Commit Graph

26011 Commits

Author SHA1 Message Date
Peter Krempa
b4c7310633 Disallow inclusion of files from src/conf into src/utils
The utils code should stay separated from other code (except for very
well justified cases). Unfortunately commit 272769becc
made it trivial to break the separation (and not get slapped by the
syntax-check rule) by adding -I src/conf to the CFLAGS for utils.

Remove this shortcut and except the two offenders from the syntax check
so that the codebase can be kept separated.
2017-02-20 15:12:07 +01:00
Marc Hartmayer
3427b36cc1 node_device: Check return value for udev_new()
The comment was actually wrong as
https://www.freedesktop.org/software/systemd/man/udev_new.html#
mentions that on failure NULL is returned.  Also the same return value
is checked in src/interface/interface_backend_udev.c already.

Signed-off-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com>
2017-02-20 14:44:27 +01:00
Pavel Hrdina
579fc9a287 tests: add QEMU 2.9.0 caps data
QEMU 2.9.0 is not released yet but it's close to its release and
we need this data to implement new features that will be in
that release.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-02-20 13:13:52 +01:00
Pavel Hrdina
a6e28aa599 tests: update QEMU 2.8.0 caps data
The old data was generated from not released QEMU.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-02-20 12:46:15 +01:00
Michal Privoznik
5c74cf1f44 qemu: Allow @rendernode for virgl domains
When enabling virgl, qemu opens /dev/dri/render*. So far, we are
not allowing that in devices CGroup nor creating the file in
domain's namespace and thus requiring users to set the paths in
qemu.conf. This, however, is suboptimal as it allows access to
ALL qemu processes even those which don't have virgl configured.
Now that we have a way to specify render node that qemu will use
we can be more cautious and enable just that.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-02-20 10:44:22 +01:00
Michal Privoznik
dfa79bd82b news: add entries for recent nodedev driver improvements
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-02-20 07:39:34 +01:00
Michal Privoznik
1bb787fdc9 qemuDomainGetHostdevPath: Report /dev/vfio/vfio less frequently
So far, qemuDomainGetHostdevPath has no knowledge of the reasong
it is called and thus reports /dev/vfio/vfio for every VFIO
backed device. This is suboptimal, as we want it to:

a) report /dev/vfio/vfio on every addition or domain startup
b) report /dev/vfio/vfio only on last VFIO device being unplugged

If a domain is being stopped then namespace and CGroup die with
it so no need to worry about that. I mean, even when a domain
that's exiting has more than one VFIO devices assigned to it,
this function does not clean /dev/vfio/vfio in CGroup nor in the
namespace. But that doesn't matter.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2017-02-20 07:21:59 +01:00
Michal Privoznik
b8e659aa98 qemuDomainGetHostdevPath: Create /dev/vfio/vfio iff needed
So far, we are allowing /dev/vfio/vfio in the devices cgroup
unconditionally (and creating it in the namespace too). Even if
domain has no hostdev assignment configured. This is potential
security hole. Therefore, when starting the domain (or
hotplugging a hostdev) create & allow /dev/vfio/vfio too (if
needed).

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2017-02-20 07:21:58 +01:00
Michal Privoznik
9d92f533f8 qemuSetupHostdevCgroup: Use qemuDomainGetHostdevPath
Since these two functions are nearly identical (with
qemuSetupHostdevCgroup actually calling virCgroupAllowDevicePath)
we can have one function call the other and thus de-duplicate
some code.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2017-02-20 07:21:58 +01:00
Michal Privoznik
60ddceff8f qemu_cgroup: Kill qemuSetupHostSCSIVHostDeviceCgroup
There's no need for this function. Currently it is passed as a
callback to virSCSIVHostDeviceFileIterate(). However, SCSI host
devices have just one file path. Therefore we can mimic approach
used in qemuDomainGetHostdevPath() to get path and call
virCgroupAllowDevicePath() directly.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2017-02-20 07:21:58 +01:00
Michal Privoznik
7bb01ed3cd qemu_cgroup: Kill qemuSetupHostSCSIDeviceCgroup
There's no need for this function. Currently it is passed as a
callback to virSCSIDeviceFileIterate(). However, SCSI devices
have just one file path. Therefore we can mimic approach used in
qemuDomainGetHostdevPath() to get path and call
virCgroupAllowDevicePath() directly.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2017-02-20 07:21:58 +01:00
Michal Privoznik
4d7d1c4bc3 qemu_cgroup: Kill qemuSetupHostUSBDeviceCgroup
There's no need for this function. Currently it is passed as a
callback to virUSBDeviceFileIterate(). However, USB devices have
just one file path. Therefore we can mimic approach used in
qemuDomainGetHostdevPath() to get path and call
virCgroupAllowDevicePath() directly.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2017-02-20 07:21:58 +01:00
Pavel Hrdina
165c76acd0 util: virvhba: fix typo that breaks build on non-linux systems
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-02-19 15:47:27 +01:00
John Ferlan
f3b1b98121 tests: Add createVHBAByNodeDevice-parent-fabric-wwn to fchosttest
Add a test that allows providing the parent fabric_wwn in the input XML
in order to create the vHBA.

This also fixes a mixed setting of the fabric_wwn field from the read
test driver XML strings.
2017-02-19 06:45:09 -05:00
John Ferlan
19ff43612c tests: Add createVHBAByNodeDevice-parent-wwn to fchosttest
Add a test that allows providing the parent wwnn/wwpn in the input XML
in order to create the vHBA.
2017-02-19 06:45:09 -05:00
John Ferlan
5319c49ce9 tests: Add createVHBAByNodeDevice-no-parent to fchosttest
Add a test that allows not providing a parent in the input XML, but still
being able to create finding a VPORT capable NPIV HBA.
2017-02-19 06:45:09 -05:00
John Ferlan
7ad479d0bd nodedev: Rework virNodeDeviceGetParentHost
Rework the code to perform the various searches by parent, parent_wwnn/
parent_wwpn, parent_fabric_wwn, or vport capable in order to return the
'parent_host' number that is vHBA capable.

The former virNodeDeviceGetParentHost is renamed to add the ByParent
on it fixes an issue where if no parent was supplied in the XML to
create the vHBA, then virNodeDeviceFindByName was called with a NULL
second parameter which had bad results.

The reworked code will make the various calls to fetch the NPIV host
by the passed parameter options or if none are provided find a vport
capable NPIV HBA to perform the create. If the call is from the delete
path, then this option won't be allowed.

Each of virNodeDeviceGetParentHostBy* functions is now static, so
remove them external definitions.

A secondary benefit of this is the test_driver now can make use of
the new API to add some new tests to test the various creation options.
2017-02-19 06:45:09 -05:00
John Ferlan
ccb0d6e342 nodedev: Keep the node device lock longer in nodeDeviceDestroy
While perhaps improbable, it could be possible that after finding our
object that another thread running essentially in parallel could attempt
to delete the same vHBA.

So rather than dropping the lock right after finding the object, keep
the lock around while we drop the object lock and work on deleting the
object. Once the delete occurs we can safely drop the driver lock again.

Cleanup some of the usage of cleanup instead out for the goto label.
2017-02-19 06:45:09 -05:00
John Ferlan
4b6ee784de tests: Add new fchosttest tests for management of a vHBA
Add a test that will mimic creation and destruction of a vHBA
by using node device XML. The design will allow for testing the
multiple mechanisms.

The first test uses just <parent> in the node device XML. This is
somewhat similar to the existing objecteventtest, except that this
test will not provide input wwnn/wwpn's (similar to how the process
is described for the the libvirt wiki).

This requires mocking the virRandomGenerateWWN since parsing the
input XML (virNodeDevCapSCSIHostParseXML) requires either a provided
wwnn/wwpn in the XML or the ability to randomly generate the wwnn/wwpn.
2017-02-19 06:45:09 -05:00
John Ferlan
03346def06 util: Move scsi_host specific functions from virutil
Create a virscsihost.c and place the functions there. That removes the
last #ifdef __linux__ from virutil.c.

Take the opporunity to also change the function names and in one case
the parameters slightly
2017-02-19 06:45:09 -05:00
John Ferlan
d2d74a986d util: Replace virStoragePoolGetVhbaSCSIHostParent
Use the new virNodeDeviceGetParentName instead. Modify the callers to
build the node device scsi_host# name string in order to call the new
function so that proper lookup occurs.
2017-02-19 06:45:09 -05:00
John Ferlan
aa6aa624ad nodedev: Introduce virNodeDeviceGetParentName
Create a function which takes a node device "name" entry to lookup
and returns a string containing the parent name for the node device.
2017-02-19 06:45:09 -05:00
John Ferlan
16416816c1 util: Create a new virvhba module and move/rename API's
Rather than have them mixed in with the virutil apis, create a separate
virvhba.c module and move the vHBA related calls into there. Soon there
will be more added.

Also modify the names of the functions and some arguments to be more
indicative of what is really happening. Adjust the callers respectively.

While I was changing fchosttest, rather than the non-descriptive names
test1...test6, rename them to match what the test is doing.
2017-02-19 06:45:09 -05:00
John Ferlan
9588a21b32 test: Fix fchosttest resource leak
Commit id '666bee3' made fabric_name optional; however, if fabric name
was present, then a leak would occur.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2017-02-19 06:45:09 -05:00
John Ferlan
8729ce56fe tests: Create a more realistic vHBA
Modify the code to react more like a real HBA -> vHBA creation.

Currently the code would just modify the input XML definition to
set the name to a wwpn and then modify the scsi_host capability
entry for the defintion to change the scsi_host# and unique_id
before adding that into the node device.

This patch does things a bit better. It finds and copies a known
existing vHBA (scsi_host11) in the node_device database and modifies
that definition to change the name to scsi_host12 and set the wwnn/
wwpn to what the input XML would expect before adding the def to the
node device object list.

Then rather than create a returned "dev" using the (poorly) mocked
name - perform the lookup using the new device name.
2017-02-19 06:45:09 -05:00
John Ferlan
0869d9b333 test: Add helper to create vHBA for testNodeDeviceCreateXML
Rather than inline the dummy creation of a vHBA to add to the node
devices - create a helper to do that work.

Also just tidy up a couple of things while at it...
2017-02-19 06:45:09 -05:00
John Ferlan
5c2ff641e1 test: Add new NPIV capable HBA and a vHBA
Predefine a second NPIV capable HBA as well as a vHBA using the first
NPIV capable HBA. This will allow for a mechanism to perform more
realistic create vHBA testing.
2017-02-19 06:45:09 -05:00
John Ferlan
779e49054a tests: Alter test_driver HBA name/data to be closer to reality
Alter "test-scsi-host-vport" to be "scsi_host1" to match the real
environment. This is the vport capable HBA - IOW the NPIV device.
Add more fields to scsi_host1 as well.

Alter the XML being used by the objecttest to create a vHBA in order
to match the scsi_host1 parent name and to use validateable wwnn/wwpn.
This will allow for realistic testing.
2017-02-19 06:45:09 -05:00
Roman Bogorodskiy
d3ffa0ece8 nodedev: fix build with clang
Build fails with:

conf/node_device_conf.c:825:62: error: comparison of unsigned enum expression < 0 is always false [-Werror,-Wtautological-compare]
    if ((data->drm.type = virNodeDevDRMTypeFromString(type)) < 0) {
        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ^ ~
conf/node_device_conf.c:1801:59: error: comparison of unsigned enum expression < 0 is always false [-Werror,-Wtautological-compare]
        if ((type = virNodeDevDevnodeTypeFromString(tmp)) < 0) {
            ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ^ ~
2 errors generated.

Fix by using intermediate variable to store the result similarly
to how it's done for other FromString* calls.
2017-02-18 17:49:27 +04:00
Michal Privoznik
78c018693b nodedev: Introduce new drm cap
After 7f1bdec5fa our nodedev driver is capable of
determining DRM devices (DRM stands for Direct Render Manager not
Digital rights management). There is still one bit missing
though: virConnectListAllNodeDevices() is capable of listing
either all devices or just those with specified capability. Well,
DRM capability is missing there.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-02-17 16:09:15 +01:00
Marc-André Lureau
e5bda10141 qemu: add rendernode argument
Add a new attribute 'rendernode' to <gl> spice element.

Give it to QEMU if qemu supports it (queued for 2.9).

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-02-17 15:47:58 +01:00
Marc-André Lureau
7f1bdec5fa nodedev: add drm capability
Add a new 'drm' capability for Direct Rendering Manager (DRM) devices,
providing device type information.

Teach the udev backend to populate those devices.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-02-17 15:47:58 +01:00
Marc-André Lureau
14a3e7ab5c nodedev: parse <path>
This should have been added with c4a4603de (or 0bdefd9b04).

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2017-02-17 15:47:58 +01:00
Marc-André Lureau
0809508ed2 nodedev: add <devnode> paths
Add new <devnode> top-level <device> element, that list the associated
/dev files. Distinguish the main /dev name from symlinks with a 'type'
attribute of value 'dev' or 'symlink'.

Update a test to check XML schema, and actually add it to the test list
since it was missing.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2017-02-17 15:47:58 +01:00
Marc-André Lureau
7f64435307 nodedev: fix extra space in dump
This is a cosmetic change, shouldn't change XML parsing, and doesn't
break any test.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2017-02-17 15:47:58 +01:00
Jiri Denemark
78d27c6501 cputest: Fix name of the file removed by cpu-parse.sh
We want to remove the file created by

    json <<<"$data" >$fname.json

in case it was empty.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2017-02-17 11:19:29 +01:00
John Ferlan
4337bc57be nodedev: Return the parent for a virNodeDevicePtr struct
When the 'parent' was added to the virNodeDevicePtr structure
by commit id 'e8a4ea75a' the 'parent' field was not properly filled
in when a virGetNodeDevice call was made within driver/config code.
Only the device name was ever filled in. Fetching the parent required
a second trip via virNodeDeviceGetParent into the node device lookup
code was required in order to retrieve the specific parent field (and
still the parent field was never filled in although it was free'd).

Since we have the data when we initially call virGetNodeDevice from
within driver/node_config code - let's just fill in the parent field
as well for anyone that wants it without requiring another trip into
the node_device lookup just to get the parent.

This will allow API's such as virConnectListAllNodeDevices,
virNodeDeviceLookupByName, and virNodeDeviceLookupSCSIHostByWWN
to retrieve both name and parent in the returned virNodeDevicePtr.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2017-02-16 12:23:04 -05:00
Joao Martins
1e6bc3c581 libxl: fix coverity issues introduced by 6a95edf
As discussed here [0][1] Coverity reported two issues:

- On libxlDomainMigrationPrepareTunnel3 @@mig will be leaked on failures
after sucessfull call libxlDomainMigrationPrepareAny hence we free it.

Setting mig = NULL after @mig is assigned plus adding libxlMigrationCookieFree
on error paths addresses the issue. In case virThreadCreate fails,
unref of args frees the cookie on dispose function (libxlMigrationDstArgsDispose)

- On libxlMigrationStartTunnel @tc would be leaked.

Fixed by correctly saving the newly allocated @tc onto @tnl such that
libxlMigrationStopTunnel would free it up.

[0] https://www.redhat.com/archives/libvir-list/2017-February/msg00791.html
[1] https://www.redhat.com/archives/libvir-list/2017-February/msg00833.html

Signed-off-by: Joao Martins <joao.m.martins@oracle.com>
2017-02-16 12:19:35 -05:00
Michal Privoznik
1d9ab0f04a qemu: Allow empty script path to <interface/>
Before 9c17d665fd (v1.3.2 - I know, right?) it was possible to
have the following interface configuration:

  <interface type='ethernet'/>
    <script path=''/>
  </interface>

This resulted in -netdev tap,script=,.. Fortunately, qemu helped
us to get away with this as it just ignored the empty script
path. However, after the commit mentioned above it's libvirtd
who is executing the script. Unfortunately without special
case-ing empty script path.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-02-16 17:39:34 +01:00
Jim Fehlig
d23dfaae9f news: add entries for libxl driver improvements and bug fixes 2017-02-16 08:49:01 -07:00
Ján Tomko
76fd798191 Validate required CPU features even for host-passthrough
Commit adff345 allowed enabling features with -cpu host
without ajdusting the validity checks on domain startup
and migration.
2017-02-16 15:22:49 +01:00
Nitesh Konkar
5729746543 Ensure disk names follow the disk name regex
Currently disk names do not follow the
(regex) /^[fhv]d[a-z]+[0-9]*$/ completely
and hence one can assign disk names like
vd2 etc. This patch ensures that the
disk names follow the regex mentioned.
This patch also adds a testcase.

Signed-off-by: Nitesh Konkar <nitkon12@linux.vnet.ibm.com>
2017-02-16 09:59:13 +01:00
Jim Fehlig
2dc1cf19db libxl: fix potential double free in libxlDriverGetDom0MaxmemConf
Commit 4ab0c959 fixed a memory leak in libxlDriverGetDom0MaxmemConf
but introduced a potential double free of mem_tokens

*** Error in `/usr/sbin/libvirtd': double free or corruption (out):
    0x00007fffc808cfd0 ***

Avoid double free by setting mem_tokens to NULL after calling
virStringListFree.
2017-02-15 18:24:58 -07:00
Jim Fehlig
b5ac475f50 news: fix spelling of tunneled
s/tunnelled/tunneled/ in news for the libxl tunneled migration feature.
2017-02-15 16:37:34 -07:00
Joao Martins
13b20b2e89 news: document libxl tunnelled migration support
Signed-off-by: Joao Martins <joao.m.martins@oracle.com>
2017-02-15 16:30:59 -07:00
Bob Liu
6a95edf9ab libxl: add tunnelled migration support
Tunnelled migration doesn't require any extra network connections
beside the libvirt daemon.  It's capable of strong encryption and the
default option of openstack-nova.

This patch adds the tunnelled migration(Tunnel3params) support to
libxl.  On the source side, the data flow is:

 * libxlDoMigrateSend() -> pipe libxlTunnel3MigrationFunc() polls pipe
 * out and then write to dest stream.

While on the destination side:
 * Stream -> pipe -> 'recvfd of libxlDomainStartRestore'

The usage is the same as p2p migration, execpt adding one extra
'--tunnelled' to the libvirt p2p migration command.

Signed-off-by: Bob Liu <bob.liu@oracle.com>
Signed-off-by: Joao Martins <joao.m.martins@oracle.com>
2017-02-15 14:47:14 -07:00
Joao Martins
d2100f2b4a libxl: refactor libxlDomainMigrationPrepare
The newly introduced function libxlDomainMigrationPrepareAny
will be shared between P2P and tunnelled variations.

Signed-off-by: Joao Martins <joao.m.martins@oracle.com>
2017-02-15 10:15:50 -07:00
Michal Privoznik
27ac5f3741 qemu_conf: Properly check for retval of qemuDomainNamespaceAvailable
This function is returning a boolean therefore check for '< 0'
makes no sense. It should have been
'!qemuDomainNamespaceAvailable'.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-02-15 15:40:01 +01:00
Michal Privoznik
b57bd206b9 qemu_conf: Check for namespaces availability more wisely
The bare fact that mnt namespace is available is not enough for
us to allow/enable qemu namespaces feature. There are other
requirements: we must copy all the ACL & SELinux labels otherwise
we might grant access that is administratively forbidden or vice
versa.
At the same time, the check for namespace prerequisites is moved
from domain startup time to qemu.conf parser as it doesn't make
much sense to allow users to start misconfigured libvirt just to
find out they can't start a single domain.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-02-15 12:43:23 +01:00
Jim Fehlig
ec94e14b68 apparmor: don't fail on non-apparmor <seclabel>
If the apparmor security driver is loaded/enabled and domain config
contains a <seclabel> element whose type attribute is not 'apparmor',
starting the domain fails when attempting to label resources such
as tap FDs.

Many of the apparmor driver entry points attempt to retrieve the
apparmor security label from the domain def, returning failure if
not found. Functions such as AppArmorSetFDLabel fail even though
domain config contains an explicit 'none' secuirty driver, e.g.

  <seclabel type='none' model='none'/>

Change the entry points to succeed if the domain config <seclabel>
is not apparmor. This matches the behavior of the selinux driver.
2017-02-14 16:53:30 -07:00