February 2013 - Devel - libvirt List Archives

[libvirt] [PATCH] docs: fix 1.0.2 release date
by Eric Blake 12 Feb '13

12 Feb '13

* docs/news.html.in: Use correct release year. --- Pushing under the trivial rule. docs/news.html.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/news.html.in b/docs/news.html.in index 48a039a..5f51dac 100644 --- a/docs/news.html.in +++ b/docs/news.html.in @@ -8,7 +8,7 @@ <p>Here is the list of official releases, it is also possible to just use the <a href="downloads.html">GIT version or snapshot</a>, contact the mailing list and check the <a href="http://libvirt.org/git/?p=libvirt.git;a=log">GIT log</a> to gauge progress.</p> - <h3>1.0.2: Jan 30 2012</h3> + <h3>1.0.2: Jan 30 2013</h3> <ul> <li> Features:<br/> LXC improvements (Daniel P. Berrange),<br/> -- 1.8.1.2

1 0

[libvirt] [PATCH] build: fix make check of remote_protocol-structs
by Laine Stump 12 Feb '13

12 Feb '13

Broken by incorrect formatting / spelling of remote_nonnull in commit 39758e7567b766f1df3948ea671d6ccb93daf7a9 --- Pushed under build breaker rule src/remote_protocol-structs | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/remote_protocol-structs b/src/remote_protocol-structs index b8ca88b..7f5ff7a 100644 --- a/src/remote_protocol-structs +++ b/src/remote_protocol-structs @@ -1401,9 +1401,9 @@ struct remote_node_device_lookup_by_name_ret { remote_nonnull_node_device dev; }; struct remote_node_device_lookup_scsi_host_by_wwn_args { - remote_nonull_string wwnn; - remote_nonull_string wwpn; - unsigned int flags; + remote_nonnull_string wwnn; + remote_nonnull_string wwpn; + u_int flags; }; struct remote_node_device_lookup_scsi_host_by_wwn_ret { remote_nonnull_node_device dev; -- 1.8.1

1 0

[libvirt] [PATCH] Avoid cast to unit64_t on 32bit platform
by Guido Günther 12 Feb '13

12 Feb '13

Fixes compilation on 32bit platforms: xen/xen_hypervisor.c: In function 'virXen_setvcpumap': xen/xen_hypervisor.c:1785:35: error: cast from pointer to integer of different size [-Werror=pointer-to-int-cast] xen/xen_hypervisor.c:1785:22: error: cast to pointer from integer of different size [-Werror=int-to-pointer-cast] cc1: all warnings being treated as errors --- src/xen/xen_hypervisor.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/xen/xen_hypervisor.c b/src/xen/xen_hypervisor.c index 9b7dd2e..e3de0b2 100644 --- a/src/xen/xen_hypervisor.c +++ b/src/xen/xen_hypervisor.c @@ -1782,7 +1782,7 @@ virXen_setvcpumap(int handle, memset(&xen_cpumap, 0, sizeof(cpumap_t)); for (j = 0; j < maplen; j++) { if ((j & 7) == 0) - pm = (uint64_t *)((uint64_t)&xen_cpumap + (j & ~0x7UL)); + pm = (uint64_t *)((intptr_t)&xen_cpumap + (j & ~0x7UL)); *pm |= (uint64_t)cpumap[j] << (8 * (j & 7)); } -- 1.7.10.4

2 1

[libvirt] [PATCH 0/4] Fix problems of shared disk management
by Osier Yang 12 Feb '13

12 Feb '13

This fixes several problems of shared disk management, mainly about shared cdrom or floppy disk. Osier Yang (4): qemu: Add checking in helpers for sgio setting qemu: Merge qemuCheckSharedDisk into qemuAddSharedDisk qemu: Don't remove hash entry of other domains qemu: Move shared disk entry adding and unpriv_sgio seting src/qemu/qemu_conf.c | 73 ++++++++++++++++++++++++++++++-- src/qemu/qemu_conf.h | 5 +- src/qemu/qemu_driver.c | 55 +++++++++++------------- src/qemu/qemu_hotplug.c | 6 ++- src/qemu/qemu_hotplug.h | 3 +- src/qemu/qemu_migration.c | 14 +++--- src/qemu/qemu_process.c | 101 ++++++++++++++++----------------------------- src/qemu/qemu_process.h | 6 +-- 8 files changed, 149 insertions(+), 114 deletions(-) -- 1.7.7.6

3 21

[libvirt] [PATCH] Fix potential deadlock across fork() in QEMU driver
by Daniel P. Berrange 12 Feb '13

12 Feb '13

From: "Daniel P. Berrange" <berrange(a)redhat.com> The hook scripts used by virCommand must be careful wrt accessing any mutexes that may have been held by other threads in the parent process. With the recent refactorigng there are 2 potential flaws lurking, which will become real deadlock bugs once the global QEMU driver lock is removed. Remove use of the QEMU driver lock from the hook function by passing in the 'virQEMUDriverConfigPtr' instance directly. Add functions to the virSecurityManager to be invoked before and after fork, to ensure the mutex is held by the current thread. This allows it to be safely used in the hook script in the child procss. Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com> --- src/libvirt_private.syms | 2 ++ src/qemu/qemu_process.c | 16 ++++++++++++---- src/security/security_manager.c | 20 ++++++++++++++++++++ src/security/security_manager.h | 3 +++ 4 files changed, 37 insertions(+), 4 deletions(-) diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index cb81497..5f19269 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -1054,6 +1054,8 @@ virSecurityManagerGetProcessLabel; virSecurityManagerNew; virSecurityManagerNewDAC; virSecurityManagerNewStack; +virSecurityManagerPostFork; +virSecurityManagerPreFork; virSecurityManagerReleaseLabel; virSecurityManagerReserveLabel; virSecurityManagerRestoreAllLabel; diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index 9759332..12e3544 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -2773,6 +2773,7 @@ struct qemuProcessHookData { virDomainObjPtr vm; virQEMUDriverPtr driver; virBitmapPtr nodemask; + virQEMUDriverConfigPtr cfg; }; static int qemuProcessHook(void *data) @@ -2780,7 +2781,11 @@ static int qemuProcessHook(void *data) struct qemuProcessHookData *h = data; int ret = -1; int fd; - virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(h->driver); + /* This method cannot use any mutexes, which are not + * protected across fork() + */ + + virSecurityManagerPostFork(h->driver->securityManager); /* Some later calls want pid present */ h->vm->pid = getpid(); @@ -2796,7 +2801,7 @@ static int qemuProcessHook(void *data) if (virSecurityManagerSetSocketLabel(h->driver->securityManager, h->vm->def) < 0) goto cleanup; if (virDomainLockProcessStart(h->driver->lockManager, - cfg->uri, + h->cfg->uri, h->vm, /* QEMU is always paused initially */ true, @@ -2805,7 +2810,7 @@ static int qemuProcessHook(void *data) if (virSecurityManagerClearSocketLabel(h->driver->securityManager, h->vm->def) < 0) goto cleanup; - if (qemuProcessLimits(cfg) < 0) + if (qemuProcessLimits(h->cfg) < 0) goto cleanup; /* This must take place before exec(), so that all QEMU @@ -2831,7 +2836,7 @@ static int qemuProcessHook(void *data) ret = 0; cleanup: - virObjectUnref(cfg); + virObjectUnref(h->cfg); VIR_DEBUG("Hook complete ret=%d", ret); return ret; } @@ -3642,6 +3647,7 @@ int qemuProcessStart(virConnectPtr conn, hookData.conn = conn; hookData.vm = vm; hookData.driver = driver; + hookData.cfg = virObjectRef(cfg); VIR_DEBUG("Beginning VM startup process"); @@ -3973,7 +3979,9 @@ int qemuProcessStart(virConnectPtr conn, virCommandDaemonize(cmd); virCommandRequireHandshake(cmd); + virSecurityManagerPreFork(driver->securityManager); ret = virCommandRun(cmd, NULL); + virSecurityManagerPostFork(driver->securityManager); /* wait for qemu process to show up */ if (ret == 0) { diff --git a/src/security/security_manager.c b/src/security/security_manager.c index 6f8ddbf..50962ba 100644 --- a/src/security/security_manager.c +++ b/src/security/security_manager.c @@ -192,6 +192,26 @@ virSecurityManagerPtr virSecurityManagerNew(const char *name, requireConfined); } + +/* + * Must be called before fork()'ing to ensure mutex state + * is sane for the child to use + */ +void virSecurityManagerPreFork(virSecurityManagerPtr mgr) +{ + virObjectLock(mgr); +} + + +/* + * Must be called after fork()'ing in both parent and child + * to ensure mutex state is sane for the child to use + */ +void virSecurityManagerPostFork(virSecurityManagerPtr mgr) +{ + virObjectUnlock(mgr); +} + void *virSecurityManagerGetPrivateData(virSecurityManagerPtr mgr) { return mgr->privateData; diff --git a/src/security/security_manager.h b/src/security/security_manager.h index 4d4dc73..8e8accf 100644 --- a/src/security/security_manager.h +++ b/src/security/security_manager.h @@ -46,6 +46,9 @@ virSecurityManagerPtr virSecurityManagerNewDAC(const char *virtDriver, bool requireConfined, bool dynamicOwnership); +void virSecurityManagerPreFork(virSecurityManagerPtr mgr); +void virSecurityManagerPostFork(virSecurityManagerPtr mgr); + void *virSecurityManagerGetPrivateData(virSecurityManagerPtr mgr); const char *virSecurityManagerGetDriver(virSecurityManagerPtr mgr); -- 1.8.1

3 2

[libvirt] [PATCH] Check if classes are derived from object
by Guido Günther 12 Feb '13

12 Feb '13

This makes sure we don't regress to old style classes --- Just a minor addition that came up while verifying if the corresponding Debian bug is fixed. python/sanitytest.py | 27 ++++++++++++++++----------- 1 file changed, 16 insertions(+), 11 deletions(-) diff --git a/python/sanitytest.py b/python/sanitytest.py index 047450b..ace6792 100644 --- a/python/sanitytest.py +++ b/python/sanitytest.py @@ -7,17 +7,22 @@ globals = dir(libvirt) # Sanity test that the generator hasn't gone wrong # Look for core classes -assert("virConnect" in globals) -assert("virDomain" in globals) -assert("virDomainSnapshot" in globals) -assert("virInterface" in globals) -assert("virNWFilter" in globals) -assert("virNodeDevice" in globals) -assert("virNetwork" in globals) -assert("virSecret" in globals) -assert("virStoragePool" in globals) -assert("virStorageVol" in globals) -assert("virStream" in globals) +for clsname in ["virConnect", + "virDomain", + "virDomainSnapshot", + "virInterface", + "virNWFilter", + "virNodeDevice", + "virNetwork", + "virSecret", + "virStoragePool", + "virStorageVol", + "virStream", + ]: + assert(clsname in globals) + assert(object in getattr(libvirt, clsname).__bases__) + +# Constants assert("VIR_CONNECT_RO" in globals) # Error related bits -- 1.7.10.4

2 2

[libvirt] [PATCH] hypervisor: Restore pm initialization
by John Ferlan 12 Feb '13

12 Feb '13

Adjustment for 'c059cdeaf' due to older compiler complaint about pm not being initialized even though the j&7 == 0 does the trick. --- src/xen/xen_hypervisor.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/xen/xen_hypervisor.c b/src/xen/xen_hypervisor.c index 767fc0c..9b7dd2e 100644 --- a/src/xen/xen_hypervisor.c +++ b/src/xen/xen_hypervisor.c @@ -1773,7 +1773,7 @@ virXen_setvcpumap(int handle, ret = -1; } else { cpumap_t xen_cpumap; /* limited to 64 CPUs in old hypervisors */ - uint64_t *pm; + uint64_t *pm = &xen_cpumap; int j; if ((maplen > (int)sizeof(cpumap_t)) || (sizeof(cpumap_t) & 7)) -- 1.7.11.7

2 2

[libvirt] [PATCH V5 0/3] Add support for QEMU file descriptor sets
by Stefan Berger 12 Feb '13

12 Feb '13

The following patch series adds initial support for QEMU file descriptor sets implementing support for creating the proper command line. Some devices are using the sets now. Regards, Stefan

1 3

[libvirt] [PATCH] Remove re-entrant API call in SELinux/AppArmor security managers
by Daniel P. Berrange 12 Feb '13

12 Feb '13

From: "Daniel P. Berrange" <berrange(a)redhat.com> The security manager drivers are not allowed to call back out to top level security manager APIs, since that results in recursive mutex acquisition and thus deadlock. Remove calls to virSecurityManagerGetModel from SELinux / AppArmor drivers Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com> --- src/security/security_apparmor.c | 4 ++-- src/security/security_selinux.c | 20 ++++++++++---------- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c index bf795b0..f281555 100644 --- a/src/security/security_apparmor.c +++ b/src/security/security_apparmor.c @@ -603,12 +603,12 @@ AppArmorSetSecurityProcessLabel(virSecurityManagerPtr mgr, virDomainDefPtr def) if ((profile_name = get_profile_name(def)) == NULL) return rc; - if (STRNEQ(virSecurityManagerGetModel(mgr), secdef->model)) { + if (STRNEQ(SECURITY_APPARMOR_NAME, secdef->model)) { virReportError(VIR_ERR_INTERNAL_ERROR, _("security label driver mismatch: " "\'%s\' model configured for domain, but " "hypervisor driver is \'%s\'."), - secdef->model, virSecurityManagerGetModel(mgr)); + secdef->model, SECURITY_APPARMOR_NAME); if (use_apparmor() > 0) goto clean; } diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c index 2f5012d..cfb99a3 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -1803,12 +1803,12 @@ virSecuritySELinuxSecurityVerify(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, if (secdef == NULL) return -1; - if (!STREQ(virSecurityManagerGetModel(mgr), secdef->model)) { + if (!STREQ(SECURITY_SELINUX_NAME, secdef->model)) { virReportError(VIR_ERR_INTERNAL_ERROR, _("security label driver mismatch: " "'%s' model configured for domain, but " "hypervisor driver is '%s'."), - secdef->model, virSecurityManagerGetModel(mgr)); + secdef->model, SECURITY_SELINUX_NAME); return -1; } @@ -1837,12 +1837,12 @@ virSecuritySELinuxSetSecurityProcessLabel(virSecurityManagerPtr mgr, return 0; VIR_DEBUG("label=%s", secdef->label); - if (!STREQ(virSecurityManagerGetModel(mgr), secdef->model)) { + if (!STREQ(SECURITY_SELINUX_NAME, secdef->model)) { virReportError(VIR_ERR_INTERNAL_ERROR, _("security label driver mismatch: " "'%s' model configured for domain, but " "hypervisor driver is '%s'."), - secdef->model, virSecurityManagerGetModel(mgr)); + secdef->model, SECURITY_SELINUX_NAME); if (security_getenforce() == 1) return -1; } @@ -1875,12 +1875,12 @@ virSecuritySELinuxSetSecurityDaemonSocketLabel(virSecurityManagerPtr mgr, if (secdef->label == NULL) return 0; - if (!STREQ(virSecurityManagerGetModel(mgr), secdef->model)) { + if (!STREQ(SECURITY_SELINUX_NAME, secdef->model)) { virReportError(VIR_ERR_INTERNAL_ERROR, _("security label driver mismatch: " "'%s' model configured for domain, but " "hypervisor driver is '%s'."), - secdef->model, virSecurityManagerGetModel(mgr)); + secdef->model, SECURITY_SELINUX_NAME); goto done; } @@ -1925,12 +1925,12 @@ virSecuritySELinuxSetSecuritySocketLabel(virSecurityManagerPtr mgr, if (secdef->label == NULL) return 0; - if (!STREQ(virSecurityManagerGetModel(mgr), secdef->model)) { + if (!STREQ(SECURITY_SELINUX_NAME, secdef->model)) { virReportError(VIR_ERR_INTERNAL_ERROR, _("security label driver mismatch: " "'%s' model configured for domain, but " "hypervisor driver is '%s'."), - secdef->model, virSecurityManagerGetModel(mgr)); + secdef->model, SECURITY_SELINUX_NAME); goto done; } @@ -1966,12 +1966,12 @@ virSecuritySELinuxClearSecuritySocketLabel(virSecurityManagerPtr mgr, if (secdef->label == NULL) return 0; - if (!STREQ(virSecurityManagerGetModel(mgr), secdef->model)) { + if (!STREQ(SECURITY_SELINUX_NAME, secdef->model)) { virReportError(VIR_ERR_INTERNAL_ERROR, _("security label driver mismatch: " "'%s' model configured for domain, but " "hypervisor driver is '%s'."), - secdef->model, virSecurityManagerGetModel(mgr)); + secdef->model, SECURITY_SELINUX_NAME); if (security_getenforce() == 1) return -1; } -- 1.7.11.7

3 2

[libvirt] [PATCH 0/4 v4] New API virNodeDeviceLookupSCSIHostByWWN
by Osier Yang 11 Feb '13

11 Feb '13

v3 - v4: * Only rebasing v2 - v3: * Validate the specified wwnn,wwpn pair before applying it to the new API in virsh-nodedev.c v1 - v2: * Per Daniel's suggestion, change the API name from virNodeDeviceLookupByWWN into virNodeDeviceLookupSCSIHostByWWN. Osier Yang (4): Introduce API virNodeDeviceLookupSCSIHostByWWN remote: Wire up the remote protocol nodedev: Implement virNodeDeviceLookupSCSIHostByWWN virsh: Use virNodeDeviceLookupSCSIHostByWWN include/libvirt/libvirt.h.in | 5 ++ src/driver.h | 6 ++ src/libvirt.c | 46 ++++++++++++++++ src/libvirt_public.syms | 5 ++ src/node_device/node_device_driver.c | 13 +++-- src/node_device/node_device_driver.h | 4 ++ src/node_device/node_device_hal.c | 1 + src/node_device/node_device_udev.c | 1 + src/remote/remote_driver.c | 1 + src/remote/remote_protocol.x | 13 ++++- src/remote_protocol-structs | 9 +++ src/rpc/gendispatch.pl | 5 ++- tools/virsh-nodedev.c | 98 ++++++++++++++++++++++++++-------- tools/virsh.pod | 15 +++-- 14 files changed, 187 insertions(+), 35 deletions(-) -- 1.7.7.6

3 17