[libvirt] [PATCH] build: fix make check of remote_protocol-structs
by Laine Stump
Broken by incorrect formatting / spelling of remote_nonnull in commit
39758e7567b766f1df3948ea671d6ccb93daf7a9
---
Pushed under build breaker rule
src/remote_protocol-structs | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/remote_protocol-structs b/src/remote_protocol-structs
index b8ca88b..7f5ff7a 100644
--- a/src/remote_protocol-structs
+++ b/src/remote_protocol-structs
@@ -1401,9 +1401,9 @@ struct remote_node_device_lookup_by_name_ret {
remote_nonnull_node_device dev;
};
struct remote_node_device_lookup_scsi_host_by_wwn_args {
- remote_nonull_string wwnn;
- remote_nonull_string wwpn;
- unsigned int flags;
+ remote_nonnull_string wwnn;
+ remote_nonnull_string wwpn;
+ u_int flags;
};
struct remote_node_device_lookup_scsi_host_by_wwn_ret {
remote_nonnull_node_device dev;
--
1.8.1
11 years, 10 months
[libvirt] [PATCH] Avoid cast to unit64_t on 32bit platform
by Guido Günther
Fixes compilation on 32bit platforms:
xen/xen_hypervisor.c: In function 'virXen_setvcpumap':
xen/xen_hypervisor.c:1785:35: error: cast from pointer to integer of different size [-Werror=pointer-to-int-cast]
xen/xen_hypervisor.c:1785:22: error: cast to pointer from integer of different size [-Werror=int-to-pointer-cast]
cc1: all warnings being treated as errors
---
src/xen/xen_hypervisor.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/xen/xen_hypervisor.c b/src/xen/xen_hypervisor.c
index 9b7dd2e..e3de0b2 100644
--- a/src/xen/xen_hypervisor.c
+++ b/src/xen/xen_hypervisor.c
@@ -1782,7 +1782,7 @@ virXen_setvcpumap(int handle,
memset(&xen_cpumap, 0, sizeof(cpumap_t));
for (j = 0; j < maplen; j++) {
if ((j & 7) == 0)
- pm = (uint64_t *)((uint64_t)&xen_cpumap + (j & ~0x7UL));
+ pm = (uint64_t *)((intptr_t)&xen_cpumap + (j & ~0x7UL));
*pm |= (uint64_t)cpumap[j] << (8 * (j & 7));
}
--
1.7.10.4
11 years, 10 months
[libvirt] [PATCH 0/4] Fix problems of shared disk management
by Osier Yang
This fixes several problems of shared disk management, mainly
about shared cdrom or floppy disk.
Osier Yang (4):
qemu: Add checking in helpers for sgio setting
qemu: Merge qemuCheckSharedDisk into qemuAddSharedDisk
qemu: Don't remove hash entry of other domains
qemu: Move shared disk entry adding and unpriv_sgio seting
src/qemu/qemu_conf.c | 73 ++++++++++++++++++++++++++++++--
src/qemu/qemu_conf.h | 5 +-
src/qemu/qemu_driver.c | 55 +++++++++++-------------
src/qemu/qemu_hotplug.c | 6 ++-
src/qemu/qemu_hotplug.h | 3 +-
src/qemu/qemu_migration.c | 14 +++---
src/qemu/qemu_process.c | 101 ++++++++++++++++-----------------------------
src/qemu/qemu_process.h | 6 +--
8 files changed, 149 insertions(+), 114 deletions(-)
--
1.7.7.6
11 years, 10 months
[libvirt] [PATCH] Fix potential deadlock across fork() in QEMU driver
by Daniel P. Berrange
From: "Daniel P. Berrange" <berrange(a)redhat.com>
The hook scripts used by virCommand must be careful wrt
accessing any mutexes that may have been held by other
threads in the parent process. With the recent refactorigng
there are 2 potential flaws lurking, which will become real
deadlock bugs once the global QEMU driver lock is removed.
Remove use of the QEMU driver lock from the hook function
by passing in the 'virQEMUDriverConfigPtr' instance directly.
Add functions to the virSecurityManager to be invoked before
and after fork, to ensure the mutex is held by the current
thread. This allows it to be safely used in the hook script
in the child procss.
Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com>
---
src/libvirt_private.syms | 2 ++
src/qemu/qemu_process.c | 16 ++++++++++++----
src/security/security_manager.c | 20 ++++++++++++++++++++
src/security/security_manager.h | 3 +++
4 files changed, 37 insertions(+), 4 deletions(-)
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index cb81497..5f19269 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -1054,6 +1054,8 @@ virSecurityManagerGetProcessLabel;
virSecurityManagerNew;
virSecurityManagerNewDAC;
virSecurityManagerNewStack;
+virSecurityManagerPostFork;
+virSecurityManagerPreFork;
virSecurityManagerReleaseLabel;
virSecurityManagerReserveLabel;
virSecurityManagerRestoreAllLabel;
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 9759332..12e3544 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -2773,6 +2773,7 @@ struct qemuProcessHookData {
virDomainObjPtr vm;
virQEMUDriverPtr driver;
virBitmapPtr nodemask;
+ virQEMUDriverConfigPtr cfg;
};
static int qemuProcessHook(void *data)
@@ -2780,7 +2781,11 @@ static int qemuProcessHook(void *data)
struct qemuProcessHookData *h = data;
int ret = -1;
int fd;
- virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(h->driver);
+ /* This method cannot use any mutexes, which are not
+ * protected across fork()
+ */
+
+ virSecurityManagerPostFork(h->driver->securityManager);
/* Some later calls want pid present */
h->vm->pid = getpid();
@@ -2796,7 +2801,7 @@ static int qemuProcessHook(void *data)
if (virSecurityManagerSetSocketLabel(h->driver->securityManager, h->vm->def) < 0)
goto cleanup;
if (virDomainLockProcessStart(h->driver->lockManager,
- cfg->uri,
+ h->cfg->uri,
h->vm,
/* QEMU is always paused initially */
true,
@@ -2805,7 +2810,7 @@ static int qemuProcessHook(void *data)
if (virSecurityManagerClearSocketLabel(h->driver->securityManager, h->vm->def) < 0)
goto cleanup;
- if (qemuProcessLimits(cfg) < 0)
+ if (qemuProcessLimits(h->cfg) < 0)
goto cleanup;
/* This must take place before exec(), so that all QEMU
@@ -2831,7 +2836,7 @@ static int qemuProcessHook(void *data)
ret = 0;
cleanup:
- virObjectUnref(cfg);
+ virObjectUnref(h->cfg);
VIR_DEBUG("Hook complete ret=%d", ret);
return ret;
}
@@ -3642,6 +3647,7 @@ int qemuProcessStart(virConnectPtr conn,
hookData.conn = conn;
hookData.vm = vm;
hookData.driver = driver;
+ hookData.cfg = virObjectRef(cfg);
VIR_DEBUG("Beginning VM startup process");
@@ -3973,7 +3979,9 @@ int qemuProcessStart(virConnectPtr conn,
virCommandDaemonize(cmd);
virCommandRequireHandshake(cmd);
+ virSecurityManagerPreFork(driver->securityManager);
ret = virCommandRun(cmd, NULL);
+ virSecurityManagerPostFork(driver->securityManager);
/* wait for qemu process to show up */
if (ret == 0) {
diff --git a/src/security/security_manager.c b/src/security/security_manager.c
index 6f8ddbf..50962ba 100644
--- a/src/security/security_manager.c
+++ b/src/security/security_manager.c
@@ -192,6 +192,26 @@ virSecurityManagerPtr virSecurityManagerNew(const char *name,
requireConfined);
}
+
+/*
+ * Must be called before fork()'ing to ensure mutex state
+ * is sane for the child to use
+ */
+void virSecurityManagerPreFork(virSecurityManagerPtr mgr)
+{
+ virObjectLock(mgr);
+}
+
+
+/*
+ * Must be called after fork()'ing in both parent and child
+ * to ensure mutex state is sane for the child to use
+ */
+void virSecurityManagerPostFork(virSecurityManagerPtr mgr)
+{
+ virObjectUnlock(mgr);
+}
+
void *virSecurityManagerGetPrivateData(virSecurityManagerPtr mgr)
{
return mgr->privateData;
diff --git a/src/security/security_manager.h b/src/security/security_manager.h
index 4d4dc73..8e8accf 100644
--- a/src/security/security_manager.h
+++ b/src/security/security_manager.h
@@ -46,6 +46,9 @@ virSecurityManagerPtr virSecurityManagerNewDAC(const char *virtDriver,
bool requireConfined,
bool dynamicOwnership);
+void virSecurityManagerPreFork(virSecurityManagerPtr mgr);
+void virSecurityManagerPostFork(virSecurityManagerPtr mgr);
+
void *virSecurityManagerGetPrivateData(virSecurityManagerPtr mgr);
const char *virSecurityManagerGetDriver(virSecurityManagerPtr mgr);
--
1.8.1
11 years, 10 months
[libvirt] [PATCH] Check if classes are derived from object
by Guido Günther
This makes sure we don't regress to old style classes
---
Just a minor addition that came up while verifying if the corresponding
Debian bug is fixed.
python/sanitytest.py | 27 ++++++++++++++++-----------
1 file changed, 16 insertions(+), 11 deletions(-)
diff --git a/python/sanitytest.py b/python/sanitytest.py
index 047450b..ace6792 100644
--- a/python/sanitytest.py
+++ b/python/sanitytest.py
@@ -7,17 +7,22 @@ globals = dir(libvirt)
# Sanity test that the generator hasn't gone wrong
# Look for core classes
-assert("virConnect" in globals)
-assert("virDomain" in globals)
-assert("virDomainSnapshot" in globals)
-assert("virInterface" in globals)
-assert("virNWFilter" in globals)
-assert("virNodeDevice" in globals)
-assert("virNetwork" in globals)
-assert("virSecret" in globals)
-assert("virStoragePool" in globals)
-assert("virStorageVol" in globals)
-assert("virStream" in globals)
+for clsname in ["virConnect",
+ "virDomain",
+ "virDomainSnapshot",
+ "virInterface",
+ "virNWFilter",
+ "virNodeDevice",
+ "virNetwork",
+ "virSecret",
+ "virStoragePool",
+ "virStorageVol",
+ "virStream",
+ ]:
+ assert(clsname in globals)
+ assert(object in getattr(libvirt, clsname).__bases__)
+
+# Constants
assert("VIR_CONNECT_RO" in globals)
# Error related bits
--
1.7.10.4
11 years, 10 months
[libvirt] [PATCH] hypervisor: Restore pm initialization
by John Ferlan
Adjustment for 'c059cdeaf' due to older compiler complaint about pm
not being initialized even though the j&7 == 0 does the trick.
---
src/xen/xen_hypervisor.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/xen/xen_hypervisor.c b/src/xen/xen_hypervisor.c
index 767fc0c..9b7dd2e 100644
--- a/src/xen/xen_hypervisor.c
+++ b/src/xen/xen_hypervisor.c
@@ -1773,7 +1773,7 @@ virXen_setvcpumap(int handle,
ret = -1;
} else {
cpumap_t xen_cpumap; /* limited to 64 CPUs in old hypervisors */
- uint64_t *pm;
+ uint64_t *pm = &xen_cpumap;
int j;
if ((maplen > (int)sizeof(cpumap_t)) || (sizeof(cpumap_t) & 7))
--
1.7.11.7
11 years, 10 months
[libvirt] [PATCH] Remove re-entrant API call in SELinux/AppArmor security managers
by Daniel P. Berrange
From: "Daniel P. Berrange" <berrange(a)redhat.com>
The security manager drivers are not allowed to call back
out to top level security manager APIs, since that results
in recursive mutex acquisition and thus deadlock. Remove
calls to virSecurityManagerGetModel from SELinux / AppArmor
drivers
Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com>
---
src/security/security_apparmor.c | 4 ++--
src/security/security_selinux.c | 20 ++++++++++----------
2 files changed, 12 insertions(+), 12 deletions(-)
diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c
index bf795b0..f281555 100644
--- a/src/security/security_apparmor.c
+++ b/src/security/security_apparmor.c
@@ -603,12 +603,12 @@ AppArmorSetSecurityProcessLabel(virSecurityManagerPtr mgr, virDomainDefPtr def)
if ((profile_name = get_profile_name(def)) == NULL)
return rc;
- if (STRNEQ(virSecurityManagerGetModel(mgr), secdef->model)) {
+ if (STRNEQ(SECURITY_APPARMOR_NAME, secdef->model)) {
virReportError(VIR_ERR_INTERNAL_ERROR,
_("security label driver mismatch: "
"\'%s\' model configured for domain, but "
"hypervisor driver is \'%s\'."),
- secdef->model, virSecurityManagerGetModel(mgr));
+ secdef->model, SECURITY_APPARMOR_NAME);
if (use_apparmor() > 0)
goto clean;
}
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index 2f5012d..cfb99a3 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -1803,12 +1803,12 @@ virSecuritySELinuxSecurityVerify(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
if (secdef == NULL)
return -1;
- if (!STREQ(virSecurityManagerGetModel(mgr), secdef->model)) {
+ if (!STREQ(SECURITY_SELINUX_NAME, secdef->model)) {
virReportError(VIR_ERR_INTERNAL_ERROR,
_("security label driver mismatch: "
"'%s' model configured for domain, but "
"hypervisor driver is '%s'."),
- secdef->model, virSecurityManagerGetModel(mgr));
+ secdef->model, SECURITY_SELINUX_NAME);
return -1;
}
@@ -1837,12 +1837,12 @@ virSecuritySELinuxSetSecurityProcessLabel(virSecurityManagerPtr mgr,
return 0;
VIR_DEBUG("label=%s", secdef->label);
- if (!STREQ(virSecurityManagerGetModel(mgr), secdef->model)) {
+ if (!STREQ(SECURITY_SELINUX_NAME, secdef->model)) {
virReportError(VIR_ERR_INTERNAL_ERROR,
_("security label driver mismatch: "
"'%s' model configured for domain, but "
"hypervisor driver is '%s'."),
- secdef->model, virSecurityManagerGetModel(mgr));
+ secdef->model, SECURITY_SELINUX_NAME);
if (security_getenforce() == 1)
return -1;
}
@@ -1875,12 +1875,12 @@ virSecuritySELinuxSetSecurityDaemonSocketLabel(virSecurityManagerPtr mgr,
if (secdef->label == NULL)
return 0;
- if (!STREQ(virSecurityManagerGetModel(mgr), secdef->model)) {
+ if (!STREQ(SECURITY_SELINUX_NAME, secdef->model)) {
virReportError(VIR_ERR_INTERNAL_ERROR,
_("security label driver mismatch: "
"'%s' model configured for domain, but "
"hypervisor driver is '%s'."),
- secdef->model, virSecurityManagerGetModel(mgr));
+ secdef->model, SECURITY_SELINUX_NAME);
goto done;
}
@@ -1925,12 +1925,12 @@ virSecuritySELinuxSetSecuritySocketLabel(virSecurityManagerPtr mgr,
if (secdef->label == NULL)
return 0;
- if (!STREQ(virSecurityManagerGetModel(mgr), secdef->model)) {
+ if (!STREQ(SECURITY_SELINUX_NAME, secdef->model)) {
virReportError(VIR_ERR_INTERNAL_ERROR,
_("security label driver mismatch: "
"'%s' model configured for domain, but "
"hypervisor driver is '%s'."),
- secdef->model, virSecurityManagerGetModel(mgr));
+ secdef->model, SECURITY_SELINUX_NAME);
goto done;
}
@@ -1966,12 +1966,12 @@ virSecuritySELinuxClearSecuritySocketLabel(virSecurityManagerPtr mgr,
if (secdef->label == NULL)
return 0;
- if (!STREQ(virSecurityManagerGetModel(mgr), secdef->model)) {
+ if (!STREQ(SECURITY_SELINUX_NAME, secdef->model)) {
virReportError(VIR_ERR_INTERNAL_ERROR,
_("security label driver mismatch: "
"'%s' model configured for domain, but "
"hypervisor driver is '%s'."),
- secdef->model, virSecurityManagerGetModel(mgr));
+ secdef->model, SECURITY_SELINUX_NAME);
if (security_getenforce() == 1)
return -1;
}
--
1.7.11.7
11 years, 10 months
[libvirt] [PATCH 0/4 v4] New API virNodeDeviceLookupSCSIHostByWWN
by Osier Yang
v3 - v4:
* Only rebasing
v2 - v3:
* Validate the specified wwnn,wwpn pair before applying it
to the new API in virsh-nodedev.c
v1 - v2:
* Per Daniel's suggestion, change the API name from
virNodeDeviceLookupByWWN into
virNodeDeviceLookupSCSIHostByWWN.
Osier Yang (4):
Introduce API virNodeDeviceLookupSCSIHostByWWN
remote: Wire up the remote protocol
nodedev: Implement virNodeDeviceLookupSCSIHostByWWN
virsh: Use virNodeDeviceLookupSCSIHostByWWN
include/libvirt/libvirt.h.in | 5 ++
src/driver.h | 6 ++
src/libvirt.c | 46 ++++++++++++++++
src/libvirt_public.syms | 5 ++
src/node_device/node_device_driver.c | 13 +++--
src/node_device/node_device_driver.h | 4 ++
src/node_device/node_device_hal.c | 1 +
src/node_device/node_device_udev.c | 1 +
src/remote/remote_driver.c | 1 +
src/remote/remote_protocol.x | 13 ++++-
src/remote_protocol-structs | 9 +++
src/rpc/gendispatch.pl | 5 ++-
tools/virsh-nodedev.c | 98 ++++++++++++++++++++++++++--------
tools/virsh.pod | 15 +++--
14 files changed, 187 insertions(+), 35 deletions(-)
--
1.7.7.6
11 years, 10 months
[libvirt] libvirtd (from git) no longer responds to 'kill'
by Richard W.M. Jones
It used to be that you could kill a session libvirtd using eg:
killall libvirtd lt-libvirtd
However with upstream libvirt from git today, this no longer appears
to work:
$ ps ax | grep libvirtd
4240 ? Ssl 0:05 /usr/sbin/libvirtd
18492 ? Sl 0:00 /home/rjones/d/libvirt/daemon/.libs/lt-libvirtd --timeout=30
18775 pts/10 S+ 0:00 grep --color=auto libvirtd
$ killall lt-libvirtd
$ ps ax | grep libvirtd
4240 ? Ssl 0:05 /usr/sbin/libvirtd
18492 ? Sl 0:00 /home/rjones/d/libvirt/daemon/.libs/lt-libvirtd --timeout=30
18785 pts/10 S+ 0:00 grep --color=auto libvirtd
$ killall lt-libvirtd
$ ps ax | grep libvirtd
4240 ? Ssl 0:05 /usr/sbin/libvirtd
18492 ? Sl 0:00 /home/rjones/d/libvirt/daemon/.libs/lt-libvirtd --timeout=30
18799 pts/10 S+ 0:00 grep --color=auto libvirtd
Is this new brokenness, or was this never meant to work in the first
place?
BTW this libvirtd process is pretty persistent. I sent it a whole
variety of signals, and only 'kill -9' worked.
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
libguestfs lets you edit virtual machines. Supports shell scripting,
bindings from many languages. http://libguestfs.org
11 years, 10 months