- 10 3月, 2014 2 次提交
-
-
由 Michal Privoznik 提交于
This fixes a possible double free. In virNetworkAssignDef() if virBitmapNew() fails, then virNetworkObjFree(network) is called. However, with network->def pointing to actual @def. So if caller frees @def again, ... Moreover, this fixes one possible memory leak too. In virInterfaceAssignDef() if appending to the list of interfaces fails, we ought to call virInterfaceObjFree() instead of bare VIR_FREE(). Although, in order to do that some array size variables needs to be turned into size_t rather than int. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Daniel P. Berrange 提交于
The nwfilter conf update mutex previously serialized updates to the internal data structures for firewall rules, and updates to the firewall itself. The latter was recently turned into a read/write lock, and filter instantiation allowed to proceed in parallel. It was believed that this was ok, since each filter is created on a separate iptables/ebtables chain. It turns out that there is a subtle lock ordering problem on virNWFilterObjPtr instances. __virNWFilterInstantiateFilter will hold a lock on the virNWFilterObjPtr it is instantiating. This in turn invokes virNWFilterInstantiate which then invokes virNWFilterDetermineMissingVarsRec which then invokes virNWFilterObjFindByName. This iterates over every single virNWFilterObjPtr in the list, locking them and checking their name. So if 2 or more threads try to instantiate a filter in parallel, they'll all hold 1 lock at the top level in the __virNWFilterInstantiateFilter method which will cause the other thread to deadlock in virNWFilterObjFindByName. The fix is to add an exclusive mutex to serialize the execution of __virNWFilterInstantiateFilter. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 08 3月, 2014 1 次提交
-
-
由 John Ferlan 提交于
This resolves a Coverity RESOURCE_LEAK issue introduced by commit id 'de6fa535' where the virSCSIDeviceSetUsedBy() didn't VIR_FREE the 'copy' or possibly VIR_STRDUP()'d values. It also ensures that the VIR_APPEND_ELEMENT is successful...
-
- 07 3月, 2014 1 次提交
-
-
由 Michael Chapman 提交于
If SELinux is compiled into libvirt but it is disabled on the host, libvirtd logs: error : virIdentityGetSystem:173 : Unable to lookup SELinux process context: Invalid argument on each and every client connection. Use is_selinux_enabled() to skip retrieval of the process's SELinux context if SELinux is disabled. Signed-off-by: NMichael Chapman <mike@very.puzzling.org>
-
- 06 3月, 2014 2 次提交
-
-
由 Martin Kletzander 提交于
When domain is started with setting that cannot be done, i.e. those that require cgroups, there is no error reported and it succeeds without any message whatsoever. When setting with API, virsh, an error is reported, but only due to the fact that no cgroups are mounted (priv->cgroup == NULL). Given the above it seems reasonable to reject such unsupported settings. This patch effectively changes the error message from: $ virsh -c qemu:///session schedinfo dummy Scheduler : Unknown error: Requested operation is not valid: cgroup CPU controller is not mounted to: $ virsh -c qemu:///session schedinfo dummy Scheduler : Unknown error: Operation not supported: CPU tuning is not available in session mode Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1023366Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
-
由 Michael Chapman 提交于
As of commit 46ec5f85, the conn.lock mutex does not need to be held when calling any vir*Dispose() function in datatypes.c (via virObjectUnref()). Signed-off-by: NMichael Chapman <mike@very.puzzling.org> Signed-off-by: NJán Tomko <jtomko@redhat.com>
-
- 05 3月, 2014 5 次提交
-
-
由 Peter Krempa 提交于
The qemuMonitorJSONBlockJob handles a few errors internally. If qemu returns a different error we would report a rather unhelpful message: $ virsh blockpull gluster-job vda --base /dev/null error: internal error: Unexpected error As the actual message from qemu contains a bit more info, let's use it to report something a little more useful: $ virsh blockpull gluster-job vda --base /dev/null error: internal error: Unexpected error: (GenericError) 'Base '/dev/null' not found'
-
由 Peter Krempa 提交于
In storageVolLookupByPath the provided path is "sanitized" at first. This removes some extra slashes and stuff. When the lookup of the volume fails the original path is used which makes it hard to trace errors in some cases. Improve the error message to print the sanitized path along with the user provided path if they are not equal.
-
由 Peter Krempa 提交于
When looking up a volume by path on a non-local filesystem don't use the "cleaned" path that might be mangled in such a way that it will differ from a path provided by a storage backend. Skip the cleanup step for gluster, sheepdog and RBD.
-
由 Peter Krempa 提交于
Pools that are not backed by files in the filesystem cause problems with some APIs. Error out when attempting to upload a volume in such a pool as currently we expect a local file representation for it.
-
由 Peter Krempa 提交于
-
- 04 3月, 2014 23 次提交
-
-
由 Chunyan Liu 提交于
Signed-off-by: NChunyan Liu <cyliu@suse.com>
-
由 Chunyan Liu 提交于
Specify which driver and which domain in used_by area to avoid conflict among different drivers. Signed-off-by: NChunyan Liu <cyliu@suse.com>
-
由 Cédric Bosdonnat 提交于
-
由 Cédric Bosdonnat 提交于
-
由 Cédric Bosdonnat 提交于
The reason for these is that aa-status doesn't show the process using the profile as they are in another namespace.
-
由 Cédric Bosdonnat 提交于
use_apparmor() was first designed to be called from withing libvirtd, but libvirt_lxc also uses it. in libvirt_lxc, there is no need to check whether to use apparmor or not: just use it if possible.
-
由 Peter Krempa 提交于
In qemuMonitorJSONExtractCPUInfo an error message hinted on missing character device data which is wrong. Also a comment states that only qemu-kvm tree includes the thread_id field. This is no longer true.
-
由 Peter Krempa 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=1071264 Reverting of external snapshots is not supported currently. The check that is present doesn't properly check for all aspects that make a snapshot external. Use virDomainSnapshotIsExternal() to do the check.
-
由 Michal Privoznik 提交于
As I did previously in 4f588a1b, libvirt needs to set virtio vectors. Previously, we were advised to use vectors=N, where N = 2 * (number of queues) + 1 However, just recently this advisory has changed on the Multiquue wiki page [1] to: N = 2 * (number of queues) + 2 1: http://www.linux-kvm.org/page/Multiqueue#Enable_MQ_featureSigned-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Ján Tomko 提交于
If systemd is installed, but is not the init system, systemd-machined fails with an unhelpful error message: Launch helper exited with unknown return code 1 Currently we only check if the "machine1" service is available (in ListActivatableNames). Also check if "systemd1" service is registered with DBus (ListNames). This fixes https://bugs.gentoo.org/show_bug.cgi?id=493246#c22
-
由 Ján Tomko 提交于
Introduce virDBusIsServiceInList which can be used to call other methods for listing services (ListNames), not just ListActivatableNames. No functional change, fixed the 'Retruns' typo.
-
由 Eric Blake 提交于
Jenkins pointed out that the previous commit violates syntax check when cppi is installed. * src/nwfilter/nwfilter_dhcpsnoop.c (SNOOP_POLL_MAX_TIMEOUT_MS): Update indentation. Signed-off-by: NEric Blake <eblake@redhat.com>
-
由 Stefan Berger 提交于
Libpcap 1.5 requires a larger buffer than previous pcap versions. Adjust the size of the buffer to 128kb. This patch should address symptoms in BZ 1071181 and BZ 731059 Signed-off-by: NStefan Berger <stefanb@linux.vnet.ibm.com>
-
由 Stefan Berger 提交于
Display the pcap error message in the log. Signed-off-by: NStefan Berger <stefanb@linux.vnet.ibm.com>
-
由 Stefan Berger 提交于
Cap the poll timeout in the DHCP Snooping code to a max. of 10 seconds to not hold up the libvirt shutdown longer than this. Signed-off-by: NStefan Berger <stefanb@linux.vnet.ibm.com>
-
由 Eric Blake 提交于
The old semantics of virFork() violates the priciple of good usability: it requires the caller to check the pid argument after use, *even when virFork returned -1*, in order to properly abort a child process that failed setup done immediately after fork() - that is, the caller must call _exit() in the child. While uses in virfile.c did this correctly, uses in 'virsh lxc-enter-namespace' and 'virt-login-shell' would happily return from the calling function in both the child and the parent, leading to very confusing results. [Thankfully, I found the problem by inspection, and can't actually trigger the double return on error without an LD_PRELOAD library.] It is much better if the semantics of virFork are impossible to abuse. Looking at virFork(), the parent could only ever return -1 with a non-negative pid if it misused pthread_sigmask, but this never happens. Up until this patch series, the child could return -1 with non-negative pid if it fails to set up signals correctly, but we recently fixed that to make the child call _exit() at that point instead of forcing the caller to do it. Thus, the return value and contents of the pid argument are now redundant (a -1 return now happens only for failure to fork, a child 0 return only happens for a successful 0 pid, and a parent 0 return only happens for a successful non-zero pid), so we might as well return the pid directly rather than an integer of whether it succeeded or failed; this is also good from the interface design perspective as users are already familiar with fork() semantics. One last change in this patch: before returning the pid directly, I found cases where using virProcessWait unconditionally on a cleanup path of a virFork's -1 pid return would be nicer if there were a way to avoid it overwriting an earlier message. While such paths are a bit harder to come by with my change to a direct pid return, I decided to keep the virProcessWait change in this patch. * src/util/vircommand.h (virFork): Change signature. * src/util/vircommand.c (virFork): Guarantee that child will only return on success, to simplify callers. Return pid rather than status, now that the situations are always the same. (virExec): Adjust caller, also avoid open-coding process death. * src/util/virprocess.c (virProcessWait): Tweak semantics when pid is -1. (virProcessRunInMountNamespace): Adjust caller. * src/util/virfile.c (virFileAccessibleAs, virFileOpenForked) (virDirCreate): Likewise. * tools/virt-login-shell.c (main): Likewise. * tools/virsh-domain.c (cmdLxcEnterNamespace): Likewise. * tests/commandtest.c (test23): Likewise. Signed-off-by: NEric Blake <eblake@redhat.com>
-
由 Eric Blake 提交于
Auditing all callers of virCommandRun and virCommandWait that passed a non-NULL pointer for exit status turned up some interesting observations. Many callers were merely passing a pointer to avoid the overall command dying, but without caring what the exit status was - but these callers would be better off treating a child death by signal as an abnormal exit. Other callers were actually acting on the status, but not all of them remembered to filter by WIFEXITED and convert with WEXITSTATUS; depending on the platform, this can result in a status being reported as 256 times too big. And among those that correctly parse the output, it gets rather verbose. Finally, there were the callers that explicitly checked that the status was 0, and gave their own message, but with fewer details than what virCommand gives for free. So the best idea is to move the complexity out of callers and into virCommand - by default, we return the actual exit status already cleaned through WEXITSTATUS and treat signals as a failed command; but the few callers that care can ask for raw status and act on it themselves. * src/util/vircommand.h (virCommandRawStatus): New prototype. * src/libvirt_private.syms (util/command.h): Export it. * docs/internals/command.html.in: Document it. * src/util/vircommand.c (virCommandRawStatus): New function. (virCommandWait): Adjust semantics. * tests/commandtest.c (test1): Test it. * daemon/remote.c (remoteDispatchAuthPolkit): Adjust callers. * src/access/viraccessdriverpolkit.c (virAccessDriverPolkitCheck): Likewise. * src/fdstream.c (virFDStreamCloseInt): Likewise. * src/lxc/lxc_process.c (virLXCProcessStart): Likewise. * src/qemu/qemu_command.c (qemuCreateInBridgePortWithHelper): Likewise. * src/xen/xen_driver.c (xenUnifiedXendProbe): Simplify. * tests/reconnect.c (mymain): Likewise. * tests/statstest.c (mymain): Likewise. * src/bhyve/bhyve_process.c (virBhyveProcessStart) (virBhyveProcessStop): Don't overwrite virCommand error. * src/libvirt.c (virConnectAuthGainPolkit): Likewise. * src/openvz/openvz_driver.c (openvzDomainGetBarrierLimit) (openvzDomainSetBarrierLimit): Likewise. * src/util/virebtables.c (virEbTablesOnceInit): Likewise. * src/util/viriptables.c (virIpTablesOnceInit): Likewise. * src/util/virnetdevveth.c (virNetDevVethCreate): Fix debug message. * src/qemu/qemu_capabilities.c (virQEMUCapsInitQMP): Add comment. * src/storage/storage_backend_iscsi.c (virStorageBackendISCSINodeUpdate): Likewise. Signed-off-by: NEric Blake <eblake@redhat.com>
-
由 Eric Blake 提交于
Right now, a caller waiting for a child process either requires the child to have status 0, or must use WIFEXITED() and friends itself. But in many cases, we want the middle ground of treating fatal signals as an error, and directly accessing the normal exit value without having to use WEXITSTATUS(), in order to easily detect an expected non-zero exit status. This adds the middle ground to the low-level virProcessWait; the next patch will add it to virCommand. * src/util/virprocess.h (virProcessWait): Alter signature. * src/util/virprocess.c (virProcessWait): Add parameter. (virProcessRunInMountNamespace): Adjust caller. * src/util/vircommand.c (virCommandWait): Likewise. * src/util/virfile.c (virFileAccessibleAs): Likewise. * src/lxc/lxc_container.c (lxcContainerHasReboot) (lxcContainerAvailable): Likewise. * daemon/libvirtd.c (daemonForkIntoBackground): Likewise. * tools/virt-login-shell.c (main): Likewise. * tools/virsh-domain.c (cmdLxcEnterNamespace): Likewise. * tests/testutils.c (virtTestCaptureProgramOutput): Likewise. * tests/commandtest.c (test23): Likewise. Signed-off-by: NEric Blake <eblake@redhat.com>
-
由 Eric Blake 提交于
The documentation of namespace callbacks was inconsistent on whether it preserved positive return values. Now that we have a dedicated EXIT_CANCELED to flag all errors before getting to the callback, it is possible to use positive return values (not that any of the current callers do, but it is better to match the docs). Also, while vircommand.c is careful to close fds that a child should not have, it's still better to be in the practice of setting FD_CLOEXEC up front. * src/util/virprocess.c (virProcessRunInMountNamespace): Tweak return value to pass back non-zero status. Avoid leaking pipe fds to other threads. * src/util/virprocess.h: Fix comment. Signed-off-by: NEric Blake <eblake@redhat.com>
-
由 Eric Blake 提交于
Thanks to namespaces, we have a couple of places in the code base that want to reflect a child exit status, including the ability to detect death by a signal, back to a grandparent. Best to make it a reusable function. * src/util/virprocess.h (virProcessExitWithStatus): New prototype. * src/libvirt_private.syms (util/virprocess.h): Export it. * src/util/virprocess.c (virProcessExitWithStatus): New function. * tests/commandtest.c (test23): Test it. Signed-off-by: NEric Blake <eblake@redhat.com>
-
由 Eric Blake 提交于
When a child fails without exec'ing, we want a well-known status; best is to match what env(1), nice(1), su(1), and other wrapper programs do. This patch adds enum values that later patches will use, and sets up virFork as the first client of EXIT_CANCELED for errors detected prior to even attempting exec, as well as virExec to distinguish between a missing executable vs. a binary that cannot be executed. This is a slight semantic change in the unlikely case of a child process failing to restore its signal mask - we now kill the child with a known status instead of relying on the caller to notice and do an appropriate _exit(). A subsequent patch will make further cleanups based on an audit of all callers. * src/internal.h (EXIT_CANCELED, EXIT_CANNOT_INVOKE) (EXIT_ENOENT): New enum. * src/util/vircommand.c (virFork): Document specific exit value if child aborts early. (virExec): Distinguish between various exec failures. * tests/commandtest.c (test1): Enhance test. (test22): New test. Signed-off-by: NEric Blake <eblake@redhat.com>
-
由 Eric Blake 提交于
While auditing all callers of virCommandRun, I noticed that nwfilter code never paid attention to commands with a non-zero status; they were merely passing a pointer to avoid spamming the logs with a message about commands that might indeed fail. But proving this required chasing through a lot of code; refactoring things to localize the decision of whether to ignore non-zero status makes it easier to prove that later changes to virFork don't negatively affect this code. While at it, I also noticed that ebiptablesRemoveRules would actually report success if the child process failed for a reason other than non-zero status, such as OOM. * src/nwfilter/nwfilter_ebiptables_driver.c (ebiptablesExecCLI): Change parameter from pointer to bool. (ebtablesApplyBasicRules, ebtablesApplyDHCPOnlyRules) (ebtablesApplyDropAllRules, ebtablesCleanAll) (ebiptablesApplyNewRules, ebiptablesTearNewRules) (ebiptablesTearOldRules, ebiptablesAllTeardown) (ebiptablesDriverInitWithFirewallD) (ebiptablesDriverTestCLITools, ebiptablesDriverProbeStateMatch): Adjust all clients. (ebiptablesRemoveRules): Likewise, and fix return value on failure. Signed-off-by: NEric Blake <eblake@redhat.com>
-
由 Oleg Strikov 提交于
Openstack Nova calls virConnectBaselineCPU() during initialization of the instance to get a full list of CPU features. This patch adds a stub to arm-specific code to handle this request (no actual work is done). Signed-off-by: NOleg Strikov <oleg.strikov@canonical.com>
-
- 03 3月, 2014 1 次提交
-
-
由 Daniel P. Berrange 提交于
When probing QEMU capabilities fails for a binary generate a log message with MESSAGE_ID==8ae2f3fb-2dbe-498e-8fbd-012d40afa361. This can be directly queried from journald based on the UUID instead of needing string grep. This lets tools like libguestfs' bug reporting tool trivially do automated sanity tests on the host they're running on. $ journalctl MESSAGE_ID=8ae2f3fb-2dbe-498e-8fbd-012d40afa361 Feb 21 17:11:01 localhost.localdomain lt-libvirtd[9196]: Failed to probe capabilities for /bin/qemu-system-alpha: internal error: Child process (LC_ALL=C LD_LIBRARY_PATH= /home/berrange/src/virt/libvirt/src/.libs PATH=/usr/lib64/ ccache:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin: /usr/bin:/root/bin HOME=/root USER=root LOGNAME=root /bin/qemu-system-alpha -help) unexpected exit status 127: /bin/qemu-system-alpha: error while loading shared libraries: libglapi.so.0: cannot open shared object file: No such file or directory $ journalctl MESSAGE_ID=8ae2f3fb-2dbe-498e-8fbd-012d40afa361 --output=json { ...snip... "LIBVIRT_SOURCE" : "file", "PRIORITY" : "3", "CODE_FILE" : "qemu/qemu_capabilities.c", "CODE_LINE" : "2770", "CODE_FUNC" : "virQEMUCapsLogProbeFailure", "MESSAGE_ID" : "8ae2f3fb-2dbe-498e-8fbd-012d40afa361", "LIBVIRT_QEMU_BINARY" : "/bin/qemu-system-xtensa", "MESSAGE" : "Failed to probe capabilities for /bin/qemu-system-xtensa: internal error: Child process (LC_ALL=C LD_LIBRARY_PATH=/home/berrange /src/virt/libvirt/src/.libs PATH=/usr/lib64/ccache:/usr/local/sbin: /usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin HOME=/root USER=root LOGNAME=root /bin/qemu-system-xtensa -help) unexpected exit status 127: /bin/qemu-system-xtensa: error while loading shared libraries: libglapi.so.0: cannot open shared object file: No such file or directory\n" } Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 02 3月, 2014 1 次提交
-
-
由 Roman Bogorodskiy 提交于
-
- 01 3月, 2014 4 次提交
-
-
由 Roman Bogorodskiy 提交于
-
由 Roman Bogorodskiy 提交于
Implement domainUndefine and required helper functions: - domainIsActive - domainIsPersistent
-
由 Daniel P. Berrange 提交于
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
When a virError is raised, pass the error domain and code onto the systemd journald using metadata fields. This allows error messages to be queried by code eg $ journalctl LIBVIRT_CODE=43 Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-