Paolo Bonzini [Tue, 12 Dec 2017 15:23:40 +0000 (16:23 +0100)]
conf: include x86 microcode version in virsh capabilities
A microcode update can cause the CPUID bits to change; an example
from the past was the update that disabled TSX on several Haswell and
Broadwell machines.
In order to track the x86 microcode version in the QEMU capabilities,
we have to fetch it and store it in the host CPU. This also makes the
version visible in "virsh capabilities", which is a nice side effect.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Commit id 'dc692438' reverted the automagic addition of a SCSI
controller attempt during virDomainHostdevAssignAddress; however,
the logic to determine where to place the next_unit depended upon
the "new" controller being added. Without the new controller the
the next time through the call for the next SCSI hostdev found
would result in the "next_unit" never changing from 0 (zero) and
as a result the addition of the device will fail due to being a
duplicate unit number of the first with the error message:
virDomainDefCheckDuplicateDriveAddresses:$line : unsupported
configuration: SCSI host address controller='0' bus='1'
target='0' unit='0' in use by another SCSI host device
So instead of walking the controller list looking for SCSI
controllers, all we can do is "pretend" that they exist and
allow other code to create them later as necessary.
John Ferlan [Mon, 4 Dec 2017 20:52:57 +0000 (15:52 -0500)]
conf: Use existing SCSI hostdev model to create new
In virDomainDefMaybeAddHostdevSCSIcontroller when we add a new
controller because someone neglected to add one or we're adding
one because the existing one is full, we should copy over the
model number from the existing controller since whatever we
create should at least have the same characteristics as the one
we cannot use because it's full.
NB: This affects the existing hostdev-scsi-autogen-address test
which would add a default ('lsi') SCSI controller for the various
scsi_host's that would create a controller for the hostdev.
John Ferlan [Mon, 4 Dec 2017 19:33:30 +0000 (14:33 -0500)]
qemu: Use same model when adding hostdev SCSI controller
When qemuDomainFindOrCreateSCSIDiskController adds a controller,
let's use the same model as a currently found controller under the
assumption that the reason to add the controller in hotplug is
because virDomainHostdevAssignAddress determined that there were
too many devices on the existing controller, but only assigned a
new controller index and did not add a new controller and we
desire to use the same controller model as any existing controller
and not take a chance that qemuDomainSetSCSIControllerModel would
use a default that may be incompatible.
John Ferlan [Wed, 22 Nov 2017 16:55:10 +0000 (11:55 -0500)]
nodedev: Move device enumumeration out of nodeStateInitialize
Let's move the udevEnumerateDevices into a thread to "speed
up" the initialization process. If the enumeration fails we
can set the Quit flag to ensure that udevEventHandleCallback
will not run.
Signed-off-by: John Ferlan <jferlan@redhat.com> Reviewed-by: Erik Skultety <eskultet@redhat.com>
Marc Hartmayer [Thu, 21 Dec 2017 14:29:08 +0000 (15:29 +0100)]
rpc: Replace virNetServerClientNeedAuth with virNetServerClientIsAuthenticated
Replace virNetServerClientNeedAuth with
virNetServerClientIsAuthenticated because it makes it clearer what it
means.
Signed-off-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com> Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com> Reviewed-by: Stefan Zimmermann <stzi@linux.vnet.ibm.com>
Marc Hartmayer [Thu, 21 Dec 2017 14:29:07 +0000 (15:29 +0100)]
rpc: Remove virNetServerClientNeedAuthLocked
'Squash' virNetServerClientNeedAuthLocked into
virNetServerClientNeedAuth and remove virNetServerClientNeedAuthLocked
as it's not longer needed.
Signed-off-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com> Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com> Reviewed-by: Stefan Zimmermann <stzi@linux.vnet.ibm.com>
Marc Hartmayer [Thu, 21 Dec 2017 14:29:06 +0000 (15:29 +0100)]
tests: virnetdaemontest: Enable testing for 'auth_pending'
Enable testing for 'auth_pending' in the virnetdaemon test case.
Signed-off-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com> Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com> Reviewed-by: John Ferlan <jferlan@redhat.com>
Marc Hartmayer [Thu, 21 Dec 2017 14:29:05 +0000 (15:29 +0100)]
rpc: virnetserver: Fix race on srv->nclients_unauth
There is a race between virNetServerProcessClients (main thread) and
remoteDispatchAuthList/remoteDispatchAuthPolkit/remoteSASLFinish (worker
thread) that can lead to decrementing srv->nclients_unauth when it's
zero. Since virNetServerCheckLimits relies on the value
srv->nclients_unauth the underrun causes libvirtd to stop accepting
new connections forever.
Example race scenario (assuming libvirtd is using policykit and the
client is privileged):
1. The client calls the RPC remoteDispatchAuthList =>
remoteDispatchAuthList is executed on a worker thread (Thread
T1). We're assuming now the execution stops for some time before
the line 'virNetServerClientSetAuth(client, 0)'
2. The client closes the connection irregularly. This causes the
event loop to wake up and virNetServerProcessClient to be
called (on the main thread T0). During the
virNetServerProcessClients the srv lock is hold. The condition
virNetServerClientNeedAuth(client) will be checked and as the
authentication is not finished right now
virNetServerTrackCompletedAuthLocked(srv) will be called =>
--srv->nclients_unauth => 0
3. The Thread T1 continues, marks the client as authenticated, and
calls virNetServerTrackCompletedAuthLocked(srv) =>
--srv->nclients_unauth => --0 => wrap around as nclient_unauth is
unsigned
4. virNetServerCheckLimits(srv) will disable the services forever
To fix it, add an auth_pending field to the client struct so that it
is now possible to determine if the authentication process has already
been handled for this client.
Setting the authentication method to none for the client in
virNetServerProcessClients is not a proper way to indicate that the
counter has been decremented, as this would imply that the client is
authenticated.
Additionally, adjust the existing test cases for this new field.
Signed-off-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com> Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
Marc Hartmayer [Thu, 21 Dec 2017 14:29:04 +0000 (15:29 +0100)]
rpc: Introduce virNetServerSetClientAuthenticated
Combine virNetServerClientSetAuth(client,
VIR_NET_SERVER_SERVICE_AUTH_NONE) and virNetServerTrackCompletedAuth
into one new function named virNetServerSetClientAuthenticated.
After using this new function the function
virNetServerTrackCompletedAuth was superfluous and is therefore
removed. In addition, it is not very common that a
'{{function}}' (virNetServerTrackCompletedAuth) does more than just
the locking compared to
'{{function}}Locked' (virNetServerTrackCompletedAuthLocked).
virNetServerTrackPendingAuth was already superfluous and therefore
it's also removed.
Signed-off-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com> Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com> Reviewed-by: Stefan Zimmermann <stzi@linux.vnet.ibm.com> Reviewed-by: John Ferlan <jferlan@redhat.com>
Marc Hartmayer [Thu, 21 Dec 2017 14:29:03 +0000 (15:29 +0100)]
rpc: Correct locking and simplify the function
The lock for @client must not only be held for the duration of
checking whether the client wants to close, but also for as long as
we're closing the client. The same applies to the tracking of
authentications.
Signed-off-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com>
Marc Hartmayer [Thu, 21 Dec 2017 14:29:02 +0000 (15:29 +0100)]
rpc: Refactor the condition whether a client needs authentication
Add virNetServerClientAuthMethodImpliesAuthenticated() for deciding
whether a authentication method implies that a client is automatically
authenticated or not. Use this new function in
virNetServerClientNeedAuthLocked().
Signed-off-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com> Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com> Reviewed-by: Stefan Zimmermann <stzi@linux.vnet.ibm.com>
Marc Hartmayer [Thu, 21 Dec 2017 14:29:01 +0000 (15:29 +0100)]
rpc: First test if authentication is required
This makes the code more efficient.
Signed-off-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com> Reviewed-by: Bjoern Walk <bwalk@linux.vnet.ibm.com> Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com> Reviewed-by: Stefan Zimmermann <stzi@linux.vnet.ibm.com> Reviewed-by: John Ferlan <jferlan@redhat.com>
Marc Hartmayer [Thu, 21 Dec 2017 14:29:00 +0000 (15:29 +0100)]
rpc: Be more precise in which cases the authentication is needed and introduce *Locked
Be more precise in which cases the authentication is needed and
introduce *Locked.
Signed-off-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com> Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com> Reviewed-by: Bjoern Walk <bwalk@linux.vnet.ibm.com> Reviewed-by: Stefan Zimmermann <stzi@linux.vnet.ibm.com> Reviewed-by: John Ferlan <jferlan@redhat.com>
Marc Hartmayer [Thu, 21 Dec 2017 14:28:59 +0000 (15:28 +0100)]
rpc: Add typedef for the anonymous enum used for authentication methods
Add typedef for the anonymous enum used for the authentication methods
and remove the default case. This allows the usage of the type in a
switch statement and taking advantage of the compilers feature to
detect uncovered cases.
Signed-off-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com> Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com> Reviewed-by: Stefan Zimmermann <stzi@linux.vnet.ibm.com> Reviewed-by: John Ferlan <jferlan@redhat.com>
Marc Hartmayer [Thu, 21 Dec 2017 14:28:58 +0000 (15:28 +0100)]
rpc: Use the enum value instead of a numerical value
Signed-off-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com> Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com> Reviewed-by: Bjoern Walk <bwalk@linux.vnet.ibm.com> Reviewed-by: Stefan Zimmermann <stzi@linux.vnet.ibm.com> Reviewed-by: John Ferlan <jferlan@redhat.com>
Direct leak of 104 byte(s) in 1 object(s) allocated from:
#0 0x7f904bfbe12b (/lib64/liblsan.so.0+0xe12b)
#1 0x7f904ba0ad67 in virAlloc ../../src/util/viralloc.c:144
#2 0x7f904bbc11a4 in virNetMessageNew ../../src/rpc/virnetmessage.c:42
#3 0x7f904bbb8e77 in virNetServerClientNewInternal ../../src/rpc/virnetserverclient.c:392
#4 0x7f904bbb9921 in virNetServerClientNew ../../src/rpc/virnetserverclient.c:440
#5 0x402ce5 in testIdentity ../../tests/virnetserverclienttest.c:55
#6 0x403bed in virTestRun ../../tests/testutils.c:180
#7 0x402c1e in mymain ../../tests/virnetserverclienttest.c:146
#8 0x404c80 in virTestMain ../../tests/testutils.c:1119
#9 0x4030d5 in main ../../tests/virnetserverclienttest.c:152
#10 0x7f9047f7f889 in __libc_start_main (/lib64/libc.so.6+0x20889)
Indirect leak of 4 byte(s) in 1 object(s) allocated from:
#0 0x7f904bfbe12b (/lib64/liblsan.so.0+0xe12b)
#1 0x7f904ba0adc7 in virAllocN ../../src/util/viralloc.c:191
#2 0x7f904bbb8ec7 in virNetServerClientNewInternal ../../src/rpc/virnetserverclient.c:395
#3 0x7f904bbb9921 in virNetServerClientNew ../../src/rpc/virnetserverclient.c:440
#4 0x402ce5 in testIdentity ../../tests/virnetserverclienttest.c:55
#5 0x403bed in virTestRun ../../tests/testutils.c:180
#6 0x402c1e in mymain ../../tests/virnetserverclienttest.c:146
#7 0x404c80 in virTestMain ../../tests/testutils.c:1119
#8 0x4030d5 in main ../../tests/virnetserverclienttest.c:152
#9 0x7f9047f7f889 in __libc_start_main (/lib64/libc.so.6+0x20889)
SUMMARY: LeakSanitizer: 108 byte(s) leaked in 2 allocation(s).
Signed-off-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com> Reviewed-by: John Ferlan <jferlan@redhat.com>
Marc Hartmayer [Thu, 21 Dec 2017 14:28:56 +0000 (15:28 +0100)]
rpc: Remove duplicate declaration of virNetServerAddClient
Signed-off-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com> Reviewed-by: Bjoern Walk <bwalk@linux.vnet.ibm.com> Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com> Reviewed-by: Stefan Zimmermann <stzi@linux.vnet.ibm.com> Reviewed-by: John Ferlan <jferlan@redhat.com>
Eduardo Habkost [Thu, 28 Dec 2017 17:41:28 +0000 (15:41 -0200)]
qemu_cgroup: Fix 'rc' argument on virDomainAuditCgroupPath() calls
All calls to virDomainAuditCgroupPath() were passing 'rc == 0' as
argument, when it was supposed to pass the 'rc' value directly.
As a consequence, the audit events that were supposed to be
logged (actual cgroup changes) were never being logged, and bogus
audit events were logged when using regular files as disk image.
Fix all calls to use the return value of
virCgroup{Allow,Deny}Device*() directly as the 'rc' argument.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Julio Faracco [Tue, 2 Jan 2018 18:52:20 +0000 (16:52 -0200)]
storage: Fixing missing 'backingStore' tag from volume XML dumps.
After commit a693fdb 'vol-dumpxml' missed the ability to show backingStore
information. This commit adds a volume type for files that fixes this
problem.
If a domain has no numa nodes, that means we don't put any
memory-backend-file onto the qemu command line. That in turn
means we can't set access='shared'. Therefore, we should produce
an error instead of ignoring the setting silently.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Peter Krempa [Wed, 20 Dec 2017 12:09:07 +0000 (13:09 +0100)]
qemu: monitor: Decrease logging verbosity
The PROBE macro used in qemuMonitorIOProcess and the VIR_DEBUG message
in qemuMonitorJSONIOProcess create a lot of logging churn when debug
logging is enabled during monitor communication.
The messages logged from the PROBE macro are rather useless since they
are reporting the partial state of receiving the reply from qemu. The
actual full reply is still logged in qemuMonitorJSONIOProcessLine once
the full message is received.
Cédric Bosdonnat [Mon, 18 Dec 2017 14:48:33 +0000 (15:48 +0100)]
lxc: set a hostname based on the container name
Set a transient hostname on containers. The hostname is computed from
the container name, only keeping the valid characters [a-zA-Z0-9-] in it.
This filtering is based on RFC 1123 and allows a digit to start the
hostname.
On live migration with --p2p like:
$ virsh migrate --live --p2p kvmguest-bionic-normal \
qemu+ssh://10.6.221.80/system
We hit an apparmor deny like:
apparmor="DENIED" operation="file_inherit"
profile="/usr/sbin/libvirtd" pid=23477 comm="ssh" family="unix"
sock_type="stream" protocol=0 requested_mask="send receive"
denied_mask="send" addr=none peer_addr=none peer="unconfined"
The rule is not perfect, but can't be restricted further at the moment
(new upstream kernel features needed). For now the lack of a profile on the
peer as well as comm not being a conditional on rules do not allow to filter
further.
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Michal Privoznik [Tue, 12 Dec 2017 12:52:50 +0000 (13:52 +0100)]
src: Export virDomainMemoryAccessType*String
These are already exported at header file level because of
VIR_ENUM_DECL being in numa_conf.h. However, they are not being
exported at object level because of missing libvirt_private.syms
record.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: John Ferlan <jferlan@redhat.com>
QEMU 2.7 and newer don't allow guests to start unless the initial
vCPUs count is a multiple of the vCPU hotplug granularity, so
validate it and report an error if needed.
Andrea Bolognani [Thu, 14 Dec 2017 14:29:28 +0000 (15:29 +0100)]
qemu: Invert condition nesting in qemuDomainDefValidate()
While at the moment we're only performing a single check that is
connected to vCPU hotplugging, we're going to introduce a second
one soon. Move the topology check underneath the capability check
to make that easier; since, after this change, the 'topologycpus'
variable doesn't need to have function scope, we move its
declaration to the inner scope as well.
The comments around the check are modified in order to explain
the different QEMU versions involved.
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
John Ferlan [Wed, 20 Dec 2017 11:36:26 +0000 (06:36 -0500)]
qemu: Move TCP and haveTLS checks into qemuDomainDelChardevTLSObjects
Similar to qemuDomainAddChardevTLSObjects let's move the chardev
source must be TCP and it has the @haveTLS flag set checks before
trying to delete the TLS objects.
For the Chr device this represents no change; however, for RNG device
this is an additionaly check that was missed in commit id '68808516'.
Before adding the objects, TCP and haveTLS are checked.
Cédric Bosdonnat [Wed, 20 Dec 2017 16:36:10 +0000 (17:36 +0100)]
netserver: close clients before stopping all drivers
So far clients were closed when disposing the daemon, after the state
driver cleanup. This was leading to libvirtd crashing at shutdown due
to missing driver.
Moving the client close in virNetServerClose() fixes the problem.
Cédric Bosdonnat [Mon, 11 Dec 2017 10:09:31 +0000 (11:09 +0100)]
virt-aa-helper: handle more disk images
virt-aa-helper needs read access to the disk image to resolve symlinks
and add the proper rules to the profile. Its profile whitelists a few
common paths, but users can place their images anywhere.
This commit helps users allowing access to their images by adding their
own rules in apparmor.d/local/usr.lib.libvirt.virt-aa-helper.
This commit also adds rules to allow reading files named:
- *.raw as this is a rather common disk image extension
- /run/libvirt/**[vd]d[a-z] as these are used by virt-sandbox
which is fine if on a host with GNU make, but on *BSD running
'make' will end in tears. We should tell users to run 'gmake'
on these platforms. If 'gmake' doesn't exist then we should
report an error too
"GNU make is required to build libvirt"
Reviewed-by: Andrea Bolognani <abologna@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Jim Fehlig [Fri, 15 Dec 2017 22:28:49 +0000 (15:28 -0700)]
Improve filtering of Xen domain0 in libvirt-guests
The list_guests function in libvirt-guests uses 'grep -v' to filter
Xen domain0 from a list of guests. If domain0 is the only item in
the list, 'grep -v' returns 1, causing the 'stop' operation to fail
when action is 'suspend'. Improve the filtering by using sed to remove
domain0 from the list of guests.
Erik Skultety [Wed, 13 Dec 2017 13:39:40 +0000 (14:39 +0100)]
admin: Use the connection to determine a client is connected readonly
Prior to this change, we relied solely on the inherited readonly
attribute of a service's socket. This only worked for our UNIX sockets
(and only to some degree), but doesn't work for TCP sockets which are RW
by default, but such connections support RO as well. This patch forces
an update on the client object once we have established a connection to
reflect the nature of the connection itself rather than relying on the
underlying socket's attributes.
Clients connected to the admin server have always been connected as RW
only.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1524399 Signed-off-by: Erik Skultety <eskultet@redhat.com>
The use of [[:blank:]] was intended to cover tabs as well, but
it couldn't possibly work in its current form, so the regex was
tweaked in d09429abe826.
With the original reason for using [[:blank:]] now gone, we can
replace its usage with plain spaces. A comment about the purpose
of the check is added as well.
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Laine Stump [Tue, 12 Dec 2017 21:18:07 +0000 (16:18 -0500)]
qemu: log error on attempts to set filterref on an OVS-connected interface
ebtables/iptables processing is skipped for any interface connected to
Open vSwitch (they have their own packet filtering), likewise for
midonet (according to
http://blog.midokura.com/2016/04/midonet-rule-chains), but libvirt
would allow adding a <filterref> to interfaces connected in these
ways, so the user might mistakenly believe they were being protected.
This patch checks for a non-NULL <virtualport> element for an
interface (or its network) and logs an error if <virtualport> and
<filterref> are both present. This could cause some previously working
domains to no longer start, but that's really the whole point of this
patch - to warn people that their filterref isn't protecting them as
they might have thought.
I don't bother checking this during post-parse validation, because
such a check would be incomplete - it's possible that a network would
have a <virtualport> that would be applied to an interface, and you
can't know that until the domain is started.
Laine Stump [Mon, 11 Dec 2017 19:26:54 +0000 (14:26 -0500)]
qemu: delete exist bandwidth restrictions when they are removed from config
When the <bandwidth> of an interface is changed with update-device,
the old settings are cleared with tc, then new settings added with
tc. But if the <bandwidth has been removed, the old settings weren't
being removed, so the bandwidth restrictions would still be active on
the interface although the interface status in libvirt showed that
they had been removed.
This patch fixes it by calling virNetDevBandwidthClear() if the
"modification" to the interface bandwidth was to completely clear
it.
An alternative could have been to modify virNetDevBandwidthSet() to
always clear existing bandwith settings at the beginning of the
function (currently it short circuits in that case, doing nothing),
but that would have led to cases where virNetDevBandwidthClear() was
now being called in cases where it previously wasn't, and while many
of those cases would be NOPs, there could be cases where it would
cause an error. The way this patch works, the ...Clear() function is
only called in cases where the ...Set() function had previously been
called successfully, so the risk of regression is minimized.
Peter Krempa [Tue, 12 Dec 2017 16:55:03 +0000 (17:55 +0100)]
conf: Add infrastructure for disk source private data XML
VM drivers may need to store additional private data to the status XML
so that it can be restored after libvirtd restart. Since not everything
is needed add a callback infrastructure, where VM drivers can add only
stuff they need.
Note that the private data is formatted as a <privateData> sub-element
of the <disk> or <backingStore> <source> sub-element. This is done since
storing it out of band (in the VM private data) would require a complex
matching process to allow to put the data into correct place.
John Ferlan [Tue, 12 Dec 2017 13:33:48 +0000 (08:33 -0500)]
util: Fix error path in virSCSIVHostOpenVhostSCSI
We cannot be sure someone initialized the passed *vhostfd and we
certainly don't want or need to be calling VIR_FORCE_CLOSE on what
probably is -1. So let's just return -1 immediately.
John Ferlan [Tue, 12 Dec 2017 11:30:31 +0000 (06:30 -0500)]
qemu: Need to assign PCI address to vhost-scsi
Commit id '70249927b' neglected to cover this case because the test
had taken the "shortcut" to already add the <address>; however, when
the PCI address assignment code was adjusted by commit id '70249927'
the vhost-scsi (VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_SCSI_HOST) wasn't
covered thus returning a 0 for pciFlags. So I altered the tests too
to make sure it doesn't happen again.
Previously the qemuxml2xmloutdata was a softlink to the source
qemuxml2argvdata, so I unlinked and recreated the output file to
force generation of the adddress. Without the test changes, an
address generation returns:
libvirt: Domain Config error : internal error: Cannot automatically
add a new PCI bus for a device with connect flags 00
if an address was supplied in the test, a restart of libvirtd or
edit of a guest would display the following opaque message:
warning : qemuDomainCollectPCIAddress:1237 :
qemuDomainDeviceCalculatePCIConnectFlags() thinks that the device
with PCI address 0000:00:09.0 should not have a PCI address
where the address is related to the guest PCI address provided.
John Ferlan [Tue, 5 Dec 2017 21:03:34 +0000 (16:03 -0500)]
qemu: Tolerate storage source private data being NULL for hotplug SCSI hostdev
Commit id 'c5c96545' neglected to validate that the srcPriv was
non-NULL before dereferencing. Similar problem to what was fixed
by commit id '8056721c' but missed during multiple rebases and
code reworks.
John Ferlan [Mon, 9 Oct 2017 17:34:45 +0000 (13:34 -0400)]
storage: Convert virStoragePoolObjList to use virObjectRWLockable
Now that we have a private storage pool list, we can take the next
step and convert to using objects. In this case, we're going to use
RWLockable objects (just like every other driver) with two hash
tables for lookup by UUID or Name.
Along the way the ForEach and Search API's will be adjusted to use
the related Hash API's and the various FindBy functions altered and
augmented to allow for HashLookup w/ and w/o the pool lock already
taken.
After virStoragePoolObjRemove we will need to virObjectUnref(obj)
after to indicate the caller is "done" with it's reference. The
Unlock occurs during the Remove.
The NumOf, GetNames, and Export functions all have their own callback
functions to return the required data and the FindDuplicate code
can use the HashSearch function callbacks.
John Ferlan [Fri, 24 Nov 2017 13:17:02 +0000 (08:17 -0500)]
storage: Fix path check in storagePoolLookupByTargetPath
Commit id '5ab746b8' introduced the function as perhaps a copy
of storageVolLookupByPath; however, it did not use the @cleanpath
variable even though it used the virFileSanitizePath. So in essance
the only "check" being done for failure is whether it was possible
to strdup the path.
Looking at the virStoragePoolDefParseXML one will note that the
target.path is stored using the result of virFileSanitizePath.
Therefore, this function should sanitize and use the input @path
for the argument to storagePoolLookupByTargetPathCallback which
is comparing against stored target.path values.
Additionally, if there was an error we should use the proper error
of VIR_ERR_NO_STORAGE_POOL (instead of VIR_ERR_NO_STORAGE_VOL).
Marc Hartmayer [Wed, 13 Dec 2017 10:56:13 +0000 (11:56 +0100)]
audit: Log only an info message if audit_level < 2 and audit is not supported
Replace the error message during startup of libvirtd with an info
message if audit_level < 2 and audit is not supported by the
kernel. Audit is not supported by the current kernel if the kernel
does not have audit compiled in or if audit is disabled (e.g. by the
kernel cmdline).
Signed-off-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com> Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com> Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
==25251== 5 bytes in 1 blocks are definitely lost in loss record 7 of 81
==25251== at 0x4C2BEDF: malloc (vg_replace_malloc.c:299)
==25251== by 0x967E379: strdup (in /lib64/libc-2.25.so)
==25251== by 0x5366F9F: virStrdup (virstring.c:941)
==25251== by 0x538BF1D: virDomainCapsNew (domain_capabilities.c:121)
==25251== by 0x10EACE: test_virDomainCapsFormat (domaincapstest.c:295)
==25251== by 0x10FBD2: virTestRun (testutils.c:180)
==25251== by 0x10F192: mymain (domaincapstest.c:457)
==25251== by 0x111C7F: virTestMain (testutils.c:1119)
==25251== by 0x10FA3C: main (domaincapstest.c:528)
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: John Ferlan <jferlan@redhat.com>
Michal Privoznik [Tue, 12 Dec 2017 14:00:15 +0000 (15:00 +0100)]
xenMakeIPList: Don't leak @address_array
==32171== 32 bytes in 1 blocks are definitely lost in loss record 44 of 107
==32171== at 0x4C2DEF6: calloc (vg_replace_malloc.c:711)
==32171== by 0x55744A9: virAllocN (viralloc.c:191)
==32171== by 0x12CED2: xenMakeIPList (xen_common.c:1186)
==32171== by 0x12D0BE: xenFormatNet (xen_common.c:1221)
==32171== by 0x12F0D2: xenFormatVif (xen_common.c:1889)
==32171== by 0x12F2B4: xenFormatConfigCommon (xen_common.c:1944)
==32171== by 0x13BA32: xenFormatXL (xen_xl.c:1971)
==32171== by 0x1186CA: testCompareParseXML (xlconfigtest.c:105)
==32171== by 0x118A64: testCompareHelper (xlconfigtest.c:205)
==32171== by 0x119E36: virTestRun (testutils.c:180)
==32171== by 0x11970E: mymain (xlconfigtest.c:301)
==32171== by 0x11BEE3: virTestMain (testutils.c:1119)
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: John Ferlan <jferlan@redhat.com>
==30399== 180 (144 direct, 36 indirect) bytes in 3 blocks are definitely lost in loss record 91 of 111
==30399== at 0x4C2E0FF: realloc (vg_replace_malloc.c:785)
==30399== by 0x5574572: virReallocN (viralloc.c:245)
==30399== by 0x5574668: virExpandN (viralloc.c:294)
==30399== by 0x55747AB: virResizeN (viralloc.c:352)
==30399== by 0x560074D: virStringSplitCount (virstring.c:115)
==30399== by 0x137A59: xenParseXLVnuma (xen_xl.c:442)
==30399== by 0x13952B: xenParseXL (xen_xl.c:1064)
==30399== by 0x11884D: testCompareFormatXML (xlconfigtest.c:152)
==30399== by 0x118A87: testCompareHelper (xlconfigtest.c:207)
==30399== by 0x119E36: virTestRun (testutils.c:180)
==30399== by 0x119186: mymain (xlconfigtest.c:274)
==30399== by 0x11BEE3: virTestMain (testutils.c:1119)
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: John Ferlan <jferlan@redhat.com>
If domain is active, but the undefine API was called without the
VIR_DOMAIN_UNDEFINE_KEEP_NVRAM flag set, the following incorrect
error message is produced:
error: Requested operation is not valid: cannot delete inactive domain with nvram
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Move the IDE controller check from command line building to
controller def validation. Also explicitly include the avoidance
check for the implicit IDE controller from qemuBuildSkipController.
Cause the IDE case for command line building to generate a
failure if called to add an IDE since that shouldn't happen
if the Validate code did the right thing.
Migration never removes any configuration files on the destination host.
Thus when the domain is already defined on the destination, it will stay
persistent even after migration without --persist.
Jiri Denemark [Thu, 7 Dec 2017 10:23:50 +0000 (11:23 +0100)]
qemu: Make sure host-model uses CPU model supported by QEMU
When reconnecting to a running domain started by old libvirt, which did
not change host-model into a custom CPU definition, we replace the CPU
definition with a specific CPU model from host capabilities. However,
that CPU model may not be supported by the running qemu process. We need
to translate the CPU model to one of the models which libvirt could have
used when starting the domain.
Peter Krempa [Thu, 7 Dec 2017 15:11:18 +0000 (16:11 +0100)]
qemu: blockjob: Reset disk source index after pivot
Since we are re-detecting the backing chain after pivoting to the active
block commit target (or block copy target) the disk index needs to be
reset to 0. This is necessary since we move a member of the backing
chain to disk->src but clear indexes only starting from
disk->src->backingStore. The freshly detected images have indexes
starting from 1, but since we've pivoted into an image which was
previously a backing store it would have a non-0 index.
The lookup function would then return the top of the chain for queries
like 'vda[1]' instead of the first backing store.
This problem will not be present once we keep the disk indexes stable.
Peter Krempa [Wed, 6 Dec 2017 15:20:07 +0000 (16:20 +0100)]
storage: Don't dereference driver object if virStorageSource is not initialized
virStorageFileReportBrokenChain uses data from the driver private data
pointer to print the user and group. This would lead to a crash in call
paths where we did not initialize the storage backend as recently added
in commit 24e47ee2b93 to qemuDomainDetermineDiskChain.
Currently we only describe setting the CN field for server certs. This leads
to inevitable pain for users who set it to the fully qualified hostname and
then use a unqualified hostname or IP address to connect in the URI. Describe
the usage of Subject Alt Name extensions, to provide multiple hostnames and
IP addresses. This will help users avoid the classic mistake and is important
future proofing, since at least in browsers, TLS libraries no longer use the
CN field for validation, mandating use of SAN info instead.
Reviewed-by: John Ferlan <jferlan@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
nwfilter: remove bogus 'protocolid' attribute on arp/rarp fields
Various example XML documents for arp/rarp filtering have a protocolid
XML attribute defined. This is never parsed or output by the libvirt XML
handling code, so shouldn't be present in example XML files either
Reviewed-by: John Ferlan <jferlan@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
The contents of a <rule> are a choice of exactly one union member. The
RNG schema, however, was allowing an arbitrary number of instances of every
union member at once.
Reviewed-by: John Ferlan <jferlan@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Lin Ma [Fri, 1 Dec 2017 11:31:30 +0000 (19:31 +0800)]
tests: Drop IDE controller in CCW
Adding an IDE controller for a machinetype that has no built-in IDE
controller, libvirt will log an error. Currently the machinetype list
which returns by qemuDomainMachineHasBuiltinIDE only includes 440fx,
malta, sun4u and g3beige.
Signed-off-by: Lin Ma <lma@suse.com> Signed-off-by: John Ferlan <jferlan@redhat.com>
Lin Ma [Fri, 1 Dec 2017 11:31:29 +0000 (19:31 +0800)]
tests: Remove use of IDE disk for pseries floppy test
Adding an IDE controller for a machinetype that has no built-in IDE
controller, libvirt will log an error. Currently the machinetype list
which returns by qemuDomainMachineHasBuiltinIDE only includes 440fx,
malta, sun4u and g3beige.
Remove the disk and the .args file since the expectation is the test
will fail in qemuxml2argvtest because floppy is not supported on pseries
and thus no disk is necessary and no .args file would be created to
compare against.
Signed-off-by: Lin Ma <lma@suse.com> Signed-off-by: John Ferlan <jferlan@redhat.com>
projects / libvirt.git / log