup,driver,hotplug), and
all were making the call in a bool context.
Also, do bounds checking on the argument.
* src/qemu/qemu_cgroup.c (qemuSetupCgroup): Delete dead
assignment.
(qemuCgroupControllerActive): Change return type to bool.
* src/qemu/qemu_cgroup.h (qemuCgroupControllerActive): Likewise.