[libvirt] [PATCH] virutil: Introduce virGetHostnameSimple()
by Michal Privoznik
After 759b4d1b0fe5f we are getting hostname in virLogOnceInit().
Problem with this approach is in the NSS module because the
module calls some internal APIs which occasionally want to log
something. This results in virLogInitialize() to be called which
in turn ends up calling virGetHostnameQuiet() and effectively the
control gets to NSS plugin again which calls some internal APIs
which occasionally want to log something. You can see the
deadlock now.
One way out of this is to call only gethostname() and not whole
virGetHostnameQuiet() machinery.
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
src/libvirt_private.syms | 1 +
src/util/virlog.c | 2 +-
src/util/virutil.c | 46 ++++++++++++++++++++++++++++++++++------------
src/util/virutil.h | 1 +
4 files changed, 37 insertions(+), 13 deletions(-)
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 3b14d7d15..3ef55f809 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -3016,6 +3016,7 @@ virGetGroupList;
virGetGroupName;
virGetHostname;
virGetHostnameQuiet;
+virGetHostnameSimple;
virGetListenFDs;
virGetSelfLastChanged;
virGetSystemPageSize;
diff --git a/src/util/virlog.c b/src/util/virlog.c
index 8f1e4800d..fc854ffeb 100644
--- a/src/util/virlog.c
+++ b/src/util/virlog.c
@@ -276,7 +276,7 @@ virLogOnceInit(void)
* it might not be possible to load NSS modules via getaddrinfo()
* (e.g. at container startup the host filesystem will not be
* accessible anymore. */
- virLogHostname = virGetHostnameQuiet();
+ virLogHostname = virGetHostnameSimple();
virLogUnlock();
return 0;
diff --git a/src/util/virutil.c b/src/util/virutil.c
index cd6fbf2f3..22adecd53 100644
--- a/src/util/virutil.c
+++ b/src/util/virutil.c
@@ -684,26 +684,23 @@ static char *
virGetHostnameImpl(bool quiet)
{
int r;
- char hostname[HOST_NAME_MAX+1], *result = NULL;
+ char *result;
struct addrinfo hints, *info;
- r = gethostname(hostname, sizeof(hostname));
- if (r == -1) {
+ if (!(result = virGetHostnameSimple())) {
if (!quiet)
virReportSystemError(errno,
"%s", _("failed to determine host name"));
return NULL;
}
- NUL_TERMINATE(hostname);
- if (STRPREFIX(hostname, "localhost") || strchr(hostname, '.')) {
+ if (STRPREFIX(result, "localhost") || strchr(result, '.')) {
/* in this case, gethostname returned localhost (meaning we can't
* do any further canonicalization), or it returned an FQDN (and
* we don't need to do any further canonicalization). Return the
* string as-is; it's up to callers to check whether "localhost"
* is allowed.
*/
- ignore_value(VIR_STRDUP_QUIET(result, hostname));
goto cleanup;
}
@@ -714,12 +711,11 @@ virGetHostnameImpl(bool quiet)
memset(&hints, 0, sizeof(hints));
hints.ai_flags = AI_CANONNAME|AI_CANONIDN;
hints.ai_family = AF_UNSPEC;
- r = getaddrinfo(hostname, NULL, &hints, &info);
+ r = getaddrinfo(result, NULL, &hints, &info);
if (r != 0) {
if (!quiet)
VIR_WARN("getaddrinfo failed for '%s': %s",
- hostname, gai_strerror(r));
- ignore_value(VIR_STRDUP_QUIET(result, hostname));
+ result, gai_strerror(r));
goto cleanup;
}
@@ -727,15 +723,16 @@ virGetHostnameImpl(bool quiet)
sa_assert(info);
if (info->ai_canonname == NULL ||
- STRPREFIX(info->ai_canonname, "localhost"))
+ STRPREFIX(info->ai_canonname, "localhost")) {
/* in this case, we tried to canonicalize and we ended up back with
* localhost. Ignore the canonicalized name and just return the
* original hostname
*/
- ignore_value(VIR_STRDUP_QUIET(result, hostname));
- else
+ } else {
/* Caller frees this string. */
+ VIR_FREE(result);
ignore_value(VIR_STRDUP_QUIET(result, info->ai_canonname));
+ }
freeaddrinfo(info);
@@ -760,6 +757,31 @@ virGetHostnameQuiet(void)
}
+/**
+ * virGetHostnameSimple:
+ *
+ * Plain wrapper over gethostname(). The difference to
+ * virGetHostname() is that this function doesn't try to
+ * canonicalize the hostname.
+ *
+ * Returns: hostname string (caller must free),
+ * NULL on error.
+ */
+char *
+virGetHostnameSimple(void)
+{
+ char hostname[HOST_NAME_MAX+1];
+ char *ret;
+
+ if (gethostname(hostname, sizeof(hostname)) == -1)
+ return NULL;
+
+ NUL_TERMINATE(hostname);
+ ignore_value(VIR_STRDUP_QUIET(ret, hostname));
+ return ret;
+}
+
+
char *
virGetUserDirectory(void)
{
diff --git a/src/util/virutil.h b/src/util/virutil.h
index be0f6b0ea..57148374b 100644
--- a/src/util/virutil.h
+++ b/src/util/virutil.h
@@ -136,6 +136,7 @@ static inline int pthread_sigmask(int how,
char *virGetHostname(void);
char *virGetHostnameQuiet(void);
+char *virGetHostnameSimple(void);
char *virGetUserDirectory(void);
char *virGetUserDirectoryByUID(uid_t uid);
--
2.13.6
6 years, 9 months
[libvirt] [PATCH v3 00/15] Misc build refactoring / isolation work
by Daniel P. Berrangé
This was triggered by the recent Fedora change to add '-z defs' to RPM
builds by default which breaks libvirt. Various make rule changes can
fix much of the problem, but it also requires source refactoring to get
rid of places where virt drivers directly call into the storage/network
drivers. Co-incidentally this work will also be useful in allowing us to
separate out drivers to distinct daemons.
In v3:
- Fixed a few build problems identified by travis
In v2:
- Fixed header file name comment
- Resolve conflicts
- Fix unit tests
- Fix bisectable build by moving libvirt_lxc build patch earlier
- Update syntax check header include rule
Daniel P. Berrangé (15):
storage: extract storage file backend from main storage driver backend
storage: move storage file backend framework into util directory
rpc: don't link in second copy of RPC code to libvirtd & lockd plugin
build: link libvirt_lxc against libvirt.so
conf: introduce callback registration for domain net device allocation
conf: expand network device callbacks to cover bandwidth updates
qemu: replace networkGetNetworkAddress with public API calls
conf: expand network device callbacks to cover resolving NIC type
network: remove conditional declarations
conf: move virStorageTranslateDiskSourcePool into domain conf
storage: export virStoragePoolLookupByTargetPath as a public API
build: explicitly link all modules with libvirt.so
build: provide a AM_FLAGS_MOD for loadable modules
build: passing the "-z defs" linker flag to prevent undefined symbols
cfg: forbid includes of headers in network and storage drivers again
cfg.mk | 2 +-
configure.ac | 1 +
daemon/Makefile.am | 3 +-
include/libvirt/libvirt-storage.h | 2 +
m4/virt-linker-no-undefined.m4 | 32 ++
po/POTFILES.in | 2 +-
src/Makefile.am | 150 ++++----
src/bhyve/bhyve_command.c | 7 +-
src/conf/domain_conf.c | 355 +++++++++++++++++++
src/conf/domain_conf.h | 71 ++++
src/driver-storage.h | 5 +
src/libvirt-storage.c | 40 +++
src/libvirt_private.syms | 29 ++
src/libvirt_public.syms | 6 +
src/libvirt_remote.syms | 11 +-
src/libxl/libxl_domain.c | 5 +-
src/libxl/libxl_driver.c | 7 +-
src/lxc/lxc_driver.c | 5 +-
src/lxc/lxc_process.c | 7 +-
src/network/bridge_driver.c | 124 +------
src/network/bridge_driver.h | 72 ----
src/qemu/qemu_alias.c | 3 +-
src/qemu/qemu_command.c | 1 -
src/qemu/qemu_domain.c | 3 -
src/qemu/qemu_domain_address.c | 3 +-
src/qemu/qemu_driver.c | 15 +-
src/qemu/qemu_hotplug.c | 18 +-
src/qemu/qemu_migration.c | 3 +-
src/qemu/qemu_process.c | 115 +++++-
src/remote/remote_driver.c | 1 +
src/remote/remote_protocol.x | 17 +-
src/remote_protocol-structs | 7 +
src/security/virt-aa-helper.c | 2 -
src/storage/storage_backend.c | 66 ----
src/storage/storage_backend.h | 75 ----
src/storage/storage_backend_fs.c | 8 +-
src/storage/storage_backend_gluster.c | 4 +-
src/storage/storage_driver.c | 256 +-------------
src/storage/storage_driver.h | 3 -
src/storage/storage_source.c | 645 ----------------------------------
src/storage/storage_source.h | 59 ----
src/util/virstoragefile.c | 609 +++++++++++++++++++++++++++++++-
src/util/virstoragefile.h | 32 ++
src/util/virstoragefilebackend.c | 108 ++++++
src/util/virstoragefilebackend.h | 104 ++++++
src/vz/vz_sdk.c | 1 -
tests/Makefile.am | 11 +-
tests/qemuxml2argvtest.c | 4 +
tests/virstoragetest.c | 1 -
tools/Makefile.am | 1 +
50 files changed, 1679 insertions(+), 1432 deletions(-)
create mode 100644 m4/virt-linker-no-undefined.m4
delete mode 100644 src/storage/storage_source.c
delete mode 100644 src/storage/storage_source.h
create mode 100644 src/util/virstoragefilebackend.c
create mode 100644 src/util/virstoragefilebackend.h
--
2.14.3
6 years, 9 months
[libvirt] [PATCH] virlog: Allow opting out from logging
by Michal Privoznik
After 759b4d1b0fe5f we are getting hostname in virLogOnceInit().
Problem with this approach is in the NSS module because the
module calls some internal APIs which occasionally want to log
something. This results in virLogInitialize() to be called which
in turn ends up calling virGetHostnameQuiet() and effectively the
control gets to NSS plugin again which calls some internal APIs
which occasionally want to log something. You can see the
deadlock now.
One way out from this is to turn logging into no-op. Which kind
of makes sense - the NSS module shouldn't log anything. To
achieve this, the virLogVMessage() function is provided with
separate no-op implementation if DISABLE_LOGGING_FOR_NSS macro is
set.
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
config-post.h | 1 +
src/util/virlog.c | 119 ++++++++++++++++++++++++++++++++----------------------
2 files changed, 71 insertions(+), 49 deletions(-)
diff --git a/config-post.h b/config-post.h
index f7eba0d7c..95e834f8e 100644
--- a/config-post.h
+++ b/config-post.h
@@ -72,6 +72,7 @@
# undef WITH_SECDRIVER_SELINUX
# undef WITH_SECDRIVER_APPARMOR
# undef WITH_CAPNG
+# define DISABLE_LOGGING_FOR_NSS
#endif /* LIBVIRT_NSS */
#ifndef __GNUC__
diff --git a/src/util/virlog.c b/src/util/virlog.c
index 8f1e4800d..3284bdc03 100644
--- a/src/util/virlog.c
+++ b/src/util/virlog.c
@@ -241,23 +241,6 @@ virLogGetDefaultOutput(void)
}
-static const char *
-virLogPriorityString(virLogPriority lvl)
-{
- switch (lvl) {
- case VIR_LOG_DEBUG:
- return "debug";
- case VIR_LOG_INFO:
- return "info";
- case VIR_LOG_WARN:
- return "warning";
- case VIR_LOG_ERROR:
- return "error";
- }
- return "unknown";
-}
-
-
static int
virLogOnceInit(void)
{
@@ -429,6 +412,60 @@ virLogOutputListFree(virLogOutputPtr *list, int count)
}
+/**
+ * virLogMessage:
+ * @source: where is that message coming from
+ * @priority: the priority level
+ * @filename: file where the message was emitted
+ * @linenr: line where the message was emitted
+ * @funcname: the function emitting the (debug) message
+ * @metadata: NULL or metadata array, terminated by an item with NULL key
+ * @fmt: the string format
+ * @...: the arguments
+ *
+ * Call the libvirt logger with some information. Based on the configuration
+ * the message may be stored, sent to output or just discarded
+ */
+void
+virLogMessage(virLogSourcePtr source,
+ virLogPriority priority,
+ const char *filename,
+ int linenr,
+ const char *funcname,
+ virLogMetadataPtr metadata,
+ const char *fmt, ...)
+{
+ va_list ap;
+ va_start(ap, fmt);
+ virLogVMessage(source, priority,
+ filename, linenr, funcname,
+ metadata, fmt, ap);
+ va_end(ap);
+}
+
+
+/* For the library we compile in logging code and then turn it
+ * on/off depending on user settings. However, for the NSS plugin
+ * we might get into deadlock and logging there is not really
+ * needed. */
+#ifndef DISABLE_LOGGING_FOR_NSS
+static const char *
+virLogPriorityString(virLogPriority lvl)
+{
+ switch (lvl) {
+ case VIR_LOG_DEBUG:
+ return "debug";
+ case VIR_LOG_INFO:
+ return "info";
+ case VIR_LOG_WARN:
+ return "warning";
+ case VIR_LOG_ERROR:
+ return "error";
+ }
+ return "unknown";
+}
+
+
static int
virLogFormatString(char **msg,
int linenr,
@@ -514,38 +551,6 @@ virLogSourceUpdate(virLogSourcePtr source)
virLogUnlock();
}
-/**
- * virLogMessage:
- * @source: where is that message coming from
- * @priority: the priority level
- * @filename: file where the message was emitted
- * @linenr: line where the message was emitted
- * @funcname: the function emitting the (debug) message
- * @metadata: NULL or metadata array, terminated by an item with NULL key
- * @fmt: the string format
- * @...: the arguments
- *
- * Call the libvirt logger with some information. Based on the configuration
- * the message may be stored, sent to output or just discarded
- */
-void
-virLogMessage(virLogSourcePtr source,
- virLogPriority priority,
- const char *filename,
- int linenr,
- const char *funcname,
- virLogMetadataPtr metadata,
- const char *fmt, ...)
-{
- va_list ap;
- va_start(ap, fmt);
- virLogVMessage(source, priority,
- filename, linenr, funcname,
- metadata, fmt, ap);
- va_end(ap);
-}
-
-
/**
* virLogVMessage:
* @source: where is that message coming from
@@ -678,6 +683,22 @@ virLogVMessage(virLogSourcePtr source,
errno = saved_errno;
}
+#else /* DISABLE_LOGGING_FOR_NSS */
+
+void
+virLogVMessage(virLogSourcePtr source ATTRIBUTE_UNUSED,
+ virLogPriority priority ATTRIBUTE_UNUSED,
+ const char *filename ATTRIBUTE_UNUSED,
+ int linenr ATTRIBUTE_UNUSED,
+ const char *funcname ATTRIBUTE_UNUSED,
+ virLogMetadataPtr metadata ATTRIBUTE_UNUSED,
+ const char *fmt ATTRIBUTE_UNUSED,
+ va_list vargs ATTRIBUTE_UNUSED)
+{
+ return;
+}
+
+#endif /* DISABLE_LOGGING_FOR_NSS */
static void
virLogStackTraceToFd(int fd)
--
2.13.6
6 years, 9 months
[libvirt] [PATCH] virlog: determine the hostname on startup CVE-2018-XXX
by Daniel P. Berrangé
From: Lubomir Rintel <lkundrak(a)v3.sk>
At later point it might not be possible or even safe to use getaddrinfo(). It
can in turn result in a load of NSS module.
Notably, on a LXC container startup we may find ourselves with the guest
filesystem already having replaced the host one. Loading a NSS module
from the guest tree could allow a malicous guest to escape the
confinement of its container environment because libvirt will not yet
have locked it down.
---
NB, we're still awaiting CVE allocation before pushing to git
src/util/virlog.c | 14 +++++++++-----
1 file changed, 9 insertions(+), 5 deletions(-)
diff --git a/src/util/virlog.c b/src/util/virlog.c
index 68439b9194..9105337ce6 100644
--- a/src/util/virlog.c
+++ b/src/util/virlog.c
@@ -64,6 +64,7 @@
VIR_LOG_INIT("util.log");
static regex_t *virLogRegex;
+static char *virLogHostname;
#define VIR_LOG_DATE_REGEX "[0-9]{4}-[0-9]{2}-[0-9]{2}"
@@ -271,6 +272,12 @@ virLogOnceInit(void)
VIR_FREE(virLogRegex);
}
+ /* We get and remember the hostname early, because at later time
+ * it might not be possible to load NSS modules via getaddrinfo()
+ * (e.g. at container startup the host filesystem will not be
+ * accessible anymore. */
+ virLogHostname = virGetHostnameQuiet();
+
virLogUnlock();
return 0;
}
@@ -466,17 +473,14 @@ static int
virLogHostnameString(char **rawmsg,
char **msg)
{
- char *hostname = virGetHostnameQuiet();
char *hoststr;
- if (!hostname)
+ if (!virLogHostname)
return -1;
- if (virAsprintfQuiet(&hoststr, "hostname: %s", hostname) < 0) {
- VIR_FREE(hostname);
+ if (virAsprintfQuiet(&hoststr, "hostname: %s", virLogHostname) < 0) {
return -1;
}
- VIR_FREE(hostname);
if (virLogFormatString(msg, 0, NULL, VIR_LOG_INFO, hoststr) < 0) {
VIR_FREE(hoststr);
--
2.14.3
6 years, 9 months
[libvirt] [PATCH] qemu: Alter condition to avoid possible NULL deref
by John Ferlan
Commit 'f0f2a5ec2' neglected to adjust the if condition to split
out the possibility that the @watchdog is NULL when altering the
message to add detail about the model.
Just split out the condition and use previous/original message, but
with the new message code.
Found by Coverity
Signed-off-by: John Ferlan <jferlan(a)redhat.com>
---
src/qemu/qemu_hotplug.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
index c7bf25eee..3291ce613 100644
--- a/src/qemu/qemu_hotplug.c
+++ b/src/qemu/qemu_hotplug.c
@@ -5159,11 +5159,16 @@ qemuDomainDetachWatchdog(virQEMUDriverPtr driver,
virDomainWatchdogDefPtr watchdog = vm->def->watchdog;
qemuDomainObjPrivatePtr priv = vm->privateData;
+ if (!watchdog) {
+ virReportError(VIR_ERR_DEVICE_MISSING, "%s",
+ _("watchdog device not present in domain configuration"));
+ return -1;
+ }
+
/* While domains can have up to one watchdog, the one supplied by the user
* doesn't necessarily match the one domain has. Refuse to detach in such
* case. */
- if (!(watchdog &&
- watchdog->model == dev->model &&
+ if (!(watchdog->model == dev->model &&
watchdog->action == dev->action &&
virDomainDeviceInfoAddressIsEqual(&dev->info, &watchdog->info))) {
virReportError(VIR_ERR_DEVICE_MISSING,
--
2.13.6
6 years, 9 months
[libvirt] [PATCH] qemu: don't leak in qemuGetDHCPInterfaces when failing to alloc
by Chen Hanxiao
From: Chen Hanxiao <chenhanxiao(a)gmail.com>
We forgot to free alloced mem when failed to
dup ifname or macaddr.
Also use VIR_STEAL_PTR to simplify codes.
Signed-off-by: Chen Hanxiao <chenhanxiao(a)gmail.com>
---
src/qemu/qemu_agent.c | 3 +--
src/qemu/qemu_driver.c | 7 +++----
2 files changed, 4 insertions(+), 6 deletions(-)
diff --git a/src/qemu/qemu_agent.c b/src/qemu/qemu_agent.c
index 5d125c413..0f36054a6 100644
--- a/src/qemu/qemu_agent.c
+++ b/src/qemu/qemu_agent.c
@@ -2190,8 +2190,7 @@ qemuAgentGetInterfaces(qemuAgentPtr mon,
iface->naddrs = addrs_count;
}
- *ifaces = ifaces_ret;
- ifaces_ret = NULL;
+ VIR_STEAL_PTR(*ifaces, ifaces_ret);
ret = ifaces_count;
cleanup:
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 978ecd4e0..60cdd237a 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -20569,10 +20569,10 @@ qemuGetDHCPInterfaces(virDomainPtr dom,
goto error;
if (VIR_STRDUP(iface->name, vm->def->nets[i]->ifname) < 0)
- goto cleanup;
+ goto error;
if (VIR_STRDUP(iface->hwaddr, macaddr) < 0)
- goto cleanup;
+ goto error;
}
for (j = 0; j < n_leases; j++) {
@@ -20592,8 +20592,7 @@ qemuGetDHCPInterfaces(virDomainPtr dom,
VIR_FREE(leases);
}
- *ifaces = ifaces_ret;
- ifaces_ret = NULL;
+ VIR_STEAL_PTR(*ifaces, ifaces_ret);
rv = ifaces_count;
cleanup:
--
2.14.3
6 years, 9 months
[libvirt] [PATCH] util: netlink: fix the mismatch parameter description of functions
by Chen Hanxiao
From: Chen Hanxiao <chenhanxiao(a)gmail.com>
Some of netlink functions don't have the right
@parameters description according to the declaration of function.
This patch fix them.
Signed-off-by: Chen Hanxiao <chenhanxiao(a)gmail.com>
---
src/util/virnetlink.c | 35 ++++++++++++++++++-----------------
1 file changed, 18 insertions(+), 17 deletions(-)
diff --git a/src/util/virnetlink.c b/src/util/virnetlink.c
index d732fe8cf..6a6508fa4 100644
--- a/src/util/virnetlink.c
+++ b/src/util/virnetlink.c
@@ -278,14 +278,14 @@ virNetlinkSendRequest(struct nl_msg *nl_msg, uint32_t src_pid,
/**
* virNetlinkCommand:
- * @nlmsg: pointer to netlink message
- * @respbuf: pointer to pointer where response buffer will be allocated
+ * @nl_msg: pointer to netlink message
+ * @resp: pointer to pointer where response buffer will be allocated
* @respbuflen: pointer to integer holding the size of the response buffer
- * on return of the function.
- * @src_pid: the pid of the process to send a message
- * @dst_pid: the pid of the process to talk to, i.e., pid = 0 for kernel
- * @protocol: netlink protocol
- * @groups: the group identifier
+ * on return of the function.
+ * @src_pid: the pid of the process to send a message
+ * @dst_pid: the pid of the process to talk to, i.e., pid = 0 for kernel
+ * @protocol: netlink protocol
+ * @groups: the group identifier
*
* Send the given message to the netlink layer and receive response.
* Returns 0 on success, -1 on error. In case of error, no response
@@ -387,9 +387,9 @@ virNetlinkDumpCommand(struct nl_msg *nl_msg,
*
* @ifname: The name of the interface; only use if ifindex <= 0
* @ifindex: The interface index; may be <= 0 if ifname is given
- * @data: Gets a pointer to the raw data from netlink.
+ * @nlData: Gets a pointer to the raw data from netlink.
MUST BE FREED BY CALLER!
- * @nlattr: Pointer to a pointer of netlink attributes that will contain
+ * @tb: Pointer to a pointer of netlink attributes that will contain
* the results
* @src_pid: pid used for nl_pid of the local end of the netlink message
* (0 == "use getpid()")
@@ -505,7 +505,7 @@ virNetlinkDumpLink(const char *ifname, int ifindex,
/**
* virNetlinkDelLink:
*
- * @ifname: Name of the link
+ * @ifname: Name of the link
* @fallback: pointer to an alternate function that will
* be called to perform the delete if RTM_DELLINK fails
* with EOPNOTSUPP (any other error will simply be treated
@@ -648,7 +648,7 @@ virNetlinkEventServerUnlock(virNetlinkEventSrvPrivatePtr driver)
/**
* virNetlinkEventRemoveClientPrimitive:
*
- * @i: index of the client to remove from the table
+ * @i: index of the client to remove from the table
* @protocol: netlink protocol
*
* This static function does the low level removal of a client from
@@ -837,7 +837,8 @@ int virNetlinkEventServiceLocalPid(unsigned int protocol)
* This registers a netlink socket with the event interface.
*
* @protocol: netlink protocol
- * @groups: broadcast groups to join in
+ * @groups: broadcast groups to join in
+ *
* Returns -1 if the monitor cannot be registered, 0 upon success
*/
int
@@ -925,9 +926,9 @@ virNetlinkEventServiceStart(unsigned int protocol, unsigned int groups)
*
* @handleCB: callback to invoke when an event occurs
* @removeCB: callback to invoke when removing a client
- * @opaque: user data to pass to callback
- * @macaddr: macaddr to store with the data. Used to identify callers.
- * May be null.
+ * @opaque: user data to pass to callback
+ * @macaddr: macaddr to store with the data. Used to identify callers.
+ * May be null.
* @protocol: netlink protocol
*
* register a callback for handling of netlink messages. The
@@ -1003,8 +1004,8 @@ virNetlinkEventAddClient(virNetlinkEventHandleCallback handleCB,
/**
* virNetlinkEventRemoveClient:
*
- * @watch: watch whose handle to remove
- * @macaddr: macaddr whose handle to remove
+ * @watch: watch whose handle to remove
+ * @macaddr: macaddr whose handle to remove
* @protocol: netlink protocol
*
* Unregister a callback from a netlink monitor.
--
2.14.3
6 years, 9 months
[libvirt] [PATCH] qemu: Remove redundancy from qemuBuildControllerDevStr()
by Andrea Bolognani
Several PCI controllers are handled the same and can thus
be squashed together.
Signed-off-by: Andrea Bolognani <abologna(a)redhat.com>
---
src/qemu/qemu_command.c | 17 ++---------------
1 file changed, 2 insertions(+), 15 deletions(-)
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index ee4e0b20d..040ea65b6 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -2722,6 +2722,7 @@ qemuBuildControllerDevStr(const virDomainDef *domainDef,
def->info.alias);
break;
case VIR_DOMAIN_CONTROLLER_MODEL_PCI_EXPANDER_BUS:
+ case VIR_DOMAIN_CONTROLLER_MODEL_PCIE_EXPANDER_BUS:
virBufferAsprintf(&buf, "%s,bus_nr=%d,id=%s",
modelName, pciopts->busNr,
def->info.alias);
@@ -2730,29 +2731,15 @@ qemuBuildControllerDevStr(const virDomainDef *domainDef,
pciopts->numaNode);
break;
case VIR_DOMAIN_CONTROLLER_MODEL_DMI_TO_PCI_BRIDGE:
- virBufferAsprintf(&buf, "%s,id=%s", modelName, def->info.alias);
- break;
- case VIR_DOMAIN_CONTROLLER_MODEL_PCIE_ROOT_PORT:
- virBufferAsprintf(&buf, "%s,port=0x%x,chassis=%d,id=%s",
- modelName, pciopts->port,
- pciopts->chassis, def->info.alias);
- break;
case VIR_DOMAIN_CONTROLLER_MODEL_PCIE_SWITCH_UPSTREAM_PORT:
virBufferAsprintf(&buf, "%s,id=%s", modelName, def->info.alias);
break;
+ case VIR_DOMAIN_CONTROLLER_MODEL_PCIE_ROOT_PORT:
case VIR_DOMAIN_CONTROLLER_MODEL_PCIE_SWITCH_DOWNSTREAM_PORT:
virBufferAsprintf(&buf, "%s,port=0x%x,chassis=%d,id=%s",
modelName, pciopts->port,
pciopts->chassis, def->info.alias);
break;
- case VIR_DOMAIN_CONTROLLER_MODEL_PCIE_EXPANDER_BUS:
- virBufferAsprintf(&buf, "%s,bus_nr=%d,id=%s",
- modelName, pciopts->busNr,
- def->info.alias);
- if (pciopts->numaNode != -1)
- virBufferAsprintf(&buf, ",numa_node=%d",
- pciopts->numaNode);
- break;
case VIR_DOMAIN_CONTROLLER_MODEL_PCI_ROOT:
/* Skip the implicit one */
if (pciopts->targetIndex == 0)
--
2.14.3
6 years, 9 months
[libvirt] [PATCH] qemu: Error out on invalid pci-root controller model name
by Andrea Bolognani
This is a hard error, and should be handled as such.
Introduced in 24614760228b.
Signed-off-by: Andrea Bolognani <abologna(a)redhat.com>
---
src/qemu/qemu_domain.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 16833474a..178ec24ae 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -4446,7 +4446,7 @@ qemuDomainDeviceDefValidateControllerPCI(const virDomainControllerDef *controlle
_("PCI controller model name '%s' is not valid "
"for a pci-root"),
modelName);
- return 0;
+ return -1;
}
if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_DEVICE_SPAPR_PCI_HOST_BRIDGE)) {
--
2.14.3
6 years, 9 months
[libvirt] ANNOUNCE: libguestfs 1.38 released
by Richard W.M. Jones
I'm pleased to announce libguestfs 1.38, a library and a set of tools
for accessing and modifying virtual machine disk images.
This release represents about a year of work by many contributors.
I'd like to call out in particular substantial contributions from:
Cédric Bosdonnat, Pavel Butsykin, Matteo Cafasso, Tomáš Golembiovský,
Nikos Skalkotos, and Pino Toscano.
Virt-builder-repository is a new tool for creating virt-builder
repositories. Virt-rescue has been rewritten, implementing
implementing job control, -m and -i options, escape keys. Virt-v2v
has several new methods to pull VMs out of VMware faster. The
inspection code was rewritten and placed inside the daemon making it
much faster and more robust.
Of course dozens of other features have been added, and many bugs
fixed. See the release notes below for full details.
You can get libguestfs 1.38 from here:
Main website: http://libguestfs.org/ [not updated yet]
Source: http://libguestfs.org/download/1.38-stable/
Fedora: https://koji.fedoraproject.org/koji/packageinfo?packageID=8391
Debian/experimental: https://packages.debian.org/libguestfs0
Note for distro packagers: ocaml >= 4.01, ocaml-hivex are now
mandatory build dependencies. If using glibc >= 2.27 which dropped
support for SunRPC and crypt(3), you will need rpcgen, libtirpc and
libxcrypt.
Rich.
----------------------------------------------------------------------
Release notes for libguestfs 1.38
These are also available online at:
http://libguestfs.org/guestfs-release-notes.1.html
New features
New tools
Virt-builder-repository is a new tool allowing end users to create and
update virt-builder repositories (Cédric Bosdonnat).
Virt-rescue (while not a new tool) has been substantially rewritten,
implementing job control, -m and -i options, escape keys, etc.
New features in existing tools
Virt-builder planner has been improved so that faster and more
efficient build plans are chosen for complex cases, especially when
either the tmpdir or output is on networked storage.
New virt-builder Fedora templates (starting with Fedora 26) will have
plain partition layout and use GPT for partitions.
Virt-customize "firstboot" scripts in guests using systemd are now
installed under the "multi-user.target" instead of "default.target" so
they will only run when the system is booted normally.
Virt-customize now sets a random /etc/machine-id for Linux guests, if
one is not already set.
Virt-df now works correctly on filesystems with block sizes smaller
than 1K (Nikolay Ivanets).
Virt-dib has further compatibility enhancements with diskimage-builder
(Pino Toscano).
Virt-sysprep removes "DHCP_HOSTNAME" from ifcfg-* files.
Virt-sysprep now works on Oracle Linux (Jamie Iles).
Virt-resize now correctly copies GPT partition attributes from the
source to the destination (Cédric Bosdonnat).
Bash tab completion implemented or enhanced for: virt-win-reg,
virt-v2v-copy-to-local.
virt-v2v and virt-p2v
Virt-v2v can now read VMware VMX files directly, either from local
disk, NFS storage, or over SSH from an ESXi hypervisor.
Virt-v2v can now use VDDK as an input source.
Both virt-v2v and virt-p2v are now able to pass through the source CPU
vendor, model and topology. However unfortunately not all source and
target hypervisors are able to provide or consume this data at present
(Tomáš Golembiovský).
Virt-v2v now supports encrypted guests (Pino Toscano).
Virt-v2v can now handle VMware snapshots. Note that the snapshots are
collapsed — it does not convert the chain of snapshots into a chain of
snapshots.
Virt-v2v now installs Windows 10 / Windows Server 2016 virtio block
drivers correctly (Pavel Butsykin, Kun Wei).
Virt-v2v now installs virtio-rng, balloon and pvpanic drivers, and
correctly sets this in the target hypervisor metadata for hypervisors
which support that (Tomáš Golembiovský).
Virt-v2v now installs both legacy and modern virtio keys in the Windows
registry (Ladi Prosek).
Virt-p2v can now preserve (in some cases) the offset of the Real Time
Clock from UTC.
Virt-p2v now combines several scp commands to the conversion server
into a single command, improving conversion times.
Virt-v2v now detects the special Linux Xen PV-only kernels correctly
(Laszlo Ersek).
Virt-v2v -o glance now generates the right properties for UEFI guests
(Pino Toscano).
Virt-v2v -o null now avoids spooling the guest to a temporary file,
instead it writes to the qemu "null block device". This makes it
faster and use almost no disk space.
Virt-v2v -o rhv now supports Windows 2016 Server guest type.
Virt-v2v -i libvirtxml can now open network disks over http or https.
Virt-v2v will now give a warning about host passthrough devices (Pino
Toscano).
The virt-v2v --machine-readable output has been enhanced so it includes
"vcenter-https", "xen-ssh" and "in-place" facts (Pino Toscano).
Language bindings
Fix multiple memory leaks and other data corruption problems in the
Java bindings (Pino Toscano).
Perl %guestfs_introspection has been dropped.
Inspection
Inspection support was rewritten in OCaml and included inside the
daemon. This makes inspection considerably faster, more robust and
more easily extensible in future.
Better icon support for ALT Linux guests (Pino Toscano).
Better support for NeoKylin (Qingzheng Zhang).
Can handle OSes like Void Linux which do not include "VERSION_ID" in
/etc/os-release (Pino Toscano).
Add support for Microsoft MS-DOS (Daniel Berrangé).
Architectures and platforms
Multiple fixes for S/390 architecture. Libguestfs and all the tools
should now compile and run on this architecture.
Other
The libguestfs API is now thread-safe (although not parallel). You can
call APIs on the same handle from multiple threads without needing to
take a lock.
Security
There were multiple vulnerabilities in the icoutils "wrestool" program
which is run by libguestfs to create icons for Windows guests. Using
the latest "wrestool" is recommended.
API
New APIs
"hivex_value_string"
This replaces the deprecated "hivex_value_utf8" API, but does the
same thing.
"part_get_gpt_attributes"
"part_set_gpt_attributes"
Read and write GPT partition attribute flags (Cédric Bosdonnat).
"part_resize"
Enlarge or shrink an existing partition (Nikos Skalkotos).
"yara_destroy"
"yara_load"
"yara_scan"
Support for the Yara malware scanning engine (Matteo Cafasso).
Other API changes
APIs implemented in the daemon can now be written in either C or OCaml.
Several APIs were rewritten in OCaml, although we are not planning to
rewrite all of them.
You will now get a clear error message if you try to add too many disks
to the appliance, instead of getting a peculiar failure from qemu.
Certain APIs accidentally allowed you to use "/dev/urandom" as an input
"device", eg. "g.copy_device_to_device("/dev/urandom", "/dev/sda")".
The code has been modified to forbid this usage.
All APIs for inspecting installer CDs have been deprecated. Use
libosinfo for this task.
Build changes
A working OCaml compiler ≥ 4.01 is now required for building
libguestfs. The "./configure --disable-ocaml" option remains but is
only used to disable the OCaml language bindings.
Add "RELEASES" file which lists release dates for each version of
libguestfs. You must update this file when making a new release.
Documentation generated by "gtk-doc" has been removed. "./configure
--enable-gtk-doc" now does nothing.
Libtirpc is now used for XDR functions and rpcgen. Note that glibc has
deprecated and in most Linux distros dropped these, so for most people
this will be an extra dependency (Martin Kletzander).
Libxcrypt is now used for crypt(3). This is required if using glibc ≥
2.27.
"ocaml-hivex" is now required.
Libvirt ≥ 1.2.20 is now required.
There is now a "make check-root" target for tests which need to be run
as root (analogous to "make check-slow").
"./configure"-time check for "__attribute__((cleanup))" now works in
the cross-compilation case (Yann E. Morin).
The "AUTHORS" and "p2v/about-authors.c" files are now generated from a
single place.
Either GnuPG v1 or v2 can be used.
"./configure --with-guestfs-path" may be used to set the default
"LIBGUESTFS_PATH". In addition the way that the path is searched has
changed slightly so that all types of appliances are searched in each
path element separately (Pavel Butsykin).
"GUESTFSD_EXT_CMD" which was used to mark external commands in the
daemon has been removed. It was originally used by SUSE builds, but
they have not been using it for a while.
The output from "./configure" is now visually grouped under headings
related to what it is doing, making it much easier to scan (Pino
Toscano).
OCaml dependencies are now generated from a single script instead of
multiple not-quite-the-same Makefile fragments.
"./configure --with-distro=ID" can be used to override automatic Linux
distro detection at build time (Pino Toscano).
qemu ≥ 2.10 is supported (but not required). This adds mandatory
locking to disks and libguestfs turns this off in certain circumstances
when it is known to be safe (Lars Seipel, Peter Krempa, Daniel
Berrangé, Pino Toscano, Fam Zheng, Yongkui Guo, Václav Kadlčík).
Internals
Most common code has been moved to the common/ subdirectory, with OCaml
common code being in common/ml* directories (eg. common/visit and
common/mlvisit contain the visitor library in C and OCaml
respectively). The mllib directory has been deleted and replaced by
common/mltools.
There is now a lightweight OCaml binding for PCRE, see common/mlpcre.
Use of OCaml "Str" library has been mostly replaced with PCRE.
Add more calls to "udev_settle" to improve stability of partition code
(Dawid Zamirski).
Run "udev_settle" with --exit-if-exists option, which improves the
speed of this command (Pavel Butsykin).
Detect new locations of major(3), minor(3), makedev(3).
Actions can now be deprecated with no suggested replacement, for APIs
such as "guestfs_wait_ready" that should simply be removed from client
code.
Use gnulib "set_nonblocking_flag" wrapper instead of calling fcntl(2)
with "O_NONBLOCK" (Eric Blake). Similarly "set_cloexec_flag".
Fix memory leak in XFS version of "guestfs_vfs_minimum_size" (Pino
Toscano).
Valgrind checks now run on the virt-p2v binary.
Unicode single quotes ("‘’") and now used in place of '' or `'
throughout the code and documentation. Similarly for "’s" instead of
"'s".
The "is_zero" function has been reimplemented for greater speed (Eric
Blake).
In the direct backend, virtio-blk support has been removed. Virtio-
scsi is now the only supported way to add disks.
Generator string parameter and return types have been rationalised so
there are only two types ("String", "StringList") with many subtypes
eg. "FileIn" becomes "String (FileIn, ...)".
The appliance disk image can now be in formats other than raw (Pavel
Butsykin).
Multiple improvements to how we automatically build Debian templates
for virt-builder (Pino Toscano). Enable serial console for these
templates (Florian Klink).
In the daemon, instead of making a private copy of lvm.conf and
modifying it (eg for filters), start with an empty file since LVM
understands that to mean "all defaults" (Alasdair Kergon, Zdenek
Kabelac).
The "direct" backend can now run QMP queries against the QEMU binary,
enhancing the kinds of information we can detect. In addition the code
to query QEMU has been made more robust for handling multiple parallel
queries of different versions of QEMU.
OCaml Augeas bindings are bundled under common/mlaugeas. The long term
plan is to remove this and use system ocaml-augeas when it is more
widely available in distros (Pino Toscano).
All OCaml modules ("*.ml" files) are now required to have an interface
file ("*.mli"). If they don't export anything then the interface will
be empty except for comments.
Certain OCaml features in OCaml ≥ 4.01 are used throughout the code,
including replacing ‘{ field = field }’ with ‘{ field }’.
Virt-builder "make-template" utility now uses the "virt-install
--transient" option so that we should never need to clean up left over
domains after a crash. It also saves kickstarts and virt-install
commands, which are committed to git for future reference.
/dev/shm is now created in the appliance (Nicolas Hicher).
In verbose mode on Fedora guests, virt-customize will now use "dnf
--verbose" enabling better debugging output.
Virt-v2v input and output classes now contain a "#precheck" method
which is used to perform environmental checks before conversion starts.
Virt-p2v enables miniexpect debugging. It is written to stderr (of
virt-p2v).
Virt-v2v free space checks are more liberal especially for smaller
guests (Pino Toscano).
Bugs fixed
https://bugzilla.redhat.com/1540535
Example URI of "Convert from ESXi hypervisor over SSH to local
libvirt" is incorrect in v2v man page
https://bugzilla.redhat.com/1539395
virt-customize segfaults after upgrading to 1.37.35-3
https://bugzilla.redhat.com/1536765
Libguestfs Perl bindings can leak a small amount of memory on error
https://bugzilla.redhat.com/1536763
libguestfs Lua bindings use strerror(), which isn’t thread safe
https://bugzilla.redhat.com/1536603
man page makes no mention of using '--' when trying to change exit
on error behavior
https://bugzilla.redhat.com/1525241
virt-df displays zeros for filesystems with block size =512
https://bugzilla.redhat.com/1519204
v2v should improve the result when convert a rhel7.4 guest with no
available kernels found in the bootloader
https://bugzilla.redhat.com/1518517
virt-v2v fails with "unsupported configuration: shared access for
disk 'sdb' requires use of supported storage format"
https://bugzilla.redhat.com/1516094
Mere presence of QEMU file locking options breaks NBD (Block
protocol 'nbd' doesn't support the option 'locking')
https://bugzilla.redhat.com/1514756
./configure --disable-ocaml breaks building common/mlpcre which
breaks building daemon
https://bugzilla.redhat.com/1513884
[RFE]Should update some vddk info in v2v man page
https://bugzilla.redhat.com/1508874
virt-v2v: warning: ova disk has an unknown VMware controller type
(20)
https://bugzilla.redhat.com/1506572
virt-v2v '-i ova' is not parsing the MAC address from the source
OVF
https://bugzilla.redhat.com/1506511
virt-builder fails to parse repo file if it has blank space after
the repository identifier
https://bugzilla.redhat.com/1503958
Failed to convert the rhel5 guest with kmod-xenpv installed from
xen server by virt-v2v
https://bugzilla.redhat.com/1503497
qemu-kvm fails to open qcow2 files in read-only mode with qemu-kvm
1.5.3
https://bugzilla.redhat.com/1500673
Error info shows wrong sometimes when ssh to conversion server
using non-root user with sudo on p2v client
https://bugzilla.redhat.com/1500537
/dev/shm does not exist in the appliance environment
https://bugzilla.redhat.com/1497475
guestfish cannot list commands from interactive mode
https://bugzilla.redhat.com/1493048
Unbound constructor Hivex.OPEN_UNSAFE
https://bugzilla.redhat.com/1484957
bump debian images to use single-partition layout
https://bugzilla.redhat.com/1482737
virt-resize failed to expand swap partition for RHEL5.11 guest
image with "parsing UUID failed"
https://bugzilla.redhat.com/1477623
Running file API on a special chardev may hang forever
https://bugzilla.redhat.com/1476081
inspect-os report error: could not parse integer in version
number: V7Update2
https://bugzilla.redhat.com/1472719
[RFE]Add warning in process of v2v converting guest which has pci
passthrough device
https://bugzilla.redhat.com/1472208
virt-v2v fails on opensuse 13.2 guest with error: statns:
statns_stub: path must start with a / character
https://bugzilla.redhat.com/1469655
firstboot scripts are not correctly installed in Fedora 26
https://bugzilla.redhat.com/1466563
Libguestfs should pass copyonread flag through to the libvirt XML
https://bugzilla.redhat.com/1465665
1.36.x build failure: gtkdocize fails using newer autotools due to
missing GTK_DOC_CHECK in configure.ac
https://bugzilla.redhat.com/1460338
guestfs_shutdown hangs if main process sets signal handlers
https://bugzilla.redhat.com/1459979
guestfs_add_domain_argv fails with readonly option when vdi/vhd
disk is attached to libvirt domain
https://bugzilla.redhat.com/1451665
RFE: Virt-v2v can't convert the guest which has encrypted partition
https://bugzilla.redhat.com/1450325
document URI format for -a parameters of tools
https://bugzilla.redhat.com/1448739
RFE: Support multicore decompression for OVA files using pigz and
pxz
https://bugzilla.redhat.com/1447202
Win 2016 guest is described as Win 10 after imported to RHEVM
https://bugzilla.redhat.com/1441197
RFE: ability to convert VMware virtual machines via vmx
https://bugzilla.redhat.com/1438939
Please drop or update GnuPG (1.4.x) dependency
https://bugzilla.redhat.com/1438794
[RFE] Install Windows virtio-rng drivers on VMs imported
https://bugzilla.redhat.com/1433937
virt-inspector can't get icon info from altlinux-centaurus
https://bugzilla.redhat.com/1433577
policycoreutils setfiles >= 2.6 does .. nothing
https://bugzilla.redhat.com/1431579
Windows 8 UEFI from VMware to KVM fails to boot after conversion
https://bugzilla.redhat.com/1430680
There is error info about "No such file or directory" when convert
a guest from ova file by v2v
https://bugzilla.redhat.com/1430184
virt-dib should generate sha256 checksum instead of sha512
https://bugzilla.redhat.com/1429506
RFE: OVMF should be detected on conversion server to prevent failed
conversion
https://bugzilla.redhat.com/1429491
Should rename network name of rhv in virt-v2v man page
https://bugzilla.redhat.com/1427529
virt-sysprep should remove DHCP_HOSTNAME
https://bugzilla.redhat.com/1417306
QEMU image file locking (libguestfs)
https://bugzilla.redhat.com/1409024
[Debian] Missing db_dump abort inspection
https://bugzilla.redhat.com/1406906
Segmentation fault when reading corrupted path with Python 3
bindings
https://bugzilla.redhat.com/1379289
RFE: virt-p2v should support mnemonic operations
https://bugzilla.redhat.com/1378022
There is virt-v2v warning about <listen type='none'> during
converting a guest which has listen type='none' in XML
https://bugzilla.redhat.com/1376547
qemu-system-s390x: -device
isa-serial,chardev=charserial0,id=serial0: 'isa-serial' is not a
valid device model name
https://bugzilla.redhat.com/1374232
selinux relabel fails on RHEL 6.2 guests with "libguestfs error:
selinux_relabel: : Success"
https://bugzilla.redhat.com/1367738
Missing bash completion scripts for: virt-diff guestunmount virt-
copy-in virt-copy-out virt-customize virt-get-kernel
virt-p2v-make-disk virt-p2v-make-kickstart virt-tar-in virt-tar-out
virt-v2v-copy-to-local virt-win-reg
https://bugzilla.redhat.com/1362649
RFE: virt-sysprep does not utilize libguestfs encryption support
https://bugzilla.redhat.com/1172425
[RFE]virt-v2v failed to convert VMware ESX VM with snapshot
https://bugzilla.redhat.com/1171654
Modify a file in virt-rescue with vi on some linux terminal such as
yakuake, can lead to abnormal display in virt-rescue shell
https://bugzilla.redhat.com/1167623
Remove "If reporting bugs, run virt-v2v with debugging enabled .."
message when running virt-p2v
https://bugzilla.redhat.com/1152819
Can not end a running command in virt-rescue by press ^C or other
keys, the only way is to exit virt-rescue
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-top is 'top' for virtual machines. Tiny program with many
powerful monitoring features, net stats, disk stats, logging, etc.
http://people.redhat.com/~rjones/virt-top
6 years, 9 months