Commit Graph

18466 Commits

Author SHA1 Message Date
Peter Krempa b347c0c2a3 CVE-2015-0236: qemu: Check ACLs when dumping security info from snapshots
The ACL check didn't check the VIR_DOMAIN_XML_SECURE flag and the
appropriate permission for it. Found via code inspection while fixing
permissions for save images.
2015-01-22 14:32:54 +01:00
Peter Krempa 03c3c0c874 CVE-2015-0236: qemu: Check ACLs when dumping security info from save image
The ACL check didn't check the VIR_DOMAIN_XML_SECURE flag and the
appropriate permission for it.
2015-01-22 14:32:54 +01:00
Luyao Huang 860522d26b qemu: output error when try to hotplug unsupported console type
https://bugzilla.redhat.com/show_bug.cgi?id=1164627

When using 'virsh attach-device' to hotplug an unsupported console type
into a qemu guest the attachment would succeed as the command line
formatter didn't report error in such case.

Signed-off-by: Luyao Huang <lhuang@redhat.com>
2015-01-22 11:17:14 +01:00
Ján Tomko 280ece4af9 qemu: format server interface without a listen address
https://bugzilla.redhat.com/show_bug.cgi?id=1130390

The listen address is not mandatory for <interface type='server'>
but when it's not specified, we've been formatting it as:
-netdev socket,listen=(null):5558,id=hostnet0
which failed with:
Device 'socket' could not be initialized

Omit the address completely and only format the port in the listen
attribute.

Also fix the schema to allow specifying a model.
2015-01-21 13:22:36 +01:00
Jim Fehlig e274d5882e tests: fix xlconfigtest build failure
When libvirt is configured --without-xen, building the xlconfigtest
fails with

  CCLD   xlconfigtest
  /usr/lib/gcc/x86_64-linux-gnu/4.7/../../../x86_64-linux-gnu/crt1.o
  In function `_start': (.text+0x20): undefined reference to `main'
  collect2: error: ld returned 1 exit status

Introduced in commit 4ed5fb91 by too much copy and paste from
xmconfigtest.
2015-01-20 21:03:09 -07:00
Ján Tomko c803c070c4 Fix virCgroupNewMachine prototype on non-Linux
Commit 318df5a changed the prototype of virCgroupNewMachine
without adjusting the stub function for platforms without
cgroups.
2015-01-20 10:02:53 +01:00
Josh Stone 298fa4858c network: Let domains be restricted to local DNS
This adds a new "localOnly" attribute on the domain element of the
network xml.  With this set to "yes", DNS requests under that domain
will only be resolved by libvirt's dnsmasq, never forwarded upstream.

This was how it worked before commit f69a6b987d, and I found that
functionality useful.  For example, I have my host's NetworkManager
dnsmasq configured to forward that domain to libvirt's dnsmasq, so I can
easily resolve guest names from outside.  But if libvirt's dnsmasq
doesn't know a name and forwards it to the host, I'd get an endless
forwarding loop.  Now I can set localOnly="yes" to prevent the loop.

Signed-off-by: Josh Stone <jistone@redhat.com>
2015-01-20 01:07:18 -05:00
Gary R Hook e11490e358 Make ZFS storage pool XML tests optional
Do not run ZFS tests when ZFS is unsupported in the environment.

The recent patch b4af40226d adds tests
to storagepoolxml2xmltest for the optional ZFS feature. When ZFS is
not included in the configuration these tests should not / cannot be
run. Modify the test source file to check for use of the feature and
compile in the tests accordingly.

Signed-off-by: Gary R Hook <gary.hook@nimboxx.com>
2015-01-19 15:03:01 +01:00
Martin Kletzander abf95b65e2 docs: Fix docs about python bindings package
Since the day we removed python bindings from the core repository, the
documentation was missing that information.

Reported-by: Lingyu Zhu <lynuszhu@gmail.com>
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-01-19 14:50:52 +01:00
Ján Tomko d16704fd60 qemu_conf: check for duplicate security drivers
Using the same driver multiple times is pointless and
it can result in confusing errors:

$ virsh start test
error: Failed to start domain test
error: internal error: security label already defined for VM

https://bugzilla.redhat.com/show_bug.cgi?id=1153891
2015-01-19 12:46:37 +01:00
Ján Tomko 5c703ca396 Always check return value of qemuDomainObjExitMonitor
Depending on the context, either error out if the domain
has disappeared in the meantime, or just ignore the value
to allow marking the function as ATTRIBUTE_RETURN_CHECK.
2015-01-19 10:12:32 +01:00
Ján Tomko 3070bc8ee5 Fix vmdef usage after domain crash in monitor on device attach
https://bugzilla.redhat.com/show_bug.cgi?id=1161024

If the domain crashed while we were in monitor,
we cannot rely on the REALLOC done on live definition,
since vm->def now points to the persistent definition.
Skip adding the attached devices to domain definition
if the domain crashed.

In AttachChrDevice, the chardev was already added to the
live definition and freed by qemuProcessStop in the case
of a crash. Skip the device removal in that case.

Also skip audit if the domain crashed in the meantime.
2015-01-19 10:12:32 +01:00
Ján Tomko 6edb97f29a Fix vmdef usage after domain crash in monitor on device detach
https://bugzilla.redhat.com/show_bug.cgi?id=1161024

In the device type-specific functions, exit early
if the domain has disappeared, because the cleanup
should have been done by qemuProcessStop.

Check the return value in processDeviceDeletedEvent
and qemuProcessUpdateDevices.

Skip audit and removing the device from live def because
it has already been cleaned up.
2015-01-19 10:12:07 +01:00
Ján Tomko bd1bbd4710 Simplify condition for formatting CPU features
Commit adff345 added support for features to MODE_HOSTPASSTHROUGH
as well. Since we support all modes now, the condition can be
eliminated.
2015-01-19 10:11:15 +01:00
Ján Tomko bc378060f7 Add an XML test for host-model CPU with features
This was broken in a dowstream build due to a missing backport:
https://bugzilla.redhat.com/show_bug.cgi?id=1182448
2015-01-19 10:11:15 +01:00
Anthony PERARD 368042cf4a libxl: Set path to console on domain startup.
The path to the pty of a Xen PV console is set only in
virDomainOpenConsole. But this is done too late. A call to
virDomainGetXMLDesc done before OpenConsole will not have the path to
the pty, but a call after OpenConsole will.

e.g. of the current issue.
Starting a domain with '<console type="pty"/>'
Then:
virDomainGetXMLDesc():
  <devices>
    <console type='pty'>
      <target type='xen' port='0'/>
    </console>
  </devices>
virDomainOpenConsole()
virDomainGetXMLDesc():
  <devices>
    <console type='pty' tty='/dev/pts/30'>
      <source path='/dev/pts/30'/>
      <target type='xen' port='0'/>
    </console>
  </devices>

The patch intend to have the TTY path on the first call of GetXMLDesc.
This is done by setting up the path at domain start up instead of in
OpenConsole.

https://bugzilla.redhat.com/show_bug.cgi?id=1170743

Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
2015-01-16 15:57:10 -07:00
Daniel P. Berrange 87fa184910 Conditionalize use of -Wno-suggest-attribute=format pragma
Many GCC versions don't understand -Wno-suggest-attribute=format
so the pragma must only be used when supported
2015-01-16 17:12:27 +00:00
Cédric Bosdonnat 29f15b43fa Coverity fix: properly check for 0 ipv6 address. 2015-01-16 17:28:14 +01:00
Dmitry Guryanov 2bc460d3c1 parallels: create container from existing image
It's possible to create a container with existing
disk image as root filesystem. You need to remove
existing disks from PCS VM config and then add a new
one, pointing to your image. And then call PrlVm_RegEx
with PRNVM_PRESERVE_DISK flag.

With this patch you can create such container with
something like this for new domain XML config:

    <filesystem type='file' accessmode='passthrough'>
      <driver type='ploop' format='ploop'/>
      <source file='/path-to-image'/>
      <target dir='/'/>
    </filesystem>

Signed-off-by: Dmitry Guryanov <dguryanov@parallels.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-01-16 14:07:47 +01:00
Dmitry Guryanov aba95c287c parallels: allow to add filesystems to container
Handle information about filesystems in domain config
and add corresponding devices to container via
parallels sdk.

Signed-off-by: Dmitry Guryanov <dguryanov@parallels.com>
2015-01-16 14:07:47 +01:00
Dmitry Guryanov d86f2aa336 parallels: commit with PVCF_DETACH_HDD_BUNDLE flag
PCS removes disk image from filesystem, if you remove it
from config. There is a special flag PVCF_DETACH_HDD_BUNDLE
which allow to remove disk only from VM/CT config.

If you call virDomainDefine and remove some disk from
config it should be preserved, so call PrlVm_CommitEx
always with flag PVCF_DETACH_HDD_BUNDLE.

Signed-off-by: Dmitry Guryanov <dguryanov@parallels.com>
2015-01-16 14:07:47 +01:00
Dmitry Guryanov 4bbd3b1e7e parallels: dump info about container filesystems
Obtain information about container's filesystems and
store it in virDomainDef structure.

Signed-off-by: Dmitry Guryanov <dguryanov@parallels.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-01-16 14:07:47 +01:00
Dmitry Guryanov c8a6f844c3 add ploop fs driver type
Ploop is a pseudo device which makeit possible to access
to an image in a file as a block device. Like loop devices,
but with additional features, like snapshots, write tracker
and without double-caching.

It used in PCS for containers and in OpenVZ. You can manage
ploop devices and images with ploop utility
(http://git.openvz.org/?p=ploop).

Signed-off-by: Dmitry Guryanov <dguryanov@parallels.com>
2015-01-16 14:07:46 +01:00
Martin Kletzander 6514c04c18 qemu: Add support for enabling/disabling PMU
This is used as a boolean parameter for the '-cpu' option.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1178853

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-01-16 13:43:46 +01:00
Martin Kletzander 199390117c docs, schema, conf: Add support for PMU feature
Just a new feature that can be turned on/off.

https://bugzilla.redhat.com/show_bug.cgi?id=1178853

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-01-16 13:43:46 +01:00
John Ferlan ec010a55e7 network: Resolve Coverity FORWARD_NULL
Commit id 'ca481a6f' added virNetworkRouteDefFree which may be called
in an error path from lxcAddNetworkRouteDefinition with 'route = NULL'.
So just add the (!def) at the top to resolve.
2015-01-16 06:40:15 -05:00
Daniel P. Berrange d7565bd8aa virsh: add support for domain XML validation
The 'virsh edit' command gets XML validation enabled by default,
with a --skip-validate option to disable it. The 'virsh define'
and 'virsh create' commands get a --validate option to enable
it, to avoid regressions for existing scripts.

The quality of error reporting from libxml2 varies depending
on the type of XML error made. Sometimes it is quite clear
and useful, other times it is obscure & inaccurate. At least
the user will see an error now, rather than having their
XML modification silently disappear.
2015-01-16 11:07:59 +00:00
Erik Skultety 78f911d7d0 Add XML test for too many PCI devices on default PCI bus 2015-01-16 10:59:26 +01:00
Erik Skultety 419a22d5db Remove dead code in qemuDomainAssignPCIAddresses
We tested for positive return value from virDomainMaybeAddController,
but it returns 0 or -1 only resulting in a dead code.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-01-16 10:59:13 +01:00
Erik Skultety 93c8ca9974 qemu: Tweak auto adding PCI bridge controller when extending default PCI bus
In case we find out, there are more PCI devices to be connected
than there are available slots on the default PCI bus, we automatically add a
new bus and a related PCI bridge controller as well. As there are no free slots
left on the default PCI bus, PCI bridge controller gets a free slot on a
newly created PCI bus which causes qemu to refuse to start the guest.
This fix introduces a new function qemuDomainPCIBusFullyReserved which
is checked right before we possibly try to reserve a slot for PCI bridge
controller.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1132900
2015-01-16 10:38:29 +01:00
John Ferlan c6adccae3a domain_conf: Check errors from virSocketAddrFormat
Commit id 'aa2cc721' added calls to virSocketAddrFormat but did not
check for a NULL (error) return which could lead to bad output
in the XML file.  Need to check for NULL return and cause failure.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2015-01-16 10:14:03 +01:00
John Ferlan 57e681e529 domain_conf: Resolve Coverity RESOURCE_LEAK
Commit id 'aa2cc721' added call to virSocketAddrFormat
and did not VIR_FREE() the returned memory.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2015-01-16 10:14:03 +01:00
Cédric Bosdonnat 3993c2f91c virSocketAddrGetIpPrefix 0.0.0.0 and :: special cases
If 0.0.0.0  or :: address is provided, then the returned prefix should
be 0, for the default address.
2015-01-16 10:14:03 +01:00
Cédric Bosdonnat a117652917 Use the network route definitions for domains 2015-01-16 10:14:03 +01:00
Cédric Bosdonnat ca481a6f8f Move code related to network routes to networkcommon_conf.[ch]
Moving code for parsing and formatting network routes to
networkcommon_conf helps reusing those routes for domains. The route
definition has been hidden to help reducing the number of unnecessary
checks in the format function.
2015-01-16 10:14:03 +01:00
Cédric Bosdonnat 2fc7e4a25a Move network route definition to networkcommon.rng
Moving network route to the network common schema will allow reusing it.
2015-01-16 10:14:03 +01:00
Cédric Bosdonnat 4b47b4dc7a Fix ipv6 regex in RNG schemas to match '::' 2015-01-16 10:14:03 +01:00
Michal Privoznik 7d3ae359db virNetworkDefUpdateIPDHCPHost: Don't crash when updating network
https://bugzilla.redhat.com/show_bug.cgi?id=1182486

When updating a network and adding new ip-dhcp-host entry, the deamon
may crash. The problem is, we iterate over existing <host/> entries
trying to compare MAC addresses to see if there's already an existing
rule. However, not all entries are required to have MAC address. For
instance, the following is perfectly valid entry:

<host id='00:04:58:fd:e4:15:1b:09:4c:0e:09:af:e4:d3:8c:b8:ca:1e'
name='redhatipv6.redhat.com' ip='2001:db8:ca2:2::119'/>

When the checking loop iterates over this, the entry's MAC address is
accessed directly. Well, the fix is obvious - check if the address is
defined before trying to compare it.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-01-16 09:57:05 +01:00
Daniel P. Berrange dd69a14f90 Add support for schema validation when passing in XML
The virDomainDefineXMLFlags and virDomainCreateXML APIs both
gain new flags allowing them to be told to validate XML.
This updates all the drivers to turn on validation in the
XML parser when the flags are set
2015-01-15 16:40:27 +00:00
Daniel P. Berrange 6d06b0d89b Add virXMLValidateAgainstSchema helper method
Add a helper method that can validate an XML document against
an RNG schema
2015-01-15 14:02:50 +00:00
Daniel P. Berrange c5b6a4a5cb Change int to size_t in size var for tap/vhost FDs
A number of methods take an int for a parameter that indicates
the size of an array. The correct type for array sizes is
size_t
2015-01-15 11:07:13 +00:00
Daniel P. Berrange d654bc4190 Log dtrace/systemd probes at INFO level instead of DEBUG
Every dtrace/systemd probe also include a libvirt log message.
These are logged at level DEBUG currently, which means if you
want to see all probes they are drowned by the rest of the
DEBUG messages. Since we don't really use the INFO log level
for much, it seems reasonable to suggest we log all probes at
level INFO.
2015-01-15 11:07:13 +00:00
Daniel P. Berrange d83ce91fd4 Add systemd/dtrace probes for DBus APIs
When debugging libvirt it is helpful to set probes around RPC
calls. We already have probes for libvirt's native RPC layer,
so it makes sense to add them for the DBus RPC layer too.
2015-01-15 11:07:13 +00:00
Daniel P. Berrange 318df5a05f Add support for systemd-machined CreateMachineWithNetwork
systemd-machined introduced a new method CreateMachineWithNetwork
that obsoletes CreateMachine. It expects to be given a list of
VETH/TAP device indexes for the host side device(s) associated
with a container/machine.

This falls back to the old CreateMachine method when the new
one is not supported.
2015-01-15 11:07:07 +00:00
Luyao Huang 5035279198 qemu: free priv->origname when qemuMigrationPrepareAny fails
https://bugzilla.redhat.com/show_bug.cgi?id=1181182

When we meet error in qemuMigrationPrepareAny and goto
cleanup with rc < 0, we forget clear the priv->origname and this
will make this vm migrate fail next time because leave a wrong
origname in  priv, and will Generate a wrong cookie when do
migrate next time.

This patch will make priv->origname is NULL when migrate fail
in target host.

Signed-off-by: Luyao Huang <lhuang@redhat.com>
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2015-01-15 11:32:50 +01:00
Ján Tomko c749eda4a2 Fix vmdef usage while in monitor in qemu process
Make local copy of the disk alias in qemuProcessInitPasswords,
instead of referencing the one in domain definition, which
might get freed if the domain crashes while we're in monitor.

Also copy the memballoon period value.
2015-01-14 19:30:32 +01:00
Ján Tomko 3f21398437 Fix vmdef usage while in monitor in BlockStat* APIs
Make a local copy of the disk alias instead of pointing
to the domain definition, which might get freed if
the domain dies while we're in monitor.

Also exit early if that happens.
2015-01-14 19:30:32 +01:00
Ján Tomko 051add2ff9 Fix vmdef usage while in monitor in qemuDomainHotplugVcpus
Exit the monitor right after we've done with it to get
the virDomainObjPtr lock back, otherwise we might be accessing
vm->def while it's being cleaned up by qemuProcessStop.

If the domain crashed while we were in the monitor, exit
early instead of changing vm->def which is now the persistent
definition.
2015-01-14 19:30:32 +01:00
Ján Tomko a5e5996b91 Mark the domain as active in qemuhotplugtest
This will allow us to call qemuDomainObjIsActive() in
the tested functions to check if the domain has crashed.
2015-01-14 19:30:32 +01:00
Ján Tomko dc2fd51fd7 Check for domain liveness in qemuDomainObjExitMonitor
The domain might disappear during the time in monitor when
the virDomainObjPtr is unlocked, so the caller needs to check
if it's still alive.

Since most of the callers are going to need it, put the
check inside qemuDomainObjExitMonitor and return -1 if
the domain died in the meantime.
2015-01-14 19:30:32 +01:00