Commit Graph

37125 Commits

Author SHA1 Message Date
Michal Privoznik
28fdfd20f2 qemu: Label restore path outside of secdriver transactions
As explained in the previous commit, we need to relabel the file
we are restoring the domain from. That is the FD that is passed
to QEMU. If the file is not under /dev then the file inside the
namespace is the very same as the one in the host. And regardless
of using transactions, the file will be relabeled. But, if the
file is under /dev then when using transactions only the copy
inside the namespace is relabeled and the one in the host is not.
But QEMU is reading from the one in the host, actually.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1772838

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2020-04-17 16:24:30 +02:00
Michal Privoznik
55cbb94e2e security: Introduce virSecurityManagerDomainSetPathLabelRO
This API allows drivers to separate out handling of @stdin_path
of virSecurityManagerSetAllLabel(). The thing is, the QEMU driver
uses transactions for virSecurityManagerSetAllLabel() which
relabels devices from inside of domain's namespace. This is what
we usually want. Except when resuming domain from a file. The
file is opened before any namespace is set up and the FD is
passed to QEMU to read the migration stream from. Because of
this, the file lives outside of the namespace and if it so
happens that the file is a block device (i.e. it lives under
/dev) its copy will be created in the namespace. But the FD that
is passed to QEMU points to the original living in the host and
not in the namespace. So relabeling the file inside the namespace
helps nothing.

But if we have a separate API for relabeling the restore file
then the QEMU driver can continue calling
virSecurityManagerSetAllLabel() with transactions enabled and
call this new API without transactions.

We already have an API for relabeling a single file
(virSecurityManagerDomainSetPathLabel()) but in case of SELinux
it uses @imagelabel (which allows RW access) and we want to use
@content_context (which allows RO access).

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2020-04-17 16:24:30 +02:00
Jiri Denemark
36e125296a util: Fix virDaemonForkIntoBackground
This commit partially reverts

    commit c360ea28dc
    Refs: v6.2.0-rc1-1-gc360ea28dc
    Author:     Rafael Fonseca <r4f4rfs@gmail.com>
    AuthorDate: Fri Mar 27 18:40:47 2020 +0100
    Commit:     Michal Prívozník <mprivozn@redhat.com>
    CommitDate: Mon Mar 30 09:48:22 2020 +0200

    util: virdaemon: fix compilation on mingw

    The daemons are not supported on Win32 and therefore were not compiled
    in that platform. However, with the daemon code sharing, all the code in
    utils *is* compiled and it failed because `waitpid`, `fork`, and
    `setsid` are not available. So, as before, let's not build them on
    Win32 and make the code more portable by using existing vir* wrappers.

Not compiling virDaemonForkIntoBackground on Win32 is good, but the
second part of the original patch incorrectly replaced waitpid and fork
with our virProcessWait and virFork APIs. These APIs are more than just
simple wrappers and we don't want any of the extra functionality.
Especially virFork would reset any setup made before
virDaemonForkIntoBackground is called, such as logging, signal handling,
etc.

As a result of the change the additional fix in v6.2.0-67-ga87e4788d2
(util: virdaemon: fix waiting for child processes) is no longer
needed and it is effectively reverted by this commit.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-04-17 15:53:57 +02:00
Boris Fiuczynski
e94ddeac06 docs: Improve zPCI section in pci-addresses.rst
Improving the zPCI example by choosing more distinct values and
adding explanation for fid.

Signed-off-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2020-04-17 15:06:04 +02:00
Andrea Bolognani
c889b2d614 docs: Update introduction in pci-addresses.rst
Changing the introduction to bring the idea of this document better across.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
2020-04-17 15:05:54 +02:00
Andrea Bolognani
52b51b55a2 docs: Add section about code blocks to styleguide.rst
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2020-04-16 18:58:07 +02:00
Daniel P. Berrangé
d2c5d975a5 docs: fix mistaken description of the read-only socket units
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-04-16 16:26:13 +01:00
Daniel P. Berrangé
116800ed9f docs: remove old unused favicon file
The use of 32favicon.png was removed when the new favicons were
introduced in

  commit 40cb5581c4
  Author: Daniel P. Berrangé <berrange@redhat.com>
  Date:   Wed Jul 26 18:22:11 2017 +0100

    docs: add full set of "favicon" files to support modern clients

Reviewed-by: Laine Stump <laine@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-04-16 16:26:11 +01:00
Daniel P. Berrangé
a6e39ab241 docs: add missing files to static asset list
The various favicon files were missing from the favicon list, so never
installed, as was an example code diagram.

Reviewed-by: Laine Stump <laine@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-04-16 16:26:07 +01:00
Daniel P. Berrangé
9e2160bef0 docs: fix handling of static assets in build dir
We previously added a hack to symlink CSS files from the source dir into
the build dir, to allow the website to be browsed locally. We should
have also done this for any images.

This change merges several variables into one "$(assets)" so that we
treat all static files in the root dir the same way.

Reviewed-by: Laine Stump <laine@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-04-16 16:25:57 +01:00
Daniel P. Berrangé
b85a8f2288 bhyve: add missing param to virDomainPCIAddressBusSetModel
Fixes build error introduced in

  commit aa15e9259f
  Author: Laine Stump <laine@redhat.com>
  Date:   Sun Apr 5 22:40:37 2020 -0400

    qemu/conf: set HOTPLUGGABLE connect flag during PCI address set init

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-04-16 15:49:28 +01:00
Leonid Bloch
5ccd6ae586 conf: Trivial comment fix
Trivial comment fix, reflecting the changes in
4ee2b31804.

Signed-off-by: Leonid Bloch <lb.workbox@gmail.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2020-04-16 16:38:07 +02:00
Michal Privoznik
67b973b510 qemuDomainDefPostParse: Fail if unable to fill machine type
Previously, we used virCapabilitiesDomainDataLookup() to fill
machine type in post parse callback if none was provided in the
domain XML. If machine type couldn't be filled in an error was
reported. After 4a4132b462 we've changed it to
virQEMUCapsGetPreferredMachine() which returns NULL, but we no
longer report an error and proceed with the post parse callbacks
processing. This may lead to a crash because the code later on
assumes def->os.machine is not NULL.

Fixes: 4a4132b462

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Pavel Mores <pmores@redhat.com>
2020-04-16 16:14:05 +02:00
Michal Privoznik
67e19fc99a qemu: Revoke access to mirror on failed blockcopy
When preparing to do a blockcopy, the mirror image is modified so
that QEMU can access it. For instance, the mirror has seclabels
set, if it is a NVMe disk it is detached from the host and so on.
And usually, the restore is done upon successful finish of the
blockcopy operation. But, if something fails then we need to
explicitly revoke the access to the mirror image (and thus
reattach NVMe disk back to the host).

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1822538

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Pavel Mores <pmores@redhat.com>
2020-04-16 16:12:41 +02:00
Andrea Bolognani
8fb7c0c506 docs: Remove one example from pci-addresses.rst
The idea behind this document is to show, with actual examples,
that users should not expect PCI addresses in the domain XML and
in the guest OS to match.

The first zPCI example already serves this purpose perfectly, so
in the interest of keeping the page as brief and easy to digest
as possible the second one is removed.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
2020-04-16 11:12:46 +02:00
Andrea Bolognani
253b94710b docs: Remove MAC addresses from pci-addresses.rst
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
2020-04-16 11:12:43 +02:00
Andrea Bolognani
5590fe160b docs: Move sections around in pci-addresses.rst
The section about VFIO devices is kept separate from the rest
because it's less about domain XML and guest OS disagreeing on the
PCI address of a device, and more about which of the two PCI
addresses in the domain XML is even relevant to the guest OS.

The section on zPCI addresses, on the other hand, falls squarely
in the "more complex cases" category, so it should live in the
corresponding section.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
2020-04-16 11:12:41 +02:00
Andrea Bolognani
db9c6d47d8 docs: Use consistent style in pci-addresses.rst
Indent all code snippets by the same number of spaces, and don't
embed the :: marker in the line preceding a code block.

This commit is best viewed with 'git show -w'.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
2020-04-16 11:12:33 +02:00
Lin Ma
93b15ba0f2 qemu: fix hang in p2p + xbzrle compression + parallel migration
When we do parallel migration, The multifd-channels migration parameter
needs to be set on the destination side as well before incoming migration
URI, unless we accept the default number of connections(2).

Usually, This can be correctly handled by libvirtd. But in this case if
we use p2p + xbzrle compression without parameter '--comp-xbzrle-cache',
qemuMigrationParamsDump returns too early, The corresponding migration
parameter will not be set on the destination side, It results QEMU hangs.

Reproducer:
virsh migrate --live --p2p --comp-methods xbzrle \
--parallel --parallel-connections 3 GUEST qemu+ssh://dsthost/system

or

virsh migrate --live --p2p --compressed \
--parallel --parallel-connections 3 GUEST qemu+ssh://dsthost/system

Signed-off-by: Lin Ma <lma@suse.com>
Message-Id: <20200416044451.21134-1-lma@suse.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
2020-04-16 09:53:04 +02:00
Andrea Bolognani
a158eb5c8e gitlab: Enable improved ccache usage
Setting CC="ccache cc" works in most cases, but sometimes it will
break the build: in particular, we have experienced issues in the
past with that approach when using cgo to build our Go bindings.

A more robust approach is to have a directory containing symlinks
from the compiler name to the ccache binary: in that case, ccache
itself will invoke the compiler, and the build system will be none
the wiser.

Since libvirt-ci commit 2563aebb6c5c, container images contain a
suitable symlink directory, so all that's needed to enable the new
approach is to add this directory to $PATH.

Since we're touching this anyway, we make a few more changes:
$CCACHE_DIR is no longer created manually, because ccache will
take care of creating it for us if it doesn't already exist; the
ccache setup is moved out of the job template and into
script_variables, removing unnecessary duplication; a limit is
set on the size of the cache (500 MB, which is twice the amount
used by a fresh build on my Fedora 31 machine).

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2020-04-15 17:50:49 +02:00
Andrea Bolognani
29e09694bc gitlab: Don't define $MAKE
Since libvirt-ci commit 27cfddee8835, paths to build tools such as
ninja and make are exported in the container's environment and can
be used directly.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2020-04-15 17:50:27 +02:00
Cornelia Huck
53f687bbab docs: add zpci information to pci-addresses.rst
Add some information on how pci address work on s390x.

Signed-off-by: Cornelia Huck <cohuck@redhat.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-04-15 13:02:24 +02:00
Andrea Bolognani
e767f509b2 docs: Fix word repetition in pci-addresses.rst
Fixes: 2923e7a3dd
Reported-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
2020-04-15 10:49:42 +02:00
Christian Ehrhardt
8f61fd6bf2
apparmor: avoid denials on libpmem initialization
With libpmem support compiled into qemu it will trigger the following
denials on every startup.
  apparmor="DENIED" operation="open" name="/"
  apparmor="DENIED" operation="open" name="/sys/bus/nd/devices/"

This is due to [1] that tries to auto-detect if the platform supports
auto flush for all region.

Once we know all the paths that are potentially needed if this feature
is really used we can add them conditionally in virt-aa-helper and labelling
calls in case </pmem> is enabled.

But until then the change here silences the denial warnings seen above.

[1]: https://github.com/pmem/pmdk/blob/master/src/libpmem2/auto_flush_linux.c#L131

Bug: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1871354

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Acked-by: Jamie Strandboge <jamie@canonical.com>
2020-04-15 10:33:23 +02:00
Andrea Bolognani
2923e7a3dd docs: Add pci-addresses.rst
This document describes the relationship between PCI addresses as
seen in the domain XML and by the guest OS, which is a topic that
people get confused by time and time again.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2020-04-15 09:47:49 +02:00
Peter Krempa
a7db0b757d backup: Allow 'encryption' of backups and scratch images
Add the appropriate entries into the schema to allow encryption of the
backup or scratch image. Since we use blockdev internals for everything
no changes to the code are actually necessary.

https://bugzilla.redhat.com/show_bug.cgi?id=1811906

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-04-14 18:49:41 +02:00
Peter Krempa
30d2491d8b docs: backup: Remove references to push backup to network disk
It was never implemented and for now I don't think there's demand to do
it. Remove the reference.

https://bugzilla.redhat.com/show_bug.cgi?id=1812100

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-04-14 18:48:57 +02:00
Peter Krempa
a5b064bf4b conf: Don't format http cookies unless VIR_DOMAIN_DEF_FORMAT_SECURE is used
Starting with 3b076391be
(v6.1.0-122-g3b076391be) we support http cookies. Since they may contain
somewhat sensitive information we should not format them into the XML
unless VIR_DOMAIN_DEF_FORMAT_SECURE is asserted.

Reported-by: Han Han <hhan@redhat.com>
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2020-04-14 18:47:49 +02:00
Peter Krempa
524de6cc35 virstoragetest: testBackingParse: Use VIR_DOMAIN_DEF_FORMAT_SECURE when formatting xml
We want to format even the secure information in tests.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2020-04-14 18:47:01 +02:00
Peter Krempa
a33046f3c3 virsh: cmdUndefine: Properly extract delete-storage-volume-snapshots flag
Commit 86608f787e added the above flag as an alias for ambiguous
'delete-snapshots' flag, but forgot to actually change the code that
extracts it, thus the new version actually doesn't work.

https://bugzilla.redhat.com/show_bug.cgi?id=1821988

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-04-14 18:43:48 +02:00
Peter Krempa
4aea6f42fe qemu: backup: Fix handling of backing store for backup target images
We always tried to install backing store for the image even if it didn't
make sense, e.g. for a full backup into a raw image. Additionally we
didn't record the backing file into the qcow2 metadata so the image
itself contained the diff of data but reading from it would be
incomplete as it depends on the backing image.

This patch fixes both issues by carefully installing the correct backing
file when appropriate and also recording it into the metadata when
creating the image.

https://bugzilla.redhat.com/show_bug.cgi?id=1813310

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-04-14 18:37:05 +02:00
Andrea Bolognani
818652619d Convert all remaining Markdown files to reStructuredText
We've adopted reStructuredText as the primary markup language for
our documentation and, given that both GitLab and GitHub can render
documents in this format just fine, it makes sense to get rid of
the few last remaining bits of Markdown and standardize on
reStructuredText across the board.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-04-14 16:29:04 +02:00
Seeteena Thoufeek
eff99d728a libvirt-stream: Convert to the g_autofree usage
Signed-off-by: Seeteena Thoufeek <s1seetee@linux.vnet.ibm.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2020-04-14 15:37:01 +02:00
Seeteena Thoufeek
9115ebe892 driver: Yet 1 more g_autofree conversion change
This is the last missing g_autofree conversion change in the module after
commit 1e2ae2e311 took care of the VIR_AUTOFREE conversion.

Signed-off-by: Seeteena Thoufeek <s1seetee@linux.vnet.ibm.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2020-04-14 15:36:53 +02:00
Andrea Bolognani
de7ec8629b travis: Remove usage of 'sudo'
Travis CI reports

  root: deprecated key sudo (The key `sudo` has no effect anymore.)

so let's drop it.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2020-04-14 15:21:22 +02:00
Andrea Bolognani
31730aff3e travis: Deduplicate build instructions
All information, except for osx_image image, is identical between
the two jobs so we can avoid repeating it.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2020-04-14 15:21:12 +02:00
Andrea Bolognani
483dd223b5 README-hacking: Drop from the git repository
The newly-introduced CONTRIBUTING.rst serves the same purposes and
lives in the path where most people would look for it.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-04-14 13:16:19 +02:00
Andrea Bolognani
874952f80c CONTRIBUTING: Add entry point for new contributors
It's generally expected that a git repository will contain this file,
which serves as an entry point for people interested in contributing
to the project.

In our case, we have extensive documentation available on the
website which we don't want to duplicate, so let's just point people
there.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-04-14 13:16:13 +02:00
Nikolay Shirokovskiy
a13ac587bf util: fix iteration in virSocketAddrResolveService
getaddrinfo returns linked list. Fix iteration accordingly.

Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2020-04-14 09:17:26 +03:00
Laine Stump
7118bdee15 conf: during PCI hotplug, require that the controller support hotplug
Before this patch we would simply rely on QEMU failing to attach the
device. Since we have a flag in the address set telling us which
controllers support hotplug, we can fail the operation sooner.

This also assures that when hotplugging with no provided PCI address,
that we skip any controllers with hotplug='off', and attempt to assign
the device to a controller that not only supports hotplug, but also
has it enabled.

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-04-12 22:43:48 -04:00
Laine Stump
a283189f8c conf: check HOTPLUGGABLE connect flag when validating a PCI address
The HOTPLUGGABLE flag is set for appropriates buses in a PCI address
set, and thnis patch updates virDomainPCIAddressFlagsCompatible() to
check the HOTPLUGGABLE flag when searching for a suitable bus/slot for
a device. No devices request HOTPLUGGABLE though (yet), so there is no
observable effect.

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-04-12 22:42:14 -04:00
Laine Stump
aa15e9259f qemu/conf: set HOTPLUGGABLE connect flag during PCI address set init
virDomainPCIAddressBusSetModel() is called for each PCI controller
when building an address set prior to assiging PCI addresses to
devices.

This patch adds a new argument, allowHotplug, to that function that
can be set to false if we know for certain that a particular
controller won't support hotplug

The most interesting case is in qemuDomainPCIAddressSetCreate(), where
the config of each existing controller is available while building the
address set, so we can appropriately set allowHotplug = false when the
user has "hotplug='off'" in the config of a controller that normally
would support hotplug. In all other cases, it is set to true or false
in accordance with the capability of the controller model.

So far we aren't doing anything with this bus flag in the address set.

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-04-12 22:39:51 -04:00
Laine Stump
fcdf87d3ef conf: simplify logic when checking for AUTOASSIGN PCI addresses
Old behavior: If the address was manually provided by config, copy
device AUTOASSIGN flag into the bus flag, and then later on in the
function *always* check for a match of the flags (which will always
match if the address came from config, since we just copied it).

New behavior: Don't mess with the bus flags - just directly check if
the AUTOASSIGN flag matches in bus and dev, but only make the check if
the address didn't come from config (i.e. it was auto-assigned by
libvirt).

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-04-12 22:38:27 -04:00
Laine Stump
7c98f5e365 conf/qemu: s/VIR_PCI_CONNECT_HOTPLUGGABLE/VIR_PCI_CONNECT_AUTOASSIGN/g
When the HOTPLUGGABLE flag was originally added, it was set for all
the PCI controllers that accepted hotplugged devices, and requested
for all devices that were auto-assigned to a controller. While we're
still autoassigning to the same list of controllers, those controllers
may or may not support hotplug, so let's use the flag that fits what
we're actually doing.

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-04-12 22:37:09 -04:00
Laine Stump
c296a846ad conf: add new PCI_CONNECT flag AUTOASSIGN
This new flag will be set for any controller that we decide can have
devices assigned to it automatically during PCI device assignment. In
the past PCI_CONNECT_TYPE_HOTPLUGGABLE was used for this purpose, but
that is overloading that flag, and no longer technically correct; what
we *really* want is to auto-assign devices to any pcie-root-port or
pcie-switch-downstream-port regardless of whether or not that
controller happens to have hotplug enabled.

This patch just adds the flag, but doesn't use it at all. Note that
the numbering of all the other flags was changed in order to insert
the new flag near the beginning of the list; that doesn't cause any
problem because the connect flags aren't stored anywhere between runs
of libvirtd.

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-04-12 22:35:45 -04:00
Laine Stump
389811d517 docs: mention hotplug='off' in news.xml
Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-04-12 22:35:07 -04:00
Laine Stump
2d3cf60328 qemu: hook up pcie-root-port hotplug='off' option
If a pcie-root-port or pcie-downstream-port has hotplug='off' in its
<target> subelement, and if the qemu binary supports the hotplug=false
option, then it will be added to the commandline for the pcie
controller. This controller will then not allow any hotplug/unplug of
devices while the guest is running (and the hotplug capability won't
be advertised to the guest OS, so the guest OS also won't present
unplugging of PCI devices as an option).

  <controller type='pci' model='pcie-root-port'>
    <target hotplug='off'/>
  </controller>

For any PCI controllers other than pcie-downstream-port and
pcie-root-port, of for qemu binaries that don't support the hotplug
commandline option, an error will be logged during validation.

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-04-12 22:34:19 -04:00
Laine Stump
78f4d5e6f1 conf: new attribute "hotplug" for pci controllers
a <controller type='pci'...> element can now have a "hotplug"
attribute in the <target> subelement. This is intended to control
whether or not the slot(s) of the controller support
hotplugging/unplugging a device:

   <controller type='pci' model='pcie-root-port'>
     <target hotplug='off'/>
   </controller>

The default value of hotplug is "on".

Since support for configuring such an option is hypervisor-dependent
(and will vary among different types of PCI controllers even on a
single hypervisor), no validation is done in this patch - that
validation will be done in the patch that wires support for the
setting into the hypervisor.

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-04-12 22:32:30 -04:00
Laine Stump
cbd4ab4cc6 qemu: new capabilities flag pcie-root-port.hotplug
This caps flag is set when the qemu binary supports the option
"hotplug" for pcie-root-port, ioh3420 (Intel pcie-root-port) and
xio3130-downstream (Intel pcie-downstream-port). If it's available,
it's possible to disable hotplugging/unplugging devices on a
particular port by adding ",hotplug=off" to the qemu device
commandline. This option first appears in qemu-5.0.0.

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-04-12 22:30:10 -04:00
Daniel Henrique Barboza
f68601dd72 formatdomain.html.in: document emulator/vcpu pin delay
In a guest with only one vcpu, when pinning the emulator in say CPU184
and the vcpu0 in CPU0 of the host, the user might expect that only
CPU0 and CPU184 of the host will be used by the guest.

The reality is that Libvirt takes some time to honor the emulator
and vcpu pinning, taking care of NUMA constraints first. This will
result in other CPUs of the host being potentially used by the
QEMU thread until the emulator/vcpu pinning is done. The user
then might be confused by the output of 'virsh cpu-stats' in this
scenario, showing around 200 microseconds of cycles being spent
in other CPUs.

Let's document this behavior, which is explained in detail in
Libvirt commit v5.0.0-199-gf136b83139, in the cputune section
of formatdomain.html.in.

Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2020-04-10 11:36:02 +02:00