Michal Privoznik [Wed, 16 Jan 2013 17:55:06 +0000 (18:55 +0100)]
tests: Create test for virCommandDoAsyncIO
This is just a basic test, so we don't break virCommand in the
future. A "Hello world\n" string is written to commanhelper,
which copies input to stdout and stderr where we read it from.
Then the read strings are compared with expected values.
Michal Privoznik [Wed, 16 Jan 2013 10:33:17 +0000 (11:33 +0100)]
virCommand: Introduce virCommandDoAsyncIO
Currently, if we want to feed stdin, or catch stdout or stderr of a
virCommand we have to use virCommandRun(). When using virCommandRunAsync()
we have to register FD handles by hand. This may lead to code duplication.
Hence, introduce an internal API, which does this automatically within
virCommandRunAsync(). The intended usage looks like this:
Jiri Denemark [Fri, 1 Feb 2013 12:36:06 +0000 (13:36 +0100)]
build: Add libcurl dependency to libvirt_driver.la
libvirt.c calls curl_global_init() if WITH_CURL is defined and thus it
should be linked with libcurl. This fixes link failure in case neither
xenapi nor esx driver is enabled (they are the only users of libcurl).
QEMU is fully capable of handling VDI images and we just refuse to
work with them. As qemu-img knows and supports this, there should be
no problem with this addition.
This is of course, just basic functionality, without searching for any
backing files, etc.
Some files have the magic shifted to some offset other than 0, so we
have to support that. I also cleaned up some lines to be more
readable and added missing magic for iso file format.
Peter Krempa [Mon, 21 Jan 2013 17:28:47 +0000 (18:28 +0100)]
virsh-secret: Refactor error paths
This patch switches string option retrieval to vshCommandOptStringReq
and refactors some error paths to avoid an unlikely memory leak of a
secret object in cmdSecretSetValue.
Peter Krempa [Mon, 21 Jan 2013 16:41:14 +0000 (17:41 +0100)]
virsh-nodedev: Refactor error paths, error messages and whitespace
This patch adds some empty lines to separate blocks of code, cleans up
unnecessary error message constructs in cmdNodeDeviceDetach,
cmdNodeDeviceReAttach, cmdNodeDeviceReset and refactors error paths in
cmdNodeDeviceDumpXML.
Peter Krempa [Mon, 14 Jan 2013 13:38:38 +0000 (14:38 +0100)]
virsh: Add helper to request string arguments with error reporting
This patch adds a helper function with similar semantics to
vshCommandOptString that requests a string argument, but does some error
reporting without the need to do it in the functions themselves.
The error reporting also provides information about the parameter whose
retrieval failed.
Matthias Bolte [Thu, 10 Jan 2013 21:32:13 +0000 (22:32 +0100)]
esx: Simplify esxPrivate pointer handling in esxOpen
Commit 4445e16bfa8056980ac643fabf17186f9e685925 changed the signature
of esxConnectToHost and esxConnectToVCenter by replacing the esxPrivate
pointer with virConnectPtr. The esxPrivate pointer was then retrieved
again from virConnectPtr's privateData. This resulted in a NULL pointer
dereference, because the privateData pointer was not yet initialized at
the point where esxConnectToHost and esxConnectToVCenter are called.
Simplify the logic by making the call to esxFreePrivate unconditional and
changing esxConnectToHost and esxConnectToVCenter back to take a esxPrivate
pointer directly. This allows to assign esxPrivate to the virConnectPtr's
privateData pointer as one of the last steps in esxOpen making it more
obvious that it is not initialized during the earlier steps of esxOpen.
Eric Blake [Fri, 1 Feb 2013 22:50:34 +0000 (15:50 -0700)]
docs: don't ignore virEvent API
Commit 6094ad7b (0.9.3 release) promoted several functions from
internal to public, but forgot to fix the documentation generator
to provide details about those functions.
For an example of what this fixes, look at:
file:///path/to/libvirt/docs/html/libvirt-libvirt.html#virEventAddHandle
before and after the patch.
* docs/apibuild.py (ignored_functions): Don't ignore functions
that were turned into official API.
* src/util/virevent.c: Fix comments to pass through parser.
Eric Blake [Sat, 26 Jan 2013 20:41:31 +0000 (13:41 -0700)]
maint: update to latest gnulib
CVE-2013-0242 in glibc's regex() can cause a DoS in any daemon
that runs a regex search on user input while in a multibyte locale.
I'm not sure how hard it would be to trigger such a setup for
libvirtd, but rather than risk things, we can avoid the issue:
gnulib has worked around the problem, and by updating to the latest
gnulib, we can avoid the bug even on platforms where glibc has yet
to be patched.
* .gnulib: Update to latest, for various fixes, including regex.
* bootstrap: Resync from upstream.
Stefan Berger [Tue, 29 Jan 2013 16:52:17 +0000 (11:52 -0500)]
Add support for QEMU -add-fd support detection
Add support for QEMU -add-fd command line parameter detection.
This intentionally rejects qemu 1.2, where 'add-fd' QMP did
not allow full control of set ids, and where there was no command
line counterpart, but accepts qemu 1.3.
Eric Blake [Thu, 31 Jan 2013 00:18:44 +0000 (17:18 -0700)]
qemu: expose qemu 1.3 add-fd monitor command
Add entry points for calling the qemu 'add-fd' and 'remove-fd'
monitor commands. There is no entry point for 'query-fdsets';
the assumption is that a developer can use
virsh qemu-monitor-command domain '{"execute":"query-fdsets"}'
when debugging issues, and that meanwhile, libvirt is responsible
enough to remember what fds it associated with what fdsets.
Likewise, on the 'add-fd' command, it is assumed that libvirt
will always pass a set id, rather than letting qemu autogenerate
the next available id number.
* src/qemu/qemu_monitor.c (qemuMonitorAddFd, qemuMonitorRemoveFd):
New functions.
* src/qemu/qemu_monitor.h (qemuMonitorAddFd, qemuMonitorRemoveFd):
New prototypes.
* src/qemu/qemu_monitor_json.c (qemuMonitorJSONAddFd)
(qemuMonitorJSONRemoveFd): New functions.
* src/qemu/qemu_monitor_json.h (qemuMonitorJSONAddFd)
(qemuMonitorJSONRemoveFd): New prototypes.
Eric Blake [Thu, 31 Jan 2013 01:50:09 +0000 (18:50 -0700)]
tests: add a comment about our fake qmp
While testing QMP, I used a simple qemu session of
'qemu-kvm -M none -nodefaults -nographic -qmp stdio'
for some experiments. But it took me far too long to remember
the magic invocation to unlock QMP into accepting normal commands.
While I was able to grep libvirt sources and easily find where
libvirt expects the normal "QMP" greeting, I could not find the
proper reply to that greeting nearby.
Reading the testsuite didn't help either, since there we don't
emulate the mandatory handshake. But since my grep hit the
testsuite, adding a bit of documentation will make it much easier
to jog my memory in the future.
* tests/qemumonitortestutils.c (QEMU_JSON_GREETING): Mention that
the normal counterpart reply is skipped.
Jiri Denemark [Thu, 31 Jan 2013 14:31:37 +0000 (15:31 +0100)]
spec: Avoid using makeinstall relic
The macro was made to help installing broken packages that did not use
DESTDIR correctly by overriding individual path variables (prefix,
sysconfdir, ...). Newer rpm provides fixed make_install macro that calls
make install with just the correct DESTDIR, however it is not available
everywhere (e.g., RHEL 5 does not have it). On the other hand the
make_install macro is simple and straightforward enough for us to use
its expansion directly.
Serge Hallyn [Thu, 31 Jan 2013 03:05:45 +0000 (21:05 -0600)]
complete virterror->virerror name change
Without these two string changes in generator.py, the
virGetLastError wrapper does not get created in
/usr/share/pyshared/libvirt.py. Noticed when running
tests with virt-install.
Claudio Bley [Wed, 30 Jan 2013 08:33:36 +0000 (09:33 +0100)]
apibuild.py: fix TypeError raised in except clause
When an exception happened inside the try clause in serialize_function,
a new exception was raised in the except clause subsequently:
Traceback (most recent call last):
File "./apibuild.py", line 2529, in <module>
rebuild("libvirt")
File "./apibuild.py", line 2513, in rebuild
builder.serialize()
File "./apibuild.py", line 2467, in serialize
self.serialize_function(output, function)
File "./apibuild.py", line 2208, in serialize_function
self.warning("Failed to save function %s info: " % name, `id.info`)
TypeError: warning() takes exactly 2 arguments (3 given)
Use the correct number of arguments for self.warning and print the
original exception to stderr.
John Ferlan [Wed, 30 Jan 2013 20:43:39 +0000 (15:43 -0500)]
Enforce return check on virAsprintf() calls
Way back when I started making changes for Coverity messages my first set
were to a bunch of CHECKED_RETURN errors. In particular virAsprintf() had
a few callers that Coverity noted didn't check their return (although some
did check if the buffer being printed to was NULL or not).
It was suggested at the time as a further patch an ATTRIBUTE_RETURN_CHECK
should be added to virAsprintf(), see:
When doing checks with automake, there are '<testname>.trs' files left
behind, that might or might not be usable, however these show up in
'git status' even though we definitely don't want them to be tracked
in the repository'. Automake adds the '--trs-files' option by default
since commit 0c81b43f711fb861f04227ced8dba889596d9c43 [1], which
consequently (from 1.13 in my case) started leaving these files behind
along with '<testname>.log' files as well (which we already ignore).
That is caused by a condition depending on def->cputune.vcpupin being
set rather than checking def->cputune.nvcpupin. Notice that nvcpupin
can be 0 and vcpupin can still be allocated since it's a pointer to an
array, so no harm done there.
I also changed it on other places in the code where it depended on the
wrong variable.
Doug Goldstein [Sun, 27 Jan 2013 00:22:41 +0000 (18:22 -0600)]
virlog: remove old code comment
Setting the log output prefix to 0 is not supported and in fact results
in the following message:
warning : virLogParseOutputs:1021 : Ignoring invalid log output setting.
Currently, if qemuProcessStart() succeeds, but it's decompression
binary that returns nonzero status, we don't kill the qemu process,
but remove it from internal domain list, leaving the qemu process
hanging around totally uncontrolled.
Peter Krempa [Fri, 4 Jan 2013 15:15:04 +0000 (16:15 +0100)]
rpc: Fix crash on error paths of message dispatching
This patch resolves CVE-2013-0170:
https://bugzilla.redhat.com/show_bug.cgi?id=893450
When reading and dispatching of a message failed the message was freed
but wasn't removed from the message queue.
After that when the connection was about to be closed the pointer for
the message was still present in the queue and it was passed to
virNetMessageFree which tried to call the callback function from an
uninitialized pointer.
This patch removes the message from the queue before it's freed.
* rpc/virnetserverclient.c: virNetServerClientDispatchRead:
- avoid use after free of RPC messages
It seems like with new udev within guest OS, the tray is locked,
so we need to:
- 'eject'
- wait for tray to open
- 'change'
Moreover, even when doing bare 'eject', we should check for
'tray_open' as guest may have locked the tray. However, the
waiting phase shouldn't be unbounded, so I've chosen 10 retries
maximum, each per 500ms. This should give enough time for guest
to eject a media and open the tray.
John Ferlan [Thu, 24 Jan 2013 00:34:48 +0000 (19:34 -0500)]
vbox: Adjust the UTF FREE macros
Adjust the macros to free memory allocated during various calls to
perform the check if parameter is NULL prior to really freeing and to
set the pointer to NULL after done freeing.
John Ferlan [Thu, 24 Jan 2013 00:34:47 +0000 (19:34 -0500)]
vbox: Address false positive for NULL dereference
Resolve a false positive from 'vboxIIDFromUUID_v2_x()'. The code sets
'iid->value = &iid->backing' unconditionally prior to calling 'nsIDFromChar()'.
The 'vboxIIDUnalloc_v2_x()' checks iid->value to not be &iid->backing. The
iid->backing is a static buffer within the initialized structure.
Jim Fehlig [Mon, 21 Jan 2013 17:36:03 +0000 (10:36 -0700)]
libxl: Domain event handler improvements
Since libxl provides the domain ID in the event handler callback,
find the domain object based on the ID. This approach prevents
processing the callback on a domain that has already been reaped.
Also, similar to the xl implementation, ignore the SUSPEND shutdown
reason. By calling libxl_domain_suspend(), we know a shutdown
event with SUSPEND reason will be generated, but it can be safely
ignored since any subsequent cleanup will be done by the callers.
Jim Fehlig [Mon, 21 Jan 2013 17:32:34 +0000 (10:32 -0700)]
libxl: Fix removing non-persistent domain after save
libxlDoDomainSave() was removing non-persistent domains, but
required callers to have the virDomainObj locked. Callers could
potentially unlock an already freed virDomainObj. Move this
logic to the callers of libxlDoDomainSave().
Jim Fehlig [Mon, 21 Jan 2013 17:30:29 +0000 (10:30 -0700)]
libxl: Explicitly remove timeouts
I've noticed that libxl can invoke timeout reregister/modify hooks
after returning from libxl_ctx_free. Explicitly remove the
timeouts before freeing the libxl ctx to avoid executing hooks on
stale objects.
Jim Fehlig [Mon, 21 Jan 2013 17:22:07 +0000 (10:22 -0700)]
libxl: Fix race between destruction of objects
It is possible to destroy and cleanup a VM, resulting in freeing the
libxlDomainObjPrivate object and associated libxl ctx, before all fds and
timeouts have been deregistered and destroyed.
Fix this race by incrementing the reference count on libxlDomainObjPrivate
for each fd and timeout registration. Only when all fds and timeouts are
deregistered and destroyed will the libxlDomainObjPrivate be destroyed.
Jim Fehlig [Mon, 21 Jan 2013 17:09:05 +0000 (10:09 -0700)]
libxl: Fix races in libxl event code
The libxl driver is racy in it's interactions with libxl and libvirt's
event loop. The event loop can invoke callbacks after libxl has
deregistered the event, and possibly access freed data associated with
the event.
This patch fixes the race by converting libxlDomainObjPrivate to a
virObjectLockable, and locking it while executing libxl upcalls and
libvirt event loop callbacks.
Note that using the virDomainObj lock is not satisfactory since it may
be desirable to hold the virDomainObj lock even when libxl events such
as reading and writing to xenstore need processed.
Jim Fehlig [Mon, 21 Jan 2013 16:59:28 +0000 (09:59 -0700)]
libxl: Fix handling of timeouts
xen-unstable changeset 26469 makes changes wrt modifying and deregistering
timeouts.
First, timeout modify callbacks will only be invoked with an
abs_t of {0,0}, i.e. make the timeout fire immediately. Prior to this
commit, timeout modify callbacks were never invoked.
Second, timeout deregister hooks will no longer be called.
This patch makes changes in the libvirt libxl driver that should be
compatible before and after changeset 26469.
While at it, fix a potential overflow in the timeout register callback.
Eric Blake [Thu, 24 Jan 2013 00:06:06 +0000 (17:06 -0700)]
conf: avoid NULL deref for pmsuspended domain state
While working with a pmsuspend vs. snapshot issue, I noticed that
the state file in /var/run/libvirt/qemu/dom.xml contained a rather
suspicious "(null)" string, which does not round-trip well through
a libvirtd restart. Had I been on a platform other than glibc
where printf("%s",NULL) crashes instead of printing (null), we might
have noticed the problem much sooner.
And in fixing that problem, I also noticed that we had several
missing states, because we were #defining several *_LAST names
to a value _different_ than what they were already given as enums
in libvirt.h. Yuck. I got rid of default: labels in the case
statements, because they get in the way of gcc's -Wswitch helping
us ensure we cover all enum values.
* src/conf/domain_conf.c (virDomainStateReasonToString)
(virDomainStateReasonFromString): Fill in missing domain states;
rewrite case statement to let compiler enforce checking.
(VIR_DOMAIN_NOSTATE_LAST, VIR_DOMAIN_RUNNING_LAST)
(VIR_DOMAIN_BLOCKED_LAST, VIR_DOMAIN_PAUSED_LAST)
(VIR_DOMAIN_SHUTDOWN_LAST, VIR_DOMAIN_SHUTOFF_LAST)
(VIR_DOMAIN_CRASHED_LAST): Drop dead defines.
(VIR_DOMAIN_PMSUSPENDED_LAST): Drop dead define.
(virDomainPMSuspendedReason): Add missing enum function.
(virDomainRunningReason, virDomainPausedReason): Add missing enum
value.
* src/conf/domain_conf.h (virDomainPMSuspendedReason): Declare
missing functions.
* src/libvirt_private.syms (domain_conf.h): Export them.
Michal Privoznik [Fri, 25 Jan 2013 11:56:48 +0000 (12:56 +0100)]
qemu_monitor: Fix tray-open attribute in query-block
With our code, we fail to query for tray-open attribute currently.
That's because in HMP it is 'tray-open' and in QMP it's 'tray_open'.
It always has been. However, we got it exactly the opposite.
Fix bogus reporting of KVM support for non-native emulators
A logic bug meant we reported KVM was possible for every
architecture, merely based on whether the query-kvm command
exists. We should instead have been doing it based on whether
the query-kvm command returns 'present: 1'
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Move QEMU capabilities initialization later in QEMU startup
Currently QEMU capabilities are initialized before the QEMU driver
sets ownership on its various directories. The upshot is that if
you change the user/group in the qemu.conf file, libvirtd will fail
to probe QEMU the first time it is run after the config change.
Moving QEMU capabilities initialization to after the chown() calls
fixes this
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
which attempted to make sure the QEMU process used for probing
ran as the right user id, caused serious performance regression
and unreliability in probing. The -daemonize switch in QEMU
guarantees that the monitor socket is present before the parent
process exits. This means libvirtd is guaranteed to be able to
connect immediately. By switching from -daemonize to the
virCommandDaemonize API libvirtd was no longer synchronized with
QEMU's startup process. The result was that the QEMU monitor
failed to open and went into its 200ms sleep loop. This happened
for all 25 binaries resulting in 5 seconds worth of sleeping
at libvirtd startup. In addition sometimes when libvirt connected,
QEMU would be partially initialized and crash causing total
failure to probe that binary.
This commit reverts the previous change, ensuring we do use the
-daemonize flag to QEMU. Startup delay is cut from 7 seconds
to 2 seconds on my machine, which is on a par with what it was
prior to the capabilities rewrite.
To deal with the fact that QEMU needs to be able to create the
pidfile, we switch pidfile location fron runDir to libDir, which
QEMU is guaranteed to be able to write to.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Michal Privoznik [Thu, 24 Jan 2013 09:39:06 +0000 (10:39 +0100)]
qemuDomainSendKey: Relax the qemu driver locking
Currently, there is no reason to hold qemu driver locked
throughout whole API execution. Moreover, we can use the
new qemuDomObjFromDomain() internal API to lookup domain then.
Josh Durgin [Fri, 25 Jan 2013 02:45:31 +0000 (18:45 -0800)]
qemu: escape ipv6 for rbd network disk hosts
Hosts for rbd are ceph monitor daemons. These have fixed IP addresses,
so they are often referenced by IP rather than hostname for
convenience, or to avoid relying on DNS. Using IPv4 addresses as the
host name works already, but IPv6 addresses require rbd-specific
escaping because the colon is used as an option separator in the
string passed to qemu.
Escape these colons, and enclose the IPv6 address in square brackets
so it is distinguished from the port, which is currently mandatory.
Acked-by: Osier Yang <jyang@redhat.com> Signed-off-by: Josh Durgin <josh.durgin@inktank.com>
Eric Blake [Wed, 9 Jan 2013 04:54:45 +0000 (21:54 -0700)]
snapshot: fix state after external snapshot of S3 domain
https://bugzilla.redhat.com/show_bug.cgi?id=876829 complains that
if a guest is put into S3 state (such as via virsh dompmsuspend)
and then an external snapshot is taken, qemu forcefully transitions
the domain to paused, but libvirt doesn't reflect that change
internally. Thus, a user has to use 'virsh suspend' to get libvirt
back in sync with qemu state, and if the user doesn't know this
trick, then the guest appears hung.
* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateActiveExternal):
Track fact that qemu wakes up a suspended domain on migration.
virDomainSnapshot.getDomain() and virDomainSnapshot.getConnect()
wrappers around virDomainSnapshotGet{Domain,Connect} were not supposed
to be ever implemented. The class should contain proper domain() and
connect() accessors that fetch python objects stored internally within
the class. While domain() was already provided, connect() was missing.
This patch adds connect() method to virDomainSnapshot class and
reimplements getDomain() and getConnect() methods as aliases to domain()
and connect() for backward compatibility.
Make python objects inherit from 'object' base class
As of python >= 2.2, it is recommended that all objects inherit
from the 'object' base class. We already require python >= 2.3
for libvirt for thread macro support, so we should follow this
best practice.
The closeDef->cb function may well cause the current callback
to be removed, if it shuts down 'dom'. As such the use of
'uuidstr' in virHashRemoveEntry is accessing free'd memory.
We must make a copy of the uuid str before invoking the
callback to be safe.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
When linuxNodeInfoCPUPopulate() method triggered use of an
uninitialize value, since it did not initialize the 'sockets'
field in the virNodeInfoPtr struct:
==30020== Conditional jump or move depends on uninitialised value(s)
==30020== at 0x5125DBD: linuxNodeInfoCPUPopulate (nodeinfo.c:513)
==30020== by 0x51261A0: nodeGetInfo (nodeinfo.c:884)
==30020== by 0x149B9B10: qemuCapsInit (qemu_capabilities.c:846)
==30020== by 0x14A11B25: qemuCreateCapabilities (qemu_driver.c:424)
==30020== by 0x14A12426: qemuStartup (qemu_driver.c:874)
==30020== by 0x512A7AF: virStateInitialize (libvirt.c:822)
==30020== by 0x40DE04: daemonRunStateInit (libvirtd.c:877)
==30020== by 0x50ADCE5: virThreadHelper (virthreadpthread.c:161)
==30020== by 0x328CA07D14: start_thread (pthread_create.c:308)
==30020== by 0x328C6F246C: clone (clone.S:114)
(happened twice)
if (socks > nodeinfo->sockets) <--- here
nodeinfo->sockets = socks;
Rather than doing this for each field, just make the caller memset
the entire struct to zero.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Peter Krempa [Thu, 24 Jan 2013 12:57:14 +0000 (13:57 +0100)]
xen: Initialize variable before using
Commit 87b4c10c6cf02251dd8c29b5b895bebc6ec297f9 added code that may call
the virCapabilitiesClearHostNUMACellCPUTopology function with
uninitialized second argument. Although the value wouldn't be used some
compilers whine about that.
Peter Krempa [Fri, 18 Jan 2013 22:06:55 +0000 (23:06 +0100)]
capabilities: Add additional data to the NUMA topology info
This patch adds data gathering to the NUMA gathering files and adds
support for outputting the data. The test driver and xend driver need to
be adapted to fill sensible data to the structure in a future patch.
Peter Krempa [Tue, 22 Jan 2013 17:42:08 +0000 (18:42 +0100)]
capabilities: Switch CPU data in NUMA topology to a struct
This will allow storing additional topology data in the NUMA topology
definition.
This patch changes the storage type and fixes fallout of the change
across the drivers using it.
This patch also changes semantics of adding new NUMA cell information.
Until now the data were re-allocated and copied to the topology
definition. This patch changes the addition function to steal the
pointer to a pre-allocated structure to simplify the code.
projects / libvirt.git / log