Commit Graph

27002 Commits

Author SHA1 Message Date
Ján Tomko
6801ad1624 bhyve: command: remove unused includes
These were needed for virBhyveTapGetRealDeviceName
but were not deleted after the function was moved
to src/util.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Fixes: a1bd8d2546
2020-02-23 14:33:30 +01:00
Ján Tomko
9e792e6a3c syms: fix comment for domain_driver.h
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Fixes: 8595948bc8
2020-02-23 14:32:32 +01:00
Daniel Henrique Barboza
0d8a377f79 vircgroup: add virCgroupGetCpuPeriodQuota()
Another vircgroup helper to avoid code repetition between
the LXC and QEMU driver.

Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-23 14:02:24 +01:00
Daniel Henrique Barboza
8c83c5e136 domain_cgroup.c: add virDomainCgroupSetMemoryLimitParameters()
lxcDomainSetMemoryParameters() and qemuDomainSetMemoryParameters()
has duplicated chunks of code that can be put in a new
helper.

Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-23 14:02:24 +01:00
Daniel Henrique Barboza
309a8305b7 domain_driver.c: add virDomainDriverSetupPersistentDefBlkioParams()
This new helper avoids more code repetition inside
lxcDomainSetBlkioParameters() and qemuDomainSetBlkioParameters().

Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-23 14:02:24 +01:00
Daniel Henrique Barboza
ac87d3520a domain_cgroup.c: add virDomainCgroupSetupDomainBlkioParameters()
After the introduction of virDomainDriverMergeBlkioDevice() in a
previous patch, it is now clear that lxcDomainSetBlkioParameters() and
qemuDomainSetBlkioParameters() uses the same loop to set cgroup
blkio parameter of a domain.

Avoid the repetition by adding a new helper called
virDomainCgroupSetupDomainBlkioParameters().

Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-23 14:02:24 +01:00
Daniel Henrique Barboza
2450a04119 domain_driver.c: add virDomainDriverParseBlkioDeviceStr()
lxcDomainParseBlkioDeviceStr() and qemuDomainParseBlkioDeviceStr()
are the same function. Avoid code repetition by putting the code
in a new helper.

Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-23 14:02:23 +01:00
Daniel Henrique Barboza
8595948bc8 src/hypervisor: introduce domain_driver.c
lxcDomainMergeBlkioDevice() and qemuDomainMergeBlkioDevice()
are the same functions. This duplicated code can't be put in
the existing domain_cgroup.c since it's not cgroup related.

This patch introduces a new src/hypervisor/domain_driver.c to
host this more generic code that can be shared between virt
drivers. This new file is then used to create a new helper
called virDomainDeivceMergeBlkioDevice() to eliminate the code
repetition mentioned above. Callers in LXC and QEMU files
were updated.

This change is a preliminary step for more code reduction of
cgroup related code inside lxcDomainSetBlkioParameters() and
qemuDomainSetBlkioParameters().

Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-23 14:02:23 +01:00
Daniel Henrique Barboza
e039341cf2 vircgroup.c: add virCgroupSetupCpuPeriodQuota()
qemuSetupCgroupVcpuBW() and lxcSetVcpuBWLive() shares the
same code to set CPU CFS period and quota. This code can be
moved to a new virCgroupSetupCpuPeriodQuota() helper to
avoid code repetition.

A similar code is also executed in virLXCCgroupSetupCpuTune(),
but without the rollback on error. Use the new helper in this
function as well since the 'period' rollback, if not a
straight improvement for virLXCCgroupSetupCpuTune(), is
benign. And we end up cutting more code repetition.

Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-23 14:02:23 +01:00
Daniel Henrique Barboza
d8e5b97500 vircgroup.c: add virCgroupSetupCpuShares()
The code that calls virCgroupSetCpuShares() and virCgroupGetCpuShares()
is repeated in 4 different places. Let's put it in a new
virCgroupSetupCpuShares() to avoid code repetition.

There's a reason of why we execute a Get in the same value we
just executed Set, explained in detail by commit 97814d8ab3.
Let's add a gist of the reasoning behind it as a comment in
this new function as well.

Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-23 14:02:23 +01:00
Daniel Henrique Barboza
867c554e52 vircgroup.c: add virCgroupSetupCpusetCpus()
The code from qemuSetupCgroupCpusetCpus() and virLXCCgroupSetupCpusetTune()
can be centralized in a new helper called virCgroupSetupCpusetCpus().

Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-23 14:02:23 +01:00
Daniel Henrique Barboza
ca4238ba73 domain_cgroup.c: add virDomainCgroupSetupMemtune()
virLXCCgroupSetupMemTune() and qemuSetupMemoryCgroup() shares
duplicated code that can be put in a new helper to avoid
code repetition.

Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-23 14:02:23 +01:00
Daniel Henrique Barboza
f1704e61c3 src: introduce hypervisor/domain_cgroup.c
There is duplicated code between virt drivers that needs to
be moved to avoid code repetition. In the case of duplicated
code between lxc_cgroup.c and qemu_cgroup.c a common place
would be utils/vircgroup.c. The problem is that this would
introduce /conf related definitions that shouldn't be imported
to vircgroup.c, which is supposed to be a place for utilitary
cgroups functions only. And syntax-check would forbid it anyway
due to cross-directory includes being used.

An alternative would be to overload domain_conf.c, which already
contains all the definitions required. But that file is already
crowded with XML handling code and we wouldn't do any favors to
it by putting more utilitary, non-XML parsing/formatting code
there.

In [1], Cole suggested a 'domain_cgroup' file to host common code
between lxc_cgroup and qemu_cgroup, and Daniel suggested a
'src/hypervisor' dir to host these type of files. This patch
introduces src/hypervisor/domain_cgroup.c and, to get started,
introduces a new virDomainCgroupSetupBlkio() function to host shared
code between virLXCCgroupSetupBlkioTune() and qemuSetupBlkioCgroup().

[1] https://www.redhat.com/archives/libvir-list/2019-December/msg00817.html

Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-23 14:02:23 +01:00
Daniel Henrique Barboza
adfd20f043 vircgroup.c: turn virCgroup{Get/Set}BlkioDevice* into static
Previous patch moved all duplicated code that were setting
and getting BlkioDevice parameters to vircgroup.c. We can
turn them into static and spare a few symbols in
libvirt_private.syms.

Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-23 14:02:23 +01:00
Daniel Henrique Barboza
17e8af6b45 lxc,qemu: use virCgroupSetupBlkioDevice* helpers
There are code repetition of set() and get() blkio device
parameters across lxc and qemu files. Use the new vircgroup
helpers to trim the repetition a bit.

Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-23 14:02:22 +01:00
Daniel Henrique Barboza
3118b4ee95 vircgroup.c: add virCgroupSetupBlkioDevice* helpers
The current use of the functions that set and get
BlkioDevice attributes is doing a set(), followed by
a get() of the same parameter right after. This is done
because there is no guarantee that the kernel will accept
the desired value given by the set() call, thus we need to
execute a get() right after to get the actual value.

This patch adds helpers inside vircgroup.c to execute these
operations. Next patch will use these helpers to reduce
code repetition in LXC and QEMU files.

Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-23 14:02:22 +01:00
Ján Tomko
66de1d921e fix paths to openrc.init.in files
The inc.am Makfiles are included by src/Makefile.am.
Adjust the paths added to OPENRC_INIT_FILES_IN
accordingly.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Fixes: f4b1c020a2
2020-02-23 12:21:02 +01:00
Ryan Moeller
f4b1c020a2 Add virtlockd and virtlogd init scripts
These are missing files for OpenRC.

Signed-off-by: Ryan Moeller <ryan@iXsystems.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-02-22 17:11:54 +01:00
Michal Privoznik
2ab278ec75 virDomainNetDefClear: Free @persistent name
The persistent alias name @persistent is allocated in
virDomainNetDefParseXML() but never freed.

==119642== 22 bytes in 2 blocks are definitely lost in loss record 178 of 671
==119642==    at 0x483579F: malloc (vg_replace_malloc.c:309)
==119642==    by 0x58F89F1: xmlStrndup (in /usr/lib64/libxml2.so.2.9.9)
==119642==    by 0x4BA3B74: virXMLPropString (virxml.c:520)
==119642==    by 0x4BDB0C5: virDomainNetDefParseXML (domain_conf.c:11876)
==119642==    by 0x4BF9EF4: virDomainDefParseXML (domain_conf.c:21196)
==119642==    by 0x4BFCD5B: virDomainDefParseNode (domain_conf.c:21943)
==119642==    by 0x4BFCC36: virDomainDefParse (domain_conf.c:21901)
==119642==    by 0x4BFCCCB: virDomainDefParseFile (domain_conf.c:21924)
==119642==    by 0x114A9D: testCompareXMLToArgv (qemuxml2argvtest.c:452)
==119642==    by 0x13894F: virTestRun (testutils.c:143)
==119642==    by 0x11F46E: mymain (qemuxml2argvtest.c:1316)
==119642==    by 0x13A60E: virTestMain (testutils.c:839

Fixes: fb0509d06a
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-21 11:13:20 +01:00
Michal Privoznik
d8b4f70e1e virDomainFSDefFree: Unref private data
The privateData object is allocated in virDomainFSDefNew() but
never unref'd.

==119642== 480 bytes in 20 blocks are definitely lost in loss record 656 of 671
==119642==    at 0x4837B86: calloc (vg_replace_malloc.c:762)
==119642==    by 0x57806A0: g_malloc0 (in /usr/lib64/libglib-2.0.so.0.6000.7)
==119642==    by 0x4AE7392: virAllocVar (viralloc.c:331)
==119642==    by 0x4B64395: virObjectNew (virobject.c:241)
==119642==    by 0x48F1464: qemuDomainFSPrivateNew (qemu_domain.c:1427)
==119642==    by 0x4BBF004: virDomainFSDefNew (domain_conf.c:2307)
==119642==    by 0x4BD859A: virDomainFSDefParseXML (domain_conf.c:11217)
==119642==    by 0x4BF9DD1: virDomainDefParseXML (domain_conf.c:21179)
==119642==    by 0x4BFCD5B: virDomainDefParseNode (domain_conf.c:21943)
==119642==    by 0x4BFCC36: virDomainDefParse (domain_conf.c:21901)
==119642==    by 0x4BFCCCB: virDomainDefParseFile (domain_conf.c:21924)
==119642==    by 0x114A9D: testCompareXMLToArgv (qemuxml2argvtest.c:452)

Fixes: 5120577ed7
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-21 11:13:05 +01:00
Laine Stump
ef8de28cb0 conf: extra validation for <port isolated='yes'/>
During the hypervisor-agnostic validation of network devices, verify
that the interface type is either "network" or "bridge", and that if
there is any <virtualport>, that it doesn't have any type associated
with it.

This needs to be done both for the parse-time validation and for
runtime validation (after a port has been acquired from any associated
network), because an interface with type='network' could have an
actual type at runtime of "hostdev" or "direct", neither of which
support isolated='true' (yet). Likewise, if an interface is
type='network', then at runtime a <virtualport> with a type that
doesn't support isolated='yes' (e.g. "openvswitch", "802.1Qbh" -
currently *none* of the available virtualport types support it)

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-20 23:16:44 -05:00
Laine Stump
db7f262884 qemu: support updating <port isolated='yes|no'/> during device update
This setting can be updating very easily on an already active
interface by just changing it in sysfs. If the bridge used for
connection is also changed, there is no need to separately update it,
because the new setting isf done as a part of connecting to the bridge
anyway.

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-20 23:15:56 -05:00
Laine Stump
2b8fd7334d qemu/lxc: plumb isolatedPort from config down through bridge attachment
This patch pushes the isolatedPort setting from the <interface> down
all the way to the callers of virNetDevBridgeAddPort(), and sets
BR_ISOLATED on the port (using virNetDevBridgePortSetIsolated()) after
the port has been successfully added to the bridge.

Signed-off-by: Laine Stump <laine@redhat.com>

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-20 23:13:15 -05:00
Laine Stump
de7c347d9b network: propagate <port isolated='yes'/> between network and domain
Similar to the way that the <vlan>, <bandwidth>, and <virtualport>
elements and the trustGuestRxFilters attribute in a <network> (or in
the appropriate <portgroup> element of a <network> can be applied to a
port when it is allocated for a domain's network interface, this patch
checks for a configured value of <port isolated="yes|no"/> in
either the domain <interface> or in the network, setting isolatedPort
in the <networkport> to the first one it finds (the setting from the
domain's <interface> is preferred). This, in turn, is passed back to
the domain when a port is allocated, so that the domain will use that
setting.

(One difference from <vlan>, <bandwidth>, <virtualport>, and
trustGuestRxFilters, is that all of those can be set in a <portgroup>
so that they can be applied only to a subset of interfaces connected
to the network. This didn't really make sense for the isolated setting
due to the way that it's implemented in Linux - the BR_ISOLATED flag
will prevent traffic from passing between two ports that both have
BR_ISOLATED set, but traffic can still go between those ports and
other ports that *don't* have BR_ISOLATED. (It would be nice if all
traffic from a BR_ISOLATED port could be blocked except traffic going
to/from a designated egress port or ports, but instead the entire
feature is implemented as a single flag. Because of this, it's really
only useful if all the ports on a network are isolated, so setting it
for a subset has no practical utility.)

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-20 23:11:29 -05:00
Laine Stump
31d95b182e conf: parse/format <port isolated='yes|no'/>
This is a very simple thing to parse and format, but needs to be done
in 4 places, so two trivial utility functions have been made that can
be called from all the higher level parser/formatters:

  <domain><interface>
  <domain><interface><actual> (only in domain status)
  <network>
  <networkport>

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-20 23:09:27 -05:00
Laine Stump
a378d8fa55 util: query/set BR_ISOLATED flag on netdevs attached to bridge
When this flag is set for an interface attached to a bridge, traffic
to/from the specified interface can only enter/exit the bridge via
another attached interface that *doesn't* have the BR_ISOLATED flag
set. This can be used to permit guests to communicate with the rest of
the network, but not with each other.

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-20 23:07:53 -05:00
Laine Stump
3f8b57a61f qemu: save/restore original error when recovering from failed bridge attach
Not only was the original error code destroyed in the case of
encountering an error during recovery from a failed attach to the
bridge (and then *that* error was destroyed by logging a *second*
error about the failure to recover - virNetDevBridgeAddPort() already
logs an error, so the one about failing to recover was redundant), but
if the recovery was successful, the function would then return success
to the caller even though it had failed.

Fixes: 2711ac8716
(overwritten errors were introduced along with this functionality)
Fixes: 6bde0a1a37
(the wrong return value was introduced by a refactor)

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-20 23:05:24 -05:00
Michal Privoznik
739bb1f26f qemu_migration: Rearrange some checks in qemuMigrationSrcIsAllowed()
Firstly, the check for disk I/O error can be moved into 'if
(!offline)' section a few lines below.
Secondly, checks for vmstate and slirp should be moved under the
same section because they reflect live state of a domain. For
offline migration no QEMU is involved and thus these restrictions
are not valid.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-20 12:57:24 +01:00
Michal Privoznik
74ec3f4d7d qemu: Don't explicitly remove pidfile after virPidFileForceCleanupPath()
In two places where virPidFileForceCleanupPath() is called, we
try to unlink() the pidfile again. This is needless because
virPidFileForceCleanupPath() has done just that.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-20 12:57:19 +01:00
Michal Privoznik
ac21e39faa virpidfile: Set correct retval in virPidFileReadPath()
The virPidFileReadPath() function is supposed to return 0 on
success or a negative value on failure. But the negative value
has a special meaning - it's negated errno. Therefore, when
converting string to int we shouldn't return -1 which translates
to EPERM. Returning EINVAL looks closer to the truth.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-20 12:57:06 +01:00
Peter Krempa
a570dc6767 virStorageFileGetMetadataRecurse: Remove 'cleanup' label
There's nothing to clean up. Make it obvious what is returned.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2020-02-20 07:57:09 +01:00
Peter Krempa
01adad0932 virStorageFileGetMetadataRecurse: Extract storage access
Extract the code that directly deals with storage. This allows further
simplification and clarification of virStorageFileGetMetadataRecurse.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2020-02-20 07:57:09 +01:00
Peter Krempa
e3960f4b6d virStorageFileGetMetadataRecurse: Use virHashHasEntry instead of fake pointers
Replacing virHashLookup by virHashHasEntry allows us to use NULL as the
payload of the hash table rather than putting a fake '1' pointer into
the table.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2020-02-20 07:57:09 +01:00
Peter Krempa
157b8722cb virStorageFileGetMetadataRecurse: Expect NULL src->path
The path can be NULL e.g. for NBD disks. Use NULLSTR to prevent use of
NULL in %s.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2020-02-20 07:57:08 +01:00
Peter Krempa
b347e5c7dd virStorageFileGetMetadataRecurse: Shuffle around assignment of backing chain depth
Move the assignment to a place where we know that the backing store is
present rather than having to check in the cleanup section.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2020-02-20 07:57:08 +01:00
Peter Krempa
84df98f29e virStorageFileGetMetadataRecurse: Remove impossible error report
We call virStorageFileSupportsBackingChainTraversal which already checks
that the 'storageFileRead' callback is non-NULL, which in turn means
that virStorageFileRead will not return -2.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2020-02-20 07:57:08 +01:00
Peter Krempa
181fccc2ed util: storagefile: Drop image format probing by file suffix
Probing by file suffix was meant to be a last resort if probing by
contents fails or is not supported. For most formats we never specified
any suffix. There's a few formats implementing both magic bytes and
suffix and finally DMG which had only suffix probing. Since suffix
probing is nowhere reliable and only one format depends on in which has a
comment that qemu doesn't do the probing either drop the whole
infrastructure.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2020-02-20 07:57:08 +01:00
Jiri Denemark
0905f222f1 cpu_conf: Format vendor_id for host-model CPUs
In commit v5.9.0-400-gaf8e39921a I removed printing model's fallback and
vendor_id attributes when no model is specified. However, vendor_id
makes sense even without a specific CPU model (for host-model CPUs).

https://bugzilla.redhat.com/show_bug.cgi?id=1804549

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-19 15:11:40 +01:00
Peter Krempa
9bf9e0ae6a qemuDomainGetStatsIOThread: Don't leak array with 0 iothreads
qemuMonitorGetIOThreads returns a NULL-terminated list even when 0
iothreads are present. The caller didn't perform cleanup if there were 0
iothreads leaking the array.

https://bugzilla.redhat.com/show_bug.cgi?id=1804548

Fixes: d1eac92784
Reported-by: Jing Yan <jiyan@redhat.com>
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-19 10:24:31 +01:00
Pavel Mores
e32934062d qemu: call networkPlugBandwidth() for all types of network
To fix the actual bug, it was necessary to make networkPlugBandwidth() be
called also for 'bridge'-type networks implemented using macvtap's 'bridge'
mode (previously it was only called for those implemented on top of an
existing bridge).

However, it seems beneficial to call it for other network types as well, at
least because it removes an inconsistency in types of bandwidth configuration
changes permissible in inactive and active domain configs.  It should also be
safe as the function pretty much amounts to NOP if no QoS is requested and the
new behaviour should not be any worse than before if it is.

Signed-off-by: Pavel Mores <pmores@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-02-17 17:26:38 +01:00
Pavel Mores
aa985af212 qemu: check if 'floor' is supported for given interface and network
Even if an interface of type 'network', setting 'floor' is only supported
if the network's forward type is nat, route, open or none.

Signed-off-by: Pavel Mores <pmores@redhat.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2020-02-17 17:26:31 +01:00
Pavel Mores
92a71456ac qemu: fail on attempt to set 'floor' if interface type is not 'network'
QoS 'floor' setting is documented to be only supported for interfaces of
type 'network'.  Fail with an error message on attempt to set 'floor' on
an interface of any other type.

Signed-off-by: Pavel Mores <pmores@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-02-17 17:25:59 +01:00
Pavel Mores
17f430eb5c qemu: test if bandwidth has 'floor' factored out to separate function
This compound condition will be useful in several places so it
makes sense to give it a name for better readability.

Signed-off-by: Pavel Mores <pmores@redhat.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-02-17 17:25:52 +01:00
Peter Krempa
e8a819e87f virStorageSourceParseBackingJSONRaw: Parse 'offset' and 'size' attributes
If the parsed 'raw' format JSON string has 'offset' or 'size' attributes
parse them as the format slice.

https://bugzilla.redhat.com/show_bug.cgi?id=1791788

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-14 16:32:21 +01:00
Peter Krempa
0e644e6e47 qemu: Add support for slices of type 'storage'
Implement support for the slice of type 'storage' which allows to set
the offset and size which modifies where qemu should look for the start
of the format container inside the image.

Since slicing is done using the 'raw' driver we need to add another
layer into the blockdev tree if there's any non-raw image format driver
used to access the data.

This patch adds the blockdev integration and setup of the image data so
that we can use the slices for any backing image.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-14 16:32:21 +01:00
Peter Krempa
73ca201467 qemu: block: Properly format storage slice into backing store strings
When creating overlay images e.g. for snapshots or when merging
snapshots we often specify the backing store string to use. Make the
formatter aware of backing chain entries which have a <slice>
configured so that we record it properly. Otherwise such images
would not work without the XML (when detecting the backing chain).

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-14 16:32:21 +01:00
Peter Krempa
f36d751fa6 qemu: domain: Store nodenames of slice in status XML
The storage slice will require a specific node name in cases when the
image format is not raw. Store and format them in the status XML.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-14 16:32:21 +01:00
Peter Krempa
bbf5d05cfd conf: Implement support for <slices> of disk source
Implement parsing and formatting of the 'storage' slice.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-14 16:32:21 +01:00
Peter Krempa
8c43037688 qemu: block: forbid creation of storage sources with <slice>
Specifically creating such images via libvirt during blockjobs would
be much more hassle than it's worth. Just forbid them for now.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-14 16:32:21 +01:00
Peter Krempa
a6eeda986e qemuDomainValidateStorageSource: Reject unsupported slices
We support explicit storage slices only when using blockdev. Storage
slices expressed via the backing store string are left to qemu to
open correctly.

Reject storage slices configured via the XML for non-blockdev usage.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-14 16:32:21 +01:00
Peter Krempa
c481881283 qemuBlockStorageSourceGetFormatRawProps: format 'offset' and 'size' for slice
If we have a 'format' type slice for a raw driver we can directly format
the values.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-14 16:32:21 +01:00
Peter Krempa
6efa046165 util: virstoragefile: Add data structure for storing storage source slices
Introduce virStorageSourceSlice which will store the 'offset' and 'size'
of a virStorageSource and declare it as 'sliceStorage' and 'sliceFormat'
attributes of a virStorageSource.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-14 16:32:21 +01:00
Peter Krempa
9fb7ccb3cf qemu: domain: Refactor formatting of node names into status XML
Use virXMLFormatElement to simplify the logic.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-14 16:32:21 +01:00
Michal Privoznik
b18328256b qemu_domain: Modify access to a NVMe disk iff needed
If a domain has a NVMe disk it already has the access configured.
Trying to configure it again on a commit or some other operation
is wrong and condemned to failure.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-14 16:08:23 +01:00
Andrea Bolognani
7c4bc108a9 qemu: Format the armvtimer timer on the command line
Its behavior is controlled by a KVM-specific CPU feature.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Masayoshi Mizuma <m.mizuma@jp.fujitsu.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-14 12:09:15 +01:00
Andrea Bolognani
aeddab230c qemu: Validate configuration for the armvtimer timer
Its use is limited to certain guest types, and it only supports
a subset of all possible tick policies.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Masayoshi Mizuma <m.mizuma@jp.fujitsu.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-14 12:09:11 +01:00
Andrea Bolognani
3809e88a87 conf: Introduce VIR_DOMAIN_TIMER_NAME_ARMVTIMER
This new timer model will be used to control the behavior of the
virtual timer for KVM ARM/virt guests.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Masayoshi Mizuma <m.mizuma@jp.fujitsu.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-14 12:09:07 +01:00
Andrea Bolognani
204e2306e5 qemu: Add the QEMU_CAPS_CPU_KVM_NO_ADJVTIME capability
We will use this capability to detect whether the QEMU binary
supports the kvm-no-adjvtime CPU feature.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Masayoshi Mizuma <m.mizuma@jp.fujitsu.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-14 12:09:02 +01:00
Andrea Bolognani
f8e923c1ba qemu: Use switch statement in qemuBuildCpuCommandLine()
Make sure we are taking all possible virDomainTimerNameType values
into account. This will make upcoming changes easier.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Masayoshi Mizuma <m.mizuma@jp.fujitsu.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-14 12:08:57 +01:00
Daniel P. Berrangé
9b82e2c4b0 qemu: drop support for monitor connections on PTYs
Libvirt switched to using a UNIX socket for monitors in
2009 for version 0.7.0. It seems unlikely that there is
a running QEMU process that hasn't been restarted for
11 years while also taking a libvirt upgrade. Therefore
we can drop support for opening a PTY for the QEMU
monitor.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-02-13 12:52:07 +00:00
Your Name
59afd9764d src: use closefrom() for mass closing of FDs
On FreeBSD 12 the default ulimit settings allow for 100,000
open file descriptors. As a result spawning processes in
libvirt is abominably slow. Fortunately FreeBSD has long
since provided a good solution in the form of closefrom(),
which closes all FDs equal to or larger than the specified
parameter.

Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-02-12 11:12:03 +00:00
Arnaud Patard
800aed4644
virt-aa-helper: Add support for smartcard host-certificates
When emulating smartcard with host certificates, qemu needs to
be able to read the certificates files. Add necessary code to
add the smartcard certificates file path to the apparmor profile.

Passthrough support has been tested with spicevmc and remote-viewer.

v2:
- Fix CodingStyle
- Add support for 'host' case.
- Add a comment to mention that the passthrough case doesn't need
  some configuration
- Use one rule with '{,*}' instead of two rules.

Signed-off-by: Arnaud Patard <apatard@hupstream.com>
Reviewed-by: Cole Robinson <crobinso@redhat.com>
Acked-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
2020-02-12 10:35:04 +01:00
Peter Krempa
fd70f1b4d3 virStorageSourceParseBackingJSON: Prevent arbitrary nesting with format drivers
Since we parse attributes for 'raw' which is a format driver and thus
has nested 'file' structure we must prevent that this isn't nested
arbitrarily.

Add a flag for the function which allows parsing of 'format' type
drivers only on the first pass.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-10 17:26:27 +01:00
Peter Krempa
f8e097570e virStorageSourceParseBackingJSON: Allow 'json:' pseudo URIs without 'file' wrapper
There are two possibilities:
1) json:{"file":{"driver":...}}
2) json:{"driver":...}

Our code didn't work properly with the second one as it was expecting
the 'file' wrapper. Conditionalize the removal to only the situation
when the top level doesn't have "driver".

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-10 17:26:27 +01:00
Peter Krempa
7e13ff8dc0 virStorageSourceJSONDriverParser: annotate 'format' drivers
The parser was originally designed only for protocol parsers. Since
we already have 'raw' format driver in the list we'll need to be able
to parse it too. In later patches this will be used to prevent parsing
nested format drivers.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-10 17:26:27 +01:00
Peter Krempa
aadb34be34 virStorageSourceParseBackingJSON: Move deflattening of json: URIs out of recursion
Originally virStorageSourceParseBackingJSON didn't recurse, but when
the 'raw' driver support was added we need to parse it's information
which contains nested 'file' object.

Since the deflattening helper recurses already there's no need to call
it again. Move it one level up to the entry point.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-10 17:26:27 +01:00
Peter Krempa
4a6bc568cd virStorageSourceParseBackingJSON: Pass around original backing file string
There are a few error messages which might want to report the original
backing store string. Pass it around rather than trying to re-generate
it.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-10 17:26:27 +01:00
Peter Krempa
b71cf8726c qemu: hotplug: Fix handling of the 'copy-on-read' layer with blockdev
My original implementation was completely broken because it attempted to
use object-add/del instead of blockdev-add/del.

https://bugzilla.redhat.com/show_bug.cgi?id=1798366

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2020-02-10 17:26:27 +01:00
Peter Krempa
db57e9daf5 qemuMonitorBlockdevAdd: Take double pointer argument
Modify qemuMonitorBlockdevAdd so that it takes a double pointer for the
@props argument so that it's cleared inside the call. This allows
writing cleaner callers.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2020-02-10 17:26:27 +01:00
Peter Krempa
a592d589aa qemuMonitorJSONBlockdevDel: Refactor cleanup
Use automatic variable freeing and get rid of the cleanup section.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2020-02-10 17:26:27 +01:00
Peter Krempa
643294110c qemuMonitorJSONBlockdevAdd: Refactor cleanup
Use automatic variable freeing and get rid of the cleanup section.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2020-02-10 17:26:27 +01:00
Peter Krempa
37f01262ee virDomainDiskTranslateSourcePool: Translate 'volume' disks in whole backing chain
Now that we accept full backing chains on input nothing should prevent
users from also using disk type 'VOLUME' for specifying the backing
images.

Do the translation for the whole backing chain.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-10 17:26:27 +01:00
Peter Krempa
63469116cc virDomainDiskTranslateSourcePool: split code to setup one storage source
Extract all the code setting up one storage source from the rest which
sets up the whole disk. This will allow us to prepare the whole backing
chain.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-10 17:26:27 +01:00
Peter Krempa
bc42d88ffd virDomainDiskTranslateISCSIDirect: Take virStorageSourcePtr instead of virDomainDiskDefPtr
Only 'def->src' was ever used in this function. Use the source directly.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-10 17:26:26 +01:00
Peter Krempa
4fca8299c5 virDomainDiskTranslateSourcePoolAuth: Take virStorageSourcePtr instead of virDomainDiskDefPtr
Only 'def->src' was ever used in this function. Use the source directly.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-10 17:26:26 +01:00
Peter Krempa
47cad72553 virDomainDiskAddISCSIPoolSourceHost: Take virStorageSourcePtr instead of virDomainDiskDefPtr
Only 'def->src' was ever used in this function. Use the source directly.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-10 17:26:26 +01:00
Peter Krempa
e20c5b1703 virDomainDiskAddISCSIPoolSourceHost: Remove ternary operator
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-10 17:26:26 +01:00
Peter Krempa
4d5093ef75 virDomainDiskAddISCSIPoolSourceHost: Remove 'cleanup' label
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-10 17:26:26 +01:00
Peter Krempa
5eda34f2e1 virDomainDiskAddISCSIPoolSourceHost: use g_new0 instead of VIR_ALLOC_N
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-10 17:26:26 +01:00
Peter Krempa
c5b1c14379 virDomainDiskAddISCSIPoolSourceHost: Sanitize handling of string list
Use virStringSplitCount instead of virStringSplit so that we can drop
the call to virStringListLength and use VIR_AUTOSTRINGLIST to declare
it and allow removal of the cleanup section.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-10 17:26:26 +01:00
Peter Krempa
4e3e69fed4 qemuBlockStorageSourceGetBackendProps: Report errors on all switch cases
Few switch cases returned failure but didn't report an error. For a
situation when the backingStore type='volume' was not translated the
following error would occur:

 $ virsh start VM
 error: Failed to start domain VM
 error: An error occurred, but the cause is unknown

After this patch:

 $ virsh start VM
 error: Failed to start domain VM
 error: internal error: storage source pool 'tmp' volume 'pull3.qcow2' is not translated

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-10 17:26:26 +01:00
Ján Tomko
457b0e7488 qemu: preserve error on bandwidth rollback
We call APIs that reset the error in the rollback code.
Preserve the error from the original call that failed.

This turns the boringly cryptic:
  error: Unable to set interface parameters
  error: An error occurred, but the cause is unknown
to the unexpectedly anarchist:
  error: internal error: Child process (/usr/sbin/tc filter add
  dev vnet1 parent ffff: protocol all u32 match u32 0 0 police
  rate 4294968kbps burst 4294968kb mtu 64kb drop flowid :1)
  unexpected exit status 1: Illegal "rate"
  Illegal "police"

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Fixes: f02e21cb33
https://bugzilla.redhat.com/show_bug.cgi?id=1800505
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2020-02-10 16:41:52 +01:00
Ján Tomko
bd622e2a21 qemu: do not revert to NULL bandwidth
Otherwise an attempt to set an invalid value:
  virsh domiftune rhel8.2 vnet0 --outbound 4294968
on an interface with no bandwidth set crashes.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Fixes: f02e21cb33
https://bugzilla.redhat.com/show_bug.cgi?id=1800505
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2020-02-10 16:41:51 +01:00
Daniel P. Berrangé
2621d48f00 gnulib: delete all gnulib integration
This deletes all trace of gnulib from libvirt. We still
have the keycodemapdb submodule to deal with. The simple
solution taken was to update it when running autogen.sh.

Previously gnulib could auto-trigger refresh when running
'make' too. We could figure out a solution for this, but
with the pending meson rewrite it isn't worth worrying
about, given how infrequently keycodemapdb changes.

Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-02-07 15:03:54 +00:00
Daniel P. Berrangé
55fe8110af util: delete the poll() based event loop impl
It is no longer require since switching to the GLib based
event loop impl.

Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-02-07 15:03:54 +00:00
Daniel P. Berrangé
946a25274c util: switch to use the GLib event loop impl
This sets the GLib event loop as the impl when calling
virEventRegisterDefaultImpl(). This remains a private
impl detail of libvirt, so applications must *NOT*
assume that a call to virEventRegisterDefaultImpl()
results in a GLib based event loop.

They should continue to use the libvirt-glib API
gvir_event_register() if they explicitly want to guarantee
a GLib event loop.

This follows the general principal that the libvirt public
API should not expose the fact that GLib is being used
internally.

Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-02-07 15:03:53 +00:00
Daniel P. Berrangé
f8ab47cb44 util: import an event loop impl based on GMainContext
The libvirt-glib project has provided a GMainContext based
event loop impl for applications. This imports it and sets
it up for use by libvirt as the primary event loop. This
remains a private impl detail of libvirt.

IOW, applications must *NOT* assume that a call to
"virEventRegisterDefaultImpl" results in a GLib based
event loop. They should continue to use the libvirt-glib
API gvir_event_register() if they explicitly want to
guarantee a GLib event loop.

This follows the general principle that the libvirt public
API should not expose the fact that GLib is being used
internally.

Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-02-07 15:03:53 +00:00
Daniel P. Berrangé
7d4350bcac rpc: convert RPC client to use GMainLoop instead of poll
To eliminate the dependancy on GNULIB's poll impl, we need
to change the RPC client code to use GMainLoop. We don't
really want to use GIOChannel, but it provides the most
convenient way to do socket event watches with Windows
portability. The other alternative would be to use GSocket
but that is a much more complex change affecting libvirt
more broadly.

Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-02-07 15:03:53 +00:00
Daniel P. Berrangé
5de317b8e7 src: introduce helper API for creating GSource for socket
We need to be able to create event loop watches using the
GSource API for sockets. GIOChannel is able todo this, but
we don't want to use the GIOChannel APIs for reading/writing,
and testing shows just using its GSource APIs is unreliable
on Windows.

This patch thus creates a standalone helper API for creating
a GSource for a socket file descriptor. This impl is derived
from code in QEMU's io/channel-watch.c file that was written
by myself & Paolo Bonzini & thus under Red Hat copyright.

Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-02-07 15:03:53 +00:00
zhenwei pi
26badd13e8 qemu: support Panic Crashloaded event handling
Pvpanic device supports bit 1 as crashloaded event, it means that
guest actually panicked and run kexec to handle error by guest side.

Handle crashloaded as a lifecyle event in libvirt.

Test case:
Guest side:
before testing, we need make sure kdump is enabled,
1, build new pvpanic driver (with commit from upstream
   e0b9a42735f2672ca2764cfbea6e55a81098d5ba
   191941692a3d1b6a9614502b279be062926b70f5)
2, insmod new kmod
3, enable crash_kexec_post_notifiers,
  # echo 1 > /sys/module/kernel/parameters/crash_kexec_post_notifiers
4, trigger kernel panic
  # echo 1 > /proc/sys/kernel/sysrq
  # echo c > /proc/sysrq-trigger

Host side:
1, build new qemu with pvpanic patches (with commit from upstream
   600d7b47e8f5085919fd1d1157f25950ea8dbc11
   7dc58deea79a343ac3adc5cadb97215086054c86)
2, build libvirt with this patch
3, handle lifecycle event and trigger guest side panic
  # virsh event stretch --event lifecycle
  event 'lifecycle' for domain stretch: Crashed Crashloaded
  events received: 1

Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: zhenwei pi <pizhenwei@bytedance.com>
2020-02-07 14:05:25 +00:00
Jiri Denemark
c6ff3d1535 qemu_capabilities: Disable CPU models on old s390 machine types
Starting a KVM domain on s390 with old machine type (such as
s390-ccw-virtio-2.5) and without any guest CPU model configured fails
with

    CPU models are not available: KVM doesn't support CPU models

QEMU error. This is cause by libvirt using host-model CPU as the default
CPU based on QEMU reporting "host" CPU model as being the default one
(see commit v5.9.0-402-g24d8202294: qemu: Use host-model CPU on s390 by
default). However, even though both QEMU and KVM support CPU models on
s390 and QEMU can give us the host-model CPU, we can't use it with old
machine types which only support -cpu host.

https://bugzilla.redhat.com/show_bug.cgi?id=1795651

Reported-by: Christian Ehrhardt <paelzer@gmail.com>
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-07 09:19:02 +01:00
Jiri Denemark
80791859ac qemu: Pass machine type to virQEMUCapsIsCPUModeSupported
The usability of a specific CPU mode may depend on machine type, let's
prepare for this by passing it to virQEMUCapsIsCPUModeSupported.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-07 09:19:02 +01:00
Julio Faracco
23be4887af lxc: Fix wrong addresses statements for IPv{4, 6} in native network definitions
After LXC version 3, some settings were changed to new names. Same as
network. LXC introduced network indexes and changed IPv{4,6} addresses
fields. Before, users should only pass `lxc.network.ipv4` to define an
IPv4 address. Now, on version 3, users need to pass
`lxc.net.X.ipv4.address` to specify the same thing. Same for IPv6.

Signed-off-by: Julio Faracco <jcfaracco@gmail.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-02-06 15:00:57 +01:00
Julio Faracco
991c56105d lxc: Fix segfault when lxc.network does not start with 'type'
To configure network settings using config file, legacy LXC settings
require starting them with 'lxc.network.type' entry. If someone
accidentally starts with 'lxc.network.name', libvirt will crash with
segfault. This patch checks if this case is happening.

Sample invalid settings:
lxc.network.link = eth0
lxc.network.type = phys
lxc.network.name = eth1
lxc.network.ipv4 = 192.168.122.2/24
lxc.network.ipv4.gateway = 192.168.122.1

Now, libvirt only see error without segmentation fault.

Signed-off-by: Julio Faracco <jcfaracco@gmail.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-02-06 14:57:17 +01:00
Stefan Berger
12fcdede80 qemu: Extend QEMU with tpm-spapr support
Extend QEMU with tpm-spapr support. Assign a device address to the
vTPM device model.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2020-02-05 19:57:10 +01:00
Stefan Berger
20d9340268 qemu: Extend QEMU capabilities with 'tpm-spapr'
Extend the QEMU capabilties with tpm-spapr support.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2020-02-05 19:57:10 +01:00
Stefan Berger
914cb83218 conf: Add support for tpm-spapr to domain XML
This patch adds support for the tpm-spapr device model for ppc64. The XML for
this type of TPM looks as follows:

 <tpm model='tpm-spapr'>
   <backend type='emulator'/>
 </tpm>

Extend the documentation.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2020-02-05 19:57:10 +01:00
Stefan Berger
21b6f41d95 conf: Introduce VIR_DOMAIN_TPM_MODEL_DEFAULT as default model
Introduce VIR_DOMAIN_TPM_MODEL_DEFAULT as a default model which we use
in case the user does not provide a model in the device XML. It has
the TIS's previous value of '0'. In the post parsing function
we change this default value to 'TIS' to have the same model as before.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2020-02-05 19:57:10 +01:00
Ján Tomko
945648d36a rpc: gendispatch: trim Flags from the return struct name
This lets it generate the remote dispatch for StorageVolGetInfoFlags.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2020-02-05 17:12:59 +01:00
Ján Tomko
4166856c23 conf: use correct free function for virDomainVsockDef
Technically, there is no memleak here, since the only
allocations are filled by virDomainDeviceInfoParseXML,
which cleans up after itself.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-02-05 10:52:23 +01:00
Ján Tomko
3f40a487a9 conf: use correct free function for virDomainDeviceDef
Simple g_autofree is not enough if we put allocated
data into the device structure.

Define the AUTOPTR_CLEANUP function and use it here.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reported-by: Xu Yandong <xuyandong2@huawei.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2020-02-05 09:56:57 +01:00
Daniel P. Berrangé
4ab2120f3b src: remove virFilePrintf in favour of g_fprintf
The virFilePrintf function was a wrapper for fprintf() to provide
Windows portability, since gnulib's fprintf() replacement was
license restricted. This is no longer needed now we have the
g_fprintf function available.

Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-02-04 14:00:45 +00:00
Daniel P. Berrangé
11a79283b8 src: ensure use of g_printf / g_fprintf functions
The printf/fprintf function impls provided on Windows do
not follow the normal syntax for format specifiers as
the UNIX hosts. Currently we use GNULIB to provide a
portability fix for this. GLib has also imported the
GNULIB impl for this same reason, and thus we can rely
on the g_printf / g_fprintf functions.

This identified a couple of places not explicitly
linking to glib.

Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-02-04 14:00:45 +00:00
Daniel P. Berrangé
b9103e62e4 src: optionally include xlocale.h header
On macOS some definitions are in xlocale.h, instead of in
locale.h. GNULIB hides this difference by making the latter
include the former.

Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-02-04 14:00:45 +00:00
Daniel P. Berrangé
262551f774 src: add define of ENOMSG for MinGW
MinGW lacks ENOMSG until version 6.0.0 (Fedora 31).

Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-02-04 14:00:45 +00:00
Daniel P. Berrangé
03c532cf97 src: assume sys/sysmacros.h always exists on Linux
All our supported Linux distros now have this header.
It has never existed on FreeBSD / macOS / Mingw.

Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-02-04 14:00:45 +00:00
Daniel P. Berrangé
f691ec63b4 m4: add check for pthread library
When we get rid of GNULIB, we need to check for -lpthread
support.

Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-02-04 14:00:45 +00:00
Daniel P. Berrangé
cc46e137eb src: convert code to use virPipe APIs
This addreses portability to Windows and standardizes
error reporting. This fixes a number of places which
failed to set O_CLOEXEC or failed to report errors.

Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-02-04 14:00:44 +00:00
Daniel P. Berrangé
ab36f72947 src: introduce a wrapper for the pipe2() system call
This hides the differences between Windows and UNIX,
and adds standard error reporting.

Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-02-04 14:00:44 +00:00
Daniel P. Berrangé
bfeb56b3ad src: remove sys/wait.h from many files
Most code now uses the virProcess / virCommand APIs, so
the need for sys/wait.h is quite limited. Removing this
include removes the dependency on GNULIB providing a
dummy sys/wait.h for Windows.

Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-02-04 14:00:44 +00:00
Daniel P. Berrangé
aa52947fc6 util: conditionalize FD stream to exclude WIN32
Almost none of the virFDStream code will actually work
on WIN32 builds, nor is it used except for in the
virtualbox driver for screenshots. It is simpler to
wrap it all in a '#ifndef WIN32'.

Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-02-04 14:00:44 +00:00
Daniel P. Berrangé
7aef7cdbb5 src: conditionalize / remove use of poll.h
Remove imports of poll.h which are redundant, and
conditionalize remaining usage that needs to compile
on Windows platforms.

Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-02-04 14:00:44 +00:00
Peter Krempa
54030892f5 qemuDomainBlockPivot: Copy bitmaps backing checkpoints for virDomainBlockCopy
Use qemuBlockBitmapsHandleBlockcopy to calculate bitmaps to copy over
for a block-copy job.

We copy them when pivoting to the new image as at that point we are
certain that we don't dirty any bitmap unnecessarily.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-04 13:45:34 +01:00
Peter Krempa
26f07f6870 qemu: block: Introduce function to calculate bitmap handling for block-copy
Add a function calculating which bitmaps to copy to the mirror during
a block-copy operation.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-04 13:45:33 +01:00
Peter Krempa
41c7e5c2a6 qemu: block: Add validator for bitmap chains accross backing chains
Add a validator which checks that a bitmap spanning multiple backing
chain members doesn't look broken. The current rules are that no
intermediate birmaps are missing (unfortunately it's hard to know
whether the topmost or bottommost bitmap is missing) and none of the
components is inconsistent.

We can obviously improve it over time.

The validator is also tested against the existing bitmap data we have
for the backup merging test as well as some of the existing broken
bitmap synthetic test cases.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-04 13:45:33 +01:00
Peter Krempa
ccd4228aff qemu: blockjob: Store 'flags' for all the block job types
The flags may control important aspects of the block job which may
influence also the termination of the job. Store the 'flags' for all
the block job types.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-04 13:45:33 +01:00
Peter Krempa
9ba804a1d1 qemu: blockjob: Store 'jobflags' with block job data
Add a variable which will store the contents of the 'flags' variable as
passed in by the individual block jobs. Since the flags may influence
behaviour of the jobs it's important to preserve them to the
finalization steps.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-04 13:45:33 +01:00
Peter Krempa
509ddcfde2 virHashAddOrUpdateEntry: Simplify allocation of new entry
Use g_new0 and skip checking of the return value of keyCopy callback
as both are bound to return a valid pointer.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-04 13:45:33 +01:00
Peter Krempa
6cf3ec4428 virhash: Fix the expectations of virHashKeyEqual implementations
Tweak the return value expectation comment so that it doesn't
necessarily require to allocate memory and refactor the implementations.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-04 13:45:33 +01:00
Peter Krempa
d69470a18a virJSONValueNewArray: Use g_new0 to allocate and remove NULL checks from callers
Use the glib allocation function that never returns NULL and remove the
now dead-code checks from all callers.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-04 13:45:33 +01:00
Peter Krempa
3b60a0c027 util: json: Introduce virJSONValueArrayConcat
Add a helper that concatenates the second array into the first.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-04 13:45:32 +01:00
Peter Krempa
5ddfac1169 qemu: block: Extract calls of qemuBlockGetNamedNodeData into a helper function
Create a wrapper for qemuBlockGetNamedNodeData named
qemuBlockGetNamedNodeData. The purpose of the wrapper is to integrate
the monitor handling functionality and in the future possible
qemuCaps-based flags.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-04 13:45:32 +01:00
Peter Krempa
8e94e29010 qemu: checkpoint: Track and relabel images for bitmap merging
Allow qemu access to modify backing files in case when we want to delete
a checkpoint.

This patch adds tracking of which images need to be relabelled when
calculating the transaction, the code to relabel them and rollback.

To verify that stuff works we also output the list of images to relabel
into the test case output files in qemublocktest.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-04 13:45:32 +01:00
Peter Krempa
30bc426071 qemu: checkpoint: Introduce support for deleting checkpoints accross snapshots
Allow deleting of checkpoints when snapshots were created along. The
code tracks and modifies the checkpoint list so that backups can still
be taken with such a backing chain. This unfortunately requires to
rename few bitmaps (by copying and deleting them) in some cases.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-04 13:45:32 +01:00
Michal Privoznik
5c8bd31c88 apparmor: Reflect paths from configure in profiles
The configure script allows users to specify different paths for
/etc/, /usr/sbin/, /var/run/ and /usr/libexec/. Instead of
assuming user will pass expected value, generate the apparmor
profiles using the actual values.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2020-02-04 09:08:51 +01:00
Ján Tomko
2df925459c qemu: tpm: remove unused labels
Remove all the labels that are now redundant.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2020-02-03 19:44:39 +01:00
Ján Tomko
9226a627eb qemu: tpm: use g_autoptr where applicable
This requires stealing one cmd pointer before returning it.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2020-02-03 19:44:39 +01:00
Ján Tomko
3f897afda6 qemu: tpm: use g_autofree
Mark eligible declarations as g_autofree and remove
the corresponding VIR_FREE calls.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2020-02-03 19:44:39 +01:00
Ján Tomko
9994bee5f2 qemu: tpm: remove unused pidfile variable
qemuExtTPMSetupCgroup declares pidfile but never uses it.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2020-02-03 19:44:39 +01:00
Ján Tomko
0a125c7144 virBufferTrim: do not accept len
Always trim the full specified suffix.

All of the callers outside of tests were passing either
strlen or the actual length of the string.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2020-02-03 19:44:38 +01:00
Ján Tomko
4838e8b3fc Use virBufferTrimLen when applicable
Replace all the cases that only supply the length
and do not care about matching a suffix, as well
as that one test case that does.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2020-02-03 19:44:38 +01:00
Ján Tomko
080405540a util: introduce virBufferTrimLen
Just like the existing virBufferTrim, but only
does one thing at a time.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2020-02-03 19:44:38 +01:00
Jim Fehlig
e092daacee lib: Prohibit parallel connections with tunneled migration
As discussed on the developer list, parallel migration connections
are not compatible with tunneled migration

https://www.redhat.com/archives/libvir-list/2020-January/msg00463.html

Prohibit the concurrent use of parallel and tunneled migration options.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-03 11:10:59 -07:00
Julio Faracco
6cf9577498 lxc: remove domain definition from lxc network struct
Domain definition is useless now inside network structure. This pointer
was required because new network definition was being added each time
that a new network type appeared. So, this should be processed into
old function `lxcNetworkParseDataType()`. Now, as it was moved to an
array, it can be handle together each interface pointer.

Signed-off-by: Julio Faracco <jcfaracco@gmail.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-02-03 16:08:20 +01:00
Julio Faracco
0da46e30a0 lxc: add LXC version 3 network parser
LXC version 3 or higher introduced indexes for network interfaces.
Libvirt should be able to parse entries like `lxc.net.2.KEY`. This
commit adds functions to parse this type of field. That's why array
structures are so important this time.

Signed-off-by: Julio Faracco <jcfaracco@gmail.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-02-03 16:07:56 +01:00
Julio Faracco
007925214e lxc: refactor lxcNetworkParseData pointers to use new structures
Struct lxcNetworkParseData is being used as a single pointer which
iterates through LXC config lines. It means that it will be applied as a
network each time that a new type appears. After, the same struct is
used to populate a new network interface. This commit changes this logic
to multiple lxcNetworkParseData to move this strcuture to an array. It
makes more sense if we are using indexes to fill interface settings.
This is better to improve code clarity.

This commit still introduces *Legacy() functions to keep support of
network old style definitions.

Signed-off-by: Julio Faracco <jcfaracco@gmail.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-02-03 16:07:41 +01:00
Michal Privoznik
a37a8c569d Drop virAtomic module
Now, that every use of virAtomic was replaced with its g_atomic
equivalent, let's remove the module.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-02 16:36:58 +01:00
Michal Privoznik
7390ff3caa src: Drop virAtomicIntDecAndTest() with g_atomic_int_dec_and_test()
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-02 16:36:56 +01:00
Michal Privoznik
574678a27f src: Replace virAtomicIntInc() with g_atomic_int_add()
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-02 16:36:54 +01:00
Michal Privoznik
f127acfa34 src: Replace virAtomicIntSet() with g_atomic_int_set()
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-02 16:36:50 +01:00
Michal Privoznik
8567ff1f5c src: Replace virAtomicIntGet() with g_atomic_int_get()
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-02 16:36:49 +01:00
Michal Privoznik
7c541207bb test_driver: Replace virAtomicIntAdd() with g_atomic_int_add()
Instead of calling virAtomicIntAdd(&var, 1); we can call
g_atomic_int_add() directly.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-02 16:35:20 +01:00
Ján Tomko
62d75cdcc6 qemu: drop unused variable
The g_auto conversion made clang realize the variable is unused:
../../src/qemu/qemu_domain.c:10349:36: error: unused variable
    'cfg' [-Werror,-Wunused-variable]
    g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Fixes: 20fa2bc6e5
2020-01-31 17:02:26 +01:00
Ján Tomko
e8d5eb0cde qemu: Fix domain ID allocation
The rewrite to use GLib's atomic ops functions changed the behavior
of virAtomicIntInc - before it returned the pre-increment value.

Most of the callers using its value were adjusted, but the one
in qemuDriverAllocateID was not. If libvirtd would reconnect to
a running domain during startup, the next started domain would get
the same ID:

$ virsh list
 Id   Name       State
--------------------------
 1    f28live    running
 1    f28live1   running

Use the g_atomic_add function directly (as recommended in viratomic.h)
and add 1 to the result.

This also restores the usual numbering from 1 instead of 0.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Fixes: 7b9645a7d1
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2020-01-31 16:11:50 +01:00
Daniel Henrique Barboza
4427903722 qemu_domain_address.c: turn qemuDomainFillDeviceIsolationGroup to void
Starting on commit 1f43393283, qemuDomainFillDeviceIsolationGroup()
returns 0 in all circunstances. Let's turn it to 'void' make it
clearer that the function will not fail. This also spares a
check for < 0 return in qemu_hotplug.c. The
qemuDomainFillDeviceIsolationGroupIter() callback now returns
0 at all times - which is already happening anyway.

Refer to 1f43393283 commit message for more details on why
the function was changed to never return an error.

Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-01-31 15:25:33 +01:00
Daniel Henrique Barboza
02ad5d2359 qemu_domain.c: turn qemuDomainChrDefDropDefaultPath to void
qemuDomainChrDefDropDefaultPath() returns an int, but it's
always returning 0. Callers are checking for result < 0 to
run their cleanup code needlessly.

Turn the function to 'void' and adjust the callers.

Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-01-31 15:25:33 +01:00
Daniel Henrique Barboza
db780004a9 qemu_domain.c: removing unneeded cleanup labels
Previous patches deprecated some 'cleanup' labels. Let's remove
them.

Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-01-31 15:25:33 +01:00
Daniel Henrique Barboza
20fa2bc6e5 qemu_domain.c: use g_autoptr when possible
Avoid some of the virObjectUnref() calls by using g_autoptr.
Aside from the 'cleanup' label in qemuDomainSetFakeReboot(),
all other now deprecated cleanup labels will be removed in
the next patch.

Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-01-31 15:25:33 +01:00
Daniel Henrique Barboza
ae9f630e50 qemu_domain.c: use g_autofree when possible
Use g_autofree to remove VIR_FREE() calls used for cleanups.
Labels that became deprecated will be removed in a later
patch.

In qemuDomainSetupDisk(), the 'dst' variable is not used at
all and could be removed.

Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-01-31 15:25:33 +01:00
Daniel Henrique Barboza
749ec34a56 qemu_domain.c: remove redundant virObjectUnref()
The 'caps' variable in qemuDomainObjPrivateXMLParseAutomaticPlacement()
is set to auto clean via g_autoptr(), but a 'virObjectUnref(caps)' is
being executed in the 'cleanup' label.

Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-01-31 15:25:33 +01:00
Daniel Henrique Barboza
738bedbf4e conf/domain_addr.c: remove unneeded 'cleanup' labels
Previous patch used 'g_autofree' to eliminate instances of
VIR_FREE(), making some cleanup labels obsolete. This
patch removes them.

Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-01-31 15:25:33 +01:00
Daniel Henrique Barboza
3f9f550061 conf/domain_addr.c: use g_autofree in strings
Use g_autofree in strings when possible to spare a VIR_FREE()
call. Unneeded 'cleanup' labels will be taken care of in the
next patch.

The 'str' string in virDomainVirtioSerialAddrReserve() was
never used by the logic, only being used in cleanup by
VIR_FREE(). Let's remove it.

Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-01-31 15:25:33 +01:00
Peter Krempa
b9e87908db qemuMigrationCookieAddNBD: Fix filling of 'capacity' when blockdev is used
With -blockdev we must look up via the nodename rather than the 'drive'
alias which is not present any more.

This fixes the pre-creation of storage volumes on migration with
non-shared storage.

https://bugzilla.redhat.com/show_bug.cgi?id=1793263

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-01-31 14:28:29 +01:00
Peter Krempa
d409411213 qemuMigrationCookieAddNBD: Remove 'ret' variable and 'cleanup' label
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-01-31 14:28:29 +01:00
Peter Krempa
45eefb2c78 qemuMigrationCookieAddNBD: Use virHashNew and automatic freeing of virHashTablePtr
Swithc to the helper which doesn't require checking of the return value.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-01-31 14:28:29 +01:00
Peter Krempa
464345e153 qemuMigrationCookieAddNBD: Move monitor call out of the loop
The data is gathered only once so we can move the whole block which
fetches the data out of the loop and get rid of the logic which
prevents multiple calls.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-01-31 14:28:29 +01:00
Peter Krempa
8efeeb59a6 qemuMigrationCookieAddNBD: Use glib memory allocators
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-01-31 14:28:29 +01:00
Peter Krempa
3093822d1d qemuMigrationCookieNBD: Extract embedded struct
Extract the struct so that it's type has a name.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-01-31 14:28:28 +01:00
Peter Krempa
bdff9d4513 qemuMigrationCookieAddNBD: Exit early if there are no disks
Refactor the logic to skip the body of the function if there's nothing
to do.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-01-31 14:28:28 +01:00
Peter Krempa
6eab924daa Remove checking of return value of virHashNew
There are two calls to virHashNew which check the return value. It's not
necessary any more as virHashNew always returns a valid pointer.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-01-31 14:28:28 +01:00
Peter Krempa
2a5ea0a0c1 conf: domain: Remove checking of return value of virHashCreateFull
This module has last two direct checks whether the value returned by
virHashCreateFull is NULL. Remove them so that static analyzers don't
get the false idea that checking the value is necessary.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-01-31 14:28:28 +01:00
Peter Krempa
50f7483a0d util: hash: Use g_new0 for allocating hash internals
Use the glib helpers and remove the mention of returning NULL on failure
of virHashNew, virHashCreate and virHashCreateFull.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-01-31 14:28:28 +01:00
Christian Ehrhardt
5a21fd513a
apparmor: fix qemu_bridge_helper for named profile
Since a3ab6d42 "apparmor: convert libvirtd profile to a named profile"
the detection of the subelement for qemu_bridge_helper is wrong.

In combination with the older 123cc3e1 "apparmor: allow
/usr/lib/qemu/qemu-bridge-helper" it now detects qemu-bridge-helper no
more with its path, but instead as a proper subelement of the named profile
like: label=libvirtd//qemu_bridge_helper

In the same fashion the reverse rule in the qemu_bridge_helper
sub-profile still uses the path and not the named profile label.

Triggering denies like:
apparmor="DENIED" operation="file_inherit"
  profile="libvirtd//qemu_bridge_helper" pid=5629 comm="qemu-bridge-hel"
  family="unix" sock_type="stream" protocol=0 requested_mask="send receive"
  denied_mask="send receive" addr=none peer_addr=none peer="libvirtd"

This patch fixes the unix socket rules for the communication between
libvirtd and qemu-bridge-helper to match that.

Fixes: a3ab6d42d8
Fixes: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1655111

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
2020-01-31 08:32:00 +01:00
Erik Skultety
2b082d875d nwfilter: Use immediate packet delivery mode rather than buffering
Our nwfilter code doesn't set any timeout on the pcap packet buffer which
means that when DHCP snooping is enabled on a guest interface and
libvirt is trying to learn the IP address from guest's DHCP traffic, it
takes up to 4x longer to ping a guest successfully compared to a case
where nwfilter isn't enabled at all or libvirt uses the cached nwfilter
leases to populate the corresponding rules to ebtables.
With the pcap filter and rate limiting already in place, we should be
able to afford enabling the immediate packet delivery, FWIW immediate
mode was actually the default prior libpcap-1.5.0 (CentOS 6) regardless
of whether a buffer was requested.

The lack of any kind of timeout on the pcap buffer messed with the
libvirt TCK test suite which, even with a generous timeout in place,
timeouts every single time simply because it takes a while until
guest actually starts producing any kind of traffic to fill up
the buffer in place (apart from the DHCP traffic which happens fairly
early on).

Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2020-01-30 16:30:18 +01:00
Ján Tomko
49882b3337 Add a space before ending a comment
Also add a space after the start in some of the cases.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2020-01-30 12:32:03 +01:00
Michal Privoznik
2f74105d2c apparmor: Drop 'Last modified' comment from profiles
At the beginning of each profile we have a comment that says when
the profile was last updated. In theory, it makes sense because
one can see immediately if they are using an outdated profile.
However, we don't do a good job in keeping the comments in sync
with reality and also sysadmins should rather use their package
manager to find out libvirt version which installed the profiles.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Acked-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
2020-01-30 08:57:59 +01:00
Michal Privoznik
8f204fb4da apparmor: Allow some more BIOS/UEFI paths
There are two more paths that we are missing in the default
domain profile: /usr/share/edk2-ovmf/ and /usr/share/sgabios/.
These exist on my Gentoo box and contain UEFI and BIOS images
respectively.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Acked-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
2020-01-30 08:57:59 +01:00
Michal Privoznik
07af71ad99 apparmor: Sort paths in blocks in libvirt-qemu profile
Even though we construct a domain specific profile for each
domain we start (which should cover domain specific paths), there
is also another file that is included from the profile and which
contains domain agnostic paths (e.g. to cover libraries that qemu
links with). The paths in the file are split into blocks divided
by comments. Sort the paths in each block individually (ignoring
case sensitivity).

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Acked-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
2020-01-30 08:57:59 +01:00
Dario Faggioli
849052ec61 libxl: support getting and setting parameters for the Credit2
With Credit2 being Xen default scheduler, it's definitely the case to
allow Credit2's scheduling parameters to be get and set via libvirt.

This is easy, as Credit and Credit2 have (at least as of now) the very
same parameters ('weight' and 'cap'). So we can just let credit2 pass
the scheduler-type check and the same code will work for both.

Signed-off-by: Dario Faggioli <dfaggioli@suse.com>
Reviewed-by: Jim Fehlig <jfehlig@suse.com>
2020-01-29 17:27:08 -07:00
Laine Stump
8a226ddb36 qemu: add wait-unplug to qemu migration status enum
Aside from itinerant error (actually warning) messages due to an
unrecognized response from qemu, this isn't even necessary - the
migration proceeds successfully to completion anyway.

(I'm not sure where to see this status reported in the API though - do
we need to add an extra state, or recognition of a new event somewhere?)

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2020-01-29 15:33:29 -05:00
Laine Stump
2758f680b7 qemu: allow migration with assigned PCI hostdev if <teaming> is set
Normally a PCI hostdev can't be migrated, so
qemuMigrationSrcIsAllowedHostdev() won't permit it. In the case of a a
hostdev network interface that has <teaming type='transient'/> set,
QEMU will automatically unplug the device prior to migration, and
re-plug a corresponding device on the destination. This patch modifies
qemuMigrationSrcIsAllowedHostdev() to allow domains with those devices
to be migrated.

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2020-01-29 15:33:29 -05:00
Laine Stump
eb9f6cc4b3 qemu: support interface <teaming> functionality
The QEMU driver uses the <teaming type='persistent|transient'
persistent='blah'/> element to setup a "failover" pair of devices -
the persistent device must be a virtio emulated NIC, with the only
extra configuration being the addition of ",failover=on" to the device
commandline, and the transient device must be a hostdev NIC
(<interface type='hostdev'> or <interface type='network'> with a
network that is a pool of SRIOV VFs) where the extra configuration is
the addition of ",failover_pair_id=$aliasOfVirtio" to the device
commandline. These new options are supported in QEMU 4.2.0 and later.

Extra qemu-specific validation is added to ensure that the device
type/model is appropriate and that the qemu binary supports these
commandline options.

The result of this will be:

1) The virtio device presented to the guest will have an extra bit set
in its PCI capabilities indicating that it can be used as a failover
backup device. The virtio guest driver will need to be equipped to do
something with this information - this is included in the Linux
virtio-net driver in kernel 4.18 and above (and also backported to
some older distro kernels). Unfortunately there is no way for libvirt
to learn whether or not the guest driver supports failover - if it
doesn't then the extra PCI capability will be ignored and the guest OS
will just see two independent devices. (NB: the current virtio guest
driver also requires that the MAC addresses of the two NICs match in
order to pair them into a bond).

2) When a migration is requested, QEMu will automatically unplug the
transient/hostdev NIC from the guest on the source host before
starting migration, and automatically re-plug a similar device after
restarting the guest CPUs on the destination host. While the transient
NIC is unplugged, all network traffic will go through the
persistent/virtio device, but when the hostdev NIC is plugged in, it
will get all the traffic. This means that in normal circumstances the
guest gets the performance advantage of vfio-assigned "real hardware"
networking, but it can still be migrated with the only downside being
a performance penalty (due to using an emulated NIC) during the
migration.

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2020-01-29 15:33:29 -05:00
Laine Stump
fb0509d06a conf: parse/format <teaming> subelement of <interface>
The subelement <teaming> of <interface> devices is used to configure a
simple teaming association between two interfaces in a domain. Example:

  <interface type='bridge'>
    <source bridge='br0'/>
    <model type='virtio'/>
    <mac address='00:11:22:33:44:55'/>
    <alias name='ua-backup0'/>
    <teaming type='persistent'/>
  </interface>
  <interface type='hostdev'>
    <source>
      <address type='pci' bus='0x02' slot='0x10' function='0x4'/>
    </source>
    <mac address='00:11:22:33:44:55'/>
    <teaming type='transient' persistent='ua-backup0'/>
  </interface>

The interface with <teaming type='persistent'/> is assumed to always
be present, while the interface with type='transient' may be be
unplugged and later re-plugged; the persistent='blah' attribute (and
in the one currently available implementation, also the matching MAC
addresses) is what associates the two devices with each other. It is
up to the hypervisor and the guest network drivers to determine what
to do with this information.

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2020-01-29 15:33:29 -05:00
Laine Stump
cad65f222f qemu: add capabilities flag for failover feature
Presence of the virtio-net-pci option called "failover" indicates
support in a qemu binary of a simplistic bonding of a virtio-net
device with another PCI device. This feature allows migration of
guests that have a network device assigned to a guest with VFIO, by
creating a network bond device in the guest consisting of the
VFIO-assigned device and a virtio-net-pci device, then temporarily
(and automatically) unplugging the VFIO net device prior to migration
(and hotplugging an equivalent device on the migration
destination). (The feature is called "failover" because the bond
device uses the vfio-pci netdev for normal guest networking, but
"fails over" to the virtio-net-pci netdev once the vfio-pci device is
unplugged for migration.)

Full functioning of the feature also requires support in the
virtio-net driver in the guest OS (since that is where the bond device
resides), but if the "failover" commandline option is present for the
virtio-net-pci device in qemu, at least the qemu part of the feature
is available, and libvirt can add the proper options to both the
virtio-net-pci and vfio-pci device commandlines to indicate qemu
should attempt doing the failover during migration.

This patch just adds the qemu capabilities flag "virtio-net.failover".

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2020-01-29 15:33:29 -05:00
Daniel P. Berrangé
3d63a187ba bootstrap: remove 18 more gnulib modules
* chown: use is conditionally compiled
* configmake: functionality imported to Makefile.am
* getaddrinfo: we have no portability problems
  with Windows impl
* getpass: simplified impl is imported
* mgetgroups: getgrouplist is used directly
* net_if: header includes are conditionalized
* netdb: header includes are conditionalized
* passfd: simplified impl is imported
* posix-shell: functionality was unused & removed
* sigaction: usage is conditionalized
* sigpipe: usage is conditionalized
* stat-time: struct stat is used directly
* strchrnul: usage is eliminated
* strtok_r: usage is not a portability problem
* sys_stat: usage is conditionalized
* uname: rewritten to use native Win32 function to
  get host arch
* waitpid: usage is conditionalized
* wcwidth: rewritten using g_unichar APIs

Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-01-29 14:51:40 +00:00
Daniel P. Berrangé
e429934550 src: conditionalize EAI_ADDRFAMILY
The EAI_ADDRFAMILY constant has been removed from FreeBSD
headers, supposedly because it is deprecated by new RFC
drafts.

Previously GNULIB was providing a replacement because
MinGW lacked it too. The replacement provided for MinGW
was thus being used on FreeBSD too, but with a completely
bogus integer value.

Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-01-29 14:51:40 +00:00
Daniel P. Berrangé
fc920f704c src: convert all code to use virsocket.h
There are a large number of different header files that
are related to the sockets APIs. The virsocket.h header
includes all of the relevant headers for Windows and UNIX
in one convenient place. If virsocketaddr.h is already
included, then there's no need for virsocket.h

Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-01-29 14:51:40 +00:00
Daniel P. Berrangé
a464220430 src: conditionalize use of chown & stat constants
chown and some stat constants are not available on
the Windows platform.

Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-01-29 14:51:40 +00:00
Daniel P. Berrangé
6dd8913207 src: conditionalize use of O_BINARY
The O_BINARY flag is not defined on all platforms so we must
conditionalize its use once we remove GNULIB.

Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-01-29 14:51:40 +00:00
Daniel P. Berrangé
b0bea258d3 src: conditionalize use of O_DIRECT
The O_DIRECT flag is not available on all platforms, so we
must introduce a compat define the same way gnulib does.

Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-01-29 14:51:40 +00:00
Daniel P. Berrangé
4b9919af40 src: conditionalize use of F_DUPFD_CLOEXEC
The F_DUPFD_CLOEXEC functionality is not available on
some platformms. We must thus explicitly call the
virSetCloexec function once we remove GNULIB's equiv
fix for this.

Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-01-29 14:51:40 +00:00
Daniel P. Berrangé
2a656fc9d8 src: ensure O_CLOEXEC is defined on Windows
Windows uses _O_NOINHERIT as the name for its O_CLOEXEC
equivalent. Define O_CLOEXEC to match this to fix
portability when we remove GNULIB.

Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-01-29 14:51:40 +00:00
Daniel P. Berrangé
18dca21a32 src: stop using O_DIRECTORY in resctrl
The O_DIRECTORY flag causes open() to return an error
if the filename is a directory. There's no obvious
reason why resctrl needs to use this, while the rest of
libvirt code does not. Removing it avoids build issues
on platforms where O_DIRECTORY is not defined, once we
remove GNULIB.

Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-01-29 14:51:40 +00:00
Daniel P. Berrangé
3ec271bada src: conditionalize use of S_ISSOCK macro
The S_ISSOCK macro is not available on Windows platforms.

Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-01-29 14:51:40 +00:00
Daniel P. Berrangé
7f3eb533f4 src: conditionalize use of net/if.h
The net/if.h is not portable so we must check for its
existance and avoid using it when missing. Some use
of net/if.h was redundant and could be removed.

Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-01-29 14:51:40 +00:00
Daniel P. Berrangé
2b45f453a3 util: conditionalize virProcess APIs on Windows
Many of the virProcess APIs are relying on GNULIB providing
POSIX API stubs. Even with these stubs the APIs don't do
anything useful once compiled. We can thus conditionalize
the code so that we don't compile anything at all.

Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-01-29 14:51:40 +00:00
Daniel P. Berrangé
32fe38646a src: remove all traces of Cygwin support
Cygwin is not a supported build platform for libvirt and
has no testing coverage in our CI systems. Stop pretending
the code is usable and remove it so there is less to port
to Meson.

Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-01-29 14:51:40 +00:00
Daniel P. Berrangé
19ae64653d util: conditionalize more of virCommand on WIN32
A large part of the virCommand code is still built on
WIN32, despite the fact that the core fork() & execve()
functions are not available. So despite succesfully
building most of the code, at runtime the APIs are
none the less unusuable. With the elimination of GNULIB
many of the APIs being used in this code no longer have
portability wrappers/shims for Windows.

Rather than try to add portability wrappers, or do tests
for each individual function, it is clearer to conditionalize
nearly all of the code using #ifdef WIN32.

Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-01-29 14:51:40 +00:00
Daniel P. Berrangé
c58edd05f7 src: replace mkdir() with g_mkdir()
g_mkdir() provides portability to Windows platforms.

Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-01-29 14:51:40 +00:00
Daniel P. Berrangé
3aab3362f6 src: only import sys/uio.h when journald is built
The sys/uio.h header is only needed when building logging
code with journald support enabled. Conditionally include
it so that we avoid break on platforms which lack this
header.

Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-01-29 14:51:40 +00:00
Daniel P. Berrangé
ff627b4726 rpc: conditionalize signal handling
The Windows platform does not have the signal handling
support we need, so it must be disabled in several parts
of the codebase.

Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-01-29 14:51:40 +00:00
Daniel P. Berrangé
17460825f3 src: implement APIs for passing FDs over UNIX sockets
This is a simplified variant of gnulib's passfd module
without the portability code that we do not require.

Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-01-29 14:51:39 +00:00
Daniel P. Berrangé
d575590c52 storage: remove use of stat-time.h headers
The gnulib stat-time.h header provides wrapper functions
to hide the differences in 'struct stat' between various
platforms.

Linux and FreeBSD support the same names, except for
birthtime which Linux only provides in the new 'statx()'
syscall we're not using. macOS has completely different
naming. Since we only rely on this code in one place
we just use conditionals at time of need.

Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-01-29 14:51:39 +00:00
Daniel P. Berrangé
47744e0694 util: explicitly include windows.h
The virProcess code relies on windows.h and is getting it
indirectly via some GNULIB header fixes. This dependancy
needs to be made explicit.

Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-01-29 14:51:39 +00:00
Daniel P. Berrangé
3f4435d877 src: remove unused sys/utsname.h includes
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-01-29 14:51:39 +00:00
Daniel P. Berrangé
540cf03926 util: use getgrouplist() directly instead of mgetgroups
The mgetgroups function is a GNULIB custom wrapper around
getgrouplist(). This implements a simplified version of
that code directly.

Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-01-29 14:51:39 +00:00
Daniel P. Berrangé
27a6edf50f src: remove usage of strchrnul function
The strchrnul function doesn't exist on Windows and rather
than attempt to implement it, it is simpler to just avoid
its usage, as any callers are easily adapted.

Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-01-29 14:51:39 +00:00
Daniel P. Berrangé
db72866310 util: add API for reading password from the console
This imports a simpler version of GNULIB's getpass() function
impl for Windows. Note that GNULIB's impl was buggy as it
returned a static string on UNIX, and a heap allocated string
on Windows. This new impl always heap allocates.

Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-01-29 14:51:39 +00:00
Daniel P. Berrangé
19ff90a9c5 util: add a virArchFromHost() impl for Windows
Instead of relying on GNULIb's uname() impl, directly use the
Windows API for determining CPU architecture.

Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-01-29 14:51:39 +00:00
Daniel Henrique Barboza
dbf1f68410 security: do not remember/recall labels for VFIO
Files inside /dev/vfio/ can't be opened more than once, meaning
that any subsequent open calls will fail. This behavior was
introduced in kernel v3.11, commit 6d6768c61b39.

When using the VFIO driver, we open a FD to /dev/vfio/N and
pass it to QEMU. If any other call attempt for the same
/dev/vfio/N happens while QEMU is still using the file, we are
unable to open it and QEMU will report -EBUSY. This can happen
if we hotplug a PCI hostdev that belongs to the same IOMMU group
of an existing domain hostdev.

The problem and solution is similar to what we already dealt
with for TPM in commit 4e95cdcbb3. This patch changes both
DAC and SELinux drivers to disable 'remember' for VFIO hostdevs
in virSecurityDACSetHostdevLabelHelper() and
virSecurityDACSetHostdevLabel(), and 'recall'
in virSecurityDACRestoreHostdevLabel() and
virSecuritySELinuxRestoreHostdevSubsysLabel().

Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-01-29 13:50:51 +01:00
Daniel Henrique Barboza
09804edd0a security: Allow 'remember' to be set for HostdevLabelHelper
There is a case in which we do not want 'remember' to be
set to true in SetOwnership() calls inside the
HostdevLabelHelper() functions of both DAC and SELinux drivers.
Next patch will explain and handle that scenario.

For now, let's make virSecurityDACSetOwnership() and
virSecuritySELinuxSetHostdevLabelHelper() accept a 'remember'
flag, which will be used to set the 'remember' parameter
of their respective SetOwnership() calls. No functional
change is made.

Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-01-29 13:50:51 +01:00
Nikolay Shirokovskiy
93b66b3cbb qemu: when leaving iotune group update xml properly
Currently when disk is removed from iotune group (by setting
all tunables to zero) group name is leaved in config. Let's fix
it.

Given iotune defaults are taken from the destination group setting
tunables to zero may require different set of zero settings in API
call. Let's prohibit removing from group while specifying different
group name then current for the sanity sake.

Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-01-29 11:47:01 +01:00
Nikolay Shirokovskiy
57ac9f5eef qemu: get defaults from iotune group we move disk into
For example if disk is not in the group and we want to move it
there then it makes sense to specify only the group name in API call.
Currently the destination group iotune settings will be overwritten
with the disk settings which I would say is not what one would expect.
Thus let's get defaults from the group we are moving to.

And if we are moving the brand new group then is makes sense to
copy the current disk iotune settings to the group.

Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-01-29 11:46:58 +01:00
Nikolay Shirokovskiy
bb36ae81a0 qemu: fix using defaults when setting persistent iotune params
virDomainSetBlockIoTune not simply sets the iotune params given in API
but use current settings for all the omitted params. Unfortunately
it uses current settings for active config when setting inactive
params. Let's fix it.

Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-01-29 11:46:55 +01:00
Nikolay Shirokovskiy
dd94f36ffb qemu: check iotune params same for all disk in group
Currently it is possible to start a domain which have disks
in same iotune group and at the same time having different iotune
params. Both params set are passed to qemu in command line and the one
that is passed later down command line is get actually set.
Let's prohibit such configurations.

Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-01-29 11:46:51 +01:00
Nikolay Shirokovskiy
e7efffe6cb qemu: propagate iotune settings to all disks in the group
Currently upon successfull call to qemu's implementation of
virDomainSetBlockIoTune iotune settings are changed only for the
disk given in API if the disk is in iotune group while we need
to change the settings for all disks in the group.

Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-01-29 11:46:47 +01:00
Nikolay Shirokovskiy
eb4455daab conf: expand iotune params if only group name is given
Currently, if only iotune group name is given for some disk and
no any params then later start of domain will fail. I guess it
will be convenient to allow such configuration if there is
another disk in the same iotune group with iotune params set. The
meaning is that the first disk have same iotunes and the latter.
Thus one can easily add a disk to iotune group - just add group
name parameter and no need to copy all the params.

Also let's expand iotunes params in the described case so we don't
need to refer to another disk to know iotunes and this will make
logic in many places simple.

Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-01-29 11:46:42 +01:00
Nikolay Shirokovskiy
67ebd6ac26 qemu: Move qemuDiskConfigBlkdeviotuneHas* to conf
And introduce virDomainBlockIoTuneInfoHasAny.

Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-01-29 11:46:17 +01:00
Ján Tomko
374908e481 vz: fix typos of 'explicitly'
Also add a space before ending a comment.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2020-01-28 13:32:28 +01:00
Ján Tomko
930f6e05b9 conf: unmark xmlopt as unused in virDomainDeviceInfoParseXML
It is used by the user-alias handling code.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2020-01-28 13:32:28 +01:00
Ján Tomko
31375a0842 conf: remove outdated comments
Some *ParseXML functions have comments stating what kind of device
they parse with an outdated list of parameters, with the exception
of virDomainFSDefParseXML which claims to parse a disk.

Remove them, assuming the function names are descriptive enough.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2020-01-28 13:32:28 +01:00
Ján Tomko
d5256cbd55 qemu: eliminate ret in qemuExtDevicesStart
All the callees return either 0 or -1 so there is no need
for propagating the value. And we bail on the first error.

Remove the variable to make the function simpler.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2020-01-28 13:32:27 +01:00
Ján Tomko
e2ca6eb087 qemu: use def instead of vm->def in qemuExtDevicesStart
We have a helper variable to make the code more concise,
use it consistently.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2020-01-28 13:32:27 +01:00
Ján Tomko
f84c7c67d5 qemu: eliminate ret variable in qemuExtTPMStart
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2020-01-28 13:32:27 +01:00
Ján Tomko
06160f6708 qemu: eliminate ret variable in qemuExtTPMStartEmulator
Now that the cleanup section is empty, eliminate the cleanup
label as well as the 'ret' variable.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2020-01-28 13:32:27 +01:00
Ján Tomko
ebe9c31f41 qemu: use g_auto in qemuExtTPMStartEmulator
Use the g_auto macros wherever possible to eliminate the cleanup
section.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2020-01-28 13:32:27 +01:00
Ján Tomko
3efdbae5bf conf: use virXMLFormatElement in virDomainFSDefFormat
Use the virXMLFormatElement helper to format the driver element
to simplify adding further sub-elements.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2020-01-28 10:31:41 +01:00
Andrea Bolognani
c8a3a5d79b qemu_shim: Update temporary directory template
The template still references libvirt-qemu-shim, which was at one
point the name used to refer to what we now know as virt-qemu-run.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
2020-01-27 17:57:43 +01:00
Andrea Bolognani
7dca28e229 qemu_shim: Fix typos
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
2020-01-27 17:57:08 +01:00
Ján Tomko
c07ef7c563 qemu: snapshot: go through cleanup on error
A recent commit added an error check for too-nested backing chains
followed by a return, even though errors above jump to cleanup.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Fixes: b168fa88b8
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2020-01-27 17:36:05 +01:00
Ján Tomko
26a42e7315 qemu_shim: cosmetic fixes
Remove bogus G_GNUC_UNUSED attribute and add a missing space.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Fixes: d600667278
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2020-01-27 17:36:05 +01:00
Peter Krempa
d9dfc1f7de qemu: checkpoint: Extract calculation of bitmap merging for checkpoint deletion
This will allow some testing before refactoring.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2020-01-27 15:28:49 +01:00
Peter Krempa
6796194a28 qemu: checkpoint: Introduce helper to find checkpoint disk definition in parents
The algorithm is used in two places to find the parent checkpoint object
which contains given disk and then uses data from the disk. Additionally
the code is written in a very non-obvious way. Factor out the lookup of
the disk into a function which also simplifies the callers.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2020-01-27 15:28:49 +01:00
Peter Krempa
180b3422e9 qemu: domain: Remove unused qemuDomainDiskNodeFormatLookup
The function has no users now and there's no need for it as the common
pattern is to look up the whole disk object anyways.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2020-01-27 15:28:49 +01:00
Peter Krempa
f19248a139 qemu: checkpoint: tolerate missing disks on checkpoint deletion
If a disk is unplugged and then the user tries to delete a checkpoint
the code would try to use NULL node name as it was not checked.

Fix this by fetching the whole disk definition object and verifying it
was found.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2020-01-27 15:28:49 +01:00
Peter Krempa
7973f7d792 qemu: checkpoint: Use disk definition directly when creating checkpoint
Lookup the whole disk definition rather than just the node name.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2020-01-27 15:28:49 +01:00
Peter Krempa
f3e0a45a00 qemu: checkpoint: rename disk->chkdisk in qemuCheckpointAddActions
Upcoming patches will also use the domain disk definition. Rename disk
to chkdisk for clarity.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2020-01-27 15:28:49 +01:00
Peter Krempa
a303e8ea47 qemu: checkpoint: rename disk->chkdisk in qemuCheckpointDiscardBitmaps
Upcoming patches will also use the domain disk definition. Rename disk
to chkdisk for clarity.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2020-01-27 15:28:49 +01:00
Peter Krempa
44e1b85717 qemu: checkpoint: split out checkpoint deletion bitmaps
qemuCheckpointDiscard is a massive function that can be separated into
smaller bits. Extract the part that actually modifies the disk from the
metadata handling.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2020-01-27 15:28:49 +01:00
Peter Krempa
606dc66b09 qemu: checkpoint: Store whether deleted checkpoint is current in a variable
Avoid two computations by using a boolean.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2020-01-27 15:28:49 +01:00
Peter Krempa
60b580b949 qemu: capabilities: Add accessor to qemu caps machine types presence
Test code will need to know whether the virQEMUCaps object contains any
machine types already. Add a helper and expose it via 'qemu_capspriv.h'.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-01-27 14:55:03 +01:00
Peter Krempa
3b8feb4793 qemu: capabilities: Replace aliased machine type by copy of the canonical machine
The previous approac of just purging the alias combined with the fact
that we filled in fake machine types in the test data meant that if a
test case used an alias machine type such as 'pc' or 'q35' it would not
properly resolve to the actual data returned by qemu.

This started to be a problem since the CPU driver now looks at the
default CPU reported with the machine type.

This patch replaces the original approach of just removing the alias by
replacing it with a copy of the machine type data which the type would
alias to. This means that we are using the real data while we don't
modify the test output after every qemu upgrade.

Additionally this change will allow us to drop adding the fake machine
types later.

The test fallout is from actually excercising the CPU driver with
actual data.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-01-27 14:55:03 +01:00
Peter Krempa
bb61230992 qemu: capabilities: Extract code from virQEMUCapsStripMachineAliases
Separate out the internals as they will become more complex soon.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-01-27 14:55:03 +01:00
Peter Krempa
0b9d1a8073 qemu: domain: Validate that machine type is supported by qemu
Every supported qemu is able to return the list of machine types it
supports so we can start validating it against that list. The advantage
is a better error message, and the change will also prevent having stale
test data.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-01-27 14:55:03 +01:00
Daniel P. Berrangé
82dd011dbb qemu: fix linking virt-qemu-run on some distros
Debian/Ubuntu linkers are more strict that other distros requiring glib
to be linked explicitly.

macOS needs -export-dynamic instead of -Wl,--export-dynamic

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-01-27 13:44:56 +00:00
Daniel P. Berrangé
9a5bafd329 bhyve: add 'root' parameter to driver initializer
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-01-27 13:44:56 +00:00
Peter Krempa
b168fa88b8 qemu: snapshot: Prevent too-nested domain XML when doing inactive snapshot
Similarly to 510d154a0b we need to prevent
doing too deeply nested backing chains and reject them with a sane error
message.

Add a loop to go through the snapshots prior to attempting actually
creating them to prevent some possible inconsistent scenarios.

We don't need to do it when reusing backing chains as we'll be
re-detecting the backing chain in that case anyways.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2020-01-27 14:02:01 +01:00
Peter Krempa
8e9e73a984 qemu: snapshot: Always rewrite backingStore data when reusing existing images
Don't adopt the backing store data when reusing images provided by the
user. This will force a backing chain re-probe as users might have
passed in something unexpected in the overlay where our view of the
backing chain would not correspond.

This is done only for inactive snapshots as there we have way less
verification.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2020-01-27 14:02:01 +01:00
Daniel P. Berrangé
d600667278 qemu: introduce a new "virt-qemu-run" program
The previous "QEMU shim" proof of concept was taking an approach of only
caring about initial spawning of the QEMU process. It was then
registered with the libvirtd daemon who took over management of it. The
intent was that later libvirtd would be refactored so that the shim
retained control over the QEMU monitor and libvirt just forwarded APIs
to each shim as needed. This forwarding of APIs would require quite alot
of significant refactoring of libvirtd to achieve.

This impl thus takes a quite different approach, explicitly deciding to
keep the VMs completely separate from those seen & managed by libvirtd.
Instead it uses the new "qemu:///embed" URI scheme to embed the entire
QEMU driver in the shim, running with a custom root directory.

Once the driver is initialization, the shim starts a VM and then waits
to shutdown automatically when QEMU shuts down, or should kill QEMU if
it is terminated itself. This ought to use the AUTO_DESTROY feature but
that is not yet available in embedded mode, so we rely on installing a
few signal handlers to gracefully kill QEMU. This isn't reliable if
we crash of course, but you can restart with the same root dir.

Note this program does not expose any way to manage the QEMU process,
since there's no RPC interface enabled. It merely starts the VM and
cleans up when the guest shuts down at the end. This program is
installed to /usr/bin/virt-qemu-run enabling direct use by end users.
Most use cases will probably want to integrate the concept directly
into their respective application codebases. This standalone binary
serves as a nice demo though, and also provides a way to measure
performance of the startup process quite simply.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-01-27 11:05:02 +00:00
Daniel P. Berrangé
3e9076e777 secrets: add support for running secret driver in embedded mode
This enables support for running the secret driver embedded to the
calling application process using a URI:

   secret:///embed?root=/some/path

When using the embedded mode with a root=/var/tmp/embed, the
driver will use the following paths:

       configDir: /var/tmp/embed/etc/secrets
        stateDir: /var/tmp/embed/run/secrets

These are identical whether the embedded driver is privileged
or unprivileged.

This compares with the system instance which uses

       configDir: /etc/libvirt/secrets
        stateDir: /var/lib/libvirt/secrets

When an embedded instance of the secret driver is open, any other
embedded drivers will automatically use the embedded secret driver.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-01-27 11:04:29 +00:00
Daniel P. Berrangé
068efae5b1 qemu: add support for running QEMU driver in embedded mode
This enables support for running QEMU embedded to the calling
application process using a URI:

   qemu:///embed?root=/some/path

Note that it is important to keep the path reasonably short to
avoid risk of hitting the limit on UNIX socket path names
which is 108 characters.

When using the embedded mode with a root=/var/tmp/embed, the
driver will use the following paths:

                logDir: /var/tmp/embed/log/qemu
           swtpmLogDir: /var/tmp/embed/log/swtpm
         configBaseDir: /var/tmp/embed/etc/qemu
              stateDir: /var/tmp/embed/run/qemu
         swtpmStateDir: /var/tmp/embed/run/swtpm
              cacheDir: /var/tmp/embed/cache/qemu
                libDir: /var/tmp/embed/lib/qemu
       swtpmStorageDir: /var/tmp/embed/lib/swtpm
 defaultTLSx509certdir: /var/tmp/embed/etc/pki/qemu

These are identical whether the embedded driver is privileged
or unprivileged.

This compares with the system instance which uses

                logDir: /var/log/libvirt/qemu
           swtpmLogDir: /var/log/swtpm/libvirt/qemu
         configBaseDir: /etc/libvirt/qemu
              stateDir: /run/libvirt/qemu
         swtpmStateDir: /run/libvirt/qemu/swtpm
              cacheDir: /var/cache/libvirt/qemu
                libDir: /var/lib/libvirt/qemu
       swtpmStorageDir: /var/lib/libvirt/swtpm
 defaultTLSx509certdir: /etc/pki/qemu

At this time all features present in the QEMU driver are available when
running in embedded mode, availability matching whether the embedded
driver is privileged or unprivileged.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-01-27 11:04:03 +00:00
Daniel P. Berrangé
88446e07b2 libvirt: support an "embed" URI path selector for opening drivers
The driver URI scheme:

  "$drivername:///embed?root=/some/path"

enables a new way to use the drivers by embedding them directly in the
calling process. To use this the process must have a thread running the
libvirt event loop. This URI will then cause libvirt to dynamically load
the driver module and call its global initialization function. This
syntax is applicable to any driver, but only those will have been
modified to support a custom root directory and embed URI path will
successfully open.

The application can now make normal libvirt API calls which are all
serviced in-process with no RPC layer involved.

It is required to specify an explicit root directory, and locks will be
acquired on this directory to avoid conflicting with another app that
might accidentally pick the same directory.

Use of '/' is not explicitly forbidden, but note that the file layout
used underneath the embedded driver root does not match the file
layout used by system/session mode drivers. So this cannot be used as
a backdoor to interact with, or fake, the system/session mode drivers.

Libvirt will create arbitrary files underneath this root directory. The
root directory can be kept untouched across connection open attempts if
the application needs persistence. The application is responsible for
purging everything underneath this root directory when finally no longer
required.

Even when a virt driver is used in embedded mode, it is still possible
for it to in turn use functionality that calls out to other secondary
drivers in libvirtd. For example an embedded instance of QEMU can open
the network, secret or storage drivers in the system libvirtd.

That said, the application would typically want to at least open an
embedded secret driver ("secret:///embed?root=/some/path"). Note that
multiple different embedded drivers can use the same root prefix and
co-operate just as they would inside a normal libvirtd daemon.

A key thing to note is that for this to work, the application that links
to libvirt *MUST* be built with -Wl,--export-dynamic to ensure that
symbols from libvirt.so are exported & thus available to the dynamically
loaded driver module. If libvirt.so itself was dynamically loaded then
RTLD_GLOBAL must be passed to dlopen().

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-01-27 11:03:49 +00:00
Daniel P. Berrangé
207709a031 libvirt: pass a directory path into drivers for embedded usage
The intent here is to allow the virt drivers to be run directly embedded
in an arbitrary process without interfering with libvirtd. To achieve
this they need to store all their configuration & state in a separate
directory tree from the main system or session libvirtd instances.

This can be useful for doing testing of the virt drivers in "make check"
without interfering with the user's own libvirtd instances.

It can also be used for applications using KVM/QEMU as a piece of
infrastructure to build an service, rather than for general purpose
OS hosting. A long standing example is libguestfs, which would prefer
if its temporary VMs did show up in the main libvirtd VM list, because
this confuses apps such as OpenStack Nova. A more recent example would
be Kata which is using KVM as a technology to build containers.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-01-27 11:02:16 +00:00
Daniel P. Berrangé
fd2a9dda87 util: add helper API for getting URI parameters
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-01-27 11:02:03 +00:00
Jonathon Jongsma
dee2218bc8 qemu: explicitly disable virgl when requested
If a domain is configured to have an egl-headless display and a virtio
video device, virgl will be enabled automatically within the guest, even
if the video device is configured with accel3d='no'.

In this case we should explicitly pass 'virgl=off' to qemu.

See https://bugzilla.redhat.com/show_bug.cgi?id=1791236 for more
information.

Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-01-25 07:51:08 +01:00
Han Han
bd51f89c30 qemu: Implement builtin rng backend
Since v4.2-rc0, QEMU introduced a builtin rng backend that uses
getrandom() syscall to generate random. Add it to libvirt with the
backend model 'builtin'.

https://bugzilla.redhat.com/show_bug.cgi?id=1785091

Signed-off-by: Han Han <hhan@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-01-24 17:03:35 +01:00
Han Han
6a6d00e168 conf: Add rng backend model builtin
The 'builtin' rng backend model can be used as following:
  <rng model='virtio'>
    <backend model='builtin'/>
  </rng>

Signed-off-by: Han Han <hhan@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-01-24 17:03:32 +01:00
Han Han
1bd17918b6 util: Do not assume comma after object id
For qemu object like rng-builtin, there are no properties after id
property. We should always set comma after object id. Otherwise it will
cause trailing comma on object:
    -object rng-builtin,id=ID,

Signed-off-by: Han Han <hhan@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-01-24 17:03:29 +01:00
Han Han
9378713f56 qemu_capabilities: Introduce QEMU_CAPS_OBJECT_RNG_BUILTIN
It is used to check if qemu is capable of rng-builtin object.

This object is added since qemu-4.2.0-rc0, commit 6c4e9d48.

Signed-off-by: Han Han <hhan@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-01-24 17:03:21 +01:00
Michal Privoznik
c76009313f qemu_capabilities: Rework domain caps cache
Since v5.6.0-48-g270583ed98 we try to cache domain capabilities,
i.e. store filled virDomainCaps in a hash table in virQEMUCaps
for future use. However, there's a race condition in the way it's
implemented. We use virQEMUCapsGetDomainCapsCache() to obtain the
pointer to the hash table, then we search the hash table for
cached data and if none is found the domcaps is constructed and
put into the table. Problem is that this is all done without any
locking, so if there are two threads trying to do the same, one
will succeed and the other will fail inserting the data into the
table.

Also, the API looks a bit fishy - obtaining pointer to the hash
table is dangerous.

The solution is to use a mutex that guards the whole operation
with the hash table. Then, the API can be changes to return
virDomainCapsPtr directly.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1791790

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2020-01-24 14:48:44 +01:00