Commit Graph

20536 Commits

Author SHA1 Message Date
Ján Tomko
c5cc88c323 api: disallow virConnectGetDomainCapabilities on read-only connections
This API can be used to execute arbitrary emulators.
Forbid it on read-only connections.

Fixes: CVE-2019-10167
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit 8afa68bac0)
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2019-06-24 10:26:30 +02:00
Ján Tomko
99ac102b83 api: disallow virDomainSaveImageGetXMLDesc on read-only connections
The virDomainSaveImageGetXMLDesc API is taking a path parameter,
which can point to any path on the system. This file will then be
read and parsed by libvirtd running with root privileges.

Forbid it on read-only connections.

Fixes: CVE-2019-10161
Reported-by: Matthias Gerstner <mgerstner@suse.de>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit aed6a032ce)
Signed-off-by: Ján Tomko <jtomko@redhat.com>

Conflicts:
  src/libvirt-domain.c
  src/remote/remote_protocol.x

Upstream commit 12a51f372 which introduced the VIR_DOMAIN_SAVE_IMAGE_XML_SECURE
alias for VIR_DOMAIN_XML_SECURE is not backported.
Just skip the commit since we now disallow the whole API on read-only
connections, regardless of the flag.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
2019-06-24 10:26:29 +02:00
Jiri Denemark
8c30687b71 qemu: Let empty default VNC password work as documented
CVE-2016-5008

Setting an empty graphics password is documented as a way to disable
VNC/SPICE access, but QEMU does not always behaves like that. VNC would
happily accept the empty password. Let's enforce the behavior by setting
password expiration to "now".

https://bugzilla.redhat.com/show_bug.cgi?id=1180092

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
(cherry picked from commit bb848feec0)
2016-06-30 12:50:38 +01:00
Eric Blake
edeef640db CVE-2015-5313: storage: don't allow '/' in filesystem volume names
The libvirt file system storage driver determines what file to
act on by concatenating the pool location with the volume name.
If a user is able to pick names like "../../../etc/passwd", then
they can escape the bounds of the pool.  For that matter,
virStoragePoolListVolumes() doesn't descend into subdirectories,
so a user really shouldn't use a name with a slash.

Normally, only privileged users can coerce libvirt into creating
or opening existing files using the virStorageVol APIs; and such
users already have full privilege to create any domain XML (so it
is not an escalation of privilege).  But in the case of
fine-grained ACLs, it is feasible that a user can be granted
storage_vol:create but not domain:write, and it violates
assumptions if such a user can abuse libvirt to access files
outside of the storage pool.

Therefore, prevent all use of volume names that contain "/",
whether or not such a name is actually attempting to escape the
pool.

This changes things from:

$ virsh vol-create-as default ../../../../../../etc/haha --capacity 128
Vol ../../../../../../etc/haha created
$ rm /etc/haha

to:

$ virsh vol-create-as default ../../../../../../etc/haha --capacity 128
error: Failed to create vol ../../../../../../etc/haha
error: Requested operation is not valid: volume name '../../../../../../etc/haha' cannot contain '/'

Signed-off-by: Eric Blake <eblake@redhat.com>
(cherry picked from commit 034e47c338)
2015-12-12 20:53:43 -07:00
Daniel Veillard
439760214c Release of libvirt-1.2.20
* docs/news.html.in libvirt.spec.in: update for new release
* po/*.po*: regenerate localization
2015-10-02 13:17:16 +02:00
Cole Robinson
68572de822 qemu: Fix dynamic_ownership qemu.conf setting
Commit 307fb904 (Sep 10) added a 'privileged' variable when creating
the DAC driver:

@@ -153,6 +157,7 @@ virSecurityManagerNewDAC(const char *virtDriver,
                          bool defaultConfined,
                          bool requireConfined,
                          bool dynamicOwnership,
+                         bool privileged,
                          virSecurityManagerDACChownCallback chownCallback)

But argument order is mixed up at the caller, swapping dynamicOwnership
and privileged values. This corrects the argument order

https://bugzilla.redhat.com/show_bug.cgi?id=1266628
2015-09-29 08:26:52 -04:00
Michal Privoznik
d72a8f7465 virsh: Preserve startupPolicy in change-media command
https://bugzilla.redhat.com/show_bug.cgi?id=1250331

Even after my rework of startupPolicy handling, one command
slipped my attention. The change-media command has a very unique
approach to constructing disk XML. However, it will not preserve
startupPolicy attribute.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-09-29 13:29:29 +02:00
Ján Tomko
1b5685dada Create a shallow copy for volume building only if supported
Since the previous commit, the shallow copy is only used inside
the if (backend->buildVol) if.
2015-09-29 10:45:01 +02:00
Ján Tomko
56a4e9cb61 Update pool allocation with new values on volume creation
Since commit e0139e3, we update the pool allocation with
the user-provided allocation values.

For qcow2, the allocation is ignored for volume building,
but we still subtracted it from pool's allocation.
This can result in interesting values if the user-provided
allocation is large enough:

Capacity:       104.71 GiB
Allocation:     109.13 GiB
Available:      16.00 EiB

We already do a VolRefresh on volume creation. Also refresh
the volume after creating and use the new value to update the pool.

https://bugzilla.redhat.com/show_bug.cgi?id=1163091
2015-09-29 10:45:01 +02:00
John Ferlan
5e06a4f063 conf: Fix virtType check
Commit id '7383b8cc' changed virDomainDef 'virtType' to an enum, that
caused a build failure on some archs due to comparing an unsigned value
to < 0.  Adjust the fetch of 'type' to be into temporary 'int virtType'
and then assign that virtType to the def->virtType
2015-09-25 17:33:05 -04:00
Shivangi Dhir
7383b8cc06 qemu: Make virtType of type virDomainVirtType
Earlier virtType was of type int. After, introducing the enum VIR_DOMAIN_VIRT_NONE,
the type of virtType is modified to virDomainVirtType.
2015-09-25 15:34:09 -04:00
Shivangi Dhir
62569e45ea conf: Add new VIR_DOMAIN_VIRT_NONE enum
Introduce VIR_DOMAIN_VIRT_NONE to give domaintype the default value of zero.
This is specially helpful in constructing better error messages
when we don't want to look up the default emulator by virtType.

The test data in vircapstest.c is also modified to reflect this change.
2015-09-25 15:33:53 -04:00
Guido Günther
fd00f0e6c7 Use daemon log facility for journald
otherwise messages end up in /var/log/kern.log if journald forwards to
syslog.

Reference: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799633
2015-09-25 16:22:39 +02:00
Michal Privoznik
1fb8ac4c79 tools: Link libvirt.la and readline to libvirt_shell.a
So, our mingw build is broken. It's because while libvirt_shell
library is using some of our internal APIs, e.g. virStrndup, and
readline API but it's not being linked with nor libvirt.la nor
libreadline.  Only subsequent users of the library, like virsh,
do link to the needed libraries. In fact, I'm surprised Linux
linker doesn't care, because how can it make a static library
with missing symbols is mystery to me.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-09-25 14:33:06 +02:00
Andrea Bolognani
08e5d1efcf maint: Remove control characters from LGPL license file 2015-09-25 09:16:24 +02:00
Jiri Denemark
c0806dc30b domain: Fix migratable XML with graphics/@listen
As of commit 6992994, we set graphics/@listen attribute according to the
first listen child element even if that element is of type='network'.
This was done for backward compatibility with applications which only
support the original listen attribute. However, by doing so we broke
migration to older libvirt which tried to check that the listen
attribute matches one of the listen child elements but which did not
take type='network' elements into account.

We are not concerned about compatibility with old applications when
formatting domain XML for migration for two reasons. The XML is consumed
only by libvirtd and the IP address associated with type='network'
listen address on the source host is just useless on the destination
host. Thus, we can safely avoid propagating the type='network' IP
address to graphics/@listen attribute when creating migratable XML.

https://bugzilla.redhat.com/show_bug.cgi?id=1265111

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2015-09-24 17:07:33 +02:00
Erik Skultety
2d9fcb3102 vsh: create a noinstall libvirt_shell library
Instead of referencing vsh sources in all relevant client targets,
create a library that the client can link against.
2015-09-24 16:58:28 +02:00
John Ferlan
a73c67b6cc qemu: Resolve Coverity RESOURCE_LEAK
This seemed to be more of a false positive as for some reason Coverity
was missing the "ret < 0" goto error condition and somehow believing that
event could be overwritten.  At first I thought it was just the ret != 0
condition difference, but it wasn't.

In any case, make use of the recent change to qemuDomainEventQueue to
check event == NULL and just pass it as a parameter directly in the
error path. That avoids the error.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2015-09-24 09:53:39 -04:00
John Ferlan
83cbbbef45 qemu: Clean up ret in qemuDomainSaveMemory and qemuDomainSaveInternal
As it turns out, ret can only be 0 or -1, so rather than have some comparisons
be "ret < 0" and others be "ret != 0", make them all "ret < 0".
2015-09-24 09:53:39 -04:00
John Ferlan
ace8e2276e qemu: Resolve Coverity CHECKED_RETURN
Coverity complains that return from virHookCall is not checked in
one place in qemuProcessStop.  Since the comment notes that we cannot
stop the operation even it if fails, just added the ignore_value.
2015-09-24 09:53:39 -04:00
John Ferlan
35369a7d48 virsh: Resolve Coverity DEADCODE
Use 'dead_error_condition' instead of 'dead_error_begin'
2015-09-24 09:53:38 -04:00
John Ferlan
a36b0ad2d5 tests: Resolve Coverity RESOURCE_LEAK
The cleanup path did not clear the reference for sk1 and sk2

Signed-off-by: John Ferlan <jferlan@redhat.com>
2015-09-24 09:53:38 -04:00
John Ferlan
6743809dbf tests: Resolve Coverity RESOURCE_LEAK
In the error path need to unref the 'caps' as well

Signed-off-by: John Ferlan <jferlan@redhat.com>
2015-09-24 09:53:38 -04:00
Michal Privoznik
a2ac63af0e virDomainRestore: Don't keep transient domains around
So while working on my previous patches, I've noticed that
virDomainRestore implementation in qemu and test drivers has the
same problem as I am fixing.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-09-24 10:52:38 +02:00
Michal Privoznik
f41be29635 qemu: Move vm->persistent check into qemuDomainRemoveInactive
So far we have the following pattern occurring over and over
again:

  if (!vm->persistent)
      qemuDomainRemoveInactive(driver, vm);

It's safe to put the check into the function and save some LoC.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-09-24 10:52:38 +02:00
Michal Privoznik
c99b8cec82 virDomainCreateXML: Make domain definition transient
https://bugzilla.redhat.com/show_bug.cgi?id=871452

So, you want to create a domain from XML. The domain already
exists in libvirt's database of domains. It's okay, because name
and UUID matches. However, on domain startup, internal
representation of the domain is overwritten with your XML even
though we claim that the XML you've provided is a transient one.
The bug is to be found across nearly all the drivers.
Le sigh.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-09-24 10:52:38 +02:00
Michal Privoznik
37405b9109 virDomainCreateXML: Don't remove persistent domains on error
https://bugzilla.redhat.com/show_bug.cgi?id=871452

Okay, so we allow users to 'virsh create' an already existing
domain, providing completely different XML than the one stored in
Libvirt. Well, as long as name and UUID matches. However, in some
drivers the code that handles errors unconditionally removes the
domain that failed to start even though the domain might have
been persistent. Fortunately, the domain is removed just from the
internal list of domains and the config file is kept around.

Steps to reproduce:

1) virsh dumpxml $dom > /tmp/dom.xml
2) change XML so that it is still parse-able but won't boot, e.g.
change guest agent path to /foo/bar
3) virsh create /tmp/dom.xml
4) virsh dumpxml $dom
5) Observe "No such domain" error

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-09-24 10:52:37 +02:00
Michal Privoznik
3824c19df8 docs: Add yet another libvirt based app
As announced on the list [1], Cherrypop is a management
application based on libvirt. It's a decentralized cloud software
with nice scaling ability.

1: https://www.redhat.com/archives/libvir-list/2015-September/msg00670.html

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-09-24 10:45:28 +02:00
Martin Kletzander
54cf313cdd Remove redundand assignment
I initially added this in order to keep the code more error-prone to
following additions, but it seems it's still frowned upon.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-09-24 10:20:33 +02:00
Michal Privoznik
cde3b97a26 qemuDomainDeviceDefPostParse: Drop useless checks
Now that virQEMUDriverCreateXMLConf is never called with NULL
(after 086f37e97a) we can safely drop useless check in
qemuDomainDeviceDefPostParse as we are guaranteed to be always
called with the driver initialized. Therefore checking if driver
is NULL makes no sense. Moreover, if we mix it with direct driver
dereference. And after that, we are sure that nor @cfg will be
NULL, therefore we can drop checks for that too.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-09-24 07:31:47 +02:00
Peter Krempa
7acfb940f7 virsh: Fix job status indicator for 0 length block jobs
Although 0 length block jobs aren't entirely useful, the output of virsh
blockjob is empty due to the condition that suppresses the output for
migration jobs that did not start. Since the only place that actually
uses the condition that suppresses the output is in migration, let's
move the check there and thus add support for 0 of 0 equaling to 100%.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1196711
2015-09-23 15:06:56 +02:00
Peter Krempa
d7a0386e22 qemu: Refresh memory size only on fresh starts
Qemu unfortunately doesn't update internal state right after migration
and so the actual balloon size as returned by 'query-balloon' are
invalid for a while after the CPUs are started after migration. If we'd
refresh our internal state at this point we would report invalid current
memory size until the next balloon event would arrive.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1242940
2015-09-23 14:22:29 +02:00
Peter Krempa
624ec1c2f9 qemu: Align memory module sizes to 2MiB
My original implementation was based on a qemu version that still did
not have all the checks in place. Using sizes that would align to odd
megabyte increments will produce the following error:

qemu-kvm: -device pc-dimm,node=0,memdev=memdimm0,id=dimm0: backend memory size must be multiple of 0x200000
qemu-kvm: -device pc-dimm,node=0,memdev=memdimm0,id=dimm0: Device 'pc-dimm' could not be initialized

Introduce an alignment retrieval function for memory devices and use it
to align the devices separately and modify a test case to verify it.
2015-09-23 13:54:54 +02:00
Jiri Denemark
035947eb87 virsh: Notify users about disconnects
After my "client rpc: Report proper error for keepalive disconnections"
patch, virsh would no long print a warning when it closes a connection
to a daemon after a keepalive timeout. Although the warning

    virsh # 2015-09-15 10:59:26.729+0000: 642080: info :
    libvirt version: 1.2.19
    2015-09-15 10:59:26.729+0000: 642080: warning :
    virKeepAliveTimerInternal:143 : No response from client
    0x7efdc0a46730 after 1 keepalive messages in 2 seconds

was pretty ugly, it was still useful. This patch brings the useful part
back while making it much nicer:

virsh # error: Disconnected from qemu:///system due to keepalive timeout

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2015-09-23 13:09:50 +02:00
Jiri Denemark
adf3be57df client rpc: Process pending data on error
Even though we hit an error in client's IO loop, we still want to
process any pending data. So instead of reporting the error right away,
we can finish the current iteration and report the error once we're done
with it. Note that the error is stored in client->error by
virNetClientMarkClose so we don't need to worry about it being reset or
rewritten by any API we call in the meantime.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2015-09-23 13:09:50 +02:00
Jiri Denemark
c91776d5ff client rpc: Report proper error for keepalive disconnections
Whenever a connection was closed due to keepalive timeout, we would log
a warning but the interrupted API would return rather useless generic
error:

    internal error: received hangup / error event on socket

Let's report a proper keepalive timeout error and make sure it is
propagated to all pending APIs. The error should be better now:

    internal error: connection closed due to keepalive timeout

Based on an old patch from Martin Kletzander.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2015-09-23 13:09:49 +02:00
Luyao Huang
363995b029 conf: escape string for disk driver name attribute
Just like e92e5ba1, this attribute was missed.

Signed-off-by: Luyao Huang <lhuang@redhat.com>
2015-09-23 11:46:16 +02:00
Martin Kletzander
d772a70faa Use VIR_DIV_UP macro where possible
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-09-23 11:45:59 +02:00
Luyao Huang
789bdd7dea Makefile: fix build fail when make rpm
Build fail and error like this:

  CC       qemu/libvirt_driver_qemu_impl_la-qemu_command.lo
qemu/qemu_capabilities.c:46:27: fatal error: qemu_capspriv.h: No such file or directory
 #include "qemu_capspriv.h"

Add qemu_capspriv.h to source.

Signed-off-by: Luyao Huang <lhuang@redhat.com>
2015-09-23 08:06:56 +02:00
Cole Robinson
dae1250b24 spec: Fix some warnings with latest rpmbuild
$ rpmbuild -ba libvirt.spec
warning: Macro expanded in comment on line 5: # If neither fedora nor rhel was defined, try to guess them from %{dist}

warning: Macro %enable_autotools defined but not used within scope
warning: Macro %client_only defined but not used within scope
...
2015-09-22 15:57:23 -04:00
Michal Privoznik
086f37e97a tests: Avoid use of virQEMUDriverCreateXMLConf(NULL)
We use the function to create a virDomainXMLOption object that is
required for some functions. However, we don't pass the driver
pointer to the object anywhere - rather than pass NULL. This
causes trouble later when parsing a domain XML and calling post
parse callbacks:

  Program received signal SIGSEGV, Segmentation fault.
  0x000000000043fa3e in qemuDomainDefPostParse (def=0x7d36c0, caps=0x7caf10, opaque=0x0) at qemu/qemu_domain.c:1043
  1043        qemuCaps = virQEMUCapsCacheLookup(driver->qemuCapsCache, def->emulator);
  (gdb) bt
  #0  0x000000000043fa3e in qemuDomainDefPostParse (def=0x7d36c0, caps=0x7caf10, opaque=0x0) at qemu/qemu_domain.c:1043
  #1  0x00007ffff2928bf9 in virDomainDefPostParse (def=0x7d36c0, caps=0x7caf10, xmlopt=0x7c82c0) at conf/domain_conf.c:4269
  #2  0x00007ffff294de04 in virDomainDefParseXML (xml=0x7da8c0, root=0x7dab80, ctxt=0x7da980, caps=0x7caf10, xmlopt=0x7c82c0, flags=0) at conf/domain_conf.c:16400
  #3  0x00007ffff294e5b5 in virDomainDefParseNode (xml=0x7da8c0, root=0x7dab80, caps=0x7caf10, xmlopt=0x7c82c0, flags=0) at conf/domain_conf.c:16582
  #4  0x00007ffff294e424 in virDomainDefParse (xmlStr=0x0, filename=0x7c7ef0 "/home/zippy/work/libvirt/libvirt.git/tests/securityselinuxlabeldata/disks.xml", caps=0x7caf10, xmlopt=0x7c82c0, flags=0) at conf/domain_conf.c:16529
  #5  0x00007ffff294e4b2 in virDomainDefParseFile (filename=0x7c7ef0 "/home/zippy/work/libvirt/libvirt.git/tests/securityselinuxlabeldata/disks.xml", caps=0x7caf10, xmlopt=0x7c82c0, flags=0) at conf/domain_conf.c:16553
  #6  0x00000000004303ca in testSELinuxLoadDef (testname=0x53c929 "disks") at securityselinuxlabeltest.c:192
  #7  0x00000000004309e8 in testSELinuxLabeling (opaque=0x53c929) at securityselinuxlabeltest.c:313
  #8  0x0000000000431207 in virtTestRun (title=0x53c92f "Labelling \"disks\"", body=0x430964 <testSELinuxLabeling>, data=0x53c929) at testutils.c:211
  #9  0x0000000000430c5d in mymain () at securityselinuxlabeltest.c:373
  #10 0x00000000004325c2 in virtTestMain (argc=1, argv=0x7fffffffd7e8, func=0x430b4a <mymain>) at testutils.c:863
  #11 0x0000000000430deb in main (argc=1, argv=0x7fffffffd7e8) at securityselinuxlabeltest.c:381

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-09-22 17:05:16 +02:00
Michal Privoznik
b1dc59b395 qemuTestDriverInit: init the driver lock too
Even though usage of the lock is limited to a very few cases,
it's still needed. Therefore we should initialize it too.
Otherwise we may get some random test failures:

==1204== Conditional jump or move depends on uninitialised value(s)
==1204==    at 0xEF7F7CF: pthread_mutex_lock (in /lib64/libpthread-2.20.so)
==1204==    by 0x9CA89A5: virMutexLock (virthread.c:89)
==1204==    by 0x450B2A: qemuDriverLock (qemu_conf.c:83)
==1204==    by 0x45549C: virQEMUDriverGetConfig (qemu_conf.c:869)
==1204==    by 0x448E29: qemuDomainDeviceDefPostParse (qemu_domain.c:1240)
==1204==    by 0x9CC9B13: virDomainDeviceDefPostParse (domain_conf.c:4224)
==1204==    by 0x9CC9B91: virDomainDefPostParseDeviceIterator (domain_conf.c:4251)
==1204==    by 0x9CC7843: virDomainDeviceInfoIterateInternal (domain_conf.c:3440)
==1204==    by 0x9CC9C25: virDomainDefPostParse (domain_conf.c:4276)
==1204==    by 0x9CEEE03: virDomainDefParseXML (domain_conf.c:16400)
==1204==    by 0x9CEF5B4: virDomainDefParseNode (domain_conf.c:16582)
==1204==    by 0x9CEF423: virDomainDefParse (domain_conf.c:16529)

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-09-22 17:05:16 +02:00
John Ferlan
ec6754db57 Revert "qemu: Fix integer/boolean logic in qemuSetUnprivSGIO"
This reverts commit 69b850fe2a.

This change broke the ability to "clear" or reset unfiltered back
to filtered.
2015-09-22 10:17:36 -04:00
Peter Krempa
3b2db51430 test: Add test to validate that memory sizes don't get updated on migration 2015-09-22 16:09:28 +02:00
Peter Krempa
bd874b6c42 qemu: ppc64: Align memory sizes to 256MiB blocks
For some machine types ppc64 machines now require that memory sizes are
aligned to 256MiB increments (due to the dynamically reconfigurable
memory). As now we treat existing configs reasonably in regards to
migration, we can round all the sizes unconditionally. The only drawback
will be that the memory size of a VM can potentially increase by
(256MiB - 1byte) * number_of_NUMA_nodes.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1249006
2015-09-22 16:09:28 +02:00
Peter Krempa
c7d7ba85a6 qemu: command: Align memory sizes only on fresh starts
When we are starting a qemu process for an incomming migration or
snapshot reloading we should not modify the memory sizes in the domain
since we could potentially change the guest ABI that was tediously
checked before. Additionally the function now updates the initial memory
size according to the NUMA node size, which should not happen if we are
restoring state.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1252685
2015-09-22 16:09:28 +02:00
Peter Krempa
0fed5a7bc7 conf: Don't always recalculate initial memory size from NUMA size totals
When implementing memory hotplug I've opted to recalculate the initial
memory size (contents of the <memory> element) as a sum of the sizes of
NUMA nodes when NUMA was enabled. This was based on an assumption that
qemu did not allow starting when the NUMA node size total didn't equal
to the initial memory size. Unfortunately the check was introduced to
qemu just lately.

This patch uses the new XML parser flag to decide whether it's safe to
update the memory size total from the NUMA cell sizes or not.

As an additional improvement we now report an error in case when the
size of hotplug memory would exceed the total memory size.

The rest of the changes assures that the function is called with correct
flags.
2015-09-22 16:09:28 +02:00
Peter Krempa
403e86067d conf: Pre-calculate initial memory size instead of always calculating it
Add 'initial_memory' member to struct virDomainMemtune so that the
memory size can be pre-calculated once instead of inferring it always
again and again.

Separating of the fields will also allow finer granularity of decisions
in later patches where it will allow to keep the old initial memory
value in cases where we are handling incomming migration from older
versions that did not always update the size from NUMA as the code did
previously.

The change also requires modification of the qemu memory alignment
function since at the point where we are modifying the size of NUMA
nodes the total size needs to be recalculated too.

The refactoring done in this patch also fixes a crash in the hyperv
driver that did not properly initialize def->numa and thus
virDomainNumaGetMemorySize(def->numa) crashed.

In summary this patch should have no functional impact at this point.
2015-09-22 16:09:28 +02:00
Peter Krempa
8059a99025 conf: Rename max_balloon to total_memory
The name of the variable was misleading. Rename it and it's setting
accessor before other fixes.
2015-09-22 16:09:28 +02:00
Peter Krempa
849b5fc4f6 conf: Split memory related post parse stuff into separate function
The post parse func is growing rather large. Since later patches will
introduce more logic in the memory post parse code, split it into a
separate handler.
2015-09-22 16:09:27 +02:00