Jiri Denemark [Fri, 26 Aug 2011 07:39:32 +0000 (09:39 +0200)]
security: Introduce SetSocketLabel
This API labels all sockets created until ClearSocketLabel is called in
a way that a vm can access them (i.e., they are labeled with svirt_t
based label in SELinux).
Jiri Denemark [Fri, 26 Aug 2011 07:05:57 +0000 (09:05 +0200)]
security: Rename SetSocketLabel APIs to SetDaemonSocketLabel
The APIs are designed to label a socket in a way that the libvirt daemon
itself is able to access it (i.e., in SELinux the label is virtd_t based
as opposed to svirt_* we use for labeling resources that need to be
accessed by a vm). The new name reflects this.
Jiri Denemark [Mon, 15 Aug 2011 09:28:53 +0000 (11:28 +0200)]
Ignore unused streams in virStreamAbort
When virStreamAbort is called on a stream that has not been used yet,
quite confusing error is returned: "this function is not supported by
the connection driver". Let's just ignore such streams as there's
nothing to abort anyway.
Jiri Denemark [Fri, 12 Aug 2011 18:46:07 +0000 (20:46 +0200)]
Do not try to cancel non-existent migration on source
If migration failed on source daemon, the migration is automatically
canceled by the daemon itself. Thus we don't need to call
virDomainMigrateConfirm3(cancelled=1). Calling it doesn't cause any harm
but the resulting error message printed in logs may confuse people.
Eric Blake [Thu, 25 Aug 2011 21:11:03 +0000 (15:11 -0600)]
snapshot: track current snapshot across restarts
Audit all changes to the qemu vm->current_snapshot, and make them
update the saved xml file for both the previous and the new
snapshot, so that there is always at most one snapshot with
<active>1</active> in the xml, and that snapshot is used as the
current snapshot even across libvirtd restarts.
This patch does not fix the case of virDomainSnapshotDelete(,CHILDREN)
where one of the children is the current snapshot; that will be later.
* src/conf/domain_conf.h (_virDomainSnapshotDef): Alter member
type and name.
* src/conf/domain_conf.c (virDomainSnapshotDefParseString)
(virDomainSnapshotDefFormat): Update clients.
* docs/schemas/domainsnapshot.rng: Tighten rng.
* src/qemu/qemu_driver.c (qemuDomainSnapshotLoad): Reload current
snapshot.
(qemuDomainSnapshotCreateXML, qemuDomainRevertToSnapshot)
(qemuDomainSnapshotDiscard): Track current snapshot.
Eric Blake [Thu, 25 Aug 2011 20:44:48 +0000 (14:44 -0600)]
snapshot: only pass snapshot to qemu command line when reverting
Changing the current vm, and writing that change to the file
system, all before a new qemu starts, is risky; it's hard to
roll back if starting the new qemu fails for some reason.
Instead of abusing vm->current_snapshot and making the command
line generator decide whether the current snapshot warrants
using -loadvm, it is better to just directly pass a snapshot all
the way through the call chain if it is to be loaded.
This frees up the last use of snapshot->def->active for qemu's
use, so the next patch can repurpose that field for tracking
which snapshot is current.
* src/qemu/qemu_command.c (qemuBuildCommandLine): Don't use active
field of snapshot.
* src/qemu/qemu_process.c (qemuProcessStart): Add a parameter.
* src/qemu/qemu_process.h (qemuProcessStart): Update prototype.
* src/qemu/qemu_migration.c (qemuMigrationPrepareAny): Update
callers.
* src/qemu/qemu_driver.c (qemudDomainCreate)
(qemuDomainSaveImageStartVM, qemuDomainObjStart)
(qemuDomainRevertToSnapshot): Likewise.
(qemuDomainSnapshotSetCurrentActive)
(qemuDomainSnapshotSetCurrentInactive): Delete unused functions.
Eric Blake [Fri, 12 Aug 2011 20:45:39 +0000 (14:45 -0600)]
snapshot: don't leak resources on qemu snapshot failure
https://bugzilla.redhat.com/show_bug.cgi?id=727709
mentions that if qemu fails to create the snapshot (such as what
happens on Fedora 15 qemu, which has qmp but where savevm is only
in hmp, and where libvirt is old enough to not try the hmp fallback),
then 'virsh snapshot-list dom' will show a garbage snapshot entry,
and the libvirt internal directory for storing snapshot metadata
will have a bogus file.
This fixes the fallout bug of polluting the snapshot-list with
garbage on failure (the root cause of the F15 bug of not having
fallback to hmp has already been fixed in newer libvirt releases).
* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateXML): Allocate
memory before making snapshot, and cleanup on failure. Don't
dereference NULL if transient domain exited during snapshot creation.
Alex Jia [Tue, 16 Aug 2011 09:24:26 +0000 (17:24 +0800)]
libvirt: avoid dead store in virDomainMigrateVersion3
* src/qemu/qemu_migration.c: avoid dead 'ret' assignment and silence
clang warning.
Detected by ccc-analyzer:
libvirt.c:4277:5: warning: Value stored to 'ret' is never read
ret = domain->conn->driver->domainMigrateConfirm3
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Alex Jia [Tue, 16 Aug 2011 09:24:25 +0000 (17:24 +0800)]
qemu: avoid dead store in doPeer2PeerMigrate3
* src/qemu/qemu_migration.c: avoid dead 'ret' assignment and silence
clang warning.
Detected by ccc-analyzer:
CC libvirt_driver_qemu_la-qemu_migration.lo
qemu/qemu_migration.c:2046:5: warning: Value stored to 'ret' is never read
ret = qemuMigrationConfirm(driver, sconn, vm,
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Fix command test wrt gnutls initialize & fix debugging
The VIR_TEST_DEBUG and VIR_TEST_VERBOSE env vars did not work
because we replaced 'environ' with 'newenv'. Simply calling
virTestGetDebug/Verbose() before replacing the 'environ' ensures
we have processed the env variables.
The gnutls initialization code opens /dev/urandom and keeps that
FD around for later use. We have code which kills off FDs 3-5
to avoid interfereing with our test case. Move the virInitialize
call before this point, so it kills off the gnutls /dev/urandom
FD which is irrelevant for testing purposes
* tests/commandtest.c: Fix test debugging & make it robust against
opened FDs
Laine Stump [Wed, 24 Aug 2011 08:50:49 +0000 (04:50 -0400)]
util: only fchown newly created files in virFileOpenAs
virFileOpenAs takes desired uid:gid as arguments, and not only uses
them for a fork/setuid/setgid when retrying failed open operations,
but additionally always forces the opened file to be owned by the
given uid:gid.
One example of the problems this causes is that, when restoring a
domain from a file that is owned by the qemu user, opening the file
chowns it to root. if dynamic_ownership=1 this is coincidentally
expected, but if dynamic_ownership=0, no existing file should ever
have its ownership changed.
This patch adds an extra check before calling fchown() - it only does
it if O_CREAT was passed to virFileOpenAs() in the openflags.
Shradha Shah [Wed, 24 Aug 2011 15:30:51 +0000 (16:30 +0100)]
pci: fix pciDeviceListSteal on multiple devices
pciDeviceListSteal(pcidevs, dev) removes dev from pcidevs reducing
the length of pcidevs, so moving onto what was the next dev is wrong.
Instead callers should pop entry 0 repeatedly until pcidevs is empty.
Signed-off-by: Steve Hodgson <shodgson@solarflare.com> Signed-off-by: Shradha Shah <sshah@solarflare.com> Signed-off-by: Eric Blake <eblake@redhat.com>
including a trailing space. This fixes the issues.
* src/libvirt.c: Log flag parameters, even if currently unused.
(VIR_DOMAIN_DEBUG_0): Drop trailing comma in log.
(VIR_DOMAIN_DEBUG_1): Split guts into...
(VIR_DOMAIN_DEBUG_2): ...new macro.
Osier Yang [Wed, 24 Aug 2011 06:39:42 +0000 (14:39 +0800)]
qemu: Report error if qemu monitor command not found for BlockJob
* src/qemu/qemu_monitor_json.c: Handle error "CommandNotFound" and
report the error.
* src/qemu/qemu_monitor_text.c: If a sub info command is not found,
it prints the output of "help info", for other commands,
"unknown command" is printed.
Without this patch, libvirt always report:
An error occurred, but the cause is unknown
This patch was adapted from a patch by Osier Yang <jyang@redhat.com> to
break out detection of unrecognized text monitor commands into a separate
function.
Now, bad key-code in send-key can cause segmentation fault in libvirt.
(example)
% virsh send-key --codeset win32 12
error: End of file while reading data: Input/output error
This is caused by overrun at scanning keycode array.
Eric Blake [Fri, 1 Jul 2011 18:33:50 +0000 (12:33 -0600)]
build: work around older systemtap header
Systemtap 1.2 <sys/sdt.h> tried to expand STAP_PROBE3 into an
initialization:
volatile __typeof__(arg) foo = arg;
but that fails if arg was declared as 'char arg[100]'.
Rather than make all callers to PROBE deal with the stupidity
of <sys/sdt.h>, we instead make PROBE cast away the problem.
Some of this preprocessor abuse copies ideas in src/libvirt.c.
* daemon/libvirtd.h (PROBE): Add casts to all arguments, using...
(VIR_ADD_CASTS, VIR_ADD_CAST, VIR_ADD_CAST2, VIR_ADD_CAST3)
(VIR_ADD_CAST_EXPAND, VIR_ADD_CAST_PASTE, VIR_COUNT_ARGS)
(VIR_ARG5, PROBE_EXPAND): New macros.
Reported by Wen Congyang.
Eric Blake [Fri, 19 Aug 2011 15:20:35 +0000 (09:20 -0600)]
virsh: properly interleave shared stdout and stderr
Without this patch, invoking 'virsh >file 2>&1' results in
error messages appearing before normal output, even if they
occurred later in time than the normal output (since stderr
is unbuffered, but stdout waits until a full buffer).
* tools/virsh.c (print_job_progress, vshError): Flush between
stream transitions.
* tests/undefine: Test it.
Eric Blake [Fri, 19 Aug 2011 14:19:34 +0000 (08:19 -0600)]
Revert "xen: Allow to undefine a running domain (xm_internal)"
ACK was given too soon. According to the code, the xm driver is
only used for inactive domains, and has no notion of an active
domain, thus, it cannot support undefine of a running domain.
The real fix for xen needs to be in the unified driver and/or
the xend level.
Osier Yang [Fri, 19 Aug 2011 13:34:59 +0000 (21:34 +0800)]
qemu: Get memory balloon info correctly for text monitor
* src/qemu/qemu_monitor_text.c: BALLOON_PREFIX was defined as
"balloon: actual=", which cause "actual=" is stripped early before
the real parsing. This patch changes BALLOON_PREFIX into "balloon: ",
and modifies related functions, also renames
"qemuMonitorParseExtraBalloonInfo" to "qemuMonitorParseBalloonInfo",
as after the changing, it parses all the info returned by "info balloon".
Michal Privoznik [Thu, 18 Aug 2011 12:40:03 +0000 (14:40 +0200)]
storage: Flush host cache after write
Although we are flushing cache after some critical writes (e.g.
volume creation), after some others we do not (e.g. volume cloning).
This patch fix this issue. That is for volume cloning, writing
header of logical volume, and storage wipe.
Michal Privoznik [Thu, 18 Aug 2011 08:44:08 +0000 (10:44 +0200)]
daemon: initialize GnuTLS
When spice_tls is set but listen_tls is not, we don't initialize
GnuTLS library. So any later gnutls call (e.g. during migration,
where we initialize a certificate) will access uninitialized GnuTLS
internal structs and throws an error.
Although, we might now initialize GnuTLS twice, it is safe according
to the documentation:
This function can be called many times,
but will only do something the first time.
This patch creates 2 functions: virNetTLSInit and virNetTLSDeinit
with respect to written above.
Ensure async packets never get marked for sync replies
If a client had initiated a stream abort, it will have a call
waiting for a reply in the queue. If more data continues to
arrive on the stream, the abort command could mistakenly get
signalled as complete. Remove the code from async data processing
that looked for waiting calls. Add a sanity check to ensure no
async call can ever be marked as needing a reply
* src/rpc/virnetclient.c: Ensure async data packets can't
trigger a reply
Don't attempt to read from a stream if it is closed
The I/O event callback processes incoming packets first, and then
does outgoing packets. If the incoming packet caused the stream to
close, then the attempt to process outgoing data resulted in an
error. This caused libvirt to then send an error back to the client,
but the stream had already been stopped. This confused the client
since it sees 2 error events.
* daemon/stream.c: Don't attempt read if stream is closed
Osier Yang [Wed, 17 Aug 2011 12:58:33 +0000 (20:58 +0800)]
qemu: Init reattaching related members of pciDevice before reattach
Otherwise the device will still be bound to pci-stub driver even
it's set as "managed=yes" when do detaching. Of course, it won't
triger any driver reprobing too.
If a stream gets a server initiated abort, the client may still
send an abort request before it receives the server side abort.
This causes the server to send back another abort for the
stream. Since the protocol defines that abort is the last thing
to be sent, the client gets confused by this second abort from
the server. If the stream is already shutdown, just drop any
client requested abort, rather than sending back another message.
This fixes the regression from previous versions.
Tested as follows
In one virsh session
virsh # start foo
virsh # console foo
In other virsh session
virsh # destroy foo
The first virsh session should be able to continue issuing
commands without error. Prior to this patch it saw
virsh # list
error: Failed to list active domains
error: An error occurred, but the cause is unknown
virsh # list
error: Failed to list active domains
error: no call waiting for reply with prog 536903814 vers 1 serial 9
* src/rpc/virnetserverprogram.c: Drop abort requests
for streams which no longer exist
Ensure client streams are closed when marking a client for close
Every active stream results in a reference being held on the
virNetServerClientPtr object. This meant that if a client quit
with any streams active, although all I/O was stopped the
virNetServerClientPtr object would leak. This causes libvirtd
to leak any file handles associated with open streams when a
client quit
To fix this, when we call virNetServerClientClose there is a
callback invoked which lets the daemon release the streams
and thus the extra references
* daemon/remote.c: Add a hook to close all streams
* daemon/stream.c, daemon/stream.h: Add API for releasing
all streams
* src/rpc/virnetserverclient.c, src/rpc/virnetserverclient.h:
Allow registration of a hook to trigger when closing client
Stefan Berger [Tue, 16 Aug 2011 19:36:22 +0000 (15:36 -0400)]
maint: fix some compilation issues on non-linux platforms (part 2)
Get rid of the #if __linux__ check in virPidFileReadPathIfAlive that
was preventing a check of a symbolic link in /proc/<pid>/exe on
non-linux platforms against an expected executable. Replace
this with a run-time check testing whether the /proc/<pid>/exe is a
symbolic link and if so call the function doing the comparison
against the expected file the link is supposed to point to.
Peter Krempa [Fri, 12 Aug 2011 11:41:29 +0000 (13:41 +0200)]
daemon: Add early libvirtd start verbose errors.
Early errors during start of libvirtd didn't have
an error reporting mechanism and caused libvirtd
to exit silently (only the return value indicated
an error).
Libvirt logging is initialized very early using
enviroment variables and the internal error reporting
API is used to report early errors.
v2 changes:
- print errors unconditionaly before logging starts
- fix message to US spelling
v2.5 changes:
- initialize logging from enviroment
- log all early errors using VIR_ERROR
v3 changes:
- move virSetLogFromEnv() after virInitialize()
Roopa Prabhu [Tue, 16 Aug 2011 04:28:58 +0000 (21:28 -0700)]
macvtap: Fix getPhysfn to get the PF of a direct attach network interface
This patch renames getPhysfn to getPhysfnDev and adds code to get the
Physical function and Virtual Function index of the direct attach linkdev (if
the direct attach interface is a SRIOV VF). The idea is to send the port
profile message to a PF if the direct attach interface is a SRIOV VF.
Signed-off-by: Roopa Prabhu <roprabhu@cisco.com> Signed-off-by: Christian Benvenuti <benve@cisco.com> Signed-off-by: David Wang <dwang2@cisco.com>
Roopa Prabhu [Tue, 16 Aug 2011 04:28:53 +0000 (21:28 -0700)]
interface: Add functions to get sriov PF/VF relationship of a net interface
This patch adds the following functions to get PF/VF relationship of an SRIOV
network interface:
ifaceIsVirtualFunction: Function to check if a network interface is a SRIOV VF
ifaceGetVirtualFunctionIndex: Function to get VF index if a network interface is a SRIOV VF
ifaceGetPhysicalFunction: Function to get the PF net interface name of a SRIOV VF net interface
Signed-off-by: Roopa Prabhu <roprabhu@cisco.com> Signed-off-by: Christian Benvenuti <benve@cisco.com> Signed-off-by: David Wang <dwang2@cisco.com>
Roopa Prabhu [Tue, 16 Aug 2011 04:28:48 +0000 (21:28 -0700)]
pci: Add helper functions for sriov devices
This patch adds the following helper functions:
pciDeviceIsVirtualFunction: Function to check if a pci device is a sriov VF
pciGetVirtualFunctionIndex: Function to get the VF index of a sriov VF
pciDeviceNetName: Function to get the network device name of a pci device
pciConfigAddressCompare: Function to compare pci config addresses
Signed-off-by: Roopa Prabhu <roprabhu@cisco.com> Signed-off-by: Christian Benvenuti <benve@cisco.com> Signed-off-by: David Wang <dwang2@cisco.com> Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Roopa Prabhu [Tue, 16 Aug 2011 04:28:43 +0000 (21:28 -0700)]
pci: Move some pci sriov helper code out of node device driver to util/pci
This patch moves some of the sriov related pci code from node_device driver
to src/util/pci.[ch]. Some functions had to go thru name and argument list
change to accommodate the move.
Signed-off-by: Roopa Prabhu <roprabhu@cisco.com> Signed-off-by: Christian Benvenuti <benve@cisco.com> Signed-off-by: David Wang <dwang2@cisco.com>
Laine Stump [Sat, 13 Aug 2011 06:32:45 +0000 (02:32 -0400)]
qemu: support event_idx parameter for virtio disk and net devices
In some versions of qemu, both virtio-blk-pci and virtio-net-pci
devices can have an event_idx setting that determines some details of
event processing. When it is enabled, it "reduces the number of
interrupts and exits for the guest". qemu will automatically enable
this feature when it is available, but there may be cases where this
new feature could actually make performance worse (NB: no such case
has been found so far).
As a safety switch in case such a situation is encountered in the
field, this patch adds a new attribute "event_idx" to the <driver>
element of both disk and interface devices. event_idx can be set to
"on" (to force event_idx on in case qemu has it disabled by default)
or "off" (for force event_idx off). In the case that event_idx support
isn't present in qemu, the attribute is ignored (this on the advice of
the qemu developer).
docs/formatdomain.html.in: document the new flag (marking it as
"don't mess with this!"
docs/schemas/domain.rng: add event_idx in appropriate places
src/conf/domain_conf.[ch]: add event_idx to parser and formatter
src/libvirt_private.syms: export
virDomainVirtioEventIdx(From|To)String
src/qemu/qemu_capabilities.[ch]: detect and report event_idx in
disk/net
src/qemu/qemu_command.c: add event_idx parameter to qemu commandline
when appropriate.
tests/qemuxml2argvdata/qemuxml2argv-event_idx.args,
tests/qemuxml2argvdata/qemuxml2argv-event_idx.xml,
tests/qemuxml2argvtest.c,
tests/qemuxml2xmltest.c: test cases for event_idx.
Jiri Denemark [Thu, 11 Aug 2011 13:47:02 +0000 (15:47 +0200)]
qemu: Use fd: protocol for migration
By opening a connection to remote qemu process ourselves and passing the
socket to qemu we get much better errors than just "migration failed"
when the connection is opened by qemu.
Jiri Denemark [Thu, 11 Aug 2011 12:36:04 +0000 (14:36 +0200)]
qemu: Refactor do{Tunnel,Native}Migrate functions
The core of these two functions is very similar and most of it is even
exactly the same. Factor out the core functionality into a separate
function to remove code duplication and make further changes easier.
Eric Blake [Fri, 12 Aug 2011 21:54:49 +0000 (15:54 -0600)]
build: fix recent build failures
With gcc 4.5.1:
util/virpidfile.c: In function 'virPidFileAcquirePath':
util/virpidfile.c:308:66: error: nested extern declaration of '_gl_verify_function2' [-Wnested-externs]
Then in tests/commandtest.c, the new virPidFile APIs need to be used.
* src/util/virpidfile.c (virPidFileAcquirePath): Move verify to
top level.
* tests/commandtest.c: Use new pid APIs.
Add some APIs which use locking for crashsafe pidfile handling
In daemons using pidfiles to protect against concurrent
execution there is a possibility that a crash may leave a stale
pidfile on disk, which then prevents later restart of the daemon.
To avoid this problem, introduce a pair of APIs which make
use of virFileLock to ensure crash-safe & race condition-safe
pidfile acquisition & releae
* src/libvirt_private.syms, src/util/virpidfile.c,
src/util/virpidfile.h: Add virPidFileAcquire and virPidFileRelease
Introduce functions for checking whether a pidfile is valid
In some cases the caller of virPidFileRead might like extra checks
to determine whether the pid just read is really the one they are
expecting. This adds virPidFileReadIfAlive which will check whether
the pid is still alive with kill(0, -1), and (on linux only) will
look at /proc/$PID/path
* libvirt_private.syms, util/virpidfile.c, util/virpidfile.h: Add
virPidFileReadIfValid and virPidFileReadPathIfValid
* network/bridge_driver.c: Use new APIs to check PID validity
The functions for manipulating pidfiles are in util/util.{c,h}.
We will shortly be adding some further pidfile related functions.
To avoid further growing util.c, this moves the pidfile related
functions into a dedicated virpidfile.{c,h}. The functions are
also all renamed to have 'virPidFile' as their name prefix
* util/util.h, util/util.c: Remove all pidfile code
* util/virpidfile.c, util/virpidfile.h: Add new APIs for pidfile
handling.
* lxc/lxc_controller.c, lxc/lxc_driver.c, network/bridge_driver.c,
qemu/qemu_process.c: Add virpidfile.h include and adapt for API
renames
Eric Blake [Thu, 11 Aug 2011 21:44:05 +0000 (15:44 -0600)]
vbox, xenapi: add virDomainUndefineFlags
We forgot to add virDomainUndefineFlags for a couple of hypervisors.
This wires up trivial versions (since neither hypervisor supports
managed save yet, they do not need to support any flags).
Eric Blake [Thu, 11 Aug 2011 22:48:00 +0000 (16:48 -0600)]
virsh: don't reject undefine on active domain
The public API documents that undefine may be used to transition a
running persistent domain into a transient one. Many drivers still
do not support this usage, but virsh shouldn't be getting in the
way of those that do support it.
This also drops a redundant conditional; vshCommandOptString
guaranteed that name was non-NULL.
* tools/virsh.c (cmdUndefine): Allow undefine on active domains;
the drivers may still reject it, but it is a valid API usage.
* tests/undefine (error): Fix the test to match.
Philipp Hahn [Thu, 11 Aug 2011 12:44:00 +0000 (14:44 +0200)]
Improve tokenizing of linkable terms
Currently only tabs and blanks are used for tokenizing the description,
which breaks when a term is at the end of a line or has () appended to
it.
1. Use also other white space characters such as new-lines and carriage
return for splitting.
2. Remove some common non-word characters from the token before lookup.
projects / libvirt.git / log