Commit Graph

713 Commits

Author SHA1 Message Date
Jiri Denemark
a1adfb0f06 qemu: Add support for unavailable-features
QEMU 2.8.0 adds support for unavailable-features in
query-cpu-definitions reply. The unavailable-features array lists CPU
features which prevent a corresponding CPU model from being usable on
current host. It can only be used when all the unavailable features are
disabled. Empty array means the CPU model can be used without
modifications.

We can use unavailable-features for providing CPU model usability info
in domain capabilities XML:

    <domainCapabilities>
      ...
      <cpu>
        <mode name='host-passthrough' supported='yes'/>
        <mode name='host-model' supported='yes'>
          <model fallback='allow'>Skylake-Client</model>
          ...
        </mode>
        <mode name='custom' supported='yes'>
          <model usable='yes'>qemu64</model>
          <model usable='yes'>qemu32</model>
          <model usable='no'>phenom</model>
          <model usable='yes'>pentium3</model>
          <model usable='yes'>pentium2</model>
          <model usable='yes'>pentium</model>
          <model usable='yes'>n270</model>
          <model usable='yes'>kvm64</model>
          <model usable='yes'>kvm32</model>
          <model usable='yes'>coreduo</model>
          <model usable='yes'>core2duo</model>
          <model usable='no'>athlon</model>
          <model usable='yes'>Westmere</model>
          <model usable='yes'>Skylake-Client</model>
          ...
        </mode>
      </cpu>
      ...
    </domainCapabilities>

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2016-11-28 09:11:22 +01:00
Jiri Denemark
7bf6f345e0 qemu: Probe CPU models for KVM and TCG
CPU models (and especially some additional details which we will start
probing for later) differ depending on the accelerator. Thus we need to
call query-cpu-definitions in both KVM and TCG mode to get all data we
want.

Tests in tests/domaincapstest.c are temporarily switched to TCG to avoid
having to squash even more stuff into this single patch. They will all
be switched back later in separate commits.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2016-11-25 20:34:27 +01:00
Michal Privoznik
c2a5a4e7ea virstring: Unify string list function names
We have couple of functions that operate over NULL terminated
lits of strings. However, our naming sucks:

virStringJoin
virStringFreeList
virStringFreeListCount
virStringArrayHasString
virStringGetFirstWithPrefix

We can do better:

virStringListJoin
virStringListFree
virStringListFreeCount
virStringListHasString
virStringListGetFirstWithPrefix

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-11-25 13:54:05 +01:00
Eric Farman
ae5d30a0b3 conf: Wire up the vhost-scsi connection from/to XML
With the QEMU components in place, provide the XML parsing to
invoke that code when given the following XML snippet:

    <hostdev mode='subsystem' type='scsi_host'>
      <source protocol='vhost' wwpn='naa.501234567890abcd'/>
    </hostdev>

An optional address element can be specified within the hostdev
(pick CCW or PCI as necessary):

    <address type='ccw' cssid='0xfe' ssid='0x0' devno='0x0625'/>
    <address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/>

Add basic vhost-scsi tests which were cloned from hostdev-scsi-virtio-scsi
in both xml2argv and xml2xml. Added ones for both vhost-scsi-ccw and
vhost-scsi-pci since the syntaxes are slightly different between them.

Also adjusted the docs to describe the changes.

Signed-off-by: Eric Farman <farman@linux.vnet.ibm.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
2016-11-24 12:22:25 -05:00
Laine Stump
70d15c9ac6 qemu: initially reserve one open pcie-root-port for hotplug
For machinetypes with a pci-root bus (all legacy PCI), libvirt will
make a "fake" reservation for one extra slot prior to assigning
addresses to unaddressed PCI endpoint devices in the domain. This will
trigger auto-adding of a pci-bridge for the final device to be
assigned an address *if that device would have otherwise instead been
the last device on the last available pci-bridge*; thus it assures
that there will always be at least one slot left open in the domain's
bus topology for expansion (which is important both for hotplug (since
a new pci-bridge can't be added while the guest is running) as well as
for offline additions to the config (since adding a new device might
otherwise in some cases require re-addressing existing devices, which
we want to avoid)).

It's important to note that for the above case (legacy PCI), we must
check for the special case of all slots on all buses being occupied
*prior to assigning any addresses*, and avoid attempting to reserve
the extra address in that case, because there is no free address in
the existing topology, so no place to auto-add a pci-bridge for
expansion (i.e. it would always fail anyway). Since that condition can
only be reached by manual intervention, this is acceptable.

For machinetypes with pcie-root (Q35, aarch64 virt), libvirt's
methodology for automatically expanding the bus topology is different
- pcie-root-ports are plugged into slots (soon to be functions) of
pcie-root as needed, and the new endpoint devices are assigned to the
single slot in each pcie-root-port. This is done so that the devices
are, by default, hotpluggable (the slots of pcie-root don't support
hotplug, but the single slot of the pcie-root-port does). Since
pcie-root-ports can only be plugged into pcie-root, and we don't
auto-assign endpoint devices to the pcie-root slots, this means
topology expansion doesn't compete with endpoint devices for slots, so
we don't need to worry about checking for all "useful" slots being
free *prior* to assigning addresses to new endpoint devices - as a
matter of fact, if we attempt to reserve the open slots before the
used slots, it can lead to errors.

Instead this patch just reserves one slot for a "future potential"
PCIe device after doing the assignment for actual devices, but only
if the only PCI controller defined prior to starting address
assignment was pcie-root, and only if we auto-added at least one PCI
controller during address assignment. This assures two things:

1) that reserving the open slots will only be done when the domain is
   initially defined, never at any time after, and

2) that if the user understands enough about PCI controllers that they
   are adding them manually, that we don't mess up their plan by
   adding extras - if they know enough to add one pcie-root-port, or
   to manually assign addresses such that no pcie-root-ports are
   needed, they know enough to add extra pcie-root-ports if they want
   them (this could be called the "libguestfs clause", since
   libguestfs needs to be able to create domains with as few
   devices/controllers as possible).

This is set to reserve a single free port for now, but could be
increased in the future if public sentiment goes in that direction
(it's easy to increase later, but essentially impossible to decrease)
2016-11-14 14:23:48 -05:00
Laine Stump
8d873a5a47 qemu: try to put ich9 sound device at 00:1B.0
Real Q35 hardware has an ICH9 chip that includes several integrated
devices at particular addresses (see the file docs/q35-chipset.cfg in
the qemu source). libvirt already attempts to put the first two sets
of ich9 USB2 controllers it finds at 00:1D.* and 00:1A.* to match the
real hardware. This patch does the same for the ich9 "HD audio"
device.

The main inspiration for this patch is that currently the *only*
device in a reasonable "workstation" type virtual machine config that
requires a legacy PCI slot is the audio device, Without this patch,
the standard Q35 machine created by virt-manager will have a
dmi-to-pci-bridge and a pci-bridge just for the sound device; with the
patch (and if you change the sound device model from the default
"ich6" to "ich9"), the machine definition constructed by virt-manager
has absolutely no legacy PCI controllers - any legacy PCI devices
(e.g. video and sound) are on pcie-root as integrated devices.
2016-11-14 14:23:01 -05:00
Laine Stump
d8bd837669 qemu: add a USB3 controller to Q35 domains by default
Previously we added a set of EHCI+UHCI controllers to Q35 machines to
mimic real hardware as closely as possible, but recent discussions
have pointed out that the nec-usb-xhci (USB3) controller is much more
virtualization-friendly (uses less CPU), so this patch switches the
default for Q35 machinetypes to add an XHCI instead (if it's
supported, which it of course *will* be).

Since none of the existing test cases left out USB controllers in the
input XML, a new Q35 test case was added which has *no* devices, so
ends up with only the defaults always put in by qemu, plus those added
by libvirt.
2016-11-14 14:22:23 -05:00
Laine Stump
0702f48ef4 qemu: auto-add pcie-root-port/dmi-to-pci-bridge controllers as needed
Previously libvirt would only add pci-bridge devices automatically
when an address was requested for a device that required a legacy PCI
slot and none was available. This patch expands that support to
dmi-to-pci-bridge (which is needed in order to add a pci-bridge on a
machine with a pcie-root), and pcie-root-port (which is needed to add
a hotpluggable PCIe device). It does *not* automatically add
pcie-switch-upstream-ports or pcie-switch-downstream-ports (and
currently there are no plans for that).

Given the existing code to auto-add pci-bridge devices, automatically
adding pcie-root-ports is fairly straightforward. The
dmi-to-pci-bridge support is a bit tricky though, for a few reasons:

1) Although the only reason to add a dmi-to-pci-bridge is so that
   there is a reasonable place to plug in a pci-bridge controller,
   most of the time it's not the presence of a pci-bridge *in the
   config* that triggers the requirement to add a dmi-to-pci-bridge.
   Rather, it is the presence of a legacy-PCI device in the config,
   which triggers auto-add of a pci-bridge, which triggers auto-add of
   a dmi-to-pci-bridge (this is handled in
   virDomainPCIAddressSetGrow() - if there's a request to add a
   pci-bridge we'll check if there is a suitable bus to plug it into;
   if not, we first add a dmi-to-pci-bridge).

2) Once there is already a single dmi-to-pci-bridge on the system,
   there won't be a need for any more, even if it's full, as long as
   there is a pci-bridge with an open slot - you can also plug
   pci-bridges into existing pci-bridges. So we have to make sure we
   don't add a dmi-to-pci-bridge unless there aren't any
   dmi-to-pci-bridges *or* any pci-bridges.

3) Although it is strongly discouraged, it is legal for a pci-bridge
   to be directly plugged into pcie-root, and we don't want to
   auto-add a dmi-to-pci-bridge if there is already a pci-bridge
   that's been forced directly into pcie-root.

Although libvirt will now automatically create a dmi-to-pci-bridge
when it's needed, the code still remains for now that forces a
dmi-to-pci-bridge on all domains with pcie-root (in
qemuDomainDefAddDefaultDevices()). That will be removed in a future
patch.

For now, the pcie-root-ports are added one to a slot, which is a bit
wasteful and means it will fail after 31 total PCIe devices (30 if
there are also some PCI devices), but helps keep the changeset down
for this patch. A future patch will have 8 pcie-root-ports sharing the
functions on a single slot.
2016-11-14 14:19:36 -05:00
Laine Stump
5266426b21 qemu: assign nec-xhci (USB3) controller to a PCIe address when appropriate
The nec-usb-xhci device (which is a USB3 controller) has always
presented itself as a PCI device when plugged into a legacy PCI slot,
and a PCIe device when plugged into a PCIe slot, but libvirt has
always auto-assigned it to a legacy PCI slot.

This patch changes that behavior to auto-assign to a PCIe slot on
systems that have pcie-root (e.g. Q35 and aarch64/virt).

Since we don't yet auto-create pcie-*-port controllers on demand, this
means a config with an nec-xhci USB controller that has no PCI address
assigned will also need to have an otherwise-unused pcie-*-port
controller specified:

   <controller type='pci' model='pcie-root-port'/>
   <controller type='usb' model='nec-xhci'/>

(this assumes there is an otherwise-unused slot on pcie-root to accept
the pcie-root-port)
2016-11-14 14:18:06 -05:00
Laine Stump
c7fc151eec qemu: assign virtio devices to PCIe slot when appropriate
libvirt previously assigned nearly all devices to a "hotpluggable"
legacy PCI slot even on machines with a PCIe root bus (and even though
most such machines don't even support hotplug on legacy PCI slots!)
Forcing all devices onto legacy PCI slots means that the domain will
need a dmi-to-pci-bridge (to convert from PCIe to legacy PCI) and a
pci-bridge (to provide hotpluggable legacy PCI slots which, again,
usually aren't hotpluggable anyway).

To help reduce the need for these legacy controllers, this patch tries
to assign virtio-1.0-capable devices to PCIe slots whenever possible,
by setting appropriate connectFlags in
virDomainCalculateDevicePCIConnectFlags(). Happily, when that function
was written (just a few commits ago) it was created with a
"virtioFlags" argument, set by both of its callers, which is the
proper connectFlags to set for any virtio-*-pci device - depending on
the arch/machinetype of the domain, and whether or not the qemu binary
supports virtio-1.0, that flag will have either been set to PCI or
PCIe. This patch merely enables the functionality by setting the flags
for the device to whatever is in virtioFlags if the device is a
virtio-*-pci device.

NB: the first virtio video device will be placed directly on bus 0
slot 1 rather than on a pcie-root-port due to the override for primary
video devices in qemuDomainValidateDevicePCISlotsQ35(). Whether or not
to change that is a topic of discussion, but this patch doesn't change
that particular behavior.

NB2: since the slot must be hotpluggable, and pcie-root (the PCIe root
complex) does *not* support hotplug, this means that suitable
controllers must also be in the config (i.e. either pcie-root-port, or
pcie-downstream-port). For now, libvirt doesn't add those
automatically, so if you put virtio devices in a config for a qemu
that has PCIe-capable virtio devices, you'll need to add extra
pcie-root-ports yourself. That requirement will be eliminated in a
future patch, but for now, it's simple to do this:

   <controller type='pci' model='pcie-root-port'/>
   <controller type='pci' model='pcie-root-port'/>
   <controller type='pci' model='pcie-root-port'/>
   ...

Partially Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1330024
2016-11-14 14:16:12 -05:00
Peter Krempa
810e9a8061 conf: Allow specifying only the slot number for hotpluggable memory
Simplify handling of the 'dimm' address element by allowing to specify
the slot number only. This will allow libvirt to allocate slot numbers
before starting qemu.
2016-11-10 17:36:55 +01:00
Prasanna Kumar Kalever
e66603539b qemu: command: Add debug option for gluster volumes
Propagate the selected or default level to qemu if it's supported.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1376009

Signed-off-by: Prasanna Kumar Kalever <prasanna.kalever@redhat.com>
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
2016-11-09 16:52:40 +01:00
Martin Kletzander
06524fd52c qemu: Support newer ivshmem device variants
QEMU added support for ivshmem-plain and ivshmem-doorbell.  Those are
reworked varians of legacy ivshmem that are compatible from the guest
POV, but not from host's POV and have sane specification and handling.

Details about the newer device type can be found in qemu's commit
5400c02b90bb:

  http://git.qemu.org/?p=qemu.git;a=commit;h=5400c02b90bb

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2016-11-02 17:36:17 +01:00
Gema Gomez
0701abcb3b qemu: Add support for using AES secret for SCSI hotplug
Support for virtio disks was added in commit id 'fceeeda', but not for
SCSI drives. Add the secret for the server when hotplugging a SCSI drive.
No need to make any adjustments for unplug since that's handled during
the qemuDomainDetachDiskDevice call to qemuDomainRemoveDiskDevice in
the qemuDomainDetachDeviceDiskLive switch.

Added a test to/for the command line processing to show the command line
options when adding a SCSI drive for the guest.
2016-10-26 08:07:15 -04:00
John Ferlan
daf5c651f0 qemu: Add a secret object to/for a char source dev
Add the secret object so the 'passwordid=' can be added if the command line
if there's a secret defined in/on the host for TCP chardev TLS objects.

Preparation for the secret involves adding the secinfo to the char source
device prior to command line processing. There are multiple possibilities
for TCP chardev source backend usage.

Add test for at least a serial chardev as an example.
2016-10-26 07:18:25 -04:00
John Ferlan
2db108c766 qemu: Add the length options to the iotune command line
Add in the block I/O throttling length/duration parameter to the command
line if supported. If not supported, fail command creation.

Add the xml2argvtest for testing.
2016-10-25 17:20:17 -04:00
Pavel Hrdina
0298531b29 domain: Add optional 'tls' attribute for TCP chardev
Add an optional "tls='yes|no'" attribute for a TCP chardev.

For QEMU, this will allow for disabling the host config setting of the
'chardev_tls' for a domain chardev channel by setting the value to "no" or
to attempt to use a host TLS environment when setting the value to "yes"
when the host config 'chardev_tls' setting is disabled, but a TLS environment
is configured via either the host config 'chardev_tls_x509_cert_dir' or
'default_tls_x509_cert_dir'

Signed-off-by: John Ferlan <jferlan@redhat.com>
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2016-10-24 16:05:33 +02:00
John Ferlan
40b6f91900 qemu: Add 'verify-peer=yes' test for chardev TCP TLS
Missing the option to set verify-peer to yes

Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-10-17 15:38:32 -04:00
Andrea Bolognani
61e101437b conf: Explain some code in more detail
The code is entirely correct, but it still managed to trip me
up when I first ran into it because I did not realize right away
that VIR_PCI_CONNECT_TYPES_ENDPOINT was not a single flag, but
rather a mask including both VIR_PCI_CONNECT_TYPE_PCI_DEVICE and
VIR_PCI_CONNECT_TYPE_PCIE_DEVICE.

In order to save the next distracted traveler in PCI Address Land
some time, document this fact with a comment. Add a test case for
the behavior as well.
2016-10-17 10:04:54 +02:00
Michal Privoznik
4a74ccdb92 qemuBuildInterfaceCommandLine: Move vhostuser handling a bit further
The idea is to have function that does some checking of the
arguments at its beginning and then have one big switch for all
the interface types it supports. Each one of them generating the
corresponding part of the command line.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-10-14 10:15:51 +08:00
Michal Privoznik
ec7f612a56 qemuBuildInterfaceCommandLine: Move hostdev handling a bit further
The idea is to have function that does some checking of the
arguments at its beginning and then have one big switch for all
the interface types it supports. Each one of them generating the
corresponding part of the command line.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-10-14 10:15:51 +08:00
Pavel Hrdina
fb8f3b1c22 qemu_command: add support to use virtio as secondary video device
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1369633

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2016-10-12 17:46:48 +02:00
Pavel Hrdina
4c029e8cfa qemu_command: properly detect which model to use for video device
This improves commit 706b5b6277 in a way that we check qemu capabilities
instead of what architecture we are running on to detect whether we can
use *virtio-vga* model or not.  This is not a case only for arm/aarch64.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2016-10-12 17:46:48 +02:00
Pavel Hrdina
33af92a91c qemu_process: always check capabilities for video devices
Before this patch we've checked qemu capabilities for video devices
only while constructing qemu command line using "-device" option.

Since we support qemu only if "-device" option is present we can use
the same capabilities to check also video devices while using "-vga"
option to construct qemu command line.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2016-10-12 17:46:47 +02:00
Pavel Hrdina
db4491571d qemu_capabilities: rename QEMU_CAPS_VIRTIO_GPU_VIRGL
We generally uses QEMU_CAPS_DEVICE_$NAME to probe for existence of some
device and QEMU_CAPS_$NAME_$PROP to probe for existence of some property
of that device.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2016-10-12 17:46:47 +02:00
Pavel Hrdina
05af6784b1 qemu_capabilities: mark QEMU_CAPS_VGA_QXL capability as deprecated
If QEMU in question supports QMP, this capability is set if
QEMU_CAPS_DEVICE_QXL was set based on existence of "-device qxl". If
libvirt needs to parse *help*, because there is no QMP support, it
checks for existence of "-vga qxl", but it also parses output of
"-device ?" and sets QEMU_CAPS_DEVICE_QXL too.

Now that libvirt supports only QEMU that has "-device" implemented it's
safe to drop this capability and stop using it.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2016-10-12 17:46:47 +02:00
Pavel Hrdina
34a4447bd4 qemu_capabilities: join capabilities for qxl and qxl-vga devices
This patch simplifies QEMU capabilities for QXL video device.  QEMU
exposes this device as *qxl-vga* and *qxl* and they are both the same
device with the same set of parameters, the only difference is that
*qxl-vga* includes VGA compatibility.

Based on QEMU code they are tied together so it's safe to check only for
presence of only one of them.

This patch also removes an invalid test case "video-qxl-sec-nodevice"
where there is only *qxl-vga* device and *qxl* device is not present.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2016-10-12 17:46:47 +02:00
Pavel Hrdina
e3bbdd9b06 tests: fix some QXL capability combinations that don't make sense
If one of QEMU_CAPS_DEVICE_QXL_VGA or QEMU_CAPS_DEVICE_QXL is set the
other one will always be set as well because both devices are tied
together in QEMU.

The change of args files is caused by the presence of capability
QEMU_CAPS_DEVICE_VIDEO_PRIMARY which means it's safe to use
"-device qxl-vga" instead of "-vga qxl", see commit (e3f2686b) and
by the fact that if QEMU_CAPS_VGA_QXL is set QEMU_CAPS_DEVICE_QXL_VGA
and QEMU_CAPS_DEVICE_QXL would be set too (since we support only qemu
with "-device" option).

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2016-10-12 17:46:47 +02:00
Daniel P. Berrange
5dee668632 qemu: fix command line building for iommu devices
The intel-iommu device has existed since QEMU 2.2.0, but
it was only possible to create it with -device since
QEMU 2.7.0, thanks to:

  commit 621d983a1f9051f4cfc3f402569b46b77d8449fc
  Author: Marcel Apfelbaum <marcel@redhat.com>
  Date:   Mon Jun 27 18:38:34 2016 +0300

    hw/iommu: enable iommu with -device

    Use the standard '-device intel-iommu' to create the IOMMU device.
    The legacy '-machine,iommu=on' can still be used.

The libvirt capability check & command line formatting code
is thus broken for all QEMU versions 2.2.0 -> 2.6.0 inclusive.

This fixes it to use iommu=on instead.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-10-07 16:52:35 +01:00
Jiri Denemark
c2c43912e4 qemu: Fix crash in qemucapsprobe
The qemucapsprobe helper calls virQEMUCapsNewForBinaryInternal with
caps == NULL, causing the following crash:

    Program received signal SIGSEGV, Segmentation fault.
    #0  0x00007ffff788775f in virQEMUCapsInitHostCPUModel
        (qemuCaps=qemuCaps@entry=0x649680, host=host@entry=0x10) at
        src/qemu/qemu_capabilities.c:2969
    #1  0x00007ffff7889dbf in virQEMUCapsNewForBinaryInternal
        (caps=caps@entry=0x0, binary=<optimized out>,
        libDir=libDir@entry=0x4033f6 "/tmp", cacheDir=cacheDir@entry=0x0,
        runUid=runUid@entry=4294967295, runGid=runGid@entry=4294967295,
        qmpOnly=true) at src/qemu/qemu_capabilities.c:4039
    #2  0x0000000000401702 in main (argc=2, argv=0x7fffffffd968) at
        tests/qemucapsprobe.c:73

Caused by v2.2.0-182-g68c7011.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2016-09-27 19:24:12 +02:00
Michal Privoznik
c41b989112 virDomainDefParse{File,String}: Introduce @parseOpaque argument
We want to pass the proper opaque pointer instead of NULL to
virDomainDefParse and subsequently virDomainDefParseNode too.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-09-26 16:50:12 +02:00
Jiri Denemark
68c7011856 qemu: Store host-model CPU in qemu capabilities
Host capabilities provide libvirt's view of the host CPU, but for a
useful support for host-model CPUs we really need a hypervisor's view of
the CPU. And since the view can be differ with emulator, qemu
capabilities is the best place to store the host CPU model.

This patch just copies the CPU model from host capabilities, but this
will change in the future.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2016-09-22 15:40:08 +02:00
Jiri Denemark
d029f9a0db qemuxml2argvtest: Set correct architecture for KVM guests
Testing PPC64/AArch64 KVM domains on x86_64 host only works because we
have a lot of bugs in our code. Since this series is going to fix them,
we need to make sure the host architecture matches guest for KVM
domains.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2016-09-22 15:40:08 +02:00
Jiri Denemark
b89fa6d1b6 qemuxml2argvtest: Properly setup CPU models in qemuCaps
Adding x86 CPU models into a list of supported CPUs for non-x86
architectures is not a very good idea. Each architecture we test needs
to maintain its own list of supported CPU models.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2016-09-22 15:40:08 +02:00
Jiri Denemark
e9634933ea qemu: Separate guest CPU validation from command line creation
qemu_command.c should deal with translating our domain definition into a
QEMU command line and nothing else.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2016-09-22 15:40:08 +02:00
Jiri Denemark
6bb5f0b218 qemuxml2argvtest: Properly initialize qemuCaps->arch
qemuCaps->arch should match the guest architecture from domain XML.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2016-09-22 15:40:08 +02:00
Jiri Denemark
4df4b8dea3 qemuxml2argvtest: Update qemuCaps after parsing domain XML
Some parts of qemuCaps depend on guest architecture, machine type, and
possibly other things that we know only once the domain XML has been
parsed. Let's move all these updates into a dedicated function.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2016-09-22 15:40:08 +02:00
Jiri Denemark
30de7164ef qemuxml2argvtest: Reorder functions
testCompareXMLToArgv will soon need to call a few function which are
defined further in the code. Let's move them up a bit.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2016-09-22 15:40:08 +02:00
Jiri Denemark
2f37088183 qemuxml2argvtest: Get rid of testCompareXMLToArgvHelper
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2016-09-22 15:40:08 +02:00
Jiri Denemark
52c087ec52 qemuxml2argvtest: Rename "out" labels as "cleanup"
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2016-09-22 15:40:08 +02:00
Jiri Denemark
98c69644a5 qemuxml2argvtest: Rename extraFlags as qemuCaps
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2016-09-22 15:40:08 +02:00
Jiri Denemark
d037d8006f qemu: Use virDomainCapsCPUModels for cpuDefinitions
The list of supported CPU models in domain capabilities is stored in
virDomainCapsCPUModels. Let's use the same object for storing CPU models
in QEMU capabilities.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2016-09-22 15:40:08 +02:00
Laszlo Ersek
706b5b6277 qemu: map "virtio" video model to "virt" machtype correctly (arm/aarch64)
Most of QEMU's PCI display device models, such as:

  libvirt video/model/@type  QEMU -device
  -------------------------  ------------
  cirrus                     cirrus-vga
  vga                        VGA
  qxl                        qxl-vga
  virtio                     virtio-vga

come with a linear framebuffer (sometimes called "VGA compatibility
framebuffer"). This linear framebuffer lives in one of the PCI device's
MMIO BARs, and allows guest code (primarily: firmware drivers, and
non-accelerated OS drivers) to display graphics with direct memory access.

Due to architectural reasons on aarch64/KVM hosts, this kind of
framebuffer doesn't / can't work in

  qemu-system-(arm|aarch64) -M virt

machines. Cache coherency issues guarantee a corrupted / unusable display.
The problem has been researched by several people, including kvm-arm
maintainers, and it's been decided that the best way (practically the only
way) to have boot time graphics for such guests is to consolidate on
QEMU's "virtio-gpu-pci" device.

>From <https://bugzilla.redhat.com/show_bug.cgi?id=1195176>, libvirt
supports

  <devices>
    <video>
      <model type='virtio'/>
    </video>
  </devices>

but libvirt unconditionally maps @type='virtio' to QEMU's "virtio-vga"
device model. (See the qemuBuildDeviceVideoStr() function and the
"qemuDeviceVideo" enum impl.)

According to the above, this is not right for the "virt" machine type; the
qemu-system-(arm|aarch64) binaries don't even recognize the "virtio-vga"
device model (justifiedly). Whereas "virtio-gpu-pci", which is a pure
virtio device without a compatibility framebuffer, is available, and works
fine.

(The ArmVirtQemu ("AAVMF") platform of edk2 -- that is, the UEFI firmware
for "virt" -- supports "virtio-gpu-pci", as of upstream commit
3ef3209d3028. See
<https://tianocore.acgmultimedia.com/show_bug.cgi?id=66>.)

Override the default mapping of "virtio", from "virtio-vga" to
"virtio-gpu-pci", if qemuDomainMachineIsVirt() evaluates to true.

Cc: Andrea Bolognani <abologna@redhat.com>
Cc: Drew Jones <drjones@redhat.com>
Cc: Marc-André Lureau <marcandre.lureau@redhat.com>
Cc: Martin Kletzander <mkletzan@redhat.com>
Suggested-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1372901
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Acked-by: Martin Kletzander <mkletzan@redhat.com>
2016-09-16 14:13:07 +02:00
Daniel P. Berrange
e043ecc82d tests: use a fixed chardev TLS path
The test qemuxml2argv-serial-tcp-tlsx509-chardev.args
will fail if libvirt is built with a --sysconfdir
arg that is not /etc.  Fix this by setting a hardcoded
path in the test code.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-09-14 10:46:09 +01:00
Michal Privoznik
2692304c94 qemu: Implement virtio-net rx_queue_size
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-09-09 16:16:59 +02:00
Michal Privoznik
c56cdf2593 conf: Add support for virtio-net.rx_queue_size
https://bugzilla.redhat.com/show_bug.cgi?id=1366989

QEMU added another virtio-net tunable [1]. It basically allows
users to set the size of RX virtio ring. But because virtio-net
uses two separate ring buffers to pass data from/to guest they
named it explicitly rx_queue_size. We should expose it in our XML
too.

1: http://lists.nongnu.org/archive/html/qemu-devel/2016-08/msg02029.html

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-09-09 16:16:59 +02:00
John Ferlan
ce61c16450 qemu: Add support for TLS X.509 path to TCP chardev backend
When building a chardev device string for tcp, add the necessary pieces to
access provide the TLS X.509 path to qemu.  This includes generating the
'tls-creds-x509' object and then adding the 'tls-creds' parameter to the
VIR_DOMAIN_CHR_TYPE_TCP command line.

Finally add the tests for the qemu command line. This test will make use
of the "new(ish)" /etc/pki/qemu setting for a TLS certificate environment
by *not* "resetting" the chardevTLSx509certdir prior to running the test.
Also use the default "verify" option (which is "no").

Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-09-09 08:09:47 -04:00
Daniel P. Berrange
90e178f8bf qemu: allow turning off QEMU guest RAM dump globally
We already have the ability to turn off dumping of guest
RAM via the domain XML. This is not particularly useful
though, as it is under control of the management application.
What is needed is a way for the sysadmin to turn off guest
RAM defaults globally, regardless of whether the mgmt app
provides its own way to set this in the domain XML.

So this adds a 'dump_guest_core' option in /etc/libvirt/qemu.conf
which defaults to false. ie guest RAM will never be included in
the QEMU core dumps by default. This default is different from
historical practice, but is considered to be more suitable as
a default because

 a) guest RAM can be huge and so inflicts a DOS on the host
    I/O subsystem when dumping core for QEMU crashes

 b) guest RAM can contain alot of sensitive data belonging
    to the VM owner. This should not generally be copied
    around inside QEMU core dumps submitted to vendors for
    debugging

 c) guest RAM contents are rarely useful in diagnosing
    QEMU crashes

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-09-06 13:08:30 +01:00
Peter Krempa
9eb9106ea5 qemu: command: Add support for sparse vcpu topologies
Add support for using the new approach to hotplug vcpus using device_add
during startup of qemu to allow sparse vcpu topologies.

There are a few limitations imposed by qemu on the supported
configuration:
- vcpu0 needs to be always present and not hotpluggable
- non-hotpluggable cpus need to be ordered at the beginning
- order of the vcpus needs to be unique for every single hotpluggable
  entity

Qemu also doesn't really allow to query the information necessary to
start a VM with the vcpus directly on the commandline. Fortunately they
can be hotplugged during startup.

The new hotplug code uses the following approach:
- non-hotpluggable vcpus are counted and put to the -smp option
- qemu is started
- qemu is queried for the necessary information
- the configuration is checked
- the hotpluggable vcpus are hotplugged
- vcpus are started

This patch adds a lot of checking code and enables the support to
specify the individual vcpu element with qemu.
2016-08-24 15:44:47 -04:00
Ján Tomko
ef66bd5df8 conf: report an error message for non-existing USB hubs
If any of the devices referenced a USB hub that does not exist,
defining the domain would either fail with:
error: An error occurred, but the cause is unknown
(if only the last hub in the path is missing)
or crash.

Return a proper error instead of crashing.

https://bugzilla.redhat.com/show_bug.cgi?id=1367130
2016-08-16 12:31:41 +02:00
Laine Stump
a220f43a65 conf: restrict expander buses to connect only to a root bus
More misunderstanding/mistaken assumptions on my part - I had thought
that a pci-expander-bus could be plugged into any legacy PCI slot, and
that pcie-expander-bus could be plugged into any PCIe slot. This isn't
correct - they can both be plugged ontly into their respective root
buses. This patch adds that restriction.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1358712
2016-08-10 10:29:34 -04:00
Laine Stump
b70e3d0123 conf: restrict where dmi-to-pci-bridge can be connected
libvirt had allowed a dmi-to-pci-bridge to be plugged in anywhere a
normal PCIe endpoint can be connected, but this is wrong - it will
only work if it's plugged into pcie-root (the PCIe root complex) or a
pcie-expander-bus (the qemu device pxb-pcie). This patch adjusts the
connection flags accordingly.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1363648
2016-08-10 10:27:37 -04:00
Jiri Denemark
58ba240df8 tests: Add a test for host-model CPU with CMT feature
The generated command line wouldn't work since QEMU doesn't know what
'cmt' is. The following patch will fix this issue.

https://bugzilla.redhat.com/show_bug.cgi?id=1355857

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2016-08-10 14:25:24 +02:00
Michal Privoznik
9c1524a01c qemu: Enable secure boot
In qemu, enabling this feature boils down to adding the following
onto the command line:

  -global driver=cfi.pflash01,property=secure,value=on

However, there are some constraints resulting from the
implementation. For instance, System Management Mode (SMM) is
required to be enabled, the machine type must be q35-2.4 or
later, and the guest should be x86_64. While technically it is
possible to have 32 bit guests with secure boot, some non-trivial
CPU flags tuning is required (for instance lm and nx flags must
be prohibited). Given complexity of our CPU driver, this is not
trivial. Therefore I've chosen to forbid 32 bit guests for now.
If there's ever need, we can refine the check later.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-08-04 17:22:20 +02:00
Michal Privoznik
d0e4be9d02 Introduce SMM feature
Since its release of 2.4.0 qemu is able to enable System
Management Module in the firmware, or disable it. We should
expose this capability in the XML. Unfortunately, there's no good
way to determine whether the binary we are talking to supports
it. I mean, if qemu's run with real machine type, the smm
attribute can be seen in 'qom-list /machine' output. But it's not
there when qemu's run with -M none. Therefore we're stuck with
version based check.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-08-04 17:14:20 +02:00
Andrea Bolognani
ba55861afe tests: qemuxml2argv: Fix usb-too-long-port-path-invalid
The test case uses DO_TEST_PARSE_FLAGS_ERROR(), but doesn't
pass any parse flag. Use DO_TEST_PARSE_ERROR() instead.
2016-08-04 16:20:27 +02:00
Andrea Bolognani
fc9cf8d8eb tests: qemuxml2argv: Remove useless GIC flags
DO_TEST_FAILURE() doesn't take a GIC version, but the GIC flag
was passed anyway. Get rid of all such occurrences.
2016-08-04 16:18:17 +02:00
Henning Schild
e975fd2d42 qemu: rename QEMU_CAPS_MLOCK to QEMU_CAPS_REALTIME_MLOCK
Purely cosmetic change to be consistent with the other names.

Signed-off-by: Henning Schild <henning.schild@siemens.com>
2016-07-26 16:47:49 -04:00
Ján Tomko
815d98ac0b Auto-add one hub if there are too many USB devices
When parsing a command line with USB devices that have
no address specified, QEMU automatically adds a USB hub
if the device would fill up all the available USB ports.

To help most of the users, add one hub if there are more
USB devices than available ports. For wilder configurations,
expect the user to provide us with more hubs and/or controllers.
2016-07-21 08:30:26 +02:00
Ján Tomko
69f5ce45ab Add tests for USB address assignment
Introduce tests with the ich9, xhci and the default (piix3) usb
controller to demonstrate the effect of the next patch.
2016-07-21 08:30:26 +02:00
Ján Tomko
ddd31fd7dc Reserve existing USB addresses
Check if they fit on the USB controllers the domain has,
and error out if two devices try to use the same address.
2016-07-21 08:30:26 +02:00
John Ferlan
a53349e6c6 qemu: Disallow usage of luks encryption if aes secret not possible
Resolves a CI test integration failure with a RHEL6/Centos6 environment.

In order to use a LUKS encrypted device, the design decision was to
generate an encrypted secret based on the master key. However, commit
id 'da86c6c' missed checking for that specifically.

When qemuDomainSecretSetup was implemented, a design decision was made
to "fall back" to a plain text secret setup if the specific cipher was
not available (e.g. virCryptoHaveCipher(VIR_CRYPTO_CIPHER_AES256CBC))
as well as the QEMU_CAPS_OBJECT_SECRET. For the luks encryption setup
there is no fall back to the plaintext secret, thus if that gets set
up by qemuDomainSecretSetup, then we need to fail.

Also, while the qemuxml2argvtest has set the QEMU_CAPS_OBJECT_SECRET
bit, it didn't take into account the second requirement that the
ability to generate the encrypted secret is possible. So modify the
test to not attempt to run the luks-disk if we know we don't have
the encryption algorithm.
2016-07-20 06:07:11 -04:00
John Ferlan
da86c6c226 qemu: Add luks support for domain disk
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1301021

Generate the luks command line using the AES secret key to encrypt the
luks secret. A luks secret object will be in addition to a an AES secret.

For hotplug, check if the encinfo exists and if so, add the AES secret
for the passphrase for the secret object used to decrypt the device.

Modify/augment the fakeSecret* in qemuxml2argvtest in order to handle
find a uuid or a volume usage with a specific path prefix in the XML
(corresponds to the already generated XML tests). Add error message
when the 'usageID' is not 'mycluster_myname'. Commit id '1d632c39'
altered the error message generation to rely on the errors from the
secret_driver (or it's faked replacement).

Add the .args output for adding the LUKS disk to the domain

Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-07-19 09:40:10 -04:00
Ján Tomko
4f90364318 Allow omitting USB port
We were requiring a USB port path in the schema, but not enforcing it.
Omitting the USB port would lead to libvirt formatting it as (null).
Such domain cannot be started and will disappear after libvirtd restart
(since it cannot parse back the XML).

Only format the port if it has been specified and mark it as optional
in the XML schema.
2016-07-18 10:55:35 +02:00
Ján Tomko
4c382376da qemu: format intel-iommu on the command line
<devices>
  <iommu model='intel'/>
</devices>

results in:

-device intel-iommu

https://bugzilla.redhat.com/show_bug.cgi?id=1235580
2016-07-12 12:36:13 +02:00
Michal Privoznik
958d6208a3 qemuxml2argvtest: Don't leak dummy monitor
It's just test, but why leak it?

==26971== 20 bytes in 1 blocks are definitely lost in loss record 623 of 704
==26971==    at 0x4C29F80: malloc (vg_replace_malloc.c:296)
==26971==    by 0xE560447: vasprintf (vasprintf.c:76)
==26971==    by 0xAE0DEE2: virVasprintfInternal (virstring.c:480)
==26971==    by 0xAE0DFF7: virAsprintfInternal (virstring.c:501)
==26971==    by 0x4751F3: qemuProcessPrepareMonitorChr (qemu_process.c:2651)
==26971==    by 0x4334B1: testCompareXMLToArgvFiles (qemuxml2argvtest.c:297)
==26971==    by 0x4339AC: testCompareXMLToArgvHelper (qemuxml2argvtest.c:413)
==26971==    by 0x446E7A: virTestRun (testutils.c:179)
==26971==    by 0x445D33: mymain (qemuxml2argvtest.c:2029)
==26971==    by 0x44886F: virTestMain (testutils.c:969)
==26971==    by 0x445D9B: main (qemuxml2argvtest.c:2036)

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-07-11 16:24:51 +02:00
Peter Krempa
e114b09157 qemu: caps: Always assume QEMU_CAPS_SMP_TOPOLOGY
Support for SMP topology was added by qemu commit dc6b1c09849484fbbc50
prior to 0.12.0, our minimum supported qemu version.

$ git describe --tags dc6b1c09849484fbbc50803307e4c7a3d81eab62
v0.11.0-rc0-449-gdc6b1c0
$ git describe --tags --contains dc6b1c09849484fbbc50803307e4c7a3d81eab
v0.12.0-rc0~1477
2016-07-07 15:08:35 +02:00
Paolo Bonzini
7a97676b96 qemu: generate -display none
This is preferrable to -nographic which (in addition to disabling
graphics output) redirects the serial port to stdio and on OpenBIOS
enables the firmware's serial console.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-07-07 11:51:39 +02:00
Laine Stump
fe8567f6ad qemu: support setting host-side IP addresses/routes
For type='ethernet' interfaces only.

(This patch had been pushed earlier in
commit 0b4645a7e0, but was reverted in
commit 84d47a3cce because it had been
accidentally pushed during the freeze for release 2.0.0)
2016-07-01 21:13:31 -04:00
John Ferlan
47e88b33be util: Add 'usage' for encryption
In order to use more common code and set up for a future type, modify the
encryption secret to allow the "usage" attribute or the "uuid" attribute
to define the secret. The "usage" in the case of a volume secret would be
the path to the volume as dictated by the backwards compatibility brought
on by virStorageGenerateQcowEncryption where it set up the usage field as
the vol->target.path and didn't allow someone to provide it. This carries
into virSecretObjListFindByUsageLocked which takes the secret usage attribute
value from from the domain disk definition and compares it against the
usage type from the secret definition. Since none of the code dealing
with qcow/qcow2 encryption secrets uses usage for lookup, it's a mostly
cosmetic change. The real usage comes in a future path where the encryption
is expanded to be a luks volume and the secret will allow definition of
the usage field.

This code will make use of the virSecretLookup{Parse|Format}Secret common code.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-07-01 15:46:24 -04:00
Jiri Denemark
0dd67acfa7 qemu: Use bootindex whenever possible
I'm not sure why our code claimed "-boot menu=on" cannot be used in
combination with per-device bootindex, but it was proved wrong about
four years ago by commit 8c952908. Let's always use bootindex when QEMU
supports it.

https://bugzilla.redhat.com/show_bug.cgi?id=1323085

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2016-07-01 12:20:54 +02:00
Ján Tomko
84d47a3cce Revert "qemu: support setting host-side IP addresses/routes"
This reverts commit 0b4645a7e0.

This feature was accidentally pushed in the feature freeze.
2016-06-27 12:54:55 +02:00
Laine Stump
0b4645a7e0 qemu: support setting host-side IP addresses/routes
For type='ethernet' interfaces only.
2016-06-26 19:33:10 -04:00
Ján Tomko
b3ee621e94 Add a USB hub to controller order test
The test has too many USB devices.
2016-06-23 07:45:31 +02:00
Ján Tomko
e9843279cc Add a test for long USB port paths
We support up to four levels of nested USB devices in the guest.

Add a test for a domain using all four and a negative test for a domain
using five.
2016-06-22 21:33:57 +02:00
John Ferlan
f06e45d578 tests: Adjust tests for encrypted storage
Make them work again...  The xml2xml had been working, but the xml2argv
were not working. Making the xml2argv work required a few adjustments to
the xml to update to more recent times.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-06-21 14:31:19 -04:00
Ján Tomko
ff52e9d43a Remove separator argument from virBitmapParse
Most the callers pass 0 in one form or another, including
vircapstest which used VIR_ARCH_NONE.
2016-06-20 12:09:52 +02:00
Martin Kletzander
6445ad488f qemu: Add support for zero-detection writes
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2016-06-14 08:25:25 +02:00
Pavel Hrdina
93a2fb230a vnc: add support for listen type none
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2016-06-09 14:46:45 +02:00
Pavel Hrdina
ffac505639 spice: introduce spice_auto_unix_socket config option
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2016-06-09 14:43:39 +02:00
Pavel Hrdina
e0c309b2dc spice: add support for listen type socket
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1335832

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2016-06-09 14:43:15 +02:00
Pavel Hrdina
acc83afe33 vnc: add support for listen type 'socket'
VNC graphics already supports sockets but only via 'socket' attribute.
This patch coverts that attribute into listen type 'socket'.

For backward compatibility we need to handle listen type 'socket' and 'socket'
attribute properly to support old XMLs and new XMLs.  If both are provided they
have to match, if only one of them is provided we need to be able to parse that
configuration too.

To not break migration back to old libvirt if the socket is provided by user we
need to generate migratable XML without the listen element and use only 'socket'
attribute.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2016-06-09 14:42:48 +02:00
Tomáš Ryšavý
d77e453a01 tests: Rename virtTestLogContentAndReset to virTestLogContentAndReset.
This function doesn't follow our convention of naming functions.
2016-06-08 11:23:12 -04:00
Tomáš Ryšavý
8a48cf6efa tests: Rename virtTest00MActive to virTest00MActive.
This function doesn't follow our convention of naming functions.
2016-06-08 11:23:12 -04:00
Tomáš Ryšavý
239caffb1d tests: Rename virtTestCompareToFile to virTestCompareToFile.
This function doesn't follow our convention of naming functions.
2016-06-08 11:23:12 -04:00
Tomáš Ryšavý
401bb813bd Rename virtTestLoadFile to virTestLoadFile.
This function doesn't follow our convention of naming functions.
2016-06-08 11:23:12 -04:00
Tomáš Ryšavý
cd7dd1508d tests: Rename virtTestRun to virTestRun.
This function doesn't follow our convention of naming functions.
2016-06-08 11:23:12 -04:00
Peter Krempa
05eab1bf9a conf: Move disk info validator to the domain conf validator
Since it will not be called from outside of conf we can unexport it too
if we move it to the appropriate place.

Test suite change is necessary since the error will be reported sooner
now.
2016-06-07 13:02:20 +02:00
Martin Kletzander
3484c05ce0 qemu: Add support to QXL's max_outputs parameter
Historically, we added heads=1 to videos, but for example for qxl, we
did not reflect that on the command line.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1283207

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2016-06-07 12:42:54 +02:00
Laine Stump
4d100c7a41 conf: permit auto-assignment of controller indexes
Hand-entering indexes for 20 PCI controllers is not as tedious as
manually determining and entering their PCI addresses, but it's still
annoying, and the algorithm for determining the proper index is
incredibly simple (in all cases except one) - just pick the lowest
unused index.

The one exception is USB2 controllers because multiple controllers in
the same group have the same index. For these we look to see if 1) the
most recently added USB controller is also a USB2 controller, and 2)
the group *that* controller belongs to doesn't yet have a controller
of the exact model we're just now adding - if both are true, the new
controller gets the same index, but in all other cases we just assign
the lowest unused index.

With this patch in place and combined with the automatic PCI address
assignment, we can define a PCIe switch with several ports like this:

  <controller type='pci' model='pcie-root-port'/>
  <controller type='pci' model='pcie-switch-upstream-port'/>
  <controller type='pci' model='pcie-switch-downstream-port'/>
  <controller type='pci' model='pcie-switch-downstream-port'/>
  <controller type='pci' model='pcie-switch-downstream-port'/>
  <controller type='pci' model='pcie-switch-downstream-port'/>
  <controller type='pci' model='pcie-switch-downstream-port'/>
  ...

These will each get a unique index, and PCI addresses that connect
them together appropriately with no pesky numbers required.
2016-05-25 15:00:25 -04:00
Ján Tomko
ea04d1a659 qemu: format SLIC ACPI table command line
<os>
  <acpi>
    <table type="slic">/path/to/acpi/table/file</table>
  </acpi>
</os>

will result in:

-acpitable sig=SLIC,file=/path/to/acpi/table/file

This option was introduced by QEMU commit 8a92ea2 in 2009.

https://bugzilla.redhat.com/show_bug.cgi?id=1327537
2016-05-25 17:15:21 +02:00
Pavel Hrdina
9753dd7470 qemuxml2argvtest: skip test that depends on gnutls_cipher_encrypt()
Test disk-drive-network-rbd-auth-AES depends on existence of
gnutls_cipher_encrypt() function which was introduced in gnutls 2.10.0.
On systems without this function we should skip this test.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2016-05-24 01:01:07 +02:00
Ján Tomko
71cfa668eb Deprecate QEMU_CAPS_PCIDEVICE
Before removal of QEMU_CAPS_DEVICE, its only usage was
or'd with QEMU_CAPS_DEVICE.

Now it's unused.
2016-05-23 10:40:22 +02:00
Ján Tomko
5572cd7f0e Deprecate QEMU_CAPS_DEVICE
We support qemu version 0.12.0+, which has it.
2016-05-23 10:38:45 +02:00
Ján Tomko
e9488fcd20 Deprecate QEMU_CAPS_DRIVE_READONLY
We have been assuming its support if qemu supports -device,
which all the supported versions do.
2016-05-23 10:37:09 +02:00
Ján Tomko
ec9d19952a tests: always assume QEMU_CAPS_DRIVE_READONLY 2016-05-23 10:34:16 +02:00
Ján Tomko
1e463880c9 tests: remove disk-drive-fat test
This test requests a read-only virtual FAT drive on the IDE bus.
Read-only IDE drives are unsupported, but libvirt only displays
the error if it has the QEMU_CAPS_DRIVE_READONLY capability.
Read-write FAT drives are also unsupported.
2016-05-23 09:39:40 +02:00
Laine Stump
c026f8f1c2 qemu: auto-assign addresses when <address type='pci'/> is specified
Rather than only assigning a PCI address when no address is given at
all, also do it when the config says that the address type is 'pci',
but it gives no address (virDeviceInfoPCIAddressWanted()).

There are also several places after parsing but prior to address
assignment where code previously expected that any info with address
type='pci' would have a *valid* PCI address, which isn't always the
case - now we check not only for type='pci', but also for a valid
address (virDeviceInfoPCIAddressPresent()).

The test case added in this patch was directly copied from Cole's patch titled:

    qemu: Wire up address type=pci auto_allocate
2016-05-20 13:54:26 -04:00
John Ferlan
a1344f70a1 qemu: Utilize qemu secret objects for RBD auth/secret
https://bugzilla.redhat.com/show_bug.cgi?id=1182074

If they're available and we need to pass secrets to qemu, then use the
qemu domain secret object in order to pass the secrets for RBD volumes
instead of passing the base64 encoded secret on the command line.

The goal is to make AES secrets the default and have no user interaction
required in order to allow using the AES mechanism. If the mechanism
is not available, then fall back to the current plain mechanism using
a base64 encoded secret.

New APIs:

qemu_domain.c:
  qemuDomainGetSecretAESAlias:
    Generate/return the secret object alias for an AES Secret Info type.
    This will be called from qemuDomainSecretAESSetup.

  qemuDomainSecretAESSetup: (private)
    This API handles the details of the generation of the AES secret
    and saves the pieces that need to be passed to qemu in order for
    the secret to be decrypted. The encrypted secret based upon the
    domain master key, an initialization vector (16 byte random value),
    and the stored secret. Finally, the requirement from qemu is the IV
    and encrypted secret are to be base64 encoded.

qemu_command.c:
  qemuBuildSecretInfoProps: (private)
    Generate/return a JSON properties object for the AES secret to
    be used by both the command building and eventually the hotplug
    code in order to add the secret object. Code was designed so that
    in the future perhaps hotplug could use it if it made sense.

  qemuBuildObjectSecretCommandLine (private)
    Generate and add to the command line the -object secret for the
    secret. This will be required for the subsequent RBD reference
    to the object.

  qemuBuildDiskSecinfoCommandLine (private)
    Handle adding the AES secret object.

Adjustments:

qemu_domain.c:
  The qemuDomainSecretSetup was altered to call either the AES or Plain
  Setup functions based upon whether AES secrets are possible (we have
  the encryption API) or not, we have secrets, and of course if the
  protocol source is RBD.

qemu_command.c:
  Adjust the qemuBuildRBDSecinfoURI API's in order to generate the
  specific command options for an AES secret, such as:

    -object secret,id=$alias,keyid=$masterKey,data=$base64encodedencrypted,
            format=base64
    -drive file=rbd:pool/image:id=myname:auth_supported=cephx\;none:\
           mon_host=mon1.example.org\:6321,password-secret=$alias,...

  where the 'id=' value is the secret object alias generated by
  concatenating the disk alias and "-aesKey0". The 'keyid= $masterKey'
  is the master key shared with qemu, and the -drive syntax will
  reference that alias as the 'password-secret'. For the -drive
  syntax, the 'id=myname' is kept to define the username, while the
  'key=$base64 encoded secret' is removed.

  While according to the syntax described for qemu commit '60390a21'
  or as seen in the email archive:

    https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg04083.html

  it is possible to pass a plaintext password via a file, the qemu
  commit 'ac1d8878' describes the more feature rich 'keyid=' option
  based upon the shared masterKey.

Add tests for checking/comparing output.

NB: For hotplug, since the hotplug code doesn't add command line
    arguments, passing the encoded secret directly to the monitor
    will suffice.
2016-05-20 11:09:05 -04:00
Pavel Hrdina
2faa13560c tests: cleanup vnc auto socket test
Commit 55320c23 introduced a new test for VNC to test if
vnc_auto_unix_socket is set in qemu.conf, but forget to enable it in
qemuxml2argvtest.c.

This patch also moves the code in qemuxml2xmltest.c next to other VNC
tests and refactor the test so we also check the case for parsing active
XML.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2016-05-20 10:05:55 +02:00