Commit Graph

794 Commits

Author SHA1 Message Date
Peter Krempa
37183e5db8 lib: Introduce flag VIR_DOMAIN_BLOCK_REBASE_RELATIVE
Introduce flag for the block rebase API to allow the rebase operation to
leave the chain relatively addressed. Also adds a virsh switch to enable
this behavior.
2014-07-08 11:51:06 +02:00
Peter Krempa
bda44ca2ca lib: Introduce flag VIR_DOMAIN_BLOCK_COMMIT_RELATIVE
Introduce flag for the block commit API to allow the commit operation to
leave the chain relatively addressed. Also adds a virsh switch to enable
this behavior.
2014-07-08 11:45:04 +02:00
Michal Privoznik
f409df4de1 Introduce virConnectGetDomainCapabilities
The API should expose the information contained in virDomainCapsPtr.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-07-03 12:22:37 +02:00
Peter Krempa
02bffd47bd net: merge virNetworkGetDHCPLeases and virNetworkGetDHCPLeasesForMAC
Instead of maintaining two very similar APIs, add the "@mac" parameter
to virNetworkGetDHCPLeases and kill virNetworkGetDHCPLeasesForMAC. Both
of those functions would return data the same way, so making @mac an
optional filter simplifies a lot of stuff.
2014-06-27 09:38:13 +02:00
Jiri Denemark
80d0918bd2 virConnectCompareCPU: Introduce FAIL_INCOMPATIBLE flag
The new VIR_CONNECT_COMPARE_CPU_FAIL_INCOMPATIBLE flag for
virConnectCompareCPU can be used to get an error
(VIR_ERR_CPU_INCOMPATIBLE) describing the incompatibility instead of the
usual VIR_CPU_COMPARE_INCOMPATIBLE return code.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2014-06-26 00:44:02 +02:00
Daniel P. Berrange
6512c8b456 Change 'interface' to 'iface' in virNetworkDHCPLease
Variables/fields named 'interface' clash with system
header symbols on some platforms.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-06-24 13:30:16 +01:00
Nehal J Wani
03e0e79e07 net-dhcp-leases: Implement the public APIs
Introduce 3 new APIs, virNetworkGetDHCPLeases, virNetworkGetDHCPLeasesForMAC
and virNetworkDHCPLeaseFree.

* virNetworkGetDHCPLeases: returns the dhcp leases information for a given
     virtual network.

  For DHCPv4, the information returned:
  - Network Interface Name
  - Expiry Time
  - MAC address
  - IAID (NULL)
  - IPv4 address (with type and prefix)
  - Hostname (can be NULL)
  - Client ID (can be NULL)

  For DHCPv6, the information returned:
  - Network Interface Name
  - Expiry Time
  - MAC address
  - IAID (can be NULL, only in rare cases)
  - IPv6 address (with type and prefix)
  - Hostname (can be NULL)
  - Client DUID

  Note: @mac, @iaid, @ipaddr, @clientid are in ASCII form, not raw bytes.
  Note: @expirytime can 0, in case the lease is for infinite time.

* virNetworkGetDHCPLeasesForMAC: returns the dhcp leases information for a
     given virtual network and specified MAC Address.

* virNetworkDHCPLeaseFree: allows the upper layer application to free the
     network interface object conveniently.

There is no support for flags, so user is expected to pass 0 for
both the APIs.

include/libvirt/libvirt.h.in:
  * Define virNetworkGetDHCPLeases
  * Define virNetworkGetDHCPLeasesForMAC
  * Define virNetworkDHCPLeaseFree

src/driver.h:
  * Define networkGetDHCPLeases
  * Define networkGetDHCPLeasesForMAC

src/libvirt.c:
  * Implement virNetworkGetDHCPLeases
  * Implement virNetworkGetDHCPLeasesForMAC
  * Implement virNetworkDHCPLeaseFree

src/libvirt_public.syms:
  * Export the new symbols
2014-06-24 12:26:31 +01:00
Michal Privoznik
34f2d0319d Introduce virNodeGetFreePages
The aim of the API is to get information on number of free pages
on the system. The API behaves similar to the
virNodeGetCellsFreeMemory(). User passes starting NUMA cell, the
count of nodes that he's interested in, pages sizes (yes,
multiple sizes can be queried at once) and the counts are
returned in an array.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-06-19 15:10:49 +02:00
Eric Blake
b298025063 blockcommit: document semantics of committing active layer
Now that qemu 2.0 allows commit of the active layer, people are
attempting to use virsh blockcommit and getting into a stuck
state, because libvirt is unprepared to handle the two-phase
commit required by qemu.

Stepping back a bit, there are two valid semantics for a
commit operation:

1. Maintain a 'golden' base, and a transient overlay. Make
changes in the overlay, and if everything appears to work,
commit those changes into the base, but still keep the overlay
for the next round of changes; repeat the cycle as desired.

2. Create an external snapshot, then back up the stable state
in the backing file. Once the backup is complete, commit the
overlay back into the base, and delete the temporary snapshot.

Since qemu doesn't know up front which of the two styles is
preferred, a block commit of the active layer merely gets
the job into a synchronized state, and sends an event; then
the user must either cancel (case 1) or complete (case 2),
where qemu then sends a second event that actually ends the
job.  However, until commit e6bcbcd, libvirt was blindly
assuming the semantics that apply to a commit of an
intermediate image, where there is only one sane conclusion
(the job automatically ends with fewer elements in the chain);
and getting stuck because it wasn't prepared for qemu to enter
a second phase of the job.

This patch adds a flag to the libvirt API that a user MUST
supply in order to acknowledge that they will be using two-phase
semantics.  It might be possible to have a mode where if the
flag is omitted, we automatically do the case 2 semantics on
the user's behalf; but before that happens, I must do additional
patches to track the fact that we are doing an active commit
in the domain XML.  Later patches will add support of the flag,
and once 2-phase semantics are working, we can then decide
whether to relax things to allow an omitted flag to cause an
automatic pivot.

* include/libvirt/libvirt.h.in (VIR_DOMAIN_BLOCK_COMMIT_ACTIVE)
(VIR_DOMAIN_BLOCK_JOB_TYPE_ACTIVE_COMMIT): New enums.
* src/libvirt.c (virDomainBlockCommit): Document two-phase job
when committing active layer, through new flag.
(virDomainBlockJobAbort): Document that pivot also occurs after
active commit.
* tools/virsh-domain.c (vshDomainBlockJob): Cover new job.
* src/qemu/qemu_driver.c (qemuDomainBlockCommit): Explicitly
reject active copy; later patches will add it in.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-06-10 11:11:16 -06:00
Dan Kenigsberg
110be4112f doc: fix documentation of virDomainSet(Get)Metadata
The documentation of the functions should match the argument name in the actual
function signature.

Signed-off-by: Dan Kenigsberg <danken@redhat.com>
2014-05-28 13:23:11 +02:00
Jiri Denemark
7bdc7702f3 Fix error message when TUNNELLED flag is used in non-p2p migration
The current error message is

    error: use virDomainMigrateToURI3 for peer-to-peer migration

which is correct but a bit misleading because the client did not specify
VIR_MIGRATE_PEER2PEER flag. This patch changes the error message to

    error: cannot perform tunnelled migration without using peer2peer
    flag

which is consistent with the error reported by older migration APIs.

Reported by Rich Jones in
https://bugzilla.redhat.com/show_bug.cgi?id=1095924
2014-05-23 09:05:39 +02:00
Eric Blake
3931ba2d44 maint: fix typos related to disk name resolution
In a number of APIs, the text implied that a user might have
<target dev='xvda'/> - but common convention is to use "vda",
not "xvda".  For example, virDomainGetDiskErrors was correct,
while virDomainBlockStats was confusing.

* src/libvirt.c: Make examples consistent.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-05-16 11:25:37 -06:00
Michal Privoznik
0abb369380 Introduce virDomain{Get,Set}Time APIs
These APIs allow users to get or set time in a domain, which may come
handy if the domain has been resumed just recently and NTP is not
configured or hasn't kicked in yet and the guest is running
something time critical. In addition, NTP may refuse to re-set the clock
if the skew is too big.

In addition, new ACL attribute is introduced 'set_time'.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-05-15 16:15:54 +02:00
Tomoki Sekiyama
208f002c9d Introduce virDomainFSFreeze() and virDomainFSThaw() public API
These will freeze and thaw filesystems within guest specified by
@mountpoints parameters. The parameters can be NULL and 0, then all
mounted filesystems are frozen or thawed. @flags parameter, which are
currently not used, is for future extensions.

Signed-off-by: Tomoki Sekiyama <tomoki.sekiyama@hds.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2014-05-06 17:41:58 -06:00
Michal Privoznik
7a6ae35dbe Device{Attach,Detach}: Document S4 limitations
https://bugzilla.redhat.com/show_bug.cgi?id=808463

Well, libvirt doesn't distinguish between domain poweroff and
hibernation (S4). It's hard to differentiate these two on a real
machine anyway. As a result, any device that is hot(un-)plugged is
lost (appears again) when domain is started again as from our POV
it is a fresh cold boot. Instead of doing anything wise here, we
should just document this as known limitation.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-04-30 18:25:11 +02:00
Jiri Denemark
f22b7899a8 Add support for addressing backing stores by index
Each backing store of a given disk is associated with a unique index
(which is also formatted in domain XML) for easier addressing of any
particular backing store. With this patch, any backing store can be
addressed by its disk target and the index. For example, "vdc[4]"
addresses the backing store with index equal to 4 of the disk identified
by "vdc" target. Such shorthand can be used in any API in place for a
backing file path:

    virsh blockcommit domain vda --base vda[3] --top vda[2]

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2014-04-25 11:11:03 +02:00
Ján Tomko
22a92eb0a7 Document behavior of setvcpus during guest boot
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1088748

The hotplugged vcpus could fail to show up in the guest if
they were added during boot, see:
https://bugzilla.redhat.com/show_bug.cgi?id=807508

Also change arbitrary to arbitrarily.
2014-04-23 14:24:21 +02:00
Ján Tomko
d46f4a3c1f Indent top-level labels by one space in libvirt.c 2014-03-25 14:58:39 +01:00
Qiao Nuohan
9fbaff008c add new virDomainCoreDumpWithFormat API
--memory-only option is introduced without compression supported. Now qemu
has support for dumping domain's memory in kdump-compressed format. This
patch adds a new virDomainCoreDumpWithFormat API, so that the format in
which qemu dumps domain's memory can be specified.

Signed-off-by: Qiao Nuohan <qiaonuohan@cn.fujitsu.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2014-03-24 14:14:11 -06:00
Chegu Vinod
05e1b06ab7 libvirt support to force convergence of live guest migration
Busy enterprise workloads hosted on large sized VM's tend to dirty
memory faster than the transfer rate achieved via live guest migration.
Despite some good recent improvements (& using dedicated 10Gig NICs
between hosts) the live migration may NOT converge.

Recently support was added in qemu (version 1.6) to allow a user to
choose if they wish to force convergence of their migration via a
new migration capability : "auto-converge". This feature allows for qemu
to auto-detect lack of convergence and trigger a throttle-down of the
VCPUs.

This patch includes the libvirt support needed to trigger this
feature. (Testing is in progress)

Signed-off-by:  Chegu Vinod <chegu_vinod@hp.com>
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2014-03-21 14:17:15 +01:00
Daniel P. Berrange
2835c1e730 Add virLogSource variables to all source files
Any source file which calls the logging APIs now needs
to have a VIR_LOG_INIT("source.name") declaration at
the start of the file. This provides a static variable
of the virLogSource type.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-03-18 14:29:22 +00:00
Martin Kletzander
cc9c62fef9 Require spaces around equality comparisons
Commit a1cbe4b5 added a check for spaces around assignments and this
patch extends it to checks for spaces around '=='.  One exception is
virAssertCmpInt where comma after '==' is acceptable (since it is a
macro and '==' is its argument).

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2014-03-18 11:29:44 +01:00
Eric Blake
b9dd878ff8 util: make it easier to grab only regular command exit
Auditing all callers of virCommandRun and virCommandWait that
passed a non-NULL pointer for exit status turned up some
interesting observations.  Many callers were merely passing
a pointer to avoid the overall command dying, but without
caring what the exit status was - but these callers would
be better off treating a child death by signal as an abnormal
exit.  Other callers were actually acting on the status, but
not all of them remembered to filter by WIFEXITED and convert
with WEXITSTATUS; depending on the platform, this can result
in a status being reported as 256 times too big.  And among
those that correctly parse the output, it gets rather verbose.
Finally, there were the callers that explicitly checked that
the status was 0, and gave their own message, but with fewer
details than what virCommand gives for free.

So the best idea is to move the complexity out of callers and
into virCommand - by default, we return the actual exit status
already cleaned through WEXITSTATUS and treat signals as a
failed command; but the few callers that care can ask for raw
status and act on it themselves.

* src/util/vircommand.h (virCommandRawStatus): New prototype.
* src/libvirt_private.syms (util/command.h): Export it.
* docs/internals/command.html.in: Document it.
* src/util/vircommand.c (virCommandRawStatus): New function.
(virCommandWait): Adjust semantics.
* tests/commandtest.c (test1): Test it.
* daemon/remote.c (remoteDispatchAuthPolkit): Adjust callers.
* src/access/viraccessdriverpolkit.c (virAccessDriverPolkitCheck):
Likewise.
* src/fdstream.c (virFDStreamCloseInt): Likewise.
* src/lxc/lxc_process.c (virLXCProcessStart): Likewise.
* src/qemu/qemu_command.c (qemuCreateInBridgePortWithHelper):
Likewise.
* src/xen/xen_driver.c (xenUnifiedXendProbe): Simplify.
* tests/reconnect.c (mymain): Likewise.
* tests/statstest.c (mymain): Likewise.
* src/bhyve/bhyve_process.c (virBhyveProcessStart)
(virBhyveProcessStop): Don't overwrite virCommand error.
* src/libvirt.c (virConnectAuthGainPolkit): Likewise.
* src/openvz/openvz_driver.c (openvzDomainGetBarrierLimit)
(openvzDomainSetBarrierLimit): Likewise.
* src/util/virebtables.c (virEbTablesOnceInit): Likewise.
* src/util/viriptables.c (virIpTablesOnceInit): Likewise.
* src/util/virnetdevveth.c (virNetDevVethCreate): Fix debug
message.
* src/qemu/qemu_capabilities.c (virQEMUCapsInitQMP): Add comment.
* src/storage/storage_backend_iscsi.c
(virStorageBackendISCSINodeUpdate): Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-03-03 12:40:32 -07:00
Thorsten Behrens
0bd2ccdecc Widening API change - accept empty path for virDomainBlockStats
And provide domain summary stat in that case, for lxc backend.
Use case is a container inheriting all devices from the host,
e.g. when doing application containerization.
2014-02-20 16:20:09 +01:00
Roman Bogorodskiy
0eb4a5f4f1 bhyve: add a basic driver
At this point it has a limited functionality and is highly
experimental. Supported domain operations are:

  * define
  * start
  * destroy
  * dumpxml
  * dominfo

It's only possible to have only one disk device and only one
network, which should be of type bridge.
2014-02-19 14:21:50 +00:00
Philipp Hahn
760498fdc7 Fix stream related spelling mistakes
Remove double "is".
Consistent spelling of all-uppercase I/O.

Signed-off-by: Philipp Hahn <hahn@univention.de>
2014-02-13 11:12:02 +01:00
John Ferlan
46a0737e13 Block info query: Add check for transient domain
Currently the qemuDomainGetBlockInfo will return allocation == physical
for most backing stores. For a qcow2 block backed device it's possible
to return the highest lv extent allocated from qemu for an active guest.
That is a value where allocation != physical and one would hope be less.
However, if the guest is not running, then the code falls back to returning
allocation == physical. This turns out to be problematic for rhev which
monitors the size of the backing store. During a migration, before the
VM has been started on the target and while it is deemed inactive on the
source, there's a small window of time where the allocation is returned
as physical triggering the code to extend the file unnecessarily.

Since rhev uses transient domains and this is edge condition for a transient
domain, rather than returning good status and allocation == physical when
this "window of opportunity" exists, this patch will check for a transient
(or non persistent) domain and return a failure to the caller rather than
returning the defaults. For a persistent domain, the defaults will be
returned. The description for the virDomainGetBlockInfo has been updated
to describe the phenomena.
2014-01-24 11:37:18 -05:00
Eric Blake
7f2d27d1e3 api: require write permission for guest agent interaction
I noticed that we allow virDomainGetVcpusFlags even for read-only
connections, but that with a flag, it can require guest agent
interaction.  It is feasible that a malicious guest could
intentionally abuse the replies it sends over the guest agent
connection to possibly trigger a bug in libvirt's JSON parser,
or withhold an answer so as to prevent the use of the agent
in a later command such as a shutdown request.  Although we
don't know of any such exploits now (and therefore don't mind
posting this patch publicly without trying to get a CVE assigned),
it is better to err on the side of caution and explicitly require
full access to any domain where the API requires guest interaction
to operate correctly.

I audited all commands that are marked as conditionally using a
guest agent.  Note that at least virDomainFSTrim is documented
as needing a guest agent, but that such use is unconditional
depending on the hypervisor (so the existing domain:fs_trim ACL
should be sufficient there, rather than also requirng domain:write).
But when designing future APIs, such as the plans for obtaining
a domain's IP addresses, we should copy the approach of this patch
in making interaction with the guest be specified via a flag, and
use that flag to also require stricter access checks.

* src/libvirt.c (virDomainGetVcpusFlags): Forbid guest interaction
on read-only connection.
(virDomainShutdownFlags, virDomainReboot): Improve docs on agent
interaction.
* src/remote/remote_protocol.x
(REMOTE_PROC_DOMAIN_SNAPSHOT_CREATE_XML)
(REMOTE_PROC_DOMAIN_SET_VCPUS_FLAGS)
(REMOTE_PROC_DOMAIN_GET_VCPUS_FLAGS, REMOTE_PROC_DOMAIN_REBOOT)
(REMOTE_PROC_DOMAIN_SHUTDOWN_FLAGS): Require domain:write for any
conditional use of a guest agent.
* src/xen/xen_driver.c: Fix clients.
* src/libxl/libxl_driver.c: Likewise.
* src/uml/uml_driver.c: Likewise.
* src/qemu/qemu_driver.c: Likewise.
* src/lxc/lxc_driver.c: Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-22 16:52:41 -07:00
Thorsten Behrens
721949059b maint: align whitespaces with project conventions. 2014-01-20 14:35:08 +01:00
Eric Blake
42358e3a0a maint: replace remaining virLib*Error with better names
Finish the cleanup of libvirt.c; all uses of virLib*Error have
now been converted to more canonical conventions.

* src/libvirt.c: Use virReportError in remaining errors.
(virLibConnError, virLibDomainError): Delete unused macros.
* cfg.mk (msg_gen_function): Drop unused names.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-16 12:30:59 -07:00
Eric Blake
323c2cc46c maint: simplify driver registration at startup
We had a lot of repetition of errors that would occur if we
ever register too many drivers; this is unlikely to occur
unless we start adding a lot of new hypervisor modules, but
if it does occur, it's better to have uniform handling of the
situation, so that a one-line change is all that would be
needed if we decide that an internal error is not the best.

* src/libvirt.c (virDriverCheckTabMaxReturn): New define.
(virRegister*Driver): Use it for less code duplication.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-16 12:29:25 -07:00
Eric Blake
27553573f2 maint: clean up error reporting in migration
The choice of error message and category was not consistent
in the migration code; furthermore, the use of virLibConnError
is no longer necessary now that we have a generic virReportError.

* src/qemu/qemu_migration.c (virDomainMigrate*): Prefer
virReportError over virLibConnError.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-16 12:28:17 -07:00
Eric Blake
c8ed177af4 maint: don't lose error on canceled migration
While auditing the error reporting, I noticed that migration
had some issues.  Some of the static helper functions tried
to call virDispatchError(), even though their caller will also
report the error.  Also, if a migration is cancelled early
because a uri was not set, we did not guarantee that the finish
stage would not overwrite the first error message.

* src/qemu/qemu_migration.c (doPeer2PeerMigrate2)
(doPeer2PeerMigrate3): Preserve first error when cancelling.
* src/libvirt.c (virDomainMigrateVersion3Full): Likewise.
(virDomainMigrateVersion1, virDomainMigrateVersion2)
(virDomainMigrateDirect): Avoid redundant error dispatch.
(virDomainMigrateFinish2, virDomainMigrateFinish3)
(virDomainMigrateFinish3Params): Don't report error on cleanup
path.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-16 12:26:54 -07:00
Eric Blake
c05aebfd65 maint: don't leave garbage on early API exit
Several APIs clear out a user input buffer before attempting to
populate it; but in a few cases we missed this memset if we
detect a reason for an early exit.  Note that these APIs
check for non-NULL arguments, and exit early with an error
message when NULL is passed in; which means that we must be
careful to avoid a NULL deref in order to get to that error
message.  Also, we were inconsistent on the use of
sizeof(virType) vs. sizeof(expression); the latter is more
robust if we ever change the type of the expression (although
such action is unlikely since these types are part of our
public API).

* src/libvirt.c (virDomainGetInfo, virDomainGetBlockInfo)
(virStoragePoolGetInfo, virStorageVolGetInfo)
(virDomainGetJobInfo, virDomainGetBlockJobInfo): Move memset
before any returns.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-16 10:45:15 -07:00
Claudio Bley
c4dadf2393 Clarify documentation on possible return values in case of errors 2014-01-10 09:30:57 +01:00
Eric Blake
3d007cb5f8 virt-login-shell: fix regressions in behavior
Our fixes for CVE-2013-4400 were so effective at "fixing" bugs
in virt-login-shell that we ended up fixing it into a useless
do-nothing program.

Commit 3e2f27e1 picked the name LIBVIRT_SETUID_RPC_CLIENT for
the witness macro when we are doing secure compilation.  But
commit 9cd6a57d checked whether the name IN_VIRT_LOGIN_SHELL,
from an earlier version of the patch series, was defined; with
the net result that virt-login-shell invariably detected that
it was setuid and failed virInitialize.

Commit b7fcc799 closed all fds larger than stderr, but in the
wrong place.  Looking at the larger context, we mistakenly did
the close in between obtaining the set of namespace fds, then
actually using those fds to switch namespace, which means that
virt-login-shell will ALWAYS fail.

This is the minimal patch to fix the regressions, although
further patches are also worth having to clean up poor
semantics of the resulting program (for example, it is rude to
not pass on the exit status of the wrapped program back to the
invoking shell).

* tools/virt-login-shell.c (main): Don't close fds until after
namespace swap.
* src/libvirt.c (virGlobalInit): Use correct macro.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-09 15:05:04 -07:00
Eric Blake
dd0e04d9d0 maint: improve VIR_ERR_INVALID_DOMAIN_SNAPSHOT usage
The existing check of domain snapshots validated that they
point to a domain, but did not validate that the domain
points to a connection, even though any errors blindly assume
the connection is valid.  On the other hand, as mentioned in
commit 6e130ddc, any valid domain is already tied to a valid
connection, and VIR_IS_SNAPSHOT vs. VIR_IS_DOMAIN_SNAPSHOT
makes no real difference; it's best to just validate the chain
of all three.  For consistency with previous patches, continue
the trend of using a common macro.  For now, we don't need
virCheckDomainSnapshotGoto().

* src/datatypes.h (virCheckDomainSnapshotReturn): New macro.
(VIR_IS_SNAPSHOT, VIR_IS_DOMAIN_SNAPSHOT):
Drop unused macros.
* src/libvirt.c: Use macro throughout.
(virLibDomainSnapshotError): Drop unused macro.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-09 14:47:02 -07:00
Eric Blake
7d0a0ab7dd maint: improve VIR_ERR_INVALID_NWFILTER usage
While all errors related to invalid nwfilters appeared to be
consistent, we might as well continue the trend of using a
common macro.  As in commit 6e130ddc, the difference between
VIR_IS_NWFILTER and VIR_IS_CONNECTED_NWFILTER is moot, since
reference counting means any valid nwfilter is also tied to
a valid connection.  For now, we don't need virCheckNWFilterGoto().

* src/datatypes.h (virCheckNWFilterReturn): New macro.
(VIR_IS_NWFILTER, VIR_IS_CONNECTED_NWFILTER): Drop unused macros.
* src/libvirt.c: Use macro throughout.
(virLibNWFilterError): Drop unused macro.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-09 14:35:08 -07:00
Eric Blake
101f176ae4 maint: improve VIR_ERR_INVALID_STREAM usage
For streams validation, we weren't consistent on whether to
use VIR_FROM_NONE or VIR_FROM_STREAMS.  Furthermore, in many
API, we want to ensure that a stream is tied to the same
connection as the other object we are operating on; while
other API failed to validate the stream at all.  And the
difference between VIR_IS_STREAM and VIR_IS_CONNECTED_STREAM
is moot; as in commit 6e130ddc, we know that reference
counting means a valid stream will always be tied to a valid
connection.  Similar to previous patches, use a common macro
to make it nicer.

* src/datatypes.h (virCheckStreamReturn, virCheckStreamGoto):
New macros.
(VIR_IS_STREAM, VIR_IS_CONNECTED_STREAM): Drop unused macros.
* src/libvirt.c: Use macro throughout.
(virLibStreamError): Drop unused macro.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-09 14:13:01 -07:00
Eric Blake
916273eb94 maint: improve VIR_ERR_INVALID_SECRET usage
While all errors related to invalid secrets appeared to be
consistent, we might as well continue the trend of using a
common macro.  Just as in commit 6e130ddc, the difference
between VIR_IS_SECRET and VIR_IS_CONNECTED_SECRET is moot
(due to reference counting, any valid secret must be tied to
a valid domain).  For now, we don't need virCheckSecretGoto().

* src/datatypes.h (virCheckSecretReturn): New macro.
(VIR_IS_SECRET, VIR_IS_CONNECTED_SECRET): Drop unused macros.
* src/libvirt.c: Use macro throughout.
(virLibSecretError): Drop unused macro.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-09 13:55:20 -07:00
Eric Blake
9ec935d565 maint: improve VIR_ERR_INVALID_NODE_DEVICE usage
While all errors related to invalid node device appeared to be
consistent, we might as well continue the trend of using a
common macro.  For now, we don't need virCheckNodeDeviceGoto().

* src/datatypes.h (virCheckNodeDeviceReturn): New macro.
(VIR_IS_NODE_DEVICE, VIR_IS_CONNECTED_NODE_DEVICE): Drop
unused macros.
* src/libvirt.c: Use macro throughout.
(virLibNodeDeviceError): Drop unused macro.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-09 11:29:45 -07:00
Eric Blake
097c9b52f4 maint: improve VIR_ERR_INVALID_STORAGE_VOL usage
For storage volume validation, we weren't consistent on
whether to use VIR_FROM_NONE or VIR_FROM_STORAGE.  Similar
to previous patches, use a common macro to make it nicer.
Furthermore, just as in commit 6e130ddc, the difference
between VIR_IS_STORAGE_VOL and VIR_IS_CONNECTED_STORAGE_VOL
is moot (due to reference counting, any valid volume must
be tied to a valid connection).

virStorageVolCreateXMLFrom allows cross-connection cloning,
where the error is reported against the connection of the
destination pool.

* src/datatypes.h (virCheckStorageVolReturn)
(virCheckStorageVolGoto): New macros.
(VIR_IS_STORAGE_VOL, VIR_IS_CONNECTED_STORAGE_VOL): Drop
unused macros.
* src/libvirt.c: Use macro throughout.
(virLibStorageVolError): Drop unused macro.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-09 06:53:26 -07:00
Eric Blake
8add79a991 maint: improve VIR_ERR_INVALID_STORAGE_POOL usage
virStoragePoolBuild reported an invalid pool as if it were an
invalid network.  Likewise, we weren't consistent on whether to
use VIR_FROM_NONE or VIR_FROM_STORAGE.  Similar to previous
patches, use a common macro to make it nicer.  Furthermore, just
as in commit 6e130ddc, the difference between VIR_IS_STORAGE_POOL
and VIR_IS_CONNECTED_STORAGE_POOL is moot (due to reference
counting, any valid pool must be tied to a valid connection).
For now, we don't need virCheckStoragePoolGoto().

* src/datatypes.h (virCheckStoragePoolReturn): New macro.
(VIR_IS_STORAGE_POOL, VIR_IS_CONNECTED_STORAGE_POOL): Drop
unused macros.
* src/libvirt.c: Use macro throughout.
(virLibStoragePoolError): Drop unused macro.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-08 15:33:57 -07:00
Eric Blake
459532b4f7 maint: improve VIR_ERR_INVALID_INTERFACE usage
When checking for a valid interface, we weren't consistent on
whether we reported as VIR_FROM_NONE or VIR_FROM_INTERFACE.
Similar to previous patches, use a common macro to make it nicer.
Furthermore, just as in commit 6e130ddc, the difference between
VIR_IS_INTERFACE and VIR_IS_CONNECTED_INTERFACE is moot (due to
reference counting, any valid interface must be tied to a valid
connection).  For now, we don't need virCheckInterfaceGoto().

* src/datatypes.h (virCheckInterfaceReturn): New macro.
(VIR_IS_INTERFACE, VIR_IS_CONNECTED_INTERFACE): Drop unused
macros.
* src/libvirt.c: Use macro throughout.
(virLibInterfaceError): Drop unused macro.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-08 12:40:06 -07:00
Eric Blake
e176159374 maint: improve VIR_ERR_INVALID_NETWORK usage
When checking for a valid network, we weren't consistent on
whether we reported an invalid network or a connection.  Similar
to previous patches such as commit 6e130ddc, the difference
between VIR_IS_NETWORK and VIR_IS_CONNECTED_NETWORK is moot (due
to reference counting, any valid network must be tied to a valid
connection).  Use a common macro to make the error reporting
for invalid networks nicer.

* src/datatypes.h (virCheckNetworkReturn, virCheckNetworkGoto): New
macros.
(VIR_IS_NETWORK, VIR_IS_CONNECTED_NETWORK): Drop unused macros.
* src/libvirt.c: Use macro throughout.
(virLibNetworkError): Drop unused macro.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-08 09:38:27 -07:00
Michal Privoznik
8ab6f1ad5f virConnect(Un)registerCloseCallback: Unlock @conn prior to error dispatch
The function checks for @conn to be valid and locks its mutex. Then, it
checks if callee is unregistering the same callback that he registered
previously. If this fails an error is reported and  the control jumps to
'error' label. Here, if @conn has some errors (and it certainly does -
the one that's been just reported) the conn->mutex is locked again -
without any previous unlock:

  Thread 1 (Thread 0x7fb500ef1800 (LWP 18982)):
  #0  __lll_lock_wait () at ../nptl/sysdeps/unix/sysv/linux/x86_64/lowlevellock.S:135
  #1  0x00007fb4fd99ce56 in _L_lock_918 () from /lib64/libpthread.so.0
  #2  0x00007fb4fd99ccaa in __GI___pthread_mutex_lock (mutex=0x7fb50153b670) at pthread_mutex_lock.c:64
  #3  0x00007fb5007e574d in virMutexLock (m=m@entry=0x7fb50153b670) at util/virthreadpthread.c:85
  #4  0x00007fb5007b198e in virDispatchError (conn=conn@entry=0x7fb50153b5e0) at util/virerror.c:594
  #5  0x00007fb5008a3735 in virConnectUnregisterCloseCallback (conn=0x7fb50153b5e0, cb=cb@entry=0x7fb500f588e0 <vshCatchDisconnect>) at libvirt.c:21025
  #6  0x00007fb500f5d690 in vshReconnect (ctl=ctl@entry=0x7fffff60e710) at virsh.c:328
  #7  0x00007fb500f5dc50 in vshCommandRun (ctl=ctl@entry=0x7fffff60e710, cmd=0x7fb50152ca80) at virsh.c:1755
  #8  0x00007fb500f5861b in main (argc=<optimized out>, argv=<optimized out>) at virsh.c:3393

And since the conn's mutex is not recursive, the virDispatchError will
never ever lock it successfully.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-01-08 09:12:57 +01:00
Eric Blake
6e130ddc4d maint: improve VIR_ERR_INVALID_DOMAIN usage
In datatype.c, virGetDomainSnapshot could result in the message:

error: invalid domain pointer in bad domain

Furthermore, while there are a few functions in libvirt.c that
only care about a virDomainPtr without regards to the connection
(such as virDomainGetName), most functions also require a valid
connection.  Yet several functions were blindly dereferencing
the conn member without checking it for validity first (such as
virDomainOpenConsole).  Rather than try and correct all usage
of VIR_IS_DOMAIN vs. VIR_IS_CONNECTED_DOMAIN, it is easier to
just blindly require that a valid domain object always has a
valid connection object (which should be true anyways, since
every domain object holds a reference to its connection, so the
connection will not be closed until all domain objects have
also been closed to release their reference).

After this patch, all places that validate a domain consistently
report:

error: invalid domain pointer in someFunc

* src/datatypes.h (virCheckDomainReturn, virCheckDomainGoto): New
macros.
* src/datatypes.c (virGetDomainSnapshot): Use new macro.
(virLibConnError): Delete unused macro.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-07 14:38:12 -07:00
Eric Blake
31b5bad9ff event: make deregister return value match docs
Ever since their introduction (commit 1509b80 in v0.5.0 for
virConnectDomainEventRegister, commit 4445723 in v0.8.0 for
virConnectDomainEventDeregisterAny), the event deregistration
functions have been documented as returning 0 on success;
likewise for older registration (only the newer RegisterAny
must return a non-zero callbackID).  And now that we are
adding virConnectNetworkEventDeregisterAny for v1.2.1, it
should have the same semantics.

Fortunately, all of the stateful drivers have been obeying
the docs and returning 0, thanks to the way the remote_driver
tracks things (in fact, the RPC wire protocol is unable to
send a return value for DomainEventRegisterAny, at least not
without adding a new RPC number).  Well, except for vbox,
which was always failing deregistration, due to failure to
set the return value to anything besides its initial -1.

But for local drivers, such as test:///default, we've been
returning non-zero numbers; worse, the non-zero numbers have
differed over time.  For example, in Fedora 12 (libvirt 0.8.2),
calling Register twice would return 0 and 1 [the callbackID
generated under the hood]; while in Fedora 20 (libvirt 1.1.3),
it returns 1 and 2 [the number of callbacks registered for
that event type].  Since we have changed the behavior over
time, and since it differs by local vs. remote, we can safely
argue that no one could have been reasonably relying on any
particular behavior, so we might as well obey the docs, as well
as prepare callers that might deal with older clients to not be
surprised if the docs are not strictly followed.

For consistency, this patch fixes the code for all drivers,
even though it only makes an impact for vbox and for local
drivers.  By fixing all drivers, future copy and paste from
a remote driver to a local driver is less likely to
reintroduce the bug.

Finally, update the testsuite to gain some coverage of the
issue for local drivers, including the first test of old-style
domain event registration via function pointer instead of
event id.

* src/libvirt.c (virConnectDomainEventRegister)
(virConnectDomainEventDeregister)
(virConnectDomainEventDeregisterAny): Clarify docs.
* src/libxl/libxl_driver.c (libxlConnectDomainEventRegister)
(libxlConnectDomainEventDeregister)
(libxlConnectDomainEventDeregisterAny): Match documentation.
* src/lxc/lxc_driver.c (lxcConnectDomainEventRegister)
(lxcConnectDomainEventDeregister)
(lxcConnectDomainEventDeregisterAny): Likewise.
* src/test/test_driver.c (testConnectDomainEventRegister)
(testConnectDomainEventDeregister)
(testConnectDomainEventDeregisterAny)
(testConnectNetworkEventDeregisterAny): Likewise.
* src/uml/uml_driver.c (umlConnectDomainEventRegister)
(umlConnectDomainEventDeregister)
(umlConnectDomainEventDeregisterAny): Likewise.
* src/vbox/vbox_tmpl.c (vboxConnectDomainEventRegister)
(vboxConnectDomainEventDeregister)
(vboxConnectDomainEventDeregisterAny): Likewise.
* src/xen/xen_driver.c (xenUnifiedConnectDomainEventRegister)
(xenUnifiedConnectDomainEventDeregister)
(xenUnifiedConnectDomainEventDeregisterAny): Likewise.
* src/network/bridge_driver.c
(networkConnectNetworkEventDeregisterAny): Likewise.
* tests/objecteventtest.c (testDomainCreateXMLOld): New test.
(mymain): Run it.
(testDomainCreateXML): Check return values.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-07 06:53:40 -07:00
Eric Blake
db3dd0824f maint: improve VIR_ERR_INVALID_CONN usage
The datatype.c object checks could result in a message like:

error: invalid connection pointer in no connection

This consolidates all clients of this message to have uniform contents:

error: invalid connection pointer in someFunc

Note that virCheckConnectReturn raises an error immediately; in
datatypes.c, where we don't need to raise the error (but instead
just leave it in the thread-local setting), we use
virCheckConnectGoto and the cleanup label instead.  Then, for
consistency in that file, all subsequent error messages are
touched to also use the cleanup error label.

* src/datatypes.h (virCheckConnectReturn)
(virCheckConnectGoto): New macros.
* src/datatypes.c: Use new macro.
* src/libvirt-qemu.c (virDomainQemuAttach): Likewise.
(virLibConnError): Delete unused macro.
* src/libvirt-lxc.c (virLibConnError): Likewise.
* src/libvirt.c: Use new macro throughout.
* docs/api_extension.html.in: Modernize documentation.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-06 21:41:02 -07:00
Eric Blake
d219826c65 maint: improve VIR_ERR_OPERATION_DENIED usage
Some of our operation denied messages are outright stupid; for
example, if virIdentitySetAttr fails:

error: operation Identity attribute is already set forbidden for read only access

This patch fixes things to a saner:

error: operation forbidden: Identity attribute is already set

It also consolidates the most common usage pattern for operation
denied errors: read-only connections preventing a public API.  In
this case, 'virsh -r -c test:///default destroy test' changes from:

error: operation virDomainDestroy forbidden for read only access

to:

error: operation forbidden: read only access prevents virDomainDestroy

Note that we were previously inconsistent on which APIs used
VIR_FROM_DOM (such as virDomainDestroy) vs. VIR_FROM_NONE (such as
virDomainPMSuspendForDuration).  After this patch, all uses
consistently use VIR_FROM_NONE, on the grounds that it is unlikely
that a caller learning that a call is denied can do anything in
particular with extra knowledge which error domain the call belongs
to (similar to what we did in commit baa7244).

* src/util/virerror.c (virErrorMsg): Rework OPERATION_DENIED error
message.
* src/internal.h (virCheckReadOnlyGoto): New macro.
* src/util/virerror.h (virReportRestrictedError): New macro.
* src/libvirt-lxc.c: Use new macros.
* src/libvirt-qemu.c: Likewise.
* src/libvirt.c: Likewise.
* src/locking/lock_daemon.c (virLockDaemonClientNew): Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-06 08:29:29 -07:00
Eric Blake
baa7244951 maint: improve VIR_ERR_NO_SUPPORT usage
We weren't very consistent in our use of VIR_ERR_NO_SUPPORT; many
users just passed __FUNCTION__ on, while others passed "%s" to
silence over-eager compilers that warn about __FUNCTION__ not
containing any %.  It's nicer to route all these uses through
a single macro, so that if we ever need to change the reporting,
we can do it in one place.

I verified that 'virsh -c test:///default qemu-monitor-command test foo'
gives the same error message before and after this patch:
error: this function is not supported by the connection driver: virDomainQemuMonitorCommand

Note that in libvirt.c, we were inconsistent on whether virDomain*
API used virLibConnError() (with VIR_FROM_NONE) or virLibDomainError()
(with VIR_FROM_DOMAIN); this patch unifies these errors to all use
VIR_FROM_NONE, on the grounds that it is unlikely that a caller
learning that a call is unimplemented can do anything in particular
with extra knowledge of which error domain it belongs to.

One particular change to note is virDomainOpenGraphics which was
trying to fail with VIR_ERR_NO_SUPPORT after a failed
VIR_DRV_SUPPORTS_FEATURE check; all other places that fail a
feature check report VIR_ERR_ARGUMENT_UNSUPPORTED.

* src/util/virerror.h (virReportUnsupportedError): New macro.
* src/libvirt-qemu.c: Use new macro.
* src/libvirt-lxc.c: Likewise.
* src/lxc/lxc_driver.c: Likewise.
* src/security/security_manager.c: Likewise.
* src/util/virinitctl.c: Likewise.
* src/libvirt.c: Likewise.
(virDomainOpenGraphics): Use correct error for unsupported feature.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-04 12:15:08 -07:00
Eric Blake
8f6c845f17 maint: avoid nested public calls
Having one API call into another is generally not good; among
other issues, it gives confusing logs, and is not quite as
efficient.

This fixes several instances, but not all: we still have instances
in both libvirt.c and in backend hypervisors (lxc and qemu) calling
the public virTypedParamsGetString and friends, which dispatch
errors immediately.  I'm not sure if it is worth trying to clean
that up in a separate patch (such a cleanup may be easiest by
separating the public function into a wrapper around the internal,
then tweaking internal.h so that internal users directly use the
internal function).

* src/libvirt.c (virDomainGetUUIDString, virNetworkGetUUIDString)
(virStoragePoolGetUUIDString, virSecretGetUUIDString)
(virNWFilterGetUUIDString): Avoid nested public API call.
* src/util/virtypedparam.c (virTypedParamsReplaceString): Don't
dispatch errors here.
(virTypedParamsGet): No need to reset errors.
(virTypedParamsGetBoolean): Use consistent ordering.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-04 07:13:09 -07:00
Eric Blake
f06d55da7b maint: reset error on entrance to public API
We document that calling any public API wipes out all prior
libvirt errors in the same thread; but weren't obeying this
style in a few functions.

There are a couple of nested uses of virConnectRef (in lxc
and qemu reboot paths), but they should not be affected by
this change in semantics since there should not be any
previous error getting nuked (a later patch will clean up
the nested calls, along with abuse of virConnectClose on
cleanup paths which DOES nuke errors).

* src/libvirt.c (virGetVersion, virConnectRef, virDomainRef)
(virDomainGetSecurityLabel, virDomainGetSecurityLabelList)
(virDomainSetMetadata, virDomainGetMetadata)
(virNodeGetSecurityModel, virNetworkRef, virInterfaceRef)
(virStoragePoolRef, virStorageVolRef, virNodeDeviceGetName)
(virNodeDeviceRef, virSecretRef, virStreamRef, virNWFilterRef)
(virDomainSnapshotRef): Reset error on entrance.
(do_open): Drop redundant error reset.
* src/libvirt-qemu.c (virDomainQemuAgentCommand): Likewise.
* src/libvirt-lxc.c (virDomainLxcEnterNamespace)
(virDomainLxcEnterSecurityLabel): Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-03 09:38:31 -07:00
Eric Blake
ca0ea2a981 maint: improve error condition style in public API
While auditing error messages in libvirt.c, I found a couple
instances that had not been converted to modern error styles,
and a few places that failed to dispatch the error through
the known-good connection.

* src/libvirt.c (virDomainPinEmulator, virDomainGetDiskErrors)
(virDomainSendKey, virDomainGetSecurityLabelList)
(virDomainGetEmulatorPinInfo): Use typical error reporting.
(virConnectGetCPUModelNames, virConnectRegisterCloseCallback)
(virConnectUnregisterCloseCallback, virDomainGetUUID): Report
error through connection.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-03 07:15:23 -07:00
Eric Blake
5e3e211dd5 maint: split long lines in invalidArg errors
Style only.  In particular, the message on "flags 'affect live'
and 'affect config'" being mutually exclusive was already split
in some instances.

* src/libvirt.c: Wrap some long error messages to fit in 80 columns.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-03 07:11:46 -07:00
Eric Blake
ff65843480 maint: move debug statements first in public API
Most of our public APIs emit a debug log on entry, prior to anything
else.  There were a few exceptions where obvious failures were not
logged, so fix those.  When moving a debug earlier, this patch also
makes sure to avoid any NULL dereference during the log (the APIs
are supposed to gracefully fail if the user passes NULL for the object).

However, do NOT use VIR_DEBUG prior to virInitialize, since setting
up the error reporting can change where VIR_DEBUG output would be
routed.  Instead add documentation to virGlobalInit, virInitialize,
and virGetVersion that better explains initialization.

* src/libvirt.c (virGetVersion, virConnectRef, virDomainRef)
(virNetworkRef, virInterfaceRef, virStoragePoolRef)
(virStorageVolRef, virNodeDeviceRef, virSecretRef, virStreamRef)
(virNWFilterRef, virDomainSnapshotRef): Debug on function entry.
* src/libvirt-lxc.c (virDomainLxcEnterNamespace)
(virDomainLxcEnterSecurityLabel): Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-03 06:15:04 -07:00
Eric Blake
13f8372007 maint: improve debug of libvirt-{qemu,lxc} apis
I noticed that the virDomainQemuMonitorCommand debug output wasn't
telling me the name of the domain it was working on.  While it was
easy enough to determine which pointer matches the domain based on
other log messages, it is nicer to be consistent.

* src/util/viruuid.h (VIR_UUID_DEBUG): Moved here from...
* src/libvirt.c (VIR_UUID_DEBUG): ...here.
(VIR_ARG15, VIR_HAS_COMMA, VIR_DOMAIN_DEBUG_EXPAND)
(VIR_DOMAIN_DEBUG_PASTE, VIR_DOMAIN_DEBUG_0, VIR_DOMAIN_DEBUG_1)
(VIR_DOMAIN_DEBUG_2, VIR_DOMAIN_DEBUG): Move...
* src/datatypes.h: ...here.
* src/libvirt-qemu.c (virDomainQemuMonitorCommand)
(virDomainQemuAgentCommand): Better debug messages.
* src/libvirt-lxc.c (virDomainLxcOpenNamespace): Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-02 22:17:11 -07:00
Eric Blake
80aed9f87f maint: consistent formatting in libvirt.c
Preliminary cleanups to make search-and-replace easier in later
patches.  Many of these were done by grepping for (multiline)
pattern violations, then bundled all into one patch.

* src/libvirt.c: Uniform two spaces between functions, return
type and open brace on separate line, avoid blank lines around
open brace, label in column 1, drop redundant (), consistent
indentation for function headers split across lines.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-02 12:06:03 -07:00
Eric Blake
c8f95fff63 event: improve public API docs
Since libvirt 0.9.3, the entire virevent.c file has been a public
API, so improve the documentation in this file.  Also, fix a
potential core dump - it could only be triggered by bogus use of
the API and would only affect the caller (not libvirtd), but we
might as well be nice.

* src/libvirt.c (virConnectSetKeepAlive)
(virConnectDomainEventRegister, virConnectDomainEventRegisterAny)
(virConnectNetworkEventRegisterAny): Document event loop requirement.
* src/util/virevent.c (virEventAddHandle, virEventRemoveHandle)
(virEventAddTimeout, virEventRemoveTimeout): Likewise.
(virEventUpdateHandle, virEventUpdateTimeout): Likewise, and avoid
core dump if caller didn't register handler.
(virEventRunDefaultImpl): Expand example, and set up code block in
html docs.
(virEventRegisterImpl, virEventRegisterDefaultImpl): Document more
on the use of the event loop.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-02 07:29:54 -07:00
Eric Blake
169700970d docs: return paragraph must be last
Commit eb70ceb tried to create a code block for
libvirt-libvirt.html#virConnectGetType, but failed to note
that our doc generator treats everything after "Returns" as
part of the return description rather than looking for
paragraph and code layout.  Fix some other API that also had
generic details crammed into the return type paragraph.

* src/libvirt.c (virConnectOpen, virConnectOpenReadOnly)
(virConnectOpenAuth, virConnectListAllDomains): Fit doc pattern.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-12-31 23:21:00 -07:00
Eric Blake
eb70ceba8a docs: fix layout of code snippets
Similar to commit 52dbeac, we should indent code snippets in
other places to ensure they appear correctly in html.  See
http://libvirt.org/html/libvirt-libvirt.html#virNodeGetCPUStats
for an example improved by this patch.  Also fix some missing
semicolons in the examples.

* src/libvirt.c: Indent code samples in comments.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-12-28 11:28:04 -07:00
Eric Blake
3e67714e48 docs: improve event-related documentation
While looking at event code, I noticed that the documentation was
trying to refer me to functions that don't exist.  Also fix some
typos and poor formatting.

* src/libvirt.c (virConnectDomainEventDeregister)
(virConnectDomainEventRegisterAny)
(virConnectDomainEventDeregisterAny)
(virConnectNetworkEventRegisterAny)
(virConnectNetworkEventDeregisterAny): Link to correct function.
* include/libvirt.h.in (VIR_DOMAIN_EVENT_CALLBACK)
(VIR_NETWORK_EVENT_CALLBACK): Likewise.
(virDomainEventID, virConnectDomainEventGenericCallback)
(virNetworkEventID, virConnectNetworkEventGenericCallback):
Improve docs.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-12-19 09:45:50 -07:00
Eric Blake
fca4f23340 object: require maximal alignment in base class
Recent changes to events (commit 8a29ffcf) resulted in new compile
failures on some targets (such as ARM OMAP5):
conf/domain_event.c: In function 'virDomainEventDispatchDefaultFunc':
conf/domain_event.c:1198:30: error: cast increases required alignment of
target type [-Werror=cast-align]
conf/domain_event.c:1314:34: error: cast increases required alignment of
target type [-Werror=cast-align]
cc1: all warnings being treated as errors

The error is due to alignment; the base class is merely aligned
to the worst of 'int' and 'void*', while the child class must
be aligned to a 'long long'.  The solution is to include a
'long long' (and for good measure, a function pointer) in the
base class to ensure correct alignment regardless of what a
child class may add, but to wrap the inclusion in a union so
as to not incur any wasted space.  On a typical x86_64 platform,
the base class remains 16 bytes; on i686, the base class remains
12 bytes; and on the impacted ARM platform, the base class grows
from 12 bytes to 16 bytes due to the increase of alignment from
4 to 8 bytes.

Reported by Michele Paolino and others.

* src/util/virobject.h (_virObject): Use a union to ensure that
subclasses never have stricter alignment than the parent.
* src/util/virobject.c (virObjectNew, virObjectUnref)
(virObjectRef): Adjust clients.
* src/libvirt.c (virConnectRef, virDomainRef, virNetworkRef)
(virInterfaceRef, virStoragePoolRef, virStorageVolRef)
(virNodeDeviceRef, virSecretRef, virStreamRef, virNWFilterRef)
(virDomainSnapshotRef): Likewise.
* src/qemu/qemu_monitor.c (qemuMonitorOpenInternal)
(qemuMonitorClose): Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-12-13 05:59:38 -07:00
Cédric Bosdonnat
9ff38c5428 Added Network events API and virNetworkEventLifecycle.
Define the public API for (de-)registering network events
and the callbacks for receiving lifecycle events. The lifecycle
event includes a 'detail' parameter to match the domain lifecycle
event data, but this is currently unused.

The network events related code goes into its own set of internal
files src/conf/network_event.[ch]
2013-12-11 13:10:41 +00:00
Wang Yufei
d51855d10f docs: fix double articles bug
Delete the extra article 'the'.

Signed-off-by: Wang Yufei <james.wangyufei@huawei.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2013-12-05 13:16:33 -07:00
Osier Yang
ec2fb767bb Doc: Explicitly declaring that nodedev-destroy only works for vHBA
Though trying to destroy a physical HBA doesn't make sense at all,
it's still a bit misleading with saying "only works for HBA".

Signed-off-by: Osier Yang <jyang@redhat.com>
2013-12-03 16:34:46 +08:00
Daniel P. Berrange
4cac241a7b Ensure to zero out the virDomainBlockJobInfo arg
The virDomainGetBlockJobInfo method did not zero out the
virDomainBlockJobInfo pointer arg, so when block jobs were
not active it would return garbage for the bandwidth/cur/end
fields.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-12-02 17:34:57 +00:00
Michal Privoznik
cc38d68dc1 virDomainReboot: Document that migration might be unsafe
https://bugzilla.redhat.com/show_bug.cgi?id=744967

If a domain is rebooting and a migrate API is called meanwhile we would
have to transfer the fakeReboot attribute to the destination in order to
prevent domain doing plain shutdown over there. We shouldn't try to do
anything clever about it other than documenting this as a known
limitation.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-11-22 08:17:30 +01:00
Wangyufei (A)
09f2395217 docs: delete extra character
delete extra character 'p' from the comment of virInterfaceCreate

Signed-off-by: Wang Yufei <james.wangyufei@huawei.com>
2013-11-21 11:53:59 +01:00
Ján Tomko
e68432e45f Properly unref a connection with a close callback
The connection pointer in the closeCallback data was never
initialized, making the unref in remoteClientCloseFunc a no-op.

This fixes the following leak in virsh when the daemon closes
the connection unexpectedly:

1,179 (288 direct, 891 indirect) bytes in 1 blocks are
   definitely lost in loss record 745 of 792
  at 0x4C2A6D0: calloc (in vgpreload_memcheck-amd64-linux.so)
  by 0x4E9643D: virAllocVar (viralloc.c:558)
  by 0x4ED2425: virObjectNew (virobject.c:190)
  by 0x4F675AC: virGetConnect (datatypes.c:116)
  by 0x4F6EA06: do_open (libvirt.c:1136)
  by 0x4F71017: virConnectOpenAuth (libvirt.c:1481)
  by 0x129FFA: vshReconnect (virsh.c:337)
  by 0x128310: main (virsh.c:2470)
2013-11-18 12:26:15 +01:00
Eric Blake
6385283add docs: improve job info details
Noticed while revieweing the patches for qemu's new migration state.

* include/libvirt/libvirt.h.in (_virDomainJobInfo): Fix typo,
grammar.
* src/libvirt.c (virDomainGetJobInfo): Add cross reference.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-15 06:00:49 -07:00
Wang Yufei
af67a43659 docs: fix virDomainRestoreFlags description bug
In virDomainRestoreFlags with VIR_DOMAIN_SAVE_BYPASS_CACHE, it risks
slowing restores from NFS, but not saves to NFS.

Signed-off-by: Wang Yufei <james.wangyufei@huawei.com>
2013-11-08 12:08:39 -07:00
Claudio Bley
52dbeac8e7 libvirt.c: indent code of virDomainGetMemoryParameters's documentation
By indenting code inside of comments, it gets recognized as a
code block when generating the HTML documentation.
2013-10-30 17:30:12 +01:00
Claudio Bley
6d19d742bc libvirt.c: add 2 spaces of indentation to example code of virStreamSend
See libvirt-libvirt.html#virStreamSend for the effect.
2013-10-30 17:30:12 +01:00
Daniel P. Berrange
9cd6a57db6 Block all use of libvirt.so in setuid programs
Avoid people introducing security flaws in their apps by
forbidding the use of libvirt.so in setuid programs, with
a check in virInitialize.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-21 14:03:52 +01:00
Daniel P. Berrange
9b0af09240 Remove (nearly) all use of getuid()/getgid()
Most of the usage of getuid()/getgid() is in cases where we are
considering what privileges we have. As such the code should be
using the effective IDs, not real IDs.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-21 14:03:52 +01:00
Daniel P. Berrange
e22b0232c7 Only allow the UNIX transport in remote driver when setuid
We don't know enough about quality of external libraries used
for non-UNIX transports, nor do we want to spawn external
commands when setuid. Restrict to the bare minimum which is
UNIX transport for local usage. Users shouldn't need to be
running setuid if connecting to remote hypervisors in any
case.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-21 14:03:52 +01:00
Daniel P. Berrange
1e4a02bdfe Remove all direct use of getenv
Unconditional use of getenv is not secure in setuid env.
While not all libvirt code runs in a setuid env (since
much of it only exists inside libvirtd) this is not always
clear to developers. So make all the code paranoid, even
if it only ever runs inside libvirtd.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-21 14:03:52 +01:00
Daniel P. Berrange
3e2f27e13b Don't link virt-login-shell against libvirt.so (CVE-2013-4400)
The libvirt.so library has far too many library deps to allow
linking against it from setuid programs. Those libraries can
do stuff in __attribute__((constructor) functions which is
not setuid safe.

The virt-login-shell needs to link directly against individual
files that it uses, with all library deps turned off except
for libxml2 and libselinux.

Create a libvirt-setuid-rpc-client.la library which is linked
to by virt-login-shell. A config-post.h file allows this library
to disable all external deps except libselinux and libxml2.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-21 14:03:52 +01:00
Daniel P. Berrange
57687fd6bf Fix perms for virConnectDomainXML{To,From}Native (CVE-2013-4401)
The virConnectDomainXMLToNative API should require 'connect:write'
not 'connect:read', since it will trigger execution of the QEMU
binaries listed in the XML.

Also make virConnectDomainXMLFromNative API require a full
read-write connection and 'connect:write' permission. Although the
current impl doesn't trigger execution of QEMU, we should not
rely on that impl detail from an API permissioning POV.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-21 13:58:40 +01:00
Giuseppe Scrivano
f90857b32a libvirt: add new public API virConnectGetCPUModelNames
The new function virConnectGetCPUModelNames allows to retrieve the list
of CPU models known by the hypervisor for a specific architecture.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2013-09-23 15:41:50 -06:00
Peter Krempa
3b6784d119 lib: Don't force the key argument when deleting metadata
virDomainSetMetadata when operating on the metadata element was
requesting the @key argument to be passed even if @metadata was NULL
used to delete the corresponding metadata element. This is not needed as
the key is only used when adding the element and matching is done via
the XML namespace.
2013-09-17 09:42:49 +02:00
Eric Blake
5c7f820d19 docs: mention hostname subtlety
An off-list bug report mentioned some confusion where the public
documentation of libvirt.c:virConnectGetHostname did not match
the private documentation of util/virutil.c:virGetHostname.

* src/libvirt.c (virConnectGetHostname): Tweak docs.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-09-13 07:59:34 -06:00
Michal Novotny
25b133e771 api-docs: Fix description of virConnectGetType() API function
This fixes the description of virConnectGetType() API function in
API documentation to match the real functionality that it can be
used to get driver name, and provide a hint on how to learn about
full capabilities.

Signed-off-by: Michal Novotny <minovotn@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2013-09-11 20:12:59 -06:00
Oskari Saarenmaa
c9e1c6a93e docs, comments: minor typo fixes
Signed-off-by: Oskari Saarenmaa <os@ohmu.fi>
Signed-off-by: Eric Blake <eblake@redhat.com>
2013-09-10 17:06:41 -06:00
Don Dugger
d4952d36d0 Add flag to BaselineCPU API to return detailed CPU features
Currently the virConnectBaselineCPU API does not expose the CPU features
that are part of the CPU's model.  This patch adds a new flag,
VIR_CONNECT_BASELINE_CPU_EXPAND_FEATURES, that causes the API to explicitly
list all features that are part of that model.

Signed-off-by: Don Dugger <donald.d.dugger@intel.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2013-08-16 15:31:18 -06:00
Eric Blake
6094b1ff19 build: avoid -lgcrypt with newer gnutls
https://bugzilla.redhat.com/show_bug.cgi?id=951637

Newer gnutls uses nettle, rather than gcrypt, which is a lot nicer
regarding initialization.  Yet we were unconditionally initializing
gcrypt even when gnutls wouldn't be using it, and having two crypto
libraries linked into libvirt.so is pointless, but mostly harmless
(it doesn't crash, but does interfere with certification efforts).

There are three distinct version ranges to worry about when
determining which crypto lib gnutls uses, per these gnutls mails:
2.12: http://lists.gnu.org/archive/html/gnutls-devel/2011-03/msg00034.html
3.0: http://lists.gnu.org/archive/html/gnutls-devel/2011-07/msg00035.html

If pkg-config can prove version numbers and/or list the crypto
library used for static linking, we have our proof; if not, it
is safer (even if pointless) to continue to use gcrypt ourselves.

* configure.ac (WITH_GNUTLS): Probe whether to add -lgcrypt, and
define a witness WITH_GNUTLS_GCRYPT.
* src/libvirt.c (virTLSMutexInit, virTLSMutexDestroy)
(virTLSMutexLock, virTLSMutexUnlock, virTLSThreadImpl)
(virGlobalInit): Honor the witness.
* libvirt.spec.in (BuildRequires): Make gcrypt usage conditional,
no longer needed in Fedora 19.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-08-12 09:58:48 -06:00
John Ferlan
e4a969092b Separate out StateAutoStart from StateInitialize
Separation allows for dependent drivers to be make a connection during
the AutoStart phase of state initialization.
2013-07-26 09:30:53 -04:00
Philipp Hahn
ada5f9ceb8 doc: Fix copy-paste-error in virNodeGetMemoryStats
The description seems to be copied from virNodeGetCpuState.
Change wrong 'cpu' to 'memory'.

Signed-off-by: Philipp Hahn <hahn@univention.de>
2013-07-22 16:53:44 +02:00
Jiri Denemark
1f71de59f6 Clarify virDomainDetachDeviceFlags documentation 2013-07-18 15:28:45 +02:00
Daniel P. Berrange
d76227bea3 Introduce new domain create APIs to pass pre-opened FDs to LXC
With container based virt, it is useful to be able to pass
pre-opened file descriptors to the container init process.
This allows for containers to be auto-activated from incoming
socket connections, passing the active socket into the container.

To do this, introduce a pair of new APIs, virDomainCreateXMLWithFiles
and virDomainCreateWithFiles, which accept an array of file
descriptors. For the LXC driver, UNIX file descriptor passing
will be used to send them to libvirtd, which will them pass
them down to libvirt_lxc, which will then pass them to the container
init process.

This will only be implemented for LXC right now, but the design
is generic enough it could work with other hypervisors, hence
I suggest adding this to libvirt.so, rather than libvirt-lxc.so

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-07-18 11:01:14 +01:00
John Ferlan
d5c67e7f45 Add new public API virDomainSetMemoryStatsPeriod
Add new API in order to set the balloon memory driver statistics collection
period in order to allow dynamic period adjustment for the virsh dommemstats to
display balloon stats data
2013-07-16 08:44:53 -04:00
Daniel P. Berrange
563818bc99 Convert 'int i' to 'size_t i' in src/ files
Convert the type of loop iterators named 'i', 'j', k',
'ii', 'jj', 'kk', to be 'size_t' instead of 'int' or
'unsigned int', also santizing 'ii', 'jj', 'kk' to use
the normal 'i', 'j', 'k' naming

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-07-10 17:55:17 +01:00
Michal Privoznik
36844c9112 Adapt to VIR_ALLOC and virAsprintf in src/* 2013-07-10 11:07:33 +02:00
Jiri Denemark
d4ce75ba76 Paused domain should remain paused after migration
https://bugzilla.redhat.com/show_bug.cgi?id=981139

If a domain is paused before migration starts, we need to tell that to
the destination libvirtd to prevent it from resuming the domain at the
end of migration. This regression was introduced by commit 5379bb0.
2013-07-08 12:27:58 +02:00
Jiri Denemark
83b43717a6 Fix possible NULL dereference during migration 2013-06-25 16:10:09 +02:00
Jiri Denemark
4bf62f44a9 Extensible migration APIs
This patch introduces two new APIs virDomainMigrate3 and
virDomainMigrateToURI3 that may be used in place of their older
variants. These new APIs take optional migration parameters (such as
bandwidth, domain XML, ...) in an array of virTypedParameters, which
makes adding new parameters easier as there's no need to introduce new
APIs whenever a new migration parameter needs to be added. Both APIs are
backward compatible and will automatically use older migration calls in
case the new calls are not supported as long as the typed parameters
array does not contain any parameter which was not supported by the
older calls.
2013-06-25 01:24:53 +02:00
Jiri Denemark
35820ad543 Adapt virDomainMigratePeer2Peer for extensible migration APIs 2013-06-25 01:21:16 +02:00
Jiri Denemark
fa8b7c6aed Adapt virDomainMigrateVersion3 for extensible migration APIs 2013-06-25 01:18:13 +02:00
Jiri Denemark
c0762b6518 New internal migration APIs with extensible parameters
This patch implements extensible variants of all internal migration APIs
used for v3 migration.
2013-06-25 01:13:16 +02:00