Commit Graph

22947 Commits

Author SHA1 Message Date
Pavel Hrdina
495f60edcb vircgroup: introduce virCgroupV2GetMemoryUsage
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2018-10-05 15:53:29 +02:00
Pavel Hrdina
d080c00166 vircgroup: introduce virCgroupV2GetMemoryStat
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2018-10-05 15:53:29 +02:00
Pavel Hrdina
63bd23a6ad vircgroup: introduce virCgroupV2SetMemory
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2018-10-05 15:53:29 +02:00
Pavel Hrdina
91756fb64a vircgroup: introduce virCgroupV2(Set|Get)BlkioDeviceWriteBps
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2018-10-05 15:53:29 +02:00
Pavel Hrdina
353ce9453e vircgroup: introduce virCgroupV2(Set|Get)BlkioDeviceReadBps
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2018-10-05 15:53:29 +02:00
Pavel Hrdina
438587033b vircgroup: introduce virCgroupV2(Set|Get)BlkioDeviceWriteIops
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2018-10-05 15:53:29 +02:00
Pavel Hrdina
862f630825 vircgroup: introduce virCgroupV2(Set|Get)BlkioDeviceReadIops
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2018-10-05 15:53:29 +02:00
Pavel Hrdina
568f746eaf vircgroup: introduce virCgroupV2(Set|Get)BlkioDeviceWeight
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2018-10-05 15:53:29 +02:00
Pavel Hrdina
93fa369df5 vircgroup: introduce virCgroupV2GetBlkioIoDeviceServiced
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2018-10-05 15:53:29 +02:00
Pavel Hrdina
709260add9 vircgroup: introduce virCgroupV2GetBlkioIoServiced
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2018-10-05 15:53:29 +02:00
Pavel Hrdina
11bb7f1561 vircgroup: introduce virCgroupV2(Set|Get)BlkioWeight
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2018-10-05 15:53:29 +02:00
Pavel Hrdina
525ac6885b vircgroup: introduce virCgroupV2SetOwner
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2018-10-05 15:53:29 +02:00
Pavel Hrdina
cda8ed0646 vircgroup: introduce virCgroupV2BindMount
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2018-10-05 15:53:29 +02:00
Pavel Hrdina
38411bb831 vircgroup: introduce virCgroupV2HasEmptyTasks
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2018-10-05 15:53:29 +02:00
Pavel Hrdina
48572f8825 vircgroup: introduce virCgroupV2AddTask
In cgroups v2 we need to handle threads and processes differently.
If you need to move a process you need to write its pid into
cgrou.procs file and it will move the process with all its threads
as well.  The whole process will be moved if you use tid of any thread.

In order to move only threads at first we need to create threaded group
and after that we can write the relevant thread tids into cgroup.threads
file.  Threads can be moved only into cgroups that are children of
cgroup of its process.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2018-10-05 15:53:29 +02:00
Pavel Hrdina
4fe4847438 vircgroup: introduce virCgroupV2Remove
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2018-10-05 15:53:29 +02:00
Pavel Hrdina
89f52abd07 vircgroup: introduce virCgroupV2MakeGroup
When creating cgroup hierarchy we need to enable controllers in the
parent cgroup in order to be usable.  That means writing "+{controller}"
into cgroup.subtree_control file.  We can enable only controllers that
are enabled for parent cgroup, that means we need to do that for the
whole cgroup tree.

Cgroups for threads needs to be handled differently in cgroup v2.  There
are two types of controllers:

    - domain controllers: these cannot be enabled for threads
    - threaded controllers: these can be enabled for threads

In addition there are multiple types of cgroups:

    - domain: normal cgroup
    - domain threaded: a domain cgroup that serves as root for threaded
                       cgroups
    - domain invalid: invalid cgroup, can be changed into threaded, this
                      is the default state if you create subgroup inside
                      domain threaded group or threaded group
    - threaded: threaded cgroup which can have domain threaded or
                threaded as parent group

In order to create threaded cgroup it's sufficient to write "threaded"
into cgroup.type file, it will automatically make parent cgroup
"domain threaded" if it was only "domain".  In case the parent cgroup
is already "domain threaded" or "threaded" it will modify only the type
of current cgroup.  After that we can enable threaded controllers.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2018-10-05 15:53:29 +02:00
Pavel Hrdina
0542640a9c vircgroup: introduce virCgroupV2PathOfController
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2018-10-05 15:53:29 +02:00
Pavel Hrdina
171c700cd8 vircgroup: introduce virCgroupV2GetAnyController
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2018-10-05 15:53:29 +02:00
Pavel Hrdina
c8f08a5346 vircgroup: introduce virCgroupV2HasController
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2018-10-05 15:53:29 +02:00
Pavel Hrdina
e1bb7fffe2 vircgroup: introduce virCgroupV2DetectControllers
Cgroup v2 has only single mount point for all controllers.  The list
of controllers is stored in cgroup.controllers file, name of controllers
are separated by space.

In cgroup v2 there is no cpuacct controller, the cpu.stat file always
exists with usage stats.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2018-10-05 15:53:29 +02:00
Pavel Hrdina
f7394dcf01 vircgroup: introduce virCgroupV2StealPlacement
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2018-10-05 15:53:29 +02:00
Pavel Hrdina
9aa8226d86 vircgroup: introduce virCgroupV2ValidatePlacement
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2018-10-05 15:53:29 +02:00
Pavel Hrdina
1efcf202e7 vircgroup: introduce virCgroupV2DetectPlacement
If the placement was copied from parent or set to absolute path
there is nothing to do, otherwise set the placement based on
process placement from /proc/self/cgroup or /proc/{pid}/cgroup.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2018-10-05 15:53:29 +02:00
Pavel Hrdina
50f61a46fc vircgroup: introduce virCgroupV2DetectMounts
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2018-10-05 15:53:29 +02:00
Pavel Hrdina
7a86201dd6 vircgroup: introduce virCgroupV2CopyPlacement
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2018-10-05 15:53:29 +02:00
Pavel Hrdina
38a3fb5647 vircgroup: introduce virCgroupV2CopyMounts
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2018-10-05 15:53:29 +02:00
Pavel Hrdina
3a365ef697 vircgroup: introduce virCgroupV2ValidateMachineGroup
When reconnecting to a domain we are validating the cgroup name.
In case of cgroup v2 we need to validate only the new format for host
without systemd '{machinename}.libvirt-{drivername}' or scope name
generated by systemd.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2018-10-05 15:53:29 +02:00
Pavel Hrdina
034ef217d7 vircgroup: introduce virCgroupV2Available
We cannot detect only mount points to figure out whether cgroup v2
is available because systemd uses cgroup v2 for process tracking and
all controllers are mounted as cgroup v1 controllers.

To make sure that this is no the situation we need to check
'cgroup.controllers' file if it's not empty to make sure that cgroup
v2 is not mounted only for process tracking.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2018-10-05 15:53:29 +02:00
Pavel Hrdina
b4ddf5ae62 util: introduce cgroup v2 files
Place cgroup v2 backend type before cgroup v1 to make it obvious
that cgroup v2 is preferred implementation.

Following patches will introduce support for hybrid configuration
which will allow us to use both at the same time, but we should
prefer cgroup v2 regardless.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2018-10-05 15:53:29 +02:00
Ján Tomko
e7730d196b qemu: fix comment in qemuSecurityChownCallback
s/chmod/chown/

Signed-off-by: Ján Tomko <jtomko@redhat.com>
2018-10-04 10:01:08 +02:00
Ján Tomko
8ba65c4d95 qemu: fix up permissions for pre-created UNIX sockets
My commit d6b8838 fixed the uid:gid for the pre-created UNIX sockets
but did not account for the different umask of libvirtd and QEMU.
Since commit 0e1a1a8c we set umask to '0002' for the QEMU process.
Manually tune-up the permissions to match what we would have gotten
if QEMU had created the socket.

https://bugzilla.redhat.com/show_bug.cgi?id=1633389

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
2018-10-03 16:26:08 +02:00
Michal Privoznik
478da65fb4 virFileIsSharedFSType: Check for fuse.glusterfs too
https://bugzilla.redhat.com/show_bug.cgi?id=1632711

GlusterFS is typically safe when it comes to migration. It's a
network FS after all. However, it can be mounted via FUSE driver
they provide. If that is the case we fail to identify it and
think migration is not safe and require VIR_MIGRATE_UNSAFE flag.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
2018-10-03 13:50:19 +02:00
Jiri Denemark
5cae1f47c4 cpu_map: Use and install Icelake model definitions
In commit v4.7.0-168-g993d85ae5e I introduced two Icelake CPU models,
but failed to actually include them in the CPU map index.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2018-10-03 13:00:54 +02:00
Ján Tomko
d6b8838dd8 security: dac: also label listen UNIX sockets
We switched to opening mode='bind' sockets ourselves:
commit 30fb2276d8
    qemu: support passing pre-opened UNIX socket listen FD
in v4.5.0-rc1~251

Then fixed qemuBuildChrChardevStr to change libvirtd's label
while creating the socket:
commit b0c6300fc4
    qemu: ensure FDs passed to QEMU for chardevs have correct SELinux labels
v4.5.0-rc1~52

Also add labeling of these sockets to the DAC driver.
Instead of duplicating the logic which decides whether libvirt should
pre-create the socket, assume an existing path meaning that it was created
by libvirt.

https://bugzilla.redhat.com/show_bug.cgi?id=1633389

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2018-10-02 12:44:44 +02:00
Marc Hartmayer
9f81dc1081 qemu: Introduce qemuDomainUpdateQEMUCaps()
This function updates the used QEMU capabilities of @vm by querying
the QEMU capabilities cache.

Signed-off-by: Marc Hartmayer <mhartmay@linux.ibm.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-10-01 18:35:47 -04:00
Marc Hartmayer
a4c12a5096 qemu: Use VIR_STEAL_PTR macro
Signed-off-by: Marc Hartmayer <mhartmay@linux.ibm.com>
Reviewed-by: Bjoern Walk <bwalk@linux.ibm.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
Reviewed-by: Stefan Zimmermann <stzi@linux.ibm.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-10-01 18:35:32 -04:00
John Ferlan
3a286a4e26 nwfilter: Alter virNWFilterSnoopReqLeaseDel logic
Move the fetch of @ipAddrLeft to after the goto skip_instantiate
and remove the (req->binding) guard since we know that as long
as req->binding is created, then req->threadkey is filled in.

Found by Coverity

Signed-off-by: John Ferlan <jferlan@redhat.com>
ACKed-by: Michal Privoznik <mprivozn@redhat.com>
2018-10-01 14:27:47 -04:00
John Ferlan
efdbfe57c7 util: Data overrun may lead to divide by zero
Commit 87a8a30d6 added the function based on the virsh function,
but used an unsigned long long instead of a double and thus that
limits the maximum result.

Signed-off-by: John Ferlan <jferlan@redhat.com>
ACKed-by: Michal Privoznik <mprivozn@redhat.com>
2018-10-01 14:27:31 -04:00
John Ferlan
425b9f8aa6 libxl: Fix possible object refcnt issue
When libxlDomainMigrationDstPrepare adds the @args to an
virNetSocketAddIOCallback using libxlMigrateDstReceive as
the target of the virNetSocketIOFunc @func with the knowledge
that the libxlMigrateDstReceive will virObjectUnref @args
at the end thus not needing to Unref during normal processing
for libxlDomainMigrationDstPrepare.

However, Coverity believes there's an issue with this. The
problem is there can be @nsocks virNetSocketAddIOCallback's
added, but only one virObjectUnref. That means the first
one done will Unref and the subsequent callers may not get
the @args (or @opaque) as they expected. If there's only
one socket returned from virNetSocketNewListenTCP, then sure
that works. However, if it returned more than one there's
going to be a problem.

To resolve this, since we start with 1 reference from the
virObjectNew for @args, we will add 1 reference for each
time @args is used for virNetSocketAddIOCallback. Then
since libxlDomainMigrationDstPrepare would be done with
@args, move it's virObjectUnref from the error: label to
the done: label (since error: falls through). That way
once the last IOCallback is done, then @args will be freed.

Signed-off-by: John Ferlan <jferlan@redhat.com>
ACKed-by: Michal Privoznik <mprivozn@redhat.com>
2018-10-01 14:27:18 -04:00
John Ferlan
6830c81307 lxc: Only check @nparams in lxcDomainBlockStatsFlags
Remove the "!params" check from the condition since it's possible
someone could pass a non NULL value there, but a 0 for the nparams
and thus continue on.  The external API only checks if @nparams is
non-zero, then check for NULL @params.

Found by Coverity

Signed-off-by: John Ferlan <jferlan@redhat.com>
ACKed-by: Michal Privoznik <mprivozn@redhat.com>
2018-10-01 14:27:07 -04:00
Julio Faracco
125ac4c0a8 uml: umlConnectOpen: Check the driver pointer before accessing it
The pointer related to uml_driver needs to be checked before its usage
inside the function. Some attributes of the driver are being accessed
while the pointer is NULL considering the current logic.

Signed-off-by: Julio Faracco <jcfaracco@gmail.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2018-10-01 09:13:44 +02:00
Pavel Hrdina
199eee6aae Revert "vircgroup: cleanup controllers not managed by systemd on error"
This reverts commit 1602aa28f8.

There is no need to call virCgroupRemove() nor virCgroupFree() if
virCgroupEnableMissingControllers() fails because it will not modify
'group' at all.

The cleanup of directories is done in virCgroupMakeGroup().

Reviewed-by: John Ferlan <jferlan@redhat.com>
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Marc Hartmayer <mhartmay@linux.ibm.com>
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2018-09-28 19:51:01 +02:00
Michal Privoznik
466bea0117 qemu: Temporarily disable metadata locking
Turns out, there are couple of bugs that prevent this feature
from being operational. Given how close to the release we are
disable the feature temporarily. Hopefully, it can be enabled
back after all the bugs are fixed.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
2018-09-27 16:22:44 +02:00
Pavel Hrdina
0615c8436a vircgroupv1: fix build on non-linux OSes
Cgroups are linux specific and we need to make sure that the code is
compiled only on linux.  On different OSes it fails the compilation:

../../src/util/vircgroupv1.c:65:19: error: variable has incomplete type 'struct mntent'
    struct mntent entry;
                  ^
../../src/util/vircgroupv1.c:65:12: note: forward declaration of 'struct mntent'
    struct mntent entry;
           ^
../../src/util/vircgroupv1.c:74:12: error: implicit declaration of function 'getmntent_r' is invalid in C99 [-Werror,-Wimplicit-function-declaration]
    while (getmntent_r(mounts, &entry, buf, sizeof(buf)) != NULL) {
           ^
../../src/util/vircgroupv1.c:814:39: error: use of undeclared identifier 'MS_NOSUID'
    if (mount("tmpfs", root, "tmpfs", MS_NOSUID|MS_NODEV|MS_NOEXEC, opts) < 0) {
                                      ^
../../src/util/vircgroupv1.c:814:49: error: use of undeclared identifier 'MS_NODEV'
    if (mount("tmpfs", root, "tmpfs", MS_NOSUID|MS_NODEV|MS_NOEXEC, opts) < 0) {
                                                ^
../../src/util/vircgroupv1.c:814:58: error: use of undeclared identifier 'MS_NOEXEC'
    if (mount("tmpfs", root, "tmpfs", MS_NOSUID|MS_NODEV|MS_NOEXEC, opts) < 0) {
                                                         ^
../../src/util/vircgroupv1.c:841:65: error: use of undeclared identifier 'MS_BIND'
            if (mount(src, group->legacy[i].mountPoint, "none", MS_BIND,
                                                                ^

Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2018-09-27 13:08:40 +02:00
Pavel Hrdina
6ef37ed3b8 vircgroup: include system headers only on linux
All the system headers are used only if we are compiling on linux
and they all are present otherwise we would have seen build errors
because in our tests/vircgrouptest.c we use only __linux__ to check
whether to skip the cgroup tests or not.

Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2018-09-27 13:08:37 +02:00
Pavel Hrdina
0df6266988 vircgroup: remove VIR_CGROUP_SUPPORTED
tests/vircgrouptest.c uses #ifdef __linux__ for a long time and no
failure was reported so far so it's safe to assume that __linux__ is
good enough to guard cgroup code.

Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2018-09-27 13:08:26 +02:00
Lin Ma
79e0e62e78 qemu: Remove network type limitation for qemuARPGetInterfaces
Let's ignore the checking of interface type when we call the function
qemuARPGetInterfaces to get IP from host's arp table.

Signed-off-by: Lin Ma <lma@suse.com>
Reviewed-by: Chen Hanxiao <chenhanxiao@gmail.com>
2018-09-26 14:57:41 +02:00
Michal Privoznik
cd33eaa251 security: Don't try to lock NULL paths
It may happen that in the list of paths/disk sources to relabel
there is a disk source. If that is the case, the path is NULL. In
that case, we shouldn't try to lock the path. It's likely a
network disk anyway and therefore there is nothing to lock.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2018-09-26 12:01:48 +02:00
Michal Privoznik
f4d7ca62a4 security: Grab a reference to virSecurityManager for transactions
This shouldn't be needed per-se. Security manager shouldn't
disappear during transactions - it's immutable. However, it
doesn't hurt to grab a reference either - transaction code uses
it after all.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Marc Hartmayer <mhartmay@linux.ibm.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-09-26 12:01:36 +02:00