1. 03 9月, 2015 1 次提交
    • J
      virfile: Introduce virFileUnlink · 7f050570
      John Ferlan 提交于
      In an NFS root-squashed environment the 'vol-delete' command will fail to
      'unlink' the target volume since it was created under a different uid:gid.
      
      This code continues the concepts introduced in virFileOpenForked and
      virDirCreate[NoFork] with respect to running the unlink command under
      the uid/gid of the child. Unlike the other two, don't retry on EACCES
      (that's why we're here doing this now).
      
      (cherry picked from commit 35847860)
      7f050570
  2. 26 5月, 2015 1 次提交
  3. 20 5月, 2015 2 次提交
  4. 05 5月, 2015 2 次提交
    • C
      storage: fs: Don't try to chown directory unless user requested · 28c547ed
      Cole Robinson 提交于
      Currently we try to chown any directory passed to virDirCreate,
      even if the user didn't request any explicit owner/group via the
      pool/vol XML.
      
      This causes issues with qemu:///session: try to build a pool of
      a root owned directory like /tmp, and it fails trying to chown the
      directory to the session user. Instead it should just leave things
      as they are, unless the user requests changing permissions via
      the pool XML.
      
      Similarly this is annoying if creating a storage pool via system
      libvirtd of an existing directory in user $HOME, it's now owned
      by root.
      
      The virDirCreate function is pretty convoluted, since it needs to
      fork off in certain specific cases. Try to document that, to make
      it clear where exactly we are changing behavior.
      28c547ed
    • C
      storage: fs: Don't attempt directory creation if it already exists · 262b3c05
      Cole Robinson 提交于
      The current code attempts to handle this, but it only catches mkdir
      failing with EEXIST. However if say trying to build /tmp for an
      unprivileged qemu:///session, mkdir will fail with EPERM.
      
      Rather than catch any errors, just don't attempt mkdir if the directory
      already exists.
      262b3c05
  5. 09 4月, 2015 1 次提交
  6. 19 2月, 2015 1 次提交
    • J
      Search for schemas and cpu_map.xml in source tree · bc6e2063
      Jiri Denemark 提交于
      Not all files we want to find using virFileFindResource{,Full} are
      generated when libvirt is built, some of them (such as RNG schemas) are
      distributed with sources. The current API was not able to find source
      files if libvirt was built in VPATH.
      
      Both RNG schemas and cpu_map.xml are distributed in source tarball.
      Signed-off-by: NJiri Denemark <jdenemar@redhat.com>
      bc6e2063
  7. 11 2月, 2015 1 次提交
    • J
      virfile: Adjust error path for virFileOpenForked · 92d9114e
      John Ferlan 提交于
      Rather than have a dummy waitpid loop and return of the failure status
      from recvfd, adjust the logic to save the recvfd error & fd and then
      in priority order:
      
      - if waitpid failed, use that errno value
      - waitpid succeeded, but if the child exited abnormally, report failure
      (use EACCES to report as return failure, since either EACCES or EPERM is
      what caused us to fall into the fork+setuid path)
      - waitpid succeeded, but if the child reported non-zero status, report
      failure (use the errno value that the child encoded into exit status)
      - waitpid succeeded, but if recvfd failed, report recvfd_errno
      - waitpid and recvfd succeeded, use the fd
      
      NOTE: Original logic to retry the open and force owner mode was
      "documented" as only being attempted if we had already tried opening
      with the fork+setuid, but checked flags vs. VIR_FILE_OPEN_NOFORK which
      is counter to how we would get to that point. So that code was removed.
      92d9114e
  8. 03 2月, 2015 1 次提交
  9. 30 1月, 2015 1 次提交
    • J
      virfile: Need to check for ENOTCONN from recvfd failure · 29946e3e
      John Ferlan 提交于
      A gnulib change (commit id 'beae0bdc') causes ENOTCONN to be returned
      from recvfd which causes us to fall into the throwaway waitpid() call
      and return ENOTCONN to the caller, this then gets displayed during
      a 'virsh save' when using a root squashed NFS environment that's trying
      to save the file as something other than root:root.
      
      This patch will add the additional check for ENOTCONN to force the code
      into the waitpid loop looking for the actual status from the _exit()'d
      child fork.
      Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
      29946e3e
  10. 09 1月, 2015 1 次提交
    • J
      safezero: fall back to writing zeroes even when resizing · 1390c268
      Ján Tomko 提交于
      Remove the resize flag and use the same code path for all callers.
      This flag was added by commit 18f03166 to allow virStorageFileResize
      use 'safezero' while preserving the behavior.
      
      Explicitly return -2 when a fallback to a different method should
      be done, to make the code path more obvious.
      
      Fail immediately when ftruncate fails in the mmap method,
      as we did before commit 18f03166.
      1390c268
  11. 17 12月, 2014 4 次提交
    • E
      build: fix typo in previous patch · 9d128a20
      Eric Blake 提交于
      * src/util/virfile.c (safezero_mmap): Fix missing semicolon.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      9d128a20
    • M
      util: Fix fallocate stubs for mingw build · 9bce4386
      Martin Kletzander 提交于
      When any of the functions modified in commit 214c687b took false branch,
      the function itself used none of its parameters resulting in "unused
      parameter" error.  Rewriting these functions to the stubs we use
      elsewhere should fix the problem.
      Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
      9bce4386
    • J
      virstoragefile: Have virStorageFileResize use safezero · 18f03166
      John Ferlan 提交于
      Currently virStorageFileResize() function uses build conditionals to
      choose either the posix_fallocate() or syscall(SYS_fallocate) with no
      fallback in order to preallocate the space in the newly resized file.
      
      Since the safezero code has a similar set of conditionals modify the
      resize and safezero code in order to allow the resize logic to make use
      of safezero to unify the look/feel of the code paths.
      
      Add a new boolean (resize) to safezero() to make the optional decision
      whether to try syscall(SYS_fallocate) if the posix_fallocate fails because
      HAVE_POSIX_FALLOCATE is not defined (eg, return -1 and errno == 0).
      
      Create a local safezero_sys_fallocate in order to handle the resize
      code paths that support that.  If not present, the set errno = ENOSYS
      in order to allow the caller to handle the failure scenarios.
      Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
      18f03166
    • J
      virfile: Refactor safezero · 214c687b
      John Ferlan 提交于
      Currently build conditionals decide which of two safezero() functions
      should be built - either the posix_fallocate() or mmap() with a fallback
      to a slower safewrite() algorithm in order to preallocate space in a raw file.
      
      This patch will refactor safezero to utilize static functions for either
      posix_fallocate or mmap/safewrite. The build conditional still exist, but
      are only for shorter sections of code.
      
      The posix_fallocate path will make use of the ret/errno setting to contain
      the logic for safezero to decide whether it needs to fallback to other
      algorithms. A return of -1 with errno not changed will indicate the conditional
      is not present; otherwise, a return of -1 with errno change indicates the
      call was made and it failed (no functional difference to current algorithm).
      
      The mmap/safewrite option changes only slightly to handle the ftruncate
      failure for mmap. That is, previously if the ftruncate failed, there was
      no fallback to the slow safewrite option.
      Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
      214c687b
  12. 15 11月, 2014 1 次提交
  13. 29 10月, 2014 1 次提交
    • E
      maint: avoid static zero init in core files · 39871fce
      Eric Blake 提交于
      C guarantees that static variables are zero-initialized.  Some older
      compilers (and also gcc -fno-zero-initialized-in-bss) create larger
      binaries if you explicitly zero-initialize a static variable.
      
      * src/libvirt.c: Fix initialization.
      * src/util/viralloc.c: Likewise.
      * src/util/virdbus.c: Likewise.
      * src/util/virevent.c: Likewise.
      * src/util/virfile.c (safezero): Likewise.
      * src/util/virlog.c: Likewise.
      * src/util/virnetlink.c: Likewise.
      * src/util/virthread.h (VIR_ONCE_GLOBAL_INIT): Likewise.
      * src/util/virprocess.c (virProcessGetStartTime): Likewise.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      39871fce
  14. 01 10月, 2014 1 次提交
  15. 12 9月, 2014 1 次提交
    • J
      virfile: Resolve Coverity RESOURCE_LEAK · 8d44f924
      John Ferlan 提交于
      With the virGetGroupList() change in place - Coverity further complains
      that if we fail to virFork(), the groups will be leaked - which aha seems
      to be the case. Adjust the logic to save off the -errno, free the groups,
      and then return the value we saved
      Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
      8d44f924
  16. 11 9月, 2014 1 次提交
    • J
      virfile: Resolve Coverity DEADCODE · 6825bdad
      John Ferlan 提交于
      Adjust the parentheses in/for the waitpid loops; otherwise, Coverity
      points out:
      
      (1) Event assignment:   Assigning: "waitret" = "waitpid(pid, &status, 0) == -1"
      (2) Event between:      At condition "waitret == -1", the value of "waitret"
                              must be between 0 and 1.
      (3) Event dead_error_condition:     The condition "waitret == -1" cannot
                              be true.
      (4) Event dead_error_begin:     Execution cannot reach this statement:
                              "ret = -*__errno_location();".
      Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
      6825bdad
  17. 05 9月, 2014 1 次提交
    • E
      maint: use hanging curly braces · 625e04a8
      Eric Blake 提交于
      Our style overwhelmingly uses hanging braces (the open brace
      hangs at the end of the compound condition, rather than on
      its own line), with the primary exception of the top level function
      body.  Fix the few remaining outliers, before adding a syntax
      check in a later patch.
      
      * src/interface/interface_backend_netcf.c (netcfStateReload)
      (netcfInterfaceClose, netcf_to_vir_err): Correct use of { in
      compound statement.
      * src/conf/domain_conf.c (virDomainHostdevDefFormatSubsys)
      (virDomainHostdevDefFormatCaps): Likewise.
      * src/network/bridge_driver.c (networkAllocateActualDevice):
      Likewise.
      * src/util/virfile.c (virBuildPathInternal): Likewise.
      * src/util/virnetdev.c (virNetDevGetVirtualFunctions): Likewise.
      * src/util/virnetdevmacvlan.c
      (virNetDevMacVLanVPortProfileCallback): Likewise.
      * src/util/virtypedparam.c (virTypedParameterAssign): Likewise.
      * src/util/virutil.c (virGetWin32DirectoryRoot)
      (virFileWaitForDevices): Likewise.
      * src/vbox/vbox_common.c (vboxDumpNetwork): Likewise.
      * tests/seclabeltest.c (main): Likewise.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      625e04a8
  18. 12 8月, 2014 1 次提交
    • G
      Don't fail qemu driver intialization if we can't determine hugepage size · ee2a7c54
      Guido Günther 提交于
      Otherwise we fail like
      
        libvirt version: 1.2.7, package: 6 (root 2014-08-08-16:09:22 bogon)
        virAuditOpen:62 : Unable to initialize audit layer: Protocol not supported
        virFileGetDefaultHugepageSize:2958 : internal error: Unable to parse /proc/meminfo
        virStateInitialize:749 : Initialization of QEMU state driver failed: internal error: Unable to parse /proc/meminfo
        daemonRunStateInit:922 : Driver state initialization failed
      
      if the data can't be determined.
      
      Reference: http://bugs.debian.org/757609
      ee2a7c54
  19. 06 8月, 2014 1 次提交
    • M
      qemu: Make virFileFindHugeTLBFS fault tolerant · d26e8108
      Michal Privoznik 提交于
      Since commit be0782e1 we are parsing /proc/meminfo to find out the
      default huge page size. However, if the host we are running at does
      not support any huge pages (e.g. CONFIG_HUGETLB_PAGE is turned off),
      we will not successfully parse the meminfo file and hence the whole
      qemu driver init process fails. Moreover, the default huge page size
      is needed if and only if there's at least one hugetlbfs mount point.
      So the fix consists of moving the virFileGetDefaultHugepageSize
      function call after the first hugetlbfs mount point is found.
      
      With this fix, we fail to start with one or more hugetlbfs mounts and
      malformed meminfo file, but that's expected (how can one mount
      hugetlbfs without kernel supporting huge pages?). Workaround in that
      case is to umount all the hugetlbfs mounts.
      Reported-by: NJim Fehlig <jfehlig@suse.com>
      Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
      d26e8108
  20. 29 7月, 2014 1 次提交
  21. 01 7月, 2014 1 次提交
    • J
      Introduce virFileReadAllQuiet · f638c13e
      Ján Tomko 提交于
      Just like virFileReadAll, but returns -errno instead
      of reporting errors. Useful for ignoring some errors.
      f638c13e
  22. 06 5月, 2014 1 次提交
  23. 29 4月, 2014 3 次提交
    • E
      enforce sane readdir usage · eae00fb5
      Eric Blake 提交于
      Now that all clients have been adjusted, ensure that no future
      misuse of readdir is introduced into the code base.
      
      * cfg.mk (sc_prohibit_readdir): New rule.
      * src/util/virfile.c (virDirRead): Exempt the wrapper.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      eae00fb5
    • E
      util: use virDirRead API · ac1d42ac
      Eric Blake 提交于
      In making the conversion to the new API, I fixed a couple bugs:
      virSCSIDeviceGetSgName would leak memory if a directory
      unexpectedly contained multiple entries;
      virNetDevTapGetRealDeviceName could report a spurious error
      from a stale errno inherited before starting the readdir search.
      
      The decision on whether to store the result of virDirRead into
      a variable is based on whether the end of the loop falls through
      to cleanup code automatically.  In some cases, we have loops that
      are documented to return NULL on failure, and which raise an
      error on most failure paths but not in the case where the directory
      was unexpectedly empty; it may be worth a followup patch to
      explicitly report an error if readdir was successful but the
      directory was empty, so that a NULL return always has an error set.
      
      * src/util/vircgroup.c (virCgroupRemoveRecursively): Use new
      interface.
      (virCgroupKillRecursiveInternal, virCgroupSetOwner): Report
      readdir failures.
      * src/util/virfile.c (virFileLoopDeviceOpenSearch)
      (virFileNBDDeviceFindUnused, virFileDeleteTree): Use new
      interface.
      * src/util/virnetdevtap.c (virNetDevTapGetRealDeviceName):
      Properly check readdir errors.
      * src/util/virpci.c (virPCIDeviceIterDevices)
      (virPCIDeviceFileIterate, virPCIGetNetName): Report readdir
      failures.
      (virPCIDeviceAddressIOMMUGroupIterate): Use new interface.
      * src/util/virscsi.c (virSCSIDeviceGetSgName): Report readdir
      failures, and avoid memory leak.
      (virSCSIDeviceGetDevName): Report readdir failures.
      * src/util/virusb.c (virUSBDeviceSearch): Report readdir
      failures.
      * src/util/virutil.c (virGetFCHostNameByWWN)
      (virFindFCHostCapableVport): Report readdir failures.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      ac1d42ac
    • N
      util: introduce virDirRead wrapper for readdir · 1ce2f1a4
      Natanael Copa 提交于
      Introduce a wrapper for readdir. This helps us make sure that we always
      set errno before calling readdir and it will make sure errors are
      properly logged.
      Signed-off-by: NNatanael Copa <ncopa@alpinelinux.org>
      Signed-off-by: NEric Blake <eblake@redhat.com>
      1ce2f1a4
  24. 25 4月, 2014 2 次提交
  25. 22 4月, 2014 1 次提交
  26. 12 4月, 2014 1 次提交
    • E
      util: new virFileRelLinkPointsTo function · 91f349d8
      Eric Blake 提交于
      When checking if two filenames point to the same inode (whether
      by hardlink or symlink), sometimes one of the names might be
      relative.  This convenience function makes it easier to check.
      
      * src/util/virfile.h (virFileRelLinkPointsTo): New prototype.
      * src/util/virfile.c (virFileRelLinkPointsTo): New function.
      * src/libvirt_private.syms (virfile.h): Export it.
      * src/xen/xm_internal.c (xenXMDomainGetAutostart): Use it.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      91f349d8
  27. 02 4月, 2014 2 次提交
    • E
      util: don't support loopback and nbd when setuid · 885ac290
      Eric Blake 提交于
      The only remaining reason that virt-login-shell was trying to
      link against virstoragefile was because of a call to
      virStorageFileFormatTypeToString when spawning a qemu-nbd
      process - but setuid processes shouldn't be spawning qemu-nbd.
      
      * src/util/virfile.c (virFileLoopDeviceAssociate)
      (virFileNBDDeviceAssociate): Cripple in setuid builds.
      * src/Makefile.am (libvirt_setuid_rpc_client_la_SOURCES):
      Drop virstoragefile from the list.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      885ac290
    • E
      util: move detection of shared filesystems · 5160ab79
      Eric Blake 提交于
      The code in virstoragefile.c is getting more complex as I
      consolidate backing chain handling code.  But for the setuid
      virt-login-shell, we don't need to crawl backing chains.  It's
      easier to audit things for setuid security if there are fewer
      files involved, so this patch moves the one function that
      virFileOpen() was actually relying on to also live in virfile.c.
      
      * src/util/virstoragefile.c (virStorageFileIsSharedFS)
      (virStorageFileIsSharedFSType): Move...
      * src/util/virfile.c (virFileIsSharedFS, virFileIsSharedFSType):
      ...to here, and rename.
      (virFileOpenAs): Update caller.
      * src/security/security_selinux.c
      (virSecuritySELinuxSetFileconHelper)
      (virSecuritySELinuxSetSecurityAllLabel)
      (virSecuritySELinuxRestoreSecurityImageLabelInt): Likewise.
      * src/security/security_dac.c
      (virSecurityDACRestoreSecurityImageLabelInt): Likewise.
      * src/qemu/qemu_driver.c (qemuOpenFileAs): Likewise.
      * src/qemu/qemu_migration.c (qemuMigrationIsSafe): Likewise.
      * src/util/virstoragefile.h: Adjust declarations.
      * src/util/virfile.h: Likewise.
      * src/libvirt_private.syms (virfile.h, virstoragefile.h): Move
      symbols as appropriate.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      5160ab79
  28. 25 3月, 2014 1 次提交
  29. 18 3月, 2014 2 次提交
  30. 04 3月, 2014 1 次提交
    • E
      virFork: simplify semantics · 25f87817
      Eric Blake 提交于
      The old semantics of virFork() violates the priciple of good
      usability: it requires the caller to check the pid argument
      after use, *even when virFork returned -1*, in order to properly
      abort a child process that failed setup done immediately after
      fork() - that is, the caller must call _exit() in the child.
      While uses in virfile.c did this correctly, uses in 'virsh
      lxc-enter-namespace' and 'virt-login-shell' would happily return
      from the calling function in both the child and the parent,
      leading to very confusing results. [Thankfully, I found the
      problem by inspection, and can't actually trigger the double
      return on error without an LD_PRELOAD library.]
      
      It is much better if the semantics of virFork are impossible
      to abuse.  Looking at virFork(), the parent could only ever
      return -1 with a non-negative pid if it misused pthread_sigmask,
      but this never happens.  Up until this patch series, the child
      could return -1 with non-negative pid if it fails to set up
      signals correctly, but we recently fixed that to make the child
      call _exit() at that point instead of forcing the caller to do
      it.  Thus, the return value and contents of the pid argument are
      now redundant (a -1 return now happens only for failure to fork,
      a child 0 return only happens for a successful 0 pid, and a
      parent 0 return only happens for a successful non-zero pid),
      so we might as well return the pid directly rather than an
      integer of whether it succeeded or failed; this is also good
      from the interface design perspective as users are already
      familiar with fork() semantics.
      
      One last change in this patch: before returning the pid directly,
      I found cases where using virProcessWait unconditionally on a
      cleanup path of a virFork's -1 pid return would be nicer if there
      were a way to avoid it overwriting an earlier message.  While
      such paths are a bit harder to come by with my change to a direct
      pid return, I decided to keep the virProcessWait change in this
      patch.
      
      * src/util/vircommand.h (virFork): Change signature.
      * src/util/vircommand.c (virFork): Guarantee that child will only
      return on success, to simplify callers.  Return pid rather than
      status, now that the situations are always the same.
      (virExec): Adjust caller, also avoid open-coding process death.
      * src/util/virprocess.c (virProcessWait): Tweak semantics when pid
      is -1.
      (virProcessRunInMountNamespace): Adjust caller.
      * src/util/virfile.c (virFileAccessibleAs, virFileOpenForked)
      (virDirCreate): Likewise.
      * tools/virt-login-shell.c (main): Likewise.
      * tools/virsh-domain.c (cmdLxcEnterNamespace): Likewise.
      * tests/commandtest.c (test23): Likewise.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      25f87817