September 2014 - Devel - Libvirt List Archives

[libvirt] [python PATCH v2 0/5] Implement new APIs

by Pavel Hrdina

new in v2: - moved function to appropriate place in libvirt-override.c - fixed generator to resolve enum reference - fixed memory leak in virDomainListGetStats and sanyti test - implemented API for virDomainBlockCopy Pavel Hrdina (3): generator: resolve one level of enum reference API: Implement bindings for virDomainListGetStats Implement API bindings for virDomainBlockCopy Peter Krempa (2): API: Skip 'virDomainStatsRecordListFree' API: Implement bindings for virConnectGetAllDomainStats generator.py | 20 ++++- libvirt-override-api.xml | 10 +++ libvirt-override-virConnect.py | 100 +++++++++++++++++++++++ libvirt-override.c | 180 +++++++++++++++++++++++++++++++++++++++++ sanitytest.py | 6 ++ 5 files changed, 315 insertions(+), 1 deletion(-) -- 1.8.5.5

10 years, 2 months

2
13
0 / 0

[libvirt] [python PATCH 0/5] Implement bindings for bulk stats API

by Peter Krempa

The last patch is to ease review to be able to build the series. Peter Krempa (5): generator: enum: Don't sort enums by names API: Skip 'virDomainStatsRecordListFree' API: Implement bindings for virConnectGetAllDomainStats API: Implement bindings for virDomainListGetStats DO NOT APPLY: Fix build with missing virDomainBlockCopy API generator.py | 6 +- libvirt-override-virConnect.py | 100 ++++++++++++++++++++++++++++ libvirt-override.c | 144 +++++++++++++++++++++++++++++++++++++++++ 3 files changed, 248 insertions(+), 2 deletions(-) -- 2.0.2

10 years, 2 months

3
11
0 / 0

[libvirt] [PATCH for 1.2.8] selinux: properly label tap FDs with imagelabel

by Martin Kletzander

The cleanup in commit cf976d9d used secdef->label to label the tap FDs, but that is not possible since it's process-only label (svirt_t) and not a object label (e.g. svirt_image_t). Starting a domain failed with EPERM, but simply using secdef->label instead fixes it. Signed-off-by: Martin Kletzander <mkletzan(a)redhat.com> --- src/security/security_selinux.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c index 5d18493..e8c13db 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -2340,7 +2340,7 @@ virSecuritySELinuxSetTapFDLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, if (!secdef || !secdef->label) return 0; - return virSecuritySELinuxFSetFilecon(fd, secdef->label); + return virSecuritySELinuxFSetFilecon(fd, secdef->imagelabel); } static char * -- 2.1.0

10 years, 2 months

2
1
0 / 0

[libvirt] [PATCH v4 0/3] OVMF exposure

by Michal Privoznik

diff to v3: -Pure rebae & resend diff to v2: -Adapted to Laszlo's review on v2 Michal Privoznik (3): conf: Extend <loader/> and introduce <nvram/> qemu: Implement extended loader and nvram qemu: Automatically create NVRAM store docs/formatdomain.html.in | 19 ++- docs/schemas/domaincommon.rng | 21 ++++ libvirt.spec.in | 2 + src/Makefile.am | 1 + src/conf/domain_conf.c | 87 +++++++++++++- src/conf/domain_conf.h | 22 +++- src/libvirt_private.syms | 3 + src/qemu/libvirtd_qemu.aug | 3 + src/qemu/qemu.conf | 14 +++ src/qemu/qemu_command.c | 97 ++++++++++++++- src/qemu/qemu_conf.c | 93 +++++++++++++++ src/qemu/qemu_conf.h | 5 + src/qemu/qemu_process.c | 132 +++++++++++++++++++++ src/qemu/test_libvirtd_qemu.aug.in | 3 + src/security/security_dac.c | 8 ++ src/security/security_selinux.c | 8 ++ src/security/virt-aa-helper.c | 4 +- src/vbox/vbox_common.c | 7 +- src/xenapi/xenapi_driver.c | 3 +- src/xenconfig/xen_common.c | 7 +- src/xenconfig/xen_sxpr.c | 16 +-- .../qemuxml2argvdata/qemuxml2argv-bios-nvram.args | 10 ++ tests/qemuxml2argvdata/qemuxml2argv-bios-nvram.xml | 40 +++++++ tests/qemuxml2argvtest.c | 2 + .../qemuxml2xmlout-pci-bridge-many-disks.xml | 2 +- tests/qemuxml2xmltest.c | 2 + tests/sexpr2xmldata/sexpr2xml-fv-autoport.xml | 2 +- tests/sexpr2xmldata/sexpr2xml-fv-empty-kernel.xml | 2 +- tests/sexpr2xmldata/sexpr2xml-fv-force-hpet.xml | 2 +- tests/sexpr2xmldata/sexpr2xml-fv-force-nohpet.xml | 2 +- tests/sexpr2xmldata/sexpr2xml-fv-kernel.xml | 2 +- tests/sexpr2xmldata/sexpr2xml-fv-legacy-vfb.xml | 2 +- tests/sexpr2xmldata/sexpr2xml-fv-localtime.xml | 2 +- tests/sexpr2xmldata/sexpr2xml-fv-net-ioemu.xml | 2 +- tests/sexpr2xmldata/sexpr2xml-fv-net-netfront.xml | 2 +- tests/sexpr2xmldata/sexpr2xml-fv-parallel-tcp.xml | 2 +- .../sexpr2xml-fv-serial-dev-2-ports.xml | 2 +- .../sexpr2xml-fv-serial-dev-2nd-port.xml | 2 +- tests/sexpr2xmldata/sexpr2xml-fv-serial-file.xml | 2 +- tests/sexpr2xmldata/sexpr2xml-fv-serial-null.xml | 2 +- tests/sexpr2xmldata/sexpr2xml-fv-serial-pipe.xml | 2 +- tests/sexpr2xmldata/sexpr2xml-fv-serial-pty.xml | 2 +- tests/sexpr2xmldata/sexpr2xml-fv-serial-stdio.xml | 2 +- .../sexpr2xml-fv-serial-tcp-telnet.xml | 2 +- tests/sexpr2xmldata/sexpr2xml-fv-serial-tcp.xml | 2 +- tests/sexpr2xmldata/sexpr2xml-fv-serial-udp.xml | 2 +- tests/sexpr2xmldata/sexpr2xml-fv-serial-unix.xml | 2 +- tests/sexpr2xmldata/sexpr2xml-fv-sound-all.xml | 2 +- tests/sexpr2xmldata/sexpr2xml-fv-sound.xml | 2 +- tests/sexpr2xmldata/sexpr2xml-fv-usbmouse.xml | 2 +- tests/sexpr2xmldata/sexpr2xml-fv-usbtablet.xml | 2 +- tests/sexpr2xmldata/sexpr2xml-fv-utc.xml | 2 +- tests/sexpr2xmldata/sexpr2xml-fv-v2.xml | 2 +- tests/sexpr2xmldata/sexpr2xml-fv.xml | 2 +- tests/sexpr2xmldata/sexpr2xml-no-source-cdrom.xml | 2 +- tests/xmconfigdata/test-escape-paths.xml | 2 +- tests/xmconfigdata/test-fullvirt-force-hpet.xml | 2 +- tests/xmconfigdata/test-fullvirt-force-nohpet.xml | 2 +- tests/xmconfigdata/test-fullvirt-localtime.xml | 2 +- tests/xmconfigdata/test-fullvirt-net-ioemu.xml | 2 +- tests/xmconfigdata/test-fullvirt-net-netfront.xml | 2 +- tests/xmconfigdata/test-fullvirt-new-cdrom.xml | 2 +- tests/xmconfigdata/test-fullvirt-old-cdrom.xml | 2 +- tests/xmconfigdata/test-fullvirt-parallel-tcp.xml | 2 +- .../test-fullvirt-serial-dev-2-ports.xml | 2 +- .../test-fullvirt-serial-dev-2nd-port.xml | 2 +- tests/xmconfigdata/test-fullvirt-serial-file.xml | 2 +- tests/xmconfigdata/test-fullvirt-serial-null.xml | 2 +- tests/xmconfigdata/test-fullvirt-serial-pipe.xml | 2 +- tests/xmconfigdata/test-fullvirt-serial-pty.xml | 2 +- tests/xmconfigdata/test-fullvirt-serial-stdio.xml | 2 +- .../test-fullvirt-serial-tcp-telnet.xml | 2 +- tests/xmconfigdata/test-fullvirt-serial-tcp.xml | 2 +- tests/xmconfigdata/test-fullvirt-serial-udp.xml | 2 +- tests/xmconfigdata/test-fullvirt-serial-unix.xml | 2 +- tests/xmconfigdata/test-fullvirt-sound.xml | 2 +- tests/xmconfigdata/test-fullvirt-usbmouse.xml | 2 +- tests/xmconfigdata/test-fullvirt-usbtablet.xml | 2 +- tests/xmconfigdata/test-fullvirt-utc.xml | 2 +- tests/xmconfigdata/test-no-source-cdrom.xml | 2 +- tests/xmconfigdata/test-pci-devs.xml | 2 +- 81 files changed, 639 insertions(+), 82 deletions(-) create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-bios-nvram.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-bios-nvram.xml -- 1.8.5.5

10 years, 2 months

4
21
0 / 0

[libvirt] (no subject)

by Raghavendra K T

Bcc: Raghavendra K T <raghavendra.kt(a)linux.vnet.ibm.com> Subject: Re: [libvirt] [RFC] exclusive vcpu-cpu pinning Reply-To: Raghavendra K T <raghavendra.kt(a)linux.vnet.ibm.com> In-Reply-To: <53DA24CF.8030600(a)redhat.com> * J?n Tomko <jtomko(a)redhat.com> [2014-07-31 13:13:19]: > Hello developers! > > Currently, our default cgroup layout is: > -top level cgroup > \-machine (machine.slice with systemd) > `-vm1.libvirt-qemu (machine-qemu\x2dvm1.scope with systemd) > `-emulator > `-vcpu0 > \-vcpu1 > \-vm2.libvirt-qemu > `-emulator > `-vcpu0 > `-vcpu1 > > To free some CPUs for exclusive use, either all processes from the top level > cgroup should be moved to another one (which does not seem like a great idea) > or isolcpus= should be specified on the kernel command line. > > The cpuset.cpu_exclusive option can be set on a cgroup if > * all the groups up to the top level group have it set > * the cpuset of the current group is a subset of the parent group > and no siblings use any cpus from the current cpuset > > This would mean that to keep the existing nested structure, all vcpus and the > emulator thread would need to have an exclusive CPU, e.g: > <vcpu placement='static' cpuset='4-6'>2</vcpu> > <cputune exclusive='yes'> > <vcpupin vcpu='0' cpuset='5'/> > <vcpupin vcpu='1' cpuset='6'/> > <emulatorpin cpuset='4'/> > </cputune> > > (The only two issues I found: > 1) libvirt would have to mess with systemd's 'machine-scope' behind it's back > (setting cpu_exclusive) > 2) creating machines without explicit cpu pinning fails, as libvirt tries to > write all the cpus to the cpuset, even those the other machine uses > exclusively) > > I've also thought about just keeping track of the 'exclusived' CPUs in > libvirt. This would not work across drivers. And it could possibly be needed > to solve issue 2). > > Do you think any of these options would be useful? > > Bug: https://bugzilla.redhat.com/show_bug.cgi?id=996758 > > Jan > Hi Jan, I am not familiar with libvirt internals, but eager to solve the problem (I also tried to solve the same problem, I had POC kernel solution which was rightly rejected because we could solve with userspace). Could we have a dedicated cpuset for vms (which asks for dedicated cpuset may be via xml tag? <description>dedicated</description>) [ This is very similar to what you have proposed ] suppose we have 2 vms of 8 vcpus (vm1 dedicated, vm2 non-dedicated) on a 16 pcpu machine, the modified cpuset cgroup hierarchy looks like this (for cpuset only): | root (cpuset.cpus = 0-15) | \_ machine (tasks = system tasks) (cpuset.cpus = 0-7, exclusive=1) \_ vm2.libvirt-qemu (cpuset.cpus = 0-7, exclusive=1) | \_ vm2.libvirt-qemu (cpuset.cpus = 8-15, exclusive=1) But as you have mentioned above libvirt will have to 1. modify the cpuset hierarchy behind systemd 2. move all the system tasks to machine (only for cpuset) 3. assign all the non dedicated cpuset to /machine hierarchy 4. assign dedicated/exclusive cpus to vms automatically. ofcourse we cannot have 100% of cpus to be dedicated and we will have to ensure that we do have some cpus left for system tasks/non dedicated vms etc. I see we could achieve above requirement with a userspace daemon, But I think libvirt way of solving would be ideal. Do you think the above solution is too intrusive? Please let us know your thoughts.

10 years, 2 months

1
0
0 / 0

[libvirt] [PATCH 00/11] bulk stats: QEMU implementation

by Francesco Romani

This patchset enhances the QEMU support for the new bulk stats API. What is added is the equivalent of these APIs: virDomainBlockInfo virDomainGetInfo - for balloon stats virDomainGetCPUStats virDomainBlockStatsFlags virDomainInterfaceStats virDomainGetVcpusFlags virDomainGetVcpus This subset of API is the one oVirt relies on. The patchset is organized as follows: - the first 4 patches do refactoring to extract internal helper functions to be used by the old API and by the new bulk one. For block stats on helper is actually added instead of extracted. - since some groups require access to the QEMU monitor, one patch extend the internal interface to easily accomodate that - finally, the last six patches implement the support for the bulk API. Francesco Romani (11): qemu: extract helper to get the current balloon qemu: extract helper to gather vcpu data qemu: add helper to get the block stats qemu: extract helper to get block info qemu: bulk stats: pass connection to workers qemu: bulk stats: implement CPU stats group qemu: bulk stats: implement balloon group qemu: bulk stats: implement VCPU group qemu: bulk stats: implement interface group qemu: bulk stats: implement block group qemu: bulk stats: implement blockinfo group include/libvirt/libvirt.h.in | 6 + src/qemu/qemu_driver.c | 558 ++++++++++++++++++++++++++++++++++++++----- 2 files changed, 502 insertions(+), 62 deletions(-) -- 1.9.3

10 years, 2 months

2
13
0 / 0

[libvirt] [PATCH] Fix connection to already running session libvirtd

by Christophe Fergeau

Since 1b807f92, connecting with virsh to an already running session libvirtd fails with: $ virsh list --all error: failed to connect to the hypervisor error: no valid connection error: Failed to connect socket to '/run/user/1000/libvirt/libvirt-sock': Transport endpoint is already connected This is caused by a logic error in virNetSocketNewConnectUnix: even if the connection to the daemon socket succeeded, we still try to spawn the daemon and then connect to it. This commit changes the logic to not try to spawn libvirtd if we successfully connected to its socket. With whitespace changes removed, this patch becomes just this: diff --git a/src/rpc/virnetsocket.c b/src/rpc/virnetsocket.c index f913365..79540b3 100644 --- a/src/rpc/virnetsocket.c +++ b/src/rpc/virnetsocket.c @@ -574,7 +574,8 @@ int virNetSocketNewConnectUNIX(const char *path, remoteAddr.data.un.sun_path[0] = '\0'; retry: - if (connect(fd, &remoteAddr.data.sa, remoteAddr.len) < 0 && !spawnDaemon) { + if (connect(fd, &remoteAddr.data.sa, remoteAddr.len) < 0) { + if (!spawnDaemon) { virReportSystemError(errno, _("Failed to connect socket to '%s'"), path); goto error; @@ -634,6 +635,7 @@ int virNetSocketNewConnectUNIX(const char *path, if (virNetSocketForkDaemon(binary, passfd) < 0) goto error; } + } localAddr.len = sizeof(localAddr.data); if (getsockname(fd, &localAddr.data.sa, &localAddr.len) < 0) { --- src/rpc/virnetsocket.c | 102 +++++++++++++++++++++++++------------------------ 1 file changed, 52 insertions(+), 50 deletions(-) diff --git a/src/rpc/virnetsocket.c b/src/rpc/virnetsocket.c index 79258ef..8fc5d80 100644 --- a/src/rpc/virnetsocket.c +++ b/src/rpc/virnetsocket.c @@ -573,65 +573,67 @@ int virNetSocketNewConnectUNIX(const char *path, remoteAddr.data.un.sun_path[0] = '\0'; retry: - if (connect(fd, &remoteAddr.data.sa, remoteAddr.len) < 0 && !spawnDaemon) { - virReportSystemError(errno, _("Failed to connect socket to '%s'"), - path); - goto error; - } else if (spawnDaemon) { - int status = 0; - pid_t pid = 0; - - if ((passfd = socket(PF_UNIX, SOCK_STREAM, 0)) < 0) { - virReportSystemError(errno, "%s", _("Failed to create socket")); + if (connect(fd, &remoteAddr.data.sa, remoteAddr.len) < 0) { + if (!spawnDaemon) { + virReportSystemError(errno, _("Failed to connect socket to '%s'"), + path); goto error; - } + } else if (spawnDaemon) { + int status = 0; + pid_t pid = 0; - /* - * We have to fork() here, because umask() is set - * per-process, chmod() is racy and fchmod() has undefined - * behaviour on sockets according to POSIX, so it doesn't - * work outside Linux. - */ - if ((pid = virFork()) < 0) - goto error; + if ((passfd = socket(PF_UNIX, SOCK_STREAM, 0)) < 0) { + virReportSystemError(errno, "%s", _("Failed to create socket")); + goto error; + } - if (pid == 0) { - umask(0077); - if (bind(passfd, &remoteAddr.data.sa, remoteAddr.len) < 0) - _exit(EXIT_FAILURE); + /* + * We have to fork() here, because umask() is set + * per-process, chmod() is racy and fchmod() has undefined + * behaviour on sockets according to POSIX, so it doesn't + * work outside Linux. + */ + if ((pid = virFork()) < 0) + goto error; - _exit(EXIT_SUCCESS); - } + if (pid == 0) { + umask(0077); + if (bind(passfd, &remoteAddr.data.sa, remoteAddr.len) < 0) + _exit(EXIT_FAILURE); - if (virProcessWait(pid, &status, false) < 0) - goto error; + _exit(EXIT_SUCCESS); + } - if (status != EXIT_SUCCESS) { - /* - * OK, so the subprocces failed to bind() the socket. This may mean - * that another daemon was starting at the same time and succeeded - * with its bind(). So we'll try connecting again, but this time - * without spawning the daemon. - */ - spawnDaemon = false; - goto retry; - } + if (virProcessWait(pid, &status, false) < 0) + goto error; - if (listen(passfd, 0) < 0) { - virReportSystemError(errno, "%s", - _("Failed to listen on socket that's about " - "to be passed to the daemon")); - goto error; - } + if (status != EXIT_SUCCESS) { + /* + * OK, so the subprocces failed to bind() the socket. This may mean + * that another daemon was starting at the same time and succeeded + * with its bind(). So we'll try connecting again, but this time + * without spawning the daemon. + */ + spawnDaemon = false; + goto retry; + } - if (connect(fd, &remoteAddr.data.sa, remoteAddr.len) < 0) { - virReportSystemError(errno, _("Failed to connect socket to '%s'"), - path); - goto error; - } + if (listen(passfd, 0) < 0) { + virReportSystemError(errno, "%s", + _("Failed to listen on socket that's about " + "to be passed to the daemon")); + goto error; + } - if (virNetSocketForkDaemon(binary, passfd) < 0) - goto error; + if (connect(fd, &remoteAddr.data.sa, remoteAddr.len) < 0) { + virReportSystemError(errno, _("Failed to connect socket to '%s'"), + path); + goto error; + } + + if (virNetSocketForkDaemon(binary, passfd) < 0) + goto error; + } } localAddr.len = sizeof(localAddr.data); -- 1.9.3

10 years, 2 months

3
4
0 / 0

[libvirt] [PATCH v2] Fix connection to already running session libvirtd

by Christophe Fergeau

Since 1b807f92, connecting with virsh to an already running session libvirtd fails with: $ virsh list --all error: failed to connect to the hypervisor error: no valid connection error: Failed to connect socket to '/run/user/1000/libvirt/libvirt-sock': Transport endpoint is already connected This is caused by a logic error in virNetSocketNewConnectUnix: even if the connection to the daemon socket succeeded, we still try to spawn the daemon and then connect to it. This commit changes the logic to not try to spawn libvirtd if we successfully connected to its socket. Most of this commit is whitespace changes, use of -w is used to look at it. --- Changes since v1: - Removed now redundant test in the else branch src/rpc/virnetsocket.c | 102 +++++++++++++++++++++++++------------------------ 1 file changed, 52 insertions(+), 50 deletions(-) diff --git a/src/rpc/virnetsocket.c b/src/rpc/virnetsocket.c index 79258ef..9780e17 100644 --- a/src/rpc/virnetsocket.c +++ b/src/rpc/virnetsocket.c @@ -573,65 +573,67 @@ int virNetSocketNewConnectUNIX(const char *path, remoteAddr.data.un.sun_path[0] = '\0'; retry: - if (connect(fd, &remoteAddr.data.sa, remoteAddr.len) < 0 && !spawnDaemon) { - virReportSystemError(errno, _("Failed to connect socket to '%s'"), - path); - goto error; - } else if (spawnDaemon) { - int status = 0; - pid_t pid = 0; - - if ((passfd = socket(PF_UNIX, SOCK_STREAM, 0)) < 0) { - virReportSystemError(errno, "%s", _("Failed to create socket")); + if (connect(fd, &remoteAddr.data.sa, remoteAddr.len) < 0) { + if (!spawnDaemon) { + virReportSystemError(errno, _("Failed to connect socket to '%s'"), + path); goto error; - } + } else { + int status = 0; + pid_t pid = 0; - /* - * We have to fork() here, because umask() is set - * per-process, chmod() is racy and fchmod() has undefined - * behaviour on sockets according to POSIX, so it doesn't - * work outside Linux. - */ - if ((pid = virFork()) < 0) - goto error; + if ((passfd = socket(PF_UNIX, SOCK_STREAM, 0)) < 0) { + virReportSystemError(errno, "%s", _("Failed to create socket")); + goto error; + } - if (pid == 0) { - umask(0077); - if (bind(passfd, &remoteAddr.data.sa, remoteAddr.len) < 0) - _exit(EXIT_FAILURE); + /* + * We have to fork() here, because umask() is set + * per-process, chmod() is racy and fchmod() has undefined + * behaviour on sockets according to POSIX, so it doesn't + * work outside Linux. + */ + if ((pid = virFork()) < 0) + goto error; - _exit(EXIT_SUCCESS); - } + if (pid == 0) { + umask(0077); + if (bind(passfd, &remoteAddr.data.sa, remoteAddr.len) < 0) + _exit(EXIT_FAILURE); - if (virProcessWait(pid, &status, false) < 0) - goto error; + _exit(EXIT_SUCCESS); + } - if (status != EXIT_SUCCESS) { - /* - * OK, so the subprocces failed to bind() the socket. This may mean - * that another daemon was starting at the same time and succeeded - * with its bind(). So we'll try connecting again, but this time - * without spawning the daemon. - */ - spawnDaemon = false; - goto retry; - } + if (virProcessWait(pid, &status, false) < 0) + goto error; - if (listen(passfd, 0) < 0) { - virReportSystemError(errno, "%s", - _("Failed to listen on socket that's about " - "to be passed to the daemon")); - goto error; - } + if (status != EXIT_SUCCESS) { + /* + * OK, so the subprocces failed to bind() the socket. This may mean + * that another daemon was starting at the same time and succeeded + * with its bind(). So we'll try connecting again, but this time + * without spawning the daemon. + */ + spawnDaemon = false; + goto retry; + } - if (connect(fd, &remoteAddr.data.sa, remoteAddr.len) < 0) { - virReportSystemError(errno, _("Failed to connect socket to '%s'"), - path); - goto error; - } + if (listen(passfd, 0) < 0) { + virReportSystemError(errno, "%s", + _("Failed to listen on socket that's about " + "to be passed to the daemon")); + goto error; + } - if (virNetSocketForkDaemon(binary, passfd) < 0) - goto error; + if (connect(fd, &remoteAddr.data.sa, remoteAddr.len) < 0) { + virReportSystemError(errno, _("Failed to connect socket to '%s'"), + path); + goto error; + } + + if (virNetSocketForkDaemon(binary, passfd) < 0) + goto error; + } } localAddr.len = sizeof(localAddr.data); -- 1.9.3

10 years, 2 months

2
2
0 / 0

[libvirt] [PATCH] conf: Check migration_host is valid or not during libvirt restarts

by Chen Fan

if user specified an invalid strings as migration hostname, like setting: migration_host = "XXXXXXX", libvirt should check it and return error during lbivirt restart. Signed-off-by: Chen Fan <chen.fan.fnst(a)cn.fujitsu.com> --- src/qemu/qemu_conf.c | 40 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c index e2ec54f..450ac5b 100644 --- a/src/qemu/qemu_conf.c +++ b/src/qemu/qemu_conf.c @@ -33,6 +33,7 @@ #include <fcntl.h> #include <sys/wait.h> #include <arpa/inet.h> +#include <netdb.h> #include "virerror.h" #include "qemu_conf.h" @@ -650,6 +651,45 @@ int virQEMUDriverConfigLoadFile(virQEMUDriverConfigPtr cfg, GET_VALUE_LONG("seccomp_sandbox", cfg->seccompSandbox); GET_VALUE_STR("migration_host", cfg->migrateHost); + if (cfg->migrateHost) { + struct addrinfo hints; + struct addrinfo *res; + + memset(&hints, 0, sizeof(hints)); + hints.ai_flags = AI_ADDRCONFIG; + hints.ai_family = AF_UNSPEC; + + if (getaddrinfo(cfg->migrateHost, NULL, &hints, &res) != 0) { + virReportError(VIR_ERR_CONF_SYNTAX, + _("migration_host: '%s' is not a valid hostname"), + cfg->migrateHost); + goto cleanup; + } + + if (res == NULL) { + virReportError(VIR_ERR_CONF_SYNTAX, + _("No IP address for host '%s' found"), + cfg->migrateHost); + goto cleanup; + } + + freeaddrinfo(res); + + if (STRPREFIX(cfg->migrateHost, "localhost")) { + virReportError(VIR_ERR_CONF_SYNTAX, "%s", + _("setting migration_host to 'localhost' is not allowed")); + goto cleanup; + } + + if (STREQ(cfg->migrateHost, "127.0.0.1") || + STREQ(cfg->migrateHost, "::1")) { + virReportError(VIR_ERR_CONF_SYNTAX, "%s", + _("setting migration_host to '127.0.0.1' or '::1' " + "is not allowed")); + goto cleanup; + } + } + GET_VALUE_STR("migration_address", cfg->migrationAddress); GET_VALUE_BOOL("log_timestamp", cfg->logTimestamp); -- 1.9.3

10 years, 2 months

3
2
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

Devel September 2014