Commit Graph

13155 Commits

Author SHA1 Message Date
Daniel P. Berrange 71d7b20b3b Remove pointless GET_PRIVATE macro from Xen driver
The Xen driver uses a macro GET_PRIVATE as a supposed shorthand
for 'xenUnifiedPrivatePtr priv = (xenUnifiedPrivatePtr) (conn)->privateData'.
It does not in fact save any lines of code, and obscures what is
happening. Remove it, since it adds no value.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-05-09 13:16:19 +01:00
Daniel P. Berrange 8b7cb0025b Remove VIR_CONNECT_RO checks from xen drivers
Some of the Xen sub-drivers have checks against the
VIR_CONNECT_RO flag. This is not required, since such
checks are done at the top level before the driver
methods are invoked

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-05-09 13:16:19 +01:00
Daniel P. Berrange a855556f88 Remove xen driver checks for priv->handle < 0
The Xen hypervisor driver checks for 'priv->handle < 0' and
returns -1, but without raising any error. Fortunately this
code will never be executed, since the main Xen driver always
checks 'priv->opened[XEN_UNIFIED_HYPERVISOR_OFFSET]' prior
to invoking any hypervisor API. Just remove the redundant
checks for priv->handle

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-05-09 13:16:19 +01:00
Michal Privoznik ab2a3d01e5 Adapt to VIR_STRDUP and VIR_STRNDUP in src/vmx/* 2013-05-09 14:08:54 +02:00
Michal Privoznik e6ab100980 Adapt to VIR_STRDUP and VIR_STRNDUP in src/vmware/* 2013-05-09 14:08:54 +02:00
Michal Privoznik 4a22990dfd Adapt to VIR_STRDUP and VIR_STRNDUP in src/uml/* 2013-05-09 14:08:54 +02:00
Michal Privoznik 296d319f05 Adapt to VIR_STRDUP and VIR_STRNDUP in src/secret/* 2013-05-09 14:08:54 +02:00
Michal Privoznik a39875b7f8 Adapt to VIR_STRDUP and VIR_STRNDUP in src/phyp/* 2013-05-09 14:01:37 +02:00
Michal Privoznik b3c649ac5e Adapt to VIR_STRDUP and VIR_STRNDUP in src/parallels/* 2013-05-09 14:01:37 +02:00
Michal Privoznik 0ca51d5c9f Adapt to VIR_STRDUP and VIR_STRNDUP in src/nwfilter/* 2013-05-09 14:01:37 +02:00
Michal Privoznik e3221e6421 Adapt to VIR_STRDUP and VIR_STRNDUP in src/interface/* 2013-05-09 14:01:30 +02:00
Michal Privoznik be2636fd0b Adapt to VIR_STRDUP and VIR_STRNDUP in src/node_device/* 2013-05-09 14:00:45 +02:00
Michal Privoznik 6b936bd79c Adapt to VIR_STRDUP and VIR_STRNDUP in src/network/* 2013-05-09 14:00:45 +02:00
Michal Privoznik a96d7f3c8f Adapt to VIR_STRDUP and VIR_STRNDUP in src/lxc/* 2013-05-09 14:00:45 +02:00
Michal Privoznik f75ed996e7 Adapt to VIR_STRDUP and VIR_STRNDUP in src/locking/* 2013-05-09 14:00:45 +02:00
Michal Privoznik 08152a6982 Adapt to VIR_STRDUP and VIR_STRNDUP in src/libxl/* 2013-05-09 14:00:45 +02:00
Michal Privoznik 544cb4375f Adapt to VIR_STRDUP and VIR_STRNDUP in src/hyperv/* 2013-05-09 14:00:45 +02:00
Michal Privoznik a315f866e2 Adapt to VIR_STRDUP and VIR_STRNDUP in src/esx/* 2013-05-09 14:00:45 +02:00
Michal Privoznik 0d013184d1 Adapt to VIR_STRDUP and VIR_STRNDUP in src/cpu/* 2013-05-09 14:00:44 +02:00
Daniel P. Berrange df5c9e6984 Delete udevFreeIfaceDef function in udev interface driver
The udevFreeIfaceDef function in the udev interface driver
just duplicates code from virInterfaceDefFree. Delete it
and call the standard API instead.

Fix the udevGetIfaceDefVlan method so that it doesn't
store pointers to the middle of a malloc'd memory
area.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-05-09 12:34:26 +01:00
Osier Yang 946c9f75d0 libvirt.c: Fix the indention
Pushed under trivial rule
2013-05-09 18:50:22 +08:00
Osier Yang a503433c30 conf: Remove the unrelated comment
Pushed under trivial rule.
2013-05-09 11:04:32 +08:00
Eric Blake 3dfc2b71aa maint: update to latest gnulib
Among others, this fixes a cosmetic bug where bootstrap stated:

./bootstrap: Bootstrapping from checked-out http://libvirt.org sources...

instead of the intended:

./bootstrap: Bootstrapping from checked-out libvirt sources...

* .gnulib: Update to latest, for bootstrap improvement.
* bootstrap: Resync from gnulib.
2013-05-08 14:54:04 -06:00
John Ferlan 55b46920bb virsh: Resolve Coverity 'MISSING_BREAK'
Recent commit '53531e16' resulted in a new Coverity warning regarding
a missing break in the ':' options processing. Adjust the commit to
avoid the issue.
2013-05-08 06:16:53 -04:00
John Ferlan 649ecb704f lxc: Coverity false positive USE_AFTER_FREE 2013-05-08 06:16:53 -04:00
Daniel P. Berrange a605b7e041 Unmerge attach/update/modify device APIs in drivers
The LXC, QEMU, and LibXL drivers have all merged their handling of
the attach/update/modify device APIs into one large

  'xxxxDomainModifyDeviceFlags'

which then does a 'switch()' based on the actual API being invoked.
While this saves some lines of code, it is not really all that
significant in the context of the driver API impls as a whole.

This merger of the handling of different APIs creates pain when
wanting to automated analysis of the code and do things which
are specific to individual APIs. The slight duplication of code
from unmerged the API impls, is preferrable to allow for easier
automated analysis.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-05-08 10:47:48 +01:00
Daniel P. Berrange 449e6b1b58 Pull parsing of migration xml up into QEMU driver APIs
Currently the parsing of XML is pushed down into the various
migration helper APIs. This makes it difficult to insert the
correct access control checks, since one helper API services
many public APIs. Pull the parsing of XML up to the top level
of the QEMU driver APIs
2013-05-08 10:47:48 +01:00
Daniel P. Berrange 03a600368e Don't allow renaming of domains by the backdoor
Several APIs allow for custom XML to be passed in. This is
checked for ABI stability, which will ensure the UUID is
not being changed. There isn't validation that the name
did not change though. This could allow renaming of guests
via the backdoor, which in turn could allow for bypassing
access control restrictions based on names.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-05-08 10:47:47 +01:00
Daniel P. Berrange 142e6e2784 Fix naming of some node device APIs
In renaming driver API implementations to match the
public API naming scheme, a few cases in the node
device driver were missed.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-05-08 10:47:47 +01:00
Daniel P. Berrange 4a044d0256 Separate internal node suspend APIs from public API
The individual hypervisor drivers were directly referencing
APIs in virnodesuspend.c in their virDriverPtr struct. Separate
these methods, so there is always a wrapper in the hypervisor
driver. This allows the unused virConnectPtr args to be removed
from the virnodesuspend.c file. Again this will ensure that
ACL checks will only be performed on invocations that are
directly associated with public API usage.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-05-08 10:47:47 +01:00
Daniel P. Berrange 1c6d4ca557 Separate internal node device APIs from public API
The individual hypervisor drivers were directly referencing
APIs in src/nodeinfo.c in their virDriverPtr struct. Separate
these methods, so there is always a wrapper in the hypervisor
driver. This allows the unused virConnectPtr args to be
removed from the nodeinfo.c file. Again this will ensure that
ACL checks will only be performed on invocations that are
directly associated with public API usage.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-05-08 10:47:47 +01:00
Daniel P. Berrange ead630319d Separate virGetHostname() API contract from driver APIs
Currently the virGetHostname() API has a bogus virConnectPtr
parameter. This is because virtualization drivers directly
reference this API in their virDriverPtr tables, tieing its
API design to the public virConnectGetHostname API design.

This also causes problems for access control checks since
these must only be done for invocations from the public
API, not internal invocation.

Remove the bogus virConnectPtr parameter, and make each
hypervisor driver provide a dedicated function for the
driver API impl. This will allow access control checks
to be easily inserted later.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-05-08 10:47:47 +01:00
Daniel P. Berrange 979e9c56a7 Include process start time when doing polkit checks
Since PIDs can be reused, polkit prefers to be given
a (PID,start time) pair. If given a PID on its own,
it will attempt to lookup the start time in /proc/pid/stat,
though this is subject to races.

It is safer if the client app resolves the PID start
time itself, because as long as the app has the client
socket open, the client PID won't be reused.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-05-08 10:47:45 +01:00
Daniel P. Berrange b1d753fe40 Rename "security context" to "selinux context"
There are various methods named "virXXXXSecurityContext",
which are specific to SELinux. Rename them all to
"virXXXXSELinuxContext". They will still raise errors at
runtime if SELinux is not compiled in

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-05-08 10:21:01 +01:00
Daniel P. Berrange 8f7a1ac810 Fix possible undefined value in check-symsorting.pl
It is possible for $line to be undefined at first used, if
the symfile doesn't have a section prefix (which is the case
for auto-generated symfiles).

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-05-08 10:21:01 +01:00
Osier Yang 59750ed6ea storage: Skip inactive lv volumes
If the volume is of a clustered volume group, and not active, the
related pool APIs fails on opening /dev/vg/lv. If the volume is
suspended, it hangs on open(2) the volume.

Though the best solution is to expose the volume status in volume
XML, and even better to provide API to activate/deactivate the volume,
but it's not the work I want to touch currently. Volume status in
other status is just fine to skip.

About the 5th field of lv_attr (from man lvs[8])
<quote>
 5 State: (a)ctive, (s)uspended, (I)nvalid snapshot, invalid
   (S)uspended snapshot, snapshot (m)erge failed,suspended
   snapshot (M)erge failed, mapped (d)evice present without
   tables,  mapped device present with (i)nactive table
</quote>
2013-05-08 12:12:14 +08:00
Eric Blake 6b74a9f5d9 string: make VIR_STRDUP easier to use
While reviewing proposed VIR_STRDUP conversions, I've already noticed
several places that do:

if (str && VIR_STRDUP(dest, str) < 0)

which can be simplified by allowing str to be NULL (something that
strdup() doesn't allow).  Meanwhile, code that wants to ensure a
non-NULL dest regardless of the source can check for <= 0.

Also, make it part of the VIR_STRDUP contract that macro arguments
are evaluated exactly once.

* src/util/virstring.h (VIR_STRDUP, VIR_STRDUP_QUIET, VIR_STRNDUP)
(VIR_STRNDUP_QUIET): Improve contract.
* src/util/virstring.c (virStrdup, virStrndup): Change return
conventions.
* docs/hacking.html.in: Document this.
* HACKING: Regenerate.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-05-07 13:21:31 -06:00
Eric Blake ddcfc5492a alloc: make VIR_APPEND_ELEMENT safer
VIR_APPEND_ELEMENT(array, size, elem) was not safe if the expression
for 'size' had side effects.  While no one in the current code base
was trying to pass side effects, we might as well be robust and
explicitly document our intentions.

* src/util/viralloc.c (virInsertElementsN): Add special case.
* src/util/viralloc.h (VIR_APPEND_ELEMENT): Use it.
(VIR_ALLOC, VIR_ALLOC_N, VIR_REALLOC_N, VIR_EXPAND_N)
(VIR_RESIZE_N, VIR_SHRINK_N, VIR_INSERT_ELEMENT)
(VIR_DELETE_ELEMENT, VIR_ALLOC_VAR, VIR_FREE): Document
which macros are safe in the presence of side effects.
* docs/hacking.html.in: Document this.
* HACKING: Regenerate.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-05-07 13:21:31 -06:00
Ján Tomko 605a077244 syntax-check: forbid virBufferAsprintf with string literals 2013-05-07 17:49:59 +02:00
Ján Tomko dcea5a492f get rid of virBufferAsprintf where possible
Use virBufferAddLit or virBufferAddChar instead.
2013-05-07 17:38:58 +02:00
Laine Stump 8cd40e7e0d qemu: allocate network connections sooner during domain startup
VFIO device assignment requires a cgroup ACL to be setup for access to
the /dev/vfio/nn "group" device for any devices that will be assigned
to a guest. In the case of a host device that is allocated from a
pool, it was being allocated during qemuBuildCommandLine(), which is
called by qemuProcessStart() *after* the all-encompassing
qemuSetupCgroup() was called, meaning that the standard Cgroup ACL
setup wasn't creating ACLs for these devices allocated from pools.

One possible solution was to manually add a single ACL down inside
qemuBuildCommandLine() when networkAllocateActualDevice() is called,
but that has two problems: 1) the function that adds the cgroup ACL
requires a virDomainObjPtr, which isn't available in
qemuBuildCommandLine(), and 2) we really shouldn't be doing network
device setup inside qemuBuildCommandLine() anyway.

Instead, I've created a new function called
qemuNetworkPrepareDevices() which is called just before
qemuPrepareHostDevices() during qemuProcessStart() (explanation of
ordering in the comments), i.e. well before the call to
qemuSetupCgroup(). To minimize code churn in a patch that will be
backported to 1.0.5-maint, qemuNetworkPrepareDevices only does
networkAllocateActualDevice() and the bare amount of setup required
for type='hostdev network devices, but it eventually should do *all*
device setup for guest network devices.

Note that some of the code that was previously needed in
qemuBuildCommandLine() is no longer required when
networkAllocateActualDevice() is called earlier:

 * qemuAssignDeviceHostdevAlias() is already done further down in
   qemuProcessStart().

 * qemuPrepareHostdevPCIDevices() is called by
   qemuPrepareHostDevices() which is called after
   qemuNetworkPrepareDevices() in qemuProcessStart().

As hinted above, this new function should be moved into a separate
qemu_network.c (or similarly named) file along with
qemuPhysIfaceConnect(), qemuNetworkIfaceConnect(), and
qemuOpenVhostNet(), and expanded to call those functions as well, then
the nnets loop in qemuBuildCommandLine() should be reduced to only
build the commandline string (which itself can be in a separate
qemuInterfaceBuilldCommandLine() function as suggested by
Michal). However, this will require storing away an array of tapfd and
vhostfd that are needed for the commandline, so I would rather do that
in a separate patch and leave this patch at the minimum to fix the
bug.
2013-05-07 11:36:43 -04:00
Daniel P. Berrange 039e30805c Ensure stub todo.html.in file is HTML5
If no todo.cfg is present, make sure the stub is in HTML5
format and clearly states that the config was not available

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-05-07 15:45:50 +01:00
Daniel P. Berrange c5e8343a25 Point users to Virt-Viewer MSI installers for Windows builds
The Windows port page currently links to pre-built libvirt
DLLs for release 0.8.8 which are 2 years old now. Until we
can reliably produce official Windows installers, point
people to the virt-viewer MSI installers instead which
include the libvirt DLLs.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-05-07 15:29:37 +01:00
Boris Fiuczynski bde1731613 qemu: Enable the capability bit for -no-kvm-pit-reinjection on x86 only
On architectures not supporting the Intel specific programmable interval
timer, like e.g. S390, starting a domain with a clock definition containing
a pit timer results in the error "Option no-kvm-pit-reinjection not supported
for this target".

By moving the capability enablement for -no-kvm-pit-reinjection from the
InitQMPBasic section into the x86_64 and i686 only enablement section all
other architectures are no longer automatically enabled. In addition
architecture related capabilities enablements have refactored into a new
architecture bound capabilities initialization function.

Signed-off-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
Signed-off-by: Viktor Mihajlovski <mihajlov@linux.vnet.ibm.com>
2013-05-07 14:42:40 +02:00
Daniel Hansel e914dcfdaa rpc: message related sizes enlarged
We have seen an issue on s390x platform where domain XMLs larger than 1MB
were used. The define command was finished successfully. The dumpxml command
was not successful (i.e. could not encode message payload).

Enlarged message related sizes (e.g. maximum string size, message size, etc.)
to handle larger system configurations used on s390x platform.

To improve handling of the RPC message size the allocation during encode process
is changed to a dynamic one (i.e. starting with 64kB initial size and increasing
that size in steps up to 16MB if the payload data is larger).

Signed-off-by: Daniel Hansel <daniel.hansel@linux.vnet.ibm.com>
Signed-off-by: Viktor Mihajlovski <mihajlov@linux.vnet.ibm.com>
2013-05-07 13:29:58 +02:00
Daniel P. Berrange 5e7b0e8757 Fix namespace bugs in API docs, todo page & hv support page
The XSL for generating the API docs was missing the HTML5
namespace declarations. The todo and hvsupport scripts were
also missing the HTML5 doctype / namespace declaration.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-05-07 11:19:04 +01:00
Peter Krempa 246d0068ac qemu: Do fake auto-allocation of ports when generating native command
When attempting to generate the native command line from an XML file
that uses graphics port auto allocation, the generated commandline
wouldn't be valid.

This patch adds fake autoallocation of ports as done when starting the
actual machine.
2013-05-06 22:13:22 +02:00
Eric Blake a2584d58f6 spec: proper soft static allocation of qemu uid
https://bugzilla.redhat.com/show_bug.cgi?id=924501 tracks a
problem that occurs if uid 107 is already in use at the time
libvirt is first installed.  In response that problem, Fedora
packaging guidelines were recently updated.  This fixes the
spec file to comply with the new guidelines:
https://fedoraproject.org/wiki/Packaging:UsersAndGroups

* libvirt.spec.in (daemon): Follow updated Fedora guidelines.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-05-06 14:05:05 -06:00
Eric Blake c21c38d71b build: clean up stray files found by 'make distcheck'
'make distcheck' complained:

ERROR: files left in build directory after distclean:
./python/libvirt.pyc
./tests/commandhelper.log

Problems introduced in commits f015495 and 25ea8e4 (both v1.0.3).

* tests/commandtest.c (test21): Check (and clean) log file.
* tests/commanddata/test21.log: New file.
* python/Makefile.am (CLEANFILES): Clean up compiled python files.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-05-06 14:01:08 -06:00
Eric Blake ed11ab93fa build: always include libvirt_lxc.syms in tarball
On a mingw build, 'make distcheck' fails with:

  GEN      libvirt_qemu.def
make[3]: *** No rule to make target `../../src/libvirt_lxc.syms', needed by `libvirt_lxc.def'.  Stop.

I traced it to a missing entry in EXTRA_DIST.  But rather than keep
the entire list in sync, it is easier to list the three syms files
that drive .so files directly, and then reuse existing makefile
variables for the remaining files (that is, I validated that all
remaining files are added to SYM_FILES, possibly via USED_SYM_FILES,
according to makefile conditionals).

Problem introduced in commit 3d1596b (v1.0.2).

* src/Makefile.am (EXTRA_DIST): Ensure all syms files are shipped.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-05-06 13:59:48 -06:00