IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
On rawhide, gcc is new enough to output new DWARF information that
pdwtags has not yet learned, but the resulting 'make check' output
was rather confusing:
$ make -C src check
...
GEN virkeepaliveprotocol-structs
die__process_function: DW_TAG_INVALID (0x4109) @ <0x58c> not handled!
WARNING: your pdwtags program is too old
WARNING: skipping the virkeepaliveprotocol-structs test
WARNING: install dwarves-1.3 or newer
...
$ pdwtags --version
v1.9
I've filed the pdwtags deficiency as
https://bugzilla.redhat.com/show_bug.cgi?id=772358
* src/Makefile.am (PDWTAGS): Don't leave -t file behind on version
mismatch. Soften warning message, since 1.9 is newer than 1.3.
Don't leak stderr from broken version.
Commit db371a2 mistakenly added new functions inside a #ifndef WIN32
guard, even though they are needed on all platforms.
* src/util/command.c (virCommandFDSet): Move outside WIN32
conditional.
I hit a VERY weird testsuite failure on rawhide, which included
_binary_ output to stderr, followed by a hang waiting for me
to type something! (Here, using ^@ for NUL):
$ ./commandtest
TEST: commandtest
WARNING: gnome-keyring:: couldn't send data: Bad file descriptor
.WARNING: gnome-keyring:: couldn't send data: Bad file descriptor
.WARNING: gnome-keyring:: couldn't send data: Bad file descriptor
WARNING: gnome-keyring:: couldn't send data: Bad file descriptor
.8^@^@^@8^@^@^@^A^@^@^@^Bay^A^@^@^@)PRIVATE-GNOME-KEYRING-PKCS11-PROTOCOL-V-1
I finally traced it to the fact that gnome-keyring, called via
gnutls_global_init which is turn called by virNetTLSInit, opens
an internal fd that it expects to communicate to via a
pthread_atfork handler (never mind that it violates POSIX by
using non-async-signal-safe functions in that handler:
https://bugzilla.redhat.com/show_bug.cgi?id=772320).
Our problem stems from the fact that we pulled the rug out from
under the library's expectations by closing an fd that it had
just opened. While we aren't responsible for fixing the bugs
in that pthread_atfork handler, we can at least avoid the bugs
by not closing the fd in the first place.
* tests/commandtest.c (mymain): Avoid closing fds that were opened
by virInitialize.
Detected by valgrind. Leak introduced in commit 5745dc1.
* src/qemu/qemu_command.c: fix memory leak on failure and successful path.
* How to reproduce?
% valgrind -v --leak-check=full ./qemuargv2xmltest
* Actual result:
==2196== 80 bytes in 1 blocks are definitely lost in loss record 3 of 4
==2196== at 0x4A05FDE: malloc (vg_replace_malloc.c:236)
==2196== by 0x39CF07F6E1: strdup (in /lib64/libc-2.12.so)
==2196== by 0x419823: qemuParseRBDString (qemu_command.c:1657)
==2196== by 0x4221ED: qemuParseCommandLine (qemu_command.c:5934)
==2196== by 0x422AFB: qemuParseCommandLineString (qemu_command.c:7561)
==2196== by 0x416864: testCompareXMLToArgvHelper (qemuargv2xmltest.c:48)
==2196== by 0x417DB1: virtTestRun (testutils.c:141)
==2196== by 0x415CAF: mymain (qemuargv2xmltest.c:175)
==2196== by 0x4174A7: virtTestMain (testutils.c:696)
==2196== by 0x39CF01ECDC: (below main) (in /lib64/libc-2.12.so)
==2196==
==2196== LEAK SUMMARY:
==2196== definitely lost: 80 bytes in 1 blocks
Signed-off-by: Alex Jia <ajia@redhat.com>
Using automake.git (will become 1.12 someday), I got this error:
configure.ac:90: error: automatic de-ANSI-fication support has been removed
/usr/local/share/aclocal-1.11a/protos.m4:13: AM_C_PROTOTYPES is expanded from...
configure.ac:90: the top level
autom4te: /usr/bin/m4 failed with exit status: 1
In short, pre-C89 compilers are no longer a viable portability
target. Besides, our code base already requires C99, so worrying
about pre-C89 seems pointless.
* configure.ac (AM_C_PROTOTYPES): Drop, since newer automake no
longer provides it.
When setting numa nodeset for a domain which has no nodeset set
before, libvirtd crashes by dereferencing the pointer to the old
nodemask which is null in that case.
Commit baade4d fixed a memory leak on failure, but in the process,
introduced a use-after-free on success, which can be triggered with:
1. set bandwidth with --live
2. query bandwidth
3. set bandwidth with --live
* src/qemu/qemu_driver.c (qemuDomainSetInterfaceParameters): Don't
free newBandwidth on success.
Reported by Hu Tao.
Commit b434329 has a logic bug: seclabel overrides don't set
def->type, but the default value is 0 (aka static). Restarting
libvirtd would thus reject the XML for any domain with an
override of <seclabel relabel='no'/> (which happens quite
easily if a disk image lives on NFS), with a message:
2012-01-04 22:29:40.949+0000: 6769: error : virSecurityLabelDefParseXMLHelper:2593 : XML error: security label is missing
Fix the logic to never read from an override's def->type, and
to allow a missing <label> subelement when relabel is no. There's
a lot of stupid double-negatives in the code (!norelabel) because
of the way that we want the zero-initialized defaults to behave.
* src/conf/domain_conf.c (virSecurityLabelDefParseXMLHelper): Use
type field from correct location.
Currently, virCommand implementation uses FD_ macros from
sys/select.h. However, those cannot handle more opened files
than FD_SETSIZE. Therefore switch to generalized implementation
based on array of integers.
xen-unstable c/s 23874:651aed73b39c added another member to
xen_domctl_getdomaininfo struct and bumped domctl version to 8.
Add a corresponding domctl v8 struct in xen hypervisor sub-driver
and detect domctl v8 during initialization.
The console path in xenstore is /local/domain/<id>/console/tty
for PV guests (PV console) and /local/domain/<id>/serial/0/tty
(serial console) for HVM guests. Similar to Xen's in-tree console
client, read the correct path for PV vs HVM.
It is a good practise to set revents to zero before doing any poll().
Moreover, we should check if event we waited for really occurred or
if any of fds we were polling on didn't encountered hangup.
Most severe here is a latent (but currently untriggered) memory leak
if any hypervisor ever adds a string interface property; the
remainder are mainly cosmetic.
* include/libvirt/libvirt.h.in (VIR_DOMAIN_BANDWIDTH_*): Move
macros closer to interface that uses them, and document type.
* src/libvirt.c (virDomainSetInterfaceParameters)
(virDomainGetInterfaceParameters): Formatting tweaks.
* daemon/remote.c (remoteDispatchDomainGetInterfaceParameters):
Avoid memory leak.
* src/libvirt_public.syms (LIBVIRT_0.9.9): Sort lines.
* src/libvirt_private.syms (domain_conf.h): Likewise.
* src/qemu/qemu_driver.c (qemuDomainSetInterfaceParameters): Fix
comments, break long lines.
virshReportError() function frees the most recent error reported from
libvirt. Condition that checks if connection to the daemon was broken
during last command was then limited to check for SIGPIPE signal not
taking into account possible errors signalized without SIGPIPE.
This patch moves the check before the error is freed, to take into
account code that does not emit SIGPIPE while failing.
* tools/virsh.c: - move check for broken connection before error print.
Hi,
this is the fifth version of my SRV record for DNSMasq patch rebased
for the current codebase to the bridge driver and libvirt XML file to
include support for the SRV records in the DNS. The syntax is based on
DNSMasq man page and tests for both xml2xml and xml2argv were added as
well. There are some things written a better way in comparison with
version 4, mainly there's no hack in tests/networkxml2argvtest.c and
also the xPath context is changed to use a simpler query using the
virXPathInt() function relative to the current node.
Also, the patch is also fixing the networkxml2argv test to pass both
checks, i.e. both unit tests and also syntax check.
Please review,
Michal
Signed-off-by: Michal Novotny <minovotn@redhat.com>
Leak detected by Coverity, and introduced in commit 93ab585.
Reported by Alex Jia.
* src/qemu/qemu_driver.c (qemuDomainSetBlkioParameters): Free
devices array on error.
The blocks to extract node information on a per-arch
basis wasn't well balanced leading to a compilation
failure if not on one of the handled arches (PCs and PPCs)
This wires up the XML changes in the previous patch to let SELinux
labeling honor user overrides, as well as affecting the live XML
configuration in one case where the user didn't specify anything
in the offline XML.
I noticed that the logs contained messages like this:
2011-12-05 23:32:40.382+0000: 26569: warning : SELinuxRestoreSecurityFileLabel:533 : cannot lookup default selinux label for /nfs/libvirt/images/dom.img
for all my domain images living on NFS. But if we would just remember
that on domain creation that we were unable to set a SELinux label (due to
NFSv3 lacking labels, or NFSv4 not being configured to expose attributes),
then we could avoid wasting the time trying to clear the label on
domain shutdown. This in turn is one less point of NFS failure,
especially since there have been documented cases of virDomainDestroy
hanging during an attempted operation on a failed NFS connection.
* src/security/security_selinux.c (SELinuxSetFilecon): Move guts...
(SELinuxSetFileconHelper): ...to new function.
(SELinuxSetFileconOptional): New function.
(SELinuxSetSecurityFileLabel): Honor override label, and remember
if labeling failed.
(SELinuxRestoreSecurityImageLabelInt): Skip relabeling based on
override.
Implement the parsing and formatting of the XML addition of
the previous commit. The new XML doesn't affect qemu command
line, so we can now test round-trip XML->memory->XML handling.
I chose to reuse the existing structure, even though per-device
override doesn't use all of those fields, rather than create a
new structure, in order to reuse more code.
* src/conf/domain_conf.h (_virDomainDiskDef): Add seclabel member.
* src/conf/domain_conf.c (virDomainDiskDefFree): Free it.
(virSecurityLabelDefFree): New function.
(virDomainDiskDefFormat): Print it.
(virSecurityLabelDefFormat): Reduce output if model not present.
(virDomainDiskDefParseXML): Alter signature, and parse seclabel.
(virSecurityLabelDefParseXML): Split...
(virSecurityLabelDefParseXMLHelper): ...into new helper.
(virDomainDeviceDefParse, virDomainDefParseXML): Update callers.
* tests/qemuxml2argvdata/qemuxml2argv-seclabel-dynamic-override.args:
New file.
* tests/qemuxml2xmltest.c (mymain): Enhance test.
* tests/qemuxml2argvtest.c (mymain): Likewise.
When doing security relabeling, there are cases where a per-file
override might be appropriate. For example, with a static label
and relabeling, it might be appropriate to skip relabeling on a
particular disk, where the backing file lives on NFS that lacks
the ability to track labeling. Or with dynamic labeling, it might
be appropriate to use a custom (non-dynamic) label for a disk
specifically intended to be shared across domains.
The new XML resembles the top-level <seclabel>, but with fewer
options (basically relabel='no', or <label>text</label>):
<domain ...>
...
<devices>
<disk type='file' device='disk'>
<source file='/path/to/image1'>
<seclabel relabel='no'/> <!-- override for just this disk -->
</source>
...
</disk>
<disk type='file' device='disk'>
<source file='/path/to/image1'>
<seclabel relabel='yes'> <!-- override for just this disk -->
<label>system_u:object_r:shared_content_t:s0</label>
</seclabel>
</source>
...
</disk>
...
</devices>
<seclabel type='dynamic' model='selinux'>
<baselabel>text</baselabel> <!-- used for all devices without override -->
</seclabel>
</domain>
This patch only introduces the XML and documentation; future patches
will actually parse and make use of it. The intent is that we can
further extend things as needed, adding a per-device <seclabel> in
more places (such as the source of a console device), and possibly
allowing a <baselabel> instead of <label> for labeling where we want
to reuse the cNNN,cNNN pair of a dynamically labeled domain but a
different base label.
First suggested by Daniel P. Berrange here:
https://www.redhat.com/archives/libvir-list/2011-December/msg00258.html
* docs/schemas/domaincommon.rng (devSeclabel): New define.
(disk): Use it.
* docs/formatdomain.html.in (elementsDisks, seclabel): Document
the new XML.
* tests/qemuxml2argvdata/qemuxml2argv-seclabel-dynamic-override.xml:
New test, to validate RNG.
A future patch will parse and output <seclabel> in more than one
location in a <domain> xml; make it easier to reuse code.
* src/conf/domain_conf.c (virSecurityLabelDefFree): Rename...
(virSecurityLabelDefClear): ...and make static.
(virSecurityLabelDefParseXML): Alter signature.
(virDomainDefParseXML, virDomainDefFree): Adjust callers.
(virDomainDefFormatInternal): Split output...
(virSecurityLabelDefFormat): ...into new helper.
The RNG for <seclabel> was too strict - if it was present, then it
had to have sub-elements, even if those didn't make sense for the
given attributes. Also, we didn't have any tests of <seclabel>
parsing or XML output.
In this patch, I added more parsing tests than output tests (since
the output populates and/or reorders fields not present in certain
inputs). Making the RNG reliable is a precursor to using <seclabel>
variants in more places in the XML in later patches.
See also:
http://berrange.com/posts/2011/09/29/two-small-improvements-to-svirt-guest-configuration-flexibility-with-kvmlibvirt/
* docs/schemas/domaincommon.rng (seclabel): Tighten rules.
* tests/qemuxml2argvtest.c (mymain): New tests.
* tests/qemuxml2xmltest.c (mymain): Likewise.
* tests/qemuxml2argvdata/qemuxml2argv-seclabel-*.*: New files.
Add a new command domiftune to get/set interface parameters.
* tools/virsh.c: implement the new command
* tools/virsh.pod: documentation of the new command
* daemon/remote.c: implement the server side support
* src/remote/remote_driver.c: implement the client side support
* src/remote/remote_protocol.x: definitions for the new entry points
* src/remote_protocol-structs: structure definitions
The APIs are used to set/get domain's network interface's parameters.
Currently supported parameters are bandwidth settings.
* include/libvirt/libvirt.h.in: new API and parameters definition
* python/generator.py: skip the Python API generation
* src/driver.h: add new entry to the driver structure
* src/libvirt_public.syms: export symbols
* python/libvirt-override.c: remove the predefined array in the
virConnectListDomainsID binding and call virConnectNumOfDomains
to do a proper allocation
The parameter 'params' is useless for virDomainGetBlockIoTune API,
and the return value type should be a virTypedParameterPtr but not
integer. And "PyArg_ParseTuple" in functions
libvirt_virDomain{Set,Get}BlockIoTune misses format unit for "format"
argument.
* libvirt-override-api.xml: Remove useless the parameter 'params'
from virDomainGetBlockIoTune API, and change return value type from
integer to virTypedParameterPtr.
* python/libvirt-override.c: Add the missed format units.
RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=770683
Signed-off-by: Alex Jia <ajia@redhat.com>
https://bugzilla.redhat.com/show_bug.cgi?id=770520
We had two nested loops both trying to use 'i' as the iteration
variable, which can result in an infinite loop when the inner
loop interferes with the outer loop. Introduced in commit 93ab585.
* src/qemu/qemu_driver.c (qemuDomainSetBlkioParameters): Don't
reuse iteration variable across two loops.
Trivial patch, move version command to host commands group.
It has no any related with any domain.
It may connect to the daemon, so the flag is 0 but not VSH_CMD_FLAG_NOCONNECT.
Valgrind detected a pipe fd leak before the parent exits on success,
introduced in commit 4296cea; by itself, the leak is not bad, since
we immediately called _exit(), but we might as well be clean to make
valgrind analysis easier. Meanwhile, if the daemon grandchild detects
an error, the parent failed to flush the error message before exiting.
Also, we had the possibility of both parent and child returning to the
caller, such that the user could see duplicated reports of failure
from the two return paths. And we might as well be robust to the
(unlikely) situation of being started with stdin closed.
* daemon/libvirtd.c (daemonForkIntoBackground): Use exit if an
error message was generated, avoid fd leaks for valgrind's sake,
avoid returning to caller in both parent and child, and don't
close a just-dup'd stdin.
Based on a report by Alex Jia.
* How to reproduce?
% service libvirtd stop
% valgrind -v --track-fds=yes /usr/sbin/libvirtd --daemon
* Actual valgrind result:
==16804== FILE DESCRIPTORS: 7 open at exit.
==16804== Open file descriptor 7:
==16804== at 0x321FAD8B87: pipe (in /lib64/libc-2.12.so)
==16804== by 0x41F34D: daemonForkIntoBackground (libvirtd.c:186)
==16804== by 0x4207A0: main (libvirtd.c:1420)
Signed-off-by: Alex Jia <ajia@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
Virsh's echo command looks not having any relations with domains and its
description should go into the generic commands section instead of the
domain commands section (current).
Virsh's send-key command manipulates domains and its description should
go into the domain commands section instead of generic commands section
(current).
Commit e5a84d74 added a new attribute in the wrong location;
commit c8b9fa74 fixed the missing / at the end but not the extra
/ in the middle.
* docs/formatdomain.html.in (elementsDisks): Fix another typo.
Commit 6fdbce12 attempted to sort the list of tests, but failed
(without quotes, echo merges all the tests into a single line,
so there was nothing to sort).
* tests/schematestutils.sh: Fix thinko in previous patch.
This patch adds max_files option to qemu.conf which can be used to
override system default limit on number of opened files that are
allowed for qemu user.
called vshWatchJob. This can be later used in other
job oriented commands like dump, save, managedsave
to report progress and allow user to cancel via ^C.
Latest patch a1a83c5874 introduces new qemu capability flag
QEMU_CAPS_FSDEV_READONLY. However, it was missing in qemuhelptest
making test for qemu-1.0 fail.
Remove the requirement that DHCP messages have to be broadcasted.
DHCP requests are most often sent via broadcast but can be directed
towards a specific DHCP server. For example 'dhclient' takes '-s <server>'
as a command line parameter thus allowing DHCP requests to be sent to a
specific DHCP server.
Having a test that depends on file system timestamps and/or inode
allocation order gives non-deterministic output.
* tests/schematestutils.sh: Run test in deterministic order.
Create a fake PPC64 QEMU so that we can run PPC64 QEMU tests when we
don't have a real version of the emulator available.
Signed-off-by: Michael Ellerman <michael@ellerman.id.au>
Add logic to assign addresses for devices with spapr-vio addresses.
We also do validation of addresses specified by the user, ie. ensuring
that there are not duplicate addresses on the bus.
Signed-off-by: Michael Ellerman <michael@ellerman.id.au>
For QEMU PPC64 we have a machine type ("pseries") which has a virtual
bus called "spapr-vio". We need to be able to create devices on this
bus, and as such need a way to specify the address for those devices.
This patch adds a new address type "spapr-vio", which achieves this.
The addressing is specified with a "reg" property in the address
definition. The reg is optional, if it is not specified QEMU will
auto-assign an address for the device.
Signed-off-by: Michael Ellerman <michael@ellerman.id.au>
Detected by valgrind. Leaks introduced in commit 4d5383f.
* tools/virsh.c: fix memory leaks on cmdDomXMLFromNative and cmdDomXMLToNative.
* how to reproduce?
% virsh dumpxml ${guest} > foo.xml
% valgrind -v --leak-check=full virsh domxml-from-native qemu-argv foo.xml
% valgrind -v --leak-check=full virsh domxml-to-native qemu-argv foo.xml
* actual valgrind results:
==9724== 8,193 bytes in 1 blocks are definitely lost in loss record 31 of 33
==9724== at 0x4A05FDE: malloc (vg_replace_malloc.c:236)
==9724== by 0x4A06167: realloc (vg_replace_malloc.c:525)
==9724== by 0x4C7510B: virReallocN (memory.c:161)
==9724== by 0x4C84679: virFileReadLimFD (util.c:394)
==9724== by 0x4C84815: virFileReadAll (util.c:455)
==9724== by 0x41A89F: cmdDomXMLFromNative (virsh.c:5532)
==9724== by 0x414872: vshCommandRun (virsh.c:16464)
==9724== by 0x425623: main (virsh.c:17971)
==9724==
==9724== LEAK SUMMARY:
==9724== definitely lost: 8,193 bytes in 1 blocks
==9724== indirectly lost: 0 bytes in 0 blocks
==9724== possibly lost: 0 bytes in 0 blocks
==9724== still reachable: 127,128 bytes in 1,347 blocks
==7409== 8,193 bytes in 1 blocks are definitely lost in loss record 31 of 33
==7409== at 0x4A05FDE: malloc (vg_replace_malloc.c:236)
==7409== by 0x4A06167: realloc (vg_replace_malloc.c:525)
==7409== by 0x4C7510B: virReallocN (memory.c:161)
==7409== by 0x4C84679: virFileReadLimFD (util.c:394)
==7409== by 0x4C84815: virFileReadAll (util.c:455)
==7409== by 0x41A7AF: cmdDomXMLToNative (virsh.c:5578)
==7409== by 0x414892: vshCommandRun (virsh.c:16463)
==7409== by 0x425633: main (virsh.c:17970)
==7409==
==7409== LEAK SUMMARY:
==7409== definitely lost: 8,193 bytes in 1 blocks
==7409== indirectly lost: 0 bytes in 0 blocks
==7409== possibly lost: 0 bytes in 0 blocks
==7409== still reachable: 127,128 bytes in 1,347 blocks
Signed-off-by: Alex Jia <ajia@redhat.com>
Using 'virReallocN' to allocate memory on virConsoleEventOnStdin,
virConsoleEventOnStdout and virConsoleEventOnStream, however, the
cleanup function virConsoleShutdown hasn't released these memory.
* tools/console.c: fix memory leaks on virConsoleShutdown.
https://bugzilla.redhat.com/show_bug.cgi?id=767488
Signed-off-by: Alex Jia <ajia@redhat.com>
Currently non-x86 guests must have <acpi/> defined in <features> to
prevent libvirt from running qemu with -no-acpi. Although it works, it
is a hack.
Instead add a capability flag which indicates whether qemu understands
the -no-acpi option. Use it to control whether libvirt emits -no-acpi.
Current versions of qemu always display -no-acpi in their help output,
so this patch has no effect. However the development version of qemu
has been modified such that -no-acpi is only displayed when it is
actually supported.
Signed-off-by: Michael Ellerman <michael@ellerman.id.au>
The RPC code had several latent memory leaks and an attempt to
free the wrong string, but thankfully nothing triggered them
(blkiotune was the only one returning a string, and always as
the last parameter). Also, our cleanups for rpcgen ended up
nuking a line of code that renders VIR_TYPED_PARAM_INT broken,
because it was the only use of 'i' in a function, even though
it was a member usage rather than a standalone declaration.
* daemon/remote.c (remoteSerializeTypedParameters): Free the
correct array element.
(remoteDispatchDomainGetSchedulerParameters)
(remoteDispatchDomainGetSchedulerParametersFlags)
(remoteDispatchDomainBlockStatsFlags)
(remoteDispatchDomainGetMemoryParameters): Don't leak strings.
* src/rpc/genprotocol.pl: Don't nuke member-usage of 'buf' or 'i'.
No need to repeat code for formatting typed parameters.
* tools/virsh.c (vshGetTypedParamValue): Support strings, and exit
on OOM.
(cmdSchedinfo, cmdBlkiotune, cmdMemtune, cmdBlkdeviotune): Use
it for less code.
* Detected by valgrind. Leak introduced in commit 5ab109f.
* python/libvirt-override.c: avoid memory leak on libvirt_virConnectOpenAuth.
* How to reproduce?
% valgrind -v --leak-check=full virt-clone --print-xml
Note: it can hit the issue although options are incomplete.
* Actual valgrind result:
==1801== 12 bytes in 1 blocks are definitely lost in loss record 25 of 3,270
==1801== at 0x4A05FDE: malloc (vg_replace_malloc.c:236)
==1801== by 0xCF1F60E: libvirt_virConnectOpenAuth (libvirt-override.c:1507)
==1801== by 0x3AFEEDE7F3: PyEval_EvalFrameEx (ceval.c:3794)
==1801== by 0x3AFEEDF99E: PyEval_EvalFrameEx (ceval.c:3880)
==1801== by 0x3AFEEDF99E: PyEval_EvalFrameEx (ceval.c:3880)
==1801== by 0x3AFEEDF99E: PyEval_EvalFrameEx (ceval.c:3880)
==1801== by 0x3AFEEDF99E: PyEval_EvalFrameEx (ceval.c:3880)
==1801== by 0x3AFEEE0466: PyEval_EvalCodeEx (ceval.c:3044)
==1801== by 0x3AFEEE0541: PyEval_EvalCode (ceval.c:545)
==1801== by 0x3AFEEFB88B: run_mod (pythonrun.c:1351)
==1801== by 0x3AFEEFB95F: PyRun_FileExFlags (pythonrun.c:1337)
==1801== by 0x3AFEEFCE4B: PyRun_SimpleFileExFlags (pythonrun.c:941)
Signed-off-by: Alex Jia <ajia@redhat.com>
The lifetime of the virDomainEventState object is tied to
the lifetime of the driver, which in stateless drivers is
tied to the lifetime of the virConnectPtr.
If we add & remove a timer when allocating/freeing the
virDomainEventState object, we can get a situation where
the timer still triggers once after virDomainEventState
has been freed. The timeout callback can't keep a ref
on the event state though, since that would be a circular
reference.
The trick is to only register the timer when a callback
is registered with the event state & remove the timer
when the callback is unregistered.
The demo for the bug is to run
while true ; do date ; ../tools/virsh -q -c test:///default 'shutdown test; undefine test; dominfo test' ; done
prior to this fix, it will frequently hang and / or
crash, or corrupt memory
Currently all drivers using domain events need to provide a callback
for handling a timer to dispatch events in a clean stack. There is
no technical reason for dispatch to go via driver specific code. It
could trivially be dispatched directly from the domain event code,
thus removing tedious boilerplate code from all drivers
Also fix the libxl & xen drivers to pass 'true' when creating the
virDomainEventState, since they run inside the daemon & thus always
expect events to be present.
* src/conf/domain_event.c, src/conf/domain_event.h: Internalize
dispatch of events from timer callback
* src/libxl/libxl_driver.c, src/lxc/lxc_driver.c,
src/qemu/qemu_domain.c, src/qemu/qemu_driver.c,
src/remote/remote_driver.c, src/test/test_driver.c,
src/uml/uml_driver.c, src/vbox/vbox_tmpl.c,
src/xen/xen_driver.c: Remove all timer dispatch functions
The virDomainEventCallbackList and virDomainEventQueue APIs are
now solely helpers used internally by virDomainEventState APIs.
Remove their decls from domain_event.h since no driver code should
need to use them any more.
* src/conf/domain_event.c: Make virDomainEventCallbackList and
virDomainEventQueue APIs static & remove some unused APIs
* src/conf/domain_event.h, src/libvirt_private.syms: Remove
virDomainEventCallbackList and virDomainEventQueue APIs
No caller of the domain events APIs should need to poke at the
struct internals. Thus they should all be removed from the
header file
* src/conf/domain_event.h: Remove struct definitions
* src/conf/domain_event.c: Add struct definitions
While virDomainEventState has APIs for managing removal of callbacks,
while locked, adding callbacks in the first place requires direct
access to the virDomainEventCallbackList structure. This is not
threadsafe since it is bypassing the virDomainEventState locks
* src/conf/domain_event.c, src/conf/domain_event.h,
src/libvirt_private.syms: Add APIs for managing callbacks
via virDomainEventState.
When registering a callback for a particular event some callers
need to know how many callbacks already exist for that event.
While it is possible to ask for a count, this is not free from
race conditions when threaded. Thus the API for registering
callbacks should return the count of callbacks. Also rename
virDomainEventStateDeregisterAny to virDomainEventStateDeregisterID
* src/conf/domain_event.c, src/conf/domain_event.h,
src/libvirt_private.syms: Return count of callbacks when
registering callbacks
* src/libxl/libxl_driver.c, src/libxl/libxl_driver.c,
src/qemu/qemu_driver.c, src/remote/remote_driver.c,
src/remote/remote_driver.c, src/uml/uml_driver.c,
src/vbox/vbox_tmpl.c, src/xen/xen_driver.c: Update
for change in APIs
The Xen & VBox drivers deal with callbacks & dispatching of
events directly. All the other drivers use a timer to dispatch
events from a clean stack state, rather than deep inside the
drivers. Convert Xen & VBox over to virDomainEventState so
that they match behaviour of other drivers
* src/conf/domain_event.c: Return count of remaining
callbacks when unregistering event callback
* src/vbox/vbox_tmpl.c, src/xen/xen_driver.c,
src/xen/xen_driver.h: Convert to virDomainEventState
If only iptables rules are created then two unnecessary ebtables chains
are also created. This patch fixes this and prevents these chains from
being created. They have been cleaned up properly, though.
Using dtrace (and systemtap in general) is Linux-specific.
Running ./autobuild.sh shows that attempting a cross-build to
target mingw was mistakenly trying to build dtrace code, merely
because it was present on the compilation host.
* configure.ac (with_dtrace): Don't attempt to use dtrace when
doing a cross-build hosted on Linux but targetting elsewhere.
Reported by Daniel P. Berrange.
A generic error code was returned, if the user aborted a migration job.
This made it hard to distinguish between a user requested abort and an
error that might have occured. This patch introduces a new error code,
which is returned in the specific case of a user abort, while leaving
all other failures with their existing code. This makes it easier to
distinguish between failure while mirgrating and an user requested
abort.
* include/libvirt/virterror.h: - add new error code
* src/util/virterror.c: - add message for the new error code
* src/qemu/qemu_migration.h: - Emit operation aborted error instead of
operation failed, on migration abort
If managed save fails at the right point in time, then the save
image can end up with 0 bytes in length (no valid header), and
our attempts in commit 55d88def to detect and skip invalid save
files missed this case.
* src/qemu/qemu_driver.c (qemuDomainSaveImageOpen): Also unlink
empty file as corrupt. Reported by Dennis Householder.
Currently, on device detach, we parse given XML, find the device
in domain object, free it and try to restore security labels.
However, in some cases (e.g. usb hostdev) parsed XML contains
less information than freed device. In usb case it is bus & device
IDs. These are needed during label restoring as a symlink into
/dev/bus is generated from them. Therefore don't drop device
configuration until security labels are restored.
Add an option for virsh undefine command, to remove associated storage
volumes while undefining a domain. This patch allows the user to remove
associated (libvirt managed ) storage volumes while undefining a domain.
The new option --storage for the undefine command takes a string
argument that consists of comma separated list of target or source path
of volumes to be undefined. Volumes are removed after the domain has
been successfully undefined,
If a volume is not part of a storage pool, the user is warned to remove
the volume in question himself.
Option --wipe-storage may be specified along with this, that ensures
the image is wiped before removing.
Option --remove-all-storage enables the user to remove all storage. The
name is chosen long as the users should be aware what they're about to
do.
Some gcc warnings about no % in a printf format string only
appear under --disable-nls. And configure.ac should automatically
be excluding modules on mingw without us having to be explicit.
Improving autobuild.sh to stress more combinations can only help.
* autobuild.sh: Add --disable-nls on first build. Update mingw
build to rely more on configure.ac detection.
In commit 6f84e110 I mistakenly set default migration speed to
33554432 Mb! The units of migMaxBandwidth is Mb, with conversion
handled in qemuMonitor{JSON,Text}SetMigrationSpeed().
Also, remove definition of QEMU_DOMAIN_FILE_MIG_BANDWIDTH_MAX since
it is no longer used after reverting commit ef1065cf.
If an async job run on a domain will stop the domain at the end of the
job, a concurrently run query job can hang in qemu monitor and nothing
can be done with that domain from this point on. An attempt to start
such domain results in "Timed out during operation: cannot acquire state
change lock" error.
However, quite a few things have to happen at the right time... There
must be an async job running which stops a domain at the end. This race
was reported with dump --crash but other similar jobs, such as
(managed)save and migration, should be able to trigger this bug as well.
While this async job is processing its last monitor command, that is a
query-migrate to which qemu replies with status "completed", a new
libvirt API that results in a query job must arrive and stay waiting
until the query-migrate command finishes. Once query-migrate is done but
before the async job closes qemu monitor while stopping the domain, the
other thread needs to wake up and call qemuMonitorSend to send its
command to qemu. Before qemu gets a chance to respond to this command,
the async job needs to close the monitor. At this point, the query job
thread is waiting for a condition that no-one will ever signal so it
never finishes the job.
* src/qemu/qemu_hostdev.c (qemuDomainReAttachHostdevDevices):
pciDeviceListFree(pcidevs) in the end free()s the device even if
it's in use by other domain, which can cause a race.
How to reproduce:
<script>
virsh nodedev-dettach pci_0000_00_19_0
virsh start test
virsh attach-device test hostdev.xml
virsh start test2
for i in {1..5}; do
echo "[ -- ${i}th time --]"
virsh nodedev-reattach pci_0000_00_19_0
done
echo "clean up"
virsh destroy test
virsh nodedev-reattach pci_0000_00_19_0
</script>
Device pci_0000_00_19_0 dettached
Domain test started
Device attached successfully
error: Failed to start domain test2
error: Requested operation is not valid: PCI device 0000:00:19.0 is in use by domain test
[ -- 1th time --]
Device pci_0000_00_19_0 re-attached
[ -- 2th time --]
Device pci_0000_00_19_0 re-attached
[ -- 3th time --]
Device pci_0000_00_19_0 re-attached
[ -- 4th time --]
Device pci_0000_00_19_0 re-attached
[ -- 5th time --]
Device pci_0000_00_19_0 re-attached
clean up
Domain test destroyed
Device pci_0000_00_19_0 re-attached
The patch also fixes another problem, there won't be error like
"qemuDomainReAttachHostdevDevices: Not reattaching active
device 0000:00:19.0" in daemon log if some device is in active.
As pciResetDevice and pciReattachDevice won't be called for
the device anymore. This is sensible as we already reported
error when preparing the device if it's active. Blindly trying
to pciResetDevice & pciReattachDevice on the device and getting
an error is just redundant.
This patch fixes two problems:
1) The device will be reattached to host even if it's not
managed, as there is a "pciDeviceSetManaged".
2) The device won't be reattached to host with original
driver properly. As it doesn't honor the device original
properties which are maintained by driver->activePciHostdevs.
Commit d336dbdb tried to refactor sanlock to avoid building it
on RHEL for architectures where it is not available, but used
the wrong conditional.
* libvirt.spec.in (with_sanlock): Use %ifarch, not %ifnarch.
I was wondering why 'virsh edit' didn't support the same
'--inactive' option as 'virsh dumpxml'; reading the source
code showed that --inactive was already implied, and that
the only way to alter a running guest rather than affecting
next boot is by hot-plugging individual devices, or by
something complex like saving the guest and modifying the
save image.
* tools/virsh.pod (define, edit): Mention behavior when guest is
already running.
Commit f2013c9dd1 added implementation of
virDomainSnapshotListChildrenNames override export, but registration of
the newly exported function was not added.
*python/libvirt-override.c: - register export of function
This chunk of code below repeated in several functions, factor it into
a helper method virDomainLiveConfigHelperMethod to eliminate duplicated code
based on Eric and Adam's suggestion. I have tested it for all the
relevant APIs changed.
Signed-off-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Lei Li <lilei@linux.vnet.ibm.com>
If parsing of arguments failed, virsh did silently exit returning and
error state, but not specifying the possible problem.
* tools/virsh: cmdNodesuspend: - error handling added
Detected by valgrind. Leak introduced in commit 82ff25e.
* tests/nodeinfotest.c: avoid memory leak on nodeinfo test case.
* how to reproduce?
% cd tests && valgrind -v --leak-check=full ./nodeinfotest
* actual valgrind result:
==22147== 65 bytes in 1 blocks are definitely lost in loss record 14 of 29
==22147== at 0x4A0610F: realloc (vg_replace_malloc.c:525)
==22147== by 0x330D6FED94: __vasprintf_chk (in /lib64/libc-2.12.so)
==22147== by 0x426697: virVasprintf (stdio2.h:199)
==22147== by 0x426757: virAsprintf (util.c:1695)
==22147== by 0x41585F: linuxTestNodeInfo (nodeinfotest.c:108)
==22147== by 0x416B21: virtTestRun (testutils.c:141)
==22147== by 0x4157EA: mymain (nodeinfotest.c:140)
==22147== by 0x416217: virtTestMain (testutils.c:696)
==22147== by 0x330D61ECDC: (below main) (in /lib64/libc-2.12.so)
==22147==
==22147== LEAK SUMMARY:
==22147== definitely lost: 65 bytes in 1 blocks
==22147== indirectly lost: 0 bytes in 0 blocks
==22147== possibly lost: 0 bytes in 0 blocks
==22147== still reachable: 126,126 bytes in 1,341 blocks
Signed-off-by: Alex Jia <ajia@redhat.com>
If the vol object is newly created, it increases the volumes count,
but doesn't decrease the volumes count when do cleanup. It can
cause libvirtd to crash when one trying to free the volume objects
like:
for (i = 0; i < pool->volumes.count; i++)
virStorageVolDefFree(pool->volumes.objs[i]);
It's more reliable if we add the newly created vol object in the
end.
Improve the documentation of what forms a valid <address> element,
since these elements appear in numerous devices.
* docs/formatdomain.html.in (elementsAddress): New section.
(elementsControllers, elementsUSB, elementsNICS, elementsInput)
(elementsHub, elementsCharChannel, elementsSound): Refer to it.
Commit 4d9e51f6 fixed a 'make uninstall' failure, but failed
to follow other conventions already present in src/Makefile.am.
In particular, we prefer MKDIR_P over mkdir -p, and should
have a matching rmdir during uninstall for every directory
created during install (the idea being that uninstall in a
DESTDIR should be clean, while installation in the final
system should not fail with non-empty directories left behind).
* tools/Makefile.am (install-sysconfig, install-initscript)
(install-systemd): Use MKDIR_P.
(uninstall-sysconfig, uninstall-initscript, uninstall-systemd):
Also remove directories.
* daemon/Makefile.am (install-data-local, install-data-polkit)
(install-logrotate, install-sysconfig, install-sysctl)
(install-init-redhat, install-init-upstart, install-init-systemd)
(install-data-sasl): Use MKDIR_P.
(uninstall-data-polkit, uninstall-sysconfig, uninstall-sysctl)
(uninstall-init-redhat, uninstall-init-upstart)
(uninstall-init-systemd): Also remove directory.
(uninstall-logrotate): New rule.
(uninstall-local): Add uninstall-logrotate.
When destroying a domain qemuDomainDestroy kills its qemu process and
starts a new job, which means it unlocks the domain object and locks it
again after some time. Although the object is usually unlocked for a
pretty short time, chances are another thread processing an EOF event on
qemu monitor is able to lock the object first and does all the cleanup
by itself. This leads to wrong shutoff reason and lifecycle event detail
and virDomainDestroy API incorrectly reporting failure to destroy an
inactive domain.
Reported by Charlie Smurthwaite.
Network disks don't have paths to be resolved or files to be checked
for ownership. ee3efc41e6 checked this
for some image label functions, but was partially reverted in a
refactor. This finishes adding the check to each security driver's
set and restore label methods for images.
Signed-off-by: Josh Durgin <josh.durgin@dreamhost.com>
Make uninstall currently fails with the following message:
rmdir /etc/sasl2/
rmdir: failed to remove `/etc/sasl2/': Directory not empty
That's fine (correct in fact) so force the command to return success
with || :
One of the xml tests in the test suite was created using a
now-deprecated qemu machine type ("fedora-13", which was only ever
valid for Fedora builds of qemu). Although strictly speaking it's not
necessary to replace it with an actual supported qemu machine type
(since the xml in question is never actually sent to qemu), this patch
changes it to the actually-supported "pc-0.13" just for general
tidiness. (Also, on some Fedora builds which contain a special patch
to rid the world of "fedora-13", having it mentioned in the test suite
will cause make check to fail.)
This patch addresses https://bugzilla.redhat.com/show_bug.cgi?id=760442
When a network has any forward type other than route, nat or none, the
network configuration should be done completely external to libvirt -
libvirt only uses these types to allow configuring guests in a manner
that isn't tied to a specific host (all the host-specific information,
in particular interface names, port profile data, and bandwidth
configuration is in the network definition, and the guest
configuration only references it).
Due to a bug in the bridge network driver, libvirt was adding iptables
rules for networks with forward type='bridge' etc. any time libvirtd
was restarted while one of these networks was active.
This patch eliminates that error by only "reloading" iptables rules if
forward type is route, nat, or none.
Currently qemuDomainAssignPCIAddresses() is called to assign addresses
to PCI devices.
We need to do something similar for devices with spapr-vio addresses.
So create one place where address assignment will be done, that is
qemuDomainAssignAddresses().
Signed-off-by: Michael Ellerman <michael@ellerman.id.au>
For the PPC64 pseries machine type we need to add address information
for the spapr-vty device.
Signed-off-by: Michael Ellerman <michael@ellerman.id.au>
In QEMU PPC64 we have a network device called "spapr-vlan". We can specify
this using the existing syntax for network devices, however libvirt
currently rejects "spapr-vlan" in virDomainNetDefParseXML() because of
the "-". Fix the code to accept "-".
* src/conf/domain_conf.c (virDomainNetDefParseXML): Allow '-' in
model name, and be more efficient.
* docs/schemas/domaincommon.rng: Limit valid model names to match code.
Based on a patch by Michael Ellerman.
Detected by valgrind. Leak introduced in commit 88a993b:
* tools/virsh.c: fix memory leak on cmdDomblklist.
* how to reproduce?
% valgrind -v --leak-check=full virsh domblklist <domain name>
* actual valgrind result:
==6573== 1,836 bytes in 1 blocks are definitely lost in loss record 110 of 124
==6573== at 0x4A05FDE: malloc (vg_replace_malloc.c:236)
==6573== by 0x330D71497D: xdr_string (in /lib64/libc-2.12.so)
==6573== by 0x4D26CED: xdr_remote_nonnull_string (remote_protocol.c:30)
==6573== by 0x4D28138: xdr_remote_domain_get_xml_desc_ret (remote_protocol.c:1418)
==6573== by 0x4D3C0C2: virNetMessageDecodePayload (virnetmessage.c:382)
==6573== by 0x4D3279F: virNetClientProgramCall (virnetclientprogram.c:382)
==6573== by 0x4D0D50B: callWithFD (remote_driver.c:4339)
==6573== by 0x4D0D5AB: call (remote_driver.c:4360)
==6573== by 0x4D16EAF: remoteDomainGetXMLDesc (remote_client_bodies.h:861)
==6573== by 0x4CF9F4F: virDomainGetXMLDesc (libvirt.c:4098)
==6573== by 0x4154D9: cmdDomblklist (virsh.c:1722)
==6573== by 0x4149E2: vshCommandRun (virsh.c:16365)
==6573==
==6573== 46,009 (352 direct, 45,657 indirect) bytes in 1 blocks are definitely lost in loss record 123 of 124
==6573== at 0x4A05FDE: malloc (vg_replace_malloc.c:236)
==6573== by 0x3318286DC6: xmlXPathNewContext (in /usr/lib64/libxml2.so.2.7.6)
==6573== by 0x4C79AE2: virXMLParseHelper (xml.c:779)
==6573== by 0x415512: cmdDomblklist (virsh.c:1726)
==6573== by 0x4149E2: vshCommandRun (virsh.c:16365)
==6573== by 0x427743: main (virsh.c:17867)
==6573==
==6573== LEAK SUMMARY:
==6573== definitely lost: 2,188 bytes in 2 blocks
==6573== indirectly lost: 45,657 bytes in 332 blocks
==6573== possibly lost: 0 bytes in 0 blocks
==6573== still reachable: 128,034 bytes in 1,364 blocks
==6573== suppressed: 0 bytes in 0 blocks
Signed-off-by: Alex Jia <ajia@redhat.com>
When parsing ppc64 models on an x86 host an out-of-memory error message is displayed due
to it checking for retcpus being NULL. Fix this by removing the check whether retcpus is NULL
since we will realloc into this variable.
Also in the X86 model parser display the OOM error at the location where it happens.
Fix memory leak:
==27534== 24 bytes in 1 blocks are definitely lost in loss record 207 of 530
==27534== at 0x4A05E46: malloc (vg_replace_malloc.c:195)
==27534== by 0x38EC26EC37: vasprintf (in /lib64/libc-2.13.so)
==27534== by 0x4E998E6: virVasprintf (util.c:1677)
==27534== by 0x4E999F1: virAsprintf (util.c:1695)
==27534== by 0x4F1EAAC: nodeGetInfo (nodeinfo.c:593)
==27534== by 0x47948F: qemuCapsInitCPU (qemu_capabilities.c:855)
==27534== by 0x4796B1: qemuCapsInit (qemu_capabilities.c:915)
==27534== by 0x456550: qemuCreateCapabilities (qemu_driver.c:245)
==27534== by 0x4578C4: qemudStartup (qemu_driver.c:580)
==27534== by 0x4F20886: virStateInitialize (libvirt.c:852)
==27534== by 0x420E55: daemonRunStateInit (libvirtd.c:1156)
==27534== by 0x4E94C56: virThreadHelper (threads-pthread.c:157)
Mark this leaked variable as const char * when it is passed into another
function.
Pool creates new workers dynamically. However, it is possible
for a pool to have no workers. If we want to free that pool,
we don't want to wait on quit condition as it will never be
signaled.
Add support for newly supported Intel cpu features. Newly supported
flags are: pclmuldq, dtes64, smx, fma, pdcm, movbe, xsave, osxsave and
avx. This adds support for Intel's Sandy Bridge platform.
Reported by Alex Jia <ajia@redhat.com>. Function cmdDomIfGetLink did not
set a success return value on success path.
Signed-off-by: Alex Jia<ajia@redhat.com>
A preparatory patch for DHCP snooping where we want to be able to
differentiate between a VM's interface using the tuple of
<VM UUID, Interface MAC address>. We assume that MAC addresses could
possibly be re-used between different networks (VLANs) thus do not only
want to rely on the MAC address to identify an interface.
At the current 'final destination' in virNWFilterInstantiate I am leaving
the vmuuid parameter as ATTRIBUTE_UNUSED until the DHCP snooping patches arrive.
(we may not post the DHCP snooping patches for 0.9.9, though)
Mostly this is a pretty trivial patch. On the lowest layers, in lxc_driver
and uml_conf, I am passing the virDomainDefPtr around until I am passing
only the VM's uuid into the NWFilter calls.
This patch cleans up return codes in the nwfilter subsystem.
Some functions in nwfilter_conf.c (validators and formatters) are
keeping their bool return for now and I am converting their return
code to true/false.
All other functions now have failure return codes of -1 and success
of 0.
[I searched for all occurences of ' 1;' and checked all 'if ' and
adapted where needed. After that I did a grep for 'NWFilter' in the source
tree.]
Detected by valgrind. Leak introduced in commit dc675f3:
* tools/virsh.c: fix memory leak on cmdDomIfGetLink.
* how to reproduce?
% valgrind -v --leak-check=full virsh domif-getlink <domain name> 0
* actual valgrind result:
==13102== 18 bytes in 1 blocks are definitely lost in loss record 9 of 47
==13102== at 0x4A05FDE: malloc (vg_replace_malloc.c:236)
==13102== by 0x322A6A67DD: xmlStrndup (in /usr/lib64/libxml2.so.2.7.6)
==13102== by 0x414892: cmdDomIfGetLink (virsh.c:1538)
==13102== by 0x4136A2: vshCommandRun (virsh.c:16363)
==13102== by 0x4253FB: main (virsh.c:17865)
==13102==
==13102== LEAK SUMMARY:
==13102== definitely lost: 18 bytes in 1 blocks
==13102== indirectly lost: 0 bytes in 0 blocks
==13102== possibly lost: 0 bytes in 0 blocks
==13102== still reachable: 127,888 bytes in 1,361 blocks
==13102== suppressed: 0 bytes in 0 blocks
Signed-off-by: Alex Jia <ajia@redhat.com>
Detected by valgrind. Leak introduced in commit e9bd9a0:
* tools/virsh.c: fix memory leak on cmdBlkdeviotune.
* how to reproduce?
% valgrind -v --leak-check=full virsh blkdeviotune <domain name> <block device>
* actual valgrind result:
==12759== 576 bytes in 1 blocks are definitely lost in loss record 18 of 29
==12759== at 0x4A04A28: calloc (vg_replace_malloc.c:467)
==12759== by 0x42134E: _vshCalloc.clone.2 (virsh.c:422)
==12759== by 0x4217CB: cmdBlkdeviotune (virsh.c:6364)
==12759== by 0x4136A2: vshCommandRun (virsh.c:16363)
==12759== by 0x4253FB: main (virsh.c:17865)
==12759==
==12759== LEAK SUMMARY:
==12759== definitely lost: 576 bytes in 1 blocks
==12759== indirectly lost: 0 bytes in 0 blocks
==12759== possibly lost: 0 bytes in 0 blocks
==12759== still reachable: 126,964 bytes in 1,342 blocks
==12759== suppressed: 0 bytes in 0 blocks
Signed-off-by: Alex Jia <ajia@redhat.com>
Jiri Denemark reported an instance of bootstrapping libvirt
failing when run inside a sandbox, traced to rpm trying to
access /var/ which was not permitted by the sandbox.
Alex Jia reported that 0.9.8-rc1 failed to bootstrap if patch(1)
is not installed.
* bootstrap.conf (buildreq): Avoid rpm call if python-config
exists. Also, require patch, in case we have gnulib-local diffs.
In some error situations, the function testDomainRestoreFlags() could
unlock the test driver mutex without first locking it. This patch
moves the lock operation earlier, so that it occurs before any
potential jump down to the unlock call.
I found this problem while auditing the test driver lock usage to
determine the cause of a hang while running the following test:
cd tests; while true; do printf x; ./undefine; done
This patch *does not* solve that problem, but we now understand its
actual source, and danpb is working on a patch.
https://bugzilla.redhat.com/show_bug.cgi?id=738725
Commit ecd8725 tried to silence a spurious warning on the initial
libvirt install, and commit ba6cbb1 tried to fix up the logic to the
correct Fedora version, but the warning was still present due to a
logic bug: since %{fedora} and %{rhel} are never simulatanously
set, then 0%{rhel} <= 6 made the %if always true. Checking for
minimum versions (via >=) is okay, but checking for maximum versions
(via <=) requires a prerequisite test that the platform being tested
is non-zero.
Also fix a bogus setting of with_libxl (although we previously
hard-code with_libxl to 0 for rhel earlier in the file, so this
was not as severe a bug).
* libvirt.spec.in (with_cgconfig): Don't enable cgconfig on F16.
Over time, Fedora and RHEL RPMs have often backported upstream
patches that touched configure.ac and/or Makefile.am; this
necessitates rerunning the autotools for the patch to be effective.
Making this a one-liner spec tweak will make it easier for future
backports to pull patches without having to find all the places
to touch to properly use the autotools. Meanwhile, there have been
historical instances where an update in the autotools caused FTBFS
situations, so this is not on by default.
* libvirt.spec.in (enable_autotools): New variable, default off.
(BuildRequires): Conditionally add autotools.
(%build): Conditionally use them before configure.
* mingw32-libvirt.spec.in: Likewise.
The installation rules for the libvirt-guests.service were
totally broken
- Installing in the wrong location
- The location was not overridable
- The install-systemd rule was not invoked anywhere
- The install-systemd rule was not invoking install-initscript
which it depends on
- The installed service file lacked a .service extension
* tools/Makefile.am: Fix install of libvirt-guests.service
The %makeinstall macro does not set DESTDIR, instead of explicitly
prefixes %{buildroot} onto all paths. Thus we need to do the same
when setting the systemd unit dir
* libvirt.spec.in: Prefix %{buildroot} onto %{unitdir}
assumptions from generic code.
This implements the minimal set of changes needed in libvirt to launch a
PowerPC-KVM based guest.
It removes x86-specific assumptions about choice of serial driver backend
from generic qemu guest commandline generation code.
It also restricts the ACPI capability to be available for an x86 or
x86_64 domain.
This is not a complete solution -- it still does not guarantee libvirt
the capability to flag non-supported options in guest XML. (Eg, an ACPI
specification in a PowerPC guest XML will still get processed, even
though qemu-system-ppc64 does not support it while qemu-system-x86_64 does.)
This drawback exists because libvirt falls back on qemu to query supported
features, and qemu '-h' blindly lists all capabilities -- irrespective
of whether they are available while emulating a given architecture or not.
The long-term solution would be for qemu to list out capabilities based
on architecture and platform -- so that libvirt can cleanly make out what
devices are supported on an arch (say 'ppc64') and platform (say, 'mac99').
Signed-off-by: Prerna Saxena <prerna@linux.vnet.ibm.com>
This enables libvirt to select the correct qemu binary (qemu-system-ppc64)
for a guest vm based on arch 'ppc64'.
Also, libvirt is enabled to correctly parse the list of supported PowerPC
CPUs, generated by running 'qemu-system-ppc64 -cpu ?'
Signed-off-by: Prerna Saxena <prerna@linux.vnet.ibm.com>
Acked-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
to proc/cpuinfo
This patch creates a new sysfs hierarchy under
tests/nodeinfodata/linux-nodeinfo-sysfs-test-1.
Output files and /proc/cpuinfo files are also respectively added for
both x86 and ppc64.
Signed-off-by: Prerna Saxena <prerna@linux.vnet.ibm.com>
/proc/cpuinfo
Libvirt at present depends on /proc/cpuinfo to gather host
details such as CPUs, cores, threads, etc. This is an architecture-
dependent approach. An alternative is to use 'Sysfs', which provides
a platform-agnostic interface to parse host CPU topology.
Signed-off-by: Prerna Saxena <prerna@linux.vnet.ibm.com>
https://bugzilla.redhat.com/show_bug.cgi?id=694403 reports that
the specfile is incorrectly checking for a running libvirt-guests
service. For example,
$ LC_ALL=es_ES chkconfig --list libvirt-guests
libvirt-guests 0:desactivado 1:desactivado 2:desactivado 3:activo 4:activo 5:activo 6:desactivado
will fail to find 5:on, even though it is active. But chkconfig
already has a mode where you can silently use the exit status to
check for an active service.
* libvirt.spec.in (%post): Use simpler chkconfig options, to avoid
issues with localization.
On RHEL 5, with libxml2-2.6.26, the build failed with:
virsh.c: In function 'vshNodeIsSuperset':
virsh.c:11951: warning: implicit declaration of function 'xmlChildElementCount'
(or if warnings aren't errors, a link failure later on).
* src/util/xml.h (virXMLChildElementCount): New prototype.
* src/util/xml.c (virXMLChildElementCount): New function.
* src/libvirt_private.syms (xml.h): Export it.
* tools/virsh.c (vshNodeIsSuperset): Use it.
When one thread passes the buck to another thread, it uses
virCondSignal to wake up the target thread. The variable
'haveTheBuck' is not updated in a race-free manner when
this occurs. The current thread sets it to false, and the
woken up thread sets it to true. There is a window where
a 3rd thread can come in and grab the buck.
Even if this didn't lead to crashes & deadlocks, this would
still result in unfairness in the buckpassing algorithm.
A better solution is to *never* set haveTheBuck to false
when we're passing the buck. Only set it to false when there
is no further thread waiting for the buck.
* src/rpc/virnetclient.c: Only set haveTheBuck to false
if no thread is waiting
Commit fd06692544 tried to fix
a race condition in
commit fa9595003d
Author: Daniel P. Berrange <berrange@redhat.com>
Date: Fri Nov 11 15:28:41 2011 +0000
Explicitly track whether the buck is held in remote client
Unfortunately there is a second race condition whereby the
event loop can trigger due to incoming data to read. Revert
this fix, so a complete fix for the problem can be cleanly
applied
* src/rpc/virnetclient.c: Revert fd06692544
With security_driver set to "none" in /etc/libvirt/qemu.conf,
libvirtd would crash when attempted to attach to an existing
qemu process. Only copy the security model if it actually exists.
During virDomainDestroy, QEMU may emit SHUTDOWN event as a response to
SIGTERM and since domain object is still locked, the event is processed
after the domain is destroyed. We need to ignore this event in such case
to avoid changing domain state from shutoff to shutdown.
This patch is to expose the fabric_name of fc_host class, which
might be useful for users who wants to known which fabric the
(v)HBA connects to.
The patch also adds the missed capabilities' XML schema of scsi_host,
(of course, with fabric_wwn added), and update the documents
(docs/formatnode.html.in)
Currently if you try to connect to a local libvirtd when
libvirtd is not in $PATH, you'll get an error
error: internal error invalid use of command API
This is because remoteFindDaemonPath() returns NULL, which
causes us to pass NULL into virNetSocketConnectUNIX which
in turn causes us to pass NULL into virCommandNewArgList.
Adding missing error checks improves this to
error: internal error Unable to locate libvirtd daemon in $PATH
* src/remote/remote_driver.c: Report error if libvirtd
cannot be found
* src/rpc/virnetsocket.c: Report error if caller requested
spawning of daemon, but provided no binary path
https://bugzilla.redhat.com/show_bug.cgi?id=754909 complains that
because libvirt didn't require dmidecode, that the logs are noisy
and virConnectGetSysinfo needlessly fails. Even 'virt-what' requires
dmidecode, so it's not that onerous of a dependency. We may be
able to drop this in the future when we move to parsing sysfs data,
but for now, listing the dependency will help matters.
* libvirt.spec.in (Requires): Sort Requires before BuildRequires.
Add dmidecode.
Older gcc warns (on every file!) that -Wabi and -Wdeprecated only
make sense on C++ projects. Newer gcc accepts these warnings for
C, but it is not clear that they can do anything useful, so it
is easier to just drop the warnings altogether.
* m4/virt-compile-warnings.m4 (LIBVIRT_COMPILE_WARNINGS): Silence
-Wabi and -Wdeprecated on older gcc.
Reported by Peter Krempa.
The Mingw32 linker highlighted that the symbols for virtime.h
declared in libvirt_private.syms were incorrect
* src/libvirt_private.syms: Fix virtime.h symbols
When QEMU guest finishes its shutdown sequence, qemu stops virtual CPUs
and when started with -no-shutdown waits for us to kill it using
SGITERM. Since QEMU is flushing its internal buffers, some time may pass
before QEMU actually dies. We mistakenly used "paused" state (and
events) for this which is quite confusing since users may see a domain
going to pause while they expect it to shutdown. Since we already have
"shutdown" state with "the domain is being shut down" semantics, we
should use it for this state.
However, the state didn't have a corresponding event so I created one
and called its detail as VIR_DOMAIN_EVENT_SHUTDOWN_FINISHED (guest OS
finished its shutdown sequence) with the intent to add
VIR_DOMAIN_EVENT_SHUTDOWN_STARTED in the future if we have a
sufficiently capable guest agent that can notify us when guest OS starts
to shutdown.
Otherwise connections to older libvirt abort with:
$ virsh -c qemu+ssh://host.example.com/system list
error: invalid connection pointer in virDrvSupportsFeature
error: failed to connect to the hypervisor
Tested against 0.8.3 and 0.9.8-rc2.
This patch adds binding for virNodeGetMemoryStats method of libvirtd.
Return value is represented as a python dictionary mapping field
names to values.
https://bugzilla.redhat.com/show_bug.cgi?id=648855 mentioned a
misuse of 'an' where 'a' is proper; that has since been fixed,
but a search found other problems (some were a spelling error for
'and', while most were fixed by 'a').
* daemon/stream.c: Fix grammar.
* src/conf/domain_conf.c: Likewise.
* src/conf/domain_event.c: Likewise.
* src/esx/esx_driver.c: Likewise.
* src/esx/esx_vi.c: Likewise.
* src/rpc/virnetclient.c: Likewise.
* src/rpc/virnetserverprogram.c: Likewise.
* src/storage/storage_backend_fs.c: Likewise.
* src/util/conf.c: Likewise.
* src/util/dnsmasq.c: Likewise.
* src/util/iptables.c: Likewise.
* src/xen/xen_hypervisor.c: Likewise.
* src/xen/xend_internal.c: Likewise.
* src/xen/xs_internal.c: Likewise.
* tools/virsh.c: Likewise.
We want our tarballs to be complete - this means that any
generated file that gets shipped as part of the tarball so that
ordinary users don't have to rebuild it must be something
that the maintainer can generate. There have been various
reports of random build failures when using libvirt.git
instead of a tarball, and often it is due to missing a
maintainer-specific tool to produce one of these generated
files. This patch raises the bar for what you must have
installed to build libvirt.git, but does not impact what
you can get away with for building tarballs.
Note: It still remains possible to do a successful 'make dist'
without these tools, when starting from a release tarball.
* bootstrap.conf (buildreq): Add tools that maintainers need for a
successful 'make dist' from a fresh git checkout.
virBufferContentAndReset (intentionally) returns NULL for a buffer
with no content, but it is feasible to invoke a command with an
explicit empty string.
* src/util/command.c (virCommandAddEnvBuffer): Reject empty string.
(virCommandAddArgBuffer): Allow explicit empty argument.
* tests/commandtest.c (test9): Test it.
* tests/commanddata/test9.log: Adjust.
The RPC fixups needed on Linux are also needed on cygwin, and
worked without further tweaking to the list of fixups. Also,
unlike BSD, Cygwin exports 'struct ifreq', but unlike Linux,
Cygwin lacks the ioctls that we were using 'struct ifreq' to
access. This patch allows compilation under cygwin.
* src/rpc/genprotocol.pl: Also perform fixups on cygwin.
* src/util/virnetdev.c (HAVE_STRUCT_IFREQ): Also require AF_PACKET
definition.
* src/util/virnetdevbridge.c (virNetDevSetupControlFull): Only
compile if SIOCBRADDBR works.
I had previously tested commit 059d746 with -O intentionally omitted
from my CFLAGS; but that means that I missed out on this warning
from gcc 4.6.2 when optimizations are enabled:
util/buf.c: In function 'virBufferGetIndent':
util/buf.c:86:1: error: function might be candidate for attribute 'pure' [-Werror=suggest-attribute=pure]
While it is probably a good idea to add the attributes and silence
this warning, it's also invasive; 'make -k' found more than 75 such
complaints. And it doesn't help that gcc 4.6.2 is still buggy
(coreutils reported a case where gcc 4.6.2 incorrectly suggested
marking a function pure that incremented a global variable; fixed
in gcc 4.7). So the best fix for now is to disable the warning.
It also doesn't help that I stumbled across another problem - gcc
documents that -Wsuggest-attribute=pure only warns if you use -O,
or if you use -fipa-pure-const. But in practice, when I omitted -O
but added -fipa-pure-const, the warnings are fickle - I got warnings
for simple compilation that disappeared when I also added -fPIC.
And the way libtool compiles things is with -fPIC first, then without
-fPIC but with errors sent to /dev/null - which meant that without
disabling -Wsuggest-attribute=pure, I got a compile error with no
message. :( See http://debbugs.gnu.org/cgi/bugreport.cgi?bug=10197
* m4/virt-compile-warnings.m4 (LIBVIRT_COMPILE_WARNINGS): Silence
-Wsuggest-attribute warnings for now.
The pathname for the pipe for tunnelled migration is unresolvable. The
libvirt apparmor driver therefore refuses access, causing migration to
fail. If we can't resolve the path, the worst that can happen is that
we should have given permission to the file but didn't. Otherwise
(especially since this is a /proc/$$/fd/N file) the file is already open
and libvirt won't be refused access by apparmor anyway.
Also adjust virt-aa-helper to allow access to the
*.tunnelmigrate.dest.name files.
For more information, see https://launchpad.net/bugs/869553.
Signed-off-by: Serge Hallyn <serge.hallyn@canonical.com>
Originaly, the code checked if another client is the queue and infered
ownership of the buck from that. Commit fa9595003d
added a separate variable to track the buck. That caused, that a new
call might enter claiming it has the buck, while another thread was
signalled to take the buck. This ends in two threads claiming they hold
the buck and entering poll(). This happens due to a race on waking up
threads on the client lock mutex.
This caused multi-threaded clients to hang, most prominently visible and
reproducible on python based clients, like virt-manager.
This patch causes threads, that have been signalled to take the buck to
re-check if buck is held by another thread.
With fragments borrowed from David Steven's previous submission and some
further modifications:
A set of modifications to filters to handle multiple IP addresses
(and MAC addresses) per interface.
Also:
- enable DHCP traffic from VM to any DHCP server
- will require an update to a libvirt-tck data file
Signed-off-by: David L Stevens <dlstevens@us.ibm.com>
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
* .gnulib: Update to latest, for improved 'make syntax-check' and
compiler warnings.
* m4/virt-compile-warnings.m4 (LIBVIRT_COMPILE_WARNINGS):
Re-silence -Wformat-nonliteral.
* cfg.mk (_test_script_regex): Recognize our test scripts.
* gnulib/local/lib/*.diff: Drop, now that gnulib has this.
* tests/virsh-optparse: Fix use of compare.
* tests/virsh-schedinfo: Likewise.
For unknown reasons, the shunloadtest will crash on Fedora 16
inside dlopen()
(gdb) bt
#0 0x00000000000050e6 in ?? ()
#1 0x00007ff61a77b9d5 in floor () from /lib64/libm.so.6
#2 0x00007ff61e522963 in _dl_relocate_object () from /lib64/ld-linux-x86-64.so.2
#3 0x00007ff61e5297e6 in dl_open_worker () from /lib64/ld-linux-x86-64.so.2
#4 0x00007ff61e525006 in _dl_catch_error () from /lib64/ld-linux-x86-64.so.2
#5 0x00007ff61e52917a in _dl_open () from /lib64/ld-linux-x86-64.so.2
#6 0x00007ff61e0f6f26 in dlopen_doit () from /lib64/libdl.so.2
#7 0x00007ff61e525006 in _dl_catch_error () from /lib64/ld-linux-x86-64.so.2
#8 0x00007ff61e0f752f in _dlerror_run () from /lib64/libdl.so.2
#9 0x00007ff61e0f6fc1 in dlopen@@GLIBC_2.2.5 () from /lib64/libdl.so.2
#10 0x0000000000400a15 in main (argc=<optimized out>, argv=<optimized out>) at shunloadtest.c:105
Changing from RTLD_NOW to RTLD_LAZY avoids this problem,
but quite possibly does not fix the root cause.
* shunloadtest.c: s/NOW/LAZY/
This ought to fix the build if you have net/if.h but do
not have struct ifreq
* configure.ac: Check for struct ifreq in net/if.h
* src/util/virnetdev.c: Conditionalize to avoid use of
struct ifreq if it does not exist
probes.h can only be generated on Linux, and then only with dtrace
installed. If it is part of the tarball, then either 'make dist'
will fail if you don't have that setup, or we would have to start
keeping probes.h in libvirt.git. Since we only need it to be
generated when dtrace is in use, it's better to avoid shipping
it in the first place, and avoid tracking it in git.
Meanwhile, there is a build dependency - since the RPC code is
generated, it can be built early; but when dtrace is enabled, we
must ensure probes.h is built even earlier. Commit 1afcfbdd tried
to fix this, but did so in a way that added probes.h into the
tarball, and broke VPATH as well. Commit ecbca767 fixed VPATH,
but didn't fix the more fundamental problem. This patch solves
the issue by adding a dependency instead.
Tested with 'make dist' in a clean VPATH builds, for both
'./configure --without-dtrace' and './configure --with-dtrace';
all configurations were able to correctly build a tarball, and
the dtrace configuration no longer sticks probes.h in the tarball.
* src/Makefile.am (REMOTE_DRIVER_GENERATED): Don't ship probes.h;
rather, make it a dependency.
Fix a logic error, the initial value of ret = -1, if just set --config,
it will goto endjob directly without doing its really job here.
Signed-off-by: Lei Li <lilei@linux.vnet.ibm.com>
The glibc time.h header has an undocumented __isleap macro
that we are using. Since it is undocumented & does not appear
on any other OS, stop using it and just define the macro in
libvirt code instead.
* src/util/virtime.c: Remove __isleap usage
Currently virsh supports only ^] as escape character for console.
However, some users might want to use something else. This patch
creates such ability by specifying '-e' switch on virsh command
line.
Only one IPv4 DHCP definition is supported. Originally the code checked
for a multiple definition and returned an error, but the new domain
definition was already added to networks. This patch moves the check
before the newly defined network is added to active networks.
*src/network/bridge_driver.c: networkDefine(): - move multiple IPv4
addresses check before
definition is used.
We have several directories that are created on the fly, and which
only contain state relevant to a running libvirtd process (all
located in /var/run). Since the directories are created as needed,
and make no sense without a running libvirtd, we want them deleted
if libvirt is uninstalled. And in F15 and newer, /var/run is on
tmpfs (forcing us to recreate on the fly); which means that someone
trying to verify a complete rpm will fail if the directory does not
currently exist because libvirtd has not been started since boot.
The solution, then, is to mark the directories as %ghost, so that
rpm knows that we own them and will clean it up if libvirt is
uninstalled, but will no longer create the directory for us at
install, nor complain at verify time if the directory does not exist.
See https://bugzilla.redhat.com/show_bug.cgi?id=656611.
* libvirt.spec.in (%files): Add %ghost to temporary directories
that we don't install, but want cleaned up on libvirt removal.
Not only was ctl->quit accessed without a mutex but unfortunately,
virEventAddTimeout only interrupts the poll when event loop is running
so the hack needs to add a timeout that will make next poll return
immediately without blocking.
Detected by Coverity. Leak introduced in commit c1df2c1.
Two bugs here:
1. memory leak on successful parse
2. failure to parse still returned success
Signed-off-by: Alex Jia <ajia@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
Detected by Coverity. Leak introduced in commit 8866eed.
Two bugs here:
1. logfd wasn't closed on all return paths
2. if we failed to mark a domain autodestroy, then the domain
was not made transient but we still returned success
Signed-off-by: Alex Jia <ajia@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
Detected by Coverity. Leak introduced in commit 673adba.
Two separate bugs here:
1. call was not freed on all error paths
2. virCondDestroy was called even if virCondInit failed
Signed-off-by: Alex Jia <ajia@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
To add support for running libvirt on PowerPC, a CPU driver for the
PowerPC platform must be added.
Most generic cpu driver routines such as CPU compare, decode, etc
are based on CPUID comparison and are not relevant for non-x86
platforms.
Here, we introduce stubs for relevant PowerPC routines invoked by libvirt.
Signed-off-by: Prerna Saxena <prerna@linux.vnet.ibm.com>
Signed-off-by: Anton Blanchard <anton@au.ibm.com>
filter 0-device-weight when:
- getting blkio parameters with --config
- starting up a domain
When testing with blkio, I found these issues:
(dom is down)
virsh blkiotune dom --device-weights /dev/sda,300,/dev/sdb,500
virsh blkiotune dom --device-weights /dev/sda,300,/dev/sdb,0
virsh blkiotune dom
weight : 800
device_weight : /dev/sda,200,/dev/sdb,0
# issue 1: shows 0 device weight of /dev/sdb that may confuse user
(continued)
virsh start dom
# issue 2: If /dev/sdb doesn't exist, libvirt refuses to bring the
# dom up because it wants to set the device weight to 0 of a
# non-existing device. Since 0 means no weight-limit, we really don't
# have to set it.
Prior to this patch, for a running dom, the commands:
$ virsh blkiotune dom --device-weights /dev/sda,502,/dev/sdb,498
$ virsh blkiotune dom --device-weights /dev/sda,503
$ virsh blkiotune dom
weight : 500
device_weight : /dev/sda,503
claim that /dev/sdb no longer has a non-default weight, but
directly querying cgroups says otherwise:
$ cat /cgroup/blkio/libvirt/qemu/dom/blkio.weight_device
8:0 503
8:16 498
After this patch, an explicit 0 is required to remove a device path
from the XML, and omitting a device path that was previously
specified leaves that device path untouched in the XML, to match
cgroups behavior.
* src/qemu/qemu_driver.c (parseBlkioWeightDeviceStr): Rename...
(qemuDomainParseDeviceWeightStr): ...and use correct type.
(qemuDomainSetBlkioParameters): After parsing string, modify
rather than replacing existing table.
* tools/virsh.pod (blkiotune): Tweak wording.
The next patch will make it possible to have virDomainSetBlkioParameters
leave device weights unchanged if they are not mentioned in the incoming
string, but this only works if the list of block weights does not allow
duplicate paths. Technically, a user can still confuse libvirt by
passing alternate spellings that resolve to the same device, but it
is not worth worrying about working around that kind of abuse.
* src/conf/domain_conf.c (virDomainDefParseXML): Require unique
paths.
The virTimestamp and virTimeMs functions in src/util/util.h
duplicate functionality from virtime.h, in a non-async signal
safe manner. Remove them, and convert all code over to the new
APIs.
* src/util/util.c, src/util/util.h: Delete virTimeMs and virTimestamp
* src/lxc/lxc_driver.c, src/qemu/qemu_domain.c,
src/qemu/qemu_driver.c, src/qemu/qemu_migration.c,
src/qemu/qemu_process.c, src/util/event_poll.c: Convert to use
virtime APIs
The logging APIs need to be able to generate formatted timestamps
using only async signal safe functions. This rules out using
gmtime/localtime/malloc/gettimeday(!) and much more.
Introduce a new internal API which is async signal safe.
virTimeMillisNowRaw replacement for gettimeofday. Uses clock_gettime
where available, otherwise falls back to the unsafe
gettimeofday
virTimeFieldsNowRaw replacements for gmtime(), convert a timestamp
virTimeFieldsThenRaw into a broken out set of fields. No localtime()
replacement is provided, because converting to
local time is not practical with only async signal
safe APIs.
virTimeStringNowRaw replacements for strftime() which print a timestamp
virTimeStringThenRaw into a string, using a pre-determined format, with
a fixed size buffer (VIR_TIME_STRING_BUFLEN)
For each of these there is also a version without the Raw postfix
which raises a full libvirt error. These versions are not async
signal safe
* src/Makefile.am, src/util/virtime.c, src/util/virtime.h: New files
* src/libvirt_private.syms: New APis
* configure.ac: Check for clock_gettime in -lrt
* tests/virtimetest.c, tests/Makefile.am: Test new APIs
Fix the build on Mingw32 by removing the now obsolete
virGetPMCapabilities symbol from the private exports file
* src/libvirt_private.syms: Remove virGetPMCapabilities
If suspend failed for some reason (e.g. too short duration) then
subsequent attempts to trigger suspend were rejected because we
had already marked a suspend as being in progress
* src/util/virnodesuspend.c: Don't mark suspend as active
until we've successfully triggered it
The command name for the suspend action does not need to be
strdup'd. The constant string can be used directly. This
also means the code can be trivially rearranged to make the
switch clearer
* src/util/virnodesuspend.c: Remove strdup of cmdString
To avoid probing the host power management features on any
call to virInitialize, only initialize the mutex in
virNodeSuspendInit. Do lazy load of the supported PM target
mask when it is actually needed
* src/util/virnodesuspend.c: Lazy init of supported features
If we ensure that virNodeSuspendGetTargetMask always resets
*bitmask to zero upon failure, there is no need for the
powerMgmt_valid field.
* src/util/virnodesuspend.c: Ensure *bitmask is zero upon
failure
* src/conf/capabilities.c, src/conf/capabilities.h: Remove
powerMgmt_valid field
* src/qemu/qemu_capabilities.c: Remove powerMgmt_valid
The node suspend capabilities APIs should not have been put into
util.[ch]. Instead move them into virnodesuspend.[ch]
* src/util/util.c, src/util/util.h: Remove suspend capabilities APIs
* src/util/virnodesuspend.c, src/util/virnodesuspend.h: Add
suspend capabilities APIs
* src/qemu/qemu_capabilities.c: Include virnodesuspend.h
Rename virGetPMCapabilities to virNodeSuspendGetTargetMask and
virDiscoverHostPMFeature to virNodeSuspendSupportsTarget.
* src/util/util.c, src/util/util.h: Rename APIs
* src/qemu/qemu_capabilities.c, src/util/virnodesuspend.c: Adjust
for new names
Since virDiscoverHostPMFeature is just checking one feature,
there is no reason for it to return a bitmask. Change it to
return a boolean
* src/util/util.c, src/util/util.h: Make virDiscoverHostPMFeature
return a boolean
The virHostPMCapability enum helper was declared in util.h
but implemented in capabilities.c, which is in a completely
separate library at link time. Move the declaration into the
capabilities.c file and rename it to match normal conventions
* src/util/util.h: Remove virHostPMCapability enum decl
* src/conf/capabilities.c: Add virCapsHostPMTarget enum
The capabilities XML uses the x86 specific terms 'S3', 'S4'
and 'Hybrid-Syspend'. Switch it to use the same terminology
as the API constants and virsh options, eg 'suspend_mem'
'suspend_disk' and 'suspend_hybrid'
* docs/formatcaps.html.in, docs/schemas/capability.rng,
src/conf/capabilities.c: Rename suspend constants
The internal virHostPMCapability enum just duplicates the
public virNodeSuspendTarget enum, but with different names.
* src/util/util.c: Use VIR_NODE_SUSPEND_TARGET constants
* src/util/util.h: Remove virHostPMCapability enum
* src/conf/capabilities.c: Use VIR_NODE_SUSPEND_TARGET_LAST
The VIR_NODE_SUSPEND_TARGET constants are not flags, so they
should just be assigned straightforward incrementing values.
* include/libvirt/libvirt.h.in: Change VIR_NODE_SUSPEND_TARGET
values
* src/util/virnodesuspend.c: Fix suspend target checks
Detected by Coverity. the only case is caller passes a NULL to 'format' variable,
then taking 'if (format)' false branch, the function qcow2GetBackingStoreFormat
will directly dereferences the NULL 'format' pointer variable.
Signed-off-by: Alex Jia <ajia@redhat.com>
This adds per-device weights to <blkiotune>. Note that the
cgroups implementation only supports weights per block device,
and not per-file within the device; hence this option must be
global to the domain definition rather than tied to individual
<devices>/<disk> entries:
<domain ...>
<blkiotune>
<device>
<path>/path/to/block</path>
<weight>1000</weight>
</device>
</blkiotune>
..
This patch also adds a parameter --device-weights to virsh command
blkiotune for setting/getting blkiotune.weight_device for any
hypervisor that supports it. All <device> entries under
<blkiotune> are concatenated into a single string attribute under
virDomain{Get,Set}BlkioParameters, named "device_weight".
Signed-off-by: Hu Tao <hutao@cn.fujitsu.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
Without this, 'virsh blkiotune --live --config --weight=n'
only affected live.
* src/qemu/qemu_driver.c (qemuDomainSetBlkioParameters): Allow
setting both configurations at once.
After the previous patch, there are now some redundant checks.
* src/qemu/qemu_driver.c (qemudDomainGetVcpuPinInfo)
(qemuGetSchedulerParametersFlags): Drop checks now guaranteed by
libvirt.c.
* src/lxc/lxc_driver.c (lxcGetSchedulerParametersFlags):
Likewise.
Drivers were inconsistent when presented both --live and --config
at once. For example, within qemu, getting memory parameters
favored live, getting blkio tuning favored config, and getting
scheduler parameters errored out. Also, some, but not all,
attempts to mix flags on query were filtered at the virsh level.
We shouldn't have to duplicate efforts in every client app, nor
in every driver. So, it is simpler to just enforce that the two
flags cannot both be used at once on query operations, which has
precedent in libvirt.c, and which matches the documentation of
virDomainModificationImpact.
* src/libvirt.c (virDomainGetMemoryParameters)
(virDomainGetBlkioParameters)
(virDomainGetSchedulerParametersFlags, virDomainGetVcpuPinInfo):
Borrow sanity checking from virDomainGetVcpusFlags.
It requires the domain is running, otherwise fails. Resize to a lower
size is supported, but should be used with extreme caution.
In order to prohibit the "size" overflowing after multiplied by
1024. We do checking in the codes. For QMP mode, the default units
is Bytes, the passed size needs to be multiplied by 1024, however,
for HMP mode, the default units is "Megabytes", the passed "size"
needs to be divided by 1024 then.
Implements functions for both HMP and QMP mode.
For HMP mode, qemu uses "M" as the units by default, so the passed "sized"
is divided by 1024.
For QMP mode, qemu uses "Bytes" as the units by default, the passed "sized"
is multiplied by 1024.
All of the monitor functions return -1 on failure, 0 on success, or -2 if
not supported.
The new API is named as "virDomainBlockResize", intending to add
support for qemu monitor command "block_resize" (both HMP and QMP).
Similar with APIs like "virDomainSetMemoryFlags", the units for
argument "size" is kilobytes.
Add the core functions that implement the functionality of the API.
Suspend is done by using an asynchronous mechanism so that we can return
the status to the caller before the host gets suspended. This asynchronous
operation is achieved by suspending the host in a separate thread of
execution. However, returning the status to the caller is only best-effort,
but not guaranteed.
To resume the host, an RTC alarm is set up (based on how long we want to
suspend) before suspending the host. When this alarm fires, the host
gets woken up.
Suspend-to-RAM operation on a host running Linux can take upto more than 20
seconds, depending on the load of the system. (Freezing of tasks, an operation
preceding any suspend operation, is given up after a 20 second timeout).
And Suspend-to-Disk can take even more time, considering the time required
for compaction, creating the memory image and writing it to disk etc.
So, we do not allow the user to specify a suspend duration of less than 60
seconds, to be on the safer side, since we don't want to prematurely declare
failure when we only had to wait for some more time.
Some systems support a feature known as 'Hybrid-Suspend', apart from the
usual system-wide sleep states such as Suspend-to-RAM (S3) or Suspend-to-Disk
(S4). Add the functionality to discover this power management feature and
export it in the capabilities XML under the <power_management> tag.
When another thread was dispatching while we wanted to send a
non-blocking call, we correctly queued the call and woke up the thread
but the thread just threw the call away since it forgot to recheck if
its socket was writable.
If both nodes do not have any children, we pass zero to
virBitmapAlloc which returns NULL. In turn we report OOM error
and return false (meaning nodes are different). This is not true.
When spawning an ssh connection, the environment variables
DISPLAY, SSH_ASKPASS, ... are passed. However XAUTHORITY,
which is necessary if the .Xauthority is in a non default
place, was not passed.
Signed-off-by: Christian Franke <nobody@nowhere.ws>
virt-xml-validate fails when run on a domain XML file of type 'vbox'.
For failing test case, see https://bugzilla.redhat.com/show_bug.cgi?id=757097
This patch updates the XML schema to accept all valid hypervisor
types, as well as dropping hypervisor types that are not in use
by the current code base.
Signed-off-by: Eric Blake <eblake@redhat.com>
To make lxcSetContainerResources smaller, pull the mem tune
and device ACL setup code out into separate methods
* src/lxc/lxc_controller.c: Introduce lxcSetContainerMemTune
and lxcSetContainerDeviceACL
While LXC does not have the concept of VCPUS, so we can't do
per-VCPU pCPU placement, we can support the VM level CPU
placement. Todo this simply set the CPU affinity of the LXC
controller at startup. All child processes will inherit this
affinity.
* src/lxc/lxc_controller.c: Set process affinity
This partly reverts my previous patch f88de3eb. We need to
get file status after open, as given path could have been symlink,
so fstat() will operate on different file than lstat().
When aligning you need to clear the bits in the mask and leave the
others aside. Likely this code has never run, and will never run.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
One of my latest patches 2e37bf42d2
copy serial console definition. On domain shutdown we save this
info into state XML. However, later on the daemon start we simply
drop this info and since we are not re-reading qemu log,
vm->def->consoles[0] does not get populated with copy. Therefore
we need to avoid dropping console definition if it is just alias
for serial console.
If a connection to destination host is lost during peer-to-peer
migration (because keepalive protocol timed out), we won't be able to
finish the migration and it doesn't make sense to wait for qemu to
transmit all data. This patch automatically cancels such migration
without waiting for virDomainAbortJob to be called.
This API can be used to check if the socket associated with
virConnectPtr is still open or it was closed (probably because keepalive
protocol timed out). If there the connection is local (i.e., no socket
is associated with the connection, it is trivially always alive.
virConnectSetKeepAlive public API can be used by a client connecting to
remote server to start using keepalive protocol. The API is handled
directly by remote driver and not transmitted over the wire to the
server.
The keepalive program has two procedures: PING, and PONG.
Both are used only in asynchronous messages and the sender doesn't wait
for any reply. However, the party which receives PING messages is
supposed to react by sending PONG message the other party, but no
explicit binding between PING and PONG messages is made. For backward
compatibility neither server nor client are allowed to send keepalive
messages before checking that remote party supports them.
When virNetClientIOEventLoop is called for a non-blocking call and not
even a single byte can be sent from this call without blocking, we
properly reported that to the caller which properly frees the call. But
we never removed the call from a call queue.
If something fails while initializing qemu job object in
qemuDomainObjPrivateAlloc(), memory to the private pointer is freed, but
after that, the pointer is still dereferenced, which may result in a
segfault.
* qemuDomainObjPrivateAlloc() - Don't dereference NULL pointer.
Generally, functions which return malloc'd strings should be typed
as 'char *', not 'const char *', to make it obvious that the caller
is responsible to free things. free(const char *) fails to compile,
and although we have a cast embedded in VIR_FREE to work around poor
code that frees const char *, it's better to not rely on that hack.
* src/qemu/qemu_driver.c (qemuDiskPathToAlias): Change return type.
(qemuDomainBlockJobImpl): Update caller.
Given that we can now handle the target's disk shorthand, in addition
to an absolute path to the file or block device used on the host,
the term 'disk' fits a bit better as the parameter name than 'path'.
* include/libvirt/libvirt.h.in: Update some parameter names.
* src/libvirt.c (virDomainBlockStats, virDomainBlockStatsFlags)
(virDomainBlockPeek, virDomainGetBlockInfo, virDomainBlockJobAbort)
(virDomainGetBlockJobInfo, virDomainBlockJobSetSpeed)
(virDomainBlockPull): Likewise.
Commit 89b6284f made it possible to pass either a source name or
the target device to most API demanding a disk designation, but
forgot to update the documentation. It also failed to update
virDomainBlockStats to take both forms. This patch fixes both the
documentation and the remaining function.
Xen continues to use just device shorthand (that is, I did not
implement path lookup there, since xen does not track a domain_conf
to quickly tie a path back to the device shorthand).
* src/libvirt.c (virDomainBlockStats, virDomainBlockStatsFlags)
(virDomainGetBlockInfo, virDomainBlockPeek)
(virDomainBlockJobAbort, virDomainGetBlockJobInfo)
(virDomainBlockJobSetSpeed, virDomainBlockPull): Document
acceptable disk naming conventions.
* src/qemu/qemu_driver.c (qemuDomainBlockStats)
(qemuDomainBlockStatsFlags): Allow lookup by source name.
* src/test/test_driver.c (testDomainBlockStats): Likewise.
The WITH_VIRTUALPORT macro is defined to 0 when disabled, not
left undefined. So #if must be used instead of #ifdef
* src/util/virnetdevvportprofile.c: s/#ifdef/#if/
Up to now users have to give a full XML description on input when
device-detaching. If they omitted something it lead to unclear
error messages (like generated MAC wasn't found, etc.).
With this patch users can specify only those information which
specify one device sufficiently precise. Remaining information is
completed from domain.
In preparation of DHCP Snooping and the detection of multiple IP
addresses per interface:
The hash table that is used to collect the detected IP address of an
interface can so far only handle one IP address per interface. With
this patch we extend this to allow it to handle a list of IP addresses.
Above changes the returned variable type of virNWFilterGetIpAddrForIfname()
from char * to virNWFilterVarValuePtr; adapt all existing functions calling
this function.
Signed-off-by: Eli Qiao <taget@linux.vnet.ibm.com>
When configuring a URI alias like this in 'libvirt.conf':
uri_aliases = [
"jj#j=qemu+ssh://root@127.0.0.1/system",
"sleet=qemu+ssh://root@sleet.cloud.example.com/system",
]
virsh -c jj#j
It will show this error message:
'no connection driver available for No connection for URI jj#j'
Actually,we expect this message below:
Malformed 'uri_aliases' config entry 'jj#j=qemu+ssh://root@127.0.0.1/system', aliases may only contain 'a-Z, 0-9, _, -'
Give this patch to fix this error.
Add documentation for the STP filtering support. Describe the XML attributes
that are supported.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
This patch adds support for filtering of STP (spanning tree protocol) traffic
to the parser and makes us of the ebtables support for STP filtering. This code
now enables the filtering of traffic in chains with prefix 'stp'.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
With hunks borrowed from one of David Steven's previous patches, we now
add the capability of having a 'mac' chain which is useful to filter
for multiple valid MAC addresses.
Signed-off-by: David L Stevens <dlstevens@us.ibm.com>
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
virStorageBackendLogicalDeleteVol() could not remove the lv with error
"could not remove open logical volume" sometimes. Generally it's caused
by the volume is still active, even if lvremove tries to remove it with
option "--force".
This patch is to fix it by disbale the lv first using "lvchange -aln"
and "lvremove -f" afterwards if the direct "lvremove -f" failed.
This patch exports KVM Host Power Management capabilities as XML so that
higher-level systems management software can make use of these features
available in the host.
The script "pm-is-supported" (from pm-utils package) is run to discover if
Suspend-to-RAM (S3) or Suspend-to-Disk (S4) is supported by the host.
If either of them are supported, then a new tag "<power_management>" is
introduced in the XML under the <host> tag.
However in case the query to check for power management features succeeded,
but the host does not support any such feature, then the XML will contain
an empty <power_management/> tag. In the event that the PM query itself
failed, the XML will not contain any "power_management" tag.
To use this, new APIs could be implemented in libvirt to exploit power
management features such as S3/S4.
None of the callers cared if str was updated to point to the next
byte after the parsed cpuset; simplifying this results in quite
a few code simplifications. Additionally, virCPUDefParseXML was
strdup()'ing a malloc()'d string; avoiding a memory copy resulted
in less code.
* src/conf/domain_conf.h (virDomainCpuSetParse): Alter signature.
* src/conf/domain_conf.c (virDomainCpuSetParse): Don't modify str.
(virDomainVcpuPinDefParseXML, virDomainDefParseXML): Adjust
callers.
* src/conf/cpu_conf.c (virCPUDefParseXML): Likewise.
* src/xen/xend_internal.c (sexpr_to_xend_topology): Likewise.
* src/xen/xm_internal.c (xenXMDomainPinVcpu): Likewise.
* src/xenxs/xen_sxpr.c (xenParseSxpr): Likewise.
* src/xenxs/xen_xm.c (xenParseXM): Likewise.
For direct attach devices, in qemuBuildCommandLine, we seem to be freeing
actual device on error path (with networkReleaseActualDevice). But the actual
device is not deleted.
qemuProcessStop eventually deletes the direct attach device and releases
actual device. But by the time qemuProcessStop is called qemuBuildCommandLine
has already freed actual device, leaving stray macvtap devices behind on error.
So the simplest fix is to remove the networkReleaseActualDevice in
qemuBuildCommandLine. This patch does just that.
Signed-off-by: Roopa Prabhu <roprabhu@cisco.com>
Now, when we support multiple consoles per domain,
the vm->def->console[0] can still remain an alias
for vm->def->serial[0]; However, we need to copy
it's source definition as well otherwise we'll regress
on virDomainOpenConsole.
Mingw32 complains if you request export of a symbol which does
not in fact exist.
* src/libvirt_bridge.syms, src/libvirt_macvtap.syms: Delete
obsolete files
* src/libvirt_private.syms: Remove virNetServerGetDBusConn
* src/libvirt_dbus.syms: Add virNetServerGetDBusConn
lvs outputs "[$lvname_vorigin]" for the virtual snapshot lv
(created with "--virtualsize"), and the original device pointed
by "$lvname_vorigin" is just for lvm internal use, one should
never use it.
Per lvm's nameing rules, "[" is not valid as part of the vg/lv name.
(man 8 lvm).
<quote>
VALID NAMES
The following characters are valid for VG and LV names: a-z A-Z 0-9 + _
. -
VG and LV names cannot begin with a hyphen. There are also various
reserved names that are used internally by lvm that can not be used as
LV or VG names. A VG cannot be called anything that exists in /dev/ at
the time of creation, nor can it be called '.' or '..'. A LV cannot be
called '.' '..' 'snapshot' or 'pvmove'. The LV name may also not con‐
tain the strings '_mlog' or '_mimage'
</quote>
So we can skip the set the lv's backingStore by checking if the name
begins with a "[".
Add documentation for the VLAN filtering support. Describe the XML attributes
that are supported.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
This patch adds support for filtering of VLAN (802.1Q) traffic to the
parser and makes us of the ebtables support for VLAN filtering. This code
now enables the filtering of traffic in chains with prefix 'vlan'.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Xen4.1 initializes some unspecified sexpr config items to an empty
string, unlike previous Xen versions that would leave the item unset.
E.g. the kernel item for an HVM guest (non-direct kernel boot):
Xen4.0 and earlier
...
(image
(hvm
(kernel )
...
Xen4.1
...
(image
(hvm
(kernel '')
...
The empty string for kernel causes some grief in subsequent parsing
where existence of specified kernel is checked, e.g.
if (!def->os.kernel)
...
This patch solves the problem in sexpr_node_copy() by not copying
a node containing an empty string.
I installed the xen development packages on my non-Xen F16 machine
in order to compile-test xen code and ensure we don't break things
on that front, but being a non-xen machine, /usr/sbin/xend is
obviously not running. Unfortunately, xen-4.1.2-1.fc16 has a bug
where merely trying to probe xend status on a non-xen kernel causes
xend to issue an ABRT crash report:
https://bugzilla.redhat.com/show_bug.cgi?id=728696
Even though libvirt (correctly) skips the test, the xend crash report
is unnecessary noise. Fix this by first filtering out non-xen
kernels even before attempting to probe xend. The test still runs
and passes on a RHEL 5 xen kernel after this patch.
* tests/reconnect.c (mymain): Skip xend probe on non-xen kernel.
* tests/statstest.c (mymain): Likewise.
This prepares for subsequent patches which introduce dependence
on cgroup cpuset. Enable cgroup cpuset by default so users don't
have to modify configuration file before encountering a cpuset
error.
The original patch for commit 4789fb2 considered renaming a file,
then backed out the name change, but forgot to back out the POTFILES.in
change, resulting in 'make syntax-check' failure.
This patch adds test cases for parsing of parameters with
multiple occurrances of the same name.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
This patch modifies the NWFilter parameter parser to support multiple
elements with the same name and to internally build a list of items.
An example of the XML looks like this:
<parameter name='TEST' value='10.1.2.3'/>
<parameter name='TEST' value='10.2.3.4'/>
<parameter name='TEST' value='10.1.1.1'/>
The list of values is then stored in the newly introduced data type
virNWFilterVarValue.
The XML formatter is also adapted to print out all items in alphabetical
order sorted by 'name'.
This patch also fixes a bug in the XML schema on the way.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
This patch extends the NWFilter driver for Linux (ebiptables) to create
rules for each member of a previously introduced list. If for example
an attribute value (internally) looks like this:
IP = [10.0.0.1, 10.0.0.2, 10.0.0.3]
then 3 rules will be generated for a rule accessing the variable 'IP',
one for each member of the list. The effect of this is that this now
allows for filtering for multiple values in one field. This can then be
used to support for filtering/allowing of multiple IP addresses per
interface.
An iterator is introduced that extracts each member of a list and
puts it into a hash table which then is passed to the function creating
a rule. For the above example the iterator would cause 3 loops.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
NWFilters can be provided name-value pairs using the following
XML notation:
<filterref filter='xyz'>
<parameter name='PORT' value='80'/>
<parameter name='VAL' value='abc'/>
</filterref>
The internal representation currently is so that a name is stored as a
string and the value as well. This patch now addresses the value part of it
and introduces a data structure for storing a value either as a simple
value or as an array for later support of lists.
This patch adjusts all code that was handling the values in hash tables
and makes it use the new data type.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
This patch adds several aspects of documentation about the network filtering
system:
- chains, chains' priorities and chains' default priorities
- talks about lists of elements, i.e., a variable assigned multiple values
(part of already ACK-ed series)
- already mentions the vlan, stp and mac chains added later on
(https://www.redhat.com/archives/libvir-list/2011-October/msg01238.html)
- mentions limitations of vlan filtering (when sent by VM) on Linux systems
The previous patch extends the priority of filtering rules into negative
numbers. We now use this possibility to interleave the jumping into
chains with filtering rules to for example create the 'root' table of
an interface with the following sequence of rules:
Bridge chain: libvirt-I-vnet0, entries: 6, policy: ACCEPT
-p IPv4 -j I-vnet0-ipv4
-p ARP -j I-vnet0-arp
-p ARP -j ACCEPT
-p 0x8035 -j I-vnet0-rarp
-p 0x835 -j ACCEPT
-j DROP
The '-p ARP -j ACCEPT' rule now appears between the jumps.
Since the 'arp' chain has been assigned priority -700 and the 'rarp'
chain -600, the above ordering can now be achieved with the following
rule:
<rule action='accept' direction='out' priority='-650'>
<mac protocolid='arp'/>
</rule>
This patch now sorts the commands generating the above shown jumps into
chains and interleaves their execution with those for generating rules.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
So far rules' priorities have only been valid in the range [0,1000].
Now I am extending their priority into the range [-1000, 1000] for subsequently
being able to sort rules and the access of (jumps into) chains following
priorities.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
This patch enables chains that have a known prefix in their name.
Known prefixes are: 'ipv4', 'ipv6', 'arp', 'rarp'. All prefixes
are also protocols that can be evaluated on the ebtables level.
Following the prefix they will be automatically connected to an interface's
'root' chain and jumped into following the protocol they evaluate, i.e.,
a table 'arp-xyz' will be accessed from the root table using
ebtables -t nat -A <iface root table> -p arp -j I-<ifname>-arp-xyz
thus generating a 'root' chain like this one here:
Bridge chain: libvirt-O-vnet0, entries: 5, policy: ACCEPT
-p IPv4 -j O-vnet0-ipv4
-p ARP -j O-vnet0-arp
-p 0x8035 -j O-vnet0-rarp
-p ARP -j O-vnet0-arp-xyz
-j DROP
where the chain 'arp-xyz' is accessed for filtering of ARP packets.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
This patch extends the filter XML to support priorities of chains
in the XML. An example would be:
<filter name='allow-arpxyz' chain='arp-xyz' priority='200'>
[...]
</filter>
The permitted values for priorities are [-1000, 1000].
By setting the priority of a chain the order in which it is accessed
from the interface root chain can be influenced.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Use the name of the chain rather than its type index (enum).
This pushes the later enablement of chains with user-given names
into the XML parser. For now we still only allow those names that
are well known ('root', 'arp', 'rarp', 'ipv4' and 'ipv6').
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Use scripts for the renaming and cleaning up of chains. This allows us to get
rid of some of the code that is only capable of renaming and removing chains
whose names are hardcoded.
A shell function 'collect_chains' is introduced that is given the name
of an ebtables chain and then recursively determines the names of all
chains that are accessed from this chain and its sub-chains using 'jumps'.
The resulting list of chain names is then used to delete all the found
chains by first flushing and then deleting them.
The same function is also used for renaming temporary filters to their final
names.
I tested this with the bash and dash as script interpreters.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Use the previously introduced chain priorities to sort the chains for access
from an interface's 'root' table and have them created in the proper order.
This gets rid of a lot of code that was previously creating the chains in a
more hardcoded way.
To determine what protocol a filter is used for evaluation do prefix-
matching, i.e., the filter 'arp' is used to filter for the 'arp' protocol,
'ipv4' for the 'ipv4' protocol and 'arp-xyz' will also be used to filter
for the 'arp' protocol following the prefix 'arp' in its name.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
For better handling of the sorting of chains introduce an internally used
priority. Use a lookup table to store the priorities. For now their actual
values do not matter just that the values cause the chains to be properly
sorted through changes in the following patches. However, the values are
chosen as negative so that once they are sorted along with filtering rules
(whose priority may only be positive for now) they will always be instantiated
before them (lower values cause instantiation before higher values). This
is done to maintain backwards compatibility.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Add a function to the virHashTable for getting an array of the hash table's
key-value pairs and have the keys (optionally) sorted.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
This patch adds support for a systemd init service for libvirtd
and libvirt-guests. The libvirtd.service is *not* written to use
socket activation, since we want libvirtd to start on boot so it
can do guest auto-start.
The libvirt-guests.service is pretty lame, just exec'ing the
original init script for now. Ideally we would factor out the
functionality, into some shared tool.
Instead of
./configure --with-init-script=redhat
You can now do
./configure --with-init-script=systemd
Or better still:
./configure --with-init-script=systemd+redhat
We can also now support install of the upstart init script
* configure.ac: Add systemd, and systemd+redhat options to
--with-init-script option
* daemon/Makefile.am: Install systemd services
* daemon/libvirtd.sysconf: Add note about unused env variable
with systemd
* daemon/libvirtd.service.in: libvirtd systemd service unit
* libvirt.spec.in: Add scripts to installing systemd services
and migrating from legacy init scripts
* tools/Makefile.am: Install systemd services
* tools/libvirt-guests.init.sh: Rename to tools/libvirt-guests.init.in
* tools/libvirt-guests.service.in: systemd service unit
Support creation of macvlan devices for LXC containers. Do not
allow setting of bandwidth controls or vport profiles due to the
complication that there is no host side visible device to work
with.
* src/lxc/lxc_driver.c: Support type=direct interfaces
Update virNetDevMacVLanCreateWithVPortProfile to allow creation
of plain macvlan devices, as well as macvtap devices. The former
is useful for LXC containers
* src/qemu/qemu_command.c: Explicitly request a macvtap device
* src/util/virnetdevmacvlan.c, src/util/virnetdevmacvlan.h: Add
new flag to allow switching between macvlan and macvtap
creation
The current lxcSetupInterfaces() method directly performs setup
of the bridge devices. Since it will shortly need to also create
macvlan devices, move the bridge related code into a separate
method
* src/lxc/lxc_driver.c: Split lxcSetupInterfaces() to create a
new lxcSetupInterfaceBridge()
The virDomainNetGetActualBridgeName and virDomainNetGetActualDirectDev
methods both return strings that point to data in the virDomainDefPtr
struct, and should therefore not be freed. The return values should
thus be 'const char *' not 'char *'.
* src/conf/domain_conf.c, src/conf/domain_conf.h: Mark const
* src/network/bridge_driver.c: Update to use a const char *
Move the ifaceMacvtapLinkDump and ifaceGetNthParent functions
into virnetdevvportprofile.c since they are specific to that
code. This avoids polluting the headers with the Linux specific
netlink data types
* src/util/interface.c, src/util/interface.h: Move
ifaceMacvtapLinkDump and ifaceGetNthParent functions and delete
remaining file
* src/util/virnetdevvportprofile.c: Add ifaceMacvtapLinkDump
and ifaceGetNthParent functions
* src/network/bridge_driver.c, src/nwfilter/nwfilter_gentech_driver.c,
src/nwfilter/nwfilter_learnipaddr.c, src/util/virnetdevmacvlan.c:
Remove include of interface.h
Rename ifaceIsVirtualFunction to virNetDevIsVirtualFunction,
ifaceGetVirtualFunctionIndex to virNetDevGetVirtualFunctionIndex
and ifaceGetPhysicalFunction to virNetDevGetPhysicalFunction
* src/util/interface.c, src/util/interface.h: Rename APIs
* src/util/virnetdevvportprofile.c: Update for API rename
Rename the ifaceCheck method to virNetDevValidateConfig and change
so that it always raises an error and returns -1 on error.
* src/util/interface.c, src/util/interface.h: Rename ifaceCheck
to virNetDevValidateConfig
* src/nwfilter/nwfilter_gentech_driver.c,
src/nwfilter/nwfilter_learnipaddr.c: Update for API rename
To match up with the existing virNetDevSetIPv4Address, rename
ifaceGetIPAddress to virNetDevGetIPv4Address
* util/interface.h, util/interface.c: Rename API
* network/bridge_driver.c: Update for API rename
Rename the ifaceGetIndex method to virNetDevGetIndex and
ifaceGetVlanID to virNetDevGetVLanID. Also change the error
reporting behaviour to always raise errors and return -1 on
failure
* util/interface.c, util/interface.h: Rename ifaceGetIndex
and ifaceGetVLAN
* nwfilter/nwfilter_gentech_driver.c, nwfilter/nwfilter_learnipaddr.c,
nwfilter/nwfilter_learnipaddr.c, util/virnetdevvportprofile.c: Update
for API renames and error handling changes
Move virNetDevReplaceMacAddress and virNetDevRestoreMacAddress
to the virnetdev.c file where they naturally belong
* util/interface.c, util/interface.h: Remove
virNetDevReplaceMacAddress and virNetDevRestoreMacAddress
* util/virnetdev.c, util/virnetdev.h: Add
virNetDevReplaceMacAddress and virNetDevRestoreMacAddress
Rename ifaceReplaceMacAddress to virNetDevReplaceMacAddress
and ifaceRestoreMacAddress to virNetDevRestoreMacAddress.
* util/interface.c, util/interface.h, util/virnetdevmacvlan.c:
Rename APIs
Move the low level macvlan creation APIs into the
virnetdevmacvlan.c file where they more naturally
belong
* util/interface.c, util/interface.h: Remove virNetDevMacVLanCreate
and virNetDevMacVLanDelete
* util/virnetdevmacvlan.c, util/virnetdevmacvlan.h: Add
virNetDevMacVLanCreate and virNetDevMacVLanDelete
Rename ifaceMacvtapLinkAdd to virNetDevMacVLanCreate and
ifaceLinkDel to virNetDevMacVLanDelete. Strictly speaking
the latter isn't restricted to macvlan devices, but that's
the only use libvirt has for it.
* util/interface.c, util/interface.h,
util/virnetdevmacvlan.c: Rename APIs
Rename virNetDevMacVLanCreate to virNetDevMacVLanCreateWithVPortProfile
and virNetDevMacVLanDelete to virNetDevMacVLanDeleteWithVPortProfile
To make way for renaming the other macvlan creation APIs in
interface.c
* util/virnetdevmacvlan.c, util/virnetdevmacvlan.h,
qemu/qemu_command.c, qemu/qemu_hotplug.c, qemu/qemu_process.c:
Rename APIs
Rename the macvtap.c file to virnetdevmacvlan.c to reflect its
functionality. Move the port profile association code out into
virnetdevvportprofile.c. Make the APIs available unconditionally
to callers
* src/util/macvtap.h: rename to src/util/virnetdevmacvlan.h,
* src/util/macvtap.c: rename to src/util/virnetdevmacvlan.c
* src/util/virnetdevvportprofile.c, src/util/virnetdevvportprofile.h:
Pull in vport association code
* src/Makefile.am, src/conf/domain_conf.h, src/qemu/qemu_conf.c,
src/qemu/qemu_conf.h, src/qemu/qemu_driver.c: Update include
paths & remove conditional compilation
In preparation for code re-organization, rename the Macvtap
management APIs to have the following patterns
virNetDevMacVLanXXXXX - macvlan/macvtap interface management
virNetDevVPortProfileXXXX - virtual port profile management
* src/util/macvtap.c, src/util/macvtap.h: Rename APIs
* src/conf/domain_conf.c, src/network/bridge_driver.c,
src/qemu/qemu_command.c, src/qemu/qemu_command.h,
src/qemu/qemu_driver.c, src/qemu/qemu_hotplug.c,
src/qemu/qemu_migration.c, src/qemu/qemu_process.c,
src/qemu/qemu_process.h: Update for renamed APIs
Add routines to generate -numa QEMU command line option based on
<numa> ... </numa> XML specifications.
Signed-off-by: Bharata B Rao <bharata@linux.vnet.ibm.com>
This patch adds XML definitions for guest NUMA specification and contains
routines to parse the same. The guest NUMA specification looks like this:
<cpu>
...
<topology sockets='2' cores='4' threads='2'/>
<numa>
<cell cpus='0-7' memory='512000'/>
<cell cpus='8-15' memory='512000'/>
</numa>
...
</cpu>
Signed-off-by: Bharata B Rao <bharata@linux.vnet.ibm.com>
For whatever reason, the kernel allows you to create a regular
file named /dev/sdc.12345; although this file will disappear the
next time devtmpfs is remounted. If you let libvirt generate
the name of the external snapshot for a disk image originally
using the block device /dev/sdc, then the domain will be rendered
unbootable once the qcow2 file is lost on the next devtmpfs
remount. In this case, the user should have used 'virsh
snapshot-create --xmlfile' or 'virsh snapshot-create-as --diskspec'
to specify the name for the qcow2 file in a sane location, rather
than relying on libvirt generating a name that is most likely to
be wrong. We can help avoid naive mistakes by enforcing that
the user provide the external name for any backing file that is
not a regular file.
* src/conf/domain_conf.c (virDomainSnapshotAlignDisks): Only
generate names if backing file exists as regular file.
Reported by MATSUDA Daiki.
I missed adding virNetServerGetDBusConn() to libvirtd_private.syms
in commit b8adfcc6, which didn't cause a problem in 0.9.6 but
results in this build error in 0.9.7
libvirtd-remote.o: In function `remoteDispatchAuthPolkit':
remote.c:(.text+0x188dd): undefined reference to `virNetServerGetDBusConn'
One of the top questions by libvirt users is how to create a host
bridge device so that guests can be directly on the physical
network. There are several example documents that explain how to do
this manually, but following them often results in confusion and
failure. virt-manager does a good job of creating a bridge based on an
existing network device, but not everyone wants to use virt-manager.
This patch adds a new command, iface-bridge that makes it just about
as simple as possible to create a new bridge device based on an
existing ethernet/vlan/bond device (including associating IP
configuration with the bridge rather than the now-attached device),
and start that new bridge up ready for action, eg:
virsh iface-bridge eth0 br0
For symmetry's sake, it also adds a command to remove a device from a
bridge, restoring the IP config to the now-unattached device:
virsh iface-unbridge br0
(I had a short debate about whether to do "iface-unbridge eth0"
instead, but that would involve searching through all bridge devices
for the one that contained eth0, which seems like a bit too much
trouble).
NOTE: These two commands require that the netcf library be available
on the host. Hopefully this will provide some extra incentive for
people using suse, debian, ubuntu, and other similar systems to polish
up (and push downstream) the ports to those distros recently pushed to
the upstream netcf repo by Dan Berrange. Anyone interested in helping
with that effort in any way should join the netcf-devel mailing list
(subscription info at
https://fedorahosted.org/mailman/listinfo/netcf-devel)
During creation of the bridge, it's possible to specify whether or not
the STP protocol should be started up on the bridge and, if so, how
many seconds the bridge should squelch traffic from newly added
devices while learning new topology (defaults are stp='on' and
delay='0', which seems to usually work best for bridges used in the
context of libvirt guests).
There is also an option to not immediately start the bridge (and a
similar option to not immediately start the un-attached device after
destroying the bridge. Default is to start the new device, because in
the case of iface-unbridge not starting is strongly discouraged as it
will leave the system with no network connectivity on that interface
(because it's necessary to destroy/undefine the bridge device before
the unattached device can be defined), and it seemed better to make
the option for iface-bridge behave consistently.
NOTE TO THOSE TRYING THESE COMMANDS FOR THE FIRST TIME: to guard
against any "unexpected" change to configuration, it is advisable to
issue an "virsh iface-begin" command before starting any interface
config changes, and "virsh iface-commit" only after you've verified
that everything is working as you expect. If something goes wrong,
you can always run "virsh iface-rollback" or reboot the system (which
should automatically do iface-rollback).
Aside from adding the code for these two functions, and the two
entries into the command table, the only other change to virsh.c was
to add the option name to vshCommandOptInterfaceBy(), because the
iface-unbridge command names its interface option as "bridge".
virsh.pod has also been updated with short descriptions of these two
new commands.
Due to the asynchronous nature of streams, we might continue to
receive some stream packets from the server even after we have
shutdown the stream on the client side. These should be discarded
silently, rather than raising an error in the RPC layer.
* src/rpc/virnetclient.c: Discard stream data silently
Very occasionally the sequence of events from poll would result
in getting a HANGUP on its own, instead of a HANGUP+READABLE
at the same time. In the former case we would send back an error
event to the client, but never send the empty packet to indicate
EOF.
Add a new virNetClientSendNonBlock which returns 2 on
full send, 1 on partial send, 0 on no send, -1 on error
If a partial send occurs, then a subsequent call to any
of the virNetClientSend* APIs will finish any outstanding
I/O.
TODO: the virNetClientEvent event handler could be used
to speed up completion of partial sends if an event loop
is present.
* src/rpc/virnetsocket.h, src/rpc/virnetsocket.c: Add new
virNetSocketHasPendingData() API to test for cached
data pending send.
* src/rpc/virnetclient.c, src/rpc/virnetclient.h: Add new
virNetClientSendNonBlock() API to send non-blocking API
Stop multiplexing virNetClientSend for two different purposes,
instead add virNetClientSendWithReply and virNetClientSendNoReply
* src/rpc/virnetclient.c, src/rpc/virnetclient.h: Replace
virNetClientSend with virNetClientSendWithReply and
virNetClientSendNoReply
* src/rpc/virnetclientprogram.c, src/rpc/virnetclientstream.c:
Update for new API names
Remove some duplication by pulling the code for passing the
buck out into a helper method
* src/rpc/virnetclient.c: Introduce virNetClientIOEventLoopPassTheBuck
Instead of inferring whether the buck is held from the waitDispatch
pointer, use an explicit 'bool haveTheBuck' field
* src/rpc/virnetclient.c: Explicitly track the buck
Directly messing around with the linked list is potentially
dangerous. Introduce some helper APIs to deal with list
manipulating the list
* src/rpc/virnetclient.c: Create linked list handlers
This improves the support for qemu rbd devices by adding support for a few
key features (e.g., authentication) and cleaning up the way in which
rbd configuration options are passed to qemu.
An <auth> member of the disk source xml specifies how librbd should
authenticate. The username attribute is the Ceph/RBD user to authenticate as.
The usage or uuid attributes specify which secret to use. Usage is an
arbitrary identifier local to libvirt.
The old RBD support relied on setting an environment variable to
communicate information to qemu/librbd. Instead, pass those options
explicitly to qemu. Update the qemu argument parsing and tests
accordingly.
Signed-off-by: Sage Weil <sage@newdream.net>
Signed-off-by: Josh Durgin <josh.durgin@dreamhost.com>
I missed adding libvirt_driver_remote.la to libvirtd_LDADD in
commit b8adfcc6, which didn't cause a problem in 0.9.6 but
results in this build error in 0.9.7
libvirtd-remote.o: In function `remoteDispatchAuthPolkit':
remote.c:(.text+0x188dd): undefined reference to `virNetServerGetDBusConn'
Replacing the strchr call with two variables through a strstr call.
Calling strchr with two variables triggers a gcc 4.3/4.4
bug when used in combination with -Wlogical-op and at least -O1.
The ifaceSetMac and ifaceGetMac APIs duplicate the functionality
of the virNetDevSetMAC and virNetDevGetMAC APIs, but returning
errno's instead of raising errors.
* src/util/interface.c, src/util/interface.h: Remove
ifaceSetMac and ifaceGetMac APIs, adjusting callers
for new error behaviour
The ifaceUp, ifaceDown, ifaceCtrl & ifaceIsUp APIs can be replaced
with calls to virNetDevSetOnline and virNetDevIsOnline
* src/util/interface.c, src/util/interface.h: Delete ifaceUp,
ifaceDown, ifaceCtrl & ifaceIsUp
* src/nwfilter/nwfilter_gentech_driver.c, src/util/macvtap.c:
Update to use virNetDevSetOnline and virNetDevIsOnline
Move the virNetDevSetName and virNetDevSetNamespace APIs out
of LXC's veth.c and into virnetdev.c.
Move the remaining content of the file to src/util/virnetdevveth.c
* src/lxc/veth.c: Rename to src/util/virnetdevveth.c
* src/lxc/veth.h: Rename to src/util/virnetdevveth.h
* src/util/virnetdev.c, src/util/virnetdev.h: Add
virNetDevSetName and virNetDevSetNamespace
* src/lxc/lxc_container.c, src/lxc/lxc_controller.c,
src/lxc/lxc_driver.c: Update include paths
The src/lxc/veth.c file contains APIs for managing veth devices,
but some of the APIs duplicate stuff from src/util/virnetdev.h.
Delete thed duplicate APIs and rename the remaining ones to
follow virNetDevVethXXXX
* src/lxc/veth.c, src/lxc/veth.h: Rename APIs & delete duplicates
* src/lxc/lxc_container.c, src/lxc/lxc_controller.c,
src/lxc/lxc_driver.c: Update for API renaming
The src/util/network.c file is a dumping ground for many different
APIs. Split it up into 5 pieces, along functional lines
- src/util/virnetdevbandwidth.c: virNetDevBandwidth type & helper APIs
- src/util/virnetdevvportprofile.c: virNetDevVPortProfile type & helper APIs
- src/util/virsocketaddr.c: virSocketAddr and APIs
- src/conf/netdev_bandwidth_conf.c: XML parsing / formatting
for virNetDevBandwidth
- src/conf/netdev_vport_profile_conf.c: XML parsing / formatting
for virNetDevVPortProfile
* src/util/network.c, src/util/network.h: Split into 5 pieces
* src/conf/netdev_bandwidth_conf.c, src/conf/netdev_bandwidth_conf.h,
src/conf/netdev_vport_profile_conf.c, src/conf/netdev_vport_profile_conf.h,
src/util/virnetdevbandwidth.c, src/util/virnetdevbandwidth.h,
src/util/virnetdevvportprofile.c, src/util/virnetdevvportprofile.h,
src/util/virsocketaddr.c, src/util/virsocketaddr.h: New pieces
* daemon/libvirtd.h, daemon/remote.c, src/conf/domain_conf.c,
src/conf/domain_conf.h, src/conf/network_conf.c,
src/conf/network_conf.h, src/conf/nwfilter_conf.h,
src/esx/esx_util.h, src/network/bridge_driver.c,
src/qemu/qemu_conf.c, src/rpc/virnetsocket.c,
src/rpc/virnetsocket.h, src/util/dnsmasq.h, src/util/interface.h,
src/util/iptables.h, src/util/macvtap.c, src/util/macvtap.h,
src/util/virnetdev.h, src/util/virnetdevtap.c,
tools/virsh.c: Update include files
The virtual port profile parsing/formatting APIs do not
correctly handle unknown profile type strings/numbers.
They behave as a no-op, instead of raising an error
* src/util/network.c, src/util/network.h: Fix error
handling of port profile APIs
* src/conf/domain_conf.c, src/conf/network_conf.c: Update
for API changes
Rename the virVirtualPortProfileParams struct to be
virNetDevVPortProfile, and rename the APIs to match
this prefix.
* src/util/network.c, src/util/network.h: Rename port profile
APIs
* src/conf/domain_conf.c, src/conf/domain_conf.h,
src/conf/network_conf.c, src/conf/network_conf.h,
src/network/bridge_driver.c, src/qemu/qemu_hotplug.c,
src/util/macvtap.c, src/util/macvtap.h: Update for
renamed APIs/structs
Hi
Commit c31d23a787 removed the "conn"
parameter from qemuPhysIfaceConnect(), but it's still used if
WITH_MACVTAP is false. Also, it's still mentioned in the comment
above the function:
/**
* qemuPhysIfaceConnect:
* @def: the definition of the VM (needed by 802.1Qbh and audit)
* @conn: pointer to virConnect object
* @driver: pointer to the qemud_driver
* @net: pointer to he VM's interface description with direct device type
* @qemuCaps: flags for qemu
*
* Returns a filedescriptor on success or -1 in case of error.
*/
int
qemuPhysIfaceConnect(virDomainDefPtr def,
struct qemud_driver *driver,
virDomainNetDefPtr net,
virBitmapPtr qemuCaps,
enum virVMOperationType vmop)
{
int rc;
#if WITH_MACVTAP
[...]
#else
(void)def;
(void)conn;
(void)net;
(void)qemuCaps;
(void)driver;
(void)vmop;
qemuReportError(VIR_ERR_INTERNAL_ERROR,
"%s", _("No support for macvtap device"));
rc = -1;
#endif
return rc;
}
--
Michael Wood <esiotrot@gmail.com>
From f4fc43b4111a4c099395c55902e497b8965e2b53 Mon Sep 17 00:00:00 2001
From: Michael Wood <esiotrot@gmail.com>
Date: Sat, 12 Nov 2011 13:37:53 +0200
Subject: [PATCH] Fix build without MACVTAP.
which would blow away all volumes. Honor VIR_STORAGE_POOL_BUILD_OVERWRITE
to force a rebuild.
This was caught by libvirt-tck's storage/110-disk-pool.t.
Qemu will be the first driver to make use of a typed string in the
next round of additions. Separate out the trivial addition.
* src/qemu/qemu_driver.c (qemudSupportsFeature): Advertise feature.
(qemuDomainGetBlkioParameters, qemuDomainGetMemoryParameters)
(qemuGetSchedulerParametersFlags, qemudDomainBlockStatsFlags):
Allow typed strings flag where trivially supported.
Send and receive string typed parameters across RPC. This also
completes the back-compat mentioned in the previous patch - the
only time we have an older client talking to a newer server is
if RPC is in use, so filtering out strings during RPC prevents
returning an unknown type to the older client.
* src/remote/remote_protocol.x (remote_typed_param_value): Add
another union value.
* daemon/remote.c (remoteDeserializeTypedParameters): Handle
strings on rpc.
(remoteSerializeTypedParameters): Likewise; plus filter out
strings when replying to older clients. Adjust callers.
* src/remote/remote_driver.c (remoteFreeTypedParameters)
(remoteSerializeTypedParameters)
(remoteDeserializeTypedParameters): Handle strings on rpc.
* src/rpc/gendispatch.pl: Properly clean up typed arrays.
* src/remote_protocol-structs: Update.
Based on an initial patch by Hu Tao, with feedback from
Daniel P. Berrange.
Signed-off-by: Eric Blake <eblake@redhat.com>
This allows strings to be transported between client and server
in the context of name-type-value virTypedParameter functions.
For compatibility,
o new clients will not send strings to old servers, based on
a feature check
o new servers will not send strings to old clients without the
flag VIR_TYPED_PARAM_STRING_OKAY; this will be enforced at
the RPC layer in the next patch, so that drivers need not
worry about it in general. The one exception is that
virDomainGetSchedulerParameters lacks a flags argument, so
it must not return a string; drivers that forward that
function on to virDomainGetSchedulerParametersFlags will
have to pay attention to the flag.
o the flag VIR_TYPED_PARAM_STRING_OKAY is set automatically,
based on a feature check (so far, no driver implements it),
so clients do not have to worry about it
Future patches can then enable the feature on a per-driver basis.
This patch also ensures that drivers can blindly strdup() field
names (previously, a malicious client could stuff 80 non-NUL bytes
into field and cause a read overrun).
* src/libvirt_internal.h (VIR_DRV_FEATURE_TYPED_PARAM_STRING): New
driver feature.
* src/libvirt.c (virTypedParameterValidateSet)
(virTypedParameterSanitizeGet): New helper functions.
(virDomainSetMemoryParameters, virDomainSetBlkioParameters)
(virDomainSetSchedulerParameters)
(virDomainSetSchedulerParametersFlags)
(virDomainGetMemoryParameters, virDomainGetBlkioParameters)
(virDomainGetSchedulerParameters)
(virDomainGetSchedulerParametersFlags, virDomainBlockStatsFlags):
Use them.
* src/util/util.h (virTypedParameterArrayClear): New helper
function.
* src/util/util.c (virTypedParameterArrayClear): Implement it.
* src/libvirt_private.syms (util.h): Export it.
Based on an initial patch by Hu Tao, with feedback from
Daniel P. Berrange.
Signed-off-by: Eric Blake <eblake@redhat.com>
Add virnetdev.h,virnetdevbridge.h,virnetdevtap.h to private symbols,
since debian linker no longer allows transitive link resolution
Signed-off-by: Eli Qiao <taget@linux.vnet.ibm.com>
This reverts commit ef1065cf5ac; see also this bug report:
https://bugzilla.redhat.com/show_bug.cgi?id=751900
In qemu 0.15.1 and earlier, during migration to file, the
qemu_savevm_state_begin and qemu_savevm_state_iterate methods
will both process as much migration data as possible until either
1. The file descriptor returns EAGAIN
2. The bandwidth rate limit is reached
If we set the rate limit to ULONG_MAX, test 2 never becomes true. We're
passing a plain file descriptor to QEMU and POSIX does not support EAGAIN on
regular files / block devices, so test 1 never becomes true either.
In the 'virsh save --bypass-cache' case, we pass a pipe instead of a
regular fd, but using a pipe adds I/O overhead, so always passing a
pipe just so qemu can see EAGAIN doesn't seem nice.
The ultimate fix needs to come from qemu - background migration must
respect asynchronous abort requests, or else periodically return
control to the main handling loop without an EAGAIN and without
waiting to hit an insanely large amount of data. But until a
version of qemu is fixed to support "unlimited" data rates while
still allowing cancellation, the best we can do is avoid the
automatic use of unlimited rates from within libvirt (users can
still explicitly change the migration rates, if they are aware that
they are giving up the ability to cancel a job).
Reverting the lone use of QEMU_DOMAIN_FILE_MIG_BANDWIDTH_MAX is
the simplest patch; this slows migration back down to a default
32M/sec cap, but also ensures that the main qemu processing loop
will still be responsive to cancellation requests. Hopefully
upstream qemu will provide us a means of safely using unlimited
speed, including a runtime probe of that capability.
* src/qemu/qemu_migration.c (qemuMigrationToFile): Revert attempt
to use unlimited migration bandwidth when migrating to file.
Signed-off-by: Daniel Veillard <veillard@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
steps to reproduce:
1. having a network xml file(named default.xml) like this one:
<network>
<name>default</name>
<uuid>c5322c4c-81d0-4985-a363-ad6389780d89</uuid>
<bridge name="virbr0" />
<forward/>
<ip address="192.168.122.1" netmask="255.255.255.0">
<dhcp>
<range start="192.168.122.2" end="192.168.122.254" />
</dhcp>
</ip>
</network>
in /etc/libvirt/qemu/networks/, and mark it as autostart:
$ ls -l /etc/libvirt/qemu/networks/autostart
total 0
lrwxrwxrwx 1 root root 14 Oct 12 14:02 default.xml -> ../default.xml
2. start libvirtd and the device virbr0 is not automatically up.
The reason is that the function virNetDevExists is now returns 1 if
the device exists, comparing to the former one returns 0 if the device
exists. But with only this fix will cause a segmentation fault(the same
steps as above) that is fixed by the second chunk of code.
CC libvirt_driver_xenapi_la-xenapi_driver.lo
xenapi/xenapi_driver.c: In function 'xenapiDomainGetVcpus':
xenapi/xenapi_driver.c:1209:21: error: variable 'cpus' set but not used [-Werror=unused-but-set-variable]
* src/xenapi/xenapi_driver.c (xenapiDomainGetVcpus): Silence
compiler warning.
It's not worth even worrying about a temporary file, unless we
ever expect the script to exceed maximum command-line argument
length limits.
* src/nwfilter/nwfilter_ebiptables_driver.c (ebiptablesExecCLI):
Run the commands as an argument to /bin/sh, rather than worrying
about a temporary file.
(ebiptablesWriteToTempFile): Delete unused function.
If /tmp is mounted with the noexec flag (common on security-conscious
systems), then nwfilter will fail to initialize, because we cannot
run any temporary script via virRun("/tmp/script"); but we _can_
use "/bin/sh /tmp/script". For that matter, using /tmp risks collisions
with other unrelated programs; we already have /var/run/libvirt as a
dedicated temporary directory for use by libvirt.
* src/nwfilter/nwfilter_ebiptables_driver.c
(ebiptablesWriteToTempFile): Use internal directory, not /tmp;
drop attempts to make script executable; and detect close error.
(ebiptablesExecCLI): Switch to virCommand, and invoke the shell to
read the script, rather than requiring an executable script.
The socket address APIs in src/util/network.h either take the
form virSocketAddrXXX, virSocketXXX or virSocketXXXAddr.
Sanitize this so everything is virSocketAddrXXXX, and ensure
that the virSocketAddr parameter is always the first one.
* src/util/network.c, src/util/network.h: Santize socket
address API naming
* src/conf/domain_conf.c, src/conf/network_conf.c,
src/conf/nwfilter_conf.c, src/network/bridge_driver.c,
src/nwfilter/nwfilter_ebiptables_driver.c,
src/nwfilter/nwfilter_learnipaddr.c,
src/qemu/qemu_command.c, src/rpc/virnetsocket.c,
src/util/dnsmasq.c, src/util/iptables.c,
src/util/virnetdev.c, src/vbox/vbox_tmpl.c: Update for
API renaming
Following the renaming of the bridge management APIs, we can now
split the source file into 3 corresponding pieces
* src/util/virnetdev.c: APIs for any type of network interface
* src/util/virnetdevbridge.c: APIs for bridge interfaces
* src/util/virnetdevtap.c: APIs for TAP interfaces
* src/util/virnetdev.c, src/util/virnetdev.h,
src/util/virnetdevbridge.c, src/util/virnetdevbridge.h,
src/util/virnetdevtap.c, src/util/virnetdevtap.h: Copied
from bridge.{c,h}
* src/util/bridge.c, src/util/bridge.h: Split into 3 pieces
* src/lxc/lxc_driver.c, src/network/bridge_driver.c,
src/openvz/openvz_driver.c, src/qemu/qemu_command.c,
src/qemu/qemu_conf.h, src/uml/uml_conf.c, src/uml/uml_conf.h,
src/uml/uml_driver.c: Update #include directives
Convert the virNetDevBridgeSetSTP and virNetDevBridgeSetSTPDelay
to use ioctls instead of spawning brctl.
Implement the virNetDevBridgeGetSTP and virNetDevBridgeGetSTPDelay
methods which were declared in the header but never existed
* src/util/bridge.c: Convert to use bridge ioctls instead of brctl
The MTU management APIs are useful to other code inside libvirt,
so should be exposed as non-static APIs.
* src/util/bridge.c, src/util/bridge.h: Expose virNetDevSetMTU,
virNetDevSetMTUFromDevice & virNetDevGetMTU
The existing brXXX APIs in src/util/bridge.h are renamed to
follow one of three different conventions
- virNetDevXXX - operations for any type of interface
- virNetDevBridgeXXX - operations for bridge interfaces
- virNetDevTapXXX - operations for tap interfaces
* src/util/bridge.h, src/util/bridge.c: Rename all APIs
* src/lxc/lxc_driver.c, src/network/bridge_driver.c,
src/qemu/qemu_command.c, src/uml/uml_conf.c,
src/uml/uml_driver.c: Update for API renaming
Currently every caller of the brXXX APIs has to store the returned
errno value and then raise an error message. This results in
inconsistent error messages across drivers, additional burden on
the callers and makes the error reporting inaccurate since it is
hard to distinguish different scenarios from 1 errno value.
* src/util/bridge.c: Raise errors instead of returning errnos
* src/lxc/lxc_driver.c, src/network/bridge_driver.c,
src/qemu/qemu_command.c, src/uml/uml_conf.c,
src/uml/uml_driver.c: Remove error reporting code
The bridge management APIs in src/util/bridge.c require a brControl
object to be passed around. This holds the file descriptor for the
control socket. This extra object complicates use of the API for
only a minor efficiency gain, which is in turn entirely offset by
the need to fork/exec the brctl command for STP configuration.
This patch removes the 'brControl' object entirely, instead opening
the control socket & closing it again within the scope of each method.
The parameter names for the APIs are also made to consistently use
'brname' for bridge device name, and 'ifname' for an interface
device name. Finally annotations are added for non-NULL parameters
and return check validation
* src/util/bridge.c, src/util/bridge.h: Remove brControl object
and update API parameter names & annotations.
* src/lxc/lxc_driver.c, src/network/bridge_driver.c,
src/uml/uml_conf.h, src/uml/uml_conf.c, src/uml/uml_driver.c,
src/qemu/qemu_command.c, src/qemu/qemu_conf.h,
src/qemu/qemu_driver.c: Remove reference to 'brControl' object
Commit f7bd00c12 pulled in a gnulib module that fails to compile
on mingw. Work around it while waiting for an upstream gnulib fix.
* gnulib/local/lib/pty.in.h (openpty): Provide forward
declarations of opaque structs not present on mingw.
* gnulib/local/lib/openpty.c (openpty): Provide stub for mingw.
Commit f7bd00c12 pulled in a gnulib module that fails to compile
on mingw. While it would be nice to pull in a newer version of
.gnulib that fixes this, it is difficult to backport any .gnulib
update to older releases. So, it makes sense to take advantage
of gnulib-tool's ability to support local diffs, where we can
apply specific diffs in our use of gnulib without waiting for
upstream gnulib to pick up those changes, as well as avoiding
a wholesale .gnulib update. The existence of local diffs will
also make it easier to backport fixes against a tarball (as long
as a tarball and libvirt.git share the same .gnulib commit, then
the tarball can be patched by applying the same local diffs as
a post-release libvirt.git commit, without having to rerun an
entire gnulib-tool bootstrap).
This patch introduces the framework for supporting local diffs,
without actually introducing any.
* bootstrap.conf (local_gl_dir): New variable.
* autogen.sh (bootstrap_hash): Hash any local diffs, to force a
re-bootstrap if just diffs change.
* cfg.mk (_update_required): Likewise.
As the description of removing CDROM media from
http://wiki.libvirt.org/page/QEMUSwitchToLibvirt#eject_DEV
Add flag 'VSH_OFLAG_EMPTY_OK' to the option 'source' of attach-disk
Then avoid outputting <source> in the XML if 'source' was empty,
rather than trusting libvirt domain_conf.c to understand an empty
string.
Signed-off-by: Xu He Jie <xuhj@linux.vnet.ibm.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
MacOS lacks ptsname_r, and gnulib doesn't (yet) provide it.
But we can avoid it altogether, by using gnulib openpty()
instead. Note that we do _not_ want the pt_chown module;
gnulib uses it only to implement a replacement openpty() if
the system lacks both openpty() and granpt(), but all
systems that we currently port to either have at least one of
openpty() and/or grantpt(), or lack ptys altogether. That is,
we aren't porting to any system that requires us to deal with
the hassle of installing a setuid pt_chown helper just to use
gnulib's ability to provide openpty() on obscure platforms.
* .gnulib: Update to latest, for openpty fixes
* bootstrap.conf (gnulib_modules): Add openpty, ttyname_r.
(gnulib_tool_option_extras): Exclude pt_chown module.
* src/util/util.c (virFileOpenTty): Rewrite in terms of openpty
and ttyname_r.
* src/util/util.h (virFileOpenTtyAt): Delete dead prototype.
Every instance of virCapsPtr must have the defaultConsoleTargetType
field set.
* src/security/virt-aa-helper.c: Add defaultConsoleTargetType to
virCapsPtr
The code calling sendfd/recvfd was mistakenly assuming those
calls would never block. They can in fact return EAGAIN and
this is causing us to drop the client connection when blocking
ocurrs while sending/receiving FDs.
Fixing this is a little hairy on the incoming side, since at
the point where we see the EAGAIN, we already thought we had
finished receiving all data for the packet. So we play a little
trick to reset bufferOffset again and go back into polling for
more data.
* src/rpc/virnetsocket.c, src/rpc/virnetsocket.h: Update
virNetSocketSendFD/RecvFD to return 0 on EAGAIN, or 1
on success
* src/rpc/virnetclient.c: Move decoding of header & fds
out of virNetClientCallDispatch and into virNetClientIOHandleInput.
Handling blocking when sending/receiving FDs
* src/rpc/virnetmessage.h: Add a 'donefds' field to track
how many FDs we've sent / received
* src/rpc/virnetserverclient.c: Handling blocking when
sending/receiving FDs
Building on 64-bit FreeBSD 8.2 complained about a cast between
a pointer and a smaller integer. Going through an intermediate
cast shuts up the compiler.
* src/util/threads-pthread.c (virThreadSelfID): Silence a warning.
While building on FreeBSD (and after fixing a ptsname_r link error),
I got this failure:
./.libs/libvirt_util.a(libvirt_util_la-threads.o)(.text+0x240): In function `virThreadCreate':
util/threads-pthread.c:185: undefined reference to `pthread_create'
It turns out that gnulib used only pthread_join for LIB_PTHREAD,
but on FreeBSD, libc provides that (as a stub function); whereas
the more complex pthread_create really does require -pthread,
which gnulib tracked under [LT]LIBMULTITHREAD.
* configure.ac (LIBS): Check LIBMULTITHREAD alongside LIB_PTHREAD.
* src/Makefile.am (THREAD_LIBS): New variable.
(libvirt_util_la_LIBADD, libvirt_lxc_LDADD): Use it.
I got this weird failure:
error: Failed to start domain simple
error: internal error cannot mix caller fds with blocking execution
and tracked it down to a use-after-free - virCommandSetOutputFD
was storing the address of a stack-local variable, which then
went out of scope before the virCommandRun that dereferenced it.
Bug introduced in commit 451cfd05 (0.9.2).
* src/lxc/lxc_driver.c (lxcBuildControllerCmd): Move log fd
registration...
(lxcVmStart): ...to caller.
All constants related to events should have a prefix of
VIR_DOMAIN_EVENT_
* include/libvirt/libvirt.h.in, src/qemu/qemu_domain.c:
Rename VIR_DOMAIN_DISK_CHANGE_MISSING_ON_START to
VIR_DOMAIN_EVENT_DISK_CHANGE_MISSING_ON_START
I ran into the following build failure:
$ mkdir -p build1 build2/a/very/deep/hierarcy
$ cd build2/a/very/deep/hierarcy
$ ../../../../../configure && make
$ cd ../../../../build1
$ ../configure && make
...
../../src/remote/remote_protocol.c:7:55: fatal error: ../../../../../src/remote/remote_protocol.h: No such file or directory
Turns out that we were sometimes generating the remote_protocol.c
file with information from the VPATH build, which is bad, since
any file shipped in the tarball should be idempotent no matter how
deep the VPATH build tree that created it.
* src/rpc/genprotocol.pl: Don't embed VPATH into generated file.
Based on a Coverity report - the return value of waitpid() should
always be checked, to avoid problems with leaking resources.
* src/lxc/lxc_controller.c (lxcControllerRun): Use simpler virPidAbort.
The default console type may vary based on the OS type. ie a Xen
paravirt guests wants a 'xen' console, while a fullvirt guests
wants a 'serial' console.
A plain integer default console type in the capabilities does
not suffice. Instead introduce a callback that is passed the
OS type.
* src/conf/capabilities.h: Use a callback for default console
type
* src/conf/domain_conf.c, src/conf/domain_conf.h: Use callback
for default console type. Add missing LXC/OpenVZ console types.
* src/esx/esx_driver.c, src/libxl/libxl_conf.c,
src/lxc/lxc_conf.c, src/openvz/openvz_conf.c,
src/phyp/phyp_driver.c, src/qemu/qemu_capabilities.c,
src/uml/uml_conf.c, src/vbox/vbox_tmpl.c,
src/vmware/vmware_conf.c, src/xen/xen_hypervisor.c,
src/xenapi/xenapi_driver.c: Set default console type callback
To allow virDomainOpenConsole to access non-primary consoles,
device aliases are required to be set. Until now only the QEMU
driver has done this. Update LXC & UML to set aliases for any
console devices
* src/lxc/lxc_driver.c, src/uml/uml_driver.c: Set aliases
for console devices
When no <target> element was set at all, the default console
target type was not being honoured
* src/conf/domain_conf.c: Set default target type for consoles
with no <target>
Currently the LXC controller only supports setup of a single
text console. This is wired up to the container init's stdio,
as well as /dev/console and /dev/tty1. Extending support for
multiple consoles, means wiring up additional PTYs to /dev/tty2,
/dev/tty3, etc, etc. The LXC controller is passed multiple open
file handles, one for each console requested.
* src/lxc/lxc_container.c, src/lxc/lxc_container.h: Wire up
all the /dev/ttyN links required to symlink to /dev/pts/NN
* src/lxc/lxc_container.h: Open more container side /dev/pts/NN
devices, and adapt event loop to handle I/O from all consoles
* src/lxc/lxc_driver.c: Setup multiple host side PTYs
The current I/O code for LXC uses a hand crafted event loop
to forward I/O between the container & host app, based on
epoll to handle EOF on PTYs. This event loop is not easily
extensible to add more consoles, or monitor other types of
file descriptors.
Remove the custom event loop and replace it with a normal
libvirt event loop. When detecting EOF on a PTY, disable
the event watch on that FD, and fork off a background thread
that does a edge-triggered epoll() on the FD. When the FD
finally shows new incoming data, the thread re-enables the
watch on the FD and exits.
When getting EOF from a read() on the PTY, the existing code
would do waitpid(WNOHANG) to see if the container had exited.
Unfortunately there is a race condition, because even though
the process has closed its stdio handles, it might still
exist.
To deal with this the new event loop uses a SIG_CHILD handler
to perform the waitpid only when the container is known to
have actually exited.
* src/lxc/lxc_controller.c: Rewrite the event loop to use
the standard APIs.
qemuBuildVirtioSerialPortDevStr was mistakenly accessing the
target.name field in the virDomainChrDef object for chardevs
belonging to a console. Those chardevs only have port set,
and if there's > 1 console, the > 1port number results in
trying to access a target.name with address 0x1
* src/qemu/qemu_command.c: Fix target.name handling and
make code more robust wrt error reporting
* src/qemu/qemu_command.c: Conditionally access target.name
While Xen only has a single paravirt console, UML, and
QEMU both support multiple paravirt consoles. The LXC
driver can also be trivially made to support multiple
consoles. This patch extends the XML to allow multiple
<console> elements in the XML. It also makes the UML
and QEMU drivers support this config.
* src/conf/domain_conf.c, src/conf/domain_conf.h: Allow
multiple <console> devices
* src/lxc/lxc_driver.c, src/xen/xen_driver.c,
src/xenxs/xen_sxpr.c, src/xenxs/xen_xm.c: Update for
internal API changes
* src/security/security_selinux.c, src/security/virt-aa-helper.c:
Only label consoles that aren't a copy of the serial device
* src/qemu/qemu_command.c, src/qemu/qemu_driver.c,
src/qemu/qemu_process.c, src/uml/uml_conf.c,
src/uml/uml_driver.c: Support multiple console devices
* tests/qemuxml2xmltest.c, tests/qemuxml2argvtest.c: Extra
tests for multiple virtio consoles. Set QEMU_CAPS_CHARDEV
for all console /channel tests
* tests/qemuxml2argvdata/qemuxml2argv-channel-virtio-auto.args,
tests/qemuxml2argvdata/qemuxml2argv-channel-virtio.args
tests/qemuxml2argvdata/qemuxml2argv-console-virtio.args: Update
for correct chardev syntax
* tests/qemuxml2argvdata/qemuxml2argv-console-virtio-many.args,
tests/qemuxml2argvdata/qemuxml2argv-console-virtio-many.xml: New
test file
The test case errors should not be translated since they're only
targetted at developers, not users.
* tests/virnetsockettest.c: Remove error reporting with translations
Allow the user to call with nparams too small, per API documentation.
* src/xen/xen_hypervisor.c (xenHypervisorGetSchedulerParameters):
Allow fewer than max.
* src/xen/xend_internal.c (xenDaemonGetSchedulerParameters):
Likewise.
libvirt.c guarantees that nparams is non-zero for scheduler parameters.
* src/test/test_driver.c (testDomainGetSchedulerParamsFlags): Drop
redundant check. Avoid strcpy.
Allow the user to call with nparams too small, per API documentation.
Also, libvirt.c filters out nparams of 0 for scheduler parameters.
* src/lxc/lxc_driver.c (lxcDomainGetMemoryParameters): Allow fewer
than max.
(lxcGetSchedulerParametersFlags): Drop redundant check.
Allow the user to call with nparams too small, per API documentation.
* src/libxl/libxl_driver.c
(libxlDomainGetSchedulerParametersFlags): Allow fewer than max.
Allow the user to call with nparams too small, per API documentation.
* src/esx/esx_driver.c (esxDomainGetMemoryParameters): Drop
redundant check.
(esxDomainGetSchedulerParametersFlags): Allow fewer than max.
Document the parameter names that will be used by
virDomain{Get,Set}SchedulerParameters{,Flags}, rather than
hard-coding those names in each driver, to match what is
done with memory, blkio, and blockstats parameters.
* include/libvirt/libvirt.h.in (VIR_DOMAIN_SCHEDULER_CPU_SHARES)
(VIR_DOMAIN_SCHEDULER_VCPU_PERIOD)
(VIR_DOMAIN_SCHEDULER_VCPU_QUOTA, VIR_DOMAIN_SCHEDULER_WEIGHT)
(VIR_DOMAIN_SCHEDULER_CAP, VIR_DOMAIN_SCHEDULER_RESERVATION)
(VIR_DOMAIN_SCHEDULER_LIMIT, VIR_DOMAIN_SCHEDULER_SHARES): New
field name macros.
* src/qemu/qemu_driver.c (qemuSetSchedulerParametersFlags)
(qemuGetSchedulerParametersFlags): Use new defines.
* src/test/test_driver.c (testDomainGetSchedulerParamsFlags)
(testDomainSetSchedulerParamsFlags): Likewise.
* src/xen/xen_hypervisor.c (xenHypervisorGetSchedulerParameters)
(xenHypervisorSetSchedulerParameters): Likewise.
* src/xen/xend_internal.c (xenDaemonGetSchedulerParameters)
(xenDaemonSetSchedulerParameters): Likewise.
* src/lxc/lxc_driver.c (lxcSetSchedulerParametersFlags)
(lxcGetSchedulerParametersFlags): Likewise.
* src/esx/esx_driver.c (esxDomainGetSchedulerParametersFlags)
(esxDomainSetSchedulerParametersFlags): Likewise.
* src/libxl/libxl_driver.c (libxlDomainGetSchedulerParametersFlags)
(libxlDomainSetSchedulerParametersFlags): Likewise.
The field 'mon' in 'struct tm' gives months 0-11, where as
humans tend to expect months 1-12. Thus the month number
needing adjusting by 1
* src/util/logging.c: Use human friendly month number
commit 27908453 introduces a regression, and it will
cause libvirt crashed when starting network.
The reason is that tapfd may be NULL, but we dereference
it without checking whether it is NULL.
Since all virTypedParameter APIs allow us to return the number
of slots we actually populated, we should allow the user to
call with nparams too small (without overrunning their array)
or too large (ignoring the tail of the array that we can't fill),
rather than requiring that they get things exactly right.
Making this change will make it easier for a future patch to
introduce VIR_TYPED_PARAM_STRING, with filtering in libvirt.c
rather than in every single driver, since users already have
to be prepared for *nparams to be smaller on exit than on entry.
* src/qemu/qemu_driver.c (qemuDomainGetBlkioParameters)
(qemuDomainGetMemoryParameters): Allow variable nparams on entry.
(qemuGetSchedulerParametersFlags): Drop redundant check.
(qemudDomainBlockStats, qemudDomainBlockStatsFlags): Rename...
(qemuDomainBlockStats, qemuDomainBlockStatsFlags): ...to this.
Don't return unavailable stats.
virDomainBlockStatsFlags was missing a check that was present in
virDomainGetMemoryParameters. Additionally, I found that the
existing descriptions were a bit hard to read. A later patch
will fix qemu to return fewer than max parameters if @nparams
was too small on input.
* src/libvirt.c (virDomainGetMemoryParameters)
(virDomainGetBlkioParameters, virDomainGetSchedulerParameters)
(virDomainGetSchedulerParametersFlags):
Tweak documentation wording.
(virDomainBlockStatsFlags): Likewise, and add sanity check.
If an LXC VM fails to start, quite a few cleanup paths will
result in the original error message being overwritten. Some
other cleanup paths also forgot to actually terminate the VM.
* src/lxc/lxc_driver.c: Ensure VM is terminated on startup
failure and preserve original error
The LXC code for mounting container filesystems from block devices
tries all filesystems in /etc/filesystems and possibly those in
/proc/filesystems. The regular mount binary, however, first tries
using libblkid to detect the format. Add support for doing the same
in libvirt, since Fedora's /etc/filesystems is missing many formats,
most notably ext4 which is the default filesystem Fedora uses!
* src/Makefile.am: Link libvirt_lxc to libblkid
* src/lxc/lxc_container.c: Probe filesystem format with libblkid
If we looped through /etc/filesystems trying to mount with each
type and failed all options, we forget to actually raise an
error message.
* src/lxc/lxc_container.c: Raise error if unable to detect
the filesystems. Also fix existing error message
The kernel automounter is mostly broken wrt to containers. Most
notably if you start a new filesystem namespace and then attempt
to unmount any autofs filesystem, it will typically fail with a
weird error message like
Failed to unmount '/.oldroot/sys/kernel/security':Too many levels of symbolic links
Attempting to detach the autofs mount using umount2(MNT_DETACH)
will also fail with the same error. Therefore if we get any error on
unmount()ing a filesystem from the old root FS when starting a
container, we must immediately break out and detach the entire
old root filesystem (ignoring any mounts below it).
This has the effect of making the old root filesystem inaccessible
to anything inside the container, but at the cost that the mounts
live on in the kernel until the container exits. Given that SystemD
uses autofs by default, we need LXC to be robust this scenario and
thus this tradeoff is worthwhile.
* src/lxc/lxc_container.c: Detach root filesystem if any umount
operation fails.
The /etc/filesystems file can contain a '*' on the last line to
indicate that /proc/filessystems should be tried next. We have
a check that this '*' only occurs on the last line. Unfortunately
when we then start reading /proc/filesystems, we mistakenly think
we've seen '*' in /proc/filesystems and fail
* src/lxc/lxc_container.c: Skip '*' validation when we're reading
/proc/filesystems
Only some of the return paths of lxcContainerWaitForContinue will
have set errno. In other paths we need to set it manually to avoid
the caller getting a random stale errno value
* src/lxc/lxc_container.c: Set errno in lxcContainerWaitForContinue
We already have a /var/lib/libvirt/images for OS install images.
We need a separate /var/lib/libvirt/filesystems for OS install
trees, since SELinux labelling will be different
* libvirt.spec.in: Add /var/lib/libvirt/filesystems
* src/Makefile.am: Create /var/lib/libvirt/filesystems
Allow the datacenter and compute resource parts of the path
to be prefixed with folders. Therefore, the way the path is
parsed has changed. Before, it was split in 2 or 3 items and
the items' meanings were determined by their positions. Now
the path can have 2 or more items and the the vCenter server
is asked whether a folder, datacenter of compute resource
with the specified name exists at the current hierarchy level.
Before the datacenter and compute resource lookup automatically
traversed folders during lookup. This is logic got removed
and folders have to be specified explicitly.
The proper datacenter path including folders is now used when
accessing a datastore over HTTPS. This makes virsh dumpxml
and define work for datacenters in folders.
https://bugzilla.redhat.com/show_bug.cgi?id=732676
with /etc/libvirt/libvirt.conf below:
uri_aliases = [
"hail=qemu:///system",
"sleet=qemu+ssh://root 9 115 122 57/system",
"sam=qemu+unix:///system?socket=/var/run/libvirt/libvirt-sock",
]
Neither "virsh -c hailly" nor "hai" should result in matching "hail=qemu:///system"
Fix URI alias prefix matching when connecting
Signed-off-by: Wen Ruo Lv <lvroyce@linux.vnet.ibm.com>
If daemon is using SASL it reads client data into a cache. This cache is
big (usually 65KB) and can thus contain 2 or more messages. However,
on socket event we can dispatch only one message. So if we read two
messages at once, the second will not be dispatched as the socket event
goes away with filling the cache.
Moreover, when dispatching the cache we need to remember to take care
of client max requests limit.
If we are comparing storage pools we must skip comparing with
ourself, so that re-defining an existing pool works
* conf/storage_conf.c: Skip self when comparing
The qemu RBD driver needs access to the conn in order to get the secret
needed for connecting to the ceph cluster.
Signed-off-by: Sage Weil <sage@newdream.net>
To support "managed" mode of host PCI device, we record the original
states (unbind_from_stub, remove_slot, and reprobe) so that could
reattach the device to host with original driver. But there is no XML
for theses attrs, and thus after daemon is restarted, we lose the
original states. It's easy to reproduce:
1) virsh start domain
2) virsh attach-device dom hostpci.xml (in 'managed' mode)
3) service libvirtd restart
4) virsh destroy domain
You will see the device won't be bound to the original driver
if there was one.
This patch is to solve the problem by introducing internal XML
(won't be dumped to user, only dumped to status XML). The XML is:
<origstates>
<unbind/>
<remove_slot/>
<reprobe/>
</origstates>
Which will be child node of <hostdev><source>...</souce></hostdev>.
(only for PCI device).
A new struct "virDomainHostdevOrigStates" is introduced for the XML,
and the according members are updated when preparing the PCI device.
And function "qemuUpdateActivePciHostdevs" is modified to honor
the original states. Use of qemuGetPciHostDeviceList is removed
in function "qemuUpdateActivePciHostdevs", and the "managed" value of
the device config is honored by the change. This fixes another problem
alongside:
qemuGetPciHostDeviceList set the device as "managed" force
regardless of whether the device is configured as "managed='yes'"
or not in XML, which is not right.
Deal with the incompatible changes in the VirtualBox 4.1 API.
INetworkAdapter has its different AttachTo* method replaced by
a settable attachmentType property.
The maximum number of network adapters is now requestable per
chipset type.
The OpenMedium method got a bool parameter to request opening
a medium under a new IID.
privP->session->error_description is a list and in order to get the
complete error message all parts of the list should be concatenated.
xenapiSessionErrorHandler does this when its third parameter is NULL.
The current code discards all but the first part of the error message
resulting in a potentially incomplete error message.
This partly reverts 006be75ee2, that tried to avoid reporting
a (null) in the error message. The actual problem is more general in
returnErrorFromSession that might return NULL if there is no error.
Make sure that returnErrorFromSession return non-NULL always. Also
don't skip the last error message part.
- changed some return 1's to return -1
- changed if (rc) error checks to if (rc < 0)
- fixed some other minor convention violations
I might have missed some. Can fix in another patch or can respin
Signed-off-by: Roopa Prabhu <roprabhu@cisco.com>
Reported-by: Eric Blake <eblake@redhat.com>
Reported-by: Laine Stump <laine@laine.org>
Signed-off-by: Eric Blake <eblake@redhat.com>
The types used in domaincommon.rng and secret.rng should be the same.
Move genericName to basictypes.rng, then drop redundant types now
that secret.rng uses basictypes.rng.
Signed-off-by: Josh Durgin <josh.durgin@dreamhost.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
When using the xml as below:
------------------------------------------------------
<devices>
<emulator>/home/soulxu/data/work-code/qemu-kvm/x86_64-softmmu/qemu-system-x86_64</emulator>
<disk type='file' device='disk'>
<driver name='qemu' type='qcow2'/>
<source file='/home/soulxu/data/VM/images/linux.img'/>
<target dev='vda' bus='virtio'/>
<address type='drive' controller='0' bus='0' unit='0'/>
</disk>
<input type='mouse' bus='ps2'/>
<graphics type='vnc' port='-1' autoport='yes'/>
<video>
<model type='cirrus' vram='9216' heads='1'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
</video>
<memballoon model='virtio'>
<address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
</memballoon>
</devices>
------------------------------------------------------
Then can't startup qemu, the error message as below:
virsh # start test-vm
error: Failed to start domain test-vm
error: internal error process exited while connecting to monitor: qemu-system-x86_64: -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x3: PCI: slot 3 function 0 not available for virtio-balloon-pci, in use by virtio-blk-pci
qemu-system-x86_64: -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x3: Device 'virtio-balloon-pci' could not be initialized
So adding check for bus type and address type. Only the address of pci type support by virtio bus.
Signed-off-by: Xu He Jie <xuhj@linux.vnet.ibm.com>
Add additional fields to let you specify the how to authenticate with a disk.
The secret to use may be referenced by a usage string or a UUID, i.e.:
<auth username='myuser'>
<secret type='ceph' usage='secretname'/>
</auth>
or
<auth username='myuser'>
<secret type='ceph' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
</auth>
Signed-off-by: Josh Durgin <josh.durgin@dreamhost.com>
Add a new secret type to store a Ceph authentication key. The name
is simply an identifier for easy human reference.
The xml looks like this:
<secret ephemeral='no' private='no'>
<uuid>0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f</uuid>
<usage type='ceph'>
<name>mycluster_admin</name>
</usage>
</secret>
Signed-off-by: Sage Weil <sage@newdream.net>
Signed-off-by: Josh Durgin <josh.durgin@dreamhost.net>
Leak introduced in commit c1bc3d89.
Detected by valgrind:
==18462== 1,100 bytes in 1 blocks are definitely lost in loss record 183 of 184
==18462== at 0x4A05FDE: malloc (vg_replace_malloc.c:236)
==18462== by 0x4A06167: realloc (vg_replace_malloc.c:525)
==18462== by 0x4AADBB: virReallocN (memory.c:161)
==18462== by 0x4A975E: virBufferGrow (buf.c:117)
==18462== by 0x4A9D92: virBufferVasprintf (buf.c:290)
==18462== by 0x4A9EF7: virBufferAsprintf (buf.c:263)
==18462== by 0x429488: qemuBuildControllerDevStr (qemu_command.c:1993)
==18462== by 0x42C4B6: qemuBuildCommandLine (qemu_command.c:3803)
==18462== by 0x41A604: testCompareXMLToArgvHelper (qemuxml2argvtest.c:124)
==18462== by 0x41BB81: virtTestRun (testutils.c:141)
==18462== by 0x416DFF: mymain (qemuxml2argvtest.c:369)
==18462== by 0x41B277: virtTestMain (testutils.c:696)
==18462==
==18462== LEAK SUMMARY:
==18462== definitely lost: 1,100 bytes in 1 blocks
==18462== indirectly lost: 0 bytes in 0 blocks
* src/qemu/qemu_command.c (qemuBuildCommandLine): Clean up on success.
Signed-off-by: Alex Jia <ajia@redhat.com>
Detected by Coverity. The fix in 2c27dfa didn't catch all bad
instances of memcpy(). Thankfully, on further analysis, all of
the problematic uses are only triggered by old qemu that lacks
-device.
* src/qemu/qemu_hotplug.c (qemuDomainAttachPciDiskDevice)
(qemuDomainAttachNetDevice, qemuDomainAttachHostPciDevice): Init
all fields since monitor only populates some of them.
Since it needs to access file descriptors passed in the msg,
the RPC driver for virDomainOpenGraphics needs to be manually
implemented.
* daemon/remote.c: RPC server dispatcher
* src/remote/remote_driver.c: RPC client dispatcher
* src/remote/remote_protocol.x: Define protocol
The RPC server classes are extended to allow FDs to be received
from clients with calls. There is not currently any way for a
procedure to pass FDs back to the client with replies
* daemon/remote.c, src/rpc/gendispatch.pl: Change virNetMessageHeaderPtr
param to virNetMessagePtr in dispatcher impls
* src/rpc/virnetserver.c, src/rpc/virnetserverclient.c,
src/rpc/virnetserverprogram.c, src/rpc/virnetserverprogram.h:
Extend to support FD passing
Extend the RPC client code to allow file descriptors to be sent
to the server with calls, and received back with replies.
* src/remote/remote_driver.c: Stub extra args
* src/libvirt_private.syms, src/rpc/virnetclient.c,
src/rpc/virnetclient.h, src/rpc/virnetclientprogram.c,
src/rpc/virnetclientprogram.h: Extend APIs to allow
FD passing
Define two new RPC message types VIR_NET_CALL_WITH_FDS and
VIR_NET_REPLY_WITH_FDS. These message types are equivalent
to VIR_NET_CALL and VIR_NET_REPLY, except that between the
message header, and payload there is a 32-bit integer field
specifying how many file descriptors have been passed.
The actual file descriptors are sent/recv'd out of band.
* src/rpc/virnetmessage.c, src/rpc/virnetmessage.h,
src/libvirt_private.syms: Add support for handling
passed file descriptors
* src/rpc/virnetprotocol.x: Extend protocol for FD
passing
Add APIs to the virNetSocket object, to allow file descriptors
to be sent/received over UNIX domain socket connections
* src/rpc/virnetsocket.c, src/rpc/virnetsocket.h,
src/libvirt_private.syms: Add APIs for FD send/recv
The QEMU monitor command 'add_client' can be used to connect to
a VNC or SPICE graphics display. This allows for implementation
of the virDomainOpenGraphics API
* src/qemu/qemu_driver.c: Implement virDomainOpenGraphics
* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_json.h,
src/qemu/qemu_monitor_text.c, src/qemu/qemu_monitor_text.h:
Add binding for 'add_client' command
Not all VNC/SPICE servers use a TCP socket for their connections.
It is possible to configure a UNIX socket server. The graphics
event must thus include a UNIX socket address type.
* include/libvirt/libvirt.h.in: Add UNIX socket address type
for graphics event
* src/qemu/qemu_monitor_json.c: Add 'unix' string to address
type enum
The virDomainOpenGraphics API allows a libvirt client to pass in
a file descriptor for an open socket pair, and get it connected
to the graphics display of the guest. This is limited to working
with local libvirt hypervisors connected over a UNIX domain
socket, since it will use UNIX FD passing
* include/libvirt/libvirt.h.in: Define virDomainOpenGraphics
* src/driver.h: Define driver for virDomainOpenGraphics
* src/libvirt_public.syms, src/libvirt.c: Entry point for
virDomainOpenGraphics
* src/libvirt_internal.h: VIR_DRV_FEATURE_FD_PASSING
The 5th line of every xfig file has 'Letter ' which
annoys GITs trailing-whitespace commit hook. Hand edit
the files to remove that trailing whitespace
* docs/*.fig: Remove trailing whitespace
This adds a page documenting many aspects of migration:
- The types of migration (managed direct, p2p, unmanaged direct)
- Data transports (native, tunnelled)
- Migration URIs
- Config file handling
- Example scenarios
* libvirt.css: Rules for data tables and diagrams
* Makefile.am: Include extra png/fig files
* migration-managed-direct.fig, migration-managed-direct.png,
migration-managed-direct.png, migration-managed-p2p.png,
migration-native.fig, migration-native.png,
migration-tunnel.fig, migration-tunnel.png,
migration-unmanaged-direct.fig, migration-unmanaged-direct.png:
Diagrams of migration
* migration.html.in, sitemap.html.in: New migration doc
If vol-create-from is failed due to 'input volume not found',
virsh outputs like this:
$ sudo virsh vol-create-from testpool test-vol.xml test.img
error: failed to get vol 'test.img', specifying --pool might help
error: Storage volume not found: no storage vol with matching path
However, '--pool' is incorrect because it is already specified as
second argument ('testpool' in this case). It should be "--inputpool".
The patch fixes this by using pooloptname, which will be "inputpool"
in this case and "pool" in other cases, as error message.
This refactors the TAP creation code out of brAddTap into a new
function brCreateTap to allow it to be used on its own. I have also
changed ifSetInterfaceMac to brSetInterfaceMac and exported it since
it is will be needed by code outside of util/bridge.c in the next
patch.
AUTHORS | 1 +
src/libvirt_bridge.syms | 2 +
src/util/bridge.c | 116 +++++++++++++++++++++++++++++++----------------
src/util/bridge.h | 9 ++++
4 files changed, 89 insertions(+), 39 deletions(-)
Every time we write XML into a file we call virEmitXMLWarning to write a
warning that the file is automatically generated. virXMLSaveFile
simplifies this into a single step and makes rewriting existing XML file
safe by using virFileRewrite internally.
When saving config files we just overwrite old content of the file. In
case something fails during that process (e.g. disk gets full) we lose
both old and new content. This patch makes the process more robust by
writing the new content into a separate file and only if that succeeds
the original file is atomically replaced with the new one.
This change adds some systemtap/dtrace probes to the QEMU monitor
client code. In particular it allows watching of all operations
for a VM
* examples/systemtap/qemu-monitor.stp: Watch all monitor commands
* src/Makefile.am: Passing libdir/bindir/sbindir to dtrace2systemtap.pl
* src/dtrace2systemtap.pl: Accept libdir/bindir/sbindir as args
and look for '# binary:' comment to mark probes against libvirtd
vs libvirt.so
* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor_json.c,
src/qemu/qemu_monitor_text.c: Add probes for key functions
Previous commit clears number of items alocated in lxcSetupLoopDevices
if VIR_REALLOC_N fails. In that case, the pointer is not NULL, and
causes leaking FDs that have been allocated.
* src/lxc/lxc_controller.c: revert zeroing array size
If the function lxcSetupLoopDevices(def, &nloopDevs, &loopDevs) failed,
the variable loopDevs will keep a initial NULL value, however, the
function VIR_FORCE_CLOSE(loopDevs[i]) will directly deref it.
This patch also fixes returning a bogous number of devices from
lxcSetupLoopDevices on an error path.
* rc/lxc/lxc_controller.c: fixed a null pointer dereference.
Signed-off-by: Alex Jia <ajia@redhat.com>
Cppcheck detected a syntaxError on lxcDomainInterfaceStats.
* src/lxc/lxc_driver.c: fixed missing '{' in the function lxcDomainInterfaceStats.
Signed-off-by: Alex Jia <ajia@redhat.com>
Rather than making all clients of monitor commands that are JSON-only
check whether yajl support was compiled in, it is simpler to just
avoid setting the capability bit up front if we can't use the capability.
* src/qemu/qemu_capabilities.c (qemuCapsComputeCmdFlags): Only set
capability bit if we also have yajl library to use it.
* src/qemu/qemu_driver.c (qemuDomainReboot): Drop #ifdefs.
* src/qemu/qemu_process.c (qemuProcessStart): Likewise.
* tests/qemuhelptest.c (testHelpStrParsing): Pass test even
without yajl.
* tests/qemuxml2argvtest.c (mymain): Simplify use of json flag.
* tests/qemuxml2argvdata/qemuxml2argv-disk-drive-error-*.args:
Update expected results to match.
Break some long lines, and use more efficient functions when possible,
such as relying on virBufferEscapeString to skip output on a NULL arg.
Ensure that output does not embed newlines, since auto-indent won't
work in those situations.
* src/conf/domain_conf.c (virDomainTimerDefFormat): Break output lines.
(virDomainDefFormatInternal, virDomainDiskDefFormat)
(virDomainActualNetDefFormat, virDomainNetDefFormat)
(virDomainHostdevDefFormat): Minor cleanups.
Fixing this involved some refactoring of common code out of
domain_conf and nwfilter_conf into nwfilter_params.
* src/conf/nwfilter_params.h (virNWFilterFormatParamAttributes):
Adjust signature.
* src/conf/nwfilter_params.c (_formatParameterAttrs)
(virNWFilterFormatParamAttributes): Adjust indentation handling,
and handle filterref here.
(formatterParam): Delete unused struct.
* src/conf/domain_conf.c (virDomainNetDefFormat): Adjust caller.
* src/conf/nwfilter_conf.c (virNWFilterIncludeDefFormat): Likewise.
Detected by Coverity. Only possible if qemu-img gives bogus output,
but we might as well be robust.
* src/storage/storage_backend.c
(virStorageBackendQEMUImgBackingFormat): Check for strstr failure.
Commit 1726a73 hacked around MacOS' lack of fdatasync, since
gnulib did not have it at the time. But now that we use newer
gnulib, we can avoid the hack.
* bootstrap.conf (gnulib_modules): Add fdatasync.
* configure.ac (AC_CHECK_FUNCS_ONCE): Drop our own check.
If a disk source gets dropped because it is not accessible,
mgmt application might want to be informed about this. Therefore
we need to emit an event. The event presented in this patch
is however a bit superset of what written above. The reason is simple:
an intention to be easily expanded, e.g. on 'user ejected disk
in guest' events. Therefore, callback gets source string and disk alias
(which should be unique among a domain) and reason (an integer);
This patch implements on_missing feature in qemu driver.
Upon qemu startup process an accessibility of CDROMs
and floppy disks is checked. The source might get dropped
if unavailable and on_missing is set accordingly.
No event is emit thought. Look for follow up patch.
This patch is rather cosmetic as it only moves device alias
assignation from command line construction just before that.
However, it is needed in connotation of previous and next patch.
This attribute says what to do with cdrom (or floppy) if
the source is missing. It accepts:
- mandatory - fail if missing for any reason (the default)
- requisite - fail if missing on boot up, drop if missing on
migrate/restore/revert
- optional - drop if missing at any start attempt.
However, this patch introduces only XML part of this new
functionality.
Splitting into two functions allows the user to call the right
function, rather than having to remember that a *Free function is
an exception to the rule.
* src/conf/storage_conf.h (virStoragePoolSourceClear): New function.
* src/libvirt_private.syms (storage_conf.h): Export it.
* src/conf/storage_conf.c (virStoragePoolSourceFree): Split...
(virStoragePoolSourceClear): ...into new function.
(virStoragePoolDefFree, virStoragePoolDefParseSourceString):
Update callers.
* src/test/test_driver.c (testStorageFindPoolSources): Likewise.
* src/storage/storage_backend_fs.c
(virStorageBackendFileSystemNetFindPoolSourcesFunc)
(virStorageBackendFileSystemNetFindPoolSources): Likewise.
* src/storage/storage_backend_iscsi.c
(virStorageBackendISCSIFindPoolSources): Likewise.
* src/storage/storage_backend_logical.c
(virStorageBackendLogicalFindPoolSources): Likewise.
Detected by Coverity. virStoragePoolSourceFree does not free the
actual passed-in pointer. A bigger patch would be to rename it
virStoragePoolSourceClear to match behavior, or even split it into
two functions depending on needed behavior; but this is the minimal
fix to the one location out of eight that leaked memory.
* src/storage/storage_backend_iscsi.c
(virStorageBackendISCSIFindPoolSources): Free memory.
Based on a report by Coverity. waitpid() can leak resources if it
fails with EINTR, so it should never be used without checking return
status. But we already have a helper function that does that, so
use it in more places.
* src/lxc/lxc_container.c (lxcContainerAvailable): Use safer
virWaitPid.
* daemon/libvirtd.c (daemonForkIntoBackground): Likewise.
* tests/testutils.c (virtTestCaptureProgramOutput, virtTestMain):
Likewise.
* src/libvirt.c (virConnectAuthGainPolkit): Simplify with virCommand.
Detected by Coverity. Both text and JSON monitors set only the
bus and unit fields, which means driveAddr.controller spends
life as garbage on the stack, and is then memcpy()'d into the
in-memory representation which the user can see via dumpxml.
* src/qemu/qemu_hotplug.c (qemuDomainAttachSCSIDisk): Only copy
defined fields.
We have a new vol type "dir" in addition to "file" and "block", but
virsh doesn't know it. Fix it.
Additionally, the patch lets virsh output "unknown" if not matched
any of them.
More simplifications possible due to auto-indent. Also,
<bandwidth> within <actual> was only using 6 instead of 8 spaces.
* src/util/network.h (virVirtualPortProfileFormat)
(virBandwidthDefFormat): Alter signature.
* src/util/network.c (virVirtualPortProfileFormat)
(virBandwidthDefFormat): Alter indentation.
(virBandwidthChildDefFormat): Tweak to make use easier.
* src/conf/network_conf.c (virPortGroupDefFormat)
(virNetworkDefFormat): Adjust callers.
* src/conf/domain_conf.c (virDomainNetDefFormat): Likewise.
(virDomainActualNetDefFormat): Likewise, and fix bandwidth
indentation.
Auto-indent makes life a bit easier; this patch also drops unused
arguments and replaces a misspelled flag name with two entry points
instead, so that callers don't have to worry about how much spacing
is present when embedding cpu elements.
* src/conf/cpu_conf.h (virCPUFormatFlags): Delete.
(virCPUDefFormat): Drop unused argument.
(virCPUDefFormatBuf): Alter signature.
(virCPUDefFormatBufFull): New prototype.
* src/conf/cpu_conf.c (virCPUDefFormatBuf): Split...
(virCPUDefFormatBufFull): ...into new function.
(virCPUDefFormat): Adjust caller.
* src/conf/domain_conf.c (virDomainDefFormatInternal): Likewise.
* src/conf/capabilities.c (virCapabilitiesFormatXML): Likewise.
* src/cpu/cpu.c (cpuBaselineXML): Likewise.
* tests/cputest.c (cpuTestCompareXML): Likewise.
The improvements to virBuffer, along with a paradigm shift to pass
the original buffer through rather than creating a second buffer,
allow us to shave off quite a few lines of code.
* src/util/sysinfo.h (virSysinfoFormat): Alter signature.
* src/util/sysinfo.c (virSysinfoFormat, virSysinfoBIOSFormat)
(virSysinfoSystemFormat, virSysinfoProcessorFormat)
(virSysinfoMemoryFormat): Change indentation parameter.
* src/conf/domain_conf.c (virDomainSysinfoDefFormat): Adjust
caller.
* src/qemu/qemu_driver.c (qemuGetSysinfo): Likewise.
Add a test for the simple parts of my indentation changes, and
fix the fallout.
* tests/domainsnapshotxml2xmltest.c: New test.
* tests/Makefile.am (domainsnapshotxml2xmltest_SOURCES): Build it.
* src/conf/domain_conf.c (virDomainSnapshotDefFormat): Avoid NULL
deref, match documented order.
* src/conf/domain_conf.h (virDomainSnapshotDefFormat): Add const.
* tests/domainsnapshotxml2xmlout/all_parameters.xml: Tweak output.
* tests/domainsnapshotxml2xmlout/disk_snapshot.xml: Likewise.
* tests/domainsnapshotxml2xmlout/full_domain.xml: Likewise.
* .gitignore: Exempt new binary.
<domainsnapshot> is the first public instance of <domain> being
used as a sub-element, although we have two other private uses
(runtime state, and migration cookie). Although indentation has
no effect on XML parsing, using it makes the output more consistent.
This uses virBuffer auto-indentation to obtain the effect, for all
but the portions of <domain> that are not generated a line at a
time into the same virBuffer. Further patches will clean up the
remaining problems.
* src/conf/domain_conf.h (virDomainDefFormatInternal): New prototype.
* src/conf/domain_conf.c (virDomainDefFormatInternal): Export.
(virDomainObjFormat, virDomainSnapshotDefFormat): Update callers.
* src/libvirt_private.syms (domain_conf.h): Add new export.
* src/qemu/qemu_migration.c (qemuMigrationCookieXMLFormat): Use
new function.
(qemuMigrationCookieXMLFormatStr): Update caller.
Rather than having to adjust all callers in a chain to deal with
indentation, it is nicer to have virBuffer do auto-indentation.
* src/util/buf.h (_virBuffer): Increase size.
(virBufferAdjustIndent, virBufferGetIndent): New prototypes.
* src/libvirt_private.syms (buf.h): Export new functions.
* src/util/buf.c (virBufferAdjustIndent, virBufferGetIndent): New
functions.
(virBufferSetError, virBufferAdd, virBufferAddChar)
(virBufferVasprintf, virBufferStrcat, virBufferURIEncodeString):
Implement auto-indentation.
* tests/virbuftest.c (testBufAutoIndent): Test it.
(testBufInfiniteLoop): Don't rely on internals.
Idea by Daniel P. Berrange.
The next patch wants to add some sanity checking, which would
be a different error than ENOMEM. Many existing callers blindly
report OOM failure if virBuf reports an error, and this will be
wrong in the (unlikely) case that they actually had a usage error
instead; but since the most common error really is ENOMEM, I'm
not going to fix all callers. Meanwhile, new discriminating
callers can react differently depending on what failure happened.
* src/util/buf.c (virBufferSetError): Add parameter.
(virBufferGrow, virBufferVasprintf, virBufferEscapeString)
(virBufferEscapeSexpr, virBufferEscapeShell): Adjust callers.
I had some temporary test failures while working on virbuf
improvements in later patches, with output that looked like:
Expected [<]
Actual [ <]
which is pretty hard to figure out. Adding an Offset designation
made it much easier to find which particular '<' was at the
wrong indentation, to fix the right part of the code.
* tests/testutils.c (virtTestDifference): Make it easier to
diagnose test failures.
Although the compiler wasn't complaining (since it was the pointer,
rather than what was being pointed to, that was actually const), it
looks quite suspicious to call a function with an argument labeled
const when the nature of the pointer (virBufferPtr) is hidden behind
a typedef. Dropping const makes the function declarations easier
to read.
* src/util/buf.h: Drop const from all functions that modify buffer
argument.
* src/util/buf.c (virBufferSetError, virBufferAdd)
(virBufferContentAndReset, virBufferFreeAndReset)
(virBufferAsprintf, virBufferVasprintf, virBufferEscapeString)
(virBufferEscapeSexpr, virBufferEscape): Fix fallout.
In a recent expansion of the documentation on network forward modes, I
incorrectly stated that incoming sessions to guests on routed networks
were blocked. This is true for guests on NATed networks, but not
routed. This patch corrects that error, and adds a pointer to the
nwfilter page for those who do want to restrict incoming sessions to
hosts on routed networks.
There is a little difference between the output of domxml-to-native and the actual commandline.
No matter qemu is in control or readline mode, domxml-to-native always converts it to readline mode.
That is because the parameter "monitor_json" for qemuBuildCommandLine() is always set to false
in qemuDomainXMLToNative().
Signed-off-by: tangchen <tangchen@cn.fujitsu.com>
Clarify some of the effects of managed passthrough <hostdev> devices;
with recent changes (commit d093547), a nodedev-reattach is only needed
to pair up to an explicit nodedev-dettach (but beware that older
virt-manager has a bug where it uses explicit nodedev-dettach under the
hood when using the gui to hotplug a hostdev device).
* docs/formatdomain.html.in: Mention reattach.
* tools/virsh.pod (nodedev): Mention managed mode.
The glibc ones (intentionally) cannot handle ptys opened in a
devpts not mounted at /dev/pts.
Drop the (un-exported, unused) virFileOpenTtyAt.
Signed-off-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
Add test cases for parsing the qemu-name-space.
This is based on qemuxml2argv{test,data/}, but can not reside in
qemuxml2argv{test,data/} because ...
1. qemuxmlns-qemu-ns-domain.xml is not schema-valid and breaks
domainschematest. The test is still important to detect xmlns:qemu
bindings to a name-space other than
http://libvirt.org/schemas/domain/qemu/1.0
2. they break qemuxml2xml, because the xmlns:qemu binding is moved to
the top-level <domain> element when converting from argv to xml.
Signed-off-by: Philipp Hahn <hahn@univention.de>
The XML parser for the qemu specific extensions expects the qemu name-space
to be bound to the 'qemu' prefix. This is too strict, since the name of the
name-space-prefix is only meant as an internal lookup key. Only the associated
URI is relevant.
<domain>...
<qemu:commandline xmlns:qemu="http://libvirt.org/schemas/domain/qemu/1.0">
...</qemu:commandline>
</domain>
<domain xmlns:ns0="http://libvirt.org/schemas/domain/qemu/1.0">...
<ns0:commandline>
...</ns0:commandline>
</domain>
<domain xmlns:qemu="http://libvirt.org/schemas/domain/qemu/1.0">
<qemu:commandline xmlns:qemu="urn:foo">
...</qemu:commandline>
</domain>
Remove the test for checking the name-space binding on the top-level <domain>
element. Registering the name-space with XPath is enough.
Signed-off-by: Philipp Hahn <hahn@univention.de>
When I compile libvirt with gcc-4.6.1 in ubuntu 11.10, got error as below:
CCLD libvirtd
/usr/bin/ld: ../src/.libs/libvirt_driver_qemu.a(libvirt_driver_qemu_la-qemu_migration.o): undefined reference to symbol 'gnutls_x509_crt_get_dn@@GNUTLS_1_4'
/usr/bin/ld: note: 'gnutls_x509_crt_get_dn@@GNUTLS_1_4' is defined in DSO /usr/lib/x86_64-linux-gnu/libgnutls.so so try adding it to the linker command line
/usr/lib/x86_64-linux-gnu/libgnutls.so: could not read symbols: Invalid operation
collect2: ld returned 1 exit status
make[3]: *** [libvirtd] Error 1
It can compile with gcc-4.5.2 in ubuntu 11.04, but it can not compile with gcc-4.6.1 in ubuntu 11.10.
I didn't find reason. Does Anyone know the reason or the different between gcc-4.5.2 and gcc-4.6.1?
I still provide a patch for this. Just make it is working now.
Signed-off-by: soulxu <soulxu@soulxu-ThinkPad-T410.(none)>
This adds support for a libvirt client configuration file
either /etc/libvirt/libvirt.conf for privileged clients,
or $HOME/.libvirt/libvirt.conf for unprivileged clients.
It allows one parameter
uri_aliases = [
"hail=qemu+ssh://root@hail.cloud.example.com/system",
"sleet=qemu+ssh://root@sleet.cloud.example.com/system",
]
Any call to virConnectOpen with a non-NULL URI will first
attempt to match against the uri_aliases list. An application
can disable this by using VIR_CONNECT_NO_ALIASES
* docs/uri.html.in: Document URI aliases
* include/libvirt/libvirt.h.in: Add VIR_CONNECT_NO_ALIASES
* libvirt.spec.in, mingw32-libvirt.spec.in: Add /etc/libvirt/libvirt.conf
* src/Makefile.am: Install default config file
* src/libvirt.c: Add support for URI aliases
* src/remote/remote_driver.c: Don't try to handle URIs
with no scheme and which clearly are not paths
* src/util/conf.c: Don't raise error on virConfFree(NULL)
* src/xen/xen_driver.c: Don't raise error on URIs
with no scheme
We recently added support for VIR_DOMAIN_START_AUTODESTROY and
an impl to the QEMU driver. It is very desirable to support in
other drivers, so this adds it to LXC and UML
* src/lxc/lxc_conf.h, src/lxc/lxc_driver.c,
src/uml/uml_conf.h, src/uml/uml_driver.c: Wire up autodestroy
functions
Noticed when testing new libvirt against old qemu that lacked the
snapshot_blkdev HMP command. Libvirt was mistakenly treating the
command as successful, and re-writing the domain XML to use the
just-created 0-byte file, rendering the domain broken on restart.
* src/qemu/qemu_monitor_text.c (qemuMonitorTextDiskSnapshot):
Notice another possible error message.
* src/qemu/qemu_driver.c
(qemuDomainSnapshotCreateSingleDiskActive): Don't keep 0-byte file
on failure.
compile error:
./src/.libs/libvirt_driver_qemu.a(libvirt_driver_qemu_la-qemu_hostdev.o): In function `qemuPrepareHostdevPCIDevices':
/home/soulxu/data/work-code/libvirt/src/qemu/qemu_hostdev.c:183: undefined reference to `pciDeviceListFind'
/home/soulxu/data/work-code/libvirt/src/qemu/qemu_hostdev.c:230: undefined reference to `pciDeviceListFind'
./src/.libs/libvirt_driver_qemu.a(libvirt_driver_qemu_la-qemu_hostdev.o): In function `qemuGetActivePciHostDeviceList':
/home/soulxu/data/work-code/libvirt/src/qemu/qemu_hostdev.c:102: undefined reference to `pciDeviceListFind'
./src/.libs/libvirt_driver_qemu.a(libvirt_driver_qemu_la-qemu_hostdev.o): In function `qemuDomainReAttachHostdevDevices':
/home/soulxu/data/work-code/libvirt/src/qemu/qemu_hostdev.c:370: undefined reference to `pciDeviceListFind'
Signed-off-by: Xu He Jie <xuhj@linux.vnet.ibm.com>
probes.h is generated in build directory; setting a dependency on
probes.h from source directory doesn't work well in VPATH builds. Caused
by commit 1afcfbdda0
When I run 'make dist', I receive the following error messages:
make[1]: Entering directory `/home/wency/source/libvirt/src'
GEN remote/remote_protocol.h
GEN remote/remote_protocol.c
GEN remote/qemu_protocol.h
GEN remote/qemu_protocol.c
GEN remote/qemu_client_bodies.h
CC libvirt_driver_remote_la-remote_protocol.lo
In file included from ./remote/remote_protocol.h:16,
from ./remote/remote_protocol.c:7:
/internal.h:249:23: error: probes.h: No such file or directory
make[1]: *** [libvirt_driver_remote_la-remote_protocol.lo] Error 1
make[1]: Leaving directory `/home/wency/source/libvirt/src'
make: *** [distdir] Error 1
The reason is that we use probes.h before generating it.
BZ# https://bugzilla.redhat.com/show_bug.cgi?id=736214
The problem is caused by the original info of domain's PCI dev is
maintained by qemu_driver->activePciHostdevs list, (E.g. dev->reprobe,
which stands for whether need to reprobe driver for the dev when do
reattachment). The fields (dev->reprobe, dev->unbind_from_stub, and
dev->remove_slot) are initialized properly when preparing the PCI
device for managed attachment. However, when do reattachment, it
construct a complete new "pciDevice" without honoring the original
dev info, and thus the dev won't get the original driver or can get
other problem.
This patch is to fix the problem by get the devs from list
driver->activePciHostdevs.
Tested with following 3 scenarios:
* the PCI was bound to some driver not pci-stub before attaching
result: the device will be bound to the original driver
* the PCI was bound to pci-stub before attaching
result: no driver reprobing, and still bound to pci-stub
* The PCI was not bound to any driver
result: no driver reprobing, and still not bound to any driver.
Commit 0472f39 plugged a leak, but introduced another bug:
Actually looks like physfndev is conditionally allocated in getPhysfnDev
Its better to modify getPhysfnDev to allocate physfndev every time.
A few people have attempted to use the new forwarding modes with older
versions of libvirt. The docs where the modes are described have
always stated the minimum required libvirt version, but the examples
at the end didn't, which I believe is what has caused the confusion.
Similarly, the section on portgroups now has a version tag added at
the beginning.
I also noticed that there was no example of defining a <dns> hostname,
so I added one, as well as making the domain name example more
recognizable (by adding ".com" to the domain).
When failing on starting a domain, it tries to reattach all the PCI
devices defined in the domain conf, regardless of whether the devices
are still used by other domain. This will cause the devices to be deleted
from the list qemu_driver->activePciHostdevs, thus the devices will be
thought as usable even if it's not true. And following commands
nodedev-{reattach,reset} will be successful.
How to reproduce:
1) Define two domains with same PCI device defined in the confs.
2) # virsh start domain1
3) # virsh start domain2
4) # virsh nodedev-reattach $pci_device
You will see the device will be reattached to host successfully.
As pciDeviceReattach just check if the device is still used by
other domain via checking if the device is in list driver->activePciHostdevs,
however, the device is deleted from the list by step 2).
This patch is to prohibit the bug by:
1) Prohibit a domain starting or device attachment right at
preparation period (qemuPrepareHostdevPCIDevices) if the
device is in list driver->activePciHostdevs, which means
it's used by other domain.
2) Introduces a new field for struct _pciDevice, (const char *used_by),
it will be set as the domain name at preparation period,
(qemuPrepareHostdevPCIDevices). Thus we can prohibit deleting
the device from driver->activePciHostdevs if it's still used by
other domain when stopping the domain process.
* src/pci.h (define two internal functions, pciDeviceSetUsedBy and
pciDevceGetUsedBy)
* src/pci.c (new field "const char *used_by" for struct _pciDevice,
implementations for the two new functions)
* src/libvirt_private.syms (Add the two new internal functions)
* src/qemu_hostdev.h (Modify the definition of functions
qemuPrepareHostdevPCIDevices, and qemuDomainReAttachHostdevDevices)
* src/qemu_hostdev.c (Prohibit preparation and don't delete the
device from activePciHostdevs list if it's still used by other domain)
* src/qemu_hotplug.c (Update function usage, as the definitions are
changed)
Signed-off-by: Eric Blake <eblake@redhat.com>
virInitialize() → xenRegister() → xenhypervisorInit() determines the
version of the Hypervisor. This breaks xencapstest when building as root
on a dom0 system, since xenHypervisorBuildCapabilities() adds the "hap"
and "viridian" features based on the detected version.
Add an optional parameter to xenhypervisorInit() to disable automatic
detection of the Hypervisor version. The passed in arguments are used
instead.
Signed-off-by: Philipp Hahn <hahn@univention.de>
Calling virInitialize() → xenRegister() → xenhypervisorInit() directly
opens a connection to the Xen Hypervisor, which breaks some unit tests.
Move all static variables into a struct to make it easier to override
them when testing.
Signed-off-by: Philipp Hahn <hahn@univention.de>
Coverity detected that the only way to get to the cleanup label
is if objectSpec had been successfully allocated, so the null
check was dead code.
* src/esx/esx_vi.c (esxVI_LookupObjectContentByType): Drop
redundant null check.
When defining macros, you can't put comments on the end of the
line because they will get included in the macro definition
* mingw32-libvirt.spec.in: Fix comment about hyperv
Detected by Coverity. Leak present since commit 874e65a; and
while commit d50bb45 tried to fix the issue, it missed a path.
* src/conf/domain_conf.c (virDomainDefParseBootXML): Always clean
up useserial.
Setting a hostname that cannot be resolved is not the best configuration
but since virGetHostname only calls getaddrinfo to get host's canonical
name and we do not fail if the returned canonical name is NULL or
"localhost", there is no reason why we should fail if getaddrinfo itself
fails.
Detected by Coverity. p (the pointer to the string) is always true;
when in reality, we wanted to know whether the integer value of the
just-parsed string is '0' or '1'. Logic bug since commit b1b5b51.
* src/qemu/qemu_monitor_text.c (qemuMonitorTextGetBlockInfo): Set
results to proper value.
Detected by Coverity. If, for some reason, our text monitor input
does not match our assumptions, we end up incrementing p while it
is NULL, then dereferencing the pointer 0x1, which will fault.
* src/qemu/qemu_monitor_text.c
(qemuMonitorTextGetBlockStatsParamsNumber): Rewrite to avoid
deref of strchr failure. Fix indentation.
Coverity complained that most, but not all, clients of virUUIDParse
were checking for errors. Silence those coverity warnings by
explicitly marking the cases where we trust the input, and fixing
one instance that really should have been checking. In particular,
this silences a rather large percentage of the warnings I saw on my
most recent Coverity analysis run.
* src/util/uuid.h (virUUIDParse): Enforce rules.
* src/util/uuid.c (virUUIDParse): Drop impossible check; at least
Coverity will detect if we break rules and pass NULL.
* src/xenapi/xenapi_driver.c (xenapiDomainCreateXML)
(xenapiDomainLookupByID, xenapiDomainLookupByName)
(xenapiDomainDefineXML): Ignore return when we trust data source.
* src/vbox/vbox_tmpl.c (nsIDtoChar, vboxIIDToUUID_v3_x)
(vboxCallbackOnMachineStateChange)
(vboxCallbackOnMachineRegistered, vboxStoragePoolLookupByName):
Likewise.
* src/node_device/node_device_hal.c (gather_system_cap): Likewise.
* src/xenxs/xen_sxpr.c (xenParseSxpr): Check for errors.
In virFDStreamOpenFileInternal(), a errfd pipe is opened by
virCommandRunAsync() and given to virFDStreamOpenInternal().
It seems virFDStream should close errfd, just like the other
fd it is given.
This fixes screenshots leaking FDs:
http://bugzilla.redhat.com/show_bug.cgi?id=745761
virCommandTransferFD promises that the fd is no longer owned by
the caller. Normally, we want the fd to remain open until the
child runs, but in error situations, we must close it earlier.
* src/util/command.c (virCommandTransferFD): Close fd now if we
can't track it to close later.
(virCommandKeepFD): Adjust helper to make this easier.
* libvirt.spec.in (%configure): Drop unused %{one} macro.
* mingw32-libvirt.spec.in (%{rhel}): Compile ESX but not HyperV on
mingw build for RHEL.
(%build): Make configure honor spec conditionals. Reorder to
match libvirt.spec.
* autobuild.sh (mingw): Update list to match.
Suggested by Daniel P. Berrange.
As this is needed. Although some functions check for domain
being active before obtaining job, we need to check it after,
because obtaining job unlocks domain object, during which
a state of domain can be changed.
Currently, push & pop from event queue (both server & client side)
rely on lock from higher levels, e.g. on driver lock (qemu),
private_data (remote), ...; This alone is not sufficient as not
every function that interacts with this queue can/does lock,
esp. in client where we have a different approach, "passing
the buck".
Therefore we need a separate lock just to protect event queue.
For more info see:
https://bugzilla.redhat.com/show_bug.cgi?id=743817
This patch extends qemudDomainCoreDump so it supports new VIR_DUMP_RESET
flag. If this flag is set, domain is reset on successful dump. However,
this is needed to be done after we start CPUs.
Add support for enabling debug output via command line option.
Allow to toggle the loop implementation between pure-Python and
native-C.
Signed-off-by: Philipp Hahn <hahn@univention.de>
When --help is requested, print usage() to stdout.
When an illegal option is passed, print usage to stderr.
Signed-off-by: Philipp Hahn <hahn@univention.de>
sys.argv contains the original command line arguments, while args only
contains the arguments not handled by getopt(). Currently this is no
problem since --help is the only command line option passable, which
terminates the process, so the code is never reached. Any option added
in the future will reveal the bug.
Signed-off-by: Philipp Hahn <hahn@univention.de>
With the recent refactoring of qemu snapshot relationships, it
is now trivial to filter on leaves.
* src/conf/domain_conf.c (virDomainSnapshotObjListCount)
(virDomainSnapshotObjListCopyNames): Handle new flag.
* src/qemu/qemu_driver.c (qemuDomainSnapshotListNames)
(qemuDomainSnapshotNum, qemuDomainSnapshotListChildrenNames)
(qemuDomainSnapshotNumChildren): Pass new flag through.
For some versions of Xen the difference between "tap" and "tap2" is
important. When converting back from xen-sxpr to libvirt-xml, that
information is lost, which breaks re-defining the domain using that
data.
Explicitly return "tap2" for disks defined as "device/tap2".
Signed-off-by: Philipp Hahn <hahn@univention.de>
When PyGrub is used as the bootloader in Xen, it gets passed the first
bootable disk. Xend supports a "bootable"-flag for this, which isn't
explicitly supported by libvirt.
When converting libvirt-xml to xen-sxpr the "bootable"-flag gets
implicitly set by xen.xend.XenConfig.device_add() for the first disk
(marked as "Compat hack -- mark first disk bootable").
When converting back xen-sxpr to libvirt-xml, the disks are returned in
the internal order used by Xend ignoring the "bootable"-flag, which
loses the original order. When the domain is then re-defined, the order
of disks is changed, which breaks PyGrub, since a different disk gets
passed.
When converting xen-sxpr to libvirt-xml, use the "bootable"-flag to
determine the first disk.
This isn't perfect, since several disks can be marked as bootable using
the Xend-API, but that is not supported by libvirt. In all known cases
relevant to libvirt exactly one disk is marked as bootable.
Signed-off-by: Philipp Hahn <hahn@univention.de>
AM_TESTS has support for skipping tests, while the C-implementation
virtTestRun() does not support that feature.
Print "_" or "SKIP" in verbose mode for tests returning EXIT_AM_SKIP=77.
Signed-off-by: Philipp Hahn <hahn@univention.de>
VirtFS allows the user to choose between path/handle based fs driver.
As of now, libvirt hardcoded path based driver only. This patch provides
a solution to allow user to choose between path/handle based fs driver.
Sample:
<filesystem type='mount'>
<driver type='handle'/>
<source dir='/folder/to/share1'/>
<target dir='mount_tag1'/>
</filesystem>
<filesystem type='mount'>
<driver type='path'/>
<source dir='/folder/to/share2'/>
<target dir='mount_tag2'/>
</filesystem>
Signed-off-by: Harsh Prateek Bora <harsh@linux.vnet.ibm.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
Implement a generic helper to escape a given set of characters with a
leading '\'. Generalizes virBufferEscapeSexpr().
Signed-off-by: Sage Weil <sage@newdream.net>
This is a regression introduced by new RPC codes, previously
we advertise the service via ssh even if the daemon doesn't
listen on TLS port (TCP is not choosed). Now the service is
only advertised when it listens on TLS or TCP port. This breaks
upper layer apps which intends to discover the service, such
as virt-manager.
The previous optimizations lead to some follow-on cleanups.
* src/conf/domain_conf.c (virDomainSnapshotForEachChild)
(virDomainSnapshotForEachDescendant): Drop dead parameter.
(virDomainSnapshotActOnDescendant)
(virDomainSnapshotObjListNumFrom)
(virDomainSnapshotObjListGetNamesFrom): Update callers.
* src/qemu/qemu_driver.c (qemuDomainSnapshotNumChildren)
(qemuDomainSnapshotListChildrenNames, qemuDomainSnapshotDelete):
Likewise.
* src/conf/domain_conf.h: Update prototypes.
Among other improvements, virDomainSnapshotForEachDescendant is
changed from iterative O(n^2) to recursive O(n). A bit better
than the O(n^3) implementation in virsh snapshot-list!
* src/conf/domain_conf.c (virDomainSnapshotObjListNum)
(virDomainSnapshotObjListNumFrom)
(virDomainSnapshotObjeListGetNames, virDomainSnapshotForEachChild)
(virDomainSnapshotForEachDescendant): Optimize.
(virDomainSnapshotActOnDescendant): Tweak.
(virDomainSnapshotActOnChild, virDomainSnapshotMarkDescendant):
Delete, now that they are unused.
Maintain the parent/child relationships of all qemu snapshots.
* src/qemu/qemu_driver.c (qemuDomainSnapshotLoad): Populate
relationships after loading.
(qemuDomainSnapshotCreateXML): Set relations on creation; tweak
redefinition to reuse existing object.
(qemuDomainSnapshotReparentChildren, qemuDomainSnapshotDelete):
Clear relations on delete.
No one was using virDomainSnapshotHasChildren, but that was an
O(n) function. Exposing and tracking a bit more metadata for each
snapshot will allow the same query to be made with an O(1) query
of the member field. For single snapshot operations (create,
delete), callers can be trusted to maintain the metadata themselves,
but for reloading, we can't compute parents as we go since there
is no guarantee that parents were parsed before children, so we also
provide a function to refresh the relationships, and which can
be used to detect if the user has ignored our warnings and been
directly modifying files in /var/lib/libvirt/qemu/snapshot. This
patch only adds metadata; later patches will actually use it.
This layout intentionally hardcodes the size of each snapshot struct,
by tracking sibling pointers, rather than having to deal with the
headache of yet more memory management by directly sticking a
dynamically sized child[] on each parent.
* src/conf/domain_conf.h (_virDomainSnapshotObj)
(_virDomainSnapshotObjList): Add members.
(virDomainSnapshotUpdateRelations, virDomainSnapshotDropParent):
New prototypes.
(virDomainSnapshotHasChildren): Delete.
* src/conf/domain_conf.c (virDomainSnapshotSetRelations)
(virDomainSnapshotUpdateRelations, virDomainSnapshotDropParent):
New functions.
(virDomainSnapshotHasChildren): Drop unused function.
* src/libvirt_private.syms (domain_conf): Update exports.
To date, JSON disk snapshots worked by accident, as they were always
using hmp fallback due to a typo in commit e702b5b not picking up
on the (intentional) difference in command names between the two
monitor protocols.
* src/qemu/qemu_monitor_json.c (qemuMonitorJSONDiskSnapshot):
Spell QMP command correctly.
Reported by Luiz Capitulino.
Rather than having to do:
$ virsh snapshot-revert dom $(virsh snapshot-current dom --name)
I thought it would be nice to do:
$ virsh snapshot-revert dom --current
I didn't add 'virsh snapshot-dumpxml --current' since we already have
'virsh snapshot-current' for the same task. snapshot-list accepted
a name but did not require it, and that remains the case, with
--current serving in place of that name. For all other commands,
name used to be required, and can now be replaced by --current;
I intentionally made it so that omitting both --current and a name
is an error (having the absence of a name imply --current seems
just a bit too magic, so --current must be explicit). I also had
to keep snapshot-edit backwards-compatible, as the only command
that already had a --current argument alongside a name, which still
works to both edit a named snapshot and make it current.
* tools/virsh.c (vshLookupSnapshot): New helper function.
(cmdSnapshotEdit, cmdSnapshotList, cmdSnapshotParent)
(cmdSnapshotDelete, cmdDomainSnapshotRevert): Use it, adding an
option where needed.
* tools/virsh.pod (snapshot-delete, snapshot-edit)
(snapshot-list, snapshot-parent, snapshot-revert): Document
use of --current.
(snapshot-dumpxml): Mention alternative.
Detected by autogen.sh on a cross-mingw build:
Creating library file: .libs/libvirt.dll.a
Cannot export virNetSASLContextCheckIdentity: symbol not defined
Cannot export virNetSASLContextNewServer: symbol not defined
...
* src/libvirt_private.syms (virnetsaslcontext.h): Move symbols...
* src/libvirt_sasl.syms: ...to new file.
* src/Makefile.am (USED_SYM_FILES) [HAVE_SASL]: Use new file.
(EXTRA_DIST): Ship it.
I got these distcheck failures with sanlock enabled:
ERROR: files left in build directory after distclean:
./tools/virt-sanlock-cleanup
./src/locking/qemu-sanlock.conf
* src/Makefile.am (DISTCLEANFILES) [HAVE_SANLOCK]: Clean built
file.
* tools/Makefile.am (DISTCLEANFILES): Likewise.
when building libvirt in Fedora/s390x I've found that xenlight needs to
be explicitly disabled in the spec file. Configure properly sets the
library as non-existent, but the %files section still wants to package
the 3 /var/*/libvirt/libxl directories. See also
https://bugzilla.redhat.com/show_bug.cgi?id=745020
Building on Linux with dtrace enabled was failing 'make check':
CCLD nodeinfotest
../src/.libs/libvirt_test.a(libvirt_net_rpc_client_la-virnetclient.o): In function `virNetClientNew':
/home/remote/eblake/libvirt/src/rpc/virnetclient.c:162: undefined reference to `libvirt_rpc_client_new_semaphore'
On looking further, I see some earlier warnings emitted from libtool:
*** Warning: Linking the shared library libvirt.la against the non-libtool
*** objects probes.o is not portable!
Since src/probes.o is only built on Linux, and even then, only when
dtrace is enabled, this failure does not affect other platforms, and
despite libtool warning that it is not generally portable, it is not
a problem for our use-case in libvirt.la. But it turns out that while
libtool is willing to jam raw .o files into an installed shared
library (libvirt.la becomes libvirt.so), it is NOT willing to jam
the same .o file into the convenience library libvirt_test.la.
Perhaps this is a bug in libtool, but even if we get libtool fixed,
libvirt must continue to build on platforms with older libtool. So,
the fix is the same as we are already using for the libvirt_lxc
executable - don't rely on the .o file being in the convenience
library, but instead use LDADD to pull it in directly.
* tests/Makefile.am (PROBES_O): New macro.
(LDADDS): Use it to fix link errors.
This removes the old example for legacy probes and adds two
new scripts demonstrating many of the new probe point facilities.
The rpc-monitor.stp script will print out friendly details of all
RPC traffic between a libvirt client/server. This is incredibly
useful in seeing what RPC calls are being made, and also debugging
problems in the RPC protocol code
The events.stp script will print out lots of info about the poll
event loop, which is useful for debugging event handling problems
* examples/systemtap/events.stp, examples/systemtap/rpc-monitor.stp:
New examples
* examples/systemtap/client.stp: Remove obsolete example
The libvirtd daemon had a few crude system tap probes. Some of
these were broken during the RPC rewrite. The new modular RPC
code is structured in a way that allows much more effective
tracing. Instead of trying to hook up the original probes,
define a new set of probes for the RPC and event code.
The master probes file is now src/probes.d. This contains
probes for virNetServerClientPtr, virNetClientPtr, virSocketPtr
virNetTLSContextPtr and virNetTLSSessionPtr modules. Also add
probes for the poll event loop.
The src/dtrace2systemtap.pl script can convert the probes.d
file into a libvirt_probes.stp file to make use from systemtap
much simpler.
The src/rpc/gensystemtap.pl script can generate a set of
systemtap functions for translating RPC enum values into
printable strings. This works for all RPC header enums (program,
type, status, procedure) and also the authentication enum
The PROBE macro will automatically generate a VIR_DEBUG
statement, so any place with a PROBE can remove any existing
manual DEBUG statements.
* daemon/libvirtd.stp, daemon/probes.d: Remove obsolete probing
* daemon/libvirtd.h: Remove probe macros
* daemon/Makefile.am: Remove all probe buildings/install
* daemon/remote.c: Update authentication probes
* src/dtrace2systemtap.pl, src/rpc/gensystemtap.pl: Scripts
to generate STP files
* src/internal.h: Add probe macros
* src/probes.d: Master list of probes
* src/rpc/virnetclient.c, src/rpc/virnetserverclient.c,
src/rpc/virnetsocket.c, src/rpc/virnettlscontext.c,
src/util/event_poll.c: Insert probe points, removing any
DEBUG statements that duplicate the info
Pull the call to gnutls_x509_crt_get_dn up into a higher function
so that the 'dname' variable will be available for probe points
* src/rpc/virnettlscontext.c: Pull gnutls_x509_crt_get_dn up
one level
If we receive an error on the stream, set the EOF marker so
that any further (bogus) incoming data is dropped.
* src/rpc/virnetclientstream.c: Set EOF on stream
To avoid static linking libvirtd to the RPC server code, which
then prevents sane introduction of DTrace probes, put it all
in the libvirt.so, and export it
* daemon/Makefile.am: Don't link to RPC libraries
* src/Makefile.am: Link all RPC libraries to libvirt.so
* src/libvirt_private.syms: Export all RPC functions
It was fairly trivial to return snapshot listing based on a
point in the hierarchy, rather than starting at all roots.
* src/esx/esx_driver.c (esxDomainSnapshotNumChildren)
(esxDomainSnapshotListChildrenNames): New functions.
Not too hard to wire up. The trickiest part is realizing that
listing children of a snapshot cannot use SNAPSHOT_LIST_ROOTS,
and that we overloaded that bit to also mean SNAPSHOT_LIST_DESCENDANTS;
we use that bit to decide which iteration to use, but don't want
the existing counting/listing functions to see that bit.
* src/conf/domain_conf.h (virDomainSnapshotObjListNumFrom)
(virDomainSnapshotObjListGetNamesFrom): New prototypes.
* src/conf/domain_conf.c (virDomainSnapshotObjListNumFrom)
(virDomainSnapshotObjListGetNamesFrom): New functions.
* src/libvirt_private.syms (domain_conf.h): Export them.
* src/qemu/qemu_driver.c (qemuDomainSnapshotNumChildren)
(qemuDomainSnapshotListChildrenNames): New functions.
Very mechanical. I'm so glad we've automated the generation of things,
compared to what it was in 0.8.x days, where this would be much longer.
* src/remote/remote_protocol.x
(REMOTE_PROC_DOMAIN_SNAPSHOT_NUM_CHILDREN)
(REMOTE_PROC_DOMAIN_SNAPSHOT_LIST_CHILDREN_NAMES): New rpcs.
(remote_domain_snapshot_num_children_args)
(remote_domain_snapshot_num_children_ret)
(remote_domain_snapshot_list_children_names_args)
(remote_domain_snapshot_list_children_names_ret): New structs.
* src/remote/remote_driver.c (remote_driver): Use it.
* src/remote_protocol-structs: Update.
Given a list of snapshots and their parents, finding all descendants
requires a hairy traversal. This code is O(n^3); it could maybe be
made to scale O(n^2) with the use of a hash table, but that costs more
memory. Hopefully there aren't too many people with a hierarchy
so large as to approach REMOTE_DOMAIN_SNAPSHOT_LIST_NAMES_MAX (1024).
* tools/virsh.c (cmdSnapshotList): Add final fallback.
Iterating over one level of children requires parsing all snapshots
and their parents; a bit of code shuffling makes it pretty easy
to do this as well.
* tools/virsh.c (cmdSnapshotList): Add another fallback.
Emulating --from requires grabbing the entire list of snapshots
and their parents, and recursively iterating over the list from
the point of interest - but we already do that for --tree. This
turns on emulation for that situation.
* tools/virsh.c (__vshControl): Rename member.
(vshReconnect, cmdConnect, vshGetSnapshotParent): Update clients.
(cmdSnapshotList): Add fallback.
Sometimes, we only care about one branch of the snapshot hierarchy.
Make it easier to list a single branch, by using the new APIs.
Technically, I could emulate these new virsh options on old servers
by doing a complete dump, then scraping xml to filter out just the
snapshots that I care about, but I didn't want to do that in this patch.
* tools/virsh.c (cmdSnapshotList): Add --from, --descendants.
* tools/virsh.pod (snapshot-list): Document them.
The previous API addition allowed traversal up the hierarchy;
this one makes it easier to traverse down the hierarchy.
In the python bindings, virDomainSnapshotNumChildren can be
generated, but virDomainSnapshotListChildrenNames had to copy
from the hand-written example of virDomainSnapshotListNames.
* include/libvirt/libvirt.h.in (virDomainSnapshotNumChildren)
(virDomainSnapshotListChildrenNames): New prototypes.
(VIR_DOMAIN_SNAPSHOT_LIST_DESCENDANTS): New flag alias.
* src/libvirt.c (virDomainSnapshotNumChildren)
(virDomainSnapshotListChildrenNames): New functions.
* src/libvirt_public.syms: Export them.
* src/driver.h (virDrvDomainSnapshotNumChildren)
(virDrvDomainSnapshotListChildrenNames): New callbacks.
* python/generator.py (skip_impl, nameFixup): Update lists.
* python/libvirt-override-api.xml: Likewise.
* python/libvirt-override.c
(libvirt_virDomainSnapshotListChildrenNames): New wrapper function.
On xen 4.1 I observed configurations that look like:
(image
(hvm
(kernel '')
(loader '/foo/bar')
))
The kernel element is there but unset. This leads to an empty <kernel/>
element in the XML and even worse makes us skip the boot order parsing
and therefore not emit a <boot device='$dev>'/> element which breaks CD
booting.
otherwise a missing UUID in a domain config just shows:
error: An error occurred, but the cause is unknown
Now we have:
error: configuration file syntax error: config value uuid was missing
I was a bit surprised that 'virsh snapshot-edit dom name' silently
allowed me to clone things, while still telling me the old name,
especially since other commands like 'virsh edit dom' reject rename
attempts (*). This fixes things to be more explicit (**).
(*) Technically, 'virsh edit dom' relies on virDomainDefineXML
behavior, which rejects attempts to mix a new name with existing
uuid or new uuid with existing name, but you can create a new
domain by changing both uuid and name. On the other hand, while
snapshot-edit --clone is a true clone, creating a new domain
would also have to decide whether to clone snapshot metadata,
managed save, and any other secondary data related to the domain.
Domain renames are not trivial either.
(**) Renaming or creating a clone is still a risky proposition -
for offline snapshots and system checkpoints, if the new name
does not match an actual name recorded in the qcow2 internal
snapshots, then you cannot revert to the new checkpoint. But it
is assumed that anyone using the new virsh flags knows what they
are doing, and can deal with the fallout caused by a rename/clone;
that is, we can't completely prevent a user from shooting
themselves in the foot, so much as we are making the default
action less risky.
* tools/virsh.c (cmdSnapshotEdit): Add --rename, --clone.
* tools/virsh.pod (snapshot-edit): Document them.
* src/storage/storage_backend_logical.c:
If a logical vol is created as striped. (e.g. --stripes 3),
the "device" field of lvs output will have multiple fileds which are
seperated by comma. Thus the RE we write in the codes will not
work well anymore. E.g. (lvs output for a stripped vol, uses "#" as
seperator here):
test_stripes##fSLSZH-zAS2-yAIb-n4mV-Al9u-HA3V-oo9K1B#\
/dev/sdc1(10240),/dev/sdd1(0)#42949672960#4194304
The RE we use:
const char *regexes[] = {
"^\\s*(\\S+),(\\S*),(\\S+),(\\S+)\\((\\S+)\\),(\\S+),([0-9]+),?\\s*$"
};
Also the RE doesn't match the "devices" field of striped vol properly,
it contains multiple "device path" and "offset".
This patch mainly does:
1) Change the seperator into "#"
2) Change the RE for "devices" field from "(\\S+)\\((\\S+)\\)"
into "(\\S+)".
3) Add two new options for lvs command, (segtype, stripes)
4) Extend the RE to match the value for the two new fields.
5) Parse the "devices" field seperately in virStorageBackendLogicalMakeVol,
multiple "extents" info are generated if the vol is striped. The
number of "extents" is equal to the stripes number of the striped vol.
A incidental fix: (virStorageBackendLogicalMakeVol)
Free "vol" if it's new created and there is error.
Demo on striped vol with the patch applied:
% virsh vol-dumpxml /dev/test_vg/vol_striped2
<volume>
<name>vol_striped2</name>
<key>QuWqmn-kIkZ-IATt-67rc-OWEP-1PHX-Cl2ICs</key>
<source>
<device path='/dev/sda5'>
<extent start='79691776' end='88080384'/>
</device>
<device path='/dev/sda6'>
<extent start='62914560' end='71303168'/>
</device>
</source>
<capacity>8388608</capacity>
<allocation>8388608</allocation>
<target>
<path>/dev/test_vg/vol_striped2</path>
<permissions>
<mode>0660</mode>
<owner>0</owner>
<group>6</group>
<label>system_u:object_r:fixed_disk_device_t:s0</label>
</permissions>
</target>
</volume>
RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=727474
If parsing qemu command line fails (e.g. because of non-existing
process number supplied), we jump to cleanup label where we free
pidfile. Therefore it needs to be initialized. Otherwise we free
random pointer.
Coverity complained that 4 out of 5 callers to virJSONValueObjectGetBoolean
checked for errors. But we documented that we don't care in this case.
* src/qemu/qemu_monitor_json.c (qemuMonitorJSONGetBlockInfo): Use
ignore_value.
Detected by Coverity. We want to increment the size_t counter,
not the pointer to the counter. Bug present since 5f5c6fde (0.9.5).
* src/lxc/lxc_controller.c (lxcSetupLoopDevices): Use correct
precedence.
virsh undefine command can now undefine an active guest, but the help information is still the old.
This patch modifies it and make it coincident to the manpage of virsh.
Signed-off-by: tangchen <tangchen@cn.fujitsu.com>
If we send back an unknown program error for async messages,
we will confuse the client because they only expect replies
for method calls. Just log & drop any invalid async messages
* src/rpc/virnetserver.c: Don't send error for async messages
Commit 597fe3cee6 accidentally
introduced a deadlock when reporting an unknown RPC program.
The virNetServerDispatchNewMessage method is called with
the client locked, and must therefore not attempt to send
any RPC messages back to the client. Only once the incoming
message is passed off to the virNetServerHandleJob worker
is it safe to start sending messages back
* src/rpc/virnetserver.c: Delay checking for unknown RPC
program until in worker thread
Redefining disk-only snapshot xml should work even if the user
did not explicitly pass VIR_DOMAIN_SNAPSHOT_CREATE_DISK_ONLY;
the flag is only required for conditions where the <state>
subelement is not already present in parsing (that is, defining
a new snapshot).
Also, fix the error code of some user-visible errors (the remaining
VIR_ERR_INTERNAL_ERROR should not be user-visible, since parsing
of <active> is only done from internal code).
* src/conf/domain_conf.c (virDomainSnapshotDefParseString): Allow
disks during redefinition of disk snapshot.
It was impossible for 'virsh snapshot-current dom name' to set name
as the current snapshot, if name is a disk-only snapshot.
Using strstr rather than full-blown xml parsing is safe, since the
xml is assumed to be well-formed coming from libvirtd rather than
arbitrary text coming from the user.
* tools/virsh.c (cmdSnapshotCurrent, cmdSnapshotEdit): Pass
disk_only flag when redefining a disk snapshot.
I am getting this failure with 'make distcheck':
GEN ../../src/remote_protocol-structs
/bin/sh: ../../src/remote_protocol-structs-t: Permission denied
make[4]: *** [../../src/remote_protocol-structs] Error 1
since it attempts a sub-run of a VPATH 'make check' where $(srcdir)
is intentionally read-only. I'm not sure which commit introduced
the problem, although I suspect it was around 62dee6f when I
refactored protocol struct checking to be more powerful.
$(@F) is required by POSIX, and although it is not yet portable
to all make implementations, we already require GNU make.
* src/Makefile.am (PDWTAGS): Generate temp file into current
directory, since $(srcdir) is read-only during distcheck.
Previously libvirt's disk device XML only had a single attribute,
error_policy, to control both read and write error policy, but qemu
has separate options for controlling read and write. In one case
(enospc) a policy is allowed for write errors but not read errors.
This patch adds a separate attribute that sets only the read error
policy. If just error_policy is set, it will apply to both read and
write error policy (previous behavior), but if the new rerror_policy
attribute is set, it will override error_policy for read errors only.
Possible values for rerror_policy are "stop", "report", and "ignore"
("report" is the qemu-controlled default for rerror_policy when
error_policy isn't specified).
For consistency, the value "report" has been added to the possible
values for error_policy as well.
commit 12062ab set rerror=ignore when error_policy="enospace" was
selected (since the rerror option in qemu doesn't accept "enospc", as
the werror option does).
After that patch was already pushed, Paolo Bonzini noticed it and
commented that leaving rerror at the default ("report") would be a
better choice. This patch corrects the problem - if error_policy =
"enospace" is given, rerror is left off the qemu commandline,
effectively setting it to "report". For other values, rerror is still
set to match werror.
Additionally, the parsing of error_policy was changed to no longer
erroneously allow "default" as a choice - as with most other
attributes, if you want the default setting, just don't specify an
error_policy.
Finally, two ommissions in the first patch were corrected - a
long-dormant qemuxml2argv test for enospace was enabled, and fixed to
pass, and the argv2xml parser in qemu_command.c was updated to
recognize the different spelling on the qemu commandline.
Now that RHEL 6.2 Beta is out, it would be nice to test multifunction
devices on that platform. This changes things so that the multifunction
cap bit can be set in two different ways: by version comparison (needed
for qemu 0.13 which lacked a -device query), and by -device query
(provided by qemu.git and backported to the RHEL beta build of
qemu-kvm which still claims to be a modified 0.12, and therefore needed
for RHEL).
* src/qemu/qemu_capabilities.c (qemuCapsParseDeviceStr): Allow
second method of setting multifunction cap bit.
* tests/qemuhelptest.c (mymain): Test it.
* tests/qemuhelpdata/qemu-kvm-0.12.1.2-rhel62-beta: New file.
* tests/qemuhelpdata/qemu-kvm-0.12.1.2-rhel62-beta-device: Likewise.
If using one of the new non-NAT/routed virtual network
configurations, the LXC driver would not know how to
setup the VETH devices. Adding in calls to setup the
"actual" network configuration at VM startup and cleanup
when shutting down fixes this.
* src/lxc/lxc_driver.c: Setup/cleanup actual net devs
https://bugzilla.redhat.com/show_bug.cgi?id=740899 documents that
if qemu uses aio=native for its disks, then it consumes 128 aio
requests per disk. On a host with multiple guests, this can quickly
run out of kernel aio requests with the default aio-max-nr of
65536. Kernel developers have confirmed that there is no up-front
cost to raising this limit (a larger limit merely implies that more
aio requests can be issued in parallel, which in turn will result
in more kernel memory allocation, only if the system really does use
that many requests). Since the system default limit prevents 256
disks, which is well within libvirt's current scalability, this
patch installs a file to raise the limit and document it in case a
system administrator has further cause to tune the limit. The
install only works on platforms new enough to source /etc/sysctl.d/*
alongside /etc/sysctl.conf (F14 and RHEL 6).
* daemon/libvirtd.sysctl: New file.
* daemon/Makefile.am (EXTRA_DIST): Ship it.
(install-init, uninstall-init): Install it.
* libvirt.spec.in (%files): Include it in rpm.
Implements the documentation for snapshot revert vs. force.
Part of the patch tightens existing behavior (previously, reverting
to an old snapshot without <domain> was blindly attempted, now it
requires force), while part of it relaxes behavior (previously, it
was not possible to revert an active domain to an ABI-incompatible
active snapshot, now force allows this transition).
* src/qemu/qemu_driver.c (qemuDomainRevertToSnapshot): Check for
risky situations, and allow force to get past them.
Once we know which set of disks belong to a snapshot, reverting or
deleting that snapshot should visit just those disks, rather than
also visiting disks that were hot-plugged in the meantime or
skipping disks that were hot-unplugged in the meantime.
* src/qemu/qemu_domain.c (qemuDomainSnapshotForEachQcow2): Use
snapshot domain details when available. Avoid NULL deref.
Although reverting to a snapshot is a form of data loss, this is
normally expected. However, there are two cases where additional
surprises (failure to run the reverted state, or a break in
connectivity to the domain) can come into play. Requiring extra
acknowledgment in these cases will make it less likely that
someone can get into an unrecoverable state due to a default revert.
Also create a new error code, so users can distinguish when forcing
would make a difference, rather than having to blindly request force.
* include/libvirt/libvirt.h.in (VIR_DOMAIN_SNAPSHOT_REVERT_FORCE):
New flag.
* src/libvirt.c (virDomainRevertToSnapshot): Document it.
* include/libvirt/virterror.h (VIR_ERR_SNAPSHOT_REVERT_RISKY): New
error value.
* src/util/virterror.c (virErrorMsg): Implement it.
* tools/virsh.c (cmdDomainSnapshotRevert): Add --force to virsh.
* tools/virsh.pod (snapshot-revert): Document it.
Commit 9f5e53e introduced the ability to filter snapshots to
just roots, but it was never implemented for VBox until now.
The VBox implementation prohibits deletion of a snapshot with
multiple children. Hence, there can only be at most one root,
which is found by searching for the snapshot with a NULL uuid.
Prior to 4.0, snapshotGet looked up by UUID, and snapshotFind
looked up by name; after that point, snapshotGet disappeared
and snapshotFind handles uuid or name.
* src/vbox/vbox_tmpl.c (vboxDomainSnapshotNum)
(vboxDomainSnapshotListNames): Implement limiting list to root.
Qemu driver tries to update balloon data in virDomainGetInfo and if it
can't do so because there is another monitor job running, it just
reports what's known in domain def. However, if there was no job running
but getting the data from qemu fails, we would fail the whole API. This
doesn't make sense. Let's make the failure nonfatal.
No need to request the parent of a snapshot if we aren't going to use it.
* src/esx/esx_vi.c (esxVI_GetSnapshotTreeByName): Make parent
optional.
* src/esx/esx_driver.c (esxDomainSnapshotCreateXML)
(esxDomainSnapshotLookupByName, esxDomainRevertToSnapshot)
(esxDomainSnapshotDelete): Simplify accordingly.
Commit 9f5e53e introduced the ability to filter snapshots to
just roots, but it was never implemented for ESX until now.
* src/esx/esx_vi.h (esxVI_GetNumberOfSnapshotTrees)
(esxVI_GetSnapshotTreeNames): Add parameter.
* src/esx/esx_vi.c (esxVI_GetNumberOfSnapshotTrees)
(esxVI_GetSnapshotTreeNames): Allow choice of recursion or not.
* src/esx/esx_driver.c (esxDomainSnapshotNum)
(esxDomainSnapshotListNames): Use it to limit to roots.
This resolves:
https://bugzilla.redhat.com/show_bug.cgi?id=730909
When support for setting the qemu disk error policy to "enospc" was
added, it was inadvertently spelled "enospace". This patch corrects
that on the qemu commandline (while retaining the "enospace" spelling
for libvirt's XML).
Also, while examining the qemu source, I found that "enospc" is not
allowed for the read error policy, only for write error policy (makes
sense). Since libvirt currently only has a single error policy
setting, when "enospace" is selected, the read error policy is set to
"ignore".
Previously, virsh 'snapshot-parent' and 'snapshot-current' were
completely silent in the case where the code conclusively proved
there was no parent or current snapshot, but differed in exit
status; this silence caused some confusion on whether the commands
worked. Furthermore, commit d1be48f introduced a regression where
snapshot-parent would leak output about an unknown function, but
only on the first attempt, when talking to an older server that
lacks virDomainSnapshotGetParent. This changes things to consistenly
report an error message and exit with status 1 when no snapshot
exists, and to avoid leaking unknown function warnings when using
fallbacks.
* tools/virsh.c (vshGetSnapshotParent): Alter signature, to
distinguish between real error and missing parent. Don't pollute
last_error on success.
(cmdSnapshotParent): Adjust caller. Always output message on
failure.
(cmdSnapshotList): Adjust caller.
(cmdSnapshotCurrent): Always output message on failure.
Destination libvirtd remembers the original name in the prepare phase
and clears it in the finish phase. The original name is used when
comparing domain name in migration cookie.
When booting a virtual machine with a kernel/initrd it is possible
to pass command line arguments using the <cmdline>...args...</cmdline>
element in the guest XML. These appear to the kernel / init process
in /proc/cmdline.
When booting a container we do not have a custom /proc/cmdline,
but we can easily set an environment variable for it. Ideally
we could pass individual arguments to the init process as a
regular set of 'char *argv[]' parameters, but that would involve
libvirt parsing the <cmdline> XML text. This can easily be added
later, even if we add the env variable now
* docs/drvlxc.html.in: Document env variables passed to LXC
* src/conf/domain_conf.c: Add <cmdline> to be parsed for
guests of type='exe'
* src/lxc/lxc_container.c: Set LIBVIRT_LXC_CMDLINE env var
This patch is a fix for:
https://bugzilla.redhat.com/show_bug.cgi?id=743176
which was discovered by Dan Berrange while making bandwidth
configuration work for LXC guests.
Background: Although virtportprofile data from a network portgroup is
only applicable for direct mode interfaces, the code that copies
bandwidth data from the portgroup was also only being executed in the
case of direct mode interfaces. The result was that interfaces using
traditional virtual networks (forward mode='nat|route|none'), and
those using a host bridge for forwarding, would not pick up bandwidth
data from a portgroup defined in the network.
This patch moves that code outside the conditional, so that bandwidth
information is *alway* copied from the appropriate portgroup (unless
the <interface> definition itself already has bandwidth information,
which would take precedence over what's in the portgroup anyway).
Code altered so that it is consistent with the associated comment. The
'autoconf' variable is forced to zero.
Signed-off-by: Neil Wilson <neil@brightbox.co.uk>
Do not crash if virStreamFinish is called after error.
==11000== Invalid read of size 4
==11000== at 0x373A8099A0: pthread_mutex_lock (pthread_mutex_lock.c:51)
==11000== by 0x4C7CADE: virMutexLock (threads-pthread.c:85)
==11000== by 0x4D57C31: virNetClientStreamRaiseError (virnetclientstream.c:203)
==11000== by 0x4D385E4: remoteStreamFinish (remote_driver.c:3541)
==11000== by 0x4D182F9: virStreamFinish (libvirt.c:14157)
==11000== by 0x40FDC4: cmdScreenshot (virsh.c:3075)
==11000== by 0x42BA40: vshCommandRun (virsh.c:14922)
==11000== by 0x42ECCA: main (virsh.c:16381)
==11000== Address 0x59b86c0 is 16 bytes inside a block of size 216 free'd
==11000== at 0x4A06928: free (vg_replace_malloc.c:427)
==11000== by 0x4C69E2B: virFree (memory.c:310)
==11000== by 0x4D57B56: virNetClientStreamFree (virnetclientstream.c:184)
==11000== by 0x4D3DB7A: remoteDomainScreenshot (remote_client_bodies.h:1812)
==11000== by 0x4CFD245: virDomainScreenshot (libvirt.c:2903)
==11000== by 0x40FB73: cmdScreenshot (virsh.c:3029)
==11000== by 0x42BA40: vshCommandRun (virsh.c:14922)
==11000== by 0x42ECCA: main (virsh.c:16381)
When support for was added for PCI multifunction cards (in commit
9f8baf, first included in libvirt 0.9.3), it was done by always
turning on the multifunction bit for all PCI devices. Since that time
it has been realized that this is not an ideal solution, and that the
multifunction bit must be selectively turned on. For example, see
https://bugzilla.redhat.com/show_bug.cgi?id=728174
and the discussion before and after
https://www.redhat.com/archives/libvir-list/2011-September/msg01036.html
This patch modifies multifunction support so that the multifunction=on
option is only added to the qemu commandline for a device if its PCI
<address> definition has the attribute "multifunction='on'", e.g.:
<address type='pci' domain='0x0000' bus='0x00'
slot='0x04' function='0x0' multifunction='on'/>
In practice, the multifunction bit should only be turned on if
function='0' AND other functions will be used in the same slot - it
usually isn't needed for functions 1-7 (although there are apparently
some exceptions, e.g. the Intel X53 according to the QEMU source
code), and should never be set if only function 0 will be used in the
slot. The test cases have been changed accordingly to illustrate.
With this patch in place, if a user attempts to assign multiple
functions in a slot without setting the multifunction bit for function
0, libvirt will issue an error when the domain is defined, and the
define operation will fail. In the future, we may decide to detect
this situation and automatically add multifunction=on to avoid the
error; even then it will still be useful to have a manual method of
turning on multifunction since, as stated above, there are some
devices that excpect it to be turned on for all functions in a slot.
A side effect of this patch is that attempts to use the same PCI
address for two different devices will now log an error (previously
this would cause the domain define operation to fail, but there would
be no log message generated). Because the function doing this log was
almost completely rewritten, I didn't think it worthwhile to make a
separate patch for that fix (the entire patch would immediately be
obsoleted).
error:could not take a screenshot of xp
==6216== Syscall param unlink(pathname) points to unaddressable byte(s)
==6216== at 0x373A0D4937: unlink (syscall-template.S:82)
==6216== by 0x40FD73: cmdScreenshot (virsh.c:3070)
==6216== by 0x42BA0D: vshCommandRun (virsh.c:14920)
==6216== by 0x42EC97: main (virsh.c:16379)
==6216== Address 0x0 is not stack'd, malloc'd or (recently) free'd
==6216==
error:Requested operation is not valid: domain is not running
If the regexes supported (?:pvs)?, then we could handle this by
optionally matching but not returning the initial command name. But it
doesn't. So add a new char* argument to
virStorageBackendRunProgRegex(). If that argument is NULL then we act
as usual. Otherwise, if the string at that argument is found at the
start of a returned line, we drop that before running the regex.
With this patch, virt-manager shows me lvs with command_names 1 or 0.
The definitions of PVS_BASE etc may want to be moved into the configure
scripts (though given how PVS is found, IIUC that could only happen if
pvs was a link to pvs_real), but in any case no sense dealing with that
until we're sure this is an ok way to handle it.
Signed-off-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
Currently, qemuDomainGetXMLDesc and qemudDomainGetInfo check for
outstanding synchronous job before (eventual) monitor entering.
However, there can be already async job set, e.g. migration.
Before, URIs such as hyperv+ssh:// have been declined by the Hyper-V
driver resulting in the remote driver trying to connect to an
non-existing libvirtd.
Now such URIs trigger an error in the yper-V driver suggesting to
try again without the transport part in the scheme.
Before, URIs such as esx+ssh:// have been declined by the ESX driver
resulting in the remote driver trying to connect to an non-existing
libvirtd.
Now such URIs trigger an error in the ESX driver suggesting to try
again without the transport part in the scheme.
there is no option "none":
>From libvirt/src/conf/domain_conf.c
<snip>
VIR_ENUM_IMPL(virDomainTimerTickpolicy,
VIR_DOMAIN_TIMER_TICKPOLICY_LAST,
"delay",
"catchup",
"merge",
"discard");
</snip>
Replacing with delay.
Signed-off-by: Douglas Schilling Landgraf <dougsland@redhat.com>
This patch is based on a improvement suggested by Kazuhiro Kikuchi
of Fujitsu, it gives a description of the target parameter for that
command
* tools/virsh.pod: add description for target parameter of
attach-interface
The man page suggest that the cpu_shares parameter of schedinfo
allows values 0-262144, but the kernel remaps values 0 and 1 to
the minimum 2, just document that behaviour:
[root@test ~]# cat /cgroup/cpu/libvirt/qemu/cpu.shares
1024
[root@test ~]# echo 0 > /cgroup/cpu/libvirt/qemu/cpu.shares
[root@test ~]# cat /cgroup/cpu/libvirt/qemu/cpu.shares
2
[root@test ~]# echo 1 > /cgroup/cpu/libvirt/qemu/cpu.shares
[root@test ~]# cat /cgroup/cpu/libvirt/qemu/cpu.shares
2
[root@test ~]#
* tools/virsh.pod: update description of the cpu_shares parameter
to indicate the values 0 and 1 are automatically changed by the
kernel to minimal value 2
If the daemon is restarted so we reconnect to monitor, cdrom media
can be ejected. In that case we don't want to show it in domain xml,
or require it on migration destination.
To check for disk status use 'info block' monitor command.
* src/qemu/qemu_migration.c: if 'vmdef' is NULL, the function
virDomainSaveConfig still dereferences it, it doesn't make
sense, so should add return value check to make sure 'vmdef'
is non-NULL before calling virDomainSaveConfig, in addition,
in order to debug later, also should record error information
into log.
Signed-off-by: Alex Jia <ajia@redhat.com>
First hypervisor implementation of the new API.
Allows 'virsh snapshot-list --tree' to be more efficient.
* src/qemu/qemu_driver.c (qemuDomainSnapshotGetParent): New
function.
Reuse the tree listing of nodedev-list, coupled with the new helper
function to efficiently grab snapshot parent names, to produce
tree output for a snapshot hierarchy. For example:
$ virsh snapshot-list dom --tree
root1
|
+- sibling1
+- sibling2
| |
| +- grandchild
|
+- sibling3
root2
|
+- child
* tools/virsh.c (cmdSnapshotList): Add --tree.
* tools/virsh.pod (snapshot-list): Document it.
Make parent computation reusable, using virDomainSnapshotGetParent
when possible.
* tools/virsh.c (vshGetSnapshotParent): New helper.
(cmdSnapshotParent): Use it.
Mostly straight-forward, although this is the first API that
returns a new snapshot based on a snapshot rather than a domain.
* src/remote/remote_protocol.x
(REMOTE_PROC_DOMAIN_SNAPSHOT_GET_PARENT): New rpc.
(remote_domain_snapshot_get_parent_args)
(remote_domain_snapshot_get_parent_ret): New structs.
* src/rpc/gendispatch.pl: Adjust generator.
* src/remote/remote_driver.c (remote_driver): Use it.
* src/remote_protocol-structs: Update.
Although a client can already obtain a snapshot's parent by
dumping and parsing the xml, then doing a snapshot lookup by
name, it is more efficient to get the parent in one step, which
in turn will make operations that must traverse a snapshot
hierarchy easier to perform.
* include/libvirt/libvirt.h.in (virDomainSnapshotGetParent):
Declare.
* src/libvirt.c (virDomainSnapshotGetParent): New function.
* src/libvirt_public.syms: Export it.
* src/driver.h (virDrvDomainSnapshotGetParent): New callback.
Coupled with the recent virsh nodedev-* doc patch, this should now
give a better picture of libvirt node device handling.
* docs/formatnode.html.in: Fill in page.
This section of the man page was completely missing; I stumbled on
it when I had no clue that I had to use nodedev-reattach after
I was done playing with <hostdev> device passthrough to one of my
guests.
* tools/virsh.pod (NODEDEV COMMANDS): New section.
(attach-device, detach-device): Add cross-references.
This patch fixes the regression with using named pipes for qemu serial
devices noted in:
https://bugzilla.redhat.com/show_bug.cgi?id=740478
The problem was that, while new code in libvirt looks for a single
bidirectional fifo of the name given in the config, then relabels that
and continues without looking for / relabelling the two unidirectional
fifos named ${name}.in and ${name}.out, qemu looks in the opposite
order. So if the user had naively created all three fifos, libvirt
would relabel the bidirectional fifo to allow qemu access, but qemu
would attempt to use the two unidirectional fifos and fail (because it
didn't have proper permissions/rights).
This patch changes the order that libvirt looks for the fifos to match
what qemu does - first it looks for the dual fifos, then it looks for
the single bidirectional fifo. If it finds the dual unidirectional
fifos first, it labels/chowns them and ignores any possible
bidirectional fifo.
(Note commit d37c6a3a (which first appeared in libvirt-0.9.2) added
the code that checked for a bidirectional fifo. Prior to that commit,
bidirectional fifos for serial devices didn't work because libvirt
always required the ${name}.(in|out) fifos to exist, and qemu would
always prefer those.
If a domain started with -no-shutdown shuts down while libvirtd is not
running, it will be seen as paused when libvirtd reconnects to it. Use
the paused reason to detect if a domain was stopped because of shutdown
and finish the process just as if a SHUTDOWN event is delivered from
qemu.
The AppArmor security driver adds only the path specified in the domain
XML for character devices of type 'pipe'. It should be using <path>.in
and <path>.out. We do this by creating a new vah_add_file_chardev() and
use it for char devices instead of vah_add_file(). Also adjust
valid_path() to accept S_FIFO (since qemu chardevs of type 'pipe' use
fifos). This is https://launchpad.net/bugs/832507
This patch cleans the cpu baseline function using new libvirt helper
functions and fixes XPath expression that selects <cpu> elements from
the source file, that can contain concatenated <capabilities> XMLs,
domain XMLs and bare <cpu> elements. The fixed XPath expression ensures
not to select NUMA <cpu id=... elements.
This patch also removes vshRealloc function, that remained unused after
cleaning up cpu-baseline.
https://bugzilla.redhat.com/show_bug.cgi?id=731645
pod2man from perl-5.8.8 (RHEL 5) errors out on ill-formed POD:
*** ERROR: unterminated I<...> at line 1114 in file virsh.pod
*** ERROR: unterminated I<...> at line 1851 in file virsh.pod
Newer pod2man appears to be more tolerant (which is a shame,
because it meant that this error is harder to detect).
* tools/virsh.pod (undefine, snapshot-current): Add missing >.
This patch was made in response to:
https://bugzilla.redhat.com/show_bug.cgi?id=738095
In short, qemu's default for the rombar setting (which makes the
firmware ROM of a PCI device visible/not on the guest) was previously
0 (not visible), but they recently changed the default to 1
(visible). Unfortunately, there are some PCI devices that fail in the
guest when rombar is 1, so the setting must be exposed in libvirt to
prevent a regression in behavior (it will still require explicitly
setting <rom bar='off'/> in the guest XML).
rombar is forced on/off by adding:
<rom bar='on|off'/>
inside a <hostdev> element that defines a PCI device. It is currently
ignored for all other types of devices.
At the moment there is no clean method to determine whether or not the
rombar option is supported by QEMU - this patch uses the advice of a
QEMU developer to assume support for qemu-0.12+. There is currently a
patch in the works to put this information in the output of "qemu-kvm
-device pci-assign,?", but of course if we switch to keying off that,
we would lose support for setting rombar on all the versions of qemu
between 0.12 and whatever version gets that patch.
Commit ecd8725c dropped attempts to probe the cgconfig service on
new enough Fedora where systemd took over that aspect of the system,
but mistakenly used F14 instead of F15 as the cutoff point.
https://bugzilla.redhat.com/show_bug.cgi?id=741358
Also, RHEL does not include HyperV support yet.
* libvirt.spec.in (with_cgconfig): Check cgconfig service in F15.
(%{?rhel}): Provide default for with_hyperv.
SIGTERM handling for -no-shutdown is already fixed in qemu git and
libvirt can safely use it. The downside is that 0.15.50 version of qemu
can be any qemu compiled from git, even that without the fix for
SIGTERM. However, I think this patch is worth it since excluding 0.15.50
from the check makes testing current qemu with libvirt much easier and
someone running qemu from git should be able to rebuild fixed qemu from
git if they hit the problem with a hang on shutdown.
Some virsh commands start a (long-running) job that can be monitored
using domjobinfo and aborted with domjobabort. Let's be explicit about
this in virsh man page.
* src/storage/storage_driver.c: As virStorageVolLookupByPath lookups
all the pool objs of the drivers, breaking when failing on getting
the stable path of the pool will just breaks the whole lookup process,
it can cause the API fails even if the vol exists indeed. It won't get
any benefit. This patch is to fix it.
QEMU 0.13 introduced cache=unsafe for -drive, this patch exposes
it in the libvirt layer.
* Introduced a new QEMU capability flag ($prefix_CACHE_UNSAFE),
as even if $prefix_CACHE_V2 is set, we can't know if unsafe
is supported.
* Improved the reliability of qemu cache type detection.
commit 984840a2c2 removed the
notification of waiting calls when VIR_NET_CONTINUE messages
arrive. This was to fix the case of a virStreamAbort() call
being prematurely notified of completion.
The problem is that sometimes there are dummy calls from a
virStreamRecv() call waiting that *do* need to be notified.
These dummy calls should have a status VIR_NET_CONTINUE. So
re-add the notification upon VIR_NET_CONTINUE, but only if
the waiter also has a status of VIR_NET_CONTINUE.
* src/rpc/virnetclient.c: Notify waiting call if stream data
arrives
* src/rpc/virnetclientstream.c: Mark dummy stream read packet
with status VIR_NET_CONTINUE
Commit 0a22f54 added --min-guarantee option for the memtune command.
This option is supported only by the ESX hypervisor. This patch adds a
statement about this fact, to prevent user confusion.
This patch also adds explanation how to clear/set to unlimited the
memory tunables. (documments the -1 value).
If a domain has inactive XML we want to transfer it to destination
when migrating with VIR_MIGRATE_PERSIST_DEST. In order to harm
the migration protocol as least as possible, a optional cookie was
chosen.
The previous patch removed all snapshots, but not the directory
where the snapshots lived, which is still a form of stale data.
* src/qemu/qemu_domain.c (qemuDomainRemoveInactive): Wipe any
snapshot directory.
Commit 282fe1f0 documented that transient domains will auto-delete
any snapshot metadata when the last reference to the domain is
removed, and that management apps are in charge of grabbing any
snapshot metadata prior to that point. However, this was not
actually implemented for qemu until now.
* src/qemu/qemu_driver.c (qemudDomainCreate)
(qemuDomainDestroyFlags, qemuDomainSaveInternal)
(qemudDomainCoreDump, qemuDomainRestoreFlags, qemudDomainDefine)
(qemuDomainUndefineFlags, qemuDomainMigrateConfirm3)
(qemuDomainRevertToSnapshot): Clean up snapshot metadata.
* src/qemu/qemu_migration.c (qemuMigrationPrepareAny)
(qemuMigrationPerformJob, qemuMigrationPerformPhase)
(qemuMigrationFinish): Likewise.
* src/qemu/qemu_process.c (qemuProcessHandleMonitorEOF)
(qemuProcessReconnect, qemuProcessReconnectHelper)
(qemuProcessAutoDestroyDom): Likewise.
This patch is mostly code motion - moving some functions out
of qemu_driver and into qemu_domain so they can be reused by
multiple qemu_* files (since qemu_driver.h must not grow).
It also adds a new helper function, qemuDomainRemoveInactive,
which will be used in the next patch.
* src/qemu/qemu_domain.h (qemuFindQemuImgBinary)
(qemuDomainSnapshotWriteMetadata, qemuDomainSnapshotForEachQcow2)
(qemuDomainSnapshotDiscard, qemuDomainSnapshotDiscardAll)
(qemuDomainRemoveInactive): New prototypes.
(struct qemu_snap_remove): New struct.
* src/qemu/qemu_domain.c (qemuDomainRemoveInactive)
(qemuDomainSnapshotDiscardAllMetadata): New functions.
(qemuFindQemuImgBinary, qemuDomainSnapshotWriteMetadata)
(qemuDomainSnapshotForEachQcow2, qemuDomainSnapshotDiscard)
(qemuDomainSnapshotDiscardAll): Move here...
* src/qemu/qemu_driver.c (qemuFindQemuImgBinary)
(qemuDomainSnapshotWriteMetadata, qemuDomainSnapshotForEachQcow2)
(qemuDomainSnapshotDiscard, qemuDomainSnapshotDiscardAll): ...from
here.
(qemuDomainUndefineFlags): Update caller.
* src/conf/domain_conf.c (virDomainRemoveInactive): Doc fixes.
Commit 19f8c98 introduced VIR_DOMAIN_UNDEFINE_SNAPSHOTS_METADATA,
with the intent that omitting the flag makes undefine fail, and
including the flag deletes metadata. But it used the wrong logic.
Also, hoist the transient domain sooner, so that we don't
accidentally remove metadata of a transient domain.
* src/qemu/qemu_driver.c (qemuDomainUndefineFlags): Check correct
flag value.
Detected by Coverity. The only way to get to error_unlink is if
path was successfully assigned, so the if was useless. Meanwhile,
there was a return statement that did not free path.
* src/locking/lock_driver_sanlock.c
(virLockManagerSanlockSetupLockspace): Fix mem-leak, and drop
useless if.
Prior to commit 85d2810, we had an issue where:
snapshot-create-as dom name --diskspec spec --diskspec spec
failed to parse the second spec, because the first spec had marked
that option as no longer requiring an argument.
In commit 85d2810, I fixed it by making argv options no longer mark
the option as seen. But this in turn breaks mandatory argv options,
which now complain that the argv option is missing.
This patch reverts that part of 85d2810, and instead replaces it with
fixes to no longer clear opts_need_arg of an argv argument.
* tools/virsh.c (vshCmddefGetOption, vshCmddefGetData)
(vshCommandParse): Fix option parsing for required argv option.
(vshCmddefOptParse): Check that argv option is last.
* tests/virsh-optparse: Enhance test.
There are 3 ways to lookup a volume, only virStorageVolLookupByName
needs pool object. So if no --pool is specified, it will tries to
get the volume via virStorageVolLookupByPath/virStorageVolLookupByKey.
But if all 3 ways fails, and no --pool is specified, a friendly
error might help the user get right way quickly.
Related #BZ: https://bugzilla.redhat.com/show_bug.cgi?id=702260.
There are two problems described in the BZ:
1) "Can't remove open logical volume".
2) "Unable to deactivate logical volume "foo""
This patch just intends to fix 2), as 1) is expected if the vol
is still used by something, and you never known if "lvchange -an"
will fail or not either (sometime, it will succeed, sometimes not).
We'd better not look for trouble, :-)
For 2), that's caused by race between lvremove and udev event handling,
the only workable way now is to wait the events handling are finished,
though it might introduce latencies, as "udevadmin settle" exits
after *all* events are handled, it's the only way we can fix
the racing in libvirt layer.
See https://bugzilla.redhat.com/show_bug.cgi?id=570359 for more
details.
* src/qemu/qemu_process.c: Taking if (qemuDomainObjEndJob(driver, obj) == 0)
true branch then 'obj' is NULL, virDomainObjIsActive(obj) and
virDomainObjUnref(obj) will dereference NULL pointer.
Signed-off-by: Alex Jia <ajia@redhat.com>
Once virDomainReboot is called for a domain, guest OS initiated shutdown
would always result in reboot instead of shutdown. Only
virDomainShutdown would actually shutd such domain down. That's because
we forgot to reset fakeReboot flag once we asked the domain to reboot.
The commit that prevents disk corruption on domain shutdown
(96fc478417) causes regression with QEMU
0.14.* and 0.15.* because of a regression bug in QEMU that was fixed
only recently in QEMU git. The affected versions of QEMU do not quit on
SIGTERM if started with -no-shutdown, which we use to implement fake
reboot. Since -no-shutdown tells QEMU not to quit automatically on guest
shutdown, domains started using the affected QEMU cannot be shutdown
properly and stay in a paused state.
This patch disables fake reboot feature on such QEMU by not using
-no-shutdown, which makes shutdown work as expected. However,
virDomainReboot will not work in this case and it will report "Requested
operation is not valid: Reboot is not supported with this QEMU binary".
Bug introduced in commit 675464b. On an OOM, this would try to
dereference a char* and free the contents as a pointer, which is
doomed to failure.
Adding a syntax check will prevent mistakes like this in the future.
* cfg.mk (sc_prohibit_internal_functions): New syntax check.
(exclude_file_name_regexp--sc_prohibit_internal_functions): Add
exemptions.
* daemon/remote.c (remoteRelayDomainEventIOError)
(remoteRelayDomainEventIOErrorReason)
(remoteRelayDomainEventGraphics, remoteRelayDomainEventBlockJob):
Use correct free function.
The next patch will add a syntax check that flags this usage in xen
as awkward - while it was valid memory management, it was very hard
to maintain. Swapping to a more traditional allocation may be a bit
slower, but easier to understand.
* src/xen/xend_internal.c (xenDaemonListDomainsOld): Use two-level
allocation, rather than abusing allocation function.
(xenDaemonLookupByUUID): Update caller.
gcc warns when building libvirt 0.9.5 on a 32-bit machine:
qemu/qemu_migration.c: In function 'qemuMigrationToFile':
qemu/qemu_migration.c:2727:38: error: large integer implicitly truncated to unsigned type [-Woverflow]
* src/qemu/qemu_domain.h (QEMU_DOMAIN_FILE_MIG_BANDWIDTH_MAX): Cap
to long when building for 32-bit platform.
remoteRelayDomainEventBlockJob, remoteRelayDomainEventIOError,
remoteRelayDomainEventIOErrorReason and remoteRelayDomainEventGraphics
were using const string directly in rpc structure, before calling
remoteDispatchDomainEventSend(). But that routine now frees up all
the pointed allocated memory from the rpc structure and we end up
with a double free.
This now strdup() all the strings passed and provide mem_error goto
labels to be used when an allocation error occurs.
Note that the cleanup isn't completely finished because all relaying
function also call make_nonnull_domain() which also allocate a string
and never handle the error case. This patches doesn't try to address
this as this is only error correctness a priori and touches far more
functions in this module:
* daemon/remote.c: fix string allocations and memory error handling
for remoteRelayDomainEventBlockJob, remoteRelayDomainEventIOError,
remoteRelayDomainEventIOErrorReason and remoteRelayDomainEventGraphics
Inexplicably the sanlock code all got placed under the GPLv2-only,
so libvirt's use of sanlock introduces a license incompatibility.
The sanlock developers have now rearranged the code such that there
is a 'sanlock_client.so' which is LGPLv2+ while their daemon remains
GPLv2-only. To use the new client library we need to call the new
sanlock_init and sanlock_align APIs instead of sanlock_direct_init
and sanlock_direct_align. These APIs calls are now routed via the
sanlock daemon, instead of doing direct I/O calls to disk.
For all this we require sanlock >= 1.8
* configure.ac: Check for sanlock_client.so instead of sanlock.so
and fix various comments
* libvirt.spec.in: Mandate sanlock >= 1.8
* src/Makefile.am: Link to -lsanlock_client
* src/locking/lock_driver_sanlock.c: Use sanlock_init and
sanlock_align
Libvirt loads the domain conf from status XML if it's running when
starting up. The problem is there is no record of the original conf.
(dom->newDef is NULL here).
So libvirt won't be able to restore the domain conf to original one
when destroying/shutdown. E.g.
1) attach a device without "--persistent"
2) restart libvirtd
3) destroy domain
4) start domain
One will see the the disk still exists.
This patch is to fix the peoblem by assigning persistent domain conf
to dom->newDef if it's NULL and the domain is running.
Translators are likely to botch trailing spacing; by doing the
formatting outside of the translation, we can generally get
better alignment. Also, for consistency, use 'bytes read' to
match 'bytes written'.
* tools/virsh.c (domblkstat_output): Drop trailing space. Tweak
rd_bytes output.
(cmdDomblkstat, DOMBLKSTAT_LEGACY_PRINT): Update formatting.
Virsh man page lists driver types to be used with attach-device
command, but does not specify that those are usable only with the XEN
Hypervisor.
This patch adds statement, that those options specified are applicable
only on the Xen hypervisor and adds option usable with qemu emulator.
This patch also changes type of error returned by QEMU driver if the
user specifies incompatible driver type from VIR_ERR_INTERNAL_ERROR to
VIR_ERR_CONFIG_UNSUPPORTED.
Alex recently committed some patches with just an email instead
of a preferred name; this fixes things so 'git shortlog' gives
nicer output.
* .mailmap: Update.
Users of virsh complain that output of the domblkstat command
is not intuitive enough. This patch adds explanation of fields
returned by this command to the help section for domblkstat and
the man page of virsh. Also a switch --human is added for
domblkstat that prints the fields with more descriptive
texts.
This patch also changes sequence of the output fields and their
names back to the order and spelling established by previous
versions of virsh to maintain compatibility with scripts.
Example of ordered and "translated" output:
PRE-patch:
virsh # domblkstat 1 vda
vda wr_bytes 5170176
vda wr_operations 511
vda rd_bytes 82815488
vda rd_operations 3726
POST-patch:
virsh # domblkstat 1 vda
vda rd_req 3726
vda rd_bytes 82815488
vda wr_req 478
vda wr_bytes 4965376
Example of human readable output:
virsh # domblkstat 1 vda --human
Device: vda
number of read operations: 3726
number of read bytes: 82815488
number of write operations: 478
number of bytes written: 4965376
https://bugzilla.redhat.com/show_bug.cgi?id=731656
* src/vmx/vmx.c: fix memory leak, 'def' has a initial value 'NULL', so
'goto cleanup' is perfected instead of adding a virConfFree before
'return NULL'.
Signed-off-by: Alex Jia <ajia@redhat.com>
Leak present since introduction of remoteDomainBuildEventGraphics
in commit 987e31e.
* src/remote/remote_driver.c: fix memory leak.
Signed-off-by: Alex Jia <ajia@redhat.com>
https://bugzilla.redhat.com/show_bug.cgi?id=738725 documents that
'yum install libvirt' in Fedora 16 is rather noisy. This fixes
the problems.
* libvirt.spec.in (%post client): Silence chkconfig warning about
SysV services.
(%post) [with_cgconfig]: Drop for Fedora 15 and newer, where
systemd does this automatically.
For all types of disks other than qcow2, we were requesting that
SELinux labeling visit the new file as if it were qcow2, which
means labeling would try to find the backing files of an empty file.
And for a pre-existing qcow2 disk, we were passing NULL, which meant
that labelling tried to probe the file type (and if probing is
disabled, per the default qemu.conf, this made snapshots fail).
What we really want is to make SELinux labeling visit the new
file as raw; it will later be converted to qcow2 if qemu successfully
made the snapshot.
* src/qemu/qemu_driver.c
(qemuDomainSnapshotCreateSingleDiskActive): Force SELinux labeling
to avoid probe of new file.
For external snapshots to be useful on persistent domains, we must
alter the persistent definition alongside the running definition.
Thanks to the possibility of disk hotplug as well as of edits that
only affect the persistent xml, we can't assume that vm->def and
vm->newDef have the same disk at the same index, so we can only
update the persistent copy if the device destination matches up.
* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateDiskActive)
(qemuDomainSnapshotCreateSingleDiskActive): Also affect newDef, if
present.
Mingw lacks fsync, but gnulib provides that. Meanwhile, gnulib does
not (yet) provide fdatasync, so this is a quick hack to fake that
function on MacOS X; we can revert this configure change once gnulib
gives us a real module.
We have been implicitly relying on gnulib's largefile module being
pulled in by other modules, but it's better to make that explicit.
* bootstrap.conf (gnulib_modules): Add fsync. Make largefile use
explicit.
* configure.ac (AC_CHECK_FUNCS_ONCE): Check for fdatasync, and
fake it with fsync when not present.
When libvirt calls virInitialize it creates a thread local
for the virErrorPtr storage, and registers a callback to
cleanup memory when a thread exits. When libvirt is dlclose()d
or otherwise made non-resident, the callback function is
removed from memory, but the thread local may still exist
and if a thread later exists, it will invoke the callback
and SEGV. There may also be other thread locals with callbacks
pointing to libvirt code, so it is in general never safe to
unload libvirt.so from memory once initialized.
To allow dlclose() to succeed, but keep libvirt.so resident
in memory, link with '-z nodelete'. This issue was first
found with the libvirt CIM provider, but can potentially
hit many of the dynamic language bindings which all ultimately
involve dlopen() in some way, either on libvirt.so itself,
or on the glue code for the binding which in turns links
to libvirt
* configure.ac, src/Makefile.am: Ensure libvirt.so is linked
with -z nodelete
* cfg.mk, .gitignore, tests/Makefile.am, tests/shunloadhelper.c,
tests/shunloadtest.c: A test case to unload libvirt while
a thread is still running.
Qemu sends STOP event as part of the shutdown process. Detect such STOP
event and consider shutdown to be reason of emitting such event. That's
the best we can do until qemu provides us the reason directly in STOP
event. This allows us to report shutdown reason for paused state so that
apps can detect domains that failed to finish the shutdown process
(e.g., because qemu is buggy and doesn't exit on SIGTERM or it is
blocked in flushing disk buffers).
Ever since we introduced fake reboot, we call qemuProcessKill as a
reaction to SHUTDOWN event. Unfortunately, qemu doesn't guarantee it
flushed all internal buffers before sending SHUTDOWN, in which case
killing the process forcibly may result in (virtual) disk corruption.
By sending just SIGTERM without SIGKILL we give qemu time to to flush
all buffers and exit. Once qemu exits, we will see an EOF on monitor
connection and tear down the domain. In case qemu ignores SIGTERM or
just hangs there, the process stays running but that's not any different
from a possible hang anytime during the shutdown process so I think it's
just fine.
Also qemu (since 0.14 until it's fixed) has a bug in SIGTERM processing
which causes it not to exit but instead send new SHUTDOWN event and keep
waiting. I think the best we can do is to ignore duplicate SHUTDOWN
events to avoid a SHUTDOWN-SIGTERM loop and leave the domain in paused
state.
When a domain is rebooted using libvirt API, we use fake reboot
consisting of shutting down and resetting the domain. Thus we see a
SHUTDOWN event and set gotShutdown flag. But we never reset it back and
if the domain crashes after it was rebooted this way, we consider it was
a normal shutdown and not a crash.
Commit 4454a9efc7 changed shutoff reason
from VIR_DOMAIN_SHUTOFF_CRASHED to VIR_DOMAIN_SHUTOFF_FAILED in case we
see an unexpected EOF on monitor connection. But FAILED reason is
dedicated for domains that fail to start. CRASHED reason is the right
one to use in this situation.
Libvirt special-cases a specific VIR_ERR_RPC from the remote driver
back into VIR_ERR_NO_SUPPORT on the client, so that clients can
handle missing rpc functions the same whether the hypervisor driver
is local or remote. However, commit c1b22644 introduced a regression:
VIR_FROM_THIS changed from VIR_FROM_REMOTE to VIR_FROM_RPC, so the
special casing no longer works if the server uses the newer error
domain.
* src/rpc/virnetclientprogram.c
(virNetClientProgramDispatchError): Also cater to 0.9.3 and newer.
This patch fixes the bug shown in bugzilla 738778. It's not an nwfilter problem but a connection sharing / closure issue.
https://bugzilla.redhat.com/show_bug.cgi?id=738778
Depending on the speed / #CPUs of the machine you are using you may not see this bug all the time.
* conf/domain_conf.c: allocate memory to def->redirdevs in
virDomainDefParseXML such as VIR_ALLOC_N(def->redirdevs, n),
however, virDomainDefFree(def) hasn't released these memory.
* Detected in valgrind run:
==19820== 209 (16 direct, 193 indirect) bytes in 1 blocks are definitely lost in loss record 25 of 26
==19820== at 0x4A04A28: calloc (vg_replace_malloc.c:467)
==19820== by 0x4A13AF: virAllocN (memory.c:129)
==19820== by 0x4D4A0E: virDomainDefParseXML (domain_conf.c:7258)
==19820== by 0x4D4C93: virDomainDefParseNode (domain_conf.c:7512)
==19820== by 0x4D562F: virDomainDefParse (domain_conf.c:7465)
==19820== by 0x415863: testCompareXMLToXMLFiles (qemuxml2xmltest.c:35)
==19820== by 0x415982: testCompareXMLToXMLHelper (qemuxml2xmltest.c:80)
==19820== by 0x416D31: virtTestRun (testutils.c:140)
==19820== by 0x415604: mymain (qemuxml2xmltest.c:192)
==19820== by 0x416437: virtTestMain (testutils.c:689)
==19820== by 0x3CA7A1ECDC: (below main) (in /lib64/libc-2.12.so)
==19820==
==19820== LEAK SUMMARY:
==19820== definitely lost: 16 bytes in 1 blocks
==19820== indirectly lost: 193 bytes in 5 blocks
==19820== possibly lost: 0 bytes in 0 blocks
==19820== still reachable: 1,054 bytes in 21 blocks
* How to reproduce?
% valgrind -v --leak-check=full ./tests/qemuxml2xmltest
Signed-off-by: Alex Jia <ajia@redhat.com>
Mac OS X 10.6. Snow Leopard and probably other do not provide a mkfs
command to create filesystems. Macro MKFS then remained undefined and
did not provide any substitute, so that build failed on a missing
argument.
Struct virStoragePoolProbeResult was compiled in conditionaly, but
virStorageBackendFileSystemProbe used it unconditionaly. This patch
exempts the struct from conditional include.
Documentation did not specify, that some permissions are required on
target path for coredump for the user running the hypervisor.
Diff to v1:
- reword statements
With this patch, it is hopefully a bit more obvious that for
snapshot-create-as, a literal '--diskspec' is mandatory if name
or description was omitted, but optional if all earlier options
were provided.
These all denote two diskspecs and a description:
virsh snapshot-create-as dom name desc vda vdb
virsh snapshot-create-as dom name desc --diskspec vda --diskspec vdb
virsh snapshot-create-as dom name desc --diskspec vda vdb
virsh snapshot-create-as dom name desc vda --diskspec vdb
virsh snapshot-create-as dom --diskspec vda --diskspec vdb name desc
This gives two diskspecs but no description:
virsh snapshot-create-as dom name --diskspec vda --diskspec vdb
And this treats 'vda' as the description, with only one diskspec:
virsh snapshot-create-as dom name vda vdb
The help output now shows:
snapshot-create-as <domain> [<name>] [<description>] [--print-xml] [--no-metadata] [--halt] [--disk-only] [[--diskspec] <string>]...
I also checked the help output for echo and send-key, which are two
other variants of argv commands.
* tools/virsh.pod (snapshot-create-as): Document when a literal
--diskspec must preceed a diskspec argument.
* tools/virsh.c (vshCmddefHelp): Update help output for argv when
naming the option is useful.
(vshCmddefGetData): Fix logic on when argv was seen.
* tests/virsh-optparse: Add tests to avoid regressions.
The new doc text had a few readability issues. Also, the
monitor command text copied a bit too much from the attach case.
* src/libvirt-qemu.c (virDomainQemuMonitorCommand)
(virDomainQemuAttach): Fix typos and grammar.
Adjust qemuMigrationRun() to use migMaxBandwidth in qemuDomainObjPrivate
structure when setting qemu migration speed. Caller-specified 'resource'
parameter overrides migMaxBandwidth.
The qemu migration speed default is 32MiB/s as defined in migration.c
/* Migration speed throttling */
static int64_t max_throttle = (32 << 20);
There's no need to throttle migration when targeting a file, so set migration
speed to unlimited prior to migration, and restore to libvirt default value
after migration.
Default units is MB for migrate_set_speed monitor command, so
(INT64_MAX / (1024 * 1024)) is used for unlimited migration speed.
Tested with both json and text monitors.
Now that migration speed is stored in qemuDomainObjPrivate structure,
save the new value when invoking qemuDomainMigrateSetMaxSpeed().
Allow setting migration speed on inactive domain too.
The maximum bandwidth that can be consumed when migrating a domain
is better classified as an operational vs configuration parameter of
the dommain. As such, store this parameter in qemuDomainObjPrivate
structure.
Commit c246b025 added new functions, but forgot to export them,
resulting in a build failure when using modules.
* src/libvirt_private.syms (network.h): Export new functions.
Commit 973fcd8f introduced the ability for qemu to reject snapshot
reversion on an ABI incompatibility; but the very example that was
first proposed on-list[1] as a demonstration of an ABI incompatibility,
namely that of changing the max memory allocation, was not being
checked for, resulting in a cryptic failure when running with larger
max mem than what the snapshot was created with:
error: operation failed: Error -22 while loading VM state
This commit merely protects the three variables within mem that are
referenced by qemu_command.c, rather than all 7 (the other 4 variables
affect cgroup handling, but as far as I can tell, have no visible effect
to the qemu guest). This also affects migration and save file handling,
which are other places where we perform ABI compatibility checks.
[1] https://www.redhat.com/archives/libvir-list/2010-December/msg00331.html
* src/conf/domain_conf.c (virDomainDefCheckABIStability): Add
memory sizing checks.
Commit 498d783 cleans up some of virtual file names for parsing strings
in memory. This patch cleans up (hopefuly) the rest forgotten by the
first patch.
This patch also changes all of the previously modified "filenames" to
valid URI's replacing spaces for underscores.
Changes to v1:
- Replace all spaces for underscores, so that the strings form valid
URI's
- Replace spaces in places changed by commit 498d783
Commit 2a0d75e5 added file python/libvirt-qemu-override.c that contains
code that does not pass "make syntax-check". This patch adds an
exception for this file and the check.
prohibit_always_true_header_tests
python/libvirt-qemu-override.c:17:#undef HAVE_PTHREAD_H
maint.mk: do not test the above HAVE_<header>_H symbol(s);
with the corresponding gnulib module, they are always true
make: *** [sc_prohibit_always_true_header_tests] Error 1
Commit ffe28ab74b introduced regression
while communicating with older libvirtd command 'domblkstat' used the new
API and did not check for VIR_ERR_RPC error code signalling the remote
server does not support this API and did not fall back to older API.
Thereafter 'domblkstat' ended with "error: unknown procedure: 243".
Regression introduced in commit 3881a470, due to an improper rebase
of a cleanup written beforehand but only applied after a rebased of
a refactoring that created a new function in commit 25fb3ef.
Also avoids passing NULL to printf %s.
* src/qemu/qemu_driver.c: In qemuDomainSnapshotForEachQcow2()
it free up the memory of qemu_driver->qemuImgBinary in the
cleanup tag which leads to the garbage value of qemuImgBinary
in qemu_driver struct and libvirtd crash when running
"virsh snapshot-create" command a second time.
Signed-off-by: Eric Blake <eblake@redhat.com>
This is a bit painful for example when starting virt-manager
it tends to clutter libvirtd.log with invalid operation on cpu pinning
for defined but not running domains. A priori those kind of errors
don't indicate an error when executing the command but on a precondition
for running the API, and honnestly while the application should report
it, logging it as an error in libvirtd.log is not really useful,
Related bug: https://bugzilla.redhat.com/show_bug.cgi?id=590807
* daemon/libvirtd.c: extend daemonErrorLogFilter() to filter out
errors of type VIR_ERR_OPERATION_INVALID
'+' in strings get translated to ' ' when editing domains.
While xenDaemonDomainCreateXML() did URL-escape the sexpr,
xenDaemonDomainDefineXML() did not.
Remove the explicit urlencode() in xenDaemonDomainCreateXML() and add
the direct encoding calls to xend_op_ext() because it calls xend_post()
which uses "Content-Type: application/x-www-form-urlencoded". According
to <http://www.w3.org/TR/html4/interact/forms.html#h-17.13.4.1> this
requires all parameters to be url-encoded as specified in rfc1738.
Notice: virBufferAsprintf(..., "%s=%s", ...) is again replaced by three
calls to virBufferURIEncodeString() and virBufferAddChar() because '='
is a "reserved" character, which would get escaped by
virBufferURIEncodeString(), which - by the way - escapes anything not
c_isalnum().
Signed-off-by: Philipp Hahn <hahn@univention.de>
While parsing XML strings from memory, the previous convention in
libvirt was to set the virtual file name to "domain.xml" or something
similar. This could potentialy trick the user into looking for a file
named domain.xml on the disk in an attempt to fix the error.
This patch changes these filenames to something that can't be as easily
confused for a valid filename.
Examples of error messages:
---------------------------
Error while loading file from disk:
15:07:59.015: 527: error : catchXMLError:709 : /path/to/domain.xml:1: StartTag: invalid element name
<domain type='kvm'><
--------------------^
Error while parsing definition in memory:
15:08:43.581: 525: error : catchXMLError:709 : (domain definition):2: error parsing attribute name
<name>vm1</name>
--^
Regression introduced in commit d6f6b2d194. Running
'virsh snapshot-create dom' would mistakenly report that
disks can only be specified for disk snapshots.
* src/conf/domain_conf.c (virDomainSnapshotDefParseString): Only
give error about no disk support when <disk> was found.
This has the added benefit of making 'snapshot-create dom --no-metadata'
now able to tell you the name of the just-generated snapshot.
* tools/virsh.c (vshSnapshotCreate, cmdSnapshotCurrent): Don't get
XML just for name.
These functions access internals of the opaque object, and do
not need any rpc counterpart. It could be argued that we should
have provided these when snapshot objects were first introduced,
since all the other vir*Ptr objects have at least a GetName accessor.
* include/libvirt/libvirt.h.in (virDomainSnapshotGetName)
(virDomainSnapshotGetDomain, virDomainSnapshotGetConnect): Declare.
* src/libvirt.c (virDomainSnapshotGetName)
(virDomainSnapshotGetDomain, virDomainSnapshotGetConnect): New
functions.
* src/libvirt_public.syms: Export them.
Xen PV domU's have no PCI bus. node_device_udev.c calls pci_system_init
which looks for /sys/bus/pci. If it does not find /sys/bus/pci (which it
won't in a Xen PV domU) it returns unsuccesfully (ENOENT), which libvirt
considers fatal. This makes libvirt unusable in this environment, even
though there are plenty of valid virtualisation options that work
there (LXC, UML, and QEmu spring to mind)
https://bugzilla.redhat.com/show_bug.cgi?id=709471
Signed-off-by: Soren Hansen <soren@linux2go.dk>
* src/rpc/virnettlscontext.c: fix memory leak on
virNetTLSContextValidCertificate.
* Detected in valgrind run:
==25667==
==25667== 6,085 (44 direct, 6,041 indirect) bytes in 1 blocks are definitely
lost in loss record 326 of 351
==25667== at 0x4005447: calloc (vg_replace_malloc.c:467)
==25667== by 0x4F2791F3: _asn1_add_node_only (structure.c:53)
==25667== by 0x4F27997A: _asn1_copy_structure3 (structure.c:421)
==25667== by 0x4F276A50: _asn1_append_sequence_set (element.c:144)
==25667== by 0x4F2743FF: asn1_der_decoding (decoding.c:1194)
==25667== by 0x4F22B9CC: gnutls_x509_crt_import (x509.c:229)
==25667== by 0x805274B: virNetTLSContextCheckCertificate
(virnettlscontext.c:1009)
==25667== by 0x804DE32: testTLSSessionInit (virnettlscontexttest.c:693)
==25667== by 0x804F14D: virtTestRun (testutils.c:140)
==25667==
==25667== 23,188 (88 direct, 23,100 indirect) bytes in 11 blocks are definitely
lost in loss record 346 of 351
==25667== at 0x4005447: calloc (vg_replace_malloc.c:467)
==25667== by 0x4F22B841: gnutls_x509_crt_init (x509.c:50)
==25667== by 0x805272B: virNetTLSContextCheckCertificate
(virnettlscontext.c:1003)
==25667== by 0x804DDD1: testTLSSessionInit (virnettlscontexttest.c:673)
==25667== by 0x804F14D: virtTestRun (testutils.c:140)
* How to reproduce?
% cd libvirt && ./configure && make && make -C tests valgrind
or
% valgrind -v --leak-check=full ./tests/virnettlscontexttest
Signed-off-by: Alex Jia <ajia@redhat.com>
* tests/virnettlscontexttest: fix memory leak on virnettlscontext test case.
* Detected in valgrind run:
==25667==
==25667== 86,651 (34,680 direct, 51,971 indirect) bytes in 10 blocks are
definitely lost in loss record 350 of 351
==25667== at 0x4005447: calloc (vg_replace_malloc.c:467)
==25667== by 0x4F1F515D: gnutls_init (gnutls_state.c:270)
==25667== by 0x8053432: virNetTLSSessionNew (virnettlscontext.c:1181)
==25667== by 0x804DD24: testTLSSessionInit (virnettlscontexttest.c:624)
==25667== by 0x804F14D: virtTestRun (testutils.c:140)
==25667==
==25667== 100,578 (38,148 direct, 62,430 indirect) bytes in 11 blocks are
definitely lost in loss record 351 of 351
==25667== at 0x4005447: calloc (vg_replace_malloc.c:467)
==25667== by 0x4F1F515D: gnutls_init (gnutls_state.c:270)
==25667== by 0x8053432: virNetTLSSessionNew (virnettlscontext.c:1181)
==25667== by 0x804DD3C: testTLSSessionInit (virnettlscontexttest.c:625)
==25667== by 0x804F14D: virtTestRun (testutils.c:140)
* How to reproduce?
% cd libvirt && ./configure && make && make -C tests valgrind
or
% valgrind -v --leak-check=full ./tests/virnettlscontexttest
Signed-off-by: Alex Jia <ajia@redhat.com>
Variable 'l_disk' initialized to a null pointer value, control jumps to 'case
VIR_DOMAIN_DISK_DEVICE_DISK and then taking false branch, Within the expansion
of the macro 'libxlError': Field access results in a dereference of a null
pointer (loaded from variable 'l_disk').
* src/libxl/libxl_driver.c: Field access results in a dereference of a null
pointer (loaded from variable 'l_disk')
Signed-off-by: Alex Jia <ajia@redhat.com>
Regression introduced in commit 89b6284fd, due to an incorrect
conversion to the new means of converting disk names back to
the correct object.
* src/qemu/qemu_driver.c (qemuDomainGetBlockInfo): Avoid NULL deref.
Although we were initializing worker threads during pool creating,
we missed this during virThreadPoolSendJob. This bug led to segmenation
fault as worker thread free() given argument.
Two new commands are added to virsh that wrap usage of
virDomainUpdateDeviceFlags for changing link state of domain's network
interfaces. These wrappers extract network devices's xml configuration
and modify the link state for easy manipulation from an user's perspective.
- domif-setlink - set link state of a domains virtual network interface
- domif-getlink - get link state
* tools/virsh.c - Add functionality to virsh
* tools/virsh.pod - Manpage documentation
This patch enables modifying network device configuration using the
virUpdateDeviceFlags API method. Matching of devices is accomplished
using MAC addresses.
While updating live configuration of a running domain, the user is
allowed only to change link state of the interface. Additional
modifications may be added later. For now the code checks for
unsupported changes and thereafter changes the link state, if
applicable.
When updating persistent configuration of guest's network interface the
whole configuration (except for the MAC address) may be modified and
is stored for the next startup.
* src/qemu/qemu_driver.c - Add dispatching of virUpdateDevice for
network devices update (live/config)
* src/qemu/qemu_hotplug.c - add setting of initial link state on live
device addition
- add function to change network device
configuration. By now it supports only
changing of link state
* src/qemu/qemu_hotplug.h - Headers to above functions
* src/qemu/qemu_process.c - set link states before virtual machine
start. Qemu does not support setting of
this on the command line.
This patch adds handlers for modification of guest's interface
link state. Both HMP and QMP commands are supported, but as the
link state functionality is from the beginning supported in QMP
the HMP code will probably never be used.
A new element is introduced to XML that allows to control
state of virtual network interfaces in hypervisors.
Live modification of the link state allows networking tools
propagate topology changes to guest OS or testing of
scenarios in complex (virtual) networks.
This patch adds elements to XML grammars and parsing and generating
code.
This patch adds functions to compare structures containing network
device configuration for equality. They serve for the purpose of
disallowing unsupported changes to live network devices.
This patch modifies error handling function for the XML parser provided
by libxml2.
Originaly only a line number and error message were logged. With this
new error handler function, the user is provided with a more complex
description of the parsing error.
Context of the error is printed in libXML2 style and filename of the
file, that caused the error is printed. Example of an parse error:
13:41:36.262: 16032: error : catchXMLError:706 :
/etc/libvirt/qemu/rh_bad.xml:58: Opening and ending tag mismatch: name
line 2 and domain
</domain>
---------^
Context of the error gives the user hints that may help to quickly
locate a corrupt xml file.
fixes BZs:
----------
Bug 708735 - [RFE] Show column and line on XML parsing error
https://bugzilla.redhat.com/show_bug.cgi?id=708735
Bug 726771 - libvirt does not specify problem file if persistent xml is
invalid
https://bugzilla.redhat.com/show_bug.cgi?id=726771
It is important to be able to attach USB redirected devices to a
particular controller (one that supports USB2 for instance).
Without this patch, only the default bus was used.
<redirdev bus='usb' type='spicevmc'>
<address type='usb' bus='0' port='4'/>
</redirdev>
The modified function fallbacks to use virDomainBlockStats if
virDomainBlockStatsFlags is not supported by the hypervisor driver.
If the new API is supported, it will be invoked instead of the
old API.
The mainly changes are:
1) Update qemuMonitorGetBlockStatsInfo and it's children (Text/JSON)
functions to return the value of new latency fields.
2) Add new function qemuMonitorGetBlockStatsParamsNumber, which is
to count how many parameters the underlying QEMU supports.
3) Update virDomainBlockStats in src/qemu/qemu_driver.c to be
compatible with the changes by 1).
If libvirt daemon gets restarted and there is (at least) one
unresponsive qemu, the startup procedure hangs up. This patch creates
one thread per vm in which we try to reconnect to monitor. Therefore,
blocking in one thread will not affect other APIs.
This patch creates an optional BeginJob queue size limit. When
active, all other attempts above level will fail. To set this
feature assign desired value to max_queued variable in qemu.conf.
Setting it to 0 turns it off.
This patch annotates APIs with low or high priority.
In low set MUST be all APIs which might eventually access monitor
(and thus block indefinitely). Other APIs may be marked as high
priority. However, some must be (e.g. domainDestroy).
For high priority calls (HPC), there are some high priority workers
(HPW) created in the pool. HPW can execute only HPC, although normal
worker can process any call regardless priority. Therefore, only those
APIs which are guaranteed to end in reasonable small amount of time
can be marked as HPC.
The size of this HPC pool is static, because HPC are expected to end
quickly, therefore jobs assigned to this pool will be served quickly.
It can be configured in libvirtd.conf via prio_workers variable.
Default is set to 5.
To mark API with low or high priority, append priority:{low|high} to
it's comment in src/remote/remote_protocol.x. This is similar to
autogen|skipgen. If not marked, the generator assumes low as default.
With this, it is now possible to create external snapshots even
when SELinux is enforcing, and to protect the new file with a
lock manager.
* src/qemu/qemu_driver.c
(qemuDomainSnapshotCreateSingleDiskActive): Create and register
new file with proper permissions and locks.
(qemuDomainSnapshotCreateDiskActive): Update caller.
Lots of earlier patches led up to this point - the qemu snapshot_blkdev
monitor command can now be controlled by libvirt! Well, insofar as
SELinux doesn't prevent qemu from open(O_CREAT) on the files. There's
still some followup work before things work with SELinux enforcing,
but this patch is big enough to post now.
There's still room for other improvements, too (for example, taking a
disk snapshot of an inactive domain, by using qemu-img for both internal
and external snapshots; wiring up delete and revert control, including
additional flags from my RFC; supporting active QED disk snapshots;
supporting per-storage-volume snapshots such as LVM or btrfs snapshots;
etc.). But this patch is the one that proves the new XML works!
* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateXML): Wire in
active disk snapshots.
(qemuDomainSnapshotDiskPrepare)
(qemuDomainSnapshotCreateDiskActive)
(qemuDomainSnapshotCreateSingleDiskActive): New functions.
No one uses this yet, but it will be important once
virDomainSnapshotCreateXML learns a VIR_DOMAIN_SNAPSHOT_DISK_ONLY
flag, and the xml allows passing in the new file names.
* src/qemu/qemu_monitor.h (qemuMonitorDiskSnapshot): New prototype.
* src/qemu/qemu_monitor_text.h (qemuMonitorTextDiskSnapshot):
Likewise.
* src/qemu/qemu_monitor_json.h (qemuMonitorJSONDiskSnapshot):
Likewise.
* src/qemu/qemu_monitor.c (qemuMonitorDiskSnapshot): New
function.
* src/qemu/qemu_monitor_json.c (qemuMonitorJSONDiskSnapshot):
Likewise.
Snapshots alter the set of disk image files opened by qemu, so
they must be audited. But they don't involve a full disk definition
structure, just the new filename. Make the next patch easier by
refactoring the audit routines to just operate on file name.
* src/conf/domain_audit.h (virDomainAuditDisk): Update prototype.
* src/conf/domain_audit.c (virDomainAuditDisk): Act on strings,
not definition structures.
(virDomainAuditStart): Update caller.
* src/qemu/qemu_hotplug.c (qemuDomainChangeEjectableMedia)
(qemuDomainAttachPciDiskDevice, qemuDomainAttachSCSIDisk)
(qemuDomainAttachUsbMassstorageDevice)
(qemuDomainDetachPciDiskDevice, qemuDomainDetachDiskDevice):
Likewise.
My RFC for snapshot support [1] proposes several rules for when it is
safe to delete or revert to an external snapshot, predicated on
the existence of new API flags. These will be incrementally added
in future patches, but until then, blindly mishandling a disk
snapshot risks corrupting internal state, so it is better to
outright reject the attempts until the other pieces are in place,
thus incrementally relaxing the restrictions added in this patch.
[1] https://www.redhat.com/archives/libvir-list/2011-August/msg00361.html
* src/qemu/qemu_driver.c (qemuDomainSnapshotCountExternal): New
function.
(qemuDomainUndefineFlags, qemuDomainSnapshotDelete): Use it to add
safety valve.
(qemuDomainRevertToSnapshot, qemuDomainSnapshotCreateXML): Add safety
valve.
Expose the disk-only flag through virsh. Additionally, make
virsh snapshot-create-as take an arbitrary number of diskspecs,
which can be used to build up the xml for <domainsnapshot>.
* tools/virsh.c (cmdSnapshotCreate): Add --disk-only.
(cmdSnapshotCreateAs): Likewise, and add argv diskspec.
(vshParseSnapshotDiskspec): New helper function.
(vshCmddefGetOption): Allow naming of argv field.
* tools/virsh.pod (snapshot-create, snapshot-create-as): Document
them.
* tests/virsh-optparse: Test snapshot-create-as parsing.
Prior to this patch, <domainsnapshot>/<disks> was ignored. This
changes it to be an error unless an explicit disk snapshot is
requested (a future patch may relax things if it turns out to
be useful to have a <disks> specification alongside a system
checkpoint).
* include/libvirt/libvirt.h.in
(VIR_DOMAIN_SNAPSHOT_CREATE_DISK_ONLY): New flag.
* src/libvirt.c (virDomainSnapshotCreateXML): Document it.
* src/esx/esx_driver.c (esxDomainSnapshotCreateXML): Disk
snapshots not supported yet.
* src/vbox/vbox_tmpl.c (vboxDomainSnapshotCreateXML): Likewise.
* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateXML): Likewise.
This adds a convenience function to virsh that parses out block
information from the domain xml, making it much easier to see
what strings can be used in all other contexts that demand a
specific block name, especially when given the previous patch
that allows using either target or unique source name.
As an example on a domain with one disk and an empty cdrom drive:
Target Source
-------------------------------------------
vda /var/lib/libvirt/images/fedora_12.img
hdc -
* tools/virsh.c (cmdDomblklist): New function.
* tools/virsh.pod (domblklist): Document it.
I got confused when 'virsh domblkinfo dom disk' required the
path to a disk (which can be ambiguous, since a single file
can back multiple disks), rather than the unambiguous target
device name that I was using in disk snapshots. So, in true
developer fashion, I went for the best of both worlds - all
interfaces that operate on a disk (aka block) now accept
either the target name or the unambiguous path to the backing
file used by the disk.
* src/conf/domain_conf.h (virDomainDiskIndexByName): Add
parameter.
(virDomainDiskPathByName): New prototype.
* src/libvirt_private.syms (domain_conf.h): Export it.
* src/conf/domain_conf.c (virDomainDiskIndexByName): Also allow
searching by path, and decide whether ambiguity is okay.
(virDomainDiskPathByName): New function.
(virDomainDiskRemoveByName, virDomainSnapshotAlignDisks): Update
callers.
* src/qemu/qemu_driver.c (qemudDomainBlockPeek)
(qemuDomainAttachDeviceConfig, qemuDomainUpdateDeviceConfig)
(qemuDomainGetBlockInfo, qemuDiskPathToAlias): Likewise.
* src/qemu/qemu_process.c (qemuProcessFindDomainDiskByPath):
Likewise.
* src/libxl/libxl_driver.c (libxlDomainAttachDeviceDiskLive)
(libxlDomainDetachDeviceDiskLive, libxlDomainAttachDeviceConfig)
(libxlDomainUpdateDeviceConfig): Likewise.
* src/uml/uml_driver.c (umlDomainBlockPeek): Likewise.
* src/xen/xend_internal.c (xenDaemonDomainBlockPeek): Likewise.
* docs/formatsnapshot.html.in: Update documentation.
* tools/virsh.pod (domblkstat, domblkinfo): Likewise.
* docs/schemas/domaincommon.rng (diskTarget): Tighten pattern on
disk targets.
* docs/schemas/domainsnapshot.rng (disksnapshot): Update to match.
* tests/domainsnapshotxml2xmlin/disk_snapshot.xml: Update test.
Adds an optional element to <domainsnapshot>, which will be used
to give user control over external snapshot filenames on input,
and specify generated filenames on output.
For now, no driver accepts this element; that will come later.
<domainsnapshot>
...
<disks>
<disk name='vda' snapshot='no'/>
<disk name='vdb' snapshot='internal'/>
<disk name='vdc' snapshot='external'>
<driver type='qcow2'/>
<source file='/path/to/new'/>
</disk>
</disks>
<domain>
...
<devices>
<disk ...>
<driver name='qemu' type='raw'/>
<target dev='vdc'/>
<source file='/path/to/old'/>
</disk>
</devices>
</domain>
</domainsnapshot>
* src/conf/domain_conf.h (_virDomainSnapshotDiskDef): New type.
(_virDomainSnapshotDef): Add new elements.
(virDomainSnapshotAlignDisks): New prototype.
* src/conf/domain_conf.c (virDomainSnapshotDiskDefClear)
(virDomainSnapshotDiskDefParseXML, disksorter)
(virDomainSnapshotAlignDisks): New functions.
(virDomainSnapshotDefParseString): Parse new fields.
(virDomainSnapshotDefFree): Clean them up.
(virDomainSnapshotDefFormat): Output them.
* src/libvirt_private.syms (domain_conf.h): Export new function.
* docs/schemas/domainsnapshot.rng (domainsnapshot, disksnapshot):
Add more xml.
* docs/formatsnapshot.html.in: Document it.
* tests/domainsnapshotxml2xmlin/disk_snapshot.xml: New test.
* tests/domainsnapshotxml2xmlout/disk_snapshot.xml: Update.
In order to distinguish disk snapshots from system checkpoints, a
new state value that is only valid for snapshots is helpful.
* include/libvirt/libvirt.h.in (VIR_DOMAIN_LAST): New placeholder.
* src/conf/domain_conf.h (virDomainSnapshotState): New enum mapping.
(VIR_DOMAIN_DISK_SNAPSHOT): New internal enum value.
* src/conf/domain_conf.c (virDomainState): Use placeholder.
(virDomainSnapshotState): Extend mapping by one for use in snapshot.
(virDomainSnapshotDefParseString, virDomainSnapshotDefFormat):
Handle new state.
(virDomainObjSetState, virDomainStateReasonToString)
(virDomainStateReasonFromString): Avoid compiler warnings.
* tools/virsh.c (vshDomainState, vshDomainStateReasonToString):
Likewise.
* src/libvirt_private.syms (domain_conf.h): Export new functions.
* docs/schemas/domainsnapshot.rng: Tighten state definition.
* docs/formatsnapshot.html.in: Document it.
* tests/domainsnapshotxml2xmlout/disk_snapshot.xml: New test.
Easy enough to emulate even with older servers.
* tools/virsh.c (cmdSnapshotCreate, cmdSnapshotCreateAs): Add
--halt flag.
(vshSnapshotCreate): Emulate halt when flag is unsupported.
* tools/virsh.pod (snapshot-create, snapshot-create-as): Document
it.
Since a snapshot is fully recoverable, it is useful to have a
snapshot as a means of hibernating a guest, then reverting to
the snapshot to wake the guest up. This mode of usage is
similar to 'virsh save/virsh restore', except that virsh
save uses an external file while virsh snapshot keeps the
vm state internal to a qcow2 file. However, it only works on
persistent domains.
In the usage pattern of snapshot/revert for hibernating a guest,
there is no need to keep the guest running between the two points
in time, especially since that would generate runtime state that
would just be discarded. Add a flag to make it possible to
stop the domain after the snapshot has completed.
* include/libvirt/libvirt.h.in (VIR_DOMAIN_SNAPSHOT_CREATE_HALT):
New flag.
* src/libvirt.c (virDomainSnapshotCreateXML): Document it.
* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateXML)
(qemuDomainSnapshotCreateActive): Implement it.
It would technically be possible to have virsh compute the list
of descendants of a given snapshot, then delete those one at
a time. But it's complex, and not worth writing for a first
cut at implementing the new flags.
* tools/virsh.c (cmdSnapshotDelete): Add --children-only,
--metadata.
* tools/virsh.pod (snapshot-delete): Document them.
Reverting to a state prior to an external snapshot risks
corrupting any other branches in the snapshot hierarchy that
were using the snapshot as a read-only backing file. So
disk snapshot code will default to preventing reverting to
a snapshot that has any children, meaning that deleting just
the children of a snapshot becomes a useful operation in
preparing that snapshot for being a future reversion target.
The code for the new flag is simple - it's one less deletion,
plus a tweak to keep the current snapshot correct.
* include/libvirt/libvirt.h.in
(VIR_DOMAIN_SNAPSHOT_DELETE_CHILDREN_ONLY): New flag.
* src/libvirt.c (virDomainSnapshotDelete): Document it, and
enforce mutual exclusion.
* src/qemu/qemu_driver.c (qemuDomainSnapshotDelete): Implement
it.
The previous patch introduced new config, but if a hypervisor does
not support that new config, someone can write XML that does not
behave as documented. This prevents some of those cases by
explicitly rejecting transient disks for several hypervisors.
Disk snapshots will require a new flag to actually affect a snapshot
creation, so there's not much to reject there.
* src/qemu/qemu_command.c (qemuBuildDriveStr): Reject transient
disks for now.
* src/libxl/libxl_conf.c (libxlMakeDisk): Likewise.
* src/xenxs/xen_sxpr.c (xenFormatSxprDisk): Likewise.
* src/xenxs/xen_xm.c (xenFormatXMDisk): Likewise.
As discussed here:
https://www.redhat.com/archives/libvir-list/2011-August/msg00361.htmlhttps://www.redhat.com/archives/libvir-list/2011-August/msg00552.html
Adds snapshot attribute and transient sub-element:
<devices>
<disk type=... snapshot='no|internal|external'>
...
<transient/>
</disk>
</devices>
* docs/schemas/domaincommon.rng (snapshot): New define.
(disk): Add snapshot and persistent attributes.
* docs/formatdomain.html.in: Document them.
* src/conf/domain_conf.h (virDomainDiskSnapshot): New enum.
(_virDomainDiskDef): New fields.
* tests/qemuxml2argvdata/qemuxml2argv-disk-transient.xml: New
test of rng, no args counterpart until qemu support is complete.
* tests/qemuxml2argvdata/qemuxml2argv-disk-snapshot.args: New
file, snapshot attribute does not affect args.
* tests/qemuxml2argvdata/qemuxml2argv-disk-snapshot.xml: Likewise.
* tests/qemuxml2argvtest.c (mymain): Run new test.
Fix bug #611823 storage driver should prohibit pools with duplicate
underlying storage.
Add internal API virStoragePoolSourceFindDuplicate() to do uniqueness
check based on source location infomation for pool type.
* AUTHORS: add Lei Li
At least Xen-3.4.3 translates the /vm/localtime SXPR value to
/domain/platform/localtime and /domain/image/{linux,hvm}/localtime when
the domain is defined. When reading back that information libvirt only
handles HVM domains, but not PV domains: This results in libvirtd always
returning
<clock offset="utc"/>
while Xend used (localtime 1).
For PV domains use /domain/image/linux/localtime.
When reverting to a snapshot, the inactive domain configuration
has to be rolled back to what it was at the time of the snapshot.
Additionally, if the VM is active and the snapshot was active,
this now adds a failure if the two configurations are ABI
incompatible, rather than risking qemu confusion.
A future patch will add a VIR_DOMAIN_SNAPSHOT_FORCE flag, which
will be required for two risky code paths - reverting to an
older snapshot that lacked full domain information, and reverting
from running to a live snapshot that requires starting a new qemu
process. Any reverting that stops a running vm is also a form
of data loss (discarding the current running state to go back in
time), but as that is what reversion usually implies, it is
probably not worth requiring a force flag.
* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateXML): Copy out
domain.
(qemuDomainSnapshotCreateXML, qemuDomainRevertToSnapshot): Perform
ABI compatibility checks.
This patch will probably cause merge conflicts to those trying
to do backports. The end goal is simple - domaincommon.rng
should be the state of domain.rng pre-patch, with a few lines
tweaked in the header, while domain.rng post-patch is now just
a shell that includes domaincommon.rng and sets the <start>.
* docs/schemas/domain.rng: Move guts...
* docs/schemas/domaincommon.rng: ...to new file.
* docs/schemas/domainsnapshot.rng: Allow new xml.
* docs/schemas/Makefile.am (schema_DATA): Distribute new file.
* tests/domainsnapshotxml2xmlout/full_domain.xml: New test.
* libvirt.spec.in (%files client): Ship new file. Sort lines.
* mingw32-libvirt.spec.in: Likewise.
Commit 69278878 fixed one direction of arbitrarily-named snapshots,
but not the round trip path. While auditing domain_conf, I found
a couple other instances that weren't escaping arbitrary strings.
* src/conf/domain_conf.c (virDomainFSDefFormat)
(virDomainGraphicsListenDefFormat, virDomainSnapshotDefFormat):
Escape arbitrary strings.
Just like VM saved state images (virsh save), snapshots MUST
track the inactive domain xml to detect any ABI incompatibilities.
The indentation is not perfect, but functionality comes before form.
Later patches will actually supply a full domain; for now, this
wires up the storage to support one, but doesn't ever generate one
in dumpxml output.
Happily, libvirt.c was already rejecting use of VIR_DOMAIN_XML_SECURE
from read-only connections, even though before this patch, there was
no information to be secured by the use of that flag.
And while we're at it, mark the libvirt snapshot metadata files
as internal-use only.
* src/libvirt.c (virDomainSnapshotGetXMLDesc): Document flag.
* src/conf/domain_conf.h (_virDomainSnapshotDef): Add member.
(virDomainSnapshotDefParseString, virDomainSnapshotDefFormat):
Update signature.
* src/conf/domain_conf.c (virDomainSnapshotDefFree): Clean up.
(virDomainSnapshotDefParseString): Optionally parse domain.
(virDomainSnapshotDefFormat): Output full domain.
* src/esx/esx_driver.c (esxDomainSnapshotCreateXML)
(esxDomainSnapshotGetXMLDesc): Update callers.
* src/vbox/vbox_tmpl.c (vboxDomainSnapshotCreateXML)
(vboxDomainSnapshotGetXMLDesc): Likewise.
* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateXML)
(qemuDomainSnapshotLoad, qemuDomainSnapshotGetXMLDesc)
(qemuDomainSnapshotWriteMetadata): Likewise.
* docs/formatsnapshot.html.in: Rework doc example.
Based on a patch by Philipp Hahn.
Minor semantic change - allow domain xml to be generated in place
within a larger buffer, rather than having to go through a
temporary string.
* src/conf/domain_conf.c (virDomainDefFormatInternal): Add
parameter.
(virDomainDefFormat, virDomainObjFormat): Update callers.
Migration is another case of stranding metadata. And since
snapshot metadata is arbitrarily large, there's no way to
shoehorn it into the migration cookie of migration v3.
This patch consolidates two existing locations for migration
validation into one helper function, then enhances that function
to also do the new checks. If we could always trust the source
to validate migration, then the destination would not have to
do anything; but since older servers that did not do checking
can migrate to newer destinations, we have to repeat some of
the same checks on the destination; meanwhile, we want to
detect failures as soon as possible. With migration v2, this
means that validation will reject things at Prepare on the
destination if the XML exposes the problem, otherwise at Perform
on the source; with migration v3, this means that validation
will reject things at Begin on the source, or if the source
is old and the XML exposes the problem, then at Prepare on the
destination.
This patch is necessarily over-strict. Once a later patch
properly handles auto-cleanup of snapshot metadata on the
death of a transient domain, then the only time we actually
need snapshots to prevent migration is when using the
--undefinesource flag on a persistent source domain.
It is possible to recreate snapshot metadata on the destination
with VIR_DOMAIN_SNAPSHOT_CREATE_REDEFINE and
VIR_DOMAIN_SNAPSHOT_CREATE_CURRENT. But for now, that is limited,
since if we delete the snapshot metadata prior to migration,
then we won't know the name of the current snapshot to pass
along; and if we delete the snapshot metadata after migration
and use the v3 migration cookie to pass along the name of the
current snapshot, then we need a way to bypass the fact that
this patch refuses migration with snapshot metadata present.
So eventually, we may have to introduce migration protocol v4
that allows feature negotiation and an arbitrary number of
handshake exchanges, so as to pass as many rpc calls as needed
to transfer all the snapshot xml hierarchy.
But all of that is thoughts for the future; for now, the best
course of action is to quit early, rather than get into a
funky state of stale metadata; then relax restrictions later.
* src/qemu/qemu_migration.h (qemuMigrationIsAllowed): Make static.
* src/qemu/qemu_migration.c (qemuMigrationIsAllowed): Alter
signature, and allow checks for both outgoing and incoming.
(qemuMigrationBegin, qemuMigrationPrepareAny)
(qemuMigrationPerformJob): Update callers.
A nice benefit of deleting all snapshots at undefine time is that
you don't have to do any reparenting or subtree identification - since
everything goes, this is an O(n) process, whereas using multiple
virDomainSnapshotDelete calls would be O(n^2) or worse. But it is
only doable for snapshot metadata, where we are in control of the
data being deleted; for the actual snapshots, there's too much
likelihood of something going wrong, and requiring even more API
calls to figure out what failed in the meantime, so callers are
better off deleting the snapshot data themselves one snapshot at
a time where they can deal with failures as they happen.
* src/qemu/qemu_driver.c (qemuDomainUndefineFlags): Honor new flags.
As more clients start to want to know this information, doing
a PATH stat walk and malloc for every client adds up.
We are only caching the location, not the capabilities, so even
if qemu-img is updated in the meantime, it will still probably
live in the same location. So there is no need to worry about
clearing this particular cache.
* src/qemu/qemu_conf.h (qemud_driver): Add member.
* src/qemu/qemu_driver.c (qemudShutdown): Cleanup.
(qemuFindQemuImgBinary): Add an argument, and cache result.
(qemuDomainSnapshotForEachQcow2, qemuDomainSnapshotDiscard)
(qemuDomainSnapshotCreateInactive, qemuDomainSnapshotRevertInactive)
(qemuDomainSnapshotCreateXML, qemuDomainRevertToSnapshot): Update
callers.
Similar to 'undefine --managed-save' (commit 83e849c1), we must
assume that the old API is unsafe; however, we cannot emulate
metadata-only deletion on older servers. Additionally, we have
the wrinkle that while virDomainUndefineFlags and managed save
cleanup were introduced in 0.9.4, it wasn't until 0.9.5 that
snapshots block undefine of a domain. Do the best we can given
the server we are talking to.
* tools/virsh.c (cmdUndefine): Add --snapshots-metadata flag.
* tools/virsh.pod (undefine, destroy, shutdown): Document effect
of snapshots.
Just as leaving managed save metadata behind can cause problems
when creating a new domain that happens to collide with the name
of the just-deleted domain, the same is true of leaving any
snapshot metadata behind. For safety sake, extend the semantic
change of commit b26a9fa9 to also cover snapshot metadata as a
reason to reject undefining an inactive domain. A future patch
will make sure that shutdown of a transient domain automatically
deletes snapshot metadata (whether by destroy, shutdown, or
guest-initiated action). Management apps of transient domains
should take care to capture xml of snapshots, if it is necessary
to recreate the snapshot metadata on a later transient domain
with the same name and uuid.
This also documents a new flag that hypervisors can choose to
support as a shortcut for taking care of the metadata as part of
the undefine process; however, nontrivial driver support for these
flags will be deferred to future patches.
Note that ESX and VBox can never be transient; therefore, they
do not have to worry about automatic cleanup after shutdown
(the persistent domain still remains); likewise they never
store snapshot metadata, so the undefine flag is trivial.
The nontrivial work remaining is thus in the qemu driver.
* include/libvirt/libvirt.h.in
(VIR_DOMAIN_UNDEFINE_SNAPSHOTS_METADATA): New flag.
* src/libvirt.c (virDomainUndefine, virDomainUndefineFlags):
Document new limitations and flag.
* src/esx/esx_driver.c (esxDomainUndefineFlags): Trivial
implementation.
* src/vbox/vbox_tmpl.c (vboxDomainUndefineFlags): Likewise.
* src/qemu/qemu_driver.c (qemuDomainUndefineFlags): Enforce
the limitations.
Redefining a qemu snapshot requires a bit of a tweak to the common
snapshot parsing code, but the end result is quite nice.
Be careful that redefinitions do not introduce circular parent
chains. Also, we don't want to allow conversion between online
and offline existing snapshots. We could probably do some more
validation for snapshots that don't already exist to make sure
they are even feasible, by parsing qemu-img output, but that
can come later.
* src/conf/domain_conf.h (virDomainSnapshotParseFlags): New
internal flags.
* src/conf/domain_conf.c (virDomainSnapshotDefParseString): Alter
signature to take internal flags.
* src/esx/esx_driver.c (esxDomainSnapshotCreateXML): Update caller.
* src/vbox/vbox_tmpl.c (vboxDomainSnapshotCreateXML): Likewise.
* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateXML): Support
new public flags.
Supporting NO_METADATA on snapshot creation is interesting - we must
still return a valid opaque snapshot object, but the user can't get
anything out of it (unless we add a virDomainSnapshotGetName()),
since it is no longer registered with the domain.
Also, virsh now tries to query for secure xml, in anticipation of
when we store <domain> xml inside <domainsnapshot>; for now, we
can trivially support it, since we have nothing secure.
* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateXML): Support
new flag.
(qemuDomainSnapshotGetXMLDesc): Trivially support VIR_DOMAIN_XML_SECURE.
Wire up the new snapshot creation flags in virsh. For convenience,
teach 'snapshot-current' how to make an existing snapshot become
current (can be used after upgrading to newer libvirt to recover
from the fact that the older libvirt lost track of the current
snapshot after a restart). The snapshot-create-as command is
intentionally not taught --redefine or --current, as this would
imply adding a lot of other options for everything else that can
appear in the <domainsnapshot> xml, but which is normally read-only.
Besides, redefining will usually be done on files created by
snapshot-dumpxml, rather than something built up by hand on the
command line. And now that we can redefine, we can edit.
* tools/virsh.c (cmdSnapshotCreate): Add --redefine, --current,
and --no-metadata.
(cmdSnapshotCreateAs): Add --no-metadata.
(cmdSnapshotCurrent): Add snapshotname to alter current snapshot.
(cmdSnapshotEdit): New command.
* tools/virsh.pod (snapshot-create, snapshot-create-as)
(snapshot-current, snapshot-edit): Document these.
The next patch will make snapshot creation more complex, so it's
better to avoid repetition of the complexity.
* tools/virsh.c (vshSnapshotCreate): New helper function.
(cmdSnapshotCreate, cmdSnapshotCreateAs): Use it.
The first two flags are essential for being able to replicate
snapshot hierarchies across multiple hosts, which will come in
handy for supervised migrations. It also allows a management app
to take a snapshot of a transient domain, save the metadata, stop
the domain, recreate a new transient domain by the same name,
redefine the snapshot, then revert to it.
This is not quite as convenient as leaving the metadata behind
after a domain is no longer around, but doing that has a few
problems: 1. the libvirt API can only delete snapshot metadata
if there is a valid domain handle to use to get to that snapshot
object - if stale data is left behind without a domain, there is
no way to request that the data be cleaned up. 2. creating a new
domain with the same name but different uuid than the older
domain where a snapshot existed cannot use the older snapshot
data; this risks confusing libvirt, and forbidding the stale
data is similar to the recent patch to forbid stale managed save.
The first two flags might be useful on hypervisors with no metadata,
but only for modifying the notion of the current snapshot;
however, I don't know how to do that for ESX or VBox.
The third flag is a convenience option, to combine a creation with
a delete metadata into one step. It is trivial for hypervisors
with no metadata.
The qemu changes will be involved enough to warrant a separate patch.
* include/libvirt/libvirt.h.in
(VIR_DOMAIN_SNAPSHOT_CREATE_REDEFINE)
(VIR_DOMAIN_SNAPSHOT_CREATE_CURRENT)
(VIR_DOMAIN_SNAPSHOT_CREATE_NO_METADATA): New flags.
* src/libvirt.c (virDomainSnapshotCreateXML): Document them, and
enforce mutual exclusion.
* src/esx/esx_driver.c (esxDomainSnapshotCreateXML): Trivial
implementation.
* src/vbox/vbox_tmpl.c (vboxDomainSnapshotCreateXML): Likewise.
* docs/formatsnapshot.html.in: Document re-creation.
New flag bits are worth exposing via virsh. In the case of
snapshot-list --roots, it's possible to emulate this even when
talking to an older server that lacks the bit; whereas
--metadata requires a newer server.
Although we don't use --security-info yet, the flag is already
documented for other dumpxml operations, and turning it on now
will make it useful when a future patch actually has to honor it.
* tools/virsh.c (cmdSnapshotDumpXML, cmdSnapshotCurrent): Add
--security-info.
(cmdSnapshotList): Add --roots, --metadata.
* tools/virsh.pod (snapshot-dumpxml, snapshot-current)
(snapshot-list): Document these.
To make it easier to know when undefine will fail because of existing
snapshot metadata, we need to know how many snapshots have metadata.
Also, it is handy to filter the list of snapshots to just those that
have no parents; document that flag now, but implement it in later patches.
* include/libvirt/libvirt.h.in (VIR_DOMAIN_SNAPSHOT_LIST_ROOTS)
(VIR_DOMAIN_SNAPSHOT_LIST_METADATA): New flags.
* src/libvirt.c (virDomainSnapshotNum)
(virDomainSnapshotListNames): Document them.
* src/esx/esx_driver.c (esxDomainSnapshotNum)
(esxDomainSnapshotListNames): Implement trivial flag.
* src/vbox/vbox_tmpl.c (vboxDomainSnapshotNum)
(vboxDomainSnapshotListNames): Likewise.
* src/qemu/qemu_driver.c (qemuDomainSnapshotNum)
(qemuDomainSnapshotListNames): Likewise.
Adding this was trivial compared to the previous patch for fixing
qemu snapshot deletion in the first place.
* src/qemu/qemu_driver.c (qemuDomainSnapshotDiscard): Add
parameter.
(qemuDomainSnapshotDiscardDescendant, qemuDomainSnapshotDelete):
Update callers.
A future patch will make it impossible to remove a domain if it
would leave behind any libvirt-tracked metadata about snapshots,
since stale metadata interferes with a new domain by the same name.
But requiring snaphot contents to be deleted before removing a
domain is harsh; with qemu, qemu-img can still make use of the
contents after the libvirt domain is gone. Therefore, we need
an option to get rid of libvirt tracking information, but not
the actual contents. For hypervisors that do not track any
metadata in libvirt, the implementation is trivial; all remaining
hypervisors (really, just qemu) will be dealt with separately.
* include/libvirt/libvirt.h.in
(VIR_DOMAIN_SNAPSHOT_DELETE_METADATA_ONLY): New flag.
* src/libvirt.c (virDomainSnapshotDelete): Document it.
* src/esx/esx_driver.c (esxDomainSnapshotDelete): Trivially
supported when there is no libvirt metadata.
* src/vbox/vbox_tmpl.c (vboxDomainSnapshotDelete): Likewise.
Similar to the last patch in isolating the filtering from the
client actions, so that clients don't have to reinvent the
filtering.
* src/conf/domain_conf.h (virDomainSnapshotForEachChild): New
prototype.
* src/libvirt_private.syms (domain_conf.h): Export it.
* src/conf/domain_conf.c (virDomainSnapshotActOnChild)
(virDomainSnapshotForEachChild): New functions.
(virDomainSnapshotCountChildren): Delete.
(virDomainSnapshotHasChildren): Simplify.
* src/qemu/qemu_driver.c (qemuDomainSnapshotReparentChildren)
(qemuDomainSnapshotDelete): Likewise.
Deleting a snapshot and all its descendants had problems with
tracking the current snapshot. The deletion does not necessarily
proceed in depth-first order, so a parent could be deleted
before a child, wreaking havoc on passing the notion of the
current snapshot to the parent. Furthermore, even if traversal
were depth-first, doing multiple file writes to pass current up
the chain one snapshot at a time is wasteful, comparing to a
single update to the current snapshot at the end of the algorithm.
* src/qemu/qemu_driver.c (snap_remove): Add field.
(qemuDomainSnapshotDiscard): Add parameter.
(qemuDomainSnapshotDiscardDescendant): Adjust accordingly.
(qemuDomainSnapshotDelete): Properly reset current.
This one's nasty. Ever since we fixed virHashForEach to prevent
nested hash iterations for safety reasons (commit fba550f6),
virDomainSnapshotDelete with VIR_DOMAIN_SNAPSHOT_DELETE_CHILDREN
has been broken for qemu: it deletes children, while leaving
grandchildren intact but pointing to a no-longer-present parent.
But even before then, the code would often appear to succeed to
clean up grandchildren, but risked memory corruption if you have
a large and deep hierarchy of snapshots.
For acting on just children, a single virHashForEach is sufficient.
But for acting on an entire subtree, it requires iteration; and
since we declared recursion as invalid, we have to switch to a
while loop. Doing this correctly requires quite a bit of overhaul,
so I added a new helper function to isolate the algorithm from the
actions, so that callers do not have to reinvent the iteration.
Note that this _still_ does not handle CHILDREN correctly if one
of the children is the current snapshot; that will be next.
* src/conf/domain_conf.h (_virDomainSnapshotDef): Add mark.
(virDomainSnapshotForEachDescendant): New prototype.
* src/libvirt_private.syms (domain_conf.h): Export it.
* src/conf/domain_conf.c (virDomainSnapshotMarkDescendant)
(virDomainSnapshotActOnDescendant)
(virDomainSnapshotForEachDescendant): New functions.
* src/qemu/qemu_driver.c (qemuDomainSnapshotDiscardChildren):
Replace...
(qemuDomainSnapshotDiscardDescenent): ...with callback that
doesn't nest hash traversal.
(qemuDomainSnapshotDelete): Use new function.
Each snapshot lookup was iterating over the entire hash table, O(n),
instead of honing in directly on the hash key, amortized O(1).
Besides, fixing this means that virDomainSnapshotFindByName can now
be used inside another virHashForeach iteration (without this patch,
attempts to lookup a snapshot by name during a hash iteration will
fail due to nested iteration).
* src/conf/domain_conf.c (virDomainSnapshotFindByName): Simplify.
(virDomainSnapshotObjListSearchName): Delete unused function.
Even though I recently added 'virsh snapshot-parent', doing it one
snapshot at a time is painful, so make it possible to expand the
snapshot-list table at once.
* tools/virsh.c (cmdSnapshotList): Add --parent.
* tools/virsh.pod (snapshot-list): Document it.
For a system checkpoint of a running or paused domain, it's fairly
easy to honor new flags for altering which state to use after the
revert. For an inactive snapshot, the revert has to be done while
there is no qemu process, so do back-to-back transitions; this also
lets us revert to inactive snapshots even for transient domains.
* src/qemu/qemu_driver.c (qemuDomainRevertToSnapshot): Support new
flags.
Commit 5e47785 broke reverts to offline system checkpoint snapshots
with older qemu, since there is no longer any code path to use
qemu -loadvm on next boot. Meanwhile, reverts to offline system
checkpoints have been broken for newer qemu, both before and
after that commit, since -loadvm no longer works to revert to
disk state without accompanying vm state. Fix both of these by
using qemu-img to revert disk state.
Meanwhile, consolidate the (now 3) clients of a qemu-img iteration
over all disks of a VM into one function, so that any future
algorithmic fixes to the FIXMEs in that function after partial
loop iterations are dealt with at once. That does mean that this
patch doesn't handle partial reverts very well, but we're not
making the situation any worse in this patch.
* src/qemu/qemu_driver.c (qemuDomainRevertToSnapshot): Use
qemu-img rather than 'qemu -loadvm' to revert to offline snapshot.
(qemuDomainSnapshotRevertInactive): New helper.
(qemuDomainSnapshotCreateInactive): Factor guts...
(qemuDomainSnapshotForEachQcow2): ...into new helper.
(qemuDomainSnapshotDiscard): Use it.
If you take a checkpoint snapshot of a running domain, then pause
qemu, then restore the snapshot, the result should be a running
domain, but the code was leaving things paused. Furthermore, if
you take a checkpoint of a paused domain, then run, then restore,
there was a brief but non-deterministic window of time where the
domain was running rather than paused. Fix both of these
discrepancies by always pausing before restoring.
Also, check that the VM is active every time lock is dropped
between two monitor calls.
Finally, straighten out the events that get emitted on each
transition.
* src/qemu/qemu_driver.c (qemuDomainRevertToSnapshot): Always
pause before reversion, and improve events.
Implement the new running/paused overrides for saved state management.
Unfortunately, for virDomainSaveImageDefineXML, the saved state
updates are write-only - I don't know of any way to expose a way
to query the current run/pause setting of an existing save image
file to the user without adding a new API or modifying the domain
xml of virDomainSaveImageGetXMLDesc to include a new element to
reflect the state bit encoded into the save image. However, I
don't think this is a show-stopper, since the API is designed to
leave the state bit alone unless an explicit flag is used to
change it.
* src/qemu/qemu_driver.c (qemuDomainSaveInternal)
(qemuDomainSaveImageOpen): Adjust signature.
(qemuDomainSaveFlags, qemuDomainManagedSave)
(qemuDomainRestoreFlags, qemuDomainSaveImageGetXMLDesc)
(qemuDomainSaveImageDefineXML, qemuDomainObjRestore): Adjust
callers.
Pretty straight-forward exposure of new flags. For most commands,
we let the API reject mutually exclusive flags; but for save-image-edit,
we do the sanity check ourselves to avoid looping on flag failure if
the edit cycle is ever enhanced to allow the user to retry an edit
to fix up an xml validation error.
* tools/virsh.c (cmdManagedSave, cmdRestore, cmdSave)
(cmdSaveImageDefine, cmdSaveImageEdit): Add new flags.
* tools/virsh.pod (managedsave, restore, save, save-image-define)
(save-image-edit): Document them.
While it is nice that snapshots and saved images remember whether
the domain was running or paused, sometimes the restoration phase
wants to guarantee a particular state (paused to allow hot-plugging,
or running without needing to call resume). This introduces new
flags to allow the control, and a later patch will implement the
flags for qemu.
* include/libvirt/libvirt.h.in (VIR_DOMAIN_SAVE_RUNNING)
(VIR_DOMAIN_SAVE_PAUSED, VIR_DOMAIN_SNAPSHOT_REVERT_RUNNING)
(VIR_DOMAIN_SNAPSHOT_REVERT_PAUSED): New flags.
* src/libvirt.c (virDomainSaveFlags, virDomainRestoreFlags)
(virDomainManagedSave, virDomainSaveImageDefineXML)
(virDomainRevertToSnapshot): Document their use, and enforce
mutual exclusion.
There are two classes of management apps that track events - one
that only cares about on/off (and only needs to track EVENT_STARTED
and EVENT_STOPPED), and one that cares about paused/running (also
tracks EVENT_SUSPENDED/EVENT_RESUMED). To keep both classes happy,
any transition that can go from inactive to paused must emit two
back-to-back events - one for started and one for suspended (since
later resuming of the domain will only send RESUMED, but the first
class isn't tracking that).
This also fixes a bug where virDomainCreateWithFlags with the
VIR_DOMAIN_START_PAUSED flag failed to start paused when restoring
from a managed save image.
* include/libvirt/libvirt.h.in (VIR_DOMAIN_EVENT_SUSPENDED_RESTORED)
(VIR_DOMAIN_EVENT_SUSPENDED_FROM_SNAPSHOT)
(VIR_DOMAIN_EVENT_RESUMED_FROM_SNAPSHOT): New sub-events.
* src/qemu/qemu_driver.c (qemuDomainRevertToSnapshot): Use them.
(qemuDomainSaveImageStartVM): Likewise, and add parameter.
(qemudDomainCreate, qemuDomainObjStart): Send suspended event when
starting paused.
(qemuDomainObjRestore): Add parameter.
(qemuDomainObjStart, qemuDomainRestoreFlags): Update callers.
* examples/domain-events/events-c/event-test.c
(eventDetailToString): Map new detail strings.
QEMU uses USB bus name "usb.0" when using the legacy -usb argument.
If we want to allow USB devices to specify their addresses with legacy
-usb, we should either in case of legacy bus name drop the 0 from the
address bus, or just drop the 0 from device id. This patch does the
later.
Another solution would be to permit addressing on non-legacy USB
controllers only.
So that devices can be attached to hubs. Example, to attach to first
port of a usb-hub on port 1.
<hub type='usb'>
<address type='usb' bus='0' port='1'/>
</hub>
<input type='mouse' type='usb'>
<address type='usb' bus='0' port='1.1'/>
</hub>
also add a test entry
Commit 6766ff10 introduced a corner case bug with snapshot creation:
if a snapshot is created, but then we hit OOM while trying to
create the return value of the function, then we have polluted the
internal directory with the snapshot metadata with no way to clean
it up from the running libvirtd.
* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateXML): Don't
write metadata file on OOM condition.
Created by copying from qemuxml2argv-disk-drive-v2-wb.*, then
s/writeback/directsync/. Hopefully this matches Osier's intentions.
* tests/qemuxml2argvdata/qemuxml2argv-disk-drive-cache-directsync.args:
* tests/qemuxml2argvdata/qemuxml2argv-disk-drive-cache-directsync.xml:
Add missing files needed by 'make check'.
Newer QEMU introduced cache=directsync for -drive, this patchset
is to expose it in libvirt layer.
* Introduced a new QEMU capability flag ($prefix_CACHE_DIRECTSYNC),
As even $prefix_CACHE_V2 is set, we can't known if directsync
is supported.
This patch adds the ability to make the filesystem for a filesystem
pool during a pool build.
The patch adds two new flags, no overwrite and overwrite, to control
when mkfs gets executed. By default, the patch preserves the
current behavior, i.e., if no flags are specified, pool build on a
filesystem pool only makes the directory on which the filesystem
will be mounted.
If the no overwrite flag is specified, the target device is checked
to determine if a filesystem of the type specified in the pool is
present. If a filesystem of that type is already present, mkfs is
not executed and the build call returns an error. Otherwise, mkfs
is executed and any data present on the device is overwritten.
If the overwrite flag is specified, mkfs is always executed, and any
existing data on the target device is overwritten unconditionally.
Several users have reported problems with 'virsh start' failing because
it was encountering a managed save situation where the managed save file
was incomplete. Be more robust to this by using two different magic
numbers, so that newer libvirt can gracefully handle an incomplete file
differently than a complete one, while older libvirt will at least fail
up front rather than trying to load only to have qemu fail at the end.
Managed save is a convenience - it exists to preserve as much state
as possible; if the state was not preserved, it is reasonable to just
log that fact, then proceed with a fresh boot. On the other hand,
user saves are under user control, so we must fail, but by making
the failure message distinct, the user can better decide how to handle
the situation of an incomplete save file.
* src/qemu/qemu_driver.c (QEMUD_SAVE_PARTIAL): New define.
(qemuDomainSaveInternal): Use it to mark incomplete images.
(qemuDomainSaveImageOpen, qemuDomainObjRestore): Add parameter
that controls what to do with partial images.
(qemuDomainRestoreFlags, qemuDomainSaveImageGetXMLDesc)
(qemuDomainSaveImageDefineXML, qemuDomainObjStart): Update callers.
Based on an initial idea by Osier Yang.
In a SELinux or root-squashing NFS environment, libvirt has to go
through some hoops to create a new file that qemu can then open()
by name. Snapshots are a case where we want to guarantee an empty
file that qemu can open; also, reopening a save file to convert it
from being marked partial to complete requires a reopen to avoid
O_DIRECT headaches. Refactor some existing code to make it easier
to reuse in later patches.
* src/qemu/qemu_migration.h (qemuMigrationToFile): Drop parameter.
* src/qemu/qemu_migration.c (qemuMigrationToFile): Let cgroup do
the stat, rather than asking caller to do it and pass info down.
* src/qemu/qemu_driver.c (qemuOpenFile): New function, pulled from...
(qemuDomainSaveInternal): ...here.
(doCoreDump, qemuDomainSaveImageOpen): Use it here as well.
After supporting multi function pci device, we only reserve function 1 on slot 1.
The user can use the other function on slot 1 in the xml config file. We should
detect this wrong usage.
When libvirtd is running at non-root user, it won't create ${HOME}/.libvirt.
It will show error message:
17:44:16.838: 7035: error : virPidFileAcquirePath:322 : Failed to open pid file
Signed-off-by: Xu He Jie <xuhj@linux.vnet.ibm.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
Currently, the lxc implementation invokes 'ip' and 'ifconfig' commands
inside a container using 'virRun'. That has the side effect of requiring
those commands to be present and to function in a manner consistent with
the usage. Some small roots (such as ttylinux) may not have 'ip' or
'ifconfig'.
This patch replaces the use of these commands with usage of
netdevice. The result is that lxc containers do not have to implement
those commands, and lxc in libvirt is only dependent on the netdevice
interface.
I've tested this patch locally against the ubuntu libvirt version enough
to verify its generally sane. I attempted to build upstream today, but
failed with:
/usr/bin/ld:
../src/.libs/libvirt_driver_qemu.a(libvirt_driver_qemu_la-qemu_domain.o):
undefined reference to symbol 'xmlXPathRegisterNs@@LIBXML2_2.4.30
Thats probably a local issue only, but I wanted to get this patch up and
see what others thought of it. This is ubuntu bug
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/828211 .
Hi,
I'm seeing an issue with udev and libvirt-lxc. Libvirt-lxc creates
/dev/ptmx as a symlink to /dev/pts/ptmx. When udev starts up, it
checks the device type, sees ptmx is 'not right', and replaces it
with a 'proper' ptmx.
In lxc, /dev/ptmx is bind-mounted from /dev/pts/ptmx instead of being
symlinked, so udev sees the right device type and leaves it alone.
A patch like the following seems to work for me. Would there be
any objections to this?
>From 4c5035de52de7e06a0de9c5d0bab8c87a806cba7 Mon Sep 17 00:00:00 2001
From: Ubuntu <ubuntu@domU-12-31-39-14-F0-B3.compute-1.internal>
Date: Wed, 31 Aug 2011 18:15:54 +0000
Subject: [PATCH 1/1] make ptmx a bind mount rather than symlink
udev on some systems checks the device type of /dev/ptmx, and replaces it if
not as expected. The symlink created by libvirt-lxc therefore gets replaced.
By creating it as a bind mount, the device type is correct and udev leaves it
alone.
Signed-off-by: Serge Hallyn <serge.hallyn@canonical.com>
The libvirt BlockPull API supports the use of an initial bandwidth limit but the
qemu block_stream API does not. To get the desired behavior we use the two APIs
strung together: first BlockPull, then BlockJobSetSpeed. We can do this at the
driver level to avoid duplicated code in each monitor path.
Signed-off-by: Adam Litke <agl@us.ibm.com>
Due to an unfortunate precedent in qemu, the units for the bandwidth parameter
to block_job_set_speed are different between the text monitor and the qmp
monitor. While the qmp monitor uses bytes/s, the text monitor expects MB/s.
Correct the units for the text interface.
Signed-off-by: Adam Litke <agl@us.ibm.com>
On systems with many pcpus, the sexpr returned by xend can be quite
large for dom0 when it is configured to have #vcpus = #pcpus (default).
E.g. on a 80 pcpu system, where dom0 had 80 vcpus, the sexpr details
for dom0 was 73817 bytes! Increase maximum buffer size to 256k.
xenDaemonDomainFetch() was overwriting errors reported by
xend_get() and xend_req(). E.g. without patch
error: failed Xen syscall xenDaemonDomainFetch failed to find this domain
with patch
error: internal error Xend returned HTTP Content-Length of 73817, which exceeds
maximum of 65536
The 'virsh man' description of send-key was incomplete and used the
old style (literal 'optional name' instead of '[name]' metasyntax).
Meanwhile, none of the other virsh help texts include examples, so
I moved it out of virsh help and into the man page.
* tools/virsh.pod (send-key): Give better details.
* tools/virsh.c (info_send_key): Drop example from here.
Managed save was added in 0.8.0, virDomainCreateWithFlags in 0.8.2,
and FORCE_BOOT in 0.9.5. The virsh flag is more useful if we
emulate it for all older servers (note that if a hypervisor fails
the query for a managed save image, then it does not have one to
be removed, so the flag can be safely ignored).
* tools/virsh.c (cmdStart): Add emulation for new flag.
* tools/virsh.c: fix memory leak on cmdVolCreateAs function.
* Detected in valgrind run:
==4746==
==4746== 48 (40 direct, 8 indirect) bytes in 1 blocks are definitely lost in loss record 26 of 52
==4746== at 0x4A04A28: calloc (vg_replace_malloc.c:467)
==4746== by 0x4C76E51: virAlloc (memory.c:101)
==4746== by 0x4CD9418: virGetStoragePool (datatypes.c:592)
==4746== by 0x4D21367: remoteStoragePoolLookupByName (remote_driver.c:4126)
==4746== by 0x4CE42B0: virStoragePoolLookupByName (libvirt.c:10232)
==4746== by 0x40C276: vshCommandOptPoolBy (virsh.c:13660)
==4746== by 0x40CA37: cmdVolCreateAs (virsh.c:8094)
==4746== by 0x412AF2: vshCommandRun (virsh.c:13770)
==4746== by 0x422F11: main (virsh.c:15127)
==4746==
==4746== 1,011 bytes in 1 blocks are definitely lost in loss record 45 of 52
==4746== at 0x4A05FDE: malloc (vg_replace_malloc.c:236)
==4746== by 0x4A06167: realloc (vg_replace_malloc.c:525)
==4746== by 0x4C76ECB: virReallocN (memory.c:161)
==4746== by 0x4C60319: virBufferGrow (buf.c:72)
==4746== by 0x4C606AA: virBufferAdd (buf.c:106)
==4746== by 0x40CB37: cmdVolCreateAs (virsh.c:8118)
==4746== by 0x412AF2: vshCommandRun (virsh.c:13770)
==4746== by 0x422F11: main (virsh.c:15127)
==4746==
==4746== LEAK SUMMARY:
==4746== definitely lost: 1,051 bytes in 2 blocks
==4746== indirectly lost: 8 bytes in 1 blocks
==4746== possibly lost: 0 bytes in 0 blocks
==4746== still reachable: 390,767 bytes in 1,373 blocks
==4746== suppressed: 0 bytes in 0 blocks
* How to reproduce?
% valgrind -v --leak-check=full virsh vol-create-as default foo.img 10M \
--allocation 0 --format qcow2 --backing-vol bar.img
Notes: bar.img doesn't exist.
Signed-off-by: Alex Jia <ajia@redhat.com>
virsh had some leftover 'int flags', and even an 'int flag'
declaration, compared to our preferred style of 'unsigned int flags'.
* tools/virsh.c (cmdUndefine, cmdSave, cmdSaveImageDumpxml)
(cmdSaveImageEdit, cmdManagedSave, cmdRestore, cmdDump)
(cmdVcpuPin, cmdSetvcpus, cmdSetmem, cmdSetmaxmem, cmdDumpXML)
(cmdDomXMLFromNative, cmdDomXMLToNative, doMigrate)
(cmdInterfaceEdit, cmdInterfaceDumpXML, cmdEdit): Match coding
style for flags.
(struct vshComdOptDef): Rename field member.
(vshCmddefOptParse, vshCmddefHelp): Adjust clients.
Commit 2c85644b0b attempted to
fix a problem with tracking RPC messages from streams by doing
- if (msg->header.type == VIR_NET_REPLY) {
+ if (msg->header.type == VIR_NET_REPLY ||
+ (msg->header.type == VIR_NET_STREAM &&
+ msg->header.status != VIR_NET_CONTINUE)) {
client->nrequests--;
In other words any stream packet, with status NET_OK or NET_ERROR
would cause nrequests to be decremented. This is great if the
packet from from a synchronous virStreamFinish or virStreamAbort
API call, but wildly wrong if from a server initiated abort.
The latter resulted in 'nrequests' being decremented below zero.
This then causes all I/O for that client to be stopped.
Instead of trying to infer whether we need to decrement the
nrequests field, from the message type/status, introduce an
explicit 'bool tracked' field to mark whether the virNetMessagePtr
object is subject to tracking.
Also add a virNetMessageClear function to allow a message
contents to be cleared out, without adversely impacting the
'tracked' field as a naive memset() would do
* src/rpc/virnetmessage.c, src/rpc/virnetmessage.h: Add
a 'bool tracked' field and virNetMessageClear() API
* daemon/remote.c, daemon/stream.c, src/rpc/virnetclientprogram.c,
src/rpc/virnetclientstream.c, src/rpc/virnetserverclient.c,
src/rpc/virnetserverprogram.c: Switch over to use
virNetMessageClear() and pass in the 'bool tracked' value
when creating messages.
When sending outbound stream RPC messages, a callback is
used to re-enable stream data transmission. If the stream
aborts while one of these messages is outstanding, the
stream may have been free'd by the time it is invoked. This
results in a use-after-free error
* daemon/stream.c: Ref-count streams to avoid use-after-free
Parted does not report disk size in 512 byte units, but
rather the disks' logical sector size, which with modern
drives might be 4k.
* src/storage/parthelper.c: Remove hardcoded 512 byte sector
size
Introduced by 5e495c8b, except the ones for checking if numa
is supported by host, all the NO_SUPPORT are changed back. For
the ones about numa checking, change them into INTERNAL_ERROR.
If the libxl driver is compiled in, then everytime libvirtd
starts up on a non-Xen Dom0 host, it logs a error message.
Since this is an expected condition, we should not log at
'error' level, only 'info'.
* src/libxl/libxl_driver.c: Lower log level for certain
expected errors during driver init
When dispatching domain events we will create an XDR struct
containing the event info. Some of this data may be allocated
on the heap and so must be freed. The graphics event dispatcher
had a broken attempt to free one field, but missed others. All
the events have a dom->name string that needs freeing. The code
should have used the xdr_free() procedure for doing all this
* daemon/remote.c: Use xdr_free after dispatching events
It is possible (expected/likely in Fedora 15) for a cgroup controller
to be mounted in multiple locations at the same time, due to bind
mounts. Currently we leak memory if this happens, because we overwrite
the previous 'mountPoint' string. Instead just accept the first match
we find.
* src/util/cgroup.c: Only accept first match for a cgroup
controller mount
The virSecurityManagerSetProcessFDLabel method was introduced
after a mis-understanding from a conversation about SELinux
socket labelling. The virSecurityManagerSetSocketLabel method
should have been used for all such scenarios.
* src/security/security_apparmor.c, src/security/security_apparmor.c,
src/security/security_driver.h, src/security/security_manager.c,
src/security/security_manager.h, src/security/security_selinux.c,
src/security/security_stack.c: Remove SetProcessFDLabel driver
It is not possible to change the label of a TCP socket once it
has been opened. When creating a TCP socket care must be taken
to ensure the socket creation label is set & then cleared.
Remove the bogus call to virSecurityManagerSetProcessFDLabel
from the lock driver guest setup code and instead make use of
virSecurityManagerSetSocketLabel
The code for creating a sanlock lockspace accidentally used
SANLK_NAME_LEN instead of SANLK_PATH_LEN for a size check.
This meant disk paths were limited to 48 bytes !
* src/locking/lock_driver_sanlock.c: Fix disk path length
check
There is no reason to forbid pausing an autodestroy domain
(not to mention that 'virsh start --paused --autodestroy'
succeeds in creating a paused autodestroy domain).
Meanwhile, qemu was failing to enforce the API documentation that
autodestroy domains cannot be saved. And while the original
documentation only mentioned save/restore, snapshots are another
form of saving that are close enough in semantics as to make no
sense on one-shot domains.
* src/qemu/qemu_driver.c (qemudDomainSuspend): Drop bogus check.
(qemuDomainSaveInternal, qemuDomainSnapshotCreateXML): Forbid
saves of autodestroy domains.
* src/libvirt.c (virDomainCreateWithFlags, virDomainCreateXML):
Document snapshot interaction.
According to qemu-kvm/qerror.c all messages start with a capital
"Device ", but the current code only scans for the lower case "device ".
This results in "virDomainUpdateDeviceFlags()" to not detect locked
CD-ROMs and reporting success even in the case of a failure:
# virsh qemu-monitor-command "$VM" change\ drive-ide0-0-0\ \"/var/lib/libvirt/images/ucs_2.4-0-sec4-20110714145916-dvd-amd64.iso\"
Device 'drive-ide0-0-0' is locked
# virsh update-device "$VM" /dev/stdin <<<"<disk type='file' device='cdrom'><driver name='qemu' type='raw'/><source file='/var/lib/libvirt/images/ucs_2.4-0-sec4-20110714145916-dvd-amd64.iso'/><target dev='hda' bus='ide'/><readonly/><alias name='ide0-0-0'/><address type='drive' controller='0' bus='0' unit='0'/></disk>"
Device updated successfully
Signed-off-by: Philipp Hahn <hahn@univention.de>
There have been several instances of people having problems with
a broken managed save file, and not aware that they could use
'virsh managedsave-remove dom' to fix things. Making it possible
to do this as part of starting a domain makes the same functionality
easier to find, and one less API call.
* include/libvirt/libvirt.h.in (VIR_DOMAIN_START_FORCE_BOOT): New
flag.
* src/libvirt.c (virDomainCreateWithFlags): Document it.
* src/qemu/qemu_driver.c (qemuDomainObjStart): Alter signature.
(qemuAutostartDomain, qemuDomainStartWithFlags): Update callers.
* tools/virsh.c (cmdStart): Expose it in virsh.
* tools/virsh.pod (start): Document it.
Back in 2008 when this line of util.h was written, gnulib's verify
module didn't allow the use of multiple verify() in one file
in combination with our choice of gcc -W options. But that has
since been fixed in gnulib, and newer gnulib even maps verify()
to the C1x feature of _Static_assert, which gives even nicer
diagnostics with a new enough compiler, so we might as well go
with the simpler verify().
* src/util/util.h (VIR_ENUM_IMPL): Use simpler verify, now that
gnulib module is smarter.
Commit 3261761 made it possible to use pipes instead of sockets
for outgoing tunneled migration; however, it caused a regression
because the pipe was never given a SELinux label.
* src/qemu/qemu_migration.c (doTunnelMigrate): Label outgoing pipe.
The bufferOffset has been initialized to zero in virNetMessageEncodePayloadRaw(),
so, we use bufferLength to represent the length of message which is going to be
sent to client side.
From: Matthias Bolte <matthias.bolte@googlemail.com>
Tested-by: Jim Fehlig <jfehlig@novell.com>
Matthias provided this patch to fix an issue I encountered in the
generator with APIs containing call-by-ref long type, e.g.
int virDomainMigrateGetMaxSpeed(virDomainPtr domain,
unsigned long *bandwidth,
unsigned int flags);
Domain listing, basic information retrieval and domain life cycle
management is implemented. But currently the domain XML output
lacks the complete devices section.
The driver uses OpenWSMAN to directly communicate with a Hyper-V
server over its WS-Management interface exposed via Microsoft WinRM.
The driver is based on the work of Michael Sievers. This started in
the same master program project group at the University of Paderborn
as the ESX driver.
See Michael's blog for details: http://hyperv4libvirt.wordpress.com/
Add a generator script to generate the structs and serialization
information for OpenWSMAN.
openwsman.h collects workarounds for problems in OpenWSMAN <= 2.2.6.
There are also disabled sections that would use ws_serializer_free_mem
but can't because it's broken in OpenWSMAN <= 2.2.6. Patches to fix
this have been posted upstream.
This patch updates the man page about virsh schedinfo command.
- fix typo: 1844674407370955 -> 18446744073709551
- describe the value 0 of vcpu_period and vcpu_quota parameters
Signed-off-by: Taku Izumi <izumi.taku@jp.fujitsu.com>
When a user migrates a domain by command as
libvirt saves vm's domain XML config in destination host after migration.
But it saves vm->def. Then, the saved XML contains some garbage.
<domain type='kvm' id='50'>
^^^^^^^^
...
<console type='pty' tty='/dev/pts/5'>
^^^^^^^^^^^^^^^^^
Avoid saving unnecessary things by saving persistent vm definition.
In case we add a new program in the future (we did that in the past and
we are going to do it again soon) current daemon will behave badly with
new client that wants to use the new program. Before the RPC rewrite we
used to just send an error reply to any request with unknown program.
With the RPC rewrite in 0.9.3 the daemon just closes the connection
through which such request was sent. This patch fixes this regression.
If users wants to connect to remote unix socket, e.g.
'qemu+unix://<remote>/system' currently the <remote> part is ignored,
ending up connecting to localhost. Connecting to remote socket is not
supported and user should have used TLS/TCP/SSH instead.
On success, the 'sendkey' command does not return any data, so
any data in the reply should be considered to be an error
message
* src/qemu/qemu_monitor_text.c: Treat non-"" reply data as an
error message for 'sendkey' command
The QEMU 'sendkey' command expects keys to be encoded in the same
way as the RFB extended keycode set. Specifically it wants extended
keys to have the high bit of the first byte set, while the Linux
XT KBD driver codeset uses the low bit of the second byte. To deal
with this we introduce a new keymap 'RFB' and use that in the QEMU
driver
* include/libvirt/libvirt.h.in: Add VIR_KEYCODE_SET_RFB
* src/qemu/qemu_driver.c: Use RFB keycode set instead of XT KBD
* src/util/virkeycode-mapgen.py: Auto-generate the RFB keycode
set from the XT KBD set
* src/util/virkeycode.c: Add RFB keycode entry to table. Add a
verify check on cardinality of the codeOffset table
This API labels all sockets created until ClearSocketLabel is called in
a way that a vm can access them (i.e., they are labeled with svirt_t
based label in SELinux).
The APIs are designed to label a socket in a way that the libvirt daemon
itself is able to access it (i.e., in SELinux the label is virtd_t based
as opposed to svirt_* we use for labeling resources that need to be
accessed by a vm). The new name reflects this.
When virStreamAbort is called on a stream that has not been used yet,
quite confusing error is returned: "this function is not supported by
the connection driver". Let's just ignore such streams as there's
nothing to abort anyway.
If migration failed on source daemon, the migration is automatically
canceled by the daemon itself. Thus we don't need to call
virDomainMigrateConfirm3(cancelled=1). Calling it doesn't cause any harm
but the resulting error message printed in logs may confuse people.
Audit all changes to the qemu vm->current_snapshot, and make them
update the saved xml file for both the previous and the new
snapshot, so that there is always at most one snapshot with
<active>1</active> in the xml, and that snapshot is used as the
current snapshot even across libvirtd restarts.
This patch does not fix the case of virDomainSnapshotDelete(,CHILDREN)
where one of the children is the current snapshot; that will be later.
* src/conf/domain_conf.h (_virDomainSnapshotDef): Alter member
type and name.
* src/conf/domain_conf.c (virDomainSnapshotDefParseString)
(virDomainSnapshotDefFormat): Update clients.
* docs/schemas/domainsnapshot.rng: Tighten rng.
* src/qemu/qemu_driver.c (qemuDomainSnapshotLoad): Reload current
snapshot.
(qemuDomainSnapshotCreateXML, qemuDomainRevertToSnapshot)
(qemuDomainSnapshotDiscard): Track current snapshot.
Changing the current vm, and writing that change to the file
system, all before a new qemu starts, is risky; it's hard to
roll back if starting the new qemu fails for some reason.
Instead of abusing vm->current_snapshot and making the command
line generator decide whether the current snapshot warrants
using -loadvm, it is better to just directly pass a snapshot all
the way through the call chain if it is to be loaded.
This frees up the last use of snapshot->def->active for qemu's
use, so the next patch can repurpose that field for tracking
which snapshot is current.
* src/qemu/qemu_command.c (qemuBuildCommandLine): Don't use active
field of snapshot.
* src/qemu/qemu_process.c (qemuProcessStart): Add a parameter.
* src/qemu/qemu_process.h (qemuProcessStart): Update prototype.
* src/qemu/qemu_migration.c (qemuMigrationPrepareAny): Update
callers.
* src/qemu/qemu_driver.c (qemudDomainCreate)
(qemuDomainSaveImageStartVM, qemuDomainObjStart)
(qemuDomainRevertToSnapshot): Likewise.
(qemuDomainSnapshotSetCurrentActive)
(qemuDomainSnapshotSetCurrentInactive): Delete unused functions.
https://bugzilla.redhat.com/show_bug.cgi?id=727709
mentions that if qemu fails to create the snapshot (such as what
happens on Fedora 15 qemu, which has qmp but where savevm is only
in hmp, and where libvirt is old enough to not try the hmp fallback),
then 'virsh snapshot-list dom' will show a garbage snapshot entry,
and the libvirt internal directory for storing snapshot metadata
will have a bogus file.
This fixes the fallout bug of polluting the snapshot-list with
garbage on failure (the root cause of the F15 bug of not having
fallback to hmp has already been fixed in newer libvirt releases).
* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateXML): Allocate
memory before making snapshot, and cleanup on failure. Don't
dereference NULL if transient domain exited during snapshot creation.
* src/qemu/qemu_migration.c: avoid dead 'ret' assignment and silence
clang warning.
Detected by ccc-analyzer:
libvirt.c:4277:5: warning: Value stored to 'ret' is never read
ret = domain->conn->driver->domainMigrateConfirm3
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
* src/qemu/qemu_migration.c: avoid dead 'ret' assignment and silence
clang warning.
Detected by ccc-analyzer:
CC libvirt_driver_qemu_la-qemu_migration.lo
qemu/qemu_migration.c:2046:5: warning: Value stored to 'ret' is never read
ret = qemuMigrationConfirm(driver, sconn, vm,
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The VIR_TEST_DEBUG and VIR_TEST_VERBOSE env vars did not work
because we replaced 'environ' with 'newenv'. Simply calling
virTestGetDebug/Verbose() before replacing the 'environ' ensures
we have processed the env variables.
The gnutls initialization code opens /dev/urandom and keeps that
FD around for later use. We have code which kills off FDs 3-5
to avoid interfereing with our test case. Move the virInitialize
call before this point, so it kills off the gnutls /dev/urandom
FD which is irrelevant for testing purposes
* tests/commandtest.c: Fix test debugging & make it robust against
opened FDs
virFileOpenAs takes desired uid:gid as arguments, and not only uses
them for a fork/setuid/setgid when retrying failed open operations,
but additionally always forces the opened file to be owned by the
given uid:gid.
One example of the problems this causes is that, when restoring a
domain from a file that is owned by the qemu user, opening the file
chowns it to root. if dynamic_ownership=1 this is coincidentally
expected, but if dynamic_ownership=0, no existing file should ever
have its ownership changed.
This patch adds an extra check before calling fchown() - it only does
it if O_CREAT was passed to virFileOpenAs() in the openflags.
pciDeviceListSteal(pcidevs, dev) removes dev from pcidevs reducing
the length of pcidevs, so moving onto what was the next dev is wrong.
Instead callers should pop entry 0 repeatedly until pcidevs is empty.
Signed-off-by: Steve Hodgson <shodgson@solarflare.com>
Signed-off-by: Shradha Shah <sshah@solarflare.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
I was testing a virsh patch, and wanted to see if I had passed the
flags I thought. But with LIBVIRT_DEBUG in the environment, I just
saw:
14:24:52.359: 15022: debug : virDomainSnapshotNum:15586 : dom=0xc9c180, (VM: name=rhel_6-64, uuid=48f8e8e7-e14f-0e14-02f0-ce71997bdcab),
including a trailing space. This fixes the issues.
* src/libvirt.c: Log flag parameters, even if currently unused.
(VIR_DOMAIN_DEBUG_0): Drop trailing comma in log.
(VIR_DOMAIN_DEBUG_1): Split guts into...
(VIR_DOMAIN_DEBUG_2): ...new macro.
Knowing whether 'virsh start' will resume a saved image or do
a fresh boot is useful enough to expose via 'virsh list'.
Also, translate the state column.
* tools/virsh.c (cmdList): add --managed-save flag
* tools/virsh.pod (list): Document it.
Based on a suggestion by Miklos Vajna.
* src/qemu/qemu_monitor_json.c: Handle error "CommandNotFound" and
report the error.
* src/qemu/qemu_monitor_text.c: If a sub info command is not found,
it prints the output of "help info", for other commands,
"unknown command" is printed.
Without this patch, libvirt always report:
An error occurred, but the cause is unknown
This patch was adapted from a patch by Osier Yang <jyang@redhat.com> to
break out detection of unrecognized text monitor commands into a separate
function.
Signed-off-by: Adam Litke <agl@us.ibm.com>
s/VIR_ERR_NO_SUPPORT/VIR_ERR_OPERATION_INVALID/
Special case is changes on lxcDomainInterfaceStats, if it's not
implemented on the platform, prints error like:
lxcError(VIR_ERR_OPERATION_INVALID, "%s",
_("interface stats not implemented on this platform"));
As the function is supported by driver actually, error like
VIR_ERR_NO_SUPPORT is confused.
Now, bad key-code in send-key can cause segmentation fault in libvirt.
(example)
% virsh send-key --codeset win32 12
error: End of file while reading data: Input/output error
This is caused by overrun at scanning keycode array.
Fix it.
Signed-off-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
Systemtap 1.2 <sys/sdt.h> tried to expand STAP_PROBE3 into an
initialization:
volatile __typeof__(arg) foo = arg;
but that fails if arg was declared as 'char arg[100]'.
Rather than make all callers to PROBE deal with the stupidity
of <sys/sdt.h>, we instead make PROBE cast away the problem.
Some of this preprocessor abuse copies ideas in src/libvirt.c.
* daemon/libvirtd.h (PROBE): Add casts to all arguments, using...
(VIR_ADD_CASTS, VIR_ADD_CAST, VIR_ADD_CAST2, VIR_ADD_CAST3)
(VIR_ADD_CAST_EXPAND, VIR_ADD_CAST_PASTE, VIR_COUNT_ARGS)
(VIR_ARG5, PROBE_EXPAND): New macros.
Reported by Wen Congyang.
Without this patch, invoking 'virsh >file 2>&1' results in
error messages appearing before normal output, even if they
occurred later in time than the normal output (since stderr
is unbuffered, but stdout waits until a full buffer).
* tools/virsh.c (print_job_progress, vshError): Flush between
stream transitions.
* tests/undefine: Test it.
Often, we want to use XPath functions on the just-parsed document;
fold this into the parser function for convenience.
* src/util/xml.h (virXMLParseHelper): Add argument.
(virXMLParseStrHelper, virXMLParseFileHelper): Delete.
(virXMLParseCtxt, virXMLParseStringCtxt, virXMLParseFileCtxt): New
macros.
* src/libvirt_private.syms (xml.h): Remove deleted functions.
* src/util/xml.c (virXMLParseHelper): Add argument.
(virXMLParseStrHelper, virXMLParseFileHelper): Delete.
ACK was given too soon. According to the code, the xm driver is
only used for inactive domains, and has no notion of an active
domain, thus, it cannot support undefine of a running domain.
The real fix for xen needs to be in the unified driver and/or
the xend level.
This reverts commit 49186deda6.
* src/qemu/qemu_monitor_text.c: BALLOON_PREFIX was defined as
"balloon: actual=", which cause "actual=" is stripped early before
the real parsing. This patch changes BALLOON_PREFIX into "balloon: ",
and modifies related functions, also renames
"qemuMonitorParseExtraBalloonInfo" to "qemuMonitorParseBalloonInfo",
as after the changing, it parses all the info returned by "info balloon".
Although we are flushing cache after some critical writes (e.g.
volume creation), after some others we do not (e.g. volume cloning).
This patch fix this issue. That is for volume cloning, writing
header of logical volume, and storage wipe.
When spice_tls is set but listen_tls is not, we don't initialize
GnuTLS library. So any later gnutls call (e.g. during migration,
where we initialize a certificate) will access uninitialized GnuTLS
internal structs and throws an error.
Although, we might now initialize GnuTLS twice, it is safe according
to the documentation:
This function can be called many times,
but will only do something the first time.
This patch creates 2 functions: virNetTLSInit and virNetTLSDeinit
with respect to written above.
I did 'git add .' while in the middle of 'make syntax-check', and
it picked up a temporary file that should not be committed.
* .gitignore: Ignore sc_* from syntax check.
Regression introduced in commit b7e5ca4.
Mingw lacks kill(), but we were only using it for a sanity check;
so we can go with one less check.
Also, on OOM error, this function should outright fail rather than
claim that the pid file was successfully read.
* src/util/virpidfile.c (virPidFileReadPathIfAlive): Skip kill
call where unsupported, and report error on OOM.
If a client had initiated a stream abort, it will have a call
waiting for a reply in the queue. If more data continues to
arrive on the stream, the abort command could mistakenly get
signalled as complete. Remove the code from async data processing
that looked for waiting calls. Add a sanity check to ensure no
async call can ever be marked as needing a reply
* src/rpc/virnetclient.c: Ensure async data packets can't
trigger a reply
The I/O event callback processes incoming packets first, and then
does outgoing packets. If the incoming packet caused the stream to
close, then the attempt to process outgoing data resulted in an
error. This caused libvirt to then send an error back to the client,
but the stream had already been stopped. This confused the client
since it sees 2 error events.
* daemon/stream.c: Don't attempt read if stream is closed
A virsh command like:
migrate --live --copy-storage-all Guest qemu+ssh://user@host/system
--persistent --verbose
shows
Migration: [ 0 %]
during the storage copy and does not start counting
until the ram transfer starts
Fix this by scraping optional disk transfer status, and adding it
into the progress meter.
Call me lazy, but:
virsh qemu-monitor-command dom --hmp info status
is nicer than:
virsh qemu-monitor-command dom --hmp 'info status'
* tools/virsh.c (cmdQemuMonitorCommand): Allow multiple arguments,
for convenience.
Otherwise the device will still be bound to pci-stub driver even
it's set as "managed=yes" when do detaching. Of course, it won't
triger any driver reprobing too.
If a stream gets a server initiated abort, the client may still
send an abort request before it receives the server side abort.
This causes the server to send back another abort for the
stream. Since the protocol defines that abort is the last thing
to be sent, the client gets confused by this second abort from
the server. If the stream is already shutdown, just drop any
client requested abort, rather than sending back another message.
This fixes the regression from previous versions.
Tested as follows
In one virsh session
virsh # start foo
virsh # console foo
In other virsh session
virsh # destroy foo
The first virsh session should be able to continue issuing
commands without error. Prior to this patch it saw
virsh # list
error: Failed to list active domains
error: An error occurred, but the cause is unknown
virsh # list
error: Failed to list active domains
error: no call waiting for reply with prog 536903814 vers 1 serial 9
* src/rpc/virnetserverprogram.c: Drop abort requests
for streams which no longer exist
Every active stream results in a reference being held on the
virNetServerClientPtr object. This meant that if a client quit
with any streams active, although all I/O was stopped the
virNetServerClientPtr object would leak. This causes libvirtd
to leak any file handles associated with open streams when a
client quit
To fix this, when we call virNetServerClientClose there is a
callback invoked which lets the daemon release the streams
and thus the extra references
* daemon/remote.c: Add a hook to close all streams
* daemon/stream.c, daemon/stream.h: Add API for releasing
all streams
* src/rpc/virnetserverclient.c, src/rpc/virnetserverclient.h:
Allow registration of a hook to trigger when closing client
After running 'virsh console' in interactive mode, there was a
missing call to virStreamAbort, which meant the server kept the
stream resources open
* tools/console.c: Abort stream when exiting
Get rid of the #if __linux__ check in virPidFileReadPathIfAlive that
was preventing a check of a symbolic link in /proc/<pid>/exe on
non-linux platforms against an expected executable. Replace
this with a run-time check testing whether the /proc/<pid>/exe is a
symbolic link and if so call the function doing the comparison
against the expected file the link is supposed to point to.
Early errors during start of libvirtd didn't have
an error reporting mechanism and caused libvirtd
to exit silently (only the return value indicated
an error).
Libvirt logging is initialized very early using
enviroment variables and the internal error reporting
API is used to report early errors.
v2 changes:
- print errors unconditionaly before logging starts
- fix message to US spelling
v2.5 changes:
- initialize logging from enviroment
- log all early errors using VIR_ERROR
v3 changes:
- move virSetLogFromEnv() after virInitialize()
fixes: https://bugzilla.redhat.com/show_bug.cgi?id=728654
This patch renames getPhysfn to getPhysfnDev and adds code to get the
Physical function and Virtual Function index of the direct attach linkdev (if
the direct attach interface is a SRIOV VF). The idea is to send the port
profile message to a PF if the direct attach interface is a SRIOV VF.
Signed-off-by: Roopa Prabhu <roprabhu@cisco.com>
Signed-off-by: Christian Benvenuti <benve@cisco.com>
Signed-off-by: David Wang <dwang2@cisco.com>
This patch adds the following functions to get PF/VF relationship of an SRIOV
network interface:
ifaceIsVirtualFunction: Function to check if a network interface is a SRIOV VF
ifaceGetVirtualFunctionIndex: Function to get VF index if a network interface is a SRIOV VF
ifaceGetPhysicalFunction: Function to get the PF net interface name of a SRIOV VF net interface
Signed-off-by: Roopa Prabhu <roprabhu@cisco.com>
Signed-off-by: Christian Benvenuti <benve@cisco.com>
Signed-off-by: David Wang <dwang2@cisco.com>
This patch adds the following helper functions:
pciDeviceIsVirtualFunction: Function to check if a pci device is a sriov VF
pciGetVirtualFunctionIndex: Function to get the VF index of a sriov VF
pciDeviceNetName: Function to get the network device name of a pci device
pciConfigAddressCompare: Function to compare pci config addresses
Signed-off-by: Roopa Prabhu <roprabhu@cisco.com>
Signed-off-by: Christian Benvenuti <benve@cisco.com>
Signed-off-by: David Wang <dwang2@cisco.com>
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
This patch moves some of the sriov related pci code from node_device driver
to src/util/pci.[ch]. Some functions had to go thru name and argument list
change to accommodate the move.
Signed-off-by: Roopa Prabhu <roprabhu@cisco.com>
Signed-off-by: Christian Benvenuti <benve@cisco.com>
Signed-off-by: David Wang <dwang2@cisco.com>
In some versions of qemu, both virtio-blk-pci and virtio-net-pci
devices can have an event_idx setting that determines some details of
event processing. When it is enabled, it "reduces the number of
interrupts and exits for the guest". qemu will automatically enable
this feature when it is available, but there may be cases where this
new feature could actually make performance worse (NB: no such case
has been found so far).
As a safety switch in case such a situation is encountered in the
field, this patch adds a new attribute "event_idx" to the <driver>
element of both disk and interface devices. event_idx can be set to
"on" (to force event_idx on in case qemu has it disabled by default)
or "off" (for force event_idx off). In the case that event_idx support
isn't present in qemu, the attribute is ignored (this on the advice of
the qemu developer).
docs/formatdomain.html.in: document the new flag (marking it as
"don't mess with this!"
docs/schemas/domain.rng: add event_idx in appropriate places
src/conf/domain_conf.[ch]: add event_idx to parser and formatter
src/libvirt_private.syms: export
virDomainVirtioEventIdx(From|To)String
src/qemu/qemu_capabilities.[ch]: detect and report event_idx in
disk/net
src/qemu/qemu_command.c: add event_idx parameter to qemu commandline
when appropriate.
tests/qemuxml2argvdata/qemuxml2argv-event_idx.args,
tests/qemuxml2argvdata/qemuxml2argv-event_idx.xml,
tests/qemuxml2argvtest.c,
tests/qemuxml2xmltest.c: test cases for event_idx.
By opening a connection to remote qemu process ourselves and passing the
socket to qemu we get much better errors than just "migration failed"
when the connection is opened by qemu.
The core of these two functions is very similar and most of it is even
exactly the same. Factor out the core functionality into a separate
function to remove code duplication and make further changes easier.
This is introduced by commit df0b57a95a, which forgot to
add signal handler for SIGHUP.
A simple reproduce method:
1) Create a domain XML under /etc/libvirt/qemu
2) % kill -SIGHUP $(pidof libvirtd)
3) % virsh list --all (the new created domain XML is not listed)
With gcc 4.5.1:
util/virpidfile.c: In function 'virPidFileAcquirePath':
util/virpidfile.c:308:66: error: nested extern declaration of '_gl_verify_function2' [-Wnested-externs]
Then in tests/commandtest.c, the new virPidFile APIs need to be used.
* src/util/virpidfile.c (virPidFileAcquirePath): Move verify to
top level.
* tests/commandtest.c: Use new pid APIs.
Remove the current libvirtd pidfile handling code, in favour of
calling out to the new APIs. This ensures libvirtd's pidfile
handling is crashsafe
This also means that the non-root libvirtd instances (for handling
qemu:///session URIs) can now safely use pidfiles without racing
* daemon/libvirtd.c: Switch to use virPidFileAcquire and
virPidFileRelease
In daemons using pidfiles to protect against concurrent
execution there is a possibility that a crash may leave a stale
pidfile on disk, which then prevents later restart of the daemon.
To avoid this problem, introduce a pair of APIs which make
use of virFileLock to ensure crash-safe & race condition-safe
pidfile acquisition & releae
* src/libvirt_private.syms, src/util/virpidfile.c,
src/util/virpidfile.h: Add virPidFileAcquire and virPidFileRelease
In some cases the caller of virPidFileRead might like extra checks
to determine whether the pid just read is really the one they are
expecting. This adds virPidFileReadIfAlive which will check whether
the pid is still alive with kill(0, -1), and (on linux only) will
look at /proc/$PID/path
* libvirt_private.syms, util/virpidfile.c, util/virpidfile.h: Add
virPidFileReadIfValid and virPidFileReadPathIfValid
* network/bridge_driver.c: Use new APIs to check PID validity
The functions for manipulating pidfiles are in util/util.{c,h}.
We will shortly be adding some further pidfile related functions.
To avoid further growing util.c, this moves the pidfile related
functions into a dedicated virpidfile.{c,h}. The functions are
also all renamed to have 'virPidFile' as their name prefix
* util/util.h, util/util.c: Remove all pidfile code
* util/virpidfile.c, util/virpidfile.h: Add new APIs for pidfile
handling.
* lxc/lxc_controller.c, lxc/lxc_driver.c, network/bridge_driver.c,
qemu/qemu_process.c: Add virpidfile.h include and adapt for API
renames
Add some simple wrappers around the fcntl() discretionary file
locking capability.
* src/util/util.c, src/util/util.h, src/libvirt_private.syms: Add
virFileLock and virFileUnlock APIs
We forgot to add virDomainUndefineFlags for a couple of hypervisors.
This wires up trivial versions (since neither hypervisor supports
managed save yet, they do not need to support any flags).
* src/vbox/vbox_tmpl.c (vboxDomainCreateXML): Update caller.
(vboxDomainUndefine): Move guts...
(vboxDomainUndefineFlags): ...to new function.
* src/xenapi/xenapi_driver.c (xenapiDomainUndefine)
(xenapiDomainUndefineFlags): Likewise.
The public API documents that undefine may be used to transition a
running persistent domain into a transient one. Many drivers still
do not support this usage, but virsh shouldn't be getting in the
way of those that do support it.
This also drops a redundant conditional; vshCommandOptString
guaranteed that name was non-NULL.
* tools/virsh.c (cmdUndefine): Allow undefine on active domains;
the drivers may still reject it, but it is a valid API usage.
* tests/undefine (error): Fix the test to match.
Currently only tabs and blanks are used for tokenizing the description,
which breaks when a term is at the end of a line or has () appended to
it.
1. Use also other white space characters such as new-lines and carriage
return for splitting.
2. Remove some common non-word characters from the token before lookup.
Signed-off-by: Philipp Hahn <hahn@univention.de>
* remote.html.in: Remove obsolete notes about internals of the
RPC protocol
* internals/rpc.html.in: Extensive docs on RPC protocol/API
* sitemap.html.in: Add new page
When the description of an entry is too long and needs multiple lines,
all other table cells of the same row are currently vertically aligned
on center. Without row borders or different background colors for
alternating rows this is hard to read.
Change the style-sheet to align the table cells of a row on top.
Signed-off-by: Philipp Hahn <hahn@univention.de>
Down the road, I want to add virDomainSnapshotGetParent, and use
the new API rather than xml scraping; but this virsh command can
be implemented even without the new API.
* tools/virsh.c (cmdSnapshotParent): New command.
* tools/virsh.pod (snapshot-parent): Document it.
Our logic throws off analyzer tools:
ptr var = NULL;
if (flags == 0) flags = live ? _LIVE : _CONFIG;
if (flags & _LIVE) do stuff
if (flags & _CONFIG) var = non-null;
if (flags & _LIVE) do more stuff
else if (flags & _CONFIG) use var
the tools keep thinking that var can still be NULL in the last
if clause, adding the hint shuts them up.
* src/qemu/qemu_driver.c (qemuDomainSetBlkioParameters): Add a
static analysis hint.
While the first encountered dns host record is being parsed, it's
possible for virNetworkDef::hosts to point to memory that has been
allocated, but virNetworkDef::nhosts to still be 0. If there is a
failure during that time, virNetworkDef::hosts will be leaked.
Although this isn't currently the case for virNetworkDef::txtrecords,
it could become that way through future re-factoring, and it hurts
nothing to restructure the freeing of txtrecord data to match that of
hosts data.
The following XML:
<serial type='udp'>
<source mode='connect' service='9999'/>
</serial>
is accepted by domain_conf.c but maps to the qemu command line:
-chardev udp,host=127.0.0.1,port=2222,localaddr=(null),localport=(null)
qemu can cope with everything omitting except the connection port, which
seems to also be the intent of domain_conf validation, so let's not
generate bogus command lines for that case.
The defaults are empty strings for addresses and 0 for the localport
Additionally, tweak the qemu cli parsing to handle omitted host
parameters
for -serial udp
Someone in an IRC channel or an email pointed out a few days ago that
the examples of IPv6 addresses in the libvirt documentation were not
in the officially reserved "documentation" range. This addresses their
concern.
Sometimes, full XML is too much; since most snapshot commands
operate on a snapshot name, there should be an easy way to get
at the current snapshot's name. For example:
virsh snapshot-revert dom `virsh snapshot-current dom --name`
* tools/virsh.c (cmdSnapshotCurrent): Add an option.
* tools/virsh.pod (snapshot-current): Document it.
Transient domains reject attempts to set autostart, and using
virDomainCreate to restart a domain only works on persistent
domains. Therefore, managed save makes no sense on transient
domains, and should be rejected up front rather than creating
an otherwise unrecoverable managed save file.
Besides, transient domains imply that a lot more management is
being done by the upper layer; this includes the assumption
that the upper layer is okay managing the saved state file
created by virDomainSave, and does not need to use managed save.
* src/libvirt.c: Document that transient domains are incompatible
with managed save.
* src/qemu/qemu_driver.c (qemuDomainManagedSave): Enforce it.
* src/libxl/libxl_driver.c (libxlDomainManagedSave): Likewise.
This should have been done with the rest of the patch for virtual
switch / network device abstraction. If documents the new elements
(and new usage of existing elements) in the <network> XML to support
libvirt networks that use existing host bridges and macvtap direct
connections, as well as the new <portgroup> element.
I noticed some inconsistent use of 'else'.
* src/qemu/qemu_driver.c (qemuCPUCompare)
(qemuDomainSnapshotCreateXML, qemuDomainRevertToSnapshot)
(qemuDomainSnapshotDiscard): Match coding conventions.
If a snapshot with the name already exists, virDomainSnapshotAssignDef()
just returns NULL, in which case the snapshot definition is leaked.
Currently this leak is not a big problem, since qemuDomainSnapshotLoad()
is only called once during initial startup of libvirtd.
Signed-off-by: Philipp Hahn <hahn@univention.de>
A previous commit gave the LXC driver the ability to mount
block devices for the container filesystem. Through use of
the loopback device functionality, we can build on this to
support use of plain file images for LXC filesytems.
By setting the LO_FLAGS_AUTOCLEAR flag we can ensure that
the loop device automatically disappears when the container
dies / shuts down
* src/lxc/lxc_container.c: Raise error if we see a file
based filesystem, since it should have been turned into
a loopback device already
* src/lxc/lxc_controller.c: Rewrite any filesystems of
type=file, into type=block, by binding the file image
to a free loop device
Currently the LXC driver can only populate filesystems from
host filesystems, using bind mounts. This patch allows host
block devices to be mounted. It autodetects the filesystem
format at mount time, and adds the block device to the cgroups
ACL. Example usage is
<filesystem type='block' accessmode='passthrough'>
<source dev='/dev/sda1'/>
<target dir='/home'/>
</filesystem>
* src/lxc/lxc_container.c: Mount block device filesystems
* src/lxc/lxc_controller.c: Add block device filesystems
to cgroups ACL
An application container shouldn't get a private /dev. Fix
the regression from 6d37888e6a
* src/lxc/lxc_container.c: Don't mount /dev for app containers
Detected by ccc-analyzer, reported by Alex Jia.
qemuProcessStart always calls qemuProcessWaitForMonitor with a
non-negative position, but qemuProcessAttach always calls with -1.
In the latter case, there is no log file we can scrape, so we
also should not be trying to scrape the logs if the qemu process
died at the very end.
* src/qemu/qemu_process.c (qemuProcessWaitForMonitor): Don't try
to read from log in qemuProcessAttach case.
This addresses https://bugzilla.redhat.com/show_bug.cgi?id=713728
When "defining" a new network (or one that exists but isn't currently
active) the new definition is stored in network->def, but for a
network that already exists and is active, the new definition is
stored in network->newDef, and then moved over to network->def as soon
as the network is destroyed.
However, the code that writes the dhcp and dns hosts files used by
dnsmasq was always using network->def for its information, even when
the new data was actually in network->newDef, so the hosts files
always lagged one edit behind the definition.
This patch changes the code to keep the pointer to the new definition
after it's been assigned into the network, and use it directly
(regardless of whether it's stored in network->newDef or network->def)
to construct the hosts files.
Value stored to 'ret' is never read, so remove this dead assignment.
* src/qemu/qemu_monitor_text.c: kill dead assignment.
Signed-off-by: Alex Jia <ajia@redhat.com>
Value stored to 'ret' is never read, in fact, 'cleanup' section will
directly return -1 when function is fail, so remove this dead assignment.
* src/qemu/qemu_process.c: kill dead assignment.
Signed-off-by: Alex Jia <ajia@redhat.com>
When trying to use any SASL authentication for TCP sockets by
setting auth_tls = "sasl" in libvirtd.conf on server side, the
client will hang because of the sasl session relocking other than
dropping the lock when exiting virNetSASLSessionExtKeySize()
* src/rpc/virnetsaslcontext.c: virNetSASLSessionExtKeySize drop the
lock on exit
This patch introduces a internal RPC API "virNetServerClose", which
is standalone with "virNetServerFree". it closes all the socket fds,
and unlinks the unix socket paths, regardless of whether the socket
is still referenced or not.
This is to address regression bug:
https://bugzilla.redhat.com/show_bug.cgi?id=725702
I noticed that with 0.9.4, gnulib ended up replacing pthread_sigmask
on glibc, even though glibc's works perfectly fine. It turns out
to have been an upstream gnulib bug.
* .gnulib: Update to latest, for pthread_sigmask fix.
Detection based on gnutls_session doesn't work because GnuTLS 2.x.y
comes with a compat.h that defines gnutls_session to gnutls_session_t.
Instead detect this based on LIBGNUTLS_VERSION_MAJOR. Move this from
configure/config.h to gnutls_1_0_compat.h and make sure that all users
include gnutls_1_0_compat.h properly.
Also fix header guard in gnutls_1_0_compat.h.
* configure.ac docs/news.html.in libvirt.spec.in: updates for new
release
* po/*.po*: pulled translations from the transifex teams and regenerated
localizations
Leak detected by Coverity; only possible on unlikely ptsname_r
failure. Additionally, the man page for ptsname_r states that
failure is merely non-zero, not necessarily -1.
* src/util/util.c (virFileOpenTtyAt): Avoid leak on ptsname_r
failure.
Coverity detected that ifaceGetNthParent had already dereferenced
'nth' prior to the conditional; all callers already complied with
passing a non-NULL pointer so make this part of the contract.
* src/util/interface.h (ifaceGetNthParent): Add annotations.
* src/util/interface.c (ifaceGetNthParent): Drop useless null check.
In virNetServerNew, Coverity didn't realize that srv->mdsnGroupName
can only be non-NULL if mdsnGroupName was non-NULL.
In virNetServerRun, Coverity didn't realize that the array is non-NULL
if the array count is non-zero.
* src/rpc/virnetserver.c (virNetServerNew): Use alternate pointer.
(virNetServerRun): Give coverity a hint.
Coverity complained that 395 out of 409 virAsprintf calls are
checked, and therefore assumed that the remaining cases are bugs
waiting to happen. But in each of these cases, a failed virAsprintf
will properly set the target string to NULL, and pass on that
failure to the caller, without wasting efforts to check the call.
Adding the ignore_value silences Coverity.
* src/conf/domain_audit.c (virDomainAuditGetRdev): Ignore
virAsprintf return value, when it behaves like we need.
* src/network/bridge_driver.c (networkDnsmasqLeaseFileNameDefault)
(networkRadvdConfigFileName, networkBridgeDummyNicName)
(networkRadvdPidfileBasename): Likewise.
* src/util/storage_file.c (absolutePathFromBaseFile): Likewise.
* src/openvz/openvz_driver.c (openvzGenerateContainerVethName):
Likewise.
* src/util/command.c (virCommandTranslateStatus): Likewise.
Quite a few leaks detected by coverity. For chr, the leaks were
close enough to the allocations to plug in place; for disk, the
leaks were separated from the allocation by enough other lines with
intermediate failure cases that I refactored the cleanup instead.
* src/qemu/qemu_command.c (qemuParseCommandLine): Plug leaks.
Warning detected by Coverity. No need for the NULL check, and
removing it silences the warning without any semantic change.
* src/qemu/qemu_migration.c (qemuMigrationFinish): All entries to
endjob had non-NULL vm.
Detected by Coverity. Freeing the wrong variable results in both
a memory leak and the likelihood of the caller dereferencing through
a freed pointer.
* src/rpc/virnettlscontext.c (virNetTLSSessionNew): Free correct
variable.
Coverity detected that 5 of 6 callers of virJSONValueArrayGet checked
for a NULL return; and that by not checking we risk a null deref
during an error. The error is unlikely since the prior call to
virJSONValueArraySize would probably have already caught any botched
JSON array parse, but better safe than sorry.
* src/qemu/qemu_monitor_json.c (qemuMonitorJSONGetBlockJobInfo):
Check for NULL.
(qemuMonitorJSONExtractPtyPaths): Fix typo.
Detected by Coverity. We want to compare the result of fnmatch 'rv',
not our pre-set return value 'ret'.
* src/rpc/virnetsaslcontext.c (virNetSASLContextCheckIdentity):
Check correct variable.
Right now, every re-run of configure re-evaluates whether a
static analysis tool is in use. But if you run configure under
coverity, make a tweak, and then do an incremental rebuild with
gcc but not coverity to test the tweak, then rerun a build under
coverity, then configure does not get rerun, and static analysis
ends up with lots of false positives.
This patch caches the static analysis result, and also makes it
easier to force static analysis even if the existing checks are
insufficient to detect newer versions of the static analyzer tools.
* configure.ac (lv_cv_static_analysis): New cache variable.
Revert 6a1f5f568f. Now that libvirt_iohelper takes fds by
inheritance rather than by open() (commit 1eb66479), there is
no longer a race where the parent can unlink() a file prior to
the iohelper open()ing the same file. From there, it makes
more sense to have the callers both create and unlink, rather
than the caller create and the stream unlink, since the latter
was only needed when iohelper had to do the unlink.
* src/fdstream.h (virFDStreamOpenFile, virFDStreamCreateFile):
Callers are responsible for deletion.
* src/fdstream.c (virFDStreamOpenFileInternal): Don't leak created
file on failure.
(virFDStreamOpenFile, virFDStreamCreateFile): Drop parameter.
* src/lxc/lxc_driver.c (lxcDomainOpenConsole): Update callers.
* src/qemu/qemu_driver.c (qemuDomainScreenshot)
(qemuDomainOpenConsole): Likewise.
* src/storage/storage_driver.c (storageVolumeDownload)
(storageVolumeUpload): Likewise.
* src/uml/uml_driver.c (umlDomainOpenConsole): Likewise.
* src/vbox/vbox_tmpl.c (vboxDomainScreenshot): Likewise.
* src/xen/xen_driver.c (xenUnifiedDomainOpenConsole): Likewise.
The previous qemu patch could end up calling unlink(tmp) before
tmp was the name of a valid file (unlinking a fileXXXXXX template
instead), or calling unlink(tmp) twice on success (once here,
and once at the end of the stream). Meanwhile, vbox also suffered
from the same leaked tmp file bug.
* src/qemu/qemu_driver.c (qemuDomainScreenshot): Don't unlink on
success, or on invalid name.
* src/vbox/vbox_tmpl.c (vboxDomainScreenshot): Don't leak temp file.
Spotted by Coverity. Gnutls documents that buffer must be NULL
if gnutls_x509_crt_get_key_purpose_oid is to be used to determine
the correct size needed for allocating a buffer.
* src/rpc/virnettlscontext.c
(virNetTLSContextCheckCertKeyPurpose): Initialize buffer.
Spotted by coverity. If pipe2 fails, then we attempt to close
uninitialized fds, which may result in a double-close.
* src/rpc/virnetserver.c (virNetServerSignalSetup): Initialize fds.
Steps to reproduce this problem (vm1 is not running):
for i in `seq 50`; do virsh managedsave vm1& done; killall virsh
Pre-patch, virNetServerClientClose could end up setting client->sock
to NULL prior to other cleanup functions trying to use client->sock.
This fixes things by checking for NULL in more places, and by deferring
the cleanup until after all queued messages have been served.
* src/rpc/virnetserverclient.c (virNetServerClientRegisterEvent)
(virNetServerClientGetFD, virNetServerClientIsSecure)
(virNetServerClientLocalAddrString)
(virNetServerClientRemoteAddrString): Check for closed socket.
(virNetServerClientClose): Rearrange close sequence.
Analysis from Wen Congyang.
This patch adds an internal function openvzGetVEStatus to
get the real state of the domain. This function is used in
various places in the driver, in particular to detect when
the domain has been shut down by the user with the "halt"
command.
Currently, we attempt to run sync job and async job at the same time. It
means that the monitor commands for two jobs can be run in any order.
In the function qemuDomainObjEnterMonitorInternal():
if (priv->job.active == QEMU_JOB_NONE && priv->job.asyncJob) {
if (qemuDomainObjBeginNestedJob(driver, obj) < 0)
We check whether the caller is an async job by priv->job.active and
priv->job.asynJob. But when an async job is running, and a sync job is
also running at the time of the check, then priv->job.active is not
QEMU_JOB_NONE. So we cannot check whether the caller is an async job
in the function qemuDomainObjEnterMonitorInternal(), and must instead
put the burden on the caller to tell us when an async command wants
to do a nested job.
Once the burden is on the caller, then only async monitor enters need
to worry about whether the VM is still running; for sync monitor enter,
the internal return is always 0, so lots of ignore_value can be dropped.
* src/qemu/THREADS.txt: Reflect new rules.
* src/qemu/qemu_domain.h (qemuDomainObjEnterMonitorAsync): New
prototype.
* src/qemu/qemu_process.h (qemuProcessStartCPUs)
(qemuProcessStopCPUs): Add parameter.
* src/qemu/qemu_migration.h (qemuMigrationToFile): Likewise.
(qemuMigrationWaitForCompletion): Make static.
* src/qemu/qemu_domain.c (qemuDomainObjEnterMonitorInternal): Add
parameter.
(qemuDomainObjEnterMonitorAsync): New function.
(qemuDomainObjEnterMonitor, qemuDomainObjEnterMonitorWithDriver):
Update callers.
* src/qemu/qemu_driver.c (qemuDomainSaveInternal)
(qemudDomainCoreDump, doCoreDump, processWatchdogEvent)
(qemudDomainSuspend, qemudDomainResume, qemuDomainSaveImageStartVM)
(qemuDomainSnapshotCreateActive, qemuDomainRevertToSnapshot):
Likewise.
* src/qemu/qemu_process.c (qemuProcessStopCPUs)
(qemuProcessFakeReboot, qemuProcessRecoverMigration)
(qemuProcessRecoverJob, qemuProcessStart): Likewise.
* src/qemu/qemu_migration.c (qemuMigrationToFile)
(qemuMigrationWaitForCompletion, qemuMigrationUpdateJobStatus)
(qemuMigrationJobStart, qemuDomainMigrateGraphicsRelocate)
(doNativeMigrate, doTunnelMigrate, qemuMigrationPerformJob)
(qemuMigrationPerformPhase, qemuMigrationFinish)
(qemuMigrationConfirm): Likewise.
* src/qemu/qemu_hotplug.c: Drop unneeded ignore_value.
whether or not previous return value is -1, the following codes will be
executed for a inactive guest in src/qemu/qemu_driver.c:
ret = virDomainSaveConfig(driver->configDir, persistentDef);
and if everything is okay, 'ret' is assigned to 0, the previous 'ret'
will be overwritten, this patch will fix this issue.
* src/qemu/qemu_driver.c: avoid return value is overwritten when give a argument
in out of blkio weight range for a inactive guest.
* how to reproduce?
% virsh blkiotune ${guestname} --weight 10
% echo $?
Note: guest must be inactive, argument 10 in out of blkio weight range,
and can get a error information by checking libvirtd.log, however,
virsh hasn't raised any error information, and return value is 0.
https://bugzilla.redhat.com/show_bug.cgi?id=726304
Signed-off-by: Alex Jia <ajia@redhat.com>
whether or not previous return value is -1, the following codes will be
executed for a inactive guest in qemuDomainSetMemoryParameters:
ret = virDomainSaveConfig(driver->configDir, persistentDef);
and if everything is okay, 'ret' is assigned to 0, the previous 'ret'
will be overwritten, this patch will fix this issue.
* src/qemu/qemu_driver.c: avoid return value is overwritten when set
min_guarante value to a inactive guest.
* how to reproduce?
% virsh memtune ${guestname} --min_guarante 1024
% echo $?
Note: guest must be inactive, in fact, 'min_guarante' hasn't been implemented
in memory tunable, and I can get the error when check actual libvirtd.log,
however, virsh hasn't raised any error information, and return value is 0.
Signed-off-by: Alex Jia <ajia@redhat.com>
This commands don't have a --pool option, so don't tell
vshCommandOptVolBy that there could be one. This made
vshCommandOptString for pooloptname fail and an "missing option"
error was reported.
Make pooloptname optional for vshCommandOptVolBy.
Introduced by f9a837da73, the condition is not changed after
the else clause is removed. So now it quit with "domain is not
running" when the domain is running. However, when the domain is
not running, it reports "no job is active".
How to reproduce:
1)
% virsh start $domain
% virsh domjobabort $domain
error: Requested operation is not valid: domain is not running
2)
% virsh destroy $domain
% virsh domjobabort $domain
error: Requested operation is not valid: no job is active on the domain
3)
% virsh save $domain /tmp/$domain.save
Before above commands finished, try to abort job in another terminal
% virsh domabortjob $domain
error: Requested operation is not valid: domain is not running
Originally noticed by comparing the xml generated by virDomainSave
with the xml produced by reparsing and redumping that xml, but I
also did an audit of every last use of VIR_DOMAIN_XML_INACTIVE in
domain_conf.c to ensure that no other discrepancies exist.
* src/conf/domain_conf.c (virDomainDeviceInfoIsSet): Add
parameter, and update all callers. Make static.
(virDomainNetDefFormat): Skip generated ifname.
(virDomainDefFormatInternal): Skip default <seclabel>.
(virDomainChrSourceDefParseXML): Skip generated pty path, and add
parameter. Update callers.
* src/conf/domain_conf.h (virDomainDeviceInfoIsSet): Delete.
* src/libvirt_private.syms (domain_conf.h): Update.
Using a macro ensures that all the code is looking for the same
prefix.
* src/conf/domain_conf.h (VIR_NET_GENERATED_PREFIX): New macro.
* src/conf/domain_conf.c (virDomainNetDefParseXML): Use it.
* src/uml/uml_conf.c (umlConnectTapDevice): Likewise.
* src/qemu/qemu_command.c (qemuNetworkIfaceConnect): Likewise.
Suggested by Laine Stump.
This is in response to:
https://bugzilla.redhat.com/show_bug.cgi?id=723862
which points out that a guest on an "isolated" network could
potentially exploit the DNS forwarding provided by dnsmasq to create a
communication channel to the outside.
This patch eliminates that possibility by adding the "--no-resolv"
argument to the dnsmasq commandline, which tells dnsmasq to not
forward on any requests that it can't resolve itself (by looking at
its own static hosts files and runtime list of dhcp clients), but to
instead return a failure for those requests.
This shouldn't cause any undesirable change from current
behavior, even in the case where a guest is currently configured with
multiple interfaces, one of them being connected to an isolated
network, and another to a network that does have connectivity to the
outside. If the isolated network's DNS server is queried for a name
it doesn't know, it will return "Refused" rather than "Unknown", which
indicates to the guest that it should query other servers, so it then
queries the connected DNS server, and gets the desired response.
Without this, cygwin failed to compile:
In file included from ../src/rpc/virnetmessage.h:24,
from ../src/rpc/virnetclient.h:27,
from remote/remote_driver.c:31:
../src/rpc/virnetprotocol.h:9:21: error: rpc/rpc.h: No such file or directory
With that fixed, compilation warned:
rpc/virnetsocket.c: In function 'virNetSocketNewListenUNIX':
rpc/virnetsocket.c:347: warning: format '%d' expects type 'int', but argument 8 has type 'gid_t' [-Wformat]
rpc/virnetsocket.c: In function 'virNetSocketGetLocalIdentity':
rpc/virnetsocket.c:743: warning: pointer targets in passing argument 5 of 'getsockopt' differ in signedness
* src/Makefile.am (libvirt_driver_remote_la_CFLAGS)
(libvirt_net_rpc_client_la_CFLAGS)
(libvirt_net_rpc_server_la_CFLAGS): Include XDR_CFLAGS, for rpc
headers on cygwin.
* src/rpc/virnetsocket.c (virNetSocketNewListenUNIX)
(virNetSocketGetLocalIdentity): Avoid compiler warnings.
POSIX states that 'a=1; a=2 b=$a command' has unspecified results
for the value of $b visible within command. In particular, on
BSD, this resulted in PATH not picking up the in-test ssh.
* tests/Makefile.am (lv_abs_top_builddir): New macro.
(path_add, TESTS_ENVIRONMENT): Use it to avoid referring to an
environment variable set previously within the same command line.
Reported by Matthias Bolte.
Commit 3709a386 ported hooks codes to new command execution API,
together with the useful error message removed. Though we can't
get "errbuf" from the new command execution API anymore, still
we can give a more useful error.
https://bugzilla.redhat.com/show_bug.cgi?id=726398
Gettext annoyingly modifies CPPFLAGS in-place, putting
-I/usr/local/include into the search patch if libintl headers
must be used from that location. But since we must support
automake 1.9.6 which lacks AM_CPPFLAGS, and since CPPFLAGS is used
prior to INCLUDES, this means that the build picks up the _old_
installed libvirt.h in priority to the in-tree version, leading
to all sorts of weird build failures on FreeBSD.
Fix this by teaching configure to undo gettext's actions, but
to keep any changes required by gettext at the end of INCLUDES
after all in-tree locations are used first. Also requires
adding a wrapper Makefile.am and making gnulib-tool create
just gnulib.mk files during the bootstrap process.
Signed-off-by: Eric Blake <eblake@redhat.com>
The goal here is that save-image-dumpxml fed back to
save-image-define should not change the save file; anywhere that
this is not the case is probably a bug in domain_conf.c.
* src/qemu/qemu_driver.c (qemuDomainSaveImageGetXMLDesc)
(qemuDomainSaveImageDefineXML): New functions.
(qemuDomainSaveImageOpen): Add parameter.
(qemuDomainRestoreFlags, qemuDomainObjRestore): Adjust clients.
With this, it is possible to update the path to a disk backing
image on either the save or restore action, without having to
binary edit the XML embedded in the state file.
This also modifies virDomainSave to output a smaller xml (only
the inactive xml, which is all the more virDomainRestore parses),
while still guaranteeing padding for most typical abi-compatible
xml replacements, necessary so that the next patch for
virDomainSaveImageDefineXML will not cause unnecessary
modifications to the save image file.
* src/qemu/qemu_driver.c (qemuDomainSaveInternal): Add parameter,
only use inactive state, and guarantee padding.
(qemuDomainSaveImageOpen): Add parameter.
(qemuDomainSaveFlags, qemuDomainManagedSave)
(qemuDomainRestoreFlags, qemuDomainObjRestore): Update callers.
I went with the shorter license notice used by src/libvirt.c,
rather than spelling out the full LGPLv2+ clause into each of
these files.
* configure.ac: Declare copyright.
* all Makefile.am: Likewise.
Found by:
for f in $(sed -n 's/.*Drv[^ ]* \([^;]*\);.*/\1/p' src/xen/xen_driver.h)
do
git grep "\(\.\|->\)$f\b" src/xen
done | cat
and looking through the resulting list to see which callback struct
members are still necessary.
* src/xen/xen_driver.h (xenUnifiedDriver): Drop all callbacks that
are only used directly.
* src/xen/xen_hypervisor.c (xenHypervisorDriver): Shrink list.
* src/xen/xen_inotify.c (xenInotifyDriver): Likewise.
* src/xen/xend_internal.c (xenDaemonDriver): Likewise.
* src/xen/xm_internal.c (xenXMDriver): Likewise.
* src/xen/xs_internal.c (xenStoreDriver): Likewise.
No need to use a for loop if we know there is exactly one client.
Found by:
for f in $(sed -n 's/.*Drv[^ ]* \([^;]*\);.*/\1/p' src/xen/xen_driver.h)
do
git grep "\(\.\|->\)$f\b" src/xen
done | cat
and looking through the resulting list to see which callback struct
members are used exactly once. The next patch will ensure that we
don't reintroduce uses of these callbacks.
* src/xen/xen_driver.c (xenUnifiedClose): Call close
unconditionally, to match xenUnifiedOpen.
(xenUnifiedNodeGetInfo, xenUnifiedDomainCreateXML)
(xenUnifiedDomainSave, xenUnifiedDomainRestore)
(xenUnifiedDomainCoreDump, xenUnifiedDomainUpdateDeviceFlags):
Make direct call to lone implementation.
* src/xen/xend_internal.h (xenDaemonDomainCoreDump)
(xenDaemonUpdateDeviceFlags, xenDaemonCreateXML): Add prototypes.
* src/xen/xend_internal.c (xenDaemonDomainCoreDump)
(xenDaemonUpdateDeviceFlags, xenDaemonCreateXML): Export.
The callback struct is great when iterating through several
possibilities, but when calling a known callback, it's just
overhead. We can make the direct call in those cases.
* src/xen/xen_driver.c (xenUnifiedOpen, xenUnifiedDomainSuspend)
(xenUnifiedDomainResume, xenUnifiedDomainDestroyFlags): Make
direct calls instead of going through callback.
Using C99 initializers and xen-specific prefixes will make it
so that future patches are less likely to add callback members
to the xenUnifiedDriver struct, since the goal is to get rid
of the callback struct in the first place.
* src/xen/xen_driver.h (xenUnifiedDriver): Rename all struct
members, to make it obvious which ones are still in use.
* src/xen/xen_driver.c: Update all callers.
* src/xen/xen_hypervisor.c (xenHypervisorDriver): Rewrite with C99
initializers.
* src/xen/xend_internal.c (xenDaemonDriver): Likewise.
* src/xen/xs_internal.c (xenStoreDriver): Likewise.
* src/xen/xm_internal.c (xenXMDriver): Likewise.
* src/xen/xen_inotify.c (xenInotifyDriver): Likewise.
This failure was introduced by commit dacee3d, which removed
listenAddr from the unions in virDomainGraphicsDef in favor of putting
it in the address attribute of virDomainGraphicsListenDef.
The domain XML now understands the <listen> subelement of its
<graphics> element (including when listen type='network'), and the
network driver has an internal API that will turn a network name into
an IP address, so the final logical step is to put the glue into the
qemu driver so that when it is starting up a domain, if it finds
<listen type='network' network='xyz'/> in the XML, it will call the
network driver to get an IPv4 address associated with network xyz, and
tell qemu to listen for vnc (or spice) on that address rather than the
default address (localhost).
The motivation for this is that a large installation may want the
guests' VNC servers listening on physical interfaces rather than
localhost, so that users can connect directly from the outside; this
requires sending qemu the appropriate IP address to listen on. But
this address will of course be different for each host, and if a guest
might be migrated around from one host to another, it's important that
the guest's config not have any information embedded in it that is
specific to one particular host. <listen type='network.../> can solve
this problem in the following manner:
1) on each host, define a libvirt network of the same name,
associated with the interface on that host that should be used
for listening (for example, a simple macvtap network: <forward
mode='bridge' dev='eth0'/>, or host bridge network: <forward
mode='bridge'/> <bridge name='br0'/>
2) in the <graphics> element of each guest's domain xml, tell vnc to
listen on the network name used in step 1:
<graphics type='vnc' port='5922'>
<listen type='network'network='example-net'/>
</graphics>
(all the above also applies for graphics type='spice').
Once it's plugged in, the <listen> element will be an optional
replacement for the "listen" attribute that graphics elements already
have. If the <listen> element is type='address', it will have an
attribute called 'address' which will contain an IP address or dns
name that the guest's display server should listen on. If, however,
type='network', the <listen> element should have an attribute called
'network' that will be set to the name of a network configuration to
get the IP address from.
* docs/schemas/domain.rng: updated to allow the <listen> element
* docs/formatdomain.html.in: document the <listen> element and its
attributes.
* src/conf/domain_conf.[hc]:
1) The domain parser, formatter, and data structure are modified to
support 0 or more <listen> subelements to each <graphics>
element. The old style "legacy" listen attribute is also still
accepted, and will be stored internally just as if it were a
separate <listen> element. On output (i.e. format), the address
attribute of the first <listen> element of type 'address' will be
duplicated in the legacy "listen" attribute of the <graphic>
element.
2) The "listenAddr" attribute has been removed from the unions in
virDomainGRaphicsDef for graphics types vnc, rdp, and spice.
This attribute is now in the <listen> subelement (aka
virDomainGraphicsListenDef)
3) Helper functions were written to provide simple access
(both Get and Set) to the listen elements and their attributes.
* src/libvirt_private.syms: export the listen helper functions
* src/qemu/qemu_command.c, src/qemu/qemu_hotplug.c,
src/qemu/qemu_migration.c, src/vbox/vbox_tmpl.c,
src/vmx/vmx.c, src/xenxs/xen_sxpr.c, src/xenxs/xen_xm.c
Modify all these files to use the listen helper functions rather
than directly referencing the (now missing) listenAddr
attribute. There can be multiple <listen> elements to a single
<graphics>, but the drivers all currently only support one, so all
replacements of direct access with a helper function indicate index
"0".
* tests/* - only 3 of these are new files added explicitly to test the
new <listen> element. All the others have been modified to reflect
the fact that any legacy "listen" attributes passed in to the domain
parse will be saved in a <listen> element (i.e. one of the
virDomainGraphicsListenDefs), and during the domain format function,
both the <listen> element as well as the legacy attributes will be
output.
* tools/virsh.c: fix missing zero value judgement in cmdBlkiotune and correct
vshError information.
when weight is equal to 0, the cmdBlkiotune will not raise any error information
when judge weight value first time, and execute else branch to judge weight
value again, strncpy(temp->field, VIR_DOMAIN_BLKIO_WEIGHT, sizeof(temp->field))
will be not executed for ever. However, if and only if param->field is equal
to VIR_DOMAIN_BLKIO_WEIGHT, underlying qemuDomainSetBlkioParameters function
will check whether weight value is in range [100, 1000].
* how to reproduce?
% virsh blkiotune ${guestname} --weight 0
Signed-off-by: Alex Jia <ajia@redhat.com>
On RHEL 5, with gcc 4.1.2:
rpc/virnetsaslcontext.c: In function 'virNetSASLSessionUpdateBufSize':
rpc/virnetsaslcontext.c:396: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]
* src/rpc/virnetsaslcontext.c (virNetSASLSessionUpdateBufSize):
Use a union to work around gcc warning.
qemuMigrationUpdateJobStatus (called in a loop by migration
and save tasks) uses qemuDomainObjEnterMonitorWithDriver;
however, that function ended up starting a nested job without
releasing the driver.
Since no one else is making nested calls, we can inline the
internal functions to properly track driver_locked.
* src/qemu/qemu_domain.h (qemuDomainObjBeginNestedJob)
(qemuDomainObjBeginNestedJobWithDriver)
(qemuDomainObjEndNestedJob): Drop unused prototypes.
* src/qemu/qemu_domain.c (qemuDomainObjEnterMonitorInternal):
Reflect driver lock to nested job.
(qemuDomainObjBeginNestedJob)
(qemuDomainObjBeginNestedJobWithDriver)
(qemuDomainObjEndNestedJob): Drop unused functions.
As written in virStorageFileGetMetadataFromFD decription, caller
must free metadata after use. Qemu driver miss this and therefore
leak metadata which can grow to huge mem leak if somebody query
for blockInfo a lot.
* tools/virsh.c: avoid memory leak in cmdVolPath.
* src/libvirt.c: Add doc for virStorageVolGetPath to tell one
must free() the returned path after use.
* how to reproduce?
% dd if=/dev/zero of=/var/lib/libvirt/images/foo.img count=1 bs=10M
% virsh pool-refresh default
% valgrind -v --leak-check=full virsh vol-path --vol \
/var/lib/libvirt/images/foo.img
* actual results:
Detected in valgrind run:
==16436== 32 bytes in 1 blocks are definitely lost in loss record 7 of 22
==16436== at 0x4A05FDE: malloc (vg_replace_malloc.c:236)
==16436== by 0x386A314B3D: xdr_string (in /lib64/libc-2.12.so)
==16436== by 0x3DF8CD770D: xdr_remote_nonnull_string (remote_protocol.c:3
==16436== by 0x3DF8CD7EC8: xdr_remote_storage_vol_get_path_ret
% virsh pool-refresh default
% valgrind -v --leak-check=full virsh vol-path --vol \
/var/lib/libvirt/images/foo.img
Signed-off-by: Alex Jia <ajia@redhat.com>
The error in getCompressionType will never be reported, change
the errors codes into warning (VIR_WARN("%s", _(foo)); doesn't break
syntax-check rule), and also improve the docs in qemu.conf to tell
user the truth.
Make MIGRATION_OUT use the new helper methods.
This also introduces new protection to migration v3 process: the
migration job is held from Begin to Confirm to avoid changes to a domain
during migration (esp. between Begin and Perform phases). This change is
automatically applied to p2p and tunneled migrations. For normal
migration, this requires support from a client. In other words, if an
old (pre 0.9.4) client starts normal migration of a domain, the domain
will not be protected against changes between Begin and Perform steps.
Without this, a configure built by autoconf 2.59 was broken when
trying to detect which compiler warning flags were supported.
* .gnulib: Update to latest, for warnings.m4 fix.
* bootstrap.conf: Add fclose explicitly, to match recent gnulib
implicit dependency changes.
* src/qemu/qemu_conf.c (includes): Drop unused include.
* src/uml/uml_conf.c (include): Likewise.
Reported by Daniel P. Berrange.
Every DomainNetDef has a bandwidth, as does every portgroup.
Whenever a DomainNetDef of type NETWORK is about to be used, a call is
made to networkAllocateActualDevice(). This function chooses the "best"
bandwidth object and places it in the DomainActualNetDef.
From that point on, whenever some code needs to use the bandwidth data
for the interface, it's retrieved with virDomainNetGetActualBandwidth(),
which will always return the "best" info as determined in the
previous step.
The description of the list command seemed to suggest that it could
take a set of domains as an argument, which is not correct in the
current HEAD. If virsh list is intended to take a list of domains,
then this patch should be NAK'd and a bug opened against virsh list.
Reported by hachi on #virt
v2:
Change language to include transient domains
Osier pointed out that transient domains are not defined, so what I
had originally proposed wasn't quite correct.
When an incoming RPC message is ready for processing,
virNetServerClientDispatchRead()
will invoke the 'dispatchFunc' callback. This is set to
virNetServerDispatchNewMessage
This function puts the message + client in a queue for processing by the thread
pool. The thread pool worker function is
virNetServerHandleJob
The first thing this does is acquire an extra reference on the 'client'.
Unfortunately, between the time the message+client are put on the thread pool
queue, and the time the worker runs, the client object may have had its last
reference removed.
We clearly need to add the reference to the client object before putting the
client on the processing queue
* src/rpc/virnetserverclient.c: Add a reference to the client when
invoking the dispatch function
* src/rpc/virnetserver.c: Don't acquire a reference to the client
when in the worker thread
The cpu bandwidth is applied at the vcpu group level. We should apply it
at the vm group level too, because the vm may do heavy I/O, and it will affect
the other vm.
We apply cpu bandwidth at the vcpu and the vm group level, so we must ensure
that max(child_quota) <= parent_quota when we modify cpu bandwidth.
The virNetSASLContext, virNetSASLSession, virNetTLSContext and
virNetTLSSession classes previously relied in their owners
(virNetClient / virNetServer / virNetServerClient) to provide
locking protection for concurrent usage. When virNetSocket
gained its own locking code, this invalidated the implicit
safety the SASL/TLS modules relied on. Thus we need to give
them all explicit locking of their own via new mutexes.
* src/rpc/virnetsaslcontext.c, src/rpc/virnettlscontext.c: Add
a mutex per object
When setting up a server socket, we must skip EADDRINUSE errors
from bind, since the IPv6 socket bind may have already bound to
the IPv4 socket too. If we don't manage to bind to any sockets
at all though, we should then report the EADDRINUSE error as
normal.
This fixes the case where libvirtd would not exit if some other
program was listening on its TCP/TLS ports.
* src/rpc/virnetsocket.c: Report EADDRINUSE
Rename the existing --current flag to the new name --active,
while adding a new flag --current to expose the new
VIR_DOMAIN_AFFECT_CURRENT flag of virDomainGetVcpusFlags.
For backwards compability, the output does not change (even
though the label "current" no longer matches the spelling of
the option that would trigger that number in isolation), and
we accept "--current --live" as an undocumented synonym for
"--active --live" to avoid breaking any existing clients.
* tools/virsh.c (cmdVcpucount): Add --active flag, and rearrange
existing flag handling to expose VIR_DOMAIN_AFFECT_CURRENT support.
* tools/virsh.pod (vcpucount): Document this.
Now that virDomainSetVcpusFlags knows about VIR_DOMAIN_AFFECT_CURRENT,
so should virDomainGetVcpusFlags.
Unfortunately, the virsh counterpart 'virsh vcpucount' has already
commandeered --current for a different meaning, so teaching virsh
to expose this in the next patch will require a bit of care.
* src/libvirt.c (virDomainGetVcpusFlags): Allow
VIR_DOMAIN_AFFECT_CURRENT.
* src/libxl/libxl_driver.c (libxlDomainGetVcpusFlags): Likewise.
* src/qemu/qemu_driver.c (qemudDomainGetVcpusFlags): Likewise.
* src/test/test_driver.c (testDomainGetVcpusFlags): Likewise.
* src/xen/xen_driver.c (xenUnifiedDomainGetVcpusFlags): Likewise.
Although most functions in libvirt return 0 on success and < 0 on
failure, there are a few functions lingering around that return errno
(a positive value) on failure, and sometimes code calling those
functions incorrectly assumes the <0 standard. I noticed one of these
the other day when auditing networkStartDhcpDaemon after Guido Gunther
found a place where success was improperly returned on failure (that
patch has been acked and is pending a push). The problem was that it
expected the return value from virFileReadPid to be < 0 on failure,
but it was actually positive (it was also neglected to set the return
code in this case, similar to the bug found by Guido).
This all led to the fact that *all* of the virFile*Pid functions in
util.c are returning errno on failure. This patch remedies that
problem by changing them all to return -errno on failure, and makes
any necessary changes to callers of the functions. (In the meantime, I
also properly set the return code on failure of virFileReadPid in
networkStartDhcpDaemon).
With older GNUTLS the gnutls_x509_privkey_import function is
unable to import our private key. Instead we must use the
alternative gnutls_x509_privkey_import_pkcs8() (as certtool
does).
* virnettlscontexttest.c: Fix import of private key with
older gnutls. Also add missing newlines to key
commit 5283ea9b1d changed the
semantics of the 'expire_offset' field in the test case struct
so that instead of being an absolute timestamp, it was a delta
relative to the current time. This broke the test cases which
were testing expiry of certificates, by putting the expiry
time into the future, instead of in the past.
Fix this by changing the expiry values to be negative, so that
the delta goes into the past again.
* virnettlscontexttest.c: Fix expiry tests
In the XML file we now have
<cputune>
<shares>1024</shares>
<period>90000</period>
<quota>0</quota>
</cputune>
But the schedinfo parameter are being named
cpu_shares: 1024
cfs_period: 90000
cfs_quota: 0
The period/quota is per-vcpu value, so these new tunables should be named
'vcpu_period' and 'vcpu_quota'.
We had a bit too many elements crammed in there. Separate it into different
headings:
- CPU Allocation (<vcpus>)
- CPU Tuning (<cputune>)
- Memory allocation (<memory> and <currentMemory>)
- Memory backing (<memoryBacking>)
- Memory tuning (<memtune>)
- Numa tuning (<numatune>)
- Block I/O tuning (<blkiotune>)
This patch adds the Python bindings for virDomainGetVcpuPinInfo API.
* python/generator.py: add it to generator skip list
* python/libvirt-override-api.xml: provide an override description
* python/libvirt-override.c: provide an override binding implementation
This patch adds the Python bindings for virDomainPinVcpuFlags API.
* python/generator.py: add it to the generator skip list
* python/libvirt-override-api.xml: provide override description
* python/libvirt-override.c: provide override bindings implementation
This patch adds the Python bindings for
virDomainGetSchedulerParametersFlags API.
* python/libvirt-override-api.xml: provide and override description
* python/libvirt-override.c: implement the bindings
These functions parse given XML node and return pointer to the
output. Unknown elements are silently ignored. Attributes must
be integer and must fit in unsigned long long.
Free function frees elements of virBandwidth structure.
Define new 'bandwidth' element with possible child element 'inbound'
and 'outbound' addressing incoming and outgoing traffic respectively:
<bandwidth>
<inbound average='1000' peak='2000' burst='5120'/>
<outbound average='500'/>
</bandwidth>
Leaving any element out means not to shape traffic in that
direction.
The units for average and peak (rate) are in kilobytes per second,
for burst (size) are just in kilobytes.
This element can be inserted into domain's 'interface' and
'network'.
The new listenNetwork attribute needs to learn an IP address based on a
named network. This patch provides a function networkGetNetworkAddress
which provides that.
Some networks have an IP address explicitly in their configuration
(ie, those with a forward type of "none", "route", or "nat"). For
those, we can just return the IP address from the config.
The rest will have a physical device associated with them (either via
<bridge name='...'/>, <forward ... dev='...'/>, or possibly via a pool
of interfaces inside the network's <forward> element) and we will need
to ask the kernel for a current IP address of that device (via the
newly added ifaceGetIPAddress)
If networkGetNetworkAddress encounters an error while trying to learn
the address for a network, it will return -1. In the case that libvirt
has been compiled without the network driver, the call is a macro
which reduces to -2. This allows differentiating between a failure of
the network driver, and its complete absence.
This function uses ioctl(SIOCGIFADDR), which limits it to returning
the first IPv4 address of an interface, but that's what we want right
now (the place we're going to use the address only accepts one).
Even though gnutls is a hard-req for libvirt, and gnutls depends
on libtasn1, that does not mean that you have to have the libtasn1
development files installed. Skip the test rather than failing
compilation in that case.
With newer gcc, the test consumed too much stack space. Move
things to static storage to fix that.
* configure.ac (AC_CHECK_HEADERS): Check for libtasn1.h.
(HAVE_LIBTASN1): New automake conditional.
* tests/Makefile.am (virnettlsconvirnettlscontexttest_SOURCES)
(virnettlscontexttest_LDADD): Allow compilation without libtasn1.
* tests/virnettlscontexttest.c: Skip test if headers not present.
(struct testTLSCertReq): Alter time members.
(testTLSGenerateCert): Reflect the change.
(mymain): Reduce stack usage.
The sanlock plugin for libvirt expects the directory
/var/lib/libvirt/sanlock to exist. Create this and add
it to the RPM
* libvirt.spec.in: Add /var/lib/libvirt/sanlock
* src/Makefile.am: Create /var/lib/libvirt/sanlock
A container should not be allowed to modify stuff in /sys
or /proc/sys so make them readonly. Make /selinux readonly
so that containers think that selinux is disabled.
Honour the readonly flag when mounting container filesystems
from the guest XML config
* src/lxc/lxc_container.c: Support readonly mounts
Even in non-virtual root filesystem mode we should be mounting
more than just a new /proc. Refactor lxcContainerMountBasicFS
so that it does everything except for /dev and /dev/pts moving
that into lxcContainerMountDevFS. Pass in a source prefix
to lxcContainerMountBasicFS() so it can be used in both shared
root and private root modes.
* src/lxc/lxc_container.c: Unify mounting code for special
filesystems
The bind mount setup is about to get more complicated.
To avoid having to deal with several copies, pull it
out into a separate lxcContainerMountFSBind method.
Also pull out the iteration over container filesystems,
so that it will be easier to drop in support for non-bind
mount filesystems
* src/lxc/lxc_container.c: Pull bind mount code out into
lxcContainerMountFSBind
This test case checks certification validation rules for
- Basic constraints
- Key purpose
- Key usage
- Start/expiry times
It checks initial context creation sanity checks, and live
session validation
When libvirtd starts it it will sanity check its own certs,
and before libvirt clients connect to a remote server they
will sanity check their own certs. This patch allows such
sanity checking to be skipped. There is no strong reason to
need to do this, other than to bypass possible libvirt bugs
in sanity checking, or for testing purposes.
libvirt.conf gains tls_no_sanity_certificate parameter to
go along with tls_no_verify_certificate. The remote driver
client URIs gain a no_sanity URI parameter
* daemon/test_libvirtd.aug, daemon/libvirtd.conf,
daemon/libvirtd.c, daemon/libvirtd.aug: Add parameter to
allow cert sanity checks to be skipped
* src/remote/remote_driver.c: Add no_sanity parameter to
skip cert checks
* src/rpc/virnettlscontext.c, src/rpc/virnettlscontext.h:
Add new parameter for skipping sanity checks independantly
of skipping session cert validation checks
Also prepend $(AM_V_GEN) to the command line, mark virkeycode-mapgen.py
as executable and switch the shebang line from /bin/python to the
commonly use /usr/bin/python.
All of the functions in util/interface.c were returning 0 on success,
but some returned -1 on error, and some returned a positive value
(usually the value of errno, but sometimes just 1). Libvirt's standard
is to return < 0 on error (in the case of functions that need to
return errno, -errno is returned.
This patch modifies all functions in interface.c to consistently
return < 0 on error, and makes changes to callers of those functions
where necessary.
There is some commonality between the code for sanity checking
certs when initializing libvirt and the code for validating
certs during a live TLS session handshake. This patchset splits
up the sanity checking function into several smaller functions
each doing a specific type of check. The cert validation code
is then updated to also call into these functions
* src/rpc/virnettlscontext.c: Refactor cert validation code
The gnutls_certificate_type_set_priority method is deprecated.
Since we already set the default gnutls priority, it was not
serving any useful purpose and can be removed
* src/rpc/virnettlscontext.c: Remove gnutls_certificate_type_set_priority
call
If the virStateInitialize call fails we must shutdown libvirtd
since drivers will not be available. Just free'ing the virNetServer
is not sufficient, we must send a SIGTERM to ourselves so that
we interrupt the event loop and trigger a orderly shutdown
* daemon/libvirtd.c: Kill ourselves if state init fails
* src/rpc/virnetserver.c: Add some debugging to event loop
When an operation started by virDomainBlockPull completes (either with
success or with failure), raise an event to indicate the final status.
This API allow users to avoid polling on virDomainGetBlockJobInfo if
they would prefer to use an event mechanism.
* daemon/remote.c: Dispatch events to client
* include/libvirt/libvirt.h.in: Define event ID and callback signature
* src/conf/domain_event.c, src/conf/domain_event.h,
src/libvirt_private.syms: Extend API to handle the new event
* src/qemu/qemu_driver.c: Connect to the QEMU monitor event
for block_stream completion and emit a libvirt block pull event
* src/remote/remote_driver.c: Receive and dispatch events to application
* src/remote/remote_protocol.x: Wire protocol definition for the event
* src/remote_protocol-structs: structure definitions for protocol verification
* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
src/qemu/qemu_monitor_json.c: Watch for BLOCK_STREAM_COMPLETED event
from QEMU monitor
virDomainGetBlockJobInfo requires manual override since it returns a
custom type.
* python/generator.py: reenable bindings for this entry point
* python/libvirt-override-api.xml python/libvirt-override.c:
manual overrides
Define two new virsh commands:
* blockpull: Initiate a blockPull for the given disk
* blockjob: Retrieve progress info, modify speed, and cancel active block jobs
Share print_job_progress() with the migration code.
* tools/virsh.c: implement the new commands
The virDomainBlockPull* family of commands are enabled by the
following HMP/QMP commands: 'block_stream', 'block_job_cancel',
'info block-jobs' / 'query-block-jobs', and 'block_job_set_speed'.
* src/qemu/qemu_driver.c src/qemu/qemu_monitor_text.[ch]: implement disk
streaming by using the proper qemu monitor commands.
* src/qemu/qemu_monitor_json.[ch]: implement commands using the qmp monitor
The generator can handle everything except virDomainGetBlockJobInfo().
* src/remote/remote_protocol.x: provide defines for the new entry points
* src/remote/remote_driver.c daemon/remote.c: implement the client and
server side for virDomainGetBlockJobInfo.
* src/remote_protocol-structs: structure definitions for protocol verification
* src/rpc/gendispatch.pl: Permit some unsigned long parameters
Set up the types for the block pull functions and insert them into the
virDriver structure definition. Symbols are exported in this patch to
prevent
documentation compile failures.
* include/libvirt/libvirt.h.in: new API
* src/driver.h: add the new entry to the driver structure
* python/generator.py: fix compiler errors, the actual python bindings
* are
implemented later
* src/libvirt_public.syms: export symbols
* docs/apibuild.py: Extend 'unsigned long' parameter exception to this
* API
Now you can edit a saved state file even if you forgot to grab
a dumpxml file prior to saving a domain. Plus, in-place editing
feels so much nicer.
* tools/virsh.c (cmdSaveImageDumpxml, cmdSaveImageDefine)
(cmdSaveImageEdit): New commands.
* tools/virsh.pod (save-image-dumpxml, save-image-define)
(save-image-edit): Document them.
Modifying the xml on either save or restore only gets you so
far - you have to remember to 'virsh dumpxml dom' just prior
to the 'virsh save' in order to have an xml file worth modifying
that won't be rejected due to abi breaks. To make this more
powerful, we need a way to grab the xml embedded within a state
file, and from there, it's not much harder to also support
modifying a state file in-place.
Also, virDomainGetXMLDesc didn't document its flags.
* include/libvirt/libvirt.h.in (virDomainSaveImageGetXMLDesc)
(virDomainSaveImageDefineXML): New prototypes.
* src/libvirt.c (virDomainSaveImageGetXMLDesc)
(virDomainSaveImageDefineXML): New API.
* src/libvirt_public.syms: Export them.
* src/driver.h (virDrvDomainSaveImageGetXMLDesc)
(virDrvDomainSaveImgeDefineXML): New driver callbacks.
libvirt-guests is a perfect use case for bypassing the file system
cache - lots of filesystem traffic done at system shutdown, where
caching is pointless, and startup, where reading large files only
once just gets in the way. Make this a configurable option in the
init script, but defaulting to existing behavior.
* tools/libvirt-guests.sysconf (BYPASS_CACHE): New variable.
* tools/libvirt-guests.init.sh (start, suspend_guest): Use it.
When auto-dumping a domain on crash events, or autostarting a domain
with managed save state, let the user configure whether to imply
the bypass cache flag.
* src/qemu/qemu.conf (auto_dump_bypass_cache, auto_start_bypass_cache):
Document new variables.
* src/qemu/libvirtd_qemu.aug (vnc_entry): Let augeas parse them.
* src/qemu/qemu_conf.h (qemud_driver): Store new preferences.
* src/qemu/qemu_conf.c (qemudLoadDriverConfig): Parse them.
* src/qemu/qemu_driver.c (processWatchdogEvent, qemuAutostartDomain):
Honor them.
Wire together the previous patches to support file system cache
bypass during API save/restore requests in qemu.
* src/qemu/qemu_driver.c (qemuDomainSaveInternal, doCoreDump)
(qemudDomainObjStart, qemuDomainSaveImageOpen, qemuDomainObjRestore)
(qemuDomainObjStart): Add parameter.
(qemuDomainSaveFlags, qemuDomainManagedSave, qemudDomainCoreDump)
(processWatchdogEvent, qemudDomainStartWithFlags, qemuAutostartDomain)
(qemuDomainRestoreFlags): Update callers.
O_DIRECT has stringent requirements. Rather than make lots of changes
at each site that wants to use O_DIRECT, it is easier to offload
the work through a helper process that mirrors the I/O between a
pipe and the actual direct fd, so that the other end of the pipe
no longer has to worry about constraints.
Plus, if the kernel ever gains better posix_fadvise support, then we
only have to touch a single file to let all callers benefit from a
more efficient way to avoid file system caching.
* src/util/virfile.h (virFileDirectFdFlag, virFileDirectFdNew)
(virFileDirectFdClose, virFileDirectFdFree): New prototypes.
* src/util/virdirect.c: Implement new wrapper object.
* src/libvirt_private.syms (virfile.h): Export new symbols.
* cfg.mk (useless_free_options): Add to list.
* po/POTFILES.in: Add new translations.
Required for a coming patch where iohelper will operate on O_DIRECT
fds. There, the user-space memory must be aligned to file system
boundaries (at least 512, but using page-aligned works better, and
some file systems prefer 64k). Made tougher by the fact that
VIR_ALLOC won't work on void *, but posix_memalign won't work on
char * and isn't available everywhere.
This patch makes some simplifying assumptions - namely, output
to an O_DIRECT fd will only be attempted on an empty seekable
file (hence, no need to worry about preserving existing data
on a partial block, and ftruncate will work to undo the effects
of having to round up the size of the last block written), and
input from an O_DIRECT fd will only be attempted on a complete
seekable file with the only possible short read at EOF.
* configure.ac (AC_CHECK_FUNCS_ONCE): Check for posix_memalign.
* src/util/iohelper.c (runIO): Use aligned memory, and handle
quirks of O_DIRECT on last write.
Rather than making the iohelper subject to a race in reopening
the file, it is nicer to pass an already-open fd by inheritance.
The old synopsis form must continue to work - if someone updates
their libvirt package and installs a new libvirt_iohelper but
without restarting the old libvirtd daemon, then the daemon can
still make calls using the old syntax but the new iohelper.
* src/util/iohelper.c (runIO): Split code for open...
(prepare): ...to new function.
(usage): Update synopsis.
(main): Allow alternate calling form.
* src/fdstream.c (virFDStreamOpenFileInternal): Use alternate form.
Also, migrate was missing documentation for the --xml option
added in commit ec5301cb.
* tools/virsh.c (cmdSave, cmdRestore): Add xml argument.
* tools/virsh.pod (save, restore, migrate): Document it.
Wire up the new flag to several virsh commands. Also, the
'dump' command had undocumented flags.
* tools/virsh.c (cmdSave, cmdManagedSave, cmdDump, cmdStart)
(cmdRestore): Add new flag.
* tools/virsh.pod (save, managedsave, dump, start, restore):
Document flags.
For all hypervisors that support save and restore, the new API
now performs the same functions as the old.
VBox is excluded from this list, because its existing domainsave
is broken (there is no corresponding domainrestore, and there
is no control over the filename used in the save). A later
patch should change vbox to use its implementation for
managedsave, and teach start to use managedsave results.
* src/libxl/libxl_driver.c (libxlDomainSave): Move guts...
(libxlDomainSaveFlags): ...to new function.
(libxlDomainRestore): Move guts...
(libxlDomainRestoreFlags): ...to new function.
* src/test/test_driver.c (testDomainSave, testDomainSaveFlags)
(testDomainRestore, testDomainRestoreFlags): Likewise.
* src/xen/xen_driver.c (xenUnifiedDomainSave)
(xenUnifiedDomainSaveFlags, xenUnifiedDomainRestore)
(xenUnifiedDomainRestoreFlags): Likewise.
* src/qemu/qemu_driver.c (qemudDomainSave, qemudDomainRestore):
Rename and move guts.
(qemuDomainSave, qemuDomainSaveFlags, qemuDomainRestore)
(qemuDomainRestoreFlags): ...here.
(qemudDomainSaveFlag): Rename...
(qemuDomainSaveInternal): ...to this, and update callers.
VIR_ERR_INVALID_ARG implies that an argument cannot possibly
be correct, given the current state of the API.
VIR_ERR_CONFIG_UNSUPPORTED implies that a configuration is
wrong, but arguments aren't configuration.
VIR_ERR_NO_SUPPORT implies that a function is completely
unimplemented.
But in the case of a function that is partially implemented,
yet the full power of the API is not available for that
driver, none of the above messages make sense. Hence a new
error message, implying that the argument is known to comply
with the current state of the API, and that while the driver
supports aspects of the function, it does not support that
particular use of the argument.
A good use case for this is a driver that supports
virDomainSaveFlags, but not the dxml argument of that API.
It might be feasible to also use this new error for all functions
that check flags, and which accept fewer flags than what is possible
in the public API. But doing so would get complicated, since
neither libvirt.c nor the remote driver may do flag filtering,
and every other driver would have to do a two-part check, first
using virCheckFlags on all public flags (which gives
VIR_ERR_INVALID_ARG for an impossible flag), followed by a
particular mask check for VIR_ERR_ARGUMENT_UNSUPPORTED (for a
possible public flag but unsupported by this driver).
* include/libvirt/virterror.h (VIR_ERR_ARGUMENT_UNSUPPORTED): New
error.
* src/util/virterror.c (virErrorMsg): Give it a message.
Suggested by Daniel P. Berrange.
Build failure on xenapi_driver from compiler warnings (flags was unused).
Build failure on xen (incorrect number of arguments). And in fixing
that, I obeyed the comments of struct xenUnifiedDriver that state
that we want to minimize the number of callback functions in that
struct, not add to it.
* src/xen/xen_driver.c (xenUnifiedDomainDestroyFlags): Use correct
arguments.
(xenUnifiedDomainDestroy): Simplify.
* src/xen/xen_driver.h (xenUnifiedDriver): Remove unused callback.
* src/xen/xen_hypervisor.c (xenHypervisorDestroyDomain): Likewise.
* src/xen/xend_internal.c (xenDaemonDomainDestroy): Likewise.
* src/xen/xend_internal.h (xenDaemonDomainDestroyFlags): Likewise.
* src/xen/xm_internal.c (xenXMDriver): Likewise.
* src/xen/xs_internal.c (xenStoreDriver): Likewise.
* src/xen/xen_inotify.c (xenInotifyDriver): Likewise.
* src/xenapi/xenapi_driver.c (xenapiDomainDestroyFlags): Reject
unknown flags.
The network driver needs to assign physical devices for use by modes
that use macvtap, keeping track of which physical devices are in use
(and how many instances, when the devices can be shared). Three calls
are added:
networkAllocateActualDevice - finds a physical device for use by the
domain, and sets up the virDomainActualNetDef accordingly.
networkNotifyActualDevice - assumes that the domain was already
running, but libvirtd was restarted, and needs to be notified by each
already-running domain about what interfaces they are using.
networkReleaseActualDevice - decrements the usage count of the
allocated physical device, and frees the virDomainActualNetDef to
avoid later accidentally using the device.
bridge_driver.[hc] - the new APIs. When WITH_NETWORK is false, these
functions are all #defined to be "0" in the .h file (effectively
becoming a NOP) to prevent link errors.
qemu_(command|driver|hotplug|process).c - add calls to the above APIs
in the appropriate places.
tests/Makefile.am - we need to include libvirt_driver_network.la
whenever libvirt_driver_qemu.la is linked, to avoid unreferenced
symbols (in functions that are never called by the test
programs...)
This is the one function outside of domain_conf.c that plays around
with (even modifying) the internals of the virDomainNetDef, and thus
can't be fixed up simply by replacing direct accesses to the fields of
the struct with the GetActual*() access functions.
In this case, we need to check if the defined type is "network", and
if it is *then* check the actual type; if the actual type is "bridge",
then we can at least put the bridgename in a place where it can be
used; otherwise (if type isn't "bridge"), we behave exactly as we used
to - just null out *everything*.
The qemu driver accesses fields in the virDomainNetDef directly, but
with the advent of the virDomainActualNetDef, some pieces of
information may be found in a different place (the ActualNetDef) if
the network connection is of type='network' and that network is of
forward type='bridge|private|vepa|passthrough'. The previous patch
added functions to mask this difference from callers - they hide the
decision making process and just pick the value from the proper place.
This patch uses those functions in the qemu driver as a first step in
making qemu work with the new network types. At this point, the
virDomainActualNetDef is guaranteed always NULL, so the GetActualX()
function will return exactly what the def->X that's being replaced
would have returned (ie bisecting is not compromised).
There is one place (in qemu_driver.c) where the internal details of
the NetDef are directly manipulated by the code, so the GetActual
functions cannot be used there without extra additional code; that
file will be treated in a separate patch.
Previously all networks were composed of bridge devices created and
managed by libvirt, and the same operations needed to be done for all
of them when they were started and stopped (create and start the
bridge device, configure its MAC address and IP address, add iptables
rules). The new network types are (for now at least) managed outside
of libvirt, and the network object is used only to contain information
about the network, which is then used as each individual guest
connects itself.
This means that when starting/stopping one of these new networks, we
really want to do nothing, aside from marking the network as
active/inactive.
This has been setup as toplevel Start/Shutdown functions that do the
small bit of common stuff, then have a switch statement to execute
network type-specific start/shutdown code, then do a bit more common
code. The type-specific functions called for the new host bridge and
macvtap based types are currently empty.
In the future these functions may actually do something, and we will
surely add more functions that are similarly patterned. Once
everything has settled, we can make a table of "sub-driver" function
pointers for each network type, and store a pointer to that table in
the network object, then we can replace the switch statements with
calls to functions in the table.
The final step in this will be to add a new table (and corresponding
new functions) for new network types as they are added.
The network XML is updated in the following ways:
1) The <forward> element can now contain a list of forward interfaces:
<forward .... >
<interface dev='eth10'/>
<interface dev='eth11'/>
<interface dev='eth12'/>
<interface dev='eth13'/>
</forward>
The first of these takes the place of the dev attribute that is
normally in <forward> - when defining a network you can specify
either one, and on output both will be present. If you specify
both on input, they must match.
2) In addition to forward modes of 'nat' and 'route', these new modes
are supported:
private, passthrough, vepa - when this network is referenced by a
domain's interface, it will have the same effect as if the
interface had been defined as type='direct', e.g.:
<interface type='direct'>
<source mode='${mode}' dev='${dev}>
...
</interface>
where ${mode} is one of the three new modes, and ${dev} is an interface
selected from the list given in <forward>.
bridge - if a <forward> dev (or multiple devs) is defined, and
forward mode is 'bridge' this is just like the modes 'private',
'passthrough', and 'vepa' above. If there is no forward dev
specified but a bridge name is given (e.g. "<bridge
name='br0'/>"), then guest interfaces using this network will use
libvirt's "host bridge" mode, equivalent to this:
<interface type='bridge'>
<source bridge='${bridge-name}'/>
...
</interface>
3) A network can have multiple <portgroup> elements, which may be
selected by the guest interface definition (by adding
"portgroup='${name}'" in the <source> element along with the
network name). Currently a portgroup can only contain a
virtportprofile, but the intent is that other configuration items
may be put there int the future (e.g. bandwidth config). When
building a guest's interface, if the <interface> XML itself has no
virtportprofile, and if the requested network has a portgroup with
a name matching the name given in the <interface> (or if one of the
network's portgroups is marked with the "default='yes'" attribute),
the virtportprofile from that portgroup will be used by the
interface.
4) A network can have a virtportprofile defined at the top level,
which will be used by a guest interface when connecting in one of
the 'direct' modes if the guest interface XML itself hasn't
specified any virtportprofile, and if there are also no matching
portgroups on the network.
the domain XML <interface> element is updated in the following ways:
1) <virtualportprofile> can be specified when source type='network'
(previously it was only valid for source type='direct')
2) A new attribute "portgroup" has been added to the <source>
element. When source type='network' (the only time portgroup is
recognized), extra configuration information will be taken from the
<portgroup> element of the given name in the network definition.
3) Each virDomainNetDef now also potentially has a
virDomainActualNetDef which is a private object (never
exported/imported via the public API, and not defined in the RNG) that
is used to maintain information about the physical device that was
actually used for a NetDef of type VIR_DOMAIN_NET_TYPE_NETWORK.
The virDomainActualNetDef will only be parsed/formatted if the
parse/format function is called with the
VIR_DOMAIN_XML_INTERNAL_ACTUAL_NET flag set (which is only needed when
saving/loading a running domain's state info to the stateDir).
The virtPortProfile in the domain interface struct is now a separately
allocated object *pointed to by* (rather than contained in) the main
virDomainNetDef object. This is done to make it easier to figure out
when a virtualPortProfile has/hasn't been specified in a particular
config.
virtPortProfiles are currently only used in the domain XML, but will
soon also be used in the network XML. To prepare for that change, this
patch moves the structure definition into util/network.h and the parse
and format functions into util/network.c (I decided that this was a
better choice than macvtap.h/c for something that needed to always be
available on all platforms).
This introduces new API virDomainDestroyFlags to allow
domain destroying with flags, as the existing API virDomainDestroy
misses flags.
The set of flags is defined in virDomainDestroyFlagsValues enum,
which is currently commented, because it is empty.
Calling this API with no flags set (@flags == 0) is equivalent calling
virDomainDestroy.
In order to choose whether to use O_DIRECT when saving a domain image
to a file, we need a new flag. But virDomainSave was implemented
before our policy of all new APIs having a flag argument. Likewise
for virDomainRestore when restoring from a file.
The new flag name is chosen as CACHE_BYPASS so as not to preclude
a future solution that uses posix_fadvise once the Linux kernel has
a smarter implementation of that interface.
* include/libvirt/libvirt.h.in (virDomainCreateFlags)
(virDomainCoreDumpFlags): Add a flag.
(virDomainSaveFlags, virDomainRestoreFlags): New prototypes.
* src/libvirt.c (virDomainSaveFlags, virDomainRestoreFlags): New API.
* src/libvirt_public.syms: Export them.
* src/driver.h (virDrvDomainSaveFlags, virDrvDomainRestoreFlags):
New driver callbacks.
Otherwise, an ABI mismatch gives error messages attributing the target
xml string as current, and the current domain state as the new xml.
* src/qemu/qemu_migration.c (qemuMigrationBegin): Use correct
argument order.
Since libvirt is multi-threaded, we should use FD_CLOEXEC as much
as possible in the parent, and only relax fds to inherited after
forking, to avoid leaking an fd created in one thread to a fork
run in another thread. This gets us closer to that ideal, by
making virCommand automatically clear FD_CLOEXEC on fds intended
for the child, as well as avoiding a window of time with non-cloexec
pipes created for capturing output.
* src/util/command.c (virExecWithHook): Use CLOEXEC in parent. In
child, guarantee that all fds to pass to child are inheritable.
(getDevNull): Use CLOEXEC.
(prepareStdFd): New helper function.
(virCommandRun, virCommandRequireHandshake): Use pipe2.
* src/qemu/qemu_command.c (qemuBuildCommandLine): Simplify caller.
We already have a precedent of function documentation in C files,
where it is closer to the implementation (witness libvirt.h vs.
libvirt.c); maintaining docs in both files risks docs going stale.
While I was at it, I used consistent doxygen style on all comments.
* src/util/command.h: Remove duplicate docs, and move unique
documentation...
* src/util/command.c: ...here.
Suggested by Matthias Bolte.
The only 'void name(void)' style procedure in the protocol is 'close' that
is handled special, but also programming errors like a missing _args or
_ret suffix on the structs in the .x files can create such a situation by
accident. Making the generator aware of this avoids bogus errors from the
generator such as:
Use of uninitialized value in exists at ./rpc/gendispatch.pl line 967.
Also this allows to get rid of the -c option and the special case code for
the 'close' procedure, as the generator handles it now correctly.
Reported by Michal Privoznik
It is common to see the sequence:
virErrorPtr save_err = virSaveLastError();
// do cleanup
virSetError(save_err);
virFreeError(save_err);
on cleanup paths. But for functions where it is desirable to
return the errno that caused failure, this sequence can clobber
that errno. virFreeError was already safe; this makes the other
two functions in the sequence safe as well, assuming all goes
well (on OOM, errno will be clobbered, but then again, save_err
won't reflect the real error that happened, so you are no longer
preserving the real situation - that's life with OOM).
* src/util/virterror.c (virSaveLastError, virSetError): Preserve
errno.
Commit 8665f85523 changed generated.stamp to $(GENERATE).stamp,
but missed one instance in the CLEANFILES list. This can break the
build in case the generated code is deleted but the .stamp file stays
around and therefore the code isn't regenerated.
This patch implements cfs_period and cfs_quota's modification.
We can use the command 'virsh schedinfo' to query or modify cfs_period and
cfs_quota.
If you query period or quota from config file, the value 0 means it does not set
in the config file.
If you set period or quota to config file, the value 0 means that delete current
setting from config file.
If you modify period or quota while vm is running, the value 0 means that use
current value.
Add virtkey lib for usage-improvment and keycode translating.
Add 4 internal API for the aim
const char *virKeycodeSetTypeToString(int codeset);
int virKeycodeSetTypeFromString(const char *name);
int virKeycodeValueFromString(virKeycodeSet codeset, const char *keyname);
int virKeycodeValueTranslate(virKeycodeSet from_codeset,
virKeycodeSet to_offset,
int key_value);
* include/libvirt/libvirt.h.in: extend virKeycodeSet enum
* src/Makefile.am: add new virtkeycode module and rule to generate
virkeymaps.h
* src/util/virkeycode.c src/util/virkeycode.h: new module
* src/util/virkeycode-mapgen.py: python generator for virkeymaps.h
out of keymaps.csv
* src/libvirt_private.syms: extend private symbols for new module
* .gitignore: add generated virkeymaps.h
Should keep it as the same as:
http://git.gnome.org/browse/gtk-vnc/commit/src/keymaps.csv
All master keymaps are defined in a CSV file. THis covers
Linux keycodes, OSX keycodes, AT set1, 2 & 3, XT keycodes,
the XT encoding used by the Linux KBD driver, USB keycodes,
Win32 keycodes, the XT encoding used by Xorg on Cygwin,
the XT encoding used by Xorg on Linux with kbd driver.
* src/Makefile.am: added to EXTRA_DIST
* src/util/keymaps.csv: new file
Though we prefer users to have SSH keys setup, virt-manager users still
depend on remote SSH connections to launch a password dialog. This fixes
launch ssh-askpass
Fix suggested by danpb
DMI table is Intel & Intel-compatible specific. Therefore other
architectures miss dmidecode command. So we always fail in searching
for that command on non-Intel architectures.
If a key purpose or usage field is marked as non-critical in the
certificate, then a data mismatch is not (ordinarily) a cause for
rejecting the connection
* src/rpc/virnettlscontext.c: Honour key usage/purpose criticality
If key usage or purpose data is not present in the cert, the
RFC recommends that access be allowed. Also fix checking of
key usage to include requirements for client/server certs,
and fix key purpose checking to treat data as a list of bits
If the domain has managed save image, and --managed-save is
not specified, then it fails with an error telling the user
that a managed save image still exists.
If the domain has managed save image, and --managed-save is
specified, it invokes virDomainUndefineFlags. If
virDomainUndefineFlags fails, then it tries to remove the managed
save image using virDomainManagedSaveRemove first, with
invoking virDomainUndefine following. (For compatibility between
new virsh with this patch and older libvirt without this patch).
Similarly if the domain has no managed save image. See the codes for
detail.
NOTE: Have not removing the codes checking if the domain is running
in function "cmdUndefine", it will go along with qemu driver's fix
(allow to undefine a running domain).
* src/libxl/libxl_driver.c: New callback for libxl_driver,
new function libxlDomainUndefineFlags, and changes libxlDomainUndefine
as a wrapper of libxlDomainUndefineFlags.
This introduces a new API virDomainUndefineFlags to control the
domain undefine process, as the existing API virDomainUndefine
doesn't support flags.
Currently only flag VIR_DOMAIN_UNDEFINE_MANAGED_SAVE is supported.
If the domain has a managed save image, including
VIR_DOMAIN_UNDEFINE_MANAGED_SAVE in @flags will also remove that
file, and omitting the flag will cause undefine process to fail.
This patch also changes the behavior of virDomainUndefine, if the
domain has a managed save image, the undefine will be refused.
Gnutls requires that certificates have basic constraints present
to be used as a CA certificate. OpenSSL doesn't add this data
by default, so add a sanity check to catch this situation. Also
validate that the key usage and key purpose constraints contain
correct data
* src/rpc/virnettlscontext.c: Add sanity checking of certificate
constraints
If the libvirt daemon or libvirt client is configured with bogus
certificates, it is very unhelpful to only find out about this
when a TLS connection is actually attempted. Not least because
the error messages you get back for failures are incredibly
obscure.
This adds some basic sanity checking of certificates at the
time the virNetTLSContext object is created. This is at libvirt
startup, or when creating a virNetClient instance.
This checks that the certificate expiry/start dates are valid
and that the certificate is actually signed by the CA that is
loaded.
* src/rpc/virnettlscontext.c: Add certificate sanity checks
Starting/ending jobs when closing the connection may reset any
error which was reported earlier in p2p migration. We must
save the original error before doing so. This means we can also
just call virConnectClose as normal, instead of virUnrefConnect
* src/qemu/qemu_migration.c: Preserve errors in p2p migration
Since the I/O callback registered against virNetSocket will
hold a reference on the virNetClient, we can't rely on the
virNetClientFree to be able to close the network connection.
The last reference will only go away when the event callback
fires (likely due to EOF from the server).
This is sub-optimal and can potentially cause a leak of the
virNetClient object if the server were to not explicitly
close the socket itself
* src/remote/remote_driver.c: Explicitly close the client
object when disconnecting
* src/rpc/virnetclient.c, src/rpc/virnetclient.h: Add a
virNetClientClose method
When unregistering an I/O callback from a virNetSocket object,
there is still a chance that an event may come in on the callback.
In this case it is possible that the virNetSocket might have been
freed already. Make use of a virFreeCallback when registering
the I/O callbacks and hold a reference for the entire time the
callback is set.
* src/rpc/virnetsocket.c: Register a free function for the
file handle watch
* src/rpc/virnetsocket.h, src/rpc/virnetserverservice.c,
src/rpc/virnetserverclient.c, src/rpc/virnetclient.c: Add
a free function for the socket I/O watches
Remove the need for a virNetSocket object to be protected by
locks from the object using it, by introducing its own native
locking and reference counting
* src/rpc/virnetsocket.c: Add locking & reference counting
Commit 8665f85 introduced a slight regression in doc generation,
since make only quits a rule on the first failed command ending
with a newline rather than a semicolon.
* docs/Makefile.am (html/index.html): Don't use xmllint unless
xsltproc succeeded.
* .gitignore: Ignore recently updated stamp file name.
If we get an I/O error in the async event callback for an RPC
client, we might not have consumed all pending data off the
wire. This could result in the callback being immediately
invoked again. At which point the same I/O might occur. And
we're invoked again. And again...And again...
Unregistering the async event callback if an error occurs is
a good safety net. The real error will be seen when the next
RPC method is invoked
* src/rpc/virnetclient.c: Unregister event callback on error
The current API build scripts will continue and exit with a zero
status even if they find problems. This has been the cause of many
build problems, or hidden build errors, in the past. Change the
scripts so they always exit with a non-zero status for any problems
they do not understand. Also turn off all debug output by default
so they respect $(AM_V_GEN)
* docs/Makefile.am: Use $(AM_V_GEN) for API/HTML scripts
* docs/apibuild.py, python/generator.py: Exit with non-zero status
if problems are found. Also be silent, not outputting any debug
messages.
* src/Makefile.am: Use $(AM_V_GEN) for ESX generator
* python/Makefile.am: Tweak rule
* tools/virsh.c: new column "Managed save" for "cmdDominfo".
* tools/virsh.pod: Update document of "managedsave" to tell one can
use "dominfo" to query whether a domain has any managed save image.
We can make the virsh migrate UI friendlier by supplying the
missing bit automatically instead of erroring out when requesting
--tunnelled without --p2p.
* tools/virsh.c (doMigrate): Make --p2p optional when using
--tunnelled.
* tools/virsh.pod (migrate): Tweak wording accordingly.
There were two API in driver.c that were silently masking flags
bits prior to calling out to the drivers, and several others
that were explicitly masking flags bits. This is not
forward-compatible - if we ever have that many flags in the
future, then talking to an old server that masks out the
flags would be indistinguishable from talking to a new server
that can honor the flag. In general, libvirt.c should forward
_all_ flags on to drivers, and only the drivers should reject
unknown flags.
In the case of virDrvSecretGetValue, the solution is to separate
the internal driver callback function to have two parameters
instead of one, with only one parameter affected by the public
API. In the case of virDomainGetXMLDesc, it turns out that
no one was ever mixing VIR_DOMAIN_XML_INTERNAL_STATUS with
the dumpxml path in the first place; that internal flag was
only used in saving and restoring state files, which happened
to be in functions internal to a single file, so there is no
mixing of the internal flag with a public flags argument.
Additionally, virDomainMemoryStats passed a flags argument
over RPC, but not to the driver.
* src/driver.h (VIR_DOMAIN_XML_FLAGS_MASK)
(VIR_SECRET_GET_VALUE_FLAGS_MASK): Delete.
(virDrvSecretGetValue): Separate out internal flags.
(virDrvDomainMemoryStats): Provide missing flags argument.
* src/driver.c (verify): Drop unused check.
* src/conf/domain_conf.h (virDomainObjParseFile): Delete
declaration.
(virDomainXMLInternalFlags): Move...
* src/conf/domain_conf.c: ...here. Delete redundant include.
(virDomainObjParseFile): Make static.
* src/libvirt.c (virDomainGetXMLDesc, virSecretGetValue): Update
clients.
(virDomainMemoryPeek, virInterfaceGetXMLDesc)
(virDomainMemoryStats, virDomainBlockPeek, virNetworkGetXMLDesc)
(virStoragePoolGetXMLDesc, virStorageVolGetXMLDesc)
(virNodeNumOfDevices, virNodeListDevices, virNWFilterGetXMLDesc):
Don't mask unknown flags.
* src/interface/netcf_driver.c (interfaceGetXMLDesc): Reject
unknown flags.
* src/secret/secret_driver.c (secretGetValue): Update clients.
* src/remote/remote_driver.c (remoteSecretGetValue)
(remoteDomainMemoryStats): Likewise.
* src/qemu/qemu_process.c (qemuProcessGetVolumeQcowPassphrase):
Likewise.
* src/qemu/qemu_driver.c (qemudDomainMemoryStats): Likewise.
* daemon/remote.c (remoteDispatchDomainMemoryStats): Likewise.
* tools/virsh.c: avoid double free of domain, when weight value of blkiotune
less than 0, codes will free domain and jump to cleanup section, however,
cleanup will free domain again.
Detected in valgrind run:
==21297== ERROR SUMMARY: 20 errors from 20 contexts (suppressed: 69 from 8)
==21297==
==21297== 1 errors in context 1 of 20:
==21297== Invalid read of size 4
==21297== at 0x40E209B: virDomainFree (libvirt.c:2096)
==21297== by 0x8065274: cmdBlkiotune (virsh.c:3695)
==21297== by 0x8054CC1: vshCommandRun (virsh.c:13135)
==21297== by 0x806B967: main (virsh.c:14487)
==21297== Address 0x446ad48 is 0 bytes inside a block of size 36 free'd
==21297== at 0x4005B0A: free (vg_replace_malloc.c:325)
==21297== by 0x406814D: virFree (memory.c:310)
==21297== by 0x40D6635: virReleaseDomain (datatypes.c:243)
==21297== by 0x40D6C5E: virUnrefDomain (datatypes.c:280)
==21297== by 0x40E20B9: virDomainFree (libvirt.c:2101)
==21297== by 0x8065297: cmdBlkiotune (virsh.c:3613)
==21297== by 0x8054CC1: vshCommandRun (virsh.c:13135)
==21297== by 0x806B967: main (virsh.c:14487)
==21297==
==21297==
==21297== 1 errors in context 2 of 20:
==21297== Invalid read of size 4
==21297== at 0x40E1FE6: virDomainFree (libvirt.c:2092)
==21297== by 0x8065274: cmdBlkiotune (virsh.c:3695)
==21297== by 0x8054CC1: vshCommandRun (virsh.c:13135)
==21297== by 0x806B967: main (virsh.c:14487)
==21297== Address 0x446ad48 is 0 bytes inside a block of size 36 free'd
==21297== at 0x4005B0A: free (vg_replace_malloc.c:325)
==21297== by 0x406814D: virFree (memory.c:310)
==21297== by 0x40D6635: virReleaseDomain (datatypes.c:243)
==21297== by 0x40D6C5E: virUnrefDomain (datatypes.c:280)
==21297== by 0x40E20B9: virDomainFree (libvirt.c:2101)
==21297== by 0x8065297: cmdBlkiotune (virsh.c:3613)
==21297== by 0x8054CC1: vshCommandRun (virsh.c:13135)
==21297== by 0x806B967: main (virsh.c:14487)
* how to reproduce?
% valgrind -v --leak-check=full virsh blkiotune guestname --weight -1
"optional" is not a very good meta-syntactic construct in our man
page. I scrubbed this, and additionally improved some documentation
on mutually exclusive options. For example,
[[--live] [--config] | [--current]]
implies a set of optional flags, where within the set you can have
either --current or a choice of 0, 1, or both --live and --config.
* tools/virsh.pod: Use "[name]" rather than "optional name" for
optional arguments.
When libvirtd restarts it will attempt to reconnect to existing
LXC containers. If it loads a XML state file for the container
the container will appear running. If we fail to read the PID
file, or fail to connect to the LXC monitor, we should be killing
off the guest, but if the VMs cgroup does not exist any more,
cleanup will get skipped. Reading the PID file is also pointless
since the PID is in the XML statefile
In lxcReconnectVM we do not need to read the PID file. If part
of the reconnect process fails we need to run the VM terminate
code as a safety net.
In lxcVMTerminate, if we can't obtain the VM cgroup, we know
the process has died, but we must still run lxcVMCleanup to
clear out the virDomainObjPtr live state
* src/lxc/lxc_driver.c: Fix cleanup of dead VMs on restart
These typos are introduced by file renaming in commit b17b4afaf.
src/remote/qemu_protocol.x \
src/remote/remote_protocol.x \
src/rpc/gendispatch.pl:
s/remote_generator/gendispatch/
src/rpc/genprotocol.pl:
s/remote\/remote_protocol/remote_protocol/
The regression is introduced by Commit da1eba6b, the new
codes with this commit doesn't reset "ret" to "-1" when
it fails on parsing the device XML (live device attachment)
This patch changes the codes to reset the "ret" and "-1",
and also changes the codes so that it don't modify "ret"
for condition checking.
How to reproduce:
% cat test.xml
<disk type='oops' device='disk'>
<driver name='qemu' type='raw'/>
<source file='/var/lib/libvirt/images/test.img'/>
<target dev='vda' bus='virtio'/>
</disk>
% virsh attach-device $domain test.xml
Device attached successfully
The device attachment failed actually with error "unknown disk type 'oops'",
however, it reports success.
As long as we guarantee RPC struct layout stability, we might as
well also guarantee RPC enum value constancy.
* src/Makefile.am (r1, r2, PDWTAGS): Adjust rule to pick up named
and anonymous enums.
* src/remote_protocol-structs: Add enum values.
* src/qemu_protocol-structs: Likewise.
* src/virnetprotocol-structs: Likewise.
Enforce the recent flags cleanups - we want to use 'unsigned int flags'
in any of our APIs (except where backwards compatibility is important,
in the public migration APIs), and that all flags are checked for
validity (except when there are stub functions that completely
ignore the flags argument).
There are a few minor tweaks done here to avoid false positives:
signed arguments passed to open() are renamed oflags, and flags
arguments that are legitimately ignored are renamed flags_unused.
* cfg.mk (sc_flags_usage): New rule.
(exclude_file_name_regexp--sc_flags_usage): And a few exemptions.
(sc_flags_debug): Tweak wording.
* src/util/iohelper.c (runIO, main): Rename variable.
* src/util/util.c (virSetInherit): Likewise.
* src/fdstream.h (virFDStreamOpenFile, virFDStreamCreateFile):
Likewise.
* src/fdstream.c (virFDStreamOpenFileInternal)
(virFDStreamOpenFile, virFDStreamCreateFile): Likewise.
* src/util/command.c (virExecWithHook) [WIN32]: Likewise.
* src/util/util.c (virFileOpenAs, virDirCreate) [WIN32]: Likewise.
* src/locking/lock_manager.c (virLockManagerPluginNew)
[!HAVE_DLFCN_H]: Likewise.
* src/locking/lock_driver_nop.c (virLockManagerNopNew)
(virLockManagerNopAddResource, virLockManagerNopAcquire)
(virLockManagerNopRelease, virLockManagerNopInquire): Likewise.
Silently ignored flags get in the way of new features that
use those flags.
Regarding ESX migration flags - right now, ESX silently enforces
VIR_MIGRATE_PERSIST_DEST, VIR_MIGRATE_UNDEFINE_SOURCE, and
VIR_MIGRATE_LIVE, even if those flags were not supplied; it ignored
other flags. This patch does not change the implied bits (it permits
but does not require them), but enforces only the supported bits.
If further cleanup is needed to be more particular about migration
flags, that should be a separate patch.
* src/esx/esx_device_monitor.c (esxDeviceOpen): Reject unknown
flags.
* src/esx/esx_driver.c (esxOpen, esxDomainReboot)
(esxDomainXMLFromNative, esxDomainXMLToNative)
(esxDomainMigratePrepare, esxDomainMigratePerform)
(esxDomainMigrateFinish): Likewise.
* src/esx/esx_interface_driver.c (esxInterfaceOpen): Likewise.
* src/esx/esx_network_driver.c (esxNetworkOpen): Likewise.
* src/esx/esx_nwfilter_driver.c (esxNWFilterOpen): Likewise.
* src/esx/esx_secret_driver.c (esxSecretOpen): Likewise.
* src/esx/esx_storage_driver.c (esxStorageOpen): Likewise.
The documentation for vshCommandOptString claims that it returns
-1 on a missing required argument, but in reality, that error
message was unreachable (it was buried inside an if clause that
is true only if the argument was present). The code was so hairy
that I decided a rewrite would make it easier to understand,
and actually return the error values we want.
Meanwhile, our construction guarantees that all vshCmdOpt have
a non-null def member, so there are some redundant checks that
can be trimmed.
* tools/virsh.c (vshCommandOpt): Alter signature.
(vshCommandOptInt, vshCommandOptUInt, vshCommandOptUL)
(vshCommandOptString, vshCommandOptLongLong)
(vshCommandOptULongLong, vshCommandOptBool): Adjust all callers.
(vshCommandOptArgv): Remove dead condition.
Commit 461e0f1a broke migration, because there was a code path
that tried to enable an internal flag while still going through
the public function. Split the internal flag into a separate
callback, and validate that flags do not overlap.
* src/conf/domain_conf.c (virDomainDefFormat): Split...
(virDomainDefFormatInternal): ...to separate the flag check.
(virDomainObjFormat): Adjust caller.
The "libvirt supports:" section on the main page of libvirt.org
contains a list of hypervisors with links that point to the sites of
the underlying virt technologies. The entry for KVM points to
http://www.linux-kvm.org/, for example. People coming to libvirt.org
for the first time are likely to know about those sites, and they're
probably interested in how libvirt manages those technologies. This
patch points those links to the libvirt driver pages instead. It also
consolidates KVM and QEMU as there is only one libvirt driver page for
them. Finally, it adds a line about networking support.
v2: incorporate Eric's feedback adding project links to driver pages.
website: Add project links to KVM/QEMU driver page
website: Add project links to Xen driver page
website: Add project links to LXC driver page
website: Add project links to OpenVZ driver page
website: Add project links to UML driver page
website: Add project links to Virtualbox driver page
website: Add project links to ESX driver page
website: Add project links to VMware driver page
Commit f548480b broke migration v3 on qemu, because the driver
passed flags on through to qemu_migration even though
qemu_migration wasn't using those flags.
* src/qemu/qemu_migration.h (QEMU_MIGRATION_FLAGS): New define.
* src/qemu/qemu_driver.c: Simplify all migration callbacks.
* src/qemu/qemu_migration.c (qemuMigrationConfirm): Fix regression.
The previous patches only cleaned up ATTRIBUTE_UNUSED flags cases;
auditing the drivers found other places where flags was being used
but not validated. In particular, domainGetXMLDesc had issues with
clients accepting a different set of flags than the common
virDomainDefFormat helper function.
* src/conf/domain_conf.c (virDomainDefFormat): Add common flag check.
* src/uml/uml_driver.c (umlDomainAttachDeviceFlags)
(umlDomainDetachDeviceFlags): Reject unknown
flags.
* src/vbox/vbox_tmpl.c (vboxDomainGetXMLDesc)
(vboxDomainAttachDeviceFlags)
(vboxDomainDetachDeviceFlags): Likewise.
* src/qemu/qemu_driver.c (qemudDomainMemoryPeek): Likewise.
(qemuDomainGetXMLDesc): Document common flag handling.
* src/libxl/libxl_driver.c (libxlDomainGetXMLDesc): Likewise.
* src/lxc/lxc_driver.c (lxcDomainGetXMLDesc): Likewise.
* src/openvz/openvz_driver.c (openvzDomainGetXMLDesc): Likewise.
* src/phyp/phyp_driver.c (phypDomainGetXMLDesc): Likewise.
* src/test/test_driver.c (testDomainGetXMLDesc): Likewise.
* src/vmware/vmware_driver.c (vmwareDomainGetXMLDesc): Likewise.
* src/xenapi/xenapi_driver.c (xenapiDomainGetXMLDesc): Likewise.
This adds four options for virsh command attach-disk.
--cache option allows user to specify cache mode of disk device
from virsh command line when attaching a disk device.
--serial option allows user to specify serial string of disk device
from virsh command line when attaching a disk device.
--shareable option allows user to specify whether the disk device is
shareable between domains when attaching a disk device from virsh
command line.
--address option allows user to specify address of disk device when
attaching a disk device.
If the server succesfully validates the client cert, it will send
back a single byte, under TLS. If it fails, it will close the
connection. In this case, we were just reporting the standard
I/O error. The original RPC code had a special case hack for the
GNUTLS_E_UNEXPECTED_PACKET_LENGTH error code to make us report
a more useful error message
* src/rpc/virnetclient.c: Return ENOMSG if we get
GNUTLS_E_UNEXPECTED_PACKET_LENGTH
* src/rpc/virnettlscontext.c: Report cert failure if we
see ENOMSG
Many volume operations will fail if the volume in question is being
allocated. These operations were returning VIR_ERR_INTERNAL_ERROR
when they should be returning VIR_ERR_OPERATION_INVALID.
This patch adds the --current option to "virsh setvcpus"
command. Currently "virsh setvcpus" command supports
"--live" and "--config" , but "--current" option.
From view of consistency, it's reasonable to support
"--current" option too.
When --current is specified, it affects a "current"
domain.
Signed-off-by: Taku Izumi <izumi.taku@jp.fujitsu.com>
This patch extends qemudDomainSetVcpusFlags() function to support
VIR_DOMAIN_AFFECT_CURRENT flag.
Signed-off-by: Taku Izumi <izumi.taku@jp.fujitsu.com>
This patch extends virDomainSetVcpusFlags API to support
VIR_DOMAIN_AFFECT_CURRENT flag.
Now because most APIs accept VIR_DOMAIN_AFFECT_CURRENT flags,
virDomainSetVcpusFlags API should also do.
Signed-off-by: Taku Izumi <izumi.taku@jp.fujitsu.com>
Rather than trying to clean up the ssh child ourselves, and risk
subtle differences from the socket creation error path, we can
just use the new APIs.
* src/rpc/virnetsocket.c (virNetSocketFree): Use new function.
By requesting the pid in virCommandRunAsync, fdstream was claiming
that it would manually wait for the process. But on the failure
path, the child process was being leaked.
* src/fdstream.c (virFDStreamOpenFileInternal): Auto-reap child.
When using virCommandRunAsync and saving the pid for later, it
is useful to be able to reap that pid in the same way that it
would have been auto-reaped by virCommand if we had passed
NULL for the pid argument in the first place.
* src/util/command.c (virPidWait, virPidAbort): New functions,
created from...
(virCommandWait, virCommandAbort): ...bodies of these.
(includes): Drop duplicate <stdlib.h>. Ensure that our pid_t
assumptions hold.
(virCommandRunAsync): Improve documentation.
* src/util/command.h (virPidWait, virPidAbort): New prototypes.
* src/libvirt_private.syms: Export them.
* docs/internals/command.html.in: Document them.
In the Ubuntu development release we recently got a new udev that
moves /var/run to /run, /var/lock to /run/lock and /dev/shm to /run/shm.
This change in udev requires updating the apparmor security driver in
libvirt[1].
Attached is a patch that:
* adjusts src/security/virt-aa-helper.c to allow both
LOCALSTATEDIR/run/libvirt/**/%s.pid and /run/libvirt/**/%s.pid. While
the profile is not as precise, LOCALSTATEDIR/run/ is typically a symlink
to /run/ anyway, so there is no additional access (remember that
apparmor resolves symlinks, which is why this is still required even
if /var/run points to /run).
* adjusts example/apparmor/libvirt-qemu paths for /dev/shm
[1]https://launchpad.net/bugs/810270
--
Jamie Strandboge | http://www.canonical.com
Without this patch, the make rule in a VPATH build was trying to
invoke ../../docs/../../docs/todo.pl, which didn't exist.
* docs/Makefile.am (todo.html.in): Using $< already implies
$(srcdir) in GNU make VPATH situations.
Similar to the recent qemu_protocol-structs addition.
* src/virnetprotocol-structs: New file.
* src/Makefile.am (%_protocol-structs): Factor body...
(PDWTAGS): ...into new helper macro.
(virnetprotocol-structs): New rule.
(PROTOCOL_STRUCTS): Add virnetprotocol-structs.
We disable some drivers when building without libvirtd in configure,
but we do not do the same thing in libvirt.spec. It may break rpm
building without libvirtd.
Getting metadata on storage allocates a memory (path) which need to
be freed after use otherwise it gets leaked. This means after use of
virStorageFileGetMetadataFromFD or virStorageFileGetMetadata one
must call virStorageFileFreeMetadata to free it. This function frees
structure internals and structure itself.
When qemuMonitorCloseFileHandle is called in error path, we need to
preserve the original error since a possible further error when running
closefd monitor command is not very useful to users.
When creating new qemu process we saved domain status XML only after the
process was fully setup and running. In case libvirtd was killed before
the whole process finished, once libvirtd started again it didn't know
anything about the new process and we end up with an orphaned qemu
process. Let's save the domain status XML as soon as we know the PID so
that libvirtd can kill the process on restart.
The compiler might optimize based on our declaration that something
is unused. Putting that declaration in the header risks getting
out of sync with the actual implementation, so it belongs better
only in the .c files. We were mostly compliant, and a new syntax
check will help us in the future.
* cfg.mk (sc_avoid_attribute_unused_in_header): New syntax check.
* src/nodeinfo.h (nodeGetCPUStats, nodeGetMemoryStats): Delete
attribute already present in .c file.
* src/qemu/qemu_domain.h (qemuDomainEventFlush): Likewise.
* src/util/virterror_internal.h (virReportErrorHelper): Parameters
are actually used by .c file.
* src/xenxs/xen_sxpr.h (xenFormatSxprDisk): Adjust prototype.
* src/xenxs/xen_sxpr.c (xenFormatSxprDisk): Delete unused argument.
(xenFormatSxpr): Adjust caller.
* src/xen/xend_internal.c (xenDaemonAttachDeviceFlags)
(xenDaemonUpdateDeviceFlags): Likewise.
Suggested by Daniel Veillard.
For static functions not used as callbacks, there's no need to
keep an unused parameter.
* src/conf/domain_conf.c (virDomainChrDefParseTargetXML)
(virDomainTimerDefParseXML, virDomainHostdevSubsysUsbDefParseXML)
(virDomainVcpuPinDefParseXML): Drop unused parameter.
(virDomainChrDefParseXML, virDomainDefParseXML)
(virDomainHostdevDefParseXML): Update callers.
(virDomainNetDefParseXML): Mark flags used.
Valid loglevel range for virsh is 0-4. Update virsh man page
accordingly. Also explain virsh ENV variables and values.
Signed-off-by: Supriya Kannery <supriyak@in.ibm.com>
The last patch breaks make check for two reasons. First, it reverses the
condition but leaves default level unchanged, so instead of not printing
anything but errors before the patch it now prints all debug messages by
default. Second, you forgot to change -d5 option passed to virsh in
tests/virsh-optparse to -d0; the script wants to see all debug messages.
Aligning loglevel values of virsh to that of libvirt.
"DEBUG"=0 loglevel, when specified through commandline or
env variable, should log all the messages. "ERROR=4"
should log only error messages.
Signed-off-by: Supriya Kannery <supriyak@in.ibm.com>
In 2f4d2496a8 I didn't notice that one
part of virFileOpenAs doesn't actually call to virFileOpenAsNoFork but
rather includes a copy of the code from there.
No need to repeat common code.
* bootstrap.conf (gnulib_modules): Import calloc-posix.
* src/util/bridge.c (brInit): Use virSetCloseExec.
(brSetInterfaceUp): Adjust flags name.
* src/uml/uml_driver.c (umlSetCloseExec): Delete.
(umlStartVMDaemon): Use util version instead.
'unsigned a' and 'unsigned int a' are synonyms, but we generally
always spell out the 'int' in that case. Fixing this will avoid
a false positive in the next syntax-check commit.
* src/conf/node_device_conf.h (pci_config_address)
(_virNodeDevCapsDef): Prefer 'unsigned int' over 'unsigned'.
* src/xenapi/xenapi_driver.c (xenapiOpen, xenapiDomainReboot):
Reject unknown flags.
(xenapiDomainGetXMLDesc): Likewise, and pass known flags through
to XML generation.
* src/lxc/lxc_driver.c (lxcOpen, lxcDomainSetMemoryParameters)
(lxcDomainGetMemoryParameters): Reject unknown flags.
* src/lxc/lxc_container.c (lxcContainerStart): Rename flags to
cflags to reflect that it is not tied to libvirt.
Like commit 1740c381, but for libvirt-qemu.
* src/remote/qemu_protocol.x (qemu_monitor_command_args): Adjust
type to match API.
* src/qemu_protocol-structs: Update accordingly.
Continuation of commit 313ac7fd, and enforce things with a syntax
check.
Technically, virNetServerClientCalculateHandleMode is not printing
a mode_t, but rather a collection of VIR_EVENT_HANDLE_* bits;
however, these bits are < 8, so there is no different in the
output, and that was the easiest way to silence the new syntax check.
* cfg.mk (sc_flags_debug): New syntax check.
(exclude_file_name_regexp--sc_flags_debug): Add exemptions.
* src/fdstream.c (virFDStreamOpenFileInternal): Print flags in
hex, mode_t in octal.
* src/libvirt-qemu.c (virDomainQemuMonitorCommand)
(virDomainQemuAttach): Likewise.
* src/locking/lock_driver_nop.c (virLockManagerNopInit): Likewise.
* src/locking/lock_driver_sanlock.c (virLockManagerSanlockInit):
Likewise.
* src/locking/lock_manager.c: Likewise.
* src/qemu/qemu_migration.c: Likewise.
* src/qemu/qemu_monitor.c: Likewise.
* src/rpc/virnetserverclient.c
(virNetServerClientCalculateHandleMode): Print mode with %o.
I got bit in a debugging session on an uninstalled libvirtd; the
code tried to call out to the installed $LIBEXECDIR/libvirt_iohelper
instead of my just-built version. So I set a breakpoint and altered
the binary name to be "./src/libvirt_iohelper", and it still failed
because I don't have "." on my PATH.
According to POSIX, execvp only searches PATH if the name does
not contain a slash. Since we are trying to mimic that behavior,
an anchored name should be relative to the current working dir.
This tightens existing behavior, but most callers already pass
an absolute name or a name with no slashes, so it probably won't
be noticeable.
* src/util/util.c (virFindFileInPath): Anchored relative names do
not invoke a PATH search.
When replacing the default SEGV/ABORT/BUS signal handlers you
can't rely on the process being terminated after your custom
handler runs. It is neccessary to manually restore the default
handler and then re-raise the signal
* src/rpc/virnetserver.c: Restore default handler and raise
signal
When monitor is entered with qemuDomainObjEnterMonitorWithDriver, the
correct method for leaving and unlocking the monitor is
qemuDomainObjExitMonitorWithDriver.
Most of the code in these two functions is supposed to be identical but
currently it isn't (which is natural since the code is duplicated).
Let's move common parts of these functions into qemuMigrationPrepareAny.
This also fixes qemuMigrationPrepareTunnel which didn't store received
lockState in the domain object.
Asynchronous jobs may take long time to finish and may consist of
several phases which we need to now about to help with recovery/rollback
after libvirtd restarts.
Query commands are safe to be called during long running jobs (such as
migration). This patch makes them all work without the need to
special-case every single one of them.
The patch introduces new job.asyncCond condition and associated
job.asyncJob which are dedicated to asynchronous (from qemu monitor
point of view) jobs that can take arbitrarily long time to finish while
qemu monitor is still usable for other commands.
The existing job.active (and job.cond condition) is used all other
synchronous jobs (including the commands run during async job).
Locking schema is changed to use these two conditions. While asyncJob is
active, only allowed set of synchronous jobs is allowed (the set can be
different according to a particular asyncJob) so any method that
communicates to qemu monitor needs to check if it is allowed to be
executed during current asyncJob (if any). Once the check passes, the
method needs to normally acquire job.cond to ensure no other command is
running. Since domain object lock is released during that time, asyncJob
could have been started in the meantime so the method needs to recheck
the first condition. Then, normal jobs set job.active and asynchronous
jobs set job.asyncJob and optionally change the list of allowed job
groups.
Since asynchronous jobs only set job.asyncJob, other allowed commands
can still be run when domain object is unlocked (when communicating to
remote libvirtd or sleeping). To protect its own internal synchronous
commands, the asynchronous job needs to start a special nested job
before entering qemu monitor. The nested job doesn't check asyncJob, it
only acquires job.cond and sets job.active to block other jobs.
EnterMonitor and ExitMonitor methods are very similar to their
*WithDriver variants; consolidate them into EnterMonitorInternal and
ExitMonitorInternal to avoid (mainly future) code duplication.
Incrementally running 'make syntax-check' on a tree previously
built after commit 62dee6f but before 44036460 fails sc_po_check
(because the generated qemu_dispatch.h gained translatable strings).
This is a followup to commit addaa537 for that scenario.
* cfg.mk (sc_po_check): Add another prereq.
($(srcdir)/daemon/qemu_dispatch.h): Add rule.
The UML inotify handler would kill off guests when certain
conditions arise, but it forgot to remove transient guests
from the list of domains
* src/uml/uml_driver.c: Cleanup transient guests
Since a host can run several different virtualization types at
the same time, audit messages should allow domains to be identified.
Add a 'virt={qemu,kvm,uml,lxc,...}' key to domain audit messages
* src/conf/domain_audit.c: Identify virt type of guest
When passing through filesystems from the host to a guest, the
host filesystem passed must be audited
* src/conf/domain_audit.{c,h}: Add virDomainAuditFS
The LXC and UML drivers can both make use of auditing. Move
the qemu_audit.{c,h} files to src/conf/domain_audit.{c,h}
* src/conf/domain_audit.c: Rename from src/qemu/qemu_audit.c
* src/conf/domain_audit.h: Rename from src/qemu/qemu_audit.h
* src/Makefile.am: Remove qemu_audit.{c,h}, add domain_audit.{c,h}
* src/qemu/qemu_audit.h, src/qemu/qemu_cgroup.c,
src/qemu/qemu_command.c, src/qemu/qemu_driver.c,
src/qemu/qemu_hotplug.c, src/qemu/qemu_migration.c,
src/qemu/qemu_process.c: Update for changed audit API names
Given a PID, the QEMU driver reads /proc/$PID/cmdline and
/proc/$PID/environ to get the configuration. This is fed
into the ARGV->XML convertor to build an XML configuration
for the process.
/proc/$PID/exe is resolved to identify the full command
binary path
After checking for name/uuid uniqueness, an attempt is
made to connect to the monitor socket. If successful
then 'info status' and 'info kvm' are issued to determine
whether the CPUs are running and if KVM is enabled.
* src/qemu/qemu_driver.c: Implement virDomainQemuAttach
* src/qemu/qemu_process.h, src/qemu/qemu_process.c: Add
qemuProcessAttach to connect to the monitor of an
existing QEMU process
When attaching to an external QEMU process, it is neccessary
to check if the process is using KVM or not. This can be done
using a monitor command
* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_json.h,
src/qemu/qemu_monitor_text.c, src/qemu/qemu_monitor_text.h: Add
API for checking if KVM is enabled
To enable attaching to externally launched QEMU, we need
to be able to reverse engineer a guest XML config based
on the argv for a PID in /proc
* src/qemu/qemu_command.c, src/qemu/qemu_command.h: Add
qemuParseCommandLinePid which extracts QEMU config from
argv in /proc, given a PID number
When converting QEMU argv into a virDomainDefPtr, also extract
the pidfile, monitor character device config and the monitor
mode.
* src/qemu/qemu_command.c, src/qemu/qemu_command.h: Extract
pidfile & monitor config from QEMU argv
* src/qemu/qemu_driver.c, tests/qemuargv2xmltest.c: Add extra
params when calling qemuParseCommandLineString
Avoid re-formatting the pidfile path everytime we need it. Create
it once when starting the guest, and preserve it until the guest
is shutdown.
* src/libvirt_private.syms, src/util/util.c,
src/util/util.h: Add virFileReadPidPath
* src/qemu/qemu_domain.h: Add pidfile field
* src/qemu/qemu_process.c: Store pidfile path in qemuDomainObjPrivate
This tweaks the RPC generator to cope with some naming
conventions used for the QEMU specific APIs
* daemon/remote.c: Server side dispatcher
* src/remote/remote_driver.c: Client side dispatcher
* src/remote/qemu_protocol.x: Wire protocol definition
* src/rpc/gendispatch.pl: Use '$structprefix' in method
names, fix QEMU flags and fix dispatcher method names
Introduce a new API in libvirt-qemu.so
virDomainPtr virDomainQemuAttach(virConnectPtr domain,
unsigned long long pid,
unsigned int flags);
This allows libvirtd to attach to an existing, externally
launched QEMU process. This is useful for QEMU developers who
prefer to launch QEMU themselves for debugging/devel reasons,
but still want the benefit of libvirt based tools like
virt-top, virt-viewer, etc
* include/libvirt/libvirt-qemu.h: Define virDomainQemuAttach
* src/driver.h, src/libvirt-qemu.c, src/libvirt_qemu.syms:
Driver glue for virDomainQemuAttach
Set StrictHostKeyChecking=no to auto-accept new ssh host keys if the
no_verify extra parameter was specified. This won't disable host key
checking for already known hosts. Includes a test and documentation.
Since we are going to add some libvirt-qemu.so entry points in
0.9.4, we might as well start checking for RPC stability, just
as for libvirt.so.
* src/Makefile.am (PROTOCOL_STRUCTS): New variable.
(remote_protocol-structs): Rename...
(%_protocol-structs): ...and make more generic.
* src/qemu_protocol-structs: New file.
log2() is heavy when ffs() can do the same thing. But ffs()
requires gnulib support for mingw.
This patch solves this linker error on Fedora 14.
/usr/bin/ld: libvirt_lxc-domain_conf.o: undefined reference to symbol 'log2@@GLIBC_2.2.5'
/usr/bin/ld: note: 'log2@@GLIBC_2.2.5' is defined in DSO /lib64/libm.so.6 so try adding it to the linker command line
/lib64/libm.so.6: could not read symbols: Invalid operation
collect2: ld returned 1 exit status
* .gnulib: Update to latest, for ffs.
* bootstrap.conf (gnulib_modules): Import ffs.
* src/conf/domain_conf.c (virDomainDefParseXML): Use ffs instead
of log2.
Reported by Dave Allan.
The drivers were accepting domain configs without checking if those
were actually meant for them. For example the LXC driver happily
accepts configs with type QEMU.
Add a check for the expected domain types to the virDomainDefParse*
functions.
Detected in valgrind run:
==9184== 1 bytes in 1 blocks are definitely lost in loss record 1 of 19
==9184== at 0x4A04A28: calloc (vg_replace_malloc.c:467)
==9184== by 0x3073715F78: xdr_array (xdr_array.c:97)
==9184== by 0x4CF97C9: xdr_remote_domain_get_security_label_ret (remote_protocol.c:1696)
==9184== by 0x4D08741: virNetMessageDecodePayload (virnetmessage.c:286)
==9184== by 0x4D00F78: virNetClientProgramCall (virnetclientprogram.c:318)
==9184== by 0x4CE3887: call (remote_driver.c:3933)
==9184== by 0x4CF71C6: remoteDomainGetSecurityLabel (remote_driver.c:1580)
==9184== by 0x4CCA480: virDomainGetSecurityLabel (libvirt.c:7340)
==9184== by 0x41993A: cmdDominfo (virsh.c:2414)
==9184== by 0x411E92: vshCommandRun (virsh.c:12730)
==9184== by 0x4211ED: main (virsh.c:14076)
==9184==
==9184== 2 bytes in 1 blocks are definitely lost in loss record 2 of 19
==9184== at 0x4A04A28: calloc (vg_replace_malloc.c:467)
==9184== by 0x3073715F78: xdr_array (xdr_array.c:97)
==9184== by 0x4CF974F: xdr_remote_node_get_security_model_ret (remote_protocol.c:1713)
==9184== by 0x4D08741: virNetMessageDecodePayload (virnetmessage.c:286)
==9184== by 0x4D00F78: virNetClientProgramCall (virnetclientprogram.c:318)
==9184== by 0x4CE3887: call (remote_driver.c:3933)
==9184== by 0x4CF6F96: remoteNodeGetSecurityModel (remote_driver.c:1648)
==9184== by 0x4CBF799: virNodeGetSecurityModel (libvirt.c:7382)
==9184== by 0x4197D7: cmdDominfo (virsh.c:2394)
==9184== by 0x411E92: vshCommandRun (virsh.c:12730)
==9184== by 0x4211ED: main (virsh.c:14076)
==9184==
==9184== 8 bytes in 1 blocks are definitely lost in loss record 3 of 19
==9184== at 0x4A04A28: calloc (vg_replace_malloc.c:467)
==9184== by 0x3073715F78: xdr_array (xdr_array.c:97)
==9184== by 0x4CF9729: xdr_remote_node_get_security_model_ret (remote_protocol.c:1710)
==9184== by 0x4D08741: virNetMessageDecodePayload (virnetmessage.c:286)
==9184== by 0x4D00F78: virNetClientProgramCall (virnetclientprogram.c:318)
==9184== by 0x4CE3887: call (remote_driver.c:3933)
==9184== by 0x4CF6F96: remoteNodeGetSecurityModel (remote_driver.c:1648)
==9184== by 0x4CBF799: virNodeGetSecurityModel (libvirt.c:7382)
==9184== by 0x4197D7: cmdDominfo (virsh.c:2394)
==9184== by 0x411E92: vshCommandRun (virsh.c:12730)
==9184== by 0x4211ED: main (virsh.c:14076)
==9184==
==9184== LEAK SUMMARY:
==9184== definitely lost: 11 bytes in 3 blocks
* src/remote/remote_driver.c: Avoid leak on remoteDomainGetSecurityLabel
and remoteNodeGetSecurityModel.
The shell version would output 40 extra spaces for a test with
a multiple of 40 sub-tests, and the C version can use the same
printf optimization for avoiding a loop over single space output
as the shell version.
* tests/testutils.c (virtTestMain): Avoid loop for alignment.
* tests/test-lib.sh: Fix formatting when counter is multiple of 40.
Kernel cmdline args can be passed to xen pv domains even when a
bootloader is specified. The current config-to-sxpr mapping
ignores cmdline when bootloader is present.
Since the xend sub-driver is used with many xen toolstack versions,
this patch takes conservative approach of adding an else block to
existing !def->os.bootloader, and only appends sxpr if def->os.cmdline
is non-NULL.
V2: Fix existing testcase broken by this patch and add new testcases
If virDomainSaveConfig() failed, we will return NULL to source,
and the vm is still available to restart during confirm() step in
v3 protocol. So we should kill it off in qemuMigrationFinish().
In v2 protocol, we should not set vm to NULL, because we hold
a reference of vm and should unrefernce it.
This patch creates new <bios> element which, at this time has only the
attribute useserial='yes|no'. This attribute allow users to use
Serial Graphics Adapter and see BIOS messages from the very first moment
domain boots up. Therefore, users can choose boot medium, set PXE, etc.
Don't print OK/FAIL for tests that decide to be skipped after
calling virtTestMain. Delay printing of the indentation before
the first test until we know that the test didn't decide to be
skipped.
Also make the reconnect test use VIRT_TEST_MAIN.
The current logic tries to count from 1 to 40 and ignores paddings
of 0 and 1 to 40. This doesn't work for counter + 1 mod 40 == 0
like here for counter value 159
TEST: virsh-all
........................................ 40
........................................ 80
........................................ 120
....................................... 159 OK
PASS: virsh-all
Also seq isn't portable. Therefore, calculate the correct padding
length directly and use printf to output it at once.
It is common for the $HOME/.libvirt/libvirtd.conf file to not
exist. Treat this situation as non-fatal since we can carry
on with our default settings just fine.
* daemon/libvirtd.c: Treat ENOENT as non-fatal when loading
config
The dispatch for the CLOSE RPC call was invoking the method
virNetServerClientClose(). This caused the client connection
to be immediately terminated. This meant the reply to the
final RPC message was never sent. Prior to the RPC rewrite
we merely flagged the connection for closing, and actually
closed it when the next RPC call dispatch had completed.
* daemon/remote.c: Flag connection for a delayed close
* daemon/stream.c: Update to use new API for closing
failed connection
* src/rpc/virnetserverclient.c, src/rpc/virnetserverclient.h:
Add support for a delayed connection close. Rename the
virNetServerClientMarkClose method to virNetServerClientImmediateClose
to clarify its semantics
When closing a remote connection we issue a (fairly pointless)
'CLOSE' RPC call to the daemon. If this fails we skip all the
cleanup of private data, but the virConnectPtr object still
gets released as normal. This causes a memory leak. Since the
CLOSE RPC call is pretty pointless, just carry on freeing the
remote driver if it fails.
* src/remote/remote_driver.c: Ignore failure to issue CLOSE
RPC call
When sending back the final OK or ERROR message on completion
of a stream, we were not decrementing the 'nrequests' tracker
on the client. With the default requests limit of '5', this
meant once a client had created 5 streams, they are unable to
process any further RPC calls. There was also a bug when
handling an error from decoding a message length header, which
meant a client connection would not immediately be closed.
* src/rpc/virnetserverclient.c: Fix release of request after
stream completion & mark client for close on error
In one exit path we forgot to free the virNetMessage object causing
a large memory leak for streams which send a lot of data. Some other
paths were calling VIR_FREE directly instead of virNetMessageFree
although this was (currently) harmless.
* src/rpc/virnetclientstream.c: Fix leak of msg object
* src/rpc/virnetclientprogram.c: Call virNetMessageFree instead
of VIR_FREE
If a client disconnects while it has a stream active, there is
a race condition which could see libvirtd crash. This is because
the client struct may be freed before the last stream event has
triggered. This is trivially solved by holding an extra reference
on the client for the stream callbak
* daemon/stream.c: Acquire reference on client when adding the
stream callback
The virNetTLSContextNew was being passed key/cert parameters in
the wrong order. This wasn't immediately visible because if
virNetTLSContextNewPath was used, a second bug reversed the order
of those parameters again.
Only if the paths were manually specified in /etc/libvirt/libvirtd.conf
did the bug appear
* src/rpc/virnettlscontext.c: Fix order of params passed to
virNetTLSContextNew
This option accepts 3 values:
-keep, to keep current client connected (Spice+VNC)
-disconnect, to disconnect client (Spice)
-fail, to fail setting password if there is a client connected (Spice)
When virFileOpenAs is called with VIR_FILE_OPEN_AS_UID flag and uid/gid
different from root/root while libvirtd is running as root, we fork a
new child, change its effective UID/GID to uid/gid and run
virFileOpenAsNoFork. It doesn't make any sense to fchown() the opened
file in this case since we already know that uid/gid can access the file
when open succeeds and one of the following situations may happen:
- the file is already owned by uid/gid and we skip fchown even before
this patch
- the file is owned by uid but not gid because it was created in a
directory with SETGID set, in which case it is desirable not to change
the group
- the file may be owned by a completely different user and/or group
because it was created on a root-squashed or even all-squashed NFS
filesystem, in which case fchown would most likely fail anyway
Add libvirt support for MicroBlaze architecture as a QEMU target. Based on mips/mipsel pattern.
Signed-off-by: John Williams <john.williams@petalogix.com>
Currently, the xen statstest and reconnect tests are only compiled
if xend is running. Compile them unconditionally if xen headers
are present, but skip the tests at runtime if xend is not running.
This is in response to Eric's suggestion here
https://www.redhat.com/archives/libvir-list/2011-July/msg00367.html
No caller was using the flags argument, and this function is internal
only, so we might as well skip it.
* src/util/util.h (safezero): Update signature.
* src/util/util.c (safezero): Update function.
* src/locking/lock_driver_sanlock.c
(virLockManagerSanlockSetupLockspace)
(virLockManagerSanlockCreateLease): Update all callers.
* src/storage/storage_backend.c (createRawFile): Likewise.
Most APIs use 'unsigned int flags'; but a few stragglers were using
a signed value. In particular, the vir*GetXMLDesc APIs were
split-brain, with inconsistent choice of types. Although it is
an API break to use 'int' instead of 'unsigned int', it is ABI
compatible (pre-compiled apps will have no difference in behavior),
and generally apps can be recompiled without any issue (only rare
apps that compiled with extremely high warning levels, or which
pass libvirt API around as typed function pointers, would have to
make any code changes to deal with the change).
The migrate APIs use 'unsigned long flags', which can't be changed,
due to ABI constraints.
This patch intentionally touches only the public API, to prove the
claim that most existing code (including driver callbacks and virsh)
still compiles just fine in spite of the type change.
* include/libvirt/libvirt.h.in (virConnectOpenAuth)
(virDomainCoreDump, virDomainGetXMLDesc, virNetworkGetXMLDesc)
(virNWFilterGetXMLDesc): Use unsigned int for flags.
(virDomainHasCurrentSnapshot): Use consistent spelling.
* src/libvirt.c (virConnectOpenAuth, virDomainCoreDump)
(virDomainGetXMLDesc, virNetworkGetXMLDesc)
(virNWFilterGetXMLDesc, do_open): Update accordingly.
Destroy has a rather negative English connotation. Try to reduce
the impact, so newbies aren't as scared to use it.
* tools/virsh.c: Tweak all destroy documentation.
* tools/virsh.pod: Likewise.
Gnulib documents that mingw vsnprintf is broken (it returns -1
on out-of-space, instead of the count of what would have been
printed); but while we were using the snprintf wrapper, we had
not yet been using the vsnprintf wrapper.
Meanwhile, mingw (but not mingw64) has a replacement snprintf
that fixes return values, but still lacks %1$s support; so in
that case, gnulib didn't replace snprintf, but libintl then
went ahead and installed a version that supported %1$s but not
return values. Gnulib has since been fixed to guarantee that
the snprintf module will always guarantee the constraints needed
by libintl.
Also, we want to guarantee that strdup sets errno on failure.
* .gnulib: Update to latest, for vsnprintf fix.
* bootstrap.conf (gnulib_modules): Add vsnprintf, strdup-posix.
Reported by Matthias Bolte.
The next patch wants to adjust an end pointer to trim trailing
spaces but without modifying the underlying string, but a more
generally useful ability to trim trailing spaces in place is
also worth providing.
* src/util/util.h (virTrimSpaces, virSkipSpacesBackwards): New
prototypes.
* src/util/util.c (virTrimSpaces, virSkipSpacesBackwards): New
functions.
* src/libvirt_private.syms (util.h): Export new functions.
Inspired by a patch by Minoru Usui.
Most clients of virSkipSpaces don't want to omit backslashes.
Also, open-coding the list of spaces is not as nice as using
c_isspace.
* src/util/util.c (virSkipSpaces): Use c_isspace.
(virSkipSpacesAndBackslash): New function.
* src/util/util.h (virSkipSpacesAndBackslash): New prototype.
* src/xen/xend_internal.c (sexpr_to_xend_topology): Update caller.
* src/libvirt_private.syms (util.h): Export new function.
No change in wording. One spacing change in a <pre>, noticed because
of odd XML formatting online; the rest is in free-flowing text to
make it easier to see nesting levels in the document.
* docs/formatdomain.html.in: Adjust spacing. Break long lines.
Move stat and mkdir to virFileMakePathHelper.
Also use the stat result to detect whether the existing path
is a directory and set errno accordingly if it's not.
When no <seclabel> is present in the XML, the virDomainSeclabelDef
struct is left as all zeros. Unfortunately, this means it gets setup
as type=dynamic, with relabel=no, which is an illegal combination.
Change the 'bool relabel' attribute in virDomainSeclabelDef to
the inverse 'bool norelabel' so that the default initialization
is sensible
* src/conf/domain_conf.c, src/conf/domain_conf.h,
src/security/security_apparmor.c, src/security/security_selinux.c:
Replace 'relabel' with 'norelabel'
Some callers expected virFileMakePath to set errno, some expected
it to return an errno value. Unify this to return 0 on success and
-1 on error. Set errno to report detailed error information.
Also optimize virFileMakePath if stat fails with an errno different
from ENOENT.
add a new API pciDeviceReAttachInit() in pci.c to initialize state values for nodedev reattach
Initialize three state value of device driver to 1. This is just for a new call to
qemudNodeDeviceReAttach()
domain.rng, network.rng, and interface.rng already use a few of the
same types (or in some cases *should* but don't), and an upcoming code
change will have them sharing even more. To prepare for that, this
patch takes those common data type definitions and moves them into
basictypes.rng.
This may break some rule about the need to RNG files to be autonomous
or something, but I saw that storageencryption.rng is used in this
way, so I figured it must not be completely against the law...
Although most functions with flags check to verify no application is
passing in flag bits that are currently undefined, for some reason
this function wasn't.
* Change all flags args from int to unsigned int
* Allow passing flags in virDomainObjParseFile (and propogate those
flags all the way down the call chain). Previously the flags were
hardcoded (to VIR_DOMAIN_XML_INTERNAL_STATUS) several layers down
the chain. Pass that value in at the one place that is currently
calling virDomainObjParseFile.
virFileMakePath returns an errno value on error, that will never
be negative. An virFileMakePath error would have been ignored here,
instead of being reported correctly.
The struct A {} A; construct triggers a linker error on OSX about
duplicate symbols. This also differs from the common struct style.
Switch to common style to fix this.
Reported by Justin Clift.
Add a new attribute to the <seclabel> XML to allow resource
relabelling to be enabled with static label usage.
<seclabel model='selinux' type='static' relabel='yes'>
<label>system_u:system_r:svirt_t:s0:c392,c662</label>
</seclabel>
* docs/schemas/domain.rng: Add relabel attribute
* src/conf/domain_conf.c, src/conf/domain_conf.h: Parse
the 'relabel' attribute
* src/qemu/qemu_process.c: Unconditionally clear out the
'imagelabel' attribute
* src/security/security_apparmor.c: Skip based on 'relabel'
attribute instead of label type
* src/security/security_selinux.c: Skip based on 'relabel'
attribute instead of label type and fill in <imagelabel>
attribute if relabel is enabled.
Normally the dynamic labelling mode will always use a base
label of 'svirt_t' for VMs. Introduce a <baselabel> field
in the <seclabel> XML to allow this base label to be changed
eg
<seclabel type='dynamic' model='selinux'>
<baselabel>system_u:object_r:virt_t:s0</baselabel>
</seclabel>
* docs/schemas/domain.rng: Add <baselabel>
* src/conf/domain_conf.c, src/conf/domain_conf.h: Parsing
of base label
* src/qemu/qemu_process.c: Don't reset 'model' attribute if
a base label is specified
* src/security/security_apparmor.c: Refuse to support base label
* src/security/security_selinux.c: Use 'baselabel' when generating
label, if available
virStorageBackendCreateRaw: createRawFile already reported the
exact error.
Before the fix:
error: Failed to create vol vol-create.img
error: cannot create path '/var/lib/libvirt/images/vol-create.img': Unknown error 18446744073709551597
After the fix:
error: Failed to create vol vol-create.img
error: cannot fill file '/var/lib/libvirt/images/vol-create.img': No space left on device
Coverity detected that we could crash on bogus input. Meanwhile,
strtok_r is rather heavy compared to strchr.
* src/storage/storage_backend_iscsi.c (virStorageBackendIQNFound):
Check for parse failure, and use lighter-weight functions.
Detected by Coverity. qemuDomainEventQueue requires a non-NULL
pointer; most callers silently drop the event if we encountered
and OOM situation trying to create the event.
* src/qemu/qemu_migration.c (qemuMigrationFinish): Check for OOM.
Coverity noted that most clients reacted to failure to hash; but in
a best-effort kill loop, we can ignore failure.
* src/util/cgroup.c (virCgroupKillInternal): Ignore hash failure.
Coverity noted that 4 out of 5 calls to virNetClientStreamRaiseError
checked the return value. This case expects a particular value, so
warn if our expectations went wrong due to some bug elsewhere.
* src/rpc/virnetclient.c (virNetClientCallDispatchStream): Warn on
unexpected scenario.
Coverity warns if the majority of callers check a function for
errors, but a few don't; but in qemu_audit and qemu_domain, the
choice to not check for failures was safe. In qemu_command, the
failure to generate a uuid can only occur on a bad pointer.
* src/qemu/qemu_audit.c (qemuAuditCgroup): Ignore failure to get
cgroup controller.
* src/qemu/qemu_domain.c (qemuDomainObjEnterMonitor)
(qemuDomainObjEnterMonitorWithDriver): Ignore failure to get
timestamp.
* src/qemu/qemu_command.c (qemuParseCommandLine): Check for error.
Detected by Coverity. The leak is on an error path, but I'm not
sure whether that path is likely to be triggered in practice.
* src/rpc/virnetserverservice.c (virNetServerServiceAccept): Plug leak.
Spotted by Coverity. If we don't update tmp each time through
the loop, then if the filter being removed was not the head of
the list, we accidentally lose all filters prior to the one we
wanted to remove.
* src/rpc/virnetserverclient.c (virNetServerClientRemoveFilter):
Don't lose unrelated filters.
Detected by Coverity. Some, but not all, error paths were clean;
but they were repetitive so I refactored them.
* src/util/pci.c (pciGetDevice): Plug leak.
To avoid regressions, we let callers specify whether to require a
minor and micro version. Callers that were parsing uname() output
benefit from defaulting to 0, whereas callers that were parsing
version strings from other sources should not change in behavior.
* src/util/util.c (virParseVersionString): Allow caller to choose
whether to fail if minor or micro is missing.
* src/util/util.h (virParseVersionString): Update signature.
* src/esx/esx_driver.c (esxGetVersion): Update callers.
* src/lxc/lxc_driver.c (lxcVersion): Likewise.
* src/openvz/openvz_conf.c (openvzExtractVersionInfo): Likewise.
* src/uml/uml_driver.c (umlGetVersion): Likewise.
* src/vbox/vbox_MSCOMGlue.c (vboxLookupVersionInRegistry):
Likewise.
* src/vbox/vbox_tmpl.c (vboxExtractVersion): Likewise.
* src/vmware/vmware_conf.c (vmwareExtractVersion): Likewise.
* src/xenapi/xenapi_driver.c (xenapiGetVersion): Likewise.
Reported by Matthias Bolte.
According to the automake manual, CPPFLAGS (aka INCLUDES, as spelled
in automake 1.9.6) should only include -I, -D, and -U directives; more
generic directives like -Wall belong in CFLAGS since they affect more
phases of the build process. Therefore, we should be sticking CFLAGS
additions into a CFLAGS container, not a CPPFLAGS container.
* src/Makefile.am (libvirt_driver_vmware_la_CFLAGS): Use AM_CFLAGS.
(INCLUDES): Move CFLAGS items...
(AM_CFLAGS): ...to their proper location.
* python/Makefile.am (INCLUDES, AM_CFLAGS): Likewise.
* tests/Makefile.am (INCLUDES, AM_CFLAGS): Likewise.
(commandtest_CFLAGS, commandhelper_CFLAGS)
(virnetmessagetest_CFLAGS, virnetsockettest_CFLAGS): Use AM_CFLAGS.
linux 3.0 has no micro version number, and that is causing problems
for virParseVersionString. The patch below should allow for:
major
major.minor
major.minor.micro
If major or minor are not present they just default to zero.
We found this in Ubuntu (https://bugs.launchpad.net/bugs/802977)
Detected by Coverity. No real harm in leaving these, but fixing
them cuts down on the noise for future analysis.
* src/rpc/virnetserver.c (virNetServerAddService): Delete unused
entry.
* src/util/sysinfo.c (virSysinfoRead): Delete dead assignment to
base.
EXTRA_DIST files should unconditionally be part of the tarball,
rather than depending on the presence of sanlock-devel.
Meanwhile, parallel builds could fail if we don't use mkdir -p.
* src/Makefile.am (EXTRA_DIST): Always ship sanlock .aug and
template .conf files.
(%-sanlock.conf): Use MKDIR_P.
For good or for bad, I did a fresh checkout, ./autogen.sh, then
'configure', then 'make syntax-check', and was surprised that it
failed. Running 'make' before 'make syntax-check' cleaned up the
issue, but this patch makes it work up front.
* cfg.mk (sc_po_check): Add prerequisites.
Based on Coverity's finding on the previous patch, I audited
gnulib's pipe2 code and found that we had the potential for
a subtle double-close bug, unless gnulib guarantees that the
contents of the fd array are unchanged on pipe2() failure.
* .gnulib: Update to latest, for pipe2 fix.
Detected by Coverity. Both are instances of bad things happening
if pipe2 fails; the virNetClientNew failure could free garbage,
and virNetSocketNewConnectCommand could close random fds.
Note: POSIX doesn't guarantee the contents of fd[0] and fd[1]
after pipe failure: http://austingroupbugs.net/view.php?id=467
We may need to introduce a virPipe2 wrapper that guarantees
that on pipe failure, the fds are explicitly set to -1, rather
than our current state of assuming the fds are unchanged from
their value prior to the failed pipe call.
* src/rpc/virnetclient.c (virNetClientNew): Initialize variable.
* src/rpc/virnetsocket.c (virNetSocketNewConnectCommand):
Likewise.
Detected by Coverity. info.nrVirtCpu is unsigned short, but if
cpumaplen is int, then the product of the two in vshMalloc risks
unintended sign extension. cmdVcpuinfo had already solved this
by using size_t cpumaplen.
* tools/virsh.c (cmdVcpuPin): Use correct type.
The virDomainMigratePrepareTunnel3 impl in the remote driver
was using the procedure number for the virDomainMigratePrepareTunnel
method. This doesn't work out so well, because it makes the server
ignore & drop all stream packets
* src/remote/remote_driver.c: Fix procedure for PrepareTunnel3
We ignore any stream data packets which come in for streams which
are not registered, since these packets are async and do not have
a reply. If we get a stream control packet though we must send back
an actual error, otherwise a (broken) client may hang forever
making it hard to diagnose the client bug.
* src/rpc/virnetserverprogram.c: Send back error for unexpected
stream control messages
If a message packet for a invalid stream is received it is just
free'd. This is not good because it doesn't let the client RPC
request counter decrement. If a stream is shutdown with pending
packets the message also isn't released properly because of an
incorrect header type
* daemon/stream.c: Fix message header type
* src/rpc/virnetserverprogram.c: Send dummy reply instead of
free'ing ignored stream message
While investigating some memory leaks it was unclear whether the
JSON code correctly free'd all memory during parsing. Add a test
case which can be run under valgrind to clearly demonstrate that
the parser is leak free.
* tests/Makefile.am: Add 'jsontest'
* tests/jsontest.c: A few simple JSON parsing tests
The qemudDomainSaveFlag method will call EndJob on the 'vm'
object it is passed in. This can result in the 'vm' object
being free'd if the last reference is removed. Thus no caller
of 'qemudDomainSaveFlag' must *ever* reference 'vm' again
upon return.
Unfortunately qemudDomainSave and qemuDomainManagedSave
both call 'virDomainObjUnlock', which can result in a
crash. This is non-deterministic since it involves a race
with the monitor I/O thread.
Fix this by making qemudDomainSaveFlag responsible for
calling virDomainObjUnlock instead.
* src/qemu/qemu_driver.c: Fix potential use after free
when saving guests
The 'char control[CMSG_SPACE(sizeof(int))];' was not being
wiped, so could potentially contain uninitialized bytes.
While this was harmless in this case, it caused complaints
from valgrind
* src/qemu/qemu_monitor.c: memset 'control' variable
in qemuMonitorIOWriteWithFD
The event handler functions do not free the virJSONValuePtr
object. Every event received from a VM thus caused a memory
leak
* src/qemu/qemu_monitor_json.c: Fix leak of event object
The 'function' field in the PCI address was not correctly
initialized, so it was building the wrong address address
string and so not removing all functions from the in use
list.
* src/qemu/qemu_command.c: Fix initialization of PCI function
When adding a callback to an FD stream, we take an extra reference
on the virStreamPtr instance. We forgot to registered a free function
with the callback, so when the callback was removed, the extra
reference held on virStreamPtr was not released.
* src/fdstream.c: Use a free callback to release reference on
virStreamPtr when removing callback
The stream code was reusing a stream message object before
it was removed from the linked list of filtered messages.
This caused any later queued messages to be completely lost.
* daemon/stream.c: Delay reuse of stream message until
after it is removed from the queue
To save on memory reallocation, virNetMessage instances that
have been transmitted, may be reused for a subsequent incoming
message. We forgot to clear out the old data of the message
fully, which caused later confusion upon read.
* src/rpc/virnetserverclient.c: memset entire message before
reusing it
The virNetServerClient object had a hardcoded limit of 10 requests
per client. Extend constructor to allow it to be passed in as a
configurable variable. Wire this up to the 'max_client_requests'
config parameter in libvirtd
* daemon/libvirtd.c: Pass max_client_requests into services
* src/rpc/virnetserverservice.c, src/rpc/virnetserverservice.h: Pass
nrequests_client_max to clients
* src/rpc/virnetserverclient.c, src/rpc/virnetserverclient.h: Allow
configurable request limit
If we pass VIR_DOMAIN_AFFECT_LIVE | VIR_DOMAIN_AFFECT_CONFIG to
qemuGetSchedulerParametersFlags() or *nparams is less than 1,
we will unlock qemu_driver without locking it. It's very dangerous.
We should lock qemu_driver after calling virCheckFlags().
virDomainVcpuPinDefFree() does not free def->cputune.vcpupin if nvcpupin
is 0, and does not set def->cputune.vcpupin to NULL.
If we set nvcpupin to 0 but do not free vcpupin, vcpupin will not be freed
when vm->def is freed.
Use VIR_FREE() instead of virDomainVcpuPinDefFree() to free the memory
and set def->cputune.vcpupint to NULL.
2011-06-30 13:26:51 +08:00
839 changed files with 1001763 additions and 559764 deletions
<p>The first block (in red) indicates the host hardware capabilities, currently
it is limited to the CPU properties but other information may be available,
it shows the CPU architecture, topology, model name, and additional features
which are not included in the model but the CPU provides them. Features of the
chip are shown within the feature block (the block is similar to what you will
find in a Xen fully virtualized domain description).</p>
<p>The second block (in blue) indicates the paravirtualization support of the
Xen support, you will see the os_type of xen to indicate a paravirtual
kernel, then architecture information and potential features.</p>
<p>The third block (in green) gives similar information but when running a
32 bit OS fully virtualized with Xen using the hvm support.</p>
<p>This section is likely to be updated and augmented in the future, see <ahref="https://www.redhat.com/archives/libvir-list/2007-March/msg00215.html">the
discussion</a> which led to the capabilities format in the mailing-list
archives.</p>
<p>The first block (in red) indicates the host hardware
capabilities, such as CPU properties and the power
management features of the host platform. CPU models are
shown as additional features relative to the closest base
model, within a feature block (the block is similar to what
you will find in a Xen fully virtualized domain
description). Further, the power management features
supported by the host are shown, such as Suspend-to-RAM (S3),
Suspend-to-Disk (S4) and Hybrid-Suspend (a combination of S3
and S4). In case the host does not support
any such feature, then an empty <power_management/>
tag will be shown. </p>
<p>The second block (in blue) indicates the paravirtualization
support of the Xen support, you will see the os_type of xen
to indicate a paravirtual kernel, then architecture
information and potential features.</p>
<p>The third block (in green) gives similar information but
when running a 32 bit OS fully virtualized with Xen using
the hvm support.</p>
<p>This section is likely to be updated and augmented in the
future,
see <ahref="https://www.redhat.com/archives/libvir-list/2007-March/msg00215.html">the
discussion</a> which led to the capabilities format in the
The payload of a packet will vary depending on the <code>type</code>
and <code>status</code> fields from the header.
</p>
<ul>
<li>type=call: the in parameters for the method call, XDR encoded</li>
<li>type=call-with-fds: number of file handles, then the in parameters for the method call, XDR encoded, followed by the file handles</li>
<li>type=reply+status=ok: the return value and/or out parameters for the method call, XDR encoded</li>
<li>type=reply+status=error: the error information for the method, a virErrorPtr XDR encoded</li>
<li>type=reply-with-fds+status=ok: number of file handles, the return value and/or out parameters for the method call, XDR encoded, followed by the file handles</li>
<li>type=reply-with-fds+status=error: number of file handles, the error information for the method, a virErrorPtr XDR encoded, followed by the file handles</li>
<li>type=event: the parameters for the event, XDR encoded</li>
<li>type=stream+status=ok: no payload</li>
<li>type=stream+status=error: the error information for the method, a virErrorPtr XDR encoded</li>
<li>type=stream+status=continue: the raw bytes of data for the stream. No XDR encoding</li>
</ul>
<p>
With the two packet types that support passing file descriptors, in
between the header and the payload there will be a 4-byte integer
specifying the number of file descriptors which are being sent.
The actual file handles are sent after the payload has been sent.
Each file handle has a single dummy byte transmitted as a carrier
for the out of band file descriptor. While the sender should always
send '\0' as the dummy byte value, the receiver ought to ignore the
value for the sake of robustness.
</p>
<p>
For the exact payload information for each procedure, consult the XDR protocol
definition for the program+version in question
</p>
<h3><aname="wireexamples">Wire examples</a></h3>
<p>
The following diagrams illustrate some example packet exchanges
If set to a non-zero value, this disables client checks of the
SSH: If set to a non-zero value, this disables client's strict host key
checking making it auto-accept new host keys. Existing host keys will
still be validated.
<br/>
<br/>
TLS: If set to a non-zero value, this disables client checks of the
server's certificate. Note that to disable server checks of
the client's certificate or IP address you must
<ahref="#Remote_libvirtd_configuration">change the libvirtd
@ -858,48 +876,6 @@ just read-write/read-only as at present.
</ul>
<p>
Please come and discuss these issues and more on <ahref="https://www.redhat.com/mailman/listinfo/libvir-list"title="libvir-list mailing list">the mailing list</a>.
The current implementation uses <ahref="http://en.wikipedia.org/wiki/External_Data_Representation"title="External Data Representation">XDR</a>-encoded packets with a
simple remote procedure call implementation which also supports
asynchronous messaging and asynchronous and out-of-order replies,
although these latter features are not used at the moment.
</p>
<p>
The implementation should be considered <b>strictly internal</b> to
libvirt and <b>subject to change at any time without notice</b>. If
you wish to talk to libvirtd, link to libvirt. If there is a problem
that means you think you need to use the protocol directly, please
first discuss this on <ahref="https://www.redhat.com/mailman/listinfo/libvir-list"title="libvir-list mailing list">the mailing list</a>.
</p>
<p>
The messaging protocol is described in
<code>qemud/remote_protocol.x</code>.
</p>
<p>
Authentication and encryption (for TLS) is done using <ahref="http://www.gnu.org/software/gnutls/"title="GnuTLS project page">GnuTLS</a> and the RPC protocol is unaware of this layer.
</p>
<p>
Protocol messages are sent using a simple 32 bit length word (encoded
XDR int) followed by the message header (XDR
<code>remote_message_header</code>) followed by the message body. The
length count includes the length word itself, and is measured in
bytes. Maximum message size is <code>REMOTE_MESSAGE_MAX</code> and to
avoid denial of services attacks on the XDR decoders strings are
individually limited to <code>REMOTE_STRING_MAX</code> bytes. In the
TLS case, messages may be split over TLS records, but a TLS record
cannot contain parts of more than one message. In the common RPC case
a single <code>REMOTE_CALL</code> message is sent from client to
server, and the server then replies synchronously with a single
<code>REMOTE_REPLY</code> message, but other forms of messaging are
also possible.
</p>
<p>
The protocol contains support for multiple program types and protocol
Since libvirt supports many different kinds of virtualization
(often referred to as "drivers" or "hypervisors"), we need a
@ -13,41 +15,46 @@ machine over the network.
To this end, libvirt uses URIs as used on the Web and as defined in <ahref="http://www.ietf.org/rfc/rfc2396.txt">RFC 2396</a>. This page
documents libvirt URIs.
</p>
<ul>
<li>
<ahref="#URI_libvirt">Specifying URIs to libvirt</a>
</li>
<li>
<ahref="#URI_virsh">Specifying URIs to virsh, virt-manager and virt-install</a>
</li>
<li>
<ahref="#URI_xen">xen:/// URI</a>
</li>
<li>
<ahref="#URI_qemu">qemu:///... QEMU and KVM URIs</a>
</li>
<li>
<ahref="#URI_remote">Remote URIs</a>
</li>
<li>
<ahref="#URI_test">test:///... Test URIs</a>
</li>
<li>
<ahref="#URI_legacy">Other & legacy URI formats</a>
</li>
</ul>
<h3>
<aname="URI_libvirt">Specifying URIs to libvirt</a>
</h3>
<h2><aname="URI_libvirt">Specifying URIs to libvirt</a></h2>
<p>
The URI is passed as the <code>name</code> parameter to <ahref="html/libvirt-libvirt.html#virConnectOpen"><code>virConnectOpen</code></a> or <ahref="html/libvirt-libvirt.html#virConnectOpenReadOnly"><code>virConnectOpenReadOnly</code></a>. For example:
# The rest of your app would go here normally, but for sake
# of demo we'll just go to sleep. The other option is to
# run the event loop in your main thread if your app is
# totally event based.
while1:
whilevc.isAlive()==1:
time.sleep(1)
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
