Re: [libvirt] [RFC PATCH 8/8] qemu: Set cpuset.mems even if the numatune mode is not strict

[Osier Yang]

On 09/05/13 18:23, Osier Yang wrote:

Missed the address, :\


[cC Hu Tao]

On 09/05/13 18:22, Osier Yang wrote:

When the numatune memory mode is not "strict", the cpuset.mems
inherits the parent's setting, which causes problem like:

% virsh dumpxml rhel6_local | grep interleave -2
   2
   
 
   
   

% cat /proc/3713/status | grep Mems_allowed_list
   Mems_allowed_list:0-3

% virsh numatune rhel6_local
   numa_mode  : interleave
   numa_nodeset   : 0-3

Though the domain process's memory binding is set with libnuma
after the cgroup setting.

The reason for only allowing "strict" mode in current code is the
cpuset.mems doesn't understand the memory policy modes (interleave,
prefered, strict), it actually equals to the "strict" mode ("strict"
means the allocation will fail if the memory cannot be allocated on
the target node. Default operation is to fall back to other nodes.
 From man numa(3)). However, writing the the cpuset.mems even if the
numatune memory mode is not strict should be better than the blind
inheritance anyway.

---
However, I'm not comfortable with the solution, since anyway the
modes except "strict" are not meaningful for cpuset.mems.

Another problem what I'm not sure about is: If the cpuset.cpus will
affect the libnuma setting? Assuming without this patch, domain
process's cpuset.mems will be set as '0-7' (8 NUMA nodes, each has 8
CPUs). And the numatune memory mode is "interleave", and libnuma set
the memory binding as "1-2". Even with this patch applied, setting
cpuset.mems as "1-2", any potential problem?

So this patch is mainly for raising up the problem, and to see if
guys have any opinions. @hutao, since these codes are from you, any
opinions/idea? Thanks.
---
  src/qemu/qemu_cgroup.c | 18 +-
  1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c
index 33eebd7..22fe25b 100644
--- a/src/qemu/qemu_cgroup.c
+++ b/src/qemu/qemu_cgroup.c
@@ -597,11 +597,9 @@ qemuSetupCpusetCgroup(virDomainObjPtr vm,
  if (!virCgroupHasController(priv->cgroup, 
VIR_CGROUP_CONTROLLER_CPUSET))

  return 0;
  -if ((vm->def->numatune.memory.nodemask ||
- (vm->def->numatune.memory.placement_mode ==
-  VIR_NUMA_TUNE_MEM_PLACEMENT_MODE_AUTO)) &&
-vm->def->numatune.memory.mode == 
VIR_DOMAIN_NUMATUNE_MEM_STRICT) {

-
+if (vm->def->numatune.memory.nodemask ||
+(vm->def->numatune.memory.placement_mode ==
+ VIR_NUMA_TUNE_MEM_PLACEMENT_MODE_AUTO)) {
  if (vm->def->numatune.memory.placement_mode ==
  VIR_NUMA_TUNE_MEM_PLACEMENT_MODE_AUTO)
  mem_mask = virBitmapFormat(nodemask);
@@ -614,6 +612,16 @@ qemuSetupCpusetCgroup(virDomainObjPtr vm,
  goto cleanup;
  }
  +if (vm->def->numatune.memory.mode ==
+VIR_DOMAIN_NUMATUNE_MEM_PREFERRED &&
+strlen(mem_mask) != 1) {
+virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+   _("NUMA memory tuning in 'preferred' mode "
+ "only supports single node"));
+goto cleanup;
+
+}
+
  rc = virCgroupSetCpusetMems(priv->cgroup, mem_mask);
if (rc != 0) {


--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list


--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] what does virDomainFree used for?

[Osier Yang]

On 10/05/13 11:42, yue wrote:

hi,all
 i see many virDomainFree, what does it do?

Free the domain object. Check virDomainFree's code and documentation
in src/libvirt.c


thanks
log--
2013-05-10 02:46:51.315+: 1968: debug : virDomainFree:2313 : 
dom=0x7fbf5c000aa0, (VM: name=longg, 
uuid=bad73975-ffbc-4ed7-a497-2ca0038c726a)
2013-05-10 02:46:56.319+: 1963: debug : 
virDomainInterfaceStats:7223 : dom=0x7fbf68010ad0, (VM: name=longg, 
uuid=bad73975-ffbc-4ed7-a497-2ca0038c726a), path=vnet0, 
stats=0x7fbf808f4b00, size=64
2013-05-10 02:46:56.319+: 1963: debug : virDomainFree:2313 : 
dom=0x7fbf68010ad0, (VM: name=longg, 
uuid=bad73975-ffbc-4ed7-a497-2ca0038c726a)





--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list


--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 2/2] util: move virFile* functions from virutil.c to virutil.h

[Osier Yang]

On 10/05/13 03:02, Laine Stump wrote:

s/virutil\.h/virfile\.c/,  in the patch subject.


These all existed before virfile.c was created, and for some reason
weren't moved.

This is mostly straightfoward, although the syntax rule prohibiting
write() had to be changed to have an exception for virfile.c instead
of virutil.c.

This movement pointed out that there is a function called
virBuildPath(), and another almost identical function called
virFileBuildPath(). They really should be a single function, which
I'll take care of as soon as I figure out what the arglist should look
like.
---
  cfg.mk   |2 +-
  src/esx/esx_driver.c |5 +-
  src/esx/esx_storage_backend_vmfs.c   |1 +
  src/libvirt.c|1 +
  src/libvirt_private.syms |   66 +-
  src/node_device/node_device_driver.c |3 +-
  src/node_device/node_device_udev.c   |1 +
  src/parallels/parallels_driver.c |1 +
  src/parallels/parallels_network.c|1 +
  src/parallels/parallels_storage.c|1 +
  src/rpc/virnetsshsession.c   |3 +-
  src/rpc/virnettlscontext.c   |1 +
  src/security/security_dac.c  |1 +
  src/storage/parthelper.c |3 +-
  src/storage/storage_backend_disk.c   |1 +
  src/util/virebtables.c   |1 +
  src/util/virfile.c   | 1448 +-
  src/util/virfile.h   |  121 ++-
  src/util/virhook.c   |2 +-
  src/util/viriptables.c   |1 +
  src/util/virkeyfile.c|3 +-
  src/util/virnetdevveth.c |3 +-
  src/util/virsysinfo.c|3 +-
  src/util/virusb.c|3 +-
  src/util/virutil.c   | 1603 ++
  src/util/virutil.h   |  111 ---
  src/vbox/vbox_XPCOMCGlue.c   |1 +
  src/vmx/vmx.c|1 +
  src/xen/xm_internal.c|1 +
  tests/eventtest.c|3 +-
  tests/libvirtdconftest.c |3 +-
  tests/securityselinuxtest.c  |1 +
  tests/virlockspacetest.c |3 +-
  tests/virportallocatortest.c |1 +
  tests/virstoragetest.c   |1 +
  tools/virsh-interface.c  |3 +-
  tools/virsh-network.c|3 +-
  tools/virsh-nodedev.c|1 +
  tools/virsh-nwfilter.c   |3 +-
  tools/virsh-pool.c   |3 +-
  tools/virsh-secret.c |3 +-
  tools/virsh-snapshot.c   |3 +-
  42 files changed, 1746 insertions(+), 1678 deletions(-)

diff --git a/cfg.mk b/cfg.mk
index 227c18b..0bf5bfc 100644
--- a/cfg.mk
+++ b/cfg.mk
@@ -841,7 +841,7 @@ $(srcdir)/src/remote/remote_client_bodies.h: 
$(srcdir)/src/remote/remote_protoco
  # List all syntax-check exemptions:
  exclude_file_name_regexp--sc_avoid_strcase = ^tools/virsh\.h$$
  
-_src1=libvirt|fdstream|qemu/qemu_monitor|util/(vircommand|virutil)|xen/xend_internal|rpc/virnetsocket|lxc/lxc_controller|locking/lock_daemon

+_src1=libvirt|fdstream|qemu/qemu_monitor|util/(vircommand|virfile)|xen/xend_internal|rpc/virnetsocket|lxc/lxc_controller|locking/lock_daemon
  _test1=shunloadtest|virnettlscontexttest|vircgroupmock
  exclude_file_name_regexp--sc_avoid_write = \
^(src/($(_src1))|daemon/libvirtd|tools/console|tests/($(_test1)))\.c$$
diff --git a/src/esx/esx_driver.c b/src/esx/esx_driver.c
index dcf64b8..eff02a0 100644
--- a/src/esx/esx_driver.c
+++ b/src/esx/esx_driver.c
@@ -2,7 +2,7 @@
  /*
   * esx_driver.c: core driver functions for managing VMware ESX hosts
   *
- * Copyright (C) 2010-2012 Red Hat, Inc.
+ * Copyright (C) 2010-2013 Red Hat, Inc.
   * Copyright (C) 2009-2013 Matthias Bolte 
   * Copyright (C) 2009 Maximilian Wilhelm 
   *
@@ -29,6 +29,7 @@
  #include "snapshot_conf.h"
  #include "virauth.h"
  #include "viralloc.h"
+#include "virfile.h"
  #include "virlog.h"
  #include "viruuid.h"
  #include "vmx.h"
@@ -44,8 +45,8 @@
  #include "esx_vi.h"
  #include "esx_vi_methods.h"
  #include "esx_util.h"
-#include "viruri.h"
  #include "virstring.h"
+#include "viruri.h"
  
  #define VIR_FROM_THIS VIR_FROM_ESX
  
diff --git a/src/esx/esx_storage_backend_vmfs.c b/src/esx/esx_storage_backend_vmfs.c

index 5d6f183..da27144 100644
--- a/src/esx/esx_storage_backend_vmfs.c
+++ b/src/esx/esx_storage_backend_vmfs.c
@@ -32,6 +32,7 @@
  #include "internal.h"
  #include "md5.h"
  #include "viralloc.h"
+#include "virfile.h"
  #include "virlog.h"
  #include "viruuid.h"
  #include "storage_conf.h"
diff --git a/src/libvirt.c b/src/libvirt.c
index 33a4419..1954051 100644
--- a/src/libvirt.c
+++ b/src/libvirt.c
@@ -59,6 +59,7 @@
  # include "rpc/virnettlscontext.h"
  #endif
  #include "vircommand.h"
+#include "virfile.h"
  #include "virrandom.h"
  #include "viruri.h"
  #include "virthread.h"
diff --git a

[libvirt] what does virDomainFree used for?

[yue]

hi,all
 i see many virDomainFree, what does it do?
 
thanks
 
log--
2013-05-10 02:46:51.315+: 1968: debug : virDomainFree:2313 : 
dom=0x7fbf5c000aa0, (VM: name=longg, uuid=bad73975-ffbc-4ed7-a497-2ca0038c726a)
2013-05-10 02:46:56.319+: 1963: debug : virDomainInterfaceStats:7223 : 
dom=0x7fbf68010ad0, (VM: name=longg, 
uuid=bad73975-ffbc-4ed7-a497-2ca0038c726a), path=vnet0, stats=0x7fbf808f4b00, 
size=64
2013-05-10 02:46:56.319+: 1963: debug : virDomainFree:2313 : 
dom=0x7fbf68010ad0, (VM: name=longg, uuid=bad73975-ffbc-4ed7-a497-2ca0038c726a)--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] libxl driver issue with console/virt-viewer

[Jim Fehlig]

Dario Faggioli wrote:
> Hi Jim, everyone,
>
> I'm having an issue using the libvirt's libxl driver while installing a
> Fedora 18 (via netinstall) on both Fedora 18 or rawhide host.
>
> So, what happens is, basically, that I do not see the output from the
> installer at all, neither in the virt-viewer instance that virt-install
> does pop-up automatically, nor trying to manually connect to the VM
> (either with virt-viewer or VNC). So, when I do:
>
> [xen@zhaman ~]$ sudo virt-install --paravirt --name f18-i386 --ram
> 2048 --vcpus 2 -f /dev/vms/f18_i386 --network bridge=virbr0 --location
> http://mirrors.rit.edu/fedora/linux//releases/18/Fedora/i386/os/
> Starting install...
> Retrieving file .treeinfo...| 2.4 kB  00:00:00 !!!
> Retrieving file vmlinuz-PAE...  | 9.3 MB  00:00:33 !!!
> Retrieving file initrd-PAE.img...   |  52 MB  00:04:11 !!!
> Creating domain...
>
> And then, in the virt-viewer window, I see a black screen and all it
> says is "serial0 console". using `xl console f18-i386' gives me some of
> the textual output of the installer (but nothing graphical, of course).
>   

Hmm, do you see things like /local/domain/0/backend/console/-1 in
xenstore instead of /local/domain/0/backend/console/?

I think you need this patch

http://xenbits.xen.org/gitweb/?p=xen.git;a=commit;h=5420f26507fc5c9853eb1076401a8658d72669da

which doesn't appear to be in Xen 4.2 afaict.

Regards,
Jim

> Both Fedora 18 and rawhide have the following version of Xen:
> [xen@zhaman ~]$ rpm -qa | grep xen
> xen-hypervisor-4.2.2-3.{fc18|fc20}.x86_64
> xen-4.2.2-3.{fc18|fc20}.x86_64
> ...
>
> Regarding libvirt, on F18 I have:
> [xen@zhaman ~]$ rpm -qa | grep libvirt
> libvirt-client-0.10.2.4-1.fc18.x86_64
> libvirt-daemon-driver-libxl-0.10.2.4-1.fc18.x86_64
> libvirt-daemon-0.10.2.4-1.fc18.x86_64
> libvirt-daemon-xen-0.10.2.4-1.fc18.x86_64
> ...
>
> While, on rawhide:
> [xen@zhaman ~]$ rpm -qa | grep libvirt
> libvirt-client-1.0.5-2.fc20.x86_64
> libvirt-daemon-driver-libxl-1.0.5-2.fc20.x86_64
> libvirt-daemon-1.0.5-2.fc20.x86_64
> libvirt-daemon-xen-1.0.5-2.fc20.x86_64
> ...
>
> I'm calling it a libxl driver problem since, with both versions, if I
> start xend, things work fine, and I can see both the textual and
> graphical phases of the Fedora installer in the virt-viewer window from
> the very beginning.
>
> I checked in /var/log/libvirt/libxl/libxl.log, but couldn't find
> anything particular. Also, I tried to `virsh edit xxx' in the libxl and
> xend cases, and the result is attached.
>
> The only difference between the two files that looks relevant to me is
> the presence of the following section in the xend version:
>
> 
>   
> 
>
> However, I tried passing "--console pty,target_type=xen" to virt-install
> when using the libxl driver, which caused a similar section to appear in
> the XML of that solution too, but _did_NOT_ solve the issue.
>
> Any idea on what can cause this?
>
> Thanks and Regards,
> Dario
>
>   

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 04/11] Convert Xen domain managed save driver methods to use virDomainDefPtr

[Jim Fehlig]

Daniel P. Berrange wrote:
> From: "Daniel P. Berrange" 
>
> Introduce use of a virDomainDefPtr in the domain save
> APIs to simplify introduction of ACL security checks.
> The virDomainPtr cannot be safely used, since the app
> may have supplied mis-matching name/uuid/id fields. eg
> the name points to domain X, while the uuid points to
> domain Y. Resolving the virDomainPtr to a virDomainDefPtr
> ensures a consistent name/uuid/id set.
>
> Signed-off-by: Daniel P. Berrange 
> ---
>  src/xen/xen_driver.c| 72 
> -
>  src/xen/xend_internal.c | 23 +---
>  src/xen/xend_internal.h |  7 +++--
>  src/xen/xm_internal.c   | 25 -
>  src/xen/xm_internal.h   |  3 ++-
>  5 files changed, 86 insertions(+), 44 deletions(-)
>
> diff --git a/src/xen/xen_driver.c b/src/xen/xen_driver.c
> index 68a86b7..89b038c 100644
> --- a/src/xen/xen_driver.c
> +++ b/src/xen/xen_driver.c
> @@ -1038,14 +1038,25 @@ static int
>  xenUnifiedDomainSaveFlags(virDomainPtr dom, const char *to, const char *dxml,
>unsigned int flags)
>  {
> +int ret = -1;
> +virDomainDefPtr def;
> +
>  virCheckFlags(0, -1);
> +
>  if (dxml) {
>  virReportError(VIR_ERR_ARGUMENT_UNSUPPORTED, "%s",
> _("xml modification unsupported"));
>  return -1;
>  }
>  
> -return xenDaemonDomainSave(dom, to);
> +if (!(def = xenGetDomainDefForDom(dom)))
> +goto cleanup;
> +
> +ret = xenDaemonDomainSave(dom->conn, def, to);
> +
> +cleanup:
> +virDomainDefFree(def);
> +return ret;
>  }
>  
>  static int
> @@ -1055,11 +1066,12 @@ xenUnifiedDomainSave(virDomainPtr dom, const char *to)
>  }
>  
>  static char *
> -xenUnifiedDomainManagedSavePath(xenUnifiedPrivatePtr priv, virDomainPtr dom)
> +xenUnifiedDomainManagedSavePath(xenUnifiedPrivatePtr priv,
> +virDomainDefPtr def)
>   

This still fits on one line.

>  {
>  char *ret;
>  
> -if (virAsprintf(&ret, "%s/%s.save", priv->saveDir, dom->name) < 0) {
> +if (virAsprintf(&ret, "%s/%s.save", priv->saveDir, def->name) < 0) {
>  virReportOOMError();
>  return NULL;
>  }
> @@ -1072,19 +1084,23 @@ static int
>  xenUnifiedDomainManagedSave(virDomainPtr dom, unsigned int flags)
>  {
>  xenUnifiedPrivatePtr priv = dom->conn->privateData;
> -char *name;
> +char *name = NULL;
> +virDomainDefPtr def = NULL;
>  int ret = -1;
>  
>  virCheckFlags(0, -1);
>  
> -name = xenUnifiedDomainManagedSavePath(priv, dom);
> -if (!name)
> +if (!(def = xenGetDomainDefForDom(dom)))
> +goto cleanup;
> +
> +if (!(name = xenUnifiedDomainManagedSavePath(priv, def)))
>  goto cleanup;
>  
> -ret = xenDaemonDomainSave(dom, name);
> +ret = xenDaemonDomainSave(dom->conn, def, name);
>  
>  cleanup:
>  VIR_FREE(name);
> +virDomainDefFree(def);
>  return ret;
>  }
>  
> @@ -1092,17 +1108,23 @@ static int
>  xenUnifiedDomainHasManagedSaveImage(virDomainPtr dom, unsigned int flags)
>  {
>  xenUnifiedPrivatePtr priv = dom->conn->privateData;
> -char *name;
> +char *name = NULL;
> +virDomainDefPtr def = NULL;
>  int ret = -1;
>  
>  virCheckFlags(0, -1);
>  
> -name = xenUnifiedDomainManagedSavePath(priv, dom);
> -if (!name)
> -return ret;
> +if (!(def = xenGetDomainDefForDom(dom)))
> +goto cleanup;
> +
> +if (!(name = xenUnifiedDomainManagedSavePath(priv, def)))
> +goto cleanup;
>  
>  ret = virFileExists(name);
> +
> +cleanup:
>  VIR_FREE(name);
> +virDomainDefFree(def);
>  return ret;
>  }
>  
> @@ -1110,16 +1132,21 @@ static int
>  xenUnifiedDomainManagedSaveRemove(virDomainPtr dom, unsigned int flags)
>  {
>  xenUnifiedPrivatePtr priv = dom->conn->privateData;
> -char *name;
> +char *name = NULL;
> +virDomainDefPtr def = NULL;
>  int ret = -1;
>  
>  virCheckFlags(0, -1);
>  
> -name = xenUnifiedDomainManagedSavePath(priv, dom);
> -if (!name)
> -return ret;
> +if (!(def = xenGetDomainDefForDom(dom)))
> +goto cleanup;
> +
> +if (!(name = xenUnifiedDomainManagedSavePath(priv, def)))
> +goto cleanup;
>  
>  ret = unlink(name);
> +
> +cleanup:
>  VIR_FREE(name);
>  return ret;
>  }
> @@ -1496,12 +1523,15 @@ xenUnifiedDomainCreateWithFlags(virDomainPtr dom, 
> unsigned int flags)
>  {
>  xenUnifiedPrivatePtr priv = dom->conn->privateData;
>  int ret = -1;
> +virDomainDefPtr def = NULL;
>  char *name = NULL;
>  
>  virCheckFlags(0, -1);
>  
> -name = xenUnifiedDomainManagedSavePath(priv, dom);
> -if (!name)
> +if (!(def = xenGetDomainDefForDom(dom)))
> +goto cleanup;
> +
> +if (!(name = xenUnifiedDomainManagedSavePath(priv, def)))
>  goto cleanup;
>  
>  if (virFileExists(name)) {
> @@ -1512,11 +1542,15 @@ xenUnifiedDomainCreateWithFlags(vi

[libvirt] [PATCH 2/2] dom event example: Add error check to impl call

[Jesse J. Cook]

From: "Jesse J. Cook" 

Added error checking to virEventRegisterDefaultImpl call for consistency.
---
 examples/domain-events/events-c/event-test.c |6 +-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/examples/domain-events/events-c/event-test.c 
b/examples/domain-events/events-c/event-test.c
index 09ec6aa..046c36e 100644
--- a/examples/domain-events/events-c/event-test.c
+++ b/examples/domain-events/events-c/event-test.c
@@ -474,7 +474,11 @@ int main(int argc, char **argv)
 err && err->message ? err->message: "Unknown error");
 }
 
-virEventRegisterDefaultImpl();
+if(0 != virEventRegisterDefaultImpl()) {
+virErrorPtr err = virGetLastError();
+fprintf(stderr, "Failed to register event implementation: %s\n",
+err && err->message ? err->message: "Unknown error");
+}
 
 virConnectPtr dconn = NULL;
 dconn = virConnectOpenAuth(argc > 1 ? argv[1] : NULL,
-- 
1.7.10.4

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] [PATCH 0/2] Domain event example C code misues api

[Jesse J. Cook]

From: "Jesse J. Cook" 

The example program makes a call to virEventRegisterDefaultImpl before calling
virConnectOpen without a call to virInitialize. Interestingly enough, the
example code works.  However, once you introduce a call to g_string_new it
breaks. This can result in unintentional misuse of the API.

Relates to: Red Hat Bugzilla – Bug 961155

Jesse J. Cook (2):
  dom event example: init before register event impl
  dom event example: Add error check to impl call

 examples/domain-events/events-c/event-test.c |   12 +++-
 1 file changed, 11 insertions(+), 1 deletion(-)

-- 
1.7.10.4

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] [PATCH 1/2] dom event example: init before register event impl

[Jesse J. Cook]

From: "Jesse J. Cook" 

In the domain-events example C code virEventRegisterDefaultImpl was being
called before virConnectOpen without first calling virInitialize. While this
code worked, it is incorrect. Adding a call to g_string_new prior to the call
to virEventRegisterDefaultImpl would cause the code to break. This fix will
help avoid unintentional misue of the API.

Relates to: Ret Hat Bugzilla - Bug 961155
---
 examples/domain-events/events-c/event-test.c |6 ++
 1 file changed, 6 insertions(+)

diff --git a/examples/domain-events/events-c/event-test.c 
b/examples/domain-events/events-c/event-test.c
index ede9796..09ec6aa 100644
--- a/examples/domain-events/events-c/event-test.c
+++ b/examples/domain-events/events-c/event-test.c
@@ -468,6 +468,12 @@ int main(int argc, char **argv)
 return -1;
 }
 
+if(0 != virInitialize()) {
+virErrorPtr err = virGetLastError();
+fprintf(stderr, "Failed to initialize: %s\n",
+err && err->message ? err->message: "Unknown error");
+}
+
 virEventRegisterDefaultImpl();
 
 virConnectPtr dconn = NULL;
-- 
1.7.10.4

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 03/11] Convert Xen domain property driver methods to use virDomainDefPtr

[Jim Fehlig]

Daniel P. Berrange wrote:
> From: "Daniel P. Berrange" 
>
> Introduce use of a virDomainDefPtr in the domain property
> APIs to simplify introduction of ACL security checks.
> The virDomainPtr cannot be safely used, since the app
> may have supplied mis-matching name/uuid/id fields. eg
> the name points to domain X, while the uuid points to
> domain Y. Resolving the virDomainPtr to a virDomainDefPtr
> ensures a consistent name/uuid/id set.
>
> Signed-off-by: Daniel P. Berrange 
> ---
>  src/xen/xen_driver.c | 98 
> +---
>  src/xen/xen_hypervisor.c | 42 +++--
>  src/xen/xen_hypervisor.h | 18 +
>  src/xen/xend_internal.c  | 44 +-
>  src/xen/xend_internal.h  | 21 ---
>  src/xen/xm_internal.c| 41 +++-
>  src/xen/xm_internal.h| 18 ++---
>  7 files changed, 187 insertions(+), 95 deletions(-)
>
> diff --git a/src/xen/xen_driver.c b/src/xen/xen_driver.c
> index 37107ff..68a86b7 100644
> --- a/src/xen/xen_driver.c
> +++ b/src/xen/xen_driver.c
> @@ -889,18 +889,27 @@ static char *
>  xenUnifiedDomainGetOSType(virDomainPtr dom)
>  {
>  xenUnifiedPrivatePtr priv = dom->conn->privateData;
> +char *ret = NULL;
> +virDomainDefPtr def;
>  
> -if (dom->id < 0) {
> +if (!(def = xenGetDomainDefForDom(dom)))
> +goto cleanup;
> +
> +if (def->id < 0) {
>  if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) {
>  virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
> _("Unable to query OS type for inactive domain"));
>  return NULL;
>  } else {
> -return xenDaemonDomainGetOSType(dom);
> +ret = xenHypervisorDomainGetOSType(dom->conn, def);
>   

Should still call xenDaemonDomainGetOSType here since id < 0 right?

>  }
>  } else {
> -return xenHypervisorDomainGetOSType(dom);
> +ret = xenDaemonDomainGetOSType(dom->conn, def);
>   

And call the hypervisor one here when the domain is active.

>  }
> +
> +cleanup:
> +virDomainDefFree(def);
> +return ret;
>  }
>  
>  
> @@ -908,56 +917,92 @@ static unsigned long long
>  xenUnifiedDomainGetMaxMemory(virDomainPtr dom)
>  {
>  xenUnifiedPrivatePtr priv = dom->conn->privateData;
> +unsigned long long ret = 0;
> +virDomainDefPtr def;
>  
> -if (dom->id < 0) {
> +if (!(def = xenGetDomainDefForDom(dom)))
> +goto cleanup;
> +
> +if (def->id < 0) {
>  if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4)
> -return xenXMDomainGetMaxMemory(dom);
> +ret = xenXMDomainGetMaxMemory(dom->conn, def);
>  else
> -return xenDaemonDomainGetMaxMemory(dom);
> +ret = xenDaemonDomainGetMaxMemory(dom->conn, def);
>  } else {
> -return xenHypervisorGetMaxMemory(dom);
> +ret = xenHypervisorGetMaxMemory(dom->conn, def);
>  }
> +
> +cleanup:
> +virDomainDefFree(def);
> +return ret;
>  }
>  
>  static int
>  xenUnifiedDomainSetMaxMemory(virDomainPtr dom, unsigned long memory)
>  {
>  xenUnifiedPrivatePtr priv = dom->conn->privateData;
> +int ret = -1;
> +virDomainDefPtr def;
>  
> -if (dom->id < 0) {
> +if (!(def = xenGetDomainDefForDom(dom)))
> +goto cleanup;
> +
> +if (def->id < 0) {
>  if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4)
> -return xenXMDomainSetMaxMemory(dom, memory);
> +ret = xenXMDomainSetMaxMemory(dom->conn, def, memory);
>  else
> -return xenDaemonDomainSetMaxMemory(dom, memory);
> +ret = xenDaemonDomainSetMaxMemory(dom->conn, def, memory);
>  } else {
> -return xenHypervisorSetMaxMemory(dom, memory);
> +ret = xenHypervisorSetMaxMemory(dom->conn, def, memory);
>  }
> +
> +cleanup:
> +virDomainDefFree(def);
> +return ret;
>  }
>  
>  static int
>  xenUnifiedDomainSetMemory(virDomainPtr dom, unsigned long memory)
>  {
>  xenUnifiedPrivatePtr priv = dom->conn->privateData;
> +int ret = -1;
> +virDomainDefPtr def;
>  
> -if (dom->id < 0 && priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4)
> -return xenXMDomainSetMemory(dom, memory);
> +if (!(def = xenGetDomainDefForDom(dom)))
> +goto cleanup;
> +
> +if (def->id < 0 && priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4)
> +ret = xenXMDomainSetMemory(dom->conn, def, memory);
>  else
> -return xenDaemonDomainSetMemory(dom, memory);
> +ret = xenDaemonDomainSetMemory(dom->conn, def, memory);
> +
> +cleanup:
> +virDomainDefFree(def);
> +return ret;
>  }
>  
>  static int
>  xenUnifiedDomainGetInfo(virDomainPtr dom, virDomainInfoPtr info)
>  {
>  xenUnifiedPrivatePtr priv = dom->conn->privateData;
> +int ret = -1;
> +virDomainDefPtr def;
>  
> -if (dom->id < 0) {
> +if (!(def = xenGetDomainDefForDom(dom)))
> +

Re: [libvirt] [PATCH 02/11] Convert Xen domain lifecycle driver methods to use virDomainDefPtr

[Jim Fehlig]

Daniel P. Berrange wrote:
> From: "Daniel P. Berrange" 
>
> Introduce use of a virDomainDefPtr in the domain lifecycle
> APIs to simplify introduction of ACL security checks.
> The virDomainPtr cannot be safely used, since the app
> may have supplied mis-matching name/uuid/id fields. eg
> the name points to domain X, while the uuid points to
> domain Y. Resolving the virDomainPtr to a virDomainDefPtr
> ensures a consistent name/uuid/id set.
>
> Signed-off-by: Daniel P. Berrange 
> ---
>  src/xen/xen_driver.c| 67 
> +
>  src/xen/xend_internal.c | 60 ++-
>  src/xen/xend_internal.h | 10 
>  src/xen/xm_internal.c   |  8 +++---
>  4 files changed, 103 insertions(+), 42 deletions(-)
>   

Looks good. ACK.

Regards,
Jim

> diff --git a/src/xen/xen_driver.c b/src/xen/xen_driver.c
> index d9420d8..37107ff 100644
> --- a/src/xen/xen_driver.c
> +++ b/src/xen/xen_driver.c
> @@ -136,6 +136,13 @@ static virDomainDefPtr 
> xenGetDomainDefForUUID(virConnectPtr conn, const unsigned
>  }
>  
>  
> +static virDomainDefPtr xenGetDomainDefForDom(virDomainPtr dom)
> +{
> +/* UUID lookup is more efficient than name lookup */
> +return xenGetDomainDefForUUID(dom->conn, dom->uuid);
> +}
> +
> +
>  /**
>   * xenNumaInit:
>   * @conn: pointer to the hypervisor connection
> @@ -781,22 +788,52 @@ xenUnifiedDomainIsUpdated(virDomainPtr dom 
> ATTRIBUTE_UNUSED)
>  static int
>  xenUnifiedDomainSuspend(virDomainPtr dom)
>  {
> -return xenDaemonDomainSuspend(dom);
> +int ret = -1;
> +virDomainDefPtr def;
> +
> +if (!(def = xenGetDomainDefForDom(dom)))
> +goto cleanup;
> +
> +ret = xenDaemonDomainSuspend(dom->conn, def);
> +
> +cleanup:
> +virDomainDefFree(def);
> +return ret;
>  }
>  
>  static int
>  xenUnifiedDomainResume(virDomainPtr dom)
>  {
> -return xenDaemonDomainResume(dom);
> +int ret = -1;
> +virDomainDefPtr def;
> +
> +if (!(def = xenGetDomainDefForDom(dom)))
> +goto cleanup;
> +
> +ret = xenDaemonDomainResume(dom->conn, def);
> +
> +cleanup:
> +virDomainDefFree(def);
> +return ret;
>  }
>  
>  static int
>  xenUnifiedDomainShutdownFlags(virDomainPtr dom,
>unsigned int flags)
>  {
> +int ret = -1;
> +virDomainDefPtr def;
> +
>  virCheckFlags(0, -1);
>  
> -return xenDaemonDomainShutdown(dom);
> +if (!(def = xenGetDomainDefForDom(dom)))
> +goto cleanup;
> +
> +ret = xenDaemonDomainShutdown(dom->conn, def);
> +
> +cleanup:
> +virDomainDefFree(def);
> +return ret;
>  }
>  
>  static int
> @@ -808,18 +845,38 @@ xenUnifiedDomainShutdown(virDomainPtr dom)
>  static int
>  xenUnifiedDomainReboot(virDomainPtr dom, unsigned int flags)
>  {
> +int ret = -1;
> +virDomainDefPtr def;
> +
>  virCheckFlags(0, -1);
>  
> -return xenDaemonDomainReboot(dom);
> +if (!(def = xenGetDomainDefForDom(dom)))
> +goto cleanup;
> +
> +ret = xenDaemonDomainReboot(dom->conn, def);
> +
> +cleanup:
> +virDomainDefFree(def);
> +return ret;
>  }
>  
>  static int
>  xenUnifiedDomainDestroyFlags(virDomainPtr dom,
>   unsigned int flags)
>  {
> +int ret = -1;
> +virDomainDefPtr def;
> +
>  virCheckFlags(0, -1);
>  
> -return xenDaemonDomainDestroy(dom);
> +if (!(def = xenGetDomainDefForDom(dom)))
> +goto cleanup;
> +
> +ret = xenDaemonDomainDestroy(dom->conn, def);
> +
> +cleanup:
> +virDomainDefFree(def);
> +return ret;
>  }
>  
>  static int
> diff --git a/src/xen/xend_internal.c b/src/xen/xend_internal.c
> index 5ea1627..f8bd72b 100644
> --- a/src/xen/xend_internal.c
> +++ b/src/xen/xend_internal.c
> @@ -1251,7 +1251,8 @@ xenDaemonClose(virConnectPtr conn ATTRIBUTE_UNUSED)
>  
>  /**
>   * xenDaemonDomainSuspend:
> - * @domain: pointer to the Domain block
> + * @conn: the connection object
> + * @def: the domain to suspend
>   *
>   * Pause the domain, the domain is not scheduled anymore though its resources
>   * are preserved. Use xenDaemonDomainResume() to resume execution.
> @@ -1259,41 +1260,42 @@ xenDaemonClose(virConnectPtr conn ATTRIBUTE_UNUSED)
>   * Returns 0 in case of success, -1 (with errno) in case of error.
>   */
>  int
> -xenDaemonDomainSuspend(virDomainPtr domain)
> +xenDaemonDomainSuspend(virConnectPtr conn, virDomainDefPtr def)
>  {
> -if (domain->id < 0) {
> +if (def->id < 0) {
>  virReportError(VIR_ERR_OPERATION_INVALID,
> -   _("Domain %s isn't running."), domain->name);
> +   _("Domain %s isn't running."), def->name);
>  return -1;
>  }
>  
> -return xend_op(domain->conn, domain->name, "op", "pause", NULL);
> +return xend_op(conn, def->name, "op", "pause", NULL);
>  }
>  
>  /**
>   * xenDaemonDomainResume:
> - * @xend: pointer to the Xen Daemon block
> - * @name: name for the domain
> + * @conn: the connect

[libvirt] libxl driver issue with console/virt-viewer

[Dario Faggioli]

Hi Jim, everyone,

I'm having an issue using the libvirt's libxl driver while installing a
Fedora 18 (via netinstall) on both Fedora 18 or rawhide host.

So, what happens is, basically, that I do not see the output from the
installer at all, neither in the virt-viewer instance that virt-install
does pop-up automatically, nor trying to manually connect to the VM
(either with virt-viewer or VNC). So, when I do:

[xen@zhaman ~]$ sudo virt-install --paravirt --name f18-i386 --ram
2048 --vcpus 2 -f /dev/vms/f18_i386 --network bridge=virbr0 --location
http://mirrors.rit.edu/fedora/linux//releases/18/Fedora/i386/os/
Starting install...
Retrieving file .treeinfo...| 2.4 kB  00:00:00 !!!
Retrieving file vmlinuz-PAE...  | 9.3 MB  00:00:33 !!!
Retrieving file initrd-PAE.img...   |  52 MB  00:04:11 !!!
Creating domain...

And then, in the virt-viewer window, I see a black screen and all it
says is "serial0 console". using `xl console f18-i386' gives me some of
the textual output of the installer (but nothing graphical, of course).

Both Fedora 18 and rawhide have the following version of Xen:
[xen@zhaman ~]$ rpm -qa | grep xen
xen-hypervisor-4.2.2-3.{fc18|fc20}.x86_64
xen-4.2.2-3.{fc18|fc20}.x86_64
...

Regarding libvirt, on F18 I have:
[xen@zhaman ~]$ rpm -qa | grep libvirt
libvirt-client-0.10.2.4-1.fc18.x86_64
libvirt-daemon-driver-libxl-0.10.2.4-1.fc18.x86_64
libvirt-daemon-0.10.2.4-1.fc18.x86_64
libvirt-daemon-xen-0.10.2.4-1.fc18.x86_64
...

While, on rawhide:
[xen@zhaman ~]$ rpm -qa | grep libvirt
libvirt-client-1.0.5-2.fc20.x86_64
libvirt-daemon-driver-libxl-1.0.5-2.fc20.x86_64
libvirt-daemon-1.0.5-2.fc20.x86_64
libvirt-daemon-xen-1.0.5-2.fc20.x86_64
...

I'm calling it a libxl driver problem since, with both versions, if I
start xend, things work fine, and I can see both the textual and
graphical phases of the Fedora installer in the virt-viewer window from
the very beginning.

I checked in /var/log/libvirt/libxl/libxl.log, but couldn't find
anything particular. Also, I tried to `virsh edit xxx' in the libxl and
xend cases, and the result is attached.

The only difference between the two files that looks relevant to me is
the presence of the following section in the xend version:


  


However, I tried passing "--console pty,target_type=xen" to virt-install
when using the libxl driver, which caused a similar section to appear in
the XML of that solution too, but _did_NOT_ solve the issue.

Any idea on what can cause this?

Thanks and Regards,
Dario

-- 
<> (Raistlin Majere)
-
Dario Faggioli, Ph.D, http://about.me/dario.faggioli
Senior Software Engineer, Citrix Systems R&D Ltd., Cambridge (UK)



virt-edit.libxl
Description: Binary data


virt-edit.xend
Description: Binary data


signature.asc
Description: This is a digitally signed message part
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] [PATCH 1/2] util: fix virFileOpenAs return value and resulting error logs

[Laine Stump]

This resolves:

 https://bugzilla.redhat.com/show_bug.cgi?id=851411
 https://bugzilla.redhat.com/show_bug.cgi?id=955500

The first problem was that virFileOpenAs was returning fd (-1) in one
of the error cases rather than ret (-errno), so the caller thought
that the error was EPERM rather than ENOENT.

The second problem was that some log messages in the general purpose
qemuOpenFile() function would always say "Failed to create" even if
the caller hadn't included O_CREAT (i.e. they were trying to open an
existing file).

This fixes virFileOpenAs to jup down to the error return (which
returns ret instead of fd) in the previously incorrect failure case of
virFileOpenAs(), removes all error logging from virFileOpenAs() (since
the callers report it), and modifies qemuOpenFile to appropriately use
"open" or "create" in its log messages.

NB: I seriously considered removing logging from all callers of
virFileOpenAs(), but there is at least one case where the callers
doesn't want virFileOpenAs() to log any errors, because it's just
going to try again (qemuOpenFile(). We can't simply make a silent
variation of virFileOpenAs() though, because qemuOpenFile() can't make
the decision about whether or not it wants to retry until after
virFileOpenAs() has already returned an error code.

Likewise, I also considered changing virFileOpenAs() to return -1 with
errno set on return, and may still do that, but only as a separate
patch, as it obscures the intent of this patch too much.
---
 src/libxl/libxl_driver.c  |  6 ++---
 src/qemu/qemu_driver.c| 55 ++-
 src/storage/storage_backend.c |  2 +-
 src/util/virstoragefile.c |  4 ++--
 src/util/virutil.c| 35 ---
 5 files changed, 44 insertions(+), 58 deletions(-)

diff --git a/src/libxl/libxl_driver.c b/src/libxl/libxl_driver.c
index 7361743..f09f7eb 100644
--- a/src/libxl/libxl_driver.c
+++ b/src/libxl/libxl_driver.c
@@ -1,5 +1,5 @@
 /*---*/
-/*  Copyright (C) 2006-2012 Red Hat, Inc.
+/*  Copyright (C) 2006-2013 Red Hat, Inc.
  *  Copyright (C) 2011-2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
  *  Copyright (C) 2011 Univention GmbH.
  *
@@ -550,8 +550,8 @@ libxlSaveImageOpen(libxlDriverPrivatePtr driver, const char 
*from,
 char *xml = NULL;
 
 if ((fd = virFileOpenAs(from, O_RDONLY, 0, -1, -1, 0)) < 0) {
-virReportError(VIR_ERR_OPERATION_FAILED,
-   "%s", _("cannot read domain image"));
+virReportSystemError(-fd,
+ _("Failed to open domain image file '%s'"), from);
 goto error;
 }
 
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 0aceb17..5657abc 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -2562,10 +2562,9 @@ qemuOpenFile(virQEMUDriverPtr driver, const char *path, 
int oflags,
 
 /* First try creating the file as root */
 if (!is_reg) {
-fd = open(path, oflags & ~O_CREAT);
-if (fd < 0) {
-virReportSystemError(errno, _("unable to open %s"), path);
-goto cleanup;
+if ((fd = open(path, oflags & ~O_CREAT)) < 0) {
+fd = -errno;
+goto error;
 }
 } else {
 if ((fd = virFileOpenAs(path, oflags, S_IRUSR | S_IWUSR, uid, gid,
@@ -2576,36 +2575,30 @@ qemuOpenFile(virQEMUDriverPtr driver, const char *path, 
int oflags,
qemu user (cfg->user) is non-root, just set a flag to
bypass security driver shenanigans, and retry the operation
after doing setuid to qemu user */
-if ((fd != -EACCES && fd != -EPERM) ||
-cfg->user == getuid()) {
-virReportSystemError(-fd,
- _("Failed to create file '%s'"),
- path);
-goto cleanup;
-}
+if ((fd != -EACCES && fd != -EPERM) || cfg->user == getuid())
+goto error;
 
 /* On Linux we can also verify the FS-type of the directory. */
 switch (path_shared) {
 case 1:
-   /* it was on a network share, so we'll continue
-* as outlined above
-*/
-   break;
+/* it was on a network share, so we'll continue
+ * as outlined above
+ */
+break;
 
 case -1:
-   virReportSystemError(errno,
-_("Failed to create file "
-  "'%s': couldn't determine fs type"),
-path);
-   goto cleanup;
+virReportSystemError(-fd, oflags & O_CREAT
+ ? _("Failed to create fil

Re: [libvirt] [PATCH] Replace 'goto clean' with 'goto cleanup' in apparmor code

[Eric Blake]

On 05/09/2013 07:24 AM, Michal Privoznik wrote:
> On 09.05.2013 15:02, Daniel P. Berrange wrote:
>> From: "Daniel P. Berrange" 
>>
>> Some of the apparmor code files did not follow the normal
>> goto label naming pratices
>>
>> Signed-off-by: Daniel P. Berrange 
>> ---
>>  src/security/security_apparmor.c | 34 ++---
>>  src/security/virt-aa-helper.c| 66 
>> 
>>  2 files changed, 50 insertions(+), 50 deletions(-)
>>
> 
> Funny, I've just used 'git show -W' for the first time :)

And in true (annoying) git fashion, 'git show --help' doesn't mention
-W; you have to look at 'git diff --help' to learn that means
--function-context.  A new trick to me as well :)

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH] Fix naming of methods in ESX storage backends to follow public APIs

[Eric Blake]

On 05/09/2013 07:12 AM, Daniel P. Berrange wrote:
> From: "Daniel P. Berrange" 
> 
> The previous update of method naming missed the ESX storage
> backend files. Update them is that the driver impl methods
> follow the naming of the public API but with s/vir/esx/
> 
> Signed-off-by: Daniel P. Berrange 
> ---
>  src/esx/esx_storage_backend_iscsi.c | 104 
> ++--
>  src/esx/esx_storage_backend_vmfs.c  | 104 
> ++--
>  2 files changed, 104 insertions(+), 104 deletions(-)

ACK.  Mostly mechanical, and consistent with other patches.

Didn't you write a 'make check' rule that was supposed to catch
mismatches?  If so, doesn't that rule need to be updated to avoid
regressions in this file, since obviously this file escaped detection
the first time?

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 01/11] Convert Xen domain lookup driver methods to use virDomainDefPtr

[Jim Fehlig]

Daniel P. Berrange wrote:
> From: "Daniel P. Berrange" 
>
> Introduce use of a virDomainDefPtr in the domain lookup
> APIs to simplify introduction of ACL security checks.
> The virDomainPtr cannot be safely used, since the app
> may have supplied mis-matching name/uuid/id fields. eg
> the name points to domain X, while the uuid points to
> domain Y. Resolving the virDomainPtr to a virDomainDefPtr
> ensures a consistent name/uuid/id set.
>
> Signed-off-by: Daniel P. Berrange 
> ---
>  src/conf/domain_conf.c   |  24 
>  src/conf/domain_conf.h   |   4 ++
>  src/libvirt_private.syms |   1 +
>  src/xen/xen_driver.c | 147 
> +++
>  src/xen/xen_hypervisor.c |  17 +++---
>  src/xen/xen_hypervisor.h |   8 +--
>  src/xen/xen_inotify.c|  14 ++---
>  src/xen/xend_internal.c  |  34 +--
>  src/xen/xend_internal.h  |   4 +-
>  src/xen/xm_internal.c|  30 --
>  src/xen/xm_internal.h|   5 +-
>  11 files changed, 173 insertions(+), 115 deletions(-)
>
> diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
> index d55ce6b..61995cd 100644
> --- a/src/conf/domain_conf.c
> +++ b/src/conf/domain_conf.c
> @@ -2048,6 +2048,30 @@ error:
>  return NULL;
>  }
>  
> +
>   

Extra newline? I've noticed inconsistencies throughout most of the files
wrt 1 or 2 newlines between function definitions, so difficult to say
which is preferred.

> +virDomainDefPtr virDomainDefNew(const char *name,
> +const unsigned char *uuid,
> +int id)
> +{
> +virDomainDefPtr def;
> +
> +if (VIR_ALLOC(def) < 0) {
> +virReportOOMError();
> +return NULL;
> +}
> +
> +if (!(def->name = strdup(name))) {
> +VIR_FREE(def);
> +return NULL;
> +}
> +
> +memcpy(def->uuid, uuid, VIR_UUID_BUFLEN);
> +def->id = id;
> +
> +return def;
> +}
> +
> +
>  void virDomainObjAssignDef(virDomainObjPtr domain,
> const virDomainDefPtr def,
> bool live,
> diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
> index 21f7ce2..f7644a6 100644
> --- a/src/conf/domain_conf.h
> +++ b/src/conf/domain_conf.h
> @@ -2147,6 +2147,10 @@ void virDomainDefFree(virDomainDefPtr vm);
>  
>  virDomainChrDefPtr virDomainChrDefNew(void);
>  
> +virDomainDefPtr virDomainDefNew(const char *name,
> +const unsigned char *uuid,
> +int id);
> +
>  enum {
>  VIR_DOMAIN_OBJ_LIST_ADD_LIVE = (1 << 0),
>  VIR_DOMAIN_OBJ_LIST_ADD_CHECK_LIVE = (1 << 1),
> diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
> index bb70595..d2f5827 100644
> --- a/src/libvirt_private.syms
> +++ b/src/libvirt_private.syms
> @@ -117,6 +117,7 @@ virDomainDefGenSecurityLabelDef;
>  virDomainDefGetDefaultEmulator;
>  virDomainDefGetSecurityLabelDef;
>  virDomainDefMaybeAddController;
> +virDomainDefNew;
>  virDomainDefParseFile;
>  virDomainDefParseNode;
>  virDomainDefParseString;
> diff --git a/src/xen/xen_driver.c b/src/xen/xen_driver.c
> index cc54f7a..d9420d8 100644
> --- a/src/xen/xen_driver.c
> +++ b/src/xen/xen_driver.c
> @@ -82,6 +82,60 @@ xenUnifiedDomainGetVcpus(virDomainPtr dom,
>  
>  static bool is_privileged = false;
>  
> +static virDomainDefPtr xenGetDomainDefForID(virConnectPtr conn, int id)
> +{
> +virDomainDefPtr ret;
> +
> +ret = xenHypervisorLookupDomainByID(conn, id);
> +
> +if (!ret && virGetLastError() == NULL)
> +virReportError(VIR_ERR_NO_DOMAIN, __FUNCTION__);
> +
> +return ret;
> +}
> +
> +
> +static virDomainDefPtr xenGetDomainDefForName(virConnectPtr conn, const char 
> *name)
> +{
> +xenUnifiedPrivatePtr priv = conn->privateData;
> +virDomainDefPtr ret;
> +
> +ret = xenDaemonLookupByName(conn, name);
> +
> +/* Try XM for inactive domains. */
> +if (!ret &&
> +priv->xendConfigVersion <= XEND_CONFIG_VERSION_3_0_3)
> +ret = xenXMDomainLookupByName(conn, name);
> +
> +if (!ret && virGetLastError() == NULL)
> +virReportError(VIR_ERR_NO_DOMAIN, __FUNCTION__);
> +
> +return ret;
> +}
> +
> +
> +static virDomainDefPtr xenGetDomainDefForUUID(virConnectPtr conn, const 
> unsigned char *uuid)
> +{
> +xenUnifiedPrivatePtr priv = conn->privateData;
> +virDomainDefPtr ret;
> +
> +ret = xenHypervisorLookupDomainByUUID(conn, uuid);
> +
> +/* Try XM for inactive domains. */
> +if (!ret) {
> +if (priv->xendConfigVersion <= XEND_CONFIG_VERSION_3_0_3)
> +ret = xenXMDomainLookupByUUID(conn, uuid);
> +else
> +ret = xenDaemonLookupByUUID(conn, uuid);
> +}
> +
> +if (!ret && virGetLastError() == NULL)
> +virReportError(VIR_ERR_NO_DOMAIN, __FUNCTION__);
> +
> +return ret;
> +}
> +
> +
>  /**
>   * xenNumaInit:
>   * @conn: pointer to the hypervisor connection
> @@ -597,12 +651,18 @@ static virDomainPtr
>  xenUnifiedDoma

[libvirt] [PATCH] tests: use portable shell code

[Eric Blake]

'make check' fails since commit 470d5c46 on any system with dash
as /bin/sh, because '<<<' is a bash extension.  For example:

nwfilterschematest: 23: /home/eblake/libvirt/tests/schematestutils.sh: Syntax 
error: redirection unexpected

Also, there is no need to spawn a grep process when shell globbing
can do the same.

* tests/schematestutils.sh: Replace bashism and subprocess with a
faster and portable construct.

Signed-off-by: Eric Blake 
---

Pushing under the build-breaker rule.

 tests/schematestutils.sh | 18 ++
 1 file changed, 6 insertions(+), 12 deletions(-)

diff --git a/tests/schematestutils.sh b/tests/schematestutils.sh
index e739b99..e594f04 100644
--- a/tests/schematestutils.sh
+++ b/tests/schematestutils.sh
@@ -20,18 +20,12 @@ do
 result=`$cmd 2>&1`
 ret=$?

-grep -- '-invalid.xml$' <<< "$xml" 2>&1 >/dev/null
-invalid=$?
-
-# per xmllint man page, the return codes for validation error
-# are 3 and 4
-if test $invalid -eq 0; then
-if test $ret -eq 4 || test $ret -eq 3; then
-ret=0
-elif test $ret -eq 0; then
-ret=3
-fi
-fi
+# Alter ret if error was expected.
+case $xml:$ret in
+*-invalid.xml:[34]) ret=0 ;;
+*-invalid.xml:0)ret=3 ;;
+esac
+
 test_result $n $(basename $(dirname $xml))"/"$(basename $xml) $ret
 if test "$verbose" = "1" && test $ret != 0 ; then
 printf '%s\n' "$cmd" "$result"
-- 
1.8.1.4

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH v2 2/2] conf: don't crash on a tpm device with no backends

[Eric Blake]

On 05/09/2013 06:18 AM, Ján Tomko wrote:
> Print an error instead of crashing when a TPM device without
> a backend is specified.
> 
> Add a test for tpm device with no backend, which should fail
> with a parse error.
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=961252
> ---
>  src/conf/domain_conf.c |  6 +
>  .../qemuxml2argv-tpm-no-backend-invalid.xml| 27 
> ++
>  tests/qemuxml2argvtest.c   |  2 ++
>  3 files changed, 35 insertions(+)
>  create mode 100644 
> tests/qemuxml2argvdata/qemuxml2argv-tpm-no-backend-invalid.xml

Awesome that we've enhanced the testsuite to check RNG parser rejection
of invalid xml!

>  
>  DO_TEST("tpm-passthrough", QEMU_CAPS_DEVICE,
>  QEMU_CAPS_DEVICE_TPM_PASSTHROUGH, QEMU_CAPS_DEVICE_TPM_TIS);
> +DO_TEST_PARSE_ERROR("tpm-no-backend-invalid", QEMU_CAPS_DEVICE,
> +QEMU_CAPS_DEVICE_TPM_PASSTHROUGH, 
> QEMU_CAPS_DEVICE_TPM_TIS);

Should we be tweaking things for the other xml files (renaming files
and/or tightening RNG) so that other uses of DO_TEST_PARSE_ERROR can
also stress RNG validation?

tests/qemuxml2argvtest.c:DO_TEST_PARSE_ERROR("boot-dev+order",
tests/qemuxml2argvtest.c:DO_TEST_PARSE_ERROR("usb-ich9-no-companion",
tests/qemuxml2argvtest.c:DO_TEST_PARSE_ERROR("usb-none-other",
tests/qemuxml2argvtest.c:DO_TEST_PARSE_ERROR("usb-none-hub",
tests/qemuxml2argvtest.c:DO_TEST_PARSE_ERROR("usb-none-usbtablet",

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH v2 1/2] tests: files named '.*-invalid.xml' should fail validation

[Eric Blake]

On 05/09/2013 06:18 AM, Ján Tomko wrote:
> Currently, using an invalid XML in tests fails, because
> the schema test expects all of them to be valid.
> 
> Treat files with -invalid.xml suffix as invalid and expect
> them to fail validation.
> ---
>  tests/schematestutils.sh | 12 
>  1 file changed, 12 insertions(+)
> 
> diff --git a/tests/schematestutils.sh b/tests/schematestutils.sh
> index 4361221..e739b99 100644
> --- a/tests/schematestutils.sh
> +++ b/tests/schematestutils.sh
> @@ -20,6 +20,18 @@ do
>  result=`$cmd 2>&1`
>  ret=$?
>  
> +grep -- '-invalid.xml$' <<< "$xml" 2>&1 >/dev/null

<<< is not portable shell, but this script wants to use /bin/sh.  You
need to either rewrite the script to use /bin/bash, or avoid <<<.  And I
think it's easier to just use portable shell:

invalid=false
case $xml in
 *-invalid.xml) invalid=: ;;
esac

> +invalid=$?
> +
> +# per xmllint man page, the return codes for validation error
> +# are 3 and 4
> +if test $invalid -eq 0; then
> +if test $ret -eq 4 || test $ret -eq 3; then
> +ret=0
> +elif test $ret -eq 0; then
> +ret=3
> +fi
> +fi

Or even make the case statement check invalid and exit status all at the
same time.  I see you already pushed, so I'll write the followup.

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH v3 34/34] Introduce syntax-check rule to prefer VIR_STRDUP over strdup

[Eric Blake]

On 05/09/2013 04:39 AM, Michal Privoznik wrote:
>>>  
>>> +exclude_file_name_regexp--sc_prohibit_strdup = \
>>> +  ^(docs/|examples/|python/|src/util/virstring\.c$$|tools/virsh\.c$$)
>>
>> Do we really need to allow strdup() in the python c code?  Likewise for
>> tools/virsh.c?
> 
> Do you mean we should s/strdup/VIR_STRDUP/ within vshStrdup?

Might as well - it never hurts to be consistent in as many places as
possible.

> 
> And I'll fix python surely.
> 
> Michal
> 
> 

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] an old bug reappear-TimeoutError

[Eric Blake]

On 05/08/2013 11:28 PM, yue wrote:
> hi,

[charset=GBK is an unusual encoding, which in turn caused my mail reader
to render your message oddly; these days, sending mail in UTF-8 is
preferred]

> i encounter an error of libvirt, which is reported in 2011.  i intended to 
> update the ticket(spice password) of vm.

More likely, you encountered the same symptoms as a previous bug
reported and fixed in 2011, but where the cause of those symptoms is a
different bug.  But without more details, such as what version of
libvirt you are using, what distro provided that build, and what action
you were attempting when things locked up, it's hard to say if it is a
known issue.

>  
> https://bugzilla.redhat.com/show_bug.cgi?id=676205

That bug was created against RHEL 5.  If you are going to report more
details via bugzilla, then you are better off opening a new bug that is
relevant to your setup (whether that be against RHEL or Fedora or
upstream libvirt itself) rather than trying to piggyback on an old bug.

> TimeoutError: Timed out during operation: cannot acquire state change lock

In the past, when this has happened, it was because libvirt disobeyed
locking rules in its code; and a workaround was to restart libvirtd.

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 4/4] Need better validation of uuid

[John Ferlan]

On 05/09/2013 06:27 AM, Martin Kletzander wrote:
> On 04/30/2013 08:19 PM, John Ferlan wrote:
>> If the  system table 'uuid' field is improperly formatted,
>> then qemu will fail to start the guest with the error:
>>
>> virsh start dom
>> error: Failed to start domain dom
>> error: internal error process exited while connecting to monitor: Invalid 
>> SMBIOS UUID string
>>
>> In this case the "system_uuid" field was 
>> a94b4335-6a14-8bc4-d6da-f7ea590b68-16
>> which passed the virUUIDParse() code because 32 hexadecimal digits were found
>> and the extra hyphen in the last section was ignored.
>>
>> Add checks to not only parse the read field, but then use virUUIDFormat() to
>> validate that what gets formatted matches what was read - if not, then fail
>> the edit.
> 
> I feel like we could do better.  Either 1) such UUID is not valid (which
> I think it really isn't [1]) and we should fail when when parsing it or
> 2) it is valid, but qemu doesn't like it, so we should fixup the UUID
> before passing it to qemu (and maybe request proper UUID parsing from
> qemu guys).
> 
> What do you think?

That seemed to be a much larger fish to fry than I wanted to take on
with this particular patch. That is by avoiding the dashes ("-") in
virUUIDParse() already leads to this particular validation.  The numbers
are all correct, it's just additional dashes that were a problem.
Changing that algorithm to be less forgiving led me down a path of
wondering why that code is forgiving w/r/t "-" and " " and what could
fall out from changing that?

I suppose for this particular case it could have been possible to take
the provided 'sysinfo' uuid field in qemuBuildSmbiosSystemStr() and make
the virUUIDParse() and virUUIDFormat() calls prior to the
virBufferAsprintf() which adds it to the command line.  If that's
desired, I can take that route.

> 
> Other that that, the patch look fine.
> 
> Martin
> 
> [1] http://www.ietf.org/rfc/rfc4122.txt
> 
>> ---
>>  src/conf/domain_conf.c | 23 +++
>>  1 file changed, 19 insertions(+), 4 deletions(-)
>>
>> diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
>> index 43273f8..c1fd99b 100644
>> --- a/src/conf/domain_conf.c
>> +++ b/src/conf/domain_conf.c
>> @@ -11577,17 +11577,32 @@ virDomainDefParseXML(xmlDocPtr xml,
>>  goto error;
>>  if (def->sysinfo->system_uuid != NULL) {
>>  unsigned char uuidbuf[VIR_UUID_BUFLEN];
>> -if (virUUIDParse(def->sysinfo->system_uuid, uuidbuf) < 0) {
>> +char uuidstr[VIR_UUID_STRING_BUFLEN];
>> +/* Ensure that what we convert to a uuidbuf is converted back to
>> + * the same string when formatted as a UUID. This field may be
>> + * used by the underlying hypervisor driver instead of the 
>> domain
>> + * uuid field and must be properly formatted. The virUUIDParse()
>> + * is designed to "skip" extra "-"'s in the values and only
>> + * validate that there are 32 hexadecimal digits. 
>> virUUIDFormat()
>> + * returns uuidstr formatted properly.
>> + */
>> +if (virUUIDParse(def->sysinfo->system_uuid, uuidbuf) < 0 ||
>> +memcmp(def->sysinfo->system_uuid,
>> +   virUUIDFormat(uuidbuf, uuidstr),
>> +   VIR_UUID_STRING_BUFLEN) != 0) {
>>  virReportError(VIR_ERR_INTERNAL_ERROR,
>> -   "%s", _("malformed uuid element"));
>> +   _("malformed  uuid element '%s' "
>> + "found on '%s'"),
>> +   def->sysinfo->system_uuid, def->name);
>>  goto error;
>>  }
>>  if (uuid_generated)
>>  memcpy(def->uuid, uuidbuf, VIR_UUID_BUFLEN);
>>  else if (memcmp(def->uuid, uuidbuf, VIR_UUID_BUFLEN) != 0) {
>> -virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
>> +virReportError(VIR_ERR_INTERNAL_ERROR,
> 
> Pre-existing, but it looks like another abuse of internal error.
> 

To be consistent w/ the bios_date change, I changed from INTERNAL_ERROR
to XML_DETAIL

>> _("UUID mismatch between  and "
>> - ""));
>> + " 'uuid'  on '%s'"),
>> +   def->name);
>>  goto error;
>>  }
>>  }
>>
> 

I squashed the following in - I could send a v2 if that's desired...

diff --git a/tests/qemuxml2argvdata/qemuxml2argv-smbios-uuid-format.xml
b/tests/
new file mode 100644
index 000..ccbce54
--- /dev/null
+++ b/tests/qemuxml2argvdata/qemuxml2argv-smbios-uuid-format.xml
@@ -0,0 +1,24 @@
+
+  smbios
+  362d1fc1-df7d-193e-5c18-49a71bd1da66
+  1048576
+  1048576
+  1
+  
+hvm
+
+  
+  
+
+  362d1fc1-df7d-193e-5c18-49a71b-d1da66
+
+  
+  
+  destroy
+  restart
+  res

Re: [libvirt] [PATCH 3/4] Validate the bios_date format for

[Eric Blake]

On 05/09/2013 05:43 AM, John Ferlan wrote:
> On 05/09/2013 06:59 AM, Martin Kletzander wrote:
>> On 04/30/2013 08:19 PM, John Ferlan wrote:
>> I find it a bit harder to read.  Wouldn't this be more nicer if we used
>> sscanf()?  Or we could take care a bit about the date and do it even
>> shorter with strptime(), something like this:

strptime() is not portable - mingw lacks it, and gnulib doesn't provide
it (gnulib prefers to use the parse-datetime module used by coreutils,
but that's GPL, so we can't use it either).  We're stuck with
hand-rolled parsing.

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 3/4] Validate the bios_date format for

[John Ferlan]

On 05/09/2013 09:58 AM, Martin Kletzander wrote:
> On 05/09/2013 01:43 PM, John Ferlan wrote:
>> On 05/09/2013 06:59 AM, Martin Kletzander wrote:
>>> On 04/30/2013 08:19 PM, John Ferlan wrote:
 ---
  src/conf/domain_conf.c | 24 
  1 file changed, 24 insertions(+)

 diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
 index a8b5dfd..43273f8 100644
 --- a/src/conf/domain_conf.c
 +++ b/src/conf/domain_conf.c
 @@ -11591,6 +11591,30 @@ virDomainDefParseXML(xmlDocPtr xml,
  goto error;
  }
  }
 +if (def->sysinfo->bios_date != NULL) {
 +char *date = def->sysinfo->bios_date;
 +char *ptr;
 +struct tm tm;
 +memset(&tm, 0, sizeof(tm));
 +
 +/* Validate just the format of the date
 + * Expect mm/dd/ or mm/dd/yy,
 + * where yy must be 00->99 and would be assumed to be 19xx
 + * a  date should be 1900 and beyond
 + */
 +if (virStrToLong_i(date, &ptr, 10, &tm.tm_mon) < 0 ||
 +*ptr != '/' ||
 +virStrToLong_i(ptr+1, &ptr, 10, &tm.tm_mday) < 0 ||
 +*ptr != '/' ||
 +virStrToLong_i(ptr+1, &ptr, 10, &tm.tm_year) < 0 ||
 +*ptr != '\0' ||
 +(tm.tm_year < 0 || (tm.tm_year >= 100 && tm.tm_year < 
 1900))) {
 +virReportError(VIR_ERR_INTERNAL_ERROR,
>>>
>>> Seems like another abuse of internal error, but I don't know what to use 
>>> here,
>>> properly.  Maybe VIR_ERR_XML_DETAIL?
>>>
 +   _("Invalid BIOS 'date' format: %s"),
 +   def->sysinfo->bios_date);
>>>
>>> Unnecessarily long, you can do 's/def->sysinfo->bios_//' and save one
>>> line here ;-)
>>>
 +goto error;
 +}
 +}
  }
  
  if ((tmp = virXPathString("string(./os/smbios/@mode)", ctxt))) {

>>
>> FYI: The above is essentially a cut-n-reformat for this particular need
>> of virDomainGraphicsAuthDefParseXML().  And while I agree it's an eye
>> strain to read - I also tried various strptime() formats then using
>> strftime() to format it back..
>>
> 
> I haven't seen it being used somewhere else, but makes sense also due
> to the rest of the mail.
> 

I guess I agree in principal that a month of 99 or a date of 99 would be
incorrect and since we're doing some sort of validation it wouldn't hurt
to do a bit more. Doing full blown is the days in the month right and
handling leap year - is just outside the realm. My guess is that
somewhere some code will do a similar strptime() like call anyway.

So I made the change:
 *ptr != '/' ||
 virStrToLong_i(ptr+1, &ptr, 10, &tm.tm_year) < 0 ||
 *ptr != '\0' ||
+(tm.tm_mon < 0 || tm.tm_mon > 12) ||
+(tm.tm_mday < 0 || tm.tm_mday > 31) ||
 (tm.tm_year < 0 || (tm.tm_year >= 100 && tm.tm_year <
1900))) {
-virReportError(VIR_ERR_XML_DETAIL,
-   _("Invalid BIOS 'date' format: %s"),
-   def->sysinfo->bios_date);
+virReportError(VIR_ERR_XML_DETAIL, "%s",
+   _("Invalid BIOS 'date' format"));


>>>

...

And did squash/add the test provided - thanks!  I also tried a couple of
other dates (both good and bad) during self testing to make sure the
code validated properly...

Going to do something similar with uuid validation shortly...

John



> 
> I'd add it to qemuxml2argvtest with invalid date and
> DO_TEST_PARSE_ERROR.
> 
> Example (feel free to use it, it's tested):
> 
> diff --git a/tests/qemuxml2argvdata/qemuxml2argv-smbios-date.xml 
> b/tests/qemuxml2argvdata/qemuxml2argv-smbios-date.xml
> new file mode 100644
> index 000..7b2f33a
> --- /dev/null
> +++ b/tests/qemuxml2argvdata/qemuxml2argv-smbios-date.xml
> @@ -0,0 +1,23 @@
> +
> +  smbios
> +  362d1fc1-df7d-193e-5c18-49a71bd1da66
> +  1048576
> +  1048576
> +  1
> +  
> +hvm
> +
> +  
> +  
> +
> +  999/999/123
> +
> +  
> +  
> +  destroy
> +  restart
> +  restart
> +  
> +/usr/bin/qemu
> +  
> +
> diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
> index 1286273..7d5c3d0 100644
> --- a/tests/qemuxml2argvtest.c
> +++ b/tests/qemuxml2argvtest.c
> @@ -814,6 +814,7 @@ mymain(void)
> 
> 
>  DO_TEST("smbios", QEMU_CAPS_SMBIOS_TYPE);
> +DO_TEST_PARSE_ERROR("smbios-date", QEMU_CAPS_SMBIOS_TYPE);
> 
>  DO_TEST("watchdog", NONE);
>  DO_TEST("watchdog-device", QEMU_CAPS_DEVICE, QEMU_CAPS_NODEFCONFIG);
> --
> 
> Martin
> 
> 

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH] Replace 'goto err' with 'goto cleanup' in udev interface driver

[Daniel P. Berrange]

On Thu, May 09, 2013 at 03:20:54PM +0200, Michal Privoznik wrote:
> On 09.05.2013 15:02, Daniel P. Berrange wrote:
> > From: "Daniel P. Berrange" 
> > 
> > The udev interface driver did not follow standard naming
> > convention for goto labels.
> > 
> > Signed-off-by: Daniel P. Berrange 
> > ---
> >  src/interface/interface_backend_udev.c | 32 
> > 
> >  1 file changed, 16 insertions(+), 16 deletions(-)
> 
> 
> Do we want to bother with udevConnectListAllInterfaces? The 'cleanup'
> label makes a tiny bit of sense although I'd vote for 'error'.
> 
> However, in:
> udevGetIfaceDefBond
> udevGetIfaceDefVlan
> udevGetIfaceDef
> 
> s/cleanup/error/ shall be made.
> 
> But this patch is good as-is. ACK if you reconsider extending this patch
> to functions I've pointed out.

I'll push a fix for those cases too. Separated return paths should always
use 'error' rather than 'cleanup'

Daniel
-- 
|: http://berrange.com  -o-http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org  -o- http://virt-manager.org :|
|: http://autobuild.org   -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org   -o-   http://live.gnome.org/gtk-vnc :|

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] [PATCH] build: fix build with old polkit0

[Jim Fehlig]

Commit 979e9c56 missed one case of providing the timestamp
parameter to virNetServerClientGetUNIXIdentity() when WITH_POLKIT0
is defined.
---

Pushed under the build breaker rule.

 daemon/remote.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/daemon/remote.c b/daemon/remote.c
index 3b6446d..1d21478 100644
--- a/daemon/remote.c
+++ b/daemon/remote.c
@@ -2899,6 +2899,7 @@ remoteDispatchAuthPolkit(virNetServerPtr server 
ATTRIBUTE_UNUSED,
 struct daemonClientPrivate *priv =
 virNetServerClientGetPrivateData(client);
 DBusConnection *sysbus;
+unsigned long long timestamp;
 
 virMutexLock(&priv->lock);
 
@@ -2913,7 +2914,7 @@ remoteDispatchAuthPolkit(virNetServerPtr server 
ATTRIBUTE_UNUSED,
 }
 
 if (virNetServerClientGetUNIXIdentity(client, &callerUid, &callerGid,
-  &callerPid) < 0) {
+  &callerPid, ×tamp) < 0) {
 VIR_ERROR(_("cannot get peer socket identity"));
 goto authfail;
 }
-- 
1.8.0.1

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 29/40] Simplify the Xen domain stats/peek / node memory driver methods

[Jim Fehlig]

Daniel P. Berrange wrote:
> Thanks for all the reviews so far ! I'm going to push the first 29
> patches now. I've tested basic operations and things seem to be
> working sanely to me.
>   

Nice.  I've done a fair bit of testing with the first 30 patches applied
(including the tweeks to 10 and 24) and haven't noticed any problems either.

Regards,
Jim

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH] Cope with missing swap cgroup controls

[Michal Privoznik]

On 09.05.2013 14:55, Daniel P. Berrange wrote:
> From: "Daniel P. Berrange" 
> 
> It is possible to build a kernel without swap cgroup controls
> present. This causes a fatal error when querying memory
> parameters. Treat missing swap controls as meaning "unlimited".
> The fatal error remains if the user tries to actually change
> the limit.
> 
> Signed-off-by: Daniel P. Berrange 
> ---
>  src/qemu/qemu_driver.c | 9 ++---
>  1 file changed, 6 insertions(+), 3 deletions(-)
> 
> diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
> index 6a23573..693b637 100644
> --- a/src/qemu/qemu_driver.c
> +++ b/src/qemu/qemu_driver.c
> @@ -7612,9 +7612,12 @@ qemuDomainGetMemoryParameters(virDomainPtr dom,
>  case 2: /* fill swap hard limit here */
>  rc = virCgroupGetMemSwapHardLimit(priv->cgroup, &val);
>  if (rc != 0) {
> -virReportSystemError(-rc, "%s",
> - _("unable to get swap hard limit"));
> -goto cleanup;
> +if (rc != -ENOENT) {
> +virReportSystemError(-rc, "%s",
> + _("unable to get swap hard limit"));
> +goto cleanup;
> +}
> +val = VIR_DOMAIN_MEMORY_PARAM_UNLIMITED;
>  }
>  if (virTypedParameterAssign(param,
>  VIR_DOMAIN_MEMORY_SWAP_HARD_LIMIT,
> 

ACK

Michal

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 0/6 v3] Support NBD volumes with LXC containers

[Daniel P. Berrange]

On Fri, May 03, 2013 at 02:49:48PM +0100, Daniel P. Berrange wrote:
> From: "Daniel P. Berrange" 
> 
> A third version of:
> 
>   https://www.redhat.com/archives/libvir-list/2013-April/msg01539.html
> 
> In v3
> 
>  - Split patch 3 into 2 pieces
>  - Added XML formatting tests
>  - Fixed XML formatting
>  - Remove !! from vars that are now bools


Ping.  Not many changes to re-review against v2 so should be easy
todo

Daniel
-- 
|: http://berrange.com  -o-http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org  -o- http://virt-manager.org :|
|: http://autobuild.org   -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org   -o-   http://live.gnome.org/gtk-vnc :|

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 3/4] Validate the bios_date format for

[Martin Kletzander]

On 05/09/2013 01:43 PM, John Ferlan wrote:
> On 05/09/2013 06:59 AM, Martin Kletzander wrote:
>> On 04/30/2013 08:19 PM, John Ferlan wrote:
>>> ---
>>>  src/conf/domain_conf.c | 24 
>>>  1 file changed, 24 insertions(+)
>>>
>>> diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
>>> index a8b5dfd..43273f8 100644
>>> --- a/src/conf/domain_conf.c
>>> +++ b/src/conf/domain_conf.c
>>> @@ -11591,6 +11591,30 @@ virDomainDefParseXML(xmlDocPtr xml,
>>>  goto error;
>>>  }
>>>  }
>>> +if (def->sysinfo->bios_date != NULL) {
>>> +char *date = def->sysinfo->bios_date;
>>> +char *ptr;
>>> +struct tm tm;
>>> +memset(&tm, 0, sizeof(tm));
>>> +
>>> +/* Validate just the format of the date
>>> + * Expect mm/dd/ or mm/dd/yy,
>>> + * where yy must be 00->99 and would be assumed to be 19xx
>>> + * a  date should be 1900 and beyond
>>> + */
>>> +if (virStrToLong_i(date, &ptr, 10, &tm.tm_mon) < 0 ||
>>> +*ptr != '/' ||
>>> +virStrToLong_i(ptr+1, &ptr, 10, &tm.tm_mday) < 0 ||
>>> +*ptr != '/' ||
>>> +virStrToLong_i(ptr+1, &ptr, 10, &tm.tm_year) < 0 ||
>>> +*ptr != '\0' ||
>>> +(tm.tm_year < 0 || (tm.tm_year >= 100 && tm.tm_year < 
>>> 1900))) {
>>> +virReportError(VIR_ERR_INTERNAL_ERROR,
>>
>> Seems like another abuse of internal error, but I don't know what to use 
>> here,
>> properly.  Maybe VIR_ERR_XML_DETAIL?
>>
>>> +   _("Invalid BIOS 'date' format: %s"),
>>> +   def->sysinfo->bios_date);
>>
>> Unnecessarily long, you can do 's/def->sysinfo->bios_//' and save one
>> line here ;-)
>>
>>> +goto error;
>>> +}
>>> +}
>>>  }
>>>  
>>>  if ((tmp = virXPathString("string(./os/smbios/@mode)", ctxt))) {
>>>
> 
> FYI: The above is essentially a cut-n-reformat for this particular need
> of virDomainGraphicsAuthDefParseXML().  And while I agree it's an eye
> strain to read - I also tried various strptime() formats then using
> strftime() to format it back..
> 

I haven't seen it being used somewhere else, but makes sense also due
to the rest of the mail.

>>
>> I find it a bit harder to read.  Wouldn't this be more nicer if we used
>> sscanf()?  Or we could take care a bit about the date and do it even
>> shorter with strptime(), something like this:
>>
>> diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
>> index d55ce6b..61f385c 100644
>> --- a/src/conf/domain_conf.c
>> +++ b/src/conf/domain_conf.c
>> @@ -11588,6 +11588,20 @@ virDomainDefParseXML(xmlDocPtr xml,
>>  goto error;
>>  }
>>  }
>> +if (def->sysinfo->bios_date != NULL) {
>> +char *date = def->sysinfo->bios_date;
>> +char *end;
>> +struct tm tm;
>> +memset(&tm, 0, sizeof(struct tm));
>> +
>> +end = strptime(date, "%D", &tm);
> 
> I did try using strptime() in order to validate, but it was far from
> perfect, although easier to read...
> 
> The %D is the equivalent to %m/%d/%y which doesn't work when the date is
> presented as "5/9/2013" a resulting strftime() provides "05/09/20".  The
> "best" format has been "%m/%d/%Y" and it's perfectly reasonable to use
> it rather than the virStrToLong_i() calls.
> 

I was sure that %y can take both 2 and 4 digit year numbers, but after
trying that one more time, you're right.

> The purpose for the tm_year validation/check comes from the spec which
> has requirement regarding using 'yy' vs. ''.  In particular, is
> 1/1/1850 a valid date?  Well yes, technically according to strptime(),
> but not necessarily "right" according to the spec.
> 
> There is an SMBIOS spec which describes the various fields and their
> requirements. See page 28 of the following:
> 
> http://dmtf.org/sites/default/files/standards/documents/DSP0134_2.8.0.pdf
> 
>> +
>> +if (!end || *end != '\0') {
>> +virReportError(VIR_ERR_XML_DETAIL,
>> +   _("Invalid BIOS 'date' format: %s"), date);
>> +goto error;
>> +}
>> +}
>>  }
>>
>>  if ((tmp = virXPathString("string(./os/smbios/@mode)", ctxt))) {
>> --
>>
>> Or should we allow even dates like "99/99/"?
> 
> Which would fail using strptime(), but not the above algorithm.
> 

Yes, that's why I asked, but I definitely don't insist on such strict
checking.

I haven't thought my proposal through enough and what you say makes more sense, 
so ACK.  Feel free to squash in the test proposed below as an ACK from your 
side.

>>
>> Martin
>>
>> P.S.: I don't mean to be rude with nit-picking, but a test for that
>> would be nice ;-)
> 
> Nit picking is fine - wasn't quite sure where to put a test on som

Re: [libvirt] [PATCH] Replace list of driver source files with variables

[Michal Privoznik]

On 09.05.2013 15:12, Daniel P. Berrange wrote:
> From: "Daniel P. Berrange" 
> 
> Update the DRIVER_SOURCE_FILES variable to reference the
> other various XXX_SOURCES variables, instead of duplicating
> the filename lists. This results in a bunch of extra files
> being processed, but the test scripts can easily skip those
> 
> Signed-off-by: Daniel P. Berrange 
> ---
>  src/Makefile.am | 58 
> +
>  1 file changed, 21 insertions(+), 37 deletions(-)
> 
> diff --git a/src/Makefile.am b/src/Makefile.am
> index 6c2788c..6175b84 100644
> --- a/src/Makefile.am
> +++ b/src/Makefile.am
> @@ -438,44 +438,28 @@ check-drivername:
>  EXTRA_DIST += check-drivername.pl
>  
>  DRIVER_SOURCE_FILES = \
> - esx/esx_device_monitor.c \
> - esx/esx_driver.c \
> - esx/esx_interface_driver.c \
> - esx/esx_network_driver.c \
> - esx/esx_nwfilter_driver.c \
> - esx/esx_secret_driver.c \
> - esx/esx_storage_driver.c \
> - hyperv/hyperv_device_monitor.c \
> - hyperv/hyperv_driver.c \
> - hyperv/hyperv_interface_driver.c \
> - hyperv/hyperv_network_driver.c \
> - hyperv/hyperv_nwfilter_driver.c \
> - hyperv/hyperv_secret_driver.c \
> - hyperv/hyperv_storage_driver.c \
> - interface/interface_backend_netcf.c \
> - interface/interface_backend_udev.c \
> - libxl/libxl_driver.c \
> - lxc/lxc_driver.c \
> - network/bridge_driver.c \

> - node_device/node_device_hal.c \
> - node_device/node_device_udev.c \

These are in NODE_DEVICE_DRIVER_HAL_SOURCES and
NODE_DEVICE_DRIVER_UDEV_SOURCES.

> - nwfilter/nwfilter_driver.c \
> - openvz/openvz_driver.c \
> - parallels/parallels_driver.c \
> - parallels/parallels_network.c \
> - parallels/parallels_storage.c \
> - phyp/phyp_driver.c \
> - qemu/qemu_driver.c \
> - remote/remote_driver.c \
> - secret/secret_driver.c \
> - storage/storage_driver.c \
> - test/test_driver.c \
> - uml/uml_driver.c \
> - vbox/vbox_driver.c \
> + $(ESX_DRIVER_SOURCES) \
> + $(HYPERV_DRIVER_SORUCES) \
> + $(INTERFACE_DRIVER_SOURCES) \
> + $(LIBXL_DRIVER_SOURCES) \
> + $(LXC_DRIVER_SOURCES) \
> + $(NETWORK_DRIVER_SOURCES) \
> + $(NODE_DEVICE_DRIVER_SOURCES) \
> + $(NWFILTER_DRIVER_SOURCES) \
> + $(OPENVZ_DRIVER_SOURCES) \
> + $(PARALLELS_DRIVER_SOURCES) \
> + $(PHYP_DRIVER_SOURCES) \
> + $(QEMU_DRIVER_SOURCES) \
> + $(REMOTE_DRIVER_SOURCES) \
> + $(SECRET_DRIVER_SOURCES) \
> + $(STORAGE_DRIVER_SOURCES) \
> + $(TEST_DRIVER_SOURCES) \
> + $(UML_DRIVER_SOURCES) \
> + $(VBOX_DRIVER_SOURCES) \
>   vbox/vbox_tmpl.c \
> - vmware/vmware_driver.c \
> - xen/xen_driver.c \
> - xenapi/xenapi_driver.c \
> + $(VMWARE_DRIVER_SOURCES) \
> + $(XEN_DRIVER_SOURCES) \
> + $(XENAPI_DRIVER_SOURCES) \
>   $(NULL)
>  
>  
> 

ACK if you fix the bug.

Michal

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH] Skip virNWFilterTechDriver when validating API naming

[Michal Privoznik]

On 09.05.2013 15:12, Daniel P. Berrange wrote:
> From: "Daniel P. Berrange" 
> 
> The virNWFilterTechDriver struct is an internal only driver
> API with no public API equivalent. It should be skipped by
> the 'check-driverimpls' test case
> 
> Signed-off-by: Daniel P. Berrange 
> ---
>  src/check-driverimpls.pl | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/src/check-driverimpls.pl b/src/check-driverimpls.pl
> index e385de0..17e2b48 100755
> --- a/src/check-driverimpls.pl
> +++ b/src/check-driverimpls.pl
> @@ -68,7 +68,8 @@ while (<>) {
>  }
>  }
>  } elsif (/^(?:static\s+)?(vir(?:\w+)?Driver)\s+/) {
> -next if $1 eq "virNWFilterCallbackDriver";
> +next if $1 eq "virNWFilterCallbackDriver" ||
> +$1 eq "virNWFilterTechDriver";
>  $intable = 1;
>  $table = $1;
>  }
> 

ACK

Michal

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] [PATCH 17/19] Add ACL checks into the nwfilter driver

[Daniel P. Berrange]

From: "Daniel P. Berrange" 

Insert calls to the ACL checking APIs in all nwfilter driver
entrypoints.

Signed-off-by: Daniel P. Berrange 
---
 src/nwfilter/nwfilter_driver.c | 26 ++
 1 file changed, 26 insertions(+)

diff --git a/src/nwfilter/nwfilter_driver.c b/src/nwfilter/nwfilter_driver.c
index 64ea251..14c97a5 100644
--- a/src/nwfilter/nwfilter_driver.c
+++ b/src/nwfilter/nwfilter_driver.c
@@ -42,6 +42,7 @@
 #include "nwfilter_gentech_driver.h"
 #include "configmake.h"
 #include "virstring.h"
+#include "access/viraccessapicheck.h"
 
 #include "nwfilter_ipaddrmap.h"
 #include "nwfilter_dhcpsnoop.h"
@@ -380,6 +381,9 @@ nwfilterLookupByUUID(virConnectPtr conn,
 goto cleanup;
 }
 
+if (virNWFilterLookupByUUIDEnsureACL(conn, nwfilter->def) < 0)
+goto cleanup;
+
 ret = virGetNWFilter(conn, nwfilter->def->name, nwfilter->def->uuid);
 
 cleanup:
@@ -406,6 +410,9 @@ nwfilterLookupByName(virConnectPtr conn,
 goto cleanup;
 }
 
+if (virNWFilterLookupByNameEnsureACL(conn, nwfilter->def) < 0)
+goto cleanup;
+
 ret = virGetNWFilter(conn, nwfilter->def->name, nwfilter->def->uuid);
 
 cleanup:
@@ -440,6 +447,10 @@ nwfilterClose(virConnectPtr conn) {
 static int
 nwfilterConnectNumOfNWFilters(virConnectPtr conn) {
 virNWFilterDriverStatePtr driver = conn->nwfilterPrivateData;
+
+if (virConnectNumOfNWFiltersEnsureACL(conn) < 0)
+return -1;
+
 return driver->nwfilters.count;
 }
 
@@ -451,6 +462,9 @@ nwfilterConnectListNWFilters(virConnectPtr conn,
 virNWFilterDriverStatePtr driver = conn->nwfilterPrivateData;
 int got = 0, i;
 
+if (virConnectListNWFiltersEnsureACL(conn) < 0)
+return -1;
+
 nwfilterDriverLock(driver);
 for (i = 0 ; i < driver->nwfilters.count && got < nnames ; i++) {
 virNWFilterObjLock(driver->nwfilters.objs[i]);
@@ -487,6 +501,9 @@ nwfilterConnectListAllNWFilters(virConnectPtr conn,
 
 virCheckFlags(0, -1);
 
+if (virConnectListAllNWFiltersEnsureACL(conn) < 0)
+return -1;
+
 nwfilterDriverLock(driver);
 
 if (!filters) {
@@ -543,6 +560,9 @@ nwfilterDefineXML(virConnectPtr conn,
 if (!(def = virNWFilterDefParseString(conn, xml)))
 goto cleanup;
 
+if (virNWFilterDefineXMLEnsureACL(conn, def) < 0)
+goto cleanup;
+
 if (!(nwfilter = virNWFilterObjAssignDef(conn, &driver->nwfilters, def)))
 goto cleanup;
 
@@ -584,6 +604,9 @@ nwfilterUndefine(virNWFilterPtr obj) {
 goto cleanup;
 }
 
+if (virNWFilterUndefineEnsureACL(obj->conn, nwfilter->def) < 0)
+goto cleanup;
+
 if (virNWFilterTestUnassignDef(obj->conn, nwfilter) < 0) {
 virReportError(VIR_ERR_OPERATION_INVALID,
"%s",
@@ -632,6 +655,9 @@ nwfilterGetXMLDesc(virNWFilterPtr obj,
 goto cleanup;
 }
 
+if (virNWFilterGetXMLDescEnsureACL(obj->conn, nwfilter->def) < 0)
+goto cleanup;
+
 ret = virNWFilterDefFormat(nwfilter->def);
 
 cleanup:
-- 
1.8.1.4

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] [PATCH 16/19] Add ACL checks into the node device driver

[Daniel P. Berrange]

From: "Daniel P. Berrange" 

Insert calls to the ACL checking APIs in all node device
driver entrypoints.

Signed-off-by: Daniel P. Berrange 
---
 src/node_device/node_device_driver.c | 36 
 1 file changed, 36 insertions(+)

diff --git a/src/node_device/node_device_driver.c 
b/src/node_device/node_device_driver.c
index c596901..377d5a9 100644
--- a/src/node_device/node_device_driver.c
+++ b/src/node_device/node_device_driver.c
@@ -37,6 +37,8 @@
 #include "node_device_conf.h"
 #include "node_device_hal.h"
 #include "node_device_driver.h"
+#include "virutil.h"
+#include "access/viraccessapicheck.h"
 
 #define VIR_FROM_THIS VIR_FROM_NODEDEV
 
@@ -125,6 +127,9 @@ nodeNumOfDevices(virConnectPtr conn,
 int ndevs = 0;
 unsigned int i;
 
+if (virNodeNumOfDevicesEnsureACL(conn) < 0)
+return -1;
+
 virCheckFlags(0, -1);
 
 nodeDeviceLock(driver);
@@ -150,6 +155,9 @@ nodeListDevices(virConnectPtr conn,
 int ndevs = 0;
 unsigned int i;
 
+if (virNodeListDevicesEnsureACL(conn) < 0)
+return -1;
+
 virCheckFlags(0, -1);
 
 nodeDeviceLock(driver);
@@ -186,6 +194,9 @@ nodeConnectListAllNodeDevices(virConnectPtr conn,
 
 virCheckFlags(VIR_CONNECT_LIST_NODE_DEVICES_FILTERS_CAP, -1);
 
+if (virConnectListAllNodeDevicesEnsureACL(conn) < 0)
+return -1;
+
 nodeDeviceLock(driver);
 ret = virNodeDeviceList(conn, driver->devs, devices, flags);
 nodeDeviceUnlock(driver);
@@ -208,6 +219,9 @@ nodeDeviceLookupByName(virConnectPtr conn, const char *name)
 goto cleanup;
 }
 
+if (virNodeDeviceLookupByNameEnsureACL(conn, obj->def) < 0)
+goto cleanup;
+
 ret = virGetNodeDevice(conn, name);
 
 cleanup:
@@ -246,6 +260,10 @@ nodeDeviceLookupSCSIHostByWWN(virConnectPtr conn,
 VIR_NODE_DEV_CAP_FLAG_HBA_FC_HOST) {
 if (STREQ(cap->data.scsi_host.wwnn, wwnn) &&
 STREQ(cap->data.scsi_host.wwpn, wwpn)) {
+
+if (virNodeDeviceLookupSCSIHostByWWNEnsureACL(conn, 
obj->def) < 0)
+goto out;
+
 dev = virGetNodeDevice(conn, obj->def->name);
 virNodeDeviceObjUnlock(obj);
 goto out;
@@ -285,6 +303,9 @@ nodeDeviceGetXMLDesc(virNodeDevicePtr dev,
 goto cleanup;
 }
 
+if (virNodeDeviceGetXMLDescEnsureACL(dev->conn, obj->def) < 0)
+goto cleanup;
+
 update_driver_name(obj);
 update_caps(obj);
 
@@ -315,6 +336,9 @@ nodeDeviceGetParent(virNodeDevicePtr dev)
 goto cleanup;
 }
 
+if (virNodeDeviceGetParentEnsureACL(dev->conn, obj->def) < 0)
+goto cleanup;
+
 if (obj->def->parent) {
 if (VIR_STRDUP(ret, obj->def->parent) < 0)
 goto cleanup;
@@ -350,6 +374,9 @@ nodeDeviceNumOfCaps(virNodeDevicePtr dev)
 goto cleanup;
 }
 
+if (virNodeDeviceNumOfCapsEnsureACL(dev->conn, obj->def) < 0)
+goto cleanup;
+
 for (caps = obj->def->caps; caps; caps = caps->next)
 ++ncaps;
 ret = ncaps;
@@ -381,6 +408,9 @@ nodeDeviceListCaps(virNodeDevicePtr dev, char **const 
names, int maxnames)
 goto cleanup;
 }
 
+if (virNodeDeviceListCapsEnsureACL(dev->conn, obj->def) < 0)
+goto cleanup;
+
 for (caps = obj->def->caps; caps && ncaps < maxnames; caps = caps->next) {
 if (VIR_STRDUP(names[ncaps], virNodeDevCapTypeToString(caps->type)) < 
0)
 goto cleanup;
@@ -488,6 +518,9 @@ nodeDeviceCreateXML(virConnectPtr conn,
 goto cleanup;
 }
 
+if (virNodeDeviceCreateXMLEnsureACL(conn, def) < 0)
+goto cleanup;
+
 if (virNodeDeviceGetWWNs(def, &wwnn, &wwpn) == -1) {
 goto cleanup;
 }
@@ -541,6 +574,9 @@ nodeDeviceDestroy(virNodeDevicePtr dev)
 goto out;
 }
 
+if (virNodeDeviceDestroyEnsureACL(dev->conn, obj->def) < 0)
+goto out;
+
 if (virNodeDeviceGetWWNs(obj->def, &wwnn, &wwpn) == -1) {
 goto out;
 }
-- 
1.8.1.4

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] [PATCH 03/19] Setup default access control manager in libvirtd

[Daniel P. Berrange]

From: "Daniel P. Berrange" 

Add a new 'access_drivers' config parameter to the libvirtd.conf
configuration file. This allows admins to setup the default
access control drivers to use for API authorization. The same
driver is to be used by all internal drivers & APIs

Signed-off-by: Daniel P. Berrange 
---
 daemon/Makefile.am  |  1 +
 daemon/libvirtd-config.c|  4 
 daemon/libvirtd-config.h|  2 ++
 daemon/libvirtd.aug |  1 +
 daemon/libvirtd.c   | 27 +++
 daemon/libvirtd.conf|  9 +
 daemon/test_libvirtd.aug.in |  4 
 7 files changed, 48 insertions(+)

diff --git a/daemon/Makefile.am b/daemon/Makefile.am
index 64126e5..201369a 100644
--- a/daemon/Makefile.am
+++ b/daemon/Makefile.am
@@ -11,6 +11,7 @@ INCLUDES = \
-I$(top_srcdir)/src/conf \
-I$(top_srcdir)/src/rpc \
-I$(top_srcdir)/src/remote \
+   -I$(top_srcdir)/src/access \
$(GETTEXT_CPPFLAGS)
 
 CLEANFILES =
diff --git a/daemon/libvirtd-config.c b/daemon/libvirtd-config.c
index 1c57475..d56e09b 100644
--- a/daemon/libvirtd-config.c
+++ b/daemon/libvirtd-config.c
@@ -379,6 +379,10 @@ daemonConfigLoadOptions(struct daemonConfig *data,
 if (remoteConfigGetAuth(conf, "auth_tls", &data->auth_tls, filename) < 0)
 goto error;
 
+if (remoteConfigGetStringList(conf, "access_drivers",
+  &data->access_drivers, filename) < 0)
+goto error;
+
 GET_CONF_STR(conf, filename, unix_sock_group);
 GET_CONF_STR(conf, filename, unix_sock_ro_perms);
 GET_CONF_STR(conf, filename, unix_sock_rw_perms);
diff --git a/daemon/libvirtd-config.h b/daemon/libvirtd-config.h
index 07118de..973e0ea 100644
--- a/daemon/libvirtd-config.h
+++ b/daemon/libvirtd-config.h
@@ -45,6 +45,8 @@ struct daemonConfig {
 int auth_tcp;
 int auth_tls;
 
+char **access_drivers;
+
 int mdns_adv;
 char *mdns_name;
 
diff --git a/daemon/libvirtd.aug b/daemon/libvirtd.aug
index f32b3a1..7c56a41 100644
--- a/daemon/libvirtd.aug
+++ b/daemon/libvirtd.aug
@@ -51,6 +51,7 @@ module Libvirtd =
| bool_entry "tls_no_sanity_certificate"
| str_array_entry "tls_allowed_dn_list"
| str_array_entry "sasl_allowed_username_list"
+   | str_array_entry "access_drivers"
 
let processing_entry = int_entry "min_workers"
 | int_entry "max_workers"
diff --git a/daemon/libvirtd.c b/daemon/libvirtd.c
index 1ac8e30..e2ff750 100644
--- a/daemon/libvirtd.c
+++ b/daemon/libvirtd.c
@@ -52,8 +52,10 @@
 #include "remote.h"
 #include "virhook.h"
 #include "viraudit.h"
+#include "virstring.h"
 #include "locking/lock_manager.h"
 #include "virstring.h"
+#include "viraccessmanager.h"
 
 #ifdef WITH_DRIVER_MODULES
 # include "driver.h"
@@ -719,6 +721,26 @@ error:
 }
 
 
+static int
+daemonSetupAccessManager(struct daemonConfig *config)
+{
+virAccessManagerPtr mgr;
+const char *none[] = { "none", NULL };
+const char **driver = (const char **)config->access_drivers;
+
+if (!driver ||
+!driver[0])
+driver = none;
+
+if (!(mgr = virAccessManagerNewStack(driver)))
+return -1;
+
+virAccessManagerSetDefault(mgr);
+virObjectUnref(mgr);
+return 0;
+}
+
+
 /* Display version information. */
 static void
 daemonVersion(const char *argv0)
@@ -1251,6 +1273,11 @@ int main(int argc, char **argv) {
 exit(EXIT_FAILURE);
 }
 
+if (daemonSetupAccessManager(config) < 0) {
+VIR_ERROR(_("Can't initialize access manager"));
+exit(EXIT_FAILURE);
+}
+
 if (!pid_file &&
 daemonPidFilePath(privileged,
   &pid_file) < 0) {
diff --git a/daemon/libvirtd.conf b/daemon/libvirtd.conf
index 47da520..75196a0 100644
--- a/daemon/libvirtd.conf
+++ b/daemon/libvirtd.conf
@@ -155,6 +155,15 @@
 #auth_tls = "none"
 
 
+# Change the API access control scheme
+#
+# By default an authenticated user is allowed access
+# to all APIs. Access drivers can place restrictions
+# on this. By default the 'nop' driver is enabled,
+# meaning no access control checks are done once a
+# client has authenticated with libvirtd
+#
+#access_drivers = [ "polkit", "selinux" ]
 
 #
 #
diff --git a/daemon/test_libvirtd.aug.in b/daemon/test_libvirtd.aug.in
index 455b74a..9215337 100644
--- a/daemon/test_libvirtd.aug.in
+++ b/daemon/test_libvirtd.aug.in
@@ -17,6 +17,10 @@ module Test_libvirtd =
 { "auth_unix_rw" = "none" }
 { "auth_tcp" = "sasl" }
 { "auth_tls" = "none" }
+{ "access_drivers"
+ { "1" = "polkit" }
+ { "2" = "selinux" }
+}
 { "key_file" = "/etc/pki/libvirt/private/serverkey.pem" }
 { "cert_file" = "/etc/pki/libvirt/servercert.pem" }
 { "ca_file" = "/etc/pki/CA/cacert.pem" }
-- 
1.8.1.4

--
lib

[libvirt] [PATCH 07/19] Auto-generate helpers for checking access control rules

[Daniel P. Berrange]

From: "Daniel P. Berrange" 

Extend the 'gendispatch.pl' script to be able to generate
three new types of file.

- 'aclheader' - defines signatures of helper APIs for
  doing authorization checks. There is one helper API
  for each API requiring an auth check. Any @acl
  annotations result in a method being generated with
  a suffix of 'EnsureACL'. If the ACL check requires
  examination of flags, an extra 'flags' param will be
  present. Some examples

  extern int virConnectBaselineCPUEnsureACL(void);
  extern int virConnectDomainEventDeregisterEnsureACL(virDomainDefPtr domain);
  extern int virDomainAttachDeviceFlagsEnsureACL(virDomainDefPtr domain, 
unsigned int flags);

  Any @aclfilter annotations resuilt in a method being
  generated with a suffix of 'CheckACL'.

  extern int virConnectListAllDomainsCheckACL(virDomainDefPtr domain);

  These are used for filtering individual objects from APIs
  which return a list of objects

- 'aclbody' - defines the actual implementation of the
  methods described above. This calls into the access
  manager APIs. A complex example:

/* Returns: -1 on error (denied==error), 0 on allowed */
int virDomainAttachDeviceFlagsEnsureACL(virConnectPtr conn,
virDomainDefPtr domain,
unsigned int flags)
{
virAccessManagerPtr mgr;
int rv;

if (!(mgr = virAccessManagerGetDefault()))
return -1;

if ((rv = virAccessManagerCheckDomain(mgr,
  conn->driver->name,
  domain,
  VIR_ACCESS_PERM_DOMAIN_WRITE)) <= 
0) {
if (rv == 0)
virReportError(VIR_ERR_ACCESS_DENIED, NULL);
return -1;
}
if (((flags & (VIR_DOMAIN_AFFECT_CONFIG|VIR_DOMAIN_AFFECT_LIVE)) == 0) 
&&
(rv = virAccessManagerCheckDomain(mgr,
  conn->driver->name,
  domain,
  VIR_ACCESS_PERM_DOMAIN_SAVE)) <= 
0) {
if (rv == 0)
virReportError(VIR_ERR_ACCESS_DENIED, NULL);
return -1;
}
if (((flags & (VIR_DOMAIN_AFFECT_CONFIG)) == 
(VIR_DOMAIN_AFFECT_CONFIG)) &&
(rv = virAccessManagerCheckDomain(mgr,
  conn->driver->name,
  domain,
  VIR_ACCESS_PERM_DOMAIN_SAVE)) <= 
0) {
if (rv == 0)
virReportError(VIR_ERR_ACCESS_DENIED, NULL);
return -1;
}
return 0;
}

- 'aclsyms' - generates a linker script to export the
   APIs to drivers. Some examples

  virConnectBaselineCPUEnsureACL;
  virConnectCompareCPUEnsureACL;

Signed-off-by: Daniel P. Berrange 
---
 .gitignore |   9 +++
 src/Makefile.am|  55 -
 src/rpc/gendispatch.pl | 210 -
 3 files changed, 269 insertions(+), 5 deletions(-)

diff --git a/.gitignore b/.gitignore
index 76ee420..2deeccf 100644
--- a/.gitignore
+++ b/.gitignore
@@ -105,10 +105,19 @@
 /sc_*
 /src/.*.stamp
 /src/access/org.libvirt.api.policy
+/src/access/viraccessapicheck.c
+/src/access/viraccessapicheck.h
+/src/access/viraccessapichecklxc.c
+/src/access/viraccessapichecklxc.h
+/src/access/viraccessapicheckqemu.c
+/src/access/viraccessapicheckqemu.h
 /src/esx/*.generated.*
 /src/hyperv/*.generated.*
 /src/libvirt*.def
 /src/libvirt.syms
+/src/libvirt_access.syms
+/src/libvirt_access_lxc.syms
+/src/libvirt_access_qemu.syms
 /src/libvirt_*.stp
 /src/libvirt_*helper
 /src/libvirt_*probes.h
diff --git a/src/Makefile.am b/src/Makefile.am
index 20ce083..93af8fd 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -771,6 +771,15 @@ SECURITY_DRIVER_SELINUX_SOURCES =  
\
 SECURITY_DRIVER_APPARMOR_SOURCES = \
security/security_apparmor.h security/security_apparmor.c
 
+ACCESS_DRIVER_GENERATED = \
+   access/viraccessapicheck.h access/viraccessapicheck.c \
+   access/viraccessapicheckqemu.h access/viraccessapicheckqemu.c \
+   access/viraccessapichecklxc.h access/viraccessapichecklxc.c
+
+ACCESS_DRIVER_SYMFILES = \
+   libvirt_access.syms \
+   libvirt_access_qemu.syms \
+   libvirt_access_lxc.syms
 
 ACCESS_DRIVER_SOURCES = \
access/viraccessperm.h access/viraccessperm.c \
@@ -1361,7 +1370,7 @@ libvirt_security_manager_la_SOURCES += 
$(SECURITY_DRIVER_APPARMOR_SOURCES)
 libvirt_security_manager_la_CFLAGS += $(APPARMOR_CFLAGS)
 endif
 
-libvirt_driver_access_la_SOURCES = $(ACCESS_DRIVER_SOURCES)
+libvirt_driver_access_la_SOURCES = $(ACCESS_DRIVER_SOURCES) 
$(ACCESS_DRIVER_GENERAT

[libvirt] [PATCH 19/19] Add validation that all APIs contain ACL checks

[Daniel P. Berrange]

From: "Daniel P. Berrange" 

Add a script which parses the driver API code and validates
that every API registered in a virNNNDriverPtr table contains
an ACL check matching the API name.

Signed-off-by: Daniel P. Berrange 
---
 src/Makefile.am   |  22 +++-
 src/check-aclrules.pl | 144 ++
 2 files changed, 164 insertions(+), 2 deletions(-)
 create mode 100644 src/check-aclrules.pl

diff --git a/src/Makefile.am b/src/Makefile.am
index 93af8fd..29fe5e9 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -462,15 +462,33 @@ DRIVER_SOURCE_FILES = \
$(XENAPI_DRIVER_SOURCES) \
$(NULL)
 
+STATEFUL_DRIVER_SOURCE_FILES = \
+   $(INTERFACE_DRIVER_SOURCES) \
+   $(LIBXL_DRIVER_SOURCES) \
+   $(LXC_DRIVER_SOURCES) \
+   $(NETWORK_DRIVER_SOURCES) \
+   $(NODE_DEVICE_DRIVER_SOURCES) \
+   $(NWFILTER_DRIVER_SOURCES) \
+   $(QEMU_DRIVER_SOURCES) \
+   $(SECRET_DRIVER_SOURCES) \
+   $(STORAGE_DRIVER_SOURCES) \
+   $(UML_DRIVER_SOURCES) \
+   $(XEN_DRIVER_SOURCES) \
+   $(NULL)
+
 
 check-driverimpls:
$(AM_V_GEN)$(PERL) $(srcdir)/check-driverimpls.pl \
$(DRIVER_SOURCE_FILES)
 
-EXTRA_DIST += check-driverimpls.pl
+check-aclrules:
+   $(AM_V_GEN)$(PERL) $(srcdir)/check-aclrules.pl \
+   $(STATEFUL_DRIVER_SOURCE_FILES)
+
+EXTRA_DIST += check-driverimpls.pl check-aclrules.pl
 
 check-local: check-protocol check-symfile check-symsorting \
-   check-drivername check-driverimpls
+   check-drivername check-driverimpls check-aclrules
 .PHONY: check-protocol $(PROTOCOL_STRUCTS:structs=struct)
 
 # Mock driver, covering domains, storage, networks, etc
diff --git a/src/check-aclrules.pl b/src/check-aclrules.pl
new file mode 100644
index 000..62da2b7
--- /dev/null
+++ b/src/check-aclrules.pl
@@ -0,0 +1,144 @@
+#!/usr/bin/perl
+#
+# Copyright (C) 2013 Red Hat, Inc.
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library.  If not, see
+# .
+#
+# This script validates that the driver implementation of any
+# public APIs contain ACL checks.
+#
+# As the script reads each source file, it attempts to identify
+# top level function names.
+#
+# When reading the body of the functions, it looks for anything
+# that looks like an API called named  XXXEnsureACL. It will
+# validate that the XXX prefix matches the name of the function
+# it occurs in.
+#
+# When it later finds the virDriverPtr table, for each entry
+# point listed, it will validate if there was a previously
+# detected EnsureACL call recorded.
+#
+use strict;
+use warnings;
+
+my $status = 0;
+
+my $brace = 0;
+my $maybefunc;
+my $intable = 0;
+my $table;
+
+my %acls;
+
+my %whitelist = (
+"connectClose" => 1,
+"connectIsEncrypted" => 1,
+"connectIsSecure" => 1,
+"connectIsAlive" => 1,
+"networkOpen" => 1,
+"networkClose" => 1,
+"nwfilterOpen" => 1,
+"nwfilterClose" => 1,
+"secretOpen" => 1,
+"secretClose" => 1,
+"storageOpen" => 1,
+"storageClose" => 1,
+"interfaceOpen" => 1,
+"interfaceClose" => 1,
+);
+
+my $lastfile;
+
+while (<>) {
+if (!defined $lastfile ||
+$lastfile ne $ARGV) {
+%acls = ();
+$brace = 0;
+$maybefunc = undef;
+$lastfile = $ARGV;
+}
+if ($brace == 0) {
+# Looks for anything which appears to be a function
+# body name. Doesn't matter if we pick up bogus stuff
+# here, as long as we don't miss valid stuff
+if (m,\b(\w+)\(,) {
+$maybefunc = $1;
+}
+} elsif ($brace > 0) {
+if (m,(\w+)EnsureACL,) {
+# Record the fact that maybefunc contains an
+# ACL call, and make sure it is the right call!
+my $func = $1;
+$func =~ s/^vir//;
+if (!defined $maybefunc) {
+print "$ARGV:$. Unexpected check '$func' outside function\n";
+$status = 1;
+} else {
+unless ($maybefunc =~ /$func$/i) {
+print "$ARGV:$. Mismatch check 'vir${func}EnsureACL' for 
function '$maybefunc'\n";
+$status = 1;
+}
+}
+$acls{$maybefunc} = 1;
+} elsif (m,\b(\w+)\(,) {
+# Handles case where we replaced an API with a new
+# one which  adds new paramet

[libvirt] [PATCH 09/19] Add ACL checks into the LXC driver

[Daniel P. Berrange]

From: "Daniel P. Berrange" 

Insert calls to the ACL checking APIs in all LXC driver
entrypoints.

Signed-off-by: Daniel P. Berrange 
---
 src/lxc/lxc_driver.c | 219 ---
 1 file changed, 207 insertions(+), 12 deletions(-)

diff --git a/src/lxc/lxc_driver.c b/src/lxc/lxc_driver.c
index 997f81d..e590612 100644
--- a/src/lxc/lxc_driver.c
+++ b/src/lxc/lxc_driver.c
@@ -68,6 +68,8 @@
 #include "virtypedparam.h"
 #include "viruri.h"
 #include "virstring.h"
+#include "access/viraccessapicheck.h"
+#include "access/viraccessapichecklxc.h"
 
 #define VIR_FROM_THIS VIR_FROM_LXC
 
@@ -148,6 +150,9 @@ static virDrvOpenStatus lxcConnectOpen(virConnectPtr conn,
 }
 }
 
+if (virConnectOpenEnsureACL(conn) < 0)
+return VIR_DRV_OPEN_ERROR;
+
 conn->privateData = lxc_driver;
 
 return VIR_DRV_OPEN_SUCCESS;
@@ -190,6 +195,9 @@ static char *lxcConnectGetCapabilities(virConnectPtr conn) {
 virLXCDriverPtr driver = conn->privateData;
 char *xml;
 
+if (virConnectGetCapabilitiesEnsureACL(conn) < 0)
+return NULL;
+
 lxcDriverLock(driver);
 if ((xml = virCapabilitiesFormatXML(driver->caps)) == NULL)
 virReportOOMError();
@@ -216,6 +224,9 @@ static virDomainPtr lxcDomainLookupByID(virConnectPtr conn,
 goto cleanup;
 }
 
+if (virDomainLookupByIDEnsureACL(conn, vm->def) < 0)
+goto cleanup;
+
 dom = virGetDomain(conn, vm->def->name, vm->def->uuid);
 if (dom)
 dom->id = vm->def->id;
@@ -245,6 +256,9 @@ static virDomainPtr lxcDomainLookupByUUID(virConnectPtr 
conn,
 goto cleanup;
 }
 
+if (virDomainLookupByUUIDEnsureACL(conn, vm->def) < 0)
+goto cleanup;
+
 dom = virGetDomain(conn, vm->def->name, vm->def->uuid);
 if (dom)
 dom->id = vm->def->id;
@@ -271,6 +285,9 @@ static virDomainPtr lxcDomainLookupByName(virConnectPtr 
conn,
 goto cleanup;
 }
 
+if (virDomainLookupByNameEnsureACL(conn, vm->def) < 0)
+goto cleanup;
+
 dom = virGetDomain(conn, vm->def->name, vm->def->uuid);
 if (dom)
 dom->id = vm->def->id;
@@ -298,6 +315,10 @@ static int lxcDomainIsActive(virDomainPtr dom)
_("No domain with matching uuid '%s'"), uuidstr);
 goto cleanup;
 }
+
+if (virDomainIsActiveEnsureACL(dom->conn, obj->def) < 0)
+goto cleanup;
+
 ret = virDomainObjIsActive(obj);
 
 cleanup:
@@ -323,6 +344,10 @@ static int lxcDomainIsPersistent(virDomainPtr dom)
_("No domain with matching uuid '%s'"), uuidstr);
 goto cleanup;
 }
+
+if (virDomainIsPersistentEnsureACL(dom->conn, obj->def) < 0)
+goto cleanup;
+
 ret = obj->persistent;
 
 cleanup:
@@ -347,6 +372,10 @@ static int lxcDomainIsUpdated(virDomainPtr dom)
_("No domain with matching uuid '%s'"), uuidstr);
 goto cleanup;
 }
+
+if (virDomainIsUpdatedEnsureACL(dom->conn, obj->def) < 0)
+goto cleanup;
+
 ret = obj->updated;
 
 cleanup:
@@ -359,6 +388,9 @@ static int lxcConnectListDomains(virConnectPtr conn, int 
*ids, int nids) {
 virLXCDriverPtr driver = conn->privateData;
 int n;
 
+if (virConnectListDomainsEnsureACL(conn) < 0)
+return -1;
+
 lxcDriverLock(driver);
 n = virDomainObjListGetActiveIDs(driver->domains, ids, nids);
 lxcDriverUnlock(driver);
@@ -370,6 +402,9 @@ static int lxcConnectNumOfDomains(virConnectPtr conn) {
 virLXCDriverPtr driver = conn->privateData;
 int n;
 
+if (virConnectNumOfDomainsEnsureACL(conn) < 0)
+return -1;
+
 lxcDriverLock(driver);
 n = virDomainObjListNumOfDomains(driver->domains, 1);
 lxcDriverUnlock(driver);
@@ -382,6 +417,9 @@ static int lxcConnectListDefinedDomains(virConnectPtr conn,
 virLXCDriverPtr driver = conn->privateData;
 int n;
 
+if (virConnectListDefinedDomainsEnsureACL(conn) < 0)
+return -1;
+
 lxcDriverLock(driver);
 n = virDomainObjListGetInactiveNames(driver->domains, names, nnames);
 lxcDriverUnlock(driver);
@@ -394,6 +432,9 @@ static int lxcConnectNumOfDefinedDomains(virConnectPtr 
conn) {
 virLXCDriverPtr driver = conn->privateData;
 int n;
 
+if (virConnectNumOfDefinedDomainsEnsureACL(conn) < 0)
+return -1;
+
 lxcDriverLock(driver);
 n = virDomainObjListNumOfDomains(driver->domains, 0);
 lxcDriverUnlock(driver);
@@ -418,6 +459,9 @@ static virDomainPtr lxcDomainDefineXML(virConnectPtr conn, 
const char *xml)
 VIR_DOMAIN_XML_INACTIVE)))
 goto cleanup;
 
+if (virDomainDefineXMLEnsureACL(conn, def) < 0)
+goto cleanup;
+
 if (virSecurityManagerVerify(driver->securityManager, def) < 0)
 goto cleanup;
 
@@ -482,6 +526,9 @@ static int lxcDomainUndefineFlags(virDomainPtr dom,
 goto cleanup;
 }
 
+if (virDomainUndefineFlagsEnsureACL(dom->conn, vm->def) < 0)
+goto c

[libvirt] [PATCH 10/19] Add ACL checks into the UML driver

[Daniel P. Berrange]

From: "Daniel P. Berrange" 

Insert calls to the ACL checking APIs in all UML driver
entrypoints.

Signed-off-by: Daniel P. Berrange 
---
 src/uml/uml_driver.c | 174 +++
 1 file changed, 162 insertions(+), 12 deletions(-)

diff --git a/src/uml/uml_driver.c b/src/uml/uml_driver.c
index 321be0f..a3b8706 100644
--- a/src/uml/uml_driver.c
+++ b/src/uml/uml_driver.c
@@ -65,6 +65,7 @@
 #include "virprocess.h"
 #include "viruri.h"
 #include "virstring.h"
+#include "access/viraccessapicheck.h"
 
 #define VIR_FROM_THIS VIR_FROM_UML
 
@@ -1235,6 +1236,9 @@ static virDrvOpenStatus umlConnectOpen(virConnectPtr conn,
 }
 }
 
+if (virConnectOpenEnsureACL(conn) < 0)
+return VIR_DRV_OPEN_ERROR;
+
 conn->privateData = uml_driver;
 
 return VIR_DRV_OPEN_SUCCESS;
@@ -1252,7 +1256,10 @@ static int umlConnectClose(virConnectPtr conn) {
 return 0;
 }
 
-static const char *umlConnectGetType(virConnectPtr conn ATTRIBUTE_UNUSED) {
+static const char *umlConnectGetType(virConnectPtr conn) {
+if (virConnectGetTypeEnsureACL(conn) < 0)
+return NULL;
+
 return "UML";
 }
 
@@ -1281,6 +1288,9 @@ static char *umlConnectGetCapabilities(virConnectPtr 
conn) {
 struct uml_driver *driver = (struct uml_driver *)conn->privateData;
 char *xml;
 
+if (virConnectGetCapabilitiesEnsureACL(conn) < 0)
+return NULL;
+
 umlDriverLock(driver);
 if ((xml = virCapabilitiesFormatXML(driver->caps)) == NULL)
 virReportOOMError();
@@ -1346,6 +1356,9 @@ static virDomainPtr umlDomainLookupByID(virConnectPtr 
conn,
 goto cleanup;
 }
 
+if (virDomainLookupByIDEnsureACL(conn, vm->def) < 0)
+goto cleanup;
+
 dom = virGetDomain(conn, vm->def->name, vm->def->uuid);
 if (dom) dom->id = vm->def->id;
 
@@ -1370,6 +1383,9 @@ static virDomainPtr umlDomainLookupByUUID(virConnectPtr 
conn,
 goto cleanup;
 }
 
+if (virDomainLookupByUUIDEnsureACL(conn, vm->def) < 0)
+goto cleanup;
+
 dom = virGetDomain(conn, vm->def->name, vm->def->uuid);
 if (dom) dom->id = vm->def->id;
 
@@ -1394,6 +1410,9 @@ static virDomainPtr umlDomainLookupByName(virConnectPtr 
conn,
 goto cleanup;
 }
 
+if (virDomainLookupByNameEnsureACL(conn, vm->def) < 0)
+goto cleanup;
+
 dom = virGetDomain(conn, vm->def->name, vm->def->uuid);
 if (dom) dom->id = vm->def->id;
 
@@ -1417,6 +1436,10 @@ static int umlDomainIsActive(virDomainPtr dom)
 virReportError(VIR_ERR_NO_DOMAIN, NULL);
 goto cleanup;
 }
+
+if (virDomainIsActiveEnsureACL(dom->conn, obj->def) < 0)
+goto cleanup;
+
 ret = virDomainObjIsActive(obj);
 
 cleanup:
@@ -1439,6 +1462,10 @@ static int umlDomainIsPersistent(virDomainPtr dom)
 virReportError(VIR_ERR_NO_DOMAIN, NULL);
 goto cleanup;
 }
+
+if (virDomainIsPersistentEnsureACL(dom->conn, obj->def) < 0)
+goto cleanup;
+
 ret = obj->persistent;
 
 cleanup:
@@ -1460,6 +1487,10 @@ static int umlDomainIsUpdated(virDomainPtr dom)
 virReportError(VIR_ERR_NO_DOMAIN, NULL);
 goto cleanup;
 }
+
+if (virDomainIsUpdatedEnsureACL(dom->conn, obj->def) < 0)
+goto cleanup;
+
 ret = obj->updated;
 
 cleanup:
@@ -1473,6 +1504,9 @@ static int umlConnectGetVersion(virConnectPtr conn, 
unsigned long *version) {
 struct utsname ut;
 int ret = -1;
 
+if (virConnectGetVersionEnsureACL(conn) < 0)
+return -1;
+
 umlDriverLock(driver);
 
 if (driver->umlVersion == 0) {
@@ -1494,8 +1528,11 @@ cleanup:
 }
 
 
-static char *umlConnectGetHostname(virConnectPtr conn ATTRIBUTE_UNUSED)
+static char *umlConnectGetHostname(virConnectPtr conn)
 {
+if (virConnectGetHostnameEnsureACL(conn) < 0)
+return NULL;
+
 return virGetHostname();
 }
 
@@ -1504,6 +1541,9 @@ static int umlConnectListDomains(virConnectPtr conn, int 
*ids, int nids) {
 struct uml_driver *driver = conn->privateData;
 int n;
 
+if (virConnectListDomainsEnsureACL(conn) < 0)
+return -1;
+
 umlDriverLock(driver);
 n = virDomainObjListGetActiveIDs(driver->domains, ids, nids);
 umlDriverUnlock(driver);
@@ -1514,6 +1554,9 @@ static int umlConnectNumOfDomains(virConnectPtr conn) {
 struct uml_driver *driver = conn->privateData;
 int n;
 
+if (virConnectNumOfDomainsEnsureACL(conn) < 0)
+return -1;
+
 umlDriverLock(driver);
 n = virDomainObjListNumOfDomains(driver->domains, 1);
 umlDriverUnlock(driver);
@@ -1536,6 +1579,9 @@ static virDomainPtr umlDomainCreateXML(virConnectPtr 
conn, const char *xml,
 VIR_DOMAIN_XML_INACTIVE)))
 goto cleanup;
 
+if (virDomainCreateXMLEnsureACL(conn, def) < 0)
+goto cleanup;
+
 if (!(vm = virDomainObjListAdd(driver->domains, def,
driver->xmlopt,
VIR_DOMAIN_OBJ_LIST_ADD_CHECK

[libvirt] [PATCH 15/19] Add ACL checks into the interface driver

[Daniel P. Berrange]

From: "Daniel P. Berrange" 

Insert calls to the ACL checking APIs in all interface
driver entrypoints.

Signed-off-by: Daniel P. Berrange 
---
 src/interface/interface_backend_netcf.c | 114 
 src/interface/interface_backend_udev.c  |  85 +---
 2 files changed, 191 insertions(+), 8 deletions(-)

diff --git a/src/interface/interface_backend_netcf.c 
b/src/interface/interface_backend_netcf.c
index cbba4fd..4707e3e 100644
--- a/src/interface/interface_backend_netcf.c
+++ b/src/interface/interface_backend_netcf.c
@@ -31,6 +31,7 @@
 #include "interface_conf.h"
 #include "viralloc.h"
 #include "virlog.h"
+#include "access/viraccessapicheck.h"
 
 #define VIR_FROM_THIS VIR_FROM_INTERFACE
 
@@ -52,6 +53,36 @@ static void interfaceDriverUnlock(struct interface_driver 
*driver)
 virMutexUnlock(&driver->lock);
 }
 
+/*
+ * Get a minimal virInterfaceDef containing enough metadata
+ * for access control checks to be performed. Currently
+ * this implies existance of name and mac address attributes
+ */
+static virInterfaceDef * ATTRIBUTE_NONNULL(1)
+netcfGetMinimalDefForDevice(struct netcf_if *iface)
+{
+virInterfaceDef *def;
+
+/* Allocate our interface definition structure */
+if (VIR_ALLOC(def) < 0) {
+virReportOOMError();
+return NULL;
+}
+
+if (VIR_STRDUP(def->name, ncf_if_name(iface)) < 0)
+goto cleanup;
+
+if (VIR_STRDUP(def->mac, ncf_if_mac_string(iface)) < 0)
+goto cleanup;
+
+return def;
+
+cleanup:
+virInterfaceDefFree(def);
+return NULL;
+}
+
+
 static int netcf_to_vir_err(int netcf_errcode)
 {
 switch (netcf_errcode)
@@ -182,6 +213,9 @@ static int netcfConnectNumOfInterfaces(virConnectPtr conn)
 int count;
 struct interface_driver *driver = conn->interfacePrivateData;
 
+if (virConnectNumOfInterfacesEnsureACL(conn) < 0)
+return -1;
+
 interfaceDriverLock(driver);
 count = ncf_num_of_interfaces(driver->netcf, NETCF_IFACE_ACTIVE);
 if (count < 0) {
@@ -201,6 +235,9 @@ static int netcfConnectListInterfaces(virConnectPtr conn, 
char **const names, in
 struct interface_driver *driver = conn->interfacePrivateData;
 int count;
 
+if (virConnectListInterfacesEnsureACL(conn) < 0)
+return -1;
+
 interfaceDriverLock(driver);
 
 count = ncf_list_interfaces(driver->netcf, nnames, names, 
NETCF_IFACE_ACTIVE);
@@ -223,6 +260,9 @@ static int netcfConnectNumOfDefinedInterfaces(virConnectPtr 
conn)
 int count;
 struct interface_driver *driver = conn->interfacePrivateData;
 
+if (virConnectNumOfDefinedInterfacesEnsureACL(conn) < 0)
+return -1;
+
 interfaceDriverLock(driver);
 count = ncf_num_of_interfaces(driver->netcf, NETCF_IFACE_INACTIVE);
 if (count < 0) {
@@ -243,6 +283,9 @@ static int netcfConnectListDefinedInterfaces(virConnectPtr 
conn, char **const na
 struct interface_driver *driver = conn->interfacePrivateData;
 int count;
 
+if (virConnectListDefinedInterfacesEnsureACL(conn) < 0)
+return -1;
+
 interfaceDriverLock(driver);
 
 count = ncf_list_interfaces(driver->netcf, nnames, names, 
NETCF_IFACE_INACTIVE);
@@ -279,6 +322,9 @@ netcfConnectListAllInterfaces(virConnectPtr conn,
 virCheckFlags(VIR_CONNECT_LIST_INTERFACES_ACTIVE |
   VIR_CONNECT_LIST_INTERFACES_INACTIVE, -1);
 
+if (virConnectListAllInterfacesEnsureACL(conn) < 0)
+return -1;
+
 interfaceDriverLock(driver);
 
 /* List all interfaces, in case of we might support new filter flags
@@ -413,6 +459,7 @@ static virInterfacePtr 
netcfInterfaceLookupByName(virConnectPtr conn,
 struct interface_driver *driver = conn->interfacePrivateData;
 struct netcf_if *iface;
 virInterfacePtr ret = NULL;
+virInterfaceDefPtr def = NULL;
 
 interfaceDriverLock(driver);
 iface = ncf_lookup_by_name(driver->netcf, name);
@@ -431,10 +478,17 @@ static virInterfacePtr 
netcfInterfaceLookupByName(virConnectPtr conn,
 goto cleanup;
 }
 
+if (!(def = netcfGetMinimalDefForDevice(iface)))
+goto cleanup;
+
+if (virInterfaceLookupByNameEnsureACL(conn, def) < 0)
+   goto cleanup;
+
 ret = virGetInterface(conn, ncf_if_name(iface), ncf_if_mac_string(iface));
 
 cleanup:
 ncf_if_free(iface);
+virInterfaceDefFree(def);
 interfaceDriverUnlock(driver);
 return ret;
 }
@@ -446,6 +500,7 @@ static virInterfacePtr 
netcfInterfaceLookupByMACString(virConnectPtr conn,
 struct netcf_if *iface;
 int niface;
 virInterfacePtr ret = NULL;
+virInterfaceDefPtr def = NULL;
 
 interfaceDriverLock(driver);
 niface = ncf_lookup_by_mac_string(driver->netcf, macstr, 1, &iface);
@@ -471,10 +526,18 @@ static virInterfacePtr 
netcfInterfaceLookupByMACString(virConnectPtr conn,
 goto cleanup;
 }
 
+
+if (!(def = netcfGetMinimalDefForDevice(iface)))
+goto cleanup;
+
+if (virInterfaceLookupByMACStringEnsureACL(con

[libvirt] [PATCH 13/19] Add ACL checks into the storage driver

[Daniel P. Berrange]

From: "Daniel P. Berrange" 

Insert calls to the ACL checking APIs in all storage driver
entrypoints.

Signed-off-by: Daniel P. Berrange 
---
 src/storage/storage_driver.c | 155 +--
 1 file changed, 151 insertions(+), 4 deletions(-)

diff --git a/src/storage/storage_driver.c b/src/storage/storage_driver.c
index 990f0b1..edbd94d 100644
--- a/src/storage/storage_driver.c
+++ b/src/storage/storage_driver.c
@@ -48,6 +48,7 @@
 #include "fdstream.h"
 #include "configmake.h"
 #include "virstring.h"
+#include "access/viraccessapicheck.h"
 
 #define VIR_FROM_THIS VIR_FROM_STORAGE
 
@@ -248,6 +249,9 @@ storagePoolLookupByUUID(virConnectPtr conn,
 goto cleanup;
 }
 
+if (virStoragePoolLookupByUUIDEnsureACL(conn, pool->def) < 0)
+goto cleanup;
+
 ret = virGetStoragePool(conn, pool->def->name, pool->def->uuid,
 NULL, NULL);
 
@@ -274,6 +278,9 @@ storagePoolLookupByName(virConnectPtr conn,
 goto cleanup;
 }
 
+if (virStoragePoolLookupByNameEnsureACL(conn, pool->def) < 0)
+goto cleanup;
+
 ret = virGetStoragePool(conn, pool->def->name, pool->def->uuid,
 NULL, NULL);
 
@@ -285,7 +292,30 @@ cleanup:
 
 static virStoragePoolPtr
 storagePoolLookupByVolume(virStorageVolPtr vol) {
-return storagePoolLookupByName(vol->conn, vol->pool);
+virStorageDriverStatePtr driver = vol->conn->storagePrivateData;
+virStoragePoolObjPtr pool;
+virStoragePoolPtr ret = NULL;
+
+storageDriverLock(driver);
+pool = virStoragePoolObjFindByName(&driver->pools, vol->pool);
+storageDriverUnlock(driver);
+
+if (!pool) {
+virReportError(VIR_ERR_NO_STORAGE_POOL,
+   _("no storage pool with matching name '%s'"), 
vol->pool);
+goto cleanup;
+}
+
+if (virStoragePoolLookupByVolumeEnsureACL(vol->conn, pool->def) < 0)
+goto cleanup;
+
+ret = virGetStoragePool(vol->conn, pool->def->name, pool->def->uuid,
+NULL, NULL);
+
+cleanup:
+if (pool)
+virStoragePoolObjUnlock(pool);
+return ret;
 }
 
 static virDrvOpenStatus
@@ -313,6 +343,9 @@ storageConnectNumOfStoragePools(virConnectPtr conn) {
 virStorageDriverStatePtr driver = conn->storagePrivateData;
 unsigned int i, nactive = 0;
 
+if (virConnectNumOfStoragePoolsEnsureACL(conn) < 0)
+return -1;
+
 storageDriverLock(driver);
 for (i = 0 ; i < driver->pools.count ; i++) {
 virStoragePoolObjLock(driver->pools.objs[i]);
@@ -332,6 +365,9 @@ storageConnectListStoragePools(virConnectPtr conn,
 virStorageDriverStatePtr driver = conn->storagePrivateData;
 int got = 0, i;
 
+if (virConnectListStoragePoolsEnsureACL(conn) < 0)
+return -1;
+
 storageDriverLock(driver);
 for (i = 0 ; i < driver->pools.count && got < nnames ; i++) {
 virStoragePoolObjLock(driver->pools.objs[i]);
@@ -361,6 +397,9 @@ storageConnectNumOfDefinedStoragePools(virConnectPtr conn) {
 virStorageDriverStatePtr driver = conn->storagePrivateData;
 unsigned int i, nactive = 0;
 
+if (virConnectNumOfDefinedStoragePoolsEnsureACL(conn) < 0)
+return -1;
+
 storageDriverLock(driver);
 for (i = 0 ; i < driver->pools.count ; i++) {
 virStoragePoolObjLock(driver->pools.objs[i]);
@@ -380,6 +419,9 @@ storageConnectListDefinedStoragePools(virConnectPtr conn,
 virStorageDriverStatePtr driver = conn->storagePrivateData;
 int got = 0, i;
 
+if (virConnectListDefinedStoragePoolsEnsureACL(conn) < 0)
+return -1;
+
 storageDriverLock(driver);
 for (i = 0 ; i < driver->pools.count && got < nnames ; i++) {
 virStoragePoolObjLock(driver->pools.objs[i]);
@@ -417,6 +459,9 @@ storageConnectFindStoragePoolSources(virConnectPtr conn,
 virStorageBackendPtr backend;
 char *ret = NULL;
 
+if (virConnectFindStoragePoolSourcesEnsureACL(conn) < 0)
+return NULL;
+
 backend_type = virStoragePoolTypeFromString(type);
 if (backend_type < 0) {
 virReportError(VIR_ERR_INTERNAL_ERROR,
@@ -455,6 +500,10 @@ static int storagePoolIsActive(virStoragePoolPtr pool)
 virReportError(VIR_ERR_NO_STORAGE_POOL, NULL);
 goto cleanup;
 }
+
+if (virStoragePoolIsActiveEnsureACL(pool->conn, obj->def) < 0)
+goto cleanup;
+
 ret = virStoragePoolObjIsActive(obj);
 
 cleanup:
@@ -476,6 +525,10 @@ static int storagePoolIsPersistent(virStoragePoolPtr pool)
 virReportError(VIR_ERR_NO_STORAGE_POOL, NULL);
 goto cleanup;
 }
+
+if (virStoragePoolIsPersistentEnsureACL(pool->conn, obj->def) < 0)
+goto cleanup;
+
 ret = obj->configFile ? 1 : 0;
 
 cleanup:
@@ -502,6 +555,9 @@ storagePoolCreateXML(virConnectPtr conn,
 if (!(def = virStoragePoolDefParseString(xml)))
 goto cleanup;
 
+if (virStoragePoolCreateXMLEnsureACL(conn, def) < 0)
+goto cleanup;
+
 if (virStoragePoolObj

[libvirt] [PATCH 18/19] Add ACL checks into the secrets driver

[Daniel P. Berrange]

From: "Daniel P. Berrange" 

Insert calls to the ACL checking APIs in all secrets driver
entrypoints.

Signed-off-by: Daniel P. Berrange 
---
 src/secret/secret_driver.c | 31 +++
 1 file changed, 31 insertions(+)

diff --git a/src/secret/secret_driver.c b/src/secret/secret_driver.c
index 5d1739f..b73dc51 100644
--- a/src/secret/secret_driver.c
+++ b/src/secret/secret_driver.c
@@ -42,6 +42,7 @@
 #include "virfile.h"
 #include "configmake.h"
 #include "virstring.h"
+#include "access/viraccessapicheck.h"
 
 #define VIR_FROM_THIS VIR_FROM_SECRET
 
@@ -559,6 +560,9 @@ secretConnectNumOfSecrets(virConnectPtr conn)
 int i;
 virSecretEntryPtr secret;
 
+if (virConnectNumOfSecretsEnsureACL(conn) < 0)
+return -1;
+
 secretDriverLock(driver);
 
 i = 0;
@@ -578,6 +582,9 @@ secretConnectListSecrets(virConnectPtr conn, char **uuids, 
int maxuuids)
 
 memset(uuids, 0, maxuuids * sizeof(*uuids));
 
+if (virConnectListSecretsEnsureACL(conn) < 0)
+return -1;
+
 secretDriverLock(driver);
 
 i = 0;
@@ -643,6 +650,9 @@ secretConnectListAllSecrets(virConnectPtr conn,
 
 virCheckFlags(VIR_CONNECT_LIST_SECRETS_FILTERS_ALL, -1);
 
+if (virConnectListAllSecretsEnsureACL(conn) < 0)
+return -1;
+
 secretDriverLock(driver);
 
 for (entry = driver->secrets; entry != NULL; entry = entry->next)
@@ -725,6 +735,9 @@ secretLookupByUUID(virConnectPtr conn, const unsigned char 
*uuid)
 goto cleanup;
 }
 
+if (virSecretLookupByUUIDEnsureACL(conn, secret->def) < 0)
+goto cleanup;
+
 ret = virGetSecret(conn,
secret->def->uuid,
secret->def->usage_type,
@@ -752,6 +765,9 @@ secretLookupByUsage(virConnectPtr conn, int usageType, 
const char *usageID)
 goto cleanup;
 }
 
+if (virSecretLookupByUsageEnsureACL(conn, secret->def) < 0)
+goto cleanup;
+
 ret = virGetSecret(conn,
secret->def->uuid,
secret->def->usage_type,
@@ -781,6 +797,9 @@ secretDefineXML(virConnectPtr conn, const char *xml,
 
 secretDriverLock(driver);
 
+if (virSecretDefineXMLEnsureACL(conn, new_attrs) < 0)
+goto cleanup;
+
 secret = secretFindByUUID(driver, new_attrs->uuid);
 if (secret == NULL) {
 /* No existing secret with same UUID, try look for matching usage 
instead */
@@ -897,6 +916,9 @@ secretGetXMLDesc(virSecretPtr obj, unsigned int flags)
 goto cleanup;
 }
 
+if (virSecretGetXMLDescEnsureACL(obj->conn, secret->def) < 0)
+goto cleanup;
+
 ret = virSecretDefFormat(secret->def);
 
 cleanup:
@@ -933,6 +955,9 @@ secretSetValue(virSecretPtr obj, const unsigned char *value,
 goto cleanup;
 }
 
+if (virSecretSetValueEnsureACL(obj->conn, secret->def) < 0)
+goto cleanup;
+
 old_value = secret->value;
 old_value_size = secret->value_size;
 
@@ -988,6 +1013,9 @@ secretGetValue(virSecretPtr obj, size_t *value_size, 
unsigned int flags,
 goto cleanup;
 }
 
+if (virSecretGetValueEnsureACL(obj->conn, secret->def) < 0)
+goto cleanup;
+
 if (secret->value == NULL) {
 char uuidstr[VIR_UUID_STRING_BUFLEN];
 virUUIDFormat(obj->uuid, uuidstr);
@@ -1034,6 +1062,9 @@ secretUndefine(virSecretPtr obj)
 goto cleanup;
 }
 
+if (virSecretUndefineEnsureACL(obj->conn, secret->def) < 0)
+goto cleanup;
+
 if (!secret->def->ephemeral &&
 secretDeleteSaved(driver, secret) < 0)
 goto cleanup;
-- 
1.8.1.4

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] [PATCH 02/19] Set conn->driver before running driver connectOpen method

[Daniel P. Berrange]

From: "Daniel P. Berrange" 

The access control checks in the 'connectOpen' driver method
will require 'conn->driver' to be non-NULL. Set this before
running the 'connectOpen' method and NULL-ify it again on
failure.

Signed-off-by: Daniel P. Berrange 
---
 src/libvirt.c | 5 -
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/libvirt.c b/src/libvirt.c
index eee67d9..23e2a9a 100644
--- a/src/libvirt.c
+++ b/src/libvirt.c
@@ -1213,6 +1213,7 @@ do_open(const char *name,
 }
 
 VIR_DEBUG("trying driver %d (%s) ...", i, virDriverTab[i]->name);
+ret->driver = virDriverTab[i];
 res = virDriverTab[i]->connectOpen(ret, auth, flags);
 VIR_DEBUG("driver %d %s returned %s",
   i, virDriverTab[i]->name,
@@ -1221,10 +1222,12 @@ do_open(const char *name,
   (res == VIR_DRV_OPEN_ERROR ? "ERROR" : "unknown status")));
 
 if (res == VIR_DRV_OPEN_SUCCESS) {
-ret->driver = virDriverTab[i];
 break;
 } else if (res == VIR_DRV_OPEN_ERROR) {
+ret->driver = NULL;
 goto failed;
+} else {
+ret->driver = NULL;
 }
 }
 
-- 
1.8.1.4

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] [PATCH 04/19] Add a policy kit access control driver

[Daniel P. Berrange]

From: "Daniel P. Berrange" 

Add an access control driver that uses the pkcheck command
to check authorization requests. This is fairly inefficient,
particularly for cases where an API returns a list of objects
and needs to check permission for each object.

It would be desirable to use the polkit API but this links
to glib with abort-on-OOM behaviour, so can't be used. The
other alternative is to speak to dbus directly

Signed-off-by: Daniel P. Berrange 
---
 .gitignore |   1 +
 po/POTFILES.in |   1 +
 src/Makefile.am|  28 ++-
 src/access/genpolkit.pl| 119 +++
 src/access/viraccessdriverpolkit.c | 399 +
 src/access/viraccessdriverpolkit.h |  28 +++
 src/access/viraccessmanager.c  |   6 +
 7 files changed, 581 insertions(+), 1 deletion(-)
 create mode 100755 src/access/genpolkit.pl
 create mode 100644 src/access/viraccessdriverpolkit.c
 create mode 100644 src/access/viraccessdriverpolkit.h

diff --git a/.gitignore b/.gitignore
index 5e50b52..76ee420 100644
--- a/.gitignore
+++ b/.gitignore
@@ -104,6 +104,7 @@
 /run
 /sc_*
 /src/.*.stamp
+/src/access/org.libvirt.api.policy
 /src/esx/*.generated.*
 /src/hyperv/*.generated.*
 /src/libvirt*.def
diff --git a/po/POTFILES.in b/po/POTFILES.in
index 37c6019..02713c1 100644
--- a/po/POTFILES.in
+++ b/po/POTFILES.in
@@ -6,6 +6,7 @@ daemon/remote_dispatch.h
 daemon/stream.c
 gnulib/lib/gai_strerror.c
 gnulib/lib/regcomp.c
+src/access/viraccessdriverpolkit.c
 src/access/viraccessmanager.c
 src/conf/cpu_conf.c
 src/conf/device_conf.c
diff --git a/src/Makefile.am b/src/Makefile.am
index babd019..3e6c3df 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -779,6 +779,13 @@ ACCESS_DRIVER_SOURCES = \
access/viraccessdrivernop.h access/viraccessdrivernop.c \
access/viraccessdriverstack.h access/viraccessdriverstack.c
 
+ACCESS_DRIVER_POLKIT_SOURCES = \
+   access/viraccessdriverpolkit.h access/viraccessdriverpolkit.c
+
+ACCESS_DRIVER_POLKIT_POLICY = \
+   access/org.libvirt.api.policy
+
+
 NODE_DEVICE_DRIVER_SOURCES =   \
node_device/node_device_driver.c\
node_device/node_device_driver.h\
@@ -1359,6 +1366,24 @@ libvirt_driver_access_la_CFLAGS = \
 libvirt_driver_access_la_LDFLAGS = $(AM_LDFLAGS)
 libvirt_driver_access_la_LIBADD =
 
+EXTRA_DIST += access/genpolkit.pl
+
+if WITH_POLKIT1
+libvirt_driver_access_la_SOURCES += $(ACCESS_DRIVER_POLKIT_SOURCES)
+
+polkitactiondir = $(datadir)/polkit-1/actions
+polkitaction_DATA = $(ACCESS_DRIVER_POLKIT_POLICY)
+
+$(ACCESS_DRIVER_POLKIT_POLICY): $(srcdir)/access/viraccessperm.h \
+$(srcdir)/access/genpolkit.pl Makefile.am
+   $(AM_V_GEN)$(PERL) $(srcdir)/access/genpolkit.pl < $< > $@ || rm -f $@
+
+CLEANFILES += $(ACCESS_DRIVER_POLKIT_POLICY)
+BUILT_SOURCES += $(ACCESS_DRIVER_POLKIT_POLICY)
+else
+EXTRA_DIST += $(ACCESS_DRIVER_POLKIT_SOURCES)
+endif
+
 
 # Add all conditional sources just in case...
 EXTRA_DIST +=  \
@@ -1398,7 +1423,8 @@ EXTRA_DIST += 
\
$(SECRET_DRIVER_SOURCES)\
$(VBOX_DRIVER_EXTRA_DIST)   \
$(VMWARE_DRIVER_SOURCES)\
-   $(XENXS_SOURCES)
+   $(XENXS_SOURCES)\
+   $(ACCESS_DRIVER_POLKIT_POLICY)
 
 check-local: check-augeas
 
diff --git a/src/access/genpolkit.pl b/src/access/genpolkit.pl
new file mode 100755
index 000..eb7069a
--- /dev/null
+++ b/src/access/genpolkit.pl
@@ -0,0 +1,119 @@
+#!/usr/bin/perl
+#
+# Copyright (C) 2012-2013 Red Hat, Inc.
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library.  If not, see
+# .
+#
+
+use strict;
+use warnings;
+
+my @objects = (
+"CONNECT", "DOMAIN", "INTERFACE",
+"NETWORK","NODE_DEVICE", "NWFILTER",
+ "SECRET", "STORAGE_POOL", "STORAGE_VOL",
+);
+
+my $objects = join ("|", @objects);
+
+# Data we're going to be generating looks like this
+#
+# 
+#   
+# Monitor local virtualized systems
+# System policy prevents monitoring of local virtualized 
systems
+# 
+#   yes
+#   yes
+#   yes

[libvirt] [PATCH 05/19] Add an SELinux access control driver

[Daniel P. Berrange]

From: "Daniel P. Berrange" 

Introduce an access control driver that uses the SELinux
framework for validating API authorization. Each libvirt
object is represented as a new class in SELinux policy,
along with all permissions.

The actual policy is not included here, it has to be
part of the core SELinux policy dist, since you can't
define new object classes/permissions in external loadable
modules

As well as going to the audit system, all SELinux AVC
denials also get reported in libvirtd system logs

Signed-off-by: Daniel P. Berrange 
---
 m4/virt-compile-warnings.m4 |   1 +
 m4/virt-selinux.m4  |   2 +
 po/POTFILES.in  |   1 +
 src/Makefile.am |   9 +
 src/access/viraccessdriverselinux.c | 565 
 src/access/viraccessdriverselinux.h |  28 ++
 src/access/viraccessmanager.c   |   6 +
 src/internal.h  |   4 +
 src/util/virlog.c   |   3 +-
 src/util/virlog.h   |   1 +
 10 files changed, 619 insertions(+), 1 deletion(-)
 create mode 100644 src/access/viraccessdriverselinux.c
 create mode 100644 src/access/viraccessdriverselinux.h

diff --git a/m4/virt-compile-warnings.m4 b/m4/virt-compile-warnings.m4
index e054913..05798d3 100644
--- a/m4/virt-compile-warnings.m4
+++ b/m4/virt-compile-warnings.m4
@@ -94,6 +94,7 @@ AC_DEFUN([LIBVIRT_COMPILE_WARNINGS],[
   dontwarn="$dontwarn -Wmissing-prototypes"
   dontwarn="$dontwarn -Wmissing-declarations"
   dontwarn="$dontwarn -Wcast-align"
+  dontwarn="$dontwarn -Wmissing-format-attribute"
 fi
 
 dnl Check whether strchr(s, char variable) causes a bogus compile
diff --git a/m4/virt-selinux.m4 b/m4/virt-selinux.m4
index abb0d12..f849858 100644
--- a/m4/virt-selinux.m4
+++ b/m4/virt-selinux.m4
@@ -43,6 +43,8 @@ AC_DEFUN([LIBVIRT_CHECK_SELINUX],[
 dnl We prefer to use  and selabel_open, but can fall
 dnl back to matchpathcon for the sake of RHEL 5's version of libselinux.
 AC_CHECK_HEADERS([selinux/label.h])
+
+AC_CHECK_FUNCS([security_deny_unknown])
   fi
 ])
 
diff --git a/po/POTFILES.in b/po/POTFILES.in
index 02713c1..5723a0f 100644
--- a/po/POTFILES.in
+++ b/po/POTFILES.in
@@ -7,6 +7,7 @@ daemon/stream.c
 gnulib/lib/gai_strerror.c
 gnulib/lib/regcomp.c
 src/access/viraccessdriverpolkit.c
+src/access/viraccessdriverselinux.c
 src/access/viraccessmanager.c
 src/conf/cpu_conf.c
 src/conf/device_conf.c
diff --git a/src/Makefile.am b/src/Makefile.am
index 3e6c3df..20ce083 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -782,6 +782,9 @@ ACCESS_DRIVER_SOURCES = \
 ACCESS_DRIVER_POLKIT_SOURCES = \
access/viraccessdriverpolkit.h access/viraccessdriverpolkit.c
 
+ACCESS_DRIVER_SELINUX_SOURCES = \
+   access/viraccessdriverselinux.h access/viraccessdriverselinux.c
+
 ACCESS_DRIVER_POLKIT_POLICY = \
access/org.libvirt.api.policy
 
@@ -1368,6 +1371,12 @@ libvirt_driver_access_la_LIBADD =
 
 EXTRA_DIST += access/genpolkit.pl
 
+if WITH_SELINUX
+libvirt_driver_access_la_SOURCES += $(ACCESS_DRIVER_SELINUX_SOURCES)
+else
+EXTRA_DIST += $(ACCESS_DRIVER_SELINUX_SOURCES)
+endif
+
 if WITH_POLKIT1
 libvirt_driver_access_la_SOURCES += $(ACCESS_DRIVER_POLKIT_SOURCES)
 
diff --git a/src/access/viraccessdriverselinux.c 
b/src/access/viraccessdriverselinux.c
new file mode 100644
index 000..235760d
--- /dev/null
+++ b/src/access/viraccessdriverselinux.c
@@ -0,0 +1,565 @@
+/*
+ * viraccessdriverselinux.c: selinuxed access control driver
+ *
+ * Copyright (C) 2012 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library.  If not, see
+ * .
+ */
+
+#include 
+
+#include "viraccessdriverselinux.h"
+#include "viralloc.h"
+#include "vircommand.h"
+#include "virlog.h"
+#include "virthread.h"
+#include "virerror.h"
+#include "virutil.h"
+
+#include 
+#include 
+#include 
+#include 
+
+
+#define VIR_FROM_THIS VIR_FROM_ACCESS
+#define virAccessError(code, ...)   \
+virReportErrorHelper(VIR_FROM_THIS, code, __FILE__, \
+ __FUNCTION__, __LINE__, __VA_ARGS__)
+
+typedef enum {
+VIR_ACCESS_DRIVER_SELINUX_CLASS_CONNECT,
+VIR_ACCESS_DRIVER_SELINUX_CLASS_DOMAIN,
+
+VIR_ACCESS_DRIVER_SELINUX_CLASS_LAST
+} virAccessDriverSELinuxClass;
+
+VIR_ENUM_DECL(virAccessDriver

[libvirt] [PATCH 14/19] Add ACL checks into the network driver

[Daniel P. Berrange]

From: "Daniel P. Berrange" 

Insert calls to the ACL checking APIs in all network driver
entrypoints.

Signed-off-by: Daniel P. Berrange 
---
 src/network/bridge_driver.c | 61 +
 1 file changed, 61 insertions(+)

diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
index 99c1316..76966df 100644
--- a/src/network/bridge_driver.c
+++ b/src/network/bridge_driver.c
@@ -65,6 +65,7 @@
 #include "virdbus.h"
 #include "virfile.h"
 #include "virstring.h"
+#include "access/viraccessapicheck.h"
 
 #define VIR_FROM_THIS VIR_FROM_NETWORK
 
@@ -2769,6 +2770,9 @@ static virNetworkPtr networkLookupByUUID(virConnectPtr 
conn,
 goto cleanup;
 }
 
+if (virNetworkLookupByUUIDEnsureACL(conn, network->def) < 0)
+goto cleanup;
+
 ret = virGetNetwork(conn, network->def->name, network->def->uuid);
 
 cleanup:
@@ -2792,6 +2796,9 @@ static virNetworkPtr networkLookupByName(virConnectPtr 
conn,
 goto cleanup;
 }
 
+if (virNetworkLookupByNameEnsureACL(conn, network->def) < 0)
+goto cleanup;
+
 ret = virGetNetwork(conn, network->def->name, network->def->uuid);
 
 cleanup:
@@ -2822,6 +2829,9 @@ static int networkConnectNumOfNetworks(virConnectPtr 
conn) {
 int nactive = 0, i;
 struct network_driver *driver = conn->networkPrivateData;
 
+if (virConnectNumOfNetworksEnsureACL(conn) < 0)
+return -1;
+
 networkDriverLock(driver);
 for (i = 0 ; i < driver->networks.count ; i++) {
 virNetworkObjLock(driver->networks.objs[i]);
@@ -2838,6 +2848,9 @@ static int networkConnectListNetworks(virConnectPtr conn, 
char **const names, in
 struct network_driver *driver = conn->networkPrivateData;
 int got = 0, i;
 
+if (virConnectListNetworksEnsureACL(conn) < 0)
+return -1;
+
 networkDriverLock(driver);
 for (i = 0 ; i < driver->networks.count && got < nnames ; i++) {
 virNetworkObjLock(driver->networks.objs[i]);
@@ -2865,6 +2878,9 @@ static int 
networkConnectNumOfDefinedNetworks(virConnectPtr conn) {
 int ninactive = 0, i;
 struct network_driver *driver = conn->networkPrivateData;
 
+if (virConnectNumOfDefinedNetworksEnsureACL(conn) < 0)
+return -1;
+
 networkDriverLock(driver);
 for (i = 0 ; i < driver->networks.count ; i++) {
 virNetworkObjLock(driver->networks.objs[i]);
@@ -2881,6 +2897,9 @@ static int 
networkConnectListDefinedNetworks(virConnectPtr conn, char **const na
 struct network_driver *driver = conn->networkPrivateData;
 int got = 0, i;
 
+if (virConnectListDefinedNetworksEnsureACL(conn) < 0)
+return -1;
+
 networkDriverLock(driver);
 for (i = 0 ; i < driver->networks.count && got < nnames ; i++) {
 virNetworkObjLock(driver->networks.objs[i]);
@@ -2913,10 +2932,14 @@ networkConnectListAllNetworks(virConnectPtr conn,
 
 virCheckFlags(VIR_CONNECT_LIST_NETWORKS_FILTERS_ALL, -1);
 
+if (virConnectListAllNetworksEnsureACL(conn) < 0)
+goto cleanup;
+
 networkDriverLock(driver);
 ret = virNetworkList(conn, driver->networks, nets, flags);
 networkDriverUnlock(driver);
 
+cleanup:
 return ret;
 }
 
@@ -2933,6 +2956,10 @@ static int networkIsActive(virNetworkPtr net)
 virReportError(VIR_ERR_NO_NETWORK, NULL);
 goto cleanup;
 }
+
+if (virNetworkIsActiveEnsureACL(net->conn, obj->def) < 0)
+goto cleanup;
+
 ret = virNetworkObjIsActive(obj);
 
 cleanup:
@@ -2954,6 +2981,10 @@ static int networkIsPersistent(virNetworkPtr net)
 virReportError(VIR_ERR_NO_NETWORK, NULL);
 goto cleanup;
 }
+
+if (virNetworkIsPersistentEnsureACL(net->conn, obj->def) < 0)
+goto cleanup;
+
 ret = obj->persistent;
 
 cleanup:
@@ -3121,6 +3152,9 @@ static virNetworkPtr networkCreateXML(virConnectPtr conn, 
const char *xml) {
 if (!(def = virNetworkDefParseString(xml)))
 goto cleanup;
 
+if (virNetworkCreateXMLEnsureACL(conn, def) < 0)
+goto cleanup;
+
 if (networkValidate(driver, def, true) < 0)
goto cleanup;
 
@@ -3161,6 +3195,9 @@ static virNetworkPtr networkDefineXML(virConnectPtr conn, 
const char *xml) {
 if (!(def = virNetworkDefParseString(xml)))
 goto cleanup;
 
+if (virNetworkDefineXMLEnsureACL(conn, def) < 0)
+goto cleanup;
+
 if (networkValidate(driver, def, false) < 0)
goto cleanup;
 
@@ -3219,6 +3256,9 @@ networkUndefine(virNetworkPtr net) {
 goto cleanup;
 }
 
+if (virNetworkUndefineEnsureACL(net->conn, network->def) < 0)
+goto cleanup;
+
 if (virNetworkObjIsActive(network))
 active = true;
 
@@ -3279,6 +3319,9 @@ networkUpdate(virNetworkPtr net,
 goto cleanup;
 }
 
+if (virNetworkUpdateEnsureACL(net->conn, network->def, flags) < 0)
+goto cleanup;
+
 /* see if we are listening for dhcp pre-modification */
 for (ii = 0;
  (ipdef = virNetworkDefGetIpByIndex(networ

[libvirt] [PATCH 12/19] Add ACL checks into the libxl driver

[Daniel P. Berrange]

From: "Daniel P. Berrange" 

Insert calls to the ACL checking APIs in all libxl driver
entrypoints.

Signed-off-by: Daniel P. Berrange 
---
 src/libxl/libxl_driver.c | 187 ++-
 1 file changed, 184 insertions(+), 3 deletions(-)

diff --git a/src/libxl/libxl_driver.c b/src/libxl/libxl_driver.c
index 99d2dc4..0bbe8a1 100644
--- a/src/libxl/libxl_driver.c
+++ b/src/libxl/libxl_driver.c
@@ -45,6 +45,7 @@
 #include "virtypedparam.h"
 #include "viruri.h"
 #include "virstring.h"
+#include "access/viraccessapicheck.h"
 
 #define VIR_FROM_THIS VIR_FROM_LIBXL
 
@@ -1382,6 +1383,9 @@ libxlConnectOpen(virConnectPtr conn,
 }
 }
 
+if (virConnectOpenEnsureACL(conn) < 0)
+return VIR_DRV_OPEN_ERROR;
+
 conn->privateData = libxl_driver;
 
 return VIR_DRV_OPEN_SUCCESS;
@@ -1395,8 +1399,11 @@ libxlConnectClose(virConnectPtr conn ATTRIBUTE_UNUSED)
 }
 
 static const char *
-libxlConnectGetType(virConnectPtr conn ATTRIBUTE_UNUSED)
+libxlConnectGetType(virConnectPtr conn)
 {
+if (virConnectGetTypeEnsureACL(conn) < 0)
+return NULL;
+
 return "xenlight";
 }
 
@@ -1405,6 +1412,9 @@ libxlConnectGetVersion(virConnectPtr conn, unsigned long 
*version)
 {
 libxlDriverPrivatePtr driver = conn->privateData;
 
+if (virConnectGetVersionEnsureACL(conn) < 0)
+return 0;
+
 libxlDriverLock(driver);
 *version = driver->version;
 libxlDriverUnlock(driver);
@@ -1412,8 +1422,11 @@ libxlConnectGetVersion(virConnectPtr conn, unsigned long 
*version)
 }
 
 
-static char *libxlConnectGetHostname(virConnectPtr conn ATTRIBUTE_UNUSED)
+static char *libxlConnectGetHostname(virConnectPtr conn)
 {
+if (virConnectGetHostnameEnsureACL(conn) < 0)
+return NULL;
+
 return virGetHostname();
 }
 
@@ -1424,6 +1437,9 @@ libxlConnectGetMaxVcpus(virConnectPtr conn, const char 
*type ATTRIBUTE_UNUSED)
 int ret;
 libxlDriverPrivatePtr driver = conn->privateData;
 
+if (virConnectGetMaxVcpusEnsureACL(conn) < 0)
+return -1;
+
 ret = libxl_get_max_cpus(driver->ctx);
 /* libxl_get_max_cpus() will return 0 if there were any failures,
e.g. xc_physinfo() failing */
@@ -1436,6 +1452,9 @@ libxlConnectGetMaxVcpus(virConnectPtr conn, const char 
*type ATTRIBUTE_UNUSED)
 static int
 libxlNodeGetInfo(virConnectPtr conn, virNodeInfoPtr info)
 {
+if (virNodeGetInfoEnsureACL(conn) < 0)
+return -1;
+
 return libxlDoNodeGetInfo(conn->privateData, info);
 }
 
@@ -1445,6 +1464,9 @@ libxlConnectGetCapabilities(virConnectPtr conn)
 libxlDriverPrivatePtr driver = conn->privateData;
 char *xml;
 
+if (virConnectGetCapabilitiesEnsureACL(conn) < 0)
+return NULL;
+
 libxlDriverLock(driver);
 if ((xml = virCapabilitiesFormatXML(driver->caps)) == NULL)
 virReportOOMError();
@@ -1459,6 +1481,9 @@ libxlConnectListDomains(virConnectPtr conn, int *ids, int 
nids)
 libxlDriverPrivatePtr driver = conn->privateData;
 int n;
 
+if (virConnectListDomainsEnsureACL(conn) < 0)
+return -1;
+
 libxlDriverLock(driver);
 n = virDomainObjListGetActiveIDs(driver->domains, ids, nids);
 libxlDriverUnlock(driver);
@@ -1472,6 +1497,9 @@ libxlConnectNumOfDomains(virConnectPtr conn)
 libxlDriverPrivatePtr driver = conn->privateData;
 int n;
 
+if (virConnectNumOfDomainsEnsureACL(conn) < 0)
+return -1;
+
 libxlDriverLock(driver);
 n = virDomainObjListNumOfDomains(driver->domains, 1);
 libxlDriverUnlock(driver);
@@ -1496,6 +1524,9 @@ libxlDomainCreateXML(virConnectPtr conn, const char *xml,
 VIR_DOMAIN_XML_INACTIVE)))
 goto cleanup;
 
+if (virDomainCreateXMLEnsureACL(conn, def) < 0)
+goto cleanup;
+
 if (!(vm = virDomainObjListAdd(driver->domains, def,
driver->xmlopt,
VIR_DOMAIN_OBJ_LIST_ADD_CHECK_LIVE,
@@ -1538,6 +1569,9 @@ libxlDomainLookupByID(virConnectPtr conn, int id)
 goto cleanup;
 }
 
+if (virDomainLookupByIDEnsureACL(conn, vm->def) < 0)
+goto cleanup;
+
 dom = virGetDomain(conn, vm->def->name, vm->def->uuid);
 if (dom)
 dom->id = vm->def->id;
@@ -1564,6 +1598,9 @@ libxlDomainLookupByUUID(virConnectPtr conn, const 
unsigned char *uuid)
 goto cleanup;
 }
 
+if (virDomainLookupByUUIDEnsureACL(conn, vm->def) < 0)
+goto cleanup;
+
 dom = virGetDomain(conn, vm->def->name, vm->def->uuid);
 if (dom)
 dom->id = vm->def->id;
@@ -1590,6 +1627,9 @@ libxlDomainLookupByName(virConnectPtr conn, const char 
*name)
 goto cleanup;
 }
 
+if (virDomainLookupByNameEnsureACL(conn, vm->def) < 0)
+goto cleanup;
+
 dom = virGetDomain(conn, vm->def->name, vm->def->uuid);
 if (dom)
 dom->id = vm->def->id;
@@ -1620,6 +1660,10 @@ libxlDomainSuspend(virDomainPtr dom)
_("No domain with m

[libvirt] [PATCH 06/19] Add ACL annotations to all RPC messages

[Daniel P. Berrange]

From: "Daniel P. Berrange" 

Introduce annotations to all RPC messages to declare what
access control checks are required. There are two new
annotations defined:

 @acl: :
 @acl: ::

  Declare the access control requirements for the API. May be repeated
  multiple times, if multiple rules are required.

 is one of 'connect', 'domain', 'network', 'storagepool',
 'interface', 'nodedev', 'secret'.
 is one of the permissions in access/viraccessperm.h
 indicates the rule only applies if the named flag
is set in the API call

 @aclfilter: :

  Declare an access control filter that will be applied to a list
  of objects being returned by an API. This allows the returned
  list to be filtered to only show those the user has permissions
  against

Signed-off-by: Daniel P. Berrange 
---
 src/locking/lock_protocol.x  |   8 +
 src/remote/lxc_protocol.x|   1 +
 src/remote/qemu_protocol.x   |   4 +
 src/remote/remote_protocol.x | 406 +++
 src/rpc/gendispatch.pl   |   2 +-
 5 files changed, 420 insertions(+), 1 deletion(-)

diff --git a/src/locking/lock_protocol.x b/src/locking/lock_protocol.x
index f69f2e8..354d51a 100644
--- a/src/locking/lock_protocol.x
+++ b/src/locking/lock_protocol.x
@@ -105,41 +105,49 @@ enum virLockSpaceProtocolProcedure {
 
 /**
  * @generate: none
+ * @acl: none
  */
 VIR_LOCK_SPACE_PROTOCOL_PROC_REGISTER = 1,
 
 /**
  * @generate: none
+ * @acl: none
  */
 VIR_LOCK_SPACE_PROTOCOL_PROC_RESTRICT = 2,
 
 /**
  * @generate: none
+ * @acl: none
  */
 VIR_LOCK_SPACE_PROTOCOL_PROC_NEW = 3,
 
 /**
  * @generate: none
+ * @acl: none
  */
 VIR_LOCK_SPACE_PROTOCOL_PROC_CREATE_RESOURCE = 4,
 
 /**
  * @generate: none
+ * @acl: none
  */
 VIR_LOCK_SPACE_PROTOCOL_PROC_DELETE_RESOURCE = 5,
 
 /**
  * @generate: none
+ * @acl: none
  */
 VIR_LOCK_SPACE_PROTOCOL_PROC_ACQUIRE_RESOURCE = 6,
 
 /**
  * @generate: none
+ * @acl: none
  */
 VIR_LOCK_SPACE_PROTOCOL_PROC_RELEASE_RESOURCE = 7,
 
 /**
  * @generate: none
+ * @acl: none
  */
 VIR_LOCK_SPACE_PROTOCOL_PROC_CREATE_LOCKSPACE = 8
 };
diff --git a/src/remote/lxc_protocol.x b/src/remote/lxc_protocol.x
index f6cd590..1cde90e 100644
--- a/src/remote/lxc_protocol.x
+++ b/src/remote/lxc_protocol.x
@@ -65,6 +65,7 @@ enum lxc_procedure {
 /**
  * @generate: none
  * @priority: low
+ * @acl: domain:open_namespace
  */
 LXC_PROC_DOMAIN_OPEN_NAMESPACE = 1
 };
diff --git a/src/remote/qemu_protocol.x b/src/remote/qemu_protocol.x
index 63fd92f..1e7cf7c 100644
--- a/src/remote/qemu_protocol.x
+++ b/src/remote/qemu_protocol.x
@@ -91,18 +91,22 @@ enum qemu_procedure {
 /**
  * @generate: none
  * @priority: low
+ * @acl: domain:write
  */
 QEMU_PROC_DOMAIN_MONITOR_COMMAND = 1,
 
 /**
  * @generate: both
  * @priority: low
+ * @acl: domain:start
+ * @acl: domain:write
  */
 QEMU_PROC_DOMAIN_ATTACH = 2,
 
 /**
  * @generate: both
  * @priority: low
+ * @acl: domain:write
  */
 QEMU_PROC_DOMAIN_AGENT_COMMAND = 3
 };
diff --git a/src/remote/remote_protocol.x b/src/remote/remote_protocol.x
index f61d10c..33fb338 100644
--- a/src/remote/remote_protocol.x
+++ b/src/remote/remote_protocol.x
@@ -2775,1664 +2775,2070 @@ enum remote_procedure {
  *   to this rule, e.g. domainDestroy. Other APIs MAY be marked as high
  *   priority. If in doubt, it's safe to choose low. Low is taken as 
default,
  *   and thus can be left out.
+ *
+ * - @acl: :
+ * - @acl: ::
+ *
+ *   Declare the access control requirements for the API. May be repeated
+ *   multiple times, if multiple rules are required.
+ *
+ *  is one of 'connect', 'domain', 'network', 'storagepool',
+ *  'interface', 'nodedev', 'secret'.
+ *  is one of the permissions in access/viraccessperm.h
+ *  indicates the rule only applies if the named flag
+ * is set in the API call
+ *
+ * - @aclfilter: :
+ *
+ *   Declare an access control filter that will be applied to a list
+ *   of objects being returned by an API. This allows the returned
+ *   list to be filtered to only show those the user has permissions
+ *   against
  */
 
 /**
  * @generate: none
  * @priority: high
+ * @acl: connect:getattr
  */
 REMOTE_PROC_CONNECT_OPEN = 1,
 
 /**
  * @generate: none
  * @priority: high
+ * @acl: none
  */
 REMOTE_PROC_CONNECT_CLOSE = 2,
 
 /**
  * @generate: server
  * @priority: high
+ * @acl: connect:getattr
  */
 REMOTE_PROC_CONNECT_GET_TYPE = 3,
 
 /**
  * @generate: both
  * @priority: high
+ * @acl: connect:getattr
  */
 REMOTE_PROC_CONNECT_GET_VERSION = 4,
 
 /**
  * @generate: both
 

[libvirt] [PATCH 11/19] Add ACL checks into the Xen driver

[Daniel P. Berrange]

From: "Daniel P. Berrange" 

Insert calls to the ACL checking APIs in all Xen driver
entrypoints.

Signed-off-by: Daniel P. Berrange 
---
 src/xen/xen_driver.c | 217 +--
 1 file changed, 209 insertions(+), 8 deletions(-)

diff --git a/src/xen/xen_driver.c b/src/xen/xen_driver.c
index a6c87ce..77f1fae 100644
--- a/src/xen/xen_driver.c
+++ b/src/xen/xen_driver.c
@@ -66,6 +66,7 @@
 #include "nodeinfo.h"
 #include "configmake.h"
 #include "virstring.h"
+#include "access/viraccessapicheck.h"
 
 #define VIR_FROM_THIS VIR_FROM_XEN
 #define XEN_SAVE_DIR LOCALSTATEDIR "/lib/libvirt/xen/save"
@@ -398,6 +399,9 @@ xenUnifiedConnectOpen(virConnectPtr conn, virConnectAuthPtr 
auth, unsigned int f
 /* We now know the URI is definitely for this driver, so beyond
  * here, don't return DECLINED, always use ERROR */
 
+if (virConnectOpenEnsureACL(conn) < 0)
+return VIR_DRV_OPEN_ERROR;
+
 /* Allocate per-connection private data. */
 if (VIR_ALLOC(priv) < 0) {
 virReportOOMError();
@@ -544,15 +548,21 @@ unsigned long xenUnifiedVersion(void)
 
 
 static const char *
-xenUnifiedConnectGetType(virConnectPtr conn ATTRIBUTE_UNUSED)
+xenUnifiedConnectGetType(virConnectPtr conn)
 {
+if (virConnectGetTypeEnsureACL(conn) < 0)
+return NULL;
+
 return "Xen";
 }
 
 /* Which features are supported by this driver? */
 static int
-xenUnifiedConnectSupportsFeature(virConnectPtr conn ATTRIBUTE_UNUSED, int 
feature)
+xenUnifiedConnectSupportsFeature(virConnectPtr conn, int feature)
 {
+if (virConnectSupportsFeatureEnsureACL(conn) < 0)
+return -1;
+
 switch (feature) {
 case VIR_DRV_FEATURE_MIGRATION_V1:
 case VIR_DRV_FEATURE_MIGRATION_DIRECT:
@@ -565,12 +575,18 @@ xenUnifiedConnectSupportsFeature(virConnectPtr conn 
ATTRIBUTE_UNUSED, int featur
 static int
 xenUnifiedConnectGetVersion(virConnectPtr conn, unsigned long *hvVer)
 {
+if (virConnectGetVersionEnsureACL(conn) < 0)
+return -1;
+
 return xenHypervisorGetVersion(conn, hvVer);
 }
 
 
-static char *xenUnifiedConnectGetHostname(virConnectPtr conn ATTRIBUTE_UNUSED)
+static char *xenUnifiedConnectGetHostname(virConnectPtr conn)
 {
+if (virConnectGetHostnameEnsureACL(conn) < 0)
+return NULL;
+
 return virGetHostname();
 }
 
@@ -605,6 +621,9 @@ xenUnifiedConnectIsAlive(virConnectPtr conn 
ATTRIBUTE_UNUSED)
 int
 xenUnifiedConnectGetMaxVcpus(virConnectPtr conn, const char *type)
 {
+if (virConnectGetMaxVcpusEnsureACL(conn) < 0)
+return -1;
+
 if (type && STRCASENEQ(type, "Xen")) {
 virReportError(VIR_ERR_INVALID_ARG, __FUNCTION__);
 return -1;
@@ -616,6 +635,9 @@ xenUnifiedConnectGetMaxVcpus(virConnectPtr conn, const char 
*type)
 static int
 xenUnifiedNodeGetInfo(virConnectPtr conn, virNodeInfoPtr info)
 {
+if (virNodeGetInfoEnsureACL(conn) < 0)
+return -1;
+
 return xenDaemonNodeGetInfo(conn, info);
 }
 
@@ -625,6 +647,9 @@ xenUnifiedConnectGetCapabilities(virConnectPtr conn)
 xenUnifiedPrivatePtr priv = conn->privateData;
 char *xml;
 
+if (virConnectGetCapabilitiesEnsureACL(conn) < 0)
+return NULL;
+
 if (!(xml = virCapabilitiesFormatXML(priv->caps))) {
 virReportOOMError();
 return NULL;
@@ -636,12 +661,18 @@ xenUnifiedConnectGetCapabilities(virConnectPtr conn)
 static int
 xenUnifiedConnectListDomains(virConnectPtr conn, int *ids, int maxids)
 {
+if (virConnectListDomainsEnsureACL(conn) < 0)
+return -1;
+
 return xenStoreListDomains(conn, ids, maxids);
 }
 
 static int
 xenUnifiedConnectNumOfDomains(virConnectPtr conn)
 {
+if (virConnectNumOfDomainsEnsureACL(conn) < 0)
+return -1;
+
 return xenStoreNumOfDomains(conn);
 }
 
@@ -661,6 +692,9 @@ xenUnifiedDomainCreateXML(virConnectPtr conn,
 VIR_DOMAIN_XML_INACTIVE)))
 goto cleanup;
 
+if (virDomainCreateXMLEnsureACL(conn, def) < 0)
+goto cleanup;
+
 if (xenDaemonCreateXML(conn, def) < 0)
 goto cleanup;
 
@@ -682,6 +716,9 @@ xenUnifiedDomainLookupByID(virConnectPtr conn, int id)
 if (!(def = xenGetDomainDefForID(conn, id)))
 goto cleanup;
 
+if (virDomainLookupByIDEnsureACL(conn, def) < 0)
+goto cleanup;
+
 if (!(ret = virGetDomain(conn, def->name, def->uuid)))
 goto cleanup;
 
@@ -702,6 +739,9 @@ xenUnifiedDomainLookupByUUID(virConnectPtr conn,
 if (!(def = xenGetDomainDefForUUID(conn, uuid)))
 goto cleanup;
 
+if (virDomainLookupByUUIDEnsureACL(conn, def) < 0)
+goto cleanup;
+
 if (!(ret = virGetDomain(conn, def->name, def->uuid)))
 goto cleanup;
 
@@ -722,6 +762,9 @@ xenUnifiedDomainLookupByName(virConnectPtr conn,
 if (!(def = xenGetDomainDefForName(conn, name)))
 goto cleanup;
 
+if (virDomainLookupByNameEnsureACL(conn, def) < 0)
+goto cleanup;
+
 if (!(ret = virGetDomain(conn, def->name, def->uui

[libvirt] [PATCH 00/19] Support for access control

[Daniel P. Berrange]

From: "Daniel P. Berrange" 

This series (which depends on the Xen refactoring patches) adds
support for access control checks on all APIs that run inside
libvirtd.

The first patch defines the basic objects which can be checked
and the permissions associated with each object. In addition
it provides the basic internal (pluggable) API for access
control checks

Later there are policykit and selinux drivers for the access
control framework. Neither of these is currently optimal
but they have basic functionality working

To ensure that we don't forget access control checks when
adding new APIs, we maintain metadata in the remote_protocol.x
file against each method declaring what access control check
must be done.

There are actually two checks possible. The first check is
against the object being used. The optional second check
is against the objects being returned (if any). The latter
is used to filter what can be seen when asking for a list
of objects (eg 'virsh list' gets filtered)

Again to ensure accurate checks, we automate the generation
of methods for applying access control checks to each API.
These helper methods are named to match the public API names.
The last patch ensures that every method listed in the
virDriverPtr tables has a call to an access control
helper with the same name as the public API.

And of course there are the patches which actually add
the access control checks.

Still todo

 - Not all Xen methods have access control checks yet.
   This causes the test case in the last patch to report
   failures

 - Have not wired up the checks for filtering the returned
   objects in any driver yet

 - The polkit driver is inefficient since it spawns
   pkcheck for each check. We need to talk to DBus
   directly since ACL checks will be very frequent
   and need to be lightweight

 - The SELinux driver is validating against the label
   of libvirtd. We need to validate against the label of
   the virDomainDefPtr security model or some equivalent
   for other objects.

 - Need to write a generic RBAC access control impl. It
   was hoped that new polkit would make this obsolete.
   Polkit is still unable to do access control checks
   for non-local users though eg it can't validate
   against SASL usernames or x509 certs.

Daniel P. Berrange (19):
  Define basic internal API for access control
  Set conn->driver before running driver connectOpen method
  Setup default access control manager in libvirtd
  Add a policy kit access control driver
  Add an SELinux access control driver
  Add ACL annotations to all RPC messages
  Auto-generate helpers for checking access control rules
  Add ACL checks into the QEMU driver
  Add ACL checks into the LXC driver
  Add ACL checks into the UML driver
  Add ACL checks into the Xen driver
  Add ACL checks into the libxl driver
  Add ACL checks into the storage driver
  Add ACL checks into the network driver
  Add ACL checks into the interface driver
  Add ACL checks into the node device driver
  Add ACL checks into the nwfilter driver
  Add ACL checks into the secrets driver
  Add validation that all APIs contain ACL checks

 .gitignore  |  10 +
 daemon/Makefile.am  |   1 +
 daemon/libvirtd-config.c|   4 +
 daemon/libvirtd-config.h|   2 +
 daemon/libvirtd.aug |   1 +
 daemon/libvirtd.c   |  27 ++
 daemon/libvirtd.conf|   9 +
 daemon/test_libvirtd.aug.in |   4 +
 include/libvirt/virterror.h |   4 +
 m4/virt-compile-warnings.m4 |   1 +
 m4/virt-selinux.m4  |   2 +
 po/POTFILES.in  |   3 +
 src/Makefile.am | 128 +-
 src/access/genpolkit.pl | 119 ++
 src/access/viraccessdriver.h|  89 
 src/access/viraccessdrivernop.c | 118 ++
 src/access/viraccessdrivernop.h |  28 ++
 src/access/viraccessdriverpolkit.c  | 399 ++
 src/access/viraccessdriverpolkit.h  |  28 ++
 src/access/viraccessdriverselinux.c | 565 +
 src/access/viraccessdriverselinux.h |  28 ++
 src/access/viraccessdriverstack.c   | 285 +
 src/access/viraccessdriverstack.h   |  32 ++
 src/access/viraccessmanager.c   | 352 
 src/access/viraccessmanager.h   |  91 
 src/access/viraccessperm.c  |  84 
 src/access/viraccessperm.h  | 647 +
 src/check-aclrules.pl   | 144 +++
 src/interface/interface_backend_netcf.c | 114 +
 src/interface/interface_backend_udev.c  |  85 +++-
 src/internal.h  |   4 +
 src/libvirt.c   |  11 +-
 src/libvirt_private.syms|  37 ++
 src/libxl/libxl_driver.c| 187 -
 src/locking/lock_protocol.x |   8 +
 

Re: [libvirt] [PATCH] Replace 'goto clean' with 'goto cleanup' in apparmor code

[Michal Privoznik]

On 09.05.2013 15:02, Daniel P. Berrange wrote:
> From: "Daniel P. Berrange" 
> 
> Some of the apparmor code files did not follow the normal
> goto label naming pratices
> 
> Signed-off-by: Daniel P. Berrange 
> ---
>  src/security/security_apparmor.c | 34 ++---
>  src/security/virt-aa-helper.c| 66 
> 
>  2 files changed, 50 insertions(+), 50 deletions(-)
> 

Funny, I've just used 'git show -W' for the first time :)

ACK

Michal

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH] Replace 'goto err' with 'goto cleanup' in udev interface driver

[Michal Privoznik]

On 09.05.2013 15:02, Daniel P. Berrange wrote:
> From: "Daniel P. Berrange" 
> 
> The udev interface driver did not follow standard naming
> convention for goto labels.
> 
> Signed-off-by: Daniel P. Berrange 
> ---
>  src/interface/interface_backend_udev.c | 32 
>  1 file changed, 16 insertions(+), 16 deletions(-)


Do we want to bother with udevConnectListAllInterfaces? The 'cleanup'
label makes a tiny bit of sense although I'd vote for 'error'.

However, in:
udevGetIfaceDefBond
udevGetIfaceDefVlan
udevGetIfaceDef

s/cleanup/error/ shall be made.

But this patch is good as-is. ACK if you reconsider extending this patch
to functions I've pointed out.

Michal

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] [PATCH] Replace list of driver source files with variables

[Daniel P. Berrange]

From: "Daniel P. Berrange" 

Update the DRIVER_SOURCE_FILES variable to reference the
other various XXX_SOURCES variables, instead of duplicating
the filename lists. This results in a bunch of extra files
being processed, but the test scripts can easily skip those

Signed-off-by: Daniel P. Berrange 
---
 src/Makefile.am | 58 +
 1 file changed, 21 insertions(+), 37 deletions(-)

diff --git a/src/Makefile.am b/src/Makefile.am
index 6c2788c..6175b84 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -438,44 +438,28 @@ check-drivername:
 EXTRA_DIST += check-drivername.pl
 
 DRIVER_SOURCE_FILES = \
-   esx/esx_device_monitor.c \
-   esx/esx_driver.c \
-   esx/esx_interface_driver.c \
-   esx/esx_network_driver.c \
-   esx/esx_nwfilter_driver.c \
-   esx/esx_secret_driver.c \
-   esx/esx_storage_driver.c \
-   hyperv/hyperv_device_monitor.c \
-   hyperv/hyperv_driver.c \
-   hyperv/hyperv_interface_driver.c \
-   hyperv/hyperv_network_driver.c \
-   hyperv/hyperv_nwfilter_driver.c \
-   hyperv/hyperv_secret_driver.c \
-   hyperv/hyperv_storage_driver.c \
-   interface/interface_backend_netcf.c \
-   interface/interface_backend_udev.c \
-   libxl/libxl_driver.c \
-   lxc/lxc_driver.c \
-   network/bridge_driver.c \
-   node_device/node_device_hal.c \
-   node_device/node_device_udev.c \
-   nwfilter/nwfilter_driver.c \
-   openvz/openvz_driver.c \
-   parallels/parallels_driver.c \
-   parallels/parallels_network.c \
-   parallels/parallels_storage.c \
-   phyp/phyp_driver.c \
-   qemu/qemu_driver.c \
-   remote/remote_driver.c \
-   secret/secret_driver.c \
-   storage/storage_driver.c \
-   test/test_driver.c \
-   uml/uml_driver.c \
-   vbox/vbox_driver.c \
+   $(ESX_DRIVER_SOURCES) \
+   $(HYPERV_DRIVER_SORUCES) \
+   $(INTERFACE_DRIVER_SOURCES) \
+   $(LIBXL_DRIVER_SOURCES) \
+   $(LXC_DRIVER_SOURCES) \
+   $(NETWORK_DRIVER_SOURCES) \
+   $(NODE_DEVICE_DRIVER_SOURCES) \
+   $(NWFILTER_DRIVER_SOURCES) \
+   $(OPENVZ_DRIVER_SOURCES) \
+   $(PARALLELS_DRIVER_SOURCES) \
+   $(PHYP_DRIVER_SOURCES) \
+   $(QEMU_DRIVER_SOURCES) \
+   $(REMOTE_DRIVER_SOURCES) \
+   $(SECRET_DRIVER_SOURCES) \
+   $(STORAGE_DRIVER_SOURCES) \
+   $(TEST_DRIVER_SOURCES) \
+   $(UML_DRIVER_SOURCES) \
+   $(VBOX_DRIVER_SOURCES) \
vbox/vbox_tmpl.c \
-   vmware/vmware_driver.c \
-   xen/xen_driver.c \
-   xenapi/xenapi_driver.c \
+   $(VMWARE_DRIVER_SOURCES) \
+   $(XEN_DRIVER_SOURCES) \
+   $(XENAPI_DRIVER_SOURCES) \
$(NULL)
 
 
-- 
1.8.1.4

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] [PATCH] Fix naming of methods in ESX storage backends to follow public APIs

[Daniel P. Berrange]

From: "Daniel P. Berrange" 

The previous update of method naming missed the ESX storage
backend files. Update them is that the driver impl methods
follow the naming of the public API but with s/vir/esx/

Signed-off-by: Daniel P. Berrange 
---
 src/esx/esx_storage_backend_iscsi.c | 104 ++--
 src/esx/esx_storage_backend_vmfs.c  | 104 ++--
 2 files changed, 104 insertions(+), 104 deletions(-)

diff --git a/src/esx/esx_storage_backend_iscsi.c 
b/src/esx/esx_storage_backend_iscsi.c
index a22adb4..d91d7b0 100644
--- a/src/esx/esx_storage_backend_iscsi.c
+++ b/src/esx/esx_storage_backend_iscsi.c
@@ -51,7 +51,7 @@ verify(MD5_DIGEST_SIZE == VIR_UUID_BUFLEN);
 
 
 static int
-esxStorageBackendISCSINumberOfPools(virConnectPtr conn)
+esxConnectNumOfStoragePools(virConnectPtr conn)
 {
 bool success = false;
 int count = 0;
@@ -95,8 +95,8 @@ esxStorageBackendISCSINumberOfPools(virConnectPtr conn)
 
 
 static int
-esxStorageBackendISCSIListPools(virConnectPtr conn, char **const names,
-const int maxnames)
+esxConnectListStoragePools(virConnectPtr conn, char **const names,
+   const int maxnames)
 {
 bool success = false;
 int count = 0;
@@ -154,8 +154,8 @@ esxStorageBackendISCSIListPools(virConnectPtr conn, char 
**const names,
 
 
 static virStoragePoolPtr
-esxStorageBackendISCSIPoolLookupByName(virConnectPtr conn,
-   const char *name)
+esxStoragePoolLookupByName(virConnectPtr conn,
+   const char *name)
 {
 esxPrivate *priv = conn->storagePrivateData;
 esxVI_HostInternetScsiHbaStaticTarget *target = NULL;
@@ -196,8 +196,8 @@ esxStorageBackendISCSIPoolLookupByName(virConnectPtr conn,
 
 
 static virStoragePoolPtr
-esxStorageBackendISCSIPoolLookupByUUID(virConnectPtr conn,
-   const unsigned char *uuid)
+esxStoragePoolLookupByUUID(virConnectPtr conn,
+   const unsigned char *uuid)
 {
 virStoragePoolPtr pool = NULL;
 esxPrivate *priv = conn->storagePrivateData;
@@ -245,8 +245,8 @@ esxStorageBackendISCSIPoolLookupByUUID(virConnectPtr conn,
 
 
 static int
-esxStorageBackendISCSIPoolRefresh(virStoragePoolPtr pool,
-  unsigned int flags)
+esxStoragePoolRefresh(virStoragePoolPtr pool,
+  unsigned int flags)
 {
 int result = -1;
 esxPrivate *priv = pool->conn->storagePrivateData;
@@ -280,8 +280,8 @@ esxStorageBackendISCSIPoolRefresh(virStoragePoolPtr pool,
 
 
 static int
-esxStorageBackendISCSIPoolGetInfo(virStoragePoolPtr pool ATTRIBUTE_UNUSED,
-  virStoragePoolInfoPtr info)
+esxStoragePoolGetInfo(virStoragePoolPtr pool ATTRIBUTE_UNUSED,
+  virStoragePoolInfoPtr info)
 {
 /* These fields are not valid for iSCSI pool */
 info->allocation = info->capacity = info->available = 0;
@@ -293,7 +293,7 @@ esxStorageBackendISCSIPoolGetInfo(virStoragePoolPtr pool 
ATTRIBUTE_UNUSED,
 
 
 static char *
-esxStorageBackendISCSIPoolGetXMLDesc(virStoragePoolPtr pool, unsigned int 
flags)
+esxStoragePoolGetXMLDesc(virStoragePoolPtr pool, unsigned int flags)
 {
 char *xml = NULL;
 esxPrivate *priv = pool->conn->storagePrivateData;
@@ -358,7 +358,7 @@ esxStorageBackendISCSIPoolGetXMLDesc(virStoragePoolPtr 
pool, unsigned int flags)
 
 
 static int
-esxStorageBackendISCSIPoolNumberOfVolumes(virStoragePoolPtr pool)
+esxStoragePoolNumOfVolumes(virStoragePoolPtr pool)
 {
 int count = 0;
 esxPrivate *priv = pool->conn->storagePrivateData;
@@ -384,8 +384,8 @@ esxStorageBackendISCSIPoolNumberOfVolumes(virStoragePoolPtr 
pool)
 
 
 static int
-esxStorageBackendISCSIPoolListVolumes(virStoragePoolPtr pool, char **const 
names,
-  int maxnames)
+esxStoragePoolListVolumes(virStoragePoolPtr pool, char **const names,
+  int maxnames)
 {
 bool success = false;
 int count = 0;
@@ -444,8 +444,8 @@ esxStorageBackendISCSIPoolListVolumes(virStoragePoolPtr 
pool, char **const names
 
 
 static virStorageVolPtr
-esxStorageBackendISCSIVolumeLookupByName(virStoragePoolPtr pool,
- const char *name)
+esxStorageVolLookupByName(virStoragePoolPtr pool,
+  const char *name)
 {
 virStorageVolPtr volume = NULL;
 esxPrivate *priv = pool->conn->storagePrivateData;
@@ -491,7 +491,7 @@ esxStorageBackendISCSIVolumeLookupByName(virStoragePoolPtr 
pool,
 
 
 static virStorageVolPtr
-esxStorageBackendISCSIVolumeLookupByPath(virConnectPtr conn, const char *path)
+esxStorageVolLookupByPath(virConnectPtr conn, const char *path)
 {
 virStorageVolPtr volume = NULL;
 esxPrivate *priv = conn->storagePrivateData;
@@ -539,7 +539,7 @@ esxStorageBackendISCSIVolumeLookupByPath(virConnectPtr 
conn, const char *path)
 
 
 static virStorageVolPtr
-esxS

[libvirt] [PATCH] Skip virNWFilterTechDriver when validating API naming

[Daniel P. Berrange]

From: "Daniel P. Berrange" 

The virNWFilterTechDriver struct is an internal only driver
API with no public API equivalent. It should be skipped by
the 'check-driverimpls' test case

Signed-off-by: Daniel P. Berrange 
---
 src/check-driverimpls.pl | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/check-driverimpls.pl b/src/check-driverimpls.pl
index e385de0..17e2b48 100755
--- a/src/check-driverimpls.pl
+++ b/src/check-driverimpls.pl
@@ -68,7 +68,8 @@ while (<>) {
 }
 }
 } elsif (/^(?:static\s+)?(vir(?:\w+)?Driver)\s+/) {
-next if $1 eq "virNWFilterCallbackDriver";
+next if $1 eq "virNWFilterCallbackDriver" ||
+$1 eq "virNWFilterTechDriver";
 $intable = 1;
 $table = $1;
 }
-- 
1.8.1.4

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH] Fix build of python bindings on Python 2.4

[Michal Privoznik]

On 09.05.2013 15:01, Daniel P. Berrange wrote:
> From: "Daniel P. Berrange" 
> 
> The PyDict_Next method on Python <= 2.4 used 'int' instead
> of "Py_ssize_t" for the 'pos' parameter
> 
> Signed-off-by: Daniel P. Berrange 
> ---
>  python/libvirt-override.c | 4 
>  1 file changed, 4 insertions(+)
> 
> diff --git a/python/libvirt-override.c b/python/libvirt-override.c
> index 856789a..fd9ebb8 100644
> --- a/python/libvirt-override.c
> +++ b/python/libvirt-override.c
> @@ -152,7 +152,11 @@ setPyVirTypedParameter(PyObject *info,
> const virTypedParameterPtr params, int nparams)
>  {
>  PyObject *key, *value;
> +#if PY_MAJOR_VERSION == 2 && PY_MINOR_VERSION <= 4
> +int pos = 0;
> +#else
>  Py_ssize_t pos = 0;
> +#endif
>  virTypedParameterPtr temp = NULL, ret = NULL;
>  Py_ssize_t size;
>  int i;
> 

ACK

Michal

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 01/11] Convert Xen domain lookup driver methods to use virDomainDefPtr

[Daniel P. Berrange]

On Thu, May 09, 2013 at 03:01:42PM +0200, Michal Privoznik wrote:
> On 09.05.2013 14:59, Daniel P. Berrange wrote:
> > From: "Daniel P. Berrange" 
> > 
> > Introduce use of a virDomainDefPtr in the domain lookup
> > APIs to simplify introduction of ACL security checks.
> > The virDomainPtr cannot be safely used, since the app
> > may have supplied mis-matching name/uuid/id fields. eg
> > the name points to domain X, while the uuid points to
> > domain Y. Resolving the virDomainPtr to a virDomainDefPtr
> > ensures a consistent name/uuid/id set.
> > 
> > Signed-off-by: Daniel P. Berrange 
> > ---
> >  src/conf/domain_conf.c   |  24 
> >  src/conf/domain_conf.h   |   4 ++
> >  src/libvirt_private.syms |   1 +
> >  src/xen/xen_driver.c | 147 
> > +++
> >  src/xen/xen_hypervisor.c |  17 +++---
> >  src/xen/xen_hypervisor.h |   8 +--
> >  src/xen/xen_inotify.c|  14 ++---
> >  src/xen/xend_internal.c  |  34 +--
> >  src/xen/xend_internal.h  |   4 +-
> >  src/xen/xm_internal.c|  30 --
> >  src/xen/xm_internal.h|   5 +-
> >  11 files changed, 173 insertions(+), 115 deletions(-)
> > 
> > diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
> > index d55ce6b..61995cd 100644
> > --- a/src/conf/domain_conf.c
> > +++ b/src/conf/domain_conf.c
> > @@ -2048,6 +2048,30 @@ error:
> >  return NULL;
> >  }
> >  
> > +
> > +virDomainDefPtr virDomainDefNew(const char *name,
> > +const unsigned char *uuid,
> > +int id)
> > +{
> > +virDomainDefPtr def;
> > +
> > +if (VIR_ALLOC(def) < 0) {
> > +virReportOOMError();
> > +return NULL;
> > +}
> > +
> > +if (!(def->name = strdup(name))) {
> > +VIR_FREE(def);
> > +return NULL;
> > +}
> 
> Can you switch to VIR_STRDUP instead?

Ok, consider this to be squashed in once acked

@@ -2060,7 +2060,7 @@ virDomainDefPtr virDomainDefNew(const char *name,
 return NULL;
 }
 
-if (!(def->name = strdup(name))) {
+if (VIR_STRDUP(def->name, name) < 0) {
 VIR_FREE(def);
 return NULL;
 }


Daniel
-- 
|: http://berrange.com  -o-http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org  -o- http://virt-manager.org :|
|: http://autobuild.org   -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org   -o-   http://live.gnome.org/gtk-vnc :|

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] [PATCH 08/11] Convert Xen domain autostart driver methods to use virDomainDefPtr

[Daniel P. Berrange]

From: "Daniel P. Berrange" 

Introduce use of a virDomainDefPtr in the domain autostart
APIs to simplify introduction of ACL security checks.
The virDomainPtr cannot be safely used, since the app
may have supplied mis-matching name/uuid/id fields. eg
the name points to domain X, while the uuid points to
domain Y. Resolving the virDomainPtr to a virDomainDefPtr
ensures a consistent name/uuid/id set.

Signed-off-by: Daniel P. Berrange 
---
 src/xen/xen_driver.c| 26 ++
 src/xen/xend_internal.c | 14 +-
 src/xen/xend_internal.h | 10 ++
 src/xen/xm_internal.c   | 22 --
 src/xen/xm_internal.h   |  6 --
 5 files changed, 53 insertions(+), 25 deletions(-)

diff --git a/src/xen/xen_driver.c b/src/xen/xen_driver.c
index f5f6407..43b3020 100644
--- a/src/xen/xen_driver.c
+++ b/src/xen/xen_driver.c
@@ -1811,22 +1811,40 @@ static int
 xenUnifiedDomainGetAutostart(virDomainPtr dom, int *autostart)
 {
 xenUnifiedPrivatePtr priv = dom->conn->privateData;
+virDomainDefPtr def = NULL;
+int ret = -1;
+
+if (!(def = xenGetDomainDefForDom(dom)))
+goto cleanup;
 
 if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4)
-return xenXMDomainGetAutostart(dom, autostart);
+ret = xenXMDomainGetAutostart(def, autostart);
 else
-return xenDaemonDomainGetAutostart(dom, autostart);
+ret = xenDaemonDomainGetAutostart(dom->conn, def, autostart);
+
+cleanup:
+virDomainDefFree(def);
+return ret;
 }
 
 static int
 xenUnifiedDomainSetAutostart(virDomainPtr dom, int autostart)
 {
 xenUnifiedPrivatePtr priv = dom->conn->privateData;
+virDomainDefPtr def = NULL;
+int ret = -1;
+
+if (!(def = xenGetDomainDefForDom(dom)))
+goto cleanup;
 
 if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4)
-return xenXMDomainSetAutostart(dom, autostart);
+ret = xenXMDomainSetAutostart(def, autostart);
 else
-return xenDaemonDomainSetAutostart(dom, autostart);
+ret = xenDaemonDomainSetAutostart(dom->conn, def, autostart);
+
+cleanup:
+virDomainDefFree(def);
+return ret;
 }
 
 static char *
diff --git a/src/xen/xend_internal.c b/src/xen/xend_internal.c
index 2715a3e..3d852d2 100644
--- a/src/xen/xend_internal.c
+++ b/src/xen/xend_internal.c
@@ -2546,12 +2546,14 @@ cleanup:
 }
 
 int
-xenDaemonDomainGetAutostart(virDomainPtr domain, int *autostart)
+xenDaemonDomainGetAutostart(virConnectPtr conn,
+virDomainDefPtr def,
+int *autostart)
 {
 struct sexpr *root;
 const char *tmp;
 
-root = sexpr_get(domain->conn, "/xend/domain/%s?detail=1", domain->name);
+root = sexpr_get(conn, "/xend/domain/%s?detail=1", def->name);
 if (root == NULL) {
 virReportError(VIR_ERR_XEN_CALL,
"%s", _("xenDaemonGetAutostart failed to find this 
domain"));
@@ -2570,14 +2572,16 @@ xenDaemonDomainGetAutostart(virDomainPtr domain, int 
*autostart)
 }
 
 int
-xenDaemonDomainSetAutostart(virDomainPtr domain, int autostart)
+xenDaemonDomainSetAutostart(virConnectPtr conn,
+virDomainDefPtr def,
+int autostart)
 {
 struct sexpr *root, *autonode;
 virBuffer buffer = VIR_BUFFER_INITIALIZER;
 char *content = NULL;
 int ret = -1;
 
-root = sexpr_get(domain->conn, "/xend/domain/%s?detail=1", domain->name);
+root = sexpr_get(conn, "/xend/domain/%s?detail=1", def->name);
 if (root == NULL) {
 virReportError(VIR_ERR_XEN_CALL,
"%s", _("xenDaemonSetAutostart failed to find this 
domain"));
@@ -2616,7 +2620,7 @@ xenDaemonDomainSetAutostart(virDomainPtr domain, int 
autostart)
 
 content = virBufferContentAndReset(&buffer);
 
-if (xend_op(domain->conn, "", "op", "new", "config", content, NULL) != 
0) {
+if (xend_op(conn, "", "op", "new", "config", content, NULL) != 0) {
 virReportError(VIR_ERR_XEN_CALL,
"%s", _("Failed to redefine sexpr"));
 goto error;
diff --git a/src/xen/xend_internal.h b/src/xen/xend_internal.h
index 62b85ef..3a7c0ac 100644
--- a/src/xen/xend_internal.h
+++ b/src/xen/xend_internal.h
@@ -167,10 +167,12 @@ int xenDaemonUpdateDeviceFlags(virConnectPtr conn,
virDomainDefPtr def,
const char *xml,
unsigned int flags);
-int xenDaemonDomainGetAutostart  (virDomainPtr dom,
-  int *autostart);
-int xenDaemonDomainSetAutostart  (virDomainPtr domain,
-  int autostart);
+int xenDaemonDomainGetAutostart(virConnectPtr conn,
+virDomainDefPtr def,
+int *autostart);
+int xenDaemonDomainSetAutostart(virConnectPtr conn,
+ 

[libvirt] [PATCH 09/11] Convert Xen domain scheduler driver methods to use virDomainDefPtr

[Daniel P. Berrange]

From: "Daniel P. Berrange" 

Introduce use of a virDomainDefPtr in the domain scheduler
APIs to simplify introduction of ACL security checks.
The virDomainPtr cannot be safely used, since the app
may have supplied mis-matching name/uuid/id fields. eg
the name points to domain X, while the uuid points to
domain Y. Resolving the virDomainPtr to a virDomainDefPtr
ensures a consistent name/uuid/id set.

Signed-off-by: Daniel P. Berrange 
---
 src/xen/xen_driver.c | 45 -
 src/xen/xen_hypervisor.c | 19 +++
 src/xen/xen_hypervisor.h | 16 +---
 src/xen/xend_internal.c  | 27 +++
 src/xen/xend_internal.h  |  9 ++---
 5 files changed, 77 insertions(+), 39 deletions(-)

diff --git a/src/xen/xen_driver.c b/src/xen/xen_driver.c
index 43b3020..5ab1a52 100644
--- a/src/xen/xen_driver.c
+++ b/src/xen/xen_driver.c
@@ -1851,17 +1851,26 @@ static char *
 xenUnifiedDomainGetSchedulerType(virDomainPtr dom, int *nparams)
 {
 xenUnifiedPrivatePtr priv = dom->conn->privateData;
+virDomainDefPtr def = NULL;
+char *ret = NULL;
+
+if (!(def = xenGetDomainDefForDom(dom)))
+goto cleanup;
 
 if (dom->id < 0) {
 if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) {
 virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
_("Cannot change scheduler parameters"));
-return NULL;
+goto cleanup;
 }
-return xenDaemonGetSchedulerType(dom, nparams);
+ret = xenDaemonGetSchedulerType(dom->conn, nparams);
 } else {
-return xenHypervisorGetSchedulerType(dom, nparams);
+ret = xenHypervisorGetSchedulerType(dom->conn, nparams);
 }
+
+cleanup:
+virDomainDefFree(def);
+return ret;
 }
 
 static int
@@ -1871,19 +1880,28 @@ 
xenUnifiedDomainGetSchedulerParametersFlags(virDomainPtr dom,
 unsigned int flags)
 {
 xenUnifiedPrivatePtr priv = dom->conn->privateData;
+virDomainDefPtr def = NULL;
+int ret = -1;
 
 virCheckFlags(0, -1);
 
+if (!(def = xenGetDomainDefForDom(dom)))
+goto cleanup;
+
 if (dom->id < 0) {
 if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) {
 virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
_("Cannot change scheduler parameters"));
-return -1;
+goto cleanup;
 }
-return xenDaemonGetSchedulerParameters(dom, params, nparams);
+ret = xenDaemonGetSchedulerParameters(dom->conn, def, params, nparams);
 } else {
-return xenHypervisorGetSchedulerParameters(dom, params, nparams);
+ret = xenHypervisorGetSchedulerParameters(dom->conn, def, params, 
nparams);
 }
+
+cleanup:
+virDomainDefFree(def);
+return ret;
 }
 
 static int
@@ -1902,19 +1920,28 @@ 
xenUnifiedDomainSetSchedulerParametersFlags(virDomainPtr dom,
 unsigned int flags)
 {
 xenUnifiedPrivatePtr priv = dom->conn->privateData;
+virDomainDefPtr def = NULL;
+int ret = -1;
 
 virCheckFlags(0, -1);
 
+if (!(def = xenGetDomainDefForDom(dom)))
+goto cleanup;
+
 if (dom->id < 0) {
 if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) {
 virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
_("Cannot change scheduler parameters"));
-return -1;
+goto cleanup;
 }
-return xenDaemonSetSchedulerParameters(dom, params, nparams);
+ret = xenDaemonSetSchedulerParameters(dom->conn, def, params, nparams);
 } else {
-return xenHypervisorSetSchedulerParameters(dom, params, nparams);
+ret = xenHypervisorSetSchedulerParameters(dom->conn, def, params, 
nparams);
 }
+
+cleanup:
+virDomainDefFree(def);
+return ret;
 }
 
 static int
diff --git a/src/xen/xen_hypervisor.c b/src/xen/xen_hypervisor.c
index b97b329..2525566 100644
--- a/src/xen/xen_hypervisor.c
+++ b/src/xen/xen_hypervisor.c
@@ -1113,10 +1113,11 @@ virXen_getdomaininfo(int handle, int first_domain, 
xen_getdomaininfo *dominfo)
  * Returns scheduler name or NULL in case of failure
  */
 char *
-xenHypervisorGetSchedulerType(virDomainPtr domain, int *nparams)
+xenHypervisorGetSchedulerType(virConnectPtr conn,
+  int *nparams)
 {
 char *schedulertype = NULL;
-xenUnifiedPrivatePtr priv = domain->conn->privateData;
+xenUnifiedPrivatePtr priv = conn->privateData;
 
 /*
  * Support only hv_versions.dom_interface >=5
@@ -1176,11 +1177,12 @@ xenHypervisorGetSchedulerType(virDomainPtr domain, int 
*nparams)
  * Returns 0 or -1 in case of failure
  */
 int
-xenHypervisorGetSchedulerParameters(virDomainPtr domain,
+xenHypervisorGetSchedulerParameters(virConnectPtr conn,
+virDomainDefPtr def,
 virTypedP

Re: [libvirt] [PATCH] Disable some URI tests on older libxml2

[Michal Privoznik]

On 09.05.2013 15:01, Daniel P. Berrange wrote:
> From: "Daniel P. Berrange" 
> 
> Older versions of libxml2 could not correctly parse certain
> URIs. This causes test failures. There's nothing libvirt can
> do about this, so disable the problem tests on old libxml2
> versions
> 
> Signed-off-by: Daniel P. Berrange 
> ---
>  tests/viruritest.c | 8 
>  1 file changed, 8 insertions(+)
> 
> diff --git a/tests/viruritest.c b/tests/viruritest.c
> index 0bcd78d..6339d17 100644
> --- a/tests/viruritest.c
> +++ b/tests/viruritest.c
> @@ -182,19 +182,23 @@ mymain(void)
>  { (char*)"foo", (char*)"two", false },
>  { NULL, NULL, false },
>  };
> +#ifdef HAVE_XMLURI_QUERY_RAW
>  virURIParam params3[] = {
>  { (char*)"foo", (char*)"&one", false },
>  { (char*)"bar", (char*)"&two", false },
>  { NULL, NULL, false },
>  };
> +#endif
>  virURIParam params4[] = {
>  { (char*)"foo", (char*)"", false },
>  { NULL, NULL, false },
>  };
> +#ifdef HAVE_XMLURI_QUERY_RAW
>  virURIParam params5[] = {
>  { (char*)"foo", (char*)"one two", false },
>  { NULL, NULL, false },
>  };
> +#endif
>  virURIParam params6[] = {
>  { (char*)"foo", (char*)"one", false },
>  { NULL, NULL, false },
> @@ -204,12 +208,16 @@ mymain(void)
>  TEST_PARAMS("foo=one&foo=two", "", params2);
>  TEST_PARAMS("foo=one&&foo=two", "foo=one&foo=two", params2);
>  TEST_PARAMS("foo=one;foo=two", "foo=one&foo=two", params2);
> +#ifdef HAVE_XMLURI_QUERY_RAW
>  TEST_PARAMS("foo=%26one&bar=%26two", "", params3);
> +#endif
>  TEST_PARAMS("foo", "foo=", params4);
>  TEST_PARAMS("foo=", "", params4);
>  TEST_PARAMS("foo=&", "foo=", params4);
>  TEST_PARAMS("foo=&&", "foo=", params4);
> +#ifdef HAVE_XMLURI_QUERY_RAW
>  TEST_PARAMS("foo=one%20two", "", params5);
> +#endif
>  TEST_PARAMS("=bogus&foo=one", "foo=one", params6);
>  
>  return ret==0 ? EXIT_SUCCESS : EXIT_FAILURE;
> 

Mmm. Okay. ACK

Michal

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] [PATCH] Replace 'goto clean' with 'goto cleanup' in apparmor code

[Daniel P. Berrange]

From: "Daniel P. Berrange" 

Some of the apparmor code files did not follow the normal
goto label naming pratices

Signed-off-by: Daniel P. Berrange 
---
 src/security/security_apparmor.c | 34 ++---
 src/security/virt-aa-helper.c| 66 
 2 files changed, 50 insertions(+), 50 deletions(-)

diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c
index 5fb5db3..8123532 100644
--- a/src/security/security_apparmor.c
+++ b/src/security/security_apparmor.c
@@ -94,7 +94,7 @@ profile_status(const char *str, const int check_enforcing)
 virReportSystemError(errno,
  _("Failed to read AppArmor profiles list "
  "\'%s\'"), APPARMOR_PROFILES_PATH);
-goto clean;
+goto cleanup;
 }
 
 if (strstr(content, tmp) != NULL)
@@ -105,7 +105,7 @@ profile_status(const char *str, const int check_enforcing)
 }
 
 VIR_FREE(content);
-  clean:
+  cleanup:
 VIR_FREE(tmp);
 VIR_FREE(etmp);
 
@@ -294,12 +294,12 @@ reload_profile(virSecurityManagerPtr mgr,
_("cannot update AppArmor profile "
  "\'%s\'"),
secdef->imagelabel);
-goto clean;
+goto cleanup;
 }
 }
 
 rc = 0;
-  clean:
+  cleanup:
 VIR_FREE(profile_name);
 
 return rc;
@@ -372,11 +372,11 @@ AppArmorSecurityManagerProbe(const char *virtDriver)
 if (!virFileExists(template)) {
 virReportError(VIR_ERR_INTERNAL_ERROR,
_("template \'%s\' does not exist"), template);
-goto clean;
+goto cleanup;
 }
 rc = SECURITY_DRIVER_ENABLE;
 
-  clean:
+  cleanup:
 VIR_FREE(template);
 
 return rc;
@@ -449,7 +449,7 @@ AppArmorGenSecurityLabel(virSecurityManagerPtr mgr 
ATTRIBUTE_UNUSED,
 secdef->label = strndup(profile_name, strlen(profile_name));
 if (!secdef->label) {
 virReportOOMError();
-goto clean;
+goto cleanup;
 }
 
 /* set imagelabel the same as label (but we won't use it) */
@@ -474,14 +474,14 @@ AppArmorGenSecurityLabel(virSecurityManagerPtr mgr 
ATTRIBUTE_UNUSED,
 }
 
 rc = 0;
-goto clean;
+goto cleanup;
 
   err:
 VIR_FREE(secdef->label);
 VIR_FREE(secdef->imagelabel);
 VIR_FREE(secdef->model);
 
-  clean:
+  cleanup:
 VIR_FREE(profile_name);
 
 return rc;
@@ -526,17 +526,17 @@ AppArmorGetSecurityProcessLabel(virSecurityManagerPtr mgr 
ATTRIBUTE_UNUSED,
 VIR_SECURITY_LABEL_BUFLEN) == NULL) {
 virReportError(VIR_ERR_INTERNAL_ERROR,
"%s", _("error copying profile name"));
-goto clean;
+goto cleanup;
 }
 
 if ((sec->enforcing = profile_status(profile_name, 1)) < 0) {
 virReportError(VIR_ERR_INTERNAL_ERROR,
"%s", _("error calling profile_status()"));
-goto clean;
+goto cleanup;
 }
 rc = 0;
 
-  clean:
+  cleanup:
 VIR_FREE(profile_name);
 
 return rc;
@@ -609,17 +609,17 @@ AppArmorSetSecurityProcessLabel(virSecurityManagerPtr mgr 
ATTRIBUTE_UNUSED,
  "hypervisor driver is \'%s\'."),
secdef->model, SECURITY_APPARMOR_NAME);
 if (use_apparmor() > 0)
-goto clean;
+goto cleanup;
 }
 
 if (aa_change_profile(profile_name) < 0) {
 virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
_("error calling aa_change_profile()"));
-goto clean;
+goto cleanup;
 }
 rc = 0;
 
-  clean:
+  cleanup:
 VIR_FREE(profile_name);
 
 return rc;
@@ -736,13 +736,13 @@ AppArmorSetSecurityImageLabel(virSecurityManagerPtr mgr,
_("cannot update AppArmor profile "
  "\'%s\'"),
secdef->imagelabel);
-goto clean;
+goto cleanup;
 }
 }
 }
 rc = 0;
 
-  clean:
+  cleanup:
 VIR_FREE(profile_name);
 
 return rc;
diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
index 0831d2f..5d48850 100644
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@@ -277,46 +277,46 @@ update_include_file(const char *include_file, const char 
*included_files,
 if (append && virFileExists(include_file)) {
 if (virAsprintf(&pcontent, "%s%s", existing, included_files) == -1) {
 vah_error(NULL, 0, _("could not allocate memory for profile"));
-goto clean;
+goto cleanup;
 }
 } else {
 if (virAsprintf(&pcontent, "%s%s", warning, included_files) == -1) {
 vah_error(NULL, 0, _("could not allocate memory for profile"));
-goto clean;
+goto cleanup;
 }
 }
 
 plen = strlen(pcontent);
 if (plen > MAX_FILE_LEN) {
 va

[libvirt] [PATCH] Replace 'goto err' with 'goto cleanup' in udev interface driver

[Daniel P. Berrange]

From: "Daniel P. Berrange" 

The udev interface driver did not follow standard naming
convention for goto labels.

Signed-off-by: Daniel P. Berrange 
---
 src/interface/interface_backend_udev.c | 32 
 1 file changed, 16 insertions(+), 16 deletions(-)

diff --git a/src/interface/interface_backend_udev.c 
b/src/interface/interface_backend_udev.c
index 1c47e5c..f9a179f 100644
--- a/src/interface/interface_backend_udev.c
+++ b/src/interface/interface_backend_udev.c
@@ -112,21 +112,21 @@ udevInterfaceOpen(virConnectPtr conn,
 
 if (VIR_ALLOC(driverState) < 0) {
 virReportOOMError();
-goto err;
+goto cleanup;
 }
 
 driverState->udev = udev_new();
 if (!driverState->udev) {
 virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
_("failed to create udev context"));
-goto err;
+goto cleanup;
 }
 
 conn->interfacePrivateData = driverState;
 
 return VIR_DRV_OPEN_SUCCESS;
 
-err:
+cleanup:
 VIR_FREE(driverState);
 
 return VIR_DRV_OPEN_ERROR;
@@ -166,7 +166,7 @@ udevNumOfInterfacesByStatus(virConnectPtr conn, 
virUdevStatus status)
_("failed to get number of %s interfaces on host"),
virUdevStatusString(status));
 count = -1;
-goto err;
+goto cleanup;
 }
 
 /* Do the scan to load up the enumeration */
@@ -180,7 +180,7 @@ udevNumOfInterfacesByStatus(virConnectPtr conn, 
virUdevStatus status)
 count++;
 }
 
-err:
+cleanup:
 if (enumerate)
 udev_enumerate_unref(enumerate);
 udev_unref(udev);
@@ -207,7 +207,7 @@ udevListInterfacesByStatus(virConnectPtr conn,
 virReportError(VIR_ERR_INTERNAL_ERROR,
_("failed to get list of %s interfaces on host"),
virUdevStatusString(status));
-goto err;
+goto error;
 }
 
 /* Do the scan to load up the enumeration */
@@ -229,7 +229,7 @@ udevListInterfacesByStatus(virConnectPtr conn,
 dev = udev_device_new_from_syspath(udev, path);
 if (VIR_STRDUP(names[count], udev_device_get_sysname(dev)) < 0) {
 udev_device_unref(dev);
-goto err;
+goto error;
 }
 udev_device_unref(dev);
 
@@ -241,7 +241,7 @@ udevListInterfacesByStatus(virConnectPtr conn,
 
 return count;
 
-err:
+error:
 if (enumerate)
 udev_enumerate_unref(enumerate);
 udev_unref(udev);
@@ -422,14 +422,14 @@ udevInterfaceLookupByName(virConnectPtr conn, const char 
*name)
 virReportError(VIR_ERR_NO_INTERFACE,
_("couldn't find interface named '%s'"),
name);
-goto err;
+goto cleanup;
 }
 
 macaddr = udev_device_get_sysattr_value(dev, "address");
 ret = virGetInterface(conn, name, macaddr);
 udev_device_unref(dev);
 
-err:
+cleanup:
 udev_unref(udev);
 
 return ret;
@@ -452,7 +452,7 @@ udevInterfaceLookupByMACString(virConnectPtr conn, const 
char *macstr)
 virReportError(VIR_ERR_INTERNAL_ERROR,
_("failed to lookup interface with MAC address '%s'"),
macstr);
-goto err;
+goto cleanup;
 }
 
 /* Match on MAC */
@@ -469,7 +469,7 @@ udevInterfaceLookupByMACString(virConnectPtr conn, const 
char *macstr)
 virReportError(VIR_ERR_NO_INTERFACE,
_("couldn't find interface with MAC address '%s'"),
macstr);
-goto err;
+goto cleanup;
 }
 
 /* Check that we didn't get multiple items back */
@@ -477,7 +477,7 @@ udevInterfaceLookupByMACString(virConnectPtr conn, const 
char *macstr)
 virReportError(VIR_ERR_MULTIPLE_INTERFACES,
_("the MAC address '%s' matches multiple interfaces"),
macstr);
-goto err;
+goto cleanup;
 }
 
 dev = udev_device_new_from_syspath(udev, 
udev_list_entry_get_name(dev_entry));
@@ -485,7 +485,7 @@ udevInterfaceLookupByMACString(virConnectPtr conn, const 
char *macstr)
 ret = virGetInterface(conn, name, macstr);
 udev_device_unref(dev);
 
-err:
+cleanup:
 if (enumerate)
 udev_enumerate_unref(enumerate);
 udev_unref(udev);
@@ -1043,13 +1043,13 @@ udevInterfaceGetXMLDesc(virInterfacePtr ifinfo,
 ifacedef = udevGetIfaceDef(udev, ifinfo->name);
 
 if (!ifacedef)
-goto err;
+goto cleanup;
 
 xmlstr = virInterfaceDefFormat(ifacedef);
 
 virInterfaceDefFree(ifacedef);
 
-err:
+cleanup:
 /* decrement our udev ptr */
 udev_unref(udev);
 
-- 
1.8.1.4

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] [PATCH 04/11] Convert Xen domain managed save driver methods to use virDomainDefPtr

[Daniel P. Berrange]

From: "Daniel P. Berrange" 

Introduce use of a virDomainDefPtr in the domain save
APIs to simplify introduction of ACL security checks.
The virDomainPtr cannot be safely used, since the app
may have supplied mis-matching name/uuid/id fields. eg
the name points to domain X, while the uuid points to
domain Y. Resolving the virDomainPtr to a virDomainDefPtr
ensures a consistent name/uuid/id set.

Signed-off-by: Daniel P. Berrange 
---
 src/xen/xen_driver.c| 72 -
 src/xen/xend_internal.c | 23 +---
 src/xen/xend_internal.h |  7 +++--
 src/xen/xm_internal.c   | 25 -
 src/xen/xm_internal.h   |  3 ++-
 5 files changed, 86 insertions(+), 44 deletions(-)

diff --git a/src/xen/xen_driver.c b/src/xen/xen_driver.c
index 68a86b7..89b038c 100644
--- a/src/xen/xen_driver.c
+++ b/src/xen/xen_driver.c
@@ -1038,14 +1038,25 @@ static int
 xenUnifiedDomainSaveFlags(virDomainPtr dom, const char *to, const char *dxml,
   unsigned int flags)
 {
+int ret = -1;
+virDomainDefPtr def;
+
 virCheckFlags(0, -1);
+
 if (dxml) {
 virReportError(VIR_ERR_ARGUMENT_UNSUPPORTED, "%s",
_("xml modification unsupported"));
 return -1;
 }
 
-return xenDaemonDomainSave(dom, to);
+if (!(def = xenGetDomainDefForDom(dom)))
+goto cleanup;
+
+ret = xenDaemonDomainSave(dom->conn, def, to);
+
+cleanup:
+virDomainDefFree(def);
+return ret;
 }
 
 static int
@@ -1055,11 +1066,12 @@ xenUnifiedDomainSave(virDomainPtr dom, const char *to)
 }
 
 static char *
-xenUnifiedDomainManagedSavePath(xenUnifiedPrivatePtr priv, virDomainPtr dom)
+xenUnifiedDomainManagedSavePath(xenUnifiedPrivatePtr priv,
+virDomainDefPtr def)
 {
 char *ret;
 
-if (virAsprintf(&ret, "%s/%s.save", priv->saveDir, dom->name) < 0) {
+if (virAsprintf(&ret, "%s/%s.save", priv->saveDir, def->name) < 0) {
 virReportOOMError();
 return NULL;
 }
@@ -1072,19 +1084,23 @@ static int
 xenUnifiedDomainManagedSave(virDomainPtr dom, unsigned int flags)
 {
 xenUnifiedPrivatePtr priv = dom->conn->privateData;
-char *name;
+char *name = NULL;
+virDomainDefPtr def = NULL;
 int ret = -1;
 
 virCheckFlags(0, -1);
 
-name = xenUnifiedDomainManagedSavePath(priv, dom);
-if (!name)
+if (!(def = xenGetDomainDefForDom(dom)))
+goto cleanup;
+
+if (!(name = xenUnifiedDomainManagedSavePath(priv, def)))
 goto cleanup;
 
-ret = xenDaemonDomainSave(dom, name);
+ret = xenDaemonDomainSave(dom->conn, def, name);
 
 cleanup:
 VIR_FREE(name);
+virDomainDefFree(def);
 return ret;
 }
 
@@ -1092,17 +1108,23 @@ static int
 xenUnifiedDomainHasManagedSaveImage(virDomainPtr dom, unsigned int flags)
 {
 xenUnifiedPrivatePtr priv = dom->conn->privateData;
-char *name;
+char *name = NULL;
+virDomainDefPtr def = NULL;
 int ret = -1;
 
 virCheckFlags(0, -1);
 
-name = xenUnifiedDomainManagedSavePath(priv, dom);
-if (!name)
-return ret;
+if (!(def = xenGetDomainDefForDom(dom)))
+goto cleanup;
+
+if (!(name = xenUnifiedDomainManagedSavePath(priv, def)))
+goto cleanup;
 
 ret = virFileExists(name);
+
+cleanup:
 VIR_FREE(name);
+virDomainDefFree(def);
 return ret;
 }
 
@@ -1110,16 +1132,21 @@ static int
 xenUnifiedDomainManagedSaveRemove(virDomainPtr dom, unsigned int flags)
 {
 xenUnifiedPrivatePtr priv = dom->conn->privateData;
-char *name;
+char *name = NULL;
+virDomainDefPtr def = NULL;
 int ret = -1;
 
 virCheckFlags(0, -1);
 
-name = xenUnifiedDomainManagedSavePath(priv, dom);
-if (!name)
-return ret;
+if (!(def = xenGetDomainDefForDom(dom)))
+goto cleanup;
+
+if (!(name = xenUnifiedDomainManagedSavePath(priv, def)))
+goto cleanup;
 
 ret = unlink(name);
+
+cleanup:
 VIR_FREE(name);
 return ret;
 }
@@ -1496,12 +1523,15 @@ xenUnifiedDomainCreateWithFlags(virDomainPtr dom, 
unsigned int flags)
 {
 xenUnifiedPrivatePtr priv = dom->conn->privateData;
 int ret = -1;
+virDomainDefPtr def = NULL;
 char *name = NULL;
 
 virCheckFlags(0, -1);
 
-name = xenUnifiedDomainManagedSavePath(priv, dom);
-if (!name)
+if (!(def = xenGetDomainDefForDom(dom)))
+goto cleanup;
+
+if (!(name = xenUnifiedDomainManagedSavePath(priv, def)))
 goto cleanup;
 
 if (virFileExists(name)) {
@@ -1512,11 +1542,15 @@ xenUnifiedDomainCreateWithFlags(virDomainPtr dom, 
unsigned int flags)
 }
 
 if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4)
-ret = xenXMDomainCreate(dom);
+ret = xenXMDomainCreate(dom->conn, def);
 else
-ret = xenDaemonDomainCreate(dom);
+ret = xenDaemonDomainCreate(dom->conn, def);
+
+if (ret >= 0)
+dom->id = def->id;
 
 cleanup:
+virDomainDefFree(def);
   

[libvirt] [PATCH 02/11] Convert Xen domain lifecycle driver methods to use virDomainDefPtr

[Daniel P. Berrange]

From: "Daniel P. Berrange" 

Introduce use of a virDomainDefPtr in the domain lifecycle
APIs to simplify introduction of ACL security checks.
The virDomainPtr cannot be safely used, since the app
may have supplied mis-matching name/uuid/id fields. eg
the name points to domain X, while the uuid points to
domain Y. Resolving the virDomainPtr to a virDomainDefPtr
ensures a consistent name/uuid/id set.

Signed-off-by: Daniel P. Berrange 
---
 src/xen/xen_driver.c| 67 +
 src/xen/xend_internal.c | 60 ++-
 src/xen/xend_internal.h | 10 
 src/xen/xm_internal.c   |  8 +++---
 4 files changed, 103 insertions(+), 42 deletions(-)

diff --git a/src/xen/xen_driver.c b/src/xen/xen_driver.c
index d9420d8..37107ff 100644
--- a/src/xen/xen_driver.c
+++ b/src/xen/xen_driver.c
@@ -136,6 +136,13 @@ static virDomainDefPtr 
xenGetDomainDefForUUID(virConnectPtr conn, const unsigned
 }
 
 
+static virDomainDefPtr xenGetDomainDefForDom(virDomainPtr dom)
+{
+/* UUID lookup is more efficient than name lookup */
+return xenGetDomainDefForUUID(dom->conn, dom->uuid);
+}
+
+
 /**
  * xenNumaInit:
  * @conn: pointer to the hypervisor connection
@@ -781,22 +788,52 @@ xenUnifiedDomainIsUpdated(virDomainPtr dom 
ATTRIBUTE_UNUSED)
 static int
 xenUnifiedDomainSuspend(virDomainPtr dom)
 {
-return xenDaemonDomainSuspend(dom);
+int ret = -1;
+virDomainDefPtr def;
+
+if (!(def = xenGetDomainDefForDom(dom)))
+goto cleanup;
+
+ret = xenDaemonDomainSuspend(dom->conn, def);
+
+cleanup:
+virDomainDefFree(def);
+return ret;
 }
 
 static int
 xenUnifiedDomainResume(virDomainPtr dom)
 {
-return xenDaemonDomainResume(dom);
+int ret = -1;
+virDomainDefPtr def;
+
+if (!(def = xenGetDomainDefForDom(dom)))
+goto cleanup;
+
+ret = xenDaemonDomainResume(dom->conn, def);
+
+cleanup:
+virDomainDefFree(def);
+return ret;
 }
 
 static int
 xenUnifiedDomainShutdownFlags(virDomainPtr dom,
   unsigned int flags)
 {
+int ret = -1;
+virDomainDefPtr def;
+
 virCheckFlags(0, -1);
 
-return xenDaemonDomainShutdown(dom);
+if (!(def = xenGetDomainDefForDom(dom)))
+goto cleanup;
+
+ret = xenDaemonDomainShutdown(dom->conn, def);
+
+cleanup:
+virDomainDefFree(def);
+return ret;
 }
 
 static int
@@ -808,18 +845,38 @@ xenUnifiedDomainShutdown(virDomainPtr dom)
 static int
 xenUnifiedDomainReboot(virDomainPtr dom, unsigned int flags)
 {
+int ret = -1;
+virDomainDefPtr def;
+
 virCheckFlags(0, -1);
 
-return xenDaemonDomainReboot(dom);
+if (!(def = xenGetDomainDefForDom(dom)))
+goto cleanup;
+
+ret = xenDaemonDomainReboot(dom->conn, def);
+
+cleanup:
+virDomainDefFree(def);
+return ret;
 }
 
 static int
 xenUnifiedDomainDestroyFlags(virDomainPtr dom,
  unsigned int flags)
 {
+int ret = -1;
+virDomainDefPtr def;
+
 virCheckFlags(0, -1);
 
-return xenDaemonDomainDestroy(dom);
+if (!(def = xenGetDomainDefForDom(dom)))
+goto cleanup;
+
+ret = xenDaemonDomainDestroy(dom->conn, def);
+
+cleanup:
+virDomainDefFree(def);
+return ret;
 }
 
 static int
diff --git a/src/xen/xend_internal.c b/src/xen/xend_internal.c
index 5ea1627..f8bd72b 100644
--- a/src/xen/xend_internal.c
+++ b/src/xen/xend_internal.c
@@ -1251,7 +1251,8 @@ xenDaemonClose(virConnectPtr conn ATTRIBUTE_UNUSED)
 
 /**
  * xenDaemonDomainSuspend:
- * @domain: pointer to the Domain block
+ * @conn: the connection object
+ * @def: the domain to suspend
  *
  * Pause the domain, the domain is not scheduled anymore though its resources
  * are preserved. Use xenDaemonDomainResume() to resume execution.
@@ -1259,41 +1260,42 @@ xenDaemonClose(virConnectPtr conn ATTRIBUTE_UNUSED)
  * Returns 0 in case of success, -1 (with errno) in case of error.
  */
 int
-xenDaemonDomainSuspend(virDomainPtr domain)
+xenDaemonDomainSuspend(virConnectPtr conn, virDomainDefPtr def)
 {
-if (domain->id < 0) {
+if (def->id < 0) {
 virReportError(VIR_ERR_OPERATION_INVALID,
-   _("Domain %s isn't running."), domain->name);
+   _("Domain %s isn't running."), def->name);
 return -1;
 }
 
-return xend_op(domain->conn, domain->name, "op", "pause", NULL);
+return xend_op(conn, def->name, "op", "pause", NULL);
 }
 
 /**
  * xenDaemonDomainResume:
- * @xend: pointer to the Xen Daemon block
- * @name: name for the domain
+ * @conn: the connection object
+ * @def: the domain to resume
  *
  * Resume the domain after xenDaemonDomainSuspend() has been called
  *
  * Returns 0 in case of success, -1 (with errno) in case of error.
  */
 int
-xenDaemonDomainResume(virDomainPtr domain)
+xenDaemonDomainResume(virConnectPtr conn, virDomainDefPtr def)
 {
-if (domain->id < 0) {
+if (def->id < 0) {
 virReportError(VIR_ERR_OPERATION_INVALID

[libvirt] [PATCH] Fix build of python bindings on Python 2.4

[Daniel P. Berrange]

From: "Daniel P. Berrange" 

The PyDict_Next method on Python <= 2.4 used 'int' instead
of "Py_ssize_t" for the 'pos' parameter

Signed-off-by: Daniel P. Berrange 
---
 python/libvirt-override.c | 4 
 1 file changed, 4 insertions(+)

diff --git a/python/libvirt-override.c b/python/libvirt-override.c
index 856789a..fd9ebb8 100644
--- a/python/libvirt-override.c
+++ b/python/libvirt-override.c
@@ -152,7 +152,11 @@ setPyVirTypedParameter(PyObject *info,
const virTypedParameterPtr params, int nparams)
 {
 PyObject *key, *value;
+#if PY_MAJOR_VERSION == 2 && PY_MINOR_VERSION <= 4
+int pos = 0;
+#else
 Py_ssize_t pos = 0;
+#endif
 virTypedParameterPtr temp = NULL, ret = NULL;
 Py_ssize_t size;
 int i;
-- 
1.8.1.4

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] [PATCH] Disable some URI tests on older libxml2

[Daniel P. Berrange]

From: "Daniel P. Berrange" 

Older versions of libxml2 could not correctly parse certain
URIs. This causes test failures. There's nothing libvirt can
do about this, so disable the problem tests on old libxml2
versions

Signed-off-by: Daniel P. Berrange 
---
 tests/viruritest.c | 8 
 1 file changed, 8 insertions(+)

diff --git a/tests/viruritest.c b/tests/viruritest.c
index 0bcd78d..6339d17 100644
--- a/tests/viruritest.c
+++ b/tests/viruritest.c
@@ -182,19 +182,23 @@ mymain(void)
 { (char*)"foo", (char*)"two", false },
 { NULL, NULL, false },
 };
+#ifdef HAVE_XMLURI_QUERY_RAW
 virURIParam params3[] = {
 { (char*)"foo", (char*)"&one", false },
 { (char*)"bar", (char*)"&two", false },
 { NULL, NULL, false },
 };
+#endif
 virURIParam params4[] = {
 { (char*)"foo", (char*)"", false },
 { NULL, NULL, false },
 };
+#ifdef HAVE_XMLURI_QUERY_RAW
 virURIParam params5[] = {
 { (char*)"foo", (char*)"one two", false },
 { NULL, NULL, false },
 };
+#endif
 virURIParam params6[] = {
 { (char*)"foo", (char*)"one", false },
 { NULL, NULL, false },
@@ -204,12 +208,16 @@ mymain(void)
 TEST_PARAMS("foo=one&foo=two", "", params2);
 TEST_PARAMS("foo=one&&foo=two", "foo=one&foo=two", params2);
 TEST_PARAMS("foo=one;foo=two", "foo=one&foo=two", params2);
+#ifdef HAVE_XMLURI_QUERY_RAW
 TEST_PARAMS("foo=%26one&bar=%26two", "", params3);
+#endif
 TEST_PARAMS("foo", "foo=", params4);
 TEST_PARAMS("foo=", "", params4);
 TEST_PARAMS("foo=&", "foo=", params4);
 TEST_PARAMS("foo=&&", "foo=", params4);
+#ifdef HAVE_XMLURI_QUERY_RAW
 TEST_PARAMS("foo=one%20two", "", params5);
+#endif
 TEST_PARAMS("=bogus&foo=one", "foo=one", params6);
 
 return ret==0 ? EXIT_SUCCESS : EXIT_FAILURE;
-- 
1.8.1.4

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] [PATCH 10/11] Convert Xen domain stats/peek driver methods to use virDomainDefPtr

[Daniel P. Berrange]

From: "Daniel P. Berrange" 

Introduce use of a virDomainDefPtr in the domain stats &
peek APIs to simplify introduction of ACL security checks.
The virDomainPtr cannot be safely used, since the app
may have supplied mis-matching name/uuid/id fields. eg
the name points to domain X, while the uuid points to
domain Y. Resolving the virDomainPtr to a virDomainDefPtr
ensures a consistent name/uuid/id set.

Signed-off-by: Daniel P. Berrange 
---
 src/xen/block_stats.c|  6 +++---
 src/xen/block_stats.h|  2 +-
 src/xen/xen_driver.c | 37 +
 src/xen/xen_hypervisor.c | 11 ++-
 src/xen/xen_hypervisor.h |  9 +
 src/xen/xend_internal.c  | 21 +++--
 src/xen/xend_internal.h  |  7 ++-
 src/xen/xm_internal.c|  3 ++-
 src/xen/xm_internal.h|  7 ++-
 9 files changed, 73 insertions(+), 30 deletions(-)

diff --git a/src/xen/block_stats.c b/src/xen/block_stats.c
index ded8d7f..56a3901 100644
--- a/src/xen/block_stats.c
+++ b/src/xen/block_stats.c
@@ -359,16 +359,16 @@ xenLinuxDomainDeviceID(int domid, const char *path)
 
 int
 xenLinuxDomainBlockStats(xenUnifiedPrivatePtr priv,
- virDomainPtr dom,
+ virDomainDefPtr def,
  const char *path,
  struct _virDomainBlockStats *stats)
 {
-int device = xenLinuxDomainDeviceID(dom->id, path);
+int device = xenLinuxDomainDeviceID(def->id, path);
 
 if (device < 0)
 return -1;
 
-return read_bd_stats(priv, device, dom->id, stats);
+return read_bd_stats(priv, device, def->id, stats);
 }
 
 #endif /* __linux__ */
diff --git a/src/xen/block_stats.h b/src/xen/block_stats.h
index 0a3c40a..6633d97 100644
--- a/src/xen/block_stats.h
+++ b/src/xen/block_stats.h
@@ -28,7 +28,7 @@
 #  include "xen_driver.h"
 
 extern int xenLinuxDomainBlockStats (xenUnifiedPrivatePtr priv,
- virDomainPtr dom, const char *path,
+ virDomainDefPtr def, const char *path,
  struct _virDomainBlockStats *stats);
 
 extern int xenLinuxDomainDeviceID(int domid, const char *dev);
diff --git a/src/xen/xen_driver.c b/src/xen/xen_driver.c
index 5ab1a52..7c00b70 100644
--- a/src/xen/xen_driver.c
+++ b/src/xen/xen_driver.c
@@ -1957,14 +1957,34 @@ static int
 xenUnifiedDomainBlockStats(virDomainPtr dom, const char *path,
struct _virDomainBlockStats *stats)
 {
-return xenHypervisorDomainBlockStats(dom, path, stats);
+virDomainDefPtr def = NULL;
+int ret = -1;
+
+if (!(def = xenGetDomainDefForDom(dom)))
+goto cleanup;
+
+ret = xenHypervisorDomainBlockStats(dom->conn, def, path, stats);
+
+cleanup:
+virDomainDefFree(def);
+return ret;
 }
 
 static int
 xenUnifiedDomainInterfaceStats(virDomainPtr dom, const char *path,
struct _virDomainInterfaceStats *stats)
 {
-return xenHypervisorDomainInterfaceStats(dom, path, stats);
+virDomainDefPtr def = NULL;
+int ret = -1;
+
+if (!(def = xenGetDomainDefForDom(dom)))
+goto cleanup;
+
+ret = xenHypervisorDomainInterfaceStats(def, path, stats);
+
+cleanup:
+virDomainDefFree(def);
+return ret;
 }
 
 static int
@@ -1973,13 +1993,22 @@ xenUnifiedDomainBlockPeek(virDomainPtr dom, const char 
*path,
   void *buffer, unsigned int flags)
 {
 xenUnifiedPrivatePtr priv = dom->conn->privateData;
+virDomainDefPtr def = NULL;
+int ret = -1;
 
 virCheckFlags(0, -1);
 
+if (!(def = xenGetDomainDefForDom(dom)))
+goto cleanup;
+
 if (dom->id < 0 && priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4)
-return xenXMDomainBlockPeek(dom, path, offset, size, buffer);
+ret = xenXMDomainBlockPeek(dom->conn, def, path, offset, size, buffer);
 else
-return xenDaemonDomainBlockPeek(dom, path, offset, size, buffer);
+ret = xenDaemonDomainBlockPeek(dom->conn, def, path, offset, size, 
buffer);
+
+cleanup:
+virDomainDefFree(def);
+return ret;
 }
 
 static int
diff --git a/src/xen/xen_hypervisor.c b/src/xen/xen_hypervisor.c
index 2525566..612ac77 100644
--- a/src/xen/xen_hypervisor.c
+++ b/src/xen/xen_hypervisor.c
@@ -1368,17 +1368,18 @@ xenHypervisorSetSchedulerParameters(virConnectPtr conn,
 
 
 int
-xenHypervisorDomainBlockStats(virDomainPtr dom,
+xenHypervisorDomainBlockStats(virConnectPtr conn,
+  virDomainDefPtr def,
   const char *path,
   struct _virDomainBlockStats *stats)
 {
 #ifdef __linux__
-xenUnifiedPrivatePtr priv = dom->conn->privateData;
+xenUnifiedPrivatePtr priv = conn->privateData;
 int ret;
 
 xenUnifiedLock(priv);
 /* Need to lock because it hits the xenstore handle :-( */
-ret = xenLinuxDomainBlockStats(priv, dom, path, stats);
+ret = xenLinuxDoma

Re: [libvirt] [PATCH 01/11] Convert Xen domain lookup driver methods to use virDomainDefPtr

[Michal Privoznik]

On 09.05.2013 14:59, Daniel P. Berrange wrote:
> From: "Daniel P. Berrange" 
> 
> Introduce use of a virDomainDefPtr in the domain lookup
> APIs to simplify introduction of ACL security checks.
> The virDomainPtr cannot be safely used, since the app
> may have supplied mis-matching name/uuid/id fields. eg
> the name points to domain X, while the uuid points to
> domain Y. Resolving the virDomainPtr to a virDomainDefPtr
> ensures a consistent name/uuid/id set.
> 
> Signed-off-by: Daniel P. Berrange 
> ---
>  src/conf/domain_conf.c   |  24 
>  src/conf/domain_conf.h   |   4 ++
>  src/libvirt_private.syms |   1 +
>  src/xen/xen_driver.c | 147 
> +++
>  src/xen/xen_hypervisor.c |  17 +++---
>  src/xen/xen_hypervisor.h |   8 +--
>  src/xen/xen_inotify.c|  14 ++---
>  src/xen/xend_internal.c  |  34 +--
>  src/xen/xend_internal.h  |   4 +-
>  src/xen/xm_internal.c|  30 --
>  src/xen/xm_internal.h|   5 +-
>  11 files changed, 173 insertions(+), 115 deletions(-)
> 
> diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
> index d55ce6b..61995cd 100644
> --- a/src/conf/domain_conf.c
> +++ b/src/conf/domain_conf.c
> @@ -2048,6 +2048,30 @@ error:
>  return NULL;
>  }
>  
> +
> +virDomainDefPtr virDomainDefNew(const char *name,
> +const unsigned char *uuid,
> +int id)
> +{
> +virDomainDefPtr def;
> +
> +if (VIR_ALLOC(def) < 0) {
> +virReportOOMError();
> +return NULL;
> +}
> +
> +if (!(def->name = strdup(name))) {
> +VIR_FREE(def);
> +return NULL;
> +}

Can you switch to VIR_STRDUP instead?

Michal

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] [PATCH 11/11] Convert Xen domain core dump driver methods to use virDomainDefPtr

[Daniel P. Berrange]

From: "Daniel P. Berrange" 

Introduce use of a virDomainDefPtr in the domain coredump
APIs to simplify introduction of ACL security checks.
The virDomainPtr cannot be safely used, since the app
may have supplied mis-matching name/uuid/id fields. eg
the name points to domain X, while the uuid points to
domain Y. Resolving the virDomainPtr to a virDomainDefPtr
ensures a consistent name/uuid/id set.

Signed-off-by: Daniel P. Berrange 
---
 src/xen/xen_driver.c| 14 +-
 src/xen/xend_internal.c |  9 +
 src/xen/xend_internal.h |  4 +++-
 3 files changed, 21 insertions(+), 6 deletions(-)

diff --git a/src/xen/xen_driver.c b/src/xen/xen_driver.c
index 7c00b70..a6c87ce 100644
--- a/src/xen/xen_driver.c
+++ b/src/xen/xen_driver.c
@@ -1193,7 +1193,19 @@ xenUnifiedDomainRestore(virConnectPtr conn, const char 
*from)
 static int
 xenUnifiedDomainCoreDump(virDomainPtr dom, const char *to, unsigned int flags)
 {
-return xenDaemonDomainCoreDump(dom, to, flags);
+virDomainDefPtr def = NULL;
+int ret = -1;
+
+virCheckFlags(0, -1);
+
+if (!(def = xenGetDomainDefForDom(dom)))
+goto cleanup;
+
+ret = xenDaemonDomainCoreDump(dom->conn, def, to, flags);
+
+cleanup:
+virDomainDefFree(def);
+return ret;
 }
 
 static int
diff --git a/src/xen/xend_internal.c b/src/xen/xend_internal.c
index 273408d..8dc1a2d 100644
--- a/src/xen/xend_internal.c
+++ b/src/xen/xend_internal.c
@@ -1447,19 +1447,20 @@ xenDaemonDomainSave(virConnectPtr conn,
  * Returns 0 in case of success, -1 in case of error.
  */
 int
-xenDaemonDomainCoreDump(virDomainPtr domain,
+xenDaemonDomainCoreDump(virConnectPtr conn,
+virDomainDefPtr def,
 const char *filename,
 unsigned int flags)
 {
 virCheckFlags(VIR_DUMP_LIVE | VIR_DUMP_CRASH, -1);
 
-if (domain->id < 0) {
+if (def->id < 0) {
 virReportError(VIR_ERR_OPERATION_INVALID,
-   _("Domain %s isn't running."), domain->name);
+   _("Domain %s isn't running."), def->name);
 return -1;
 }
 
-return xend_op(domain->conn, domain->name,
+return xend_op(conn, def->name,
"op", "dump", "file", filename,
"live", (flags & VIR_DUMP_LIVE ? "1" : "0"),
"crash", (flags & VIR_DUMP_CRASH ? "1" : "0"),
diff --git a/src/xen/xend_internal.h b/src/xen/xend_internal.h
index aa05130..b2d4368 100644
--- a/src/xen/xend_internal.h
+++ b/src/xen/xend_internal.h
@@ -95,7 +95,9 @@ int xenDaemonDomainDestroy(virConnectPtr conn, 
virDomainDefPtr def);
 int xenDaemonDomainSave(virConnectPtr conn,
 virDomainDefPtr def,
 const char *filename);
-int xenDaemonDomainCoreDump(virDomainPtr domain, const char *filename,
+int xenDaemonDomainCoreDump(virConnectPtr conn,
+virDomainDefPtr def,
+const char *filename,
 unsigned int flags);
 int xenDaemonDomainRestore(virConnectPtr conn, const char *filename);
 int xenDaemonDomainSetMemory(virConnectPtr conn,
-- 
1.8.1.4

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] [PATCH 03/11] Convert Xen domain property driver methods to use virDomainDefPtr

[Daniel P. Berrange]

From: "Daniel P. Berrange" 

Introduce use of a virDomainDefPtr in the domain property
APIs to simplify introduction of ACL security checks.
The virDomainPtr cannot be safely used, since the app
may have supplied mis-matching name/uuid/id fields. eg
the name points to domain X, while the uuid points to
domain Y. Resolving the virDomainPtr to a virDomainDefPtr
ensures a consistent name/uuid/id set.

Signed-off-by: Daniel P. Berrange 
---
 src/xen/xen_driver.c | 98 +---
 src/xen/xen_hypervisor.c | 42 +++--
 src/xen/xen_hypervisor.h | 18 +
 src/xen/xend_internal.c  | 44 +-
 src/xen/xend_internal.h  | 21 ---
 src/xen/xm_internal.c| 41 +++-
 src/xen/xm_internal.h| 18 ++---
 7 files changed, 187 insertions(+), 95 deletions(-)

diff --git a/src/xen/xen_driver.c b/src/xen/xen_driver.c
index 37107ff..68a86b7 100644
--- a/src/xen/xen_driver.c
+++ b/src/xen/xen_driver.c
@@ -889,18 +889,27 @@ static char *
 xenUnifiedDomainGetOSType(virDomainPtr dom)
 {
 xenUnifiedPrivatePtr priv = dom->conn->privateData;
+char *ret = NULL;
+virDomainDefPtr def;
 
-if (dom->id < 0) {
+if (!(def = xenGetDomainDefForDom(dom)))
+goto cleanup;
+
+if (def->id < 0) {
 if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) {
 virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
_("Unable to query OS type for inactive domain"));
 return NULL;
 } else {
-return xenDaemonDomainGetOSType(dom);
+ret = xenHypervisorDomainGetOSType(dom->conn, def);
 }
 } else {
-return xenHypervisorDomainGetOSType(dom);
+ret = xenDaemonDomainGetOSType(dom->conn, def);
 }
+
+cleanup:
+virDomainDefFree(def);
+return ret;
 }
 
 
@@ -908,56 +917,92 @@ static unsigned long long
 xenUnifiedDomainGetMaxMemory(virDomainPtr dom)
 {
 xenUnifiedPrivatePtr priv = dom->conn->privateData;
+unsigned long long ret = 0;
+virDomainDefPtr def;
 
-if (dom->id < 0) {
+if (!(def = xenGetDomainDefForDom(dom)))
+goto cleanup;
+
+if (def->id < 0) {
 if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4)
-return xenXMDomainGetMaxMemory(dom);
+ret = xenXMDomainGetMaxMemory(dom->conn, def);
 else
-return xenDaemonDomainGetMaxMemory(dom);
+ret = xenDaemonDomainGetMaxMemory(dom->conn, def);
 } else {
-return xenHypervisorGetMaxMemory(dom);
+ret = xenHypervisorGetMaxMemory(dom->conn, def);
 }
+
+cleanup:
+virDomainDefFree(def);
+return ret;
 }
 
 static int
 xenUnifiedDomainSetMaxMemory(virDomainPtr dom, unsigned long memory)
 {
 xenUnifiedPrivatePtr priv = dom->conn->privateData;
+int ret = -1;
+virDomainDefPtr def;
 
-if (dom->id < 0) {
+if (!(def = xenGetDomainDefForDom(dom)))
+goto cleanup;
+
+if (def->id < 0) {
 if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4)
-return xenXMDomainSetMaxMemory(dom, memory);
+ret = xenXMDomainSetMaxMemory(dom->conn, def, memory);
 else
-return xenDaemonDomainSetMaxMemory(dom, memory);
+ret = xenDaemonDomainSetMaxMemory(dom->conn, def, memory);
 } else {
-return xenHypervisorSetMaxMemory(dom, memory);
+ret = xenHypervisorSetMaxMemory(dom->conn, def, memory);
 }
+
+cleanup:
+virDomainDefFree(def);
+return ret;
 }
 
 static int
 xenUnifiedDomainSetMemory(virDomainPtr dom, unsigned long memory)
 {
 xenUnifiedPrivatePtr priv = dom->conn->privateData;
+int ret = -1;
+virDomainDefPtr def;
 
-if (dom->id < 0 && priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4)
-return xenXMDomainSetMemory(dom, memory);
+if (!(def = xenGetDomainDefForDom(dom)))
+goto cleanup;
+
+if (def->id < 0 && priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4)
+ret = xenXMDomainSetMemory(dom->conn, def, memory);
 else
-return xenDaemonDomainSetMemory(dom, memory);
+ret = xenDaemonDomainSetMemory(dom->conn, def, memory);
+
+cleanup:
+virDomainDefFree(def);
+return ret;
 }
 
 static int
 xenUnifiedDomainGetInfo(virDomainPtr dom, virDomainInfoPtr info)
 {
 xenUnifiedPrivatePtr priv = dom->conn->privateData;
+int ret = -1;
+virDomainDefPtr def;
 
-if (dom->id < 0) {
+if (!(def = xenGetDomainDefForDom(dom)))
+goto cleanup;
+
+if (def->id < 0) {
 if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4)
-return xenXMDomainGetInfo(dom, info);
+ret = xenXMDomainGetInfo(dom->conn, def, info);
 else
-return xenDaemonDomainGetInfo(dom, info);
+ret = xenDaemonDomainGetInfo(dom->conn, def, info);
 } else {
-return xenHypervisorGetDomainInfo(dom, info);
+ret = xenHypervisorGetDo

[libvirt] [PATCH 05/11] Convert Xen domain start/migration APIs to use virDomainDefPtr

[Daniel P. Berrange]

From: "Daniel P. Berrange" 

Introduce use of a virDomainDefPtr in the domain migrate &
start APIs to simplify introduction of ACL security checks.
The virDomainPtr cannot be safely used, since the app
may have supplied mis-matching name/uuid/id fields. eg
the name points to domain X, while the uuid points to
domain Y. Resolving the virDomainPtr to a virDomainDefPtr
ensures a consistent name/uuid/id set.

Signed-off-by: Daniel P. Berrange 
---
 src/xen/xen_driver.c| 127 
 src/xen/xend_internal.c |  71 +--
 src/xen/xend_internal.h |  22 ++---
 src/xen/xm_internal.c   |  49 ---
 src/xen/xm_internal.h   |   7 +--
 5 files changed, 148 insertions(+), 128 deletions(-)

diff --git a/src/xen/xen_driver.c b/src/xen/xen_driver.c
index 89b038c..8b7dec9 100644
--- a/src/xen/xen_driver.c
+++ b/src/xen/xen_driver.c
@@ -1294,18 +1294,31 @@ static char *
 xenUnifiedDomainGetXMLDesc(virDomainPtr dom, unsigned int flags)
 {
 xenUnifiedPrivatePtr priv = dom->conn->privateData;
+virDomainDefPtr minidef = NULL;
+virDomainDefPtr def = NULL;
+char *ret = NULL;
+
+if (!(minidef = xenGetDomainDefForDom(dom)))
+goto cleanup;
 
 if (dom->id < 0 && priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) {
-return xenXMDomainGetXMLDesc(dom, flags);
+def = xenXMDomainGetXMLDesc(dom->conn, minidef);
 } else {
-char *cpus, *res;
+char *cpus;
 xenUnifiedLock(priv);
 cpus = xenDomainUsedCpus(dom);
 xenUnifiedUnlock(priv);
-res = xenDaemonDomainGetXMLDesc(dom, flags, cpus);
+def = xenDaemonDomainGetXMLDesc(dom->conn, minidef, cpus);
 VIR_FREE(cpus);
-return res;
 }
+
+if (def)
+ret = virDomainDefFormat(def, flags);
+
+cleanup:
+virDomainDefFree(def);
+virDomainDefFree(minidef);
+return ret;
 }
 
 
@@ -1438,10 +1451,21 @@ xenUnifiedDomainMigratePerform(virDomainPtr dom,
const char *dname,
unsigned long resource)
 {
+virDomainDefPtr def = NULL;
+int ret = -1;
+
 virCheckFlags(XEN_MIGRATION_FLAGS, -1);
 
-return xenDaemonDomainMigratePerform(dom, cookie, cookielen, uri,
- flags, dname, resource);
+if (!(def = xenGetDomainDefForDom(dom)))
+goto cleanup;
+
+ret = xenDaemonDomainMigratePerform(dom->conn, def,
+cookie, cookielen, uri,
+flags, dname, resource);
+
+cleanup:
+virDomainDefFree(def);
+return ret;
 }
 
 static virDomainPtr
@@ -1452,45 +1476,37 @@ xenUnifiedDomainMigrateFinish(virConnectPtr dconn,
   const char *uri ATTRIBUTE_UNUSED,
   unsigned long flags)
 {
-virDomainPtr dom = NULL;
-char *domain_xml = NULL;
-virDomainPtr dom_new = NULL;
+xenUnifiedPrivatePtr priv = dconn->privateData;
+virDomainPtr ret = NULL;
+virDomainDefPtr minidef = NULL;
+virDomainDefPtr def = NULL;
 
 virCheckFlags(XEN_MIGRATION_FLAGS, NULL);
 
-if (!(dom = xenUnifiedDomainLookupByName(dconn, dname)))
-return NULL;
+if (!(minidef = xenGetDomainDefForName(dconn, dname)))
+goto cleanup;
 
 if (flags & VIR_MIGRATE_PERSIST_DEST) {
-domain_xml = xenDaemonDomainGetXMLDesc(dom, 0, NULL);
-if (! domain_xml) {
-virReportError(VIR_ERR_MIGRATE_PERSIST_FAILED,
-   "%s", _("failed to get XML representation of 
migrated domain"));
-goto error;
-}
+if (!(def = xenDaemonDomainGetXMLDesc(dconn, minidef, NULL)))
+goto cleanup;
 
-dom_new = xenDaemonDomainDefineXML(dconn, domain_xml);
-if (! dom_new) {
-virReportError(VIR_ERR_MIGRATE_PERSIST_FAILED,
-   "%s", _("failed to define domain on destination 
host"));
-goto error;
+if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) {
+if (xenXMDomainDefineXML(dconn, def) < 0)
+goto cleanup;
+} else {
+if (xenDaemonDomainDefineXML(dconn, def) < 0)
+goto cleanup;
 }
-
-/* Free additional reference added by Define */
-virDomainFree(dom_new);
 }
 
-VIR_FREE(domain_xml);
-
-return dom;
-
+ret = virGetDomain(dconn, minidef->name, minidef->uuid);
+if (ret)
+ret->id = minidef->id;
 
-error:
-virDomainFree(dom);
-
-VIR_FREE(domain_xml);
-
-return NULL;
+cleanup:
+virDomainDefFree(def);
+virDomainDefFree(minidef);
+return ret;
 }
 
 static int
@@ -1565,23 +1581,52 @@ static virDomainPtr
 xenUnifiedDomainDefineXML(virConnectPtr conn, const char *xml)
 {
 xenUnifiedPrivatePtr priv = conn->privateData;
+virDomainDefPtr def = NULL;
+virDomainPtr ret = NULL;
 
-

[libvirt] [PATCH 06/11] Convert Xen domain VCPU driver methods to use virDomainDefPtr

[Daniel P. Berrange]

From: "Daniel P. Berrange" 

Introduce use of a virDomainDefPtr in the domain VCPU
APIs to simplify introduction of ACL security checks.
The virDomainPtr cannot be safely used, since the app
may have supplied mis-matching name/uuid/id fields. eg
the name points to domain X, while the uuid points to
domain Y. Resolving the virDomainPtr to a virDomainDefPtr
ensures a consistent name/uuid/id set.

Signed-off-by: Daniel P. Berrange 
---
 src/xen/xen_driver.c | 84 
 src/xen/xen_hypervisor.c | 42 
 src/xen/xen_hypervisor.h |  9 --
 src/xen/xend_internal.c  | 81 ++
 src/xen/xend_internal.h  | 17 ++
 src/xen/xm_internal.c| 30 +
 src/xen/xm_internal.h| 19 ---
 7 files changed, 187 insertions(+), 95 deletions(-)

diff --git a/src/xen/xen_driver.c b/src/xen/xen_driver.c
index 8b7dec9..04cb69d 100644
--- a/src/xen/xen_driver.c
+++ b/src/xen/xen_driver.c
@@ -647,11 +647,30 @@ xenUnifiedConnectNumOfDomains(virConnectPtr conn)
 
 static virDomainPtr
 xenUnifiedDomainCreateXML(virConnectPtr conn,
-  const char *xmlDesc, unsigned int flags)
+  const char *xml,
+  unsigned int flags)
 {
+xenUnifiedPrivatePtr priv = conn->privateData;
+virDomainDefPtr def = NULL;
+virDomainPtr ret = NULL;
+
 virCheckFlags(0, NULL);
 
-return xenDaemonCreateXML(conn, xmlDesc);
+if (!(def = virDomainDefParseString(xml, priv->caps, priv->xmlopt,
+1 << VIR_DOMAIN_VIRT_XEN,
+VIR_DOMAIN_XML_INACTIVE)))
+goto cleanup;
+
+if (xenDaemonCreateXML(conn, def) < 0)
+goto cleanup;
+
+ret = virGetDomain(conn, def->name, def->uuid);
+if (ret)
+ret->id = def->id;
+
+cleanup:
+virDomainDefFree(def);
+return ret;
 }
 
 static virDomainPtr
@@ -1182,6 +1201,8 @@ xenUnifiedDomainSetVcpusFlags(virDomainPtr dom, unsigned 
int nvcpus,
   unsigned int flags)
 {
 xenUnifiedPrivatePtr priv = dom->conn->privateData;
+virDomainDefPtr def = NULL;
+int ret = -1;
 
 virCheckFlags(VIR_DOMAIN_VCPU_LIVE |
   VIR_DOMAIN_VCPU_CONFIG |
@@ -1202,13 +1223,20 @@ xenUnifiedDomainSetVcpusFlags(virDomainPtr dom, 
unsigned int nvcpus,
 return -1;
 }
 
+if (!(def = xenGetDomainDefForDom(dom)))
+goto cleanup;
+
 /* Try non-hypervisor methods first, then hypervisor direct method
  * as a last resort.
  */
 if (dom->id < 0 && priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4)
-return xenXMDomainSetVcpusFlags(dom, nvcpus, flags);
+ret = xenXMDomainSetVcpusFlags(dom->conn, def, nvcpus, flags);
 else
-return xenDaemonDomainSetVcpusFlags(dom, nvcpus, flags);
+ret = xenDaemonDomainSetVcpusFlags(dom->conn, def, nvcpus, flags);
+
+cleanup:
+virDomainDefFree(def);
+return ret;
 }
 
 static int
@@ -1231,15 +1259,24 @@ xenUnifiedDomainPinVcpu(virDomainPtr dom, unsigned int 
vcpu,
 unsigned char *cpumap, int maplen)
 {
 xenUnifiedPrivatePtr priv = dom->conn->privateData;
+virDomainDefPtr def = NULL;
+int ret = -1;
+
+if (!(def = xenGetDomainDefForDom(dom)))
+goto cleanup;
 
 if (dom->id < 0) {
 if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4)
-return xenXMDomainPinVcpu(dom, vcpu, cpumap, maplen);
+ret = xenXMDomainPinVcpu(dom->conn, def, vcpu, cpumap, maplen);
 else
-return xenDaemonDomainPinVcpu(dom, vcpu, cpumap, maplen);
+ret = xenDaemonDomainPinVcpu(dom->conn, def, vcpu, cpumap, maplen);
 } else {
-return xenHypervisorPinVcpu(dom, vcpu, cpumap, maplen);
+ret = xenHypervisorPinVcpu(dom->conn, def, vcpu, cpumap, maplen);
 }
+
+cleanup:
+virDomainDefFree(def);
+return ret;
 }
 
 static int
@@ -1248,39 +1285,58 @@ xenUnifiedDomainGetVcpus(virDomainPtr dom,
  unsigned char *cpumaps, int maplen)
 {
 xenUnifiedPrivatePtr priv = dom->conn->privateData;
+virDomainDefPtr def = NULL;
+int ret = -1;
+
+if (!(def = xenGetDomainDefForDom(dom)))
+goto cleanup;
+
 if (dom->id < 0) {
 if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) {
 virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
_("Cannot get VCPUs of inactive domain"));
-return -1;
+goto cleanup;
 } else {
-return xenDaemonDomainGetVcpus(dom, info, maxinfo, cpumaps, 
maplen);
+ret = xenDaemonDomainGetVcpus(dom->conn, def, info, maxinfo, 
cpumaps, maplen);
 }
 } else {
-return xenHypervisorGetVcpus(dom, info, maxinfo, cpumaps, maplen);
+ret = xenHypervisorGetVcpus(dom->conn, def, info, maxinfo, cpumaps

[libvirt] [PATCH 07/11] Convert Xen domain device hotplug driver methods to use virDomainDefPtr

[Daniel P. Berrange]

From: "Daniel P. Berrange" 

Introduce use of a virDomainDefPtr in the domain hotplug
APIs to simplify introduction of ACL security checks.
The virDomainPtr cannot be safely used, since the app
may have supplied mis-matching name/uuid/id fields. eg
the name points to domain X, while the uuid points to
domain Y. Resolving the virDomainPtr to a virDomainDefPtr
ensures a consistent name/uuid/id set.

Signed-off-by: Daniel P. Berrange 
---
 src/xen/xen_driver.c| 64 +++--
 src/xen/xend_internal.c | 85 ++---
 src/xen/xend_internal.h | 10 --
 src/xen/xm_internal.c   | 22 +++--
 src/xen/xm_internal.h   |  6 ++--
 5 files changed, 122 insertions(+), 65 deletions(-)

diff --git a/src/xen/xen_driver.c b/src/xen/xen_driver.c
index 04cb69d..f5f6407 100644
--- a/src/xen/xen_driver.c
+++ b/src/xen/xen_driver.c
@@ -1695,6 +1695,8 @@ xenUnifiedDomainAttachDevice(virDomainPtr dom, const char 
*xml)
 {
 xenUnifiedPrivatePtr priv = dom->conn->privateData;
 unsigned int flags = VIR_DOMAIN_DEVICE_MODIFY_LIVE;
+virDomainDefPtr def = NULL;
+int ret = -1;
 
 /*
  * HACK: xend with xendConfigVersion >= 3 does not support changing live
@@ -1704,12 +1706,17 @@ xenUnifiedDomainAttachDevice(virDomainPtr dom, const 
char *xml)
 if (priv->xendConfigVersion >= XEND_CONFIG_VERSION_3_0_4)
 flags |= VIR_DOMAIN_DEVICE_MODIFY_CONFIG;
 
+if (!(def = xenGetDomainDefForDom(dom)))
+goto cleanup;
+
 if (dom->id < 0 && priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4)
-return xenXMDomainAttachDeviceFlags(dom, xml, flags);
+ret = xenXMDomainAttachDeviceFlags(dom->conn, def, xml, flags);
 else
-return xenDaemonAttachDeviceFlags(dom, xml, flags);
+ret = xenDaemonAttachDeviceFlags(dom->conn, def, xml, flags);
 
-return -1;
+cleanup:
+virDomainDefFree(def);
+return ret;
 }
 
 static int
@@ -1717,11 +1724,20 @@ xenUnifiedDomainAttachDeviceFlags(virDomainPtr dom, 
const char *xml,
   unsigned int flags)
 {
 xenUnifiedPrivatePtr priv = dom->conn->privateData;
+virDomainDefPtr def = NULL;
+int ret = -1;
+
+if (!(def = xenGetDomainDefForDom(dom)))
+goto cleanup;
 
 if (dom->id < 0 && priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4)
-return xenXMDomainAttachDeviceFlags(dom, xml, flags);
+ret = xenXMDomainAttachDeviceFlags(dom->conn, def, xml, flags);
 else
-return xenDaemonAttachDeviceFlags(dom, xml, flags);
+ret = xenDaemonAttachDeviceFlags(dom->conn, def, xml, flags);
+
+cleanup:
+virDomainDefFree(def);
+return ret;
 }
 
 static int
@@ -1729,6 +1745,8 @@ xenUnifiedDomainDetachDevice(virDomainPtr dom, const char 
*xml)
 {
 xenUnifiedPrivatePtr priv = dom->conn->privateData;
 unsigned int flags = VIR_DOMAIN_DEVICE_MODIFY_LIVE;
+virDomainDefPtr def = NULL;
+int ret = -1;
 
 /*
  * HACK: xend with xendConfigVersion >= 3 does not support changing live
@@ -1738,10 +1756,17 @@ xenUnifiedDomainDetachDevice(virDomainPtr dom, const 
char *xml)
 if (priv->xendConfigVersion >= XEND_CONFIG_VERSION_3_0_4)
 flags |= VIR_DOMAIN_DEVICE_MODIFY_CONFIG;
 
+if (!(def = xenGetDomainDefForDom(dom)))
+goto cleanup;
+
 if (dom->id < 0 && priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4)
-return xenXMDomainDetachDeviceFlags(dom, xml, flags);
+ret = xenXMDomainDetachDeviceFlags(dom->conn, def, xml, flags);
 else
-return xenDaemonDetachDeviceFlags(dom, xml, flags);
+ret = xenDaemonDetachDeviceFlags(dom->conn, def, xml, flags);
+
+cleanup:
+virDomainDefFree(def);
+return ret;
 }
 
 static int
@@ -1749,18 +1774,37 @@ xenUnifiedDomainDetachDeviceFlags(virDomainPtr dom, 
const char *xml,
   unsigned int flags)
 {
 xenUnifiedPrivatePtr priv = dom->conn->privateData;
+virDomainDefPtr def = NULL;
+int ret = -1;
+
+if (!(def = xenGetDomainDefForDom(dom)))
+goto cleanup;
 
 if (dom->id < 0 && priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4)
-return xenXMDomainDetachDeviceFlags(dom, xml, flags);
+ret = xenXMDomainDetachDeviceFlags(dom->conn, def, xml, flags);
 else
-return xenDaemonDetachDeviceFlags(dom, xml, flags);
+ret = xenDaemonDetachDeviceFlags(dom->conn, def, xml, flags);
+
+cleanup:
+virDomainDefFree(def);
+return ret;
 }
 
 static int
 xenUnifiedDomainUpdateDeviceFlags(virDomainPtr dom, const char *xml,
   unsigned int flags)
 {
-return xenDaemonUpdateDeviceFlags(dom, xml, flags);
+virDomainDefPtr def = NULL;
+int ret = -1;
+
+if (!(def = xenGetDomainDefForDom(dom)))
+goto cleanup;
+
+ret = xenDaemonUpdateDeviceFlags(dom->conn, def, xml, flags);
+
+cleanup:
+virDomainDefFree(def);
+return ret;
 }
 
 static int
diff --gi

[libvirt] [PATCH 01/11] Convert Xen domain lookup driver methods to use virDomainDefPtr

[Daniel P. Berrange]

From: "Daniel P. Berrange" 

Introduce use of a virDomainDefPtr in the domain lookup
APIs to simplify introduction of ACL security checks.
The virDomainPtr cannot be safely used, since the app
may have supplied mis-matching name/uuid/id fields. eg
the name points to domain X, while the uuid points to
domain Y. Resolving the virDomainPtr to a virDomainDefPtr
ensures a consistent name/uuid/id set.

Signed-off-by: Daniel P. Berrange 
---
 src/conf/domain_conf.c   |  24 
 src/conf/domain_conf.h   |   4 ++
 src/libvirt_private.syms |   1 +
 src/xen/xen_driver.c | 147 +++
 src/xen/xen_hypervisor.c |  17 +++---
 src/xen/xen_hypervisor.h |   8 +--
 src/xen/xen_inotify.c|  14 ++---
 src/xen/xend_internal.c  |  34 +--
 src/xen/xend_internal.h  |   4 +-
 src/xen/xm_internal.c|  30 --
 src/xen/xm_internal.h|   5 +-
 11 files changed, 173 insertions(+), 115 deletions(-)

diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index d55ce6b..61995cd 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -2048,6 +2048,30 @@ error:
 return NULL;
 }
 
+
+virDomainDefPtr virDomainDefNew(const char *name,
+const unsigned char *uuid,
+int id)
+{
+virDomainDefPtr def;
+
+if (VIR_ALLOC(def) < 0) {
+virReportOOMError();
+return NULL;
+}
+
+if (!(def->name = strdup(name))) {
+VIR_FREE(def);
+return NULL;
+}
+
+memcpy(def->uuid, uuid, VIR_UUID_BUFLEN);
+def->id = id;
+
+return def;
+}
+
+
 void virDomainObjAssignDef(virDomainObjPtr domain,
const virDomainDefPtr def,
bool live,
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 21f7ce2..f7644a6 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -2147,6 +2147,10 @@ void virDomainDefFree(virDomainDefPtr vm);
 
 virDomainChrDefPtr virDomainChrDefNew(void);
 
+virDomainDefPtr virDomainDefNew(const char *name,
+const unsigned char *uuid,
+int id);
+
 enum {
 VIR_DOMAIN_OBJ_LIST_ADD_LIVE = (1 << 0),
 VIR_DOMAIN_OBJ_LIST_ADD_CHECK_LIVE = (1 << 1),
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index bb70595..d2f5827 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -117,6 +117,7 @@ virDomainDefGenSecurityLabelDef;
 virDomainDefGetDefaultEmulator;
 virDomainDefGetSecurityLabelDef;
 virDomainDefMaybeAddController;
+virDomainDefNew;
 virDomainDefParseFile;
 virDomainDefParseNode;
 virDomainDefParseString;
diff --git a/src/xen/xen_driver.c b/src/xen/xen_driver.c
index cc54f7a..d9420d8 100644
--- a/src/xen/xen_driver.c
+++ b/src/xen/xen_driver.c
@@ -82,6 +82,60 @@ xenUnifiedDomainGetVcpus(virDomainPtr dom,
 
 static bool is_privileged = false;
 
+static virDomainDefPtr xenGetDomainDefForID(virConnectPtr conn, int id)
+{
+virDomainDefPtr ret;
+
+ret = xenHypervisorLookupDomainByID(conn, id);
+
+if (!ret && virGetLastError() == NULL)
+virReportError(VIR_ERR_NO_DOMAIN, __FUNCTION__);
+
+return ret;
+}
+
+
+static virDomainDefPtr xenGetDomainDefForName(virConnectPtr conn, const char 
*name)
+{
+xenUnifiedPrivatePtr priv = conn->privateData;
+virDomainDefPtr ret;
+
+ret = xenDaemonLookupByName(conn, name);
+
+/* Try XM for inactive domains. */
+if (!ret &&
+priv->xendConfigVersion <= XEND_CONFIG_VERSION_3_0_3)
+ret = xenXMDomainLookupByName(conn, name);
+
+if (!ret && virGetLastError() == NULL)
+virReportError(VIR_ERR_NO_DOMAIN, __FUNCTION__);
+
+return ret;
+}
+
+
+static virDomainDefPtr xenGetDomainDefForUUID(virConnectPtr conn, const 
unsigned char *uuid)
+{
+xenUnifiedPrivatePtr priv = conn->privateData;
+virDomainDefPtr ret;
+
+ret = xenHypervisorLookupDomainByUUID(conn, uuid);
+
+/* Try XM for inactive domains. */
+if (!ret) {
+if (priv->xendConfigVersion <= XEND_CONFIG_VERSION_3_0_3)
+ret = xenXMDomainLookupByUUID(conn, uuid);
+else
+ret = xenDaemonLookupByUUID(conn, uuid);
+}
+
+if (!ret && virGetLastError() == NULL)
+virReportError(VIR_ERR_NO_DOMAIN, __FUNCTION__);
+
+return ret;
+}
+
+
 /**
  * xenNumaInit:
  * @conn: pointer to the hypervisor connection
@@ -597,12 +651,18 @@ static virDomainPtr
 xenUnifiedDomainLookupByID(virConnectPtr conn, int id)
 {
 virDomainPtr ret = NULL;
+virDomainDefPtr def = NULL;
 
-ret = xenHypervisorLookupDomainByID(conn, id);
+if (!(def = xenGetDomainDefForID(conn, id)))
+goto cleanup;
 
-if (!ret && virGetLastError() == NULL)
-virReportError(VIR_ERR_NO_DOMAIN, __FUNCTION__);
+if (!(ret = virGetDomain(conn, def->name, def->uuid)))
+goto cleanup;
 
+ret->id = def->id;
+
+cleanup:
+virDomainDefFree(def);
 return ret;
 }
 

[libvirt] [PATCH v2 00/11] Refactor Xen driver to support ACL work

[Daniel P. Berrange]

From: "Daniel P. Berrange" 

The Xen driver currently is a really horrible mess, in particular
with the way iterates over sub-drivers calling each one in turn,
until one magically works. For each operation there is always a
clear rule for which sub-driver must be used. Thus instead of
blindly iterating over all drivers, we can directly invoke the
correct sub-driver. This highlights that quite alot of code is
in fact completely unreachable / used & can be deleted.

The second big issue is that the Xen sub-drivers will randomly
use either the 'id', 'name' or 'uuid' from the virDomainPtr object.
If the user provides a malicious virDomainPtr instance, it is
possible to have a 'id' referring to domain A, a 'name' referring
to domain B and a 'uuid' referring to domain C. This makes doing
reliable access control checks difficult. To ensure we have a
consistent triple, use the 'uuid' from virDomainPtr to lookup the
guest with the hypervisor and return a virDomainDefPtr where only
the name/id/uuid are filled out. Use this in the all the subdrivers
isolating them from the public virDomainPtr object. The top level
Xen driver will then be able to do access control checks on the
virDomainDefPtr instances.


In v2:

 - Merged all patches removing the sub-driver iteration
   concept
 - Rebased to latest git

Daniel P. Berrange (11):
  Convert Xen domain lookup driver methods to use virDomainDefPtr
  Convert Xen domain lifecycle driver methods to use virDomainDefPtr
  Convert Xen domain property driver methods to use virDomainDefPtr
  Convert Xen domain managed save driver methods to use virDomainDefPtr
  Convert Xen domain start/migration APIs to use virDomainDefPtr
  Convert Xen domain VCPU driver methods to use virDomainDefPtr
  Convert Xen domain device hotplug driver methods to use
virDomainDefPtr
  Convert Xen domain autostart driver methods to use virDomainDefPtr
  Convert Xen domain scheduler driver methods to use virDomainDefPtr
  Convert Xen domain stats/peek driver methods to use virDomainDefPtr
  Convert Xen domain core dump driver methods to use virDomainDefPtr

 src/conf/domain_conf.c   |  24 ++
 src/conf/domain_conf.h   |   4 +
 src/libvirt_private.syms |   1 +
 src/xen/block_stats.c|   6 +-
 src/xen/block_stats.h|   2 +-
 src/xen/xen_driver.c | 781 ---
 src/xen/xen_hypervisor.c | 131 
 src/xen/xen_hypervisor.h |  60 ++--
 src/xen/xen_inotify.c|  14 +-
 src/xen/xend_internal.c  | 469 ++--
 src/xen/xend_internal.h  | 127 +---
 src/xen/xm_internal.c| 224 +++---
 src/xen/xm_internal.h|  71 +++--
 13 files changed, 1230 insertions(+), 684 deletions(-)

-- 
1.8.1.4

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] [PATCH] Cope with missing swap cgroup controls

[Daniel P. Berrange]

From: "Daniel P. Berrange" 

It is possible to build a kernel without swap cgroup controls
present. This causes a fatal error when querying memory
parameters. Treat missing swap controls as meaning "unlimited".
The fatal error remains if the user tries to actually change
the limit.

Signed-off-by: Daniel P. Berrange 
---
 src/qemu/qemu_driver.c | 9 ++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 6a23573..693b637 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -7612,9 +7612,12 @@ qemuDomainGetMemoryParameters(virDomainPtr dom,
 case 2: /* fill swap hard limit here */
 rc = virCgroupGetMemSwapHardLimit(priv->cgroup, &val);
 if (rc != 0) {
-virReportSystemError(-rc, "%s",
- _("unable to get swap hard limit"));
-goto cleanup;
+if (rc != -ENOENT) {
+virReportSystemError(-rc, "%s",
+ _("unable to get swap hard limit"));
+goto cleanup;
+}
+val = VIR_DOMAIN_MEMORY_PARAM_UNLIMITED;
 }
 if (virTypedParameterAssign(param,
 VIR_DOMAIN_MEMORY_SWAP_HARD_LIMIT,
-- 
1.8.2.1

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH] don't mention disk controllers in generic controller errors

[Ján Tomko]

On 05/09/2013 12:25 PM, Osier Yang wrote:
> On 09/05/13 18:08, Ján Tomko wrote:
>> The controller element supports non-disk controller types too.
>>
>> https://bugzilla.redhat.com/show_bug.cgi?id=960958
> ACK
> 

Thank you, it's pushed now.

Jan

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH] iscsi: don't leak portal string when starting a pool

[Ján Tomko]

On 05/08/2013 09:31 PM, Eric Blake wrote:
> On 05/07/2013 02:02 AM, Ján Tomko wrote:
>> ---
>>  src/storage/storage_backend_iscsi.c | 1 +
>>  1 file changed, 1 insertion(+)
> 
> ACK.
> 

Thanks, I've pushed it now.

Jan

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH v2 2/2] conf: don't crash on a tpm device with no backends

[Ján Tomko]

On 05/09/2013 02:20 PM, Daniel P. Berrange wrote:
> On Thu, May 09, 2013 at 02:18:13PM +0200, Ján Tomko wrote:
>> Print an error instead of crashing when a TPM device without
>> a backend is specified.
>>
>> Add a test for tpm device with no backend, which should fail
>> with a parse error.
>>
>> https://bugzilla.redhat.com/show_bug.cgi?id=961252
>> ---
>>  src/conf/domain_conf.c |  6 +
>>  .../qemuxml2argv-tpm-no-backend-invalid.xml| 27 
>> ++
>>  tests/qemuxml2argvtest.c   |  2 ++
>>  3 files changed, 35 insertions(+)
>>  create mode 100644 
>> tests/qemuxml2argvdata/qemuxml2argv-tpm-no-backend-invalid.xml
> 
> ACK
> 

Thanks, I've pushed the series.

Jan

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH v2 2/2] conf: don't crash on a tpm device with no backends

[Daniel P. Berrange]

On Thu, May 09, 2013 at 02:18:13PM +0200, Ján Tomko wrote:
> Print an error instead of crashing when a TPM device without
> a backend is specified.
> 
> Add a test for tpm device with no backend, which should fail
> with a parse error.
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=961252
> ---
>  src/conf/domain_conf.c |  6 +
>  .../qemuxml2argv-tpm-no-backend-invalid.xml| 27 
> ++
>  tests/qemuxml2argvtest.c   |  2 ++
>  3 files changed, 35 insertions(+)
>  create mode 100644 
> tests/qemuxml2argvdata/qemuxml2argv-tpm-no-backend-invalid.xml

ACK


Daniel
--
|: http://berrange.com  -o-http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org  -o- http://virt-manager.org :|
|: http://autobuild.org   -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org   -o-   http://live.gnome.org/gtk-vnc :|

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH v2 1/2] tests: files named '.*-invalid.xml' should fail validation

[Daniel P. Berrange]

On Thu, May 09, 2013 at 02:18:12PM +0200, Ján Tomko wrote:
> Currently, using an invalid XML in tests fails, because
> the schema test expects all of them to be valid.
> 
> Treat files with -invalid.xml suffix as invalid and expect
> them to fail validation.
> ---
>  tests/schematestutils.sh | 12 
>  1 file changed, 12 insertions(+)
> 
> diff --git a/tests/schematestutils.sh b/tests/schematestutils.sh
> index 4361221..e739b99 100644
> --- a/tests/schematestutils.sh
> +++ b/tests/schematestutils.sh
> @@ -20,6 +20,18 @@ do
>  result=`$cmd 2>&1`
>  ret=$?
>  
> +grep -- '-invalid.xml$' <<< "$xml" 2>&1 >/dev/null
> +invalid=$?
> +
> +# per xmllint man page, the return codes for validation error
> +# are 3 and 4
> +if test $invalid -eq 0; then
> +if test $ret -eq 4 || test $ret -eq 3; then
> +ret=0
> +elif test $ret -eq 0; then
> +ret=3
> +fi
> +fi
>  test_result $n $(basename $(dirname $xml))"/"$(basename $xml) $ret
>  if test "$verbose" = "1" && test $ret != 0 ; then
>  printf '%s\n' "$cmd" "$result"

ACK

Daniel
-- 
|: http://berrange.com  -o-http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org  -o- http://virt-manager.org :|
|: http://autobuild.org   -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org   -o-   http://live.gnome.org/gtk-vnc :|

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] [PATCH v2 2/2] conf: don't crash on a tpm device with no backends

[Ján Tomko]

Print an error instead of crashing when a TPM device without
a backend is specified.

Add a test for tpm device with no backend, which should fail
with a parse error.

https://bugzilla.redhat.com/show_bug.cgi?id=961252
---
 src/conf/domain_conf.c |  6 +
 .../qemuxml2argv-tpm-no-backend-invalid.xml| 27 ++
 tests/qemuxml2argvtest.c   |  2 ++
 3 files changed, 35 insertions(+)
 create mode 100644 
tests/qemuxml2argvdata/qemuxml2argv-tpm-no-backend-invalid.xml

diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 6b71727..b7e253e 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -6988,6 +6988,12 @@ virDomainTPMDefParseXML(const xmlNodePtr node,
 goto error;
 }
 
+if (nbackends == 0) {
+virReportError(VIR_ERR_XML_ERROR, "%s",
+   _("missing TPM device backend"));
+goto error;
+}
+
 if (!(backend = virXMLPropString(backends[0], "type"))) {
 virReportError(VIR_ERR_XML_ERROR, "%s",
_("missing TPM device backend type"));
diff --git a/tests/qemuxml2argvdata/qemuxml2argv-tpm-no-backend-invalid.xml 
b/tests/qemuxml2argvdata/qemuxml2argv-tpm-no-backend-invalid.xml
new file mode 100644
index 000..3b17ff7
--- /dev/null
+++ b/tests/qemuxml2argvdata/qemuxml2argv-tpm-no-backend-invalid.xml
@@ -0,0 +1,27 @@
+
+  TPM-VM
+  11d7cd22-da89-3094-6212-079a48a309a1
+  2097152
+  512288
+  1
+  
+hvm
+
+
+  
+  
+
+  
+  
+  destroy
+  restart
+  destroy
+  
+/usr/bin/qemu
+
+
+
+
+
+  
+
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
index 1286273..b1bf9db 100644
--- a/tests/qemuxml2argvtest.c
+++ b/tests/qemuxml2argvtest.c
@@ -970,6 +970,8 @@ mymain(void)
 
 DO_TEST("tpm-passthrough", QEMU_CAPS_DEVICE,
 QEMU_CAPS_DEVICE_TPM_PASSTHROUGH, QEMU_CAPS_DEVICE_TPM_TIS);
+DO_TEST_PARSE_ERROR("tpm-no-backend-invalid", QEMU_CAPS_DEVICE,
+QEMU_CAPS_DEVICE_TPM_PASSTHROUGH, 
QEMU_CAPS_DEVICE_TPM_TIS);
 
 DO_TEST("pci-autoadd-addr", QEMU_CAPS_DEVICE, QEMU_CAPS_DEVICE_PCI_BRIDGE);
 DO_TEST("pci-autoadd-idx", QEMU_CAPS_DEVICE, QEMU_CAPS_DEVICE_PCI_BRIDGE);
-- 
1.8.1.5

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] [PATCH v2 1/2] tests: files named '.*-invalid.xml' should fail validation

[Ján Tomko]

Currently, using an invalid XML in tests fails, because
the schema test expects all of them to be valid.

Treat files with -invalid.xml suffix as invalid and expect
them to fail validation.
---
 tests/schematestutils.sh | 12 
 1 file changed, 12 insertions(+)

diff --git a/tests/schematestutils.sh b/tests/schematestutils.sh
index 4361221..e739b99 100644
--- a/tests/schematestutils.sh
+++ b/tests/schematestutils.sh
@@ -20,6 +20,18 @@ do
 result=`$cmd 2>&1`
 ret=$?
 
+grep -- '-invalid.xml$' <<< "$xml" 2>&1 >/dev/null
+invalid=$?
+
+# per xmllint man page, the return codes for validation error
+# are 3 and 4
+if test $invalid -eq 0; then
+if test $ret -eq 4 || test $ret -eq 3; then
+ret=0
+elif test $ret -eq 0; then
+ret=3
+fi
+fi
 test_result $n $(basename $(dirname $xml))"/"$(basename $xml) $ret
 if test "$verbose" = "1" && test $ret != 0 ; then
 printf '%s\n' "$cmd" "$result"
-- 
1.8.1.5

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] [PATCH v2 0/2] don't crash on a tpm device with no backends

[Ján Tomko]

v2: added tests
v1: https://www.redhat.com/archives/libvir-list/2013-May/msg00651.html

Ján Tomko (2):
  tests: files named '.*-invalid.xml' should fail validation
  conf: don't crash on a tpm device with no backends

 src/conf/domain_conf.c |  6 +
 .../qemuxml2argv-tpm-no-backend-invalid.xml| 27 ++
 tests/qemuxml2argvtest.c   |  2 ++
 tests/schematestutils.sh   | 12 ++
 4 files changed, 47 insertions(+)
 create mode 100644 
tests/qemuxml2argvdata/qemuxml2argv-tpm-no-backend-invalid.xml

-- 
1.8.1.5

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH v3 00/34] Introduce VIR_STRDUP

[Michal Privoznik]

On 03.05.2013 16:53, Michal Privoznik wrote:
> Previously this aimed on dropping OOM report from almost
> everywhere (v1), then just prepare the ground (v2). Now, it just
> aims on introducing VIR_STRDUP and VIR_STRNDUP which do report
> OOM error. This will cause rebase conflicts, for sure. Sorry.
> 
> Patches available at:
>   git://gitorious.org/~zippy2/libvirt/michal-staging.git
>   branch oom4
> 
> 
> Michal Privoznik (34):
>   virstring: Introduce VIR_STRDUP and VIR_STRNDUP
>   Adapt to VIR_STRDUP and VIR_STRNDUP in daemon/*
>   Adapt to VIR_STRDUP and VIR_STRNDUP in src/conf/*
>   Adapt to VIR_STRDUP and VIR_STRNDUP in src/cpu/*
>   Adapt to VIR_STRDUP and VIR_STRNDUP in src/esx/*
>   Adapt to VIR_STRDUP and VIR_STRNDUP in src/hyperv/*
>   Adapt to VIR_STRDUP and VIR_STRNDUP in src/libxl/*
>   Adapt to VIR_STRDUP and VIR_STRNDUP in src/locking/*
>   Adapt to VIR_STRDUP and VIR_STRNDUP in src/lxc/*
>   Adapt to VIR_STRDUP and VIR_STRNDUP in src/network/*
>   Adapt to VIR_STRDUP and VIR_STRNDUP in src/node_device/*
>   Adapt to VIR_STRDUP and VIR_STRNDUP in src/interface/*
>   Adapt to VIR_STRDUP and VIR_STRNDUP in src/nwfilter/*
>   Adapt to VIR_STRDUP and VIR_STRNDUP in src/openvz/*
>   Adapt to VIR_STRDUP and VIR_STRNDUP in src/parallels/*
>   Adapt to VIR_STRDUP and VIR_STRNDUP in src/phyp/*
>   Adapt to VIR_STRDUP and VIR_STRNDUP in src/qemu/*
>   Adapt to VIR_STRDUP and VIR_STRNDUP in src/remote/*
>   Adapt to VIR_STRDUP and VIR_STRNDUP in src/rpc/*
>   Adapt to VIR_STRDUP and VIR_STRNDUP in src/secret/*
>   Adapt to VIR_STRDUP and VIR_STRNDUP in src/security/*
>   Adapt to VIR_STRDUP and VIR_STRNDUP in src/storage/*
>   Adapt to VIR_STRDUP and VIR_STRNDUP in src/test/*
>   Adapt to VIR_STRDUP and VIR_STRNDUP in src/uml/*
>   Adapt to VIR_STRDUP and VIR_STRNDUP in src/util/*
>   Adapt to VIR_STRDUP and VIR_STRNDUP in src/vbox/*
>   Adapt to VIR_STRDUP and VIR_STRNDUP in src/vmware/*
>   Adapt to VIR_STRDUP and VIR_STRNDUP in src/vmx/*
>   Adapt to VIR_STRDUP and VIR_STRNDUP in src/xen/*
>   Adapt to VIR_STRDUP and VIR_STRNDUP in src/xenapi/*
>   Adapt to VIR_STRDUP and VIR_STRNDUP in src/xenxs/*
>   Adapt to VIR_STRDUP and VIR_STRNDUP in tests/*
>   Adapt to VIR_STRDUP and VIR_STRNDUP in src/*
>   Introduce syntax-check rule to prefer VIR_STRDUP over strdup
> 
>  HACKING   |  11 +
>  cfg.mk|   8 +
>  daemon/libvirtd-config.c  |  50 ++--
>  daemon/libvirtd.c |  29 +--
>  daemon/remote.c   | 161 +---
>  docs/hacking.html.in  |  14 +
>  include/libvirt/libvirt.h.in  |  10 +-
>  src/conf/capabilities.c   |  30 +--
>  src/conf/cpu_conf.c   |  19 +-
>  src/conf/domain_conf.c| 105 +++-
>  src/conf/domain_event.c   |  39 ++-
>  src/conf/node_device_conf.c   |  29 +--
>  src/conf/nwfilter_conf.c  |  17 +-
>  src/conf/nwfilter_params.c|  30 +--
>  src/conf/snapshot_conf.c  |  11 +-
>  src/conf/storage_conf.c   |  13 +-
>  src/conf/virchrdev.c  |  12 +-
>  src/cpu/cpu_generic.c |   8 +-
>  src/cpu/cpu_map.c |   3 +-
>  src/cpu/cpu_powerpc.c |  13 +-
>  src/cpu/cpu_x86.c |  10 +-
>  src/datatypes.c   |  76 +++---
>  src/esx/esx_driver.c  |  43 +--
>  src/esx/esx_interface_driver.c|   7 +-
>  src/esx/esx_network_driver.c  |  28 +-
>  src/esx/esx_storage_backend_iscsi.c   |  21 +-
>  src/esx/esx_storage_backend_vmfs.c|  16 +-
>  src/esx/esx_util.c|  45 +---
>  src/esx/esx_vi.c  |  79 ++
>  src/esx/esx_vi_types.c|  36 +--
>  src/hyperv/hyperv_driver.c|  50 +---
>  src/hyperv/hyperv_util.c  |  18 +-
>  src/interface/interface_backend_udev.c|  36 +--
>  src/libvirt.c |  14 +-
>  src/libvirt_private.syms  |   2 +
>  src/libxl/libxl_conf.c|  86 ++
>  src/libxl/libxl_driver.c  |  14 +-
>  src/locking/lock_daemon.c |  30 +--
>  src/locking/lock_daemon_config.c  |  12 +-
>  src/locking/lock_daemon_dispatch.c|   6 +-
>  src/locking/lock_driver_lockd.c   |  41 ++-
>  src/locking/lock_driver_sanlock.c |  12 +-
>  src/locking/lock_manager.c|   4 +-
>  src/lxc/lxc_cgroup.c  |   3 +-
>  src/lxc/lxc_conf.c|  36 ++-
>  src/lxc/lxc_container.c   |  18 +-
>  src/lxc/lxc_controller.c  |  20 +-
>  src/lxc/lxc_driver.c  |   9 +-
>  src/lxc/lxc_process.c |   7 +-

Re: [libvirt] [PATCH 29/40] Simplify the Xen domain stats/peek / node memory driver methods

[Daniel P. Berrange]

On Wed, May 08, 2013 at 05:33:13PM -0600, Jim Fehlig wrote:
> Daniel P. Berrange wrote:
> > From: "Daniel P. Berrange" 
> >
> > Make the Xen domain stats / peek and node memory driver
> > methods unconditionally call the sub-drivers which are
> > guaranteed to be open.
> >
> > Signed-off-by: Daniel P. Berrange 
> > ---
> >  src/xen/xen_driver.c| 59 
> > +
> >  src/xen/xend_internal.c |  3 ---
> >  2 files changed, 11 insertions(+), 51 deletions(-)
> >
> > diff --git a/src/xen/xen_driver.c b/src/xen/xen_driver.c
> > index 1941dbe..d6817eb 100644
> > --- a/src/xen/xen_driver.c
> > +++ b/src/xen/xen_driver.c
> > @@ -1566,26 +1566,14 @@ static int
> >  xenUnifiedDomainBlockStats(virDomainPtr dom, const char *path,
> > struct _virDomainBlockStats *stats)
> >  {
> > -xenUnifiedPrivatePtr priv = dom->conn->privateData;
> > -
> > -if (priv->opened[XEN_UNIFIED_HYPERVISOR_OFFSET])
> > -return xenHypervisorDomainBlockStats(dom, path, stats);
> > -
> > -virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
> > -return -1;
> > +return xenHypervisorDomainBlockStats(dom, path, stats);
> >  }
> >  
> >  static int
> >  xenUnifiedDomainInterfaceStats(virDomainPtr dom, const char *path,
> > struct _virDomainInterfaceStats *stats)
> >  {
> > -xenUnifiedPrivatePtr priv = dom->conn->privateData;
> > -
> > -if (priv->opened[XEN_UNIFIED_HYPERVISOR_OFFSET])
> > -return xenHypervisorDomainInterfaceStats(dom, path, stats);
> > -
> > -virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
> > -return -1;
> > +return xenHypervisorDomainInterfaceStats(dom, path, stats);
> >  }
> >  
> >  static int
> > @@ -1593,57 +1581,32 @@ xenUnifiedDomainBlockPeek(virDomainPtr dom, const 
> > char *path,
> >unsigned long long offset, size_t size,
> >void *buffer, unsigned int flags)
> >  {
> > -int r;
> >  xenUnifiedPrivatePtr priv = dom->conn->privateData;
> >  
> >  virCheckFlags(0, -1);
> >  
> > -if (priv->opened[XEN_UNIFIED_XEND_OFFSET]) {
> > -r = xenDaemonDomainBlockPeek(dom, path, offset, size, buffer);
> > -if (r != -2) return r;
> > -/* r == -2 means declined, so fall through to XM driver ... */
> > -}
> >   
> 
> Heh, hack to make the unified driver keep trying. We won't miss this
> code. BTW, it would be good to remove the "-2 if declined" comment in
> the function description. I didn't look for these now outdated comments
> in your previous patches where similar changes were made.

Yep, there were a couple more comments to be removed in the
domain vcpu patch, which I've now modified.

Thanks for all the reviews so far ! I'm going to push the first 29
patches now. I've tested basic operations and things seem to be
working sanely to me.

Daniel
-- 
|: http://berrange.com  -o-http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org  -o- http://virt-manager.org :|
|: http://autobuild.org   -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org   -o-   http://live.gnome.org/gtk-vnc :|

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] "virsh edit" failed to take effect on KVM

[Daniel P. Berrange]

On Thu, May 09, 2013 at 11:49:05AM +, Gonglei (Arei) wrote:
> Hi all,
>we use the command "virsh edit"  to modify the VM configuration 
> information online on KVM Platform(libvirt-1.0.0 and qemu-1.4), 
> but it does not take effect after reboot. However, it works fine on Xen 
> Platform.
>   
>for an example,a VM is running with the following configuration 
> information:
>  ...
>  
>   hvm
>   
>   
> 
> ...
>use command "virsh edit " to modify it:
>  ...
>  
>   hvm
>   
>   
> 
> ...
> With the changing, the VM is expected to start from cdrom, when execute the 
> command "virsh reboot".
> But the fact is that the modify does not take effect, the VM is still start 
> from hd. 

"virsh edit" changes the persistent configuration of a guest, and as such this
has no effect on the runtime state of the guest. The changes will only take
effect at the next cold boot. 'virsh reboot' does a warm boot, hence won't see
the changes.

> Well, it will take effect if I use command "virsh shutdown" and "virsh start" 
> instesad of "virsh reboot".
> We are wondering if there have any other ways to take the online modify 
> effect. 
> What is the next step going on with the command "virsh edit" on KVM Platform? 
> Any ideas? 

AFAIK, there is no way to programatically change the BIOS boot order for
a running QEMU process.

Daniel
-- 
|: http://berrange.com  -o-http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org  -o- http://virt-manager.org :|
|: http://autobuild.org   -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org   -o-   http://live.gnome.org/gtk-vnc :|

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] "virsh edit" failed to take effect on KVM

[Gonglei (Arei)]

Hi all,
   we use the command "virsh edit"  to modify the VM configuration information 
online on KVM Platform(libvirt-1.0.0 and qemu-1.4), 
but it does not take effect after reboot. However, it works fine on Xen 
Platform.
  
   for an example,a VM is running with the following configuration information:
   ...
   
hvm


  
  ...
   use command "virsh edit " to modify it:
   ...
   
hvm


  
  ...
With the changing, the VM is expected to start from cdrom, when execute the 
command "virsh reboot".
But the fact is that the modify does not take effect, the VM is still start 
from hd. 
Well, it will take effect if I use command "virsh shutdown" and "virsh start" 
instesad of "virsh reboot".
We are wondering if there have any other ways to take the online modify effect. 
What is the next step going on with the command "virsh edit" on KVM Platform? 
Any ideas? 

Thanks!

-Gonglei

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 24/40] Simplify the Xen domain start driver method

[Daniel P. Berrange]

On Wed, May 08, 2013 at 04:40:04PM -0600, Jim Fehlig wrote:
> Daniel P. Berrange wrote:
> > From: "Daniel P. Berrange" 
> >
> > Directly call either the XenD or XM driver when starting
> > a persistent domain
> >
> > Signed-off-by: Daniel P. Berrange 
> > ---
> >  src/xen/xen_driver.c| 20 +++-
> >  src/xen/xen_driver.h|  1 -
> >  src/xen/xend_internal.c | 20 +---
> >  src/xen/xm_internal.c   |  4 
> >  4 files changed, 8 insertions(+), 37 deletions(-)

> > diff --git a/src/xen/xend_internal.c b/src/xen/xend_internal.c
> > index addc547..dcd31de 100644
> > --- a/src/xen/xend_internal.c
> > +++ b/src/xen/xend_internal.c
> > @@ -2899,24 +2899,7 @@ xenDaemonDomainDefineXML(virConnectPtr conn, const 
> > char *xmlDesc)
> >  int
> >  xenDaemonDomainCreate(virDomainPtr domain)
> >  {
> > -xenUnifiedPrivatePtr priv = domain->conn->privateData;
> > -int ret;
> > -virDomainPtr tmp;
> > -
> > -if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4)
> > -return -1;
> > -
> > -ret = xend_op(domain->conn, domain->name, "op", "start", NULL);
> > -
> > -if (ret != -1) {
> > -/* Need to force a refresh of this object's ID */
> > -tmp = virDomainLookupByName(domain->conn, domain->name);
> > -if (tmp) {
> > -domain->id = tmp->id;
> > -virDomainFree(tmp);
> > -}
> > -}
> >   
> 
> Should this bit about updating the domain id be removed? Will the dom id
> remain at -1? If the id needs updated, it should probably be retrieved
> directly from xend.

Doh, I thought it was obsolete, but I was smoking crack. I'm
squashing in the following


@@ -2899,7 +2899,18 @@ xenDaemonDomainDefineXML(virConnectPtr conn, const char 
*xmlDesc)
 int
 xenDaemonDomainCreate(virDomainPtr domain)
 {
-return xend_op(domain->conn, domain->name, "op", "start", NULL);
+int ret;
+
+ret = xend_op(domain->conn, domain->name, "op", "start", NULL);
+
+if (ret == 0) {
+int id = xenDaemonDomainLookupByName_ids(domain->conn, domain->name,
+ domain->uuid);
+if (id > 0)
+domain->id = id;
+}
+
+return ret;
 }
 
 int


Daniel
-- 
|: http://berrange.com  -o-http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org  -o- http://virt-manager.org :|
|: http://autobuild.org   -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org   -o-   http://live.gnome.org/gtk-vnc :|

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 3/4] Validate the bios_date format for

[John Ferlan]

On 05/09/2013 06:59 AM, Martin Kletzander wrote:
> On 04/30/2013 08:19 PM, John Ferlan wrote:
>> ---
>>  src/conf/domain_conf.c | 24 
>>  1 file changed, 24 insertions(+)
>>
>> diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
>> index a8b5dfd..43273f8 100644
>> --- a/src/conf/domain_conf.c
>> +++ b/src/conf/domain_conf.c
>> @@ -11591,6 +11591,30 @@ virDomainDefParseXML(xmlDocPtr xml,
>>  goto error;
>>  }
>>  }
>> +if (def->sysinfo->bios_date != NULL) {
>> +char *date = def->sysinfo->bios_date;
>> +char *ptr;
>> +struct tm tm;
>> +memset(&tm, 0, sizeof(tm));
>> +
>> +/* Validate just the format of the date
>> + * Expect mm/dd/ or mm/dd/yy,
>> + * where yy must be 00->99 and would be assumed to be 19xx
>> + * a  date should be 1900 and beyond
>> + */
>> +if (virStrToLong_i(date, &ptr, 10, &tm.tm_mon) < 0 ||
>> +*ptr != '/' ||
>> +virStrToLong_i(ptr+1, &ptr, 10, &tm.tm_mday) < 0 ||
>> +*ptr != '/' ||
>> +virStrToLong_i(ptr+1, &ptr, 10, &tm.tm_year) < 0 ||
>> +*ptr != '\0' ||
>> +(tm.tm_year < 0 || (tm.tm_year >= 100 && tm.tm_year < 
>> 1900))) {
>> +virReportError(VIR_ERR_INTERNAL_ERROR,
> 
> Seems like another abuse of internal error, but I don't know what to use here,
> properly.  Maybe VIR_ERR_XML_DETAIL?
> 
>> +   _("Invalid BIOS 'date' format: %s"),
>> +   def->sysinfo->bios_date);
> 
> Unnecessarily long, you can do 's/def->sysinfo->bios_//' and save one
> line here ;-)
> 
>> +goto error;
>> +}
>> +}
>>  }
>>  
>>  if ((tmp = virXPathString("string(./os/smbios/@mode)", ctxt))) {
>>

FYI: The above is essentially a cut-n-reformat for this particular need
of virDomainGraphicsAuthDefParseXML().  And while I agree it's an eye
strain to read - I also tried various strptime() formats then using
strftime() to format it back..

> 
> I find it a bit harder to read.  Wouldn't this be more nicer if we used
> sscanf()?  Or we could take care a bit about the date and do it even
> shorter with strptime(), something like this:
> 
> diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
> index d55ce6b..61f385c 100644
> --- a/src/conf/domain_conf.c
> +++ b/src/conf/domain_conf.c
> @@ -11588,6 +11588,20 @@ virDomainDefParseXML(xmlDocPtr xml,
>  goto error;
>  }
>  }
> +if (def->sysinfo->bios_date != NULL) {
> +char *date = def->sysinfo->bios_date;
> +char *end;
> +struct tm tm;
> +memset(&tm, 0, sizeof(struct tm));
> +
> +end = strptime(date, "%D", &tm);

I did try using strptime() in order to validate, but it was far from
perfect, although easier to read...

The %D is the equivalent to %m/%d/%y which doesn't work when the date is
presented as "5/9/2013" a resulting strftime() provides "05/09/20".  The
"best" format has been "%m/%d/%Y" and it's perfectly reasonable to use
it rather than the virStrToLong_i() calls.

The purpose for the tm_year validation/check comes from the spec which
has requirement regarding using 'yy' vs. ''.  In particular, is
1/1/1850 a valid date?  Well yes, technically according to strptime(),
but not necessarily "right" according to the spec.

There is an SMBIOS spec which describes the various fields and their
requirements. See page 28 of the following:

http://dmtf.org/sites/default/files/standards/documents/DSP0134_2.8.0.pdf

> +
> +if (!end || *end != '\0') {
> +virReportError(VIR_ERR_XML_DETAIL,
> +   _("Invalid BIOS 'date' format: %s"), date);
> +goto error;
> +}
> +}
>  }
> 
>  if ((tmp = virXPathString("string(./os/smbios/@mode)", ctxt))) {
> --
> 
> Or should we allow even dates like "99/99/"?

Which would fail using strptime(), but not the above algorithm.

> 
> Martin
> 
> P.S.: I don't mean to be rude with nit-picking, but a test for that
> would be nice ;-)

Nit picking is fine - wasn't quite sure where to put a test on something
like this.


John

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 3/4] Validate the bios_date format for

[Martin Kletzander]

On 04/30/2013 08:19 PM, John Ferlan wrote:
> ---
>  src/conf/domain_conf.c | 24 
>  1 file changed, 24 insertions(+)
> 
> diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
> index a8b5dfd..43273f8 100644
> --- a/src/conf/domain_conf.c
> +++ b/src/conf/domain_conf.c
> @@ -11591,6 +11591,30 @@ virDomainDefParseXML(xmlDocPtr xml,
>  goto error;
>  }
>  }
> +if (def->sysinfo->bios_date != NULL) {
> +char *date = def->sysinfo->bios_date;
> +char *ptr;
> +struct tm tm;
> +memset(&tm, 0, sizeof(tm));
> +
> +/* Validate just the format of the date
> + * Expect mm/dd/ or mm/dd/yy,
> + * where yy must be 00->99 and would be assumed to be 19xx
> + * a  date should be 1900 and beyond
> + */
> +if (virStrToLong_i(date, &ptr, 10, &tm.tm_mon) < 0 ||
> +*ptr != '/' ||
> +virStrToLong_i(ptr+1, &ptr, 10, &tm.tm_mday) < 0 ||
> +*ptr != '/' ||
> +virStrToLong_i(ptr+1, &ptr, 10, &tm.tm_year) < 0 ||
> +*ptr != '\0' ||
> +(tm.tm_year < 0 || (tm.tm_year >= 100 && tm.tm_year < 
> 1900))) {
> +virReportError(VIR_ERR_INTERNAL_ERROR,

Seems like another abuse of internal error, but I don't know what to use here,
properly.  Maybe VIR_ERR_XML_DETAIL?

> +   _("Invalid BIOS 'date' format: %s"),
> +   def->sysinfo->bios_date);

Unnecessarily long, you can do 's/def->sysinfo->bios_//' and save one
line here ;-)

> +goto error;
> +}
> +}
>  }
>  
>  if ((tmp = virXPathString("string(./os/smbios/@mode)", ctxt))) {
> 

I find it a bit harder to read.  Wouldn't this be more nicer if we used
sscanf()?  Or we could take care a bit about the date and do it even
shorter with strptime(), something like this:

diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index d55ce6b..61f385c 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -11588,6 +11588,20 @@ virDomainDefParseXML(xmlDocPtr xml,
 goto error;
 }
 }
+if (def->sysinfo->bios_date != NULL) {
+char *date = def->sysinfo->bios_date;
+char *end;
+struct tm tm;
+memset(&tm, 0, sizeof(struct tm));
+
+end = strptime(date, "%D", &tm);
+
+if (!end || *end != '\0') {
+virReportError(VIR_ERR_XML_DETAIL,
+   _("Invalid BIOS 'date' format: %s"), date);
+goto error;
+}
+}
 }

 if ((tmp = virXPathString("string(./os/smbios/@mode)", ctxt))) {
--

Or should we allow even dates like "99/99/"?

Martin

P.S.: I don't mean to be rude with nit-picking, but a test for that
would be nice ;-)

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH v3 09/34] Adapt to VIR_STRDUP and VIR_STRNDUP in src/lxc/*

[Martin Kletzander]

On 05/09/2013 12:53 PM, Michal Privoznik wrote:
> On 09.05.2013 12:49, Daniel P. Berrange wrote:
>> On Thu, May 09, 2013 at 12:31:14PM +0200, Michal Privoznik wrote:
>>> On 09.05.2013 10:15, Daniel P. Berrange wrote:
 On Wed, May 08, 2013 at 04:01:04PM -0600, Eric Blake wrote:
> On 05/03/2013 08:53 AM, Michal Privoznik wrote:
>> ---
>>  src/lxc/lxc_cgroup.c |  3 +--
>>  src/lxc/lxc_conf.c   | 36 +---
>>  src/lxc/lxc_container.c  | 18 --
>>  src/lxc/lxc_controller.c | 20 
>>  src/lxc/lxc_driver.c |  9 ++---
>>  src/lxc/lxc_process.c|  7 ---
>>  6 files changed, 36 insertions(+), 57 deletions(-)
>>
>> diff --git a/src/lxc/lxc_cgroup.c b/src/lxc/lxc_cgroup.c
>> @@ -161,18 +161,18 @@ int lxcLoadDriverConfig(virLXCDriverPtr driver)
>>  driver->securityRequireConfined = false;
>>  
>>  /* Set the container configuration directory */
>> -if ((driver->configDir = strdup(LXC_CONFIG_DIR)) == NULL)
>> -goto no_memory;
>> -if ((driver->stateDir = strdup(LXC_STATE_DIR)) == NULL)
>> -goto no_memory;
>> -if ((driver->logDir = strdup(LXC_LOG_DIR)) == NULL)
>> -goto no_memory;
>> -if ((driver->autostartDir = strdup(LXC_AUTOSTART_DIR)) == NULL)
>> -goto no_memory;
>> +if (VIR_STRDUP(driver->configDir, LXC_CONFIG_DIR) < 0)
>> +goto error;
>> +if (VIR_STRDUP(driver->stateDir, LXC_STATE_DIR) < 0)
>> +goto error;
>> +if (VIR_STRDUP(driver->logDir, LXC_LOG_DIR) < 0)
>> +goto error;
>> +if (VIR_STRDUP(driver->autostartDir, LXC_AUTOSTART_DIR) < 0)
>> +goto error;
>
> You could chain these into one 'if', if desired.

 I generally prefer it if we do not merge separate statements
 like these into one if, because it makes debugging harder.
 eg if any of these were to generate a SEGV, then GDB can
 only tell you the line of the start of the if(). Having
 them separate it can tell you exactly which is at fault.

 Daniel

>>>
>>> Not true unless you compile without -g. If you do copile with -g gdb is
>>> actually able to tell you the full stack trace - so you can see the
>>> right line within if() statement which caused the trouble.
>>
>> Actually it depends on the quality of the debuginfo provided by the
>> compiler. Historically it has not been able todo this correctly. I
>> am not clear on what version of gcc fixed this, but I've certainly
>> hit the problem many times in the past.
>>
>> Daniel
>>
> 
> Aaah. Okay then - I've tested on the latest gcc-4.8.0 and gdb-7.6 which
> could explain why I don't see the problem. So I will not join the if()'s
> for now. Neither split those already joined. :) I'll just leave
> everything as is.
> 
> Michal
> 

When using 4.8.0, did it make the use of default
'-ftrack-macro-expansion=2'?  I wonder if it also expands the macro in
the debuginfo.

Martin

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH v3 09/34] Adapt to VIR_STRDUP and VIR_STRNDUP in src/lxc/*

[Michal Privoznik]

On 09.05.2013 12:49, Daniel P. Berrange wrote:
> On Thu, May 09, 2013 at 12:31:14PM +0200, Michal Privoznik wrote:
>> On 09.05.2013 10:15, Daniel P. Berrange wrote:
>>> On Wed, May 08, 2013 at 04:01:04PM -0600, Eric Blake wrote:
 On 05/03/2013 08:53 AM, Michal Privoznik wrote:
> ---
>  src/lxc/lxc_cgroup.c |  3 +--
>  src/lxc/lxc_conf.c   | 36 +---
>  src/lxc/lxc_container.c  | 18 --
>  src/lxc/lxc_controller.c | 20 
>  src/lxc/lxc_driver.c |  9 ++---
>  src/lxc/lxc_process.c|  7 ---
>  6 files changed, 36 insertions(+), 57 deletions(-)
>
> diff --git a/src/lxc/lxc_cgroup.c b/src/lxc/lxc_cgroup.c
> @@ -161,18 +161,18 @@ int lxcLoadDriverConfig(virLXCDriverPtr driver)
>  driver->securityRequireConfined = false;
>  
>  /* Set the container configuration directory */
> -if ((driver->configDir = strdup(LXC_CONFIG_DIR)) == NULL)
> -goto no_memory;
> -if ((driver->stateDir = strdup(LXC_STATE_DIR)) == NULL)
> -goto no_memory;
> -if ((driver->logDir = strdup(LXC_LOG_DIR)) == NULL)
> -goto no_memory;
> -if ((driver->autostartDir = strdup(LXC_AUTOSTART_DIR)) == NULL)
> -goto no_memory;
> +if (VIR_STRDUP(driver->configDir, LXC_CONFIG_DIR) < 0)
> +goto error;
> +if (VIR_STRDUP(driver->stateDir, LXC_STATE_DIR) < 0)
> +goto error;
> +if (VIR_STRDUP(driver->logDir, LXC_LOG_DIR) < 0)
> +goto error;
> +if (VIR_STRDUP(driver->autostartDir, LXC_AUTOSTART_DIR) < 0)
> +goto error;

 You could chain these into one 'if', if desired.
>>>
>>> I generally prefer it if we do not merge separate statements
>>> like these into one if, because it makes debugging harder.
>>> eg if any of these were to generate a SEGV, then GDB can
>>> only tell you the line of the start of the if(). Having
>>> them separate it can tell you exactly which is at fault.
>>>
>>> Daniel
>>>
>>
>> Not true unless you compile without -g. If you do copile with -g gdb is
>> actually able to tell you the full stack trace - so you can see the
>> right line within if() statement which caused the trouble.
> 
> Actually it depends on the quality of the debuginfo provided by the
> compiler. Historically it has not been able todo this correctly. I
> am not clear on what version of gcc fixed this, but I've certainly
> hit the problem many times in the past.
> 
> Daniel
> 

Aaah. Okay then - I've tested on the latest gcc-4.8.0 and gdb-7.6 which
could explain why I don't see the problem. So I will not join the if()'s
for now. Neither split those already joined. :) I'll just leave
everything as is.

Michal

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH v3 09/34] Adapt to VIR_STRDUP and VIR_STRNDUP in src/lxc/*

[Daniel P. Berrange]

On Thu, May 09, 2013 at 12:31:14PM +0200, Michal Privoznik wrote:
> On 09.05.2013 10:15, Daniel P. Berrange wrote:
> > On Wed, May 08, 2013 at 04:01:04PM -0600, Eric Blake wrote:
> >> On 05/03/2013 08:53 AM, Michal Privoznik wrote:
> >>> ---
> >>>  src/lxc/lxc_cgroup.c |  3 +--
> >>>  src/lxc/lxc_conf.c   | 36 +---
> >>>  src/lxc/lxc_container.c  | 18 --
> >>>  src/lxc/lxc_controller.c | 20 
> >>>  src/lxc/lxc_driver.c |  9 ++---
> >>>  src/lxc/lxc_process.c|  7 ---
> >>>  6 files changed, 36 insertions(+), 57 deletions(-)
> >>>
> >>> diff --git a/src/lxc/lxc_cgroup.c b/src/lxc/lxc_cgroup.c
> >>> @@ -161,18 +161,18 @@ int lxcLoadDriverConfig(virLXCDriverPtr driver)
> >>>  driver->securityRequireConfined = false;
> >>>  
> >>>  /* Set the container configuration directory */
> >>> -if ((driver->configDir = strdup(LXC_CONFIG_DIR)) == NULL)
> >>> -goto no_memory;
> >>> -if ((driver->stateDir = strdup(LXC_STATE_DIR)) == NULL)
> >>> -goto no_memory;
> >>> -if ((driver->logDir = strdup(LXC_LOG_DIR)) == NULL)
> >>> -goto no_memory;
> >>> -if ((driver->autostartDir = strdup(LXC_AUTOSTART_DIR)) == NULL)
> >>> -goto no_memory;
> >>> +if (VIR_STRDUP(driver->configDir, LXC_CONFIG_DIR) < 0)
> >>> +goto error;
> >>> +if (VIR_STRDUP(driver->stateDir, LXC_STATE_DIR) < 0)
> >>> +goto error;
> >>> +if (VIR_STRDUP(driver->logDir, LXC_LOG_DIR) < 0)
> >>> +goto error;
> >>> +if (VIR_STRDUP(driver->autostartDir, LXC_AUTOSTART_DIR) < 0)
> >>> +goto error;
> >>
> >> You could chain these into one 'if', if desired.
> > 
> > I generally prefer it if we do not merge separate statements
> > like these into one if, because it makes debugging harder.
> > eg if any of these were to generate a SEGV, then GDB can
> > only tell you the line of the start of the if(). Having
> > them separate it can tell you exactly which is at fault.
> > 
> > Daniel
> > 
> 
> Not true unless you compile without -g. If you do copile with -g gdb is
> actually able to tell you the full stack trace - so you can see the
> right line within if() statement which caused the trouble.

Actually it depends on the quality of the debuginfo provided by the
compiler. Historically it has not been able todo this correctly. I
am not clear on what version of gcc fixed this, but I've certainly
hit the problem many times in the past.

Daniel
-- 
|: http://berrange.com  -o-http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org  -o- http://virt-manager.org :|
|: http://autobuild.org   -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org   -o-   http://live.gnome.org/gtk-vnc :|

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH] conf: don't crash on a tpm device with no backends

[Daniel P. Berrange]

On Thu, May 09, 2013 at 12:36:37PM +0200, Ján Tomko wrote:
> Print an error instead of crashing when a TPM device without
> a backend is specified.
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=961252
> ---
>  src/conf/domain_conf.c | 6 ++
>  1 file changed, 6 insertions(+)
> 
> diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
> index d55ce6b..eb579c6 100644
> --- a/src/conf/domain_conf.c
> +++ b/src/conf/domain_conf.c
> @@ -6988,6 +6988,12 @@ virDomainTPMDefParseXML(const xmlNodePtr node,
>  goto error;
>  }
>  
> +if (nbackends == 0) {
> +virReportError(VIR_ERR_XML_ERROR, "%s",
> +   _("missing TPM device backend"));
> +goto error;
> +}
> +
>  if (!(backend = virXMLPropString(backends[0], "type"))) {
>  virReportError(VIR_ERR_XML_ERROR, "%s",
> _("missing TPM device backend type"));

Add a test case please.


Daniel
-- 
|: http://berrange.com  -o-http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org  -o- http://virt-manager.org :|
|: http://autobuild.org   -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org   -o-   http://live.gnome.org/gtk-vnc :|

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH] conf: don't crash on a tpm device with no backends

[Osier Yang]

On 09/05/13 18:36, Ján Tomko wrote:

Print an error instead of crashing when a TPM device without
a backend is specified.

https://bugzilla.redhat.com/show_bug.cgi?id=961252
---
  src/conf/domain_conf.c | 6 ++
  1 file changed, 6 insertions(+)

diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index d55ce6b..eb579c6 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -6988,6 +6988,12 @@ virDomainTPMDefParseXML(const xmlNodePtr node,
  goto error;
  }
  
+if (nbackends == 0) {

+virReportError(VIR_ERR_XML_ERROR, "%s",
+   _("missing TPM device backend"));
+goto error;
+}
+
  if (!(backend = virXMLPropString(backends[0], "type"))) {
  virReportError(VIR_ERR_XML_ERROR, "%s",
 _("missing TPM device backend type"));

ACK.

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH v3 34/34] Introduce syntax-check rule to prefer VIR_STRDUP over strdup

[Michal Privoznik]

On 07.05.2013 05:54, Eric Blake wrote:
> On 05/03/2013 08:53 AM, Michal Privoznik wrote:
>> ---
>>  cfg.mk | 8 
>>  1 file changed, 8 insertions(+)
>>
>> diff --git a/cfg.mk b/cfg.mk
>> index 1d63bbd..4ed2c3a 100644
>> --- a/cfg.mk
>> +++ b/cfg.mk
>> @@ -387,6 +387,11 @@ sc_prohibit_asprintf:
>>  halt='use strdup instead of virAsprintf with "%s"'  \
>>$(_sc_search_regexp)
>>  
>> +sc_prohibit_strdup:
>> +@prohibit='\ *\('\
>> +halt='use VIR_STRUP, not strdup'\
> 
> s/VIR_STRUP/VIR_STRDUP/
> 
>> +  $(_sc_search_regexp)
>> +
>>  # Prefer virSetUIDGID.
>>  sc_prohibit_setuid:
>>  @prohibit='\ *\('  \
>> @@ -864,6 +869,9 @@ 
>> exclude_file_name_regexp--sc_prohibit_always_true_header_tests = \
>>  exclude_file_name_regexp--sc_prohibit_asprintf = \
>>
>> ^(bootstrap.conf$$|src/util/virstring\.c$$|examples/domain-events/events-c/event-test\.c$$|tests/vircgroupmock\.c$$)
>>  
>> +exclude_file_name_regexp--sc_prohibit_strdup = \
>> +  ^(docs/|examples/|python/|src/util/virstring\.c$$|tools/virsh\.c$$)
> 
> Do we really need to allow strdup() in the python c code?  Likewise for
> tools/virsh.c?

Do you mean we should s/strdup/VIR_STRDUP/ within vshStrdup?

And I'll fix python surely.

Michal

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] [PATCH] conf: don't crash on a tpm device with no backends

[Ján Tomko]

Print an error instead of crashing when a TPM device without
a backend is specified.

https://bugzilla.redhat.com/show_bug.cgi?id=961252
---
 src/conf/domain_conf.c | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index d55ce6b..eb579c6 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -6988,6 +6988,12 @@ virDomainTPMDefParseXML(const xmlNodePtr node,
 goto error;
 }
 
+if (nbackends == 0) {
+virReportError(VIR_ERR_XML_ERROR, "%s",
+   _("missing TPM device backend"));
+goto error;
+}
+
 if (!(backend = virXMLPropString(backends[0], "type"))) {
 virReportError(VIR_ERR_XML_ERROR, "%s",
_("missing TPM device backend type"));
-- 
1.8.1.5

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH v3 09/34] Adapt to VIR_STRDUP and VIR_STRNDUP in src/lxc/*

[Michal Privoznik]

On 09.05.2013 10:15, Daniel P. Berrange wrote:
> On Wed, May 08, 2013 at 04:01:04PM -0600, Eric Blake wrote:
>> On 05/03/2013 08:53 AM, Michal Privoznik wrote:
>>> ---
>>>  src/lxc/lxc_cgroup.c |  3 +--
>>>  src/lxc/lxc_conf.c   | 36 +---
>>>  src/lxc/lxc_container.c  | 18 --
>>>  src/lxc/lxc_controller.c | 20 
>>>  src/lxc/lxc_driver.c |  9 ++---
>>>  src/lxc/lxc_process.c|  7 ---
>>>  6 files changed, 36 insertions(+), 57 deletions(-)
>>>
>>> diff --git a/src/lxc/lxc_cgroup.c b/src/lxc/lxc_cgroup.c
>>> @@ -161,18 +161,18 @@ int lxcLoadDriverConfig(virLXCDriverPtr driver)
>>>  driver->securityRequireConfined = false;
>>>  
>>>  /* Set the container configuration directory */
>>> -if ((driver->configDir = strdup(LXC_CONFIG_DIR)) == NULL)
>>> -goto no_memory;
>>> -if ((driver->stateDir = strdup(LXC_STATE_DIR)) == NULL)
>>> -goto no_memory;
>>> -if ((driver->logDir = strdup(LXC_LOG_DIR)) == NULL)
>>> -goto no_memory;
>>> -if ((driver->autostartDir = strdup(LXC_AUTOSTART_DIR)) == NULL)
>>> -goto no_memory;
>>> +if (VIR_STRDUP(driver->configDir, LXC_CONFIG_DIR) < 0)
>>> +goto error;
>>> +if (VIR_STRDUP(driver->stateDir, LXC_STATE_DIR) < 0)
>>> +goto error;
>>> +if (VIR_STRDUP(driver->logDir, LXC_LOG_DIR) < 0)
>>> +goto error;
>>> +if (VIR_STRDUP(driver->autostartDir, LXC_AUTOSTART_DIR) < 0)
>>> +goto error;
>>
>> You could chain these into one 'if', if desired.
> 
> I generally prefer it if we do not merge separate statements
> like these into one if, because it makes debugging harder.
> eg if any of these were to generate a SEGV, then GDB can
> only tell you the line of the start of the if(). Having
> them separate it can tell you exactly which is at fault.
> 
> Daniel
> 

Not true unless you compile without -g. If you do copile with -g gdb is
actually able to tell you the full stack trace - so you can see the
right line within if() statement which caused the trouble.

Michal

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 4/4] Need better validation of uuid

[Martin Kletzander]

On 04/30/2013 08:19 PM, John Ferlan wrote:
> If the  system table 'uuid' field is improperly formatted,
> then qemu will fail to start the guest with the error:
> 
> virsh start dom
> error: Failed to start domain dom
> error: internal error process exited while connecting to monitor: Invalid 
> SMBIOS UUID string
> 
> In this case the "system_uuid" field was a94b4335-6a14-8bc4-d6da-f7ea590b68-16
> which passed the virUUIDParse() code because 32 hexadecimal digits were found
> and the extra hyphen in the last section was ignored.
> 
> Add checks to not only parse the read field, but then use virUUIDFormat() to
> validate that what gets formatted matches what was read - if not, then fail
> the edit.

I feel like we could do better.  Either 1) such UUID is not valid (which
I think it really isn't [1]) and we should fail when when parsing it or
2) it is valid, but qemu doesn't like it, so we should fixup the UUID
before passing it to qemu (and maybe request proper UUID parsing from
qemu guys).

What do you think?

Other that that, the patch look fine.

Martin

[1] http://www.ietf.org/rfc/rfc4122.txt

> ---
>  src/conf/domain_conf.c | 23 +++
>  1 file changed, 19 insertions(+), 4 deletions(-)
> 
> diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
> index 43273f8..c1fd99b 100644
> --- a/src/conf/domain_conf.c
> +++ b/src/conf/domain_conf.c
> @@ -11577,17 +11577,32 @@ virDomainDefParseXML(xmlDocPtr xml,
>  goto error;
>  if (def->sysinfo->system_uuid != NULL) {
>  unsigned char uuidbuf[VIR_UUID_BUFLEN];
> -if (virUUIDParse(def->sysinfo->system_uuid, uuidbuf) < 0) {
> +char uuidstr[VIR_UUID_STRING_BUFLEN];
> +/* Ensure that what we convert to a uuidbuf is converted back to
> + * the same string when formatted as a UUID. This field may be
> + * used by the underlying hypervisor driver instead of the domain
> + * uuid field and must be properly formatted. The virUUIDParse()
> + * is designed to "skip" extra "-"'s in the values and only
> + * validate that there are 32 hexadecimal digits. virUUIDFormat()
> + * returns uuidstr formatted properly.
> + */
> +if (virUUIDParse(def->sysinfo->system_uuid, uuidbuf) < 0 ||
> +memcmp(def->sysinfo->system_uuid,
> +   virUUIDFormat(uuidbuf, uuidstr),
> +   VIR_UUID_STRING_BUFLEN) != 0) {
>  virReportError(VIR_ERR_INTERNAL_ERROR,
> -   "%s", _("malformed uuid element"));
> +   _("malformed  uuid element '%s' "
> + "found on '%s'"),
> +   def->sysinfo->system_uuid, def->name);
>  goto error;
>  }
>  if (uuid_generated)
>  memcpy(def->uuid, uuidbuf, VIR_UUID_BUFLEN);
>  else if (memcmp(def->uuid, uuidbuf, VIR_UUID_BUFLEN) != 0) {
> -virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
> +virReportError(VIR_ERR_INTERNAL_ERROR,

Pre-existing, but it looks like another abuse of internal error.

> _("UUID mismatch between  and "
> - ""));
> + " 'uuid'  on '%s'"),
> +   def->name);
>  goto error;
>  }
>  }
> 

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list