'qemuDomainSecretGraphicsPrepare' always populates 'gfxPriv->tlsAlias'
when 'cfg->vncTLS' is enabled.
This means we can remove the fallback code setting up TLS for vnc via
the 'x509=' parameter.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
The 'tls-creds-x509' object is always registered even when qemu is built
without gnutls for all supported qemu versions. This means we cannot
probe for its support and thus simplify the code using TLS.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Commit a50c473ad6c988a2 removed last use of 'cfg' from
qemuDomainMemoryPeek and qemuDomainScreenshot triggering a compile time
warning.
Fixes: a50c473ad6c988a249bf79a30fb7c6dc19733347
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
The test driver can share the same code with qemu driver when implement
testDomainGetIOThreadsConfig, so extract it for test driver to use.
Also add a new parameter `bitmap_size` to the function, it's used for
specifying the bitmap size of the bitmap to generate, it would be helpful
for test driver or some special situation.
Signed-off-by: Luke Yue <lukedyue@gmail.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
The test driver can share the same code with qemu driver when implement
testDomainAddIOThreadCheck and testDomainDelIOThreadCheck, so extract
them for test driver to use.
Signed-off-by: Luke Yue <lukedyue@gmail.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Commit 6bcf25017bc6 ("virDomainMemoryPeek API") introduced memory peek
and commit 9936aecfd1b4 ("qemu: Implement the driver methods")
introduced screenshot. Both of them will put temporary files in
/var/cache/libvirt/qemu, and the temporary files are created by QEMU.
Therefore, the ownership of /var/cache/libvirt/qemu should be changed to
user and group configured in qemu.conf to make sure that QEMU process
can create and write files in the cache directory.
Libvirt will only put the temporary files in /var/cache/libvirt/qemu
until commit cbde35899b90 ("Cache result of QEMU capabilities
extraction"), which will put the cache of QEMU capabilities in
'capabilities' subdir of the cache directory. Because the capabilities
is used by libvirt, the ownership of both 'capabilities' subdir and
capabilities files are root. However, when QEMU process runs as a
regular user (e.g. qemu user), the ownership of /var/cache/libvirt/qemu
will be changed to qemu:qemu while that of
/var/cache/libvirt/qemu/capabilities will be still root:root. Then the
regular user could spoof different capabilities, which maybe lead to
denial of service.
Since the previous patch has move the temp files of screenshot and
memory peek to per-domain directory, no one except domain capabilities
uses cacheDir currently. And since domain capabilities are used by
libvirtd instead of QEMU, no need to change the ownership of cacheDir to
qemu:qemu explicitly.
Signed-off-by: Peng Liang <liangpeng10@huawei.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
The temp files of screenshot and memory peek, which are created by QEMU,
are put in the cache directory. However, the caches of domain
capabilities, which are created and used by libvirtd, are also put in
the cache directory. In order to make the cache directory more secure,
move the temp files of screenshot and memory peek to per-domain
directory.
Since the temp files are just temporary files and are only used by
libvirtd (libvirtd will delete them after use), the use of screenshot
and memory peek will be affected.
Signed-off-by: Peng Liang <liangpeng10@huawei.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Since there's just one type left, we can change the name to a more
generic one.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Now that we've removed support for plaintext secrets qemuDomainSecretInfo
can be simplified by removing the 'type' field and merging in all the
fields from 'qemuDomainSecretAES'.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
It always returns true for iSCSI, so we can remove the fallback logic.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
After removal of plaintext secrets this function is a noop.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
There's no code which could set it any more so we can remove the
generators.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
QEMU supports the 'password-secret' parameter to pass a QCryptoSecret
since 2.9. Remove the alternate plaintext logic.
Unfortunately this had a ripple effect of removing qemuCaps from a lot
of functions.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
The answer is now always 'true', so we can remove the function and
simplify the logic in places where it's called.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
The secret object is supported since qemu-2.6 and can't be compiled out.
Assume the presence to simplify the code.
This enables the use of the secret key for most tests not using real
caps.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
It always returns true. Make the logic a bit simpler to see through.
This completely removes 'virCryptoHaveCipher' as it's pointless in the
current form.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
The code assumes that all supported qemu versions have this capability
so we can retire it.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
qemu supports this since 81b2b81062 ("fw_cfg: insert fw_cfg file blobs
via qemu cmdline") released in qemu-v2.4.0 and it can't be compiled out.
Assume that the option always works and remove the corresponding check.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Added to 'query-command-line-options' in qemu commit 5559716c98
("util/qemu-config: Add loadparm to qemu machine_opts") released in
qemu-v2.10.0 but makes sense for s390 only. Treat it the same as the
keywrap capabilities in previous commit.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
qemu introduced these options in 2eb1cd0768 ("s390x: CPACF: Handle key
wrap machine options") released in qemu-v2.3.0 but was exposed in
query-command-line-options only in 5bcfa0c543 ("util/qemu-config: fix
missing machine command line options").
The problem is that they are exposed even for architectures which don't
actually in fact support those.
Make the two capabilities a bit more useful by assuming them only on
s390 and thus removing them from other arches.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
The code assumes that the feature tracked by this capability always
exists.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Supported since qemu commit 8490fc78e7 ("add -machine mem-merge=on|off
option") released in qemu-v1.3.0 and can't be compiled out.
Assume that it's present and remove the validation code.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
The code assumes that the feature tracked by this capability always
exists.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Supported since qemu commit 3d3b8303c6 ("showing a splash picture when
start") released in qemu-v1.0 and can't be compiled out.
Assume that it's present and remove the validation code.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
The code assumes that the feature tracked by this capability always
exists.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Supported since ac05f34924 ("add a boot parameter to set reboot
timeout") released in qemu-v1.3.0 and can't be compiled out.
Assume that it's present and remove the validation code.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Added by c8a6ae8bb9 in qemu-v1.5.0 and can't be compiled out. Assume
that it's present and fix all fake-caps tests.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Use g_autofree for the JSON values to remove cleanup label and ret
variable.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Of the two callers one simply iterates over the returned paths and the
second one appends the returned paths to another linked list. Simplify
all of this by directly returning a linked list.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
The option "queue-size" in virtio-blk was added in qemu-2.12.0, and
default value increased from qemu-5.0.0.
However, increasing this value may lead to drop of random access
performance.
Signed-off-by: Hiroki Narukawa <hnarukaw@yahoo-corp.jp>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
To support virtio-blk queue-size option, this commit adds capability
detection to the option.
Signed-off-by: Hiroki Narukawa <hnarukaw@yahoo-corp.jp>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
In fact keeping the VM around for debugging is a desirable configuration
and actually the implementation has no code as we keep the VM around.
Remove the validation and add a note that it's actually used.
Fixes: b1b85a475fb251b9068b75f629479f5c452f1b43
Reported-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
Launch swtpm(8) with the --terminate switch, which guarantees that
the daemon will shut itself down when QEMU dies (current behavior).
We had so far been getting this "for free" (i.e. without --terminate)
due to a defect in upstream's connection handling logic [1], on which
libvirt should not rely since it will eventually be fixed. Adding
--terminate preserves and guarantees the current behavior.
[1] https://github.com/stefanberger/swtpm/pull/509
Signed-off-by: Nick Chevsky <nchevsky@gmail.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
We don't need to propagate all public flags, only the information
about the presence of the validation one, which can differ from
function to function. This patch makes it easier and more
readable in case of a future additions of validation flags.
This change was suggested by Daniel.
Signed-off-by: Kristina Hanicova <khanicov@redhat.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
We don't support all startup policies with all source types so to
correctly allow switching from a 'file' based cdrom with 'optional'
startup policy to a 'block' based one which doesn't support optional we
must update the startup policy field first. Obviously we need to have
fallback if the update fails.
Reported-by: Vojtech Juranek <vjuranek@redhat.com>
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
'-qmp' in this case behaves the same as '-chardev' so it should have
been converted the same way as others were in 43c9c0859f2d53321 since
short options are deprecated.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Since we no longer use '-device sga' we can stop probing for this device
in our capabilities code.
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
SeaBIOS >= 1.11 has built-in support for outputting to the serial
console when QEMU sets -M graphics=off. Our minimum QEMU version
is 2.11.0, which bundled SeaBIOS 1.11. Thus we have no need to
use '-device sga' anymore.
This change results in a slight layout difference for option ROMs
in memory, however, it does not affect the migration data stream
format on the wire and once migration is complete the target QEMU
memory layout for ROMs matches the source QEMU once again.
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
The BIOS serial console output is currently implemented using the QEMU
'sga' device, but this is going to change in future patches, so the
error message ought to be more generically phrased.
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
The <bios useserial='yes'> config results in use of the '-device sga'
QEMU options. This in turn causes QEMU go load the sgabios.bin option
ROM, which contains x86 machine code. This cannot work on non-x86
arches, thus we should block the bad config.
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
LUN disks are supported only by VMX and QEMU drivers and the VMX
implementation is a subset of qemu's implementation, thus we can move
the qemu-specific validator to the global validation code providing that
we allow the format to be 'none' (qemu driver always sets 'raw' if it's
not set) and allow disk type 'volume' as a source (qemu always
translates the source, and VMX doesn't implement 'volume' at all).
Moving the code to the global validation allows us to stop calling it
from the qemu specific validation and also deduplicates the checks.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Unused as of:
commit effeee5c2fcec19fcaad627690a6a0ba0025e35f
qemu: driver: Use 'qemuDomainSaveStatus' for saving status XML
This function extracts the config from the vm object, so the caller
no longer needs to do it.
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
