Commit Graph

26601 Commits

Author SHA1 Message Date
Serge Hallyn
ba326c8699 apparmor, libvirt-qemu: Allow access to certificates used by libvirt-vnc
When setting up VncTLS according to the official Libvirt documentation,
only one certificate for libvirt/libvirt-vnc is used. The document
indicates to use the following directories :

 /etc/pki/CA
 /etc/pki/libvirt
 /etc/pki/libvirt/private

in order to manage the certificates used by libvirt-vnc.

Bug-Ubuntu: https://bugs.launchpad.net/bugs/901272

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
2017-06-16 10:38:52 +02:00
Serge Hallyn
78769b8bd9 apparmor, libvirt-qemu: Allow access to ceph config
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
2017-06-16 10:38:52 +02:00
Stefan Bader
5b4d46a95e apparmor, libvirtd: Allow libxl-save-helper to run on Debian/Ubuntu
On Debian/Ubuntu the libxl-save-helper (used when saving/restoring
a domain through libxl) is located under /usr/lib/xen-<version>/bin.

Bug-Ubuntu: https://bugs.launchpad.net/bugs/1334195

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
2017-06-16 10:38:52 +02:00
Serge Hallyn
233e08c057 apparmor, libvirt-qemu: Add ppc64el related changes
Updates profile to allow running on ppc64el.

Bug-Ubuntu: https://bugs.launchpad.net/bugs/1374554

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
2017-06-16 10:38:52 +02:00
William Grant
f3b0f324eb apparmor, virt-aa-helper: Allow aarch64 UEFI.
Allow access to aarch64 UEFI images.

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
Acked-by: Guido Günther <agx@sigxcpu.org>
2017-06-16 10:38:52 +02:00
Christian Ehrhardt
5b80c973f1 virt-aa-helper: Generalize test for firmware paths
This replaces individual tests for firmware locations by
a generic function which will simplify having additional
locations in the future.

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
2017-06-16 10:38:52 +02:00
Simon McVittie
8d4aad6412 virt-aa-helper, apparmor: allow /usr/share/OVMF/ too
The split firmware and variables files introduced by
https://bugs.debian.org/764918 are in a different directory for
some reason. Let the virtual machine read both.

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
2017-06-16 10:38:52 +02:00
Martin Kletzander
307a205e25 qemu: Allow live-updates of coalesce settings
Change the settings from qemuDomainUpdateDeviceLive() as otherwise the
call would succeed even though nothing has changed.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1414627

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2017-06-16 10:18:35 +02:00
Daniel P. Berrange
f1acc4130c Temporarily disable format truncation warnings
GCC 7.1 introduces a new -Wformat-truncation warning
flag that reports if it thinks the maximum possible
size of the formatted output will exceed the provided
fixed buffer. This is enabled automatically by the
-Wformat warning flag. There are quite a few places
hit by this in libvirt which need rewriting. This is
non-trivial work in some places, so temporarily
disable the new warning until those fixes can be
implemented.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2017-06-15 14:22:54 +01:00
Daniel P. Berrange
1ba693994a Disable the -Wduplicated-branches warning
Depending on the platform/architecture, a number of conditionals
in libvirt code expand the same on both branches. This is expected
behaviour and harmless, so disable the warning to avoid creating
unexpected build failures

Two examples, mingw32:

../../src/util/vircommand.c: In function 'virCommandWait':
../../src/util/vircommand.c:2562:51: error: this condition has identical branches [-Werror=duplicated-branches]
             *exitstatus = cmd->rawStatus ? status : WEXITSTATUS(status);
                                                   ^
and gcc7.1

In file included from util/virobject.c:28:0:
util/virobject.c: In function 'virClassNew':
util/viratomic.h:176:46: error: this condition has identical branches [-Werror=duplicated-branches]
            (void)(0 ? *(atomic) ^ *(atomic) : 0);                      \
                                             ^
util/virobject.c:144:20: note: in expansion of macro 'virAtomicIntInc'
    klass->magic = virAtomicIntInc(&magicCounter);
                   ^~~~~~~~~~~~~~~

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2017-06-15 13:26:51 +01:00
Jiri Denemark
f0a3fe1b0a qemu: Use qemuDomainCheckABIStability where needed
Most places which want to check ABI stability for an active domain need
to call this API rather than the original
qemuDomainDefCheckABIStability. The only exception is in snapshots where
we need to decide what to do depending on the saved image data.

https://bugzilla.redhat.com/show_bug.cgi?id=1460952

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2017-06-14 17:13:24 +02:00
Jiri Denemark
063b2b8788 qemu: Add qemuDomainCheckABIStability
When making ABI stability checks for an active domain, we need to make
sure we use the same migratable definition which virDomainGetXMLDesc
with the MIGRATABLE flag provides, otherwise the ABI check will fail.
This is implemented in the new qemuDomainCheckABIStability which takes a
domain object and generates the right migratable definition from it.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2017-06-14 17:08:16 +02:00
Jiri Denemark
a0912df3fa qemu: Add qemuDomainMigratableDefCheckABIStability
This patch separates the actual ABI checks from getting migratable defs
in qemuDomainDefCheckABIStability so that we can create another wrapper
which will use different methods to get the migratable defs.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2017-06-14 17:04:32 +02:00
Jiri Denemark
0810d4f5e0 qemu: Introduce qemuDomainDefFromXML helper
The main goal of this function is to enable reusing the parsing code
from qemuDomainDefCopy.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2017-06-14 17:04:12 +02:00
Michal Privoznik
1e8d6c6ef0 qemu: Don't try to use hugepages if not enabled
https://bugzilla.redhat.com/show_bug.cgi?id=1214369

My fix 671d18594f was incomplete. If domain doesn't have
hugepages enabled, because of missing condition we would still be
putting hugepages path onto qemu cmd line. Clean up the
conditions so that it's more visible next time.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-06-14 16:47:14 +02:00
Daniel P. Berrange
5e9ca5508d Use sys/uio.h for writev()
With glibc >= 2.25.90 writev() is only available if you explicitly
include sys/uio.h. This matches the documented requirements, but
older glibc and other *NIX pulled in writev indirectly so the bug
wasn't noticed previously.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2017-06-14 15:01:42 +01:00
Daniel P. Berrange
d9e97fd960 maint: update to latest gnulib
This fixes an incompatibility with glibc 2.25.90

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2017-06-14 11:19:18 +01:00
Erik Skultety
bb12db16b4 qemu: monitor: Fix a memory leak in qemuMonitorJSONAttachCharDevCommand
With the current logic, we only free @tlsalias as part of the error
label and would have to free it explicitly earlier in the code. Convert
the error label to cleanup, so that we have only one sink, where we
handle all frees. Since JSON object append operation consumes pointers,
make sure @backend is cleared before we hit the cleanup label.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2017-06-14 10:46:02 +02:00
Michal Privoznik
992bf863fc qemu: Prefer hugepages over mem source='file'
https://bugzilla.redhat.com/show_bug.cgi?id=1214369

Consider the following XML:

  <memoryBacking>
    <hugepages>
      <page size='2048' unit='KiB' nodeset='1'/>
    </hugepages>
    <source type='file'/>
    <access mode='shared'/>
  </memoryBacking>

  <numa>
    <cell id='0' cpus='0-3' memory='512000' unit='KiB'/>
    <cell id='1' cpus='4-7' memory='512000' unit='KiB'/>
  </numa>

The following cmd line is generated:

  -object
  memory-backend-file,id=ram-node0,mem-path=/var/lib/libvirt/qemu/ram,
  share=yes,size=524288000 -numa node,nodeid=0,cpus=0-3,memdev=ram-node0
  -object
  memory-backend-file,id=ram-node1,mem-path=/var/lib/libvirt/qemu/ram,
  share=yes,size=524288000 -numa node,nodeid=1,cpus=4-7,memdev=ram-node1

This is obviously wrong as for node 1 hugepages should have been
used. The hugepages configuration is more specific than <source
type='file'/>.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-06-13 16:44:29 +02:00
Michal Privoznik
671d18594f qemu: Allow memAccess for hugepages again
https://bugzilla.redhat.com/show_bug.cgi?id=1214369
https://bugzilla.redhat.com/show_bug.cgi?id=1458638

Historically, we've always supported memAccess for domains backed
by hugepages. However, somewhere along the way we've regressed
and stopped allowing such configuration. Fix it.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-06-13 16:44:29 +02:00
Michal Privoznik
1fd19670c6 qemuxml2xmltest: Test hugepage enabled domains
We have couple of hugepage enabled domains for qemuxml2argvtest.
Unfortunately, often when adding a test case there I forget to
add it to xml2xml test too.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-06-13 16:44:29 +02:00
Michal Privoznik
5b24d25062 qemuDomainAttachMemory: Crate hugepage dir if needed
https://bugzilla.redhat.com/show_bug.cgi?id=1455819

It may happen that a domain is started without any huge pages.
However, user might try to attach a DIMM module later. DIMM
backed by huge pages (why would somebody want to mix regular and
huge pages is beyond me). Therefore we have to create the dir if
we haven't done so far.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2017-06-13 16:39:39 +02:00
Michal Privoznik
055c7c48f7 qemuProcessBuildDestroyHugepagesPath: create path more frequently
https://bugzilla.redhat.com/show_bug.cgi?id=1455819

Currently, the per-domain path for huge pages mmap() for qemu is
created iff domain has memoryBacking and hugepages in it
configured. However, this alone is not enough because there can
be a DIMM module with hugepages configured too.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2017-06-13 16:38:53 +02:00
Michal Privoznik
ba81c4ee4f daemonUnixSocketPaths: Unify exit paths
Right now, there is a lot of exit points from the function.
Depending on their position they need to copy the same free
calls. This goes against our style where we usually have just one
exit point from the function which also does the necessary free.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-06-13 15:06:34 +02:00
Jiri Denemark
16e31fb38d qemu: Fix starting a domain with corrupted managed save file
Commit v3.4.0-44-gac793bd71 fixed a memory leak, but failed to return
the special -3 value. Thus an attempt to start a domain with corrupted
managed save file would removed the corrupted file and report
"An error occurred, but the cause is unknown" instead of starting the
domain from scratch.

https://bugzilla.redhat.com/show_bug.cgi?id=1460962
2017-06-13 13:46:40 +02:00
Yi Wang
2502a0fade daemon: fix memory leak in daemonUnixSocketPaths
@rundir, allocated by virGetUserRuntimeDirectory, is leaked in case
virFileMakePath fails.

Signed-off-by: Xi Xu <xu.xi8@zte.com.cn>
Signed-off-by: Erik Skultety <eskultet@redhat.com>
2017-06-13 11:01:21 +02:00
Jiri Denemark
5c8c2d1633 cpu_ppc64: Add support for host-model on POWER9
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2017-06-13 10:35:53 +02:00
Philipp Hahn
ec9f3950e3 qemu/doc: Fix function name for handling events
Insert missing "IO" into function name.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2017-06-13 09:43:42 +02:00
Andrea Bolognani
2feb2fe251 qemu: Explain why mdevs are assumed to be PCI Express
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
2017-06-13 10:48:49 +08:00
Marc Hartmayer
adf846d3c9 Use ATTRIBUTE_FALLTHROUGH
Use ATTRIBUTE_FALLTHROUGH, introduced by commit
5d84f5961b, instead of comments to
indicate that the fall through is an intentional behavior.

Signed-off-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
Reviewed-by: Bjoern Walk <bwalk@linux.vnet.ibm.com>
2017-06-12 19:11:30 -04:00
Marc Hartmayer
7363b2266c qemu: add a comment for mon->watch
Add a comment for mon->watch to make clear what's the purpose of this
value.

Signed-off-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com>
Reviewed-by: Bjoern Walk <bwalk@linux.vnet.ibm.com>
2017-06-12 19:11:30 -04:00
Marc Hartmayer
e9538813ec rpc: first allocate the memory and then set the count
Signed-off-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
Reviewed-by: Bjoern Walk <bwalk@linux.vnet.ibm.com>
2017-06-12 19:11:30 -04:00
Roman Bogorodskiy
ebe8139536 bhyve: tests: add vnc test to bhyvexml2xmltest
Signed-off-by: Roman Bogorodskiy <bogorodskiy@gmail.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2017-06-12 18:04:54 +04:00
Shivaprasad G Bhat
3ea7eb40ba qemu: Release address for redirected device hotplug attach failure
The virDomainUSBAddressEnsure returns 0 or -1, so commit id 'de325472'
checking for 1 like qemuDomainAttachChrDeviceAssignAddr was wrong.

Signed-off-by: Shivaprasad G Bhat <sbhat@linux.vnet.ibm.com>
2017-06-12 09:02:18 -04:00
Pavel Hrdina
9fd816ed33 Revert "util: virqemu: introduce virQEMUBuildBufferEscape"
This reverts commit 22b02f4492.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2017-06-12 12:45:42 +02:00
Pavel Hrdina
8f827f2ace qemu: skip only ',' for VNC and Spice unix socket
Commit 824272cb28 attempted to fix escaping of characters in unix
socket path but it was wrong.  We need to escape only ',', there is
no escape character for '='.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2017-06-12 12:45:25 +02:00
Jie Wang
382bdbfe7b qemu: Fix memory leak in qemuDomainBlockCopyCommon()
Exiting early through the cleanup path did result in 'mirror'
being leaked.
2017-06-12 17:40:15 +08:00
Ján Tomko
3596b1ddf9 qemu: report an error if usb keyboards are unsupported
Be nicer to the user and report a proper error instead of:
An error occurred, but the cause is unknown

https://bugzilla.redhat.com/show_bug.cgi?id=1460086
2017-06-09 08:29:12 +02:00
Roman Bogorodskiy
9ea3424a17 virsh: workaround readline prototypes warnings
When building with clang 4.0.0, virsh build fails like this:

gmake[3]: Entering directory '/usr/home/novel/code/libvirt/tools'
  CC       virsh-virsh.o
In file included from virsh.c:45:
In file included from /usr/local/include/readline/readline.h:31:
/usr/local/include/readline/rltypedefs.h:35:22: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes]
typedef int Function () __attribute__ ((deprecated));
                     ^
                      void
/usr/local/include/readline/rltypedefs.h:36:24: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes]
typedef void VFunction () __attribute__ ((deprecated));
                       ^
                        void
/usr/local/include/readline/rltypedefs.h:37:26: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes]
typedef char *CPFunction () __attribute__ ((deprecated));
                         ^
                          void
/usr/local/include/readline/rltypedefs.h:38:28: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes]
typedef char **CPPFunction () __attribute__ ((deprecated));
                           ^
                            void
In file included from virsh.c:45:
/usr/local/include/readline/readline.h:385:23: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes]
extern int rl_message ();
                      ^
                       void
5 errors generated.
gmake[3]: *** [Makefile:2823: virsh-virsh.o] Error 1

Fix that by adding -D_FUNCTION_DEF to READLINE_CFLAGS to fix *Function
related warnings and add a check for stdarg.h so we have HAVE_STDARG_H
defined that's needed by the readline headers to use proper rl_message
declaration.

Bug report on the readline mailing list:

 http://lists.gnu.org/archive/html/bug-readline/2017-05/msg00004.html
2017-06-08 21:03:34 +04:00
Michal Privoznik
5f44d7e357 qemuDomainChangeNet: Forbid changing MTU
https://bugzilla.redhat.com/show_bug.cgi?id=1447618

Currently, any attempt to change MTU on an interface that is
plugged to a running domain is silently ignored. We should either
do what's asked or error out. Well, we can update the host side
of the interface, but we cannot change 'host_mtu' attribute for
the virtio-net device. Therefore we have to error out.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Laine Stump <laine@laine.org>
2017-06-08 16:53:07 +02:00
Michal Privoznik
f00e6f8bc9 qemu: Set iface MTU on hotplug
https://bugzilla.redhat.com/show_bug.cgi?id=1408701

While implementing MTU (572eda12ad and friends), I've forgotten
to actually set MTU on the host NIC in case of hotplug. We
correctly tell qemu on the monitor what the MTU should be, but we
are not actually setting it on the host NIC.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Laine Stump <laine@laine.org>
2017-06-08 16:53:07 +02:00
Ján Tomko
b2cbc3a060 qemu: format virtio-related options on the command line
Format iommu_platform= and ats= for virtio devices.

https://bugzilla.redhat.com/show_bug.cgi?id=1283251

Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2017-06-08 16:33:13 +02:00
Ján Tomko
56a28fbb57 qemuxml2argvtest: add virtio-options test case
Add a test case to demonstrate the addition of new command line options

https://bugzilla.redhat.com/show_bug.cgi?id=1283251

Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2017-06-08 16:32:58 +02:00
Ján Tomko
cc0933d350 Add virtio-related options to input devices
https://bugzilla.redhat.com/show_bug.cgi?id=1283251

Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2017-06-08 16:32:53 +02:00
Ján Tomko
f5384fb402 Add virtio-related options to video
https://bugzilla.redhat.com/show_bug.cgi?id=1283251

Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2017-06-08 16:32:49 +02:00
Ján Tomko
f65db1be12 Add virtio-related options to rng devices
https://bugzilla.redhat.com/show_bug.cgi?id=1283251

Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2017-06-08 16:32:44 +02:00
Ján Tomko
b10c22d9fa Add virtio-related options to filesystems
https://bugzilla.redhat.com/show_bug.cgi?id=1283251

Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2017-06-08 16:32:40 +02:00
Ján Tomko
c85217cf8a Add virtio-related options to controllers
https://bugzilla.redhat.com/show_bug.cgi?id=1283251

Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2017-06-08 16:32:33 +02:00
Ján Tomko
1bc2cb3b32 Add virtio-related options to disks
https://bugzilla.redhat.com/show_bug.cgi?id=1283251

Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2017-06-08 16:32:27 +02:00
Ján Tomko
82223f9364 add virtio-related options to memballoon
https://bugzilla.redhat.com/show_bug.cgi?id=1283251

Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2017-06-08 16:32:11 +02:00