External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-07-06 18:05:45 +00:00
Code Issues Packages Projects Releases Wiki Activity
2b148748c2
libvirt/tests/qemuxml2argvmock.c

270 lines
6.2 KiB
C
Raw Normal View History

qemuxml2argvtest: Test localtime clock basis When trying to introduce a test for previous patch, I've noticed that the command line is constructed using current time. This won't work in our test suite (unless you guys wants to set a specific time prior to each test run :) ). Therefore we need to mock calls to time(2) to return the same value every time it's called. Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-02-05 14:18:46 +00:00
/*
tests: mock virNetDevSetIPAddress Now that we can include <interface type='ethernet'> in tests, we could almost test XML that has an <ip> element in an interface. Except that the test fails when it tries to actually set the IP address for the interface's tap device. This patch mocks virNetDevSetIPAddress() to just return success.
2016-04-26 16:49:48 +00:00
* Copyright (C) 2014-2016 Red Hat, Inc.
qemuxml2argvtest: Test localtime clock basis When trying to introduce a test for previous patch, I've noticed that the command line is constructed using current time. This won't work in our test suite (unless you guys wants to set a specific time prior to each test run :) ). Therefore we need to mock calls to time(2) to return the same value every time it's called. Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-02-05 14:18:46 +00:00
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library. If not, see
* <http://www.gnu.org/licenses/>.
*/
#include <config.h>
src: elevate current identity privilege when fetching secret When fetching the value of a private secret, we need to use an elevated identity otherwise the secret driver will deny access. When using the modular daemons, the elevated identity needs to be active before the secret driver connection is opened, and it will apply to all APIs calls made on that conncetion. When using the monolithic daemon, the identity at time of opening the connection is ignored, and the elevated identity needs to be active precisely at the time the virSecretGetValue API call is made. After acquiring the secret value, the elevated identity should be cleared. This sounds complex, but is fairly straightfoward with the automatic cleanup callbacks. Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-05-07 15:53:40 +00:00
#define LIBVIRT_VIRIDENTITYPRIV_H_ALLOW
qemuxml2argvmock: Mock time() on non-linux platforms too The qemuxml2argvtest is run on more platforms than linux. For instance FreeBSD. On these platforms we are, however, not mocking time() which results in current time being fetched from system and hence tests number 32 and 33 failing. Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-02-06 12:54:53 +00:00
#include "internal.h"
qemu: Utilize qemu secret objects for RBD auth/secret https://bugzilla.redhat.com/show_bug.cgi?id=1182074 If they're available and we need to pass secrets to qemu, then use the qemu domain secret object in order to pass the secrets for RBD volumes instead of passing the base64 encoded secret on the command line. The goal is to make AES secrets the default and have no user interaction required in order to allow using the AES mechanism. If the mechanism is not available, then fall back to the current plain mechanism using a base64 encoded secret. New APIs: qemu_domain.c: qemuDomainGetSecretAESAlias: Generate/return the secret object alias for an AES Secret Info type. This will be called from qemuDomainSecretAESSetup. qemuDomainSecretAESSetup: (private) This API handles the details of the generation of the AES secret and saves the pieces that need to be passed to qemu in order for the secret to be decrypted. The encrypted secret based upon the domain master key, an initialization vector (16 byte random value), and the stored secret. Finally, the requirement from qemu is the IV and encrypted secret are to be base64 encoded. qemu_command.c: qemuBuildSecretInfoProps: (private) Generate/return a JSON properties object for the AES secret to be used by both the command building and eventually the hotplug code in order to add the secret object. Code was designed so that in the future perhaps hotplug could use it if it made sense. qemuBuildObjectSecretCommandLine (private) Generate and add to the command line the -object secret for the secret. This will be required for the subsequent RBD reference to the object. qemuBuildDiskSecinfoCommandLine (private) Handle adding the AES secret object. Adjustments: qemu_domain.c: The qemuDomainSecretSetup was altered to call either the AES or Plain Setup functions based upon whether AES secrets are possible (we have the encryption API) or not, we have secrets, and of course if the protocol source is RBD. qemu_command.c: Adjust the qemuBuildRBDSecinfoURI API's in order to generate the specific command options for an AES secret, such as: -object secret,id=$alias,keyid=$masterKey,data=$base64encodedencrypted, format=base64 -drive file=rbd:pool/image:id=myname:auth_supported=cephx\;none:\ mon_host=mon1.example.org\:6321,password-secret=$alias,... where the 'id=' value is the secret object alias generated by concatenating the disk alias and "-aesKey0". The 'keyid= $masterKey' is the master key shared with qemu, and the -drive syntax will reference that alias as the 'password-secret'. For the -drive syntax, the 'id=myname' is kept to define the username, while the 'key=$base64 encoded secret' is removed. While according to the syntax described for qemu commit '60390a21' or as seen in the email archive: https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg04083.html it is possible to pass a plaintext password via a file, the qemu commit 'ac1d8878' describes the more feature rich 'keyid=' option based upon the shared masterKey. Add tests for checking/comparing output. NB: For hotplug, since the hotplug code doesn't add command line arguments, passing the encoded secret directly to the monitor will suffice.
2016-04-11 15:26:14 +00:00
#include "viralloc.h"
qemuxml2argvtest: Adapt to ethernet automatic tap creation After 9c17d665fdc5 the tap device for ethernet network type is automatically precreated before spawning qemu. Problem is, the qemuxml2argvtest wasn't updated and thus is failing. Because of all the APIs that new code is calling, I had to mock a lot. Also, since the tap FDs are labeled separately from the rest of the devices/files I had to enable NOP security driver for the test too. Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-03-23 15:19:26 +00:00
#include "vircommand.h"
src: elevate current identity privilege when fetching secret When fetching the value of a private secret, we need to use an elevated identity otherwise the secret driver will deny access. When using the modular daemons, the elevated identity needs to be active before the secret driver connection is opened, and it will apply to all APIs calls made on that conncetion. When using the monolithic daemon, the identity at time of opening the connection is ignored, and the elevated identity needs to be active precisely at the time the virSecretGetValue API call is made. After acquiring the secret value, the elevated identity should be cleared. This sounds complex, but is fairly straightfoward with the automatic cleanup callbacks. Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-05-07 15:53:40 +00:00
#include "viridentitypriv.h"
Make tests independant of system page size Some code paths have special logic depending on the page size reported by sysconf, which in turn affects the test results. We must mock this so tests always have a consistent page size.
2015-02-02 10:26:49 +00:00
#include "virmock.h"
qemuxml2argvtest: Adapt to ethernet automatic tap creation After 9c17d665fdc5 the tap device for ethernet network type is automatically precreated before spawning qemu. Problem is, the qemuxml2argvtest wasn't updated and thus is failing. Because of all the APIs that new code is calling, I had to mock a lot. Also, since the tap FDs are labeled separately from the rest of the devices/files I had to enable NOP security driver for the test too. Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-03-23 15:19:26 +00:00
#include "virnetdev.h"
virnetdev: move virNetDevSetRootQDisc to virnetdevbandwidth The function in question uses "tc" binary so virnetdevbandwidth feels like better place for it. Signed-off-by: Pavel Hrdina <phrdina@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2021-04-14 22:34:48 +00:00
#include "virnetdevbandwidth.h"
Clean up after virNetDevIP creation Commit cf0568b0af4e moved a bunch of functions from virNetDev to the more specific virNetDevIP; however, not all of the existing uses were moved properly, causing build failures on FreeBSD. Complete the transition to the new names and drop the obsolete declarations from the header file while at it.
2016-06-27 10:17:59 +00:00
#include "virnetdevip.h"
qemuxml2argvtest: Adapt to ethernet automatic tap creation After 9c17d665fdc5 the tap device for ethernet network type is automatically precreated before spawning qemu. Problem is, the qemuxml2argvtest wasn't updated and thus is failing. Because of all the APIs that new code is calling, I had to mock a lot. Also, since the tap FDs are labeled separately from the rest of the devices/files I had to enable NOP security driver for the test too. Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-03-23 15:19:26 +00:00
#include "virnetdevtap.h"
qemu: set default vhost-user ifname Based on work of Mehdi Abaakouk <sileht@sileht.net>. When parsing vhost-user interface XML and no ifname is found we can try to fill it in in post parse callback. The way this works is we try to make up interface name from given socket path and then ask openvswitch whether it knows the interface. Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-12-22 09:33:28 +00:00
#include "virnetdevopenvswitch.h"
util: Management routines for scsi_host devices For a new hostdev type='scsi_host' we have a number of required functions for managing, adding, and removing the host device to/from guests. Provide the basic infrastructure for these tasks. The name "SCSIVHost" (and its variants) is chosen to avoid conflicts with existing code named "SCSIHost" to refer to a hostdev type='scsi' protcol='none'. Signed-off-by: Eric Farman <farman@linux.vnet.ibm.com>
2016-11-22 03:58:17 +00:00
#include "virscsivhost.h"
tpm: adapt sysfs cancel path for new TPM driver This patch addresses BZ 1244895. Adapt the sysfs TPM command cancel path for the TPM driver that does not use a miscdevice anymore since Linux 4.0. Support old and new paths and check their availability. Add a mockup for the test cases to avoid the testing for availability of the cancel path. Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
2015-11-18 00:44:13 +00:00
#include "virtpm.h"
qemuxml2argvtest: Adapt to ethernet automatic tap creation After 9c17d665fdc5 the tap device for ethernet network type is automatically precreated before spawning qemu. Problem is, the qemuxml2argvtest wasn't updated and thus is failing. Because of all the APIs that new code is calling, I had to mock a lot. Also, since the tap FDs are labeled separately from the rest of the devices/files I had to enable NOP security driver for the test too. Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-03-23 15:19:26 +00:00
#include "virutil.h"
tests: mock qemuInterfaceOpenVhostNet This functions contains logic that tries to use vhost for virtio interfaces, even if <driver name='vhost'/> was not supplied. In this case, a failure is non-fatal. On my system, /dev/vhost-net was not accessible to the user running 'make check', but we should not depend on that. Mock it to prevent accessing /dev/vhost-net and return some predictable file descriptor numbers instead. Introduced by commit c1f684e - deprecate QEMU_CAPS_VHOST_NET. Signed-off-by: Ján Tomko <jtomko@redhat.com> Reported-by: Jiří Denemark <jdenemar@redhat.com> Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
2018-04-17 10:11:17 +00:00
#include "qemu/qemu_interface.h"
qemu: support passing pre-opened UNIX socket listen FD There is a race condition when spawning QEMU where libvirt has spawned QEMU but the monitor socket is not yet open. Libvirt has to repeatedly try to connect() to QEMU's monitor until eventually it succeeds, or times out. We use kill() to check if QEMU is still alive so we avoid waiting a long time if QEMU exited, but having a timeout at all is still unpleasant. With QEMU 2.12 we can pass in a pre-opened FD for UNIX domain or TCP sockets. If libvirt has called bind() and listen() on this FD, then we have a guarantee that libvirt can immediately call connect() and succeed without any race. Although we only really care about this for the monitor socket and agent socket, this patch does FD passing for all UNIX socket based character devices since there appears to be no downside to it. We don't do FD passing for TCP sockets, however, because it is only possible to pass a single FD, while some hostnames may require listening on multiple FDs to cover IPv4 and IPv6 concurrently. Reviewed-by: John Ferlan <jferlan@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-03-14 12:16:11 +00:00
#include "qemu/qemu_command.h"
Make tests independant of system page size Some code paths have special logic depending on the page size reported by sysconf, which in turn affects the test results. We must mock this so tests always have a consistent page size.
2015-02-02 10:26:49 +00:00
#include <unistd.h>
qemu: support passing pre-opened UNIX socket listen FD There is a race condition when spawning QEMU where libvirt has spawned QEMU but the monitor socket is not yet open. Libvirt has to repeatedly try to connect() to QEMU's monitor until eventually it succeeds, or times out. We use kill() to check if QEMU is still alive so we avoid waiting a long time if QEMU exited, but having a timeout at all is still unpleasant. With QEMU 2.12 we can pass in a pre-opened FD for UNIX domain or TCP sockets. If libvirt has called bind() and listen() on this FD, then we have a guarantee that libvirt can immediately call connect() and succeed without any race. Although we only really care about this for the monitor socket and agent socket, this patch does FD passing for all UNIX socket based character devices since there appears to be no downside to it. We don't do FD passing for TCP sockets, however, because it is only possible to pass a single FD, while some hostnames may require listening on multiple FDs to cover IPv4 and IPv6 concurrently. Reviewed-by: John Ferlan <jferlan@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-03-14 12:16:11 +00:00
#include <fcntl.h>
Make tests independant of system page size Some code paths have special logic depending on the page size reported by sysconf, which in turn affects the test results. We must mock this so tests always have a consistent page size.
2015-02-02 10:26:49 +00:00
tpm: adapt sysfs cancel path for new TPM driver This patch addresses BZ 1244895. Adapt the sysfs TPM command cancel path for the TPM driver that does not use a miscdevice anymore since Linux 4.0. Support old and new paths and check their availability. Add a mockup for the test cases to avoid the testing for availability of the cancel path. Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
2015-11-18 00:44:13 +00:00
#define VIR_FROM_THIS VIR_FROM_NONE
Make tests independant of system page size Some code paths have special logic depending on the page size reported by sysconf, which in turn affects the test results. We must mock this so tests always have a consistent page size.
2015-02-02 10:26:49 +00:00
long virGetSystemPageSize(void)
{
return 4096;
}
qemuxml2argvtest: Test localtime clock basis When trying to introduce a test for previous patch, I've noticed that the command line is constructed using current time. This won't work in our test suite (unless you guys wants to set a specific time prior to each test run :) ). Therefore we need to mock calls to time(2) to return the same value every time it's called. Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-02-05 14:18:46 +00:00
src: replace gmtime_r/localtime_r/strftime with GDateTime gmtime_r/localtime_r are mostly used in combination with strftime to format timestamps in libvirt. This can all be replaced with GDateTime resulting in simpler code that is also more portable. There is some boundary condition problem in parsing POSIX timezone offsets in GLib which tickles our test suite. The test suite is hacked to avoid the problem. The upsteam GLib bug report is https://gitlab.gnome.org/GNOME/glib/issues/1999 Reviewed-by: Pavel Hrdina <phrdina@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-01-09 14:07:15 +00:00
GDateTime *g_date_time_new_now_utc(void)
qemuxml2argvtest: Test localtime clock basis When trying to introduce a test for previous patch, I've noticed that the command line is constructed using current time. This won't work in our test suite (unless you guys wants to set a specific time prior to each test run :) ). Therefore we need to mock calls to time(2) to return the same value every time it's called. Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-02-05 14:18:46 +00:00
{
src: replace gmtime_r/localtime_r/strftime with GDateTime gmtime_r/localtime_r are mostly used in combination with strftime to format timestamps in libvirt. This can all be replaced with GDateTime resulting in simpler code that is also more portable. There is some boundary condition problem in parsing POSIX timezone offsets in GLib which tickles our test suite. The test suite is hacked to avoid the problem. The upsteam GLib bug report is https://gitlab.gnome.org/GNOME/glib/issues/1999 Reviewed-by: Pavel Hrdina <phrdina@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-01-09 14:07:15 +00:00
return g_date_time_new_from_unix_utc(1234567890);
}
GDateTime *g_date_time_new_now_local(void)
{
return g_date_time_new_from_unix_local(1234567890);
qemuxml2argvtest: Test localtime clock basis When trying to introduce a test for previous patch, I've noticed that the command line is constructed using current time. This won't work in our test suite (unless you guys wants to set a specific time prior to each test run :) ). Therefore we need to mock calls to time(2) to return the same value every time it's called. Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-02-05 14:18:46 +00:00
}
numatune: add check for numatune nodeset range There was no check for 'nodeset' attribute in numatune-related elements. This patch adds validation that any nodeset specified does not exceed maximum host node. Signed-off-by: Chen Fan <chen.fan.fnst@cn.fujitsu.com>
2014-11-04 02:44:40 +00:00
tpm: adapt sysfs cancel path for new TPM driver This patch addresses BZ 1244895. Adapt the sysfs TPM command cancel path for the TPM driver that does not use a miscdevice anymore since Linux 4.0. Support old and new paths and check their availability. Add a mockup for the test cases to avoid the testing for availability of the cancel path. Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
2015-11-18 00:44:13 +00:00
char *
virTPMCreateCancelPath(const char *devpath)
{
(void)devpath;
lib: Drop intermediary return variables In a few places we declare a variable (which is optionally followed by a code not touching it) then set the variable to a value and return the variable immediately. It's obvious that the variable is needless and the value can be returned directly instead. This patch was generated using this semantic patch: @@ type T; identifier ret; expression E; @@ - T ret; ... when != ret when strict - ret = E; - return ret; + return E; After that I fixed couple of formatting issues because coccinelle formatted some lines differently than our coding style. Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
2021-10-22 08:56:01 +00:00
return g_strdup("/sys/class/misc/tpm0/device/cancel");
tpm: adapt sysfs cancel path for new TPM driver This patch addresses BZ 1244895. Adapt the sysfs TPM command cancel path for the TPM driver that does not use a miscdevice anymore since Linux 4.0. Support old and new paths and check their availability. Add a mockup for the test cases to avoid the testing for availability of the cancel path. Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
2015-11-18 00:44:13 +00:00
}
test: qemuxml2argv: Mock virMemoryMaxValue to remove 32/64 bit difference Always return LLONG_MAX even on 32 bit systems. The limitation originates from our use of "unsigned long" in several APIs. The internal data type is unsigned long long. Make the test suite deterministic by removing the architecture difference. Flaw was introduced in 645881139b3d2c86acf9d644c3a1471520bc9e57 where I've added a test that uses too large numbers.
2015-12-10 13:36:51 +00:00
/**
* Large values for memory would fail on 32 bit systems, despite having
* variables that support it.
*/
unsigned long long
tests: use G_GNUC_UNUSED Use G_GNUC_UNUSED from GLib instead of ATTRIBUTE_UNUSED. Signed-off-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-10-14 12:45:03 +00:00
virMemoryMaxValue(bool capped G_GNUC_UNUSED)
test: qemuxml2argv: Mock virMemoryMaxValue to remove 32/64 bit difference Always return LLONG_MAX even on 32 bit systems. The limitation originates from our use of "unsigned long" in several APIs. The internal data type is unsigned long long. Make the test suite deterministic by removing the architecture difference. Flaw was introduced in 645881139b3d2c86acf9d644c3a1471520bc9e57 where I've added a test that uses too large numbers.
2015-12-10 13:36:51 +00:00
{
return LLONG_MAX;
}
qemuxml2argv: Mock virSCSIDeviceGetSgName When constructing SCSI hostdev command line for qemu, the /sys/bus/scsi/devices/... dir is scanned. Unfortunately, even in the tests. This is needed to determine the name of SCSI device to passthrough to qemu, because in the domain XML we were given its address instead. Anyway, we should not be touching live system data in our test suite as it produced unpredictable results. The test is regressing from 1e9a083742efe on. Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-03-23 08:57:06 +00:00
util: Management routines for scsi_host devices For a new hostdev type='scsi_host' we have a number of required functions for managing, adding, and removing the host device to/from guests. Provide the basic infrastructure for these tasks. The name "SCSIVHost" (and its variants) is chosen to avoid conflicts with existing code named "SCSIHost" to refer to a hostdev type='scsi' protcol='none'. Signed-off-by: Eric Farman <farman@linux.vnet.ibm.com>
2016-11-22 03:58:17 +00:00
int
virSCSIVHostOpenVhostSCSI(int *vhostfd)
{
*vhostfd = STDERR_FILENO + 1;
return 0;
}
qemu: Move <hostdev> SCSI path generation into qemuDomainPrepareHostdev() When preparing a SCSI <hostdev/> with passthrough of a host SCSI adapter (i.e. no protocol), a virStorageSource structure is initialized and stored inside virDomainHostdevDef. But the source structure is filled in many places, with almost the same code. Firstly, qemuProcessPrepareHostHostdev() and qemuConnectDomainXMLToNativePrepareHostHostdev() are the same. Secondly, qemuDomainPrepareHostdev() allocates the src structure, only to let qemuProcessPrepareHostHostdev() fill src->path later. Well, src->path can be filled at the same place where the src structure is allocated (qemuDomainPrepareHostdev()) which renders the other two functions needless. Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
2023-04-14 11:09:53 +00:00
char *
virSCSIDeviceGetSgName(const char *sysfs_prefix G_GNUC_UNUSED,
const char *adapter G_GNUC_UNUSED,
unsigned int bus G_GNUC_UNUSED,
unsigned int target G_GNUC_UNUSED,
unsigned long long unit G_GNUC_UNUSED)
{
return g_strdup_printf("sg0");
}
qemuxml2argvtest: Adapt to ethernet automatic tap creation After 9c17d665fdc5 the tap device for ethernet network type is automatically precreated before spawning qemu. Problem is, the qemuxml2argvtest wasn't updated and thus is failing. Because of all the APIs that new code is calling, I had to mock a lot. Also, since the tap FDs are labeled separately from the rest of the devices/files I had to enable NOP security driver for the test too. Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-03-23 15:19:26 +00:00
int
virNetDevTapCreate(char **ifname,
tests: use G_GNUC_UNUSED Use G_GNUC_UNUSED from GLib instead of ATTRIBUTE_UNUSED. Signed-off-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-10-14 12:45:03 +00:00
const char *tunpath G_GNUC_UNUSED,
qemuxml2argvtest: Adapt to ethernet automatic tap creation After 9c17d665fdc5 the tap device for ethernet network type is automatically precreated before spawning qemu. Problem is, the qemuxml2argvtest wasn't updated and thus is failing. Because of all the APIs that new code is calling, I had to mock a lot. Also, since the tap FDs are labeled separately from the rest of the devices/files I had to enable NOP security driver for the test too. Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-03-23 15:19:26 +00:00
int *tapfd,
size_t tapfdSize,
tests: use G_GNUC_UNUSED Use G_GNUC_UNUSED from GLib instead of ATTRIBUTE_UNUSED. Signed-off-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-10-14 12:45:03 +00:00
unsigned int flags G_GNUC_UNUSED)
qemuxml2argvtest: Adapt to ethernet automatic tap creation After 9c17d665fdc5 the tap device for ethernet network type is automatically precreated before spawning qemu. Problem is, the qemuxml2argvtest wasn't updated and thus is failing. Because of all the APIs that new code is calling, I had to mock a lot. Also, since the tap FDs are labeled separately from the rest of the devices/files I had to enable NOP security driver for the test too. Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-03-23 15:19:26 +00:00
{
size_t i;
for (i = 0; i < tapfdSize; i++)
tapfd[i] = STDERR_FILENO + 1 + i;
qemu: support unmanaged target tap dev for <interface type='ethernet'> If managed='no', then the tap device must already exist, and setting of MAC address and online status (IFF_UP) is skipped. NB: we still set IFF_VNET_HDR and IFF_MULTI_QUEUE as appropriate, because those bits must be properly set in the TUNSETIFF we use to set the tap device name of the handle we've opened - if IFF_VNET_HDR has not been set and we set it the request will be honored even when running libvirtd unprivileged; if IFF_MULTI_QUEUE is requested to be different than how it was created, that will result in an error from the kernel. This means that you don't need to pay attention to IFF_VNET_HDR when creating the tap devices, but you *do* need to set IFF_MULTI_QUEUE if you're going to use multiple queues for your tap device. NB2: /dev/vhost-net normally has permissions 600, so it can't be opened by an unprivileged process. This would normally cause a warning message when using a virtio net device from an unprivileged libvirtd. I've found that setting the permissions for /dev/vhost-net permits unprivileged libvirtd to use vhost-net for virtio devices, but have no idea what sort of security implications that has. I haven't changed libvrit's code to avoid *attempting* to open /dev/vhost-net - if you are concerned about the security of opening up permissions of /dev/vhost-net (probably a good idea at least until we ask someone who knows about the code) then add <driver name='qemu'/> to the interface definition and you'll avoid the warning message. Note that virNetDevTapCreate() is the correct function to call in the case of an existing device, because the same ioctl() that creates a new tap device will also open an existing tap device. Resolves: https://bugzilla.redhat.com/1723367 (partially) Signed-off-by: Laine Stump <laine@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-08-26 04:24:34 +00:00
if (STREQ_NULLABLE(*ifname, "mytap0")) {
return 0;
} else {
VIR_FREE(*ifname);
Use g_strdup where VIR_STRDUP's return value was propagated All the callers of these functions only check for a negative return value. However, virNetDevOpenvswitchGetVhostuserIfname is documented as returning 1 for openvswitch interfaces so preserve that. Signed-off-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-10-20 10:55:05 +00:00
*ifname = g_strdup("vnet0");
return 0;
qemu: support unmanaged target tap dev for <interface type='ethernet'> If managed='no', then the tap device must already exist, and setting of MAC address and online status (IFF_UP) is skipped. NB: we still set IFF_VNET_HDR and IFF_MULTI_QUEUE as appropriate, because those bits must be properly set in the TUNSETIFF we use to set the tap device name of the handle we've opened - if IFF_VNET_HDR has not been set and we set it the request will be honored even when running libvirtd unprivileged; if IFF_MULTI_QUEUE is requested to be different than how it was created, that will result in an error from the kernel. This means that you don't need to pay attention to IFF_VNET_HDR when creating the tap devices, but you *do* need to set IFF_MULTI_QUEUE if you're going to use multiple queues for your tap device. NB2: /dev/vhost-net normally has permissions 600, so it can't be opened by an unprivileged process. This would normally cause a warning message when using a virtio net device from an unprivileged libvirtd. I've found that setting the permissions for /dev/vhost-net permits unprivileged libvirtd to use vhost-net for virtio devices, but have no idea what sort of security implications that has. I haven't changed libvrit's code to avoid *attempting* to open /dev/vhost-net - if you are concerned about the security of opening up permissions of /dev/vhost-net (probably a good idea at least until we ask someone who knows about the code) then add <driver name='qemu'/> to the interface definition and you'll avoid the warning message. Note that virNetDevTapCreate() is the correct function to call in the case of an existing device, because the same ioctl() that creates a new tap device will also open an existing tap device. Resolves: https://bugzilla.redhat.com/1723367 (partially) Signed-off-by: Laine Stump <laine@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-08-26 04:24:34 +00:00
}
qemuxml2argvtest: Adapt to ethernet automatic tap creation After 9c17d665fdc5 the tap device for ethernet network type is automatically precreated before spawning qemu. Problem is, the qemuxml2argvtest wasn't updated and thus is failing. Because of all the APIs that new code is calling, I had to mock a lot. Also, since the tap FDs are labeled separately from the rest of the devices/files I had to enable NOP security driver for the test too. Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-03-23 15:19:26 +00:00
}
int
tests: use G_GNUC_UNUSED Use G_GNUC_UNUSED from GLib instead of ATTRIBUTE_UNUSED. Signed-off-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-10-14 12:45:03 +00:00
virNetDevSetMAC(const char *ifname G_GNUC_UNUSED,
const virMacAddr *macaddr G_GNUC_UNUSED)
qemuxml2argvtest: Adapt to ethernet automatic tap creation After 9c17d665fdc5 the tap device for ethernet network type is automatically precreated before spawning qemu. Problem is, the qemuxml2argvtest wasn't updated and thus is failing. Because of all the APIs that new code is calling, I had to mock a lot. Also, since the tap FDs are labeled separately from the rest of the devices/files I had to enable NOP security driver for the test too. Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-03-23 15:19:26 +00:00
{
return 0;
}
qemu: support unmanaged target tap dev for <interface type='ethernet'> If managed='no', then the tap device must already exist, and setting of MAC address and online status (IFF_UP) is skipped. NB: we still set IFF_VNET_HDR and IFF_MULTI_QUEUE as appropriate, because those bits must be properly set in the TUNSETIFF we use to set the tap device name of the handle we've opened - if IFF_VNET_HDR has not been set and we set it the request will be honored even when running libvirtd unprivileged; if IFF_MULTI_QUEUE is requested to be different than how it was created, that will result in an error from the kernel. This means that you don't need to pay attention to IFF_VNET_HDR when creating the tap devices, but you *do* need to set IFF_MULTI_QUEUE if you're going to use multiple queues for your tap device. NB2: /dev/vhost-net normally has permissions 600, so it can't be opened by an unprivileged process. This would normally cause a warning message when using a virtio net device from an unprivileged libvirtd. I've found that setting the permissions for /dev/vhost-net permits unprivileged libvirtd to use vhost-net for virtio devices, but have no idea what sort of security implications that has. I haven't changed libvrit's code to avoid *attempting* to open /dev/vhost-net - if you are concerned about the security of opening up permissions of /dev/vhost-net (probably a good idea at least until we ask someone who knows about the code) then add <driver name='qemu'/> to the interface definition and you'll avoid the warning message. Note that virNetDevTapCreate() is the correct function to call in the case of an existing device, because the same ioctl() that creates a new tap device will also open an existing tap device. Resolves: https://bugzilla.redhat.com/1723367 (partially) Signed-off-by: Laine Stump <laine@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-08-26 04:24:34 +00:00
int
virNetDevExists(const char *ifname)
{
tests: Remove _NULLABLE in virNetDevExists mock The @ifname is listed as an ATTRIBUTE_NONNULL(1) parameter, so checking for _NULLABLE causes a coverity build failure - remove that and if it's NULL for the test let's fail miserably. Signed-off-by: John Ferlan <jferlan@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-11-03 12:34:04 +00:00
return STREQ(ifname, "mytap0");
qemu: support unmanaged target tap dev for <interface type='ethernet'> If managed='no', then the tap device must already exist, and setting of MAC address and online status (IFF_UP) is skipped. NB: we still set IFF_VNET_HDR and IFF_MULTI_QUEUE as appropriate, because those bits must be properly set in the TUNSETIFF we use to set the tap device name of the handle we've opened - if IFF_VNET_HDR has not been set and we set it the request will be honored even when running libvirtd unprivileged; if IFF_MULTI_QUEUE is requested to be different than how it was created, that will result in an error from the kernel. This means that you don't need to pay attention to IFF_VNET_HDR when creating the tap devices, but you *do* need to set IFF_MULTI_QUEUE if you're going to use multiple queues for your tap device. NB2: /dev/vhost-net normally has permissions 600, so it can't be opened by an unprivileged process. This would normally cause a warning message when using a virtio net device from an unprivileged libvirtd. I've found that setting the permissions for /dev/vhost-net permits unprivileged libvirtd to use vhost-net for virtio devices, but have no idea what sort of security implications that has. I haven't changed libvrit's code to avoid *attempting* to open /dev/vhost-net - if you are concerned about the security of opening up permissions of /dev/vhost-net (probably a good idea at least until we ask someone who knows about the code) then add <driver name='qemu'/> to the interface definition and you'll avoid the warning message. Note that virNetDevTapCreate() is the correct function to call in the case of an existing device, because the same ioctl() that creates a new tap device will also open an existing tap device. Resolves: https://bugzilla.redhat.com/1723367 (partially) Signed-off-by: Laine Stump <laine@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-08-26 04:24:34 +00:00
}
tests: use G_GNUC_UNUSED Use G_GNUC_UNUSED from GLib instead of ATTRIBUTE_UNUSED. Signed-off-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-10-14 12:45:03 +00:00
int virNetDevIPAddrAdd(const char *ifname G_GNUC_UNUSED,
virSocketAddr *addr G_GNUC_UNUSED,
virSocketAddr *peer G_GNUC_UNUSED,
unsigned int prefix G_GNUC_UNUSED)
tests: mock virNetDevSetIPAddress Now that we can include <interface type='ethernet'> in tests, we could almost test XML that has an <ip> element in an interface. Except that the test fails when it tries to actually set the IP address for the interface's tap device. This patch mocks virNetDevSetIPAddress() to just return success.
2016-04-26 16:49:48 +00:00
{
return 0;
}
qemu domain allow to set ip address, peer address and route Signed-off-by: Vasiliy Tolstov <v.tolstov@selfip.ru>
2016-04-04 21:00:06 +00:00
int
tests: use G_GNUC_UNUSED Use G_GNUC_UNUSED from GLib instead of ATTRIBUTE_UNUSED. Signed-off-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-10-14 12:45:03 +00:00
virNetDevSetOnline(const char *ifname G_GNUC_UNUSED,
bool online G_GNUC_UNUSED)
qemu domain allow to set ip address, peer address and route Signed-off-by: Vasiliy Tolstov <v.tolstov@selfip.ru>
2016-04-04 21:00:06 +00:00
{
return 0;
}
qemuxml2argvtest: Adapt to ethernet automatic tap creation After 9c17d665fdc5 the tap device for ethernet network type is automatically precreated before spawning qemu. Problem is, the qemuxml2argvtest wasn't updated and thus is failing. Because of all the APIs that new code is calling, I had to mock a lot. Also, since the tap FDs are labeled separately from the rest of the devices/files I had to enable NOP security driver for the test too. Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-03-23 15:19:26 +00:00
int
tests: use G_GNUC_UNUSED Use G_GNUC_UNUSED from GLib instead of ATTRIBUTE_UNUSED. Signed-off-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-10-14 12:45:03 +00:00
virNetDevRunEthernetScript(const char *ifname G_GNUC_UNUSED,
const char *script G_GNUC_UNUSED)
qemuxml2argvtest: Adapt to ethernet automatic tap creation After 9c17d665fdc5 the tap device for ethernet network type is automatically precreated before spawning qemu. Problem is, the qemuxml2argvtest wasn't updated and thus is failing. Because of all the APIs that new code is calling, I had to mock a lot. Also, since the tap FDs are labeled separately from the rest of the devices/files I had to enable NOP security driver for the test too. Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-03-23 15:19:26 +00:00
{
return 0;
}
qemu: process: spice: Pick the first available DRM render node Up until now, we formatted 'rendernode=' onto QEMU cmdline only if the user specified it in the XML, otherwise we let QEMU do it for us. This causes permission issues because by default the /dev/dri/renderDX permissions are as follows: crw-rw----. 1 root video There's literally no reason why it shouldn't be libvirt picking the DRM render node instead of QEMU, that way (and because we're using namespaces by default), we can safely relabel the device within the namespace. Signed-off-by: Erik Skultety <eskultet@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-11-14 15:48:27 +00:00
char *
virHostGetDRMRenderNode(void)
{
Drop needless ret variable In few places we have the following code pattern: int ret; ... /* @ret is not accessed here */ ret = f(...); return ret; This pattern can be written less verbose: ... return f(...); This patch was generated with following coccinelle spatch: @@ type T; constant C; expression f; identifier ret; @@ -T ret = C; ... when != ret -ret = f; -return ret; +return f; Afterwards I needed to fix a few places, e.g. comment in virDomainNetIPParseXML() was removed too because coccinelle thinks it refers to @ret while in fact it doesn't. Also in few places it replaced @ret declaration with a few spaces instead of removing the line. But nothing terribly wrong. Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2019-10-17 08:10:10 +00:00
return g_strdup("/dev/dri/foo");
qemu: process: spice: Pick the first available DRM render node Up until now, we formatted 'rendernode=' onto QEMU cmdline only if the user specified it in the XML, otherwise we let QEMU do it for us. This causes permission issues because by default the /dev/dri/renderDX permissions are as follows: crw-rw----. 1 root video There's literally no reason why it shouldn't be libvirt picking the DRM render node instead of QEMU, that way (and because we're using namespaces by default), we can safely relabel the device within the namespace. Signed-off-by: Erik Skultety <eskultet@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-11-14 15:48:27 +00:00
}
lib: Drop internal virXXXPtr typedefs Historically, we declared pointer type to our types: typedef struct _virXXX virXXX; typedef virXXX *virXXXPtr; But usefulness of such declaration is questionable, at best. Unfortunately, we can't drop every such declaration - we have to carry some over, because they are part of public API (e.g. virDomainPtr). But for internal types - we can do drop them and use what every other C project uses 'virXXX *'. This change was generated by a very ugly shell script that generated sed script which was then called over each file in the repository. For the shell script refer to the cover letter: https://listman.redhat.com/archives/libvir-list/2021-March/msg00537.html Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2021-03-11 07:16:13 +00:00
static void (*real_virCommandPassFD)(virCommand *cmd, int fd, unsigned int flags);
tests: qemuxml2argvmock: Allow 'safe' file descriptors in mocked virCommandPassFD Allow FDs which are marked as safe for FD passing. Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-08-14 13:02:56 +00:00
qemu: add vdpa support Enable <interface type='vdpa'> for qemu domains. This provides basic support and does not support hotplug or migration. Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com> Reviewed-by: Laine Stump <laine@redhat.com>
2020-10-14 17:08:27 +00:00
static const int testCommandPassSafeFDs[] = { 1730, 1731, 1732 };
tests: qemuxml2argvmock: Allow 'safe' file descriptors in mocked virCommandPassFD Allow FDs which are marked as safe for FD passing. Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-08-14 13:02:56 +00:00
qemuxml2argvtest: Adapt to ethernet automatic tap creation After 9c17d665fdc5 the tap device for ethernet network type is automatically precreated before spawning qemu. Problem is, the qemuxml2argvtest wasn't updated and thus is failing. Because of all the APIs that new code is calling, I had to mock a lot. Also, since the tap FDs are labeled separately from the rest of the devices/files I had to enable NOP security driver for the test too. Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-03-23 15:19:26 +00:00
void
lib: Drop internal virXXXPtr typedefs Historically, we declared pointer type to our types: typedef struct _virXXX virXXX; typedef virXXX *virXXXPtr; But usefulness of such declaration is questionable, at best. Unfortunately, we can't drop every such declaration - we have to carry some over, because they are part of public API (e.g. virDomainPtr). But for internal types - we can do drop them and use what every other C project uses 'virXXX *'. This change was generated by a very ugly shell script that generated sed script which was then called over each file in the repository. For the shell script refer to the cover letter: https://listman.redhat.com/archives/libvir-list/2021-March/msg00537.html Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2021-03-11 07:16:13 +00:00
virCommandPassFD(virCommand *cmd,
tests: qemuxml2argvmock: Allow 'safe' file descriptors in mocked virCommandPassFD Allow FDs which are marked as safe for FD passing. Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-08-14 13:02:56 +00:00
int fd,
unsigned int flags)
qemuxml2argvtest: Adapt to ethernet automatic tap creation After 9c17d665fdc5 the tap device for ethernet network type is automatically precreated before spawning qemu. Problem is, the qemuxml2argvtest wasn't updated and thus is failing. Because of all the APIs that new code is calling, I had to mock a lot. Also, since the tap FDs are labeled separately from the rest of the devices/files I had to enable NOP security driver for the test too. Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-03-23 15:19:26 +00:00
{
tests: qemuxml2argvmock: Allow 'safe' file descriptors in mocked virCommandPassFD Allow FDs which are marked as safe for FD passing. Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-08-14 13:02:56 +00:00
size_t i;
Use G_N_ELEMENTS instead of ARRAY_CARDINALITY Prefer the GLib version of the macro. Signed-off-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-10-15 11:55:26 +00:00
for (i = 0; i < G_N_ELEMENTS(testCommandPassSafeFDs); i++) {
tests: qemuxml2argvmock: Allow 'safe' file descriptors in mocked virCommandPassFD Allow FDs which are marked as safe for FD passing. Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-08-14 13:02:56 +00:00
if (testCommandPassSafeFDs[i] == fd) {
if (!real_virCommandPassFD)
VIR_MOCK_REAL_INIT(virCommandPassFD);
real_virCommandPassFD(cmd, fd, flags);
return;
}
}
qemuxml2argvtest: Adapt to ethernet automatic tap creation After 9c17d665fdc5 the tap device for ethernet network type is automatically precreated before spawning qemu. Problem is, the qemuxml2argvtest wasn't updated and thus is failing. Because of all the APIs that new code is calling, I had to mock a lot. Also, since the tap FDs are labeled separately from the rest of the devices/files I had to enable NOP security driver for the test too. Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-03-23 15:19:26 +00:00
}
qemu: Utilize qemu secret objects for RBD auth/secret https://bugzilla.redhat.com/show_bug.cgi?id=1182074 If they're available and we need to pass secrets to qemu, then use the qemu domain secret object in order to pass the secrets for RBD volumes instead of passing the base64 encoded secret on the command line. The goal is to make AES secrets the default and have no user interaction required in order to allow using the AES mechanism. If the mechanism is not available, then fall back to the current plain mechanism using a base64 encoded secret. New APIs: qemu_domain.c: qemuDomainGetSecretAESAlias: Generate/return the secret object alias for an AES Secret Info type. This will be called from qemuDomainSecretAESSetup. qemuDomainSecretAESSetup: (private) This API handles the details of the generation of the AES secret and saves the pieces that need to be passed to qemu in order for the secret to be decrypted. The encrypted secret based upon the domain master key, an initialization vector (16 byte random value), and the stored secret. Finally, the requirement from qemu is the IV and encrypted secret are to be base64 encoded. qemu_command.c: qemuBuildSecretInfoProps: (private) Generate/return a JSON properties object for the AES secret to be used by both the command building and eventually the hotplug code in order to add the secret object. Code was designed so that in the future perhaps hotplug could use it if it made sense. qemuBuildObjectSecretCommandLine (private) Generate and add to the command line the -object secret for the secret. This will be required for the subsequent RBD reference to the object. qemuBuildDiskSecinfoCommandLine (private) Handle adding the AES secret object. Adjustments: qemu_domain.c: The qemuDomainSecretSetup was altered to call either the AES or Plain Setup functions based upon whether AES secrets are possible (we have the encryption API) or not, we have secrets, and of course if the protocol source is RBD. qemu_command.c: Adjust the qemuBuildRBDSecinfoURI API's in order to generate the specific command options for an AES secret, such as: -object secret,id=$alias,keyid=$masterKey,data=$base64encodedencrypted, format=base64 -drive file=rbd:pool/image:id=myname:auth_supported=cephx\;none:\ mon_host=mon1.example.org\:6321,password-secret=$alias,... where the 'id=' value is the secret object alias generated by concatenating the disk alias and "-aesKey0". The 'keyid= $masterKey' is the master key shared with qemu, and the -drive syntax will reference that alias as the 'password-secret'. For the -drive syntax, the 'id=myname' is kept to define the username, while the 'key=$base64 encoded secret' is removed. While according to the syntax described for qemu commit '60390a21' or as seen in the email archive: https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg04083.html it is possible to pass a plaintext password via a file, the qemu commit 'ac1d8878' describes the more feature rich 'keyid=' option based upon the shared masterKey. Add tests for checking/comparing output. NB: For hotplug, since the hotplug code doesn't add command line arguments, passing the encoded secret directly to the monitor will suffice.
2016-04-11 15:26:14 +00:00
qemu: set default vhost-user ifname Based on work of Mehdi Abaakouk <sileht@sileht.net>. When parsing vhost-user interface XML and no ifname is found we can try to fill it in in post parse callback. The way this works is we try to make up interface name from given socket path and then ask openvswitch whether it knows the interface. Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-12-22 09:33:28 +00:00
int
tests: use G_GNUC_UNUSED Use G_GNUC_UNUSED from GLib instead of ATTRIBUTE_UNUSED. Signed-off-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-10-14 12:45:03 +00:00
virNetDevOpenvswitchGetVhostuserIfname(const char *path G_GNUC_UNUSED,
virnetdevopenvswitch: Get names for dpdkvhostuserclient too There are two types of vhostuser ports: dpdkvhostuser - OVS creates the socket and QEMU connects to it dpdkvhostuserclient - QEMU creates the socket and OVS connects to it But of course ovs-vsctl syntax for fetching ifname is different. So far, we've implemented the former. The lack of implementation for the latter means that we are not detecting the interface name and thus not reporting it in domain XML, or failing to get interface statistics. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1767013 Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2019-11-06 10:59:22 +00:00
bool server G_GNUC_UNUSED,
qemu: set default vhost-user ifname Based on work of Mehdi Abaakouk <sileht@sileht.net>. When parsing vhost-user interface XML and no ifname is found we can try to fill it in in post parse callback. The way this works is we try to make up interface name from given socket path and then ask openvswitch whether it knows the interface. Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-12-22 09:33:28 +00:00
char **ifname)
{
Use g_strdup where VIR_STRDUP's return value was propagated All the callers of these functions only check for a negative return value. However, virNetDevOpenvswitchGetVhostuserIfname is documented as returning 1 for openvswitch interfaces so preserve that. Signed-off-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-10-20 10:55:05 +00:00
*ifname = g_strdup("vhost-user0");
return 1;
qemu: set default vhost-user ifname Based on work of Mehdi Abaakouk <sileht@sileht.net>. When parsing vhost-user interface XML and no ifname is found we can try to fill it in in post parse callback. The way this works is we try to make up interface name from given socket path and then ask openvswitch whether it knows the interface. Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-12-22 09:33:28 +00:00
}
tests: mock qemuInterfaceOpenVhostNet This functions contains logic that tries to use vhost for virtio interfaces, even if <driver name='vhost'/> was not supplied. In this case, a failure is non-fatal. On my system, /dev/vhost-net was not accessible to the user running 'make check', but we should not depend on that. Mock it to prevent accessing /dev/vhost-net and return some predictable file descriptor numbers instead. Introduced by commit c1f684e - deprecate QEMU_CAPS_VHOST_NET. Signed-off-by: Ján Tomko <jtomko@redhat.com> Reported-by: Jiří Denemark <jdenemar@redhat.com> Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
2018-04-17 10:11:17 +00:00
int
qemu: Convert passing of 'vhostfd' to 'qemuFDPassDirect' Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-05-16 13:08:05 +00:00
qemuInterfaceOpenVhostNet(virDomainObj *vm G_GNUC_UNUSED,
qemu: Move opening of vhost file descriptors for net devices into qemuBuildInterfaceConnect Use the new infrastructure which stores the fds inside 'qemuFDPass' objects in the private data. Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Jonathon Jongsma <jjongsma@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-05-09 15:42:08 +00:00
virDomainNetDef *net)
tests: mock qemuInterfaceOpenVhostNet This functions contains logic that tries to use vhost for virtio interfaces, even if <driver name='vhost'/> was not supplied. In this case, a failure is non-fatal. On my system, /dev/vhost-net was not accessible to the user running 'make check', but we should not depend on that. Mock it to prevent accessing /dev/vhost-net and return some predictable file descriptor numbers instead. Introduced by commit c1f684e - deprecate QEMU_CAPS_VHOST_NET. Signed-off-by: Ján Tomko <jtomko@redhat.com> Reported-by: Jiří Denemark <jdenemar@redhat.com> Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
2018-04-17 10:11:17 +00:00
{
qemu: Move opening of vhost file descriptors for net devices into qemuBuildInterfaceConnect Use the new infrastructure which stores the fds inside 'qemuFDPass' objects in the private data. Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Jonathon Jongsma <jjongsma@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-05-09 15:42:08 +00:00
qemuDomainNetworkPrivate *netpriv = QEMU_DOMAIN_NETWORK_PRIVATE(net);
size_t vhostfdSize = net->driver.virtio.queues;
tests: mock qemuInterfaceOpenVhostNet This functions contains logic that tries to use vhost for virtio interfaces, even if <driver name='vhost'/> was not supplied. In this case, a failure is non-fatal. On my system, /dev/vhost-net was not accessible to the user running 'make check', but we should not depend on that. Mock it to prevent accessing /dev/vhost-net and return some predictable file descriptor numbers instead. Introduced by commit c1f684e - deprecate QEMU_CAPS_VHOST_NET. Signed-off-by: Ján Tomko <jtomko@redhat.com> Reported-by: Jiří Denemark <jdenemar@redhat.com> Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
2018-04-17 10:11:17 +00:00
size_t i;
qemu: Move opening of vhost file descriptors for net devices into qemuBuildInterfaceConnect Use the new infrastructure which stores the fds inside 'qemuFDPass' objects in the private data. Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Jonathon Jongsma <jjongsma@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-05-09 15:42:08 +00:00
if (!vhostfdSize)
vhostfdSize = 1;
if (!virDomainNetIsVirtioModel(net))
tests: mock qemuInterfaceOpenVhostNet This functions contains logic that tries to use vhost for virtio interfaces, even if <driver name='vhost'/> was not supplied. In this case, a failure is non-fatal. On my system, /dev/vhost-net was not accessible to the user running 'make check', but we should not depend on that. Mock it to prevent accessing /dev/vhost-net and return some predictable file descriptor numbers instead. Introduced by commit c1f684e - deprecate QEMU_CAPS_VHOST_NET. Signed-off-by: Ján Tomko <jtomko@redhat.com> Reported-by: Jiří Denemark <jdenemar@redhat.com> Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
2018-04-17 10:11:17 +00:00
return 0;
qemu: Move opening of vhost file descriptors for net devices into qemuBuildInterfaceConnect Use the new infrastructure which stores the fds inside 'qemuFDPass' objects in the private data. Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Jonathon Jongsma <jjongsma@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-05-09 15:42:08 +00:00
for (i = 0; i < vhostfdSize; i++) {
qemu: Convert passing of 'vhostfd' to 'qemuFDPassDirect' Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-05-16 13:08:05 +00:00
g_autofree char *name = g_strdup_printf("vhostfd-%s%zu", net->info.alias, i);
qemu: Move opening of vhost file descriptors for net devices into qemuBuildInterfaceConnect Use the new infrastructure which stores the fds inside 'qemuFDPass' objects in the private data. Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Jonathon Jongsma <jjongsma@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-05-09 15:42:08 +00:00
int fd = STDERR_FILENO + 42 + i;
qemu: Convert passing of 'vhostfd' to 'qemuFDPassDirect' Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-05-16 13:08:05 +00:00
netpriv->vhostfds = g_slist_prepend(netpriv->vhostfds, qemuFDPassDirectNew(name, &fd));
tests: mock qemuInterfaceOpenVhostNet This functions contains logic that tries to use vhost for virtio interfaces, even if <driver name='vhost'/> was not supplied. In this case, a failure is non-fatal. On my system, /dev/vhost-net was not accessible to the user running 'make check', but we should not depend on that. Mock it to prevent accessing /dev/vhost-net and return some predictable file descriptor numbers instead. Introduced by commit c1f684e - deprecate QEMU_CAPS_VHOST_NET. Signed-off-by: Ján Tomko <jtomko@redhat.com> Reported-by: Jiří Denemark <jdenemar@redhat.com> Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
2018-04-17 10:11:17 +00:00
}
qemu: Move opening of vhost file descriptors for net devices into qemuBuildInterfaceConnect Use the new infrastructure which stores the fds inside 'qemuFDPass' objects in the private data. Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Jonathon Jongsma <jjongsma@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-05-09 15:42:08 +00:00
netpriv->vhostfds = g_slist_reverse(netpriv->vhostfds);
tests: mock qemuInterfaceOpenVhostNet This functions contains logic that tries to use vhost for virtio interfaces, even if <driver name='vhost'/> was not supplied. In this case, a failure is non-fatal. On my system, /dev/vhost-net was not accessible to the user running 'make check', but we should not depend on that. Mock it to prevent accessing /dev/vhost-net and return some predictable file descriptor numbers instead. Introduced by commit c1f684e - deprecate QEMU_CAPS_VHOST_NET. Signed-off-by: Ján Tomko <jtomko@redhat.com> Reported-by: Jiří Denemark <jdenemar@redhat.com> Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
2018-04-17 10:11:17 +00:00
return 0;
}
qemu: support passing pre-opened UNIX socket listen FD There is a race condition when spawning QEMU where libvirt has spawned QEMU but the monitor socket is not yet open. Libvirt has to repeatedly try to connect() to QEMU's monitor until eventually it succeeds, or times out. We use kill() to check if QEMU is still alive so we avoid waiting a long time if QEMU exited, but having a timeout at all is still unpleasant. With QEMU 2.12 we can pass in a pre-opened FD for UNIX domain or TCP sockets. If libvirt has called bind() and listen() on this FD, then we have a guarantee that libvirt can immediately call connect() and succeed without any race. Although we only really care about this for the monitor socket and agent socket, this patch does FD passing for all UNIX socket based character devices since there appears to be no downside to it. We don't do FD passing for TCP sockets, however, because it is only possible to pass a single FD, while some hostnames may require listening on multiple FDs to cover IPv4 and IPv6 concurrently. Reviewed-by: John Ferlan <jferlan@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-03-14 12:16:11 +00:00
int
tests: use G_GNUC_UNUSED Use G_GNUC_UNUSED from GLib instead of ATTRIBUTE_UNUSED. Signed-off-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-10-14 12:45:03 +00:00
qemuOpenChrChardevUNIXSocket(const virDomainChrSourceDef *dev G_GNUC_UNUSED)
qemu: support passing pre-opened UNIX socket listen FD There is a race condition when spawning QEMU where libvirt has spawned QEMU but the monitor socket is not yet open. Libvirt has to repeatedly try to connect() to QEMU's monitor until eventually it succeeds, or times out. We use kill() to check if QEMU is still alive so we avoid waiting a long time if QEMU exited, but having a timeout at all is still unpleasant. With QEMU 2.12 we can pass in a pre-opened FD for UNIX domain or TCP sockets. If libvirt has called bind() and listen() on this FD, then we have a guarantee that libvirt can immediately call connect() and succeed without any race. Although we only really care about this for the monitor socket and agent socket, this patch does FD passing for all UNIX socket based character devices since there appears to be no downside to it. We don't do FD passing for TCP sockets, however, because it is only possible to pass a single FD, while some hostnames may require listening on multiple FDs to cover IPv4 and IPv6 concurrently. Reviewed-by: John Ferlan <jferlan@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-03-14 12:16:11 +00:00
{
/* We need to return an FD number for a UNIX listener socket,
* which will be given to QEMU via a CLI arg. We need a fixed
* number to get stable tests. This is obviously not a real
* FD number, so when virCommand closes the FD in the parent
* it will get EINVAL, but that's (hopefully) not going to
* be a problem....
*/
if (fcntl(1729, F_GETFD) != -1)
abort();
return 1729;
}
tests: qemuxml2argv: modernize TPM passthrough tests All supported qemus support FD passing so modify the tests to test the proper code path. Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-08-14 11:50:01 +00:00
int
tests: use G_GNUC_UNUSED Use G_GNUC_UNUSED from GLib instead of ATTRIBUTE_UNUSED. Signed-off-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-10-14 12:45:03 +00:00
qemuBuildTPMOpenBackendFDs(const char *tpmdev G_GNUC_UNUSED,
tests: qemuxml2argv: modernize TPM passthrough tests All supported qemus support FD passing so modify the tests to test the proper code path. Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-08-14 11:50:01 +00:00
int *tpmfd,
int *cancelfd)
{
if (fcntl(1730, F_GETFD) != -1 ||
fcntl(1731, F_GETFD) != -1)
abort();
*tpmfd = 1730;
*cancelfd = 1731;
return 0;
}
qemu: Set noqueue qdisc for TAP devices By default, pfifo_fast queueing discipline (qdisc) is set on newly created interfaces (including TAPs). This qdisc has three queues and packets that want to be sent through given NIC are placed into one of the queues based on TOS field. Queues are then emptied based on their priority allowing interactive sessions stay interactive whilst something else is downloading a large file. Obviously, this means that kernel has to be involved and some locking has to happen (when placing packets into queues). If virtualization is taken into account then the above algorithm happens twice - once in the guest and the second time in the host. This is arguably not optimal as it burns host CPU cycles needlessly. Guest already made it choice and sent packets in the order it wants. To resolve this, Linux kernel offers 'noqueue' qdisc which can be applied on virtual interfaces and in fact for 'lo' it is by default: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue Set it for other TAP devices we create for domains too. With this change I was able to squeeze 1Mbps more from a macvtap attached to a guest and to my 1Gbps LAN (as measured by iperf3). Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1329644 Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2020-10-08 14:22:50 +00:00
int
virnetdev: move virNetDevSetRootQDisc to virnetdevbandwidth The function in question uses "tc" binary so virnetdevbandwidth feels like better place for it. Signed-off-by: Pavel Hrdina <phrdina@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2021-04-14 22:34:48 +00:00
virNetDevBandwidthSetRootQDisc(const char *ifname G_GNUC_UNUSED,
const char *qdisc G_GNUC_UNUSED)
qemu: Set noqueue qdisc for TAP devices By default, pfifo_fast queueing discipline (qdisc) is set on newly created interfaces (including TAPs). This qdisc has three queues and packets that want to be sent through given NIC are placed into one of the queues based on TOS field. Queues are then emptied based on their priority allowing interactive sessions stay interactive whilst something else is downloading a large file. Obviously, this means that kernel has to be involved and some locking has to happen (when placing packets into queues). If virtualization is taken into account then the above algorithm happens twice - once in the guest and the second time in the host. This is arguably not optimal as it burns host CPU cycles needlessly. Guest already made it choice and sent packets in the order it wants. To resolve this, Linux kernel offers 'noqueue' qdisc which can be applied on virtual interfaces and in fact for 'lo' it is by default: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue Set it for other TAP devices we create for domains too. With this change I was able to squeeze 1Mbps more from a macvtap attached to a guest and to my 1Gbps LAN (as measured by iperf3). Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1329644 Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2020-10-08 14:22:50 +00:00
{
return 0;
}
qemu: add vdpa support Enable <interface type='vdpa'> for qemu domains. This provides basic support and does not support hotplug or migration. Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com> Reviewed-by: Laine Stump <laine@redhat.com>
2020-10-14 17:08:27 +00:00
int
qemu: make vdpa connect function more generic qemuInterfaceVDPAConnect() was a helper function for connecting to the vdpa device file. But in order to support other vdpa devices besides network interfaces (e.g. vdpa block devices) make this function a bit more generic. Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2023-05-30 20:33:46 +00:00
qemuVDPAConnect(const char *devicepath G_GNUC_UNUSED)
qemu: add vdpa support Enable <interface type='vdpa'> for qemu domains. This provides basic support and does not support hotplug or migration. Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com> Reviewed-by: Laine Stump <laine@redhat.com>
2020-10-14 17:08:27 +00:00
{
if (fcntl(1732, F_GETFD) != -1)
abort();
return 1732;
}
src: elevate current identity privilege when fetching secret When fetching the value of a private secret, we need to use an elevated identity otherwise the secret driver will deny access. When using the modular daemons, the elevated identity needs to be active before the secret driver connection is opened, and it will apply to all APIs calls made on that conncetion. When using the monolithic daemon, the identity at time of opening the connection is ignored, and the elevated identity needs to be active precisely at the time the virSecretGetValue API call is made. After acquiring the secret value, the elevated identity should be cleared. This sounds complex, but is fairly straightfoward with the automatic cleanup callbacks. Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-05-07 15:53:40 +00:00
char *
virIdentityEnsureSystemToken(void)
{
return g_strdup("3de80bcbf22d4833897f1638e01be9b2");
}
Reference in New Issue Copy Permalink