If we're running qemu unprivileged, we need to chown any supplied kernel
or initrd before spawning it.
* src/qemu_driver.c: rename qemuDomainSetDiskOwnership() to
qemuDomainSetFileOwnership(), pass it a path string instead of a disk
definition and use it for chowning the kernel/initrd in
qemuDomainSetAllDeviceOwnership()
While trying to remove uses of unsafe strncpy in the tree, I came
across a couple of usages in the ESX driver. To my eyes, the snprintf
replacements do the same thing in less code, and are also safer.
Signed-off-by: Chris Lalancette <clalance@redhat.com>
Tested-by: Mattias Bolte <matthias.bolte@googlemail.com>
* src/logging.c src/logging.h src/libvirt_private.syms:
define new functions virLogSetFromEnv and virLogParseDefaultPriority
* qemud/qemud.c src/libvirt.c tests/eventtest.c: cleanup to use the
unified functions
* qemud/qemud.c src/logging.[ch]: Similar as for general libvirt, don't
convert high priority levels to debug level. Ignore LIBVIRT_LOG_FILTERS
and LIBVIRT_LOG_OUTPUTS when they're set to the empty string, otherwise
they can override a valid setting from the config file. Send all
settings through the parser functions for validation, so that the
existence of a bad setting doesn't nullify a good setting that should
have applied -- particularly the default output. Keep the order of
precedence consistent for all variables between the environment and
the config file. Warn when an invalid log level, filter, or output
is ignored.
* src/libvirt_private.syms: export internally a few convenience functions
* src/libvirt.c src/logging.c: Don't convert high priority levels to the
debug level. Don't parse LIBVIRT_LOG_FILTERS and LIBVIRT_LOG_OUTPUTS
when they're set to the empty string. Warn when the user specifies an
invalid value (empty string remains a noop).
* po/POTFILES.in: src/logging.c now include translatable strings
* src/xm_internal.c: in case of multiple connections to the xen driver
and some clients were not using domain events, the whole /etc/xen
monitoring would break leading to disapearing domains.
* src/esx/esx_driver.c src/esx/esx_vi.[ch] src/esx/esx_vmx.[ch]:
adds version checking for GSX 2.0, allows to pass a specific port
for the connection and also add a new specific gsx scheme for
easier connections to GSX hosts
Fix up qemudDomainMigratePrepare2 to use virGetHostname instead of
gethostname. Besides the fact that virGetHostname is far more clever,
there was a latent bug in the handling that could cause a buffer overflow
on a very long hostname.
Signed-off-by: Chris Lalancette <clalance@redhat.com>
* autobuild.sh, mingw32-libvirt.spec.in: Enable esx on mingw32
* src/esx/esx_driver.c: Define AI_ADDRCONFIG if not set
* src/esx/esx_util.c, src/esx/esx_vi_types.c: Always use
%lld & friends, since gnulib guarentees we have these
and not the target's own variants
If the bridge device is configured to have IPv6 address and
accept router advertisments, then a malicious guest can send
out bogus advertisments and hijack/DOS host IPv6 connectivity
* src/network_driver.c: Set accept_ra=0, disable_ipv6=1, autoconf=0
for IPv6 sysctl on virual network bridge devices
PCIe DevCap register is actually 32 bits, not 16 bits. Since FLR is
bit 28, we clearly are failing to detect FLR support.
Known to fix device reset with some SR-IOV devices.
* src/pci.c: fix pciDetectFunctionLevelReset()
* src/util.c: Don't drop capabilities until after the PID file has
been written. Kill off child if writing the PID file fails
* src/qemu_driver.c: Remove bogus trailing '/' in state dir
* esx/esx_driver.c: add some documentation about the CPU scheduler
parameters and remove some old, unnecessary compensation code, since
virsh uses the proposed parameter types now.
* src/qemu_driver.c: fix qemudOpenMonitorUnix() to retry on ENOENT
instead of EACCES which is the error one receive when the socket
error hasn't shown up yet
In order to hotplug a network/bridge backed NIC, we need to first create
the tap file descriptor, add the tap interface to the bridge and then
pass the file descriptor to the qemu process using the 'getfd' monitor
command.
Once the tapfd has been accepted, we create the network backend using
host_net_add, supplying the name assigned to the tapfd. If this fails,
we need to close the tapfd in qemu using the 'closefd' monitor command.
If the version of qemu does not support the getfd/closefd monitor
commands we detect "unknown command" in the getfd reply and fail the
attach operation.
* src/qemu_driver.c: add support for tapfd based hotplug in
qemudDomainAttachNetDevice()
Add qemudMonitorCommandWithFd() which allows a file descriptor to be
sent to qemu over a unix monitor socket using SCM_RIGHTS. See the
unix(7) and cmsg(3) man pages.
* src/qemu_conf.c: add a scm_fd param to qemudMonitorCommandExtra(),
add qemudMonitorCommandWithFd(), implement SCM_RIGHTS support in
qemudMonitorSendUnix()
Switch from using write() to using sendmsg() on QEMU's monitor socket
so that we can add support for SCM_RIGHTS.
* src/qemu_driver.c: add sendmsg() based qemudMonitorSendUnix() and use
it when the monitor fd is a unix socket
Add a little helper function to write the monitor command followed by
carriage return in a single write.
This doesn't make any real difference, but allows us to more easily
switch to using sendmsg() when using the monitor over a unix socket.
* src/qemu_conf.c: split qemudMonitorSend() out
In subsequent patches we're going to have a file descriptor to close
too, so centralize the error handling cleanups to make things easier.
* src/qemu_conf.c: in qemudDomainAttachNetDevice() consolidate the
error handling cleanups together
With hotplug, we're going to want to pass a tapfd name rather than an
actual file descriptor, so prepare the way by passing a string tapfd to
qemuBuildHostNetStr().
* src/qemu_conf.h: qemuBuildHostNetStr() takes a string tapfd now
* src/qemu_conf.c: pass qemuBuildHostNetStr() a string rather than an
actual file descriptor
* src/qemu_driver.c: update qemudDomainAttachNetDevice() for change
* src/qemu_conf.h: export qemudNetworkIfaceConnect()
* src/qemu_conf.c: move vnet_hdr logic into qemudNetworkIfaceConnect()
since we need it for hotplug too
By probing for qemu machine types, we increased the time of a
GetCapabilities call from 100us to a whopping 60ms.
This patch takes the approach of only probing for machine types
when the mtime of the emulator binary changed since the last time
the capabilities were generated.
* src/capabilities.h: cache the emulator binary mtime
* src/qemu_conf.c: add qemudGetOldMachines() to copy the machine
types from the old caps struct if the mtime for the binary hasn't
changed
* src/qemu_conf.h, src/qemu_driver.c: pass the old caps pointer to
qemudCapsInit()
e.g. <machine canonical='pc'>pc-0.11</machine>
* src/capabilities.c: output the canonical machine names in the
capabilities output, if available
* docs/schemas/capabilities.rng: add the new attribute
Not all possible emulators are actually in the capabilities, so if we
don't find the supplied emulator we should probe it directly for machine
types.
* src/qemu_driver.c: add qemudCanonicalizeMachineDirect() to directly
probe an emulator for the canonical machine type
In qemu-0.11 there is a 'pc-0.10' machine type which allows you to run
guests with a machine which is compatible with the pc machine in
qemu-0.10 - e.g. using the original PCI class for virtio-blk and
virtio-console and disabling MSI support in virtio-net. The idea here
is that we don't want to suprise guests by changing the hardware when
qemu is updated.
I've just posted some patches for qemu-0.11 which allows libvirt to
canonicalize the 'pc' machine alias to the latest machine version.
This patches makes us use that so that when a guest is configured to
use the 'pc' machine type, we resolve that to 'pc-0.11' machine and
save that in the guest XML.
See also:
https://fedoraproject.org/wiki/Features/KVM_Stable_Guest_ABI
* src/qemu_conf.c: add qemudCanonicalizeMachine() to canonicalize
the machine type according to the machine aliases in capabilities
* src/qemu_driver.c: parse aliases in qemudParseMachineTypesStr()
A subsequent commit will add a "canonical" field to this structure,
this patch basically just prepares the way for that.
The new type is added, along with virCapabilitiesAlloc/FreeMachines()
helpers and a whole bunch of code to make the transition.
One quirk is that virCapabilitiesAddGuestDomain() and
virCapabilitiesAddGuest() take ownership of the machine list rather
than duping it. This makes sense to avoid needless copying.
* src/capabilities.h: add the virCapsGuestMachine struct and use it
in virCapsGuestDomainInfo, add prototypes for new functions and
update the AddGuest() prototypes
* src/capabilities.c: add code for allocating and freeing the new
type, change the machines parameter to AddGuest() etc.
* src/libvirt_private.syms: export the new helpers
* src/qemu_conf.c: update all the machine type code to use the new
struct
* src/xen_internal.c: ditto
* tests/testutilsqemu.c: ditto
Currently we hardcode the QEMU machine types. We should really just
parse the output of 'qemu -M ?' so the lists don't get out of sync.
xenner doesn't support '-M ?', so we still need to hardcode that.
The horrible (const char *const *) is removed in a subsequent patch.
* src/qemu_conf.c: kill the arch_info*machines tables, retain the
hardcoded xenner machine type, add qemudProbeMachineTypes() to
run and parse 'qemu -M ?' and use it in qemudCapsInitGuest()
There's no need for the hasbase/hasaltbase confusion, just store the
first binary path found in a variable.
* src/qemu_conf.c: kill hasbase/hasaltbase logic in qemudCapsInitGuest()
* src/esx/esx_driver.c src/esx/esx_vi.c src/esx/esx_vi.h
src/esx/esx_vmx.c src/esx/esx_vmx.h: extend the VI API version checks
to accept version 4.0 and takes care of the virtualHW.version change
from 4 to 7.
* src/esx/esx_driver.c src/esx/esx_util.c src/esx/esx_util.h
src/esx/esx_vi.c src/esx/esx_vi.h: adds a no_verify query parameter to
stop libcurl from verifying theserver certificate for the https
transport.
Do the check in libvirt.c, to save drivers from the burden. This changes
behavior slightly in the qemu driver: we no longer explictly error if
passed an empty string. An error will still be thrown when the device
lookup fails.
* src/vbox/vbox_driver.c: remove some old 2.5 switches and plug the
3.0 driver
* src/vbox/vbox_V3_0.c src/vbox/vbox_CAPI_v3_0.h: the driver for
VirtualBox 3.0
* src/vbox/vbox_tmpl.c: handle the new driver and add event support
* src/Makefile.am: plug in the new module
Features supported:
- Connects to HMC/VIOS or IVM systems.
- Life cycle commands (resume and shutdown).
- dumpxml
- 'list' and 'list --all'
What is being implemented:
- better and centralized control for UUID
- definexml
- CPU management commands
* src/domain_conf.c src/domain_conf.h: first version of the driver
* configure.in src/Makefile.am include/libvirt/virterror.h
src/domain_conf.[ch] src/libvirt.c src/virterror.c: glue the driver
in the general framework
* src/esx/esx_*.[ch]: the driver, uses a remote minimal SOAP client
to talk to the VI services on ESX nodes.
* configure.in include/libvirt/virterror.h src/Makefile.am src/driver.h
src/libvirt.c src/virterror.c: glue in the new driver
* qemud/libvirtd_qemu.aug, qemud/test_libvirtd_qemu.aug,
src/qemu.conf: Add 'cgroups_controllers' and 'cgroups_device_acl'
parameters
* src/qemu_conf.h, src/qemu_conf.c: Load & parse configuration params
for cgroups
* src/qemu_driver.c: Only use cgroups controllers that are activated,
and use configured device whitelist instead of default, if set.
* src/qemu_driver.c: Set a restrictive block device whitelist for
all QEMU guests. Update whitelist when hotplugging disks.
* src/cgroup.h, src/cgroup.c: Add some more convenience methods
for dealing with block device whitelists.
* src/qemu_driver.c: Add driver methods qemuGetSchedulerType,
qemuGetSchedulerParameters, qemuSetSchedulerParameters
* src/lxc_driver.c: Fix to use unsigned long long consistently
for schedular parameters
* src/cgroup.h, src/cgroup.c: Fix cpu_shares to take unsigned
long long
* src/util.c, src/util.h, src/libvirt_private.syms: Add a
virStrToDouble helper
* src/virsh.c: Fix handling of --set arg to schedinfo command
to honour the designated data type of each schedular tunable
as declared by the driver
Allow the driver level cgroup to be managed explicitly by the
hypervisor drivers, in order to detect whether to enable or
disable cgroup support for domains. Provides better error
reporting of failures. Also allow for creation of cgroups for
unprivileged drivers if controller is accessible by the user.
* src/cgroup.c, src/cgroup.h: Add an API to obtain a driver cgroup
* src/lxc_conf.h, src/lxc_controller.c, src/lxc_driver.c:
Obtain a driver cgroup at startup and use that instead of
re-creating everytime.
* src/util.c, src/util.h, src/libvirt_private.syms: Add a
virGetUserName() helper
* src/cgroup.c: Detect the mount location of every controller at
time a virCgroupPtr is created. Detect current process' placement
within group to avoid assuming it is in the root. Pass controller
ID into SetValueStr/GetValueStr to enable much duplicated code to
be eliminated
* src/datatypes.c src/domain_conf.c src/interface_conf.c
src/lxc_driver.c src/qemu_driver.c src/storage_backend.c src/virsh.c:
add bare %s format string to printf-derivatives called with no format
string
GCC >= 4.4 assumes the 'printf' attribute refers to the native
runtime libraries format specifiers. Thanks to gnulib, libvirt
has GNU format specifiers everywhere. This means we need to
use 'gnu_printf' with GCC >= 4.4 to get correct compiler
checking of printf format specifiers.
* HACKING: Document new rules for ATTRIBUTE_FMT_PRINTF
* autobuild.sh, mingw32-libvirt.spec.in: Disable OpenNebula
driver on mingw32 builds
* qemud/dispatch.h, qemud/qemu.h, src/buf.h src/internal.h,
src/logging.h, src/security.h, src/sexpr.h, src/util.h,
src/virterror_internal.h, src/xend_internal.c: Change
over to ATTRIBUTE_FMT_PRINTF.
* src/virsh.c: Disable 'cd' and 'pwd' commands on Win32
since they don't compile
* src/threads-win32.c: Add missing return value check
If the qemu binary supports "-no-kvm" and/or "-no-kqemu", they should
always be added for plain "qemu" domains. Previously, we omitted them
whenever the host and guest architectures implied that they would be
disabled automatically, but that logic was flawed in some cases
(such as i686 and x86_64).
* src/qemu_conf.c: fix the conditions for adding "-no-kvm" and/or "-no-kqemu"
* include/libvirt/libvirt.h include/libvirt/libvirt.h.in: adds the new
flag VIR_MEMORY_PHYSICAL for virDomainMemoryPeek
* src/libvirt.c: update the front-end checking
* src/qemu_driver.c: extend the QEmu driver
* src/datatypes.c: fix a lock problem on error handling, as the
error report takes the lock, it must be released before, fixes
the problem but just for Interface objects
qemu network devices are hot-unplugged in two stages - first the PCI NIC
is removed using 'pci_del <pci_addr>' and then the backend is removed
using 'host_net_remove <vlan> <name>'.
In order to perform these operations we need to have retained the
PCI address, backend name and vlan number.
* src/qemu_driver.c: add qemudDomainDetachNetDevice()
When we pci_add a NIC, we need to retain the PCI address assigned by
qemu for using during detach.
* src/qemu_driver.c: use qemudParsePciAddReply() to pull the PCI
address from the pci_add reply
* src/domain_conf.c: handle storing and parsing the PCI address in the
domain state XML file
The current code for parsing pci_add replies ignores the the domain and
bus numbers. Re-write the code to rectify that.
Also, since pci_add is used for NIC hotplug as well ask disk hotplug,
re-factor the code into a separate function.
* src/qemu_driver.c: add qemudParsePciAddReply() function which can
handle parsing domain and bus numbers
If we fail to pci_add a NIC, we should remove the network backend and
leave things the way we found them. To do that, we pre-allocate a
host_net_remove monitor command and issue that if the pci_add fails.
If the remove fails, we just log a warning.
We can only do this if we have a name for the network backend and
we know the vlan number its associated with.
* src/qemu_driver.c: host_net_remove the network backend if the
pci_add fails
