[libvirt] PATCH: better error checking for LOCAL_PEERCRED
I was debugging libvirt with OSX today, and got as far as finding the
problem with LOCAL_PEERCRED, then googled this only to find that Ryota
Ozaki had fixed the problems a few days ago!
However you still may find the following patch useful. It tightens up
the checking in the LOCAL_PEERCRED block, and in particular fixes the
unlocking of the socket in the error return path for invalid groups, by
using the same logic from SO_PEERCRED - have a 'goto cleanup' in all
return paths.
(Detail: I found that when getsockopt was being called with SOL_SOCKET,
cr_ngroups was typically 0, probably because it was uninitialised.
However once the check for this was tightened, it hung because the
socket wasn't being unlocked on return. So better to (a) initialise it
to a negative value anyway, and (b) fix the return path)
However I have not checked that NGROUPS is defined on other BSD-like
systems. You could just have if (cr.cr_ngroups = 0) instead.
Regards,
Brian Candler.
--- src/rpc/virnetsocket.c.orig2013-10-10 22:37:49.0 +0100
+++ src/rpc/virnetsocket.c2013-10-12 22:51:57.0 +0100
@@ -1157,8 +1157,10 @@
{
struct xucred cr;
socklen_t cr_len = sizeof(cr);
+int ret = -1;
virObjectLock(sock);
+cr.cr_ngroups = -1;
# if defined(__APPLE__)
if (getsockopt(sock-fd, SOL_LOCAL, LOCAL_PEERCRED, cr, cr_len)
0) {
# else
@@ -1166,20 +1168,19 @@
# endif
virReportSystemError(errno, %s,
_(Failed to get client socket identity));
-virObjectUnlock(sock);
-return -1;
+goto cleanup;
}
if (cr.cr_version != XUCRED_VERSION) {
virReportError(VIR_ERR_SYSTEM_ERROR, %s,
_(Failed to get valid client socket identity));
-return -1;
+goto cleanup;
}
-if (cr.cr_ngroups == 0) {
+if (cr.cr_ngroups = 0 || cr.cr_ngroups NGROUPS) {
virReportError(VIR_ERR_SYSTEM_ERROR, %s,
_(Failed to get valid client socket identity
groups));
-return -1;
+goto cleanup;
}
/* PID and process creation time are not supported on BSDs */
@@ -1188,8 +1189,11 @@
*uid = cr.cr_uid;
*gid = cr.cr_gid;
+ret = 0;
+
+cleanup:
virObjectUnlock(sock);
-return 0;
+return ret;
}
#else
int virNetSocketGetUNIXIdentity(virNetSocketPtr sock ATTRIBUTE_UNUSED,
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] Migration issue php-libvirt
Hi All I am trying to migrate offline domain on other URI but its not working due to this error Failure!Libvirt last error: Requested operation is not valid: domain is not running I tried to use this option but not working VIR_MIGRATE_OFFLINE Please anybody help me? Br. Umar -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCHv2] rpc: Retrieve peer PID via new getsockopt() for Mac
While LOCAL_PEERCRED on the BSDs does not return the pid information of
the peer, Mac OS X 10.8 added LOCAL_PEERPID to retrieve the pid so we
should use that when its available to get that information.
---
v2:
* Make LOCAL_PEERPID call non-fatal in case the user built the binary on
a system that supports it but then runs it on a kernel that does not
support it
---
src/rpc/virnetsocket.c | 19 ++-
1 file changed, 18 insertions(+), 1 deletion(-)
diff --git a/src/rpc/virnetsocket.c b/src/rpc/virnetsocket.c
index e8cdfa6..7126c4f 100644
--- a/src/rpc/virnetsocket.c
+++ b/src/rpc/virnetsocket.c
@@ -1195,12 +1195,29 @@ int virNetSocketGetUNIXIdentity(virNetSocketPtr sock,
return -1;
}
-/* PID and process creation time are not supported on BSDs */
+/* PID and process creation time are not supported on BSDs by
+ * LOCAL_PEERCRED.
+ */
*pid = -1;
*timestamp = -1;
*uid = cr.cr_uid;
*gid = cr.cr_gid;
+# ifdef LOCAL_PEERPID
+/* Exists on Mac OS X 10.8 for retrieving the peer's PID */
+cr_len = sizeof(*pid);
+
+if (getsockopt(sock-fd, VIR_SOL_PEERCRED, LOCAL_PEERPID, pid, cr_len)
0) {
+virReportSystemError(errno, %s,
+ _(Failed to get client socket PID));
+/* Don't treat this as fatal, but do set the value to something sane
+ * in case the user built this on a system that has LOCAL_PEERPID
+ * defined but the kernel does not actually support it.
+ */
+*pid = -1;
+}
+# endif
+
virObjectUnlock(sock);
return 0;
}
--
1.8.1.5
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 1/3] Fix exit status of lxc controller
Reviewed-by: Chen Hanxiao chenhanx...@cn.fujitsu.com
-Original Message-
From: libvir-list-boun...@redhat.com
[mailto:libvir-list-boun...@redhat.com]
On Behalf Of Daniel P. Berrange
Sent: Saturday, October 12, 2013 12:54 AM
To: libvir-list@redhat.com
Subject: [libvirt] [PATCH 1/3] Fix exit status of lxc controller
From: Daniel P. Berrange berra...@redhat.com
The LXC controller main() method initialized 'rc' to 1
rather than '-1'. In the cleanup path it will print any
error to stderr, if-and-only-if rc 0. Hence the incorrect
initialization caused errors to be lost.
Signed-off-by: Daniel P. Berrange berra...@redhat.com
---
src/lxc/lxc_controller.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c
index b881f17..1c6aed6 100644
--- a/src/lxc/lxc_controller.c
+++ b/src/lxc/lxc_controller.c
@@ -2230,7 +2230,7 @@ cleanup:
int main(int argc, char *argv[])
{
pid_t pid;
-int rc = 1;
+int rc = -1;
char *name = NULL;
size_t nveths = 0;
char **veths = NULL;
--
1.8.3.1
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 2/3] Improve error reporting with LXC controller
This would be far more convenient than checking logs.
Reviewed-by: Chen Hanxiao chenhanx...@cn.fujitsu.com
-Original Message-
From: libvir-list-boun...@redhat.com
[mailto:libvir-list-boun...@redhat.com]
On Behalf Of Daniel P. Berrange
Sent: Saturday, October 12, 2013 12:54 AM
To: libvir-list@redhat.com
Subject: [libvirt] [PATCH 2/3] Improve error reporting with LXC controller
From: Daniel P. Berrange berra...@redhat.com
The LXC code would read the log file if an LXC guest failed to
startup. There were a number of failure cases where the guest
will not start and libvirtd never gets as far as looking at the
log file.
Fix this by replacing some earlier generic errors with messages
from the log.
Signed-off-by: Daniel P. Berrange berra...@redhat.com
---
src/lxc/lxc_process.c | 31 +--
1 file changed, 25 insertions(+), 6 deletions(-)
diff --git a/src/lxc/lxc_process.c b/src/lxc/lxc_process.c
index d07ff13..840e138 100644
--- a/src/lxc/lxc_process.c
+++ b/src/lxc/lxc_process.c
@@ -980,6 +980,7 @@ int virLXCProcessStart(virConnectPtr conn,
virErrorPtr err = NULL;
virLXCDriverConfigPtr cfg = virLXCDriverGetConfig(driver);
virCgroupPtr selfcgroup;
+int status;
if (virCgroupNewSelf(selfcgroup) 0)
return -1;
@@ -1182,9 +1183,18 @@ int virLXCProcessStart(virConnectPtr conn,
VIR_WARN(Unable to seek to end of logfile: %s,
virStrerror(errno, ebuf, sizeof(ebuf)));
-if (virCommandRun(cmd, NULL) 0)
+if (virCommandRun(cmd, status) 0)
goto cleanup;
+if (status != 0) {
+if (virLXCProcessReadLogOutput(vm, logfile, pos, ebuf,
sizeof(ebuf))
= 0)
+snprintf(ebuf, sizeof(ebuf), unexpected exit status %d,
status);
+virReportError(VIR_ERR_INTERNAL_ERROR,
+ _(guest failed to start: %s), ebuf);
+goto cleanup;
+}
+
+
if (VIR_CLOSE(handshakefds[1]) 0) {
virReportSystemError(errno, %s, _(could not close handshake
fd));
goto cleanup;
@@ -1193,16 +1203,25 @@ int virLXCProcessStart(virConnectPtr conn,
/* Connect to the controller as a client *first* because
* this will block until the child has written their
* pid file out to disk created their cgroup */
-if (!(priv-monitor = virLXCProcessConnectMonitor(driver, vm)))
+if (!(priv-monitor = virLXCProcessConnectMonitor(driver, vm))) {
+VIR_ERROR(Here);
+/* Intentionally overwrite the real monitor error message,
+ * since a better one is almost always found in the logs
+ */
+if (virLXCProcessReadLogOutput(vm, logfile, pos, ebuf,
sizeof(ebuf))
0) {
+VIR_ERROR(tHere);
+virResetLastError();
+virReportError(VIR_ERR_INTERNAL_ERROR,
+ _(guest failed to start: %s), ebuf);
+}
goto cleanup;
+}
/* And get its pid */
if ((r = virPidFileRead(cfg-stateDir, vm-def-name, vm-pid)) 0)
{
-char out[1024];
-
-if (virLXCProcessReadLogOutput(vm, logfile, pos, out, 1024) 0)
+if (virLXCProcessReadLogOutput(vm, logfile, pos, ebuf,
sizeof(ebuf))
0)
virReportError(VIR_ERR_INTERNAL_ERROR,
- _(guest failed to start: %s), out);
+ _(guest failed to start: %s), ebuf);
else
virReportSystemError(-r,
_(Failed to read pid file %s/%s.pid),
--
1.8.3.1
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 2/3] Improve error reporting with LXC controller
On 11.10.2013 18:53, Daniel P. Berrange wrote:
From: Daniel P. Berrange berra...@redhat.com
The LXC code would read the log file if an LXC guest failed to
startup. There were a number of failure cases where the guest
will not start and libvirtd never gets as far as looking at the
log file.
Fix this by replacing some earlier generic errors with messages
from the log.
Signed-off-by: Daniel P. Berrange berra...@redhat.com
---
src/lxc/lxc_process.c | 31 +--
1 file changed, 25 insertions(+), 6 deletions(-)
diff --git a/src/lxc/lxc_process.c b/src/lxc/lxc_process.c
index d07ff13..840e138 100644
--- a/src/lxc/lxc_process.c
+++ b/src/lxc/lxc_process.c
@@ -980,6 +980,7 @@ int virLXCProcessStart(virConnectPtr conn,
virErrorPtr err = NULL;
virLXCDriverConfigPtr cfg = virLXCDriverGetConfig(driver);
virCgroupPtr selfcgroup;
+int status;
if (virCgroupNewSelf(selfcgroup) 0)
return -1;
@@ -1182,9 +1183,18 @@ int virLXCProcessStart(virConnectPtr conn,
VIR_WARN(Unable to seek to end of logfile: %s,
virStrerror(errno, ebuf, sizeof(ebuf)));
-if (virCommandRun(cmd, NULL) 0)
+if (virCommandRun(cmd, status) 0)
goto cleanup;
+if (status != 0) {
+if (virLXCProcessReadLogOutput(vm, logfile, pos, ebuf, sizeof(ebuf))
= 0)
+snprintf(ebuf, sizeof(ebuf), unexpected exit status %d,
status);
+virReportError(VIR_ERR_INTERNAL_ERROR,
+ _(guest failed to start: %s), ebuf);
+goto cleanup;
+}
+
+
if (VIR_CLOSE(handshakefds[1]) 0) {
virReportSystemError(errno, %s, _(could not close handshake fd));
goto cleanup;
@@ -1193,16 +1203,25 @@ int virLXCProcessStart(virConnectPtr conn,
/* Connect to the controller as a client *first* because
* this will block until the child has written their
* pid file out to disk created their cgroup */
-if (!(priv-monitor = virLXCProcessConnectMonitor(driver, vm)))
+if (!(priv-monitor = virLXCProcessConnectMonitor(driver, vm))) {
+VIR_ERROR(Here);
You probably don't want this line ^^
+/* Intentionally overwrite the real monitor error message,
+ * since a better one is almost always found in the logs
+ */
+if (virLXCProcessReadLogOutput(vm, logfile, pos, ebuf, sizeof(ebuf))
0) {
+VIR_ERROR(tHere);
Nor this one ^^.
+virResetLastError();
+virReportError(VIR_ERR_INTERNAL_ERROR,
+ _(guest failed to start: %s), ebuf);
+}
goto cleanup;
+}
/* And get its pid */
if ((r = virPidFileRead(cfg-stateDir, vm-def-name, vm-pid)) 0) {
-char out[1024];
-
-if (virLXCProcessReadLogOutput(vm, logfile, pos, out, 1024) 0)
+if (virLXCProcessReadLogOutput(vm, logfile, pos, ebuf, sizeof(ebuf))
0)
virReportError(VIR_ERR_INTERNAL_ERROR,
- _(guest failed to start: %s), out);
+ _(guest failed to start: %s), ebuf);
else
virReportSystemError(-r,
_(Failed to read pid file %s/%s.pid),
Michal
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
