[libvirt] [v11 0/6] Write separate module for hostdev passthrough
by Chunyan Liu
These patches implements a separate module for hostdev passthrough so that it
could be shared by different drivers and can maintain a global state of a host
device.
patch 1/6: extract hostdev passthrough function from qemu_hostdev.c and make it
reusable by multiple drivers.
patch 2/6: add a unit test for hostdev common library.
patch 3/6: switch qemu driver to use the common library instead of its own
hostdev passthrough APIs.
patch 4/6: switch lxc driver to use the common library instead of its own
hostdev passthrough APIs.
patch 5/6: add a hostdev pci backend type for xen usage.
patch 6/6: add pci passthrough to libxl driver.
---
Changes
* rebase to lastest changes in src/util/virscsi.c, src/qemu/qemu_process.c,
tests/virpcimock.c, etc.
Chunyan Liu (6):
add hostdev passthrough common library
add unit test for hostdev common library
change qemu driver to use hostdev common library
change lxc driver to use hostdev common library
add hostdev pci backend type for xen
add pci passthrough to libxl driver
docs/schemas/domaincommon.rng | 1 +
po/POTFILES.in | 3 +-
src/Makefile.am | 3 +-
src/conf/domain_conf.c | 3 +-
src/conf/domain_conf.h | 1 +
src/libvirt_private.syms | 21 +
src/libxl/libxl_conf.c | 63 +
src/libxl/libxl_conf.h | 4 +
src/libxl/libxl_domain.c | 9 +
src/libxl/libxl_driver.c | 448 +++++-
src/lxc/lxc_conf.h | 4 -
src/lxc/lxc_driver.c | 47 +-
src/lxc/lxc_hostdev.c | 413 -----
src/lxc/lxc_hostdev.h | 43 -
src/lxc/lxc_process.c | 24 +-
src/qemu/qemu_command.c | 4 +-
src/qemu/qemu_conf.h | 9 +-
src/qemu/qemu_domain.c | 22 +
src/qemu/qemu_driver.c | 81 +-
src/qemu/qemu_hostdev.c | 1457 -----------------
src/qemu/qemu_hostdev.h | 76 -
src/qemu/qemu_hotplug.c | 136 +-
src/qemu/qemu_process.c | 40 +-
src/util/virhostdev.c | 1706 ++++++++++++++++++++
src/util/virhostdev.h | 134 ++
src/util/virpci.c | 30 +-
src/util/virpci.h | 9 +-
src/util/virscsi.c | 28 +-
src/util/virscsi.h | 8 +-
src/util/virusb.c | 29 +-
src/util/virusb.h | 8 +-
tests/Makefile.am | 5 +
.../qemuxml2argv-hostdev-pci-address.xml | 1 +
.../qemuxml2argvdata/qemuxml2argv-net-hostdev.xml | 1 +
tests/qemuxml2argvdata/qemuxml2argv-pci-rom.xml | 2 +
tests/virhostdevtest.c | 473 ++++++
36 files changed, 3132 insertions(+), 2214 deletions(-)
delete mode 100644 src/lxc/lxc_hostdev.c
delete mode 100644 src/lxc/lxc_hostdev.h
delete mode 100644 src/qemu/qemu_hostdev.c
delete mode 100644 src/qemu/qemu_hostdev.h
create mode 100644 src/util/virhostdev.c
create mode 100644 src/util/virhostdev.h
create mode 100644 tests/virhostdevtest.c
10 years, 9 months
- 5
- 13
[libvirt] [PATCH] Generate a valid imagelabel even for type 'none'
by Ján Tomko
Commit 2ce63c1 added imagelabel generation when relabeling is turned
off. But we weren't filling out the sensitivity for type 'none' labels,
resulting in an invalid label:
$ virsh managedsave domain
error: unable to set security context 'system_u:object_r:svirt_image_t'
on fd 28: Invalid argument
---
src/security/security_selinux.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index aa47667..448f686 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -670,7 +670,14 @@ virSecuritySELinuxGenSecurityLabel(virSecurityManagerPtr mgr,
break;
case VIR_DOMAIN_SECLABEL_NONE:
- /* no op */
+ if (virSecuritySELinuxMCSGetProcessRange(&sens,
+ &catMin,
+ &catMax) < 0)
+ goto cleanup;
+
+ if (VIR_STRDUP(mcs, sens) < 0)
+ goto cleanup;
+
break;
default:
--
1.8.3.2
10 years, 9 months
- 2
- 2
[libvirt] [PATCH] maint: fix grammar in conf file
by Eric Blake
Noticed a misuse of 'to' while testing my event regression under
polkit ACLs, and decided to review the entire conf files for
other legibility bugs.
* daemon/libvirtd.conf: Use correct grammar.
* src/qemu/qemu.conf: Likewise.
Signed-off-by: Eric Blake <eblake(a)redhat.com>
---
Pushing under the trivial rule.
daemon/libvirtd.conf | 24 ++++++++++++------------
src/qemu/qemu.conf | 14 +++++++-------
2 files changed, 19 insertions(+), 19 deletions(-)
diff --git a/daemon/libvirtd.conf b/daemon/libvirtd.conf
index 5353927..538acae 100644
--- a/daemon/libvirtd.conf
+++ b/daemon/libvirtd.conf
@@ -63,7 +63,7 @@
# unique on the immediate broadcast network.
#
# The default is "Virtualization Host HOSTNAME", where HOSTNAME
-# is subsituted for the short hostname of the machine (without domain)
+# is substituted for the short hostname of the machine (without domain)
#
#mdns_name = "Virtualization Host Joe Demo"
@@ -83,8 +83,8 @@
# Set the UNIX socket permissions for the R/O socket. This is used
# for monitoring VM status only
#
-# Default allows any user. If setting group ownership may want to
-# restrict this to:
+# Default allows any user. If setting group ownership, you may want to
+# restrict this too.
#unix_sock_ro_perms = "0777"
# Set the UNIX socket permissions for the R/W socket. This is used
@@ -94,7 +94,7 @@
# the default will change to allow everyone (eg, 0777)
#
# If not using PolicyKit and setting group ownership for access
-# control then you may want to relax this to:
+# control, then you may want to relax this too.
#unix_sock_rw_perms = "0770"
# Set the name of the directory in which sockets will be found/created.
@@ -113,7 +113,7 @@
# - sasl: use SASL infrastructure. The actual auth scheme is then
# controlled from /etc/sasl2/libvirt.conf. For the TCP
# socket only GSSAPI & DIGEST-MD5 mechanisms will be used.
-# For non-TCP or TLS sockets, any scheme is allowed.
+# For non-TCP or TLS sockets, any scheme is allowed.
#
# - polkit: use PolicyKit to authenticate. This is only suitable
# for use on the UNIX sockets. The default policy will
@@ -216,7 +216,7 @@
#tls_no_verify_certificate = 1
-# A whitelist of allowed x509 Distinguished Names
+# A whitelist of allowed x509 Distinguished Names
# This list may contain wildcards such as
#
# "C=GB,ST=London,L=London,O=Red Hat,CN=*"
@@ -274,13 +274,13 @@
# The number of priority workers. If all workers from above
-# pool will stuck, some calls marked as high priority
+# pool are stuck, some calls marked as high priority
# (notably domainDestroy) can be executed in this pool.
#prio_workers = 5
# Total global limit on concurrent RPC calls. Should be
# at least as large as max_workers. Beyond this, RPC requests
-# will be read into memory and queued. This directly impact
+# will be read into memory and queued. This directly impacts
# memory usage, currently each request requires 256 KB of
# memory. So by default up to 5 MB of memory is used
#
@@ -318,7 +318,7 @@
# 3: WARNING
# 4: ERROR
#
-# Multiple filter can be defined in a single @filters, they just need to be
+# Multiple filters can be defined in a single @filters, they just need to be
# separated by spaces.
#
# e.g. to only get warning or errors from the remote layer and only errors
@@ -340,7 +340,7 @@
# 3: WARNING
# 4: ERROR
#
-# Multiple output can be defined, they just need to be separated by spaces.
+# Multiple outputs can be defined, they just need to be separated by spaces.
# e.g. to log all warnings and errors to syslog under the libvirtd ident:
#log_outputs="3:syslog:libvirtd"
#
@@ -387,7 +387,7 @@
###################################################################
# Keepalive protocol:
# This allows libvirtd to detect broken client connections or even
-# dead client. A keepalive message is sent to a client after
+# dead clients. A keepalive message is sent to a client after
# keepalive_interval seconds of inactivity to check if the client is
# still responding; keepalive_count is a maximum number of keepalive
# messages that are allowed to be sent to the client without getting
@@ -396,7 +396,7 @@
# keepalive_interval * (keepalive_count + 1) seconds since the last
# message received from the client. If keepalive_interval is set to
# -1, libvirtd will never send keepalive requests; however clients
-# can still send them and the deamon will send responses. When
+# can still send them and the daemon will send responses. When
# keepalive_count is set to 0, connections will be automatically
# closed after keepalive_interval seconds of inactivity without
# sending any keepalive messages.
diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
index 17f1b10..e436084 100644
--- a/src/qemu/qemu.conf
+++ b/src/qemu/qemu.conf
@@ -58,7 +58,7 @@
#vnc_tls_x509_verify = 1
-# The default VNC password. Only 8 letters are significant for
+# The default VNC password. Only 8 bytes are significant for
# VNC passwords. This parameter is only used if the per-domain
# XML config does not already provide a password. To allow
# access without passwords, leave this commented out. An empty
@@ -180,7 +180,7 @@
# VNC WebSocket port policies, same rules apply as with remote display
# ports. VNC WebSockets use similar display <-> port mappings, with
-# the exception being that ports starts from 5700 instead of 5900.
+# the exception being that ports start from 5700 instead of 5900.
#
#remote_websocket_port_min = 5700
#remote_websocket_port_max = 65535
@@ -333,7 +333,7 @@
# disable guest hugepage backing.
#
# NB, within this mount point, guests will create memory backing files
-# in a location of $MOUNTPOINT/libvirt/qemu
+# in a location of $MOUNTPOINT/libvirt/qemu
#
#hugetlbfs_mount = "/dev/hugepages"
@@ -421,14 +421,14 @@
# Keepalive protocol:
# This allows qemu driver to detect broken connections to remote
# libvirtd during peer-to-peer migration. A keepalive message is
-# sent to the deamon after keepalive_interval seconds of inactivity
-# to check if the deamon is still responding; keepalive_count is a
+# sent to the daemon after keepalive_interval seconds of inactivity
+# to check if the daemon is still responding; keepalive_count is a
# maximum number of keepalive messages that are allowed to be sent
-# to the deamon without getting any response before the connection
+# to the daemon without getting any response before the connection
# is considered broken. In other words, the connection is
# automatically closed approximately after
# keepalive_interval * (keepalive_count + 1) seconds since the last
-# message received from the deamon. If keepalive_interval is set to
+# message received from the daemon. If keepalive_interval is set to
# -1, qemu driver will not send keepalive requests during
# peer-to-peer migration; however, the remote libvirtd can still
# send them and source libvirtd will send responses. When
--
1.8.5.3
10 years, 9 months
- 1
- 0
[libvirt] [PATCH] qemu: introduce spiceport serial backend
by Martin Kletzander
Signed-off-by: Martin Kletzander <mkletzan(a)redhat.com>
---
Notes:
This applies on top of "qemu: minor cleanups":
https://www.redhat.com/archives/libvir-list/2014-January/msg01584.html
docs/formatdomain.html.in | 22 +++++
docs/schemas/domaincommon.rng | 4 +
src/conf/domain_audit.c | 3 +-
src/conf/domain_conf.c | 40 ++++++++-
src/conf/domain_conf.h | 6 +-
src/qemu/qemu_capabilities.c | 8 ++
src/qemu/qemu_capabilities.h | 3 +-
src/qemu/qemu_command.c | 96 +++++++++++++---------
src/qemu/qemu_monitor_json.c | 3 +-
tests/qemucapabilitiesdata/caps_1.5.3-1.caps | 1 +
tests/qemucapabilitiesdata/caps_1.6.0-1.caps | 1 +
tests/qemucapabilitiesdata/caps_1.6.50-1.caps | 1 +
.../qemuxml2argv-serial-spiceport-nospice.args | 6 ++
.../qemuxml2argv-serial-spiceport-nospice.xml | 40 +++++++++
.../qemuxml2argv-serial-spiceport.args | 13 +++
.../qemuxml2argv-serial-spiceport.xml | 43 ++++++++++
tests/qemuxml2argvtest.c | 7 ++
tests/qemuxml2xmltest.c | 2 +
18 files changed, 255 insertions(+), 44 deletions(-)
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-serial-spiceport-nospice.args
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-serial-spiceport-nospice.xml
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-serial-spiceport.args
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-serial-spiceport.xml
diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
index fd02864..20ee61e 100644
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -4252,6 +4252,10 @@ qemu-kvm -net nic,model=? /dev/null
<source path='/dev/pts/3'/>
<target port='0'/>
</serial>
+ <serial type='spiceport'>
+ <source channel='org.qemu.console.serial.0'/>
+ <target port='0'/>
+ </serial>
<console type='pty'>
<source path='/dev/pts/4'/>
<target port='0'/>
@@ -4711,6 +4715,24 @@ qemu-kvm -net nic,model=? /dev/null
<pre>
...
<devices>
+ <serial type="spiceport">
+ <source channel="org.qemu.console.serial.0"/>
+ <target port="1"/>
+ </serial>
+ </devices>
+ ...</pre>
+
+ <h6><a name="elementsCharSpiceport">Spice channel</a></h6>
+
+ <p>
+ The character device is accessible through spice connection
+ under a channel name specified in the <code>channel</code>
+ attribute. <span class="since">Since 1.2.2</span>
+ </p>
+
+<pre>
+ ...
+ <devices>
<serial type="unix">
<source mode="bind" path="/tmp/foo"/>
<target port="1"/>
diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index 7f55f24..3063d5a 100644
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -2876,6 +2876,7 @@
<value>vc</value>
<value>pty</value>
<value>spicevmc</value>
+ <value>spiceport</value>
</choice>
</define>
@@ -2946,6 +2947,9 @@
<attribute name="wiremode"/>
</optional>
<optional>
+ <attribute name="channel"/>
+ </optional>
+ <optional>
<ref name='devSeclabel'/>
</optional>
</element>
diff --git a/src/conf/domain_audit.c b/src/conf/domain_audit.c
index 11cf5c8..b6564c2 100644
--- a/src/conf/domain_audit.c
+++ b/src/conf/domain_audit.c
@@ -1,7 +1,7 @@
/*
* domain_audit.c: Domain audit management
*
- * Copyright (C) 2006-2013 Red Hat, Inc.
+ * Copyright (C) 2006-2014 Red Hat, Inc.
* Copyright (C) 2006 Daniel P. Berrange
*
* This library is free software; you can redistribute it and/or
@@ -81,6 +81,7 @@ virDomainAuditChardevPath(virDomainChrSourceDefPtr chr)
case VIR_DOMAIN_CHR_TYPE_VC:
case VIR_DOMAIN_CHR_TYPE_STDIO:
case VIR_DOMAIN_CHR_TYPE_SPICEVMC:
+ case VIR_DOMAIN_CHR_TYPE_SPICEPORT:
case VIR_DOMAIN_CHR_TYPE_LAST:
return NULL;
}
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index fa1ecb5..8cdd0e9 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -437,7 +437,8 @@ VIR_ENUM_IMPL(virDomainChr, VIR_DOMAIN_CHR_TYPE_LAST,
"udp",
"tcp",
"unix",
- "spicevmc")
+ "spicevmc",
+ "spiceport")
VIR_ENUM_IMPL(virDomainChrTcpProtocol, VIR_DOMAIN_CHR_TCP_PROTOCOL_LAST,
"raw",
@@ -1583,6 +1584,12 @@ virDomainChrSourceDefIsEqual(const virDomainChrSourceDef *src,
STREQ_NULLABLE(src->data.nix.path, tgt->data.nix.path);
break;
+ case VIR_DOMAIN_CHR_TYPE_SPICEPORT:
+ return STREQ_NULLABLE(src->data.spiceport.channel,
+ tgt->data.spiceport.channel);
+ return true;
+ break;
+
case VIR_DOMAIN_CHR_TYPE_NULL:
case VIR_DOMAIN_CHR_TYPE_VC:
case VIR_DOMAIN_CHR_TYPE_STDIO:
@@ -7090,6 +7097,9 @@ error:
return ret;
}
+#define SERIAL_CHANNEL_NAME_CHARS \
+ "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_-."
+
/* Parse the source half of the XML definition for a character device,
* where node is the first element of node->children of the parent
* element. def->type must already be valid. Return -1 on failure,
@@ -7110,6 +7120,7 @@ virDomainChrSourceDefParseXML(virDomainChrSourceDefPtr def,
char *path = NULL;
char *mode = NULL;
char *protocol = NULL;
+ char *channel = NULL;
int remaining = 0;
while (cur != NULL) {
@@ -7154,6 +7165,11 @@ virDomainChrSourceDefParseXML(virDomainChrSourceDefPtr def,
VIR_FREE(mode);
break;
+ case VIR_DOMAIN_CHR_TYPE_SPICEPORT:
+ if (!channel)
+ channel = virXMLPropString(cur, "channel");
+ break;
+
case VIR_DOMAIN_CHR_TYPE_LAST:
case VIR_DOMAIN_CHR_TYPE_NULL:
case VIR_DOMAIN_CHR_TYPE_VC:
@@ -7293,6 +7309,21 @@ virDomainChrSourceDefParseXML(virDomainChrSourceDefPtr def,
def->data.nix.path = path;
path = NULL;
break;
+
+ case VIR_DOMAIN_CHR_TYPE_SPICEPORT:
+ if (!channel) {
+ virReportError(VIR_ERR_XML_ERROR, "%s",
+ _("Missing source channel attribute for char device"));
+ goto error;
+ }
+ if (strcspn(channel, SERIAL_CHANNEL_NAME_CHARS)) {
+ virReportError(VIR_ERR_XML_ERROR, "%s",
+ _("Invalid character in source channel for char device"));
+ goto error;
+ }
+ def->data.spiceport.channel = channel;
+ channel = NULL;
+ break;
}
cleanup:
@@ -7303,6 +7334,7 @@ cleanup:
VIR_FREE(connectHost);
VIR_FREE(connectService);
VIR_FREE(path);
+ VIR_FREE(channel);
return remaining;
@@ -15651,6 +15683,12 @@ virDomainChrSourceDefFormat(virBufferPtr buf,
virBufferEscapeString(buf, " path='%s'", def->data.nix.path);
virBufferAddLit(buf, "/>\n");
break;
+
+ case VIR_DOMAIN_CHR_TYPE_SPICEPORT:
+ virBufferAsprintf(buf, "<source channel='%s'/>\n",
+ def->data.spiceport.channel);
+ break;
+
}
virBufferAdjustIndent(buf, -6);
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index d8f2e49..b07aa8f 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -1,7 +1,7 @@
/*
* domain_conf.h: domain XML processing
*
- * Copyright (C) 2006-2013 Red Hat, Inc.
+ * Copyright (C) 2006-2014 Red Hat, Inc.
* Copyright (C) 2006-2008 Daniel P. Berrange
*
* This library is free software; you can redistribute it and/or
@@ -1104,6 +1104,7 @@ enum virDomainChrType {
VIR_DOMAIN_CHR_TYPE_TCP,
VIR_DOMAIN_CHR_TYPE_UNIX,
VIR_DOMAIN_CHR_TYPE_SPICEVMC,
+ VIR_DOMAIN_CHR_TYPE_SPICEPORT,
VIR_DOMAIN_CHR_TYPE_LAST
};
@@ -1152,6 +1153,9 @@ struct _virDomainChrSourceDef {
bool listen;
} nix;
int spicevmc;
+ struct {
+ char *channel;
+ } spiceport;
} data;
};
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index 8aec293..317b374 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -248,6 +248,7 @@ VIR_ENUM_IMPL(virQEMUCaps, QEMU_CAPS_LAST,
"pvpanic",
"enable-fips",
"spice-file-xfer-disable",
+ "spiceport",
);
struct _virQEMUCaps {
@@ -1012,6 +1013,8 @@ virQEMUCapsComputeCmdFlags(const char *help,
virQEMUCapsSet(qemuCaps, QEMU_CAPS_CHARDEV);
if (strstr(help, "-chardev spicevmc"))
virQEMUCapsSet(qemuCaps, QEMU_CAPS_CHARDEV_SPICEVMC);
+ if (strstr(help, "-chardev spiceport"))
+ virQEMUCapsSet(qemuCaps, QEMU_CAPS_CHARDEV_SPICEPORT);
}
if (strstr(help, "-balloon"))
virQEMUCapsSet(qemuCaps, QEMU_CAPS_BALLOON);
@@ -2570,6 +2573,11 @@ virQEMUCapsInitQMPMonitor(virQEMUCapsPtr qemuCaps,
if (qemuCaps->version >= 1006000)
virQEMUCapsSet(qemuCaps, QEMU_CAPS_DEVICE_VIDEO_PRIMARY);
+ /* -chardev spiceport is supported from 1.4.0,
+ * but it's in qapi only since 1.5.0 */
+ if (qemuCaps->version >= 1005000)
+ virQEMUCapsSet(qemuCaps, QEMU_CAPS_CHARDEV_SPICEPORT);
+
if (virQEMUCapsProbeQMPCommands(qemuCaps, mon) < 0)
goto cleanup;
if (virQEMUCapsProbeQMPEvents(qemuCaps, mon) < 0)
diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h
index 23dccce..a4eecb6 100644
--- a/src/qemu/qemu_capabilities.h
+++ b/src/qemu/qemu_capabilities.h
@@ -1,7 +1,7 @@
/*
* qemu_capabilities.h: QEMU capabilities generation
*
- * Copyright (C) 2006-2013 Red Hat, Inc.
+ * Copyright (C) 2006-2014 Red Hat, Inc.
* Copyright (C) 2006 Daniel P. Berrange
*
* This library is free software; you can redistribute it and/or
@@ -202,6 +202,7 @@ enum virQEMUCapsFlags {
QEMU_CAPS_DEVICE_PANIC = 161, /* -device pvpanic */
QEMU_CAPS_ENABLE_FIPS = 162, /* -enable-fips */
QEMU_CAPS_SPICE_FILE_XFER_DISABLE = 163, /* -spice disable-agent-file-xfer */
+ QEMU_CAPS_CHARDEV_SPICEPORT = 164, /* -chardev spiceport */
QEMU_CAPS_LAST, /* this must always be the last item */
};
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 7e1cd53..c1635e0 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -5977,6 +5977,16 @@ qemuBuildChrChardevStr(virDomainChrSourceDefPtr dev, const char *alias,
virDomainChrSpicevmcTypeToString(dev->data.spicevmc));
break;
+ case VIR_DOMAIN_CHR_TYPE_SPICEPORT:
+ if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_CHARDEV_SPICEPORT)) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("spiceport not supported in this QEMU binary"));
+ goto error;
+ }
+ virBufferAsprintf(&buf, "spiceport,id=char%s,name=%s", alias,
+ dev->data.spiceport.channel);
+ break;
+
default:
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
_("unsupported chardev '%s'"),
@@ -6075,6 +6085,8 @@ qemuBuildChrArgStr(virDomainChrSourceDefPtr dev, const char *prefix)
case VIR_DOMAIN_CHR_TYPE_SPICEVMC:
/* spicevmc doesn't have any '-serial' compatible option */
+ case VIR_DOMAIN_CHR_TYPE_SPICEPORT:
+ /* spiceport doesn't have any '-serial' compatible option */
case VIR_DOMAIN_CHR_TYPE_LAST:
/* coverity[dead_error_begin] */
break;
@@ -7709,6 +7721,7 @@ qemuBuildCommandLine(virConnectPtr conn,
int vnc = 0;
int spice = 0;
int usbcontroller = 0;
+ int actualSerials = 0;
bool usblegacy = false;
bool mlock = false;
int contOrder[] = {
@@ -7738,6 +7751,20 @@ qemuBuildCommandLine(virConnectPtr conn,
emulator = def->emulator;
+ for (i = 0; i < def->ngraphics; ++i) {
+ switch (def->graphics[i]->type) {
+ case VIR_DOMAIN_GRAPHICS_TYPE_SDL:
+ ++sdl;
+ break;
+ case VIR_DOMAIN_GRAPHICS_TYPE_VNC:
+ ++vnc;
+ break;
+ case VIR_DOMAIN_GRAPHICS_TYPE_SPICE:
+ ++spice;
+ break;
+ }
+ }
+
/*
* do not use boot=on for drives when not using KVM since this
* is not supported at all in upstream QEmu.
@@ -8804,35 +8831,39 @@ qemuBuildCommandLine(virConnectPtr conn,
virCommandAddArgBuffer(cmd, &opt);
}
- if (!def->nserials) {
- /* If we have -device, then we set -nodefault already */
- if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_DEVICE))
- virCommandAddArgList(cmd, "-serial", "none", NULL);
- } else {
- for (i = 0; i < def->nserials; i++) {
- virDomainChrDefPtr serial = def->serials[i];
- char *devstr;
+ for (i = 0; i < def->nserials; i++) {
+ virDomainChrDefPtr serial = def->serials[i];
+ char *devstr;
- /* Use -chardev with -device if they are available */
- if (virQEMUCapsSupportsChardev(def, qemuCaps, serial)) {
- virCommandAddArg(cmd, "-chardev");
- if (!(devstr = qemuBuildChrChardevStr(&serial->source,
- serial->info.alias,
- qemuCaps)))
- goto error;
- virCommandAddArg(cmd, devstr);
- VIR_FREE(devstr);
+ if (serial->source.type == VIR_DOMAIN_CHR_TYPE_SPICEPORT && !spice)
+ continue;
- if (qemuBuildChrDeviceCommandLine(cmd, def, serial, qemuCaps) < 0)
- goto error;
- } else {
- virCommandAddArg(cmd, "-serial");
- if (!(devstr = qemuBuildChrArgStr(&serial->source, NULL)))
- goto error;
- virCommandAddArg(cmd, devstr);
- VIR_FREE(devstr);
- }
+ /* Use -chardev with -device if they are available */
+ if (virQEMUCapsSupportsChardev(def, qemuCaps, serial)) {
+ virCommandAddArg(cmd, "-chardev");
+ if (!(devstr = qemuBuildChrChardevStr(&serial->source,
+ serial->info.alias,
+ qemuCaps)))
+ goto error;
+ virCommandAddArg(cmd, devstr);
+ VIR_FREE(devstr);
+
+ if (qemuBuildChrDeviceCommandLine(cmd, def, serial, qemuCaps) < 0)
+ goto error;
+ } else {
+ virCommandAddArg(cmd, "-serial");
+ if (!(devstr = qemuBuildChrArgStr(&serial->source, NULL)))
+ goto error;
+ virCommandAddArg(cmd, devstr);
+ VIR_FREE(devstr);
}
+ actualSerials++;
+ }
+
+ if (!actualSerials) {
+ /* If we have -device, then we set -nodefault already */
+ if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_DEVICE))
+ virCommandAddArgList(cmd, "-serial", "none", NULL);
}
if (!def->nparallels) {
@@ -9019,19 +9050,6 @@ qemuBuildCommandLine(virConnectPtr conn,
}
}
- for (i = 0; i < def->ngraphics; ++i) {
- switch (def->graphics[i]->type) {
- case VIR_DOMAIN_GRAPHICS_TYPE_SDL:
- ++sdl;
- break;
- case VIR_DOMAIN_GRAPHICS_TYPE_VNC:
- ++vnc;
- break;
- case VIR_DOMAIN_GRAPHICS_TYPE_SPICE:
- ++spice;
- break;
- }
- }
if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_0_10) && sdl + vnc + spice > 1) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
_("only 1 graphics device is supported"));
diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c
index ec3b958..5e825ac 100644
--- a/src/qemu/qemu_monitor_json.c
+++ b/src/qemu/qemu_monitor_json.c
@@ -1,7 +1,7 @@
/*
* qemu_monitor_json.c: interaction with QEMU monitor console
*
- * Copyright (C) 2006-2013 Red Hat, Inc.
+ * Copyright (C) 2006-2014 Red Hat, Inc.
* Copyright (C) 2006 Daniel P. Berrange
*
* This library is free software; you can redistribute it and/or
@@ -5318,6 +5318,7 @@ qemuMonitorJSONAttachCharDevCommand(const char *chrID,
break;
case VIR_DOMAIN_CHR_TYPE_SPICEVMC:
+ case VIR_DOMAIN_CHR_TYPE_SPICEPORT:
case VIR_DOMAIN_CHR_TYPE_PIPE:
case VIR_DOMAIN_CHR_TYPE_STDIO:
case VIR_DOMAIN_CHR_TYPE_LAST:
diff --git a/tests/qemucapabilitiesdata/caps_1.5.3-1.caps b/tests/qemucapabilitiesdata/caps_1.5.3-1.caps
index 1e5bb74..adf8531 100644
--- a/tests/qemucapabilitiesdata/caps_1.5.3-1.caps
+++ b/tests/qemucapabilitiesdata/caps_1.5.3-1.caps
@@ -134,4 +134,5 @@
<flag name='boot-strict'/>
<flag name='pvpanic'/>
<flag name='reboot-timeout'/>
+ <flag name='spiceport'/>
</qemuCaps>
diff --git a/tests/qemucapabilitiesdata/caps_1.6.0-1.caps b/tests/qemucapabilitiesdata/caps_1.6.0-1.caps
index 61542a8..e6b2f76 100644
--- a/tests/qemucapabilitiesdata/caps_1.6.0-1.caps
+++ b/tests/qemucapabilitiesdata/caps_1.6.0-1.caps
@@ -140,4 +140,5 @@
<flag name='reboot-timeout'/>
<flag name='enable-fips'/>
<flag name='spice-file-xfer-disable'/>
+ <flag name='spiceport'/>
</qemuCaps>
diff --git a/tests/qemucapabilitiesdata/caps_1.6.50-1.caps b/tests/qemucapabilitiesdata/caps_1.6.50-1.caps
index 8ce17aa..e6b8117 100644
--- a/tests/qemucapabilitiesdata/caps_1.6.50-1.caps
+++ b/tests/qemucapabilitiesdata/caps_1.6.50-1.caps
@@ -138,4 +138,5 @@
<flag name='pvpanic'/>
<flag name='reboot-timeout'/>
<flag name='spice-file-xfer-disable'/>
+ <flag name='spiceport'/>
</qemuCaps>
diff --git a/tests/qemuxml2argvdata/qemuxml2argv-serial-spiceport-nospice.args b/tests/qemuxml2argvdata/qemuxml2argv-serial-spiceport-nospice.args
new file mode 100644
index 0000000..1e27394
--- /dev/null
+++ b/tests/qemuxml2argvdata/qemuxml2argv-serial-spiceport-nospice.args
@@ -0,0 +1,6 @@
+LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test QEMU_AUDIO_DRV=none \
+/usr/bin/qemu \
+-name QEMUGuest1 -S -M pc -m 214 -smp 1 -nographic -monitor \
+unix:/tmp/test-monitor,server,nowait -no-acpi -boot c \
+-usb -hda /dev/HostVG/QEMUGuest1 -net none -serial \
+none -parallel none
diff --git a/tests/qemuxml2argvdata/qemuxml2argv-serial-spiceport-nospice.xml b/tests/qemuxml2argvdata/qemuxml2argv-serial-spiceport-nospice.xml
new file mode 100644
index 0000000..06a99a3
--- /dev/null
+++ b/tests/qemuxml2argvdata/qemuxml2argv-serial-spiceport-nospice.xml
@@ -0,0 +1,40 @@
+<domain type='qemu'>
+ <name>QEMUGuest1</name>
+ <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+ <title>A description of the test machine.</title>
+ <description>
+ A test of qemu's minimal configuration.
+ This test also tests the description and title elements.
+ </description>
+ <memory unit='KiB'>219100</memory>
+ <currentMemory unit='KiB'>219100</currentMemory>
+ <vcpu placement='static' cpuset='1-4,8-20,525'>1</vcpu>
+ <os>
+ <type arch='i686' machine='pc'>hvm</type>
+ <boot dev='hd'/>
+ </os>
+ <clock offset='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>destroy</on_crash>
+ <devices>
+ <emulator>/usr/bin/qemu</emulator>
+ <disk type='block' device='disk'>
+ <source dev='/dev/HostVG/QEMUGuest1'/>
+ <target dev='hda' bus='ide'/>
+ <address type='drive' controller='0' bus='0' target='0' unit='0'/>
+ </disk>
+ <controller type='usb' index='0'/>
+ <controller type='ide' index='0'/>
+ <controller type='pci' index='0' model='pci-root'/>
+ <serial type='spiceport'>
+ <source channel='org.qemu.console.serial.0'/>
+ <target port='0'/>
+ </serial>
+ <console type='spiceport'>
+ <source channel='org.qemu.console.serial.0'/>
+ <target type='serial' port='0'/>
+ </console>
+ <memballoon model='virtio'/>
+ </devices>
+</domain>
diff --git a/tests/qemuxml2argvdata/qemuxml2argv-serial-spiceport.args b/tests/qemuxml2argvdata/qemuxml2argv-serial-spiceport.args
new file mode 100644
index 0000000..8c631b1
--- /dev/null
+++ b/tests/qemuxml2argvdata/qemuxml2argv-serial-spiceport.args
@@ -0,0 +1,13 @@
+LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test QEMU_AUDIO_DRV=spice \
+/usr/bin/qemu -S -M pc -m 214 -smp 1 -nodefconfig -nodefaults \
+-chardev socket,id=charmonitor,path=/tmp/test-monitor,server,nowait \
+-mon chardev=charmonitor,id=monitor,mode=readline \
+-no-acpi -boot c -usb \
+-hda /dev/HostVG/QEMUGuest1 \
+-chardev spiceport,id=charserial0,name=org.qemu.console.serial.0 \
+-device isa-serial,chardev=charserial0,id=serial0 \
+-device usb-tablet,id=input0 \
+-spice port=5903,tls-port=5904,addr=127.0.0.1,x509-dir=/etc/pki/libvirt-spice \
+-device \
+qxl-vga,id=video0,ram_size=67107840,vram_size=67107840,bus=pci.0,addr=0x2 \
+-device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x3
diff --git a/tests/qemuxml2argvdata/qemuxml2argv-serial-spiceport.xml b/tests/qemuxml2argvdata/qemuxml2argv-serial-spiceport.xml
new file mode 100644
index 0000000..1e42ee6
--- /dev/null
+++ b/tests/qemuxml2argvdata/qemuxml2argv-serial-spiceport.xml
@@ -0,0 +1,43 @@
+<domain type='qemu'>
+ <name>QEMUGuest1</name>
+ <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+ <memory unit='KiB'>219136</memory>
+ <currentMemory unit='KiB'>219136</currentMemory>
+ <vcpu placement='static' cpuset='1-4,8-20,525'>1</vcpu>
+ <os>
+ <type arch='i686' machine='pc'>hvm</type>
+ <boot dev='hd'/>
+ </os>
+ <clock offset='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>destroy</on_crash>
+ <devices>
+ <emulator>/usr/bin/qemu</emulator>
+ <disk type='block' device='disk'>
+ <source dev='/dev/HostVG/QEMUGuest1'/>
+ <target dev='hda' bus='ide'/>
+ <address type='drive' controller='0' bus='0' target='0' unit='0'/>
+ </disk>
+ <controller type='usb' index='0'/>
+ <controller type='ide' index='0'/>
+ <controller type='pci' index='0' model='pci-root'/>
+ <serial type='spiceport'>
+ <source channel='org.qemu.console.serial.0'/>
+ <target port='0'/>
+ </serial>
+ <console type='spiceport'>
+ <source channel='org.qemu.console.serial.0'/>
+ <target type='serial' port='0'/>
+ </console>
+ <input type='tablet' bus='usb'/>
+ <input type='mouse' bus='ps2'/>
+ <graphics type='spice' port='5903' tlsPort='5904' autoport='no' listen='127.0.0.1'>
+ <listen type='address' address='127.0.0.1'/>
+ </graphics>
+ <video>
+ <model type='qxl' ram='65535' vram='65535' heads='1'/>
+ </video>
+ <memballoon model='virtio'/>
+ </devices>
+</domain>
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
index a25264e..ad785d4 100644
--- a/tests/qemuxml2argvtest.c
+++ b/tests/qemuxml2argvtest.c
@@ -939,6 +939,13 @@ mymain(void)
DO_TEST("serial-udp", NONE);
DO_TEST("serial-tcp-telnet", NONE);
DO_TEST("serial-many", NONE);
+ DO_TEST("serial-spiceport",
+ QEMU_CAPS_CHARDEV, QEMU_CAPS_DEVICE,
+ QEMU_CAPS_NODEFCONFIG, QEMU_CAPS_DEVICE_VIDEO_PRIMARY,
+ QEMU_CAPS_DEVICE_QXL, QEMU_CAPS_DEVICE_QXL_VGA,
+ QEMU_CAPS_SPICE, QEMU_CAPS_CHARDEV_SPICEPORT);
+ DO_TEST("serial-spiceport-nospice", QEMU_CAPS_NAME);
+
DO_TEST("parallel-tcp", NONE);
DO_TEST("console-compat", NONE);
DO_TEST("console-compat-auto", NONE);
diff --git a/tests/qemuxml2xmltest.c b/tests/qemuxml2xmltest.c
index 41d1904..c57d7af 100644
--- a/tests/qemuxml2xmltest.c
+++ b/tests/qemuxml2xmltest.c
@@ -239,6 +239,8 @@ mymain(void)
DO_TEST("serial-udp");
DO_TEST("serial-tcp-telnet");
DO_TEST("serial-many");
+ DO_TEST("serial-spiceport");
+ DO_TEST("serial-spiceport-nospice");
DO_TEST("parallel-tcp");
DO_TEST("console-compat");
DO_TEST("console-virtio-many");
--
1.8.5.3
10 years, 9 months
- 2
- 5
[libvirt] [PATCH] event: move event filtering to daemon (regression fix)
by Eric Blake
Commit f9f56340 for CVE-2014-0028 almost had the right idea - we
need to check the ACL rules to filter which events to send. But
it overlooked one thing: the event dispatch queue is running in
the main loop thread, and therefore does not normally have a
current virIdentityPtr. But filter checks can be based on current
identity, so when libvirtd.conf contains access_drivers=["polkit"],
we ended up rejecting access for EVERY event due to failure to
look up the current identity, even if it should have been allowed.
Furthermore, even for events that are triggered by API calls, it
is important to remember that the point of events is that they can
be copied across multiple connections, which may have separate
identities and permissions. So even if events were dispatched
from a context where we have an identity, we must change to the
correct identity of the connection that will be receiving the
event, rather than basing a decision on the context that triggered
the event, when deciding whether to filter an event to a
particular connection.
If there were an easy way to get from virConnectPtr to the
appropriate virIdentityPtr, then object_event.c could adjust the
identity prior to checking whether to dispatch an event. But
setting up that back-reference is a bit invasive. Instead, it
is easier to delay the filtering check until lower down the
stack, at the point where we have direct access to the RPC
client object that owns an identity. As such, this patch ends
up reverting a large portion of the framework of commit f9f56340.
We also have to teach 'make check' to special-case the fact that
the event registration filtering is done at the point of dispatch,
rather than the point of registration. Note that even though we
don't actually use virConnectDomainEventRegisterCheckACL (because
the RegisterAny variant is sufficient), we still generate the
function for the purposes of documenting that the filtering
takes place.
Also note that I did not entirely delete the notion of a filter
from object_event.c; I still plan on using that for my upcoming
patch series for qemu monitor events in libvirt-qemu.so. In
other words, while this patch changes ACL filtering to live in
remote.c and therefore we have no current client of the filtering
in object_event.c, the notion of filtering in object_event.c is
still useful down the road.
* src/check-aclrules.pl: Exempt event registration from having to
pass checkACL filter down call stack.
* daemon/remote.c (remoteRelayDomainEventCheckACL)
(remoteRelayNetworkEventCheckACL): New functions.
(remoteRelay*Event*): Use new functions.
* src/conf/domain_event.h (virDomainEventStateRegister)
(virDomainEventStateRegisterID): Drop unused parameter.
* src/conf/network_event.h (virNetworkEventStateRegisterID):
Likewise.
* src/conf/domain_event.c (virDomainEventFilter): Delete unused
function.
* src/conf/network_event.c (virNetworkEventFilter): Likewise.
* src/libxl/libxl_driver.c: Adjust caller.
* src/lxc/lxc_driver.c: Likewise.
* src/network/bridge_driver.c: Likewise.
* src/qemu/qemu_driver.c: Likewise.
* src/remote/remote_driver.c: Likewise.
* src/test/test_driver.c: Likewise.
* src/uml/uml_driver.c: Likewise.
* src/vbox/vbox_tmpl.c: Likewise.
* src/xen/xen_driver.c: Likewise.
Signed-off-by: Eric Blake <eblake(a)redhat.com>
---
daemon/remote.c | 257 ++++++++++++++++++++++++++++----------------
src/check-aclrules.pl | 7 +-
src/conf/domain_event.c | 35 +-----
src/conf/domain_event.h | 8 +-
src/conf/network_event.c | 31 +-----
src/conf/network_event.h | 6 +-
src/libxl/libxl_driver.c | 2 -
src/lxc/lxc_driver.c | 2 -
src/network/bridge_driver.c | 1 -
src/qemu/qemu_driver.c | 2 -
src/remote/remote_driver.c | 4 +-
src/test/test_driver.c | 6 +-
src/uml/uml_driver.c | 2 -
src/vbox/vbox_tmpl.c | 4 +-
src/xen/xen_driver.c | 2 -
15 files changed, 188 insertions(+), 181 deletions(-)
diff --git a/daemon/remote.c b/daemon/remote.c
index d2aafbe..5baf0b6 100644
--- a/daemon/remote.c
+++ b/daemon/remote.c
@@ -50,6 +50,9 @@
#include "lxc_protocol.h"
#include "virstring.h"
#include "object_event.h"
+#include "domain_conf.h"
+#include "network_conf.h"
+#include "viraccessapicheck.h"
#define VIR_FROM_THIS VIR_FROM_RPC
@@ -127,16 +130,72 @@ remoteEventCallbackFree(void *opaque)
VIR_FREE(opaque);
}
-static int remoteRelayDomainEventLifecycle(virConnectPtr conn ATTRIBUTE_UNUSED,
- virDomainPtr dom,
- int event,
- int detail,
- void *opaque)
+
+static bool
+remoteRelayDomainEventCheckACL(virNetServerClientPtr client,
+ virConnectPtr conn, virDomainPtr dom)
+{
+ virDomainDef def;
+ virIdentityPtr identity = NULL;
+ bool ret = false;
+
+ /* For now, we just create a virDomainDef with enough contents to
+ * satisfy what viraccessdriverpolkit.c references. This is a bit
+ * fragile, but I don't know of anything better. */
+ def.name = dom->name;
+ memcpy(def.uuid, dom->uuid, VIR_UUID_BUFLEN);
+
+ if (!(identity = virNetServerClientGetIdentity(client)))
+ goto cleanup;
+ if (virIdentitySetCurrent(identity) < 0)
+ goto cleanup;
+ ret = virConnectDomainEventRegisterAnyCheckACL(conn, &def);
+
+cleanup:
+ ignore_value(virIdentitySetCurrent(NULL));
+ virObjectUnref(identity);
+ return ret;
+}
+
+
+static bool
+remoteRelayNetworkEventCheckACL(virNetServerClientPtr client,
+ virConnectPtr conn, virNetworkPtr net)
+{
+ virNetworkDef def;
+ virIdentityPtr identity = NULL;
+ bool ret = false;
+
+ /* For now, we just create a virNetworkDef with enough contents to
+ * satisfy what viraccessdriverpolkit.c references. This is a bit
+ * fragile, but I don't know of anything better. */
+ def.name = net->name;
+ memcpy(def.uuid, net->uuid, VIR_UUID_BUFLEN);
+
+ if (!(identity = virNetServerClientGetIdentity(client)))
+ goto cleanup;
+ if (virIdentitySetCurrent(identity) < 0)
+ goto cleanup;
+ ret = virConnectNetworkEventRegisterAnyCheckACL(conn, &def);
+
+cleanup:
+ ignore_value(virIdentitySetCurrent(NULL));
+ virObjectUnref(identity);
+ return ret;
+}
+
+
+static int
+remoteRelayDomainEventLifecycle(virConnectPtr conn,
+ virDomainPtr dom,
+ int event,
+ int detail,
+ void *opaque)
{
virNetServerClientPtr client = opaque;
remote_domain_event_lifecycle_msg data;
- if (!client)
+ if (!client || !remoteRelayDomainEventCheckACL(client, conn, dom))
return -1;
VIR_DEBUG("Relaying domain lifecycle event %d %d", event, detail);
@@ -154,14 +213,15 @@ static int remoteRelayDomainEventLifecycle(virConnectPtr conn ATTRIBUTE_UNUSED,
return 0;
}
-static int remoteRelayDomainEventReboot(virConnectPtr conn ATTRIBUTE_UNUSED,
- virDomainPtr dom,
- void *opaque)
+static int
+remoteRelayDomainEventReboot(virConnectPtr conn,
+ virDomainPtr dom,
+ void *opaque)
{
virNetServerClientPtr client = opaque;
remote_domain_event_reboot_msg data;
- if (!client)
+ if (!client || !remoteRelayDomainEventCheckACL(client, conn, dom))
return -1;
VIR_DEBUG("Relaying domain reboot event %s %d", dom->name, dom->id);
@@ -178,15 +238,16 @@ static int remoteRelayDomainEventReboot(virConnectPtr conn ATTRIBUTE_UNUSED,
}
-static int remoteRelayDomainEventRTCChange(virConnectPtr conn ATTRIBUTE_UNUSED,
- virDomainPtr dom,
- long long offset,
- void *opaque)
+static int
+remoteRelayDomainEventRTCChange(virConnectPtr conn,
+ virDomainPtr dom,
+ long long offset,
+ void *opaque)
{
virNetServerClientPtr client = opaque;
remote_domain_event_rtc_change_msg data;
- if (!client)
+ if (!client || !remoteRelayDomainEventCheckACL(client, conn, dom))
return -1;
VIR_DEBUG("Relaying domain rtc change event %s %d %lld", dom->name, dom->id, offset);
@@ -204,15 +265,16 @@ static int remoteRelayDomainEventRTCChange(virConnectPtr conn ATTRIBUTE_UNUSED,
}
-static int remoteRelayDomainEventWatchdog(virConnectPtr conn ATTRIBUTE_UNUSED,
- virDomainPtr dom,
- int action,
- void *opaque)
+static int
+remoteRelayDomainEventWatchdog(virConnectPtr conn,
+ virDomainPtr dom,
+ int action,
+ void *opaque)
{
virNetServerClientPtr client = opaque;
remote_domain_event_watchdog_msg data;
- if (!client)
+ if (!client || !remoteRelayDomainEventCheckACL(client, conn, dom))
return -1;
VIR_DEBUG("Relaying domain watchdog event %s %d %d", dom->name, dom->id, action);
@@ -230,17 +292,18 @@ static int remoteRelayDomainEventWatchdog(virConnectPtr conn ATTRIBUTE_UNUSED,
}
-static int remoteRelayDomainEventIOError(virConnectPtr conn ATTRIBUTE_UNUSED,
- virDomainPtr dom,
- const char *srcPath,
- const char *devAlias,
- int action,
- void *opaque)
+static int
+remoteRelayDomainEventIOError(virConnectPtr conn,
+ virDomainPtr dom,
+ const char *srcPath,
+ const char *devAlias,
+ int action,
+ void *opaque)
{
virNetServerClientPtr client = opaque;
remote_domain_event_io_error_msg data;
- if (!client)
+ if (!client || !remoteRelayDomainEventCheckACL(client, conn, dom))
return -1;
VIR_DEBUG("Relaying domain io error %s %d %s %s %d", dom->name, dom->id, srcPath, devAlias, action);
@@ -265,18 +328,19 @@ error:
}
-static int remoteRelayDomainEventIOErrorReason(virConnectPtr conn ATTRIBUTE_UNUSED,
- virDomainPtr dom,
- const char *srcPath,
- const char *devAlias,
- int action,
- const char *reason,
- void *opaque)
+static int
+remoteRelayDomainEventIOErrorReason(virConnectPtr conn,
+ virDomainPtr dom,
+ const char *srcPath,
+ const char *devAlias,
+ int action,
+ const char *reason,
+ void *opaque)
{
virNetServerClientPtr client = opaque;
remote_domain_event_io_error_reason_msg data;
- if (!client)
+ if (!client || !remoteRelayDomainEventCheckACL(client, conn, dom))
return -1;
VIR_DEBUG("Relaying domain io error %s %d %s %s %d %s",
@@ -306,20 +370,21 @@ error:
}
-static int remoteRelayDomainEventGraphics(virConnectPtr conn ATTRIBUTE_UNUSED,
- virDomainPtr dom,
- int phase,
- virDomainEventGraphicsAddressPtr local,
- virDomainEventGraphicsAddressPtr remote,
- const char *authScheme,
- virDomainEventGraphicsSubjectPtr subject,
- void *opaque)
+static int
+remoteRelayDomainEventGraphics(virConnectPtr conn,
+ virDomainPtr dom,
+ int phase,
+ virDomainEventGraphicsAddressPtr local,
+ virDomainEventGraphicsAddressPtr remote,
+ const char *authScheme,
+ virDomainEventGraphicsSubjectPtr subject,
+ void *opaque)
{
virNetServerClientPtr client = opaque;
remote_domain_event_graphics_msg data;
size_t i;
- if (!client)
+ if (!client || !remoteRelayDomainEventCheckACL(client, conn, dom))
return -1;
VIR_DEBUG("Relaying domain graphics event %s %d %d - %d %s %s - %d %s %s - %s", dom->name, dom->id, phase,
@@ -377,17 +442,18 @@ error:
return -1;
}
-static int remoteRelayDomainEventBlockJob(virConnectPtr conn ATTRIBUTE_UNUSED,
- virDomainPtr dom,
- const char *path,
- int type,
- int status,
- void *opaque)
+static int
+remoteRelayDomainEventBlockJob(virConnectPtr conn,
+ virDomainPtr dom,
+ const char *path,
+ int type,
+ int status,
+ void *opaque)
{
virNetServerClientPtr client = opaque;
remote_domain_event_block_job_msg data;
- if (!client)
+ if (!client || !remoteRelayDomainEventCheckACL(client, conn, dom))
return -1;
VIR_DEBUG("Relaying domain block job event %s %d %s %i, %i",
@@ -412,14 +478,15 @@ error:
}
-static int remoteRelayDomainEventControlError(virConnectPtr conn ATTRIBUTE_UNUSED,
- virDomainPtr dom,
- void *opaque)
+static int
+remoteRelayDomainEventControlError(virConnectPtr conn,
+ virDomainPtr dom,
+ void *opaque)
{
virNetServerClientPtr client = opaque;
remote_domain_event_control_error_msg data;
- if (!client)
+ if (!client || !remoteRelayDomainEventCheckACL(client, conn, dom))
return -1;
VIR_DEBUG("Relaying domain control error %s %d", dom->name, dom->id);
@@ -436,19 +503,20 @@ static int remoteRelayDomainEventControlError(virConnectPtr conn ATTRIBUTE_UNUSE
}
-static int remoteRelayDomainEventDiskChange(virConnectPtr conn ATTRIBUTE_UNUSED,
- virDomainPtr dom,
- const char *oldSrcPath,
- const char *newSrcPath,
- const char *devAlias,
- int reason,
- void *opaque)
+static int
+remoteRelayDomainEventDiskChange(virConnectPtr conn,
+ virDomainPtr dom,
+ const char *oldSrcPath,
+ const char *newSrcPath,
+ const char *devAlias,
+ int reason,
+ void *opaque)
{
virNetServerClientPtr client = opaque;
remote_domain_event_disk_change_msg data;
char **oldSrcPath_p = NULL, **newSrcPath_p = NULL;
- if (!client)
+ if (!client || !remoteRelayDomainEventCheckACL(client, conn, dom))
return -1;
VIR_DEBUG("Relaying domain %s %d disk change %s %s %s %d",
@@ -487,15 +555,17 @@ error:
}
-static int remoteRelayDomainEventTrayChange(virConnectPtr conn ATTRIBUTE_UNUSED,
- virDomainPtr dom,
- const char *devAlias,
- int reason,
- void *opaque) {
+static int
+remoteRelayDomainEventTrayChange(virConnectPtr conn,
+ virDomainPtr dom,
+ const char *devAlias,
+ int reason,
+ void *opaque)
+{
virNetServerClientPtr client = opaque;
remote_domain_event_tray_change_msg data;
- if (!client)
+ if (!client || !remoteRelayDomainEventCheckACL(client, conn, dom))
return -1;
VIR_DEBUG("Relaying domain %s %d tray change devAlias: %s reason: %d",
@@ -517,14 +587,16 @@ static int remoteRelayDomainEventTrayChange(virConnectPtr conn ATTRIBUTE_UNUSED,
return 0;
}
-static int remoteRelayDomainEventPMWakeup(virConnectPtr conn ATTRIBUTE_UNUSED,
- virDomainPtr dom,
- int reason ATTRIBUTE_UNUSED,
- void *opaque) {
+static int
+remoteRelayDomainEventPMWakeup(virConnectPtr conn,
+ virDomainPtr dom,
+ int reason ATTRIBUTE_UNUSED,
+ void *opaque)
+{
virNetServerClientPtr client = opaque;
remote_domain_event_pmwakeup_msg data;
- if (!client)
+ if (!client || !remoteRelayDomainEventCheckACL(client, conn, dom))
return -1;
VIR_DEBUG("Relaying domain %s %d system pmwakeup", dom->name, dom->id);
@@ -540,14 +612,16 @@ static int remoteRelayDomainEventPMWakeup(virConnectPtr conn ATTRIBUTE_UNUSED,
return 0;
}
-static int remoteRelayDomainEventPMSuspend(virConnectPtr conn ATTRIBUTE_UNUSED,
- virDomainPtr dom,
- int reason ATTRIBUTE_UNUSED,
- void *opaque) {
+static int
+remoteRelayDomainEventPMSuspend(virConnectPtr conn,
+ virDomainPtr dom,
+ int reason ATTRIBUTE_UNUSED,
+ void *opaque)
+{
virNetServerClientPtr client = opaque;
remote_domain_event_pmsuspend_msg data;
- if (!client)
+ if (!client || !remoteRelayDomainEventCheckACL(client, conn, dom))
return -1;
VIR_DEBUG("Relaying domain %s %d system pmsuspend", dom->name, dom->id);
@@ -564,7 +638,7 @@ static int remoteRelayDomainEventPMSuspend(virConnectPtr conn ATTRIBUTE_UNUSED,
}
static int
-remoteRelayDomainEventBalloonChange(virConnectPtr conn ATTRIBUTE_UNUSED,
+remoteRelayDomainEventBalloonChange(virConnectPtr conn,
virDomainPtr dom,
unsigned long long actual,
void *opaque)
@@ -572,7 +646,7 @@ remoteRelayDomainEventBalloonChange(virConnectPtr conn ATTRIBUTE_UNUSED,
virNetServerClientPtr client = opaque;
remote_domain_event_balloon_change_msg data;
- if (!client)
+ if (!client || !remoteRelayDomainEventCheckACL(client, conn, dom))
return -1;
VIR_DEBUG("Relaying domain balloon change event %s %d %lld", dom->name, dom->id, actual);
@@ -590,14 +664,16 @@ remoteRelayDomainEventBalloonChange(virConnectPtr conn ATTRIBUTE_UNUSED,
}
-static int remoteRelayDomainEventPMSuspendDisk(virConnectPtr conn ATTRIBUTE_UNUSED,
- virDomainPtr dom,
- int reason ATTRIBUTE_UNUSED,
- void *opaque) {
+static int
+remoteRelayDomainEventPMSuspendDisk(virConnectPtr conn,
+ virDomainPtr dom,
+ int reason ATTRIBUTE_UNUSED,
+ void *opaque)
+{
virNetServerClientPtr client = opaque;
remote_domain_event_pmsuspend_disk_msg data;
- if (!client)
+ if (!client || !remoteRelayDomainEventCheckACL(client, conn, dom))
return -1;
VIR_DEBUG("Relaying domain %s %d system pmsuspend-disk", dom->name, dom->id);
@@ -614,7 +690,7 @@ static int remoteRelayDomainEventPMSuspendDisk(virConnectPtr conn ATTRIBUTE_UNUS
}
static int
-remoteRelayDomainEventDeviceRemoved(virConnectPtr conn ATTRIBUTE_UNUSED,
+remoteRelayDomainEventDeviceRemoved(virConnectPtr conn,
virDomainPtr dom,
const char *devAlias,
void *opaque)
@@ -622,7 +698,7 @@ remoteRelayDomainEventDeviceRemoved(virConnectPtr conn ATTRIBUTE_UNUSED,
virNetServerClientPtr client = opaque;
remote_domain_event_device_removed_msg data;
- if (!client)
+ if (!client || !remoteRelayDomainEventCheckACL(client, conn, dom))
return -1;
VIR_DEBUG("Relaying domain device removed event %s %d %s",
@@ -667,7 +743,7 @@ static virConnectDomainEventGenericCallback domainEventCallbacks[] = {
verify(ARRAY_CARDINALITY(domainEventCallbacks) == VIR_DOMAIN_EVENT_ID_LAST);
static int
-remoteRelayNetworkEventLifecycle(virConnectPtr conn ATTRIBUTE_UNUSED,
+remoteRelayNetworkEventLifecycle(virConnectPtr conn,
virNetworkPtr net,
int event,
int detail,
@@ -676,7 +752,8 @@ remoteRelayNetworkEventLifecycle(virConnectPtr conn ATTRIBUTE_UNUSED,
daemonClientEventCallbackPtr callback = opaque;
remote_network_event_lifecycle_msg data;
- if (callback->callbackID < 0)
+ if (callback->callbackID < 0 ||
+ !remoteRelayNetworkEventCheckACL(callback->client, conn, net))
return -1;
VIR_DEBUG("Relaying network lifecycle event %d, detail %d, callback %d",
diff --git a/src/check-aclrules.pl b/src/check-aclrules.pl
index 057517e..f54b934 100755
--- a/src/check-aclrules.pl
+++ b/src/check-aclrules.pl
@@ -1,6 +1,6 @@
#!/usr/bin/perl
#
-# Copyright (C) 2013 Red Hat, Inc.
+# Copyright (C) 2013-2014 Red Hat, Inc.
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
@@ -140,7 +140,10 @@ while (<PROTO>) {
} elsif ($filtered &&
m,REMOTE_PROC_(.*)\s+=\s*\d+,) {
my $api = name_to_ProcName($1);
- $filtered{$api} = 1;
+ # Event filtering is handled in daemon/remote.c instead of drivers
+ if (! m,_EVENT_REGISTER,) {
+ $filtered{$api} = 1;
+ }
$incomment = 0;
}
}
diff --git a/src/conf/domain_event.c b/src/conf/domain_event.c
index f56aed3..8639a01 100644
--- a/src/conf/domain_event.c
+++ b/src/conf/domain_event.c
@@ -360,30 +360,6 @@ virDomainEventDeviceRemovedDispose(void *obj)
}
-/**
- * virDomainEventFilter:
- * @conn: pointer to the connection
- * @event: the event to check
- * @opaque: opaque data holding ACL filter to use
- *
- * Internal function to run ACL filtering before dispatching an event
- */
-static bool
-virDomainEventFilter(virConnectPtr conn, virObjectEventPtr event, void *opaque)
-{
- virDomainDef dom;
- virDomainObjListFilter filter = opaque;
-
- /* For now, we just create a virDomainDef with enough contents to
- * satisfy what viraccessdriverpolkit.c references. This is a bit
- * fragile, but I don't know of anything better. */
- dom.name = event->meta.name;
- memcpy(dom.uuid, event->meta.uuid, VIR_UUID_BUFLEN);
-
- return (filter)(conn, &dom);
-}
-
-
static void *
virDomainEventNew(virClassPtr klass,
int eventID,
@@ -1289,7 +1265,6 @@ cleanup:
* virDomainEventStateRegister:
* @conn: connection to associate with callback
* @state: object event state
- * @filter: optional ACL filter to limit which events can be sent
* @callback: the callback to add
* @opaque: data blob to pass to @callback
* @freecb: callback to free @opaque
@@ -1302,7 +1277,6 @@ cleanup:
int
virDomainEventStateRegister(virConnectPtr conn,
virObjectEventStatePtr state,
- virDomainObjListFilter filter,
virConnectDomainEventCallback callback,
void *opaque,
virFreeCallback freecb)
@@ -1311,8 +1285,7 @@ virDomainEventStateRegister(virConnectPtr conn,
return -1;
return virObjectEventStateRegisterID(conn, state, NULL,
- filter ? virDomainEventFilter : NULL,
- filter, virDomainEventClass,
+ NULL, NULL, virDomainEventClass,
VIR_DOMAIN_EVENT_ID_LIFECYCLE,
VIR_OBJECT_EVENT_CALLBACK(callback),
opaque, freecb, NULL, false);
@@ -1323,7 +1296,6 @@ virDomainEventStateRegister(virConnectPtr conn,
* virDomainEventStateRegisterID:
* @conn: connection to associate with callback
* @state: object event state
- * @filter: optional ACL filter to limit which events can be sent
* @dom: optional domain for filtering the event
* @eventID: ID of the event type to register for
* @cb: function to invoke when event fires
@@ -1340,7 +1312,6 @@ virDomainEventStateRegister(virConnectPtr conn,
int
virDomainEventStateRegisterID(virConnectPtr conn,
virObjectEventStatePtr state,
- virDomainObjListFilter filter,
virDomainPtr dom,
int eventID,
virConnectDomainEventGenericCallback cb,
@@ -1352,8 +1323,8 @@ virDomainEventStateRegisterID(virConnectPtr conn,
return -1;
return virObjectEventStateRegisterID(conn, state, dom ? dom->uuid : NULL,
- filter ? virDomainEventFilter : NULL,
- filter, virDomainEventClass, eventID,
+ NULL, NULL,
+ virDomainEventClass, eventID,
VIR_OBJECT_EVENT_CALLBACK(cb),
opaque, freecb, callbackID, false);
}
diff --git a/src/conf/domain_event.h b/src/conf/domain_event.h
index b39d5cd..b033b23 100644
--- a/src/conf/domain_event.h
+++ b/src/conf/domain_event.h
@@ -177,24 +177,20 @@ virDomainEventDeviceRemovedNewFromDom(virDomainPtr dom,
int
virDomainEventStateRegister(virConnectPtr conn,
virObjectEventStatePtr state,
- virDomainObjListFilter filter,
virConnectDomainEventCallback callback,
void *opaque,
virFreeCallback freecb)
- ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(4);
-
+ ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3);
int
virDomainEventStateRegisterID(virConnectPtr conn,
virObjectEventStatePtr state,
- virDomainObjListFilter filter,
virDomainPtr dom,
int eventID,
virConnectDomainEventGenericCallback cb,
void *opaque,
virFreeCallback freecb,
int *callbackID)
- ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(6);
-
+ ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(5);
int
virDomainEventStateDeregister(virConnectPtr conn,
virObjectEventStatePtr state,
diff --git a/src/conf/network_event.c b/src/conf/network_event.c
index f27b7e9..4c59356 100644
--- a/src/conf/network_event.c
+++ b/src/conf/network_event.c
@@ -122,35 +122,9 @@ cleanup:
/**
- * virNetworkEventFilter:
- * @conn: pointer to the connection
- * @event: the event to check
- * @opaque: opaque data holding ACL filter to use
- *
- * Internal function to run ACL filtering before dispatching an event
- */
-static bool
-virNetworkEventFilter(virConnectPtr conn, virObjectEventPtr event,
- void *opaque)
-{
- virNetworkDef net;
- virNetworkObjListFilter filter = opaque;
-
- /* For now, we just create a virNetworkDef with enough contents to
- * satisfy what viraccessdriverpolkit.c references. This is a bit
- * fragile, but I don't know of anything better. */
- net.name = event->meta.name;
- memcpy(net.uuid, event->meta.uuid, VIR_UUID_BUFLEN);
-
- return (filter)(conn, &net);
-}
-
-
-/**
* virNetworkEventStateRegisterID:
* @conn: connection to associate with callback
* @state: object event state
- * @filter: optional ACL filter to limit which events can be sent
* @net: network to filter on or NULL for all networks
* @eventID: ID of the event type to register for
* @cb: function to invoke when event occurs
@@ -167,7 +141,6 @@ virNetworkEventFilter(virConnectPtr conn, virObjectEventPtr event,
int
virNetworkEventStateRegisterID(virConnectPtr conn,
virObjectEventStatePtr state,
- virNetworkObjListFilter filter,
virNetworkPtr net,
int eventID,
virConnectNetworkEventGenericCallback cb,
@@ -179,8 +152,8 @@ virNetworkEventStateRegisterID(virConnectPtr conn,
return -1;
return virObjectEventStateRegisterID(conn, state, net ? net->uuid : NULL,
- filter ? virNetworkEventFilter : NULL,
- filter, virNetworkEventClass, eventID,
+ NULL, NULL,
+ virNetworkEventClass, eventID,
VIR_OBJECT_EVENT_CALLBACK(cb),
opaque, freecb, callbackID, false);
}
diff --git a/src/conf/network_event.h b/src/conf/network_event.h
index 0812752..51bd949 100644
--- a/src/conf/network_event.h
+++ b/src/conf/network_event.h
@@ -24,7 +24,6 @@
#include "internal.h"
#include "object_event.h"
#include "object_event_private.h"
-#include "network_conf.h"
#ifndef __NETWORK_EVENT_H__
# define __NETWORK_EVENT_H__
@@ -32,15 +31,14 @@
int
virNetworkEventStateRegisterID(virConnectPtr conn,
virObjectEventStatePtr state,
- virNetworkObjListFilter filter,
virNetworkPtr net,
int eventID,
virConnectNetworkEventGenericCallback cb,
void *opaque,
virFreeCallback freecb,
int *callbackID)
- ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(6)
- ATTRIBUTE_NONNULL(9);
+ ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(5)
+ ATTRIBUTE_NONNULL(8);
int
virNetworkEventStateRegisterClient(virConnectPtr conn,
diff --git a/src/libxl/libxl_driver.c b/src/libxl/libxl_driver.c
index fc0efa2..ad6231f 100644
--- a/src/libxl/libxl_driver.c
+++ b/src/libxl/libxl_driver.c
@@ -3654,7 +3654,6 @@ libxlConnectDomainEventRegister(virConnectPtr conn,
if (virDomainEventStateRegister(conn,
driver->domainEventState,
- virConnectDomainEventRegisterCheckACL,
callback, opaque, freecb) < 0)
return -1;
@@ -4260,7 +4259,6 @@ libxlConnectDomainEventRegisterAny(virConnectPtr conn, virDomainPtr dom, int eve
if (virDomainEventStateRegisterID(conn,
driver->domainEventState,
- virConnectDomainEventRegisterAnyCheckACL,
dom, eventID, callback, opaque,
freecb, &ret) < 0)
ret = -1;
diff --git a/src/lxc/lxc_driver.c b/src/lxc/lxc_driver.c
index 982f3fc..46c16bc 100644
--- a/src/lxc/lxc_driver.c
+++ b/src/lxc/lxc_driver.c
@@ -1293,7 +1293,6 @@ lxcConnectDomainEventRegister(virConnectPtr conn,
if (virDomainEventStateRegister(conn,
driver->domainEventState,
- virConnectDomainEventRegisterCheckACL,
callback, opaque, freecb) < 0)
return -1;
@@ -1335,7 +1334,6 @@ lxcConnectDomainEventRegisterAny(virConnectPtr conn,
if (virDomainEventStateRegisterID(conn,
driver->domainEventState,
- virConnectDomainEventRegisterAnyCheckACL,
dom, eventID,
callback, opaque, freecb, &ret) < 0)
ret = -1;
diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
index 6bdd1d6..45dff8a 100644
--- a/src/network/bridge_driver.c
+++ b/src/network/bridge_driver.c
@@ -2310,7 +2310,6 @@ networkConnectNetworkEventRegisterAny(virConnectPtr conn,
goto cleanup;
if (virNetworkEventStateRegisterID(conn, driver->networkEventState,
- virConnectNetworkEventRegisterAnyCheckACL,
net, eventID, callback,
opaque, freecb, &ret) < 0)
ret = -1;
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index a555470..4f134e9 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -10340,7 +10340,6 @@ qemuConnectDomainEventRegister(virConnectPtr conn,
if (virDomainEventStateRegister(conn,
driver->domainEventState,
- virConnectDomainEventRegisterCheckACL,
callback, opaque, freecb) < 0)
goto cleanup;
@@ -10389,7 +10388,6 @@ qemuConnectDomainEventRegisterAny(virConnectPtr conn,
if (virDomainEventStateRegisterID(conn,
driver->domainEventState,
- virConnectDomainEventRegisterAnyCheckACL,
dom, eventID,
callback, opaque, freecb, &ret) < 0)
ret = -1;
diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
index ca86e3c..18eb454 100644
--- a/src/remote/remote_driver.c
+++ b/src/remote/remote_driver.c
@@ -4427,7 +4427,7 @@ remoteConnectDomainEventRegister(virConnectPtr conn,
remoteDriverLock(priv);
- if ((count = virDomainEventStateRegister(conn, priv->eventState, NULL,
+ if ((count = virDomainEventStateRegister(conn, priv->eventState,
callback, opaque, freecb)) < 0)
goto done;
@@ -5245,7 +5245,7 @@ remoteConnectDomainEventRegisterAny(virConnectPtr conn,
remoteDriverLock(priv);
- if ((count = virDomainEventStateRegisterID(conn, priv->eventState, NULL,
+ if ((count = virDomainEventStateRegisterID(conn, priv->eventState,
dom, eventID,
callback, opaque, freecb,
&callbackID)) < 0)
diff --git a/src/test/test_driver.c b/src/test/test_driver.c
index 4c277bd..b724f82 100644
--- a/src/test/test_driver.c
+++ b/src/test/test_driver.c
@@ -6145,7 +6145,7 @@ testConnectDomainEventRegister(virConnectPtr conn,
int ret = 0;
testDriverLock(driver);
- if (virDomainEventStateRegister(conn, driver->eventState, NULL,
+ if (virDomainEventStateRegister(conn, driver->eventState,
callback, opaque, freecb) < 0)
ret = -1;
testDriverUnlock(driver);
@@ -6183,7 +6183,7 @@ testConnectDomainEventRegisterAny(virConnectPtr conn,
int ret;
testDriverLock(driver);
- if (virDomainEventStateRegisterID(conn, driver->eventState, NULL,
+ if (virDomainEventStateRegisterID(conn, driver->eventState,
dom, eventID,
callback, opaque, freecb, &ret) < 0)
ret = -1;
@@ -6221,7 +6221,7 @@ testConnectNetworkEventRegisterAny(virConnectPtr conn,
int ret;
testDriverLock(driver);
- if (virNetworkEventStateRegisterID(conn, driver->eventState, NULL,
+ if (virNetworkEventStateRegisterID(conn, driver->eventState,
net, eventID, callback,
opaque, freecb, &ret) < 0)
ret = -1;
diff --git a/src/uml/uml_driver.c b/src/uml/uml_driver.c
index 89afefe..dbd5da9 100644
--- a/src/uml/uml_driver.c
+++ b/src/uml/uml_driver.c
@@ -2617,7 +2617,6 @@ umlConnectDomainEventRegister(virConnectPtr conn,
umlDriverLock(driver);
if (virDomainEventStateRegister(conn,
driver->domainEventState,
- virConnectDomainEventRegisterCheckACL,
callback, opaque, freecb) < 0)
ret = -1;
umlDriverUnlock(driver);
@@ -2662,7 +2661,6 @@ umlConnectDomainEventRegisterAny(virConnectPtr conn,
umlDriverLock(driver);
if (virDomainEventStateRegisterID(conn,
driver->domainEventState,
- virConnectDomainEventRegisterAnyCheckACL,
dom, eventID,
callback, opaque, freecb, &ret) < 0)
ret = -1;
diff --git a/src/vbox/vbox_tmpl.c b/src/vbox/vbox_tmpl.c
index 1be4dc4..382d7b4 100644
--- a/src/vbox/vbox_tmpl.c
+++ b/src/vbox/vbox_tmpl.c
@@ -7332,7 +7332,7 @@ vboxConnectDomainEventRegister(virConnectPtr conn,
* later you can iterate over them
*/
- ret = virDomainEventStateRegister(conn, data->domainEvents, NULL,
+ ret = virDomainEventStateRegister(conn, data->domainEvents,
callback, opaque, freecb);
VIR_DEBUG("virObjectEventStateRegister (ret = %d) (conn: %p, "
"callback: %p, opaque: %p, "
@@ -7429,7 +7429,7 @@ static int vboxConnectDomainEventRegisterAny(virConnectPtr conn,
* later you can iterate over them
*/
- if (virDomainEventStateRegisterID(conn, data->domainEvents, NULL,
+ if (virDomainEventStateRegisterID(conn, data->domainEvents,
dom, eventID,
callback, opaque, freecb, &ret) < 0)
ret = -1;
diff --git a/src/xen/xen_driver.c b/src/xen/xen_driver.c
index c45d980..7506e8c 100644
--- a/src/xen/xen_driver.c
+++ b/src/xen/xen_driver.c
@@ -2323,7 +2323,6 @@ xenUnifiedConnectDomainEventRegister(virConnectPtr conn,
}
if (virDomainEventStateRegister(conn, priv->domainEvents,
- virConnectDomainEventRegisterCheckACL,
callback, opaque, freefunc) < 0)
ret = -1;
@@ -2383,7 +2382,6 @@ xenUnifiedConnectDomainEventRegisterAny(virConnectPtr conn,
}
if (virDomainEventStateRegisterID(conn, priv->domainEvents,
- virConnectDomainEventRegisterAnyCheckACL,
dom, eventID,
callback, opaque, freefunc, &ret) < 0)
ret = -1;
--
1.8.5.3
10 years, 9 months
- 2
- 6
[libvirt] [PATCH] conf: add localtime support in guest clock with variable attibute
by Jincheng Miao
commit b8bf79a, which add clock=variable, forgets to check localtime
basis in qemuBuildClockArgStr(). So that localtime basis could not
be used, like this bug:
https://bugzilla.redhat.com/show_bug.cgi?id=1046192
---
src/qemu/qemu_command.c | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index d723dc8..749ad54 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -6490,15 +6490,21 @@ qemuBuildClockArgStr(virDomainClockDefPtr def)
time_t now = time(NULL);
struct tm nowbits;
- if (def->data.variable.basis != VIR_DOMAIN_CLOCK_BASIS_UTC) {
+ if (def->data.variable.basis == VIR_DOMAIN_CLOCK_BASIS_UTC) {
+ now += def->data.variable.adjustment;
+ gmtime_r(&now, &nowbits);
+ }
+ else if (def->data.variable.basis == VIR_DOMAIN_CLOCK_BASIS_LOCALTIME) {
+ now += def->data.variable.adjustment;
+ localtime_r(&now, &nowbits);
+ }
+ else {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
_("unsupported clock basis '%s'"),
virDomainClockBasisTypeToString(def->data.variable.basis));
goto error;
}
- now += def->data.variable.adjustment;
- gmtime_r(&now, &nowbits);
-
+
/* Store the guest's basedate */
def->data.variable.basedate = now;
--
1.8.3.1
10 years, 9 months
- 2
- 1
[libvirt] [PATCH] network: disallow <bandwidth>/<mac> for bridged/macvtap networks
by Laine Stump
https://bugzilla.redhat.com/show_bug.cgi?id=1057321 pointed out that
we weren't honoring the <bandwidth> element in libvirt networks using
<forward mode='bridge'/>. In fact, these networks are just a method of
giving a libvirt network name to an existing Linux host bridge on the
system, and even if it were technically possible for us to set
network-wide bandwidth limits for all the taps on a bridge, it's
probably not a polite thing to do since libvirt is just using a bridge
that was created by someone else for other purposes. So the proper
thing is to just log an error when someone tries to put a <bandwidth>
element in that type of network.
While looking through the network XML documentation and comparing it
to the networkValidate function, I noticed that we also ignore the
presence of a mac address in the config, even though we do nothing
with it in this case either.
This patch updates networkValidate() (which is called any time a
persistent network is defined, or a transient network created) to log
an error and fail if it finds either a <bandwidth> or <mac> element
and the network forward mode is anything except 'route'. 'nat', or
nothing. (Yes, neither of those elements is acceptable for any macvtap
mode, nor for a hostdev network).
NB: This does *not* cause failure to start any existing network that
contains one of those elements, so someone might have erroneously
defined such a network in the past, and that network will continue to
function unmodified. I considered it too disruptive to suddenly break
working configs on the next reboot after a libvirt upgrade.
---
src/network/bridge_driver.c | 19 ++++++++++++++++++-
1 file changed, 18 insertions(+), 1 deletion(-)
diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
index 0b43a67..3b9b58d 100644
--- a/src/network/bridge_driver.c
+++ b/src/network/bridge_driver.c
@@ -2407,8 +2407,17 @@ networkValidate(virNetworkDriverStatePtr driver,
virNetworkSetBridgeMacAddr(def);
} else {
/* They are also the only types that currently support setting
- * an IP address for the host-side device (bridge)
+ * a MAC or IP address for the host-side device (bridge), DNS
+ * configuration, or network-wide bandwidth limits.
*/
+ if (def->mac_specified) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+ _("Unsupported <mac> element in network %s "
+ "with forward mode='%s'"),
+ def->name,
+ virNetworkForwardTypeToString(def->forward.type));
+ return -1;
+ }
if (virNetworkDefGetIpByIndex(def, AF_UNSPEC, 0)) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
_("Unsupported <ip> element in network %s "
@@ -2433,6 +2442,14 @@ networkValidate(virNetworkDriverStatePtr driver,
virNetworkForwardTypeToString(def->forward.type));
return -1;
}
+ if (def->bandwidth) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+ _("Unsupported network-wide <bandwidth> element "
+ "in network %s with forward mode='%s'"),
+ def->name,
+ virNetworkForwardTypeToString(def->forward.type));
+ return -1;
+ }
}
/* We only support dhcp on one IPv4 address and
--
1.8.5.3
10 years, 9 months
- 4
- 7
[libvirt] [PATCH] qemu: Fix crash in virDomainMemoryStats with old qemu
by Jiri Denemark
If virDomainMemoryStats was run on a domain with virtio balloon driver
running on an old qemu which supports QMP but does not support qom-list
QMP command, libvirtd would crash. The reason is we did not check if
qemuMonitorJSONGetObjectListPaths failed and moreover we even stored its
result in an unsigned integer type.
Signed-off-by: Jiri Denemark <jdenemar(a)redhat.com>
---
src/qemu/qemu_monitor.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/src/qemu/qemu_monitor.c b/src/qemu/qemu_monitor.c
index a968901..cdd817f 100644
--- a/src/qemu/qemu_monitor.c
+++ b/src/qemu/qemu_monitor.c
@@ -1019,7 +1019,9 @@ qemuMonitorFindBalloonObjectPath(qemuMonitorPtr mon,
virDomainObjPtr vm,
const char *curpath)
{
- size_t i, j, npaths = 0, nprops = 0;
+ size_t i, j;
+ int npaths = 0;
+ int nprops = 0;
int ret = 0;
char *nextpath = NULL;
qemuMonitorJSONListPathPtr *paths = NULL;
@@ -1045,6 +1047,8 @@ qemuMonitorFindBalloonObjectPath(qemuMonitorPtr mon,
VIR_DEBUG("Searching for Balloon Object Path starting at %s", curpath);
npaths = qemuMonitorJSONGetObjectListPaths(mon, curpath, &paths);
+ if (npaths < 0)
+ return -1;
for (i = 0; i < npaths && ret == 0; i++) {
@@ -1061,6 +1065,11 @@ qemuMonitorFindBalloonObjectPath(qemuMonitorPtr mon,
* then this version of qemu/kvm does not support the feature.
*/
nprops = qemuMonitorJSONGetObjectListPaths(mon, nextpath, &bprops);
+ if (nprops < 0) {
+ ret = -1;
+ goto cleanup;
+ }
+
for (j = 0; j < nprops; j++) {
if (STREQ(bprops[j]->name, "guest-stats-polling-interval")) {
VIR_DEBUG("Found Balloon Object Path %s", nextpath);
--
1.8.5.3
10 years, 9 months
- 1
- 0
[libvirt] [PATCH python] Fix calling of virStreamSend method
by Daniel P. Berrange
Change d40861 removed the 'len' argument from the virStreamSend
C level wrapper, but forgot to remove it from the python level
wrapper.
Reported-by: Robie Basak <robie.basak(a)canonical.com>
Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com>
---
libvirt-override-virStream.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libvirt-override-virStream.py b/libvirt-override-virStream.py
index cd44314..ce82da6 100644
--- a/libvirt-override-virStream.py
+++ b/libvirt-override-virStream.py
@@ -122,6 +122,6 @@
with the call, but may instead be delayed until a
subsequent call.
"""
- ret = libvirtmod.virStreamSend(self._o, data, len(data))
+ ret = libvirtmod.virStreamSend(self._o, data)
if ret == -1: raise libvirtError ('virStreamSend() failed')
return ret
--
1.8.4.2
10 years, 9 months
- 4
- 6
10 years, 9 months
- 1
- 0