return attributes that are in a union whose contents are interpreted
differently depending on the actual->type and so they should only
return non-0 when actual->type is 'bridge' (in the first case) or
'direct' (in the other two cases, but I had neglected to do that, so
...DirectDev() was returning bridge.brname (which happens to share the
same spot in the union with direct.linkdev) if actual->type was
'bridge', and ...BridgeName was returning direct.linkdev when
actual->type was 'direct'.
How does this involve Bug 881480 (which was about the inability to
switch between two networks that both have "<forward mode='bridge'/>
<bridge name='xxx'/>"? Whenever the return value of
virDomainNetGetActualDirectDev() for the new and old network
definitions doesn't match, qemuDomainChangeNet() requires a "complete
reconnect" of the device, which qemu currently doesn't
support. ...DirectDev() *should* have been returning NULL for old and
new, but was instead returning the old and new bridge names, which
differ.
(The other two functions weren't causing any behavioral problems in
virDomainChangeNet(), but their problem and fix was identical, so I
included them in this same patch).
In short, a dnsmasq instance run with the intention of listening for
DHCP/DNS requests only on a libvirt virtual network (which is
constructed using a Linux host bridge) would also answer queries sent
from outside the virtualization host.
This patch takes advantage of a new dnsmasq option "--bind-dynamic",
which will cause the listening socket to be setup such that it will
only receive those requests that actually come in via the bridge
interface. In order for this behavior to actually occur, not only must
"--bind-interfaces" be replaced with "--bind-dynamic", but also all
"--listen-address" options must be replaced with a single
"--interface" option. Fully:
--bind-interfaces --except-interface lo --listen-address x.x.x.x ...
(with --listen-address possibly repeated) is replaced with:
--bind-dynamic --interface virbrX
Of course libvirt can't use this new option if the host's dnsmasq
doesn't have it, but we still want libvirt to function (because the
great majority of libvirt installations, which only have mode='nat'
networks using RFC1918 private address ranges (e.g. 192.168.122.0/24),
are immune to this vulnerability from anywhere beyond the local subnet
of the host), so we use the new dnsmasqCaps API to check if dnsmasq
supports the new option and, if not, we use the "old" option style
instead. In order to assure that this permissiveness doesn't lead to a
vulnerable system, we do check for non-private addresses in this case,
and refuse to start the network if both a) we are using the old-style
options, and b) the network has a publicly routable IP
address. Hopefully this will provide the proper balance of not being
disruptive to those not practically affected, and making sure that
those who *are* affected get their dnsmasq upgraded.
(cherry picked from commit 753ff83a50263d6975f88d6605d4b5ddfcc97560)
Conflicts:
src/network/bridge_driver.c
* needed to change virReportError() to the older
networkReportError()
tests/networkxml2argvdata/nat-network-dns-txt-record.argv
* this test file has an example of an arg with embedded space,
which gets sorrounded by '' in newer releases. Other
items on the same line had been modified.
tests/networkxml2argvdata/routed-network.argv
* in the newer releases, this test file had an --addn-hosts
arg that didn't exist on this branch. Again, it was in the
surrounding context of the changes that had been made on
master.
Laine Stump [Thu, 22 Nov 2012 02:17:30 +0000 (21:17 -0500)]
util: new virSocketAddrIsPrivate function
This new function returns true if the given address is in the range of
any "private" or "local" networks as defined in RFC1918 (IPv4) or
RFC3484/RFC4193 (IPv6), otherwise they return false.
(cherry picked from commit bf402e77b6d53a4e569b3aa76aef9c7d589c0cf2)
Conflicts:
src/util/virsocketaddr.c
src/util/virsocketaddr.h
* both of these files had new functions that had been added
at the same place virSocketAddrIsPrivate was being added,
so the context on the branch didn't match.
Laine Stump [Tue, 20 Nov 2012 17:22:15 +0000 (12:22 -0500)]
util: capabilities detection for dnsmasq
In order to optionally take advantage of new features in dnsmasq when
the host's version of dnsmasq supports them, but still be able to run
on hosts that don't support the new features, we need to be able to
detect the version of dnsmasq running on the host, and possibly
determine from the help output what options are in this dnsmasq.
This patch implements a greatly simplified version of the capabilities
code we already have for qemu. A dnsmasqCaps device can be created and
populated either from running a program on disk, reading a file with
the concatenated output of "dnsmasq --version; dnsmasq --help", or
examining a buffer in memory that contains the concatenated output of
those two commands. Simple functions to retrieve capabilities flags,
the version number, and the path of the binary are also included.
bridge_driver.c creates a single dnsmasqCaps object at driver startup,
and disposes of it at driver shutdown. Any time it must be used, the
dnsmasqCapsRefresh method is called - it checks the mtime of the
binary, and re-runs the checks if the binary has changed.
networkxml2argvtest.c creates 2 "artificial" dnsmasqCaps objects at
startup - one "restricted" (doesn't support --bind-dynamic) and one
"full" (does support --bind-dynamic). Some of the test cases use one
and some the other, to make sure both code pathes are tested.
Conflicts:
src/network/bridge_driver.c
* some new functions are missing in the backport, so they don't need
to be modified.
* Use dnsmasqCapsFree() instead of virObjectUnref()
src/util/dnsmasq.c
* eliminate use of virObject, since this version of libvirt
doesn't yet have it
* use networkReportError() instead of virReportError()
* virBitmapAlloc() instead of virBitmapNew()
src/util/dnsmasq.h
* don't #include virobject.h
* add prototype for dnsmasqCapsFree()
src/libvirt_private.syms
* export dnsmasqCapsFree
Eric Blake [Mon, 5 Nov 2012 16:48:28 +0000 (09:48 -0700)]
spec: don't enable cgconfig under systemd
In Fedora 16, we quit enabling cgconfig because systemd set up
default cgroups that were good enough for our use. But in F17,
when we switched to systemd, we reverted and started up cgconfig
again. See also the tail of this thread:
https://www.redhat.com/archives/libvir-list/2012-October/msg01657.html
Cole Robinson [Sat, 20 Oct 2012 19:57:28 +0000 (15:57 -0400)]
selinux: Don't fail RestoreAll if file doesn't have a default label
When restoring selinux labels after a VM is stopped, any non-standard
path that doesn't have a default selinux label causes the process
to stop and exit early. This isn't really an error condition IMO.
Of course the selinux API could be erroring for some other reason
but hopefully that's rare enough to not need explicit handling.
Jiri Denemark [Wed, 17 Oct 2012 12:08:17 +0000 (14:08 +0200)]
qemu: Clear async job when p2p migration fails early
When p2p migration fails early because qemuMigrationIsAllowed or
qemuMigrationIsSafe say migration should be cancelled, we fail to clear
the migration-out async job. As a result of that, further APIs called
for the same domain may fail with Timed out during operation: cannot
acquire state change lock.
remove dnsmasq command line parameter "--filterwin2k"
This patch removed the "--filterwin2k" dnsmasq command line
parameter which was unnecessary for domain specification,
possibly blocked some usage, and was command line clutter.
Gene Czarcinski [Wed, 22 Aug 2012 16:59:24 +0000 (12:59 -0400)]
dnsmasq: avoid forwarding queries without a domain
dnsmasq is forwarding a number of queries upstream that should not
be done. There still remains an MX query for a plain name with no
domain specified that will be forwarded is dnsmasq has --domain=xxx
--local=/xxx/ specified. This does not happen with no domain name
and --local=// ... not a libvirt problem.
When generating RPC protocol messages, it's strictly needed to have a
continuous line of numbers or RPC messages. However in case anyone
tries backporting some functionality and will skip a number, there is
a possibility to make the daemon segfault with newer virsh (version of
the library, rpc call, etc.) even unintentionally.
The problem is that the skipped numbers will get func filled with
NULLs, but there is no check whether these are set before the daemon
tries to run them. This patch very simply enhances one check and fixes
that.
(cherry picked from commit b7ff9e696063189a715802d081d55a398663c15a)
Eric Blake [Fri, 20 Jul 2012 20:44:54 +0000 (14:44 -0600)]
tests: avoid seclabeltest crash
Commit a56c347 introduced a use of random numbers into seclabel
handling, but failed to initialize the random number generator
in the testsuite. Also, fail with usual status, not 255.
First 'poll' can't return EWOULDBLOCK, and second, we're checking errno
so far away from the poll() call that we've probably already trashed the
original errno value.
(cherry picked from commit 5d490603a6d60298162cbd32ec45f736b58929fb)
Jiri Denemark [Tue, 12 Jun 2012 12:32:27 +0000 (14:32 +0200)]
client rpc: Send keepalive requests from IO event loop
In addition to keepalive responses, we also need to send keepalive
requests from client IO loop to properly detect dead connection in case
a libvirt API is called from the main loop, which prevents any timers to
be called.
(cherry picked from commit 4d971dc7ef1a9d0dc830c243b5731e862ad0eb5c)
Jiri Denemark [Tue, 12 Jun 2012 07:02:38 +0000 (09:02 +0200)]
server rpc: Remove APIs for manipulating filters on locked client
We don't need to add or remove filters when client object is already
locked anymore. There's no reason to keep the *Locked variants of those
APIs.
(cherry picked from commit d9ad41669828e33623ba8177f260b9f313c1963d)
Jiri Denemark [Tue, 12 Jun 2012 07:01:49 +0000 (09:01 +0200)]
rpc: Do not use timer for sending keepalive responses
When a libvirt API is called from the main event loop (which seems to be
common in event-based glib apps), the client IO loop would properly
handle keepalive requests sent by a server but will not actually send
them because the main event loop is blocked with the API. This patch
gets rid of response timer and the thread which is processing keepalive
requests is also responsible for queueing responses for delivery.
(cherry picked from commit bb85f2298e63b55b0465cb9e1f790019e99611dd)
Jiri Denemark [Tue, 12 Jun 2012 21:42:32 +0000 (23:42 +0200)]
rpc: Add APIs for direct triggering of keepalive timer
Add virKeepAliveTimeout and virKeepAliveTrigger APIs that can be used to
set poll timeouts and trigger keepalive timer. virKeepAliveTrigger
checks if it is called to early and does nothing in that case.
(cherry picked from commit 28c75382b00d75b129245dedc1ce92596b96ddf9)
Jiri Denemark [Tue, 12 Jun 2012 21:41:25 +0000 (23:41 +0200)]
rpc: Refactor keepalive timer code
The code that needs to be run every keepalive interval of inactivity was
only called from a timer and thus from the main event loop. We will need
to call the code directly from another place.
(cherry picked from commit a2ba8686325c8ba61c95f3f1152ef4420a029c15)
Jiri Denemark [Fri, 8 Jun 2012 13:24:06 +0000 (15:24 +0200)]
client rpc: Drop unused return value of virNetClientSendNonBlock
As we never drop non-blocking calls, the return value that used to
indicate a call was dropped is no longer needed.
(cherry picked from commit ca9b13e3733195d400effaca0ef13e4545a3b608)
Jiri Denemark [Mon, 11 Jun 2012 12:24:06 +0000 (14:24 +0200)]
client rpc: Just queue non-blocking call if another thread has the buck
As non-blocking calls are no longer dropped, we don't really need to
care that much about their fate and wait for the thread with the buck
to process them. If another thread has the buck, we can just push a
non-blocking call to the queue and be done with it.
(cherry picked from commit ef392614aa585d168e618ffaf2c83545d81f0113)
Jiri Denemark [Fri, 8 Jun 2012 12:21:00 +0000 (14:21 +0200)]
client rpc: Don't drop non-blocking calls
So far, we were dropping non-blocking calls whenever sending them would
block. In case a client is sending lots of stream calls (which are not
supposed to generate any reply), the assumption that having other calls
in a queue is sufficient to get a reply from the server doesn't work. I
tried to fix this in b1e374a7ac56927cfe62435179bf0bba1e08b372 but
failed and reverted that commit.
With this patch, non-blocking calls are never dropped (unless the
connection is being closed) and will always be sent.
(cherry picked from commit 78602c4e83bbf51f89c24a0be14074e71d01bf60)
Jiri Denemark [Tue, 12 Jun 2012 06:41:59 +0000 (08:41 +0200)]
client rpc: Use event loop for writing
Normally, when every call has a thread associated with it, the thread
may get the buck and be in charge of sending all calls until its own
call is done. When we introduced non-blocking calls, we had to add
special handling of new non-blocking calls. This patch uses event loop
to send data if there is no thread to get the buck so that any
non-blocking calls left in the queue are properly sent without having to
handle them specially. It also avoids adding even more cruft to client
IO loop in the following patches.
With this change in, non-blocking calls may see unpredictable delays in
delivery when the client has no event loop registered. However, the only
non-blocking calls we have are keepalives and we already require event
loop for them, which makes this a non-issue until someone introduces new
non-blocking calls.
(cherry picked from commit 9e747e5c5079a5aead2f248fc22ff658bd0180be)
Jiri Denemark [Fri, 8 Jun 2012 11:41:25 +0000 (13:41 +0200)]
client rpc: Improve debug messages in virNetClientIO
When analyzing our debug log, I'm always confused about what each of the
pointers mean. Let's be explicit.
(cherry picked from commit 71689f95ceedbc63953a0b06aa2c2cee7fabfa2b)
Peter Krempa [Fri, 3 Aug 2012 09:20:29 +0000 (11:20 +0200)]
conf: Remove console stream callback only when freeing console helper
Commit ba226d334acbc49f6751b430e0c4e00f69eef6bf tried to fix crash of
the daemon when a domain with an open console was destroyed. The fix was
wrong as it tried to remove the callback also when the stream was
aborted, where at that point the fd stream driver was already freed and
removed.
This patch clears the callbacks with a helper right before the hash is
freed, so that it doesn't interfere with other codepaths where the
stream object is freed.
(cherry picked from commit 45edefc7a7bcbec988f54331ff37fc32e4bc2718)
Peter Krempa [Fri, 3 Aug 2012 11:16:24 +0000 (13:16 +0200)]
virsh: console: Avoid using stream after being freed.
The stream object wasn't set to NULL after freeing causing a double free
attempt on the cleanup path.
(cherry picked from commit e3b8808ba764e06f68785a2bbdd8b7ab00b71fa4)
Eric Blake [Tue, 31 Jul 2012 14:05:14 +0000 (08:05 -0600)]
qemu: fix use after free
Detected by Coverity.
* src/qemu/qemu_hotplug.c (qemuDomainAttachHostDevice): Avoid
double free of usb on failure.
(cherry picked from commit 665c8cdecc2d91a83f08a6ec95531b0de57c0e0a)
Peter Krempa [Fri, 27 Jul 2012 12:50:54 +0000 (14:50 +0200)]
conf: Remove callback from stream when freeing entries in console hash
When a domain has a active console connection and is destroyed the
callback is called on private data that no longer exist causing a
segfault.
(cherry picked from commit ba226d334acbc49f6751b430e0c4e00f69eef6bf)
security: Skip labeling resources when seclabel defaults to none
If a domain is explicitly configured with <seclabel type="none"/> we
correctly ensure that no labeling will be done by setting
norelabel=true. However, if no seclabel element is present in domain XML
and hypervisor is configured not to confine domains by default, we only
set type to "none" without turning off relabeling. Thus if such a domain
is being started, security driver wants to relabel resources with
default label, which doesn't make any sense.
Moreover, with SELinux security driver, the generated image label lacks
"s0" sensitivity, which causes setfilecon() fail with EINVAL in
enforcing mode.
(cherry picked from commit ce53382ba28179d3a504b29b4f888b6e130d53f0)
No check for conn->uri being NULL in virAuthGetConfigFilePath (valid
state) made the client segfault. This happens for example with these
settings:
- no virtualbox driver installed (modifies conn->uri)
- no default URI set (VIRSH_DEFAULT_CONNECT_URI="",
LIBVIRT_DEFAULT_URI="", uri_default="")
- auth_sock_rw="sasl"
- virsh run as root
That are unfortunately the settings with fresh Fedora 17 installation
with VDSM.
The check ought to be enough as conn->uri being NULL is valid in later
code and is handled properly.
(cherry picked from commit 5eef74320b0bb9e604400168e0896c5ac527abef)
adding handling EINTR to poll to make it more robust
some system call and signal will interrupt poll,
making event loop stops and fails to react events and keepalive message
from libvirt.
adding handling EINTR to poll to make it more robust
The time keeping example was missing quotes which resulted in an error
if you copied and pasted the example into a domain's XML. Additionally
the rest of the examples use single quotes (') instead of double quotes
(") so standardized that.
(cherry picked from commit d57e17d58300589e4b53c52360d9fcd7592f53b2)
When the system doesn't have IPv6 available (e.g. not built into the
kernel or the module isn't loaded), you can not create an IPv6 socket.
The test determines earlier on that IPv6 isn't available then goes and
creates a socket. This makes socket creation conditional on IPv6
availability.
(cherry picked from commit faffe26909d8e5cde7e80e5a8f33296ed56dcfc7)
Ensure failure to talk to Xen hypervisor is fatal when privileged
As per the comment, the Xen hypervisor driver is considered to
be mandatory when running privileged. When it fails to open,
we should thus return an error, not ignore it.
(cherry picked from commit 489900e3de9de74ce4197807935ffc3ef8a68bca)
When sending SIGHUP to libvirtd, it will trigger the virStateDriver
reload operation. This is intended to reload the configuration files
for guests. For unknown historical reasons this is also triggering
autostart of all guests. Autostart is generally expected to be
something that happens on OS startup. Starting VMs on SIGHUP will
violate that expectation and potentially cause dangerous scenarios
if the admin has explicitly shutdown a misbehaving VM that has
been marked as autostart
Remote driver needs to make sure the driver lock is released before
entering client IO loop as that may block indefinitely in poll(). As a
direct consequence of not following this in stream APIs, tunneled
migration to a destination host which becomes non-responding may block
qemu driver. Luckily, if keepalive is turned for p2p migrations, both
remote and qemu drivers will get automagically unblocked after keepalive
timeout.
(cherry picked from commit 17f3be079c3c421eff203fcd311b0357ec42d801)
qemu: Do not fail virConnectCompareCPU if host CPU is not known
When host CPU could not be properly detected, virConnectCompareCPU will
just report that any CPU is incompatible with host CPU instead of
failing.
(cherry picked from commit 87c8623161f19c4f37844991deb1477e53c2b310)
When --direct is used when migrating a domain running on a hypervisor
that does not support direct migration (such as QEMU), the caller would
get the following error message:
this function is not supported by the connection driver:
virDomainMigrateToURI2
which is a complete nonsense since qemu driver implements
virDomainMigrateToURI2. This patch would emit a more sensible error in
this case:
Requested operation is not valid: direct migration is not supported
by the connection driver
(cherry picked from commit 3189dfb1636da22d426d2fc07cc9f60304b16c5c)
Commit 32a9aac switched libvirt to use the XDG base directories
to locate most of its data/config. In particular, the per-user socket
for qemu:///session is now stored in the XDG runtime directory.
This directory is located by looking at the XDG_RUNTIME_DIR environment
variable, with a fallback to ~/.cache/libvirt if this variable is not
set.
When the daemon is autospawned because a client application wants
to use qemu:///session, the daemon is ran in a clean environment
which does not contain XDG_RUNTIME_DIR. It will create its socket
in ~/.cache/libvirt. If the client application has XDG_RUNTIME_DIR
set, it will not look for the socket in the fallback place, and will
fail to connect to the autospawned daemon.
This patch adds XDG_RUNTIME_DIR to the daemon environment before
auto-starting it. I've done this in virNetSocketForkDaemon rather
than in virCommandAddEnvPassCommon as I wasn't sure we want to pass
these variables to other commands libvirt spawns. XDG_CACHE_HOME
and XDG_CONFIG_HOME are also added to the daemon env as it makes use
of those as well.
(cherry picked from commit efe6c8021146d046846ead5b5efc9828d97c1ceb)
This makes the driver fail with a clear error message in case of UUID
collisions (for example if somebody copied a container configuration
without updating the UUID) and also raises an error on other hash map
failures.
OpenVZ itself doesn't complain about duplicate UUIDs since this
parameter is only used by libvirt.
(cherry picked from commit 31351c316fee0487dcbc5ef6b630d75be6b212e5)
Fix /domain/features setting in qemuParseCommandLine
Commit 5e6ce1 moved down detection of the ACPI feature in
qemuParseCommandLine. However, when ACPI is detected, it clears
all feature flags in def->features to only set ACPI. This used to
be fine because this was the first place were def->features was set,
but after the move this is no longer necessarily true because this
block comes before the ACPI check:
Since def is allocated in qemuParseCommandLine using VIR_ALLOC, we
can always use |= when modifying def->features
(cherry picked from commit 626dd5180e472c0b4c0c5fb7072358743ca63653)
Jim Fehlig [Mon, 9 Jul 2012 15:52:55 +0000 (09:52 -0600)]
systemd: start libvirtd after network
Domains configured with autostart may fail to start if the host
network stack has not been started. E.g. when using bridged
networking autostarting a domain can fail with
libvirtd[1403]: 2012-06-20 13:23:49.833+0000: 1485: error :
qemuAutostartDomain:177 : Failed to autostart VM 'test': Cannot get
interface MTU on 'br0': No such device
(cherry picked from commit 4036aa91bff6482cf4c136c93277619fa8ec6f94)
Peter Krempa [Thu, 21 Jun 2012 15:59:27 +0000 (17:59 +0200)]
virsh: Clarify documentation for virsh dompmsuspend command
Clarify the docs to make more clear what this command does and that it
requires a guest agent running in the guest.
(cherry picked from commit e16d434da75430b05545f4d85d156f36b1ce51d1)
Peter Krempa [Mon, 9 Jul 2012 12:10:05 +0000 (14:10 +0200)]
storage_backend_fs: Don't free a part of a structure on error
As the storage pool sources are stored in a list of structs, the pointer
returned by virStoragePoolSourceListNewSource() shouldn't be freed as it
points in the middle of a memory block. This combined with a regression
that takes the error path every time on caused a double-free abort on
the src struct in question.
(cherry picked from commit ab9c72ae9e55e7190f52ad1550624630a5c7f78b)
Recently the Ceph project defaulted auth_supported from 'none' to 'cephx'.
When no auth information was set for Ceph disks this would lead to librados defaulting to
'cephx', but there would be no additional authorization information.
We now explicitly set auth_supported to none when passing down arguments to Qemu.
qemu: add rbd to whitelist of migration-safe formats
QEMU (and librbd) flush the cache on the source before the
destination starts, and the destination does not read any
changeable data before that, so live migration with rbd caching
is safe.
This makes 'virsh migrate' work with rbd and caching without the
--unsafe flag.
Reported-by: Vladimir Bashkirtsev <vladimir@bashkirtsev.com> Signed-off-by: Josh Durgin <josh.durgin@inktank.com>
(cherry picked from commit 78290b1641e95304c862062ee0aca95395c5926c)
Eiichi Tsukata [Fri, 29 Jun 2012 06:09:16 +0000 (15:09 +0900)]
Fix vm's outbound traffic control problem
Hello,
This is a patch to fix vm's outbound traffic control problem.
Currently, vm's outbound traffic control by libvirt doesn't go well.
This problem was previously discussed at libvir-list ML, however
it seems that there isn't still any answer to the problem.
http://www.redhat.com/archives/libvir-list/2011-August/msg00333.html
I measured Guest(with virtio-net) to Host TCP throughput with the
command "netperf -H".
Here are the outbound QoS parameters and the results.
The outbound traffic goes down unreasonably and is even not controled.
The cause of this problem is too large mtu value in "tc filter" command run by
libvirt. The command uses burst value to set mtu and the burst is equal to
average rate value if it's not set. This value is too large. For example
if the average rate is set to 1024 kilobytes/s, the mtu value is set to 1024
kilobytes. That's too large compared to the size of network packets.
Here libvirt applies tc ingress filter to Host's vnet(tun) device.
Tc ingress filter is implemented with TBF(Token Buckets Filter) algorithm. TBF
uses mtu value to calculate the amount of token consumed by each packet. With too
large mtu value, the token consumption rate is set too large. This leads to
token starvation and deterioration of TCP throughput.
Then, should we use the default mtu value 2 kilobytes?
The anser is No, because Guest with virtio-net device uses 65536 bytes
as mtu to transmit packets to Host, and the tc filter with the default mtu
value 2k drops packets whose size is larger than 2k. So, the most packets
is droped and again leads to deterioration of TCP throughput.
The appropriate mtu value is 65536 bytes which is equal to the maximum value
of network interface device defined in <linux/netdevice.h>. The value is
not so large that it causes token starvation and not so small that it
drops most packets.
Therefore this patch set the mtu value to 64kb(== 65535 bytes).
Again, here are the outbound QoS parameters and the TCP throughput with
the libvirt patched.
Peter Krempa [Thu, 28 Jun 2012 21:42:50 +0000 (23:42 +0200)]
network_conf: Don't free uninitialized pointers while parsing DNS SRV
If the user specified invalid protocol type in a network's SRV record
the error path ended up in freeing uninitialized pointers causing a
daemon crash.
Osier Yang [Wed, 27 Jun 2012 14:02:23 +0000 (22:02 +0800)]
storage: Error out if the target is already mounted for netfs pool
mnt_fsname can not be the same, as we check the duplicate pool
sources earlier before, means it can't be the same pool, moreover,
a pool can't be started if it's already active anyway. So no reason
to act as success.
(cherry picked from commit 8116529409357c82824fb280165ea0ee6f2d6277)
Michal Privoznik [Wed, 27 Jun 2012 10:06:45 +0000 (12:06 +0200)]
events: Don't fail on registering events for two different domains
virConnectDomainEventRegisterAny() takes a domain as an argument.
So it should be possible to register the same event (be it
VIR_DOMAIN_EVENT_ID_LIFECYCLE for example) for two different domains.
That is, we need to take domain into account when searching for
duplicate event being already registered.
(cherry picked from commit cd15303fd123146b0ba53e387d08ef22b707223c)
Starting a KVM guest on s390 fails immediately. This is because
"qemu --help" reports -no-acpi even for the s390(x) architecture but
-no-acpi isn't supported there.
Workaround is to remove QEMU_CAPS_NO_ACPI from the capability set
after the version/capability extraction.
Osier Yang [Mon, 25 Jun 2012 13:34:22 +0000 (21:34 +0800)]
qemu: Improve error if setmem fails for lacking of balloon support
"cannot set memory of an active domain" is misleading, it sounds
like setting memory of active domain is not supported.
(cherry picked from commit 968b6c60e9b1889dbaf72cfee1c4fccbd640d69d)
Peter Krempa [Thu, 21 Jun 2012 16:34:32 +0000 (18:34 +0200)]
virsh: Improve error when trying to change vm's cpu count 0
This patch adds a check for the count of processors the user requests
for the guest machine so that invalid values produce a more helpful
error message.
(cherry picked from commit de924ca90a0ff1ad8adeab460761f65b7a742d72)
Jim Fehlig [Thu, 21 Jun 2012 05:28:09 +0000 (23:28 -0600)]
Initialize random generator in lxc controller
The lxc contoller eventually makes use of virRandomBits(), which was
segfaulting since virRandomInitialize() is never invoked.
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff554d560 in random_r () from /lib64/libc.so.6
(gdb) bt
0 0x00007ffff554d560 in random_r () from /lib64/libc.so.6
1 0x0000000000469eaa in virRandomBits (nbits=32) at util/virrandom.c:80
2 0x000000000045bf69 in virHashCreateFull (size=256,
dataFree=0x4aa2a2 <hashDataFree>, keyCode=0x45bd40 <virHashStrCode>,
keyEqual=0x45bdad <virHashStrEqual>, keyCopy=0x45bdfa <virHashStrCopy>,
keyFree=0x45be37 <virHashStrFree>) at util/virhash.c:134
3 0x000000000045c069 in virHashCreate (size=0, dataFree=0x4aa2a2 <hashDataFree>)
at util/virhash.c:164
4 0x00000000004aa562 in virNWFilterHashTableCreate (n=0)
at conf/nwfilter_params.c:686
5 0x00000000004aa95b in virNWFilterParseParamAttributes (cur=0x711d30)
at conf/nwfilter_params.c:793
6 0x0000000000481a7f in virDomainNetDefParseXML (caps=0x702c90, node=0x7116b0,
ctxt=0x7101b0, bootMap=0x0, flags=0) at conf/domain_conf.c:4589
7 0x000000000048cc36 in virDomainDefParseXML (caps=0x702c90, xml=0x710040,
root=0x7103b0, ctxt=0x7101b0, expectedVirtTypes=16, flags=0)
at conf/domain_conf.c:8658
8 0x000000000048f011 in virDomainDefParseNode (caps=0x702c90, xml=0x710040,
root=0x7103b0, expectedVirtTypes=16, flags=0) at conf/domain_conf.c:9360
9 0x000000000048ee30 in virDomainDefParse (xmlStr=0x0,
filename=0x702ae0 "/var/run/libvirt/lxc/x.xml", caps=0x702c90,
expectedVirtTypes=16, flags=0) at conf/domain_conf.c:9310
10 0x000000000048ef00 in virDomainDefParseFile (caps=0x702c90,
filename=0x702ae0 "/var/run/libvirt/lxc/x.xml", expectedVirtTypes=16, flags=0)
at conf/domain_conf.c:9332
11 0x0000000000425053 in main (argc=5, argv=0x7fffffffe2b8)
at lxc/lxc_controller.c:1773
(cherry picked from commit 57349ffc10290eed2cb25ca7cfb4b34ab5003156)
Until now, it was possible to crash libvirtd when defining domain with
channel device with missing source element.
When creating new virDomainChrDef, target.port is set to -1, but
unfortunately it is an union with addresses that virDomainChrDefFree
tries to free in case the deviceType is channel. Having the port set
to -1 is intended, however the cleanest way to get around the problems
with the crash seems to be renumbering the VIR_DOMAIN_CHR_CHANNEL_
target types to cover new NONE type (with value 0) being the default
(no target type yet).
(cherry picked from commit 830d035ff5a88c3896a6e508364e34697de941a1)
virsh: make domiftune interface help string consistent
Append '(MAC Address)' after the help string of domiftune virsh
command as it takes the same type of argument as domif-{get,set}link
which have it specified.
(cherry picked from commit 4b2273074c2459136c67e657d2a2ac2e9db6f5a4)
Michal Privoznik [Fri, 15 Jun 2012 16:00:13 +0000 (18:00 +0200)]
qemu_agent: Wait for events instead of agent response
With latest changes to qemu-ga success on some commands is not reported
anymore, e.g. guest-shutdown or guest-suspend-*. However, errors are
still being reported. Therefore, we need to find different source of
indication if operation was successful. Events.
(cherry picked from commit d97a234c62d272eb140c836cb93d750a4dec3354)
Eric Blake [Wed, 13 Jun 2012 16:09:39 +0000 (10:09 -0600)]
build: hoist qemu dependence on yajl to configure
Commit 6e769eba made it a runtime error if libvirt was compiled
without yajl support but targets a new enough qemu. But enough
users are hitting this on self-compiled libvirt that it is worth
erroring out at compilation time, rather than an obscure failure
when trying to use the built executable.
* configure.ac: If qemu is requested and -version works, require
yajl when qemu version is new enough.
* src/qemu/qemu_capabilities.c (qemuCapsComputeCmdFlags): Add
comment.
(cherry picked from commit 350583c859deaaddc98d7319e1c2ad649e4d3e83)
Cole Robinson [Fri, 15 Jun 2012 17:46:51 +0000 (13:46 -0400)]
autogen: Always abide --system
If we do ./autogen.sh && ./configure, then later try ./autogen.sh --system,
configure isn't invoked with the requested params. Instead
config.status --recheck is run.
(cherry picked from commit 2cd29c3107ff1f135e05fa55f3b389f37a6cb867)
Jim Fehlig [Thu, 14 Jun 2012 17:20:17 +0000 (11:20 -0600)]
Check for errors when parsing bridge interface XML
The return status of virInterfaceDefParseBridge() was not being
checked, potentially resulting in the creation of a broken
interface.
(cherry picked from commit cc004a664750e84a234d01ae4a5d774f7f980307)
Osier Yang [Fri, 15 Jun 2012 02:34:04 +0000 (10:34 +0800)]
schema: Update domain XML schema
'boot' tag shouldn't be exclusive with 'kernel', 'initrd', and 'cmdline',
though the boot sequence doesn't make sense when the guest boots from
kernel directly. But it's useful if booting from kernel is to install
a newguest, even if it's not to install a guest, there is no hurt. And
on the other hand, we allow 'boot' and the kernel tags when parsing.
(cherry picked from commit b34324fbf09c82fbd4ad2c0dcc140172ee045c8a)
Wen Congyang [Fri, 25 May 2012 10:12:00 +0000 (18:12 +0800)]
qemu: fix potential dead lock
If we lock the qemu_driver, we should call qemuDomainObjBeginJobWithDriver()
not qemuDomainObjBeginJob().
(cherry picked from commit 5136c5799fabe411eb0fadc59377572e21386d83)
Osier Yang [Thu, 14 Jun 2012 11:09:53 +0000 (19:09 +0800)]
virsh: Null terminated the string memcpy from buffer explicitly
Detected by valgrind:
==16217== 1 errors in context 1 of 12:
==16217== Invalid read of size 1
==16217== at 0x4A07804: __GI_strlen (mc_replace_strmem.c:284)
==16217== by 0x3019F167F6: xdr_string (in /lib64/libc-2.12.so)
==16217== by 0x3033709E8D: xdr_remote_nonnull_string (remote_protocol.c:31)
==16217== by 0x303370E5CB: xdr_remote_domain_update_device_flags_args (remote_protocol.c:2028)
==16217== by 0x30337197D1: virNetMessageEncodePayload (virnetmessage.c:341)
==16217== by 0x30337135E1: virNetClientProgramCall (virnetclientprogram.c:327)
==16217== by 0x30336F1EFD: callWithFD (remote_driver.c:4586)
==16217== by 0x30336F1F7B: call (remote_driver.c:4607)
==16217== by 0x30336F42F2: remoteDomainUpdateDeviceFlags (remote_client_bodies.h:2865)
==16217== by 0x30336D46E5: virDomainUpdateDeviceFlags (libvirt.c:9457)
==16217== by 0x41AEE8: cmdChangeMedia (virsh.c:15249)
==16217== by 0x413CB4: vshCommandRun (virsh.c:18669)
==16217== Address 0x4ec5e25 is 0 bytes after a block of size 293 alloc'd
==16217== at 0x4A04A28: calloc (vg_replace_malloc.c:467)
==16217== by 0x303364F1DB: virAllocN (memory.c:129)
==16217== by 0x41A844: vshPrepareDiskXML (virsh.c:15043)
==16217== by 0x41AECC: cmdChangeMedia (virsh.c:15246)
==16217== by 0x413CB4: vshCommandRun (virsh.c:18669)
==16217== by 0x423973: main (virsh.c:20261)
(cherry picked from commit e3843d7f046da93d5dfb8f1a8a8f4fcee8f6a5c1)
The public libvirt API does not have any application visible
dependency on Xen libraries. The xen-devel dependency is thus
bogus
(cherry picked from commit 899bf6680a8c7c715e79ed6e80b00528eacb73cc)
In case nparams was originally set to 0, virDomain* API would fill it
with the number of typed parameters it can provide and we would use this
number (rather than zero) to clear params. Because VIR_ALLOC* returns
non-NULL pointer even if size is 0, the code would end up walking
through random memory. If we were lucky enough and the memory contained
7 (VIR_TYPED_PARAM_STRING) at the right place, we would try to free a
random pointer and crash.
libvirt-guests: systemd host shutdown does not work
I originally postet this into the Fedora bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=843836
Currently gracefully shutting down guest vms on host shutdown does not work on
Fedora 17, the guests are killed hard on system shutdown.
The reason is systemd considers libvirt-guests.service to be stopped when the
system is running:
$ systemctl status libvirt-guests.service
libvirt-guests.service - Suspend Active Libvirt Guests
Loaded: loaded (/usr/lib/systemd/system/libvirt-guests.service;
enabled)
Active: deactivating (stop) since Fri, 27 Jul 2012 15:47:31 +0200;
2min 48s ago
Process: 1085 ExecStart=/etc/init.d/libvirt-guests start
(code=exited, status=0/SUCCESS)
Control: 1150 (libvirt-guests)
CGroup: name=systemd:/system/libvirt-guests.service
└ control
├ 1150 /bin/sh /etc/init.d/libvirt-guests stop
└ 2257 sleep 1
libvirt-guests.service is defined as type "simple" in systemd (the default).
That means systemd will shut down the service when the start executable is
terminated after starting is done. Systemd will not call stop again on system
shutdown because it thinks it is already stopped.
The solution is to define it as type "oneshot" and set the flag
"RemainAfterExit". Then systemd will consider the service as active after
startup and will call the stop function on host shutdown.
(cherry picked from commit 79ca7e4e5763795b041e95738c73d4e64bf1024b)
Eric Blake [Tue, 10 Jul 2012 15:37:07 +0000 (09:37 -0600)]
build: update to latest gnulib, for secure tarball
Pick up some build fixes in the latest gnulib. In particular,
we want to ensure that official tarballs are secure, but don't
want to penalize people who don't run 'make dist', since fixed
automake still hasn't hit common platforms like Fedora 17.
* .gnulib: Update to latest, for Automake CVE-2012-3386 detection.
* bootstrap: Resync from gnulib.
* bootstrap.conf (gnulib_extra_files): Drop missing, since gnulib
has dropped it in favor of Automake's version.
* cfg.mk (local-checks-to-skip): Conditionally skip the security
check in cases where it doesn't matter.
(cherry picked from commit f12e1396212b9127306245c61566f171a3df7aa3)
Update to latest GNULIB to fix compat with Mingw64 toolchain
On both x86_64-w64-mingw32 and i686-w64-mingw32 there were
the following warnings/errors:
CC fstat.lo
../../../gnulib/lib/fstat.c:27:0: warning: "stat" redefined [enabled by default]
In file included from ./sys/stat.h:32:0,
from ../../../gnulib/lib/fstat.c:25:
/usr/x86_64-w64-mingw32/sys-root/mingw/include/sys/stat.h:258:0: note: this is the location of the previous definition
../../../gnulib/lib/fstat.c:28:0: warning: "fstat" redefined [enabled by default]
In file included from ./sys/stat.h:32:0,
from ../../../gnulib/lib/fstat.c:25:
/usr/x86_64-w64-mingw32/sys-root/mingw/include/sys/stat.h:259:0: note: this is the location of the previous definition
CC stat.lo
../../../gnulib/lib/stat.c:32:0: warning: "stat" redefined [enabled by default]
In file included from ./sys/stat.h:32:0,
from ../../../gnulib/lib/stat.c:27:
/usr/x86_64-w64-mingw32/sys-root/mingw/include/sys/stat.h:258:0: note: this is the location of the previous definition
CC stdio-read.lo
../../../gnulib/lib/stdio-read.c:102:1: error: redefinition of 'vscanf'
In file included from ./stdio.h:43:0,
from ../../../gnulib/lib/stdio-read.c:21:
/usr/x86_64-w64-mingw32/sys-root/mingw/include/stdio.h:397:7: note: previous definition of 'vscanf' was here
../../../gnulib/lib/stdio-read.c:108:1: error: redefinition of 'vfscanf'
In file included from ./stdio.h:43:0,
from ../../../gnulib/lib/stdio-read.c:21:
/usr/x86_64-w64-mingw32/sys-root/mingw/include/stdio.h:384:7: note: previous definition of 'vfscanf' was here
make[3]: *** [stdio-read.lo] Error 1
make[3]: Leaving directory `/home/berrange/src/virt/libvirt/build/gnulib/lib'
While on x86_64-w64-mingw32 only there was:
In file included from ../../../gnulib/lib/regex.c:69:0:
../../../gnulib/lib/regcomp.c: In function 'parse_dup_op':
../../../gnulib/lib/regcomp.c:2624:39: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast]
../../../gnulib/lib/regcomp.c: In function 'mark_opt_subexp':
../../../gnulib/lib/regcomp.c:3859:19: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
projects / thirdparty / libvirt.git / log
