You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

154944 lines
5.9 MiB

2014-10-01 Pavel Hrdina <>
domain_conf: fix domain deadlock
If you use public api virConnectListAllDomains() with second parameter
set to NULL to get only the number of domains you will lock out all
other operations with domains.
Introduced by commit 2c680804.
2014-09-30 Chris St. Pierre <>
Allow setting migration max downtime any time
This removes the artificial and unnecessary restriction that
virDomainSetMaxDowntime() only be called while a migration is in
2014-09-30 Peter Krempa <>
qemu: monitor: Avoid shadowing variable "devname" on FreeBSD
FreeBSD's compiler complains that we shadow the symbol. Sigh.
2014-09-30 Peter Krempa <>
qemu: monitor: return block stats data as a hash to avoid disk mixup
The current block stats code matched up the disk name with the actual
stats by the order in the data returned from qemu. This unfortunately
isn't right as qemu may return the disks in any order. Fix this by
returning a hash of stats and index them by the disk alias.
2014-09-30 Ján Tomko <>
Also filter out non-migratable features out of host-passthrough
Commit de0aeaf filtered them out from the host-model features,
to allow host-model to be migratable by default.
Even though they are not passed to QEMU for host-passthrough,
(and not enabled by default) filter them out too
so the user does not think the domain has them.
2014-09-30 Ján Tomko <>
Don't verify CPU features with host-passthrough
Commit fba6bc4 introduced the non-migratable invtsc feature,
breaking save/migration with host-model and host-passthrough.
On hosts with this feature present it was automatically included
in the CPU definition, regardless of QEMU support.
Commit de0aeaf stopped including it by default for host-model,
but failed to fix host-passthrough.
This commit ignores checking of CPU features with host-passthrough,
since we don't pass them to QEMU (only -cpu host is passed),
allowing domains using host-passthrough that were saved with
the broken version of libvirtd to be restored.
2014-09-29 Ján Tomko <>
Fix crash cpu_shares change event crash on domain startup
Introduced by commit 0dce260.
qemuDomainEventQueue was called with qemuDomainObjPrivatePtr instead
of virQEMUDriverPtr.
2014-09-29 Erik Skultety <>
storage: Fix logical pool fmt type
According to our documentation logical pool supports formats 'auto' and
'lvm2'. However, in storage_conf.c we previously defined storage pool
formats: unknown, lvm2. Due to backward compatibility reasons
we must continue refer to pool format type 'unknown' instead of 'auto'.
2014-09-29 Tomoki Sekiyama <>
virsh: Fix help message of allocpages
Fix info in the command definition of allocpages, which is currently
pointing info for 'capabilities'.
2014-09-27 Guido Günther <>
qemu: remove capabilities.monitor.sock when done
Prompted by
2014-09-26 Jincheng Miao <>
conf: report error in virCPUDefParseXML
When detected invalid 'memAccess', virCPUDefParseXML should report error.
2014-09-26 Ján Tomko <>
Check for NULL in qemu monitor event filter
When virConnectDomainQemuMonitorEventRegister is called with the
ignore the flag instead of crashing.
2014-09-26 Daniel P. Berrange <>
2014-09-26 Daniel P. Berrange <>
Rename tunable event constants
For the new VIR_DOMAIN_EVENT_ID_TUNABLE event we have a bunch of
constants added
This naming convention is bad for two reasons
- There is no common prefix unique for the events to both
relate them, and distinguish them from other event
- The values associated with the constants were chosen
to match the names used with virConnectGetAllDomainStats
so having EVENT in the constant name is not applicable in
that respect
This patch proposes renaming the constants to
ie, given them a common VIR_DOMAIN_TUNABLE prefix.
2014-09-26 Michal Privoznik <>
lxc_monitor_protocol: Redefine xdr_uint64_t if needed
On some systems (using libtirpc instead of glibc's
implementation), xdr_uint64_t exists rather under different name:
xdr_u_int64_t. This makes compilation fail then:
libvirt_lxc-lxc_monitor_protocol.o: In function `xdr_virLXCMonitorInitEventMsg':
/usr/local/src/libvirt/libvirt-1.1.1/src/./lxc/lxc_monitor_protocol.c:31: undefined reference to `xdr_uint64_t'
Therefore we rather mirror the d707c866 commit and redefine
xdr_uint64_t if needed.
2014-09-26 Michal Privoznik <>
qemuPrepareNVRAM: Save domain after NVRAM path generation
On a domain startup, the variable store path is generated if needed.
The path is intended to be generated only once. However, the updated
domain definition is not saved into config dir rather than state XML
only. So later, whenever the domain is destroyed and the daemon is
restarted, the generated path is forgotten and the file may be left
behind on virDomainUndefine() call.
2014-09-26 Michal Privoznik <>
remoteNodeGetFreePages: Don't alloc args.pages.pages_val
There's no one to free() it anyway. Instead, we can just pass the
provided array pointer directly.
==20039== 48 bytes in 4 blocks are definitely lost in loss record 658 of 787
==20039== at 0x4C2A700: calloc (in /usr/lib64/valgrind/
==20039== by 0x4EA661F: virAllocN (viralloc.c:191)
==20039== by 0x50386EF: remoteNodeGetFreePages (remote_driver.c:7625)
==20039== by 0x5003504: virNodeGetFreePages (libvirt.c:21379)
==20039== by 0x154625: cmdFreepages (virsh-host.c:374)
==20039== by 0x12F718: vshCommandRun (virsh.c:1935)
==20039== by 0x1339FB: main (virsh.c:3747)
2014-09-26 Tomoki Sekiyama <>
nodeinfo: fix version of nodeAllocPages
Fix comments about the version in which '.nodeAllocPages' are added.
2014-09-26 Peter Krempa <>
qemu: Always re-detect backing chain
Since 363e9a68 we track backing chain metadata when creating snapshots
the right way even for the inactive configuration. As we did not yet
update other code paths that modify the backing chain (blockpull) the
newDef backing chain gets out of sync.
After stopping of a VM the new definition gets copied to the next start
one. The new VM then has incorrect backing chain info. This patch
switches the backing chain detector to always purge the existing backing
chain and forces re-detection to avoid this issue until we'll have full
backing chain tracking support.
2014-09-26 Pavel Hrdina <>
event_example: cleanup example code for tunable event
2014-09-25 Michal Privoznik <>
virNodeAllocPages: Disallow RO connection
Due to a missing check the API can be successfully called even if
the connection is ReadOnly. Fortunately, the API hasn't been
released yet, so there's no need for a CVE.
2014-09-25 Dmitry Guryanov <>
parallels: login to parallels SDK
Add files parallels_sdk.c and parallels_sdk.h for code
which works with SDK, so libvirt's code will not mix with
dealing with parallels SDK.
To use Parallels SDK you must first call PrlApi_InitEx function,
and then you will be able to connect to a server with
PrlSrv_LoginLocalEx function. When you've done you must call
PrlApi_Deinit. So let's call PrlApi_InitEx on first .connectOpen,
count number of connections and deinitialize, when this counter
becomes zero.
2014-09-25 Dmitry Guryanov <>
parallels: build with parallels SDK
Executing prlctl command is not an optimal way to interact with
Parallels Cloud Server (PCS), it's better to use parallels SDK,
which is a remote API to paralles dispatcher service.
We prepared opensource version of this SDK and published it on
github, it's distributed under LGPL license. Here is a git repo:
To build with parallels SDK user should get compiler and linker
options from pkg-config 'parallels-sdk' file. So fix checks in
configure script and build with parallels SDK, if that pkg-config
file exists and add gcc options to makefile.
2014-09-25 Michal Privoznik <>
virnetserver: Raise log level of max_clients related messages
We have these configuration knobs, like max_clients and
max_anonymous_clients. They limit the number of clients
connected. Whenever the limit is reached, the daemon stops
accepting new ones and resumes if one of the connected clients
disconnects. If that's the case, a debug message is printed into
the logs. And when the daemon starts over to accept new clients
too. However, the problem is the messages have debug priority.
This may be unfortunate, because if the daemon stops accepting
new clients all of a sudden, and users don't have debug logs
enabled they have no idea what's going on. Raise the messages
level to INFO at least.
2014-09-25 Pavel Hrdina <>
polkit_driver: fix possible segfault
The changes in commit c7542573 introduced possible segfault. Looking
deeper into the code and the original code before the patch series were
applied I think that we should report error for each function failure
and also we shouldn't call some of the function twice.
Found by coverity.
2014-09-25 Pavel Hrdina <>
blkdeviotune: trigger tunable event for blkdeviotune updates
Use the universal tunable event to report changes to user. All
blkdeviotune values are prefixed with "blkdeviotune".
blkdeviotune: fix bug with saving values into live XML
When you updated some blkdeviotune values for running domain the values
were stored only internally, but not saved into the live XML so they
won't survive restarting the libvirtd.
Fix build without polkit
The commit 1b854c76 introduced a new function 'virPolkitCheckAuth' and
in the #else section when you don't have polkit all attributes should be
tunable_event: extend debug message and tweak limit for remote message
It would be nice to also print a params pointer and number of params in
the debug message and the previous limit for number of params in the rpc
message was too large. The 2048 params will be enough for future events.
2014-09-25 Michal Privoznik <>
virsh: Expose virNodeAllocPages
The new virsh command is named 'allocpages'.
nodeinfo: Implement nodeAllocPages
And add stubs to other drivers like: lxc, qemu, uml and vbox.
virnuma: Introduce virNumaSetPagePoolSize
This internal API can be used to allocate or free some pages in
the huge pages pool.
Introduce virNodeAllocPages
A long time ago in a galaxy far, far away it has been decided
that libvirt will manage not only domains but host as well. And
with my latest work on qemu driver supporting huge pages, we miss
the cherry on top: an API to allocate huge pages on the run.
Currently users are forced to log into the host and adjust the
huge pages pool themselves. However, with this API the problem
is gone - they can both size up and size down the pool.
nodeGetFreePages: Push forgotten change
In the previous patch I've changed the for loop bounds but forgot
to 'git add' changes that adapt the rest of the code.
2014-09-25 Cole Robinson <>
security: Fix labelling host devices (bz 1145968)
The check for ISCSI devices was missing a check of subsys type, which
meant we could skip labelling of other host devices as well. This fixes
USB hotplug on F21
2014-09-24 Pavel Hrdina <>
Fix MinGW build
When building on mingw the format string for long long/unsigned long
long have to be I64d/I64u instead of lld/llu.
2014-09-24 Daniel P. Berrange <>
Convert polkit code to use DBus API instead of CLI helper
Spawning the pkcheck program every time a permission check is
required is hugely expensive on CPU. The pkcheck program is just
a dumb wrapper for the DBus API, so rewrite the code to use the
DBus API directly. This also simplifies error handling a bit.
2014-09-24 Daniel P. Berrange <>
Support passing dict by reference for dbus messages
Currently DBus dict values must be passed inline
"key1", "val1",
"key2", "val2",
"key3", "val3");
&key1, &val1,
&key2, &val2,
&key3, &val3);
This allows them to be passed by reference
const char **dictin = {
"key1", "val1",
"key2", "val2",
"key3", "val3"
char **dictout;
size_t ndictout;
2014-09-24 Daniel P. Berrange <>
Convert remote daemon & acl code to use polkit API
Convert the remote daemon auth check and the access control
code to use the common polkit API for checking auth.
Convert callers to use typesafe APIs for getting identity attrs
Convert virAccessDriverPolkitFormatProcess to use typesafe API
for getting process ID attribute.
Convert callers to use typesafe APIs for setting identity attrs
Update virNetServerClientCreateIdentity and virIdentityGetSystem
to use the new typesafe APIs for setting identity attributes
Add typesafe APIs for virIdentity attributes
Instead of requiring the caller to format to/from strings,
add typesafe APIs todo this work.
2014-09-24 Daniel P. Berrange <>
Add common API for doing polkit authentication
There are now two places in libvirt which use polkit. Currently
they use pkexec, which is set to be replaced by direct DBus API
calls. Add a common API which they will both be able to use for
this purpose.
No tests are added at this time, since the impl will be gutted
in favour of a DBus API call shortly.
2014-09-24 Ján Tomko <>
qemu: wire up virtio-net segment offloading options
Format the segment offloading options specified by
<host .../>
<guest .../>
on virtio-net command line.
conf: add options for disabling segment offloading
Add options for tuning segment offloading:
<host csum='off' gso='off' tso4='off' tso6='off'
ecn='off' ufo='off'/>
<guest csum='off' tso4='off' tso6='off' ecn='off' ufo='off'/>
which control the respective host_ and guest_ properties
of the virtio-net device.
2014-09-24 Jincheng Miao <>
nodeinfo: fix nodeGetFreePages when max node is zero
In nodeGetFreePages, if startCell is given by '0',
and the max node number is '0' too. The for-loop
wouldn't be executed.
So convert it to while-loop.
> virsh freepages --cellno 0 --pagesize 4
error: internal error: no suitable info found
> virsh freepages --cellno 0 --pagesize 4
4KiB: 472637
2014-09-24 Chen Hanxiao <>
LXC: emphasis uid start of idmap only accept '0' in docs
We don't accept any other values except '0'.
2014-09-24 Pavel Hrdina <>
Fix bug with loading bridge name for active domain during libvirtd start
If you have a bridge network in running domain and libvirtd is restarted
the information about host bridge interface is lost from live xml.
2014-09-24 Peter Krempa <>
storage: Improve error message when traversing backing chains
Report also the name of the parent file and uid/gid used to access it to
help debugging broken storage configurations.
2014-09-24 Peter Krempa <>
qemu: Report better errors from broken backing chains
Request erroring out from the backing chain traveller and drop qemu's
internal backing chain integrity tester.
The backing chain traveller reports errors by itself with possibly more
detail than qemuDiskChainCheckBroken ever could.
We also need to make sure that we reconnect to existing qemu instances
even at the cost of losing the backing chain info (this really should be
stored in the XML rather than reloaded from disk, but that needs some
2014-09-24 Peter Krempa <>
qemu: Sanitize argument names and empty disk check in qemuDomainDetermineDiskChain
Reuse virStorageSourceIsEmpty and rename "force" argument to
2014-09-24 Peter Krempa <>
util: storage: Allow metadata crawler to report useful errors
Add a new parameter to virStorageFileGetMetadata that will break the
backing chain detection process and report useful error message rather
than having to use virStorageFileChainGetBroken.
This patch just introduces the option, usage will be provided
2014-09-24 Jim Fehlig <>
libvirt-guests: run after
When libvirt-guests is configured to start guests on host
boot, it is possible for guests start and read the host
clock before it is synchronized. Services such as
libvirt-guests that require correct time should use the
Special Passive System Unit
2014-09-24 Pavel Hrdina <>
cputune_event: queue the event for cputune updates
Now we have universal tunable event so we can use it for reporting
changes to user. The cputune values will be prefixed with "cputune" to
distinguish it from other tunable events.
add an example how to use tunable event
event: introduce new event for tunable values
This new event will use typedParameters to expose what has been actually
updated and the reason is that we can in the future extend any tunable
values or add new tunable values. With typedParameters we don't have to
worry about creating some other events, we will just use this universal
event to inform user about updates.
2014-09-23 Jiri Denemark <>
qemu: Fix memory leak in RDMA migration code
2014-09-23 Martin Kletzander <>
conf: sanitize tap and vhost paths
2014-09-23 Michal Privoznik <>
qemuBuildNumaArgStr: Discard def->cpu check
In the function at one place we check if def->cpu is NULL prior
to accessing def->cpu->ncells. Then, later in the code,
def->cpu->ncells is accessed directly, without the check. This
makes coverity unhappy, because the first check makes it think
def->cpu can be NULL. However, the function is not called if
def->cpu is NULL. Therefore, remove the first check and hopefully
make coverity cheer again.
nodeinfo: Prefer MIN in nodeGetFreePages
It's better to use a macro instead of if-else construct.
2014-09-23 Pavel Hrdina <>
domain_conf: separate structures from virDomainDef
Cleanup virDomanDef structure from other nested structure and create
separate type definition for them.
Fix a typo in virDomainHugePage.
2014-09-23 Jincheng Miao <>
Fix typo of virNodeGetFreePages comment
nodeinfo: report error when given node is out of range
2014-09-23 Jincheng Miao <>
virsh-host: fix pagesize unit of freepages
The unit of '--pagesize' of freepages is kibibytes.
2014-09-23 Michael R. Hines <>
qemu: Memory pre-pinning support for RDMA migration
RDMA Live migration requires registering memory with the hardware, and
thus QEMU offers a new 'capability' to pre-register / mlock() the guest
memory in advance for higher RDMA performance before the migration
begins. This capability is disabled by default, which means QEMU will
register the memory with the hardware in an on-demand basis.
This patch exposes this capability with the following example usage:
virsh migrate --live --rdma-pin-all --migrateuri rdma://hostname domain qemu+ssh://hostname/system
2014-09-23 Michael R. Hines <>
qemu: RDMA migration support
This patch adds support for RDMA protocol in migration URIs.
USAGE: $ virsh migrate --live --migrateuri rdma://hostname domain qemu+ssh://hostname/system
Since libvirt runs QEMU in a pretty restricted environment, several
files needs to be added to cgroup_device_acl (in qemu.conf) for QEMU to
be able to access the host's infiniband hardware. Full documenation of
the feature can be found on QEMU wiki:
2014-09-23 Jiri Denemark <>
qemu: Add RDMA migration capabilities
qemu: Prepare support for arbitrary migration protocol
Currently we only support TCP protocol for native QEMU migration but
this is going to be changed. Let's make the code more general and remove
hardcoded TCP protocol from several places.
qemu: Fix old tcp:host URIs more cleanly
For compatibility with old libvirt we need to support both tcp:host and
tcp://host migration URIs. Let's make the code that parses them a bit
2014-09-23 Michael R. Hines <>
qemu: Expose additional migration statistics
RDMA migration uses the 'setup' state in QEMU to optionally lock
all memory before the migration starts. The total time spent in
this state is exposed as VIR_DOMAIN_JOB_SETUP_TIME.
Additionally, QEMU also exports migration throughput (mbps) for both
memory and disk, so let's add them too: VIR_DOMAIN_JOB_MEMORY_BPS,
2014-09-23 Chen Fan <>
cpu: fix wrong single quote mark
2014-09-22 Daniel P. Berrange <>
cpu: remove repeated word in error message
2014-09-22 Giuseppe Scrivano <>
qemu: raise an error when trying to use readonly sata disks
commit 72f919f558902968bd0cf9f99f25ac62cbfe3ac6 introduced an user
friendly error message when trying to use IDE disks as readonly.
Do the same thing for the SATA bus.
2014-09-22 Peter Krempa <>
qemu: hook: Provide hook when restoring a domain save image
2014-09-22 Jianwei Hu <>
docs: specify vhost-net instead of net-vhost
For the tap backend the default is specified and the same should be
done for the vhost attribute.
schema: properly set tap and vhost backend attributes optional
Each attribute is optional, commit af8b4a2 forgot to mention that.
2014-09-22 Peter Krempa <>
qemu: save image: Split out checks done only when editing the save img
Move them to the single corresponding function rather than having them
in the common chunk of code.
qemu: save image: Split out new definition check/update
Split out the call to the update method only to places where it is
actually used rather than having a mega-method that does all the stuff.
qemu: save image: Add possibility to return XML stored in the image
Add a new parameter that will allow to return the XML stored in the save
image for further manipulation and adjust the callers. This option will
be used in later patches.
qemu: save image: Split out user provided XML checker
Extract code used to check save image XMLs provided by users to separate
2014-09-19 Jim Fehlig <>
libxl: Drop driver lock in libxlDomainDefineXML
There is no need to acquire the driver-wide lock in
libxlDomainDefineXML. When switching to jobs in the libxl
driver, most driver-wide locks were removed. The locking here
was preserved since I mistakenly thought virDomainObjListAdd
needed protection. This is not the case, so remove the
unnecessary locking.
2014-09-19 John Ferlan <>
qemu: Process the hostdev "rawio" setting
Mimic the "Disk" processing for 'rawio', but for a scsi_host hostdev
lun device.
hostdev: Add "rawio" attribute to _virDomainHostdevSubsysSCSI
Add the 'rawio' attribute to match _virDomainDiskDef and process the
hostdev XML similarly to the disk XML for a lun which supports/requires rawio
domain_conf: Change virDomainDiskDef 'rawio' to use virTristateBool
Adjust disk definition for 'rawio' to use the TristateBool logic
2014-09-19 John Ferlan <>
qemu: Add missing goto on rawio
Commit id '9a2f36ec' added a build conditional of CAP_SYS_RAWIO
in order to determine whether or not a disk definition using rawio
should be allowed on platforms without CAP_SYS_RAWIO. If one was
found, virReportError was used but the code didn't goto cleanup.
This patch adds the goto.
2014-09-19 Chen Hanxiao <>
LXC: add HOME environment variable docs
add HOME environment variable.
Add a doc for this.
2014-09-19 Pavel Hrdina <>
Move the FIPS detection from capabilities
We are not detecting the presence of FIPS from QEMU, but from procfs and
that means it's not QEMU capability. It was decided that we will pass
this flag to QEMU even if it's not supported by old QEMU binaries.
This patch also reverts changes done by commit a21cfb0f to
qemucapabilitestest and implements a new test case in qemuxml2argvtest.
2014-09-19 Michal Privoznik <>
virSecuritySELinuxSetTapFDLabel: Temporarily revert to old behavior
A long time ago I've implemented support for so called multiqueue
net. The idea was to let guest network traffic be processed by
multiple host CPUs and thus increasing performance. However, this
behavior is enabled by QEMU via special ioctl() iterated over the
all tap FDs passed in by libvirt. Unfortunately, SELinux comes in
and disallows the ioctl() call because the /dev/net/tun has label
system_u:object_r:tun_tap_device_t:s0 and 'attach_queue' ioctl()
is not allowed on tun_tap_device_t type. So after discussion with
a SELinux developer we've decided that the FDs passed to the QEMU
should be labelled with svirt_t type and SELinux policy will
allow the ioctl(). Therefore I've made a patch
(cf976d9dcf4e592261b14f03572) that does exactly this. The patch
was fixed then by a4431931393aeb1ac5893f121151fa3df4fde612 and
b635b7a1af0e64754016d758376f382470bc11e7. However, things are not
that easy - even though the API to label FD is called
(fsetfilecon_raw) the underlying file is labelled too! So
effectively we are mangling /dev/net/tun label. Yes, that broke
dozen of other application from openvpn, or boxes, to qemu
running other domains.
The best solution would be if SELinux provides a way to label an
FD only, which could be then labeled when passed to the qemu.
However that's a long path to go and we should fix this
regression AQAP. So I went to talk to the SELinux developer again
and we agreed on temporary solution that:
1) All the three patches are reverted
2) SELinux temporarily allows 'attach_queue' on the
2014-09-18 Roman Bogorodskiy <>
docs: update zfs documentation
- docs/ document 'zfs' pool type, add it
to a list of pool types that could use source physical devices
- docs/ update a ZFS pool example XML with
source physical devices, mention that starting from 1.2.9 a
pool could be created from this devices by libvirt and in earlier
versions user still has to create a pool manually
- docs/ add an example with ZFS pools
storage: zfs: implement pool build and delete
- Provide an implementation for buildPool and deletePool operations
for the ZFS storage backend.
- Add VIR_STORAGE_POOL_SOURCE_DEVICE flag to ZFS pool poolOptions
as now we can specify devices to build pool from
- storagepool.rng: add an optional 'sourceinfodev' to 'sourcezfs' and
add an optional 'target' to 'poolzfs' entity
- Add a couple of tests to storagepoolxml2xmltest
2014-09-18 Ján Tomko <>
audit: fix memory leak without WITH_AUDIT
Free str unconditionally since we allocate it without WITH_AUDIT
audit: remove redundant NULL assignment
virVasprintf sets the output to NULL on failure.
Fixes for domains with no iothreads
Plug a memory leak and silence a warning.
Fix leak in x86UpdateHostModel
Commit de0aeaf introduced a memory leak.
2014-09-18 Erik Skultety <>
Fix libvirtd crash when removing metadata
When trying to remove nonexistent metadata from XML, libvirt daemon
crashes due to dereferencing NULL pointer.
2014-09-18 John Ferlan <>
qemu: Don't fail startup/attach for IOThreads if no JSON
If the qemu being used doesn't support JSON, then querying for IOThread
data would fail. In that case, ensure the *iothreads is NULL and return 0
as the count of iothreads available.
2014-09-18 Roman Bogorodskiy <>
Fix build in qemu_command
Currently, build with clang fails with:
CC qemu/libvirt_driver_qemu_impl_la-qemu_command.lo
qemu/qemu_command.c:6580:58: error: implicit conversion from enumeration type
'virMemAccess' to different enumeration type 'virTristateSwitch'
virTristateSwitch memAccess = def->cpu->cells[i].memAccess;
~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~^~~~~~~~~
1 error generated.
Fix that by using virMemAccess instead of virTristateSwitch.
2014-09-18 Roman Bogorodskiy <>
Fix build in qemu_capabilities
Commit f05b6a91 added virQEMUDriverConfigPtr argument to the
virQEMUCapsFillDomainCaps function and it uses forward declaration
of virQEMUDriverConfig and virQEMUDriverConfigPtr that casues clang
build to fail:
gmake[3]: Entering directory `/usr/home/novel/code/libvirt/src'
CC qemu/libvirt_driver_qemu_impl_la-qemu_capabilities.lo
In file included from qemu/qemu_capabilities.c:43:
In file included from qemu/qemu_hostdev.h:27:
qemu/qemu_conf.h:63:37: error: redefinition of typedef 'virQEMUDriverConfig'
is a C11 feature [-Werror,-Wtypedef-redefinition]
typedef struct _virQEMUDriverConfig virQEMUDriverConfig;
qemu/qemu_capabilities.h:328:37: note: previous definition is here
typedef struct _virQEMUDriverConfig virQEMUDriverConfig;
Fix that by passing loader and nloader config attributes directly
instead of passing complete config.
2014-09-18 Roman Bogorodskiy <>
bhyve: tests: fix build
Commit b20d39a introduced a new argument for the
virNetDevTapCreateInBridgePort function, however, its mock
in bhyve tests wasn't updated, so the build failed.
Fix build by adding this new argument to the mock version.
2014-09-18 Ján Tomko <>
qemu: fix crash with shared disks
Commit f36a94f introduced a double free on all success paths
in qemuSharedDeviceEntryInsert.
Only call qemuSharedDeviceEntryFree on the error path and
set entry to NULL before jumping there if the entry already
is in the hash table.
2014-09-18 Peter Krempa <>
qemu: Improve check for local storage
Now that we have a simple function to check locality of storage, reuse
it in qemuDomainCheckDiskPresence().
Also reuse check for empty storage source.
2014-09-18 Peter Krempa <>
qemu: Drop unused formatting of uuid
The formatted UUID isn't used anywhere else in
qemuDomainCheckDiskStartupPolicy. Drop it.
2014-09-18 Wang Yufei <>
maint: clean up _virDomainMemoryStat
Clean up all _virDomainMemoryStat.
maint: clean up _virDomainBlockStats
Clean up all _virDomainBlockStats.
maint: clean up _virDomainInterfaceStats
Clean up all _virDomainInterfaceStats.
2014-09-18 Peter Krempa <>
CVE-2014-3633: qemu: blkiotune: Use correct definition when looking up disk
Live definition was used to look up the disk index while persistent one
was indexed leading to a crash in qemuDomainGetBlockIoTune. Use the
correct def and report a nice error.
Unfortunately it's accessible via read-only connection, though it can
only crash libvirtd in the cases where the guest is hot-plugging disks
without reflecting those changes to the persistent definition. So
avoiding hotplug, or doing hotplug where persistent is always modified
alongside live definition, will avoid the out-of-bounds access.
Introduced in: eca96694a7f992be633d48d5ca03cedc9bbc3c9aa (v0.9.8)
Reported-by: Luyao Huang <>
2014-09-18 Michal Privoznik <>
qemu: Honor hugepages for UMA domains
There are two ways how to tell qemu to use huge pages. The first one
is suitable for domains with NUMA nodes: the path to hugetlbfs mount
is appended to NUMA node definition on the command line. The second
one is suitable for UMA domains: here there's this global '-mem-path'
argument that accepts path to the hugetlbfs mount point. However, the
latter case was not used for all the cases that it should be. For
<page size='2048' unit='KiB' nodeset='0'/>
didn't trigger the '-mem-path' so the huge pages - despite being
configured - were not used at all.
2014-09-18 Michal Privoznik <>
conf: Disallow nonexistent NUMA nodes for hugepages
As of 136ad4974 it is possible to specify different huge pages per
guest NUMA node. However, there's no check if nodeset specified in
./hugepages/page contains only those guest NUMA nodes that exist.
In other words with current code it is possible to define meaningless
<page size='1048576' unit='KiB' nodeset='0,2-3'/>
<page size='2048' unit='KiB' nodeset='1,4'/>
<vcpu placement='static'>4</vcpu>
<cell id='0' cpus='0' memory='1048576'/>
<cell id='1' cpus='1' memory='1048576'/>
<cell id='2' cpus='2' memory='1048576'/>
<cell id='3' cpus='3' memory='1048576'/>
Notice the node 4 in <hugepages/>?
2014-09-18 Peter Krempa <>
man: virsh: Add docs for supported stats groups
Document the fields returned.
lib: Document that virConnectGetAllDomainStats may omit some stats fields
Add a note to make the users aware that some stats groups or fields may
be missing in certain cases.
lib: De-duplicate stats group documentation for all stats functions
State that full stats for the stats groups are available in the
virConnectGetAllDomainStats documentation section rather than
duplicating the docs.
2014-09-18 Francesco Romani <>
virsh: add options to query bulk stats group
Add new bulk stats groups to the domstats command.
2014-09-18 Francesco Romani <>
qemu: bulk stats: implement block group
This patch implements the VIR_DOMAIN_STATS_BLOCK group of statistics.
To do so, a helper function to get the block stats of all the disks of
a domain is added.
2014-09-18 Francesco Romani <>
qemu: bulk stats: implement interface group
This patch implements the VIR_DOMAIN_STATS_INTERFACE group of
qemu: bulk stats: implement VCPU group
This patch implements the VIR_DOMAIN_STATS_VCPU group of statistics. To
do so, this patch also extracts a helper to gather the vCPU information.
qemu: bulk stats: implement balloon group
This patch implements the VIR_DOMAIN_STATS_BALLOON group of statistics.
qemu: bulk stats: implement CPU stats group
This patch implements the VIR_DOMAIN_STATS_CPU_TOTAL group of
2014-09-18 Francesco Romani <>
qemu: bulk stats: extend internal collection API
Future patches which will implement more bulk stats groups for QEMU will
need to access the connection object.
To accommodate that, a few changes are needed:
* enrich internal prototype to pass qemu driver object
* add per-group flag to mark if one collector needs monitor access or not
* If at least one collector of the requested stats needs monitor access
we must start a query job for each domain. The specific collectors
will run nested monitor jobs inside that.
* If the job can't be acquired we pass flags to the collector so
specific collectors that need monitor access can be skipped in order
to gather as much data as is possible.
2014-09-17 Michal Privoznik <>
domaincapstest: Run cleanly on systems missing OVMF firmware
As of f05b6a918e28 the test produces the list of paths that can
be passed to <loader/> and libvirt knows about them. However,
during the process of generating the list the paths are checked
for their presence. This may produce different results on
different systems. Therefore, the path - if missing - is
added to pretend it's there.
2014-09-17 Martin Kletzander <>
rpc: make daemon spawning a bit more intelligent
This way it behaves more like the daemon itself does (acquiring a
pidfile, deleting the socket before binding, etc.).
2014-09-17 Michal Privoznik <>
domaincaps: Expose UEFI binary path, if it exists
Check to see if the UEFI binary mentioned in qemu.conf actually
exists, and if so expose it in domcapabilities like
<loader ...>
We introduce some generic domcaps infrastructure for handling
a dynamic list of string values, it may be of use for future bits.
2014-09-17 Michal Privoznik <>
qemu_capabilities: Change virQEMUCapsFillDomainCaps signature
Up till now the virQEMUCapsFillDomainCaps() was type of void as
there was no way for it to fail. This is, however, going to
change in the next commit.
2014-09-17 Martin Kletzander <>
qemu: add support for shared memory mapping
docs, conf, schema: add support for shared memory mapping
schemas: finish virTristate{Bool,Switch} transition
2014-09-17 Pradipta Kr. Banerjee <>
qemu: Add support for multiple versions of 'pseries' machine type
qemu for IBM Power processor architecture is adding functionality for
supporting multiple 'pseries' machine type versions, each with different
capabilities. This patch is for supporting the same
2014-09-17 Michal Privoznik <>
domaincaps: Expose UEFI capability
As of 542899168c38 we learned libvirt to use UEFI for domains.
However, management applications may firstly query if libvirt
supports it. And this is where virConnectGetDomainCapabilities()
API comes handy.
2014-09-17 Peter Krempa <>
util: storage: Copy driver type when initializing chain element
virStorageSourceInitChainElement initializes a new storage chain element
for use as a new disk source. If the new element doesn't contain the
driver name, copy it from the old source.
This fixes issue where a disk would forget the driver after a snapshot.
2014-09-16 Peter Krempa <>
qemu: time: Report errors if agent command fails
Commit b606bbb4 broke reporting of errors when setting of guest time
fails via the guest agent as the return value is not checked and later
overwritten by the return value qemuMonitorRTCResetReinjection();
Fix this by checking the return value before resetting the RTC
2014-09-16 Ján Tomko <>
Wire up the interface backend options
Pass the user-specified tun path down when creating tap device
when called from the qemu driver.
Also honor the vhost device path specified by user.
2014-09-16 Ján Tomko <>
conf: add backend element to interfaces
For tuning the network, alternative devices
for creating tap and vhost devices can be specified via:
<backend tap='/dev/net/tun' vhost='/dev/net-vhost'/>
conf: remove redundant local variable
Use just one int variable for all the FromString calls.
conf: split out virtio net driver formatting
Instead of checking upfront if the <driver> element will be needed
in a big condition, just format all the attributes into a string
and output the <driver> element if the string is not empty.
2014-09-16 John Ferlan <>
qemu: Need to check for capability before query
Prior to trying the query-iothreads call - check if the qemu has
the capability
2014-09-16 Erik Skultety <>
network: check negative values in bridge queues
We already are checking for negative value, reporting an error, but
using wrong function and the check only succeeds when a value that
cannot be converted to number successfully is encountered. This patch
provides just a minor change in call of the right version
of function virStrToLong.
2014-09-16 Hongbin Lu <>
openvz: fixed two memory leaks on migration code
The first one occurs in openvzDomainMigratePrepare3Params() where in
case no remote uri is given, the distant hostname is used. The name is
obtained via virGetHostname() which require callers to free the
returned value.
The second leak lies in openvzDomainMigratePerform3Params(). There's a
virCommand used later. However, at the beginning of the function
virCheckFlags() is called which returns. So the command created was
2014-09-16 Michal Privoznik <>
virprocess: Extend list of platforms for setns wrapper
Currently, the setns() wrapper is supported only for x86_64 and i686
which leaves us failing to build on other platforms like arm, aarch64
and so on. This means, that the wrapper needs to be extended to those
platforms and make to fail on runtime not compile time.
The syscall numbers for other platforms was fetched using this
kernel.git $ git grep "define.*__NR_setns" | grep -e arm -e powerpc -e s390
arch/arm/include/uapi/asm/unistd.h:#define __NR_setns (__NR_SYSCALL_BASE+375)
arch/arm64/include/asm/unistd32.h:#define __NR_setns 375
arch/powerpc/include/uapi/asm/unistd.h:#define __NR_setns 350
arch/s390/include/uapi/asm/unistd.h:#define __NR_setns 339
2014-09-16 Peter Krempa <>
util: storage: Fix qcow(2) header parser according to docs
The backing store string location offset 0 determines that the file
isn't present. The string size shouldn't be then checked:
from qemu.git/docs/specs/qcow2.txt
== Header ==
The first cluster of a qcow2 image contains the file header:
Byte 0 - 3: magic
QCOW magic string ("QFI\xfb")
4 - 7: version
Version number (valid values are 2 and 3)
8 - 15: backing_file_offset
Offset into the image file at which the backing file name
is stored (NB: The string is not null terminated). 0 if the
image doesn't have a backing file.
16 - 19: backing_file_size
Length of the backing file name in bytes. Must not be
longer than 1023 bytes. Undefined if the image doesn't have
a backing file. ^^^^^^^^^
This patch intentionally leaves the backing file string size check in
place in case a malformatted file would be presented to libvirt. Also
according to the docs the string size is maximum 1023 bytes, thus this
patch adds a check to verify that.
I was also able to verify that the check was done the same way in the
legacy qcow fromat (in qemu's code).
2014-09-16 John Ferlan <>
qemu: Fix call in qemuDomainSetNumaParamsLive for virCgroupNewIOThread
Found by inspection of the "i+1" change. IOThreads are numbered 1..n
thus the virCgroupNewIOThread needs to create a 1..n value not 0 based.
qemu_cgroup: Adjust spacing around incrementor
Change "i+1" to "i + 1"
2014-09-16 John Ferlan <>
qemu: Fix iothreads issue
If there are no iothreads, then return from qemuProcessDetectIOThreadPIDs
without error; otherwise, the following occurs:
error: Failed to start domain $dom
error: An error occurred, but the cause is unknown
2014-09-16 Eric Blake <>
cputune: allow interleaved xml
I noticed this with the recent iothread pinning code, but the
problem existed longer than that. The XML validation required
users to supply <cputune> children in a strict order, even though
there was no conceptual reason why they can't occur in any order.
docs/ changes best viewed with -w
* docs/schemas/domaincommon.rng (cputune): Add interleave.
* tests/qemuxml2argvdata/qemuxml2argv-cputune-iothreads.xml: Swap
up order, copying canonical form...
* tests/qemuxml2xmloutdata/qemuxml2xmlout-cputune-iothreads.xml:
* tests/qemuxml2xmltest.c (mymain): Mark the difference.
2014-09-16 John Ferlan <>
vircgroup: Fix broken builds without cgroups
I missed adding virCgroupNewIOThread to the !VIR_CGROUP_SUPPORTED
Pushing as build breaker
2014-09-16 Laine Stump <>
network: detect conflicting route even if it is the final entry
This is a folloup to commit 5f719596, which checks for a route
conflicting with the standard libvirt default network subnet
( It turns out that $() strips the trailing newline
from the output of "ip route show", so there would be no match if the
route we were looking for was the final line of output. This can be
solved by adding ${nl} to the end of the output (just as we were
already adding it at the beginning of the output).
2014-09-16 John Ferlan <>
domain_conf: Add iothreadpin to cputune
Add an option 'iothreadpin' to the <cpuset> to allow for setting the
CPU affinity for each IOThread.
The iothreadspin will mimic the vcpupin with respect to being able to
assign each iothread to a specific CPU, although iothreads ids start
at 1 while vcpu ids start at 0. This matches the iothread naming scheme.
2014-09-16 John Ferlan <>
qemu: Allow pinning specific IOThreads to a CPU
Modify qemuProcessStart() in order to allowing setting affinity to
specific CPU's for IOThreads. The process followed is similar to
that for the vCPU's.
This involves adding a function to fetch the IOThread id's via
qemuMonitorGetIOThreads() and adding them to iothreadpids[] list.
Then making sure all the cgroup data has been properly set up and
finally assigning affinity.
2014-09-16 John Ferlan <>
qemu_cgroup: Introduce cgroup functions for IOThreads
In order to support cpuset setting, introduce qemuSetupCgroupIOThreadsPin
and qemuSetupCgroupForIOThreads to mimic the existing Vcpu API's.
These will support having an 'iotrhreadpin' element in the 'cpuset' in
order to pin named IOThreads to specific CPU's. The IOThread pin names
will follow the IOThread naming scheme starting at 1 (eg "iothread1")
up through an including the def->iothreads value.
2014-09-16 John Ferlan <>
qemu_domain: Add niothreadpids and iothreadpids
Add new 'niothreadpids' and 'iothreadpids' to mimic the 'ncpupids' and
'vcpupids' that already exist.
vircgroup: Introduce virCgroupNewIOThread
Add virCgroupNewIOThread() to mimic virCgroupNewVcpu() except the naming
scheme with use "iothread" rather than "vcpu".
qemu: Issue query-iothreads and to get list of active IOThreads
Generate infrastructure and test to handle fetching the QMP
IOThreads data.
2014-09-16 John Ferlan <>
virsh: Add iothread to 'attach-disk'
Add an iothread parameter to allow attaching to an IOThread, such as:
virsh attach-disk $dom $source $target --live --config --iothread 2 \
--targetbus virtio --driver qemu --subdriver raw --type disk
2014-09-15 Martin Kletzander <>
util: Fix copy-paste error in virXPathLongLong description
2014-09-15 Erik Skultety <>
network: check for invalid forward delay time
When spanning tree protocol is allowed in bridge settings, forward delay
value is set as well (default is 0 if omitted). Until now, there was no
check for delay value validity. Delay makes sense only as a positive
numerical value.
Note: However, even if you provide positive numerical value, brctl
utility only uses values from range <2,30>, so the number provided can
be modified (kernel most likely) to fall within this range.
2014-09-15 John Ferlan <>
qemu: Fix build breaker on printf directive
%zu for size_t not %lu
2014-09-15 John Ferlan <>
daemon: Resolve Coverity FORWARD_NULL
Coverity complains that the comparison:
if (nfds && nfds > ((int)!!sock_path + (int)!!sock_path_ro))
could mean 'sock_path' is NULL. Later in virNetSocketNewListenUNIX
there's a direct dereference of path in the error path:
if (path[0] != '@')
A bit of sleuthing proves that upon entry to daemonSetupNetworking
there is no way for 'sock_path' to be NULL since daemonUnixSocketPaths
will set up 'sock_file' (although it may not set up 'sock_file_ro')
in all 3 paths.
Adjusted code to add ATTRIBUTE_NONNULL(3) on incoming path parameter and
then fixup the comparison of nfds to be a comparison against 2 or 1
depending on whether sock_path_ro is NULL or not.
2014-09-15 John Ferlan <>
qemu: Resolve Coverity BAD_SIZEOF
Coverity complains about the calculation of the buf & len within
the PROBE macro. So to quiet things down, do the calculation prior
to usage in either write() or qemuMonitorIOWriteWithFD() calls and
then have the PROBE use the calculated values - which works.
Resolve Coverity CHECKED_RETURN
Coverity complained that checking the return of virDomainCreate()
was not consistent amongst the callers - so added the return check
to the objecteventtest.c and adjust the virt-login-shell to compare
< 0 rather than just non zero for the failure condition.
virsh: Resolve Coverity DEADCODE
Coverity complains that on the first pass through the for loop that
'params' cannot be true, thus the ternary setting to "&" cannot be
done. Since we can only ever get to this point once, drop the ternary
domain_conf: Resolve Coverity COPY_PASTE_ERROR
Seems when commit id 'ea130e3b' added the checks to ensure each of
the hard_limit, soft_limit, and swap_hard_limit wasn't set at
VIR_DOMAIN_MEMORY_PARAM_UNLIMITED - a copy/paste error of using
the 'hard_limit' for each comparison was done. Adjust the code.
2014-09-15 John Ferlan <>
virtime: Resolve Coverity DEADCODE
Coverity complains that because of how 'offset' is initialized to
0 (zero), the resulting math and comparison on rem is pointless.
According to the origin commit id '3ec128989', the code is a
replacement for gmtime(), but without the localtime() or GMT
calculations - so just remove this code and add a comment
indicating the removal
2014-09-15 John Ferlan <>
remote_driver: Resolve Coverity RESOURCE_LEAK
Since 98b9acf5aa02551dd37d0209339aba2e22e4004a
This was a false positive where Coverity was complaining that the
remoteDeserializeTypedParameters() could allocate 'params', but
none of the callers could return the allocated memory back to their
caller since on input the param was passed by value. Additionally,
the flow of the code was that if params was NULL on entry, then each
function would return 'nparams' as the number of params entries the
caller would need to allocate in order to call the function again
with 'nparams' and 'params' being set. By the time the deserialize
routine was called params would have something. For other callers
where the 'params' was passed by reference as NULL since it's expected
that the deserialize allocates the memory and then have that passed
back to the original caller to dispose there was no Coverity issue.
As it turns out Coverity didn't quite seem to understand the
relationship between 'nparams' and 'params'; however, if the
!userAllocated path of the deserialize code compared against
limit in any manner, then the Coverity error went away which
was quite strange, but useful.
As it turns out one code path remoteDomainGetJobStats had a
comparison against 'limit' while another remoteConnectGetAllDomainStats
did not assuming that limit would be checked. So I refactored the
code a bit to cause the limit check to occur in deserialize for
both conditions and then only made the check of current returned
size against the incoming *nparams fail the non allocation case.
This means the job code doesn't need to check the limit any more,
while the stats code now does check the limit.
Additionally, to help perhaps decipher which of the various
callers to the deserialize code caused the failure - I used
a #define to pass the __FUNCNAME__ of the caller along so that
error messages could have something like:
error: remoteConnectGetAllDomainStats: too many parameters '2' for nparams '0'
error: Reconnected to the hypervisor
(it's a contrived error just to show the funcname in the error)
2014-09-15 Lubomir Rintel <>
node_device_udev: Try harder to get human readable vendor:product
The manufacurer and product from USB device itself are usually not particularly
useful -- they tend to be missing, or ugly (all-uppercase, padded with spaces,
etc.). Prefer what's in the usb id database and fall back to descriptors only
if the device is too new to be in database.
2014-09-15 Hongbin Lu <>
add migration support for OpenVZ driver
This patch adds initial migration support to the OpenVZ driver,
using the VIR_DRV_FEATURE_MIGRATION_PARAMS family of migration
2014-09-15 Martin Kletzander <>
util: get rid of unnecessary umask() call
util: fix potential leak in error codepath
remove redundant pidfile path constructions
rpc: reformat the flow to make a bit more sense
Just remove useless "else". Best viewed with '-w'.
2014-09-15 Laine Stump <>
network: try to eliminate default network conflict during package install
Sometimes libvirt is installed on a host that is already using the
network If the libvirt-daemon-config-network package
is installed, this creates a conflict, since that package has been
hard-coded to create a virtual network that also uses In the past libvirt has attempted to warn of /
remediate this situation by checking for conflicting routes when the
network is started, but it turns out that isn't always useful (for
example in the case that the *other* interface/network creating the
conflict hasn't yet been started at the time libvirtd start its own
This patch attempts to catch the problem earlier - at install
time. During the %post install script for
libvirt-daemon-config-network, we use a case statement to look through
the output of "ip route show" for a route that exactly matches, and if found we search for a similar route that
*doesn't* match (e.g. (note that the search starts
with "124" instead of 123 because of reports of people already
modifying their L1 host's network to in an attempt to
solve exactly the problem we are also trying to solve). When we find
an available route, we just replace all occurrences of "122" in the
default.xml that is being created with the newly found 192.168
subnet. This could obviously be made more complicated - examine the
template defaul.xml to automatically determine the existing network
address and mask rather than hard coding it in the specfile, etc, but
this scripting is simpler and gets the job done as long as we continue
to use in the template. (If anyone with mad bash
skillz wants to suggest something to do that, by all means please do).
This is intended to at least "further reduce" occurrence of the
problems detailed in:
2014-09-12 Eric Blake <>
blockjob: allow finer bandwidth tuning for set speed
We stupidly modeled block job bandwidth after migration
bandwidth, which in turn was an 'unsigned long' and therefore
subject to 32-bit vs. 64-bit interpretations. To work around
the fact that 10-gigabit interfaces are possible but don't fit
within 32 bits, the original interface took the number scaled
as MiB/sec. But this scaling is rather coarse, and it might
be nice to tune bandwidth finer than in megabyte chunks.
Several of the block job calls that can set speed are fed
through a common interface, so it was easier to adjust them all
at once. Note that there is intentionally no flag for the new
virDomainBlockCopy; there, since the API already uses a 64-bit
type always, instead of a possible 32-bit type, and is brand
new, it was easier to just avoid scaling issues. As with the
previous patch that adjusted the query side (commit db33cc24),
omitting the new flag preserves old behavior, and the
documentation now mentions limits of what happens when a 32-bit
machine is on either client or server side.
* include/libvirt/ (virDomainBlockJobSetSpeedFlags)
* src/libvirt.c (virDomainBlockJobSetSpeed, virDomainBlockPull)
(virDomainBlockRebase, virDomainBlockCommit): Document them.
* src/qemu/qemu_driver.c (qemuDomainBlockJobSetSpeed)
(qemuDomainBlockPull, qemuDomainBlockRebase)
(qemuDomainBlockCommit, qemuDomainBlockJobImpl): Support new flag.
2014-09-12 Eric Blake <>
blockcopy: add qemu implementation of new tunables
Upstream qemu 1.4 added some drive-mirror tunables not present
when it was first introduced in 1.3. Management apps may want
to set these in some cases (for example, without tuning
granularity down to sector size, a copy may end up occupying
more bytes than the original because an entire cluster is
copied even when only a sector within the cluster is dirty,
although tuning it down results in more CPU time to do the
copy). I haven't personally needed to use the parameters, but
since they exist, and since the new API supports virTypedParams,
we might as well expose them.
Since the tuning parameters aren't often used, and omitted from
the QMP command when unspecified, I think it is safe to rely on
qemu 1.3 to issue an error about them being unsupported, rather
than trying to create a new capability bit in libvirt.
Meanwhile, all versions of qemu from 1.4 to 2.1 have a bug where
a bad granularity (such as non-power-of-2) gives a poor message:
error: internal error: unable to execute QEMU command 'drive-mirror': Invalid parameter 'drive-virtio-disk0'
because of abuse of QERR_INVALID_PARAMETER (which is supposed to
name the parameter that was given a bad value, rather than the
value passed to some other parameter). I don't see that a
capability check will help, so we'll just live with it (and it
has since been improved in upstream qemu).
* src/qemu/qemu_monitor.h (qemuMonitorDriveMirror): Add
* src/qemu/qemu_monitor.c (qemuMonitorDriveMirror): Likewise.
* src/qemu/qemu_monitor_json.h (qemuMonitorJSONDriveMirror):
* src/qemu/qemu_monitor_json.c (qemuMonitorJSONDriveMirror):
* src/qemu/qemu_driver.c (qemuDomainBlockCopyCommon): Likewise.
(qemuDomainBlockRebase, qemuDomainBlockCopy): Adjust callers.
* src/qemu/qemu_migration.c (qemuMigrationDriveMirror): Likewise.
* tests/qemumonitorjsontest.c (qemuMonitorJSONDriveMirror): Likewise.
2014-09-12 Eric Blake <>
blockcopy: add qemu implementation of new API
The hard part of managing the disk copy is already coded; all
this had to do was convert the XML and virTypedParameters into
the internal representation.
With this patch, all blockcopy operations that used the old
API should also work via the new API. Additional extensions,
such as supporting the granularity tunable or a network rather
than file destination, will be added as later patches.
* src/qemu/qemu_driver.c (qemuDomainBlockCopy): New function.
2014-09-12 Eric Blake <>
blockcopy: tweak how rebase calls into copy
In order to implement the new virDomainBlockCopy, the existing
block copy internal implementation needs to be adjusted. The
new function will parse XML into a storage source, and parse
typed parameters into integers, then call into the same common
backend. For now, it's easier to keep the same implementation
limits that only local file destinations are suported, but now
the check needs to be explicit. Similar to qemuDomainBlockJobImpl
consuming 'vm', this code also consumes the caller's 'mirror'
description of the destination.
* src/qemu/qemu_driver.c (qemuDomainBlockCopy): Rename...
(qemuDomainBlockCopyCommon): ...and adjust parameters.
(qemuDomainBlockRebase): Adjust caller.
2014-09-12 Michal Privoznik <>
formatdomain: Update <loader/> example to match the rest
At the beginning when I was inventing <loader/> attributes and
<nvram/> I've introduced this @readonly attribute to the loader
element. It accepted values 'on' and 'off'. However, later, during the
review process, that has changed to 'yes' and 'no', but the example
XML snippet wasn't updated, so while the description is correct, the
example isn't.
Reported-by: Laszlo Ersek <>
2014-09-12 Michal Privoznik <>
virDomainUndefineFlags: Allow NVRAM unlinking
When a domain is undefined, there are options to remove it's
managed save state or snapshots. However, there's another file
that libvirt creates per domain: the NVRAM variable store file.
Make sure that the file is not left behind if the domain is
2014-09-12 John Ferlan <>
libxl: Resolve Coverity CHECKED_RETURN
Add a check of the return for virDomainHostdevInsert() like every
other call.
qemu: Resolve Coverity FORWARD_NULL
If we end up at the cleanup lable before we've VIR_EXPAND_N the list,
then calling virQEMUCapsFreeStringList() with a NULL proplist could
theoretically deref proplist if nproplist was set. Coverity doesn't
seem to acknowledge the relationship between proplist and nproplist
assuming in virQEMUCapsFreeStringList that nproplist could be at
least 1 and thus have a null deref. It only seems to follow the
NULL proplist.
virfile: Resolve Coverity RESOURCE_LEAK
With the virGetGroupList() change in place - Coverity further complains
that if we fail to virFork(), the groups will be leaked - which aha seems
to be the case. Adjust the logic to save off the -errno, free the groups,
and then return the value we saved
2014-09-12 John Ferlan <>
virutil: Resolve Coverity RESOURCE_LEAK
This ends up being a very bizarre false positive. With an assist from
eblake, the claim is that mgetgroups() could return a -1 value, but yet
still have a groups buffer allocated, yet the example shown doesn't
seem to prove that.
Rather than fret about it, by adding a well placed sa_assert() on the
returned *list value we can "assure" ourselves that the mgetgroups()
failure path won't signal this condition.
2014-09-12 John Ferlan <>
daemon: Resolve Coverity RESOURCE_LEAK
With eblake's help - adjust the checks for stdinfd/stdoutfd to ensure the
values are within the range we expect; otherwise the dup2()'s and subsequent
VIR_CLOSE() calls cause Coverity to believe there's a resource leak.
2014-09-12 John Ferlan <>
virsh: Resolve Coverity NEGATIVE_RETURNS
Coverity notes that after we VIR_ALLOC_N(params, nparams) a failed call to
virDomainGetCPUStats could result in nparams being set to -1. In that case,
the subsequent virTypedParamsFree in cleanup will pass -1 which isn't good.
Use the returned value as the number of stats to display in the loop as
it will be the value reported from the hypervisor and may be less than
nparams which is OK
2014-09-12 Jiri Denemark <>
virsh: Move --completed from resume to domjobinfo
Because of similar contexts, git rebase I did just before pushing the
series which added --completed option patched the wrong command.
2014-09-12 Peter Krempa <>
conf: snapshot: Don't default-snapshot empty drives
If a (floppy) drive isn't selected for snapshot explicitly and is empty
don't try to snapshot it. For external snapshots this would fail as we
can't generate a name for the snapshot from an empty drive.
Reported-by: Pavel Hrdina <>
2014-09-12 Peter Krempa <>
util: Add function to check if a virStorageSource is "empty"
To express empty drive we historically use storage source with empty
path. Unfortunately NBD disks may be declared without a path.
Add a helper to wrap this logic.
2014-09-12 Michal Privoznik <>
libvirt.spec: Fix permission even for libvirt-driver-qemu
In my previous patch (37d8c75fad) I've tried to fix permissions
for nvram store path. The aim was to give the nvram directory
execute permission so that domain running under other users
than qemu:qemu can access their nvram file. However, my fix
was incomplete as the path belongs to libvirt-driver-qemu
package too and I've fixed it only for the libvirt-daemon
Reported-by: Laszlo Ersek <>
2014-09-12 Jim Fehlig <>
libxl: fix mapping of libvirt and libxl lifecycle actions
The libxl driver was blindly assigning libvirt's
virDomainLifecycleAction to libxl's libxl_action_on_shutdown, when
in fact the various actions take on different values in these enums.
Introduce helpers to properly map the enum values.
2014-09-12 Daniel P. Berrange <>
tests: Add more test suite mock helpers
Rename the VIR_MOCK_IMPL* macros to VIR_MOCK_WRAP*
and add new VIR_MOCK_IMPL macros which let you directly
implement overrides in the preloaded source.
util: Allow port allocator to skip bind() check
Test suites using the port allocator don't want to have different
behaviour depending on whether a port is in use on the host. Add
a VIR_PORT_ALLOCATOR_SKIP_BIND_CHECK which test suites can use
to skip the bind() test. The port allocator will thus only track
ports in use by the test suite process itself. This is fine when
using the port allocator to generate guest configs which won't
actually be launched
2014-09-11 Michal Privoznik <>
nvram: Fix permissions
I've noticed two problem with the automatically created NVRAM varstore
file. The first, even though I run qemu as root:root for some reason I
get Permission denied when trying to open the _VARS.fd file. The
problem is, the upper directory misses execute permissions, which in
combination with us dropping some capabilities result in EPERM.
The next thing is, that if I switch SELinux to enforcing mode, I get
another EPERM because the vars file is not labeled correctly. It is
passed to qemu as disk and hence should be labelled as disk. QEMU may
write to it eventually, so this is different to kernel or initrd.
2014-09-11 Pavel Hrdina <>
util/virprocess.c: fix MinGW build
The build failed because of missing "sys/syscall.h".
2014-09-11 John Ferlan <>
libxl: Resolve Coverity NULL_RETURNS
With all the changes in my previous foray into this code, I forgot to
remove the libxlDomainEventQueue(driver, event); call inside the
dom == NULL condition.
qemu: Resolve Coverity NEGATIVE_RETURNS
Coverity notes that if the virConnectListAllDomains returns a negative
value then the loop at the cleanup label that ends on numDomains will
have issues.
qemu: Resolve Coverity NEGATIVE_RETURNS
Coverity notes that if qemuMonitorGetMachines() returns a negative
nmachines value, then the code at the cleanup label will have issues.
xen: Resolve Coverity NEGATIVE_RETURNS
Coverity notes that if the call to virBitmapParse() returns a negative
value, then when we jump to the error label, the call to
virCapabilitiesClearHostNUMACellCPUTopology() will have issues
with the negative nb_cpus
nodeinfo: Resolve Coverity NEGATIVE_RETURNS
If the virNumaGetNodeCPUs() call fails with -1, then jumping to cleanup
with 'cpus == NULL' and calling virCapabilitiesClearHostNUMACellCPUTopology
will cause issues.
qemu: Resolve Coverity NEGATIVE_RETURNS
In qemuProcessInitPCIAddresses() if qemuMonitorGetAllPCIAddresses()
returns a negative (or zero) value, then no need to call the
network_conf: Resolve Coverity FORWARD_NULL
The code compares def->forwarders when deciding to return 0 at a
couple of points, then uses "def->nfwds" as a way to index into
the def->forwarders array. That reference results in Coverity
complaining that def->forwarders being NULL was checked as part
of an arithmetic OR operation where failure could be any one 5
conditions, but that is not checked when entering the loop to
dereference the array. Changing the comparisons to use nfwds
will clear the warnings
qemu: Resolve Coverity FORWARD_NULL
If the qemuMigrationEatCookie() fails to set mig, we jump to cleanup:
which will call qemuMigrationCancelDriveMirror() without first checking
if mig == NULL
virstring: Resolve Coverity FORWARD_NULL
Perhaps a false positive, but since Coverity doesn't understand the
relationship between the 'count' and the 'strings', rather than leave
the chance the on input 'strings' is NULL and causes a deref - just
check for it and return
network: Resolve Coverity FORWARD_NULL
If the VIR_STRDUP(exptime,...) fails, then we will jump to cleanup,
no need to check if exptime is set which causes Coverity to issue
a complaint in the virStrToLong_ll call because there wasn't a check
for a NULL value while there was one for the reference right after
qemu: Resolve Coverity FORWARD_NULL
If we jump to cleanup before allocating the 'result', then the call
to virBlkioDeviceArrayClear will deref result causing a problem.
lxc: Resolve Coverity FORWARD_NULL
If we jump to cleanup before allocating 'result', then the call to
virBlkioDeviceArrayClear() could dereference result
qemu: Resolve Coverity FORWARD_NULL
If the virJSONValueNewObject() fails, then rather than going to error
and getting a Coverity false positive since it doesn't seem to understand
the relationship between nkeywords, keywords, and values and seems to
believe calling qemuFreeKeywords will cause a NULL deref - just return NULL
2014-09-11 John Ferlan <>
virsh: Resolve Coverity DEADCODE
Coverity points out that if 'dom' isn't returned from virDomainQemuAttach,
then the code already jumps to cleanup, so there was no need for the
subsequent if (dom != NULL) check.
I moved the error message about failure into the goto cleanup on failure
and then removed the if (dom != NULL)
2014-09-11 John Ferlan <>
tests: Resolve Coverity DEADCODE
Coverity complains that the various checks for autoincrement and changed
variables are DEADCODE - seems to me to be a false positive - so mark it.
qemu: Resolve Coverity DEADCODE
Add another 'dead_code_begin' - victims of our own coding practices
2014-09-11 John Ferlan <>
virsh: Resolve Coverity DEADCODE
Coverity points out that by using EMPTYSTR(type) we are guarding against
the possibility that it could be NULL; however, based on how 'type' was
initialized to NULL, then using nested ternary if-then-else's (?:?:)
setting either "ipv4", "ipv6", or "" - there is no way it could be NULL.
Since "-" is supposed to mean something empty in a field - modify the
nested ternary to an easier to read/process if-then-else leaving the
initialization to NULL to mean "-" in the formatted output.
Also changed the name from 'type' to 'typestr'.
2014-09-11 John Ferlan <>
virfile: Resolve Coverity DEADCODE
Adjust the parentheses in/for the waitpid loops; otherwise, Coverity
points out:
(1) Event assignment: Assigning: "waitret" = "waitpid(pid, &status, 0) == -1"
(2) Event between: At condition "waitret == -1", the value of "waitret"
must be between 0 and 1.
(3) Event dead_error_condition: The condition "waitret == -1" cannot
be true.
(4) Event dead_error_begin: Execution cannot reach this statement:
"ret = -*__errno_location();".
2014-09-11 John Ferlan <>
virsh: Resolve Coverity DEADCODE
Since 0766783abbe8bbc9ea686c2c3149f4c0ac139e19
Coverity complains that the EDIT_FREE definition results in DEADCODE.
As it turns out with the change to use the EDIT_FREE macro the call to
vir*Free() wouldn't be necessary nor would it happen...
Prior code to above commitid would :
vir*Ptr foo = NULL;
foo = vir*GetXMLDesc()
foo = vir*DefineXML()
And thus the free was needed. With the change to use EDIT_FREE the
same code changed to:
vir*Ptr foo = NULL;
vir*Ptr foo_edited = NULL;
foo = vir*GetXMLDesc()
if (foo_edited)
foo_edited = vir*DefineXML()
However, foo_edited could never be set in the code path - even with
all the goto's since the only way for it to be set is if vir*DefineXML()
succeeds in which case the code to allow a retry (and thus all the goto's)
never leaves foo_edited set
All error paths lead to "cleanup:" which causes both foo and foo_edited
to call the respective vir*Free() routines if set.
2014-09-11 John Ferlan <>
storage: Resolve Coverity OVERFLOW_BEFORE_WIDEN
Coverity complains that when multiplying to 32 bit values that eventually
will be stored in a 64 bit value that it's possible the math could
overflow unless one of the values being multiplied is type cast to
the proper size.
2014-09-11 John Ferlan <>
qemu: Resolve Coverity REVERSE_INULL
Coverity complains that checking for !domlist after setting doms = domlist
and making a deref of doms just above
It seems the call in question was intended to me made in the case that
'doms' was passed in and not when the virDomainObjListExport() call
allocated domlist and already called virConnectGetAllDomainStatsCheckACL().
Thus rather than check for !domlist - check that "doms != domlist" in
order to avoid the Coverity message.
2014-09-11 John Ferlan <>
vbox: Resolve Coverity UNUSED_VALUE
Handle a few places where Coverity complains about the value being
unused. For two of them (Close cases) - the comments above the close
indicate there is no harm to ignore the error - so added an ignore_value.
For the other condition, added an rc check like other callers.
2014-09-11 John Ferlan <>
storage: Resolve Coverity UNUSED_VALUE
Since cd4d547576a4f0371d1d4d4e0ca6db124c5ba257
Coverity notes that setting 'ret = -3' prior to the unconditional
setting of 'ret = 0' will cause the value to be UNUSED.
Since the comment indicates that it is expect to allow the code
to continue, just remove the ret = -3 setting.
2014-09-11 John Ferlan <>
qemu_driver: Resolve Coverity COPY_PASTE_ERROR
In qemuDomainSetBlkioParameters(), Coverity points out that the calls
to qemuDomainParseBlkioDeviceStr() are slightly different and points
out there may be a cut-n-paste error.
In the first call (AFFECT_LIVE), the second parameter is "param->field";
however, for the second call (AFFECT_CONFIG), the second parameter is
"params->field". It seems the "param->field" is correct especially since
each path as a setting of "param" to "&params[i]". Furthermore, there
were a few more instances of using "params[i]" instead of "param->"
which I cleaned up.
2014-09-11 Michal Privoznik <>
selinux: Properly check TAP FD label
After a4431931 the TAP FDs ale labeled with image label instead
of the process label. On the other hand, the commit was
incomplete as a few lines above, there's still old check for the
process label presence while it should be check for the image
label instead.
2014-09-11 Ján Tomko <>
qemu: remove leftover virResetLastError
As of commit 5d29ca0:
qemu: switch PCI address set from hash table to an array
There is no error to be reset.
2014-09-10 Peter Krempa <>
virsh: desc command in --title mode mentions description instead of title
Tweak the messages so that they mention "title" rather than
"description" when operating in title mode. Also fixes one missing "%s"
before non-formatted gettext message.
$ virsh desc --title dom
No description for domain: dom
$ virsh desc --title dom
No title for domain: dom
2014-09-10 Peter Krempa <>
util: storage: Convert disk locality check to switch statement
To allow the compiler to track future additions of disk types, convert
the function to use a switch statement with the correct type.
2014-09-10 Michal Privoznik <>
virprocess: Introduce our own setns() wrapper
From time to time weird bugreports occur on the list, e.g [1].
Even though the kernel supports setns syscall, there's an older
glibc in the system that misses a wrapper over the syscall.
Hence, after the configure phase we think there's no setns
support in the system, which is obviously wrong. On the other
hand, we can't rely on linux distributions to provide newer glibc
soon. Therefore we need to introduce the wrapper on or own.
2014-09-10 Peter Krempa <>
qemu: dump: Resume CPUs only when the VM is still alive
Check if the VM is alive after we possibly called into monitor to reset
the guest.
qemu: dump: Fix formatting of function headers and code inline
Also drop a comment with obvious content.
virsh: domain: Clean up handling of "dom" in "save" command
util: process: Don't report OOM errors in helper
virProcessTranslateStatus is used on error paths that should not spoil
the returned error. As the errors are ignored, use the quiet versions of
virAsprintf to create the message.
2014-09-10 Michal Privoznik <>
qemu: Automatically create NVRAM store
When using split UEFI image, it may come handy if libvirt manages per
domain _VARS file automatically. While the _CODE file is RO and can be
shared among multiple domains, you certainly don't want to do that on
the _VARS file. This latter one needs to be per domain. So at the
domain startup process, if it's determined that domain needs _VARS
file it's copied from this master _VARS file. The location of the
master file is configurable in qemu.conf.
Temporary, on per domain basis the location of master NVRAM file can
be overridden by this @template attribute I'm inventing to the
<nvram/> element. All it does is holding path to the master NVRAM file
from which local copy is created. If that's the case, the map in
qemu.conf is not consulted.
Acked-by: Laszlo Ersek <>
2014-09-10 Michal Privoznik <>
qemu: Implement extended loader and nvram
QEMU now supports UEFI with the following command line:
-drive file=/usr/share/OVMF/OVMF_CODE.fd,if=pflash,format=raw,unit=0,readonly=on \
-drive file=/usr/share/OVMF/OVMF_VARS.fd,if=pflash,format=raw,unit=1 \
where the first line reflects <loader> and the second one <nvram>.
Moreover, these two lines obsolete the -bios argument.
Note that UEFI is unusable without ACPI. This is handled properly now.
Among with this extension, the variable file is expected to be
writable and hence we need security drivers to label it.
Acked-by: Laszlo Ersek <>
2014-09-10 Michal Privoznik <>
conf: Extend <loader/> and introduce <nvram/>
Up to now, users can configure BIOS via the <loader/> element. With
the upcoming implementation of UEFI this is not enough as BIOS and
UEFI are conceptually different. For instance, while BIOS is ROM, UEFI
is programmable flash (although all writes to code section are
denied). Therefore we need new attribute @type which will
differentiate the two. Then, new attribute @readonly is introduced to
reflect the fact that some images are RO.
Moreover, the OVMF (which is going to be used mostly), works in two
1) Code and UEFI variable store is mixed in one file.
2) Code and UEFI variable store is separated in two files
The latter has advantage of updating the UEFI code without losing the
configuration. However, in order to represent the latter case we need
yet another XML element: <nvram/>. Currently, it has no additional
attributes, it's just a bare element containing path to the variable
store file.
Acked-by: Laszlo Ersek <>
2014-09-10 Jiri Denemark <>
qemu: Transfer recomputed stats back to source
After the previous commit, migration statistics on the source and
destination hosts are not equal because the destination updated time
statistics. Let's send the result back so that the same data can be
queried on both sides of the migration.
qemu: Recompute downtime and total time when migration completes
Total time of a migration and total downtime transfered from a source to
a destination host do not count with the transfer time to the
destination host and with the time elapsed before guest CPUs are
resumed. Thus, source libvirtd remembers when migration started and when
guest CPUs were paused. Both timestamps are transferred to destination
libvirtd which uses them to compute total migration time and total
downtime. Obviously, this requires the time to be synchronized between
the two hosts. The reported times are useless otherwise but they would
be equally useless if we didn't do this recomputation so don't lose
anything by doing it.
qemu: Transfer migration statistics to destination
When migrating a transient domain or with VIR_MIGRATE_UNDEFINE_SOURCE
flag, the domain may disappear from source host. And so will migration
statistics associated with the domain. We need to transfer the
statistics at the end of a migration so that they can be queried at the
destination host.
virsh: Add support for completed job stats
New --completed flag for virsh domjobinfo command.
qemu: Silence coverity on optional migration stats
Add support for fetching statistics of completed jobs
virDomainGetJobStats gains new VIR_DOMAIN_JOB_STATS_COMPLETED flag that
can be used to fetch statistics of a completed job rather than a
currently running job.
qemu: Avoid incrementing jobs_queued if virTimeMillisNow fails
Refactor job statistics
Job statistics data were tracked in several structures and variables.
Let's make a new qemuDomainJobInfo structure which can be used as a
single source of statistics data as a preparation for storing data about
completed a job.
2014-09-10 Ján Tomko <>
docs: fix encryption format attribute in example
The correct attribute name is 'format', not 'type'.
2014-09-09 Eric Blake <>
virsh: additional scaled output units
The parser accepts P and E, so the formatter should too.
* tools/virsh.c (vshPrettyCapacity): Handle larger units.
2014-09-09 Martin Kletzander <>
util: let virSetSockReuseAddr report unified error message
2014-09-09 Eric Blake <>
blockcopy: add a way to parse disk source
The new blockcopy API wants to reuse only a subset of the disk
hotplug parser - namely, we only care about the embedded
virStorageSourcePtr inside a <disk> XML. Strange as it may
seem, it was easier to just parse an entire disk definition,
then throw away everything but the embedded source, than it
was to disentangle the source parsing code from the rest of
the overall disk parsing function. All that I needed was a
couple of tweaks and a new internal flag that determines
whether the normally-mandatory target element can be
gracefully skipped, since everything else was already optional.
* src/conf/domain_conf.h (virDomainDiskSourceParse): New
* src/conf/domain_conf.c (VIR_DOMAIN_XML_INTERNAL_DISK_SOURCE):
New flag.
(virDomainDiskDefParseXML): Honor flag to make target optional.
(virDomainDiskSourceParse): New function.
2014-09-08 Eric Blake <>
blockjob: avoid 32-bit compilation warning
Commit c1d75de caused this warning on 32-bit platforms (fatal when
-Werror is enabled):
virsh-domain.c: In function 'cmdBlockCopy':
virsh-domain.c:2003:17: error: comparison is always false due to limited range of data type [-Werror=type-limits]
Forcing the left side of the < to be ull instead of ul shuts up
the 32-bit compiler while still protecting 64-bit code from overflow.
* tools/virsh-domain.c (cmdBlockCopy): Add type coercion.
2014-09-08 Erik Skultety <>
qemu: panic device: check for invalid address type
qemu now checks for invalid address type for a panic device, which is
currently implemented only to use ISA address type, thus rejecting
any other options, except for leaving XML attributes blank, in that case,
defaults are used (this behaviour remains the same from earlier verions).
2014-09-08 Jiri Denemark <>
qemu: Propagate QEMU errors during incoming migrations
When QEMU fails during incoming migration after we successfully started
it (i.e., during Perform or Finish phase), we report a rather unhelpful
Unable to read from monitor: Connection reset by peer
We already have a code that takes error messages from QEMU's error
output but we disable it once QEMU successfully starts. This patch
postpones this until the end of Finish phase during incoming migration
so that we can report a much better error message:
internal error: early end of file from monitor: possible problem:
Unknown savevm section or instance '0000:00:05.0/virtio-balloon' 0
load of migration failed
2014-09-08 Peter Krempa <>
qemu: snapshot: Simplify error paths
Return failure right away when the domain object can't be looked up
instead of jumping to cleanup. This allows to remove the condition
before unlocking the domain object.
qemu: snapshot: Fix snapshot function header formatting and spacing
2014-09-08 Jincheng Miao <>
qemu: snapshot: Acquire job earlier on snapshot revert/delete
The code would lookup the snapshot object before acquiring the job. This
could lead to a crash as one thread could delete the snapshot object,
while a second thread already had the reference.
2014-09-08 Peter Krempa <>
qemu: snapshot: Fix job handling when creating snapshots
Creating snapshots modifies the domain state. Currently we wouldn't
enter the job for certain operations although they would modify the
state. Refactor job handling so that everything is covered by an async
Be consistent with naming of private defines. Also line up code
correctly in few places where the macro is used.
2014-09-07 Shivaprasad G Bhat <>
selinux: Avoid label reservations for type = none
For security type='none' libvirt according to the docs should not
generate seclabel be it for selinux or any model. So, skip the
reservation of labels when type is none.
2014-09-07 Eric Blake <>
blockcopy: remote implementation for new API
Fairly straightforward - I got lucky that the generated functions
worked out of the box :)
* src/remote/remote_protocol.x (remote_domain_block_copy_args):
New struct.
* src/remote/remote_driver.c (remote_driver): Wire it up.
* src/remote_protocol-structs: Regenerate.
2014-09-07 Eric Blake <>
blockcopy: expose new API in virsh
Expose the new power of virDomainBlockCopy through virsh (well,
all but the finer-grained bandwidth, as that is its own can of
worms for a later patch). Continue to use the older API where
possible, for maximum compatibility.
The command now requires either --dest (with optional --format
and --blockdev), to directly describe the file destination, or
--xml, to name a file that contains an XML description such as:
<disk type='network'>
<driver type='raw'/>
<source protocol='gluster' name='vol1/img'>
<host name='red'/>
[well, it may be a while before the qemu driver is actually patched
to act on that particular xml beyond just parsing it, but the virsh
interface won't need changing at that time]
Non-zero option parameters are converted into virTypedParameters,
and if anything requires the new API, the command can synthesize
appropriate XML even if the --dest option was used instead of --xml.
The existing --raw flag remains for back-compat, but the preferred
spelling is now --format=raw, since the new API now allows us
to specify all formats rather than just a boolean raw to suppress
I hope I did justice in describing the effects of granularity and
buf-size on how they get passed through to qemu.
* tools/virsh-domain.c (cmdBlockCopy): Add new options --xml,
--granularity, --buf-size, --format. Make --raw an alias for
--format=raw. Call new API if new parameters are in use.
* tools/virsh.pod (blockcopy): Document new options.
2014-09-07 Eric Blake <>
maint: update to latest gnulib
The usual portability fixes; and this includes a fix that adds
a new syntax check for double semicolons (commit 28de556 fixed
some, but gnulib found a better check).
* .gnulib: Update to latest.
* src/xenconfig/xen_common.c (xenFormatConfigCommon): Fix offender.
2014-09-06 Eric Blake <>
blockcopy: split out virsh implementation
I'm about to extend the capabilities of blockcopy. Hiding a few
common lines of implementation gets in the way of the new required
logic, and putting the new logic in the common implementation won't
benefit any of the other blockjob operations. Therefore, it is
simpler to just do the work inline. There should be no semantic
change in this patch.
* tools/virsh-domain.c (blockJobImpl): Move block copy guts...
(cmdBlockCopy): ...into their lone caller.
2014-09-06 Pradipta Kr. Banerjee <>
storage_conf: Fix libvirtd crash when defining scsi storage pool
Since 9f781da69de02745acb719e78982df9aeccfcd7b
Resolve a libvirtd crash in virStoragePoolSourceFindDuplicate()
when there is an existing SCSI pool defined with adapter type as
'scsi_host' and defining a new SCSI pool with adapter type as
'fc_host' and parent attribute missing or vice versa.
For example, if there is an existing SCSI pool with adapter type
as 'scsi_host' defined using the following XML
<pool type='scsi'>
<adapter type='scsi_host' name='scsi_host1'/>
When defining another SCSI pool with adapter type as 'fc_host' using the
following XML will crash libvirtd
<pool type='scsi'>
<adapter type='fc_host' wwnn='1234567890abcdef' wwpn='abcdef1234567890'/>
Same is true for the reverse case as well where there exists a SCSI pool
with adapter type as 'fc_host' and another SCSI pool is defined with
adapter type as 'scsi_host'.
This happens because for fc_host 'name' is optional attribute whereas for
scsi_host its mandatory. However the check in libvirt for finding duplicate
storage pools didn't take that into account while comparing
2014-09-06 Eric Blake <>
blockcopy: allow block device destination
To date, anyone performing a block copy and pivot ends up with
the destination being treated as <disk type='file'>. While this
works for data access for a block device, it has at least one
noticeable shortcoming: virDomainGetBlockInfo() reports allocation
differently for block devices visited as files (the size of the
device) than for block devices visited as <disk type='block'>
(the maximum sector used, as reported by qemu); and this difference
is significant when trying to manage qcow2 format on block devices
that can be grown as needed.
Of course, the more powerful virDomainBlockCopy() API can already
express the ability to set the <disk> type. But a new API can't
be backported, while a new flag to an existing API can; and it is
also rather inconvenient to have to resort to the full power of
generating XML when just adding a flag to the older call will do
the trick. So this patch enhances blockcopy to let the user flag
when the resulting XML after the copy must list the device as
* include/libvirt/ (VIR_DOMAIN_BLOCK_REBASE_COPY_DEV):
New flag.
* src/libvirt.c (virDomainBlockRebase): Document it.
* tools/virsh-domain.c (opts_block_copy, blockJobImpl): Add
--blockdev option.
* tools/virsh.pod (blockcopy): Document it.
* src/qemu/qemu_driver.c (qemuDomainBlockRebase): Allow new flag.
(qemuDomainBlockCopy): Remember the flag, and make sure it is only
used on actual block devices.
* tests/qemuxml2argvdata/qemuxml2argv-disk-mirror.xml: Test it.
2014-09-06 Eric Blake <>
blockjob: add new --bytes flag to virsh blockjob
Expose the new flag just added to virDomainGetBlockJobInfo.
With --raw, the presence or absence of --bytes determines which
flag to use in the single API call. Without --raw, the use of
--bytes forces an error if the server doesn't support it,
otherwise, the code tries to silently fall back to scaling the
MiB/s value.
My goal is to eventually also support --bytes in bandwidth mode;
but that's a bit further down the road (and needs a new API flag
added in libvirt.h first).
This changes the human output, but the previous patch added
raw output precisely so that we can have flexibility with the
human output. For this commit, I used qemu-monitor-command to
force an unusual bandwidth, but the same will be possible once
qemu implements virDomainBlockCopy:
Block Copy: [100 %] Bandwidth limit: 2 MiB/s
Block Copy: [100 %] Bandwidth limit: 1048577 bytes/s (1.000 MiB/s)
The cache avoids having to repeatedly checking whether the flag
works when talking to an older server, when multiple blockjob
commands are issued during a batch session and the user is
manually polling for job completion.
* tools/virsh.h (_vshControl): Add a cache.
* tools/virsh.c (cmdConnect, vshReconnect): Initialize the cache.
* tools/virsh-domain.c (opts_block_job): Add --bytes.
* tools/virsh.pod (blockjob): Document this.
2014-09-06 Eric Blake <>
blockjob: add new --raw flag to virsh blockjob
The current output of 'blockjob [--info]' is a single line
designed for human consumption; it's not very nice for machine
parsing. Furthermore, I have plans to modify the line in
response to the new flag for controlling bandwidth units.
Solve that by adding a --raw parameter, which outputs
information closer to the C struct.
$ virsh blockjob testvm1 vda --raw
type=Block Copy
The information is indented, because I'd like for a later patch
to add a mode that iterates over all the vm's disks with status
for each; in that mode, each block name would be listed unindented
before information (if any) about that block.
Now that we have a raw mode, we can guarantee that it won't change
format over time. Any app that cares about parsing the output can
try --raw, and if it fails, know that it was talking to an older
virsh and fall back to parsing the human-readable format which had
not changed until now; meanwhile, when not using --raw, we have
freed future virsh to change the output to whatever makes sense.
My first change to human mode: this command now guarantees a line
is printed on successful use of the API, even when the API did
not find a current block job (consistent with the rest of virsh).
complained that this message was confusing:
$ virsh blockjob test1 hda --async --bandwidth 10
error: conflict between --abort, --info, and --bandwidth modes
even though the man page already documents that --async implies
abort mode, all because '--abort' wasn't present in the command
line. Since I'm adding another case where options are tied
to or imply a mode, I changed that error to:
error: conflict between abort, info, and bandwidth modes
* tools/virsh-domain.c (cmdBlockJob): Add --raw parameter; tweak
error wording.
* tools/virsh.pod (blockjob): Document it.
2014-09-06 Eric Blake <>
blockjob: split up virsh blockjob info
I have plans to make future enhancements to the job list mode,
which will be easier to do if the common blockJobImpl function
is not mixing a query command with multiple modify commands.
Besides, it just feels weird that all callers to blockJobImpl
had to supply both a bandwidth input argument (unused for info
mode) and an info output argument (unused for all other modes);
not to mention I just made similar cleanups on the libvirtd
The only reason blockJobImpl returned int was because of info
mode returning -1/0/1 (all other job API are -1/0), so that
can also be cleaned up. No user-visible changes in this commit.
* tools/virsh-domain.c (blockJobImpl): Change signature and return
value. Drop info handling.
(cmdBlockJob): Handle info here.
(cmdBlockCommit, cmdBlockCopy, cmdBlockPull): Adjust callers.
2014-09-06 Eric Blake <>
blockjob: allow finer bandwidth tuning for query
While reviewing the new virDomainBlockCopy API, Peter Krempa
pointed out that our existing design of using MiB/s for block
job bandwidth is rather coarse, especially since qemu tracks
it in bytes/s; so virDomainBlockCopy only accepts bytes/s.
But once the new API is implemented for qemu, we will be in
the situation where it is possible to set a value that cannot
be accurately reflected back to the user, because the existing
virDomainGetBlockJobInfo defaults to the coarser units.
Fortunately, we have an escape hatch; and one that has already
served us well in the past: we can use the flags argument to
specify which scale to use (see virDomainBlockResize for prior
art). This patch fixes the query side of the API; made easier
by previous patches that split the query side out from the
modification code. Later patches will address the virsh
interface, as well retrofitting all other blockjob APIs to
also accept a flag for toggling bandwidth units.
* include/libvirt/ (_virDomainBlockJobInfo)
(VIR_DOMAIN_BLOCK_COPY_BANDWIDTH): Document sizing issues.
(virDomainBlockJobInfoFlags): New enum.
* src/libvirt.c (virDomainGetBlockJobInfo): Document new flag.
* src/qemu/qemu_monitor.h (qemuMonitorBlockJobInfo): Add parameter.
* src/qemu/qemu_monitor.c (qemuMonitorBlockJobInfo): Likewise.
* src/qemu/qemu_monitor_json.h (qemuMonitorJSONBlockJobInfo):
* src/qemu/qemu_monitor_json.c (qemuMonitorJSONBlockJobInfo)
(qemuMonitorJSONGetBlockJobInfoOne): Likewise. Don't scale here.
* src/qemu/qemu_migration.c (qemuMigrationDriveMirror): Update
* src/qemu/qemu_driver.c (qemuDomainBlockPivot)
(qemuDomainBlockJobImpl): Likewise.
(qemuDomainGetBlockJobInfo): Likewise, and support new flag.
2014-09-06 Eric Blake <>
blockjob: add new monitor json conversions
The previous patch hoisted some bounds checks to the callers;
but someone that is not aware of the hoisted check could now
try passing an integer between LLONG_MAX and ULLONG_MAX. As a
safety measure, add new json conversion modes that let libvirt
error out early instead of pass bad numbers to qemu, if the
caller ever makes a mistake due to later refactoring.
Convert the various blockjob QMP calls to use the new modes,
and switch some of them to be optional (QMP has always supported
an omitted "speed" the same as "speed":0, for everything except
* src/qemu/qemu_monitor_json.c (qemuMonitorJSONMakeCommandRaw):
Add 'j'/'y' and 'J'/'Y' to error out on negative input.
(qemuMonitorJSONDriveMirror, qemuMonitorJSONBlockCommit)
(qemuMonitorJSONBlockJob): Use it.
2014-09-06 Eric Blake <>
blockjob: hoist bandwidth scaling out of monitor code
qemu treats blockjob bandwidth as a 64-bit number, in the units
of bytes/second. But we stupidly modeled block job bandwidth
after migration bandwidth, which in turn was an 'unsigned long'
and therefore subject to 32-bit vs. 64-bit interpretations, and
with a scale of MiB/s. Our code already has to convert between
the two scales, and report overflow as appropriate; although
this conversion currently lives in the monitor code. In fact,
our conversion code limited things to 63 bits, because we
checked against LLONG_MAX and reject what would be negative
bandwidth if treated as signed.
On the bright side, our use of MiB/s means that even with a
32-bit unsigned long, we still have no problem representing a
bandwidth of 2GiB/s, which is starting to be more feasible as
10-gigabit or even faster interfaces are used. And once you
get past the physical speeds of existing interfaces, any larger
bandwidth number behaves the same - effectively unlimited.
But on the low side, the granularity of 1MiB/s tuning is rather
coarse. So the new virDomainBlockJob API decided to go with
a direct 64-bit bytes/sec number instead of the scaled number
that prior blockjob APIs had used. But there is no point in
rounding this number to MiB/s just to scale it back to bytes/s
for handing to qemu.
In order to make future code sharing possible between the old
virDomainBlockRebase and the new virDomainBlockCopy, this patch
moves the scaling and overflow detection into the driver code.
Several of the block job calls that can set speed are fed
through a common interface, so it was easier to adjust all block
jobs at once, for consistency. This patch is just code motion;
there should be no user-visible change in behavior.
* src/qemu/qemu_monitor.h (qemuMonitorBlockJob)
(qemuMonitorBlockCommit, qemuMonitorDriveMirror): Change
parameter type and scale.
* src/qemu/qemu_monitor.c (qemuMonitorBlockJob)
(qemuMonitorBlockCommit, qemuMonitorDriveMirror): Move scaling
and overflow detection...
* src/qemu/qemu_driver.c (qemuDomainBlockJobImpl)
(qemuDomainBlockRebase, qemuDomainBlockCommit):
(qemuDomainBlockCopy): Use bytes/sec.
2014-09-06 Eric Blake <>
blockjob: split out block info monitor handling
Another layer of overly-multiplexed code that deserves to be
split into obviously separate paths for query vs. modify.
This continues the cleanup started in commit cefe0ba.
In the process, make some tweaks to simplify the logic when
parsing the JSON reply. There should be no user-visible
semantic changes.
* src/qemu/qemu_monitor.h (qemuMonitorBlockJob): Drop parameter.
(qemuMonitorBlockJobInfo): New prototype.
(BLOCK_JOB_INFO): Drop enum.
* src/qemu/qemu_monitor_json.h (qemuMonitorJSONBlockJob)
(qemuMonitorJSONBlockJobInfo): Likewise.
* src/qemu/qemu_monitor.c (qemuMonitorBlockJob): Split...
(qemuMonitorBlockJobInfo): ...into second function.
* src/qemu/qemu_monitor_json.c (qemuMonitorJSONBlockJob): Move
block info portions...
(qemuMonitorJSONGetBlockJobInfo):, and rename...
(qemuMonitorJSONBlockJobInfo): ...and export.
(qemuMonitorJSONGetBlockJobInfoOne): Alter return semantics.
* src/qemu/qemu_driver.c (qemuDomainBlockPivot)
(qemuDomainBlockJobImpl, qemuDomainGetBlockJobInfo): Adjust
* src/qemu/qemu_migration.c (qemuMigrationDriveMirror)
(qemuMigrationCancelDriveMirror): Likewise.
2014-09-05 Ján Tomko <>
Don't include non-migratable features in host-model
Commit fba6bc4 introduced support for the 'invtsc' feature,
which blocks migration. We should not include it in the
host-model CPU by default, because it's intended to be used
with migration.
2014-09-05 Michal Privoznik <>
tests: Add test cases for previous commit
This commit is rather big. Firstly, the in memory config
representation is adjusted like if security_driver was set to "none".
The rest is then just adaptation to the new code that will generate
different seclabels.
2014-09-05 Michal Privoznik <>
conf: Fix even implicit labels
There are two ways in which security model can make it way into
<seclabel/>. One is as the @model attribute, the second one is
via security_driver knob in qemu.conf. Then, while parsing
<seclabel/> several checks and fix ups of old, stale combinations
are performed. However, iff @model is specified. They are not
done in the latter case. So it's still possible to feed libvirt
with senseless combinations (if qemu.conf is adjusted correctly).
One example of a seclabel that needs some adjustment (in case
security_driver=none in qemu.conf) is:
<seclabel type='dynamic' relabel='yes'/>
The fixup code is copied from virSecurityLabelDefParseXML
(covering the former case) into virSecurityLabelDefsParseXML
(which handles the latter case).
2014-09-05 Eric Blake <>
blockjob: split out block info driver handling
The qemu implementation for virDomainGetBlockJobInfo() has a
minor bug: it grabs the qemu job with intent to QEMU_JOB_MODIFY,
which means it cannot be run in parallel with any other
domain-modifying command. Among others, virDomainBlockJobAbort()
is such a modifying command, and it defaults to being
synchronous, and can wait as long as several seconds to ensure
that the job has actually finished. Due to the job rules, this
means a user cannot obtain status about the job during that
timeframe, even though we know that some client management code
exists which is using a polling loop on status to see when a job
This bug has been present ever since blockpull support was first
introduced (commit b976165, v0.9.4 in Jul 2011), all because we
stupidly tried to cram too much multiplexing through a single
helper routine, but was made worse in 97c59b9 (v1.2.7) when
BlockJobAbort was fixed to wait longer. It's time to disentangle
some of the mess in qemuDomainBlockJobImpl, and in the process
relax block job query to use QEMU_JOB_QUERY, since it can safely
be used in parallel with any long running modify command.
Technically, there is one case where getting block job info can
modify domain XML - we do snooping to see if a 2-phase job has
transitioned into the second phase, for an optimization in the
case of old qemu that lacked an event for the transition. I
claim this optimization is safe (the jobs are all about modifying
qemu state, not necessarily xml state); but if it proves to be
a problem, we could use the difference between the capabilities
QEMU_CAPS_BLOCKJOB_{ASYNC,SYNC} to determine whether we even
need snooping, and only request a modifying job in the case of
older qemu.
* src/qemu/qemu_driver.c (qemuDomainBlockJobImpl): Move info
(qemuDomainGetBlockJobInfo):, and relax job type.
(qemuDomainBlockJobAbort, qemuDomainBlockJobSetSpeed)
(qemuDomainBlockRebase, qemuDomainBlockPull): Adjust callers.
2014-09-05 Eric Blake <>
blockjob: shuffle block rebase code
The existing virDomainBlockRebase code rejected the combination of
_RELATIVE and _COPY flags, but only by accident. It makes sense
to add support for the combination someday, at least for the case
of _SHALLOW and not _REUSE_EXT; but to implement it, libvirt would
have to pre-create the file with a relative backing name, and I'm
not ready to code that in yet.
Meanwhile, the code to forward on to the block copy code is getting
longer, and reorganizing the function to have the block pull done
early makes it easier to add even more block copy prep code.
This patch should have no semantic difference other than the quality
of the error message on the unsupported flag combination. Pre-patch:
error: unsupported flags (0x10) in function qemuDomainBlockCopy
error: argument unsupported: Relative backing during copy not supported yet
* src/qemu/qemu_driver.c (qemuDomainBlockRebase): Reorder code,
and improve error message of relative copy.
2014-09-05 Eric Blake <>
maint: tighten curly brace syntax checking
Now that hanging brace offenders have been fixed, we can automate
the check, and document our style. Done as a separate commit from
code changes, to make it easier to just backport code changes, if
that is ever needed.
* (sc_curly_braces_style): Catch hanging braces.
* docs/ Document it.
* HACKING: Regenerate.
2014-09-05 Eric Blake <>
maint: use hanging curly braces
Our style overwhelmingly uses hanging braces (the open brace
hangs at the end of the compound condition, rather than on
its own line), with the primary exception of the top level function
body. Fix the few remaining outliers, before adding a syntax
check in a later patch.
* src/interface/interface_backend_netcf.c (netcfStateReload)
(netcfInterfaceClose, netcf_to_vir_err): Correct use of { in
compound statement.
* src/conf/domain_conf.c (virDomainHostdevDefFormatSubsys)
(virDomainHostdevDefFormatCaps): Likewise.
* src/network/bridge_driver.c (networkAllocateActualDevice):
* src/util/virfile.c (virBuildPathInternal): Likewise.
* src/util/virnetdev.c (virNetDevGetVirtualFunctions): Likewise.
* src/util/virnetdevmacvlan.c
(virNetDevMacVLanVPortProfileCallback): Likewise.
* src/util/virtypedparam.c (virTypedParameterAssign): Likewise.
* src/util/virutil.c (virGetWin32DirectoryRoot)
(virFileWaitForDevices): Likewise.
* src/vbox/vbox_common.c (vboxDumpNetwork): Likewise.
* tests/seclabeltest.c (main): Likewise.
2014-09-05 Eric Blake <>
maint: enforce previous if-else {} cleanups
Done as a separate commit in case earlier cleanups are backported
* (sc_require_space_before_label): New rule.
2014-09-05 Eric Blake <>
maint: use consistent if-else braces in remaining spots
I'm about to add a syntax check that enforces our documented
HACKING style of always using matching {} on if-else statements.
This patch focuses on all remaining problems, where there weren't
enough issues to warrant splitting it further.
* src/remote/remote_driver.c (doRemoteOpen): Correct use of {}.
* src/security/virt-aa-helper.c (vah_add_path, valid_path, main):
* src/rpc/virnetsocket.c (virNetSocketNewConnectLibSSH2):
* src/esx/esx_vi_types.c (esxVI_Type_FromString): Likewise.
* src/uml/uml_driver.c (umlDomainDetachDevice): Likewise.
* src/util/viralloc.c (virShrinkN): Likewise.
* src/util/virbuffer.c (virBufferURIEncodeString): Likewise.
* src/util/virdbus.c (virDBusCall): Likewise.
* src/util/virnetdev.c (virNetDevValidateConfig): Likewise.
* src/util/virnetdevvportprofile.c
(virNetDevVPortProfileGetNthParent): Likewise.
* src/util/virpci.c (virPCIDeviceIterDevices)
(virPCIDeviceIsBehindSwitchLackingACS): Likewise.
* src/util/virsocketaddr.c (virSocketAddrGetNumNetmaskBits):
* src/util/viruri.c (virURIParseParams): Likewise.
* daemon/stream.c (daemonStreamHandleAbort): Likewise.
* tests/testutils.c (virtTestResult): Likewise.
* tests/cputest.c (cpuTestBaseline): Likewise.
* tools/virsh-domain.c (cmdDomPMSuspend): Likewise.
* tools/virsh-host.c (cmdNodeSuspend): Likewise.
* src/esx/ (Type.generate_typefromstring):
Tweak generated code.
2014-09-04 Eric Blake <>
maint: use consistent if-else braces in lxc, vbox, phyp
I'm about to add a syntax check that enforces our documented
HACKING style of always using matching {} on if-else statements.
This patch focuses on drivers that had several issues.
* src/lxc/lxc_fuse.c (lxcProcGetattr, lxcProcReadMeminfo): Correct
use of {}.
* src/lxc/lxc_driver.c (lxcDomainMergeBlkioDevice): Likewise.
* src/phyp/phyp_driver.c (phypConnectNumOfDomainsGeneric)
(phypUUIDTable_Init, openSSHSession, phypStoragePoolListVolumes)
(phypConnectListStoragePools, phypDomainSetVcpusFlags)
(phypStorageVolGetXMLDesc, phypStoragePoolGetXMLDesc)
(phypConnectListDefinedDomains): Likewise.
* src/vbox/vbox_common.c (vboxAttachSound, vboxDumpDisplay)
(vboxDomainRevertToSnapshot, vboxDomainSnapshotDelete): Likewise.
* src/vbox/vbox_tmpl.c (vboxStorageVolGetXMLDesc): Likewise.
2014-09-04 Eric Blake <>
maint: use consistent if-else braces in xen and friends
I'm about to add a syntax check that enforces our documented
HACKING style of always using matching {} on if-else statements.
This patch focuses on code related to xen.
* src/libxl/libxl_conf.c (libxlCapsInitGuests)
(libxlMakeDomBuildInfo): Correct use of {}.
* src/xen/xen_hypervisor.c (virXen_getvcpusinfo)
(xenHypervisorMakeCapabilitiesInternal): Likewise.
* src/xen/xend_internal.c (xenDaemonOpen)
(xenDaemonDomainMigratePerform, xend_detect_config_version)
(xenDaemonDetachDeviceFlags, xenDaemonDomainMigratePerform)
(xenDaemonDomainBlockPeek): Likewise.
* src/xenapi/xenapi_driver.c (xenapiConnectListDomains)
(xenapiDomainLookupByUUID, xenapiDomainGetOSType): Likewise.
* src/xenconfig/xen_common.c (xenParseCPUFeatures, xenFormatNet):
* src/xenconfig/xen_sxpr.c (xenParseSxpr, xenFormatSxprNet)
(xenFormatSxpr): Likewise.
2014-09-04 Eric Blake <>
maint: use consistent if-else braces in qemu
I'm about to add a syntax check that enforces our documented
HACKING style of always using matching {} on if-else statements.
This commit focuses on the qemu driver.
* src/qemu/qemu_command.c (qemuParseISCSIString)
(qemuParseCommandLineDisk, qemuParseCommandLine)
(qemuBuildSmpArgStr, qemuBuildCommandLine)
(qemuParseCommandLineDisk, qemuParseCommandLineSmp): Correct use
of {}.
* src/qemu/qemu_capabilities.c (virQEMUCapsProbeCPUModels):
* src/qemu/qemu_driver.c (qemuDomainCoreDumpWithFormat)
(qemuDomainRestoreFlags, qemuDomainGetInfo)
(qemuDomainMergeBlkioDevice): Likewise.
* src/qemu/qemu_hotplug.c (qemuDomainAttachNetDevice): Likewise.
* src/qemu/qemu_monitor_text.c (qemuMonitorTextCreateSnapshot)
(qemuMonitorTextLoadSnapshot, qemuMonitorTextDeleteSnapshot):
* src/qemu/qemu_process.c (qemuProcessStop): Likewise.
2014-09-04 Eric Blake <>
maint: use consistent if-else braces in conf and friends
I'm about to add a syntax check that enforces our documented
HACKING style of always using matching {} on if-else statements.
This patch focuses on code shared between multiple drivers.
* src/conf/domain_conf.c (virDomainFSDefParseXML)
(virSysinfoParseXML, virDomainNetDefParseXML)
(virDomainRedirFilterUSBDevDefParseXML): Correct use of {}.
* src/conf/interface_conf.c (virInterfaceDefParseDhcp)
(virInterfaceDefParseIp, virInterfaceVlanDefFormat)
(virInterfaceDefParseStartMode, virInterfaceDefParseBondMode)
(virInterfaceDefParseBondArpValid): Likewise.
* src/conf/node_device_conf.c (virNodeDevCapStorageParseXML):
* src/conf/nwfilter_conf.c (virNWFilterRuleDetailsParse)
(virNWFilterRuleParse, virNWFilterDefParseXML): Likewise.
* src/conf/secret_conf.c (secretXMLParseNode): Likewise.
* src/cpu/cpu_x86.c (x86Baseline, x86FeatureLoad, x86ModelLoad):
* src/network/bridge_driver.c (networkKillDaemon)
(networkDnsmasqConfContents): Likewise.
* src/node_device/node_device_hal.c (dev_refresh): Likewise.
* src/nwfilter/nwfilter_gentech_driver.c (virNWFilterInstantiate):
* src/nwfilter/nwfilter_ebiptables_driver.c
(_iptablesCreateRuleInstance): Likewise.
* src/storage/storage_backend_disk.c
(virStorageBackendDiskBuildPool): Likewise.
2014-09-04 Chen Hanxiao <>
LXC: add HOME environment variable
We lacked of HOME environment variable,
set 'HOME=/' as default.
The kernel sets up $HOME for the init process.
Therefore any init can assume that $HOME is set.
libvirt currently violates that implicit rule.
2014-09-04 Felix Geyer <>
apparmor: allow reading cap_last_cap
libcap-ng >= 0.7.4 fails when it can't read /sys/kernel/cap_last_cap
and thus running a qemu guest fails.
Allow reading cap_last_cap in the libvirt-qemu apparmor abstraction.
2014-09-04 Giuseppe Scrivano <>
tests: force FIPS testing mode with new enough GNU TLS versions
security: fix DH key generation when FIPS mode is on
When FIPS mode is on, gnutls_dh_params_generate2 will fail if 1024 is
specified as the prime's number of bits, a bigger value works in both
2014-09-04 Wang Rui <>
lxc_container: Resolve Coverity RESOURCE_LEAK
Memory is allocated for 'mnt_src' by VIR_STRDUP in the loop. Next
loop it will be allocated again. So we need to free 'mnt_src'
before continue the loop.
vircgroup: Resolve Coverity RESOURCE_LEAK
Need to free 'root' and 'opts' before 'return -1' if symlink fails.
qemu_process: Resolve Coverity RESOURCE_LEAK
If virSecurityManagerClearSocketLabel() fails, 'agent' won't
be freed before jumping to cleanup.
remote: Resolve Coverity RESOURCE_LEAK
Need to free 'uri_out' on error path.
test_conf: Resolve Coverity RESOURCE_LEAK
If the condition 'ret < 0' is true, the code will jump to
'cleanup' and 'conf' won't be freed.
tests: Resolve Coverity RESOURCE_LEAK in commandhelper
Coverity determined that 'log' and 'newenv' were not freed in
some cases. Free them in 'error' branch and normal branch.
2014-09-03 Eric Blake <>
command: test umask support
Add testsuite coverage for the recent commit 0e1a1a8.
* tests/commandhelper.c (main): Output umask.
* tests/commandtest.c (test15): Also test umask.
(mymain): Add test.
* tests/commanddata/*.log: Update expected output.
2014-09-03 Martin Kletzander <>
util: don't shadow global umask declaration
Commit 0e1a1a8c introduced umask for virCommand, but the variables
used emit a warning on older compilers about shadowed global
2014-09-03 Jiri Denemark <>
sanlock: Avoid freeing uninitialized value
2014-09-03 Chunyan Liu <>
qemu: ensure sane umask for qemu process
Add umask to _virCommand, allow user to set umask to command.
Set umask(002) to qemu process to overwrite the default umask
of 022 set by many distros, so that unix sockets created for
virtio-serial has expected permissions.
Fix problem reported here:
To use virtio-serial device, unix socket created for chardev with
default umask(022) has insufficient permissions.
-device virtio-serial \
-chardev socket,path=/tmp/foo,server,nowait,id=foo \
-device virtserialport,chardev=foo,name=org.fedoraproject.port.0
srwxr-xr-x 1 qemu qemu 0 21. Jul 14:19 /tmp/somefile.sock
Other users in the same group (like real user, test engines, etc)
cannot write to this socket.
2014-09-03 Jiri Denemark <>
spec: Fix preun script for daemon
%systemd_preun macro cannot be split into several lines.
2014-09-02 Peter Krempa <>
remote: Fix memory leak on error path when deserializing bulk stats
The 'elem' variable along with the domain object would be leaked when
taking the error path.
Found by coverity.
2014-09-02 Matthew Rosato <>
util: Introduce flags field for macvtap creation
Currently, there is one flag passed in during macvtap creation
(withTap) -- Let's convert this field to an unsigned int flag
field for future expansion.
2014-09-02 Ján Tomko <>
Free ifname in testDomainGenerateIfnames
2014-09-02 Michal Privoznik <>
Post-release version bump for new dev cycle
2014-09-02 Daniel Veillard <>
Release of libvirt-1.2.8
* docs/ update for release
* po/*.po*: new localizations and regenerate pos
2014-09-01 Eric Blake <>
blockcopy: allow larger buf-size
While qemu definitely caps granularity to 64 MiB, it places no
limits on buf-size. On a machine beefy enough for lots of
memory, a buf-size larger than 2 GiB is feasible, so we should
pass a 64-bit parameter.
* include/libvirt/ (VIR_DOMAIN_BLOCK_COPY_BUF_SIZE):
Allow 64 bits.
2014-09-01 Martin Kletzander <>
selinux: properly label tap FDs with imagelabel
The cleanup in commit cf976d9d used secdef->label to label the tap
FDs, but that is not possible since it's process-only label (svirt_t)
and not a object label (e.g. svirt_image_t). Starting a domain failed
with EPERM, but simply using secdef->imagelabel instead of
secdef->label fixes it.
2014-09-01 Christophe Fergeau <>
Fix connection to already running session libvirtd
Since 1b807f92, connecting with virsh to an already running session
libvirtd fails with:
$ virsh list --all
error: failed to connect to the hypervisor
error: no valid connection
error: Failed to connect socket to
'/run/user/1000/libvirt/libvirt-sock': Transport endpoint is already
This is caused by a logic error in virNetSocketNewConnectUnix: even if
the connection to the daemon socket succeeded, we still try to spawn the
daemon and then connect to it.
This commit changes the logic to not try to spawn libvirtd if we
successfully connected to its socket.
Most of this commit is whitespace changes, use of -w is recommended to
look at it.
2014-08-30 Roman Bogorodskiy <>
storage: zfs: fix double listing of new volumes
Currently, after calling commands to create a new volumes,
virStorageBackendZFSCreateVol calls virStorageBackendZFSFindVols that
calls virStorageBackendZFSParseVol.
virStorageBackendZFSParseVol checks if a volume already exists by
trying to get it using virStorageVolDefFindByName.
For a just created volume it returns NULL, so volume is reported as
new and appended to pool->volumes. This causes a volume to be listed
twice as storageVolCreateXML appends this new volume to the list as
Fix that by passing a new volume definition to
virStorageBackendZFSParseVol so it could determine if it needs to add
this volume to the list.
2014-08-29 John Ferlan <>
qemu_driver: Resolve Coverity FORWARD_NULL
In qemuDomainSnapshotCreateDiskActive() if we jumped to cleanup from a
failed actions = virJSONValueNewArray(), then 'cfg' would be NULL.
So just return -1, which in turn removes the need for cleanup:
2014-08-29 John Ferlan <>
virnetserverservice: Resolve Coverity ARRAY_VS_SINGLETON
Coverity complained about the following:
(3) Event ptr_arith:
Performing pointer arithmetic on "cur_fd" in expression "cur_fd++".
130 return virNetServerServiceNewFD(*cur_fd++,
The complaint is that pointer arithmetic taking place instead of the
expected auto increment of the variable... Adding some well placed
parentheses ensures our order of operation.
2014-08-29 John Ferlan <>
qemu: Allow use of iothreads for disk definitions
For virtio-blk-pci disks with the disk iothread attribute that are
running the correct emulator, add the "iothread=iothread#" to the
-device command line in order to enable iothreads for the disk as
long as the command is available, the disk iothread value provided is
valid, and is supported for the disk device being added
domain_conf: Add support for iothreads in disk definition
Add a new disk "driver" attribute "iothread" to be parsed as the thread
number for the disk to use. In order to more easily facilitate the usage
and configuration of the iothread, a "zero" for the attribute indicates
iothreads are not supported for the device and a positive value indicates
the specific thread to try and use.
2014-08-29 John Ferlan <>
qemu: Add support for iothreads
Add a new capability to ensure the iothreads feature exists for the qemu
emulator being run - requires the "query-iothreads" QMP command. Using the
domain XML add correspoding command argument in order to generate the
threads. The iothreads will use a name space "iothread#" where, the
future patch to add support for using an iothread to a disk definition to
merely define which of the available threads to use.
Add tests to ensure the xml/argv processing is correct. Note that no
change was made to qemuargv2xmltest.c as processing the -object element
would require knowing more than just iothreads.
2014-08-29 John Ferlan <>
domain_conf: Introduce iothreads XML
Introduce XML to allowing adding iothreads to the domain. These can be
used by virtio-blk-pci devices in order to assign a specific thread to
handle the workload for the device. The iothreads are the official
implementation of the virtio-blk Data Plane that's been in tech preview
for QEMU.
libxl_migration: Resolve Coverity NULL_RETURNS
Coverity noted that all callers to libxlDomainEventQueue() could ensure
the second parameter (event) was true before calling except this case.
As I look at the code and how events are used - it seems that prior to
generating an event for the dom == NULL condition, the resume/suspend
event should be queue'd after the virDomainSaveStatus() call which will
goto cleanup and queue the saved event anyway.
2014-08-28 Peter Krempa <>
qemu: Implement bulk stats API and one of the stats groups to return
Implement the API function for virDomainListGetStats and
virConnectGetAllDomainStats in a modular way and implement the
VIR_DOMAIN_STATS_STATE group of statistics.
Although it may look like the function looks universal I'd rather not
expose it to other drivers as the coming stats groups are likely to do
qemu specific stuff to obtain the stats.
2014-08-28 John Ferlan <>
qemu_command: Resolve Coverity DEADCODE
One useless warning, but the other one rather pertinent. On entry
the 'trans' variable is initialized to VIR_DOMAIN_DISK_TRANS_DEFAULT.
When the "trans" was found in the parsing loop it def->geometry.trans
was assigned to the return from virDomainDiskGeometryTransTypeFromString
and then 'trans' was used to do the comparison to see if it was valid.
So remove 'trans' and use def->geometry.trans properly
2014-08-28 John Ferlan <>
qemu_driver: Resolve Coverity DEADCODE
A bunch of false positives brought on by our own doings
domain_conf: Resolve Coverity DEADCODE
A bunch of a useless warnings brought on by our own doing.
qemu_monitor: Resolve Coverity NESTING_INDENT_MISMATCH
The PROBE macro can expand to more than one line/statement - put curly
braces around the if statement to be safe
storage_conf: Resolve Coverity RESOURCE_LEAK
If there was a failure processing 'authdef' and the code went to cleanup
before the setting to source->auth, then it'd be leaked.
qemu_driver: Resolve Coverity RESOURCE_LEAK
Coverity found that the 'buf' wasn't VIR_FREE'd at exit.
phyp_driver: Resolve Coverity RESOURCE_LEAK
Coverity determines that when jumping to the connected: label, the
addressinfo (ai) is not free'd.
2014-08-28 John Ferlan <>
libxl_migration: Resolve Coverity RESOURCE_LEAK
In libxlDomainMigrationPrepare() if the uri_in is false, then
'hostname' is allocated and used "generically" in the routine,
but not freed. Conversely, if uri_in is true, then a uri is
allocated and hostname is set to the uri->hostname value and
likewise generically used.
At function exit, hostname wasn't free'd in the !uri_in path,
so that was added. To just make it clearer on usage the else
path became the call to virURIFree() although I suppose technically
it didn't have to since it would be a call using (NULL)
2014-08-28 John Ferlan <>
bridge_driver: Resolve Coverity RESOURCE_LEAK
In the error path the 'ipaddr' wasn't VIR_FREE'd before jumping to cleanup
virsh-network: Resolve Coverity RESOURCE_LEAK
Need to free 'xmlFromFile' on/for the error path when current was
returning false only
network_conf: Resolve Coverity RESOURCE_LEAK
Need to VIR_FREE the startip/endip we allocated for the error message
qemu_capabilities: Resolve Coverity RESOURCE_LEAK
Coverity determined that on error path that 'mach' wouldn't be free'd
Since virCapabilitiesFreeGuestMachine() isn't globally available, we'll
insert first and then if the VIR_STRDUP's fail they it will eventually
cause the 'mach' to be freed in the error path
libxl_domain: Resolve Coverity RESOURCE_LEAK
On the error path need to free the chrdef
qemu_agent: Resolve Coverity RESOURCE_LEAK
Coverity found that on error paths, the 'arg' value wasn't be cleaned
up. Followed the example in qemuAgentSetVCPUs() where upon successful call
to qemuAgentCommand() the 'cpus' is set to NULL; otherwise, when cleanup