rpms/libvirt
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Compare commits

base: rpms:libvirt-0_6_2-17_fc11
Branches Tags
rpms:no-polkit rpms:master
rpms:libvirt-0_8_2-3_fc14 rpms:libvirt-0_8_2-2_fc14 rpms:libvirt-0_8_2-1_fc13 rpms:libvirt-0_8_2-1_fc12 rpms:libvirt-0_8_2-1_fc14 rpms:libvirt-0_7_7-5_fc13 rpms:libvirt-0_7_1-18_fc12 rpms:libvirt-0_7_1-17_fc12 rpms:libvirt-0_7_7-4_fc13 rpms:libvirt-0_7_1-16_fc12 rpms:libvirt-0_8_1-1_fc14 rpms:libvirt-0_7_7-3_fc13 rpms:libvirt-0_8_0-1_fc14 rpms:libvirt-0_7_7-3_fc14 rpms:libvirt-0_7_7-2_fc14 rpms:libvirt-0_7_7-2_fc13 rpms:libvirt-0_7_7-1_fc13 rpms:libvirt-0_7_7-1_fc14 rpms:libvirt-0_7_6-3_fc13 rpms:libvirt-0_7_6-2_fc13 rpms:libvirt-0_7_6-1_fc13 rpms:libvirt-0_7_5-3_fc13 rpms:libvirt-0_7_5-2_fc13 rpms:libvirt-0_7_5-1_fc13 rpms:libvirt-0_7_4-1_fc13 rpms:libvirt-0_7_3-1_fc13 rpms:libvirt-0_7_2-6_fc13 rpms:libvirt-0_7_2-5_fc13 rpms:libvirt-0_7_2-4_fc13 rpms:libvirt-0_7_1-15_fc12 rpms:libvirt-0_7_2-3_fc13 rpms:libvirt-0_7_2-2_fc13 rpms:libvirt-0_7_1-14_fc12 rpms:libvirt-0_6_2-19_fc11 rpms:libvirt-0_7_1-13_fc12 rpms:libvirt-0_7_2-1_fc13 rpms:libvirt-0_7_1-12_fc12 rpms:libvirt-0_7_1-12_fc13 rpms:libvirt-0_7_1-11_fc12 rpms:libvirt-0_7_1-11_fc13 rpms:libvirt-0_7_1-10_fc13 rpms:libvirt-0_7_1-10_fc12 rpms:libvirt-0_7_1-9_fc13 rpms:libvirt-0_7_1-9_fc12 rpms:libvirt-0_7_1-8_fc12 rpms:libvirt-0_7_1-8_fc13 rpms:libvirt-0_7_1-7_fc13 rpms:libvirt-0_7_1-7_fc12 rpms:libvirt-0_6_2-18_fc11 rpms:F-12-split rpms:libvirt-0_7_1-5_fc12 rpms:libvirt-0_7_1-4_fc12 rpms:libvirt-0_7_1-2_fc12 rpms:libvirt-0_7_1-1_fc12 rpms:libvirt-0_7_1-0_2_gitfac3f4c_fc12 rpms:libvirt-0_7_1-0_1_git3ef2e05_fc12 rpms:libvirt-0_7_0-6_fc12 rpms:libvirt-0_6_2-17_fc11 rpms:libvirt-0_7_0-5_fc12 rpms:libvirt-0_6_2-16_fc11 rpms:libvirt-0_6_2-15_fc11 rpms:libvirt-0_7_0-4_fc12 rpms:libvirt-0_7_0-3_fc12 rpms:libvirt-0_7_0-2_fc12 rpms:libvirt-0_6_2-14_fc11 rpms:libvirt-0_7_0-1_fc12 rpms:libvirt-0_7_0-0_9_gite195b43_fc12 rpms:libvirt-0_7_0-0_8_gite195b43_fc12 rpms:libvirt-0_7_0-0_7_gite195b43_fc12 rpms:libvirt-0_7_0-0_6_gite195b43_fc12 rpms:libvirt-0_7_0-0_5_gitf055724_fc12 rpms:libvirt-0_7_0-0_4_gitf055724_fc12 rpms:libvirt-0_7_0-0_3_gitf055724_fc12 rpms:libvirt-0_7_0-0_2_gitf055724_fc12 rpms:libvirt-0_7_0-0_1_gitf055724_fc12 rpms:libvirt-0_6_5-3_fc12 rpms:libvirt-0_6_5-2_fc12 rpms:libvirt-0_6_5-1_fc12 rpms:libvirt-0_6_4-4_fc12 rpms:libvirt-0_6_2-13_fc11 rpms:libvirt-0_6_4-3_fc12 rpms:libvirt-0_6_2-12_fc11 rpms:libvirt-0_6_4-2_fc12 rpms:libvirt-0_6_4-1_fc12 rpms:libvirt-0_6_2-11_fc11 rpms:libvirt-0_6_3-11_fc12 rpms:libvirt-0_6_2-10_fc11 rpms:libvirt-0_6_2-9_fc11 rpms:libvirt-0_6_3-10_fc12 rpms:libvirt-0_6_3-9_fc12 rpms:libvirt-0_6_3-8_fc12 rpms:libvirt-0_6_2-8_fc11 rpms:libvirt-0_6_3-7_fc12 rpms:libvirt-0_6_2-7_fc11 rpms:libvirt-0_6_2-6_fc11 rpms:libvirt-0_6_3-5_fc12 rpms:libvirt-0_6_2-5_fc11 rpms:libvirt-0_6_3-4_fc12 rpms:libvirt-0_6_2-4_fc11 rpms:libvirt-0_6_2-3_fc11 rpms:libvirt-0_6_3-3_fc12 rpms:libvirt-0_6_3-2_fc12 rpms:libvirt-0_6_3-1_fc12 rpms:libvirt-0_6_2-2_fc11 rpms:libvirt-0_6_2-2_fc12 rpms:libvirt-0_6_2-1_fc11 rpms:libvirt-0_6_1-6_fc11 rpms:libvirt-0_6_1-5_fc11 rpms:libvirt-0_6_1-4_fc11 rpms:libvirt-0_6_1-3_fc11 rpms:libvirt-0_6_1-2_fc11 rpms:libvirt-0_6_1-1_fc11 rpms:libvirt-0_6_1-1_fc9 rpms:libvirt-0_6_1-1_fc10 rpms:libvirt-0_6_0-6_fc11 rpms:libvirt-0_6_0-5_fc11 rpms:libvirt-0_6_0-3_fc9 rpms:libvirt-0_6_0-3_fc10 rpms:libvirt-0_6_0-4_fc11 rpms:libvirt-0_6_0-3_fc11 rpms:libvirt-0_6_0-2_fc10 rpms:libvirt-0_6_0-2_fc9 rpms:libvirt-0_6_0-2_fc11 rpms:libvirt-0_6_0-1_fc9 rpms:libvirt-0_6_0-1_fc10 rpms:libvirt-0_6_0-1_fc11 rpms:libvirt-0_5_1-2_fc11 rpms:libvirt-0_5_1-2_fc10 rpms:libvirt-0_5_1-2_fc9 rpms:libvirt-0_5_1-1_fc9 rpms:libvirt-0_5_1-1_fc10 rpms:libvirt-0_5_1-1_fc11 rpms:libvirt-0_5_0-2_fc11 rpms:libvirt-0_5_0-1_fc9 rpms:libvirt-0_5_0-1_fc10 rpms:libvirt-0_5_0-1_fc11 rpms:F-10-start rpms:F-10-split rpms:libvirt-0_4_6-1_fc8 rpms:libvirt-0_4_6-3_fc10 rpms:libvirt-0_4_6-2_fc9 rpms:libvirt-0_4_6-1_fc9 rpms:libvirt-0_4_6-2_fc10 rpms:libvirt-0_4_6-1_fc10 rpms:libvirt-0_4_5-2_fc9 rpms:libvirt-0_4_5-2_fc10 rpms:libvirt-0_4_5-1_fc9 rpms:libvirt-0_4_5-1_fc10 rpms:libvirt-0_4_4-3_fc10 rpms:libvirt-0_4_4-2_fc8 rpms:libvirt-0_4_4-2_fc9 rpms:libvirt-0_4_4-2_fc10 rpms:libvirt-0_4_4-1_fc8 rpms:libvirt-0_4_4-1_fc9 rpms:libvirt-0_4_4-1_fc10 rpms:libvirt-0_4_3-1_fc8 rpms:libvirt-0_4_3-1_fc9 rpms:libvirt-0_4_3-1_fc10 rpms:libvirt-0_4_2-6_fc10 rpms:libvirt-0_4_2-4_fc9 rpms:libvirt-0_4_2-5_fc10 rpms:libvirt-0_4_2-4_fc10 rpms:libvirt-0_4_2-3_fc9 rpms:libvirt-0_4_2-3_fc10 rpms:libvirt-0_4_2-2_fc10 rpms:libvirt-0_4_2-2_fc9 rpms:libvirt-0_4_2-1_fc8 rpms:F-9-split rpms:libvirt-0_4_1-3_fc8 rpms:libvirt-0_4_1-7_fc9 rpms:libvirt-0_4_1-6_fc9 rpms:libvirt-0_4_1-5_fc9 rpms:libvirt-0_4_1-4_fc9 rpms:libvirt-0_4_1-2_fc8 rpms:libvirt-0_4_1-3_fc9 rpms:libvirt-0_4_1-1_fc8 rpms:libvirt-0_4_1-2_fc9 rpms:libvirt-0_4_1-1_fc9 rpms:libvirt-0_4_0-5_fc9 rpms:libvirt-0_4_0-4_fc9 rpms:libvirt-0_4_0-4_fc7 rpms:libvirt-0_4_0-4_fc8 rpms:libvirt-0_4_0-3_fc7 rpms:libvirt-0_4_0-3_fc8 rpms:libvirt-0_4_0-3_fc9 rpms:libvirt-0_4_0-2_fc7 rpms:libvirt-0_4_0-2_fc8 rpms:libvirt-0_4_0-2_fc9 rpms:libvirt-0_4_0-1_fc7 rpms:libvirt-0_4_0-1_fc8 rpms:libvirt-0_4_0-1_fc9 rpms:F-8-split rpms:libvirt-0_3_3-2_fc8 rpms:libvirt-0_3_3-1_fc7 rpms:libvirt-0_3_3-1_fc8 rpms:libvirt-0_3_2-2_fc8 rpms:libvirt-0_3_2-1_fc7 rpms:libvirt-0_3_2-1_fc8 rpms:libvirt-0_3_1-4_fc8 rpms:libvirt-0_3_1-2_fc7 rpms:libvirt-0_3_1-3_fc8 rpms:libvirt-0_3_1-2_fc8 rpms:libvirt-0_3_1-1_fc7 rpms:libvirt-0_3_1-1_fc8 rpms:libvirt-0_3_0-1_fc7 rpms:libvirt-0_3_0-1_fc8 rpms:libvirt-0_2_3-1_fc7 rpms:libvirt-0_2_3-1_fc8 rpms:libvirt-0_2_2-4_fc7 rpms:libvirt-0_2_2-3_fc7 rpms:libvirt-0_2_2-2_fc7 rpms:libvirt-0_2_2-1_fc7 rpms:libvirt-0_2_1-3_fc7 rpms:libvirt-0_2_1-2_fc7 rpms:libvirt-0_2_1-1_fc7 rpms:libvirt-0_2_0-4_fc7 rpms:libvirt-0_2_0-3_fc7 rpms:libvirt-0_2_0-2_fc7 rpms:libvirt-0_2_0-1_fc7 rpms:libvirt-0_1_11-1_fc7 rpms:libvirt-0_1_10-1_fc7 rpms:libvirt-0_1_9-2_fc7 rpms:libvirt-0_1_9-1_fc7 rpms:libvirt-0_1_8-3_fc7 rpms:libvirt-0_1_8-2_fc7 rpms:libvirt-0_1_8-1 rpms:libvirt-0_1_7-2 rpms:libvirt-0_1_7-1 rpms:libvirt-0_1_6-1 rpms:libvirt-0_1_5-3 rpms:libvirt-0_1_5-2 rpms:libvirt-0_1_5-1 rpms:libvirt-0_1_4-5 rpms:libvirt-0_1_4-4 rpms:libvirt-0_1_4-3 rpms:libvirt-0_1_4-2 rpms:libvirt-0_1_4-1 rpms:libvirt-0_1_3-6 rpms:libvirt-0_1_3-5 rpms:libvirt-0_1_3-4 rpms:libvirt-0_1_3-3 rpms:libvirt-0_1_3-2 rpms:libvirt-0_1_3-1_1 rpms:libvirt-0_1_3-1 rpms:libvirt-0_1_2-1 rpms:libvirt-0_1_1-1 rpms:libvirt-0_1_0-1 rpms:FC-5-split rpms:libvirt-0_0_5-1 rpms:libvirt-0_0_4-1 rpms:libvirt-0_0_3-1 rpms:setup-new-module
..
compare: rpms:libvirt-0_8_2-2_fc14
Branches Tags
rpms:no-polkit rpms:master
rpms:libvirt-0_8_2-3_fc14 rpms:libvirt-0_8_2-2_fc14 rpms:libvirt-0_8_2-1_fc13 rpms:libvirt-0_8_2-1_fc12 rpms:libvirt-0_8_2-1_fc14 rpms:libvirt-0_7_7-5_fc13 rpms:libvirt-0_7_1-18_fc12 rpms:libvirt-0_7_1-17_fc12 rpms:libvirt-0_7_7-4_fc13 rpms:libvirt-0_7_1-16_fc12 rpms:libvirt-0_8_1-1_fc14 rpms:libvirt-0_7_7-3_fc13 rpms:libvirt-0_8_0-1_fc14 rpms:libvirt-0_7_7-3_fc14 rpms:libvirt-0_7_7-2_fc14 rpms:libvirt-0_7_7-2_fc13 rpms:libvirt-0_7_7-1_fc13 rpms:libvirt-0_7_7-1_fc14 rpms:libvirt-0_7_6-3_fc13 rpms:libvirt-0_7_6-2_fc13 rpms:libvirt-0_7_6-1_fc13 rpms:libvirt-0_7_5-3_fc13 rpms:libvirt-0_7_5-2_fc13 rpms:libvirt-0_7_5-1_fc13 rpms:libvirt-0_7_4-1_fc13 rpms:libvirt-0_7_3-1_fc13 rpms:libvirt-0_7_2-6_fc13 rpms:libvirt-0_7_2-5_fc13 rpms:libvirt-0_7_2-4_fc13 rpms:libvirt-0_7_1-15_fc12 rpms:libvirt-0_7_2-3_fc13 rpms:libvirt-0_7_2-2_fc13 rpms:libvirt-0_7_1-14_fc12 rpms:libvirt-0_6_2-19_fc11 rpms:libvirt-0_7_1-13_fc12 rpms:libvirt-0_7_2-1_fc13 rpms:libvirt-0_7_1-12_fc12 rpms:libvirt-0_7_1-12_fc13 rpms:libvirt-0_7_1-11_fc12 rpms:libvirt-0_7_1-11_fc13 rpms:libvirt-0_7_1-10_fc13 rpms:libvirt-0_7_1-10_fc12 rpms:libvirt-0_7_1-9_fc13 rpms:libvirt-0_7_1-9_fc12 rpms:libvirt-0_7_1-8_fc12 rpms:libvirt-0_7_1-8_fc13 rpms:libvirt-0_7_1-7_fc13 rpms:libvirt-0_7_1-7_fc12 rpms:libvirt-0_6_2-18_fc11 rpms:F-12-split rpms:libvirt-0_7_1-5_fc12 rpms:libvirt-0_7_1-4_fc12 rpms:libvirt-0_7_1-2_fc12 rpms:libvirt-0_7_1-1_fc12 rpms:libvirt-0_7_1-0_2_gitfac3f4c_fc12 rpms:libvirt-0_7_1-0_1_git3ef2e05_fc12 rpms:libvirt-0_7_0-6_fc12 rpms:libvirt-0_6_2-17_fc11 rpms:libvirt-0_7_0-5_fc12 rpms:libvirt-0_6_2-16_fc11 rpms:libvirt-0_6_2-15_fc11 rpms:libvirt-0_7_0-4_fc12 rpms:libvirt-0_7_0-3_fc12 rpms:libvirt-0_7_0-2_fc12 rpms:libvirt-0_6_2-14_fc11 rpms:libvirt-0_7_0-1_fc12 rpms:libvirt-0_7_0-0_9_gite195b43_fc12 rpms:libvirt-0_7_0-0_8_gite195b43_fc12 rpms:libvirt-0_7_0-0_7_gite195b43_fc12 rpms:libvirt-0_7_0-0_6_gite195b43_fc12 rpms:libvirt-0_7_0-0_5_gitf055724_fc12 rpms:libvirt-0_7_0-0_4_gitf055724_fc12 rpms:libvirt-0_7_0-0_3_gitf055724_fc12 rpms:libvirt-0_7_0-0_2_gitf055724_fc12 rpms:libvirt-0_7_0-0_1_gitf055724_fc12 rpms:libvirt-0_6_5-3_fc12 rpms:libvirt-0_6_5-2_fc12 rpms:libvirt-0_6_5-1_fc12 rpms:libvirt-0_6_4-4_fc12 rpms:libvirt-0_6_2-13_fc11 rpms:libvirt-0_6_4-3_fc12 rpms:libvirt-0_6_2-12_fc11 rpms:libvirt-0_6_4-2_fc12 rpms:libvirt-0_6_4-1_fc12 rpms:libvirt-0_6_2-11_fc11 rpms:libvirt-0_6_3-11_fc12 rpms:libvirt-0_6_2-10_fc11 rpms:libvirt-0_6_2-9_fc11 rpms:libvirt-0_6_3-10_fc12 rpms:libvirt-0_6_3-9_fc12 rpms:libvirt-0_6_3-8_fc12 rpms:libvirt-0_6_2-8_fc11 rpms:libvirt-0_6_3-7_fc12 rpms:libvirt-0_6_2-7_fc11 rpms:libvirt-0_6_2-6_fc11 rpms:libvirt-0_6_3-5_fc12 rpms:libvirt-0_6_2-5_fc11 rpms:libvirt-0_6_3-4_fc12 rpms:libvirt-0_6_2-4_fc11 rpms:libvirt-0_6_2-3_fc11 rpms:libvirt-0_6_3-3_fc12 rpms:libvirt-0_6_3-2_fc12 rpms:libvirt-0_6_3-1_fc12 rpms:libvirt-0_6_2-2_fc11 rpms:libvirt-0_6_2-2_fc12 rpms:libvirt-0_6_2-1_fc11 rpms:libvirt-0_6_1-6_fc11 rpms:libvirt-0_6_1-5_fc11 rpms:libvirt-0_6_1-4_fc11 rpms:libvirt-0_6_1-3_fc11 rpms:libvirt-0_6_1-2_fc11 rpms:libvirt-0_6_1-1_fc11 rpms:libvirt-0_6_1-1_fc9 rpms:libvirt-0_6_1-1_fc10 rpms:libvirt-0_6_0-6_fc11 rpms:libvirt-0_6_0-5_fc11 rpms:libvirt-0_6_0-3_fc9 rpms:libvirt-0_6_0-3_fc10 rpms:libvirt-0_6_0-4_fc11 rpms:libvirt-0_6_0-3_fc11 rpms:libvirt-0_6_0-2_fc10 rpms:libvirt-0_6_0-2_fc9 rpms:libvirt-0_6_0-2_fc11 rpms:libvirt-0_6_0-1_fc9 rpms:libvirt-0_6_0-1_fc10 rpms:libvirt-0_6_0-1_fc11 rpms:libvirt-0_5_1-2_fc11 rpms:libvirt-0_5_1-2_fc10 rpms:libvirt-0_5_1-2_fc9 rpms:libvirt-0_5_1-1_fc9 rpms:libvirt-0_5_1-1_fc10 rpms:libvirt-0_5_1-1_fc11 rpms:libvirt-0_5_0-2_fc11 rpms:libvirt-0_5_0-1_fc9 rpms:libvirt-0_5_0-1_fc10 rpms:libvirt-0_5_0-1_fc11 rpms:F-10-start rpms:F-10-split rpms:libvirt-0_4_6-1_fc8 rpms:libvirt-0_4_6-3_fc10 rpms:libvirt-0_4_6-2_fc9 rpms:libvirt-0_4_6-1_fc9 rpms:libvirt-0_4_6-2_fc10 rpms:libvirt-0_4_6-1_fc10 rpms:libvirt-0_4_5-2_fc9 rpms:libvirt-0_4_5-2_fc10 rpms:libvirt-0_4_5-1_fc9 rpms:libvirt-0_4_5-1_fc10 rpms:libvirt-0_4_4-3_fc10 rpms:libvirt-0_4_4-2_fc8 rpms:libvirt-0_4_4-2_fc9 rpms:libvirt-0_4_4-2_fc10 rpms:libvirt-0_4_4-1_fc8 rpms:libvirt-0_4_4-1_fc9 rpms:libvirt-0_4_4-1_fc10 rpms:libvirt-0_4_3-1_fc8 rpms:libvirt-0_4_3-1_fc9 rpms:libvirt-0_4_3-1_fc10 rpms:libvirt-0_4_2-6_fc10 rpms:libvirt-0_4_2-4_fc9 rpms:libvirt-0_4_2-5_fc10 rpms:libvirt-0_4_2-4_fc10 rpms:libvirt-0_4_2-3_fc9 rpms:libvirt-0_4_2-3_fc10 rpms:libvirt-0_4_2-2_fc10 rpms:libvirt-0_4_2-2_fc9 rpms:libvirt-0_4_2-1_fc8 rpms:F-9-split rpms:libvirt-0_4_1-3_fc8 rpms:libvirt-0_4_1-7_fc9 rpms:libvirt-0_4_1-6_fc9 rpms:libvirt-0_4_1-5_fc9 rpms:libvirt-0_4_1-4_fc9 rpms:libvirt-0_4_1-2_fc8 rpms:libvirt-0_4_1-3_fc9 rpms:libvirt-0_4_1-1_fc8 rpms:libvirt-0_4_1-2_fc9 rpms:libvirt-0_4_1-1_fc9 rpms:libvirt-0_4_0-5_fc9 rpms:libvirt-0_4_0-4_fc9 rpms:libvirt-0_4_0-4_fc7 rpms:libvirt-0_4_0-4_fc8 rpms:libvirt-0_4_0-3_fc7 rpms:libvirt-0_4_0-3_fc8 rpms:libvirt-0_4_0-3_fc9 rpms:libvirt-0_4_0-2_fc7 rpms:libvirt-0_4_0-2_fc8 rpms:libvirt-0_4_0-2_fc9 rpms:libvirt-0_4_0-1_fc7 rpms:libvirt-0_4_0-1_fc8 rpms:libvirt-0_4_0-1_fc9 rpms:F-8-split rpms:libvirt-0_3_3-2_fc8 rpms:libvirt-0_3_3-1_fc7 rpms:libvirt-0_3_3-1_fc8 rpms:libvirt-0_3_2-2_fc8 rpms:libvirt-0_3_2-1_fc7 rpms:libvirt-0_3_2-1_fc8 rpms:libvirt-0_3_1-4_fc8 rpms:libvirt-0_3_1-2_fc7 rpms:libvirt-0_3_1-3_fc8 rpms:libvirt-0_3_1-2_fc8 rpms:libvirt-0_3_1-1_fc7 rpms:libvirt-0_3_1-1_fc8 rpms:libvirt-0_3_0-1_fc7 rpms:libvirt-0_3_0-1_fc8 rpms:libvirt-0_2_3-1_fc7 rpms:libvirt-0_2_3-1_fc8 rpms:libvirt-0_2_2-4_fc7 rpms:libvirt-0_2_2-3_fc7 rpms:libvirt-0_2_2-2_fc7 rpms:libvirt-0_2_2-1_fc7 rpms:libvirt-0_2_1-3_fc7 rpms:libvirt-0_2_1-2_fc7 rpms:libvirt-0_2_1-1_fc7 rpms:libvirt-0_2_0-4_fc7 rpms:libvirt-0_2_0-3_fc7 rpms:libvirt-0_2_0-2_fc7 rpms:libvirt-0_2_0-1_fc7 rpms:libvirt-0_1_11-1_fc7 rpms:libvirt-0_1_10-1_fc7 rpms:libvirt-0_1_9-2_fc7 rpms:libvirt-0_1_9-1_fc7 rpms:libvirt-0_1_8-3_fc7 rpms:libvirt-0_1_8-2_fc7 rpms:libvirt-0_1_8-1 rpms:libvirt-0_1_7-2 rpms:libvirt-0_1_7-1 rpms:libvirt-0_1_6-1 rpms:libvirt-0_1_5-3 rpms:libvirt-0_1_5-2 rpms:libvirt-0_1_5-1 rpms:libvirt-0_1_4-5 rpms:libvirt-0_1_4-4 rpms:libvirt-0_1_4-3 rpms:libvirt-0_1_4-2 rpms:libvirt-0_1_4-1 rpms:libvirt-0_1_3-6 rpms:libvirt-0_1_3-5 rpms:libvirt-0_1_3-4 rpms:libvirt-0_1_3-3 rpms:libvirt-0_1_3-2 rpms:libvirt-0_1_3-1_1 rpms:libvirt-0_1_3-1 rpms:libvirt-0_1_2-1 rpms:libvirt-0_1_1-1 rpms:libvirt-0_1_0-1 rpms:FC-5-split rpms:libvirt-0_0_5-1 rpms:libvirt-0_0_4-1 rpms:libvirt-0_0_3-1 rpms:setup-new-module

97 Commits
libvirt-0_ ... libvirt-0_

Author SHA1 Message Date
Daniel P. Berrange
e3a592c38d Fix CVE-2010-2237, CVE-2010-2238, CVE-2010-2239, CVE-2010-2242 2010-07-12 16:01:43 +00:00
Daniel Veillard
7e99819dda Release of libvirt-0.8.2, update of spec file, Daniel 2010-07-05 15:51:43 +00:00
Daniel Veillard
a160d7f98d Upstream release of libvirt-0.8.1, Daniel 2010-04-30 17:10:08 +00:00
Daniel Veillard
36cab842e8 - Upstream release 0.8.0 
- Snapshotting support (QEmu/VBox/ESX)
- Network filtering API
- XenAPI driver
- new APIs for domain events
- Libvirt managed save API
- timer subselection for domain clock
- synchronous hooks
- API to update guest CPU to host CPU
- virDomainUpdateDeviceFlags new API
- migrate max downtime API
- volume wiping API
- and many bug fixes
Daniel
 2010-04-12 18:05:13 +00:00
Richard W.M. Jones
7b7b86e327 No change, just rebuild against new libparted with bumped soname. 2010-03-30 21:08:36 +00:00
Cole Robinson
f4bfe638b6 Fix USB devices by product with security enabled (bz 574136) 
Set kernel/initrd in security driver, fixes some URL installs (bz 566425)
 2010-03-22 15:19:02 +00:00
Daniel Veillard
0e9d242f05 Upstream release 0.7.7 
Daniel
 2010-03-05 16:33:57 +00:00
Adam Jackson
e24467a8c2 * Tue Feb 16 2010 Adam Jackson <ajax@redhat.com> 0.7.6-2 
- libvirt-0.7.6-add-needed.patch: Fix FTBFS from --no-add-needed
- Add BuildRequires: xmlrpc-c-client for libxmlrpc_client.so
 2010-02-17 00:11:39 +00:00
Adam Jackson
b39c370a76 add the patch 2010-02-16 23:59:23 +00:00
Adam Jackson
62e4e7cde2 * Tue Feb 16 2010 Adam Jackson <ajax@redhat.com> 0.7.6-2 
- libvirt-0.7.6-add-needed.patch: Fix FTBFS from --no-add-needed
 2010-02-16 23:49:24 +00:00
Daniel Veillard
f822179f97 Oops forgot to bump version, Daniel 2010-02-03 17:40:46 +00:00
Daniel Veillard
47e7e1e548 upstream release of 0.7.6 
daniel
 2010-02-03 17:39:33 +00:00
Chris Weyl
e73b75314b * Thu Jan 14 2010 Chris Weyl <cweyl@alumni.drew.edu> 0.7.5-3 
- bump for libssh2 rebuild
 2010-01-14 16:59:58 +00:00
Daniel P. Berrange
8193a55b4a Rebuild for libparted soname change 2010-01-12 14:10:20 +00:00
Daniel Veillard
6036708fa2 Fix a problem in spec file, Daniel 2009-12-23 15:56:25 +00:00
Daniel Veillard
4717aa0b6d Upstream release of 0.7.5, Daniel 2009-12-23 15:40:21 +00:00
Bill Nottingham
97ae25ea7d Fix typo that causes a failure to update the common directory. (releng #2781) 2009-11-25 23:51:22 +00:00
Daniel Veillard
6470ed033b Upstream release of 0.7.3, Daniel 2009-11-20 18:59:17 +00:00
Daniel Veillard
b550f9c1d5 Fix netcf BuildRequire, Daniel 2009-11-20 18:02:51 +00:00
Daniel Veillard
ee0273ffc3 Upstream release of libvirt-0.7.3, Daniel 2009-11-20 16:55:47 +00:00
Daniel P. Berrange
50fce74b00 Really fix restore file labelling this time 2009-11-19 12:51:32 +00:00
Daniel P. Berrange
e29f71d1c9 Disable numactl on s390[x] 2009-11-11 18:11:49 +00:00
Daniel P. Berrange
427ed20801 Fix QEMU save/restore permissions / labelling 2009-11-11 15:33:52 +00:00
Mark McLoughlin
d23e6c285b * Thu Oct 29 2009 Mark McLoughlin <markmc@redhat.com> - 0.7.2-3 
- Avoid compressing small log files (#531030)
 2009-10-29 17:26:05 +00:00
Mark McLoughlin
2c139b45d8 * Thu Oct 29 2009 Mark McLoughlin <markmc@redhat.com> - 0.7.2-2 
- Fix qemu machine types handling
 2009-10-29 10:57:55 +00:00
Mark McLoughlin
762435e3b7 * Thu Oct 29 2009 Mark McLoughlin <markmc@redhat.com> - 0.7.2-2 
- Make libvirt-devel require libvirt-client, not libvirt
 2009-10-29 10:15:23 +00:00
Daniel Veillard
6383d6b056 0.7.2 release, Daniel 2009-10-14 13:03:30 +00:00
Mark McLoughlin
3712441ea6 Add the second patch for #523158 2009-10-13 15:43:47 +00:00
Mark McLoughlin
9d0bc882fa * Tue Oct 13 2009 Mark McLoughlin <markmc@redhat.com> - 0.7.1-12 
- Fix restore of qemu guest using raw save format (#523158)
 2009-10-13 15:34:15 +00:00
Mark McLoughlin
90dddf3d3d * Fri Oct 9 2009 Mark McLoughlin <markmc@redhat.com> - 0.7.1-11 
- Fix libvirtd memory leak during error reply sending (#528162)
- Add several PCI hot-unplug typo fixes from upstream
 2009-10-09 14:53:48 +00:00
Mark McLoughlin
86abd54d02 * Tue Oct 6 2009 Mark McLoughlin <markmc@redhat.com> - 0.7.1-10 
- Create /var/log/libvirt/{lxc,uml} dirs for logrotate
- Make libvirt-python dependon on libvirt-client
- Sync misc minor changes from upstream spec
 2009-10-06 12:48:58 +00:00
Mark McLoughlin
4ab5ad5425 * Tue Oct 6 2009 Mark McLoughlin <markmc@redhat.com> - 0.7.1-9 
- Change logrotate config to weekly (#526769)
 2009-10-06 09:45:04 +00:00
Mark McLoughlin
f9c1b758c3 - Re-label qcow2 backing files (#497131) 2009-10-01 15:17:31 +00:00
Mark McLoughlin
38cf1bd5ba * Thu Oct 1 2009 Mark McLoughlin <markmc@redhat.com> - 0.7.1-8 
- Disable sound backend, even when selinux is disabled (#524499)
 2009-10-01 08:35:16 +00:00
Mark McLoughlin
aeda455930 * Wed Sep 30 2009 Mark McLoughlin <markmc@redhat.com> - 0.7.1-7 
- Fix USB device passthrough (#522683)
 2009-09-30 17:58:52 +00:00
Chris Weyl
288291b795 * Mon Sep 21 2009 Chris Weyl <cweyl@alumni.drew.edu> - 0.7.1-6 
- rebuild for libssh2 1.2
 2009-09-22 03:52:07 +00:00
Mark McLoughlin
7c2073faca * Mon Sep 21 2009 Mark McLoughlin <markmc@redhat.com> - 0.7.1-5 
- Don't set a bogus error in virDrvSupportsFeature()
- Fix raw save format
 2009-09-21 15:32:34 +00:00
Mark McLoughlin
5b528ba717 Fix typo 2009-09-17 14:58:55 +00:00
Mark McLoughlin
4f731a7250 Got the wrong bug number 2009-09-17 14:51:05 +00:00
Mark McLoughlin
f1ac0031f5 * Thu Sep 17 2009 Mark McLoughlin <markmc@redhat.com> - 0.7.1-4% 
- A couple of hot-unplug memory handling fixes (#523960)
 2009-09-17 14:47:51 +00:00
Daniel Veillard
e45b9c9030 Disable numactl on s390[x], Daniel 2009-09-17 13:30:50 +00:00
Daniel Veillard
3cf75c269d Refactoring of spec file by danpb for RHEL 5/6 compat, daniel 2009-09-17 12:32:32 +00:00
Daniel Veillard
585033f372 Release of 0.7.1 upstream, Daniel 2009-09-15 12:50:58 +00:00
Mark McLoughlin
897506e66a * Mon Sep 14 2009 Mark McLoughlin <markmc@redhat.com> - 0.7.1-0.2.gitfac3f4c 
- Update to newer snapshot of 0.7.1
- Stop libvirt using untrusted 'info vcpus' PID data (#520864)
- Support relabelling of USB and PCI devices
- Enable multipath storage support
- Restart libvirtd upon RPM upgrade
 2009-09-14 18:30:45 +00:00
Mark McLoughlin
e4bf8ffa42 * Sun Sep 6 2009 Mark McLoughlin <markmc@redhat.com> - 0.7.1-0.1.gitg3ef2e05 
- Update to pre-release git snapshot of 0.7.1
- Drop upstreamed patches
 2009-09-06 13:46:19 +00:00
Mark McLoughlin
20367a58a6 Add URL to source tag 2009-08-21 10:19:53 +00:00
Mark McLoughlin
aa037364ed * Wed Aug 19 2009 Mark McLoughlin <markmc@redhat.com> - 0.7.0-6 
- Fix migration completion with newer versions of qemu (#516187)
 2009-08-19 17:13:01 +00:00
Mark McLoughlin
c034c1a3b2 * Wed Aug 19 2009 Mark McLoughlin <markmc@redhat.com> - 0.7.0-5 
- Add PCI host device hotplug support
- Allow PCI bus reset to reset other devices (#499678)
- Fix stupid PCI reset error message (bug #499678)
- Allow PM reset on multi-function PCI devices (bug #515689)
- Re-attach PCI host devices after guest shuts down (bug #499561)
- Fix list corruption after disk hot-unplug
- Fix minor 'virsh nodedev-list --tree' annoyance
 2009-08-19 16:26:27 +00:00
Mark McLoughlin
da05e02884 Sync patches from git 2009-08-17 08:08:46 +00:00
Daniel P. Berrange
e1b7b518ac Added utterly crazy build dep on CVS for stupid autopoint tool 2009-08-13 15:43:14 +00:00
Daniel P. Berrange
581b5f5022 Log and ignore NUMA topology problems (rhbz #506590) 2009-08-13 15:30:19 +00:00
Daniel P. Berrange
c476c8b683 Rewrite policykit support (rhbz #499970) 2009-08-13 15:27:42 +00:00
Mark McLoughlin
b93eafc59f Add bz number 516497 for reference 2009-08-10 10:32:28 +00:00
Mark McLoughlin
2105d62ca8 * Mon Aug 10 2009 Mark McLoughlin <markmc@redhat.com> - 0.7.0-3 
- Don't fail to start network if ipv6 modules is not loaded
 2009-08-10 10:24:12 +00:00
Mark McLoughlin
743adffffe * Thu Aug 6 2009 Mark McLoughlin <markmc@redhat.com> - 0.7.0-2 
- Make sure qemu can access kernel/initrd (bug #516034)
- Set perms on /var/lib/libvirt/boot to 0711 (bug #516034)
 2009-08-06 15:01:49 +00:00
Daniel Veillard
11e3b51c0d - Upstream release of 0.7.0 
- ESX, VBox3, Power Hypervisor drivers
- new net filesystem glusterfs
- Storage cloning for LVM and Disk backends
- interface implementation based on netcf
- Support cgroups in QEMU driver
- QEmu hotplug NIC support
- a lot of fixes
Daniel
 2009-08-05 15:24:45 +00:00
Mark McLoughlin
66df925739 * Fri Jul 31 2009 Mark McLoughlin <markmc@redhat.com> - 0.7.0-0.9.gite195b43 
- Set perms on /var/lib/libvirt/images to 0711
 2009-07-31 08:55:24 +00:00
Mark McLoughlin
b20a5c6d3b * Thu Jul 30 2009 Mark McLoughlin <markmc@redhat.com> - 0.7.0-0.8.gite195b43 
- Add patch from upstream to fix qemu pidfile perms problem
 2009-07-30 17:02:50 +00:00
Daniel P. Berrange
7f58f3aa54 Create qemu/kvm user & group to fix upgrades 2009-07-30 11:07:16 +00:00
Daniel Veillard
6577b14441 - another prerelease with qemu, uml and remote patches 
- drop the news patch as it's now UTF8 upstream
Daniel
 2009-07-29 14:58:18 +00:00
Mark McLoughlin
2e7812764f - Fix disabling polkit and netcf on older fedoras 2009-07-29 09:08:57 +00:00
Mark McLoughlin
854b878580 * Wed Jul 29 2009 Mark McLoughlin <markmc@redhat.com> - 0.7.0-0.5.gitf055724 
- Move ldconfig call to libvirt-client %post/%postun
- Fix rpmlint warning about libvirt-client summary
 2009-07-29 09:00:02 +00:00
Mark McLoughlin
89c28e4013 * Wed Jul 29 2009 Mark McLoughlin <markmc@redhat.com> - 0.7.0-0.4.gitf055724 
- Drop explicit libselinux requires, it is autorequired
- Drop cleanup of python/tests, apparently not needed
- Cherry-pick upstream patch to convert NEWS to UTF-8, drop iconv
- Drop python BR; python-devel requires it
 2009-07-29 08:09:45 +00:00
Mark McLoughlin
db269c2d21 Fix some more trivial differences between upstream spec 2009-07-28 18:13:09 +00:00
Mark McLoughlin
98e4f7ee9f - Set perms on /var/{run,lib,cache}/libvirt/qemu 2009-07-28 18:06:43 +00:00
Mark McLoughlin
0c4afc5ee9 - Remove explicit dir creating in makeinstall, replaced by attr in files 2009-07-28 18:02:50 +00:00
Mark McLoughlin
593255292e - Pass --with-qemu-user=qemu etc. to configure 2009-07-28 17:41:33 +00:00
Mark McLoughlin
ccafc8ecb4 - Remove explicit libxml2 requires, again 
- Build with --without-capng if capng support is disabled
 2009-07-28 17:40:29 +00:00
Mark McLoughlin
a38fb9cbc1 - Move various requires to the libvirt-client sub-package 
- Sync some trivial cleanups from upstream spec file
 2009-07-28 17:17:13 +00:00
Mark McLoughlin
6359121866 * Tue Jul 28 2009 Mark McLoughlin <markmc@redhat.com> - 0.7.0-0.3.gitf055724 
- Enable netcf support
 2009-07-28 17:04:23 +00:00
Mark McLoughlin
b20d669e88 * Tue Jul 28 2009 Mark McLoughlin <markmc@redhat.com> - 0.7.0-0.2.gitf055724 
- Drop glusterfs dep to 2.0.1 (bug #514191)
 2009-07-28 09:58:42 +00:00
Daniel Veillard
a3e1cc37ed Push a prerelease of 0.7.0 for F12 'deadline', Daniel 2009-07-27 17:52:28 +00:00
Jesse Keating
a6eca3382d - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild 2009-07-25 08:51:35 +00:00
Richard W.M. Jones
c6c5072e90 Bump release number to rebuild against new libparted. 2009-07-10 22:08:43 +00:00
Daniel Veillard
705fd20a0e Fix libcap-ng-devel require, Daniel 2009-07-03 15:22:52 +00:00
Daniel Veillard
e0e9927d93 Remove the qemu BuildRequires I re-added, Daniel 2009-07-03 15:11:43 +00:00
Daniel Veillard
bae7a0fb84 Upstream release of libvirt-0.6.5, Daniel 2009-07-03 15:07:12 +00:00
Mark McLoughlin
36aee593bc * Fri Jul 3 2009 Mark McLoughlin <markmc@redhat.com> - 0.6.4-4.fc12 
- Fix libvirtd crash with bad capabilities data (bug #505635)
 2009-07-03 10:08:42 +00:00
Mark McLoughlin
dc0cb0e91a * Fri Jul 3 2009 Mark McLoughlin <markmc@redhat.com> - 0.6.4-3.fc12 
- Handle shared/readonly image labelling (bug #493692)
- Don't unnecessarily try to change a file context (bug #507555)
- Don't try to label a disk with no path (e.g. empty cdrom) (bug #499569)
 2009-07-03 09:57:08 +00:00
Mark McLoughlin
84d66312fe * Fri Jun 5 2009 Mark McLoughlin <markmc@redhat.com> - 0.6.4-2.fc12 
- Remove the qemu BuildRequires
 2009-06-05 11:46:47 +00:00
Daniel Veillard
4f644ce267 Old patch didn't apply in kodji ??? Daniel 2009-05-29 17:28:28 +00:00
Daniel Veillard
cdd5b3d62d Keep that patch, daniel 2009-05-29 17:05:50 +00:00
Daniel Veillard
53f63aa62d Upstream release 0.6.4 2009-05-29 16:57:14 +00:00
Mark McLoughlin
748df35c5f * Mon May 25 2009 Mark McLoughlin <markmc@redhat.com> - 0.6.3-11.fc12 
- Bring up the bridge, even if it doesn't have an IP address (bug #501912)
 2009-05-25 15:22:34 +00:00
Mark McLoughlin
a6e23d00fa * Thu May 21 2009 Mark McLoughlin <markmc@redhat.com> - 0.6.3-10.fc12 
- Fix XML attribute escaping (bug #499791)
- Fix serious event handling issues causing guests to be destroyed (bug #499698)
 2009-05-21 12:07:09 +00:00
Mark McLoughlin
c6d11b43c9 * Thu May 21 2009 Mark McLoughlin <markmc@redhat.com> - 0.6.3-9.fc12 
- Fix qemu argv detection with latest qemu (bug #501923)
 2009-05-21 10:42:33 +00:00
Mark McLoughlin
83091ff0dd Add bz numbers for each patch 2009-05-21 10:35:02 +00:00
Cole Robinson
4465a63872 Don't try to label a disk with no path (e.g. empty cdrom) (bug #499569) 2009-05-11 02:29:05 +00:00
Mark McLoughlin
3f397d9786 * Thu May 7 2009 Mark McLoughlin <markmc@redhat.com> - 0.6.3-7.fc12 
- Enable migration for qemu 0.10 (bug #499704)
 2009-05-07 19:09:00 +00:00
Cole Robinson
750aec5507 Refresh qemu caps when getCapabilities is called (bug #460649) 2009-05-06 16:33:16 +00:00
Mark McLoughlin
d7c1d3bbc0 Revert accidentally committed change 2009-05-06 15:52:08 +00:00
Mark McLoughlin
fa0f21c263 * Wed May 6 2009 Mark McLoughlin <markmc@redhat.com> - 0.6.3-5.fc12 
- Fix handling of <hostdev managed='yes'> (bug #499386)
 2009-05-06 15:45:57 +00:00
Daniel P. Berrange
afdaf5d354 Fix readonly/shared disk image labelling (rhbz #493692) 2009-05-05 13:38:26 +00:00
Daniel Veillard
26bba5aea9 was also missing /usr/share/gtk-doc/html/libvirt in -devel 
Daniel
 2009-04-28 10:53:22 +00:00
Daniel Veillard
1a4185bdcc - fix packaging bug #496945 libvirt should own /var/cache/libvirt 
Daniel
 2009-04-28 09:18:35 +00:00
Daniel Veillard
6a73119e65 Upstream release, 0.6.3, Daniel 2009-04-24 14:57:21 +00:00
Mark McLoughlin
1e2f9fce0a * Thu Apr 16 2009 Mark McLoughlin <markmc@redhat.com> - 0.6.2-2.fc12 
- Fix qemu drive format specification (#496092)
 2009-04-16 15:25:28 +00:00
51 changed files with 5242 additions and 3998 deletions
Expand all files Collapse all files

3
.cvsignore
View File

@@ -3,6 +3,3 @@
i686
x86_64
libvirt-*.tar.gz
libvirt-0.6.0.tar.gz
libvirt-0.6.1.tar.gz
libvirt-0.6.2.tar.gz

2
Makefile
View File

@@ -4,7 +4,7 @@ NAME := libvirt
SPECFILE = $(firstword $(wildcard *.spec))
define find-makefile-common
for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$d/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
endef
MAKEFILE_COMMON := $(shell $(find-makefile-common))

1
branch
View File

@@ -1 +0,0 @@
F-11

30
libvirt-0.6.2-avoid-broken-networking-with-newer-qemu.patch
View File

@@ -1,30 +0,0 @@
From 6e80c60b89728de28267242f7373ecf553e40bc1 Mon Sep 17 00:00:00 2001
From: Daniel P. Berrange <berrange@redhat.com>
Date: Thu, 28 May 2009 13:15:57 +0000
Subject: [PATCH] Avoid broken networking with new QEMU/KVM >= 86
(cherry picked from commit 2afc3bfd8b779ddba974da9d66d6ea337fc91c01)
Fedora-patch: libvirt-0.6.2-avoid-broken-networking-with-newer-qemu.patch
---
src/qemu_conf.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/qemu_conf.c b/src/qemu_conf.c
index fc0e772..99f13c6 100644
--- a/src/qemu_conf.c
+++ b/src/qemu_conf.c
@@ -658,8 +658,8 @@ qemudNetworkIfaceConnect(virConnectPtr conn,
}
snprintf(tapfdstr, sizeof(tapfdstr),
- "tap,fd=%d,script=,vlan=%d,ifname=%s",
- tapfd, vlan, net->ifname);
+ "tap,fd=%d,vlan=%d",
+ tapfd, vlan);
if (!(retval = strdup(tapfdstr)))
goto no_memory;
--
1.6.2.5

49
libvirt-0.6.2-bring-up-ipless-bridge.patch
View File

@@ -1,49 +0,0 @@
From 6635abc3bbe54e6b0168182805de92cd70d125e4 Mon Sep 17 00:00:00 2001
From: Daniel Veillard <veillard@redhat.com>
Date: Tue, 12 May 2009 15:31:22 +0000
Subject: [PATCH] * src/network_driver.c: enable bridges which are not up without an IP address, patch by Ludwig Nussel
(cherry picked from commit e978774ec67f4b062b1f65e5c76a13193a9430eb)
Fedora-patch: libvirt-0.6.2-bring-up-ipless-bridge.patch
---
src/network_driver.c | 9 +++------
1 files changed, 3 insertions(+), 6 deletions(-)
diff --git a/src/network_driver.c b/src/network_driver.c
index a17a769..a163b15 100644
--- a/src/network_driver.c
+++ b/src/network_driver.c
@@ -836,8 +836,7 @@ static int networkStartNetworkDaemon(virConnectPtr conn,
goto err_delbr;
}
- if (network->def->ipAddress &&
- (err = brSetInterfaceUp(driver->brctl, network->def->bridge, 1))) {
+ if ((err = brSetInterfaceUp(driver->brctl, network->def->bridge, 1))) {
virReportSystemError(conn, err,
_("failed to bring the bridge '%s' up"),
network->def->bridge);
@@ -878,8 +877,7 @@ static int networkStartNetworkDaemon(virConnectPtr conn,
networkRemoveIptablesRules(driver, network);
err_delbr1:
- if (network->def->ipAddress &&
- (err = brSetInterfaceUp(driver->brctl, network->def->bridge, 0))) {
+ if ((err = brSetInterfaceUp(driver->brctl, network->def->bridge, 0))) {
char ebuf[1024];
networkLog(NETWORK_WARN, _("Failed to bring down bridge '%s' : %s\n"),
network->def->bridge, virStrerror(err, ebuf, sizeof ebuf));
@@ -920,8 +918,7 @@ static int networkShutdownNetworkDaemon(virConnectPtr conn,
networkRemoveIptablesRules(driver, network);
char ebuf[1024];
- if (network->def->ipAddress &&
- (err = brSetInterfaceUp(driver->brctl, network->def->bridge, 0))) {
+ if ((err = brSetInterfaceUp(driver->brctl, network->def->bridge, 0))) {
networkLog(NETWORK_WARN, _("Failed to bring down bridge '%s' : %s\n"),
network->def->bridge, virStrerror(err, ebuf, sizeof ebuf));
}
--
1.6.2.5

33
libvirt-0.6.2-buf-locale-escape.patch
View File

@@ -1,33 +0,0 @@
From f793cd9b7220145b6df8086d77db4fdc035d680b Mon Sep 17 00:00:00 2001
From: Daniel P. Berrange <berrange@redhat.com>
Date: Tue, 4 Aug 2009 18:13:09 +0100
Subject: [PATCH] Fix escaping of 8-bit high characters
Fix https://bugzilla.redhat.com/show_bug.cgi?id=479517
* src/buf.c: Cast to 'unsigned char' before doing compare to
avoid rejecting 8-bit high characters
(cherry picked from commit 8feb499ba2c3625632210c997b49f5df515c05d4)
Fedora-patch: libvirt-0.6.2-buf-locale-escape.patch
---
src/buf.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/src/buf.c b/src/buf.c
index 259175d..c802aa2 100644
--- a/src/buf.c
+++ b/src/buf.c
@@ -304,7 +304,7 @@ virBufferEscapeString(const virBufferPtr buf, const char *format, const char *st
*out++ = 'o';
*out++ = 's';
*out++ = ';';
- } else if ((*cur >= 0x20) || (*cur == '\n') || (*cur == '\t') ||
+ } else if (((unsigned char)*cur >= 0x20) || (*cur == '\n') || (*cur == '\t') ||
(*cur == '\r')) {
/*
* default case, just copy !
--
1.6.2.5

208
libvirt-0.6.2-do-not-log-monitor-output.patch
View File

@@ -1,208 +0,0 @@
From 182a3cac2b4339e988802eb02279e7ab4c883c67 Mon Sep 17 00:00:00 2001
From: =?utf-8?q?Guido=20G=C3=BCnther?= <agx@sigxcpu.org>
Date: Thu, 16 Apr 2009 15:56:27 +0000
Subject: [PATCH] Don't log monitor output to domain log file.
It's logged via the logging system already. Prefix monitor debug output with vm
name.
(cherry picked from commit 5caa1e0eb050a12fe8ed02cf635bb672a56cdb6f)
Fedora-patch: libvirt-0.6.2-do-not-log-monitor-output.patch
---
src/qemu_driver.c | 60 +++++++++++++++++++++-------------------------------
1 files changed, 24 insertions(+), 36 deletions(-)
diff --git a/src/qemu_driver.c b/src/qemu_driver.c
index 5ca3d20..cb738b2 100644
--- a/src/qemu_driver.c
+++ b/src/qemu_driver.c
@@ -1706,27 +1706,11 @@ qemudMonitorCommandExtra(const virDomainObjPtr vm,
goto error;
}
}
-
- /* Log, but ignore failures to write logfile for VM */
- if (safewrite(vm->logfile, buf, strlen(buf)) < 0) {
- char ebuf[1024];
- VIR_WARN(_("Unable to log VM console data: %s\n"),
- virStrerror(errno, ebuf, sizeof ebuf));
- }
-
*reply = buf;
return 0;
error:
- if (buf) {
- /* Log, but ignore failures to write logfile for VM */
- if (safewrite(vm->logfile, buf, strlen(buf)) < 0) {
- char ebuf[1024];
- VIR_WARN(_("Unable to log VM console data: %s\n"),
- virStrerror(errno, ebuf, sizeof ebuf));
- }
- VIR_FREE(buf);
- }
+ VIR_FREE(buf);
return -1;
}
@@ -2461,7 +2445,7 @@ static int qemudDomainGetMemoryBalloon(virConnectPtr conn,
goto cleanup;
}
- DEBUG ("balloon reply: '%s'", reply);
+ DEBUG ("%s: balloon reply: '%s'", vm->def->name, reply);
if ((offset = strstr(reply, BALLOON_PREFIX)) != NULL) {
unsigned int memMB;
char *end;
@@ -2515,7 +2499,7 @@ static int qemudDomainSetMemoryBalloon(virConnectPtr conn,
/* If the command failed qemu prints: 'unknown command'
* No message is printed on success it seems */
- DEBUG ("balloon reply: %s", reply);
+ DEBUG ("%s: balloon reply: %s",vm->def->name, reply);
if (strstr(reply, "\nunknown command:")) {
/* Don't set error - it is expected memory balloon fails on many qemu */
ret = 0;
@@ -2810,7 +2794,7 @@ static int qemudDomainSave(virDomainPtr dom,
goto cleanup;
}
- DEBUG ("migrate reply: %s", info);
+ DEBUG ("%s: migrate reply: %s", vm->def->name, info);
/* If the command isn't supported then qemu prints:
* unknown command: migrate" */
@@ -3662,7 +3646,7 @@ static int qemudDomainChangeEjectableMedia(virConnectPtr conn,
/* If the command failed qemu prints:
* device not found, device is locked ...
* No message is printed on success it seems */
- DEBUG ("ejectable media change reply: %s", reply);
+ DEBUG ("%s: ejectable media change reply: %s", vm->def->name, reply);
if (strstr(reply, "\ndevice ")) {
qemudReportError (conn, dom, NULL, VIR_ERR_OPERATION_FAILED,
_("changing cdrom media failed: %s"), reply);
@@ -3723,7 +3707,7 @@ static int qemudDomainAttachPciDiskDevice(virConnectPtr conn,
return -1;
}
- DEBUG ("pci_add reply: %s", reply);
+ DEBUG ("%s: pci_add reply: %s", vm->def->name, reply);
/* If the command succeeds qemu prints:
* OK bus 0... */
#define PCI_ATTACH_OK_MSG "OK bus 0, slot "
@@ -3791,7 +3775,7 @@ static int qemudDomainAttachUsbMassstorageDevice(virConnectPtr conn,
return -1;
}
- DEBUG ("attach_usb reply: %s", reply);
+ DEBUG ("%s: attach_usb reply: %s",vm->def->name, reply);
/* If the command failed qemu prints:
* Could not add ... */
if (strstr(reply, "Could not add ")) {
@@ -3845,7 +3829,7 @@ static int qemudDomainAttachHostDevice(virConnectPtr conn,
return -1;
}
- DEBUG ("attach_usb reply: %s", reply);
+ DEBUG ("%s: attach_usb reply: %s", vm->def->name, reply);
/* If the command failed qemu prints:
* Could not add ... */
if (strstr(reply, "Could not add ")) {
@@ -3984,7 +3968,7 @@ static int qemudDomainDetachPciDiskDevice(virConnectPtr conn,
goto cleanup;
}
- DEBUG ("pci_del reply: %s", reply);
+ DEBUG ("%s: pci_del reply: %s",vm->def->name, reply);
/* If the command fails due to a wrong slot qemu prints: invalid slot,
* nothing is printed on success */
if (strstr(reply, "invalid slot")) {
@@ -4214,7 +4198,7 @@ qemudDomainBlockStats (virDomainPtr dom,
"%s", _("'info blockstats' command failed"));
goto cleanup;
}
- DEBUG ("info blockstats reply: %s", info);
+ DEBUG ("%s: info blockstats reply: %s", vm->def->name, info);
/* If the command isn't supported then qemu prints the supported
* info commands, so the output starts "info ". Since this is
@@ -4255,21 +4239,25 @@ qemudDomainBlockStats (virDomainPtr dom,
if (STRPREFIX (p, "rd_bytes=")) {
p += 9;
if (virStrToLong_ll (p, &dummy, 10, &stats->rd_bytes) == -1)
- DEBUG ("error reading rd_bytes: %s", p);
+ DEBUG ("%s: error reading rd_bytes: %s",
+ vm->def->name, p);
} else if (STRPREFIX (p, "wr_bytes=")) {
p += 9;
if (virStrToLong_ll (p, &dummy, 10, &stats->wr_bytes) == -1)
- DEBUG ("error reading wr_bytes: %s", p);
+ DEBUG ("%s: error reading wr_bytes: %s",
+ vm->def->name, p);
} else if (STRPREFIX (p, "rd_operations=")) {
p += 14;
if (virStrToLong_ll (p, &dummy, 10, &stats->rd_req) == -1)
- DEBUG ("error reading rd_req: %s", p);
+ DEBUG ("%s: error reading rd_req: %s",
+ vm->def->name, p);
} else if (STRPREFIX (p, "wr_operations=")) {
p += 14;
if (virStrToLong_ll (p, &dummy, 10, &stats->wr_req) == -1)
- DEBUG ("error reading wr_req: %s", p);
+ DEBUG ("%s: error reading wr_req: %s",
+ vm->def->name, p);
} else
- DEBUG ("unknown block stat near %s", p);
+ DEBUG ("%s: unknown block stat near %s", vm->def->name, p);
/* Skip to next label. */
p = strchr (p, ' ');
@@ -4481,7 +4469,7 @@ qemudDomainMemoryPeek (virDomainPtr dom,
goto cleanup;
}
- DEBUG ("memsave reply: %s", info);
+ DEBUG ("%s: memsave reply: %s", vm->def->name, info);
/* Read the memory file into buffer. */
if (saferead (fd, buffer, size) == (ssize_t) -1) {
@@ -4798,7 +4786,7 @@ qemudDomainMigratePerform (virDomainPtr dom,
"%s", _("off-line migration specified, but suspend operation failed"));
goto cleanup;
}
- DEBUG ("stop reply: %s", info);
+ DEBUG ("%s: stop reply: %s", vm->def->name, info);
VIR_FREE(info);
paused = 1;
@@ -4815,7 +4803,7 @@ qemudDomainMigratePerform (virDomainPtr dom,
snprintf (cmd, sizeof cmd, "migrate_set_speed %lum", resource);
qemudMonitorCommand (vm, cmd, &info);
- DEBUG ("migrate_set_speed reply: %s", info);
+ DEBUG ("%s: migrate_set_speed reply: %s", vm->def->name, info);
VIR_FREE (info);
}
@@ -4834,7 +4822,7 @@ qemudDomainMigratePerform (virDomainPtr dom,
goto cleanup;
}
- DEBUG ("migrate reply: %s", info);
+ DEBUG ("%s: migrate reply: %s", vm->def->name, info);
/* Now check for "fail" in the output string */
if (strstr(info, "fail") != NULL) {
@@ -4873,7 +4861,7 @@ cleanup:
vm->def->name);
}
else {
- DEBUG ("cont reply: %s", info);
+ DEBUG ("%s: cont reply: %s", vm->def->name, info);
VIR_FREE(info);
}
--
1.6.2.5

49
libvirt-0.6.2-do-not-unnecessarily-try-to-change-a-file-context.patch
View File

@@ -1,49 +0,0 @@
From 2d299525f5de29d11c6dc4810aa41e893535695b Mon Sep 17 00:00:00 2001
From: Mark McLoughlin <markmc@redhat.com>
Date: Fri, 3 Jul 2009 10:27:46 +0000
Subject: [PATCH] Don't unnecessarily try to change a file context
As pointed out by Tim Waugh here:
https://bugzilla.redhat.com/507555
We shouldn't bother trying to set the context of a file if it already
matches what we want.
(Fixed to use STREQ() and not use tabs, as pointed out by danpb)
(cherry picked from commit add254feeaa830dd5af1118c141cb140bf55b5a7)
Fedora-patch: libvirt-0.6.2-do-not-unnecessarily-try-to-change-a-file-context.patch
---
src/security_selinux.c | 11 ++++++++++-
1 files changed, 10 insertions(+), 1 deletions(-)
diff --git a/src/security_selinux.c b/src/security_selinux.c
index 450fce2..8ebe1fe 100644
--- a/src/security_selinux.c
+++ b/src/security_selinux.c
@@ -280,10 +280,19 @@ static int
SELinuxSetFilecon(virConnectPtr conn, const char *path, char *tcon)
{
char ebuf[1024];
+ security_context_t econ;
VIR_INFO("Setting SELinux context on '%s' to '%s'", path, tcon);
- if(setfilecon(path, tcon) < 0) {
+ if (setfilecon(path, tcon) < 0) {
+ if (getfilecon(path, &econ) >= 0) {
+ if (STREQ(tcon, econ)) {
+ freecon(econ);
+ /* It's alright, there's nothing to change anyway. */
+ return 0;
+ }
+ freecon(econ);
+ }
virSecurityReportError(conn, VIR_ERR_ERROR,
_("%s: unable to set security context "
"'\%s\' on %s: %s."), __func__,
--
1.6.2.5

48
libvirt-0.6.2-enable-qemu-0-10-migration.patch
View File

@@ -1,48 +0,0 @@
From 9b41d6550b6bf8d4450bb5b86550eb605cc1fd91 Mon Sep 17 00:00:00 2001
From: Daniel P. Berrange <berrange@redhat.com>
Date: Fri, 8 May 2009 10:07:15 +0000
Subject: [PATCH] Enable save/restore/migrate for QEMU >= 0.10.0
(cherry picked from commit 88e22e4e8cb7fc7e1fa1d132778aa1994f4b55b6)
Fedora-patch: libvirt-0.6.2-enable-qemu-0-10-migration.patch
---
src/qemu_conf.c | 10 +++++-----
1 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/src/qemu_conf.c b/src/qemu_conf.c
index 6f9e610..929fe00 100644
--- a/src/qemu_conf.c
+++ b/src/qemu_conf.c
@@ -472,16 +472,13 @@ int qemudExtractVersionInfo(const char *qemu,
/*
* Handling of -incoming arg with varying features
- * -incoming tcp (kvm >= 79)
- * -incoming exec (kvm >= 80)
+ * -incoming tcp (kvm >= 79, qemu >= 0.10.0)
+ * -incoming exec (kvm >= 80, qemu >= 0.10.0)
* -incoming stdio (all earlier kvm)
*
* NB, there was a pre-kvm-79 'tcp' support, but it
* was broken, because it blocked the monitor console
* while waiting for data, so pretend it doesn't exist
- *
- * XXX when next QEMU release after 0.9.1 arrives,
- * we'll need to add MIGRATE_QEMU_TCP/EXEC here too
*/
if (kvm_version >= 79) {
flags |= QEMUD_CMD_FLAG_MIGRATE_QEMU_TCP;
@@ -489,6 +486,9 @@ int qemudExtractVersionInfo(const char *qemu,
flags |= QEMUD_CMD_FLAG_MIGRATE_QEMU_EXEC;
} else if (kvm_version > 0) {
flags |= QEMUD_CMD_FLAG_MIGRATE_KVM_STDIO;
+ } else if (version >= 10000) {
+ flags |= QEMUD_CMD_FLAG_MIGRATE_QEMU_TCP;
+ flags |= QEMUD_CMD_FLAG_MIGRATE_QEMU_EXEC;
}
if (retversion)
--
1.6.2.5

147
libvirt-0.6.2-event-handling-1.patch
View File

@@ -1,147 +0,0 @@
From 261ec2c9597b2eb6c7d91589fc66e203f60b6735 Mon Sep 17 00:00:00 2001
From: Daniel P. Berrange <berrange@redhat.com>
Date: Tue, 12 May 2009 16:41:49 +0000
Subject: [PATCH] Fix interrupting of main event thread & protect against accidental uniniitalized variables
(cherry picked from commit 0a31be6ba243066378c344882cc1a32802774edb)
Fedora-patch: libvirt-0.6.2-event-handling-1.patch
---
qemud/event.c | 42 +++++++++++++++++++++++++++++++++++-------
1 files changed, 35 insertions(+), 7 deletions(-)
diff --git a/qemud/event.c b/qemud/event.c
index 0887008..4dc1020 100644
--- a/qemud/event.c
+++ b/qemud/event.c
@@ -83,10 +83,10 @@ struct virEventLoop {
static struct virEventLoop eventLoop;
/* Unique ID for the next FD watch to be registered */
-static int nextWatch = 0;
+static int nextWatch = 1;
/* Unique ID for the next timer to be registered */
-static int nextTimer = 0;
+static int nextTimer = 1;
static void virEventLock(void)
{
@@ -142,15 +142,22 @@ int virEventAddHandleImpl(int fd, int events,
void virEventUpdateHandleImpl(int watch, int events) {
int i;
+ EVENT_DEBUG("Update handle w=%d e=%d", watch, events);
+
+ if (watch <= 0) {
+ VIR_WARN("Ignoring invalid update watch %d", watch);
+ return;
+ }
+
virEventLock();
for (i = 0 ; i < eventLoop.handlesCount ; i++) {
if (eventLoop.handles[i].watch == watch) {
eventLoop.handles[i].events =
virEventHandleTypeToPollEvent(events);
+ virEventInterruptLocked();
break;
}
}
- virEventInterruptLocked();
virEventUnlock();
}
@@ -163,6 +170,12 @@ void virEventUpdateHandleImpl(int watch, int events) {
int virEventRemoveHandleImpl(int watch) {
int i;
EVENT_DEBUG("Remove handle %d", watch);
+
+ if (watch <= 0) {
+ VIR_WARN("Ignoring invalid remove watch %d", watch);
+ return -1;
+ }
+
virEventLock();
for (i = 0 ; i < eventLoop.handlesCount ; i++) {
if (eventLoop.handles[i].deleted)
@@ -171,11 +184,11 @@ int virEventRemoveHandleImpl(int watch) {
if (eventLoop.handles[i].watch == watch) {
EVENT_DEBUG("mark delete %d %d", i, eventLoop.handles[i].fd);
eventLoop.handles[i].deleted = 1;
+ virEventInterruptLocked();
virEventUnlock();
return 0;
}
}
- virEventInterruptLocked();
virEventUnlock();
return -1;
}
@@ -231,6 +244,12 @@ void virEventUpdateTimeoutImpl(int timer, int frequency) {
struct timeval tv;
int i;
EVENT_DEBUG("Updating timer %d timeout with %d ms freq", timer, frequency);
+
+ if (timer <= 0) {
+ VIR_WARN("Ignoring invalid update timer %d", timer);
+ return;
+ }
+
if (gettimeofday(&tv, NULL) < 0) {
return;
}
@@ -243,10 +262,10 @@ void virEventUpdateTimeoutImpl(int timer, int frequency) {
frequency >= 0 ? frequency +
(((unsigned long long)tv.tv_sec)*1000) +
(((unsigned long long)tv.tv_usec)/1000) : 0;
+ virEventInterruptLocked();
break;
}
}
- virEventInterruptLocked();
virEventUnlock();
}
@@ -259,6 +278,12 @@ void virEventUpdateTimeoutImpl(int timer, int frequency) {
int virEventRemoveTimeoutImpl(int timer) {
int i;
EVENT_DEBUG("Remove timer %d", timer);
+
+ if (timer <= 0) {
+ VIR_WARN("Ignoring invalid remove timer %d", timer);
+ return -1;
+ }
+
virEventLock();
for (i = 0 ; i < eventLoop.timeoutsCount ; i++) {
if (eventLoop.timeouts[i].deleted)
@@ -266,11 +291,11 @@ int virEventRemoveTimeoutImpl(int timer) {
if (eventLoop.timeouts[i].timer == timer) {
eventLoop.timeouts[i].deleted = 1;
+ virEventInterruptLocked();
virEventUnlock();
return 0;
}
}
- virEventInterruptLocked();
virEventUnlock();
return -1;
}
@@ -616,9 +641,12 @@ static int virEventInterruptLocked(void)
char c = '\0';
if (!eventLoop.running ||
- pthread_self() == eventLoop.leader)
+ pthread_self() == eventLoop.leader) {
+ VIR_DEBUG("Skip interrupt, %d %d", eventLoop.running, (int)eventLoop.leader);
return 0;
+ }
+ VIR_DEBUG0("Interrupting");
if (safewrite(eventLoop.wakeupfd[1], &c, sizeof(c)) != sizeof(c))
return -1;
return 0;
--
1.6.2.5

200
libvirt-0.6.2-event-handling-2.patch
View File

@@ -1,200 +0,0 @@
From ef1a3eaa58d83c3367a1addff6c8132f27aa09dd Mon Sep 17 00:00:00 2001
From: Daniel P. Berrange <berrange@redhat.com>
Date: Tue, 12 May 2009 16:43:04 +0000
Subject: [PATCH] Fix watch/timer event deletion
(cherry picked from commit 470317f5c71cbcc6b6d8d83d0978aea3510d3698)
Fedora-patch: libvirt-0.6.2-event-handling-2.patch
---
qemud/event.c | 112 ++++++++++++++++++++++++++-------------------------------
1 files changed, 51 insertions(+), 61 deletions(-)
diff --git a/qemud/event.c b/qemud/event.c
index 4dc1020..8bc7c34 100644
--- a/qemud/event.c
+++ b/qemud/event.c
@@ -312,7 +312,7 @@ static int virEventCalculateTimeout(int *timeout) {
EVENT_DEBUG("Calculate expiry of %d timers", eventLoop.timeoutsCount);
/* Figure out if we need a timeout */
for (i = 0 ; i < eventLoop.timeoutsCount ; i++) {
- if (eventLoop.timeouts[i].deleted || eventLoop.timeouts[i].frequency < 0)
+ if (eventLoop.timeouts[i].frequency < 0)
continue;
EVENT_DEBUG("Got a timeout scheduled for %llu", eventLoop.timeouts[i].expiresAt);
@@ -349,32 +349,26 @@ static int virEventCalculateTimeout(int *timeout) {
* file handles. The caller must free the returned data struct
* returns: the pollfd array, or NULL on error
*/
-static int virEventMakePollFDs(struct pollfd **retfds) {
+static struct pollfd *virEventMakePollFDs(void) {
struct pollfd *fds;
- int i, nfds = 0;
+ int i;
- for (i = 0 ; i < eventLoop.handlesCount ; i++) {
- if (eventLoop.handles[i].deleted)
- continue;
- nfds++;
- }
- *retfds = NULL;
/* Setup the poll file handle data structs */
- if (VIR_ALLOC_N(fds, nfds) < 0)
- return -1;
+ if (VIR_ALLOC_N(fds, eventLoop.handlesCount) < 0)
+ return NULL;
- for (i = 0, nfds = 0 ; i < eventLoop.handlesCount ; i++) {
- if (eventLoop.handles[i].deleted)
- continue;
- fds[nfds].fd = eventLoop.handles[i].fd;
- fds[nfds].events = eventLoop.handles[i].events;
- fds[nfds].revents = 0;
+ for (i = 0 ; i < eventLoop.handlesCount ; i++) {
+ EVENT_DEBUG("Prepare n=%d w=%d, f=%d e=%d", i,
+ eventLoop.handles[i].watch,
+ eventLoop.handles[i].fd,
+ eventLoop.handles[i].events);
+ fds[i].fd = eventLoop.handles[i].fd;
+ fds[i].events = eventLoop.handles[i].events;
+ fds[i].revents = 0;
//EVENT_DEBUG("Wait for %d %d", eventLoop.handles[i].fd, eventLoop.handles[i].events);
- nfds++;
}
- *retfds = fds;
- return nfds;
+ return fds;
}
@@ -434,26 +428,30 @@ static int virEventDispatchTimeouts(void) {
* Returns 0 upon success, -1 if an error occurred
*/
static int virEventDispatchHandles(int nfds, struct pollfd *fds) {
- int i, n;
+ int i;
- for (i = 0, n = 0 ; i < eventLoop.handlesCount && n < nfds ; i++) {
+ /* NB, use nfds not eventLoop.handlesCount, because new
+ * fds might be added on end of list, and they're not
+ * in the fds array we've got */
+ for (i = 0 ; i < nfds ; i++) {
if (eventLoop.handles[i].deleted) {
- EVENT_DEBUG("Skip deleted %d", eventLoop.handles[i].fd);
+ EVENT_DEBUG("Skip deleted n=%d w=%d f=%d", i,
+ eventLoop.handles[i].watch, eventLoop.handles[i].fd);
continue;
}
- if (fds[n].revents) {
+ if (fds[i].revents) {
virEventHandleCallback cb = eventLoop.handles[i].cb;
void *opaque = eventLoop.handles[i].opaque;
- int hEvents = virPollEventToEventHandleType(fds[n].revents);
- EVENT_DEBUG("Dispatch %d %d %p", fds[n].fd,
- fds[n].revents, eventLoop.handles[i].opaque);
+ int hEvents = virPollEventToEventHandleType(fds[i].revents);
+ EVENT_DEBUG("Dispatch n=%d f=%d w=%d e=%d %p", i,
+ fds[i].fd, eventLoop.handles[i].watch,
+ fds[i].revents, eventLoop.handles[i].opaque);
virEventUnlock();
(cb)(eventLoop.handles[i].watch,
- fds[n].fd, hEvents, opaque);
+ fds[i].fd, hEvents, opaque);
virEventLock();
}
- n++;
}
return 0;
@@ -544,22 +542,21 @@ static int virEventCleanupHandles(void) {
* at least one file handle has an event, or a timer expires
*/
int virEventRunOnce(void) {
- struct pollfd *fds;
+ struct pollfd *fds = NULL;
int ret, timeout, nfds;
virEventLock();
eventLoop.running = 1;
eventLoop.leader = pthread_self();
- if ((nfds = virEventMakePollFDs(&fds)) < 0) {
- virEventUnlock();
- return -1;
- }
- if (virEventCalculateTimeout(&timeout) < 0) {
- VIR_FREE(fds);
- virEventUnlock();
- return -1;
- }
+ if (virEventCleanupTimeouts() < 0 ||
+ virEventCleanupHandles() < 0)
+ goto error;
+
+ if (!(fds = virEventMakePollFDs()) ||
+ virEventCalculateTimeout(&timeout) < 0)
+ goto error;
+ nfds = eventLoop.handlesCount;
virEventUnlock();
@@ -571,38 +568,31 @@ int virEventRunOnce(void) {
if (errno == EINTR) {
goto retry;
}
- VIR_FREE(fds);
- return -1;
+ goto error_unlocked;
}
virEventLock();
- if (virEventDispatchTimeouts() < 0) {
- VIR_FREE(fds);
- virEventUnlock();
- return -1;
- }
+ if (virEventDispatchTimeouts() < 0)
+ goto error;
if (ret > 0 &&
- virEventDispatchHandles(nfds, fds) < 0) {
- VIR_FREE(fds);
- virEventUnlock();
- return -1;
- }
- VIR_FREE(fds);
-
- if (virEventCleanupTimeouts() < 0) {
- virEventUnlock();
- return -1;
- }
+ virEventDispatchHandles(nfds, fds) < 0)
+ goto error;
- if (virEventCleanupHandles() < 0) {
- virEventUnlock();
- return -1;
- }
+ if (virEventCleanupTimeouts() < 0 ||
+ virEventCleanupHandles() < 0)
+ goto error;
eventLoop.running = 0;
virEventUnlock();
+ VIR_FREE(fds);
return 0;
+
+error:
+ virEventUnlock();
+error_unlocked:
+ VIR_FREE(fds);
+ return -1;
}
static void virEventHandleWakeup(int watch ATTRIBUTE_UNUSED,
--
1.6.2.5

137
libvirt-0.6.2-fix-libvirtd-crash-with-bad-capabilities-data.patch
View File

@@ -1,137 +0,0 @@
From d8bd0cff27c0572e9305e7fdbc6b843f74d9e30f Mon Sep 17 00:00:00 2001
From: Daniel P. Berrange <berrange@redhat.com>
Date: Mon, 29 Jun 2009 10:41:56 +0000
Subject: [PATCH] Fix crash in QEMU driver with bad capabilities data
(cherry picked from commit 39c7e7a6b79bbdfa36928a430d56fa88a204e8fd)
Fedora-patch: libvirt-0.6.2-fix-libvirtd-crash-with-bad-capabilities-data.patch
---
src/qemu_driver.c | 80 +++++++++++++++++++++++++++++++++++-----------------
1 files changed, 54 insertions(+), 26 deletions(-)
diff --git a/src/qemu_driver.c b/src/qemu_driver.c
index cb738b2..3d3675c 100644
--- a/src/qemu_driver.c
+++ b/src/qemu_driver.c
@@ -360,12 +360,43 @@ next:
return 0;
}
+
+static int
+qemudSecurityCapsInit(virSecurityDriverPtr secdrv,
+ virCapsPtr caps)
+{
+ const char *doi, *model;
+
+ doi = virSecurityDriverGetDOI(secdrv);
+ model = virSecurityDriverGetModel(secdrv);
+
+ caps->host.secModel.model = strdup(model);
+ if (!caps->host.secModel.model) {
+ char ebuf[1024];
+ VIR_ERROR(_("Failed to copy secModel model: %s"),
+ virStrerror(errno, ebuf, sizeof ebuf));
+ return -1;
+ }
+
+ caps->host.secModel.doi = strdup(doi);
+ if (!caps->host.secModel.doi) {
+ char ebuf[1024];
+ VIR_ERROR(_("Failed to copy secModel DOI: %s"),
+ virStrerror(errno, ebuf, sizeof ebuf));
+ return -1;
+ }
+
+ VIR_DEBUG("Initialized caps for security driver \"%s\" with "
+ "DOI \"%s\"", model, doi);
+
+ return 0;
+}
+
+
static int
qemudSecurityInit(struct qemud_driver *qemud_drv)
{
int ret;
- const char *doi, *model;
- virCapsPtr caps;
virSecurityDriverPtr security_drv;
ret = virSecurityDriverStartup(&security_drv,
@@ -381,36 +412,17 @@ qemudSecurityInit(struct qemud_driver *qemud_drv)
}
qemud_drv->securityDriver = security_drv;
- doi = virSecurityDriverGetDOI(security_drv);
- model = virSecurityDriverGetModel(security_drv);
- VIR_DEBUG("Initialized security driver \"%s\" with "
- "DOI \"%s\"", model, doi);
+ VIR_INFO("Initialized security driver %s", security_drv->name);
/*
* Add security policy host caps now that the security driver is
* initialized.
*/
- caps = qemud_drv->caps;
-
- caps->host.secModel.model = strdup(model);
- if (!caps->host.secModel.model) {
- char ebuf[1024];
- VIR_ERROR(_("Failed to copy secModel model: %s"),
- virStrerror(errno, ebuf, sizeof ebuf));
- return -1;
- }
+ return qemudSecurityCapsInit(security_drv, qemud_drv->caps);
+}
- caps->host.secModel.doi = strdup(doi);
- if (!caps->host.secModel.doi) {
- char ebuf[1024];
- VIR_ERROR(_("Failed to copy secModel DOI: %s"),
- virStrerror(errno, ebuf, sizeof ebuf));
- return -1;
- }
- return 0;
-}
/**
* qemudStartup:
@@ -1852,13 +1864,29 @@ static int qemudGetNodeInfo(virConnectPtr conn,
static char *qemudGetCapabilities(virConnectPtr conn) {
struct qemud_driver *driver = conn->privateData;
+ virCapsPtr caps;
char *xml = NULL;
qemuDriverLock(driver);
+ if ((caps = qemudCapsInit()) == NULL) {
+ virReportOOMError(conn);
+ goto cleanup;
+ }
+
+ if (qemu_driver->securityDriver &&
+ qemudSecurityCapsInit(qemu_driver->securityDriver, caps) < 0) {
+ virCapabilitiesFree(caps);
+ virReportOOMError(conn);
+ goto cleanup;
+ }
+
virCapabilitiesFree(qemu_driver->caps);
- if ((qemu_driver->caps = qemudCapsInit()) == NULL ||
- (xml = virCapabilitiesFormatXML(driver->caps)) == NULL)
+ qemu_driver->caps = caps;
+
+ if ((xml = virCapabilitiesFormatXML(driver->caps)) == NULL)
virReportOOMError(conn);
+
+cleanup:
qemuDriverUnlock(driver);
return xml;
--
1.6.2.5

37
libvirt-0.6.2-fix-nosource-label.patch
View File

@@ -1,37 +0,0 @@
From 99c018831379f23e65860ad4f3628a6d5f1a7d5a Mon Sep 17 00:00:00 2001
From: Mark McLoughlin <markmc@redhat.com>
Date: Fri, 3 Jul 2009 10:29:09 +0000
Subject: [PATCH] Skip labelling if no src path present
Fixes startup of guest's with sourceless cdrom devices.
Patch from Cole Robinson originally posted here:
https://bugzilla.redhat.com/499569
but never sent upstream.
(cherry picked from commit 67d0c6eb9410d5101f4820a7286deacb6398afde)
Fedora-patch: libvirt-0.6.2-fix-nosource-label.patch
---
src/security_selinux.c | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
diff --git a/src/security_selinux.c b/src/security_selinux.c
index 95fa0a6..450fce2 100644
--- a/src/security_selinux.c
+++ b/src/security_selinux.c
@@ -338,6 +338,9 @@ SELinuxSetSecurityImageLabel(virConnectPtr conn,
{
const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
+ if (!disk->src)
+ return 0;
+
if (disk->shared) {
return SELinuxSetFilecon(conn, disk->src, default_image_context);
} else if (disk->readonly) {
--
1.6.2.5

85
libvirt-0.6.2-fix-qemu-argv-detection-with-kvm-85.patch
View File

@@ -1,85 +0,0 @@
From 9f6a5f50aee13575331f79f5d93635f701646eb7 Mon Sep 17 00:00:00 2001
From: Daniel P. Berrange <berrange@redhat.com>
Date: Mon, 11 May 2009 15:14:24 +0000
Subject: [PATCH] Fix QEMU ARGV detection with kvm >= 85
(cherry picked from commit 426f9772b84752b4901b72fd382ff6e28e258efd)
Fedora-patch: libvirt-0.6.2-fix-qemu-argv-detection-with-kvm-85.patch
---
src/qemu_conf.c | 18 ++++++++++++++----
src/qemu_driver.c | 12 ++----------
2 files changed, 16 insertions(+), 14 deletions(-)
diff --git a/src/qemu_conf.c b/src/qemu_conf.c
index 929fe00..3e7e32d 100644
--- a/src/qemu_conf.c
+++ b/src/qemu_conf.c
@@ -431,18 +431,28 @@ int qemudExtractVersionInfo(const char *qemu,
return -1;
char *help = NULL;
- enum { MAX_HELP_OUTPUT_SIZE = 8192 };
+ enum { MAX_HELP_OUTPUT_SIZE = 1024*64 };
int len = virFileReadLimFD(newstdout, MAX_HELP_OUTPUT_SIZE, &help);
- if (len < 0)
+ if (len < 0) {
+ virReportSystemError(NULL, errno, "%s",
+ _("Unable to read QEMU help output"));
goto cleanup2;
+ }
if (sscanf(help, "QEMU PC emulator version %u.%u.%u (kvm-%u)",
&major, &minor, &micro, &kvm_version) != 4)
kvm_version = 0;
- if (!kvm_version && sscanf(help, "QEMU PC emulator version %u.%u.%u",
- &major, &minor, &micro) != 3)
+ if (!kvm_version &&
+ sscanf(help, "QEMU PC emulator version %u.%u.%u",
+ &major, &minor, &micro) != 3) {
+ char *eol = strchr(help, '\n');
+ if (eol) *eol = '\0';
+ qemudReportError(NULL, NULL, NULL, VIR_ERR_INTERNAL_ERROR,
+ _("cannot parse QEMU version number in '%s'"),
+ help);
goto cleanup2;
+ }
version = (major * 1000 * 1000) + (minor * 1000) + micro;
diff --git a/src/qemu_driver.c b/src/qemu_driver.c
index 4752a64..5ca3d20 100644
--- a/src/qemu_driver.c
+++ b/src/qemu_driver.c
@@ -1379,12 +1379,8 @@ static int qemudStartVMDaemon(virConnectPtr conn,
if (qemudExtractVersionInfo(emulator,
NULL,
- &qemuCmdFlags) < 0) {
- qemudReportError(conn, NULL, NULL, VIR_ERR_INTERNAL_ERROR,
- _("Cannot determine QEMU argv syntax %s"),
- emulator);
+ &qemuCmdFlags) < 0)
goto cleanup;
- }
if (qemuPrepareHostDevices(conn, vm->def) < 0)
goto cleanup;
@@ -3606,12 +3602,8 @@ static int qemudDomainChangeEjectableMedia(virConnectPtr conn,
if (qemudExtractVersionInfo(vm->def->emulator,
NULL,
- &qemuCmdFlags) < 0) {
- qemudReportError(conn, dom, NULL, VIR_ERR_INTERNAL_ERROR,
- _("Cannot determine QEMU argv syntax %s"),
- vm->def->emulator);
+ &qemuCmdFlags) < 0)
return -1;
- }
if (qemuCmdFlags & QEMUD_CMD_FLAG_DRIVE) {
if (!(devname = qemudDiskDeviceName(conn, newdisk)))
--
1.6.2.5

46
libvirt-0.6.2-hotplug-labelling.patch
View File

@@ -1,46 +0,0 @@
From 0aac99f8e13dfc74b87986908165ae7f44662153 Mon Sep 17 00:00:00 2001
From: Daniel P. Berrange <berrange@redhat.com>
Date: Mon, 6 Jul 2009 16:01:55 +0100
Subject: [PATCH] Fix SELinux denial during hotplug
* src/qemu_driver.c: Relabel disk images *before* running QEMU
hotplug monitor commands
(cherry picked from commit 1795bfe4a177a5eff1b3b0a16d56df6f371c0f8e)
Fedora-patch: libvirt-0.6.2-hotplug-labelling.patch
---
src/qemu_driver.c | 6 ++++--
1 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/qemu_driver.c b/src/qemu_driver.c
index 5fc21a1..f3661f8 100644
--- a/src/qemu_driver.c
+++ b/src/qemu_driver.c
@@ -3934,10 +3934,14 @@ static int qemudDomainAttachDevice(virDomainPtr dom,
switch (dev->data.disk->device) {
case VIR_DOMAIN_DISK_DEVICE_CDROM:
case VIR_DOMAIN_DISK_DEVICE_FLOPPY:
+ if (driver->securityDriver)
+ driver->securityDriver->domainSetSecurityImageLabel(dom->conn, vm, dev->data.disk);
ret = qemudDomainChangeEjectableMedia(dom->conn, vm, dev);
break;
case VIR_DOMAIN_DISK_DEVICE_DISK:
+ if (driver->securityDriver)
+ driver->securityDriver->domainSetSecurityImageLabel(dom->conn, vm, dev->data.disk);
if (dev->data.disk->bus == VIR_DOMAIN_DISK_BUS_USB) {
ret = qemudDomainAttachUsbMassstorageDevice(dom->conn, vm, dev);
} else if (dev->data.disk->bus == VIR_DOMAIN_DISK_BUS_SCSI ||
@@ -3949,8 +3953,6 @@ static int qemudDomainAttachDevice(virDomainPtr dom,
virDomainDiskBusTypeToString(dev->data.disk->bus));
goto cleanup;
}
- if (driver->securityDriver)
- driver->securityDriver->domainSetSecurityImageLabel(dom->conn, vm, dev->data.disk);
break;
default:
--
1.6.2.5

134
libvirt-0.6.2-hotplug-monitor-syntax.patch
View File

@@ -1,134 +0,0 @@
From ae80f9ec15b03d9d3ab6cfa2d48529b459a64fb2 Mon Sep 17 00:00:00 2001
From: Daniel P. Berrange <berrange@redhat.com>
Date: Mon, 6 Jul 2009 15:58:55 +0100
Subject: [PATCH] Fix PCI device hotplug/unplug with newer QEMU
* src/qemu_driver.c: Try new monitor syntax for hotplug first. If
that fails fallback to old KVM specific syntax
(cherry picked from commit 326ecb78145cfeb7706ef0dcd521b19d934950e7)
Fedora-patch: libvirt-0.6.2-hotplug-monitor-syntax.patch
---
src/qemu_driver.c | 56 +++++++++++++++++++++++++++++++++++++++-------------
1 files changed, 42 insertions(+), 14 deletions(-)
diff --git a/src/qemu_driver.c b/src/qemu_driver.c
index f3661f8..8473616 100644
--- a/src/qemu_driver.c
+++ b/src/qemu_driver.c
@@ -3724,6 +3724,7 @@ static int qemudDomainAttachPciDiskDevice(virConnectPtr conn,
char *cmd, *reply, *s;
char *safe_path;
const char* type = virDomainDiskBusTypeToString(dev->data.disk->bus);
+ int tryOldSyntax = 0;
for (i = 0 ; i < vm->def->ndisks ; i++) {
if (STREQ(vm->def->disks[i]->dst, dev->data.disk->dst)) {
@@ -3738,14 +3739,15 @@ static int qemudDomainAttachPciDiskDevice(virConnectPtr conn,
return -1;
}
+try_command:
safe_path = qemudEscapeMonitorArg(dev->data.disk->src);
if (!safe_path) {
virReportOOMError(conn);
return -1;
}
- ret = virAsprintf(&cmd, "pci_add 0 storage file=%s,if=%s",
- safe_path, type);
+ ret = virAsprintf(&cmd, "pci_add %s storage file=%s,if=%s",
+ (tryOldSyntax ? "0": "pci_addr=auto"), safe_path, type);
VIR_FREE(safe_path);
if (ret == -1) {
virReportOOMError(conn);
@@ -3761,17 +3763,27 @@ static int qemudDomainAttachPciDiskDevice(virConnectPtr conn,
DEBUG ("%s: pci_add reply: %s", vm->def->name, reply);
/* If the command succeeds qemu prints:
- * OK bus 0... */
-#define PCI_ATTACH_OK_MSG "OK bus 0, slot "
- if ((s=strstr(reply, PCI_ATTACH_OK_MSG))) {
- char* dummy = s;
- s += strlen(PCI_ATTACH_OK_MSG);
+ * OK bus 0, slot XXX...
+ * or
+ * OK domain 0, bus 0, slot XXX
+ */
+ if ((s = strstr(reply, "OK ")) &&
+ (s = strstr(s, "slot "))) {
+ char *dummy = s;
+ s += strlen("slot ");
if (virStrToLong_i ((const char*)s, &dummy, 10, &dev->data.disk->slotnum) == -1)
VIR_WARN("%s", _("Unable to parse slot number\n"));
+ /* XXX not neccessarily always going to end up in domain 0 / bus 0 :-( */
+ /* XXX this slotnum is not persistant across restarts :-( */
+ } else if (!tryOldSyntax && strstr(reply, "invalid char in expression")) {
+ VIR_FREE(reply);
+ VIR_FREE(cmd);
+ tryOldSyntax = 1;
+ goto try_command;
} else {
qemudReportError (conn, dom, NULL, VIR_ERR_OPERATION_FAILED,
- _("adding %s disk failed"), type);
+ _("adding %s disk failed: %s"), type, reply);
VIR_FREE(reply);
VIR_FREE(cmd);
return -1;
@@ -3990,6 +4002,7 @@ static int qemudDomainDetachPciDiskDevice(virConnectPtr conn,
char *cmd = NULL;
char *reply = NULL;
virDomainDiskDefPtr detach = NULL;
+ int tryOldSyntax = 0;
for (i = 0 ; i < vm->def->ndisks ; i++) {
if (STREQ(vm->def->disks[i]->dst, dev->data.disk->dst)) {
@@ -4011,9 +4024,17 @@ static int qemudDomainDetachPciDiskDevice(virConnectPtr conn,
goto cleanup;
}
- if (virAsprintf(&cmd, "pci_del 0 %d", detach->slotnum) < 0) {
- virReportOOMError(conn);
- goto cleanup;
+try_command:
+ if (tryOldSyntax) {
+ if (virAsprintf(&cmd, "pci_del 0 %d", detach->slotnum) < 0) {
+ virReportOOMError(conn);
+ goto cleanup;
+ }
+ } else {
+ if (virAsprintf(&cmd, "pci_del pci_addr=0:0:%d", detach->slotnum) < 0) {
+ virReportOOMError(conn);
+ goto cleanup;
+ }
}
if (qemudMonitorCommand(vm, cmd, &reply) < 0) {
@@ -4023,12 +4044,19 @@ static int qemudDomainDetachPciDiskDevice(virConnectPtr conn,
}
DEBUG ("%s: pci_del reply: %s",vm->def->name, reply);
+
+ if (!tryOldSyntax &&
+ strstr(reply, "extraneous characters")) {
+ tryOldSyntax = 1;
+ goto try_command;
+ }
/* If the command fails due to a wrong slot qemu prints: invalid slot,
* nothing is printed on success */
- if (strstr(reply, "invalid slot")) {
+ if (strstr(reply, "invalid slot") ||
+ strstr(reply, "Invalid pci address")) {
qemudReportError (conn, NULL, NULL, VIR_ERR_OPERATION_FAILED,
- _("failed to detach disk %s: invalid slot %d"),
- detach->dst, detach->slotnum);
+ _("failed to detach disk %s: invalid slot %d: %s"),
+ detach->dst, detach->slotnum, reply);
goto cleanup;
}
--
1.6.2.5

57
libvirt-0.6.2-libvirtd-double-free.patch
View File

@@ -1,57 +0,0 @@
From 2c42e4c96efd390fa7a6957692a5863d30a10828 Mon Sep 17 00:00:00 2001
From: Daniel P. Berrange <berrange@redhat.com>
Date: Fri, 29 May 2009 14:34:35 +0000
Subject: [PATCH] Avoid double-free in daemon client cleanup code
(cherry picked from commit 6c3ef350649b959215cfc5ccfdaba35bf9560066)
Fedora-patch: libvirt-0.6.2-libvirtd-double-free.patch
---
qemud/qemud.c | 22 +++++++++++++++++-----
1 files changed, 17 insertions(+), 5 deletions(-)
diff --git a/qemud/qemud.c b/qemud/qemud.c
index 4f04355..e299a67 100644
--- a/qemud/qemud.c
+++ b/qemud/qemud.c
@@ -1397,7 +1397,10 @@ static int qemudDispatchServer(struct qemud_server *server, struct qemud_socket
* jobs have finished, then clean it up elsehwere
*/
void qemudDispatchClientFailure(struct qemud_client *client) {
- virEventRemoveHandleImpl(client->watch);
+ if (client->watch != -1) {
+ virEventRemoveHandleImpl(client->watch);
+ client->watch = -1;
+ }
/* Deregister event delivery callback */
if(client->conn) {
@@ -1406,12 +1409,21 @@ void qemudDispatchClientFailure(struct qemud_client *client) {
}
#if HAVE_SASL
- if (client->saslconn) sasl_dispose(&client->saslconn);
+ if (client->saslconn) {
+ sasl_dispose(&client->saslconn);
+ client->saslconn = NULL;
+ }
free(client->saslUsername);
+ client->saslUsername = NULL;
#endif
- if (client->tlssession) gnutls_deinit (client->tlssession);
- close(client->fd);
- client->fd = -1;
+ if (client->tlssession) {
+ gnutls_deinit (client->tlssession);
+ client->tlssession = NULL;
+ }
+ if (client->fd != -1) {
+ close(client->fd);
+ client->fd = -1;
+ }
}
--
1.6.2.5

60
libvirt-0.6.2-monitor-prompt-discard.patch
View File

@@ -1,60 +0,0 @@
From eb2fad7e94ba9bf48787e24542931688b9926ca1 Mon Sep 17 00:00:00 2001
From: Daniel P. Berrange <berrange@redhat.com>
Date: Mon, 6 Jul 2009 15:45:04 +0100
Subject: [PATCH] Fix problem with QEMU monitor welcome prompt confusing libvirt after a libvirtd daemon restart with active guests
* src/qemu_driver: Read and dicard pending monitor data
before issuing new monitor commands.
(cherry picked from commit 2d1f2e706c8b13571e1227df1c69b2302da35d5a)
Fedora-patch: libvirt-0.6.2-monitor-prompt-discard.patch
---
src/qemu_driver.c | 24 ++++++++++++++++++++++++
1 files changed, 24 insertions(+), 0 deletions(-)
diff --git a/src/qemu_driver.c b/src/qemu_driver.c
index 3d3675c..5fc21a1 100644
--- a/src/qemu_driver.c
+++ b/src/qemu_driver.c
@@ -1636,6 +1636,28 @@ cleanup:
qemuDriverUnlock(driver);
}
+
+/* Throw away any data available on the monitor
+ * This is done before executing a command, in order
+ * to allow re-synchronization if something went badly
+ * wrong in the past. it also deals with problem of
+ * QEMU *sometimes* re-printing its initial greeting
+ * when we reconnect to the monitor after restarts.
+ */
+static void
+qemuMonitorDiscardPendingData(virDomainObjPtr vm) {
+ char buf[1024];
+ int ret = 0;
+
+ /* Monitor is non-blocking, so just loop till we
+ * get -1 or 0. Don't bother with detecting
+ * errors, since we'll deal with that better later */
+ do {
+ ret = read(vm->monitor, buf, sizeof (buf)-1);
+ } while (ret > 0);
+}
+
+
static int
qemudMonitorCommandExtra(const virDomainObjPtr vm,
const char *cmd,
@@ -1647,6 +1669,8 @@ qemudMonitorCommandExtra(const virDomainObjPtr vm,
size_t cmdlen = strlen(cmd);
size_t extralen = extra ? strlen(extra) : 0;
+ qemuMonitorDiscardPendingData(vm);
+
if (safewrite(vm->monitor, cmd, cmdlen) != cmdlen)
return -1;
if (safewrite(vm->monitor, "\r", 1) != 1)
--
1.6.2.5

159
libvirt-0.6.2-numa-ignore-fail.patch
View File

@@ -1,159 +0,0 @@
From 3cf2f90a4747547f9877b15c1f573f8a771098e8 Mon Sep 17 00:00:00 2001
From: Daniel P. Berrange <berrange@redhat.com>
Date: Mon, 29 Jun 2009 10:41:56 +0000
Subject: [PATCH] Fix crash in QEMU driver with bad capabilities data
(cherry picked from commit 39c7e7a6b79bbdfa36928a430d56fa88a204e8fd)
Fedora-patch: libvirt-0.6.2-numa-ignore-fail.patch
---
src/capabilities.c | 16 +++++++++++++---
src/capabilities.h | 3 +++
src/libvirt_private.syms | 1 +
src/lxc_conf.c | 11 +++++++++--
src/qemu_conf.c | 10 ++++++++--
src/uml_conf.c | 11 +++++++++--
6 files changed, 43 insertions(+), 9 deletions(-)
diff --git a/src/capabilities.c b/src/capabilities.c
index d6e3478..8dc32a1 100644
--- a/src/capabilities.c
+++ b/src/capabilities.c
@@ -122,6 +122,18 @@ virCapabilitiesFreeGuest(virCapsGuestPtr guest)
}
+void
+virCapabilitiesFreeNUMAInfo(virCapsPtr caps)
+{
+ int i;
+
+ for (i = 0 ; i < caps->host.nnumaCell ; i++)
+ virCapabilitiesFreeHostNUMACell(caps->host.numaCell[i]);
+ VIR_FREE(caps->host.numaCell);
+ caps->host.nnumaCell = 0;
+}
+
+
/**
* virCapabilitiesFree:
* @caps: object to free
@@ -141,9 +153,7 @@ virCapabilitiesFree(virCapsPtr caps) {
for (i = 0 ; i < caps->host.nfeatures ; i++)
VIR_FREE(caps->host.features[i]);
VIR_FREE(caps->host.features);
- for (i = 0 ; i < caps->host.nnumaCell ; i++)
- virCapabilitiesFreeHostNUMACell(caps->host.numaCell[i]);
- VIR_FREE(caps->host.numaCell);
+ virCapabilitiesFreeNUMAInfo(caps);
for (i = 0 ; i < caps->host.nmigrateTrans ; i++)
VIR_FREE(caps->host.migrateTrans[i]);
diff --git a/src/capabilities.h b/src/capabilities.h
index 5b0bbab..1b49666 100644
--- a/src/capabilities.h
+++ b/src/capabilities.h
@@ -118,6 +118,9 @@ extern void
virCapabilitiesFree(virCapsPtr caps);
extern void
+virCapabilitiesFreeNUMAInfo(virCapsPtr caps);
+
+extern void
virCapabilitiesSetMacPrefix(virCapsPtr caps,
unsigned char *prefix);
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 350a931..9249a1a 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -24,6 +24,7 @@ virCapabilitiesDefaultGuestEmulator;
virCapabilitiesDefaultGuestMachine;
virCapabilitiesFormatXML;
virCapabilitiesFree;
+virCapabilitiesFreeNUMAInfo;
virCapabilitiesNew;
virCapabilitiesSetMacPrefix;
virCapabilitiesGenerateMac;
diff --git a/src/lxc_conf.c b/src/lxc_conf.c
index 34c8aea..fe721e3 100644
--- a/src/lxc_conf.c
+++ b/src/lxc_conf.c
@@ -30,6 +30,7 @@
#include "lxc_conf.h"
#include "nodeinfo.h"
#include "virterror_internal.h"
+#include "logging.h"
#define VIR_FROM_THIS VIR_FROM_LXC
@@ -46,8 +47,14 @@ virCapsPtr lxcCapsInit(void)
0, 0)) == NULL)
goto no_memory;
- if (virCapsInitNUMA(caps) < 0)
- goto no_memory;
+ /* Some machines have problematic NUMA toplogy causing
+ * unexpected failures. We don't want to break the QEMU
+ * driver in this scenario, so log errors & carry on
+ */
+ if (virCapsInitNUMA(caps) < 0) {
+ virCapabilitiesFreeNUMAInfo(caps);
+ VIR_WARN0("Failed to query host NUMA topology, disabling NUMA capabilities");
+ }
/* XXX shouldn't 'borrow' KVM's prefix */
virCapabilitiesSetMacPrefix(caps, (unsigned char []){ 0x52, 0x54, 0x00 });
diff --git a/src/qemu_conf.c b/src/qemu_conf.c
index 99f13c6..1194e36 100644
--- a/src/qemu_conf.c
+++ b/src/qemu_conf.c
@@ -376,8 +376,14 @@ virCapsPtr qemudCapsInit(void) {
/* Using KVM's mac prefix for QEMU too */
virCapabilitiesSetMacPrefix(caps, (unsigned char[]){ 0x52, 0x54, 0x00 });
- if (virCapsInitNUMA(caps) < 0)
- goto no_memory;
+ /* Some machines have problematic NUMA toplogy causing
+ * unexpected failures. We don't want to break the QEMU
+ * driver in this scenario, so log errors & carry on
+ */
+ if (virCapsInitNUMA(caps) < 0) {
+ virCapabilitiesFreeNUMAInfo(caps);
+ VIR_WARN0("Failed to query host NUMA topology, disabling NUMA capabilities");
+ }
/* First the pure HVM guests */
for (i = 0 ; i < ARRAY_CARDINALITY(arch_info_hvm) ; i++)
diff --git a/src/uml_conf.c b/src/uml_conf.c
index c0d086e..9dd4967 100644
--- a/src/uml_conf.c
+++ b/src/uml_conf.c
@@ -44,6 +44,7 @@
#include "memory.h"
#include "nodeinfo.h"
#include "verify.h"
+#include "logging.h"
#define VIR_FROM_THIS VIR_FROM_UML
@@ -62,8 +63,14 @@ virCapsPtr umlCapsInit(void) {
0, 0)) == NULL)
goto no_memory;
- if (virCapsInitNUMA(caps) < 0)
- goto no_memory;
+ /* Some machines have problematic NUMA toplogy causing
+ * unexpected failures. We don't want to break the QEMU
+ * driver in this scenario, so log errors & carry on
+ */
+ if (virCapsInitNUMA(caps) < 0) {
+ virCapabilitiesFreeNUMAInfo(caps);
+ VIR_WARN0("Failed to query host NUMA topology, disabling NUMA capabilities");
+ }
if ((guest = virCapabilitiesAddGuest(caps,
"uml",
--
1.6.2.5

31
libvirt-0.6.2-pci-device-crash.patch
View File

@@ -1,31 +0,0 @@
From d5d67ea357d92759d4a9ecb213e577835f961eed Mon Sep 17 00:00:00 2001
From: Daniel P. Berrange <berrange@redhat.com>
Date: Thu, 16 Jul 2009 13:23:32 +0100
Subject: [PATCH] Fix free of unitialized data upon PCI open fail
(cherry picked from commit 4a7acedd3c59a6a750576cb8680bc3f08fe0b52c)
Fedora-patch: libvirt-0.6.2-pci-device-crash.patch
---
src/pci.c | 4 +---
1 files changed, 1 insertions(+), 3 deletions(-)
diff --git a/src/pci.c b/src/pci.c
index ed64d68..68a380d 100644
--- a/src/pci.c
+++ b/src/pci.c
@@ -829,10 +829,8 @@ pciReadDeviceID(pciDevice *dev, const char *id_name)
dev->name, id_name);
/* ID string is '0xNNNN\n' ... i.e. 7 bytes */
- if (virFileReadAll(path, 7, &id_str) < 7) {
- VIR_FREE(id_str);
+ if (virFileReadAll(path, 7, &id_str) < 0)
return NULL;
- }
/* Check for 0x suffix */
if (id_str[0] != '0' || id_str[1] != 'x') {
--
1.6.2.5

31
libvirt-0.6.2-qemu-drive-format.patch
View File

@@ -1,31 +0,0 @@
From bf7b58a2471a07111f8022c0176f45ee5dc5fe71 Mon Sep 17 00:00:00 2001
From: Mark McLoughlin <markmc@redhat.com>
Date: Thu, 16 Apr 2009 14:21:35 +0000
Subject: [PATCH] qemu -drive takes format= not fmt=
Seems like a simple typo - it has been "format=" since the flag
was introduced, but we added it as "fmt=".
(cherry picked from commit 9fa79000ecc883c699a6cb1ce7f00c34881bc8fe)
Fedora-patch: libvirt-0.6.2-qemu-drive-format.patch
---
src/qemu_conf.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/src/qemu_conf.c b/src/qemu_conf.c
index f36c927..6f9e610 100644
--- a/src/qemu_conf.c
+++ b/src/qemu_conf.c
@@ -1135,7 +1135,7 @@ int qemudBuildCommandLine(virConnectPtr conn,
disk->device == VIR_DOMAIN_DISK_DEVICE_DISK)
virBufferAddLit(&opt, ",boot=on");
if (disk->driverType)
- virBufferVSprintf(&opt, ",fmt=%s", disk->driverType);
+ virBufferVSprintf(&opt, ",format=%s", disk->driverType);
if (disk->cachemode) {
const char *mode =
--
1.6.2.5

176
libvirt-0.6.2-qemu-name-uniqueness.patch
View File

@@ -1,176 +0,0 @@
From 1f1a0ca63c5492c7d41a0cdbd452a2743f314ebc Mon Sep 17 00:00:00 2001
From: Daniel P. Berrange <berrange@redhat.com>
Date: Fri, 8 May 2009 10:11:14 +0000
Subject: [PATCH] Improve name & UUID uniqueness checking in QEMU driver
(cherry picked from commit 54ebbde1e18ec831ff2fddb44ec27ed5dde7874a)
Fedora-patch: libvirt-0.6.2-qemu-name-uniqueness.patch
---
src/qemu_driver.c | 103 ++++++++++++++++++++++++++++++++++++++++++----------
1 files changed, 83 insertions(+), 20 deletions(-)
diff --git a/src/qemu_driver.c b/src/qemu_driver.c
index 8473616..dfd19c5 100644
--- a/src/qemu_driver.c
+++ b/src/qemu_driver.c
@@ -2174,22 +2174,37 @@ static virDomainPtr qemudDomainCreate(virConnectPtr conn, const char *xml,
if (virSecurityDriverVerify(conn, def) < 0)
goto cleanup;
- vm = virDomainFindByName(&driver->domains, def->name);
- if (vm) {
- qemudReportError(conn, NULL, NULL, VIR_ERR_OPERATION_FAILED,
- _("domain '%s' is already defined"),
- def->name);
- goto cleanup;
- }
+ /* See if a VM with matching UUID already exists */
vm = virDomainFindByUUID(&driver->domains, def->uuid);
if (vm) {
- char uuidstr[VIR_UUID_STRING_BUFLEN];
+ /* UUID matches, but if names don't match, refuse it */
+ if (STRNEQ(vm->def->name, def->name)) {
+ char uuidstr[VIR_UUID_STRING_BUFLEN];
+ virUUIDFormat(vm->def->uuid, uuidstr);
+ qemudReportError(conn, NULL, NULL, VIR_ERR_OPERATION_FAILED,
+ _("domain '%s' is already defined with uuid %s"),
+ vm->def->name, uuidstr);
+ goto cleanup;
+ }
- virUUIDFormat(def->uuid, uuidstr);
- qemudReportError(conn, NULL, NULL, VIR_ERR_OPERATION_FAILED,
- _("domain with uuid '%s' is already defined"),
- uuidstr);
- goto cleanup;
+ /* UUID & name match, but if VM is already active, refuse it */
+ if (virDomainIsActive(vm)) {
+ qemudReportError(conn, NULL, NULL, VIR_ERR_OPERATION_FAILED,
+ _("domain is already active as '%s'"), vm->def->name);
+ goto cleanup;
+ }
+ virDomainObjUnlock(vm);
+ } else {
+ /* UUID does not match, but if a name matches, refuse it */
+ vm = virDomainFindByName(&driver->domains, def->name);
+ if (vm) {
+ char uuidstr[VIR_UUID_STRING_BUFLEN];
+ virUUIDFormat(vm->def->uuid, uuidstr);
+ qemudReportError(conn, NULL, NULL, VIR_ERR_OPERATION_FAILED,
+ _("domain '%s' is already defined with uuid %s"),
+ def->name, uuidstr);
+ goto cleanup;
+ }
}
if (!(vm = virDomainAssignDef(conn,
@@ -2368,6 +2383,11 @@ static int qemudDomainDestroy(virDomainPtr dom) {
_("no domain with matching id %d"), dom->id);
goto cleanup;
}
+ if (!virDomainIsActive(vm)) {
+ qemudReportError(dom->conn, dom, NULL, VIR_ERR_OPERATION_FAILED,
+ "%s", _("domain is not running"));
+ goto cleanup;
+ }
qemudShutdownVMDaemon(dom->conn, driver, vm);
event = virDomainEventNewFromObj(vm,
@@ -3272,17 +3292,36 @@ static int qemudDomainRestore(virConnectPtr conn,
goto cleanup;
}
- /* Ensure the name and UUID don't already exist in an active VM */
+ /* See if a VM with matching UUID already exists */
vm = virDomainFindByUUID(&driver->domains, def->uuid);
- if (!vm)
- vm = virDomainFindByName(&driver->domains, def->name);
if (vm) {
+ /* UUID matches, but if names don't match, refuse it */
+ if (STRNEQ(vm->def->name, def->name)) {
+ char uuidstr[VIR_UUID_STRING_BUFLEN];
+ virUUIDFormat(vm->def->uuid, uuidstr);
+ qemudReportError(conn, NULL, NULL, VIR_ERR_OPERATION_FAILED,
+ _("domain '%s' is already defined with uuid %s"),
+ vm->def->name, uuidstr);
+ goto cleanup;
+ }
+
+ /* UUID & name match, but if VM is already active, refuse it */
if (virDomainIsActive(vm)) {
qemudReportError(conn, NULL, NULL, VIR_ERR_OPERATION_FAILED,
_("domain is already active as '%s'"), vm->def->name);
goto cleanup;
- } else {
- virDomainObjUnlock(vm);
+ }
+ virDomainObjUnlock(vm);
+ } else {
+ /* UUID does not match, but if a name matches, refuse it */
+ vm = virDomainFindByName(&driver->domains, def->name);
+ if (vm) {
+ char uuidstr[VIR_UUID_STRING_BUFLEN];
+ virUUIDFormat(vm->def->uuid, uuidstr);
+ qemudReportError(conn, NULL, NULL, VIR_ERR_OPERATION_FAILED,
+ _("domain '%s' is already defined with uuid %s"),
+ def->name, uuidstr);
+ goto cleanup;
}
}
@@ -3470,18 +3509,41 @@ static virDomainPtr qemudDomainDefine(virConnectPtr conn, const char *xml) {
if (virSecurityDriverVerify(conn, def) < 0)
goto cleanup;
- vm = virDomainFindByName(&driver->domains, def->name);
+ /* See if a VM with matching UUID already exists */
+ vm = virDomainFindByUUID(&driver->domains, def->uuid);
if (vm) {
+ /* UUID matches, but if names don't match, refuse it */
+ if (STRNEQ(vm->def->name, def->name)) {
+ char uuidstr[VIR_UUID_STRING_BUFLEN];
+ virUUIDFormat(vm->def->uuid, uuidstr);
+ qemudReportError(conn, NULL, NULL, VIR_ERR_OPERATION_FAILED,
+ _("domain '%s' is already defined with uuid %s"),
+ vm->def->name, uuidstr);
+ goto cleanup;
+ }
+
+ /* UUID & name match */
virDomainObjUnlock(vm);
newVM = 0;
+ } else {
+ /* UUID does not match, but if a name matches, refuse it */
+ vm = virDomainFindByName(&driver->domains, def->name);
+ if (vm) {
+ char uuidstr[VIR_UUID_STRING_BUFLEN];
+ virUUIDFormat(vm->def->uuid, uuidstr);
+ qemudReportError(conn, NULL, NULL, VIR_ERR_OPERATION_FAILED,
+ _("domain '%s' is already defined with uuid %s"),
+ def->name, uuidstr);
+ goto cleanup;
+ }
}
if (!(vm = virDomainAssignDef(conn,
&driver->domains,
def))) {
- virDomainDefFree(def);
goto cleanup;
}
+ def = NULL;
vm->persistent = 1;
if (virDomainSaveConfig(conn,
@@ -3503,6 +3565,7 @@ static virDomainPtr qemudDomainDefine(virConnectPtr conn, const char *xml) {
if (dom) dom->id = vm->def->id;
cleanup:
+ virDomainDefFree(def);
if (vm)
virDomainObjUnlock(vm);
if (event)
--
1.6.2.5

56
libvirt-0.6.2-qemu-ppc-machine-type.patch
View File

@@ -1,56 +0,0 @@
From 5c1ff776a3194bcc5d593aedd36cd676f1fcab64 Mon Sep 17 00:00:00 2001
From: Daniel Veillard <veillard@redhat.com>
Date: Fri, 29 May 2009 13:32:06 +0000
Subject: [PATCH] PPC Qemu Machine Type update * src/qemu_conf.c docs/schemas/domain.rng tests/capabilityschemadata/caps-qemu-kvm.xml: PPC Qemu Machine Type changed from g3bw to g3beige some time ago, patch by Thomas Baker
(cherry picked from commit 525c3d40a97a1ccce7c4dc314d2dd9e780b50d41)
Fedora-patch: libvirt-0.6.2-qemu-ppc-machine-type.patch
---
docs/schemas/domain.rng | 2 +-
src/qemu_conf.c | 2 +-
tests/capabilityschemadata/caps-qemu-kvm.xml | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/docs/schemas/domain.rng b/docs/schemas/domain.rng
index 2f784e1..b29079a 100644
--- a/docs/schemas/domain.rng
+++ b/docs/schemas/domain.rng
@@ -184,7 +184,7 @@
</attribute>
<attribute name="machine">
<choice>
- <value>g3bw</value>
+ <value>g3beige</value>
<value>mac99</value>
<value>prep</value>
</choice>
diff --git a/src/qemu_conf.c b/src/qemu_conf.c
index 3e7e32d..fc0e772 100644
--- a/src/qemu_conf.c
+++ b/src/qemu_conf.c
@@ -192,7 +192,7 @@ static const char *const arch_info_hvm_sparc_machines[] = {
"sun4m"
};
static const char *const arch_info_hvm_ppc_machines[] = {
- "g3bw", "mac99", "prep"
+ "g3beige", "mac99", "prep"
};
static const char *const arch_info_xen_x86_machines[] = {
diff --git a/tests/capabilityschemadata/caps-qemu-kvm.xml b/tests/capabilityschemadata/caps-qemu-kvm.xml
index fd8523e..893f9ed 100644
--- a/tests/capabilityschemadata/caps-qemu-kvm.xml
+++ b/tests/capabilityschemadata/caps-qemu-kvm.xml
@@ -81,7 +81,7 @@
<arch name='ppc'>
<wordsize>32</wordsize>
<emulator>/usr/bin/qemu-system-ppc</emulator>
- <machine>g3bw</machine>
+ <machine>g3beige</machine>
<machine>mac99</machine>
<machine>prep</machine>
<domain type='qemu'>
--
1.6.2.5

100
libvirt-0.6.2-shared-readonly-label.patch
View File

@@ -1,100 +0,0 @@
From 36cf92efa2b22f275bdc56411d9704e530cdb3fa Mon Sep 17 00:00:00 2001
From: Mark McLoughlin <markmc@redhat.com>
Date: Fri, 3 Jul 2009 10:26:37 +0000
Subject: [PATCH] Re-label shared and readonly images
This patch was posted ages ago here:
https://bugzilla.redhat.com/493692
But was never posted upstream AFAICT.
Patch from Dan Berrange
(cherry picked from commit 547147084d03ebf30d09d242a5a721a4df664ffe)
Fedora-patch: libvirt-0.6.2-shared-readonly-label.patch
---
src/security_selinux.c | 26 +++++++++++++++++++-------
1 files changed, 19 insertions(+), 7 deletions(-)
diff --git a/src/security_selinux.c b/src/security_selinux.c
index ac317d7..95fa0a6 100644
--- a/src/security_selinux.c
+++ b/src/security_selinux.c
@@ -24,11 +24,12 @@
#include "virterror_internal.h"
#include "util.h"
#include "memory.h"
-
+#include "logging.h"
#define VIR_FROM_THIS VIR_FROM_SECURITY
static char default_domain_context[1024];
+static char default_content_context[1024];
static char default_image_context[1024];
#define SECURITY_SELINUX_VOID_DOI "0"
#define SECURITY_SELINUX_NAME "selinux"
@@ -148,8 +149,13 @@ SELinuxInitialize(virConnectPtr conn)
close(fd);
ptr = strchrnul(default_image_context, '\n');
- *ptr = '\0';
-
+ if (*ptr == '\n') {
+ *ptr = '\0';
+ strcpy(default_content_context, ptr+1);
+ ptr = strchrnul(default_content_context, '\n');
+ if (*ptr == '\n')
+ *ptr = '\0';
+ }
return 0;
}
@@ -275,6 +281,8 @@ SELinuxSetFilecon(virConnectPtr conn, const char *path, char *tcon)
{
char ebuf[1024];
+ VIR_INFO("Setting SELinux context on '%s' to '%s'", path, tcon);
+
if(setfilecon(path, tcon) < 0) {
virSecurityReportError(conn, VIR_ERR_ERROR,
_("%s: unable to set security context "
@@ -299,6 +307,8 @@ SELinuxRestoreSecurityImageLabel(virConnectPtr conn,
char *newpath = NULL;
const char *path = disk->src;
+ /* Don't restore labels on readoly/shared disks, because
+ * other VMs may still be accessing these */
if (disk->readonly || disk->shared)
return 0;
@@ -328,8 +338,13 @@ SELinuxSetSecurityImageLabel(virConnectPtr conn,
{
const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
- if (secdef->imagelabel)
+ if (disk->shared) {
+ return SELinuxSetFilecon(conn, disk->src, default_image_context);
+ } else if (disk->readonly) {
+ return SELinuxSetFilecon(conn, disk->src, default_content_context);
+ } else if (secdef->imagelabel) {
return SELinuxSetFilecon(conn, disk->src, secdef->imagelabel);
+ }
return 0;
}
@@ -403,9 +418,6 @@ SELinuxSetSecurityLabel(virConnectPtr conn,
if (secdef->imagelabel) {
for (i = 0 ; i < vm->def->ndisks ; i++) {
- if (vm->def->disks[i]->readonly ||
- vm->def->disks[i]->shared) continue;
-
if (SELinuxSetSecurityImageLabel(conn, vm, vm->def->disks[i]) < 0)
return -1;
}
--
1.6.2.5

51
libvirt-0.6.2-svirt-sound.patch
View File

@@ -1,51 +0,0 @@
From 0d72b6fb7d4aa5e55294eb3222e7156d3d75a9e7 Mon Sep 17 00:00:00 2001
From: Daniel P. Berrange <berrange@redhat.com>
Date: Mon, 17 Aug 2009 08:52:30 +0100
Subject: [PATCH] Disable sound cards when running sVirt
Temporary hack till PulseAudio autostart problems are sorted out when
SELinux enforcing (bz 486112)
Fedora-patch: libvirt-0.6.2-svirt-sound.patch
---
src/qemu_conf.c | 17 ++++++++++++++++-
1 files changed, 16 insertions(+), 1 deletions(-)
diff --git a/src/qemu_conf.c b/src/qemu_conf.c
index 1194e36..f42aeaa 100644
--- a/src/qemu_conf.c
+++ b/src/qemu_conf.c
@@ -795,6 +795,20 @@ int qemudBuildCommandLine(virConnectPtr conn,
char domid[50];
char *pidfile;
const char *cpu = NULL;
+ int skipSound = 0;
+
+ if (driver->securityDriver &&
+ driver->securityDriver->name &&
+ STREQ(driver->securityDriver->name, "selinux") &&
+ getuid() == 0) {
+ static int soundWarned = 0;
+ skipSound = 1;
+ if (vm->def->nsounds &&
+ !soundWarned) {
+ soundWarned = 1;
+ VIR_WARN0("Sound cards for VMs are disabled while SELinux security model is active");
+ }
+ }
uname_normalize(&ut);
@@ -1441,7 +1455,8 @@ int qemudBuildCommandLine(virConnectPtr conn,
}
/* Add sound hardware */
- if (vm->def->nsounds) {
+ if (vm->def->nsounds &&
+ !skipSound) {
int size = 100;
char *modstr;
if (VIR_ALLOC_N(modstr, size+1) < 0)
--
1.6.2.5

49
libvirt-0.6.2-xml-attribute-escaping.patch
View File

@@ -1,49 +0,0 @@
From a7d81a2f9e80942c9951c1d16ad69c66b9a47bbb Mon Sep 17 00:00:00 2001
From: Daniel Veillard <veillard@redhat.com>
Date: Wed, 13 May 2009 16:19:59 +0000
Subject: [PATCH] * src/buf.c: avoid an XML attribute escaping bug #499791 daniel
(cherry picked from commit 7afe94e7e236ec465d838e7d60e961975c526ab2)
Fedora-patch: libvirt-0.6.2-xml-attribute-escaping.patch
---
src/buf.c | 16 +++++++++++++++-
1 files changed, 15 insertions(+), 1 deletions(-)
diff --git a/src/buf.c b/src/buf.c
index cdcdac9..259175d 100644
--- a/src/buf.c
+++ b/src/buf.c
@@ -266,7 +266,7 @@ virBufferEscapeString(const virBufferPtr buf, const char *format, const char *st
return;
len = strlen(str);
- if (VIR_ALLOC_N(escaped, 5 * len + 1) < 0) {
+ if (VIR_ALLOC_N(escaped, 6 * len + 1) < 0) {
virBufferNoMemory(buf);
return;
}
@@ -290,6 +290,20 @@ virBufferEscapeString(const virBufferPtr buf, const char *format, const char *st
*out++ = 'm';
*out++ = 'p';
*out++ = ';';
+ } else if (*cur == '"') {
+ *out++ = '&';
+ *out++ = 'q';
+ *out++ = 'u';
+ *out++ = 'o';
+ *out++ = 't';
+ *out++ = ';';
+ } else if (*cur == '\'') {
+ *out++ = '&';
+ *out++ = 'a';
+ *out++ = 'p';
+ *out++ = 'o';
+ *out++ = 's';
+ *out++ = ';';
} else if ((*cur >= 0x20) || (*cur == '\n') || (*cur == '\t') ||
(*cur == '\r')) {
/*
--
1.6.2.5

47
libvirt-0.6.3-hostdev-managed.patch
View File

@@ -1,47 +0,0 @@
From b3f02d5528c121bcf7b9ac5c4284517e71a5e2f2 Mon Sep 17 00:00:00 2001
From: Mark McLoughlin <markmc@redhat.com>
Date: Wed, 6 May 2009 15:56:20 +0000
Subject: [PATCH] Fix qemu driver's interpretation of <hostdev managed='yes'/>
This change:
Tue Mar 3 08:55:13 GMT 2009 Daniel P. Berrange <berrange@redhat.com>
Don't try to detach & reset PCI devices while running test
suite for XML-> ARGV conversion.
* src/qemu_driver.c: Add qemuPrepareHostDevices() helper to
detach and reset PCI devices.
* src/qemu_conf.c: Don't detach & reset PCI devices while
building the command line argv
accidentally did this:
- if (hostdev->managed) {
+ if (!hostdev->managed) {
Which results in managed='yes' not causing the device to be
detached when the guest is starting.
(cherry picked from commit 1d6c713b18741f1a0e3d0ccd094275a11aef138c)
Fedora-patch: libvirt-0.6.3-hostdev-managed.patch
---
src/qemu_driver.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/src/qemu_driver.c b/src/qemu_driver.c
index 79ee072..162d072 100644
--- a/src/qemu_driver.c
+++ b/src/qemu_driver.c
@@ -1215,7 +1215,7 @@ static int qemuPrepareHostDevices(virConnectPtr conn,
if (hostdev->source.subsys.type != VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI)
continue;
- if (!hostdev->managed) {
+ if (hostdev->managed) {
pciDevice *dev = pciGetDevice(conn,
hostdev->source.subsys.u.pci.domain,
hostdev->source.subsys.u.pci.bus,
--
1.6.2.5

85
libvirt-0.6.3-refresh-qemu-caps.patch
View File

@@ -1,85 +0,0 @@
From a521796bac21f0c8af38a8551a420d87b61c7a9a Mon Sep 17 00:00:00 2001
From: Cole Robinson <crobinso@redhat.com>
Date: Wed, 6 May 2009 14:20:34 +0000
Subject: [PATCH] Refresh QEMU driver capabilities for each getCapabilities call.
Also fix up a couple issues where caps are accessed without locking
the driver structure.
(cherry picked from commit 4f107590243631869677ddea2bb667db4a1282a6)
Fedora-patch: libvirt-0.6.3-refresh-qemu-caps.patch
---
src/qemu_driver.c | 28 ++++++++++++++++++++--------
1 files changed, 20 insertions(+), 8 deletions(-)
diff --git a/src/qemu_driver.c b/src/qemu_driver.c
index 162d072..4752a64 100644
--- a/src/qemu_driver.c
+++ b/src/qemu_driver.c
@@ -1872,10 +1872,12 @@ static int qemudGetNodeInfo(virConnectPtr conn,
static char *qemudGetCapabilities(virConnectPtr conn) {
struct qemud_driver *driver = conn->privateData;
- char *xml;
+ char *xml = NULL;
qemuDriverLock(driver);
- if ((xml = virCapabilitiesFormatXML(driver->caps)) == NULL)
+ virCapabilitiesFree(qemu_driver->caps);
+ if ((qemu_driver->caps = qemudCapsInit()) == NULL ||
+ (xml = virCapabilitiesFormatXML(driver->caps)) == NULL)
virReportOOMError(conn);
qemuDriverUnlock(driver);
@@ -3142,20 +3144,26 @@ cleanup:
return ret;
}
-static int qemudNodeGetSecurityModel(virConnectPtr conn, virSecurityModelPtr secmodel)
+static int qemudNodeGetSecurityModel(virConnectPtr conn,
+ virSecurityModelPtr secmodel)
{
struct qemud_driver *driver = (struct qemud_driver *)conn->privateData;
char *p;
+ int ret = 0;
- if (!driver->securityDriver)
- return -2;
+ qemuDriverLock(driver);
+ if (!driver->securityDriver) {
+ ret = -2;
+ goto cleanup;
+ }
p = driver->caps->host.secModel.model;
if (strlen(p) >= VIR_SECURITY_MODEL_BUFLEN-1) {
qemudReportError(conn, NULL, NULL, VIR_ERR_INTERNAL_ERROR,
_("security model string exceeds max %d bytes"),
VIR_SECURITY_MODEL_BUFLEN-1);
- return -1;
+ ret = -1;
+ goto cleanup;
}
strcpy(secmodel->model, p);
@@ -3164,10 +3172,14 @@ static int qemudNodeGetSecurityModel(virConnectPtr conn, virSecurityModelPtr sec
qemudReportError(conn, NULL, NULL, VIR_ERR_INTERNAL_ERROR,
_("security DOI string exceeds max %d bytes"),
VIR_SECURITY_DOI_BUFLEN-1);
- return -1;
+ ret = -1;
+ goto cleanup;
}
strcpy(secmodel->doi, p);
- return 0;
+
+cleanup:
+ qemuDriverUnlock(driver);
+ return ret;
}
/* TODO: check seclabel restore */
--
1.6.2.5

356
libvirt-0.8.2-01-extract-backing-store-format.patch Normal file
View File

@@ -0,0 +1,356 @@
From 953440bd12608a20007ee5da5ab69fbbe910bd28 Mon Sep 17 00:00:00 2001
From: Daniel P. Berrange <berrange@redhat.com>
Date: Mon, 14 Jun 2010 15:53:59 +0100
Subject: [PATCH 01/11] Extract the backing store format as well as name, if available
When QEMU opens a backing store for a QCow2 file, it will
normally auto-probe for the format of the backing store,
rather than assuming it has the same format as the referencing
file. There is a QCow2 extension that allows an explicit format
for the backing store to be embedded in the referencing file.
This closes the auto-probing security hole in QEMU.
This backing store format can be useful for libvirt users
of virStorageFileGetMetadata, so extract this data and report
it.
QEMU does not require disk image backing store files to be in
the same format the file linkee. It will auto-probe the disk
format for the backing store when opening it. If the backing
store was intended to be a raw file this could be a security
hole, because a guest may have written data into its disk that
then makes the backing store look like a qcow2 file. If it can
trick QEMU into thinking the raw file is a qcow2 file, it can
access arbitrary files on the host by adding further backing
store links.
To address this, callers of virStorageFileGetMeta need to be
told of the backing store format. If no format is declared,
they can make a decision whether to allow format probing or
not.
---
src/util/storage_file.c | 206 +++++++++++++++++++++++++++++++++++++++++------
src/util/storage_file.h | 2 +
2 files changed, 183 insertions(+), 25 deletions(-)
diff --git a/src/util/storage_file.c b/src/util/storage_file.c
index 0adea40..80f743e 100644
--- a/src/util/storage_file.c
+++ b/src/util/storage_file.c
@@ -78,12 +78,33 @@ struct FileTypeInfo {
int qcowCryptOffset; /* Byte offset from start of file
* where to find encryption mode,
* -1 if encryption is not used */
- int (*getBackingStore)(char **res, const unsigned char *buf, size_t buf_size);
+ int (*getBackingStore)(char **res, int *format,
+ const unsigned char *buf, size_t buf_size);
};
-static int cowGetBackingStore(char **, const unsigned char *, size_t);
-static int qcowXGetBackingStore(char **, const unsigned char *, size_t);
-static int vmdk4GetBackingStore(char **, const unsigned char *, size_t);
+static int cowGetBackingStore(char **, int *,
+ const unsigned char *, size_t);
+static int qcow1GetBackingStore(char **, int *,
+ const unsigned char *, size_t);
+static int qcow2GetBackingStore(char **, int *,
+ const unsigned char *, size_t);
+static int vmdk4GetBackingStore(char **, int *,
+ const unsigned char *, size_t);
+
+#define QCOWX_HDR_VERSION (4)
+#define QCOWX_HDR_BACKING_FILE_OFFSET (QCOWX_HDR_VERSION+4)
+#define QCOWX_HDR_BACKING_FILE_SIZE (QCOWX_HDR_BACKING_FILE_OFFSET+8)
+#define QCOWX_HDR_IMAGE_SIZE (QCOWX_HDR_BACKING_FILE_SIZE+4+4)
+
+#define QCOW1_HDR_CRYPT (QCOWX_HDR_IMAGE_SIZE+8+1+1)
+#define QCOW2_HDR_CRYPT (QCOWX_HDR_IMAGE_SIZE+8)
+
+#define QCOW1_HDR_TOTAL_SIZE (QCOW1_HDR_CRYPT+4+8)
+#define QCOW2_HDR_TOTAL_SIZE (QCOW2_HDR_CRYPT+4+4+8+8+4+4+8)
+
+#define QCOW2_HDR_EXTENSION_END 0
+#define QCOW2_HDR_EXTENSION_BACKING_FORMAT 0xE2792ACA
+
static struct FileTypeInfo const fileTypeInfo[] = {
@@ -119,11 +140,11 @@ static struct FileTypeInfo const fileTypeInfo[] = {
/* QCow */
{ VIR_STORAGE_FILE_QCOW, "QFI", NULL,
LV_BIG_ENDIAN, 4, 1,
- 4+4+8+4+4, 8, 1, 4+4+8+4+4+8+1+1+2, qcowXGetBackingStore },
+ QCOWX_HDR_IMAGE_SIZE, 8, 1, QCOW1_HDR_CRYPT, qcow1GetBackingStore },
/* QCow 2 */
{ VIR_STORAGE_FILE_QCOW2, "QFI", NULL,
LV_BIG_ENDIAN, 4, 2,
- 4+4+8+4+4, 8, 1, 4+4+8+4+4+8, qcowXGetBackingStore },
+ QCOWX_HDR_IMAGE_SIZE, 8, 1, QCOW2_HDR_CRYPT, qcow2GetBackingStore },
/* VMDK 3 */
/* XXX Untested
{ VIR_STORAGE_FILE_VMDK, "COWD", NULL,
@@ -142,11 +163,14 @@ static struct FileTypeInfo const fileTypeInfo[] = {
static int
cowGetBackingStore(char **res,
+ int *format,
const unsigned char *buf,
size_t buf_size)
{
#define COW_FILENAME_MAXLEN 1024
*res = NULL;
+ *format = VIR_STORAGE_FILE_AUTO;
+
if (buf_size < 4+4+ COW_FILENAME_MAXLEN)
return BACKING_STORE_INVALID;
if (buf[4+4] == '\0') /* cow_header_v2.backing_file[0] */
@@ -160,31 +184,98 @@ cowGetBackingStore(char **res,
return BACKING_STORE_OK;
}
+
+static int
+qcow2GetBackingStoreFormat(int *format,
+ const unsigned char *buf,
+ size_t buf_size,
+ size_t extension_start,
+ size_t extension_end)
+{
+ size_t offset = extension_start;
+
+ /*
+ * The extensions take format of
+ *
+ * int32: magic
+ * int32: length
+ * byte[length]: payload
+ *
+ * Unknown extensions can be ignored by skipping
+ * over "length" bytes in the data stream.
+ */
+ while (offset < (buf_size-8) &&
+ offset < (extension_end-8)) {
+ unsigned int magic =
+ (buf[offset] << 24) +
+ (buf[offset+1] << 16) +
+ (buf[offset+2] << 8) +
+ (buf[offset+3]);
+ unsigned int len =
+ (buf[offset+4] << 24) +
+ (buf[offset+5] << 16) +
+ (buf[offset+6] << 8) +
+ (buf[offset+7]);
+
+ offset += 8;
+
+ if ((offset + len) < offset)
+ break;
+
+ if ((offset + len) > buf_size)
+ break;
+
+ switch (magic) {
+ case QCOW2_HDR_EXTENSION_END:
+ goto done;
+
+ case QCOW2_HDR_EXTENSION_BACKING_FORMAT:
+ if (buf[offset+len] != '\0')
+ break;
+ *format = virStorageFileFormatTypeFromString(
+ ((const char *)buf)+offset);
+ break;
+ }
+
+ offset += len;
+ }
+
+done:
+
+ return 0;
+}
+
+
static int
qcowXGetBackingStore(char **res,
+ int *format,
const unsigned char *buf,
- size_t buf_size)
+ size_t buf_size,
+ bool isQCow2)
{
unsigned long long offset;
unsigned long size;
*res = NULL;
- if (buf_size < 4+4+8+4)
+ if (format)
+ *format = VIR_STORAGE_FILE_AUTO;
+
+ if (buf_size < QCOWX_HDR_BACKING_FILE_OFFSET+8+4)
return BACKING_STORE_INVALID;
- offset = (((unsigned long long)buf[4+4] << 56)
- | ((unsigned long long)buf[4+4+1] << 48)
- | ((unsigned long long)buf[4+4+2] << 40)
- | ((unsigned long long)buf[4+4+3] << 32)
- | ((unsigned long long)buf[4+4+4] << 24)
- | ((unsigned long long)buf[4+4+5] << 16)
- | ((unsigned long long)buf[4+4+6] << 8)
- | buf[4+4+7]); /* QCowHeader.backing_file_offset */
+ offset = (((unsigned long long)buf[QCOWX_HDR_BACKING_FILE_OFFSET] << 56)
+ | ((unsigned long long)buf[QCOWX_HDR_BACKING_FILE_OFFSET+1] << 48)
+ | ((unsigned long long)buf[QCOWX_HDR_BACKING_FILE_OFFSET+2] << 40)
+ | ((unsigned long long)buf[QCOWX_HDR_BACKING_FILE_OFFSET+3] << 32)
+ | ((unsigned long long)buf[QCOWX_HDR_BACKING_FILE_OFFSET+4] << 24)
+ | ((unsigned long long)buf[QCOWX_HDR_BACKING_FILE_OFFSET+5] << 16)
+ | ((unsigned long long)buf[QCOWX_HDR_BACKING_FILE_OFFSET+6] << 8)
+ | buf[QCOWX_HDR_BACKING_FILE_OFFSET+7]); /* QCowHeader.backing_file_offset */
if (offset > buf_size)
return BACKING_STORE_INVALID;
- size = ((buf[4+4+8] << 24)
- | (buf[4+4+8+1] << 16)
- | (buf[4+4+8+2] << 8)
- | buf[4+4+8+3]); /* QCowHeader.backing_file_size */
+ size = ((buf[QCOWX_HDR_BACKING_FILE_SIZE] << 24)
+ | (buf[QCOWX_HDR_BACKING_FILE_SIZE+1] << 16)
+ | (buf[QCOWX_HDR_BACKING_FILE_SIZE+2] << 8)
+ | buf[QCOWX_HDR_BACKING_FILE_SIZE+3]); /* QCowHeader.backing_file_size */
if (size == 0)
return BACKING_STORE_OK;
if (offset + size > buf_size || offset + size < offset)
@@ -197,12 +288,63 @@ qcowXGetBackingStore(char **res,
}
memcpy(*res, buf + offset, size);
(*res)[size] = '\0';
+
+ /*
+ * Traditionally QCow2 files had a layout of
+ *
+ * [header]
+ * [backingStoreName]
+ *
+ * Although the backingStoreName typically followed
+ * the header immediately, this was not required by
+ * the format. By specifying a higher byte offset for
+ * the backing file offset in the header, it was
+ * possible to leave space between the header and
+ * start of backingStore.
+ *
+ * This hack is now used to store extensions to the
+ * qcow2 format:
+ *
+ * [header]
+ * [extensions]
+ * [backingStoreName]
+ *
+ * Thus the file region to search for extensions is
+ * between the end of the header (QCOW2_HDR_TOTAL_SIZE)
+ * and the start of the backingStoreName (offset)
+ */
+ if (isQCow2)
+ qcow2GetBackingStoreFormat(format, buf, buf_size, QCOW2_HDR_TOTAL_SIZE, offset);
+
return BACKING_STORE_OK;
}
static int
+qcow1GetBackingStore(char **res,
+ int *format,
+ const unsigned char *buf,
+ size_t buf_size)
+{
+ /* QCow1 doesn't have the extensions capability
+ * used to store backing format */
+ *format = VIR_STORAGE_FILE_AUTO;
+ return qcowXGetBackingStore(res, NULL, buf, buf_size, false);
+}
+
+static int
+qcow2GetBackingStore(char **res,
+ int *format,
+ const unsigned char *buf,
+ size_t buf_size)
+{
+ return qcowXGetBackingStore(res, format, buf, buf_size, true);
+}
+
+
+static int
vmdk4GetBackingStore(char **res,
+ int *format,
const unsigned char *buf,
size_t buf_size)
{
@@ -212,6 +354,14 @@ vmdk4GetBackingStore(char **res,
size_t len;
*res = NULL;
+ /*
+ * Technically this should have been VMDK, since
+ * VMDK spec / VMWare impl only support VMDK backed
+ * by VMDK. QEMU isn't following this though and
+ * does probing on VMDK backing files, hence we set
+ * AUTO
+ */
+ *format = VIR_STORAGE_FILE_AUTO;
if (buf_size <= 0x200)
return BACKING_STORE_INVALID;
@@ -358,9 +508,12 @@ virStorageFileGetMetadataFromFD(const char *path,
/* Validation passed, we know the file format now */
meta->format = fileTypeInfo[i].type;
if (fileTypeInfo[i].getBackingStore != NULL) {
- char *base;
+ char *backing;
+ int backingFormat;
- switch (fileTypeInfo[i].getBackingStore(&base, head, len)) {
+ switch (fileTypeInfo[i].getBackingStore(&backing,
+ &backingFormat,
+ head, len)) {
case BACKING_STORE_OK:
break;
@@ -370,13 +523,16 @@ virStorageFileGetMetadataFromFD(const char *path,
case BACKING_STORE_ERROR:
return -1;
}
- if (base != NULL) {
- meta->backingStore = absolutePathFromBaseFile(path, base);
- VIR_FREE(base);
+ if (backing != NULL) {
+ meta->backingStore = absolutePathFromBaseFile(path, backing);
+ VIR_FREE(backing);
if (meta->backingStore == NULL) {
virReportOOMError();
return -1;
}
+ meta->backingStoreFormat = backingFormat;
+ } else {
+ meta->backingStoreFormat = VIR_STORAGE_FILE_AUTO;
}
}
return 0;
diff --git a/src/util/storage_file.h b/src/util/storage_file.h
index 58533ee..6328ba7 100644
--- a/src/util/storage_file.h
+++ b/src/util/storage_file.h
@@ -28,6 +28,7 @@
# include <stdbool.h>
enum virStorageFileFormat {
+ VIR_STORAGE_FILE_AUTO = -1,
VIR_STORAGE_FILE_RAW = 0,
VIR_STORAGE_FILE_DIR,
VIR_STORAGE_FILE_BOCHS,
@@ -47,6 +48,7 @@ VIR_ENUM_DECL(virStorageFileFormat);
typedef struct _virStorageFileMetadata {
int format;
char *backingStore;
+ int backingStoreFormat;
unsigned long long capacity;
bool encrypted;
} virStorageFileMetadata;
--
1.7.1.1

159
libvirt-0.8.2-02-remove-type-field.patch Normal file
View File

@@ -0,0 +1,159 @@
From cab428b1d4d432965cee6f5afb67265557706715 Mon Sep 17 00:00:00 2001
From: Daniel P. Berrange <berrange@redhat.com>
Date: Mon, 14 Jun 2010 16:39:32 +0100
Subject: [PATCH 02/11] Remove 'type' field from FileTypeInfo struct
Instead of including a field in FileTypeInfo struct for the
disk format, rely on the array index matching the format.
Use verify() to assert the correct number of elements in the
array.
* src/util/storage_file.c: remove type field from FileTypeInfo
---
src/util/storage_file.c | 108 +++++++++++++++++++++++-----------------------
1 files changed, 54 insertions(+), 54 deletions(-)
diff --git a/src/util/storage_file.c b/src/util/storage_file.c
index 80f743e..df0e3a1 100644
--- a/src/util/storage_file.c
+++ b/src/util/storage_file.c
@@ -58,7 +58,6 @@ enum {
/* Either 'magic' or 'extension' *must* be provided */
struct FileTypeInfo {
- int type; /* One of the constants above */
const char *magic; /* Optional string of file magic
* to check at head of file */
const char *extension; /* Optional file extension to check */
@@ -108,58 +107,59 @@ static int vmdk4GetBackingStore(char **, int *,
static struct FileTypeInfo const fileTypeInfo[] = {
- /* Bochs */
- /* XXX Untested
- { VIR_STORAGE_FILE_BOCHS, "Bochs Virtual HD Image", NULL,
- LV_LITTLE_ENDIAN, 64, 0x20000,
- 32+16+16+4+4+4+4+4, 8, 1, -1, NULL },*/
- /* CLoop */
- /* XXX Untested
- { VIR_STORAGE_VOL_CLOOP, "#!/bin/sh\n#V2.0 Format\nmodprobe cloop file=$0 && mount -r -t iso9660 /dev/cloop $1\n", NULL,
- LV_LITTLE_ENDIAN, -1, 0,
- -1, 0, 0, -1, NULL }, */
- /* Cow */
- { VIR_STORAGE_FILE_COW, "OOOM", NULL,
- LV_BIG_ENDIAN, 4, 2,
- 4+4+1024+4, 8, 1, -1, cowGetBackingStore },
- /* DMG */
- /* XXX QEMU says there's no magic for dmg, but we should check... */
- { VIR_STORAGE_FILE_DMG, NULL, ".dmg",
- 0, -1, 0,
- -1, 0, 0, -1, NULL },
- /* XXX there's probably some magic for iso we can validate too... */
- { VIR_STORAGE_FILE_ISO, NULL, ".iso",
- 0, -1, 0,
- -1, 0, 0, -1, NULL },
- /* Parallels */
- /* XXX Untested
- { VIR_STORAGE_FILE_PARALLELS, "WithoutFreeSpace", NULL,
- LV_LITTLE_ENDIAN, 16, 2,
- 16+4+4+4+4, 4, 512, -1, NULL },
- */
- /* QCow */
- { VIR_STORAGE_FILE_QCOW, "QFI", NULL,
- LV_BIG_ENDIAN, 4, 1,
- QCOWX_HDR_IMAGE_SIZE, 8, 1, QCOW1_HDR_CRYPT, qcow1GetBackingStore },
- /* QCow 2 */
- { VIR_STORAGE_FILE_QCOW2, "QFI", NULL,
- LV_BIG_ENDIAN, 4, 2,
- QCOWX_HDR_IMAGE_SIZE, 8, 1, QCOW2_HDR_CRYPT, qcow2GetBackingStore },
- /* VMDK 3 */
- /* XXX Untested
- { VIR_STORAGE_FILE_VMDK, "COWD", NULL,
- LV_LITTLE_ENDIAN, 4, 1,
- 4+4+4, 4, 512, -1, NULL },
- */
- /* VMDK 4 */
- { VIR_STORAGE_FILE_VMDK, "KDMV", NULL,
- LV_LITTLE_ENDIAN, 4, 1,
- 4+4+4, 8, 512, -1, vmdk4GetBackingStore },
- /* Connectix / VirtualPC */
- { VIR_STORAGE_FILE_VPC, "conectix", NULL,
- LV_BIG_ENDIAN, 12, 0x10000,
- 8 + 4 + 4 + 8 + 4 + 4 + 2 + 2 + 4, 8, 1, -1, NULL},
+ [VIR_STORAGE_FILE_RAW] = { NULL, NULL, LV_LITTLE_ENDIAN, -1, 0, 0, 0, 0, 0, NULL },
+ [VIR_STORAGE_FILE_DIR] = { NULL, NULL, LV_LITTLE_ENDIAN, -1, 0, 0, 0, 0, 0, NULL },
+ [VIR_STORAGE_FILE_BOCHS] = {
+ /*"Bochs Virtual HD Image", */ /* Untested */ NULL,
+ NULL,
+ LV_LITTLE_ENDIAN, 64, 0x20000,
+ 32+16+16+4+4+4+4+4, 8, 1, -1, NULL
+ },
+ [VIR_STORAGE_FILE_CLOOP] = {
+ /*"#!/bin/sh\n#V2.0 Format\nmodprobe cloop file=$0 && mount -r -t iso9660 /dev/cloop $1\n", */ /* Untested */ NULL,
+ NULL,
+ LV_LITTLE_ENDIAN, -1, 0,
+ -1, 0, 0, -1, NULL
+ },
+ [VIR_STORAGE_FILE_COW] = {
+ "OOOM", NULL,
+ LV_BIG_ENDIAN, 4, 2,
+ 4+4+1024+4, 8, 1, -1, cowGetBackingStore
+ },
+ [VIR_STORAGE_FILE_DMG] = {
+ NULL, /* XXX QEMU says there's no magic for dmg, but we should check... */
+ ".dmg",
+ 0, -1, 0,
+ -1, 0, 0, -1, NULL
+ },
+ [VIR_STORAGE_FILE_ISO] = {
+ NULL, /* XXX there's probably some magic for iso we can validate too... */
+ ".iso",
+ 0, -1, 0,
+ -1, 0, 0, -1, NULL
+ },
+ [VIR_STORAGE_FILE_QCOW] = {
+ "QFI", NULL,
+ LV_BIG_ENDIAN, 4, 1,
+ QCOWX_HDR_IMAGE_SIZE, 8, 1, QCOW1_HDR_CRYPT, qcow1GetBackingStore,
+ },
+ [VIR_STORAGE_FILE_QCOW2] = {
+ "QFI", NULL,
+ LV_BIG_ENDIAN, 4, 2,
+ QCOWX_HDR_IMAGE_SIZE, 8, 1, QCOW2_HDR_CRYPT, qcow2GetBackingStore,
+ },
+ [VIR_STORAGE_FILE_VMDK] = {
+ "KDMV", NULL,
+ LV_LITTLE_ENDIAN, 4, 1,
+ 4+4+4, 8, 512, -1, vmdk4GetBackingStore
+ },
+ [VIR_STORAGE_FILE_VPC] = {
+ "conectix", NULL,
+ LV_BIG_ENDIAN, 12, 0x10000,
+ 8 + 4 + 4 + 8 + 4 + 4 + 2 + 2 + 4, 8, 1, -1, NULL
+ },
};
+verify(ARRAY_CARDINALITY(fileTypeInfo) == VIR_STORAGE_FILE_LAST);
static int
cowGetBackingStore(char **res,
@@ -506,7 +506,7 @@ virStorageFileGetMetadataFromFD(const char *path,
}
/* Validation passed, we know the file format now */
- meta->format = fileTypeInfo[i].type;
+ meta->format = i;
if (fileTypeInfo[i].getBackingStore != NULL) {
char *backing;
int backingFormat;
@@ -546,7 +546,7 @@ virStorageFileGetMetadataFromFD(const char *path,
if (!virFileHasSuffix(path, fileTypeInfo[i].extension))
continue;
- meta->format = fileTypeInfo[i].type;
+ meta->format = i;
return 0;
}
--
1.7.1.1

585
libvirt-0.8.2-03-refactor-metadata-extract.patch Normal file
View File

@@ -0,0 +1,585 @@
From 57482ca0be29e9e92e242c9acb577e0b770c01d1 Mon Sep 17 00:00:00 2001
From: Daniel P. Berrange <berrange@redhat.com>
Date: Tue, 15 Jun 2010 14:58:10 +0100
Subject: [PATCH 03/11] Refactor virStorageFileGetMetadataFromFD to separate functionality
The virStorageFileGetMetadataFromFD did two jobs in one. First
it probed for storage type, then it extracted metadata for the
type. It is desirable to be able to separate these jobs, allowing
probing without querying metadata, and querying metadata without
probing.
To prepare for this, split out probing code into a new pair of
methods
virStorageFileProbeFormatFromFD
virStorageFileProbeFormat
* src/util/storage_file.c, src/util/storage_file.h,
src/libvirt_private.syms: Introduce virStorageFileProbeFormat
and virStorageFileProbeFormatFromFD
---
src/libvirt_private.syms | 2 +
src/util/storage_file.c | 460 +++++++++++++++++++++++++++++++++-------------
src/util/storage_file.h | 4 +
3 files changed, 335 insertions(+), 131 deletions(-)
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 778ceb1..4607f49 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -628,6 +628,8 @@ virStorageGenerateQcowPassphrase;
# storage_file.h
virStorageFileFormatTypeToString;
virStorageFileFormatTypeFromString;
+virStorageFileProbeFormat;
+virStorageFileProbeFormatFromFD;
virStorageFileGetMetadata;
virStorageFileGetMetadataFromFD;
virStorageFileIsSharedFS;
diff --git a/src/util/storage_file.c b/src/util/storage_file.c
index df0e3a1..221268b 100644
--- a/src/util/storage_file.c
+++ b/src/util/storage_file.c
@@ -104,6 +104,9 @@ static int vmdk4GetBackingStore(char **, int *,
#define QCOW2_HDR_EXTENSION_END 0
#define QCOW2_HDR_EXTENSION_BACKING_FORMAT 0xE2792ACA
+/* VMDK needs at least this to find backing store,
+ * other formats are less */
+#define STORAGE_MAX_HEAD (20*512)
static struct FileTypeInfo const fileTypeInfo[] = {
@@ -349,9 +352,14 @@ vmdk4GetBackingStore(char **res,
size_t buf_size)
{
static const char prefix[] = "parentFileNameHint=\"";
-
- char desc[20*512 + 1], *start, *end;
+ char *desc, *start, *end;
size_t len;
+ int ret = BACKING_STORE_ERROR;
+
+ if (VIR_ALLOC_N(desc, STORAGE_MAX_HEAD + 1) < 0) {
+ virReportOOMError();
+ goto cleanup;
+ }
*res = NULL;
/*
@@ -363,29 +371,42 @@ vmdk4GetBackingStore(char **res,
*/
*format = VIR_STORAGE_FILE_AUTO;
- if (buf_size <= 0x200)
- return BACKING_STORE_INVALID;
+ if (buf_size <= 0x200) {
+ ret = BACKING_STORE_INVALID;
+ goto cleanup;
+ }
len = buf_size - 0x200;
- if (len > sizeof(desc) - 1)
- len = sizeof(desc) - 1;
+ if (len > STORAGE_MAX_HEAD)
+ len = STORAGE_MAX_HEAD;
memcpy(desc, buf + 0x200, len);
desc[len] = '\0';
start = strstr(desc, prefix);
- if (start == NULL)
- return BACKING_STORE_OK;
+ if (start == NULL) {
+ ret = BACKING_STORE_OK;
+ goto cleanup;
+ }
start += strlen(prefix);
end = strchr(start, '"');
- if (end == NULL)
- return BACKING_STORE_INVALID;
- if (end == start)
- return BACKING_STORE_OK;
+ if (end == NULL) {
+ ret = BACKING_STORE_INVALID;
+ goto cleanup;
+ }
+ if (end == start) {
+ ret = BACKING_STORE_OK;
+ goto cleanup;
+ }
*end = '\0';
*res = strdup(start);
if (*res == NULL) {
virReportOOMError();
- return BACKING_STORE_ERROR;
+ goto cleanup;
}
- return BACKING_STORE_OK;
+
+ ret = BACKING_STORE_OK;
+
+cleanup:
+ VIR_FREE(desc);
+ return ret;
}
/**
@@ -411,148 +432,325 @@ absolutePathFromBaseFile(const char *base_file, const char *path)
return res;
}
-/**
- * Probe the header of a file to determine what type of disk image
- * it is, and info about its capacity if available.
- */
-int
-virStorageFileGetMetadataFromFD(const char *path,
- int fd,
- virStorageFileMetadata *meta)
+
+static bool
+virStorageFileMatchesMagic(int format,
+ unsigned char *buf,
+ size_t buflen)
{
- unsigned char head[20*512]; /* vmdk4GetBackingStore needs this much. */
- int len, i;
+ int mlen;
- memset(meta, 0, sizeof (*meta));
+ if (fileTypeInfo[format].magic == NULL)
+ return false;
- /* If all else fails, call it a raw file */
- meta->format = VIR_STORAGE_FILE_RAW;
+ /* Validate magic data */
+ mlen = strlen(fileTypeInfo[format].magic);
+ if (mlen > buflen)
+ return false;
- if ((len = read(fd, head, sizeof(head))) < 0) {
- virReportSystemError(errno, _("cannot read header '%s'"), path);
- return -1;
+ if (memcmp(buf, fileTypeInfo[format].magic, mlen) != 0)
+ return false;
+
+ return true;
+}
+
+
+static bool
+virStorageFileMatchesExtension(int format,
+ const char *path)
+{
+ if (fileTypeInfo[format].extension == NULL)
+ return false;
+
+ if (virFileHasSuffix(path, fileTypeInfo[format].extension))
+ return true;
+
+ return false;
+}
+
+
+static bool
+virStorageFileMatchesVersion(int format,
+ unsigned char *buf,
+ size_t buflen)
+{
+ int version;
+
+ /* Validate version number info */
+ if (fileTypeInfo[format].versionOffset == -1)
+ return false;
+
+ if ((fileTypeInfo[format].versionOffset + 4) > buflen)
+ return false;
+
+ if (fileTypeInfo[format].endian == LV_LITTLE_ENDIAN) {
+ version =
+ (buf[fileTypeInfo[format].versionOffset+3] << 24) |
+ (buf[fileTypeInfo[format].versionOffset+2] << 16) |
+ (buf[fileTypeInfo[format].versionOffset+1] << 8) |
+ (buf[fileTypeInfo[format].versionOffset]);
+ } else {
+ version =
+ (buf[fileTypeInfo[format].versionOffset] << 24) |
+ (buf[fileTypeInfo[format].versionOffset+1] << 16) |
+ (buf[fileTypeInfo[format].versionOffset+2] << 8) |
+ (buf[fileTypeInfo[format].versionOffset+3]);
}
+ if (version != fileTypeInfo[format].versionNumber)
+ return false;
- /* First check file magic */
- for (i = 0 ; i < ARRAY_CARDINALITY(fileTypeInfo) ; i++) {
- int mlen;
-
- if (fileTypeInfo[i].magic == NULL)
- continue;
-
- /* Validate magic data */
- mlen = strlen(fileTypeInfo[i].magic);
- if (mlen > len)
- continue;
- if (memcmp(head, fileTypeInfo[i].magic, mlen) != 0)
- continue;
-
- /* Validate version number info */
- if (fileTypeInfo[i].versionNumber != -1) {
- int version;
-
- if (fileTypeInfo[i].endian == LV_LITTLE_ENDIAN) {
- version = (head[fileTypeInfo[i].versionOffset+3] << 24) |
- (head[fileTypeInfo[i].versionOffset+2] << 16) |
- (head[fileTypeInfo[i].versionOffset+1] << 8) |
- head[fileTypeInfo[i].versionOffset];
- } else {
- version = (head[fileTypeInfo[i].versionOffset] << 24) |
- (head[fileTypeInfo[i].versionOffset+1] << 16) |
- (head[fileTypeInfo[i].versionOffset+2] << 8) |
- head[fileTypeInfo[i].versionOffset+3];
- }
- if (version != fileTypeInfo[i].versionNumber)
- continue;
- }
+ return true;
+}
- /* Optionally extract capacity from file */
- if (fileTypeInfo[i].sizeOffset != -1) {
- if (fileTypeInfo[i].endian == LV_LITTLE_ENDIAN) {
- meta->capacity =
- ((unsigned long long)head[fileTypeInfo[i].sizeOffset+7] << 56) |
- ((unsigned long long)head[fileTypeInfo[i].sizeOffset+6] << 48) |
- ((unsigned long long)head[fileTypeInfo[i].sizeOffset+5] << 40) |
- ((unsigned long long)head[fileTypeInfo[i].sizeOffset+4] << 32) |
- ((unsigned long long)head[fileTypeInfo[i].sizeOffset+3] << 24) |
- ((unsigned long long)head[fileTypeInfo[i].sizeOffset+2] << 16) |
- ((unsigned long long)head[fileTypeInfo[i].sizeOffset+1] << 8) |
- ((unsigned long long)head[fileTypeInfo[i].sizeOffset]);
- } else {
- meta->capacity =
- ((unsigned long long)head[fileTypeInfo[i].sizeOffset] << 56) |
- ((unsigned long long)head[fileTypeInfo[i].sizeOffset+1] << 48) |
- ((unsigned long long)head[fileTypeInfo[i].sizeOffset+2] << 40) |
- ((unsigned long long)head[fileTypeInfo[i].sizeOffset+3] << 32) |
- ((unsigned long long)head[fileTypeInfo[i].sizeOffset+4] << 24) |
- ((unsigned long long)head[fileTypeInfo[i].sizeOffset+5] << 16) |
- ((unsigned long long)head[fileTypeInfo[i].sizeOffset+6] << 8) |
- ((unsigned long long)head[fileTypeInfo[i].sizeOffset+7]);
- }
- /* Avoid unlikely, but theoretically possible overflow */
- if (meta->capacity > (ULLONG_MAX / fileTypeInfo[i].sizeMultiplier))
- continue;
- meta->capacity *= fileTypeInfo[i].sizeMultiplier;
- }
- if (fileTypeInfo[i].qcowCryptOffset != -1) {
- int crypt_format;
+static int
+virStorageFileGetMetadataFromBuf(int format,
+ const char *path,
+ unsigned char *buf,
+ size_t buflen,
+ virStorageFileMetadata *meta)
+{
+ /* XXX we should consider moving virStorageBackendUpdateVolInfo
+ * code into this method, for non-magic files
+ */
+ if (!fileTypeInfo[format].magic) {
+ return 0;
+ }
- crypt_format = (head[fileTypeInfo[i].qcowCryptOffset] << 24) |
- (head[fileTypeInfo[i].qcowCryptOffset+1] << 16) |
- (head[fileTypeInfo[i].qcowCryptOffset+2] << 8) |
- head[fileTypeInfo[i].qcowCryptOffset+3];
- meta->encrypted = crypt_format != 0;
+ /* Optionally extract capacity from file */
+ if (fileTypeInfo[format].sizeOffset != -1) {
+ if ((fileTypeInfo[format].sizeOffset + 8) > buflen)
+ return 1;
+
+ if (fileTypeInfo[format].endian == LV_LITTLE_ENDIAN) {
+ meta->capacity =
+ ((unsigned long long)buf[fileTypeInfo[format].sizeOffset+7] << 56) |
+ ((unsigned long long)buf[fileTypeInfo[format].sizeOffset+6] << 48) |
+ ((unsigned long long)buf[fileTypeInfo[format].sizeOffset+5] << 40) |
+ ((unsigned long long)buf[fileTypeInfo[format].sizeOffset+4] << 32) |
+ ((unsigned long long)buf[fileTypeInfo[format].sizeOffset+3] << 24) |
+ ((unsigned long long)buf[fileTypeInfo[format].sizeOffset+2] << 16) |
+ ((unsigned long long)buf[fileTypeInfo[format].sizeOffset+1] << 8) |
+ ((unsigned long long)buf[fileTypeInfo[format].sizeOffset]);
+ } else {
+ meta->capacity =
+ ((unsigned long long)buf[fileTypeInfo[format].sizeOffset] << 56) |
+ ((unsigned long long)buf[fileTypeInfo[format].sizeOffset+1] << 48) |
+ ((unsigned long long)buf[fileTypeInfo[format].sizeOffset+2] << 40) |
+ ((unsigned long long)buf[fileTypeInfo[format].sizeOffset+3] << 32) |
+ ((unsigned long long)buf[fileTypeInfo[format].sizeOffset+4] << 24) |
+ ((unsigned long long)buf[fileTypeInfo[format].sizeOffset+5] << 16) |
+ ((unsigned long long)buf[fileTypeInfo[format].sizeOffset+6] << 8) |
+ ((unsigned long long)buf[fileTypeInfo[format].sizeOffset+7]);
}
+ /* Avoid unlikely, but theoretically possible overflow */
+ if (meta->capacity > (ULLONG_MAX / fileTypeInfo[format].sizeMultiplier))
+ return 1;
+ meta->capacity *= fileTypeInfo[format].sizeMultiplier;
+ }
- /* Validation passed, we know the file format now */
- meta->format = i;
- if (fileTypeInfo[i].getBackingStore != NULL) {
- char *backing;
- int backingFormat;
+ if (fileTypeInfo[format].qcowCryptOffset != -1) {
+ int crypt_format;
- switch (fileTypeInfo[i].getBackingStore(&backing,
- &backingFormat,
- head, len)) {
- case BACKING_STORE_OK:
- break;
+ crypt_format =
+ (buf[fileTypeInfo[format].qcowCryptOffset] << 24) |
+ (buf[fileTypeInfo[format].qcowCryptOffset+1] << 16) |
+ (buf[fileTypeInfo[format].qcowCryptOffset+2] << 8) |
+ (buf[fileTypeInfo[format].qcowCryptOffset+3]);
+ meta->encrypted = crypt_format != 0;
+ }
- case BACKING_STORE_INVALID:
- continue;
+ if (fileTypeInfo[format].getBackingStore != NULL) {
+ char *backing;
+ int backingFormat;
+ int ret = fileTypeInfo[format].getBackingStore(&backing,
+ &backingFormat,
+ buf, buflen);
+ if (ret == BACKING_STORE_INVALID)
+ return 1;
+
+ if (ret == BACKING_STORE_ERROR)
+ return -1;
- case BACKING_STORE_ERROR:
+ if (backing != NULL) {
+ meta->backingStore = absolutePathFromBaseFile(path, backing);
+ VIR_FREE(backing);
+ if (meta->backingStore == NULL) {
+ virReportOOMError();
return -1;
}
- if (backing != NULL) {
- meta->backingStore = absolutePathFromBaseFile(path, backing);
- VIR_FREE(backing);
- if (meta->backingStore == NULL) {
- virReportOOMError();
- return -1;
- }
- meta->backingStoreFormat = backingFormat;
- } else {
- meta->backingStoreFormat = VIR_STORAGE_FILE_AUTO;
- }
+ meta->backingStoreFormat = backingFormat;
+ } else {
+ meta->backingStore = NULL;
+ meta->backingStoreFormat = VIR_STORAGE_FILE_AUTO;
+ }
+ }
+
+ return 0;
+}
+
+
+static int
+virStorageFileProbeFormatFromBuf(const char *path,
+ unsigned char *buf,
+ size_t buflen)
+{
+ int format = VIR_STORAGE_FILE_RAW;
+ int i;
+
+ /* First check file magic */
+ for (i = 0 ; i < VIR_STORAGE_FILE_LAST ; i++) {
+ if (virStorageFileMatchesMagic(i, buf, buflen) &&
+ virStorageFileMatchesVersion(i, buf, buflen)) {
+ format = i;
+ goto cleanup;
}
- return 0;
}
/* No magic, so check file extension */
- for (i = 0 ; i < ARRAY_CARDINALITY(fileTypeInfo) ; i++) {
- if (fileTypeInfo[i].extension == NULL)
- continue;
+ for (i = 0 ; i < VIR_STORAGE_FILE_LAST ; i++) {
+ if (virStorageFileMatchesExtension(i, path)) {
+ format = i;
+ goto cleanup;
+ }
+ }
- if (!virFileHasSuffix(path, fileTypeInfo[i].extension))
- continue;
+cleanup:
+ return format;
+}
- meta->format = i;
- return 0;
+
+/**
+ * virStorageFileProbeFormatFromFD:
+ *
+ * Probe for the format of 'fd' (which is an open file descriptor
+ * pointing to 'path'), returning the detected disk format.
+ *
+ * Callers are advised never to trust the returned 'format'
+ * unless it is listed as VIR_STORAGE_FILE_RAW, since a
+ * malicious guest can turn a file into any other non-raw
+ * format at will.
+ *
+ * Best option: Don't use this function
+ */
+int
+virStorageFileProbeFormatFromFD(const char *path, int fd)
+{
+ unsigned char *head;
+ ssize_t len = STORAGE_MAX_HEAD;
+ int ret = -1;
+
+ if (VIR_ALLOC_N(head, len) < 0) {
+ virReportOOMError();
+ return -1;
}
- return 0;
+ if (lseek(fd, 0, SEEK_SET) == (off_t)-1) {
+ virReportSystemError(errno, _("cannot set to start of '%s'"), path);
+ goto cleanup;
+ }
+
+ if ((len = read(fd, head, len)) < 0) {
+ virReportSystemError(errno, _("cannot read header '%s'"), path);
+ goto cleanup;
+ }
+
+ ret = virStorageFileProbeFormatFromBuf(path, head, len);
+
+cleanup:
+ VIR_FREE(head);
+ return ret;
+}
+
+
+/**
+ * virStorageFileProbeFormat:
+ *
+ * Probe for the format of 'path', returning the detected
+ * disk format.
+ *
+ * Callers are advised never to trust the returned 'format'
+ * unless it is listed as VIR_STORAGE_FILE_RAW, since a
+ * malicious guest can turn a raw file into any other non-raw
+ * format at will.
+ *
+ * Best option: Don't use this function
+ */
+int
+virStorageFileProbeFormat(const char *path)
+{
+ int fd, ret;
+
+ if ((fd = open(path, O_RDONLY)) < 0) {
+ virReportSystemError(errno, _("cannot open file '%s'"), path);
+ return -1;
+ }
+
+ ret = virStorageFileProbeFormatFromFD(path, fd);
+
+ close(fd);
+
+ return ret;
}
+/**
+ * virStorageFileGetMetadataFromFD:
+ *
+ * Probe for the format of 'fd' (which is an open file descriptor
+ * for the file 'path'), filling 'meta' with the detected
+ * format and other associated metadata.
+ *
+ * Callers are advised never to trust the returned 'meta->format'
+ * unless it is listed as VIR_STORAGE_FILE_RAW, since a
+ * malicious guest can turn a raw file into any other non-raw
+ * format at will.
+ */
+int
+virStorageFileGetMetadataFromFD(const char *path,
+ int fd,
+ virStorageFileMetadata *meta)
+{
+ unsigned char *head;
+ ssize_t len = STORAGE_MAX_HEAD;
+ int ret = -1;
+
+ if (VIR_ALLOC_N(head, len) < 0) {
+ virReportOOMError();
+ return -1;
+ }
+
+ memset(meta, 0, sizeof (*meta));
+
+ if (lseek(fd, 0, SEEK_SET) == (off_t)-1) {
+ virReportSystemError(errno, _("cannot set to start of '%s'"), path);
+ goto cleanup;
+ }
+
+ if ((len = read(fd, head, len)) < 0) {
+ virReportSystemError(errno, _("cannot read header '%s'"), path);
+ goto cleanup;
+ }
+
+ meta->format = virStorageFileProbeFormatFromBuf(path, head, len);
+
+ ret = virStorageFileGetMetadataFromBuf(meta->format, path, head, len, meta);
+
+cleanup:
+ VIR_FREE(head);
+ return ret;
+}
+
+/**
+ * virStorageFileGetMetadata:
+ *
+ * Probe for the format of 'path', filling 'meta' with the detected
+ * format and other associated metadata.
+ *
+ * Callers are advised never to trust the returned 'meta->format'
+ * unless it is listed as VIR_STORAGE_FILE_RAW, since a
+ * malicious guest can turn a raw file into any other non-raw
+ * format at will.
+ */
int
virStorageFileGetMetadata(const char *path,
virStorageFileMetadata *meta)
diff --git a/src/util/storage_file.h b/src/util/storage_file.h
index 6328ba7..3420d44 100644
--- a/src/util/storage_file.h
+++ b/src/util/storage_file.h
@@ -57,6 +57,10 @@ typedef struct _virStorageFileMetadata {
# define DEV_BSIZE 512
# endif
+int virStorageFileProbeFormat(const char *path);
+int virStorageFileProbeFormatFromFD(const char *path,
+ int fd);
+
int virStorageFileGetMetadata(const char *path,
virStorageFileMetadata *meta);
int virStorageFileGetMetadataFromFD(const char *path,
--
1.7.1.1

285
libvirt-0.8.2-04-require-storage-format.patch Normal file
View File

@@ -0,0 +1,285 @@
From 726a63a437efd96510ce316bf30d16f213d4db27 Mon Sep 17 00:00:00 2001
From: Daniel P. Berrange <berrange@redhat.com>
Date: Tue, 15 Jun 2010 16:15:51 +0100
Subject: [PATCH 04/11] Require format to be passed into virStorageFileGetMetadata
Require the disk image to be passed into virStorageFileGetMetadata.
If this is set to VIR_STORAGE_FILE_AUTO, then the format will be
resolved using probing. This makes it easier to control when
probing will be used
* src/qemu/qemu_driver.c, src/qemu/qemu_security_dac.c,
src/security/security_selinux.c, src/security/virt-aa-helper.c:
Set VIR_STORAGE_FILE_AUTO when calling virStorageFileGetMetadata.
* src/storage/storage_backend_fs.c: Probe for disk format before
calling virStorageFileGetMetadata.
* src/util/storage_file.h, src/util/storage_file.c: Remove format
from virStorageFileMeta struct & require it to be passed into
method.
---
src/qemu/qemu_driver.c | 27 +++++++++++++++++---
src/qemu/qemu_security_dac.c | 4 ++-
src/security/security_selinux.c | 4 ++-
src/security/virt-aa-helper.c | 4 ++-
src/storage/storage_backend_fs.c | 11 ++++++--
src/util/storage_file.c | 50 +++++++++++++++++++++++++------------
src/util/storage_file.h | 3 +-
7 files changed, 76 insertions(+), 27 deletions(-)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 487bfa3..97f2990 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -3069,7 +3069,9 @@ static int qemuSetupDiskCgroup(virCgroupPtr cgroup,
}
}
- rc = virStorageFileGetMetadata(path, &meta);
+ rc = virStorageFileGetMetadata(path,
+ VIR_STORAGE_FILE_AUTO,
+ &meta);
if (rc < 0)
VIR_WARN("Unable to lookup parent image for %s", path);
@@ -3119,7 +3121,9 @@ static int qemuTeardownDiskCgroup(virCgroupPtr cgroup,
}
}
- rc = virStorageFileGetMetadata(path, &meta);
+ rc = virStorageFileGetMetadata(path,
+ VIR_STORAGE_FILE_AUTO,
+ &meta);
if (rc < 0)
VIR_WARN("Unable to lookup parent image for %s", path);
@@ -9614,6 +9618,7 @@ static int qemuDomainGetBlockInfo(virDomainPtr dom,
virDomainDiskDefPtr disk = NULL;
struct stat sb;
int i;
+ int format;
virCheckFlags(0, -1);
@@ -9658,7 +9663,21 @@ static int qemuDomainGetBlockInfo(virDomainPtr dom,
}
/* Probe for magic formats */
- if (virStorageFileGetMetadataFromFD(path, fd, &meta) < 0)
+ if (disk->driverType) {
+ if ((format = virStorageFileFormatTypeFromString(disk->driverType)) < 0) {
+ qemuReportError(VIR_ERR_INTERNAL_ERROR,
+ _("unknown disk format %s for %s"),
+ disk->driverType, disk->src);
+ goto cleanup;
+ }
+ } else {
+ if ((format = virStorageFileProbeFormat(disk->src)) < 0)
+ goto cleanup;
+ }
+
+ if (virStorageFileGetMetadataFromFD(path, fd,
+ format,
+ &meta) < 0)
goto cleanup;
/* Get info for normal formats */
@@ -9706,7 +9725,7 @@ static int qemuDomainGetBlockInfo(virDomainPtr dom,
highest allocated extent from QEMU */
if (virDomainObjIsActive(vm) &&
disk->type == VIR_DOMAIN_DISK_TYPE_BLOCK &&
- meta.format != VIR_STORAGE_FILE_RAW &&
+ format != VIR_STORAGE_FILE_RAW &&
S_ISBLK(sb.st_mode)) {
qemuDomainObjPrivatePtr priv = vm->privateData;
if (qemuDomainObjBeginJob(vm) < 0)
diff --git a/src/qemu/qemu_security_dac.c b/src/qemu/qemu_security_dac.c
index 95015b0..acfe48e 100644
--- a/src/qemu/qemu_security_dac.c
+++ b/src/qemu/qemu_security_dac.c
@@ -115,7 +115,9 @@ qemuSecurityDACSetSecurityImageLabel(virDomainObjPtr vm ATTRIBUTE_UNUSED,
virStorageFileMetadata meta;
int ret;
- ret = virStorageFileGetMetadata(path, &meta);
+ ret = virStorageFileGetMetadata(path,
+ VIR_STORAGE_FILE_AUTO,
+ &meta);
if (path != disk->src)
VIR_FREE(path);
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index e5eef19..5c0f002 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -457,7 +457,9 @@ SELinuxSetSecurityImageLabel(virDomainObjPtr vm,
virStorageFileMetadata meta;
int ret;
- ret = virStorageFileGetMetadata(path, &meta);
+ ret = virStorageFileGetMetadata(path,
+ VIR_STORAGE_FILE_AUTO,
+ &meta);
if (path != disk->src)
VIR_FREE(path);
diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
index c66f107..2c045e6 100644
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@@ -830,7 +830,9 @@ get_files(vahControl * ctl)
do {
virStorageFileMetadata meta;
- ret = virStorageFileGetMetadata(path, &meta);
+ ret = virStorageFileGetMetadata(path,
+ VIR_STORAGE_FILE_AUTO,
+ &meta);
if (path != ctl->def->disks[i]->src)
VIR_FREE(path);
diff --git a/src/storage/storage_backend_fs.c b/src/storage/storage_backend_fs.c
index f0cd770..d3ac0fe 100644
--- a/src/storage/storage_backend_fs.c
+++ b/src/storage/storage_backend_fs.c
@@ -75,14 +75,19 @@ virStorageBackendProbeTarget(virStorageVolTargetPtr target,
memset(&meta, 0, sizeof(meta));
- if (virStorageFileGetMetadataFromFD(target->path, fd, &meta) < 0) {
+ if ((target->format = virStorageFileProbeFormatFromFD(target->path, fd)) < 0) {
close(fd);
return -1;
}
- close(fd);
+ if (virStorageFileGetMetadataFromFD(target->path, fd,
+ target->format,
+ &meta) < 0) {
+ close(fd);
+ return -1;
+ }
- target->format = meta.format;
+ close(fd);
if (backingStore) {
*backingStore = meta.backingStore;
diff --git a/src/util/storage_file.c b/src/util/storage_file.c
index 221268b..9712d92 100644
--- a/src/util/storage_file.c
+++ b/src/util/storage_file.c
@@ -696,18 +696,23 @@ virStorageFileProbeFormat(const char *path)
/**
* virStorageFileGetMetadataFromFD:
*
- * Probe for the format of 'fd' (which is an open file descriptor
- * for the file 'path'), filling 'meta' with the detected
- * format and other associated metadata.
+ * Extract metadata about the storage volume with the specified
+ * image format. If image format is VIR_STORAGE_FILE_AUTO, it
+ * will probe to automatically identify the format.
*
- * Callers are advised never to trust the returned 'meta->format'
- * unless it is listed as VIR_STORAGE_FILE_RAW, since a
- * malicious guest can turn a raw file into any other non-raw
- * format at will.
+ * Callers are advised never to use VIR_STORAGE_FILE_AUTO as a
+ * format, since a malicious guest can turn a raw file into any
+ * other non-raw format at will.
+ *
+ * If the returned meta.backingStoreFormat is VIR_STORAGE_FILE_AUTO
+ * it indicates the image didn't specify an explicit format for its
+ * backing store. Callers are advised against probing for the
+ * backing store format in this case.
*/
int
virStorageFileGetMetadataFromFD(const char *path,
int fd,
+ int format,
virStorageFileMetadata *meta)
{
unsigned char *head;
@@ -731,9 +736,16 @@ virStorageFileGetMetadataFromFD(const char *path,
goto cleanup;
}
- meta->format = virStorageFileProbeFormatFromBuf(path, head, len);
+ if (format == VIR_STORAGE_FILE_AUTO)
+ format = virStorageFileProbeFormatFromBuf(path, head, len);
+
+ if (format < 0 ||
+ format >= VIR_STORAGE_FILE_LAST) {
+ virReportSystemError(EINVAL, _("unknown storage file format %d"), format);
+ return -1;
+ }
- ret = virStorageFileGetMetadataFromBuf(meta->format, path, head, len, meta);
+ ret = virStorageFileGetMetadataFromBuf(format, path, head, len, meta);
cleanup:
VIR_FREE(head);
@@ -743,16 +755,22 @@ cleanup:
/**
* virStorageFileGetMetadata:
*
- * Probe for the format of 'path', filling 'meta' with the detected
- * format and other associated metadata.
+ * Extract metadata about the storage volume with the specified
+ * image format. If image format is VIR_STORAGE_FILE_AUTO, it
+ * will probe to automatically identify the format.
*
- * Callers are advised never to trust the returned 'meta->format'
- * unless it is listed as VIR_STORAGE_FILE_RAW, since a
- * malicious guest can turn a raw file into any other non-raw
- * format at will.
+ * Callers are advised never to use VIR_STORAGE_FILE_AUTO as a
+ * format, since a malicious guest can turn a raw file into any
+ * other non-raw format at will.
+ *
+ * If the returned meta.backingStoreFormat is VIR_STORAGE_FILE_AUTO
+ * it indicates the image didn't specify an explicit format for its
+ * backing store. Callers are advised against probing for the
+ * backing store format in this case.
*/
int
virStorageFileGetMetadata(const char *path,
+ int format,
virStorageFileMetadata *meta)
{
int fd, ret;
@@ -762,7 +780,7 @@ virStorageFileGetMetadata(const char *path,
return -1;
}
- ret = virStorageFileGetMetadataFromFD(path, fd, meta);
+ ret = virStorageFileGetMetadataFromFD(path, fd, format, meta);
close(fd);
diff --git a/src/util/storage_file.h b/src/util/storage_file.h
index 3420d44..6853182 100644
--- a/src/util/storage_file.h
+++ b/src/util/storage_file.h
@@ -46,7 +46,6 @@ enum virStorageFileFormat {
VIR_ENUM_DECL(virStorageFileFormat);
typedef struct _virStorageFileMetadata {
- int format;
char *backingStore;
int backingStoreFormat;
unsigned long long capacity;
@@ -62,9 +61,11 @@ int virStorageFileProbeFormatFromFD(const char *path,
int fd);
int virStorageFileGetMetadata(const char *path,
+ int format,
virStorageFileMetadata *meta);
int virStorageFileGetMetadataFromFD(const char *path,
int fd,
+ int format,
virStorageFileMetadata *meta);
int virStorageFileIsSharedFS(const char *path);
--
1.7.1.1

170
libvirt-0.8.2-05-disk-path-iterator.patch Normal file
View File

@@ -0,0 +1,170 @@
From ac5067f1e2e98181ee0e9230f756697f50d853eb Mon Sep 17 00:00:00 2001
From: Daniel P. Berrange <berrange@redhat.com>
Date: Mon, 14 Jun 2010 18:09:15 +0100
Subject: [PATCH 05/11] Add an API for iterating over disk paths
There is duplicated code which iterates over disk backing stores
performing some action. Provide a convenient helper for doing
this to eliminate duplication & risk of mistakes with disk format
probing
* src/conf/domain_conf.c, src/conf/domain_conf.h,
src/libvirt_private.syms: Add virDomainDiskDefForeachPath()
---
src/conf/domain_conf.c | 99 ++++++++++++++++++++++++++++++++++++++++++++++
src/conf/domain_conf.h | 11 +++++
src/libvirt_private.syms | 1 +
3 files changed, 111 insertions(+), 0 deletions(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 378c06e..b20ca97 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -45,6 +45,7 @@
#include "macvtap.h"
#include "nwfilter_conf.h"
#include "ignore-value.h"
+#include "storage_file.h"
#define VIR_FROM_THIS VIR_FROM_DOMAIN
@@ -7273,4 +7274,102 @@ done:
}
+int virDomainDiskDefForeachPath(virDomainDiskDefPtr disk,
+ bool allowProbing,
+ bool ignoreOpenFailure,
+ virDomainDiskDefPathIterator iter,
+ void *opaque)
+{
+ virHashTablePtr paths;
+ int format;
+ int ret = -1;
+ size_t depth = 0;
+ char *nextpath = NULL;
+
+ if (!disk->src)
+ return 0;
+
+ if (disk->driverType) {
+ const char *formatStr = disk->driverType;
+ if (STREQ(formatStr, "aio"))
+ formatStr = "raw"; /* Xen compat */
+
+ if ((format = virStorageFileFormatTypeFromString(formatStr)) < 0) {
+ virDomainReportError(VIR_ERR_INTERNAL_ERROR,
+ _("unknown disk format '%s' for %s"),
+ disk->driverType, disk->src);
+ return -1;
+ }
+ } else {
+ if (allowProbing) {
+ format = VIR_STORAGE_FILE_AUTO;
+ } else {
+ virDomainReportError(VIR_ERR_INTERNAL_ERROR,
+ _("no disk format for %s and probing is disabled"),
+ disk->src);
+ return -1;
+ }
+ }
+
+ paths = virHashCreate(5);
+
+ do {
+ virStorageFileMetadata meta;
+ const char *path = nextpath ? nextpath : disk->src;
+ int fd;
+
+ if (iter(disk, path, depth, opaque) < 0)
+ goto cleanup;
+
+ if (virHashLookup(paths, path)) {
+ virDomainReportError(VIR_ERR_INTERNAL_ERROR,
+ _("backing store for %s is self-referential"),
+ disk->src);
+ goto cleanup;
+ }
+
+ if ((fd = open(path, O_RDONLY)) < 0) {
+ if (ignoreOpenFailure) {
+ char ebuf[1024];
+ VIR_WARN("Ignoring open failure on %s: %s", path,
+ virStrerror(errno, ebuf, sizeof(ebuf)));
+ break;
+ } else {
+ virReportSystemError(errno,
+ _("unable to open disk path %s"),
+ path);
+ goto cleanup;
+ }
+ }
+
+ if (virStorageFileGetMetadataFromFD(path, fd, format, &meta) < 0) {
+ close(fd);
+ goto cleanup;
+ }
+ close(fd);
+
+ if (virHashAddEntry(paths, path, (void*)0x1) < 0) {
+ virReportOOMError();
+ goto cleanup;
+ }
+
+ depth++;
+ nextpath = meta.backingStore;
+
+ format = meta.backingStoreFormat;
+
+ if (format == VIR_STORAGE_FILE_AUTO &&
+ !allowProbing)
+ format = VIR_STORAGE_FILE_RAW; /* Stops further recursion */
+ } while (nextpath);
+
+ ret = 0;
+
+cleanup:
+ virHashFree(paths, NULL);
+ VIR_FREE(nextpath);
+
+ return ret;
+}
+
#endif /* ! PROXY */
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 01da17e..d46869e 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -1079,6 +1079,17 @@ int virDomainChrDefForeach(virDomainDefPtr def,
void *opaque);
+typedef int (*virDomainDiskDefPathIterator)(virDomainDiskDefPtr disk,
+ const char *path,
+ size_t depth,
+ void *opaque);
+
+int virDomainDiskDefForeachPath(virDomainDiskDefPtr disk,
+ bool allowProbing,
+ bool ignoreOpenFailure,
+ virDomainDiskDefPathIterator iter,
+ void *opaque);
+
VIR_ENUM_DECL(virDomainVirt)
VIR_ENUM_DECL(virDomainBoot)
VIR_ENUM_DECL(virDomainFeature)
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 4607f49..b5f3695 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -225,6 +225,7 @@ virDomainSnapshotDefFormat;
virDomainSnapshotAssignDef;
virDomainObjAssignDef;
virDomainChrDefForeach;
+virDomainDiskDefForeachPath;
# domain_event.h
--
1.7.1.1

506
libvirt-0.8.2-06-use-disk-iterator.patch Normal file
View File

@@ -0,0 +1,506 @@
From 54c1bb731d2b19a46a594cf9682c022f1e1114d2 Mon Sep 17 00:00:00 2001
From: Daniel P. Berrange <berrange@redhat.com>
Date: Tue, 15 Jun 2010 16:40:47 +0100
Subject: [PATCH 06/11] Convert all disk backing store loops to shared helper API
Update the QEMU cgroups code, QEMU DAC security driver, SELinux
and AppArmour security drivers over to use the shared helper API
virDomainDiskDefForeachPath().
* src/qemu/qemu_driver.c, src/qemu/qemu_security_dac.c,
src/security/security_selinux.c, src/security/virt-aa-helper.c:
Convert over to use virDomainDiskDefForeachPath()
---
src/qemu/qemu_driver.c | 161 ++++++++++++++++----------------------
src/qemu/qemu_security_dac.c | 47 ++++--------
src/security/security_selinux.c | 67 +++++++----------
src/security/virt-aa-helper.c | 71 ++++++++----------
4 files changed, 142 insertions(+), 204 deletions(-)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 97f2990..99aeffa 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -3040,107 +3040,82 @@ static const char *const defaultDeviceACL[] = {
#define DEVICE_PTY_MAJOR 136
#define DEVICE_SND_MAJOR 116
-static int qemuSetupDiskCgroup(virCgroupPtr cgroup,
- virDomainObjPtr vm,
- virDomainDiskDefPtr disk)
-{
- char *path = disk->src;
- int ret = -1;
- while (path != NULL) {
- virStorageFileMetadata meta;
- int rc;
+static int qemuSetupDiskPathAllow(virDomainDiskDefPtr disk ATTRIBUTE_UNUSED,
+ const char *path,
+ size_t depth ATTRIBUTE_UNUSED,
+ void *opaque)
+{
+ virCgroupPtr cgroup = opaque;
+ int rc;
- VIR_DEBUG("Process path '%s' for disk", path);
- rc = virCgroupAllowDevicePath(cgroup, path);
- if (rc != 0) {
- /* Get this for non-block devices */
- if (rc == -EINVAL) {
- VIR_DEBUG("Ignoring EINVAL for %s", path);
- } else if (rc == -EACCES) { /* Get this for root squash NFS */
- VIR_DEBUG("Ignoring EACCES for %s", path);
- } else {
- virReportSystemError(-rc,
- _("Unable to allow device %s for %s"),
- path, vm->def->name);
- if (path != disk->src)
- VIR_FREE(path);
- goto cleanup;
- }
+ VIR_DEBUG("Process path %s for disk", path);
+ /* XXX RO vs RW */
+ rc = virCgroupAllowDevicePath(cgroup, path);
+ if (rc != 0) {
+ /* Get this for non-block devices */
+ if (rc == -EINVAL) {
+ VIR_DEBUG("Ignoring EINVAL for %s", path);
+ } else if (rc == -EACCES) { /* Get this for root squash NFS */
+ VIR_DEBUG("Ignoring EACCES for %s", path);
+ } else {
+ virReportSystemError(-rc,
+ _("Unable to allow access for disk path %s"),
+ path);
+ return -1;
}
-
- rc = virStorageFileGetMetadata(path,
- VIR_STORAGE_FILE_AUTO,
- &meta);
- if (rc < 0)
- VIR_WARN("Unable to lookup parent image for %s", path);
-
- if (path != disk->src)
- VIR_FREE(path);
- path = NULL;
-
- if (rc < 0)
- break; /* Treating as non fatal */
-
- path = meta.backingStore;
}
+ return 0;
+}
- ret = 0;
-cleanup:
- return ret;
+static int qemuSetupDiskCgroup(virCgroupPtr cgroup,
+ virDomainDiskDefPtr disk)
+{
+ return virDomainDiskDefForeachPath(disk,
+ true,
+ true,
+ qemuSetupDiskPathAllow,
+ cgroup);
}
-static int qemuTeardownDiskCgroup(virCgroupPtr cgroup,
- virDomainObjPtr vm,
- virDomainDiskDefPtr disk)
+static int qemuTeardownDiskPathDeny(virDomainDiskDefPtr disk ATTRIBUTE_UNUSED,
+ const char *path,
+ size_t depth ATTRIBUTE_UNUSED,
+ void *opaque)
{
- char *path = disk->src;
- int ret = -1;
-
- while (path != NULL) {
- virStorageFileMetadata meta;
- int rc;
+ virCgroupPtr cgroup = opaque;
+ int rc;
- VIR_DEBUG("Process path '%s' for disk", path);
- rc = virCgroupDenyDevicePath(cgroup, path);
- if (rc != 0) {
- /* Get this for non-block devices */
- if (rc == -EINVAL) {
- VIR_DEBUG("Ignoring EINVAL for %s", path);
- } else if (rc == -EACCES) { /* Get this for root squash NFS */
- VIR_DEBUG("Ignoring EACCES for %s", path);
- } else {
- virReportSystemError(-rc,
- _("Unable to deny device %s for %s"),
- path, vm->def->name);
- if (path != disk->src)
- VIR_FREE(path);
- goto cleanup;
- }
+ VIR_DEBUG("Process path %s for disk", path);
+ /* XXX RO vs RW */
+ rc = virCgroupDenyDevicePath(cgroup, path);
+ if (rc != 0) {
+ /* Get this for non-block devices */
+ if (rc == -EINVAL) {
+ VIR_DEBUG("Ignoring EINVAL for %s", path);
+ } else if (rc == -EACCES) { /* Get this for root squash NFS */
+ VIR_DEBUG("Ignoring EACCES for %s", path);
+ } else {
+ virReportSystemError(-rc,
+ _("Unable to allow access for disk path %s"),
+ path);
+ return -1;
}
-
- rc = virStorageFileGetMetadata(path,
- VIR_STORAGE_FILE_AUTO,
- &meta);
- if (rc < 0)
- VIR_WARN("Unable to lookup parent image for %s", path);
-
- if (path != disk->src)
- VIR_FREE(path);
- path = NULL;
-
- if (rc < 0)
- break; /* Treating as non fatal */
-
- path = meta.backingStore;
}
+ return 0;
+}
- ret = 0;
-cleanup:
- return ret;
+static int qemuTeardownDiskCgroup(virCgroupPtr cgroup,
+ virDomainDiskDefPtr disk)
+{
+ return virDomainDiskDefForeachPath(disk,
+ true,
+ true,
+ qemuTeardownDiskPathDeny,
+ cgroup);
}
@@ -3204,7 +3179,7 @@ static int qemuSetupCgroup(struct qemud_driver *driver,
}
for (i = 0; i < vm->def->ndisks ; i++) {
- if (qemuSetupDiskCgroup(cgroup, vm, vm->def->disks[i]) < 0)
+ if (qemuSetupDiskCgroup(cgroup, vm->def->disks[i]) < 0)
goto cleanup;
}
@@ -8035,7 +8010,7 @@ static int qemudDomainAttachDevice(virDomainPtr dom,
vm->def->name);
goto endjob;
}
- if (qemuSetupDiskCgroup(cgroup, vm, dev->data.disk) < 0)
+ if (qemuSetupDiskCgroup(cgroup, dev->data.disk) < 0)
goto endjob;
}
@@ -8080,7 +8055,7 @@ static int qemudDomainAttachDevice(virDomainPtr dom,
/* Fallthrough */
}
if (ret != 0 && cgroup) {
- if (qemuTeardownDiskCgroup(cgroup, vm, dev->data.disk) < 0)
+ if (qemuTeardownDiskCgroup(cgroup, dev->data.disk) < 0)
VIR_WARN("Failed to teardown cgroup for disk path %s",
NULLSTR(dev->data.disk->src));
}
@@ -8280,7 +8255,7 @@ static int qemuDomainUpdateDeviceFlags(virDomainPtr dom,
vm->def->name);
goto endjob;
}
- if (qemuSetupDiskCgroup(cgroup, vm, dev->data.disk) < 0)
+ if (qemuSetupDiskCgroup(cgroup, dev->data.disk) < 0)
goto endjob;
}
@@ -8303,7 +8278,7 @@ static int qemuDomainUpdateDeviceFlags(virDomainPtr dom,
}
if (ret != 0 && cgroup) {
- if (qemuTeardownDiskCgroup(cgroup, vm, dev->data.disk) < 0)
+ if (qemuTeardownDiskCgroup(cgroup, dev->data.disk) < 0)
VIR_WARN("Failed to teardown cgroup for disk path %s",
NULLSTR(dev->data.disk->src));
}
@@ -8430,7 +8405,7 @@ static int qemudDomainDetachPciDiskDevice(struct qemud_driver *driver,
VIR_WARN("Unable to restore security label on %s", dev->data.disk->src);
if (cgroup != NULL) {
- if (qemuTeardownDiskCgroup(cgroup, vm, dev->data.disk) < 0)
+ if (qemuTeardownDiskCgroup(cgroup, dev->data.disk) < 0)
VIR_WARN("Failed to teardown cgroup for disk path %s",
NULLSTR(dev->data.disk->src));
}
@@ -8493,7 +8468,7 @@ static int qemudDomainDetachSCSIDiskDevice(struct qemud_driver *driver,
VIR_WARN("Unable to restore security label on %s", dev->data.disk->src);
if (cgroup != NULL) {
- if (qemuTeardownDiskCgroup(cgroup, vm, dev->data.disk) < 0)
+ if (qemuTeardownDiskCgroup(cgroup, dev->data.disk) < 0)
VIR_WARN("Failed to teardown cgroup for disk path %s",
NULLSTR(dev->data.disk->src));
}
diff --git a/src/qemu/qemu_security_dac.c b/src/qemu/qemu_security_dac.c
index acfe48e..770010d 100644
--- a/src/qemu/qemu_security_dac.c
+++ b/src/qemu/qemu_security_dac.c
@@ -98,45 +98,28 @@ err:
static int
+qemuSecurityDACSetSecurityFileLabel(virDomainDiskDefPtr disk ATTRIBUTE_UNUSED,
+ const char *path,
+ size_t depth ATTRIBUTE_UNUSED,
+ void *opaque ATTRIBUTE_UNUSED)
+{
+ return qemuSecurityDACSetOwnership(path, driver->user, driver->group);
+}
+
+
+static int
qemuSecurityDACSetSecurityImageLabel(virDomainObjPtr vm ATTRIBUTE_UNUSED,
virDomainDiskDefPtr disk)
{
- const char *path;
-
if (!driver->privileged || !driver->dynamicOwnership)
return 0;
- if (!disk->src)
- return 0;
-
- path = disk->src;
- do {
- virStorageFileMetadata meta;
- int ret;
-
- ret = virStorageFileGetMetadata(path,
- VIR_STORAGE_FILE_AUTO,
- &meta);
-
- if (path != disk->src)
- VIR_FREE(path);
- path = NULL;
-
- if (ret < 0)
- return -1;
-
- if (meta.backingStore != NULL &&
- qemuSecurityDACSetOwnership(meta.backingStore,
- driver->user, driver->group) < 0) {
- VIR_FREE(meta.backingStore);
- return -1;
- }
-
- path = meta.backingStore;
- } while (path != NULL);
-
- return qemuSecurityDACSetOwnership(disk->src, driver->user, driver->group);
+ return virDomainDiskDefForeachPath(disk,
+ true,
+ false,
+ qemuSecurityDACSetSecurityFileLabel,
+ NULL);
}
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index 5c0f002..d191118 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -439,54 +439,43 @@ SELinuxRestoreSecurityImageLabel(virDomainObjPtr vm,
static int
+SELinuxSetSecurityFileLabel(virDomainDiskDefPtr disk,
+ const char *path,
+ size_t depth,
+ void *opaque)
+{
+ const virSecurityLabelDefPtr secdef = opaque;
+
+ if (depth == 0) {
+ if (disk->shared) {
+ return SELinuxSetFilecon(path, default_image_context);
+ } else if (disk->readonly) {
+ return SELinuxSetFilecon(path, default_content_context);
+ } else if (secdef->imagelabel) {
+ return SELinuxSetFilecon(path, secdef->imagelabel);
+ } else {
+ return 0;
+ }
+ } else {
+ return SELinuxSetFilecon(path, default_content_context);
+ }
+}
+
+static int
SELinuxSetSecurityImageLabel(virDomainObjPtr vm,
virDomainDiskDefPtr disk)
{
const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
- const char *path;
if (secdef->type == VIR_DOMAIN_SECLABEL_STATIC)
return 0;
- if (!disk->src)
- return 0;
-
- path = disk->src;
- do {
- virStorageFileMetadata meta;
- int ret;
-
- ret = virStorageFileGetMetadata(path,
- VIR_STORAGE_FILE_AUTO,
- &meta);
-
- if (path != disk->src)
- VIR_FREE(path);
- path = NULL;
-
- if (ret < 0)
- break;
-
- if (meta.backingStore != NULL &&
- SELinuxSetFilecon(meta.backingStore,
- default_content_context) < 0) {
- VIR_FREE(meta.backingStore);
- return -1;
- }
-
- path = meta.backingStore;
- } while (path != NULL);
-
- if (disk->shared) {
- return SELinuxSetFilecon(disk->src, default_image_context);
- } else if (disk->readonly) {
- return SELinuxSetFilecon(disk->src, default_content_context);
- } else if (secdef->imagelabel) {
- return SELinuxSetFilecon(disk->src, secdef->imagelabel);
- }
-
- return 0;
+ return virDomainDiskDefForeachPath(disk,
+ true,
+ false,
+ SELinuxSetSecurityFileLabel,
+ secdef);
}
diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
index 2c045e6..9ed0cd3 100644
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@@ -36,7 +36,6 @@
#include "uuid.h"
#include "hostusb.h"
#include "pci.h"
-#include "storage_file.h"
static char *progname;
@@ -801,6 +800,28 @@ file_iterate_pci_cb(pciDevice *dev ATTRIBUTE_UNUSED,
}
static int
+add_file_path(virDomainDiskDefPtr disk,
+ const char *path,
+ size_t depth,
+ void *opaque)
+{
+ virBufferPtr buf = opaque;
+ int ret;
+
+ if (depth == 0) {
+ if (disk->readonly)
+ ret = vah_add_file(buf, path, "r");
+ else
+ ret = vah_add_file(buf, path, "rw");
+ } else {
+ ret = vah_add_file(buf, path, "r");
+ }
+
+ return ret;
+}
+
+
+static int
get_files(vahControl * ctl)
{
virBuffer buf = VIR_BUFFER_INITIALIZER;
@@ -821,45 +842,15 @@ get_files(vahControl * ctl)
goto clean;
}
- for (i = 0; i < ctl->def->ndisks; i++)
- if (ctl->def->disks[i] && ctl->def->disks[i]->src) {
- int ret;
- const char *path;
-
- path = ctl->def->disks[i]->src;
- do {
- virStorageFileMetadata meta;
-
- ret = virStorageFileGetMetadata(path,
- VIR_STORAGE_FILE_AUTO,
- &meta);
-
- if (path != ctl->def->disks[i]->src)
- VIR_FREE(path);
- path = NULL;
-
- if (ret < 0) {
- vah_warning("could not open path, skipping");
- continue;
- }
-
- if (meta.backingStore != NULL &&
- (ret = vah_add_file(&buf, meta.backingStore, "rw")) != 0) {
- VIR_FREE(meta.backingStore);
- goto clean;
- }
-
- path = meta.backingStore;
- } while (path != NULL);
-
- if (ctl->def->disks[i]->readonly)
- ret = vah_add_file(&buf, ctl->def->disks[i]->src, "r");
- else
- ret = vah_add_file(&buf, ctl->def->disks[i]->src, "rw");
-
- if (ret != 0)
- goto clean;
- }
+ for (i = 0; i < ctl->def->ndisks; i++) {
+ int ret = virDomainDiskDefForeachPath(ctl->def->disks[i],
+ true,
+ false,
+ add_file_path,
+ &buf);
+ if (ret != 0)
+ goto clean;
+ }
for (i = 0; i < ctl->def->nserials; i++)
if (ctl->def->serials[i] && ctl->def->serials[i]->data.file.path)
--
1.7.1.1

1152
libvirt-0.8.2-07-secdriver-params.patch Normal file
View File

File diff suppressed because it is too large Load Diff

468
libvirt-0.8.2-08-disable-disk-probing.patch Normal file
View File

@@ -0,0 +1,468 @@
From dac2b936e77f6c76c11f162e4b175492e4803acb Mon Sep 17 00:00:00 2001
From: Daniel P. Berrange <berrange@redhat.com>
Date: Tue, 15 Jun 2010 17:58:58 +0100
Subject: [PATCH 08/11] Disable all disk probing in QEMU driver & add config option to re-enable
Disk format probing is now disabled by default. A new config
option in /etc/qemu/qemu.conf will re-enable it for existing
deployments where this causes trouble
---
src/qemu/libvirtd_qemu.aug | 1 +
src/qemu/qemu.conf | 12 ++++++++++++
src/qemu/qemu_conf.c | 4 ++++
src/qemu/qemu_conf.h | 1 +
src/qemu/qemu_driver.c | 36 +++++++++++++++++++++++-------------
src/qemu/qemu_security_dac.c | 2 +-
src/qemu/test_libvirtd_qemu.aug | 4 ++++
src/security/security_apparmor.c | 12 ++++++++----
src/security/security_driver.c | 16 ++++++++++++++--
src/security/security_driver.h | 10 ++++++++--
src/security/security_selinux.c | 9 ++++++---
src/security/virt-aa-helper.c | 10 +++++++++-
tests/seclabeltest.c | 2 +-
13 files changed, 92 insertions(+), 27 deletions(-)
diff --git a/src/qemu/libvirtd_qemu.aug b/src/qemu/libvirtd_qemu.aug
index 7c9f271..47d0525 100644
--- a/src/qemu/libvirtd_qemu.aug
+++ b/src/qemu/libvirtd_qemu.aug
@@ -40,6 +40,7 @@ module Libvirtd_qemu =
| bool_entry "relaxed_acs_check"
| bool_entry "vnc_allow_host_audio"
| bool_entry "clear_emulator_capabilities"
+ | bool_entry "allow_disk_format_probing"
(* Each enty in the config is one of the following three ... *)
let entry = vnc_entry
diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
index 93934f3..dc8eb83 100644
--- a/src/qemu/qemu.conf
+++ b/src/qemu/qemu.conf
@@ -187,3 +187,15 @@
# exploit the privileges and possibly do damage to the host.
#
# clear_emulator_capabilities = 1
+
+
+
+# If allow_disk_format_probing is enabled, libvirt will probe disk
+# images to attempt to identify their format, when not otherwise
+# specified in the XML. This is disabled by default.
+#
+# WARNING: Enabling probing is a security hole in almost all
+# deployments. It is strongly recommended that users update their
+# guest XML <disk> elements to include <driver type='XXXX'/>
+# elements instead of enabling this option.
+# allow_disk_format_probing = 1
diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
index 988220b..3ba48bf 100644
--- a/src/qemu/qemu_conf.c
+++ b/src/qemu/qemu_conf.c
@@ -365,6 +365,10 @@ int qemudLoadDriverConfig(struct qemud_driver *driver,
CHECK_TYPE ("clear_emulator_capabilities", VIR_CONF_LONG);
if (p) driver->clearEmulatorCapabilities = p->l;
+ p = virConfGetValue (conf, "allow_disk_format_probing");
+ CHECK_TYPE ("allow_disk_format_probing", VIR_CONF_LONG);
+ if (p) driver->allowDiskFormatProbing = p->l;
+
virConfFree (conf);
return 0;
}
diff --git a/src/qemu/qemu_conf.h b/src/qemu/qemu_conf.h
index ab5f158..30e9f20 100644
--- a/src/qemu/qemu_conf.h
+++ b/src/qemu/qemu_conf.h
@@ -141,6 +141,7 @@ struct qemud_driver {
unsigned int relaxedACS : 1;
unsigned int vncAllowHostAudio : 1;
unsigned int clearEmulatorCapabilities : 1;
+ unsigned int allowDiskFormatProbing : 1;
virCapsPtr caps;
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 616547c..3c479c5 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -1322,7 +1322,8 @@ qemudSecurityInit(struct qemud_driver *qemud_drv)
qemuSecurityDACSetDriver(qemud_drv);
ret = virSecurityDriverStartup(&security_drv,
- qemud_drv->securityDriverName);
+ qemud_drv->securityDriverName,
+ qemud_drv->allowDiskFormatProbing);
if (ret == -1) {
VIR_ERROR0(_("Failed to start security driver"));
return -1;
@@ -3070,11 +3071,12 @@ static int qemuSetupDiskPathAllow(virDomainDiskDefPtr disk ATTRIBUTE_UNUSED,
}
-static int qemuSetupDiskCgroup(virCgroupPtr cgroup,
+static int qemuSetupDiskCgroup(struct qemud_driver *driver,
+ virCgroupPtr cgroup,
virDomainDiskDefPtr disk)
{
return virDomainDiskDefForeachPath(disk,
- true,
+ driver->allowDiskFormatProbing,
true,
qemuSetupDiskPathAllow,
cgroup);
@@ -3109,11 +3111,12 @@ static int qemuTeardownDiskPathDeny(virDomainDiskDefPtr disk ATTRIBUTE_UNUSED,
}
-static int qemuTeardownDiskCgroup(virCgroupPtr cgroup,
+static int qemuTeardownDiskCgroup(struct qemud_driver *driver,
+ virCgroupPtr cgroup,
virDomainDiskDefPtr disk)
{
return virDomainDiskDefForeachPath(disk,
- true,
+ driver->allowDiskFormatProbing,
true,
qemuTeardownDiskPathDeny,
cgroup);
@@ -3180,7 +3183,7 @@ static int qemuSetupCgroup(struct qemud_driver *driver,
}
for (i = 0; i < vm->def->ndisks ; i++) {
- if (qemuSetupDiskCgroup(cgroup, vm->def->disks[i]) < 0)
+ if (qemuSetupDiskCgroup(driver, cgroup, vm->def->disks[i]) < 0)
goto cleanup;
}
@@ -8033,7 +8036,7 @@ static int qemudDomainAttachDevice(virDomainPtr dom,
vm->def->name);
goto endjob;
}
- if (qemuSetupDiskCgroup(cgroup, dev->data.disk) < 0)
+ if (qemuSetupDiskCgroup(driver, cgroup, dev->data.disk) < 0)
goto endjob;
}
@@ -8078,7 +8081,7 @@ static int qemudDomainAttachDevice(virDomainPtr dom,
/* Fallthrough */
}
if (ret != 0 && cgroup) {
- if (qemuTeardownDiskCgroup(cgroup, dev->data.disk) < 0)
+ if (qemuTeardownDiskCgroup(driver, cgroup, dev->data.disk) < 0)
VIR_WARN("Failed to teardown cgroup for disk path %s",
NULLSTR(dev->data.disk->src));
}
@@ -8278,7 +8281,7 @@ static int qemuDomainUpdateDeviceFlags(virDomainPtr dom,
vm->def->name);
goto endjob;
}
- if (qemuSetupDiskCgroup(cgroup, dev->data.disk) < 0)
+ if (qemuSetupDiskCgroup(driver, cgroup, dev->data.disk) < 0)
goto endjob;
}
@@ -8301,7 +8304,7 @@ static int qemuDomainUpdateDeviceFlags(virDomainPtr dom,
}
if (ret != 0 && cgroup) {
- if (qemuTeardownDiskCgroup(cgroup, dev->data.disk) < 0)
+ if (qemuTeardownDiskCgroup(driver, cgroup, dev->data.disk) < 0)
VIR_WARN("Failed to teardown cgroup for disk path %s",
NULLSTR(dev->data.disk->src));
}
@@ -8429,7 +8432,7 @@ static int qemudDomainDetachPciDiskDevice(struct qemud_driver *driver,
VIR_WARN("Unable to restore security label on %s", dev->data.disk->src);
if (cgroup != NULL) {
- if (qemuTeardownDiskCgroup(cgroup, dev->data.disk) < 0)
+ if (qemuTeardownDiskCgroup(driver, cgroup, dev->data.disk) < 0)
VIR_WARN("Failed to teardown cgroup for disk path %s",
NULLSTR(dev->data.disk->src));
}
@@ -8493,7 +8496,7 @@ static int qemudDomainDetachSCSIDiskDevice(struct qemud_driver *driver,
VIR_WARN("Unable to restore security label on %s", dev->data.disk->src);
if (cgroup != NULL) {
- if (qemuTeardownDiskCgroup(cgroup, dev->data.disk) < 0)
+ if (qemuTeardownDiskCgroup(driver, cgroup, dev->data.disk) < 0)
VIR_WARN("Failed to teardown cgroup for disk path %s",
NULLSTR(dev->data.disk->src));
}
@@ -9672,8 +9675,15 @@ static int qemuDomainGetBlockInfo(virDomainPtr dom,
goto cleanup;
}
} else {
- if ((format = virStorageFileProbeFormat(disk->src)) < 0)
+ if (driver->allowDiskFormatProbing) {
+ if ((format = virStorageFileProbeFormat(disk->src)) < 0)
+ goto cleanup;
+ } else {
+ qemuReportError(VIR_ERR_INTERNAL_ERROR,
+ _("no disk format for %s and probing is disabled"),
+ disk->src);
goto cleanup;
+ }
}
if (virStorageFileGetMetadataFromFD(path, fd,
diff --git a/src/qemu/qemu_security_dac.c b/src/qemu/qemu_security_dac.c
index 0bbcf69..55dc0c6 100644
--- a/src/qemu/qemu_security_dac.c
+++ b/src/qemu/qemu_security_dac.c
@@ -117,7 +117,7 @@ qemuSecurityDACSetSecurityImageLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
return 0;
return virDomainDiskDefForeachPath(disk,
- true,
+ driver->allowDiskFormatProbing,
false,
qemuSecurityDACSetSecurityFileLabel,
NULL);
diff --git a/src/qemu/test_libvirtd_qemu.aug b/src/qemu/test_libvirtd_qemu.aug
index 3326cc5..f0c4a0d 100644
--- a/src/qemu/test_libvirtd_qemu.aug
+++ b/src/qemu/test_libvirtd_qemu.aug
@@ -101,6 +101,8 @@ relaxed_acs_check = 1
vnc_allow_host_audio = 1
clear_emulator_capabilities = 0
+
+allow_disk_format_probing = 1
"
test Libvirtd_qemu.lns get conf =
@@ -212,3 +214,5 @@ clear_emulator_capabilities = 0
{ "vnc_allow_host_audio" = "1" }
{ "#empty" }
{ "clear_emulator_capabilities" = "0" }
+{ "#empty" }
+{ "allow_disk_format_probing" = "1" }
diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c
index cb5c739..c5f9829 100644
--- a/src/security/security_apparmor.c
+++ b/src/security/security_apparmor.c
@@ -157,6 +157,8 @@ load_profile(virSecurityDriverPtr drv,
char *xml = NULL;
int pipefd[2];
pid_t child;
+ const char *probe = virSecurityDriverGetAllowDiskFormatProbing(drv)
+ ? "1" : "0";
if (pipe(pipefd) < -1) {
virReportSystemError(errno, "%s", _("unable to create pipe"));
@@ -172,19 +174,19 @@ load_profile(virSecurityDriverPtr drv,
if (create) {
const char *const argv[] = {
- VIRT_AA_HELPER, "-c", "-u", profile, NULL
+ VIRT_AA_HELPER, "-p", probe, "-c", "-u", profile, NULL
};
ret = virExec(argv, NULL, NULL, &child,
pipefd[0], NULL, NULL, VIR_EXEC_NONE);
} else if (fn) {
const char *const argv[] = {
- VIRT_AA_HELPER, "-r", "-u", profile, "-f", fn, NULL
+ VIRT_AA_HELPER, "-p", probe, "-r", "-u", profile, "-f", fn, NULL
};
ret = virExec(argv, NULL, NULL, &child,
pipefd[0], NULL, NULL, VIR_EXEC_NONE);
} else {
const char *const argv[] = {
- VIRT_AA_HELPER, "-r", "-u", profile, NULL
+ VIRT_AA_HELPER, "-p", probe, "-r", "-u", profile, NULL
};
ret = virExec(argv, NULL, NULL, &child,
pipefd[0], NULL, NULL, VIR_EXEC_NONE);
@@ -347,9 +349,11 @@ AppArmorSecurityDriverProbe(void)
* currently not used.
*/
static int
-AppArmorSecurityDriverOpen(virSecurityDriverPtr drv)
+AppArmorSecurityDriverOpen(virSecurityDriverPtr drv,
+ bool allowDiskFormatProbing)
{
virSecurityDriverSetDOI(drv, SECURITY_APPARMOR_VOID_DOI);
+ virSecurityDriverSetAllowDiskFormatProbing(drv, allowDiskFormatProbing);
return 0;
}
diff --git a/src/security/security_driver.c b/src/security/security_driver.c
index aac9f78..9e32fa4 100644
--- a/src/security/security_driver.c
+++ b/src/security/security_driver.c
@@ -56,7 +56,8 @@ virSecurityDriverVerify(virDomainDefPtr def)
int
virSecurityDriverStartup(virSecurityDriverPtr *drv,
- const char *name)
+ const char *name,
+ bool allowDiskFormatProbing)
{
unsigned int i;
@@ -72,7 +73,7 @@ virSecurityDriverStartup(virSecurityDriverPtr *drv,
switch (tmp->probe()) {
case SECURITY_DRIVER_ENABLE:
virSecurityDriverInit(tmp);
- if (tmp->open(tmp) == -1) {
+ if (tmp->open(tmp, allowDiskFormatProbing) == -1) {
return -1;
} else {
*drv = tmp;
@@ -125,3 +126,14 @@ virSecurityDriverGetModel(virSecurityDriverPtr drv)
{
return drv->name;
}
+
+void virSecurityDriverSetAllowDiskFormatProbing(virSecurityDriverPtr drv,
+ bool allowDiskFormatProbing)
+{
+ drv->_private.allowDiskFormatProbing = allowDiskFormatProbing;
+}
+
+bool virSecurityDriverGetAllowDiskFormatProbing(virSecurityDriverPtr drv)
+{
+ return drv->_private.allowDiskFormatProbing;
+}
diff --git a/src/security/security_driver.h b/src/security/security_driver.h
index 61c9eb0..d768f32 100644
--- a/src/security/security_driver.h
+++ b/src/security/security_driver.h
@@ -33,7 +33,8 @@ typedef struct _virSecurityDriverState virSecurityDriverState;
typedef virSecurityDriverState *virSecurityDriverStatePtr;
typedef virSecurityDriverStatus (*virSecurityDriverProbe) (void);
-typedef int (*virSecurityDriverOpen) (virSecurityDriverPtr drv);
+typedef int (*virSecurityDriverOpen) (virSecurityDriverPtr drv,
+ bool allowDiskFormatProbing);
typedef int (*virSecurityDomainRestoreImageLabel) (virSecurityDriverPtr drv,
virDomainObjPtr vm,
virDomainDiskDefPtr disk);
@@ -102,12 +103,14 @@ struct _virSecurityDriver {
*/
struct {
char doi[VIR_SECURITY_DOI_BUFLEN];
+ bool allowDiskFormatProbing;
} _private;
};
/* Global methods */
int virSecurityDriverStartup(virSecurityDriverPtr *drv,
- const char *name);
+ const char *name,
+ bool allowDiskFormatProbing);
int
virSecurityDriverVerify(virDomainDefPtr def);
@@ -120,7 +123,10 @@ virSecurityDriverVerify(virDomainDefPtr def);
void virSecurityDriverInit(virSecurityDriverPtr drv);
int virSecurityDriverSetDOI(virSecurityDriverPtr drv,
const char *doi);
+void virSecurityDriverSetAllowDiskFormatProbing(virSecurityDriverPtr drv,
+ bool allowDiskFormatProbing);
const char *virSecurityDriverGetDOI(virSecurityDriverPtr drv);
const char *virSecurityDriverGetModel(virSecurityDriverPtr drv);
+bool virSecurityDriverGetAllowDiskFormatProbing(virSecurityDriverPtr drv);
#endif /* __VIR_SECURITY_H__ */
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index cc3812b..a9dd836 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -266,13 +266,15 @@ SELinuxSecurityDriverProbe(void)
}
static int
-SELinuxSecurityDriverOpen(virSecurityDriverPtr drv)
+SELinuxSecurityDriverOpen(virSecurityDriverPtr drv,
+ bool allowDiskFormatProbing)
{
/*
* Where will the DOI come from? SELinux configuration, or qemu
* configuration? For the moment, we'll just set it to "0".
*/
virSecurityDriverSetDOI(drv, SECURITY_SELINUX_VOID_DOI);
+ virSecurityDriverSetAllowDiskFormatProbing(drv, allowDiskFormatProbing);
return SELinuxInitialize();
}
@@ -467,18 +469,19 @@ SELinuxSetSecurityFileLabel(virDomainDiskDefPtr disk,
}
static int
-SELinuxSetSecurityImageLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
+SELinuxSetSecurityImageLabel(virSecurityDriverPtr drv,
virDomainObjPtr vm,
virDomainDiskDefPtr disk)
{
const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
+ bool allowDiskFormatProbing = virSecurityDriverGetAllowDiskFormatProbing(drv);
if (secdef->type == VIR_DOMAIN_SECLABEL_STATIC)
return 0;
return virDomainDiskDefForeachPath(disk,
- true,
+ allowDiskFormatProbing,
false,
SELinuxSetSecurityFileLabel,
secdef);
diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
index 9ed0cd3..521545d 100644
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@@ -40,6 +40,7 @@
static char *progname;
typedef struct {
+ bool allowDiskFormatProbing;
char uuid[PROFILE_NAME_SIZE]; /* UUID of vm */
bool dryrun; /* dry run */
char cmd; /* 'c' create
@@ -844,7 +845,7 @@ get_files(vahControl * ctl)
for (i = 0; i < ctl->def->ndisks; i++) {
int ret = virDomainDiskDefForeachPath(ctl->def->disks[i],
- true,
+ ctl->allowDiskFormatProbing,
false,
add_file_path,
&buf);
@@ -943,6 +944,7 @@ vahParseArgv(vahControl * ctl, int argc, char **argv)
{
int arg, idx = 0;
struct option opt[] = {
+ {"probing", 1, 0, 'p' },
{"add", 0, 0, 'a'},
{"create", 0, 0, 'c'},
{"dryrun", 0, 0, 'd'},
@@ -991,6 +993,12 @@ vahParseArgv(vahControl * ctl, int argc, char **argv)
PROFILE_NAME_SIZE) == NULL)
vah_error(ctl, 1, "error copying UUID");
break;
+ case 'p':
+ if (STREQ(optarg, "1"))
+ ctl->allowDiskFormatProbing = true;
+ else
+ ctl->allowDiskFormatProbing = false;
+ break;
default:
vah_error(ctl, 1, "unsupported option");
break;
diff --git a/tests/seclabeltest.c b/tests/seclabeltest.c
index 26d1f86..ef3f026 100644
--- a/tests/seclabeltest.c
+++ b/tests/seclabeltest.c
@@ -15,7 +15,7 @@ main (int argc ATTRIBUTE_UNUSED, char **argv ATTRIBUTE_UNUSED)
const char *doi, *model;
virSecurityDriverPtr security_drv;
- ret = virSecurityDriverStartup (&security_drv, "selinux");
+ ret = virSecurityDriverStartup (&security_drv, "selinux", false);
if (ret == -1)
{
fprintf (stderr, "Failed to start security driver");
--
1.7.1.1

94
libvirt-0.8.2-09-set-default-driver.patch Normal file
View File

@@ -0,0 +1,94 @@
From 3534cd47a57ee9cf7041472511444784f14d6939 Mon Sep 17 00:00:00 2001
From: Daniel P. Berrange <berrange@redhat.com>
Date: Mon, 14 Jun 2010 16:08:55 +0100
Subject: [PATCH 09/11] Add ability to set a default driver name/type when parsing disks
Record a default driver name/type in capabilities struct. Use this
when parsing disks if value is not set in XML config.
* src/conf/capabilities.h: Record default driver name/type for disks
* src/conf/domain_conf.c: Fallback to default driver name/type
when parsing disks
* src/qemu/qemu_driver.c: Set default driver name/type to raw
---
src/conf/capabilities.h | 2 ++
src/conf/domain_conf.c | 16 +++++++++++++++-
src/qemu/qemu_driver.c | 8 ++++++++
3 files changed, 25 insertions(+), 1 deletions(-)
diff --git a/src/conf/capabilities.h b/src/conf/capabilities.h
index 9290c82..f676eb8 100644
--- a/src/conf/capabilities.h
+++ b/src/conf/capabilities.h
@@ -123,6 +123,8 @@ struct _virCaps {
virCapsGuestPtr *guests;
unsigned char macPrefix[VIR_MAC_PREFIX_BUFLEN];
unsigned int emulatorRequired : 1;
+ const char *defaultDiskDriverName;
+ const char *defaultDiskDriverType;
void *(*privateDataAllocFunc)(void);
void (*privateDataFreeFunc)(void *);
int (*privateDataXMLFormat)(virBufferPtr, void *);
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index b20ca97..f3b8cfa 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -1639,6 +1639,16 @@ virDomainDiskDefParseXML(virCapsPtr caps,
def->serial = serial;
serial = NULL;
+ if (!def->driverType &&
+ caps->defaultDiskDriverType &&
+ !(def->driverType = strdup(caps->defaultDiskDriverType)))
+ goto no_memory;
+
+ if (!def->driverName &&
+ caps->defaultDiskDriverName &&
+ !(def->driverName = strdup(caps->defaultDiskDriverName)))
+ goto no_memory;
+
if (def->info.type == VIR_DOMAIN_DEVICE_ADDRESS_TYPE_NONE
&& virDomainDiskDefAssignAddress(caps, def) < 0)
goto error;
@@ -1659,6 +1669,9 @@ cleanup:
return def;
+no_memory:
+ virReportOOMError();
+
error:
virDomainDiskDefFree(def);
def = NULL;
@@ -4275,7 +4288,8 @@ static virDomainDefPtr virDomainDefParseXML(virCapsPtr caps,
if (n && VIR_ALLOC_N(def->disks, n) < 0)
goto no_memory;
for (i = 0 ; i < n ; i++) {
- virDomainDiskDefPtr disk = virDomainDiskDefParseXML(caps, nodes[i],
+ virDomainDiskDefPtr disk = virDomainDiskDefParseXML(caps,
+ nodes[i],
flags);
if (!disk)
goto error;
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 3c479c5..14b790e 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -1357,6 +1357,14 @@ qemuCreateCapabilities(virCapsPtr oldcaps,
return NULL;
}
+ if (driver->allowDiskFormatProbing) {
+ caps->defaultDiskDriverName = NULL;
+ caps->defaultDiskDriverType = NULL;
+ } else {
+ caps->defaultDiskDriverName = "qemu";
+ caps->defaultDiskDriverType = "raw";
+ }
+
/* Domain XML parser hooks */
caps->privateDataAllocFunc = qemuDomainObjPrivateAlloc;
caps->privateDataFreeFunc = qemuDomainObjPrivateFree;
--
1.7.1.1

291
libvirt-0.8.2-10-qemu-img-format-handling.patch Normal file
View File

@@ -0,0 +1,291 @@
From 2ba8625d6d148fa489586efabdfaf2ef20903762 Mon Sep 17 00:00:00 2001
From: Daniel P. Berrange <berrange@redhat.com>
Date: Wed, 16 Jun 2010 14:14:05 +0100
Subject: [PATCH 10/11] Rewrite qemu-img backing store format handling
When creating qcow2 files with a backing store, it is important
to set an explicit format to prevent QEMU probing. The storage
backend was only doing this if it found a 'kvm-img' binary. This
is wrong because plenty of kvm-img binaries don't support an
explicit format, and plenty of 'qemu-img' binaries do support
a format. The result was that most qcow2 files were not getting
a backing store format.
This patch runs 'qemu-img -h' to check for the two support
argument formats
'-o backing_format=raw'
'-F raw'
and use whichever option it finds
* src/storage/storage_backend.c: Query binary to determine
how to set the backing store format
---
src/storage/storage_backend.c | 214 +++++++++++++++++++++++++++++------------
1 files changed, 152 insertions(+), 62 deletions(-)
diff --git a/src/storage/storage_backend.c b/src/storage/storage_backend.c
index aba8937..c185693 100644
--- a/src/storage/storage_backend.c
+++ b/src/storage/storage_backend.c
@@ -561,6 +561,69 @@ static int virStorageBackendCreateExecCommand(virStoragePoolObjPtr pool,
return 0;
}
+enum {
+ QEMU_IMG_BACKING_FORMAT_NONE = 0,
+ QEMU_IMG_BACKING_FORMAT_FLAG,
+ QEMU_IMG_BACKING_FORMAT_OPTIONS,
+};
+
+static int virStorageBackendQEMUImgBackingFormat(const char *qemuimg)
+{
+ const char *const qemuarg[] = { qemuimg, "-h", NULL };
+ const char *const qemuenv[] = { "LC_ALL=C", NULL };
+ pid_t child = 0;
+ int status;
+ int newstdout = -1;
+ char *help = NULL;
+ enum { MAX_HELP_OUTPUT_SIZE = 1024*8 };
+ int len;
+ char *start;
+ char *end;
+ char *tmp;
+ int ret = -1;
+
+ if (virExec(qemuarg, qemuenv, NULL,
+ &child, -1, &newstdout, NULL, VIR_EXEC_CLEAR_CAPS) < 0)
+ goto cleanup;
+
+ if ((len = virFileReadLimFD(newstdout, MAX_HELP_OUTPUT_SIZE, &help)) < 0) {
+ virReportSystemError(errno,
+ _("Unable to read '%s -h' output"),
+ qemuimg);
+ goto cleanup;
+ }
+
+ start = strstr(help, " create ");
+ end = strstr(start, "\n");
+ if ((tmp = strstr(start, "-F fmt")) && tmp < end)
+ ret = QEMU_IMG_BACKING_FORMAT_FLAG;
+ else if ((tmp = strstr(start, "[-o options]")) && tmp < end)
+ ret = QEMU_IMG_BACKING_FORMAT_OPTIONS;
+ else
+ ret = QEMU_IMG_BACKING_FORMAT_NONE;
+
+cleanup:
+ VIR_FREE(help);
+ close(newstdout);
+rewait:
+ if (child) {
+ if (waitpid(child, &status, 0) != child) {
+ if (errno == EINTR)
+ goto rewait;
+
+ VIR_ERROR(_("Unexpected exit status from qemu %d pid %lu"),
+ WEXITSTATUS(status), (unsigned long)child);
+ }
+ if (WEXITSTATUS(status) != 0) {
+ VIR_WARN("Unexpected exit status '%d', qemu probably failed",
+ WEXITSTATUS(status));
+ }
+ }
+
+ return ret;
+}
+
+
static int
virStorageBackendCreateQemuImg(virConnectPtr conn,
virStoragePoolObjPtr pool,
@@ -568,10 +631,9 @@ virStorageBackendCreateQemuImg(virConnectPtr conn,
virStorageVolDefPtr inputvol,
unsigned int flags ATTRIBUTE_UNUSED)
{
- int ret;
+ int ret = -1;
char size[100];
char *create_tool;
- short use_kvmimg;
const char *type = virStorageFileFormatTypeToString(vol->target.format);
const char *backingType = vol->backingStore.path ?
@@ -582,41 +644,10 @@ virStorageBackendCreateQemuImg(virConnectPtr conn,
const char *inputPath = inputvol ? inputvol->target.path : NULL;
/* Treat input block devices as 'raw' format */
const char *inputType = inputPath ?
- virStorageFileFormatTypeToString(inputvol->type == VIR_STORAGE_VOL_BLOCK ? VIR_STORAGE_FILE_RAW : inputvol->target.format) :
- NULL;
-
- const char **imgargv;
- /* The extra NULL field is for indicating encryption (-e). */
- const char *imgargvnormal[] = {
- NULL, "create",
- "-f", type,
- vol->target.path,
- size,
- NULL,
- NULL
- };
- /* Extra NULL fields are for including "backingType" when using
- * kvm-img (-F backingType), and for indicating encryption (-e).
- */
- const char *imgargvbacking[] = {
- NULL, "create",
- "-f", type,
- "-b", vol->backingStore.path,
- vol->target.path,
- size,
- NULL,
- NULL,
- NULL,
- NULL
- };
- const char *convargv[] = {
- NULL, "convert",
- "-f", inputType,
- "-O", type,
- inputPath,
- vol->target.path,
- NULL,
- };
+ virStorageFileFormatTypeToString(inputvol->type == VIR_STORAGE_VOL_BLOCK ?
+ VIR_STORAGE_FILE_RAW :
+ inputvol->target.format) :
+ NULL;
if (type == NULL) {
virStorageReportError(VIR_ERR_INTERNAL_ERROR,
@@ -690,44 +721,103 @@ virStorageBackendCreateQemuImg(virConnectPtr conn,
}
}
- if ((create_tool = virFindFileInPath("kvm-img")) != NULL)
- use_kvmimg = 1;
- else if ((create_tool = virFindFileInPath("qemu-img")) != NULL)
- use_kvmimg = 0;
- else {
+ /* Size in KB */
+ snprintf(size, sizeof(size), "%lluK", vol->capacity/1024);
+
+ /* KVM is usually ahead of qemu on features, so try that first */
+ create_tool = virFindFileInPath("kvm-img");
+ if (!create_tool)
+ create_tool = virFindFileInPath("qemu-img");
+
+ if (!create_tool) {
virStorageReportError(VIR_ERR_INTERNAL_ERROR,
"%s", _("unable to find kvm-img or qemu-img"));
return -1;
}
if (inputvol) {
- convargv[0] = create_tool;
- imgargv = convargv;
+ const char *imgargv[] = {
+ create_tool,
+ "convert",
+ "-f", inputType,
+ "-O", type,
+ inputPath,
+ vol->target.path,
+ NULL,
+ };
+
+ ret = virStorageBackendCreateExecCommand(pool, vol, imgargv);
} else if (vol->backingStore.path) {
- imgargvbacking[0] = create_tool;
- if (use_kvmimg) {
- imgargvbacking[6] = "-F";
- imgargvbacking[7] = backingType;
- imgargvbacking[8] = vol->target.path;
- imgargvbacking[9] = size;
+ const char *imgargv[] = {
+ create_tool,
+ "create",
+ "-f", type,
+ "-b", vol->backingStore.path,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL
+ };
+ int imgformat = virStorageBackendQEMUImgBackingFormat(create_tool);
+ char *optflag = NULL;
+ if (imgformat < 0)
+ goto cleanup;
+
+ switch (imgformat) {
+ case QEMU_IMG_BACKING_FORMAT_FLAG:
+ imgargv[6] = "-F";
+ imgargv[7] = backingType;
+ imgargv[8] = vol->target.path;
+ imgargv[9] = size;
+ if (vol->target.encryption != NULL)
+ imgargv[10] = "-e";
+ break;
+
+ case QEMU_IMG_BACKING_FORMAT_OPTIONS:
+ if (virAsprintf(&optflag, "backing_fmt=%s", backingType) < 0) {
+ virReportOOMError();
+ goto cleanup;
+ }
+ imgargv[6] = "-o";
+ imgargv[7] = optflag;
+ imgargv[8] = vol->target.path;
+ imgargv[9] = size;
if (vol->target.encryption != NULL)
- imgargvbacking[10] = "-e";
- } else if (vol->target.encryption != NULL)
- imgargvbacking[8] = "-e";
- imgargv = imgargvbacking;
+ imgargv[10] = "-e";
+ break;
+
+ default:
+ VIR_INFO("Unable to set backing store format for %s with %s",
+ vol->target.path, create_tool);
+ imgargv[6] = vol->target.path;
+ imgargv[7] = size;
+ if (vol->target.encryption != NULL)
+ imgargv[8] = "-e";
+ }
+
+ ret = virStorageBackendCreateExecCommand(pool, vol, imgargv);
+ VIR_FREE(optflag);
} else {
- imgargvnormal[0] = create_tool;
- imgargv = imgargvnormal;
+ /* The extra NULL field is for indicating encryption (-e). */
+ const char *imgargv[] = {
+ create_tool,
+ "create",
+ "-f", type,
+ vol->target.path,
+ size,
+ NULL,
+ NULL
+ };
if (vol->target.encryption != NULL)
imgargv[6] = "-e";
- }
+ ret = virStorageBackendCreateExecCommand(pool, vol, imgargv);
+ }
- /* Size in KB */
- snprintf(size, sizeof(size), "%lluK", vol->capacity/1024);
-
- ret = virStorageBackendCreateExecCommand(pool, vol, imgargv);
- VIR_FREE(imgargv[0]);
+ cleanup:
+ VIR_FREE(create_tool);
return ret;
}
--
1.7.1.1

165
libvirt-0.8.2-11-storage-vol-backing.patch Normal file
View File

@@ -0,0 +1,165 @@
From d33f44c2e74de28c89b64cdc2c0a6564662e075c Mon Sep 17 00:00:00 2001
From: Daniel P. Berrange <berrange@redhat.com>
Date: Fri, 9 Jul 2010 11:28:40 +0100
Subject: [PATCH 11/11] Use the extract backing store format in storage volume lookup
The storage volume lookup code was probing for the backing store
format, instead of using the format extracted from the file
itself. This meant it could report in accurate information. If
a format is included in the file, then use that in preference,
with probing as a fallback.
* src/storage/storage_backend_fs.c: Use extracted backing store
format
---
src/storage/storage_backend_fs.c | 80 +++++++++++++++++---------------------
1 files changed, 36 insertions(+), 44 deletions(-)
diff --git a/src/storage/storage_backend_fs.c b/src/storage/storage_backend_fs.c
index d3ac0fe..ffb0071 100644
--- a/src/storage/storage_backend_fs.c
+++ b/src/storage/storage_backend_fs.c
@@ -51,6 +51,7 @@
static int
virStorageBackendProbeTarget(virStorageVolTargetPtr target,
char **backingStore,
+ int *backingStoreFormat,
unsigned long long *allocation,
unsigned long long *capacity,
virStorageEncryptionPtr *encryption)
@@ -58,6 +59,10 @@ virStorageBackendProbeTarget(virStorageVolTargetPtr target,
int fd, ret;
virStorageFileMetadata meta;
+ if (backingStore)
+ *backingStore = NULL;
+ if (backingStoreFormat)
+ *backingStoreFormat = VIR_STORAGE_FILE_AUTO;
if (encryption)
*encryption = NULL;
@@ -89,22 +94,30 @@ virStorageBackendProbeTarget(virStorageVolTargetPtr target,
close(fd);
- if (backingStore) {
- *backingStore = meta.backingStore;
- meta.backingStore = NULL;
+ if (meta.backingStore) {
+ if (backingStore) {
+ *backingStore = meta.backingStore;
+ meta.backingStore = NULL;
+ if (meta.backingStoreFormat == VIR_STORAGE_FILE_AUTO) {
+ if ((*backingStoreFormat = virStorageFileProbeFormat(*backingStore)) < 0) {
+ close(fd);
+ goto cleanup;
+ }
+ } else {
+ *backingStoreFormat = meta.backingStoreFormat;
+ }
+ } else {
+ VIR_FREE(meta.backingStore);
+ }
}
- VIR_FREE(meta.backingStore);
-
if (capacity && meta.capacity)
*capacity = meta.capacity;
if (encryption != NULL && meta.encrypted) {
if (VIR_ALLOC(*encryption) < 0) {
virReportOOMError();
- if (backingStore)
- VIR_FREE(*backingStore);
- return -1;
+ goto cleanup;
}
switch (target->format) {
@@ -124,6 +137,11 @@ virStorageBackendProbeTarget(virStorageVolTargetPtr target,
}
return 0;
+
+cleanup:
+ if (backingStore)
+ VIR_FREE(*backingStore);
+ return -1;
}
#if WITH_STORAGE_FS
@@ -585,6 +603,7 @@ virStorageBackendFileSystemRefresh(virConnectPtr conn ATTRIBUTE_UNUSED,
while ((ent = readdir(dir)) != NULL) {
int ret;
char *backingStore;
+ int backingStoreFormat;
if (VIR_ALLOC(vol) < 0)
goto no_memory;
@@ -604,6 +623,7 @@ virStorageBackendFileSystemRefresh(virConnectPtr conn ATTRIBUTE_UNUSED,
if ((ret = virStorageBackendProbeTarget(&vol->target,
&backingStore,
+ &backingStoreFormat,
&vol->allocation,
&vol->capacity,
&vol->target.encryption)) < 0) {
@@ -619,46 +639,18 @@ virStorageBackendFileSystemRefresh(virConnectPtr conn ATTRIBUTE_UNUSED,
}
if (backingStore != NULL) {
- if (vol->target.format == VIR_STORAGE_FILE_QCOW2 &&
- STRPREFIX("fmt:", backingStore)) {
- char *fmtstr = backingStore + 4;
- char *path = strchr(fmtstr, ':');
- if (!path) {
- VIR_FREE(backingStore);
- } else {
- *path = '\0';
- if ((vol->backingStore.format =
- virStorageFileFormatTypeFromString(fmtstr)) < 0) {
- VIR_FREE(backingStore);
- } else {
- memmove(backingStore, path, strlen(path) + 1);
- vol->backingStore.path = backingStore;
-
- if (virStorageBackendUpdateVolTargetInfo(&vol->backingStore,
- NULL,
- NULL) < 0)
- VIR_FREE(vol->backingStore);
- }
- }
- } else {
- vol->backingStore.path = backingStore;
-
- if ((ret = virStorageBackendProbeTarget(&vol->backingStore,
- NULL, NULL, NULL,
- NULL)) < 0) {
- if (ret == -1)
- goto cleanup;
- else {
- /* Silently ignore non-regular files,
- * eg '.' '..', 'lost+found' */
- VIR_FREE(vol->backingStore);
- }
- }
+ vol->backingStore.path = backingStore;
+ vol->backingStore.format = backingStoreFormat;
+
+ if (virStorageBackendUpdateVolTargetInfo(&vol->backingStore,
+ NULL,
+ NULL) < 0) {
+ VIR_FREE(vol->backingStore.path);
+ goto cleanup;
}
}
-
if (VIR_REALLOC_N(pool->volumes.objs,
pool->volumes.count+1) < 0)
goto no_memory;
--
1.7.1.1

265
libvirt-0.8.2-apply-iptables-sport-mapping.patch Normal file
View File

@@ -0,0 +1,265 @@
From 112a309bc7839e95c558b535143f855ce89cca8c Mon Sep 17 00:00:00 2001
From: Daniel P. Berrange <berrange@redhat.com>
Date: Thu, 10 Jun 2010 12:50:38 -0400
Subject: [PATCH] CVE-2010-2242 Apply a source port mapping to virtual network masquerading
IPtables will seek to preserve the source port unchanged when
doing masquerading, if possible. NFS has a pseudo-security
option where it checks for the source port <= 1023 before
allowing a mount request. If an admin has used this to make the
host OS trusted for mounts, the default iptables behaviour will
potentially allow NAT'd guests access too. This needs to be
stopped.
With this change, the iptables -t nat -L -n -v rules for the
default network will be
Chain POSTROUTING (policy ACCEPT 95 packets, 9163 bytes)
pkts bytes target prot opt in out source destination
14 840 MASQUERADE tcp -- * * 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535
75 5752 MASQUERADE udp -- * * 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535
0 0 MASQUERADE all -- * * 192.168.122.0/24 !192.168.122.0/24
* src/network/bridge_driver.c: Add masquerade rules for TCP
and UDP protocols
* src/util/iptables.c, src/util/iptables.c: Add source port
mappings for TCP & UDP protocols when masquerading.
---
src/network/bridge_driver.c | 73 ++++++++++++++++++++++++++++++++++++++++--
src/util/iptables.c | 70 +++++++++++++++++++++++++++++------------
src/util/iptables.h | 6 ++-
3 files changed, 122 insertions(+), 27 deletions(-)
diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
index 72255c1..80ed57a 100644
--- a/src/network/bridge_driver.c
+++ b/src/network/bridge_driver.c
@@ -638,18 +638,74 @@ networkAddMasqueradingIptablesRules(struct network_driver *driver,
goto masqerr2;
}
- /* enable masquerading */
+ /*
+ * Enable masquerading.
+ *
+ * We need to end up with 3 rules in the table in this order
+ *
+ * 1. protocol=tcp with sport mapping restricton
+ * 2. protocol=udp with sport mapping restricton
+ * 3. generic any protocol
+ *
+ * The sport mappings are required, because default IPtables
+ * MASQUERADE is maintain port number unchanged where possible.
+ *
+ * NFS can be configured to only "trust" port numbers < 1023.
+ *
+ * Guests using NAT thus need to be prevented from having port
+ * numbers < 1023, otherwise they can bypass the NFS "security"
+ * check on the source port number.
+ *
+ * Since we use '--insert' to add rules to the header of the
+ * chain, we actually need to add them in the reverse of the
+ * order just mentioned !
+ */
+
+ /* First the generic masquerade rule for other protocols */
if ((err = iptablesAddForwardMasquerade(driver->iptables,
network->def->network,
- network->def->forwardDev))) {
+ network->def->forwardDev,
+ NULL))) {
virReportSystemError(err,
_("failed to add iptables rule to enable masquerading to '%s'"),
network->def->forwardDev ? network->def->forwardDev : NULL);
goto masqerr3;
}
+ /* UDP with a source port restriction */
+ if ((err = iptablesAddForwardMasquerade(driver->iptables,
+ network->def->network,
+ network->def->forwardDev,
+ "udp"))) {
+ virReportSystemError(err,
+ _("failed to add iptables rule to enable UDP masquerading to '%s'"),
+ network->def->forwardDev ? network->def->forwardDev : NULL);
+ goto masqerr4;
+ }
+
+ /* TCP with a source port restriction */
+ if ((err = iptablesAddForwardMasquerade(driver->iptables,
+ network->def->network,
+ network->def->forwardDev,
+ "tcp"))) {
+ virReportSystemError(err,
+ _("failed to add iptables rule to enable TCP masquerading to '%s'"),
+ network->def->forwardDev ? network->def->forwardDev : NULL);
+ goto masqerr5;
+ }
+
return 1;
+ masqerr5:
+ iptablesRemoveForwardMasquerade(driver->iptables,
+ network->def->network,
+ network->def->forwardDev,
+ "udp");
+ masqerr4:
+ iptablesRemoveForwardMasquerade(driver->iptables,
+ network->def->network,
+ network->def->forwardDev,
+ NULL);
masqerr3:
iptablesRemoveForwardAllowRelatedIn(driver->iptables,
network->def->network,
@@ -814,8 +870,17 @@ networkRemoveIptablesRules(struct network_driver *driver,
if (network->def->forwardType != VIR_NETWORK_FORWARD_NONE) {
if (network->def->forwardType == VIR_NETWORK_FORWARD_NAT) {
iptablesRemoveForwardMasquerade(driver->iptables,
- network->def->network,
- network->def->forwardDev);
+ network->def->network,
+ network->def->forwardDev,
+ "tcp");
+ iptablesRemoveForwardMasquerade(driver->iptables,
+ network->def->network,
+ network->def->forwardDev,
+ "udp");
+ iptablesRemoveForwardMasquerade(driver->iptables,
+ network->def->network,
+ network->def->forwardDev,
+ NULL);
iptablesRemoveForwardAllowRelatedIn(driver->iptables,
network->def->network,
network->def->bridge,
diff --git a/src/util/iptables.c b/src/util/iptables.c
index d06b857..f63e8c6 100644
--- a/src/util/iptables.c
+++ b/src/util/iptables.c
@@ -692,25 +692,49 @@ iptablesRemoveForwardRejectIn(iptablesContext *ctx,
*/
static int
iptablesForwardMasquerade(iptablesContext *ctx,
- const char *network,
- const char *physdev,
- int action)
+ const char *network,
+ const char *physdev,
+ const char *protocol,
+ int action)
{
- if (physdev && physdev[0]) {
- return iptablesAddRemoveRule(ctx->nat_postrouting,
- action,
- "--source", network,
- "!", "--destination", network,
- "--out-interface", physdev,
- "--jump", "MASQUERADE",
- NULL);
+ if (protocol && protocol[0]) {
+ if (physdev && physdev[0]) {
+ return iptablesAddRemoveRule(ctx->nat_postrouting,
+ action,
+ "--source", network,
+ "-p", protocol,
+ "!", "--destination", network,
+ "--out-interface", physdev,
+ "--jump", "MASQUERADE",
+ "--to-ports", "1024-65535",
+ NULL);
+ } else {
+ return iptablesAddRemoveRule(ctx->nat_postrouting,
+ action,
+ "--source", network,
+ "-p", protocol,
+ "!", "--destination", network,
+ "--jump", "MASQUERADE",
+ "--to-ports", "1024-65535",
+ NULL);
+ }
} else {
- return iptablesAddRemoveRule(ctx->nat_postrouting,
- action,
- "--source", network,
- "!", "--destination", network,
- "--jump", "MASQUERADE",
- NULL);
+ if (physdev && physdev[0]) {
+ return iptablesAddRemoveRule(ctx->nat_postrouting,
+ action,
+ "--source", network,
+ "!", "--destination", network,
+ "--out-interface", physdev,
+ "--jump", "MASQUERADE",
+ NULL);
+ } else {
+ return iptablesAddRemoveRule(ctx->nat_postrouting,
+ action,
+ "--source", network,
+ "!", "--destination", network,
+ "--jump", "MASQUERADE",
+ NULL);
+ }
}
}
@@ -719,6 +743,7 @@ iptablesForwardMasquerade(iptablesContext *ctx,
* @ctx: pointer to the IP table context
* @network: the source network name
* @physdev: the physical input device or NULL
+ * @protocol: the network protocol or NULL
*
* Add rules to the IP table context to allow masquerading
* network @network on @physdev. This allow the bridge to
@@ -729,9 +754,10 @@ iptablesForwardMasquerade(iptablesContext *ctx,
int
iptablesAddForwardMasquerade(iptablesContext *ctx,
const char *network,
- const char *physdev)
+ const char *physdev,
+ const char *protocol)
{
- return iptablesForwardMasquerade(ctx, network, physdev, ADD);
+ return iptablesForwardMasquerade(ctx, network, physdev, protocol, ADD);
}
/**
@@ -739,6 +765,7 @@ iptablesAddForwardMasquerade(iptablesContext *ctx,
* @ctx: pointer to the IP table context
* @network: the source network name
* @physdev: the physical input device or NULL
+ * @protocol: the network protocol or NULL
*
* Remove rules from the IP table context to stop masquerading
* network @network on @physdev. This stops the bridge from
@@ -749,7 +776,8 @@ iptablesAddForwardMasquerade(iptablesContext *ctx,
int
iptablesRemoveForwardMasquerade(iptablesContext *ctx,
const char *network,
- const char *physdev)
+ const char *physdev,
+ const char *protocol)
{
- return iptablesForwardMasquerade(ctx, network, physdev, REMOVE);
+ return iptablesForwardMasquerade(ctx, network, physdev, protocol, REMOVE);
}
diff --git a/src/util/iptables.h b/src/util/iptables.h
index 7d55a6d..b47d854 100644
--- a/src/util/iptables.h
+++ b/src/util/iptables.h
@@ -85,9 +85,11 @@ int iptablesRemoveForwardRejectIn (iptablesContext *ctx,
int iptablesAddForwardMasquerade (iptablesContext *ctx,
const char *network,
- const char *physdev);
+ const char *physdev,
+ const char *protocol);
int iptablesRemoveForwardMasquerade (iptablesContext *ctx,
const char *network,
- const char *physdev);
+ const char *physdev,
+ const char *protocol);
#endif /* __QEMUD_IPTABLES_H__ */
--
1.6.6.1

60
libvirt-add-space-to-nodedev-list-tree.patch
View File

@@ -1,60 +0,0 @@
From b77d11b221862343d304e11ed878e2f176101f24 Mon Sep 17 00:00:00 2001
From: Daniel P. Berrange <berrange@redhat.com>
Date: Tue, 28 Apr 2009 10:55:45 +0000
Subject: [PATCH] Cosmetic change to 'virsh nodedev-list --tree' output
Maybe it's just me, but I try to select an item from the tree using
double-click and get annoyed when "+-" gets included in the selection.
* src/virsh.c: add a space between "+-" and the node device name
in 'virsh nodedev-list --tree'
(cherry picked from commit cb4a6614fae48d05f09b7b15328ea6ef4071ccb3)
(cherry picked from commit 097c818bf00b3777778ffc32fea3a6ed1e741e2b)
Fedora-patch: libvirt-add-space-to-nodedev-list-tree.patch
---
src/virsh.c | 10 ++++++----
1 files changed, 6 insertions(+), 4 deletions(-)
diff --git a/src/virsh.c b/src/virsh.c
index 26764a7..c92bb8f 100644
--- a/src/virsh.c
+++ b/src/virsh.c
@@ -4460,10 +4460,12 @@ cmdNodeListDevicesPrint(vshControl *ctl,
if (depth && depth < MAX_DEPTH) {
indentBuf[indentIdx] = '+';
indentBuf[indentIdx+1] = '-';
+ indentBuf[indentIdx+2] = ' ';
+ indentBuf[indentIdx+3] = '\0';
}
/* Print this device */
- vshPrint(ctl, indentBuf);
+ vshPrint(ctl, "%s", indentBuf);
vshPrint(ctl, "%s\n", devices[devid]);
@@ -4487,8 +4489,8 @@ cmdNodeListDevicesPrint(vshControl *ctl,
/* If there is a child device, then print another blank line */
if (nextlastdev != -1) {
- vshPrint(ctl, indentBuf);
- vshPrint(ctl, " |\n");
+ vshPrint(ctl, "%s", indentBuf);
+ vshPrint(ctl, " |\n");
}
/* Finally print all children */
@@ -4511,7 +4513,7 @@ cmdNodeListDevicesPrint(vshControl *ctl,
/* If there was no child device, and we're the last in
* a list of devices, then print another blank line */
if (nextlastdev == -1 && devid == lastdev) {
- vshPrint(ctl, indentBuf);
+ vshPrint(ctl, "%s", indentBuf);
vshPrint(ctl, "\n");
}
}
--
1.6.2.5

812
libvirt-allow-pci-hostdev-reset-to-reset-other-devices.patch
View File

@@ -1,812 +0,0 @@
From 6878a049e27f2eaea7bd3d5c266a2d2b39e444f1 Mon Sep 17 00:00:00 2001
From: Mark McLoughlin <markmc@redhat.com>
Date: Mon, 17 Aug 2009 15:05:23 +0100
Subject: [PATCH] Maintain a list of active PCI hostdevs and use it in pciResetDevice()
https://bugzilla.redhat.com/499678
First we add a pciDeviceList type and add a qemuGetPciHostDeviceList()
function to build a list from a domain definition. Use this in
prepare/re-attach to simplify things and eliminate the multiple
pciGetDevice() calls.
Then, as we start/shutdown guests we can add or delete devices as
appropriate from a list of active devices.
Finally, in pciReset(), we can use this to determine whether its safe to
reset a device as a side effect of resetting another device.
(cherry picked from commit 78675b228b76a83f83d64856bfb63b9e14c103a0)
(cherry picked from commit e8ad33931296c67de0538e78d12e21706a826d37)
Fedora-patch: libvirt-allow-pci-hostdev-reset-to-reset-other-devices.patch
---
src/libvirt_private.syms | 7 +-
src/pci.c | 211 +++++++++++++++++++++++++++++++++--------
src/pci.h | 23 +++++-
src/qemu_conf.h | 3 +
src/qemu_driver.c | 237 +++++++++++++++++++++++++++-------------------
src/xen_unified.c | 2 +-
6 files changed, 339 insertions(+), 144 deletions(-)
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 9249a1a..75ddda8 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -240,7 +240,12 @@ pciFreeDevice;
pciDettachDevice;
pciReAttachDevice;
pciResetDevice;
-
+pciDeviceSetManaged;
+pciDeviceGetManaged;
+pciDeviceListNew;
+pciDeviceListFree;
+pciDeviceListAdd;
+pciDeviceListDel;
# qparams.h
qparam_get_query;
diff --git a/src/pci.c b/src/pci.c
index 1dddb08..1e68261 100644
--- a/src/pci.c
+++ b/src/pci.c
@@ -58,6 +58,7 @@ struct _pciDevice {
unsigned pci_pm_cap_pos;
unsigned has_flr : 1;
unsigned has_pm_reset : 1;
+ unsigned managed : 1;
};
/* For virReportOOMError() and virReportSystemError() */
@@ -220,7 +221,7 @@ pciWrite32(pciDevice *dev, unsigned pos, uint32_t val)
pciWrite(dev, pos, &buf[0], sizeof(buf));
}
-typedef int (*pciIterPredicate)(pciDevice *, pciDevice *);
+typedef int (*pciIterPredicate)(pciDevice *, pciDevice *, void *);
/* Iterate over available PCI devices calling @predicate
* to compare each one to @dev.
@@ -231,7 +232,8 @@ static int
pciIterDevices(virConnectPtr conn,
pciIterPredicate predicate,
pciDevice *dev,
- pciDevice **matched)
+ pciDevice **matched,
+ void *data)
{
DIR *dir;
struct dirent *entry;
@@ -249,7 +251,7 @@ pciIterDevices(virConnectPtr conn,
while ((entry = readdir(dir))) {
unsigned domain, bus, slot, function;
- pciDevice *try;
+ pciDevice *check;
/* Ignore '.' and '..' */
if (entry->d_name[0] == '.')
@@ -261,18 +263,18 @@ pciIterDevices(virConnectPtr conn,
continue;
}
- try = pciGetDevice(conn, domain, bus, slot, function);
- if (!try) {
+ check = pciGetDevice(conn, domain, bus, slot, function);
+ if (!check) {
ret = -1;
break;
}
- if (predicate(try, dev)) {
- VIR_DEBUG("%s %s: iter matched on %s", dev->id, dev->name, try->name);
- *matched = try;
+ if (predicate(dev, check, data)) {
+ VIR_DEBUG("%s %s: iter matched on %s", dev->id, dev->name, check->name);
+ *matched = check;
break;
}
- pciFreeDevice(conn, try);
+ pciFreeDevice(conn, check);
}
closedir(dir);
return ret;
@@ -374,63 +376,70 @@ pciDetectPowerManagementReset(pciDevice *dev)
return 0;
}
-/* Any devices other than the one supplied on the same domain/bus ? */
+/* Any active devices other than the one supplied on the same domain/bus ? */
static int
-pciSharesBus(pciDevice *a, pciDevice *b)
+pciSharesBusWithActive(pciDevice *dev, pciDevice *check, void *data)
{
- return
- a->domain == b->domain &&
- a->bus == b->bus &&
- (a->slot != b->slot ||
- a->function != b->function);
-}
+ pciDeviceList *activeDevs = data;
-static int
-pciBusContainsOtherDevices(virConnectPtr conn, pciDevice *dev)
-{
- pciDevice *matched = NULL;
- if (pciIterDevices(conn, pciSharesBus, dev, &matched) < 0)
- return 1;
- if (!matched)
+ if (dev->domain != check->domain ||
+ dev->bus != check->bus ||
+ (check->slot == check->slot &&
+ check->function == check->function))
+ return 0;
+
+ if (activeDevs && !pciDeviceListFind(activeDevs, check))
return 0;
- pciFreeDevice(conn, matched);
+
return 1;
}
-/* Is @a the parent of @b ? */
+static pciDevice *
+pciBusContainsActiveDevices(virConnectPtr conn,
+ pciDevice *dev,
+ pciDeviceList *activeDevs)
+{
+ pciDevice *active = NULL;
+ if (pciIterDevices(conn, pciSharesBusWithActive,
+ dev, &active, activeDevs) < 0)
+ return NULL;
+ return active;
+}
+
+/* Is @check the parent of @dev ? */
static int
-pciIsParent(pciDevice *a, pciDevice *b)
+pciIsParent(pciDevice *dev, pciDevice *check, void *data ATTRIBUTE_UNUSED)
{
uint16_t device_class;
uint8_t header_type, secondary, subordinate;
- if (a->domain != b->domain)
+ if (dev->domain != check->domain)
return 0;
/* Is it a bridge? */
- device_class = pciRead16(a, PCI_CLASS_DEVICE);
+ device_class = pciRead16(check, PCI_CLASS_DEVICE);
if (device_class != PCI_CLASS_BRIDGE_PCI)
return 0;
/* Is it a plane? */
- header_type = pciRead8(a, PCI_HEADER_TYPE);
+ header_type = pciRead8(check, PCI_HEADER_TYPE);
if ((header_type & PCI_HEADER_TYPE_MASK) != PCI_HEADER_TYPE_BRIDGE)
return 0;
- secondary = pciRead8(a, PCI_SECONDARY_BUS);
- subordinate = pciRead8(a, PCI_SUBORDINATE_BUS);
+ secondary = pciRead8(check, PCI_SECONDARY_BUS);
+ subordinate = pciRead8(check, PCI_SUBORDINATE_BUS);
- VIR_DEBUG("%s %s: found parent device %s\n", b->id, b->name, a->name);
+ VIR_DEBUG("%s %s: found parent device %s\n", dev->id, dev->name, check->name);
/* No, it's superman! */
- return (b->bus >= secondary && b->bus <= subordinate);
+ return (dev->bus >= secondary && dev->bus <= subordinate);
}
static pciDevice *
pciGetParentDevice(virConnectPtr conn, pciDevice *dev)
{
pciDevice *parent = NULL;
- pciIterDevices(conn, pciIsParent, dev, &parent);
+ pciIterDevices(conn, pciIsParent, dev, &parent, NULL);
return parent;
}
@@ -438,9 +447,11 @@ pciGetParentDevice(virConnectPtr conn, pciDevice *dev)
* devices behind a bus.
*/
static int
-pciTrySecondaryBusReset(virConnectPtr conn, pciDevice *dev)
+pciTrySecondaryBusReset(virConnectPtr conn,
+ pciDevice *dev,
+ pciDeviceList *activeDevs)
{
- pciDevice *parent;
+ pciDevice *parent, *conflict;
uint8_t config_space[PCI_CONF_LEN];
uint16_t ctl;
int ret = -1;
@@ -450,10 +461,10 @@ pciTrySecondaryBusReset(virConnectPtr conn, pciDevice *dev)
* In future, we could allow it so long as those devices
* are not in use by the host or other guests.
*/
- if (pciBusContainsOtherDevices(conn, dev)) {
+ if ((conflict = pciBusContainsActiveDevices(conn, dev, activeDevs))) {
pciReportError(conn, VIR_ERR_NO_SUPPORT,
- _("Other devices on bus with %s, not doing bus reset"),
- dev->name);
+ _("Active %s devices on bus with %s, not doing bus reset"),
+ conflict->name, dev->name);
return -1;
}
@@ -567,10 +578,18 @@ pciInitDevice(virConnectPtr conn, pciDevice *dev)
}
int
-pciResetDevice(virConnectPtr conn, pciDevice *dev)
+pciResetDevice(virConnectPtr conn,
+ pciDevice *dev,
+ pciDeviceList *activeDevs)
{
int ret = -1;
+ if (activeDevs && pciDeviceListFind(activeDevs, dev)) {
+ pciReportError(conn, VIR_ERR_INTERNAL_ERROR,
+ _("Not resetting active device %s"), dev->name);
+ return -1;
+ }
+
if (!dev->initted && pciInitDevice(conn, dev) < 0)
return -1;
@@ -589,7 +608,7 @@ pciResetDevice(virConnectPtr conn, pciDevice *dev)
/* Bus reset is not an option with the root bus */
if (ret < 0 && dev->bus != 0)
- ret = pciTrySecondaryBusReset(conn, dev);
+ ret = pciTrySecondaryBusReset(conn, dev, activeDevs);
if (ret < 0) {
virErrorPtr err = virGetLastError();
@@ -885,8 +904,116 @@ pciGetDevice(virConnectPtr conn,
void
pciFreeDevice(virConnectPtr conn ATTRIBUTE_UNUSED, pciDevice *dev)
{
+ if (!dev)
+ return;
VIR_DEBUG("%s %s: freeing", dev->id, dev->name);
if (dev->fd >= 0)
close(dev->fd);
VIR_FREE(dev);
}
+
+void pciDeviceSetManaged(pciDevice *dev, unsigned managed)
+{
+ dev->managed = !!managed;
+}
+
+unsigned pciDeviceGetManaged(pciDevice *dev)
+{
+ return dev->managed;
+}
+
+pciDeviceList *
+pciDeviceListNew(virConnectPtr conn)
+{
+ pciDeviceList *list;
+
+ if (VIR_ALLOC(list) < 0) {
+ virReportOOMError(conn);
+ return NULL;
+ }
+
+ return list;
+}
+
+void
+pciDeviceListFree(virConnectPtr conn,
+ pciDeviceList *list)
+{
+ int i;
+
+ if (!list)
+ return;
+
+ for (i = 0; i < list->count; i++) {
+ pciFreeDevice(conn, list->devs[i]);
+ list->devs[i] = NULL;
+ }
+
+ list->count = 0;
+ VIR_FREE(list->devs);
+ VIR_FREE(list);
+}
+
+int
+pciDeviceListAdd(virConnectPtr conn,
+ pciDeviceList *list,
+ pciDevice *dev)
+{
+ if (pciDeviceListFind(list, dev)) {
+ pciReportError(conn, VIR_ERR_INTERNAL_ERROR,
+ _("Device %s is already in use"), dev->name);
+ return -1;
+ }
+
+ if (VIR_REALLOC_N(list->devs, list->count+1) < 0) {
+ virReportOOMError(conn);
+ return -1;
+ }
+
+ list->devs[list->count++] = dev;
+
+ return 0;
+}
+
+void
+pciDeviceListDel(virConnectPtr conn ATTRIBUTE_UNUSED,
+ pciDeviceList *list,
+ pciDevice *dev)
+{
+ int i;
+
+ for (i = 0; i < list->count; i++) {
+ if (list->devs[i]->domain != dev->domain ||
+ list->devs[i]->bus != dev->bus ||
+ list->devs[i]->slot != dev->slot ||
+ list->devs[i]->function != dev->function)
+ continue;
+
+ pciFreeDevice(conn, list->devs[i]);
+
+ if (i != --list->count)
+ memmove(&list->devs[i],
+ &list->devs[i+1],
+ sizeof(*list->devs) * (list->count-i));
+
+ if (VIR_REALLOC_N(list->devs, list->count) < 0) {
+ ; /* not fatal */
+ }
+
+ break;
+ }
+}
+
+pciDevice *
+pciDeviceListFind(pciDeviceList *list, pciDevice *dev)
+{
+ int i;
+
+ for (i = 0; i < list->count; i++)
+ if (list->devs[i]->domain == dev->domain &&
+ list->devs[i]->bus == dev->bus &&
+ list->devs[i]->slot == dev->slot &&
+ list->devs[i]->function == dev->function)
+ return list->devs[i];
+ return NULL;
+}
diff --git a/src/pci.h b/src/pci.h
index 47882ef..685b0af 100644
--- a/src/pci.h
+++ b/src/pci.h
@@ -27,6 +27,11 @@
typedef struct _pciDevice pciDevice;
+typedef struct {
+ unsigned count;
+ pciDevice **devs;
+} pciDeviceList;
+
pciDevice *pciGetDevice (virConnectPtr conn,
unsigned domain,
unsigned bus,
@@ -39,6 +44,22 @@ int pciDettachDevice (virConnectPtr conn,
int pciReAttachDevice (virConnectPtr conn,
pciDevice *dev);
int pciResetDevice (virConnectPtr conn,
- pciDevice *dev);
+ pciDevice *dev,
+ pciDeviceList *activeDevs);
+void pciDeviceSetManaged(pciDevice *dev,
+ unsigned managed);
+unsigned pciDeviceGetManaged(pciDevice *dev);
+
+pciDeviceList *pciDeviceListNew (virConnectPtr conn);
+void pciDeviceListFree (virConnectPtr conn,
+ pciDeviceList *list);
+int pciDeviceListAdd (virConnectPtr conn,
+ pciDeviceList *list,
+ pciDevice *dev);
+void pciDeviceListDel (virConnectPtr conn,
+ pciDeviceList *list,
+ pciDevice *dev);
+pciDevice * pciDeviceListFind (pciDeviceList *list,
+ pciDevice *dev);
#endif /* __VIR_PCI_H__ */
diff --git a/src/qemu_conf.h b/src/qemu_conf.h
index 70fe9c8..cde326d 100644
--- a/src/qemu_conf.h
+++ b/src/qemu_conf.h
@@ -34,6 +34,7 @@
#include "domain_event.h"
#include "threads.h"
#include "security.h"
+#include "pci.h"
#define qemudDebug(fmt, ...) do {} while(0)
@@ -90,6 +91,8 @@ struct qemud_driver {
char *securityDriverName;
virSecurityDriverPtr securityDriver;
+
+ pciDeviceList *activePciHostdevs;
};
/* Status needed to reconenct to running VMs */
diff --git a/src/qemu_driver.c b/src/qemu_driver.c
index 9f87d2a..7dbf4a2 100644
--- a/src/qemu_driver.c
+++ b/src/qemu_driver.c
@@ -126,6 +126,9 @@ static int qemudDomainSetMemoryBalloon(virConnectPtr conn,
virDomainObjPtr vm,
unsigned long newmem);
+static int qemuUpdateActivePciHostdevs(struct qemud_driver *driver,
+ virDomainDefPtr def);
+
static struct qemud_driver *qemu_driver = NULL;
@@ -334,6 +337,10 @@ qemudReconnectVMs(struct qemud_driver *driver)
if ((vm->logfile = qemudLogFD(NULL, driver->logDir, vm->def->name)) < 0)
goto next_error;
+ if (qemuUpdateActivePciHostdevs(driver, vm->def) < 0) {
+ goto next_error;
+ }
+
if (vm->def->id >= driver->nextvmid)
driver->nextvmid = vm->def->id + 1;
@@ -515,6 +522,9 @@ qemudStartup(void) {
if ((qemu_driver->caps = qemudCapsInit()) == NULL)
goto out_of_memory;
+ if ((qemu_driver->activePciHostdevs = pciDeviceListNew(NULL)) == NULL)
+ goto error;
+
if (qemudLoadDriverConfig(qemu_driver, driverConf) < 0) {
goto error;
}
@@ -627,6 +637,7 @@ qemudShutdown(void) {
return -1;
qemuDriverLock(qemu_driver);
+ pciDeviceListFree(NULL, qemu_driver->activePciHostdevs);
virCapabilitiesFree(qemu_driver->caps);
virDomainObjListFree(&qemu_driver->domains);
@@ -1209,48 +1220,16 @@ static int qemudNextFreeVNCPort(struct qemud_driver *driver ATTRIBUTE_UNUSED) {
return -1;
}
-static int qemuPrepareHostDevices(virConnectPtr conn,
- virDomainDefPtr def) {
+static pciDeviceList *
+qemuGetPciHostDeviceList(virConnectPtr conn,
+ virDomainDefPtr def)
+{
+ pciDeviceList *list;
int i;
- /* We have to use 2 loops here. *All* devices must
- * be detached before we reset any of them, because
- * in some cases you have to reset the whole PCI,
- * which impacts all devices on it
- */
-
- for (i = 0 ; i < def->nhostdevs ; i++) {
- virDomainHostdevDefPtr hostdev = def->hostdevs[i];
-
- if (hostdev->mode != VIR_DOMAIN_HOSTDEV_MODE_SUBSYS)
- continue;
- if (hostdev->source.subsys.type != VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI)
- continue;
-
- if (hostdev->managed) {
- pciDevice *dev = pciGetDevice(conn,
- hostdev->source.subsys.u.pci.domain,
- hostdev->source.subsys.u.pci.bus,
- hostdev->source.subsys.u.pci.slot,
- hostdev->source.subsys.u.pci.function);
- if (!dev)
- goto error;
-
- if (pciDettachDevice(conn, dev) < 0) {
- pciFreeDevice(conn, dev);
- goto error;
- }
-
- pciFreeDevice(conn, dev);
- } /* else {
- XXX validate that non-managed device isn't in use, eg
- by checking that device is either un-bound, or bound
- to pci-stub.ko
- } */
- }
+ if (!(list = pciDeviceListNew(conn)))
+ return NULL;
- /* Now that all the PCI hostdevs have be dettached, we can safely
- * reset them */
for (i = 0 ; i < def->nhostdevs ; i++) {
virDomainHostdevDefPtr hostdev = def->hostdevs[i];
pciDevice *dev;
@@ -1265,95 +1244,151 @@ static int qemuPrepareHostDevices(virConnectPtr conn,
hostdev->source.subsys.u.pci.bus,
hostdev->source.subsys.u.pci.slot,
hostdev->source.subsys.u.pci.function);
- if (!dev)
- goto error;
+ if (!dev) {
+ pciDeviceListFree(conn, list);
+ return NULL;
+ }
- if (pciResetDevice(conn, dev) < 0) {
+ if (pciDeviceListAdd(conn, list, dev) < 0) {
pciFreeDevice(conn, dev);
- goto error;
+ pciDeviceListFree(conn, list);
+ return NULL;
}
- pciFreeDevice(conn, dev);
+ pciDeviceSetManaged(dev, hostdev->managed);
}
- return 0;
+ return list;
+}
-error:
- return -1;
+static int
+qemuUpdateActivePciHostdevs(struct qemud_driver *driver,
+ virDomainDefPtr def)
+{
+ pciDeviceList *pcidevs;
+ int i, ret;
+
+ if (!def->nhostdevs)
+ return 0;
+
+ if (!(pcidevs = qemuGetPciHostDeviceList(NULL, def)))
+ return -1;
+
+ ret = 0;
+
+ for (i = 0; i < pcidevs->count; i++) {
+ if (pciDeviceListAdd(NULL,
+ driver->activePciHostdevs,
+ pcidevs->devs[i]) < 0) {
+ ret = -1;
+ break;
+ }
+ pcidevs->devs[i] = NULL;
+ }
+
+ pciDeviceListFree(NULL, pcidevs);
+ return ret;
}
-static void
-qemuDomainReAttachHostDevices(virConnectPtr conn, virDomainDefPtr def)
+static int
+qemuPrepareHostDevices(virConnectPtr conn,
+ struct qemud_driver *driver,
+ virDomainDefPtr def)
{
+ pciDeviceList *pcidevs;
int i;
- /* Again 2 loops; reset all the devices before re-attach */
+ if (!def->nhostdevs)
+ return 0;
- for (i = 0 ; i < def->nhostdevs ; i++) {
- virDomainHostdevDefPtr hostdev = def->hostdevs[i];
- pciDevice *dev;
+ if (!(pcidevs = qemuGetPciHostDeviceList(conn, def)))
+ return -1;
- if (hostdev->mode != VIR_DOMAIN_HOSTDEV_MODE_SUBSYS)
- continue;
- if (hostdev->source.subsys.type != VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI)
- continue;
+ /* We have to use 3 loops here. *All* devices must
+ * be detached before we reset any of them, because
+ * in some cases you have to reset the whole PCI,
+ * which impacts all devices on it. Also, all devices
+ * must be reset before being marked as active.
+ */
- dev = pciGetDevice(conn,
- hostdev->source.subsys.u.pci.domain,
- hostdev->source.subsys.u.pci.bus,
- hostdev->source.subsys.u.pci.slot,
- hostdev->source.subsys.u.pci.function);
- if (!dev) {
- virErrorPtr err = virGetLastError();
- VIR_ERROR(_("Failed to allocate pciDevice: %s\n"),
- err ? err->message : "");
- virResetError(err);
- continue;
- }
+ /* XXX validate that non-managed device isn't in use, eg
+ * by checking that device is either un-bound, or bound
+ * to pci-stub.ko
+ */
- if (pciResetDevice(conn, dev) < 0) {
- virErrorPtr err = virGetLastError();
- VIR_ERROR(_("Failed to reset PCI device: %s\n"),
- err ? err->message : "");
- virResetError(err);
- }
+ for (i = 0; i < pcidevs->count; i++)
+ if (pciDeviceGetManaged(pcidevs->devs[i]) &&
+ pciDettachDevice(conn, pcidevs->devs[i]) < 0)
+ goto error;
+
+ /* Now that all the PCI hostdevs have be dettached, we can safely
+ * reset them */
+ for (i = 0; i < pcidevs->count; i++)
+ if (pciResetDevice(conn, pcidevs->devs[i],
+ driver->activePciHostdevs) < 0)
+ goto error;
- pciFreeDevice(conn, dev);
+ /* Now mark all the devices as active */
+ for (i = 0; i < pcidevs->count; i++) {
+ if (pciDeviceListAdd(conn,
+ driver->activePciHostdevs,
+ pcidevs->devs[i]) < 0)
+ goto error;
+ pcidevs->devs[i] = NULL;
}
- for (i = 0 ; i < def->nhostdevs ; i++) {
- virDomainHostdevDefPtr hostdev = def->hostdevs[i];
- pciDevice *dev;
+ pciDeviceListFree(conn, pcidevs);
+ return 0;
- if (hostdev->mode != VIR_DOMAIN_HOSTDEV_MODE_SUBSYS)
- continue;
- if (hostdev->source.subsys.type != VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI)
- continue;
- if (!hostdev->managed)
- continue;
+error:
+ pciDeviceListFree(conn, pcidevs);
+ return -1;
+}
- dev = pciGetDevice(conn,
- hostdev->source.subsys.u.pci.domain,
- hostdev->source.subsys.u.pci.bus,
- hostdev->source.subsys.u.pci.slot,
- hostdev->source.subsys.u.pci.function);
- if (!dev) {
+static void
+qemuDomainReAttachHostDevices(virConnectPtr conn,
+ struct qemud_driver *driver,
+ virDomainDefPtr def)
+{
+ pciDeviceList *pcidevs;
+ int i;
+
+ if (!def->nhostdevs)
+ return;
+
+ if (!(pcidevs = qemuGetPciHostDeviceList(conn, def))) {
+ virErrorPtr err = virGetLastError();
+ VIR_ERROR(_("Failed to allocate pciDeviceList: %s\n"),
+ err ? err->message : "");
+ virResetError(err);
+ return;
+ }
+
+ /* Again 3 loops; mark all devices as inactive before reset
+ * them and reset all the devices before re-attach */
+
+ for (i = 0; i < pcidevs->count; i++)
+ pciDeviceListDel(conn, driver->activePciHostdevs, pcidevs->devs[i]);
+
+ for (i = 0; i < pcidevs->count; i++)
+ if (pciResetDevice(conn, pcidevs->devs[i],
+ driver->activePciHostdevs) < 0) {
virErrorPtr err = virGetLastError();
- VIR_ERROR(_("Failed to allocate pciDevice: %s\n"),
+ VIR_ERROR(_("Failed to reset PCI device: %s\n"),
err ? err->message : "");
virResetError(err);
- continue;
}
- if (pciReAttachDevice(conn, dev) < 0) {
+ for (i = 0; i < pcidevs->count; i++)
+ if (pciDeviceGetManaged(pcidevs->devs[i]) &&
+ pciReAttachDevice(conn, pcidevs->devs[i]) < 0) {
virErrorPtr err = virGetLastError();
VIR_ERROR(_("Failed to re-attach PCI device: %s\n"),
err ? err->message : "");
virResetError(err);
}
- pciFreeDevice(conn, dev);
- }
+ pciDeviceListFree(conn, pcidevs);
}
static int qemudDomainSetSecurityLabel(virConnectPtr conn, struct qemud_driver *driver, virDomainObjPtr vm)
@@ -1468,7 +1503,7 @@ static int qemudStartVMDaemon(virConnectPtr conn,
&qemuCmdFlags) < 0)
goto cleanup;
- if (qemuPrepareHostDevices(conn, vm->def) < 0)
+ if (qemuPrepareHostDevices(conn, driver, vm->def) < 0)
goto cleanup;
vm->def->id = driver->nextvmid++;
@@ -1634,7 +1669,7 @@ static void qemudShutdownVMDaemon(virConnectPtr conn ATTRIBUTE_UNUSED,
VIR_FREE(vm->def->seclabel.imagelabel);
}
- qemuDomainReAttachHostDevices(conn, vm->def);
+ qemuDomainReAttachHostDevices(conn, driver, vm->def);
if (qemudRemoveDomainStatus(conn, driver, vm) < 0) {
VIR_WARN(_("Failed to remove domain status for %s"),
@@ -5247,6 +5282,7 @@ out:
static int
qemudNodeDeviceReset (virNodeDevicePtr dev)
{
+ struct qemud_driver *driver = dev->conn->privateData;
pciDevice *pci;
unsigned domain, bus, slot, function;
int ret = -1;
@@ -5258,11 +5294,14 @@ qemudNodeDeviceReset (virNodeDevicePtr dev)
if (!pci)
return -1;
- if (pciResetDevice(dev->conn, pci) < 0)
+ qemuDriverLock(driver);
+
+ if (pciResetDevice(dev->conn, pci, driver->activePciHostdevs) < 0)
goto out;
ret = 0;
out:
+ qemuDriverUnlock(driver);
pciFreeDevice(dev->conn, pci);
return ret;
}
diff --git a/src/xen_unified.c b/src/xen_unified.c
index e708980..ba8c769 100644
--- a/src/xen_unified.c
+++ b/src/xen_unified.c
@@ -1529,7 +1529,7 @@ xenUnifiedNodeDeviceReset (virNodeDevicePtr dev)
if (!pci)
return -1;
- if (pciResetDevice(dev->conn, pci) < 0)
+ if (pciResetDevice(dev->conn, pci, NULL) < 0)
goto out;
ret = 0;
--
1.6.2.5

121
libvirt-allow-pm-reset-on-multi-function-pci-devices.patch
View File

@@ -1,121 +0,0 @@
From d79f35fbd4eaf610972621b042993d00f3247d5c Mon Sep 17 00:00:00 2001
From: Mark McLoughlin <markmc@redhat.com>
Date: Fri, 14 Aug 2009 08:31:11 +0100
Subject: [PATCH] Allow PM reset on multi-function PCI devices
https://bugzilla.redhat.com/515689
It turns out that a PCI Power Management reset only affects individual
functions, and not the whole device.
The PCI Power Management spec talks about resetting the 'device' rather
than the 'function', but Intel's Dexuan Cui informs me that it is
actually a per-function reset.
Also, Yu Zhao has added pci_pm_reset() to the kernel, and it doesn't
reject multi-function devices, so it must be true! :-)
(A side issue is that we could defer the PM reset to the kernel if we
could detect that the kernel has PM reset support, but barring version
number checks we don't have a way to detect that support)
* src/pci.c: remove the pciDeviceContainsOtherFunctions() check from
pciTryPowerManagementReset() and prefer PM reset over bus reset
where both are available
Cc: Cui, Dexuan <dexuan.cui@intel.com>
Cc: Yu Zhao <yu.zhao@intel.com>
(cherry picked from commit 64a6682b93a2a8aa38067a43979c9eaf993d2b41)
Fedora-patch: libvirt-allow-pm-reset-on-multi-function-pci-devices.patch
---
src/pci.c | 48 +++++++++---------------------------------------
1 files changed, 9 insertions(+), 39 deletions(-)
diff --git a/src/pci.c b/src/pci.c
index 68a380d..f78ab9f 100644
--- a/src/pci.c
+++ b/src/pci.c
@@ -397,29 +397,6 @@ pciBusContainsOtherDevices(virConnectPtr conn, pciDevice *dev)
return 1;
}
-/* Any other functions on this device ? */
-static int
-pciSharesDevice(pciDevice *a, pciDevice *b)
-{
- return
- a->domain == b->domain &&
- a->bus == b->bus &&
- a->slot == b->slot &&
- a->function != b->function;
-}
-
-static int
-pciDeviceContainsOtherFunctions(virConnectPtr conn, pciDevice *dev)
-{
- pciDevice *matched = NULL;
- if (pciIterDevices(conn, pciSharesDevice, dev, &matched) < 0)
- return 1;
- if (!matched)
- return 0;
- pciFreeDevice(conn, matched);
- return 1;
-}
-
/* Is @a the parent of @b ? */
static int
pciIsParent(pciDevice *a, pciDevice *b)
@@ -524,7 +501,7 @@ out:
* above we require the device supports a full internal reset.
*/
static int
-pciTryPowerManagementReset(virConnectPtr conn, pciDevice *dev)
+pciTryPowerManagementReset(virConnectPtr conn ATTRIBUTE_UNUSED, pciDevice *dev)
{
uint8_t config_space[PCI_CONF_LEN];
uint32_t ctl;
@@ -532,16 +509,6 @@ pciTryPowerManagementReset(virConnectPtr conn, pciDevice *dev)
if (!dev->pci_pm_cap_pos)
return -1;
- /* For now, we just refuse to do a power management reset
- * if there are other functions on this device.
- * In future, we could allow it so long as those functions
- * are not in use by the host or other guests.
- */
- if (pciDeviceContainsOtherFunctions(conn, dev)) {
- VIR_WARN("%s contains other functions, not resetting", dev->name);
- return -1;
- }
-
/* Save and restore the device's config space. */
if (pciRead(dev, 0, &config_space[0], PCI_CONF_LEN) < 0) {
VIR_WARN("Failed to save PCI config space for %s", dev->name);
@@ -599,14 +566,17 @@ pciResetDevice(virConnectPtr conn, pciDevice *dev)
if (dev->has_flr)
return 0;
+ /* If the device supports PCI power management reset,
+ * that's the next best thing because it only resets
+ * the function, not the whole device.
+ */
+ if (dev->has_pm_reset)
+ ret = pciTryPowerManagementReset(conn, dev);
+
/* Bus reset is not an option with the root bus */
- if (dev->bus != 0)
+ if (ret < 0 && dev->bus != 0)
ret = pciTrySecondaryBusReset(conn, dev);
- /* Next best option is a PCI power management reset */
- if (ret < 0 && dev->has_pm_reset)
- ret = pciTryPowerManagementReset(conn, dev);
-
if (ret < 0)
pciReportError(conn, VIR_ERR_NO_SUPPORT,
_("No PCI reset capability available for %s"),
--
1.6.2.5

31
libvirt-do-not-overwrite-error-in-wait-for-monitor.patch
View File

@@ -1,31 +0,0 @@
From 1319852c443c432d44a2e73508f3be742027f780 Mon Sep 17 00:00:00 2001
From: Mark McLoughlin <markmc@redhat.com>
Date: Wed, 19 Aug 2009 11:28:02 +0100
Subject: [PATCH] Don't overwrite error in qemudWaitForMonitor()
May help diagnose https://bugzilla.redhat.com/515054
Fedora-patch: libvirt-do-not-overwrite-error-in-wait-for-monitor.patch
---
src/qemu_driver.c | 5 +++--
1 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/src/qemu_driver.c b/src/qemu_driver.c
index dfd19c5..74e106a 100644
--- a/src/qemu_driver.c
+++ b/src/qemu_driver.c
@@ -985,8 +985,9 @@ static int qemudWaitForMonitor(virConnectPtr conn,
return 0;
/* Unexpected end of file - inform user of QEMU log data */
- qemudReportError(conn, NULL, NULL, VIR_ERR_INTERNAL_ERROR,
- _("unable to start guest: %s"), buf);
+ if (!virGetLastError())
+ qemudReportError(conn, NULL, NULL, VIR_ERR_INTERNAL_ERROR,
+ _("unable to start guest: %s"), buf);
return -1;
}
--
1.6.2.5

53
libvirt-fix-device-list-update-after-detach.patch
View File

@@ -1,53 +0,0 @@
From 2754da03d65f216271c81ece791b96a19272c812 Mon Sep 17 00:00:00 2001
From: Mark McLoughlin <markmc@redhat.com>
Date: Sat, 15 Aug 2009 19:38:15 +0100
Subject: [PATCH] Fix list updating after disk hot-unplug
The current code makes a poor effort at updating the device arrays after
hot-unplug. Fix that and combine the two code paths into one.
* src/qemu_driver.c: fix list updating in qemudDomainDetachPciDiskDevice()
(cherry picked from commit 4e12af5623e4a962a6bb911af06fa29aa85befba)
Fedora-patch: libvirt-fix-device-list-update-after-detach.patch
---
src/qemu_driver.c | 21 ++++++++++-----------
1 files changed, 10 insertions(+), 11 deletions(-)
diff --git a/src/qemu_driver.c b/src/qemu_driver.c
index dfd19c5..ce04beb 100644
--- a/src/qemu_driver.c
+++ b/src/qemu_driver.c
@@ -4123,18 +4123,17 @@ try_command:
goto cleanup;
}
- if (vm->def->ndisks > 1) {
- vm->def->disks[i] = vm->def->disks[--vm->def->ndisks];
- if (VIR_REALLOC_N(vm->def->disks, vm->def->ndisks) < 0) {
- virReportOOMError(conn);
- goto cleanup;
- }
- qsort(vm->def->disks, vm->def->ndisks, sizeof(*vm->def->disks),
- virDomainDiskQSort);
- } else {
- VIR_FREE(vm->def->disks[0]);
- vm->def->ndisks = 0;
+ if (i != --vm->def->ndisks)
+ memmove(&vm->def->disks[i],
+ &vm->def->disks[i+1],
+ sizeof(*vm->def->disks) * (vm->def->ndisks-i));
+ if (VIR_REALLOC_N(vm->def->disks, vm->def->ndisks) < 0) {
+ virReportOOMError(conn);
+ goto cleanup;
}
+ qsort(vm->def->disks, vm->def->ndisks, sizeof(*vm->def->disks),
+ virDomainDiskQSort);
+
ret = 0;
cleanup:
--
1.6.2.5

45
libvirt-fix-migration-completion-with-newer-qemu.patch
View File

@@ -1,45 +0,0 @@
From 21ef933dfdd64c754d184d41d87ecd94eaddf697 Mon Sep 17 00:00:00 2001
From: Chris Lalancette <clalance@redhat.com>
Date: Wed, 5 Aug 2009 13:42:07 +0200
Subject: [PATCH] Run 'cont' on successful migration finish.
https://bugzilla.redhat.com/516187
As of qemu 0.10.6, qemu now honors the -S flag on incoming migration.
That means that when the migration completes, we have to issue a
'cont' command to get the VM running again. We do it unconditionally
since it won't hurt on older qemu.
(cherry picked from commit d1ec4d7a5a4f50c9492137eaab4f021caa075f95)
Fedora-patch: libvirt-fix-migration-completion-with-newer-qemu.patch
---
src/qemu_driver.c | 11 +++++++++++
1 files changed, 11 insertions(+), 0 deletions(-)
diff --git a/src/qemu_driver.c b/src/qemu_driver.c
index 7dbf4a2..ff56f61 100644
--- a/src/qemu_driver.c
+++ b/src/qemu_driver.c
@@ -5162,7 +5162,18 @@ qemudDomainMigrateFinish2 (virConnectPtr dconn,
*/
if (retcode == 0) {
dom = virGetDomain (dconn, vm->def->name, vm->def->uuid);
+
+ /* run 'cont' on the destination, which allows migration on qemu
+ * >= 0.10.6 to work properly. This isn't strictly necessary on
+ * older qemu's, but it also doesn't hurt anything there
+ */
+ if (qemudMonitorCommand(vm, "cont", &info) < 0) {
+ qemudReportError(dconn, NULL, NULL, VIR_ERR_INTERNAL_ERROR,
+ "%s", _("resume operation failed"));
+ goto cleanup;
+ }
VIR_FREE(info);
+
vm->state = VIR_DOMAIN_RUNNING;
event = virDomainEventNewFromObj(vm,
VIR_DOMAIN_EVENT_RESUMED,
--
1.6.2.5

38
libvirt-fix-xen-driver-segfault-with-newer-xen.patch
View File

@@ -1,38 +0,0 @@
From 0878a15ad937449b5dfc4cf49888cc7753473e33 Mon Sep 17 00:00:00 2001
From: Daniel Veillard <veillard@redhat.com>
Date: Fri, 26 Jun 2009 18:14:16 +0000
Subject: [PATCH] Fix xen driver segfault with newer Xen
https://bugzilla.redhat.com/518091
(cherry picked from commit 14435163a086c0bcdff04308077fa46a5fa08bb0)
Fedora-patch: libvirt-fix-xen-driver-segfault-with-newer-xen.patch
---
src/xend_internal.c | 10 +++++++++-
1 files changed, 9 insertions(+), 1 deletions(-)
diff --git a/src/xend_internal.c b/src/xend_internal.c
index 2e2fd21..c3a9836 100644
--- a/src/xend_internal.c
+++ b/src/xend_internal.c
@@ -2077,7 +2077,15 @@ xenDaemonParseSxprGraphicsNew(virConnectPtr conn,
if (sexpr_lookup(node, "device/vfb")) {
/* New style graphics config for PV guests in >= 3.0.4,
* or for HVM guests in >= 3.0.5 */
- tmp = sexpr_node(node, "device/vfb/type");
+ if (sexpr_node(node, "device/vfb/type")) {
+ tmp = sexpr_node(node, "device/vfb/type");
+ } else if (sexpr_node(node, "device/vfb/vnc")) {
+ tmp = "vnc";
+ } else if (sexpr_node(node, "device/vfb/sdl")) {
+ tmp = "sdl";
+ } else {
+ tmp = "unknown";
+ }
if (VIR_ALLOC(graphics) < 0)
goto no_memory;
--
1.6.2.5

141
libvirt-improve-pci-hostdev-reset-error-message.patch
View File

@@ -1,141 +0,0 @@
From 9f80bab3829b97ac2802c15b9f3e4a6bbbb24627 Mon Sep 17 00:00:00 2001
From: Mark McLoughlin <markmc@redhat.com>
Date: Fri, 14 Aug 2009 08:31:11 +0100
Subject: [PATCH] Improve PCI host device reset error message
https://bugzilla.redhat.com/499678
Currently, if we are unable to reset a PCI device we return a fairly
generic 'No PCI reset capability available' error message.
Fix that by returning an error from the individual reset messages and
using that error to construct the higher level error mesage.
* src/pci.c: set errors in pciTryPowerManagementReset() and
pciTrySecondaryBusReset() on failure; use those error messages
in pciResetDevice(), or explain that no reset support is available
(cherry picked from commit ebea34185612c3b96d7d3bbd8b7c2ce6c9f4fe6f)
Fedora-patch: libvirt-improve-pci-hostdev-reset-error-message.patch
---
src/pci.c | 44 +++++++++++++++++++++++++++++++-------------
src/qemu_driver.c | 4 ++--
2 files changed, 33 insertions(+), 15 deletions(-)
diff --git a/src/pci.c b/src/pci.c
index f78ab9f..1dddb08 100644
--- a/src/pci.c
+++ b/src/pci.c
@@ -451,15 +451,18 @@ pciTrySecondaryBusReset(virConnectPtr conn, pciDevice *dev)
* are not in use by the host or other guests.
*/
if (pciBusContainsOtherDevices(conn, dev)) {
- VIR_WARN("Other devices on bus with %s, not doing bus reset",
- dev->name);
+ pciReportError(conn, VIR_ERR_NO_SUPPORT,
+ _("Other devices on bus with %s, not doing bus reset"),
+ dev->name);
return -1;
}
/* Find the parent bus */
parent = pciGetParentDevice(conn, dev);
if (!parent) {
- VIR_WARN("Failed to find parent device for %s", dev->name);
+ pciReportError(conn, VIR_ERR_NO_SUPPORT,
+ _("Failed to find parent device for %s"),
+ dev->name);
return -1;
}
@@ -470,7 +473,9 @@ pciTrySecondaryBusReset(virConnectPtr conn, pciDevice *dev)
* are multiple devices/functions
*/
if (pciRead(dev, 0, config_space, PCI_CONF_LEN) < 0) {
- VIR_WARN("Failed to save PCI config space for %s", dev->name);
+ pciReportError(conn, VIR_ERR_NO_SUPPORT,
+ _("Failed to save PCI config space for %s"),
+ dev->name);
goto out;
}
@@ -487,9 +492,12 @@ pciTrySecondaryBusReset(virConnectPtr conn, pciDevice *dev)
usleep(200 * 1000); /* sleep 200ms */
- if (pciWrite(dev, 0, config_space, PCI_CONF_LEN) < 0)
- VIR_WARN("Failed to restore PCI config space for %s", dev->name);
-
+ if (pciWrite(dev, 0, config_space, PCI_CONF_LEN) < 0) {
+ pciReportError(conn, VIR_ERR_NO_SUPPORT,
+ _("Failed to restore PCI config space for %s"),
+ dev->name);
+ goto out;
+ }
ret = 0;
out:
pciFreeDevice(conn, parent);
@@ -511,7 +519,9 @@ pciTryPowerManagementReset(virConnectPtr conn ATTRIBUTE_UNUSED, pciDevice *dev)
/* Save and restore the device's config space. */
if (pciRead(dev, 0, &config_space[0], PCI_CONF_LEN) < 0) {
- VIR_WARN("Failed to save PCI config space for %s", dev->name);
+ pciReportError(conn, VIR_ERR_NO_SUPPORT,
+ _("Failed to save PCI config space for %s"),
+ dev->name);
return -1;
}
@@ -528,8 +538,12 @@ pciTryPowerManagementReset(virConnectPtr conn ATTRIBUTE_UNUSED, pciDevice *dev)
usleep(10 * 1000); /* sleep 10ms */
- if (pciWrite(dev, 0, &config_space[0], PCI_CONF_LEN) < 0)
- VIR_WARN("Failed to restore PCI config space for %s", dev->name);
+ if (pciWrite(dev, 0, &config_space[0], PCI_CONF_LEN) < 0) {
+ pciReportError(conn, VIR_ERR_NO_SUPPORT,
+ _("Failed to restore PCI config space for %s"),
+ dev->name);
+ return -1;
+ }
return 0;
}
@@ -577,10 +591,14 @@ pciResetDevice(virConnectPtr conn, pciDevice *dev)
if (ret < 0 && dev->bus != 0)
ret = pciTrySecondaryBusReset(conn, dev);
- if (ret < 0)
+ if (ret < 0) {
+ virErrorPtr err = virGetLastError();
pciReportError(conn, VIR_ERR_NO_SUPPORT,
- _("No PCI reset capability available for %s"),
- dev->name);
+ _("Unable to reset PCI device %s: %s"),
+ dev->name,
+ err ? err->message : _("no FLR, PM reset or bus reset available"));
+ }
+
return ret;
}
diff --git a/src/qemu_driver.c b/src/qemu_driver.c
index ddd3693..9f87d2a 100644
--- a/src/qemu_driver.c
+++ b/src/qemu_driver.c
@@ -1345,9 +1345,9 @@ qemuDomainReAttachHostDevices(virConnectPtr conn, virDomainDefPtr def)
continue;
}
- if (pciDettachDevice(conn, dev) < 0) {
+ if (pciReAttachDevice(conn, dev) < 0) {
virErrorPtr err = virGetLastError();
- VIR_ERROR(_("Failed to reset PCI device: %s\n"),
+ VIR_ERROR(_("Failed to re-attach PCI device: %s\n"),
err ? err->message : "");
virResetError(err);
}
--
1.6.2.5

124
libvirt-reattach-pci-hostdevs-after-guest-shutdown.patch
View File

@@ -1,124 +0,0 @@
From 1e44604c0d4c2d4c1347c2a1027f1ea02a6499f9 Mon Sep 17 00:00:00 2001
From: Mark McLoughlin <markmc@redhat.com>
Date: Fri, 14 Aug 2009 08:31:11 +0100
Subject: [PATCH] Reset and re-attach PCI host devices on guest shutdown
https://bugzilla.redhat.com/499561
When the guest shuts down, we should attempt to restore all PCI host
devices to a sane state.
In the case of managed hostdevs, we should reset and re-attach the
devices. In the case of unmanaged hostdevs, we should just reset them.
Note, KVM will already reset assigned devices when the guest shuts
down using whatever means it can, so we are only doing it to cover the
cases the kernel can't handle.
* src/qemu_driver.c: add qemuDomainReAttachHostDevices() and call
it from qemudShutdownVMDaemon()
(cherry picked from commit 4035152a8767e72fd4e26a91cb4d5afa75b72e61)
Fedora-patch: libvirt-reattach-pci-hostdevs-after-guest-shutdown.patch
---
src/qemu_driver.c | 76 +++++++++++++++++++++++++++++++++++++++++++++++++++++
1 files changed, 76 insertions(+), 0 deletions(-)
diff --git a/src/qemu_driver.c b/src/qemu_driver.c
index ce04beb..ddd3693 100644
--- a/src/qemu_driver.c
+++ b/src/qemu_driver.c
@@ -1282,6 +1282,80 @@ error:
return -1;
}
+static void
+qemuDomainReAttachHostDevices(virConnectPtr conn, virDomainDefPtr def)
+{
+ int i;
+
+ /* Again 2 loops; reset all the devices before re-attach */
+
+ for (i = 0 ; i < def->nhostdevs ; i++) {
+ virDomainHostdevDefPtr hostdev = def->hostdevs[i];
+ pciDevice *dev;
+
+ if (hostdev->mode != VIR_DOMAIN_HOSTDEV_MODE_SUBSYS)
+ continue;
+ if (hostdev->source.subsys.type != VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI)
+ continue;
+
+ dev = pciGetDevice(conn,
+ hostdev->source.subsys.u.pci.domain,
+ hostdev->source.subsys.u.pci.bus,
+ hostdev->source.subsys.u.pci.slot,
+ hostdev->source.subsys.u.pci.function);
+ if (!dev) {
+ virErrorPtr err = virGetLastError();
+ VIR_ERROR(_("Failed to allocate pciDevice: %s\n"),
+ err ? err->message : "");
+ virResetError(err);
+ continue;
+ }
+
+ if (pciResetDevice(conn, dev) < 0) {
+ virErrorPtr err = virGetLastError();
+ VIR_ERROR(_("Failed to reset PCI device: %s\n"),
+ err ? err->message : "");
+ virResetError(err);
+ }
+
+ pciFreeDevice(conn, dev);
+ }
+
+ for (i = 0 ; i < def->nhostdevs ; i++) {
+ virDomainHostdevDefPtr hostdev = def->hostdevs[i];
+ pciDevice *dev;
+
+ if (hostdev->mode != VIR_DOMAIN_HOSTDEV_MODE_SUBSYS)
+ continue;
+ if (hostdev->source.subsys.type != VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI)
+ continue;
+ if (!hostdev->managed)
+ continue;
+
+ dev = pciGetDevice(conn,
+ hostdev->source.subsys.u.pci.domain,
+ hostdev->source.subsys.u.pci.bus,
+ hostdev->source.subsys.u.pci.slot,
+ hostdev->source.subsys.u.pci.function);
+ if (!dev) {
+ virErrorPtr err = virGetLastError();
+ VIR_ERROR(_("Failed to allocate pciDevice: %s\n"),
+ err ? err->message : "");
+ virResetError(err);
+ continue;
+ }
+
+ if (pciDettachDevice(conn, dev) < 0) {
+ virErrorPtr err = virGetLastError();
+ VIR_ERROR(_("Failed to reset PCI device: %s\n"),
+ err ? err->message : "");
+ virResetError(err);
+ }
+
+ pciFreeDevice(conn, dev);
+ }
+}
+
static int qemudDomainSetSecurityLabel(virConnectPtr conn, struct qemud_driver *driver, virDomainObjPtr vm)
{
if (vm->def->seclabel.label != NULL)
@@ -1560,6 +1634,8 @@ static void qemudShutdownVMDaemon(virConnectPtr conn ATTRIBUTE_UNUSED,
VIR_FREE(vm->def->seclabel.imagelabel);
}
+ qemuDomainReAttachHostDevices(conn, vm->def);
+
if (qemudRemoveDomainStatus(conn, driver, vm) < 0) {
VIR_WARN(_("Failed to remove domain status for %s"),
vm->def->name);
--
1.6.2.5

1206
libvirt.spec
View File

File diff suppressed because it is too large Load Diff

2
sources
View File

@@ -1 +1 @@
3035b484861516a1cd425acef1e760e3 libvirt-0.6.2.tar.gz
14164638fe0e7f65e425acc85dabc517 libvirt-0.8.2.tar.gz