1. 04 6月, 2011 1 次提交
    • D
      Fix check of virKillProcess return status · a018c0b9
      Daniel P. Berrange 提交于
      The error code for virKillProcess is returned in the errno variable
      not the return value. THis mistake caused the logs to be filled with
      errors when shutting down QEMU processes
      
      * src/qemu/qemu_process.c: Fix process kill check.
      a018c0b9
  2. 03 6月, 2011 1 次提交
    • E
      qemu: avoid memory leak on vcpupin · 2834d571
      Eric Blake 提交于
      Detected by Coverity.  This leaked a cpumap on every iteration
      of the loop.  Leak introduced in commit 1cc4d025 (v0.9.0).
      
      * src/qemu/qemu_process.c (qemuProcessSetVcpuAffinites): Plug
      leak, and hoist allocation outside loop.
      2834d571
  3. 02 6月, 2011 1 次提交
    • D
      Integrate the QEMU driver with the lock manager infrastructure · 12317957
      Daniel P. Berrange 提交于
      The QEMU integrates with the lock manager instructure in a number
      of key places
      
       * During startup, a lock is acquired in between the fork & exec
       * During startup, the libvirtd process acquires a lock before
         setting file labelling
       * During shutdown, the libvirtd process acquires a lock
         before restoring file labelling
       * During hotplug, unplug & media change the libvirtd process
         holds a lock while setting/restoring labels
      
      The main content lock is only ever held by the QEMU child process,
      or libvirtd during VM shutdown. The rest of the operations only
      require libvirtd to hold the metadata locks, relying on the active
      QEMU still holding the content lock.
      
      * src/qemu/qemu_conf.c, src/qemu/qemu_conf.h,
        src/qemu/libvirtd_qemu.aug, src/qemu/test_libvirtd_qemu.aug:
        Add config parameter for configuring lock managers
      * src/qemu/qemu_driver.c: Add calls to the lock manager
      12317957
  4. 29 5月, 2011 1 次提交
    • D
      Don't kill QEMU process when a monitor I/O parsing error occurs · 4454a9ef
      Daniel P. Berrange 提交于
      Currently whenever there is any failure with parsing the monitor,
      this is treated in the same was as end-of-file (ie QEMU quit).
      The domain is terminated, if not already dead.
      
      With this change, failures in parsing the monitor stream do not
      result in the death of QEMU. The guest continues running unchanged,
      but all further use of the monitor will be disabled.
      
      The VMM_FAILURE event will be emitted, and the mgmt application
      can decide when to kill/restart the guest to re-gain control
      
      * src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Run a
        different callback for monitor EOF vs error conditions.
      * src/qemu/qemu_process.c: Emit VMM_FAILURE event when monitor
        fails
      4454a9ef
  5. 16 5月, 2011 2 次提交
    • J
      qemu: Update domain state when reconnecting monitor · 9f131961
      Jiri Denemark 提交于
      A qemu domain can get paused when libvirtd is stopped (e.g., because of
      I/O error) so we should check its current state when reconnecting to it.
      9f131961
    • J
      Implement domain state reason · b046c55d
      Jiri Denemark 提交于
      Only in drivers which use virDomainObj, drivers that query hypervisor
      for domain status need to be updated separately in case their hypervisor
      supports this functionality.
      
      The reason is also saved into domain state XML so if a domain is not
      running (i.e., no state XML exists) the reason will be lost by libvirtd
      restart. I think this is an acceptable limitation.
      b046c55d
  6. 12 5月, 2011 1 次提交
    • L
      libvirt,logging: cleanup VIR_XXX0() · b65f37a4
      Lai Jiangshan 提交于
      These VIR_XXXX0 APIs make us confused, use the non-0-suffix APIs instead.
      
      How do these coversions works? The magic is using the gcc extension of ##.
      When __VA_ARGS__ is empty, "##" will swallow the "," in "fmt," to
      avoid compile error.
      
      example: origin				after CPP
      	high_level_api("%d", a_int)	low_level_api("%d", a_int)
      	high_level_api("a  string")	low_level_api("a  string")
      
      About 400 conversions.
      
      8 special conversions:
      VIR_XXXX0("") -> VIR_XXXX("msg") (avoid empty format) 2 conversions
      VIR_XXXX0(string_literal_with_%) -> VIR_XXXX(%->%%) 0 conversions
      VIR_XXXX0(non_string_literal) -> VIR_XXXX("%s", non_string_literal)
        (for security) 6 conversions
      Signed-off-by: NLai Jiangshan <laijs@cn.fujitsu.com>
      b65f37a4
  7. 11 5月, 2011 1 次提交
    • D
      Allow destroying QEMU VM even if a job is active · cbf9f2f2
      Daniel P. Berrange 提交于
      Introduce a virProcessKill function that can be safely called
      even when the job mutex is held. This allows virDomainDestroy
      to kill any VM even if it is asleep in a monitor job. The PID
      will die and the thread asleep on the monitor will then wake
      up releasing the job mutex.
      
      * src/qemu/qemu_driver.c: Kill process before using qemuProcessStop
        to ensure job is released
      * src/qemu/qemu_process.c: Add virProcessKill for killing off
        QEMU processes
      cbf9f2f2
  8. 06 5月, 2011 3 次提交
    • D
      Make taint warnings also go into the domain logfile · f79cddad
      Daniel P. Berrange 提交于
      As well as taint warnings going to the main libvirt log,
      add taint warnings to the per-domain logfile
      
        Domain id=3 is tainted: high-privileges
        Domain id=3 is tainted: disk-probing
        Domain id=3 is tainted: shell-scripts
        Domain id=3 is tainted: custom-monitor
      
      * src/qemu/qemu_domain.c, src/qemu/qemu_domain.h: Enhance
        qemuDomainTaint to also log to the domain logfile
      * src/qemu/qemu_driver.c: Pass -1 for logFD to taint methods to
        auto-append to logfile
      * src/qemu/qemu_process.c: Pass open logFD at startup for taint
        methods
      f79cddad
    • D
      Move qemuProcessLogReadFD and qemuProcessLogFD methods · ce1b1f41
      Daniel P. Berrange 提交于
      Move the qemuProcessLogReadFD and qemuProcessLogFD methods
      into qemu_domain.c, renaming them to qemuDomainCreateLog
      and qemuDomainOpenLog.
      
      * src/qemu/qemu_domain.c, src/qemu/qemu_domain.h: Add
        qemuDomainCreateLog and qemuDomainOpenLog.
      * src/qemu/qemu_process.c: Remove qemuProcessLogFD
        and qemuProcessLogReadFD
      ce1b1f41
    • D
      Log taint warnings in QEMU driver · 718ac9b5
      Daniel P. Berrange 提交于
      Wire up logging of VM tainting to the QEMU driver
      
       - If running QEMU as root user/group or without capabilities
         being cleared
       - If passing custom QEMU command line args
       - If issuing custom QEMU monitor commands
       - If using a network interface config with an associated
         shell script
       - If using a disk config relying on format probing
      
      The warnings, per-VM appear in the main libvirtd logs
      
        11:56:17.571: 10832: warning : qemuDomainObjTaint:712 : Domain id=1 name='l2' uuid=c7a3edbd-edaf-9455-926a-d65c16db1802 is tainted: high-privileges
        11:56:17.571: 10832: warning : qemuDomainObjTaint:712 : Domain id=1 name='l2' uuid=c7a3edbd-edaf-9455-926a-d65c16db1802 is tainted: disk-probing
      
      The taint flags are reset when the VM is stopped.
      
      * src/qemu/qemu_domain.c, src/qemu/qemu_domain.h: Helper APIs
        for logging taint warnings
      * src/qemu/qemu_driver.c: Log tainting with custom QEMU monitor
        commands and disk/net hotplug with unsupported configs
      * src/qemu/qemu_process.c: Log tainting at startup based on
        unsupported configs
      718ac9b5
  9. 05 5月, 2011 1 次提交
    • D
      Persist qemu capabilities in the domain status file · 43c01d38
      Daniel P. Berrange 提交于
      To cope with the QEMU binary being changed while a VM is running,
      it is neccessary to persist the original qemu capabilities at the
      time the VM is booted.
      
      * src/qemu/qemu_capabilities.c, src/qemu/qemu_capabilities.h: Add
        an enum for a string rep of every capability
      * src/qemu/qemu_domain.c, src/qemu/qemu_domain.h: Support for
        storing capabilities in the domain status XML
      * src/qemu/qemu_process.c: Populate & free QEMU capabilities at
        domain startup
      43c01d38
  10. 19 4月, 2011 1 次提交
  11. 18 4月, 2011 2 次提交
    • D
      build: fix qemu build failure in previous patch · ce3ae1b0
      Daniel P. Berrange 提交于
      This last minute addition caused a build failure
      
      cc1: warnings being treated as errors
      qemu/qemu_process.c: In function 'qemuProcessHandleWatchdog':
      qemu/qemu_process.c:436:34: error: ignoring return value of 'virDomainObjUnref', declared with attribute warn_unused_result [-Wunused-result]
      make[3]: *** [libvirt_driver_qemu_la-qemu_process.lo] Error 1
      ce3ae1b0
    • W
      enhance processWatchdogEvent() · b060d2e5
      Wen Congyang 提交于
      This patch does the following two things:
      1. hold an extra reference while handling watchdog event
         If the domain is not persistent, and qemu quits unexpectedly before
         calling processWatchdogEvent(), vm will be freed and the function
         processWatchdogEvent() will be dangerous.
      
      2. unlock qemu driver and vm before returning from processWatchdogEvent()
         When the function processWatchdogEvent() failed, we only free wdEvent,
         but forget to unlock qemu driver and vm, free dumpfile.
      b060d2e5
  12. 12 4月, 2011 1 次提交
    • E
      maint: fix grammar errors · 99fa3080
      Eric Blake 提交于
      Jim Meyering recently improved gnulib to catch various grammar
      errors during 'make syntax-check'.
      
      * .gnulib: Update to latest, for syntax-check improvements.
      * include/libvirt/libvirt.h.in (virConnectAuthCallbackPtr): Use
      cannot rather than two words.
      * src/driver.c: Likewise.
      * src/driver.h (VIR_SECRET_GET_VALUE_INTERNAL_CALL): Likewise.
      * src/remote/remote_driver.c (initialize_gnutls): Likewise.
      * src/util/pci.c (pciBindDeviceToStub): Likewise.
      * src/storage/storage_backend.c (virStorageBackendCreateQemuImg):
      Likewise.
      (virStorageBackendUpdateVolTargetInfoFD): Avoid doubled word.
      * docs/formatdomain.html.in: Likewise.
      * src/qemu/qemu_process.c (qemuProcessStart): Likewise.
      * cfg.mk (exclude_file_name_regexp--sc_prohibit_can_not)
      (exclude_file_name_regexp--sc_prohibit_doubled_word): Exclude
      existing translation problems.
      99fa3080
  13. 06 4月, 2011 1 次提交
    • J
      qemu: Support for overriding NPROC limit · 87e78b2b
      Jiri Denemark 提交于
      This patch adds max_processes option to qemu.conf which can be used to
      override system default limit on number of processes that are allowed to
      be running for qemu user.
      87e78b2b
  14. 05 4月, 2011 3 次提交
    • J
      qemu: Rewrite LOOKUP_PTYS macro into a function · 69afdf14
      Jiri Denemark 提交于
      The macro is huge and gives us nothing but headache when maintaining it.
      69afdf14
    • M
      qemu: Use heap allocated memory to read the monitor greeting · fb7f0051
      Matthias Bolte 提交于
      Removing a 4kb stack allocation.
      
      Reduce stack buffer for virStrerror to the common 1kb instead of 4kb.
      fb7f0051
    • E
      build: detect potentential uninitialized variables · 0d166c6b
      Eric Blake 提交于
      Even with -Wuninitialized (which is part of autobuild.sh
      --enable-compile-warnings=error), gcc does NOT catch this
      use of an uninitialized variable:
      
      {
        if (cond)
          goto error;
        int a = 1;
      error:
        printf("%d", a);
      }
      
      which prints 0 (supposing the stack started life wiped) if
      cond was true.  Clang will catch it, but we don't use clang
      as often.  Using gcc -Wjump-misses-init catches it, but also
      gives false positives:
      
      {
        if (cond)
          goto error;
        int a = 1;
        return a;
      error:
        return 0;
      }
      
      Here, a was never used in the scope of the error block, so
      declaring it after goto is technically fine (and clang agrees).
      However, given that our HACKING already documents a preference
      to C89 decl-before-statement, the false positive warning is
      enough of a prod to comply with HACKING.
      
      [Personally, I'd _really_ rather use C99 decl-after-statement
      to minimize scope, but until gcc can efficiently and reliably
      catch scoping and uninitialized usage bugs, I'll settle with
      the compromise of enforcing a coding standard that happens to
      reject false positives if it can also detect real bugs.]
      
      * acinclude.m4 (LIBVIRT_COMPILE_WARNINGS): Add -Wjump-misses-init.
      * src/util/util.c (__virExec): Adjust offenders.
      * src/conf/domain_conf.c (virDomainTimerDefParseXML): Likewise.
      * src/remote/remote_driver.c (doRemoteOpen): Likewise.
      * src/phyp/phyp_driver.c (phypGetLparNAME, phypGetLparProfile)
      (phypGetVIOSFreeSCSIAdapter, phypVolumeGetKey)
      (phypGetStoragePoolDevice)
      (phypVolumeGetPhysicalVolumeByStoragePool)
      (phypVolumeGetPath): Likewise.
      * src/vbox/vbox_tmpl.c (vboxNetworkUndefineDestroy)
      (vboxNetworkCreate, vboxNetworkDumpXML)
      (vboxNetworkDefineCreateXML): Likewise.
      * src/xenapi/xenapi_driver.c (getCapsObject)
      (xenapiDomainDumpXML): Likewise.
      * src/xenapi/xenapi_utils.c (createVMRecordFromXml): Likewise.
      * src/security/security_selinux.c (SELinuxGenNewContext):
      Likewise.
      * src/qemu/qemu_command.c (qemuBuildCommandLine): Likewise.
      * src/qemu/qemu_hotplug.c (qemuDomainChangeEjectableMedia):
      Likewise.
      * src/qemu/qemu_process.c (qemuProcessWaitForMonitor): Likewise.
      * src/qemu/qemu_monitor_text.c (qemuMonitorTextGetPtyPaths):
      Likewise.
      * src/qemu/qemu_driver.c (qemudDomainShutdown)
      (qemudDomainBlockStats, qemudDomainMemoryPeek): Likewise.
      * src/storage/storage_backend_iscsi.c
      (virStorageBackendCreateIfaceIQN): Likewise.
      * src/node_device/node_device_udev.c (udevProcessPCI): Likewise.
      0d166c6b
  15. 03 4月, 2011 2 次提交
  16. 01 4月, 2011 1 次提交
    • J
      qemu: Ignore libvirt debug messages in qemu log · 72ab0b6d
      Jiri Denemark 提交于
      qemu driver uses a 4K buffer for reading qemu log file. This is enough
      when only qemu's output is present in the log file. However, when
      debugging messages are turned on, intermediate libvirt process fills the
      log with a bunch of debugging messages before it executes qemu binary.
      In such a case the buffer may become too small. However, we are not
      really interested in libvirt messages so they can be filtered out from
      the buffer.
      72ab0b6d
  17. 29 3月, 2011 1 次提交
    • O
      cputune: Support cputune for qemu driver · 1cc4d025
      Osier Yang 提交于
      When domain startup, setting cpu affinity and cpu shares according
      to the cputune xml specified in domain xml.
      
      Modify "qemudDomainPinVcpu" to update domain config for vcpupin,
      and modify "qemuSetSchedulerParameters" to update domain config
      for cpu shares.
      
      v1 - v2:
         * Use "VIR_ALLOC_N" instead of "VIR_ALLOC_VAR"
         * But keep raising error when it fails on adding vcpupin xml
           entry, as I still don't have a better idea yet.
      1cc4d025
  18. 28 3月, 2011 1 次提交
    • E
      docs: document recent hook additions · ef701fd8
      Eric Blake 提交于
      * src/qemu/qemu_process.c (qemuProcessStart, qemuProcessStop): Fix
      typos.
      * docs/hooks.html.in: Document 'prepare' and 'release' hooks.
      ef701fd8
  19. 25 3月, 2011 1 次提交
    • E
      build: enforce reference count checking · 72d4ff5b
      Eric Blake 提交于
      Add the compiler attribute to ensure we don't introduce any more
      ref bugs like were just patched in commit 9741f346, then explicitly
      mark the remaining places in code that are safe.
      
      * src/qemu/qemu_monitor.h (qemuMonitorUnref): Mark
      ATTRIBUTE_RETURN_CHECK.
      * src/conf/domain_conf.h (virDomainObjUnref): Likewise.
      * src/conf/domain_conf.c (virDomainObjParseXML)
      (virDomainLoadStatus): Fix offenders.
      * src/openvz/openvz_conf.c (openvzLoadDomains): Likewise.
      * src/vmware/vmware_conf.c (vmwareLoadDomains): Likewise.
      * src/qemu/qemu_domain.c (qemuDomainObjBeginJob)
      (qemuDomainObjBeginJobWithDriver)
      (qemuDomainObjExitRemoteWithDriver): Likewise.
      * src/qemu/qemu_monitor.c (QEMU_MONITOR_CALLBACK): Likewise.
      Suggested by Daniel P. Berrange.
      72d4ff5b
  20. 22 3月, 2011 1 次提交
  21. 19 3月, 2011 1 次提交
    • E
      qemu: respect locking rules · 49608417
      Eric Blake 提交于
      THREADS.txt states that the contents of vm should not be read or
      modified while the vm lock is not held, but that the lock must not
      be held while performing a monitor command.  This fixes all the
      offenders that I could find.
      
      * src/qemu/qemu_process.c (qemuProcessStartCPUs)
      (qemuProcessInitPasswords, qemuProcessStart): Don't modify or
      refer to vm state outside lock.
      * src/qemu/qemu_driver.c (qemudDomainHotplugVcpus): Likewise.
      * src/qemu/qemu_hotplug.c (qemuDomainChangeGraphicsPasswords):
      Likewise.
      49608417
  22. 10 3月, 2011 2 次提交
    • J
      qemu: Fix warnings in event handlers · 3b8bf4a3
      Jiri Denemark 提交于
      Some qemu monitor event handlers were issuing inadequate warning when
      virDomainSaveStatus() failed. They copied the message from I/O error
      handler without customizing it to provide better information on why
      virDomainSaveStatus() was called.
      3b8bf4a3
    • E
      audit: rename remaining qemu audit functions · 48096a00
      Eric Blake 提交于
      Also add ATTRIBUTE_NONNULL markers.
      
      * src/qemu/qemu_audit.h: The pattern qemuDomainXXXAudit is
      inconsistent; prefer qemuAuditXXX instead.
      * src/qemu/qemu_audit.c: Reflect the renames.
      * src/qemu/qemu_driver.c: Likewise.
      * src/qemu/qemu_hotplug.c: Likewise.
      * src/qemu/qemu_migration.c: Likewise.
      * src/qemu/qemu_process.c: Likewise.
      48096a00
  23. 04 3月, 2011 2 次提交
    • L
      qemu: avoid corruption of domain hashtable and misuse of freed domains · f8ac6790
      Laine Stump 提交于
      This was also found while investigating
      
         https://bugzilla.redhat.com/show_bug.cgi?id=670848
      
      An EOF on a domain's monitor socket results in an event being queued
      to handle the EOF. The handler calls qemuProcessHandleMonitorEOF. If
      it is a transient domain, this leads to a call to
      virDomainRemoveInactive, which removes the domain from the driver's
      hashtable and unref's it. Nowhere in this code is the qemu driver lock
      acquired.
      
      However, all modifications to the driver's domain hashtable *must* be
      done while holding the driver lock, otherwise the hashtable can become
      corrupt, and (even more likely) another thread could call a different
      hashtable function and acquire a pointer to the domain that is in the
      process of being destroyed.
      
      To prevent such a disaster, qemuProcessHandleMonitorEOF must get the
      qemu driver lock *before* it gets the DomainObj's lock, and hold it
      until it is finished with the DomainObj. This guarantees that nobody
      else modifies the hashtable at the same time, and that anyone who had
      already gotten the DomainObj from the hashtable prior to this call has
      finished with it before we remove/destroy it.
      f8ac6790
    • L
      qemu: Add missing lock of virDomainObj before calling virDomainUnref · e570ca12
      Laine Stump 提交于
      This was found while researching the root cause of:
      
      https://bugzilla.redhat.com/show_bug.cgi?id=670848
      
      virDomainUnref should only be called with the lock held for the
      virDomainObj in question. However, when a transient qemu domain gets
      EOF on its monitor socket, it queues an event which frees the monitor,
      which unref's the virDomainObj without first locking it. If another
      thread has already locked the virDomainObj, the modification of the
      refcount could potentially be corrupted. In an extreme case, it could
      also be potentially unlocked by virDomainObjFree, thus left open to
      modification by anyone else who would have otherwise waited for the
      lock (not to mention the fact that they would be accessing freed
      data!).
      
      The solution is to have qemuMonitorFree lock the domain object right
      before unrefing it. Since the caller to qemuMonitorFree doesn't expect
      this lock to be held, if the refcount doesn't go all the way to 0,
      qemuMonitorFree must unlock it after the unref.
      e570ca12
  24. 25 2月, 2011 1 次提交
    • D
      Allow hash tables to use generic pointers as keys · 16ba2aaf
      Daniel P. Berrange 提交于
      Relax the restriction that the hash table key must be a string
      by allowing an arbitrary hash code generator + comparison func
      to be provided
      
      * util/hash.c, util/hash.h: Allow any pointer as a key
      * internal.h: Include stdbool.h as standard.
      * conf/domain_conf.c, conf/domain_conf.c,
        conf/nwfilter_params.c, nwfilter/nwfilter_gentech_driver.c,
        nwfilter/nwfilter_gentech_driver.h, nwfilter/nwfilter_learnipaddr.c,
        qemu/qemu_command.c, qemu/qemu_driver.c,
        qemu/qemu_process.c, uml/uml_driver.c,
        xen/xm_internal.c: s/char */void */ in hash callbacks
      16ba2aaf
  25. 24 2月, 2011 4 次提交
  26. 21 2月, 2011 2 次提交
    • E
      maint: kill all remaining uses of old DEBUG macro · 994e7567
      Eric Blake 提交于
      Done mechanically with:
      $ git grep -l '\bDEBUG0\? *(' | xargs -L1 sed -i 's/\bDEBUG0\? *(/VIR_&/'
      
      followed by manual deletion of qemudDebug in daemon/libvirtd.c, along
      with a single 'make syntax-check' fallout in the same file, and the
      actual deletion in src/util/logging.h.
      
      * src/util/logging.h (DEBUG, DEBUG0): Delete.
      * daemon/libvirtd.h (qemudDebug): Likewise.
      * global: Change remaining clients over to VIR_DEBUG counterpart.
      994e7567
    • E
      hash: make virHashFree more free-like · 03ba07cb
      Eric Blake 提交于
      Two-argument free functions are uncommon; match the style elsewhere
      by caching the callback at creation.
      
      * src/util/hash.h (virHashCreate, virHashFree): Move deallocator
      argument to creation.
      * cfg.mk (useless_free_options): Add virHashFree.
      * src/util/hash.c (_virHashTable): Track deallocator.
      (virHashCreate, virHashFree): Update to new signature.
      * src/conf/domain_conf.c (virDomainObjListDeinit)
      (virDomainObjListInit, virDomainDiskDefForeachPath)
      (virDomainSnapshotObjListDeinit, virDomainSnapshotObjListInit):
      Update callers.
      * src/conf/nwfilter_params.c (virNWFilterHashTableFree)
      (virNWFilterHashTableCreate): Likewise.
      * src/conf/nwfilter_conf.c (virNWFilterTriggerVMFilterRebuild):
      Likewise.
      * src/cpu/cpu_generic.c (genericHashFeatures, genericBaseline):
      Likewise.
      * src/xen/xm_internal.c (xenXMOpen, xenXMClose): Likewise.
      * src/nwfilter/nwfilter_learnipaddr.c (virNWFilterLearnInit)
      (virNWFilterLearnShutdown): Likewise.
      * src/qemu/qemu_command.c (qemuDomainPCIAddressSetCreate)
      (qemuDomainPCIAddressSetFree): Likewise.
      * src/qemu/qemu_process.c (qemuProcessWaitForMonitor): Likewise.
      03ba07cb
  27. 18 2月, 2011 1 次提交