Laine Stump [Sun, 6 Jan 2019 22:35:47 +0000 (17:35 -0500)]
util: remove const specifier from nlmsghdr arg to virNetlinkDumpCallback()
This is problematic if a callback function wants to send the nlmsghdr
to a library function that has no "const" in its prototype
(e.g. nlmsg_find_attr())
Signed-off-by: Laine Stump <laine@laine.org> Reviewed-by: Erik Skultety <eskultet@redhat.com>
Instead of defining targets conditionally and depending on
them unconditionally, define a couple of variables and
conditionally add targets to them.
In addition to removing a bunch of useless code, this has
the nice effect of no longer requiring the main Makefile.am
to have any knowledge about the contents of the various
snippets it includes.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Erik Skultety <eskultet@redhat.com>
Jiri Denemark [Thu, 10 Jan 2019 13:35:07 +0000 (14:35 +0100)]
cpu_map: Add support for arch-capabilities feature
The feature was added to QEMU in 3.1.0 and it is currently blocking
migration, which is expected to change in the future. Luckily 3.1.0 is
new enough to give us migratability hints on each feature via
query-cpu-model-expension, which means we don't need to use the
"migratable" attribute on the CPU map XML.
The kernel calls this feature arch_capabilities and RHEL/CentOS 7.* use
arch-facilities. Apparently some CPU test files were gathered with the
RHEL version of QEMU. Let's update the test files to avoid possible
confusion about the correct naming.
Signed-off-by: Jiri Denemark <jdenemar@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Michal Privoznik [Thu, 10 Jan 2019 12:53:33 +0000 (13:53 +0100)]
qemu: Don't enable seclabel remembering for session mode
The session daemon is unable to set XATTRs in 'trusted'
namespace because it doesn't run as privileged process.
Therefore, when creating the default qemu config enable
rememberOwner only when running as privileged process.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Ján Tomko [Fri, 4 Jan 2019 09:17:46 +0000 (10:17 +0100)]
qemu: require reply from guest agent in qemuAgentGetInterfaces
Since its introduction in commit 0977b8aa071 (released in v1.2.14)
qemuAgentGetInterfaces calls qemuAgentCommand with needReply=false,
which allows qemuAgentCommand to return 0 even when it did not get
any reply from the agent.
Set needReply to true, since we dereference it right after.
This can be hit if libvirt is waiting for an event from the agent
(e.g. shutdown) and the agent cannot reply in time (e.g. due to
the guest being shut down), as reported in:
https://bugzilla.redhat.com/show_bug.cgi?id=1663051
Signed-off-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
qemu: Use ULL instead of uint64_t for RDMA GID event
In the previous commit we are using uint64_t for storing subnet
prefix and interface id that qemu reports in
RDMA_GID_STATUS_CHANGED event. We also report them in some debug
messages. This poses a problem because uint64_t can be UL or ULL
depending on the host architecture and hence we wouldn't know
which format to use. Switch to ULL which is big enough and
doesn't suffer from the issue.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Yuval Shaia [Mon, 24 Dec 2018 10:15:12 +0000 (12:15 +0200)]
qemu: Process RDMA GID state change event
This event is emitted on the monitor when a GID table in pvrdma device
is modified and the change needs to be propagate to the backend RDMA
device's GID table.
The control over the RDMA device's GID table is done by updating the
device's Ethernet function addresses.
Usually the first GID entry is determine by the MAC address, the second
by the first IPv6 address and the third by the IPv4 address. Other
entries can be added by adding more IP addresses. The opposite is the
same, i.e. whenever an address is removed, the corresponding GID entry
is removed.
The process is done by the network and RDMA stacks. Whenever an address
is added the ib_core driver is notified and calls the device driver's
add_gid function which in turn update the device.
To support this in pvrdma device we need to hook into the create_bind
and destroy_bind HW commands triggered by pvrdma driver in guest.
Whenever a changed is made to the pvrdma device's GID table a special
QMP messages is sent to be processed by libvirt to update the address of
the backend Ethernet device.
Signed-off-by: Yuval Shaia <yuval.shaia@oracle.com> Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Eric Blake [Tue, 8 Jan 2019 19:41:28 +0000 (13:41 -0600)]
examples: Work around lack of mingw localtime_r()
mingw lacks localtime_r(); we were getting it from gnulib. But since
commit acf522e8 stopped linking examples against gnulib, we are
getting a build failure. Keep the examples standalone, and work
around mingw by using the non-reentrant localtime() (safe since our
examples are single-threaded), and add a necessary exemption to our
syntax check.
Signed-off-by: Eric Blake <eblake@redhat.com> Reviewed-by: John Ferlan <jferlan@redhat.com>
Eric Blake [Tue, 8 Jan 2019 19:46:48 +0000 (13:46 -0600)]
examples: Work around lack of mingw sigaction()
mingw lacks sigaction(); we were getting it from gnulib. But since
commit acf522e8 stopped linking examples against gnulib, we are
getting a build failure. Keep the examples standalone, and work
around mingw by using signal() instead.
Signed-off-by: Eric Blake <eblake@redhat.com> Reviewed-by: John Ferlan <jferlan@redhat.com>
Eric Blake [Tue, 8 Jan 2019 19:46:48 +0000 (13:46 -0600)]
examples: Work around mingw printf() weakness
mingw lacks %lld and %zu support in printf(); we were getting it
from gnulib. But since commit acf522e8 stopped linking examples
against gnulib, we are getting a build failure due to -Wformat
flagging these strings. Keep the examples standalone, and work
around mingw by using manual casts to types we can portably print.
Signed-off-by: Eric Blake <eblake@redhat.com> Reviewed-by: John Ferlan <jferlan@redhat.com>
syntax-check: Simplify and fix unmarked_diagnostics
The check was concerning itself with whitespace where it
didn't need to, and used some confusing escaping for one
of its regular expressions - which GNU sed was fine with,
but FreeBSD's sed didn't like one bit.
Switch to extended regular expressions (which, incidentally,
were already in use in the same rule when calling grep) and
remove all whitespace handling.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Eric Blake [Tue, 8 Jan 2019 04:15:48 +0000 (22:15 -0600)]
examples: Avoid gnulib, have standalone examples
Commit 0c6ad476 updated gnulib, which rearranged some of the
conditions in gnulib wrapper headers such that compilation
started failing on BSD systems when the normal system <unistd.h>
tried to include another system header but instead got a
gnulib wrapper header in an incomplete state; this is because
gnulib headers only work if <config.h> is included first.
Commit b6f78259 papered over the symptoms of that by including
<config.h> in all the examples. But this logic is backwards -
if our examples are truly meant to be stand-alone, they should
NOT depend on how libvirt was configured, and should NOT
depend on the gnulib fixes for system quirks. In particular,
if an example does not need to link against libgnulib.la,
then it also does not need to use -Ignulib in its compile
flags, and likewise does not need to include <config.h> since
none of the gnulib wrapper headers should be interfering.
So, revert (most of) b6f78259 (except for the bogus pre-patch
use of "config.h" in admin/logging.c: if config.h is included,
it should be via <> rather than "", and must be before any
system headers); then additionally nuke all mention of
<config.h>, -Ignulib, and -llibgnu.la, making all of the
examples truly standalone.
Signed-off-by: Eric Blake <eblake@redhat.com> Acked-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Eric Blake [Tue, 8 Jan 2019 05:23:52 +0000 (23:23 -0600)]
examples: Drop event-test.c dependency on gnulib <verify.h>
Pulling in gnulib just for the <verify.h> header is rather
expensive, especially since that header does not require us
to link against gnulib. It's better to make the event-test
example be standalone by just open-coding a more limited form
of a verify() macro that depends on modern gcc (we have enough
CI coverage that even though the verify is now a no-op in
older setups, we will still notice if we fail to add an event
- as a quick test, I was still able to provoke a compile
failure on Fedora 29 when deleting a line from domainEvents).
Signed-off-by: Eric Blake <eblake@redhat.com> Acked-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Erik Skultety [Thu, 3 Jan 2019 13:32:36 +0000 (14:32 +0100)]
util: Fix the default log output to 'journald' when running under systemd
Essentially, bring back the old behaviour as of commit eba36a38 which
was later changed by commit ae06048bf5d. Even though all the stderr
messages will eventually end up in the journal, we're not making use of
the fields journald provides.
Eric Blake [Tue, 8 Jan 2019 03:50:08 +0000 (21:50 -0600)]
maint: Fix VPATH build
In a VPATH build, <config.h> is in the builddir (which automake
includes automatically), but it includes <config-post.h> from the
top source directory (which is not automatic); hence, we need to
keep the -I(top_srcdir) directive that was accidentally removed
from commit 7a879323 (the problem is not visible in an in-tree
build).
Eric Blake [Fri, 4 Jan 2019 19:47:44 +0000 (13:47 -0600)]
maint: Prefer AM_CPPFLAGS over INCLUDES
Our use of INCLUDES in Makefile.am hearkens back to when we had to
cater to automake 1.9.6 (thanks, RHEL 5) which lacked AM_CPPFLAGS.
Modern Automake flags a warning that INCLUDES is deprecated, and
now that we mandate RHEL 7 or better (see commit c1bc9c66), we no
longer have to cater to the old spelling. This change will also
make it easier to do per-binary CPPFLAGS.
Signed-off-by: Eric Blake <eblake@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Eric Blake [Fri, 4 Jan 2019 19:42:52 +0000 (13:42 -0600)]
maint: Drop unused GETTEXT_CPPFLAGS variable
Commit c0a8ea45 removed the use of gettextize, and the setting of
GETTEXT_CPPFLAGS, but did not scrub the now-unused variable from
Makefile.am snippets.
Signed-off-by: Eric Blake <eblake@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Eric Blake [Thu, 3 Jan 2019 19:30:39 +0000 (13:30 -0600)]
maint: split long lines for BSD syntax-check
Similar to the gnulib changes we just incorporated into maint.mk,
it's time to use '$(VC_LIST) | xargs program' instead of
'program $$($(VC_LIST))', in order to bypass the problem of hitting
argv limits due to our large set of files.
Drop several uses of $$files as a temporary variable when we can
instead directly use xargs. While at it, fix a typo in the
prohibit_windows_special_chars error message.
Note that 'grep $pattern $(generate list)' has be be rewritten
as 'generate list | xargs grep $pattern /dev/null' - this is
because for a list that is just long enough, and without /dev/null,
xargs could make a worst-case split of 'grep $pattern all but one;
grep $pattern last' which has different output (grep includes the
filename when there was more than one file, but omits it for a
single file), while our conversion gives 'grep $pattern /dev/null
all but one; grep $pattern /dev/null last'. We are less concerned
about the empty list case (why would we run the syntax check if we
didn't have at least one file?), but grepping /dev/null happens to
produce no output and thus nicely also solves that problem without
relying on the GNU extension of 'xargs -r'.
Signed-off-by: Eric Blake <eblake@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Eric Blake [Thu, 3 Jan 2019 13:42:41 +0000 (07:42 -0600)]
maint: update gnulib for syntax-check on BSD
In particular, this incorporates Roman's patches to allow
'make syntax-check' to work on BSD with its exec argv
limitations that previously failed when trying to grep the
large number of files present in libvirt.
cfg.mk needs similar changes, but that will be tackled separately.
Signed-off-by: Eric Blake <eblake@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Erik Skultety [Fri, 4 Jan 2019 09:40:48 +0000 (10:40 +0100)]
docs: schemas: Decouple the virtio options from each other
Currently, all of the VirtioOptions are under a single <optional>
element, however, neither our parser/formatter or QEMU driver requires
the presence of all the options if only a single one from the set has
been specified, so fix it and silence the schema validator.
Signed-off-by: Erik Skultety <eskultet@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Michal Privoznik [Sun, 30 Dec 2018 04:49:26 +0000 (05:49 +0100)]
Remove even more Author(s): lines from source files
In 600462834f4ec1955a9a4 we've tried to remove Author(s): lines
from comments at the beginning of our source files. Well, in some
files while we removed the "Author" line we did not remove the
actual list of authors.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Erik Skultety <eskultet@redhat.com>
Luyao Zhong [Thu, 20 Dec 2018 09:14:46 +0000 (17:14 +0800)]
tests: Use DO_TEST_CAPS_LATEST for nvdimm qemuxml2argv
Deprecate DO_TEST to do nvdimm qemuxml2argvdata tests, because
DO_TEST_CAPS_LATEST is a better choice. The DO_TEST needs
to specify all qemu capabilities and is not easy for scaling.
Signed-off-by: Luyao Zhong <luyao.zhong@intel.com> Reviewed-by: John Ferlan <jferlan@redhat.com>
Luyao Zhong [Thu, 20 Dec 2018 09:14:40 +0000 (17:14 +0800)]
conf: Introduce 'alignsize' element into xml for NVDIMM memory
NVDIMM emulation will mmap the backend file, it uses host pagesize
as the alignment of mapping address before, but some backends may
require alignments different from the pagesize. So the 'alignsize'
option is introduced to allow specification of the proper alignment:
Erik Skultety [Thu, 6 Dec 2018 13:59:15 +0000 (14:59 +0100)]
qemu: process: SEV: Relabel guest owner's SEV files created before start
Before launching a SEV guest we take the base64-encoded guest owner's
data specified in launchSecurity and create files with the same content
under /var/lib/libvirt/qemu/<domain>. The reason for this is that we
need to pass these files on to QEMU which then uses them to communicate
with the SEV firmware, except when it doesn't have permissions to open
those files since we don't relabel them.
Erik Skultety [Thu, 6 Dec 2018 13:50:19 +0000 (14:50 +0100)]
qemu: process: SEV: Assume libDir to be the directory to create files in
Since SEV operates on a per domain basis, it's very likely that all
SEV launch-related data will be created under
/var/lib/libvirt/qemu/<domain_name>. Therefore, when calling into
qemuProcessSEVCreateFile we can assume @libDir as the directory prefix
rather than passing it explicitly.
Signed-off-by: Erik Skultety <eskultet@redhat.com> Acked-by: Michal Privoznik <mprivozn@redhat.com>
John Ferlan [Thu, 20 Dec 2018 21:30:24 +0000 (16:30 -0500)]
security: Fix comparison for virSecuritySELinuxRecallLabel
The @con type security_context_t is actually a "char *", so the
correct check should be to dereference one more level; otherwise,
we could return/use the NULL pointer later in a subsequent
virSecuritySELinuxSetFileconImpl call (using @fcon).
Suggested-by: Michal Prívozník <mprivozn@redhat.com> Signed-off-by: John Ferlan <jferlan@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
qemu: don't log error for missing optional storage sources on start
Because missing optional storage source is not error. The patch
address only local files. Fixing other cases is a bit ugly.
Below is example of error notice in log now:
error: virStorageFileReportBrokenChain:427 :
Cannot access storage file '/path/to/missing/optional/disk':
No such file or directory
Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
qemu: don't log error for missing optional storage sources on stats
Every time we call all domain stats for inactive domain with
unavailable storage source we get error message in logs [1]. It's a bit noisy.
While it's arguable whether we need such message or not for mandatory
disks we would like not to see messages for optional disks. Let's
filter at least for cases of local files. Fixing other cases would
require passing flag down the stack to .backendInit of storage
which is ugly.
Stats for active domain are fine because we either drop disks
with unavailable sources or clean source which is handled
by virStorageSourceIsEmpty in qemuDomainGetStatsOneBlockFallback.
We have these logs for successful stats since 25aa7035d (version 1.2.15)
which in turn fixes 596a13713 (version 1.2.12 )which added substantial
stats for offline disks.
[1] error message example:
qemuOpenFileAs:3324 : Failed to open file '/path/to/optional/disk': No such file or directory
Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
Marc Hartmayer [Mon, 29 Oct 2018 17:34:58 +0000 (18:34 +0100)]
qemu: Introduce caching whether /dev/kvm is accessible
Introduce caching whether /dev/kvm is usable as the QEMU user:QEMU
group. This reduces the overhead of the QEMU capabilities cache
lookup. Before this patch there were many fork() calls used for
checking whether /dev/kvm is accessible. Now we store the result
whether /dev/kvm is accessible or not and we only need to re-run the
virFileAccessibleAs check if the ctime of /dev/kvm has changed.
Suggested-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Marc Hartmayer <mhartmay@linux.ibm.com> Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Michal Privoznik [Tue, 25 Sep 2018 12:15:24 +0000 (14:15 +0200)]
tools: Provide a script to recover fubar'ed XATTRs setup
Our code is not bug free. The refcounting I introduced will
almost certainly not work in some use cases. Provide a script
that will remove all the XATTRs set by libvirt so that it can
start cleanly.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
This test checks if security label remembering works correctly.
It uses qemuSecurity* APIs to do that. And some mocking (even
though it's not real mocking as we are used to from other tests
like virpcitest). So far, only DAC driver is tested.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
When iterating over list of paths/disk sources to relabel it may
happen that the process fails at some point. In that case, for
the sake of keeping seclabel refcount (stored in XATTRs) in sync
with reality we have to perform rollback. However, if that fails
too the only thing we can do is warn user.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Michal Privoznik [Tue, 25 Sep 2018 15:07:23 +0000 (17:07 +0200)]
security_selinux: Restore label on failed setfilecon() attempt
It's important to keep XATTRs untouched (well, in the same state
they were in when entering the function). Otherwise our
refcounting would be messed up.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Michal Privoznik [Wed, 19 Sep 2018 08:06:44 +0000 (10:06 +0200)]
security_selinux: Remember old labels
Similarly to what I did in DAC driver, this also requires the
same SELinux label to be used for shared paths. If a path is
already in use by a domain (or domains) then and the domain we
are starting now wants to access the path it has to have the same
SELinux label. This might look too restrictive as the new label
can still guarantee access to already running domains but in
reality it is very unlikely and usually an admin mistake.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Michal Privoznik [Tue, 25 Sep 2018 14:32:47 +0000 (16:32 +0200)]
security_selinux: Track if transaction is restore
It is going to be important to know if the current transaction we
are running is a restore operation or set label operation so that
we know whether to call virSecurityGetRememberedLabel() or
virSecuritySetRememberedLabel(). That is, whether we are in a
restore and therefore have to fetch the remembered label, or we
are in set operation and therefore have to store the original
label.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Michal Privoznik [Tue, 25 Sep 2018 11:33:28 +0000 (13:33 +0200)]
virSecurityDACRestoreImageLabelInt: Restore even shared/RO disks
Now that we have seclabel remembering we can safely restore
labels for shared and RO disks. In fact we need to do that to
keep seclabel refcount stored in XATTRs in sync with reality.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
This also requires the same DAC label to be used for shared
paths. If a path is already in use by a domain (or domains) then
and the domain we are starting now wants to access the path it
has to have the same DAC label. This might look too restrictive
as the new label can still guarantee access to already running
domains but in reality it is very unlikely and usually an admin
mistake.
This requirement also simplifies seclabel remembering, because we
can store only one seclabel and have a refcounter for how many
times the path is in use. If we were to allow different labels
and store them in some sort of array the algorithm to match
labels to domains would be needlessly complicated.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Michal Privoznik [Tue, 20 Nov 2018 12:05:08 +0000 (13:05 +0100)]
security_dac: Allow callers to enable/disable label remembering/recall
Because the implementation that will be used for label
remembering/recall is not atomic we have to give callers a chance
to enable or disable it. That is, enable it if and only if
metadata locking is enabled. Otherwise the feature MUST be turned
off.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Michal Privoznik [Tue, 25 Sep 2018 08:36:13 +0000 (10:36 +0200)]
virSecurityDACTransactionRun: Implement rollback
When iterating over list of paths/disk sources to relabel it may
happen that the process fails at some point. In that case, for
the sake of keeping seclabel refcount (stored in XATTRs) in sync
with reality we have to perform rollback. However, if that fails
too the only thing we can do is warn user.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Michal Privoznik [Mon, 24 Sep 2018 15:10:06 +0000 (17:10 +0200)]
security_dac: Restore label on failed chown() attempt
It's important to keep XATTRs untouched (well, in the same state
they were in when entering the function). Otherwise our
refcounting would be messed up.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Luyao Huang [Wed, 19 Dec 2018 03:17:01 +0000 (11:17 +0800)]
virsh: Fix vcpupin command output wrong vcpu pinning info
Commit 3072ded3 changed the waya to format the vcpu pinning info
and forget to get cpumap for each vcpu during the loop, that cause
vcpupin command will display vcpu 0 info for other vcpus.
John Ferlan [Mon, 17 Dec 2018 12:07:44 +0000 (07:07 -0500)]
remote: Resolve resource leak
Using a combination of VIR_ALLOC and VIR_STRDUP into a local
variable and then jumping to error on the VIR_STRDUP before
assiging it into the @data would cause a memory leak. Let's
just avoid that by assiging directly into @data.
Signed-off-by: John Ferlan <jferlan@redhat.com> ACKed-by: Michal Privoznik <mprivozn@redhat.com>
John Ferlan [Mon, 17 Dec 2018 12:02:26 +0000 (07:02 -0500)]
tests: Fix possible NULL derefs in virErrorTestMsgs
Add guards to avoid calling strchr when @err_noinfo == NULL or
calling virErrorTestMsgFormatInfoOne when @err_info == NULL as
both would fail with a NULL deref.
Signed-off-by: John Ferlan <jferlan@redhat.com> ACKed-by: Peter Krempa <pkrempa@redhat.com>
logging: ensure pending I/O is drained before reading position
The virtualization driver has two connections to the virtlogd daemon,
one pipe fd for writing to the log file, and one socket fd for making
RPC calls. The typical sequence is to write some data to the pipe fd and
then make an RPC call to determine the current log file offset.
Unfortunately these two operations are not guaranteed to be handling in
order by virtlogd. The event loop for virtlogd may identify an incoming
event on both the pipe fd and socket fd in the same iteration of the
event loop. It is then entirely possible that it will process the socket
fd RPC call before reading the pending log data from the pipe fd.
As a result the virtualization driver will get an outdated log file
offset reported back.
This can be seen with the QEMU driver where, when a guest fails to
start, it will randomly include too much data in the error message it
has fetched from the log file.
The solution is to ensure we have drained all pending data from the pipe
fd before reporting the log file offset. The pipe fd is always in
blocking mode, so cares needs to be taken to avoid blocking. When
draining this is taken care of by using poll(). The extra complication
is that they might already be an event loop dispatch pending on the pipe
fd. If we have just drained the pipe this pending event will be invalid
so must be discarded.
See also https://bugzilla.redhat.com/show_bug.cgi?id=1356108
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
If an editor has an XML file open, it may create a temporary . file. The
existance of this file will cause the virschematest to fail, so just
skip these editor temp files.
Reviewed-by: Andrea Bolognani <abologna@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Jim Fehlig [Fri, 14 Dec 2018 21:44:57 +0000 (14:44 -0700)]
docs: Improve description of <hard_limit>
/domain/memtune/hard_limit provides a way to cap the memory a VM process
can use, including the amount of memory the process can lock. When memory
locking of a VM is requested, <hard_limit> can be used to prevent the
potential host DoS issue mentioned in /domain/memoryBacking/locked
description.
This patch improves the <hard_limit> text by clarifying it can be used
to prevent "host crashing" when VM memory is locked.
The arguments to the N_() macro must only ever be a literal string. It
is not possible to use macro arguments, or use macro string
concatenation in this context. The N_() macro is a no-op whose only
purpose is to act as a marker for xgettext when it extracts translatable
strings from the source code. Anything other than a literal string will
be silently ignored by xgettext.
Unfortunately this means that the clever MSG, MSG2 & MSG_EXISTS macros
used for building up error message strings have prevented any of the
error messages getting marked for translation. We must sadly, revert to
a more explicit listing of strings for now.
Reviewed-by: Jiri Denemark <jdenemar@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Jiri Denemark [Thu, 15 Nov 2018 14:25:46 +0000 (15:25 +0100)]
qemu: Add support for postcopy-requests migration statistics
QEMU can report how many times during post-copy migration the domain
running on the destination host tried to access a page which has not
been migrated yet.
Signed-off-by: Jiri Denemark <jdenemar@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
qemu: use line breaks in command line args written to log
The QEMU command line arguments are very long and currently all written
on a single line to /var/log/libvirt/qemu/$GUEST.log. This introduces
logic to add line breaks after every env variable and "-" optional
argument, and every positional argument. This will create a clearer log
file, which will in turn present better in bug reports when people cut +
paste from the log into a bug comment.
The virCommand APIs do not expect to be given a NULL value for an arg
name or value. Such a mistake can lead to execution of the wrong
command, as the NULL may prematurely terminate the list of args.
Detect this and report suitable error messages.
This identified a flaw in the storage test which was passing a NULL
instead of the volume path. This flaw was then validated by an incorrect
set of qemu-img args as expected data.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
There is a limit on the number of lines in the /proc/<pid>/{g,u}id_map
files. In Linux 4.14 and earlier, this limit was (arbitrarily) set at
5 lines. Since Linux 4.15, which was released on 28 Jan 2018, the limit
is 340 lines.
Peter Krempa [Wed, 5 Dec 2018 13:41:18 +0000 (14:41 +0100)]
util: error: Put error code messages into an array
Simplify adding of new errors by just adding them to the array of
messages rather than having to add conversion code.
Additionally most of the messages add the format string part as a suffix
so we can avoid some of the duplication by using a macro which adds the
suffix to the original string. This way most messages fit into the 80
column limit and only 3 exceed 100 colums.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Erik Skultety <eskultet@redhat.com>
Peter Krempa [Mon, 12 Nov 2018 09:33:01 +0000 (10:33 +0100)]
tests: Add test for virErrorMsg message constraints
Make sure that we don't add any broken error message strings any more.
This ensures that both the version with and without additional info is
populated, the version without info does not have any formatting
modifiers and the version with info has exactly one.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Erik Skultety <eskultet@redhat.com>
Peter Krempa [Thu, 13 Dec 2018 11:32:29 +0000 (12:32 +0100)]
util: error: Reword some unused error messages
Simplify wording of the error string for VIR_ERR_OPEN_FAILED and
VIR_ERR_CALL_FAILED. The error codes itself are currently unused so it
will not impact any client.
This will simplify upcomming patch which refactors how we convert these.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Erik Skultety <eskultet@redhat.com>
Peter Krempa [Mon, 12 Nov 2018 15:00:03 +0000 (16:00 +0100)]
util: error: Add error message versions with info for some error codes
Few error codes were missing the version of the message with additional
info. In case of the modified messages it's not very likely they'll ever
report any additional data, but for the sake of consistency we should
provide them.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Erik Skultety <eskultet@redhat.com>
projects / libvirt.git / log