August 2012 - Devel - libvirt List Archives

[libvirt] [PATCH v5 0/6] file descriptor passing using fd sets
by Corey Bryant 07 Aug '12

07 Aug '12

libvirt's sVirt security driver provides SELinux MAC isolation for Qemu guest processes and their corresponding image files. In other words, sVirt uses SELinux to prevent a QEMU process from opening files that do not belong to it. sVirt provides this support by labeling guests and resources with security labels that are stored in file system extended attributes. Some file systems, such as NFS, do not support the extended attribute security namespace, and therefore cannot support sVirt isolation. A solution to this problem is to provide fd passing support, where libvirt opens files and passes file descriptors to QEMU. This, along with SELinux policy to prevent QEMU from opening files, can provide image file isolation for NFS files stored on the same NFS mount. This patch series adds the add-fd, remove-fd, and query-fdsets QMP monitor commands, which allow file descriptors to be passed via SCM_RIGHTS, and assigned to specified fd sets. This allows fd sets to be created per file with fds having, for example, different access rights. When QEMU needs to reopen a file with different access rights, it can search for a matching fd in the fd set. Fd sets also allow for easy tracking of fds per file, helping to prevent fd leaks. Support is also added to the block layer to allow QEMU to dup an fd from an fdset when the filename is of the /dev/fdset/nnn format, where nnn is the fd set ID. No new SELinux policy is required to prevent open of NFS files (files with type nfs_t). The virt_use_nfs boolean type simply needs to be set to false, and open will be prevented (and dup will be allowed). For example: # setsebool virt_use_nfs 0 # getsebool virt_use_nfs virt_use_nfs --> off Corey Bryant (6): qemu-char: Add MSG_CMSG_CLOEXEC flag to recvmsg qapi: Introduce add-fd, remove-fd, query-fdsets monitor: Clean up fd sets on monitor disconnect block: Convert open calls to qemu_open block: Convert close calls to qemu_close block: Enable qemu_open/close to work with fd sets block/raw-posix.c | 42 ++++----- block/raw-win32.c | 6 +- block/vdi.c | 5 +- block/vmdk.c | 25 +++--- block/vpc.c | 4 +- block/vvfat.c | 16 ++-- cutils.c | 5 ++ monitor.c | 244 ++++++++++++++++++++++++++++++++++++++++++++++++++++- monitor.h | 4 + osdep.c | 141 +++++++++++++++++++++++++++++++ qapi-schema.json | 97 +++++++++++++++++++++ qemu-char.c | 10 ++- qemu-common.h | 2 + qemu-tool.c | 12 +++ qmp-commands.hx | 121 ++++++++++++++++++++++++++ savevm.c | 4 +- 16 files changed, 684 insertions(+), 54 deletions(-) -- 1.7.10.4

3 35

[libvirt] [PATCH] Add support for firewalld (new version)
by Thomas Woerner 07 Aug '12

07 Aug '12

* bridge_driver, nwfilter_driver: new dbus filters to get FirewallD1.Reloaded signal and DBus.NameOwnerChanged on org.fedoraproject.FirewallD1 * iptables, ebtables, nwfilter_ebiptables_driver: use firewall-cmd direct passthrough interface * spec file changed as requested --- configure.ac | 8 ++++++ libvirt.spec.in | 11 ++++++++ src/Makefile.am | 8 +++--- src/network/bridge_driver.c | 46 +++++++++++++++++++++++++++++++ src/nwfilter/nwfilter_driver.c | 46 +++++++++++++++++++++++++++++++ src/nwfilter/nwfilter_ebiptables_driver.c | 32 +++++++++++++++++++++ src/util/ebtables.c | 35 +++++++++++++++++++++++ src/util/iptables.c | 21 ++++++++++++-- 8 files changed, 201 insertions(+), 6 deletions(-) diff --git a/configure.ac b/configure.ac index 8a04d91..7142450 100644 --- a/configure.ac +++ b/configure.ac @@ -1282,6 +1282,14 @@ AM_CONDITIONAL([HAVE_POLKIT1], [test "x$with_polkit1" = "xyes"]) AC_SUBST([POLKIT_CFLAGS]) AC_SUBST([POLKIT_LIBS]) +dnl firewalld +AC_ARG_WITH([firewalld], + AC_HELP_STRING([--with-firewalld], [enable firewalld support])) +if test "x$with_firewalld" = "xyes" ; then + AC_DEFINE_UNQUOTED([HAVE_FIREWALLD], [1], [whether firewalld support is enabled]) +fi +AM_CONDITIONAL([HAVE_FIREWALLD], [test "x$with_firewalld" = "xyes"]) + dnl Avahi library AC_ARG_WITH([avahi], AC_HELP_STRING([--with-avahi], [use avahi to advertise remote daemon @<:@default=check@:>@]), diff --git a/libvirt.spec.in b/libvirt.spec.in index 67b955a..ea2fd88 100644 --- a/libvirt.spec.in +++ b/libvirt.spec.in @@ -106,6 +106,7 @@ %define with_sanlock 0%{!?_without_sanlock:0} %define with_systemd 0%{!?_without_systemd:0} %define with_numad 0%{!?_without_numad:0} +%define with_firewalld 0%{!?_without_firewalld:0} # Non-server/HV driver defaults which are always enabled %define with_python 0%{!?_without_python:1} @@ -146,6 +147,11 @@ %define with_systemd 1 %endif +# Fedora 18 / RHEL-7 are first where firewalld support is enabled +%if 0%{?fedora} >= 17 || 0%{?rhel} >= 7 +%define with_firewalld 1 +%endif + # RHEL-5 has restricted QEMU to x86_64 only and is too old for LXC %if 0%{?rhel} == 5 %define with_qemu_tcg 0 @@ -1182,6 +1188,10 @@ of recent versions of Linux (and other OSes). %define _without_driver_modules --without-driver-modules %endif +%if %{with_firewalld} +%define _with_firewalld --with-firewalld +%endif + %define when %(date +"%%F-%%T") %define where %(hostname) %define who %{?packager}%{!?packager:Unknown} @@ -1240,6 +1250,7 @@ autoreconf -if %{?_without_audit} \ %{?_without_dtrace} \ %{?_without_driver_modules} \ + %{?_with_firewalld} \ %{with_packager} \ %{with_packager_version} \ --with-qemu-user=%{qemu_user} \ diff --git a/src/Makefile.am b/src/Makefile.am index 6ed4a41..f3f4731 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -989,7 +989,7 @@ libvirt_driver_network_la_SOURCES = libvirt_driver_network_la_LIBADD = libvirt_driver_network_impl.la if WITH_DRIVER_MODULES mod_LTLIBRARIES += libvirt_driver_network.la -libvirt_driver_network_la_LIBADD += ../gnulib/lib/libgnu.la $(LIBNL_LIBS) +libvirt_driver_network_la_LIBADD += ../gnulib/lib/libgnu.la $(LIBNL_LIBS) $(DBUS_LIBS) libvirt_driver_network_la_LDFLAGS = -module -avoid-version $(AM_LDFLAGS) else noinst_LTLIBRARIES += libvirt_driver_network.la @@ -999,7 +999,7 @@ endif libvirt_driver_network_impl_la_CFLAGS = \ $(LIBNL_CFLAGS) \ - -I$(top_srcdir)/src/conf $(AM_CFLAGS) + -I$(top_srcdir)/src/conf $(AM_CFLAGS) $(DBUS_CFLAGS) libvirt_driver_network_impl_la_SOURCES = $(NETWORK_DRIVER_SOURCES) endif EXTRA_DIST += network/default.xml @@ -1149,9 +1149,9 @@ noinst_LTLIBRARIES += libvirt_driver_nwfilter.la #libvirt_la_BUILT_LIBADD += libvirt_driver_nwfilter.la endif libvirt_driver_nwfilter_la_CFLAGS = $(LIBPCAP_CFLAGS) \ - -I$(top_srcdir)/src/conf $(LIBNL_CFLAGS) $(AM_CFLAGS) + -I$(top_srcdir)/src/conf $(LIBNL_CFLAGS) $(AM_CFLAGS) $(DBUS_CFLAGS) libvirt_driver_nwfilter_la_LDFLAGS = $(LD_AMFLAGS) -libvirt_driver_nwfilter_la_LIBADD = $(LIBPCAP_LIBS) $(LIBNL_LIBS) +libvirt_driver_nwfilter_la_LIBADD = $(LIBPCAP_LIBS) $(LIBNL_LIBS) $(DBUS_LIBS) if WITH_DRIVER_MODULES libvirt_driver_nwfilter_la_LIBADD += ../gnulib/lib/libgnu.la libvirt_driver_nwfilter_la_LDFLAGS += -module -avoid-version diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c index a5046f1..86b178e 100644 --- a/src/network/bridge_driver.c +++ b/src/network/bridge_driver.c @@ -61,6 +61,7 @@ #include "virnetdev.h" #include "virnetdevbridge.h" #include "virnetdevtap.h" +#include "virdbus.h" #define NETWORK_PID_DIR LOCALSTATEDIR "/run/libvirt/network" #define NETWORK_STATE_DIR LOCALSTATEDIR "/lib/libvirt/network" @@ -248,6 +249,24 @@ networkAutostartConfigs(struct network_driver *driver) { } } +#if HAVE_FIREWALLD +static DBusHandlerResult +firewalld_dbus_filter_bridge(DBusConnection *connection ATTRIBUTE_UNUSED, DBusMessage *message, void *user_data) { + struct network_driver *_driverState = user_data; + + if (dbus_message_is_signal(message, DBUS_INTERFACE_DBUS, + "NameOwnerChanged") || + dbus_message_is_signal(message, "org.fedoraproject.FirewallD1", + "Reloaded")) + { + VIR_DEBUG("Reload in bridge_driver because of firewalld."); + networkReloadIptablesRules(_driverState); + } + + return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; +} +#endif + /** * networkStartup: * @@ -256,6 +275,9 @@ networkAutostartConfigs(struct network_driver *driver) { static int networkStartup(int privileged) { char *base = NULL; +#ifdef HAVE_FIREWALLD + DBusConnection *sysbus = NULL; +#endif if (VIR_ALLOC(driverState) < 0) goto error; @@ -322,6 +344,30 @@ networkStartup(int privileged) { networkDriverUnlock(driverState); +#ifdef HAVE_FIREWALLD + if (!(sysbus = virDBusGetSystemBus())) { + virErrorPtr err = virGetLastError(); + VIR_WARN("DBus not available, disabling firewalld support in bridge_driver: %s", err->message); + } else { + /* add matches for + * NameOwnerChanged on org.freedesktop.DBus for firewalld start/stop + * Reloaded on org.fedoraproject.FirewallD1 for firewalld reload + */ + dbus_bus_add_match(sysbus, + "type='signal'" + ",interface='"DBUS_INTERFACE_DBUS"'" + ",member='NameOwnerChanged'" + ",arg0='org.fedoraproject.FirewallD1'", + NULL); + dbus_bus_add_match(sysbus, + "type='signal'" + ",interface='org.fedoraproject.FirewallD1'" + ",member='Reloaded'", + NULL); + dbus_connection_add_filter(sysbus, firewalld_dbus_filter_bridge, driverState, NULL); + } +#endif + return 0; out_of_memory: diff --git a/src/nwfilter/nwfilter_driver.c b/src/nwfilter/nwfilter_driver.c index 4fa73f8..09db599 100644 --- a/src/nwfilter/nwfilter_driver.c +++ b/src/nwfilter/nwfilter_driver.c @@ -27,6 +27,9 @@ #include <config.h> +#include "virdbus.h" +#include "logging.h" + #include "internal.h" #include "virterror_internal.h" @@ -49,6 +52,8 @@ static virNWFilterDriverStatePtr driverState; static int nwfilterDriverShutdown(void); +static int nwfilterDriverReload(void); + static void nwfilterDriverLock(virNWFilterDriverStatePtr driver) { virMutexLock(&driver->lock); @@ -58,6 +63,21 @@ static void nwfilterDriverUnlock(virNWFilterDriverStatePtr driver) virMutexUnlock(&driver->lock); } +#if HAVE_FIREWALLD +static DBusHandlerResult +firewalld_dbus_filter_nwfilter(DBusConnection *connection ATTRIBUTE_UNUSED, DBusMessage *message, void *user_data ATTRIBUTE_UNUSED) { + if (dbus_message_is_signal(message, DBUS_INTERFACE_DBUS, + "NameOwnerChanged") || + dbus_message_is_signal(message, "org.fedoraproject.FirewallD1", + "Reloaded")) + { + VIR_DEBUG("Reload in nwfilter_driver because of firewalld."); + nwfilterDriverReload(); + } + + return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; +} +#endif /** * virNWFilterStartup: @@ -68,6 +88,32 @@ static int nwfilterDriverStartup(int privileged) { char *base = NULL; +#ifdef HAVE_FIREWALLD + DBusConnection *sysbus = NULL; + + if (!(sysbus = virDBusGetSystemBus())) { + virErrorPtr err = virGetLastError(); + VIR_WARN("DBus not available, disabling firewalld support in nwfilter_driver: %s", err->message); + } else { + /* add matches for + * NameOwnerChanged on org.freedesktop.DBus for firewalld start/stop + * Reloaded on org.fedoraproject.FirewallD1 for firewalld reload + */ + dbus_bus_add_match(sysbus, + "type='signal'" + ",interface='"DBUS_INTERFACE_DBUS"'" + ",member='NameOwnerChanged'" + ",arg0='org.fedoraproject.FirewallD1'", + NULL); + dbus_bus_add_match(sysbus, + "type='signal'" + ",interface='org.fedoraproject.FirewallD1'" + ",member='Reloaded'", + NULL); + dbus_connection_add_filter(sysbus, firewalld_dbus_filter_nwfilter, NULL, NULL); + } +#endif + if (!privileged) return 0; diff --git a/src/nwfilter/nwfilter_ebiptables_driver.c b/src/nwfilter/nwfilter_ebiptables_driver.c index 6d6bc3b..6f3133f 100644 --- a/src/nwfilter/nwfilter_ebiptables_driver.c +++ b/src/nwfilter/nwfilter_ebiptables_driver.c @@ -4127,6 +4127,7 @@ ebiptablesDriverInit(bool privileged) { virBuffer buf = VIR_BUFFER_INITIALIZER; char *errmsg = NULL; + char *firewall_cmd_path = NULL; if (!privileged) return 0; @@ -4137,6 +4138,35 @@ ebiptablesDriverInit(bool privileged) gawk_cmd_path = virFindFileInPath("gawk"); grep_cmd_path = virFindFileInPath("grep"); + firewall_cmd_path = virFindFileInPath("firewall-cmd"); + if (firewall_cmd_path) { + virBufferAsprintf(&buf, "IPT=%s\n", firewall_cmd_path); + /* basic probing */ + virBufferAsprintf(&buf, + CMD_DEF("$IPT --state") CMD_SEPARATOR + CMD_EXEC + "%s", + CMD_STOPONERR(1)); + + if (ebiptablesExecCLI(&buf, NULL, NULL) >= 0) { + VIR_DEBUG("Using firewall-cmd in nwfilter_ebiptables_driver."); + ebtables_cmd_path = NULL; + iptables_cmd_path = NULL; + ip6tables_cmd_path = NULL; + ignore_value(virAsprintf(&ebtables_cmd_path, "%s --direct --passthrough eb", firewall_cmd_path)); + ignore_value(virAsprintf(&iptables_cmd_path, "%s --direct --passthrough ipv4", firewall_cmd_path)); + ignore_value(virAsprintf(&ip6tables_cmd_path, "%s --direct --passthrough ipv6", firewall_cmd_path)); + if (!ebtables_cmd_path || !iptables_cmd_path || !ip6tables_cmd_path) { + virReportOOMError(); + return -1; + } + + } + VIR_FREE(firewall_cmd_path); + } + if (ebtables_cmd_path == NULL || iptables_cmd_path == NULL || + ip6tables_cmd_path == NULL) { + ebtables_cmd_path = virFindFileInPath("ebtables"); if (ebtables_cmd_path) { NWFILTER_SET_EBTABLES_SHELLVAR(&buf); @@ -4194,6 +4224,8 @@ ebiptablesDriverInit(bool privileged) VIR_WARN("Could not find 'ip6tables' executable"); } + } + /* ip(6)tables support needs gawk & grep, ebtables doesn't */ if ((iptables_cmd_path != NULL || ip6tables_cmd_path != NULL) && (!grep_cmd_path || !gawk_cmd_path)) { diff --git a/src/util/ebtables.c b/src/util/ebtables.c index ca056b1..6f4d151 100644 --- a/src/util/ebtables.c +++ b/src/util/ebtables.c @@ -176,11 +176,34 @@ ebtablesAddRemoveRule(ebtRules *rules, int action, const char *arg, ...) const char *s; int n, command_idx; +#if HAVE_FIREWALLD + int ret; + char *firewall_cmd_path = NULL; + virCommandPtr cmd = NULL; + + firewall_cmd_path = virFindFileInPath("firewall-cmd"); + if (firewall_cmd_path) { + cmd = virCommandNew(firewall_cmd_path); + virCommandAddArgList(cmd, "--state", NULL); + ret = virCommandRun(cmd, NULL); + if (ret != 0) { + VIR_FREE(firewall_cmd_path); + firewall_cmd_path = NULL; + } + virCommandFree(cmd); + } +#endif + n = 1 + /* /sbin/ebtables */ 2 + /* --table foo */ 2 + /* --insert bar */ 1; /* arg */ +#if HAVE_FIREWALLD + if (firewall_cmd_path) + n += 3; /* --direct --passthrough eb */ +#endif + va_start(args, arg); while (va_arg(args, const char *)) n++; @@ -192,6 +215,18 @@ ebtablesAddRemoveRule(ebtRules *rules, int action, const char *arg, ...) n = 0; +#if HAVE_FIREWALLD + if (firewall_cmd_path) { + if (!(argv[n++] = strdup(firewall_cmd_path))) + goto error; + if (!(argv[n++] = strdup("--direct"))) + goto error; + if (!(argv[n++] = strdup("--passthrough"))) + goto error; + if (!(argv[n++] = strdup("eb"))) + goto error; + } else +#endif if (!(argv[n++] = strdup(EBTABLES_PATH))) goto error; diff --git a/src/util/iptables.c b/src/util/iptables.c index b23aca9..7bad39d 100644 --- a/src/util/iptables.c +++ b/src/util/iptables.c @@ -101,9 +101,26 @@ iptablesAddRemoveRule(iptRules *rules, int family, int action, { va_list args; int ret; - virCommandPtr cmd; + virCommandPtr cmd = NULL; const char *s; - + char *firewall_cmd_path = NULL; + +#if HAVE_FIREWALLD + firewall_cmd_path = virFindFileInPath("firewall-cmd"); + if (firewall_cmd_path) { + cmd = virCommandNew(firewall_cmd_path); + virCommandAddArgList(cmd, "--state", NULL); + ret = virCommandRun(cmd, NULL); + if (ret == 0) { + cmd = virCommandNew(firewall_cmd_path); + virCommandAddArgList(cmd, "--direct", "--passthrough", + (family == AF_INET6) ? "ipv6" : "ipv4", NULL); + } else + cmd = NULL; + VIR_FREE(firewall_cmd_path); + } + if (!cmd) +#endif cmd = virCommandNew((family == AF_INET6) ? IP6TABLES_PATH : IPTABLES_PATH); -- 1.7.11.2

1 0

[libvirt] [PATCH] Set LIBVIRT_AUTOSTART=0 when running test suites
by Daniel P. Berrange 07 Aug '12

07 Aug '12

From: "Daniel P. Berrange" <berrange(a)redhat.com> Occassionally some test cases will (accidentally) try to spawn libvirtd. Set the LIBVIRT_AUTOSTART=0 environment variable to ensure the remote driver never tries autostart. --- tests/Makefile.am | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/Makefile.am b/tests/Makefile.am index 2fdaace..60d322d 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -244,6 +244,7 @@ TESTS_ENVIRONMENT = \ PATH="$(path_add)$(PATH_SEPARATOR)$$PATH" \ SHELL="$(SHELL)" \ LIBVIRT_DRIVER_DIR="$(abs_top_builddir)/src/.libs" \ + LIBVIRT_AUTOSTART=0 \ LC_ALL=C \ $(VG) -- 1.7.10.4

2 1

[libvirt] [PATCH] Don't check the 'connect' command in virsh-all test
by Daniel P. Berrange 07 Aug '12

07 Aug '12

From: "Daniel P. Berrange" <berrange(a)redhat.com> The 'virsh-all' test case will invoke each virsh command with no args. With the 'connect' command this causes virsh to try to connect to the default URI, which in turn tries to spawn libvirtd. This is not something we want todo in the test suite, so skip the 'connect' command. --- tests/virsh-all | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/virsh-all b/tests/virsh-all index 2650b86..d4e2633 100755 --- a/tests/virsh-all +++ b/tests/virsh-all @@ -25,7 +25,7 @@ fail=0 test_url=test:///default -$abs_top_builddir/tools/virsh -c $test_url help > cmds || framework_failure +$abs_top_builddir/tools/virsh -c $test_url help | grep -v connect > cmds || framework_failure cmds=$(sed -n 's/^ $[^ ][^ ]*$ .*/\1/p' cmds) || framework_failure test -n "$cmds" || framework_failure -- 1.7.10.4

2 1

[libvirt] on special migration(domain defined, not started yet)
by liguang 07 Aug '12

07 Aug '12

Hi, All If a VM domain defined, but not started yet, and I want to migrate it to another server, so that It can be started at there, what's should i do? or is it rational? seems libvirt migration process haven't consider this condition, e.g. virsh migrate --p2p --tunnelled dom1 qemu+ssh://1.1.1.1/system will fail @ qemuMigrationPerformJob where it call virDomainObjIsActive to see if domain is active, but now domain is inactive, so fail. Thanks!

2 4

[libvirt] [test-API][PATCH] Delete the unused util param
by Wayne Sun 07 Aug '12

07 Aug '12

The util is undefined and cause case run fail, it's with no use and should be deleted. Signed-off-by: Wayne Sun <gsun(a)redhat.com> --- repos/interface/create.py | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/repos/interface/create.py b/repos/interface/create.py index 50d92d2..f5ef308 100644 --- a/repos/interface/create.py +++ b/repos/interface/create.py @@ -25,7 +25,7 @@ def display_current_interface(conn): logger.debug("current defined host interface list: %s " \ % conn.listDefinedInterfaces()) -def check_create_interface(ifacename, util): +def check_create_interface(ifacename): """Check creating interface result, it will can ping itself if create interface is successful. """ @@ -67,7 +67,7 @@ def create(params): ifaceobj.create(0) logger.info("create host interface %s" % ifacename) display_current_interface(conn) - if check_create_interface(ifacename, util): + if check_create_interface(ifacename): logger.info("create host interface %s is successful" % ifacename) else: logger.error("fail to check create interface") -- 1.7.1

2 1

[libvirt] [PATCH 0/2] Add lsi and virtio-scsi qemu caps
by Guannan Ren 07 Aug '12

07 Aug '12

On qemu-kvm-0.15.1, it supports only lsi scsi controller model. On qemu-kvm-0.12.1.2, it supports only virtio-scsi-pci scsi model On qemu 1.1.50, it supports both. So, instead of using the lsilogic model by default, the patch tries to check which model the current QEMU supports, then choose it, lsi has the priority. If a scsi model is given in XML explicitly, we try to check if the underlying QEMU supports it or not, raise an error on checking failure. Guannan Ren(2) (1/2)qemu: add two qemu caps for lsi and virtio-scsi SCSI controllers (2/2)test: add lsi and virtio-scsi qemu caps in testcases. src/qemu/qemu_capabilities.c | 7 --- src/qemu/qemu_capabilities.h | 2 - src/qemu/qemu_command.c | 88 +++++++++++------------------------------ src/qemu/qemu_command.h | 3 +- tests/qemuhelptest.c | 10 +--- tests/qemuxml2argvtest.c | 16 +++----- 6 files changed, 34 insertions(+), 92 deletions(-)

2 4

[libvirt] [PATCH v3 00/10] Introduce a virObject module for reference counting
by Daniel P. Berrange 07 Aug '12

07 Aug '12

A followup to: https://www.redhat.com/archives/libvir-list/2012-July/msg01733.html New in v3: - Introduce virObjectFreeCallback - Remove bogus ATTRIBUTE_NONNULL annotations - Add virObjectUnref/FreeCallback to useless-if-before-free checks - Other misc issues pointed out - Merged patches already ACKd

2 26

[libvirt] [PATCH] Add APIs for obtaining the unique ID of LVM & SCSI volumes
by Daniel P. Berrange 07 Aug '12

07 Aug '12

From: "Daniel P. Berrange" <berrange(a)redhat.com> Both LVM volumes and SCSI LUNs have a globally unique identifier associated with them. It is useful to be able to query this identifier to then perform disk locking, rather than try to figure out a stable pathname. --- src/util/storage_file.c | 93 +++++++++++++++++++++++++++++++++++++++++++++++++ src/util/storage_file.h | 3 ++ 2 files changed, 96 insertions(+) diff --git a/src/util/storage_file.c b/src/util/storage_file.c index f38aa8e..56fd322 100644 --- a/src/util/storage_file.c +++ b/src/util/storage_file.c @@ -24,6 +24,7 @@ #include <config.h> #include "storage_file.h" +#include <command.h> #include <sys/stat.h> #include <unistd.h> #include <fcntl.h> @@ -38,6 +39,7 @@ #include "virterror_internal.h" #include "logging.h" #include "virfile.h" +#include "c-ctype.h" #define VIR_FROM_THIS VIR_FROM_STORAGE @@ -1073,3 +1075,94 @@ int virStorageFileIsClusterFS(const char *path) VIR_STORAGE_FILE_SHFS_GFS2 | VIR_STORAGE_FILE_SHFS_OCFS); } + +#ifdef LVS +const char *virStorageFileGetLVMKey(const char *path) +{ + /* + * # lvs --noheadings --unbuffered --nosuffix --options "uuid" LVNAME + * 06UgP5-2rhb-w3Bo-3mdR-WeoL-pytO-SAa2ky + */ + char *key = NULL; + virCommandPtr cmd = virCommandNewArgList( + LVS, + "--noheadings", "--unbuffered", "--nosuffix", + "--options", "uuid", path, + NULL + ); + + /* Run the program and capture its output */ + virCommandSetOutputBuffer(cmd, &key); + if (virCommandRun(cmd, NULL) < 0) + goto cleanup; + + if (key) { + char *nl; + char *tmp = key; + + /* Find first non-space character */ + while (*tmp && c_isspace(*tmp)) { + tmp++; + } + /* Kill leading spaces */ + if (tmp != key) + memmove(key, tmp, strlen(tmp)+1); + + /* Kill trailing newline */ + if ((nl = strchr(key, '\n'))) + *nl = '\0'; + } + + if (key && STREQ(key, "")) + VIR_FREE(key); + +cleanup: + virCommandFree(cmd); + + return key; +} +#else +const char *virStorageFileGetLVMKey(const char *path) +{ + virReportSystemError(ENOSYS, _("Unable to get LVM key for %s"), path); + return NULL; +} +#endif + +#ifdef HAVE_UDEV +const char *virStorageFileGetSCSIKey(const char *path) +{ + char *key = NULL; + virCommandPtr cmd = virCommandNewArgList( + "/lib/udev/scsi_id", + "--replace-whitespace", + "--whitelisted", + "--device", path, + NULL + ); + + /* Run the program and capture its output */ + virCommandSetOutputBuffer(cmd, &key); + if (virCommandRun(cmd, NULL) < 0) + goto cleanup; + + if (key && STRNEQ(key, "")) { + char *nl = strchr(key, '\n'); + if (nl) + *nl = '\0'; + } else { + VIR_FREE(key); + } + +cleanup: + virCommandFree(cmd); + + return key; +} +#else +const char *virStorageFileGetSCSIKey(const char *path) +{ + virReportSystemError(ENOSYS, _("Unable to get SCSI key for %s"), path); + return NULL; +} +#endif diff --git a/src/util/storage_file.h b/src/util/storage_file.h index 1fbe08e..99a5e36 100644 --- a/src/util/storage_file.h +++ b/src/util/storage_file.h @@ -86,4 +86,7 @@ int virStorageFileIsClusterFS(const char *path); int virStorageFileIsSharedFSType(const char *path, int fstypes); +const char *virStorageFileGetLVMKey(const char *path); +const char *virStorageFileGetSCSIKey(const char *path); + #endif /* __VIR_STORAGE_FILE_H__ */ -- 1.7.11.2

3 5

[libvirt] Memory Ballooning for VM Issue
by xuanmao_001 07 Aug '12

07 Aug '12

Hi, I have some problems with qemu ballooning. I saw the qemu docs. I found the qemu monitor command "balloon" that can request VM to change its memory allocation to value(in MB). it requested qemu command line with "-balloon virtio", then I start qemu into monitor mode with memory 512MB. first show balloon information. (qemu) info balloon (qemu)balloon: actual=512 the command above if like this, I think the balloon device worked fine. (qemu) balloon 400 there was no error when I executed this command. but when I executed "info balloon", the result was still 512. Is there something wrong? please give me some ideas. thanks. qemu-kvm version: 1.0.1 linux kernel version: 3.1.6 xuanmao_001

1 0