[libvirt] [PATCH] Don't overwrite useful message when creating macvlan fails
by Daniel P. Berrange
From: "Daniel P. Berrange" <berrange(a)redhat.com>
Currently we report a bogus error message when macvlan
creation fails:
error: Failed to start domain migtest
error: operation failed: Unable to create macvlan device
With this removed, we see the real error:
error: Failed to start domain migtest
error: Unable to get index for interface p31p1: No such device
Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com>
---
src/util/virnetdevmacvlan.c | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/src/util/virnetdevmacvlan.c b/src/util/virnetdevmacvlan.c
index 0c4fcbd..5316520 100644
--- a/src/util/virnetdevmacvlan.c
+++ b/src/util/virnetdevmacvlan.c
@@ -897,11 +897,8 @@ create_name:
}
virMutexUnlock(&virNetDevMacVLanCreateMutex);
- if (!cr_ifname) {
- virReportError(VIR_ERR_OPERATION_FAILED, "%s",
- _("Unable to create macvlan device"));
+ if (!cr_ifname)
return -1;
- }
}
if (virNetDevVPortProfileAssociate(cr_ifname,
--
1.8.2.1
11 years, 6 months
[libvirt] [PATCH] Remove & ban use of select() for waiting for I/O
by Daniel P. Berrange
From: "Daniel P. Berrange" <berrange(a)redhat.com>
Use of the select() system call is inherantly dangerous since
applications will hit a buffer overrun if any FD number exceeds
the size of the select set size (typically 1024). Replace the
two uses of select() with poll() and use cfg.mk to ban any
future use of select().
NB: This changes the phyp driver so that it uses an infinite
timeout, instead of busy-waiting for 1ms at a time.
Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com>
---
cfg.mk | 8 ++++++++
src/phyp/phyp_driver.c | 20 +++++++-------------
src/util/virnetlink.c | 16 +++++++---------
3 files changed, 22 insertions(+), 22 deletions(-)
diff --git a/cfg.mk b/cfg.mk
index 0bf5bfc..0e809fc 100644
--- a/cfg.mk
+++ b/cfg.mk
@@ -444,6 +444,14 @@ sc_prohibit_nonreentrant:
done ; \
exit $$fail
+sc_prohibit_select:
+ @fail=0 ; \
+ (prohibit="\\<select *\\(" \
+ halt="use poll(), not select()" \
+ $(_sc_search_regexp) \
+ ) || fail=1; \
+ exit $$fail
+
# Prohibit the inclusion of <ctype.h>.
sc_prohibit_ctype_h:
@prohibit='^# *include *<ctype\.h>' \
diff --git a/src/phyp/phyp_driver.c b/src/phyp/phyp_driver.c
index f0007c0..4594cbf 100644
--- a/src/phyp/phyp_driver.c
+++ b/src/phyp/phyp_driver.c
@@ -40,6 +40,7 @@
#include <netdb.h>
#include <fcntl.h>
#include <domain_event.h>
+#include <poll.h>
#include "internal.h"
#include "virauth.h"
@@ -72,29 +73,22 @@ static unsigned const int PHYP_MAC_SIZE= 12;
static int
waitsocket(int socket_fd, LIBSSH2_SESSION * session)
{
- struct timeval timeout;
- fd_set fd;
- fd_set *writefd = NULL;
- fd_set *readfd = NULL;
+ struct pollfd fds[1];
int dir;
- timeout.tv_sec = 0;
- timeout.tv_usec = 1000;
-
- FD_ZERO(&fd);
-
- FD_SET(socket_fd, &fd);
+ memset(fds, 0, sizeof(fds));
+ fds[0].fd = socket_fd;
/* now make sure we wait in the correct direction */
dir = libssh2_session_block_directions(session);
if (dir & LIBSSH2_SESSION_BLOCK_INBOUND)
- readfd = &fd;
+ fds[0].events |= POLLIN;
if (dir & LIBSSH2_SESSION_BLOCK_OUTBOUND)
- writefd = &fd;
+ fds[0].events |= POLLOUT;
- return select(socket_fd + 1, readfd, writefd, NULL, &timeout);
+ return poll(fds, ARRAY_CARDINALITY(fds), -1);
}
/* this function is the layer that manipulates the ssh channel itself
diff --git a/src/util/virnetlink.c b/src/util/virnetlink.c
index d340eda..f5865a0 100644
--- a/src/util/virnetlink.c
+++ b/src/util/virnetlink.c
@@ -48,7 +48,7 @@
#define VIR_FROM_THIS VIR_FROM_NET
-#define NETLINK_ACK_TIMEOUT_S 2
+#define NETLINK_ACK_TIMEOUT_S 2*1000
#if defined(__linux__) && defined(HAVE_LIBNL)
/* State for a single netlink event handle */
@@ -185,10 +185,7 @@ int virNetlinkCommand(struct nl_msg *nl_msg,
.nl_groups = 0,
};
ssize_t nbytes;
- struct timeval tv = {
- .tv_sec = NETLINK_ACK_TIMEOUT_S,
- };
- fd_set readfds;
+ struct pollfd fds[1];
int fd;
int n;
struct nlmsghdr *nlmsg = nlmsg_hdr(nl_msg);
@@ -242,14 +239,15 @@ int virNetlinkCommand(struct nl_msg *nl_msg,
goto error;
}
- FD_ZERO(&readfds);
- FD_SET(fd, &readfds);
+ memset(fds, 0, sizeof(fds));
+ fds[0].fd = fd;
+ fds[0].events = POLLIN;
- n = select(fd + 1, &readfds, NULL, NULL, &tv);
+ n = poll(fds, ARRAY_CARDINALITY(fds), NETLINK_ACK_TIMEOUT_S);
if (n <= 0) {
if (n < 0)
virReportSystemError(errno, "%s",
- _("error in select call"));
+ _("error in poll call"));
if (n == 0)
virReportSystemError(ETIMEDOUT, "%s",
_("no valid netlink response was received"));
--
1.8.2.1
11 years, 6 months
[libvirt] [PATCH] portability: fix virNetDevSetMAC and virNetDevExists on BSD
by Roman Bogorodskiy
- provide virNetDevSetMAC() implementation based on SIOCSIFLLADDR
ioctl.
- adjust virNetDevExists() to check for ENXIO error because
FreeBSD throws it when device doesn't exist
---
configure.ac | 8 ++++++++
src/util/virnetdev.c | 41 ++++++++++++++++++++++++++++++++++++++++-
2 files changed, 48 insertions(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
index 992a778..95d303f 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2372,6 +2372,14 @@ AC_CHECK_MEMBERS([struct ifreq.ifr_newname,
#include <net/if.h>
])
+AC_CHECK_DECLS([link_addr],
+ [], [],
+ [#include <sys/types.h>
+ #include <sys/socket.h>
+ #include <net/if_dl.h>
+ ])
+
+
# Only COPYING.LIB is under version control, yet COPYING
# is included as part of the distribution tarball.
# Copy one to the other, but only if this is a srcdir-build.
diff --git a/src/util/virnetdev.c b/src/util/virnetdev.c
index d987b8e..0527a27 100644
--- a/src/util/virnetdev.c
+++ b/src/util/virnetdev.c
@@ -47,6 +47,11 @@
# undef HAVE_STRUCT_IFREQ
#endif
+#ifdef HAVE_DECL_LINK_ADDR
+# include <sys/sockio.h>
+# include <net/if_dl.h>
+#endif
+
#define VIR_FROM_THIS VIR_FROM_NONE
#if defined(HAVE_STRUCT_IFREQ)
@@ -110,7 +115,7 @@ int virNetDevExists(const char *ifname)
return -1;
if (ioctl(fd, SIOCGIFFLAGS, &ifr)) {
- if (errno == ENODEV)
+ if (errno == ENODEV || errno == ENXIO)
ret = 0;
else
virReportSystemError(errno,
@@ -179,6 +184,40 @@ cleanup:
VIR_FORCE_CLOSE(fd);
return ret;
}
+#elif defined(SIOCSIFLLADDR) && defined(HAVE_STRUCT_IFREQ) && \
+ defined(HAVE_DECL_LINK_ADDR)
+int virNetDevSetMAC(const char *ifname,
+ const virMacAddrPtr macaddr)
+{
+ struct ifreq ifr;
+ struct sockaddr_dl sdl;
+ char mac[VIR_MAC_STRING_BUFLEN + 1] = ":";
+ int s;
+ int ret = -1;
+
+ if ((s = virNetDevSetupControl(ifname, &ifr)) < 0)
+ return -1;
+
+ virMacAddrFormat(macaddr, mac + 1);
+ sdl.sdl_len = sizeof(sdl);
+ link_addr(mac, &sdl);
+
+ memcpy(ifr.ifr_addr.sa_data, sdl.sdl_data, VIR_MAC_BUFLEN);
+ ifr.ifr_addr.sa_len = VIR_MAC_BUFLEN;
+
+ if (ioctl(s, SIOCSIFLLADDR, &ifr) < 0) {
+ virReportSystemError(errno,
+ _("Cannot set interface MAC on '%s'"),
+ ifname);
+ goto cleanup;
+ }
+
+ ret = 0;
+cleanup:
+ VIR_FORCE_CLOSE(s);
+
+ return ret;
+}
#else
int virNetDevSetMAC(const char *ifname,
const virMacAddrPtr macaddr ATTRIBUTE_UNUSED)
--
1.8.0
11 years, 6 months
[libvirt] [PATCH] Fix starting domains when kernel has no cgroups support
by Jim Fehlig
Found that I was unable to start existing domains after updating
to a kernel with no cgroups support
# zgrep CGROUP /proc/config.gz
# CONFIG_CGROUPS is not set
# virsh start test
error: Failed to start domain test
error: Unable to initialize /machine cgroup: Cannot allocate memory
virCgroupPartitionNeedsEscaping() correctly returns errno (ENOENT) when
attempting to open /proc/cgroups on such a system, but it was being
dropped in virCgroupSetPartitionSuffix().
Change virCgroupSetPartitionSuffix() to propogate errors returned by
its callees. Also check for ENOENT in qemuInitCgroup() when determining
if cgroups support is available.
---
src/qemu/qemu_cgroup.c | 3 ++-
src/util/vircgroup.c | 19 +++++++++++++------
2 files changed, 15 insertions(+), 7 deletions(-)
diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c
index 9c45b76..40777aa 100644
--- a/src/qemu/qemu_cgroup.c
+++ b/src/qemu/qemu_cgroup.c
@@ -414,7 +414,8 @@ int qemuInitCgroup(virQEMUDriverPtr driver,
if (rc != 0) {
if (rc == -ENXIO ||
rc == -EPERM ||
- rc == -EACCES) { /* No cgroups mounts == success */
+ rc == -EACCES ||
+ rc == -ENOENT) { /* No cgroups mounts == success */
VIR_DEBUG("No cgroups present/configured/accessible, ignoring error");
goto done;
}
diff --git a/src/util/vircgroup.c b/src/util/vircgroup.c
index 473d2fc..ef619dc 100644
--- a/src/util/vircgroup.c
+++ b/src/util/vircgroup.c
@@ -1167,14 +1167,14 @@ static int virCgroupPartitionEscape(char **path)
return 0;
}
-static char *virCgroupSetPartitionSuffix(const char *path)
+static int virCgroupSetPartitionSuffix(const char *path, char **res)
{
char **tokens = virStringSplit(path, "/", 0);
size_t i;
- char *ret = NULL;
+ int ret = -1;
if (!tokens)
- return NULL;
+ return ret;
for (i = 0 ; tokens[i] != NULL ; i++) {
/* Whitelist the 3 top level fixed dirs
@@ -1193,20 +1193,27 @@ static char *virCgroupSetPartitionSuffix(const char *path)
!strchr(tokens[i], '.')) {
if (VIR_REALLOC_N(tokens[i],
strlen(tokens[i]) + strlen(".partition") + 1) < 0) {
+ ret = -ENOMEM;
virReportOOMError();
goto cleanup;
}
strcat(tokens[i], ".partition");
}
- if (virCgroupPartitionEscape(&(tokens[i])) < 0) {
- virReportOOMError();
+ ret = virCgroupPartitionEscape(&(tokens[i]));
+ if (ret < 0) {
+ if (ret == -ENOMEM)
+ virReportOOMError();
goto cleanup;
}
}
- if (!(ret = virStringJoin((const char **)tokens, "/")))
+ if (!(*res = virStringJoin((const char **)tokens, "/"))) {
+ ret = -ENOMEM;
goto cleanup;
+ }
+
+ ret = 0;
cleanup:
virStringFreeList(tokens);
--
1.8.0.1
11 years, 6 months
[libvirt] [PATCH] .gitignore: add fchosttest
by Ján Tomko
---
Pushed under the trivial rule.
.gitignore | 1 +
1 file changed, 1 insertion(+)
diff --git a/.gitignore b/.gitignore
index f181f89..3d874a9 100644
--- a/.gitignore
+++ b/.gitignore
@@ -144,6 +144,7 @@
/tests/domainsnapshotxml2xmltest
/tests/esxutilstest
/tests/eventtest
+/tests/fchosttest
/tests/fdstreamtest
/tests/hashtest
/tests/jsontest
--
1.8.1.5
11 years, 6 months
[libvirt] RFC version information in API docs
by Claudio Bley
Hi.
Sometimes, it's a bit hard to determine when exactly a function, flag
or macro appeared in libvirt, ie. whether it will be supported on my
target machine having a specific version of libvirt or not.
So, I have created an enriched version of the API docs, using a XSL
stylesheet enumerating the libvirt?-api.xml files of all libvirt
releases.
For an example, you can have a look here:
http://avdv.github.io/libvirt/html/libvirt-libvirt.html#virVcpuState
Hovering over an enum value displays version information in a tooltip.
What do you think? Should this information be included by default in
the API docs?
If so, I could use a little help on how to integrate the generation of
this information into the automake process.
Basically, the XSL stylesheet enriches the generated libvirt-api.xml
with the current version given as a parameter to xsltproc plus version
information gathered from a previous enriched libvirt-api.xml file.
That way, every symbol/node() gets a since="..." version attribute.
So, during a build there's an extra step necessary when generating the
libvirt-api.xml file:
1. apibuild.py => libvirt-api.1.xml
2. (libvirt-api.1.xml + libvirt-api.0.xml) => XSLT => libvirt-api.xml
When releasing, libvirt-api.xml should be moved to
libvirt-api.0.xml. Alternatively, there could be a second XSL file
only extracting the version information without the boilerplate.
Claudio
--
AV-Test GmbH, Henricistraße 20, 04155 Leipzig, Germany
Phone: +49 341 265 310 19
Web:<http://www.av-test.org>
Eingetragen am / Registered at: Amtsgericht Stendal (HRB 114076)
Geschaeftsfuehrer (CEO): Andreas Marx, Guido Habicht, Maik Morgenstern
11 years, 6 months
[libvirt] [PATCH v2 0/2] Support for VNC WebSocket
by Martin Kletzander
This series, which is meant to be applied _after_ 1.0.5 release, is
adding support for the VNC WebSocket to be configured for QEMU.
Documentation from qemu_options.hx:
qemu -vnc ...,websocket[=<port>]
Opens an additional TCP listening port dedicated to VNC Websocket connections.
By definition the Websocket port is 5700+@var{display}. If @var{host} is
specified connections will only be allowed from this host.
As an alternative the Websocket port could be specified by using
@code{websocket}=@var{port}.
v2:
- Incorporated recommendations from RFC [1]
[1] http://www.redhat.com/archives/libvir-list/2013-April/msg02056.html
Martin Kletzander (2):
Add VNC WebSocket support
qemu: Add VNC WebSocket support
docs/formatdomain.html.in | 5 ++++
docs/schemas/domaincommon.rng | 5 ++++
src/conf/domain_conf.c | 16 ++++++++++
src/conf/domain_conf.h | 1 +
src/qemu/libvirtd_qemu.aug | 2 ++
src/qemu/qemu.conf | 7 +++++
src/qemu/qemu_capabilities.c | 11 +++++--
src/qemu/qemu_capabilities.h | 1 +
src/qemu/qemu_command.c | 60 ++++++++++++++++++++++++++++++++++++--
src/qemu/qemu_command.h | 5 +++-
src/qemu/qemu_conf.c | 32 ++++++++++++++++++++
src/qemu/qemu_conf.h | 6 ++++
src/qemu/qemu_driver.c | 5 ++++
src/qemu/qemu_process.c | 31 ++++++++++++++++----
src/qemu/test_libvirtd_qemu.aug.in | 2 ++
tests/qemuargv2xmltest.c | 1 +
tests/qemuxml2argvtest.c | 1 +
tests/qemuxml2xmltest.c | 1 +
18 files changed, 180 insertions(+), 12 deletions(-)
--
1.8.2.1
11 years, 6 months
[libvirt] qemu command line quoting (was: Re: [Libguestfs] [PATCH 0/5] rbd improvements)
by Richard W.M. Jones
On Sun, May 12, 2013 at 02:42:36PM -0400, Mike Kelly wrote:
> On Thu, May 9, 2013 at 12:21 PM, Richard W.M. Jones <rjones(a)redhat.com> wrote:
> > On Thu, May 09, 2013 at 11:23:55AM -0400, Mike Kelly wrote:
> >> On Wed, May 8, 2013 at 6:53 AM, Richard W.M. Jones <rjones(a)redhat.com> wrote:
> >> > One worry I have is whether quoting is required for the server
> >> > name(s), export name, username and secret.
> >>
> >> Well. I think the main things we had to quote were ':' and ';', but
> >> none of those are valid in a hostname. Username also probably doesn't
> >> contain anything special, and secret is a base64-encoded string. I
> >> confirmed that even with the string ending in '==', it was parsed just
> >> fine by qemu, at least in my limited manual testing.
> >>
> >> If you can suggest a way to be more robust this, though, then I can
> >> try to work that into a future patch series.
> >
> > The quoting problem happens when someone writes a program which takes
> > (eg) a hostname string from the user and passes it unmodified to the
> > guestfs API. It's an issue if this string can cause unexpected [even
> > malicious/exploitable] things to happen when passed unquoted on the
> > qemu command line.
>
> Well, I'm not sure if this way of setting things up is still
> encouraged, but at least this documentation suggests basically using
> the fact that libvirt won't quote the image name as a "feature":
>
> http://ceph.com/w/index.php?title=QEMU-RBD#Caching
>
> <disk type='network' device='disk'>
> <source protocol='rbd'
> name='poolname/imagename:rbd_cache=1:rbd_cache_size=67108864:rbd_cache_max_dirty=0'/>
Hmmm ... This is a bug in libvirt, but also a missing feature of
libvirt since it cannot express these other configuration fields.
> <driver name='qemu' type='rbd'/>
> <target dev='vda' bus='virtio'/>
> </disk>
>
> The more official documentation for configuring caching doesn't seem
> to make any specific mention of this:
>
> http://ceph.com/docs/master/rbd/qemu-rbd/#qemu-cache-options
> http://ceph.com/docs/master/rbd/libvirt/
> http://ceph.com/docs/master/rbd/rbd-config-ref/
By the way, I fixed some qemu-img command line quoting issues
yesterday (but not in ceph):
https://github.com/libguestfs/libguestfs/commit/914d3e68ec272436f91080f47...
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming blog: http://rwmj.wordpress.com
Fedora now supports 80 OCaml packages (the OPEN alternative to F#)
11 years, 6 months
[libvirt] [PATCH] Escaping leading '.' in cgroup names
by Daniel P. Berrange
From: "Daniel P. Berrange" <berrange(a)redhat.com>
Escaping a leading '.' with '_' in the cgroup names
Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com>
---
src/util/vircgroup.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/util/vircgroup.c b/src/util/vircgroup.c
index 473d2fc..4de1d55 100644
--- a/src/util/vircgroup.c
+++ b/src/util/vircgroup.c
@@ -1106,7 +1106,8 @@ static int virCgroupPartitionNeedsEscaping(const char *path)
if (STRPREFIX(path, "cgroup."))
return 1;
- if (path[0] == '_')
+ if (path[0] == '_' ||
+ path[0] == '.')
return 1;
if (!(fp = fopen("/proc/cgroups", "r")))
--
1.8.1.4
11 years, 6 months
[libvirt] [PATCH] security_apparmor.c: Include virscsi.h
by Michal Privoznik
After introducing AppArmorSetSecuritySCSILabel() in 2691cd5f
we are using virSCSIDevicePtr type without proper include.
---
Pushed as build breaker.
src/security/security_apparmor.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c
index 50d7983..3680279 100644
--- a/src/security/security_apparmor.c
+++ b/src/security/security_apparmor.c
@@ -49,6 +49,7 @@
#include "vircommand.h"
#include "virlog.h"
#include "virstring.h"
+#include "virscsi.h"
#define VIR_FROM_THIS VIR_FROM_SECURITY
#define SECURITY_APPARMOR_VOID_DOI "0"
--
1.8.2.1
11 years, 6 months
