1. 21 8月, 2013 5 次提交
    • O
      qemu_conf: Fix broken logic for adding passthrough iscsi lun · 109d026a
      Osier Yang 提交于
      Following XML would fail :
      
          <disk type='network' device='lun'>
            <driver name='qemu' type='raw'/>
            <source protocol='iscsi' name='iqn.2013-07.com.example:iscsi/1'>
              <host name='example.com' port='3260'/>
            </source>
            <target dev='sda' bus='scsi'/>
          </disk>
      
      With the message:
      
      error: Failed to start domain iscsilun
      error: Unable to get device ID 'iqn.2013-07.com.example:iscsi/1': No such fi
      
      Cause was commit id '1f49b05a' which added 'virDomainDiskSourceIsBlockType'
      109d026a
    • J
      virsh: Print cephx and iscsi usage · db1382f3
      John Ferlan 提交于
      When using virsh secret-list - if the secret types are cephx or iscsi,
      then allow fetch/print of the usage information. Prior to the change
      the following would print:
      
      UUID                                 Usage
      -----------------------------------------------------------
      1b40a534-8301-45d5-b1aa-11894ebb1735 Unused
      a5ba3efe-6adf-4a6a-b243-f010a043e314 Unused
      
      Afterwards:
      
      UUID                                 Usage
      -----------------------------------------------------------
      1b40a534-8301-45d5-b1aa-11894ebb1735 ceph ceph_example
      a5ba3efe-6adf-4a6a-b243-f010a043e314 iscsi libvirtiscsi
      db1382f3
    • J
      libxl: Resolve possible NULL dereference · 6aea4ebc
      John Ferlan 提交于
      If we reached cleanup: prior to allocating cpus, it was possible that
      'nr_nodes' had a value, but cpus was NULL leading to a possible NULL
      deref. Add a 'cpus' as an end condition to for loop
      6aea4ebc
    • E
      selinux: enhance test to cover nfs label failure · 95577af4
      Eric Blake 提交于
      Daniel Berrange (correctly) pointed out that we should do a better
      job of testing selinux labeling fallbacks on NFS disks that lack
      labeling support.
      
      * tests/securityselinuxhelper.c (includes): Makefile already
      guaranteed xattr support.  Add additional headers.
      (init_syms): New function, borrowing from vircgroupmock.c.
      (setfilecon_raw, getfilecon_raw): Fake NFS failure.
      (statfs): Fake an NFS mount point.
      (security_getenforce, security_get_boolean_active): Don't let host
      environment affect test.
      * tests/securityselinuxlabeldata/nfs.data: New file.
      * tests/securityselinuxlabeldata/nfs.xml: New file.
      * tests/securityselinuxlabeltest.c (testSELinuxCreateDisks)
      (testSELinuxDeleteDisks): Setup and cleanup for fake NFS mount.
      (testSELinuxCheckLabels): Test handling of SELinux NFS denial.
      Fix memory leak.
      (testSELinuxLabeling): Avoid infinite loop on dirty tree.
      (mymain): Add new test.
      95577af4
    • E
      selinux: distinguish failure to label from request to avoid label · 0f082e69
      Eric Blake 提交于
      https://bugzilla.redhat.com/show_bug.cgi?id=924153
      
      Commit 904e05a2 (v0.9.9) added a per-<disk> seclabel element with
      an attribute relabel='no' in order to try and minimize the
      impact of shutdown delays when an NFS server disappears.  The idea
      was that if a disk is on NFS and can't be labeled in the first
      place, there is no need to attempt the (no-op) relabel on domain
      shutdown.  Unfortunately, the way this was implemented was by
      modifying the domain XML so that the optimization would survive
      libvirtd restart, but in a way that is indistinguishable from an
      explicit user setting.  Furthermore, once the setting is turned
      on, libvirt avoids attempts at labeling, even for operations like
      snapshot or blockcopy where the chain is being extended or pivoted
      onto non-NFS, where SELinux labeling is once again possible.  As
      a result, it was impossible to do a blockcopy to pivot from an
      NFS image file onto a local file.
      
      The solution is to separate the semantics of a chain that must
      not be labeled (which the user can set even on persistent domains)
      vs. the optimization of not attempting a relabel on cleanup (a
      live-only annotation), and using only the user's explicit notation
      rather than the optimization as the decision on whether to skip
      a label attempt in the first place.  When upgrading an older
      libvirtd to a newer, an NFS volume will still attempt the relabel;
      but as the avoidance of a relabel was only an optimization, this
      shouldn't cause any problems.
      
      In the ideal future, libvirt will eventually have XML describing
      EVERY file in the backing chain, with each file having a separate
      <seclabel> element.  At that point, libvirt will be able to track
      more closely which files need a relabel attempt at shutdown.  But
      until we reach that point, the single <seclabel> for the entire
      <disk> chain is treated as a hint - when a chain has only one
      file, then we know it is accurate; but if the chain has more than
      one file, we have to attempt relabel in spite of the attribute,
      in case part of the chain is local and SELinux mattered for that
      portion of the chain.
      
      * src/conf/domain_conf.h (_virSecurityDeviceLabelDef): Add new
      member.
      * src/conf/domain_conf.c (virSecurityDeviceLabelDefParseXML):
      Parse it, for live images only.
      (virSecurityDeviceLabelDefFormat): Output it.
      (virDomainDiskDefParseXML, virDomainChrSourceDefParseXML)
      (virDomainDiskSourceDefFormat, virDomainChrDefFormat)
      (virDomainDiskDefFormat): Pass flags on through.
      * src/security/security_selinux.c
      (virSecuritySELinuxRestoreSecurityImageLabelInt): Honor labelskip
      when possible.
      (virSecuritySELinuxSetSecurityFileLabel): Set labelskip, not
      norelabel, if labeling fails.
      (virSecuritySELinuxSetFileconHelper): Fix indentation.
      * docs/formatdomain.html.in (seclabel): Document new xml.
      * docs/schemas/domaincommon.rng (devSeclabel): Allow it in RNG.
      * tests/qemuxml2argvdata/qemuxml2argv-seclabel-*-labelskip.xml:
      * tests/qemuxml2argvdata/qemuxml2argv-seclabel-*-labelskip.args:
      * tests/qemuxml2xmloutdata/qemuxml2xmlout-seclabel-*-labelskip.xml:
      New test files.
      * tests/qemuxml2argvtest.c (mymain): Run the new tests.
      * tests/qemuxml2xmltest.c (mymain): Likewise.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      0f082e69
  2. 20 8月, 2013 10 次提交
    • P
      virsh: Don't leak list of volumes when undefining domain with storage · 04898f60
      Peter Krempa 提交于
      Use the new semantics of vshStringToArray to avoid leaking the array of
      volumes to be deleted. The array would be leaked in case the first
      volume was found in the domain definition. Also refactor the code a bit
      to sanitize naming of variables hoding arrays and dimensions of the
      arrays.
      
      Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=996050
      04898f60
    • P
      virsh-pool: Improve error message in cmdPoolList · 5b5da082
      Peter Krempa 提交于
      Explicitly let the user know about the unknown pool type.
      5b5da082
    • P
      virsh: modify vshStringToArray to duplicate the elements too · d64af6ce
      Peter Krempa 提交于
      At a slightly larger memory expense allow stealing of items from the
      string array returned from vshStringToArray and turn the result into a
      string list compatible with virStringSplit. This will allow to use the
      common dealloc function.
      
      This patch also fixes a few forgotten checks of return from
      vshStringToArray and one memory leak.
      d64af6ce
    • M
      qemuBuildCommandLine: Fall back to mem balloon if there's no hard_limit · a7f94a40
      Michal Privoznik 提交于
      If there's no hard_limit set and domain uses VFIO we still must lock the
      guest memory (prerequisite from qemu). Hence, we should compute the
      amount to be locked from max_balloon.
      a7f94a40
    • M
      qemuSetupMemoryCgroup: Handle hard_limit properly · 94a24dd3
      Michal Privoznik 提交于
      Since 16bcb3 we have a regression. The hard_limit is set
      unconditionally. By default the limit is zero. Hence, if user hasn't
      configured any, we set the zero in cgroup subsystem making the kernel
      kill the corresponding qemu process immediately. The proper fix is to
      set hard_limit iff user has configured any.
      94a24dd3
    • M
      docs: Clean 09adfdc6 up · 8563b091
      Michal Privoznik 提交于
      8563b091
    • E
      virt-pki-validate: add --help/--version option · 53924ad5
      Eric Blake 提交于
      Another program gains --help/--version :)
      
      * tools/virt-pki-validate.in: Add option parsing.  Update
      documentation to match.
      * tools/Makefile.am (virt-pki-validate): Substitute version.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      53924ad5
    • E
      virt-xml-validate: add missing schemas · ab4304b7
      Eric Blake 提交于
      We were failing to autoprobe which schema to use for several
      top-level XML elements.
      
      * tools/virt-xml-validate.in (TYPE): Recognize <domainsnapshot>,
      <filter>, and <secret>.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      ab4304b7
    • E
      virt-xml-validate: add --help/--version option · b2ea248e
      Eric Blake 提交于
      All good tools should have --help and --version output :)
      
      Furthermore, we want to ensure a failed exit if xmllint fails,
      or even for 'virt-xml-validate > /dev/full'.
      
      * tools/virt-xml-validate.in: Add option parsing.  Output errors
      to stderr.  Update documentation to match.
      * tools/Makefile.am (virt-xml-validate): Substitute version.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      b2ea248e
    • J
      libxl: implement NUMA capabilities reporting · 0192fd67
      Jim Fehlig 提交于
      From: Dario Faggioli <dario.faggioli@citrix.com>
      
      Starting from Xen 4.2, libxl has all the bits and pieces in place
      for retrieving an adequate amount of information about the host
      NUMA topology. It is therefore possible, after a bit of shuffling,
      to arrange those information in the way libvirt wants to present
      them to the outside world.
      
      Therefore, with this patch, the <topology> section of the host
      capabilities is properly populated, when running on Xen, so that
      we can figure out whether or not we're running on a NUMA host,
      and what its characteristics are.
      
      [raistlin@Zhaman ~]$ sudo virsh --connect xen:/// capabilities
      <capabilities>
        <host>
          <cpu>
          ....
          <topology>
            <cells num='2'>
              <cell id='0'>
                <memory unit='KiB'>6291456</memory>
                <cpus num='8'>
                  <cpu id='0' socket_id='1' core_id='0' siblings='0-1'/>
                  <cpu id='1' socket_id='1' core_id='0' siblings='0-1'/>
                  <cpu id='2' socket_id='1' core_id='1' siblings='2-3'/>
                  <cpu id='3' socket_id='1' core_id='1' siblings='2-3'/>
                  <cpu id='4' socket_id='1' core_id='9' siblings='4-5'/>
                  <cpu id='5' socket_id='1' core_id='9' siblings='4-5'/>
                  <cpu id='6' socket_id='1' core_id='10' siblings='6-7'/>
                  <cpu id='7' socket_id='1' core_id='10' siblings='6-7'/>
                </cpus>
              </cell>
              <cell id='1'>
                <memory unit='KiB'>6881280</memory>
                <cpus num='8'>
                  <cpu id='8' socket_id='0' core_id='0' siblings='8-9'/>
                  <cpu id='9' socket_id='0' core_id='0' siblings='8-9'/>
                  <cpu id='10' socket_id='0' core_id='1' siblings='10-11'/>
                  <cpu id='11' socket_id='0' core_id='1' siblings='10-11'/>
                  <cpu id='12' socket_id='0' core_id='9' siblings='12-13'/>
                  <cpu id='13' socket_id='0' core_id='9' siblings='12-13'/>
                  <cpu id='14' socket_id='0' core_id='10' siblings='14-15'/>
                  <cpu id='15' socket_id='0' core_id='10' siblings='14-15'/>
                </cpus>
              </cell>
            </cells>
          </topology>
        </host>
        ....
      0192fd67
  3. 19 8月, 2013 8 次提交
    • P
      nwfilter: Don't fail to start if DBus isn't available · e0e61b4c
      Peter Krempa 提交于
      When the daemon is compiled with firewalld support but the DBus message
      bus isn't started in the system, the initialization of the nwfilter
      driver fails even if there are fallback options.
      e0e61b4c
    • P
      virsystemd: Don't fail to start VM if DBus isn't available or compiled in · ee3db56f
      Peter Krempa 提交于
      On hosts that don't have the DBus service running or installed the new
      systemd cgroups code failed with hard error instead of falling back to
      "manual" cgroup creation.
      
      Use the new helper to check for the system bus and use the fallback code
      in case it isn't available.
      ee3db56f
    • P
      virdbus: Add virDBusHasSystemBus() · 2398dd3d
      Peter Krempa 提交于
      Some systems may not use DBus in their system. Add a method to check if
      the system bus is available that doesn't print error messages so that
      code can later check for this condition and use an alternative approach.
      2398dd3d
    • P
      virbitmaptest: Shut coverity up in case of broken test · 39d963d1
      Peter Krempa 提交于
      Coverity reported a memleak in the test added in 7efd5fd1. In case
      the code will be broken and the code will actually parse a faulty bitmap
      the resulting pointer would be leaked. Free it although that shouldn't
      ever happen.
      39d963d1
    • D
      Make max_clients in virtlockd configurable · 9f5b4b1f
      David Weber 提交于
      Each new VM requires a new connection from libvirtd to virtlockd.
      The default max clients limit in virtlockd of 20 is thus woefully
      insufficient. virtlockd sockets are only accessible to matching
      users, so there is no security need for such a tight limit. Make
      it configurable and default to 1024.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      9f5b4b1f
    • M
      docs: Discourage users to set hard_limit · 09adfdc6
      Michal Privoznik 提交于
      In one of my previous patches I am removing the hard_limit heuristic to
      guess the correct value if none set. However, it turned out, this limit
      is hard to guess even for users. We should advise them to not set the
      limit as their domains may be OOM killed. Sigh.
      09adfdc6
    • M
      qemu: Drop qemuDomainMemoryLimit · 16bcb3b6
      Michal Privoznik 提交于
      This function is to guess the correct limit for maximal memory
      usage by qemu for given domain. This can never be guessed
      correctly, not to mention all the pains and sleepless nights this
      code has caused. Once somebody discovers algorithm to solve the
      Halting Problem, we can compute the limit algorithmically. But
      till then, this code should never see the light of the release
      again.
      16bcb3b6
    • O
      storage: Update pool metadata after adding/removing/resizing volume · e0139e30
      Osier Yang 提交于
      One has to refresh the pool to get the correct pool info after
      adding/removing/resizing a volume, this updates the pool metadata
      (allocation, available) after those operation are done.
      e0139e30
  4. 18 8月, 2013 1 次提交
  5. 17 8月, 2013 7 次提交
  6. 16 8月, 2013 9 次提交
    • D
      Update polkit examples to use 'lookup' method · 7a7cb093
      Daniel P. Berrange 提交于
      Feedback from the polkit developers indicates that the
      "_detail_XXXX" attributes are a private implementation
      detail. Our examples should be recommending use of the
      "action.lookup('XXX')" method instead.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      7a7cb093
    • P
      virbitmaptest: Add test for out of bounds condition · 7efd5fd1
      Peter Krempa 提交于
      Previous patch fixed an issue where, when parsing a bitmap from the
      string, the bounds of the bitmap weren't checked. That flaw resulted into
      crashes. This test tests that case to avoid it in the future.
      7efd5fd1
    • P
      virbitmaptest: Fix function header formatting · 536d3812
      Peter Krempa 提交于
      536d3812
    • P
      virbitmap: Refactor virBitmapParse to avoid access beyond bounds of array · 47b9127e
      Peter Krempa 提交于
      The virBitmapParse function was calling virBitmapIsSet() function that
      requires the caller to check the bounds of the bitmap without checking
      them. This resulted into crashes when parsing a bitmap string that was
      exceeding the bounds used as argument.
      
      This patch refactors the function to use virBitmapSetBit without
      checking if the bit is set (this function does the checks internally)
      and then counts the bits in the bitmap afterwards (instead of keeping
      track while parsing the string).
      
      This patch also changes the "parse_error" label to a more common
      "error".
      
      The refactor should also get rid of the need to call sa_assert on the
      returned variable as the callpath should allow coverity to infer the
      possible return values.
      
      Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=997367
      
      Thanks to Alex Jia for tracking down the issue. This issue is introduced
      by commit 0fc89098.
      47b9127e
    • P
      virsh-domain: Fix memleak in cmdCPUBaseline · f4ec8616
      Peter Krempa 提交于
      https://bugzilla.redhat.com/show_bug.cgi?id=997765
      
      ==1349431== 8 bytes in 1 blocks are definitely lost in loss record 11 of 760
      ==1349431==    at 0x4C2A554: calloc (vg_replace_malloc.c:593)
      ==1349431==    by 0x4E9AA3E: virAllocN (in /usr/lib64/libvirt.so.0.1001.1)
      ==1349431==    by 0x4EF28C4: virXPathNodeSet (in /usr/lib64/libvirt.so.0.1001.1)
      ==1349431==    by 0x130B83: cmdCPUBaseline (in /usr/bin/virsh)
      ==1349431==    by 0x12C608: vshCommandRun (in /usr/bin/virsh)
      ==1349431==    by 0x12889A: main (in /usr/bin/virsh)
      f4ec8616
    • E
      maint: update gnulib submodule · 692a4fc4
      Eric Blake 提交于
      Gnulib recently patched gcc warning detection so that it does
      not treat things like -Wno-unused-command-line-argument as
      supported in gcc (treating it as supported merely resulted in
      extra verbosity when an actual compile error occurred).  It
      has also improved bootstrap to work with less hassle on OpenBSD.
      
      * .gnulib: Update to latest, in part for bootstrap and warnings
      improvements.
      * bootstrap: Resync from gnulib.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      692a4fc4
    • E
      maint: avoid bootstrap warning · 14b4b1e2
      Eric Blake 提交于
      I noticed that in a fresh checkout, autogen.sh generated the
      following output, but continued on with execution:
      
      autoreconf: running: automake --add-missing --copy --force-missing
      gnulib/tests/Makefile.am:28: TESTS was already defined in condition TRUE, which includes condition WITH_EXPENSIVE_TESTS ...
      gnulib/tests/gnulib.mk:28: ... `TESTS' previously defined here
      gnulib/tests/Makefile.am:19:   `gnulib/tests/gnulib.mk' included from here
      
      and after the run, line 28 of gnulib.mk lists GNULIB_TESTS, not TESTS.
      After more investigation, I found that it is because gnulib bootstrap
      provides two hooks, one before automake, and the other after; we used
      the one that ran after, and were then rerunning automake ourselves;
      and the warning was from the first run.  But a manual second run is
      pointless if we use the right hook in the first place.
      
      The wrong function name has been latent since commit 38c9440a, and we
      tried to work around it in commit 6cbab7c1, but it took commit 70363ea9
      to finally change output enough for me to realize the root cause.
      
      * bootstrap.conf (bootstrap_epilogue): Rename...
      (bootstrap_post_import_hook): ...so that it gets run before automake.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      14b4b1e2
    • E
      maint: fix typo for 'switch' · c53b9c3e
      Eric Blake 提交于
      * src/util/virnetdevvportprofile.c: Fix typo.
      * src/conf/domain_conf.c: Likewise.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      c53b9c3e
    • J
      libxl: unref DomainObjPrivate on error path · f0c513a6
      Jim Fehlig 提交于
      There is a potential leak of a newly created libxlDomainObjPrivate
      when subsequent allocation of the object's chrdev field fails.
      Unref the object on such an error so that it is properly disposed.
      f0c513a6