Commit Graph

688 Commits

Author SHA1 Message Date
Nikunj A. Dadhania
d390fce413 XML parsing for memory tunables
Adding parsing code for memory tunables in the domain xml file
also change the internal define structures used for domain memory
informations
Adds a new specific test
2010-10-12 19:26:09 +02:00
Nikunj A. Dadhania
0cd7823271 Adding virDomainSetMemoryParameters and virDomainGetMemoryParameters API
Public api to set/get memory tunables supported by the hypervisors.

dv:
* some cleanups in libvirt.c
* adding extra checks in libvirt.c new entry points

v4:
* Move exporting public API to this patch
* Add unsigned int flags to the public api for future extensions

v3:
* Add domainGetMemoryParamters and NULL in all the driver interface

v2:
* Initialize domainSetMemoryParameters to NULL in all the driver
  interface structure.
2010-10-12 19:26:09 +02:00
Guido Günther
2ae5086c97 Return a suitable error message if we can't find a matching emulator 2010-10-12 09:07:53 +02:00
Daniel P. Berrange
48ab20999f Fix off-by-1 in QEMU boot arg array handling
A QEMU guest can have upto VIR_DOMAIN_BOOT_LAST boot entries
defined. When building the QEMU arg, each entry takes a
single byte. This means the array must be declared to be
VIR_DOMAIN_BOOT_LAST+1 bytes in length to allow for the
trailing null

* src/qemu/qemu_conf.c: Fix off-by-1 boot arg array size
2010-09-10 11:14:01 +01:00
Luiz Capitulino
e70880c51b qemu: qemuMonitorJSONEjectMedia(): Fix arguments' type
QMP in QEMU 0.13 has been fixed to enforce type correctness,
this means that boolean types must be true or false, not
integers.

Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
2010-09-09 16:29:40 -06:00
Luiz Capitulino
ffefe5fb86 qemu: qemuMonitorJSONMigrate(): Fix arguments' type
QMP in QEMU 0.13 has been fixed to enforce type correctness,
this means that boolean types must be true or false, not
integers.

Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
2010-09-09 16:29:27 -06:00
Soren Hansen
efe4e210b8 Rename qemudShrinkDisks to virDomainDiskRemove and move to domain_conf.c
Other drivers will need this same functionality, so move it to up to
conf/domain_conf.c and give it a more general name.

Signed-off-by: Soren Hansen <soren@linux2go.dk>
2010-08-24 20:17:48 +02:00
Daniel P. Berrange
6e44ec7a91 Add support for -enable-kqemu flag
Previously QEMU enabled KQEMU by default and had -no-kqemu.
0.11.x switched to requiring -enable-kqemu. 0.12.x dropped
kqemu entirely. This patch adds support for -enable-kqemu
so 0.11.x works. It replaces a huge set of if() with a
switch() to make the code a bit more readable.

* src/qemu/qemu_conf.c, src/qemu/qemu_conf.h: Support
  -enable-kqemu
2010-08-23 14:10:15 +01:00
Jiri Denemark
7fb3435186 qemu: Remove code duplication
We already filled the PCI address structure when we checked whether it's
free or not, so let's just use the structure here instead of filling it
again.
2010-08-20 16:26:28 +02:00
Jiri Denemark
1208e6e488 qemu: Check for errors when converting PCI address to string 2010-08-20 16:26:28 +02:00
Jiri Denemark
72c791e430 qemu: Fix JSON migrate_set_downtime command 2010-08-20 16:26:28 +02:00
Eric Blake
4b93002358 build: delete dead comments
* src/qemu/qemu_driver.c (qemudGetProcessInfo): Clean up.
* src/uml/uml_driver.c (umlGetProcessInfo): Likewise.
* src/xen/sexpr.c (_string2sexpr): Likewise.
2010-08-19 16:09:46 -06:00
Chris Lalancette
4303c91cc3 Fix up qemu domain save/managed save locking.
The current version of the qemu managed save implementation
is subject to a race where the domain shuts down between
the time that we start the command and the time that we
actually try to do the save.  Close this race by making
qemuDomainSaveFlags() expect both the driver and the passed-in
vm object to be locked before executing.

Signed-off-by: Chris Lalancette <clalance@redhat.com>
2010-08-17 16:18:49 -04:00
Jiri Denemark
0a5f3ae0c6 qemu: Fix copy&paste error in warning message
This also makes the message consistent with the message used in error
path of qemudDomainAttachHostPciDevice.
2010-08-16 21:37:13 +02:00
Jiri Denemark
5afec51730 qemu: Release PCI slot when detaching disk and net devices 2010-08-16 21:36:59 +02:00
Jiri Denemark
4f86613ba1 qemu: Re-reserve all PCI addresses on libvirtd restart
When reconnecting to existing VMs, we re-reserved only those PCI
addresses which were explicitly mentioned in domain XML. Since some
addresses are always reserved (e.g., 0:0:0 and 0:0:1), we need to handle
those too.

Also all this should only be done if device flag is supported by qemu.
2010-08-16 21:36:53 +02:00
Stefan Berger
cf6f8b9a97 nwfilter: extend nwfilter reload support
In this patch I am extending and fixing the nwfilter module's reload support to stop all ongoing threads (for learning IP addresses of interfaces) and rebuild the filtering rules of all interfaces of all VMs when libvirt is started. Now libvirtd rebuilds the filters upon the SIGHUP signal and libvirtd restart.

About the patch: The nwfilter functions require a virConnectPtr. Therefore I am opening a connection in qemudStartup, which later on needs to be closed outside where the driver lock is held since otherwise it ends up in a deadlock due to virConnectClose() trying to lock the driver as well.

I have tested this now for a while with several machines running and needing the IP address learner thread(s). The rebuilding of the firewall rules seems to work fine following libvirtd restart or a SIGHUP. Also the termination of libvirtd worked fine.
2010-08-16 12:59:54 -04:00
Chris Lalancette
e80f1a7e3f Move the tunnelled migration unix socket to /var/lib/libvirt/qemu
Since the qemu process is running as qemu:qemu, it can't actually
look at the unix socket in /var/run/libvirt/qemu which is owned by
root and has permission 700.  Move the unix socket to
/var/lib/libvirt/qemu, which is already owned by qemu:qemu.

Thanks to Justin Clift for test this out for me.

Signed-off-by: Chris Lalancette <clalance@redhat.com>
2010-08-13 08:39:53 -04:00
Chris Lalancette
a2f0b6b81d Fix tunnelled migration with qemu running as qemu:qemu.
The problem is that on the source of the migration, libvirtd
is responsible for creating the unix socket over which the data
will flow.  Since libvirtd is running as root, this file will
be created as root.  When the qemu process running as qemu:qemu
goes to access the unix file to write data to it, it will get
permission denied and fail.  Make sure to change the owner
of the unix file to qemu:qemu.

Thanks to Justin Clift for testing this patch out for me.

Signed-off-by: Chris Lalancette <clalance@redhat.com>
2010-08-13 08:39:46 -04:00
Daniel Veillard
986c208695 qemu: avoid calling the balloon info command if disabled
Basically a followup of the previous patch about balloon desactivation
if desactivated, to not ask for balloon information to qemu as we will
just get an error back.
 This can make a huge difference in the time needed for domain
information or list when a machine is loaded, and balloon has been
desactivated in the guests.

* src/qemu/qemu_driver.c: do not get the balloon info if the balloon
  suppor is disabled
2010-08-12 18:32:16 +02:00
Daniel Veillard
79c27a620a allow memballoon type of none to desactivate it
The balloon device is automatically added to qemu guests if supported,
but it may be useful to desactivate it. The simplest to not change the
existing behaviour is to allow
  <memballoon type="none"/>
as an extra option to desactivate it (it is automatically added if the
memballoon construct is missing for the domain).
The following simple patch just adds the extra option and does not
change the default behaviour but avoid creating a balloon device if
type="none" is used.

* docs/schemas/domain.rng: add the extra type attribute value
* src/conf/domain_conf.c src/conf/domain_conf.h: add the extra enum
  value
* src/qemu/qemu_conf.c: if enum is NONE, don't activate the device,
  i.e. don't pass the args to qemu/kvm
2010-08-11 11:28:17 +02:00
Jiri Denemark
d1e5676c0d qemu: Hack around asynchronous device_del
device_del command is not synchronous for PCI devices, it merely asks
the guest to release the device and returns. If the host wants to use
that device before the guest actually releases it, we are in big
trouble. To avoid this, we already added a loop which waits up to 10
seconds until the device is actually released before we do anything else
with that device. But we only added this loop for managed PCI devices
before we try reattach them back to the host.

However, we need to wait even for non-managed devices. We don't reattach
them automatically, but we still want to prevent the host from using it.
This was revealed thanks to sVirt: when we relabel sysfs files
corresponding to the PCI device before the guest finished releasing the
device, qemu is no longer allowed to access those files and if it wants
(as a result of guest's request) to write anything to them, it just
exits, which kills the guest.

This is not a proper fix and needs some further work both on libvirt and
qemu side in the future.
2010-08-10 16:59:49 +02:00
Doug Goldstein
0890a70a19 Fix return value usage
Fix the error checking to use the return value from brAddTap() instead
of checking the current errno value which might have been changed by
clean up calls inside of brAddTap().

Signed-off-by: Doug Goldstein <cardoe@gentoo.org>
2010-08-05 17:05:16 -06:00
Doug Goldstein
bcc8b58be3 qemu: improve error if tun device is missing
Added a more detailed error message when adding a tap devices fails and
the kernel is missing tun support.

Signed-off-by: Doug Goldstein <cardoe@gentoo.org>
2010-08-05 17:04:38 -06:00
Daniel Veillard
634ea3faae Do not use boot=on on IDE device
the followup on the boot=on problem, basically it's not needed to
specify it when booting out of IDE devices when using KVM
* src/qemu/qemu_conf.c: do not use boot=on for IDE devices
* tests/qemuxml2argvdata/qemuxml2argv*.args: this changes the output
  for 5 of the tests
2010-08-04 18:31:44 +02:00
Jiri Denemark
bf0bf4e783 qemu: Fix PCI address allocation
Patch version revamped by Eric Blake <eblake@redhat.com> of Jiri
Denemark <jdenemar@redhat.com> original patch

When attaching a PCI device which doesn't explicitly set its PCI
address, libvirt allocates the address automatically. The problem is
that when checking which PCI address is unused, we only check for those
with slot number higher than the highest slot number ever used.

Thus attaching/detaching such device several times in a row (31 is the
theoretical limit, less then 30 tries are enough in practise) makes any
further device attachment fail. Furthermore, attaching a device with
predefined PCI address to 0:0:31 immediately forbids attachment of any
PCI device without explicit address.

This patch changes the logic so that we always check all PCI addresses
before we say there is no PCI address available.

Modifications from v1: revert back to remembering the last slot
reserved, but allow wraparound to not be limited by the end.
In this way, slots are still assigned in the same order as
before the patch, rather than filling in the gaps closest to
0 and risking making windows guests mad.

* src/qemu/qemu_conf.c: fix pci reservation code to do a round-robbin
  check of all available PCI splot availability before failing.
2010-08-04 14:46:06 +02:00
Eric Blake
6790805d6e qemu: don't lose error on setting monitor capabilities
Spotted by clang.  Regression introduced in commit e72cc3c11d.

* src/qemu/qemu_driver.c (qemuConnectMonitor): Don't lose error status.
2010-08-02 14:16:10 -06:00
Eric Blake
68e4be71be qemu: kill some dead stores
Spotted by clang.

* src/qemu/qemu_monitor.c (qemuMonitorClose): Kill dead store.
* src/qemu/qemu_driver.c (qemudDomainSaveImageStartVM): Likewise.
2010-07-30 11:33:26 -06:00
Daniel Veillard
e7da872294 Do not activate boot=on on devices when not using KVM
Basically the 'boot=on' boot selection device is something present in
KVM but not in upstream QEmu, as a result if we boot a QEmu domain
without KVM acceleration we must disable boot=on ... even if the front
end kvm binary expose that capability in the help page.

* src/qemu/qemu_conf.c: in qemudBuildCommandLine if -no-kvm
  is passed, then deactivate QEMUD_CMD_FLAG_DRIVE_BOOT
2010-07-30 16:38:48 +02:00
Chris Lalancette
4313e1b9b1 Fix a memory leak in the qemudBuildCommandLine.
ADD_ARG_LIT should only be used for literal arguments,
since it duplicates the memory.  Since virBufferContentAndReset
is already allocating memory, we should only use ADD_ARG.

Signed-off-by: Chris Lalancette <clalance@redhat.com>
2010-07-30 10:01:50 -04:00
Chris Lalancette
56b408231a Fix a potential race in pciInitDevice.
If detecting the FLR flag of a pci device fails, then we
could run into the situation of trying to close a file
descriptor twice, once in pciInitDevice() and once in pciFreeDevice().
Fix that by removing the pciCloseConfig() in pciInitDevice() and
just letting pciFreeDevice() handle it.

Thanks to Chris Wright for pointing out this problem.

While we are at it, fix an error check.  While it would actually
work as-is (since success returns 0), it's still more clear to
check for < 0 (as the rest of the code does).

Signed-off-by: Chris Lalancette <clalance@redhat.com>
2010-07-29 10:18:23 -04:00
Cole Robinson
82b6d7600e qemu: virtio console support
Enable specifying a virtio console device with:

<console type='pty'>
  <target type='virtio'/>
</console>
2010-07-28 16:48:00 -04:00
Cole Robinson
6b24755235 domain conf: Track <console> target type
All <console> devices now export a <target> type attribute. QEMU defaults
to 'serial', UML defaults to 'uml, xen can be either 'serial' or 'xen'
depending on fullvirt. Understandably there is lots of test fallout.

This will be used to differentiate between a serial vs. virtio console for
QEMU.

Signed-off-by: Cole Robinson <crobinso@redhat.com>
2010-07-28 16:47:59 -04:00
Cole Robinson
6488ea2c5c domain conf: char: Add an explicit targetType field
targetType only tracks the actual <target> format we are parsing. Currently
we only fill abide this value for channel devices.

Signed-off-by: Cole Robinson <crobinso@redhat.com>
2010-07-28 16:47:58 -04:00
Cole Robinson
50147933a5 domain conf: Rename character prop targetType -> deviceType
There is actually a difference between the character device type (serial,
parallel, channel, ...) and the target type (virtio, guestfwd). Currently
they are awkwardly conflated.

Start to pull them apart by renaming targetType -> deviceType. This is
an entirely mechanical change.

Signed-off-by: Cole Robinson <crobinso@redhat.com>
2010-07-28 16:47:57 -04:00
Chris Lalancette
8bb0cd14e7 Fix up confusing indentation in qemudDomainAttachHostPciDevice.
Signed-off-by: Chris Lalancette <clalance@redhat.com>
2010-07-28 09:47:47 -04:00
Daniel P. Berrange
9749d94f7b Invert logic for checking for QEMU disk cache options
QEMU has had two different syntax for disk cache options

 Old: on|off
 New: writeback|writethrough|none

QEMU recently added another 'unsafe' option which broke the
libvirt check. We can avoid this & future breakage, if we
do a negative check for the old syntax, instead of a positive
check for the new syntax

* src/qemu/qemu_conf.c: Invert cache option check
2010-07-28 11:27:13 +01:00
Cole Robinson
4f24ca01e8 qemu: Allow setting boot menu on/off
Add a new element to the <os> block:

  <bootmenu enable="yes|no"/>

Which maps to -boot,menu=on|off on the QEMU command line.

I decided to use an explicit 'enable' attribute rather than just make the
bootmenu element boolean. This allows us to treat lack of a bootmenu element
as 'use hypervisor default'.
2010-07-27 16:38:32 -04:00
Cole Robinson
6fe9025eb5 qemu: Error on unsupported graphics config
Throw an explicit error if multiple graphics devices are specified, or
an unsupported type is specified (rdp).
2010-07-27 15:41:36 -04:00
Chris Wright
46bcdb960d pciResetDevice: use inactive devices to determine safe reset
When doing a PCI secondary bus reset, we must be sure that there are no
active devices on the same bus segment.  The active device tracking is
designed to only track host devices that are active in use by guests.
This ignores host devices that are actively in use by the host.  So the
current logic will reset host devices.

Switch this logic around and allow sbus reset when we are assigning all
devices behind a bridge to the same guest at guest startup or as a result
of a single attach-device command.

* src/util/pci.h: change signature of pciResetDevice to add an
  inactive devices list
* src/qemu/qemu_driver.c src/xen/xen_driver.c: use (or not) the new
  functionality of pciResetDevice() depending on the place of use
* src/util/pci.c: implement the interface and logic changes
2010-07-26 18:43:04 +02:00
Chris Wright
042b208370 qemudDomainAttachHostPciDevice refactor to use new helpers
- src/qemu/qemu_driver.c: Eliminate code duplication by using the new
  helpers qemuPrepareHostdevPCIDevices and qemuDomainReAttachHostdevDevices.
  This reduces the number of open coded calls to pciResetDevice.
2010-07-26 18:34:24 +02:00
Chris Wright
f1365b558d Add helpers qemuPrepareHostdevPCIDevice and qemuDomainReAttachHostdevDevices
- src/qemu/qemu_driver.c: These new helpers take hostdev list and count
  directly rather than getting them indirectly from domain definition.
  This will allow reuse for the attach-device case.
2010-07-26 18:23:17 +02:00
Chris Wright
8bd00c0edf qemuGetPciHostDeviceList take hostdev list directly
- src/qemu/qemu_driver.c: Update qemuGetPciHostDeviceList to take a
  hostdev list and count directly, rather than getting this indirectly
  from domain definition. This will allow reuse for the attach-device case.
2010-07-26 18:17:20 +02:00
Chris Lalancette
a71be01f04 Add tests for the new Qemu namespace XML.
Thanks to DV for knocking together the Relax-NG changes
quickly for me.

Changes since v1:
 - Change the domain.rng to correspond to the new schema
 - Don't allocate caps->ns in testQemuCapsInit since it is a static table

Changes since v2:
 - Change domain.rng to add restrictions on allowed environment names

Changes since v3:
 - Remove a bogus comment in the tests

Signed-off-by: Chris Lalancette <clalance@redhat.com>
2010-07-23 17:30:45 -04:00
Chris Lalancette
057e855324 Qemu arbitrary monitor commands.
Implement the qemu driver's virDomainQemuMonitorCommand
and hook it into the API entry point.

Changes since v1:
 - Rename the (external) qemuMonitorCommand to qemuDomainMonitorCommand
 - Add virCheckFlags to qemuDomainMonitorCommand

Changes since v2:
 - Drop ATTRIBUTE_UNUSED from the flags

Changes since v3:
 - Add a flag to priv so we only print out monitor command warning once.  Note
   that this has not been plumbed into qemuDomainObjPrivateXMLFormat or
   qemuDomainObjPrivateXMLParse, which means that if you run a monitor command,
   restart libvirtd, and then run another monitor command, you may get an
   an erroneous VIR_INFO.  It's a pretty minor matter, and I didn't think it
   warranted the additional code.
 - Add BeginJob/EndJob calls around EnterMonitor/ExitMonitor

Signed-off-by: Chris Lalancette <clalance@redhat.com>
2010-07-23 17:30:24 -04:00
Chris Lalancette
21adf03c2d Qemu Monitor API entry point.
Add the library entry point for the new virDomainQemuMonitorCommand()
entry point.  Because this is not part of the "normal" libvirt API,
it gets its own header file, library file, and will eventually
get its own over-the-wire protocol later in the series.

Changes since v1:
 - Go back to using the virDriver table for qemuDomainMonitorCommand, due to
   linking issues
 - Added versioning information to the libvirt-qemu.so

Changes since v2:
 - None

Changes since v3:
 - Add LGPL header to libvirt-qemu.c
 - Make virLibConnError and virLibDomainError macros instead of function calls

Changes since v4:
 - Move exported symbols to libvirt_qemu.syms

Signed-off-by: Chris Lalancette <clalance@redhat.com>
2010-07-23 17:30:14 -04:00
Chris Lalancette
ae027de32d Handle arbitrary qemu command-lines in qemuParseCommandLine.
Now that we have the ability to specify arbitrary qemu
command-line parameters in the XML, use it to handle unknown
command-line parameters when doing a native-to-xml conversion.

Changes since v1:
 - Rename num_extra to num_args
 - Fix up a memory leak on an error path

Changes since v2:
 - Add a VIR_WARN when adding the argument via qemu:arg

Changes since v3:
 - None

Signed-off-by: Chris Lalancette <clalance@redhat.com>
2010-07-23 17:30:07 -04:00
Chris Lalancette
869939a543 Qemu arbitrary command-line arguments.
Implement the qemu hooks for XML namespace data.  This
allows us to specify a qemu XML namespace, and then
specify:

<qemu:commandline>
 <qemu:arg value='arg'/>
 <qemu:env name='name' value='value'/>
</qemu:commandline>

In the domain XML.

Changes since v1:
 - Change the <qemu:arg>arg</qemu:arg> XML to <qemu:arg value='arg'/> XML
 - Fix up some memory leaks in qemuDomainDefNamespaceParse
 - Rename num_extra and extra to num_args and args, respectively
 - Fixed up some error messages
 - Make sure to escape user-provided data in qemuDomainDefNamespaceFormatXML

Changes since v2:
 - Add checking to ensure environment variable names are valid
 - Invert the logic in qemuDomainDefNamespaceFormatXML to return early

Changes since v3:
 - Change strspn() to c_isalpha() check of first letter of environment variable

Signed-off-by: Chris Lalancette <clalance@redhat.com>
2010-07-23 17:29:59 -04:00
Daniel P. Berrange
6ea90b843e Set a stable & high MAC addr for guest TAP devices on host
A Linux software bridge will assume the MAC address of the enslaved
interface with the numerically lowest MAC addr. When the bridge
changes MAC address there is a period of network blackout, so a
change should be avoided. The kernel gives TAP devices a completely
random MAC address. Occassionally the random TAP device MAC is lower
than that of the physical interface (eth0, eth1etc) that is enslaved,
causing the bridge to change its MAC.

This change sets an explicit MAC address for all TAP devices created
using the configured MAC from the XML, but with the high byte set
to 0xFE. This should ensure TAP device MACs are higher than any
physical interface MAC.

* src/qemu/qemu_conf.c, src/uml/uml_conf.c: Pass in a MAC addr
  for the TAP device with high byte set to 0xFE
* src/util/bridge.c, src/util/bridge.h: Set a MAC when creating
  the TAP device to override random MAC
2010-07-23 10:15:04 +01:00
Daniel P. Berrange
020d220421 Fix PCI address assignment if no IDE controller is present
The PCI slot 1 must be reserved at all times, since PIIX3 is
always present, even if no IDE device is in use for guest disks

* src/qemu/qemu_conf.c: Always reserve slot 1 for PIIX3
2010-07-23 10:14:50 +01:00
Laine Stump
2ad04f7853 Change virFileOperation to return -errno (ie < 0) on error.
virFileOperation previously returned 0 on success, or the value of
errno on failure. Although there are other functions in libvirt that
use this convention, the preferred (and more common) convention is to
return 0 on success and -errno (or simply -1 in some cases) on
failure. This way the check for failure is always (ret < 0).

* src/util/util.c - change virFileOperation and virFileOperationNoFork to
                    return -errno on failure.

* src/storage/storage_backend.c, src/qemu/qemu_driver.c
  - change the hook functions passed to virFileOperation to return
    -errno on failure.
2010-07-21 14:32:35 -04:00
Daniel P. Berrange
0e308c2c9f Re-arrange PCI device address assignment to match QEMU's default
To try and ensure that people upgrading from old QEMU get guests
with the same PCI device ordering, change the way we assign addrs
to match QEMU's default order. This should make Windows less
annoyed.

* src/qemu/qemu_conf.c: Follow QEMU's default PCI ordering
  logic when assigning addresses
* tests/*.args: Update for changed PCI addresses
2010-07-21 11:35:21 +01:00
Daniel P. Berrange
b2f1863533 Explicitly represent balloon device in XML and handle PCI address
To allow compatibility with older QEMU PCI device slot assignment
it is necessary to explicitly track the balloon device in the
XML. This introduces a new device

   <memballoon model='virtio|xen'/>

It can also have a PCI address, auto-assigned if necessary.

The memballoon will be automatically added to all Xen and QEMU
guests by default.

* docs/schemas/domain.rng: Add <memballoon> element
* src/conf/domain_conf.c, src/conf/domain_conf.h: parsing
  and formatting for memballoon device. Always add a memory
  balloon device to Xen/QEMU if none exists in XML
* src/libvirt_private.syms: Export memballoon model APIs
* src/qemu/qemu_conf.c, src/qemu/qemu_conf.h: Honour the
  PCI device address in memory balloon device
* tests/*: Update to test new functionality
2010-07-21 11:33:11 +01:00
Daniel P. Berrange
ccd2c82ee4 Rearrange VGA/IDE controller address reservation
The first VGA and IDE devices need to have fixed PCI address
reservations. Currently this is handled inline with the other
non-primary VGA/IDE devices. The fixed virtio balloon device
at slot 3, ensures auto-assignment skips the slots 1/2. The
virtio address will shortly become configurable though. This
means the reservation of fixed slots needs to be done upfront
to ensure that they don't get re-used for other devices.

This is more or less reverting the previous changeset:

  commit 83acdeaf17
  Author: Daniel P. Berrange <berrange@redhat.com>
  Date:   Wed Feb 3 16:11:29 2010 +0000

  Fix restore of QEMU guests with PCI device reservation

The difference is that this time, instead of unconditionally
reserving the address, we only reserve the address if it was
initially type=none. Addresses of type=pci were handled
earlier in process by qemuDomainPCIAddressSetCreate(). This
ensures restore step doesn't have problems

* src/qemu/qemu_conf.c: Reserve first VGA + IDE address
  upfront
2010-07-21 11:30:26 +01:00
Daniel P. Berrange
021251bd7d Remove inappropriate use of VIR_ERR_NO_SUPPORT
The VIR_ERR_NO_SUPPORT refers to an API which is not implemented.
There is a separate VIR_ERR_CONFIG_UNSUPPORTED for XML config
options that are not available with the current hypervisor.

* src/qemu/qemu_conf.c, src/qemu/qemu_driver.c: Remove
  many VIR_ERR_NO_SUPPORT replace with VIR_ERR_CONFIG_UNSUPPORTED
2010-07-21 11:30:26 +01:00
Chris Lalancette
f0c8e1cb37 Fix a deadlock in bi-directional p2p concurrent migration.
If you try to execute two concurrent migrations p2p
from A->B and B->A, the two libvirtd's will deadlock
trying to perform the migrations.  The reason for this is
that in p2p migration, the libvirtd's are responsible for
making the RPC Prepare, Migrate, and Finish calls.  However,
they are currently holding the driver lock while doing so,
which basically guarantees deadlock in this scenario.

This patch fixes the situation by adding
qemuDomainObjEnterRemoteWithDriver and
qemuDomainObjExitRemoteWithDriver helper methods.  The Enter
take an additional object reference, then drops both the
domain object lock and the driver lock.  The Exit takes
both the driver and domain object lock, then drops the
reference.  Adding calls to these Enter and Exit helpers
around remote calls in the various migration methods
seems to fix the problem for me in testing.

This should make the situation safe. The additional domain
object reference ensures that the domain object won't disappear
while this operation is happening.  The BeginJob that is called
inside of qemudDomainMigratePerform ensures that we can't execute a
second migrate (or shutdown, or save, etc) job while the
migration is active.  Finally, the additional check on the state
of the vm after we reacquire the locks ensures that we can't
be surprised by an external event (domain crash, etc).

Signed-off-by: Chris Lalancette <clalance@redhat.com>
2010-07-20 09:52:52 -04:00
Daniel P. Berrange
03ca42046a Add ability to set a default driver name/type when parsing disks
Record a default driver name/type in capabilities struct. Use this
when parsing disks if value is not set in XML config.

* src/conf/capabilities.h: Record default driver name/type for disks
* src/conf/domain_conf.c: Fallback to default driver name/type
  when parsing disks
* src/qemu/qemu_driver.c: Set default driver name/type to raw
2010-07-19 18:25:14 +01:00
Daniel P. Berrange
68719c4bdd Disable all disk probing in QEMU driver & add config option to re-enable
Disk format probing is now disabled by default. A new config
option in /etc/qemu/qemu.conf will re-enable it for existing
deployments where this causes trouble
2010-07-19 18:25:13 +01:00
Daniel P. Berrange
f70e080962 Pass security driver object into all security driver callbacks
The implementation of security driver callbacks often needs
to access the security driver object. Currently only a handful
of callbacks include the driver object as a parameter. Later
patches require this is many more places.

* src/qemu/qemu_driver.c: Pass in the security driver object
  to all callbacks
* src/qemu/qemu_security_dac.c, src/qemu/qemu_security_stacked.c,
  src/security/security_apparmor.c, src/security/security_driver.h,
  src/security/security_selinux.c: Add a virSecurityDriverPtr
  param to all security callbacks
2010-07-19 18:25:13 +01:00
Daniel P. Berrange
a885334499 Convert all disk backing store loops to shared helper API
Update the QEMU cgroups code, QEMU DAC security driver, SELinux
and AppArmour security drivers over to use the shared helper API
virDomainDiskDefForeachPath().

* src/qemu/qemu_driver.c, src/qemu/qemu_security_dac.c,
  src/security/security_selinux.c, src/security/virt-aa-helper.c:
  Convert over to use virDomainDiskDefForeachPath()
2010-07-19 18:25:13 +01:00
Daniel P. Berrange
bf80fc68ca Require format to be passed into virStorageFileGetMetadata
Require the disk image to be passed into virStorageFileGetMetadata.
If this is set to VIR_STORAGE_FILE_AUTO, then the format will be
resolved using probing. This makes it easier to control when
probing will be used

* src/qemu/qemu_driver.c, src/qemu/qemu_security_dac.c,
  src/security/security_selinux.c, src/security/virt-aa-helper.c:
  Set VIR_STORAGE_FILE_AUTO when calling virStorageFileGetMetadata.
* src/storage/storage_backend_fs.c: Probe for disk format before
  calling virStorageFileGetMetadata.
* src/util/storage_file.h, src/util/storage_file.c: Remove format
  from virStorageFileMeta struct & require it to be passed into
  method.
2010-07-19 18:25:04 +01:00
Jim Meyering
c1fd7d7b3e qemuConnectMonitor: fix a bug that would have masked SELinux failure
* src/qemu/qemu_driver.c (qemuConnectMonitor): Correct erroneous
parenthesization in two expressions.  Without this fix, failure
to set or clear SELinux security context in the monitor would go
undiagnosed.  Also correct a diagnostic and split some long lines.
2010-07-14 12:42:59 -05:00
Jiri Denemark
4677b06428 qemu: Use -nodefconfig when probing for CPU models
In case qemu supports -nodefconfig, libvirt adds uses it when launching
new guests. Since this option may affect CPU models supported by qemu,
we need to use it when probing for available models.
2010-07-12 19:45:22 +02:00
Daniel P. Berrange
8fa58ab348 Fix potential crash in QEMU monitor JSON impl
An indentation mistake meant that a check for return status
was not properly performed in all cases. This could result
in a crash on NULL pointer in a following line.

* src/qemu/qemu_monitor_json.c: Fix check for return status
  when processing JSON for blockstats
2010-07-12 18:34:18 +01:00
Cole Robinson
15770695d8 qemu: Improve some qemu.conf error reporting
Log some info if we can't find a config file. Make parse failures
fatal, and actually raise an error message.
2010-07-02 10:29:56 -04:00
Daniel P. Berrange
8134d396fe Avoid invoking the qemu monitor destroy callback if the constructor fails
Some, but not all, codepaths in the qemuMonitorOpen() method
would trigger the destroy callback. The caller does not expect
this to be invoked if construction fails, only during normal
release of the monitor. This resulted in a possible double-unref
of the virDomainObjPtr, because the caller explicitly unrefs
the virDomainObjPtr  if qemuMonitorOpen() fails

* src/qemu/qemu_monitor.c: Don't invoke destroy callback from
  qemuMonitorOpen() failure paths
2010-06-30 13:48:15 +01:00
Chris Lalancette
ec75b0cf59 Fix crash when detaching devices from qemu domains.
Make sure to *not* call qemuDomainPCIAddressReleaseAddr if
QEMUD_CMD_FLAG_DEVICE is *not* set (for older qemu).  This
prevents a crash when trying to do device detachment from
a qemu guest.

Signed-off-by: Chris Lalancette <clalance@redhat.com>
2010-06-29 10:40:20 -04:00
Chris Lalancette
53a1db4dfc Check for active PCI devices when doing nodedevice operations.
In the current libvirt PCI code, there is no checking whether
a PCI device is in use by a guest when doing node device
detach or reattach.  This causes problems when a device is
assigned to a guest, and the administrator starts issuing
nodedevice commands.  Make it so that we check the list
of active devices when trying to detach/reattach, and only
allow the operation if the device is not assigned to a guest.

Signed-off-by: Chris Lalancette <clalance@redhat.com>
2010-06-29 10:40:00 -04:00
Laine Stump
11a7060250 Avoid calling virStorageFileIsSharedFS with NULL
This code was just recently added (by me) and didn't account for the
fact that stdin_path is sometimes NULL. If it's NULL, and
SetSecurityAllLabel fails, a segfault would result.
2010-06-28 23:52:04 -04:00
Laine Stump
06f81c63eb Selectively ignore domainSetSecurityAllLabel failure in domain restore
When the saved domain image is on an NFS share, at least some part of
domainSetSecurityAllLabel will fail (for example, selinux labels can't
be modified). To allow domain restore to still work in this case, just
ignore the errors.
2010-06-28 11:56:02 -04:00
Laine Stump
f35a9fc164 use virStorageFileIsSharedFS utility function in qemudDomainSaveFlag
Previously, this function had it's own bit of code performing the same
function. Since there's now an equivalent utility function, let's use it.
2010-06-28 11:55:53 -04:00
Laine Stump
590c9c9acf Set proper selinux label on image file during qemu domain restore
Also restore the label to its original value after qemu is finished
with the file.

Prior to this patch, qemu domain restore did not function properly if
selinux was set to enforce.
2010-06-28 11:55:32 -04:00
Daniel P. Berrange
6d9743158c Don't squash file permissions when migration fails
If an active migration operation fails, or is cancelled by the
admin, the QEMU on the destination is shutdown and the one on
the source continues running. It is important in shutting down
the QEMU on the destination, the security drivers don't reset
the file labelling/permissions.

* src/qemu/qemu_driver.c: Don't reset labelling/permissions
  on migration abort
2010-06-25 10:19:20 -04:00
Daniel P. Berrange
28e96d720b Fix migration in text mode and shared storage migration in json mode
The patches for shared storage migration were not correctly written
for json mode. Thus the 'blk' and 'inc' parameters were never being
set. In addition they didn't set the QEMU_MONITOR_MIGRATE_BACKGROUND
so migration was synchronous. Due to multiple bugs in QEMU's JSON
impl this wasn't noticed because it treated the sync migration requst
as asynchronous anyway. Finally 'background' parameter was converted
to take arbitrary flags but not renamed, and not all uses were changed
to unsigned int.

* src/qemu/qemu_driver.c: Set QEMU_MONITOR_MIGRATE_BACKGROUND in
  doNativeMigrate
* src/qemu/qemu_monitor_json.c: Process QEMU_MONITOR_MIGRATE_NON_SHARED_DISK
  and QEMU_MONITOR_MIGRATE_NON_SHARED_INC flags
* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
  src/qemu/qemu_monitor_json.h, src/qemu/qemu_monitor_text.c,
  src/qemu/qemu_monitor_text.h: change 'int background' to
  'unsigned int flags' in migration APIs. Add logging of flags
  parameter
2010-06-25 14:40:06 +01:00
Daniel P. Berrange
755b53f946 Avoid blocking all APIs during incoming migration
During incoming migration the QEMU monitor is not able to be
used. The incoming migration code did not keep hold of the
job lock because migration is split across multiple API calls.
This meant that further monitor commands on the guest would
hang until migration finished with no timeout.

In this change the qemuDomainMigratePrepare method sets the
job flag just before it returns. The qemuDomainMigrateFinish
method checks for this job flag & clears it once done. This
prevents any use of the monitor between prepare+finish steps.

The qemuDomainGetJobInfo method is also updated to refresh
the job elapsed time. This means that virsh domjobinfo can
return time data during incoming migration

* src/qemu/qemu_driver.c: Keep a job active during incoming
  migration. Refresh job elapsed time when returning job info
2010-06-25 14:39:58 +01:00
Daniel P. Berrange
2bad82f71e Set labelling for character devices in security drivers
When configuring serial, parallel, console or channel devices
with a file, dev or pipe backend type, it is necessary to label
the file path in the security drivers. For char devices of type
file, it is neccessary to pre-create (touch) the file if it does
not already exist since QEMU won't be allowed todo so itself.
dev/pipe configs already require the admin to pre-create before
starting the guest.

* src/qemu/qemu_security_dac.c: set file ownership for character
  devices
* src/security/security_selinux.c: Set file labeling for character
  devices
* src/qemu/qemu_driver.c: Add character devices to cgroup ACL
2010-06-25 14:39:54 +01:00
Laine Stump
7d02393b1b Check for presence of qemu -nodefconfig option before using it
We previously assumed that if the -device option existed in qemu, that
-nodefconfig would also exist. It turns out that isn't the case, as
demonstrated by qemu-kvm-0.12.3 in Fedora 13.

*/src/qemu/qemu_conf.[hc] - add a new QEMUD_CMD_FLAG, set it via the
                            help output, and check it before adding
                            -nodefconfig to the qemu commandline.
2010-06-24 18:04:07 -04:00
Matthias Bolte
c391291244 Add optional model attribute to the controller element
This is a step towards controller support for the ESX driver.
2010-06-24 14:56:04 +02:00
Matthias Bolte
f8f29b1fc2 Add wide SCSI bus disk address generation support
The domain XML parsing code autogenerates disk address and
controller elements when they are not explicitly specified.
The code assumes a narrow SCSI bus (7 units per bus). ESX
uses a wide SCSI bus (16 units per bus).

This is a step towards controller support for the ESX driver.
2010-06-24 14:56:04 +02:00
Daniel P. Berrange
f310b25341 Add '-nodefconfig' command line arg to QEMU
We already use the '-nodefaults' command line arg with QEMU to stop
it adding any default devices to guests. Unfortunately, QEMU will
load global config files from /etc/qemu that may also add default
devices. These aren't blocked by '-nodefaults', so we need to also
add the '-nodefconfig' arg to prevent that.

Unfortunately these global config files are also used to define
custom CPU models. So in blocking global hardware device addition
we also block definitions of new CPU models. Libvirt doesn't know
about these custom CPU models though, so it would never make use
of them anyway. Thus blocking them via -nodefconfig isn't a show
stopping problem. We would need to expand libvirt's own CPU model
XML database to support these instead.

* src/qemu/qemu_conf.c: Add '-nodefconfig' if available
* tests/qemuxml2argvdata/: Add '-nodefconfig' to all data files which
  have '-nodefaults' present
2010-06-23 14:08:05 +01:00
Daniel P. Berrange
c212160260 Fix reference handling leak on qemuMonitor
The current code pattern requires that callers of qemuMonitorClose
check for the return value == 0, and if so, set priv->mon = NULL
and release the reference held on the associated virDomainObjPtr

The change d84bb6d6a3 violated that
requirement, meaning that priv->mon never gets set to NULL, and
a reference count is leaked on virDomainObjPtr.

This design was a bad one, so remove the need to check the return
valueof qemuMonitorClose(). Instead allow registration of a
callback that's invoked just when the last reference on qemuMonitorPtr
is released.

Finally there was a potential reference leak in qemuConnectMonitor
in the failure path.

* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Add a destroy
  callback invoked from qemuMonitorFree
* src/qemu/qemu_driver.c: Use the destroy callback to release the
  reference on virDomainObjPtr when the monitor is freed. Fix other
  potential reference count leak in connecting to monitor
2010-06-23 14:08:05 +01:00
Daniel P. Berrange
8d616decc5 Make checks for inactive QEMU guest more robust
Before issuing monitor commands it is neccessary to check whether
the guest is still running. Most places use virDomainIsActive()
correctly, but a few relied on 'priv->mon != NULL'. In theory
these should be equivalent, but the release of the last reference
count on priv->mon can be delayed a small amount of time until
the event handler is finally deregistered. A further ref counting
bug also means that priv->mon might be never released. In such a
case, code could mistakenly issue a monitor command and wait for
a response that will never arrive, effectively leaving the QEMU
driver waiting on virCondWait() forever..

To protect against these possibilities, make sure all code uses
virDomainIsActive(), not 'priv->mon != NULL'

* src/qemu/qemu_driver.c: Replace 'priv->mon != NULL' with
  calls to 'priv->mon != NULL'()
2010-06-23 14:08:05 +01:00
Stefan Berger
cab5a52aa2 nwfilter: fix loadable module support
Following Daniel Berrange's multiple helpful suggestions for improving
this patch and introducing another driver interface, I now wrote the
below patch where the nwfilter driver registers the functions to
instantiate and teardown the nwfilters with a function in
conf/domain_nwfilter.c called virDomainConfNWFilterRegister. Previous
helper functions that were called from qemu_driver.c and qemu_conf.c
were move into conf/domain_nwfilter.h with slight renaming done for
consistency. Those functions now call the function expored by
domain_nwfilter.c, which in turn call the functions of the new driver
interface, if available.
2010-06-21 14:18:31 -04:00
Cole Robinson
58406dd54e qemu: Fix crash on failed VM startup
If VM startup fails early enough (can't find a referenced USB device),
libvirtd will crash trying to clear the VNC port bit, since port = 0,
which overflows us out of the bitmap bounds.

Fix this by being more defensive in the bitmap operations, and only
clearing a previously set VNC port.

Signed-off-by: Cole Robinson <crobinso@redhat.com>
2010-06-18 10:14:34 -04:00
Eric Blake
322b1fd44b qemu: reduce file padding requirements
Followup to https://bugzilla.redhat.com/show_bug.cgi?id=599091,
commit 20206a4b, to reduce disk waste in padding.

* src/qemu/qemu_monitor.h (QEMU_MONITOR_MIGRATE_TO_FILE_BS): Drop
back to 4k.
(QEMU_MONITOR_MIGRATE_TO_FILE_TRANSFER_SIZE): New macro.
* src/qemu/qemu_driver.c (qemudDomainSaveFlag): Update comment.
* src/qemu/qemu_monitor_text.c (qemuMonitorTextMigrateToFile): Use
two invocations of dd to output non-aligned large blocks.
* src/qemu/qemu_monitor_json.c (qemuMonitorJSONMigrateToFile):
Likewise.
2010-06-17 13:29:16 -06:00
Eric Blake
d024d2ba36 qemu: support starting persistent domain paused
Match earlier change for qemu pause support with virDomainCreateXML.

* src/qemu/qemu_driver.c (qemudDomainObjStart): Add parameter; all
callers changed.
(qemudDomainStartWithFlags): Implement flag support.
2010-06-15 09:37:11 -06:00
Eric Blake
de3aadaa71 drivers: add virDomainCreateWithFlags if virDomainCreate exists
* src/esx/esx_driver.c (esxDomainCreate): Move guts...
(esxDomainCreateWithFlags): ...to new function.
(esxDriver): Trivially support the new API.
* src/lxc/lxc_driver.c (lxcDomainStart, lxcDomainStartWithFlags)
(lxcDriver): Likewise.
* src/opennebula/one_driver.c (oneDomainStart)
(oneDomainStartWithFlags, oneDriver): Likewise.
* src/openvz/openvz_driver.c (openvzDomainCreate)
(openvzDomainCreateWithFlags, openvzDriver): Likewise.
* src/qemu/qemu_driver.c (qemudDomainStart)
(qemudDomainStartWithFlags, qemuDriver): Likewise.
* src/test/test_driver.c (testDomainCreate)
(testDomainCreateWithFlags, testDriver): Likewise.
* src/uml/uml_driver.c (umlDomainStart, umlDomainStartWithFlags)
(umlDriver): Likewise.
* src/vbox/vbox_tmpl.c (vboxDomainCreate)
(vboxDomainCreateWithFlags, Driver): Likewise.
* src/xen/xen_driver.c (xenUnifiedDomainCreate)
(xenUnifiedDomainCreateWithFlags, xenUnifiedDriver): Likewise.
* src/xenapi/xenapi_driver.c (xenapiDomainCreate)
(xenapiDomainCreateWithFlags, xenapiDriver): Likewise.
2010-06-15 09:37:11 -06:00
Eric Blake
460ca88b98 libvirt: introduce domainCreateWithFlags API
Persistent domain creation needs the same features as transient
domains, but virDomainCreate lacks the flags argument present in
virDomainCreateXML.  virDomainCreateFlags is already claimed as
a public enum, so we have to break convention and expose
virDomainCreateWithFlags.

* include/libvirt/libvirt.h.in (virDomainCreateWithFlags): Add.
* src/driver.h (virDrvDomainCreateWithFlags): Internal API.
* src/libvirt.c (virDomainCreateWithFlags): Glue public API to
driver API.
* src/libvirt_public.syms (LIBVIRT_0.8.2): Expose public API.
* src/esx/esx_driver.c (esxDriver): Add stub for driver.
* src/lxc/lxc_driver.c (lxcDriver): Likewise.
* src/opennebula/one_driver.c (oneDriver): Likewise.
* src/openvz/openvz_driver.c (openvzDriver): Likewise.
* src/phyp/phyp_driver.c (phypDriver): Likewise.
* src/qemu/qemu_driver.c (qemuDriver): Likewise.
* src/remote/remote_driver.c (remote_driver): Likewise.
* src/test/test_driver.c (testDriver): Likewise.
* src/uml/uml_driver.c (umlDriver): Likewise.
* src/vbox/vbox_tmpl.c (Driver): Likewise.
* src/xen/xen_driver.c (xenUnifiedDriver): Likewise.
* src/xenapi/xenapi_driver.c (xenapiDriver): Likewise.
2010-06-15 07:32:41 -06:00
Daniel P. Berrange
c37c321cc2 Fix cgroup setup code to cope with root squashing NFS
When a disk is on a root squashed NFS server, it may not be
possible to stat() the disk file in virCgroupAllowDevice.
The virStorageFileGetMeta method may also fail to extract
the parent backing store. Both of these errors have to be
ignored to avoid breaking NFS deployments

* src/qemu/qemu_driver.c: Ignore errors in cgroup setup to
   keep root squash NFS happy
2010-06-09 09:44:20 -04:00
Eric Blake
68e4793ae0 qemu: allow creation of a paused domain
https://bugzilla.redhat.com/show_bug.cgi?id=589465

Some guests (eg with badly configured grub, or Windows' installation cd)
require quick response from the console user. That's why we have a
"launchPaused" option in vdsm.

To implement it via libvirt, we need to ask libvirt not to call
qemuMonitorStartCPUs() after starting qemu.  Calling virDomainStop
immediately after the domain is up is inherently raceful.

* src/qemu/qemu_driver.c (qemudStartVMDaemon): Add new parameter;
all callers adjusted.
(qemudDomainCreate): Implement support for new flag.
2010-06-08 15:35:57 -06:00
Eric Blake
2502ebb30a virDomainCreateXML: support new flag
* include/libvirt/libvirt.h.in (virDomainCreateFlags): Add
VIR_DOMAIN_START_PAUSED.
* src/libvirt.c (virDomainCreateXML): Update documentation.
* src/lxc/lxc_driver.c (lxcDomainCreateAndStart): Reject new flag
as unimplemented.
* src/opennebula/one_driver.c (oneDomainCreateAndStart):
Likewise.
* src/openvz/openvz_driver.c (openvzDomainCreateXML): Likewise.
* src/phyp/phyp_driver.c (phypDomainCreateAndStart): Likewise.
* src/qemu/qemu_driver.c (qemudDomainCreate): Likewise.
* src/test/test_driver.c (testDomainCreateXML): Likewise.
* src/uml/uml_driver.c (umlDomainCreate): Likewise.
* src/vbox/vbox_tmpl.c (vboxDomainCreateXML): Likewise.
* src/xen/xend_internal.c (xenDaemonCreateXML): Likewise.
* src/xenapi/xenapi_driver.c (xenapiDomainCreateXML): Likewise.
2010-06-08 15:35:55 -06:00
Daniel P. Berrange
1c72695c44 Ensure that PCI device is reattached to host if hotadd fails
When an attempt to hotplug a PCI device to a guest fails,
the device was left attached to pci-stub. It is neccessary
to reset the device and then attach it to the host driver
again.

* src/qemu/qemu_driver.c: Reattach PCI device to host if
  hotadd fails
2010-06-08 15:21:07 +01:00
Daniel P. Berrange
c833efd35b Fix check for errors in device_add command in QEMU text monitor
Any output at all from device_add indicates an error in the
command execution. Thus it needs to check for reply != ""

* src/qemu/qemu_monitor_text.c: Fix reply check for errors
  to treat any output as an error
2010-06-08 15:20:59 +01:00
Daniel J Walsh
e72cc3c11d Add support for setting socket MLS level in SELinux driver
When SELinux is running in MLS mode, libvirtd will have a
different security level to the VMs. For libvirtd to be
able to connect to the monitor console, the client end of
the UNIX domain socket needs a different label. This adds
infrastructure to set the socket label via the security
driver framework

* src/qemu/qemu_driver.c: Call out to socket label APIs in
  security driver
* src/qemu/qemu_security_stacked.c: Wire up socket label
  drivers
* src/security/security_driver.h: Define security driver
  entry points for socket labelling
* src/security/security_selinux.c: Set socket label based on
  VM label
2010-06-08 15:14:57 +01:00
Daniel P. Berrange
2e56cfa7d2 Include port number with virtio serial devices
To ensure that the device addressing scheme is stable across
hotplug/unplug, all virtio serial channels needs to have an
associated port number in their address. This is then specified
to QEMU using the nr=NNN parameter

* src/conf/domain_conf.c, src/conf/domain_conf.h: Parsing
  for port number in vioserial address types.
* src/qemu/qemu_conf.c: Set 'nr=NNN' parameter with virtio
  serial port number
* tests/qemuxml2argvdata/qemuxml2argv-channel-virtio.args,
  tests/qemuxml2argvdata/qemuxml2argv-channel-virtio.xml: Expand
  data set to ensure coverage of port addressing
2010-06-08 15:08:15 +01:00
Daniel P. Berrange
b490f2c1e0 Disable use of 'reason' field in block IO event in QEMU
QEMU upstream decided against adding a 'reason' field to
the block IO event in QMP. Disable this code to remove a
annoying warning message. It will be renabled when the
error string reason is re-introduced in QEMU
2010-06-08 15:05:42 +01:00
Jamie Strandboge
2b57478ef0 Add stdin_path to qemudStartVMDaemon() args.
Adjust args to qemudStartVMDaemon() to also specify path to stdin_fd,
so this can be passed to the AppArmor driver via SetSecurityAllLabel().

This updates all calls to qemudStartVMDaemon() as well as setting up
the non-AppArmor security driver *SetSecurityAllLabel() declarations
for the above. This is required for the following
"apparmor-fix-save-restore" patch since AppArmor resolves the passed
file descriptor to the pathname given to open().
2010-06-07 14:41:09 -04:00
Laine Stump
20206a4bc9 Adjust block size used by dd to speed QEMU domain save operations.
See https://bugzilla.redhat.com/show_bug.cgi?id=599091

Saving a paused 512MB domain took 3m47s with the old block size of 512
bytes. Changing the block size to 1024*1024 decreased the time to 56
seconds. (Doubling again to 2048*1024 yielded 0 improvement; lowering
to 512k increased the save time to 1m10s, about 20%)
2010-06-04 15:36:17 -04:00
Laine Stump
1d45e1b622 Fix dereference of potentially freed pointer in qemudDomainSaveFlags
The pointer to the xml describing the domain is saved into an object
prior to calling VIR_REALLOC_N() to make the size of the memory it
points to a multiple of QEMU_MONITOR_MIGRATE_TO_FILE_BS. If that
operation needs to allocate new memory, the pointer that was saved is
no longer valid.

To avoid this situation, adjust the size *before* saving the pointer.

(This showed up when experimenting with very large values of
QEMU_MONITOR_MIGRATE_TO_FILE_BS).
2010-06-04 15:36:04 -04:00
Stefan Berger
ca3b22bb5c add 802.1Qbh and 802.1Qbg handling
This patch that adds support for configuring 802.1Qbg and 802.1Qbh
switches. The 802.1Qbh part has been successfully tested with real
hardware. The 802.1Qbg part has only been tested with a (dummy)
server that 'behaves' similarly to how we expect lldpad to 'behave'.

The following changes were made during the development of this patch:

 - Merging Scott's v13-pre1 patch
 - Fixing endptr related bug while using virStrToLong_ui() pointed out
   by Jim Meyering
 - Addressing Jim Meyering's comments to v11
 - requiring mac address to the vpDisassociateProfileId() function to
   pass it further to the 802.1Qbg disassociate part (802.1Qbh untouched)
 - determining pid of lldpad daemon by reading it from /var/run/libvirt.pid
   (hardcode as is hardcode alson in lldpad sources)
 - merging netlink send code for kernel target and user space target
   (lldpad) using one function nlComm() to send the messages
 - adding a select() after the sending and before the reading of the
   netlink response in case lldpad doesn't respond and so we don't hang
 - when reading the port status, in case of 802.1Qbg, no status may be
   received while things are 'in progress' and only at the end a status
   will be there.
 - when reading the port status, use the given instanceId and vf to pick
   the right IFLA_VF_PORT among those nested under IFLA_VF_PORTS.
 - never sending nor parsing IFLA_PORT_SELF type of messages in the
   802.1Qbg case
 - iterating over the elements in a IFLA_VF_PORTS to pick the right
   IFLA_VF_PORT by either IFLA_PORT_PROFILE and given profileId
   (802.1Qbh) or IFLA_PORT_INSTANCE_UUID and given instanceId (802.1Qbg)
   and reading the current status in IFLA_PORT_RESPONSE.
 - recycling a previous patch that adds functionality to interface.c to
   - get the vlan identifier on an interface
   - get the flags of an interface and some convenience function to
     check whether an interface is 'up' or not (not currently used here)
 - adding function to determine the root physical interface of an
   interface. For example if a macvtap is linked to eth0.100, it will
   find eth0. Also adding a function that finds the vlan on the 'way to
   the root physical interface'
 - conveying the root physical interface name and index in case of 802.1Qbg
 - conveying mac address of macvlan device and vlan identifier in
   IFLA_VFINFO_LIST[ IFLA_VF_INFO[ IFLA_VF_MAC(mac), IFLA_VF_VLAN(vlan) ] ]
   to (future) lldpad via netlink
  - To enable build with --without-macvtap rename the
    [dis|]associatePortProfileId functions, prepend 'vp' before their
    name and make them non-static functions.
  - Renaming variable multicast to nltarget_kernel and inverting
    the logic
  - Addressing Jim Meyering's comments; this also touches existing
    code for example for correcting indentation of break statements or
    simplification of switch statements.
  - Renamed occurrencvirVirtualPortProfileDef to virVirtualPortProfileParamses
  - 802.1Qbg part prepared for sending a RTM_SETLINK and getting
    processing status back plus a subsequent RTM_GETLINK to
    get IFLA_PORT_RESPONSE.
    Note: This interface for 802.1Qbg may still change
  - [David Allan] move getPhysfn inside IFLA_VF_PORT_MAX to avoid
compiler
    warning when latest if_link.h isn't available
  - move from Stefan's 802.1Qb{g|h} XML v8 to v9
  - move hostuuid and vf index calcs to inside doPortProfileOp8021Qbh
  - remove debug fprintfs
  - use virGetHostUUID (thanks Stefan!)
  - fix compile issue when latest if_link.h isn't available
  - change poll timeout to 10s, at 1/8 intervals
     - if polling times out, log msg and return -ETIMEDOUT
  - Add Stefan's code for getPortProfileStatus
  - Poll for up to 2 secs for port-profile status, at 1/8 sec intervals:
     - if status indicates error, abort openMacvtapTap
     - if status indicates success, exit polling
     - if status is "in-progress" after 2 secs of polling, exit
       polling loop silently, without error

My patch finishes out the 802.1Qbh parts, which Stefan had mostly complete.
I've tested using the recent kernel updates for VF_PORT netlink msgs and
enic for Cisco's 10G Ethernet NIC.  I tested many VMs, each with several
direct interfaces, each configured with a port-profile per the XML.  VM-to-VM,
and VM-to-external work as expected.  VM-to-VM on same host (using same NIC)
works same as VM-to-VM where VMs are on diff hosts.  I'm able to change
settings on the port-profile while the VM is running to change the virtual
port behaviour.  For example, adjusting a QoS setting like rate limit.  All
VMs with interfaces using that port-profile immediatly see the effect of the
change to the port-profile.

I don't have a SR-IOV device to test so source dev is a non-SR-IOV device,
but most of the code paths include support for specifing the source dev and
VF index.  We'll need to complete this by discovering the PF given the VF
linkdev.  Once we have the PF, we'll also have the VF index.  All this info-
mation is available from sysfs.
2010-06-02 21:35:22 -04:00
Cole Robinson
8b5bc6c479 qemu: Add a qemu.conf option for clearing capabilities
Currently there is no way to opt out of libvirt dropping POSIX
capabilities for qemu. This at least is a useful debugging tool, but
is also wanted by users (and distributors):

https://bugzilla.redhat.com/show_bug.cgi?id=559154
https://bugzilla.redhat.com/show_bug.cgi?id=573850

v2: Clarify qemu.conf comment, warn about security implications

v3: Add .aug changes
2010-06-01 13:01:17 -04:00
Stefan Berger
ca1b7cc8e4 macvtap: cannot support target device name
Since the macvtap device needs active tear-down and the teardown logic
is based on the interface name, it can happen that if for example 1 out
of 3 interfaces was successfully created, that during the failure path
the macvtap's target device name is used to tear down an interface that
is doesn't own (owned by another VM).

So, in this patch, the target interface name is reset so that there is
no target interface name and the interface name is always cleared after
a tear down.
2010-05-28 13:00:58 -04:00
Daniel P. Berrange
bbe29be9a8 Fix integer overflow in hotplug methods
The hotplug methods still had the qemuCmdFlags variable declared
as an int, instead of unsigned long long. This caused flag checks
to be incorrect for flags > 31

* src/qemu/qemu_driver.c: Fix integer overflow in hotplug
2010-05-26 17:41:55 +01:00
Alex Williamson
c444af1ac2 Pass pre-opened PCI device sysfs config file to QEMU
This allows libvirt to open the PCI device sysfs config file prior
to dropping privileges so qemu can access the full config space.
Without this, a de-privileged qemu can only access the first 64
bytes of config space.

* src/qemu/qemu_conf.c, src/qemu/qemu_conf.h: Detect support
  for pci-assign.configfd option. Use this option when formatting
  PCI device string if possible
* src/qemu/qemu_driver.c: Pre-open PCI sysfs config file and pass
  to QEMU
2010-05-26 17:41:55 +01:00
Chris Lalancette
0117b7da68 Fix failing virGetHostname.
We've been running into a lot of situations where
virGetHostname() is returning "localhost", where a plain
gethostname() would have returned the correct thing.  This
is because virGetHostname() is *always* trying to canonicalize
the name returned from gethostname(), even when it doesn't
have to.

This patch changes virGetHostname so that if the value returned
from gethostname() is already FQDN or localhost, it returns
that string directly.  If the value returned from gethostname()
is a shortened hostname, then we try to canonicalize it.  If
that succeeds, we returned the canonicalized hostname.  If
that fails, and/or returns "localhost", then we just return
the original string we got from gethostname() and hope for
the best.

Note that after this patch it is up to clients to check whether
"localhost" is an allowed return value.  The only place
where it's currently not is in qemu migration.

Signed-off-by: Chris Lalancette <clalance@redhat.com>
2010-05-26 08:59:31 -04:00
Stefan Berger
a8f75d2c7d vepa: parsing for 802.1Qb{g|h} XML
This patch parses the following two XML descriptions, one for
802.1Qbg and one for 802.1Qbh, and stores the data internally.
The actual triggering of the switch setup protocol has not been
implemented here but the relevant code to do that should go into
the functions associatePortProfileId() and disassociatePortProfileId().

   <interface type='direct'>
      <source dev='eth0.100' mode='vepa'/>
      <model type='virtio'/>
      <virtualport type='802.1Qbg'>
        <parameters managerid='12' typeid='0x123456' typeidversion='1'
         instanceid='fa9b7fff-b0a0-4893-8e0e-beef4ff18f8f'/>
      </virtualport>
      <filterref filter='clean-traffic'/>
    </interface>

    <interface type='direct'>
      <source dev='eth0.100' mode='vepa'/>
      <model type='virtio'/>
      <virtualport type='802.1Qbh'>
        <parameters profileid='my_profile'/>
      </virtualport>
    </interface>

I'd suggest to use this patch as a base for triggering the setup
protocol with the 802.1Qb{g|h} switch.

Several rounds of changes were made to this patch. The
following is a list of these changes.
- Renamed structure virVirtualPortProfileDef to virVirtualPortProfileParams
  as per Daniel Berrange's request
- Addressing Daniel Berrange's comments:
 - removing macvtap.h's dependency on domain_conf.h by
   moving the virVirtualPortProfileDef structure into macvtap.h
   and not passing virtDomainNetDefPtr to any functions in
   macvtap.c
- Addressed most of Chris Wright's comments:
  - indicating error in case virtualport XML node cannot be parsed
    properly
  - parsing hex and decimal numbers using virStrToLong_ui() with
    parameter '0' for base
  - tgifname (target interface name) variable wasn't necessary
    to pass to openMacvtapTap function anymore
- assigning the virtual port data structure to the virDomainNetDef
  only if it was previously parsed
- make sure that the error code returned by openMacvtapTap() is a negative n
  in case the associatePortProfileId() function failed.
- renaming vsi in the XML to virtualport
- replace all occurrences of vsi in the source as well
- removing mode and MAC address parameters from the functions that
  will communicate with the hareware diretctly or indirectly
- moving the associate and disassociate functions to the end of the
  file for subsequent patches to easier make them generally available
  for export
- passing the macvtap interface name rather than the link device since
  this otherwise gives funny side effects when using netlink messages
  where IFLA_IFNAME and IFLA_ADDRESS are specified and the link dev
  all of a sudden gets the MAC address of the macvtap interface.
- Removing rc = -1 error indications in the case of 802.1Qbg|h setup in case
  we wanted to use hook scripts for the setup and so the setup doesn't fail
  here.
- if instance ID UUID is not supplied it will automatically be generated
  - adapted schema to make instance ID UUID optional
  - added test case
- parser and XML generator have been separated into their own
  functions so they can be re-used elsewhere (passthrough case
  for example)
- Adapted XML parser and generator support the above shown type
  (802.1Qbg, 802.1Qbh).
- Adapted schema to above XML
- Adapted test XML to above XML
- Passing through the VM's UUID which seems to be necessary for
  802.1Qbh -- sorry no host UUID
- adding virtual function ID to association function, in case it's
  necessary to use (for SR-IOV)
2010-05-25 17:37:00 -04:00
Daniel P. Berrange
60881161ea Expose a host UUID in the capabilities XML
Allow for a host UUID in the capabilities XML. Local drivers
will initialize this from the SMBIOS data. If a sanity check
shows SMBIOS uuid is invalid, allow an override from the
libvirtd.conf configuration file

* daemon/libvirtd.c, daemon/libvirtd.conf: Support a host_uuid
  configuration option
* docs/schemas/capability.rng: Add optional host uuid field
* src/conf/capabilities.c, src/conf/capabilities.h: Include
  host UUID in XML
* src/libvirt_private.syms: Export new uuid.h functions
* src/lxc/lxc_conf.c, src/qemu/qemu_driver.c,
  src/uml/uml_conf.c: Set host UUID in capabilities
* src/util/uuid.c, src/util/uuid.h: Support for host UUIDs
* src/node_device/node_device_udev.c: Use the host UUID functions
* tests/confdata/libvirtd.conf, tests/confdata/libvirtd.out: Add
  new host_uuid config option to test
2010-05-25 17:09:18 +01:00
Daniel P. Berrange
e596dbb32a Fix handling of disk backing stores with cgroups
The cgroups ACL code was only allowing the primary disk image.
It is possible to chain images together, so we need to search
for backing stores and add them to the ACL too. Since the ACL
only handles block devices, we ignore the EINVAL we get from
plain files. In addition it was missing code to teardown the
cgroup when hot-unplugging a disk

* src/qemu/qemu_driver.c: Allow backing stores in cgroup ACLs
  and add missing teardown code in unplug path
2010-05-25 10:57:54 -04:00
Chris Lalancette
93500040f9 Fix up basic migration.
Basic live migration was broken by the commit that added
non-shared block support in two ways:

1)  It added a virCheckFlags() to doNativeMigrate().  Besides
the fact that typical usage of virCheckFlags() is in driver
entry points, and doNativeMigrate() is not an entry point,
it was missing important flags like VIR_MIGRATE_LIVE.  Move
the virCheckFlags to the top-level qemuDomainMigratePrepare2
and friends.

2)  It also added a memory leak in qemuMonitorTextMigrate()
by not freeing the memory used by virBufferContentAndReset().
This is fixed by storing the pointer in a temporary variable
and freeing it at the end.

With this patch in place, normal live migration works again.

v3: Instead of the churn for virCheckFlagsUI and UL, instead
always promote flags to an unsigned long and always use %lx
for the fprintf.
v2: Add back flags check, which required adding virCheckFlagsUI
and virCheckFlagsUL

Signed-off-by: Chris Lalancette <clalance@redhat.com>
2010-05-25 10:48:10 -04:00
Cole Robinson
fb3ebd0397 qemu: Allow using regular audio backends with VNC
Currently all host audio backends are disabled if a VM is using VNC, in
favor of the QEMU VNC audio extension. Unfortunately no released VNC
client supports this extension, so users have no way of getting audio
to work if using VNC.

Add a new config option in qemu.conf which allows changing libvirt's
behavior, but keep the default intact.

v2: Fix doc typos, change name to vnc_allow_host_audio
2010-05-25 10:49:29 -04:00
Alex Williamson
7d47e813b4 qemu: Release bus address on PCI host device remove
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2010-05-24 16:22:20 -06:00
Alex Williamson
ddfd4dba95 qemu: avoid corrupting guest info struct on host device PCI hot add
The device path doesn't make use of guestAddr, so the memcpy corrupts
the guest info struct.

Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2010-05-24 16:22:09 -06:00
Daniel P. Berrange
ebb0c19c48 Query block allocation extent from QEMU monitor
The virDomainGetBlockInfo API allows query physical block
extent and allocated block extent. These are normally the
same value unless storing a special format like qcow2
inside a block device. In this scenario we can query QEMU
to get the actual allocated extent.

Since last time:

 - Return fatal error in text monitor
 - Only invoke monitor command for block devices
 - Fix error handling JSON code

* src/qemu/qemu_driver.c: Fill in block aloction extent when VM
  is running
* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
  src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_json.h,
  src/qemu/qemu_monitor_text.c, src/qemu/qemu_monitor_text.h: Add
  API to query the highest block extent via info blockstats
2010-05-24 15:55:51 -06:00
Chris Lalancette
fff6be0cc0 Don't overwrite virDomainAssignDef errors.
Signed-off-by: Chris Lalancette <clalance@redhat.com>
2010-05-24 16:00:57 -04:00
Jiri Denemark
bfa6b73e43 Remove dead code after refactoring qemudDomainStart
The event is already generated and sent by qemudDomainObjStart, no need
to do anything about here.
2010-05-24 08:08:29 +02:00
Jim Fehlig
ba196952f5 Fix race in finding available vnc port
The qemu driver contains a subtle race in the logic to find next
available vnc port.  Currently it iterates through all available ports
and returns the first for which bind(2) succeeds.  However it is possible
that a previously issued port has not yet been bound by qemu, resulting
in the same port used for a subsequent domain.

This patch addresses the race by using a simple bitmap to "reserve" the
ports allocated by libvirt.

V2:
  - Put port bitmap in struct qemud_driver
  - Initialize bitmap in qemudStartup

V3:
  - Check for failure of virBitmapGetBit
  - Additional check for port != -1 before calling virbitmapClearBit

V4:
  - Check for failure of virBitmap{Set,Clear}Bit
2010-05-21 11:29:03 -06:00
Jim Fehlig
c020f6203e Add defines for QEMU_VNC_PORT_{MIN,MAX} and use them 2010-05-21 11:29:03 -06:00
Jiri Denemark
e0037c2ee8 Autostart domains using virDomainObjStart 2010-05-21 09:30:16 +02:00
Jiri Denemark
5e3537f88a Refactor qemudDomainStart
We need a common internal function for starting managed domains to be
used during autostart. This patch factors out relevant code from
qemudDomainStart into qemudDomainObjStart and makes it use the
refactored code for domain restore instead of calling qemudDomainRestore
API directly.
2010-05-21 09:29:01 +02:00
Jiri Denemark
de5a60e1cc Refactor qemudDomainRestore
We need to be able to restore a domain which we already locked and
started a job for it without undoing these steps. This patch factors
out internals of qemudDomainRestore into separate functions which work
for locked objects.
2010-05-21 09:22:32 +02:00
Jim Meyering
d6f9cf4222 maint: don't mark VIR_DEBUG or VIR_DEBUG0 diagnostics for translation
Run this command:
  git grep -l VIR_DEBUG|xargs perl -pi -e \
    's/(VIR_DEBUG0?)\s*\(_\((".*?")\)/$1($2/'
2010-05-20 21:36:26 +02:00
Jim Meyering
5adbd9cb4c maint: change "" in err ? err->message : "" to _("unknown error"), ...
These changes avoid false-positive syntax-check failure,
and also make the resulting diagnostics more comprehensible.
2010-05-20 21:36:26 +02:00
Jim Meyering
2d3208029b maint: mark translatable string args of VIR_ERROR
Run this:
  git grep -l 'VIR_ERROR\s*("'|xargs perl -pi -e \
    's/(VIR_ERROR)\s*\((".*?"),/$1(_($2),/'
2010-05-20 21:36:25 +02:00
Jim Meyering
8d63d82e5c maint: mark translatable string args of VIR_ERROR0
Run this:
  git grep -l 'VIR_ERROR0\s*("'|xargs perl -pi -e \
    's/(VIR_ERROR0)\s*\((".*?")\)/$1(_($2))/'
2010-05-20 21:36:25 +02:00
Jim Meyering
5910472fa5 maint: use VIR_ERROR0 rather than VIR_ERROR with a bare "%s"
Change VIR_ERROR("%s", "..."
to     VIR_ERROR0("..."

and

Change VIR_ERROR("%s", _("...")
to     VIR_ERROR0(_("...")

Use this command:
  git grep -E -l 'VIR_ERROR\("%s", (_\()?"'|xargs perl -pi -e \
  's/VIR_ERROR\("%s", (_\()?"/VIR_ERROR0($1"/'
2010-05-20 21:36:25 +02:00
Chris Wright
c80651a5ae qemu driver: fix version check typos
* src/qemu/qemu_conf.c (qemudParseHelpStr): Fix errors that made
it impossible to diagnose invalid minor and micro version number
components.

Signed-off-by: Chris Wright <chrisw@redhat.com>
2010-05-20 21:35:36 +02:00
Cole Robinson
ac23d911df qemu: Use ShutdownVMDaemon for all startup cleanup paths
The current cleanup: in StartVMDaemon path is a poor duplication.
qemuShutdownVMDaemon can handle teardown for inactive VMs, so let's use it.

v2: Remove old abort: label, only use cleanup:
2010-05-20 15:11:22 -04:00
Jim Meyering
20beb0c0db qemu_conf.c: also recognize new first line of qemu -help output
* src/qemu/qemu_conf.c (QEMU_VERSION_STR_1, QEMU_VERSION_STR_2):
Define these instead of...
(QEMU_VERSION_STR): ... this.  Remove definition.
(qemudParseHelpStr): Check first for the new, shorter prefix,
"QEMU emulator version", and then for the old one,
"QEMU PC emulator version" when trying to parse the version number.
Based on a patch by Chris Wright.
2010-05-20 19:13:26 +02:00
Cole Robinson
348c6fc0ab qemu: Don't deny ShutdownVMDaemon for non-running VMs
Clients that require this already seem to do so. Calling this function
with pid < 1 also should not cause problems.
2010-05-20 11:45:20 -04:00
Cole Robinson
4da188ea3d qemu: Remove explicit VNC XML cleanup
This only exists for a certain cleanup path in StartVMDaemon, but is
unneeded since domain_conf.c handles this for us automatically.
2010-05-20 11:45:19 -04:00
Cole Robinson
b6992818c6 qemu: Properly cleanup in security startup error path
Everything after hostdev setup needs to jump to cleanup on error.
2010-05-20 11:45:19 -04:00
Alex Williamson
7e1249f259 Rename qemuBuildCommandLine tapfds -> vmfds.
There doesn't seem to be anything specific to tap devices for this
array of file descriptors which need to stay open of the guest to use.
Rename then for others to make use of.

Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Chris Lalancette <clalance@redhat.com>
2010-05-20 10:05:20 -04:00
Jim Meyering
6aacf84a3b qemudDomainMigrateFinish2: handle a case of virDomainSaveStatus failure
* src/qemu/qemu_driver.c (qemudDomainMigrateFinish2): Don't ignore
virDomainSaveStatus failure.
* src/conf/domain_conf.h (virDomainSaveStatus): Use
ATTRIBUTE_RETURN_CHECK, so this doesn't happen again.
2010-05-20 07:51:21 +02:00
Jim Meyering
dcf30d9c25 initialize "meta" in virStorageFileGetMetadata, not in each caller
Do not require each caller of virStorageFileGetMetadata and
virStorageFileGetMetadataFromFD to first clear the storage of the
"meta" buffer.  Instead, initialize that storage in
virStorageFileGetMetadataFromFD.
* src/util/storage_file.c (virStorageFileGetMetadataFromFD): Clear
"meta" here, not before each of the following callers.
* src/qemu/qemu_driver.c (qemuSetupDiskCgroup): Don't clear "meta" here.
(qemuTeardownDiskCgroup): Likewise.
* src/qemu/qemu_security_dac.c (qemuSecurityDACSetSecurityImageLabel):
Likewise.
* src/security/security_selinux.c (SELinuxSetSecurityImageLabel):
Likewise.
* src/security/virt-aa-helper.c (get_files): Likewise.
2010-05-19 17:07:08 +02:00
Jim Meyering
e638a2461d (qemu*DiskCgroup): avoid dead code
* src/qemu/qemu_driver.c (qemuTeardownDiskCgroup): Remove
bogus empty-body while-loop.
(qemuSetupDiskCgroup): Likewise.
2010-05-19 17:07:08 +02:00
Jim Meyering
c5a2fe243b maint: don't mark VIR_WARN or VIR_WARN0 diagnostics for translation
Approximately 60 messages were marked.  Since these diagnostics are
intended solely for developers and maintainers, encouraging translation
is deemed to be counterproductive:
http://thread.gmane.org/gmane.comp.emulators.libvirt/25050/focus=25052

Run this command:
  git grep -l VIR_WARN|xargs perl -pi -e \
    's/(VIR_WARN0?)\s*\(_\((".*?")\)/$1($2/'
2010-05-19 12:00:18 +02:00
Jim Meyering
49ed0a2e1b do not ignore qemuMonitorAddDrive failure; make uses identical
There were three very similar uses of qemuMonitorAddDrive.
This change makes the three 17-line sequences identical.
* src/qemu/qemu_driver.c (qemudDomainAttachPciDiskDevice): Detect
failure.  Add VIR_WARN and braces.
(qemudDomainAttachSCSIDisk): Add VIR_WARN and braces.
(qemudDomainAttachUsbMassstorageDevice): Likewise.
2010-05-18 19:23:33 +02:00
Jim Meyering
11eeabd71b qemudDomainRestore: handle a case of virDomainSaveStatus failure
* src/qemu/qemu_driver.c (qemudDomainRestore): Don't ignore
virDomainSaveStatus failure.
2010-05-18 19:23:33 +02:00
Jim Meyering
cff218f353 qemuMonitorTextMigrate: avoid leak on OOM-error path
* src/qemu/qemu_monitor_text.c (qemuMonitorTextMigrate): Also
free "safedest" buffer when failing.
2010-05-18 19:23:32 +02:00
Daniel P. Berrange
31e29fe524 Protect against NULL pointer flaws in monitor usage
History has shown that there are frequent bugs in the QEMU driver
code leading to the monitor being invoked with a NULL pointer.
Although the QEMU driver code should always report an error in
this case before invoking the monitor, as a safety net put in a
generic check in the monitor code entry points.

* src/qemu/qemu_monitor.c: Safety net to check for NULL monitor
  object
2010-05-18 06:03:06 -04:00
Daniel P. Berrange
c4b2a93907 Fix multiple potential NULL pointer references in monitor usage
Any method which intends to invoke a monitor command must have
a check for virDomainObjIsActive() before using the monitor to
ensure that priv->mon != NULL.

There is one subtle edge case in this though. If a method invokes
multiple monitor commands, and calls qemuDomainObjExitMonitor()
in between two of these commands then there is no guarentee that
priv->mon != NULL anymore. This is because the QEMU process may
exit or die at any time, and because qemuDomainObjEnterMonitor()
releases the lock on virDomainObj, it is possible for the background
thread to close the monitor handle and thus qemuDomainObjExitMonitor
will release the last reference allowing priv->mon to become NULL.

This affects several methods, most notably migration but also some
hotplug methods. This patch takes a variety of approaches to solve
the problem, depending on the particular usage scenario. Generally
though it suffices to add an extra virDomainObjIsActive() check
if qemuDomainObjExitMonitor() was called during the method.

* src/qemu/qemu_driver.c: Fix multiple potential NULL pointer flaws
  in usage of the monitor
2010-05-18 06:03:06 -04:00
Jim Meyering
20701b17e2 qemudDomainSetVcpus: avoid NULL-deref on failed uuid look-up
* src/qemu/qemu_driver.c (qemudDomainSetVcpus): Upon look-up failure,
i.e., vm==NULL, goto cleanup, rather than to "endjob", superficially
since the latter would dereference vm, but more fundamentally because
we certainly don't want to call qemuDomainObjEndJob before we've
even attempted qemuDomainObjBeginJob.
2010-05-18 07:53:42 +02:00
Eric Blake
f30ccb2458 qemu_conf: fix flag value
(gdb) p/x QEMUD_CMD_FLAG_VNET_HOST
$7 = 0xffffffff80000000

Oops - that meant we were incorrectly setting QEMU_CMD_FLAG_RTC_TD_HACK
for qemu-kvm-0.12.3 (and probably botching a few other settings as well).

Fixes Red Hat BZ#592070

* src/qemu/qemu_conf.h (QEMUD_CMD_FLAG_VNET_HOST): Avoid sign
extension.
* tests/qemuhelpdata/qemu-kvm-0.12.3: New file.
* tests/qemuhelptest.c (mymain): Add another case.
2010-05-17 16:28:02 -06:00
Cole Robinson
07c621d09c qemu: Clarify a couple error messages
A fedora translator filed:

https://bugzilla.redhat.com/show_bug.cgi?id=580816

Pointing out these two error messages as unclear: "write save" sounds
like a typo without context, and lack of a colon made the second message
difficult to parse.
2010-05-17 17:22:08 -04:00
Eric Blake
d533a98ed6 virFileResolveLink: fix return value
virFileResolveLink was returning a positive value on error,
thus confusing callers that assumed failure was < 0.  The
confusion is further evidenced by callers that would have
ended up calling virReportSystemError with a negative value
instead of a valid errno.

Fixes Red Hat BZ #591363.

* src/util/util.c (virFileResolveLink): Live up to documentation.
* src/qemu/qemu_security_dac.c
(qemuSecurityDACRestoreSecurityFileLabel): Adjust callers.
* src/security/security_selinux.c
(SELinuxRestoreSecurityFileLabel): Likewise.
* src/storage/storage_backend_disk.c
(virStorageBackendDiskDeleteVol): Likewise.
2010-05-17 14:48:27 -06:00
Cole Robinson
83be64034a qemu: Report cmdline output if VM dies early
qemuReadLogOutput early VM death detection is racy and won't always work.
Startup then errors when connecting to the VM monitor. This won't report
the emulator cmdline output which is typically the most useful diagnostic.

Check if the VM has died at the very end of the monitor connection step,
and if so, report the cmdline output.

See also: https://bugzilla.redhat.com/show_bug.cgi?id=581381
2010-05-17 10:15:53 -04:00
Cole Robinson
d536f6b177 qemu: Fix previous commit, use comparision in if() 2010-05-17 09:39:11 -04:00
Jim Meyering
560758c900 qemu_driver: avoid NULL dereference
* src/qemu/qemu_driver.c (qemudDomainStart): After setting vm to NULL,
goto cleanup, rather than dereferencing the NULL pointer.
2010-05-17 13:47:45 +02:00
Daniel P. Berrange
2d665c9e2d Remove debugging fprintf() calls
* src/qemu/qemu_driver.c: Remove debugging fprintf() calls
  accidentally left in code
2010-05-17 10:44:49 +01:00
Jim Meyering
b48fb801dd qemudDomainSetVcpus: avoid NULL-deref
* src/qemu/qemu_driver.c (qemudDomainSetVcpus): Avoid NULL-deref
upon unknown UUID.  Call qemuDomainObjBeginJob(vm) only after
ensuring that vm != NULL, not before.  This potential NULL-deref
was introduced by commit 2c555d87b0.
2010-05-15 09:02:54 +02:00