https://bugzilla.redhat.com/show_bug.cgi?id=1557769
Problem with device mapper targets is that there can be several
other devices 'hidden' behind them. For instance, /dev/dm-1 can
consist of /dev/sda, /dev/sdb and /dev/sdc. Therefore, when
setting up devices CGroup and namespaces we have to take this
into account.
This bug was exposed after Linux kernel was fixed. Initially,
kernel used different functions for getting block device in
open() and ioctl(). While CGroup permissions were checked in the
former case, due to a bug in kernel they were not checked in the
latter case. This changed with the upstream commit of
519049afead4f7c3e6446028c41e99fde958cc04 (v4.16-rc5~11^2~4).
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
This helper fetches dependencies for given device mapper target.
At the same time, we need to provide a dummy log function because
by default libdevmapper prints out error messages to stderr which
we need to suppress.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Rather than using virDomainObjListFindByID, let's be more consistent
and return a reffed and locked object. Since we're using the Ref API,
use virDomainObjEndAPI on @dom and not just virObjectUnlock.
Signed-off-by: John Ferlan <jferlan@redhat.com>
Reviewed-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com>
Rather than using virDomainObjListFindByUUID, let's be more consistent
and return a reffed and locked object. Since we're using the Ref API,
use virDomainObjEndAPI on @dom and not just virObjectUnlock.
Signed-off-by: John Ferlan <jferlan@redhat.com>
Reviewed-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com>
For all @dom's fetched from a testDomObjFromDomain because
virDomainObjListRemove will return an unlocked domain object
we should relock it prior to the cleanup label which will use
virDomainObjEndAPI which would Unlock and Unref the passed
object (and we should avoid unlocking an unlocked object).
Signed-off-by: John Ferlan <jferlan@redhat.com>
Reviewed-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com>
The qemu command line generator code set disk caching of shareable disks
to 'none' when formatting the command line silently. Move this code to a
common place when preparing the domain definition for startup so that it
does not have to be duplicated.
The new test case shows that the actual cache mode will now be recorded
in the live XML definition.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
The old qcow2 encryption format was buggy, so the new approach is to use
luks inside qcow2. As it turns out, it didn't require that many changes.
It was necessary to fix the command line formatter to stop mangling the
format when secrets are present and specify the encryption format and
secret in correct format.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
This format is used by the storage driver and other hypervisors but qemu
does not have notion of the 'iso' format and libvirt does not translate
it to anything useful, so it would not work anyways. Users should use
'raw' instead.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
This is a storage driver type, which is not handled in qemu driver
properly. For accessing directories, disk type 'dir' is used instead.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
It will be necessary to initialize various aspects for the detected
members of the backing chain. Add a function that will handle it and
call it from qemuDomainPrepareDiskSource and qemuDomainDetermineDiskChain
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
For some reason we've decided to silently translate the disk
detect_zeroes mode if it would be invalid. Extract the
logic so that it does not need to be copypasta'd across the code base.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
In some use cases (mostly in tests) it is not required to check the
seclabel definition validity. Add possibility to call
virDomainDiskDefParse without the domain definition.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Make the function more usable by returning the full disk definition and
fix the only caller for the new semantics. The new name for the function
is virDomainDiskDefParse.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
My commit 2e0d6cdec4 claimed qemuMonitorJSONCheckError guarantees
"return" object exists in the JSON reply. But it only makes sure the key
is there, while the type of the value is not checked. A lot of callers
do not care since they only want to see whether their QMP command failed
or not, but any caller which needs to read some data from the reply
wants to make sure the correct data type was returned.
This patch adds a new API called qemuMonitorJSONCheckReply which calls
qemuMonitorJSONCheckError and checks "return" contains a value of the
specified type.
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Rather than trying to prevent stealing of the 'actions' virJSONValue
into the monitor command replace the code so that it does the same
thing, since 'actions' was actually not really used after calling the
monitor.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Sometimes it's desired to get a JSON number as string. Add a helper.
This will help in cases where we'd want to convert the internal type from
string to something else.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Use virJSONValueObjectGetArray instead of virJSONValueObjectGet so that
it's not necessary to check whether it's an array.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
It was not possible to determine whether virJSONValueObjectAddVArgs and
the functions using it would consume a virJSONValue or not when used
with the 'a' or 'A' modifier depending on when the loop failed.
Fix this by passing in a pointer to the pointer so that it can be
cleared once it's successfully consumed and the callers don't have to
second-guess leaving a chance of leaking or double freeing the value
depending on the ordering.
Fix all callers to pass a double pointer too.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Mediated devices support hot-{plug,unplug} since their introduction in
kernel 4.10, however libvirt has still been missing support for this.
Signed-off-by: Erik Skultety <eskultet@redhat.com>
Mediated devices support hot-{plug,unplug} since their introduction in
kernel 4.10, however libvirt has still been missing support for this.
Signed-off-by: Erik Skultety <eskultet@redhat.com>
qemuDomainDetachWatchdog uses the infrastructure for waiting
for the DEVICE_DELETED event, but the asynchronous delete
was not implemented.
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Scan the parsed VMX file, and gather the biggest index of the network
interfaces there: this way, it is possible to parse all the available
network interfaces, instead of just 4 maximum.
Add the VMX file attached to RHBZ#1560917 as testcase esx-in-the-wild-8.
https://bugzilla.redhat.com/show_bug.cgi?id=1560917
Signed-off-by: Pino Toscano <ptoscano@redhat.com>
Dynamically grow the array of network interfaces for each interface
read, instead of using a single array of size 4. This way, in the
future it will be easier to not limit the number of network interfaces
(which this patch still does not change).
Signed-off-by: Pino Toscano <ptoscano@redhat.com>
When parsing filesystems, network interfaces, serial ports, and
parallel ports, check earlier whether they are present/enabled, delaying
the allocation of the objects.
This is mostly a small optimization, with no behaviour change.
Signed-off-by: Pino Toscano <ptoscano@redhat.com>
https://bugzilla.redhat.com/show_bug.cgi?id=1560976
For historical reasons we've used 32 bytes long static buffer for
storing PTY aliases. This breaks users scenario where they try to
start a machine with user alias consisting of "ua-$uuid".
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
When removing a conditional in:
commit da1ade7a52
Author: Daniel P. Berrangé <berrange@redhat.com>
Date: Fri Mar 23 10:50:59 2018 +0000
remote: remove some __sun conditionals
the corresponding comment was mistakenly left behind.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Some of the indents were only 2 spaces, make consistent w/ 4 spaces.
Also some indents didn't align properly. Fix them all up.
Signed-off-by: John Ferlan <jferlan@redhat.com>
Reviewed-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com>
If someone set a user alias or pcihole64 on an implicit controller,
we need to format it to migrate the domain properly.
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reported-by: Joseph Richard <Joseph.Richard@windriver.com>
Do not crash in virDomainDeviceInfoParseXML if someone provides
an 'alias' element without a 'name' attribute.
Signed-off-by: Ján Tomko <jtomko@redhat.com>
QEMU on S390 (since v2.11) can support virtio input ccw devices.
So build the qemu command line for ccw devices.
Also add test cases for virtio-{keyboard, mouse, tablet}-ccw.
Signed-off-by: Farhan Ali <alifm@linux.vnet.ibm.com>
Signed-off-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
QEMU on S390 (since v2.11) can support virtio input ccw devices.
Introduce qemu capabilities for these devices.
Signed-off-by: Farhan Ali <alifm@linux.vnet.ibm.com>
Signed-off-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
S390 guests can only support a virtio-gpu-ccw device as a video
device. So set default video model type to VIR_DOMAIN_VIDEO_TYPE_VIRTIO
for S390 guests.
Signed-off-by: Farhan Ali <alifm@linux.vnet.ibm.com>
QEMU on S390 (since v2.11) can support the virtio-gpu-ccw device,
which can be used as a video device.
Signed-off-by: Farhan Ali <alifm@linux.vnet.ibm.com>
QEMU on S390 (since v2.11) can support virtio-gpu-ccw device.
Let's introduce a new qemu capability for the device.
Signed-off-by: Farhan Ali <alifm@linux.vnet.ibm.com>
Signed-off-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
In previous releases all these methods were a no-op if the network
driver is disabled. These helper methods are called unconditionally for
all types of network interface, so must be no-ops if missing. Other code
will already generate an error if the network driver is disabled and a
NIC with type=network is used.
Reviewed-by: Laine Stump <laine@laine.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
The libvirtd daemon has some arbitrary logic to drop privileges, but
only on Solaris platforms. This was added during Xen days, when Xen was
the only driver running in libvirtd. There's no expectation or testing
that this works with the new libxl stack, nor whether dropping
privileges breaks any of the secondary drivers. Finally, we'll be
splitting drivers out into their own independant daemons, so this won't
be applicable to libvirtd in future anyway.
The remote driver client meanwhile arbitrarily disables daemon
auto-spawn when connecting as non-root, breaking a key feature of
libvirt unprivileged connections.
Since we've not had any contributions for Solaris since circa 2012
and we don't do any CI testing we should consider this platform
unmaintained and thus reasonable to remove this cruft. If someone steps
forward to maintain Solaris again, this code would need re-evaluating to
come up with something more targetted.
There's various __sun conditionals in the Xen driver code, but those are
not touched. This is all for the legacy Xen driver, which will be
entirely removed at some point in future, so not benefit to hacking out
just the Solaris parts.
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
https://bugzilla.redhat.com/show_bug.cgi?id=1558317
Similarly to b133fac356 we need to look up alias of CCID
controller when constructing smartcard command line instead of
relying on broken assumption it will always be 'ccid0'. After
user aliases it can be anything.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
