[libvirt] Executing gdb/gcore as an on_crash action
by Sergio Lopez
Hi,
Right now, the actions coredump-[destroy|restart] for on_crash work in
a similar way as "virsh dump", requesting a dump of Guest's memory
contents to QEMU.
I think it'd be nice to have the ability for executing gdb/gcore to
produce a full core dump of QEMU. This would be especially useful for
debugging hard/soft lockups on the Guest.
Of course, this should be implemented in a completely optional way,
checking if the gdb binary is present, to avoid creating a direct
dependency between libvirt and gdb.
I'm willing to work on a patch implementing this feature myself, but
first I'd like to know if this sounds good to you. Also, if it does,
do you think the behavior of coredump-[destroy|restart] should be
changed to use gdb if available, falling back to qemuDomainCoreDump if
it isn't, or just implement another action for on_crash?
--
Sergio
7 years
[libvirt] [PATCH 00/14] Fix race on srv->nclients_unauth and some other changes
by Marc Hartmayer
This patch series fixes some locking issues, memory leaks, some other
cosmetic changes, and it fixes a bug that led to a libvirtd which
doesn't accept new connections.
Marc Hartmayer (14):
rpc: Remove duplicate declaration of virNetServerAddClient
rpc: Fix memory leaks @virnetserverclient
rpc: Use the enum value instead of a numerical value
rpc: Add typedef for the anonymous enum used for authentication
methods
rpc: Be more precise in which cases the authentication is needed
rpc: First test if authentication is required
rpc: Correct locking and simplify the function
rpc: Refactor the condition whether a client needs authentication
rpc: Merge critical sections and preparations for upcoming patches
rpc: Introduce virNetServerSetClientAuthenticated
rpc: virnetserver: Fix race on srv->nclients_unauth
tests: virnetdaemontest: Enable testing for 'auth_pending'
rpc: Remove virNetServerClientNeedAuthLocked
rpc: Replace virNetServerClientNeedAuth with
virNetServerClientIsAuthenticated
daemon/remote.c | 13 +--
src/libvirt_remote.syms | 14 +--
src/rpc/virnetserver.c | 82 ++++++++++-----
src/rpc/virnetserver.h | 6 +-
src/rpc/virnetserverclient.c | 113 ++++++++++++++++-----
src/rpc/virnetserverclient.h | 11 +-
src/rpc/virnetserverprogram.c | 9 +-
src/rpc/virnetserverservice.h | 4 +-
.../input-data-client-auth-pending-failure.json | 44 ++++++++
.../input-data-client-auth-pending.json | 70 +++++++++++++
.../virnetdaemondata/output-data-admin-nomdns.json | 4 +
.../output-data-admin-server-names.json | 4 +
.../virnetdaemondata/output-data-anon-clients.json | 2 +
...s.json => output-data-client-auth-pending.json} | 4 +-
tests/virnetdaemondata/output-data-client-ids.json | 2 +
.../output-data-client-timestamp.json | 2 +
.../output-data-initial-nomdns.json | 2 +
tests/virnetdaemondata/output-data-initial.json | 2 +
.../output-data-no-keepalive-required.json | 4 +
tests/virnetdaemontest.c | 2 +
20 files changed, 310 insertions(+), 84 deletions(-)
create mode 100644 tests/virnetdaemondata/input-data-client-auth-pending-failure.json
create mode 100644 tests/virnetdaemondata/input-data-client-auth-pending.json
copy tests/virnetdaemondata/{output-data-client-ids.json => output-data-client-auth-pending.json} (94%)
--
2.13.4
7 years
[libvirt] [PATCH] virt-aa-helper: handle more disk images
by Cédric Bosdonnat
virt-aa-helper needs read access to the disk image to resolve symlinks
and add the proper rules to the profile. Its profile whitelists a few
common paths, but users can place their images anywhere.
This commit helps users allowing access to their images by adding their
own rules in apparmor.d/local/usr.lib.libvirt.virt-aa-helper.
This commit also adds rules to allow reading files named:
- *.raw as this is a rather common disk image extension
- /run/libvirt/**[vd]d[a-z] as these are used by virt-sandbox
---
examples/Makefile.am | 24 ++++++++++++++++++++++--
examples/apparmor/usr.lib.libvirt.virt-aa-helper | 4 ++++
2 files changed, 26 insertions(+), 2 deletions(-)
diff --git a/examples/Makefile.am b/examples/Makefile.am
index ef2f79db3..8a1d6919a 100644
--- a/examples/Makefile.am
+++ b/examples/Makefile.am
@@ -67,6 +67,9 @@ admin_client_info_SOURCES = admin/client_info.c
admin_client_close_SOURCES = admin/client_close.c
admin_logging_SOURCES = admin/logging.c
+INSTALL_DATA_LOCAL =
+UNINSTALL_LOCAL =
+
if WITH_APPARMOR_PROFILES
apparmordir = $(sysconfdir)/apparmor.d/
apparmor_DATA = \
@@ -85,20 +88,37 @@ templates_DATA = \
apparmor/TEMPLATE.qemu \
apparmor/TEMPLATE.lxc \
$(NULL)
+
+APPARMOR_LOCAL_DIR = "$(DESTDIR)$(apparmordir)/local"
+install-apparmor-local:
+ $(MKDIR_P) "$(APPARMOR_LOCAL_DIR)"
+ echo "# Site-specific additions and overrides for \
+ 'usr.lib.libvirt.virt-aa-helper'" \
+ >$(APPARMOR_LOCAL_DIR)/usr.lib.libvirt.virt-aa-helper
+
+INSTALL_DATA_LOCAL += install-apparmor-local
+UNINSTALL_LOCAL += uninstall-apparmor-local
endif WITH_APPARMOR_PROFILES
if WITH_NWFILTER
NWFILTER_DIR = "$(DESTDIR)$(sysconfdir)/libvirt/nwfilter"
-install-data-local:
+install-nwfilter-local:
$(MKDIR_P) "$(NWFILTER_DIR)"
for f in $(FILTERS); do \
$(INSTALL_DATA) $$f "$(NWFILTER_DIR)"; \
done
-uninstall-local::
+uninstall-nwfilter-local::
for f in $(FILTERS); do \
rm -f "$(NWFILTER_DIR)/`basename $$f`"; \
done
-test -z "$(shell ls $(NWFILTER_DIR))" || rmdir $(NWFILTER_DIR)
+
+INSTALL_DATA_LOCAL += install-nwfilter-local
+UNINSTALL_LOCAL += uninstall-nwfilter-local
endif WITH_NWFILTER
+
+install-data-local: $(INSTALL_DATA_LOCAL)
+
+uninstall-local: $(UNINSTALL_LOCAL)
diff --git a/examples/apparmor/usr.lib.libvirt.virt-aa-helper b/examples/apparmor/usr.lib.libvirt.virt-aa-helper
index bd6181d00..f3069d369 100644
--- a/examples/apparmor/usr.lib.libvirt.virt-aa-helper
+++ b/examples/apparmor/usr.lib.libvirt.virt-aa-helper
@@ -3,6 +3,7 @@
profile virt-aa-helper /usr/{lib,lib64}/libvirt/virt-aa-helper {
#include <abstractions/base>
+ #include <local/usr.lib.libvirt.virt-aa-helper>
# needed for searching directories
capability dac_override,
@@ -50,8 +51,11 @@ profile virt-aa-helper /usr/{lib,lib64}/libvirt/virt-aa-helper {
/var/lib/libvirt/images/ r,
/var/lib/libvirt/images/** r,
/{media,mnt,opt,srv}/** r,
+ # For virt-sandbox
+ /run/libvirt/**/[sv]d[a-z] r
/**.img r,
+ /**.raw r,
/**.qcow{,2} r,
/**.qed r,
/**.vmdk r,
--
2.15.1
7 years
[libvirt] [PATCH] netserver: close clients before stopping all drivers
by Cédric Bosdonnat
So far clients were closed when disposing the daemon, after the state
driver cleanup. This was leading to libvirtd crashing at shutdown due
to missing driver.
Moving the client close in virNetServerClose() fixes the problem.
---
src/rpc/virnetserver.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/src/rpc/virnetserver.c b/src/rpc/virnetserver.c
index 2b76daab5..43f889e2a 100644
--- a/src/rpc/virnetserver.c
+++ b/src/rpc/virnetserver.c
@@ -774,10 +774,8 @@ void virNetServerDispose(void *obj)
virObjectUnref(srv->programs[i]);
VIR_FREE(srv->programs);
- for (i = 0; i < srv->nclients; i++) {
- virNetServerClientClose(srv->clients[i]);
+ for (i = 0; i < srv->nclients; i++)
virObjectUnref(srv->clients[i]);
- }
VIR_FREE(srv->clients);
VIR_FREE(srv->mdnsGroupName);
@@ -796,6 +794,9 @@ void virNetServerClose(virNetServerPtr srv)
for (i = 0; i < srv->nservices; i++)
virNetServerServiceClose(srv->services[i]);
+ for (i = 0; i < srv->nclients; i++)
+ virNetServerClientClose(srv->clients[i]);
+
virObjectUnlock(srv);
}
--
2.15.1
7 years
[libvirt] [PATCH] qemu: hotplug: unify "not found" logs when detaching device
by Chen Hanxiao
From: Chen Hanxiao <chenhanxiao(a)gmail.com>
Some services, such as Nova, check whether device was not found
by errror messages "not found". [1]
This patch unify logs of qemuDomainDetachDeviceLive, which will be helpful.
[1] https://github.com/openstack/nova/blob/master/nova/virt/libvirt/guest.py#...
Signed-off-by: Chen Hanxiao <chenhanxiao(a)gmail.com>
---
src/qemu/qemu_hotplug.c | 18 +++++++++++-------
1 file changed, 11 insertions(+), 7 deletions(-)
diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
index d97aa6051..925574b92 100644
--- a/src/qemu/qemu_hotplug.c
+++ b/src/qemu/qemu_hotplug.c
@@ -5093,7 +5093,7 @@ qemuDomainDetachShmemDevice(virQEMUDriverPtr driver,
if ((idx = virDomainShmemDefFind(vm->def, dev)) < 0) {
virReportError(VIR_ERR_OPERATION_INVALID, "%s",
- _("device not present in domain configuration"));
+ _("device not found in domain configuration"));
return -1;
}
@@ -5150,7 +5150,7 @@ qemuDomainDetachWatchdog(virQEMUDriverPtr driver,
watchdog->action == dev->action &&
virDomainDeviceInfoAddressIsEqual(&dev->info, &watchdog->info))) {
virReportError(VIR_ERR_OPERATION_INVALID, "%s",
- _("watchdog device not present in domain configuration"));
+ _("watchdog device not found in domain configuration"));
return -1;
}
@@ -5233,8 +5233,11 @@ qemuDomainDetachNetDevice(virQEMUDriverPtr driver,
virDomainNetDefPtr detach = NULL;
qemuDomainObjPrivatePtr priv = vm->privateData;
- if ((detachidx = virDomainNetFindIdx(vm->def, dev->data.net)) < 0)
+ if ((detachidx = virDomainNetFindIdx(vm->def, dev->data.net)) < 0) {
+ virReportError(VIR_ERR_OPERATION_FAILED,
+ _("netdev %s not found"), dev->data.net->mac.addr);
goto cleanup;
+ }
detach = vm->def->nets[detachidx];
@@ -5420,8 +5423,9 @@ int qemuDomainDetachChrDevice(virQEMUDriverPtr driver,
char *devstr = NULL;
if (!(tmpChr = virDomainChrFind(vmdef, chr))) {
- virReportError(VIR_ERR_OPERATION_INVALID, "%s",
- _("device not present in domain configuration"));
+ virReportError(VIR_ERR_OPERATION_INVALID,
+ _("device %s not found in domain configuration"),
+ chr->target.name);
goto cleanup;
}
@@ -5468,7 +5472,7 @@ qemuDomainDetachRNGDevice(virQEMUDriverPtr driver,
if ((idx = virDomainRNGFind(vm->def, rng)) < 0) {
virReportError(VIR_ERR_OPERATION_INVALID, "%s",
- _("device not present in domain configuration"));
+ _("device not found in domain configuration"));
return -1;
}
@@ -5511,7 +5515,7 @@ qemuDomainDetachMemoryDevice(virQEMUDriverPtr driver,
if ((idx = virDomainMemoryFindByDef(vm->def, memdef)) < 0) {
virReportError(VIR_ERR_OPERATION_INVALID, "%s",
- _("device not present in domain configuration"));
+ _("device not found in domain configuration"));
return -1;
}
--
2.14.3
7 years
[libvirt] [PATCH 0/2] Forbid memoryBacking/access for non-numa case
by Michal Privoznik
*** BLURB HERE ***
Michal Privoznik (2):
src: Export virDomainMemoryAccessType*String
qemuBuildMemPathStr: Forbid memoryBacking/access for non-numa case
src/libvirt_private.syms | 2 +
src/qemu/qemu_command.c | 9 +++
tests/qemuxml2argvdata/hugepages-memaccess3.xml | 87 +++++++++++++++++++++++++
tests/qemuxml2argvtest.c | 3 +
4 files changed, 101 insertions(+)
create mode 100644 tests/qemuxml2argvdata/hugepages-memaccess3.xml
--
2.13.6
7 years
[libvirt] RFC: Introduce a dlm-corosync for Lock manager plugin
by Fu.Lin
Hi,
Currently the lock manager infrastructure has implementation of nop, sanlock
and lockd. The first do nothing, while sanlock and lockd all requires
the share
stroage, and lockd is not provided fence mechanism, sanlock would force to
restart OS when stopping daemon.
The first half of 2017, QEMU introduced the `share-rw` and `file.locking` to
handle a problem: https://bugzilla.redhat.com/show_bug.cgi?id=1080152 ,
someone
said:
There is also scope for creating new plugins for libvirt to use other
mechanism if someone comes up with other ideas.
So what about dlm-corosync?
DLM(distributed lock manage) is implemented by kernel, it provides some
userspace
API by "libdlm" to lock/unlock resource, using these API need a daemon named
dlm_controld. "Corosync" is cluster messager layer using TCP or UDP,
responsible
for members management in cluster. dlm_controld and corosync are formed
a kind of
lock which could be used in cluster. And there is another component
named "sbd"
providing fence mechanism, it's not necessary, `dlm_controld -f 0` would
disable it.
As for implement, I think we could make use of virtlockd daemon, just
add some
RPC callback in micro-on.
-- Regards River
7 years
[libvirt] [PATCH] treat host models as case-insensitive strings
by Scott Garfinkle
Qemu now allows case-insensitive specification of CPU models. This fixes the
resulting problems on POWER arch machines. I believe a similar change is needed
in src/cpu/cpu_x86.c but I don't have a way to test this.
Signed-off-by: Scott Garfinkle <scottgar(a)linux.vnet.ibm.com>
---
src/conf/domain_capabilities.c | 2 +-
src/cpu/cpu_ppc64.c | 16 ++++++++--------
src/internal.h | 1 +
3 files changed, 10 insertions(+), 9 deletions(-)
diff --git a/src/conf/domain_capabilities.c b/src/conf/domain_capabilities.c
index e7323a8..f7d9be5 100644
--- a/src/conf/domain_capabilities.c
+++ b/src/conf/domain_capabilities.c
@@ -271,7 +271,7 @@ virDomainCapsCPUModelsGet(virDomainCapsCPUModelsPtr cpuModels,
return NULL;
for (i = 0; i < cpuModels->nmodels; i++) {
- if (STREQ(cpuModels->models[i].name, name))
+ if (STRCASEEQ(cpuModels->models[i].name, name))
return cpuModels->models + i;
}
diff --git a/src/cpu/cpu_ppc64.c b/src/cpu/cpu_ppc64.c
index 76582d4..9f7e2bb 100644
--- a/src/cpu/cpu_ppc64.c
+++ b/src/cpu/cpu_ppc64.c
@@ -67,10 +67,10 @@ static int
virCPUppc64ConvertLegacy(virCPUDefPtr cpu)
{
if (cpu->model &&
- (STREQ(cpu->model, "POWER7_v2.1") ||
- STREQ(cpu->model, "POWER7_v2.3") ||
- STREQ(cpu->model, "POWER7+_v2.1") ||
- STREQ(cpu->model, "POWER8_v1.0"))) {
+ (STRCASEEQ(cpu->model, "POWER7_v2.1") ||
+ STRCASEEQ(cpu->model, "POWER7_v2.3") ||
+ STRCASEEQ(cpu->model, "POWER7+_v2.1") ||
+ STRCASEEQ(cpu->model, "POWER8_v1.0"))) {
cpu->model[strlen("POWERx")] = 0;
}
@@ -93,7 +93,7 @@ ppc64CheckCompatibilityMode(const char *host_model,
return VIR_CPU_COMPARE_IDENTICAL;
/* Valid host CPUs: POWER6, POWER7, POWER8, POWER9 */
- if (!STRPREFIX(host_model, "POWER") ||
+ if (!STRCASEPREFIX(host_model, "POWER") ||
!(tmp = (char *) host_model + strlen("POWER")) ||
virStrToLong_i(tmp, NULL, 10, &host) < 0 ||
host < 6 || host > 9) {
@@ -104,7 +104,7 @@ ppc64CheckCompatibilityMode(const char *host_model,
}
/* Valid compatibility modes: power6, power7, power8, power9 */
- if (!STRPREFIX(compat_mode, "power") ||
+ if (!STRCASEPREFIX(compat_mode, "power") ||
!(tmp = (char *) compat_mode + strlen("power")) ||
virStrToLong_i(tmp, NULL, 10, &compat) < 0 ||
compat < 6 || compat > 9) {
@@ -168,7 +168,7 @@ ppc64VendorFind(const struct ppc64_map *map,
size_t i;
for (i = 0; i < map->nvendors; i++) {
- if (STREQ(map->vendors[i]->name, name))
+ if (STRCASEEQ(map->vendors[i]->name, name))
return map->vendors[i];
}
@@ -216,7 +216,7 @@ ppc64ModelFind(const struct ppc64_map *map,
size_t i;
for (i = 0; i < map->nmodels; i++) {
- if (STREQ(map->models[i]->name, name))
+ if (STRCASEEQ(map->models[i]->name, name))
return map->models[i];
}
diff --git a/src/internal.h b/src/internal.h
index 5895030..1760e3b 100644
--- a/src/internal.h
+++ b/src/internal.h
@@ -75,6 +75,7 @@
# define STRNEQLEN(a, b, n) (strncmp(a, b, n) != 0)
# define STRCASENEQLEN(a, b, n) (c_strncasecmp(a, b, n) != 0)
# define STRPREFIX(a, b) (strncmp(a, b, strlen(b)) == 0)
+# define STRCASEPREFIX(a, b) (c_strncasecmp(a, b, strlen(b)) == 0)
# define STRSKIP(a, b) (STRPREFIX(a, b) ? (a) + strlen(b) : NULL)
# define STREQ_NULLABLE(a, b) \
--
1.8.3.1
7 years
[libvirt] [PATCH v2.1 0/2] Add support for hot unplug redirdev
by Chen Hanxiao
v2.1:
split original patch into a patchset, put News in a seperate patch
Chen Hanxiao (2):
qemu: Add support for hot unplug redirdev device
news: add change of hot unplug redirdev
docs/news.xml | 9 ++++
src/qemu/qemu_driver.c | 4 +-
src/qemu/qemu_hotplug.c | 111 ++++++++++++++++++++++++++++++++++++++++++++++++
src/qemu/qemu_hotplug.h | 3 ++
4 files changed, 126 insertions(+), 1 deletion(-)
--
2.14.3
7 years
[libvirt] [PATCH] rpc: fix race sending and encoding sasl data
by Daniel P. Berrange
The virNetSocketWriteSASL method has to encode the buffer it is given and then
write it to the underlying socket. This write is not guaranteed to send the
full amount of data that was encoded by SASL. We cache the SASL encoded data so
that on the next invokation of virNetSocketWriteSASL we carry on sending it.
The subtle problem is that the 'len' value passed into virNetSocketWriteSASL on
the 2nd call may be larger than the original value. So when we've completed
sending the SASL encoded data we previously cached, we must return the original
length we encoded, not the new length.
This flaw means we could potentially have been discarded queued data without
sending it. This would have exhibited itself as a libvirt client never receiving
the reply to a method it invokes, async events silently going missing, or worse
stream data silently getting dropped.
For this to be a problem libvirtd would have to be queued data to send to the
client, while at the same time the TCP socket send buffer is full (due to a very
slow client). This is quite unlikely so if this bug was ever triggered by a real
world user it would be almost impossible to reproduce or diagnose, if indeed it
was ever noticed at all.
Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com>
---
src/rpc/virnetsocket.c | 19 +++++++++++++++----
1 file changed, 15 insertions(+), 4 deletions(-)
diff --git a/src/rpc/virnetsocket.c b/src/rpc/virnetsocket.c
index 23089afef4..2d41a716ba 100644
--- a/src/rpc/virnetsocket.c
+++ b/src/rpc/virnetsocket.c
@@ -107,6 +107,7 @@ struct _virNetSocket {
const char *saslEncoded;
size_t saslEncodedLength;
+ size_t saslEncodedRawLength;
size_t saslEncodedOffset;
#endif
#if WITH_SSH2
@@ -1927,6 +1928,7 @@ static ssize_t virNetSocketWriteSASL(virNetSocketPtr sock, const char *buf, size
&sock->saslEncodedLength) < 0)
return -1;
+ sock->saslEncodedRawLength = tosend;
sock->saslEncodedOffset = 0;
}
@@ -1943,11 +1945,20 @@ static ssize_t virNetSocketWriteSASL(virNetSocketPtr sock, const char *buf, size
/* Sent all encoded, so update raw buffer to indicate completion */
if (sock->saslEncodedOffset == sock->saslEncodedLength) {
+ ssize_t done = sock->saslEncodedRawLength;
sock->saslEncoded = NULL;
- sock->saslEncodedOffset = sock->saslEncodedLength = 0;
-
- /* Mark as complete, so caller detects completion */
- return tosend;
+ sock->saslEncodedOffset = sock->saslEncodedLength = sock->saslEncodedRawLength = 0;
+
+ /* Mark as complete, so caller detects completion.
+ *
+ * Note that 'done' is possibly less than our current
+ * 'tosend' value, since if virNetSocketWriteWire
+ * only partially sent the data, we might have been
+ * called a 2nd time to write remaining cached
+ * encoded data. This means that the caller might
+ * also have further raw data pending that's included
+ * in 'tosend' */
+ return done;
} else {
/* Still have stuff pending in saslEncoded buffer.
* Pretend to caller that we didn't send any yet.
--
2.14.3
7 years