Commit Graph

3464 Commits

Author SHA1 Message Date
Daniel P. Berrange
16daadc708 qemu: ensure TLS clients always verify the server certificate
The default_tls_x509_verify (and related) parameters in qemu.conf
control whether the QEMU TLS servers request & verify certificates
from clients. This works as a simple access control system for
servers by requiring the CA to issue certs to permitted clients.
This use of client certificates is disabled by default, since it
requires extra work to issue client certificates.

Unfortunately the code was using this configuration parameter when
setting up both TLS clients and servers in QEMU. The result was that
TLS clients for character devices and disk devices had verification
turned off, meaning they would ignore errors while validating the
server certificate.

This allows for trivial MITM attacks between client and server,
as any certificate returned by the attacker will be accepted by
the client.

This is assigned CVE-2017-1000256  / LSN-2017-0002

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
(cherry picked from commit 441d3eb6d1)
2017-10-16 13:18:43 +01:00
Jim Fehlig
d0f12e0877 tests: fix QED disk test in xlconfigtest
When LIBXL_HAVE_QED is defined, xlconfigtest fails

 9) Xen XL-2-XML Format disk-qed  ... command line: config parsing error
 in disk specification: no vdev specified in
 `target=/var/lib/libvirt/images/XenGuest2,format=qed,backendtype=qdisk,vdev=hda,access=rw'
FAILED

As per the xl-disk-configuration(5) man page, target= must come
last in the disk specification when specified by name:

When this parameter is specified by name, ie with the target=
syntax in the configuration file, it consumes the whole rest of the
DISKSPEC including trailing whitespaces.  Therefore in that case
it must come last.

Change tests/xlconfigdata/test-disk-qed.cfg to adhere to this
restriction.
2017-01-17 08:41:59 -07:00
Daniel P. Berrange
2d0c4947ab Revert "perf: Add cache_l1d perf event support"
This reverts commit ae16c95f1b.
2017-01-16 16:54:34 +00:00
Laine Stump
147ebe6ddf conf: aggregate multiple pcie-root-ports onto a single slot
Set the VIR_PCI_CONNECT_AGGREGATE_SLOT flag for pcie-root-ports so
that they will be assigned to all the functions on a slot.

Some qemu test case outputs had to be adjusted due to the
pcie-root-ports now being put on multiple functions.
2017-01-11 04:45:57 -05:00
Laine Stump
8f4008713a qemu: use virDomainPCIAddressSetAllMulti() to set multi when needed
If there are multiple devices assigned to the different functions of a
single PCI slot, they will not work properly if the device at function
0 doesn't have its "multi" attribute turned on, so it makes sense for
libvirt to turn it on during PCI address assignment. Setting multi
then assures that the new setting is stored in the config (so it will
be used next time the domain is started), preventing any potential
problems in the case that a future change in the configuration
eliminates the devices on all non-0 functions (multi will still be set
for function 0 even though it is the only function in use on the slot,
which has no useful purpose, but also doesn't cause any problems).

(NB: If we were to instead just decide on the setting for
multifunction at runtime, a later removal of the non-0 functions of a
slot would result in a silent change in the guest ABI for the
remaining device on function 0 (although it may seem like an
inconsequential guest ABI change, it *is* a guest ABI change to turn
off the multi bit).)
2017-01-11 04:42:08 -05:00
Andrea Bolognani
1d8454639f qemu: Use virtio-pci by default for mach-virt guests
virtio-pci is the way forward for aarch64 guests: it's faster
and less alien to people coming from other architectures.
Now that guest support is finally getting there (Fedora 24,
CentOS 7.3, Ubuntu 16.04 and Debian testing all support
virtio-pci out of the box), we'd like to start using it by
default instead of virtio-mmio.

Users and applications can already opt-in by explicitly using

  <address type='pci'/>

inside the relevant elements, but that's kind of cumbersome and
requires all users and management applications to adapt, which
we'd really like to avoid.

What we can do instead is use virtio-mmio only if the guest
already has at least one virtio-mmio device, and use virtio-pci
in all other situations.

That means existing virtio-mmio guests will keep using the old
addressing scheme, and new guests will automatically be created
using virtio-pci instead. Users can still override the default
in either direction.

Existing tests such as aarch64-aavmf-virtio-mmio and
aarch64-virtio-pci-default already cover all possible
scenarios, so no additions to the test suites are necessary.
2017-01-10 12:33:53 +01:00
Nitesh Konkar
ae16c95f1b perf: Add cache_l1d perf event support
This patch adds support and documentation for
a generalized hardware cache event called cache_l1d
perf event.

Signed-off-by: Nitesh Konkar <nitkon12@linux.vnet.ibm.com>
2017-01-09 18:15:31 -05:00
Maxim Nestratov
245d9ba21e tests: Add "no-kvm-pit-device" testcase
Add a test case for when the QEMU_CAPS_NO_KVM_PIT capability is set.
This capability is mutually exclusive to QEMU_CAPS_KVM_PIT_TICK_POLICY
and results in the same output regardless of whether "discard" or
"delay" was specified in the guest XML for 'tickpolicy'.

Signed-off-by: Maxim Nestratov <mnestratov@virtuozzo.com>
2017-01-06 18:27:06 -05:00
Maxim Nestratov
af78cb0486 qemu: Allow to specify pit timer tick policy=discard
Separate out the "policy=discard" into it's own specific
qemu command line.

We'll rename "kvm-pit-device" test case to be "kvm-pit-discard"
since it has the syntax we'd be using.

Signed-off-by: Maxim Nestratov <mnestratov@virtuozzo.com>
2017-01-06 18:27:06 -05:00
Maxim Nestratov
ef5c8bb412 qemu: Fix pit timer tick policy=delay
By a mistake, for the VIR_DOMAIN_TIMER_TICKPOLICY_DELAY qemu
command line creation, 'discard' was used instead of 'delay'
in commit id '1569fa14'.

Test "kvm-pit-delay" is fixed accordingly to show the correct
option being generated.

Remove the (now) redundant kvm-pit-device tests. As it turns
out there is no need to specify both QEMU_CAPS_NO_KVM_PIT and
QEMU_CAPS_KVM_PIT_TICK_POLICY since they are mutually exclusive
and "kvm-pit-device" becomes just the same as "kvm-pit-delay".

Signed-off-by: Maxim Nestratov <mnestratov@virtuozzo.com>
2017-01-06 18:27:06 -05:00
Collin L. Walling
d47db7b16d qemu: command: Support new cpu feature argument syntax
Qemu has abandoned the +/-feature syntax in favor of key=value. Some
architectures (s390) do not support +/-feature. So we update libvirt to handle
both formats.

If we detect a sufficiently new Qemu (indicated by support for qmp
query-cpu-model-expansion) we use key=value else we fall back to +/-feature.

Signed-off-by: Collin L. Walling <walling@linux.vnet.ibm.com>
Signed-off-by: Jason J. Herne <jjherne@linux.vnet.ibm.com>
2017-01-06 12:24:57 +01:00
Jason J. Herne
27e411fa83 tests: qemuxml2argv s390x cpu model
Test cases for qemu s390x cpu model argument generation.

Signed-off-by: Jason J. Herne <jjherne@linux.vnet.ibm.com>
2017-01-06 12:24:57 +01:00
Jiri Denemark
5d513d4659 qemu-caps: Get host model directly from Qemu when available
When qmp query-cpu-model-expansion is available probe Qemu for its view of the
host model. In kvm environments this can provide a more complete view of the
host model because features supported by Qemu and Kvm can be considered.

Signed-off-by: Collin L. Walling <walling@linux.vnet.ibm.com>
Signed-off-by: Jason J. Herne <jjherne@linux.vnet.ibm.com>
2017-01-06 12:24:57 +01:00
Collin L. Walling
fab9d6e1a9 qemu: qmp query-cpu-model-expansion command
query-cpu-model-expansion is used to get a list of features for a given cpu
model name or to get the model and features of the host hardware/environment
as seen by Qemu/kvm.

Signed-off-by: Collin L. Walling <walling@linux.vnet.ibm.com>
Signed-off-by: Jason J. Herne <jjherne@linux.vnet.ibm.com>
2017-01-06 12:24:57 +01:00
Collin L. Walling
9486dbb339 tests: domain capabilities: qemu 2.7 and 2.8 on s390x
Tests domain capabilities on s390x using the Qemu 2.8 capabilities data.

Signed-off-by: Collin L. Walling <walling@linux.vnet.ibm.com>
Signed-off-by: Jason J. Herne <jjherne@linux.vnet.ibm.com>
2017-01-06 12:24:57 +01:00
Collin L. Walling
dedfa94368 test-data: Qemu caps replies and xml for s390x qemu 2.7 and 2.8
Expected Qemu replies for versions 2.7 and 2.8 from the s390x
Qemu binary.

Signed-off-by: Collin L. Walling <walling@linux.vnet.ibm.com>
Signed-off-by: Jason J. Herne <jjherne@linux.vnet.ibm.com>
2017-01-06 12:24:56 +01:00
Michal Privoznik
486fd7f700 internal: Simplify STREQ_NULLABLE
Our STREQ_NULLABLE and STRNEQ_NULLABLE macros are too
complicated. This was a result of some broken version of gcc.
However, that is long gone and therefore we can simplify the
macros.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-01-05 14:40:15 +01:00
Martin Kletzander
8388b1c826 networkxml2conftest: Rename outxml to outconf
Just a name, I know, but it bothered me a lot since it does not refer
to XML.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2017-01-04 15:10:06 +01:00
Michal Privoznik
0735ddf744 bhyvexml2xmltest: Test more XMLs
Currently, bhyvexml2xmltest does only one test. We can do better.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-01-02 13:30:40 +01:00
Michal Privoznik
469976d55d bhyvexml2argvdata: Add mac address to <interface/>
In the next patch we will need a stable mac address for
<interface/>.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-01-02 13:30:39 +01:00
Michal Privoznik
5b51848c76 bhyvexml2argvdata: Fix <drive/> addresses
After c07d1c1c4f got merged it uncovered couple of broken domain
XMLs for bhyvexml2argv test. Some disk drives had incompatible
type of address configured.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-01-02 13:30:39 +01:00
Michal Privoznik
a6f05c5a81 networkxml2conftest: s/lo/lo0/ on non-Linux
After 478ddedc12 a bug is fixed where we wrongly presumed loopack
device name on non-Linux systems. It's lo0. However, the fix is
not reflected in the tests which are failing now.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-01-02 13:30:35 +01:00
Michal Privoznik
a94769ce27 tests: Run nss*test iff WITH_NSS
If the nss module is disabled we shouldn't run the tests that
include it either.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-01-02 13:25:42 +01:00
Michal Privoznik
9a3dd116a6 tests: Move test_libraries a bit higher
In the Makefile in tests/ we initialize couple of variables like
test_programs, test_libraries and test_helpers. These variables
contain all the targets that we need to build in order to run
the test suite. So we initialize test_programs and test_helpers
and then conditionally add targets to them depending on what we
are building with. Then we repeat the same process with
test_libraries. It makes no sense to have two separate if-endif
sequences.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-01-02 13:25:42 +01:00
Michal Privoznik
00c4970435 tests: Run virmacmaptest iff WITH_YAJL
Since the internal implementation relies on a json parser being
available, it make no sense to run this test if there's none
available.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-01-02 13:25:42 +01:00
Pino Toscano
c782a8d9d9 tests: enable virpolkittest on any ELF platform
This tests uses preload, which should work on any ELF-based platform
(and indeed it passes on Linux, GNU/kFreeBSD, and FreeBSD).

Also remove the WITH_DBUS conditional, as the test is already built
based on that conditional.
2016-12-22 16:32:05 +01:00
Cédric Bosdonnat
9cae9c886b xen: add QED format test
Follow up of commit 340bb6b7 to add unit tests for the QED format
support. Also add missing QED case in xenFormatXLDisk()
2016-12-21 15:06:40 +01:00
Marc Hartmayer
86fd4e305e tests: Add tests for disk configuration validation
Add tests for controller based disks to check disk address compatibility
with disk bus types.

Signed-off-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
Reviewed-by: Bjoern Walk <bwalk@linux.vnet.ibm.com>
2016-12-20 11:34:30 +01:00
Jiri Denemark
3d98acc9e3 network: Add support for local PTR domains
Similarly to localOnly DNS domain, localPtr attribute can be used to
tell the DNS server not to forward reverse lookups for unknown IPs which
belong to the virtual network.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2016-12-19 09:03:29 +01:00
Nitesh Konkar
71bbe65311 perf: add ref_cpu_cycles perf event support
This patch adds support and documentation for
the ref_cpu_cycles perf event.

Signed-off-by: Nitesh Konkar <nitkon12@linux.vnet.ibm.com>
2016-12-15 17:32:03 -05:00
Nitesh Konkar
9ae79400ff perf: add stalled_cycles_backend perf event support
This patch adds support and documentation for
the stalled_cycles_backend perf event.

Signed-off-by: Nitesh Konkar <nitkon12@linux.vnet.ibm.com>
2016-12-15 16:47:05 -05:00
Nitesh Konkar
060c159b08 perf: add stalled_cycles_frontend perf event support
This patch adds support and documentation
for the stalled_cycles_frontend perf event.

Signed-off-by: Nitesh Konkar <nitkon12@linux.vnet.ibm.com>
2016-12-15 16:47:05 -05:00
Nitesh Konkar
7d34731067 perf: add bus_cycles perf event support
This patch adds support and documentation
for the bus_cycles perf event.

Signed-off-by: Nitesh Konkar <nitkon12@linux.vnet.ibm.com>
2016-12-15 16:47:05 -05:00
Jiri Denemark
20e64d3499 schema: Let elements in /network/ip be specified in any order
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2016-12-14 16:20:23 +01:00
Jiri Denemark
8f448d619a tests: Check more network XMLs for schema compliance
This revealed bugs in RNG schema for /network/dns/srv.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2016-12-14 08:50:15 +01:00
Nitesh Konkar
8981d7925e perf: add branch_misses perf event support
This patch adds support and documentation
for the branch_misses perf event.

Signed-off-by: Nitesh Konkar <nitkon12@linux.vnet.ibm.com>
2016-12-12 18:04:52 -05:00
John Ferlan
80acf4b867 tests: Fix virmacmaptest when allocation fails
If the allocation fails in DO_TEST_FLUSH_PROLOGUE, then 'mgr == NULL',
but the code continues on - which won't be good. So modify the macro
to cause an immediate failure and jump to a cleanup label.

Found by Coverity as FORWARD_NULL event.
2016-12-08 14:58:31 -05:00
Michal Privoznik
f55afd83b1 qemu: Create hugepage path on per domain basis
If you've ever tried running a huge page backed guest under
different user than in qemu.conf, you probably failed. Problem is
even though we have corresponding APIs in the security drivers,
there's no implementation and thus we don't relabel the huge page
path. But even if we did, so far all of the domains share the
same path:

   /hugepageMount/libvirt/qemu

Our only option there would be to set 0777 mode on the qemu dir
which is totally unsafe. Therefore, we can create dir on
per-domain basis, i.e.:

   /hugepageMount/libvirt/qemu/domainName

and chown domainName dir to the user that domain is configured to
run under.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-12-08 15:45:52 +01:00
Martin Kletzander
dc18766b10 conf: Make scheduler formatting simpler
Since the great rework of how we store vcpu- and iothread-related
data, we have overly complex part of code that is trying to format the
scheduler tuning data in as less lines as possible by grouping
settings for multiple threads.  That was designed as an input syntax
sugar for users, but we don't need to also use that when formatting
the XML.  Switching to simple enumeration makes the code nicer,
shorter and more welcoming to future changes.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2016-12-08 15:27:52 +01:00
Peter Krempa
cf44dc072a qemu: capabilities: Add gluster.debug_level detection for 2.8.0+
Qemu 2.8.0+ changes arguments structure for blockdev-add in the effort
to make it finally stable. Since libvirt recently added the detection of
gluster debug support relying on the old syntax we need to add the new
as well.
2016-12-07 13:34:22 +01:00
Peter Krempa
c168c910c5 test: qemucaps: Bump 2.8.0 state to current master
Qemu decided to change a parameter name in rc-state which was not
captured by the 2.8.0 data. Bump it to current version.
2016-12-07 13:34:22 +01:00
Nitesh Konkar
8546adf80b perf: add one more perf event support
With current perf framework, this patch adds support and documentation
for the branch_instructions perf event.

Signed-off-by: Nitesh Konkar <nitkon12@linux.vnet.ibm.com>
2016-12-07 07:03:57 -05:00
Michal Privoznik
22f7ceb695 nss: Introduce libvirt-guest module
So far the NSS module looks up only hostnames as provided by
guests themselves. However, there are some cases where this is
not enough: e.g. when there's a fresh new guest being installed
(with some generic hostname) say from a live ISO image; or some
(older) systems don't advertise their hostname in DHCP
transactions at all.
In cases like that it would be helpful if we translate domain
name as seen by libvirt too so that users can:

  # virsh start $dom && ssh $dom

In order to achieve that new libvirt-guest module is introduced,
while older libvirt module maintains its current behaviour (that
is translating guest provided names into IP addresses).

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-12-06 13:34:00 +01:00
Michal Privoznik
30efb515ce nss: Use macro to generate public API names
The name of the exported functions for an NSS module is quite
fixed, it is derived from the module name:

  _nss_$module_$function

Since we will create another NSS module with very similar
implementation we might as well generate the function names at
the compile time.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-12-06 13:33:18 +01:00
Michal Privoznik
86980bc75c util: Introduce virMACMap module
This module will be used to track:

  <domain, mac address list>

pairs. It will be important to know these mappings without
libvirt connection (that is from a JSON file), because NSS
module will use those to provide better host name translation.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-12-06 13:33:18 +01:00
Michal Privoznik
b379c44c35 virstring: Introduce virStringListRemove
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-12-06 13:33:18 +01:00
Michal Privoznik
ec38d6f741 virstring: Introduce virStringListAdd
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-12-06 13:33:18 +01:00
Michal Privoznik
1ef3ac82a3 nssmock: Prefer free() over VIR_FREE()
Problem with VIR_FREE() is that we are not linking
libvirt-utils.so to our mock libs therefore there will be an
unresolved symbol. Fortunately, nsstest that eventually links
with the nssmock links also with libvirt-utils.so and thus the
symbol is resolved after all. However, if one wants to run the
test binary under valgrind it is impossible to do so. Because of
the unresolved symbol.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-12-06 13:33:18 +01:00
John Ferlan
1ff38366b8 qemu: Add the group name option to the iotune command line
Add in the block I/O throttling group parameter to the command line
if supported. If not supported, fail command creation.

Add the xml2argvtest for testing.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-12-05 18:30:38 -05:00
John Ferlan
32d99cb772 conf: Add support for blkiotune group_name option
Modify _virDomainBlockIoTuneInfo and rng schema to support the group_name
option for iotune throttling. Document the new value.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-12-05 18:30:34 -05:00