January 2018 - Devel - libvirt List Archives

[libvirt] [RFC PATCH 00/10] Resolve libvirtd hang on termination with connected long running client
by John Ferlan 17 Jan '18

17 Jan '18

This RFC is a combination of a couple of different patch postings that I've combined into one central "stream" of patches that can be discussed for their relative importance or need to fix the problem. Although a bit long winded, I think I've captured enough history for anyone so inclined to walk through the history to understand the maze of twisty patches that it takes to hopefully resolve the issue. The first two patches were presented previously, but not accepted: https://www.redhat.com/archives/libvir-list/2017-November/msg00296.html https://www.redhat.com/archives/libvir-list/2017-November/msg00297.html However since that time, it seems "some form" of the patches is necessary. Most importantly making sure the virObjectUnref for @srv and @srvAdm occurs *prior to* the virNetDaemonClose(dmn); at cleanup (IOW: out of order for a reason). Doing that also requires any program started on the servers also has the virObjectUnref prior to daemon close. The 3rd and 4th patches are a result of discussions held in mid December related to libvirtd crashes/hangs and some possible adjustments to help. Discussion starts here: https://www.redhat.com/archives/libvir-list/2017-December/msg00515.html This led to suggestions to move the toggling of services from Dispose to Close *and* to split the virThreadPoolFree into a Drain function that could also be called during the Close function rather than waiting for the Dispose to occur. Still testing showed that just those 4 patches it still wasn't enough as libvirtd ended up just "hung" because of some patches Nikolay posted that add a new shutdown state, see: https://www.redhat.com/archives/libvir-list/2017-October/msg01134.html Those patches languished mainly because it wasn't clear (at the time) the relationship between them and another series dealing with libvirtd crashes that was partially accepted and pushed: https://www.redhat.com/archives/libvir-list/2017-October/msg01347.html and followup discussion starting here: https://www.redhat.com/archives/libvir-list/2017-November/msg00023.html The 9th patch can be used to test that the first 8 do the job. The details on how I set up the test environment is in the patch. If the sequence is run before the first 8 patches, you will end up with a couple of different hang scenarios. So if you're compelled to see what the big deal is, then apply this one alone and have fun playing. The 10th patch is the one patch from the partially pushed series that wasn't pushed as it was not deemed necessary. It's presented here mainly for completeness. John Ferlan (5): libvirtd: Alter refcnt processing for domain server objects libvirtd: Alter refcnt processing for server program objects netserver: Toggle service off during close qemu: Introduce virTheadPoolDrain APPLY ONLY FOR TESTING PURPOSES Nikolay Shirokovskiy (5): libvirt: introduce hypervisor driver shutdown function qemu: implement state driver shutdown function qemu: agent: fix monitor close during first sync qemu: monitor: check monitor not closed upon send libvirtd: fix crash on termination daemon/libvirtd.c | 46 ++++++++++++++++++++++++++++++++----------- src/driver-state.h | 4 ++++ src/libvirt.c | 18 +++++++++++++++++ src/libvirt_internal.h | 1 + src/libvirt_private.syms | 2 ++ src/qemu/qemu_agent.c | 14 ++++++------- src/qemu/qemu_driver.c | 44 +++++++++++++++++++++++++++++++++++++++++ src/qemu/qemu_monitor.c | 27 ++++++++++++------------- src/rpc/virnetdaemon.c | 1 + src/rpc/virnetserver.c | 5 ++--- src/rpc/virnetserverservice.c | 2 ++ src/util/virthreadpool.c | 19 ++++++++++++------ src/util/virthreadpool.h | 2 ++ 13 files changed, 143 insertions(+), 42 deletions(-) -- 2.13.6

3 19

[libvirt] [PATCH V2] nodedev: Fix failing to parse PCI address for non-PCI network devices
by Jim Fehlig 17 Jan '18

17 Jan '18

Based loosely on a patch from Fei Li <fli(a)suse.com>. Commit 8708ca01c added virNetDevSwitchdevFeature() to check if a network device has Switchdev capabilities. virNetDevSwitchdevFeature() attempts to retrieve the PCI device associated with the network device, ignoring non-PCI devices. It does so via the following call chain virNetDevSwitchdevFeature()->virNetDevGetPCIDevice()-> virPCIGetDeviceAddressFromSysfsLink() For non-PCI network devices (qeth, Xen vif, etc), virPCIGetDeviceAddressFromSysfsLink() will report an error when virPCIDeviceAddressParse() fails. virPCIDeviceAddressParse() also logs an error. After commit 8708ca01c there are now two errors reported for each non-PCI network device even though the errors are harmless. To avoid changing virPCIGetDeviceAddressFromSysfsLink(), virPCIDeviceAddressParse() and related code that has quite a few call sites, add a function to check if a network device is a PCI device and use it in virNetDevSwitchdevFeature() before attempting to retrieve the PCI device. --- Suggestions welcome on a better name for virPCIIsPCIDevice, or even a better approach to solving this issue. Currently virPCIIsPCIDevice assumes the device is PCI if its subsystem starts with 'pci'. I'd be happy to hear if there is a better way to determine if a network device is PCI. src/libvirt_private.syms | 1 + src/util/virnetdev.c | 25 ++++++++++++++++++++++--- src/util/virpci.c | 32 ++++++++++++++++++++++++++++++++ src/util/virpci.h | 3 +++ 4 files changed, 58 insertions(+), 3 deletions(-) diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index a705fa846..bdf98ded1 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -2458,6 +2458,7 @@ virPCIGetVirtualFunctionInfo; virPCIGetVirtualFunctions; virPCIHeaderTypeFromString; virPCIHeaderTypeToString; +virPCIIsPCIDevice; virPCIIsVirtualFunction; virPCIStubDriverTypeFromString; virPCIStubDriverTypeToString; diff --git a/src/util/virnetdev.c b/src/util/virnetdev.c index eb2d119bf..a9af08797 100644 --- a/src/util/virnetdev.c +++ b/src/util/virnetdev.c @@ -1148,6 +1148,21 @@ virNetDevSysfsDeviceFile(char **pf_sysfs_device_link, const char *ifname, } +static bool +virNetDevIsPCIDevice(const char *devName) +{ + char *vfSysfsDevicePath = NULL; + bool ret; + + if (virNetDevSysfsFile(&vfSysfsDevicePath, devName, "device/subsystem") < 0) + return false; + + ret = virPCIIsPCIDevice(vfSysfsDevicePath); + VIR_FREE(vfSysfsDevicePath); + return ret; +} + + static virPCIDevicePtr virNetDevGetPCIDevice(const char *devName) { @@ -3236,14 +3251,18 @@ virNetDevSwitchdevFeature(const char *ifname, if (is_vf == 1 && virNetDevGetPhysicalFunction(ifname, &pfname) < 0) goto cleanup; - pci_device_ptr = pfname ? virNetDevGetPCIDevice(pfname) : - virNetDevGetPCIDevice(ifname); + if (pfname == NULL && VIR_STRDUP(pfname, ifname) < 0) + goto cleanup; + /* No PCI device, then no feature bit to check/add */ - if (pci_device_ptr == NULL) { + if (!virNetDevIsPCIDevice(pfname)) { ret = 0; goto cleanup; } + if ((pci_device_ptr = virNetDevGetPCIDevice(pfname)) == NULL) + goto cleanup; + if (!(nl_msg = nlmsg_alloc_simple(family_id, NLM_F_REQUEST | NLM_F_ACK))) { virReportOOMError(); diff --git a/src/util/virpci.c b/src/util/virpci.c index fe57bef32..f22d89cd7 100644 --- a/src/util/virpci.c +++ b/src/util/virpci.c @@ -2651,6 +2651,38 @@ virPCIGetDeviceAddressFromSysfsLink(const char *device_link) return bdf; } +/** + * virPCIIsPCIDevice: + * @device_link: sysfs path for the device + * + * Returns true if the device specified in @device_link sysfs + * path is a PCI device, otherwise returns false. + */ +bool +virPCIIsPCIDevice(const char *device_link) +{ + char *device_path = NULL; + char *subsys = NULL; + bool ret; + + if (!virFileExists(device_link)) { + VIR_DEBUG("'%s' does not exist", device_link); + return false; + } + + device_path = canonicalize_file_name(device_link); + if (device_path == NULL) { + VIR_DEBUG("Failed to resolve device link '%s'", device_link); + return false; + } + + subsys = last_component(device_path); + ret = STRPREFIX(subsys, "pci"); + + VIR_FREE(device_path); + return ret; +} + /** * virPCIGetPhysicalFunction: * @vf_sysfs_path: sysfs path for the virtual function diff --git a/src/util/virpci.h b/src/util/virpci.h index f1fbe39e6..489d8a777 100644 --- a/src/util/virpci.h +++ b/src/util/virpci.h @@ -190,6 +190,9 @@ int virPCIDeviceWaitForCleanup(virPCIDevicePtr dev, const char *matcher); virPCIDeviceAddressPtr virPCIGetDeviceAddressFromSysfsLink(const char *device_link); +bool +virPCIIsPCIDevice(const char *device_link); + int virPCIGetPhysicalFunction(const char *vf_sysfs_path, virPCIDeviceAddressPtr *pf); -- 2.15.1

2 2

[libvirt] [PATCH] news: Update for 4.0.0
by Andrea Bolognani 17 Jan '18

17 Jan '18

As usual, a bunch of changes slipped through the cracks during the development cycle. Update the release notes to include at least the most notable. Signed-off-by: Andrea Bolognani <abologna(a)redhat.com> --- I'll push this tomorrow morning under the "can't possibly be worse than leaving it alone" rule, so that it makes it into the release, unless I get feedback earlier. docs/news.xml | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) diff --git a/docs/news.xml b/docs/news.xml index 064b9ae83..d034be99a 100644 --- a/docs/news.xml +++ b/docs/news.xml @@ -35,8 +35,48 @@ <libvirt> <release version="v4.0.0" date="unreleased"> <section title="New features"> + <change> + <summary> + tools: Provide bash completion support + </summary> + <description> + Both <code>virsh</code> and <code>virt-admin</code> now implement + basic bash completion support. + </description> + </change> + <change> + <summary> + qemu: Refresh capabilities on host microcode update + </summary> + <description> + A microcode update can cause the CPUID bits to change; therefore, + the capabilities cache should be rebuilt when such an update is + detected on the host. + </description> + </change> + <change> + <summary> + lxc: Set hostname based on container name + </summary> + </change> </section> <section title="Improvements"> + <change> + <summary> + CPU frequency reporting improvements + </summary> + <description> + The CPU frequency will now be reported by <code>virsh nodeinfo</code> + and other tools for s390 hosts; at the same time; CPU frequency has + been disabled on aarch64 hosts because there's no way to detect it + reliably. + </description> + </change> + <change> + <summary> + libxl: Mark domain0 as persistent + </summary> + </change> <change> <summary> Xen: Add support for multiple IP addresses on interface devices @@ -49,6 +89,16 @@ </change> </section> <section title="Bug fixes"> + <change> + <summary> + qemu: Enforce vCPU hotplug granularity constraints + </summary> + <description> + QEMU 2.7 and newer don't allow guests to start unless the initial + vCPUs count is a multiple of the vCPU hotplug granularity, so + validate it and report an error if needed. + </description> + </change> </section> </release> <release version="v3.10.0" date="2017-12-04"> -- 2.14.3

2 3

[libvirt] [PATCH] qemu: avoid denial of service reading from QEMU monitor (CVE-2018-xxxx)
by Daniel P. Berrange 17 Jan '18

17 Jan '18

We read from QEMU until seeing a \r\n pair to indicate a completed reply or event. To avoid memory denial-of-service though, we must have a size limit on amount of data we buffer. 10 MB is large enough that it ought to cope with normal QEMU replies, and small enough that we're not consuming unreasonable mem. Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com> --- src/qemu/qemu_monitor.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/src/qemu/qemu_monitor.c b/src/qemu/qemu_monitor.c index 046caf001c..85c7d68a13 100644 --- a/src/qemu/qemu_monitor.c +++ b/src/qemu/qemu_monitor.c @@ -55,6 +55,15 @@ VIR_LOG_INIT("qemu.qemu_monitor"); #define DEBUG_IO 0 #define DEBUG_RAW_IO 0 +/* We read from QEMU until seeing a \r\n pair to indicate a + * completed reply or event. To avoid memory denial-of-service + * though, we must have a size limit on amount of data we + * buffer. 10 MB is large enough that it ought to cope with + * normal QEMU replies, and small enough that we're not + * consuming unreasonable mem. + */ +#define QEMU_MONITOR_MAX_RESPONSE (10 * 1024 * 1024) + struct _qemuMonitor { virObjectLockable parent; @@ -575,6 +584,12 @@ qemuMonitorIORead(qemuMonitorPtr mon) int ret = 0; if (avail < 1024) { + if (mon->bufferLength >= QEMU_MONITOR_MAX_RESPONSE) { + virReportSystemError(ERANGE, + _("No complete monitor response found in %d bytes"), + QEMU_MONITOR_MAX_RESPONSE); + return -1; + } if (VIR_REALLOC_N(mon->buffer, mon->bufferLength + 1024) < 0) return -1; -- 2.14.3

3 3

[libvirt] [PATCH] qemu: qemuDomainNamespaceUnlinkPaths: Return 0 in case of success
by Marc Hartmayer 17 Jan '18

17 Jan '18

Commit 7a931a4204af refactored the code and probably forgot to add this line. Signed-off-by: Marc Hartmayer <mhartmay(a)linux.vnet.ibm.com> Reviewed-by: Boris Fiuczynski <fiuczy(a)linux.vnet.ibm.com> --- src/qemu/qemu_domain.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index 5c171e4cbd6c..441bf5935b14 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -10212,7 +10212,7 @@ qemuDomainNamespaceUnlinkPaths(virDomainObjPtr vm, goto cleanup; } - + ret = 0; cleanup: virStringListFreeCount(devMountsPath, ndevMountsPath); virObjectUnref(cfg); -- 2.13.4

2 1

[libvirt] [PATCH] AppArmor: Allow libvirtd to kill unconfined processes
by intrigeri+libvirt＠boum.org 17 Jan '18

17 Jan '18

From: intrigeri <intrigeri+libvirt(a)boum.org> On startup libvirtd runs a number of QEMU processes unconfined such as: /usr/bin/qemu-system-x86_64 -S -no-user-config -nodefaults -nographic -machine none,accel=kvm:tcg -qmp unix:/var/lib/libvirt/qemu/capabilities.monitor.sock,server,nowait -pidfile /var/lib/libvirt/qemu/capabilities.pidfile -daemonize libvirtd needs to be allowed to kill these processes, otherwise they remain running. --- examples/apparmor/usr.sbin.libvirtd | 1 + 1 file changed, 1 insertion(+) diff --git a/examples/apparmor/usr.sbin.libvirtd b/examples/apparmor/usr.sbin.libvirtd index a1083b0410..0ddec3f6e2 100644 --- a/examples/apparmor/usr.sbin.libvirtd +++ b/examples/apparmor/usr.sbin.libvirtd @@ -63,6 +63,7 @@ signal (send) peer=/usr/sbin/dnsmasq, signal (read, send) peer=libvirt-*, + signal (send) set=("kill") peer=unconfined, # Very lenient profile for libvirtd since we want to first focus on confining # the guests. Guests will have a very restricted profile. -- 2.15.1

4 3

[libvirt] [PATCH libvirt] qemu: Fix segmentation fault when attaching a non iSCSI host device
by Marc Hartmayer 17 Jan '18

17 Jan '18

Add a check if it's a iSCSI hostdev and if it's not then don't use the union member 'iscsi'. The segmentation fault occured when accessing secinfo->type, but this can vary from case to case. Signed-off-by: Marc Hartmayer <mhartmay(a)linux.vnet.ibm.com> Reviewed-by: Bjoern Walk <bwalk(a)linux.vnet.ibm.com> Reviewed-by: Boris Fiuczynski <fiuczy(a)linux.vnet.ibm.com> --- src/qemu/qemu_hotplug.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c index 6dc16a1054af..83d0e1c71a8e 100644 --- a/src/qemu/qemu_hotplug.c +++ b/src/qemu/qemu_hotplug.c @@ -2343,8 +2343,7 @@ qemuDomainAttachHostSCSIDevice(virConnectPtr conn, bool secobjAdded = false; virJSONValuePtr secobjProps = NULL; virDomainHostdevSubsysSCSIPtr scsisrc = &hostdev->source.subsys.u.scsi; - virDomainHostdevSubsysSCSIiSCSIPtr iscsisrc = &scsisrc->u.iscsi; - qemuDomainStorageSourcePrivatePtr srcPriv; + qemuDomainStorageSourcePrivatePtr srcPriv = NULL; qemuDomainSecretInfoPtr secinfo = NULL; if (!virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_DEVICE_SCSI_GENERIC)) { @@ -2386,7 +2385,8 @@ qemuDomainAttachHostSCSIDevice(virConnectPtr conn, if (qemuDomainSecretHostdevPrepare(conn, priv, hostdev) < 0) goto cleanup; - srcPriv = QEMU_DOMAIN_STORAGE_SOURCE_PRIVATE(iscsisrc->src); + if (scsisrc->protocol == VIR_DOMAIN_HOSTDEV_SCSI_PROTOCOL_TYPE_ISCSI) + srcPriv = QEMU_DOMAIN_STORAGE_SOURCE_PRIVATE(scsisrc->u.iscsi.src); if (srcPriv) secinfo = srcPriv->secinfo; if (secinfo && secinfo->type == VIR_DOMAIN_SECRET_INFO_TYPE_AES) { -- 2.13.4

2 2

[libvirt] [PATCH] remove bogus casts of arg to g_object_ref
by Daniel P. Berrange 17 Jan '18

17 Jan '18

Latest version of glib uses typeof() magic to cast the return value of g_object_ref to match its argument, instead of returning a 'void *'. A few places in the code were casting the arg to G_OBJECT() which was then incompatible with the variable we assigned the result to. The parameter casts were always redundant so just remove them. Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com> --- libvirt-gconfig/libvirt-gconfig-object.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libvirt-gconfig/libvirt-gconfig-object.c b/libvirt-gconfig/libvirt-gconfig-object.c index 851e35c..ca2c6e6 100644 --- a/libvirt-gconfig/libvirt-gconfig-object.c +++ b/libvirt-gconfig/libvirt-gconfig-object.c @@ -572,7 +572,7 @@ gvir_config_object_set_node_content(GVirConfigObject *object, node = gvir_config_object_replace_child(object, node_name); g_return_if_fail(node != NULL); } else { - node = g_object_ref(G_OBJECT(object)); + node = g_object_ref(object); } encoded_data = xmlEncodeEntitiesReentrant(node->priv->node->doc, (xmlChar *)value); @@ -896,7 +896,7 @@ gvir_config_object_attach(GVirConfigObject *parent, GVirConfigObject *child, gbo child->priv->doc = NULL; } if (parent->priv->doc != NULL) { - child->priv->doc = g_object_ref(G_OBJECT(parent->priv->doc)); + child->priv->doc = g_object_ref(parent->priv->doc); } } -- 2.14.3

1 1

[libvirt] New GIT repos for libvirt wiki & virt tools planet
by Daniel P. Berrange 17 Jan '18

17 Jan '18

Hi Folks, Just let you all know that I've moved various libvirt related websites over to hosting on Red Hat's OpenShift v3 infrastructure. With the new v3 that is based on Kubernetes, I'm able to publish the GIT repos containing the core content & software setup. For wiki.libvirt.org: https://libvirt.org/git/?p=libvirt-wiki.git;a=summary For planet.virt-tools.org: https://libvirt.org/git/?p=virttools-planet.git;a=summary For www.virt-tools.org: https://libvirt.org/git/?p=virttools-web.git;a=summary These are setup to mirror to github, and with a github webhook installed. So if when changes to the *content*, it will get automatically deployed to the live site by OpenShift. NB, auto-deploy doesn't apply to the actual OpenShift configuration, only the static config. I still need to manualy deploy OpenShift config changes for security reasons :-) The key benefit here is that adding people to the blog aggregator on planet.virt-tools.org is now easier. Just send a patch for this file: https://libvirt.org/git/?p=virttools-planet.git;a=blob;f=updater/virt-tools… Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|

1 0

[libvirt] [PATCH] rpm: updates wrt min required fedora version
by Daniel P. Berrange 17 Jan '18

17 Jan '18

Update the min fedora to 25. Use a macro to record the min versions so that the later error message is always in sync with the earlier version check. Clarify the comment that refers to guessing of dist which does not actually happen. Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com> --- libvirt.spec.in | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/libvirt.spec.in b/libvirt.spec.in index 7e1b6a27d3..713961573a 100644 --- a/libvirt.spec.in +++ b/libvirt.spec.in @@ -1,10 +1,12 @@ # -*- rpm-spec -*- # This spec file assumes you are building on a Fedora or RHEL version -# that's still supported by the vendor: that means Fedora 23 or newer, -# or RHEL 6 or newer. It may need some tweaks for other distros. -# If neither fedora nor rhel was defined, try to guess them from dist -%if (0%{?fedora} && 0%{?fedora} >= 23) || (0%{?rhel} && 0%{?rhel} >= 6) +# that's still supported by the vendor. It may work on other distros +# or versions, but no effort will be made to ensure that going forward. +%define min_rhel 6 +%define min_fedora 25 + +%if (0%{?fedora} && 0%{?fedora} >= %{min_fedora}) || (0%{?rhel} && 0%{?rhel} >= %{min_rhel}) %define supported_platform 1 %else %define supported_platform 0 @@ -1132,7 +1134,7 @@ rm -rf .git %build %if ! %{supported_platform} -echo "This RPM requires either Fedora >= 20 or RHEL >= 6" +echo "This RPM requires either Fedora >= %{min_fedora} or RHEL >= %{min_rhel}" exit 1 %endif -- 2.14.3

3 2