December 2015 - Devel - libvirt List Archives

[libvirt] [PATCH] virNetDevMacVLanTapSetup: Drop @multiqueue argument
by Michal Privoznik 14 Dec '15

14 Dec '15

Firstly, there's a bug (or typo) in the only place where we call this function: @multiqueue is set whenever @tapfdSize is greater than zero, while in fact the condition should have been 'greater than one'. Then, secondly, since the condition depends on just one variable, that we are even passing down to the function, we can move the condition into the function and drop useless argument. Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com> --- src/util/virnetdevmacvlan.c | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/src/util/virnetdevmacvlan.c b/src/util/virnetdevmacvlan.c index 8fc71af..496416e 100644 --- a/src/util/virnetdevmacvlan.c +++ b/src/util/virnetdevmacvlan.c @@ -289,12 +289,11 @@ virNetDevMacVLanTapOpen(const char *ifname, * @tapfd: array of file descriptors of the macvtap tap * @tapfdSize: number of file descriptors in @tapfd * @vnet_hdr: whether to enable or disable IFF_VNET_HDR - * @multiqueue: whether to enable or disable IFF_MULTI_QUEUE * - * Turn on the IFF_VNET_HDR flag if requested and available, but make sure it's - * off otherwise. Similarly, turn on IFF_MULTI_QUEUE if requested, but if it - * can't be set, consider it a fatal error (rather than ignoring as with - * @vnet_hdr). + * Turn on the IFF_VNET_HDR flag if requested and available, but make sure + * it's off otherwise. Similarly, turn on IFF_MULTI_QUEUE if @tapfdSize is + * greater than one, but if it can't be set, consider it a fatal error + * (rather than ignoring as with @vnet_hdr). * * A fatal error is defined as the VNET_HDR flag being set but it cannot * be turned off for some reason. This is reported with -1. Other fatal @@ -304,7 +303,7 @@ virNetDevMacVLanTapOpen(const char *ifname, * Returns 0 on success, -1 in case of fatal error. */ static int -virNetDevMacVLanTapSetup(int *tapfd, size_t tapfdSize, bool vnet_hdr, bool multiqueue) +virNetDevMacVLanTapSetup(int *tapfd, size_t tapfdSize, bool vnet_hdr) { unsigned int features; struct ifreq ifreq; @@ -335,12 +334,12 @@ virNetDevMacVLanTapSetup(int *tapfd, size_t tapfdSize, bool vnet_hdr, bool multi } # ifdef IFF_MULTI_QUEUE - if (multiqueue) + if (tapfdSize > 1) new_flags |= IFF_MULTI_QUEUE; else new_flags &= ~IFF_MULTI_QUEUE; # else - if (multiqueue) { + if (tapfdSize > 1) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", _("Multiqueue devices are not supported on this system")); return -1; @@ -870,7 +869,7 @@ int virNetDevMacVLanCreateWithVPortProfile(const char *tgifname, if (virNetDevMacVLanTapOpen(cr_ifname, tapfd, tapfdSize, 10) < 0) goto disassociate_exit; - if (virNetDevMacVLanTapSetup(tapfd, tapfdSize, vnet_hdr, tapfdSize > 0) < 0) { + if (virNetDevMacVLanTapSetup(tapfd, tapfdSize, vnet_hdr) < 0) { VIR_FORCE_CLOSE(rc); /* sets rc to -1 */ goto disassociate_exit; } -- 2.4.10

2 1

[libvirt] [PATCH v2 0/7] Add multiqueue support for macvtaps
by Michal Privoznik 14 Dec '15

14 Dec '15

Patches 1, 2, 3, 6, 7 have been ACKed in previous round. However, I did slightly change them to reflect Laine's review suggestions. Patch 4 has not been ACKed yet, patch 5 is new. Michal Privoznik (7): virNetDevMacVLanCreateWithVPortProfile: Turn vnet_hdr into flag virNetDevMacVLanTapOpen: Slightly rework virNetDevMacVLanTapOpen: Rework to support multiple FDs virNetDevMacVLanTapSetup: Rework to support multiple FDs virNetDevMacVLanTapSetup: Allow enabling of IFF_MULTI_QUEUE virNetDevMacVLanCreateWithVPortProfile: Rework to support multiple FDs qemu: Enable multiqueue for macvtaps src/lxc/lxc_process.c | 3 +- src/qemu/qemu_command.c | 65 ++++++++++------ src/qemu/qemu_command.h | 2 + src/qemu/qemu_hotplug.c | 16 ++-- src/util/virnetdevmacvlan.c | 185 ++++++++++++++++++++++---------------------- src/util/virnetdevmacvlan.h | 7 +- 6 files changed, 153 insertions(+), 125 deletions(-) -- 2.4.10

3 12

[libvirt] how to pass qemu drive option
by Vasiliy Tolstov 14 Dec '15

14 Dec '15

I want to pass to my drive detect-zeros=on how can i do that in libvirt? I'm use lvm with virtio-scsi for sda disk. -- Vasiliy Tolstov, e-mail: v.tolstov(a)selfip.ru

2 2

[libvirt] [PATCH] qemu_agent: fix deadlock in qemuProcessHandleAgentEOF
by Wang Yufei 14 Dec '15

14 Dec '15

We shutdown a VM A by qemu agent,meanwhile an agent EOF of VM A happened, there's a chance that deadlock occurred: qemuProcessHandleAgentEOF in main thread A) priv->agent = NULL; //A happened before B //deadlock when we get agent lock which's held by worker thread qemuAgentClose(agent); qemuDomainObjExitAgent called by qemuDomainShutdownFlags in worker thread B) hasRefs = virObjectUnref(priv->agent); //priv->agent is NULL, return false if (hasRefs) virObjectUnlock(priv->agent); //agent lock will not be released here So I close agent first, then set priv->agent NULL to fix the deadlock. Signed-off-by: Wang Yufei <james.wangyufei(a)huawei.com> Reviewed-by: Ren Guannan <renguannan(a)huawei.com> --- src/qemu/qemu_process.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index f2586a1..8c9622e 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -150,11 +150,10 @@ qemuProcessHandleAgentEOF(qemuAgentPtr agent, goto unlock; } + qemuAgentClose(agent); priv->agent = NULL; virObjectUnlock(vm); - - qemuAgentClose(agent); return; unlock: -- 1.8.3.4

2 8

[libvirt] Release of libvirt-1.3.0
by Daniel Veillard 14 Dec '15

14 Dec '15

So as planned, I tagged the release in git and pushed signed tarball and rpms to the usual place: ftp://libvirt.org/libvirt I also pushed the associated python release for 1.3.0 though there was no actual code change except numbering: ftp://libvirt.org/libvirt/python The bump in version minor number comes from the addition of the administration API which nearly made it in 1.2.17 in the summer but was postponed since. That is backed up by serious improvement in virtio support and logging. As usual that release carries a sigificant amount of fixes and smaller improvements too: Features: - virt-admin and administration API (Erik Skultety, Martin Kletzander) - various improvements in virtio devices support (Ján Tomko, Marc-André Lureau) - log daemon, logging improvements and protocol (Daniel P. Berrange) Documentation: - libvirt: Update virDomainSetMemory description (Nikolay Shirokovskiy) - virt-admin: Provide a man page for virt-admin (Erik Skultety) - Enhance documentation of virDomainDetachDevice (Jiri Denemark) - qemu: monitor: Explain logic of qemuMonitorGetCPUInfo (Peter Krempa) - document virCommandRunRegex function (Christian Loehle) - libvirt-domain: Fix typo in debug message (Cole Robinson) - qemu: Explain mlock limit size more in detail (Peter Krempa) - virsh.pod: improve attach-interface section (Pavel Hrdina) - virnetdev: Fix function comments for virNetDevGetFeatures (John Ferlan) - virnetdev: Document reasons for ignoring some SIOCETHTOOL errno values (John Ferlan) Portability: - network: selectively disable -Wcast-align in virNetDevParseDadStatus (Ian Campbell) - log_manager: Include configmake.h last (Michal Privoznik) - virtlogd: Fix build without DBus (Martin Kletzander) - virtlogd: use %llu to print 64bit types (Guido Günther) Bug Fixes: - qemu: fix memory leak in opening log file (Daniel P. Berrange) - qemu: Automatic SCSI controller creation in SCSI disk hotplug broken (Boris Fiuczynski) - qemu: domain: Prevent overflows in memory alignment code (Peter Krempa) - conf: Revert some code to resolve issues for hostdev hotplug (Boris Fiuczynski) - virsh: report errors for empty strings (Ján Tomko) - bridge: check for invalid MAC in networkGetDHCPLeases (Ján Tomko) - qemu_agent: fix deadlock in qemuProcessHandleAgentEOF (Wang Yufei) - include: Install libvirt-common.h (Martin Kletzander) - tools: fix output of list with state-shutoff (Wei Jiangang) - virlogd: fix crash if log file exists and it's larger the maxlen (Pavel Hrdina) - systemd: Escape only needed characters for machined (Martin Kletzander) - logging: remove reference to non-existent augeas files (Daniel P. Berrange) - virtlockd: fix misc memory leaks and other bugs (Daniel P. Berrange) - systemd: Escape machine name for machined (Martin Kletzander) - schema: use a better regex for listen addresses (Ján Tomko) - apparmor: add missing qemu binaries (Guido Günther) - storage: Change virStorageBackendVolOpen to use virFileOpenAs (John Ferlan) - storage: Really fix setting mode for backend exec in NFS root-squash env (John Ferlan) - qemu: Add ppc64-specific math to qemuDomainGetMlockLimitBytes() (Andrea Bolognani) - libxl: don't unlock virDomainObj if refcnt is 0 (Jim Fehlig) - libxl: unref libxlDriverConfig object (Jim Fehlig) - qemu: Fix build error in Coverity environment (John Ferlan) - virSetUIDGID: Don't leak supplementary groups (Richard Weinberger) - locking: Add io_timeout to sanlock (Michal Privoznik) - libvirt-guests: Disable shutdown timeout (Guido Günther) - tpm: adapt sysfs cancel path for new TPM driver (Stefan Berger) - bhyve: monitor: do not override domain's privateData (Roman Bogorodskiy) - storage: Don't assume storage pool exists for FC/SCSI refresh thread (John Ferlan) - domain-conf: reorder usb controllers so the master is first (Pavel Hrdina) - qemu: fix parsing of -sdl arg (Daniel P. Berrange) - qemu: handle floppy disk bus when parsing command line argv (Daniel P. Berrange) - qemu: hotplug: Fix mlock limit handling on memory hotplug (Peter Krempa) - Revert "utils: Remove the logging of errors from virNetDevSendEthtoolIoctl" (Daniel P. Berrange) - qemu: migration: Actually error out on unsupported migration flag (Peter Krempa) - qemu: migration: Properly parse memory hotplug migration flag (Peter Krempa) - network: Remove extraneous ATTRIBUTE_NONNULL for virNetDevWaitDadFinish (John Ferlan) - virnetdev: Check correct return value for virNetDevFeatureAvailable (John Ferlan) - storage: On 'buildVol' failure don't delete the volume (John Ferlan) - Revert "storage: Prior to creating a volume, refresh the pool" (John Ferlan) - qemu: Fix memory leak in qemuProcessStart (Jiri Denemark) - qemu: Use correct type when calling qemuPrepareNVRAM (Jiri Denemark) Improvements: - Revert "libxl: implement virDomainInterfaceStats" (Jim Fehlig) - rpm: explicitly enable & start virtlogd on install (Daniel P. Berrange) - libvirtd: enable virtlockd/virtlogd socket activation on install (Daniel P. Berrange) - logging: validate flags passed from client in virtlogd (Daniel P. Berrange) - logging: change log protocol to be more reusable (Daniel P. Berrange) - logging: preserve driver, dom name & uuid against log file (Daniel P. Berrange) - qemu: include hostname in QEMU log files (Daniel P. Berrange) - rotatingfile: mark log files as close-on-exec (Daniel P. Berrange) - libvirtd: require virtlogd to start before libvirtd (Guido Günther) - schema: Allow > UINT_MAX KiB of memory for NUMA nodes (Peter Krempa) - virsh: remove custom error for cpulist from cmdIOThreadPin (Ján Tomko) - libxl: implement virDomainInterfaceStats (Joao Martins) - tests: Run virnetdaemontest iff WITH_YAJL (Michal Privoznik) - admin: Distribute libvirt-admin.conf (Martin Kletzander) - admin: Rename virAdmConnect to virAdmDaemon (Martin Kletzander) - spec: Temporarily disable new admin-related files (Martin Kletzander) - admin: Include admin_remote.c in the dist package (Martin Kletzander) - build: Create needed folders without dependency tracking (Martin Kletzander) - util: Avoid variable named 'truncate' shadowing global declaration (Martin Kletzander) - conf: Split virDomainObjList into a separate file (Michal Privoznik) - qemu: build command line for virtio-input-host device (Ján Tomko) - qemu: add passed-through input devs to cgroup ACL (Ján Tomko) - security: label the evdev for input device passthrough (Ján Tomko) - conf: add XML for input device passthrough (Ján Tomko) - qemu: add capability for virtio-input-host-device (Ján Tomko) - qemu: build command line for virtio input devices (Ján Tomko) - conf: parse and format virtio input bus in domain XML (Ján Tomko) - qemu: add capabilities for virtio input devices (Ján Tomko) - admin: Introduce virAdmConnectGetLibVersion (Erik Skultety) - admin: Add support for connection close callbacks (Erik Skultety) - admin: Add support for URI aliases (Erik Skultety) - livirt: Move URI alias matching to util (Erik Skultety) - admin: Add URI support and introduce virAdmGetDefaultURI (Erik Skultety) - admin: Do not generate remoteAdminConnect{Open,Close} (Erik Skultety) - admin: Move remote admin API version to a separate module (Erik Skultety) - admin: Introduce virAdmConnectIsAlive (Erik Skultety) - virt-admin: Introduce first working skeleton (Erik Skultety) - admin: introduce virAdmGetVersion (Erik Skultety) - libvirt: Move config getters to util (Erik Skultety) - admin: Introduce libvirt-admin.conf (Erik Skultety) - libvirt: introduce libvirt/libvirt-common.h.in (Erik Skultety) - qemu: add virtio-gpu virgl support (Marc-André Lureau) - qemu: add virtio video device (Marc-André Lureau) - domain: replace bool accel{2d, 3d} with a tristate (Marc-André Lureau) - Replace support{2d,3d} with accel{2d,3d} (Marc-André Lureau) - logging: avoid variables called 'daemon' due to function clash (Daniel P. Berrange) - logging: inhibit virtlogd shutdown while log files are open (Daniel P. Berrange) - qemu: add support for sending QEMU stdout/stderr to virtlogd (Daniel P. Berrange) - qemu: convert monitor to use qemuDomainLogContextPtr indirectly (Daniel P. Berrange) - qemu: convert process stop/attach to use qemuDomainLogContextPtr (Daniel P. Berrange) - qemu: convert qemuLogOperation to take a qemuDomainLogContextPtr (Daniel P. Berrange) - qemu: change qemuDomainTaint APIs to accept qemuDomainLogContextPtr (Daniel P. Berrange) - qemu: convert log file creation to use qemuDomainLogContextPtr (Daniel P. Berrange) - qemu: introduce a qemuDomainLogContext object (Daniel P. Berrange) - qemu: unify code for reporting errors from QEMU log files (Daniel P. Berrange) - qemu: remove writing to QEMU log file for rename operation (Daniel P. Berrange) - logging: add client for virtlogd daemon (Daniel P. Berrange) - logging: introduce log handling protocol (Daniel P. Berrange) - Import stripped down virtlockd code as basis of virtlogd (Daniel P. Berrange) - util: add APIs for reading/writing from/to rotating files (Daniel P. Berrange) - virsh: Try to keep printed XML pretty with change-media (Martin Kletzander) - qemu: Use qemuProcessLaunch in migration Prepare phase (Jiri Denemark) - qemu: Skip starting NBD servers for offline migration (Jiri Denemark) - qemu: Kill QEMU process if Prepare phase fails (Jiri Denemark) - qemu: Separate incoming URI generation from qemuMigrationPrepareAny (Jiri Denemark) - qemu: Introduce qemuProcessFinishStartup (Jiri Denemark) - qemu: Introduce qemuProcessLaunch (Jiri Denemark) - qemu: Introduce qemuProcessInit (Jiri Denemark) - conf: reject multiple panic devices of same model (Dmitry Andreev) - Allow multiple panic devices (Dmitry Andreev) - qemu: add support for hv_crash feature as a panic device (Dmitry Andreev) - tests: add tests for the new panic device attribute - 'model' (Dmitry Andreev) - conf: add 'model' attribute for panic device with values isa, pseries, hyperv (Dmitry Andreev) - conf: refactor code for checking ABI stability of panic device (Dmitry Andreev) - nodedev: report maxCount for virtual_functions capability (Laine Stump) - conf: support reporting maxCount attribute for virtual_functions cap (Laine Stump) - Post-release version bump to 1.3.0 (Pavel Hrdina) - conf: Drop useless check when parsing cpu scheduler info (Peter Krempa) - qemu: pass the asyncJob to qemuProcessStartCPUs (Ján Tomko) - xenapi: Refactor extraction of vcpu count (Peter Krempa) - phyp: Refactor extraction of vcpu count (Peter Krempa) - openvz: Refactor extraction of vcpu count (Peter Krempa) - hyperv: Allocate 'def' via virDomainDefNew (Peter Krempa) - qemuSetupChrSourceCgroup: rename dev to source (Ján Tomko) - Simplify qemuSetupChrSourceCgroup and its callers (Ján Tomko) - rename qemuSetupHostdevCGroup to qemuSetupHostdevCgroup (Ján Tomko) - qemu: handle more machines with a single builtin IDE controller (Guido Günther) - qemu: Always set locked memory limit for ppc64 domains (Andrea Bolognani) - qemu: Use qemuDomainRequiresMlock() when attaching PCI hostdev (Andrea Bolognani) - qemu: Use qemuDomainRequiresMlock() in qemuBuildCommandLine() (Andrea Bolognani) - process: Log when limiting the amount of locked memory (Andrea Bolognani) - vz: implementation of domainReboot callback (Mikhail Feoktistov) - vz: allow only en-us keymap for VNC (Mikhail Feoktistov) - qemu: Close logfd when closing monitor (Jiri Denemark) - qemu: Do not infer flags from other qemuProcessStart arguments (Jiri Denemark) - qemu: Introduce qemuProcessMakeDir (Jiri Denemark) - qemu: Separate balloon code from qemuProcessStart (Jiri Denemark) - qemu: Enter monitor within qemuProcessSetLinkStates (Jiri Denemark) - qemu: Separate raw IO code from qemuProcessStart (Jiri Denemark) - qemu: Separate graphics handling code from qemuProcessStart (Jiri Denemark) - qemu: Separate hook handling code from qemuProcessStart (Jiri Denemark) - qemu: Rename stdin_{fd,path} in qemuProcessStart (Jiri Denemark) - qemu: Use -incoming defer for migrations (Jiri Denemark) - qemu: Add APIs for migrate-incoming QMP command (Jiri Denemark) - qemu: Always set async job when starting a domain (Jiri Denemark) - qemu: Introduce qemuProcessIncomingDef (Jiri Denemark) - qemu: Move incoming URI code to qemu_migration (Jiri Denemark) - qemu: Don't generate migration URI in qemuBuildCommandLine (Jiri Denemark) - qemu: Refactor the code to build -incoming command line (Jiri Denemark) - qemu: Refactor waiting for completed migration on destination (Jiri Denemark) - util: add virDiskNameParse to handle disk and partition idx (Joao Martins) - libxl: implement virDomainMemorystats (Joao Martins) - lxc: Bind mount container TTYs (Richard Weinberger) - lxc: Don't make container's TTY a controlling TTY (Richard Weinberger) - qemu: ppc64: Support memory hotplug without NUMA enabled (Peter Krempa) - qemu: command: Prepare memory device def formatter for missing target node (Peter Krempa) - conf: Prepare making memory device target node optional (Peter Krempa) - qemu: command: Move dimm device checks from formatter to checker (Peter Krempa) - qemu: domain: Add common function to perform memory hotplug checks (Peter Krempa) - qemu: command: Always execute memory device formatter (Peter Krempa) - qemu: command: Make qemuBuildMemoryBackendStr usable without NUMA (Peter Krempa) - libxl: implement virDomainGetCPUStats (Joao Martins) - syntax-check: Add prohibit_space_in_label rule (Andrea Bolognani) - util: remove unnecessary needSize (Chen Hanxiao) - storage: Introduce virStoragePoolObjFindPoolByUUID (John Ferlan) - storage: Change cbdata scsi refresh thread field name (John Ferlan) - storage: Make active boolean (John Ferlan) - qemu: domain: Restructurate control flow in qemuDomainGetMlockLimitBytes (Peter Krempa) - qemu: Fix job entry debug message (Jiri Denemark) - tests: Add QEMU 2.4.0 capabilities (Jiri Denemark) - tests: Remove qemuxmlnstest (Jiri Denemark) - qemu: Fix style in qemuProcessStart (Jiri Denemark) - security: Cleanup DAC driver (Jiri Denemark) - domain-conf: cleanup controller insert function (Pavel Hrdina) - virsh-domain: update attach-interface to support type=hostdev (Pavel Hrdina) - vz: support cpu time in driver's domainGetInfo (Nikolay Shirokovskiy) - qemu: assume various QEMU 0.10 features are always available (Daniel P. Berrange) - qemu: assume -vga is always available (Daniel P. Berrange) - qemu: assume -drive format is always available (Daniel P. Berrange) - qemu: assume -drive cache always uses v2 option names (Daniel P. Berrange) - qemu: assume support for all migration protocols except rdma (Daniel P. Berrange) - qemu: assume vnet-hdr feature is always available (Daniel P. Berrange) - qemu: really remove last traces of Xenner support (Daniel P. Berrange) - qemu: assume -uuid is always available (Daniel P. Berrange) - qemu: assume -name is always available (Daniel P. Berrange) - qemu: assume -drive argument is always available (Daniel P. Berrange) - qemu: handle USB bus in qemuAssignDeviceDiskAliasFixed() (Daniel P. Berrange) - qemu: assume -no-reboot is always available (Daniel P. Berrange) - qemu: assume 'info chardev' is always available (Daniel P. Berrange) - qemu: assume -vnc arg always takes a ':' (Daniel P. Berrange) - qemu: remove all support for kQEMU (Daniel P. Berrange) - qemu: mandate QEMU version 0.12.0 or newer (Daniel P. Berrange) - qemu: hotplug: Reject VFIO hotplug if setting RLIMIT_MEMLOCK fails (Peter Krempa) - qemu: Extract logic to determine the mlock limit size for VFIO (Peter Krempa) - conf: Make @def const in virDomainDefGetMemoryInitial (Peter Krempa) - tests: redo test argv file line wrapping (Daniel P. Berrange) - virnetdev: Use virNetDevSetupControl in virNetDevSendEthtoolIoctl (John Ferlan) - virnetdev: Check for root in virNetDevGetFeatures (John Ferlan) - qemu: add /usr/lib to AC_PATH_PROG for qemu-bridge-helper (Michel Normand) - storage: Pull volume removal from pool in storageVolDeleteInternal (John Ferlan) - storage: Cleanup failures in virStorageBackendCreateRaw (John Ferlan) - storage: Cleanup failures virStorageBackendCreateExecCommand (John Ferlan) - storage: Fix setting mode in virStorageBackendCreateExecCommand (John Ferlan) - Remove new lines from log messages (Jiri Denemark) - qemu: Introduce cleanup label in qemuProcessStart (Jiri Denemark) - qemu: Rename ret variable in qemuProcessStart (Jiri Denemark) - qemu: Rename cleanup label in qemuProcessStart (Jiri Denemark) So thanks everybody for helping with this release, be it with patches, ideas, reports, documentation, etc... As a reminder next release supposedly 1.3.1 will come mid-January due to the end of year slowdown, and then 1.3.2 at the end or February. Enjoy ! Daniel -- Daniel Veillard | Open Source and Standards, Red Hat veillard(a)redhat.com | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ http://veillard.com/ | virtualization library http://libvirt.org/

2 1

[libvirt] [PATCH] virNetDevMacVLanTapSetup: Work around older systems
by Michal Privoznik 12 Dec '15

12 Dec '15

Some older systems, e.g. RHEL-6 do not have IFF_MULTI_QUEUE flag which we use to enable multiqueue feature. Therefore one gets the following compile error there: CC util/libvirt_util_la-virnetdevmacvlan.lo util/virnetdevmacvlan.c: In function 'virNetDevMacVLanTapSetup': util/virnetdevmacvlan.c:338: error: 'IFF_MULTI_QUEUE' undeclared (first use in this function) util/virnetdevmacvlan.c:338: error: (Each undeclared identifier is reported only once util/virnetdevmacvlan.c:338: error: for each function it appears in.) make[3]: *** [util/libvirt_util_la-virnetdevmacvlan.lo] Error 1 So, whenever user wants us to enable the feature on such systems, we will just throw a runtime error instead. Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com> --- src/util/virnetdevmacvlan.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/util/virnetdevmacvlan.c b/src/util/virnetdevmacvlan.c index d8d1d90..28c9f22 100644 --- a/src/util/virnetdevmacvlan.c +++ b/src/util/virnetdevmacvlan.c @@ -307,49 +307,57 @@ static int virNetDevMacVLanTapSetup(int *tapfd, size_t tapfdSize, bool vnet_hdr, bool multiqueue) { unsigned int features; struct ifreq ifreq; short new_flags = 0; size_t i; for (i = 0; i < tapfdSize; i++) { memset(&ifreq, 0, sizeof(ifreq)); if (ioctl(tapfd[i], TUNGETIFF, &ifreq) < 0) { virReportSystemError(errno, "%s", _("cannot get interface flags on macvtap tap")); return -1; } new_flags = ifreq.ifr_flags; if (vnet_hdr) { if (ioctl(tapfd[i], TUNGETFEATURES, &features) < 0) { virReportSystemError(errno, "%s", _("cannot get feature flags on macvtap tap")); return -1; } if (features & IFF_VNET_HDR) new_flags |= IFF_VNET_HDR; } else { new_flags &= ~IFF_VNET_HDR; } +#ifdef IFF_MULTI_QUEUE if (multiqueue) new_flags |= IFF_MULTI_QUEUE; else new_flags &= ~IFF_MULTI_QUEUE; +#else + if (multiqueue) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("Multiqueue devices are not supported on this system")); + return -1; + } +#endif if (new_flags != ifreq.ifr_flags) { ifreq.ifr_flags = new_flags; if (ioctl(tapfd[i], TUNSETIFF, &ifreq) < 0) { virReportSystemError(errno, "%s", _("unable to set vnet or multiqueue flags on macvtap")); return -1; } } } return 0; } -- 2.4.10

2 1

[libvirt] [PATCH] CVE-2015-5313: storage: don't allow '/' in filesystem volume names
by Eric Blake 11 Dec '15

11 Dec '15

The libvirt file system storage driver determines what file to act on by concatenating the pool location with the volume name. If a user is able to pick names like "../../../etc/passwd", then they can escape the bounds of the pool. For that matter, virStoragePoolListVolumes() doesn't descend into subdirectories, so a user really shouldn't use a name with a slash. Normally, only privileged users can coerce libvirt into creating or opening existing files using the virStorageVol APIs; and such users already have full privilege to create any domain XML (so it is not an escalation of privilege). But in the case of fine-grained ACLs, it is feasible that a user can be granted storage_vol:create but not domain:write, and it violates assumptions if such a user can abuse libvirt to access files outside of the storage pool. Therefore, prevent all use of volume names that contain "/", whether or not such a name is actually attempting to escape the pool. This changes things from: $ virsh vol-create-as default ../../../../../../etc/haha --capacity 128 Vol ../../../../../../etc/haha created $ rm /etc/haha to: $ virsh vol-create-as default ../../../../../../etc/haha --capacity 128 error: Failed to create vol ../../../../../../etc/haha error: Requested operation is not valid: volume name '../../../../../../etc/haha' cannot contain '/' Signed-off-by: Eric Blake <eblake(a)redhat.com> --- This has been reviewed on the libvirt security list, where it was assigned a CVE. Fortunately, this could only be used for an escalation of privileges under fine-grained ACLs (which is not an out-of-the-box config). I will go ahead and push this to master as well as all the active maint branches back to the introduction of ACLs. src/storage/storage_backend_fs.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/src/storage/storage_backend_fs.c b/src/storage/storage_backend_fs.c index c71c724..bb3b62a 100644 --- a/src/storage/storage_backend_fs.c +++ b/src/storage/storage_backend_fs.c @@ -1,7 +1,7 @@ /* * storage_backend_fs.c: storage backend for FS and directory handling * - * Copyright (C) 2007-2014 Red Hat, Inc. + * Copyright (C) 2007-2015 Red Hat, Inc. * Copyright (C) 2007-2008 Daniel P. Berrange * * This library is free software; you can redistribute it and/or @@ -1057,6 +1057,14 @@ virStorageBackendFileSystemVolCreate(virConnectPtr conn ATTRIBUTE_UNUSED, else vol->type = VIR_STORAGE_VOL_FILE; + /* Volumes within a directory pools are not recursive; do not + * allow escape to ../ or a subdir */ + if (strchr(vol->name, '/')) { + virReportError(VIR_ERR_OPERATION_INVALID, + _("volume name '%s' cannot contain '/'"), vol->name); + return -1; + } + VIR_FREE(vol->target.path); if (virAsprintf(&vol->target.path, "%s/%s", pool->def->target.path, -- 2.4.3

1 0

[libvirt] [PATCH] storage: Attempt to refresh volume after successful wipe volume
by John Ferlan 11 Dec '15

11 Dec '15

https://bugzilla.redhat.com/show_bug.cgi?id=1270709 When a volume wipe is successful, a volume refresh should be done afterwards to update any volume data that may be used in future volume commands, such as volume resize. For a raw file volume, a wipe would truncate the file and a followup volume resize the capacity may fail because the volume target allocation isn't updated to reflect the wipe activity. Signed-off-by: John Ferlan <jferlan(a)redhat.com> --- src/storage/storage_driver.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/src/storage/storage_driver.c b/src/storage/storage_driver.c index bbf21f6..2e59e39 100644 --- a/src/storage/storage_driver.c +++ b/src/storage/storage_driver.c @@ -2436,7 +2436,19 @@ storageVolWipePattern(virStorageVolPtr obj, goto cleanup; } - ret = backend->wipeVol(obj->conn, pool, vol, algorithm, flags); + if ((ret = backend->wipeVol(obj->conn, pool, vol, algorithm, flags)) < 0) + goto cleanup; + + /* Best effort to refresh the volume data. If unsuccessful, we've already + * wiped the data so there's no going back on that. Best we can do is + * provide some details over what happened and move on + */ + if (backend->refreshVol && + backend->refreshVol(obj->conn, pool, vol) < 0) { + VIR_WARN("failed to refresh volume '%s' info after volume wipe", + vol->name); + virResetLastError(); + } cleanup: virStoragePoolObjUnlock(pool); -- 2.5.0

2 2

[libvirt] [PATCH 00/10] VFIO fixes for PCI devices
by Andrea Bolognani 11 Dec '15

11 Dec '15

This series is my attempt at fixing https://bugzilla.redhat.com/show_bug.cgi?id=1272300 In its current state, it's missing test cases covering the new functionality[1] and it's known not to handle properly one situation[2], but I'd like to get some feedback on my current work and now that I have something to show for it feels like a good time. I'm already working on the missing bits and they will either be included in the next revision or sent as separate series later on. The problem being solved is that, when using VFIO, IOMMU group ownership can't be shared, eg. two devices that are in the same IOMMU group can't be assigned to different guests, or to the host and a guest. If that happens, the host will probably crash. The series deals with this issue by making sure safety conditions are met before detaching devices from the host or reattaching them to the host. In praticular, when we're asked to reattach a device to the host but doing so would lead to sharing IOMMU group ownership, we delay the operation until we can guarantee this will not cause problems. As a nice side effect of the changes we check for this when starting a guest too, instead of assuming it will work and having QEMU error out immediately afterwards. Patches are organized as follows: 1-2: Minor cleanups that make implicit / confusing stuff explicit / less confusing 3: Convert a string field used as an enumeration to a proper enumeration 4: Introduce a simple helper function used later on 5-6: Rewrite the checks used when detaching devices from the host. With this patches applied, the behaviour is basically the same as before, except for the nice little extra detailed above 7-9: Implement the delay when reattaching devices to the host, thus preventing the crash and fixing the bug 10: Spit and polish Cheers. [1] Luckily, it doesn't break the existing tests either [2] If you call 'virsh nodedev-reattach' on a device that's assigned to a guest, libvirt won't stop you and you will end up crashing your system Andrea Bolognani (10): pci: Remove redundant parameter from virPCIDeviceBindToStub() pci: Remove 'reprobe' parameter from virPCIDeviceUnbind() pci: Introduce virPCIStubDriver enumeration pci: Introduce virPCIDeviceIOMMUGroupIterate() hostdev: Simplify virHostdevIsPCIDeviceUsed() hostdev: Check for safety before detaching VFIO devices hostdev: Delay reattach of VFIO devices hostdev: Clean up delayed VFIO devices hostdev: Devices have already been marked as inactive hostdev: Tidy up after changes to VFIO device handling src/libvirt_private.syms | 3 + src/libxl/libxl_driver.c | 3 +- src/qemu/qemu_driver.c | 6 +- src/util/virhostdev.c | 410 ++++++++++++++++++++++++++++++++++------------- src/util/virpci.c | 125 +++++++++------ src/util/virpci.h | 26 ++- src/xen/xen_driver.c | 3 +- tests/virhostdevtest.c | 5 +- tests/virpcitest.c | 35 ++-- 9 files changed, 427 insertions(+), 189 deletions(-) -- 2.5.0

3 17

[libvirt] [PATCH 0/6] Memory locking limit improvements
by Andrea Bolognani 11 Dec '15

11 Dec '15

As noticed by Peter[1], the memory locking limit for the QEMU process is increased before assigning a VFIO device to a guest, but it might not be decreased when returning said device to the host. This series fixes this inconsistent behaviour and cleans up the code a little bit along the way. The idea is to introduce a new, smarter function called qemuDomainAdjustMaxMemLock() that does The Right Thing™ and increases the limit when required, while at the same time storing the original value. This way, when memory locking is no longer needed, it can restore it. I've tested this both on x86 and ppc64, both by removing devices that were assigned in the domain XML and devices that I had hotplugged. Patches 1-2 lay some groundwork by allowing retrieval of the memory locking limit for a process. Patches 3-4 add qemuDomainAdjustMaxMemLock() and use it where appropriate in the existing code. Patch 5 adds one more use of the function, after a PCI hostdev has been detached from the guest. Patch 6 replaces the use of Mlock with MemLock. Suggestions on how to further improve the names of those functions is very welcome, this is just a first step in the right direction. Cheers. [1] https://www.redhat.com/archives/libvir-list/2015-November/msg00642.html Andrea Bolognani (6): process: Allow virProcessPrLimit() to get current limit process: Add virProcessGetMaxMemLock() qemu: Add qemuDomainAdjustMaxMemLock() qemu: Use qemuDomainAdjustMaxMemLock() qemu: Reduce memlock limit after detaching hostdev qemu: Replace Mlock with MemLock in function names configure.ac | 2 +- src/conf/domain_conf.h | 3 +++ src/libvirt_private.syms | 1 + src/qemu/qemu_command.c | 4 ++-- src/qemu/qemu_domain.c | 56 +++++++++++++++++++++++++++++++++++++++++++--- src/qemu/qemu_domain.h | 5 +++-- src/qemu/qemu_hotplug.c | 46 ++++++++++++++++---------------------- src/util/virprocess.c | 58 +++++++++++++++++++++++++++++++++++++++++++----- src/util/virprocess.h | 2 ++ 9 files changed, 136 insertions(+), 41 deletions(-) -- 2.5.0

2 25