1. 05 9月, 2014 7 次提交
    • M
      conf: Fix even implicit labels · d869a6ea
      Michal Privoznik 提交于
      https://bugzilla.redhat.com/show_bug.cgi?id=1027096#c8
      
      There are two ways in which security model can make it way into
      <seclabel/>. One is as the @model attribute, the second one is
      via security_driver knob in qemu.conf. Then, while parsing
      <seclabel/> several checks and fix ups of old, stale combinations
      are performed. However, iff @model is specified. They are not
      done in the latter case. So it's still possible to feed libvirt
      with senseless combinations (if qemu.conf is adjusted correctly).
      
      One example of a seclabel that needs some adjustment (in case
      security_driver=none in qemu.conf) is:
      
          <seclabel type='dynamic' relabel='yes'/>
      
      The fixup code is copied from virSecurityLabelDefParseXML
      (covering the former case) into virSecurityLabelDefsParseXML
      (which handles the latter case).
      Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
      d869a6ea
    • E
      blockjob: split out block info driver handling · cefe0ba3
      Eric Blake 提交于
      The qemu implementation for virDomainGetBlockJobInfo() has a
      minor bug: it grabs the qemu job with intent to QEMU_JOB_MODIFY,
      which means it cannot be run in parallel with any other
      domain-modifying command.  Among others, virDomainBlockJobAbort()
      is such a modifying command, and it defaults to being
      synchronous, and can wait as long as several seconds to ensure
      that the job has actually finished.  Due to the job rules, this
      means a user cannot obtain status about the job during that
      timeframe, even though we know that some client management code
      exists which is using a polling loop on status to see when a job
      finishes.
      
      This bug has been present ever since blockpull support was first
      introduced (commit b976165c, v0.9.4 in Jul 2011), all because we
      stupidly tried to cram too much multiplexing through a single
      helper routine, but was made worse in 97c59b9c (v1.2.7) when
      BlockJobAbort was fixed to wait longer.  It's time to disentangle
      some of the mess in qemuDomainBlockJobImpl, and in the process
      relax block job query to use QEMU_JOB_QUERY, since it can safely
      be used in parallel with any long running modify command.
      
      Technically, there is one case where getting block job info can
      modify domain XML - we do snooping to see if a 2-phase job has
      transitioned into the second phase, for an optimization in the
      case of old qemu that lacked an event for the transition.  I
      claim this optimization is safe (the jobs are all about modifying
      qemu state, not necessarily xml state); but if it proves to be
      a problem, we could use the difference between the capabilities
      QEMU_CAPS_BLOCKJOB_{ASYNC,SYNC} to determine whether we even
      need snooping, and only request a modifying job in the case of
      older qemu.
      
      * src/qemu/qemu_driver.c (qemuDomainBlockJobImpl): Move info
      handling...
      (qemuDomainGetBlockJobInfo): ...here, and relax job type.
      (qemuDomainBlockJobAbort, qemuDomainBlockJobSetSpeed)
      (qemuDomainBlockRebase, qemuDomainBlockPull): Adjust callers.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      cefe0ba3
    • E
      blockjob: shuffle block rebase code · 02d2bd7d
      Eric Blake 提交于
      The existing virDomainBlockRebase code rejected the combination of
      _RELATIVE and _COPY flags, but only by accident.  It makes sense
      to add support for the combination someday, at least for the case
      of _SHALLOW and not _REUSE_EXT; but to implement it, libvirt would
      have to pre-create the file with a relative backing name, and I'm
      not ready to code that in yet.
      
      Meanwhile, the code to forward on to the block copy code is getting
      longer, and reorganizing the function to have the block pull done
      early makes it easier to add even more block copy prep code.
      
      This patch should have no semantic difference other than the quality
      of the error message on the unsupported flag combination.  Pre-patch:
      
      error: unsupported flags (0x10) in function qemuDomainBlockCopy
      
      Post-patch:
      
      error: argument unsupported: Relative backing during copy not supported yet
      
      * src/qemu/qemu_driver.c (qemuDomainBlockRebase): Reorder code,
      and improve error message of relative copy.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      02d2bd7d
    • E
      maint: tighten curly brace syntax checking · bc7e63d3
      Eric Blake 提交于
      Now that hanging brace offenders have been fixed, we can automate
      the check, and document our style.  Done as a separate commit from
      code changes, to make it easier to just backport code changes, if
      that is ever needed.
      
      * cfg.mk (sc_curly_braces_style): Catch hanging braces.
      * docs/hacking.html.in: Document it.
      * HACKING: Regenerate.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      bc7e63d3
    • E
      maint: use hanging curly braces · 625e04a8
      Eric Blake 提交于
      Our style overwhelmingly uses hanging braces (the open brace
      hangs at the end of the compound condition, rather than on
      its own line), with the primary exception of the top level function
      body.  Fix the few remaining outliers, before adding a syntax
      check in a later patch.
      
      * src/interface/interface_backend_netcf.c (netcfStateReload)
      (netcfInterfaceClose, netcf_to_vir_err): Correct use of { in
      compound statement.
      * src/conf/domain_conf.c (virDomainHostdevDefFormatSubsys)
      (virDomainHostdevDefFormatCaps): Likewise.
      * src/network/bridge_driver.c (networkAllocateActualDevice):
      Likewise.
      * src/util/virfile.c (virBuildPathInternal): Likewise.
      * src/util/virnetdev.c (virNetDevGetVirtualFunctions): Likewise.
      * src/util/virnetdevmacvlan.c
      (virNetDevMacVLanVPortProfileCallback): Likewise.
      * src/util/virtypedparam.c (virTypedParameterAssign): Likewise.
      * src/util/virutil.c (virGetWin32DirectoryRoot)
      (virFileWaitForDevices): Likewise.
      * src/vbox/vbox_common.c (vboxDumpNetwork): Likewise.
      * tests/seclabeltest.c (main): Likewise.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      625e04a8
    • E
      maint: enforce previous if-else {} cleanups · 143cfa8e
      Eric Blake 提交于
      Done as a separate commit in case earlier cleanups are backported
      independently.
      
      * cfg.mk (sc_require_space_before_label): New rule.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      143cfa8e
    • E
      maint: use consistent if-else braces in remaining spots · d194d6e7
      Eric Blake 提交于
      I'm about to add a syntax check that enforces our documented
      HACKING style of always using matching {} on if-else statements.
      
      This patch focuses on all remaining problems, where there weren't
      enough issues to warrant splitting it further.
      
      * src/remote/remote_driver.c (doRemoteOpen): Correct use of {}.
      * src/security/virt-aa-helper.c (vah_add_path, valid_path, main):
      Likewise.
      * src/rpc/virnetsocket.c (virNetSocketNewConnectLibSSH2):
      Likewise.
      * src/esx/esx_vi_types.c (esxVI_Type_FromString): Likewise.
      * src/uml/uml_driver.c (umlDomainDetachDevice): Likewise.
      * src/util/viralloc.c (virShrinkN): Likewise.
      * src/util/virbuffer.c (virBufferURIEncodeString): Likewise.
      * src/util/virdbus.c (virDBusCall): Likewise.
      * src/util/virnetdev.c (virNetDevValidateConfig): Likewise.
      * src/util/virnetdevvportprofile.c
      (virNetDevVPortProfileGetNthParent): Likewise.
      * src/util/virpci.c (virPCIDeviceIterDevices)
      (virPCIDeviceWaitForCleanup)
      (virPCIDeviceIsBehindSwitchLackingACS): Likewise.
      * src/util/virsocketaddr.c (virSocketAddrGetNumNetmaskBits):
      Likewise.
      * src/util/viruri.c (virURIParseParams): Likewise.
      * daemon/stream.c (daemonStreamHandleAbort): Likewise.
      * tests/testutils.c (virtTestResult): Likewise.
      * tests/cputest.c (cpuTestBaseline): Likewise.
      * tools/virsh-domain.c (cmdDomPMSuspend): Likewise.
      * tools/virsh-host.c (cmdNodeSuspend): Likewise.
      * src/esx/esx_vi_generator.py (Type.generate_typefromstring):
      Tweak generated code.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      d194d6e7
  2. 04 9月, 2014 14 次提交
    • E
      maint: use consistent if-else braces in lxc, vbox, phyp · 279b1b10
      Eric Blake 提交于
      I'm about to add a syntax check that enforces our documented
      HACKING style of always using matching {} on if-else statements.
      
      This patch focuses on drivers that had several issues.
      
      * src/lxc/lxc_fuse.c (lxcProcGetattr, lxcProcReadMeminfo): Correct
      use of {}.
      * src/lxc/lxc_driver.c (lxcDomainMergeBlkioDevice): Likewise.
      * src/phyp/phyp_driver.c (phypConnectNumOfDomainsGeneric)
      (phypUUIDTable_Init, openSSHSession, phypStoragePoolListVolumes)
      (phypConnectListStoragePools, phypDomainSetVcpusFlags)
      (phypStorageVolGetXMLDesc, phypStoragePoolGetXMLDesc)
      (phypConnectListDefinedDomains): Likewise.
      * src/vbox/vbox_common.c (vboxAttachSound, vboxDumpDisplay)
      (vboxDomainRevertToSnapshot, vboxDomainSnapshotDelete): Likewise.
      * src/vbox/vbox_tmpl.c (vboxStorageVolGetXMLDesc): Likewise.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      279b1b10
    • E
      maint: use consistent if-else braces in xen and friends · fb6d6507
      Eric Blake 提交于
      I'm about to add a syntax check that enforces our documented
      HACKING style of always using matching {} on if-else statements.
      
      This patch focuses on code related to xen.
      
      * src/libxl/libxl_conf.c (libxlCapsInitGuests)
      (libxlMakeDomBuildInfo): Correct use of {}.
      * src/xen/xen_hypervisor.c (virXen_getvcpusinfo)
      (xenHypervisorMakeCapabilitiesInternal): Likewise.
      * src/xen/xend_internal.c (xenDaemonOpen)
      (xenDaemonDomainMigratePerform, xend_detect_config_version)
      (xenDaemonDetachDeviceFlags, xenDaemonDomainMigratePerform)
      (xenDaemonDomainBlockPeek): Likewise.
      * src/xenapi/xenapi_driver.c (xenapiConnectListDomains)
      (xenapiDomainLookupByUUID, xenapiDomainGetOSType): Likewise.
      * src/xenconfig/xen_common.c (xenParseCPUFeatures, xenFormatNet):
      Likewise.
      * src/xenconfig/xen_sxpr.c (xenParseSxpr, xenFormatSxprNet)
      (xenFormatSxpr): Likewise.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      fb6d6507
    • E
      maint: use consistent if-else braces in qemu · 44e30277
      Eric Blake 提交于
      I'm about to add a syntax check that enforces our documented
      HACKING style of always using matching {} on if-else statements.
      
      This commit focuses on the qemu driver.
      
      * src/qemu/qemu_command.c (qemuParseISCSIString)
      (qemuParseCommandLineDisk, qemuParseCommandLine)
      (qemuBuildSmpArgStr, qemuBuildCommandLine)
      (qemuParseCommandLineDisk, qemuParseCommandLineSmp): Correct use
      of {}.
      * src/qemu/qemu_capabilities.c (virQEMUCapsProbeCPUModels):
      Likewise.
      * src/qemu/qemu_driver.c (qemuDomainCoreDumpWithFormat)
      (qemuDomainRestoreFlags, qemuDomainGetInfo)
      (qemuDomainMergeBlkioDevice): Likewise.
      * src/qemu/qemu_hotplug.c (qemuDomainAttachNetDevice): Likewise.
      * src/qemu/qemu_monitor_text.c (qemuMonitorTextCreateSnapshot)
      (qemuMonitorTextLoadSnapshot, qemuMonitorTextDeleteSnapshot):
      Likewise.
      * src/qemu/qemu_process.c (qemuProcessStop): Likewise.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      44e30277
    • E
      maint: use consistent if-else braces in conf and friends · ff78ff7c
      Eric Blake 提交于
      I'm about to add a syntax check that enforces our documented
      HACKING style of always using matching {} on if-else statements.
      
      This patch focuses on code shared between multiple drivers.
      
      * src/conf/domain_conf.c (virDomainFSDefParseXML)
      (virSysinfoParseXML, virDomainNetDefParseXML)
      (virDomainWatchdogDefParseXML)
      (virDomainRedirFilterUSBDevDefParseXML): Correct use of {}.
      * src/conf/interface_conf.c (virInterfaceDefParseDhcp)
      (virInterfaceDefParseIp, virInterfaceVlanDefFormat)
      (virInterfaceDefParseStartMode, virInterfaceDefParseBondMode)
      (virInterfaceDefParseBondMiiCarrier)
      (virInterfaceDefParseBondArpValid): Likewise.
      * src/conf/node_device_conf.c (virNodeDevCapStorageParseXML):
      Likewise.
      * src/conf/nwfilter_conf.c (virNWFilterRuleDetailsParse)
      (virNWFilterRuleParse, virNWFilterDefParseXML): Likewise.
      * src/conf/secret_conf.c (secretXMLParseNode): Likewise.
      * src/cpu/cpu_x86.c (x86Baseline, x86FeatureLoad, x86ModelLoad):
      Likewise.
      * src/network/bridge_driver.c (networkKillDaemon)
      (networkDnsmasqConfContents): Likewise.
      * src/node_device/node_device_hal.c (dev_refresh): Likewise.
      * src/nwfilter/nwfilter_gentech_driver.c (virNWFilterInstantiate):
      Likewise.
      * src/nwfilter/nwfilter_ebiptables_driver.c
      (_iptablesCreateRuleInstance): Likewise.
      * src/storage/storage_backend_disk.c
      (virStorageBackendDiskBuildPool): Likewise.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      ff78ff7c
    • C
      LXC: add HOME environment variable · 3020594a
      Chen Hanxiao 提交于
      We lacked of HOME environment variable,
      set 'HOME=/' as default.
      
      The kernel sets up $HOME for the init process.
      Therefore any init can assume that $HOME is set.
      libvirt currently violates that implicit rule.
      Signed-off-by: NChen Hanxiao <chenhanxiao@cn.fujitsu.com>
      Signed-off-by: NEric Blake <eblake@redhat.com>
      3020594a
    • F
      apparmor: allow reading cap_last_cap · 2311e5c4
      Felix Geyer 提交于
      libcap-ng >= 0.7.4 fails when it can't read /sys/kernel/cap_last_cap
      and thus running a qemu guest fails.
      
      Allow reading cap_last_cap in the libvirt-qemu apparmor abstraction.
      Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
      2311e5c4
    • G
    • G
      security: fix DH key generation when FIPS mode is on · ab220967
      Giuseppe Scrivano 提交于
      When FIPS mode is on, gnutls_dh_params_generate2 will fail if 1024 is
      specified as the prime's number of bits, a bigger value works in both
      cases.
      Signed-off-by: NGiuseppe Scrivano <gscrivan@redhat.com>
      ab220967
    • W
      lxc_container: Resolve Coverity RESOURCE_LEAK · 5bb47e0c
      Wang Rui 提交于
      Memory is allocated for 'mnt_src' by VIR_STRDUP in the loop. Next
      loop it will be allocated again. So we need to free 'mnt_src'
      before continue the loop.
      Signed-off-by: NWang Rui <moon.wangrui@huawei.com>
      5bb47e0c
    • W
      vircgroup: Resolve Coverity RESOURCE_LEAK · d01a062b
      Wang Rui 提交于
      Need to free 'root' and 'opts' before 'return -1' if symlink fails.
      Signed-off-by: NWang Rui <moon.wangrui@huawei.com>
      d01a062b
    • W
      qemu_process: Resolve Coverity RESOURCE_LEAK · 4f2ad084
      Wang Rui 提交于
      If virSecurityManagerClearSocketLabel() fails, 'agent' won't
      be freed before jumping to cleanup.
      Signed-off-by: NWang Rui <moon.wangrui@huawei.com>
      4f2ad084
    • W
      remote: Resolve Coverity RESOURCE_LEAK · 3bd46c81
      Wang Rui 提交于
      Need to free 'uri_out' on error path.
      Signed-off-by: NWang Rui <moon.wangrui@huawei.com>
      3bd46c81
    • W
      test_conf: Resolve Coverity RESOURCE_LEAK · 89060bd9
      Wang Rui 提交于
      If the condition 'ret < 0' is true, the code will jump to
      'cleanup' and 'conf' won't be freed.
      Signed-off-by: NWang Rui <moon.wangrui@huawei.com>
      89060bd9
    • W
      tests: Resolve Coverity RESOURCE_LEAK in commandhelper · cd2d7c6c
      Wang Rui 提交于
      Coverity determined that 'log' and 'newenv' were not freed in
      some cases. Free them in 'error' branch and normal branch.
      Signed-off-by: NWang Rui <moon.wangrui@huawei.com>
      cd2d7c6c
  3. 03 9月, 2014 5 次提交
  4. 02 9月, 2014 5 次提交
  5. 01 9月, 2014 3 次提交
    • E
      blockcopy: allow larger buf-size · 0e4b49a0
      Eric Blake 提交于
      While qemu definitely caps granularity to 64 MiB, it places no
      limits on buf-size.  On a machine beefy enough for lots of
      memory, a buf-size larger than 2 GiB is feasible, so we should
      pass a 64-bit parameter.
      
      * include/libvirt/libvirt.h.in (VIR_DOMAIN_BLOCK_COPY_BUF_SIZE):
      Allow 64 bits.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      Signed-off-by: NJiri Denemark <jdenemar@redhat.com>
      0e4b49a0
    • M
      selinux: properly label tap FDs with imagelabel · a4431931
      Martin Kletzander 提交于
      The cleanup in commit cf976d9d used secdef->label to label the tap
      FDs, but that is not possible since it's process-only label (svirt_t)
      and not a object label (e.g. svirt_image_t).  Starting a domain failed
      with EPERM, but simply using secdef->imagelabel instead of
      secdef->label fixes it.
      Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
      a4431931
    • C
      Fix connection to already running session libvirtd · 0f03ca6d
      Christophe Fergeau 提交于
      Since 1b807f92, connecting with virsh to an already running session
      libvirtd fails with:
      $ virsh list --all
      error: failed to connect to the hypervisor
      error: no valid connection
      error: Failed to connect socket to
      '/run/user/1000/libvirt/libvirt-sock': Transport endpoint is already
      connected
      
      This is caused by a logic error in virNetSocketNewConnectUnix: even if
      the connection to the daemon socket succeeded, we still try to spawn the
      daemon and then connect to it.
      This commit changes the logic to not try to spawn libvirtd if we
      successfully connected to its socket.
      
      Most of this commit is whitespace changes, use of -w is recommended to
      look at it.
      0f03ca6d
  6. 30 8月, 2014 1 次提交
    • R
      storage: zfs: fix double listing of new volumes · c4d2a102
      Roman Bogorodskiy 提交于
      Currently, after calling commands to create a new volumes,
      virStorageBackendZFSCreateVol calls virStorageBackendZFSFindVols that
      calls virStorageBackendZFSParseVol.
      
      virStorageBackendZFSParseVol checks if a volume already exists by
      trying to get it using virStorageVolDefFindByName.
      
      For a just created volume it returns NULL, so volume is reported as
      new and appended to pool->volumes. This causes a volume to be listed
      twice as storageVolCreateXML appends this new volume to the list as
      well.
      
      Fix that by passing a new volume definition to
      virStorageBackendZFSParseVol so it could determine if it needs to add
      this volume to the list.
      c4d2a102
  7. 29 8月, 2014 5 次提交
    • J
      qemu_driver: Resolve Coverity FORWARD_NULL · 5c0dad7b
      John Ferlan 提交于
      In qemuDomainSnapshotCreateDiskActive() if we jumped to cleanup from a
      failed actions = virJSONValueNewArray(), then 'cfg' would be NULL.
      
      So just return -1, which in turn removes the need for cleanup:
      5c0dad7b
    • J
      virnetserverservice: Resolve Coverity ARRAY_VS_SINGLETON · e387f4c1
      John Ferlan 提交于
      Coverity complained about the following:
      
      (3) Event ptr_arith:
         Performing pointer arithmetic on "cur_fd" in expression "cur_fd++".
      130             return virNetServerServiceNewFD(*cur_fd++,
      
      The complaint is that pointer arithmetic taking place instead of the
      expected auto increment of the variable...  Adding some well placed
      parentheses ensures our order of operation.
      e387f4c1
    • J
      qemu: Allow use of iothreads for disk definitions · ef8da2ad
      John Ferlan 提交于
      For virtio-blk-pci disks with the disk iothread attribute that are
      running the correct emulator, add the "iothread=iothread#" to the
      -device command line in order to enable iothreads for the disk as
      long as the command is available, the disk iothread value provided is
      valid, and is supported for the disk device being added
      ef8da2ad
    • J
      domain_conf: Add support for iothreads in disk definition · e2523de5
      John Ferlan 提交于
      Add a new disk "driver" attribute "iothread" to be parsed as the thread
      number for the disk to use. In order to more easily facilitate the usage
      and configuration of the iothread, a "zero" for the attribute indicates
      iothreads are not supported for the device and a positive value indicates
      the specific thread to try and use.
      e2523de5
    • J
      qemu: Add support for iothreads · 72edaae7
      John Ferlan 提交于
      Add a new capability to ensure the iothreads feature exists for the qemu
      emulator being run - requires the "query-iothreads" QMP command. Using the
      domain XML add correspoding command argument in order to generate the
      threads. The iothreads will use a name space "iothread#" where, the
      future patch to add support for using an iothread to a disk definition to
      merely define which of the available threads to use.
      
      Add tests to ensure the xml/argv processing is correct.  Note that no
      change was made to qemuargv2xmltest.c as processing the -object element
      would require knowing more than just iothreads.
      72edaae7