Re: [libvirt] [PATCH] add migration APIs to libxl driver
--- src/libxl/libxl_conf.h |4 + src/libxl/libxl_driver.c | 641 ++ src/libxl/libxl_driver.h |5 + 3 files changed, 650 insertions(+), 0 deletions(-) diff --git a/src/libxl/libxl_conf.h b/src/libxl/libxl_conf.h index 8ba0ee4..2041cc2 100644 --- a/src/libxl/libxl_conf.h +++ b/src/libxl/libxl_conf.h @@ -41,6 +41,9 @@ # define LIBXL_VNC_PORT_MIN 5900 # define LIBXL_VNC_PORT_MAX 65535 +# define LIBXL_MIGRATION_PORT_MIN 49152 +# define LIBXL_MIGRATION_PORT_MAX 49216 + there is a overlap between vnc and migration port. althrought, it will try next port in virPortAllocatorAcquire after bind fail. # define LIBXL_CONFIG_DIR SYSCONFDIR /libvirt/libxl # define LIBXL_AUTOSTART_DIR LIBXL_CONFIG_DIR /autostart # define LIBXL_STATE_DIR LOCALSTATEDIR /run/libvirt/libxl @@ -109,6 +112,7 @@ struct _libxlDriverPrivate { /* Immutable pointer, self-locking APIs */ virPortAllocatorPtr reservedVNCPorts; +virPortAllocatorPtr reservedMigPorts; /* Immutable pointer, lockless APIs*/ virSysinfoDefPtr hostsysinfo; diff --git a/src/libxl/libxl_driver.c b/src/libxl/libxl_driver.c index e2a6d44..93b7153 100644 --- a/src/libxl/libxl_driver.c +++ b/src/libxl/libxl_driver.c @@ -32,6 +32,12 @@ #include libxl_utils.h #include fcntl.h #include regex.h +#include stdlib.h +#include string.h +#include sys/types.h +#include sys/socket.h +#include arpa/inet.h +#include netdb.h #include internal.h #include virlog.h @@ -52,6 +58,7 @@ #include virsysinfo.h #include viraccessapicheck.h #include viratomic.h +#include rpc/virnetsocket.h #define VIR_FROM_THIS VIR_FROM_LIBXL @@ -69,6 +76,20 @@ static libxlDriverPrivatePtr libxl_driver = NULL; +typedef struct _libxlMigrateReceiveArgs { +virConnectPtr conn; +virDomainObjPtr vm; + +/* for freeing listen sockets */ +virNetSocketPtr *socks; +size_t nsocks; +} libxlMigrateReceiveArgs; + +static const char libxlMigrateReceiverReady[]= +libvirt libxl migration receiver ready, send binary domain data; +static const char libxlMigrateReceiverFinish[]= +domain received, ready to unpause; + /* Function declarations */ static int libxlDomainManagedSaveLoad(virDomainObjPtr vm, @@ -836,6 +857,12 @@ libxlStateInitialize(bool privileged, LIBXL_VNC_PORT_MAX))) goto error; +/* Allocate bitmap for migration port reservation */ +if (!(libxl_driver-reservedMigPorts = + virPortAllocatorNew(LIBXL_MIGRATION_PORT_MIN, + LIBXL_MIGRATION_PORT_MAX))) +goto error; + if (!(libxl_driver-domains = virDomainObjListNew())) goto error; @@ -4175,11 +4202,620 @@ libxlConnectSupportsFeature(virConnectPtr conn, int feature) switch (feature) { case VIR_DRV_FEATURE_TYPED_PARAM_STRING: return 1; +case VIR_DRV_FEATURE_MIGRATION_V3: +return 1; default: return 0; } } +static int +libxlCheckMessageBanner(int fd, const char *banner, int banner_sz) +{ +char buf[banner_sz]; +int ret = 0; + +do { +ret = saferead(fd, buf, banner_sz); +} while (ret == -1 errno == EAGAIN); + +if (ret != banner_sz || memcmp(buf, banner, banner_sz)) { +return -1; +} + +return 0; +} + +static char * +libxlDomainMigrateBegin3(virDomainPtr domain, + const char *xmlin, + char **cookieout ATTRIBUTE_UNUSED, + int *cookieoutlen ATTRIBUTE_UNUSED, + unsigned long flags, + const char *dname ATTRIBUTE_UNUSED, + unsigned long resource ATTRIBUTE_UNUSED) +{ +libxlDriverPrivatePtr driver = domain-conn-privateData; +libxlDriverConfigPtr cfg = libxlDriverConfigGet(driver); +virDomainObjPtr vm; +virDomainDefPtr def = NULL; +char *xml = NULL; + +virCheckFlags(LIBXL_MIGRATION_FLAGS, NULL); + +vm = virDomainObjListFindByUUID(driver-domains, domain-uuid); +if (!vm) { +char uuidstr[VIR_UUID_STRING_BUFLEN]; +virUUIDFormat(domain-uuid, uuidstr); +virReportError(VIR_ERR_OPERATION_INVALID, + _(no domain with matching uuid '%s'), uuidstr); +goto cleanup; +} libxlDomObjFromDomain is introduced in commit 0d87fd0aa by Jim. + +if (!virDomainObjIsActive(vm)) { +virReportError(VIR_ERR_OPERATION_INVALID, %s, + _(domain is not running)); +goto cleanup; +} + +if (virDomainMigrateBegin3EnsureACL(domain-conn, vm-def) 0) +goto cleanup; + +if (xmlin) { +if (!(def =
[libvirt] [PATCH] fix a ambiguous output of the command:'virsh vol-create-as'
I created a storage volume(eg: test) from a storage pool(eg:vg10) using the following command:virsh vol-create-as --pool vg10 --name test --capacity 300M. When I re-executed the above command, the output was as the following: error: Failed to create vol test error: Storage volume not found: storage vol 'test' already exists I think the output Storage volume not found is not appropriate. Because in fact storage vol test has been found at this time. And then I think virErrorNumber should includes VIR_ERR_STORAGE_EXIST which can also be used elsewhere. So I make this patch. The result is as following: error: Failed to create vol test error: storage volume 'test' exists already --- include/libvirt/virterror.h |1 + src/storage/storage_driver.c |4 ++-- src/util/virerror.c |6 ++ 3 files changed, 9 insertions(+), 2 deletions(-) diff --git a/include/libvirt/virterror.h b/include/libvirt/virterror.h index c1960c8..28ef30a 100644 --- a/include/libvirt/virterror.h +++ b/include/libvirt/virterror.h @@ -296,6 +296,7 @@ typedef enum { VIR_ERR_ACCESS_DENIED = 88, /* operation on the object/resource was denied */ VIR_ERR_DBUS_SERVICE = 89, /* error from a dbus service */ +VIR_ERR_STORAGE_EXIST = 90, /* the storage vol already exist */ } virErrorNumber; /** diff --git a/src/storage/storage_driver.c b/src/storage/storage_driver.c index 6c39284..aa5a144 100644 --- a/src/storage/storage_driver.c +++ b/src/storage/storage_driver.c @@ -1538,8 +1538,8 @@ storageVolCreateXML(virStoragePoolPtr obj, goto cleanup; if (virStorageVolDefFindByName(pool, voldef-name)) { -virReportError(VIR_ERR_NO_STORAGE_VOL, - _(storage vol '%s' already exists), voldef-name); +virReportError(VIR_ERR_STORAGE_EXIST, + _('%s'), voldef-name); goto cleanup; } diff --git a/src/util/virerror.c b/src/util/virerror.c index ca25678..35bb017 100644 --- a/src/util/virerror.c +++ b/src/util/virerror.c @@ -1004,6 +1004,12 @@ virErrorMsg(virErrorNumber error, const char *info) else errmsg = _(Storage volume not found: %s); break; +case VIR_ERR_STORAGE_EXIST: +if (info == NULL) +errmsg = _(this storage volume exists already); +else +errmsg = _(storage volume %s exists already); +break; case VIR_ERR_STORAGE_PROBE_FAILED: if (info == NULL) errmsg = _(Storage pool probe failed); -- 1.7.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] Openvswitch support question
Hi all. I'm using vs witch and libvirt 1.2. I'm write vswitch controller and want to react on up/down port in virtual switch. All fork fine, but message sent to controller does not contain Mac address of added interface. Does this libvirt problem or this is only vswitch error? -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] qemu, numa: non-contiguous cpusets
On Sun, Sep 29, 2013 at 05:10:44PM +0200, Borislav Petkov wrote: Btw, while I got your attention, on a not-really related topic: how do we feel about adding support for specifying a non-contiguous set of cpus for a numa node in qemu with the -numa option? I.e., like this, for example: x86_64-softmmu/qemu-system-x86_64 -smp 8 -numa node,nodeid=0,cpus=0\;2\;4-5 -numa node,nodeid=1,cpus=1\;3\;6-7 The ';' needs to be escaped from the shell but I'm open for better suggestions. Use a ':' instead. Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH]lxc: goto cleanup if lxcContainerBuildInitCmd returns NULL
From: Chen Hanxiao chenhanx...@cn.fujitsu.com We should goto cleanup directly if lxcContainerBuildInitCmd returns NULL, which would avoid lots of unnecessary works. Signed-off-by: Chen Hanxiao chenhanx...@cn.fujitsu.com --- src/lxc/lxc_container.c | 5 - 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c index 3fdf397..f03f236 100644 --- a/src/lxc/lxc_container.c +++ b/src/lxc/lxc_container.c @@ -1820,7 +1820,10 @@ static int lxcContainerChild(void *data) if ((hasReboot = lxcContainerHasReboot()) 0) goto cleanup; -cmd = lxcContainerBuildInitCmd(vmDef); +if (!(cmd = lxcContainerBuildInitCmd(vmDef))) { +VIR_DEBUG(Failed to build init cmd for container); +goto cleanup; +} virCommandWriteArgLog(cmd, 1); if (lxcContainerSetID(vmDef) 0) -- 1.8.2.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] Openvswitch support question
On 30.09.2013 10:08, Vasiliy Tolstov wrote: Hi all. I'm using vs witch and libvirt 1.2. I'm write vswitch controller and want to react on up/down port in virtual switch. All fork fine, but message sent to controller does not contain Mac address of added interface. Does this libvirt problem or this is only vswitch error? From the code I think we do send the interface's MAC: http://libvirt.org/git/?p=libvirt.git;a=blob;f=src/util/virnetdevopenvswitch.c;h=daa2bfa2af99a724ef9238d16127c85cedffa5a1;hb=HEAD#l132 (the @attachedmac_ex_id variable contains mac - see line 69). But maybe I've misunderstood the question. Michal -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH]lxc: do cleanup when failed to bind fs as read-only
On Sun, Sep 29, 2013 at 06:36:24PM +0800, Chen Hanxiao wrote: From: Chen Hanxiao chenhanx...@cn.fujitsu.com We forgot to 'goto cleanup' when lxcContainerMountFSTmpfs failed to bind fs as read-only. Signed-off-by: Chen Hanxiao chenhanx...@cn.fujitsu.com --- src/lxc/lxc_container.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c index c60f5d8..3fdf397 100644 --- a/src/lxc/lxc_container.c +++ b/src/lxc/lxc_container.c @@ -1451,6 +1451,7 @@ static int lxcContainerMountFSTmpfs(virDomainFSDefPtr fs, virReportSystemError(errno, _(Failed to make directory %s readonly), fs-dst); +goto cleanup; Indentation is not right here Regards, Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] storage: use btrfs file clone ioctl when possible
On Mon, Sep 30, 2013 at 01:21:18AM +0300, Oskari Saarenmaa wrote: On Fri, Sep 27, 2013 at 03:19:06PM +0100, Daniel P. Berrange wrote: On Fri, Sep 27, 2013 at 05:02:53PM +0300, Oskari Saarenmaa wrote: Btrfs provides a copy-on-write clone ioctl so let's try to use it instead of copying files block by block. The ioctl is executed unconditionally if it's available and we fall back to block copying if it fails, similarly to cp --reflink=auto. Currently the virStorageVolCreateXMLFrom method does a full allocation of storage when cloning volumes. This means applications can rely on the image having enough space when clone completes and won't get ENOSPC in the VM. AFAICT, this change to do copy-on-write changes the API to do thin provisioning of the storage during clone, so any future write on either the new or old volume may generate ENOSPC when btrfs finally copies the sector. I don't think this is a good thing. I think applications should have to explicitly request copy-on-write behaviour for the clone so they know the implications. That's a good point. However, it looks like this change would only change the behavior for the old volumes; new volumes are always created sparsely and they may already get ENOSPC on write if they contained zero blocks. This should probably be fixed by calling fallocate instead of lseek when noticing empty blocks (safezero should probably be used instead, but it's currently rather unsafe if posix_fallocate isn't available.) I was wondering if we could reuse the allocation and capacity fields to decide whether or not to try to do a cow-clone (or sparse allocation of the cloned bits)? Currently a cloned volume's allocation is always set to at least the original volume's capacity and the original client-requested allocation value is not passed on to the code doing the cloning, but we could pass it on and allow copy-on-write clones if allocation is set to zero (no space is guaranteed to be available for writing) and also change sparse cloning to only happen if allocation is lower than capacity. I think just having a VIR_STORAGE_VOL_CLONE_COPY_ON_WRITE flag for the API would suffice. Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH]lxc: goto cleanup if lxcContainerBuildInitCmd returns NULL
On Mon, Sep 30, 2013 at 04:20:14PM +0800, Chen Hanxiao wrote: From: Chen Hanxiao chenhanx...@cn.fujitsu.com We should goto cleanup directly if lxcContainerBuildInitCmd returns NULL, which would avoid lots of unnecessary works. Signed-off-by: Chen Hanxiao chenhanx...@cn.fujitsu.com --- src/lxc/lxc_container.c | 5 - 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c index 3fdf397..f03f236 100644 --- a/src/lxc/lxc_container.c +++ b/src/lxc/lxc_container.c @@ -1820,7 +1820,10 @@ static int lxcContainerChild(void *data) if ((hasReboot = lxcContainerHasReboot()) 0) goto cleanup; -cmd = lxcContainerBuildInitCmd(vmDef); +if (!(cmd = lxcContainerBuildInitCmd(vmDef))) { +VIR_DEBUG(Failed to build init cmd for container); +goto cleanup; +} virCommandWriteArgLog(cmd, 1); This is not required - the virCommand APIs are designed to handle NULL for cmd - they do delayed error reporting. Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] Openvswitch support question
On Sep 30, 2013 12:32 PM, Michal Privoznik mpriv...@redhat.com wrote: On 30.09.2013 10:08, Vasiliy Tolstov wrote: Hi all. I'm using vs witch and libvirt 1.2. I'm write vswitch controller and want to react on up/down port in virtual switch. All fork fine, but message sent to controller does not contain Mac address of added interface. Does this libvirt problem or this is only vswitch error? From the code I think we do send the interface's MAC: http://libvirt.org/git/?p=libvirt.git;a=blob;f=src/util/virnetdevopenvswitch.c;h=daa2bfa2af99a724ef9238d16127c85cedffa5a1;hb=HEAD#l132 (the @attachedmac_ex_id variable contains mac - see line 69). But maybe I've misunderstood the question. Michal Thanks, Michal. Yes as see that libvirt send mac. I'm try to ask now in vswitch list. -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] qemu, numa: non-contiguous cpusets
Il 29/09/2013 17:10, Borislav Petkov ha scritto: Btw, while I got your attention, on a not-really related topic: how do we feel about adding support for specifying a non-contiguous set of cpus for a numa node in qemu with the -numa option? I.e., like this, for example: x86_64-softmmu/qemu-system-x86_64 -smp 8 -numa node,nodeid=0,cpus=0\;2\;4-5 -numa node,nodeid=1,cpus=1\;3\;6-7 I think there are already patches on the list to do that, as part of the NUMA memory binding series from Wanlong Gao. Paolo The ';' needs to be escaped from the shell but I'm open for better suggestions. Here's a diff: --- diff --git a/vl.c b/vl.c index 4e709d5c1c20..82a6c8451fb0 100644 --- a/vl.c +++ b/vl.c @@ -1261,9 +1261,27 @@ char *get_boot_devices_list(size_t *size) return list; } +static int __numa_set_cpus(unsigned long *map, int start, int end) +{ +if (end = MAX_CPUMASK_BITS) { +end = MAX_CPUMASK_BITS - 1; +fprintf(stderr, +qemu: NUMA: A max of %d VCPUs are supported\n, + MAX_CPUMASK_BITS); +return -EINVAL; +} + +if (end start) { +return -EINVAL; +} + +bitmap_set(map, start, end-start+1); +return 0; +} + static void numa_node_parse_cpus(int nodenr, const char *cpus) { -char *endptr; +char *endptr, *ptr = (char *)cpus; unsigned long long value, endvalue; /* Empty CPU range strings will be considered valid, they will simply @@ -1273,7 +1291,8 @@ static void numa_node_parse_cpus(int nodenr, const char *cpus) return; } -if (parse_uint(cpus, value, endptr, 10) 0) { +fromthetop: +if (parse_uint(ptr, value, endptr, 10) 0) { goto error; } if (*endptr == '-') { @@ -1282,22 +1301,22 @@ static void numa_node_parse_cpus(int nodenr, const char *cpus) } } else if (*endptr == '\0') { endvalue = value; -} else { -goto error; -} +} else if (*endptr == ';') { + if (__numa_set_cpus(node_cpumask[nodenr], value, value) 0) { + goto error; + } + endptr++; +if (*endptr == '\0') + return; -if (endvalue = MAX_CPUMASK_BITS) { -endvalue = MAX_CPUMASK_BITS - 1; -fprintf(stderr, -qemu: NUMA: A max of %d VCPUs are supported\n, - MAX_CPUMASK_BITS); -} + ptr = endptr; -if (endvalue value) { + goto fromthetop; +} else { goto error; } -bitmap_set(node_cpumask[nodenr], value, endvalue-value+1); +__numa_set_cpus(node_cpumask[nodenr], value, endvalue); return; error: -- Thanks. -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH v2]lxc: do cleanup when failed to bind fs as read-only
From: Chen Hanxiao chenhanx...@cn.fujitsu.com We forgot to do cleanup when lxcContainerMountFSTmpfs failed to bind fs as read-only. v2: fix an indentation issue Signed-off-by: Chen Hanxiao chenhanx...@cn.fujitsu.com --- src/lxc/lxc_container.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c index c60f5d8..b1f429c 100644 --- a/src/lxc/lxc_container.c +++ b/src/lxc/lxc_container.c @@ -1451,6 +1451,7 @@ static int lxcContainerMountFSTmpfs(virDomainFSDefPtr fs, virReportSystemError(errno, _(Failed to make directory %s readonly), fs-dst); +goto cleanup; } } -- 1.8.2.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH]lxc: do cleanup when failed to bind fs as read-only
-Original Message- From: Daniel P. Berrange [mailto:berra...@redhat.com] Sent: Monday, September 30, 2013 4:45 PM To: Chen Hanxiao Cc: libvir-list@redhat.com Subject: Re: [libvirt] [PATCH]lxc: do cleanup when failed to bind fs as read-only On Sun, Sep 29, 2013 at 06:36:24PM +0800, Chen Hanxiao wrote: From: Chen Hanxiao chenhanx...@cn.fujitsu.com We forgot to 'goto cleanup' when lxcContainerMountFSTmpfs failed to bind fs as read-only. Signed-off-by: Chen Hanxiao chenhanx...@cn.fujitsu.com --- src/lxc/lxc_container.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c index c60f5d8..3fdf397 100644 --- a/src/lxc/lxc_container.c +++ b/src/lxc/lxc_container.c @@ -1451,6 +1451,7 @@ static int lxcContainerMountFSTmpfs(virDomainFSDefPtr fs, virReportSystemError(errno, _(Failed to make directory %s readonly), fs-dst); +goto cleanup; Indentation is not right here Oops... v2 will come soon Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH]lxc: goto cleanup if lxcContainerBuildInitCmd returns NULL
-Original Message- From: Daniel P. Berrange [mailto:berra...@redhat.com] Sent: Monday, September 30, 2013 4:51 PM To: Chen Hanxiao Cc: libvir-list@redhat.com Subject: Re: [libvirt] [PATCH]lxc: goto cleanup if lxcContainerBuildInitCmd returns NULL On Mon, Sep 30, 2013 at 04:20:14PM +0800, Chen Hanxiao wrote: From: Chen Hanxiao chenhanx...@cn.fujitsu.com We should goto cleanup directly if lxcContainerBuildInitCmd returns NULL, which would avoid lots of unnecessary works. Signed-off-by: Chen Hanxiao chenhanx...@cn.fujitsu.com --- src/lxc/lxc_container.c | 5 - 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c index 3fdf397..f03f236 100644 --- a/src/lxc/lxc_container.c +++ b/src/lxc/lxc_container.c @@ -1820,7 +1820,10 @@ static int lxcContainerChild(void *data) if ((hasReboot = lxcContainerHasReboot()) 0) goto cleanup; -cmd = lxcContainerBuildInitCmd(vmDef); +if (!(cmd = lxcContainerBuildInitCmd(vmDef))) { +VIR_DEBUG(Failed to build init cmd for container); +goto cleanup; +} virCommandWriteArgLog(cmd, 1); This is not required - the virCommand APIs are designed to handle NULL for cmd - they do delayed error reporting. Thanks, I see. I just don't want lxcContainerChild to have finished all preparation and then find nothing to do due to an OOM occurred :) Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH 1/2] python: Report nodeinfo's memory in KiB
The python binding to virNodeGetInfo API has this awful bug. The amount of RAM the node has is reported in MiB instead of KiB as we have documented in the struct virNodeInfo description. The problem is, after we obtain the nodeinfo the amount is shifted left ten times (divided by 1024). Signed-off-by: Michal Privoznik mpriv...@redhat.com --- python/libvirt-override.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/python/libvirt-override.c b/python/libvirt-override.c index e659bae..3069013 100644 --- a/python/libvirt-override.c +++ b/python/libvirt-override.c @@ -2843,7 +2843,7 @@ libvirt_virNodeGetInfo(PyObject *self ATTRIBUTE_UNUSED, PyObject *args) { return VIR_PY_NONE; py_retval = PyList_New(8); PyList_SetItem(py_retval, 0, libvirt_constcharPtrWrap(info.model[0])); -PyList_SetItem(py_retval, 1, libvirt_longWrap((long) info.memory 10)); +PyList_SetItem(py_retval, 1, libvirt_longWrap((long) info.memory)); PyList_SetItem(py_retval, 2, libvirt_intWrap((int) info.cpus)); PyList_SetItem(py_retval, 3, libvirt_intWrap((int) info.mhz)); PyList_SetItem(py_retval, 4, libvirt_intWrap((int) info.nodes)); -- 1.8.1.5 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH 2/2] python: Document virNodeGetInfo bug
The memory size in virNodeGetInfo python API binding is reported in MiB instead of KiB (like we have in C struct). However, there already might be applications out there relying on this inconsistence so we can't simply fix it. Document this sad fact as known bug. Signed-off-by: Michal Privoznik mpriv...@redhat.com --- python/libvirt-override-api.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/python/libvirt-override-api.xml b/python/libvirt-override-api.xml index 1bceb05..337d0a0 100644 --- a/python/libvirt-override-api.xml +++ b/python/libvirt-override-api.xml @@ -100,7 +100,7 @@ arg name='flags' type='unsigned int' info='flags, currently unused, pass 0.'/ /function function name='virNodeGetInfo' file='python' - infoExtract hardware information about the Node./info + infoExtract hardware information about the Node. Note that the memory size is reported in MiB instead of KiB./info return type='char *' info='the list of information or None in case of error'/ arg name='conn' type='virConnectPtr' info='pointer to the hypervisor connection'/ /function -- 1.8.1.5 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH 0/2] Python virNodeGetInfo mess
I'm proposing two contradictionary patches to fix the issue. Long story short, libvirt is mangling the memory size in pythong API binding where the size is reported in MiB instead of KiB: https://www.redhat.com/archives/libvirt-users/2013-September/msg00187.html Which approach do you like better? Michal Privoznik (2): python: Report nodeinfo's memory in KiB python: Document virNodeGetInfo bug python/libvirt-override-api.xml | 2 +- python/libvirt-override.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) -- 1.8.1.5 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 1/2] python: Report nodeinfo's memory in KiB
On Mon, Sep 30, 2013 at 11:30:11AM +0200, Michal Privoznik wrote: The python binding to virNodeGetInfo API has this awful bug. The amount of RAM the node has is reported in MiB instead of KiB as we have documented in the struct virNodeInfo description. The problem is, after we obtain the nodeinfo the amount is shifted left ten times (divided by 1024). Signed-off-by: Michal Privoznik mpriv...@redhat.com --- python/libvirt-override.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/python/libvirt-override.c b/python/libvirt-override.c index e659bae..3069013 100644 --- a/python/libvirt-override.c +++ b/python/libvirt-override.c @@ -2843,7 +2843,7 @@ libvirt_virNodeGetInfo(PyObject *self ATTRIBUTE_UNUSED, PyObject *args) { return VIR_PY_NONE; py_retval = PyList_New(8); PyList_SetItem(py_retval, 0, libvirt_constcharPtrWrap(info.model[0])); -PyList_SetItem(py_retval, 1, libvirt_longWrap((long) info.memory 10)); +PyList_SetItem(py_retval, 1, libvirt_longWrap((long) info.memory)); PyList_SetItem(py_retval, 2, libvirt_intWrap((int) info.cpus)); PyList_SetItem(py_retval, 3, libvirt_intWrap((int) info.mhz)); PyList_SetItem(py_retval, 4, libvirt_intWrap((int) info.nodes)); NACK, this is a clear backwards compat problem that will break *every* application using this API Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] genprotocol.pl: Fix code on FreeBSD too
On Fri, Sep 27, 2013 at 04:39:21PM +0200, Michal Privoznik wrote: On some systems (linux, cygwin and freebsd) rpcgen generates files which when compiling produces this warning: remote/remote_protocol.c: In function 'xdr_remote_node_get_cpu_stats_ret': remote/remote_protocol.c:530: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] Hence, on those systems we need to post-process the files by the rpc/genprotocol.pl perl script. At the beginning of the script the OS is detected via $^O perl variable. On FreeBSD it contains 'freebsd' string and not 'gnukfreebsd' as is currently there: http://perldoc.perl.org/perlport.html#PLATFORMS Signed-off-by: Michal Privoznik mpriv...@redhat.com --- src/rpc/genprotocol.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/rpc/genprotocol.pl b/src/rpc/genprotocol.pl index 4f8b6c4..abd40fd 100755 --- a/src/rpc/genprotocol.pl +++ b/src/rpc/genprotocol.pl @@ -43,7 +43,7 @@ open RPCGEN, -|, $rpcgen, $mode, $xdrdef open TARGET, $target or die cannot create $target: $!; -my $fixup = $^O eq linux || $^O eq cygwin || $^O eq gnukfreebsd; +my $fixup = $^O eq linux || $^O eq cygwin || $^O eq freebsd; NAK. As Daniel pointed out the above refers to GNU/kFreeBSD and should be kept and freebsd just added. Cheers, -- Guido if ($mode eq -c) { print TARGET #include config.h\n; -- 1.8.1.5 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 2/2] python: Document virNodeGetInfo bug
On Mon, Sep 30, 2013 at 11:30:12AM +0200, Michal Privoznik wrote: The memory size in virNodeGetInfo python API binding is reported in MiB instead of KiB (like we have in C struct). However, there already might be applications out there relying on this inconsistence so we can't simply fix it. Document this sad fact as known bug. Signed-off-by: Michal Privoznik mpriv...@redhat.com --- python/libvirt-override-api.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/python/libvirt-override-api.xml b/python/libvirt-override-api.xml index 1bceb05..337d0a0 100644 --- a/python/libvirt-override-api.xml +++ b/python/libvirt-override-api.xml @@ -100,7 +100,7 @@ arg name='flags' type='unsigned int' info='flags, currently unused, pass 0.'/ /function function name='virNodeGetInfo' file='python' - infoExtract hardware information about the Node./info + infoExtract hardware information about the Node. Note that the memory size is reported in MiB instead of KiB./info return type='char *' info='the list of information or None in case of error'/ arg name='conn' type='virConnectPtr' info='pointer to the hypervisor connection'/ /function ACK Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH v2] genprotocol.pl: Fix code on FreeBSD too
On Fri, Sep 27, 2013 at 04:55:39PM +0200, Michal Privoznik wrote: On some systems (linux, cygwin and gnukfreebsd) rpcgen generates files which when compiling produces this warning: remote/remote_protocol.c: In function 'xdr_remote_node_get_cpu_stats_ret': remote/remote_protocol.c:530: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] Hence, on those systems we need to post-process the files by the rpc/genprotocol.pl perl script. At the beginning of the script the OS is detected via $^O perl variable. From my latest build on FreeBSD I see we need to fix the code there too. On FreeBSD the variable contains 'freebsd' string: http://perldoc.perl.org/perlport.html#PLATFORMS Signed-off-by: Michal Privoznik mpriv...@redhat.com --- src/rpc/genprotocol.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/rpc/genprotocol.pl b/src/rpc/genprotocol.pl index 4f8b6c4..6e6d6d4 100755 --- a/src/rpc/genprotocol.pl +++ b/src/rpc/genprotocol.pl @@ -43,7 +43,7 @@ open RPCGEN, -|, $rpcgen, $mode, $xdrdef open TARGET, $target or die cannot create $target: $!; -my $fixup = $^O eq linux || $^O eq cygwin || $^O eq gnukfreebsd; +my $fixup = $^O eq linux || $^O eq cygwin || $^O eq gnukfreebsd || $^O eq freebsd; if ($mode eq -c) { print TARGET #include config.h\n; ACK. -- Guido -- 1.8.1.5 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 1/2] python: Report nodeinfo's memory in KiB
On 30.09.2013 11:37, Daniel P. Berrange wrote: On Mon, Sep 30, 2013 at 11:30:11AM +0200, Michal Privoznik wrote: The python binding to virNodeGetInfo API has this awful bug. The amount of RAM the node has is reported in MiB instead of KiB as we have documented in the struct virNodeInfo description. The problem is, after we obtain the nodeinfo the amount is shifted left ten times (divided by 1024). Signed-off-by: Michal Privoznik mpriv...@redhat.com --- python/libvirt-override.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/python/libvirt-override.c b/python/libvirt-override.c index e659bae..3069013 100644 --- a/python/libvirt-override.c +++ b/python/libvirt-override.c @@ -2843,7 +2843,7 @@ libvirt_virNodeGetInfo(PyObject *self ATTRIBUTE_UNUSED, PyObject *args) { return VIR_PY_NONE; py_retval = PyList_New(8); PyList_SetItem(py_retval, 0, libvirt_constcharPtrWrap(info.model[0])); -PyList_SetItem(py_retval, 1, libvirt_longWrap((long) info.memory 10)); +PyList_SetItem(py_retval, 1, libvirt_longWrap((long) info.memory)); PyList_SetItem(py_retval, 2, libvirt_intWrap((int) info.cpus)); PyList_SetItem(py_retval, 3, libvirt_intWrap((int) info.mhz)); PyList_SetItem(py_retval, 4, libvirt_intWrap((int) info.nodes)); NACK, this is a clear backwards compat problem that will break *every* application using this API Yeah, I've posted the patch just for completeness-sake while in fact preferring the 2/2. Michal -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 2/2] python: Document virNodeGetInfo bug
On 30.09.2013 11:38, Daniel P. Berrange wrote: On Mon, Sep 30, 2013 at 11:30:12AM +0200, Michal Privoznik wrote: The memory size in virNodeGetInfo python API binding is reported in MiB instead of KiB (like we have in C struct). However, there already might be applications out there relying on this inconsistence so we can't simply fix it. Document this sad fact as known bug. Signed-off-by: Michal Privoznik mpriv...@redhat.com --- python/libvirt-override-api.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/python/libvirt-override-api.xml b/python/libvirt-override-api.xml index 1bceb05..337d0a0 100644 --- a/python/libvirt-override-api.xml +++ b/python/libvirt-override-api.xml @@ -100,7 +100,7 @@ arg name='flags' type='unsigned int' info='flags, currently unused, pass 0.'/ /function function name='virNodeGetInfo' file='python' - infoExtract hardware information about the Node./info + infoExtract hardware information about the Node. Note that the memory size is reported in MiB instead of KiB./info return type='char *' info='the list of information or None in case of error'/ arg name='conn' type='virConnectPtr' info='pointer to the hypervisor connection'/ /function ACK Thanks, I've pushed this patch even though we're in freeze as it's just a documentation fix - so it won't break anything [Famous Last Words (TM)] Michal -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] qemu, numa: non-contiguous cpusets
On Mon, Sep 30, 2013 at 11:05:10AM +0200, Paolo Bonzini wrote: I think there are already patches on the list to do that, as part of the NUMA memory binding series from Wanlong Gao. Yeah: https://lists.gnu.org/archive/html/qemu-devel/2013-09/msg02833.html Although I don't see from it how the syntax for -cpus will look like from that QAPI magic except that it is an + '*cpus': ['uint16'], :-) Thanks. -- Regards/Gruss, Boris. Sent from a fat crate under my desk. Formatting is fine. -- -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH] qemu: process: Silence coverity warning when rewinding log file
The change in ef29de14c37d14abc546e90555a0093797facfdd that introduced better error logging from qemu introduced a warning from coverity about unused return value from lseek. Silence this warning and fix typo in the corresponding error message. Reported by: John Ferlan --- src/qemu/qemu_process.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index d7be731..7a30a5e 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -1845,10 +1845,10 @@ cleanup: } len = strlen(buf); -/* best effor seek - we need to reset to the original position, so that +/* best effort seek - we need to reset to the original position, so that * a possible read of the fd in the monitor code doesn't influence this * error delivery option */ -lseek(logfd, pos, SEEK_SET); +ignore_value(lseek(logfd, pos, SEEK_SET)); qemuProcessReadLog(logfd, buf + len, buf_size - len - 1, 0, true); virReportError(VIR_ERR_INTERNAL_ERROR, _(process exited while connecting to monitor: %s), -- 1.8.3.2 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH] virfile: safezero: align mmap offset to page size
mmap's offset must be aligned to page size or mapping will fail. mmap-based safezero is only used if posix_fallocate isn't available. Signed-off-by: Oskari Saarenmaa o...@ohmu.fi --- src/util/virfile.c | 14 +++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/src/util/virfile.c b/src/util/virfile.c index 20ca89f..16f8101 100644 --- a/src/util/virfile.c +++ b/src/util/virfile.c @@ -1038,9 +1038,16 @@ safezero(int fd, off_t offset, off_t len) int safezero(int fd, off_t offset, off_t len) { +static long pagemask = 0; +off_t map_skip; int r; char *buf; +/* align offset and length, rounding offset down and length up */ +if (pagemask == 0) +pagemask = ~(sysconf(_SC_PAGESIZE) - 1); +map_skip = offset - (offset pagemask); + /* memset wants the mmap'ed file to be present on disk so create a * sparse file */ @@ -1048,12 +1055,13 @@ safezero(int fd, off_t offset, off_t len) if (r 0) return -1; -buf = mmap(NULL, len, PROT_READ | PROT_WRITE, MAP_SHARED, fd, offset); +buf = mmap(NULL, len + map_skip, PROT_READ | PROT_WRITE, MAP_SHARED, + fd, offset - map_skip); if (buf == MAP_FAILED) return -1; -memset(buf, 0, len); -munmap(buf, len); +memset(buf + map_skip, 0, len); +munmap(buf, len + map_skip); return 0; } -- 1.8.3.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH] libvirt: hostdev SCSI AdapterId retrieval fix
Fixed the retrieval of the AdapterId from the AdapterName of the hostdev source so it does return an error instead of leaving the adapter_id uninitialized. Signed-off-by: Boris Fiuczynski fiu...@linux.vnet.ibm.com Reviewed-by: Viktor Mihajlovski mihaj...@linux.vnet.ibm.com --- src/util/virscsi.c | 17 +++-- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/src/util/virscsi.c b/src/util/virscsi.c index 43658c0..7aca9e6 100644 --- a/src/util/virscsi.c +++ b/src/util/virscsi.c @@ -88,16 +88,13 @@ static int virSCSIDeviceGetAdapterId(const char *adapter, unsigned int *adapter_id) { -if (STRPREFIX(adapter, scsi_host)) { -if (virStrToLong_ui(adapter + strlen(scsi_host), -NULL, 0, adapter_id) 0) { -virReportError(VIR_ERR_INTERNAL_ERROR, - _(Cannot parse adapter '%s'), adapter); -return -1; -} -} - -return 0; +if (STRPREFIX(adapter, scsi_host) +virStrToLong_ui(adapter + strlen(scsi_host), +NULL, 0, adapter_id) == 0) +return 0; +virReportError(VIR_ERR_INTERNAL_ERROR, + _(Cannot parse adapter '%s'), adapter); +return -1; } char * -- 1.8.3.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] qemu: process: Silence coverity warning when rewinding log file
On 09/30/2013 06:01 AM, Peter Krempa wrote: The change in ef29de14c37d14abc546e90555a0093797facfdd that introduced better error logging from qemu introduced a warning from coverity about unused return value from lseek. Silence this warning and fix typo in the corresponding error message. Reported by: John Ferlan --- src/qemu/qemu_process.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) ACK John -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] qemu: process: Silence coverity warning when rewinding log file
On 09/30/13 13:20, John Ferlan wrote: On 09/30/2013 06:01 AM, Peter Krempa wrote: The change in ef29de14c37d14abc546e90555a0093797facfdd that introduced better error logging from qemu introduced a warning from coverity about unused return value from lseek. Silence this warning and fix typo in the corresponding error message. Reported by: John Ferlan --- src/qemu/qemu_process.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) ACK Pushed; Thanks. Peter signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [sandbox PATCH] virt-sandbox patch to launch containers with proper label
On Wed, Sep 25, 2013 at 04:50:23PM -0400, Dan Walsh wrote: virt-sandbox should be launching containers based off the lxc_context file from selinux-policy. I changed the hard coded paths to match the latest fedora assigned labels. Fedora 20 SELinux Policy and beyond will have proper SELinux labels in its lxc_contexts file. --- bin/virt-sandbox-service | 2 +- bin/virt-sandbox-service-clone.pod| 5 ++- bin/virt-sandbox-service-create.pod | 7 ++-- bin/virt-sandbox.c| 5 ++- libvirt-sandbox/libvirt-sandbox-builder.c | 58 +-- 5 files changed, 55 insertions(+), 22 deletions(-) diff --git a/bin/virt-sandbox-service b/bin/virt-sandbox-service index c4c4f54..b42fe08 100755 --- a/bin/virt-sandbox-service +++ b/bin/virt-sandbox-service @@ -101,7 +101,7 @@ def copydirtree(src, dst): class Container: DEFAULT_PATH = /var/lib/libvirt/filesystems DEFAULT_IMAGE = /var/lib/libvirt/images/%s.raw -SELINUX_FILE_TYPE = svirt_lxc_file_t +SELINUX_FILE_TYPE = svirt_sandbox_file_t This change will make it impossible to use the new release on existing distros since they won't have this new policy type. We need this to be conditionally changed. diff --git a/libvirt-sandbox/libvirt-sandbox-builder.c b/libvirt-sandbox/libvirt-sandbox-builder.c index 1335042..613161a 100644 --- a/libvirt-sandbox/libvirt-sandbox-builder.c +++ b/libvirt-sandbox/libvirt-sandbox-builder.c @@ -67,6 +67,48 @@ gvir_sandbox_builder_error_quark(void) { return g_quark_from_static_string(gvir-sandbox-builder); } +#include selinux/selinux.h +#include errno.h +static char line[1024]; + +static const char *get_label(int type) { +const char *path = selinux_lxc_contexts_path(); + +FILE *fp = fopen(path, r); +if (fp) { +GType gt = gvir_config_domain_virt_type_get_type (); +GEnumClass *cls = g_type_class_ref (gt); +GEnumValue *val = g_enum_get_value (cls, type); + +while (val fgets(line, sizeof line, fp)) { +int len = strlen(line); +if (len 2) +continue; +if (line[len-1] == '\n') +line[len-1] = '\0'; +char *name = line; +char *value = strchr(name, '='); +if (!value) +continue; +*value = '\0'; +value++; +if (strcmp(name,val-value_nick)) +continue; +return value; +} +fclose(fp); I'm not sure I really understand what this code is doing. You seem to be opening /etc/selinux/targetted/context/lxc_contexts and then searching for the type for LXC, QEMU or KVM. This doesn't really make sense to me. I wonder what the point of any of this code us, when the switch statement below looks to be sufficient. +} + +switch (type) { +case GVIR_CONFIG_DOMAIN_VIRT_KVM: +return system_u:system_r:svirt_qemu_net_t:s0; This should be 'svirt_kvm_net_t' otherwise you are granting the KVM process permission to use execmem execstack, which is bad from a security POV. +case GVIR_CONFIG_DOMAIN_VIRT_QEMU: +return system_u:system_r:svirt_qemu_net_t:s0; This again looks like it might have back compat problems, if we try to use this on old policy based systems. Though those hosts were already broken due to svirt_t type not allowing sufficient privileges, so perhaps its ok. +case GVIR_CONFIG_DOMAIN_VIRT_LXC: +default: +return system_u:system_r:svirt_lxc_net_t:s0; The default case should report an error - we shouldn't assume that if we add usermode linux or vmware support, that it'll want this lxc type. +} +} static gboolean gvir_sandbox_builder_construct_domain(GVirSandboxBuilder *builder, GVirSandboxConfig *config, @@ -335,17 +377,11 @@ static gboolean gvir_sandbox_builder_construct_security(GVirSandboxBuilder *buil if (gvir_sandbox_config_get_security_dynamic(config)) { gvir_config_domain_seclabel_set_type(sec, GVIR_CONFIG_DOMAIN_SECLABEL_DYNAMIC); -if (label) -gvir_config_domain_seclabel_set_baselabel(sec, label); -else if (gvir_config_domain_get_virt_type(domain) == - GVIR_CONFIG_DOMAIN_VIRT_LXC) -gvir_config_domain_seclabel_set_baselabel(sec, system_u:system_r:svirt_lxc_net_t:s0); -else if (gvir_config_domain_get_virt_type(domain) == - GVIR_CONFIG_DOMAIN_VIRT_QEMU) -gvir_config_domain_seclabel_set_baselabel(sec, system_u:system_r:svirt_tcg_t:s0); -else if (gvir_config_domain_get_virt_type(domain) == - GVIR_CONFIG_DOMAIN_VIRT_KVM) -gvir_config_domain_seclabel_set_baselabel(sec, system_u:system_r:svirt_t:s0); +if
Re: [libvirt] [PATCHv2 3/5] qemu: Add support for paravirtual spinlocks in the guest
On 09/26/13 10:59, Peter Krempa wrote: The linux kernel recently added support for paravirtual spinlock handling to avoid performance regressions on overcomitted hosts. This feature needs to be turned in the hypervisor so that the guest OS is notified about the possible support. This patch adds a new feature paravirt-spinlock to the XML and supporting code to enable the kvm_pv_unhalt pseudoCPU feature in qemu. https://bugzilla.redhat.com/show_bug.cgi?id=1008989 --- QEMU upstream has now pulled the patches adding this feature: http://git.qemu.org/?p=qemu.git;a=commit;h=f010bc643a2759e87e989c3e4e85f15ec71ae98f Peter signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH v2 1/2] Introduce Libvirt Wireshark dissector
2013/9/20 Daniel P. Berrange berra...@redhat.com: On Thu, Sep 19, 2013 at 11:26:08PM +0900, Yuto KAWAMURA(kawamuray) wrote: diff --git a/tools/wireshark/src/moduleinfo.h b/tools/wireshark/src/moduleinfo.h new file mode 100644 index 000..9ab642c --- /dev/null +++ b/tools/wireshark/src/moduleinfo.h @@ -0,0 +1,37 @@ +/* moduleinfo.h --- Define constants about wireshark plugin module ... + +/* Included *after* config.h, in order to re-define these macros */ + +#ifdef PACKAGE +# undef PACKAGE +#endif + +/* Name of package */ +#define PACKAGE libvirt Huh ? PACKAGE will already be defined to 'libvirt' so why are you redefining it. + + +#ifdef VERSION +# undef VERSION +#endif + +/* Version number of package */ +#define VERSION 0.0.1 This means the wireshark plugin will have a fixed version, even when libvirt protocol changes in new releases. This seems bogus. Again I think we should just use the existing defined VERSION. I think this whole file can just go away completely Right. I'll remove whole moduleinfo.h. diff --git a/tools/wireshark/src/packet-libvirt.c b/tools/wireshark/src/packet-libvirt.c new file mode 100644 index 000..cd3e6ce --- /dev/null +++ b/tools/wireshark/src/packet-libvirt.c +static gboolean +dissect_xdr_bytes(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf, + guint32 maxlen) +{ +goffset start; +guint8 *val = NULL; +guint32 length; + +start = xdr_getpos(xdrs); +if (xdr_bytes(xdrs, (char **)val, length, maxlen)) { +proto_tree_add_bytes_format_value(tree, hf, tvb, start, xdr_getpos(xdrs) - start, + NULL, %s, format_xdr_bytes(val, length)); +/* Seems I can't call xdr_free() for this case. + It will raises SEGV by referencing out of bounds argument stack */ +xdrs-x_op = XDR_FREE; +xdr_bytes(xdrs, (char **)val, length, maxlen); +xdrs-x_op = XDR_DECODE; Is accessing the internals of the 'XDR' struct really portable ? I think it would be desirable to solve the xdr_free problem rather than accessing struct internals I'll change this to use free(), but let me explain this problem detail. xdr_bytes may raises SEGV when it called from xdr_free. This is caused by xdr_free is accessing it's third argument 'sizep' even if it was called from xdr_free(in other word, when xdrs-x_op is XDR_FREE). This problem can't be reproduced in 64bit architecture due to 64bit system's register usage (I'll explain about this later). Following is a small enough code to reproduce this issue: #include stdio.h #include stdlib.h #include rpc/xdr.h /* Contents of this buffer is not important to reproduce the issue */ static char xdr_buffer[] = { 0x00, 0x00, 0x00, 0x02, /* length is 2byte */ 'A', '\0', 0, 0 /* 2 byte data and 2 byte padding bytes */ }; /* Same as the prototype of xdr_bytes() */ bool_t my_xdr_bytes(XDR *xdrs, char **cpp, u_int *sizep) { return TRUE; } /* Same as the prototype of xdr_free() */ void my_xdr_free(xdrproc_t proc, char *objp) { XDR x; (*proc)(x, objp, NULL/* This NULL stored at same pos of 'sizep' in xdr_bytes() */); } int main(void) { XDR xdrs; char *opaque = NULL; unsigned int size; xdrmem_create(xdrs, xdr_buffer, sizeof(xdr_buffer), XDR_DECODE); if (!xdr_bytes(xdrs, opaque, size, ~0)) { fprintf(stderr, xdr_bytes() returns FALSE\n); exit(1); } /* Reproduce same stack-upping as call of xdr_free(xdr_bytes, opaque). This is needed to stack-up 0x0(invalid address) on position of 'sizsp' which is third argument of xdr_bytes(). */ my_xdr_free((xdrproc_t)my_xdr_bytes, (char *)opaque); /* *** SEGV!! *** */ xdr_free((xdrproc_t)xdr_bytes, (char *)opaque); /* ** */ xdr_destroy(xdrs); return 0; } There are useless calls of my_xdr_free and my_xdr_bytes. These calls are used to reproduce same stack-upping of that when we call xdr_free((xdrproc_t)xdr_bytes, (char *)allocated_mem). To reproduce this issue, we need to store some invalid address in callstack where it will referenced from xdr_bytes via it's third argument 'sizep'. These useless call will store NULL into the position on callstack which will be correspond to the position of 'sizep' in xdr_bytes. In rpc/xdr.h, xdrproc_t was typedefed as following: typedef bool_t (*xdrproc_t) (XDR *, void *,...); xdr_free will call passed xdrproc as function which takes two args and return bool_t. So called function from xdr_free should not access after second argument. But xdr_bytes is accessing it's third argument 'sizep' whatever it was called from xdr_free. This is totally wrong because we can't tell what is stored at position of after second argument in call stack. This problem can only be reproduced in 32bit environment due to register usage on function call. Following explanation is regarding to my environment, so it
[libvirt] [PATCH v3 0/2] Libvirt Wireshark dissector
From: Yuto KAWAMURA(kawamuray) kawamuray.dad...@gmail.com Changes from version2: * Remove moduleinfo.h * Stop accessing internal XDR struct and just use free() Introduce Wireshark dissector plugin which adds support to Wireshark for dissecting libvirt RPC protocol. This feature was presented by Michal Privoznik year before last[1]. But it did only support dissecting packet headers. This time I enhanced that dissector to support dissecting packet payload. Furthermore, I provide code generator of dissector. So you can get fresh build of dissector from libvirt RPC specification file at any version you like. [1] http://www.redhat.com/archives/libvir-list/2011-October/msg00301.html Yuto KAWAMURA(kawamuray) (2): Introduce Libvirt Wireshark dissector Add sample output of Wireshark dissector Makefile.am |3 +- cfg.mk |8 +- configure.ac| 72 +- tools/wireshark/Makefile.am | 29 + tools/wireshark/README.md | 31 + tools/wireshark/samples/libvirt-sample.pdml | 206 ++ tools/wireshark/src/.gitignore |4 + tools/wireshark/src/Makefile.am | 42 ++ tools/wireshark/src/packet-libvirt.c| 512 ++ tools/wireshark/src/packet-libvirt.h| 128 tools/wireshark/util/genxdrstub.pl | 1009 +++ tools/wireshark/util/make-dissector-reg | 198 ++ 12 files changed, 2236 insertions(+), 6 deletions(-) create mode 100644 tools/wireshark/Makefile.am create mode 100644 tools/wireshark/README.md create mode 100644 tools/wireshark/samples/libvirt-sample.pdml create mode 100644 tools/wireshark/src/.gitignore create mode 100644 tools/wireshark/src/Makefile.am create mode 100644 tools/wireshark/src/packet-libvirt.c create mode 100644 tools/wireshark/src/packet-libvirt.h create mode 100755 tools/wireshark/util/genxdrstub.pl create mode 100755 tools/wireshark/util/make-dissector-reg -- 1.8.1.5 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH v3 2/2] Add sample output of Wireshark dissector
From: Yuto KAWAMURA(kawamuray) kawamuray.dad...@gmail.com Add directory tools/wireshark/samples/ and libvirt-sample.pdml which is sample output of dissector. --- tools/wireshark/samples/libvirt-sample.pdml | 206 1 file changed, 206 insertions(+) create mode 100644 tools/wireshark/samples/libvirt-sample.pdml diff --git a/tools/wireshark/samples/libvirt-sample.pdml b/tools/wireshark/samples/libvirt-sample.pdml new file mode 100644 index 000..f6a4c28 --- /dev/null +++ b/tools/wireshark/samples/libvirt-sample.pdml @@ -0,0 +1,206 @@ +?xml version=1.0? +?xml-stylesheet type=text/xsl href=pdml2html.xsl? +!-- *** + This file has been reduced for ineffective packets. + Real output contains more and more elements, but structure + and hierarchy of XML is same as this exmaple. +*** -- +!-- You can find pdml2html.xsl in /usr/share/wireshark or at http://anonsvn.wireshark.org/trunk/wireshark/pdml2html.xsl. -- +pdml version=0 creator=wireshark/1.10.2 time=Thu Sep 19 18:09:24 2013 capture_file= +!-- Program = REMOTE, Procedure = AUTH_LIST -- +packet + proto name=libvirt showname=Libvirt size=28 pos=66 +field name=libvirt.length showname=length: 28 size=4 pos=66 show=28 value=001c/ +field name=libvirt.program showname=program: REMOTE (0x20008086) size=4 pos=70 show=0x20008086 value=20008086/ +field name=libvirt.version showname=version: 1 size=4 pos=74 show=1 value=0001/ +field name=libvirt.procedure showname=procedure: AUTH_LIST (66) size=4 pos=78 show=66 value=0042/ +field name=libvirt.type showname=type: CALL (0) size=4 pos=82 show=0 value=/ +field name=libvirt.serial showname=serial: 0 size=4 pos=86 show=0 value=/ +field name=libvirt.status showname=status: OK (0) size=4 pos=90 show=0 value=/ + /proto +/packet +packet + proto name=libvirt showname=Libvirt size=36 pos=66 +field name=libvirt.length showname=length: 36 size=4 pos=66 show=36 value=0024/ +field name=libvirt.program showname=program: REMOTE (0x20008086) size=4 pos=70 show=0x20008086 value=20008086/ +field name=libvirt.version showname=version: 1 size=4 pos=74 show=1 value=0001/ +field name=libvirt.procedure showname=procedure: AUTH_LIST (66) size=4 pos=78 show=66 value=0042/ +field name=libvirt.type showname=type: REPLY (1) size=4 pos=82 show=1 value=0001/ +field name=libvirt.serial showname=serial: 0 size=4 pos=86 show=0 value=/ +field name=libvirt.status showname=status: OK (0) size=4 pos=90 show=0 value=/ +field name=libvirt.remote_auth_list_ret showname=remote_auth_list_ret size=8 pos=94 show= value= + field name=libvirt.remote_auth_list_ret.types showname=types :: remote_auth_typelt;1gt; size=8 pos=94 show= value= +field name=libvirt.remote_auth_list_ret.types.types showname=types: REMOTE_AUTH_NONE(0) size=4 pos=98 show=0 value=/ + /field +/field + /proto +/packet + +!-- Program = REMOTE, Procedure = CONNECT_OPEN -- +packet + proto name=libvirt showname=Libvirt size=56 pos=66 +field name=libvirt.length showname=length: 56 size=4 pos=66 show=56 value=0038/ +field name=libvirt.program showname=program: REMOTE (0x20008086) size=4 pos=70 show=0x20008086 value=20008086/ +field name=libvirt.version showname=version: 1 size=4 pos=74 show=1 value=0001/ +field name=libvirt.procedure showname=procedure: CONNECT_OPEN (1) size=4 pos=78 show=1 value=0001/ +field name=libvirt.type showname=type: CALL (0) size=4 pos=82 show=0 value=/ +field name=libvirt.serial showname=serial: 2 size=4 pos=86 show=2 value=0002/ +field name=libvirt.status showname=status: OK (0) size=4 pos=90 show=0 value=/ +field name=libvirt.remote_connect_open_args showname=remote_connect_open_args size=8 pos=94 show= value= + field name=libvirt.remote_connect_open_args.name showname=name: (null) size=4 pos=94 show= value=/ + field name=libvirt.remote_connect_open_args.flags showname=flags: 15 size=4 pos=98 show=15 value=000f/ +/field + /proto +/packet +packet + proto name=libvirt showname=Libvirt size=28 pos=66 +field name=libvirt.length showname=length: 28 size=4 pos=66 show=28 value=001c/ +field name=libvirt.program showname=program: REMOTE (0x20008086) size=4 pos=70 show=0x20008086 value=20008086/ +field name=libvirt.version showname=version: 1 size=4 pos=74 show=1 value=0001/ +field name=libvirt.procedure showname=procedure: CONNECT_OPEN (1) size=4 pos=78 show=1 value=0001/ +field name=libvirt.type showname=type: REPLY (1) size=4 pos=82 show=1 value=0001/ +field name=libvirt.serial showname=serial: 2 size=4 pos=86 show=2 value=0002/ +field name=libvirt.status showname=status: OK (0) size=4 pos=90 show=0 value=/ + /proto +/packet + +!-- Program = REMOTE, Procedure = DOMAIN_LOOKUP_BY_NAME -- +packet + proto
Re: [libvirt] qemu, numa: non-contiguous cpusets
Il 30/09/2013 11:49, Borislav Petkov ha scritto: Yeah: https://lists.gnu.org/archive/html/qemu-devel/2013-09/msg02833.html Although I don't see from it how the syntax for -cpus will look like from that QAPI magic except that it is an + '*cpus': ['uint16'], It's -numa node,cpus=0-1,cpus=4-5. Paolo -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH v2 1/2] Introduce Libvirt Wireshark dissector
On Mon, Sep 30, 2013 at 09:12:35PM +0900, Yuto KAWAMURA wrote: 2013/9/20 Daniel P. Berrange berra...@redhat.com: On Thu, Sep 19, 2013 at 11:26:08PM +0900, Yuto KAWAMURA(kawamuray) wrote: diff --git a/tools/wireshark/src/moduleinfo.h b/tools/wireshark/src/moduleinfo.h new file mode 100644 index 000..9ab642c --- /dev/null +++ b/tools/wireshark/src/moduleinfo.h @@ -0,0 +1,37 @@ +/* moduleinfo.h --- Define constants about wireshark plugin module ... + +/* Included *after* config.h, in order to re-define these macros */ + +#ifdef PACKAGE +# undef PACKAGE +#endif + +/* Name of package */ +#define PACKAGE libvirt Huh ? PACKAGE will already be defined to 'libvirt' so why are you redefining it. + + +#ifdef VERSION +# undef VERSION +#endif + +/* Version number of package */ +#define VERSION 0.0.1 This means the wireshark plugin will have a fixed version, even when libvirt protocol changes in new releases. This seems bogus. Again I think we should just use the existing defined VERSION. I think this whole file can just go away completely Right. I'll remove whole moduleinfo.h. diff --git a/tools/wireshark/src/packet-libvirt.c b/tools/wireshark/src/packet-libvirt.c new file mode 100644 index 000..cd3e6ce --- /dev/null +++ b/tools/wireshark/src/packet-libvirt.c +static gboolean +dissect_xdr_bytes(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf, + guint32 maxlen) +{ +goffset start; +guint8 *val = NULL; +guint32 length; + +start = xdr_getpos(xdrs); +if (xdr_bytes(xdrs, (char **)val, length, maxlen)) { +proto_tree_add_bytes_format_value(tree, hf, tvb, start, xdr_getpos(xdrs) - start, + NULL, %s, format_xdr_bytes(val, length)); +/* Seems I can't call xdr_free() for this case. + It will raises SEGV by referencing out of bounds argument stack */ +xdrs-x_op = XDR_FREE; +xdr_bytes(xdrs, (char **)val, length, maxlen); +xdrs-x_op = XDR_DECODE; Is accessing the internals of the 'XDR' struct really portable ? I think it would be desirable to solve the xdr_free problem rather than accessing struct internals I'll change this to use free(), but let me explain this problem detail. xdr_bytes may raises SEGV when it called from xdr_free. This is caused by xdr_free is accessing it's third argument 'sizep' even if it was called from xdr_free(in other word, when xdrs-x_op is XDR_FREE). This problem can't be reproduced in 64bit architecture due to 64bit system's register usage (I'll explain about this later). Following is a small enough code to reproduce this issue: #include stdio.h #include stdlib.h #include rpc/xdr.h /* Contents of this buffer is not important to reproduce the issue */ static char xdr_buffer[] = { 0x00, 0x00, 0x00, 0x02, /* length is 2byte */ 'A', '\0', 0, 0 /* 2 byte data and 2 byte padding bytes */ }; /* Same as the prototype of xdr_bytes() */ bool_t my_xdr_bytes(XDR *xdrs, char **cpp, u_int *sizep) { return TRUE; } /* Same as the prototype of xdr_free() */ void my_xdr_free(xdrproc_t proc, char *objp) { XDR x; (*proc)(x, objp, NULL/* This NULL stored at same pos of 'sizep' in xdr_bytes() */); } int main(void) { XDR xdrs; char *opaque = NULL; unsigned int size; xdrmem_create(xdrs, xdr_buffer, sizeof(xdr_buffer), XDR_DECODE); if (!xdr_bytes(xdrs, opaque, size, ~0)) { fprintf(stderr, xdr_bytes() returns FALSE\n); exit(1); } /* Reproduce same stack-upping as call of xdr_free(xdr_bytes, opaque). This is needed to stack-up 0x0(invalid address) on position of 'sizsp' which is third argument of xdr_bytes(). */ my_xdr_free((xdrproc_t)my_xdr_bytes, (char *)opaque); /* *** SEGV!! *** */ xdr_free((xdrproc_t)xdr_bytes, (char *)opaque); /* ** */ Ok, the scenario here is - 'xdr_bytes' takes 4 arguments - 'xdrproc_t' takes 2 mandatory args + var-args - 'xdr_free' calls the 'xdrproc_t' function with only 2 arguments - 'xdr_bytes' unconditionally accesses its 3rd argument So either - the cast from xdr_bytes - xdrproc_t is invalid and thus xdr_bytes should not be used with xdr_free. or - xdr_bytes impl in glibc is buggy and shouldn't access the 3rd arg except when doing encode/decode operations. Regardless of which is right, we want our code to work on all xdr impls, so we must avoid problem 2. So I think we should just not use xdr_free here. Just do a plain 'free(opaque)' instead. Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o-
Re: [libvirt] [sandbox PATCH] virt-sandbox patch to launch containers with proper label
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/30/2013 08:07 AM, Daniel P. Berrange wrote: On Wed, Sep 25, 2013 at 04:50:23PM -0400, Dan Walsh wrote: virt-sandbox should be launching containers based off the lxc_context file from selinux-policy. I changed the hard coded paths to match the latest fedora assigned labels. Fedora 20 SELinux Policy and beyond will have proper SELinux labels in its lxc_contexts file. --- bin/virt-sandbox-service | 2 +- bin/virt-sandbox-service-clone.pod| 5 ++- bin/virt-sandbox-service-create.pod | 7 ++-- bin/virt-sandbox.c | 5 ++- libvirt-sandbox/libvirt-sandbox-builder.c | 58 +-- 5 files changed, 55 insertions(+), 22 deletions(-) diff --git a/bin/virt-sandbox-service b/bin/virt-sandbox-service index c4c4f54..b42fe08 100755 --- a/bin/virt-sandbox-service +++ b/bin/virt-sandbox-service @@ -101,7 +101,7 @@ def copydirtree(src, dst): class Container: DEFAULT_PATH = /var/lib/libvirt/filesystems DEFAULT_IMAGE = /var/lib/libvirt/images/%s.raw -SELINUX_FILE_TYPE = svirt_lxc_file_t +SELINUX_FILE_TYPE = svirt_sandbox_file_t This change will make it impossible to use the new release on existing distros since they won't have this new policy type. We need this to be conditionally changed. Well we could put the code into check if the type exists else use svirt_lxc_file_t. (BTW Aliased in latest code.) diff --git a/libvirt-sandbox/libvirt-sandbox-builder.c b/libvirt-sandbox/libvirt-sandbox-builder.c index 1335042..613161a 100644 --- a/libvirt-sandbox/libvirt-sandbox-builder.c +++ b/libvirt-sandbox/libvirt-sandbox-builder.c @@ -67,6 +67,48 @@ gvir_sandbox_builder_error_quark(void) { return g_quark_from_static_string(gvir-sandbox-builder); } +#include selinux/selinux.h +#include errno.h +static char line[1024]; + +static const char *get_label(int type) { +const char *path = selinux_lxc_contexts_path(); + +FILE *fp = fopen(path, r); +if (fp) { +GType gt = gvir_config_domain_virt_type_get_type (); + GEnumClass *cls = g_type_class_ref (gt); +GEnumValue *val = g_enum_get_value (cls, type); + +while (val fgets(line, sizeof line, fp)) { +int len = strlen(line); +if (len 2) +continue; +if (line[len-1] == '\n') + line[len-1] = '\0'; +char *name = line; +char *value = strchr(name, '='); +if (!value) + continue; +*value = '\0'; +value++; + if (strcmp(name,val-value_nick)) +continue; + return value; +} +fclose(fp); I'm not sure I really understand what this code is doing. You seem to be opening /etc/selinux/targetted/context/lxc_contexts and then searching for the type for LXC, QEMU or KVM. This doesn't really make sense to me. I wonder what the point of any of this code us, when the switch statement below looks to be sufficient. Well the idea is to allow other policy writers to write policy that would use different types, rather then hard code them into programs. Dominick Grift is experimenting with other types of SELinux Policy, and any time he has a hard coded type, it breaks his code. Obviously we need to move more types out of this code to make it fully functional. +} + +switch (type) { +case GVIR_CONFIG_DOMAIN_VIRT_KVM: + return system_u:system_r:svirt_qemu_net_t:s0; This should be 'svirt_kvm_net_t' otherwise you are granting the KVM process permission to use execmem execstack, which is bad from a security POV. +case GVIR_CONFIG_DOMAIN_VIRT_QEMU: +return system_u:system_r:svirt_qemu_net_t:s0; This again looks like it might have back compat problems, if we try to use this on old policy based systems. Though those hosts were already broken due to svirt_t type not allowing sufficient privileges, so perhaps its ok. +case GVIR_CONFIG_DOMAIN_VIRT_LXC: +default: +return system_u:system_r:svirt_lxc_net_t:s0; The default case should report an error - we shouldn't assume that if we add usermode linux or vmware support, that it'll want this lxc type. Ok. +} +} static gboolean gvir_sandbox_builder_construct_domain(GVirSandboxBuilder *builder, GVirSandboxConfig *config, @@ -335,17 +377,11 @@ static gboolean gvir_sandbox_builder_construct_security(GVirSandboxBuilder *buil if (gvir_sandbox_config_get_security_dynamic(config)) { gvir_config_domain_seclabel_set_type(sec, GVIR_CONFIG_DOMAIN_SECLABEL_DYNAMIC); -if (label) - gvir_config_domain_seclabel_set_baselabel(sec, label); -else if (gvir_config_domain_get_virt_type(domain) == - GVIR_CONFIG_DOMAIN_VIRT_LXC) - gvir_config_domain_seclabel_set_baselabel(sec, system_u:system_r:svirt_lxc_net_t:s0); -else if (gvir_config_domain_get_virt_type(domain) == - GVIR_CONFIG_DOMAIN_VIRT_QEMU) -
Re: [libvirt] [sandbox PATCH] virt-sandbox patch to launch containers with proper label
On Mon, Sep 30, 2013 at 08:39:35AM -0400, Daniel J Walsh wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/30/2013 08:07 AM, Daniel P. Berrange wrote: On Wed, Sep 25, 2013 at 04:50:23PM -0400, Dan Walsh wrote: virt-sandbox should be launching containers based off the lxc_context file from selinux-policy. I changed the hard coded paths to match the latest fedora assigned labels. Fedora 20 SELinux Policy and beyond will have proper SELinux labels in its lxc_contexts file. --- bin/virt-sandbox-service | 2 +- bin/virt-sandbox-service-clone.pod| 5 ++- bin/virt-sandbox-service-create.pod | 7 ++-- bin/virt-sandbox.c | 5 ++- libvirt-sandbox/libvirt-sandbox-builder.c | 58 +-- 5 files changed, 55 insertions(+), 22 deletions(-) diff --git a/bin/virt-sandbox-service b/bin/virt-sandbox-service index c4c4f54..b42fe08 100755 --- a/bin/virt-sandbox-service +++ b/bin/virt-sandbox-service @@ -101,7 +101,7 @@ def copydirtree(src, dst): class Container: DEFAULT_PATH = /var/lib/libvirt/filesystems DEFAULT_IMAGE = /var/lib/libvirt/images/%s.raw -SELINUX_FILE_TYPE = svirt_lxc_file_t +SELINUX_FILE_TYPE = svirt_sandbox_file_t This change will make it impossible to use the new release on existing distros since they won't have this new policy type. We need this to be conditionally changed. Well we could put the code into check if the type exists else use svirt_lxc_file_t. (BTW Aliased in latest code.) diff --git a/libvirt-sandbox/libvirt-sandbox-builder.c b/libvirt-sandbox/libvirt-sandbox-builder.c index 1335042..613161a 100644 --- a/libvirt-sandbox/libvirt-sandbox-builder.c +++ b/libvirt-sandbox/libvirt-sandbox-builder.c @@ -67,6 +67,48 @@ gvir_sandbox_builder_error_quark(void) { return g_quark_from_static_string(gvir-sandbox-builder); } +#include selinux/selinux.h +#include errno.h +static char line[1024]; + +static const char *get_label(int type) { +const char *path = selinux_lxc_contexts_path(); + +FILE *fp = fopen(path, r); +if (fp) { +GType gt = gvir_config_domain_virt_type_get_type (); + GEnumClass *cls = g_type_class_ref (gt); +GEnumValue *val = g_enum_get_value (cls, type); + +while (val fgets(line, sizeof line, fp)) { +int len = strlen(line); +if (len 2) +continue; +if (line[len-1] == '\n') + line[len-1] = '\0'; +char *name = line; +char *value = strchr(name, '='); +if (!value) + continue; +*value = '\0'; +value++; + if (strcmp(name,val-value_nick)) +continue; + return value; +} +fclose(fp); Your email client has completely mangled this quoted text. Please fix it to preserve line breaks / whitespace, as it makes reading the replies rather difficult. I'm not sure I really understand what this code is doing. You seem to be opening /etc/selinux/targetted/context/lxc_contexts and then searching for the type for LXC, QEMU or KVM. This doesn't really make sense to me. I wonder what the point of any of this code us, when the switch statement below looks to be sufficient. Well the idea is to allow other policy writers to write policy that would use different types, rather then hard code them into programs. Dominick Grift is experimenting with other types of SELinux Policy, and any time he has a hard coded type, it breaks his code. Obviously we need to move more types out of this code to make it fully functional. Yeah, but I'm not seeing how this /etc/selinux/targetted/context/lxc_contexts file content is working with this piece of code. With the updated policy I see $ cat /etc/selinux/targeted/contexts/lxc_contexts process = system_u:system_r:svirt_lxc_net_t:s0 file = system_u:object_r:svirt_lxc_file_t:s0 content = system_u:object_r:virt_var_lib_t:s0 so this code which is looking for 'kvm' and 'qemu' strings in that file isn't doing anything useful Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH v2] virsh-domain: Free dom before return false in cmdDump
On 09/28/13 00:02, Hongwei Bi wrote: --- tools/virsh-domain.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) ACK and will be pushed shortly. Peter signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH v2] virsh-volume: Add missing check when calling virStreamNew
On 09/29/13 11:24, Hongwei Bi wrote: Check return value of virStreamNew when called by cmdVolUpload and cmdVolDownload. --- tools/virsh-volume.c | 12 ++-- 1 files changed, 10 insertions(+), 2 deletions(-) ACK will be pushed soon. Peter signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] libvirt: hostdev SCSI AdapterId retrieval fix
On 30.09.2013 13:20, Boris Fiuczynski wrote: Fixed the retrieval of the AdapterId from the AdapterName of the hostdev source so it does return an error instead of leaving the adapter_id uninitialized. Signed-off-by: Boris Fiuczynski fiu...@linux.vnet.ibm.com Reviewed-by: Viktor Mihajlovski mihaj...@linux.vnet.ibm.com --- src/util/virscsi.c | 17 +++-- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/src/util/virscsi.c b/src/util/virscsi.c index 43658c0..7aca9e6 100644 --- a/src/util/virscsi.c +++ b/src/util/virscsi.c @@ -88,16 +88,13 @@ static int virSCSIDeviceGetAdapterId(const char *adapter, unsigned int *adapter_id) { -if (STRPREFIX(adapter, scsi_host)) { -if (virStrToLong_ui(adapter + strlen(scsi_host), -NULL, 0, adapter_id) 0) { -virReportError(VIR_ERR_INTERNAL_ERROR, - _(Cannot parse adapter '%s'), adapter); -return -1; -} -} - -return 0; +if (STRPREFIX(adapter, scsi_host) +virStrToLong_ui(adapter + strlen(scsi_host), +NULL, 0, adapter_id) == 0) +return 0; +virReportError(VIR_ERR_INTERNAL_ERROR, + _(Cannot parse adapter '%s'), adapter); +return -1; } char * ACK, but I had some difficulties applying this patch. Have you edited it before sending or did you e-mail client mangle it? The context must have exactly one space in prefix, not two. Michal -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] qemu_migrate: Fix assign the same port when migrating concurrently
On Mon, Sep 30, 2013 at 03:55:21 +, Wangyufei (A) wrote: From 6c2de34432db674072231ad66c9e8a0a600ede8a Mon Sep 17 00:00:00 2001 From: WangYufei james.wangyu...@huawei.com Date: Mon, 30 Sep 2013 11:48:43 +0800 Subject: [PATCH] qemu_migrate: Fix assign the same port when migrating concurrently When we migrate vms concurrently, there's a chance that libvirtd on destination assign the same port for different migrations, which will lead to migration failed during migration prepare phase on destination. So we use virPortAllocator here to solve the problem. ... diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index e8bc04d..9437b5a 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -688,6 +688,11 @@ qemuStateInitialize(bool privileged, cfg-webSocketPortMax)) == NULL) goto error; +if ((qemu_driver-migrationPorts = +virPortAllocatorNew(QEMU_MIGRATION_PORT_MIN, +QEMU_MIGRATION_PORT_MAX)) == NULL) +goto error; + Hmm, I guess we could make the port range configurable, but that's a separate thing. if (qemuSecurityInit(qemu_driver) 0) goto error; @@ -994,6 +999,7 @@ qemuStateCleanup(void) { virObjectUnref(qemu_driver-domains); virObjectUnref(qemu_driver-remotePorts); virObjectUnref(qemu_driver-webSocketPorts); +virObjectUnref(qemu_driver-migrationPorts); virObjectUnref(qemu_driver-xmlopt); diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c index 3a1aab7..82d90bf 100644 --- a/src/qemu/qemu_migration.c +++ b/src/qemu/qemu_migration.c ... @@ -2600,8 +2600,11 @@ qemuMigrationPrepareDirect(virQEMUDriverPtr driver, cleanup: virURIFree(uri); VIR_FREE(hostname); -if (ret != 0) +if (ret != 0) { VIR_FREE(*uri_out); +virPortAllocatorRelease(driver-migrationPorts, +(unsigned short)this_port); +} return ret; } I'm afraid we will also need to release the port once the migration is done. qemuMigrationPrepareCleanup and qemuMigrationFinish are the places where we should handle this. Jirka -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] virfile: safezero: align mmap offset to page size
On 30.09.2013 13:01, Oskari Saarenmaa wrote: mmap's offset must be aligned to page size or mapping will fail. mmap-based safezero is only used if posix_fallocate isn't available. Signed-off-by: Oskari Saarenmaa o...@ohmu.fi --- src/util/virfile.c | 14 +++--- 1 file changed, 11 insertions(+), 3 deletions(-) ACK and safe for 1.1.3 so I've pushed this. Michal -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH v3 1/2] Introduce Libvirt Wireshark dissector
On 30.09.2013 14:15, Yuto KAWAMURA(kawamuray) wrote: From: Yuto KAWAMURA(kawamuray) kawamuray.dad...@gmail.com Introduce Wireshark dissector plugin which adds support to Wireshark for dissecting libvirt RPC protocol. Added following files to build Wireshark dissector from libvirt source tree. * tools/wireshark/*: Source tree of Wireshark dissector plugin. Added followings to configure.ac or Makefile.am. configure.ac * --with-wireshark-dissector: Enable support for building Wireshark dissector. * --with-ws-plugindir: Specify wireshark plugin directory that dissector will installed. * Added tools/wireshark/{Makefile,src/Makefile} to AC_CONFIG_FILES. Makefile.am * Added tools/wireshark/ to SUBDIR. --- Makefile.am |3 +- cfg.mk |8 +- configure.ac| 72 ++- tools/wireshark/Makefile.am | 29 + tools/wireshark/README.md | 31 + tools/wireshark/src/.gitignore |4 + tools/wireshark/src/Makefile.am | 42 ++ tools/wireshark/src/packet-libvirt.c| 512 tools/wireshark/src/packet-libvirt.h| 128 tools/wireshark/util/genxdrstub.pl | 1009 +++ tools/wireshark/util/make-dissector-reg | 198 ++ 11 files changed, 2030 insertions(+), 6 deletions(-) create mode 100644 tools/wireshark/Makefile.am create mode 100644 tools/wireshark/README.md create mode 100644 tools/wireshark/src/.gitignore create mode 100644 tools/wireshark/src/Makefile.am create mode 100644 tools/wireshark/src/packet-libvirt.c create mode 100644 tools/wireshark/src/packet-libvirt.h create mode 100755 tools/wireshark/util/genxdrstub.pl create mode 100755 tools/wireshark/util/make-dissector-reg I think we want tools/wireshark/src/.gitignore merged to global $(srcdir)/.gitignore. Moreover, I've noticed a strange behavior when dissecting some strings. Try to dissect an opening sequence. The client calls CONNECT_OPEN function with 2 arguments: libvirt.remote_connect_open_args.name libvirt.remote_connect_open_args.flags While @flags are correctly dissected, the @name isn't. For example, while executing virsh -c qemu+tcp:///system list I got this: 00 00 00 38 20 00 80 86 00 00 00 01 00 00 00 01 ...8 ... 0010 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 01 0020 00 00 00 0e 71 65 6d 75 3a 2f 2f 2f 73 79 73 74 qemu:///syst 0030 65 6d 00 00 00 00 00 00 em.. where the @name is at 0x1c-10x1f and @flags at 0x20-0x24. However, some strings are still dissected correctly And when running 'virsh domfstrim $dom' I've encountered: [Dissector bug, protocol libvirt: proto.c:2541: failed assertion hfinfo-type == FT_STRING || hfinfo-type == FT_STRINGZ] Besides this I like this approach the most and once you solve the string dissecting bugs I will give you my ACK. Michal -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] error: server response too large
Hi. When trying to do a screenshot of a remote domain connected via qemu+tcp (for testing purposes only), I receive this error: -- virsh -c qemu+tcp://dev/system Welcome to virsh, the virtualization interactive terminal. Type: 'help' for help with commands 'quit' to quit virsh # version Compiled against library: libvir 0.9.8 Using library: libvir 0.9.8 Using API: QEMU 0.9.8 Running hypervisor: QEMU 1.5.1 virsh # screenshot 2 /tmp/screendump error: could not receive data from domain 2 error: packet 1048600 bytes received from server too large, want 262144 virsh # 2013-09-30 14:47:05.158+: 21646: info : libvirt version: 0.9.8 2013-09-30 14:47:05.158+: 21646: warning : virNetClientIncomingEvent:1660 : Something went wrong during async message processing -- I'm using Ubuntu LTS 12.04.3, latest version in the repo which is 0.9.8-2ubuntu17.13. On the server side, I'm using a self-compiled libvirt from git master. On the server, I receive: 2013-09-30 14:41:10.075+: 1203: info : libvirt version: 1.1.2 2013-09-30 14:41:10.075+: 1203: error : virNetSocketWriteWire:1446 : Cannot write data: Connection reset by peer 2013-09-30 14:41:10.077+: 1203: error : virFDStreamCloseInt:315 : internal error: I/O helper exited abnormally 2013-09-30 14:41:10.078+: 1203: error : virFDStreamUpdateCallback:133 : internal error: stream is not open I've uploaded the logs produced with LIBVIRT_DEBUG=1 to sendspace: http://www.sendspace.com/file/tevueo (libvirtd.log.gz) [1MB] http://www.sendspace.com/file/rdpmrh (virsh.log.gz) [5KB] When using a non-async virStream with client library version 1.1.2, it works OK. Is this a bug in libvirt 0.9.8 or is this a regression in = 1.1.2? I started to git bisect but ran out of time, I'm out of office till next week. Any help would be great. Thanks. Claudio -- AV-Test GmbH, Henricistraße 20, 04155 Leipzig, Germany Phone: +49 341 265 310 19 Web:http://www.av-test.org Eingetragen am / Registered at: Amtsgericht Stendal (HRB 114076) Geschaeftsfuehrer (CEO): Andreas Marx, Guido Habicht, Maik Morgenstern -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH v2] virsh-volume: Add missing check when calling virStreamNew
2013/9/30 Peter Krempa pkre...@redhat.com: On 09/29/13 11:24, Hongwei Bi wrote: Check return value of virStreamNew when called by cmdVolUpload and cmdVolDownload. --- tools/virsh-volume.c | 12 ++-- 1 files changed, 10 insertions(+), 2 deletions(-) ACK will be pushed soon. Peter Pushed; Thanks. -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH v2] virsh-domain: Free dom before return false in cmdDump
2013/9/30 Peter Krempa pkre...@redhat.com: On 09/28/13 00:02, Hongwei Bi wrote: --- tools/virsh-domain.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) ACK and will be pushed shortly. Peter Pushed; Thanks. -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH] LXC: workaround machined uncleaned data with containers running systemd.
The problem is described by [0] but its effect on libvirt is that starting a container with a full distro running systemd after having stopped it simply fails. The container cleanup now calls the machined Terminate function to make sure that everything is in order for the next run. [0]: https://bugs.freedesktop.org/show_bug.cgi?id=68370 --- src/libvirt_private.syms | 2 ++ src/lxc/lxc_process.c| 8 + src/util/virsystemd.c| 80 +--- src/util/virsystemd.h| 8 + tests/virsystemdtest.c | 28 + 6 files changed, 117 insertions(+), 12 deletions(-) 2nd version: * Removed the Makefile hack and added symbols to libvirt_private.syms instead * Added virSystemdMakeMachineName to factorize some code in Make and Terminate machine systemd functions. * Added tests for TerminateMachine and TerminateContainer cases. diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 48e4b04..4bc4d69 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -1947,8 +1947,10 @@ virSysinfoSetup; # util/virsystemd.h virSystemdCreateMachine; +virSystemdMakeMachineName; virSystemdMakeScopeName; virSystemdMakeSliceName; +virSystemdTerminateMachine; # util/virthread.h diff --git a/src/lxc/lxc_process.c b/src/lxc/lxc_process.c index 4835bd5..f92c613 100644 --- a/src/lxc/lxc_process.c +++ b/src/lxc/lxc_process.c @@ -50,6 +50,7 @@ #include virstring.h #include viratomic.h #include virprocess.h +#include virsystemd.h #define VIR_FROM_THIS VIR_FROM_LXC @@ -210,6 +211,13 @@ static void virLXCProcessCleanup(virLXCDriverPtr driver, virCgroupFree(priv-cgroup); } +/* Get machined to terminate the machine as it may not have cleaned it + * properly. See https://bugs.freedesktop.org/show_bug.cgi?id=68370 for + * the bug we are working around here. + */ +virSystemdTerminateMachine(vm-def-name, lxc, true); + + /* now that we know it's stopped call the hook if present */ if (virHookPresent(VIR_HOOK_DRIVER_LXC)) { char *xml = virDomainDefFormat(vm-def, 0); diff --git a/src/util/virsystemd.c b/src/util/virsystemd.c index e72b7f0..1ba37cc 100644 --- a/src/util/virsystemd.c +++ b/src/util/virsystemd.c @@ -116,6 +116,27 @@ char *virSystemdMakeSliceName(const char *partition) return virBufferContentAndReset(buf); } +char *virSystemdMakeMachineName(const char *name, +const char *drivername, +bool privileged) +{ +char *machinename = NULL; +char *username = NULL; +if (privileged) { +if (virAsprintf(machinename, %s-%s, drivername, name) 0) +goto cleanup; +} else { +if (!(username = virGetUserName(geteuid( +goto cleanup; +if (virAsprintf(machinename, %s-%s-%s, username, drivername, name) 0) +goto cleanup; +} + +cleanup: +VIR_FREE(username); + +return machinename; +} /** * virSystemdCreateMachine: @@ -142,7 +163,6 @@ int virSystemdCreateMachine(const char *name, DBusConnection *conn; char *machinename = NULL; char *creatorname = NULL; -char *username = NULL; char *slicename = NULL; ret = virDBusIsServiceEnabled(org.freedesktop.machine1); @@ -152,15 +172,8 @@ int virSystemdCreateMachine(const char *name, conn = virDBusGetSystemBus(); ret = -1; -if (privileged) { -if (virAsprintf(machinename, %s-%s, drivername, name) 0) -goto cleanup; -} else { -if (!(username = virGetUserName(geteuid( -goto cleanup; -if (virAsprintf(machinename, %s-%s-%s, username, drivername, name) 0) -goto cleanup; -} +if (!(machinename = virSystemdMakeMachineName(name, drivername, privileged))) +goto cleanup; if (virAsprintf(creatorname, libvirt-%s, drivername) 0) goto cleanup; @@ -236,9 +249,54 @@ int virSystemdCreateMachine(const char *name, ret = 0; cleanup: -VIR_FREE(username); VIR_FREE(creatorname); VIR_FREE(machinename); VIR_FREE(slicename); return ret; } + +int virSystemdTerminateMachine(const char *name, + const char *drivername, + bool privileged) +{ +int ret; +DBusConnection *conn; +char *machinename = NULL; + +ret = virDBusIsServiceEnabled(org.freedesktop.machine1); +if (ret 0) +return ret; + +conn = virDBusGetSystemBus(); + +ret = -1; +if (!(machinename = virSystemdMakeMachineName(name, drivername, privileged))) +goto cleanup; + +/* + * The systemd DBus API we're invoking has the + * following signature + * + * TerminateMachine(in s name); + * + * @name a host unique name for the machine. shows up + * in 'ps' listing similar + */ + +VIR_DEBUG(Attempting to terminate machine via systemd); +if
Re: [libvirt] error: server response too large
On 30.09.2013 17:02, Claudio Bley wrote: Hi. When trying to do a screenshot of a remote domain connected via qemu+tcp (for testing purposes only), I receive this error: -- virsh -c qemu+tcp://dev/system Welcome to virsh, the virtualization interactive terminal. Type: 'help' for help with commands 'quit' to quit virsh # version Compiled against library: libvir 0.9.8 Using library: libvir 0.9.8 Using API: QEMU 0.9.8 Running hypervisor: QEMU 1.5.1 virsh # screenshot 2 /tmp/screendump error: could not receive data from domain 2 error: packet 1048600 bytes received from server too large, want 262144 virsh # 2013-09-30 14:47:05.158+: 21646: info : libvirt version: 0.9.8 2013-09-30 14:47:05.158+: 21646: warning : virNetClientIncomingEvent:1660 : Something went wrong during async message processing -- I'm using Ubuntu LTS 12.04.3, latest version in the repo which is 0.9.8-2ubuntu17.13. This works as expected. 0.9.8 still had a small buffer for RPC messages. It's since 0.9.13 release that we've switched to dynamically allocated buffer and hence could size up the limit for incoming data. Update the client and problem will just go away. Michal -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] error: server response too large
On Mon, Sep 30, 2013 at 05:23:33PM +0200, Michal Privoznik wrote: On 30.09.2013 17:02, Claudio Bley wrote: Hi. When trying to do a screenshot of a remote domain connected via qemu+tcp (for testing purposes only), I receive this error: -- virsh -c qemu+tcp://dev/system Welcome to virsh, the virtualization interactive terminal. Type: 'help' for help with commands 'quit' to quit virsh # version Compiled against library: libvir 0.9.8 Using library: libvir 0.9.8 Using API: QEMU 0.9.8 Running hypervisor: QEMU 1.5.1 virsh # screenshot 2 /tmp/screendump error: could not receive data from domain 2 error: packet 1048600 bytes received from server too large, want 262144 virsh # 2013-09-30 14:47:05.158+: 21646: info : libvirt version: 0.9.8 2013-09-30 14:47:05.158+: 21646: warning : virNetClientIncomingEvent:1660 : Something went wrong during async message processing -- I'm using Ubuntu LTS 12.04.3, latest version in the repo which is 0.9.8-2ubuntu17.13. This works as expected. 0.9.8 still had a small buffer for RPC messages. It's since 0.9.13 release that we've switched to dynamically allocated buffer and hence could size up the limit for incoming data. Update the client and problem will just go away. Actually that is not working as expected. The old client should *always* be able to talk to a new server. If the new server is unconditionally sending back data that is too large for the client, this is a bug. Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] error: server response too large
On 09/30/2013 05:24 PM, Daniel P. Berrange wrote: 0.9.8-2ubuntu17.13. This works as expected. 0.9.8 still had a small buffer for RPC messages. It's since 0.9.13 release that we've switched to dynamically allocated buffer and hence could size up the limit for incoming data. Update the client and problem will just go away. Actually that is not working as expected. The old client should *always* be able to talk to a new server. If the new server is unconditionally sending back data that is too large for the client, this is a bug. True, however I don't see how to fix it for past versions, specifically we can't go back to the small buffers again. For a proper solution client and server would need to advertise their respective maximum buffer sizes (or know it by the version number) and restrict themselves to using the lower number. -- Mit freundlichen Grüßen/Kind Regards Viktor Mihajlovski IBM Deutschland Research Development GmbH Vorsitzender des Aufsichtsrats: Martina Köderitz Geschäftsführung: Dirk Wittkopp Sitz der Gesellschaft: Böblingen Registergericht: Amtsgericht Stuttgart, HRB 243294 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] LXC: workaround machined uncleaned data with containers running systemd.
On Mon, Sep 30, 2013 at 04:46:29PM +0200, Cédric Bosdonnat wrote: The problem is described by [0] but its effect on libvirt is that starting a container with a full distro running systemd after having stopped it simply fails. The container cleanup now calls the machined Terminate function to make sure that everything is in order for the next run. [0]: https://bugs.freedesktop.org/show_bug.cgi?id=68370 --- src/libvirt_private.syms | 2 ++ src/lxc/lxc_process.c| 8 + src/util/virsystemd.c| 80 +--- src/util/virsystemd.h| 8 + tests/virsystemdtest.c | 28 + 6 files changed, 117 insertions(+), 12 deletions(-) 2nd version: * Removed the Makefile hack and added symbols to libvirt_private.syms instead * Added virSystemdMakeMachineName to factorize some code in Make and Terminate machine systemd functions. * Added tests for TerminateMachine and TerminateContainer cases ACK and pushed since this is a critical fix for systemd hosts. Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] struct random on FreeBSD [was: FreeBSD-8.3 build failure for amd64/i386, build archive included]
On Sat, Sep 28, 2013 at 4:36 PM, Eric Blake ebl...@redhat.com wrote: On 09/27/2013 01:01 PM, Jason Helfman wrote: On Fri, Sep 27, 2013 at 4:57 AM, Eric Blake ebl...@redhat.com wrote: On 09/27/2013 01:35 AM, Michal Privoznik wrote: make[3]: Entering directory `/home/zippy/work/tmp/a/libvirt-1.1.2/gnulib/lib' CC allocator.lo In file included from allocator.c:4:0: ./stdlib.h:76:8: error: redefinition of 'struct random_data' struct random_data ^ In file included from ./stdlib.h:36:0, from allocator.c:4: /usr/include/stdlib.h:349:8: note: originally defined here struct random_data ^ Can you show me the config.log output related to detecting whether 'struct random_data' exists? Is this a case of circular header inclusion on FreeBSD (that is, does sys/types.h try to recursively include stdlib.h to pick up the struct?) Should be available here: http://people.freebsd.org/~jgh/files/libvirt_83amd64.tar.xz Thanks; looking through that, I see: configure:31404: checking for struct random_data configure:31404: cc -std=gnu99 -c -O2 -pipe -fno-strict-aliasing -D_THREAD_SAFE -D_THREAD_SAFE conftest.c 5 conftest.c: In function 'main': conftest.c:346: error: invalid application of 'sizeof' to incomplete type 'struct random_data' ... | #include stdlib.h | #if HAVE_RANDOM_H | # include random.h | #endif | | | int | main () | { | if (sizeof (struct random_data)) So, what has to be included prior to stdlib.h for the forward declaration of struct random_data in that header to no longer be an incomplete type? Can you grep your system headers and find what all mentions struct random_data? In looking through our 8.4 Branch, here are the results of digging the tree: crypto/openssh/pkcs11.h: unsigned char *random_data, crypto/heimdal/lib/hx509/ref/pkcs11.h: unsigned char *random_data, crypto/heimdal/lib/hx509/hxtool.c:random_data(void *opt, int argc, char **argv) sys/netinet/sctp_output.c: SCTP_READ_RANDOM(randp-random_data, random_len); sys/netinet/sctp_header.h: uint8_t random_data[]; Per another developer at FreeBSD, it seems to be a bug in 8.x branch and picking up something it shouldn't and was fixed by adding this to the configure environment: ac_cv_type_struct_random_data= http://redports.org/~jgh/20130930154500-61365-148605/libvirt-1.1.2.log However the build still fails, but looks to be a more standard failure. Any more ideas on this? -jgh -- Jason Helfman | FreeBSD Committer j...@freebsd.org | http://people.freebsd.org/~jgh | The Power to Serve -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 1/6] kvm: Add KVM_GET_EMULATED_CPUID
On Sat, Sep 28, 2013 at 12:49:04PM +0200, Borislav Petkov wrote: On Fri, Sep 27, 2013 at 11:21:34AM -0300, Eduardo Habkost wrote: The problem here is that requested_features doesn't include just the explicit +flag flags, but any flag included in the CPU model definition. See the -cpu n270 example below. Oh, you mean if requested_features would contain a flag included from the CPU model definition - a flag which we haven't requested explicitly - and if kvm emulates that flag, then it will get enabled? Exactly. The code needs to filter/check all feature bits on the CPU, not just the ones requested explicitly in the command-line. [...] [1] Maybe one source of confusion is that the existing code have two feature-filtering functions doing basically the same thing: filter_features_for_kvm() and kvm_check_features_against_host(). That's Yes, and the first gets executed unconditionally and does the feature filtering, right after the second has run in the kvm_enabled() branch. This should be fixed, too: eventually enforce should work on TCG mode as well. something we must clean up, and they should be unified. enforce should become synonymous to make sure filtered_features is all zeroes. This way, libvirt can emulate what 'enforce does while being able to collect detailed error information (which is not easy to do if QEMU simply aborts). Ok, maybe someone who's more knowledgeable with this code should do it - not me :) I have added it to my TODO-list. :-) Also, there's another aspect, while we're here: now that QEMU emulates MOVBE with TCG too, how do we specify on the command line, which emulation should be used - kvm.ko or QEMU? You can use accel={tcg,kvm} option on the -machine argument, e.g. -machine pc,accel=kvm. Or the -enable-kvm option. -- Eduardo -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 1/6] kvm: Add KVM_GET_EMULATED_CPUID
On Mon, Sep 30, 2013 at 01:13:34PM -0300, Eduardo Habkost wrote: I have added it to my TODO-list. :-) Cool, thanks. Let me know if I can test stuff and help out somehow. Also, there's another aspect, while we're here: now that QEMU emulates MOVBE with TCG too, how do we specify on the command line, which emulation should be used - kvm.ko or QEMU? You can use accel={tcg,kvm} option on the -machine argument, e.g. -machine pc,accel=kvm. Or the -enable-kvm option. Ah, ok. Thanks. -- Regards/Gruss, Boris. Sent from a fat crate under my desk. Formatting is fine. -- -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH] Fix max stream packet size for old clients
From: Daniel P. Berrange berra...@redhat.com The libvirtd server pushes data out to clients. It does not know what protocol version the client might have, so must be conservative and use the old payload limits. ie send no more than 256kb of data per packet. Signed-off-by: Daniel P. Berrange berra...@redhat.com --- daemon/stream.c | 2 +- src/rpc/virnetprotocol.x | 7 +++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/daemon/stream.c b/daemon/stream.c index 87dfaf5..9e36e8a 100644 --- a/daemon/stream.c +++ b/daemon/stream.c @@ -708,7 +708,7 @@ daemonStreamHandleRead(virNetServerClientPtr client, daemonClientStream *stream) { char *buffer; -size_t bufferLen = VIR_NET_MESSAGE_PAYLOAD_MAX; +size_t bufferLen = VIR_NET_MESSAGE_LEGACY_PAYLOAD_MAX; int ret; VIR_DEBUG(client=%p, stream=%p tx=%d closed=%d, diff --git a/src/rpc/virnetprotocol.x b/src/rpc/virnetprotocol.x index 131e40b..1eae7cb 100644 --- a/src/rpc/virnetprotocol.x +++ b/src/rpc/virnetprotocol.x @@ -50,6 +50,13 @@ */ const VIR_NET_MESSAGE_INITIAL = 65536; +/* + * Until we enlarged the message buffers, this was the max + * payload size. We need to remember this for compat with + * old clients. + */ +const VIR_NET_MESSAGE_LEGACY_PAYLOAD_MAX = 262144; + /* Maximum total message size (serialised). */ const VIR_NET_MESSAGE_MAX = 16777216; -- 1.8.3.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] Fix max stream packet size for old clients
On 30.09.2013 18:29, Daniel P. Berrange wrote: From: Daniel P. Berrange berra...@redhat.com The libvirtd server pushes data out to clients. It does not know what protocol version the client might have, so must be conservative and use the old payload limits. ie send no more than 256kb of data per packet. Signed-off-by: Daniel P. Berrange berra...@redhat.com --- daemon/stream.c | 2 +- src/rpc/virnetprotocol.x | 7 +++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/daemon/stream.c b/daemon/stream.c index 87dfaf5..9e36e8a 100644 --- a/daemon/stream.c +++ b/daemon/stream.c @@ -708,7 +708,7 @@ daemonStreamHandleRead(virNetServerClientPtr client, daemonClientStream *stream) { char *buffer; -size_t bufferLen = VIR_NET_MESSAGE_PAYLOAD_MAX; +size_t bufferLen = VIR_NET_MESSAGE_LEGACY_PAYLOAD_MAX; int ret; VIR_DEBUG(client=%p, stream=%p tx=%d closed=%d, diff --git a/src/rpc/virnetprotocol.x b/src/rpc/virnetprotocol.x index 131e40b..1eae7cb 100644 --- a/src/rpc/virnetprotocol.x +++ b/src/rpc/virnetprotocol.x @@ -50,6 +50,13 @@ */ const VIR_NET_MESSAGE_INITIAL = 65536; +/* + * Until we enlarged the message buffers, this was the max + * payload size. We need to remember this for compat with + * old clients. + */ +const VIR_NET_MESSAGE_LEGACY_PAYLOAD_MAX = 262144; + /* Maximum total message size (serialised). */ const VIR_NET_MESSAGE_MAX = 16777216; ACK and worth pushing into maint branches from 0.10.2 on. Michal -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH] storage: fix file allocation behavior in file cloning
Fixed the safezero call for allocating the rest of the file after cloning an existing volume; it used to always use a zero offset, causing it to only allocate the beginning of the file. Also modified file creation to try to use fallocate(2) to pre-allocate disk space before copying any data to make sure it fails early on if disk is full and makes sure we can skip zero blocks when copying file contents. If fallocate isn't available we will zero out the rest of the file after cloning and only use sparse cloning if client requested a lower allocation than the input volume's capacity. Signed-off-by: Oskari Saarenmaa o...@ohmu.fi --- the safezero mmap issue fixed in my previous patch never showed up because all safezero calls previously had 0 offset (or maybe everyone's using posix_fallocate) configure.ac | 8 src/storage/storage_backend.c | 35 ++- 2 files changed, 34 insertions(+), 9 deletions(-) diff --git a/configure.ac b/configure.ac index 553015a..220d95b 100644 --- a/configure.ac +++ b/configure.ac @@ -253,10 +253,10 @@ AC_CHECK_SIZEOF([long]) dnl Availability of various common functions (non-fatal if missing), dnl and various less common threadsafe functions -AC_CHECK_FUNCS_ONCE([cfmakeraw geteuid getgid getgrnam_r getmntent_r \ - getpwuid_r getuid kill mmap newlocale posix_fallocate posix_memalign \ - prlimit regexec sched_getaffinity setgroups setns setrlimit symlink \ - sysctlbyname]) +AC_CHECK_FUNCS_ONCE([cfmakeraw fallocate geteuid getgid getgrnam_r \ + getmntent_r getpwuid_r getuid kill mmap newlocale posix_fallocate \ + posix_memalign prlimit regexec sched_getaffinity setgroups setns \ + setrlimit symlink sysctlbyname]) dnl Availability of pthread functions (if missing, win32 threading is dnl assumed). Because of $LIB_PTHREAD, we cannot use AC_CHECK_FUNCS_ONCE. diff --git a/src/storage/storage_backend.c b/src/storage/storage_backend.c index b7edf85..5f1bc66 100644 --- a/src/storage/storage_backend.c +++ b/src/storage/storage_backend.c @@ -129,7 +129,7 @@ virStorageBackendCopyToFD(virStorageVolDefPtr vol, virStorageVolDefPtr inputvol, int fd, unsigned long long *total, - int is_dest_file) + int want_sparse) { int inputfd = -1; int amtread = -1; @@ -191,7 +191,7 @@ virStorageBackendCopyToFD(virStorageVolDefPtr vol, interval = ((wbytes amtleft) ? amtleft : wbytes); int offset = amtread - amtleft; -if (is_dest_file memcmp(buf+offset, zerobuf, interval) == 0) { +if (want_sparse memcmp(buf+offset, zerobuf, interval) == 0) { if (lseek(fd, interval, SEEK_CUR) 0) { ret = -errno; virReportSystemError(errno, @@ -315,6 +315,7 @@ static int createRawFile(int fd, virStorageVolDefPtr vol, virStorageVolDefPtr inputvol) { +int need_alloc = 1; int ret = 0; unsigned long long remain; @@ -328,17 +329,41 @@ createRawFile(int fd, virStorageVolDefPtr vol, goto cleanup; } +#ifdef HAVE_FALLOCATE +/* Try to preallocate all requested disk space, but fall back to + * other methods if this fails with ENOSYS or EOPNOTSUPP. + * NOTE: do not use posix_fallocate; posix_fallocate falls back + * to writing zeroes block by block in case fallocate isn't + * available, and since we're going to copy data from another + * file it doesn't make sense to write the file twice. */ +if (fallocate(fd, 0, 0, vol-allocation) == 0) { +need_alloc = 0; +} else if (errno != ENOSYS errno != EOPNOTSUPP) { +ret = -errno; +virReportSystemError(errno, + _(cannot allocate %llu bytes in file '%s'), + vol-allocation, vol-target.path); +goto cleanup; +} +#endif + remain = vol-allocation; if (inputvol) { -ret = virStorageBackendCopyToFD(vol, inputvol, fd, remain, 1); +/* allow zero blocks to be skipped if we've requested sparse + * allocation (allocation capacity) or we have already + * been able to allocate the required space. */ +int want_sparse = (need_alloc == 0) || + (vol-allocation inputvol-capacity); + +ret = virStorageBackendCopyToFD(vol, inputvol, fd, remain, want_sparse); if (ret 0) { goto cleanup; } } -if (remain) { -if (safezero(fd, 0, remain) 0) { +if (remain need_alloc) { +if (safezero(fd, vol-allocation - remain, remain) 0) { ret = -errno; virReportSystemError(errno, _(cannot fill file '%s'), vol-target.path); -- 1.8.3.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] struct random on FreeBSD [was: FreeBSD-8.3 build failure for amd64/i386, build archive included]
On 09/30/13 09:09, Jason Helfman wrote: http://redports.org/~jgh/20130930154500-61365-148605/libvirt-1.1.2.log http://redports.org/%7Ejgh/20130930154500-61365-148605/libvirt-1.1.2.log However the build still fails, but looks to be a more standard failure internal compiler error: Segmentation fault is a standard failure? I dunno, perhaps you have a bad development host, or perhaps you're just living so far over the bleeding edge that even gnulib can't save you. -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] struct random on FreeBSD [was: FreeBSD-8.3 build failure for amd64/i386, build archive included]
On 09/30/2013 10:09 AM, Jason Helfman wrote: So, what has to be included prior to stdlib.h for the forward declaration of struct random_data in that header to no longer be an incomplete type? Can you grep your system headers and find what all mentions struct random_data? In looking through our 8.4 Branch, here are the results of digging the tree: crypto/openssh/pkcs11.h: unsigned char *random_data, crypto/heimdal/lib/hx509/ref/pkcs11.h: unsigned char *random_data, crypto/heimdal/lib/hx509/hxtool.c:random_data(void *opt, int argc, char **argv) sys/netinet/sctp_output.c: SCTP_READ_RANDOM(randp-random_data, random_len); Not relevant. sys/netinet/sctp_header.h: uint8_t random_data[]; Maybe relevant. Can this header be picked up by some include sequence of standard-only headers, such that using stdlib.h in isolation doesn't have a problem, but stdlib.h in combination with this header causes the problem? Per another developer at FreeBSD, it seems to be a bug in 8.x branch and picking up something it shouldn't and was fixed by adding this to the configure environment: ac_cv_type_struct_random_data= Generally, Autoconf wants you to use 'ac_cv_type_struct_random_data=no', not blank. I don't know if using 'no' instead of a blank would resolve the compiler core dump you hit. Is there a mail archive where you were discussing this with the FreeBSD developers? http://redports.org/~jgh/20130930154500-61365-148605/libvirt-1.1.2.log Also, this build was on FreeBSD 8.4, although you reported the problem against FreeBSD 8.3. Let's get it resolved on one platform before bouncing around to another (at the moment, I only have a FreeBSD 8.2 environment for my own testing, so I'm not much help at the moment). -- Eric Blake eblake redhat com+1-919-301-3266 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] tests: Introduce qemucapabilitiestest
On 09/27/2013 04:25 AM, Michal Privoznik wrote: This test is there to ensure that our capabilities detection code isn't broken somehow. How to gather test data: Firstly, the data is split into two separate files. The former (with suffix .replies) contains all the qemu replies. This is very fragile as introducing a new device can mean yet another monitor command and hence edit of this file in the future. But there's no better way of doing this. To get this data simply turn on debug logs and copy all the QEMU_MONITOR_IO_PROCESS lines. But be careful to not copy incomplete ones (yeah, we report some incomplete lines too). Long story short, at the libvirtd startup, a dummy qemu is spawn to get all the capabilities. The latter (with suffix .caps) contains capabilities XML. Just start a domain and copy the corresponding part from its state XML file. Including qemuCaps tag. Signed-off-by: Michal Privoznik mpriv...@redhat.com --- .gitignore |1 + tests/Makefile.am | 12 +- tests/qemucapabilitiesdata/caps_1.5.3-1.caps| 133 ++ tests/qemucapabilitiesdata/caps_1.5.3-1.replies | 2519 +++ tests/qemucapabilitiestest.c| 241 +++ 5 files changed, 2904 insertions(+), 2 deletions(-) create mode 100644 tests/qemucapabilitiesdata/caps_1.5.3-1.caps create mode 100644 tests/qemucapabilitiesdata/caps_1.5.3-1.replies create mode 100644 tests/qemucapabilitiestest.c +static qemuMonitorTestPtr +testQemuFeedMonitor(char *replies, +virDomainXMLOptionPtr xmlopt) +{ +qemuMonitorTestPtr test = NULL; +char *tmp = replies; +char *singleReply = tmp; + +/* Our JSON parser expects replies to be separated by a newline character. + * Hence we must preprocess the file a bit. */ +while ((tmp = strchr(tmp, '\n'))) { +/* It is safe to touch (tmp + 1) since all strings ends with '\0'. */ +bool eof = *(tmp + 1) == '\0'; More compact as: bool eof = !tmp[1]; but that's not worth a respin :) ACK - as this just touches the testsuite, I'm fine with including it in 1.1.3 rather than waiting. -- Eric Blake eblake redhat com+1-919-301-3266 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] struct random on FreeBSD [was: FreeBSD-8.3 build failure for amd64/i386, build archive included]
On Mon, Sep 30, 2013 at 11:50 AM, Eric Blake ebl...@redhat.com wrote: On 09/30/2013 10:09 AM, Jason Helfman wrote: So, what has to be included prior to stdlib.h for the forward declaration of struct random_data in that header to no longer be an incomplete type? Can you grep your system headers and find what all mentions struct random_data? In looking through our 8.4 Branch, here are the results of digging the tree: crypto/openssh/pkcs11.h: unsigned char *random_data, crypto/heimdal/lib/hx509/ref/pkcs11.h: unsigned char *random_data, crypto/heimdal/lib/hx509/hxtool.c:random_data(void *opt, int argc, char **argv) sys/netinet/sctp_output.c: SCTP_READ_RANDOM(randp-random_data, random_len); Not relevant. sys/netinet/sctp_header.h: uint8_t random_data[]; Maybe relevant. Can this header be picked up by some include sequence of standard-only headers, such that using stdlib.h in isolation doesn't have a problem, but stdlib.h in combination with this header causes the problem? Per another developer at FreeBSD, it seems to be a bug in 8.x branch and picking up something it shouldn't and was fixed by adding this to the configure environment: ac_cv_type_struct_random_data= Generally, Autoconf wants you to use 'ac_cv_type_struct_random_data=no', not blank. I don't know if using 'no' instead of a blank would resolve the compiler core dump you hit. Is there a mail archive where you were discussing this with the FreeBSD developers? http://redports.org/~jgh/20130930154500-61365-148605/libvirt-1.1.2.log Also, this build was on FreeBSD 8.4, although you reported the problem against FreeBSD 8.3. Let's get it resolved on one platform before bouncing around to another (at the moment, I only have a FreeBSD 8.2 environment for my own testing, so I'm not much help at the moment). -- Eric Blake eblake redhat com+1-919-301-3266 Libvirt virtualization library http://libvirt.org It all uses the same branch of code, so it won't matter what version while you are still in 8.x, unless you are running 8.x STABLE, and not a RELEASE based branch. In working with a fellow developer, this came down to gcc bugs that were addressed in later versions of FreeBSD, but was not merged from CURRENT branch to 8.x. Here is a link to the fix that I will be committing at some point today. http://people.freebsd.org/~jgh/files/libvirt-84fix.diff Here are all the buildlogs, as well: http://redports.org/buildarchive/20130930180500-15801/ -jgh -- Jason Helfman | FreeBSD Committer j...@freebsd.org | http://people.freebsd.org/~jgh | The Power to Serve -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH v2]lxc: do cleanup when failed to bind fs as read-only
On 09/30/2013 03:06 AM, Chen Hanxiao wrote: From: Chen Hanxiao chenhanx...@cn.fujitsu.com We forgot to do cleanup when lxcContainerMountFSTmpfs failed to bind fs as read-only. v2: fix an indentation issue Signed-off-by: Chen Hanxiao chenhanx...@cn.fujitsu.com --- src/lxc/lxc_container.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c index c60f5d8..b1f429c 100644 --- a/src/lxc/lxc_container.c +++ b/src/lxc/lxc_container.c @@ -1451,6 +1451,7 @@ static int lxcContainerMountFSTmpfs(virDomainFSDefPtr fs, virReportSystemError(errno, _(Failed to make directory %s readonly), fs-dst); +goto cleanup; ACK and pushed. -- Eric Blake eblake redhat com+1-919-301-3266 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH v2]lxc: do cleanup when failed to bind fs as read-only
On 09/30/2013 01:29 PM, Eric Blake wrote: On 09/30/2013 03:06 AM, Chen Hanxiao wrote: From: Chen Hanxiao chenhanx...@cn.fujitsu.com We forgot to do cleanup when lxcContainerMountFSTmpfs failed to bind fs as read-only. v2: fix an indentation issue Oh, and a side note. Patch changelogs, such as this paragraph... Signed-off-by: Chen Hanxiao chenhanx...@cn.fujitsu.com --- ...belong here, after the ---, so that 'git am' won't make them part of the permanent git history. They're highly useful to reviewers, but not so much when revisiting the code a year from now when we don't care how many iterations it took to get to a final patch. ACK and pushed. so I amended before actually pushing. -- Eric Blake eblake redhat com+1-919-301-3266 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH] VMware: Add Fusion version test
This adds a test for the version string of VMware Fusion. --- Not sure how but this was dropped from my series adding VMware Fusion that was added prior to 1.1.3-rc2. This should be safe for 1.1.3 and probably encouraged --- tests/vmwareverdata/fusion-5.0.3.txt | 3 +++ tests/vmwarevertest.c| 1 + 2 files changed, 4 insertions(+) create mode 100644 tests/vmwareverdata/fusion-5.0.3.txt diff --git a/tests/vmwareverdata/fusion-5.0.3.txt b/tests/vmwareverdata/fusion-5.0.3.txt new file mode 100644 index 000..9fae811 --- /dev/null +++ b/tests/vmwareverdata/fusion-5.0.3.txt @@ -0,0 +1,3 @@ + +VMware Fusion Information: +VMware Fusion 5.0.3 build-1040386 Release diff --git a/tests/vmwarevertest.c b/tests/vmwarevertest.c index f5ccb06..47c250c 100644 --- a/tests/vmwarevertest.c +++ b/tests/vmwarevertest.c @@ -88,6 +88,7 @@ mymain(void) } while (0) DO_TEST(ws, workstation-7.0.0, 700); +DO_TEST(fusion, fusion-5.0.3, 503); return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE; } -- 1.8.1.5 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] VMware: Add Fusion version test
On 09/30/2013 04:00 PM, Doug Goldstein wrote: This adds a test for the version string of VMware Fusion. --- Not sure how but this was dropped from my series adding VMware Fusion that was added prior to 1.1.3-rc2. This should be safe for 1.1.3 and probably encouraged Indeed - more testing prior to the release never hurts. ACK. --- tests/vmwareverdata/fusion-5.0.3.txt | 3 +++ tests/vmwarevertest.c| 1 + 2 files changed, 4 insertions(+) create mode 100644 tests/vmwareverdata/fusion-5.0.3.txt -- Eric Blake eblake redhat com+1-919-301-3266 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] Availability of release candidate 2 of libvirt-1.1.3
On Sun, Sep 29, 2013 at 4:16 AM, Daniel Veillard veill...@redhat.comwrote: As planned I tagged rc2 in git and pushed tarball and rpms to the usual place at: ftp://libvirt.org/libvirt/ seems to behave correctly on my limited testing, please give it a try too. i will try to push 1.1.3 final on Tuesday or Wednesday depending on time available and feedback. thanks ! Daniel Looks good here. https://redports.org/buildarchive/20130930215801-5110/ -jgh -- Jason Helfman | FreeBSD Committer j...@freebsd.org | http://people.freebsd.org/~jgh | The Power to Serve -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] Availability of release candidate 2 of libvirt-1.1.3
On Sun, Sep 29, 2013 at 6:16 AM, Daniel Veillard veill...@redhat.com wrote: As planned I tagged rc2 in git and pushed tarball and rpms to the usual place at: ftp://libvirt.org/libvirt/ seems to behave correctly on my limited testing, please give it a try too. i will try to push 1.1.3 final on Tuesday or Wednesday depending on time available and feedback. thanks ! Daniel -- Daniel Veillard | Open Source and Standards, Red Hat veill...@redhat.com | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ http://veillard.com/ | virtualization library http://libvirt.org/ -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list fwiw, tested this on Mac OS X. Simple virsh commands work fine and the only issues that remain are the ones discussed in the rc1 thread that we won't be fixing for 1.1.3 but I will try to have some patches for shortly. -- Doug Goldstein -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] VMware: Add Fusion version test
On Mon, Sep 30, 2013 at 5:29 PM, Eric Blake ebl...@redhat.com wrote: On 09/30/2013 04:00 PM, Doug Goldstein wrote: This adds a test for the version string of VMware Fusion. --- Not sure how but this was dropped from my series adding VMware Fusion that was added prior to 1.1.3-rc2. This should be safe for 1.1.3 and probably encouraged Indeed - more testing prior to the release never hurts. ACK. --- tests/vmwareverdata/fusion-5.0.3.txt | 3 +++ tests/vmwarevertest.c| 1 + 2 files changed, 4 insertions(+) create mode 100644 tests/vmwareverdata/fusion-5.0.3.txt -- Eric Blake eblake redhat com+1-919-301-3266 Libvirt virtualization library http://libvirt.org Thanks. Pushed. -- Doug Goldstein -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] struct random on FreeBSD [was: FreeBSD-8.3 build failure for amd64/i386, build archive included]
On Mon, Sep 30, 2013 at 2:27 PM, Jason Helfman j...@freebsd.org wrote: On Mon, Sep 30, 2013 at 11:50 AM, Eric Blake ebl...@redhat.com wrote: On 09/30/2013 10:09 AM, Jason Helfman wrote: So, what has to be included prior to stdlib.h for the forward declaration of struct random_data in that header to no longer be an incomplete type? Can you grep your system headers and find what all mentions struct random_data? In looking through our 8.4 Branch, here are the results of digging the tree: crypto/openssh/pkcs11.h: unsigned char *random_data, crypto/heimdal/lib/hx509/ref/pkcs11.h: unsigned char *random_data, crypto/heimdal/lib/hx509/hxtool.c:random_data(void *opt, int argc, char **argv) sys/netinet/sctp_output.c: SCTP_READ_RANDOM(randp-random_data, random_len); Not relevant. sys/netinet/sctp_header.h: uint8_t random_data[]; Maybe relevant. Can this header be picked up by some include sequence of standard-only headers, such that using stdlib.h in isolation doesn't have a problem, but stdlib.h in combination with this header causes the problem? Per another developer at FreeBSD, it seems to be a bug in 8.x branch and picking up something it shouldn't and was fixed by adding this to the configure environment: ac_cv_type_struct_random_data= Generally, Autoconf wants you to use 'ac_cv_type_struct_random_data=no', not blank. I don't know if using 'no' instead of a blank would resolve the compiler core dump you hit. Is there a mail archive where you were discussing this with the FreeBSD developers? http://redports.org/~jgh/20130930154500-61365-148605/libvirt-1.1.2.log Also, this build was on FreeBSD 8.4, although you reported the problem against FreeBSD 8.3. Let's get it resolved on one platform before bouncing around to another (at the moment, I only have a FreeBSD 8.2 environment for my own testing, so I'm not much help at the moment). -- Eric Blake eblake redhat com+1-919-301-3266 Libvirt virtualization library http://libvirt.org It all uses the same branch of code, so it won't matter what version while you are still in 8.x, unless you are running 8.x STABLE, and not a RELEASE based branch. In working with a fellow developer, this came down to gcc bugs that were addressed in later versions of FreeBSD, but was not merged from CURRENT branch to 8.x. Here is a link to the fix that I will be committing at some point today. http://people.freebsd.org/~jgh/files/libvirt-84fix.diff Here are all the buildlogs, as well: http://redports.org/buildarchive/20130930180500-15801/ -jgh -- Jason Helfman | FreeBSD Committer j...@freebsd.org | http://people.freebsd.org/~jgh | The Power to Serve -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list What's the error you're getting with -Wmissing-include-dirs? We should be testing to see if gcc supports that and not using it if its not supported. Additionally, what version of gcc are you using in 8.x? We can probably whip up a quick patch to resolve this. As far as the struct random_data, I'll let Eric work on that since he's got a better understand and more context. -- Doug Goldstein -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list