[libvirt PATCH] qemu: fix potential resource leak
by Jonathon Jongsma
Coverity reported a potential resource leak. While it's probably not
a real-world scenario, the code could technically jump to cleanup
between the time that vdpafd is opened and when it is used. Ensure that
it gets cleaned up in that case.
Signed-off-by: Jonathon Jongsma <jjongsma(a)redhat.com>
---
src/qemu/qemu_command.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 5c4e37bd9e..cbe7a6e331 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -8135,6 +8135,7 @@ qemuBuildInterfaceCommandLine(virQEMUDriverPtr driver,
addfdarg = g_strdup_printf("%s,opaque=%s", fdset,
net->data.vdpa.devicepath);
virCommandAddArgList(cmd, "-add-fd", addfdarg, NULL);
+ vdpafd = -1;
}
if (chardev)
@@ -8204,6 +8205,8 @@ qemuBuildInterfaceCommandLine(virQEMUDriverPtr driver,
VIR_FREE(tapfdName);
VIR_FREE(vhostfd);
VIR_FREE(tapfd);
+ if (vdpafd >= 0)
+ VIR_FORCE_CLOSE(vdpafd);
return ret;
}
--
2.26.2
4 years, 1 month
[PATCH 0/4] hyperv: Deduplicate and reformat
by Michal Privoznik
The more I look into the code the more things to fix I find. Well, here
are some fixes.
Michal Prívozník (4):
hyperv: Don't overwrite errors from hypervCreateInvokeParamsList()
hyperv: Use hypervRequestStateChange() in hypervDomainSuspend()
hyperv: Use two empty lines between functions
hyperv: Reformat
src/hyperv/hyperv_driver.c | 186 +++++++++---------------
src/hyperv/hyperv_util.c | 1 -
src/hyperv/hyperv_wmi.c | 288 +++++++++++++++++++------------------
src/hyperv/hyperv_wmi.h | 15 +-
4 files changed, 229 insertions(+), 261 deletions(-)
--
2.26.2
4 years, 1 month
[libvirt PATCH] qemu: honour fatal errors dealing with qemu slirp helper
by Daniel P. Berrangé
Currently all errors from qemuInterfacePrepareSlirp() are completely
ignored by the callers. The intention is that missing qemu-slirp binary
should cause the caller to fallback to the built-in slirp impl.
Many of the possible errors though should indeed be considered fatal.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
src/qemu/qemu_hotplug.c | 7 +++++--
src/qemu/qemu_interface.c | 21 +++++++++++++++------
src/qemu/qemu_interface.h | 5 +++--
src/qemu/qemu_process.c | 8 ++++++--
src/qemu/qemu_slirp.c | 3 ---
5 files changed, 29 insertions(+), 15 deletions(-)
diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
index 79fc8baa5c..dc998236de 100644
--- a/src/qemu/qemu_hotplug.c
+++ b/src/qemu/qemu_hotplug.c
@@ -1311,9 +1311,12 @@ qemuDomainAttachNetDevice(virQEMUDriverPtr driver,
case VIR_DOMAIN_NET_TYPE_USER:
if (!priv->disableSlirp &&
virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_DBUS_VMSTATE)) {
- qemuSlirpPtr slirp = qemuInterfacePrepareSlirp(driver, net);
+ qemuSlirpPtr slirp = NULL;
+ int rv = qemuInterfacePrepareSlirp(driver, net, &slirp);
- if (!slirp)
+ if (rv == -1)
+ return -1;
+ if (rv == 0)
break;
QEMU_DOMAIN_NETWORK_PRIVATE(net)->slirp = slirp;
diff --git a/src/qemu/qemu_interface.c b/src/qemu/qemu_interface.c
index cbf3d99981..b4ab809970 100644
--- a/src/qemu/qemu_interface.c
+++ b/src/qemu/qemu_interface.c
@@ -636,30 +636,39 @@ qemuInterfaceBridgeConnect(virDomainDefPtr def,
}
-qemuSlirpPtr
+/*
+ * Returns: -1 on error, 0 if slirp isn't available, 1 on succcess
+ */
+int
qemuInterfacePrepareSlirp(virQEMUDriverPtr driver,
- virDomainNetDefPtr net)
+ virDomainNetDefPtr net,
+ qemuSlirpPtr *slirpret)
{
g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
g_autoptr(qemuSlirp) slirp = NULL;
size_t i;
+ if (!cfg->slirpHelperName ||
+ !virFileExists(cfg->slirpHelperName))
+ return 0; /* fallback to builtin slirp impl */
+
if (!(slirp = qemuSlirpNewForHelper(cfg->slirpHelperName)))
- return NULL;
+ return -1;
for (i = 0; i < net->guestIP.nips; i++) {
const virNetDevIPAddr *ip = net->guestIP.ips[i];
if (VIR_SOCKET_ADDR_IS_FAMILY(&ip->address, AF_INET) &&
!qemuSlirpHasFeature(slirp, QEMU_SLIRP_FEATURE_IPV4))
- return NULL;
+ return 0;
if (VIR_SOCKET_ADDR_IS_FAMILY(&ip->address, AF_INET6) &&
!qemuSlirpHasFeature(slirp, QEMU_SLIRP_FEATURE_IPV6))
- return NULL;
+ return 0;
}
- return g_steal_pointer(&slirp);
+ *slirpret = g_steal_pointer(&slirp);
+ return 1;
}
diff --git a/src/qemu/qemu_interface.h b/src/qemu/qemu_interface.h
index 3dcefc6a12..b5e91e3ab2 100644
--- a/src/qemu/qemu_interface.h
+++ b/src/qemu/qemu_interface.h
@@ -56,5 +56,6 @@ int qemuInterfaceOpenVhostNet(virDomainDefPtr def,
int *vhostfd,
size_t *vhostfdSize) G_GNUC_NO_INLINE;
-qemuSlirpPtr qemuInterfacePrepareSlirp(virQEMUDriverPtr driver,
- virDomainNetDefPtr net);
+int qemuInterfacePrepareSlirp(virQEMUDriverPtr driver,
+ virDomainNetDefPtr net,
+ qemuSlirpPtr *slirp);
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 5bc76a75e3..59206a17fb 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -5697,9 +5697,13 @@ qemuProcessNetworkPrepareDevices(virQEMUDriverPtr driver,
} else if (actualType == VIR_DOMAIN_NET_TYPE_USER &&
!priv->disableSlirp &&
virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_DBUS_VMSTATE)) {
- qemuSlirpPtr slirp = qemuInterfacePrepareSlirp(driver, net);
+ qemuSlirpPtr slirp = NULL;
+ int rv = qemuInterfacePrepareSlirp(driver, net, &slirp);
- QEMU_DOMAIN_NETWORK_PRIVATE(net)->slirp = slirp;
+ if (rv == -1)
+ return -1;
+ if (rv == 1)
+ QEMU_DOMAIN_NETWORK_PRIVATE(net)->slirp = slirp;
}
}
diff --git a/src/qemu/qemu_slirp.c b/src/qemu/qemu_slirp.c
index d2e4ed79be..dfb36125f0 100644
--- a/src/qemu/qemu_slirp.c
+++ b/src/qemu/qemu_slirp.c
@@ -101,9 +101,6 @@ qemuSlirpNewForHelper(const char *helper)
virJSONValuePtr featuresJSON;
size_t i, nfeatures;
- if (!helper)
- return NULL;
-
slirp = qemuSlirpNew();
if (!slirp) {
virReportError(VIR_ERR_INTERNAL_ERROR,
--
2.26.2
4 years, 1 month
[PATCH 0/3] Fix stat mocks on macOS
by Roman Bolshakov
Hi,
The series partially addresses
https://gitlab.com/libvirt/libvirt/-/issues/58 by enabling stat mocks
and that fixes qemufirmwaretest, domaincapstest and qemuvhostusertest.
Thanks,
Roman
Roman Bolshakov (3):
tests: Fix lstat() mock initialization on macOS
tests: Re-introduce stat/lstat mocks on macOS
tests: Use flat namespace for qemu test driver
tests/meson.build | 1 +
tests/virmockstathelpers.c | 18 +++++++++++++-----
2 files changed, 14 insertions(+), 5 deletions(-)
--
2.28.0
4 years, 1 month
where can i find the sourcecode from virDomainDestroy ?
by Lentes, Bernd
Hi,
i have some questions concerning the destroying of domains, and i hope i'm right here. If not sorry for the disturbance.
I'm running a two node HA cluster with pacemaker and KVM domains as resources.
>From time to time when i try to stop a domain with the cluster manager that does not work, so the domain is destroyed.
That's ok.
But seldom and irregular also destroy does not work, so the node this domain is running on is fenced.
That's ugly. Fencing is the worst which can happen to a cluster and i try to avoid it.
Maybe destroy does not work because of heavy load, i'm currently examing that.
I installed the source package from libvirt-4.0.0, i have a SLES 12 SP4.
I found a virsh-domain.c which i assume is responsible for the domains. Right ?
I found a function called "virDomainDestroy", which i believe has the purpose to destroy the domain. Right ?
But i don't find the source for that function. I greped the whole source code for it, but didn't find it.
I'd like to know what this function returns in success or failure.
Could you please help me ?
Thanks.
Bernd
--
Bernd Lentes
Systemadministration
Institute for Metabolism and Cell Death (MCD)
Building 25 - office 122
HelmholtzZentrum München
bernd.lentes(a)helmholtz-muenchen.de
phone: +49 89 3187 1241
phone: +49 89 3187 3827
fax: +49 89 3187 2294
http://www.helmholtz-muenchen.de/mcd
stay healthy
Helmholtz Zentrum München
Helmholtz Zentrum München
4 years, 1 month
[PATCH] news: introduce memory failure event
by zhenwei pi
Signed-off-by: zhenwei pi <pizhenwei(a)bytedance.com>
---
NEWS.rst | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/NEWS.rst b/NEWS.rst
index d0454b7840..a01481801e 100644
--- a/NEWS.rst
+++ b/NEWS.rst
@@ -13,6 +13,11 @@ v6.9.0 (unreleased)
* **New features**
+ * Introduce memory failure event
+
+ Libvirt could handle domain's memory failure event. Drivers need to
+ implement their own method. Currently, only QEMU supports this feature.
+
* qemu: Implement support for ``<transient/>`` disks
VMs based on the QEMU hypervisor now can use ``<transient/>`` option for
--
2.11.0
4 years, 1 month
[libvirt PATCH] libvirt-guests: Sync time for autostarted guests
by Tim Wiederhake
From: Orion Poplawski <orion(a)nwra.com>
Setting SYNC_TIME=1 does not work on autostarted guests.
Signed-off-by: Tim Wiederhake <twiederh(a)redhat.com>
---
tools/libvirt-guests.sh.in | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/tools/libvirt-guests.sh.in b/tools/libvirt-guests.sh.in
index d69df908d2..87f96af14d 100644
--- a/tools/libvirt-guests.sh.in
+++ b/tools/libvirt-guests.sh.in
@@ -206,9 +206,9 @@ start() {
retval run_virsh "$uri" start $bypass "$name" \
>/dev/null && \
gettext "done"; echo
- if "$sync_time"; then
- run_virsh "$uri" domtime --sync "$name" >/dev/null
- fi
+ fi
+ if "$sync_time"; then
+ run_virsh "$uri" domtime --sync "$name" >/dev/null
fi
fi
done
--
2.26.2
4 years, 1 month
[PATCH v3 0/2]support memory failure
by zhenwei pi
v2->v3:
Rework patches to make each patch could be compiled,
v1->v2:
Seperate a 'all in one' patch into 4 patches.
Use a 'flags' with bit definition instead of 'action_required'
& 'recursive' for extention.
Queue event directly without internal job.
Add full test method in commit.
v1:
Since QEMU 5.2 (commit-77b285f7f6), QEMU supports 'memory failure'
event, posts event to monitor if hitting a hardware memory error.
zhenwei pi (2):
libvirt: support memory failure event
qemu: implement memory failure event
include/libvirt/libvirt-domain.h | 82 +++++++++++++++++++++++++++++++++++++
src/conf/domain_event.c | 80 ++++++++++++++++++++++++++++++++++++
src/conf/domain_event.h | 12 ++++++
src/libvirt_private.syms | 2 +
src/remote/remote_daemon_dispatch.c | 32 +++++++++++++++
src/remote/remote_driver.c | 32 +++++++++++++++
src/remote/remote_protocol.x | 16 +++++++-
src/remote_protocol-structs | 8 ++++
examples/c/misc/event-test.c | 16 ++++++++
tools/virsh-domain.c | 40 ++++++++++++++++++
src/qemu/qemu_monitor.c | 21 +++++++++-
src/qemu/qemu_monitor.h | 39 ++++++++++++++++++
src/qemu/qemu_monitor_json.c | 49 ++++++++++++++++++++++
src/qemu/qemu_process.c | 59 ++++++++++++++++++++++++++
14 files changed, 486 insertions(+), 2 deletions(-)
--
2.11.0
4 years, 1 month
[PATCH] os: deprecate the -enable-fips option and QEMU's FIPS enforcement
by Daniel P. Berrangé
The -enable-fips option was added a long time ago to prevent the use of
single DES when VNC when FIPS mode is enabled. It should never have been
added, because apps are supposed to unconditionally honour FIPS mode
based on the '/proc/sys/crypto/fips_enabled' file contents.
In addition there is more to achieving FIPS compliance than merely
blocking use of certain algorithms. Those algorithms which are used
need to perform self-tests at runtime.
QEMU's built-in cryptography provider has no support for self-tests,
and neither does the nettle library.
If QEMU is required to be used in a FIPS enabled host, then it must be
built with the libgcrypt library enabled, which will unconditionally
enforce FIPS compliance in any algorithm usage.
Thus there is no need to keep either the -enable-fips option in QEMU, or
QEMU's internal FIPS checking methods.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
docs/system/deprecated.rst | 11 +++++++++++
os-posix.c | 3 +++
2 files changed, 14 insertions(+)
diff --git a/docs/system/deprecated.rst b/docs/system/deprecated.rst
index 905628f3a0..faa2bc49b1 100644
--- a/docs/system/deprecated.rst
+++ b/docs/system/deprecated.rst
@@ -158,6 +158,17 @@ devices. It is possible to use drives the board doesn't pick up with
-device. This usage is now deprecated. Use ``if=none`` instead.
+``--enable-fips`` (since 5.2)
+
+This option restricts usage of certain cryptographic algorithms when
+the host is operating in FIPS mode.
+
+If FIPS compliance is required, QEMU should be built with the ``libgcrypt``
+library enabled as a cryptography provider.
+
+Neither the ``nettle`` library, or the built-in cryptography provider are
+supported on FIPS enabled hosts.
+
QEMU Machine Protocol (QMP) commands
------------------------------------
diff --git a/os-posix.c b/os-posix.c
index 1de2839554..a6846f51c1 100644
--- a/os-posix.c
+++ b/os-posix.c
@@ -153,6 +153,9 @@ int os_parse_cmd_args(int index, const char *optarg)
break;
#if defined(CONFIG_LINUX)
case QEMU_OPTION_enablefips:
+ warn_report("-enable-fips is deprecated, please build QEMU with "
+ "the `libgcrypt` library as the cryptography provider "
+ "to enable FIPS compliance");
fips_set_state(true);
break;
#endif
--
2.26.2
4 years, 1 month
[PATCH 00/15] util: hash: Use glib's GHashTable - preparation (part 1)
by Peter Krempa
Glib provides a hash table implementation called GHashTable.
In this part of the series we'll refactor two instances of code which
use non-string keys for hashtable to use GHashTable directly which
simplifies the code (glib provides int hashing functions).
Since GHashTable is not a direct replacement for virHashTable without
code modification (glib's functions don't accept NULL hash table, ours
do) the next step will be to use virHashTable as a shim to provide NULL
compatibility and adapt to our slightly different style of iterators.
For this step we modify the variable type for the key to be 'char *' as
there's no other option left and remove various internals which won't be
compatible with GHashTable.
Second part (WIP, [1]) will then rewrite virHashTable internals to use
GHashTable, which will be used as an intermediate step before removal
which requires audit of all callers.
[1]: https://gitlab.com/pipo.sk/libvirt/-/commits/glib-hash-part2
- needs auditing of all callers of virHashForeach to ensure that they
don't modify the hash table itself from the callback
Peter Krempa (15):
virCgroupKillRecursive: Return -1 on failure condition
util: virhash: Remove virHashTableSize
util: cgroup: Use GHashTable instead of virHashTable
virCgroupKillRecursive: Refactor cleanup
conf: domain_addr: Refactor hash usage in zpci reservation code
virHashAtomicNew: Remove 'size' argument
conf: nwfilter: Replace 'virNWFilterHashTableCreate' with 'virHashNew'
tests: hash: Prepare for replacement of virHashCreate
qemuDomainObjPrivateAlloc: Use virHashNew instead of virHashCreate
Replace all instances of 'virHashCreate' with 'virHashNew'
util: hash: Remove virHashValueFree
util: hash: Remove virHashCreateFull
util: hash: Change type of hash table name/key to 'char'
util: virhash: Remove key handling callbacks
virHashRemoveAll: Don't return number of removed items
src/conf/domain_addr.c | 125 +++--------
src/conf/domain_addr.h | 4 +-
src/conf/domain_conf.c | 4 +-
src/conf/domain_nwfilter.c | 2 +-
src/conf/nwfilter_ipaddrmap.c | 2 +-
src/conf/nwfilter_params.c | 14 +-
src/conf/nwfilter_params.h | 2 +-
src/conf/virchrdev.c | 4 +-
src/conf/virdomainmomentobjlist.c | 8 +-
src/conf/virdomainobjlist.c | 16 +-
src/conf/virinterfaceobj.c | 12 +-
src/conf/virnetworkobj.c | 21 +-
src/conf/virnodedeviceobj.c | 20 +-
src/conf/virnwfilterbindingdef.c | 2 +-
src/conf/virnwfilterbindingobjlist.c | 6 +-
src/conf/virsecretobj.c | 10 +-
src/conf/virstorageobj.c | 32 +--
src/hyperv/hyperv_wmi.c | 2 +-
src/hypervisor/virclosecallbacks.c | 4 +-
src/libvirt_private.syms | 5 +-
src/libxl/libxl_logger.c | 2 +-
src/locking/lock_daemon.c | 10 +-
src/nwfilter/nwfilter_dhcpsnoop.c | 12 +-
src/nwfilter/nwfilter_ebiptables_driver.c | 4 +-
src/nwfilter/nwfilter_gentech_driver.c | 14 +-
src/nwfilter/nwfilter_learnipaddr.c | 4 +-
src/qemu/qemu_block.c | 6 +-
src/qemu/qemu_blockjob.c | 2 +-
src/qemu/qemu_capabilities.c | 6 +-
src/qemu/qemu_checkpoint.c | 2 +-
src/qemu/qemu_domain.c | 8 +-
src/qemu/qemu_domain.h | 2 +-
src/qemu/qemu_driver.c | 2 +-
src/qemu/qemu_interop_config.c | 2 +-
src/qemu/qemu_migration.c | 2 +-
src/qemu/qemu_migration_cookie.c | 2 +-
src/qemu/qemu_monitor.c | 10 +-
src/qemu/qemu_monitor_json.c | 2 +-
src/qemu/qemu_process.c | 2 +-
src/qemu/qemu_qapi.c | 2 +-
src/qemu/qemu_snapshot.c | 4 +-
src/rpc/virnetdaemon.c | 16 +-
src/security/security_selinux.c | 4 +-
src/test/test_driver.c | 6 +-
src/util/vircgroup.c | 76 ++-----
src/util/vircgroupbackend.h | 3 +-
src/util/vircgrouppriv.h | 2 +-
src/util/vircgroupv1.c | 2 +-
src/util/vircgroupv2.c | 2 +-
src/util/virfilecache.c | 4 +-
src/util/virhash.c | 201 +++---------------
src/util/virhash.h | 94 ++------
src/util/viriptables.c | 4 +-
src/util/virlockspace.c | 8 +-
src/util/virmacmap.c | 6 +-
src/util/virstoragefile.c | 4 +-
src/util/virsystemd.c | 2 +-
tests/nwfilterxml2firewalltest.c | 6 +-
tests/qemumonitorjsontest.c | 12 +-
tests/qemusecuritymock.c | 12 +-
.../blockjob-blockdev-in.xml | 110 +++++-----
tests/testutilsqemu.c | 2 +-
tests/virhashtest.c | 52 ++---
63 files changed, 340 insertions(+), 683 deletions(-)
--
2.26.2
4 years, 1 month
