June 2014 - Devel - libvirt List Archives

[libvirt] [PATCH] storage: fix memory leak with encrypted images
by Eric Blake 10 Jun '14

10 Jun '14

Jim Fehlig reported a regression found by libvirt-TCK tests: > ~ # perl /usr/share/libvirt-tck/tests/qemu/100-disk-encryption.t ... > ok 4 - defined persistent domain config > # Starting inactive domain config > libvirt error code: 1, message: internal error: unable to execute QEMU command > 'cont': 'drive-ide0-0-1' > (/var/cache/libvirt-tck/300-disk-encryption/demo.qcow2) is encrypted Commit 2279d560 converted a boolean into a pointer with the intent of transferring that pointer out of a temporary object into the caller's data structure. The temporary structure meant that meta->encryption was always NULL on entry, so we could get away with blindly allocating the pointer when the header said so. But later commits then tweaked things to do backing chain detection in-place, rather than via a temporary object; this has the net result that meta->encryption can be non-NULL on entry. Not only did this turn the latent behavior into a memory leak, it is also a behavior regression: blindly allocating a new pointer wipes out what secrets we already knew about the chain, making it impossible to restart the domain. Of course, no one in their right mind should be relying on qcow2 encryption - it is fundamentally flawed. And sadly, the TCK tests don't get run often enough, and this shows that our virstoragetest does not exercise encrypted images at all. Otherwise, we could have avoided a release containing this regression. * src/util/virstoragefile.c (virStorageFileGetMetadataInternal): Don't nuke an already-existing encryption. Signed-off-by: Eric Blake <eblake(a)redhat.com> --- src/util/virstoragefile.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/util/virstoragefile.c b/src/util/virstoragefile.c index 43b7a5a..0792dd8 100644 --- a/src/util/virstoragefile.c +++ b/src/util/virstoragefile.c @@ -805,7 +805,8 @@ virStorageFileGetMetadataInternal(virStorageSourcePtr meta, crypt_format = virReadBufInt32BE(buf + fileTypeInfo[meta->format].qcowCryptOffset); - if (crypt_format && VIR_ALLOC(meta->encryption) < 0) + if (crypt_format && !meta->encryption && + VIR_ALLOC(meta->encryption) < 0) goto cleanup; } -- 1.9.3

2 2

[libvirt] [PATCH] vbox: fix compilation error
by Roman Bogorodskiy 10 Jun '14

10 Jun '14

clang complains about possibly uninitialized variable: vbox/vbox_snapshot_conf.c:1355:9: error: variable 'ret' is used uninitialized whenever 'if' condition is true [-Werror,-Wsometimes-uninitialized] if (!(xPathContext = xmlXPathNewContext(xml))) { ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ So init 'ret' with NULL. --- src/vbox/vbox_snapshot_conf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/vbox/vbox_snapshot_conf.c b/src/vbox/vbox_snapshot_conf.c index 4909665..9c78410 100644 --- a/src/vbox/vbox_snapshot_conf.c +++ b/src/vbox/vbox_snapshot_conf.c @@ -1336,7 +1336,7 @@ virVBoxSnapshotConfGetRODisksPathsFromLibvirtXML(const char *filePath, { int result = -1; size_t i = 0; - char **ret; + char **ret = NULL; xmlDocPtr xml = NULL; xmlXPathContextPtr xPathContext = NULL; xmlNodePtr *nodes = NULL; -- 1.9.0

3 4

[libvirt] [patch v2 1/1] manual: Add virsh manual about specified migration host
by Chen Fan 10 Jun '14

10 Jun '14

the 'migration_host' description maybe have a bit of difficulty to understand for user, so add this manual for them. Signed-off-by: Chen Fan <chen.fan.fnst(a)cn.fujitsu.com> --- tools/virsh.pod | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/tools/virsh.pod b/tools/virsh.pod index 02671b4..7b30292 100644 --- a/tools/virsh.pod +++ b/tools/virsh.pod @@ -1208,7 +1208,8 @@ such as GFS2 or GPFS. If you are sure the migration is safe or you just do not care, use I<--unsafe> to force the migration. The I<desturi> is the connection URI of the destination host, and -I<migrateuri> is the migration URI, which usually can be omitted (see below). +I<migrateuri> is the migration URI for specifying which IP address/URI of the +destination host to tansfer migration data, which usually can be omitted (see below). I<dname> is used for renaming the domain to new name during migration, which also usually can be omitted. Likewise, I<--xml> B<file> is usually omitted, but can be used to supply an alternative XML file for use on @@ -1238,6 +1239,15 @@ seen from the source machine. When I<migrateuri> is not specified, libvirt will automatically determine the hypervisor specific URI, by looking up the target host's configured hostname. + +For QEMU/KVM hypervisor, when I<migrateuri> is not specified, at first libvirt +will ask the destination side whether the optional "migration_host" is specified +or not, if the "migration_host" is specified, libvirt will use the specified +network for transferring migration data(the "migrateion_host" is useful when +hosts has multiple network interface). if the "migrateion_host" is not specified +too, libvirt will automatically determine the hypervisor specific URI, by looking +up the target host's configured hostname. + There are a few scenarios where specifying I<migrateuri> may help: =over 4 -- 1.9.3

4 5

[libvirt] [PATCH] docs: fix a typo in hacking.html.in
by Wangrui (K) 10 Jun '14

10 Jun '14

Signed-off-by: Wang Rui <moon.wangrui(a)huawei.com> --- docs/hacking.html.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/hacking.html.in b/docs/hacking.html.in index b2ef85a..9c6dd26 100644 --- a/docs/hacking.html.in +++ b/docs/hacking.html.in @@ -122,7 +122,7 @@ Some tests are skipped by default in a development environment, based on the time they take in comparison to the likelihood that those tests will turn up problems during incremental builds. - These tests default to being run when when building from a + These tests default to being run when building from a tarball or with the configure option --enable-expensive-tests; you can also force a one-time toggle of these tests by setting VIR_TEST_EXPENSIVE to 0 or 1 at make time, as in: -- 1.7.12.4

3 2

[libvirt] IPv6 in Libvirt LXC
by Thomas Maddox 10 Jun '14

10 Jun '14

Hey all, According to a discussion last week in the Nova-Libvirt subgroup meeting, it was advised, by danpb, that I bring this issue up on the Libvirt mailing list for discussion and resolution. So, here goes - I'm currently using config drive from Nova to generate network configurations for LXC guests that are spun up via Libvirt. Unfortunately, when doing some IPv6 testing, I ran into a snag (with a couple work arounds detailed below). Due to the read-only mount of /proc/sys (http://libvirt.org/drvlxc.html#fsmounts) I am unable to get expected behavior from IPv6 static network configurations. I did some poking around and found this bug from a couple years ago that pretty well outlines the problem: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/964882. I wasn't sure how we might go about correcting this, but it seems like something we'll need to address in Libvirt. Maybe with the user namespaces working, we can begin to provide some read/write mounts instead of read-only with clear documentation on the security implications? =] When using static IPv6 addressing it was attempting the following command: 'sysctl -q -e -w net.ipv6.conf.eth0.autoconf=0'. I tested to see whether the host and the guest share this value. I was able to change it in the host without it being reflected in the guest. The work arounds I've tried that seemed to allow IPv6 to get configured properly: 1. Use the post-up hook on an IPv4 static configuration to configure IPv6 via ifconfig/routes (example: http://paste.openstack.org/show/82446/) 2. Patch Libvirt to include a /proc/sys/net mount as read/write. Cheers! -Thomas

3 2

[libvirt] [PATCH RFC] network: Bring netdevs online later
by Matthew Rosato 10 Jun '14

10 Jun '14

Defer MAC registration until net devices are actually going to be used by the guest. This patch does so by setting the devices online just before starting guest CPUs. This approach is an alternative to my previously proposed 'network: Defer online of macvtap during qemu migration' Laine/Wangrui, is this the sort of thing you had in mind? Previous thread: https://www.redhat.com/archives/libvir-list/2014-May/msg00427.html Associated BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1081461 Signed-off-by: Matthew Rosato <mjrosato(a)linux.vnet.ibm.com> --- src/qemu/qemu_command.c | 45 +++++++++++++++++++++++++++++++++++++++++++ src/qemu/qemu_command.h | 3 +++ src/qemu/qemu_process.c | 3 +++ src/util/virnetdevmacvlan.c | 5 ----- src/util/virnetdevtap.c | 3 --- 5 files changed, 51 insertions(+), 8 deletions(-) diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index e6acced..c161d73 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -571,6 +571,51 @@ qemuNetworkPrepareDevices(virDomainDefPtr def) return ret; } +void +qemuNetworkIfaceUp(virDomainNetDefPtr net) +{ + if (virNetDevSetOnline(net->ifname, true) < 0) { + ignore_value(virNetDevTapDelete(net->ifname)); + } + return; +} + +void +qemuPhysIfaceUp(virDomainNetDefPtr net) +{ + if (virNetDevSetOnline(net->ifname, true) < 0) { + ignore_value(virNetDevVPortProfileDisassociate(net->ifname, + virDomainNetGetActualVirtPortProfile(net), + &net->mac, + virDomainNetGetActualDirectDev(net), + -1, + VIR_NETDEV_VPORT_PROFILE_OP_MIGRATE_IN_FINISH)); + ignore_value(virNetDevMacVLanDelete(net->ifname)); + } + return; +} + +void +qemuNetworkInitializeDevices(virDomainDefPtr def) +{ + size_t i; + + for (i = 0; i < def->nnets; i++) { + virDomainNetDefPtr net = def->nets[i]; + switch(virDomainNetGetActualType(net)) { + case VIR_DOMAIN_NET_TYPE_BRIDGE: + case VIR_DOMAIN_NET_TYPE_NETWORK: + qemuNetworkIfaceUp(net); + break; + case VIR_DOMAIN_NET_TYPE_DIRECT: + qemuPhysIfaceUp(net); + break; + } + } + + return; +} + static int qemuDomainDeviceAliasIndex(const virDomainDeviceInfo *info, const char *prefix) { diff --git a/src/qemu/qemu_command.h b/src/qemu/qemu_command.h index afbd6ff..4a44464 100644 --- a/src/qemu/qemu_command.h +++ b/src/qemu/qemu_command.h @@ -206,6 +206,9 @@ int qemuOpenVhostNet(virDomainDefPtr def, int *vhostfdSize); int qemuNetworkPrepareDevices(virDomainDefPtr def); +void qemuNetworkIfaceUp(virDomainNetDefPtr net); +void qemuPhysIfaceUp(virDomainNetDefPtr net); +void qemuNetworkInitializeDevices(virDomainDefPtr def); /* * NB: def->name can be NULL upon return and the caller diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index d719716..bbc11f3 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -2765,6 +2765,9 @@ qemuProcessStartCPUs(virQEMUDriverPtr driver, virDomainObjPtr vm, qemuDomainObjPrivatePtr priv = vm->privateData; virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver); + /* Bring up netdevs before starting CPUs */ + qemuNetworkInitializeDevices(vm->def); + VIR_DEBUG("Using lock state '%s'", NULLSTR(priv->lockState)); if (virDomainLockProcessResume(driver->lockManager, cfg->uri, vm, priv->lockState) < 0) { diff --git a/src/util/virnetdevmacvlan.c b/src/util/virnetdevmacvlan.c index cb85b74..3748527 100644 --- a/src/util/virnetdevmacvlan.c +++ b/src/util/virnetdevmacvlan.c @@ -898,11 +898,6 @@ int virNetDevMacVLanCreateWithVPortProfile(const char *tgifname, goto link_del_exit; } - if (virNetDevSetOnline(cr_ifname, true) < 0) { - rc = -1; - goto disassociate_exit; - } - if (withTap) { if ((rc = virNetDevMacVLanTapOpen(cr_ifname, 10)) < 0) goto disassociate_exit; diff --git a/src/util/virnetdevtap.c b/src/util/virnetdevtap.c index 0b444fa..09b9c12 100644 --- a/src/util/virnetdevtap.c +++ b/src/util/virnetdevtap.c @@ -574,9 +574,6 @@ int virNetDevTapCreateInBridgePort(const char *brname, goto error; } - if (virNetDevSetOnline(*ifname, !!(flags & VIR_NETDEV_TAP_CREATE_IFUP)) < 0) - goto error; - return 0; error: -- 1.7.9.5

2 2

[libvirt] [PATCH] Report an clear error when try to build lvm2 type pool
by Shanzhi Yu 10 Jun '14

10 Jun '14

STORAGE_POOL_DISK_LVM2 can't be created by "parted mklabel", so report an error when build such type pool Signed-off-by: Shanzhi Yu <shyu(a)redhat.com> --- src/storage/storage_backend_disk.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/src/storage/storage_backend_disk.c b/src/storage/storage_backend_disk.c index 8e12974..5b5a1fa 100644 --- a/src/storage/storage_backend_disk.c +++ b/src/storage/storage_backend_disk.c @@ -414,13 +414,21 @@ virStorageBackendDiskBuildPool(virConnectPtr conn ATTRIBUTE_UNUSED, goto error; } - if (flags & VIR_STORAGE_POOL_BUILD_OVERWRITE) + if (flags & VIR_STORAGE_POOL_BUILD_OVERWRITE && + pool->def->source.format != VIR_STORAGE_POOL_DISK_LVM2) ok_to_mklabel = true; else { int check; check = virStorageBackendDiskFindLabel( pool->def->source.devices[0].path); + + if (pool->def->source.format == VIR_STORAGE_POOL_DISK_LVM2){ + virReportError(VIR_ERR_OPERATION_INVALID, "%s", + _("Invalid disk label: lvm2")); + goto error; + } + if (check > 0) { ok_to_mklabel = true; } else if (check < 0) { -- 1.9.3

1 0

[libvirt] [PATCH] qemu: Properly label FDs while saving domain for successful restores in case of static labelling.
by Shivaprasad G Bhat 10 Jun '14

10 Jun '14

Static labelling has the relabel set to no by default and restore of a saved image file fails when the selinux context is static. This is because the saved file doesnt have the context set during the saving. The libvirt has to set the conext of save image file to that of the guest during save. The fix applies to both managedsave and save codepath. The managedsave works as is without the fix as well since the files are saved in the directory having viable default context. Signed-off-by: Shivaprasad G Bhat <shivaprasadbhat(a)gmail.com> --- src/qemu/qemu_driver.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 3a7622a..e4390ee 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -2966,6 +2966,9 @@ qemuDomainSaveMemory(virQEMUDriverPtr driver, if (fd < 0) goto cleanup; + if (asyncJob == QEMU_ASYNC_JOB_SAVE) + virSecurityManagerSetImageFDLabel(driver->securityManager, vm->def, fd); + if (!(wrapperFd = virFileWrapperFdNew(&fd, path, wrapperFlags))) goto cleanup;

1 0

[libvirt] [PATCH] SELinux: don't silently fail when no label is present
by Ján Tomko 10 Jun '14

10 Jun '14

This fixes startup of a domain with: <seclabel type='none' model='dac'/> on a host with selinux and dac drivers and security_default_confined = 0 https://bugzilla.redhat.com/show_bug.cgi?id=1105939 --- src/security/security_selinux.c | 98 ++++++++++++----------------------------- 1 file changed, 29 insertions(+), 69 deletions(-) diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c index 8380bba..008c58c 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -585,7 +585,7 @@ virSecuritySELinuxGenSecurityLabel(virSecurityManagerPtr mgr, seclabel = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME); if (seclabel == NULL) - return rc; + return 0; data = virSecurityManagerGetPrivateData(mgr); @@ -739,11 +739,7 @@ virSecuritySELinuxReserveSecurityLabel(virSecurityManagerPtr mgr, virSecurityLabelDefPtr seclabel; seclabel = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME); - if (seclabel == NULL) { - return -1; - } - - if (seclabel->type == VIR_DOMAIN_SECLABEL_STATIC) + if (!seclabel || seclabel->type == VIR_DOMAIN_SECLABEL_STATIC) return 0; if (getpidcon_raw(pid, &pctx) == -1) { @@ -1060,7 +1056,7 @@ virSecuritySELinuxSetSecurityTPMFileLabel(virSecurityManagerPtr mgr, seclabel = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME); if (seclabel == NULL) - return -1; + return 0; switch (tpm->type) { case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH: @@ -1102,7 +1098,7 @@ virSecuritySELinuxRestoreSecurityTPMFileLabelInt(virSecurityManagerPtr mgr, seclabel = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME); if (seclabel == NULL) - return -1; + return 0; switch (tpm->type) { case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH: @@ -1136,7 +1132,7 @@ virSecuritySELinuxRestoreSecurityImageLabelInt(virSecurityManagerPtr mgr, seclabel = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME); if (seclabel == NULL) - return -1; + return 0; disk_seclabel = virDomainDiskDefGetSecurityLabelDef(disk, SECURITY_SELINUX_NAME); @@ -1256,10 +1252,7 @@ virSecuritySELinuxSetSecurityImageLabel(virSecurityManagerPtr mgr, cbdata.manager = mgr; cbdata.secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME); - if (cbdata.secdef == NULL) - return -1; - - if (cbdata.secdef->norelabel) + if (!cbdata.secdef || cbdata.secdef->norelabel) return 0; if (virDomainDiskGetType(disk) == VIR_STORAGE_TYPE_NETWORK) @@ -1279,7 +1272,7 @@ virSecuritySELinuxSetSecurityHostdevLabelHelper(const char *file, void *opaque) secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME); if (secdef == NULL) - return -1; + return 0; return virSecuritySELinuxSetFilecon(file, secdef->imagelabel); } @@ -1397,7 +1390,7 @@ virSecuritySELinuxSetSecurityHostdevCapsLabel(virDomainDefPtr def, secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME); if (secdef == NULL) - return -1; + return 0; switch (dev->source.caps.type) { case VIR_DOMAIN_HOSTDEV_CAPS_TYPE_STORAGE: { @@ -1447,10 +1440,7 @@ virSecuritySELinuxSetSecurityHostdevLabel(virSecurityManagerPtr mgr ATTRIBUTE_UN virSecurityLabelDefPtr secdef; secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME); - if (secdef == NULL) - return -1; - - if (secdef->norelabel) + if (!secdef || secdef->norelabel) return 0; switch (dev->mode) { @@ -1635,10 +1625,7 @@ virSecuritySELinuxRestoreSecurityHostdevLabel(virSecurityManagerPtr mgr, virSecurityLabelDefPtr secdef; secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME); - if (secdef == NULL) - return -1; - - if (secdef->norelabel) + if (!secdef || secdef->norelabel) return 0; switch (dev->mode) { @@ -1667,14 +1654,14 @@ virSecuritySELinuxSetSecurityChardevLabel(virDomainDefPtr def, int ret = -1; seclabel = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME); - if (seclabel == NULL) - return -1; + if (!seclabel || seclabel->norelabel) + return 0; if (dev) chr_seclabel = virDomainChrDefGetSecurityLabelDef(dev, SECURITY_SELINUX_NAME); - if (seclabel->norelabel || (chr_seclabel && chr_seclabel->norelabel)) + if (chr_seclabel && chr_seclabel->norelabel) return 0; if (chr_seclabel) @@ -1738,13 +1725,13 @@ virSecuritySELinuxRestoreSecurityChardevLabel(virSecurityManagerPtr mgr, int ret = -1; seclabel = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME); - if (seclabel == NULL) - return -1; + if (!seclabel || seclabel->norelabel) + return 0; if (dev) chr_seclabel = virDomainChrDefGetSecurityLabelDef(dev, SECURITY_SELINUX_NAME); - if (seclabel->norelabel || (chr_seclabel && chr_seclabel->norelabel)) + if (chr_seclabel && chr_seclabel->norelabel) return 0; switch (dev_source->type) { @@ -1864,7 +1851,7 @@ virSecuritySELinuxRestoreSecurityAllLabel(virSecurityManagerPtr mgr, secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME); if (secdef == NULL) - return -1; + return 0; if (secdef->norelabel || data->skipAllLabel) return 0; @@ -1925,7 +1912,7 @@ virSecuritySELinuxReleaseSecurityLabel(virSecurityManagerPtr mgr, secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME); if (secdef == NULL) - return -1; + return 0; if (secdef->type == VIR_DOMAIN_SECLABEL_DYNAMIC) { if (secdef->label != NULL) { @@ -1953,10 +1940,7 @@ virSecuritySELinuxSetSavedStateLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, virSecurityLabelDefPtr secdef; secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME); - if (secdef == NULL) - return -1; - - if (secdef->norelabel) + if (!secdef || secdef->norelabel) return 0; return virSecuritySELinuxSetFilecon(savefile, secdef->imagelabel); @@ -1971,10 +1955,7 @@ virSecuritySELinuxRestoreSavedStateLabel(virSecurityManagerPtr mgr, virSecurityLabelDefPtr secdef; secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME); - if (secdef == NULL) - return -1; - - if (secdef->norelabel) + if (!secdef || secdef->norelabel) return 0; return virSecuritySELinuxRestoreSecurityFileLabel(mgr, savefile); @@ -1989,7 +1970,7 @@ virSecuritySELinuxSecurityVerify(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME); if (secdef == NULL) - return -1; + return 0; if (!STREQ(SECURITY_SELINUX_NAME, secdef->model)) { virReportError(VIR_ERR_INTERNAL_ERROR, @@ -2018,10 +1999,7 @@ virSecuritySELinuxSetSecurityProcessLabel(virSecurityManagerPtr mgr ATTRIBUTE_UN virSecurityLabelDefPtr secdef; secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME); - if (secdef == NULL) - return -1; - - if (secdef->label == NULL) + if (!secdef || !secdef->label) return 0; VIR_DEBUG("label=%s", secdef->label); @@ -2055,10 +2033,7 @@ virSecuritySELinuxSetSecurityChildProcessLabel(virSecurityManagerPtr mgr ATTRIBU virSecurityLabelDefPtr secdef; secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME); - if (secdef == NULL) - return -1; - - if (secdef->label == NULL) + if (!secdef || !secdef->label) return 0; VIR_DEBUG("label=%s", secdef->label); @@ -2088,10 +2063,7 @@ virSecuritySELinuxSetSecurityDaemonSocketLabel(virSecurityManagerPtr mgr ATTRIBU int rc = -1; secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME); - if (secdef == NULL) - return -1; - - if (secdef->label == NULL) + if (!secdef || !secdef->label) return 0; if (!STREQ(SECURITY_SELINUX_NAME, secdef->model)) { @@ -2138,10 +2110,7 @@ virSecuritySELinuxSetSecuritySocketLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNU int rc = -1; secdef = virDomainDefGetSecurityLabelDef(vm, SECURITY_SELINUX_NAME); - if (secdef == NULL) - return -1; - - if (secdef->label == NULL) + if (!secdef || !secdef->label) return 0; if (!STREQ(SECURITY_SELINUX_NAME, secdef->model)) { @@ -2179,10 +2148,7 @@ virSecuritySELinuxClearSecuritySocketLabel(virSecurityManagerPtr mgr ATTRIBUTE_U virSecurityLabelDefPtr secdef; secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME); - if (secdef == NULL) - return -1; - - if (secdef->label == NULL) + if (!secdef || !secdef->label) return 0; if (!STREQ(SECURITY_SELINUX_NAME, secdef->model)) { @@ -2264,7 +2230,7 @@ virSecuritySELinuxSetSecurityAllLabel(virSecurityManagerPtr mgr, secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME); if (secdef == NULL) - return -1; + return 0; if (secdef->norelabel || data->skipAllLabel) return 0; @@ -2337,10 +2303,7 @@ virSecuritySELinuxSetImageFDLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, virSecurityLabelDefPtr secdef; secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME); - if (secdef == NULL) - return -1; - - if (secdef->imagelabel == NULL) + if (!secdef || !secdef->imagelabel) return 0; return virSecuritySELinuxFSetFilecon(fd, secdef->imagelabel); @@ -2358,10 +2321,7 @@ virSecuritySELinuxSetTapFDLabel(virSecurityManagerPtr mgr, int rc = -1; secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME); - if (secdef == NULL) - return rc; - - if (secdef->label == NULL) + if (!secdef || !secdef->label) return 0; if (fstat(fd, &buf) < 0) { -- 1.8.3.2

2 2

[libvirt] [RFC][PATCH]QEMU: Parse -device vfio-pci commandline
by Olivia Yin 09 Jun '14

09 Jun '14

Signed-off-by: Olivia Yin <Hong-Hua.Yin(a)freescale.com> --- src/qemu/qemu_command.c | 67 ++++++++++++++++++++++++++++++++++++++++++++++++ tests/qemuargv2xmltest.c | 2 +- 2 files changed, 68 insertions(+), 1 deletion(-) diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index e6acced..4db4a1d 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -10239,6 +10239,59 @@ qemuParseCommandLinePCI(const char *val) return NULL; } +/* + * Tries to parse a QEMU vfio-pci device + */ +static virDomainHostdevDefPtr +qemuParseCommandLineVFIOPCI(const char *val) +{ + int bus = 0, slot = 0, func = 0; + const char *start; + char *end; + virDomainHostdevDefPtr def = virDomainHostdevDefAlloc(); + + if (!def) + goto error; + + if (!STRPREFIX(val, "host=")) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("unknown PCI device syntax '%s'"), val); + goto error; + } + + start = val + strlen("host="); + if (virStrToLong_i(start, &end, 16, &bus) < 0 || *end != ':') { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("cannot extract PCI device bus '%s'"), val); + goto error; + } + start = end + 1; + if (virStrToLong_i(start, &end, 16, &slot) < 0 || *end != '.') { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("cannot extract PCI device slot '%s'"), val); + goto error; + } + start = end + 1; + if (virStrToLong_i(start, &end, 16, &func) < 0 || *end != ',') { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("cannot extract PCI device function '%s'"), val); + goto error; + } + + def->mode = VIR_DOMAIN_HOSTDEV_MODE_SUBSYS; + def->managed = true; + def->source.subsys.type = VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI; + def->source.subsys.u.pci.backend = VIR_DOMAIN_HOSTDEV_PCI_BACKEND_VFIO; + def->source.subsys.u.pci.addr.bus = bus; + def->source.subsys.u.pci.addr.slot = slot; + def->source.subsys.u.pci.addr.function = func; + return def; + + error: + virDomainHostdevDefFree(def); + return NULL; +} + /* * Tries to parse a QEMU USB device @@ -11351,6 +11404,20 @@ qemuParseCommandLine(virCapsPtr qemuCaps, virDomainHostdevDefFree(hostdev); goto error; } + } else if (STREQ(arg, "-device")) { + WANT_VALUE(); + if (STRPREFIX(val, "vfio-pci,")) { + const char *start; + start = val; + virDomainHostdevDefPtr hostdev; + start += strlen("vfio-pci,"); + if (!(hostdev = qemuParseCommandLineVFIOPCI(start))) + goto error; + if (VIR_APPEND_ELEMENT(def->hostdevs, def->nhostdevs, hostdev) < 0) { + virDomainHostdevDefFree(hostdev); + goto error; + } + } } else if (STREQ(arg, "-soundhw")) { const char *start; WANT_VALUE(); diff --git a/tests/qemuargv2xmltest.c b/tests/qemuargv2xmltest.c index 0fc9fcb..b4ba97a 100644 --- a/tests/qemuargv2xmltest.c +++ b/tests/qemuargv2xmltest.c @@ -251,8 +251,8 @@ mymain(void) DO_TEST("watchdog"); DO_TEST("hostdev-usb-address"); - DO_TEST("hostdev-pci-address"); + DO_TEST("hostdev-vfio"); DO_TEST("smp"); -- 1.8.5

4 14