September 2013 - Devel - libvirt List Archives

[libvirt] [PATCH 0/2] qemumonitorjsontest improvements
by Michal Privoznik 20 Sep '13

20 Sep '13

Just a couple of tests. Michal Privoznik (2): qemumonitorjsontest: Test CPU state handling code qemumonitorjsontest: Introduce DO_TEST_SIMPLE tests/qemumonitorjsontest.c | 103 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 103 insertions(+) -- 1.8.1.5

3 6

[libvirt] [PATCH] Add checking of dbus_message_iter_append_basic return value
by Daniel P. Berrange 20 Sep '13

20 Sep '13

From: "Daniel P. Berrange" <berrange(a)redhat.com> Coverity complains that the test suite did not check the return value of dbus_message_iter_append_basic() as we did in most other places. Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com> --- tests/virsystemdmock.c | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/tests/virsystemdmock.c b/tests/virsystemdmock.c index 59b312d..b8fc031 100644 --- a/tests/virsystemdmock.c +++ b/tests/virsystemdmock.c @@ -82,10 +82,8 @@ DBusMessage *dbus_connection_send_with_reply_and_block(DBusConnection *connectio dbus_message_iter_init_append(reply, &iter); if (!dbus_message_iter_append_basic(&iter, DBUS_TYPE_STRING, - &error_message)) { - dbus_message_unref(reply); - return NULL; - } + &error_message)) + goto error; } else { reply = dbus_message_new(DBUS_MESSAGE_TYPE_METHOD_RETURN); } @@ -98,19 +96,25 @@ DBusMessage *dbus_connection_send_with_reply_and_block(DBusConnection *connectio dbus_message_iter_open_container(&iter, DBUS_TYPE_ARRAY, "s", &sub); - dbus_message_iter_append_basic(&sub, + if (!dbus_message_iter_append_basic(&sub, DBUS_TYPE_STRING, - &svc1); - if (!getenv("FAIL_NO_SERVICE")) - dbus_message_iter_append_basic(&sub, - DBUS_TYPE_STRING, - &svc2); + &svc1)) + goto error; + if (!getenv("FAIL_NO_SERVICE") && + !dbus_message_iter_append_basic(&sub, + DBUS_TYPE_STRING, + &svc2)) + goto error; dbus_message_iter_close_container(&iter, &sub); } else { reply = dbus_message_new(DBUS_MESSAGE_TYPE_METHOD_RETURN); } return reply; + + error: + dbus_message_unref(reply); + return NULL; } #else -- 1.8.3.1

2 1

[libvirt] [PATCH 0/3] VMware: Driver updates for future work
by Doug Goldstein 20 Sep '13

20 Sep '13

While some of these patches seem unncessary (e.g. vmrun lookup/caching) my end goal is to add VMware Fusion support to libvirt. Rationale for patch 1: In libvirt we prefer enums and using some of the standardized APIs for enum/str handling. Rationale for patch 2: VMware Fusion command line utilities will never be in PATH on a Mac OS X machine and nor is it correct to tell the user to have it in your path. The tools live in /Applications/VMware Fusion.app/ or /Library/Application Support/VMware Fusion.app/ and app bundles should not appear in your path. In the future it will allow us to add these pathes in the list of paths to search for. We can also improve the Windows user experience and populate the Windows path in here as well since most users don't have the VMware install dir in their PATH. Rationale for patch 3: Testing is good. VMware Fusion has a slightly different string format for the version so the code will need to change this allows us to add tests. I personally don't own a copy of VMware Workstation or VMware Fusion, so if anyone does please send me (or submit patches) of additional version numbers so that we can improve our test coverage. Doug Goldstein (3): VMware: Convert driver type defines to enum VMware: Store vmrun binary's path in the driver VMware: Make version parsing testable and add tests .gitignore | 1 + src/Makefile.am | 6 ++ src/libvirt_vmware.syms | 12 ++++ src/vmware/vmware_conf.c | 61 ++++++++++++----- src/vmware/vmware_conf.h | 15 ++++- src/vmware/vmware_driver.c | 63 +++++++++++------- tests/Makefile.am | 14 ++++ tests/vmwareverdata/workstation-7.0.0.txt | 1 + tests/vmwarevertest.c | 105 ++++++++++++++++++++++++++++++ 9 files changed, 233 insertions(+), 45 deletions(-) create mode 100644 src/libvirt_vmware.syms create mode 100644 tests/vmwareverdata/workstation-7.0.0.txt create mode 100644 tests/vmwarevertest.c -- 1.8.1.5

2 6

[libvirt] [PATCH] daemon: Avoid dead code in polkit auth
by Jiri Denemark 20 Sep '13

20 Sep '13

Signed-off-by: Jiri Denemark <jdenemar(a)redhat.com> --- daemon/remote.c | 27 +++++++++++++++------------ 1 file changed, 15 insertions(+), 12 deletions(-) diff --git a/daemon/remote.c b/daemon/remote.c index 3ac528c..2ff2288 100644 --- a/daemon/remote.c +++ b/daemon/remote.c @@ -2738,12 +2738,13 @@ remoteDispatchAuthPolkit(virNetServerPtr server ATTRIBUTE_UNUSED, int status = -1; char *ident = NULL; bool authdismissed = 0; - bool supportsuid = false; char *pkout = NULL; struct daemonClientPrivate *priv = virNetServerClientGetPrivateData(client); virCommandPtr cmd = NULL; +# ifndef PKCHECK_SUPPORTS_UID static bool polkitInsecureWarned; +# endif virMutexLock(&priv->lock); action = virNetServerClientGetReadonly(client) ? @@ -2775,19 +2776,21 @@ remoteDispatchAuthPolkit(virNetServerPtr server ATTRIBUTE_UNUSED, (long long) callerPid, callerUid); virCommandAddArg(cmd, "--process"); + # ifdef PKCHECK_SUPPORTS_UID - supportsuid = true; -# endif - if (supportsuid) { - virCommandAddArgFormat(cmd, "%lld,%llu,%lu", - (long long) callerPid, timestamp, (unsigned long) callerUid); - } else { - if (!polkitInsecureWarned) { - VIR_WARN("No support for caller UID with pkcheck. This deployment is known to be insecure."); - polkitInsecureWarned = true; - } - virCommandAddArgFormat(cmd, "%lld,%llu", (long long) callerPid, timestamp); + virCommandAddArgFormat(cmd, "%lld,%llu,%lu", + (long long) callerPid, + timestamp, + (unsigned long) callerUid); +# else + if (!polkitInsecureWarned) { + VIR_WARN("No support for caller UID with pkcheck. " + "This deployment is known to be insecure."); + polkitInsecureWarned = true; } + virCommandAddArgFormat(cmd, "%lld,%llu", (long long) callerPid, timestamp); +# endif + virCommandAddArg(cmd, "--allow-user-interaction"); if (virAsprintf(&ident, "pid:%lld,uid:%d", -- 1.8.3.2

2 2

[libvirt] Release of libvirt-java-0.5.1
by Daniel Veillard 20 Sep '13

20 Sep '13

That release fixes the java-6 compatibility problem of the 0.5.0 build. It is tagged in git and available at the usual place: ftp://libvirt.org/libvirt/java/ as well as in the maven repository for libvirt-java at http://libvirt.org/maven2/org/libvirt/libvirt/ Thanks Wido and Claudio for fixing the issue, Daniel -- Daniel Veillard | Open Source and Standards, Red Hat veillard(a)redhat.com | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ http://veillard.com/ | virtualization library http://libvirt.org/

1 0

[libvirt] About 'virsh update-device' for floppy and cdrom
by liyang 20 Sep '13

20 Sep '13

Hi experts: When I did some test, I was puzzled by one thing: When I use "virsh update-device" to update floppy device, always got an error message, "error: internal error unable to execute QEMU command 'change': Could not open'***file':Permission denied".But when I execute command "setenforce 0" befroe "udpate-device", floppy device can be updated. Steps like this: ---------------------------------------------------------------Start # virsh start virt-tests-vm1 Domain virt-tests-vm1 started # cat /add_storage/liyang/github-autotest_new/client/tests/virt/tmp/tmp/update_iso.xml <disk type='file' device='floppy'> <driver name='qemu' type='raw'/> <source file='/add_storage/liyang/github-autotest_new/client/tests/virt/tmp/tmp/change_media_old.iso'/> <target dev='fda'/> <readonly/> </disk> # ll /add_storage/liyang/github-autotest_new/client/tests/virt/tmp/tmp/change_media_old.iso -rw-r--r--. 1 qemu qemu 1404928 Sep 20 10:48 /add_storage/liyang/github-autotest_new/client/tests/virt/tmp/tmp/change_media_old.iso # virsh update-device virt-tests-vm1 /add_storage/liyang/github-autotest_new/client/tests/virt/tmp/tmp/update_iso.xml --force error: Failed to update device from /add_storage/liyang/github-autotest_new/client/tests/virt/tmp/tmp/update_iso.xml error: internal error unable to execute QEMU command 'change': Could not open '/add_storage/liyang/github-autotest_new/client/tests/virt/tmp/tmp/change_media_old.iso': Permission denied # cat /selinux/enforce 1 # setenforce 0 # virsh update-device virt-tests-vm1 /add_storage/liyang/github-autotest_new/client/tests/virt/tmp/tmp/update_iso.xml --force Device updated successfully ---------------------------------------------------------------End But with same command, about cdrom device it worked though "/selinux/enforce" is 1. Steps like this: ---------------------------------------------------------------Start # virsh start virt-tests-vm1 Domain virt-tests-vm1 started # cat /add_storage/liyang/github-autotest_new/client/tests/virt/tmp/tmp/update_iso.xml <disk type='file' device='cdrom'> <driver name='qemu' type='raw'/> <source file='/add_storage/liyang/github-autotest_new/client/tests/virt/tmp/tmp/change_media_old.iso'/> <target dev='hdc'/> <readonly/> </disk> # ll /add_storage/liyang/github-autotest_new/client/tests/virt/tmp/tmp/change_media_old.iso -rw-r--r--. 1 qemu qemu 1404928 Sep 20 10:58 /add_storage/liyang/github-autotest_new/client/tests/virt/tmp/tmp/change_media_old.iso # cat /selinux/enforce 1 # virsh update-device virt-tests-vm1 /add_storage/liyang/github-autotest_new/client/tests/virt/tmp/tmp/update_iso.xml --force Device updated successfully ---------------------------------------------------------------End So I want to know why it's different between 'floppy' and 'cdrom', and what's the difference? Also why floppy needs 'permissive' mode but cdrom doesn't? Wish your help! -- Regards, -------------------------------------------------- Li Yang TEL：+86+25-86630566-8529 EMail：liyang.fnst(a)cn.fujitsu.com --------------------------------------------------

1 0

[libvirt] Schedule for next release
by Daniel Veillard 20 Sep '13

20 Sep '13

If we want to stick to the end of the month schedule we need to enter freeze for 1.1.3 next week, I suggest to do this early on Wed 25 so that we can plan on pushing 1.1.3 on the Tue 1st Oct So unless there is a serious issue, let's plan to freeze next Wed, Daniel -- Daniel Veillard | Open Source and Standards, Red Hat veillard(a)redhat.com | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ http://veillard.com/ | virtualization library http://libvirt.org/

1 0

[libvirt] [v0.9.12-maint 0/9] CVE fixes
by Eric Blake 19 Sep '13

19 Sep '13

I've completed and pushed my backport work for both CVEs that were patched today, into all branches v0.10.2-maint and newer (basically, we have 0.10.2, then all releases since 1.0.2). One last branch in active use (hello Debian) remains to be patched; but here, the backport work had enough conflict resolutions that I decided to post my work for review first. Daniel P. Berrange (9): Introduce APIs for splitting/joining strings Rename virKillProcess to virProcessKill Rename virPid{Abort, Wait} to virProcess{Abort, Wait} Rename virCommandTranslateStatus to virProcessTranslateStatus Move virProcessKill into virprocess.{h, c} Move virProcess{Kill, Abort, TranslateStatus} into virprocess.{c, h} Include process start time when doing polkit checks Add support for using 3-arg pkcheck syntax for process (CVE-2013-4311) Fix crash in remoteDispatchDomainMemoryStats (CVE-2013-4296) .gitignore | 1 + configure.ac | 8 + daemon/libvirtd.c | 3 +- daemon/remote.c | 33 +++- libvirt.spec.in | 3 +- po/POTFILES.in | 1 + src/Makefile.am | 2 + src/libvirt_private.syms | 16 +- src/lxc/lxc_container.c | 3 +- src/lxc/lxc_controller.c | 3 +- src/qemu/qemu_agent.c | 3 +- src/qemu/qemu_monitor.c | 3 +- src/qemu/qemu_process.c | 3 +- src/rpc/virnetserverclient.c | 8 +- src/rpc/virnetserverclient.h | 3 +- src/rpc/virnetsocket.c | 22 ++- src/rpc/virnetsocket.h | 3 +- src/uml/uml_driver.c | 3 +- src/util/command.c | 167 ++------------------ src/util/command.h | 8 - src/util/util.c | 64 +------- src/util/util.h | 1 - src/util/virprocess.c | 359 +++++++++++++++++++++++++++++++++++++++++++ src/util/virprocess.h | 45 ++++++ src/util/virstring.c | 179 +++++++++++++++++++++ src/util/virstring.h | 40 +++++ tests/Makefile.am | 9 +- tests/testutils.c | 5 +- tests/virstringtest.c | 161 +++++++++++++++++++ 29 files changed, 908 insertions(+), 251 deletions(-) create mode 100644 src/util/virprocess.c create mode 100644 src/util/virprocess.h create mode 100644 src/util/virstring.c create mode 100644 src/util/virstring.h create mode 100644 tests/virstringtest.c -- 1.8.3.1

2 12

[libvirt] [PATCH 0/3] Fix for polkit race condition
by Daniel P. Berrange 19 Sep '13

19 Sep '13

From: "Daniel P. Berrange" <berrange(a)redhat.com> The following 3 patches have been reviewed on the libvirt-security list as the libvirt side of the fix for polkit CVE-2013-4288. Given that it was already reviewed, I have pushed this. Daniel P. Berrange (3): Also store user & group ID values in virIdentity Ensure system identity includes process start time Add support for using 3-arg pkcheck syntax for process (CVE-2013-4311) configure.ac | 8 ++++++++ daemon/remote.c | 22 ++++++++++++++++++--- libvirt.spec.in | 3 +-- src/access/viraccessdriverpolkit.c | 40 +++++++++++++++++++++++++++++++++----- src/rpc/virnetserverclient.c | 18 +++++++++++++++++ src/util/viridentity.c | 39 +++++++++++++++++++++++++++++++++---- src/util/viridentity.h | 2 ++ 7 files changed, 118 insertions(+), 14 deletions(-) -- 1.8.3.1

3 9

[libvirt] memory pinning problem
by David Weber 19 Sep '13

19 Sep '13

Hi, we try to use vcpu pinning on a 2 socket server with Intel Xeon E5620 cpus, HT enabled and 2*6*16GiB Ram but experience problems if we try to start a guest on the second socket: error: Failed to start domain test error: internal error: process exited while connecting to monitor: kvm_init_vcpu failed: Cannot allocate memory Libvirt version 1.1.1 Linux 3.11-rc7 Because I coudn't find any other service which allowed a 7M file upload, I put the log file and everything else which could perhabs be relevant into a github repository: https://github.com/David-Weber/vcpu-pinning When we try to start a guest on the first node it runs fine: <vcpu placement='static' cpuset='0-3,8-11'>4</vcpu> <numatune> <memory mode='strict' nodeset='0'/> </numatune> Starting it on the second node fails <vcpu placement='static' cpuset='4-7,12-15'>4</vcpu> <numatune> <memory mode='strict' nodeset='1'/> </numatune> Even more strange, starting it with the CPUs of the second node and the memory of the first node works: <vcpu placement='static' cpuset='4-7,12-15'>4</vcpu> <numatune> <memory mode='strict' nodeset='0'/> </numatune> The log file contains these three cases. Using the placement='auto' parameter leads to the same problem. If numad return the second node, the guest won't start. Is this a configuration, a libvirt or a cgroup problem? :) Cheers, David

2 7