[libvirt] Suspending access to opened/active /dev/nodes during application runtime
by Lukasz Pawelczyk
Problem:
Has anyone thought about a mechanism to limit/remove an access to a
device during an application runtime? Meaning we have an application
that has an open file descriptor to some /dev/node and depending on
*something* it gains or looses the access to it gracefully (with or
without a notification, but without any fatal consequences).
Example:
LXC. Imagine we have 2 separate containers. Both running full operating
systems. Specifically with 2 X servers. Both running concurrently of
course. Both need the same input devices (e.g. we have just one mouse).
This creates a security problem when we want to have completely separate
environments. One container is active (being displayed on a monitor and
controlled with a mouse) while the other container runs evtest
/dev/input/something and grabs the secret password user typed in the
other.
Solutions:
The complete solution would comprise of 2 parts:
- a mechanism that would allow to temporally "hide" a device from an
open file descriptor.
- a mechanism for deciding whether application/process/namespace should
have an access to a specific device at a specific moment
Let's focus on the first problem only, as it would need to be solved
first anyway. I haven't found anything that would allow me to do
it. There are a lot mechanisms that make it possible to restrict an
access during open():
- DAC
- ACL (controlled by hand or with uaccess)
- LSM (in general)
- device cgroups
But all of those can't do a thing when the device is already opened and
an application has a file descriptor. I don't see such mechanism in
kernel sources either.
I do imagine that it would not be possible for every device to handle
such a thing (dri comes to mind) without breaking something (graphics
card state in dri example). But there is class of simple input/output
devices that would handle this without problems.
I did implement some proof-of-concept solution for an evdev driver by
allowing or disallowing events that go to evdev_client structure using
some arbitrary condition. But this is far from a generic solution.
My proof-of-concept is somewhat similar to this (I just found it):
http://www.spinics.net/lists/linux-input/msg25547.html
Though a little bit wider in scope. But neither is flawless nor
generic.
Has anyone had any thoughts about a similar problem?
--
Regards
Havner
10 years, 9 months
[libvirt] Release of libvirt-1.2.2
by Daniel Veillard
As planned I have tagged libvirt-1.2.2 in git and it seem the git tree
finally updated despite the horrible network I get in china ATM, the
tarballs may finally arrive at some time too at the usual place after
working around the local infrastructure flaws... :
ftp://libvirt.org/libvirt/
I am also pushing a libvirt-python-1.2.2 update at:
ftp://libvirt.org/libvirt/libvirt/
since fedpkg upload libvirt-1.2.2.tar.gz failed to progress further than
7% using eithe Cable or ADSL, i assume someone lese will push those to
Fedora build system.
This is a rather large release with a few new features including
beginning of support for the BSD hypervisor, and a lot of significant
improvements in various place like linux containers, network storage,
Xen drivers, internals etc ... Also of note the fixes for the LXC security
bug CVE-2013-6456:
Features:
- bhyve: add a basic driver (Roman Bogorodskiy)
- add LXC from native conversion tool (Cédric Bosdonnat)
- vbox: add support for v4.2.20+ and v4.3.4+ (Jean-Baptiste Rouault)
- Introduce Libvirt Wireshark dissector (Yuto KAWAMURA)
Security:
- CVE-2013-6456: Avoid unsafe use of /proc/$PID/root in LXC hotunplug code (Daniel P. Berrange)
- CVE-2013-6456: Avoid unsafe use of /proc/$PID/root in LXC chardev hostdev hotplug (Daniel P. Berrange)
- CVE-2013-6456: Avoid unsafe use of /proc/$PID/root in LXC block hostdev hotplug (Daniel P. Berrange)
- CVE-2013-6456: Avoid unsafe use of /proc/$PID/root in LXC USB hotplug (Daniel P. Berrange)
- CVE-2013-6456: Avoid unsafe use of /proc/$PID/root in LXC disk hotplug (Daniel P. Berrange)
- CVE-2013-6456: Avoid unsafe use of /proc/$PID/root in LXC shutdown/reboot code (Eric Blake)
Documentation:
- bhyve: add basic documentation (Roman Bogorodskiy)
- Add docs about use of systemd journal for logging (Daniel P. Berrange)
- Auto-generate the table of contents in logging doc (Daniel P. Berrange)
- Fix heading level in logging docs (Daniel P. Berrange)
- Document the keyboard as a valid input type (Ján Tomko)
- bandwidth: Adjust documentation (John Ferlan)
- remove <auth> from secret XML format (Ján Tomko)
- LXC: added some doc on domxml-from-native with mention of limitations (Cédric Bosdonnat)
- libxl: fix libxlDoDomainSave documentation (Jim Fehlig)
- grammar fixes in formatdomain (Chen Hanxiao)
- maint: fix grammar in conf file (Eric Blake)
- Fix minor typo in governance doc (Justin Clift)
- Write up the project governance process (Daniel P. Berrange)
- man: shm-merge-across-nodes is optional (Ján Tomko)
- docs/page.xls: remove unnecessary namespace attribute (Pavel Hrdina)
- add a permalink to html headers (Dan Kenigsberg)
- storage: Add document for possible problem on volume detection (Osier Yang)
- Add "note" for node-memory-tune (Osier Yang)
- Improve the document for nodesuspend (Osier Yang)
- refer to the correct event ID for DomainEventIOErrorReasonCallback (Claudio Bley)
- Add sample output of Wireshark dissector (Yuto KAWAMURA)
- Add missing space in <clock> documentation (Christophe Fergeau)
Portability:
- build: skip virportallocatortest on cygwin (Eric Blake)
- build: ignore cygwin toolchain droppings (Eric Blake)
- build: avoid ld_preload tests on mingw (Eric Blake)
- build: fix cgroups on non-Linux (Eric Blake)
- build: fix build on 32-bit hosts (Eric Blake)
- maint: update to latest gnulib, for older autoconf (Eric Blake)
- Fix build of portallocator on mingw (Ján Tomko)
- lxc: Don't shadow global symbol "link" (Peter Krempa)
- storage: Fix build with older compilers afeter gluster snapshot series (Peter Krempa)
- spec: add missing dep of libvirt-daemon-config-network (Thierry Parmentelat)
- spec: require libvirt-daemon-driver-interface only when built (Thierry Parmentelat)
- Fixed build with clang. (Cédric Bosdonnat)
- Rename 'index' in virCapabilitiesGetCpusForNode (Ján Tomko)
- qemuxml2argvmock: Mock time() on non-linux platforms too (Michal Privoznik)
- build: Fix 'make rpm' in VPATH with wireshark (Martin Kletzander)
- Remove windows thread implementation in favour of pthreads (Daniel P. Berrange)
- Fix pthread_sigmask check for mingw32 without winpthreads (Daniel P. Berrange)
- Skip check-augeas-lockd when QEMU is disabled (Daniel P. Berrange)
- maint: add configure checks for BSD CPU affinity (Roman Bogorodskiy)
- BSD: implement virProcess{Get,Set}Affinity (Roman Bogorodskiy)
- tests: Fix PCI test data filenames for Windows (Matthias Bolte)
- wireshark: Fix VPATH build (Jiri Denemark)
- Honour prefix in wireshark install dir (Daniel P. Berrange)
- Use AC_PATH_PROG to search for dmidecode (Roman Bogorodskiy)
Bug fixes:
- bhyve: defined domains should be persistent (Roman Bogorodskiy)
- Fix journald PRIORITY values (Daniel P. Berrange)
- spec: Fix braces around macros (Peter Krempa)
- spec: Use correct versions of libgfapi in RHEL builds (Peter Krempa)
- network: unplug bandwidth and call networkRunHook only when appropriate (Laine Stump)
- network: don't even call networkRunHook if there is no network (Laine Stump)
- Fix memory leak in virSCSIDeviceListDel() (Nehal J Wani)
- libxl: queue domain event earlier in shutdown handler (Jim Fehlig)
- virsh: mark CPU usage field names as translatable (Ján Tomko)
- virsh: initialize str to NULL to solve a build issue (Chen Hanxiao)
- virsh: Don't leak buffer if GetFDs fails in cmdCreate (Ján Tomko)
- libvirt-guests: Wait for libvirtd to initialize (Michal Privoznik)
- virSystemdCreateMachine: Set dependencies for slices (Michal Privoznik)
- Ignore additional fields in iscsiadm output (Ján Tomko)
- libxl: always use libxlVmCleanupJob in shutdown thread (Jim Fehlig)
- qemu: adjust maxmem/maxvcpu computation (Eric Blake)
- Fix multiple bugs in LXC domainMemoryStats driver (Daniel P. Berrange)
- Fix misspelled cpuacct.usage_percpu in cgroup mock. (Thorsten Behrens)
- virsh: fix memleak when starting a guest with invalid fd (Jincheng Miao)
- networkRunHook: Run hook only if possible (Michal Privoznik)
- bridge_driver.h: Fix build --without-network (Michal Privoznik)
- Fix conflicting types of virInitctlSetRunLevel (Ján Tomko)
- Fix reset of cgroup when detaching USB device from LXC guests (Daniel P. Berrange)
- Fix path used for USB device attach with LXC (Daniel P. Berrange)
- Don't block use of USB with containers (Daniel P. Berrange)
- storage: gluster: Don't leak private data when storage file init fails (Peter Krempa)
- storage: handle NULL return from virGetStorageVol (Michael Chapman)
- Fix leaks in vircapstest (Ján Tomko)
- AppArmor: Fix the place where the template should be installed (Cédric Bosdonnat)
- Libvirt lose sheepdogs volumes on pool refresh or restart. When restarting sheepdog pool, all volumes are missing. This patch add automatically all volume from the added pool. (Joel SIMOES)
- maint: fix line numbers in check-aclrules reports (Yuri Myasoedov)
- qemu: Use correct permissions when determining the image chain (Peter Krempa)
- virpci: Resolve coverity issues (John Ferlan)
- qemu: keep pre-migration domain state after failed migration (Martin Kletzander)
- qemu: Fix crash in virDomainMemoryStats with old qemu (Jiri Denemark)
- network: disallow <bandwidth>/<mac> for bridged/macvtap/hostdev networks (Laine Stump)
- Honor blacklist for modprobe command (John Ferlan)
- qemu: be sure we're using the updated value of backend during hotplug (Laine Stump)
- Resolve Coverity dead_error_begin (John Ferlan)
- qemu: Fix the error message for scsi host device's shareable checking (Osier Yang)
- xen: fix parsing xend http response (Jim Fehlig)
- storage: Fix the memory leak (Osier Yang)
- Fix buffer size in linuxNodeGetCPUstats (Bing Bu Cao)
- util: Correct the NUMA node range checking (Osier Yang)
- qemu: Avoid crash in qemuDiskGetActualType (Peter Krempa)
- linuxNodeGetCPUStats: Correctly handle cpu prefix (Bing Bu Cao)
- qemu: snapshot: Forbid snapshots when backing is a scsi passthrough disk (Peter Krempa)
- qemu: snapshot: Avoid libvirtd crash when qemu crashes while snapshotting (Peter Krempa)
- lxc: Fix coverity (Martin Kletzander)
- qemu: Don't detach devices if passthrough doesn't work (Jincheng Miao)
- pci: Fix failure paths in detach (Jiri Denemark)
- virSecuritySELinuxSetFileconHelper: Don't fail on read-only NFS (Michal Privoznik)
- Fix possible memory leak in virsh-domain-monitor.c in cmdDomblklist (Pavel Hrdina)
Improvements:
- virsh: add --all flag to 'event' command (Eric Blake)
- virsh: support remaining domain events (Eric Blake)
- bhyve: support domain undefine (Roman Bogorodskiy)
- Add comments describing the different log sources (Daniel P. Berrange)
- Include error domain and code in log messages from errors (Daniel P. Berrange)
- Send virLogMetadata fields onto the journal (Daniel P. Berrange)
- qemu: Enable 'host-passthrough' cpu mode for arm (Oleg Strikov)
- domblkstat: Produce error message that at least sounds like English (Michal Privoznik)
- virDomainBlockStats(Flags): Produce saner error message on empty disk path (Michal Privoznik)
- tests: avoid littering /tmp (Eric Blake)
- sanlock: Truncate domain names longer than SANLK_NAME_LEN (Jiri Denemark)
- maint: Fix minor typo (unkown) (Yuri Chornoivan)
- libxl: Recognise ARM architectures (Ian Campbell)
- virsh: Honour -q in domblklist, vcpupin and emulatorpin (Michal Privoznik)
- spec: make systemd_daemon usage configurable (Eric Blake)
- spec: require device-mapper-devel for storage-disk (Eric Blake)
- spec: explicitly avoid bhyve on Linux (Eric Blake)
- build: use --with-systemd-daemon as configure option (Eric Blake)
- virNetDevVethCreate: Serialize callers (Michal Privoznik)
- network: include plugged interface XML in "plugged" network hook (Laine Stump)
- conf: output actual netdev status in <interface> XML (Laine Stump)
- conf: new function virDomainActualNetDefContentsFormat (Laine Stump)
- conf: re-situate <bandwidth> element in <interface> (Laine Stump)
- conf: make virDomainNetDefFormat a public function (Laine Stump)
- conf: handle null pointer in virNetDevVlanFormat (Laine Stump)
- conf: clarify what is returned for actual bandwidth and vlan (Laine Stump)
- rbd: Set timeout options for librados (Wido den Hollander)
- rbd: Include return statuses from librados/librbd in logging (Wido den Hollander)
- virsh: kill over-engineered asprintf failure recovery (Eric Blake)
- virsh: use more compact VIR_ENUM_IMPL (Eric Blake)
- libxl: handle on_crash coredump actions (Jim Fehlig)
- libxl: add dump dir to libxlDriverConfig object (Jim Fehlig)
- libxl: honor domain lifecycle event configuration (Jim Fehlig)
- Ensure systemd cgroup ownership is delegated to container with userns (Richard Weinberger)
- bhyve: implement node information reporting (Roman Bogorodskiy)
- Add virStringReplace method for substring replacement (Daniel P. Berrange)
- Add virStringSearch method for regex matching (Manuel VIVES)
- virNetServerRun: Notify systemd that we're accepting clients (Michal Privoznik)
- Add a stub for virCgroupGetDomainTotalCpuStats (Ján Tomko)
- maint: update to latest gnulib (Eric Blake)
- virsh: add net-event command (Eric Blake)
- virsh: add event command, for lifecycle events (Eric Blake)
- virsh: common code for waiting for an event (Eric Blake)
- virsh: common code for parsing --seconds (Eric Blake)
- libxl: queue shutdown event on domain shutdown (Jim Fehlig)
- Rename virDomainGetRootFilesystem to virDomainGetFilesystemForTarget (Daniel P. Berrange)
- Introduce new OOM testing support (Daniel P. Berrange)
- Add unit test for virCgroupGetPercpuStats. (Thorsten Behrens)
- Add unit test for virCgroupGetMemoryUsage. (Thorsten Behrens)
- Add unit test for virCgroupGetBlkioIo*Serviced (Thorsten Behrens)
- Widening API change - accept empty path for virDomainBlockStats (Thorsten Behrens)
- Implement lxcDomainBlockStats* for lxc driver (Thorsten Behrens)
- Implement domainGetCPUStats for lxc driver. (Thorsten Behrens)
- Make qemuGetDomainTotalCPUStats a virCgroup function. (Thorsten Behrens)
- Implement domainMemoryStats API slot for LXC driver. (Thorsten Behrens)
- Add util virCgroupGetBlkioIo*Serviced methods. (Thorsten Behrens)
- lxc: Add destroy support for suspended domains (Richard Weinberger)
- libxl: use job functions in libxlDomainSetSchedulerParametersFlags (Jim Fehlig)
- libxl: use job functions in libxlDomainSetAutostart (Jim Fehlig)
- libxl: use job functions in device attach and detach functions (Jim Fehlig)
- libxl: use job functions in vcpu set and pin functions (Jim Fehlig)
- libxl: use job functions in libxlDomainCoreDump (Jim Fehlig)
- libxl: use job functions in domain save operations (Jim Fehlig)
- libxl: use job functions when cleaning up a domain (Jim Fehlig)
- libxl: use job functions in libxlDomain{Suspend,Resume} (Jim Fehlig)
- libxl: use job functions in libxlDomainSetMemoryFlags (Jim Fehlig)
- libxl: use job functions in libxlVmStart (Jim Fehlig)
- libxl: Add job support to libxl driver (Jim Fehlig)
- libxl: remove libxlVmReap function (Jim Fehlig)
- libxl: always set vm id to -1 on shutdown (Jim Fehlig)
- qemu: Use virtio network device for aarch64/virt (Oleg Strikov)
- Add a default USB keyboard and USB mouse for PPC64 (Li Zhang)
- xen: format xen config for USB keyboard (Li Zhang)
- qemu: format qemu command line for USB keyboard (Li Zhang)
- qemu: Add USB keyboard capability (Li Zhang)
- conf: Remove the implicit PS2 devices for non-X86 platforms (Li Zhang)
- conf: Add keyboard input device type (Li Zhang)
- conf: Add one interface to add default input devices (Li Zhang)
- network: Taint networks that are using hook script (Michal Privoznik)
- network: Introduce network hooks (Michal Privoznik)
- network_conf: Expose virNetworkDefFormatInternal (Michal Privoznik)
- Add helper for running code in separate namespaces (Daniel P. Berrange)
- Add virFileMakeParentPath helper function (Daniel P. Berrange)
- Move check for cgroup devices ACL upfront in LXC hotplug (Daniel P. Berrange)
- Disks are always block devices, never character devices (Daniel P. Berrange)
- Record hotplugged USB device in LXC live guest config (Daniel P. Berrange)
- qemu: Implement VIR_DOMAIN_TAINT_HOOK (Michal Privoznik)
- virDomainTaintFlags: Introduce VIR_DOMAIN_TAINT_HOOK (Michal Privoznik)
- Add tests for secret XML parsing (Ján Tomko)
- Forgot to add lxcconf2xmldata to dist. (Cédric Bosdonnat)
- Support IPv6 in port allocator (Ján Tomko)
- Split out bind() from virPortAllocatorAcquire (Ján Tomko)
- qemu: snapshot: Add support for external active snapshots on gluster (Peter Krempa)
- qemu: snapshot: Use new APIs to detect presence of existing storage files (Peter Krempa)
- qemu: Switch snapshot deletion to the new API functions (Peter Krempa)
- storage: Add storage file backends for gluster (Peter Krempa)
- storage: add file functions for local and block files (Peter Krempa)
- storage: Add file storage APIs in the default storage driver (Peter Krempa)
- conf: Move qemuSnapshotDiskGetActualType to virDomainSnapshotDiskGetActualType (Peter Krempa)
- conf: Move qemuDiskGetActualType to virDomainDiskGetActualType (Peter Krempa)
- spec: add missing dep of libvirt-daemon-config-nwfilter (Eric Blake)
- lxc from native: removed now remaining useless line (Cédric Bosdonnat)
- Fix stream related spelling mistakes (Philipp Hahn)
- LXC from native: convert blkio throttle config (Cédric Bosdonnat)
- LXC from native: map vlan network type (Cédric Bosdonnat)
- LXC from native: map block filesystems (Cédric Bosdonnat)
- LXC from native: map lxc.arch to /domain/os/type@arch (Cédric Bosdonnat)
- LXC from native: add lxc.cgroup.blkio.* mapping (Cédric Bosdonnat)
- LXC from native: map lxc.cgroup.cpuset.* (Cédric Bosdonnat)
- LXC from native: map lxc.cgroup.cpu.* (Cédric Bosdonnat)
- LXC from native: migrate memory tuning (Cédric Bosdonnat)
- LXC from native: convert lxc.id_map into <idmap> (Cédric Bosdonnat)
- LXC from native: convert macvlan network configuration (Cédric Bosdonnat)
- LXC from native: convert lxc.tty to console devices (Cédric Bosdonnat)
- LXC from native: convert phys network types to net hostdev devices (Cédric Bosdonnat)
- LXC from native: migrate veth network configuration (Cédric Bosdonnat)
- LXC from native: implement no network conversion (Cédric Bosdonnat)
- LXC from native: migrate fstab and lxc.mount.entry (Cédric Bosdonnat)
- LXC from native: import rootfs (Cédric Bosdonnat)
- LXC driver: started implementing connectDomainXMLFromNative (Cédric Bosdonnat)
- Improve virConf parse to handle LXC config format (Cédric Bosdonnat)
- event: pass reason for PM events (Eric Blake)
- event: convert remaining domain events to new style (Eric Blake)
- event: client RPC protocol tweaks for domain lifecycle events (Eric Blake)
- event: prepare client to track domain callbackID (Eric Blake)
- event: server RPC protocol tweaks for domain lifecycle events (Eric Blake)
- event: dynamically manage server-side RPC domain events (Eric Blake)
- qemu: Implement a stub cpuArchDriver.baseline() handler for aarch64 (Oleg Strikov)
- libxl: register for domain events immediately after creation (Jim Fehlig)
- libxl: rename libxlCreateDomEvents to libxlDomEventsRegister (Jim Fehlig)
- vircapstest: Introduce virCapabilitiesGetCpusForNodemask test (Pradipta Kr. Banerjee)
- Handle non-sequential NUMA node numbers (Pradipta Kr. Banerjee)
- storage: gluster: Set volume metadata in a separate function (Peter Krempa)
- qemu: introduce spiceport chardev backend (Martin Kletzander)
- qemu: remove pointless condition (Martin Kletzander)
- qemu: rework '-serial none' (Martin Kletzander)
- conf: introduce spiceport chardev backend (Martin Kletzander)
- rbd: Use rbd_create3 to create RBD format 2 images by default (Wido den Hollander)
- build: correctly check for SOICGIFVLAN GET_VLAN_VID_CMD command (Laine Stump)
- virNetworkLoadState: Disallow mangled 'floor' element (Michal Privoznik)
- networkStartNetwork: Be more verbose (Michal Privoznik)
- qemu: hyperv: Add support for timer enlightenments (Peter Krempa)
- conf: Enforce supported options for certain timers (Peter Krempa)
- schema: Fix guest timer specification schema according to the docs (Peter Krempa)
- apparmor: Improve profiles (Felix Geyer)
- Add glusterfs to VIR_CONNECT_LIST_STORAGE_POOLS_FILTERS_POOL_TYPE (Christophe Fergeau)
- libxl: remove unneeded locking of driver when restoring (Jim Fehlig)
- libxl: improve subprocess handling (Jim Fehlig)
- libxl: handle domain shutdown events in a thread (Jim Fehlig)
- libxl: remove list of timer registrations from libxlDomainObjPrivate (Jim Fehlig)
- libxl: fix leaking libxlDomainObjPrivate (Jim Fehlig)
- qemu_driver: Introduce <filesystem/> support in device attach/detach (Matthieu Coudron)
- virDomainHostdev{Insert,Delete}: Replace VIR_REALLOC_N by VIR_{APPEND,DELETE}_ELEMENT (Matthieu Coudron)
- qemuxml2argvtest: Set timezone (Michal Privoznik)
- virsh: only report filled values in nodecpustats (Ján Tomko)
- BSD: implement nodeGetCPUStats (Roman Bogorodskiy)
- qemu: blockjob: Print correct file name in error message (Peter Krempa)
- maint: Change the text of the NULLSTR() macro to "<null>" (Peter Krempa)
- qemuxml2argvtest: Test localtime clock basis (Michal Privoznik)
- qemuBuildClockArgStr: Allow localtime clock basis (Michal Privoznik)
- Generate a valid imagelabel even for type 'none' (Ján Tomko)
- event: move event filtering to daemon (regression fix) (Eric Blake)
- rpm: create libvirt-wireshark sub-package (Eric Blake)
- tests: Add test for new virkmod functions (John Ferlan)
- utils: Introduce functions for kernel module manipulation (John Ferlan)
- network: change default of forwardPlainNames to 'yes' (Laine Stump)
- network: only prevent forwarding of DNS requests for unqualified names (Laine Stump)
- virnetdevbandwidthtest: Link with libxml2 (Michal Privoznik)
- spice: don't force user to specify spicevmc channel (Martin Kletzander)
- virnetdevbandwidthtest: Introduce some more tests (Michal Privoznik)
- virnetdevbandwidthtest: fix hard coded /sbin/tc (Cédric Bosdonnat)
- Push nwfilter update locking up to top level (Daniel P. Berrange)
- Add a read/write lock implementation (Daniel P. Berrange)
- tests: Modify the scsi util tests (Osier Yang)
- util: Accept test data path for scsi device's sg_path (Osier Yang)
- tests: Add tests for scsi utils (Osier Yang)
- util: Add one argument for several scsi utils (Osier Yang)
- qemu: Don't fail if the SCSI host device is shareable between domains (Osier Yang)
- virnetdevbandwidthtest: Introduce testVirNetDevBandwidthSet (Michal Privoznik)
- virCommand: Introduce virCommandSetDryRun (Michal Privoznik)
- snapshot: Add support for specifying snapshot disk backing type (Peter Krempa)
- tests: Add more tests for virConnectBaselineCPU (Jiri Denemark)
- cpu: Try to use source CPU model in virConnectBaselineCPU (Jiri Denemark)
- cpu: Fix VIR_CONNECT_BASELINE_CPU_EXPAND_FEATURES (Jiri Denemark)
- tests: Better support for VIR_CONNECT_BASELINE_CPU_EXPAND_FEATURES (Jiri Denemark)
- Reword error message for oversized cpu time fields (Ján Tomko)
- Simplify linuxNodeGetCPUStats (Ján Tomko)
- Add hw random number generator (/dev/hwrng) to cgroup ACL (Pradipta Kr. Banerjee)
- tests: Introduce virnetdevbandwidthtest (Michal Privoznik)
- Add test for linuxNodeGetCPUStats (Ján Tomko)
- Move test-local declarations to nodeinfopriv.h (Ján Tomko)
- qemu: Enable 'host-passthrough' cpu mode for aarch64 (Oleg Strikov)
- Block info query: Add check for transient domain (John Ferlan)
- maint: update to latest gnulib, for mingw improvements (Eric Blake)
- util: Add "shareable" field for virSCSIDevice struct (Osier Yang)
- storage: Fix autostart of pool with "fc_host" type adapter (Osier Yang)
- api: require write permission for guest agent interaction (Eric Blake)
- virtlockd: make re-exec more robust (Michael Chapman)
- build: add $(prefix) to SYSTEMD_UNIT_DIR (Laine Stump)
- spice: expose the QEMU disable file transfer option (Francesco Romani)
- spice: detect if qemu can disable file transfer (Francesco Romani)
- lxc: allow to setup throttle blkio cgroup through virsh (Gao feng)
- Add test for transient disk support in VMX files (Wout Mertens)
- Make syntax check notice assignments w/o surrounding spaces. (Thorsten Behrens)
- maint: align whitespaces with project conventions. (Thorsten Behrens)
- virpcitest: Test virPCIDeviceDetach failure (Jiri Denemark)
- virpcimock: Add PCI driver which always fails (Jiri Denemark)
- virpcitest: More tests for device detach and reattach (Jiri Denemark)
- virpcimock: Mock /sys/bus/pci/drivers_probe (Jiri Denemark)
- pci: Publish some internal code for virpcitest (Jiri Denemark)
- virpcitest: Show PCI device tested by each test (Jiri Denemark)
- pci: Make reattach work for unbound devices (Jiri Denemark)
- qemu: allow to setup throttle blkio cgroup through virsh (Gao feng)
- virsh: add setting throttle blkio cgroup option to blkiotune (Gao feng)
- blkio: Setting throttle blkio cgroup for domain (Gao feng)
- domain: introduce xml elements for throttle blkio cgroup (Gao feng)
- maint: replace remaining virLib*Error with better names (Eric Blake)
- maint: simplify driver registration at startup (Eric Blake)
- maint: clean up error reporting in migration (Eric Blake)
- maint: don't lose error on canceled migration (Eric Blake)
- maint: avoid nested use of virConnect{Ref,Close} (Eric Blake)
- maint: don't leave garbage on early API exit (Eric Blake)
- qemu: Change the default unix monitor timeout (Martin Kletzander)
- storage: Sheepdog: Separate creating of the volume from building (Peter Krempa)
- storage: RBD: Separate creating of the volume from building (Peter Krempa)
- storage: Support deletion of volumes on gluster pools (Peter Krempa)
- conf: Always use VIR_ERR_CONFIG_UNSUPPORTED on enumFromString() failures (Christophe Fergeau)
Cleanups:
- build-sys: Removed unused variable from configure.ac (Christophe Fergeau)
- qemu: remove memset params array to zero in qemuDomainGetPercpuStats (Gao feng)
- util: Fix the indention (Osier Yang)
- virsh: Fix the string breaking style (Osier Yang)
thanks everybody for the help with those release, be it with
patches, bug reports, reviews, documentation, localizations, etc...
Daniel
--
Daniel Veillard | Open Source and Standards, Red Hat
veillard(a)redhat.com | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
http://veillard.com/ | virtualization library http://libvirt.org/
10 years, 9 months
[libvirt] [PATCH] virscsi: Introduce virSCSIDeviceUsedByInfoFree
by John Ferlan
This resolves a Coverity RESOURCE_LEAK issue introduced by commit
id 'de6fa535' where the virSCSIDeviceSetUsedBy() didn't VIR_FREE
the 'copy' or possibly VIR_STRDUP()'d values.
Signed-off-by: John Ferlan <jferlan(a)redhat.com>
---
src/util/virscsi.c | 26 +++++++++++++++-----------
1 file changed, 15 insertions(+), 11 deletions(-)
diff --git a/src/util/virscsi.c b/src/util/virscsi.c
index 69eae24..66e3161 100644
--- a/src/util/virscsi.c
+++ b/src/util/virscsi.c
@@ -268,6 +268,14 @@ cleanup:
return ret;
}
+static void
+virSCSIDeviceUsedByInfoFree(virUsedByInfoPtr used_by)
+{
+ VIR_FREE(used_by->drvname);
+ VIR_FREE(used_by->domname);
+ VIR_FREE(used_by);
+}
+
void
virSCSIDeviceFree(virSCSIDevicePtr dev)
{
@@ -279,11 +287,8 @@ virSCSIDeviceFree(virSCSIDevicePtr dev)
VIR_FREE(dev->id);
VIR_FREE(dev->name);
VIR_FREE(dev->sg_path);
- for (i = 0; i < dev->n_used_by; i++) {
- VIR_FREE(dev->used_by[i]->drvname);
- VIR_FREE(dev->used_by[i]->domname);
- VIR_FREE(dev->used_by[i]);
- }
+ for (i = 0; i < dev->n_used_by; i++)
+ virSCSIDeviceUsedByInfoFree(dev->used_by[i]);
VIR_FREE(dev->used_by);
VIR_FREE(dev);
}
@@ -296,10 +301,11 @@ virSCSIDeviceSetUsedBy(virSCSIDevicePtr dev,
virUsedByInfoPtr copy;
if (VIR_ALLOC(copy) < 0)
return -1;
- if (VIR_STRDUP(copy->drvname, drvname) < 0)
- return -1;
- if (VIR_STRDUP(copy->domname, domname) < 0)
+ if (VIR_STRDUP(copy->drvname, drvname) < 0 ||
+ VIR_STRDUP(copy->domname, domname) < 0) {
+ virSCSIDeviceUsedByInfoFree(copy);
return -1;
+ }
return VIR_APPEND_ELEMENT(dev->used_by, dev->n_used_by, copy);
}
@@ -449,9 +455,7 @@ virSCSIDeviceListDel(virSCSIDeviceListPtr list,
if (STREQ_NULLABLE(dev->used_by[i]->drvname, drvname) &&
STREQ_NULLABLE(dev->used_by[i]->domname, domname)) {
if (dev->n_used_by > 1) {
- VIR_FREE(dev->used_by[i]->drvname);
- VIR_FREE(dev->used_by[i]->domname);
- VIR_FREE(dev->used_by[i]);
+ virSCSIDeviceUsedByInfoFree(dev->used_by[i]);
VIR_DELETE_ELEMENT(dev->used_by, i, dev->n_used_by);
} else {
tmp = virSCSIDeviceListSteal(list, dev);
--
1.8.5.3
10 years, 9 months
[libvirt] [PATCH] add option to enforce minimal pagesize for hugetlbfs backed guests
by Marcelo Tosatti
Require a minimal pagesize for hugetlbfs backed guests. Fail guest initialization
if hugetlbfs mount is configured with smaller page size.
Signed-off-by: Marcelo Tosatti <mtosatti(a)redhat.com>
diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
index fd02864..e28d182 100644
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -632,6 +632,10 @@
<dt><code>hugepages</code></dt>
<dd>This tells the hypervisor that the guest should have its memory
allocated using hugepages instead of the normal native page size.</dd>
+ <dt><code>pagesize</code></dt>
+ <dd>This tells the hypervisor that the guest should refuse to start
+ in case of failure to allocate guest memory with hugepages equal
+ to or larger than the specified size</dd>
<dt><code>nosharepages</code></dt>
<dd>Instructs hypervisor to disable shared pages (memory merge, KSM) for
this domain. <span class="since">Since 1.0.6</span></dd>
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 28e24f9..babb745 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -11274,6 +11274,10 @@ virDomainDefParseXML(xmlDocPtr xml,
&def->mem.swap_hard_limit, false) < 0)
goto error;
+ if (virDomainParseMemory("./memoryBacking/hugepages/pagesize[1]", ctxt,
+ &def->mem.page_size, false) < 0)
+ goto error;
+
n = virXPathULong("string(./vcpu[1])", ctxt, &count);
if (n == -2) {
virReportError(VIR_ERR_XML_ERROR, "%s",
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index d8f2e49..03a900d 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -1984,6 +1984,7 @@ struct _virDomainDef {
unsigned long long soft_limit; /* in kibibytes */
unsigned long long min_guarantee; /* in kibibytes */
unsigned long long swap_hard_limit; /* in kibibytes */
+ unsigned long long page_size; /* in kibibytes */
} mem;
unsigned short vcpus;
unsigned short maxvcpus;
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 8bcd98e..cd5e1c8 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -3570,6 +3570,33 @@ cleanup:
return ret;
}
+#ifdef __linux__
+
+#include <sys/vfs.h>
+
+#define HUGETLBFS_MAGIC 0x958458f6
+
+static long gethugepagesize(const char *path)
+{
+ struct statfs fs;
+ int ret;
+
+ do {
+ ret = statfs(path, &fs);
+ } while (ret != 0 && errno == EINTR);
+
+ if (ret != 0) {
+ perror(path);
+ return 0;
+ }
+
+ if (fs.f_type != HUGETLBFS_MAGIC)
+ return 0;
+
+ return fs.f_bsize;
+}
+#endif
+
int qemuProcessStart(virConnectPtr conn,
virQEMUDriverPtr driver,
@@ -3712,6 +3739,31 @@ int qemuProcessStart(virConnectPtr conn,
"%s", _("Unable to set huge path in security driver"));
goto cleanup;
}
+
+ if (vm->def->mem.page_size) {
+#ifdef __linux__
+ unsigned long hpagesize = gethugepagesize(cfg->hugepagePath);
+
+ if (!hpagesize) {
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ "%s", _("Unable to stat hugepage path"));
+ goto cleanup;
+ }
+
+ hpagesize /= 1024;
+
+ if (hpagesize < vm->def->mem.page_size) {
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("Error: hugetlbfs page size=%ld < pagesize=%lld"),
+ hpagesize, vm->def->mem.page_size);
+ goto cleanup;
+ }
+#else
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+ "%s", _("pagesize option unsupported"));
+ goto cleanup;
+#endif
+ }
}
/* Ensure no historical cgroup for this VM is lying around bogus
10 years, 9 months
[libvirt] [PATCH] libvirt-tck: prefer kvm if multiple domain types exist
by Mike Latimer
When matching capabilities of a guest, if multiple domain types exist (for
example, 'qemu' and 'kvm') the order in which they are returned can change.
To avoid unpredictable test results, this patch prefers kvm if that domain
type exists. If not, the behavior matches what existed before, and the first
domain type is returned.
---
lib/Sys/Virt/TCK.pm | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/lib/Sys/Virt/TCK.pm b/lib/Sys/Virt/TCK.pm
index b2c16e7..56547c6 100644
--- a/lib/Sys/Virt/TCK.pm
+++ b/lib/Sys/Virt/TCK.pm
@@ -502,7 +502,17 @@ sub match_kernel {
my @domains = $caps->guest_domain_types($i);
next unless int(@domains);
- return ($domains[0],
+ # Prefer kvm if multiple domain types are returned
+ my $domain;
+ if (int(@domains) gt 1) {
+ for (my $j = 0 ; $j < int(@domains) ; $j++) {
+ $domain = "kvm" if ($domains[$j] eq "kvm");
+ }
+ }
+ # If kvm was not found, default to the first one
+ $domain = $domains[0] if (!defined($domain));
+
+ return ($domain,
$caps->guest_domain_emulator($i, $domains[0]),
$caps->guest_domain_loader($i, $domains[0]));
}
--
1.8.4.5
10 years, 9 months
[libvirt] [PATCH 0/4] Fix for virIdentityGetSystem when SELinux is disabled
by Michael Chapman
If SELinux is compiled into libvirt but it is disabled on the host, libvirtd
logs:
error : virIdentityGetSystem:173 : Unable to lookup SELinux process
context: Invalid argument
on each and every client connection.
This patch series adds a runtime check for SELinux to this function.
I've added security_disable() to securityselinuxhelper so virIdentityGetSystem
can be tested twice, once with SELinux enabled and once with it disabled. A few
other libselinux functions have also been added, so now
securityselinuxlabeltest and securityselinuxtest do not need to be skipped even
when SELinux isn't enabled on the test system.
Michael Chapman (4):
tests: Flesh out securityselinuxhelper
tests: SELinux tests do not need to be skipped
virIdentityGetSystem: don't fail if SELinux is disabled
tests: Test virIdentityGetSystem
src/util/viridentity.c | 18 ++-
tests/Makefile.am | 4 +
tests/securityselinuxhelper.c | 162 ++++++++++++++++++++-
tests/securityselinuxhelperdata/lxc_contexts | 5 +
.../virtual_domain_context | 2 +
.../virtual_image_context | 2 +
tests/securityselinuxlabeltest.c | 3 -
tests/securityselinuxtest.c | 3 -
tests/viridentitytest.c | 75 +++++++++-
9 files changed, 254 insertions(+), 20 deletions(-)
create mode 100644 tests/securityselinuxhelperdata/lxc_contexts
create mode 100644 tests/securityselinuxhelperdata/virtual_domain_context
create mode 100644 tests/securityselinuxhelperdata/virtual_image_context
--
1.8.5.3
10 years, 9 months
[libvirt] Looking for project ideas and mentors for Google Summer of Code 2014
by Stefan Hajnoczi
KVM & libvirt: you are welcome to join the QEMU umbrella organization
like last year.
What is GSoC?
Google Summer of Code 2014 (GSoC) provides funding for students to
work on open source projects for 12-weeks over the summer. Open
source organizations apply to participate and those accepted receive
funding for one or more students.
How we are participating
QEMU has participated, together with KVM and libvirt, in past years
and I would like to continue that tradition this year.
We now need to collect a list of project ideas on our wiki. We also
need mentors to volunteer.
http://qemu-project.org/Google_Summer_of_Code_2014
Project ideas
Please post project ideas on the wiki page below. Project ideas
should be suitable as a 12-week project that a student fluent in
C/Python/etc can complete. No prior knowledge of QEMU/KVM/libvirt
internals can be assumed.
http://qemu-project.org/Google_Summer_of_Code_2014
Mentors
Please add your name to project ideas you are willing to mentor. In
order to mentor you must be an established contributor (regularly
contribute patches). You must be willing to spend about 5 hours per
week from May 19 to August 18.
I have CCed the 8 most active committers since QEMU 1.5.0 but everyone
is invited.
Official timeline:
https://www.google-melange.com/gsoc/events/google/gsoc2014
Stefan
10 years, 9 months
[libvirt] [PATCH 1/9] conf: eliminate hardcoded indent from all xml
by Laine Stump
Many of the domain xml format functions (including all of the device
format functions) had hard-coded spaces, which made for incorrect
indentation when those functions were called in a different context
(for example, commit 2122cf39 added <interface> XML into the document
provided to a network hook script, and in this case it should have
been indented by 2 spaces, but was instead indented by 6 spaces).
In that patch I mentioned doing a followup patch to make the device
xml formatters more consistent. After doing that patch, it felt
incomplete to not give the same treatment to the entire directory.
The one downside to this series is that it may create merge conflicts
during backports, but fortunately the conflicts should all be fairly
easy to resolve.
Laine Stump (9):
conf: eliminate hardcoded indent from domain xml
conf: eliminate hardcoded indent from domain snapshot xml
conf: eliminate hardcoded indent from network xml
conf: eliminate outmoded/odd indent method from interface xml
conf: eliminate hardcoded indentation in nwfilter xml
conf: eliminate hardcoded indentation in capabilities xml
conf: eliminate hardcoded indentation in node device xml
conf: eliminate hardcoded indent in volume/pool xml
conf: eliminate hardcoded indentation in all remaining xml
src/conf/capabilities.c | 183 ++++++-----
src/conf/cpu_conf.c | 11 +-
src/conf/domain_conf.c | 599 +++++++++++++++++++----------------
src/conf/interface_conf.c | 137 ++++----
src/conf/netdev_bandwidth_conf.c | 6 +-
src/conf/netdev_vlan_conf.c | 6 +-
src/conf/netdev_vport_profile_conf.c | 6 +-
src/conf/network_conf.c | 8 +-
src/conf/node_device_conf.c | 207 ++++++------
src/conf/nwfilter_conf.c | 94 ++----
src/conf/nwfilter_params.c | 6 +-
src/conf/secret_conf.c | 20 +-
src/conf/snapshot_conf.c | 48 +--
src/conf/storage_conf.c | 174 +++++-----
src/conf/storage_encryption_conf.c | 6 +-
15 files changed, 811 insertions(+), 700 deletions(-)
--
1.8.5.3
10 years, 9 months
[libvirt] [PATCH] spec: Let translations be properly updated
by Jiri Denemark
Libvirt tarball contains po/stamp-po file which prevents any po/*.gmo
file to be regenerated even if a corresponding po/*.po file is newer. By
removing the stamp-po file, all *.gmo files are properly updated if
required. This allows downstreams to provide patches that update
translations.
Signed-off-by: Jiri Denemark <jdenemar(a)redhat.com>
---
libvirt.spec.in | 1 +
1 file changed, 1 insertion(+)
diff --git a/libvirt.spec.in b/libvirt.spec.in
index 014fe5d..23374e7 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -1421,6 +1421,7 @@ driver
autoreconf -if
%endif
+rm -f po/stamp-po
%configure %{?_without_xen} \
%{?_without_qemu} \
%{?_without_openvz} \
--
1.9.0
10 years, 9 months