Commit Graph

12505 Commits

Author SHA1 Message Date
Daniel P. Berrange
75e656a363 Fix crash parsing RNG device specification
Code that validates the whitelist for the RNG device filename
didn't account for fact that filename may be NULL. This led
to a NULL reference crash. This wasn't caught since the test
suite was not covering this XML syntax

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-03-07 12:57:10 +00:00
John Ferlan
1cf4ef1fca Resolve valgrind error
Resolves the following valgrind error from qemuxml2argvtest:

==20393== 5 bytes in 1 blocks are definitely lost in loss record 2 of 60
==20393==    at 0x4A0883C: malloc (vg_replace_malloc.c:270)
==20393==    by 0x38D690A167: __vasprintf_chk (in /usr/lib64/libc-2.16.so)
==20393==    by 0x4CB0D97: virVasprintf (stdio2.h:210)
==20393==    by 0x4CB0E53: virAsprintf (virutil.c:2017)
==20393==    by 0x428DC5: qemuAssignDeviceAliases (qemu_command.c:791)
==20393==    by 0x41DF93: testCompareXMLToArgvHelper (qemuxml2argvtest.c:151)
==20393==    by 0x41F53F: virtTestRun (testutils.c:157)
==20393==    by 0x41DA9B: mymain (qemuxml2argvtest.c:885)
==20393==    by 0x41FB7A: virtTestMain (testutils.c:719)
==20393==    by 0x38D6821A04: (below main) (in /usr/lib64/libc-2.16.so)
==20393==

From qemu_command.c/line 791:

    if (def->rng) {
        if (virAsprintf(&def->rng->info.alias, "rng%d", 0) < 0)
            goto no_memory;
    }
2013-03-06 16:03:50 -05:00
Jiri Denemark
4b0cb4a745 storage: Cleanup logical volume creation code
This patch plugs two memory leaks, removes some useless and confusing
constructs and renames renames "cleanup" label as "error" since it is
only used for error path rather then being common for both success and
error paths.
2013-03-06 14:53:00 +01:00
John Ferlan
80e524de86 sheepdog: Adjust logic to break while loop to avoid Coverity error
Change the various "return -1" to "break".  Avoids Coverity error and
perhaps other/future analyzer issues.
2013-03-05 22:52:51 -05:00
John Ferlan
40e904490f libxl_driver: Resolve Coverity errors
1. The virObjectLock() call was unconditional, but Unlock was conditional
   on vm being valid.  Removed the check

2. A call to virDomainEventNewFromObj() isn't guaranteed to return an
   event - that check needs to be made prior to libxlDomainEventQueue()
   of the event. Did not add libxlDriverLock/Unlock around the call since
   some callers already have lock taken

3. Need to initialize fd = -1 in libxlDoDomainSave() since we can jump
   to cleanup before it's set.

4. Missing break;'s in libxlDomainModifyDeviceFlags() for case
   LIBXL_DEVICE_UPDATE.  The default: case would report an error
2013-03-05 22:52:51 -05:00
John Ferlan
50de0e0807 libxl_conf: Resolve Coverity issue with call to regcomp() 2013-03-05 22:52:51 -05:00
Guannan Ren
0047d5d6e8 qemu: update domain live xml for virsh memtune with --live flag
virsh subcommand memtune forgot updating domain live xml
after setting cgroup value.
2013-03-06 11:46:33 +08:00
Guannan Ren
b38a040a29 util: fix a integer boundary error
A value which is equal to a integer maximum such as LLONG_MAX is
a valid integer value.

The patch fix the following error:
1, virsh memtune vm --swap-hard-limit -1
2, virsh start vm
In debug mode, it shows error like:
virScaleInteger:1813 : numerical overflow:\
                       value too large: 9007199254740991KiB
2013-03-06 11:46:33 +08:00
Peter Krempa
7fc4864a3a conf: Report errors on cputune parameter parsing
This patch adds proper error reporting if parsing of cputune parameters
fails due to incorrect values provided by the user. Previously no errors
were reported in such a case and the failure was silently ignored.
2013-03-05 08:35:28 +01:00
Peter Krempa
5d9169e4dc conf: Make virDomainDeviceInfoIterate usable without os type
Make the iterator function usable in the next patches. Also refactor
some parts to avoid strcmp if not necessary.

This commit tweaks and shadows the change that was done in commit
babe7dada0 and was needed after the
support for multiple console devices was added. Historically the first
<console> element is alias for the <serial> device.
2013-03-05 08:34:49 +01:00
Peter Krempa
bb98ba5d8f conf: whitespace cleanups and refactors with no semantic impact
This patch changes many unrelated places to simplify the code or update
code style. This patch should not have any semantic impact on the code.
2013-03-05 08:34:49 +01:00
Peter Krempa
0d00c7a3bd virsh-snapshot: Add ability to print only snapshot names
Help script creators by not having to parse the names from the table.
2013-03-05 08:34:48 +01:00
Daniel Veillard
be1c364d89 Release of libvirt 1.0.3
- configure.ac docs/news.html.in libvirt.spec.in: update for the release
- po/*.po*: merged in transifex updates for fr,hi,pl,ja,uk,it and
  regenerated
2013-03-05 12:00:53 +08:00
Eric Blake
4932ef4502 rng: restrict passthrough names to known-good files
There is some controversy[1] on the qemu list on whether qemu should
have ever allowed arbitrary file name passthrough, or whether it
should be restricted to JUST /dev/random and /dev/hwrng.  It is
always easier to add support for additional filenames than it is
to remove support for something once released, so this patch
restricts libvirt 1.0.3 (where the virtio-random backend was first
supported) to just the two uncontroversial names, letting us defer
to a later date any decision on whether supporting arbitrary files
makes sense. Additionally, since qemu 1.4 does NOT support
/dev/fdset/nnn fd passthrough for the backend, limiting to just
two known names means that we don't get tempted to try fd
passthrough where it won't work.

[1]https://lists.gnu.org/archive/html/qemu-devel/2013-03/threads.html#00023

* src/conf/domain_conf.c (virDomainRNGDefParseXML): Only allow
/dev/random and /dev/hwrng.
* docs/schemas/domaincommon.rng: Flag invalid files.
* docs/formatdomain.html.in (elementsRng): Document this.
* tests/qemuxml2argvdata/qemuxml2argv-virtio-rng-random.args:
Update test to match.
* tests/qemuxml2argvdata/qemuxml2argv-virtio-rng-random.xml:
Likewise.
2013-03-04 17:45:38 -07:00
John Ferlan
2631fe0420 internals: Update to include RPC and Lock links and add new data
Added a picture and explanation describing the virConnectOpen processing
at a "higher" level, but with some source code references.
2013-03-04 17:36:03 -05:00
John Ferlan
6fd1b9d621 Add references for phyp and parallels 2013-03-04 17:36:03 -05:00
John Ferlan
0b5c717b61 api: Add text and references for daemon 2013-03-04 17:36:03 -05:00
John Ferlan
b1083281d9 api: Add text and references for drivers section 2013-03-04 17:36:03 -05:00
John Ferlan
492233e773 api: Complete list of function and naming conventions 2013-03-04 17:36:03 -05:00
John Ferlan
cc24589e75 api: Reword and clean lists for object description 2013-03-04 17:36:03 -05:00
John Ferlan
b8a0b631dc api: Reword objects exposed section 2013-03-04 17:36:03 -05:00
John Ferlan
b421c35c98 hellolibvirt: Adjust code to use new APIs
Change the order of some conditions and use the AllDomains API to get
a list of all the active and defined domains, then use the Active and
Name API's in order to print.

This changes here adjust the output from:

Attempting to connect to hypervisor
Connected to hypervisor at "qemu:///system"
Hypervisor: "QEMU" version: 0.32.656
There are 0 active and 2 inactive domains
Inactive domains:
  foo
  bar
Disconnected from hypervisor

to

Attempting to connect to hypervisor
Connected to hypervisor at "qemu:///system"
Hypervisor: "QEMU" version: 0.32.656
There are 0 active and 2 inactive domains
       foo (non-active)
       bar (non-active)
Disconnected from hypervisor
2013-03-04 17:36:03 -05:00
John Ferlan
f7e7429416 libvirt: Update headers for doc
Update the function prototypes to include a message about the client needing
to free() returned name fields.  Fix the all domains example flags values.
2013-03-04 17:36:03 -05:00
Daniel P. Berrange
0204d6d7a0 Fix TLS tests with gnutls 3
When given a CA cert with basic constraints to set non-critical,
and key usage of 'key signing', this should be rejected. Version
of GNUTLS < 3 do not rejecte it though, so we never noticed the
test case was broken

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-03-04 17:42:16 +00:00
Satoru Moriya
464ad16f5c qemu: fix wrong evaluation in qemuDomainSetMemoryParameters
19c6ad9a (qemu: Refactor qemuDomainSetMemoryParameters) introduced
a new macro, VIR_GET_LIMIT_PARAMETER(PARAM, VALUE). But if statement
in the macro is not correct and so set_XXXX flags are set to false
in the wrong. As a result, libvirt ignores all memtune parameters.
This patch fixes the conditional expression to work correctly.

Signed-off-by: Satoru Moriya <satoru.moriya@hds.com>
2013-03-04 18:34:28 +01:00
Guannan Ren
b95c13cd33 util: use string libvirt to prefix error message instead of libvir
BZ:https://bugzilla.redhat.com/show_bug.cgi?id=912021
Without error handler set, virDefaultErrorFunc will be called, the
error message is prefixed with "libvir:". It become a little better
by using prefix "libvirt:" when working with upper application.

For example:
1, stop libvirtd daemon
2, run virt-top.
libvir: XML-RPC error : Failed to connect \
        socket to '/var/run/libvirt/libvirt-sock-ro': \
        No such file or directory
libvirt: VIR_ERR_SYSTEM_ERROR: VIR_FROM_RPC: \
        Failed to connect socket to '/var/run/libvirt/libvirt-sock-ro': \
        No such file or directory
2013-03-04 23:21:20 +08:00
Fritz Elfert
443ec5c8c3 libvirt does not logout of iscsi targets, causing system hang on shutdown
There's a quite old bug entry here:

https://bugzilla.redhat.com/show_bug.cgi?id=700010

I just stumbled over that very issue on F18. Doing a little bit
debugging of the shutdown sequence, it turns out that - at least on my
F18 installation - libvirtd is shutdown *after* iscsid, which makes it
impossible for libvirt to perform the logout of the iscsi session properly.

This patch simply adds another startup dependancy on iscsid.service
which in turn delays iscsid shutdown until after libvirtd has stopped.
Having that applied, the system shuts down properly again.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-03-04 06:28:57 -07:00
Peter Krempa
9933a6b2fa qemu: Remove managed save flag from VM when starting with --force-boot
At the start of the guest after the image is unlinked the state wasn't
touched up to match the state on disk.
2013-03-04 12:10:28 +01:00
Christophe Fergeau
aff6942c23 qemu: Use -1 as unpriviledged uid/gid
Commit f506a4c1 changed virSetUIDGID() to be a noop
when uid/gid are -1, while it used to be a noop when
they are <= 0.

The changes in this commit broke creating new VMs in GNOME Boxes
as qemuDomainCheckDiskPresence gets called during domain creation/startup,
which in turn calls virFileAccessibleAs which fails after calling
virSetUIDGID(0, 0) (Boxes uses session libvirtd). virSetUIDGID is called with
(0, 0) as these are the default user/group values in virQEMUDriverConfig
for session libvirtd.

This commit changes virQEMUDriverConfigNew to use -1 as the unpriviledged
uid/gid. I've also looked at the various places where cfg->user is used,
and they all seem to handle -1 correctly.
2013-03-04 08:50:09 +01:00
Guido Günther
c7e85db61b hook: log the exit status of the hook not 256
Adjust the docs accordingly. See http://bugs.debian.org/701570.
2013-03-01 20:28:00 +01:00
Michal Privoznik
1cf97c87c0 virnetdevmacvlan.c: Introduce mutex for macvlan creation
Currently, after we removed the qemu driver lock, it may happen
that two or more threads will start up a machine with macvlan and
race over virNetDevMacVLanCreateWithVPortProfile(). However,
there's a racy section in which we are generating a sequence of
possible device names and detecting if they exits. If we found
one which doesn't we try to create a device with that name.
However, the other thread is doing just the same. Assume it will
succeed and we must therefore fail. If this happens more than 5
times (which in massive parallel startup surely will) we return
-1 without any error reported. This patch is a simple hack to
both of these problems. It introduces a mutex, so only one thread
will enter the section, and if it runs out of possibilities,
error is reported. Moreover, the number of retries is raised to 20.
2013-03-01 11:33:29 +01:00
Daniel P. Berrange
9c4ecb3e8e Revert hack for autodestroy in qemuProcessStop
This reverts the hack done in

commit 568a6cda27
Author: Jiri Denemark <jdenemar@redhat.com>
Date:   Fri Feb 15 15:11:47 2013 +0100

    qemu: Avoid deadlock in autodestroy

since we now have a fix which avoids the deadlock scenario
entirely
2013-03-01 10:18:27 +00:00
Daniel P. Berrange
96b893f092 Fix deadlock in QEMU close callback APIs
There is a lock ordering problem in the QEMU close callback
APIs.

When starting a guest we have a lock on the VM. We then
set a autodestroy callback, which acquires a lock on the
close callbacks.

When running auto-destroy, we obtain a lock on the close
callbacks, then run each callbacks - which obtains a lock
on the VM.

This causes deadlock if anyone tries to start a VM, while
autodestroy is taking place.

The fix is to do autodestroy in 2 phases. First obtain
all the callbacks and remove them from the list under
the close callback lock. Then invoke each callback
from outside the close callback lock.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-03-01 10:16:29 +00:00
Daniel P. Berrange
7ccad0b16d Fix crash in QEMU auto-destroy with transient guests
When the auto-destroy callback runs it is supposed to return
NULL if the virDomainObjPtr is no longer valid. It was not
doing this for transient guests, so we tried to virObjectUnlock
a mutex which had been freed. This often led to a crash.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-03-01 10:16:29 +00:00
Guannan Ren
20fa62414c python: fix fd leak in generator.py 2013-03-01 15:49:07 +08:00
Guannan Ren
2387fdb7d0 python: fix typoes and repeated global vars references 2013-03-01 15:49:02 +08:00
Jiri Denemark
e4e28220b5 qemu: Make sure qemuProcessStart is run within a job
qemuProcessStart expects to be run with a job already set and every
caller except for qemuMigrationPrepareAny use it correctly. This bug can
be observed in libvirtd logs during incoming migration as

    warning : qemuDomainObjEnterMonitorInternal:979 : This thread seems
    to be the async job owner; entering monitor without asking for a
    nested job is dangerous
2013-03-01 08:32:08 +01:00
Jim Fehlig
438a3850db Fix starting qemu instances when apparmor driver is enabled
With the apparmor security driver enabled, qemu instances fail
to start

# grep ^security_driver /etc/libvirt/qemu.conf
security_driver = "apparmor"
# virsh start test-kvm
error: Failed to start domain test-kvm
error: internal error security label already defined for VM

The model field of virSecurityLabelDef object is always populated
by virDomainDefGetSecurityLabelDef(), so remove the check for a
NULL model when verifying if a label is already defined for the
instance.

Checking for a NULL model and populating it later in
AppArmorGenSecurityLabel() has been left in the code to be
consistent with virSecuritySELinuxGenSecurityLabel().
2013-02-28 17:35:59 -07:00
Serge Hallyn
4f773a8c30 Fix a message typo
As pointed out in
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1034661
The sentence

"The function of PCI device addresses must less than 8"

does not quite make sense.  Update that to read

"The function of PCI device addresses must be less than 8"

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
2013-02-28 15:29:10 -07:00
Michal Privoznik
b8e25c35d7 qemu: Don't fail to shutdown domains with unresponsive agent
Currently, qemuDomainShutdownFlags() chooses the agent method of
shutdown whenever the agent is configured. However, this
assumption is not enough as the guest agent may be unresponsive
at the moment. So unless guest agent method has been explicitly
requested, we should fall back to the ACPI method.
2013-02-28 12:24:34 +01:00
Viktor Mihajlovski
adfa3469bb qemu: virConnectGetVersion returns bogus value
The unitialized local variable qemuVersion can cause an random value
to be returned for the hypervisor version, observable with virsh version.
Introduced by commit b46f7f4a0b

Signed-off-by: Viktor Mihajlovski <mihajlov@linux.vnet.ibm.com>
2013-02-28 11:48:02 +01:00
Paolo Bonzini
0a562de1ff qemu: fix use-after-free when parsing NBD disk
disk->src is still used for disks->hosts->name, do not free it.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2013-02-27 22:02:01 -07:00
Eric Blake
5b17c7a954 maint: fix typo in network docs
* docs/formatnetwork.html.in: Spell variation correctly.
2013-02-27 21:18:33 -07:00
Daniel P. Berrange
7f544a4c8f Don't try to add non-existant devices to ACL
The QEMU driver has a list of devices nodes that are whitelisted
for all guests. The kernel has recently started returning an
error if you try to whitelist a device which does not exist.
This causes a warning in libvirt logs and an audit error for
any missing devices. eg

2013-02-27 16:08:26.515+0000: 29625: warning : virDomainAuditCgroup:451 : success=no virt=kvm resrc=cgroup reason=allow vm="vm031714" uuid=9d8f1de0-44f4-a0b1-7d50-e41ee6cd897b cgroup="/sys/fs/cgroup/devices/libvirt/qemu/vm031714/" class=path path=/dev/kqemu rdev=? acl=rw

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-02-27 22:51:24 +00:00
Daniel P. Berrange
d0b3ee55ec Fix typo in internal VIR_QEMU_PROCESS_START_AUTODESROY constant
s/VIR_QEMU_PROCESS_START_AUTODESROY/VIR_QEMU_PROCESS_START_AUTODESTROY/

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-02-27 22:51:24 +00:00
Daniel P. Berrange
279336c5d8 Avoid spamming logs with cgroups warnings
The code for putting the emulator threads in a separate cgroup
would spam the logs with warnings

2013-02-27 16:08:26.731+0000: 29624: warning : virCgroupMoveTask:887 : no vm cgroup in controller 3
2013-02-27 16:08:26.731+0000: 29624: warning : virCgroupMoveTask:887 : no vm cgroup in controller 4
2013-02-27 16:08:26.732+0000: 29624: warning : virCgroupMoveTask:887 : no vm cgroup in controller 6

This is because it has only created child cgroups for 3 of the
controllers, but was trying to move the processes from all the
controllers. The fix is to only try to move threads in the
controllers we actually created. Also remove the warning and
make it return a hard error to avoid such lazy callers in the
future.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-02-27 22:51:24 +00:00
Daniel P. Berrange
b4a124efc3 Fix autodestroy of QEMU guests
The virQEMUCloseCallbacksRunOne method was passing a uuid string
to virDomainObjListFindByUUID, when it actually expected to get
a raw uuid buffer. This was not caught by the compiler because
the method was using a 'void *uuid' instead of first casting
it to the expected type.

This regression was accidentally caused by refactoring in

  commit 568a6cda27
  Author: Jiri Denemark <jdenemar@redhat.com>
  Date:   Fri Feb 15 15:11:47 2013 +0100

    qemu: Avoid deadlock in autodestroy

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-02-27 22:51:24 +00:00
Eric Blake
25dc8ba08b qemu: -numa doesn't (yet) support disjoint range
https://bugzilla.redhat.com/show_bug.cgi?id=896092 mentions that
qemu 1.4 and earlier only accept a simple start-stop range for
the cpu=... argument of -numa.  Libvirt would attempt to use
-numa cpu=1,3 for a disjoint range, which did not work as intended.

Upstream qemu will be adding a new syntax for disjoint cpu ranges
in 1.5; but the design for that syntax is still under discussion
at the time of this patch.  So for libvirt 1.0.3, it is safest to
just reject attempts to build an invalid qemu command line; in the
future, we can add a capability bit and translate to the final
accepted design for selecting a disjoint cpu range in numa.

* src/qemu/qemu_command.c (qemuBuildNumaArgStr): Reject disjoint
ranges.
2013-02-27 09:31:42 -07:00
Laine Stump
db2536a627 Revert "Add support for <option> tag in network config"
This reverts commit 383ebc4694.

We decided the xml for this feature needed more thought to make sure
we are doing it the best way, in particular wrt option values that
have multiple items.
2013-02-27 10:55:24 -05:00
Peter Krempa
923e4bf810 util: Add docs for virXMLProp string
To avoid confusion about usage of this function explicitly document that
this function returns copy of the attribute string.
2013-02-27 11:49:03 +01:00