August 2010 - Devel - Libvirt List Archives

[libvirt] [PATCH 1/3] Close fd's of persistent tap devices

by Soren Hansen

When passing a NULL tapfd argument to brAddTap, we need to close the fd of the tap device. If we don't, libvirt will keep the fd open indefinitely and renders the the guest unable to configure its side of the tap device. Signed-off-by: Soren Hansen <soren(a)linux2go.dk> --- src/util/bridge.c | 2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) diff --git a/src/util/bridge.c b/src/util/bridge.c index 7d0caae..da62c5e 100644 --- a/src/util/bridge.c +++ b/src/util/bridge.c @@ -538,6 +538,8 @@ brAddTap(brControl *ctl, goto error; if (tapfd) *tapfd = fd; + else + close(fd); return 0; error: -- 1.7.0.4

14 years, 8 months

2
1
0 / 0

[libvirt] [PATCH] Make sure all command line arguments get passed to UML

by soren＠linux2go.dk

From: Soren Hansen <soren(a)linux2go.dk> If umlBuildCommandLineChr fails (e.g. due to an unsupported chardev type), it returns NULL. umlBuildCommandLine does not check for this and sets this as an argument on the comand line, effectively ending the argument list. This patch checks for this case and sets the chardev to "none". Signed-off-by: Soren Hansen <soren(a)linux2go.dk> --- src/uml/uml_conf.c | 8 ++++---- 1 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/uml/uml_conf.c b/src/uml/uml_conf.c index 1623a78..42193e4 100644 --- a/src/uml/uml_conf.c +++ b/src/uml/uml_conf.c @@ -511,10 +511,10 @@ int umlBuildCommandLine(virConnectPtr conn, } for (i = 0 ; i < UML_MAX_CHAR_DEVICE ; i++) { - char *ret; + char *ret = NULL; if (i == 0 && vm->def->console) ret = umlBuildCommandLineChr(vm->def->console, "con"); - else + if (!ret) if (virAsprintf(&ret, "con%d=none", i) < 0) goto no_memory; ADD_ARG(ret); @@ -522,13 +522,13 @@ int umlBuildCommandLine(virConnectPtr conn, for (i = 0 ; i < UML_MAX_CHAR_DEVICE ; i++) { virDomainChrDefPtr chr = NULL; - char *ret; + char *ret = NULL; for (j = 0 ; j < vm->def->nserials ; j++) if (vm->def->serials[j]->target.port == i) chr = vm->def->serials[j]; if (chr) ret = umlBuildCommandLineChr(chr, "ssl"); - else + if (!ret) if (virAsprintf(&ret, "ssl%d=none", i) < 0) goto no_memory; ADD_ARG(ret); -- 1.7.0.4

14 years, 8 months

2
1
0 / 0

[libvirt] PATCH 0/4: AppArmor updates

by Jamie Strandboge

This patchset consists of various small updates to the AppArmor security driver: 0001-apparmor-dont-ignore-open.patch: Exit with error if virDomainDiskDefForeachPath() fails, unless the disk doesn't exist, at which point we skip it without error. Also add several tests to virt-aa-helper-test for '-p' option. 0002-apparmor-chardev.patch: fix serial ports, parallel ports and channels 0003-apparmor-examples.patch: update to example AppArmor profile 0004-apparmor-fix-warn.patch: fix a compiler warning The updates in 0001-apparmor-dont-ignore-open.patch are needed to ensure that it works consistently with and without '-p 1' and that the security fix works as advertised. The other patches should speak for themselves. -- Jamie Strandboge | http://www.canonical.com

14 years, 8 months

1
0
0 / 0

[libvirt] [PATCH v2] nwfilter: Discard class D and E IP addresses when sniffing packets

by Stefan Berger

V2: Corrected comment and simplified mask to check for class D and E IP addresses When sniffing the network traffic, discard class D and E IP addresses when sniffing traffic. This was a reason why filters were not correctly rebuilt on VMs on the local 192.* network when libvirt was restarted and those VMs did not use a DHCP request to get its IP address. Signed-off-by: Stefan Berger<stefanb(a)us.ibm.com> --- src/nwfilter/nwfilter_learnipaddr.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) Index: libvirt-acl/src/nwfilter/nwfilter_learnipaddr.c =================================================================== --- libvirt-acl.orig/src/nwfilter/nwfilter_learnipaddr.c +++ libvirt-acl/src/nwfilter/nwfilter_learnipaddr.c @@ -546,9 +546,11 @@ learnIPAddressThread(void *arg) struct iphdr *iphdr = (struct iphdr*)(packet + ethHdrSize); vmaddr = iphdr->saddr; - // skip eth. bcast and mcast addresses, - // and zero address in DHCP Requests - if ((ntohl(vmaddr)& 0xc0000000) || vmaddr == 0) { + // skip mcast addresses (224.0.0.0 - 239.255.255.255), + // class E (240.0.0.0 - 255.255.255.255, includes eth. + // bcast) and zero address in DHCP Requests + if ( (ntohl(vmaddr)& 0xe0000000) == 0xe0000000 || + vmaddr == 0) { vmaddr = 0; continue; }

14 years, 8 months

3
2
0 / 0

[libvirt] [PATCH[ nwfilter: Discard class D and E IP addresses when sniffing

by Stefan Berger

When sniffing the network traffic, discard class D and E IP addresses when sniffing traffic. This was a reason why filters were not correctly rebuilt on VMs on the local 192.* network when libvirt was restarted and those VMs did not use a DHCP request to get its IP address. Signed-off-by: Stefan Berger <stefanb(a)us.ibm.com> --- src/nwfilter/nwfilter_learnipaddr.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) Index: libvirt-acl/src/nwfilter/nwfilter_learnipaddr.c =================================================================== --- libvirt-acl.orig/src/nwfilter/nwfilter_learnipaddr.c +++ libvirt-acl/src/nwfilter/nwfilter_learnipaddr.c @@ -546,9 +546,12 @@ learnIPAddressThread(void *arg) struct iphdr *iphdr = (struct iphdr*)(packet + ethHdrSize); vmaddr = iphdr->saddr; - // skip eth. bcast and mcast addresses, + // skip eth. bcast and mcast addresses (224.0.0.0 - + // 239.255.255.255), class E (255.*) // and zero address in DHCP Requests - if ((ntohl(vmaddr) & 0xc0000000) || vmaddr == 0) { + if ( (ntohl(vmaddr) & 0xe0000000) == 0xe0000000 || + (ntohl(vmaddr) & 0xf0000000) == 0xf0000000 || + vmaddr == 0) { vmaddr = 0; continue; }

14 years, 8 months

3
4
0 / 0

[libvirt] [PATCH] nwfilter: fix a memory leak

by Stefan Berger

Fixing a memory leak. Signed-off-by: Stefan Berger <stefanb(a)us.ibm.com> --- src/nwfilter/nwfilter_ebiptables_driver.c | 3 +++ 1 file changed, 3 insertions(+) Index: libvirt-acl/src/nwfilter/nwfilter_ebiptables_driver.c =================================================================== --- libvirt-acl.orig/src/nwfilter/nwfilter_ebiptables_driver.c +++ libvirt-acl/src/nwfilter/nwfilter_ebiptables_driver.c @@ -2973,6 +2973,9 @@ static int ebtablesCleanAll(const char * ebtablesRemoveTmpRootChain(&buf, 0, ifname); ebiptablesExecCLI(&buf, &cli_status); + + virBufferFreeAndReset(&buf); + return 0; }

14 years, 8 months

3
2
0 / 0

[libvirt] [PATCH] Only require XDR when building libvirtd or the remote driver

by Matthias Bolte

--- configure.ac | 31 +++++++++++++++++++------------ 1 files changed, 19 insertions(+), 12 deletions(-) diff --git a/configure.ac b/configure.ac index a762bae..764405c 100644 --- a/configure.ac +++ b/configure.ac @@ -111,18 +111,6 @@ dnl Availability of various common headers (non-fatal if missing). AC_CHECK_HEADERS([pwd.h paths.h regex.h sys/syslimits.h \ termios.h sys/poll.h syslog.h mntent.h net/ethernet.h linux/magic.h]) -dnl Where are the XDR functions? -dnl If portablexdr is installed, prefer that. -dnl Otherwise try -lrpc (Cygwin) -lxdr (some MinGW), -lnsl (Solaris) -dnl or none (most Unix) -AC_CHECK_LIB([portablexdr],[xdrmem_create],[],[ - AC_SEARCH_LIBS([xdrmem_create],[rpc xdr nsl],[], - [AC_MSG_ERROR([Cannot find a XDR library])]) - ]) - -dnl check for cygwin's variation in xdr function names -AC_CHECK_FUNCS([xdr_u_int64_t],[],[],[#include <rpc/xdr.h>]) - AC_CHECK_LIB([intl],[gettext],[]) dnl Do we have rpcgen? @@ -319,6 +307,25 @@ AM_CONDITIONAL([WITH_OPENVZ], [test "$with_openvz" = "yes"]) dnl +dnl check for XDR +dnl + +if test x"$with_remote" = x"yes" || test x"$with_libvirtd" = x"yes"; then + dnl Where are the XDR functions? + dnl If portablexdr is installed, prefer that. + dnl Otherwise try -lrpc (Cygwin) -lxdr (some MinGW), -lnsl (Solaris) + dnl or none (most Unix) + AC_CHECK_LIB([portablexdr],[xdrmem_create],[],[ + AC_SEARCH_LIBS([xdrmem_create],[rpc xdr nsl],[], + [AC_MSG_ERROR([Cannot find a XDR library])]) + ]) + + dnl check for cygwin's variation in xdr function names + AC_CHECK_FUNCS([xdr_u_int64_t],[],[],[#include <rpc/xdr.h>]) +fi + + +dnl dnl check for VirtualBox XPCOMC location dnl -- 1.7.0.4

14 years, 8 months

2
2
0 / 0

[libvirt] [PATCH] nwfilter: serialize execution of scripts with ebtables cmds

by Stefan Berger

While testing the SIGHUP handling and reloading of the nwfilter driver, I found that when the filters are rebuilt and mutlipe threads handled the individual interfaces, concurrently running multiple external bash scripts causes strange failures even though the executed ebtables commands are working on different tables for different interfaces. I cannot say for sure where the concurrency problems are caused, but introducing this lock definitely helps. Signed-off-by: Stefan Berger <stefanb(a)us.ibm.com> --- src/nwfilter/nwfilter_ebiptables_driver.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) Index: libvirt-acl/src/nwfilter/nwfilter_ebiptables_driver.c =================================================================== --- libvirt-acl.orig/src/nwfilter/nwfilter_ebiptables_driver.c +++ libvirt-acl/src/nwfilter/nwfilter_ebiptables_driver.c @@ -104,6 +104,7 @@ static int ebiptablesDriverInit(void); static void ebiptablesDriverShutdown(void); static int ebtablesCleanAll(const char *ifname); +static virMutex execCLIMutex; struct ushort_map { unsigned short attr; @@ -2309,8 +2310,13 @@ ebiptablesExecCLI(virBufferPtr buf, return 1; argv[0] = filename; + + virMutexLock(&execCLIMutex); + rc = virRun(argv, status); + virMutexUnlock(&execCLIMutex); + *status >>= 8; VIR_DEBUG("rc = %d, status = %d",rc, *status); @@ -3163,8 +3169,9 @@ tear_down_tmpebchains: ebiptablesExecCLI(&buf, &cli_status); virNWFilterReportError(VIR_ERR_BUILD_FIREWALL, - "%s", - _("Some rules could not be created.")); + _("Some rules could not be created for " + "interface %s."), + ifname); return 1; } @@ -3364,6 +3371,9 @@ ebiptablesDriverInit(void) virBuffer buf = VIR_BUFFER_INITIALIZER; int cli_status; + if (virMutexInit(&execCLIMutex)) + return EINVAL; + bash_cmd_path = virFindFileInPath("bash"); gawk_cmd_path = virFindFileInPath("gawk"); grep_cmd_path = virFindFileInPath("grep");

14 years, 8 months

3
2
0 / 0

[libvirt] [PATCH v2] nwfilter: extend nwfilter reload support

by Stefan Berger

v2: Fixes to the nwfilter driver reload function that also needs a valid virConnectPtr. In this patch I am extending and fixing the nwfilter module's reload support to stop all ongoing threads (for learning IP addresses of interfaces) and rebuild the filtering rules of all interfaces of all VMs when libvirt is started. Now libvirtd rebuilds the filters upon the SIGHUP signal and libvirtd restart. About the patch: The nwfilter functions require a virConnectPtr. Therefore I am opening a connection in qemudStartup, which later on needs to be closed outside where the driver lock is held since otherwise it ends up in a deadlock due to virConnectClose() trying to lock the driver as well. Signed-off-by: Stefan Berger <stefanb(a)us.ibm.com> --- src/nwfilter/nwfilter_driver.c | 21 ++++++++++---- src/nwfilter/nwfilter_learnipaddr.c | 15 +++++++--- src/nwfilter/nwfilter_learnipaddr.h | 1 src/qemu/qemu_driver.c | 52 +++++++++++++++++++++++++++++++++--- 4 files changed, 75 insertions(+), 14 deletions(-) Index: libvirt-acl/src/nwfilter/nwfilter_driver.c =================================================================== --- libvirt-acl.orig/src/nwfilter/nwfilter_driver.c +++ libvirt-acl/src/nwfilter/nwfilter_driver.c @@ -143,15 +143,25 @@ conf_init_err: */ static int nwfilterDriverReload(void) { + virConnectPtr conn; if (!driverState) { return -1; } - nwfilterDriverLock(driverState); - virNWFilterPoolLoadAllConfigs(NULL, - &driverState->pools, - driverState->configDir); - nwfilterDriverUnlock(driverState); + conn = virConnectOpen("qemu:///system"); + + if (conn) { + /* shut down all threads -- qemud for example will restart them */ + virNWFilterLearnThreadsTerminate(); + + nwfilterDriverLock(driverState); + virNWFilterPoolLoadAllConfigs(conn, + &driverState->pools, + driverState->configDir); + nwfilterDriverUnlock(driverState); + + virConnectClose(conn); + } return 0; } Index: libvirt-acl/src/nwfilter/nwfilter_learnipaddr.c =================================================================== --- libvirt-acl.orig/src/nwfilter/nwfilter_learnipaddr.c +++ libvirt-acl/src/nwfilter/nwfilter_learnipaddr.c @@ -855,6 +855,16 @@ virNWFilterLearnInit(void) { } +void +virNWFilterLearnThreadsTerminate() { + threadsTerminate = true; + + while (virHashSize(pendingLearnReq) != 0) + usleep((PKT_TIMEOUT_MS * 1000) / 3); + + threadsTerminate = false; +} + /** * virNWFilterLearnShutdown * Shutdown of this layer @@ -862,10 +872,7 @@ virNWFilterLearnInit(void) { void virNWFilterLearnShutdown(void) { - threadsTerminate = true; - - while (virHashSize(pendingLearnReq) != 0) - usleep((PKT_TIMEOUT_MS * 1000) / 3); + virNWFilterLearnThreadsTerminate(); virHashFree(pendingLearnReq, freeLearnReqEntry); pendingLearnReq = NULL; Index: libvirt-acl/src/nwfilter/nwfilter_learnipaddr.h =================================================================== --- libvirt-acl.orig/src/nwfilter/nwfilter_learnipaddr.h +++ libvirt-acl/src/nwfilter/nwfilter_learnipaddr.h @@ -71,5 +71,6 @@ void virNWFilterUnlockIface(const char * int virNWFilterLearnInit(void); void virNWFilterLearnShutdown(void); +void virNWFilterLearnThreadsTerminate(void); #endif /* __NWFILTER_LEARNIPADDR_H */ Index: libvirt-acl/src/qemu/qemu_driver.c =================================================================== --- libvirt-acl.orig/src/qemu/qemu_driver.c +++ libvirt-acl/src/qemu/qemu_driver.c @@ -170,6 +170,9 @@ static int qemuDetectVcpuPIDs(struct qem static int qemuUpdateActivePciHostdevs(struct qemud_driver *driver, virDomainDefPtr def); +static int qemudVMFiltersInstantiate(virConnectPtr conn, + virDomainDefPtr def); + static struct qemud_driver *qemu_driver = NULL; @@ -1423,6 +1426,10 @@ error: return ret; } +struct virReconnectDomainData { + virConnectPtr conn; + struct qemud_driver *driver; +}; /* * Open an existing VM's monitor, re-detect VCPU threads * and re-reserve the security labels in use @@ -1431,9 +1438,11 @@ static void qemuReconnectDomain(void *payload, const char *name ATTRIBUTE_UNUSED, void *opaque) { virDomainObjPtr obj = payload; - struct qemud_driver *driver = opaque; + struct virReconnectDomainData *data = opaque; + struct qemud_driver *driver = data->driver; qemuDomainObjPrivatePtr priv; unsigned long long qemuCmdFlags; + virConnectPtr conn = data->conn; virDomainObjLock(obj); @@ -1467,6 +1476,9 @@ qemuReconnectDomain(void *payload, const obj) < 0) goto error; + if (qemudVMFiltersInstantiate(conn, obj->def)) + goto error; + if (obj->def->id >= driver->nextvmid) driver->nextvmid = obj->def->id + 1; @@ -1491,9 +1503,10 @@ error: * about. */ static void -qemuReconnectDomains(struct qemud_driver *driver) +qemuReconnectDomains(virConnectPtr conn, struct qemud_driver *driver) { - virHashForEach(driver->domains.objs, qemuReconnectDomain, driver); + struct virReconnectDomainData data = {conn, driver}; + virHashForEach(driver->domains.objs, qemuReconnectDomain, &data); } @@ -1691,6 +1704,7 @@ qemudStartup(int privileged) { char *base = NULL; char driverConf[PATH_MAX]; int rc; + virConnectPtr conn = NULL; if (VIR_ALLOC(qemu_driver) < 0) return -1; @@ -1912,7 +1926,11 @@ qemudStartup(int privileged) { 1, NULL, NULL) < 0) goto error; - qemuReconnectDomains(qemu_driver); + conn = virConnectOpen(qemu_driver->privileged ? + "qemu:///system" : + "qemu:///session"); + + qemuReconnectDomains(conn, qemu_driver); /* Then inactive persistent configs */ if (virDomainLoadAllConfigs(qemu_driver->caps, @@ -1930,6 +1948,8 @@ qemudStartup(int privileged) { qemudAutostartConfigs(qemu_driver); + if (conn) + virConnectClose(conn); return 0; @@ -1938,6 +1958,8 @@ out_of_memory: error: if (qemu_driver) qemuDriverUnlock(qemu_driver); + if (conn) + virConnectClose(conn); VIR_FREE(base); qemudShutdown(); return -1; @@ -12731,6 +12753,28 @@ qemudVMFilterRebuild(virConnectPtr conn return 0; } +static int +qemudVMFiltersInstantiate(virConnectPtr conn, + virDomainDefPtr def) +{ + int err = 0; + int i; + + if (!conn) + return 1; + + for (i = 0 ; i < def->nnets ; i++) { + virDomainNetDefPtr net = def->nets[i]; + if ((net->filter) && (net->ifname)) { + if (virDomainConfNWFilterInstantiate(conn, net)) { + err = 1; + break; + } + } + } + + return err; +} static virNWFilterCallbackDriver qemuCallbackDriver = { .name = "QEMU",

14 years, 8 months

3
2
0 / 0

[libvirt] Block-migrate

by Ruben Kerkhof

I've been playing with the new block-migrate feature, but am unable to get it to work. [root@src ~]# virsh migrate --live --p2p --tunnelled --copy-storage-all 4c5c75b9-decc-41c9-9296-20ca5bd5c355 qemu://dst/system error: Unknown failure /var/log/libvirt/qemu/4c5c75b9-decc-41c9-9296-20ca5bd5c355.log on the destination host shows: bind(unix:/var/run/libvirt/qemu/qemu.tunnelmigrate.dest.4c5c75b9-decc-41c9-9296-20ca5bd5c355): Permission denied Migration failed. Exit code unix:/var/run/libvirt/qemu/qemu.tunnelmigrate.dest.4c5c75b9-decc-41c9-9296-20ca5bd5c355(-22), exiting It seems that qemu is not able to write to that location. [root@dst qemu]# ls -ld /var/run/libvirt/qemu/ drwx------. 2 root root 4096 Aug 7 15:40 /var/run/libvirt/qemu/ As a workaround I gave qemu write permission, and now the block migrate starts. Receiving block device images Completed 100 % Then the migrate command fails: [root@src ~]# virsh migrate --live --p2p --tunnelled --copy-storage-all 4c5c75b9-decc-41c9-9296-20ca5bd5c355 qemu://phy004.tilaa.nl/system error: Unknown failure and the only thing I can find is in /var/log/libvirt/libvirt.log on the destination: 15:40:12.370: error : qemuStreamMigWrite:10376 : cannot write to stream: Broken pipe Maybe I'm using the wrong options for virsh migrate, but they're not described in the manpage. Any hints? Regards, Ruben Kerkhof

14 years, 8 months

4
10
0 / 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

Devel August 2010