10324 Commits

Author SHA1 Message Date
Jiri Denemark
8662b34f18 qemu: Probe for migrtability support in CPU expansion
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-06-09 20:32:50 +02:00
Jiri Denemark
2bfa2fea02 qemu: Probe for .migratable property of a CPU
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-06-09 20:32:50 +02:00
Peter Krempa
f225f37a8a qemu: blockcommit: Fix placement of qemuDomainDiskBlockJobIsSupported
Commit b50a8354f6d added call to qemuDomainDiskBlockJobIsSupported prior
to filling the 'disk' variable resulting in a crash when attempting a
block commit.

https://gitlab.com/libvirt/libvirt/-/issues/31

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-06-09 09:28:12 +02:00
Daniel P. Berrangé
5263160f9b qemu: fix typo s/readaehad/readahead/
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-06-05 13:33:00 +01:00
Laine Stump
bc85c34ea9 qemu: don't reject interface update when switching to/from bridged network
If virDomainUpdateDeviceFlags() was used to update an <interface>, and
the interface type changed from type='network' where the network was
an unmanaged bridge (so actualType == bridge) to type='bridge'
(i.e. actualType *also* == bridge), the update would fail due to the
perceived change in type.

In practice it is okay to switch between any interface types that end
up using a tap device, since libvirt just needs to attach the device
to a new bridge. But in this case we were erroneously rejecting it due
to a conditional that was too restrictive. This is what the code was doing:

  if (old->type != new->type)
     [allow update]
  else
     if ((oldActual == bridge and newActual == network)
         || (oldActual == network and newActual == bridge)) {
         [allow update]
     else
         [error]

In the case described above though, old->type and new->type don't match,
but oldActual and newActual are both 'bridge', so we get an error.

This patch changes the inner conditional so that any combination of
'network' and 'bridge' for oldActual and newActual, since they both
use a tap device connected to a bridge.

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-06-04 22:46:26 -04:00
Daniel P. Berrangé
a9fa62f327 src: don't include ref count in debug messages / probes
The ref count will be private to the GObject base class
and we must not peek at it, even for debugging messages.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-06-03 10:20:17 +01:00
Daniel P. Berrangé
0d1840729f src: make virObjectUnref return void
To prepare for a conversion to GObject, we need virObjectUnref
to have the same API design as g_object_unref, which means it
needs to be void.

A few places do actually care about the return value though,
and in these cases a thread local flag is used to determine
if the dispose method was invoked.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-06-03 10:20:17 +01:00
Daniel P. Berrangé
fd460ef561 qemu: stop checking virObjectUnref return value
Some, but not all, of the monitor event handlers check
the virObjectUnref return value to see if the domain
was disposed.

It should not be possible for this to happen, since
the function already holds a lock on the domain and
has only just acquired an extra reference on the
domain a few lines earlier.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-06-03 10:20:17 +01:00
Michal Privoznik
a5a297f387 qemu: Skip pre-creation of NVMe disks
Upon migration with disks, libvirt determines if each disk exists
on the destination and tries to pre-create missing ones. Well,
NVMe disks can't be pre-created, but they can be checked for
presence.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1823639

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-06-02 12:42:31 +02:00
Liao Pingfang
ab55a8a087 qemu: hotplug: Fix the condition check for net->downscript
According to the context, here we are checking net->downscript's validity,

Signed-off-by: Liao Pingfang <liao.pingfang@zte.com.cn>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-06-01 17:50:11 +02:00
Chen Hanxiao
368134e495 downscript: add support for booting and hotplug interface
Support downscript for booting vm,
and hotunplug interface device.

Signed-off-by: Chen Hanxiao <chen_han_xiao@126.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-05-26 15:56:11 +02:00
Daniel Henrique Barboza
9665b27dba qemuProcessRefreshCPU: skip 'host-model' logic for pSeries guests
Commit v3.10.0-182-g237f045d9a ("qemu: Ignore fallback CPU attribute
on reconnect") forced CPU 'fallback' to ALLOW, regardless of user
choice. This fixed a situation in which guests created with older
Libvirt versions, which used CPU mode 'host-model' in runtime, would
fail to launch in a newer Libvirt if the fallback was set to FORBID.
This would lead to a scenario where the CPU was translated to 'host-model'
to 'custom', but then the FORBID setting would make the translation
process fail.

PSeries can operate with 'host-model' in runtime due to specific PPC64
mechanics regarding compatibility mode. The update() implementation of
the cpuDriverPPC64 driver is a NO-OP if CPU mode is 'host-model', and
the driver does not implement translate(). The commit mentioned above
is causing PSeries guests to get their 'fallback' setting to ALLOW,
overwriting user choice, exposing a design problem in
qemuProcessRefreshCPU() - for PSeries guests, handling 'host-model'
as it is being done does not apply.

All other cpuArchDrivers implements update() and changes guest mode
to VIR_CPU_MODE_CUSTOM, meaning that PSeries is currently the only
exception to this logic. Let's make it official.

https://bugzilla.redhat.com/show_bug.cgi?id=1660711

Suggested-by: Jiri Denemark <jdenemar@redhat.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Message-Id: <20200525123945.4049591-2-danielhb413@gmail.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
2020-05-25 16:20:25 +02:00
Jiri Denemark
004804a7d7 qemu: Invalidate capabilities when host CPU changes
The host CPU related info stored in the capabilities cache is no longer
valid after the host CPU changes. This is not a frequent situation in
real world, but it can easily happen in nested scenarios when a disk
image is started with various CPUs.

https://bugzilla.redhat.com/show_bug.cgi?id=1778819

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-05-25 16:10:04 +02:00
Daniel Henrique Barboza
f600c42627 qemu_process.c: modernize qemuProcessUpdateCPU code path
Use automatic cleanup on qemuProcessUpdateCPU and the functions called
by it.

Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Message-Id: <20200522195620.3843442-5-danielhb413@gmail.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
2020-05-25 12:31:14 +02:00
Ján Tomko
d265171b57 qemu: only return two values in virQEMUDriverConfigLoadMemoryEntry
The intention of these split Load*Entry functions is to prevent
virQEMUDriverConfigLoadFile from getting too large.

There's no need to signal to the caller whether an entry was found
or not, only whether there was an error.

Remove the non-standard return 1.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2020-05-20 14:47:56 +02:00
Ján Tomko
8da8cafdcb qemu: do not leak the directory in virQEMUDriverConfigLoadMemoryEntry
virConfGetValueString returns an allocated string that needs to be
freed.

Fixes: 34a59fb570dcc1b6b4b4cef1f0eb43fc6f688120
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2020-05-20 14:47:56 +02:00
Peter Krempa
78d30aa0bf qemu: Prepare for testing of 'netdev_add' props via qemuxml2argvtest
qemuxml2argv test suite is way more comprehensive than the hotplug
suite. Since we share the code paths for monitor and command line
hotplug we can easily test the properties of devices against the QAPI
schema.

To achieve this we'll need to skip the JSON->commandline conversion for
the test run so that we can analyze the pure properties. This patch adds
flags for the comand line generator and hook them into the
JSON->commandline convertor for -netdev. An upcoming patch will make use
of this new infrastructure.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2020-05-20 09:41:58 +02:00
Peter Krempa
529ad62c0d qemuMonitorAddNetdev: Convert to the native JSON props object
Now that all code paths generate JSON props we can remove the conversion
to command line arguments and back in the monitor code.

Note that the test which is removed in this commit will be replaced by a
stronger testsuite later.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2020-05-20 09:41:58 +02:00
Peter Krempa
11758f9245 qemuBuildChannelGuestfwdNetdevProps: Convert to generating JSON props
Syntax of guestfwd channel also needs to be modified to conform to the
QAPI schema.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2020-05-20 09:41:57 +02:00
Peter Krempa
b6738ffc9f qemu: command: Generate -netdev command line via JSON->cmdline conversion
The 'netdev_add' command was recently formally described in qemu via the
QMP schema. This means that it also requires the arguments to be
properly formatted. Our current approach is to generate the command line
and then use qemuMonitorJSONKeywordStringToJSON to get the JSON
properties for the monitor. This will not work if we need to pass some
fields as numbers or booleans.

In this step we re-do internals of qemuBuildHostNetStr to format a JSON
object which is converted back via virQEMUBuildNetdevCommandlineFromJSON
to the equivalent command line. This will later allow fixing of the
monitor code to use the JSON object directly rather than rely on the
conversion.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2020-05-20 09:41:57 +02:00
Peter Krempa
eb56a98672 qemuMonitorJSON(Add|Remove)Netdev: Refactor cleanup
Use automatic pointer cleanup for virJSONValuePtrs to get rid of the
cleanup label and ret variable.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2020-05-20 09:41:57 +02:00
Peter Krempa
54e4328295 qemuBuildHostNetStr: Stop using 'ipv6-net' convenience argument
In qemu the argument of 'ipv6-net' is split up into 'ipv6-prefix' and
'ipv6-prefixlen'. Additionally now that 'netdev_add' was qapified, only
the real properties are allowed. Switch to using them explicitly.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2020-05-20 09:41:57 +02:00
Peter Krempa
202bb53cc2 qemuBuildChannelChrDeviceStr: Remove formatting of properties for -netdev
The output of the function is fed as argument to '-device' command line
argument or 'device_add' monitor command except for 'guestfwd' channels
where it needs to be fed to -netdev/netdev_add. This is confusing and
error prone. Split it up since the caller needs to know which
command/option to use anyways, so the caller can call the appropriate
function without any magic.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2020-05-20 09:41:57 +02:00
Peter Krempa
63e5124ac1 qemuBuildChannelsCommandLine: Extract common formatting of 'chardev'
Both active branches create the same backend chardev. Since there is no
other case, extract it before the switch so that we don't have to
duplicate it.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2020-05-20 09:41:57 +02:00
Peter Krempa
63fc99402e qemuBuildChannelsCommandLine: Use typecasted switch for channel type
Cover all cases of the enum.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2020-05-20 09:41:57 +02:00
Peter Krempa
8f2d30e9bc qemuMonitorJSONParseKeywords: remove constant argument
There's just one caller that always passes '1'.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2020-05-20 09:41:57 +02:00
Peter Krempa
26c8b4f1fc qemu: domain: Forbid unsupported 'tftp' protocol and handle tests
'tftp' storage protocol was supported by qemu until 2.7.0. Add an
interlock when blockdev is used and drop the test case for it as it's
IMO not worth adding another test file just for that.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2020-05-20 09:41:57 +02:00
Ján Tomko
be611aa4de qemu: conf: fix stray comma
The qemu.conf change broke our augeas test:

qemu/test_libvirtd_qemu.aug:96.3-203.1:exception thrown in test
qemu/test_libvirtd_qemu.aug:96.8-.34:exception: Iterated lens matched less than it should
    Lens: ../../src/qemu/libvirtd_qemu.aug:170.13-.43:
      Last match: ../../src/qemu/libvirtd_qemu.aug:18.52-.113:
      Not matching: ../../src/qemu/libvirtd_qemu.aug:12.19-.31:
    Error encountered at 48:27 (1615 characters into string)
    <\n    "/dev/ptmx", "/dev/kvm"|=|,\n]\nsave_image_format = "raw>

Fixes: ab5ba57012e9e6ab4f55afdeecd1813dd3ca916b
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2020-05-19 10:59:33 +02:00
Paolo Bonzini
ab5ba57012 qemu: do not allow /dev/rtc or /dev/hpet access via the devices cgroup
The RTC and HPET modes for the QEMU emulation tick have been dropped
almost 9 years ago, in commit 25f3151ece1d5881826232bebccc21b588d4e03e.
Do not allow them in the devices cgroup policy.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-05-19 10:04:06 +02:00
Laine Stump
c0e04c2e62 qemu: prevent attempts to detach a device on a controller with hotplug='off'
Although the original patches to support controllers with
hotplug='off' were checking during hotplug/attach requests that the
device was being plugged into a PCI controller that didn't have
hotplug disabled, but I forgot to do the same for device detach (the
main impetus for adding the feature was to prevent unplugs originating
from within the guest, so it slipped my mind). So although the guest
OS was ultimately unable to honor the unplug request, libvirt could
still be used to make such a request, and since device attach/detach
are asynchronous operations, the caller to libvirt would receive a
success status back (the device would stubbornly/correctly remain in
the domain status XML however)

This patch remedies that, by looking at the controller for the device
in the detach request, and immediately failing the operation if that
controller has hotplug=off.

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2020-05-18 14:18:48 -04:00
Michal Privoznik
8fd2749b2d qemuProcessStop: Reattach NVMe disks a domain is mirroring into
If the mirror destination is not a file but a NVMe disk, then
call qemuHostdevReAttachOneNVMeDisk() to reattach the NVMe back
to the host.

This would be done by blockjob code when the job finishes, but in
this case the job won't finish - QEMU is killed meanwhile.

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1825785

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2020-05-18 15:14:27 +02:00
Michal Privoznik
0230e38384 qemuProcessStop: Use XATTRs to restore seclabels on disks a domain is mirroring into
In v5.10.0-rc1~42 (which was later fixed in v6.0.0-rc1~487) I am
removing XATTRs for a file that QEMU is mirroring a disk into but
it is killed meanwhile. Well, we can call
qemuSecurityRestoreImageLabel() which will not only remove XATTRs
but also use them to restore the original owner of the file.

This would be done by blockjob code when the job finishes, but in
this case the job won't finish - QEMU is killed meanwhile

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2020-05-18 15:13:14 +02:00
Michal Privoznik
aad31f46fb qemuBuildNumaArgStr: Use modern -numa memdev= if old -numa mem= is unsupported
In previous commit we started tracking whether QEMU supports
'-numa mem='. This is tied to the machine type because migration
from '-numa mem=' to '-numa memdev' is impossible (or vice
versa). But since it's tied to a machine type (where migration
from one to another is also unsupported) we can allow QEMU to get
rid of the deprecated command line.

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1783355

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-05-18 10:36:10 +02:00
Michal Privoznik
0246a4f0a7 qemuBuildNumaArgStr: Switch order of if() and for()
When building -numa command line there is a for() loop that
builds '-numa memdev=' for each guest NUMA node. And also
records in a local variable whether any of memory-object-*
backends must be used to satisfy desired config. Well, instead of
checking in each iteration whether corresponding capabilities are
set, we can do swap if() and for() and check only once.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-05-18 10:27:14 +02:00
Michal Privoznik
bba05b01ce qemu: Track numa-mem-supported machine attribute
There is 'numa-mem-supported' machine attribute which specifies
whether '-numa mem=' is supported. Store it in our capabilities
as it will be used in later commits when building the command
line.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-05-18 10:23:05 +02:00
Daniel Henrique Barboza
7cd141f94c qemu_alias.c: fix qemuAssingDeviceMemballoonAlias() typo
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2020-05-18 07:52:00 +02:00
Michal Privoznik
62c27cfc4f qemuBlockJobDataDisposeJobdata: Free data.commit.disabledBitmapsBase
==179663== 35 (24 direct, 11 indirect) bytes in 1 blocks are definitely lost in loss record 205 of 461
==179663==    at 0x4839EC6: calloc (vg_replace_malloc.c:762)
==179663==    by 0x5791AC0: g_malloc0 (in /usr/lib64/libglib-2.0.so.0.6400.1)
==179663==    by 0x190C79: qemuDomainObjPrivateXMLParseBlockjobDataCommit (qemu_domain.c:3295)
==179663==    by 0x190DF7: qemuDomainObjPrivateXMLParseBlockjobDataSpecific (qemu_domain.c:3331)
==179663==    by 0x19157D: qemuDomainObjPrivateXMLParseBlockjobData (qemu_domain.c:3469)
==179663==    by 0x1918E8: qemuDomainObjPrivateXMLParseBlockjobs (qemu_domain.c:3498)
==179663==    by 0x193841: qemuDomainObjPrivateXMLParse (qemu_domain.c:3944)
==179663==    by 0x4A1BA9D: virDomainObjParseXML (domain_conf.c:22306)
==179663==    by 0x4A1BFE9: virDomainObjParseNode (domain_conf.c:22429)
==179663==    by 0x4A1C0B4: virDomainObjParseFile (domain_conf.c:22443)
==179663==    by 0x1431E1: testCompareStatusXMLToXMLFiles (qemuxml2xmltest.c:61)
==179663==    by 0x177722: virTestRun (testutils.c:142)

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2020-05-14 11:45:29 +02:00
Michal Privoznik
42a415d5a5 qemuDomainStorageSourcePrivateDispose: Free httpcookie
==156803== 58 (40 direct, 18 indirect) bytes in 1 blocks are definitely lost in loss record 306 of 463
==156803==    at 0x4839EC6: calloc (vg_replace_malloc.c:762)
==156803==    by 0x5791AC0: g_malloc0 (in /usr/lib64/libglib-2.0.so.0.6400.1)
==156803==    by 0x48F60DC: virAlloc (viralloc.c:48)
==156803==    by 0x18DD74: qemuStorageSourcePrivateDataAssignSecinfo (qemu_domain.c:2384)
==156803==    by 0x18DFD5: qemuStorageSourcePrivateDataParse (qemu_domain.c:2433)
==156803==    by 0x49EC884: virDomainStorageSourceParse (domain_conf.c:9857)
==156803==    by 0x49ECBA3: virDomainDiskBackingStoreParse (domain_conf.c:9909)
==156803==    by 0x49F129D: virDomainDiskDefParseXML (domain_conf.c:10785)
==156803==    by 0x4A1804E: virDomainDefParseXML (domain_conf.c:21543)
==156803==    by 0x4A1B60C: virDomainObjParseXML (domain_conf.c:22254)
==156803==    by 0x4A1BFE9: virDomainObjParseNode (domain_conf.c:22429)
==156803==    by 0x4A1C0B4: virDomainObjParseFile (domain_conf.c:22443

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2020-05-14 11:45:15 +02:00
Ján Tomko
006782a8bc qemu: only stop external devices after the domain
A failure in qemuProcessLaunch would lead to qemuExtDevicesStop
being called twice - once in the cleanup section and then again
in qemuProcessStop.

However, the first one is called while the QEMU process is
still running, which is too soon for the swtpm process, because
the swtmp_ioctl command can lock up:

https://bugzilla.redhat.com/show_bug.cgi?id=1822523

Remove the first call and only leave the one in qemuProcessStop,
which is called after the QEMU process is killed.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2020-05-13 15:29:37 +02:00
Ján Tomko
9c58b6eb00 qemu: reject readonly attribute for virtiofs
This is not yet supported by virtiofsd.

Fixes #23 a.k.a. https://gitlab.com/libvirt/libvirt/-/issues/23

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2020-05-13 12:35:03 +02:00
Chris Jester-Young
363c9865ae qemu: pvscsi: Add support for vmpvscsi controller model
Availability of the vmpvscsi controller model is gated by the pvscsi
capability.

Signed-off-by: Chris Jester-Young <cky@cky.nz>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2020-05-13 09:30:20 +02:00
Chris Jester-Young
1ca9b8ff9d qemu: pvscsi: Add capability
This capability flags support for `-device pvscsi`, which provides the
VMware paravirtual SCSI controller.

Signed-off-by: Chris Jester-Young <cky@cky.nz>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2020-05-13 09:30:20 +02:00
Peter Krempa
65a12c467c qemu: blockcopy: Allow copy of read-only disks with -blockdev
'blockdev-mirror' requires the write permission internally to do the
copy. This means that we have to force the image to be read-write for
the duration of the copy and can fix it after the copy is done.

https://bugzilla.redhat.com/show_bug.cgi?id=1832204

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-05-12 06:56:09 +02:00
Peter Krempa
fe574ea1f5 qemu: snapshot: Allow snapshots of read-only disks when we can create them
With -blockdev or when reusing externally created images and thus
without the need for formatting the image we actually can support
snapshots of read-only disks. Arguably it's not very useful so they are
not done by default but users of libvirt such as oVirt are actually
using this.

https://bugzilla.redhat.com/show_bug.cgi?id=1832204

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-05-12 06:56:09 +02:00
Peter Krempa
10d6278279 qemuBlockStorageSourceCreateFormat: Force write access when formatting images
We need qemu to be able to write the newly created images so that it can
format them to the specified storage format.

Force write access by relabelling the images when formatting.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-05-12 06:56:09 +02:00
Peter Krempa
6bde2a1e20 conf: Sanitize handling of <auth> and <encryption> placement for disks
Modern way to store <auth> and <encryption> of a <disk> is under
<source>. This was added to mirror how <backingStore> handles these and
in fact they are relevant to the source rather than to any other part of
the disk. Historically we allowed them to be directly under <disk> and
we need to keep compatibility.

This wasn't a problem until introduction of -blockdev in qemu using of
<auth> or <encryption> plainly wouldn't work with backing chains.

Now that it works in backing chains and can be moved back and forth
using snapshots/block-commit we need to ensure that the original
placement is properly kept even if the source changes.

To achieve the above semantics we need to store the preferred placement
with the disk definition rather than the storage source definitions and
also ensure that the modern way is chosen when the VM started with
<source/encryption> only in the backing store.

https://bugzilla.redhat.com/show_bug.cgi?id=1822878

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-05-12 06:55:00 +02:00
Peter Krempa
5d72c3ce28 qemu: domain: Forbid slice/encryption/copy_on_read with disk type='lun'
Any non-raw block layer feature will not work with raw SCSI command
passthrough via 'scsi-block'. Explicitly refuse use of luks encryption,
storage slices and copy on read.

https://bugzilla.redhat.com/show_bug.cgi?id=1820040

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-05-12 06:55:00 +02:00
Peter Krempa
b40ec75296 qemu: Forbid non-raw images for disk type='lun' with vitio-blk frontend
Historically the virtio-blk frontend by default enabled SCSI emulation
and tried to do SCSI command passthrough. As this was enabled by default
there's a fallback mechanism in place in cases when the backend doesn't
support SCSI for any reason.

This is not the case when disk type=lun is used with 'scsi-block' via
'virtio-scsi'.

We did not restrict configurations when the user picks 'qcow2' or any
other format as format of the disk, in which case the emulation is
disabled as such configuration doesn't make sense.

This patch unifies the approach so that 'raw' is required both when used
via 'virtio-blk' and 'virtio-scsi' so that the user is presented with
the expected configuration. Note that use of <disk type='lun'> is
already very restrictive as it requires a block device or iSCSI storage.

Additionally the scsi emulation is now deprecated by qemu with
virtio-blk as it conflicts with virtio-1 and the alternative is to use
'virtio-scsi' which performs better and is along for a very long time.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-05-12 06:55:00 +02:00
Peter Krempa
ec69f0190b qemu: command: Stop formatting of 'scsi=off' for virtio-blk-pci
The property was deprecated. Don't format it based on the new capability
if the user didn't explicitly request it.

https://bugzilla.redhat.com/show_bug.cgi?id=1829550

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-05-12 06:55:00 +02:00
Peter Krempa
3b7ca6d419 qemu: capabilities: Introduce QEMU_CAPS_VIRTIO_BLK_SCSI_DEFAULT_DISABLED
Historically the 'scsi' passthrough feature of virtio-blk-pci
was enabled by default. Libvirt was disabling it due to security
implications outlined in libvirt commit v0.9.9-4-g177db08775 if it was
not explicitly requested. In qemu commit v2.4.0-1566-ged65fd1a27 the
default value was changed to disabled in preparation for virtio-1.
Starting from QEMU-5.0 the 'scsi' property was also deprecated. There
replacement for the functionality is to use 'virtio-scsi' for the
purpose. This isn't a direct replacement though.

Add capability named QEMU_CAPS_VIRTIO_BLK_SCSI_DEFAULT_DISABLED which
allows us to stop formatting the 'scsi=' property if it's disabled by
default and not requested so that we don't use deprecated features.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-05-12 06:55:00 +02:00