1. 30 8月, 2012 9 次提交
    • P
      qemu: Fix possible infinite loop and segfault on error path. · 40dfb525
      Peter Krempa 提交于
      virDomainVcpuPinDefCopy when the control flow reaches out of memory
      cleanup code, the flow would end in a infinite loop as the loop variable
      wasn't decremented.
      
      Also a dereference of NULL pointers was possible if allocation of the
      Vcpu pinning definiton structure failed.
      40dfb525
    • P
      qemu: Clean up security driver initialisation and config file · 46514ff7
      Peter Krempa 提交于
      Commit d0c0e79a left behind some dead
      code (hasDAC can't be efectively set to true, because
      virSecurityManagerNew fails to load the "dac" driver).
      
      This patch also enhances the condition for adding the default
      auto-detected security manager if the manager array is allocated but
      empty.
      
      Also the configuration file for qemu driver still contains reference to
      the DAC driver that can't be enabled manualy.
      46514ff7
    • J
      qemu: Revert to blocking behavior of qemuAgentCommand · 7444ccce
      Jiri Denemark 提交于
      Before commit 05447e3a, qemuAgentCommand
      blocked until it got a reply or appropriate event. When new parameter
      was added to qemuAgentCommand in the above commit, all existing callers
      of it were updated in a wrong way changing them from blocking to
      5-seconds timeout.
      7444ccce
    • J
      qemu: Remove redundant parameter from qemuAgentSend · e360a960
      Jiri Denemark 提交于
      The @timeout parameter of qemuAgentSend is both redundant and confusing.
      This patch should not result in any functional changes.
      e360a960
    • L
      network: get vlan info for Open vSwitch interfaces from proper source · b3bd5d6c
      Laine Stump 提交于
      This bug was revealed by the crash described in
      
        https://bugzilla.redhat.com/show_bug.cgi?id=852383
      
      The vlan info pointer sent to virNetDevOpenvswitchAddPort should never
      be non-NULL unless there is at least one tag. The factthat such a vlan
      info pointer was receveid pointed out that a caller was passing the
      wrong pointer. Instead of sending &net->vlan, the result of
      virDomainNetGetActualVlan(net) should be sent - that function will
      look for vlan info in net->data.network.actual->vlan, and in cany case
      return NULL instead of a pointer if the vlan info it finds has no
      tags.
      
      Aside from causing the crash, sending a hardcoded &net->vlan has the
      effect of ignoring vlan info from a <network> or <portgroup> config.
      b3bd5d6c
    • D
      Small cleanup on previous patch · 3219cc32
      Daniel Veillard 提交于
      As pointed by Eric Blake
      3219cc32
    • K
      Fix a crash when using Open vSwitch virtual ports · 5e465df6
      Kyle Mestery 提交于
      Fixup buffer usage when handling VLANs. Also fix the logic
      used to determine if the virNetDevVlanPtr is valid or not.
      Fixes crashes in the latest code when using Open vSwitch
      virtualports.
      Signed-off-by: NKyle Mestery <kmestery@cisco.com>
      5e465df6
    • O
      qemu: Sort the numa params only when it affects the live config · 20b780ae
      Osier Yang 提交于
      As the next boot doesn't have to worry about the previous numa
      params setting (there is no).
      20b780ae
    • D
      Fix configuration of QEMU security drivers · d0c0e79a
      Daniel P. Berrange 提交于
      If no 'security_driver' config option was set, then the code
      just loaded the 'dac' security driver. This is a regression
      on previous behaviour, where we would probe for a possible
      security driver. ie default to SELinux if available.
      
      This changes things so that it 'security_driver' is not set,
      we once again do probing. For simplicity we also always
      create the stack driver, even if there is only one driver
      active.
      
      The desired semantics are:
      
       - security_driver not set
           -> probe for selinux/apparmour/nop
           -> auto-add DAC driver
       - security_driver set to a string
           -> add that one driver
           -> auto-add DAC driver
       - security_driver set to a list
           -> add all drivers in list
           -> auto-add DAC driver
      
      It is not allowed, or possible to specify 'dac' in the
      security_driver config param, since that is always
      enabled.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      d0c0e79a
  2. 29 8月, 2012 12 次提交
  3. 28 8月, 2012 6 次提交
    • O
      conf: Fix the problem which cause libvirtd to crash · a22909d5
      Osier Yang 提交于
      * src/conf/domain_conf.c: Use STREQ_NULLABLE instead of STREQ,
      as def->seclables[i]->model could be NULL.
      a22909d5
    • M
      build: define 'inline' iff HAVE_LIBNL1 · 500c2468
      Michal Privoznik 提交于
      Previous commit 0b4b53bb defined 'inline' to prevent broken build on
      systems with libnl1 headers. However, it broke build on systems with
      libnl3 headers. Therefore we must make that fix conditional.
      500c2468
    • E
      build: work with older libnl1 headers · 0b4b53bb
      Eric Blake 提交于
      Ubuntu 10.04 shipped with out-of-the-box libnl1 headers, which
      assumed the old gcc semantics of 'extern inline' as a C89 extension:
      the function will _always_ be inline if it is used, and that
      it may be declared extern inline in headers without a definition,
      as long as the definition occurs before any use.  But when C99
      added 'extern inline' as a mandatory feature of the language, with
      slightly different semantics than gcc (the function MUST have
      external linkage, and the inline definition MUST be present
      alongside any declaration, where the compiler can then choose
      which of the two versions to use), this rendered the use of
      'inline' in libnl's header obsolete.  Most distros already solved
      this by removing 'inline' (the resulting 'extern' is correct,
      regardless of gcc semantics), and libnl-3 does not have the
      problem (where it has switched to 'static inline' instead, again
      with the definition present, and again, our hack will result in
      plain 'static' with no ill effects).  But for the case of building
      out of the box, we hack around the broken Ubuntu header.
      
      * src/util/virnetlink.h: Work around libnl issue.
      0b4b53bb
    • M
      qemu: Fix define logic · 9eee40cc
      Michal Privoznik 提交于
      With current flow in qemudDomainDefine we might lose data
      when updating an existing domain. We parse given XML and
      overwrite the configuration.  Then we try to save the new
      config. However, this step may fail and we don't perform any
      roll back.  In fact, we remove the domain from the list of
      domains held up by qemu driver. This is okay as long as the
      domain was brand new one.
      9eee40cc
    • M
      qemu_agent: Switch to virReportSystemError() on system error · 3e0cc630
      Michal Privoznik 提交于
      Currently, if a syscall in qemu_agent.c fails we report an internal
      error even though we should be reporting a system error.
      3e0cc630
    • M
      Introduce new VIR_ERR_AGENT_UNRESPONSIVE error code · aa3e8bd4
      Michal Privoznik 提交于
      Currently, when guest agent is configured but not responsive
      (e.g. due to appropriate service not running in the guest)
      we return VIR_ERR_INTERNAL_ERROR. Both are wrong. Therefore
      we need to introduce new error code to reflect this case.
      aa3e8bd4
  4. 27 8月, 2012 5 次提交
    • J
      conf: prevent NULL pointer access in virSecurityLabelDefsParseXML · 1fe6d219
      Ján Tomko 提交于
      When checking for seclabels without security models, def->nseclabels is
      already set to n. In the case of an error def->seclabels is freed but
      nseclabels is left untouched. This leads to a segmentation fault when
      def is freed in virDomainDefParseXML.
      1fe6d219
    • M
      qemu: Switch to unified func name · 661d7fb4
      Michal Privoznik 提交于
      With the latest patches libvirt supports qemu agent monitor
      passthrough. However, function in qemu driver is called
      qemuDrvDomainAgentCommand. s/Drv// as used in all other names.
      661d7fb4
    • G
      rpc: fix segmentation fault caused by null client-sock · 2b8624dd
      Guannan Ren 提交于
      The client-sock could have been set to NULL by eventloop thread
      after async event fired.
      2b8624dd
    • M
      qemu: fix regression with spice tls port allocation · 340196c4
      Martin Kletzander 提交于
      In my quest for reusing variables I failed to edit one variable when
      fixing details between two patch versions. That results in a failure
      to start qemu with autoport and spice tls, because qemu is trying to
      bind two sockets to the same port.
      340196c4
    • M
      qemu: fix regression with pinning · 16ebec2b
      Martin Kletzander 提交于
      Commit 4b03d591 changed the pinning
      behavior in a way that makes some machines non-startable.
      
      The comment mentioning that we cannot control each vcpu when there is
      not VCPU<-> PID mapping available is true, however, this isn't
      necessarily an error, because this can be caused by old QEMU without
      support for "query-cpus" command as well as a software emulated
      machines that don't create more than one process.
      16ebec2b
  5. 26 8月, 2012 1 次提交
    • L
      build: add LIBNL_CFLAGS to build of libvirt_lxc · 9cb9cbee
      Laine Stump 提交于
      When libvirt_lxc is built, it uses the utility library and #includes
      virnetdev.h, which #includes virnetlink.h, which includes
      <netlink/msg.h>.
      
      Normally, the netlink include directory would be just off
      /usr/include, so that wouldn't create a problem, but on Fedora and
      RHEL systems using libnl3, the libnl includes have been moved into
      /usr/include/libnl3 (to allow concurrent installation of libnl-1.1).
      
      All other binaries that need it have added $(LIBNL_CFLAGS) to their
      CFLAGS, but not libvirt_lxc, so it fails to build on Fedora and RHEL
      that have only libnl3-devel installed. This was previously unnoticed
      because everyone was building with libnl headers in
      /usr/include/netlink (even on systems with the headers in
      /usr/include/libnl3/netlink, many people (like me) usually also have
      the libnl1.1 headers in /usr/include/netlink).
      
      This patch adds the necessary CFLAGS for libvirt_lxc.
      
      Note that we don't need to add $(LIBNL_LIBS) to the LDADD for this
      binary, because it never directly calls libnl functions, but only
      calls them indirectly through the util library, which it's already
      linking against.
      9cb9cbee
  6. 24 8月, 2012 7 次提交
    • E
      snapshot: rename an enum · 1385c9cd
      Eric Blake 提交于
      The name 'virDomainDiskSnapshot' didn't fit in with our normal
      conventions of using a prefix hinting that it is related to a
      virDomainSnapshotPtr.  Also, a future patch will reuse the
      enum for declaring where the VM memory is stored.
      
      * src/conf/snapshot_conf.h (virDomainDiskSnapshot): Rename...
      (virDomainSnapshotLocation): ...to this.
      (_virDomainSnapshotDiskDef): Update clients.
      * src/conf/domain_conf.h (_virDomainDiskDef): Likewise.
      * src/libvirt_private.syms (domain_conf.h): Likewise.
      * src/conf/domain_conf.c (virDomainDiskDefParseXML)
      (virDomainDiskDefFormat): Likewise.
      * src/conf/snapshot_conf.c: (virDomainSnapshotDiskDefParseXML)
      (virDomainSnapshotAlignDisks, virDomainSnapshotDefFormat):
      Likewise.
      * src/qemu/qemu_driver.c (qemuDomainSnapshotDiskPrepare)
      (qemuDomainSnapshotCreateSingleDiskActive)
      (qemuDomainSnapshotCreateDiskActive, qemuDomainSnapshotCreateXML):
      Likewise.
      1385c9cd
    • E
      snapshot: split snapshot conf code into own file · 6478ec16
      Eric Blake 提交于
      This has several benefits:
      1. Future snapshot-related code has a definite place to go (and I
      _will_ be adding some)
      2. Snapshot errors now use the VIR_FROM_DOMAIN_SNAPSHOT error
      classification, which has been underutilized (previously only in
      libvirt.c)
      
      * src/conf/domain_conf.h, domain_conf.c: Split...
      * src/conf/snapshot_conf.h, snapshot_conf.c: ...into new files.
      * src/Makefile.am (DOMAIN_CONF_SOURCES): Build new files.
      * po/POTFILES.in: Mark new file for translation.
      * src/vbox/vbox_tmpl.c: Update caller.
      * src/esx/esx_driver.c: Likewise.
      * src/qemu/qemu_command.c: Likewise.
      * src/qemu/qemu_domain.h: Likewise.
      6478ec16
    • E
      snapshot: make virDomainSnapshotObjList opaque · 3211deba
      Eric Blake 提交于
      We were failing to react to allocation failure when initializing
      a snapshot object list.  Changing things to store a pointer
      instead of a complete object adds one more possible point of
      allocation failure, but at the same time, will make it easier to
      react to failure now, as well as making it easier for a future
      patch to split all virDomainSnapshotPtr handling into a separate
      file, as I continue to add even more snapshot code.
      
      Luckily, there was only one client outside of domain_conf.c that
      was actually peeking inside the object, and a new wrapper function
      was easy.
      
      * src/conf/domain_conf.h (_virDomainObj): Use a pointer.
      (virDomainSnapshotObjListInit): Rename.
      (virDomainSnapshotObjListFree, virDomainSnapshotForEach): New
      declarations.
      (_virDomainSnapshotObjList): Move definitions...
      * src/conf/domain_conf.c: ...here.
      (virDomainSnapshotObjListInit, virDomainSnapshotObjListDeinit):
      Rename...
      (virDomainSnapshotObjListNew, virDomainSnapshotObjListFree): ...to
      these.
      (virDomainSnapshotForEach): New function.
      (virDomainObjDispose, virDomainListPopulate): Adjust callers.
      * src/qemu/qemu_domain.c (qemuDomainSnapshotDiscard)
      (qemuDomainSnapshotDiscardAllMetadata): Likewise.
      * src/qemu/qemu_migration.c (qemuMigrationIsAllowed): Likewise.
      * src/qemu/qemu_driver.c (qemuDomainSnapshotLoad)
      (qemuDomainUndefineFlags, qemuDomainSnapshotCreateXML)
      (qemuDomainSnapshotListNames, qemuDomainSnapshotNum)
      (qemuDomainListAllSnapshots)
      (qemuDomainSnapshotListChildrenNames)
      (qemuDomainSnapshotNumChildren)
      (qemuDomainSnapshotListAllChildren)
      (qemuDomainSnapshotLookupByName, qemuDomainSnapshotGetParent)
      (qemuDomainSnapshotGetXMLDesc, qemuDomainSnapshotIsCurrent)
      (qemuDomainSnapshotHasMetadata, qemuDomainRevertToSnapshot)
      (qemuDomainSnapshotDelete): Likewise.
      * src/libvirt_private.syms (domain_conf.h): Export new function.
      3211deba
    • P
      xen-xs: fix uuid of renamed domain · fbe7a883
      Philipp Hahn 提交于
      When the XenStore tdb lives persistently and is not cleared between host
      reboots, Xend (version 3.4 and 4.1) re-creates the domain information
      located in XenStore below /vm/$UUID. (According to the xen-3.2-commit
      hg265950e3df69 to fix a problem when locally migrating a domain to the
      host itself.)
      
      When doing so a version number is added to the UUID separated by one
      dash, which confuses xenStoreDomainIntroduced(): It iterates over all
      domains and tries to lookup all inactive domains using
      xenStoreDomainGetUUID(), which fails if the running domain is renamed:
      virUUIDParse() fails to parse the versioned UUID and the domain is
      flagged as missing. When this happens the function delays .2s and
      re-tries 20 times again, multiplied by the number of renamed VMs.
        14:48:38.878: 4285: debug : xenStoreDomainIntroduced:1354 : Some domains were missing, trying again
      
      This adds a significant delay:
        # time virsh list >/dev/null
        real    0m6.529s
        # xenstore-list /vm
        00000000-0000-0000-0000-000000000000
        00000000-0000-0000-0000-000000000000-1
        00000000-0000-0000-0000-000000000000-2
        00000000-0000-0000-0000-000000000000-3
        00000000-0000-0000-0000-000000000000-4
        00000000-0000-0000-0000-000000000000-5
        7c06121e-90c3-93d4-0126-50481d485cca
        00000000-0000-0000-0000-000000000000-6
        00000000-0000-0000-0000-000000000000-7
        144ad19d-dfb4-2f80-8045-09196bb8784f
        00000000-0000-0000-0000-000000000000-8
        144ad19d-dfb4-2f80-8045-09196bb8784f-1
        00000000-0000-0000-0000-000000000000-9
        00000000-0000-0000-0000-000000000000-10
        00000000-0000-0000-0000-000000000000-11
        00000000-0000-0000-0000-000000000000-12
        00000000-0000-0000-0000-000000000000-13
        00000000-0000-0000-0000-000000000000-14
        144ad19d-dfb4-2f80-8045-09196bb8784f-2
        00000000-0000-0000-0000-000000000000-15
        144ad19d-dfb4-2f80-8045-09196bb8784f-3
        00000000-0000-0000-0000-000000000000-16
      
      The patch adds truncation of the UUID as read from the XenStore path
      before passing it to virUUIDParse().
      
      The same issue is reported at
      <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=666135>
      Signed-off-by: NPhilipp Hahn <hahn@univention.de>
      fbe7a883
    • M
      conf: Don't always require security/@model · 0ee655f5
      Michal Privoznik 提交于
      Only parse model, if static labelling, or
      a base label is set, or doing active XML.
      0ee655f5
    • M
      security: Add DAC to security_drivers · 9f9b7b85
      Michal Privoznik 提交于
      Currently, if users set 'security_driver="dac"' in qemu.conf libvirtd
      fails to initialize as DAC driver is not found because it is missing
      in our security drivers array.
      9f9b7b85
    • L
      nwfilter: don't log error if firewalld is disabled, improve diagnostics · e1602a76
      Laine Stump 提交于
      The original patch to support firewalld in nwfilter wasn't personally
      checking the exit status of firewall-cmd, but was instead sending NULL
      in the *exitstatus arg, which meant that virCommandWait would log an
      error just for the exit status being non-0 (and a "more scary than
      useful" error at that).
      
      We don't want to treat this as an error, though, just as a reason to
      use standard (ip|eb)tables commands instead of firewall-cmd.
      
      This patch modifies the virCommandRun in the nwfilter code to request
      status back from the caller. This avoids virCommandWait logging an
      error message, and allows the caller to do as it likes after examining
      the status.
      
      The VIR_DEBUG() logged when firewalld is enabled has also been
      reworded and changed to a VIR_INFO, and a similar VIR_INFO has been
      added in the case that firewalld is *not* found+enabled.
      e1602a76