6:52 p.m.
Original patch here:
http://www.redhat.com/archives/libvir-list/2014-January/msg01408.html
Changes since v1:
* Add virkmod.{c,h} to perform the various modprobe commands
virModprobeConfig() -> modprobe -c
virModprobeLoad() -> modprobe driver
virModprobeUnload() -> modprobe -r driver
virModprobeUseBlacklist() -> modprobe -b driver
* virkmodtest.c to test the functions
Caveat emptor... The config is the only test run by default. Loading and
Unloading modules is something to be done carefully.
* virpci.c
Use the virModprobe*() API's instead of a direct MODPROBE
* .gitignore
Added the /tests/virkmodtest and /examples/domain-events/ which seems
to have appeared recently. I can separate them out if desired.
NOTE: Since I have no messages in virkmod.c, modifying po/POTFILES.in was
deemed unnecessary by a 'make check-syntax'
John Ferlan (3):
utils: Introduce functions for modprobe
tests: Add test for new virkmod functions
Honor blacklist for modprobe command
.gitignore | 2 +
src/Makefile.am | 1 +
src/libvirt_private.syms | 7 ++
src/util/virkmod.c | 138 ++++++++++++++++++++++++++++++++
src/util/virkmod.h | 35 +++++++++
src/util/virpci.c | 49 +++++++++---
tests/Makefile.am | 5 ++
tests/virkmodtest.c | 201 +++++++++++++++++++++++++++++++++++++++++++++++
8 files changed, 429 insertions(+), 9 deletions(-)
create mode 100644 src/util/virkmod.c
create mode 100644 src/util/virkmod.h
create mode 100644 tests/virkmodtest.c
--
1.8.4.2
6:52 p.m.
New subject: [libvirt] [PATCH v2 1/3] utils: Introduce functions for modprobe
This patch adds functions for various usages of modprobe
Signed-off-by: John Ferlan <jferlan(a)redhat.com>
---
src/Makefile.am | 1 +
src/libvirt_private.syms | 7 +++
src/util/virkmod.c | 138 +++++++++++++++++++++++++++++++++++++++++++++++
src/util/virkmod.h | 35 ++++++++++++
4 files changed, 181 insertions(+)
create mode 100644 src/util/virkmod.c
create mode 100644 src/util/virkmod.h
diff --git a/src/Makefile.am b/src/Makefile.am
index abe0a51..b704045 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -125,6 +125,7 @@ UTIL_SOURCES = \
util/virnetdevvportprofile.h util/virnetdevvportprofile.c \
util/virnetlink.c util/virnetlink.h \
util/virnodesuspend.c util/virnodesuspend.h \
+ util/virkmod.c util/virkmod.h \
util/virnuma.c util/virnuma.h \
util/virobject.c util/virobject.h \
util/virpci.c util/virpci.h \
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 45f3117..11fc320 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -1382,6 +1382,13 @@ virKeyFileLoadFile;
virKeyFileNew;
+# util/virkmod.h
+virModprobeConfig;
+virModprobeLoad;
+virModprobeUnload;
+virModprobeUseBlacklist;
+
+
# util/virlockspace.h
virLockSpaceAcquireResource;
virLockSpaceCreateResource;
diff --git a/src/util/virkmod.c b/src/util/virkmod.c
new file mode 100644
index 0000000..b8de8ea
--- /dev/null
+++ b/src/util/virkmod.c
@@ -0,0 +1,138 @@
+/*
+ * virkmod.c: helper APIs for managing kernel modules
+ *
+ * Copyright (C) 2014 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library. If not, see
+ * <http://www.gnu.org/licenses/>;.
+ *
+ */
+
+#include <config.h>
+#include "virkmod.h"
+#include "vircommand.h"
+
+static int
+doModprobe(const char *opts, const char *module, char **outbuf, char **errbuf)
+{
+ int ret = -1;
+ virCommandPtr cmd = NULL;
+
+ cmd = virCommandNew(MODPROBE);
+ if (opts)
+ virCommandAddArg(cmd, opts);
+ if (module)
+ virCommandAddArg(cmd, module);
+ if (outbuf)
+ virCommandSetOutputBuffer(cmd, outbuf);
+ if (errbuf)
+ virCommandSetErrorBuffer(cmd, errbuf);
+
+ if (virCommandRun(cmd, NULL) < 0)
+ goto cleanup;
+
+ ret = 0;
+
+cleanup:
+ virCommandFree(cmd);
+ return ret;
+}
+
+/**
+ * virModprobeConfig:
+ *
+ * Get the current kernel module configuration
+ *
+ * Returns NULL on failure or a pointer to the output which
+ * must be VIR_FREE()'d by the caller
+ */
+char *
+virModprobeConfig(void)
+{
+ char *outbuf = NULL;
+
+ if (doModprobe("-c", NULL, &outbuf, NULL) < 0)
+ return NULL;
+
+ return outbuf;
+}
+
+
+/**
+ * virModprobeLoad:
+ * @module: Name of the module to load regardless of being on blacklist
+ *
+ * Attempts to load a kernel module
+ *
+ * returns NULL in case of success and the error buffer output from the
+ * virCommandRun() on failure. The returned buffer must be VIR_FREE()
+ * by the caller
+ */
+char *
+virModprobeLoad(const char *module)
+{
+ char *errbuf = NULL;
+
+ if (doModprobe(NULL, module, NULL, &errbuf) < 0)
+ return errbuf;
+
+ VIR_FREE(errbuf);
+ return NULL;
+}
+
+
+/**
+ * virModprobeUseBlacklist:
+ * @module: Name of the module to load applying blacklist lookup
+ *
+ * Like ModprobeLoad, except adhere to the blacklist if present
+ *
+ * returns NULL in case of success and the error buffer output from the
+ * virCommandRun() on failure. The returned buffer must be VIR_FREE()
+ * by the caller
+ */
+char *
+virModprobeUseBlacklist(const char *module)
+{
+ char *errbuf = NULL;
+
+ if (doModprobe("-b", module, NULL, &errbuf) < 0)
+ return errbuf;
+
+ VIR_FREE(errbuf);
+ return NULL;
+}
+
+
+/**
+ * virModprobeUnload:
+ * @module: Name of the module to unload
+ *
+ * Remove or unload a module
+ *
+ * returns NULL in case of success and the error buffer output from the
+ * virCommandRun() on failure. The returned buffer must be VIR_FREE()
+ * by the caller
+ */
+char *
+virModprobeUnload(const char *module)
+{
+ char *errbuf = NULL;
+
+ if (doModprobe("-r", module, NULL, &errbuf) < 0)
+ return errbuf;
+
+ VIR_FREE(errbuf);
+ return NULL;
+}
diff --git a/src/util/virkmod.h b/src/util/virkmod.h
new file mode 100644
index 0000000..31b2663
--- /dev/null
+++ b/src/util/virkmod.h
@@ -0,0 +1,35 @@
+/*
+ * virkmod.h: helper APIs for managing kernel modprobe
+ *
+ * Copyright (C) 2014 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library. If not, see
+ * <http://www.gnu.org/licenses/>;.
+ *
+ */
+
+#ifndef __VIR_KMOD_H__
+# define __VIR_KMOD_H__
+
+# include "internal.h"
+# include "viralloc.h"
+
+char *virModprobeConfig(void);
+char *virModprobeLoad(const char *)
+ ATTRIBUTE_NONNULL(1);
+char *virModprobeUseBlacklist(const char *);
+ ATTRIBUTE_NONNULL(1)
+char *virModprobeUnload(const char *)
+ ATTRIBUTE_NONNULL(1);
+#endif /* __VIR_KMOD_H__ */
--
1.8.4.2
5:55 a.m.
New subject: [libvirt] [PATCH v2 1/3] utils: Introduce functions for modprobe
On Wed, Jan 29, 2014 at 07:52:43PM -0500, John Ferlan wrote:
diff --git a/src/util/virkmod.c b/src/util/virkmod.c
new file mode 100644
index 0000000..b8de8ea
--- /dev/null
+++ b/src/util/virkmod.c
@@ -0,0 +1,138 @@
+/*
+ * virkmod.c: helper APIs for managing kernel modules
+ *
+ * Copyright (C) 2014 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library. If not, see
+ * <http://www.gnu.org/licenses/>;.
+ *
+ */
+
+#include <config.h>
+#include "virkmod.h"
+#include "vircommand.h"
+
+static int
+doModprobe(const char *opts, const char *module, char **outbuf, char **errbuf)
+{
+ int ret = -1;
+ virCommandPtr cmd = NULL;
+
+ cmd = virCommandNew(MODPROBE);
+ if (opts)
+ virCommandAddArg(cmd, opts);
+ if (module)
+ virCommandAddArg(cmd, module);
+ if (outbuf)
+ virCommandSetOutputBuffer(cmd, outbuf);
+ if (errbuf)
+ virCommandSetErrorBuffer(cmd, errbuf);
+
+ if (virCommandRun(cmd, NULL) < 0)
+ goto cleanup;
+
+ ret = 0;
+
+cleanup:
+ virCommandFree(cmd);
+ return ret;
+}
+
+/**
+ * virModprobeConfig:
+ *
+ * Get the current kernel module configuration
+ *
+ * Returns NULL on failure or a pointer to the output which
+ * must be VIR_FREE()'d by the caller
+ */
+char *
+virModprobeConfig(void)
+{
+ char *outbuf = NULL;
+
+ if (doModprobe("-c", NULL, &outbuf, NULL) < 0)
+ return NULL;
+
+ return outbuf;
+}
+
+
+/**
+ * virModprobeLoad:
+ * @module: Name of the module to load regardless of being on blacklist
+ *
+ * Attempts to load a kernel module
+ *
+ * returns NULL in case of success and the error buffer output from the
+ * virCommandRun() on failure. The returned buffer must be VIR_FREE()
+ * by the caller
+ */
+char *
+virModprobeLoad(const char *module)
+{
+ char *errbuf = NULL;
+
+ if (doModprobe(NULL, module, NULL, &errbuf) < 0)
+ return errbuf;
+
+ VIR_FREE(errbuf);
+ return NULL;
+}
+
+
+/**
+ * virModprobeUseBlacklist:
+ * @module: Name of the module to load applying blacklist lookup
+ *
+ * Like ModprobeLoad, except adhere to the blacklist if present
+ *
+ * returns NULL in case of success and the error buffer output from the
+ * virCommandRun() on failure. The returned buffer must be VIR_FREE()
+ * by the caller
+ */
+char *
+virModprobeUseBlacklist(const char *module)
+{
+ char *errbuf = NULL;
+
+ if (doModprobe("-b", module, NULL, &errbuf) < 0)
+ return errbuf;
+
+ VIR_FREE(errbuf);
+ return NULL;
+}
I think we could probably just have a 'bool useBlacklist' parameter
for the virModeprobeLoad method - we'll likely want all callers
to use the blacklist anyway, so not much need to have separate
methods for each usage.
+
+
+/**
+ * virModprobeUnload:
+ * @module: Name of the module to unload
+ *
+ * Remove or unload a module
+ *
+ * returns NULL in case of success and the error buffer output from the
+ * virCommandRun() on failure. The returned buffer must be VIR_FREE()
+ * by the caller
+ */
+char *
+virModprobeUnload(const char *module)
+{
+ char *errbuf = NULL;
+
+ if (doModprobe("-r", module, NULL, &errbuf) < 0)
+ return errbuf;
+
+ VIR_FREE(errbuf);
+ return NULL;
+}
Oh actually this reminds me of a recent firewalld bug. Basically
'modprobe -r' has utterly broken semantics - it will recursively
unload any modules that were dependancies of the one you're removing
even if things still require them ! eg it'll see the 'bridge' module
has refcount of 0 and remove it, even if you have bridges created on
the host :-( 'rmmod modname' is what you actually want to use.
+#ifndef __VIR_KMOD_H__
+# define __VIR_KMOD_H__
+
+# include "internal.h"
+# include "viralloc.h"
Put the viralloc.h in the .c file, since the header doesn't do need
any memory allocation APIs.
+
+char *virModprobeConfig(void);
+char *virModprobeLoad(const char *)
+ ATTRIBUTE_NONNULL(1);
+char *virModprobeUseBlacklist(const char *);
+ ATTRIBUTE_NONNULL(1)
+char *virModprobeUnload(const char *)
+ ATTRIBUTE_NONNULL(1);
+#endif /* __VIR_KMOD_H__ */
Nitpick on naming - general goal is to have function names match
the filename. eg so we should use virKModLoad / virKModUnload
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
6:52 p.m.
New subject: [libvirt] [PATCH v2 2/3] tests: Add test for new virkmod functions
Adding tests for new virModprobe{Config|Load|Unload|UseBlacklist} API's.
Other than the virModprobeConfig() calls, the tests require some special
set up and to be run from root.
Signed-off-by: John Ferlan <jferlan(a)redhat.com>
---
.gitignore | 2 +
tests/Makefile.am | 5 ++
tests/virkmodtest.c | 201 ++++++++++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 208 insertions(+)
create mode 100644 tests/virkmodtest.c
diff --git a/.gitignore b/.gitignore
index 96b7211..79437e9 100644
--- a/.gitignore
+++ b/.gitignore
@@ -70,6 +70,7 @@
/docs/libvirt-refs.xml
/docs/search.php
/docs/todo.html.in
+/examples/domain-events/
/examples/object-events/event-test
/examples/dominfo/info1
/examples/domsuspend/suspend
@@ -202,6 +203,7 @@
/tests/viridentitytest
/tests/virkeycodetest
/tests/virkeyfiletest
+/tests/virkmodtest
/tests/virlockspacetest
/tests/virlogtest
/tests/virnet*test
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 0930073..632c953 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -142,6 +142,7 @@ test_programs = virshtest sockettest \
sysinfotest \
virstoragetest \
virnetdevbandwidthtest \
+ virkmodtest \
$(NULL)
if WITH_REMOTE
@@ -655,6 +656,10 @@ virnetdevbandwidthtest_SOURCES = \
virnetdevbandwidthtest.c testutils.h testutils.c
virnetdevbandwidthtest_LDADD = $(LDADDS)
+virkmodtest_SOURCES = \
+ virkmodtest.c testutils.h testutils.c
+virkmodtest_LDADD = $(LDADDS)
+
if WITH_LIBVIRTD
libvirtdconftest_SOURCES = \
libvirtdconftest.c testutils.h testutils.c \
diff --git a/tests/virkmodtest.c b/tests/virkmodtest.c
new file mode 100644
index 0000000..8957e2c
--- /dev/null
+++ b/tests/virkmodtest.c
@@ -0,0 +1,201 @@
+/*
+ * Copyright (C) 2014 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library. If not, see
+ * <http://www.gnu.org/licenses/>;.
+ */
+
+#include <config.h>
+
+#include "testutils.h"
+
+#ifdef __linux__
+
+# include <stdlib.h>
+# include <stdio.h>
+# include <virkmod.h>
+# include <virstring.h>
+
+# define VIR_FROM_THIS VIR_FROM_NONE
+
+/* Defining MODPROBE_CONFIG_VFIO_PCI to 1 will allow this test to run
+ * through the module load, unload, and blacklist check API's. Doing
+ * so assumes that vfio-pci is present and available on your system
+ * and it's been placed on the blacklist. You must also run as root
+ * since the calls use /sbin/modprobe to load/unload a module.
+ *
+ * The load/unload tests should succeed and prove that libvirt wasn't
+ * checking for the blacklist.
+ *
+ * The use blacklist test follows the logic in virPCIProbeStubDriver()
+ * where an attempt to load a blacklist driver will result in the load
+ * appearing to succeed, but then finding the driver on the blacklist.
+ *
+ * To place 'vfio-pci' on the blacklist for a Fedora system create
+ * "/etc/modparams.d/blacklist-vfio-pci.conf" and within the file
+ * add the line "blacklist vfio-pci".
+ */
+# define MODPROBE_CONFIG_VFIO_PCI 0
+
+static int
+testModprobeConfig(const void *args ATTRIBUTE_UNUSED)
+{
+ int ret = -1;
+ char *outbuf = NULL;
+
+ /* This will return the contents of a 'modprobe -c' which can differ
+ * from machine to machine - be happy that we get something.
+ */
+ outbuf = virModprobeConfig();
+ if (!outbuf) {
+ fprintf(stderr, "Failed to get config\n");
+ goto cleanup;
+ }
+ ret = 0;
+
+cleanup:
+ VIR_FREE(outbuf);
+ return ret;
+}
+
+
+# if MODPROBE_CONFIG_VFIO_PCI
+static int
+testModprobeLoad(const void *args)
+{
+ int ret = -1;
+ char *errbuf = NULL;
+ const char *module = args;
+
+ errbuf = virModprobeLoad(module);
+ if (errbuf) {
+ fprintf(stderr, "Failed to load, error: %s\n", errbuf);
+ goto cleanup;
+ }
+
+ ret = 0;
+
+cleanup:
+ VIR_FREE(errbuf);
+ return ret;
+}
+
+
+static int
+testModprobeUnload(const void *args)
+{
+ int ret = -1;
+ char *errbuf = NULL;
+ const char *module = args;
+
+ errbuf = virModprobeUnload(module);
+ if (errbuf) {
+ fprintf(stderr, "Failed to unload, error: %s\n", errbuf);
+ goto cleanup;
+ }
+
+ ret = 0;
+
+cleanup:
+ VIR_FREE(errbuf);
+ return ret;
+}
+
+
+static int
+testModprobeUseBlacklist(const void *args)
+{
+ int ret = -1;
+ size_t i;
+ char *outbuf = NULL;
+ char *errbuf = NULL;
+ char *drvblklst = NULL;
+ const char *module = args;
+
+ errbuf = virModprobeUseBlacklist(module);
+ if (errbuf) {
+ fprintf(stderr, "Failed to load, error: %s\n", errbuf);
+ goto cleanup;
+ }
+
+ /* All error path code - purpose is to determine whether the failure
+ * occurs because device is on blacklist in order to add an error
+ * message to help detect why load failed
+ */
+ if (virAsprintf(&drvblklst, "blacklist %s", module) < 0)
+ goto cleanup;
+
+ /* modprobe will convert all '-' into '_', so we need to as well */
+ for (i = 0; i < drvblklst[i]; i++)
+ if (drvblklst[i] == '-')
+ drvblklst[i] = '_';
+
+ outbuf = virModprobeConfig();
+ if (!outbuf)
+ goto cleanup;
+
+ /* Find module on blacklist? */
+ if (!strstr(outbuf, drvblklst)) {
+ fprintf(stderr, "Failed to find %s on blacklist\n", module);
+ goto cleanup;
+ }
+
+ ret = 0;
+
+cleanup:
+ VIR_FREE(drvblklst);
+ VIR_FREE(outbuf);
+ VIR_FREE(errbuf);
+ if (ret == -1) {
+ errbuf = virModprobeUnload(module);
+ if (errbuf)
+ fprintf(stderr, "Failed to unload, error: %s\n", errbuf);
+ VIR_FREE(errbuf);
+ }
+ return ret;
+}
+# endif /* MODPROBE_CONFIG_VFIO_PCI*/
+
+
+static int
+mymain(void)
+{
+ int ret = 0;
+# if MODPROBE_CONFIG_VFIO_PCI
+ const char *module = "vfio-pci";
+# endif
+
+ if (virtTestRun("modprobe config", testModprobeConfig, NULL) < 0)
+ ret = -1;
+# if MODPROBE_CONFIG_VFIO_PCI
+ if (virtTestRun("modprobe load", testModprobeLoad, module) < 0)
+ ret = -1;
+ if (virtTestRun("modprobe unload", testModprobeUnload, module) < 0)
+ ret = -1;
+ if (virtTestRun("modprobe blacklist", testModprobeUseBlacklist, module)
< 0)
+ ret = -1;
+# endif /* MODPROBE_CONFIG_VFIO_PCI */
+
+ return ret==0 ? EXIT_SUCCESS : EXIT_FAILURE;
+
+}
+
+VIRT_TEST_MAIN(mymain);
+#else
+int
+main(void)
+{
+ return EXIT_AM_SKIP;
+}
+#endif
--
1.8.4.2
5:58 a.m.
New subject: [libvirt] [PATCH v2 2/3] tests: Add test for new virkmod functions
On Wed, Jan 29, 2014 at 07:52:44PM -0500, John Ferlan wrote:
Adding tests for new virModprobe{Config|Load|Unload|UseBlacklist}
API's.
Other than the virModprobeConfig() calls, the tests require some special
set up and to be run from root.
The unit tests need to be isolated from the host OS entirely. For the
load/unload APIs we could use the newly introduced 'virCommandSetDryRun'
API to let us test them. Basically we only want to validate that the
API is invoking the right set of commands / args. We don't actually
want to affect our host kernel / os.
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
6:56 a.m.
New subject: [libvirt] [PATCH v2 2/3] tests: Add test for new virkmod functions
On 01/30/2014 06:58 AM, Daniel P. Berrange wrote:
On Wed, Jan 29, 2014 at 07:52:44PM -0500, John Ferlan wrote:
> Adding tests for new virModprobe{Config|Load|Unload|UseBlacklist} API's.
> Other than the virModprobeConfig() calls, the tests require some special
> set up and to be run from root.
The unit tests need to be isolated from the host OS entirely. For the
load/unload APIs we could use the newly introduced 'virCommandSetDryRun'
API to let us test them. Basically we only want to validate that the
API is invoking the right set of commands / args. We don't actually
want to affect our host kernel / os.
I hadn't followed the virCommandSetDryRun() discussion. I certainly was
uncomfortable with adding the load/unload tests since yes, the host
would be affected, but I still wanted a way to be able to ensure that
they worked in a "controlled environment". The other hurdle with using
the new API is the downstream changes requiring yet another API...
John
6:52 p.m.
New subject: [libvirt] [PATCH v2 3/3] Honor blacklist for modprobe command
https://bugzilla.redhat.com/show_bug.cgi?id=1045124
When loading modules, libvirt does not honor the modprobe blacklist.
By adding a "-b" to the modprobe command libvirt will fail to load a
module if it's on the blacklist
Check if the failure to load a driver was due to it being on the blacklist
using the output of a "modprobe -c" searching for "blacklist
<driver_Name>"
where driver_Name is possibly a modified string of the input driver changing
all '-' into '_' since that's what modprobe does.
Signed-off-by: John Ferlan <jferlan(a)redhat.com>
---
src/util/virpci.c | 49 ++++++++++++++++++++++++++++++++++++++++---------
1 file changed, 40 insertions(+), 9 deletions(-)
diff --git a/src/util/virpci.c b/src/util/virpci.c
index e2d222e..5d4168a 100644
--- a/src/util/virpci.c
+++ b/src/util/virpci.c
@@ -42,6 +42,7 @@
#include "vircommand.h"
#include "virerror.h"
#include "virfile.h"
+#include "virkmod.h"
#include "virstring.h"
#include "virutil.h"
@@ -979,6 +980,9 @@ virPCIProbeStubDriver(const char *driver)
{
char *drvpath = NULL;
bool probed = false;
+ size_t i;
+ char *drvblklst = NULL;
+ char *outbuf = NULL;
recheck:
if (virPCIDriverDir(&drvpath, driver) == 0 && virFileExists(drvpath)) {
@@ -990,18 +994,44 @@ recheck:
VIR_FREE(drvpath);
if (!probed) {
- const char *const probecmd[] = { MODPROBE, driver, NULL };
+ char *errbuf = NULL;
probed = true;
- if (virRun(probecmd, NULL) < 0) {
- char ebuf[1024];
- VIR_WARN("failed to load driver %s: %s", driver,
- virStrerror(errno, ebuf, sizeof(ebuf)));
- return -1;
+ if ((errbuf = virModprobeUseBlacklist(driver))) {
+ VIR_WARN("failed to load driver %s: %s", driver, errbuf);
+ VIR_FREE(errbuf);
+ goto cleanup;
}
goto recheck;
}
+ /* All error path code - purpose is to determine whether the failure
+ * occurs because device is on blacklist in order to add an error
+ * message to help detect why load failed
+ */
+ if (virAsprintfQuiet(&drvblklst, "blacklist %s", driver) < 0)
+ goto cleanup;
+
+ /* modprobe will convert all '-' into '_', so we need to as well */
+ for (i = 0; i < drvblklst[i]; i++)
+ if (drvblklst[i] == '-')
+ drvblklst[i] = '_';
+
+ outbuf = virModprobeConfig();
+ if (!outbuf)
+ goto cleanup;
+
+ /* Find driver on blacklist? */
+ if (strstr(outbuf, drvblklst)) {
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("Failed to load PCI stub module %s: "
+ "administratively prohibited"),
+ driver);
+ }
+
+cleanup:
+ VIR_FREE(drvblklst);
+ VIR_FREE(outbuf);
return -1;
}
@@ -1313,9 +1343,10 @@ virPCIDeviceDetach(virPCIDevicePtr dev,
virPCIDeviceList *inactiveDevs)
{
if (virPCIProbeStubDriver(dev->stubDriver) < 0) {
- virReportError(VIR_ERR_INTERNAL_ERROR,
- _("Failed to load PCI stub module %s"),
- dev->stubDriver);
+ if (virGetLastError() == NULL)
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("Failed to load PCI stub module %s"),
+ dev->stubDriver);
return -1;
}
--
1.8.4.2
5:57 a.m.
New subject: [libvirt] [PATCH v2 3/3] Honor blacklist for modprobe command
On 01/30/2014 01:52 AM, John Ferlan wrote:
https://bugzilla.redhat.com/show_bug.cgi?id=1045124
When loading modules, libvirt does not honor the modprobe blacklist.
By adding a "-b" to the modprobe command libvirt will fail to load a
module if it's on the blacklist
Check if the failure to load a driver was due to it being on the blacklist
using the output of a "modprobe -c" searching for "blacklist
<driver_Name>"
where driver_Name is possibly a modified string of the input driver changing
all '-' into '_' since that's what modprobe does.
Signed-off-by: John Ferlan <jferlan(a)redhat.com>
---
src/util/virpci.c | 49 ++++++++++++++++++++++++++++++++++++++++---------
1 file changed, 40 insertions(+), 9 deletions(-)
diff --git a/src/util/virpci.c b/src/util/virpci.c
index e2d222e..5d4168a 100644
--- a/src/util/virpci.c
+++ b/src/util/virpci.c
@@ -42,6 +42,7 @@
#include "vircommand.h"
#include "virerror.h"
#include "virfile.h"
+#include "virkmod.h"
#include "virstring.h"
#include "virutil.h"
@@ -979,6 +980,9 @@ virPCIProbeStubDriver(const char *driver)
{
char *drvpath = NULL;
bool probed = false;
+ size_t i;
+ char *drvblklst = NULL;
+ char *outbuf = NULL;
recheck:
if (virPCIDriverDir(&drvpath, driver) == 0 && virFileExists(drvpath)) {
@@ -990,18 +994,44 @@ recheck:
VIR_FREE(drvpath);
if (!probed) {
- const char *const probecmd[] = { MODPROBE, driver, NULL };
+ char *errbuf = NULL;
probed = true;
- if (virRun(probecmd, NULL) < 0) {
- char ebuf[1024];
- VIR_WARN("failed to load driver %s: %s", driver,
- virStrerror(errno, ebuf, sizeof(ebuf)));
- return -1;
+ if ((errbuf = virModprobeUseBlacklist(driver))) {
+ VIR_WARN("failed to load driver %s: %s", driver, errbuf);
+ VIR_FREE(errbuf);
+ goto cleanup;
}
goto recheck;
}
+ /* All error path code - purpose is to determine whether the failure
+ * occurs because device is on blacklist in order to add an error
+ * message to help detect why load failed
+ */
+ if (virAsprintfQuiet(&drvblklst, "blacklist %s", driver) < 0)
+ goto cleanup;
+
+ /* modprobe will convert all '-' into '_', so we need to as well */
+ for (i = 0; i < drvblklst[i]; i++)
+ if (drvblklst[i] == '-')
+ drvblklst[i] = '_';
+
+ outbuf = virModprobeConfig();
+ if (!outbuf)
+ goto cleanup;
+
+ /* Find driver on blacklist? */
+ if (strstr(outbuf, drvblklst)) {
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("Failed to load PCI stub module %s: "
+ "administratively prohibited"),
+ driver);
+ }
+
IIUC the reason this check is here and not in virkmod.c is that 'modprobe -b
<module>' on a blacklisted module returns 0 and no output.
Could we check if the module was loaded successfully inside virModprobeLoad,
perhaps by checking if the /sys/module/<module> directory exists?
Jan
6:05 a.m.
New subject: [libvirt] [PATCH v2 3/3] Honor blacklist for modprobe command
On Wed, Jan 29, 2014 at 07:52:45PM -0500, John Ferlan wrote:
https://bugzilla.redhat.com/show_bug.cgi?id=1045124
When loading modules, libvirt does not honor the modprobe blacklist.
By adding a "-b" to the modprobe command libvirt will fail to load a
module if it's on the blacklist
Check if the failure to load a driver was due to it being on the blacklist
using the output of a "modprobe -c" searching for "blacklist
<driver_Name>"
where driver_Name is possibly a modified string of the input driver changing
all '-' into '_' since that's what modprobe does.
Signed-off-by: John Ferlan <jferlan(a)redhat.com>
---
src/util/virpci.c | 49 ++++++++++++++++++++++++++++++++++++++++---------
1 file changed, 40 insertions(+), 9 deletions(-)
diff --git a/src/util/virpci.c b/src/util/virpci.c
index e2d222e..5d4168a 100644
--- a/src/util/virpci.c
+++ b/src/util/virpci.c
@@ -42,6 +42,7 @@
#include "vircommand.h"
#include "virerror.h"
#include "virfile.h"
+#include "virkmod.h"
#include "virstring.h"
#include "virutil.h"
@@ -979,6 +980,9 @@ virPCIProbeStubDriver(const char *driver)
{
char *drvpath = NULL;
bool probed = false;
+ size_t i;
+ char *drvblklst = NULL;
+ char *outbuf = NULL;
recheck:
if (virPCIDriverDir(&drvpath, driver) == 0 && virFileExists(drvpath)) {
@@ -990,18 +994,44 @@ recheck:
VIR_FREE(drvpath);
if (!probed) {
- const char *const probecmd[] = { MODPROBE, driver, NULL };
+ char *errbuf = NULL;
probed = true;
- if (virRun(probecmd, NULL) < 0) {
- char ebuf[1024];
- VIR_WARN("failed to load driver %s: %s", driver,
- virStrerror(errno, ebuf, sizeof(ebuf)));
- return -1;
+ if ((errbuf = virModprobeUseBlacklist(driver))) {
+ VIR_WARN("failed to load driver %s: %s", driver, errbuf);
+ VIR_FREE(errbuf);
+ goto cleanup;
}
goto recheck;
}
+ /* All error path code - purpose is to determine whether the failure
+ * occurs because device is on blacklist in order to add an error
+ * message to help detect why load failed
+ */
+ if (virAsprintfQuiet(&drvblklst, "blacklist %s", driver) < 0)
+ goto cleanup;
+
+ /* modprobe will convert all '-' into '_', so we need to as well */
+ for (i = 0; i < drvblklst[i]; i++)
+ if (drvblklst[i] == '-')
+ drvblklst[i] = '_';
+
+ outbuf = virModprobeConfig();
+ if (!outbuf)
+ goto cleanup;
+
+ /* Find driver on blacklist? */
+ if (strstr(outbuf, drvblklst)) {
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("Failed to load PCI stub module %s: "
+ "administratively prohibited"),
+ driver);
+ }
So when I suggested creation of virkmod.{c,h} I was really meaning
that all this code would go in there. eg here you'd just invoke
if (virKModIsBlacklisted(driver)) {
....report error...
}
so all the kmod config parsing would be isolated from this pci
code.
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
7:02 a.m.
New subject: [libvirt] [PATCH v2 3/3] Honor blacklist for modprobe command
On 01/30/2014 07:05 AM, Daniel P. Berrange wrote:
On Wed, Jan 29, 2014 at 07:52:45PM -0500, John Ferlan wrote:
> https://bugzilla.redhat.com/show_bug.cgi?id=1045124
>
> When loading modules, libvirt does not honor the modprobe blacklist.
> By adding a "-b" to the modprobe command libvirt will fail to load a
> module if it's on the blacklist
>
> Check if the failure to load a driver was due to it being on the blacklist
> using the output of a "modprobe -c" searching for "blacklist
<driver_Name>"
> where driver_Name is possibly a modified string of the input driver changing
> all '-' into '_' since that's what modprobe does.
>
> Signed-off-by: John Ferlan <jferlan(a)redhat.com>
> ---
> src/util/virpci.c | 49 ++++++++++++++++++++++++++++++++++++++++---------
> 1 file changed, 40 insertions(+), 9 deletions(-)
>
> diff --git a/src/util/virpci.c b/src/util/virpci.c
> index e2d222e..5d4168a 100644
> --- a/src/util/virpci.c
> +++ b/src/util/virpci.c
> @@ -42,6 +42,7 @@
> #include "vircommand.h"
> #include "virerror.h"
> #include "virfile.h"
> +#include "virkmod.h"
> #include "virstring.h"
> #include "virutil.h"
>
> @@ -979,6 +980,9 @@ virPCIProbeStubDriver(const char *driver)
> {
> char *drvpath = NULL;
> bool probed = false;
> + size_t i;
> + char *drvblklst = NULL;
> + char *outbuf = NULL;
>
> recheck:
> if (virPCIDriverDir(&drvpath, driver) == 0 &&
virFileExists(drvpath)) {
> @@ -990,18 +994,44 @@ recheck:
> VIR_FREE(drvpath);
>
> if (!probed) {
> - const char *const probecmd[] = { MODPROBE, driver, NULL };
> + char *errbuf = NULL;
> probed = true;
> - if (virRun(probecmd, NULL) < 0) {
> - char ebuf[1024];
> - VIR_WARN("failed to load driver %s: %s", driver,
> - virStrerror(errno, ebuf, sizeof(ebuf)));
> - return -1;
> + if ((errbuf = virModprobeUseBlacklist(driver))) {
> + VIR_WARN("failed to load driver %s: %s", driver, errbuf);
> + VIR_FREE(errbuf);
> + goto cleanup;
> }
>
> goto recheck;
> }
>
> + /* All error path code - purpose is to determine whether the failure
> + * occurs because device is on blacklist in order to add an error
> + * message to help detect why load failed
> + */
> + if (virAsprintfQuiet(&drvblklst, "blacklist %s", driver) < 0)
> + goto cleanup;
> +
> + /* modprobe will convert all '-' into '_', so we need to as well
*/
> + for (i = 0; i < drvblklst[i]; i++)
> + if (drvblklst[i] == '-')
> + drvblklst[i] = '_';
> +
> + outbuf = virModprobeConfig();
> + if (!outbuf)
> + goto cleanup;
> +
> + /* Find driver on blacklist? */
> + if (strstr(outbuf, drvblklst)) {
> + virReportError(VIR_ERR_INTERNAL_ERROR,
> + _("Failed to load PCI stub module %s: "
> + "administratively prohibited"),
> + driver);
> + }
So when I suggested creation of virkmod.{c,h} I was really meaning
that all this code would go in there. eg here you'd just invoke
if (virKModIsBlacklisted(driver)) {
....report error...
}
so all the kmod config parsing would be isolated from this pci
code.
So here's the rub (since Jan asked and probably figured it out) -
'modprobe -b' returns 0 and no error when it finds the module on the
blacklist.
I guess I had "brain lock" over removing the VIR_WARN() and already
having gone through a round of testing by the bz submitter in a "real"
environment with the original set of changes.
This was so much simpler when all that was originally asked for was a
"-b" to be added to the MODPROBE command :-)...
A v3 will come soon.
John
3921
days inactive
3921
days old
9 comments
3 participants
participants (3)
-
Daniel P. Berrange -
John Ferlan -
Ján Tomko