October 2013 - Devel - libvirt List Archives

[libvirt] ANNOUNCE: Perl binding Sys-Virt releases 1.1.2 & 1.1.3
by Daniel P. Berrange 03 Oct '13

03 Oct '13

I am pleased to announce that releases 1.1.2 & 1.1.3 of Sys-Virt, the libvirt Perl API binding are now available for download: http://search.cpan.org/CPAN/authors/id/D/DA/DANBERR/Sys-Virt-1.1.2.tar.gz http://search.cpan.org/CPAN/authors/id/D/DA/DANBERR/Sys-Virt-1.1.3.tar.gz Changed in the 1.1.2 release: - Add all new constants in libvirt 1.1.2 Changed in the 1.1.3 release: - Add all new APIs in libvirt 1.1.3 Further information, including online API documentation & previous release archives, is available from the CPAN home page http://search.cpan.org/dist/Sys-Virt/ Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|

1 0

[libvirt] [PATCH 00/18] qemumonitorjsontest: Introduce some tests
by Michal Privoznik 03 Oct '13

03 Oct '13

and fix some bugs I've ran into while writing the tests. Michal Privoznik (18): qemuMonitorJSONGetVirtType: Fix error message qemumonitorjsontest: Test qemuMonitorJSONSystemPowerdown qemuMonitorJSONSendKey: Avoid double free qemuMonitorTestFree: Join worker thread unconditionally qemumonitorjsontest: Extend the test for yet another monitor commands qemumonitorjsontest: Test qemuMonitorJSONGetCPUInfo qemumonitorjsontest: Test qemuMonitorJSONGetVirtType qemumonitorjsontest: Test qemuMonitorJSONGetBalloonInfo qemumonitorjsontest: Test qemuMonitorJSONGetBlockInfo qemumonitorjsontest: Test qemuMonitorJSONGetBlockStatsInfo qemumonitorjsontest: Test qemuMonitorJSONGetMigrationCacheSize qemumonitorjsontest: Test qemuMonitorJSONGetMigrationStatus qemumonitorjsontest: Test qemuMonitorJSONGetSpiceMigrationStatus qemumonitorjsontest: Test qemuMonitorJSONGetPtyPaths qemumonitorjsontest: Test qemuMonitorJSONSendKey qemumonitorjsontest: Test qemuMonitorJSONSetBlockIoThrottle qemumonitorjsontest: Test qemuMonitorJSONGetTargetArch qemumonitorjsontest: Test qemuMonitorJSONGetMigrationCapability src/qemu/qemu_monitor_json.c | 5 +- tests/qemumonitorjsontest.c | 955 ++++++++++++++++++++++++++++++++++++++++++- tests/qemumonitortestutils.c | 3 +- 3 files changed, 959 insertions(+), 4 deletions(-) -- 1.8.1.5

3 40

[libvirt] ANNOUNCE: libvirt 1.0.5.6 maintenance release
by Cole Robinson 03 Oct '13

03 Oct '13

libvirt 1.0.5.6 maintenance release is now available. This is libvirt 1.0.5 with additional bugfixes that have accumulated upstream since the initial release. This release can be downloaded at: http://libvirt.org/sources/stable_updates/libvirt-1.0.5.6.tar.gz Changes in this version: * virsh: fix change-media bug on disk block type * Fix crash in remoteDispatchDomainMemoryStats (CVE-2013-4296) * Add support for using 3-arg pkcheck syntax for process (CVE-2013-4311) * Include process start time when doing polkit checks * qemuDomainChangeGraphics: Check listen address change by listen type * security: provide supplemental groups even when parsing label (CVE-2013-4291) * python: return dictionary without value in case of no blockjob * virbitmap: Refactor virBitmapParse to avoid access beyond bounds of array For info about past maintenance releases, see: http://wiki.libvirt.org/page/Maintenance_Releases Thanks, Cole

5 11

[libvirt] [PATCHv3] lxc veth interfaces: fix interface name collisions
by Oskari Saarenmaa 02 Oct '13

02 Oct '13

The previous veth interface naming scheme tried to find the lowest unused index for both the parent and container veth interfaces. That's susceptible to race conditions when multiple containers are started at the same time. Try to pick a random unused interface id for the parent if one wasn't given by the caller and use that as a template for the container interface name. This should prevent races to create two uniquely named interfaces for each container. The caller can still assign the parent interface name manually and that name is used for in container (before the interface is moved to the container namespace and renamed.) Signed-off-by: Oskari Saarenmaa <os(a)ohmu.fi> --- My previous two patches for this issue were rejected because of concerns with the naming scheme (in v1) or leaving fixing the race condition to the caller (v2) and I mostly forgot about this issue after implementing a workaround in my application, but yesterday someone else on #virt ran into the same issue and I took another look at my patches. The third iteration of this patch uses random identifiers and makes sure they're not already in use, but still does not retry interface creation on failure. I believe this is good enough as the likelihood of two containers starting up at the same time and coming up with the same random 32-bit identifier should be rather low. This does change the interface names from nice low integers to random larger integers, but I don't see that an issue. And the caller can select any other name they like if that's not acceptable. src/util/virnetdevveth.c | 95 ++++++++++++++---------------------------------- 1 file changed, 27 insertions(+), 68 deletions(-) diff --git a/src/util/virnetdevveth.c b/src/util/virnetdevveth.c index 039767f..9a5bc63 100644 --- a/src/util/virnetdevveth.c +++ b/src/util/virnetdevveth.c @@ -23,6 +23,7 @@ #include <config.h> +#include <net/if.h> #include <sys/wait.h> #include "virnetdevveth.h" @@ -33,119 +34,77 @@ #include "virfile.h" #include "virstring.h" #include "virutil.h" +#include "virrandom.h" #define VIR_FROM_THIS VIR_FROM_NONE /* Functions */ /** - * virNetDevVethGetFreeName: - * @veth: pointer to store returned name for veth device - * @startDev: device number to start at (x in vethx) - * - * Looks in /sys/class/net/ to find the first available veth device - * name. - * - * Returns non-negative device number on success or -1 in case of error - */ -static int virNetDevVethGetFreeName(char **veth, int startDev) -{ - int devNum = startDev-1; - char *path = NULL; - - VIR_DEBUG("Find free from veth%d", startDev); - do { - VIR_FREE(path); - ++devNum; - if (virAsprintf(&path, "/sys/class/net/veth%d/", devNum) < 0) - return -1; - VIR_DEBUG("Probe %s", path); - } while (virFileExists(path)); - VIR_FREE(path); - - if (virAsprintf(veth, "veth%d", devNum) < 0) - return -1; - - return devNum; -} - -/** * virNetDevVethCreate: * @veth1: pointer to name for parent end of veth pair - * @veth2: pointer to return name for container end of veth pair + * @veth2: pointer to name for container end of veth pair * * Creates a veth device pair using the ip command: * ip link add veth1 type veth peer name veth2 - * If veth1 points to NULL on entry, it will be a valid interface on - * return. veth2 should point to NULL on entry. * - * NOTE: If veth1 and veth2 names are not specified, ip will auto assign - * names. There seems to be two problems here - - * 1) There doesn't seem to be a way to determine the names of the - * devices that it creates. They show up in ip link show and - * under /sys/class/net/ however there is no guarantee that they - * are the devices that this process just created. - * 2) Once one of the veth devices is moved to another namespace, it - * is no longer visible in the parent namespace. This seems to - * confuse the name assignment causing it to fail with File exists. - * Because of these issues, this function currently allocates names - * prior to using the ip command, and returns any allocated names - * to the caller. + * If veth1 or veth2 points to NULL on entry, they will be + * a valid interface on return. * * Returns 0 on success or -1 in case of error */ int virNetDevVethCreate(char** veth1, char** veth2) { - int rc = -1; const char *argv[] = { "ip", "link", "add", NULL, "type", "veth", "peer", "name", NULL, NULL }; - int vethDev = 0; bool veth1_alloc = false; bool veth2_alloc = false; VIR_DEBUG("Host: %s guest: %s", NULLSTR(*veth1), NULLSTR(*veth2)); if (*veth1 == NULL) { - if ((vethDev = virNetDevVethGetFreeName(veth1, vethDev)) < 0) - goto cleanup; + size_t veth_path_max = sizeof("/sys/class/net//") + IF_NAMESIZE; + char *veth1_path; + + if (VIR_ALLOC_N(*veth1, IF_NAMESIZE) < 0 || + VIR_ALLOC_N(veth1_path, veth_path_max) < 0) { + VIR_FREE(*veth1); + return -1; + } + while (1) { + snprintf(*veth1, IF_NAMESIZE, "veth%u", (unsigned int) virRandomBits(32)); + snprintf(veth1_path, veth_path_max, "/sys/class/net/%s/", *veth1); + if (! virFileExists(veth1_path)) + break; + } + VIR_FREE(veth1_path); VIR_DEBUG("Assigned host: %s", *veth1); veth1_alloc = true; - vethDev++; } argv[3] = *veth1; - while (*veth2 == NULL) { - if ((vethDev = virNetDevVethGetFreeName(veth2, vethDev)) < 0) { + if (*veth2 == NULL) { + /* Append a 'c' to veth1 if name */ + if (virAsprintf(veth2, "%sc", *veth1) < 0) { if (veth1_alloc) VIR_FREE(*veth1); - goto cleanup; - } - - /* Just make sure they didn't accidentally get same name */ - if (STREQ(*veth1, *veth2)) { - vethDev++; - VIR_FREE(*veth2); - continue; + return -1; } - VIR_DEBUG("Assigned guest: %s", *veth2); veth2_alloc = true; } argv[8] = *veth2; - VIR_DEBUG("Create Host: %s guest: %s", *veth1, *veth2); + VIR_DEBUG("Create veth host: %s guest: %s", *veth1, *veth2); if (virRun(argv, NULL) < 0) { if (veth1_alloc) VIR_FREE(*veth1); if (veth2_alloc) VIR_FREE(*veth2); - goto cleanup; + return -1; } - rc = 0; - -cleanup: - return rc; + return 0; } /** -- 1.8.3.1

2 2

Re: [libvirt] [Qemu-devel] Attaching PCI devices to the PCIe root complex
by Michael S. Tsirkin 02 Oct '13

02 Oct '13

On Wed, Sep 25, 2013 at 11:48:28AM +0300, Marcel Apfelbaum wrote: > On Wed, 2013-09-25 at 10:01 +0300, Michael S. Tsirkin wrote: > > On Tue, Sep 24, 2013 at 06:01:02AM -0400, Laine Stump wrote: > > > When I added support for the Q35-based machinetypes to libvirt, I > > > specifically prohibited attaching any PCI devices (with the exception of > > > graphics controllers) to the PCIe root complex, > > > > That's wrong I think. Anything attached to RC is an integrated > > endpoint, and these can be PCI devices. > I couldn't find on PCIe spec any mention that "Root Complex Integrated EndPoint" > must be PCIe. But, from spec 1.3.2.3: > - A Root Complex Integrated Endpoint must not require I/O resources claimed through BAR(s). > - A Root Complex Integrated Endpoint must not generate I/O Requests. > - A Root Complex Integrated Endpoint is required to support MSI or MSI-X or both if an > interrupt resource is requested. Heh PCI-SIG keeps fighting against legacy interrupts and IO. But lots of hardware happily ignores these rules. And the reason is simple: software does not enforce them. Here's integrated stuff on my laptop: 00:02.0 VGA compatible controller: Intel Corporation 2nd Generation Core Processor Family Integrated Graphics Controller (rev 09) (prog-if 00 [VGA controller]) Subsystem: Lenovo Device 21cf Flags: bus master, fast devsel, latency 0, IRQ 43 Memory at f0000000 (64-bit, non-prefetchable) [size=4M] Memory at e0000000 (64-bit, prefetchable) [size=256M] I/O ports at 5000 [size=64] Expansion ROM at <unassigned> [disabled] Capabilities: [90] MSI: Enable+ Count=1/1 Maskable- 64bit- Capabilities: [d0] Power Management version 2 Capabilities: [a4] PCI Advanced Features Kernel driver in use: i915 So it has an IO BAR. 00:1a.0 USB controller: Intel Corporation 6 Series/C200 Series Chipset Family USB Enhanced Host Controller #2 (rev 04) (prog-if 20 [EHCI]) Subsystem: Lenovo Device 21cf Flags: bus master, medium devsel, latency 0, IRQ 16 Memory at f252a000 (32-bit, non-prefetchable) [size=1K] Capabilities: [50] Power Management version 2 Capabilities: [58] Debug port: BAR=1 offset=00a0 Capabilities: [98] PCI Advanced Features Kernel driver in use: ehci-pci So IRQ but no MSI. > I suppose that this restriction can be removed for PCI devices that > 1. Actually work when plugged in into RC Integrated EndPoint > 2. Respond to the above limitations These limitations are just guidance for future devices. They can't change the past, such devices were made. > > > > > and had planned to > > > prevent attaching them to PCIe root ports (ioh3420 device) and PCIe > > > downstream switch ports (xio-3130 device) as well. I did this because, > > > even though qemu currently allows attaching a normal PCI device in any > > > of these three places, the restriction exists for real hardware and I > > > didn't see any guarantee that qemu wouldn't add the restriction in the > > > future in order to more closely emulate real hardware. > > > > > > However, since I did that, I've learned that many of the qemu "pci" > > > devices really should be considered as "pci or pcie". Gerd Hoffman lists > > > some of these cases in a bug he filed against libvirt: > > > > > > https://bugzilla.redhat.com/show_bug.cgi?id=1003983 > > > > > > I would like to loosen up the restrictions in libvirt, but want to make > > > sure that I don't allow something that could later be forbidden by qemu > > > (thus creating a compatibility problem during upgrades). Beyond Gerd's > > > specific requests to allow ehci, uhci, and hda controllers to attach to > > > PCIe ports, are there any other devices that I specifically should or > > > shouldn't allow? (I would rather be conservative in what I allow - it's > > > easy to allow more things later, but nearly impossible to revoke > > > permission once it's been allowed). > For the moment I would not remove any restrictions, but only the ones > requested and verified by somebody. > > > > > IMO, we really need to grow an interface to query this kind of thing. > Basically libvirt needs to know: > 1. for (libvirt) controllers: what kind of devices can be plugged in > 2. for devices (controller is also a device) > - to which controllers can it be plugged in > - does it support hot-plug? > 3. implicit controllers of the machine types (q35 - "pcie-root", i440fx - "pci-root") > All the above must be exported to libvirt > > Implementation options: > 1. Add a compliance field on PCI/PCIe devices and controllers stating if it supports > PCI/PCIe or both (and maybe hot-plug) > - consider plug type + compliance to figure out whether a plug can go into a socket > > 2. Use Markus Armbruster idea of introducing a concept of "plug and sockets": > - dividing the devices into adapters and plugs > - adding sockets to bridges(buses?). > In this way it would be clear which devices can connect to bridges > > Any thoughts? > Thanks, > Marcel It's all not too hard to implement, we just need to know what kind of interface makes sense for management. So Cc libvir-list(a)redhat.com . > > > > >

2 2

[libvirt] [PATCHv2 0/2] Allow updating QoS via virDomainUpdateDeviceFlags
by Michal Privoznik 02 Oct '13

02 Oct '13

*** BLURB HERE *** Michal Privoznik (2): qemu_hotplug: Allow QoS update in qemuDomainChangeNet virNetDevBandwidthEqual: Make it more robust src/qemu/qemu_hotplug.c | 20 ++++++++++++++++++-- src/util/virnetdevbandwidth.c | 26 ++++++++++++++++++++------ 2 files changed, 38 insertions(+), 8 deletions(-) -- 1.8.1.5

2 5

[libvirt] libvirt-glib fails to compile with CLANG compiler
by Jason Helfman 02 Oct '13

02 Oct '13

When compiling libvirt-glib with CLANG, I get the following error. 16 warnings generated. CCLD libvirt-glib-1.0.la GEN LibvirtGLib-1.0.gir /usr/local/lib/libvirt.so: undefined reference to `__stack_chk_fail_local' clang: error: linker command failed with exit code 1 (use -v to see invocation) linking of temporary binary failed: Command '['/usr/local/bin/libtool', '--mode=link', '--tag=CC', '--silent', 'clang', '-o', '/usr/home/helfman/workspace/ports/devel/libvirt-glib/work/libvirt-glib-0.1.7/libvirt-glib/tmp-introspectOO6vqG/LibvirtGLib-1.0', '-export-dynamic', '-O2', '-pipe', '-fno-strict-aliasing', '-L/usr/local/lib', '-fstack-protector', '/usr/home/helfman/workspace/ports/devel/libvirt-glib/work/libvirt-glib-0.1.7/libvirt-glib/tmp-introspectOO6vqG/LibvirtGLib-1.0.o', '-L.', './libvirt-glib-1.0.la', '-lgio-2.0', '-lgobject-2.0', '-Wl,--export-dynamic', '-lgmodule-2.0', '-lgthread-2.0', '-pthread', '-L/usr/local/lib', '-lglib-2.0', '-lintl']' returned non-zero exit status 1 gmake[2]: *** [LibvirtGLib-1.0.gir] Error 1 gmake[2]: Leaving directory `/usr/home/helfman/workspace/ports/devel/libvirt-glib/work/libvirt-glib-0.1.7/libvirt-glib' gmake[1]: *** [all-recursive] Error 1 gmake[1]: Leaving directory `/usr/home/helfman/workspace/ports/devel/libvirt-glib/work/libvirt-glib-0.1.7' gmake: *** [all] Error 2 *** [do-build] Error code 1 -jgh -- Jason Helfman | FreeBSD Committer jgh(a)FreeBSD.org | http://people.freebsd.org/~jgh | The Power to Serve

3 7

[libvirt] ANNOUNCE: libvirt 0.9.12.2 maintenance release
by Guido Günther 01 Oct '13

01 Oct '13

libvirt 0.9.12.2 maintenance release is now available. This is libvirt 0.9.12 with additional bugfixes that have accumulated upstream since the initial release. This release can be downloaded at: http://libvirt.org/sources/stable_updates/libvirt-0.9.12.2.tar.gz md5sum: 8d5fdc4517a83ba9d99fd47fa70f7ed1 libvirt-0.9.12.2.tar.gz sha1: 8c49123c673231f1f0ed665156c88dd7c109be30 libvirt-0.9.12.2.tar.gz sha256: 32b48c7e56048f670ffe980abc9d60710e7811e361a162b0ac31ec57719ac577 libvirt-0.9.12.2.tar.gz Changes in this release: Prepare for 0.9.12.2 (Guido Günther) Distribute viratomic.h (Guido Günther) Fix crash in remoteDispatchDomainMemoryStats (CVE-2013-4296) (Daniel P. Berrange) Add support for using 3-arg pkcheck syntax for process (CVE-2013-4311) (Daniel P. Berrange) Include process start time when doing polkit checks (Daniel P. Berrange) Move virProcess{Kill, Abort, TranslateStatus} into virprocess.{c, h} (Daniel P. Berrange) Move virProcessKill into virprocess.{h, c} (Daniel P. Berrange) Rename virCommandTranslateStatus to virProcessTranslateStatus (Daniel P. Berrange) Rename virPid{Abort, Wait} to virProcess{Abort, Wait} (Daniel P. Berrange) Rename virKillProcess to virProcessKill (Daniel P. Berrange) Introduce APIs for splitting/joining strings (Daniel P. Berrange) For info about past maintenance releases, see: http://wiki.libvirt.org/page/Maintenance_Releases Cheers, -- Guido

1 0

[libvirt] [v0.9.12-maint] Distribute viratomic.h
by Guido Günther 01 Oct '13

01 Oct '13

Sicne cbcb1983afbd76f0503185e4183afa10af88af47 we need viratmic.h in the distributed tarball as well. This fixes "make distcheck". --- src/Makefile.am | 1 + 1 file changed, 1 insertion(+) diff --git a/src/Makefile.am b/src/Makefile.am index 6656fa0..88b6160 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -52,6 +52,7 @@ augeastest_DATA = # These files are not related to driver APIs. Simply generic # helper APIs for various purposes UTIL_SOURCES = \ + util/viratomic.h \ util/bitmap.c util/bitmap.h \ util/buf.c util/buf.h \ util/command.c util/command.h \ -- 1.8.4.rc3

3 4

[libvirt] [PATCH] qemu: cgroup: Fix crash if starting nographics guest
by Cole Robinson 01 Oct '13

01 Oct '13

We can dereference graphics[0] even if guest has no graphics device configured. I screwed this up in a216e6487255d3b65d97c7ec1fa5da63dbced902 --- src/qemu/qemu_cgroup.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c index f95c7f2..ace7e35 100644 --- a/src/qemu/qemu_cgroup.c +++ b/src/qemu/qemu_cgroup.c @@ -490,9 +490,10 @@ qemuSetupDevicesCgroup(virQEMUDriverPtr driver, if (vm->def->nsounds && ((!vm->def->ngraphics && cfg->nogfxAllowHostAudio) || - ((vm->def->graphics[0]->type == VIR_DOMAIN_GRAPHICS_TYPE_VNC && + (vm->def->graphics && + ((vm->def->graphics[0]->type == VIR_DOMAIN_GRAPHICS_TYPE_VNC && cfg->vncAllowHostAudio) || - (vm->def->graphics[0]->type == VIR_DOMAIN_GRAPHICS_TYPE_SDL)))) { + (vm->def->graphics[0]->type == VIR_DOMAIN_GRAPHICS_TYPE_SDL))))) { rv = virCgroupAllowDeviceMajor(priv->cgroup, 'c', DEVICE_SND_MAJOR, VIR_CGROUP_DEVICE_RW); virDomainAuditCgroupMajor(vm, priv->cgroup, "allow", DEVICE_SND_MAJOR, -- 1.8.3.1

2 2