From 3a441522017aa9c1b8b54d2ce4569d0f0d96fa72 Mon Sep 17 00:00:00 2001
From: Cole Robinson <crobinso@redhat.com>
Date: Fri, 12 Mar 2010 12:36:56 -0500
Subject: [PATCH] qemu: Add some debugging at domain startup
---
src/qemu/qemu_driver.c | 24 +++++++++++++++++++++++-
1 files changed, 23 insertions(+), 1 deletions(-)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index f8ab545..040d645 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -2695,6 +2695,8 @@ static int qemudStartVMDaemon(virConnectPtr conn,
FD_ZERO(&keepfd);
+ DEBUG0("Beginning VM startup process");
+
if (virDomainObjIsActive(vm)) {
qemuReportError(VIR_ERR_OPERATION_INVALID,
"%s", _("VM is already active"));
@@ -2703,22 +2705,27 @@ static int qemudStartVMDaemon(virConnectPtr conn,
/* If you are using a SecurityDriver with dynamic labelling,
then generate a security label for isolation */
+ DEBUG0("Generating domain security label (if required)");
if (driver->securityDriver &&
driver->securityDriver->domainGenSecurityLabel &&
driver->securityDriver->domainGenSecurityLabel(vm) < 0)
return -1;
+ DEBUG0("Generating setting domain security labels (if required)");
if (driver->securityDriver &&
driver->securityDriver->domainSetSecurityAllLabel &&
driver->securityDriver->domainSetSecurityAllLabel(vm) < 0)
goto cleanup;
- /* Ensure no historical cgroup for this VM is lieing around bogus settings */
+ /* Ensure no historical cgroup for this VM is lying around bogus
+ * settings */
+ DEBUG0("Ensuring no historical cgroup is lying around");
qemuRemoveCgroup(driver, vm, 1);
if ((vm->def->ngraphics == 1) &&
vm->def->graphics[0]->type == VIR_DOMAIN_GRAPHICS_TYPE_VNC &&
vm->def->graphics[0]->data.vnc.autoport) {
+ DEBUG0("Determining VNC port");
int port = qemudNextFreeVNCPort(driver);
if (port < 0) {
qemuReportError(VIR_ERR_INTERNAL_ERROR,
@@ -2735,6 +2742,7 @@ static int qemudStartVMDaemon(virConnectPtr conn,
goto cleanup;
}
+ DEBUG0("Creating domain log file");
if ((logfile = qemudLogFD(driver, vm->def->name)) < 0)
goto cleanup;
@@ -2751,14 +2759,17 @@ static int qemudStartVMDaemon(virConnectPtr conn,
goto cleanup;
}
+ DEBUG0("Determing emulator version");
if (qemudExtractVersionInfo(emulator,
NULL,
&qemuCmdFlags) < 0)
goto cleanup;
+ DEBUG0("Setting up domain cgroup (if required)");
if (qemuSetupCgroup(driver, vm) < 0)
goto cleanup;
+ DEBUG0("Preparing host devices");
if (qemuPrepareHostDevices(driver, vm->def) < 0)
goto cleanup;
@@ -2767,6 +2778,7 @@ static int qemudStartVMDaemon(virConnectPtr conn,
goto cleanup;
}
+ DEBUG0("Preparing monitor state");
if (qemuPrepareMonitorChr(driver, priv->monConfig, vm->def->name) < 0)
goto cleanup;
@@ -2798,6 +2810,7 @@ static int qemudStartVMDaemon(virConnectPtr conn,
* use in hotplug
*/
if (qemuCmdFlags & QEMUD_CMD_FLAG_DEVICE) {
+ DEBUG0("Assigning domain PCI addresses");
/* Populate cache with current addresses */
if (priv->pciaddrs) {
qemuDomainPCIAddressSetFree(priv->pciaddrs);
@@ -2816,6 +2829,7 @@ static int qemudStartVMDaemon(virConnectPtr conn,
priv->persistentAddrs = 0;
}
+ DEBUG0("Building emulator command line");
vm->def->id = driver->nextvmid++;
if (qemudBuildCommandLine(conn, driver, vm->def, priv->monConfig,
priv->monJSON, qemuCmdFlags, &argv, &progenv,
@@ -2899,25 +2913,31 @@ static int qemudStartVMDaemon(virConnectPtr conn,
if (ret == -1) /* The VM failed to start */
goto cleanup;
+ DEBUG0("Waiting for monitor to show up");
if (qemudWaitForMonitor(driver, vm, pos) < 0)
goto abort;
+ DEBUG0("Detecting VCPU PIDs");
if (qemuDetectVcpuPIDs(driver, vm) < 0)
goto abort;
+ DEBUG0("Setting CPU affinity");
if (qemudInitCpuAffinity(vm) < 0)
goto abort;
+ DEBUG0("Setting any required VM passwords");
if (qemuInitPasswords(conn, driver, vm, qemuCmdFlags) < 0)
goto abort;
/* If we have -device, then addresses are assigned explicitly.
* If not, then we have to detect dynamic ones here */
if (!(qemuCmdFlags & QEMUD_CMD_FLAG_DEVICE)) {
+ DEBUG0("Determining domain device PCI addresses");
if (qemuInitPCIAddresses(driver, vm) < 0)
goto abort;
}
+ DEBUG0("Setting initial memory amount");
qemuDomainObjEnterMonitorWithDriver(driver, vm);
if (qemuMonitorSetBalloon(priv->mon, vm->def->memory) < 0) {
qemuDomainObjExitMonitorWithDriver(driver, vm);
@@ -2925,6 +2945,7 @@ static int qemudStartVMDaemon(virConnectPtr conn,
}
if (migrateFrom == NULL) {
+ DEBUG0("Starting domain CPUs");
/* Allow the CPUS to start executing */
if (qemuMonitorStartCPUs(priv->mon, conn) < 0) {
if (virGetLastError() == NULL)
@@ -2937,6 +2958,7 @@ static int qemudStartVMDaemon(virConnectPtr conn,
qemuDomainObjExitMonitorWithDriver(driver, vm);
+ DEBUG0("Writing domain status to disk");
if (virDomainSaveStatus(driver->caps, driver->stateDir, vm) < 0)
goto abort;
--
1.6.6.1
From 6d5c8a8f51db8ce97ab35ab6022dd5c94ab016b4 Mon Sep 17 00:00:00 2001
From: Cole Robinson <crobinso@redhat.com>
Date: Fri, 12 Mar 2010 12:37:52 -0500
Subject: [PATCH] qemu: Fix USB by product with security enabled
We need to call PrepareHostdevs to determine the USB device path before
any security calls. PrepareHostUSBDevices was also incorrectly skipping
all USB devices.
---
src/qemu/qemu_driver.c | 11 ++++++-----
1 files changed, 6 insertions(+), 5 deletions(-)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 040d645..b17d26d 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -2360,7 +2360,7 @@ qemuPrepareHostUSBDevices(struct qemud_driver *driver ATTRIBUTE_UNUSED,
if (hostdev->mode != VIR_DOMAIN_HOSTDEV_MODE_SUBSYS)
continue;
- if (hostdev->source.subsys.type != VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI)
+ if (hostdev->source.subsys.type != VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_USB)
continue;
/* Resolve a vendor/product to bus/device */
@@ -2703,6 +2703,11 @@ static int qemudStartVMDaemon(virConnectPtr conn,
return -1;
}
+ /* Must be run before security labelling */
+ DEBUG0("Preparing host devices");
+ if (qemuPrepareHostDevices(driver, vm->def) < 0)
+ goto cleanup;
+
/* If you are using a SecurityDriver with dynamic labelling,
then generate a security label for isolation */
DEBUG0("Generating domain security label (if required)");
@@ -2769,10 +2774,6 @@ static int qemudStartVMDaemon(virConnectPtr conn,
if (qemuSetupCgroup(driver, vm) < 0)
goto cleanup;
- DEBUG0("Preparing host devices");
- if (qemuPrepareHostDevices(driver, vm->def) < 0)
- goto cleanup;
-
if (VIR_ALLOC(priv->monConfig) < 0) {
virReportOOMError();
goto cleanup;
--
1.6.6.1
From 65e97240e6e4606820dd1c42ac172319e0af4d8d Mon Sep 17 00:00:00 2001
From: Cole Robinson <crobinso@redhat.com>
Date: Mon, 22 Mar 2010 10:45:36 -0400
Subject: [PATCH] security: selinux: Fix crash when releasing non-existent label
This can be triggered by the qemuStartVMDaemon cleanup path if a
VM references a non-existent USB device (by product) in the XML.
Signed-off-by: Cole Robinson <crobinso@redhat.com>
---
src/security/security_selinux.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index 975b315..6680e2d 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -632,7 +632,8 @@ SELinuxReleaseSecurityLabel(virDomainObjPtr vm)
{
const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
- if (secdef->type == VIR_DOMAIN_SECLABEL_STATIC)
+ if (secdef->type == VIR_DOMAIN_SECLABEL_STATIC ||
+ secdef->label == NULL)
return 0;
context_t con = context_new(secdef->label);
--
1.6.6.1