June 2013 - Devel - libvirt List Archives

[libvirt] ARM libvirt compiling error
by Michele Paolino 04 Jun '13

04 Jun '13

Hello, I'm trying to set up a development environment on an Arndale (ARM Samsung Exynos 5250) board to work on sVirt. I'm using Debian 7.0, I've downloaded the source code from GIT and than: ./autogen.sh --prefix=$HOME/usr make but in the middle of make execution, the program fails with this error: conf/domain_conf.c: In function 'virDomainHostdevDefParseXML': conf/domain_conf.c:3915:36: error: 'next_unit' may be used uninitialized in this function [-Werror=uninitialized] conf/domain_conf.c:3886:9: note: 'next_unit' was declared here conf/domain_conf.c: At top level: cc1: error: unrecognized command line option "-Wno-unused-command-line-argument" [-Werror] I've solved this problem simply initializing the "next_unit" variable (file src/conf/domain_conf.c, line 3886). This is the diff between the original file and the modified one: 3886c3886 < int next_unit; --- > int next_unit = -1; Another way to solve is obviously with --disable-werror, but I guess this is not the best way. My gcc version is 4.6.3 (Debian 4.6.3-14), kernel version is 3.8.0-rc4. Maybe it's only a compiler problem, but can anyone confirm this? Is it worth to submit a new bug report/patch the source? Regards, Michele -- *Michele Paolino ** *Virtual Open Systems* **Open Source KVM Virtualization Developments Multicore Systems Virtualization Porting Services *Web*:* *www.virtualopensystems.com*

3 2

[libvirt] [PATCHv2 0/2] fix segfault in virSecuritySELinuxMCSGetProcessRange
by Ján Tomko 04 Jun '13

04 Jun '13

Diff to v2: Changed char * to const char * after actually compiling it with selinux. Added a test. James Gilliland (1): selinux: fix segfault in virSecuritySELinuxMCSGetProcessRange Ján Tomko (1): tests: add test for a selinux label without a range src/security/security_selinux.c | 9 ++++++++- tests/securityselinuxtest.c | 44 ++++++++++++++++++++++++++++++++++++++--- 2 files changed, 49 insertions(+), 4 deletions(-) -- 1.8.1.5

2 3

[libvirt] NBD drives with literal IPv6 addresses or hostnames starting with a digit
by Ján Tomko 04 Jun '13

04 Jun '13

Hello, since qemu's commit v1.4.0-736-gf17c90b [1]: nbd: Keep hostname and port separate * literal IPv6 addresses no longer work in nbd URIs, because getaddrinfo is called with the surrounding brackets: $ qemu-system-x86_64 -drive file=nbd://[::1]:1234/quack qemu-system-x86_64: -drive file=nbd://[::1]:1234/quack: address resolution failed for [::1]:1234: Name or service not known * hostnames starting with a digit now work in nbd URIs. Before that, or with the non-URI syntax, they fail because inet_parse assumes them to be literal IPv4 addresses: $ qemu-system-x86_64 -drive file=nbd:123flour:1234:exportname=gashunk qemu-system-x86_64: -drive file=nbd:123flour:1234:exportname=gashunk: error parsing IPv4 address '123flour:1234' In libvirt, we use the URI format on the command line only if the host contains ':', so hostnames starting with a digit still don't work. Migration with NBD and a literal IPv6 address doesn't work either, but that's purely libvirt's fault, as we don't escape it with brackets. I've just posted a patch for that. [2] Jan [1] http://git.qemu.org/?p=qemu.git;a=commitdiff;h=f17c90b [2] https://www.redhat.com/archives/libvir-list/2013-May/msg02022.html

2 2

[libvirt] Authoritative source for logging filters descriptions ?
by Kashyap Chamarthy 04 Jun '13

04 Jun '13

Heya, So I usually use these two resources, when tracing/debugging: - https://www.berrange.com/posts/2011/10/03/troubleshooting-libvirt-with-the-… - http://libvirt.org/logging.html For instance, for filters to know what QMP commands libvirt is sending to QEMU: I use: - log_filters="1:qemu_monitor" - log_outputs="1:file:/var/log/libvirt/libvirtd.log" But, from https://www.berrange.com/posts/2011/10/03/troubleshooting-libvirt-with-the-… I notice, we could also use these variations of filters QEMU/QMP filters: # QEMU JSON/QMP monitor commands - log_filters="1:qemu_monitor_json" # QEMU text monitor commands - log_filters="1:qemu_monitor_text" Is there any place where these are comprehensively documented, has anything changed from what's mentioned in the above blog & the logging wiki page ? Furthermore, from /etc/libvirt/libvirtd.conf, I see: =========================================== [...] # Logging filters: # A filter allows to select a different logging level for a given category # of logs # The format for a filter is one of: # x:name # x:+name # where name is a string which is matched against source file name, # e.g., "remote", "qemu", or "util/json", the optional "+" prefix # tells libvirt to log stack trace for each message matching name, # and x is the minimal level where matching messages should be logged: # 1: DEBUG # 2: INFO # 3: WARNING # 4: ERROR # # Multiple filter can be defined in a single @filters, they just need to be # separated by spaces. # # e.g. to only get warning or errors from the remote layer and only errors # from the event layer: #log_filters="3:remote 4:event" [...] =========================================== Is the above list of strings describe all possible "name" values for filters ? If I'm missing some obvious resource on the inter-webs, please point me to it. Thanks. -- /kashyap

2 2

[libvirt] [PATCH] virsh: Allow attach-disk to specify disk wwn
by Osier Yang 04 Jun '13

04 Jun '13

Commit 6e73850b01ee support to set wwn for disks, but it was not exposed to attach-disk. --- tools/virsh-domain.c | 14 +++++++++++++- tools/virsh.pod | 8 ++++---- 2 files changed, 17 insertions(+), 5 deletions(-) diff --git a/tools/virsh-domain.c b/tools/virsh-domain.c index 9ea5ffc..767e288 100644 --- a/tools/virsh-domain.c +++ b/tools/virsh-domain.c @@ -307,6 +307,10 @@ static const vshCmdOptDef opts_attach_disk[] = { .type = VSH_OT_STRING, .help = N_("serial of disk device") }, + {.name = "wwn", + .type = VSH_OT_STRING, + .help = N_("wwn of disk device") + }, {.name = "shareable", .type = VSH_OT_BOOL, .help = N_("shareable between domains") @@ -499,7 +503,8 @@ cmdAttachDisk(vshControl *ctl, const vshCmd *cmd) virDomainPtr dom = NULL; const char *source = NULL, *target = NULL, *driver = NULL, *subdriver = NULL, *type = NULL, *mode = NULL, - *cache = NULL, *serial = NULL, *straddr = NULL; + *cache = NULL, *serial = NULL, *straddr = NULL, + *wwn = NULL; struct DiskAddress diskAddr; bool isFile = false, functionReturn = false; int ret; @@ -538,6 +543,7 @@ cmdAttachDisk(vshControl *ctl, const vshCmd *cmd) vshCommandOptStringReq(ctl, cmd, "mode", &mode) < 0 || vshCommandOptStringReq(ctl, cmd, "cache", &cache) < 0 || vshCommandOptStringReq(ctl, cmd, "serial", &serial) < 0 || + vshCommandOptStringReq(ctl, cmd, "wwn", &wwn) < 0 || vshCommandOptStringReq(ctl, cmd, "address", &straddr) < 0 || vshCommandOptStringReq(ctl, cmd, "sourcetype", &stype) < 0) goto cleanup; @@ -564,6 +570,9 @@ cmdAttachDisk(vshControl *ctl, const vshCmd *cmd) } } + if (wwn && !virValidateWWN(wwn)) + goto cleanup; + /* Make XML of disk */ virBufferAsprintf(&buf, "<disk type='%s'", (isFile) ? "file" : "block"); @@ -597,6 +606,9 @@ cmdAttachDisk(vshControl *ctl, const vshCmd *cmd) if (serial) virBufferAsprintf(&buf, " <serial>%s</serial>\n", serial); + if (wwn) + virBufferAsprintf(&buf, " <wwn>%s</wwn>\n", wwn); + if (vshCommandOptBool(cmd, "shareable")) virBufferAddLit(&buf, " <shareable/>\n"); diff --git a/tools/virsh.pod b/tools/virsh.pod index 047c241..69c290f 100644 --- a/tools/virsh.pod +++ b/tools/virsh.pod @@ -1849,8 +1849,8 @@ expected. [[[I<--live>] [I<--config>] | [I<--current>]] | [I<--persistent>]] [I<--driver driver>] [I<--subdriver subdriver>] [I<--cache cache>] [I<--type type>] [I<--mode mode>] [I<--config>] [I<--sourcetype soucetype>] -[I<--serial serial>] [I<--shareable>] [I<--rawio>] [I<--address address>] -[I<--multifunction>] [I<--print-xml>] +[I<--serial serial>] [I<--wwn wwn>] [I<--shareable>] [I<--rawio>] +[I<--address address>] [I<--multifunction>] [I<--print-xml>] Attach a new disk device to the domain. I<source> is path for the files and devices. I<target> controls the bus or @@ -1870,8 +1870,8 @@ I<mode> can specify the two specific mode I<readonly> or I<shareable>. I<sourcetype> can indicate the type of source (block|file) I<cache> can be one of "default", "none", "writethrough", "writeback", "directsync" or "unsafe". -I<serial> is the serial of disk device. I<shareable> indicates the disk device -is shareable between domains. +I<serial> is the serial of disk device. I<wwn> is the wwn of disk device. +I<shareable> indicates the disk device is shareable between domains. I<rawio> indicates the disk needs rawio capability. I<address> is the address of disk device in the form of pci:domain.bus.slot.function, scsi:controller.bus.unit or ide:controller.bus.unit. -- 1.8.1.4

2 2

[libvirt] [PATCH] tests: fix typo in securityselinuxtest
by Ján Tomko 04 Jun '13

04 Jun '13

--- Pushed as trivial. tests/securityselinuxtest.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/securityselinuxtest.c b/tests/securityselinuxtest.c index f276e6d..bdf248b 100644 --- a/tests/securityselinuxtest.c +++ b/tests/securityselinuxtest.c @@ -231,7 +231,7 @@ testSELinuxGenLabel(const void *opaque) if (virSecurityManagerGenLabel(data->mgr, def) < 0) { virErrorPtr err = virGetLastError(); - fprintf(stderr, "Cannot generated label %s\n", err->message); + fprintf(stderr, "Cannot generate label: %s\n", err->message); goto cleanup; } -- 1.8.1.5

1 0

[libvirt] [PATCH] selinux: fix segfault in virSecuritySELinuxMCSGetProcessRange
by Ján Tomko 04 Jun '13

04 Jun '13

From: James Gilliland <neclimdul(a)gmail.com> https://bugzilla.redhat.com/show_bug.cgi?id=969878 --- src/security/security_selinux.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c index b862fbf..3d8195c 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -189,6 +189,7 @@ virSecuritySELinuxMCSGetProcessRange(char **sens, context_t ourContext = NULL; char *cat = NULL; char *tmp; + char *contextRange; int ret = -1; if (getcon_raw(&ourSecContext) < 0) { @@ -202,8 +203,14 @@ virSecuritySELinuxMCSGetProcessRange(char **sens, ourSecContext); goto cleanup; } + if (!(contextRange = context_range_get(ourContext))) { + virReportSystemError(errno, + _("Unable to parse current SELinux context range '%s'"), + ourSecContext); + goto cleanup; + } - if (VIR_STRDUP(*sens, context_range_get(ourContext)) < 0) + if (VIR_STRDUP(*sens, contextRange) < 0) goto cleanup; /* Find and blank out the category part (if any) */ -- 1.8.1.5

2 1

[libvirt] [PATCH] virsh: Obey pool-or-uuid spec when creating volumes
by Jiri Denemark 04 Jun '13

04 Jun '13

Our documentation says a pool may be referenced by its name or UUID anywhere if it makes sense (pool-name and pool-uuid are the only exceptions). However, vol-create and vol-create-as commands did not obey this. --- tools/virsh-volume.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/tools/virsh-volume.c b/tools/virsh-volume.c index e16a385..35fb762 100644 --- a/tools/virsh-volume.c +++ b/tools/virsh-volume.c @@ -177,8 +177,7 @@ cmdVolCreateAs(vshControl *ctl, const vshCmd *cmd) if (vshCommandOptBool(cmd, "prealloc-metadata")) flags |= VIR_STORAGE_VOL_CREATE_PREALLOC_METADATA; - if (!(pool = vshCommandOptPoolBy(ctl, cmd, "pool", NULL, - VSH_BYNAME))) + if (!(pool = vshCommandOptPool(ctl, cmd, "pool", NULL))) return false; if (vshCommandOptStringReq(ctl, cmd, "name", &name) < 0) @@ -345,8 +344,7 @@ cmdVolCreate(vshControl *ctl, const vshCmd *cmd) if (vshCommandOptBool(cmd, "prealloc-metadata")) flags |= VIR_STORAGE_VOL_CREATE_PREALLOC_METADATA; - if (!(pool = vshCommandOptPoolBy(ctl, cmd, "pool", NULL, - VSH_BYNAME))) + if (!(pool = vshCommandOptPool(ctl, cmd, "pool", NULL))) return false; if (vshCommandOptStringReq(ctl, cmd, "file", &from) < 0) -- 1.8.2.1

2 2

[libvirt] nwfilter: grab driver lock earlier during init (bz96649)
by Stefan Berger 03 Jun '13

03 Jun '13

This patch is in relation to Bug 966449: https://bugzilla.redhat.com/show_bug.cgi?id=966449 Below is a possible patch addressing the coredump. Thread 1 must be calling nwfilterDriverRemoveDBusMatches(). It does so with nwfilterDriverLock held. In the patch below I am now moving the nwfilterDriverLock(driverState) further up so that the initialization, which seems to either take a long time or is entirely stuck, occurs with the lock held and the shutdown cannot occur at the same time. To avoid having to make the nwfilterDriverLock lockable multiple times / recursive I changed the virNWFilterDriverIsWatchingFirewallD to take as an argument whether it has to grab that lock. There's only a single caller at the moment that calls this function during initialization. We could remove this lock entirely and maybe append to the name of the function NoLock (?). --- src/nwfilter/nwfilter_driver.c | 18 +++++++++++++----- src/nwfilter/nwfilter_driver.h | 2 +- src/nwfilter/nwfilter_ebiptables_driver.c | 7 ++++++- 3 files changed, 20 insertions(+), 7 deletions(-) Index: libvirt/src/nwfilter/nwfilter_driver.c =================================================================== --- libvirt.orig/src/nwfilter/nwfilter_driver.c +++ libvirt/src/nwfilter/nwfilter_driver.c @@ -191,6 +191,8 @@ nwfilterStateInitialize(bool privileged, if (!privileged) return 0; + nwfilterDriverLock(driverState); + if (virNWFilterIPAddrMapInit() < 0) goto err_free_driverstate; if (virNWFilterLearnInit() < 0) @@ -203,8 +205,6 @@ nwfilterStateInitialize(bool privileged, if (virNWFilterConfLayerInit(virNWFilterDomainFWUpdateCB) < 0) goto err_techdrivers_shutdown; - nwfilterDriverLock(driverState); - /* * startup the DBus late so we don't get a reload signal while * initializing @@ -309,21 +309,29 @@ nwfilterStateReload(void) { /** * virNWFilterIsWatchingFirewallD: * + * @needDriverLock: Provide 'true' if this function needs to grab + * the nwfilter driver lock, 'false' otherwise, + * which may be the case during initialization + * * Checks if the nwfilter has the DBus watches for FirewallD installed. * * Returns true if it is watching firewalld, false otherwise */ bool -virNWFilterDriverIsWatchingFirewallD(void) +virNWFilterDriverIsWatchingFirewallD(bool needDriverLock) { bool ret; if (!driverState) return false; - nwfilterDriverLock(driverState); + if (needDriverLock) + nwfilterDriverLock(driverState); + ret = driverState->watchingFirewallD; - nwfilterDriverUnlock(driverState); + + if (needDriverLock) + nwfilterDriverUnlock(driverState); return ret; } Index: libvirt/src/nwfilter/nwfilter_driver.h =================================================================== --- libvirt.orig/src/nwfilter/nwfilter_driver.h +++ libvirt/src/nwfilter/nwfilter_driver.h @@ -33,6 +33,6 @@ int nwfilterRegister(void); -bool virNWFilterDriverIsWatchingFirewallD(void); +bool virNWFilterDriverIsWatchingFirewallD(bool needDriverLock); #endif /* __VIR_NWFILTER_DRIVER_H__ */ Index: libvirt/src/nwfilter/nwfilter_ebiptables_driver.c =================================================================== --- libvirt.orig/src/nwfilter/nwfilter_ebiptables_driver.c +++ libvirt/src/nwfilter/nwfilter_ebiptables_driver.c @@ -4191,7 +4191,12 @@ ebiptablesDriverInitWithFirewallD(void) int status; int ret = -1; - if (!virNWFilterDriverIsWatchingFirewallD()) + /* + * check whether we are watching firewalld + * Since we call this function during initialization we won't need + * to have it get the lock, so we pass 'false'. + */ + if (!virNWFilterDriverIsWatchingFirewallD(false)) return -1; firewall_cmd_path = virFindFileInPath("firewall-cmd");

2 2

[libvirt] need custom /dev entries in LXC
by Michael R. Hines 03 Jun '13

03 Jun '13

Hi, We run nvidia devices inside libvirt-managed LXC containers. It used to be that simply doing: $ echo 'c 195:* rwm' > /sys/fs/cgroup/devices/libvirt/lxc Then, after booting the container, we would do: $ mknod -m 666 /dev/nvidia0 c 195 0 .... would be good enough to run our CUDA applications. But, according to: $ cat src/lxc/lxc_container.c The CAP_MKNOD capability is being dropped and only a specific set of devices is being created before booting the container. Is there any reason why this is not per-device configurable? Thanks, - Michael R. Hines

2 2