1. 11 1月, 2011 4 次提交
    • E
      network: plug unininitialized read found by valgrind · 243b7814
      Eric Blake 提交于
      * src/util/network.c (virSocketAddrMask): Zero out port, so that
      iptables can initialize just the netmask then call
      virSocketFormatAddr without an uninitialized read in getnameinfo.
      243b7814
    • C
      remote: Don't lose track of events when callbacks are slow · 1dd5c7f2
      Cole Robinson 提交于
      After the remote driver runs an event callback, it unconditionally disables the
      loop timer, thinking it just flushed every queued event. This doesn't work
      correctly though if an event is queued while a callback is running.
      
      The events actually aren't being lost, it's just that the event loop didn't
      think there was anything that needed to be dispatched. So all those 'lost
      events' should actually get re-triggered if you manually kick the loop by
      generating a new event (like creating a new guest).
      
      The solution is to disable the dispatch timer _before_ we invoke any event
      callbacks. Events queued while a callback is running will properly reenable the
      timer.
      
      More info at https://bugzilla.redhat.com/show_bug.cgi?id=624252
      1dd5c7f2
    • D
      Refactor the security drivers to simplify usage · d6623003
      Daniel P. Berrange 提交于
      The current security driver usage requires horrible code like
      
          if (driver->securityDriver &&
              driver->securityDriver->domainSetSecurityHostdevLabel &&
              driver->securityDriver->domainSetSecurityHostdevLabel(driver->securityDriver,
                                                                    vm, hostdev) < 0)
      
      This pair of checks for NULL clutters up the code, making the driver
      calls 2 lines longer than they really need to be. The goal of the
      patchset is to change the calling convention to simply
      
        if (virSecurityManagerSetHostdevLabel(driver->securityDriver,
                                              vm, hostdev) < 0)
      
      The first check for 'driver->securityDriver' being NULL is removed
      by introducing a 'no op' security driver that will always be present
      if no real driver is enabled. This guarentees driver->securityDriver
      != NULL.
      
      The second check for 'driver->securityDriver->domainSetSecurityHostdevLabel'
      being non-NULL is hidden in a new abstraction called virSecurityManager.
      This separates the driver callbacks, from main internal API. The addition
      of a virSecurityManager object, that is separate from the virSecurityDriver
      struct also allows for security drivers to carry state / configuration
      information directly. Thus the DAC/Stack drivers from src/qemu which
      used to pull config from 'struct qemud_driver' can now be moved into
      the 'src/security' directory and store their config directly.
      
      * src/qemu/qemu_conf.h, src/qemu/qemu_driver.c: Update to
        use new virSecurityManager APIs
      * src/qemu/qemu_security_dac.c,  src/qemu/qemu_security_dac.h
        src/qemu/qemu_security_stacked.c, src/qemu/qemu_security_stacked.h:
        Move into src/security directory
      * src/security/security_stack.c, src/security/security_stack.h,
        src/security/security_dac.c, src/security/security_dac.h: Generic
        versions of previous QEMU specific drivers
      * src/security/security_apparmor.c, src/security/security_apparmor.h,
        src/security/security_driver.c, src/security/security_driver.h,
        src/security/security_selinux.c, src/security/security_selinux.h:
        Update to take virSecurityManagerPtr object as the first param
        in all callbacks
      * src/security/security_nop.c, src/security/security_nop.h: Stub
        implementation of all security driver APIs.
      * src/security/security_manager.h, src/security/security_manager.c:
        New internal API for invoking security drivers
      * src/libvirt.c: Add missing debug for security APIs
      d6623003
    • O
      conf: Report error if invalid type specified for character device · 92d65301
      Osier Yang 提交于
      If invalid type is specified, e.g.
      <serial type='foo'>
          <target port='0'/>
      </serial>
      
      We replace 'foo' with "null" type implicitly, without reporting an
      error message to tell the user, and "start" or "edit" the domain
      will be success.
      
      It's not good to guess what the user wants, This patch is to fix
      the problem.
      
      * src/conf/domain_conf.c
      92d65301
  2. 08 1月, 2011 1 次提交
  3. 07 1月, 2011 4 次提交
  4. 06 1月, 2011 5 次提交
    • K
      bridge: Fix generation of dnsmasq's --dhcp-hostsfile option · a43c7338
      Kay Schubert 提交于
      I added a host definition to a network definition:
      
      <network>
        <name>Lokal</name>
        <uuid>2074f379-b82c-423f-9ada-305d8088daaa</uuid>
        <bridge name='virbr1' stp='on' delay='0' />
        <ip address='192.168.180.1' netmask='255.255.255.0'>
          <dhcp>
            <range start='192.168.180.128' end='192.168.180.254' />
            <host mac='23:74:00:03:42:02' name='somevm' ip='192.168.180.10' />
          </dhcp>
        </ip>
      </network>
      
      But due to the wrong if-statement the argument --dhcp-hostsfile doesn't get
      added to the dnsmasq command. The patch below fixes it for me.
      a43c7338
    • J
      qemu: Fix bogus warning about uninitialized saveptr · 4684f478
      Jiri Denemark 提交于
      The warning is bogus since strtok_r doesn't use the value when it's
      first called and initializes it for the following calls.
      4684f478
    • L
      Don't chown qemu saved image back to root after save if dynamic_ownership=0 · a691cb88
      Laine Stump 提交于
      When dynamic_ownership=0, saved images must be owned by the same uid
      as is used to run the qemu process, otherwise restore won't work. To
      accomplish this, qemuSecurityDACRestoreSavedStateLabel() needs to
      simply return when it's called.
      
      This fix is in response to:
      
        https://bugzilla.redhat.com/show_bug.cgi?id=661720
      a691cb88
    • L
      Log an error on attempts to add a NAT rule for non-IPv4 addresses · cd6a8f9c
      Laine Stump 提交于
      Although the upper-layer code protected against it, it was possible to
      call iptablesForwardMasquerade() with an IPv6 address and have it
      attempt to add a rule to the MASQUERADE chain of ip6tables (which
      doesn't exist).
      
      This patch changes that function to check the protocol of the given
      address, generate an error log if it's not IPv4 (AF_INET), and finally
      hardcodes all the family parameters sent down to lower-level functions.
      cd6a8f9c
    • L
      Improve error reporting when parsing dhcp info for virtual networks · 6741ca36
      Laine Stump 提交于
      This is partially in response to
      
        https://bugzilla.redhat.com/show_bug.cgi?id=653300
      
      The crash in that report was coincidentally fixed when we switched
      from using inet_pton() to using virSocketParseAddr(), but the absence
      of an ip address in a dhcp static host definition was still silently
      ignored (and that entry discarded from the saved XML). This patch
      turns that into a logged failure; likewise if the entry has neither a
      mac address nor a name attribute (the entry is useless without at
      least one of those, plus an ip address).
      
      Since the network name is now pulled into this function in order for
      those error logs to be more informative, the other error messages in
      the function have also been changed to take advantage.
      6741ca36
  5. 05 1月, 2011 1 次提交
    • S
      qemu driver: fix positioning to end of log file · 0922ff2f
      Stefan Berger 提交于
      While doing some testing with Qemu and creating huge logfiles I encountered the case where the VM could not start anymore due to the lseek() to the end of the Qemu VM's log file failing. The patch below fixes the problem by replacing the previously used 'int' with 'off_t'.
      
      To reproduce this error, you could do the following:
      
      dd if=/dev/zero of=/var/log/libvirt/qemu/<name of VM>.log bs=1024 count=$((1024*2048))
      
      and you should get an error like this:
      
      error: Failed to start domain <name of VM>
      error: Unable to seek to -2147482651 in /var/log/libvirt/qemu/<name of VM>.log: Success
      0922ff2f
  6. 04 1月, 2011 3 次提交
    • E
      build: avoid compilation warnings · c685993d
      Eric Blake 提交于
      Detected on cygwin:
      util/util.c: In function 'virSetUIDGID':
      util/util.c:2824: warning: format '%d' expects type 'int', but argument 7 has type 'gid_t' [-Wformat]
      (and three other lines)
      
      * src/util/util.c (virSetUIDGID): Cast, as is done elsewhere in
      this file, to avoid printf type mismatch warnings.
      c685993d
    • H
      threadpool: allow NULL jobdata · b2dbc160
      Hu Tao 提交于
      Don't require non-null jobdata to virThreadPoolSendJob().
      b2dbc160
    • C
      node_device: udev driver does not handle SR-IOV devices · 51798a5d
      Chris Wright 提交于
      The udev driver does not update a PCI device with its SR-IOV capabilities,
      when applicable, the way the hal driver does.  As a result, dumping the
      device's XML will not include the relevant physical or virtual function
      information.
      
      With this patch, the XML is correct:
      
      # virsh nodedev-dumpxml pci_0000_09_00_0
      <device>
        <name>pci_0000_09_00_0</name>
        <parent>pci_0000_00_1c_0</parent>
        <driver>
          <name>vxge</name>
        </driver>
        <capability type='pci'>
          <domain>0</domain>
          <bus>9</bus>
          <slot>0</slot>
          <function>0</function>
          <product id='0x5833'>X3100 Series 10 Gigabit Ethernet PCIe</product>
          <vendor id='0x17d5'>Neterion Inc.</vendor>
          <capability type='virt_functions'>
            <address domain='0x0000' bus='0x0a' slot='0x00' function='0x1'/>
            <address domain='0x0000' bus='0x0a' slot='0x00' function='0x2'/>
            <address domain='0x0000' bus='0x0a' slot='0x00' function='0x3'/>
          </capability>
        </capability>
      </device>
      
      # virsh nodedev-dumpxml pci_0000_0a_00_1
      <device>
        <name>pci_0000_0a_00_1</name>
        <parent>pci_0000_00_1c_0</parent>
        <driver>
          <name>vxge</name>
        </driver>
        <capability type='pci'>
          <domain>0</domain>
          <bus>10</bus>
          <slot>0</slot>
          <function>1</function>
          <product id='0x5833'>X3100 Series 10 Gigabit Ethernet PCIe</product>
          <vendor id='0x17d5'>Neterion Inc.</vendor>
          <capability type='phys_function'>
            <address domain='0x0000' bus='0x09' slot='0x00' function='0x0'/>
          </capability>
        </capability>
      </device>
      
      Cc: Dave Allan <dallan@redhat.com>
      Signed-off-by: NChris Wright <chrisw@redhat.com>
      51798a5d
  7. 01 1月, 2011 4 次提交
    • E
      virExec: fix logic bug · e80ed3fd
      Eric Blake 提交于
      As pointed out in https://bugzilla.redhat.com/show_bug.cgi?id=659855#c9,
      commit c3568ec2 introduced a regression where we no longer close any
      fd's beyond FD_SETSIZE.
      
      * src/util/util.c (__virExec): Continue to close fd's beyond
      keepfd range.
      Reported by Stefan Praszalowicz.
      e80ed3fd
    • L
      Improve virSocketAddrMask[ByPrefix] API · 77094eaf
      Laine Stump 提交于
      The original version of these functions would modify the address sent
      in, meaning that the caller would usually need to copy the address
      first. This change makes the original a const, and puts the resulting
      masked address into a new arg (which could point to the same
      virSocketAddr as the original, if the caller really wants to modify
      it).
      
      This also makes the API consistent with virSocketAddrBroadcast[ByPrefix].
      77094eaf
    • L
      Set broadcast address for IPv4 addresses on virtual network bridges · 2eeeb601
      Laine Stump 提交于
      Previously we used ioctl() to set the IP address and netmask of the
      bridges used for virtual networks, and apparently the SIOCSIFNETMASK
      ioctl implicitly set the broadcast address for the interface. The new
      method of using the "ip" command requires broadcast address to be
      explicitly specified though.
      2eeeb601
    • L
      Utility functions to produce an IPv4 broadcast address · 86387878
      Laine Stump 提交于
      These functions work only for IPv4, becasue IPv6 doesn't have the same
      concept of "broadcast address" as IPv4. They merely OR the inverse of
      the netmask with the given host address, thus turning on all the host
      bits.
      86387878
  8. 30 12月, 2010 1 次提交
  9. 28 12月, 2010 3 次提交
    • M
      vbox: Add support for VirtualBox 4.0 · 8d2e24d6
      Matthias Bolte 提交于
      Add vboxArrayGetWithUintArg to handle new signature variations. Also
      refactor vboxArrayGet* implementation to use a common helper function.
      
      Deal with the incompatible changes in the VirtualBox 4.0 API. This
      includes major changes in virtual machine and storage medium lookup,
      in RDP server property handling, in session/lock handling and other
      minor areas.
      
      VirtualBox 4.0 also dropped the old event API and replaced it with a
      completely new one. This is not fixed yet and will be addressed in
      another patch. Therefore, currently the domain events are supported
      for VirtualBox 3.x only.
      
      Based on initial work from Jean-Baptiste Rouault.
      8d2e24d6
    • M
      Fix misuse of VIR_ERR_INVALID_DOMAIN · c4ce8333
      Matthias Bolte 提交于
      VIR_ERR_INVALID_DOMAIN is meant for invalid domain pointers.
      VIR_ERR_NO_DOMAIN is meant for non-existing domains.
      c4ce8333
    • M
      vbox: Handle different IID representation in Version 2.2 on Windows · 30a13736
      Matthias Bolte 提交于
      On Windows IID's are represented as GUID by value, instead of nsID
      by reference on non-Windows platforms.
      
      Patch the vbox_CAPI_v2_2.h header to deal with this difference.
      
      Rewrite vboxIID abstraction that deals with the different IID
      representations. Add support for the GUID representation. Also unify
      the four context dependent free functions for vboxIIDs
      
        vboxIIDUnalloc, vboxIIDFree, vboxIIDUtf8Free, vboxIIDUtf16Free
      
      into vboxIIDUnalloc that is now safe to be called (even multiple
      times) on a vboxIID independent of the source and context of the
      vboxIID.
      
      The new vboxIID is designed to be used as a stack allocated variable.
      It has a value member that represents the actual IID value.
      30a13736
  10. 24 12月, 2010 14 次提交
    • E
      qemu: add -incoming fd:n capability checking · abff0290
      Eric Blake 提交于
      * src/qemu/qemu_capabilities.h (QEMUD_CMD_FLAG_MIGRATE_QEMU_FD):
      New enum value.
      * src/qemu/qemu_capabilities.c (qemuCapsComputeCmdFlags): Populate
      flags according to qemu version.
      * tests/qemuhelptest.c (mymain): Adjust test.
      abff0290
    • J
      bridge: Fix uninitialized variable · 0ecac8aa
      Jiri Denemark 提交于
      0ecac8aa
    • L
      Replace setuid/setgid/initgroups with virSetUIDGID() · f42cf7cb
      Laine Stump 提交于
      This patch fixes https://bugzilla.redhat.com/show_bug.cgi?id=664406
      
      If qemu is run as a different uid, it has been unable to access mode
      0660 files that are owned by a different user, but with a group that
      the qemu is a member of (aside from the one group listed in the passwd
      file), because initgroups() is not being called prior to the
      exec. initgroups will change the group membership of the process (and
      its children) to match the new uid.
      
      To make this happen, the setregid()/setreuid() code in
      qemuSecurityDACSetProcessLabel has been replaced with a call to
      virSetUIDGID(), which does both of those, plus calls initgroups.
      
      Similar, but not identical, code in qemudOpenAsUID() has been replaced
      with virSetUIDGID(). This not only consolidates the functionality to a
      single location, but also potentially fixes some as-yet unreported
      bugs.
      f42cf7cb
    • L
      new virSetUIDGID() utility function · d596c6dc
      Laine Stump 提交于
      virSetUIDGID() sets both the real and effective group and user of the
      process, and additionally calls initgroups() to assure that the
      process joins all the auxiliary groups that the given uid is a member
      of.
      d596c6dc
    • L
      Preserve errno across calls to error reporting functions & VIR_FREE · 17e19add
      Laine Stump 提交于
      There are cases when we want log an error message, and possibly free
      some memory as part of the cleanup, while still preserving errno for a
      caller, but the functions that log errors, and virFree (VIR_FREE) make
      system calls that will clear errno. This patch preserves errno during
      those most basic functions (corresponding to virReportSystemError(),
      virReportOOMError(), networkReportError(), etc, as well as
      virStrError()). It does *not preserve errno across calls to higher
      level items such as virDispatchError(), as it's assumed the caller is
      all finished with any need for errno by the time it dispatches the
      error.
      17e19add
    • L
      Run radvd for virtual networks with IPv6 addresses · 8090a568
      Laine Stump 提交于
      Running an instance of the router advertisement daemon (radvd) allows
      guests using the virtual network to automatically acquire an IPv6
      address and default route. Note that acquiring an address only works
      for networks with a prefix length of exactly 64 - radvd is still run
      in other circumstances, and still advertises routes, but autoconf will
      not work because it requires exactly 64 bits of address info from the
      network prefix.
      
      This patch avoids a race condition with the pidfile by manually
      daemonizing radvd rather than allowing it to daemonize itself, then
      creating our own pidfile (in addition to radvd's own file, which is
      unnecessary, but there is no way to tell radvd to not create it). This
      is accomplished by exec'ing it with "--debug 1" in the commandline,
      and using virCommand's features to fork, create a pidfile, and detach
      from the newly forked process.
      8090a568
    • L
      Turn on IPv6 support in the bridge_driver.c virtual network driver · 6ccce752
      Laine Stump 提交于
      At this point everything is already in place to make IPv6 happen, we just
      need to add a few rules, remove some checks for IPv4-only, and document
      the changes to the XML on the website.
      6ccce752
    • L
      Update iptables.c to also support ip6tables. · 537e65e7
      Laine Stump 提交于
      All of the iptables functions eventually call down to a single
      bottom-level function, and fortunately, ip6tables syntax (for all the
      args that we use) is identical to iptables format (except the
      addresses), so all we need to do is:
      
      1) Get an address family down to the lowest level function in each
         case, either implied through an address, or explicitly when no
         address is in the parameter list, and
      
      2) At the lowest level, just decide whether to call "iptables" or
         "ip6tables" based on the family.
      
      The location of the ip6tables binary is determined at build time by
      autoconf. If a particular target system happens to not have ip6tables
      installed, any attempts to run it will generate an error, but that
      won't happen unless someone tries to define an IPv6 address for a
      network. This is identical behavior to IPv4 addresses and iptables.
      537e65e7
    • L
      Support multiple IP addresses on one network in bridge_driver.c · ad48dfa1
      Laine Stump 提交于
      This patch reorganizes the code in bridge_driver.c to account for the
      concept of a single network with multiple IP addresses, without adding
      in the extra variable of IPv6. A small bit of code has been
      temporarily added that checks all given addresses to verify they are
      IPv4 - this will be removed when full IPv6 support is turned on.
      ad48dfa1
    • L
      Change virtual network XML parsing/formatting to support IPv6 · a950dd2a
      Laine Stump 提交于
      This commit adds support for IPv6 parsing and formatting to the
      virtual network XML parser, including moving around data definitions
      to allow for multiple <ip> elements on a single network, but only
      changes the consumers of this API to accommodate for the changes in
      API/structure, not to add any actual IPv6 functionality. That will
      come in a later patch - this patch attempts to maintain the same final
      functionality in both drivers that use the network XML parser - vbox
      and "bridge" (the Linux bridge-based driver used by the qemu
      hypervisor driver).
      
      * src/libvirt_private.syms: Add new private API functions.
      * src/conf/network_conf.[ch]: Change C data structure and
        parsing/formatting.
      * src/network/bridge_driver.c: Update to use new parser/formatter.
      * src/vbox/vbox_tmpl.c: update to use new parser/formatter
      * docs/schemas/network.rng: changes to the schema -
        * there can now be more than one <ip> element.
        * ip address is now an ip-addr (ipv4 or ipv6) rather than ipv4-addr
        * new optional "prefix" attribute that can be used in place of "netmask"
        * new optional "family" attribute - "ipv4" or "ipv6"
          (will default to ipv4)
        * define data types for the above
      * tests/networkxml2xml(in|out)/nat-network.xml: add multiple <ip> elements
        (including IPv6) to a single network definition to verify they are being
        correctly parsed and formatted.
      a950dd2a
    • L
      Replace brSetInetAddress/brSetInetNetmask with brAddInetAddress · 20718b8b
      Laine Stump 提交于
      brSetInetAddress can only set a single IP address on the bridge, and
      uses a method (ioctl(SIOCSETIFADDR)) that only works for IPv4. Replace
      it and brSetInetNetmask with a single function that uses the external
      "ip addr add" command to add an address/prefix to the interface - this
      supports IPv6, and allows adding multiple addresses to the interface.
      
      Although it isn't currently used in the code, we also add a
      brDelInetAddress for completeness' sake.
      
      Also, while we're modifying bridge.c, we change brSetForwardDelay and
      brSetEnableSTP to use the new virCommand API rather than the
      deprecated virRun, and also log an error message in bridge_driver.c if
      either of those fail (previously the failure would be completely
      silent).
      20718b8b
    • L
      Make virtual network netmasks optional · 4713f074
      Laine Stump 提交于
      When a netmask isn't specified for an IPv4 address, one can be implied
      based on what network class range the address is in. The
      virNetworkDefPrefix function does this for us, so netmask isn't
      required.
      4713f074
    • L
      Pass prefix rather than netmask into iptables functions · b23d417c
      Laine Stump 提交于
      IPv6 will use prefix exclusively, and IPv4 will also optionally be
      able to use it, and the iptables functions really need a prefix
      anyway, so use the new virNetworkDefPrefix() function to send prefixes
      into iptables functions instead of netmasks.
      
      Also, in a couple places where a netmask is actually needed, use the
      new private API function for it rather than getting it directly. This
      will allow for cases where no netmask or prefix is specified (it
      returns the default for the current class of network.)
      b23d417c
    • L
      Consistently return 0 on success, -1 on failure in bridge_driver.c · 6e3e6db1
      Laine Stump 提交于
      Some functions in this file were returning 1 on success and 0 on
      failure, and others were returning 0 on success and -1 on
      failure. Switch them all to return the libvirt-preferred 0/-1.
      6e3e6db1