1. 01 5月, 2014 1 次提交
  2. 18 4月, 2014 1 次提交
  3. 16 4月, 2014 1 次提交
  4. 11 4月, 2014 3 次提交
  5. 10 4月, 2014 4 次提交
    • J
      Ignore char devices in storage pools by default · 595ada19
      Ján Tomko 提交于
      Without this, using /dev/mapper as a directory pool
      fails in virStorageBackendUpdateVolTargetInfoFD:
      cannot seek to end of file '/dev/mapper/control': Illegal seek
      
      Skip over character devices by default.
      
      https://bugzilla.redhat.com/show_bug.cgi?id=710866
      (cherry picked from commit 0edfc9ef)
      595ada19
    • J
      Ignore missing files on pool refresh · ba7cc215
      Ján Tomko 提交于
      If we cannot stat/open a file on pool refresh, returning -1 aborts
      the refresh and the pool is undefined.
      
      Only treat missing files as fatal unless VolOpenCheckMode is called
      with the VIR_STORAGE_VOL_OPEN_ERROR flag. If this flag is missing
      (when it's called from virStorageBackendProbeTarget in
      virStorageBackendFileSystemRefresh), only emit a warning and return
      -2 to let the caller skip over the file.
      
      https://bugzilla.redhat.com/show_bug.cgi?id=977706
      (cherry picked from commit ee640f44)
      ba7cc215
    • E
      storage: reduce number of stat calls · 1710925a
      Eric Blake 提交于
      We are calling fstat() at least twice per storage volume in
      a directory storage pool; this is rather wasteful.  Refactoring
      this is also a step towards making code reusable for gluster,
      where gluster can provide struct stat but cannot use fstat().
      
      * src/storage/storage_backend.h
      (virStorageBackendVolOpenCheckMode)
      (virStorageBackendUpdateVolTargetInfoFD): Update signature.
      * src/storage/storage_backend.c
      (virStorageBackendVolOpenCheckMode): Pass stat results back.
      (virStorageBackendUpdateVolTargetInfoFD): Use existing stats.
      (virStorageBackendVolOpen, virStorageBackendUpdateVolTargetInfo):
      Update callers.
      * src/storage/storage_backend_fs.c (virStorageBackendProbeTarget):
      Likewise.
      * src/storage/storage_backend_scsi.c
      (virStorageBackendSCSIUpdateVolTargetInfo): Likewise.
      * src/storage/storage_backend_mpath.c
      (virStorageBackendMpathUpdateVolTargetInfo): Likewise.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      (cherry picked from commit 9cac8639)
      1710925a
    • J
      Fix explicit usage of default video PCI slots · be7636c3
      Ján Tomko 提交于
      Do not leave the PCI address of the primary video card set
      to the legacy default (0000:00:02.0) if we're doing two-pass
      allocation.
      
      Since QEMU 1.6 (QEMU_CAPS_VIDEO_PRIMARY) we allow the primary
      video card to be on other slots than 0000:00:02.0 (as we use
      -device instead of -vga).
      
      However we fail to assign it an address if:
      * another device explicitly uses 0000:00:02.0 and
      * the primary video device has no address specified
      
      On the first pass, we have set the address to default, then checked
      if it's available, leaving it set even if it wasn't. This address
      got picked up by the second pass, resulting in a conflict:
      
      XML error: Attempted double use of PCI slot 0000:00:02.0
      (may need "multifunction='on'" for device on function 0)
      
      Also fix the test that was supposed to catch this.
      
      (cherry picked from commit ec128e69)
      be7636c3
  6. 20 3月, 2014 1 次提交
    • M
      virNetClientSetTLSSession: Restore original signal mask · f1725e60
      Michal Privoznik 提交于
      Currently, we use pthread_sigmask(SIG_BLOCK, ...) prior to calling
      poll(). This is okay, as we don't want poll() to be interrupted.
      However, then - immediately as we fall out from the poll() - we try to
      restore the original sigmask - again using SIG_BLOCK. But as the man
      page says, SIG_BLOCK adds signals to the signal mask:
      
      SIG_BLOCK
            The set of blocked signals is the union of the current set and the set argument.
      
      Therefore, when restoring the original mask, we need to completely
      overwrite the one we set earlier and hence we should be using:
      
      SIG_SETMASK
            The set of blocked signals is set to the argument set.
      Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
      (cherry picked from commit 3d4b4f5a)
      f1725e60
  7. 10 3月, 2014 7 次提交
    • E
      storage: use valid XML for awkward volume names · 45d40bcf
      Eric Blake 提交于
      $ touch /var/lib/libvirt/images/'a<b>c'
      $ virsh pool-refresh default
      $ virsh vol-dumpxml 'a<b>c' default | head -n2
      <volume>
        <name>a<b>c</name>
      
      Oops.  That's not valid XML.  And when we fix the XML
      generation, it fails RelaxNG validation.
      
      I'm also tired of seeing <key>(null)</key> in the example
      output for volume xml; while we used NULLSTR() to avoid
      a NULL deref rather than relying on glibc's printf
      extension behavior, it's even better if we avoid the issue
      in the first place.  But this requires being careful that
      we don't invalidate any storage backends that were relying
      on key being unassigned during virStoragVolCreateXML[From].
      
      I would have split this into two patches (one for escaping,
      one for avoiding <key>(null)</key>), but since they both
      end up touching a lot of the same test files, I ended up
      merging it into one.
      
      Note that this patch allows pretty much any volume name
      that can appear in a directory (excluding . and .. because
      those are special), but does nothing to change the current
      (unenforced) RelaxNG claim that pool names will consist
      only of letters, numbers, _, -, and +.  Tightening the C
      code to match RelaxNG patterns and/or relaxing the grammar
      to match the C code for pool names is a task for another
      day (but remember, we DID recently tighten C code for
      domain names to exclude a leading '.').
      
      * src/conf/storage_conf.c (virStoragePoolSourceFormat)
      (virStoragePoolDefFormat, virStorageVolTargetDefFormat)
      (virStorageVolDefFormat): Escape user-controlled strings.
      (virStorageVolDefParseXML): Parse key, for use in unit tests.
      * src/storage/storage_driver.c (storageVolCreateXML)
      (storageVolCreateXMLFrom): Ensure parsed key doesn't confuse
      volume creation.
      * docs/schemas/basictypes.rng (volName): Relax definition.
      * tests/storagepoolxml2xmltest.c (mymain): Test it.
      * tests/storagevolxml2xmltest.c (mymain): Likewise.
      * tests/storagepoolxml2xmlin/pool-dir-naming.xml: New file.
      * tests/storagepoolxml2xmlout/pool-dir-naming.xml: Likewise.
      * tests/storagevolxml2xmlin/vol-file-naming.xml: Likewise.
      * tests/storagevolxml2xmlout/vol-file-naming.xml: Likewise.
      * tests/storagevolxml2xmlout/vol-*.xml: Fix fallout.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      (cherry picked from commit 6cc4d6a3)
      45d40bcf
    • E
      maint: fix comma style issues: conf · 5fdc3e6e
      Eric Blake 提交于
      Most of our code base uses space after comma but not before;
      fix the remaining uses before adding a syntax check.
      
      * src/conf/capabilities.c: Consistently use commas.
      * src/conf/domain_conf.c: Likewise.
      * src/conf/network_conf.c: Likewise.
      * src/conf/storage_conf.c: Likewise.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      (cherry picked from commit 6f4901e1)
      5fdc3e6e
    • M
      virNetServerRun: Notify systemd that we're accepting clients · b7288926
      Michal Privoznik 提交于
      Systemd does not forget about the cases, where client service needs to
      wait for daemon service to initialize and start accepting new clients.
      Setting a dependency in client is not enough as systemd doesn't know
      when the daemon has initialized itself and started accepting new
      clients. However, it offers a mechanism to solve this. The daemon needs
      to call a special systemd function by which the daemon tells "I'm ready
      to accept new clients". This is exactly what we need with
      libvirtd-guests (client) and libvirtd (daemon). So now, with this
      change, libvirt-guests.service is invoked not any sooner than
      libvirtd.service calls the systemd notify function.
      Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
      (cherry picked from commit 68954fb2)
      b7288926
    • M
      libvirt-guests: Wait for libvirtd to initialize · 73307499
      Michal Privoznik 提交于
      I've noticed that in some cases systemd was quick enough and even
      if libvirt-guests.service is marked to be started after the
      libvirtd.service my guests were not resumed as
      libvirt-guests.sh failed to connect. This is because of a
      simple fact: systemd correctly starts libvirt-guests after it
      execs libvirtd. However, the daemon is not able to accept
      connections right from the start. It's doing some
      initialization which may take ages. This problem is not limited
      to systemd only, indeed. Any init system that is able to startup
      services in parallel (e.g. OpenRC) may run into this situation.
      The fix is to try connecting not only once, but continuously a few
      times with a small sleep in between tries.
      Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
      (cherry picked from commit 4e7fc830)
      73307499
    • M
      virSystemdCreateMachine: Set dependencies for slices · 484cec0b
      Michal Privoznik 提交于
      https://bugzilla.redhat.com/show_bug.cgi?id=1031696
      
      When creating a new domain, we let systemd know about it by calling
      CreateMachine() function via dbus. Systemd then creates a scope and
      places domain into it. However, later when the host is shutting
      down, systemd computes the shutdown order to see what processes can
      be shut down in parallel. And since we were not setting
      dependencies at all, the slices (and thus domains) were most likely
      killed before libvirt-guests.service. So user domains that had to
      be saved, shut off, whatever were in fact killed.  This problem can
      be solved by letting systemd know that scopes we're creating must
      not be killed before libvirt-guests.service.
      Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
      (cherry picked from commit ba79e387)
      484cec0b
    • G
      Add Documentation fields to systemd service files · 901aa960
      Guido Günther 提交于
      We point to the manpages where available and redirect to libvirt's
      homepage as a last resort.
      
      (cherry picked from commit 1b9f5aa7)
      901aa960
    • D
      Add a mutex to serialize updates to firewall · 034a4d7a
      Daniel P. Berrange 提交于
      The nwfilter conf update mutex previously serialized
      updates to the internal data structures for firewall
      rules, and updates to the firewall itself. The latter
      was recently turned into a read/write lock, and filter
      instantiation allowed to proceed in parallel. It was
      believed that this was ok, since each filter is created
      on a separate iptables/ebtables chain.
      
      It turns out that there is a subtle lock ordering problem
      on virNWFilterObjPtr instances. __virNWFilterInstantiateFilter
      will hold a lock on the virNWFilterObjPtr it is instantiating.
      This in turn invokes virNWFilterInstantiate which then invokes
      virNWFilterDetermineMissingVarsRec which then invokes
      virNWFilterObjFindByName. This iterates over every single
      virNWFilterObjPtr in the list, locking them and checking their
      name. So if 2 or more threads try to instantiate a filter in
      parallel, they'll all hold 1 lock at the top level in the
      __virNWFilterInstantiateFilter method which will cause the
      other thread to deadlock in virNWFilterObjFindByName.
      
      The fix is to add an exclusive mutex to serialize the
      execution of __virNWFilterInstantiateFilter.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      (cherry picked from commit 925de19e)
      034a4d7a
  8. 19 2月, 2014 18 次提交
  9. 05 2月, 2014 1 次提交
    • E
      event: move event filtering to daemon (regression fix) · fad8d7df
      Eric Blake 提交于
      https://bugzilla.redhat.com/show_bug.cgi?id=1058839
      
      Commit f9f56340 for CVE-2014-0028 almost had the right idea - we
      need to check the ACL rules to filter which events to send.  But
      it overlooked one thing: the event dispatch queue is running in
      the main loop thread, and therefore does not normally have a
      current virIdentityPtr.  But filter checks can be based on current
      identity, so when libvirtd.conf contains access_drivers=["polkit"],
      we ended up rejecting access for EVERY event due to failure to
      look up the current identity, even if it should have been allowed.
      
      Furthermore, even for events that are triggered by API calls, it
      is important to remember that the point of events is that they can
      be copied across multiple connections, which may have separate
      identities and permissions.  So even if events were dispatched
      from a context where we have an identity, we must change to the
      correct identity of the connection that will be receiving the
      event, rather than basing a decision on the context that triggered
      the event, when deciding whether to filter an event to a
      particular connection.
      
      If there were an easy way to get from virConnectPtr to the
      appropriate virIdentityPtr, then object_event.c could adjust the
      identity prior to checking whether to dispatch an event.  But
      setting up that back-reference is a bit invasive.  Instead, it
      is easier to delay the filtering check until lower down the
      stack, at the point where we have direct access to the RPC
      client object that owns an identity.  As such, this patch ends
      up reverting a large portion of the framework of commit f9f56340.
      We also have to teach 'make check' to special-case the fact that
      the event registration filtering is done at the point of dispatch,
      rather than the point of registration.  Note that even though we
      don't actually use virConnectDomainEventRegisterCheckACL (because
      the RegisterAny variant is sufficient), we still generate the
      function for the purposes of documenting that the filtering
      takes place.
      
      Also note that I did not entirely delete the notion of a filter
      from object_event.c; I still plan on using that for my upcoming
      patch series for qemu monitor events in libvirt-qemu.so.  In
      other words, while this patch changes ACL filtering to live in
      remote.c and therefore we have no current client of the filtering
      in object_event.c, the notion of filtering in object_event.c is
      still useful down the road.
      
      * src/check-aclrules.pl: Exempt event registration from having to
      pass checkACL filter down call stack.
      * daemon/remote.c (remoteRelayDomainEventCheckACL)
      (remoteRelayNetworkEventCheckACL): New functions.
      (remoteRelay*Event*): Use new functions.
      * src/conf/domain_event.h (virDomainEventStateRegister)
      (virDomainEventStateRegisterID): Drop unused parameter.
      * src/conf/network_event.h (virNetworkEventStateRegisterID):
      Likewise.
      * src/conf/domain_event.c (virDomainEventFilter): Delete unused
      function.
      * src/conf/network_event.c (virNetworkEventFilter): Likewise.
      * src/libxl/libxl_driver.c: Adjust caller.
      * src/lxc/lxc_driver.c: Likewise.
      * src/network/bridge_driver.c: Likewise.
      * src/qemu/qemu_driver.c: Likewise.
      * src/remote/remote_driver.c: Likewise.
      * src/test/test_driver.c: Likewise.
      * src/uml/uml_driver.c: Likewise.
      * src/vbox/vbox_tmpl.c: Likewise.
      * src/xen/xen_driver.c: Likewise.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      (cherry picked from commit 11f20e43)
      
      Conflicts:
      	daemon/remote.c - not backporting network events
      	src/conf/network_event.c - likewise
      	src/conf/network_event.h - likewise
      	src/network/bridge_driver.c - likewise
      	src/conf/domain_event.c - revert back to pre-CVE state
      	src/conf/domain_event.h - likewise
      	src/libxl/libxl_driver.c - likewise
      	src/lxc/lxc_driver.c - likewise
      	src/remote/remote_driver.c - likewise
      	src/test/test_driver.c - likewise
      	src/uml/uml_driver.c - likewise
      	src/xen/xen_driver.c - likewise
      fad8d7df
  10. 04 2月, 2014 2 次提交
    • D
      Push nwfilter update locking up to top level · 978648de
      Daniel P. Berrange 提交于
      The NWFilter code has as a deadlock race condition between
      the virNWFilter{Define,Undefine} APIs and starting of guest
      VMs due to mis-matched lock ordering.
      
      In the virNWFilter{Define,Undefine} codepaths the lock ordering
      is
      
        1. nwfilter driver lock
        2. virt driver lock
        3. nwfilter update lock
        4. domain object lock
      
      In the VM guest startup paths the lock ordering is
      
        1. virt driver lock
        2. domain object lock
        3. nwfilter update lock
      
      As can be seen the domain object and nwfilter update locks are
      not acquired in a consistent order.
      
      The fix used is to push the nwfilter update lock upto the top
      level resulting in a lock ordering for virNWFilter{Define,Undefine}
      of
      
        1. nwfilter driver lock
        2. nwfilter update lock
        3. virt driver lock
        4. domain object lock
      
      and VM start using
      
        1. nwfilter update lock
        2. virt driver lock
        3. domain object lock
      
      This has the effect of serializing VM startup once again, even if
      no nwfilters are applied to the guest. There is also the possibility
      of deadlock due to a call graph loop via virNWFilterInstantiate
      and virNWFilterInstantiateFilterLate.
      
      These two problems mean the lock must be turned into a read/write
      lock instead of a plain mutex at the same time. The lock is used to
      serialize changes to the "driver->nwfilters" hash, so the write lock
      only needs to be held by the define/undefine methods. All other
      methods can rely on a read lock which allows good concurrency.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      (cherry picked from commit 6e5c79a1)
      978648de
    • D
      Add a read/write lock implementation · 7ca05e2f
      Daniel P. Berrange 提交于
      Add virRWLock backed up by a POSIX rwlock primitive
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      (cherry picked from commit c065984b)
      7ca05e2f
  11. 29 1月, 2014 1 次提交