Commit Graph

18 Commits

Author SHA1 Message Date
Andrea Bolognani 5143429303 host-validate: Be more careful when checking for cgroup support
Simply checking whether the cgroup name appears somewhere inside
/proc/self/cgroup is enough most of the time, but there are some
corner cases that require a more mindful parsing.
2016-04-11 09:36:28 +02:00
Andrea Bolognani f854c559b9 host-validate: Be more careful when checking for cgroup mounts
The existing code is built on the assumption that no cgroup
name can appear as part of another cgroup name; moreover, cgroups
are expected to always be listed in a specific order.

If that's not the case, eg. 'cpuacct' is listed before 'cpu', the
algorithm fails to detect the cgroup mount point.

Rewrite it to get rid of such assumptions.
2016-04-08 13:06:23 +02:00
Andrea Bolognani c661b675f1 host-validate: Improve CPU flags processing
Instead of relying on substring search, tokenize the input
and process each CPU flag separately. This ensures CPU flag
detection will continue to work correctly even if we start
looking for CPU flags whose name might appear as part of
other CPU flags' names.

The result of processing is stored in a virBitmap, which
means we don't have to parse /proc/cpuinfo in its entirety
for each single CPU flag we want to check.

Moreover, use of the newly-introduced virHostValidateCPUFlag
enumeration ensures we don't go looking for random CPU flags
which might actually be simple typos.
2016-04-07 17:31:41 +02:00
Michal Privoznik 6e2770174e virt-host-validate-common: Print warning on missing IOMMU
No only coverity warns about this, but it kind of makes sense
too. We have a test whether host supports IOMMU. Some platforms
don't have it, I know. But in that case we should print a message
that it's unknown whether platform has it or not.

Before:
  (no output)

After:
  QEMU: Checking for device assignment IOMMU support                         : WARN (Unknown if this platform has IOMMU support)

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-01-09 18:44:44 +01:00
Daniel P. Berrange 9139b46a6b virt-host-validate: check for IOMMU support
This looks for existance of DMAR (Intel) and IVRS (AMD)
files under /sys/firmware/acpi/tables/, as a sign that
the platform has IOMMU present & enabled in the BIOS.

If these are present and /sys/kernel/iommu_groups does
not contain any entries this is taken as a sign that
the kernel has not enabled the IOMMU currently.

If no ACPI tables are found we can't distinguish between
disabled in BIOS and not present in the hardware, so we
have to give the user a generic hint.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2015-10-13 10:54:09 +01:00
Daniel P. Berrange 09a7a34076 virt-host-validate: disable mntent code on Win32
Win32 does not have support for mntent.h header, so the
method which uses this must be stubbed out.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2015-10-12 14:37:37 +01:00
Daniel P. Berrange 9bf595b172 virt-host-validate: check for required cgroups
Extend the virt-host-validate checks to see if the required
cgroups are compiled into the kernel and that they are
mounted on the system. The cgroups are all optional except
for 3 that LXC mandates

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2015-10-12 13:15:00 +01:00
Daniel P. Berrange fd6d506c50 virt-host-validate: distinguish exists vs accessible for devices
Currently we just check that various devices are accessible.
This leads to inaccurate errors reported for /dev/kvm and
/dev/vhost-net if they exist but an unprivileged user lacks
access. Switch existing checks to look for file existance,
and add a separate check for accessibility of /dev/kvm
since some distros don't grant users access by default.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2015-10-12 13:15:00 +01:00
Daniel P. Berrange 8a6b6037f8 virt-host-validate.c: check for kernel namespaces
The LXC driver requires the uts, mnt, pid & ipc
namespaces, while net & user namespaces are
optional. Validate all these are present.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2015-10-12 13:15:00 +01:00
Eric Blake 0585332430 maint: avoid static zero init in tools
C guarantees that static variables are zero-initialized.  Some older
compilers (and also gcc -fno-zero-initialized-in-bss) create larger
binaries if you explicitly zero-initialize a static variable.

* tools/virsh-console.c (got_signal): Drop unused variable.
* tools/virsh-domain.c: Fix initialization.
* tools/virsh.c: Likewise.
* tools/virt-host-validate-common.c (virHostMsgWantEscape):
Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-10-29 09:55:09 -06:00
Michal Privoznik dc6f2dadac Introduce OOM reporting to virAsprintf
Actually, I'm turning this function into a macro as filename,
function name and line number needs to be passed. The new
function virAsprintfInternal is introduced with the extended set
of arguments.
2013-07-10 11:07:31 +02:00
Michal Privoznik 7c9a2d88cd virutil: Move string related functions to virstring.c
The source code base needs to be adapted as well. Some files
include virutil.h just for the string related functions (here,
the include is substituted to match the new file), some include
virutil.h without any need (here, the include is removed), and
some require both.
2013-05-02 16:56:55 +02:00
Daniel P. Berrange 44f6ae27fe Rename util.{c,h} to virutil.{c,h} 2012-12-21 11:19:49 +00:00
Daniel P. Berrange ab9b7ec2f6 Rename memory.{c,h} to viralloc.{c,h} 2012-12-21 11:17:14 +00:00
Eric Blake 4ecb723b9e maint: fix up copyright notice inconsistencies
https://www.gnu.org/licenses/gpl-howto.html recommends that
the 'If not, see <url>.' phrase be a separate sentence.

* tests/securityselinuxhelper.c: Remove doubled line.
* tests/securityselinuxtest.c: Likewise.
* globally: s/;  If/.  If/
2012-09-20 16:30:55 -06:00
Osier Yang f9ce7dad60 Desert the FSF address in copyright
Per the FSF address could be changed from time to time, and GNU
recommends the following now: (http://www.gnu.org/licenses/gpl-howto.html)

  You should have received a copy of the GNU General Public License
  along with Foobar.  If not, see <http://www.gnu.org/licenses/>.

This patch removes the explicit FSF address, and uses above instead
(of course, with inserting 'Lesser' before 'General').

Except a bunch of files for security driver, all others are changed
automatically, the copyright for securify files are not complete,
that's why to do it manually:

  src/security/security_selinux.h
  src/security/security_driver.h
  src/security/security_selinux.c
  src/security/security_apparmor.h
  src/security/security_apparmor.c
  src/security/security_driver.c
2012-07-23 10:50:50 +08:00
Eric Blake 63e086310f build: avoid 'devname' for BSD
Commit 21b5daa1 was the last time we cleaned this up.

* tools/virt-host-validate-common.c (virHostValidateDevice):
Rename local variable.
2012-03-29 17:08:27 -06:00
Daniel P. Berrange 54a38915d8 Add a virt-host-validate command to sanity check HV config
To assist people in verifying that their host is operating in an
optimal manner, provide a 'virt-host-validate' command. For each
type of hypervisor, it will check any pre-requisites, or other
good recommendations and report what's working & what is not.

eg

  # virt-host-validate
  QEMU: Checking for device /dev/kvm                                         : FAIL (Check that the 'kvm-intel' or 'kvm-amd' modules are loaded & the BIOS has enabled virtualization)
  QEMU: Checking for device /dev/vhost                                       : WARN (Load the 'vhost_net' module to improve performance of virtio networking)
  QEMU: Checking for device /dev/net/tun                                     : PASS
   LXC: Checking for Linux >= 2.6.26                                         : PASS

This warns people if they have vmx/svm, but don't have /dev/kvm. It
also warns about missing /dev/vhost net.
2012-01-27 17:53:18 +00:00