Peter Krempa [Thu, 14 Jun 2012 12:48:42 +0000 (14:48 +0200)]
qemu: Enable disconnecting SPICE clients without changing password
Libvirt updates the configuration of SPICE server only when something
changes. This is unfortunate when the user wants to disconnect a
existing spice session when the connected attribute is already
"disconnect".
This patch modifies the conditions for calling the password updater to
be called when nothing changes, but the connected attribute is already
"disconnect".
Michal Privoznik [Thu, 14 Jun 2012 12:18:31 +0000 (14:18 +0200)]
virsh: Report name from edited object
There is a little easter egg in virsh: one can easily clone
an object (domain, network, ...). Just 'virsh edit' change the name
and remove <uuid>. And then, in the end when reporting success
the new name was printed out.
However, with recent edit rewrite we lost the final part and are
still printing the original name out.
Michal Privoznik [Wed, 13 Jun 2012 09:11:27 +0000 (11:11 +0200)]
virsh: Honor reedit opts printing to a function
When printing reedit options we make stdin raw. However,
this results in stdout being raw as well. Therefore we need
to return carriage when doing new line. Unfortunately,
'\r' cannot be part of internationalized messages hence
we must move them to formatting string which then in turn
become huge and disarranged. To solve this, a new function
is introduced which takes variable string arguments and
prepend each with "\r\n" just before printing.
Peter Krempa [Thu, 14 Jun 2012 08:29:36 +0000 (10:29 +0200)]
qemu: Fix off-by-one error while unescaping monitor strings
While unescaping the commands the commands passed through to the monitor
function qemuMonitorUnescapeArg() initialized lenght of the input string
to strlen()+1 which is fine for alloc but not for iteration of the
string.
This patch fixes the off-by-one error and drops the pointless check for
a single trailing slash that is automaticaly handled by the default
branch of switch.
Peter Krempa [Wed, 13 Jun 2012 14:55:51 +0000 (16:55 +0200)]
virsh: Don't generate invalid XML in attach-disk command
The attach-disk command used with parameter --cache created an invalid
XML snippet as the beginning of the <driver> element was not printed
when used solely with --cache and no other attribute to driver.
Laine Stump [Mon, 4 Jun 2012 18:45:16 +0000 (14:45 -0400)]
network: fully support/use VIR_NETWORK_XML_INACTIVE flag
commit 52d064f42dbc857f4096dc60c0335395ffac73aa added
VIR_NETWORK_XML_INACTIVE in order to allow suppressing the
auto-generated list of VFs in network definitions, and a --inactive
flag to virsh net-dumpxml to take advantage of the flag. However, it
missed out on two opportunities:
1) Use INACTIVE to get the current config of the network as it
exists on disk, rather than the currently active config.
2) Add INACTIVE to the flags used for the virsh net-edit command, so
that it won't include the forward-pool interfaces that were
autogenerated, and so that a re-edit of the network prior to
restarting it will show any other edits made since the last restart
of the network. (prior to this patch, if you edited a network a 2nd
time without restarting, all of the previous edits would magically
disappear).
In order to fit with the new #define-based generic edit function in
virsh.c, a new function vshNetworkGetXMLDesc() was added. This
function first tries to call virNetworkGetXMLDesc with the INACTIVE
flag added, then retries without if the first attempt fails (in the
manner expected when the server doesn't support it).
A core use case of the hook scripts is to be able to do things
to a guest's network configuration. It is possible to hook into
the 'start' operation for a QEMU guest which runs just before
the guest is started. The TAP devices will exist at this point,
but the QEMU process will not. It can be desirable to have a
'started' hook too, which runs once QEMU has started.
If libvirtd is restarted it will re-populate firewall rules,
but there is no QEMU hook to trigger for existing domains.
This is solved with a 'reconnect' hook.
Finally, if attaching to an external QEMU process there needs
to be an 'attach' hook script.
This all also applies to the LXC driver
* docs/hooks.html.in: Document new operations
* src/util/hooks.c, src/util/hooks.c: Add 'started', 'reconnect'
and 'attach' operations for QEMU. Add 'prepare', 'started',
'release' and 'reconnect' operations for LXC
* src/lxc/lxc_driver.c: Add hooks for 'prepare', 'started',
'release' and 'reconnect' operations
* src/qemu/qemu_process.c: Add hooks for 'started', 'reconnect'
and 'reconnect' operations
First 'poll' can't return EWOULDBLOCK, and second, we're checking errno
so far away from the poll() call that we've probably already trashed the
original errno value.
Jiri Denemark [Tue, 12 Jun 2012 12:32:27 +0000 (14:32 +0200)]
client rpc: Send keepalive requests from IO event loop
In addition to keepalive responses, we also need to send keepalive
requests from client IO loop to properly detect dead connection in case
a libvirt API is called from the main loop, which prevents any timers to
be called.
Jiri Denemark [Tue, 12 Jun 2012 06:58:04 +0000 (08:58 +0200)]
rpc: Remove unused parameter in virKeepAliveStopInternal
The previous commit removed the only usage of ``all'' parameter in
virKeepAliveStopInternal, which was actually the only reason for having
virKeepAliveStopInternal. This effectively reverts most of commit 6446a9e20cc65561ce6061742baf35a3a63d5ba1.
Jiri Denemark [Tue, 12 Jun 2012 07:01:49 +0000 (09:01 +0200)]
rpc: Do not use timer for sending keepalive responses
When a libvirt API is called from the main event loop (which seems to be
common in event-based glib apps), the client IO loop would properly
handle keepalive requests sent by a server but will not actually send
them because the main event loop is blocked with the API. This patch
gets rid of response timer and the thread which is processing keepalive
requests is also responsible for queueing responses for delivery.
Jiri Denemark [Tue, 12 Jun 2012 21:42:32 +0000 (23:42 +0200)]
rpc: Add APIs for direct triggering of keepalive timer
Add virKeepAliveTimeout and virKeepAliveTrigger APIs that can be used to
set poll timeouts and trigger keepalive timer. virKeepAliveTrigger
checks if it is called to early and does nothing in that case.
Jiri Denemark [Tue, 12 Jun 2012 21:41:25 +0000 (23:41 +0200)]
rpc: Refactor keepalive timer code
The code that needs to be run every keepalive interval of inactivity was
only called from a timer and thus from the main event loop. We will need
to call the code directly from another place.
Jiri Denemark [Mon, 11 Jun 2012 12:24:06 +0000 (14:24 +0200)]
client rpc: Just queue non-blocking call if another thread has the buck
As non-blocking calls are no longer dropped, we don't really need to
care that much about their fate and wait for the thread with the buck
to process them. If another thread has the buck, we can just push a
non-blocking call to the queue and be done with it.
Jiri Denemark [Fri, 8 Jun 2012 12:21:00 +0000 (14:21 +0200)]
client rpc: Don't drop non-blocking calls
So far, we were dropping non-blocking calls whenever sending them would
block. In case a client is sending lots of stream calls (which are not
supposed to generate any reply), the assumption that having other calls
in a queue is sufficient to get a reply from the server doesn't work. I
tried to fix this in b1e374a7ac56927cfe62435179bf0bba1e08b372 but
failed and reverted that commit.
With this patch, non-blocking calls are never dropped (unless the
connection is being closed) and will always be sent.
Jiri Denemark [Tue, 12 Jun 2012 06:41:59 +0000 (08:41 +0200)]
client rpc: Use event loop for writing
Normally, when every call has a thread associated with it, the thread
may get the buck and be in charge of sending all calls until its own
call is done. When we introduced non-blocking calls, we had to add
special handling of new non-blocking calls. This patch uses event loop
to send data if there is no thread to get the buck so that any
non-blocking calls left in the queue are properly sent without having to
handle them specially. It also avoids adding even more cruft to client
IO loop in the following patches.
With this change in, non-blocking calls may see unpredictable delays in
delivery when the client has no event loop registered. However, the only
non-blocking calls we have are keepalives and we already require event
loop for them, which makes this a non-issue until someone introduces new
non-blocking calls.
Eric Blake [Wed, 13 Jun 2012 03:49:22 +0000 (21:49 -0600)]
build: fix 'make dist' on virgin checkout
'make dist' was depending on *protocol-structs files, which are
stored in git but in turn depended on generated files. We still
want to ship the protocol-structs files, but by renaming the
tests to something not matching a file name, we separate 'make
check' (which depends on the generated file) from 'make dist'
(which only depends on the git files). After all, the tarball
should never depend on a generated file not stored in git.
I found one more case of a git file depending on a generated
file, in a bogus virkeycode.c listing; but at least this one
had no associated rules so it never broke 'make dist'.
Reported by Wen Congyang. Latent bug has been present since
commit 62dee6f, but only recently exposed by commit 7bff56a.
* src/Makefile.am ($(srcdir)/util/virkeycode.c): Drop useless
dependency.
(BUILT_SOURCES): ...and build virkeymaps.h sooner.
(PROTOCOL_STRUCTS): Rather than depend on the struct file...
(check-local): ...convert things into a phony target of...
(check-protocol): ...a new check.
($(srcdir)/remote_protocol-struct): Rename to isolate the distributed
file from the conditional test.
(PDWTAGS): Deal with rename. Swap to compare 'expected actual'.
Eric Blake [Mon, 11 Jun 2012 20:49:03 +0000 (14:49 -0600)]
python: fix snapshot listing bugs
Python exceptions are different than libvirt errors, and we had
some corner case bugs on OOM situations.
* python/libvirt-override.c (libvirt_virDomainSnapshotListNames)
(libvirt_virDomainSnapshotListChildrenNames): Use correct error
returns, avoid segv on OOM, and avoid memory leaks on error.
Michal Privoznik [Mon, 11 Jun 2012 13:57:19 +0000 (15:57 +0200)]
qemu: Don't overwrite security labels
Currently, if qemuProcessStart fail at some point, e.g. because
domain being started wants a PCI/USB device already assigned to
a different domain, we jump to cleanup label where qemuProcessStop
is performed. This unconditionally calls virSecurityManagerRestoreAllLabel
which is wrong because the other domain is still using those devices.
However, once we successfully label all devices/paths in
qemuProcessStart() from that point on, we have to perform a rollback
on failure - that is - we have to virSecurityManagerRestoreAllLabel.
Eric Blake [Fri, 25 May 2012 02:28:54 +0000 (20:28 -0600)]
snapshot: implement new APIs for qemu
The two APIs are rather trivial; based on bits and pieces of other
existing APIs. It leaves the door open for future extension to
qemu to report snapshots without metadata based on reading qcow2
internal snapshot names.
* src/qemu/qemu_driver.c (qemuDomainSnapshotIsCurrent)
(qemuDomainSnapshotHasMetadata): New functions.
Laine Stump [Mon, 11 Jun 2012 21:16:17 +0000 (17:16 -0400)]
docs: minor fixes to domain interface documentation
A few examples for <interface> had a type='direct' interface with no
sub-elements. This is not allowed - a type='direct' interface must
have at least a source element. (Most likely the example was copied
from the type='user' or type='ethernet' examples - they *do* allow an
instance with no sub-elements).
There was also one place that mistakenly used %lt; ... %gt; instead of
< ... > (for some reason, I make that typo all the time).
Eric Blake [Thu, 7 Jun 2012 19:23:49 +0000 (13:23 -0600)]
docs: link to FLOSS Weekly podcast, virt blogs
Eric Blake and Guido Günther were guests during this week's
FLOSS Weekly podcast, giving insights into libvirt as a Free
Software project. Also, there are several useful blogs on
virt-related topics.
* docs/relatedlinks.html.in (Blogs and Podcasts): New section.
Eric Blake [Wed, 23 May 2012 23:10:39 +0000 (17:10 -0600)]
snapshot: new query APIs
Right now, starting from just a virDomainSnapshotPtr, and wanting to
know if it is the current snapshot for its respective domain, you have
to use virDomainSnapshotGetDomain(), then virDomainSnapshotCurrent(),
then compare the two names returned by virDomainSnapshotGetName().
It is a bit easier if we can directly query this information from the
snapshot itself.
Right now, it is possible to filter a snapshot listing based on
whether snapshots have metadata that would prevent domain deletion,
but the only way to learn if an individual snapshot has metadata is
to see if that snapshot appears in the list returned by a listing.
Additionally, I hope to expand the qemu driver in a future patch to
use qemu-img to reconstruct snapshot XML corresponding to internal
qcow2 snapshot names not otherwise tracked by libvirt (in part, so
that libvirt can guarantee that new snapshots are not created with
a name that would silently corrupt the existing portion of the qcow2
file); if I ever get that in, then it would no longer be an all-or-none
decision on whether snapshots have metadata, and becomes all the more
important to be able to directly determine that information from a
particular snapshot.
Other query functions (such as virDomainIsActive) do not have a flags
argument, but since virDomainHasCurrentSnapshot takes a flags argument,
I figured it was safer to provide a flags argument here as well.
* include/libvirt/libvirt.h.in (virDomainSnapshotIsCurrent)
(virDomainSnapshotHasMetadata): New declarations.
* src/libvirt.c (virDomainSnapshotIsCurrent)
(virDomainSnapshotHasMetadata): New functions.
* src/libvirt_public.syms (LIBVIRT_0.9.13): Export them.
* src/driver.h (virDrvDomainSnapshotIsCurrent)
(virDrvDomainSnapshotHasMetadata): New driver callbacks.
Eric Blake [Fri, 8 Jun 2012 21:01:08 +0000 (15:01 -0600)]
virsh: make tree listing more flexible
Requiring the user to pass in parallel arrays of names and parents
is annoying; it means that you can't qsort one of the arrays without
invalidating the ordering of the other. By refactoring this function
to use callbacks, we isolate the layout to be independent of the
printing, and a future patch can exploit that to improve layout.
* tools/virsh.c (vshTreePrintInternal): Use callbacks rather than
requiring a char** array.
(vshTreeArrayLookup): New helper function.
(vshTreePrint, cmdNodeListDevices, cmdSnapshotList): Update callers.
Eric Blake [Fri, 8 Jun 2012 20:26:06 +0000 (14:26 -0600)]
virsh: remove limits on tree listing
I am not a fan of fixed-width buffers. All it takes is a
linear chain of more than 100 snapshots to mess up 'virsh
snapshot-list --tree'. Now that virBuffer is more powerful,
we might as well exploit its power.
* tools/virsh.c (cmdNodeListDevicesPrint): Simplify to use a
virBuffer instead of fixed-width prefix, factor guts, and rename...
(vshTreePrint, vshTreePrintInternal): ...along with new helper.
(cmdNodeListDevices, cmdSnapshotList): Update callers.
Eric Blake [Fri, 8 Jun 2012 19:50:23 +0000 (13:50 -0600)]
buf: support peeking at string contents
Right now, the only way to get at the contents of a virBuffer is
to destroy it. But there are cases in my upcoming patches where
peeking at the contents makes life easier. I suppose this does
open up the potential for bad code to dereference a stale pointer,
by disregarding the docs that the return value is invalid on the
next virBuf operation, but such is life.
* src/util/buf.h (virBufferCurrentContent): New declaration.
* src/util/buf.c (virBufferCurrentContent): Implement it.
* src/libvirt_private.syms (buf.h): Export it.
* tests/virbuftest.c (testBufAutoIndent): Test it.
Michal Privoznik [Mon, 11 Jun 2012 12:21:00 +0000 (14:21 +0200)]
rpc: Fix memleak in virNetMessageEncodeHeader
My latest patch for RPC rework (a2c304f6872) introduced a memory leak.
virNetMessageEncodeHeader() is calling VIR_ALLOC_N(msg->buffer, ...)
despite fact, that msg->buffer isn't VIR_FREE()'d on all paths calling
the function. Therefore, rather than injecting free statement switch to
VIR_REALLOC_N().
Use XDG Base Directories instead of storing in home directory
Accidentally changed the umask when creating /var/run/libvirt
to 077. This prevents /var/run/libvirt being readable by non-root,
which is required for non-root to connect to libvirtd. Fix the
code so that umask 077 is only used for the non-privileged libvirtd
instance.
Only migrate profile in non-privileged libvirtd instance
Only the non-privileged libvirtd instance uses $HOME. So avoid
running the code for migrating to XDG directories unless using
a non-privileged libvirtd
Eric Blake [Fri, 8 Jun 2012 03:46:47 +0000 (21:46 -0600)]
snapshot: avoid virsh crash with older servers
Commits 51082301, 16d7b39, and 521cc447 introduced support for
'virsh snapshot-list --from' when talking to a server older than
0.9.5, but broke support for plain 'virsh snapshot-list' for the
same old server in the process. Because the code is not properly
gated, we end up with a SIGSEGV during a strcmp with a NULL argument.
* tools/virsh.c (cmdSnapshotList): Don't waste time on fallbacks
when --from is not present.
Guido Günther [Fri, 8 Jun 2012 19:24:13 +0000 (21:24 +0200)]
msg_buf_size is unsigned long not size_t
This fixes the build on 32bit systems which otherwise fails with:
virnetmessagetest.c: In function 'testMessageHeaderEncode':
virnetmessagetest.c:75:9: error: format '%zu' expects argument of type 'size_t', but argument 7 has type 'long unsigned int' [-Werror=format]
Eric Blake [Fri, 8 Jun 2012 16:28:55 +0000 (10:28 -0600)]
snapshot: add virDomainSnapshotRef API
virDomainSnapshotPtr has a refcount member, but no one was able
to use it. Furthermore, all of our other vir*Ptr objects have
a *Ref method to match their *Free method. Thankfully, this is
client-side only, so we can use this new function regardless of
how old the server side is! (I have future patches to virsh
that want to use it.)
* include/libvirt/libvirt.h.in (virDomainSnapshotRef): Declare.
* src/libvirt.c (virDomainSnapshotRef): Implement it.
* src/libvirt_public.syms (LIBVIRT_0.9.13): Export it.
Jiri Denemark [Thu, 7 Jun 2012 13:16:50 +0000 (15:16 +0200)]
util: Fix deadlock in virLogReset
When libvirtd forks off a new child, the child then calls virLogReset(),
which ends up closing file descriptors used as log outputs. However, we
recently started logging closed file descriptors, which means we need to
lock logging mutex which was already locked by virLogReset(). We don't
really want to log anything when we are in the process of closing log
outputs.
Li Zhang [Tue, 29 May 2012 08:35:17 +0000 (16:35 +0800)]
Assign correct address type to spapr-vlan and spapr-vty.
For pseries guest, spapr-vlan and spapr-vty is based
on spapr-vio address. According to model of network
device, the address type should be assigned automatically.
For serial device, serial pty device is recognized as
spapr-vty device, which is also on spapr-vio.
So this patch is to correct the address type of
spapr-vlan and spapr-vty, and build correct
command line of spapr-vty.
Signed-off-by: Li Zhang <zhlcindy@linux.vnet.ibm.com> Reviewed-by: Michael Ellerman<michaele@au1.ibm.com>
Eric Blake [Thu, 7 Jun 2012 16:48:05 +0000 (10:48 -0600)]
maint: make it easier to copy FORTIFY_SOURCE snippet
While libvirt intentionally avoids -Wundef (after all, C99
guarantees sane semantics of treating undefined macros as 0),
the glibc insanity of #warning on _FORTIFY_SOURCE coupled with
what some people feel is the black magic of autoconf means
that other projects are likely to copy our snippet verbatim.
We can be nicer to other projects by making it easier to
integrate into projects that use -Wundef.
Suggested by Christophe Fergeau.
* m4/virt-compile-warnings.m4 (LIBVIRT_COMPILE_WARNINGS): Be nice
to other projects using -Wundef.
Eric Blake [Sat, 26 May 2012 02:17:01 +0000 (20:17 -0600)]
command: avoid potential deadlock on handshake
There is a theoretical problem of an extreme bug where we can get
into deadlock due to command handshaking. Thanks to a pair of pipes,
we have a situation where the parent thinks the child reported an
error and is waiting for a message from the child to explain the
error; but at the same time the child thinks it reported success
and is waiting for the parent to acknowledge the success; so both
processes are now blocked.
Thankfully, I don't think this deadlock is possible without at
least one other bug in the code, but I did see exactly that sort
of situation prior to commit da831af - I saw a backtrace where a
double close bug in the parent caused the parent to read from the
wrong fd and assume the child failed, even though the child really
sent success.
This potential deadlock is not quite like commit 858c247 (a deadlock
due to multiple readers on one pipe preventing a write from completing),
although the solution is similar - always close unused pipe fds before
blocking, rather than after.
* src/util/command.c (virCommandHandshakeWait): Close unused fds
sooner.
When libvirtd is started and there is an unusable/not-connectable
leftover from earlier started machine, it's more reasonable to say
that the machine "crashed" if we know it was started with
"-no-shutdown".
This patch fixes that and also changes the other result (when machine
was started without "-no-shutdown") to "unknown", because the previous
"failed" reason means (according to include/libvirt/libvirt.h.in:174),
that the machine failed to start.
Eric Blake [Thu, 7 Jun 2012 03:13:57 +0000 (21:13 -0600)]
build: fix build without i18n
If you compile without NLS support, where _() is a no-op macro,
then we end up passing a string literal to a char*, provoking:
In file included from virsh.c:3639:0:
virsh-edit.c: In function ‘cmdSaveImageEdit’:
virsh-edit.c:97:13: error: assignment discards ‘const’ qualifier from pointer target type [-Werror]
virsh-edit.c:106:13: error: assignment discards ‘const’ qualifier from pointer target type [-Werror]
Eric Blake [Wed, 6 Jun 2012 15:45:04 +0000 (09:45 -0600)]
build: fix build of fresh checkout
Commit 7bff56a worked in an incremental build, but fails for a
fresh clone; apparently, if make sees both an actual file
spelling and an inference rule, only the exact spelling is used.
CCLD libvirt_driver_test.la
CC libvirt_driver_remote_la-remote_driver.lo
remote/remote_driver.c:4707:34: fatal error: remote_client_bodies.h: No such file or directory
compilation terminated.
BUILT_SOURCES to the rescue, instead of trying to mess with .lo
dependencies directly.
* src/Makefile.am (REMOTE_DRIVER_PREREQS, %remote_driver.lo): Drop...
(BUILT_SOURCES): ...and add here instead.
Eric Blake [Tue, 5 Jun 2012 16:28:52 +0000 (10:28 -0600)]
build: ensure storage driver is used
Commit 1c275e9a accidentally dropped the storage driver from
libvirtd, because it depended on a C preprocessor macro that
was not defined. Furthermore, if you do './configure
--without-storage-dir --with-storage-disk' or any other combination
where you explicitly build a subset of storage backends excluding
the dir backend, then the build is broken.
Based on analysis by Osier Yang.
* configure.ac (WITH_STORAGE): Define top-level conditional.
* src/Makefile.am (mod_LTLIBRARIES): Build driver even when
storage_dir is disabled.
* daemon/libvirtd.c: Pick up storage driver for any backend, not
just dir.
* daemon/Makefile.am (libvirtd_LDADD): Likewise.
Michal Privoznik [Fri, 27 Apr 2012 12:49:48 +0000 (14:49 +0200)]
rpc: Size up RPC limits
Since we are allocating RPC buffer dynamically, we can increase limits
for max. size of RPC message and RPC string. This is needed to cover
some corner cases where libvirt is run on such huge machines that their
capabilities XML is 4 times bigger than our current limit. This leaves
users with inability to even connect.
Michal Privoznik [Thu, 26 Apr 2012 15:21:24 +0000 (17:21 +0200)]
rpc: Switch to dynamically allocated message buffer
Currently, we are allocating buffer for RPC messages statically.
This is not such pain when RPC limits are small. However, if we want
ever to increase those limits, we need to allocate buffer dynamically,
based on RPC message len (= the first 4 bytes). Therefore we will
decrease our mem usage in most cases and still be flexible enough in
corner cases.
Eric Blake [Wed, 30 May 2012 17:30:18 +0000 (11:30 -0600)]
build: fix 'make distcheck' issues
We had a distributed file (remote_protocol.h, which in turn was
a prereq to remote_driver.c) depending on a generated file
(libvirt_probes.h), which is a no-no for a VPATH build from a
read-only source tree (no wonder 'make distcheck' tests precisely
that situation):
File `libvirt_driver_remote.la' does not exist.
File `libvirt_driver_remote_la-remote_driver.lo' does not exist.
Prerequisite `libvirt_probes.h' is newer than target `../../src/remote/remote_protocol.h'.
Must remake target `../../src/remote/remote_protocol.h'.
Invoking recipe from Makefile:7464 to update target `../../src/remote/remote_protocol.h'.
make[3]: Entering directory `/home/remote/eblake/libvirt-tmp2/build/libvirt-0.9.12/_build/src'
GEN ../../src/remote/remote_protocol.h
cannot create ../../src/remote/remote_protocol.h: Permission denied at ../../src/rpc/genprotocol.pl line 31.
make[3]: *** [../../src/remote/remote_protocol.h] Error 13
Rather than making distributed .c files depend on generated files, we
really want to ensure that compilation into .lo files is not attempted
until the generated files are present, done by this patch. Since there
were two different sets of conditionally generated files that both
feed the .lo file, I had to introduce a new variable REMOTE_DRIVER_PREREQS
to keep automake happy.
After that fix, the next issue was that make treats './foo' and 'foo'
differently in determining whether an implicit %foo rule is applicable,
with the result that locking/qemu-sanlock.conf wasn't properly being
built at the right times. Also, the output for using the .aug test
files was a bit verbose.
After fixing the src directory, the next error is related to the docs
directory, where the tarball is missing a stamp file and thus tries to
regenerate files that are already present:
GEN ../../docs/apibuild.py.stamp
Traceback (most recent call last):
File "../../docs/apibuild.py", line 2511, in <module>
rebuild("libvirt")
File "../../docs/apibuild.py", line 2495, in rebuild
builder.serialize()
File "../../docs/apibuild.py", line 2424, in serialize
output = open(filename, "w")
IOError: [Errno 13] Permission denied: '../../docs/libvirt-api.xml'
make[5]: *** [../../docs/apibuild.py.stamp] Error 1
and fixing that exposed another case of a distributed file (generated
html) depending on a built file (libvirt.h), but only when doing an
in-tree build, because of a file glob.
* src/Makefile.am ($(srcdir)/remote/remote_driver.c): Change...
(libvirt_driver_remote_la-remote_driver.lo): ...to the real
dependency.
($(builddir)/locking/%-sanlock.conf): Drop $(builddir), so that
rule gets run in time for test_libvirt_sanlock.aug.
(test_libvir*.aug): Cater to silent build.
(conf_DATA): Don't ship qemu-sanlock.conf in the tarball, since it
is trivial to regenerate.
* docs/Makefile.am (EXTRA_DIST): Ship our stamp file.
($(APIBUILD_STAMP)): Don't depend on generated file.
Jiri Denemark [Tue, 5 Jun 2012 13:34:09 +0000 (15:34 +0200)]
tests: Refresh qemu-1.1.0 data
QEMU 1.1.0 has been officially released. With 1.1.0 QEMU went back to
three-digits version even for the initial release and I renamed the data
files to match this fact. They were generated with
Eric Blake [Thu, 31 May 2012 21:50:07 +0000 (15:50 -0600)]
command: avoid deadlock on EPIPE situation
It is possible to deadlock libvirt by having a domain with XML
longer than PIPE_BUF, and by writing a hook script that closes
stdin early. This is because libvirt was keeping a copy of the
child's stdin read fd open, which means the write fd in the
parent will never see EPIPE (remember, libvirt should always be
run with SIGPIPE ignored, so we should never get a SIGPIPE signal).
Since there is no error, libvirt blocks waiting for a write to
complete, even though the only reader is also libvirt. The
solution is to ensure that only the child can act as a reader
before the parent does any writes; and then dealing with the
fallout of dealing with EPIPE.
Thankfully, this is not a security hole - since the only way to
trigger the deadlock is to install a custom hook script, anyone
that already has privileges to install a hook script already has
privileges to do any number of other equally disruptive things
to libvirt; it would only be a security hole if an unprivileged
user could install a hook script to DoS a privileged user.
* src/util/command.c (virCommandRun): Close parent's copy of child
read fd earlier.
(virCommandProcessIO): Don't let EPIPE be fatal; the child may
be done parsing input.
* tests/commandhelper.c (main): Set up a SIGPIPE situation.
* tests/commandtest.c (test20): Trigger it.
* tests/commanddata/test20.log: New file.
Laine Stump [Mon, 4 Jun 2012 18:40:07 +0000 (14:40 -0400)]
util: fix "make rpm" when viratomic.h is used
Although src/util/viratomic.h has been added to the repo, up until now
it hasn't been used. Stefan Berger is using it in his proposed dhcp
snooping patches, and an rpm build with those patches failed due to
viratomic.h not being packed up with the rest of the sources.
Eric Blake [Mon, 4 Jun 2012 17:33:20 +0000 (11:33 -0600)]
build: allow building with newer glibc-headers and -O0
glibc 2.15 (on Fedora 17) coupled with explicit disabling of
optimization during development dies a painful death:
In file included from /usr/include/limits.h:27:0,
from /usr/lib/gcc/x86_64-redhat-linux/4.7.0/include/limits.h:169,
from /usr/lib/gcc/x86_64-redhat-linux/4.7.0/include/syslimits.h:7,
from /usr/lib/gcc/x86_64-redhat-linux/4.7.0/include/limits.h:34,
from util/bitmap.c:26:
/usr/include/features.h:314:4: error: #warning _FORTIFY_SOURCE requires compiling with optimization (-O) [-Werror=cpp]
cc1: all warnings being treated as errors
Work around this by only conditionally defining _FORTIFY_SOURCE,
in the case where glibc can actually use it. The trick is using
AH_VERBATIM instead of AC_DEFINE.
* m4/virt-compile-warnings.m4 (LIBVIRT_COMPILE_WARNINGS): Squelch
_FORTIFY_SOURCE when needed to avoid glibc #warnings.
Jiri Denemark [Wed, 30 May 2012 13:54:18 +0000 (15:54 +0200)]
file: Log closing filedescriptors
EBADF errors are logged as warnings as they normally indicate a double
close bug. This patch also provides VIR_MASS_CLOSE helper to be user in
the only case of mass close after fork when EBADF should rather be
ignored.
Michal Privoznik [Fri, 18 May 2012 10:21:06 +0000 (12:21 +0200)]
virsh: Allow users to reedit rejected XML
If users *-edit but make a mistake in XML all changes are
permanently lost. However, if virsh is not running within
a script we can ask user if he wants to re-edit the file
and correct the mistakes.
Michal Privoznik [Thu, 17 May 2012 15:08:53 +0000 (17:08 +0200)]
virsh: Switch from generated cmd*Edit commands to nongenerated
Currently, we either generate some cmd*Edit commands (cmdPoolEdit
and cmdNetworkEdit) via sed script or copy the body of cmdEdit
(e.g. cmdInterfaceEdit, cmdNWFilterEdit, etc.). This fact makes
it harder to implement any new feature to our editing system.
Therefore switch to new implementation - define macros to:
- dump XML (EDIT_GET_XML)
- take an action if XML wasn't changed,
usually just vshPrint() (EDIT_NOT_CHANGED)
- define new object (EDIT_DEFINE) - the edited XML is in @doc_edited
- free object defined by EDIT_DEFINE (EDIT_FREE)
and #include "virsh-edit.c"
Stefan Berger [Fri, 1 Jun 2012 23:32:06 +0000 (19:32 -0400)]
nwfilter: Add multiple IP address support to DHCP snooping
With support for multiple IP addresses per interface in place, this patch
now adds support for multiple IP addresses per interface for the DHCP
snooping code.
Testing:
Since the infrastructure I tested this with does not provide multiple IP
addresses per MAC address (anymore), I either had to plug the VM's interface
from the virtual bride connected directly to the infrastructure to virbr0
to get a 2nd IP address from dnsmasq (kill and run dhclient inside the VM)
or changed the lease file (/var/run/libvirt/network/nwfilter.leases) and
restart libvirtd to have a 2nd IP address on an existing interface.
Note that dnsmasq can take a lease timeout parameter as part of the --dhcp-range
command line parameter, so that timeouts can be tested that way
(--dhcp-range 192.168.122.2,192.168.122.254,120). So, terminating and restarting
dnsmasq with that parameter is another choice to watch an IP address disappear
after 120 seconds.
Stefan Berger [Fri, 1 Jun 2012 23:32:06 +0000 (19:32 -0400)]
nwfilter: move code for IP address map into separate file
The goal of this patch is to prepare for support for multiple IP
addresses per interface in the DHCP snooping code.
Move the code for the IP address map that maps interface names to
IP addresses into their own file. Rename the functions on the way
but otherwise leave the code as-is. Initialize this new layer
separately before dependent layers (iplearning, dhcpsnooping)
and shut it down after them.
Stefan Berger [Fri, 1 Jun 2012 23:32:06 +0000 (19:32 -0400)]
nwfilter: add DHCP snooping
This patch adds DHCP snooping support to libvirt. The learning method for
IP addresses is specified by setting the "CTRL_IP_LEARNING" variable to one of
"any" [default] (existing IP learning code), "none" (static only addresses)
or "dhcp" (DHCP snooping).
Active leases are saved in a lease file and reloaded on restart or HUP.
The following interface XML activates and uses the DHCP snooping:
All filters containing the variable 'IP' are automatically adjusted when
the VM receives an IP address via DHCP. However, multiple IP addresses per
interface are silently ignored in this patch, thus only supporting one IP
address per interface. Multiple IP address support is added in a later
patch in this series.
Signed-off-by: David L Stevens <dlstevens@us.ibm.com> Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Marti Raudsepp [Fri, 1 Jun 2012 16:25:33 +0000 (19:25 +0300)]
qemu: move -name arg to be 1st in "ps x" output
Currently, monitoring QEMU virtual machines with standard Unix
sysadmin tools is harder than it has to be. The QEMU command line is
often miles long and mostly redundant, it's hard to tell which process
is which.
This patch reorders the QEMU -name argument to be the first, so it's
immediately visible in "ps x", htop and "atop -c" output.
The problem is that an interface with type='hostdev' will have an
alias of the form "hostdev%d", while the function that looks through
existing netdevs to determine the name to use for a new addition will
fail if there's an existing entry that does not match the form
"net%d".
This is another of the handful of places that need an exception due to
the hybrid nature of <interface type='hostdev'> (which is not exactly
an <interface> or a <hostdev>, but is both at the same time).
Wen Congyang [Wed, 30 May 2012 09:20:44 +0000 (17:20 +0800)]
qemu: avoid closing fd more than once
If we migrate to fd, spec->fwdType is not MIGRATION_FWD_DIRECT,
we will close spec->dest.fd.local in qemuMigrationRun(). So we
should set spec->dest.fd.local to -1 in qemuMigrationRun().
Eric Blake [Wed, 30 May 2012 15:20:37 +0000 (09:20 -0600)]
fdstream: avoid double close bug
Wen Congyang reported that we have a double-close bug if we fail
virFDStreamOpenInternal, since childfd duplicated one of the fds[]
array contents. In truth, since we always transfer both members
of fds to other variables, we should close the fds through those
other names, and just use fds[] for pipe().
Eric Blake [Tue, 29 May 2012 23:47:58 +0000 (17:47 -0600)]
command: avoid double close bugs
KAMEZAWA Hiroyuki reported a nasty double-free bug when virCommand
is used to convert a string into input to a child command. The
problem is that the poll() loop of virCommandProcessIO would close()
the write end of the pipe in order to let the child see EOF, then
the caller virCommandRun() would also close the same fd number, with
the second close possibly nuking an fd opened by some other thread
in the meantime. This in turn can have all sorts of bad effects.
The bug has been present since the introduction of virCommand in
commit f16ad06f.
This is based on his first attempt at a patch, at
https://bugzilla.redhat.com/show_bug.cgi?id=823716
* src/util/command.c (_virCommand): Drop inpipe member.
(virCommandProcessIO): Add argument, to avoid closing caller's fd
without informing caller.
(virCommandRun, virCommandNewArgs): Adjust clients.
Fixes for check and rpm builds without sanlock (and qemu)
Apart from the non-sanlock check build, there is also a little fix for
qemu (EXTRA_DIST had qemu.conf and others inside even if the build was
supposed to be without qemu).
Eric Blake [Tue, 29 May 2012 21:57:31 +0000 (15:57 -0600)]
build: use same perl binary throughout build
Some of our rules used $(PERL), while others used 'perl'. Always
using the variable allows a developer to point to a different (often
better) perl than the default one found on $PATH.
Eric Blake [Tue, 29 May 2012 21:49:13 +0000 (15:49 -0600)]
build: fix testing of augeas files in VPATH builds
Without this fix, a VPATH build (such as used by ./autobuild.sh)
fails with messages like:
make[3]: Entering directory `/home/remote/eblake/libvirt-tmp2/build/daemon'
../../build-aux/augeas-gentest.pl libvirtd.conf ../../daemon/test_libvirtd.aug.in test_libvirtd.aug
cannot read libvirtd.conf: No such file or directory at ../../build-aux/augeas-gentest.pl line 38.
Since the test files are not part of the tarball, we can generate
them into the build dir, but rather than create a subdirectory
just for the test file, it is easier to test them directly in
libvirt.git/src.
* daemon/Makefile.am (AUG_GENTEST): Factor out definition.
(test_libvirtd.aug): Look for correct file.
* src/Makefile.am (AUG_GENTEST): Use $(PERL).
(qemu/test_libvirtd_qemu.aug, lxc/test_libvirtd_lxc.aug)
(locking/test_libvirt_sanlock.aug): Rename to avoid subdirectories.
(check-augeas-qemu, check-augeas-lxc, check-augeas-sanlock): Reflect
location of built tests.
* configure.ac (PERL): Substitute perl.
Eric Blake [Tue, 29 May 2012 14:10:44 +0000 (08:10 -0600)]
build: silence warning from autoconf
Autoconf 2.60 and later insist on using ${datarootdir}, rather than
the derived ${datadir} (although the latter defaults to the former,
it is possible to set configure arguments so that they differ):
config.status: creating libvirt.pc
config.status: WARNING: 'libvirt.pc.in' seems to ignore the --datarootdir setting
This patch follows the autoconf manual's suggestions for how to
support 2.59 (RHEL 5) and newer simultaneously.
* libvirt.pc.in (datarootdir): Define, so ${datadir} will not ignore
datarootdir when using newer autoconf.
Michal Privoznik [Wed, 30 May 2012 12:17:26 +0000 (14:17 +0200)]
virCommand: Extend debug message for handshake
Currently, we are logging only one side of pipes we
create in virCommandRequireHandshake(); This is enough
in cases where pipe2() returns two consecutive FDs. However,
it is not guaranteed and it may return any FDs.
Therefore, it's wise to log the other ends as well.
When getting number of CPUs the host has assigned, there was always
number "1" returned. Even though all lxc domains with no pinning
launched by libvirt run on all pCPUs (by default, no matter what's the
number), we should at least return the same number as the user
specified when creating the domain.
projects / libvirt.git / log