[libvirt] [PATCH] Fix handling of security driver restore failures in QEMU domain save
by Daniel P. Berrange
In cases where the security driver failed to restore a label after a
guest has saved, we mistakenly jumped to the error cleanup paths.
This is not good, because the operation has in fact completed and
cannot be rolled back completely. Label restore is non-critical, so
just log the problem instead. Also add a missing restore call in
the error cleanup path
* src/qemu/qemu_driver.c: Fix handling of security driver
restore failures in QEMU domain save
---
src/qemu/qemu_driver.c | 48 +++++++++++++++++++++++++-----------------------
1 files changed, 25 insertions(+), 23 deletions(-)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index faecfb7..862c030 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -5052,16 +5052,13 @@ static int qemudDomainSaveFlag(virDomainPtr dom, const char *path,
driver->securityDriver &&
driver->securityDriver->domainRestoreSavedStateLabel &&
driver->securityDriver->domainRestoreSavedStateLabel(vm, path) == -1)
- goto endjob;
+ VIR_WARN("failed to restore save state label on %s", path);
if (cgroup != NULL) {
rc = virCgroupDenyDevicePath(cgroup, path);
- if (rc != 0) {
- virReportSystemError(-rc,
- _("Unable to deny device %s for %s"),
- path, vm->def->name);
- goto endjob;
- }
+ if (rc != 0)
+ VIR_WARN("Unable to deny device %s for %s %d",
+ path, vm->def->name, rc);
}
ret = 0;
@@ -5080,24 +5077,29 @@ static int qemudDomainSaveFlag(virDomainPtr dom, const char *path,
endjob:
if (vm) {
- if (ret != 0 && header.was_running && priv->mon) {
- qemuDomainObjEnterMonitorWithDriver(driver, vm);
- rc = qemuMonitorStartCPUs(priv->mon, dom->conn);
- qemuDomainObjExitMonitorWithDriver(driver, vm);
- if (rc < 0)
- VIR_WARN0("Unable to resume guest CPUs after save failure");
- else
- vm->state = VIR_DOMAIN_RUNNING;
- }
+ if (ret != 0) {
+ if (header.was_running && priv->mon) {
+ qemuDomainObjEnterMonitorWithDriver(driver, vm);
+ rc = qemuMonitorStartCPUs(priv->mon, dom->conn);
+ qemuDomainObjExitMonitorWithDriver(driver, vm);
+ if (rc < 0)
+ VIR_WARN0("Unable to resume guest CPUs after save failure");
+ else
+ vm->state = VIR_DOMAIN_RUNNING;
+ }
- if (ret != 0 && cgroup != NULL) {
- rc = virCgroupDenyDevicePath(cgroup, path);
- if (rc != 0) {
- virReportSystemError(-rc,
- _("Unable to deny device %s for %s"),
- path, vm->def->name);
- goto endjob;
+ if (cgroup != NULL) {
+ rc = virCgroupDenyDevicePath(cgroup, path);
+ if (rc != 0)
+ VIR_WARN("Unable to deny device %s for %s: %d",
+ path, vm->def->name, rc);
}
+
+ if ((!bypassSecurityDriver) &&
+ driver->securityDriver &&
+ driver->securityDriver->domainRestoreSavedStateLabel &&
+ driver->securityDriver->domainRestoreSavedStateLabel(vm, path) == -1)
+ VIR_WARN("failed to restore save state label on %s", path);
}
if (qemuDomainObjEndJob(vm) == 0)
--
1.6.5.2
14 years, 7 months
[libvirt] Error saving/restoring VM with attached disks
by Shi Jin
Hi there,
I have been playing with libvirt/KVM on saving the VM to a checkpoint file and restoring it from this file. It has worked very well for me on my RHEL-5.5 setup, until I added hot-plugged volumes.
If I add a volume to a running VM using "virsh attach-disk" and then call "virsh save". The checkpoint file was successfully written and VM stopped.
However, I get errors restoring it with "virsh restore":
$ virsh restore checkpoint
error: Failed to restore domain from checkpoint
error: operation failed: failed to start VM
I did two thinngs to narrow down the problem:
1. If I manually remove the lines of attached volume from the checkpoint file, then it restores fine.
2. If I have the additioinal volumes in the original XML template instead of hot-plugging them on the fly, the save/restore work very well.
So I think the problem is in save/restore hot-plugged volumes.
Do you think this is a bug or an expected behaviour?
Should I file a bug report? Any fix already?
Thank you very much.
Shi
--
Shi Jin, PhD
14 years, 7 months
[libvirt] [PATCH] cygwin: Check explicitly for getmntent_r
by Matthias Bolte
Cygwin has mntent.h but lacks getmntent_r. Update preprocessor
checks to catch this combination.
---
src/qemu/qemu_conf.c | 2 +-
src/util/cgroup.c | 10 +++++-----
src/util/util.c | 8 ++++----
3 files changed, 10 insertions(+), 10 deletions(-)
diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
index 2cbcc4f..ed24916 100644
--- a/src/qemu/qemu_conf.c
+++ b/src/qemu/qemu_conf.c
@@ -114,7 +114,7 @@ int qemudLoadDriverConfig(struct qemud_driver *driver,
return -1;
}
-#ifdef HAVE_MNTENT_H
+#if defined HAVE_MNTENT_H && defined HAVE_GETMNTENT_R
/* For privileged driver, try and find hugepage mount automatically.
* Non-privileged driver requires admin to create a dir for the
* user, chown it, and then let user configure it manually */
diff --git a/src/util/cgroup.c b/src/util/cgroup.c
index 4cb09b6..b649c3c 100644
--- a/src/util/cgroup.c
+++ b/src/util/cgroup.c
@@ -12,7 +12,7 @@
#include <stdio.h>
#include <stdint.h>
-#ifdef HAVE_MNTENT_H
+#if defined HAVE_MNTENT_H && defined HAVE_GETMNTENT_R
# include <mntent.h>
#endif
#include <fcntl.h>
@@ -69,7 +69,7 @@ void virCgroupFree(virCgroupPtr *group)
VIR_FREE(*group);
}
-#ifdef HAVE_MNTENT_H
+#if defined HAVE_MNTENT_H && defined HAVE_GETMNTENT_R
/*
* Process /proc/mounts figuring out what controllers are
* mounted and where
@@ -403,7 +403,7 @@ out:
}
-#ifdef HAVE_MNTENT_H
+#if defined HAVE_MNTENT_H && defined HAVE_GETMNTENT_R
static int virCgroupCpuSetInherit(virCgroupPtr parent, virCgroupPtr group)
{
int i;
@@ -628,7 +628,7 @@ int virCgroupAddTask(virCgroupPtr group, pid_t pid)
*
* Returns 0 on success
*/
-#ifdef HAVE_MNTENT_H
+#if defined HAVE_MNTENT_H && defined HAVE_GETMNTENT_R
int virCgroupForDriver(const char *name,
virCgroupPtr *group,
int privileged,
@@ -682,7 +682,7 @@ int virCgroupForDriver(const char *name ATTRIBUTE_UNUSED,
*
* Returns 0 on success
*/
-#ifdef HAVE_MNTENT_H
+#if defined HAVE_MNTENT_H && defined HAVE_GETMNTENT_R
int virCgroupForDomain(virCgroupPtr driver,
const char *name,
virCgroupPtr *group,
diff --git a/src/util/util.c b/src/util/util.c
index 99383d1..a7bb67c 100644
--- a/src/util/util.c
+++ b/src/util/util.c
@@ -61,7 +61,7 @@
#if HAVE_CAPNG
# include <cap-ng.h>
#endif
-#ifdef HAVE_MNTENT_H
+#if defined HAVE_MNTENT_H && defined HAVE_GETMNTENT_R
# include <mntent.h>
#endif
@@ -2716,7 +2716,7 @@ int virGetGroupID(const char *name ATTRIBUTE_UNUSED,
#endif /* HAVE_GETPWUID_R */
-#ifdef HAVE_MNTENT_H
+#if defined HAVE_MNTENT_H && defined HAVE_GETMNTENT_R
/* search /proc/mounts for mount point of *type; return pointer to
* malloc'ed string of the path if found, otherwise return NULL
* with errno set to an appropriate value.
@@ -2748,7 +2748,7 @@ cleanup:
return ret;
}
-#else /* HAVE_MNTENT_H */
+#else /* defined HAVE_MNTENT_H && defined HAVE_GETMNTENT_R */
char *
virFileFindMountPoint(const char *type ATTRIBUTE_UNUSED)
@@ -2758,7 +2758,7 @@ virFileFindMountPoint(const char *type ATTRIBUTE_UNUSED)
return NULL;
}
-#endif /* HAVE_MNTENT_H */
+#endif /* defined HAVE_MNTENT_H && defined HAVE_GETMNTENT_R */
#ifndef PROXY
# if defined(UDEVADM) || defined(UDEVSETTLE)
--
1.6.3.3
14 years, 7 months
[libvirt] [PATCH] Some NWFilter symbols are conditional and have to be exported conditional
by Matthias Bolte
---
src/Makefile.am | 7 ++++++-
src/libvirt_nwfilter.syms | 14 ++++++++++++++
src/libvirt_private.syms | 13 +------------
3 files changed, 21 insertions(+), 13 deletions(-)
create mode 100644 src/libvirt_nwfilter.syms
diff --git a/src/Makefile.am b/src/Makefile.am
index 66dc349..17b2226 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -884,6 +884,10 @@ if WITH_LIBVIRTD
USED_SYM_FILES += libvirt_daemon.syms
endif
+if WITH_NWFILTER
+USED_SYM_FILES += libvirt_nwfilter.syms
+endif
+
EXTRA_DIST += \
libvirt_public.syms \
libvirt_private.syms \
@@ -891,7 +895,8 @@ EXTRA_DIST += \
libvirt_bridge.syms \
libvirt_linux.syms \
libvirt_macvtap.syms \
- libvirt_daemon.syms
+ libvirt_daemon.syms \
+ libvirt_nwfilter.syms
BUILT_SOURCES += libvirt.syms libvirt.def
diff --git a/src/libvirt_nwfilter.syms b/src/libvirt_nwfilter.syms
new file mode 100644
index 0000000..106415f
--- /dev/null
+++ b/src/libvirt_nwfilter.syms
@@ -0,0 +1,14 @@
+#
+# These symbols are dependent on WITH_NWFILTER.
+#
+
+
+# nwfilter_gentech_driver.h
+virNWFilterInstantiateFilter;
+virNWFilterTeardownFilter;
+
+
+# nwfilter_learnipaddr.h
+virNWFilterGetIpAddrForIfname;
+virNWFilterDelIpAddrForIfname;
+virNWFilterLookupLearnReq;
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 7950bcd..f8e9d01 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -502,7 +502,7 @@ virNWFilterLockFilterUpdates;
virNWFilterUnlockFilterUpdates;
-#nwfilter_params.h
+# nwfilter_params.h
virNWFilterHashTableCreate;
virNWFilterHashTableFree;
virNWFilterHashTablePut;
@@ -510,17 +510,6 @@ virNWFilterHashTablePutAll;
virNWFilterHashTableRemoveEntry;
-# nwfilter_gentech_driver.h
-virNWFilterInstantiateFilter;
-virNWFilterTeardownFilter;
-
-
-# nwfilter_learnipaddr.h
-virNWFilterGetIpAddrForIfname;
-virNWFilterDelIpAddrForIfname;
-virNWFilterLookupLearnReq;
-
-
# pci.h
pciGetDevice;
pciFreeDevice;
--
1.6.3.3
14 years, 7 months
[libvirt] [PATCH] xen: Fix inside_daemon being unused when libvirtd is disabled
by Matthias Bolte
The defined __sun is there, because inside_daemon is used in xenUnifiedOpen
if __sun is defined. Also initialize it to 0.
---
src/xen/xen_driver.c | 4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)
diff --git a/src/xen/xen_driver.c b/src/xen/xen_driver.c
index 5ab169d..b16a16a 100644
--- a/src/xen/xen_driver.c
+++ b/src/xen/xen_driver.c
@@ -70,7 +70,9 @@ static struct xenUnifiedDriver const * const drivers[XEN_UNIFIED_NR_DRIVERS] = {
#endif
};
-static int inside_daemon;
+#if defined WITH_LIBVIRTD || defined __sun
+static int inside_daemon = 0;
+#endif
#define xenUnifiedError(code, ...) \
virReportErrorHelper(NULL, VIR_FROM_XEN, code, __FILE__, \
--
1.6.3.3
14 years, 7 months
[libvirt] [PATCH] Disable stateful OpenNebula driver if libvirtd is disabled
by Matthias Bolte
Also move the equivalent checks for LXC and UML before their header
checks. This way configure doesn't check for the headers when the driver
gets disabled anyway.
---
configure.ac | 15 +++++++++------
1 files changed, 9 insertions(+), 6 deletions(-)
diff --git a/configure.ac b/configure.ac
index e34f417..aeab7d9 100644
--- a/configure.ac
+++ b/configure.ac
@@ -484,6 +484,9 @@ AC_CHECK_HEADERS([linux/kvm.h])
dnl
dnl check for sufficient headers for LXC
dnl
+if test "$with_libvirtd" = "no" ; then
+ with_lxc=no
+fi
if test "$with_lxc" = "yes" || test "$with_lxc" = "check"; then
AC_CHECK_HEADER([sched.h],
dnl Header is there, check for unshare()
@@ -514,9 +517,6 @@ if test "$with_lxc" = "yes" || test "$with_lxc" = "check"; then
])
fi
-if test "$with_libvirtd" = "no" ; then
- with_lxc=no
-fi
if test "$with_lxc" = "yes" ; then
AC_DEFINE_UNQUOTED([WITH_LXC], 1, [whether LXC driver is enabled])
fi
@@ -538,6 +538,9 @@ PKG_PROG_PKG_CONFIG
dnl OpenNebula driver Compilation setting
dnl
+if test "$with_libvirtd" = "no" ; then
+ with_one=no
+fi
XMLRPC_CFLAGS=
XMLRPC_LIBS=
if test "x$with_one" = "xyes" || test "x$with_one" = "xcheck"; then
@@ -1071,6 +1074,9 @@ dnl
dnl Checks for the UML driver
dnl
+if test "$with_libvirtd" = "no" ; then
+ with_uml=no
+fi
if test "$with_uml" = "yes" || test "$with_uml" = "check"; then
AC_CHECK_HEADER([sys/inotify.h], [
with_uml=yes
@@ -1083,9 +1089,6 @@ if test "$with_uml" = "yes" || test "$with_uml" = "check"; then
fi
])
fi
-if test "$with_libvirtd" = "no" ; then
- with_uml=no
-fi
if test "$with_uml" = "yes" ; then
AC_DEFINE_UNQUOTED([WITH_UML], 1, [whether UML driver is enabled])
fi
--
1.6.3.3
14 years, 7 months
[libvirt] [PATCH] Improve configure error message about missing Linux headers
by Matthias Bolte
---
configure.ac | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/configure.ac b/configure.ac
index 99bc906..e34f417 100644
--- a/configure.ac
+++ b/configure.ac
@@ -528,7 +528,7 @@ dnl check for kernel headers required by src/bridge.c
dnl
if test "$with_qemu" = "yes" || test "$with_lxc" = "yes" ; then
AC_CHECK_HEADERS([linux/param.h linux/sockios.h linux/if_bridge.h linux/if_tun.h],,
- AC_MSG_ERROR([You must install kernel-headers in order to compile libvirt]))
+ AC_MSG_ERROR([You must install kernel-headers in order to compile libvirt with QEMU or LXC support]))
fi
--
1.6.3.3
14 years, 7 months
[libvirt] [PATCH] build: don't include winsock2.h on cygwin
by Eric Blake
Under cygwin, winsock2.h is intentionally incompatible with,
<sys/socket.h>, and checking for existence is wrong.
Under mingw, HAVE_WINSOCK2_H is defined on our behalf by
gnulib, in a way that does not interfere with cygwin.
* configure.ac: Drop unnecessary header check.
Reported by Matthias Bolte.
---
configure.ac | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/configure.ac b/configure.ac
index 99bc906..deaa697 100644
--- a/configure.ac
+++ b/configure.ac
@@ -112,7 +112,8 @@ dnl Availability of various not common threadsafe functions
AC_CHECK_FUNCS([strerror_r strtok_r getmntent_r getgrnam_r getpwuid_r])
dnl Availability of various common headers (non-fatal if missing).
-AC_CHECK_HEADERS([pwd.h paths.h regex.h sys/syslimits.h sys/utsname.h sys/wait.h winsock2.h sched.h termios.h sys/poll.h syslog.h mntent.h net/ethernet.h])
+AC_CHECK_HEADERS([pwd.h paths.h regex.h sys/syslimits.h sys/utsname.h
+ sys/wait.h sched.h termios.h sys/poll.h syslog.h mntent.h net/ethernet.h])
dnl Where are the XDR functions?
dnl If portablexdr is installed, prefer that.
--
1.6.6.1
14 years, 7 months
[libvirt] [RESEND] qemu_monitor_json: Drop timestamp from command object
by Luiz Capitulino
It's not needed and is currently ignored, but this is a bug.
It will get fixed soon and QMP will return an error for keys
it doesn't know about, this will break libvirt.
Signed-off-by: Luiz Capitulino <lcapitulino(a)redhat.com>
---
src/qemu/qemu_monitor_json.c | 34 ----------------------------------
1 files changed, 0 insertions(+), 34 deletions(-)
diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c
index 96f246f..7c8387d 100644
--- a/src/qemu/qemu_monitor_json.c
+++ b/src/qemu/qemu_monitor_json.c
@@ -356,37 +356,6 @@ qemuMonitorJSONHasError(virJSONValuePtr reply,
return STREQ(klass, thisklass);
}
-static int
-qemuMonitorJSONCommandAddTimestamp(virJSONValuePtr obj)
-{
- struct timeval tv;
- virJSONValuePtr timestamp = NULL;
-
- if (gettimeofday(&tv, NULL) < 0) {
- virReportSystemError(errno, "%s",
- _("cannot query time of day"));
- return -1;
- }
-
- if (!(timestamp = virJSONValueNewObject()))
- goto no_memory;
-
- if (virJSONValueObjectAppendNumberLong(timestamp, "seconds", tv.tv_sec) < 0)
- goto no_memory;
- if (virJSONValueObjectAppendNumberLong(timestamp, "microseconds", tv.tv_usec) < 0)
- goto no_memory;
-
- if (virJSONValueObjectAppend(obj, "timestamp", timestamp) < 0)
- goto no_memory;
-
- return 0;
-
-no_memory:
- virReportOOMError();
- virJSONValueFree(timestamp);
- return -1;
-}
-
static virJSONValuePtr ATTRIBUTE_SENTINEL
qemuMonitorJSONMakeCommand(const char *cmdname,
...)
@@ -404,9 +373,6 @@ qemuMonitorJSONMakeCommand(const char *cmdname,
if (virJSONValueObjectAppendString(obj, "execute", cmdname) < 0)
goto no_memory;
- if (qemuMonitorJSONCommandAddTimestamp(obj) < 0)
- goto error;
-
while ((key = va_arg(args, char *)) != NULL) {
int ret;
char type;
--
1.7.1.rc1.12.ga6018
14 years, 7 months
