1. 10 3月, 2011 5 次提交
    • E
      audit: also audit cgroup ACL permissions · 340ab27d
      Eric Blake 提交于
      * src/qemu/qemu_audit.h (qemuAuditCgroupMajor)
      (qemuAuditCgroupPath): Add parameter.
      * src/qemu/qemu_audit.c (qemuAuditCgroupMajor)
      (qemuAuditCgroupPath): Add 'acl=rwm' to cgroup audit entries.
      * src/qemu/qemu_cgroup.c: Update clients.
      * src/qemu/qemu_driver.c (qemudDomainSaveFlag): Likewise.
      340ab27d
    • E
      cgroup: allow fine-tuning of device ACL permissions · 5564c575
      Eric Blake 提交于
      Adding audit points showed that we were granting too much privilege
      to qemu; it should not need any mknod rights to recreate any
      devices.  On the other hand, lxc should have all device privileges.
      The solution is adding a flag parameter.
      
      This also lets us restrict write access to read-only disks.
      
      * src/util/cgroup.h (virCgroup*Device*): Adjust prototypes.
      * src/util/cgroup.c (virCgroupAllowDevice)
      (virCgroupAllowDeviceMajor, virCgroupAllowDevicePath)
      (virCgroupDenyDevice, virCgroupDenyDeviceMajor)
      (virCgroupDenyDevicePath): Add parameter.
      * src/qemu/qemu_driver.c (qemudDomainSaveFlag): Update clients.
      * src/lxc/lxc_controller.c (lxcSetContainerResources): Likewise.
      * src/qemu/qemu_cgroup.c: Likewise.
      (qemuSetupDiskPathAllow): Also, honor read-only disks.
      5564c575
    • E
      audit: rename remaining qemu audit functions · 48096a00
      Eric Blake 提交于
      Also add ATTRIBUTE_NONNULL markers.
      
      * src/qemu/qemu_audit.h: The pattern qemuDomainXXXAudit is
      inconsistent; prefer qemuAuditXXX instead.
      * src/qemu/qemu_audit.c: Reflect the renames.
      * src/qemu/qemu_driver.c: Likewise.
      * src/qemu/qemu_hotplug.c: Likewise.
      * src/qemu/qemu_migration.c: Likewise.
      * src/qemu/qemu_process.c: Likewise.
      48096a00
    • E
      audit: also audit cgroup controller path · f2512684
      Eric Blake 提交于
      Although the cgroup device ACL controller path can be worked out
      by researching the code, it is more efficient to include that
      information directly in the audit message.
      
      * src/util/cgroup.h (virCgroupPathOfController): New prototype.
      * src/util/cgroup.c (virCgroupPathOfController): Export.
      * src/libvirt_private.syms: Likewise.
      * src/qemu/qemu_audit.c (qemuAuditCgroup): Use it.
      f2512684
    • E
      audit: split cgroup audit types to allow more information · d04916fa
      Eric Blake 提交于
      Device names can be manipulated, so it is better to also log
      the major/minor device number corresponding to the cgroup ACL
      changes that libvirt made.  This required some refactoring
      of the relatively new qemu cgroup audit code.
      
      Also, qemuSetupChardevCgroup was only auditing on failure, not success.
      
      * src/qemu/qemu_audit.h (qemuDomainCgroupAudit): Delete.
      (qemuAuditCgroup, qemuAuditCgroupMajor, qemuAuditCgroupPath): New
      prototypes.
      * src/qemu/qemu_audit.c (qemuDomainCgroupAudit): Rename...
      (qemuAuditCgroup): ...and drop a parameter.
      (qemuAuditCgroupMajor, qemuAuditCgroupPath): New functions, to
      allow listing device major/minor in audit.
      (qemuAuditGetRdev): New helper function.
      * src/qemu/qemu_driver.c (qemudDomainSaveFlag): Adjust callers.
      * src/qemu/qemu_cgroup.c (qemuSetupDiskPathAllow)
      (qemuSetupHostUsbDeviceCgroup, qemuSetupCgroup)
      (qemuTeardownDiskPathDeny): Likewise.
      (qemuSetupChardevCgroup): Likewise, fixing missing audit.
      d04916fa
  2. 09 3月, 2011 15 次提交
  3. 08 3月, 2011 5 次提交
    • D
      Fix build on cygwin · d299e1d0
      Daniel Veillard 提交于
      Apparently some signals found on Unix are not exposed, this led
      to a compilation failure
      * src/util/logging.c: make code related to each signal dependant
        upon the definition of that signal
      d299e1d0
    • W
      support to detach USB disk · 0e29f711
      Wen Congyang 提交于
      Signed-off-by: NWen Congyang <wency@cn.fujitsu.com>
      0e29f711
    • W
      rename qemuDomainDetachSCSIDiskDevice to qemuDomainDetachDiskDevice · 8f338032
      Wen Congyang 提交于
      The way to detach a USB disk is the same as that to detach a SCSI
      disk. Rename this function and we can use it to detach a USB disk.
      Signed-off-by: NWen Congyang <wency@cn.fujitsu.com>
      8f338032
    • C
      qemu_hotplug: Reword error if spice password change not available · 56a4d812
      Cole Robinson 提交于
      Currently it sounds like spice is completely unsupported, which is
      confusing.
      56a4d812
    • W
      unlock eventLoop before calling callback function · ac9ee6b5
      Wen Congyang 提交于
      When I use newest libvirt to save a domain, libvirtd will be deadlock.
      Here is the output of gdb:
      (gdb) thread 3
      [Switching to thread 3 (Thread 0x7f972a1fc710 (LWP 30265))]#0  0x000000351fe0e034 in __lll_lock_wait () from /lib64/libpthread.so.0
      (gdb) bt
          at qemu/qemu_driver.c:2074
          ret=0x7f972a1fbbe0) at remote.c:2273
      (gdb) thread 7
      [Switching to thread 7 (Thread 0x7f9730bcd710 (LWP 30261))]#0  0x000000351fe0e034 in __lll_lock_wait () from /lib64/libpthread.so.0
      (gdb) bt
      (gdb) p *(virMutexPtr)0x6fdd60
      $2 = {lock = {__data = {__lock = 2, __count = 0, __owner = 30261, __nusers = 1, __kind = 0, __spins = 0, __list = {__prev = 0x0, __next = 0x0}},
          __size = "\002\000\000\000\000\000\000\000\065v\000\000\001", '\000' <repeats 26 times>, __align = 2}}
      (gdb) p *(virMutexPtr)0x1a63ac0
      $3 = {lock = {__data = {__lock = 2, __count = 0, __owner = 30265, __nusers = 1, __kind = 0, __spins = 0, __list = {__prev = 0x0, __next = 0x0}},
          __size = "\002\000\000\000\000\000\000\000\071v\000\000\001", '\000' <repeats 26 times>, __align = 2}}
      (gdb) info threads
        7 Thread 0x7f9730bcd710 (LWP 30261)  0x000000351fe0e034 in __lll_lock_wait () from /lib64/libpthread.so.0
        6 Thread 0x7f972bfff710 (LWP 30262)  0x000000351fe0b43c in pthread_cond_wait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0
        5 Thread 0x7f972b5fe710 (LWP 30263)  0x000000351fe0b43c in pthread_cond_wait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0
        4 Thread 0x7f972abfd710 (LWP 30264)  0x000000351fe0b43c in pthread_cond_wait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0
      * 3 Thread 0x7f972a1fc710 (LWP 30265)  0x000000351fe0e034 in __lll_lock_wait () from /lib64/libpthread.so.0
        2 Thread 0x7f97297fb710 (LWP 30266)  0x000000351fe0b43c in pthread_cond_wait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0
        1 Thread 0x7f9737aac800 (LWP 30260)  0x000000351fe0803d in pthread_join () from /lib64/libpthread.so.0
      
      The reason is that we will try to lock some object in callback function, and we may call event API with locking the same object.
      In the function virEventDispatchHandles(), we unlock eventLoop before calling callback function. I think we should
      do the same thing in the function virEventCleanupTimeouts() and virEventCleanupHandles().
      Signed-off-by: NWen Congyang <wency@cn.fujitsu.com>
      Signed-off-by: NEric Blake <eblake@redhat.com>
      ac9ee6b5
  4. 07 3月, 2011 4 次提交
    • D
      Expose event loop implementation as a public API · 2ed6cc7b
      Daniel P. Berrange 提交于
      Not all applications have an existing event loop they need
      to integrate with. Forcing them to implement the libvirt
      event loop integration APIs is an undue burden. This just
      exposes our simple poll() based implementation for apps
      to use. So instead of calling
      
         virEventRegister(....callbacks...)
      
      The app would call
      
         virEventRegisterDefaultImpl()
      
      And then have a thread somewhere calling
      
          static bool quit = false;
          ....
          while (!quit)
            virEventRunDefaultImpl()
      
      * daemon/libvirtd.c, tools/console.c,
        tools/virsh.c: Convert to public event loop APIs
      * include/libvirt/libvirt.h.in, src/libvirt_private.syms: Add
        virEventRegisterDefaultImpl and virEventRunDefaultImpl
      * src/util/event.c: Implement virEventRegisterDefaultImpl
        and virEventRunDefaultImpl using poll() event loop
      * src/util/event_poll.c: Add full error reporting
      * src/util/virterror.c, include/libvirt/virterror.h: Add
        VIR_FROM_EVENTS
      2ed6cc7b
    • D
      Move event code out of the daemon/ into src/util/ · 343eaa15
      Daniel P. Berrange 提交于
      The event loop implementation is used by more than just the
      daemon, so move it into the shared area.
      
      * daemon/event.c, src/util/event_poll.c: Renamed
      * daemon/event.h, src/util/event_poll.h: Renamed
      * tools/Makefile.am, tools/console.c, tools/virsh.c: Update
        to use new virEventPoll APIs
      * daemon/mdns.c, daemon/mdns.c, daemon/Makefile.am: Update
        to use new virEventPoll APIs
      343eaa15
    • D
      Convert daemon/virsh over to use primary event APIs, rather than impl · 5d2c045c
      Daniel P. Berrange 提交于
      The daemon code calls virEventAddHandleImpl directly instead
      of calling the wrapper virEventAddHandle.
      
      * tools/console.c, daemon/libvirtd.c, daemon/mdns.c: Convert to
        use primary event APIs
      5d2c045c
    • D
      Cleaning up some of the logging code · bcb40b85
      Daniel Veillard 提交于
      * src/util/logging.c: fix virLogDumpAllFD() to avoid snprintf, simplify
        the code and provide more useful signal descriptions. Also remove an
        unused variable.
      bcb40b85
  5. 06 3月, 2011 1 次提交
    • O
      qemu: Support vram for video of qxl type · 82dfc6f3
      Osier Yang 提交于
      For qemu names the primary vga as "qxl-vga":
      
        1) if vram is specified for 2nd qxl device:
      
          -vga qxl -global qxl-vga.vram_size=$SIZE \
          -device qxl,id=video1,vram_size=$SIZE,...
      
        2) if vram is not specified for 2nd qxl device, (use the default
           set by global):
      
          -vga qxl -global qxl-vga.vram_size=$SIZE \
          -device qxl,id=video1,...
      
      For qemu names all qxl devices as "qxl":
      
        1) if vram is specified for 2nd qxl device:
      
          -vga qxl -global qxl.vram_size=$SIZE \
          -device qxl,id=video1,vram_size=$SIZE ...
      
        2) if vram is not specified for 2nd qxl device:
      
          -vga qxl -global qxl-vga.vram_size=$SIZE \
          -device qxl,id=video1,...
      
      "-global" is the only way to define vram_size for the primary qxl
      device, regardless of how qemu names it, (It's not good a good
      way, as original idea of "-global" is to set a global default for
      a driver property, but to specify vram for first qxl device, we
      have to use it).
      
      For other qxl devices, as they are represented by "-device", could
      specify it directly and seperately for each, and it overrides the
      default set by "-global" if specified.
      
      v1 - v2:
        * modify "virDomainVideoDefaultRAM" so that it returns 16M as the
          default vram_size for qxl device.
      
        * vram_size * 1024 (qemu accepts bytes for vram_size).
      
        * apply default vram_size for qxl device for which vram_size is
          not specified.
      
        * modify "graphics-spice" tests (more sensiable vram_size)
      
        * Add an argument of virDomainDefPtr type for qemuBuildVideoDevStr,
          to use virDomainVideoDefaultRAM in qemuBuildVideoDevStr).
      
      v2 - v3:
        * Modify default video memory size for qxl device from 16M to 24M
      
        * Update codes to be consistent with changes on qemu_capabilities.*
      82dfc6f3
  6. 05 3月, 2011 1 次提交
  7. 04 3月, 2011 9 次提交
    • D
      Dump the debug buffer to libvirtd.log on fatal signal · a9f35c48
      Daniel Veillard 提交于
      In case of imminent crash or upon request (signal USR2),
      dump the logging buffer to the libvirtd.log file for
      post-mortem analysis
      * daemon/libvirtd.c: create a sig_fatal() handler connected to
        SIGFPE SIGSEGV SIGILL SIGABRT SIGBUS and SIGUSR2, just dumping
        the log buffer using virLogEmergencyDumpAll
      a9f35c48
    • D
      Add an an internal API for emergency dump of debug buffer · 398553c1
      Daniel Veillard 提交于
      virLogEmergencyDumpAll() allows to dump the content of the
      debug buffer from within a signal handler. It saves to all
      log file or stderr if none is found
      * src/util/logging.h src/util/logging.c: add the new API
        and cleanup the old virLogDump code
      * src/libvirt_private.syms: exports it as a private symbol
      398553c1
    • D
      Fix a counter bug in the log buffer · 35708ec1
      Daniel Veillard 提交于
      * src/util/logging.c: the start pointer need to wrap around too
      35708ec1
    • D
      Add logrotate support for libvirtd.log · e7aeed00
      Daniel Veillard 提交于
      As the file may grow quite a bit especially with debug turned on.
      * daemon/libvirtd.logrotate.in daemon/Makefile.am libvirt.spec.in:
        add new logrotate file for the daemon log
      e7aeed00
    • D
      Change default log policy to libvirtd.log instead of syslog · 8ddf6d1e
      Daniel Veillard 提交于
      Syslog is not the best place to go search for libvirt error
      logs, change it to a default file output libvirtd.log, but
      still keep standard error if not run as a daemon.
      Depending on whether it's run as root or user, the log is saved
      in the local state dir or in $HOME/.libvirt.
      * daemon/libvirtd.c: change default logging to go to libvirtd.log
      8ddf6d1e
    • D
      Force all logs to go to the round robbin memory buffer · 8b9a1190
      Daniel Veillard 提交于
      Initially only the log actually written out by libvirt were
      saved on the memory buffer, this patch forces all informations
      including info and debug to be saved in memory too. This is
      useful to get full data in case of crash.
      8b9a1190
    • L
      qemu: avoid corruption of domain hashtable and misuse of freed domains · f8ac6790
      Laine Stump 提交于
      This was also found while investigating
      
         https://bugzilla.redhat.com/show_bug.cgi?id=670848
      
      An EOF on a domain's monitor socket results in an event being queued
      to handle the EOF. The handler calls qemuProcessHandleMonitorEOF. If
      it is a transient domain, this leads to a call to
      virDomainRemoveInactive, which removes the domain from the driver's
      hashtable and unref's it. Nowhere in this code is the qemu driver lock
      acquired.
      
      However, all modifications to the driver's domain hashtable *must* be
      done while holding the driver lock, otherwise the hashtable can become
      corrupt, and (even more likely) another thread could call a different
      hashtable function and acquire a pointer to the domain that is in the
      process of being destroyed.
      
      To prevent such a disaster, qemuProcessHandleMonitorEOF must get the
      qemu driver lock *before* it gets the DomainObj's lock, and hold it
      until it is finished with the DomainObj. This guarantees that nobody
      else modifies the hashtable at the same time, and that anyone who had
      already gotten the DomainObj from the hashtable prior to this call has
      finished with it before we remove/destroy it.
      f8ac6790
    • L
      qemu: Add missing lock of virDomainObj before calling virDomainUnref · e570ca12
      Laine Stump 提交于
      This was found while researching the root cause of:
      
      https://bugzilla.redhat.com/show_bug.cgi?id=670848
      
      virDomainUnref should only be called with the lock held for the
      virDomainObj in question. However, when a transient qemu domain gets
      EOF on its monitor socket, it queues an event which frees the monitor,
      which unref's the virDomainObj without first locking it. If another
      thread has already locked the virDomainObj, the modification of the
      refcount could potentially be corrupted. In an extreme case, it could
      also be potentially unlocked by virDomainObjFree, thus left open to
      modification by anyone else who would have otherwise waited for the
      lock (not to mention the fact that they would be accessing freed
      data!).
      
      The solution is to have qemuMonitorFree lock the domain object right
      before unrefing it. Since the caller to qemuMonitorFree doesn't expect
      this lock to be held, if the refcount doesn't go all the way to 0,
      qemuMonitorFree must unlock it after the unref.
      e570ca12
    • K
      AUTHORS: adjust to preferred spelling · 65fca8fe
      KAMEZAWA Hiroyuki 提交于
      maybe sounds strange but I've used this signature for years.
      see http://en.wikipedia.org/wiki/Family_name
      65fca8fe