From 3a441522017aa9c1b8b54d2ce4569d0f0d96fa72 Mon Sep 17 00:00:00 2001

From: Cole Robinson <crobinso@redhat.com>

Date: Fri, 12 Mar 2010 12:36:56 -0500

Subject: [PATCH] qemu: Add some debugging at domain startup

---

 src/qemu/qemu_driver.c |   24 +++++++++++++++++++++++-

 1 files changed, 23 insertions(+), 1 deletions(-)

diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c

index f8ab545..040d645 100644

--- a/src/qemu/qemu_driver.c

+++ b/src/qemu/qemu_driver.c

@@ -2695,6 +2695,8 @@ static int qemudStartVMDaemon(virConnectPtr conn,

     FD_ZERO(&keepfd);

+    DEBUG0("Beginning VM startup process");

+

     if (virDomainObjIsActive(vm)) {

         qemuReportError(VIR_ERR_OPERATION_INVALID,

                         "%s", _("VM is already active"));

@@ -2703,22 +2705,27 @@ static int qemudStartVMDaemon(virConnectPtr conn,

     /* If you are using a SecurityDriver with dynamic labelling,

        then generate a security label for isolation */

+    DEBUG0("Generating domain security label (if required)");

     if (driver->securityDriver &&

         driver->securityDriver->domainGenSecurityLabel &&

         driver->securityDriver->domainGenSecurityLabel(vm) < 0)

         return -1;

+    DEBUG0("Generating setting domain security labels (if required)");

     if (driver->securityDriver &&

         driver->securityDriver->domainSetSecurityAllLabel &&

         driver->securityDriver->domainSetSecurityAllLabel(vm) < 0)

         goto cleanup;

-    /* Ensure no historical cgroup for this VM is lieing around bogus settings */

+    /* Ensure no historical cgroup for this VM is lying around bogus

+     * settings */

+    DEBUG0("Ensuring no historical cgroup is lying around");

     qemuRemoveCgroup(driver, vm, 1);

     if ((vm->def->ngraphics == 1) &&

         vm->def->graphics[0]->type == VIR_DOMAIN_GRAPHICS_TYPE_VNC &&

         vm->def->graphics[0]->data.vnc.autoport) {

+        DEBUG0("Determining VNC port");

         int port = qemudNextFreeVNCPort(driver);

         if (port < 0) {

             qemuReportError(VIR_ERR_INTERNAL_ERROR,

@@ -2735,6 +2742,7 @@ static int qemudStartVMDaemon(virConnectPtr conn,

         goto cleanup;

     }

+    DEBUG0("Creating domain log file");

     if ((logfile = qemudLogFD(driver, vm->def->name)) < 0)

         goto cleanup;

@@ -2751,14 +2759,17 @@ static int qemudStartVMDaemon(virConnectPtr conn,

         goto cleanup;

     }

+    DEBUG0("Determing emulator version");

     if (qemudExtractVersionInfo(emulator,

                                 NULL,

                                 &qemuCmdFlags) < 0)

         goto cleanup;

+    DEBUG0("Setting up domain cgroup (if required)");

     if (qemuSetupCgroup(driver, vm) < 0)

         goto cleanup;

+    DEBUG0("Preparing host devices");

     if (qemuPrepareHostDevices(driver, vm->def) < 0)

         goto cleanup;

@@ -2767,6 +2778,7 @@ static int qemudStartVMDaemon(virConnectPtr conn,

         goto cleanup;

     }

+    DEBUG0("Preparing monitor state");

     if (qemuPrepareMonitorChr(driver, priv->monConfig, vm->def->name) < 0)

         goto cleanup;

@@ -2798,6 +2810,7 @@ static int qemudStartVMDaemon(virConnectPtr conn,

      * use in hotplug

      */

     if (qemuCmdFlags & QEMUD_CMD_FLAG_DEVICE) {

+        DEBUG0("Assigning domain PCI addresses");

         /* Populate cache with current addresses */

         if (priv->pciaddrs) {

             qemuDomainPCIAddressSetFree(priv->pciaddrs);

@@ -2816,6 +2829,7 @@ static int qemudStartVMDaemon(virConnectPtr conn,

         priv->persistentAddrs = 0;

     }

+    DEBUG0("Building emulator command line");

     vm->def->id = driver->nextvmid++;

     if (qemudBuildCommandLine(conn, driver, vm->def, priv->monConfig,

                               priv->monJSON, qemuCmdFlags, &argv, &progenv,

@@ -2899,25 +2913,31 @@ static int qemudStartVMDaemon(virConnectPtr conn,

     if (ret == -1) /* The VM failed to start */

         goto cleanup;

+    DEBUG0("Waiting for monitor to show up");

     if (qemudWaitForMonitor(driver, vm, pos) < 0)

         goto abort;

+    DEBUG0("Detecting VCPU PIDs");

     if (qemuDetectVcpuPIDs(driver, vm) < 0)

         goto abort;

+    DEBUG0("Setting CPU affinity");

     if (qemudInitCpuAffinity(vm) < 0)

         goto abort;

+    DEBUG0("Setting any required VM passwords");

     if (qemuInitPasswords(conn, driver, vm, qemuCmdFlags) < 0)

         goto abort;

     /* If we have -device, then addresses are assigned explicitly.

      * If not, then we have to detect dynamic ones here */

     if (!(qemuCmdFlags & QEMUD_CMD_FLAG_DEVICE)) {

+        DEBUG0("Determining domain device PCI addresses");

         if (qemuInitPCIAddresses(driver, vm) < 0)

             goto abort;

     }

+    DEBUG0("Setting initial memory amount");

     qemuDomainObjEnterMonitorWithDriver(driver, vm);

     if (qemuMonitorSetBalloon(priv->mon, vm->def->memory) < 0) {

         qemuDomainObjExitMonitorWithDriver(driver, vm);

@@ -2925,6 +2945,7 @@ static int qemudStartVMDaemon(virConnectPtr conn,

     }

     if (migrateFrom == NULL) {

+        DEBUG0("Starting domain CPUs");

         /* Allow the CPUS to start executing */

         if (qemuMonitorStartCPUs(priv->mon, conn) < 0) {

             if (virGetLastError() == NULL)

@@ -2937,6 +2958,7 @@ static int qemudStartVMDaemon(virConnectPtr conn,

     qemuDomainObjExitMonitorWithDriver(driver, vm);

+    DEBUG0("Writing domain status to disk");

     if (virDomainSaveStatus(driver->caps, driver->stateDir, vm) < 0)

         goto abort;

-- 

1.6.6.1

From 6d5c8a8f51db8ce97ab35ab6022dd5c94ab016b4 Mon Sep 17 00:00:00 2001

From: Cole Robinson <crobinso@redhat.com>

Date: Fri, 12 Mar 2010 12:37:52 -0500

Subject: [PATCH] qemu: Fix USB by product with security enabled

We need to call PrepareHostdevs to determine the USB device path before

any security calls. PrepareHostUSBDevices was also incorrectly skipping

all USB devices.

---

 src/qemu/qemu_driver.c |   11 ++++++-----

 1 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c

index 040d645..b17d26d 100644

--- a/src/qemu/qemu_driver.c

+++ b/src/qemu/qemu_driver.c

@@ -2360,7 +2360,7 @@ qemuPrepareHostUSBDevices(struct qemud_driver *driver ATTRIBUTE_UNUSED,

         if (hostdev->mode != VIR_DOMAIN_HOSTDEV_MODE_SUBSYS)

             continue;

-        if (hostdev->source.subsys.type != VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI)

+        if (hostdev->source.subsys.type != VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_USB)

             continue;

         /* Resolve a vendor/product to bus/device */

@@ -2703,6 +2703,11 @@ static int qemudStartVMDaemon(virConnectPtr conn,

         return -1;

     }

+    /* Must be run before security labelling */

+    DEBUG0("Preparing host devices");

+    if (qemuPrepareHostDevices(driver, vm->def) < 0)

+        goto cleanup;

+

     /* If you are using a SecurityDriver with dynamic labelling,

        then generate a security label for isolation */

     DEBUG0("Generating domain security label (if required)");

@@ -2769,10 +2774,6 @@ static int qemudStartVMDaemon(virConnectPtr conn,

     if (qemuSetupCgroup(driver, vm) < 0)

         goto cleanup;

-    DEBUG0("Preparing host devices");

-    if (qemuPrepareHostDevices(driver, vm->def) < 0)

-        goto cleanup;

-

     if (VIR_ALLOC(priv->monConfig) < 0) {

         virReportOOMError();

         goto cleanup;

-- 

1.6.6.1

From 65e97240e6e4606820dd1c42ac172319e0af4d8d Mon Sep 17 00:00:00 2001

From: Cole Robinson <crobinso@redhat.com>

Date: Mon, 22 Mar 2010 10:45:36 -0400

Subject: [PATCH] security: selinux: Fix crash when releasing non-existent label

This can be triggered by the qemuStartVMDaemon cleanup path if a

VM references a non-existent USB device (by product) in the XML.

Signed-off-by: Cole Robinson <crobinso@redhat.com>

---

 src/security/security_selinux.c |    3 ++-

 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c

index 975b315..6680e2d 100644

--- a/src/security/security_selinux.c

+++ b/src/security/security_selinux.c

@@ -632,7 +632,8 @@ SELinuxReleaseSecurityLabel(virDomainObjPtr vm)

 {

     const virSecurityLabelDefPtr secdef = &vm->def->seclabel;

-    if (secdef->type == VIR_DOMAIN_SECLABEL_STATIC)

+    if (secdef->type == VIR_DOMAIN_SECLABEL_STATIC ||

+        secdef->label == NULL)

         return 0;

     context_t con = context_new(secdef->label);

-- 

1.6.6.1