Commit Graph

11904 Commits

Author SHA1 Message Date
Eric Blake
0372295770 event: server RPC protocol tweaks for domain lifecycle events
This patch adds some new RPC call numbers, but for ease of review,
they sit idle until a later patch adds the client counterpart to
drive the new RPCs.  Also for ease of review, I limited this patch
to just the lifecycle event; although converting the remaining
15 domain events will be quite mechanical.  On the server side,
we have to have a function per RPC call, largely with duplicated
bodies (the key difference being that we store in our callback
opaque pointer whether events should be fired with old or new
style); meanwhile, a single function can drive multiple RPC
messages.  With a strategic choice of XDR struct layout, we can
make the event generation code for both styles fairly compact.

I debated about adding a tri-state witness variable per
connection (values 'unknown', 'legacy', 'modern').  It would start
as 'unknown', move to 'legacy' if any RPC call is made to a legacy
event call, and move to 'modern' if the feature probe is made;
then the event code could issue an error if the witness state is
incorrect (a legacy RPC call while in 'modern', a modern RPC call
while in 'unknown' or 'legacy', and a feature probe while in
'legacy' or 'modern').  But while it might prevent odd behavior
caused by protocol fuzzing, I don't see that it would prevent
any security holes, so I considered it bloat.

Note that sticking @acl markers on the new RPCs generates unused
functions in access/viraccessapicheck.c, because there is no new
API call that needs to use the new checks; however, having a
consistent .x file is worth the dead code.

* src/libvirt_internal.h (VIR_DRV_FEATURE_REMOTE_EVENT_CALLBACK):
New feature.
* src/remote/remote_protocol.x
(REMOTE_PROC_CONNECT_DOMAIN_EVENT_CALLBACK_REGISTER_ANY)
(REMOTE_PROC_CONNECT_DOMAIN_EVENT_CALLBACK_DEREGISTER_ANY)
(REMOTE_PROC_DOMAIN_EVENT_CALLBACK_LIFECYCLE): New RPCs.
* daemon/remote.c (daemonClientCallback): Add field.
(remoteDispatchConnectDomainEventCallbackRegisterAny)
(remoteDispatchConnectDomainEventCallbackDeregisterAny): New
functions.
(remoteDispatchConnectDomainEventRegisterAny)
(remoteDispatchConnectDomainEventDeregisterAny): Mark legacy use.
(remoteRelayDomainEventLifecycle): Change message based on legacy
or new use.
(remoteDispatchConnectSupportsFeature): Advertise new feature.
* src/remote_protocol-structs: Regenerate.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-02-12 10:48:15 -07:00
Michael Chapman
74cf8202d2 storage: handle NULL return from virGetStorageVol
virGetStorageVol can return NULL on out-of-memory. If it does, cleanly
abort the volume clone operation.

Signed-off-by: Michael Chapman <mike@very.puzzling.org>
2014-02-12 15:18:43 +01:00
Ján Tomko
7236a473f0 Revert "storage: disk: Separate creating of the volume from building"
This reverts commit 67ccf91bf2.
We only generate the volume key after we've built it, but the storage
driver expects it to be filled after createVol finishes.
Squash the volume building back with creating to fulfill this
expectation.
2014-02-12 14:54:05 +01:00
Ján Tomko
42bbde2d06 Revert "storage: lvm: Separate creating of the volume from building"
This reverts commit af1fb38f55.
With it, creating new logical volumes fails:
https://www.redhat.com/archives/libvir-list/2014-February/msg00658.html

In the storage driver, we expect CreateVol to fill out the volume key,
but the LVM backend fills the key with the uuid reported by lvs after the
logical volume is created.
2014-02-12 14:51:05 +01:00
Cédric Bosdonnat
d385239260 Fixed build with clang.
Two unused global variables, and DBUS_TYPE_INVALID used as a const
char*.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-02-12 06:36:17 -07:00
Oleg Strikov
69fba97f63 qemu: Implement a stub cpuArchDriver.baseline() handler for aarch64
Openstack Nova calls virConnectBaselineCPU() during initialization
of the instance to get a full list of CPU features.
This patch adds a stub to aarch64-specific code to handle
this request (no actual work is done). That's enough to have
this stub with limited functionality because qemu/kvm backend
supports only 'host-passthrough' cpu mode on aarch64.

Signed-off-by: Oleg Strikov <oleg.strikov@canonical.com>
2014-02-11 17:34:55 -05:00
Jim Fehlig
2fbfedeb0d libxl: fix libxlDoDomainSave documentation
Update the function's comment, which was missed when removing use of
the driver lock everywhere.
2014-02-11 11:03:53 -07:00
Jim Fehlig
3d8a3d6e5b libxl: register for domain events immediately after creation
A small fix for the possiblitiy of jumping to an error path before
registering for domain events, preventing receiving important ones
like shutdown and death.
2014-02-11 11:03:53 -07:00
Jim Fehlig
e20bf46741 libxl: rename libxlCreateDomEvents to libxlDomEventsRegister
libxlDomEventsRegister better reflects its purpose: register for
domain events from libxl.
2014-02-11 11:03:53 -07:00
Ján Tomko
47fa97a799 Rename 'index' in virCapabilitiesGetCpusForNode
This shadows the index function on some systems (RHEL-6.4, FreeBSD 9):
../../src/conf/capabilities.c: In function 'virCapabilitiesGetCpusForNode':
../../src/conf/capabilities.c:1005: warning: declaration of'index'
      shadows a global declaration [-Wshadow]
/usr/include/strings.h:57: warning: shadowed declaration is here [-Wshadow]
2014-02-11 16:35:33 +01:00
Pradipta Kr. Banerjee
cd921cf077 Handle non-sequential NUMA node numbers
On some platforms like IBM PowerNV the NUMA node numbers can be
non-sequential. For eg. numactl --hardware o/p from such a machine looks
as given below

node distances:
   node   0   1  16  17
     0:  10  40  40  40
     1:  40  10  40  40
    16:  40  40  10  40
    17:  40  40  40  10

The NUMA nodes are 0,1,16,17

Libvirt uses sequential index as NUMA node numbers and this can
result in crash or incorrect results.

Signed-off-by: Shivaprasad G Bhat <sbhat@linux.vnet.ibm.com>
Signed-off-by: Pradipta Kr. Banerjee <bpradip@in.ibm.com>
2014-02-11 14:44:20 +00:00
Peter Krempa
037ffda3c7 storage: gluster: Set volume metadata in a separate function
Extract the metadata setting code into a separate function for future
use.
2014-02-11 13:46:32 +01:00
Martin Kletzander
d27e6bc40f qemu: introduce spiceport chardev backend
Add a new backend for any character device.  This backend uses channel
in spice connection.  This channel is similar to spicevmc, but
all-purpose in contrast to spicevmc.

Apart from spicevmc, spiceport-backed chardev will not be formatted
into the command-line if there is no spice to use (with test for that
as well).  For this I moved the def->graphics counting to the start
of the function so its results can be used in rest of the code even in
the future.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2014-02-11 13:43:55 +01:00
Martin Kletzander
296a4791eb qemu: remove pointless condition
This patch is here just to ease the code review and make related
changes look more sensible.  Apart from removing the condition this is
merely a whitespace (indentation) change.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2014-02-11 13:43:55 +01:00
Martin Kletzander
a53e504052 qemu: rework '-serial none'
Limiting ourselves to qemu without QEMU_CAPS_DEVICE capability, we
used '-serial none' only if there was no serial device defined in the
domain XML.  This means that if we want to have a possibility of the
device being defined in XML, but not used in the command-line
(e.g. when it's pointless), we'll fail to attach '-serial none' to the
command-line (when skipping the device's command-line building and the
device being the only one).

Since there is no such device, this patch doesn't actually do
anything, but enables easier future additions in this manner.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2014-02-11 13:43:55 +01:00
Martin Kletzander
5b189541ac conf: introduce spiceport chardev backend
Add a new character device backend called 'spiceport' that uses
spice's channel for communications and apart from spicevmc can be used
as a backend for any character device from libvirt's point of view.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2014-02-11 13:43:55 +01:00
Wido den Hollander
0227889ab0 rbd: Use rbd_create3 to create RBD format 2 images by default
This new RBD format supports snapshotting and cloning. By having
libvirt create images in format 2 end-users of the created images
can benefit from the new RBD format.

Older versions of libvirt can work with this new RBD format as long
as librbd supports format 2. RBD format is supported by librbd since
version 0.56 (Ceph Bobtail).

Signed-off-by: Wido den Hollander <wido@widodh.nl>
2014-02-11 12:10:22 +00:00
Joel SIMOES
9741006333 Libvirt lose sheepdogs volumes on pool refresh or restart.
When restarting sheepdog pool, all volumes are missing.
This patch add automatically all volume from the added pool.

Adding last Daniel P. Berrange's syntaxes correction.
Adding vol on separeted function 'inspired' from parallels_storage :
parallelsAddDiskVolume
2014-02-11 11:32:04 +00:00
Laine Stump
0144d72963 build: correctly check for SOICGIFVLAN GET_VLAN_VID_CMD command
In order to make a client-only build successful on RHEL4 (yes, you
read that correctly!), commit 3ed2e54 modified src/util/virnetdev.c so
that the functional version of virNetDevGetVLanID() was only compiled
if GET_VLAN_VID_CMD was defined. However, it is *never* defined, but
is only an enum value, so the proper version was no longer compiled
even on platforms that support it. This resulted in the vlan tag not
being properly set for guest traffic on VEPA mode guest macvtap
interfaces that were bound to a vlan interface (that's the only place
that libvirt currently uses virNetDevGetVLanID)

Since there is no way to compile conditionally based on the presence
of an enum value, this patch modifies configure.ac to check for said
enum value with AC_CHECK_DECLS(), which #defines
HAVE_DECL_GET_VLAN_VID_CMD to 1 if it's successful compiling a test
program that uses GET_VLAN_VID_CMD (and still #defines it, but to 0,
if it's not successful).  We can then make the compilation of
virNetDevGetVLanID() conditional on the value of
HAVE_DECL_GET_VLAN_VID_CMD.
2014-02-11 01:43:38 +02:00
Yuri Myasoedov
cc25e45158 maint: fix line numbers in check-aclrules reports
Reset line numbering on each input file in check-aclrules.pl. Otherwise
it reports wrong line numbers in its error messages.

Signed-off-by: Yuri Myasoedov <ymyasoedov@yandex.ru>
Signed-off-by: Roman Bogorodskiy <bogorodskiy@gmail.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2014-02-10 14:07:22 -07:00
Michal Privoznik
28900766d5 virNetworkLoadState: Disallow mangled 'floor' element
In the network status XML we may have the <floor/> element with the
'sum' attribute. The attribute represents sum of all 'floor'-s of
computed over each interface connected to the network (this is needed to
guarantee certain bandwidth for certain domain). The sum is therefore a
number. However, if the number was mangled (e.g. by an user's
interference to network status file), we've just ignored it without
refusing to parse such file. This was all due to 'goto error' missing.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-02-10 19:26:16 +01:00
Peter Krempa
9bf629ab60 qemu: Use correct permissions when determining the image chain
The code took into account only the global permissions. The domains now
support per-vm DAC labels and per-image DAC labels. Use the most
specific label available.
2014-02-10 15:49:59 +01:00
Michal Privoznik
e209c07760 networkStartNetwork: Be more verbose
The lack of debug printings might be frustrating in the future.
Moreover, this function doesn't follow the usual pattern we have in the
rest of the code:

  int ret = -1;
  /* do some work */
  ret = 0;
cleanup:
  /* some cleanup work */
  return ret;

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-02-10 11:47:24 +01:00
Peter Krempa
600bca592b qemu: hyperv: Add support for timer enlightenments
Add a new <timer> for the HyperV reference time counter enlightenment
and the iTSC reference page for Windows guests.

This feature provides a paravirtual approach to track timer events for
the guest (similar to kvmclock) with the option to use real hardware
clock on systems with a iTSC with compensation across various hosts.
2014-02-10 11:30:10 +01:00
Peter Krempa
8ffaa42d7b conf: Enforce supported options for certain timers
According to the documentation various timer options are only supported
by certain timer types. Add a post parse check to verify that the user
didn't specify invalid options.

Also fix the qemu command line parsing function to set correct default
values for the kvmclock timer so that it passes the new check.
2014-02-10 11:17:32 +01:00
Peter Krempa
bbd392ff86 schema: Fix guest timer specification schema according to the docs
According to the documentation describing various tunables for domain
timers not all the fields are supported by all the driver types. Express
these in the RNG:

- rtc, platform: Only these support the "track" attribute.
- tsc: only one to support "frequency" and "mode" attributes
- hpet, pit: tickpolicy/catchup attribute/element
- kvmclock: no extra attributes are supported

Additionally the attributes of the <catchup> element for
tickpolicy='catchup' are optional according to the parsing code. Express
this in the XML and fix a spurious space added while formatting the
<catchup> element and add tests for it.
2014-02-10 11:09:14 +01:00
John Ferlan
b60644f38f virpci: Resolve coverity issues
Coverity complains about "USE_AFTER_FREE" due to how virPCIDeviceSetStubDriver
"could" return either -1, 0, or 1 from the VIR_STRDUP() and then possibly makes
a call to virPCIDeviceDetach().

The only way this could happen is if NULL were passed as the "driver" name
and virStrdup() returned 0.  Since the calling functions check < 0 on the
initial function call, the 0 possibility causes Coverity to complain.

To fix this - enforce that the second parameter is not NULL using
ATTRIBUTE_NONNULL(2) for the function prototype, then in virPCIDeviceDetach
add an sa_assert(dev->stubDriver). This will result in Coverity not complaining
any more.
2014-02-07 10:58:24 -05:00
Christophe Fergeau
f336b1cccb Add glusterfs to VIR_CONNECT_LIST_STORAGE_POOLS_FILTERS_POOL_TYPE
If it's not present in this list, we won't be able to get only
glusterfs pools when using virConnectListAllStoragePools.
2014-02-07 10:26:46 +01:00
Martin Kletzander
440a1aa508 qemu: keep pre-migration domain state after failed migration
Couple of codepaths shared the same code which can be moved out to a
function and on one of such places, qemuMigrationConfirmPhase(), the
domain was resumed even if it wasn't running before the migration
started.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1057407

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2014-02-07 10:07:38 +01:00
Jim Fehlig
630b645695 libxl: remove unneeded locking of driver when restoring
libxlDomainRestoreFlags acquires the driver lock while reading the
domain config from the save file and adding it to
libxlDriverPrivatePtr->domains.  But virDomainObjList provides
self-locking APIs, so remove the needless driver locking.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
2014-02-06 10:39:32 -07:00
Jim Fehlig
778067e195 libxl: improve subprocess handling
If available, let libxl handle reaping any children it creates by
specifying libxl_sigchld_owner_libxl_always_selective_reap.  This
feature was added to improve subprocess handling in libxl when used
in an application that does not install a SIGCHLD handler like
libvirt

http://lists.xen.org/archives/html/xen-devel/2014-01/msg01555.html

Prior to this patch, it is possible to hit asserts in libxl when
reaping subprocesses, particularly during simultaneous operations
on multiple domains.  With this patch, and the corresponding changes
to libxl, I no longer see the asserts.  Note that the libxl changes
will be included in Xen 4.4.0.  Previous Xen versions will be
susceptible to hitting the asserts even with this patch applied to
the libvirt libxl driver.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
2014-02-06 10:20:31 -07:00
Jim Fehlig
03b3f8940a libxl: handle domain shutdown events in a thread
Handling the domain shutdown event within the event handler seems
a bit unfair to libxl's event machinery.  Domain "shutdown" could
take considerable time.  E.g. if the shutdown reason is reboot,
the domain must be reaped and then started again.

Spawn a shutdown handler thread to do this work, allowing libxl's
event machinery to go about its business.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
2014-02-06 10:17:58 -07:00
Jim Fehlig
eaa8d9b2c7 libxl: remove list of timer registrations from libxlDomainObjPrivate
Due to some misunderstanding of requirements libxl places on timer
handling, I introduced the half-brained idea of maintaining a list
of timeouts that the driver could force to expire before freeing a
libxlDomainObjPrivate (and hence libxl_ctx).  But testing all
the latest versions of Xen supported by the libxl driver (4.2.3,
4.3.1, 4.4.0 RC3), I see that libxl will handle this just fine and
there is no need to force expiration behind libxl's back.  Indeed it
may be harmful to do so.

This patch removes the timer list, allowing libxl to handle cleanup
of its timer registrations.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
2014-02-06 10:08:11 -07:00
Jim Fehlig
cda52dbfe5 libxl: fix leaking libxlDomainObjPrivate
When libxl registers an FD with the libxl driver, the refcnt of the
associated libxlDomainObjPrivate object is incremented. The refcnt
is decremented when libxl deregisters the FD.  But some FDs are only
deregistered when their libxl ctx is freed, which unfortunately is
done in the libxlDomainObjPrivate dispose function.  With references
held by the FDs, libxlDomainObjPrivate is never disposed.

I added the ref/unref in FD registration/deregistration when adding
the same in timer registration/deregistration.  For timers, this
is a simple approach to ensuring the libxlDomainObjPrivate is not
disposed prior to their expirtation, which libxl guarantees will
occur.  It is not needed for FDs, and only causes
libxlDomainObjPrivate to leak.

This patch removes the reference on libxlDomainObjPrivate for FD
registrations, but retains them for timer registrations.  Tested on
the latest releases of Xen supported by the libxl driver:  4.2.3,
4.3.1, and 4.4.0 RC3.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
2014-02-06 10:06:26 -07:00
Matthieu Coudron
0778fc1ab9 qemu_driver: Introduce <filesystem/> support in device attach/detach
This commit allows to attach/detach a <filesystem> device in qemu. For
this purpose I'm introducing two new functions: virDomainFSInsert() and
virDomainFSRemove() and adding necessary code in the qemu driver.  It
compares filesystems based on their "destination" folder. So if two
filesystems share the same destination, they are considered equal and
the qemu driver would reject the insertion.

Signed-off-by: Matthieu Coudron <mattator@gmail.com>
2014-02-06 17:20:03 +01:00
Matthieu Coudron
8fc98ac8cf virDomainHostdev{Insert,Delete}: Replace VIR_REALLOC_N by VIR_{APPEND,DELETE}_ELEMENT
With this change the code gets shorter and more readable.

Signed-off-by: Matthieu Coudron <mattator@gmail.com>
2014-02-06 17:10:26 +01:00
Roman Bogorodskiy
3b00df01fb BSD: implement nodeGetCPUStats
Implementation obtains CPU usage information using
kern.cp_time and kern.cp_times sysctl(8)s and reports
CPU utilization.
2014-02-06 14:09:15 +01:00
Jiri Denemark
05bf937572 qemu: Fix crash in virDomainMemoryStats with old qemu
If virDomainMemoryStats was run on a domain with virtio balloon driver
running on an old qemu which supports QMP but does not support qom-list
QMP command, libvirtd would crash. The reason is we did not check if
qemuMonitorJSONGetObjectListPaths failed and moreover we even stored its
result in an unsigned integer type.
2014-02-06 11:29:29 +01:00
Peter Krempa
5d2691cc4c qemu: blockjob: Print correct file name in error message
When attempting a blockcommit from the top layer, the base argument
passed is NULL. This will be dereferenced when attempting a commit with
an empty image chain. Output the real volume path instead:

virsh blockcommit --verbose --path vda --domain DOMNAME --wait
error: invalid argument: top '/path/somefile' in chain for 'vda' has no backing file

instead of:

error: invalid argument: top '(null)' in chain for 'vda' has no backing file
2014-02-06 10:43:57 +01:00
Peter Krempa
cc3d335b76 maint: Change the text of the NULLSTR() macro to "<null>"
Eric Blake suggested to change this message to be different from the
glibc's NULL deref protection message in printf to be able to
differentiate errors.
2014-02-06 10:43:57 +01:00
Michal Privoznik
51bea5df5d qemuBuildClockArgStr: Allow localtime clock basis
https://bugzilla.redhat.com/show_bug.cgi?id=1046192

Commit b8bf79a, which adds clock='variable', forgets to check
localtime basis in qemuBuildClockArgStr(). So that localtime
basis could not be used.

Reported-by: Jincheng Miao <jmiao@redhat.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-02-06 07:51:07 +01:00
Ján Tomko
0db9b0883c Generate a valid imagelabel even for type 'none'
Commit 2ce63c1 added imagelabel generation when relabeling is turned
off. But we weren't filling out the sensitivity for type 'none' labels,
resulting in an invalid label:

$ virsh managedsave domain
error: unable to set security context 'system_u:object_r:svirt_image_t'
on fd 28: Invalid argument
2014-02-05 19:47:30 +01:00
Eric Blake
f34ea654de maint: fix grammar in conf file
Noticed a misuse of 'to' while testing my event regression under
polkit ACLs, and decided to review the entire conf files for
other legibility bugs.

* daemon/libvirtd.conf: Use correct grammar.
* src/qemu/qemu.conf: Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-02-05 10:40:14 -07:00
Eric Blake
11f20e43f1 event: move event filtering to daemon (regression fix)
https://bugzilla.redhat.com/show_bug.cgi?id=1058839

Commit f9f56340 for CVE-2014-0028 almost had the right idea - we
need to check the ACL rules to filter which events to send.  But
it overlooked one thing: the event dispatch queue is running in
the main loop thread, and therefore does not normally have a
current virIdentityPtr.  But filter checks can be based on current
identity, so when libvirtd.conf contains access_drivers=["polkit"],
we ended up rejecting access for EVERY event due to failure to
look up the current identity, even if it should have been allowed.

Furthermore, even for events that are triggered by API calls, it
is important to remember that the point of events is that they can
be copied across multiple connections, which may have separate
identities and permissions.  So even if events were dispatched
from a context where we have an identity, we must change to the
correct identity of the connection that will be receiving the
event, rather than basing a decision on the context that triggered
the event, when deciding whether to filter an event to a
particular connection.

If there were an easy way to get from virConnectPtr to the
appropriate virIdentityPtr, then object_event.c could adjust the
identity prior to checking whether to dispatch an event.  But
setting up that back-reference is a bit invasive.  Instead, it
is easier to delay the filtering check until lower down the
stack, at the point where we have direct access to the RPC
client object that owns an identity.  As such, this patch ends
up reverting a large portion of the framework of commit f9f56340.
We also have to teach 'make check' to special-case the fact that
the event registration filtering is done at the point of dispatch,
rather than the point of registration.  Note that even though we
don't actually use virConnectDomainEventRegisterCheckACL (because
the RegisterAny variant is sufficient), we still generate the
function for the purposes of documenting that the filtering
takes place.

Also note that I did not entirely delete the notion of a filter
from object_event.c; I still plan on using that for my upcoming
patch series for qemu monitor events in libvirt-qemu.so.  In
other words, while this patch changes ACL filtering to live in
remote.c and therefore we have no current client of the filtering
in object_event.c, the notion of filtering in object_event.c is
still useful down the road.

* src/check-aclrules.pl: Exempt event registration from having to
pass checkACL filter down call stack.
* daemon/remote.c (remoteRelayDomainEventCheckACL)
(remoteRelayNetworkEventCheckACL): New functions.
(remoteRelay*Event*): Use new functions.
* src/conf/domain_event.h (virDomainEventStateRegister)
(virDomainEventStateRegisterID): Drop unused parameter.
* src/conf/network_event.h (virNetworkEventStateRegisterID):
Likewise.
* src/conf/domain_event.c (virDomainEventFilter): Delete unused
function.
* src/conf/network_event.c (virNetworkEventFilter): Likewise.
* src/libxl/libxl_driver.c: Adjust caller.
* src/lxc/lxc_driver.c: Likewise.
* src/network/bridge_driver.c: Likewise.
* src/qemu/qemu_driver.c: Likewise.
* src/remote/remote_driver.c: Likewise.
* src/test/test_driver.c: Likewise.
* src/uml/uml_driver.c: Likewise.
* src/vbox/vbox_tmpl.c: Likewise.
* src/xen/xen_driver.c: Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-02-05 08:03:31 -07:00
Laine Stump
eafb53fec2 network: disallow <bandwidth>/<mac> for bridged/macvtap/hostdev networks
https://bugzilla.redhat.com/show_bug.cgi?id=1057321

pointed out that we weren't honoring the <bandwidth> element in
libvirt networks using <forward mode='bridge'/>. In fact, these
networks are just a method of giving a libvirt network name to an
existing Linux host bridge on the system, and libvirt doesn't have
enough information to know where to set such limits. We are working on
a method of supporting network bandwidths for some specific cases of
<forward mode='bridge'/>, but currently libvirt doesn't support it. So
the proper thing to do now is just log an error when someone tries to
put a <bandwidth> element in that type of network. (It's unclear if we
will be able to do proper bandwidth limiting for macvtap networks, and
most definitely we will not be able to support it for hostdev
networks).

While looking through the network XML documentation and comparing it
to the networkValidate function, I noticed that we also ignore the
presence of a mac address in the config in the same cases, rather than
failing so that the user will understand that their desired action has
not been taken.

This patch updates networkValidate() (which is called any time a
persistent network is defined, or a transient network created) to log
an error and fail if it finds either a <bandwidth> or <mac> element
and the network forward mode is anything except 'route'. 'nat', or
nothing. (Yes, neither of those elements is acceptable for any macvtap
mode, nor for a hostdev network).

NB: This does *not* cause failure to start any existing network that
contains one of those elements, so someone might have erroneously
defined such a network in the past, and that network will continue to
function unmodified. I considered it too disruptive to suddenly break
working configs on the next reboot after a libvirt upgrade.
2014-02-05 15:04:58 +02:00
John Ferlan
19259574d5 Honor blacklist for modprobe command
https://bugzilla.redhat.com/show_bug.cgi?id=1045124

When loading modules, libvirt does not honor the modprobe blacklist.
Use the new virKModLoad() API in order to attempt load with blacklist check.
Use the new virKModIsBlacklisted() API to check if the failure to load
was due to the blacklist

Signed-off-by: John Ferlan <jferlan@redhat.com>
2014-02-04 10:43:53 -05:00
John Ferlan
4a2179ea92 utils: Introduce functions for kernel module manipulation
virKModConfig()        - Return a buffer containing kernel module configuration
virKModLoad()          - Load a specific module into the kernel configuration
virKModUnload()        - Unload a specific module from the kernel configuration
virKModIsBlacklisted() - Determine whether a module is blacklisted within
                         the kernel configuration
2014-02-04 08:52:27 -05:00
Laine Stump
0d0a7bf45a qemu: be sure we're using the updated value of backend during hotplug
commit f094aaac changed qemuPrepareHostdevPCIDevices() such that it
may modify the "backend" (vfio vs. legacy kvm) setting in the
virHostdevDef. However, qemuDomainAttachHostPciDevice() (used by
hotplug) copies the backend setting into a local *before* calling
qemuPrepareHostdevPCIDevices(), and then later makes a decision based
on that pre-change value.

The result is that, if the backend had been set to "default" (i.e. not
specified in the config) and was later updated to "VFIO" by
qemuPrepareHostdevPCIDevices(), the qemu process' MacMemLock is not
increased (as is required for VFIO device assignment).

This patch delays making the local copy of backend until after its
potential modification.
2014-02-04 14:05:09 +02:00
Laine Stump
66f75925eb network: change default of forwardPlainNames to 'yes'
The previous patch fixed "forwardPlainNames" so that it really is
doing only what is intended, but left the default to be
"forwardPlainNames='no'". Discussion around the initial version of
that patch led to the decision that the default should instead be
"forwardPlainNames='yes'" (i.e. the original behavior before commit
f3886825). This patch makes that change to the default.
2014-02-04 12:00:26 +02:00
Laine Stump
f69a6b987d network: only prevent forwarding of DNS requests for unqualified names
In commit f386825 we began adding the options

  --domain-needed
  --local=/$mydomain/

to all dnsmasq commandlines with the stated reason of preventing
forwarding of DNS queries for names that weren't fully qualified
domain names ("FQDN", i.e. a name that included some "."s and a domain
name). This was later changed to

  domain-needed
  local=/$mydomain/

when we moved the options from the dnsmasq commandline to a conf file.

The original patch on the list, and discussion about it, is here:

  https://www.redhat.com/archives/libvir-list/2012-August/msg01594.html

When a domain name isn't specified (mydomain == ""), the addition of
"domain-needed local=//" will prevent forwarding of domain-less
requests to the virtualization host's DNS resolver, but if a domain
*is* specified, the addition of "local=/domain/" will prevent
forwarding of any requests for *qualified* names within that domain
that aren't resolvable by libvirt's dnsmasq itself.

An example of the problems this causes - let's say a network is
defined with:

   <domain name='example.com'/>
   <dhcp>
      ..
      <host mac='52:54:00:11:22:33' ip='1.2.3.4' name='myguest'/>
   </dhcp>

This results in "local=/example.com/" being added to the dnsmasq options.

If a guest requests "myguest" or "myguest.example.com", that will be
resolved by dnsmasq. If the guest asks for "www.example.com", dnsmasq
will not know the answer, but instead of forwarding it to the host, it
will return NOT FOUND to the guest. In most cases that isn't the
behavior an admin is looking for.

A later patch (commit 4f595ba) attempted to remedy this by adding a
"forwardPlainNames" attribute to the <dns> element. The idea was that
if forwardPlainNames='yes' (default is 'no'), we would allow
unresolved names to be forwarded. However, that patch was botched, in
that it only removed the "domain-needed" option when
forwardPlainNames='yes', and left the "local=/mydomain/".

Really we should have been just including the option "--domain-needed
--local=//" (note the lack of domain name) regardless of the
configured domain of the network, so that requests for names without a
domain would be treated as "local to dnsmasq" and not forwarded, but
all others (including those in the network's configured domain) would
be forwarded. We also shouldn't include *either* of those options if
forwardPlainNames='yes'. This patch makes those corrections.

This patch doesn't remedy the fact that default behavior was changed
by the addition of this feature. That will be handled in a subsequent
patch.
2014-02-04 12:00:26 +02:00
Martin Kletzander
b44f9e7ec9 spice: don't force user to specify spicevmc channel
We support only one spicevmc channel name anyway and the code is
prepared to use the default one, there's only one check missing.  It
is also mentioned in the documentation already and helps defining
domains with spice vdagent for people using virsh.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2014-02-03 09:46:47 +01:00
John Ferlan
5c36e63198 Resolve Coverity dead_error_begin
Coverity complains about default: label in libxl_driver.c not be able
to be reached. It's by design for the code and since it's not necessary
in the code nor does it elicit any compiler/make check warnings - just
remove it rather than adding a coverity[dead_error_begin] tag.

While I'm at it, lxc_driver.c and nodeinfo.c have the same design, so I
removed the default labels and the existing coverity tags.
2014-01-31 12:48:01 -05:00
Daniel P. Berrange
6e5c79a1b5 Push nwfilter update locking up to top level
The NWFilter code has as a deadlock race condition between
the virNWFilter{Define,Undefine} APIs and starting of guest
VMs due to mis-matched lock ordering.

In the virNWFilter{Define,Undefine} codepaths the lock ordering
is

  1. nwfilter driver lock
  2. virt driver lock
  3. nwfilter update lock
  4. domain object lock

In the VM guest startup paths the lock ordering is

  1. virt driver lock
  2. domain object lock
  3. nwfilter update lock

As can be seen the domain object and nwfilter update locks are
not acquired in a consistent order.

The fix used is to push the nwfilter update lock upto the top
level resulting in a lock ordering for virNWFilter{Define,Undefine}
of

  1. nwfilter driver lock
  2. nwfilter update lock
  3. virt driver lock
  4. domain object lock

and VM start using

  1. nwfilter update lock
  2. virt driver lock
  3. domain object lock

This has the effect of serializing VM startup once again, even if
no nwfilters are applied to the guest. There is also the possibility
of deadlock due to a call graph loop via virNWFilterInstantiate
and virNWFilterInstantiateFilterLate.

These two problems mean the lock must be turned into a read/write
lock instead of a plain mutex at the same time. The lock is used to
serialize changes to the "driver->nwfilters" hash, so the write lock
only needs to be held by the define/undefine methods. All other
methods can rely on a read lock which allows good concurrency.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-01-30 18:00:20 +00:00
Daniel P. Berrange
0240d94c36 Remove windows thread implementation in favour of pthreads
There are a number of pthreads impls available on Win32
these days, in particular the mingw64 project has a good
impl. Delete the native windows thread implementation and
rely on using pthreads everywhere.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-01-30 18:00:20 +00:00
Daniel P. Berrange
c065984b58 Add a read/write lock implementation
Add virRWLock backed up by a POSIX rwlock primitive

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-01-30 18:00:20 +00:00
Daniel P. Berrange
94e0906839 Skip check-augeas-lockd when QEMU is disabled
The check-augeas-lockd test depends on the file
locking/qemu-lockd.conf, so must be skipped when QEMU
is disabled.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-01-30 18:00:20 +00:00
Osier Yang
b1b81efe9a util: Accept test data path for scsi device's sg_path
Commit 10c9ceff6d intended to introduce new argument for the
testing purpose, but it missed the similar changing of the
device's sg_path. The problem was hidden since my laptop has
the /dev/sg0 and /dev/sg1.  A later patch will modify the tests
accordingly.

Signed-off-by: Osier Yang <jyang@redhat.com>
Reported-by: Pavel Hrdina <phrdina@redhat.com>
2014-01-30 16:34:43 +01:00
Osier Yang
f406aa25f2 qemu: Fix the error message for scsi host device's shareable checking
This fixes the wrong argument order.
2014-01-30 16:50:10 +08:00
Osier Yang
10c9ceff6d util: Add one argument for several scsi utils
To support passing the path of the test data to the utils, one
more argument is added to virSCSIDeviceGetSgName,
virSCSIDeviceGetDevName, and virSCSIDeviceNew, and the related
code is changed accordingly.

Later tests for the scsi utils will be based on this patch.

Signed-off-by: Osier Yang <jyang@redhat.com>
2014-01-30 15:48:28 +08:00
Osier Yang
fd243fc4ad qemu: Don't fail if the SCSI host device is shareable between domains
It doesn't make sense to fail if the SCSI host device is specified
as "shareable" explicitly between domains (NB, it works if and only
if the device is specified as "shareable" for *all* domains,
otherwise it fails).

To fix the problem, this patch introduces an array for virSCSIDevice
struct, which records all the names of domain which are using the
device (note that the recorded domains must specify the device as
shareable).  And the change on the data struct brings on many
subsequent changes in the code.

Prior to this patch, the "shareable" tag didn't work as expected,
it actually work like "non-shareable".  So this patch also added notes
in formatdomain.html to declare the fact.

* src/util/virscsi.h:
  - Remove virSCSIDeviceGetUsedBy
  - Change definition of virSCSIDeviceGetUsedBy and virSCSIDeviceListDel
  - Add virSCSIDeviceIsAvailable

* src/util/virscsi.c:
  - struct virSCSIDevice: Change "used_by" to be an array; Add
    "n_used_by" as the array count
  - virSCSIDeviceGetUsedBy: Removed
  - virSCSIDeviceFree: frees the "used_by" array
  - virSCSIDeviceSetUsedBy: Copy the domain name to avoid potential
    memory corruption
  - virSCSIDeviceIsAvailable: New
  - virSCSIDeviceListDel: Change the logic, for device which is already
    in the list, just remove the corresponding entry in "used_by". And
    since it's only used in one place, we can safely removing the code
    to find out the dev in the list first.
  - Copyright updating

* src/libvirt_private.sys:
  - virSCSIDeviceGetUsedBy: Remove
  - virSCSIDeviceIsAvailable: New

* src/qemu/qemu_hostdev.c:
  - qemuUpdateActiveScsiHostdevs: Check if the device existing before
    adding it to the list;
  - qemuPrepareHostdevSCSIDevices: Error out if the not all domains
    use the device as "shareable"; Also don't try to add the device
    to the activeScsiHostdevs list if it already there; And make
    more sensible error w.r.t the current "shareable" value in
    driver->activeScsiHostdevs.
  - qemuDomainReAttachHostScsiDevices: Change the logic according
    to the changes on helpers.

Signed-off-by: Osier Yang <jyang@redhat.com>
2014-01-30 15:46:24 +08:00
Roman Bogorodskiy
d779d218d4 maint: add configure checks for BSD CPU affinity
Check for presence of sys/cpuset.h header and cpuset_getaffinity()
in configure instead of just using #ifdef __FreeBSD__ for that code.
2014-01-29 12:11:48 -07:00
Michal Privoznik
122cd16982 Revert "networkAllocateActualDevice: Set QoS for bridgeless networks too"
This reverts commit 2996e6be19
and some parts of 2636dc8c4d.

The former one tried to implement QoS setting on bridgeless networks.
However, as discussed upstream [1], the patch is far away from being
useful in even a single case. The whole idea of network QoS is to have
aggregated limits over several interfaces. This patch is doing
completely the opposite when merging two QoS settings (from the network
and the domain interface) into one which is then set at the domain
interface itself, not the network.

The latter one is the test for the previous one. Now none of them makes
sense.

1: https://www.redhat.com/archives/libvir-list/2014-January/msg01441.html

Conflicts:
	tests/virnetdevbandwidthtest.c: New test has been introduced since
    then.
2014-01-29 19:01:19 +01:00
Michal Privoznik
550a2ceffb virCommand: Introduce virCommandSetDryRun
There are some units within libvirt that utilize virCommand API to run
some commands and deserve own unit testing. These units are, however,
not desired to be rewritten to dig virCommand API usage out. As a great
example virNetDevBandwidth could be used. The problem with the bandwidth
unit is: it uses virCommand API heavily. Therefore we need a mechanism
to not really run a command, but rather see its string representation
after which we can decide if the unit construct the correct sequence of
commands or not.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-01-29 18:01:36 +01:00
Peter Krempa
7076b4b72c snapshot: Add support for specifying snapshot disk backing type
Add support for specifying various types when doing snapshots. This will
later allow to do snapshots on network backed volumes. Disks of type
'volume' are not supported by snapshots (yet).

Also amend the test suite to check parsing of the various new disk
types that can now be specified.
2014-01-29 12:56:35 +01:00
Jim Fehlig
37564b471d xen: fix parsing xend http response
Commit df36af58 broke parsing of http response from xend.  The prior
use of atoi() would happily parse e.g. a string containing "200 OK\r\n",
whereas virStrToLong_i() will fail when called with a NULL end_ptr.
Change the calls to virStrToLong_i() to provide a non-NULL end_ptr.
2014-01-28 18:32:49 -07:00
Jiri Denemark
580ddf0d34 cpu: Try to use source CPU model in virConnectBaselineCPU
https://bugzilla.redhat.com/show_bug.cgi?id=1049391

When all source CPU XMLs contain just a single CPU model (with a
possibly varying set of additional feature elements),
virConnectBaselineCPU will try to use this CPU model in the computed
guest CPU. Thus, when used on just a single CPU (useful with
VIR_CONNECT_BASELINE_CPU_EXPAND_FEATURES), the result will not use a
different CPU model.

If the computed CPU uses the source model, set fallback mode to 'forbid'
to make sure the guest CPU will always be as close as possible to the
source CPUs.
2014-01-28 21:27:37 +01:00
Jiri Denemark
802f157e8c cpu: Fix VIR_CONNECT_BASELINE_CPU_EXPAND_FEATURES
https://bugzilla.redhat.com/show_bug.cgi?id=1049391

VIR_CONNECT_BASELINE_CPU_EXPAND_FEATURES flag for virConnectBaselineCPU
did not work if the resulting guest CPU would disable some features
present in its base model. This patch makes sure we won't try to add
such features twice.
2014-01-28 21:27:37 +01:00
Ján Tomko
1c1242a2ed Reword error message for oversized cpu time fields 2014-01-28 08:48:32 +01:00
Ján Tomko
61cf8d8461 Simplify linuxNodeGetCPUStats
Split out the repetitive code.
2014-01-28 08:48:31 +01:00
Roman Bogorodskiy
c022fbc9bb BSD: implement virProcess{Get,Set}Affinity
Implement virProcess{Get,Set}Affinity() using cpuset_getaffinity()
and cpuset_setaffinity() calls. Quick search showed that they are
only available on FreeBSD, so placed it inside existing #ifdef
blocks for FreeBSD instead of adding configure checks.
2014-01-27 09:51:55 -07:00
Pradipta Kr. Banerjee
c6320d3463 Add hw random number generator (/dev/hwrng) to cgroup ACL
Creating a qemu VM with /dev/hwrng as backend RNG device throws the
following error - "Could not open '/dev/hwrng': Permission denied"
This patch fixes the issue

Signed-off-by: Pradipta Kr. Banerjee <bpradip@in.ibm.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-27 09:48:39 -07:00
Michal Privoznik
2996e6be19 networkAllocateActualDevice: Set QoS for bridgeless networks too
https://bugzilla.redhat.com/show_bug.cgi?id=1055484

Currently, libvirt's XML schema of network allows QoS to be defined for
every network even though it has no bridge. For instance:

<network>
    <name>vdsm-no-bridge</name>
    <forward mode='passthrough'>
      <interface dev='em1.10'/>
    </forward>
    <bandwidth>
        <inbound average='1000' peak='5000' burst='1024'/>
        <outbound average='1000' burst='1024'/>
    </bandwidth>
</network>

The bandwidth limitations can be, however, applied even on such
networks. In fact, they are going to be applied on the interface that
will be connected to the network on a domain startup. This approach,
however, has one limitation. With bridged networks, there are two points
where QoS can be set: bridge and domain interface. The lower limit of
the two is enforced then. For instance, if the interface has 10Mbps
average, but the network only 1Mbps, there's no way for interface to
transmit packets faster than the 1Mbps limit. With two points this is
enforced by kernel.  With only one point, we must combine both QoS
settings into one which is set afterwards. Look at
virNetDevBandwidthMinimal() and you'll understand immediately what I
mean.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-01-27 12:11:27 +01:00
Ján Tomko
5099f745e6 Add test for linuxNodeGetCPUStats
Check if cpu stats are read correctly from a sample
/proc/stat collected from a 24 CPU machine.
2014-01-27 11:04:02 +01:00
Ján Tomko
b3b44c572c Move test-local declarations to nodeinfopriv.h
linuxNodeInfoCPUPopulate is only used in the nodeinfo.c file
and in the test suite.
2014-01-27 11:04:02 +01:00
Oleg Strikov
29ea437e40 qemu: Enable 'host-passthrough' cpu mode for aarch64
This patch allows libvirt user to specify 'host-passthrough'
cpu mode while using qemu/kvm backend on aarch64.
It uses 'host' as a CPU model name instead of some other stub
(correct CPU detection is not implemented yet) to allow libvirt
user to specify 'host-model' cpu mode as well.

Signed-off-by: Oleg Strikov <oleg.strikov@canonical.com>

(crobinso: fix some indentation)
2014-01-25 12:10:02 -05:00
John Ferlan
46a0737e13 Block info query: Add check for transient domain
Currently the qemuDomainGetBlockInfo will return allocation == physical
for most backing stores. For a qcow2 block backed device it's possible
to return the highest lv extent allocated from qemu for an active guest.
That is a value where allocation != physical and one would hope be less.
However, if the guest is not running, then the code falls back to returning
allocation == physical. This turns out to be problematic for rhev which
monitors the size of the backing store. During a migration, before the
VM has been started on the target and while it is deemed inactive on the
source, there's a small window of time where the allocation is returned
as physical triggering the code to extend the file unnecessarily.

Since rhev uses transient domains and this is edge condition for a transient
domain, rather than returning good status and allocation == physical when
this "window of opportunity" exists, this patch will check for a transient
(or non persistent) domain and return a failure to the caller rather than
returning the defaults. For a persistent domain, the defaults will be
returned. The description for the virDomainGetBlockInfo has been updated
to describe the phenomena.
2014-01-24 11:37:18 -05:00
Gao feng
71f7d5840f qemu: remove memset params array to zero in qemuDomainGetPercpuStats
the array params is allocated by VIR_ALLOC_N in
remoteDispatchDomainGetCPUStats. it had been set
to zero. No need to reset it to zero again, and
this reset here is incorrect too, nparams * ncpus
is the array length not the size of params array.

Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
2014-01-24 16:31:53 +08:00
Osier Yang
88ae5dc759 storage: Fix the memory leak
The return value of virGetFCHostNameByWWN is a strdup'ed string.
Also add comments to declare that the caller should take care of
freeing it.
2014-01-23 21:39:05 +08:00
Osier Yang
7519958735 util: Fix the indention
Left in the git cache without commit before pushing. Pushed under
build breaker and trivial rule.
2014-01-23 18:16:11 +08:00
Osier Yang
2b66504ded util: Add "shareable" field for virSCSIDevice struct
Unlike the host devices of other types, SCSI host device XML supports
"shareable" tag. This patch introduces it for the virSCSIDevice struct
for a later patch use (to detect if the SCSI device is shareable when
preparing the SCSI host device in QEMU driver).
2014-01-23 17:52:33 +08:00
Osier Yang
2340f0196f storage: Fix autostart of pool with "fc_host" type adapter
The "checkPool" is a bit different for pool with "fc_host"
type source adapter, since the vHBA it's based on might be
not created yet (it's created by "startPool", which is
involked after "checkPool" in storageDriverAutostart). So it
should not fail, otherwise the "autostart" of the pool will
fail either.

The problem is easy to reproduce:
    * Enable "autostart" for the pool
    * Restart libvirtd service
    * Check the pool's state
2014-01-23 17:50:29 +08:00
Bing Bu Cao
2310e631cd Fix buffer size in linuxNodeGetCPUstats
94f8205 added a space to the string but didn't change the buffer size.

Signed-off-by: Bing Bu Cao <mars@linux.vnet.ibm.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2014-01-23 10:29:14 +01:00
Osier Yang
6b29eb848f storage: Add document for possible problem on volume detection
For pool which relies on remote resources, such as a "iscsi" type
pool, since how long it takes to export the corresponding devices
to host's sysfs is really depended, it could depend on the network
connection, it also could depend on the host's udev procedures. So
it's likely that the volumes are not able to be detected during pool
starting process, polling the sysfs doesn't work, since we don't
know how much time is best for the polling, and even worse, the
volumes could still be not detected or partly not detected even after
the polling.  So we end up with a documentation to prompt the fact,
in virsh manual.

And as a small improvement, let's explicitly say no LUNs found in
the debug log in that case.
2014-01-23 13:47:55 +08:00
Osier Yang
ae2860b4c6 util: Correct the NUMA node range checking
There are 2 issues here: First we shouldn't add "1" to the return
value of numa_max_node(), since the semanteme of the error message
was changed, it's not saying about the number of total NUMA nodes
anymore.  Second, the value of "bit" is the position of the first
bit which exceeds either numa_max_node() or NUMA_NUM_NODES, it can
be any number in the range, so saying "bigger than $bit" is quite
confused now. For example, assuming there is a NUMA machine which
has 10 NUMA nodes, and one specifies the "nodeset" as "0,5,88",
the error message will be like:

Nodeset is out of range, host cannot support NUMA node bigger than 88

It sounds like all NUMA node number less than 88 is fine, but
actually the maximum NUMA node number the machine supports is 9.

This patch fixes the issues by removing the addition with "1" and
simplifies the error message as "NUMA node $bit is out of range".
Also simplifies the comparision in the while loop by getting the
smaller one of numa_max_node() and NUMA_NUM_NODES up front.
2014-01-23 13:19:56 +08:00
Eric Blake
7f2d27d1e3 api: require write permission for guest agent interaction
I noticed that we allow virDomainGetVcpusFlags even for read-only
connections, but that with a flag, it can require guest agent
interaction.  It is feasible that a malicious guest could
intentionally abuse the replies it sends over the guest agent
connection to possibly trigger a bug in libvirt's JSON parser,
or withhold an answer so as to prevent the use of the agent
in a later command such as a shutdown request.  Although we
don't know of any such exploits now (and therefore don't mind
posting this patch publicly without trying to get a CVE assigned),
it is better to err on the side of caution and explicitly require
full access to any domain where the API requires guest interaction
to operate correctly.

I audited all commands that are marked as conditionally using a
guest agent.  Note that at least virDomainFSTrim is documented
as needing a guest agent, but that such use is unconditional
depending on the hypervisor (so the existing domain:fs_trim ACL
should be sufficient there, rather than also requirng domain:write).
But when designing future APIs, such as the plans for obtaining
a domain's IP addresses, we should copy the approach of this patch
in making interaction with the guest be specified via a flag, and
use that flag to also require stricter access checks.

* src/libvirt.c (virDomainGetVcpusFlags): Forbid guest interaction
on read-only connection.
(virDomainShutdownFlags, virDomainReboot): Improve docs on agent
interaction.
* src/remote/remote_protocol.x
(REMOTE_PROC_DOMAIN_SNAPSHOT_CREATE_XML)
(REMOTE_PROC_DOMAIN_SET_VCPUS_FLAGS)
(REMOTE_PROC_DOMAIN_GET_VCPUS_FLAGS, REMOTE_PROC_DOMAIN_REBOOT)
(REMOTE_PROC_DOMAIN_SHUTDOWN_FLAGS): Require domain:write for any
conditional use of a guest agent.
* src/xen/xen_driver.c: Fix clients.
* src/libxl/libxl_driver.c: Likewise.
* src/uml/uml_driver.c: Likewise.
* src/qemu/qemu_driver.c: Likewise.
* src/lxc/lxc_driver.c: Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-22 16:52:41 -07:00
Jean-Baptiste Rouault
bb85da2cb1 vbox: add support for v4.2.20+ and v4.3.4+
Bugs have been found in the VirtualBox API C bindings. These bugs have
been fixed in versions 4.2.20 and 4.3.4. However, the changes in the
C bindings are incompatible with the vbox_CAPI_v4_2.h and vbox_CAPI_v4_3.h
files which are bundled in libvirt source code.
This is why the following patch adds vbox_CAPI_v4_2_20.h and
vbox_CAPI_v4_3_4.h.

The actual underlying problem here is that until now,
libvirt assumed that VirtualBox API can only change between minor
versions (4.2 -> 4.3), but we have a case here where it changed
(or got fixed) between patch versions (4.2.18 -> 4.2.20).

This patch makes the VBOX_API_VERSION represent the full API
version number (i.e 4002 => 4002000) so there are specific version
numbers for Vbox 4.2.20 (4002020) and 4.3.4 (4003004)
2014-01-22 23:12:52 +01:00
Peter Krempa
7f0fd42741 qemu: Avoid crash in qemuDiskGetActualType
Libvirtd would crash if a domain contained an empty cdrom drive of
type='volume' as the disk def->srcpool member would be dereferenced. Fix
it by checking if the source pool is present before dereferencing it.

Also alter tests to catch this issue in the future.

Reported by: Kevin Shanahan
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1056328
2014-01-22 11:33:31 +01:00
Michael Chapman
881a2cff0d virtlockd: make re-exec more robust
- Use $XDG_RUNTIME_DIR for re-exec state file when running unprivileged.

- argv[0] may not contain a full path to the binary, however it should
  contain something that can be looked up in the PATH. Use execvp() to
  do path lookup on re-exec.

- As per list discussion [1], ignore --daemon on re-exec.

[1] https://www.redhat.com/archives/libvir-list/2013-December/msg00514.html

Signed-off-by: Michael Chapman <mike@very.puzzling.org>
2014-01-22 10:44:41 +01:00
Bing Bu Cao
94f8205359 linuxNodeGetCPUStats: Correctly handle cpu prefix
To retrieve node cpu statistics on Linux system, the
linuxNodeGetCPUstats function simply uses STRPREFIX() to match the cpuid
with the one read from /proc/stat. However, as the file is read line by
line it may happen, that some CPUs share the same prefix. So if user
requested stats for the first CPU, which is offline, then there's no
cpu1 in the stats file so the one that we match is cpu10. Which is
obviously wrong. Fortunately, the IDs are terminated by a space, so we
can utilize that.

Signed-off-by: Bing Bu Cao <mars@linux.vnet.ibm.com>
2014-01-21 17:24:03 +01:00
Peter Krempa
3d1e9e4779 qemu: snapshot: Forbid snapshots when backing is a scsi passthrough disk
https://bugzilla.redhat.com/show_bug.cgi?id=1034993

SCSI passthrough disks (<disk .. device="lun">) can't be used as backing
for snapshots. Currently with upstream qemu the vm crashes on such
attempt.

This patch adds a early check to catch an attempt to do such a snapshot
and rejects it right away. qemu will fix the issue but this will let us
control the error message.
2014-01-21 17:05:21 +01:00
Laine Stump
00e9d6071b build: add $(prefix) to SYSTEMD_UNIT_DIR
I noticed this problem when adding systemd support to netcf, because I
setup the configure.ac to automatically prefer using systemd over
initscripts when possible - although I had copied the
install-data-local target from the example of libvirt's
"libvirt-guests" service more or less verbatim, "make distcheck" would
fail because it was trying to install the service file directly into
/lib/systemd/system rather than into
/home/user/some/unimportant/name/lib/systemd/system.

This is caused by the install/uninstall rules for the systemd unit
files relying on $(DESTDIR) pointing the installed files to the right
place, but in reality $(DESTDIR) is empty during this part of make
distcheck - it instead sets $(prefix) with the toplevel directory used
for its test build/install/uninstall cycle.

(This problem hasn't been seen when running "make distcheck" in
libvirt because libvirt will never build/install systemd support
unless explicitly told to do so on the configure commandline, and
"make distcheck" doesn't put the "--with-initscript=..." option on the
configure commandline.)

I verified that the same problem does exist in libvirt by modifying
libvirt's configure.ac to set:

  init_systemd=yes
  with_init_script=systemd+redhat

This forces a build/install of the systemd unit files during
distcheck, which yields an error like this:

/usr/bin/install -c -m 644 virtlockd.service \
  /lib/systemd/system/
libtool: install: warning: relinking `libvirt-qemu.la'
/usr/bin/install: cannot remove '/lib/systemd/system/virtlockd.service': Permission denied
make[4]: *** [install-systemd] Error 1

After adding $(prefix) to all the definitions of SYSTEMD_UNIT_DIR,
make distcheck now completes successfully with the modified
configure.ac, and the above lines change to something like this:

/usr/bin/install -c -m 644 virtlockd.service \
  /home/laine/devel/libvirt/libvirt-1.2.1/_inst/lib/systemd/system/
2014-01-21 13:19:46 +02:00
Peter Krempa
55bbb011b9 qemu: snapshot: Avoid libvirtd crash when qemu crashes while snapshotting
We shouldn't access the domain definition while we are in the monitor
section as the domain is unlocked. Additionally after we exit from the
monitor we need to check if the VM is still alive. Not doing so resulted
in a crash if qemu exits while attempting to do an external VM snapshot.
2014-01-21 11:42:01 +01:00
Francesco Romani
08d07e5fd8 spice: expose the QEMU disable file transfer option
spice-server offers an API to disable file transfer messages
on the agent channel between the client and the guest.
This is supported in qemu through the disable-agent-file-xfer option.

This patch exposes this option to libvirt.
Adds a new element 'filetransfer', with one property,
'enable', which accepts a boolean.
Default is enabled, for backward compatibility.

Depends on the capability exported in the first patch of the series.

Signed-off-by: Francesco Romani <fromani@redhat.com>
2014-01-21 11:35:41 +01:00
Francesco Romani
19bbc81276 spice: detect if qemu can disable file transfer
spice-server offers an API to disable file transfer messages
on the agent channel between the client and the guest.
This is supported in qemu through the disable-agent-file-xfer option.

This patch detects if QEMU supports this option, and add
a capability if does.

Signed-off-by: Francesco Romani <fromani@redhat.com>
2014-01-21 11:35:40 +01:00
Martin Kletzander
5ce90b3f2d lxc: Fix coverity
Commit 399394ab74 removed some coverity
comments which skipped the dead code, so add them back.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2014-01-21 09:04:44 +01:00
Gao feng
399394ab74 lxc: allow to setup throttle blkio cgroup through virsh
With this patch,user can set throttle blkio cgroup for
lxc domain through virsh tool.

Signed-off-by: Guan Qiang <hzguanqiang@corp.netease.com>
Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
2014-01-21 09:33:00 +08:00
Roman Bogorodskiy
881c6c0047 Use AC_PATH_PROG to search for dmidecode
This is useful in certain circumstances, for example when
libvirtd is being executed by FreeBSD rc script, it cannot find
dmidecode installed from FreeBSD ports because it doesn't have
/usr/local (default prefix for ports) in PATH.
2014-01-20 09:34:53 -07:00
Thorsten Behrens
721949059b maint: align whitespaces with project conventions. 2014-01-20 14:35:08 +01:00
Jiri Denemark
124affae84 pci: Publish some internal code for virpcitest
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2014-01-20 13:58:04 +01:00
Jincheng Miao
df8022721e qemu: Don't detach devices if passthrough doesn't work
https://bugzilla.redhat.com/show_bug.cgi?id=1046919

If none (KVM, VFIO) of the supported PCI passthrough methods is known to
work on a host, it's better to fail right away with a nice error message
rather than letting attachment fail with a more cryptic message such as

    Failed to bind PCI device '0000:07:05.0' to vfio-pci: No such device

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2014-01-20 13:58:04 +01:00
Jiri Denemark
d8ab981bdd pci: Fix failure paths in detach
https://bugzilla.redhat.com/show_bug.cgi?id=1046919

Since commit v0.9.0-47-g4e8969e (released in 0.9.1) some failures during
device detach were reported to callers of virPCIDeviceBindToStub as
success. For example, even though a device seemed to be detached

    virsh # nodedev-detach pci_0000_07_05_0 --driver vfio
    Device pci_0000_07_05_0 detached

one could find similar message in libvirt logs:

    Failed to bind PCI device '0000:07:05.0' to vfio-pci: No such device

This patch fixes these paths and also avoids overwriting real errors
with errors encountered during a cleanup phase.
2014-01-20 13:58:04 +01:00
Jiri Denemark
c982e5e84f pci: Make reattach work for unbound devices
https://bugzilla.redhat.com/show_bug.cgi?id=1046919

When a PCI device is not bound to any driver, reattach should just
trigger driver probe rather than failing with

    Invalid device 0000:00:19.0 driver file
    /sys/bus/pci/devices/0000:00:19.0/driver is not a symlink

While virPCIDeviceGetDriverPathAndName was documented to return success
and NULL driver and path when a device is not attached to any driver but
didn't do so. Thus callers could not distinguish unbound devices from
failures.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2014-01-20 13:58:04 +01:00
Gao feng
0728d4721b qemu: allow to setup throttle blkio cgroup through virsh
With this patch, user can setup throttle blkio cgroup
through virsh for qemu domain.

Signed-off-by: Guan Qiang <hzguanqiang@corp.netease.com>
Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
2014-01-20 10:52:49 +08:00
Gao feng
3b431929a2 blkio: Setting throttle blkio cgroup for domain
This patch introduces virCgroupSetBlkioDeviceReadIops,
virCgroupSetBlkioDeviceWriteIops,
virCgroupSetBlkioDeviceReadBps and
virCgroupSetBlkioDeviceWriteBps,

we can use these interfaces to set up throttle
blkio cgroup for domain.

This patch also adds the new throttle blkio cgroup
elements to the test xml.

Signed-off-by: Guan Qiang <hzguanqiang@corp.netease.com>
Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
2014-01-20 10:52:44 +08:00
Gao feng
fb2fbc6d7b domain: introduce xml elements for throttle blkio cgroup
This patch introduces new xml elements under <blkiotune>,
we use these new elements to setup the throttle blkio
cgroup for domain. The new blkiotune node looks like this:

<blkiotune>
  <device>
    <path>/path/to/block</path>
    <weight>1000</weight>
    <read_iops_sec>10000</read_iops_sec>
    <write_iops_sec>10000</write_iops_sec>
    <read_bytes_sec>1000000</read_bytes_sec>
    <write_bytes_sec>1000000</write_bytes_sec>
  </device>
</blkiotune>

Signed-off-by: Guan Qiang <hzguanqiang@corp.netease.com>
Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
2014-01-20 10:52:42 +08:00
Michal Privoznik
d1fdecb624 virSecuritySELinuxSetFileconHelper: Don't fail on read-only NFS
https://bugzilla.redhat.com/show_bug.cgi?id=996543

When starting up a domain, the SELinux labeling is done depending on
current configuration. If the labeling fails we check for possible
causes, as not all labeling failures are fatal. For example, if the
labeled file is on NFS which lacks SELinux support, the file can still
be readable to qemu process. These cases are distinguished by the errno
code: NFS without SELinux support returns EOPNOTSUPP. However, we were
missing one scenario. In case there's a read-only disk on a read-only
NFS (and possibly any FS) and the labeling is just optional (not
explicitly requested in the XML) there's no need to make the labeling
error fatal. In other words, read-only file on read-only NFS can fail to
be labeled, but be readable at the same time.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-01-17 13:35:01 +01:00
Eric Blake
42358e3a0a maint: replace remaining virLib*Error with better names
Finish the cleanup of libvirt.c; all uses of virLib*Error have
now been converted to more canonical conventions.

* src/libvirt.c: Use virReportError in remaining errors.
(virLibConnError, virLibDomainError): Delete unused macros.
* cfg.mk (msg_gen_function): Drop unused names.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-16 12:30:59 -07:00
Eric Blake
323c2cc46c maint: simplify driver registration at startup
We had a lot of repetition of errors that would occur if we
ever register too many drivers; this is unlikely to occur
unless we start adding a lot of new hypervisor modules, but
if it does occur, it's better to have uniform handling of the
situation, so that a one-line change is all that would be
needed if we decide that an internal error is not the best.

* src/libvirt.c (virDriverCheckTabMaxReturn): New define.
(virRegister*Driver): Use it for less code duplication.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-16 12:29:25 -07:00
Eric Blake
27553573f2 maint: clean up error reporting in migration
The choice of error message and category was not consistent
in the migration code; furthermore, the use of virLibConnError
is no longer necessary now that we have a generic virReportError.

* src/qemu/qemu_migration.c (virDomainMigrate*): Prefer
virReportError over virLibConnError.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-16 12:28:17 -07:00
Eric Blake
c8ed177af4 maint: don't lose error on canceled migration
While auditing the error reporting, I noticed that migration
had some issues.  Some of the static helper functions tried
to call virDispatchError(), even though their caller will also
report the error.  Also, if a migration is cancelled early
because a uri was not set, we did not guarantee that the finish
stage would not overwrite the first error message.

* src/qemu/qemu_migration.c (doPeer2PeerMigrate2)
(doPeer2PeerMigrate3): Preserve first error when cancelling.
* src/libvirt.c (virDomainMigrateVersion3Full): Likewise.
(virDomainMigrateVersion1, virDomainMigrateVersion2)
(virDomainMigrateDirect): Avoid redundant error dispatch.
(virDomainMigrateFinish2, virDomainMigrateFinish3)
(virDomainMigrateFinish3Params): Don't report error on cleanup
path.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-16 12:26:54 -07:00
Eric Blake
25221a1b21 maint: avoid nested use of virConnect{Ref,Close}
The public virConnectRef and virConnectClose API are just thin
wrappers around virObjectRef/virObjectRef, with added object
validation and an error reset.  Within our backend drivers, use
of the object validation is just an inefficiency since we always
pass valid objects.  More important to think about is what
happens with the error reset; our uses of virConnectRef happened
to be safe (since we hadn't encountered any earlier errors), but
in several cases the use of virConnectClose could lose a real
error.

Ideally, we should also avoid calling virConnectOpen() from
within backend drivers - but that is a known situation that
needs much more design work.

* src/qemu/qemu_process.c (qemuProcessReconnectHelper)
(qemuProcessReconnect): Avoid nested public API call.
* src/qemu/qemu_driver.c (qemuAutostartDomains)
(qemuStateInitialize, qemuStateStop): Likewise.
* src/qemu/qemu_migration.c (doPeer2PeerMigrate): Likewise.
* src/storage/storage_driver.c (storageDriverAutostart):
Likewise.
* src/uml/uml_driver.c (umlAutostartConfigs): Likewise.
* src/lxc/lxc_process.c (virLXCProcessAutostartAll): Likewise.
(virLXCProcessReboot): Likewise, and avoid leaking conn on error.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-16 12:25:45 -07:00
Eric Blake
c05aebfd65 maint: don't leave garbage on early API exit
Several APIs clear out a user input buffer before attempting to
populate it; but in a few cases we missed this memset if we
detect a reason for an early exit.  Note that these APIs
check for non-NULL arguments, and exit early with an error
message when NULL is passed in; which means that we must be
careful to avoid a NULL deref in order to get to that error
message.  Also, we were inconsistent on the use of
sizeof(virType) vs. sizeof(expression); the latter is more
robust if we ever change the type of the expression (although
such action is unlikely since these types are part of our
public API).

* src/libvirt.c (virDomainGetInfo, virDomainGetBlockInfo)
(virStoragePoolGetInfo, virStorageVolGetInfo)
(virDomainGetJobInfo, virDomainGetBlockJobInfo): Move memset
before any returns.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-16 10:45:15 -07:00
Martin Kletzander
fe89b687a0 qemu: Change the default unix monitor timeout
There is a number of reported issues when we fail starting a domain.
Turns out that, in some scenarios like high load, 3 second timeout is
not enough for qemu to start up to the phase where the socket is
created.  Since there is no downside of waiting longer, raise the
timeout right to 30 seconds.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2014-01-16 17:20:08 +01:00
Peter Krempa
362da8209d storage: Introduce internal pool support
To allow using the storage driver APIs to do operation on generic domain
disks we will need to introduce internal storage pools that will give is
a base to support this stuff even on files that weren't originally
defined as a part of the pool.

This patch introduces the 'internal' flag for a storage pool that will
prevent it from being listed along with the user defined storage pools.
2014-01-16 11:39:53 +01:00
Peter Krempa
b3c1a25df8 storage: Sheepdog: Separate creating of the volume from building
Separate the steps to create libvirt's volume metadata from the actual
volume building process.
2014-01-16 11:39:53 +01:00
Peter Krempa
e103acba23 storage: RBD: Separate creating of the volume from building
Separate the steps to create libvirt's volume metadata from the actual
volume building process.
2014-01-16 11:39:53 +01:00
Peter Krempa
67ccf91bf2 storage: disk: Separate creating of the volume from building
Separate the steps to create libvirt's volume metadata from the actual
volume building process.
2014-01-16 11:39:53 +01:00
Peter Krempa
af1fb38f55 storage: lvm: Separate creating of the volume from building
Separate the steps to create libvirt's volume metadata from the actual
volume building process. This is already done for regular file based
pools to allow job support for storage APIs.
2014-01-16 11:39:53 +01:00
Peter Krempa
7de048829a storage: Support deletion of volumes on gluster pools
Implement the "deleteVol" storage backend function for gluster volumes.
2014-01-16 11:39:53 +01:00
Christophe Fergeau
9b73290f46 conf: Always use VIR_ERR_CONFIG_UNSUPPORTED on enumFromString() failures
Currently, during XML parsing, when a call to a FromString() function to
get an enum value fails, the error which is reported is either
VIR_ERR_CONFIG_UNSUPPORTED, VIR_ERR_INTERNAL_ERROR or VIR_ERR_XML_ERROR.

This commit makes such conversion failures consistently return
VIR_ERR_CONFIG_UNSUPPORTED.
2014-01-16 11:09:43 +01:00
Eric Blake
f9f5634053 event: filter global events by domain:getattr ACL [CVE-2014-0028]
Ever since ACL filtering was added in commit 7639736 (v1.1.1), a
user could still use event registration to obtain access to a
domain that they could not normally access via virDomainLookup*
or virConnectListAllDomains and friends.  We already have the
framework in the RPC generator for creating the filter, and
previous cleanup patches got us to the point that we can now
wire the filter through the entire object event stack.

Furthermore, whether or not domain:getattr is honored, use of
global events is a form of obtaining a list of networks, which
is covered by connect:search_domains added in a93cd08 (v1.1.0).
Ideally, we'd have a way to enforce connect:search_domains when
doing global registrations while omitting that check on a
per-domain registration.  But this patch just unconditionally
requires connect:search_domains, even when no list could be
obtained, based on the following observations:
1. Administrators are unlikely to grant domain:getattr for one
or all domains while still denying connect:search_domains - a
user that is able to manage domains will want to be able to
manage them efficiently, but efficient management includes being
able to list the domains they can access.  The idea of denying
connect:search_domains while still granting access to individual
domains is therefore not adding any real security, but just
serves as a layer of obscurity to annoy the end user.
2. In the current implementation, domain events are filtered
on the client; the server has no idea if a domain filter was
requested, and must therefore assume that all domain event
requests are global.  Even if we fix the RPC protocol to
allow for server-side filtering for newer client/server combos,
making the connect:serach_domains ACL check conditional on
whether the domain argument was NULL won't benefit older clients.
Therefore, we choose to document that connect:search_domains
is a pre-requisite to any domain event management.

Network events need the same treatment, with the obvious
change of using connect:search_networks and network:getattr.

* src/access/viraccessperm.h
(VIR_ACCESS_PERM_CONNECT_SEARCH_DOMAINS)
(VIR_ACCESS_PERM_CONNECT_SEARCH_NETWORKS): Document additional
effect of the permission.
* src/conf/domain_event.h (virDomainEventStateRegister)
(virDomainEventStateRegisterID): Add new parameter.
* src/conf/network_event.h (virNetworkEventStateRegisterID):
Likewise.
* src/conf/object_event_private.h (virObjectEventStateRegisterID):
Likewise.
* src/conf/object_event.c (_virObjectEventCallback): Track a filter.
(virObjectEventDispatchMatchCallback): Use filter.
(virObjectEventCallbackListAddID): Register filter.
* src/conf/domain_event.c (virDomainEventFilter): New function.
(virDomainEventStateRegister, virDomainEventStateRegisterID):
Adjust callers.
* src/conf/network_event.c (virNetworkEventFilter): New function.
(virNetworkEventStateRegisterID): Adjust caller.
* src/remote/remote_protocol.x
(REMOTE_PROC_CONNECT_DOMAIN_EVENT_REGISTER)
(REMOTE_PROC_CONNECT_DOMAIN_EVENT_REGISTER_ANY)
(REMOTE_PROC_CONNECT_NETWORK_EVENT_REGISTER_ANY): Generate a
filter, and require connect:search_domains instead of weaker
connect:read.
* src/test/test_driver.c (testConnectDomainEventRegister)
(testConnectDomainEventRegisterAny)
(testConnectNetworkEventRegisterAny): Update callers.
* src/remote/remote_driver.c (remoteConnectDomainEventRegister)
(remoteConnectDomainEventRegisterAny): Likewise.
* src/xen/xen_driver.c (xenUnifiedConnectDomainEventRegister)
(xenUnifiedConnectDomainEventRegisterAny): Likewise.
* src/vbox/vbox_tmpl.c (vboxDomainGetXMLDesc): Likewise.
* src/libxl/libxl_driver.c (libxlConnectDomainEventRegister)
(libxlConnectDomainEventRegisterAny): Likewise.
* src/qemu/qemu_driver.c (qemuConnectDomainEventRegister)
(qemuConnectDomainEventRegisterAny): Likewise.
* src/uml/uml_driver.c (umlConnectDomainEventRegister)
(umlConnectDomainEventRegisterAny): Likewise.
* src/network/bridge_driver.c
(networkConnectNetworkEventRegisterAny): Likewise.
* src/lxc/lxc_driver.c (lxcConnectDomainEventRegister)
(lxcConnectDomainEventRegisterAny): Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-15 13:55:21 -07:00
Eric Blake
8d9d098b6d event: wire up RPC for server-side network event filtering
We haven't had a release with network events yet, so we are free
to fix the RPC so that it actually does what we want.  Doing
client-side filtering of per-network events is inefficient if a
connection is only interested in events on a single network out
of hundreds available on the server.  But to do server-side
per-network filtering, the server needs to know which network
to filter on - so we need to pass an optional network over on
registration.  Furthermore, it is possible to have a client with
both a global and per-network filter; in the existing code, the
server sends only one event and the client replicates to both
callbacks.  But with server-side filtering, the server will send
the event twice, so we need a way for the client to know which
callbackID is sending an event, to ensure that the client can
filter out events from a registration that does not match the
callbackID from the server.  Likewise, the existing style of
deregistering by eventID alone is fine; but in the new style,
we have to remember which callbackID to delete.

This patch fixes the RPC wire definition to contain all the
needed pieces of information, and hooks into the server and
client side improvements of the previous patches, in order to
switch over to full server-side filtering of network events.
Also, since we fixed this in time, all released versions of
libvirtd that support network events also support per-network
filtering, so we can hard-code that assumption into
network_event.c.

Converting domain events to server-side filtering will require
the introduction of new RPC numbers, as well as a server
feature bit that the client can use to tell whether to use
old-style (server only supports global events) or new-style
(server supports filtered events), so that is deferred to a
later set of patches.

* src/conf/network_event.c (virNetworkEventStateRegisterClient):
Assume server-side filtering.
* src/remote/remote_protocol.x
(remote_connect_network_event_register_any_args): Add network
argument.
(remote_connect_network_event_register_any_ret): Return callbackID
instead of count.
(remote_connect_network_event_deregister_any_args): Pass
callbackID instead of eventID.
(remote_connect_network_event_deregister_any_ret): Drop unused
type.
(remote_network_event_lifecycle_msg): Add callbackID.
* daemon/remote.c
(remoteDispatchConnectNetworkEventDeregisterAny): Drop unused arg,
and deal with callbackID from client.
(remoteRelayNetworkEventLifecycle): Pass callbackID.
(remoteDispatchConnectNetworkEventRegisterAny): Likewise, and
recognize non-NULL network.
* src/remote/remote_driver.c
(remoteConnectNetworkEventRegisterAny): Pass network, and track
server side id.
(remoteConnectNetworkEventDeregisterAny): Deregister by callback id.
(remoteNetworkBuildEventLifecycle): Pass remote id to event queue.
* src/remote_protocol-structs: Regenerate.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-15 13:55:21 -07:00
Eric Blake
a59097e569 event: add notion of remoteID for filtering client network events
In order to mirror a server with per-object filtering, the client
needs to track which server callbackID is servicing the client
callback.  This patch introduces the notion of a serverID, as
well as the plumbing to use it for network events, although the
actual complexity of using per-object filtering in the remote
driver is deferred to a later patch.

* src/conf/object_event.h (virObjectEventStateEventID): Add parameter.
(virObjectEventStateQueueRemote, virObjectEventStateSetRemote):
New prototypes.
(virObjectEventStateRegisterID): Move...
* src/conf/object_event_private.h: ...here, and add parameter.
(_virObjectEvent): Add field.
* src/conf/network_event.h (virNetworkEventStateRegisterClient): New
prototype.
* src/conf/object_event.c (_virObjectEventCallback): Add field.
(virObjectEventStateSetRemote): New function.
(virObjectEventStateQueue): Make wrapper around...
(virObjectEventStateQueueRemote): New function.
(virObjectEventCallbackListCount): Tweak return count when remote
id matching is used.
(virObjectEventCallbackLookup, virObjectEventStateRegisterID):
Tweak registration when remote id matching will be used.
(virObjectEventNew): Default to no remote id.
(virObjectEventCallbackListAddID): Likewise, but set remote id
when one is available.
(virObjectEventCallbackListRemoveID)
(virObjectEventCallbackListMarkDeleteID): Adjust return value when
remote id was set.
(virObjectEventStateEventID): Query existing id.
(virObjectEventDispatchMatchCallback): Require matching event id.
(virObjectEventStateCallbackID): Adjust caller.
* src/conf/network_event.c (virNetworkEventStateRegisterClient): New
function.
(virNetworkEventStateRegisterID): Update caller.
* src/conf/domain_event.c (virDomainEventStateRegister)
(virDomainEventStateRegisterID): Update callers.
* src/remote/remote_driver.c
(remoteConnectNetworkEventRegisterAny)
(remoteConnectNetworkEventDeregisterAny)
(remoteConnectDomainEventDeregisterAny): Likewise.
(remoteEventQueue): Hoist earlier to avoid forward declaration,
and add parameter.  Adjust all callers.
* src/libvirt_private.syms (conf/object_event.h): Drop function.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-15 13:55:21 -07:00
Peter Krempa
b952cbbcca qemu: Avoid operations on NULL monitor if VM fails early
https://bugzilla.redhat.com/show_bug.cgi?id=1047659

If a VM dies very early during an attempted connect to the guest agent
while the locks are down the domain monitor object will be freed. The
object is then accessed later as any failure during guest agent startup
isn't considered fatal.

In the current upstream version this doesn't lead to a crash as
virObjectLock called when entering the monitor in
qemuProcessDetectVcpuPIDs checks the pointer before attempting to
dereference (lock) it. The NULL pointer is then caught in the monitor
helper code.

Before the introduction of virObjectLockable - observed on 0.10.2 - the
pointer is locked directly via virMutexLock leading to a crash.

To avoid this problem we need to differentiate between the guest agent
not being present and the VM quitting when the locks were down. The fix
reorganizes the code in qemuConnectAgent to add the check and then adds
special handling to the callers.
2014-01-15 18:04:25 +01:00
Pavel Hrdina
67fbf129fc Fix possible memory leak in util/virxml.c
A "xmlstr" string may not be assigned into a "doc" pointer and it
could cause memory leak. To fix it if the "doc" pointer is NULL and
the "xmlstr" string is not assigned we should free it.

This has been found by coverity.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2014-01-15 11:11:34 +01:00
Pavel Hrdina
788e6cb25b Fix possible memory leak in phyp_driver.c
There could be a memory leak caused by "managed_system" string, if any
error occurs before "managed_system" is assigned into
"phyp_driver->managed_system". The "managed_system" string wouldn't be
freed at all. The better way is to free the "managed_system" instead
of the one assigned in the "phyp_driver".

This has been found by coverity.

Pointed out by John, that the "phyp_driver->xmlopt" needs to be
unreferenced as well.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Signed-off-by: John Ferlan <jferlan@redhat.com>
2014-01-15 11:11:34 +01:00
Pavel Hrdina
7ed02a0003 Fix memory leak in openvz_conf.c
If there is no error while executing a function "openvzParseBarrierLimit"
a "str" string where is duplicate of a "value" string isn't freed and it
leads into memory leak.

This has been found by coverity.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2014-01-15 11:11:34 +01:00
Jiri Denemark
066c8ef6c1 Really don't crash if a connection closes early
https://bugzilla.redhat.com/show_bug.cgi?id=1047577

When writing commit 173c291, I missed the fact virNetServerClientClose
unlocks the client object before actually clearing client->sock and thus
it is possible to hit a window when client->keepalive is NULL while
client->sock is not NULL. I was thinking client->sock == NULL was a
better check for a closed connection but apparently we have to go with
client->keepalive == NULL to actually fix the crash.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2014-01-13 21:45:48 +01:00
Peter Krempa
fbe472d583 storage: FS: Tweak some comments and fix typos 2014-01-13 21:24:03 +01:00
Eric Blake
c91d13bd0f build: fix build on mingw with winpthreads
On my Fedora 20 box with mingw cross-compiler, the build failed with:

../../src/rpc/virnetclient.c: In function 'virNetClientSetTLSSession':
../../src/rpc/virnetclient.c:745:14: error: unused variable 'oldmask' [-Werror=unused-variable]
     sigset_t oldmask, blockedsigs;
              ^

I traced it to the fact that mingw64-winpthreads installs a header
that does #define pthread_sigmask(...) 0, which means any argument
only ever passed to pthread_sigmask is reported as unused.  This
patch works around the compilation failure, with behavior no worse
than what mingw already gives us regarding the function being a
no-op.

* configure.ac (pthread_sigmask): Probe for broken mingw macro.
* src/util/virutil.h (pthread_sigmask): Rewrite to something that
avoids unused variables.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-13 09:14:11 -07:00
Peter Krempa
d952619894 storage: Break long lines and clean up spaces in storage backend header 2014-01-13 11:21:33 +01:00
Jiri Denemark
173c291473 Don't crash if a connection closes early
https://bugzilla.redhat.com/show_bug.cgi?id=1047577

When a client closes its connection to libvirtd early during
virConnectOpen, more specifically just after making
REMOTE_PROC_CONNECT_SUPPORTS_FEATURE call to check if
VIR_DRV_FEATURE_PROGRAM_KEEPALIVE is supported without even waiting for
the result, libvirtd may crash due to a race in keep-alive
initialization. Once receiving the REMOTE_PROC_CONNECT_SUPPORTS_FEATURE
call, the daemon's event loop delegates it to a worker thread. In case
the event loop detects EOF on the connection and calls
virNetServerClientClose before the worker thread starts to handle
REMOTE_PROC_CONNECT_SUPPORTS_FEATURE call, client->keepalive will be
disposed by the time virNetServerClientStartKeepAlive gets called from
remoteDispatchConnectSupportsFeature. Because the flow is common for
both authenticated and read-only connections, even unprivileged clients
may cause the daemon to crash.

To avoid the crash, virNetServerClientStartKeepAlive needs to check if
the connection is still open before starting keep-alive protocol.

Every libvirt release since 0.9.8 is affected by this bug.
2014-01-13 11:09:59 +01:00
Daniel P. Berrange
53a699a07b Exercise the ABI stability check code in test suite
Any test suite which involves a virDomainDefPtr should
call virDomainDefCheckABIStability with itself just as
a basic sanity check that the identity-comparison always
succeeds. This would have caught the recent NULL pointer
access crash.

Make sure we cope with def->name being NULL since the
VMWare config parser produces NULL names.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-01-10 20:32:48 +00:00
Peter Krempa
558ffad55e storage: Improve error message when a storage backend is missing
Include the name of the storage backend in the error message instead of
just the number.
2014-01-10 09:39:57 +01:00
Peter Krempa
af38f83074 storage: lvm: Avoid forward decl of virStorageBackendLogicalDeleteVol
Change code ordering to avoid the need for a forward declaration.
2014-01-10 09:39:57 +01:00
Peter Krempa
1c0e2b6099 storage: fs: Fix comment for virStorageBackendFileSystemDelete
The comment was talking about creating the pool while the function is
deleting it. Fix the mismatch.
2014-01-10 09:35:30 +01:00
Claudio Bley
c4dadf2393 Clarify documentation on possible return values in case of errors 2014-01-10 09:30:57 +01:00
Eric Blake
f86e463040 event: don't queue NULL event on OOM
Ever since commit 61ac8ce, Coverity complained about
remoteNetworkBuildEventLifecycle not checking for NULL failure
to build an event, compared to other calls in the code base.
But the problem is latent from copy and paste; all 17 of our
remote*BuildEvent* functions in remote_driver.c have the same
issue - if an OOM causes an event to not be built, we happily
pass NULL to remoteEventQueue(), but that function has marked
event as a nonnull parameter.  We were getting lucky (the
event queue's first use of the event happened to be a call to
virIsObjectClass(), which acts gracefully on NULL, so there
was no way to crash); but this is a latent bug waiting to bite
us due to the disregard for the nonnull attribute, as well as
a waste of resources in the event queue.  Better is to just
refuse to queue NULL.  The discard is silent, since the problem
only happens on OOM, and since events are already best effort -
if we fail to get an event, it's not like we have any memory
left to report the issue, nor any idea of who would benefit
from knowing we couldn't create or queue the event.

* src/remote/remote_driver.c (remoteEventQueue): Ignore NULL event.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-09 20:21:38 -07:00
Eric Blake
3d007cb5f8 virt-login-shell: fix regressions in behavior
Our fixes for CVE-2013-4400 were so effective at "fixing" bugs
in virt-login-shell that we ended up fixing it into a useless
do-nothing program.

Commit 3e2f27e1 picked the name LIBVIRT_SETUID_RPC_CLIENT for
the witness macro when we are doing secure compilation.  But
commit 9cd6a57d checked whether the name IN_VIRT_LOGIN_SHELL,
from an earlier version of the patch series, was defined; with
the net result that virt-login-shell invariably detected that
it was setuid and failed virInitialize.

Commit b7fcc799 closed all fds larger than stderr, but in the
wrong place.  Looking at the larger context, we mistakenly did
the close in between obtaining the set of namespace fds, then
actually using those fds to switch namespace, which means that
virt-login-shell will ALWAYS fail.

This is the minimal patch to fix the regressions, although
further patches are also worth having to clean up poor
semantics of the resulting program (for example, it is rude to
not pass on the exit status of the wrapped program back to the
invoking shell).

* tools/virt-login-shell.c (main): Don't close fds until after
namespace swap.
* src/libvirt.c (virGlobalInit): Use correct macro.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-09 15:05:04 -07:00
Eric Blake
dd0e04d9d0 maint: improve VIR_ERR_INVALID_DOMAIN_SNAPSHOT usage
The existing check of domain snapshots validated that they
point to a domain, but did not validate that the domain
points to a connection, even though any errors blindly assume
the connection is valid.  On the other hand, as mentioned in
commit 6e130ddc, any valid domain is already tied to a valid
connection, and VIR_IS_SNAPSHOT vs. VIR_IS_DOMAIN_SNAPSHOT
makes no real difference; it's best to just validate the chain
of all three.  For consistency with previous patches, continue
the trend of using a common macro.  For now, we don't need
virCheckDomainSnapshotGoto().

* src/datatypes.h (virCheckDomainSnapshotReturn): New macro.
(VIR_IS_SNAPSHOT, VIR_IS_DOMAIN_SNAPSHOT):
Drop unused macros.
* src/libvirt.c: Use macro throughout.
(virLibDomainSnapshotError): Drop unused macro.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-09 14:47:02 -07:00
Eric Blake
7d0a0ab7dd maint: improve VIR_ERR_INVALID_NWFILTER usage
While all errors related to invalid nwfilters appeared to be
consistent, we might as well continue the trend of using a
common macro.  As in commit 6e130ddc, the difference between
VIR_IS_NWFILTER and VIR_IS_CONNECTED_NWFILTER is moot, since
reference counting means any valid nwfilter is also tied to
a valid connection.  For now, we don't need virCheckNWFilterGoto().

* src/datatypes.h (virCheckNWFilterReturn): New macro.
(VIR_IS_NWFILTER, VIR_IS_CONNECTED_NWFILTER): Drop unused macros.
* src/libvirt.c: Use macro throughout.
(virLibNWFilterError): Drop unused macro.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-09 14:35:08 -07:00
Eric Blake
101f176ae4 maint: improve VIR_ERR_INVALID_STREAM usage
For streams validation, we weren't consistent on whether to
use VIR_FROM_NONE or VIR_FROM_STREAMS.  Furthermore, in many
API, we want to ensure that a stream is tied to the same
connection as the other object we are operating on; while
other API failed to validate the stream at all.  And the
difference between VIR_IS_STREAM and VIR_IS_CONNECTED_STREAM
is moot; as in commit 6e130ddc, we know that reference
counting means a valid stream will always be tied to a valid
connection.  Similar to previous patches, use a common macro
to make it nicer.

* src/datatypes.h (virCheckStreamReturn, virCheckStreamGoto):
New macros.
(VIR_IS_STREAM, VIR_IS_CONNECTED_STREAM): Drop unused macros.
* src/libvirt.c: Use macro throughout.
(virLibStreamError): Drop unused macro.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-09 14:13:01 -07:00
Eric Blake
916273eb94 maint: improve VIR_ERR_INVALID_SECRET usage
While all errors related to invalid secrets appeared to be
consistent, we might as well continue the trend of using a
common macro.  Just as in commit 6e130ddc, the difference
between VIR_IS_SECRET and VIR_IS_CONNECTED_SECRET is moot
(due to reference counting, any valid secret must be tied to
a valid domain).  For now, we don't need virCheckSecretGoto().

* src/datatypes.h (virCheckSecretReturn): New macro.
(VIR_IS_SECRET, VIR_IS_CONNECTED_SECRET): Drop unused macros.
* src/libvirt.c: Use macro throughout.
(virLibSecretError): Drop unused macro.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-09 13:55:20 -07:00
Eric Blake
9ec935d565 maint: improve VIR_ERR_INVALID_NODE_DEVICE usage
While all errors related to invalid node device appeared to be
consistent, we might as well continue the trend of using a
common macro.  For now, we don't need virCheckNodeDeviceGoto().

* src/datatypes.h (virCheckNodeDeviceReturn): New macro.
(VIR_IS_NODE_DEVICE, VIR_IS_CONNECTED_NODE_DEVICE): Drop
unused macros.
* src/libvirt.c: Use macro throughout.
(virLibNodeDeviceError): Drop unused macro.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-09 11:29:45 -07:00
Martin Kletzander
2a6395aa1d storage: fix crash when listing volumes or undefining a pool
The commit cad3cf9a95 introduced a crash
due to wrong order of parameters being passed to the function.  When
deleting an element, the function decreased the iterator instead of
count and if listing volumes after that (or undefining the pool, NULL
was being dereferenced.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2014-01-09 16:48:11 +01:00
Michal Privoznik
4f588a1b46 qemuBuildNicDevStr: Set vectors= on Multiqueue
Yet another advice appeared on the Multiqueue wiki page:

http://www.linux-kvm.org/page/Multiqueue#Enable_MQ_feature

We should add vectors=N onto the qemu command line, where
N = 2 * (number of queues) + 1.
2014-01-09 15:23:57 +01:00
Eric Blake
097c9b52f4 maint: improve VIR_ERR_INVALID_STORAGE_VOL usage
For storage volume validation, we weren't consistent on
whether to use VIR_FROM_NONE or VIR_FROM_STORAGE.  Similar
to previous patches, use a common macro to make it nicer.
Furthermore, just as in commit 6e130ddc, the difference
between VIR_IS_STORAGE_VOL and VIR_IS_CONNECTED_STORAGE_VOL
is moot (due to reference counting, any valid volume must
be tied to a valid connection).

virStorageVolCreateXMLFrom allows cross-connection cloning,
where the error is reported against the connection of the
destination pool.

* src/datatypes.h (virCheckStorageVolReturn)
(virCheckStorageVolGoto): New macros.
(VIR_IS_STORAGE_VOL, VIR_IS_CONNECTED_STORAGE_VOL): Drop
unused macros.
* src/libvirt.c: Use macro throughout.
(virLibStorageVolError): Drop unused macro.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-09 06:53:26 -07:00
Guido Günther
1b9f5aa7fe Add Documentation fields to systemd service files
We point to the manpages where available and redirect to libvirt's
homepage as a last resort.
2014-01-09 09:32:55 +01:00
Stefan Bader
e1459c1fe8 libxl: Fix devid init in libxlMakeNicList
This basically reverts commit ba64b97134
"libxl: Allow libxl to set NIC devid". However assigning devid's
before calling libxlMakeNic does not work as that is calling
libxl_device_nic_init which sets it back to -1.
Right now auto-assignment only works in the hotplug case. But even if
that would be fixed at some point (if that is possible at all), this
would add a weird dependency between Xen and libvirt versions.
The change here should accept any auto-assignment that makes it into
libxl_device_nic_init. My understanding is that a caller always is
allowed to make the devid choice itself. And assuming libxlMakeNicList
is only used on domain creation, a sequential numbering should be ok.

Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
2014-01-08 19:07:01 -07:00
Eric Blake
8add79a991 maint: improve VIR_ERR_INVALID_STORAGE_POOL usage
virStoragePoolBuild reported an invalid pool as if it were an
invalid network.  Likewise, we weren't consistent on whether to
use VIR_FROM_NONE or VIR_FROM_STORAGE.  Similar to previous
patches, use a common macro to make it nicer.  Furthermore, just
as in commit 6e130ddc, the difference between VIR_IS_STORAGE_POOL
and VIR_IS_CONNECTED_STORAGE_POOL is moot (due to reference
counting, any valid pool must be tied to a valid connection).
For now, we don't need virCheckStoragePoolGoto().

* src/datatypes.h (virCheckStoragePoolReturn): New macro.
(VIR_IS_STORAGE_POOL, VIR_IS_CONNECTED_STORAGE_POOL): Drop
unused macros.
* src/libvirt.c: Use macro throughout.
(virLibStoragePoolError): Drop unused macro.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-08 15:33:57 -07:00
Richard W.M. Jones
e093351209 test driver: Add authentication to test driver.
There is no easy way to test authentication against libvirt.  This
commit modifies the test driver to allow simple username/password
authentication.

You modify the test XML by adding:

 <node>
   ...
   <auth>
     <user password="123456">rich</user>
     <user>jane</user>
   </auth>
 </node>

If there are any /node/auth/user elements, then authentication is
required by the test driver (if none are present, then the test driver
will work as before and not require authentication).

In the example above, two phony users are added:

 rich  password: 123456
 jane  no password required

The test driver will demand a username.  If the password attribute is
present (or if the username entered is wrong), then the password is
also asked for and checked:

 $ virsh -c test://$(pwd)/testnode.xml list
 Enter username for localhost: rich
 Enter rich's password for localhost: ***
  Id    Name                           State
 ----------------------------------------------------
  1     fv0                            running
  2     fc4                            running

Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
2014-01-08 20:12:23 +00:00
Eric Blake
459532b4f7 maint: improve VIR_ERR_INVALID_INTERFACE usage
When checking for a valid interface, we weren't consistent on
whether we reported as VIR_FROM_NONE or VIR_FROM_INTERFACE.
Similar to previous patches, use a common macro to make it nicer.
Furthermore, just as in commit 6e130ddc, the difference between
VIR_IS_INTERFACE and VIR_IS_CONNECTED_INTERFACE is moot (due to
reference counting, any valid interface must be tied to a valid
connection).  For now, we don't need virCheckInterfaceGoto().

* src/datatypes.h (virCheckInterfaceReturn): New macro.
(VIR_IS_INTERFACE, VIR_IS_CONNECTED_INTERFACE): Drop unused
macros.
* src/libvirt.c: Use macro throughout.
(virLibInterfaceError): Drop unused macro.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-08 12:40:06 -07:00
Eric Blake
6d8233fea2 event: clean up client side RPC code
Commit cfd62c1 was incomplete; I found more cases where error
messages were being overwritten, and where the code between
the three registration/deregistration APIs was not consistent.

Since it is fairly easy to trigger an attempt to deregister an
unregistered object through public API, I also changed the error
message from VIR_ERR_INTERNAL_ERROR to VIR_ERR_INVALID_ARG.

* src/conf/object_event.c (virObjectEventCallbackListEventID):
Inline...
(virObjectEventStateEventID): ...into lone caller, and report
error on failure.
(virObjectEventCallbackListAddID, virObjectEventStateCallbackID)
(virObjectEventCallbackListRemoveID)
(virObjectEventCallbackListMarkDeleteID): Tweak error category.
* src/remote/remote_driver.c (remoteConnectDomainEventRegister):
Don't leak registration on failure.
(remoteConnectDomainEventDeregisterAny)
(remoteConnectNetworkEventDeregisterAny): Don't overwrite error.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-08 12:34:19 -07:00
Eric Blake
e176159374 maint: improve VIR_ERR_INVALID_NETWORK usage
When checking for a valid network, we weren't consistent on
whether we reported an invalid network or a connection.  Similar
to previous patches such as commit 6e130ddc, the difference
between VIR_IS_NETWORK and VIR_IS_CONNECTED_NETWORK is moot (due
to reference counting, any valid network must be tied to a valid
connection).  Use a common macro to make the error reporting
for invalid networks nicer.

* src/datatypes.h (virCheckNetworkReturn, virCheckNetworkGoto): New
macros.
(VIR_IS_NETWORK, VIR_IS_CONNECTED_NETWORK): Drop unused macros.
* src/libvirt.c: Use macro throughout.
(virLibNetworkError): Drop unused macro.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-08 09:38:27 -07:00
Osier Yang
6f9894856c util: Use new array management macros
Like commit 94a26c7e from Eric Blake, the old fuzzy code should
be replaced by the new array management macros now.

And the type of scsi->count should be changed into "size_t", and
thus virSCSIDeviceListCount should return size_t instead, similar
for vir{PCI,USB}DeviceListCount.
2014-01-08 23:00:34 +08:00
Gao feng
afba32b897 LXC: create monitor socket under selinux context of domain
the unix socket /var/run/libvirt/lxc/domain.sock is not created
under the selinux context which configured by <seclabel>.

If we try to connect the domain.sock under the selinux context
of domain in virtLXCProcessConnectMonitor,selinux will deny
this connect operation.

type=AVC msg=audit(1387953696.067:662): avc:  denied  { connectto } for  pid=21206 comm="libvirtd" path="/usr/local/var/run/libvirt/lxc/systemd.sock" scontext=unconfined_u:system_r:svirt_lxc_net_t:s0:c770,c848 tcontext=unconfined_u:system_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket

fix this problem by creating socket under selinux context of domain.

Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
2014-01-08 11:10:03 +01:00
Martin Kletzander
4a66ffade5 conf: trivial typo fix
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2014-01-08 10:09:56 +01:00
Michal Privoznik
8ab6f1ad5f virConnect(Un)registerCloseCallback: Unlock @conn prior to error dispatch
The function checks for @conn to be valid and locks its mutex. Then, it
checks if callee is unregistering the same callback that he registered
previously. If this fails an error is reported and  the control jumps to
'error' label. Here, if @conn has some errors (and it certainly does -
the one that's been just reported) the conn->mutex is locked again -
without any previous unlock:

  Thread 1 (Thread 0x7fb500ef1800 (LWP 18982)):
  #0  __lll_lock_wait () at ../nptl/sysdeps/unix/sysv/linux/x86_64/lowlevellock.S:135
  #1  0x00007fb4fd99ce56 in _L_lock_918 () from /lib64/libpthread.so.0
  #2  0x00007fb4fd99ccaa in __GI___pthread_mutex_lock (mutex=0x7fb50153b670) at pthread_mutex_lock.c:64
  #3  0x00007fb5007e574d in virMutexLock (m=m@entry=0x7fb50153b670) at util/virthreadpthread.c:85
  #4  0x00007fb5007b198e in virDispatchError (conn=conn@entry=0x7fb50153b5e0) at util/virerror.c:594
  #5  0x00007fb5008a3735 in virConnectUnregisterCloseCallback (conn=0x7fb50153b5e0, cb=cb@entry=0x7fb500f588e0 <vshCatchDisconnect>) at libvirt.c:21025
  #6  0x00007fb500f5d690 in vshReconnect (ctl=ctl@entry=0x7fffff60e710) at virsh.c:328
  #7  0x00007fb500f5dc50 in vshCommandRun (ctl=ctl@entry=0x7fffff60e710, cmd=0x7fb50152ca80) at virsh.c:1755
  #8  0x00007fb500f5861b in main (argc=<optimized out>, argv=<optimized out>) at virsh.c:3393

And since the conn's mutex is not recursive, the virDispatchError will
never ever lock it successfully.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-01-08 09:12:57 +01:00
Eric Blake
c2aa14b4e2 maint: inline VIR_IS*_DOMAIN macro
Cleanup after a previous patch, commit 6e130dd.  In particular,
note that xenDomainUsedCpus can only be reached from
xenUnifiedDomainGetXMLDesc, which in turn is only reached from
public API that already validated the domain.

* src/xen/xen_driver.c (xenDomainUsedCpus): Drop redundant check.
* src/datatypes.h (VIR_IS_DOMAIN, VIR_IS_CONNECTED_DOMAIN):
Delete, and inline into all callers, since no other file uses it
any more.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-07 21:31:35 -07:00
Eric Blake
6e130ddc4d maint: improve VIR_ERR_INVALID_DOMAIN usage
In datatype.c, virGetDomainSnapshot could result in the message:

error: invalid domain pointer in bad domain

Furthermore, while there are a few functions in libvirt.c that
only care about a virDomainPtr without regards to the connection
(such as virDomainGetName), most functions also require a valid
connection.  Yet several functions were blindly dereferencing
the conn member without checking it for validity first (such as
virDomainOpenConsole).  Rather than try and correct all usage
of VIR_IS_DOMAIN vs. VIR_IS_CONNECTED_DOMAIN, it is easier to
just blindly require that a valid domain object always has a
valid connection object (which should be true anyways, since
every domain object holds a reference to its connection, so the
connection will not be closed until all domain objects have
also been closed to release their reference).

After this patch, all places that validate a domain consistently
report:

error: invalid domain pointer in someFunc

* src/datatypes.h (virCheckDomainReturn, virCheckDomainGoto): New
macros.
* src/datatypes.c (virGetDomainSnapshot): Use new macro.
(virLibConnError): Delete unused macro.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-07 14:38:12 -07:00
Eric Blake
36dd0bd88a event: make network events easier to use without casts
While comparing network and domain events, I noticed that the
test driver had to do a cast in one place and not the other.
For consistency, we should hide the necessary casting as low
as possible in the stack, with everything else using saner
types.

* src/conf/network_event.h (virNetworkEventStateRegisterID): Alter
type.
* src/conf/network_event.c (virNetworkEventStateRegisterID): Hoist
cast here.
* src/test/test_driver.c (testConnectNetworkEventRegisterAny):
Simplify callers.
* src/remote/remote_driver.c
(remoteConnectNetworkEventRegisterAny): Likewise.
* src/network/bridge_driver.c
(networkConnectNetworkEventRegisterAny): Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-07 13:05:27 -07:00
Eric Blake
e9568360a6 event: don't turn offline domain into global event
If a user registers for a domain event filtered to a particular
domain, but the persistent domain is offline at the time, then
the code silently failed to set up the filter.  As a result,
the event fires for all domains, rather than being filtered.
Network events were immune, since they always passed an id
0 argument.

The key to this patch is realizing that
virObjectEventDispatchMatchCallback() only cared about uuid;
so refusing to create a meta for a negative id is pointless,
and in fact, malloc'ing meta at all was overkill; instead,
just directly store a uuid and a flag of whether to filter.

Note that virObjectEventPtr still needs all fields of meta,
because this is how we reconstruct a virDomainPtr inside the
dispatch handler before calling the end user's callback
pointer with the correct object, even though only the uuid
portion of meta is used in deciding whether a callback
matches the given event.  So while uuid is optional for
callbacks, it is mandatory for events.

The change to testDomainCreateXMLMixed is merely on the setup
scenario (as you can't register for a domain unless it is either
running or persistent).  I actually first wrote that test for
this patch, then rebased it to also cover a prior patch (commit
4221d64), but had to adjust it for that patch to use Create
instead of Define for setting up the domain long enough to
register the event in order to work around this bug.  But while
the setup is changed, the main body of the test is still about
whether creation events fire as expected.

* src/conf/object_event_private.h (_virObjectEventCallback):
Replace meta with uuid and flag.
(virObjectEventCallbackListAddID): Update signature.
* src/conf/object_event.h (virObjectEventStateRegisterID):
Likewise.
* src/conf/object_event_private.h (virObjectEventNew): Document
use of name and uuid in events.
* src/conf/object_event.c (virObjectEventCallbackListAddID): Drop
arguments that don't affect filtering.
(virObjectEventCallbackListRemoveID)
(virObjectEventDispatchMatchCallback)
(virObjectEventStateRegisterID): Update clients.
* src/conf/domain_event.c (virDomainEventCallbackListAdd)
(virDomainEventStateRegisterID): Likewise.
* src/conf/network_event.c (virNetworkEventStateRegisterID):
Likewise.
* tests/objecteventtest.c (testDomainCreateXMLMixed): Enhance test.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-07 12:03:42 -07:00
Eric Blake
0cd02bca6e event: don't allow mix of old- and new-style registration
Consider these two calls, in either order:

id1 = virConnectDomainEventRegisterAny(conn, NULL,
   VIR_DOMAIN_EVENT_ID_LIFECYCLE,
   VIR_DOMAIN_EVENT_CALLBACK(callback), NULL, NULL);
virConnectDomainEventRegister(conn, callback, NULL, NULL);

Right now, the second call fails, because under the hood, the
old-style function registration is tightly coupled to the
new style lifecycle eventID, and the two calls both try
to register the same global eventID callback representation.

We've alreay documented that users should avoid old-style
registration and deregistration, so anyone heeding the advice
won't run into this situation.  But it would be even nicer if
we pretend the two interfaces are completely separate, and
disallow any cross-linking.  That is, a call to old-style
deregister should never remove a new-style callback even if it
is the same function pointer, and a call to new-style callback
using only callbackIDs obtained legitimately should never
remove an old-style callback (of course, since our callback
IDs are sequential, and there is still coupling under the
hood, you can easily guess the callbackID of an old style
registration and use new-style deregistration to nuke it - but
that starts to be blatantly bad coding on your part rather
than a surprising result on what looks like reasonable
stand-alone API).

With this patch, you can now register a global lifecycle event
handler twice, by using both old and new APIs; if such an event
occurs, your callback will be entered twice.  But that is not a
problem in practice, since it is already possible to use the
new API to register both a global and per-domain event handler
using the same function, which will likewise fire your callback
twice for that domain.  Duplicates are still prevented when
using the same API with same parameters twice (old-style twice,
new-style global twice, or new-style per-domain with same domain
twice), and things are still bounded (it is not possible to
register a single function pointer more than N+2 times per event
id, where N is the number of domains available on the connection).
Besides, it has always been possible to register as many
separate function pointers on the same event id as desired,
through either old or new style API, where the bound there is
the physical limitation of writing a program with enough
distinct function pointers.

Adding another event registration in the testsuite is sufficient
to cover this, where the test fails without the rest of the patch.

* src/conf/object_event.c (_virObjectEventCallback): Add field.
(virObjectEventCallbackLookup): Add argument.
(virObjectEventCallbackListAddID, virObjectEventStateCallbackID):
Adjust callers.
* tests/objecteventtest.c (testDomainCreateXMLMixed): Enhance test.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-07 11:43:56 -07:00
Eric Blake
995b2ebab6 event: properly filter count of remaining events
On the surface, this sequence of API calls should succeed:

id1 = virConnectDomainEventRegisterAny(..., VIR_DOMAIN_EVENT_ID_LIFECYCLE,...);
id2 = virConnectDomainEventRegisterAny(..., VIR_DOMAIN_EVENT_ID_RTC_CHANGE,...);
virConnectDomainEventDeregisterAny(id1);
id1 = virConnectDomainEventRegisterAny(..., VIR_DOMAIN_EVENT_ID_LIFECYCLE,...);

And for test:///default, it does.  But for qemu:///system, it fails:
libvirt: XML-RPC error : internal error: domain event 0 already registered

Looking closer, the bug is caused by miscommunication between
the object event engine and the client side of the remote driver.
In our implementation, we set up a single server-side event per
eventID, then the client side replicates that one event to all
callbacks that have been registered client side.  To know when
to turn the server side eventID on or off, the client side must
track how many events for the same eventID have been registered.
But while our code was filtering by eventID on event registration,
it did not filter on event deregistration.  So the above API calls
resulted in the deregister returning 1 instead of 0, so no RPC
deregister was issued, and the final register detects on the
server side that the server is already handling eventID 0.

Unfortunately, since the problem is only observable on remote
connections, it's not possible to enhance objecteventtest to
expose the semantics using only public API entry points.

* src/conf/object_event.c (virObjectEventCallbackListCount): New
function.
(virObjectEventCallbackListAddID)
(virObjectEventCallbackListRemoveID)
(virObjectEventCallbackListMarkDeleteID): Use it.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-07 10:53:24 -07:00
Lénaïc Huard
538daf7f3a Fix bridge configuration when OUTPUT policy is DROP on the host
When the host is configured with very restrictive firewall (default policy
is DROP for all chains, including OUTPUT), the bridge driver for Linux
adds netfilter entries to allow DHCP and DNS requests to go from the VM
to the dnsmasq of the host.

The issue that this commit fixes is the fact that a DROP policy on the OUTPUT
chain blocks the DHCP replies from the host’s dnsmasq to the VM.
As DHCP replies are sent in UDP, they are not caught by any --ctstate ESTABLISHED
rule and so, need to be explicitly allowed.

Signed-off-by: Lénaïc Huard <lenaic@lhuard.fr.eu.org>
2014-01-07 18:18:29 +01:00
Thadeu Lima de Souza Cascardo
9a3d7a4778 Read PCI class from sysfs class file instead of config space.
When determining if a device is behind a PCI bridge, the PCI device
class is checked by reading the config space. However, there are some
devices which have the wrong class on the config space, but the class is
initialized by Linux correctly as a PCI BRIDGE. This class can be read
by the sysfs file '/sys/bus/pci/devices/xxxx:xx:xx.x/class'.

One example of such bridge is IBM PCI Bridge 1014:03b9, which is
identified as a Host Bridge when reading the config space.

Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@linux.vnet.ibm.com>
2014-01-07 17:33:59 +01:00
Eric Blake
114aa0751e event: tighten scope of object_event
Tighten up scope after the previous patch avoided using
internals.  This will also make it easier to change
internal implementation without having to chase down quite
as many impacted callers or worrying about two files getting
implementations out of sync.

* src/conf/object_event_private.h
(virObjectEventCallbackListAddID, virObjectEventQueueClear)
(virObjectEventStateLock, virObjectEventStateUnlock)
(virObjectEventTimer): Drop prototype.
(_virObjectEventCallbackList, _virObjectEventState)
(_virObjectEventCallback): Move...
* src/conf/object_event.c: ...here.
(virObjectEventCallbackListAddID, virObjectEventQueueClear)
(virObjectEventStateLock, virObjectEventStateUnlock)
(virObjectEventTimer): Mark private.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-07 09:12:11 -07:00
Eric Blake
4221d64fcb event: don't let old-style events clobber per-domain events
Right now, the older virConnectDomainEventRegister (takes a
function pointer, returns 0 on success) and the newer
virConnectDomainEventRegisterID (takes an eventID, returns a
callbackID) share the underlying implementation (the older
API ends up consuming a callbackID for eventID 0 under the
hood).  We implemented that by a lot of copy and pasted
code between object_event.c and domain_event.c, according to
whether we are dealing with a function pointer or an eventID.
However, our copy and paste is not symmetric.  Consider this
sequence:

id1 = virConnectDomainEventRegisterAny(conn, dom,
   VIR_DOMAIN_EVENT_ID_LIFECYCLE,
   VIR_DOMAIN_EVENT_CALLBACK(callback), NULL, NULL);
virConnectDomainEventRegister(conn, callback, NULL, NULL);
virConnectDomainEventDeregister(conn, callback);
virConnectDomainEventDeregsiterAny(conn, id1);

the first three calls would succeed, but the third call ended
up nuking the id1 callbackID (the per-domain new-style handler),
then the fourth call failed with an error about an unknown
callbackID, leaving us with the global handler (old-style) still
live and receiving events.  It required another old-style
deregister to clean up the mess.  Root cause was that
virDomainEventCallbackList{Remove,MarkDelete} were only
checking for function pointer match, rather than also checking
for whether the registration was global.

Rather than playing with the guts of object_event ourselves
in domain_event, it is nicer to add a mapping function for the
internal callback id, then share common code for event removal.
For now, the function-to-id mapping is used only internally;
I thought about whether a new public API to let a user learn
the callback would be useful, but decided exposing this to the
user is probably a disservice, since we already publicly
document that they should avoid the old style, and since this
patch already demonstrates that older libvirt versions have
weird behavior when mixing old and new styles.

And like all good bug fix patches, I enhanced the testsuite,
validating that the changes in tests/ expose the failure
without the rest of the patch.

* src/conf/object_event.c (virObjectEventCallbackLookup)
(virObjectEventStateCallbackID): New functions.
(virObjectEventCallbackLookup): Use helper function.
* src/conf/object_event_private.h (virObjectEventStateCallbackID):
Declare new function.
* src/conf/domain_event.c (virDomainEventStateRegister)
(virDomainEventStateDeregister): Let common code handle the
complexity.
(virDomainEventCallbackListRemove)
(virDomainEventCallbackListMarkDelete)
(virDomainEventCallbackListAdd): Drop unused functions.
* tests/objecteventtest.c (testDomainCreateXMLMixed): New test.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-07 09:12:10 -07:00
Eric Blake
53827c125e event: rename confusing variable in test, remote drivers
Since the introduction of network events, any driver that uses
a single event state object to track both domain and network
events should not include 'domain' in the name of that object.

* src/test/test_driver.c (_testConn):
s/domainEventState/eventState/, and fix all callers.
* src/remote/remote_driver.c (private_data): Likewise.
(remoteDomainEventQueue): Rename to remoteEventQueue.
(remoteDomainEvents): Rename to remoteEvents.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-07 08:37:45 -07:00
Eric Blake
fc967c3ec9 event: share state driver between test:///default connections
Prior to this patch, every test:/// URI has its own event manager,
which means that registering for an event can only ever receive
events from the connection where it issued the API that triggered
the event.  But the whole idea of events is to be able to learn
about something where an API call did NOT trigger the action.

In order to actually test asynchronous events, I wanted to be able
to tie multiple test connections to the same state.  Use of a file
in a test URI is still per-connection state, but now parallel
connections to test:///default (from the same binary, of course)
now share common state and can affect one another.

The updated testsuite fails without the rest of this patch.
Valgrind didn't report any leaks.

* src/test/test_driver.c (testConnectOpen): Move per-connection
state initialization...
(testOpenFromFile): ...here.
(defaultConn, defaultConnections, defaultLock, testOnceInit): New
shared state.
(testOpenDefault): Only initialize on first connection.
(testConnectClose): Don't clobber state if still shared.
* tests/objecteventtest.c (testDomainStartStopEvent): Enhance to
cover this.
(timeout, mymain): Ensure test fails rather than blocks.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-07 08:30:32 -07:00
Michal Privoznik
d847792f86 lxc_controller: Fix error message on missing --handshakefd
The argument is --handshakefd not --handshake.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-01-07 16:21:03 +01:00
Michal Privoznik
0e6891106d lxc_controller: Don't leak @name
The @name variable is VIR_STRDUP()-ed into, but never freed. In fact,
there's no need to duplicate a command line argument since all places
where @name is used expect const char.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-01-07 16:21:03 +01:00
Jiri Denemark
3b56425938 qemu: Fix job usage in virDomainGetBlockIoTune
CVE-2013-6458

Every API that is going to begin a job should do that before fetching
data from vm->def.
2014-01-07 16:12:11 +01:00
Jiri Denemark
ff5f30b6bf qemu: Fix job usage in qemuDomainBlockCopy
Every API that is going to begin a job should do that before fetching
data from vm->def.
2014-01-07 16:12:01 +01:00
Jiri Denemark
f93d2caa07 qemu: Fix job usage in qemuDomainBlockJobImpl
CVE-2013-6458

Every API that is going to begin a job should do that before fetching
data from vm->def.
2014-01-07 16:10:42 +01:00
Jiri Denemark
b799259583 qemu: Avoid using stale data in virDomainGetBlockInfo
CVE-2013-6458

Generally, every API that is going to begin a job should do that before
fetching data from vm->def. However, qemuDomainGetBlockInfo does not
know whether it will have to start a job or not before checking vm->def.
To avoid using disk alias that might have been freed while we were
waiting for a job, we use its copy. In case the disk was removed in the
meantime, we will fail with "cannot find statistics for device '...'"
error message.
2014-01-07 16:10:02 +01:00
Jiri Denemark
db86da5ca2 qemu: Do not access stale data in virDomainBlockStats
CVE-2013-6458
https://bugzilla.redhat.com/show_bug.cgi?id=1043069

When virDomainDetachDeviceFlags is called concurrently to
virDomainBlockStats: libvirtd may crash because qemuDomainBlockStats
finds a disk in vm->def before getting a job on a domain and uses the
disk pointer after getting the job. However, the domain in unlocked
while waiting on a job condition and thus data behind the disk pointer
may disappear. This happens when thread 1 runs
virDomainDetachDeviceFlags and enters monitor to actually remove the
disk. Then another thread starts running virDomainBlockStats, finds the
disk in vm->def, and while it's waiting on the job condition (owned by
the first thread), the first thread finishes the disk removal. When the
second thread gets the job, the memory pointed to be the disk pointer is
already gone.

That said, every API that is going to begin a job should do that before
fetching data from vm->def.
2014-01-07 16:09:44 +01:00
Yudai Yamagish
729530749e Fix segmentation fault when accessing default qemu machine type
This patch fixes a segmentation fault when creating new virtual machines using QEMU.
The segmentation fault is caused by commit f41830680e
and commit cbb6ec42e2.

In virQEMUCapsProbeQMPMachineTypes, when copying machines to qemuCaps, "none" is skipped.
Therefore, the value of i and "qemuCaps->nmachineTypes - 1" do not always match.
However, defIdx value (used to call virQEMUCapsSetDefaultMachine) is set using the value in i
when the array elements are in qemuCaps->nmachineTypes - 1.
So, when libvirt tries to create virtual machines using the default machine type,
qemuCaps->machineTypes[defIdx] is accessed and since the defIdx is NULL, it results in segmentation fault.

Signed-off-by: Yudai Yamagishi <yummy@sfc.wide.ad.jp>
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2014-01-07 15:26:12 +01:00
Eric Blake
968fe2c8f8 maint: inline VIR_IS_CONNECT macro
Cleanup after commit db3dd08 removed all clients outside of
the .h file.

* src/datatypes.h (VIR_IS_CONNECT): Delete, and inline into all
callers, since no other file uses it any more.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-07 06:58:03 -07:00
Eric Blake
31b5bad9ff event: make deregister return value match docs
Ever since their introduction (commit 1509b80 in v0.5.0 for
virConnectDomainEventRegister, commit 4445723 in v0.8.0 for
virConnectDomainEventDeregisterAny), the event deregistration
functions have been documented as returning 0 on success;
likewise for older registration (only the newer RegisterAny
must return a non-zero callbackID).  And now that we are
adding virConnectNetworkEventDeregisterAny for v1.2.1, it
should have the same semantics.

Fortunately, all of the stateful drivers have been obeying
the docs and returning 0, thanks to the way the remote_driver
tracks things (in fact, the RPC wire protocol is unable to
send a return value for DomainEventRegisterAny, at least not
without adding a new RPC number).  Well, except for vbox,
which was always failing deregistration, due to failure to
set the return value to anything besides its initial -1.

But for local drivers, such as test:///default, we've been
returning non-zero numbers; worse, the non-zero numbers have
differed over time.  For example, in Fedora 12 (libvirt 0.8.2),
calling Register twice would return 0 and 1 [the callbackID
generated under the hood]; while in Fedora 20 (libvirt 1.1.3),
it returns 1 and 2 [the number of callbacks registered for
that event type].  Since we have changed the behavior over
time, and since it differs by local vs. remote, we can safely
argue that no one could have been reasonably relying on any
particular behavior, so we might as well obey the docs, as well
as prepare callers that might deal with older clients to not be
surprised if the docs are not strictly followed.

For consistency, this patch fixes the code for all drivers,
even though it only makes an impact for vbox and for local
drivers.  By fixing all drivers, future copy and paste from
a remote driver to a local driver is less likely to
reintroduce the bug.

Finally, update the testsuite to gain some coverage of the
issue for local drivers, including the first test of old-style
domain event registration via function pointer instead of
event id.

* src/libvirt.c (virConnectDomainEventRegister)
(virConnectDomainEventDeregister)
(virConnectDomainEventDeregisterAny): Clarify docs.
* src/libxl/libxl_driver.c (libxlConnectDomainEventRegister)
(libxlConnectDomainEventDeregister)
(libxlConnectDomainEventDeregisterAny): Match documentation.
* src/lxc/lxc_driver.c (lxcConnectDomainEventRegister)
(lxcConnectDomainEventDeregister)
(lxcConnectDomainEventDeregisterAny): Likewise.
* src/test/test_driver.c (testConnectDomainEventRegister)
(testConnectDomainEventDeregister)
(testConnectDomainEventDeregisterAny)
(testConnectNetworkEventDeregisterAny): Likewise.
* src/uml/uml_driver.c (umlConnectDomainEventRegister)
(umlConnectDomainEventDeregister)
(umlConnectDomainEventDeregisterAny): Likewise.
* src/vbox/vbox_tmpl.c (vboxConnectDomainEventRegister)
(vboxConnectDomainEventDeregister)
(vboxConnectDomainEventDeregisterAny): Likewise.
* src/xen/xen_driver.c (xenUnifiedConnectDomainEventRegister)
(xenUnifiedConnectDomainEventDeregister)
(xenUnifiedConnectDomainEventDeregisterAny): Likewise.
* src/network/bridge_driver.c
(networkConnectNetworkEventDeregisterAny): Likewise.
* tests/objecteventtest.c (testDomainCreateXMLOld): New test.
(mymain): Run it.
(testDomainCreateXML): Check return values.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-07 06:53:40 -07:00
Michal Privoznik
088ff08ce9 qemuProcessStop: Don't overwrite any errors
Currently, the qemuProcessStop tries to open the domain log file
and saves the original error afterwards. Then all the cleanup is
done after which the error is restored back. This has however one
flaw: if opening of the log file fails an error is reported,
which results in previous error being overwritten (the useful
one, e.g. "PCI device XXXX:XXXX could not be found"). Hence, user
sees something like:

  error: failed to create logfile /var/log/libvirt/qemu/ovirt_usb.log: No such file or directory

instead of:

  error: internal error: Did not find USB device 8644:8003

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reported-by: Zhou Yimin <zhouyimin@huawei.com>
2014-01-07 14:50:40 +01:00
Eric Blake
599ef94d85 maint: fix comment typos in qemu numa code
Introduced in commit 81fae6b9.

* src/qemu/qemu_driver.c (qemuDomainSetNumaParamsLive): Fix typos.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-07 06:36:41 -07:00
Roman Bogorodskiy
e7a65dc77c BSD: implement nodeGetMemoryStats
Add a BSD implementation of nodeGetMemoryStats based
on sysctl(3).
2014-01-07 06:26:33 -07:00
Minoru Usui
bcd0ac47d8 Fix argument order of qemuMigrationPerformJob().
@listenAddress and @cookiein arguments, should be exchanged,
because the order of the caller and the callee does not match.

This results in the listen address being ignored for peer-to-peer
migration and the cookie being ignored for v2 migration.

Introduced by c4ac7ef (v1.1.4-rc1~141).

https://bugzilla.redhat.com/show_bug.cgi?id=1049338

Signed-off-by: Minoru Usui <usui@mxm.nes.nec.co.jp>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2014-01-07 13:59:50 +01:00
Peter Krempa
aef39eb021 maint: Fix messy include of libvirt_internal.h
The libvirt_internal.h header was included by the internal.h header.
This made it painful to add new stuff to the header file that would
require some more specific types. Remove inclusion by internal.h and add
it to appropriate places manually.
2014-01-07 10:03:14 +01:00
Eric Blake
db3dd0824f maint: improve VIR_ERR_INVALID_CONN usage
The datatype.c object checks could result in a message like:

error: invalid connection pointer in no connection

This consolidates all clients of this message to have uniform contents:

error: invalid connection pointer in someFunc

Note that virCheckConnectReturn raises an error immediately; in
datatypes.c, where we don't need to raise the error (but instead
just leave it in the thread-local setting), we use
virCheckConnectGoto and the cleanup label instead.  Then, for
consistency in that file, all subsequent error messages are
touched to also use the cleanup error label.

* src/datatypes.h (virCheckConnectReturn)
(virCheckConnectGoto): New macros.
* src/datatypes.c: Use new macro.
* src/libvirt-qemu.c (virDomainQemuAttach): Likewise.
(virLibConnError): Delete unused macro.
* src/libvirt-lxc.c (virLibConnError): Likewise.
* src/libvirt.c: Use new macro throughout.
* docs/api_extension.html.in: Modernize documentation.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-06 21:41:02 -07:00
Jim Fehlig
7c98d1c153 libxl: Fix initialization of nictype in libxl_device_nic
As pointed out by the Xen folks [1], HVM nics should always be set
to type LIBXL_NIC_TYPE_VIF_IOEMU unless the user explicity requests
LIBXL_NIC_TYPE_VIF via model='netfront'.  The current logic in
libxlMakeNic() only sets the nictype to LIBXL_NIC_TYPE_VIF_IOEMU if
a model is specified that is not 'netfront', which breaks PXE booting
configurations where no model is specified (i.e. use the hypervisor
default).

  Reported-by: Stefan Bader <stefan.bader@canonical.com>

[1] https://www.redhat.com/archives/libvir-list/2013-December/msg01156.html
2014-01-06 16:15:32 -07:00
Eric Blake
f3e359d665 Revert "lxcDomainShutdownFlags: Cleanup @flags usage"
This reverts commit aa4619337c.

This patch was accidentally pushed prematurely, and has incorrect
logic for which shutdown methods to attempt.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-06 14:59:44 -07:00
Pranavkumar Sawargaonkar
27e32e0f3d AArch64: Porting of armv7l conditons to run qemu for aarch64.
AArch64 qemu has similar behavior as armv7l, like use of mmio etc.
This patch adds similar bypass checks what we have for armv7l to aarch64.
E.g. we are enabling mmio transport for Nicdev.
Making addDefaultUSB and addDefaultMemballoon to false etc.

V3:
- Adding missing domain rng schema for aarcg64 and test case in
  testutilsqemu.c which was causing test suite failure
  while running make check.

V2:
- Added testcase to qemuxml2argvtest as suggested
  during review comments of V1.

V1:
- Initial patch.

Signed-off-by: Anup Patel <anup.patel@linaro.org>
Signed-off-by: Pranavkumar Sawargaonkar <pranavkumar@linaro.org>
2014-01-06 11:02:24 -05:00
Eric Blake
d219826c65 maint: improve VIR_ERR_OPERATION_DENIED usage
Some of our operation denied messages are outright stupid; for
example, if virIdentitySetAttr fails:

error: operation Identity attribute is already set forbidden for read only access

This patch fixes things to a saner:

error: operation forbidden: Identity attribute is already set

It also consolidates the most common usage pattern for operation
denied errors: read-only connections preventing a public API.  In
this case, 'virsh -r -c test:///default destroy test' changes from:

error: operation virDomainDestroy forbidden for read only access

to:

error: operation forbidden: read only access prevents virDomainDestroy

Note that we were previously inconsistent on which APIs used
VIR_FROM_DOM (such as virDomainDestroy) vs. VIR_FROM_NONE (such as
virDomainPMSuspendForDuration).  After this patch, all uses
consistently use VIR_FROM_NONE, on the grounds that it is unlikely
that a caller learning that a call is denied can do anything in
particular with extra knowledge which error domain the call belongs
to (similar to what we did in commit baa7244).

* src/util/virerror.c (virErrorMsg): Rework OPERATION_DENIED error
message.
* src/internal.h (virCheckReadOnlyGoto): New macro.
* src/util/virerror.h (virReportRestrictedError): New macro.
* src/libvirt-lxc.c: Use new macros.
* src/libvirt-qemu.c: Likewise.
* src/libvirt.c: Likewise.
* src/locking/lock_daemon.c (virLockDaemonClientNew): Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-06 08:29:29 -07:00
Peter Krempa
6e7490c734 qemu: range check numa memory placement mode
https://bugzilla.redhat.com/show_bug.cgi?id=1047234

Add a range check for supported numa memory placement modes provided by
the user before setting them in the domain definition. Without the check
the user is able to provide a (yet) unknown mode which is then stored in
the domain definition. This potentially causes a NULL dereference when
the defintion is formatted into the XML.

To reproduce run:
 virsh numatune DOMNAME --mode 6 --nodeset 0

The XML will then contain:
  <numatune>
      <memory mode='(null)' nodeset='0'/>
  </numatune>

With this fix, the command fails:
 error: Unable to change numa parameters
 error: invalid argument: unsupported numa_mode: '6'
2014-01-06 16:11:49 +01:00
Peter Krempa
8b573a6b0d qemu: Clean up qemuDomainSetNumaParameters
Add whitespace to separate logical code blocks, reformat error messages
and clean up code flow.

This patch changes error handling in some cases where the the loop would
be continued to jump to cleanup instead and error out rather than modify
the domain any further.
2014-01-06 16:11:49 +01:00
Peter Krempa
cad3cf9a95 storage: Use VIR_DELETE_ELEMENT instead of open coding
Replace the open coded array element deletion by our new helper.
2014-01-06 16:05:31 +01:00
Eric Blake
94a26c7e88 event: use newer array management macros
We might as well take advantage of viralloc.h instead of open-coding
array management ourselves.  While at it, I simplified several
places that were doing repetitive pointer chasing to use an
intermediate variable for legibility (some other places remain,
but they will disapper in later refactoring patches).

* src/conf/object_event_private.h (_virObjectEventCallbackList):
Use size_t for count.
* src/conf/object_event.c (_virObjectEventQueue): Likewise.
(virObjectEventCallbackListRemoveID): Use VIR_DELETE_ELEMENT.
(virObjectEventQueuePush, virObjectEventCallbackListAddID): Use
VIR_APPEND_ELEMENT.
(virObjectEventCallbackListEventID)
(virObjectEventStateDispatchCallbacks): Simplify code.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-06 08:01:10 -07:00
Eric Blake
22e82aa596 event: use bool in more places
No need to use an int that only ever stores 0 and 1.

* src/conf/object_event_private.h (_virObjectEventCallback):
Change deleted to bool.
* src/conf/object_event.c (virObjectEventDispatchMatchCallback):
Switch return type to bool.
(virObjectEventCallbackListMarkDeleteID): Update client.
* src/conf/domain_event.c (virDomainEventCallbackListMarkDelete):
Likewise.
2014-01-06 07:58:08 -07:00
Ján Tomko
ec128e69f1 Fix explicit usage of default video PCI slots
Do not leave the PCI address of the primary video card set
to the legacy default (0000:00:02.0) if we're doing two-pass
allocation.

Since QEMU 1.6 (QEMU_CAPS_VIDEO_PRIMARY) we allow the primary
video card to be on other slots than 0000:00:02.0 (as we use
-device instead of -vga).

However we fail to assign it an address if:
* another device explicitly uses 0000:00:02.0 and
* the primary video device has no address specified

On the first pass, we have set the address to default, then checked
if it's available, leaving it set even if it wasn't. This address
got picked up by the second pass, resulting in a conflict:

XML error: Attempted double use of PCI slot 0000:00:02.0
(may need "multifunction='on'" for device on function 0)

Also fix the test that was supposed to catch this.
2014-01-06 09:31:32 +01:00
Eric Blake
baa7244951 maint: improve VIR_ERR_NO_SUPPORT usage
We weren't very consistent in our use of VIR_ERR_NO_SUPPORT; many
users just passed __FUNCTION__ on, while others passed "%s" to
silence over-eager compilers that warn about __FUNCTION__ not
containing any %.  It's nicer to route all these uses through
a single macro, so that if we ever need to change the reporting,
we can do it in one place.

I verified that 'virsh -c test:///default qemu-monitor-command test foo'
gives the same error message before and after this patch:
error: this function is not supported by the connection driver: virDomainQemuMonitorCommand

Note that in libvirt.c, we were inconsistent on whether virDomain*
API used virLibConnError() (with VIR_FROM_NONE) or virLibDomainError()
(with VIR_FROM_DOMAIN); this patch unifies these errors to all use
VIR_FROM_NONE, on the grounds that it is unlikely that a caller
learning that a call is unimplemented can do anything in particular
with extra knowledge of which error domain it belongs to.

One particular change to note is virDomainOpenGraphics which was
trying to fail with VIR_ERR_NO_SUPPORT after a failed
VIR_DRV_SUPPORTS_FEATURE check; all other places that fail a
feature check report VIR_ERR_ARGUMENT_UNSUPPORTED.

* src/util/virerror.h (virReportUnsupportedError): New macro.
* src/libvirt-qemu.c: Use new macro.
* src/libvirt-lxc.c: Likewise.
* src/lxc/lxc_driver.c: Likewise.
* src/security/security_manager.c: Likewise.
* src/util/virinitctl.c: Likewise.
* src/libvirt.c: Likewise.
(virDomainOpenGraphics): Use correct error for unsupported feature.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-04 12:15:08 -07:00
Eric Blake
8f6c845f17 maint: avoid nested public calls
Having one API call into another is generally not good; among
other issues, it gives confusing logs, and is not quite as
efficient.

This fixes several instances, but not all: we still have instances
in both libvirt.c and in backend hypervisors (lxc and qemu) calling
the public virTypedParamsGetString and friends, which dispatch
errors immediately.  I'm not sure if it is worth trying to clean
that up in a separate patch (such a cleanup may be easiest by
separating the public function into a wrapper around the internal,
then tweaking internal.h so that internal users directly use the
internal function).

* src/libvirt.c (virDomainGetUUIDString, virNetworkGetUUIDString)
(virStoragePoolGetUUIDString, virSecretGetUUIDString)
(virNWFilterGetUUIDString): Avoid nested public API call.
* src/util/virtypedparam.c (virTypedParamsReplaceString): Don't
dispatch errors here.
(virTypedParamsGet): No need to reset errors.
(virTypedParamsGetBoolean): Use consistent ordering.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-04 07:13:09 -07:00
Denis Kondratenko
d69415d4bc vmware: os x support is broken
https://bugzilla.redhat.com/show_bug.cgi?id=1036248

Incorrect usage of virAsprintf.  vmware-vmx reports version
information to stderr, at least for OS X 10.9.1.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-03 11:13:43 -07:00
Eric Blake
344e1f5130 event: remove unneeded virObjectEventGetEventID
Any file with access to object_event_private.h also has access to
the internals of virObjectEvent, without needing an accessor
function.  Not to mention the accessor function was doing type
checks that would always succeed.

* src/conf/object_event_private.h (virObjectEventGetEventID): Drop.
* src/conf/object_event.c (virObjectEventGetEventID): Drop.
(virObjectEventDispatchMatchCallback): Simplify caller.
* src/conf/domain_event.c (virDomainEventDispatchDefaultFunc):
Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-03 10:55:42 -07:00
Eric Blake
6742fb0b10 event: fix doc typos, and doc more public methods
While working on events, I found a number of minor issues; I'm
hoisting these to the front rather than doing it piecemeal in
the patches where I first noticed bad or missing documentation.

* src/conf/object_event.c: Fix grammar, document all parameters
of public functions, wrap some long lines.
* src/conf/object_event.h: Likewise.
* src/conf/network_event.c: Likewise.
* src/conf/domain_event.c: Likewise (except for the large number
of event creation functions).
* src/libvirt_private.cyms (conf/object_event.h): Split...
(conf/network_event.h): ...to account for new file.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-03 10:45:54 -07:00
Eric Blake
f06d55da7b maint: reset error on entrance to public API
We document that calling any public API wipes out all prior
libvirt errors in the same thread; but weren't obeying this
style in a few functions.

There are a couple of nested uses of virConnectRef (in lxc
and qemu reboot paths), but they should not be affected by
this change in semantics since there should not be any
previous error getting nuked (a later patch will clean up
the nested calls, along with abuse of virConnectClose on
cleanup paths which DOES nuke errors).

* src/libvirt.c (virGetVersion, virConnectRef, virDomainRef)
(virDomainGetSecurityLabel, virDomainGetSecurityLabelList)
(virDomainSetMetadata, virDomainGetMetadata)
(virNodeGetSecurityModel, virNetworkRef, virInterfaceRef)
(virStoragePoolRef, virStorageVolRef, virNodeDeviceGetName)
(virNodeDeviceRef, virSecretRef, virStreamRef, virNWFilterRef)
(virDomainSnapshotRef): Reset error on entrance.
(do_open): Drop redundant error reset.
* src/libvirt-qemu.c (virDomainQemuAgentCommand): Likewise.
* src/libvirt-lxc.c (virDomainLxcEnterNamespace)
(virDomainLxcEnterSecurityLabel): Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-03 09:38:31 -07:00
Eric Blake
ca0ea2a981 maint: improve error condition style in public API
While auditing error messages in libvirt.c, I found a couple
instances that had not been converted to modern error styles,
and a few places that failed to dispatch the error through
the known-good connection.

* src/libvirt.c (virDomainPinEmulator, virDomainGetDiskErrors)
(virDomainSendKey, virDomainGetSecurityLabelList)
(virDomainGetEmulatorPinInfo): Use typical error reporting.
(virConnectGetCPUModelNames, virConnectRegisterCloseCallback)
(virConnectUnregisterCloseCallback, virDomainGetUUID): Report
error through connection.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-03 07:15:23 -07:00
Eric Blake
5e3e211dd5 maint: split long lines in invalidArg errors
Style only.  In particular, the message on "flags 'affect live'
and 'affect config'" being mutually exclusive was already split
in some instances.

* src/libvirt.c: Wrap some long error messages to fit in 80 columns.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-03 07:11:46 -07:00
Eric Blake
ff65843480 maint: move debug statements first in public API
Most of our public APIs emit a debug log on entry, prior to anything
else.  There were a few exceptions where obvious failures were not
logged, so fix those.  When moving a debug earlier, this patch also
makes sure to avoid any NULL dereference during the log (the APIs
are supposed to gracefully fail if the user passes NULL for the object).

However, do NOT use VIR_DEBUG prior to virInitialize, since setting
up the error reporting can change where VIR_DEBUG output would be
routed.  Instead add documentation to virGlobalInit, virInitialize,
and virGetVersion that better explains initialization.

* src/libvirt.c (virGetVersion, virConnectRef, virDomainRef)
(virNetworkRef, virInterfaceRef, virStoragePoolRef)
(virStorageVolRef, virNodeDeviceRef, virSecretRef, virStreamRef)
(virNWFilterRef, virDomainSnapshotRef): Debug on function entry.
* src/libvirt-lxc.c (virDomainLxcEnterNamespace)
(virDomainLxcEnterSecurityLabel): Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-03 06:15:04 -07:00
Eric Blake
13f8372007 maint: improve debug of libvirt-{qemu,lxc} apis
I noticed that the virDomainQemuMonitorCommand debug output wasn't
telling me the name of the domain it was working on.  While it was
easy enough to determine which pointer matches the domain based on
other log messages, it is nicer to be consistent.

* src/util/viruuid.h (VIR_UUID_DEBUG): Moved here from...
* src/libvirt.c (VIR_UUID_DEBUG): ...here.
(VIR_ARG15, VIR_HAS_COMMA, VIR_DOMAIN_DEBUG_EXPAND)
(VIR_DOMAIN_DEBUG_PASTE, VIR_DOMAIN_DEBUG_0, VIR_DOMAIN_DEBUG_1)
(VIR_DOMAIN_DEBUG_2, VIR_DOMAIN_DEBUG): Move...
* src/datatypes.h: ...here.
* src/libvirt-qemu.c (virDomainQemuMonitorCommand)
(virDomainQemuAgentCommand): Better debug messages.
* src/libvirt-lxc.c (virDomainLxcOpenNamespace): Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-02 22:17:11 -07:00
Eric Blake
80aed9f87f maint: consistent formatting in libvirt.c
Preliminary cleanups to make search-and-replace easier in later
patches.  Many of these were done by grepping for (multiline)
pattern violations, then bundled all into one patch.

* src/libvirt.c: Uniform two spaces between functions, return
type and open brace on separate line, avoid blank lines around
open brace, label in column 1, drop redundant (), consistent
indentation for function headers split across lines.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-02 12:06:03 -07:00
Eric Blake
c8f95fff63 event: improve public API docs
Since libvirt 0.9.3, the entire virevent.c file has been a public
API, so improve the documentation in this file.  Also, fix a
potential core dump - it could only be triggered by bogus use of
the API and would only affect the caller (not libvirtd), but we
might as well be nice.

* src/libvirt.c (virConnectSetKeepAlive)
(virConnectDomainEventRegister, virConnectDomainEventRegisterAny)
(virConnectNetworkEventRegisterAny): Document event loop requirement.
* src/util/virevent.c (virEventAddHandle, virEventRemoveHandle)
(virEventAddTimeout, virEventRemoveTimeout): Likewise.
(virEventUpdateHandle, virEventUpdateTimeout): Likewise, and avoid
core dump if caller didn't register handler.
(virEventRunDefaultImpl): Expand example, and set up code block in
html docs.
(virEventRegisterImpl, virEventRegisterDefaultImpl): Document more
on the use of the event loop.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-02 07:29:54 -07:00
Eric Blake
cfd62c1f61 event: don't overwrite registration error message
Prior to this patch, an attempt to register an event without an
event loop started results in the vague:

libvirt: Remote Driver error : adding cb to list

Now it gives the much nicer:

libvirt:  error : internal error: could not initialize domain event timer

This also avoids hiding other reasonable error messages, such as
attempts to register a duplicate callback or OOM errors.

* src/remote/remote_driver.c (remoteConnectNetworkEventRegisterAny)
(remoteConnectDomainEventRegister)
(remoteConnectDomainEventRegisterAny): Preserve more detailed error.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-02 05:54:53 -07:00
Eric Blake
169700970d docs: return paragraph must be last
Commit eb70ceb tried to create a code block for
libvirt-libvirt.html#virConnectGetType, but failed to note
that our doc generator treats everything after "Returns" as
part of the return description rather than looking for
paragraph and code layout.  Fix some other API that also had
generic details crammed into the return type paragraph.

* src/libvirt.c (virConnectOpen, virConnectOpenReadOnly)
(virConnectOpenAuth, virConnectListAllDomains): Fit doc pattern.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-12-31 23:21:00 -07:00
Laine Stump
3337a98a5e domain: don't try to interpret <driver> as virtio config for hostdev interfaces
This resolves:

  https://bugzilla.redhat.com/show_bug.cgi?id=1046337

The <driver> name attribute of an interface is interpreted in two
different ways depending on the <interface> type - if the interface is
type='hostdev', then the driver name describes which backend to use
for the hostdev device assignment (vfio or kvm), but if the interface
is any emulated type *and* the model type is "virtio", then the driver
name can be "vhost" or "qemu", telling which backend qemu should use
to communicate with the emulated device.

The problem comes when someone has defined a an interface like this
(which is accepted by the parser as long as no <driver name='xxx'/> is
specified):

    <interface type='hostdev'>
       ...
       <model type='virtio'/>
       ...
    </interface>

As libvirt storing this definition in the domain's status, the driver
name is automatically filled in with the backend that was
automatically decided by libvirt, so it stores this in the status:

    <interface type='hostdev'>
       ...
       <driver name='vfio'/>
       ...
       <model type='virtio'/>
       ...
    </interface>

This isn't noticed until the next time libvirtd is restarted - as it
is reading the status of all domains, it encounters the above
interface definition, logs an error:

  internal error: Unknown interface <driver name='vfio'> has been specified

and fails to reload the domain status, so the domain is marked as
inactive.

The solution is to stop the parser from interpreting <driver>
attributes as if the device was an emulated virtio device, when it is
actually a hostdev.

(Although the bug has existed since vfio support was added, it has
just recently become more apparent because libvirt previously didn't
automatically set the driver name for hostdev interfaces in the domain
status to vfio/kvm as it does since commit f094aa, first appearing in
v1.1.4.)
2013-12-31 10:56:21 +02:00
Eric Blake
eb70ceba8a docs: fix layout of code snippets
Similar to commit 52dbeac, we should indent code snippets in
other places to ensure they appear correctly in html.  See
http://libvirt.org/html/libvirt-libvirt.html#virNodeGetCPUStats
for an example improved by this patch.  Also fix some missing
semicolons in the examples.

* src/libvirt.c: Indent code samples in comments.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-12-28 11:28:04 -07:00
Eric Blake
9d30e078be maint: fix typo in error message
* src/util/virerror.h (virReportInvalidZeroArg): Fix double space.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-12-27 14:30:25 -07:00
Michal Privoznik
72ffbd1bf3 virkeycode: Allow ANSI_A
https://bugzilla.redhat.com/show_bug.cgi?id=1044806

Currently, sending the ANSI_A keycode from os_x codepage doesn't work as
it has a special value of 0x0. Our internal code handles that no
different to other not defined keycodes. Hence, in order to allow it we
must change all the undefined keycodes from 0 to -1 and adapt some code
too.

  # virsh send-key guestname --codeset os_x ANSI_A
  error: invalid keycode: 'ANSI_A'

  # virsh send-key guestname --codeset os_x ANSI_B
  # virsh send-key guestname --codeset os_x ANSI_C

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-12-24 17:36:47 +01:00
Michal Privoznik
aa4619337c lxcDomainShutdownFlags: Cleanup @flags usage
Currently, the @flags usage is a bit unclear at first sight to say the
least. There's no need for such unclear code especially when we can
borrow the working code from qemuDomainShutdownFlags().

In addition, this fixes one bug too. If user requested both
VIR_DOMAIN_SHUTDOWN_INITCTL and VIR_DOMAIN_SHUTDOWN_SIGNAL at the same
time, he is basically saying: 'Use the force Luke! If initctl fails try
sending a signal.' But with the current code we don't do that. If
initctl fails for some reason (e.g. inability to write to /dev/initctl)
we don't try sending any signal but fail immediately. To make things
worse, making a domain shutdown with bare _SIGNAL was working by blind
chance of a @rc variable being placed at correct place on the stack so
its initial value was zero.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-12-24 17:36:47 +01:00
Michal Privoznik
5bd7ac029e interface: Take interface status into account when starting and destroying
https://bugzilla.redhat.com/show_bug.cgi?id=956994

Currently, it is possible to start an interface that is already running:

 # virsh iface-start eth2
 Interface eth2 started

 # echo $?
 0

 # virsh iface-start eth2
 Interface eth2 started

 # echo $?
 0

 # virsh iface-start eth2
 Interface eth2 started

 # echo $?
 0

Same applies for destroying a dead interface. We should not allow such
state transitions.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-12-24 17:20:00 +01:00
Michal Privoznik
50f5468c96 interface: Introduce netcfInterfaceObjIsActive
This function barely wraps ncf_if_status() and error handling code.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-12-24 17:20:00 +01:00
Dario Faggioli
9375ba2a6e libxl: correctly handle affinity reset in virDomainPinVcpu[Flags]
By actually removing the <vcpupin> element (from within the
<cputune> section) from the XML, rather than jus update it with
a fully set vcpu affinity mask.

Signed-off-by: Dario Faggioli <dario.faggioli@citrix.com>
Cc: Jim Fehlig <jfehlig@suse.com>
Cc: Ian Jackson <Ian.Jackson@eu.citrix.com>
2013-12-23 22:43:32 -07:00
Dario Faggioli
520c3fbd1b libxl: implement virDomainPinVcpuFlags
And use it to implement libxlDomainPinVcpu(), similarly to what
happens in the QEMU driver. This way, it is possible to both
query and change the vcpu affinity of a persistent but not
running domain.

In face, before this patch, we have:
 # virsh list --all
  Id    Name                           State
 ----------------------------------------------------
  5     debian_32                      running
  -     fedora20_64                    shut off
 # virsh vcpupin fedora20_64 0 2-4 --current
 error: this function is not supported by the connection driver: virDomainPinVcpuFlags

After (same situation as above):
 # virsh vcpupin  fedora20_64 0 2-4 --current
 # virsh vcpupin  fedora20_64 0
 VCPU: CPU Affinity
 ----------------------------------
    0: 2-4

Signed-off-by: Dario Faggioli <dario.faggioli@citrix.com>
Cc: Jim Fehlig <jfehlig@suse.com>
Cc: Ian Jackson <Ian.Jackson@eu.citrix.com>
2013-12-23 22:33:30 -07:00
Dario Faggioli
2682d0d522 libxl: implement virDomainGetVcpuPinInfo
So that it is possible to query vcpu related information of
a persistent but not running domain, like it is for the QEMU
driver.

In fact, before this patch, we have:
 # virsh list --all
  Id    Name                           State
 ----------------------------------------------------
  5     debian_32                      running
  -     fedora20_64                    shut off
 # virsh vcpuinfo fedora20_64
 error: this function is not supported by the connection driver: virDomainGetVcpuPinInfo

After (same situation as above, i.e., fedora20_64 not running):
 # virsh vcpuinfo fedora20_64
 VCPU:           0
 CPU:            N/A
 State:          N/A
 CPU time        N/A
 CPU Affinity:   yyyyyyyy

 VCPU:           1
 CPU:            N/A
 State:          N/A
 CPU time        N/A
 CPU Affinity:   yyyyyyyy

Signed-off-by: Dario Faggioli <dario.faggioli@citrix.com>
Cc: Jim Fehlig <jfehlig@suse.com>
Cc: Ian Jackson <Ian.Jackson@eu.citrix.com>
2013-12-23 22:17:03 -07:00
Laine Stump
8700b87800 qemu: re-add hostdev interfaces to hostdev array on libvirtd restart
This resolves:

   https://bugzilla.redhat.com/show_bug.cgi?id=1045002

If a domain has an <interface type='hostdev'> or an <interface
type='network'> where the network itself is a pool of hostdev devices,
then libvirt will internally keep that device on both the interface
list *and* the hostdev list for the domain. One of the places this
comes in handy is when a new device is being added and libvirt wants
to find a unique "alias" name for it - it just scans through the
hostdev array and makes sure it picks a name that doesn't match the
alias of any device in that array.

However, when libvirtd was restarted, if there was an <interface
type='network'> with the network being a hostdev pool, the device
would not be added to the reconstructed internal hostdev array, so its
alias would not be found during a scan of the hostdev array, thus
attempts to add a new hostdev (or <interface type='hostdev'> or
<interface type='network'>) would result in a message like this:

internal error: unable to execute QEMU command 'device_add':
                Duplicate ID 'hostdev0' for device

This patch simply fixes the existing code in the domain XML parser
that fixes up the hostdev array in the case of <interface
type='hostdev'> to do the same thing in the case of <interface
type='network'> with a hostdev network.

This bug has existed since the very first addition of hostdev networks
to libvirt (0.10.0).
2013-12-23 13:16:57 +02:00
Laine Stump
c0f511ee2b qemu: avoid duplicate security label restore on hostdev attach failure
This eliminates the misleading error message that was being logged
when a vfio hostdev hotplug failed:

  error: unable to set user and group to '107:107' on '/dev/vfio/22':
         No such file or directory

as documented in:

  https://bugzilla.redhat.com/show_bug.cgi?id=1035490

Commit ee414b5d (pushed as a fix for Bug 1016511 and part of Bug
1025108) replaced the single call to
virSecurityManagerSetHostdevLabel() in qemuDomainAttachHostDevice()
with individual calls to that same function in each
device-type-specific attach function (for PCI, USB, and SCSI). It also
added a corresponding call to virSecurityManagerRestoreHostdevLabel()
in the error handling of the device-type-specific functions, but
forgot to remove the common call to that from
qemuDomainAttachHostDevice() - this resulted in a duplicate call to
virSecurityManagerRestoreHostdevLabel(), with the second occurrence
being after (e.g.) a PCI device has already been re-attached to the
host driver, thus destroying some of the device nodes / links that we
then attempted to re-label (e.f. /dev/vfio/22) and generating an error
log that obscured the original error.
2013-12-23 13:16:57 +02:00
Laine Stump
6d867f72f4 qemu: properly set MaxMemLock when hotplugging with VFIO
This resolves:

  https://bugzilla.redhat.com/show_bug.cgi?id=1035490

virProcessSetMaxMemLock() (which is a wrapper over prlimit(3)) expects
the memory size in bytes, but libvirt's domain definition (which was
being used by qemuDomainAttachHostPciDevice()) stores all memory
tuning parameters in KiB. This was being accounted for when setting
MaxMemLock at domain startup time (so cold-plugged devices would
work), but not for hotplug.

This patch simplifies the few lines that call
virProcessSetMemMaxLock(), and multiply the amount * 1024 so that
we're locking the correct amount of memory.

What remains a mystery to me is why hot-plug of a managed='no' device
would succeed (at least on my system) while managed='yes' would
fail. I guess in one case the memory was coincidentally already
resident and in the other it wasn't.
2013-12-23 13:16:57 +02:00
John Ferlan
d53c57b806 PanicCheckABIStability: Need to check for existence
Commit id '4313fead' added a call to virDomainPanicCheckABIStability()
which did not check whether the panic device existed before making a call
to virDomainDeviceInfoCheckABIStability() which ended up segfaulting:

Thread 1 (Thread 0x7f5332837700 (LWP 10964)):
    (src=<optimized out>, dst=<optimized out>)
    at conf/domain_conf.c:13007
    (dst=<optimized out>, src=<optimized out>)
    at conf/domain_conf.c:13712
    (src=<optimized out>, dst=<optimized out>)
    at conf/domain_conf.c:14056
    (domain=domain@entry=0x7f53000057c0, vm=vm@entry=0x7f53000036d0,
     defptr=defptr@entry=0x7f5332836978, snap=snap@entry=0x7f5332836970,
     update_current=update_current@entry=0x7f5332836962, flags=flags@entry=1)
    at conf/snapshot_conf.c:1230
    (domain=0x7f53000057c0, xmlDesc=<optimized out>, flags=1)
    at qemu/qemu_driver.c:12719
    (domain=domain@entry=0x7f53000057c0, xmlDesc=0x7f53000081d0
     "<domainsnapshot>\n  <name>snap2</name>\n
     <description>new-desc</description>\n  <state>running</state>\n
     <parent>\n    <name>snap1</name>\n  </parent>\n
     <creationTime>1387487268</creationTime>\n  <memory s"..., flags=1)
    at libvirt.c:19695
...

(gdb) up 3
(gdb) print *other->def->dom
$2 = {virtType = 2, id = -1, ..
...
  rng = 0x0, panic = 0x0, namespaceData = 0x0,...
...
(gdb) print *def->dom
$3 = {virtType = 2, id = -1, ...
...
  rng = 0x0, panic = 0x0, namespaceData = 0x0,...
...
(gdb)

Also seen using following sequence:

virsh save $dom $file
virsh save-image-edit $file
  add (or remove) a <panic/> line
  <devices>
  ...
    <panic>
      <address type='isa' iobase='0x505'/>
    </panic>
  ...
  </devices>
2013-12-21 09:49:58 -05:00
Bamvor Jian Zhang
b03eba1376 libxl: fix segfault when domain create fail
there is a segfault in libxl logging in libxl_ctx_free when domain
create fail. because the log output handler vmessage is freed by
xtl_logger_destroy before libxl_ctx_free in virDomainObjListRemove.
move xtl_logger_destroy after libxl_ctx_free could fix this bug.

Signed-off-by: Bamvor Jian Zhang <bjzhang@suse.com>
2013-12-20 11:49:24 -07:00
Dario Faggioli
f9ee91d355 libxl: avoid crashing if calling `virsh numatune' on inactive domain
by, in libxlDomainGetNumaParameters(), calling libxl_bitmap_init() as soon as
possible, which avoids getting to 'cleanup:', where libxl_bitmap_dispose()
happens, without having initialized the nodemap, and hence crashing after some
invalid free()-s:

 # ./daemon/libvirtd -v
 *** Error in `/home/xen/libvirt.git/daemon/.libs/lt-libvirtd': munmap_chunk(): invalid pointer: 0x00007fdd42592666 ***
 ======= Backtrace: =========
 /lib64/libc.so.6(+0x7bbe7)[0x7fdd3f767be7]
 /lib64/libxenlight.so.4.3(libxl_bitmap_dispose+0xd)[0x7fdd2c88c045]
 /home/xen/libvirt.git/daemon/.libs/../../src/.libs/libvirt_driver_libxl.so(+0x12d26)[0x7fdd2caccd26]
 /home/xen/libvirt.git/src/.libs/libvirt.so.0(virDomainGetNumaParameters+0x15c)[0x7fdd4247898c]
 /home/xen/libvirt.git/daemon/.libs/lt-libvirtd(+0x1d9a2)[0x7fdd42ecc9a2]
 /home/xen/libvirt.git/src/.libs/libvirt.so.0(virNetServerProgramDispatch+0x3da)[0x7fdd424e9eaa]
 /home/xen/libvirt.git/src/.libs/libvirt.so.0(+0x1a6f38)[0x7fdd424e3f38]
 /home/xen/libvirt.git/src/.libs/libvirt.so.0(+0xa81e5)[0x7fdd423e51e5]
 /home/xen/libvirt.git/src/.libs/libvirt.so.0(+0xa783e)[0x7fdd423e483e]
 /lib64/libpthread.so.0(+0x7c53)[0x7fdd3febbc53]
 /lib64/libc.so.6(clone+0x6d)[0x7fdd3f7e1dbd]

Signed-off-by: Dario Faggili <dario.faggioli@citrix.com>
Cc: Jim Fehlig <jfehlig@suse.com>
Cc: Ian Jackson <Ian.Jackson@eu.citrix.com>
2013-12-20 11:11:50 -07:00
Martin Kletzander
9faf3f2950 Fix crash in lxcDomainSetMemoryParameters
The function doesn't check whether the request is made for active or
inactive domain.  Thus when the domain is not running it still tries
accessing non-existing cgroups (priv->cgroup, which is NULL).

I re-made the function in order for it to work the same way it's qemu
counterpart does.

Reproducer:
 1) Define an LXC domain
 2) Do 'virsh memtune <domain> --hard-limit 133T'

Backtrace:
 Thread 6 (Thread 0x7fffec8c0700 (LWP 26826)):
 #0  0x00007ffff70edcc4 in virCgroupPathOfController (group=0x0, controller=3,
     key=0x7ffff75734bd "memory.limit_in_bytes", path=0x7fffec8bf718) at util/vircgroup.c:1764
 #1  0x00007ffff70e9206 in virCgroupSetValueStr (group=0x0, controller=3,
     key=0x7ffff75734bd "memory.limit_in_bytes", value=0x7fffe409f360 "1073741824")
     at util/vircgroup.c:669
 #2  0x00007ffff70e98b4 in virCgroupSetValueU64 (group=0x0, controller=3,
     key=0x7ffff75734bd "memory.limit_in_bytes", value=1073741824) at util/vircgroup.c:740
 #3  0x00007ffff70ee518 in virCgroupSetMemory (group=0x0, kb=1048576) at util/vircgroup.c:1904
 #4  0x00007ffff70ee675 in virCgroupSetMemoryHardLimit (group=0x0, kb=1048576)
     at util/vircgroup.c:1944
 #5  0x00005555557d54c8 in lxcDomainSetMemoryParameters (dom=0x7fffe40cc420,
     params=0x7fffe409f100, nparams=1, flags=0) at lxc/lxc_driver.c:774
 #6  0x00007ffff72c20f9 in virDomainSetMemoryParameters (domain=0x7fffe40cc420,
     params=0x7fffe409f100, nparams=1, flags=0) at libvirt.c:4051
 #7  0x000055555561365f in remoteDispatchDomainSetMemoryParameters (server=0x555555eb7e00,
     client=0x555555ec4b10, msg=0x555555eb94e0, rerr=0x7fffec8bfb70, args=0x7fffe40b8510)
     at remote_dispatch.h:7621
 #8  0x00005555556133fd in remoteDispatchDomainSetMemoryParametersHelper (server=0x555555eb7e00,
     client=0x555555ec4b10, msg=0x555555eb94e0, rerr=0x7fffec8bfb70, args=0x7fffe40b8510,
     ret=0x7fffe40b84f0) at remote_dispatch.h:7591
 #9  0x00007ffff73b293f in virNetServerProgramDispatchCall (prog=0x555555ec3ae0,
     server=0x555555eb7e00, client=0x555555ec4b10, msg=0x555555eb94e0)
     at rpc/virnetserverprogram.c:435
 #10 0x00007ffff73b207f in virNetServerProgramDispatch (prog=0x555555ec3ae0,
     server=0x555555eb7e00, client=0x555555ec4b10, msg=0x555555eb94e0)
     at rpc/virnetserverprogram.c:305
 #11 0x00007ffff73a4d2c in virNetServerProcessMsg (srv=0x555555eb7e00, client=0x555555ec4b10,
     prog=0x555555ec3ae0, msg=0x555555eb94e0) at rpc/virnetserver.c:165
 #12 0x00007ffff73a4e8d in virNetServerHandleJob (jobOpaque=0x555555ec3e30, opaque=0x555555eb7e00)
     at rpc/virnetserver.c:186
 #13 0x00007ffff7187f3f in virThreadPoolWorker (opaque=0x555555eb7ac0) at util/virthreadpool.c:144
 #14 0x00007ffff718733a in virThreadHelper (data=0x555555eb7890) at util/virthreadpthread.c:161
 #15 0x00007ffff468ed89 in start_thread (arg=0x7fffec8c0700) at pthread_create.c:308
 #16 0x00007ffff3da26bd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2013-12-20 12:47:14 +00:00
Martin Kletzander
f8c1cb9021 CVE-2013-6436: fix crash in lxcDomainGetMemoryParameters
The function doesn't check whether the request is made for active or
inactive domain.  Thus when the domain is not running it still tries
accessing non-existing cgroups (priv->cgroup, which is NULL).

I re-made the function in order for it to work the same way it's qemu
counterpart does.

Reproducer:
 1) Define an LXC domain
 2) Do 'virsh memtune <domain>'

Backtrace:
 Thread 6 (Thread 0x7fffec8c0700 (LWP 13387)):
 #0  0x00007ffff70edcc4 in virCgroupPathOfController (group=0x0, controller=3,
     key=0x7ffff75734bd "memory.limit_in_bytes", path=0x7fffec8bf750) at util/vircgroup.c:1764
 #1  0x00007ffff70e958c in virCgroupGetValueStr (group=0x0, controller=3,
     key=0x7ffff75734bd "memory.limit_in_bytes", value=0x7fffec8bf7c0) at util/vircgroup.c:705
 #2  0x00007ffff70e9d29 in virCgroupGetValueU64 (group=0x0, controller=3,
     key=0x7ffff75734bd "memory.limit_in_bytes", value=0x7fffec8bf810) at util/vircgroup.c:804
 #3  0x00007ffff70ee706 in virCgroupGetMemoryHardLimit (group=0x0, kb=0x7fffec8bf8a8)
     at util/vircgroup.c:1962
 #4  0x00005555557d590f in lxcDomainGetMemoryParameters (dom=0x7fffd40024a0,
     params=0x7fffd40027a0, nparams=0x7fffec8bfa24, flags=0) at lxc/lxc_driver.c:826
 #5  0x00007ffff72c28d3 in virDomainGetMemoryParameters (domain=0x7fffd40024a0,
     params=0x7fffd40027a0, nparams=0x7fffec8bfa24, flags=0) at libvirt.c:4137
 #6  0x000055555563714d in remoteDispatchDomainGetMemoryParameters (server=0x555555eb7e00,
     client=0x555555ebaef0, msg=0x555555ebb3e0, rerr=0x7fffec8bfb70, args=0x7fffd40024e0,
     ret=0x7fffd4002420) at remote.c:1895
 #7  0x00005555556052c4 in remoteDispatchDomainGetMemoryParametersHelper (server=0x555555eb7e00,
     client=0x555555ebaef0, msg=0x555555ebb3e0, rerr=0x7fffec8bfb70, args=0x7fffd40024e0,
     ret=0x7fffd4002420) at remote_dispatch.h:4050
 #8  0x00007ffff73b293f in virNetServerProgramDispatchCall (prog=0x555555ec3ae0,
     server=0x555555eb7e00, client=0x555555ebaef0, msg=0x555555ebb3e0)
     at rpc/virnetserverprogram.c:435
 #9  0x00007ffff73b207f in virNetServerProgramDispatch (prog=0x555555ec3ae0,
     server=0x555555eb7e00, client=0x555555ebaef0, msg=0x555555ebb3e0)
     at rpc/virnetserverprogram.c:305
 #10 0x00007ffff73a4d2c in virNetServerProcessMsg (srv=0x555555eb7e00, client=0x555555ebaef0,
     prog=0x555555ec3ae0, msg=0x555555ebb3e0) at rpc/virnetserver.c:165
 #11 0x00007ffff73a4e8d in virNetServerHandleJob (jobOpaque=0x555555ebc7e0, opaque=0x555555eb7e00)
     at rpc/virnetserver.c:186
 #12 0x00007ffff7187f3f in virThreadPoolWorker (opaque=0x555555eb7ac0) at util/virthreadpool.c:144
 #13 0x00007ffff718733a in virThreadHelper (data=0x555555eb7890) at util/virthreadpthread.c:161
 #14 0x00007ffff468ed89 in start_thread (arg=0x7fffec8c0700) at pthread_create.c:308
 #15 0x00007ffff3da26bd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2013-12-20 12:46:47 +00:00
Eric Blake
3e67714e48 docs: improve event-related documentation
While looking at event code, I noticed that the documentation was
trying to refer me to functions that don't exist.  Also fix some
typos and poor formatting.

* src/libvirt.c (virConnectDomainEventDeregister)
(virConnectDomainEventRegisterAny)
(virConnectDomainEventDeregisterAny)
(virConnectNetworkEventRegisterAny)
(virConnectNetworkEventDeregisterAny): Link to correct function.
* include/libvirt.h.in (VIR_DOMAIN_EVENT_CALLBACK)
(VIR_NETWORK_EVENT_CALLBACK): Likewise.
(virDomainEventID, virConnectDomainEventGenericCallback)
(virNetworkEventID, virConnectNetworkEventGenericCallback):
Improve docs.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-12-19 09:45:50 -07:00
Eric Blake
3a96cebceb storage: fix bogus target in gluster volume xml
Commit 6cd60b6 was flat out broken - it tried to print into the
wrong variable.  My testing was obviously too cursory (did the
name get a slash added?); valgrind would have caught the error.
Thankfully it didn't hit any release.

Reported by Peter Krempa.

* src/storage/storage_backend_gluster.c
(virStorageBackendGlusterRefreshVol): Fix bogus code.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-12-19 09:17:11 -07:00
Daniel P. Berrange
147a3d2487 Remove stray semicolon after pragma macros
The VIR_WARNINGS_NO_CAST_ALIGN / VIR_WARNINGS_RESET should
not have any trailing ';' since they are pragmas. The use
of a ';' results in an empty statement which confuses CIL.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-12-19 16:02:38 +00:00
Peter Krempa
f17c968827 storage: Avoid forward declaration of virStorageVolDelete
Move the code around so that the forward declaration isn't needed. Also
fix code style of the opening brace of the function by moving it to a
separate line.
2013-12-19 11:53:41 +01:00
Peter Krempa
b560946c19 storage: Add gluster pool filter and fix virsh pool listing
Recent addition of the gluster pool type omitted fixing the virsh and
virConnectListAllStoragePool filters. A typecast of the converting
function in virsh showed that also the sheepdog pool was omitted in the
command parser.

This patch adds gluster pool filtering support and fixes virsh to
properly convert all supported storage pool types. The added typecast
should avoid doing such mistakes in the future.
2013-12-19 11:01:50 +01:00
Daniel P. Berrange
7d3a1c8bd1 Fix race leading to crash when setting up dbus watches
Currently the virDBusAddWatch does

  virEventAddHandle(fd, flags,
                    virDBusWatchCallback,
                    watch, NULL);
  dbus_watch_set_data(watch, info, virDBusWatchFree);

Unfortunately this is racy - since the event loop is in a
different thread, the virDBusWatchCallback method may be
run before we get to calling dbus_watch_set_data. We must
reverse the order of these calls

See https://bugzilla.redhat.com/show_bug.cgi?id=885445

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-12-18 16:59:02 +00:00
Dario Faggioli
284d2fc299 libxl: libxl_get_max_cpus returning a libxl error from 4.4 onward
Starting from commit 2e82c18c in Xen (will be included in Xen 4.4)
both libxl_get_max_cpus() and libxl_get_max_nodes() start returning
a proper libxl error code, in case of failure. This patch fixes
this in the libxl driver.

Note that, although it is now basically impossible for them to return
0, that would, theoretically, still be wrong. Also, checking that the
returned value is '<= 0' makes the code correct for both Xen 4.4 and
Xen 4.3 (and 4.2), and that is why we go for it (rather than
just '< 0').

Signed-off-by: Dario Faggioli <dario.faggioli@citrix.com>
Cc: Jim Fehlig <jfehlig@suse.com>
Cc: Ian Jackson <Ian.Jackson@eu.citrix.com>
Cc: Martin Kletzander <mkletzan@redhat.com>
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2013-12-18 17:08:41 +01:00
Eric Blake
a21cfb0f48 qemu: ask for -enable-fips when FIPS is required
On a system that is enforcing FIPS, most libraries honor the
current mode by default.  Qemu, on the other hand, refused to
honor FIPS mode unless you add the '-enable-fips' command
line option; worse, this option is not discoverable via QMP,
and is only present on binaries built for Linux.  So, if we
detect FIPS mode, then we unconditionally ask for FIPS; either
qemu is new enough to have the option and then correctly
cripple insecure VNC passwords, or it is so old that we are
correctly avoiding a FIPS violation by preventing qemu from
starting.  Meanwhile, if we don't detect FIPS mode, then
omitting the argument is safe whether the qemu has the option
(but it would do nothing because FIPS is disabled) or whether
qemu lacks the option (including in the case where we are not
running on Linux).

The testsuite was a bit interesting: we don't want our test
to depend on whether it is being run in FIPS mode, so I had
to tweak things to set the capability bit outside of our
normal interaction with capability parsing.

This fixes https://bugzilla.redhat.com/show_bug.cgi?id=1035474

* src/qemu/qemu_capabilities.h (QEMU_CAPS_ENABLE_FIPS): New bit.
* src/qemu/qemu_capabilities.c (virQEMUCapsInitQMP): Conditionally
set capability according to detection of FIPS mode.
* src/qemu/qemu_command.c (qemuBuildCommandLine): Use it.
* tests/qemucapabilitiestest.c (testQemuCaps): Conditionally set
capability to test expected output.
* tests/qemucapabilitiesdata/caps_1.2.2-1.caps: Update list.
* tests/qemucapabilitiesdata/caps_1.6.0-1.caps: Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-12-18 07:05:29 -07:00
Daniel P. Berrange
daf08f36b5 Set the 'container_ttys' env variable for LXC consoles
Systemd specified that any /dev/pts/NNN device on which it
is expected to spawn a agetty login, should be listed in
the 'container_ttys' env variable. It should just contain
the relative paths, eg 'pts/0' not '/dev/pts/0' and should
be space separated.

http://cgit.freedesktop.org/systemd/systemd/commit/?id=1d97ff7dd71902a5604c2fed8964925d54e09de9

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-12-18 11:21:10 +00:00
Michal Privoznik
b0579ed900 storage: resize vol against real allocated size
Currently, 'vol-resize --allocate' allocates new space at the
vol->capacity offset. But the vol->capacity is not necessarily the same
as vol->allocation. For instance:.

	[root@localhost ~]# virsh vol-list --pool tmp-pool --details
	 Name      Path                   Type  Capacity  Allocation
	-------------------------------------------------------------
	 tmp-vol  /root/tmp-pool/tmp-vol  file  1.00 GiB  1.00 GiB

	[root@localhost ~]# virsh vol-resize tmp-vol --pool tmp-pool 2G

	[root@localhost ~]# virsh vol-list --pool tmp-pool --details
	 Name      Path                   Type  Capacity  Allocation
	-------------------------------------------------------------
	 tmp-vol  /root/tmp-pool/tmp-vol  file  2.00 GiB  1.00 GiB

So, if we want to allocate more bytes, so the file is say 3G big, the
real allocated size is 2G actually:

	[root@localhost ~]# virsh vol-resize tmp-vol --pool tmp-pool 3G --allocate

	[root@localhost ~]# virsh vol-list --pool tmp-pool --details
	 Name      Path                   Type  Capacity  Allocation
	-------------------------------------------------------------
	 tmp-vol  /root/tmp-pool/tmp-vol  file  3.00 GiB  2.00 GiB

This commit uses the correct vol->allocation instead of incorrect
vol->capacity, so the output of the commands above looks like this:

	[root@localhost ~]# virsh vol-resize tmp-vol --pool tmp-pool 3G --allocate

	[root@localhost ~]# virsh vol-list --pool tmp-pool --details
	 Name      Path                   Type  Capacity  Allocation
	-------------------------------------------------------------
	 tmp-vol  /root/tmp-pool/tmp-vol  file  3.00 GiB  3.00 GiB

Moreover, if the '--alocate' flag was used, we must update the
vol->allocation member in storageVolResize API too, not just
vol->capacity.

Reported-by: Wang Sen <wangsen@linux.vnet.ibm.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-12-18 09:08:27 +01:00
Wout Mertens
5d7e4f0cf3 Support transient attribute on vmware disks
vmx/vmx.c ignores the transient attribute on the disk xml format. This patch
adds a 1-1 relationship between it and [disk].mode = "independent-nonpersistent".

The other modes are ignored as before. It works in my testing.

https://bugzilla.redhat.com/show_bug.cgi?id=1044023

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-12-17 14:24:49 -07:00
Martin Kletzander
b5857eb5be qemu: fix typo PCi => PCI
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2013-12-16 17:31:10 +01:00
Gao feng
fbc680a318 LXC: Change incorrect error report in lxcContainerPivotRoot
The newroot is not mounted as tmpfs, we bind root->src to it.

Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
2013-12-16 11:12:41 +01:00
Daniel P. Berrange
ef19b3e3f5 Add debug output when registering event handlers
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-12-13 16:07:55 +00:00
Daniel P. Berrange
dbcc38da15 Remove the event namespace concept
The event namespace concept is mostly redundant information.
With the re-written dispatcher, the namespace is only used
for equality comparisons between event IDs. This can be solved
by just comparing virClassPtr instances instead.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-12-13 16:07:55 +00:00
Daniel P. Berrange
8a4820ab23 Associate a dispatch function with the event objects
Instead of having the object event code have to know about each
type of event and their dispatch functions, associate a dispatch
function with the object instance. The dispatch code can thus be
significantly simplified.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-12-13 16:07:54 +00:00
Daniel P. Berrange
5c17a37142 Introduce abstract virNetworkEvent class
Inject a virNetworkEvent class between virObjectEvent
and virNetworkEventLifecycle to mirror virDomainEvent.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-12-13 16:07:54 +00:00
Daniel P. Berrange
6e2545c07b Add 'detail' arg to network lifecycle event internals
While the public API & wire protocol included the 'detail'
arg for network lifecycle events, the internal event handling
code did not process it. This meant that if a future libvirtd
server starts sending non-0 'detail' args, the current libvirt
client will not process them.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-12-13 16:07:54 +00:00
Nehal J Wani
34d52b3471 Fix memory leak in virObjectEventCallbackListRemoveID()
While running objecteventtest, it was found that valgrind pointed out the
following memory leak:

==13464== 5 bytes in 1 blocks are definitely lost in loss record 7 of 134
==13464==    at 0x4A0887C: malloc (vg_replace_malloc.c:270)
==13464==    by 0x341F485E21: strdup (strdup.c:42)
==13464==    by 0x4CAE28F: virStrdup (virstring.c:554)
==13464==    by 0x4CF3CBE: virObjectEventCallbackListAddID (object_event.c:286)
==13464==    by 0x4CF49CA: virObjectEventStateRegisterID (object_event.c:729)
==13464==    by 0x4CF73FE: virDomainEventStateRegisterID (domain_event.c:1424)
==13464==    by 0x4D7358F: testConnectDomainEventRegisterAny (test_driver.c:6032)
==13464==    by 0x4D600C8: virConnectDomainEventRegisterAny (libvirt.c:19128)
==13464==    by 0x402409: testDomainStartStopEvent (objecteventtest.c:232)
==13464==    by 0x403451: virtTestRun (testutils.c:138)
==13464==    by 0x402012: mymain (objecteventtest.c:395)
==13464==    by 0x403AF2: virtTestMain (testutils.c:593)
==13464==
2013-12-13 16:23:21 +01:00
Martin Kletzander
15275f2edb qemu: check for reboot-timeout on monitor
The support for <boot rebootTimeout="12345"/> was added before we were
checking for qemu command line options in QMP, so we haven't properly
adapted virQEMUCaps when using it and thus we report unsupported
option with new enough qemu.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1042690

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2013-12-13 15:20:09 +01:00
Chen Hanxiao
5ed324a205 lxc: return -1 if failed to kill lxc process
We missed a return when virProcessKillPainfully
failed to kill lxc process

Signed-off-by: Chen Hanxiao <chenhanxiao@cn.fujitsu.com>
2013-12-13 06:02:11 -07:00
Eric Blake
fca4f23340 object: require maximal alignment in base class
Recent changes to events (commit 8a29ffcf) resulted in new compile
failures on some targets (such as ARM OMAP5):
conf/domain_event.c: In function 'virDomainEventDispatchDefaultFunc':
conf/domain_event.c:1198:30: error: cast increases required alignment of
target type [-Werror=cast-align]
conf/domain_event.c:1314:34: error: cast increases required alignment of
target type [-Werror=cast-align]
cc1: all warnings being treated as errors

The error is due to alignment; the base class is merely aligned
to the worst of 'int' and 'void*', while the child class must
be aligned to a 'long long'.  The solution is to include a
'long long' (and for good measure, a function pointer) in the
base class to ensure correct alignment regardless of what a
child class may add, but to wrap the inclusion in a union so
as to not incur any wasted space.  On a typical x86_64 platform,
the base class remains 16 bytes; on i686, the base class remains
12 bytes; and on the impacted ARM platform, the base class grows
from 12 bytes to 16 bytes due to the increase of alignment from
4 to 8 bytes.

Reported by Michele Paolino and others.

* src/util/virobject.h (_virObject): Use a union to ensure that
subclasses never have stricter alignment than the parent.
* src/util/virobject.c (virObjectNew, virObjectUnref)
(virObjectRef): Adjust clients.
* src/libvirt.c (virConnectRef, virDomainRef, virNetworkRef)
(virInterfaceRef, virStoragePoolRef, virStorageVolRef)
(virNodeDeviceRef, virSecretRef, virStreamRef, virNWFilterRef)
(virDomainSnapshotRef): Likewise.
* src/qemu/qemu_monitor.c (qemuMonitorOpenInternal)
(qemuMonitorClose): Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-12-13 05:59:38 -07:00
Hu Tao
4d18758df8 qemu: add support for -device pvpanic
Map the new <panic> device in XML to the '-device pvpanic' command
line of qemu.  Clients can then couple the <panic> device and the
<on_crash> directive to control behavior when the guest reports
a panic to qemu.

Signed-off-by: Hu Tao <hutao@cn.fujitsu.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2013-12-13 05:53:33 -07:00
Hu Tao
4313feade4 conf: add support for panic device
panic device is a device that enables libvirt to receive notification
of guest panic event.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-12-12 21:17:26 -07:00
Hu Tao
f1a039ef57 conf: introduce generic ISA address
For example:
<address type='isa' iobase='0x505' irq='0x1'/>

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-12-12 21:11:21 -07:00
Gao feng
b9ce5d388f rename virBlkioDeviceWeightPtr to virBlkioDevicePtr
The throttle blkio cgroup will reuse this struct.

Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
2013-12-12 12:29:59 +00:00
Gao feng
b4710669c3 rename virBlkioDeviceWeightArrayClear to virBlkioDeviceArrayClear
Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
2013-12-12 12:29:54 +00:00
Gao feng
529739cc80 rename virDomainBlkioDeviceWeightParseXML to virDomainBlkioDeviceParseXML
virDomainBlkioDeviceWeightParseXML will be used to parse
the xml element read_bps, write_bps, read_iops, write_iops.

Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
2013-12-12 12:29:50 +00:00
Cédric Bosdonnat
a5a484ddfc Added default case with error for object event dispatching
Hitting this should be pretty rare, but at least developers will know
that they are providing a weird event ID. Otherwise for namespace that
are added in the normal way, gcc will raise a warning about unhandled
case in the switch.
2013-12-11 13:35:08 +00:00
Cédric Bosdonnat
1b07406e9e Fixed indentation in src/conf/*_event* 2013-12-11 13:35:06 +00:00
Cédric Bosdonnat
cd88e9293a Added network events to the bridged network driver 2013-12-11 13:32:21 +00:00
Cédric Bosdonnat
61ac8ce0a9 Add network events to the remote driver 2013-12-11 13:26:25 +00:00
Cédric Bosdonnat
2ef412bdba test driver: implemented network events 2013-12-11 13:15:01 +00:00
Cédric Bosdonnat
9ff38c5428 Added Network events API and virNetworkEventLifecycle.
Define the public API for (de-)registering network events
and the callbacks for receiving lifecycle events. The lifecycle
event includes a 'detail' parameter to match the domain lifecycle
event data, but this is currently unused.

The network events related code goes into its own set of internal
files src/conf/network_event.[ch]
2013-12-11 13:10:41 +00:00
Michael Chapman
6100cd985c storage_backend_rbd: rename "stat" variable
This variable shadows the stat(2) function, which only became visible in
this scope as of commit 9cac8639. Rename the variable so it doesn't
conflict.

Signed-off-by: Michael Chapman <mike@very.puzzling.org>
2013-12-11 10:18:15 +01:00
Eric Blake
6cd60b687a storage: fix omitted slash in gluster volume URI
When doing 'virsh vol-dumpxml' on a gluster pool's volume, the
resulting URI incorrectly omitted a slash between hostname and
path:  gluster://192.168.122.206rhsvol1/fedora-19.img

This is fallout from me rebasing earlier versions of my patch
that ended up as commit efee1af; I had originally played with
always requiring the gluster volume to have a leading slash,
but it was easier to use the gluster API if the gluster volume
name was guaranteed to have no slash.  While I got the URI of
the pool correct, I forgot to fix the URI of a libvirt volume.

* src/storage/storage_backend_gluster.c
(virStorageBackendGlusterRefreshVol): Use correct starting point
since uri construction requires leading slash.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-12-10 09:40:41 -07:00
Chen Hanxiao
6006c091e2 If we do not specify a readonly mount, we don't need to
re-mount it again.

Signed-off-by: Chen Hanxiao <chenhanxiao@cn.fujitsu.com>
2013-12-10 16:29:09 +00:00
Michal Privoznik
d10a6506b0 Revert "virtlockd: treat SIGHUP like SIGUSR1"
This reverts commit 8355d42dd3.

After some discussion upstream [1] this patch turns out to be spurious.
It better gets reverted prior to a release.

1: https://www.redhat.com/archives/libvir-list/2013-December/msg00563.html

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-12-10 15:49:06 +01:00
Michal Privoznik
11e44d66fd qemu_process: Read errors from child
https://bugzilla.redhat.com/show_bug.cgi?id=1035955

There's a window when starting a qemu process between fork() and exec()
during which we are doing things that may fail but not tunnelling the
error to the daemon. This is basically all within qemuProcessHook().
So whenever we fail in something, e.g. placing a process onto numa node,
users are left with:

    error: Child quit during startup handshake: Input/output error

while the original error is thrown into the domain log:

    libvirt:  error : internal error: NUMA memory tuning in 'preferred'
    mode only supports single node

Hence, we should read the log file and search for the error message and
report it to users.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-12-10 15:36:17 +01:00
Cédric Bosdonnat
9973032fd8 test driver: renamed testDomainEventQueue into testObjectEventQueue 2013-12-10 13:12:37 +00:00
Cédric Bosdonnat
620103feaf Extracted common parts of domain_event.[ch] to object_event.[ch] 2013-12-10 13:12:35 +00:00
Cédric Bosdonnat
f88241608a Split the virObjectEvent and virDomainEvent* to separate them after 2013-12-10 13:07:07 +00:00
Cédric Bosdonnat
d397bf2f6d Renamed virDomainEventTimer to virObjectEventTimer 2013-12-10 13:07:02 +00:00
Cédric Bosdonnat
abb65994b7 Add object event namespaces for the event IDs
Each unique event ID will thus be composed by 1 byte for the namespace
and 1 byte for a namespace-specific ID. The namespace for domain event
needs to be 0 for compatibility reasons.
2013-12-10 13:04:25 +00:00
Cédric Bosdonnat
67d91cb2bd Use virObjectEventPtr instead of virDomainEventPtr
The virDomainEvent class is kept as it indicates what meta informations
are valid for the children classes. This may be useful in the future.
2013-12-10 12:45:21 +00:00
Cédric Bosdonnat
d4d02b206a Create virDomainEventDeviceRemoved and remove the huge union
RIP virDomainEvent union. All data are now stored in each
virObjectEvent subclass.
2013-12-10 12:38:36 +00:00
Cédric Bosdonnat
d9c6ba31a5 Create virDomainEventBalloonChange to get rid of the huge union 2013-12-10 12:38:03 +00:00
Cédric Bosdonnat
8d53d6ab74 Create virDomainEventTrayChange to get rid of the huge union 2013-12-10 12:37:26 +00:00
Cédric Bosdonnat
bc7b304336 Create virDomainEventDiskChange to get rid of the huge union 2013-12-10 12:36:54 +00:00
Cédric Bosdonnat
0ac4c9edad Create virDomainEventBlockJob to get rid of the huge union 2013-12-10 12:35:12 +00:00
Cédric Bosdonnat
e6b83046b1 Create virDomainEventGraphics to get rid of the huge union 2013-12-10 12:34:52 +00:00
Cédric Bosdonnat
b223263850 Create virDomainEventIOError to get rid of the huge union 2013-12-10 12:33:24 +00:00
Cédric Bosdonnat
b044091540 Create virDomainEventWatchdog to get rid of the huge union 2013-12-10 12:31:55 +00:00
Cédric Bosdonnat
8a29ffcf9a Create virDomainEventRTCChange to get rid of the huge union 2013-12-10 12:30:55 +00:00
Cédric Bosdonnat
2c0008cc3e Renamed virDomainEventNewInternal to virDomainEventNew
This change may be confusing at first, but provides a much more
consistent naming scheme for the virObjectEvent children construction
functions.
2013-12-10 12:29:38 +00:00
Cédric Bosdonnat
6ffce0f698 Renamed virDomainEventNew* to virDomainEventLifecycleNew*
This aims at providing some consistency with other domain events
2013-12-10 12:27:37 +00:00
Cédric Bosdonnat
0d1d632d79 Create virDomainEventLifecycle to start removing the huge union 2013-12-10 12:25:26 +00:00
Cédric Bosdonnat
de463feb97 virObject-ified virDomainEvent
Added a parent class virObjectEvent for future event types
2013-12-10 12:05:06 +00:00
Cédric Bosdonnat
6893f37682 Created virObjectEventStateRegisterID
Keep virDomainEventStateRegisterID as a convenience wrapper around
this new function.
2013-12-10 11:38:30 +00:00
Cédric Bosdonnat
1ee803e590 Renamed virDomainEventCallbackList* to virObjectEventCallbackList*
Keep the legacy Domain lifecycle event functions as is.
2013-12-10 11:37:07 +00:00
Cédric Bosdonnat
146434efad Renamed virDomainEventState to virObjectEventState
Leave virDomainEventRegister and its Deregister brother as these are
legacy functions only for domain lifecycle events.
2013-12-10 11:35:34 +00:00
Cédric Bosdonnat
df328f9345 Renamed virDomainEventQueue to virObjectEventQueue
The event queue will be generalized to hold events related
to any object type.
2013-12-10 11:33:12 +00:00
Cédric Bosdonnat
9db86c87d7 Renamed virDomainMeta to virObjectMeta
The metadata struct will hold the unique identifiers for
any type of object, though not all fields will be used
for all types.
2013-12-10 11:31:02 +00:00
Cédric Bosdonnat
f95b1921a1 Rename virDomainEventCallback to virObjectEventCallback
The event callbacks will be generalized to handle events
for any object type.
2013-12-10 11:30:24 +00:00
Michael Chapman
f1b1752537 virtlockd: use common exit path when out-of-memory
Also use a distinct, valid exit status for daemon re-execution failure.

Signed-off-by: Michael Chapman <mike@very.puzzling.org>
2013-12-10 12:02:37 +01:00
Michael Chapman
8355d42dd3 virtlockd: treat SIGHUP like SIGUSR1
SIGHUP is commonly used to instruct a daemon to reload its config. For
now we should handle it in virtlockd just like SIGUSR1, rather than
having it kill the process.

Signed-off-by: Michael Chapman <mike@very.puzzling.org>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-12-10 12:02:37 +01:00
Michael Chapman
59d6e65d6c virtlockd: improve initscripts
- Use SIGUSR1, not SIGHUP, on reload. At present, virtlockd only
  responds to the former.

- Fix PID file for virtlockd.

- Do not start virtlockd in any runlevels by default. It needs to be
  explicitly selected in libvirt's qemu.conf anyway, so there is no
  need to have it running on all systems regardless.

- Fix chkconfig priorities to ensure virtlockd is started before
  libvirtd is started, and stopped after libvirtd is stopped.

- Add "Should-Start: virtlockd" to the libvirtd initscript's LSB header,
  for the same reason.

- Add "Default-Stop" to both libvirtd and virtlockd initscripts. LSB
  does not guarantee that this defaults to the inverse of
  "Default-Start".

Signed-off-by: Michael Chapman <mike@very.puzzling.org>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-12-10 12:02:37 +01:00
Michael Chapman
1163fa36b7 virtlockd: improve systemd units
- Pass VIRTLOCKD_ARGS through to virtlockd.

- Use SIGUSR1, not SIGHUP, in ExecReload. At present, virtlockd only
  responds to the former.

- Have "systemctl enable virtlockd.service" enable virtlockd.socket,
  rather than throw an error.

- Make virtlockd.socket wanted by sockets.target, rather than
  multi-user.target. This is consistent with other socket units in
  Fedora, and it ensures that the socket is available before libvirtd is
  started.

Signed-off-by: Michael Chapman <mike@very.puzzling.org>
2013-12-10 12:02:37 +01:00
Martin Kletzander
ea130e3bf6 conf: don't format memtune with unlimited values
When changing memtune limits to unlimited with AFFECT_CONFIG, the
values in virDomainDef are set to PARAM_UNLIMITED, which causes the
whole <memtune> to be formatted.  This can be changed in all drivers,
but it also makes sense to use the default (0) as another value for
"unlimited", since zero memory limit makes no sense.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2013-12-10 09:11:26 +01:00
Martin Kletzander
8d7c668e64 qemu: Fix minor inconsistency in error message
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2013-12-10 08:38:46 +01:00
Martin Kletzander
0c2fdd7b14 qemu: Report VIR_DOMAIN_MEMORY_PARAM_UNLIMITED properly
For dead domains that have no memtune limits, we return 0 instead of
"unlimited", this patch fixes it to return PARAM_UNLIMITED.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2013-12-10 08:38:46 +01:00
Martin Kletzander
231656bbeb cgroups: Redefine what "unlimited" means wrt memory limits
Since kernel 3.12 (commit 34ff8dc08956098563989d8599840b130be81252 in
linux-stable.git in particular) the value for 'unlimited' in cgroup
memory limits changed from LLONG_MAX to ULLONG_MAX.  Due to rather
unfortunate choice of our VIR_DOMAIN_MEMORY_PARAM_UNLIMITED constant
(which we transfer as an unsigned long long in Kibibytes), we ended up
with the situation described below (applies to x86_64):

 - 2^64-1 (ULLONG_MAX) -- "unlimited" in kernel = 3.12

 - 2^63-1 (LLONG_MAX) -- "unlimited" in kernel < 3.12
 - 2^63-1024 -- our PARAM_UNLIMITED scaled to Bytes

 - 2^53-1 -- our PARAM_UNLIMITED unscaled (in Kibibytes)

This means that when any number within (2^63-1, 2^64-1] is read from
memory cgroup, we are transferring that number instead of "unlimited".
Unfortunately, changing VIR_DOMAIN_MEMORY_PARAM_UNLIMITED would break
ABI compatibility and thus we have to resort to a different solution.

With this patch every value greater than PARAM_UNLIMITED means
"unlimited".  Even though this may seem misleading, we are already in
such unclear situation when running 3.12 kernel with memory limits set
to 2^63.

One example showing most of the problems at once (with kernel 3.12.2):
 # virsh memtune asdf --hard-limit 9007199254740991 --swap-hard-limit -1
 # echo 12345678901234567890 >\
/sys/fs/cgroup/memory/machine/asdf.libvirt-qemu/memory.soft_limit_in_bytes
 # virsh memtune asdf
 hard_limit     : 18014398509481983
 soft_limit     : 12056327051986884
 swap_hard_limit: 18014398509481983

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2013-12-10 08:38:46 +01:00
Cole Robinson
586b0ed818 qemu: hotplug: Fix adding USB devices to the driver list
We were unconditionally removing the device from the host list, when it
should only be done on error.

This fixes USB collision detection when hotplugging the same device to
two guests.
2013-12-09 13:43:48 -05:00
Cole Robinson
5953a73787 qemu: hotplug: Fix double free on USB collision
If we hit a collision, we free the USB device while it is still part
of our temporary USBDeviceList. When the list is unref'd, the device
is free'd again.

Make the initial device freeing dependent on whether it is present
in the temporary list or not.
2013-12-09 13:43:47 -05:00
Cole Robinson
ee414b5d6d qemu: hotplug: Only label hostdev after checking device conflicts
Similar to what Jiri did for cgroup setup/teardown in 05e149f94, push
it all into the device handler functions so we can do the necessary prep
work before claiming the device.

This also fixes hotplugging USB devices by product/vendor (virt-manager's
default behavior):

https://bugzilla.redhat.com/show_bug.cgi?id=1016511
2013-12-09 13:43:47 -05:00
Chen Hanxiao
78d04e556a lxcContainerMountFSDevPTS: Unify @ret usage pattern
Currently, if virFileMakePath() fails, the @ret is left initialized from
virAsprintf() just a few lines above leading to a wrong return value of
zero whereas -1 should be returned.

Signed-off-by: Chen Hanxiao <chenhanxiao@cn.fujitsu.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-12-06 16:27:12 +01:00
Zhou Yimin
036aeca721 Cgroup: Replace 'newpath' with 'newPath'
Unifying codding style, replace 'newpath' with 'newPath'.

From: Zhou Yimin <zhouyimin@huawei.com>
2013-12-06 16:18:14 +01:00
Ján Tomko
952ab4c993 Add qxl ram size to ABI stability check
55bfd02 added a 'ram' attribute for qxl video devices
but didn't update the ABI check.

https://bugzilla.redhat.com/show_bug.cgi?id=1035123
2013-12-06 15:00:16 +01:00
Peter Krempa
34b8449027 qemu: Improve error when setting invalid count of vcpus via agent
https://bugzilla.redhat.com/show_bug.cgi?id=1035108

When attempting to enable more vCPUs in the guest than is currently
enabled in the guest but less than the maximum count for the VM we
currently reported an unhelpful message:

 error: internal error: guest agent reports less cpu than requested

This patch changes it to:

 error: invalid argument: requested vcpu count is greater than the count
 of enabled vcpus in the domain: 3 > 2
2013-12-06 11:09:04 +01:00
Peter Krempa
be904e4eeb conf: Fix XML formatting of RNG device info
https://bugzilla.redhat.com/show_bug.cgi?id=1035118

When outputting the XML for the RNG device, the code didn't format the
PCI address info. Additionally the schema wasn't expecting the info
although it was being parsed and used internally. Fix those mistakes and
add test for the PCI info section.
2013-12-06 11:03:56 +01:00
Peter Krempa
dafdea74b0 qemu: snapshot: Fix incorrect disk type for auto-generated disks
When changing the parsing and formatting functions in commit
43f2ccdc73 I forgot to update the qemu
disk alignment function for snapshots that automatically adds snapshot
configs for disks that were not mentioned in the XML. The function
allocated a new disk snapshot definition but did not correctly
initialize the snapshot disk source type variable. This resulted into
the disks considered as block devices and invalid XML was generated.

Reported by John Ferlan.
2013-12-06 10:45:49 +01:00
Cole Robinson
79776aa594 qemu: hotplug: Mark 2 private functions as static
They aren't used outside of qemu_hotplug.c
2013-12-05 15:34:54 -05:00
Wang Yufei
d51855d10f docs: fix double articles bug
Delete the extra article 'the'.

Signed-off-by: Wang Yufei <james.wangyufei@huawei.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2013-12-05 13:16:33 -07:00
Michal Privoznik
e925aad324 virThreadPoolFree: Set n(Prio)Workers after the pool is locked
In 78839da I am trying to join the worker threads. However, I can't
sipmly reuse pool->nWorkers (same applies for pool->nPrioWorkers),
because of the following flow that is currently implemented:

1) the main thread executing virThreadPoolFree sets pool->quit = true,
wakes up all the workers and wait on pool->quit_cond.

2) A worker is woken up and see quit request. It immediately jumps of
the while() loop and decrements pool->nWorkers (or pool->nPrioWorkers in
case of priority worker). The last thread signalizes pool->quit_cond.

3) Main thread is woken up, with both pool->nWorkers and
pool->nPrioWorkers being zero.

So there's a need to copy the original value of worker thread counts
into local variables. However, these need to set *after* the check for
pool being NULL (dereferencing a NULL is no no). And for safety they can
be set right after the pool is locked.

Reported-by: John Ferlan <jferlan@redhat.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-12-05 15:52:23 +01:00
Peter Krempa
90f9ccb4f2 qemu: Fix indentation in qemuTranslateDiskSourcePool
Commit e1a4d08baf was pushed with bad
indentation the iSCSI pool translation code.
2013-12-05 12:05:08 +01:00
Wangyufei (James)
36ae35f02c qemuAgentDispose: Reset lastError
When an error occurred in qemuAgentIO, it will be saved in mon->lastError,
but it will not be freed at the end.  Present since commit c160ce33;
and compare to commit 9cc8a5af fixing the same problem in qemu_monitor.c.

==22219== 54 bytes in 1 blocks are definitely lost in loss record 982 of 1,379
==22219==    at 0x4C26B9B: malloc (vg_replace_malloc.c:263)
==22219==    by 0x8520521: strdup (in /lib64/libc-2.11.3.so)
==22219==    by 0x52E99CB: virStrdup (virstring.c:554)
==22219==    by 0x52B44C4: virCopyError (virerror.c:195)
==22219==    by 0x52B5123: virCopyLastError (virerror.c:312)
==22219==    by 0x10905877: qemuAgentIO (qemu_agent.c:660)
==22219==    by 0x52B6122: virEventPollDispatchHandles (vireventpoll.c:501)
==22219==    by 0x52B7AEA: virEventPollRunOnce (vireventpoll.c:647)
==22219==    by 0x52B5C1B: virEventRunDefaultImpl (virevent.c:274)
==22219==    by 0x54181FD: virNetServerRun (virnetserver.c:1112)
==22219==    by 0x11EF4D: main (libvirtd.c:1513)

Signed-off-by: Zhou Yimin <zhouyimin@huawei.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2013-12-04 14:43:54 -07:00
Nehal J Wani
f386d323e6 Fix memory leak in qemuBuildDriveStr()
This patch fixes memory leaks reported by valgrind on running
qemuxml2argvtest; introduced in commit 0df53f04.

Most of them are of the form:

==24777== 15 bytes in 1 blocks are definitely lost in loss record 39 of 129
==24777==    at 0x4A0887C: malloc (vg_replace_malloc.c:270)
==24777==    by 0x341F485E21: strdup (strdup.c:42)
==24777==    by 0x4CADE5F: virStrdup (virstring.c:554)
==24777==    by 0x4362B6: qemuBuildDriveStr (qemu_command.c:3848)
==24777==    by 0x43EF73: qemuBuildCommandLine (qemu_command.c:8500)
==24777==    by 0x426670: testCompareXMLToArgvHelper (qemuxml2argvtest.c:350)
==24777==    by 0x427C01: virtTestRun (testutils.c:138)
==24777==    by 0x41DDB5: mymain (qemuxml2argvtest.c:658)
==24777==    by 0x4282A2: virtTestMain (testutils.c:593)
==24777==    by 0x341F421A04: (below main) (libc-start.c:225)
==24777==

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-12-04 14:23:50 -07:00
Peter Krempa
df36af589f maint: Kill usage of atoi()
Kill the use of atoi() and introduce syntax check to forbid it and it's
friends (atol, atoll, atof, atoq).

Also fix a typo in variable name holding the cylinders count of a disk
pool (apparently unused).

examples/domsuspend/suspend.c will need a larger scale refactor as the
whole example file is broken thus it will be exempted from the syntax
check for now.
2013-12-04 18:56:06 +01:00
Daniel P. Berrange
d75d8b46f8 Don't overwrite errors from virConfReadFile
The SELinux security driver would overwrite errors from the
virConfReadFile function.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-12-04 15:40:23 +00:00
Michal Privoznik
78839da0bb virThreadPoolFree: Join worker threads
Even though currently we are freeing the pool of worker threads at the
daemon very end, nothing holds us back in joining the worker threads.
Moreover, we avoid leaks like this:

==26697== 1,680 bytes in 5 blocks are possibly lost in loss record 913 of 942
==26697==    at 0x4C2BDE4: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==26697==    by 0x4011131: allocate_dtv (in /lib64/ld-2.16.so)
==26697==    by 0x401176D: _dl_allocate_tls (in /lib64/ld-2.16.so)
==26697==    by 0x8499602: pthread_create@@GLIBC_2.2.5 (in /lib64/libpthread-2.16.so)
==26697==    by 0x52F53E9: virThreadCreate (virthreadpthread.c:188)
==26697==    by 0x52F5D4F: virThreadPoolNew (virthreadpool.c:221)
==26697==    by 0x53F30DB: virNetServerNew (virnetserver.c:377)
==26697==    by 0x11C6ED: main (libvirtd.c:1366)

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-12-04 16:36:46 +01:00
Shivaprasad G Bhat
81fae6b95c qemu: fix live pinning to memory node on NUMA system
Ever since the subcpusets(vcpu,emulator) were introduced, the parent
cpuset cannot be modified to remove the nodes that are in use by the
subcpusets.
The fix is to break the memory node modification into three steps:
 1. assign new nodes into the parent,
 2. change the nodes in the child nodes,
 3. remove the old nodes on the parent node.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1009880

Signed-off-by: Shivaprasad G Bhat <sbhat@linux.vnet.ibm.com>
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2013-12-04 13:32:07 +01:00
John Ferlan
37a02bab1e storage_driver: Resolve Coverity CHECKED_RETURN warning
The storageRegister() didn't check the return from the
virRegisterStorageDriver() like other callers did, so Coverity
flagged it.  Just check the return and handle.
2013-12-04 06:27:20 -05:00
John Ferlan
b17168cbf6 bridge_driver: Resolve Coverity CHECKED_RETURN warning
The networkRegister() didn't check the return status of the
virRegisterNetworkDriver() call like other callers, so just
check and handle here as well.
2013-12-04 06:27:20 -05:00
John Ferlan
950a493ba9 virnetserverclient: Fix conditional change HAVE_SASL to WITH_SASL 2013-12-04 06:27:20 -05:00
John Ferlan
643b5f843d virnetserverclient: Remove Coverity DEADCODE warning
The x509dname is only set inside a WITH_GNUTLS conditional, so
when used/check later on for NULL, Coverity detects this is not
possible.  Added WITH_GNUTLS around uses to remove message
2013-12-04 06:27:19 -05:00
John Ferlan
5a298ec040 nwfilter: Remove Coverity DEADCODE warning
The nwfilterStateInitialize() would only assign sysbus inside
a WITH_DBUS conditional, thus leaving a subsequent check for sysbus
and nwfilterDriverInstallDBusMatches() as a no-op

Rather than try to add WITH_DBUS conditions which ended up conflicting
with the usage of HAVE_FIREWALLD conditionals, just remove the WITH_DBUS
since virdbus.c has entry points for with and without conditions.
2013-12-04 06:27:19 -05:00
Michal Privoznik
2e1ced5794 src: Align make output
The make inserts six spaces instead of four:

  GEN      access/viraccessapichecklxc.h
  GEN    hyperv/hyperv_wmi.generated.h
  GEN      access/viraccessapichecklxc.c
  GEN    hyperv/hyperv_wmi.generated.c
  GEN    hyperv/hyperv_wmi_classes.generated.typedef
  GEN    hyperv/hyperv_wmi_classes.generated.h
  GEN    hyperv/hyperv_wmi_classes.generated.c
  GEN      libvirt_access_qemu.xml
  GEN      libvirt_access.syms
  GEN      libvirt_access_lxc.xml
  GEN      libvirt_access_qemu.syms
  GEN      libvirt_access_lxc.syms
  GEN      libvirt_qemu.def
  GEN    esx/esx_vi_types.generated.typedef
  GEN    esx/esx_vi_types.generated.typeenum
  GEN    esx/esx_vi_types.generated.typetostring
  GEN    esx/esx_vi_types.generated.typefromstring
  GEN    esx/esx_vi_types.generated.h
  GEN    esx/esx_vi_types.generated.c
  GEN    esx/esx_vi_methods.generated.h
  GEN    esx/esx_vi_methods.generated.c
  GEN    esx/esx_vi_methods.generated.macro
  GEN    esx/esx_vi.generated.h
  GEN    esx/esx_vi.generated.c
  GEN      libvirt_lxc.def

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-12-04 09:41:33 +01:00
Laine Stump
5e12641e0e qemu: report error on attempt to live change virtio-net queues
This resolves:

  https://bugzilla.redhat.com/show_bug.cgi?id=1029732

The BZ asked for the capability to change the number of queues used by
a virtio-net device while the device is in use. Because the number of
queues can only be set at the time the device is created, that isn't
possible. However, libvirt also shouldn't be silently reporting
success when someone tries to change the number of queues. So this
patch flags that as an error (just as attempts to change any of the
other virtio-specific parameters already do).
2013-12-03 16:50:59 +02:00
Laine Stump
96fddee322 qemu: add "-boot strict" to commandline whenever possible
This resolves:

  https://bugzilla.redhat.com/show_bug.cgi?id=888635

(which was already closed as CANTFIX because the qemu "-boot strict"
commandline option wasn't available at the time).

Problem: you couldn't have a domain that used PXE to boot, but also
had an un-bootable disk device *even if that disk wasn't listed in the
boot order*, because if PXE timed out (e.g. due to the bridge
forwarding delay), the BIOS would move on to the next target, which
would be the unbootable disk device (again - even though it wasn't
given a boot order), and get stuck at a "BOOT DISK FAILURE, PRESS ANY
KEY" message until a user intervened.

The solution available since sometime around QEMU 1.5, is to add
"-boot strict=on" to *every* qemu command. When this is done, if any
devices have a boot order specified, then QEMU will *only* attempt to
boot from those devices that have an explicit boot order, ignoring the
rest.
2013-12-03 11:58:26 +02:00
Laine Stump
47b9aae0ae qemu: default to vfio for nodedev-detach
This patch resolves:

  https://bugzilla.redhat.com/show_bug.cgi?id=1035188

Commit f094aaac48 changed the PCI device assignment in qemu domains
to default to using VFIO rather than legacy KVM device assignment
(when VFIO is available). It didn't change which driver was used by
default for virNodeDeviceDetachFlags(), though, so that API (and the
virsh nodedev-detach command) was still binding to the pci-stub
driver, used by legacy KVM assignment, by default.

This patch publicizes (only within the qemu module, though, so no
additions to the symbol exports are needed) the functions that check
for presence of KVM and VFIO device assignment, then uses those
functions to decide what to do when no driver is specified for
virNodeDeviceDetachFlags(); if the vfio driver is loaded, the device
will be bound to vfio-pci, or if legacy KVM assignment is supported on
this system, the device will be bound to pci-stub; if neither method
is available, the detach will fail.
2013-12-03 11:58:26 +02:00
Peter Krempa
26fb96d8c0 qemu: snapshots: Declare supported and unsupported snapshot configs
Currently the snapshot code did not check if it actually supports
snapshots on various disk backends for domains. To avoid future problems
add checkers that whitelist the supported configurations.
2013-12-03 10:41:05 +01:00
Peter Krempa
bdeb0f0123 qemu: Clear old translated pool source
Clear the old data to avoid leaking it when attempting to re-translate a
pool on the same domain object.
2013-12-03 10:38:40 +01:00
Peter Krempa
0df53f0432 qemu: Refactor disk source string formatting
This patch adds function qemuGetDriveSourceString to produce
qemu-compatible disk source strings that will enable to reuse the code
and refactors building of the qemu commandline of disks to use this new
helper.
2013-12-03 10:36:12 +01:00
Peter Krempa
b384e2b4d7 qemu: Unify formatting of RBD sources 2013-12-03 10:31:19 +01:00
Peter Krempa
d94fd0c9c2 qemu: Split out NBD command generation 2013-12-03 10:28:57 +01:00
Peter Krempa
eaa1539b2f qemu: Migrate sheepdog source generation into common function 2013-12-03 10:27:11 +01:00
Peter Krempa
078a102537 qemu: Use qemuBuildNetworkDriveURI to handle http/ftp and friends
Prepare the function to integrate other protocols and start folding
other network protocols into a common place.
2013-12-03 10:25:11 +01:00
Peter Krempa
927ddae197 qemu: Simplify call pattern of qemuBuildDriveURIString
Automatically assign secret type from the disk source definition and
pull in adding of the comma. Then update callers to keep generated
output the same.
2013-12-03 10:23:16 +01:00
Peter Krempa
a29d33ffcb qemu: Split out formatting of network disk source URI
The snapshot code will need to use qemu-style formatted URIs of network
disks. Split out the code to avoid duplication.
2013-12-03 10:19:30 +01:00
Peter Krempa
e1a4d08baf qemu: Refactor qemuTranslateDiskSourcePool
Before this patch, the translation function still needs a second ugly
helper function to actually format the command line for qemu. But if we
do the right stuff in the translation function, we don't have to bother
with the second function any more.

This patch removes the messy qemuBuildVolumeString function and changes
qemuTranslateDiskSourcePool to set stuff up correctly so that the
regular code paths meant for volumes can be used to format the command
line correctly.

For this purpose a new helper "qemuDiskGetActualType()" is introduced to
return the type of the volume in a pool.

As a part of the refactor the qemuTranslateDiskSourcePool function is
fixed to do decisions based on the pool type instead of the volume type.
This allows to separate pool-type-specific stuff more clearly and will
ease addition of other pool types that will require certain other
operations to get the correct pool source.

The previously fixed tests should make sure that we don't break stuff
that was working before.
2013-12-03 10:16:12 +01:00
Osier Yang
ec2fb767bb Doc: Explicitly declaring that nodedev-destroy only works for vHBA
Though trying to destroy a physical HBA doesn't make sense at all,
it's still a bit misleading with saying "only works for HBA".

Signed-off-by: Osier Yang <jyang@redhat.com>
2013-12-03 16:34:46 +08:00
Daniel P. Berrange
4cac241a7b Ensure to zero out the virDomainBlockJobInfo arg
The virDomainGetBlockJobInfo method did not zero out the
virDomainBlockJobInfo pointer arg, so when block jobs were
not active it would return garbage for the bandwidth/cur/end
fields.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-12-02 17:34:57 +00:00
Peter Krempa
7e6242e9a7 qemu: snapshot: Add functions similar to disk source pool translation
To avoid future pain, add placeholder functions to get the actual
snapshot disk type.
2013-12-02 14:43:13 +01:00
Peter Krempa
cdf02d6474 qemu: snapshot: Touch up error message 2013-12-02 14:43:07 +01:00
Peter Krempa
0018477fb2 conf: Add helper do clear disk source authentication struct
Add virDomainDiskAuthClear to help cleaning out the struct in other
places too.
2013-12-02 14:31:03 +01:00
Peter Krempa
d8cf91ae38 qemu: snapshot: Detect internal snapshots also for sheepdog and RBD
When doing an internal snapshot on a VM with sheepdog or RBD disks we
would not set a flag to mark the domain is using internal snapshots and
might end up creating a mixed snapshot. Move the setting of the variable
to avoid this problem.
2013-12-02 14:31:03 +01:00
Peter Krempa
ae361674ac conf: Add functions to copy and free network disk source definitions
To simplify operations on virDomainDiskHostDef arrays we will need deep
copy and freeing functions. Add and properly export them.
2013-12-02 14:31:03 +01:00
Peter Krempa
5a66c667ff snapshot: conf: Fix NULL dereference when <driver> element is empty
Consider the following valid snapshot XML as the <driver> element is
allowed to be empty in the domainsnapshot.rng schema:

$ cat snap.xml
<domainsnapshot>
  <disks>
    <disk name='vda' snapshot='external'>
      <source file='/tmp/foo'/>
      <driver/>
    </disk>
  </disks>
</domainsnapshot>

produces the following error:

$ virsh snapshot-create domain snap.xml
error: internal error: unknown disk snapshot driver '(null)'

The driver type is parsed as NULL from the XML as the attribute is not
present and then directly used to produce the error message.

With this patch the attempt to parse the driver type is skipped if not
present to avoid changing the schema to forbid the empty driver element.
2013-12-02 14:31:02 +01:00
Peter Krempa
43f2ccdc73 snapshot: conf: Use common parsing and formatting functions for source
Disk source elements for snapshots were using separate code from our
config parser. As snapshots can be stored on more than just regular
files, we will need the universal parser to allow us to expose a variety
of snapshot disk targets. This patch reuses the config parsers and
formatters to do the job.

This initial support only changes the code without any visible XML
change.
2013-12-02 14:28:20 +01:00
Peter Krempa
5f86d11e4a conf: Export disk source formatter and parser
This code will be reused in the snapshot disk definition parser.
2013-12-02 14:02:27 +01:00
Peter Krempa
30f7ca67d9 conf: Split out seclabel formating code for disk source
The code is common for all the various disk types. Split it out to a
common function.
2013-12-02 14:02:27 +01:00
Peter Krempa
03ad83cb5a conf: Clean up virDomainDiskSourceDefFormatInternal
Avoid if statements when used with virBufferEscapeString which
automaticaly omits the whole string. Also add some line breaks to
visualy separate the code.
2013-12-02 14:02:27 +01:00
Peter Krempa
d6b4c2cca9 conf: Support disk source formatting without needing a virDomainDiskDefPtr
The <source> element formatting function was expecting a
virDomainDiskDefPtr to store the data. As snapshots are not using this
data structure to hold the data, we need to add an internal function
which splits out individual fields separately.
2013-12-02 14:02:26 +01:00
Ryota Ozaki
1ed7e014dd vbox: handle errors of virDomainHostdevDefAlloc correctly
The original code ignored errors of virDomainHostdevDefAlloc,
however, we should properly do error return from the function
if it occurs.

The fix pulls out virDomainHostdevDefAlloc from the loop and
executes it all together before the loop. So we can easily
return on errors without the notion of other memory allocations
in the loop.

The deallocation code is separated from the allocation code
because it will be used by a further patch for fixing other error
handlings.

Reported-by: Laine Stump <laine@laine.org>
Signed-off-by: Ryota Ozaki <ozaki.ryota@gmail.com>
2013-12-02 10:59:21 +08:00
Ryota Ozaki
82b5dd23f3 vbox: fix incorrect loop condition in vboxHostDeviceGetXMLDesc
The fixed loop used logical OR to combine two conditions, however,
it is apparently incorrect and logical AND is correct.

We can fix it by replacing OR with AND, but this patch instead
fixes the problem by getting rid of the first conditional
statement: USBFilterCount < def->nhostdevs. It isn't needed
because USBFilterCount will never be greater than or equal to
def->nhostdevs.

def->nhostdevs is calculated in the following code
above the loop in question like this:

    for (i = 0; i < deviceFilters.count; i++) {
        PRBool active = PR_FALSE;
        IUSBDeviceFilter *deviceFilter = deviceFilters.items[i];

        deviceFilter->vtbl->GetActive(deviceFilter, &active);
        if (active) {
            def->nhostdevs++;
        }
    }

And the loop is constructed as like this:

    for (i = 0; (USBFilterCount < def->nhostdevs) || (i < deviceFilters.count); i++) {
        PRBool active                  = PR_FALSE;
(snip)
        deviceFilter->vtbl->GetActive(deviceFilter, &active);
        if (!active)
            continue;
(snip)
        USBFilterCount++;
    }

So def->nhostdevs is the number of active device filters and
USBFilterCount is counted up only when a device filter is active.
Thus, we can remove USBFilterCount < def->nhostdevs safely.

Reported-by: Laine Stump <laine@laine.org>
Signed-off-by: Ryota Ozaki <ozaki.ryota@gmail.com>
2013-12-02 10:57:14 +08:00
Nehal J Wani
6c874c01a0 Fix memory leak in virNWFilterDefParseXML()
While running nwfilterxml2xmltest, it was found that valgrind pointed out the
following error...

==7466== 16 bytes in 1 blocks are definitely lost in loss record 26 of 90
==7466==    at 0x4A06B6F: calloc (vg_replace_malloc.c:593)
    ==7466==    by 0x4C651AD: virAlloc (viralloc.c:142)
    ==7466==    by 0x4D0450D: virNWFilterDefParseNode (nwfilter_conf.c:2575)
    ==7466==    by 0x4D05D84: virNWFilterDefParse (nwfilter_conf.c:2647)
    ==7466==    by 0x401FDE: testCompareXMLToXMLHelper (nwfilterxml2xmltest.c:39)
    ==7466==    by 0x402DE1: virtTestRun (testutils.c:138)
    ==7466==    by 0x4018E9: mymain (nwfilterxml2xmltest.c:111)
    ==7466==    by 0x403482: virtTestMain (testutils.c:593)
    ==7466==    by 0x341F421A04: (below main) (libc-start.c:225)

...21 times, which are related to 21 tests in nwfilterxml2xmltest.c which sent
EXPECT_WARN = false. There were two scenarios in virNWFilterDefParseXML(),
when the variable 'entry' was malloc'ed, but not freed.
2013-12-02 10:39:44 +08:00
Nehal J Wani
2cfcd2ccd0 Fix memory leak in virDomainDefParseXML()
This patch fixes the memory leaks found while running qemuxml2argvtest

==8260== 3 bytes in 1 blocks are definitely lost in loss record 1 of
129
==8260==    at 0x4A0887C: malloc (vg_replace_malloc.c:270)
==8260==    by 0x341F485E21: strdup (strdup.c:42)
==8260==    by 0x4CADCFF: virStrdup (virstring.c:554)
==8260==    by 0x4CBB839: virXPathString (virxml.c:90)
==8260==    by 0x4CE753A: virDomainDefParseXML (domain_conf.c:11478)
==8260==    by 0x4CEB4FE: virDomainDefParseNode (domain_conf.c:12742)
==8260==    by 0x4CEB675: virDomainDefParse (domain_conf.c:12684)
==8260==    by 0x425958: testCompareXMLToArgvHelper (qemuxml2argvtest.c:107)
==8260==    by 0x427111: virtTestRun (testutils.c:138)
==8260==    by 0x41D3FE: mymain (qemuxml2argvtest.c:452)
==8260==    by 0x4277B2: virtTestMain (testutils.c:593)
==8260==    by 0x341F421A04: (below main) (libc-start.c:225)
==8260==
==8260== 4 bytes in 1 blocks are definitely lost in loss record 5 of
129
==8260==    at 0x4A0887C: malloc (vg_replace_malloc.c:270)
==8260==    by 0x341F485E21: strdup (strdup.c:42)
==8260==    by 0x4CADCFF: virStrdup (virstring.c:554)
==8260==    by 0x4CBB839: virXPathString (virxml.c:90)
==8260==    by 0x4CE753A: virDomainDefParseXML (domain_conf.c:11478)
==8260==    by 0x4CEB4FE: virDomainDefParseNode (domain_conf.c:12742)
==8260==    by 0x4CEB675: virDomainDefParse (domain_conf.c:12684)
==8260==    by 0x425958: testCompareXMLToArgvHelper (qemuxml2argvtest.c:107)
==8260==    by 0x427111: virtTestRun (testutils.c:138)
==8260==    by 0x41D39A: mymain (qemuxml2argvtest.c:451)
==8260==    by 0x4277B2: virtTestMain (testutils.c:593)
==8260==    by 0x341F421A04: (below main) (libc-start.c:225)
==8260==
2013-12-02 10:34:52 +08:00
Daniel P. Berrange
262157f651 LXC: Ensure security context is set when mounting images
When setting up filesystems backed by block devices or file
images, the SELinux mount options must be used to ensure the
correct context is set

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-11-29 12:19:37 +00:00
Laine Stump
54f9492353 network: properly update iptables rules during net-update
This patch resolves:

  https://bugzilla.redhat.com/show_bug.cgi?id=1035336

The basic problem is that during a network update, the required
iptables rules sometimes change, and this was being handled by simply
removing and re-adding the rules. However, the removal of the old
rules was done based on the *new* state of the network, which would
mean that some of the rules would not match those currently in the
system, so the old rules wouldn't be removed.

This patch removes the old rules prior to updating the network
definition then adds the new rules as soon as the definition is
updated. Note that this could lead to a stray packet or two during the
interim, but that was already a problem before (the period of limbo is
now just slightly longer).

While moving the location for the rules, I added a few more sections
that should result in the iptables rules being redone:

DHCP_RANGE and DHCP_HOST - these are needed because adding/removing a dhcp
host entry could lead to the dhcp service being started/stopped, which
would require that the mangle rule that fixes up dhcp response
checksums sould need to be added/removed, and this wasn't being done.
2013-11-28 16:55:20 +02:00
Daniel P. Berrange
84fd470d3d Fix bug in identifying sub-mounts
The code for extracting sub-mounts would just do a STRPREFIX
check on the mount. This was flawed because if there were
the following mounts

 /etc/aliases
 /etc/aliases.db

and '/etc/aliases' was asked for, it would return both even
though the latter isn't a sub-mount.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-11-28 11:49:01 +00:00
Daniel P. Berrange
d45b833d14 Pull lxcContainerGetSubtree out into shared virfile module
Move the code for lxcContainerGetSubtree into the virfile
module creating 2 new functions

  int virFileGetMountSubtree(const char *mtabpath,
                             const char *prefix,
                             char ***mountsret,
                             size_t *nmountsret);
  int virFileGetMountReverseSubtree(const char *mtabpath,
                                    const char *prefix,
                                    char ***mountsret,
                                    size_t *nmountsret);

Add a new virfiletest.c test case to validate the new code.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-11-28 11:49:01 +00:00
Daniel P. Berrange
c60a2713d6 Introduce standard methods for sorting strings with qsort
Add virStringSortCompare and virStringSortRevCompare as
standard functions to use with qsort.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-11-28 11:29:46 +00:00
Peter Krempa
69d20452ce conf: Export virStorageVolType enum helper functions
Export string conversion from and to the virStorageVolType enum.
2013-11-27 15:17:21 +01:00
Eric Blake
c8b8b50c3b storage: skip selinux cleanup when fd not available
When attempting to backport gluster pools to an older versoin
where there is no VIR_STRDUP, I got a crash from calling
strdup(,NULL). Rather than relying on the current else branch
safely doing nothing when there is no fd, it is easier to just
skip it. While at it, there's no need to explicitly set
perms.label to NULL after a VIR_FREE().

* src/storage/storage_backend.c
(virStorageBackendUpdateVolTargetInfoFD): Minor optimization.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-27 06:08:28 -07:00
Bing Bu Cao
8e043864ec qemu: preserve netdev MAC address during 'domxml-to-native'
The virsh command 'domxml-to-native' (virConnectDomainXMLToNative())
converts all network devices to "type='ethernet'" in order to make it
more likely that the generated command could be run directly from a
shell (other libvirt network device types end up referencing file
descriptors for tap devices assumed to have been created by libvirt,
which can't be done in this case).

During this conversion, all of the netdev parameters are cleared out,
then specific items are filled in after changing the type. The MAC
address was not one of these preserved items, and the result was that
mac addresses in the generated commandlines were always
00:00:00:00:00:00.

This patch saves the mac address before the conversion, then
repopulates it afterwards, so the proper mac addresses show up in the
commandline.

Signed-off-by: Bing Bu Cao <mars@linux.vnet.ibm.com>
Signed-off-by: Laine Stump <laine@laine.org>
2013-11-27 14:20:18 +02:00
Eric Blake
655ea8dc02 storage: don't read storage volumes in nonblock mode
Commit 348b4e2 introduced a potential problem (thankfully not
in any release): we are attempting to use virFileReadHeaderFD()
on a file that was opened with O_NONBLOCK.  While this
shouldn't be a problem in practice (because O_NONBLOCK
typically doesn't affect regular or block files, and fifos and
sockets cannot be storage volumes), it's better to play it safe
to avoid races from opening an unexpected file type while also
avoiding problems with having to handle EAGAIN while read()ing.

Based on a report by Dan Berrange.

* src/storage/storage_backend.c
(virStorageBackendVolOpenCheckMode): Fix up fd after avoiding race.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-26 13:43:44 -07:00
Gao feng
f575fda748 LXC: don't unmount mounts for shared root
Also after commit 5ff9d8a65ce80efb509ce4e8051394e9ed2cd942
vfs: Lock in place mounts from more privileged users,

unprivileged user has no rights to umount the mounts that
inherited from parent mountns.

right now, I have no good idea to fix this problem, we need
to do more research. this patch just skip unmounting these
mounts for shared root.

BTW, I think when libvirt lxc enables user namespace, the
configuation that shares root with host is very rara.

Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
2013-11-26 15:55:47 +00:00
Gao feng
46f2d16f07 LXC: fix the problem that libvirt lxc fail to start on latest kernel
After kernel commit 5ff9d8a65ce80efb509ce4e8051394e9ed2cd942
vfs: Lock in place mounts from more privileged users,

unprivileged user has no rights to move the mounts that
inherited from parent mountns. we use this feature to move
the /stateDir/domain-name.{dev, devpts} to the /dev/ and
/dev/pts directroy of container. this commit breaks libvirt lxc.

this patch changes the behavior to bind these mounts when
user namespace is enabled and move these mounts when user
namespace is disabled.

Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
2013-11-26 12:22:25 +00:00
Christophe Fergeau
78e9096865 sasl: Replace 'restep' label with 'continue'
Since the label is at the beginning of the loop, this has the same effect.
2013-11-26 11:52:58 +01:00
Christophe Fergeau
0955025b9c sasl: Fix authentication when using PLAIN mechanism
With some authentication mechanism (PLAIN for example), sasl_client_start()
can return SASL_OK, which translates to virNetSASLSessionClientStart()
returning VIR_NET_SASL_COMPLETE.
cyrus-sasl documentation is a bit vague as to what to do in such situation,
but upstream clarified this a bit in
http://asg.andrew.cmu.edu/archive/message.php?mailbox=archive.cyrus-sasl&msg=10104

When we got VIR_NET_SASL_COMPLETE after virNetSASLSessionClientStart() and
if the remote also tells us that authentication is complete, then we should
end the authentication procedure rather than forcing a call to
virNetSASLSessionClientStep(). Without this patch, when trying to use SASL
PLAIN, I get:
error :authentication failed : Failed to step SASL negotiation: -1
(SASL(-1): generic failure: Unable to find a callback: 32775)

This patch is based on a spice-gtk patch by Dietmar Maurer.
2013-11-26 11:52:58 +01:00
Christophe Fergeau
986900a5af Fix invalid read in virNetSASLSessionClientStep debug log
virNetSASLSessionClientStep logs the data that is going to be passed to
sasl_client_step as input data. However, it tries to log it as a string,
while there is no guarantee that this data is going to be nul-terminated.
This leads to this valgrind log:

==20938== Invalid read of size 1
==20938==    at 0x8BDB08F: vfprintf (vfprintf.c:1635)
==20938==    by 0x8C06DF2: vasprintf (vasprintf.c:62)
==20938==    by 0x4CCEDF9: virVasprintfInternal (virstring.c:337)
==20938==    by 0x4CA9516: virLogVMessage (virlog.c:842)
==20938==    by 0x4CA939A: virLogMessage (virlog.c:778)
==20938==    by 0x4E21E0D: virNetSASLSessionClientStep (virnetsaslcontext.c:458)
==20938==    by 0x4DE47B8: remoteAuthSASL (remote_driver.c:4136)
==20938==    by 0x4DE33AE: remoteAuthenticate (remote_driver.c:3635)
==20938==    by 0x4DDBFAA: doRemoteOpen (remote_driver.c:832)
==20938==    by 0x4DDC8BA: remoteConnectOpen (remote_driver.c:1027)
==20938==    by 0x4D8595F: do_open (libvirt.c:1239)
==20938==    by 0x4D863F3: virConnectOpenAuth (libvirt.c:1481)
==20938==    by 0x12762B: vshReconnect (virsh.c:337)
==20938==    by 0x12C9B0: vshInit (virsh.c:2470)
==20938==    by 0x12E9A5: main (virsh.c:3338)
==20938==  Address 0xe329ccd is 0 bytes after a block of size 141 alloc'd
==20938==    at 0x4A081D4: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==20938==    by 0x8CB91B4: xdr_array (xdr_array.c:94)
==20938==    by 0x4E039C2: xdr_remote_auth_sasl_start_ret (remote_protocol.c:3134)
==20938==    by 0x4E1F8AA: virNetMessageDecodePayload (virnetmessage.c:405)
==20938==    by 0x4E119F5: virNetClientProgramCall (virnetclientprogram.c:377)
==20938==    by 0x4DF8141: callFull (remote_driver.c:5794)
==20938==    by 0x4DF821A: call (remote_driver.c:5816)
==20938==    by 0x4DE46CF: remoteAuthSASL (remote_driver.c:4112)
==20938==    by 0x4DE33AE: remoteAuthenticate (remote_driver.c:3635)
==20938==    by 0x4DDBFAA: doRemoteOpen (remote_driver.c:832)
==20938==    by 0x4DDC8BA: remoteConnectOpen (remote_driver.c:1027)
==20938==    by 0x4D8595F: do_open (libvirt.c:1239)
==20938==    by 0x4D863F3: virConnectOpenAuth (libvirt.c:1481)
==20938==    by 0x12762B: vshReconnect (virsh.c:337)
==20938==    by 0x12C9B0: vshInit (virsh.c:2470)
==20938==    by 0x12E9A5: main (virsh.c:3338)
2013-11-26 11:52:58 +01:00
Christophe Fergeau
13fdc6d63e Tie SASL callbacks lifecycle to virNetSessionSASLContext
The array of sasl_callback_t callbacks which is passed to sasl_client_new()
must be kept alive as long as the created sasl_conn_t object is alive as
cyrus-sasl uses this structure internally for things like logging, so
the memory used for callbacks must only be freed after sasl_dispose() has
been called.

During testing of successful SASL logins with
virsh -c qemu+tls:///system list --all
I've been getting invalid read reports from valgrind

==9237== Invalid read of size 8
==9237==    at 0x6E93B6F: _sasl_getcallback (common.c:1745)
==9237==    by 0x6E95430: _sasl_log (common.c:1850)
==9237==    by 0x16593D87: digestmd5_client_mech_dispose (digestmd5.c:4580)
==9237==    by 0x6E91653: client_dispose (client.c:332)
==9237==    by 0x6E9476A: sasl_dispose (common.c:851)
==9237==    by 0x4E225A1: virNetSASLSessionDispose (virnetsaslcontext.c:678)
==9237==    by 0x4CBC551: virObjectUnref (virobject.c:262)
==9237==    by 0x4E254D1: virNetSocketDispose (virnetsocket.c:1042)
==9237==    by 0x4CBC551: virObjectUnref (virobject.c:262)
==9237==    by 0x4E2701C: virNetSocketEventFree (virnetsocket.c:1794)
==9237==    by 0x4C965D3: virEventPollCleanupHandles (vireventpoll.c:583)
==9237==    by 0x4C96987: virEventPollRunOnce (vireventpoll.c:652)
==9237==    by 0x4C94730: virEventRunDefaultImpl (virevent.c:274)
==9237==    by 0x12C7BA: vshEventLoop (virsh.c:2407)
==9237==    by 0x4CD3D04: virThreadHelper (virthreadpthread.c:161)
==9237==    by 0x7DAEF32: start_thread (pthread_create.c:309)
==9237==    by 0x8C86EAC: clone (clone.S:111)
==9237==  Address 0xe2d61b0 is 0 bytes inside a block of size 168 free'd
==9237==    at 0x4A07577: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==9237==    by 0x4C73827: virFree (viralloc.c:580)
==9237==    by 0x4DE4BC7: remoteAuthSASL (remote_driver.c:4219)
==9237==    by 0x4DE33D0: remoteAuthenticate (remote_driver.c:3639)
==9237==    by 0x4DDBFAA: doRemoteOpen (remote_driver.c:832)
==9237==    by 0x4DDC8DC: remoteConnectOpen (remote_driver.c:1031)
==9237==    by 0x4D8595F: do_open (libvirt.c:1239)
==9237==    by 0x4D863F3: virConnectOpenAuth (libvirt.c:1481)
==9237==    by 0x12762B: vshReconnect (virsh.c:337)
==9237==    by 0x12C9B0: vshInit (virsh.c:2470)
==9237==    by 0x12E9A5: main (virsh.c:3338)

This commit changes virNetSASLSessionNewClient() to take ownership of the SASL
callbacks. Then we can free them in virNetSASLSessionDispose() after the corresponding
sasl_conn_t has been freed.
2013-11-26 11:52:58 +01:00
Christophe Fergeau
c7cdc9b01c remote: Don't leak priv->tls object on connection failure
When testing SASL authentication over TLS with
virsh -c qemu+tls:///system list --all
I got this valgrind trace after entering wrong credentials:

==30540== 26,903 (88 direct, 26,815 indirect) bytes in 1 blocks are definitely lost in loss record 289 of 293
==30540==    at 0x4A081D4: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==30540==    by 0x4C7379A: virAllocVar (viralloc.c:558)
==30540==    by 0x4CBC178: virObjectNew (virobject.c:190)
==30540==    by 0x4CBC329: virObjectLockableNew (virobject.c:216)
==30540==    by 0x4E2D003: virNetTLSContextNew (virnettlscontext.c:719)
==30540==    by 0x4E2DC3F: virNetTLSContextNewPath (virnettlscontext.c:930)
==30540==    by 0x4E2DD5B: virNetTLSContextNewClientPath (virnettlscontext.c:957)
==30540==    by 0x4DDB618: doRemoteOpen (remote_driver.c:627)
==30540==    by 0x4DDC8BA: remoteConnectOpen (remote_driver.c:1031)
==30540==    by 0x4D8595F: do_open (libvirt.c:1239)
==30540==    by 0x4D863F3: virConnectOpenAuth (libvirt.c:1481)
==30540==    by 0x12762B: vshReconnect (virsh.c:337)
==30540==    by 0x12C9B0: vshInit (virsh.c:2470)
==30540==    by 0x12E9A5: main (virsh.c:3338)
2013-11-26 11:52:58 +01:00
Yuri Chornoivan
73a03e3063 Fix three minor typos 2013-11-26 18:37:09 +08:00
Eric Blake
053f45f8f6 storage: fix typo in previous patch
You'd think I'd learn to actually COMMIT my working tree
between testing that a last-minute fix compiles and pushing.

* src/storage/storage_backend_gluster.c
(virStorageBackendGlusterRefreshVol): Typo fix.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-25 14:45:46 -07:00
Eric Blake
14daa81280 storage: probe qcow2 volumes in gluster pool
Putting together pieces from previous patches, it is now possible
for 'virsh vol-dumpxml --pool gluster volname' to report metadata
about a qcow2 file stored on gluster.  The backing file is still
treated as raw; to fix that, more patches are needed to make the
storage backing chain analysis recursive rather than halting at
a network protocol name, but that work will not need any further
calls into libgfapi so much as just reusing this code, and that
should be the only code outside of the storage driver that needs
any help from libgfapi.  Any additional use of libgfapi within
libvirt should only be needed for implementing storage pool APIs
such as volume creation or resizing, where backing chain analysis
should be unaffected.

* src/storage/storage_backend_gluster.c
(virStorageBackendGlusterReadHeader): New helper function.
(virStorageBackendGlusterRefreshVol): Probe non-raw files.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-25 13:48:23 -07:00
Eric Blake
79eb21f976 storage: improve handling of symlinks in gluster
With this patch, dangling and looping symlinks are silently
ignored, while links to files and directories are treated the
same as the underlying file or directory.  This is the same
behavior as both 'directory' and 'netfs' pools.

* src/storage/storage_backend_gluster.c
(virStorageBackendGlusterRefreshVol): Treat symlinks similar to
directory and netfs pools.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-25 12:51:33 -07:00
Eric Blake
13e738cc0a storage: improve allocation stats reported on gluster files
We already had code for handling allocation different than
capacity for sparse files; we just had to wire it up to be
used when inspecting gluster images.

* src/storage/storage_backend.c
(virStorageBackendUpdateVolTargetInfoFD): Handle no fd.
* src/storage/storage_backend_gluster.c
(virStorageBackendGlusterRefreshVol): Handle sparse files.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-25 12:50:02 -07:00
Eric Blake
1458b2e963 storage: improve directory support in gluster pool
Take advantage of the previous patch's addition of 'netdir' as
a distinct volume type, to expose rather than silently skip
directories embedded in a gluster pool.  Also serves as an XML
validation for the previous patch.

* src/storage/storage_backend_gluster.c
(virStorageBackendGlusterRefreshVol): Don't skip directories.
* tests/storagevolxml2xmltest.c (mymain): Add test.
* tests/storagevolxml2xmlin/vol-gluster-dir.xml: New file.
* tests/storagevolxml2xmlout/vol-gluster-dir.xml: Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-25 12:46:19 -07:00
Eric Blake
ecd881b7a7 storage: add network-dir as new storage volume type
In the 'directory' and 'netfs' storage pools, a user can see
both 'file' and 'dir' storage volume types, to know when they
can descend into a subdirectory.  But in a network-based storage
pool, such as the upcoming 'gluster' pool, we use 'network'
instead of 'file', and did not have any counterpart for a
directory until this patch.  Adding a new volume type
'network-dir' is better than reusing 'dir', because it makes
it clear that the only way to access 'network' volumes within
that container is through the network mounting (leaving 'dir'
for something accessible in the local file system).

* include/libvirt/libvirt.h.in (virStorageVolType): Expand enum.
* docs/formatstorage.html.in: Document it.
* docs/schemasa/storagevol.rng (vol): Allow new value.
* src/conf/storage_conf.c (virStorageVol): Use new value.
* src/qemu/qemu_command.c (qemuBuildVolumeString): Fix client.
* src/qemu/qemu_conf.c (qemuTranslateDiskSourcePool): Likewise.
* tools/virsh-volume.c (vshVolumeTypeToString): Likewise.
* src/storage/storage_backend_fs.c
(virStorageBackendFileSystemVolDelete): Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-25 12:29:49 -07:00
Eric Blake
efee1af54a storage: implement rudimentary glusterfs pool refresh
Actually put gfapi to use, by allowing the creation of a gluster
pool.  Right now, all volumes are treated as raw and directories
are skipped; further patches will allow peering into files to
allow for qcow2 files and backing chains, and reporting proper
volume allocation.  This implementation was tested against Fedora
19's glusterfs 3.4.1; it might be made simpler by requiring a
higher minimum, and/or require more hacks to work with a lower
minimum.

* src/storage/storage_backend_gluster.c
(virStorageBackendGlusterRefreshPool): Initial implementation.
(virStorageBackendGlusterOpen, virStorageBackendGlusterClose)
(virStorageBackendGlusterRefreshVol): New helper functions.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-25 11:56:51 -07:00
Eric Blake
318ea3cb77 storage: initial support for linking with libgfapi
We support gluster volumes in domain XML, so we also ought to
support them as a storage pool.  Besides, a future patch will
want to take advantage of libgfapi to handle the case of a
gluster device holding qcow2 rather than raw storage, and for
that to work, we need a storage backend that can read gluster
storage volume contents.  This sets up the framework.

Note that the new pool is named 'gluster' to match a
<disk type='network'><source protocol='gluster'> image source
already supported in a <domain>; it does NOT match the
<pool type='netfs'><source><target type='glusterfs'>,
since that uses a FUSE mount to a local file name rather than
a network name.

This and subsequent patches have been tested against glusterfs
3.4.1 (available on Fedora 19); there are likely bugs in older
versions that may prevent decent use of gfapi, so this patch
enforces the minimum version tested.  A future patch may lower
the minimum.  On the other hand, I hit at least two bugs in
3.4.1 that will be fixed in 3.5/3.4.2, where it might be worth
raising the minimum: glfs_readdir is nicer to use than
glfs_readdir_r [1], and glfs_fini should only return failure on
an actual failure [2].

[1] http://lists.gnu.org/archive/html/gluster-devel/2013-10/msg00085.html
[2] http://lists.gnu.org/archive/html/gluster-devel/2013-10/msg00086.html

* configure.ac (WITH_STORAGE_GLUSTER): New conditional.
* m4/virt-gluster.m4: new file.
* libvirt.spec.in (BuildRequires): Support gluster in spec file.
* src/conf/storage_conf.h (VIR_STORAGE_POOL_GLUSTER): New pool
type.
* src/conf/storage_conf.c (poolTypeInfo): Treat similar to
sheepdog and rbd.
(virStoragePoolDefFormat): Don't output target for gluster.
* src/storage/storage_backend_gluster.h: New file.
* src/storage/storage_backend_gluster.c: Likewise.
* po/POTFILES.in: Add new file.
* src/storage/storage_backend.c (backends): Register new type.
* src/Makefile.am (STORAGE_DRIVER_GLUSTER_SOURCES): Build new files.
* src/storage/storage_backend.h (_virStorageBackend): Documet
assumption.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-25 11:02:52 -07:00
Eric Blake
1b5c8d4cbc storage: expose volume meta-type in XML
I got annoyed at having to use both 'virsh vol-list $pool --details'
AND 'virsh vol-dumpxml $vol $pool' to learn if I had populated
the volume correctly.  Since two-thirds of the data present in
virStorageVolGetInfo() already appears in virStorageVolGetXMLDesc(),
this just adds the remaining piece of information, as:

<volume type='...'>
  ...
</volume>

* docs/formatstorage.html.in: Document new <volume type=...>.
* docs/schemas/storagevol.rng (vol): Add it to RelaxNG.
* src/conf/storage_conf.h (virStorageVolTypeToString): Declare.
* src/conf/storage_conf.c (virStorageVolTargetDefFormat): Output
the metatype.
(virStorageVolDefParseXML): Parse it, for unit tests.
* tests/storagevolxml2xmlout/vol-*.xml: Update tests to match.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-25 10:55:19 -07:00
Shivaprasad G Bhat
ec1c34498b virsh domxml-from-native to treat SCSI as the bus type for pseries by default
The bus type IDE being enum Zero, the bus type on pseries system appears as IDE for all the -hda/-cdrom and for disk drives with if="none" type. Pseries platform needs this to appear as SCSI instead of IDE. The ide being not supported, the explicit requests for ide devices will return an error.

Signed-off-by: Shivaprasad G Bhat <sbhat@linux.vnet.ibm.com>
2013-11-25 10:44:46 -05:00
Eric Blake
d68f16447d maint: next release is 1.2.0
I didn't find any other instances with:
git grep '1\.1\.5'

* src/test/test_driver.c (testDriver): Tweak version info.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-25 07:31:08 -07:00
Ryota Ozaki
c677ee8529 vbox: add support for 4.3 APIs
Makefile.am, vbox_V4_3.c and vbox_driver.c do regular
modifitions to support a new version of APIs.

vbox_tmpl.c basically fixes incompatibilities since 4.2.

The affected incompatibilities of 4.3 are:
* IMachine::Delete() has been renamed to IMachine::deleteConfig()
* IMedium::CreateBaseStorage() now accepts multiple variant values
* IDisplay::GetScreenResolution() now returns the display position
  in the guest
* IMachine now has multiple IUSBControllers and IUSBDeviceFilters
  handles USB device filters instead of (obsolete) IUSBController

This patch is tested on Mac OS X 10.8.5 and Fedora 19.

Signed-off-by: Ryota Ozaki <ozaki.ryota@gmail.com>
2013-11-25 13:25:37 +02:00
Ryota Ozaki
f6a5fba2dc vbox: import vbox_CAPI_v4_3.h from SDK
vbox_CAPI_v4_3.h is almost same as
sdk/bindings/xpcom/include/VBoxCAPI_v4_3.h of
http://download.virtualbox.org/virtualbox/4.3.2/VirtualBoxSDK-4.3.2-90405.zip,
but modified to fix preprocessor indentations by using cppi.

Signed-off-by: Ryota Ozaki <ozaki.ryota@gmail.com>
2013-11-25 13:25:12 +02:00
Ryota Ozaki
0518502109 vbox: pull vboxHostDeviceGetXMLDesc out from vboxDomainGetXMLDesc
The USB-related code in vboxDomainGetXMLDesc is deeply nested and
difficult to add new code. So flatten it. To do so, the code is
pulled out from vboxDomainGetXMLDesc to make the function short
and to leaverage early return and goto for error handling.

Signed-off-by: Ryota Ozaki <ozaki.ryota@gmail.com>
2013-11-25 13:03:35 +02:00
Ryota Ozaki
1868b4574e vbox: cleanup vboxAttachUSB
This cleanup flattens deeply nested code.

Signed-off-by: Ryota Ozaki <ozaki.ryota@gmail.com>
2013-11-25 13:03:35 +02:00
Chen Hanxiao
55d1285ef4 lxc: don't do duplicate work when getting pagesize
Don't do duplicate work when getting pagesize.

Signed-off-by: Chen Hanxiao <chenhanxiao@cn.fujitsu.com>
2013-11-25 10:52:50 +01:00
Ján Tomko
9846402116 Don't start a nested job in qemuMigrationPrepareAny
This nested job is canceled by the first ExitMonitor call (even though
it was not created by the corresponding EnterMonitor call), and
again in qemuMigrationPrepareAny if qemuProcessStart failed.
This can lead to a crash if the vm object was disposed of before calling
qemuDomainRemoveInactive:
0  ..62bc in virClassIsDerivedFrom (klass=0xdeadbeef,
   parent=0x7ffce4cdd270) at util/virobject.c:166
1 ..6666 in virObjectIsClass at util/virobject.c:362
2 ..66b4 in virObjectLock at util/virobject.c:314
3 ..477e in virDomainObjListRemove at conf/domain_conf.c:2359
4 ..7a64 in qemuDomainRemoveInactive at qemu/qemu_domain.c:2087
5 ..956c in qemuMigrationPrepareAny at qemu/qemu_migration.c:2469

This was added by commit e4e2822, exposed by 5a4c237 and c7ac251.

https://bugzilla.redhat.com/show_bug.cgi?id=1018267
2013-11-22 16:22:31 +01:00
Michal Privoznik
cc38d68dc1 virDomainReboot: Document that migration might be unsafe
https://bugzilla.redhat.com/show_bug.cgi?id=744967

If a domain is rebooting and a migrate API is called meanwhile we would
have to transfer the fakeReboot attribute to the destination in order to
prevent domain doing plain shutdown over there. We shouldn't try to do
anything clever about it other than documenting this as a known
limitation.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-11-22 08:17:30 +01:00
Eric Blake
6cc4d6a3fe storage: use valid XML for awkward volume names
$ touch /var/lib/libvirt/images/'a<b>c'
$ virsh pool-refresh default
$ virsh vol-dumpxml 'a<b>c' default | head -n2
<volume>
  <name>a<b>c</name>

Oops.  That's not valid XML.  And when we fix the XML
generation, it fails RelaxNG validation.

I'm also tired of seeing <key>(null)</key> in the example
output for volume xml; while we used NULLSTR() to avoid
a NULL deref rather than relying on glibc's printf
extension behavior, it's even better if we avoid the issue
in the first place.  But this requires being careful that
we don't invalidate any storage backends that were relying
on key being unassigned during virStoragVolCreateXML[From].

I would have split this into two patches (one for escaping,
one for avoiding <key>(null)</key>), but since they both
end up touching a lot of the same test files, I ended up
merging it into one.

Note that this patch allows pretty much any volume name
that can appear in a directory (excluding . and .. because
those are special), but does nothing to change the current
(unenforced) RelaxNG claim that pool names will consist
only of letters, numbers, _, -, and +.  Tightening the C
code to match RelaxNG patterns and/or relaxing the grammar
to match the C code for pool names is a task for another
day (but remember, we DID recently tighten C code for
domain names to exclude a leading '.').

* src/conf/storage_conf.c (virStoragePoolSourceFormat)
(virStoragePoolDefFormat, virStorageVolTargetDefFormat)
(virStorageVolDefFormat): Escape user-controlled strings.
(virStorageVolDefParseXML): Parse key, for use in unit tests.
* src/storage/storage_driver.c (storageVolCreateXML)
(storageVolCreateXMLFrom): Ensure parsed key doesn't confuse
volume creation.
* docs/schemas/basictypes.rng (volName): Relax definition.
* tests/storagepoolxml2xmltest.c (mymain): Test it.
* tests/storagevolxml2xmltest.c (mymain): Likewise.
* tests/storagepoolxml2xmlin/pool-dir-naming.xml: New file.
* tests/storagepoolxml2xmlout/pool-dir-naming.xml: Likewise.
* tests/storagevolxml2xmlin/vol-file-naming.xml: Likewise.
* tests/storagevolxml2xmlout/vol-file-naming.xml: Likewise.
* tests/storagevolxml2xmlout/vol-*.xml: Fix fallout.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-21 17:29:47 -07:00
Wangyufei (A)
09f2395217 docs: delete extra character
delete extra character 'p' from the comment of virInterfaceCreate

Signed-off-by: Wang Yufei <james.wangyufei@huawei.com>
2013-11-21 11:53:59 +01:00
Eric Farman
881eb78064 qemu: Auto-generate controller for hotplugged hostdev
If a SCSI hostdev is included in an initial domain XML, without a
corresponding controller statement, one is created silently when the
guest is booted.

When hotplugging a SCSI hostdev, a presumption is that the controller
is already present in the domain either from the original XML, or via
an earlier hotplug.

  [root@xxxxxxxx ~]# cat disk.xml
  <hostdev mode='subsystem' type='scsi'>
    <source>
      <adapter name='scsi_host0'/>
      <address bus='0' target='3' unit='1088438288'/>
    </source>
  </hostdev>
  [root@xxxxxxxx ~]# virsh attach-device guest01 disk.xml
  error: Failed to attach device from disk.xml
  error: internal error: unable to execute QEMU command 'device_add': Bus 'scsi0.0' not found

Since the infrastructure is in place, we can also create a controller
silently for use by the hotplugged hostdev device.

Signed-off-by: Eric Farman <farman@linux.vnet.ibm.com>
2013-11-21 10:38:57 +01:00
Eric Farman
6f22f95f77 qemu: Separate calls based on controller bus type
For systems without a PCI bus, attaching a SCSI controller fails:

  [root@xxxxxxxx ~]# cat controller.xml
  <controller type='scsi' model='virtio-scsi' index='0' />
  [root@xxxxxxxx ~]# virsh attach-device guest01 controller.xml
  error: Failed to attach device from controller.xml
  error: XML error: No PCI buses available

A similar problem occurs with the detach of a controller:

  [root@xxxxxxxx ~]# virsh detach-device guest01 controller.xml
  error: Failed to detach device from controller.xml
  error: operation failed: controller scsi:0 not found

The qemuDomainXXtachPciControllerDevice routines made assumptions
that any caller had a PCI bus.  These routines now selectively calls
PCI functions where necessary, and assigns the device information
type to one appropriate for the bus in use.

Signed-off-by: Eric Farman <farman@linux.vnet.ibm.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2013-11-21 10:38:53 +01:00
Eric Farman
271eb0584b qemu: Rename controller hotplug functions to not be PCI-specific
For attach/detach of controller devices, we rename the functions to
remove 'PCI' from their title.  The actual separation of PCI-specific
operations will be handled in the next patch.

Signed-off-by: Eric Farman <farman@linux.vnet.ibm.com>
2013-11-21 10:05:46 +01:00
Osier Yang
b96651dec0 storage: Returns earlier if source adapter of the scsi pool is a HBA
It makes no sense to go forward to get the parent host number of a
HBA, and treat the HBA as a vHBA with trying to delete it.

Signed-off-by: Osier Yang <jyang@redhat.com>
2013-11-21 12:06:20 +08:00
Clark Laughlin
c7ccd2c44b qemu: Add support for virt machine type with virtio-mmio devices on armv7
These changes allow the correct virtio-blk-device and virtio-net-device
devices to be used for the 'virt' machine type for armv7 rather than the
PCI virtio devices.

A test case was added to qemuxml2argvtest for this change.

Signed-off-by: Clark Laughlin <clark.laughlin@linaro.org>
2013-11-20 14:31:17 -05:00
Eric Blake
e44a9a70d3 maint: fix comma style issues: remaining code
Most of our code base uses space after comma but not before;
fix the remaining uses before adding a syntax check.

* src/network/bridge_driver.c: Consistently use commas.
* src/node_device/node_device_hal.c: Likewise.
* src/node_device/node_device_udev.c: Likewise.
* src/storage/storage_backend_rbd.c: Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-20 09:14:55 -07:00
Eric Blake
64b2335c2a maint: fix comma style issues: remaining drivers
Most of our code base uses space after comma but not before;
fix the remaining uses before adding a syntax check.

* src/lxc/lxc_container.c: Consistently use commas.
* src/openvz/openvz_driver.c: Likewise.
* src/openvz/openvz_util.c: Likewise.
* src/remote/remote_driver.c: Likewise.
* src/test/test_driver.c: Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-20 09:14:55 -07:00
Eric Blake
eeed3bc63c maint: fix comma style issues: vbox
Most of our code base uses space after comma but not before;
fix the remaining uses before adding a syntax check.

* src/vbox/vbox_tmpl.c: Consistently use commas.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-20 09:14:55 -07:00
Eric Blake
c7c84fa54a maint: fix comma style issues: util
Most of our code base uses space after comma but not before;
fix the remaining uses before adding a syntax check.

* src/util/vircommand.c: Consistently use commas.
* src/util/virlog.c: Likewise.
* src/util/virnetdevbandwidth.c: Likewise.
* src/util/virnetdevmacvlan.c: Likewise.
* src/util/virnetdevvportprofile.c: Likewise.
* src/util/virnetlink.c: Likewise.
* src/util/virpci.c: Likewise.
* src/util/virsysinfo.c: Likewise.
* src/util/virusb.c: Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-20 09:14:55 -07:00
Eric Blake
5d509e9ee2 maint: fix comma style issues: qemu
Most of our code base uses space after comma but not before;
fix the remaining uses before adding a syntax check.

* src/qemu/qemu_cgroup.c: Consistently use commas.
* src/qemu/qemu_command.c: Likewise.
* src/qemu/qemu_conf.c: Likewise.
* src/qemu/qemu_driver.c: Likewise.
* src/qemu/qemu_monitor.c: Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-20 09:14:55 -07:00
Eric Blake
86f6748bda maint: fix comma style issues: xen
Most of our code base uses space after comma but not before;
fix the remaining uses before adding a syntax check.

* src/libxl/libxl_driver.c: Consistently use commas.
* src/xen/xend_internal.c: Likewise.
* src/xen/xs_internal.c: Likewise.
* src/xenapi/xenapi_driver.c: Likewise.
* src/xenapi/xenapi_utils.c: Likewise.
* src/xenxs/xen_sxpr.c: Likewise.
* src/xenxs/xen_xm.c: Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-20 09:14:54 -07:00
Eric Blake
6f4901e13b maint: fix comma style issues: conf
Most of our code base uses space after comma but not before;
fix the remaining uses before adding a syntax check.

* src/conf/capabilities.c: Consistently use commas.
* src/conf/domain_conf.c: Likewise.
* src/conf/network_conf.c: Likewise.
* src/conf/storage_conf.c: Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-20 09:14:54 -07:00
Eric Blake
f56903366f maint: fix comma style issues: nwfilter
Most of our code base uses space after comma but not before;
fix the remaining uses before adding a syntax check.

* src/nwfilter/nwfilter_ebiptables_driver.c: Consistently use
commas.
* src/nwfilter/nwfilter_gentech_driver.c: Likewise.
* src/nwfilter/nwfilter_learnipaddr.c: Likewise.
* src/conf/nwfilter_conf.c: Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-20 09:14:54 -07:00
Daniel P. Berrange
2b510e4903 Fix off-by-1 in default SELinux MCS range
For a while we're have random failures of 'securityselinuxtest'
which were not at all reproducible. Fortunately we finally
caught a failure with VIR_TEST_DEBUG=1 enabled. This revealed

TEST: securityselinuxtest
 1) GenLabel "dynamic unconfined, s0, c0.c1023"                       ... OK
 2) GenLabel "dynamic unconfined, s0, c0.c1023"                       ... OK
 3) GenLabel "dynamic unconfined, s0, c0.c1023"                       ... OK
 4) GenLabel "dynamic virtd, s0, c0.c1023"                            ... OK
 5) GenLabel "dynamic virtd, s0, c0.c10"                              ... OK
 6) GenLabel "dynamic virtd, s2-s3, c0.c1023"                         ... OK
 7) GenLabel "dynamic virtd, missing range"                           ... Category two 1024 is out of range 0-1023
FAILED
FAIL: securityselinuxtest

And sure enough we had an off-by-1 in the MCS range code when
the current process has no range set. The test suite randomly
allocates 2 categories from 0->1024 so the chances of hitting
this in the test suite were slim indeed :-)

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-11-20 13:09:00 +00:00
Ján Tomko
a18fa05a8f Remove redundant braces 2013-11-20 12:35:47 +01:00
Ján Tomko
c5d392748c Error out on unterminated arrays and objects in JSON parser 2013-11-20 12:35:44 +01:00
Eric Blake
6067b29a39 maint: ship .pl scripts as executables
All our .pl scripts had the executable bit set, except for one.
Make it consistent (even if we invoke the scripts as an argument
to $(PERL) rather than directly).

* src/check-aclrules.pl: Make executable.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-19 14:32:59 -07:00
Guido Günther
3c9e40a1e8 Don't depend on syslog.service
Syslog is socket activated since at least systemd v35 so we can drop
this dependency. Debian's linitian otherwise complains about it.

References:

    http://www.freedesktop.org/wiki/Software/systemd/syslog/
    http://lintian.debian.org/tags/systemd-service-file-refers-to-obsolete-target.html
2013-11-19 21:49:53 +01:00
Michal Privoznik
730af8f2cd qemuMonitorJSONGetCPUx86Data: Don't fail on ancient qemus
On the domain startup, this function is called to dump some info about
the CPUs. At the beginning of the function we check if we aren't running
older qemu which is not exposing the CPUs via 'qom-list'. However, we
are not checking for even older qemus, which throw 'CommandNotFound'
error.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-11-19 16:28:16 +01:00
Ryota Ozaki
8229e33adc vbox: fix segfault on virsh dumpxml with the existence of USB filters
A USB filter is stored in a hostdev. The original code doesn't
allocate hostdev->info that is expected to be allocated with hostdev.
So use virDomainHostdevDefAlloc() to allocate both as we expect.

Signed-off-by: Ryota Ozaki <ozaki.ryota@gmail.com>
2013-11-19 16:19:26 +02:00
Eric Blake
4a601c3080 maint: fix comment typos.
* src/qemu/qemu_command.c (qemuBuildVolumeString): Fix typo.
* src/qemu/qemu_monitor.c (qemuMonitorSend): Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-18 16:31:42 -07:00
Daniel P. Berrange
784bb73eaa Add missing 'return 0;' in stub lxcStartFuse() method impl.
Without a 'return 0' in the stub lxcStartFuse() method, the
compiler warns:

lxc/lxc_fuse.c:374: error: control reaches end of non-void function
[-Wreturn-type]

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-11-18 16:12:39 +00:00
Daniel P. Berrange
3563c51d3e Avoid async signal safety problem in glibc's setxid
The glibc setxid is supposed to be async signal safe, but
libc developers confirm that it is not. This causes a problem
when libvirt_lxc starts the FUSE thread and then runs clone()
to start the container. If the clone() was done before the
FUSE thread has completely started up, then the container
will hang in setxid after clone().

The fix is to avoid creating any threads until after the
container has been clone()'d. By avoiding any threads in
the parent, the child is no longer required to run in an
async signal safe context, and we thus avoid the glibc
bug.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-11-18 15:36:23 +00:00
Ján Tomko
8c41794af8 Return -1 in virPortAllocatorAcquire if all ports are used
Report the error in virPortAllocatorAcquire instead
of doing it in every caller.

The error contains the port range name instead of the intended
use for the port, e.g.:
Unable to find an unused port in range 'display' (65534-65535)
instead of:
Unable to find an unused port for SPICE

This also adds error reporting when the QEMU driver could not
find an unused port for VNC, VNC WebSockets or NBD migration.
2013-11-18 12:28:07 +01:00
Ján Tomko
d16d90fd40 Add a name to virPortAllocator
This allows its error messages to be more specific.
2013-11-18 12:28:02 +01:00
Ján Tomko
28ea39a004 Don't release spice port twice when no TLS port is available
Introduced by 7b4a630.
2013-11-18 12:26:59 +01:00
Ján Tomko
e68432e45f Properly unref a connection with a close callback
The connection pointer in the closeCallback data was never
initialized, making the unref in remoteClientCloseFunc a no-op.

This fixes the following leak in virsh when the daemon closes
the connection unexpectedly:

1,179 (288 direct, 891 indirect) bytes in 1 blocks are
   definitely lost in loss record 745 of 792
  at 0x4C2A6D0: calloc (in vgpreload_memcheck-amd64-linux.so)
  by 0x4E9643D: virAllocVar (viralloc.c:558)
  by 0x4ED2425: virObjectNew (virobject.c:190)
  by 0x4F675AC: virGetConnect (datatypes.c:116)
  by 0x4F6EA06: do_open (libvirt.c:1136)
  by 0x4F71017: virConnectOpenAuth (libvirt.c:1481)
  by 0x129FFA: vshReconnect (virsh.c:337)
  by 0x128310: main (virsh.c:2470)
2013-11-18 12:26:15 +01:00
Eric Blake
6385283add docs: improve job info details
Noticed while revieweing the patches for qemu's new migration state.

* include/libvirt/libvirt.h.in (_virDomainJobInfo): Fix typo,
grammar.
* src/libvirt.c (virDomainGetJobInfo): Add cross reference.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-15 06:00:49 -07:00
Michael Avdienko
d35ae4143d Fix migration with QEMU 1.6
QEMU 1.6.0 introduced new migration status: setup
Libvirt does not expect such string in QMP and refuses to migrate with error
"unexpected migration status in setup"

This patch fixes it.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2013-11-15 13:50:47 +01:00
Jiri Denemark
05e149f94c qemu: Call qemuSetupHostdevCGroup later during hotplug
https://bugzilla.redhat.com/show_bug.cgi?id=1025108

So far qemuSetupHostdevCGroup was called very early during hotplug, even
before we knew the device we were about to hotplug was actually
available. By calling the function later, we make sure QEMU won't be
allowed to access devices used by other domains.

Another important effect of this change is that hopluging USB devices
specified by vendor and product (but not by their USB address) works
again. This was broken since v1.0.5-171-g7d763ac, when the call to
qemuFindHostdevUSBDevice was moved after the call to
qemuSetupHostdevCGroup, which then used an uninitialized USB address.
2013-11-15 13:50:47 +01:00
Michal Privoznik
f417ad07df qemuMonitorIO: Don't use @mon after it's unrefed
https://bugzilla.redhat.com/show_bug.cgi?id=1018267

The aim of virObject refing and urefing is to tell where the object is
to be used and when is no longer needed. Hence any object shouldn't be
used after it has been unrefed, as we might be the last to hold the
reference. The better way is to call virObjectUnref() *after* the last
object usage. In this specific case, the monitor EOF handler was called
after the qemuMonitorIO called virObjectUnref. Not only that @mon was
disposed (which is not used in the handler anyway) but the @mon->vm
which is causing a SIGSEGV:

2013-11-15 10:17:54.425+0000: 20110: error : qemuMonitorIO:688 : internal error: early end of file from monitor: possible problem:
qemu-kvm: -incoming tcp:01.01.01.0:49152: Failed to bind socket: Cannot assign requested address

Program received signal SIGSEGV, Segmentation fault.
qemuProcessHandleMonitorEOF (mon=<optimized out>, vm=0x7fb728004170) at qemu/qemu_process.c:299
299         if (priv->beingDestroyed) {
(gdb) p *priv
Cannot access memory at address 0x0
(gdb) p vm
$1 = (virDomainObj *) 0x7fb728004170
(gdb) p *vm
$2 = {parent = {parent = {magic = 3735928559, refs = 0, klass = 0xdeadbeef}, lock = {lock = {__data = {__lock = 2, __count = 0, __owner = 20110, __nusers = 1, __kind = 0, __spins = 0, __list = {__prev = 0x0,
            __next = 0x0}}, __size = "\002\000\000\000\000\000\000\000\216N\000\000\001", '\000' <repeats 26 times>, __align = 2}}}, pid = 0, state = {state = 0, reason = 0}, autostart = 0, persistent = 0,
  updated = 0, def = 0x0, newDef = 0x0, snapshots = 0x0, current_snapshot = 0x0, hasManagedSave = false, privateData = 0x0, privateDataFreeFunc = 0x0, taint = 304}

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-11-15 11:32:35 +01:00
Michal Privoznik
3367c21dad qemuProcessReconnectHelper: Don't create joinable thread
In the qemuProcessReconnectHelper() a new thread that does all the
interesting work is spawned. The rationale is to not block the daemon
startup process in case of unresponsive qemu. However, the thread
handler is a local variable which gets lost once the control goes out of
scope. Hence the thread gets leaked. We can avoid this if the thread
isn't made joinable.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-11-14 17:44:20 +01:00
Michal Privoznik
ea13a759f5 virDomainEventCallbackListFree: Don't leak @list->callbacks
The @list->callbacks is an array that is inflated whenever a new event
is added, e.g. via virDomainEventCallbackListAddID(). However, when we
are freeing the array, we free the items within it but forgot to
actually free it.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-11-14 17:44:20 +01:00
Michal Privoznik
a593675594 virPCIDeviceBindToStub: Remove unused @oldDriverPath and @oldDriverName
These two chunks had to be part of df4283a55b. But for some unclear
reason, the weren't. Anyway, these two variables are not used anywhere
within function. They're initialized to NULL and then VIR_FREE()-d. And
there's no reason do do two NOPs, right?

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-11-14 17:44:20 +01:00
Michal Privoznik
223ce2f1a3 networkBuildDhcpDaemonCommandLine: Don't leak @configstr and @configfile
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-11-14 17:44:20 +01:00
Ján Tomko
b7829f959b Disable nwfilter driver when running unprivileged
When opening a new connection to the driver, nwfilterOpen
only succeeds if the driverState has been allocated.

Move the privilege check in driver initialization before
the state allocation to disable the driver.

This changes the nwfilter-define error from:
error: cannot create config directory (null): Bad address
To:
this function is not supported by the connection driver:
virNWFilterDefineXML

https://bugzilla.redhat.com/show_bug.cgi?id=1029266
2013-11-13 09:41:57 +01:00
Jason Andryuk
7d58c7fc8e libxl: Fix Xen 4.4 libxlVmStart logic
ifdef LIBXL_HAVE_DOMAIN_CREATE_RESTORE_PARAMS hides a multi-line body
for a brace-less else.  Add braces to ensure proper logic is applied.

Without this fix, new domains cannot be started.  Both
libxl_domain_create_new and libxl_domain_create_restore are called when
starting a new domain leading to this error:
libxl: error: libxl.c:324:libxl__domain_rename: domain with name "guest" already exists.
libxl: error: libxl_create.c:800:initiate_domain_create: cannot make domain: -6
2013-11-12 13:14:24 -07:00
Peter Krempa
84f6960214 qemu: Check for presence of device and properities when getting CPUID
The QOM path in qemu that contains the CPUID registers of a running VM
may not be present (introduced in QEMU 1.5).

Since commit d94b781771 we have a regression with QEMU that don't
support reporting of the CPUID register state via the monitor as the
process startup code expects the path to exist.

This patch adds code that checks with the monitor if the requested path
already exists and uses it only in this case.
2013-11-12 19:36:06 +01:00
Peter Krempa
a6a6f84af9 qemu: Change return type of qemuMonitorGetGuestCPU()
To allow returning more granular errors, change the error type to an
integer.
2013-11-12 19:35:51 +01:00
Daniel P. Berrange
5087a5a009 Fix busy wait loop in LXC container I/O handling
If the host side of an LXC container console disconnected
and the guest side continued to write data, until the PTY
buffer filled up, the LXC controller would busy wait. It
would repeatedly see POLLHUP from poll() and not disable
the watch.

This was due to some bogus logic detecting blocking
conditions. Upon seeing a POLLHUP we must disable all
reading & writing from the PTY, and setup the epoll to
wake us up again when the connection comes back.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-11-12 11:14:49 +00:00
Daniel P. Berrange
cbb6ec42e2 Don't expose 'none' machine type to capabilities
The 'none' machine type is something only intended for use
by libvirt probing capabilities. It isn't something that
is useful for running real VM instances. As such it should
not be exposed to users in the capabilities.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-11-12 10:47:30 +00:00
Daniel P. Berrange
f41830680e Fix mem leak in virQEMUCapsProbeQMPMachineTypes on OOM
The virQEMUCapsProbeQMPMachineTypes method iterates over machine
types copying them into the qemuCapsPtr object. It only updates
the qemuCaps->nmachinetypes value at the end though. So if OOM
occurs in the middle, the destructor of qemuCapsPtr will not
free the partially initialized machine types.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-11-12 10:47:30 +00:00
Peter Krempa
c2986ff0d3 conf: Refactor virDomainDiskSourceDefParse
Now that the function is separate clean out a few ugly places and fix up
error messages.
2013-11-12 11:12:36 +01:00
Peter Krempa
2b2decbdcc conf: Rename virDomainDiskHostDefFree to virDomainDiskHostDefClear
The function destroys only the contents not the object itself thus it
should be called Clear.
2013-11-12 10:38:34 +01:00
Peter Krempa
16bc786408 conf: Split out code to parse the source of a disk definition
To avoid code duplication between snapshot configuration code that
parses the disk source too we need to split out this code that will be
reused later on.

This patch tries to be code movement, some aspects of this function will
be refactored later.
2013-11-12 10:38:34 +01:00
Michal Privoznik
cfc28c66f9 qemuDomainObjStart: Warn on corrupted image
If the managedsave image is corrupted, e.g. the XML part is, we fail to
parse it and throw an error, e.g.:

error: Failed to start domain jms8
error: XML error: missing security model when using multiple labels

This is okay, as we can't really start the machine and avoid undefined
qemu behaviour. On the other hand, the error message doesn't give a
clue to users what should they do. The consensus here would be to thrown
a warning to logs saying "Hey, you've got a corrupted file".

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-11-11 17:16:39 +01:00
Michal Privoznik
9fb3f9571d virSecurityLabelDefParseXML: Don't parse label on model='none'
https://bugzilla.redhat.com/show_bug.cgi?id=1027096

If there's the following snippet in the domain XML, the domain will be
lost upon the daemon restart (if the domain is started prior restart):

    <seclabel type='dynamic' relabel='yes'/>

The problem is, the 'label', 'imagelabel' and 'baselabel' are parsed
whenever the VIR_DOMAIN_XML_INACTIVE is *not* present or the label is
static. The latter is not our case, obviously. So, when libvirtd starts
up, it finds domain state xml and parse it. During parsing, many XML
flags are enabled but VIR_DOMAIN_XML_INACTIVE. Hence, our parser tries
to extract 'label', 'imagelabel' and 'baselabel' from the XML which
fails for model='none'. Err, this model - even though not specified in
XML - can be taken from qemu wide config file: /etc/libvirtd/qemu.conf.

However, in order to know we are dealing with model='none' the code in
question must be moved forward a bit. Then a new check must be
introduced. This is what the first two chunks are doing.

But this alone is not sufficient. The domain state XML won't contain the
model attribute without slight modification. The model should be
inserted into the XML even if equal to 'none' and the state XML is being
generated - what if the origin (the @security_driver variable in
qemu.conf) changes during libvirtd restarts?

At the end, a test to catch this scenario is introduced.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-11-11 16:01:25 +01:00
Wang Yufei
af67a43659 docs: fix virDomainRestoreFlags description bug
In virDomainRestoreFlags with VIR_DOMAIN_SAVE_BYPASS_CACHE, it risks
slowing restores from NFS, but not saves to NFS.

Signed-off-by: Wang Yufei <james.wangyufei@huawei.com>
2013-11-08 12:08:39 -07:00
Eric Blake
d0b2d0177b docs: grammar fixes
Fix some user-visible wording from commits 72aafe9 and 1606d89.

* src/qemu/qemu.conf (migration_address): Better wording.
* include/libvirt/libvirt.h.in (VIR_MIGRATE_PARAM_LISTEN_ADDRESS):
Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-08 10:37:06 -07:00
Vitor de Lima
efdd591dfb qemu: Fix SCSI hotplug on pseries guests
This patch moves some code in the qemuDomainAttachSCSIDisk
function. The check for the existence of a PCI address assigned
to the SCSI controller was moved in order to be executed only
when needed. The PCI address of a controller is not necessary
if QEMU_CAPS_DEVICE is supported.

This fixes issues with the hotplug of SCSI disks on pseries guests.
2013-11-08 16:25:02 +02:00
Laine Stump
88c1fcd5e7 pci: properly handle out-of-order SRIOV virtual functions
This resolves:

  https://bugzilla.redhat.com/show_bug.cgi?id=1025397

When virPCIGetVirtualFunctions created the list of an SRIOV Physical
Function's (PF) Virtual Functions (VF), it had assumed that the order
of "virtfn*" links returned by readdir() from the PF's sysfs directory
was already in the correct order. Experience has shown that this is
not always the case - it can be in alphabetical order (which would
e.g. place virtfn11 before virtfn2) or even some seemingly random
order (see the example in the bugzilla report)

This results in 1) incorrect assumptions made by consumers of the
output of the virt_functions list of virsh nodedev-dumpxml, and 2)
setting MAC address and vlan tag on the wrong VF (since libvirt uses
netlink to set mac address and vlan tag, netlink requires the VF#, and
the function virPCIGetVirtualFunctionIndex() returns the wrong index
due to the improperly ordered VF list).

The solution provided by this patch is for virPCIGetVirtualFunctions
to no longer scan the entire device directory in its natural order,
but instead to check for links individually by name "virtfn%d" where
%d starts at 0 and increases with each success. Since VFs are created
contiguously by the kernel, this will guarantee that all VFs are
found, and placed in the arry in the correct order.

One note of use to the uninitiated is that VIR_APPEND_ELEMENT always
either increments *num_virtual_functions or fails, so no this isn't an
endless loop.

(NB: the SRIOV_* defines at the top of virpci.c were removed
because they are unnecessary and/or not used.)
2013-11-08 14:31:54 +02:00
Laine Stump
89e2a6c88c util: use size_t instead of unsigned int for num_virtual_functions
This is a prerequisite to the fix for the fix to:

  https://bugzilla.redhat.com/show_bug.cgi?id=1025397

num_virtual_functions needs to be size_t in order to use the
VIR_APPEND_ELEMENT macro.
2013-11-08 14:31:11 +02:00
Vitor de Lima
54e4d9d081 qemu: assign PCI address to primary video card
When adding support for Q35 guests, the code to assign a PCI address
to the primary video card was moved into Q35 and i440fx(PIIX3)
specific functions, but no fallback was kept for other machine types
that might have a video card.

This patch remedies that by assigning a PCI address to the primary
video card if it does not have any kind of address.  In particular,
this fixes issues with pseries guests.

Signed-off-by: Vitor de Lima <vitor.lima@eldorado.org.br>
Signed-off-by: Laine Stump <laine@laine.org>
2013-11-08 12:48:32 +02:00
Serge Hallyn
ba95426d6f util: use -w flag when calling iptables
When supported, ask iptables to wait rather than fail if it is in use
by another caller (like ufw).

(See https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1245322)

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
2013-11-08 12:48:25 +02:00
Peter Krempa
d94b781771 qemu: process: Validate specific CPUID flags of a guest
When starting a VM the qemu process may filter out some requested
features of a domain as it's not supported either by the host or by
qemu. Libvirt didn't check if this happened which might end up in
changing of the guest ABI when migrating.

The proof of concept implementation adds the check for the recently
introduced kvm_pv_unhalt cpuid feature bit. This feature depends on both
qemu and host kernel support and thus increase the possibility of guest
ABI breakage.
2013-11-08 09:44:42 +01:00
Peter Krempa
e0dc851164 qemu: Add support for paravirtual spinlocks in the guest
The linux kernel recently added support for paravirtual spinlock
handling to avoid performance regressions on overcomitted hosts. This
feature needs to be turned in the hypervisor so that the guest OS is
notified about the possible support.

This patch adds a new feature "paravirt-spinlock" to the XML and
supporting code to enable the "kvm_pv_unhalt" pseudo CPU feature in
qemu.

https://bugzilla.redhat.com/show_bug.cgi?id=1008989
2013-11-08 09:44:42 +01:00
Peter Krempa
de7b5faf43 conf: Refactor storing and usage of feature flags
Currently we were storing domain feature flags in a bit field as the
they were either enabled or disabled. New features such as paravirtual
spinlocks however can be tri-state as the default option may depend on
hypervisor version.

To allow storing tri-state feature state in the same place instead of
having to declare dedicated variables for each feature this patch
refactors the bit field to an array.
2013-11-08 09:44:42 +01:00
Peter Krempa
2e8f90802d cpu: x86: Add internal CPUID features support and KVM feature bits
Some of the emulator features are presented in the <features> element in
the domain XML although they are virtual CPUID feature bits when
presented to the guest. To avoid confusing the users with these
features, as they are not configurable via the <cpu> element, this patch
adds an internal array where those can be stored privately instead of
exposing them in the XML.

Additionaly KVM feature bits are added as example usage of this code.
2013-11-08 09:44:42 +01:00
Jiri Denemark
3afde0756f qemu: Add monitor APIs to fetch CPUID data from QEMU
The qemu monitor supports retrieval of actual CPUID bits presented to
the guest using QMP monitor. Add APIs to extract these information and
tests for them.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
2013-11-08 09:44:36 +01:00
Peter Krempa
f80a11c921 cpu_x86: Refactor storage of CPUID data to add support for KVM features
The CPUID functions were stored in multiple arrays according to a
specified prefix of those. This made it very hard to add another prefix
to store KVM CPUID features (0x40000000). Instead of hardcoding a third
array this patch changes the approach used:

The code is refactored to use a single array where the CPUID functions
are stored ordered by the cpuid function so that they don't depend on
the specific prefix and don't waste memory. The code is also less
complex using this approach. A trateoff to this is the change from O(N)
complexity to O(N^2) in x86DataAdd and x86DataSubtract. The rest of the
functions were already using O(N^2) algorithms.
2013-11-08 09:28:06 +01:00
Li Zhang
4ffcb0208c storage: Fix a vol-clone bug on ppc64
vol-clone reports out of memory error with disk type on ppc64.

Currently, wbytes is defined as size_t type (8 bytes), but
args's value in ioctl(fd, args..) in kernel is int (4 bytes).
This makes wbytes 2^32 times larger, causing an out of memory error.

This patch changes size_t to int to synchronize with kernel.

[1] https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/block/ioctl.c?id=5e01dc7b#n363
[2] https://lkml.org/lkml/2013/11/1/620

Signed-off-by: Li Zhang <zhlcindy@linux.vnet.ibm.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2013-11-08 07:51:43 +01:00
Michal Privoznik
1f2f879ed1 qemu: Don't access vm->priv on unlocked domain
Since 86d90b3a (yes, my patch; again) we are supporting NBD storage
migration. However, on error recovery path we got the steps reversed.
The correct order is: return NBD port to the virPortAllocator and then
either unlock the vm or remove it from the driver. Not vice versa.

==11192== Invalid write of size 4
==11192==    at 0x11488559: qemuMigrationPrepareAny (qemu_migration.c:2459)
==11192==    by 0x11488EA6: qemuMigrationPrepareDirect (qemu_migration.c:2652)
==11192==    by 0x114D1509: qemuDomainMigratePrepare3Params (qemu_driver.c:10332)
==11192==    by 0x519075D: virDomainMigratePrepare3Params (libvirt.c:7290)
==11192==    by 0x1502DA: remoteDispatchDomainMigratePrepare3Params (remote.c:4798)
==11192==    by 0x12DECA: remoteDispatchDomainMigratePrepare3ParamsHelper (remote_dispatch.h:5741)
==11192==    by 0x5212127: virNetServerProgramDispatchCall (virnetserverprogram.c:435)
==11192==    by 0x5211C86: virNetServerProgramDispatch (virnetserverprogram.c:305)
==11192==    by 0x520A8FD: virNetServerProcessMsg (virnetserver.c:165)
==11192==    by 0x520A9E1: virNetServerHandleJob (virnetserver.c:186)
==11192==    by 0x50DA78F: virThreadPoolWorker (virthreadpool.c:144)
==11192==    by 0x50DA11C: virThreadHelper (virthreadpthread.c:161)
==11192==  Address 0x1368baa0 is 576 bytes inside a block of size 688 free'd
==11192==    at 0x4A07F5C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==11192==    by 0x5079A2F: virFree (viralloc.c:580)
==11192==    by 0x11456C34: qemuDomainObjPrivateFree (qemu_domain.c:267)
==11192==    by 0x50F41B4: virDomainObjDispose (domain_conf.c:2034)
==11192==    by 0x50C2991: virObjectUnref (virobject.c:262)
==11192==    by 0x50F4CFC: virDomainObjListRemove (domain_conf.c:2361)
==11192==    by 0x1145C125: qemuDomainRemoveInactive (qemu_domain.c:2087)
==11192==    by 0x11488520: qemuMigrationPrepareAny (qemu_migration.c:2456)
==11192==    by 0x11488EA6: qemuMigrationPrepareDirect (qemu_migration.c:2652)
==11192==    by 0x114D1509: qemuDomainMigratePrepare3Params (qemu_driver.c:10332)
==11192==    by 0x519075D: virDomainMigratePrepare3Params (libvirt.c:7290)
==11192==    by 0x1502DA: remoteDispatchDomainMigratePrepare3Params (remote.c:4798)

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-11-08 07:34:11 +01:00
Michal Privoznik
5a4c2374a2 qemu: Avoid double free of VM
One of my previous patches (c7ac2519b7) did try to fix the issue when
domain dies too soon during migration. However, this clumsy approach was
missing removal of qemuProcessHandleMonitorDestroy resulting in double
unrefing of mon->vm and hence producing the daemon crash:

==11843== Invalid read of size 4
==11843==    at 0x50C28C5: virObjectUnref (virobject.c:255)
==11843==    by 0x1148F7DB: qemuMonitorDispose (qemu_monitor.c:258)
==11843==    by 0x50C2991: virObjectUnref (virobject.c:262)
==11843==    by 0x50C2D13: virObjectFreeCallback (virobject.c:388)
==11843==    by 0x509C37B: virEventPollCleanupHandles (vireventpoll.c:583)
==11843==    by 0x509C711: virEventPollRunOnce (vireventpoll.c:652)
==11843==    by 0x509A620: virEventRunDefaultImpl (virevent.c:274)
==11843==    by 0x520D21C: virNetServerRun (virnetserver.c:1112)
==11843==    by 0x11F368: main (libvirtd.c:1513)
==11843==  Address 0x13b88864 is 4 bytes inside a block of size 136 free'd
==11843==    at 0x4A07F5C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==11843==    by 0x5079A2F: virFree (viralloc.c:580)
==11843==    by 0x50C29E3: virObjectUnref (virobject.c:270)
==11843==    by 0x114770E4: qemuProcessHandleMonitorDestroy (qemu_process.c:1103)
==11843==    by 0x1148F7CB: qemuMonitorDispose (qemu_monitor.c:257)
==11843==    by 0x50C2991: virObjectUnref (virobject.c:262)
==11843==    by 0x50C2D13: virObjectFreeCallback (virobject.c:388)
==11843==    by 0x509C37B: virEventPollCleanupHandles (vireventpoll.c:583)
==11843==    by 0x509C711: virEventPollRunOnce (vireventpoll.c:652)
==11843==    by 0x509A620: virEventRunDefaultImpl (virevent.c:274)
==11843==    by 0x520D21C: virNetServerRun (virnetserver.c:1112)
==11843==    by 0x11F368: main (libvirtd.c:1513)

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-11-08 07:31:02 +01:00
Michal Privoznik
b2f31af701 qemuMigrationBeginPhase: Check for 'drive-mirror' for NBD
So far we are checking if qemu supports 'nbd-server-start'. This,
however, makes no sense on the source as nbd-server-* is used on the
destination. On the source the 'drive-mirror' is used instead.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-11-07 14:15:13 +01:00
Chen Hanxiao
4bcb74d03f conf: fix incorrect error log in virCPUDefIsEqual
A copy-paste error.
s/model/vendor id

Signed-off-by: Chen Hanxiao <chenhanxiao@cn.fujitsu.com>
2013-11-07 12:01:29 +01:00
Peter Krempa
6e037015a4 conf: Refactor virDomainDiskSourcePoolDefParse
For some strange reason virDomainDiskSourcePoolDefParse accessed def of
the disk and allocated the pool object in it. To avoid the need to carry
over the disk definition object, refactor this function to return the
allocated object instead.
2013-11-07 10:12:49 +01:00
Eric Blake
adb44955c4 nodeinfo: fix build on non-Linux
Commit b0f8546 broke the build on mingw, by exposing code that
had Linux-specific dependencies but which was previously protected
by libnuma ifdef guards:

make[3]: Entering directory `/home/eblake/libvirt-tmp/build/src'
  CC       libvirt_driver_la-nodeinfo.lo
../../src/nodeinfo.c: In function 'virNodeGetSiblingsList':
../../src/nodeinfo.c:1543:30: error: 'SYSFS_THREAD_SIBLINGS_LIST_LENGTH_MAX' undeclared (first use in this function)
     if (virFileReadAll(path, SYSFS_THREAD_SIBLINGS_LIST_LENGTH_MAX, &buf) < 0)
                              ^
../../src/nodeinfo.c:1543:30: note: each undeclared identifier is reported only once for each function it appears in
../../src/nodeinfo.c: In function 'virNodeCapsFillCPUInfo':
../../src/nodeinfo.c:1562:5: error: implicit declaration of function 'virNodeGetCpuValue' [-Werror=implicit-function-declaration]
     if ((tmp = virNodeGetCpuValue(SYSFS_CPU_PATH, cpu_id,
     ^
../../src/nodeinfo.c:1562:5: error: nested extern declaration of 'virNodeGetCpuValue' [-Werror=nested-externs]
../../src/nodeinfo.c:1562:35: error: 'SYSFS_CPU_PATH' undeclared (first use in this function)
     if ((tmp = virNodeGetCpuValue(SYSFS_CPU_PATH, cpu_id,
                                   ^
cc1: all warnings being treated as errors

* src/nodeinfo.c (virNodeCapsFillCPUInfo): Make conditional.
(virNodeGetSiblingsList): Move into #ifdef linux block.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-06 17:36:44 -07:00
Eric Blake
348b4e254b storage: always probe type with buffer
This gets rid of another stat() per volume, as well as cutting
bytes read in half, when populating the volumes of a directory
pool during a pool refresh.  Not to mention that it provides an
interface that can let gluster pools also probe file types.

* src/util/virstoragefile.h (virStorageFileProbeFormatFromFD):
Delete.
(virStorageFileProbeFormatFromBuf): New prototype.
(VIR_STORAGE_MAX_HEADER): New constant, based on...
* src/util/virstoragefile.c (STORAGE_MAX_HEAD): ...old name.
(vmdk4GetBackingStore, virStorageFileGetMetadataInternal)
(virStorageFileProbeFormat): Adjust clients.
(virStorageFileProbeFormatFromFD): Delete.
(virStorageFileProbeFormatFromBuf): Export.
* src/storage/storage_backend_fs.c (virStorageBackendProbeTarget):
Adjust client.
* src/libvirt_private.syms (virstoragefile.h): Adjust exports.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-06 17:31:51 -07:00
Eric Blake
3ead2e7ded storage: refactor backing chain division of labor
Future patches will want to learn metadata about a file using
a buffer that was already parsed in order to probe the file's
format.  Rather than reopening and re-reading the file, it makes
sense to separate getting file contents from actually parsing
those contents.

* src/util/virstoragefile.c (virStorageFileGetMetadataFromBuf)
(virStorageFileGetMetadataFromFDInternal): New functions.
(virStorageFileGetMetadataInternal): Hoist fstat() and read() into
callers.
(virStorageFileGetMetadataFromFD)
(virStorageFileGetMetadataRecurse): Rework clients.
* src/util/virstoragefile.h (virStorageFileGetMetadataFromBuf):
New prototype.
* src/libvirt_private.syms (virstoragefile.h): Export it.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-06 17:28:12 -07:00
Eric Blake
9cac863965 storage: reduce number of stat calls
We are calling fstat() at least twice per storage volume in
a directory storage pool; this is rather wasteful.  Refactoring
this is also a step towards making code reusable for gluster,
where gluster can provide struct stat but cannot use fstat().

* src/storage/storage_backend.h
(virStorageBackendVolOpenCheckMode)
(virStorageBackendUpdateVolTargetInfoFD): Update signature.
* src/storage/storage_backend.c
(virStorageBackendVolOpenCheckMode): Pass stat results back.
(virStorageBackendUpdateVolTargetInfoFD): Use existing stats.
(virStorageBackendVolOpen, virStorageBackendUpdateVolTargetInfo):
Update callers.
* src/storage/storage_backend_fs.c (virStorageBackendProbeTarget):
Likewise.
* src/storage/storage_backend_scsi.c
(virStorageBackendSCSIUpdateVolTargetInfo): Likewise.
* src/storage/storage_backend_mpath.c
(virStorageBackendMpathUpdateVolTargetInfo): Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-06 17:17:08 -07:00
Eric Blake
5327fad4f2 storage: avoid short reads while chasing backing chain
Our backing file chain code was not very robust to an ill-timed
EINTR, which could lead to a short read causing us to randomly
treat metadata differently than usual.  But the existing
virFileReadLimFD forces an error if we don't read the entire
file, even though we only care about the header of the file.
So add a new virFile function that does what we want.

* src/util/virfile.h (virFileReadHeaderFD): New prototype.
* src/util/virfile.c (virFileReadHeaderFD): New function.
* src/libvirt_private.syms (virfile.h): Export it.
* src/util/virstoragefile.c (virStorageFileGetMetadataInternal)
(virStorageFileProbeFormatFromFD): Use it.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-06 17:14:02 -07:00
Eric Blake
5717ee6ab8 storage: use simpler 'char *'
'unsigned char *' makes sense if you are doing math on bytes and
don't want to worry about wraparound from a signed 'char'; but
since all we are doing is memcmp() or virReadBufInt*[LB]E(), which
are both safe on either type of char, and since read() prefers to
operate on 'char *', it's simpler to avoid casts by just typing
things as 'char *' from the get-go.  [Technically, read can
operate on an 'unsigned char *' thanks to the C rule that any
pointer can be implicitly converted to 'char *' for legacy K&R
compatibility; but where this patch saves us is if we try to use
virfile.h functions that take 'char **' in order to allocate the
buffer, where the compiler would barf on type mismatch.]

* src/util/virstoragefile.c (FileTypeInfo): Avoid unsigned char.
(cowGetBackingStore, qcow2GetBackingStoreFormat)
(qcowXGetBackingStore, qcow1GetBackingStore)
(qcow2GetBackingStore, vmdk4GetBackingStore, qedGetBackingStore)
(virStorageFileMatchesMagic, virStorageFileMatchesVersion)
(virStorageFileProbeFormatFromBuf, qcow2GetFeatures)
(virStorageFileGetMetadataInternal)
(virStorageFileProbeFormatFromFD): Simplify clients.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-06 15:41:12 -07:00
Giuseppe Scrivano
2b68ad7161 test driver: add support for .connectBaselineCPU
It uses the same functionalities of the qemu driver.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2013-11-06 15:01:17 -07:00
Michal Privoznik
9cc8a5af02 qemuMonitorDispose: Reset lastError
Since the 90139a62 commit the error is copied into mon->lastError but
it's never freed from there.

==31989== 395 bytes in 1 blocks are definitely lost in loss record 877 of 978
==31989==    at 0x4A06C2B: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==31989==    by 0x7EAF129: strdup (in /lib64/libc-2.15.so)
==31989==    by 0x50D586C: virStrdup (virstring.c:554)
==31989==    by 0x50976C1: virCopyError (virerror.c:191)
==31989==    by 0x5097A35: virCopyLastError (virerror.c:312)
==31989==    by 0x114909A9: qemuMonitorIO (qemu_monitor.c:690)
==31989==    by 0x509BEDE: virEventPollDispatchHandles (vireventpoll.c:501)
==31989==    by 0x509C701: virEventPollRunOnce (vireventpoll.c:648)
==31989==    by 0x509A620: virEventRunDefaultImpl (virevent.c:274)
==31989==    by 0x520D21C: virNetServerRun (virnetserver.c:1112)
==31989==    by 0x11F368: main (libvirtd.c:1513)

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-11-06 19:03:30 +01:00
Zeng Junliang
c92ca769af qemu: clean up migration ports when migration cancelled
If there's a migration cancelled, the bitmap of migration port should be
cleaned up too.

Signed-off-by: Zeng Junliang <zengjunliang@huawei.com>
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2013-11-06 15:08:43 +01:00
Laine Stump
b4e0299d4f network: fix connections count in case of allocate failure
This resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1020135

If networkAllocateActualDevice() had failed due to a pool of hostdev
or direct devices being depleted, the calling function could still
call networkReleaseActualDevice() as part of its cleanup, and that
function would then unconditionally decrement the connections count
for the network, even though it hadn't been incremented (due to
failure of allocate). This *was* necessary because the .actual member
of the netdef was allocated with a "lazy" algorithm, only being
created if there was a need to store data there (e.g. if a device was
allocated from a pool, or bandwidth was allocated for the device), so
there was no simple way for networkReleaseActualDevice() to tell if
something really had been allocated (i.e. if "connections++" had been
executed).

This patch changes networkAllocateDevice() to *always* allocate an
actual device for any netdef of type='network', even if it isn't
needed for any other reason. This has no ill effects anywhere else in
the code (except for using a small amount of memory), and
networkReleaseActualDevice() can then determine if there was a
previous successful allocate by checking for .actual != NULL (if not,
it skips the "connections--").
2013-11-06 13:14:57 +02:00
Guido Günther
12dc729a71 virt-login-shell: also build virAtomic.h
Needed for architectures that don't use gcc atomic ops but pthread. This
fixes the armel build that otherwise breaks like:

 CCLD     virt-login-shell
 ../src/.libs/libvirt-setuid-rpc-client.a(libvirt_setuid_rpc_client_la-virobject.o): In function `virClassNew':
 /«PKGBUILDDIR»/debian/build/src/../../../src/util/virobject.c:150: undefined reference to `virAtomicLock'
 ../src/.libs/libvirt-setuid-rpc-client.a(libvirt_setuid_rpc_client_la-virobject.o): In function `virObjectNew':
 /«PKGBUILDDIR»/debian/build/src/../../../src/util/virobject.c:202: undefined reference to `virAtomicLock'
 ../src/.libs/libvirt-setuid-rpc-client.a(libvirt_setuid_rpc_client_la-virobject.o): In function `virObjectUnref':
 /«PKGBUILDDIR»/debian/build/src/../../../src/util/virobject.c:274: undefined reference to `virAtomicLock'
 ../src/.libs/libvirt-setuid-rpc-client.a(libvirt_setuid_rpc_client_la-virobject.o): In function `virObjectRef':
 /«PKGBUILDDIR»/debian/build/src/../../../src/util/virobject.c:295: undefined reference to `virAtomicLock'
 collect2: error: ld returned 1 exit status

See https://buildd.debian.org/status/fetch.php?pkg=libvirt&arch=armel&ver=1.1.4-1&stamp=1383588268
2013-11-05 19:44:27 +01:00
Eric Blake
0705933b89 storage: recognize gluster as networked file
A qcow2 file with a backing file of 'gluster://host/vol/file' should
not try to look for a directory named './gluster:/' in the file system.

* src/util/virstoragefile.c (virBackingStoreIsFile): Broaden check
to include all protocols.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-05 08:36:43 -07:00
Ján Tomko
1569fa14d8 qemu: don't use deprecated -no-kvm-pit-reinjection
Since qemu-kvm 1.1 [1] (since 1.3. in upstream QEMU [2])
'-no-kvm-pit-reinjection' has been deprecated.
Use -global kvm-pit.lost_tick_policy=discard instead.

https://bugzilla.redhat.com/show_bug.cgi?id=978719

[1] http://git.kernel.org/cgit/virt/kvm/qemu-kvm.git/commit/?id=4e4fa39
[2] http://git.qemu.org/?p=qemu.git;a=commitdiff;h=c21fb4f
2013-11-05 16:04:06 +01:00
John Ferlan
5669045580 Resolve Coverity issue regarding not checking return value
Coverity complains that the call to virPCIDeviceDetach() in
qemuPrepareHostdevPCIDevices() doesn't check status return like
other calls.  Seems this just was lurking until a recent change
to this module resulted in Coverity looking harder and finding
the issue.  Introduced by 'a4efb2e33' when function was called
'pciReAttachDevice()'

Just added a ignore_value() since it doesn't appear to matter
if the call fails since we're on a failure path already.
2013-11-05 07:55:54 -05:00
Daniel P. Berrange
9ecbd38c4c Skip any files which are not mounted on the host
Currently the LXC container tries to skip selinux/securityfs
mounts if the directory does not exist in the filesystem,
or if SELinux is disabled.

The former check is flawed because the /sys/fs/selinux
or /sys/kernel/securityfs directories may exist in sysfs
even if the mount type is disabled. Instead of just doing
an access() check, use an virFileIsMounted() to see if
the FS is actually present in the host OS. This also
avoids the need to check is_selinux_enabled().

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-11-05 15:51:48 +08:00
Daniel P. Berrange
bf8874025e Add flag to lxcBasicMounts to control use in user namespaces
Some mounts must be skipped if running inside a user namespace,
since the kernel forbids their use. Instead of strcmp'ing the
filesystem type in the body of the loop, set an explicit flag
in the lxcBasicMounts table.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-11-05 15:51:47 +08:00
Daniel P. Berrange
6d5fdde3dd Remove duplicate entries in lxcBasicMounts array
Currently the lxcBasicMounts array has separate entries for
most mounts, to reflect that we must do a separate mount
operation to make mounts read-only. Remove the duplicate
entries and instead set the MS_RDONLY flag against the main
entry. Then change lxcContainerMountBasicFS to look for the
MS_RDONLY flag, mask it out & do a separate bind mount.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-11-05 15:51:47 +08:00
Daniel P. Berrange
f567a583f3 Remove pointless 'srcpath' variable in lxcContainerMountBasicFS
The 'srcpath' variable is initialized from 'mnt->src' and never
changed thereafter. Some places continue to use 'mnt->src' and
others use 'srcpath'. Remove the pointless 'srcpath' variable
and use 'mnt->src' everywhere.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-11-05 15:51:47 +08:00
Daniel P. Berrange
c6b84a9dee Remove unused 'opts' field from LXC basic mounts struct
The virLXCBasicMountInfo struct contains a 'char *opts'
field passed onto the mount() syscall. Every entry in the
list sets this to NULL though, so it can be removed to
simplify life.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-11-05 15:51:47 +08:00
Daniel P. Berrange
ccacd4fe3b Add virFileIsMountPoint function
Add a function for efficiently checking if a path is a filesystem
mount point.

NB will not work for bind mounts, only true filesystem mounts.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-11-05 15:51:47 +08:00
Michal Privoznik
df4283a55b virpci: Don't error on unbinded devices
https://bugzilla.redhat.com/show_bug.cgi?id=1018897

If a PCI deivce is not binded to any driver (e.g. there's yet no PCI
driver in the linux kernel) but still users want to passthru the device
we fail the whole operation as we fail to resolve the 'driver' link
under the PCI device sysfs tree. Obviously, this is not a fatal error
and it shouldn't be error at all.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-11-04 17:28:51 +01:00
Peter Krempa
629aff378f cpu: x86: Parse the CPU feature map only once
Until now the map was loaded from the XML definition file every time a
operation on the flags was requested. With the introduciton of one shot
initializers we can store the definition forever (as it will never
change) instead of parsing it over and over again.
2013-11-04 11:51:09 +01:00
Jiri Denemark
6f6e1f902a cpu: Export few x86-specific APIs
This makes virCPUx86DataAddCPUID, virCPUx86DataFree, and
virCPUx86MakeData available for direct usage outside of cpu driver in
tests and the new qemu monitor that will request the actual CPU
definition from a running qemu instance.
2013-11-04 11:26:55 +01:00
Peter Krempa
b0f8546203 nodeinfo: Remove libnuma include
Now that all libnuma functions used by libvirt are wrapped in virNuma we
can remove the dependancy from nodeinfo.
2013-11-04 10:50:20 +01:00
Peter Krempa
223521bd33 numa: Add wrapper of numa_node_to_cpus and use it 2013-11-04 10:50:20 +01:00
Peter Krempa
f162a229e7 caps: Fix function docs for virCapabilitiesAddHostNUMACell 2013-11-04 10:50:20 +01:00
Peter Krempa
15ca990229 numa: Replace NUMA_MAX_N_CPUS macro with virNumaGetMaxCPUs() 2013-11-04 10:50:20 +01:00
Peter Krempa
5ed9b3bc29 nodeinfo: Get rid of nodeGetCellMemory
The function was called in a single place only and was reporting errors
that were later ignored. Use the virNumaGetNodeMemory helper to get the
size of the memory in the NUMA node and remove the helper
2013-11-04 10:50:20 +01:00
Peter Krempa
9dd02965a5 numa: Introduce virNumaGetNodeMemory and use it instead of numa_node_size64 2013-11-04 10:50:19 +01:00
Peter Krempa
f72cfea1ab numa: Introduce virNumaGetMaxNode and use it instead of numa_max_node
Avoid necessary checks for the numa library with this helper.
2013-11-04 10:50:19 +01:00
Peter Krempa
0ce5d94636 nodeinfo: Avoid forward declarations of static functions
linuxNodeGetCPUStats() and linuxNodeGetMemoryStats() are static and
don't need a forward declaration.
2013-11-04 10:50:14 +01:00
Peter Krempa
f8ee8fe3f9 numa: Introduce virNumaIsAvailable and use it instead of numa_available
All functions from libnuma must be protected with ifdefs. Avoid this by
using our own wrapper.
2013-11-04 10:48:00 +01:00
Ryota Ozaki
8079b0e0f4 virnetsocket: fix getsockopt on FreeBSD
aa0f099 introduced a strict error checking for getsockopt and it
revealed that getting a peer credential of a socket on FreeBSD
didn't work. Libvirtd hits the error:
  error : virNetSocketGetUNIXIdentity:1198 : Failed to get valid
  client socket identity groups

SOL_SOCKET (0xffff) was used as a level of getsockopt for
LOCAL_PEERCRED, however, it was wrong. 0 is correct as well as
Mac OS X.

So for LOCAL_PEERCRED our options are SOL_LOCAL (if defined) or
0 on Mac OS X and FreeBSD. According to the fact, the patch
simplifies the code by removing ifdef __APPLE__.

I tested the patch on FreeBSD 8.4, 9.2 and 10.0-BETA1.

Signed-off-by: Ryota Ozaki <ozaki.ryota@gmail.com>
2013-11-03 17:08:55 -06:00
Doug Goldstein
9fa3a8ab6f MacOS: Handle changes to xdrproc_t definition
With Mac OS X 10.9, xdrproc_t is no longer defined as:

typedef bool_t (*xdrproc_t)(XDR *, ...);

but instead as:

typdef bool_t (*xdrproc_t)(XDR *, void *, unsigned int);

For reference, Linux systems typically define it as:

typedef bool_t (*xdrproc_t)(XDR *, void *, ...);

The rationale explained in the header is that using a vararg is
incorrect and has a potential to change the ABI slightly do to compiler
optimizations taken and the undefined behavior. They decided
to specify the exact number of parameters and for compatibility with old
code decided to make the signature require 3 arguments. The third
argument is ignored for cases that its not used and its recommended to
supply a 0.
2013-11-03 09:34:10 -06:00
Jeremy Fitzhardinge
ba1bf10063 libxl: fix dubious cpumask handling in libxlDomainSetVcpuAffinities
Rather than casting the virBitmap pointer to uint8_t* and then using
the structure contents as a byte array, use the virBitmap API to determine
the bitmap size and test each bit.

Signed-off-by: Jeremy Fitzhardinge <jeremy@goop.org>
2013-11-01 09:05:36 -06:00
Jim Fehlig
835f992a68 Revert "libxl: Fix possible invalid read"
This reverts commit 394d6e0a95.
The real problem is accessing the virtBitmap structure as a byte
array, which was correctly identified and fixed by Jeremy Fitzhardinge

https://www.redhat.com/archives/libvir-list/2013-October/msg01257.html
2013-11-01 09:05:36 -06:00
Bamvor Jian Zhang
a52fa5569a fix api changes in xen restore
in recently xen commit: 7051d5c8, there is a api changes in
libxl_domain_create_restore.
Author: Andrew Cooper <andrew.cooper3@citrix.com>
Date:   Thu Oct 10 12:23:10 2013 +0100

    tools/migrate: Fix regression when migrating from older version of Xen

use the macro LIBXL_HAVE_DOMAIN_CREATE_RESTORE_PARAMS in libxl.h
in order to make libvirt could compile with old and new xen.

the params checkpointed_stream is useful if libvirt libxl driver
support migration. for new, set it as zero.

Signed-off-by: Bamvor Jian Zhang <bjzhang@suse.com>
2013-11-01 08:10:48 -06:00
Daniel P. Berrange
89759301de Fix race in starting transient VMs
When starting a transient VM the first thing done is to check
for duplicates. The check looks if there are any running VMs
with the matching name/uuid. It explicitly allows there to
be inactive VMs, so that a persistent VM can be temporarily
booted with a different config.

There is a race condition, however, where 2 or more clients
try to create the same transient VM. The first client will
cause a virDomainObjPtr to be added to the domain list, and
it is inactive at this stage. The second client may then
come along and see this inactive VM, and mistake it for a
persistent VM.

If the first VM fails to start its transient guest for any
reason, then it'll remove the virDomainObjPtr from the list.
The second client now has a virDomainObjPtr that it can try
to boot, which libvirt no longer has a record of. The result
can be a running QEMU process that is orphaned.

It was also, however, possible for the virDomainObjPtr to be
completely free'd which will cause libvirtd to crash in some
scenarios.

The fix is to only allow an existing inactive VM if it is
marked as persistent.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-11-01 11:10:25 +00:00
Ján Tomko
3e1e16aa8d Use a port from the migration range for NBD as well
Instead of using a port from the remote display range.

https://bugzilla.redhat.com/show_bug.cgi?id=1025699
2013-11-01 12:07:12 +01:00
Ryota Ozaki
87176d0ce9 nodedev_hal: fix segfault when virDBusGetSystemBus fails
Thie patch fixes the segfault:
    error : nodeStateInitialize:658 : DBus not available,
      disabling HAL driver: internal error: Unable to get DBus
      system bus connection: Failed to connect to socket
      /var/run/dbus/system_bus_socket: No such file or directory
    error : nodeStateInitialize:719 :  ?:
    Caught Segmentation violation dumping internal log buffer:

This segfault occurs at the below VIR_ERROR:
  failure:
      if (dbus_error_is_set(&err)) {
          VIR_ERROR(_("%s: %s"), err.name, err.message);

When virDBusGetSystemBus fails, the code jumps to the above failure
path. However, the err variable is not correctly initialized
before calling virDBusGetSystemBus. As a result, dbus_error_is_set
may pass over the uninitialized err variable whose name or
message may point to somewhere unknown memory region, which
causes a segfault on VIR_ERROR.

The new code initializes the err variable before calling
virDBusGetSystemBus.

Signed-off-by: Ryota Ozaki <ozaki.ryota@gmail.com>
2013-10-31 11:21:10 -06:00
Daniel P. Berrange
4b9862775c Improve debugging of QEMU start/stop
Include reference of the VM object pointer and name in debug
logs for QEMU start/stop functions. Also make sure we log the
PID that we started, since it isn't available elsewhere in the
logs.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-31 16:56:01 +00:00
Daniel P. Berrange
dddc57a339 Improve debugging of job enter/exit code
In debugging a recent oVirt/libvirt race condition, I was very
frustrated by lack of logging in the job enter/exit code. This
patch adds some key data which would have been useful in by
debugging attempts.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-31 16:56:01 +00:00
Hongwei Bi
903bd69782 xenapi: fix coding style in xenapi_driver.c
Fix the if statement coding style.

Signed-off-by: Hongwei Bi <hwbi2008@gmail.com>
2013-10-31 14:53:05 +01:00
Eric Blake
41183cf7bb storage: use correct type for array count
Using size_t counts will let us use VIR_APPEND_ELEMENT and friends.

* src/conf/storage_conf.h (_virStoragePoolObjList)
(_virStorageVolDefList): Track list sizes with size_t.
* src/storage/storage_backend_rbd.c
(virStorageBackendRBDRefreshPool): Fix type fallout.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-10-30 17:13:24 -06:00
Eric Blake
fb8613525d maint: avoid further typedef accidents
To make it easier to forbid future attempts at a confusing typedef
name ending in Ptr that isn't actually a pointer, insist that we
follow our preferred style of 'typedef foo *fooPtr'.

* cfg.mk (sc_forbid_const_pointer_typedef): Enforce consistent
style, to prevent issue fixed in previous storage patch.
* src/conf/capabilities.h (virCapsPtr): Fix offender.
* src/security/security_stack.c (virSecurityStackItemPtr):
Likewise.
* tests/qemucapabilitiestest.c (testQemuDataPtr): Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-10-30 17:02:12 -06:00
Claudio Bley
52dbeac8e7 libvirt.c: indent code of virDomainGetMemoryParameters's documentation
By indenting code inside of comments, it gets recognized as a
code block when generating the HTML documentation.
2013-10-30 17:30:12 +01:00
Claudio Bley
6d19d742bc libvirt.c: add 2 spaces of indentation to example code of virStreamSend
See libvirt-libvirt.html#virStreamSend for the effect.
2013-10-30 17:30:12 +01:00
Daniel P. Berrange
f26701f565 Fix race condition reconnecting to vms & loading configs
The following sequence

 1. Define a persistent QMEU guest
 2. Start the QEMU guest
 3. Stop libvirtd
 4. Kill the QEMU process
 5. Start libvirtd
 6. List persistent guests

At the last step, the previously running persistent guest
will be missing. This is because of a race condition in the
QEMU driver startup code. It does

 1. Load all VM state files
 2. Spawn thread to reconnect to each VM
 3. Load all VM config files

Only at the end of step 3, does the 'virDomainObjPtr' get
marked as "persistent". There is therefore a window where
the thread reconnecting to the VM will remove the persistent
VM from the list.

The easy fix is to simply switch the order of steps 2 & 3.

In addition to this though, we must only attempt to reconnect
to a VM which had a non-zero PID loaded from its state file.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-30 11:16:18 +00:00
Daniel P. Berrange
54a2411220 Fix leak of objects when reconnecting to QEMU instances
The 'error' cleanup block in qemuProcessReconnect() had a
'return' statement in the middle of it. This caused a leak
of virConnectPtr & virQEMUDriverConfigPtr instances. This
was identified because netcf recently started checking its
refcount in libvirtd shutdown:

netcfStateCleanup:109 : internal error: Attempt to close netcf state driver with open connections

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-30 11:16:17 +00:00
Daniel P. Berrange
b260a77e34 Don't update dom->persistent without lock held
virDomainObjListLoadAllConfigs sets dom->persistent after
having released its lock on the domain object. This exposes
a possible race condition.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-30 11:16:17 +00:00
John Ferlan
aa42bb1700 Add '+' to uid/gid printing for label processing
To ensure proper processing by virGetUserID() and virGetGroupID()
of a uid/gid add a "+" prior to the uid/gid to denote it's really
a uid/gid for the label.
2013-10-29 17:10:15 -04:00
Eric Blake
8e7f57a7b8 storage: fix incorrect typedef
The rbd code had a confusing typedef ending in Ptr that was not
actually a pointer, which made the rest of the code harder to
read.  This fixes things to actually pass by pointer rather than
by copy.

* src/storage/storage_backend_rbd.c (virStorageBackendStatePtr):
Fix typedef.
(virStorageBackendRBDOpenRADOSConn)
(virStorageBackendRBDCloseRADOSConn)
(volStorageBackendRBDRefreshVolInfo)
(virStorageBackendRBDRefreshPool, virStorageBackendRBDDeleteVol)
(virStorageBackendRBDCreateVol, virStorageBackendRBDRefreshVol)
(virStorageBackendRBDResizeVol): Fix fallout.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-10-29 10:27:43 -06:00
Peter Krempa
8e362a8955 apparmor: Fix typo in function name in driver struct initialization
Commit 64a68a4a introduced a typo in the initialization of the apparmor
driver structure breaking the build with apparmor enabled.
2013-10-29 17:01:22 +01:00
Michael Chapman
0883f3ba04 qemu: fix well-formed migration URI formatting
When adding an automatically allocated port to a well-formed migration
URI, keep it well-formed:

  tcp://1.2.3.4/  ->  tcp://1.2.3.4/:12345   # wrong
  tcp://1.2.3.4/  ->  tcp://1.2.3.4:12345/   # fixed
  tcp://1.2.3.4   ->  tcp://1.2.3.4:12345    # still works
  tcp:1.2.3.4     ->  tcp:1.2.3.4:12345      # still works (old syntax)

Signed-off-by: Michael Chapman <mike@very.puzzling.org>
2013-10-29 08:49:42 -06:00
Gao feng
919374c73e LXC: don't free tty before using it in lxcContainerSetupDevices
Introduced by commit 0f31f7b.

Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2013-10-29 15:44:56 +01:00
Giuseppe Scrivano
b51038a4cd capabilities: add baselabel per sec driver/virt type to secmodel
Expand the "secmodel" XML fragment of "host" with a sequence of
baselabel's which describe the default security context used by
libvirt with a specific security model and virtualization type:

<secmodel>
  <model>selinux</model>
  <doi>0</doi>
  <baselabel type='kvm'>system_u:system_r:svirt_t:s0</baselabel>
  <baselabel type='qemu'>system_u:system_r:svirt_tcg_t:s0</baselabel>
</secmodel>
<secmodel>
  <model>dac</model>
  <doi>0</doi>
  <baselabel type='kvm'>107:107</baselabel>
  <baselabel type='qemu'>107:107</baselabel>
</secmodel>

"baselabel" is driver-specific information, e.g. in the DAC security
model, it indicates USER_ID:GROUP_ID.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2013-10-29 07:06:04 -06:00
Giuseppe Scrivano
64a68a4a09 security: add new internal function "virSecurityManagerGetBaseLabel"
virSecurityManagerGetBaseLabel queries the default settings used by
a security model.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2013-10-29 06:57:07 -06:00
Giuseppe Scrivano
4387132f31 security: use a single function to set DAC user and group
Merge the functions 'virSecurityDACSetUser' and
'virSecurityDACSetGroup' into 'virSecurityDACSetUserAndGroup'.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2013-10-29 06:55:09 -06:00
Chen Hanxiao
8e1336fea9 Skip debug message in lxcContainerSetID if no map is set.
The lxcContainerSetID() method prints a misleading log
message about setting the uid/gid when no ID map is
present in the XML config. Skip the debug message in
this case.

Signed-off-by: Chen Hanxiao <chenhanxiao@cn.fujitsu.com>
2013-10-28 11:19:20 +00:00
John Ferlan
ab479c9038 Avoid Coverity DEADCODE warning
Commit '922b7fda' resulted in two DEADCODE warnings from Coverity in
remoteDispatchAuthPolkit and virAccessDriverPolkitFormatProcess.
Commit '604ae657' modified the daemon.c code to remove the deadcode
issue, but did not do so for viracessdriverpolkit.c. This just mimics
the same changes
2013-10-24 06:40:18 -04:00
Martin Kletzander
394d6e0a95 libxl: Fix possible invalid read
According to the following valgrind output, there seems to be a
invalid limit for the iterator (captured on Fedora 19):

==3945== Invalid read of size 1
==3945==    at 0x1E1FA410: libxlVmStart (libxl_driver.c:475)
==3945==    by 0x1E1FAD9A: libxlDomainCreateWithFlags (libxl_driver.c:2633)
==3945==    by 0x5187D46: virDomainCreate (libvirt.c:9439)
==3945==    by 0x13BAA6: remoteDispatchDomainCreateHelper (remote_dispatch.h:2910)
==3945==    by 0x51DE5B9: virNetServerProgramDispatch (virnetserverprogram.c:435)
==3945==    by 0x51D93E7: virNetServerHandleJob (virnetserver.c:165)
==3945==    by 0x50F5BF4: virThreadPoolWorker (virthreadpool.c:144)
==3945==    by 0x50F5670: virThreadHelper (virthreadpthread.c:161)
==3945==    by 0x8046C52: start_thread (pthread_create.c:308)
==3945==    by 0x8758E1C: clone (clone.S:113)
==3945==  Address 0x23424d81 is 0 bytes after a block of size 1 alloc'd
==3945==    at 0x4A08121: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==3945==    by 0x50B1F8C: virAllocN (viralloc.c:189)
==3945==    by 0x1E1FA3CA: libxlVmStart (libxl_driver.c:468)
==3945==    by 0x1E1FAD9A: libxlDomainCreateWithFlags (libxl_driver.c:2633)
==3945==    by 0x5187D46: virDomainCreate (libvirt.c:9439)
==3945==    by 0x13BAA6: remoteDispatchDomainCreateHelper (remote_dispatch.h:2910)
==3945==    by 0x51DE5B9: virNetServerProgramDispatch (virnetserverprogram.c:435)
==3945==    by 0x51D93E7: virNetServerHandleJob (virnetserver.c:165)
==3945==    by 0x50F5BF4: virThreadPoolWorker (virthreadpool.c:144)
==3945==    by 0x50F5670: virThreadHelper (virthreadpthread.c:161)
==3945==    by 0x8046C52: start_thread (pthread_create.c:308)
==3945==    by 0x8758E1C: clone (clone.S:113)
==3945==

Related: https://bugzilla.redhat.com/show_bug.cgi?id=1013045
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2013-10-24 11:14:28 +01:00
Hongwei Bi
3a8cc9cf50 networkStartDhcpDaemon: Check for dnsmasqCapsRefresh failure
Currently, we ignore whether dnsmasqCapsRefresh succeeds or fails. We
shouldn't do that as we may generate wrong dnsmasq command line (what
is done just a few lines below).

Signed-off-by: Hongwei Bi <hwbi2008@gmail.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-10-22 17:14:13 +01:00
Doug Goldstein
e24aec629d rpc: Retrieve peer PID via new getsockopt() for Mac
While LOCAL_PEERCRED on the BSDs does not return the pid information of
the peer, Mac OS X 10.8 added LOCAL_PEERPID to retrieve the pid so we
should use that when its available to get that information.
2013-10-22 10:51:31 -05:00
Michal Privoznik
e3e9d3b1be Get rid of shadowed booleans
There are still two places where we are using 1bit width unsigned
integer to store a boolean. There's no real need for this and these
occurrences can be replaced with 'bool'.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-10-22 15:50:47 +01:00
Jim Fehlig
5a0ea4b7b9 build: fix linking virt-login-shell
After commit 3e2f27e1, I've noticed build failures of virt-login-shell
when libapparmor-devel is installed on the build host

CCLD     virt-login-shell
../src/.libs/libvirt-setuid-rpc-client.a(libvirt_setuid_rpc_client_la-vircommand.o):
In function `virExec':
/home/jfehlig/virt/upstream/libvirt/src/util/vircommand.c:653: undefined
reference to `aa_change_profile'
collect2: error: ld returned 1 exit status

I was about to commit an easy fix under the build-breaker rule
(build-fix-1.patch), but thought to extend the notion of SECDRIVER_LIBS
to SECDRIVER_CFLAGS, and use both throughout src/Makefile.am where it
makes sense (build-fix-2.patch).

Should I just stick with the simple fix, or is something along the lines
of patch 2 preferred?

Regards,
Jim

>From a0f35945f3127ab70d051101037e821b1759b4bb Mon Sep 17 00:00:00 2001
From: Jim Fehlig <jfehlig@suse.com>
Date: Mon, 21 Oct 2013 15:30:02 -0600
Subject: [PATCH] build: fix virt-login-shell build with apparmor

With libapparmor-devel installed, virt-login-shell fails to link

CCLD     virt-login-shell
../src/.libs/libvirt-setuid-rpc-client.a(libvirt_setuid_rpc_client_la-vircommand.o): In function `virExec':
/home/jfehlig/virt/upstream/libvirt/src/util/vircommand.c:653: undefined reference to `aa_change_profile'
collect2: error: ld returned 1 exit status

Fix by linking libvirt_setuid_rpc_client with previously determined
SECDRIVER_LIBS in src/Makefile.am.  While at it, introduce SECDRIVER_CFLAGS
and use both throughout src/Makefile.am where it makes sense.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
2013-10-22 15:50:47 +01:00
Ryota Ozaki
ae6b5da3d1 nodeinfo: fix physical memory size on Mac OS X
HW_PHYSMEM is available on Mac OS X as well as FreeBSD, however,
its resulting value for Mac OS X is 32 bits. Mac OS X provides
HW_MEMSIZE that is 64 bits version of HW_PHYSMEM. We have to use it.

I tested the patch on Mac OS X 10.6.8, 10.7.4, 10.8.5 and FreeBSD 9.2.

Signed-off-by: Ryota Ozaki <ozaki.ryota@gmail.com>
2013-10-21 23:45:28 -05:00
Laine Stump
69e047ae21 qemu: fix removal of <interface type='hostdev'>
This patch (and the two patches that precede it) resolve:

  https://bugzilla.redhat.com/show_bug.cgi?id=1005682

When libvirt was changed to delay the final cleanup of device removal
until the qemu process had signaled it with a DEVICE_DELETED event for
that device, the hostdev removal function
(qemuDomainRemoveHostDevice()) was written to properly handle the
removal of a hostdev that was actually an SRIOV virtual function
(defined with <interface type='hostdev'>). However, the function used
to search for a device matching the alias name provided in the
DEVICE_DELETED message (virDomainDefFindDevice()) would search through
the list of netdevs before hostdevs, so qemuDomainRemoveHostDevice()
was never called; instead the netdev function,
qemuDomainRemoveNetDevice() (which *doesn't* properly cleanup after
removal of <interface type='hostdev'>), was called.

(As a reminder - each <interface type='hostdev'> results in a
virDomainNetDef which contains a virDomainHostdevDef having a parent
type of VIR_DOMAIN_DEVICE_NET, and parent.data.net pointing back to
the virDomainNetDef; both Defs point to the same device info object
(and the info contains the device's "alias", which is used by qemu to
identify the device). The virDomainHostdevDef is added to the domain's
hostdevs list *and* the virDomainNetDef is added to the domain's nets
list, so searching either list for a particular alias will yield a
positive result.)

This function modifies the qemuDomainRemoveNetDevice() to short
circuit itself and call qemu DomainRemoveHostDevice() instead when the
actual device is a VIR_DOMAIN_NET_TYPE_HOSTDEV (similar logic to what
is done in the higher level qemuDomainDetachNetDevice())

Note that even if virDomainDefFindDevice() changes in the future so
that it finds the hostdev entry first, the current code will continue
to work properly.
2013-10-21 18:09:04 +03:00
Laine Stump
c5561644d8 qemu: move qemuDomainRemoveNetDevice to avoid forward reference
pure code movement to setup for next patch.
2013-10-21 18:07:49 +03:00
Laine Stump
7a600cf77f qemu: simplify calling qemuDomainHostdevNetConfigRestore
This function was called in three places, and in each the call was
qualified by a slightly different conditional. In reality, this
function should only be called for a hostdev if all of the following
are true:

  1) mode='subsystem'
  2) type='pci'
  3) there is a parent device definition which is an <interface>
     (VIR_DOMAIN_DEVICE_NET)

We can simplify the callers and make them more consistent by checking
these conditions at the top ov qemuDomainHostdevNetConfigRestore and
returning 0 if one of them isn't satisfied.

The location of the call to qemuDomainHostdevNetConfigRestore() has
also been changed in the hot-plug case - it is moved into the caller
of its previous location (i.e. from qemuDomainRemovePCIHostDevice() to
qemuDomainRemoveHostDevice()). This was done to be more consistent
about which functions pay attention to whether or not this is one of
the special <interface> hostdevs or just a normal hostdev -
qemuDomainRemoveHostDevice() already contained a call to
networkReleaseActualDevice() and virDomainNetDefFree(), so it makes
sense for it to also handle the resetting of the device's MAC address
and vlan tag (which is what's done by
qemuDomainHostdevNetConfigRestore()).
2013-10-21 18:06:30 +03:00
Daniel P. Berrange
9cd6a57db6 Block all use of libvirt.so in setuid programs
Avoid people introducing security flaws in their apps by
forbidding the use of libvirt.so in setuid programs, with
a check in virInitialize.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-21 14:03:52 +01:00
Daniel P. Berrange
9b0af09240 Remove (nearly) all use of getuid()/getgid()
Most of the usage of getuid()/getgid() is in cases where we are
considering what privileges we have. As such the code should be
using the effective IDs, not real IDs.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-21 14:03:52 +01:00
Daniel P. Berrange
c566fa1ad0 Add stub getegid impl for platforms lacking it
We already have stubs for getuid, geteuid, getgid but
not for getegid. Something in gnulib already does a
check for it during configure, so we already have the
HAVE_GETEGID macro defined.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-21 14:03:52 +01:00
Daniel P. Berrange
171bb12911 Don't allow remote driver daemon autostart when running setuid
We don't want setuid programs automatically spawning libvirtd,
so disable any use of autostart when setuid.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-21 14:03:52 +01:00
Daniel P. Berrange
e22b0232c7 Only allow the UNIX transport in remote driver when setuid
We don't know enough about quality of external libraries used
for non-UNIX transports, nor do we want to spawn external
commands when setuid. Restrict to the bare minimum which is
UNIX transport for local usage. Users shouldn't need to be
running setuid if connecting to remote hypervisors in any
case.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-21 14:03:52 +01:00
Daniel P. Berrange
71b21f12be Block all use of getenv with syntax-check
The use of getenv is typically insecure, and we want people
to use our wrappers, to force them to think about setuid
needs.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-21 14:03:52 +01:00
Daniel P. Berrange
1e4a02bdfe Remove all direct use of getenv
Unconditional use of getenv is not secure in setuid env.
While not all libvirt code runs in a setuid env (since
much of it only exists inside libvirtd) this is not always
clear to developers. So make all the code paranoid, even
if it only ever runs inside libvirtd.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-21 14:03:52 +01:00
Daniel P. Berrange
9b8f307c6a Make virCommand env handling robust in setuid env
When running setuid, we must be careful about what env vars
we allow commands to inherit from us. Replace the
virCommandAddEnvPass function with two new ones which do
filtering

  virCommandAddEnvPassAllowSUID
  virCommandAddEnvPassBlockSUID

And make virCommandAddEnvPassCommon use the appropriate
ones

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-21 14:03:52 +01:00
Daniel P. Berrange
3e2f27e13b Don't link virt-login-shell against libvirt.so (CVE-2013-4400)
The libvirt.so library has far too many library deps to allow
linking against it from setuid programs. Those libraries can
do stuff in __attribute__((constructor) functions which is
not setuid safe.

The virt-login-shell needs to link directly against individual
files that it uses, with all library deps turned off except
for libxml2 and libselinux.

Create a libvirt-setuid-rpc-client.la library which is linked
to by virt-login-shell. A config-post.h file allows this library
to disable all external deps except libselinux and libxml2.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-21 14:03:52 +01:00
Daniel P. Berrange
8c3586ea75 Only allow 'stderr' log output when running setuid (CVE-2013-4400)
We must not allow file/syslog/journald log outputs when running
setuid since they can be abused to do bad things. In particular
the 'file' output can be used to overwrite files.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-21 14:03:52 +01:00
Daniel P. Berrange
ae53e5d10e Add helpers for getting env vars in a setuid environment
Care must be taken accessing env variables when running
setuid. Introduce a virGetEnvAllowSUID for env vars which
are safe to use in a setuid environment, and another
virGetEnvBlockSUID for vars which are not safe. Also add
a virIsSUID helper method for any other non-env var code
to use.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-21 14:03:52 +01:00
Daniel P. Berrange
57687fd6bf Fix perms for virConnectDomainXML{To,From}Native (CVE-2013-4401)
The virConnectDomainXMLToNative API should require 'connect:write'
not 'connect:read', since it will trigger execution of the QEMU
binaries listed in the XML.

Also make virConnectDomainXMLFromNative API require a full
read-write connection and 'connect:write' permission. Although the
current impl doesn't trigger execution of QEMU, we should not
rely on that impl detail from an API permissioning POV.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-21 13:58:40 +01:00
Geoff Hickey
2de2458efa Fix a problem introduced by commit 99889012
The meaning of one line of code was accidentally inverted.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-10-18 12:44:05 -06:00
Michal Privoznik
d9be5a7157 qemu: Fix augeas support for migration ports
Commit e3ef20d7 allows user to configure migration ports range via
qemu.conf. However, it forgot to update augeas definition file and
even the test data was malicious.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-10-18 18:30:13 +02:00
Jiri Denemark
e3ef20d7f7 qemu: Make migration port range configurable
https://bugzilla.redhat.com/show_bug.cgi?id=1019053
2013-10-18 16:35:38 +02:00
Wang Yufei
0196845d3a qemu: Avoid assigning unavailable migration ports
https://bugzilla.redhat.com/show_bug.cgi?id=1019053

When we migrate vms concurrently, there's a chance that libvirtd on
destination assigns the same port for different migrations, which will
lead to migration failure during prepare phase on destination. So we use
virPortAllocator here to solve the problem.

Signed-off-by: Wang Yufei <james.wangyufei@huawei.com>
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2013-10-18 16:34:09 +02:00
Michal Privoznik
9b3c8bd4f8 viralloc.h: Fix typo in VIR_APPEND_ELEMENT_COPY_QUIT
In fact, the suffix should be _QUIET not _QUIT to stress the
fact, that no OOM error is reported on error.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-10-18 15:50:31 +02:00
Christophe Fergeau
68eb3709a1 netcf: Don't complain when cleanup is called before init
netcfStateInitialize() initializes the driverState variable,
and when netcfStateCleanup is called, it will call virReportError()
if driverState is NULL.
This is not consistent with what other state objects are doing,
they return -1 without reporting an error in such cases.

See also
https://www.redhat.com/archives/libvir-list/2013-October/msg00809.html:

On Thu, Oct 17, 2013 at 01:40:19PM +0100, Daniel P. Berrange wrote:
> We don't want virStateCleanup to skip execution if virStateInitialize
> has failed though - every callback in virStateCleanup should be written
> to be safe if its corresponding init function hasn't run.
2013-10-18 14:31:51 +02:00
Zhou Yimin
9712c2510e remote: fix regression in event deregistration
Introduced by 7b87a3
When I quit the process which only register VIR_DOMAIN_EVENT_ID_REBOOT,
I got error like:
"libvirt: XML-RPC error : internal error: domain event 0 not registered".
Then I add the following code, it fixed.

Signed-off-by: Zhou Yimin <zhouyimin@huawei.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2013-10-18 06:21:29 -06:00
John Ferlan
0cacffac64 Remove ATTRIBUTE_NONNULL(3) from qemuMonitorJSONDrivePivot
The header definition didn't match the function declaration, so adjusted
header to reflect the definition.

Found during a Coverity build where STATIC_ANALYSIS is enabled resulting
in the internal.h adding __nonnull__ handling to arguments.

Commit '6d264c91' added support for the qemuMonitorJSONDrivePivot() and
commit 'fbc3adc9' added a corresponding test which ended up triggering
the build failure which I didn't notice until today!
2013-10-17 19:36:42 -04:00
Geoff Hickey
7ab40c5d09 esx: Remove unnecessary NULL comparisons (3/3)
Code cleanup: remove explicit NULL comparisons like ptr == NULL and
ptr != NULL from the ESX code, replacing them with the simpler ptr
and !ptr.

Part three of three.
2013-10-17 11:27:08 -06:00
Geoff Hickey
42c20d4bef esx: Remove unnecessary NULL comparisons (2/3)
Code cleanup: remove explicit NULL comparisons like ptr == NULL and
ptr != NULL from the ESX code, replacing them with the simpler ptr
and !ptr.

Part two of three.
2013-10-17 11:27:08 -06:00
Geoff Hickey
9988901267 esx: Remove unnecessary NULL comparisons (1/3)
Code cleanup: remove explicit NULL comparisons like ptr == NULL and
ptr != NULL from the ESX code, replacing them with the simpler ptr
and !ptr.

Part one of three.
2013-10-17 11:27:08 -06:00
Daniel P. Berrange
291a6ef3e4 Add support for enabling SASL for SPICE guests
QEMU has support for SASL auth for SPICE guests, but libvirt
has no way to enable it. Following the example from VNC where
it is globally enabled via qemu.conf

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-17 16:02:43 +01:00
Michal Privoznik
ac5f3f292b qemuDomainCleanupRemove: s/memmove/VIR_DELETE_ELEMENT_INPLACE/
The last argument of memmove is the amount of bytes to be moved. The
amount is in Bytes. We are moving some void pointers around. However,
since sizeof(void *) is not Byte on any architecture, we've got the
arithmetic wrong.
2013-10-17 15:24:05 +02:00
Brian Candler
aa0f09929d better error checking for LOCAL_PEERCRED
This patch improves the error checking in the LOCAL_PEERCRED version
of virNetSocketGetUNIXIdentity, used by FreeBSD and Mac OSX.

1. The error return paths now correctly unlock the socket. This is
implemented in exactly the same way as the SO_PEERCRED version,
using "goto cleanup"

2. cr.cr_ngroups is initialised to -1, and cr.cr_ngroups is checked
for negative and overlarge values.

This means that if the getsockopt() call returns success but doesn't
actually update the xucred structure, this is now caught. This
happened previously when getsockopt was called with SOL_SOCKET
instead of SOL_LOCAL, prior to commit 5a468b3, and resulted in
random uids being accepted.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-10-17 06:24:49 -06:00
Christophe Fergeau
6340c7dda0 remote-driver: Fix 'leav' typo in comment 2013-10-16 17:27:19 +02:00
Osier Yang
0959785d3b rpc: Correct the wrong payload size checking
<...>
/* Size of message length field. Not counted in VIR_NET_MESSAGE_MAX
 * and VIR_NET_MESSAGE_INITIAL.
 */
const VIR_NET_MESSAGE_LEN_MAX = 4;
</...>

However, msg->bufferLength includes the length word. The wrong checking
was introduced by commit e914dcfd.

* src/rpc/virnetmessage.c:
  - Correct the checking in virNetMessageEncodePayloadRaw
  - Use a new variable to track the new payload length in
    virNetMessageEncodePayloadRaw
2013-10-16 20:36:46 +08:00
Daniel P. Berrange
8757d0abbc Add support for detecting PPC little endian arches
The recent patch series proposing the addition of PPC little endian
arch support to Linux defines new arch names 'ppcle' and 'ppc64le':

https://lists.ozlabs.org/pipermail/linuxppc-dev/2013-August/109908.html

This just makes libvirt know about these arch names, so it doesn't
immediately trip up if it seems these new names from uname.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-16 12:40:35 +01:00
Daniel P. Berrange
0894ce863f Fix typo breaking cgroups for NBD backed filesystems
A typo in the setup of NBD backed filesystems meant the
/dev/nbdN device would not be added to the cgroups device
ACL.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-16 12:22:40 +01:00
Daniel P. Berrange
8f132ef1b1 Add some logging to LXC disk/fs nbd/loop setup
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-16 12:22:40 +01:00
Daniel P. Berrange
1d8afffecd Add logging to LXC cgroup devices setup
To facilitate debugging, add some more logging to LXC cgroup
devices ACL setup.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-16 12:22:40 +01:00
Daniel P. Berrange
64d4eb6a50 Add log statement when NBD device is setup
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-16 12:22:40 +01:00
Pranavkumar Sawargaonkar
2f064f35d5 Implement minimal sysinfo for AArch64 platforms.
Implement the bare minimal sysinfo for AArch64 platforms by
reading the CPU models from /proc/cpuinfo.

Signed-off-by: Anup Patel <anup.patel@linaro.org>
Signed-off-by: Pranavkumar Sawargaonkar <pranavkumar@linaro.org>
2013-10-15 16:59:43 -04:00
Pranavkumar Sawargaonkar
950127620d AArch64: Parse cputopology from /proc/cpuinfo.
CPU "parser" for AArch64.
Showing cputopology in arm64 linux is work-in-progress so for now
all AArch64 cpus belong to same socket (like PPC).

Also we parse BogoMIPS same like arm 32bit.

Signed-off-by: Anup Patel <anup.patel@linaro.org>
Signed-off-by: Pranavkumar Sawargaonkar <pranavkumar@linaro.org>
2013-10-15 16:59:43 -04:00
Pranavkumar Sawargaonkar
5cb6816715 AArch64: CPU Support for AArch64 (ARMv8 64bit).
Adding CPU encoder/decoder for AArch64.

Signed-off-by: Anup Patel <anup.patel@linaro.org>
Signed-off-by: Pranavkumar Sawargaonkar <pranavkumar@linaro.org>

(crobinso: fix for recent libvirt Ptr refactoring)
2013-10-15 16:59:26 -04:00
Pranavkumar Sawargaonkar
670c08afd4 AArch64: Add AArch64 architecture to list of valid arches.
Adding AArch64(ARMv8 64bit) to the current list of valid architectures.

For now, AArch64 name would imply AArch64 LE mode only. In future,
we might have separate names for AArch64 LE and BE.

Signed-off-by: Anup Patel <anup.patel@linaro.org>
Signed-off-by: Pranavkumar Sawargaonkar <pranavkumar@linaro.org>
2013-10-15 16:55:11 -04:00
Dusty Mabe
4132dede06 Ignore thin pool LVM devices.
This should resolve:

  https://bugzilla.redhat.com/show_bug.cgi?id=924672

For BZ 924672 the problem stems from the fact that thin pool logical
volume devices show up in /sbin/lvs output just like normal logical
volumes do. Libvirt incorrectly assumes they are just normal logical
volumes and that they will have a corresponding /dev/vgname/lvname
device that has been created by udev and tries to use this device.

To illustrate here is an example of the /dev/vgname/ directory and
the lvs output for a normal lv, thin lv, and thin pool:

    LV     VG       Attr      LSize  Pool Origin Data%  Move Log Copy%  Convert
    lv     vgguests -wi-a----  1.00g
    pool   vgguests twi-a-tz- 11.00g               0.00
    thinlv vgguests Vwi-a-tz-  1.00g pool          0.00
total 0
lrwxrwxrwx. 1 root root 7 Oct  8 19:35 lv -> ../dm-7
lrwxrwxrwx. 1 root root 7 Oct  8 19:37 thinlv -> ../dm-6

This patch modifies virStorageBackendLogicalMakeVol() to ignore thin pool
devices.
2013-10-15 16:52:57 -04:00
Michal Privoznik
da716da3e4 domain_conf.c: Initialize arrVar and cntVar
Some ancient gcc fails to see the variables are initialized in a
separate function and a false positive is produced:

cc1: warnings being treated as errors
conf/domain_conf.c: In function 'virDomainChrGetDomainPtrs':
conf/domain_conf.c:10342: error: 'arrVar' may be used uninitialized in this function [-Wuninitialized]
conf/domain_conf.c:10343: error: 'cntVar' may be used uninitialized in this function [-Wuninitialized]
conf/domain_conf.c: In function 'virDomainChrInsert':
conf/domain_conf.c:10362: error: 'arrPtr' may be used uninitialized in this function [-Wuninitialized]
conf/domain_conf.c:10363: error: 'cntPtr' may be used uninitialized in this function [-Wuninitialized]
conf/domain_conf.c: In function 'virDomainChrRemove':
conf/domain_conf.c:10374: error: 'arrPtr' may be used uninitialized in this function [-Wuninitialized]
conf/domain_conf.c:10375: error: 'cntPtr' may be used uninitialized in this function [-Wuninitialized]

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-10-15 19:34:10 +02:00
Peter Krempa
f2eca83cb6 cpu: x86: Clean up error messages in x86VendorLoad()
Avoid a line exceeding 80 characters and change argument alignment in
two error messages.
2013-10-15 16:46:43 +02:00
Peter Krempa
6355e2630c cpu: x86: Use whitespace to clarify context and use consistent labels 2013-10-15 16:46:43 +02:00
Peter Krempa
25cbc13cd1 cpu: x86: Fix function header formatting and whitespace 2013-10-15 16:46:43 +02:00
Peter Krempa
57d27a84a3 cpu: x86: Fix return types of x86cpuidMatch and x86cpuidMatchMasked
These return boolean results.
2013-10-15 16:46:42 +02:00
Peter Krempa
1bda29d16d cpu: x86: Rename data_iterator and DATA_ITERATOR_INIT
Use virCPUx86DataIterator and virCPUx86DataIteratorInit.
2013-10-15 16:46:42 +02:00
Jiri Denemark
955be92773 cpu: x86: Rename x86DataAddCpuid as virCPUx86DataAddCPUID 2013-10-15 16:46:42 +02:00
Jiri Denemark
4a530268c0 cpu: x86: Rename x86MakeCPUData as virCPUx86MakeData 2013-10-15 16:46:42 +02:00
Jiri Denemark
a3e224e2d9 cpu: x86: Rename x86DataFree() as virCPUx86DataFree() 2013-10-15 16:46:42 +02:00
Jiri Denemark
0c63d12004 cpu: x86: Rename struct cpuX86Data as virCPUx86Data 2013-10-15 16:46:42 +02:00
Jiri Denemark
01fabe2eda cpu: x86: Rename struct cpuX86cpuid as virCPUx86CPUID 2013-10-15 16:46:42 +02:00
Jiri Denemark
376261d164 cpu: Add support for loading and storing CPU data
This patch adds cpuDataFormat and cpuDataParse APIs to be used in unit
tests for testing APIs that deal with virCPUData. In the x86 world, this
means we can now store/load arbitrary CPUID data in the test suite to
check correctness of CPU related APIs that could not be tested before.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
2013-10-15 16:46:41 +02:00
Peter Krempa
fe1bf917f9 qemu: command: Fix macro indentation 2013-10-15 16:46:41 +02:00
Peter Krempa
59ae97b4d5 conf: Mark user provided strings in error messages when parsing XML
Use apostrophes to denote user provided option names when parsing the
domain XML.
2013-10-15 16:43:41 +02:00
Hongwei Bi
dcd0f6d724 fix typo in lxc_driver.c and virsh-nodedev.c 2013-10-15 06:47:24 -06:00
Chen Hanxiao
521cec2aab cgroup: leave blkio cgroup value checking to kernel
The range of valid values for cgroup tunables has
changed in the past and may change again in future
kernels. Avoid hardcoding range checks in libvirt
code, delegating range checking to the kernel itself.

Signed-off-by: Chen Hanxiao <chenhanxiao@cn.fujitsu.com>
2013-10-15 12:22:07 +01:00
Chen Hanxiao
501476fccf cgroup: show error when EINVAL is returned
When EINVAL is returned while changing a cgroups value, tell
user that what values are invalid for the field.

Signed-off-by: Chen Hanxiao <chenhanxiao@cn.fujitsu.com>
2013-10-15 12:18:47 +01:00
Ryota Ozaki
e06d23fd65 vbox: handle 'saved' state of VMs
VirtualBox has 'saved' state for VMs saved by the hypervisor.
However, the state is treated as VIR_DOMAIN_NOSTATE by the vbox
driver, resulting that virsh shows 'no state' for saved VMs.

The fix treats the state as VIR_DOMAIN_SHUTOFF as same as
other domains such as qemu.

Signed-off-by: Ryota Ozaki <ozaki.ryota@gmail.com>
2013-10-15 12:03:29 +01:00
Ryota Ozaki
b98654fafd vbox: merge duplicate state conversions
The code for converting between virtualbox API states
and libvirt states was duplicated in two places. Pull
the code out into a shared helper method.

Signed-off-by: Ryota Ozaki <ozaki.ryota@gmail.com>
2013-10-15 12:02:57 +01:00
Geoff Hickey
842f6fd338 esx: Fix floppy.fileName handling in the vmx file parser
The vmx file parsing code was reporting errors when parsing floppy.fileName
entries if the filename didn't end in .flp. There is no such restriction in
ESX; even using the GUI to configure floppy filenames you can specify any
arbitrary file with any extension.

Fix by changing the vmx parsing code so that it uses the floppy.fileType
value to determine whether floppy.fileName refers to a block device or a
regular file.

Also remove code that would have generated an error if no floppy.fileName
was specified. This is not an error either.

Updated the floppy tests in vmx2xmltest.c and xml2vmxtest.c.
2013-10-15 11:39:02 +01:00
Ján Tomko
15fac93b95 Convert uuid to a string before printing it
Introduced by 1fa7946.

https://bugzilla.redhat.com/show_bug.cgi?id=1019023
2013-10-15 12:30:21 +02:00
Peter Krempa
342cd2dd1a xenapi: Fix build after const correctnes changes
In commit d24677090f the header of one of
the post parse callbacks was changed, but the function used as the
callback in the xenapi driver wasn't adapted. This resulted into:

  CC       xenapi/libvirt_driver_xenapi_la-xenapi_utils.lo
 xenapi/xenapi_driver.c:63:5: error: initialization from incompatible pointer type [-Werror]
 xenapi/xenapi_driver.c:63:5: error: (near initialization for 'xenapiDomainDefParserConfig.devicesPostParseCallback') [-Werror]
2013-10-15 10:36:41 +02:00
Eric Blake
33aec50684 maint: avoid 'const fooPtr' in all remaining places
'const fooPtr' is the same as 'foo * const' (the pointer won't
change, but it's contents can).  But in general, if an interface
is trying to be const-correct, it should be using 'const foo *'
(the pointer is to data that can't be changed).

Fix up all remaining offenders.

* src/lxc/lxc_process.c (virLXCProcessSetupInterfaceBridged): Drop
needless const.
* src/uml/uml_driver.c (umlMonitorCommand): Use intended type.
(umlMonitorAddress): Fix fallout.
* src/xen/xm_internal.c (xenXMDomainSearchForUUID): Use intended type.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-10-14 14:34:38 -06:00
Eric Blake
9a520a591d maint: avoid 'const fooPtr' in qemu
'const fooPtr' is the same as 'foo * const' (the pointer won't
change, but it's contents can).  But in general, if an interface
is trying to be const-correct, it should be using 'const foo *'
(the pointer is to data that can't be changed).

Fix up offenders in src/qemu.

* src/qemu/qemu_bridge_filter.h (networkAllowMacOnPort)
(networkDisallowMacOnPort): Use intended type.
* src/qemu/qemu_bridge_filter.c (networkAllowMacOnPort)
(networkDisallowMacOnPort): Likewise.
* src/qemu/qemu_command.c (qemuBuildTPMBackendStr)
(qemuBuildTPMDevStr, qemuBuildCpuArgStr)
(qemuBuildObsoleteAccelArg, qemuBuildMachineArgStr)
(qemuBuildSmpArgStr, qemuBuildNumaArgStr): Likewise.
* src/qemu/qemu_conf.c (qemuSharedDeviceEntryCopy): Likewise.
* src/qemu/qemu_driver.c (qemuDomainSaveImageStartVM): Likewise.
* src/qemu/qemu_hostdev.c
(qemuDomainHostdevNetConfigVirtPortProfile): Likewise.
* src/qemu/qemu_monitor_json.c
(qemuMonitorJSONAttachCharDevCommand): Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-10-14 14:34:38 -06:00
Eric Blake
84e8091796 maint: avoid 'const fooPtr' in security
'const fooPtr' is the same as 'foo * const' (the pointer won't
change, but it's contents can).  But in general, if an interface
is trying to be const-correct, it should be using 'const foo *'
(the pointer is to data that can't be changed).

Fix up offenders in src/security.

* src/security/security_apparmor.c (reload_profile)
(AppArmorSetSecurityHostdevLabelHelper)
(AppArmorReleaseSecurityLabel, AppArmorRestoreSecurityAllLabel)
(AppArmorSetSecurityProcessLabel)
(AppArmorSetSecurityChildProcessLabel)
(AppArmorSetSecurityImageLabel, AppArmorSecurityVerify)
(AppArmorSetSecurityHostdevLabel)
(AppArmorRestoreSecurityHostdevLabel, AppArmorSetFDLabel): Drop
needless const.
* src/security/security_selinux.c
(virSecuritySELinuxSetSecurityFileLabel): Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-10-14 14:34:38 -06:00
Eric Blake
539a9faeec maint: avoid 'const fooPtr' in conf
'const fooPtr' is the same as 'foo * const' (the pointer won't
change, but it's contents can).  But in general, if an interface
is trying to be const-correct, it should be using 'const foo *'
(the pointer is to data that can't be changed).

Fix up remaining offenders in src/conf, and their fallout.

* src/conf/snapshot_conf.h (virDomainSnapshotAssignDef)
(virDomainSnapshotFindByName): Drop attempt at const.
* src/conf/interface_conf.h (virInterfaceObjIsActive)
(virInterfaceDefFormat): Use intended type.
(virInterfaceFindByMACString, virInterfaceFindByName)
(virInterfaceAssignDef, virInterfaceRemove): Drop attempt at
const.
* src/conf/network_conf.h (virNetworkObjIsActive)
(virNetworkDefFormat, virNetworkDefForwardIf)
(virNetworkDefGetIpByIndex, virNetworkIpDefPrefix)
(virNetworkIpDefNetmask): Use intended type.
(virNetworkFindByUUID, virNetworkFindByName, virNetworkAssignDef)
(virNetworkObjAssignDef, virNetworkRemoveInactive)
(virNetworkBridgeInUse, virNetworkSetBridgeName)
(virNetworkAllocateBridge): Drop attempt at const.
* src/conf/netdev_vlan_conf.h (virNetDevVlanFormat): Make
const-correct.
* src/conf/node_device_conf.h (virNodeDeviceHasCap)
(virNodeDeviceDefFormat): Use intended type.
(virNodeDeviceFindByName, virNodeDeviceFindBySysfsPath)
(virNodeDeviceAssignDef, virNodeDeviceObjRemove)
(virNodeDeviceGetParentHost): Drop attempt at const.
* src/conf/secret_conf.h (virSecretDefFormat): Use intended type.
* src/conf/snapshot_conf.c (virDomainSnapshotAssignDef)
(virDomainSnapshotFindByName): Fix fallout.
* src/conf/interface_conf.c (virInterfaceBridgeDefFormat)
(virInterfaceBondDefFormat, virInterfaceVlanDefFormat)
(virInterfaceProtocolDefFormat, virInterfaceDefDevFormat)
(virInterfaceDefFormat, virInterfaceFindByMACString)
(virInterfaceFindByName, virInterfaceAssignDef)
(virInterfaceRemove): Likewise.
* src/conf/network_conf.c
(VIR_ENUM_IMPL, virNetworkFindByName, virNetworkObjAssignDef)
(virNetworkAssignDef, virNetworkRemoveInactive)
(virNetworkDefGetIpByIndex, virNetworkIpDefPrefix)
(virNetworkIpDefNetmask, virNetworkDHCPHostDefParseXML)
(virNetworkIpDefFormat, virNetworkRouteDefFormat)
(virPortGroupDefFormat, virNetworkForwardNatDefFormat)
(virNetworkDefFormatInternal, virNetworkBridgeInUse)
(virNetworkAllocateBridge, virNetworkSetBridgeName)
(virNetworkDNSDefFormat, virNetworkDefFormat): Likewise.
* src/conf/netdev_vlan_conf.c (virNetDevVlanFormat): Likewise.
* src/conf/node_device_conf.c (virNodeDeviceHasCap)
(virNodeDeviceFindBySysfsPath, virNodeDeviceFindByName)
(virNodeDeviceAssignDef, virNodeDeviceObjRemove)
(virNodeDeviceDefFormat, virNodeDeviceGetParentHost): Likewise.
* src/conf/secret_conf.c (virSecretDefFormatUsage)
(virSecretDefFormat): Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-10-14 14:34:38 -06:00
Eric Blake
d24677090f maint: avoid 'const fooPtr' in domain_conf
'const fooPtr' is the same as 'foo * const' (the pointer won't
change, but it's contents can).  But in general, if an interface
is trying to be const-correct, it should be using 'const foo *'
(the pointer is to data that can't be changed).

Fix up offenders in src/conf/domain_conf, and their fallout.

Several things to note: virObjectLock() requires a non-const
argument; if this were C++, we could treat the locking field
as 'mutable' and allow locking an otherwise 'const' object, but
that is a more invasive change, so I instead dropped attempts
to be const-correct on domain lookup.  virXMLPropString and
friends require a non-const xmlNodePtr - this is because libxml2
is not a const-correct library.  We could make the src/util/virxml
wrappers cast away const, but I figured it was easier to not
try to mark xmlNodePtr as const.  Finally, virDomainDeviceDefCopy
was a rather hard conversion - it calls virDomainDeviceDefPostParse,
which in turn in the xen driver was actually modifying the domain
outside of the current device being visited.  We should not be
adding a device on the first per-device callback, but waiting until
after all per-device callbacks are complete.

* src/conf/domain_conf.h (virDomainObjListFindByID)
(virDomainObjListFindByUUID, virDomainObjListFindByName)
(virDomainObjAssignDef, virDomainObjListAdd): Drop attempt at
const.
(virDomainDeviceDefCopy): Use intended type.
(virDomainDeviceDefParse, virDomainDeviceDefPostParseCallback)
(virDomainVideoDefaultType, virDomainVideoDefaultRAM)
(virDomainChrGetDomainPtrs): Make const-correct.
* src/conf/domain_conf.c (virDomainObjListFindByID)
(virDomainObjListFindByUUID, virDomainObjListFindByName)
(virDomainDeviceDefCopy, virDomainObjListAdd)
(virDomainObjAssignDef, virDomainHostdevSubsysUsbDefParseXML)
(virDomainHostdevSubsysPciOrigStatesDefParseXML)
(virDomainHostdevSubsysPciDefParseXML)
(virDomainHostdevSubsysScsiDefParseXML)
(virDomainControllerModelTypeFromString)
(virDomainTPMDefParseXML, virDomainTimerDefParseXML)
(virDomainSoundCodecDefParseXML, virDomainSoundDefParseXML)
(virDomainWatchdogDefParseXML, virDomainRNGDefParseXML)
(virDomainMemballoonDefParseXML, virDomainNVRAMDefParseXML)
(virSysinfoParseXML, virDomainVideoAccelDefParseXML)
(virDomainVideoDefParseXML, virDomainHostdevDefParseXML)
(virDomainRedirdevDefParseXML)
(virDomainRedirFilterUsbDevDefParseXML)
(virDomainRedirFilterDefParseXML, virDomainIdMapEntrySort)
(virDomainIdmapDefParseXML, virDomainVcpuPinDefParseXML)
(virDiskNameToBusDeviceIndex, virDomainDeviceDefCopy)
(virDomainVideoDefaultType, virDomainHostdevAssignAddress)
(virDomainDeviceDefPostParseInternal, virDomainDeviceDefPostParse)
(virDomainChrGetDomainPtrs, virDomainControllerSCSINextUnit)
(virDomainSCSIDriveAddressIsUsed)
(virDomainDriveAddressIsUsedByDisk)
(virDomainDriveAddressIsUsedByHostdev): Fix fallout.
* src/openvz/openvz_driver.c (openvzDomainDeviceDefPostParse):
Likewise.
* src/libxl/libxl_domain.c (libxlDomainDeviceDefPostParse):
Likewise.
* src/qemu/qemu_domain.c (qemuDomainDeviceDefPostParse)
(qemuDomainDefaultNetModel): Likewise.
* src/lxc/lxc_domain.c (virLXCDomainDeviceDefPostParse):
Likewise.
* src/uml/uml_driver.c (umlDomainDeviceDefPostParse): Likewise.
* src/xen/xen_driver.c (xenDomainDeviceDefPostParse): Split...
(xenDomainDefPostParse): ...since per-device callback is not the
time to be adding a device.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-10-14 14:34:38 -06:00
Eric Blake
f8fa2b3e3a maint: fix awkward typing of virDomainChrGetDomainPtrs
virDomainChrGetDomainPtrs() required 4 levels of pointers (taking
a parameter that will be used as an output variable to return the
address of another variable that contains an array of pointers).
This is rather complex to reason about, especially when outside
of the domain_conf file, no other caller should be modifying
the resulting array of pointers directly.  Changing the public
signature gives something is easier to reason with, and actually
make const-correct; which is important as it was the only function
that was blocking virDomainDeviceDefCopy from treating its source
as const.

* src/conf/domain_conf.h (virDomainChrGetDomainPtrs): Use simpler
types, and make const-correct for external users.
* src/conf/domain_conf.c (virDomainChrGetDomainPtrs): Split...
(virDomainChrGetDomainPtrsInternal): ...into an internal version
that lets us modify terms, vs. external form that is read-only.
(virDomainDeviceDefPostParseInternal, virDomainChrFind)
(virDomainChrInsert): Adjust callers.
* src/qemu/qemu_command.c (qemuGetNextChrDevIndex): Adjust caller.
(qemuDomainDeviceAliasIndex): Make const-correct.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-10-14 14:34:37 -06:00
Eric Blake
1b7ec657c5 maint: avoid 'const fooPtr' in nwfilter files
'const fooPtr' is the same as 'foo * const' (the pointer won't
change, but it's contents can).  But in general, if an interface
is trying to be const-correct, it should be using 'const foo *'
(the pointer is to data that can't be changed).

Fix up offenders in nwfilter code.

This patch does nothing about the stupidity evident in having
__virNWFilterInstantiateFilter, _virNWFilterInstantiateFilter,
and virNWFilterInstantiateFilter, which differ only by leading
underscores, and which infringes on the namespace reserved to
the implementation - that would need to be a separate cleanup.

* src/nwfilter/nwfilter_dhcpsnoop.h (virNWFilterDHCPSnoopReq): Use
intended type.
* src/nwfilter/nwfilter_gentech_driver.h
(virNWFilterInstantiateFilter)
(virNWFilterUpdateInstantiateFilter)
(virNWFilterInstantiataeFilterLate, virNWFilterTeardownFilter)
(virNWFilterCreateVarHashmap): Likewise.
* src/nwfilter/nwfilter_learnipaddr.h (virNWFilterLearnIPAddress):
Likewise.
* src/conf/nwfilter_conf.h (virNWFilterApplyBasicRules)
(virNWFilterApplyDHCPOnlyRules): Likewise.
(virNWFilterDefFormat): Make const-correct.
* src/conf/nwfilter_params.h (virNWFilterVarValueCopy)
(virNWFilterVarValueGetSimple, virNWFilterVarValueGetCardinality)
(virNWFilterVarValueEqual, virNWFilterVarAccessEqual)
(virNWFilterVarAccessGetVarName, virNWFilterVarAccessGetType)
(virNWFilterVarAccessGetIterId, virNWFilterVarAccessGetIndex)
(virNWFilterVarAccessIsAvailable)
(virNWFilterVarCombIterGetVarValue): Use intended type.
(virNWFilterVarValueGetNthValue): Make const-correct.
* src/nwfilter/nwfilter_dhcpsnoop.c (virNWFilterSnoopReqLeaseDel)
(virNWFilterSnoopIFKeyFMT, virNWFilterDHCPSnoopReq)
(virNWFilterSnoopPruneIter, virNWFilterSnoopRemAllReqIter)
(virNWFilterDHCPSnoopReq): Fix fallout.
* src/nwfilter/nwfilter_gentech_driver.c
(virNWFilterVarHashmapAddStdValues, virNWFilterCreateVarHashmap)
(virNWFilterInstantiate, __virNWFilterInstantiateFilter)
(_virNWFilterInstantiateFilter, virNWFilterInstantiateFilterLate)
(virNWFilterInstantiateFilter)
(virNWFilterUpdateInstantiateFilter)
(virNWFilterRollbackUpdateFilter, virNWFilterTeardownFilter):
Likewise.
* src/nwfilter/nwfilter_learnipaddr.c (virNWFilterLearnIPAddress):
Likewise.
* src/conf/nwfilter_params.c (virNWFilterVarValueCopy)
(virNWFilterVarValueGetSimple)
(virNWFilterVarValueGetCardinality, virNWFilterVarValueEqual)
(virNWFilterVarCombIterAddVariable)
(virNWFilterVarCombIterGetVarValue, virNWFilterVarValueCompare)
(virNWFilterFormatParamAttributes, virNWFilterVarAccessEqual)
(virNWFilterVarAccessGetVarName, virNWFilterVarAccessGetType)
(virNWFilterVarAccessGetIterId, virNWFilterVarAccessGetIndex)
(virNWFilterVarAccessGetIntIterId)
(virNWFilterVarAccessIsAvailable)
(virNWFilterVarValueGetNthValue): Likewise.
* src/nwfilter/nwfilter_ebiptables_driver.c (ebtablesApplyBasicRules)
(ebtablesApplyDHCPOnlyRules, ebiptablesRuleOrderSort)
(ebiptablesRuleOrderSortPtr): Likewise.
* src/conf/nwfilter_conf.c (virNWFilterDefEqual)
(virNWFilterDefFormat): Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-10-14 13:13:18 -06:00
Eric Blake
d694ae0c55 maint: avoid 'const fooPtr' in cpu files
'const fooPtr' is the same as 'foo * const' (the pointer won't
change, but it's contents can).  But in general, if an interface
is trying to be const-correct, it should be using 'const foo *'
(the pointer is to data that can't be changed).

Fix up offenders in src/cpu.

* src/cpu/cpu.h (cpuArchDecode, cpuArchEncode, cpuArchUpdate)
(cpuArchHasFeature, cpuDecode, cpuEncode, cpuUpdate)
(cpuHasFeature): Use intended type.
* src/conf/cpu_conf.h (virCPUDefCopyModel, virCPUDefCopy):
Likewise.
(virCPUDefParseXML): Drop const.
* src/cpu/cpu.c (cpuDecode, cpuEncode, cpuUpdate, cpuHasFeature):
Fix fallout.
* src/cpu/cpu_x86.c (x86ModelFromCPU, x86ModelSubtractCPU)
(x86DecodeCPUData, x86EncodePolicy, x86Encode, x86UpdateCustom)
(x86UpdateHostModel, x86Update, x86HasFeature): Likewise.
* src/cpu/cpu_s390.c (s390Decode): Likewise.
* src/cpu/cpu_arm.c (ArmDecode): Likewise.
* src/cpu/cpu_powerpc.c (ppcModelFromCPU, ppcCompute, ppcDecode)
(ppcUpdate): Likewise.
* src/conf/cpu_conf.c (virCPUDefCopyModel, virCPUDefCopy)
(virCPUDefParseXML): Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-10-14 13:11:20 -06:00
Eric Blake
955af4d4c1 maint: avoid 'const fooPtr' in virnet files
'const fooPtr' is the same as 'foo * const' (the pointer won't
change, but it's contents can).  But in general, if an interface
is trying to be const-correct, it should be using 'const foo *'
(the pointer is to data that can't be changed).

Fix up remaining offenders in src/util.

* src/util/virnetdev.h (virNetDevSetMAC)
(virNetDevReplaceMacAddress, virNetDevValidateConfig)
(virNetDevReplaceNetConfig): Use intended type.
* src/util/virnetdevbandwidth.h (virNetDevBandwidthCopy)
(virNetDevBandwidthPlug): Likewise.
* src/util/virnetdevmacvlan.h (virNetDevMacVLanCreate)
(virNetDevMacVLanCreateWithVPortProfile)
(virNetDevMacVLanDeleteWithVPortProfile)
(virNetDevMacVLanRestartWithVPortProfile)
(virNetDevMacVLanVPortProfileRegisterCallback): Likewise.
* src/util/virnetdevopenvswitch.h (virNetDevOpenvswitchAddPort):
Likewise.
* src/util/virnetdevtap.h (virNetDevTapCreateInBridgePort):
Likewise.
* src/util/virnetdevvlan.h (virNetDevVlanEqual)
(virNetDevVlanCopy): Likewise.
* src/util/virnetdevvportprofile.h
(virNetDevVPortProfileAssociate)
(virNetDevVPortProfileDisassociate): Likewise.
* src/util/virnetlink.h (virNetlinkEventRemoveCallback)
(virNetlinkEventAddClient, virNetlinkEventRemoveClient):
Likewise.
* src/util/virnetdev.c (virNetDevSetMAC)
(virNetDevReplaceMacAddress, virNetDevValidateConfig)
(virNetDevReplaceNetConfig): Fix fallout.
* src/util/virnetdevbandwidth.c (virNetDevBandwidthCopy)
(virNetDevBandwidthPlug): Likewise.
* src/util/virnetdevmacvlan.c (virNetDevMacVLanCreate)
(virNetDevMacVLanCreateWithVPortProfile)
(virNetDevMacVLanDeleteWithVPortProfile)
(virNetDevMacVLanRestartWithVPortProfile)
(virNetDevMacVLanVPortProfileRegisterCallback): Likewise.
* src/util/virnetdevopenvswitch.c (virNetDevOpenvswitchAddPort):
Likewise.
* src/util/virnetdevtap.c (virNetDevTapCreateInBridgePort):
Likewise.
* src/util/virnetdevvlan.c (virNetDevVlanEqual)
(virNetDevVlanCopy): Likewise.
* src/util/virnetdevvportprofile.c
(virNetDevVPortProfileAssociate)
(virNetDevVPortProfileDisassociate)
(virNetDevVPortProfileOpSetLink, virNetDevVPortProfileOpCommon)
(virNetDevVPortProfileOp8021Qbg, virNetDevVPortProfileOp8021Qbh):
Likewise.
* src/util/virnetlink.c (virNetlinkEventRemoveCallback)
(virNetlinkEventAddClient, virNetlinkEventRemoveClient):
Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-10-14 13:05:34 -06:00
Eric Blake
1b0bc4169f maint: avoid 'const fooPtr' in several util files
'const fooPtr' is the same as 'foo * const' (the pointer won't
change, but it's contents can).  But in general, if an interface
is trying to be const-correct, it should be using 'const foo *'
(the pointer is to data that can't be changed).

Fix up offenders in src/util outside of the virnet namespace.

Also, make a few virSocketAddr functions const-correct, for easier
conversions in future patches.

* src/util/virbuffer.h (virBufferError, virBufferUse)
(virBufferGetIndent): Use intended type.
* src/util/virmacaddr.h (virMacAddrCmp, virMacAddrCmpRaw)
(virMacAddrSet, virMcAddrFormat, virMacAddrIsUnicast)
(virMacAddrIsMulticast): Likewise.
* src/util/virebtables.h (ebtablesAddForwardAllowIn)
(ebtablesRemoveForwardAllowIn): Likewise.
* src/util/virsocketaddr.h (virSocketAddrSetIPv4Addr): Drop
incorrect const.
(virMacAddrGetRaw, virSocketAddrFormat, virSocketAddrFormatFull):
Make const-correct.
(virSocketAddrMask, virSocketAddrMaskByPrefix)
(virSocketAddrBroadcast, virSocketAddrBroadcastByPrefix)
(virSocketAddrGetNumNetmaskBits, virSocketAddrGetIpPrefix)
(virSocketAddrEqual, virSocketAddrIsPrivate)
(virSocketAddrIsWildcard): Use intended type.
* src/util/virbuffer.c (virBufferError, virBufferUse)
(virBufferGetIndent): Fix fallout.
* src/util/virmacaddr.c (virMacAddrCmp, virMacAddrCmpRaw)
(virMacAddrSet, virMcAddrFormat, virMacAddrIsUnicast)
(virMacAddrIsMulticast): Likewise.
* src/util/virebtables.c (ebtablesAddForwardAllowIn)
(ebtablesRemoveForwardAllowIn): Likewise.
* src/util/virsocketaddr.c (virSocketAddrMask, virMacAddrGetRaw)
(virSocketAddrMaskByPrefix, virSocketAddrBroadcast)
(virSocketAddrBroadcastByPrefix, virSocketAddrGetNumNetmaskBits)
(virSocketAddrGetIpPrefix, virSocketAddrEqual)
(virSocketAddrIsPrivate, virSocketAddrIsWildcard)
(virSocketAddrGetIPv4Addr, virSocketAddrGetIPv6Addr)
(virSocketAddrFormat, virSocketAddrFormatFull): Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-10-14 13:02:18 -06:00
Eric Blake
b43efdaa13 maint: avoid 'const fooPtr' in hashes
'const fooPtr' is the same as 'foo * const' (the pointer won't
change, but it's contents can).  But in general, if an interface
is trying to be const-correct, it should be using 'const foo *'
(the pointer is to data that can't be changed).

Fix up virhash to provide a const-correct interface: all actions
that don't modify the table take a const table.  Note that in
one case (virHashSearch), we actually strip const away - we aren't
modifying the contents of the table, so much as associated data
for ensuring that the code uses the table correctly (if this were
C++, it would be a case for the 'mutable' keyword).

* src/util/virhash.h (virHashKeyComparator, virHashEqual): Use
intended type.
(virHashSize, virHashTableSize, virHashLookup, virHashSearch):
Make const-correct.
* src/util/virhash.c (virHashEqualData, virHashEqual)
(virHashLookup, virHashSize, virHashTableSize, virHashSearch)
(virHashComputeKey): Fix fallout.
* src/conf/nwfilter_params.c
(virNWFilterFormatParameterNameSorter): Likewise.
* src/nwfilter/nwfilter_ebiptables_driver.c
(ebiptablesFilterOrderSort): Likewise.
* tests/virhashtest.c (testHashGetItemsCompKey)
(testHashGetItemsCompValue): Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-10-14 11:40:24 -06:00
Daniel P. Berrange
5a1cb1075a Improve log filtering in virLXCProcessReadLogOutputData
Make the virLXCProcessReadLogOutputData method ignore the log
lines about the container startup argv, ignore the generic
error message from libvirt_lxc when lxcContainerMain fails
and skip over blank lines.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-14 15:38:20 +01:00
Daniel P. Berrange
01100c7f60 Ensure lxcContainerResolveSymlinks reports errors
The lxcContainerResolveSymlinks method merely logged some errors
as debug messages, rather than reporting them as proper errors.
This meant startup failures were not diagnosed at all.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-14 15:38:20 +01:00
Daniel P. Berrange
558546fb8f Ensure lxcContainerMain reports errors on stderr
Ensure the lxcContainerMain method reports any errors that
occur during setup to stderr, where libvirtd will pick them
up.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-14 15:38:20 +01:00
Doug Goldstein
541a761bc9 VMX: Serial devices don't have to be attached
Serial devices don't necessarily have to be attached to an output to be
shown to the guest.
2013-10-14 09:18:52 -05:00
Doug Goldstein
604065a339 Revert "VMX: Some serial ports are not actually connected"
This reverts commit dba04e7fa0.
This change was unfortunately not correct. We should have been
changing the boolean argument supplied.
2013-10-14 09:18:52 -05:00
Peter Krempa
7df5093f67 qemu: snapshot: Add support for compressing external snapshot memory
The regular save image code has the support to compress images using a
specified algorithm. This was not implemented for external checkpoints
although it shares most of the backend code.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1017227
2013-10-14 15:54:19 +02:00
Peter Krempa
550cae847b qemu: managedsave: Add support for compressing managed save images
The regular save image code has the support to compress images using a
specified algorithm. This was not implemented for managed save although
it shares most of the backend code.
2013-10-14 15:36:57 +02:00
Daniel P. Berrange
97973ebb7a Initialize threading & error layer in LXC controller
In Fedora 20, libvirt_lxc crashes immediately at startup with a
trace

 #0  0x00007f0cddb653ec in free () from /lib64/libc.so.6
 #1  0x00007f0ce0e16f4a in virFree (ptrptr=ptrptr@entry=0x7f0ce1830058) at util/viralloc.c:580
 #2  0x00007f0ce0e2764b in virResetError (err=0x7f0ce1830030) at util/virerror.c:354
 #3  0x00007f0ce0e27a5a in virResetLastError () at util/virerror.c:387
 #4  0x00007f0ce0e28858 in virEventRegisterDefaultImpl () at util/virevent.c:233
 #5  0x00007f0ce0db47c6 in main (argc=11, argv=0x7fff4596c328) at lxc/lxc_controller.c:2352

Normally virInitialize calls virErrorInitialize and
virThreadInitialize, but we don't link to libvirt.so
in libvirt_lxc, and nor did we ever call the error
or thread initializers.

I have absolutely no idea how this has ever worked, let alone
what caused it to stop working in Fedora 20.

In addition not all code paths from virLogSetFromEnv will
ensure virLogInitialize is called correctly, which is another
possible crash scenario.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-14 12:16:23 +01:00
Daniel P. Berrange
6bd8860001 Don't ignore all dbus connection errors
Previous commit

  commit 7ada155cdf
  Author: Gao feng <gaofeng@cn.fujitsu.com>
  Date:   Wed Sep 11 11:15:02 2013 +0800

    DBus: introduce virDBusIsServiceEnabled

Made the cgroups code fallback to non-systemd based setup
when dbus is not running. It was too big a hammer though,
as it did not check what error code was received when the
dbus connection failed. Thus it silently ignored serious
errors from dbus such as "too many client connections",
which should always be treated as fatal.

We only want to ignore errors if the dbus unix socket does
not exist, or if nothing is listening on it.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-14 10:33:10 +01:00
Daniel P. Berrange
1815e2d081 Improve error reporting with LXC controller
The LXC code would read the log file if an LXC guest failed to
startup. There were a number of failure cases where the guest
will not start and libvirtd never gets as far as looking at the
log file.

Fix this by replacing some earlier generic errors with messages
from the log.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-14 10:33:07 +01:00
Daniel P. Berrange
13c011c337 Fix exit status of lxc controller
The LXC controller main() method initialized 'rc' to 1
rather than '-1'. In the cleanup path it will print any
error to stderr, if-and-only-if rc < 0. Hence the incorrect
initialization caused errors to be lost.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-14 10:31:01 +01:00
Daniel P. Berrange
5787f0b95e Fix flaw in detecting log format
The log message regex has been

[0-9]{4}-[0-9]{2}-[0-9]{2} [0-9]{2}:[0-9]{2}:[0-9]{2}\.[0-9]{3}\+[0-9]{4}: [0-9]+: debug|info|warning|error :

The precedence of '|' is high though, so this is equivalent to matching

   [0-9]{4}-[0-9]{2}-[0-9]{2} [0-9]{2}:[0-9]{2}:[0-9]{2}\.[0-9]{3}\+[0-9]{4}: [0-9]+: debug

Or

   info

Or

   warning

Or

   error :

Which is clearly not what it should have done. This caused the code to
skip over things which are not log messages. The solution is to simply
add brackets.

A test case is also added to validate correctness.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-14 10:31:01 +01:00
Daniel P. Berrange
ae9a0485ae Make LXC controller use a private dbus connection & close it
The LXC controller uses dbus to talk to systemd to create
cgroups. This means that each LXC controller instance has
a dbus connection. The DBus daemon is limited to 256
connections by default and we want to be able to run many
1000 of containers.

While the dbus limit could be raised in the config files,
it is simpler to make libvirt LXC controller close its
dbus connection once everything is configured.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-14 10:31:01 +01:00
Daniel P. Berrange
489beb0aba Add a method for closing the dbus system bus connection
If the dbus system bus connection is marked as private, then
allow it to be closed.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-14 10:31:01 +01:00
Daniel P. Berrange
0cb774f051 Allow use of a private dbus bus connection
The dbus_bus_get() function returns a shared bus connection that
all libraries in a process can use. You are forbidden from calling
close on this connection though, since you can never know if any
other code might be using it.

Add an option to use private dbus bus connections, if the app
wants to be able to close the connection.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-14 10:31:01 +01:00
Chen Hanxiao
2c9ccd1e0c lxc: Fix an improper comment in lxc_process.c
Fix the improper comment for the "release" hook.

Signed-off-by: Chen Hanxiao <chenhanxiao@cn.fujitsu.com>
2013-10-14 16:15:14 +08:00
Hongwei Bi
3a49c34ace nwfilter: fix a typo in nwfilter_gentech_driver.c
s/occcurred/occurred
2013-10-11 08:29:05 -06:00
Doug Goldstein
2f776d4979 rpc: Fix getsockopt on Snow Leopard and lower
Since 5a468b38b6 we use SOL_LOCAL for the 2nd argument of getsockopt()
however Lion added the define SOL_LOCAL set to 0, which is the value to
the 2nd argument of getsockopt() for Unix sockets on Mac OS X. So
instead of using the define just pass 0 so we restore compatibility
with Snow Leopard and Leopard.

Reported at https://github.com/mxcl/homebrew/pull/23141
2013-10-11 09:22:57 -05:00
Doug Goldstein
fa23f9fcbb VMware: Do version detection earlier
Do VMware version detection earlier as future patches will need the
version information to populate capabilities correctly.
2013-10-11 09:10:23 -05:00
Doug Goldstein
9e7cfcb7db VMware: Simplify array walk for driver type
Rather than walking the possible driver backends by handle, use a helper
function. Additionally I've done a bit of refactoring in the code over
the past few commits so add myself to the copyright line.
2013-10-11 09:10:23 -05:00
Michal Privoznik
be65186044 qemu: Include listenAddress in debug prints
After my patches, some functions gained one more argument
(@listenAddress) which wasn't included in debug printing of
arguments they were called with. Functions in question are:
qemuMigrationPrepareDirect and qemuMigrationPerform.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-10-11 15:19:23 +02:00
Michal Privoznik
c7ac2519b7 qemu_migration: Avoid crashing if domain dies too quickly
I've noticed a SIGSEGV-ing libvirtd on the destination when the qemu
died too quickly = in Prepare phase. What is happening here is:

1) [Thread 3493] We are in qemuMigrationPrepareAny() and calling
qemuProcessStart() which subsequently calls qemuProcessWaitForMonitor()
and qemuConnectMonitor(). So far so good. The qemuMonitorOpen()
succeeds, however switching monitor to QMP mode fails as qemu died
meanwhile. That is qemuMonitorSetCapabilities() returns -1.

2013-10-08 15:54:10.629+0000: 3493: debug : qemuMonitorSetCapabilities:1356 : mon=0x14a53da0
2013-10-08 15:54:10.630+0000: 3493: debug : qemuMonitorJSONCommandWithFd:262 : Send command '{"execute":"qmp_capabilities","id":"libvirt-1"}' for write with FD -1
2013-10-08 15:54:10.630+0000: 3493: debug : virEventPollUpdateHandle:147 : EVENT_POLL_UPDATE_HANDLE: watch=17 events=13
...
2013-10-08 15:54:10.631+0000: 3493: debug : qemuMonitorSend:956 : QEMU_MONITOR_SEND_MSG: mon=0x14a53da0 msg={"execute":"qmp_capabilities","id":"libvirt-1"}
 fd=-1
2013-10-08 15:54:10.631+0000: 3262: debug : virEventPollRunOnce:641 : Poll got 1 event(s)

2) [Thread 3262] The event loop is trying to do the talking to monitor.
However, qemu is dead already, remember?

2013-10-08 15:54:13.436+0000: 3262: error : qemuMonitorIORead:551 : Unable to read from monitor: Connection reset by peer
2013-10-08 15:54:13.516+0000: 3262: debug : virFileClose:90 : Closed fd 25
...
2013-10-08 15:54:13.533+0000: 3493: debug : qemuMonitorSend:968 : Send command resulted in error internal error: early end of file from monitor: possible problem:

3) [Thread 3493] qemuProcessStart() failed. No big deal. Go to the
'endjob' label and subsequently to the 'cleanup'. Since the domain is
not persistent and ret is -1, the qemuDomainRemoveInactive() is called.
This has an (unpleasant) effect of virObjectUnref()-in the @vm object.
Unpleasant because the event loop which is about to trigger EOF callback
still holds a pointer to the @vm (not the reference). See the valgrind
output below.

4) [Thread 3262] So the event loop starts triggering EOF:

2013-10-08 15:54:13.542+0000: 3262: debug : qemuMonitorIO:729 : Triggering EOF callback
2013-10-08 15:54:13.543+0000: 3262: debug : qemuProcessHandleMonitorEOF:294 : Received EOF on 0x14549110 'migt10'

And the monitor is cleaned up. This results in calling
qemuProcessHandleMonitorEOF with the @vm pointer passed. The pointer is
kept in qemuMonitor struct.

==3262== Thread 1:
==3262== Invalid read of size 4
==3262==    at 0x77ECCAA: pthread_mutex_lock (in /lib64/libpthread-2.15.so)
==3262==    by 0x52FAA06: virMutexLock (virthreadpthread.c:85)
==3262==    by 0x52E3891: virObjectLock (virobject.c:320)
==3262==    by 0x11626743: qemuProcessHandleMonitorEOF (qemu_process.c:296)
==3262==    by 0x11642593: qemuMonitorIO (qemu_monitor.c:730)
==3262==    by 0x52BD526: virEventPollDispatchHandles (vireventpoll.c:501)
==3262==    by 0x52BDD49: virEventPollRunOnce (vireventpoll.c:648)
==3262==    by 0x52BBC68: virEventRunDefaultImpl (virevent.c:274)
==3262==    by 0x542D3D9: virNetServerRun (virnetserver.c:1112)
==3262==    by 0x11F368: main (libvirtd.c:1513)
==3262==  Address 0x14549128 is 24 bytes inside a block of size 136 free'd
==3262==    at 0x4C2AF5C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==3262==    by 0x529B1FF: virFree (viralloc.c:580)
==3262==    by 0x52E3703: virObjectUnref (virobject.c:270)
==3262==    by 0x531557E: virDomainObjListRemove (domain_conf.c:2355)
==3262==    by 0x1160E899: qemuDomainRemoveInactive (qemu_domain.c:2061)
==3262==    by 0x1163A0C6: qemuMigrationPrepareAny (qemu_migration.c:2450)
==3262==    by 0x1163A923: qemuMigrationPrepareDirect (qemu_migration.c:2626)
==3262==    by 0x11682D71: qemuDomainMigratePrepare3Params (qemu_driver.c:10309)
==3262==    by 0x53B0976: virDomainMigratePrepare3Params (libvirt.c:7266)
==3262==    by 0x1502D3: remoteDispatchDomainMigratePrepare3Params (remote.c:4797)
==3262==    by 0x12DECA: remoteDispatchDomainMigratePrepare3ParamsHelper (remote_dispatch.h:5741)
==3262==    by 0x54322EB: virNetServerProgramDispatchCall (virnetserverprogram.c:435)

The mon->vm is set in qemuMonitorOpenInternal() which is the correct
place to increase @vm ref counter. The correct place to decrease the ref
counter is then qemuMonitorDispose().

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-10-11 14:55:51 +02:00
Bing Bu Cao
19e7c04dce util: fix two virCompareLimitUlong bugs
The helper function virCompareLimitUlong compares limit values,
where value of 0 is equal to unlimited. If the latter parameter is 0,
it should return -1 instead of 1, hence the user can only set hard_limit when
swap_hard_limit currently is unlimited.

Worse, all callers pass 2 64-bit values, but on 32-bit platforms,
the second argument was silently truncated to 32 bits, which
could lead to incorrect computations.

Signed-off-by: Bing Bu Cao <mars@linux.vnet.ibm.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2013-10-11 06:34:18 -06:00
Daniel P. Berrange
1fb4d8923f Move virNetDevVPort enum impl into virnetdevvportprofile.c
The enum for virNetDevVPort is declared in the header file
virnetdevvportprofile.h, but for some reason the impl is
in netdev_vport_profile_conf.c.

This causes a dep from src/util onto src/conf which is not
allowed. Move the enum impl into virnetdevvportprofile.c
to break the circle.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-11 11:45:54 +01:00
Michal Privoznik
1606d89c86 qemu_conf: Introduce "migration_address"
This configuration knob is there to override default listen address for
-incoming for all qemu domains.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-10-11 11:11:33 +02:00
Michal Privoznik
c4ac7ef663 qemu: Implement support for VIR_MIGRATE_PARAM_LISTEN_ADDRESS
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-10-11 11:08:55 +02:00
Michal Privoznik
1f9546e365 virsocket: Introduce virSocketAddrIsWildcard
This function takes exactly one argument: an address to check.
It returns true, if the address is an IPv4 or IPv6 address in numeric
format, false otherwise (e.g. for "examplehost").

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-10-11 11:05:06 +02:00
Michal Privoznik
7d704812b9 qemu: Introduce qemuDomainDefCheckABIStability
https://bugzilla.redhat.com/show_bug.cgi?id=994364

Whenever we check for ABI stability, we have new xml (e.g. provided by
user, or obtained from snapshot, whatever) which we compare to old xml
and see if ABI won't break. However, if the new xml was produced via
virDomainGetXMLDesc(..., VIR_DOMAIN_XML_MIGRATABLE) it lacks some
devices, e.g. 'pci-root' controller. Hence, the ABI stability check
fails even though it is stable. Moreover, we can't simply fix
virDomainDefCheckABIStability because removing the correct devices is
task for the driver. For instance, qemu driver wants to remove the usb
controller too, while LXC driver doesn't. That's why we need special
qemu wrapper over virDomainDefCheckABIStability which removes the
correct devices from domain XML, produces MIGRATABLE xml and calls the
check ABI stability function.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-10-11 10:31:35 +02:00
John Ferlan
77fb4c4f9e storage_backend: Fix issue with allocation of 0 length volume
Commit id '532fef36' added a call to fallocate() and some error
handling based on whether or not the function existed. This new
call resulted in libvirt-cim/cimtest failures when attempting to
create a volume with "0" (zero) allocation value. The failure is
logged as:

Oct  9 07:51:33 localhost libvirtd[8030]: cannot allocate 0 bytes in
file '/var/lib/libvirt/images/cimtest-vol.img': Invalid argument

This can also be seen with virsh vol-create-as:

error: Failed to create vol test
error: cannot allocate 0 bytes in file '/home/vm-images/test': Invalid
argument

error: Failed to create vol test
error: cannot allocate 0 bytes in file '/home/vm-images/test': Invalid
argument

It turns out fallocate() will return EINVAL when the incoming 'len'
(or allocation) value is 0 (or less).
2013-10-10 08:33:04 -04:00
Michal Privoznik
9c228e0817 qemu: Init @pcidevs in qemuPrepareHostdevPCIDevices
At the beginning of the function qemuPrepareHostdevPCICheckSupport() is
called. After that @pcidevs is initialized. However, if the very first
command fails, we go to 'cleanup' label where virObjectUnref(pcidevs) is
called. Obviously, it is called before @pcidevs was able to get
initialized. Compiler warns about it:

  CC       qemu/libvirt_driver_qemu_impl_la-qemu_hostdev.lo
qemu/qemu_hostdev.c: In function 'qemuPrepareHostdevPCIDevices':
qemu/qemu_hostdev.c:824:19: error: 'pcidevs' may be used uninitialized in this function [-Werror=maybe-uninitialized]
     virObjectUnref(pcidevs);
                   ^
cc1: all warnings being treated as errors
2013-10-10 12:32:49 +02:00
Peter Krempa
f094aaac48 qemu: Prefer VFIO for PCI device passthrough
Prefer using VFIO (if available) to the legacy KVM device passthrough.

With this patch a PCI passthrough device without the driver configured
will be started with VFIO if it's available on the host. If not legacy
KVM passthrough is checked and error is reported if it's not available.
2013-10-10 12:00:56 +02:00
Peter Krempa
467b561ac2 qemu: hostdev: Add checks if PCI passthrough is available in the host
Add code to check availability of PCI passhthrough using VFIO and the
legacy KVM passthrough and use it when starting VMs and hotplugging
devices to live machine.
2013-10-10 10:35:01 +02:00
Peter Krempa
f24150b1f5 qemu: hostdev: Fix function spacing and header formatting 2013-10-10 10:32:07 +02:00
Peter Krempa
a863b89010 qemu: refactor qemuCompressProgramAvailable() 2013-10-09 18:26:48 +02:00
Peter Krempa
f2b0a5336e qemu: Fix coding style in qemuDomainSaveFlags()
Avoid mixed brace style in an if statement and fix formatting of error
messages.
2013-10-09 18:26:48 +02:00
Ján Tomko
3f029fb531 LXC: Fix handling of RAM filesystem size units
Since 76b644c when the support for RAM filesystems was introduced,
libvirt accepted the following XML:
<source usage='1024' unit='KiB'/>

This was parsed correctly and internally stored in bytes, but it
was formatted as (with an extra 's'):
<source usage='1024' units='KiB'/>
When read again, this was treated as if the units were missing,
meaning libvirt was unable to parse its own XML correctly.

The usage attribute was documented as being in KiB, but it was not
scaled if the unit was missing. Transient domains still worked,
because this was balanced by an extra 'k' in the mount options.

This patch:
Changes the parser to use 'units' instead of 'unit', as the latter
was never documented (fixing persistent domains) and some programs
(libvirt-glib, libvirt-sandbox) already parse the 'units' attribute.

Removes the extra 'k' from the tmpfs mount options, which is needed
because now we parse our own XML correctly.

Changes the default input unit to KiB to match documentation, fixing:
https://bugzilla.redhat.com/show_bug.cgi?id=1015689
2013-10-09 17:44:45 +02:00
Chen Hanxiao
fc9a416df7 cgroup: fix a comment typo in vircgroup.c
s/shoule/should

Signed-off-by: Chen Hanxiao <chenhanxiao@cn.fujitsu.com>
2013-10-09 17:16:58 +02:00
Ján Tomko
63b6e59fd0 storage: Use bool instead of int
Commit 532fef3 added two-state 'need_alloc' and exposed
'want_sparse' which also only has two states.

Change their type from int to bool.
2013-10-09 09:37:12 +02:00
Giuseppe Scrivano
a90b9778c2 build: fix linker error on FreeBSD
Commit 2d74822a9e renamed
"freebsdNodeGetCPUCount" to "appleFreebsdNodeGetCPUCount", leaving one
call to "freebsdNodeGetCPUCount".  Fix this other case.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2013-10-08 12:45:20 -06:00
Peter Krempa
9d13298901 qemu: hostdev: Refactor PCI passhrough handling
To simplify future patches dealing with this code, simplify and refactor
some conditions to switch statements.
2013-10-08 15:24:27 +02:00
Michal Privoznik
4b744d7d00 virerror: s/VIR_ERR_STORAGE_VOL_EXISTS/VIR_ERR_STORAGE_VOL_EXISTS/
We currently have other error codes in singular form, e.g.
VIR_ERR_NETWORK_EXIST. Cleanup the previous patch to match the form.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-10-07 19:21:47 +02:00
Hongwei Bi
91875896d5 fix a ambiguous output of the command:'virsh vol-create-as'
I created a storage volume(eg: test) from a storage pool(eg:vg10) using
the following command:"virsh vol-create-as --pool vg10 --name test --capacity 300M."
When I re-executed the above command, the output was as the following:
"error: Failed to create vol test
 error: Storage volume not found: storage vol 'test' already exists"

I think the output "Storage volume not found" is not appropriate. Because in fact storage
vol test has been found at this time. And then I think virErrorNumber should includes
VIR_ERR_STORAGE_EXIST which can also be used elsewhere. So I make this patch. The result
is as following:
"error: Failed to create vol test
 error: storage volume 'test' exists already"
2013-10-07 18:26:09 +02:00
Daniel P. Berrange
999d72fbd5 Remove use of virConnectPtr from all remaining nwfilter code
The virConnectPtr is passed around loads of nwfilter code in
order to provide it as a parameter to the callback registered
by the virt drivers. None of the virt drivers use this param
though, so it serves no purpose.

Avoiding the need to pass a virConnectPtr means that the
nwfilterStateReload method no longer needs to open a bogus
QEMU driver connection. This addresses a race condition that
can lead to a crash on startup.

The nwfilter driver starts before the QEMU driver and registers
some callbacks with DBus to detect firewalld reload. If the
firewalld reload happens while the QEMU driver is still starting
up though, the nwfilterStateReload method will open a connection
to the partially initialized QEMU driver and cause a crash.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-07 14:19:10 +01:00
Daniel P. Berrange
ebca369e3f Don't pass virConnectPtr in nwfilter 'struct domUpdateCBStruct'
The nwfilter driver only needs a reference to its private
state object, not a full virConnectPtr. Update the domUpdateCBStruct
struct to have a 'void *opaque' field instead of a virConnectPtr.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-07 14:19:10 +01:00
Daniel P. Berrange
b77b16ce41 Remove virConnectPtr arg from virNWFilterDefParse*
None of the virNWFilterDefParse* methods require a virConnectPtr
arg, so just drop it

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-07 14:19:10 +01:00
Claudio Bley
609eb987c6 Adjust legacy max payload size to account for header information
Commit 27e81517a8 set the payload size to 256 KB, which is
actually the max packet size, including the size of the header.

Reduce this by VIR_NET_MESSAGE_HEADER_MAX (24) and set
VIR_NET_MESSAGE_LEGACY_PAYLOAD_MAX to 262120, which was the original
value before increasing the limit in commit eb635de1fe.
2013-10-07 13:28:44 +02:00
Ryota Ozaki
2d74822a9e nodeinfo: make freebsdNodeGetCPUCount work on Mac OS X
This fixes the following error:
  error : nodeGetInfo:933 : this function is not supported
  by the connection driver: node info not implemented on this platform

The freebsdNodeGetCPUCount was renamed to appleFreebsdNodeGetCPUCount
in order to make more visible the fact, that it works on Mac OS X too.

Mac OS X can use sysctlbyname as same as FreeBSD to get the CPU
frequency. However, the MIB style name is different from FreeBSD's.
And the unit of the return frequency is also different.

Signed-off-by: Ryota Ozaki <ozaki.ryota@gmail.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-10-07 10:28:18 +02:00
Ryota Ozaki
5a468b38b6 rpc: fix getsockopt for LOCAL_PEERCRED on Mac OS X
This fixes the following error:
  error : virGetUserEnt:703 : Failed to find user record for uid '32654'

'32654' (it's random and varies) comes from getsockopt with
LOCAL_PEERCRED option. getsockopt returns w/o error but seems
to not set any value to the buffer for uid.

For Mac OS X, LOCAL_PEERCRED has to be used with SOL_LOCAL level.
With SOL_LOCAL, getsockopt returns a correct uid.

Note that SOL_LOCAL can be found in
/System/Library/Frameworks/Kernel.framework/Versions/A/Headers/sys/un.h.

Signed-off-by: Ryota Ozaki <ozaki.ryota@gmail.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-10-07 10:18:55 +02:00
Eric Blake
51c8216594 build: fix build on RHEL 5
On RHEL 5, compilation fails with:

storage/storage_backend.c: In function 'createRawFile':
storage/storage_backend.c:339: warning: implicit declaration of function 'fallocate'
storage/storage_backend.c:339: warning: nested extern declaration of 'fallocate' [-Wnested-externs]

But:

$ grep HAVE_FALLOCATE config.h
/* #undef HAVE_FALLOCATE */

Huh? It turns out that in kernels that old, fallocate() is not
implemented (config.h is correct), but <linux/fs.h> defines
HAVE_FALLOCATE as an empty witness macro for a completely
different purpose.  Since storage_backend.c is including
<linux/fs.h> on RHEL 5, we are hosed by the kernel definition.
Newer kernels no longer pollute the namespace, and it's fairly
easy to convert to an expression that works with both the old
kernel witness and the new-style config.h (undefined or 1).

Problem introduced in commit 532fef3.

* src/storage/storage_backend.c (createRawFile): Avoid namespace
pollution from kernel, by checking HAVE_FALLOCATE for a value.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-10-04 17:33:37 -06:00
Eric Blake
bdc55cc7d2 build: fix build --without-remote
I tried to test ./configure --without-lxc --without-remote.
First, the build failed with some odd errors, such as an
inability to build xen, or link failures for virNetTLSInit.
But when you think about it, once there is no remote code,
all of libvirtd is useless, any stateful driver that depends
on libvirtd is also not worth compiling, and any libraries
used only by RPC code are not needed.  So I patched
configure.ac to make for some saner defaults when an
explicit disable is attempted.  Similarly, since we have
migrated virnetdevbridge into generic code, the workaround
for Linux kernel stupidity must not depend on stateful
drivers being in use.

Then there's 'make check' that needs segregation.

Wow - quite a bit of cleanup to make --without-remote useful :)

* configure.ac: Let --without-remote toggle defaults on stateful
drivers and other libraries.  Pick up Linux kernel workarounds
even when qemu and lxc are not being compiled.
* tests/Makefile.am (test_programs): Factor out programs that
require remote.
* src/libvirt_private.syms (rpc/virnet*.h): Move...
* src/libvirt_remote.syms: ...into new file.
* src/Makefile.am (SYM_FILES): Ship new syms file.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-10-04 17:01:47 -06:00
Oskari Saarenmaa
532fef369f storage: fix file allocation behavior in file cloning
Fixed the safezero call for allocating the rest of the file after cloning
an existing volume; it used to always use a zero offset, causing it to
only allocate the beginning of the file.

Also modified file creation to try to use fallocate(2) to pre-allocate
disk space before copying any data to make sure it fails early on if disk
is full and makes sure we can skip zero blocks when copying file contents.

If fallocate isn't available we will zero out the rest of the file after
cloning and only use sparse cloning if client requested a lower allocation
than the input volume's capacity.

Signed-off-by: Oskari Saarenmaa <os@ohmu.fi>
2013-10-04 16:18:44 +02:00
Oskari Saarenmaa
b63a1d0e95 virfile: safezero: fix buffer allocation max size
My previous commit 7dc1d4ab was supposed to change safezero to allocate
1 megabyte at maximum, but had the logic reversed and will allocate 1
megabyte at minimum (and a lot more at maximum.)

Signed-off-by: Oskari Saarenmaa <os@ohmu.fi>
2013-10-04 16:10:27 +02:00
Cole Robinson
fc9ff1f249 test: Fix coverity warnings 2013-10-04 10:06:56 -04:00
Peter Krempa
f8e2da01be qemu: Use maximum guest memory size when getting NUMA placement advice
When starting the VM the guest balloon driver is not loaded at that
time. We need to ask numad for placement of the complete VM.
2013-10-04 14:57:54 +02:00
Gao feng
391b82722e Free cmd in virNetDevVethCreate
Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
2013-10-04 12:03:19 +01:00
Gao feng
524b21979a Free cmd in virNetDevVethDelete
Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
2013-10-04 12:02:38 +01:00
Oskari Saarenmaa
7dc1d4ab89 virfile: safezero: fall back to writing block by block if mmap fails
mmap can fail on 32-bit systems if we're trying to zero out a lot of data.
Fall back to using block-by-block writing in that case.  While we could map
smaller blocks it's unlikely that this code is used a lot and its easier to
just fall back to one of the existing methods.

Also modified the block-by-block zeroing to not allocate a megabyte of
zeroes if we're writing less than that.

Signed-off-by: Oskari Saarenmaa <os@ohmu.fi>
2013-10-04 08:22:36 +02:00
Cole Robinson
68cc45b6f9 test: snapshot: Add REDEFINE support 2013-10-03 17:31:55 -04:00
Cole Robinson
670e86bfd7 qemu: snapshot: Break out redefine preparation to shared function 2013-10-03 17:31:55 -04:00
Cole Robinson
390c06b675 test: Implement snapshot create/delete/revert APIs
Again stolen from qemu_driver.c, but dropping all the unneeded bits.
This aims to copy all the current qemu validation checks since that's
the most commonly used real driver, but some of the checks are
completely artificial in the test driver.

This only supports creation of internal snapshots for initial
simplicity.
2013-10-03 17:26:50 -04:00
Cole Robinson
1d24185284 test: Allow specifying domainsnapshot XML
The user can pass it as a <test:domainsnapshot> subelement of a <domain>.
2013-10-03 16:52:54 -04:00
Cole Robinson
56ff156d15 qemu: snapshots: Simplify REDEFINE flag check
Makes things more readable IMO
2013-10-03 16:52:54 -04:00
Laine Stump
9881bfed25 qemu: check actual netdev type rather than config netdev type during init
This resolves:

   https://bugzilla.redhat.com/show_bug.cgi?id=1012824
   https://bugzilla.redhat.com/show_bug.cgi?id=1012834

Note that a similar problem was reported in:

   https://bugzilla.redhat.com/show_bug.cgi?id=827519

but the fix only worked for <interface type='hostdev'>, *not* for
<interface type='network'> where the network itself was a pool of
hostdevs.

The symptom in both cases was this error message:

   internal error: Unable to determine device index for network device

In both cases the cause was lack of proper handling for netdevs
(<interface>) of type='hostdev' when scanning the netdev list looking
for alias names in qemuAssignDeviceNetAlias() - those that aren't
type='hostdev' have an alias of the form "net%d", while those that are
hostdev use "hostdev%d". This special handling was completely lacking
prior to the fix for Bug 827519 which was:

When searching for the highest alias index, libvirt looks at the alias
for each netdev and if it is type='hostdev' it ignores the entry. If
the type is not hostdev, then it expects the "net%d" form; if it
doesn't find that, it fails and logs the above error message.

That fix works except in the case of <interface type='network'> where
the network uses hostdev (i.e. the network is a pool of VFs to be
assigned to the guests via PCI passthrough). In this case, the check
for type='hostdev' would fail because it was done as:

     def->net[i]->type == VIR_DOMAIN_NET_TYPE_HOSTDEV

(which compares what was written in the config) when it actually
should have been:

    virDomainNetGetActualType(def->net[i]) == VIR_DOMAIN_NET_TYPE_HOSTDEV

(which compares the type of netdev that was actually allocated from
the network at runtime).

Of course the latter wouldn't be of any use if the netdevs of
type='network' hadn't already acquired their actual network connection
yet, but manual examination of the code showed that this is never the
case.

While looking through qemu_command.c, two other places were found to
directly compare the net[i]->type field rather than getting actualType:

* qemuAssignDeviceAliases() - in this case, the incorrect comparison
  would cause us to create a "net%d" alias for a netdev with
  type='network' but actualType='hostdev'. This alias would be
  subsequently overwritten by the proper "hostdev%d" form, so
  everything would operate properly, but a string would be
  leaked. This patch also fixes this problem.

* qemuAssignDevicePCISlots() - would defer assigning a PCI address to
  a netdev if it was type='hostdev', but not for type='network +
  actualType='hostdev'. In this case, the actual device usually hasn't
  been acquired yet anyway, and even in the case that it has, there is
  no practical difference between assigning a PCI address while
  traversing the netdev list or while traversing the hostdev
  list. Because changing it would be an effective NOP (but potentially
  cause some unexpected regression), this usage was left unchanged.
2013-10-03 11:06:45 -04:00
Daniel P. Berrange
fe3f108d85 Use 'vnet' as prefix for veth devices
The XML parser reserves 'vnet' as a prefix for automatically
generated NIC device names. Switch the veth device creation
to use this prefix, so it does not have to worry about clashes
with user specified names in the XML.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-03 11:28:44 +01:00
Daniel P. Berrange
f2e53555eb Retry veth device creation on failure
The veth device creation code run in two steps, first it looks
for two free veth device names, then it runs ip link to create
the veth pair. There is an obvious race between finding free
names and creating them, when guests are started in parallel.

Rewrite the code to loop and re-try creation if it fails, to
deal with the race condition.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-03 11:28:30 +01:00
Daniel P. Berrange
8766e9b5a5 Avoid deleting NULL veth device name
If veth device allocation has a fatal error, the veths
array may contain NULL device names. Avoid calling the
virNetDevVethDelete function on such names.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-03 11:28:08 +01:00
Daniel P. Berrange
10caf94ddc Avoid reporting an error if veth device is already deleted
The kernel automatically destroys veth devices when cleaning
up the container network namespace. During normal shutdown, it
is thus likely that the attempt to run 'ip link del vethN'
will fail. If it fails, check if the device exists, and avoid
reporting an error if it has gone. This switches to use the
virCommand APIs instead of virRun too.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-03 11:28:06 +01:00
Daniel P. Berrange
f5eae57086 Don't set netdev offline in container cleanup
During container cleanup there is a race where the kernel may
have destroyed the veth device before we try to set it offline.
This causes log error messages. Given that we're about to
delete the device entirely, setting it offline is pointless.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-03 11:25:20 +01:00
Michal Privoznik
3e8343e151 qemuMonitorJSONSendKey: Avoid double free
After successful @cmd construction the memory where @keys points to is
part of @cmd. Avoid double freeing it.
2013-10-03 08:57:57 +02:00
Michal Privoznik
ec07a9e84b qemuMonitorJSONGetVirtType: Fix error message
When querying for kvm, we try to find 'enabled' field. Hence the error
message should report we haven't found 'enabled' and not 'running'
(which is not even in the reply). Probably a typo or copy-paste error.
2013-10-03 08:57:50 +02:00
Michal Privoznik
9fa10d3901 qemu_hotplug: Allow QoS update in qemuDomainChangeNet
The qemuDomainChangeNet() is called when 'virsh update-device' is
invoked on a NIC. Currently, we fail to update the QoS even though
we have routines for that.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-10-02 10:48:03 +02:00
Michal Privoznik
ee02fbc8e4 virNetDevBandwidthEqual: Make it more robust
So far the virNetDevBandwidthEqual() expected both ->in and ->out items
to be allocated for both @a and @b compared. This is not necessary true
for all our code. For instance, running 'update-device' twice over a NIC
with the very same XML results in SIGSEGV-ing in this function.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-10-02 10:47:22 +02:00
Cole Robinson
c4510fd147 test: Implement readonly snapshot APIs
This is just stolen from qemu_driver.c with tweaks to fit the
test driver.
2013-10-01 11:59:07 -04:00
Cole Robinson
25314fa6c5 test: Wire up managed save APIs
Also add a <test:hasmanagedsave> element to set this data when starting
the connection.
2013-10-01 11:33:56 -04:00
Cole Robinson
d82ea6ec4e test: Allow specifying object transient state in driver XML
Similar to the runstate commit, allow a boolean <test:transient/>
element for setting domain persistence at driver startup.
2013-10-01 11:27:21 -04:00
Cole Robinson
a924d9d083 qemu: cgroup: Fix crash if starting nographics guest
We can dereference graphics[0] even if guest has no graphics device
configured. I screwed this up in a216e64872

https://bugzilla.redhat.com/show_bug.cgi?id=1014088
2013-10-01 11:22:18 -04:00
Ján Tomko
f1bdcb2be9 selinux: Only close the selabel_handle once
On selinux driver initialization failure (missing/incorrectly
formatted contexts file), selabel_handle was closed twice.

Introduced by 6159710.
2013-10-01 15:00:07 +02:00
Laine Stump
e4e73337e5 util: recognize SMB/CIFS filesystems as shared
This should resolve:

  https://bugzilla.redhat.com/show_bug.cgi?id=1012085

libvirt previously recognized NFS, GFS2, OCFS2, and AFS filesystems as
"shared", and thus eligible for exceptions to certain rules/actions
about chowning image files before handing them off to a guest. This
patch widens the definition of "shared filesystem" to include SMB and
CIFS filesystems (aka "Windows file sharing"); both of these use the
same protocol, but different drivers so there are different magic
numbers for each.
2013-10-01 05:45:05 -04:00
Michal Privoznik
64f1e1688d qemu_capabilities: Introduce virQEMUCapsInitQMPMonitor
This basically covers the talking-to-monitor part of
virQEMUCapsInitQMP.  The patch itself has no real value,
but it creates an entity to be tested in the next patches.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-10-01 10:48:47 +02:00
Chen Hanxiao
4b2b078a8b lxc: do cleanup when failed to bind fs as read-only
We forgot to do cleanup when lxcContainerMountFSTmpfs
failed to bind fs as read-only.

Signed-off-by: Chen Hanxiao <chenhanxiao@cn.fujitsu.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2013-09-30 13:30:43 -06:00
Daniel P. Berrange
27e81517a8 Fix max stream packet size for old clients
The libvirtd server pushes data out to clients. It does not
know what protocol version the client might have, so must be
conservative and use the old payload limits. ie send no more
than 256kb of data per packet.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-30 19:01:23 +01:00
Cédric Bosdonnat
bd773e74f0 LXC: workaround machined uncleaned data with containers running systemd.
The problem is described by [0] but its effect on libvirt is that
starting a container with a full distro running systemd after having
stopped it simply fails.

The container cleanup now calls the machined Terminate function to make
sure that everything is in order for the next run.

 [0]: https://bugs.freedesktop.org/show_bug.cgi?id=68370
2013-09-30 16:47:23 +01:00
Oskari Saarenmaa
edc61bf63e virfile: safezero: align mmap offset to page size
mmap's offset must be aligned to page size or mapping will fail.
mmap-based safezero is only used if posix_fallocate isn't available.

Signed-off-by: Oskari Saarenmaa <os@ohmu.fi>
2013-09-30 15:18:13 +02:00
Boris Fiuczynski
11d9dd7ba0 virscsi: hostdev SCSI AdapterId retrieval fix
Fixed the retrieval of the AdapterId from the AdapterName of the
hostdev source so it does return an error instead of leaving the
adapter_id uninitialized.

Signed-off-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
Reviewed-by: Viktor Mihajlovski <mihajlov@linux.vnet.ibm.com>
2013-09-30 15:04:46 +02:00
Peter Krempa
59e21e973f qemu: process: Silence coverity warning when rewinding log file
The change in ef29de14c3 that introduced
better error logging from qemu introduced a warning from coverity about
unused return value from lseek. Silence this warning and fix typo in the
corresponding error message.

Reported by: John Ferlan
2013-09-30 13:43:32 +02:00
Daniel Veillard
b3f6f8ba19 Remove tab from previous commit 2013-09-30 00:09:59 +08:00
Doug Goldstein
45cd9aa2d4 VMware: Initial VMware Fusion support
Add support for VMware Fusion in the existing VMware driver.  Connect
via the URI vmwarefusion:///session
2013-09-29 18:40:36 +08:00
Doug Goldstein
ca91e55407 VMware: Support more than 2 driver backends
Currently the VMware version check code only supports two types of
VMware backends, Workstation and Player. But in the near future we will
have an additional one so we need to support more. Additionally, we
discover and cache the path to the vmrun binary so we should use that
path when using the corresponding binary from the VMware VIX SDK.
2013-09-29 18:40:36 +08:00
Eric Blake
51f98bbab8 build: tweak vpath builds of net_rpc
Another case missed by commits 716c7bb and 6973e02.

* src/Makefile.am (VIR_NET_RPC_GENERATED): Drop $(srcdir).
(libvirt_net_rpc_la_SOURCES): List generated files more compactly.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-09-27 17:01:05 -06:00
Michal Privoznik
ecbb3d51b5 Makefile.am: Always include rule to make org.libvirt.api.policy
When running 'make dist' on a system without policykit, we currently
fail. This is because $(srcdir)/access/org.libvirt.api.policy is in
EXTRA_DIST, however, the rule to generate the file is conditional
whether we build with polkit or not.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-09-27 18:32:43 +02:00
Michal Privoznik
3f573fbae1 genprotocol.pl: Fix code on FreeBSD too
On some systems (linux, cygwin and gnukfreebsd) rpcgen generates files
which when compiling produces this warning:

remote/remote_protocol.c: In function 'xdr_remote_node_get_cpu_stats_ret':
remote/remote_protocol.c:530: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]

Hence, on those systems we need to post-process the files by the
rpc/genprotocol.pl perl script. At the beginning of the script the OS is
detected via $^O perl variable. From my latest build on FreeBSD I see we
need to fix the code there too. On FreeBSD the variable contains
'freebsd' string:

http://perldoc.perl.org/perlport.html#PLATFORMS

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-09-27 18:32:42 +02:00
Doug Goldstein
b41bed70f1 event: Make debug message match function comments
The debug message said there was a timeout of 0 pending for -1 ms which
made me think this is where a hang was coming from but according to the
function comments this case means that there is no timeout pending so
make the debug message say that instead of saying there's a -1 ms
timeout.
2013-09-27 11:16:35 -05:00
Doug Goldstein
03ee919e9b BSD: Ensure process creation timestamp is init'd
While BSDs don't support process creation timestamp information via
PEERCRED for Unix sockets, we need to actually initialize the value
because it is used by the libvirt code.
2013-09-27 11:16:35 -05:00
Doug Goldstein
68674169af BSD: Ensure UNIX socket credentials are valid
Ensure that the socket credentials we got back on BSD are valid before
using them.
2013-09-27 11:16:35 -05:00
Jiri Denemark
9e03f313b8 qemu: Free all driver data in qemuStateCleanup
https://bugzilla.redhat.com/show_bug.cgi?id=1011330 (case A)

While activeScsiHostdevs and webSocketPorts were allocated in
qemuStateInitialize, they were not freed in qemuStateCleanup.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2013-09-27 15:57:14 +02:00
Jiri Denemark
833cdab6d2 qemu: Don't leak reference to virQEMUDriverConfigPtr
https://bugzilla.redhat.com/show_bug.cgi?id=1011330 (case D)

qemuProcessStart created two references to virQEMUDriverConfigPtr before
calling fork():

    cfg = virQEMUDriverGetConfig(driver);
    ...
    hookData.cfg = virObjectRef(cfg);

However, the child only unreferenced hookData.cfg and the parent only
removed the cfg reference. That said, we don't need to increment the
reference counter when assigning cfg to hookData. Both the child and the
parent will correctly remove the reference on cfg (the child will do
that through hookData).

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2013-09-27 15:57:14 +02:00
Viktor Mihajlovski
6973e02b3d build: Fix VPATH build error for locking daemon
Removed superfluous/wrong srcdir prefix.

Signed-off-by: Viktor Mihajlovski <mihajlov@linux.vnet.ibm.com>
2013-09-27 07:26:09 -06:00
Jiri Denemark
f25a08747d rpc: Increase bound limit for virDomainGetJobStats
https://bugzilla.redhat.com/show_bug.cgi?id=1012818

Commit 6d7d0b1869 (in 1.1.2) added bounds
checking to virDomainGetJobStats. But even at that time the API was able
to return 20 parameters while the limit was set to 16.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2013-09-27 12:56:13 +02:00
Chen Hanxiao
cc5b920b24 lxc: fix a warning typo in virLXCControllerEventSend
s/becuase/because/

Signed-off-by: Chen Hanxiao <chenhanxiao@cn.fujitsu.com>
2013-09-27 08:15:06 +02:00
Eric Blake
8de47efd3f maint: fix comment typos
* src/lxc/lxc_controller.c (virLXCControllerSetupDisk): Fix typo.
* src/lxc/lxc_driver.c (lxcDomainAttachDeviceDiskLive): Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-09-26 15:40:34 -06:00
Chen Hanxiao
c82513acc2 LXC: free dst before lxcDomainAttachDeviceDiskLive returns
Free dst before lxcDomainAttachDeviceDiskLive returns

Signed-off-by: Chen Hanxiao <chenhanxiao@cn.fujitsu.com>
2013-09-26 15:13:55 +02:00
Chen Hanxiao
21813c9fb5 qemu: virDomainControllerFind may return 0 if controller found
The return value of virDomainControllerFind >=0 means that
the specific controller was found.
But some functions invoke it and treat 0 as not found.
This patch fix these incorrect invocation.

Signed-off-by: Chen Hanxiao <chenhanxiao@cn.fujitsu.com>
2013-09-26 15:13:36 +02:00
Guido Günther
40942b788e Distribute check-aclperms.pl
so "make check" can work for the distributed tarballs too.
2013-09-26 14:26:53 +02:00
Peter Krempa
0dd948cb2b conf: clean up virDomainChrSourceDefParseXML
Tweak some conditions and use correct typecasts in enums.
2013-09-26 09:24:09 +02:00
Peter Krempa
795527548f conf: Don't crash on invalid chardev source definition of RNGs and other
Since commit 297c99a5 an invalid source definition XML of a character
device that is used as backend for RNG devices, smartcards and redirdevs
causes crash of the daemon when parsing such a definition.

The device types mentioned above are not a part of a regular character
device but are backends for other types. Thus when parsing such device
NULL is passed as the argument @chr_def. Later when checking the
validity of the definition @chr_def was dereferenced when parsing a UNIX
socket backend with missing path of the socket and crashed the daemon.

Sample offending configuration:
  <devices>
  ...
    <rng model='virtio'>
      <backend model='egd' type='unix'>
        <source mode='bind' service='1024'/>
      </backend>
    </rng>
  </devices>

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1012196
2013-09-26 08:48:38 +02:00
Cole Robinson
e791033df6 test: Allow specifying object runstate in driver XML
When passing in custom driver XML, allow a block like

<domain xmlns:test='http://libvirt.org/schemas/domain/test/1.0'>
  ...
  <test:runstate>5</test:runstate>
</domain>

This is only read at initial driver start time, and sets the initial
run state of the object. This is handy for UI testing.

It's only wired up for domains, since that's the only conf/
infrastructure that supports namespaces at the moment.
2013-09-25 13:30:36 -04:00
Daniel P. Berrange
4f2094346d Don't ignore errors parsing nwfilter rules
For inexplicable reasons, the nwfilter XML parser is intentionally
ignoring errors that arise during parsing. As well as meaning that
users don't get any feedback on their XML mistakes, this will lead
it to silently drop data in OOM conditions.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-25 18:12:09 +01:00
Daniel P. Berrange
06bfe6fe2b Fix leak in virLockSpaceResourceFree
Normally a lockspace resource is not freed while there are
active owners. During initial resource creation though, an
OOM error will trigger this scenario. virLockSpaceResourceFree
was not freeing the 'owners' field in this case.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-25 18:12:09 +01:00
Daniel P. Berrange
ec48aaee23 Fix leak of parser state in virJSONValueFromString
If OOM or another error occurs in virJSONValueFromString the
parser state object will be leaked.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-25 18:12:09 +01:00
Daniel P. Berrange
d3f8fec456 Fix double-free in virJSONParserHandleStartMap on OOM
If OOM occurs in virJSONParserHandleStartMap it will free
a variable that is owned by another object. This leads to
a later double-free.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-25 18:12:09 +01:00
Daniel P. Berrange
6bf3078657 Fix leak of iterators in virDBusMessageIterEncode
If virDBusMessageIterEncode hits an OOM condition it often
leaks the memory associated with the dbus iterator object

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-25 18:12:09 +01:00
Daniel P. Berrange
a8412f868b Fix leak of comment string if virConfAddEntry fails on OOM
The code parsing comments in config files called virConfAddEntry
but did not check for failure. This caused the comment string to
leak on OOM.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-25 18:12:09 +01:00
Daniel P. Berrange
1f66001c69 Add missing check for OOM with virVMXEscapeHexPipe
The virVMXFormatConfig called virVMXEscapeHexPipe but
forgot to check for OOM. This caused data to silently
be lost.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-25 18:12:09 +01:00
Daniel P. Berrange
6b663b6fd1 Fix crash on OOM parsing storage pool XML
The virStoragePoolDefParseSource method would set def->nhosts
before allocating def->hosts. If the allocation failed due to
OOM, the cleanup code would crash accessing out of bounds.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-25 18:12:08 +01:00
Daniel P. Berrange
0dff76c2d3 Fix double free of hostdev on OOM in xenParseSxprPCI
If xenParseSxprPCI failed to expand the def->hostdevs array
due to OOM, it would free the hostdev instance twice.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-25 18:12:08 +01:00
Daniel P. Berrange
93ac954094 Fix crash on OOM in virDomainSnapshotDefParse
The virDomainSnapshotDefParse method assigned to def->ndisks
before allocating def->disks. Thus if an OOM occurred, the
cleanup code would access out of bounds.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-25 18:12:08 +01:00
Daniel P. Berrange
8feae8e136 Don't clobber return value in virInterfaceDefParseProtoIPv6
Several places in virInterfaceDefParseProtoIPv6 clobber the
default 'ret' return value. So when jumping to cleanup on
error, 'ret' may mistakenly be set to 0 instead of -1. This
caused failure to report OOM errors, meaning data was silently
lost during parsing.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-25 18:12:08 +01:00
Daniel P. Berrange
3169991555 Fix handling of OOM when getting Xen dom ID
The methods for obtaining the Xen dom ID cannot distinguish
between returning -1 due to an error and returning -1 due to
the domain being shutoff. Change them to return the dom ID
via an output parameter.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-25 18:12:08 +01:00
Daniel P. Berrange
d508f70df0 Fix crash on OOM in xenParseSxpr
The xenParseSxpr method sets def->nconsoles to 1 before allocating
the def->consoles array. If the allocation fails due to OOM the
cleanup code will thus crash accessing out of bounds.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-25 18:12:08 +01:00
Daniel P. Berrange
0377238fe8 Fix leak of serial value in xenFormatXM on OOM
If an OOM occurs in xenFormatXM when formatting to the
serial device value, the value is leaked.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-25 15:49:28 +01:00
Daniel P. Berrange
760b59e909 Fix broken formatting on OOM in xenFormatXM
If an OOM occurs when xenFormatXM is setting the 'hpet'
variable it is silently ignored. Fix it to propagate
to the callers.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-25 15:49:28 +01:00
Daniel P. Berrange
10b7d19fdd Fix crash on OOM in xenParseXM handling consoles
The xenParseXM sets def->nconsoles to 1 before claling
VIR_REALLOC_N on def->consoles. So if the alloc fails
due to OOM, the cleanup code will crash accessing a
console that does not exist.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-25 15:49:28 +01:00
Daniel P. Berrange
fa911ec44e Fix leak of char device in xenParseXM
If an OOM occurs in xenParseXM, a virDomainChrDef may be
leaked.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-25 15:49:28 +01:00
Daniel P. Berrange
145de7b8f3 Fix leak of command line args in qemuParseCommandLine
If qemuParseCommandLine finds an arg it does not understand
it adds it to the QEMU passthrough custom arg list. If the
qemuParseCommandLine method hits an error for any reason
though, it just does 'VIR_FREE(cmd)' on the custom arg list.
This means all actual args / env vars are leaked. Introduce
a qemuDomainCmdlineDefFree method to be used for cleanup.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-25 15:49:28 +01:00
Daniel P. Berrange
94e6b94ab7 Fix leak in qemuParseCommandLine on OOM
If the call to virDomainControllerInsert fails in
qemuParseCommandLine, the controller struct is leaked.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-25 15:49:28 +01:00
Daniel P. Berrange
b391b19144 Fix leak in qemuStringToArgvEnv upon OOM
The 'qemuStringToArgvEnv' method splits up a string of command
line env/args to an 'arglist' array. It then copies env vars
to a 'progenv' array and args to a 'progargv' array. When
copyin the env vars, it NULL-ifies the element in 'arglist'
that is copied.

Upon OOM the 'virStringListFree' is called on progenv and
arglist. Unfortunately, because the elements in 'arglist'
related to env vars have been set to NULL, the call to
virStringListFree(arglist) doesn't free anything, even
though some non-NULL args vars still exist later in the
array.

To fix this leak, stop NULL-ifying the 'arglist' elements,
and change the cleanup code to only free elements in the
'arglist' array, not 'progenv'.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-25 15:49:28 +01:00
Daniel P. Berrange
6bb7f19eb1 Fix missing jump to error cleanup in qemuParseCommandLineDisk
In a number of places in qemuParseCommandLineDisk, an error
is reported, but no 'goto error' jump is used. This causes
failure to report OOM conditions to the caller.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-25 15:49:27 +01:00
Daniel P. Berrange
fbf82783e8 Fix leak in qemuParseCommandLineDisk on OOM
If OOM occurs in qemuParseCommandLineDisk some intermediate
variables will be leaked when parsing Sheepdog or RBD disks.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-25 15:49:27 +01:00
Daniel P. Berrange
86139a408d Fix leak on OOM in qemuBuildCommandLine dealing with sound card
The qemuBuildCommandLine code for parsing sound cards will leak
an intermediate variable if an OOM occurs. Move the free'ing of
the variable earlier to avoid the leak.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-25 15:49:27 +01:00
Daniel P. Berrange
a72d25f40f Fix failure to honour OOM status in qemuParseNBDString
In qemuParseNBDString, if the virURIParse fails, the
error is not reported to the caller. Instead execution
falls through to the non-URI codepath causing memory
leaks later on.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-25 15:49:13 +01:00
Daniel P. Berrange
d7e9f9f7e8 Avoid leak in qemuParseRBDString on failure of qemuAddRBDHost
If qemuAddRBDHost fails due to parsing problems or OOM, then
qemuParseRBDString cleanup is skipped causing a memory leak.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-25 15:49:13 +01:00
Daniel P. Berrange
e7b7a2019d Fix leak of address string in qemuDomainPCIAddressGetNextSlot
qemuDomainPCIAddressGetNextSlot has a loop for finding
compatible PCI buses. In the loop body it creates a
PCI address string, but never frees this. This causes
a leak if the loop executes more than one iteration,
or if a call in the loop body fails.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-25 15:49:12 +01:00
Daniel P. Berrange
66f2db7311 Fix leak in virDomainDefParseXML parsing vcpupin
If virBitmapNew fails due to OOM, the 'vcpupin' variable
is leaked.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-25 15:49:12 +01:00
Daniel P. Berrange
d9bae31250 Fix leak in virDomainVcpuPinDefParseXML parsing cpumask
If the virBitmapParse method fails due to OOM, we leak
the 'tmp' variable string.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-25 15:49:12 +01:00
Daniel P. Berrange
1fff45cca9 Avoid leak if virDomainSoundCodecDefParseXML return error
If virDomainSoundCodecDefParseXML returns an error (eg due
to OOM), then the xml nodeset codecNodes is leaked.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-25 15:49:12 +01:00
Daniel P. Berrange
fbf8e1c314 Fix leak in virDomainVcpuPinDefArrayFree
If virDomainVcpuPinDefArrayFree is called with def != NULL,
but nvcpupin == 0, then it leaks memory for 'def'. This is
an unusual scenario, but it hits when cleaning up after an
OOM during parsing of XML.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-25 15:49:12 +01:00
Laine Stump
386ebb47a5 qemu: prefer to put a Q35 machine's dmi-to-pci-bridge at 00:1E.0
This resolves one of the issues listed in:

   https://bugzilla.redhat.com/show_bug.cgi?id=1003983

00:1E.0 is the location of this controller on at least some actual Q35
hardware, so we try to replicate the placement. The bridge should work
just as well in any other location though, so if 00:1E.0 isn't
available, just allow it to be auto-assigned anywhere appropriate.
2013-09-25 10:39:23 -04:00
Laine Stump
c484fe16cb qemu: turn if into switch in qemuDomainValidateDevicePCISlotsQ35
This will make it simpler to add checks for other types of
controllers.

This is a prerequisite for patches to resolve:

   https://bugzilla.redhat.com/show_bug.cgi?id=1003983
2013-09-25 10:38:50 -04:00
Laine Stump
b83d26f6c4 qemu: support ich9-intel-hda audio device
This resolves one of the issues in:

   https://bugzilla.redhat.com/show_bug.cgi?id=1003983

This device is identical to qemu's "intel-hda" device (known as "ich6"
in libvirt), but has a different PCI device ID (which matches the ID
of the hda audio built into the ich9 chipset, of course). It's not
supported in earlier versions of qemu, so it requires a capability
bit.
2013-09-25 10:38:02 -04:00
Laine Stump
8e0dab3a8e qemu: replace multiple strcmps with a switch on an enum
I'm not sure why this code was written to compare the strings that it
had just retrieved from an enum->string conversion, rather than just
look at the original enum values, but this yields the same results,
and is much more efficient (especially as you add more devices).

This is a prerequisite for patches to resolve:

   https://bugzilla.redhat.com/show_bug.cgi?id=1003983
2013-09-25 10:37:33 -04:00
Laine Stump
07af519298 qemu: allow some PCI devices to be attached to PCIe slots
Part of the resolution to:

   https://bugzilla.redhat.com/show_bug.cgi?id=1003983

Although most devices available in qemu area defined as PCI devices,
and strictly speaking should only be attached via a PCI slot, in
practice qemu allows them to be attached to a PCIe slot and sometimes
this makes sense.

For example, The UHCI and EHCI USB controllers are usually attached
directly to the PCIe "root complex" (i.e. PCIe slots) on real
hardware, so that should be possible for a Q35-based qemu virtual
machine as well.

We still want to prefer a standard PCI slot when auto-assigning
addresses, though, and in general to disallow attaching PCI devices
via PCIe slots.

This patch makes that possible by adding a new
QEMU_PCI_CONNECT_TYPE_EITHER_IF_CONFIG flag. Three things are done
with this flag:

1) It is set for the "pcie-root" controller

2) qemuCollectPCIAddress() now has a set of nested switches that set
this "EITHER" flag for devices that we want to allow connecting to
pcie-root when specifically requested in the config.

3) qemuDomainPCIAddressFlagsCompatible() adds this new flag to the
"flagsMatchMask" if the address being checked came from config rather
than being newly auto-allocated by libvirt (this knowledge is
conveniently already available in the "fromConfig" arg).

Now any device having the EITHER flag set can be connected to
pcie-root if explicitly requested, but auto-allocated addresses for
those devices will still be standard PCI slots instead.

This patch only loosens the restrictions on devices that have been
specifically requested, but the setup is such that it should be fairly
easy to add new devices.
2013-09-25 10:36:45 -04:00
Laine Stump
fbd9be484c qemu: eliminate redundant if clauses in qemuCollectPCIAddress
Replace them with switch cases. This will make it more efficient when
we add exceptions for more controller types, and other device types.

This is a prerequisite for patches to resolve:

   https://bugzilla.redhat.com/show_bug.cgi?id=1003983
2013-09-25 10:35:49 -04:00
Laszlo Ersek
51e184e982 bridge driver: don't masquerade local subnet broadcast/multicast packets
Packets sent by guests on virbrN, *or* by dnsmasq on the same, to
- 255.255.255.255/32 (netmask-independent local network broadcast
  address), or to
- 224.0.0.0/24 (local subnetwork multicast range)
are never forwarded, hence it is not necessary to masquerade them.

In fact we must not masquerade them: translating their source addresses or
source ports (where applicable) may confuse receivers on virbrN.

One example is the DHCP client in OVMF (= UEFI firmware for virtual
machines):

  http://thread.gmane.org/gmane.comp.bios.tianocore.devel/1506/focus=2640

It expects DHCP replies to arrive from remote source port 67. Even though
dnsmasq conforms to that, the destination address (255.255.255.255) and
the source address (eg. 192.168.122.1) in the reply allow the UDP
masquerading rule to match, which rewrites the source port to or above
1024. This prevents the DHCP client in OVMF from accepting the packet.

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=709418

Signed-off-by: Laszlo Ersek <lersek@redhat.com>
2013-09-25 08:31:50 -04:00
Laszlo Ersek
ccca5dc3a2 util/viriptables: add/remove rules that short-circuit masquerading
The functions
- iptablesAddForwardDontMasquerade(),
- iptablesRemoveForwardDontMasquerade
handle exceptions in the masquerading implemented in the POSTROUTING chain
of the "nat" table. Such exceptions should be added as chronologically
latest, logically top-most rules.

The bridge driver will call these functions beginning with the next patch:
some special destination IP addresses always refer to the local
subnetwork, even though they don't match any practical subnetwork's
netmask. Packets from virbrN targeting such IP addresses are never routed
outwards, but the current rules treat them as non-virbrN-destined packets
and masquerade them. This causes problems for some receivers on virbrN.

Signed-off-by: Laszlo Ersek <lersek@redhat.com>
2013-09-25 08:24:09 -04:00
Peter Krempa
ef29de14c3 qemu: Wire up better early error reporting
The previous patches added infrastructure to report better errors from
monitor in some cases. This patch finalizes this "feature" by enabling
this enhanced error reporting on early phases of VM startup. In these
phases the possibility of qemu producing a useful error message is
really high compared to running it during the whole life cycle. After
the start up is complete, the feature is disabled to provide the usual
error messages so that users are not confused by possibly irrelevant
messages that may be in the domain log.

The original motivation to do this enhancement is to capture errors when
using VFIO device passthrough, where qemu reports errors after the
monitor is initialized and the existing error catching code couldn't
catch this producing a unhelpful message:

 # virsh start test
 error: Failed to start domain test
 error: Unable to read from monitor: Connection reset by peer

With this change, the message is changed to:

 # virsh start test
 error: Failed to start domain test
 error: internal error: early end of file from monitor: possible problem:
 qemu-system-x86_64: -device vfio-pci,host=00:1a.0,id=hostdev0,bus=pci.0,addr=0x5: vfio: error, group 8 is not viable, please ensure all devices within the iommu_group are bound to their vfio bus driver.
 qemu-system-x86_64: -device vfio-pci,host=00:1a.0,id=hostdev0,bus=pci.0,addr=0x5: vfio: failed to get group 8
 qemu-system-x86_64: -device vfio-pci,host=00:1a.0,id=hostdev0,bus=pci.0,addr=0x5: Device 'vfio-pci' could not be initialized
2013-09-25 13:50:57 +02:00
Peter Krempa
90139a6236 qemu: monitor: Produce better errors on monitor hangup
Change the monitor error code to add the ability to access the qemu log
file using a file descriptor so that we can dig in it for a more useful
error message. The error is now logged on monitor hangups and overwrites
a possible lesser error. A hangup on the monitor usualy means that qemu
has crashed and there's a significant chance it produced a useful error
message.

The functionality will be latent until the next patch.
2013-09-25 13:50:56 +02:00
Peter Krempa
8519e9ecdc qemu: monitor: Add infrastructure to access VM logs for better err msgs
Early VM startup errors usually produce a better error message in the
machine log file. Currently we were accessing it only when the process
exited during certain phases of startup. This will help adding a more
comprehensive error extraction for early qemu startup phases.

This patch adds infrastructure to keep a file descriptor for the machine
log file that will be used in case an error happens.
2013-09-25 13:50:56 +02:00
Peter Krempa
310651a5e3 qemu_process: Make qemuProcessReadLog() more versatile and reusable
Teach the function to skip character device definitions printed by qemu
at startup in addition to libvirt log messages and make it usable from
outside of qemu_process.c. Also add documentation about the func.
2013-09-25 13:50:56 +02:00
Daniel P. Berrange
cba4868ad8 Check return value of virDomainControllerInsert when parsing QEMU args
The parsing of '-usb' did not check for failure of the
virDomainControllerInsert method. As a result on OOM, the
parser mistakenly attached USB disks to the IDE controller.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-24 16:58:32 +01:00
Daniel P. Berrange
b81f30566b Honour error returned by virBitmapFormat
The code formatting NUMA args was ignoring the return value
of virBitmapFormat, so on OOM, it would silently drop the
NUMA cpumask arg.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-24 16:58:27 +01:00
Daniel P. Berrange
a4b0c75ce8 Add missing check for OOM when building boot menu args
When building boot menu args, if OOM occurred the CLI args
would end up containing  'order=(null)' due to a missing
call to 'virBufferError'.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-24 16:58:23 +01:00
Claudio Bley
9f219dca48 Always open files in binary mode in virFDStreamOpenFileInternal
On win32, using text mode for binary files might result in short
reads since ASCII character 0x1A is interpreted as EOF. Also, it
could lead to problems using the seek functions because of the \r
handling.

Signed-off-by: Claudio Bley <cbley@av-test.de>
2013-09-24 14:27:41 +02:00
Claudio Bley
291edf708b test: fix call to virFDStreamOpenFile in testDomainScreenshot
N.B.  This had no ill effects as long as O_RDONLY is defined to
      to be 0, such that the expression (O_RDONLY < 0) yielded 0
      again.

Signed-off-by: Claudio Bley <cbley@av-test.de>
2013-09-24 14:27:41 +02:00
Daniel P. Berrange
6912cf4faa Don't ignore allocation failure in virCommandAddEnvPassCommon
The virCommandAddEnvPassCommon method ignored the failure to
pre-allocate the env variable array with VIR_RESIZE_N. While
this is harmless, it confuses the test harness which is trying
to validate OOM handling of every individual allocation call.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-24 10:52:58 +01:00
Daniel P. Berrange
ecd2ba6893 Fix reporting of errors in OOM injection code
When the various viralloc.c functions were changed to use the
normal error reporting code, the OOM injection code paths
were not updated to report errors.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-24 10:52:26 +01:00
Daniel P. Berrange
5dd3b5e32a Fix missing OOM check in qemuParseCommandLine when splitting strings
The qemuParseCommandLine method did not check the return value of
virStringSplit to see if OOM had occurred. This lead to dereference
of a NULL pointer on OOM.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-24 10:52:26 +01:00
Daniel P. Berrange
5923ea67b1 Fix error checking of qemuParseKeywords return status
Most callers of qemuParseKeywords were assigning its return
value to a 'size_t' variable. Then then also checked '< 0'
for error condition, but this will never be true with the
unsigned size_t variable. Rather than using 'ssize_t', change
qemuParseKeywords so that the element count is returned via
an output parameter, leaving the return value solely as an
error indicator.

This avoids a crash accessing beyond the end of an error
upon OOM.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-24 10:52:26 +01:00
Daniel P. Berrange
150c1db52b Fix allocation of arglist in qemuStringToArgvEnv
In

  commit 41b5505679
  Author: Eric Blake <eblake@redhat.com>
  Date:   Wed Aug 28 15:01:23 2013 -0600

    qemu: simplify list cleanup

The qemuStringToArgvEnv method was changed to use virStringFreeList
to free the 'arglist' array. This method assumes the string list
array is NULL terminated, however, qemuStringToArgvEnv was not
ensuring this when populating 'arglist'. This caused an out of
bounds access by virStringFreeList when OOM occured in the initial
loop of qemuStringToArgvEnv

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-24 10:52:26 +01:00
Daniel P. Berrange
0bea528a33 Fix crash on OOM in qemuAddRBDHost
When parsing the RBD hosts, it increments the 'nhosts' counter
before increasing the 'hosts' array allocation. If an OOM then
occurs when increasing the array allocation, the cleanup block
will attempt to access beyond the end of the array. Switch
to using VIR_EXPAND_N instead of VIR_REALLOC_N to protect against
this mistake

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-24 10:52:26 +01:00
Daniel P. Berrange
ba19783d9b Fix crash on OOM in qemuDomainCCWAddressSetCreate()
If OOM occurs in qemuDomainCCWAddressSetCreate, it jumps to
a cleanup block and frees the partially initialized object.
It then mistakenly returns the address of the just free'd
pointer instead of NULL.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-24 10:52:21 +01:00
Daniel P. Berrange
f27490b705 Fix crash if OOM occurs when creating virConnectPtr
If a OOM error occurs in virGetConnect, this may cause the
virConnectDispose method to de-reference a NULL pointer,
since the close callback will not have been initialized.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-24 10:51:28 +01:00
Daniel P. Berrange
182d5ed331 Fix crash on OOM in parsing CPU mask in domain XML
The virDomainDefParseXML method did not check the return value
of the virBitmapNew API call for NULL. This lead to a crash on
OOM

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-24 10:51:28 +01:00
Daniel P. Berrange
a50de5d827 Fix crash on OOM when parsing disk security label
If an OOM error occurs in virSecurityDeviceLabelDefParseXML the
cleanup code may free an uninitialized pointer, causing a crash

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-24 10:51:28 +01:00
lawrancejing
e9f5f2e749 conf: Fix virNetworkAssignDef's comment. 2013-09-24 17:02:19 +08:00
Daniel P. Berrange
199679585b Add a virNetSocketNewConnectSockFD method
To allow creation of a virNetSocketPtr instance from a pre-opened
socketpair FD, add a virNetSocketNewConnectSockFD method.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-24 09:37:26 +01:00
Giuseppe Scrivano
dda4548c7b virConnectGetCPUModelNames: add the support for the test protocol
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2013-09-23 16:40:30 -06:00
Giuseppe Scrivano
cbcecd7ab1 virConnectGetCPUModelNames: add the support for qemu
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2013-09-23 15:52:14 -06:00
Giuseppe Scrivano
fd69544965 virConnectGetCPUModelNames: implement the remote protocol
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2013-09-23 15:50:35 -06:00
Giuseppe Scrivano
36cc09420a cpu: add function to get the models for an arch
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2013-09-23 15:50:30 -06:00
Giuseppe Scrivano
f90857b32a libvirt: add new public API virConnectGetCPUModelNames
The new function virConnectGetCPUModelNames allows to retrieve the list
of CPU models known by the hypervisor for a specific architecture.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2013-09-23 15:41:50 -06:00
Daniel P. Berrange
e4697b92ab Fix typo in identity code which is pre-requisite for CVE-2013-4311
The fix for CVE-2013-4311 had a pre-requisite enhancement
to the identity code

  commit db7a5688c0
  Author: Daniel P. Berrange <berrange@redhat.com>
  Date:   Thu Aug 22 16:00:01 2013 +0100

    Also store user & group ID values in virIdentity

This had a typo which caused the group ID to overwrite the
user ID string. This meant any checks using this would have
the wrong ID value. This only affected the ACL code, not the
initial polkit auth. It also leaked memory.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-23 14:07:55 -06:00
Chen Hanxiao
9a08e2cbc6 LXC: Check the existence of dir before resolving symlinks
If a dir does not exist, raise an immediate error in logs
rather than letting virFileResolveAllLinks fail, since this
gives better error reporting to the user.

Signed-off-by: Chen Hanxiao <chenhanxiao@cn.fujitsu.com>
2013-09-23 11:22:17 +01:00
Chen Hanxiao
0e618c6aff LXC: follow the unit style of /proc/meminfo
When FUSE is enabled, the LXC container is setup with
a custom /proc/meminfo file. This file uses "KB" as a
suffix, rather than "kB" which is the kernel's style.
Fix this inconsistency to avoid confusing apps.

Signed-off-by: Chen Hanxiao <chenhanxiao@cn.fujitsu.com>
2013-09-23 11:01:07 +01:00
Peter Krempa
5702c014b2 conf: Do better job when comparing features ABI compatibility
The ABI compatibility check for domain features didn't check the
expanded HyperV and APIC EOI values, thus possibly allowing change in
guest ABI.

Add the check and use typecasted switch statement to warn developers
when adding a new HyperV feature.
2013-09-22 19:24:38 +02:00
Martin Kletzander
484cc3217b qemu: Fix seamless SPICE migration
Since the wait is done during migration (still inside
QEMU_ASYNC_JOB_MIGRATION_OUT), the code should enter the monitor as such
in order to prohibit all other jobs from interfering in the meantime.
This patch fixes bug #1009886 in which qemuDomainGetBlockInfo was
waiting on the monitor condition and after GetSpiceMigrationStatus
mangled its internal data, the daemon crashed.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1009886
2013-09-20 17:11:10 +02:00
Doug Goldstein
7457cbe871 VMware: Make version parsing testable and add tests
This splits up the version parsing code into a callable API like QEMU
help/version string parsing so that we can test it as we need to add
additional patterns for newer versions/products.
2013-09-20 08:23:31 -05:00
Doug Goldstein
e7a1ce9d07 VMware: Store vmrun binary's path in the driver
Rather than looking up the path to vmrun each time we call it, look it
up once and save it. This sets up the ability for us to detect where the
path is on Mac OS X and not have to look it up each time we execute it.
2013-09-20 08:23:31 -05:00
Doug Goldstein
ea5805ed29 VMware: Convert driver type defines to enum
The VMware driver supports multiple backends for the VMware Player and
VMware Workstation, convert this logic into enum and use VIR_ENUM_IMPL()
to provide conversions to and from strings.
2013-09-20 08:23:31 -05:00
Laine Stump
30bb4c4b54 qemu: use "ide" as device name for implicit SATA controller on Q35
This resolves https://bugzilla.redhat.com/show_bug.cgi?id=1008903

The Q35 machinetype has an implicit SATA controller at 00:1F.2 which
isn't given the "expected" id of ahci0 by qemu when it's created. The
original suggested solution to this problem was to not specify any
controller for the disks that use the default controller and just
specify "unit=n" instead; qemu should then use the first IDE or SATA
controller for the disk.

Unfortunately, this "solution" is ignorant of the fact that in the
case of SATA disks, the "unit" attribute in the disk XML is actually
*not* being used for the unit, but is instead used to specify the
"bus" number; each SATA controller has 6 buses, and each bus only
allows a single unit. This makes it nonsensical to specify unit='n'
where n is anything other than 0. It also means that the only way to
connect more than a single device to the implicit SATA controller is
to explicitly give the bus names, which happen to be "ide.$n", where
$n can be replaced by the disk's "unit" number.
2013-09-20 07:03:23 -04:00
Christophe Fergeau
c5cc41584b Fix LIBVIRTD_CONFIGURATION_FILE constant
It's not used anywhere, but should be pointing to
$sysconfdir/libvirt/libvirtd.conf, not $sysconfdir/libvirtd.conf
2013-09-19 09:31:57 +02:00
Jonathan Lebon
b8e4644d1a docs: fix virEventAddHandle return details
In commit 6d41cb8, the interface for virEventAddHandleFunc was changed.
This patch updates the documentation for virEventAddHandle to reflect
the new significance of the return value. Also, both functions now
mention -1 for failure.
2013-09-18 13:06:13 -06:00
Daniel P. Berrange
922b7fda77 Add support for using 3-arg pkcheck syntax for process (CVE-2013-4311)
With the existing pkcheck (pid, start time) tuple for identifying
the process, there is a race condition, where a process can make
a libvirt RPC call and in another thread exec a setuid application,
causing it to change to effective UID 0. This in turn causes polkit
to do its permission check based on the wrong UID.

To address this, libvirt must get the UID the caller had at time
of connect() (from SO_PEERCRED) and pass a (pid, start time, uid)
triple to the pkcheck program.

This fix requires that libvirt is re-built against a version of
polkit that has the fix for its CVE-2013-4288, so that libvirt
can see 'pkg-config --variable pkcheck_supports_uid polkit-gobject-1'

Signed-off-by: Colin Walters <walters@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-18 15:13:42 +01:00
Daniel P. Berrange
e65667c0c6 Ensure system identity includes process start time
The polkit access driver will want to use the process start
time field. This was already set for network identities, but
not for the system identity.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-18 15:04:27 +01:00
Daniel P. Berrange
db7a5688c0 Also store user & group ID values in virIdentity
Future improvements to the polkit code will require access to
the numeric user ID, not merely user name.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-18 15:04:27 +01:00
Jiri Denemark
13e9bad55a qemu: Avoid dangling job in qemuDomainSetBlockIoTune
virDomainSetBlockIoTuneEnsureACL was incorrectly called after we already
started a job. As a result of this, the job was not cleaned up when an
access driver had forbidden the action.
2013-09-18 10:37:48 +02:00
Diego Woitasen
22547b4c98 Add forwarder attribute to <dns/> element
Useful to set custom forwarders instead of using the contents of
/etc/resolv.conf. It helps me to setup dnsmasq as local nameserver to
resolve VM domain names from domain 0, when domain option is used.

Signed-off-by: Diego Woitasen <diego.woitasen@vhgroup.net>
Signed-off-by: Eric Blake <eblake@redhat.com>
2013-09-17 17:47:33 -06:00
Doug Goldstein
834aebcc2f VMX: Add support for 'auto detect' fileNames
VMWare Fusion 5 can set the CD-ROM's device name to be 'auto detect' when
using the physical drive via 'cdrom-raw' device type. VMWare will then
connect to first available host CD-ROM to the virtual machine upon start
up according to VMWare documentation. If no device is available, it
appears that the device will remain disconnected.

To better model this a CD-ROM that is marked as "auto detect" when in
the off state would be modeled as the following with this patch:
  <disk type='block' device='lun'>
    <source startupPolicy='optional'/>
    <target dev='hda' bus='ide'/>
    <address type='drive' controller='0' bus='0' target='0' unit='0'/>
  </disk>

Once the domain transitions to the powered on state, libvirt can
populate the remaining source data with what is connected, if anything.
However future power cycles, the domain may not always start with that
device attached.
2013-09-17 14:10:40 -05:00
Doug Goldstein
4b5652d0dc Allow <source> for type=block to have no dev
Currently the XML parser already allows the following syntax:
  <disk type='block' device='cdrom'>
    <source startupPolicy='optional'/>
    <target dev='hda' bus='ide'/>
    <address type='drive' controller='0' bus='0' target='0' unit='0'/>
  </disk>

But it if the dev value is NULL then it would not have the leading
"<source ", resulting in invalid XML.
2013-09-17 14:10:40 -05:00
Aline Manera
8ffe1d0c46 Add tftp protocol support for cdrom disk
qemu/KVM also supports a tftp URL while specifying the cdrom ISO image.

The xml should be as following:

    <disk type='network' device='cdrom'>
      <source protocol='tftp' name='/url/path'>
        <host name='host.name' port='69'/>
      </source>
    </disk>

Signed-off-by: Aline Manera <alinefm@br.ibm.com>
2013-09-17 14:45:02 +01:00
Aline Manera
0f24393e60 Add ftps protocol support for cdrom disk
The ftps protocol is another protocol supported by qemu/KVM while specifying
the cdrom ISO image.

The xml should be as following:

    <disk type='network' device='cdrom'>
      <source protocol='ftps' name='/url/path'>
        <host name='host.name' port='990'/>
      </source>
    </disk>

Signed-off-by: Aline Manera <alinefm@br.ibm.com>
2013-09-17 14:45:02 +01:00
Aline Manera
d9dd981801 Add https protocol support for cdrom disk
The https protocol is also accepted by qemu/KVM when specifying the cdrom ISO
image.

The xml should be as following:

    <disk type='network' device='cdrom'>
      <source protocol='https' name='/url/path'>
        <host name='host.name' port='443'/>
      </source>
    </disk>

Signed-off-by: Aline Manera <alinefm@br.ibm.com>
2013-09-17 14:45:02 +01:00
Peter Krempa
0d4f469c87 conf: Avoid false positive of uninitialized variable use
GCC 4.8.0+ whines about variable "new" being uninitialized since
commit 73bfac0e71. This is a false positive as the
xmlFreeNode(new) statement can be only reached if new was actually
allocated successfully.

  CC       conf/libvirt_conf_la-domain_conf.lo
  conf/domain_conf.c: In function 'virDomainDefSetMetadata':
  conf/domain_conf.c:18650:24: error: 'new' may be used uninitialized in this function [-Werror=maybe-uninitialized]
               xmlFreeNode(new);

Reported independently by John Ferlan and Michal Privoznik.
2013-09-17 13:57:32 +02:00
Eric Blake
716c7bb1dd build: fix VPATH build of remote driver
Commit 073e1575 tried to set things up so that 1) generated files
to be shipped in the tarball always live in srcdir, and 2) we have
no files in SOURCES that depend on any other files with a literal
$(srcdir) in the name, because that situation can cause confusing
results for the make expansion of $@ depending on whether the file
is found locally or via VPATH.  But all my testing for that patch
was done incrementally, where all the protocol.[ch] files had
already been generated prior to the patch and were up-to-date in
the srcdir, and thus I missed one case where $@ causes grief in a
VPATH build from a fresh checkout:

We have a pattern rule for generating remote_protocol.[ch], and
what's more, the rule for protocol.c depends on protocol.h AND
on the protocol.x file.  The pattern for protocol.c is only
satisfied via the VPATH lookup for protocol.x, and if protocol.h
doesn't yet exist, the VPATH rule kicks in and we end up with a
dependency on a file with $(srcdir) in the name.  Based on make's
rules for $@, this resulted in make building remote_protocol.h
into srcdir (where we want it), then remote_protocol.c into
builddir (oops, not so good for the tarball), and also causes
the build to fail (the compiler can't find the .h if it lives
in a different directory than the .c):

  CC       remote/libvirt_driver_remote_la-remote_protocol.lo
remote/remote_protocol.c:7:29: fatal error: remote_protocol.h: No such file or directory
 #include "remote_protocol.h"
                             ^
compilation terminated.

As before, the fix is to hard-code the output file to go into
srcdir in spite of $@; but since this is in a pattern rule, we
are forced to use $@ in the recipe, so the patch is a bit
trickier than what was done in commit 073e1575.

* src/Makefile.am (%protocol.c, %protocol.h): Force output to srcdir.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-09-17 05:50:17 -06:00
Peter Krempa
7655ed0802 conf: Don't corrupt metadata on OOM
Eric Blake suggested that we could do a little better in case copying of
the metadata to be set fails. With this patch, the old metadata is
discarded after the new string is copied successfuly.
2013-09-17 12:13:49 +02:00
Peter Krempa
044e3e7524 qemu: Fix memleak after commit 59898a88ce
If the ABI compatibility check with the "migratable" user XML is
successful, we would leak the originally parsed XML from the user that
would not be used in this case.

Reported by Ján Tomko.
2013-09-17 12:04:57 +02:00
Peter Krempa
f616fbf2a4 test: Add <metadata> support into the test driver 2013-09-17 09:42:50 +02:00
Peter Krempa
f9c7b32e5d lxc: Add metadata modification APIs 2013-09-17 09:42:50 +02:00
Peter Krempa
3b6784d119 lib: Don't force the key argument when deleting metadata
virDomainSetMetadata when operating on the metadata element was
requesting the @key argument to be passed even if @metadata was NULL
used to delete the corresponding metadata element. This is not needed as
the key is only used when adding the element and matching is done via
the XML namespace.
2013-09-17 09:42:49 +02:00
Peter Krempa
73bfac0e71 conf: allow to add XML metadata using the virDomainSetMetadata api
The functionality wasn't originally implemented. This patch adds the
ability to modify domain's XML metadata using the API.
2013-09-17 09:42:49 +02:00
Peter Krempa
ac38bff077 conf: Add support for requesting of XML metadata via the API
The virDomainGetMetadata function was designed to support also retrieval
of app specific metadata from the <metadata> element. This functionality
was never implemented originally.
2013-09-17 09:42:49 +02:00
Peter Krempa
be0f0c2292 util: Add helper to convert libxml2 nodes to a string 2013-09-17 09:42:49 +02:00
Peter Krempa
e9cb66f14e conf: Factor out setting of metadata to simplify code
The code to set the metadata in a domain definition is common to live
and inactive domains. Factor it out into a common func.
2013-09-17 09:42:49 +02:00